threatexpert 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
data/Gemfile CHANGED
@@ -3,6 +3,7 @@ source "http://rubygems.org"
3
3
  # Example:
4
4
  gem "nokogiri", ">= 1.4.4"
5
5
  gem "multipart-post", ">= 1.1.0"
6
+ gem "crack", ">= 0.1.8"
6
7
 
7
8
  # Add dependencies to develop your gem here.
8
9
  # Include everything needed to run rake, tests, features, etc.
@@ -1,6 +1,7 @@
1
1
  GEM
2
2
  remote: http://rubygems.org/
3
3
  specs:
4
+ crack (0.1.8)
4
5
  git (1.2.5)
5
6
  jeweler (1.5.2)
6
7
  bundler (~> 1.0.0)
@@ -17,6 +18,7 @@ PLATFORMS
17
18
 
18
19
  DEPENDENCIES
19
20
  bundler (~> 1.0.0)
21
+ crack (>= 0.1.8)
20
22
  jeweler (~> 1.5.2)
21
23
  multipart-post (>= 1.1.0)
22
24
  nokogiri (>= 1.4.4)
@@ -2,14 +2,13 @@
2
2
 
3
3
  The threatexpert gem provides a simple API to query ThreatExpert by malware name (to receive a list of matching hashes) or hash (to receive a malware report). This also provides a simple upload feature.
4
4
 
5
- require 'threatexpert'
6
-
7
- t = ThreatExpert::Search.new
8
- hashes = t.name("Worm.Hamweg.Gen")
9
- html = t.md5(hashes[0])
10
- sb = ThreatExpert::Submit.new
11
- filename = "/malware_share/downadup/62c6c217e7980e53aa3b234e19a5a25e.dll"
12
- sb.submit(filename, youremailhere)
5
+ require 'threatexpert'
6
+ t = ThreatExpert::Search.new
7
+ hashes = t.name("Worm.Hamweg.Gen")
8
+ html = t.md5(hashes[0])
9
+ sb = ThreatExpert::Submit.new
10
+ filename = "/malware_share/downadup/62c6c217e7980e53aa3b234e19a5a25e.dll"
11
+ sb.submit(filename, youremailhere)
13
12
 
14
13
  == Contributing to threatexpert
15
14
 
data/Rakefile CHANGED
@@ -1,51 +1,52 @@
1
1
  require 'rubygems'
2
2
  require 'bundler'
3
3
  begin
4
- Bundler.setup(:default, :development)
4
+ Bundler.setup(:default, :development)
5
5
  rescue Bundler::BundlerError => e
6
- $stderr.puts e.message
7
- $stderr.puts "Run `bundle install` to install missing gems"
8
- exit e.status_code
6
+ $stderr.puts e.message
7
+ $stderr.puts "Run `bundle install` to install missing gems"
8
+ exit e.status_code
9
9
  end
10
10
  require 'rake'
11
11
 
12
12
  require 'jeweler'
13
13
  Jeweler::Tasks.new do |gem|
14
- # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
15
- gem.name = "threatexpert"
16
- gem.homepage = "http://github.com/chrislee35/threatexpert"
17
- gem.license = "MIT"
18
- gem.summary = %Q{Allows for malware name and md5 hash searching of, and malware submission to ThreatExpert.com.}
19
- gem.description = %Q{Provides a simple API to query ThreatExpert by malware name (to receive a list of matching hashes) or hash (to receive a malware report). This also provides a simple upload feature.}
20
- gem.email = "rubygems@chrislee.dhs.org"
21
- gem.authors = ["Chris Lee"]
22
- gem.add_runtime_dependency "nokogiri", ">= 1.4.4"
14
+ # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
15
+ gem.name = "threatexpert"
16
+ gem.homepage = "http://github.com/chrislee35/threatexpert"
17
+ gem.license = "MIT"
18
+ gem.summary = %Q{Allows for malware name and md5 hash searching of, and malware submission to ThreatExpert.com.}
19
+ gem.description = %Q{Provides a simple API to query ThreatExpert by malware name (to receive a list of matching hashes) or hash (to receive a malware report). This also provides a simple upload feature.}
20
+ gem.email = "rubygems@chrislee.dhs.org"
21
+ gem.authors = ["Chris Lee"]
22
+ gem.add_runtime_dependency "nokogiri", ">= 1.4.4"
23
23
  gem.add_runtime_dependency "multipart-post", ">= 1.1.0"
24
+ gem.add_runtime_dependency "crack", ">= 0.1.8"
24
25
  end
25
26
  Jeweler::RubygemsDotOrgTasks.new
26
27
 
27
28
  require 'rake/testtask'
28
29
  Rake::TestTask.new(:test) do |test|
29
- test.libs << 'lib' << 'test'
30
- test.pattern = 'test/**/test_*.rb'
31
- test.verbose = true
30
+ test.libs << 'lib' << 'test'
31
+ test.pattern = 'test/**/test_*.rb'
32
+ test.verbose = true
32
33
  end
33
34
 
34
35
  require 'rcov/rcovtask'
35
36
  Rcov::RcovTask.new do |test|
36
- test.libs << 'test'
37
- test.pattern = 'test/**/test_*.rb'
38
- test.verbose = true
37
+ test.libs << 'test'
38
+ test.pattern = 'test/**/test_*.rb'
39
+ test.verbose = true
39
40
  end
40
41
 
41
42
  task :default => :test
42
43
 
43
44
  require 'rake/rdoctask'
44
45
  Rake::RDocTask.new do |rdoc|
45
- version = File.exist?('VERSION') ? File.read('VERSION') : ""
46
+ version = File.exist?('VERSION') ? File.read('VERSION') : ""
46
47
 
47
- rdoc.rdoc_dir = 'rdoc'
48
- rdoc.title = "threatexpert #{version}"
49
- rdoc.rdoc_files.include('README*')
50
- rdoc.rdoc_files.include('lib/**/*.rb')
48
+ rdoc.rdoc_dir = 'rdoc'
49
+ rdoc.title = "threatexpert #{version}"
50
+ rdoc.rdoc_files.include('README*')
51
+ rdoc.rdoc_files.include('lib/**/*.rb')
51
52
  end
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.0
1
+ 0.2.0
@@ -1,4 +1,5 @@
1
1
  require 'nokogiri'
2
+ require 'crack'
2
3
  require 'open-uri'
3
4
 
4
5
  module ThreatExpert
@@ -8,7 +9,7 @@ module ThreatExpert
8
9
  end
9
10
 
10
11
  def md5(hash)
11
- url = @@baseurl+"/report.aspx?md5=#{hash}"
12
+ url = @@baseurl+"/report.aspx?md5=#{hash}&xml=1"
12
13
  _parse_report(url)
13
14
  end
14
15
 
@@ -36,10 +37,8 @@ module ThreatExpert
36
37
 
37
38
  def _parse_report(page)
38
39
  page = open(page).read
39
- return nil unless page =~ /Submission Summary:/
40
- n = Nokogiri::HTML.parse(page)
41
- ul = n.xpath('//ul')
42
- t = ul.to_s.gsub(/<img.*?>/,'')
40
+ return nil if page =~ /<status>not_found<\/status>/
41
+ Crack::XML.parse(page)
43
42
  end
44
43
  end
45
44
  end
@@ -3,9 +3,16 @@ require 'pp'
3
3
  class TestThreatexpert < Test::Unit::TestCase
4
4
  should "parse the page for 70cf23409191820593022ca797fbcbd0" do
5
5
  t = ThreatExpert::Search.new
6
- html = t.md5("70cf23409191820593022ca797fbcbd0")
7
- assert_not_nil(html)
8
- puts html
6
+ data = t.md5("70cf23409191820593022ca797fbcbd0")
7
+ assert_not_nil(data)
8
+ assert_equal("ThreatExpert Report", data['report']['title'])
9
+ assert_not_nil(data['report']['subreports'])
10
+ assert_not_nil(data['report']['subreports']['subreport'])
11
+ assert_not_nil(data['report']['subreports']['subreport']['technical_details'])
12
+ assert_not_nil(data['report']['subreports']['subreport']['technical_details']['known_threat_category_collection'])
13
+ assert_not_nil(data['report']['subreports']['subreport']['technical_details']['known_threat_category_collection']['known_threat_category'])
14
+ assert_not_nil(data['report']['subreports']['subreport']['technical_details']['known_threat_category_collection']['known_threat_category'][0])
15
+ assert_equal("Backdoor", data['report']['subreports']['subreport']['technical_details']['known_threat_category_collection']['known_threat_category'][0]['name'])
9
16
  end
10
17
 
11
18
  should "return nil for 70cf23409191820593022ca797fbcbd1" do
@@ -0,0 +1,83 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{threatexpert}
8
+ s.version = "0.2.0"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["Chris Lee"]
12
+ s.date = %q{2011-05-05}
13
+ s.description = %q{Provides a simple API to query ThreatExpert by malware name (to receive a list of matching hashes) or hash (to receive a malware report). This also provides a simple upload feature.}
14
+ s.email = %q{rubygems@chrislee.dhs.org}
15
+ s.extra_rdoc_files = [
16
+ "LICENSE.txt",
17
+ "README.rdoc"
18
+ ]
19
+ s.files = [
20
+ ".document",
21
+ "Gemfile",
22
+ "Gemfile.lock",
23
+ "LICENSE.txt",
24
+ "README.rdoc",
25
+ "Rakefile",
26
+ "VERSION",
27
+ "lib/threatexpert.rb",
28
+ "lib/threatexpert/search.rb",
29
+ "lib/threatexpert/submit.rb",
30
+ "test/helper.rb",
31
+ "test/test_threatexpert.rb",
32
+ "threatexpert.gemspec"
33
+ ]
34
+ s.homepage = %q{http://github.com/chrislee35/threatexpert}
35
+ s.licenses = ["MIT"]
36
+ s.require_paths = ["lib"]
37
+ s.rubygems_version = %q{1.7.2}
38
+ s.summary = %q{Allows for malware name and md5 hash searching of, and malware submission to ThreatExpert.com.}
39
+ s.test_files = [
40
+ "test/helper.rb",
41
+ "test/test_threatexpert.rb"
42
+ ]
43
+
44
+ if s.respond_to? :specification_version then
45
+ s.specification_version = 3
46
+
47
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
48
+ s.add_runtime_dependency(%q<nokogiri>, [">= 1.4.4"])
49
+ s.add_runtime_dependency(%q<multipart-post>, [">= 1.1.0"])
50
+ s.add_runtime_dependency(%q<crack>, [">= 0.1.8"])
51
+ s.add_development_dependency(%q<shoulda>, [">= 0"])
52
+ s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
53
+ s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
54
+ s.add_development_dependency(%q<rcov>, [">= 0"])
55
+ s.add_runtime_dependency(%q<nokogiri>, [">= 1.4.4"])
56
+ s.add_runtime_dependency(%q<multipart-post>, [">= 1.1.0"])
57
+ s.add_runtime_dependency(%q<crack>, [">= 0.1.8"])
58
+ else
59
+ s.add_dependency(%q<nokogiri>, [">= 1.4.4"])
60
+ s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
61
+ s.add_dependency(%q<crack>, [">= 0.1.8"])
62
+ s.add_dependency(%q<shoulda>, [">= 0"])
63
+ s.add_dependency(%q<bundler>, ["~> 1.0.0"])
64
+ s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
65
+ s.add_dependency(%q<rcov>, [">= 0"])
66
+ s.add_dependency(%q<nokogiri>, [">= 1.4.4"])
67
+ s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
68
+ s.add_dependency(%q<crack>, [">= 0.1.8"])
69
+ end
70
+ else
71
+ s.add_dependency(%q<nokogiri>, [">= 1.4.4"])
72
+ s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
73
+ s.add_dependency(%q<crack>, [">= 0.1.8"])
74
+ s.add_dependency(%q<shoulda>, [">= 0"])
75
+ s.add_dependency(%q<bundler>, ["~> 1.0.0"])
76
+ s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
77
+ s.add_dependency(%q<rcov>, [">= 0"])
78
+ s.add_dependency(%q<nokogiri>, [">= 1.4.4"])
79
+ s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
80
+ s.add_dependency(%q<crack>, [">= 0.1.8"])
81
+ end
82
+ end
83
+
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: threatexpert
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
4
+ hash: 23
5
5
  prerelease:
6
6
  segments:
7
7
  - 0
8
- - 1
8
+ - 2
9
9
  - 0
10
- version: 0.1.0
10
+ version: 0.2.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Chris Lee
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-04-27 00:00:00 Z
18
+ date: 2011-05-05 00:00:00 Z
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
21
21
  version_requirements: &id001 !ruby/object:Gem::Requirement
@@ -51,6 +51,22 @@ dependencies:
51
51
  type: :runtime
52
52
  - !ruby/object:Gem::Dependency
53
53
  version_requirements: &id003 !ruby/object:Gem::Requirement
54
+ none: false
55
+ requirements:
56
+ - - ">="
57
+ - !ruby/object:Gem::Version
58
+ hash: 11
59
+ segments:
60
+ - 0
61
+ - 1
62
+ - 8
63
+ version: 0.1.8
64
+ requirement: *id003
65
+ prerelease: false
66
+ name: crack
67
+ type: :runtime
68
+ - !ruby/object:Gem::Dependency
69
+ version_requirements: &id004 !ruby/object:Gem::Requirement
54
70
  none: false
55
71
  requirements:
56
72
  - - ">="
@@ -59,12 +75,12 @@ dependencies:
59
75
  segments:
60
76
  - 0
61
77
  version: "0"
62
- requirement: *id003
78
+ requirement: *id004
63
79
  prerelease: false
64
80
  name: shoulda
65
81
  type: :development
66
82
  - !ruby/object:Gem::Dependency
67
- version_requirements: &id004 !ruby/object:Gem::Requirement
83
+ version_requirements: &id005 !ruby/object:Gem::Requirement
68
84
  none: false
69
85
  requirements:
70
86
  - - ~>
@@ -75,12 +91,12 @@ dependencies:
75
91
  - 0
76
92
  - 0
77
93
  version: 1.0.0
78
- requirement: *id004
94
+ requirement: *id005
79
95
  prerelease: false
80
96
  name: bundler
81
97
  type: :development
82
98
  - !ruby/object:Gem::Dependency
83
- version_requirements: &id005 !ruby/object:Gem::Requirement
99
+ version_requirements: &id006 !ruby/object:Gem::Requirement
84
100
  none: false
85
101
  requirements:
86
102
  - - ~>
@@ -91,12 +107,12 @@ dependencies:
91
107
  - 5
92
108
  - 2
93
109
  version: 1.5.2
94
- requirement: *id005
110
+ requirement: *id006
95
111
  prerelease: false
96
112
  name: jeweler
97
113
  type: :development
98
114
  - !ruby/object:Gem::Dependency
99
- version_requirements: &id006 !ruby/object:Gem::Requirement
115
+ version_requirements: &id007 !ruby/object:Gem::Requirement
100
116
  none: false
101
117
  requirements:
102
118
  - - ">="
@@ -105,12 +121,12 @@ dependencies:
105
121
  segments:
106
122
  - 0
107
123
  version: "0"
108
- requirement: *id006
124
+ requirement: *id007
109
125
  prerelease: false
110
126
  name: rcov
111
127
  type: :development
112
128
  - !ruby/object:Gem::Dependency
113
- version_requirements: &id007 !ruby/object:Gem::Requirement
129
+ version_requirements: &id008 !ruby/object:Gem::Requirement
114
130
  none: false
115
131
  requirements:
116
132
  - - ">="
@@ -121,12 +137,12 @@ dependencies:
121
137
  - 4
122
138
  - 4
123
139
  version: 1.4.4
124
- requirement: *id007
140
+ requirement: *id008
125
141
  prerelease: false
126
142
  name: nokogiri
127
143
  type: :runtime
128
144
  - !ruby/object:Gem::Dependency
129
- version_requirements: &id008 !ruby/object:Gem::Requirement
145
+ version_requirements: &id009 !ruby/object:Gem::Requirement
130
146
  none: false
131
147
  requirements:
132
148
  - - ">="
@@ -137,10 +153,26 @@ dependencies:
137
153
  - 1
138
154
  - 0
139
155
  version: 1.1.0
140
- requirement: *id008
156
+ requirement: *id009
141
157
  prerelease: false
142
158
  name: multipart-post
143
159
  type: :runtime
160
+ - !ruby/object:Gem::Dependency
161
+ version_requirements: &id010 !ruby/object:Gem::Requirement
162
+ none: false
163
+ requirements:
164
+ - - ">="
165
+ - !ruby/object:Gem::Version
166
+ hash: 11
167
+ segments:
168
+ - 0
169
+ - 1
170
+ - 8
171
+ version: 0.1.8
172
+ requirement: *id010
173
+ prerelease: false
174
+ name: crack
175
+ type: :runtime
144
176
  description: Provides a simple API to query ThreatExpert by malware name (to receive a list of matching hashes) or hash (to receive a malware report). This also provides a simple upload feature.
145
177
  email: rubygems@chrislee.dhs.org
146
178
  executables: []
@@ -163,6 +195,7 @@ files:
163
195
  - lib/threatexpert/submit.rb
164
196
  - test/helper.rb
165
197
  - test/test_threatexpert.rb
198
+ - threatexpert.gemspec
166
199
  homepage: http://github.com/chrislee35/threatexpert
167
200
  licenses:
168
201
  - MIT