Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import React, { Fragment } from 'react';
- import {
- getDLPWord,
- getFileType,
- wordPlural,
- getStringValueFromRecipients
- } from '../../util/policy';
- import {
- CONTENT_MAIL,
- MAIL,
- DOC,
- CONTENT_MAIL_RELAY
- } from '../../actions/Policy/ActionTypes';
- import {
- MISADDRESSED_RECIPIENTS,
- UNAUTHORIZED_RECIPIENTS
- } from '../../util/modal_messaging_map';
- const EventReason = ({ policy, attachments }) => {
- if (!policy) return null;
- const {
- policy_type,
- source_account,
- object_type,
- metadata,
- user_reported,
- from_address,
- from_user,
- to_user = { name: '', address: '' },
- to_user_list = []
- } = policy;
- switch (policy_type) {
- case UNAUTHORIZED_RECIPIENTS: {
- if (to_user_list.length <= 1) {
- return (
- <span>
- <strong>
- {from_user !== source_account
- ? `${from_user} <${source_account}>`
- : ` <${source_account}>`}
- </strong>{' '}
- set up an email-forwarding rule to{' '}
- <strong>
- {to_user.name !== to_user.address
- ? `${to_user.name}<${to_user.address}>.`
- : `<${to_user.address}>.`}
- </strong>
- </span>
- );
- }
- const toList = (
- <strong>
- {to_user_list
- .map(({ name = '', address = 'unknown' }) =>
- `${name}<${address}>`.trim()
- )
- .join(', ')}
- .
- </strong>
- );
- if (to_user_list.length < 4) {
- return (
- <span>
- <strong>{`${from_user} <${source_account}>`}</strong> set up an
- email-forwarding rule to <Fragment>{toList}</Fragment>
- </span>
- );
- }
- return (
- <span>
- <strong>{`${from_user} <${source_account}>`}</strong> set up an
- email-forwarding rule to <Fragment>{toList.slice(0, 3)}</Fragment>
- <strong>and {to_user_list.length - 3} more.</strong>
- </span>
- );
- }
- case 'PHISH_REPORT':
- if (user_reported) {
- return (
- <span>
- <strong>{source_account}</strong> reported this message as potential
- phish. This affects <strong>{`${source_account}'s`}</strong>{' '}
- account.
- </span>
- );
- }
- return (
- <span>
- We think this contains phishing content due to its similarity to a
- phishing incident reported by <strong>{source_account}</strong>.
- </span>
- );
- case 'PHISHING_LINK': {
- const { url = 'N/A' } = metadata;
- return (
- <span>
- We think <strong>{url}</strong> is a bad URL. This affects{' '}
- <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- }
- case 'MALICIOUS_URL':
- case 'BAD_URL': {
- const { url = 'N/A' } = metadata;
- return (
- <span>
- We think <strong>{url}</strong> is a bad URL. This affects{' '}
- <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- }
- case 'MALICIOUS_ATTACHMENT': {
- const { filename = 'N/A' } = metadata;
- return (
- <span>
- We think this document <strong>{filename}</strong> is malicious. This
- affects <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- }
- case 'LOOK_ALIKE_DOMAIN_SPOOF': {
- const { spoofed_domain = 'N/A', lookalike_domain = 'N/A' } = metadata;
- if (lookalike_domain.includes('SPF')) {
- return (
- <span>
- We think the domain <strong>{lookalike_domain}</strong> is being
- spoofed because the original senders header experienced SPF and SPF
- alignment failures.
- </span>
- );
- }
- return (
- <span>
- We think the domain <strong>{lookalike_domain}</strong> is a
- look-alike domain spoof of the true domain:{' '}
- <strong>{spoofed_domain}</strong>. This affects{' '}
- <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- }
- case 'DISPLAY_NAME_SPOOF': {
- const {
- spoofed_name = 'N/A',
- spoofed_address = 'N/A',
- stats = []
- } = metadata;
- const top_stats = stats.top_stats.filter(
- name => Number(name.days) > Number(stats.current.days)
- );
- switch (top_stats.length) {
- case 0:
- return (
- <span>
- We think <strong>{spoofed_name}</strong> is being spoofed by the
- email address <strong>{spoofed_address}</strong>. This affects{' '}
- <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- case 1:
- return (
- <span>
- We think <strong>{spoofed_name}</strong> is being spoofed by the
- email address <strong>{spoofed_address}</strong>.{' '}
- <strong>{spoofed_name}</strong> has sent emails from{' '}
- <strong>{spoofed_address}</strong>{' '}
- {Number(stats.current.days) === 0 ? (
- <strong>only today</strong>
- ) : (
- <span>
- {' for only '}
- <strong>{wordPlural(stats.current.days, 'day')}</strong>
- </span>
- )}
- , as opposed to{' '}
- <strong>{wordPlural(top_stats[0].days, 'day')}</strong> from{' '}
- <strong>{top_stats[0].from_address}</strong>. This affects{' '}
- <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- case 2:
- return (
- <span>
- We think <strong>{spoofed_name}</strong> is being spoofed by the
- email address <strong>{spoofed_address}</strong>.{' '}
- <strong>{spoofed_name}</strong> has sent emails from{' '}
- <strong>{spoofed_address}</strong>{' '}
- {Number(stats.current.days) === 0 ? (
- <strong>only today</strong>
- ) : (
- <span>
- {' for only '}
- <strong>{wordPlural(stats.current.days, 'day')}</strong>
- </span>
- )}
- , as opposed to{' '}
- <strong>{wordPlural(top_stats[0].days, 'day')}</strong> from{' '}
- <strong>{top_stats[0].from_address}</strong>, and{' '}
- <strong>{wordPlural(top_stats[1].days, 'day')}</strong> from{' '}
- <strong>{top_stats[1].from_address}</strong>. This affects{' '}
- <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- default:
- return (
- <span>
- We think <strong>{spoofed_name}</strong> is being spoofed by the
- email address <strong>{spoofed_address}</strong>.{' '}
- <strong>{spoofed_name}</strong> has sent emails from{' '}
- <strong>{spoofed_address}</strong>{' '}
- {Number(stats.current.days) === 0 ? (
- <strong>only today</strong>
- ) : (
- <span>
- {' for only '}
- <strong>{wordPlural(stats.current.days, 'day')}</strong>
- </span>
- )}
- , as opposed to{' '}
- {top_stats.map((stat, i) => (
- <span key={stat.from_address}>
- <strong>{wordPlural(stat.days, 'day')}</strong> from{' '}
- <strong>{stat.from_address}</strong>
- {i === top_stats.length - 2
- ? ', and '
- : i === top_stats.length - 1
- ? '.'
- : ', '}
- </span>
- ))}{' '}
- This affects <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- }
- }
- case 'DLP_PII_SSN':
- case 'DLP_PII_PASSPORT_NUMBER':
- case 'DLP_PII_DRIVER_LICENSE':
- case 'DLP_PII_ITIN':
- case 'DLP_PCI_CREDIT_CARD':
- case 'DLP_PCI_ABA_ROUTING_NUMBER':
- case 'DLP_PCI_US_BANK_ACCOUNT_NUMBER':
- case 'DLP_PASSWORD':
- case 'DLP_PCI_IBAN': {
- const { count = 'N/A' } = metadata;
- const obType = object_type === CONTENT_MAIL ? MAIL : DOC;
- return (
- <span>
- We think there {count > 1 ? 'are' : 'is'} <strong>{count}</strong>{' '}
- <strong>
- {getDLPWord(policy_type)}
- {count > 1 ? 's' : ''}
- </strong>{' '}
- in this <strong>{obType}</strong>. This affects{' '}
- <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- }
- case 'DLP_CONFIDENTIAL_CONTENT': {
- if (user_reported) {
- return (
- <span>
- <strong>{source_account}</strong> reported this message as
- confidential. This affects <strong>{`${source_account}'s`}</strong>{' '}
- account.
- </span>
- );
- }
- let hasConfAttach = false;
- if (attachments) {
- for (let i = 0; i < attachments.length; i++) {
- const attachment = attachments[i];
- if (getFileType(attachment) === 'confidential') {
- hasConfAttach = true;
- break;
- }
- }
- }
- if (object_type === CONTENT_MAIL || object_type === CONTENT_MAIL_RELAY) {
- return (
- <span>
- We think this message contains confidential content in the{' '}
- <strong>{hasConfAttach ? 'attachment' : 'mail body'}</strong> due to
- its similarity to a user-reported confidential policy. This affects{' '}
- <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- }
- return (
- <span>
- We think this document contains confidential content due to its
- similarity to a user-reported confidential policy. This affects{' '}
- <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- }
- case 'BEC':
- case 'BEC_RISK':
- return (
- <span>
- We think this could be BEC because it contains sensitive and/or risky
- content. This affects <strong>{`${source_account}'s`}</strong>{' '}
- account.
- </span>
- );
- case MISADDRESSED_RECIPIENTS: {
- const { predicted_recipients = [], true_recipient = [] } = metadata;
- return (
- <span>
- Based on the communication history and topics of discussion between
- <strong> {` ${from_address}`} </strong> and{' '}
- <strong> {` ${true_recipient}`}</strong>, we think this message was
- misaddressed to{' '}
- <strong>{` ${getStringValueFromRecipients(true_recipient)}`}</strong>
- {predicted_recipients.length > 0 && (
- <Fragment>
- {' in place of '}
- {predicted_recipients.length === 1 ? (
- <strong>
- {getStringValueFromRecipients(predicted_recipients[0])}
- </strong>
- ) : (
- <span>
- either{' '}
- <b>{getStringValueFromRecipients(predicted_recipients[0])}</b>{' '}
- {' or '}
- <b>{getStringValueFromRecipients(predicted_recipients[1])}</b>
- </span>
- )}
- </Fragment>
- )}
- . This affects <strong>{`${source_account}'s`}</strong> account.
- </span>
- );
- }
- default:
- console.error('No reason found');
- return '';
- }
- };
- export default EventReason;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement