forked from splunk-soar-connectors/googleworkspaceforgmail
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgsgmail_consts.py
103 lines (92 loc) · 5.24 KB
/
gsgmail_consts.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
# File: gsgmail_consts.py
#
# Copyright (c) 2017-2023 Splunk Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software distributed under
# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
# either express or implied. See the License for the specific language governing permissions
# and limitations under the License.
GSGMAIL_ERROR_MESSAGE_UNAVAILABLE = (
'Error message unavailable. Please check the asset configuration and|or action parameters')
GSGMAIL_UNICODE_DAMMIT_TYPE_ERROR_MESSAGE = (
'Error occurred while connecting to the GMAIL server. '
'Please check the asset configuration and|or the action parameters')
GSGMAIL_SERVICE_KEY_FAILED = 'Unable to load the credentials from the key JSON' # pragma: allowlist secret
GSGMAIL_CREDENTIALS_FAILED = 'Failed to create delegated credentials'
GSGMAIL_EMAIL_FETCH_FAILED = 'Failed to get email details'
GSGMAIL_USERS_FETCH_FAILED = 'Failed to get users'
GSGMAIL_INVALID_INTEGER_ERROR_MESSAGE = 'Please provide a valid {msg} integer value in the "{param}"'
GSGMAIL_AUTH_GMAIL_READ = 'https://www.googleapis.com/auth/gmail.readonly'
GSGMAIL_AUTH_GMAIL_ADMIN_DIR = 'https://www.googleapis.com/auth/admin.directory.user.readonly'
GSGMAIL_DELETE_EMAIL = 'https://mail.google.com/'
GSMAIL_DEFAULT_FIRST_RUN_MAX_EMAIL = 1000
GSMAIL_DEFAULT_MAX_CONTAINER = 100
GSMAIL_MAX_RESULT = 10000
GSMAIL_OLDEST_INGEST_MANNER = 'oldest first'
GSMAIL_LATEST_INGEST_MANNER = 'latest first'
FAILED_CREATE_SERVICE = "Failed to create service object for API: {0}-{1}. {2} {3}"
GSMAIL_USER_VALID_MESSAGE = (
"Please make sure the user '{0}' is valid and the service account has the proper scopes enabled.")
GSMAIL_POLL_NOW_PROGRESS = "Will be ingesting all possible artifacts (ignoring max artifacts value) for POLL NOW"
GSMAIL_FIRST_INGES_DELETED = "First time Ingestion detected."
# process mail constants
PROC_EMAIL_JSON_FILES = "files"
PROC_EMAIL_JSON_BODIES = "bodies"
PROC_EMAIL_JSON_DATE = "date"
PROC_EMAIL_JSON_FROM = "from"
PROC_EMAIL_JSON_SUBJECT = "subject"
PROC_EMAIL_JSON_TO = "to"
PROC_EMAIL_JSON_START_TIME = "start_time"
PROC_EMAIL_JSON_EXTRACT_ATTACHMENTS = "extract_attachments"
PROC_EMAIL_JSON_EXTRACT_EMAIL_ATTACHMENTS = "download_eml_attachments"
PROC_EMAIL_JSON_EXTRACT_URLS = "extract_urls"
PROC_EMAIL_JSON_EXTRACT_IPS = "extract_ips"
PROC_EMAIL_JSON_EXTRACT_DOMAINS = "extract_domains"
PROC_EMAIL_JSON_EXTRACT_HASHES = "extract_hashes"
PROC_EMAIL_JSON_IPS = "ips"
PROC_EMAIL_JSON_HASHES = "hashes"
PROC_EMAIL_JSON_URLS = "urls"
PROC_EMAIL_JSON_DOMAINS = "domains"
PROC_EMAIL_JSON_MESSAGE_ID = "message_id"
PROC_EMAIL_JSON_EMAIL_HEADERS = "email_headers"
PROC_EMAIL_CONTENT_TYPE_MESSAGE = "message/rfc822"
PROC_EMAIL_PARSED = "Email Parsed"
PROC_EMAIL_PROCESSED = "Email Processed"
PROC_EMAIL_MAPPED_HASH_VAL = "Mapped hash values"
PROC_EMAIL_SAVE_CONTAINER = "save_container returns, value: {0}, reason: {1}, id: {2}"
PROC_EMAIL_FAILED_CONTAINER = "Failed to add Container for id: {0}, error msg: {1}"
PROC_EMAIL_SAVE_CONTAINER_FAILED = "save_container did not return a container_id"
PROC_EMAIL_SAVE_CONT_PASSED = "save_artifact returns, value: {0}, reason: {1}, id: {2}"
PROC_EMAIL_FAILED_VAULT_CONT_DATA = "Failed to get vault item metadata"
PROC_EMAIL_FAILED_VAULT_ADD_FILE = "Failed to add file to Vault: {0}"
URI_REGEX = r"http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+#]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+"
EMAIL_REGEX = r"\b[A-Z0-9._%+-]+@+[A-Z0-9.-]+\.[A-Z]{2,}\b"
EMAIL_REGEX2 = r'".*"@[A-Z0-9.-]+\.[A-Z]{2,}\b'
HASH_REGEX = r"\b[0-9a-fA-F]{32}\b|\b[0-9a-fA-F]{40}\b|\b[0-9a-fA-F]{64}\b"
IP_REGEX = r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}'
IPV6_REGEX = r'\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|'
IPV6_REGEX += r'(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)'
IPV6_REGEX += r'(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))'
IPV6_REGEX += r'|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)'
IPV6_REGEX += r'(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|'
IPV6_REGEX += r'(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})'
IPV6_REGEX += r'|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)'
IPV6_REGEX += r'(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|'
IPV6_REGEX += r'(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})'
IPV6_REGEX += r'|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)'
IPV6_REGEX += r'(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|'
IPV6_REGEX += r'(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})'
IPV6_REGEX += r'|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)'
IPV6_REGEX += r'(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|'
IPV6_REGEX += r'(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})'
IPV6_REGEX += r'|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)'
IPV6_REGEX += r'(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|'
IPV6_REGEX += r'(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)'
IPV6_REGEX += r'(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*'
DEFAULT_TIMEOUT = 30 # seconds