s452649/PhishGuardian
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adding date-based filtering for messages marked as safe or deleted.

Browse Source
This commit is contained in:
s452624 2024-06-10 20:36:35 +03:00
parent 521fd5e75f
commit 350bdac213
5 changed files with 174 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
backend/backend.py
View File

@ -16,6 +16,9 @@ import email
from email.header import decode_header from email.header import decode_header
import base64 import base64
import csv import csv
from datetime import datetime, timedelta
from googleapiclient.discovery import build
app = Flask(__name__) app = Flask(__name__)
CORS(app) CORS(app)
@ -24,37 +27,38 @@ app.secret_key = 'your_secret_key'
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1' os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1'
CLIENT_SECRETS_FILE = "client_secret.json" CLIENT_SECRETS_FILE = "client_secret.json"
SCOPES = ['https://www.googleapis.com/auth/gmail.readonly','https://www.googleapis.com/auth/gmail.modify'] SCOPES = ['https://www.googleapis.com/auth/gmail.readonly','https://www.googleapis.com/auth/gmail.modify',"https://www.googleapis.com/auth/userinfo.email",'https://www.googleapis.com/auth/userinfo.profile',
'openid']
API_SERVICE_NAME = 'gmail' API_SERVICE_NAME = 'gmail'
API_VERSION = 'v1' API_VERSION = 'v1'
SAFE_EMAILS_FILE = 'safe_emails.json' SAFE_EMAILS_FILE = 'safe_emails.json'
SAFE_TRASH_FILE = 'safe_trash.csv' SAFE_TRASH_FILE = 'safe_trash.csv'
# Load safe emails from file
def load_safe_emails(): def load_safe_emails():
if os.path.exists(SAFE_EMAILS_FILE): if os.path.exists(SAFE_EMAILS_FILE):
if os.path.getsize(SAFE_EMAILS_FILE) > 0:
with open(SAFE_EMAILS_FILE, 'r') as file: with open(SAFE_EMAILS_FILE, 'r') as file:
try:
return json.load(file) return json.load(file)
except json.JSONDecodeError:
return []
return [] return []
# Save safe emails to file
def save_safe_emails(safe_emails): def save_safe_emails(safe_emails):
with open(SAFE_EMAILS_FILE, 'w') as file: with open(SAFE_EMAILS_FILE, 'w') as file:
json.dump(safe_emails, file) json.dump(safe_emails, file)
def save_safe_trash(safe_trash): def save_safe_trash(safe_trash):
file_exists = os.path.isfile(SAFE_TRASH_FILE) file_exists = os.path.isfile(SAFE_TRASH_FILE)
with open(SAFE_TRASH_FILE, 'a', newline='', encoding='utf-8') as file: with open(SAFE_TRASH_FILE, 'a', newline='', encoding='utf-8') as file:
fieldnames = ['from', 'subject', 'body'] fieldnames = ['from', 'subject', 'body', 'date',"username"]
writer = csv.DictWriter(file, fieldnames=fieldnames) writer = csv.DictWriter(file, fieldnames=fieldnames)
if not file_exists: if not file_exists:
writer.writeheader() writer.writeheader()
if 'date' not in safe_trash:
safe_trash['date'] = datetime.now().isoformat()
writer.writerow(safe_trash) writer.writerow(safe_trash)
safe_emails = load_safe_emails() safe_emails = load_safe_emails()
@ -77,7 +81,6 @@ def load_credentials():
return None return None
@app.route('/authorize') @app.route('/authorize')
def authorize(): def authorize():
client_secrets = load_client_secrets() client_secrets = load_client_secrets()
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file( flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
@ -104,6 +107,7 @@ def oauth2callback():
authorization_response = request.url authorization_response = request.url
app.logger.info(f"Authorization response: {authorization_response}") app.logger.info(f"Authorization response: {authorization_response}")
try: try:
flow.fetch_token(authorization_response=authorization_response) flow.fetch_token(authorization_response=authorization_response)
credentials = flow.credentials credentials = flow.credentials
@ -124,12 +128,13 @@ def oauth2callback():
app.logger.error(f"Exception: {str(e)}") app.logger.error(f"Exception: {str(e)}")
app.logger.error("Traceback: " + traceback.format_exc()) app.logger.error("Traceback: " + traceback.format_exc())
return jsonify({'error': 'Exception', 'message': str(e)}), 500 return jsonify({'error': 'Exception', 'message': str(e)}), 500
@app.route('/validate-outlook-login', methods=['POST'])
@app.route('/validate-outlook-login', methods=['POST'])
def validate_outlook_login(): def validate_outlook_login():
data = request.json data = request.json
username = data['email'] username = data['email']
password = data['password'] password = data['password']
try: try:
mail = imaplib.IMAP4_SSL("outlook.office365.com") mail = imaplib.IMAP4_SSL("outlook.office365.com")
mail.login(username, password) mail.login(username, password)
@ -141,11 +146,11 @@ def validate_outlook_login():
return jsonify({"success": False, "error": "Encoding error"}), 400 return jsonify({"success": False, "error": "Encoding error"}), 400
@app.route('/fetch-emails', methods=['POST']) @app.route('/fetch-emails', methods=['POST'])
def fetch_emails(): def fetch_emails():
data = request.json data = request.json
username = data['username'] username = data['username']
password = data['password'] password = data['password']
try: try:
mail = imaplib.IMAP4_SSL("outlook.office365.com") mail = imaplib.IMAP4_SSL("outlook.office365.com")
mail.login(username, password) mail.login(username, password)
@ -154,11 +159,14 @@ def fetch_emails():
return jsonify({"error": "Login failed. Check your email and password."}), 401 return jsonify({"error": "Login failed. Check your email and password."}), 401
except UnicodeEncodeError: except UnicodeEncodeError:
return jsonify({"error": "Encoding error. Ensure your email and password contain only valid characters."}), 400 return jsonify({"error": "Encoding error. Ensure your email and password contain only valid characters."}), 400
status, messages = mail.search(None, "ALL") status, messages = mail.search(None, "ALL")
if status != "OK": if status != "OK":
return jsonify({"error": "Failed to retrieve emails."}), 500 return jsonify({"error": "Failed to retrieve emails."}), 500
status, messages = mail.search(None, "ALL") status, messages = mail.search(None, "ALL")
email_ids = messages[0].split() email_ids = messages[0].split()
emails = [] emails = []
for email_id in email_ids: for email_id in email_ids:
@ -172,6 +180,7 @@ def fetch_emails():
from_ = msg.get("From") from_ = msg.get("From")
name, email_address = email.utils.parseaddr(from_) name, email_address = email.utils.parseaddr(from_)
body = "" body = ""
result = False
if msg.is_multipart(): if msg.is_multipart():
for part in msg.walk(): for part in msg.walk():
if part.get_content_type() == "text/plain" and part.get("Content-Disposition") is None: if part.get_content_type() == "text/plain" and part.get("Content-Disposition") is None:
@ -180,7 +189,9 @@ def fetch_emails():
body = msg.get_payload(decode=True).decode(msg.get_content_charset() or "utf-8") body = msg.get_payload(decode=True).decode(msg.get_content_charset() or "utf-8")
email_vectorized = vectorizer.transform([body]) email_vectorized = vectorizer.transform([body])
prediction = model.predict(email_vectorized) prediction = model.predict(email_vectorized)
if not any(email['id'] == email_id.decode() for email in safe_emails):
result = True if prediction == 1 or contains_suspicious_links(body) or contains_phishing_indicators(subject, email_address,body) else False result = True if prediction == 1 or contains_suspicious_links(body) or contains_phishing_indicators(subject, email_address,body) else False
emails.append({"id": email_id.decode(), emails.append({"id": email_id.decode(),
"from": email_address, "from": email_address,
"subject": subject, "subject": subject,
@ -191,7 +202,6 @@ def fetch_emails():
return jsonify(emails) return jsonify(emails)
@app.route('/check_auth_status', methods=['GET']) @app.route('/check_auth_status', methods=['GET'])
def check_auth_status(): def check_auth_status():
if 'credentials' in session: if 'credentials' in session:
credentials = google.oauth2.credentials.Credentials(**session['credentials']) credentials = google.oauth2.credentials.Credentials(**session['credentials'])
@ -200,7 +210,6 @@ def check_auth_status():
return jsonify({'logged_in': False}) return jsonify({'logged_in': False})
@app.route('/check_mail') @app.route('/check_mail')
def check_mail(): def check_mail():
if 'credentials' not in session: if 'credentials' not in session:
return redirect('authorize') return redirect('authorize')
@ -214,10 +223,7 @@ def check_mail():
results = gmail.users().messages().list(userId='me', labelIds=['INBOX']).execute() results = gmail.users().messages().list(userId='me', labelIds=['INBOX']).execute()
messages = results.get('messages', []) messages = results.get('messages', [])
emails = [] emails = []
for message in messages: for message in messages:
msg = gmail.users().messages().get(userId='me', id=message['id']).execute() msg = gmail.users().messages().get(userId='me', id=message['id']).execute()
snippet = msg.get('snippet', '') snippet = msg.get('snippet', '')
@ -233,8 +239,9 @@ def check_mail():
sender = header['value'] sender = header['value']
email_vectorized = vectorizer.transform([snippet]) email_vectorized = vectorizer.transform([snippet])
prediction = model.predict(email_vectorized) prediction = model.predict(email_vectorized)
if message['id'] not in safe_emails: if not any(email['id'] == message['id'] for email in safe_emails):
result = True if prediction == 1 or contains_suspicious_links(snippet) or contains_phishing_indicators(subject, sender,snippet) else False result = True if prediction == 1 or contains_suspicious_links(snippet) or contains_phishing_indicators(subject, sender, snippet) else False
emails.append({ emails.append({
'subject': subject, 'subject': subject,
'from': sender, 'from': sender,
@ -243,22 +250,31 @@ def check_mail():
'suspicious': result 'suspicious': result
}) })
return jsonify(emails) return jsonify(emails)
@app.route('/logout', methods=['POST'])
@app.route('/logout', methods=['POST'])
def logout(): def logout():
session.clear() session.clear()
app.logger.info("Session cleared. User logged out.") app.logger.info("Session cleared. User logged out.")
return jsonify({'message': 'Logged out'}), 200 return jsonify({'message': 'Logged out'}), 200
@app.route('/mark_safe/<email_id>', methods=['POST']) @app.route('/mark_safe/<email_id>', methods=['POST'])
def mark_safe(email_id): def mark_safe(email_id):
data = request.json
email = data['email']
username = data['username']
if email == "gmail":
credentials = google.oauth2.credentials.Credentials(
**session['credentials'])
service = build('people', 'v1', credentials=credentials)
profile = service.people().get(resourceName='people/me', personFields='emailAddresses').execute()
username = profile.get('emailAddresses', [])[0].get('value')
global safe_emails global safe_emails
safe_emails.append(email_id) email_data = {'id': email_id, 'date': datetime.now().isoformat(),"username":username}
safe_emails.append(email_data)
save_safe_emails(safe_emails) save_safe_emails(safe_emails)
app.logger.info(f'Email {email_id} marked as safe') return jsonify({'status': 'success'})
return jsonify({"message": f"Email {email_id} marked as safe"}), 200
@app.route('/move_trash/<email_id>', methods=['POST'])
@app.route('/move_trash/<email_id>', methods=['POST'])
def move_trash(email_id): def move_trash(email_id):
if 'credentials' not in session: if 'credentials' not in session:
return jsonify({'message': 'Not logged in'}), 401 return jsonify({'message': 'Not logged in'}), 401
@ -267,6 +283,10 @@ def move_trash(email_id):
gmail = googleapiclient.discovery.build( gmail = googleapiclient.discovery.build(
'gmail', 'v1', credentials=credentials) 'gmail', 'v1', credentials=credentials)
service = build('people', 'v1', credentials=credentials)
profile = service.people().get(resourceName='people/me', personFields='emailAddresses').execute()
username = profile.get('emailAddresses', [])[0].get('value')
try: try:
message = gmail.users().messages().get(userId='me', id=email_id).execute() message = gmail.users().messages().get(userId='me', id=email_id).execute()
payload = message.get('payload', {}) payload = message.get('payload', {})
@ -290,7 +310,8 @@ def move_trash(email_id):
safe_trash = { safe_trash = {
"from": sender, "from": sender,
"subject": subject, "subject": subject,
"body": body "body": body,
"username": username
} }
save_safe_trash(safe_trash) save_safe_trash(safe_trash)
@ -306,7 +327,6 @@ def move_trash(email_id):
return jsonify({"error": str(e)}), 500 return jsonify({"error": str(e)}), 500
@app.route('/delete-email', methods=['POST']) @app.route('/delete-email', methods=['POST'])
def delete_email(): def delete_email():
data = request.json data = request.json
email_id = data['email_id'] email_id = data['email_id']
@ -327,7 +347,6 @@ def delete_email():
if isinstance(subject, bytes): if isinstance(subject, bytes):
subject = subject.decode(encoding if encoding else "utf-8") subject = subject.decode(encoding if encoding else "utf-8")
from_ = msg.get("From") from_ = msg.get("From")
name, email_address = email.utils.parseaddr(from_)
body = "" body = ""
if msg.is_multipart(): if msg.is_multipart():
for part in msg.walk(): for part in msg.walk():
@ -335,23 +354,63 @@ def delete_email():
body += part.get_payload(decode=True).decode(part.get_content_charset() or "utf-8") body += part.get_payload(decode=True).decode(part.get_content_charset() or "utf-8")
else: else:
body = msg.get_payload(decode=True).decode(msg.get_content_charset() or "utf-8") body = msg.get_payload(decode=True).decode(msg.get_content_charset() or "utf-8")
safe_trash = { safe_trash = {
"from": from_, "from": from_,
"subject": subject, "subject": subject,
"body": body "body": body,
"username": username
} }
save_safe_trash(safe_trash) save_safe_trash(safe_trash)
mail.store(email_id, '+FLAGS', '\\Deleted') mail.store(email_id, '+FLAGS', '\\Deleted')
mail.expunge() mail.expunge()
return jsonify({"message": f"Email {email_id} deleted"}) return jsonify({"message": f"Email {email_id} deleted"})
except imaplib.IMAP4.error: except imaplib.IMAP4.error:
return jsonify({"error": "Failed to delete email"}), 500 return jsonify({"error": "Failed to delete email"}), 500
@app.route('/get_email_stats', methods=['POST'])
def get_email_stats():
data = request.json
email = data['emailService']
username = data['username']
if email == "gmail":
credentials = google.oauth2.credentials.Credentials(
**session['credentials'])
service = build('people', 'v1', credentials=credentials)
profile = service.people().get(resourceName='people/me', personFields='emailAddresses').execute()
username = profile.get('emailAddresses', [])[0].get('value')
start_date = datetime.fromisoformat(data['start_date'])
end_date = datetime.fromisoformat(data['end_date']) + timedelta(days=1)
safe_emails_count = 0
trashed_emails_count = 0
safe_emails = load_safe_emails()
for email in safe_emails:
if email['username'] == username and 'date' in email:
email_date = datetime.fromisoformat(email['date'])
if start_date <= email_date < end_date:
safe_emails_count += 1
if os.path.exists(SAFE_TRASH_FILE):
with open(SAFE_TRASH_FILE, 'r', encoding='utf-8') as file:
reader = csv.DictReader(file)
for row in reader:
if row['username'] == username:
email_date = datetime.fromisoformat(row['date'])
if start_date <= email_date < end_date:
trashed_emails_count += 1
return jsonify({
'safe_emails_count': safe_emails_count,
'trashed_emails_count': trashed_emails_count
})
def contains_suspicious_links(snippet): def contains_suspicious_links(snippet):
url_pattern = re.compile(r'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\\(\\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+') url_pattern = re.compile(r'http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\\(\\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+')
urls = url_pattern.findall(snippet) urls = url_pattern.findall(snippet)
suspicious_domains = ['phishingsite.com', 'malicious.com'] suspicious_domains = ['phishingsite.com', 'malicious.com']
for url in urls: for url in urls:
for domain in suspicious_domains: for domain in suspicious_domains:
if domain in url: if domain in url:

19
extension/background.js
View File

@ -42,12 +42,26 @@ chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
); );
} }
} else if (message.type === "mark-safe") { } else if (message.type === "mark-safe") {
fetch(`http://localhost:5000/mark_safe/${message.emailId}`, { chrome.storage.local.get(
["email", "password", "emailService"],
function (result) {
const emailService = result.emailService;
const emailId = message.emailId;
fetch(`http://localhost:5000/mark_safe/${emailId}`, {
method: "POST", method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
username: result.email,
email: emailService,
}),
}) })
.then((response) => response.json()) .then((response) => response.json())
.then((data) => console.log(data)) .then((data) => console.log(data))
.catch((error) => console.error("Error:", error)); .catch((error) => console.error("Error:", error));
}
);
} else if (message.type === "move-trash") { } else if (message.type === "move-trash") {
chrome.storage.local.get( chrome.storage.local.get(
["email", "password", "emailService"], ["email", "password", "emailService"],
@ -72,6 +86,9 @@ chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
} else { } else {
fetch(`http://localhost:5000/move_trash/${emailId}`, { fetch(`http://localhost:5000/move_trash/${emailId}`, {
method: "POST", method: "POST",
headers: {
"Content-Type": "application/json",
},
}) })
.then((response) => response.json()) .then((response) => response.json())
.then((data) => console.log(data)) .then((data) => console.log(data))

12
extension/manifest.json
View File

@ -19,15 +19,15 @@
"action": { "action": {
"default_popup": "popup.html", "default_popup": "popup.html",
"default_icon": { "default_icon": {
"16": "icon16.png", "16": "images/icon16.png",
"48": "icon48.png", "48": "images/icon48.png",
"128": "icon128.png" "128": "images/icon128.png"
} }
}, },
"icons": { "icons": {
"16": "icon16.png", "16": "images/icon16.png",
"48": "icon48.png", "48": "images/icon48.png",
"128": "icon128.png" "128": "images/icon128.png"
}, },
"oauth2": { "oauth2": {
"client_id": "", "client_id": "",

7
extension/notification.html
View File

@ -15,6 +15,13 @@
</div> </div>
<div class="card-body"> <div class="card-body">
<p id="notification-message"></p> <p id="notification-message"></p>
<div>
<label for="start-date">Start Date:</label>
<input type="date" id="start-date" />
<label for="end-date">End Date:</label>
<input type="date" id="end-date" />
<button id="filter-button" class="btn btn-primary">Filter</button>
</div>
<div id="emails-container" class="list-group"></div> <div id="emails-container" class="list-group"></div>
<nav> <nav>
<ul <ul

40
extension/notification.js
View File

@ -4,6 +4,9 @@ document.addEventListener("DOMContentLoaded", function () {
const notificationMessage = document.getElementById("notification-message"); const notificationMessage = document.getElementById("notification-message");
const emailsContainer = document.getElementById("emails-container"); const emailsContainer = document.getElementById("emails-container");
const pagination = document.getElementById("pagination"); const pagination = document.getElementById("pagination");
const filterButton = document.getElementById("filter-button");
const startDateInput = document.getElementById("start-date");
const endDateInput = document.getElementById("end-date");
const emailsPerPage = 5; const emailsPerPage = 5;
let currentPage = 1; let currentPage = 1;
@ -110,12 +113,39 @@ document.addEventListener("DOMContentLoaded", function () {
} }
} }
updateDisplay(); filterButton.addEventListener("click", function () {
const startDate = startDateInput.value;
closeButton.addEventListener("click", function () { const endDate = endDateInput.value;
console.log("Close button clicked"); chrome.storage.local.get(["email", "emailService"], function (result) {
window.close(); const emailService = result.emailService;
fetch("http://localhost:5000/get_email_stats", {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
start_date: startDate,
end_date: endDate,
emailService: emailService,
username: result.email,
}),
})
.then((response) => response.json())
.then((data) => {
notificationMessage.innerHTML = `
<p>Marked as Safe: ${data.safe_emails_count}</p>
<p>Trashed Emails: ${data.trashed_emails_count}</p>
`;
})
.catch((error) => console.error("Error:", error));
}); });
});
updateDisplay();
} }
); );
closeButton.addEventListener("click", function () {
window.close();
});
}); });