virustotal_api 0.1.0 → 0.5.0

data/lib/virustotal_api.rb

@@ -1,8 +1,9 @@
-# encoding: utf-8
-require 'virustotal_api/domain_report'
-require 'virustotal_api/file_report'
-require 'virustotal_api/file_scan'
-require 'virustotal_api/ip_report'
-require 'virustotal_api/url_report'
+# frozen_string_literal: true
+
+require 'virustotal_api/analysis'
+require 'virustotal_api/domain'
+require 'virustotal_api/file'
+require 'virustotal_api/ip'
+require 'virustotal_api/url'
 require 'virustotal_api/uri'
 require 'virustotal_api/version'

data/lib/virustotal_api/analysis.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module VirustotalAPI
+  # A class for '/analyses' API
+  class Analysis < Base
+    attr_reader :report
+
+    # rubocop:disable Lint/MissingSuper
+    def initialize(report)
+      @report = report
+    end
+
+    # @param [String] id The Virustotal ID to get the report for.
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::IP] Report
+    def self.find(id, api_key)
+      report = perform("/analyses/#{id}", api_key)
+      new(report)
+    end
+  end
+end
+# rubocop:enable Lint/MissingSuper

data/lib/virustotal_api/base.rb

@@ -1,24 +1,62 @@
+# frozen_string_literal: true
+
+require 'virustotal_api/exceptions'
 require 'rest-client'
 require 'json'
+require 'base64'
 
+# The base VirustotalAPI module.
 module VirustotalAPI
+  # The base class implementing the raw calls to Virustotal API V3.
   class Base
+    attr_reader :report
+
+    def initialize(report)
+      @report = report
+    end
+
     # @return [String] string of API URI class method
     def self.api_uri
       VirustotalAPI::URI
     end
 
+    # The actual method performing a call to Virustotal
+    #
+    # @param [String] url The url of the API
+    # @param [String] api_key The key for virustotal
+    # @param [String] method The HTTP method to use
+    # @param [Hash] options Options to pass as payload
+    # @return [VirustotalAPI::Domain] Report Search Result
+    def self.perform(url, api_key, method = :get, options = {})
+      response = RestClient::Request.execute(
+        method: method,
+        url: api_uri + url,
+        headers: { 'x-apikey': api_key },
+        payload: options
+      )
+      JSON.parse(response.body)
+    rescue RestClient::NotFound
+      nil
+    rescue RestClient::Unauthorized
+      # Raise a custom exception not to expose the underlying
+      # HTTP client.
+      raise VirustotalAPI::Unauthorized
+    end
+
     # @return [String] string of API URI instance method
     def api_uri
       self.class.api_uri
     end
 
     # @return [Boolean] if report for resource exists
-    # 0 => not_present, 1 => exists, -1 => invalid_ip_address
     def exists?
-      response_code = report.fetch('response_code') { nil }
+      !report.empty?
+    end
 
-      response_code == 1 ? true : false
+    # Generate a URL identifier.
+    # @see https://developers.virustotal.com/v3.0/reference#url
+    def self.url_identifier(url)
+      Base64.encode64(url).strip.gsub('=', '')
     end
   end
 end

data/lib/virustotal_api/domain.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module VirustotalAPI
+  # A class for '/domains' API
+  class Domain < Base
+    # rubocop:disable Lint/UselessMethodDefinition
+    def initialize(report)
+      super(report)
+    end
+
+    # Find a domain.
+    #
+    # @param [String] domain The domain to search
+    # @param [String] api_key for virustotal
+    # @return [VirustotalAPI::Domain] Report Search Result
+    def self.find(domain, api_key)
+      report = perform("/domains/#{domain}", api_key)
+      new(report)
+    end
+  end
+end
+# rubocop:enable Lint/UselessMethodDefinition

data/lib/virustotal_api/exceptions.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module VirustotalAPI
+  class RateLimitError < RuntimeError
+  end
+
+  class Unauthorized < RuntimeError
+  end
+end

data/lib/virustotal_api/file.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module VirustotalAPI
+  # A class for '/files' API
+  class File < Base
+    attr_reader :id, :report_url
+
+    def initialize(report)
+      super(report)
+      @id = report&.dig('data', 'id')
+      @report_url = report&.dig('data', 'links', 'self')
+    end
+
+    # Find a hash.
+    #
+    # @param [String] resource file as a md5/sha1/sha256 hash
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::File] Report Search Result
+    def self.find(resource, api_key)
+      report = perform("/files/#{resource}", api_key)
+      new(report)
+    end
+
+    # Upload a new file.
+    #
+    # @param [String] file_path for file to be sent for scan
+    # @param [String] api_key The key for virustotal
+    # @param [Hash] opts hash for additional options
+    # @return [VirusotalAPI::File] Report
+    def self.upload(file_path, api_key, opts = {})
+      filename = opts.fetch('filename') { ::File.basename(file_path) }
+      report = perform('/files', api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
+      new(report)
+    end
+
+    # Analyse a hash again.
+    #
+    # @param [String] resource file as a md5/sha1/sha256 hash
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::File] Report
+    def self.analyse(resource, api_key)
+      report = perform("/files/#{resource}/analyse", api_key, :post)
+      new(report)
+    end
+
+    # Check if the submitted hash is detected by an AV engine.
+    #
+    # @param [String] engine The engine to check.
+    # @return [Boolean] true if detected
+    def detected_by(engine)
+      report['data']['attributes']['last_analysis_results'][engine]['category'] == 'harmless'
+    end
+  end
+end

data/lib/virustotal_api/ip.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module VirustotalAPI
+  # A class for '/ip_addresses' API
+  class IP < Base
+    # rubocop:disable Lint/UselessMethodDefinition
+    def initialize(report)
+      super(report)
+    end
+
+    # Find an IP.
+    #
+    # @param [String] ip address The IP to find.
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::IPReport] Report
+    def self.find(ip, api_key)
+      report = perform("/ip_addresses/#{ip}", api_key)
+      new(report)
+    end
+  end
+end
+# rubocop:enable Lint/UselessMethodDefinition

data/lib/virustotal_api/uri.rb

@@ -1,4 +1,6 @@
-# encoding: utf-8
+# frozen_string_literal: true
+
 module VirustotalAPI
-  URI = 'https://www.virustotal.com/vtapi/v2'
+  # The API base URI
+  URI = 'https://www.virustotal.com/api/v3'
 end

data/lib/virustotal_api/url.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module VirustotalAPI
+  # A class for '/urls' API
+  class URL < Base
+    attr_reader :report_url, :id
+
+    def initialize(report)
+      super(report)
+      @report_url = report&.dig('data', 'links', 'self')
+      @id = report&.dig('data', 'id')
+    end
+
+    # Find a URL.
+    #
+    # @param [String] resource as an ip/domain/url
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::URL] Report
+    def self.find(resource, api_key)
+      report = perform("/urls/#{url_identifier(resource)}", api_key)
+      new(report)
+    end
+
+    # Analyse a URL again.
+    #
+    # @param [String] resource as an ip/domain/url
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::URL] Report
+    def self.analyse(resource, api_key)
+      report = perform("/urls/#{url_identifier(resource)}/analyse", api_key, :post)
+      new(report)
+    end
+
+    # Upload a URL for detection.
+    #
+    # @param [String] resource as an ip/domain/url
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::URL] Report
+    def self.upload(resource, api_key)
+      report = perform('/urls', api_key, :post, url: resource)
+      new(report)
+    end
+  end
+end

data/lib/virustotal_api/version.rb

@@ -1,4 +1,6 @@
-# encoding: utf-8
+# frozen_string_literal: true
+
 module VirustotalAPI
-  VERSION = '0.1.0'
+  # The GEM version
+  VERSION = '0.5.0'
 end

data/test/analysis_test.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require './test/test_helper'
+
+class VirustotalAPIAnalysisTest < Minitest::Test
+  def setup
+    @url     = 'http://www.google.com'
+    @api_key = 'theapikey'
+  end
+
+  def test_todo
+    VCR.use_cassette('url_find') do
+      vtreport = VirustotalAPI::URL.find(@url, @api_key)
+      @id = vtreport.id
+      assert @id
+    end
+
+    VCR.use_cassette('analysis') do
+      analysis = VirustotalAPI::Analysis.find(@id, @api_key)
+      assert analysis.exists?
+    end
+  end
+end

data/test/base_test.rb

@@ -1,5 +1,5 @@
-# encoding: utf-8
-# rubocop:disable LineLength
+# frozen_string_literal: true
+
 require './test/test_helper'
 
 class VirustotalAPIBaseTest < Minitest::Test
@@ -13,28 +13,27 @@ class VirustotalAPIBaseTest < Minitest::Test
   end
 
   # Instance Method
-  def test_api_uri
-    base_uri = 'https://www.virustotal.com/vtapi/v2'
-    vt_base = VirustotalAPI::Base.new
+  def test_api_uri_instance_method
+    base_uri = 'https://www.virustotal.com/api/v3'
+    vt_base = VirustotalAPI::Base.new(nil)
 
     assert vt_base.api_uri.is_a?(String)
-    assert vt_base.api_uri, base_uri
+    assert_equal base_uri, vt_base.api_uri
   end
 
   # Class Method
-  def test_api_uri
-    base_uri = 'https://www.virustotal.com/vtapi/v2'
+  def test_api_uri_class_method
+    base_uri = 'https://www.virustotal.com/api/v3'
 
     assert VirustotalAPI::Base.api_uri.is_a?(String)
-    assert VirustotalAPI::Base.api_uri, base_uri
+    assert_equal base_uri, VirustotalAPI::Base.api_uri
   end
 
-  # Test using FileReport
   def test_exists?
-    VCR.use_cassette('report') do
-      virustotal_report = VirustotalAPI::FileReport.find(@sha256, @api_key)
+    VCR.use_cassette('file_find') do
+      virustotal_report = VirustotalAPI::File.find(@sha256, @api_key)
 
-      assert virustotal_report.exists?, true
+      assert virustotal_report.exists?
     end
   end
 end

data/test/domain_test.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require './test/test_helper'
+
+class VirustotalAPIDomainTest < Minitest::Test
+  def setup
+    @domain  = 'virustotal.com'
+    @api_key = 'testapikey'
+  end
+
+  def test_class_exists
+    assert VirustotalAPI::Domain
+  end
+
+  def test_report_response
+    VCR.use_cassette('domain') do
+      vtdomain_report = VirustotalAPI::Domain.find(@domain, @api_key)
+
+      # Make sure that the JSON was parsed
+      assert vtdomain_report.is_a?(VirustotalAPI::Domain)
+      assert vtdomain_report.report.is_a?(Hash)
+    end
+  end
+
+  def test_exists?
+    VCR.use_cassette('domain') do
+      vtdomain_report = VirustotalAPI::Domain.find(@domain, @api_key)
+
+      assert vtdomain_report.exists?
+    end
+  end
+end

data/test/exceptions_test.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require './test/test_helper'
+
+class RateLimitErrorTest < Minitest::Test
+  def setup
+    @sha256 = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
+    @api_key = 'testapikey'
+  end
+
+  def test_class_exists
+    assert VirustotalAPI::RateLimitError
+    assert VirustotalAPI::Unauthorized
+  end
+
+  def test_unauthorized
+    VCR.use_cassette('file_unauthorized') do
+      assert_raises VirustotalAPI::Unauthorized do
+        VirustotalAPI::File.find(@sha256, @api_key)
+      end
+    end
+  end
+end

data/test/file_test.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+require './test/test_helper'
+
+class VirustotalAPIFileTest < Minitest::Test
+  def setup
+    @sha256 = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
+    @file_path = File.expand_path('test/fixtures/null_file')
+    @api_key = 'testapikey'
+  end
+
+  def test_class_exists
+    assert VirustotalAPI::File
+  end
+
+  def test_report_response
+    VCR.use_cassette('file_find') do
+      virustotal_report = VirustotalAPI::File.find(@sha256, @api_key)
+
+      # Make sure that the JSON was parsed
+      assert virustotal_report.is_a?(VirustotalAPI::File)
+      assert virustotal_report.report.is_a?(Hash)
+    end
+  end
+
+  def test_find
+    permalink = 'https://www.virustotal.com/api/v3/files/' \
+                '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
+    VCR.use_cassette('file_find') do
+      virustotal_report = VirustotalAPI::File.find(@sha256, @api_key)
+
+      assert virustotal_report.report_url.is_a?(String)
+      assert_equal permalink, virustotal_report.report_url
+    end
+  end
+
+  def test_upload
+    VCR.use_cassette('file_upload') do
+      virustotal_upload = VirustotalAPI::File.upload(@file_path, @api_key)
+
+      assert virustotal_upload.report.is_a?(Hash)
+    end
+  end
+
+  def test_upload_id
+    VCR.use_cassette('file_upload') do
+      virustotal_upload = VirustotalAPI::File.upload(@file_path, @api_key)
+
+      assert virustotal_upload.id.is_a?(String)
+    end
+  end
+
+  def test_analyse
+    VCR.use_cassette('file_analyse') do
+      virustotal_analyse = VirustotalAPI::File.analyse(@sha256, @api_key)
+
+      assert virustotal_analyse.report.is_a?(Hash)
+    end
+  end
+
+  def test_analyse_id
+    VCR.use_cassette('file_analyse') do
+      virustotal_analyse = VirustotalAPI::File.analyse(@sha256, @api_key)
+
+      assert virustotal_analyse.id.is_a?(String)
+    end
+  end
+end