RubyGems - shadowserver - Versions diffs - 0.0.0 → 0.1.0 - Mend

shadowserver 0.0.0 → 0.1.0

Files changed (5) hide show

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 0.0.0
1	+ 0.1.0

data/lib/shadowserver/malware.rb CHANGED

@@ -22,11 +22,10 @@ module Shadowserver
 			}
 		end
-		# untested
 		def Malware::download(hash,filename=nil)
 			doc = _get("https://innocuous.shadowserver.org/api/?download=#{hash}")
 			raise doc.chomp if doc =~ /\! The Shadowserver Foundation:  RESTRICTED ACCESS/
-			return nil if doc =~ /^\!/
+			return nil if doc =~ /^\! The Shadowserver Foundation:/
 			if filename
 				File.open(filename,"w") do |f|
 					f.write(doc)
@@ -35,20 +34,24 @@ module Shadowserver
 			doc
 		end
-		# untested
 		def Malware::avresult(hash)
 			doc = _get("http://innocuous.shadowserver.org/api/?avresult=#{hash}")
 			raise doc.chomp if doc =~ /\! The Shadowserver Foundation:  RESTRICTED ACCESS/
-			return nil if doc =~ /^\!/
-			JSON.parse(doc)
+			return nil if doc =~ /^\! The Shadowserver Foundation:/
+			results = {}
+			doc.split(/\n/).each do |l|
+				next if l =~ /^"name","classification"/
+				name, classification = l.gsub(/"/,'').split(/,/,2)
+				results[name] = classification
+			end
+			results
 		end
-		# untested
 		def Malware::ssdeep(hash)
 			doc = _get("http://innocuous.shadowserver.org/api/?ssdeep=#{hash}")
 			raise doc.chomp if doc =~ /\! The Shadowserver Foundation:  RESTRICTED ACCESS/
-			return nil if doc =~ /^\!/
-			JSON.parse(doc)
+			return nil if doc =~ /^\! The Shadowserver Foundation:/
+			doc.split(/\n/)
 		end
 	end

data/shadowserver.gemspec ADDED

@@ -0,0 +1,77 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+Gem::Specification.new do |s|
+  s.name = %q{shadowserver}
+  s.version = "0.1.0"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Chris Lee"]
+  s.date = %q{2011-06-03}
+  s.description = %q{The Shadowserver Foundation is an all volunteer watchdog group of security professionals that gather, track, and report on malware, botnet activity, and electronic fraud. It is the mission of the Shadowserver Foundation to improve the security of the Internet by raising awareness of the presence of compromised servers, malicious attackers, and the spread of malware.}
+  s.email = %q{rubygems@chrislee.dhs.org}
+  s.executables = ["shadowserver_asn", "shadowserver_whitelist", "shadowserver_malware"]
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "bin/shadowserver_asn",
+    "bin/shadowserver_malware",
+    "bin/shadowserver_whitelist",
+    "lib/shadowserver.rb",
+    "lib/shadowserver/asn.rb",
+    "lib/shadowserver/malware.rb",
+    "lib/shadowserver/whitelist.rb",
+    "shadowserver.gemspec",
+    "test/helper.rb",
+    "test/notepad.exe",
+    "test/test_shadowserver.rb"
+  ]
+  s.homepage = %q{http://github.com/chrislee35/shadowserver}
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.7.2}
+  s.summary = %q{Queries various Shadowserver services for ASN information, malware hash lookups, and whitelist hash lookups}
+  s.test_files = [
+    "test/helper.rb",
+    "test/test_shadowserver.rb"
+  ]
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<json>, [">= 1.4.3"])
+      s.add_development_dependency(%q<shoulda>, [">= 0"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_development_dependency(%q<rcov>, [">= 0"])
+      s.add_runtime_dependency(%q<json>, [">= 1.4.3"])
+    else
+      s.add_dependency(%q<json>, [">= 1.4.3"])
+      s.add_dependency(%q<shoulda>, [">= 0"])
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_dependency(%q<rcov>, [">= 0"])
+      s.add_dependency(%q<json>, [">= 1.4.3"])
+    end
+  else
+    s.add_dependency(%q<json>, [">= 1.4.3"])
+    s.add_dependency(%q<shoulda>, [">= 0"])
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+    s.add_dependency(%q<rcov>, [">= 0"])
+    s.add_dependency(%q<json>, [">= 1.4.3"])
+  end
+end

data/test/test_shadowserver.rb CHANGED

@@ -1,4 +1,6 @@
 require 'helper'
+require 'digest/md5'
+require 'pp'
 class TestShadowserver < Test::Unit::TestCase
 	should "return whitelist results for 0E53C14A3E48D94FF596A2824307B492" do
@@ -6,7 +8,7 @@ class TestShadowserver < Test::Unit::TestCase
 		assert_not_nil(w)
 		assert_equal({"source_version"=>"$version", "language"=>"English", "os_name"=>"Windows NT", "mfg_name"=>"Corel Corporation", "filesize"=>"2226", "os_version"=>"Generic", "product_name"=>"Gallery", "filename"=>"00br2026.gif", "crc32"=>"AA6A7B16", "application_type"=>"Graphic/Drawing", "source"=>"NIST", "os_mfg"=>"Microsoft", "product_version"=>"750,000"}, w)
 	end
 	should "return nil for whitelist query for 0E53C14A3E48D94FF596A2824307B493" do
 		w = Shadowserver::Whitelist.by_hash("0E53C14A3E48D94FF596A2824307B493")
 		assert_nil(w)
@@ -29,6 +31,43 @@ class TestShadowserver < Test::Unit::TestCase
 		assert_equal({"first_seen"=>"2010-06-15 03:09:41", "filetype"=>"exe", "avresults"=>{"TrendMicro"=>"TROJ_DLOADR.SMM", "AntiVir"=>"WORM/VB.NVA", "VirusBuster"=>"Worm.VB.FMYJ", "QuickHeal"=>"Worm.VB.at", "Clam"=>"Trojan.Downloader-50691", "VBA32"=>"Trojan.VBO.011858", "Sophos"=>"Troj/DwnLdr-HQY", "NOD32"=>"Win32/AutoRun.VB.JP", "Kaspersky"=>"Trojan.Win32.Cosmu.nyl", "Panda"=>"W32/OverDoom.A", "Vexira"=>"Trojan.DL.VB.EEDT", "G-Data"=>"Trojan.Generic.2609117", "Ikarus"=>"Trojan-Downloader.Win32.VB", "Norman"=>"Suspicious_Gen2.SKLJ", "McAfee"=>"Generic", "AVG7"=>"Downloader.Generic9.URM", "F-Secure"=>"Worm:W32/Revois.gen!A", "F-Prot6"=>"W32/Worm.BAOX", "DrWeb"=>"Win32.HLLW.Autoruner.6014", "Avast-Commercial"=>"Win32:Zbot-LRA"}, "ssdeep"=>"12288:gOqOB0v2eZJys73dOvXDpNjNe8NuMpX4aBaa48L/93zKnP6ppgg2HFZlxVPbZX:sOA2eZJ8NI8Nah8L/4PqmTVPlX", "sha1"=>"6fe80e56ad4de610304bab1675ce84d16ab6988e", "last_seen"=>"2010-06-15 03:09:41", "md5"=>"aca4aad254280d25e74c82d440b76f79"}, mr)
 	end
+	should "download malware, aca4aad254280d25e74c82d440b76f79" do
+		mr = Shadowserver::Malware.download("aca4aad254280d25e74c82d440b76f79")
+		assert_not_nil(mr)
+		assert_equal("aca4aad254280d25e74c82d440b76f79", Digest::MD5.hexdigest(mr))
+	end
+	should "return av results for malware, aca4aad254280d25e74c82d440b76f79" do
+		mr = Shadowserver::Malware.avresult("aca4aad254280d25e74c82d440b76f79")
+		assert_not_nil(mr)
+		assert_equal({"TrendMicro"=>"TROJ_DLOADR.SMM",
+		 "AntiVir"=>"WORM/VB.NVA",
+		 "VirusBuster"=>"Worm.VB.FMYJ",
+		 "QuickHeal"=>"Worm.VB.at",
+		 "Clam"=>"Trojan.Downloader-50691",
+		 "VBA32"=>"Trojan.VBO.011858",
+		 "Sophos"=>"Troj/DwnLdr-HQY",
+		 "NOD32"=>"Win32/AutoRun.VB.JP",
+		 "Kaspersky"=>"Trojan.Win32.Cosmu.nyl",
+		 "Panda"=>"W32/OverDoom.A",
+		 "Vexira"=>"Trojan.DL.VB.EEDT",
+		 "G-Data"=>"Trojan.Generic.2609117",
+		 "Ikarus"=>"Trojan-Downloader.Win32.VB",
+		 "Norman"=>"Suspicious_Gen2.SKLJ",
+		 "McAfee"=>"Generic",
+		 "AVG7"=>"Downloader.Generic9.URM",
+		 "F-Secure"=>"Worm:W32/Revois.gen!A",
+		 "F-Prot6"=>"W32/Worm.BAOX",
+		 "DrWeb"=>"Win32.HLLW.Autoruner.6014",
+		 "Avast-Commercial"=>"Win32:Zbot-LRA"}, mr)
+	end
+	should "return information for ssdeep hash" do
+		mr = Shadowserver::Malware.ssdeep("768:iMgK0w6C07j107GjD9h73eVv+hu8XZXc7OZrxuZDJihVJvmtjP:ZZ0w70n4GjD9hbeaLXhcMxaDJQXvojP")
+		assert_not_nil(mr)
+		assert_equal(["3ae7fc35e4dd3dd1b2afe7a9a20fe8f8"], mr)
+	end
 	should "return nil for malware query for 0E53C14A3E48D94FF596A2824307B492" do
 		mr = Shadowserver::Malware.query("0E53C14A3E48D94FF596A2824307B492")
 		assert_nil(mr)

metadata CHANGED

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: shadowserver
 version: !ruby/object:Gem::Version
-  hash: 31
+  hash: 27
   prerelease:
   segments:
   - 0
+  - 1
   - 0
-  - 0
-  version: 0.0.0
+  version: 0.1.0
 platform: ruby
 authors:
 - Chris Lee
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-05-29 00:00:00 Z
+date: 2011-06-03 00:00:00 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   version_requirements: &id001 !ruby/object:Gem::Requirement
@@ -135,6 +135,7 @@ files:
 - lib/shadowserver/asn.rb
 - lib/shadowserver/malware.rb
 - lib/shadowserver/whitelist.rb
+- shadowserver.gemspec
 - test/helper.rb
 - test/notepad.exe
 - test/test_shadowserver.rb