import React, { Fragment } from 'react';import { getDLPWord, getFileTy

1. import React, { Fragment } from 'react';
2.  
3. import {
4. getDLPWord,
5. getFileType,
6. wordPlural,
7. getStringValueFromRecipients
8. } from '../../util/policy';
9. import {
10. CONTENT_MAIL,
11. MAIL,
12. DOC,
13. CONTENT_MAIL_RELAY
14. } from '../../actions/Policy/ActionTypes';
15. import {
16. MISADDRESSED_RECIPIENTS,
17. UNAUTHORIZED_RECIPIENTS
18. } from '../../util/modal_messaging_map';
19.  
20. const EventReason = ({ policy, attachments }) => {
21. if (!policy) return null;
22. const {
23. policy_type,
24. source_account,
25. object_type,
26. metadata,
27. user_reported,
28. from_address,
29. from_user,
30. to_user = { name: '', address: '' },
31. to_user_list = []
32. } = policy;
33. switch (policy_type) {
34. case UNAUTHORIZED_RECIPIENTS: {
35. if (to_user_list.length <= 1) {
36. return (
37. <span>
38. <strong>
39. {from_user !== source_account
40. ? `${from_user} <${source_account}>`
41. : ` <${source_account}>`}
42. </strong>{' '}
43. set up an email-forwarding rule to{' '}
44. <strong>
45. {to_user.name !== to_user.address
46. ? `${to_user.name}<${to_user.address}>.`
47. : `<${to_user.address}>.`}
48. </strong>
49. </span>
50. );
51. }
52. const toList = (
53. <strong>
54. {to_user_list
55. .map(({ name = '', address = 'unknown' }) =>
56. `${name}<${address}>`.trim()
57. )
58. .join(', ')}
59. .
60. </strong>
61. );
62. if (to_user_list.length < 4) {
63. return (
64. <span>
65. <strong>{`${from_user} <${source_account}>`}</strong> set up an
66. email-forwarding rule to <Fragment>{toList}</Fragment>
67. </span>
68. );
69. }
70. return (
71. <span>
72. <strong>{`${from_user} <${source_account}>`}</strong> set up an
73. email-forwarding rule to <Fragment>{toList.slice(0, 3)}</Fragment>
74. <strong>and {to_user_list.length - 3} more.</strong>
75. </span>
76. );
77. }
78. case 'PHISH_REPORT':
79. if (user_reported) {
80. return (
81. <span>
82. <strong>{source_account}</strong> reported this message as potential
83. phish. This affects <strong>{`${source_account}'s`}</strong>{' '}
84. account.
85. </span>
86. );
87. }
88. return (
89. <span>
90. We think this contains phishing content due to its similarity to a
91. phishing incident reported by <strong>{source_account}</strong>.
92. </span>
93. );
94. case 'PHISHING_LINK': {
95. const { url = 'N/A' } = metadata;
96. return (
97. <span>
98. We think <strong>{url}</strong> is a bad URL. This affects{' '}
99. <strong>{`${source_account}'s`}</strong> account.
100. </span>
101. );
102. }
103. case 'MALICIOUS_URL':
104. case 'BAD_URL': {
105. const { url = 'N/A' } = metadata;
106. return (
107. <span>
108. We think <strong>{url}</strong> is a bad URL. This affects{' '}
109. <strong>{`${source_account}'s`}</strong> account.
110. </span>
111. );
112. }
113. case 'MALICIOUS_ATTACHMENT': {
114. const { filename = 'N/A' } = metadata;
115. return (
116. <span>
117. We think this document <strong>{filename}</strong> is malicious. This
118. affects <strong>{`${source_account}'s`}</strong> account.
119. </span>
120. );
121. }
122. case 'LOOK_ALIKE_DOMAIN_SPOOF': {
123. const { spoofed_domain = 'N/A', lookalike_domain = 'N/A' } = metadata;
124. if (lookalike_domain.includes('SPF')) {
125. return (
126. <span>
127. We think the domain <strong>{lookalike_domain}</strong> is being
128. spoofed because the original senders header experienced SPF and SPF
129. alignment failures.
130. </span>
131. );
132. }
133. return (
134. <span>
135. We think the domain <strong>{lookalike_domain}</strong> is a
136. look-alike domain spoof of the true domain:{' '}
137. <strong>{spoofed_domain}</strong>. This affects{' '}
138. <strong>{`${source_account}'s`}</strong> account.
139. </span>
140. );
141. }
142. case 'DISPLAY_NAME_SPOOF': {
143. const {
144. spoofed_name = 'N/A',
145. spoofed_address = 'N/A',
146. stats = []
147. } = metadata;
148.  
149. const top_stats = stats.top_stats.filter(
150. name => Number(name.days) > Number(stats.current.days)
151. );
152.  
153. switch (top_stats.length) {
154. case 0:
155. return (
156. <span>
157. We think <strong>{spoofed_name}</strong> is being spoofed by the
158. email address <strong>{spoofed_address}</strong>. This affects{' '}
159. <strong>{`${source_account}'s`}</strong> account.
160. </span>
161. );
162. case 1:
163. return (
164. <span>
165. We think <strong>{spoofed_name}</strong> is being spoofed by the
166. email address <strong>{spoofed_address}</strong>.{' '}
167. <strong>{spoofed_name}</strong> has sent emails from{' '}
168. <strong>{spoofed_address}</strong>{' '}
169. {Number(stats.current.days) === 0 ? (
170. <strong>only today</strong>
171. ) : (
172. <span>
173. {' for only '}
174. <strong>{wordPlural(stats.current.days, 'day')}</strong>
175. </span>
176. )}
177. , as opposed to{' '}
178. <strong>{wordPlural(top_stats[0].days, 'day')}</strong> from{' '}
179. <strong>{top_stats[0].from_address}</strong>. This affects{' '}
180. <strong>{`${source_account}'s`}</strong> account.
181. </span>
182. );
183. case 2:
184. return (
185. <span>
186. We think <strong>{spoofed_name}</strong> is being spoofed by the
187. email address <strong>{spoofed_address}</strong>.{' '}
188. <strong>{spoofed_name}</strong> has sent emails from{' '}
189. <strong>{spoofed_address}</strong>{' '}
190. {Number(stats.current.days) === 0 ? (
191. <strong>only today</strong>
192. ) : (
193. <span>
194. {' for only '}
195. <strong>{wordPlural(stats.current.days, 'day')}</strong>
196. </span>
197. )}
198. , as opposed to{' '}
199. <strong>{wordPlural(top_stats[0].days, 'day')}</strong> from{' '}
200. <strong>{top_stats[0].from_address}</strong>, and{' '}
201. <strong>{wordPlural(top_stats[1].days, 'day')}</strong> from{' '}
202. <strong>{top_stats[1].from_address}</strong>. This affects{' '}
203. <strong>{`${source_account}'s`}</strong> account.
204. </span>
205. );
206. default:
207. return (
208. <span>
209. We think <strong>{spoofed_name}</strong> is being spoofed by the
210. email address <strong>{spoofed_address}</strong>.{' '}
211. <strong>{spoofed_name}</strong> has sent emails from{' '}
212. <strong>{spoofed_address}</strong>{' '}
213. {Number(stats.current.days) === 0 ? (
214. <strong>only today</strong>
215. ) : (
216. <span>
217. {' for only '}
218. <strong>{wordPlural(stats.current.days, 'day')}</strong>
219. </span>
220. )}
221. , as opposed to{' '}
222. {top_stats.map((stat, i) => (
223. <span key={stat.from_address}>
224. <strong>{wordPlural(stat.days, 'day')}</strong> from{' '}
225. <strong>{stat.from_address}</strong>
226. {i === top_stats.length - 2
227. ? ', and '
228. : i === top_stats.length - 1
229. ? '.'
230. : ', '}
231. </span>
232. ))}{' '}
233. This affects <strong>{`${source_account}'s`}</strong> account.
234. </span>
235. );
236. }
237. }
238. case 'DLP_PII_SSN':
239. case 'DLP_PII_PASSPORT_NUMBER':
240. case 'DLP_PII_DRIVER_LICENSE':
241. case 'DLP_PII_ITIN':
242. case 'DLP_PCI_CREDIT_CARD':
243. case 'DLP_PCI_ABA_ROUTING_NUMBER':
244. case 'DLP_PCI_US_BANK_ACCOUNT_NUMBER':
245. case 'DLP_PASSWORD':
246. case 'DLP_PCI_IBAN': {
247. const { count = 'N/A' } = metadata;
248. const obType = object_type === CONTENT_MAIL ? MAIL : DOC;
249. return (
250. <span>
251. We think there {count > 1 ? 'are' : 'is'} <strong>{count}</strong>{' '}
252. <strong>
253. {getDLPWord(policy_type)}
254. {count > 1 ? 's' : ''}
255. </strong>{' '}
256. in this <strong>{obType}</strong>. This affects{' '}
257. <strong>{`${source_account}'s`}</strong> account.
258. </span>
259. );
260. }
261. case 'DLP_CONFIDENTIAL_CONTENT': {
262. if (user_reported) {
263. return (
264. <span>
265. <strong>{source_account}</strong> reported this message as
266. confidential. This affects <strong>{`${source_account}'s`}</strong>{' '}
267. account.
268. </span>
269. );
270. }
271. let hasConfAttach = false;
272. if (attachments) {
273. for (let i = 0; i < attachments.length; i++) {
274. const attachment = attachments[i];
275. if (getFileType(attachment) === 'confidential') {
276. hasConfAttach = true;
277. break;
278. }
279. }
280. }
281. if (object_type === CONTENT_MAIL || object_type === CONTENT_MAIL_RELAY) {
282. return (
283. <span>
284. We think this message contains confidential content in the{' '}
285. <strong>{hasConfAttach ? 'attachment' : 'mail body'}</strong> due to
286. its similarity to a user-reported confidential policy. This affects{' '}
287. <strong>{`${source_account}'s`}</strong> account.
288. </span>
289. );
290. }
291. return (
292. <span>
293. We think this document contains confidential content due to its
294. similarity to a user-reported confidential policy. This affects{' '}
295. <strong>{`${source_account}'s`}</strong> account.
296. </span>
297. );
298. }
299. case 'BEC':
300. case 'BEC_RISK':
301. return (
302. <span>
303. We think this could be BEC because it contains sensitive and/or risky
304. content. This affects <strong>{`${source_account}'s`}</strong>{' '}
305. account.
306. </span>
307. );
308. case MISADDRESSED_RECIPIENTS: {
309. const { predicted_recipients = [], true_recipient = [] } = metadata;
310. return (
311. <span>
312. Based on the communication history and topics of discussion between
313. <strong> {` ${from_address}`} </strong> and{' '}
314. <strong> {` ${true_recipient}`}</strong>, we think this message was
315. misaddressed to{' '}
316. <strong>{` ${getStringValueFromRecipients(true_recipient)}`}</strong>
317. {predicted_recipients.length > 0 && (
318. <Fragment>
319. {' in place of '}
320. {predicted_recipients.length === 1 ? (
321. <strong>
322. {getStringValueFromRecipients(predicted_recipients[0])}
323. </strong>
324. ) : (
325. <span>
326. either{' '}
327. <b>{getStringValueFromRecipients(predicted_recipients[0])}</b>{' '}
328. {' or '}
329. <b>{getStringValueFromRecipients(predicted_recipients[1])}</b>
330. </span>
331. )}
332. </Fragment>
333. )}
334. . This affects <strong>{`${source_account}'s`}</strong> account.
335. </span>
336. );
337. }
338. default:
339. console.error('No reason found');
340. return '';
341. }
342. };
343.  
344. export default EventReason;