1. import re
  2. from collections import defaultdict
  4. def flag_anomalous_submissions(submissions, known_good_users=None):
  5. """
  6. Flags potentially anomalous form submissions based on simple heuristics.
  8. Args:
  9. submissions (list of dict): A list of dictionaries, where each dictionary represents a form submission.
  10. known_good_users (set, optional): A set of user IDs considered trustworthy. Defaults to None.
  12. Returns:
  13. list of dict: A list of flagged submissions.
  14. """
  16. flagged_submissions = []
  17. suspicious_patterns = [
  18. r"password.*123456", # Simple password pattern
  19. r"email.*@example\.com", #Suspicious domain
  20. r"extremely.*long.*string", #Detecting very long strings
  21. r"all.*caps", #Detecting all caps
  22. ]
  24. user_attempts = defaultdict(int)
  26. for submission in submissions:
  27. user_id = submission.get("user_id")
  28. if user_id:
  29. user_attempts[user_id] += 1
  31. #Check for suspicious patterns
  32. for pattern in suspicious_patterns:
  33. if re.search(pattern, submission.get("form_data", "")):
  34. flagged_submissions.append(submission)
  35. break #Only flag once per submission
  37. #Check for excessive attempts
  38. if user_id and user_attempts[user_id] > 5: #Flag if user exceeds attempt limit
  39. flagged_submissions.append(submission)
  41. user_attempts[user_id] = 0 #reset attempt count
  43. if known_good_users:
  44. for submission in submissions:
  45. user_id = submission.get("user_id")
  46. if user_id and user_id not in known_good_users:
  47. flagged_submissions.append(submission)
  49. return flagged_submissions

Add your comment