threatexpert 0.1.0 → 0.2.0

data/Gemfile

@@ -3,6 +3,7 @@ source "http://rubygems.org"
 # Example:
 gem "nokogiri", ">= 1.4.4"
 gem "multipart-post", ">= 1.1.0"
+gem "crack", ">= 0.1.8"
 
 # Add dependencies to develop your gem here.
 # Include everything needed to run rake, tests, features, etc.

data/Gemfile.lock

@@ -1,6 +1,7 @@
 GEM
   remote: http://rubygems.org/
   specs:
+    crack (0.1.8)
     git (1.2.5)
     jeweler (1.5.2)
       bundler (~> 1.0.0)
@@ -17,6 +18,7 @@ PLATFORMS
 
 DEPENDENCIES
   bundler (~> 1.0.0)
+  crack (>= 0.1.8)
   jeweler (~> 1.5.2)
   multipart-post (>= 1.1.0)
   nokogiri (>= 1.4.4)

data/README.rdoc

@@ -2,14 +2,13 @@
 
 The threatexpert gem provides a simple API to query ThreatExpert by malware name (to receive a list of matching hashes) or hash (to receive a malware report).  This also provides a simple upload feature.
 
-require 'threatexpert'
-
-t = ThreatExpert::Search.new
-hashes = t.name("Worm.Hamweg.Gen")
-html = t.md5(hashes[0])
-sb = ThreatExpert::Submit.new
-filename = "/malware_share/downadup/62c6c217e7980e53aa3b234e19a5a25e.dll"
-sb.submit(filename, youremailhere)
+  require 'threatexpert'
+  t = ThreatExpert::Search.new
+  hashes = t.name("Worm.Hamweg.Gen")
+  html = t.md5(hashes[0])
+  sb = ThreatExpert::Submit.new
+  filename = "/malware_share/downadup/62c6c217e7980e53aa3b234e19a5a25e.dll"
+  sb.submit(filename, youremailhere)
 
 == Contributing to threatexpert
  

data/Rakefile

@@ -1,51 +1,52 @@
 require 'rubygems'
 require 'bundler'
 begin
-  Bundler.setup(:default, :development)
+	Bundler.setup(:default, :development)
 rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
+	$stderr.puts e.message
+	$stderr.puts "Run `bundle install` to install missing gems"
+	exit e.status_code
 end
 require 'rake'
 
 require 'jeweler'
 Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "threatexpert"
-  gem.homepage = "http://github.com/chrislee35/threatexpert"
-  gem.license = "MIT"
-  gem.summary = %Q{Allows for malware name and md5 hash searching of, and malware submission to ThreatExpert.com.}
-  gem.description = %Q{Provides a simple API to query ThreatExpert by malware name (to receive a list of matching hashes) or hash (to receive a malware report).  This also provides a simple upload feature.}
-  gem.email = "rubygems@chrislee.dhs.org"
-  gem.authors = ["Chris Lee"]
-  gem.add_runtime_dependency "nokogiri", ">= 1.4.4"
+	# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+	gem.name = "threatexpert"
+	gem.homepage = "http://github.com/chrislee35/threatexpert"
+	gem.license = "MIT"
+	gem.summary = %Q{Allows for malware name and md5 hash searching of, and malware submission to ThreatExpert.com.}
+	gem.description = %Q{Provides a simple API to query ThreatExpert by malware name (to receive a list of matching hashes) or hash (to receive a malware report).  This also provides a simple upload feature.}
+	gem.email = "rubygems@chrislee.dhs.org"
+	gem.authors = ["Chris Lee"]
+	gem.add_runtime_dependency "nokogiri", ">= 1.4.4"
 	gem.add_runtime_dependency "multipart-post", ">= 1.1.0"
+	gem.add_runtime_dependency "crack", ">= 0.1.8"
 end
 Jeweler::RubygemsDotOrgTasks.new
 
 require 'rake/testtask'
 Rake::TestTask.new(:test) do |test|
-  test.libs << 'lib' << 'test'
-  test.pattern = 'test/**/test_*.rb'
-  test.verbose = true
+	test.libs << 'lib' << 'test'
+	test.pattern = 'test/**/test_*.rb'
+	test.verbose = true
 end
 
 require 'rcov/rcovtask'
 Rcov::RcovTask.new do |test|
-  test.libs << 'test'
-  test.pattern = 'test/**/test_*.rb'
-  test.verbose = true
+	test.libs << 'test'
+	test.pattern = 'test/**/test_*.rb'
+	test.verbose = true
 end
 
 task :default => :test
 
 require 'rake/rdoctask'
 Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+	version = File.exist?('VERSION') ? File.read('VERSION') : ""
 
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "threatexpert #{version}"
-  rdoc.rdoc_files.include('README*')
-  rdoc.rdoc_files.include('lib/**/*.rb')
+	rdoc.rdoc_dir = 'rdoc'
+	rdoc.title = "threatexpert #{version}"
+	rdoc.rdoc_files.include('README*')
+	rdoc.rdoc_files.include('lib/**/*.rb')
 end

data/VERSION

@@ -1 +1 @@
-0.1.0
+0.2.0

data/lib/threatexpert/search.rb

@@ -1,4 +1,5 @@
 require 'nokogiri'
+require 'crack'
 require 'open-uri'
 
 module ThreatExpert
@@ -8,7 +9,7 @@ module ThreatExpert
 		end
 		
 		def md5(hash)
-			url = @@baseurl+"/report.aspx?md5=#{hash}"
+			url = @@baseurl+"/report.aspx?md5=#{hash}&xml=1"
 			_parse_report(url)
 		end
 		
@@ -36,10 +37,8 @@ module ThreatExpert
 		
 		def _parse_report(page)
 			page = open(page).read
-			return nil unless page =~ /Submission Summary:/
-			n = Nokogiri::HTML.parse(page)
-			ul = n.xpath('//ul')
-			t = ul.to_s.gsub(/<img.*?>/,'')
+			return nil if page =~ /<status>not_found<\/status>/
+			Crack::XML.parse(page)
 		end
 	end
 end

data/test/test_threatexpert.rb

@@ -3,9 +3,16 @@ require 'pp'
 class TestThreatexpert < Test::Unit::TestCase
 	should "parse the page for 70cf23409191820593022ca797fbcbd0" do
 		t = ThreatExpert::Search.new
-		html = t.md5("70cf23409191820593022ca797fbcbd0")
-		assert_not_nil(html)
-		puts html
+		data = t.md5("70cf23409191820593022ca797fbcbd0")
+		assert_not_nil(data)
+		assert_equal("ThreatExpert Report", data['report']['title'])
+		assert_not_nil(data['report']['subreports'])
+		assert_not_nil(data['report']['subreports']['subreport'])
+		assert_not_nil(data['report']['subreports']['subreport']['technical_details'])
+		assert_not_nil(data['report']['subreports']['subreport']['technical_details']['known_threat_category_collection'])
+		assert_not_nil(data['report']['subreports']['subreport']['technical_details']['known_threat_category_collection']['known_threat_category'])
+		assert_not_nil(data['report']['subreports']['subreport']['technical_details']['known_threat_category_collection']['known_threat_category'][0])
+		assert_equal("Backdoor", data['report']['subreports']['subreport']['technical_details']['known_threat_category_collection']['known_threat_category'][0]['name'])
 	end
 	
 	should "return nil for 70cf23409191820593022ca797fbcbd1" do

data/threatexpert.gemspec

@@ -0,0 +1,83 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{threatexpert}
+  s.version = "0.2.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Chris Lee"]
+  s.date = %q{2011-05-05}
+  s.description = %q{Provides a simple API to query ThreatExpert by malware name (to receive a list of matching hashes) or hash (to receive a malware report).  This also provides a simple upload feature.}
+  s.email = %q{rubygems@chrislee.dhs.org}
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "lib/threatexpert.rb",
+    "lib/threatexpert/search.rb",
+    "lib/threatexpert/submit.rb",
+    "test/helper.rb",
+    "test/test_threatexpert.rb",
+    "threatexpert.gemspec"
+  ]
+  s.homepage = %q{http://github.com/chrislee35/threatexpert}
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.7.2}
+  s.summary = %q{Allows for malware name and md5 hash searching of, and malware submission to ThreatExpert.com.}
+  s.test_files = [
+    "test/helper.rb",
+    "test/test_threatexpert.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<nokogiri>, [">= 1.4.4"])
+      s.add_runtime_dependency(%q<multipart-post>, [">= 1.1.0"])
+      s.add_runtime_dependency(%q<crack>, [">= 0.1.8"])
+      s.add_development_dependency(%q<shoulda>, [">= 0"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_development_dependency(%q<rcov>, [">= 0"])
+      s.add_runtime_dependency(%q<nokogiri>, [">= 1.4.4"])
+      s.add_runtime_dependency(%q<multipart-post>, [">= 1.1.0"])
+      s.add_runtime_dependency(%q<crack>, [">= 0.1.8"])
+    else
+      s.add_dependency(%q<nokogiri>, [">= 1.4.4"])
+      s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
+      s.add_dependency(%q<crack>, [">= 0.1.8"])
+      s.add_dependency(%q<shoulda>, [">= 0"])
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_dependency(%q<rcov>, [">= 0"])
+      s.add_dependency(%q<nokogiri>, [">= 1.4.4"])
+      s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
+      s.add_dependency(%q<crack>, [">= 0.1.8"])
+    end
+  else
+    s.add_dependency(%q<nokogiri>, [">= 1.4.4"])
+    s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
+    s.add_dependency(%q<crack>, [">= 0.1.8"])
+    s.add_dependency(%q<shoulda>, [">= 0"])
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+    s.add_dependency(%q<rcov>, [">= 0"])
+    s.add_dependency(%q<nokogiri>, [">= 1.4.4"])
+    s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
+    s.add_dependency(%q<crack>, [">= 0.1.8"])
+  end
+end
+

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: threatexpert
 version: !ruby/object:Gem::Version 
-  hash: 27
+  hash: 23
   prerelease: 
   segments: 
   - 0
-  - 1
+  - 2
   - 0
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors: 
 - Chris Lee
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-04-27 00:00:00 Z
+date: 2011-05-05 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   version_requirements: &id001 !ruby/object:Gem::Requirement 
@@ -51,6 +51,22 @@ dependencies:
   type: :runtime
 - !ruby/object:Gem::Dependency 
   version_requirements: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 11
+        segments: 
+        - 0
+        - 1
+        - 8
+        version: 0.1.8
+  requirement: *id003
+  prerelease: false
+  name: crack
+  type: :runtime
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -59,12 +75,12 @@ dependencies:
         segments: 
         - 0
         version: "0"
-  requirement: *id003
+  requirement: *id004
   prerelease: false
   name: shoulda
   type: :development
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -75,12 +91,12 @@ dependencies:
         - 0
         - 0
         version: 1.0.0
-  requirement: *id004
+  requirement: *id005
   prerelease: false
   name: bundler
   type: :development
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -91,12 +107,12 @@ dependencies:
         - 5
         - 2
         version: 1.5.2
-  requirement: *id005
+  requirement: *id006
   prerelease: false
   name: jeweler
   type: :development
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: &id007 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -105,12 +121,12 @@ dependencies:
         segments: 
         - 0
         version: "0"
-  requirement: *id006
+  requirement: *id007
   prerelease: false
   name: rcov
   type: :development
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id007 !ruby/object:Gem::Requirement 
+  version_requirements: &id008 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -121,12 +137,12 @@ dependencies:
         - 4
         - 4
         version: 1.4.4
-  requirement: *id007
+  requirement: *id008
   prerelease: false
   name: nokogiri
   type: :runtime
 - !ruby/object:Gem::Dependency 
-  version_requirements: &id008 !ruby/object:Gem::Requirement 
+  version_requirements: &id009 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -137,10 +153,26 @@ dependencies:
         - 1
         - 0
         version: 1.1.0
-  requirement: *id008
+  requirement: *id009
   prerelease: false
   name: multipart-post
   type: :runtime
+- !ruby/object:Gem::Dependency 
+  version_requirements: &id010 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 11
+        segments: 
+        - 0
+        - 1
+        - 8
+        version: 0.1.8
+  requirement: *id010
+  prerelease: false
+  name: crack
+  type: :runtime
 description: Provides a simple API to query ThreatExpert by malware name (to receive a list of matching hashes) or hash (to receive a malware report).  This also provides a simple upload feature.
 email: rubygems@chrislee.dhs.org
 executables: []
@@ -163,6 +195,7 @@ files:
 - lib/threatexpert/submit.rb
 - test/helper.rb
 - test/test_threatexpert.rb
+- threatexpert.gemspec
 homepage: http://github.com/chrislee35/threatexpert
 licenses: 
 - MIT