amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-03-25 16:02:47 +00:00
Code Issues Projects Releases Wiki Activity

Fix duplicate forensic report search for Elasticsearch

Browse Source
This commit is contained in:
Sean Whalen
2018-10-14 04:48:25 -04:00
parent 3a575e91a1
commit 7fdee0ab76
2 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -2,6 +2,7 @@
-----
- Fix parsing of some emails
- Fix duplicate forensic report search for Elasticsearch
4.3.0
-----

16
parsedmarc/elastic.py
View File

@@ -320,13 +320,19 @@ def save_forensic_report_to_elasticsearch(forensic_report,
arrival_date = human_timestamp_to_datetime(arrival_date_human)
search = Index(index).search()
from_query = {"match": {"sample.headers.from": headers["from"]}}
subject_query = {"match": {"sample.headers.subject": headers["subject"]}}
arrival_query = {"match": {"sample.headers.arrival_date": arrival_date}}
q = Q(from_query) & Q(subject_query) & Q(arrival_query)
arrival_query = {"match": {"arrival_date": arrival_date}}
q = Q(arrival_query)
if "from" in headers:
from_query = {"match": {"sample.headers.from": headers["from"]}}
q = q & from_query
if "to" in headers:
to_query = {"match": {"sample.headers.to": headers["to"]}}
q & Q(to_query)
q = q & Q(to_query)
if "subject" in headers:
subject_query = {"match": {"sample.headers.subject": headers[
"subject"]}}
q = q & subject_query
search.query = q
existing = search.execute()