hybridanalysisx 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 20b4903edd839b85fb14e303977fbfccf6edf3ff6ce93b181aae09bebdc74e1a
+  data.tar.gz: 0017fe61e806da4b6aea9ce4232aa1aa606a0e5a25e4b426cf653333a0113071
+SHA512:
+  metadata.gz: c2c0886fd20889ab3c9076e3fda4b4073fa849ef49cdb4b5f13be22bb67291a3c94dd3f2877d528978d0c0dca8f70d80accf3c56c99cf9cba0afbb08cbbb3695
+  data.tar.gz: a6c1bcf0c0c2fb85e258f2d348fbc611bbafc268bc776cdc71633fde9751d005bc0f159cc4d50be23cc324f35280109ac29108cbf9860ddb8c3bac9670ec104e

data/.gitignore

@@ -0,0 +1,58 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+.env
+
+# Ignore Byebug command history file.
+.byebug_history
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+Gemfile.lock
+.ruby-version
+.ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+# Used by RuboCop. Remote config files pulled in from inherit_from directive.
+# .rubocop-https?--*
+
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.6
+before_install: gem install bundler -v 2.1

data/Gemfile

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in hybridanalysisx.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Manabu Niseki
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,30 @@
+# hybridanalysisx
+
+[![Build Status](https://travis-ci.com/ninoseki/hybridanalysisx.svg?branch=master)](https://travis-ci.com/ninoseki/hybridanalysisx)
+[![Coverage Status](https://coveralls.io/repos/github/ninoseki/hybridanalysisx/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/hybridanalysisx?branch=master)
+[![CodeFactor](https://www.codefactor.io/repository/github/ninoseki/hybridanalysisx/badge)](https://www.codefactor.io/repository/github/ninoseki/hybridanalysisx)
+
+Yet another Hybrid Analysis API wrapper for Ruby.
+
+## Installation
+
+```bash
+gem install hybridanalysisx
+```
+
+## Usage
+
+```ruby
+require "hybridanalysis"
+
+# when given nothing, it tries to load your usernamem & API key via ENV["HA_API_KEY"] or ENV["HYBRIDANALYSIS_API_KEY"]
+api = HybridAnalysis::API.new
+
+api.feed.latest
+api.quick_scan(file: "/tmp/foo.exe", scan_type: "all")
+api.submit.file(file: "/tmp/foo.exe", environment_id: "110")
+```
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "hybridanalysisx"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/hybridanalysisx.gemspec

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require_relative 'lib/hybridanalysis/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "hybridanalysisx"
+  spec.version       = HybridAnalysis::VERSION
+  spec.authors       = ["Manabu Niseki"]
+  spec.email         = ["manabu.niseki@gmail.com"]
+
+  spec.summary       = 'Yet another Hybrid Analysis API wrapper for Ruby'
+  spec.description   = 'Yet another Hybrid Analysis API wrapper for Ruby'
+  spec.homepage      = "https://github.com/ninoseki/hybridanalysisx"
+  spec.license       = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.6.0")
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/ninoseki/hybridanalysisx"
+  spec.metadata["changelog_uri"] = "https://github.com/ninoseki/hybridanalysisx/CHANGELOG.md"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 2.1"
+  spec.add_development_dependency "coveralls", "~> 0.8"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "rspec", "~> 3.9"
+  spec.add_development_dependency "vcr", "~> 5.0"
+  spec.add_development_dependency "webmock", "~> 3.8"
+end

data/lib/hybridanalysis.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require "hybridanalysis/version"
+
+require "hybridanalysis/clients/client"
+
+require "hybridanalysis/clients/abuse_reports"
+require "hybridanalysis/clients/feed"
+require "hybridanalysis/clients/file_collection"
+require "hybridanalysis/clients/overview"
+require "hybridanalysis/clients/quick_scan"
+require "hybridanalysis/clients/report"
+require "hybridanalysis/clients/search"
+require "hybridanalysis/clients/submit"
+require "hybridanalysis/clients/system"
+
+require "hybridanalysis/api"
+
+module HybridAnalysis
+  class Error < StandardError; end
+end

data/lib/hybridanalysis/api.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module HybridAnalysis
+  class API
+    def initialize(key: ENV["HYBRIDANALYSIS_API_KEY"] || ENV["HA_API_KEY"])
+      @key = key
+    end
+
+    def abuse_reports
+      @abuse_reports ||= Clients::AbuseReports.new(@key)
+    end
+
+    def feed
+      @feed ||= Clients::Feed.new(@key)
+    end
+
+    def file_collection
+      @file_collection ||= Clients::FileCollection.new(@key)
+    end
+
+    def overview
+      @overview ||= Clients::Overview.new(@key)
+    end
+
+    def quick_scan
+      @quick_scan ||= Clients::QuickScan.new(@key)
+    end
+
+    def report
+      @report ||= Clients::Report.new(@key)
+    end
+
+    def search
+      @search ||= Clients::Search.new(@key)
+    end
+
+    def submit
+      @submit ||= Clients::Submit.new(@key)
+    end
+
+    def system
+      @system ||= Clients::System.new(@key)
+    end
+  end
+end

data/lib/hybridanalysis/clients/abuse_reports.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module HybridAnalysis
+  module Clients
+    class AbuseReports < Client
+      #
+      # Allows to request removal
+      #
+      # @param [String] sha256 SHA256 of the sample you want to report
+      # @param [String] reason Report reason
+      #
+      # @return [Hash]
+      #
+      def new(sha256:, reason: )
+        params = {
+          sha256: sha256,
+          reason: reason
+        }.compact
+        _post("/abuse-reports/new", params) { |json| json }
+      end
+    end
+  end
+end

data/lib/hybridanalysis/clients/client.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+require "net/https"
+require "json"
+require "uri"
+require "zlib"
+
+module HybridAnalysis
+  module Clients
+    class Client
+      attr_reader :key
+
+      HOST = "www.hybrid-analysis.com"
+      VERSION = "v2"
+      BASE_URL = "https://#{HOST}/api/#{VERSION}"
+      DEFAULT_UA = "Falcon Sandbox"
+
+      def initialize(key)
+        @key = key
+      end
+
+      private
+
+      def url_for(path)
+        URI(BASE_URL + path)
+      end
+
+      def https_options
+        if proxy = ENV["HTTPS_PROXY"] || ENV["https_proxy"]
+          uri = URI(proxy)
+          {
+            proxy_address: uri.hostname,
+            proxy_port: uri.port,
+            proxy_from_env: false,
+            use_ssl: true
+          }
+        else
+          { use_ssl: true }
+        end
+      end
+
+      def request(req)
+        Net::HTTP.start(HOST, 443, https_options) do |http|
+          req["api-key"] = key
+          req["user-agent"] = DEFAULT_UA
+
+          response = http.request(req)
+
+          code = response.code.to_i
+          body = response.body
+          json = JSON.parse(body) if response["Content-Type"].to_s.include?("application/json")
+          body = unzip(body) if response["Content-Type"].to_s.include?("application/gzip")
+
+          case code
+          when 200, 201, 202
+            if json
+              yield json
+            else
+              yield body
+            end
+          else
+            message = json&.dig("message") || body
+            raise Error, "Unsupported response code returned: #{code} (#{message})"
+          end
+        end
+      end
+
+      def _get(path, params = {}, &block)
+        uri = url_for(path)
+        uri.query = URI.encode_www_form(params)
+        get = Net::HTTP::Get.new(uri)
+
+        request(get, &block)
+      end
+
+      def _post(path, params = {}, &block)
+        post = Net::HTTP::Post.new(url_for(path))
+        post.set_form params
+
+        request(post, &block)
+      end
+
+      def _post_with_file(path, file:, filename:, params: {}, &block)
+        post = Net::HTTP::Post.new(url_for(path))
+        data = [
+          ["file", file, { filename: filename }],
+        ]
+        data += stringfy_keys(params)
+        post.set_form(data, "multipart/form-data")
+
+        request(post, &block)
+      end
+
+      def _delete(path, params = {}, &block)
+        delete = Net::HTTP::Delete.new(url_for(path))
+        delete.body = JSON.generate(params) if params
+
+        request(delete, &block)
+      end
+
+      def stringfy_keys(hash)
+        hash.map do |k, v|
+          [k.to_s, v.to_s]
+        end
+      end
+
+      def path?(path)
+        File.exist? path
+      end
+
+      def unzip(data)
+        sio = StringIO.new(data)
+        gz = Zlib::GzipReader.new(sio)
+        gz.read
+      end
+    end
+  end
+end

data/lib/hybridanalysis/clients/feed.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module HybridAnalysis
+  module Clients
+    class Feed < Client
+      #
+      # access a JSON feed (summary information) of last 250 reports from 24h
+      #
+      # @return [Hash]
+      #
+      def latest
+        _get("/feed/latest") { |json| json }
+      end
+    end
+  end
+end