amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-04-04 20:58:53 +00:00
Code Issues Projects Releases Wiki Activity

3.8.0 - Fix saving to Elasticsearch when the to header is mising from forensic sample

Browse Source
This commit is contained in:
Sean Whalen
2018-08-21 16:00:46 -04:00
parent 245262d997
commit 3954ecc595
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
parsedmarc/elastic.py
View File

@@ -296,12 +296,14 @@ def save_forensic_report_to_elasticsearch(forensic_report):
arrival_date = parsedmarc.human_timestamp_to_datetime(arrival_date_human)
search = forensic_index.search()
to_query = {"match": {"sample.headers.to": headers["to"]}}
from_query = {"match": {"sample.headers.from": headers["from"]}}
subject_query = {"match": {"sample.headers.subject": headers["subject"]}}
arrival_date_query = {"match": {"sample.headers.arrival_date": arrival_date
}}
q = Q(to_query) & Q(from_query) & Q(subject_query) & Q(arrival_date_query)
}}
q = Q(from_query) & Q(subject_query) & Q(arrival_date_query)
if "to" in headers:
to_query = {"match": {"sample.headers.to": headers["to"]}}
q & Q(to_query)
search.query = q
existing = search.execute()