Add diff logic and send daily Spec11 emails with new threats

For each registrar, the daily email will only include threats that did not appear in the prior run's email. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=228889972
2025-07-25 20:18:34 +02:00 · 2019-01-11 08:59:28 -08:00 · 2019-01-11 08:59:28 -08:00 · f017798162
commit f017798162
parent a80a44cd06
15 changed files with 529 additions and 160 deletions
--- a/java/google/registry/reporting/spec11/soy/BUILD
+++ b/java/google/registry/reporting/spec11/soy/BUILD
@ -0,0 +1,13 @@
+package(
+    default_visibility = ["//java/google/registry:registry_project"],
+)
+
+licenses(["notice"])  # Apache 2.0
+
+load("@io_bazel_rules_closure//closure:defs.bzl", "closure_java_template_library")
+
+closure_java_template_library(
+    name = "soy_java_wrappers",
+    srcs = glob(["*.soy"]),
+    java_package = "google.registry.reporting.spec11.soy",
+)
--- a/java/google/registry/reporting/spec11/soy/Spec11Email.soy
+++ b/java/google/registry/reporting/spec11/soy/Spec11Email.soy
@ -0,0 +1,126 @@
+// Copyright 2019 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+{namespace registry.soy.reporting.spec11}
+
+/**
+ * Template for the content of the monthly spec11 email
+ */
+{template .monthlySpec11Email}
+  {@param threats: list<map<string, string>>}
+  {@param resources: list<string>}
+  {@param registry: string}
+  {@param replyToEmail: string}
+
+  Dear registrar partner,
+
+  <p>{$registry} previously notified you when the following domains managed by your
+    registrar were flagged for potential security concerns.</p>
+
+  <p>The following domains that you manage continue to be flagged by our analysis for potential
+    security concerns. This may be because the registrants have not completed the requisite steps
+    to mitigate the potential security abuse and/or have it reviewed and delisted.</p>
+
+  {call .threatMatchTable}
+    {param threats: $threats /}
+  {/call}
+
+  <p>Please work with the registrant to mitigate any security issues and have the
+    domains delisted.</p>
+
+  {call .resourceList}
+    {param resources: $resources /}
+  {/call}
+
+  <p>You will continue to receive a monthly summary of all domains managed by your registrar
+    that remain on our lists of potential security threats. You will additionally receive a daily
+    notice when any new domains that are added to these lists. Once the registrant has resolved
+    the security issues and followed the steps to have his or her domain reviewed and delisted
+    it will automatically be removed from our monthly reporting.</p>
+
+  <p>If you have any questions regarding this notice, please contact {$replyToEmail}.</p>
+{/template}
+
+/**
+ * Template for the content of the daily spec11 email
+ */
+{template .dailySpec11Email}
+  {@param threats: list<map<string, string>>}
+  {@param resources: list<string>}
+  {@param date: string}
+  {@param registry: string}
+  {@param replyToEmail: string}
+
+  Dear registrar partner,
+
+  <p>{$registry} conducts a daily analysis of all domains registered in its TLDs to
+    identify potential security concerns. On {$date}, the following domains that your
+    registrar manages were flagged for potential security concerns:</p>
+
+  {call .threatMatchTable}
+    {param threats: $threats /}
+  {/call}
+
+  <p><b>Please communicate these findings to the registrant and work with the
+    registrant to mitigate any security issues and have the domains delisted.</b></p>
+
+  {call .resourceList}
+    {param resources: $resources /}
+  {/call}
+
+  <p>You will continue to receive daily notices when new domains managed by your registrar
+    are flagged for abuse, as well as a monthly summary of all of your domains under management
+    that remain flagged for abuse. Once the registrant has resolved the security issues and
+    followed the steps to have his or her domain reviewed and delisted it will automatically
+    be removed from our reporting.</p>
+
+  <p>If you would like to change the email to which these notices are sent please update your
+    abuse contact using your registrar portal account.</p>
+
+  <p>If you have any questions regarding this notice, please contact {$replyToEmail}.</p>
+{/template}
+
+/**
+ * Template for the list of potentially-useful resources
+ */
+{template .resourceList}
+  {@param resources: list<string>}
+  {if length($resources) > 0}
+    Some helpful resources for getting off a blocked list include:
+    <ul>
+      {for $resource in $resources}
+        <li>{$resource}</li>
+      {/for}
+    </ul>
+  {/if}
+{/template}
+
+/**
+ * Template for the table containing the threats themselves
+ */
+{template .threatMatchTable}
+  {@param threats: list<map<string, string>>}
+  <table>
+    <tr>
+      <th>Domain Name</th>
+      <th>Threat Type</th>
+    </tr>
+    {for $threat in $threats}
+      <tr>
+        <td>{$threat['fullyQualifiedDomainName']}</td>
+        <td>{$threat['threatType']}</td>
+      </tr>
+    {/for}
+  </table>
+{/template}