Add TLS reports capabilities

This commit is contained in:
2026-06-23 11:49:58 -03:00
parent 5c1dc95c36
commit f4ae9f8532
20 changed files with 1158 additions and 75 deletions
+46 -1
View File
@@ -7,7 +7,8 @@ from sqlalchemy.orm import Session
from app.analyzer import analyze_report
from app.config import Settings
from app.db import Base
from app.models import Record, Report
from app.models import Record, Report, TLSPolicy, TLSFailure, TLSReport
from app.tlsrpt_analyzer import analyze_tls_report
def _session():
@@ -209,3 +210,47 @@ def test_alert_details_include_published_policy_and_receiver_action():
assert details["published_policy"]["effective_source"] == "p"
assert details["receiver_action"]["disposition"] == "reject"
assert "Published DMARC policy was p=reject; pct=100" in alert.summary
def test_tls_failures_create_alert_with_tls_details():
session = _session()
report = TLSReport(
inbox_id="anamaka",
raw_json_sha256="tls-sha",
report_id="tls-report",
org_name="Google Inc.",
domain="anamaka.net",
date_begin=datetime.now(timezone.utc) - timedelta(hours=1),
date_end=datetime.now(timezone.utc),
)
session.add(report)
session.flush()
policy = TLSPolicy(
tls_report=report,
policy_type="sts",
policy_domain="anamaka.net",
mx_hosts_json='["mail.dynamicpress.org"]',
policy_strings_json='["version: STSv1", "mode: enforce"]',
total_successful_session_count=80,
total_failure_session_count=20,
)
session.add(policy)
session.flush()
session.add(
TLSFailure(
policy=policy,
result_type="certificate-host-mismatch",
receiving_mx_hostname="mail.dynamicpress.org",
failed_session_count=20,
)
)
session.commit()
alerts = analyze_tls_report(session, _settings(), report)
assert any(alert.type == "tls_delivery_failures" for alert, _, _ in alerts)
detail = next(alert for alert, _, _ in alerts if alert.type == "tls_failure_detail")
details = json.loads(detail.details_json)
assert details["report_type"] == "tlsrpt"
assert details["policy_domain"] == "anamaka.net"
assert details["result_type"] == "certificate-host-mismatch"