virus_total 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 4cd640a88172cb1d3cd160a5be4ef045d36f4125
+  data.tar.gz: 0074bf1f636a55c21c8bdab4300ba496cbadbda1
+SHA512:
+  metadata.gz: 1b9ea12c003845bb2c1922c67cae1c8fa18a1951073360706da6f86167ff9ea01c20e5bf455ef360f8dbfbe917ebf585398439f8a98b75c2d8e2f29d8c1d4f69
+  data.tar.gz: 505752f17dae22f2a85128bd27fb177b282a32f45f700d85acfe9c876dd2f7d2f67439197cd024a2db0bef480b8b687d70f58317fb4ced50bfc9215175461094

data/.gitignore

@@ -0,0 +1,16 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+*.gem
+mkmf.log
+

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in virus_total.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Andrii Saichuk
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,98 @@
+# VirusTotal
+[![Gem Version](https://badge.fury.io/rb/virus_total.svg)](http://badge.fury.io/rb/virus_total)
+[![Code Climate](https://codeclimate.com/github/rubycop/virus_total/badges/gpa.svg)](https://codeclimate.com/github/rubycop/virus_total)
+
+####Ruby gem for VirusTotal API v2.0
+
+API page: https://www.virustotal.com/en/documentation/public-api
+
+VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'virus_total'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install virus_total
+
+## Usage
+### Scanning Url
+```ruby
+# initialize
+url = VirusTotal::Url.new("https://www.example.com", "-- PUBLIC API KEY --")
+
+url.scan   # response from POST "url/scan"
+url.report # response from POST "url/report"
+```
+### Scanning File
+```ruby
+# initialize
+file = VirusTotal::File.new("path/to/file", "-- PUBLIC API KEY --")
+
+file.scan   # response from POST "file/scan"
+file.report # response from POST "file/report"
+file.rescan # response from POST "file/rescan"
+```
+
+#### Parse response string
+```ruby
+# for example url.report
+response = url.report
+parser = Parser.new(response)
+# <VirusTotal::Parser:0x0000000252eac0 @json_resp={
+# "permalink"=>"https://www.virustotal.com/url/.../",
+# "resource"=>"https://www.example.com",...,
+# "scans"=>{"CLEAN MX"=>{"detected"=>true, "result"=>"clean site"},...}}>
+
+parser.response_code #=> 1: OK, 0: result doesn't exist, -2: still queued
+
+# general info from response
+parser.info          #=> {"permalink"=>"https://www.virustotal.com/url/.../", "resource"=>"..."}
+
+# scanning info
+parser.scans         #=> {"CLEAN MX"=>{"detected"=>true, "result"=>"clean site"},...}
+
+# information about positive threats
+parser.dangers       #=> {"CLEAN MX"=>{"detected"=>true, "result"=>"clean site"}}
+
+# antiviruses which found positive threats
+parser.danger_brands #=> ["CLEAN MX"]
+```
+Also we can get any key/value pair from response hash. If key (it is a string) from response has a whitespaces use underscore between words.
+```ruby
+parser.scans.CLEAN_MX          #=> {"detected"=>true, "result"=>"clean site"}
+parser.scans.CLEAN_MX.detected #=> true
+```
+### Implemented but not testing yet (needs a private apikey)
+#### Scanning IP-Address
+```ruby
+# initialize
+ip = VirusTotal::Ip.new("1.1.1.1", "-- PRIVATE API KEY--")
+
+ip.report # response from GET "ip-address/report"
+```
+#### Scanning Domain
+```ruby
+# initialize
+domain = VirusTotal::Domain.new("example.com", "-- PRIVATE API KEY--")
+
+domain.report # response from GET "domain/report"
+```
+### Unsupported
+* "comments/puts"
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/lib/core_extensions.rb

@@ -0,0 +1,23 @@
+class Array
+  def to_str(spliter = ", ")
+    join(spliter)
+  end
+end
+
+class String
+  def to_str(*args)
+    self
+  end
+end
+
+class Hash
+  def except_key(hash_key)
+    tap { |hash| hash.delete(hash_key) }
+  end
+
+  def method_missing(name, *args)
+    name = name.to_s
+    name.gsub!("_", " ")
+    self[name]
+  end
+end

data/lib/virus_total/base.rb

@@ -0,0 +1,36 @@
+require 'rest-client'
+
+module VirusTotal
+  class Base
+    BASE_URL = "https://www.virustotal.com/vtapi/v2/"
+
+    attr_reader :apikey, :resource
+
+    def initialize(resources, apikey)
+      @resource = resources
+      @apikey   = apikey
+    end
+
+    def api_response(url, params = {})
+      full_url = BASE_URL + url
+      params = default_params.merge(params)
+
+      api_request(full_url, params)
+    end
+
+    private
+
+    def default_params
+      { 'apikey' => @apikey, method: :post }
+    end
+
+    def api_request(url, params)
+      RestClient.send(params[:method], url, params) do |resp, req, result, &block|
+        raise ExceedApiLimitError if resp.code == 204
+        raise AuthError           if resp.code == 403
+
+        resp.return!(req, result, &block)
+      end
+    end
+  end
+end

data/lib/virus_total/domain.rb

@@ -0,0 +1,8 @@
+module VirusTotal
+  # to use this feature you must have a private apikey!
+  class Domain < Base
+    def report
+      api_response('domain/report', resource: @resource.to_str, method: :get)
+    end
+  end
+end

data/lib/virus_total/exception.rb

@@ -0,0 +1,13 @@
+module VirusTotal
+  # Whenever you exceed the public API request rate limit
+  # a 204 HTTP status code is returned.
+  class ExceedApiLimitError < StandardError
+    def message; "you exceed the public API request rate limit"; end
+  end
+
+  # If you try to perform calls to functions for which you do not have
+  # the required privileges an HTTP Error 403 Forbidden is raised
+  class AuthError < StandardError
+    def message; "you do not have the required priviledges"; end
+  end
+end

data/lib/virus_total/file.rb

@@ -0,0 +1,23 @@
+module VirusTotal
+  class File < Base
+    def scan
+      api_response('file/scan', file: get_file, multipart: true)
+    end
+
+    def rescan
+      api_response('file/rescan', resource: @resource.to_str)
+    end
+
+    def report
+      api_response('file/report', resource: @resource.to_str)
+    end
+
+    private
+
+    def get_file
+      tmp = Tempfile.open('tmp')
+      tmp.write(IO::File.read(@resource.to_str))
+      tmp
+    end
+  end
+end

data/lib/virus_total/ip.rb

@@ -0,0 +1,8 @@
+module VirusTotal
+  # to use this feature you must have a private apikey!
+  class Ip < Base
+    def report
+      api_response('ip-address/report', resource: @resource.to_str, method: :get)
+    end
+  end
+end

data/lib/virus_total/parser.rb

@@ -0,0 +1,38 @@
+require 'json'
+
+module VirusTotal
+  class Parser
+
+    attr_reader :response
+
+    def initialize(resp)
+      @response = JSON.parse(resp)
+    end
+
+    def info
+      @response.except_key("scans")
+    end
+
+    def dangers
+      scans = @response.scans
+      return {} unless scans
+
+      dangers = {}
+      scans.each_pair do |key, hash|
+        next unless hash.detected
+
+        dangers.merge!({ key => hash })
+      end
+
+      dangers
+    end
+
+    def danger_brands
+      dangers.keys
+    end
+
+    def method_missing(name, *args)
+      @response[name.to_s]
+    end
+  end
+end

data/lib/virus_total/url.rb

@@ -0,0 +1,11 @@
+module VirusTotal
+  class Url < Base
+    def scan
+      api_response("url/scan", url: @resource.to_str("\n"))
+    end
+
+    def report
+      api_response("url/report", resource: @resource.to_str)
+    end
+  end
+end

data/lib/virus_total/version.rb

@@ -0,0 +1,3 @@
+module VirusTotal
+  VERSION = "0.0.2"
+end

data/lib/virus_total.rb

@@ -0,0 +1,9 @@
+require "core_extensions"
+require "virus_total/base"
+require "virus_total/url"
+require "virus_total/file"
+require "virus_total/ip"
+require "virus_total/domain"
+require "virus_total/parser"
+require "virus_total/exception"
+require "virus_total/version"

data/spec/shared_examples_spec.rb

@@ -0,0 +1,18 @@
+shared_examples_for 'single resource' do
+  let(:response) { JSON.parse(subject) }
+
+  it 'should returns correct response' do
+    response.should be_a_kind_of(Hash)
+  end
+end
+
+shared_examples_for 'multiply resources' do
+  let(:response) { JSON.parse(subject) }
+
+  it 'should returns correct response' do
+    response.should be_a_kind_of(Array)
+    response.each do |item|
+      item.should be_a_kind_of(Hash)
+    end
+  end
+end

data/spec/virus_total/base_spec.rb

@@ -0,0 +1,26 @@
+require "virus_total"
+
+describe VirusTotal::Base do
+  let(:resource_param) { "first, second" }
+  let(:resource) { base.instance_variable_get("@resource") }
+  let(:base) { VirusTotal::Base.new(resource_param, "invalid_key") }
+
+  it "raises AuthError "\
+     "if you do not have the required priviledges" do
+    expect { base.api_response("url/scan") }.
+      to raise_error(VirusTotal::AuthError)
+  end
+
+  context "for resource parameter" do
+    it "returns resource correctly" do
+      resource.to_str.should == "first, second"
+    end
+
+    let(:resource_param) { ["first", "second"] }
+
+    it "split resources array correctly" do
+      resource.to_str.should == "first, second"
+      resource.to_str("\n").should == "first\nsecond"
+    end
+  end
+end

data/spec/virus_total/domain_spec.rb

@@ -0,0 +1,14 @@
+require "virus_total"
+
+# to use this feature you must have a private apikey!
+describe VirusTotal::Domain do
+  let(:api_key) { "--YOUR_PRIVATE_KEY--" }
+  let(:domain) { VirusTotal::Domain.new("heroku.com", api_key) }
+
+  skip "for single domain" do
+    context "for 'domain/report'" do
+      subject { domain.report }
+      it_should_behave_like 'single resource'
+    end
+  end
+end

data/spec/virus_total/file_spec.rb

@@ -0,0 +1,51 @@
+require "virus_total"
+
+describe VirusTotal::File do
+  let(:api_key) { "b9f4c087d347d244685fa1ba067b3863"\
+                  "59dd9f46e88558a3f95061e5d4673d5e" }
+  let(:resource) {
+      tmp = Tempfile.open('tmp')
+      tmp.write("some test data")
+      tmp.path
+  }
+  let(:file) { VirusTotal::File.new(resource, api_key) }
+
+  context "for single file" do
+
+    context "for 'file/scan'" do
+      subject { file.scan }
+      it_should_behave_like 'single resource'
+    end
+
+    context "for 'file/report'" do
+      let(:resource) { "da39a3ee5e6b4b0d3255bfef95601890afd80709" }
+
+      subject { file.report }
+      it_should_behave_like 'single resource'
+    end
+
+    context "for 'file/rescan'" do
+      let(:resource) { "da39a3ee5e6b4b0d3255bfef95601890afd80709" }
+
+      subject { file.rescan }
+      it_should_behave_like 'single resource'
+    end
+  end
+
+  context "for multiply files" do
+    let(:api_key) { "fd59ac48e3005fa3c5e3f08c06fe666b"\
+                    "998bf83cd14b6d9cefab9052b1ce76d5" }
+    let(:resource) { ["da39a3ee5e6b4b0d3255bfef95601890afd80709",
+                      "da39a3ee5e6b4b0d3255bfef95601890afd80709"] }
+
+    context "for 'file/report'" do
+      subject { file.report }
+      it_should_behave_like 'multiply resources'
+    end
+
+    context "for 'file/rescan'" do
+      subject { file.rescan }
+      it_should_behave_like 'multiply resources'
+    end
+  end
+end

data/spec/virus_total/ip_spec.rb

@@ -0,0 +1,14 @@
+require "virus_total"
+
+# to use this feature you must have a private apikey!
+describe VirusTotal::Ip do
+  let(:api_key) { "--YOUR_PRIVATE_KEY--" }
+  let(:ip) { VirusTotal::Ip.new("128.0.0.1", api_key) }
+
+  skip "for single ip address" do
+    context "for 'ip-address/report'" do
+      subject { ip.report }
+      it_should_behave_like 'single resource'
+    end
+  end
+end

data/spec/virus_total/parser_spec.rb

@@ -0,0 +1,49 @@
+require "virus_total"
+
+describe VirusTotal::Parser do
+  let(:response) {
+    "{\"permalink\":\"https://www.virustotal.com/url\","\
+    "\"resource\":\"https://www.example.com\","\
+    "\"response_code\":1,"\
+    "\"scans\":{\"CLEAN MX\":{\"detected\":true}}}"
+  }
+  let(:parser) { VirusTotal::Parser.new(response) }
+
+  it "parse response correctly" do
+    parser.instance_variable_get("@response").should_not be_nil
+  end
+
+  it "returns info correctly" do
+    parser.info.should_not match(/scans/)
+  end
+
+  it "returns dangers correctly" do
+    parser.dangers.should == {"CLEAN MX"=>{"detected"=>true}}
+  end
+
+  it "returns danger brands correctly" do
+    parser.danger_brands.should == ["CLEAN MX"]
+  end
+
+  it "returns hash value correctly" do
+    parser.response_code.should == 1
+  end
+end
+
+describe Hash do
+  let(:hash) { {"key1"=>"val1", "key2"=>{"key 3"=>"val3"}} }
+
+  it "returns hash value if we call method "\
+     "with the same name as a hash key" do
+    hash.key1.should == "val1"
+  end
+
+  it "uses method with double underscore "\
+     "if hash key with a space" do
+    hash.key2.key_3.should == "val3"
+  end
+
+  it "returns hash w/o key correctly" do
+    hash.except_key("key2").should == {"key1"=>"val1"}
+  end
+end

data/spec/virus_total/url_spec.rb

@@ -0,0 +1,40 @@
+require "virus_total"
+
+describe VirusTotal::Url do
+  let(:api_key) { "97bed3fb1eaf1d7e408d4f21735c26b0"\
+                  "8453bcf64957e3a370e6fb56133bfe60" }
+  let(:resource) { VirusTotal::Url.new(uri, api_key) }
+
+  context "for single url" do
+    let(:uri) { "https://www.google.com" }
+
+    context "for 'url/scan'" do
+      subject { resource.scan }
+      it_should_behave_like 'single resource'
+    end
+
+    context "for 'url/report'" do
+      subject { resource.report }
+      it_should_behave_like 'single resource'
+    end
+  end
+
+  context "for multiply urls" do
+    let(:api_key) { "b9f4c087d347d244685fa1ba067b3863"\
+                    "59dd9f46e88558a3f95061e5d4673d5e" }
+    let(:uri) {
+      ["http://www.google.com", "http://www.virustotal.com"]
+    }
+
+    context "for 'url/scan'" do
+      subject { resource.scan }
+      it_should_behave_like 'multiply resources'
+    end
+
+    # url/report not working for multiply urls.
+    skip "for 'url/report'" do
+      subject { resource.report }
+      it_should_behave_like 'multiply resources'
+    end
+  end
+end

data/virus_total.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'virus_total/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "virus_total"
+  spec.version       = VirusTotal::VERSION
+  spec.authors       = ["Rubycop"]
+  spec.email         = ["saychuk.andriy@gmail.com"]
+  spec.summary       = %q{gem for VirusTotal API version 2.0.}
+  spec.description   = %q{gem for VirusTotal API version 2.0.}
+  spec.homepage      = "https://github.com/rubycop/virus_total"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake",    "~> 10.0"
+  spec.add_development_dependency "rspec",   "~> 2.6"
+
+  spec.add_dependency "rest-client", "~> 1.6.7"
+end

metadata

@@ -0,0 +1,130 @@
+--- !ruby/object:Gem::Specification
+name: virus_total
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Rubycop
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-02-15 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+- !ruby/object:Gem::Dependency
+  name: rest-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.6.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.6.7
+description: gem for VirusTotal API version 2.0.
+email:
+- saychuk.andriy@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/core_extensions.rb
+- lib/virus_total.rb
+- lib/virus_total/base.rb
+- lib/virus_total/domain.rb
+- lib/virus_total/exception.rb
+- lib/virus_total/file.rb
+- lib/virus_total/ip.rb
+- lib/virus_total/parser.rb
+- lib/virus_total/url.rb
+- lib/virus_total/version.rb
+- spec/shared_examples_spec.rb
+- spec/virus_total/base_spec.rb
+- spec/virus_total/domain_spec.rb
+- spec/virus_total/file_spec.rb
+- spec/virus_total/ip_spec.rb
+- spec/virus_total/parser_spec.rb
+- spec/virus_total/url_spec.rb
+- virus_total.gemspec
+homepage: https://github.com/rubycop/virus_total
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: gem for VirusTotal API version 2.0.
+test_files:
+- spec/shared_examples_spec.rb
+- spec/virus_total/base_spec.rb
+- spec/virus_total/domain_spec.rb
+- spec/virus_total/file_spec.rb
+- spec/virus_total/ip_spec.rb
+- spec/virus_total/parser_spec.rb
+- spec/virus_total/url_spec.rb