virustotal_api 0.1.0

data/test/fixtures/null_file

@@ -0,0 +1 @@
+

data/test/fixtures/report.yml

@@ -0,0 +1,110 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://www.virustotal.com/vtapi/v2/file/report
+    body:
+      encoding: UTF-8
+      string: apikey=testapikey&resource=01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
+    headers:
+      User-Agent:
+      - Faraday v0.9.0
+      Content-Type:
+      - application/x-www-form-urlencoded
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Type:
+      - application/json
+      Vary:
+      - Accept-Encoding
+      Date:
+      - Sun, 14 Dec 2014 04:14:07 GMT
+      Server:
+      - Google Frontend
+      Transfer-Encoding:
+      - chunked
+    body:
+      encoding: UTF-8
+      string: '{"scans": {"Bkav": {"detected": false, "version": "1.3.0.6267", "result":
+        null, "update": "20141206"}, "MicroWorld-eScan": {"detected": false, "version":
+        "12.0.250.0", "result": null, "update": "20141208"}, "nProtect": {"detected":
+        false, "version": "2014-12-05.01", "result": null, "update": "20141205"},
+        "CMC": {"detected": false, "version": "1.1.0.977", "result": null, "update":
+        "20141206"}, "CAT-QuickHeal": {"detected": false, "version": "14.00", "result":
+        null, "update": "20141208"}, "ALYac": {"detected": false, "version": "1.0.1.4",
+        "result": null, "update": "20141208"}, "Malwarebytes": {"detected": false,
+        "version": "1.75.0.1", "result": null, "update": "20141208"}, "Zillya": {"detected":
+        false, "version": "2.0.0.2000", "result": null, "update": "20141206"}, "SUPERAntiSpyware":
+        {"detected": false, "version": "5.6.0.1032", "result": null, "update": "20141207"},
+        "TheHacker": {"detected": false, "version": "6.8.0.5.498", "result": null,
+        "update": "20141205"}, "K7GW": {"detected": false, "version": "9.186.14262",
+        "result": null, "update": "20141208"}, "K7AntiVirus": {"detected": false,
+        "version": "9.186.14262", "result": null, "update": "20141208"}, "Agnitum":
+        {"detected": false, "version": "5.5.1.3", "result": null, "update": "20141205"},
+        "F-Prot": {"detected": false, "version": "4.7.1.166", "result": null, "update":
+        "20141208"}, "Symantec": {"detected": false, "version": "20141.1.0.330", "result":
+        null, "update": "20141208"}, "Norman": {"detected": false, "version": "7.04.04",
+        "result": null, "update": "20141208"}, "TotalDefense": {"detected": false,
+        "version": "37.0.11318", "result": null, "update": "20141207"}, "TrendMicro-HouseCall":
+        {"detected": false, "version": "9.700.0.1001", "result": null, "update": "20141208"},
+        "Avast": {"detected": false, "version": "8.0.1489.320", "result": null, "update":
+        "20141208"}, "ClamAV": {"detected": false, "version": "0.98.5.0", "result":
+        null, "update": "20141208"}, "Kaspersky": {"detected": false, "version": "15.0.1.10",
+        "result": null, "update": "20141208"}, "BitDefender": {"detected": false,
+        "version": "7.2", "result": null, "update": "20141208"}, "NANO-Antivirus":
+        {"detected": false, "version": "0.28.6.63850", "result": null, "update": "20141208"},
+        "AegisLab": {"detected": false, "version": "1.5", "result": null, "update":
+        "20141208"}, "ByteHero": {"detected": false, "version": "1.0.0.1", "result":
+        null, "update": "20141208"}, "Tencent": {"detected": false, "version": "1.0.0.1",
+        "result": null, "update": "20141208"}, "Ad-Aware": {"detected": false, "version":
+        "12.0.163.0", "result": null, "update": "20141208"}, "Comodo": {"detected":
+        false, "version": "20303", "result": null, "update": "20141208"}, "F-Secure":
+        {"detected": false, "version": "11.0.19100.45", "result": null, "update":
+        "20141207"}, "DrWeb": {"detected": false, "version": "7.0.10.8210", "result":
+        null, "update": "20141208"}, "VIPRE": {"detected": false, "version": "35530",
+        "result": null, "update": "20141208"}, "TrendMicro": {"detected": false, "version":
+        "9.740.0.1012", "result": null, "update": "20141208"}, "McAfee-GW-Edition":
+        {"detected": false, "version": "v2014.2", "result": null, "update": "20141208"},
+        "Sophos": {"detected": false, "version": "4.98.0", "result": null, "update":
+        "20141208"}, "Cyren": {"detected": false, "version": "5.4.1.7", "result":
+        null, "update": "20141208"}, "Jiangmin": {"detected": false, "version": "16.0.100",
+        "result": null, "update": "20141207"}, "Avira": {"detected": false, "version":
+        "7.11.193.118", "result": null, "update": "20141208"}, "Antiy-AVL": {"detected":
+        false, "version": "1.0.0.1", "result": null, "update": "20141208"}, "Kingsoft":
+        {"detected": false, "version": "2013.4.9.267", "result": null, "update": "20141208"},
+        "Microsoft": {"detected": false, "version": "1.11202", "result": null, "update":
+        "20141208"}, "ViRobot": {"detected": false, "version": "2014.3.20.0", "result":
+        null, "update": "20141208"}, "GData": {"detected": false, "version": "24",
+        "result": null, "update": "20141208"}, "AhnLab-V3": {"detected": false, "version":
+        "2014.12.08.04", "result": null, "update": "20141208"}, "McAfee": {"detected":
+        false, "version": "6.0.5.614", "result": null, "update": "20141208"}, "AVware":
+        {"detected": false, "version": "1.5.0.21", "result": null, "update": "20141208"},
+        "VBA32": {"detected": false, "version": "3.12.26.3", "result": null, "update":
+        "20141205"}, "Baidu-International": {"detected": false, "version": "3.5.1.41473",
+        "result": null, "update": "20141208"}, "Zoner": {"detected": false, "version":
+        "1.0", "result": null, "update": "20141204"}, "ESET-NOD32": {"detected": false,
+        "version": "10842", "result": null, "update": "20141208"}, "Rising": {"detected":
+        false, "version": "25.0.0.17", "result": null, "update": "20141207"}, "Ikarus":
+        {"detected": false, "version": "T3.1.8.5.0", "result": null, "update": "20141208"},
+        "Fortinet": {"detected": false, "version": "5.0.999.0", "result": null, "update":
+        "20141208"}, "AVG": {"detected": false, "version": "15.0.0.4235", "result":
+        null, "update": "20141208"}, "Panda": {"detected": false, "version": "4.6.4.2",
+        "result": null, "update": "20141208"}, "Qihoo-360": {"detected": false, "version":
+        "1.0.0.1015", "result": null, "update": "20141208"}}, "scan_id": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1418032127",
+        "sha1": "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc", "resource": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
+        "response_code": 1, "scan_date": "2014-12-08 09:48:47", "permalink": "https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1418032127/",
+        "verbose_msg": "Scan finished, information embedded", "total": 55, "positives":
+        0, "sha256": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
+        "md5": "68b329da9893e34099c7d8ad5cb9c940"}'
+    http_version:
+  recorded_at: Sun, 14 Dec 2014 04:19:44 GMT
+recorded_with: VCR 2.9.3

data/test/fixtures/report_not_found.yml

@@ -0,0 +1,42 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://www.virustotal.com/vtapi/v2/file/report
+    body:
+      encoding: UTF-8
+      string: apikey=testapikey&resource=01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546c
+    headers:
+      User-Agent:
+      - Faraday v0.9.0
+      Content-Type:
+      - application/x-www-form-urlencoded
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Type:
+      - application/json
+      Vary:
+      - Accept-Encoding
+      Date:
+      - Sun, 14 Dec 2014 04:24:42 GMT
+      Server:
+      - Google Frontend
+      Transfer-Encoding:
+      - chunked
+    body:
+      encoding: UTF-8
+      string: '{"response_code": 0, "resource": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546c",
+        "verbose_msg": "The requested resource is not among the finished, queued or
+        pending scans"}'
+    http_version:
+  recorded_at: Sun, 14 Dec 2014 04:30:19 GMT
+recorded_with: VCR 2.9.3

data/test/fixtures/request_forbidden.yml

@@ -0,0 +1,38 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://www.virustotal.com/vtapi/v2/file/report
+    body:
+      encoding: UTF-8
+      string: apikey=testapikey&resource=01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
+    headers:
+      User-Agent:
+      - Faraday v0.9.0
+      Content-Type:
+      - application/x-www-form-urlencoded
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Accept:
+      - "*/*"
+  response:
+    status:
+      code: 403
+      message: Forbidden
+    headers:
+      Content-Type:
+      - text/html; charset=utf-8
+      Cache-Control:
+      - no-cache
+      Date:
+      - Sun, 14 Dec 2014 04:07:30 GMT
+      Server:
+      - Google Frontend
+      Content-Length:
+      - '0'
+    body:
+      encoding: UTF-8
+      string: ''
+    http_version:
+  recorded_at: Sun, 14 Dec 2014 04:13:07 GMT
+recorded_with: VCR 2.9.3

data/test/fixtures/scan.yml

@@ -0,0 +1,49 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://www.virustotal.com/vtapi/v2/file/scan
+    body:
+      encoding: ASCII-8BIT
+      string: "--318862\r\nContent-Disposition: form-data; name=\"apikey\"\r\n\r\ntestapikey\r\n--318862\r\nContent-Disposition:
+        form-data; name=\"filename\"\r\n\r\nnull_file\r\n--318862\r\nContent-Disposition:
+        form-data; name=\"file\"; filename=\"null_file\"\r\nContent-Type: text/plain\r\n\r\n\n\r\n--318862--\r\n"
+    headers:
+      Accept:
+      - "*/*; q=0.5, application/xml"
+      Accept-Encoding:
+      - gzip, deflate
+      Content-Length:
+      - '317'
+      Content-Type:
+      - multipart/form-data; boundary=318862
+      User-Agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Type:
+      - application/json
+      Vary:
+      - Accept-Encoding
+      Date:
+      - Wed, 24 Dec 2014 21:14:51 GMT
+      Server:
+      - Google Frontend
+      Transfer-Encoding:
+      - chunked
+    body:
+      encoding: UTF-8
+      string: '{"scan_id": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419455691",
+        "sha1": "adc83b19e793491b1c6ea0fd8b46cd9f32e592fc", "resource": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
+        "response_code": 1, "sha256": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
+        "permalink": "https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1419455691/",
+        "md5": "68b329da9893e34099c7d8ad5cb9c940", "verbose_msg": "Scan request successfully
+        queued, come back later for the report"}'
+    http_version:
+  recorded_at: Wed, 24 Dec 2014 21:21:00 GMT
+recorded_with: VCR 2.9.3

data/test/fixtures/url_report.yml

@@ -0,0 +1,95 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://www.virustotal.com/vtapi/v2/url/report
+    body:
+      encoding: US-ASCII
+      string: resource=http%3A%2F%2Fwww.google.com&apikey=testapikey
+    headers:
+      Accept:
+      - "*/*; q=0.5, application/xml"
+      Accept-Encoding:
+      - gzip, deflate
+      Content-Length:
+      - '108'
+      Content-Type:
+      - application/x-www-form-urlencoded
+      User-Agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Type:
+      - application/json
+      Vary:
+      - Accept-Encoding
+      Date:
+      - Wed, 24 Dec 2014 21:52:52 GMT
+      Server:
+      - Google Frontend
+      Transfer-Encoding:
+      - chunked
+    body:
+      encoding: UTF-8
+      string: '{"permalink": "https://www.virustotal.com/url/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/analysis/1419457210/",
+        "resource": "http://www.google.com", "url": "http://www.google.com/", "response_code":
+        1, "scan_date": "2014-12-24 21:40:10", "scan_id": "dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1419457210",
+        "verbose_msg": "Scan finished, scan information embedded in this object",
+        "filescan_id": null, "positives": 0, "total": 61, "scans": {"CLEAN MX": {"detected":
+        false, "result": "clean site"}, "MalwarePatrol": {"detected": false, "result":
+        "clean site"}, "ZDB Zeus": {"detected": false, "result": "clean site"}, "Tencent":
+        {"detected": false, "result": "clean site"}, "AutoShun": {"detected": false,
+        "result": "unrated site"}, "ZCloudsec": {"detected": false, "result": "clean
+        site"}, "PhishLabs": {"detected": false, "result": "unrated site"}, "K7AntiVirus":
+        {"detected": false, "result": "clean site"}, "Quttera": {"detected": false,
+        "result": "suspicious site"}, "Spam404": {"detected": false, "result": "clean
+        site"}, "AegisLab WebGuard": {"detected": false, "result": "clean site"},
+        "MalwareDomainList": {"detected": false, "result": "clean site", "detail":
+        "http://www.malwaredomainlist.com/mdl.php?search=www.google.com"}, "ZeusTracker":
+        {"detected": false, "result": "clean site", "detail": "https://zeustracker.abuse.ch/monitor.php?host=www.google.com"},
+        "zvelo": {"detected": false, "result": "clean site"}, "Google Safebrowsing":
+        {"detected": false, "result": "clean site"}, "Kaspersky": {"detected": false,
+        "result": "clean site"}, "BitDefender": {"detected": false, "result": "clean
+        site"}, "Dr.Web": {"detected": false, "result": "clean site"}, "ADMINUSLabs":
+        {"detected": false, "result": "clean site"}, "C-SIRT": {"detected": false,
+        "result": "clean site"}, "CyberCrime": {"detected": false, "result": "clean
+        site"}, "Websense ThreatSeeker": {"detected": false, "result": "clean site"},
+        "VX Vault": {"detected": false, "result": "clean site"}, "Webutation": {"detected":
+        false, "result": "clean site"}, "Trustwave": {"detected": false, "result":
+        "clean site"}, "Web Security Guard": {"detected": false, "result": "clean
+        site"}, "G-Data": {"detected": false, "result": "clean site"}, "Malwarebytes
+        hpHosts": {"detected": false, "result": "clean site"}, "Wepawet": {"detected":
+        false, "result": "clean site"}, "AlienVault": {"detected": false, "result":
+        "clean site"}, "Emsisoft": {"detected": false, "result": "clean site"}, "Malc0de
+        Database": {"detected": false, "result": "clean site", "detail": "http://malc0de.com/database/index.php?search=www.google.com"},
+        "SpyEyeTracker": {"detected": false, "result": "clean site", "detail": "https://spyeyetracker.abuse.ch/monitor.php?host=www.google.com"},
+        "malwares.com URL checker": {"detected": false, "result": "clean site"}, "Phishtank":
+        {"detected": false, "result": "clean site"}, "Malwared": {"detected": false,
+        "result": "clean site"}, "Avira": {"detected": false, "result": "clean site"},
+        "OpenPhish": {"detected": false, "result": "clean site"}, "Antiy-AVL": {"detected":
+        false, "result": "clean site"}, "SCUMWARE.org": {"detected": false, "result":
+        "clean site"}, "FraudSense": {"detected": false, "result": "clean site"},
+        "Opera": {"detected": false, "result": "clean site"}, "Comodo Site Inspector":
+        {"detected": false, "result": "clean site"}, "Malekal": {"detected": false,
+        "result": "clean site"}, "ESET": {"detected": false, "result": "clean site"},
+        "Sophos": {"detected": false, "result": "unrated site"}, "Yandex Safebrowsing":
+        {"detected": false, "result": "clean site", "detail": "http://yandex.com/infected?l10n=en&url=http://www.google.com/"},
+        "SecureBrain": {"detected": false, "result": "clean site"}, "Malware Domain
+        Blocklist": {"detected": false, "result": "clean site"}, "Blueliv": {"detected":
+        false, "result": "clean site"}, "Netcraft": {"detected": false, "result":
+        "unrated site"}, "PalevoTracker": {"detected": false, "result": "clean site"},
+        "CRDF": {"detected": false, "result": "clean site"}, "ThreatHive": {"detected":
+        false, "result": "clean site"}, "ParetoLogic": {"detected": false, "result":
+        "clean site"}, "Rising": {"detected": false, "result": "clean site"}, "URLQuery":
+        {"detected": false, "result": "unrated site"}, "StopBadware": {"detected":
+        false, "result": "unrated site"}, "Sucuri SiteCheck": {"detected": false,
+        "result": "clean site"}, "Fortinet": {"detected": false, "result": "clean
+        site"}, "Baidu-International": {"detected": false, "result": "clean site"}}}'
+    http_version:
+  recorded_at: Wed, 24 Dec 2014 21:59:01 GMT
+recorded_with: VCR 2.9.3

data/test/ip_report_test.rb

@@ -0,0 +1,23 @@
+# encoding: utf-8
+require './test/test_helper'
+
+class VirustotalAPIIPReportTest < Minitest::Test
+  def setup
+    @ip      = '8.8.8.8'
+    @api_key = 'testapikey'
+  end
+
+  def test_class_exists
+    assert VirustotalAPI::IPReport
+  end
+
+  def test_report_response
+    VCR.use_cassette('ip_report') do
+      vtip_report = VirustotalAPI::IPReport.find(@ip, @api_key)
+
+      # Make sure that the JSON was parsed
+      assert vtip_report.is_a?(VirustotalAPI::IPReport)
+      assert vtip_report.report.is_a?(Hash)
+    end
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,10 @@
+# encoding: utf-8
+require './lib/virustotal_api'
+require 'minitest/autorun'
+require 'webmock/minitest'
+require 'vcr'
+
+VCR.configure do |c|
+  c.cassette_library_dir = 'test/fixtures'
+  c.hook_into :webmock
+end

data/test/uri_test.rb

@@ -0,0 +1,9 @@
+# encoding: utf-8
+require './test/test_helper'
+
+class VirustotalAPIVTReportTest < Minitest::Test
+  def test_api_base_uri
+    assert VirustotalAPI::URI.is_a?(String)
+    assert VirustotalAPI::URI, 'https://www.virustotal.com/vtapi/v2'
+  end
+end

data/test/url_report_test.rb

@@ -0,0 +1,39 @@
+# encoding: utf-8
+require './test/test_helper'
+
+class VirustotalAPIURLReportTest < Minitest::Test
+  def setup
+    @url     = 'http://www.google.com'
+    @api_key = 'testapikey'
+  end
+
+  def test_class_exists
+    assert VirustotalAPI::URLReport
+  end
+
+  def test_report_response
+    VCR.use_cassette('url_report') do
+      vturl_report = VirustotalAPI::URLReport.find(@url, @api_key)
+
+      # Make sure that the JSON was parsed
+      assert vturl_report.is_a?(VirustotalAPI::URLReport)
+      assert vturl_report.report.is_a?(Hash)
+    end
+  end
+
+  def test_report_url
+    VCR.use_cassette('url_report') do
+      vturl_report = VirustotalAPI::URLReport.find(@url, @api_key)
+
+      assert vturl_report.report_url.is_a?(String)
+    end
+  end
+
+  def test_scan_url
+    VCR.use_cassette('url_report') do
+      vturl_report = VirustotalAPI::URLReport.find(@url, @api_key)
+
+      assert vturl_report.scan_id.is_a?(String)
+    end
+  end
+end

data/test/version_test.rb

@@ -0,0 +1,9 @@
+# encoding: utf-8
+require './test/test_helper'
+
+class VirustotalAPIVTReportTest < Minitest::Test
+  def test_version
+    assert VirustotalAPI::VERSION.is_a?(String)
+    assert VirustotalAPI::VERSION, '0.1.0'
+  end
+end

data/virustotal_api.gemspec

@@ -0,0 +1,32 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'virustotal_api/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'virustotal_api'
+  spec.version       = VirustotalAPI::VERSION
+  spec.authors       = ['pwelch']
+  spec.email         = ['paul@pwelch.net']
+  spec.summary       = 'Gem for VirusTotal.com API'
+  spec.description   = 'Gem for VirusTotal.com API'
+  spec.homepage      = 'https://github.com/pwelch/virustotal_api'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'rest-client'
+  spec.add_dependency 'json'
+
+  spec.add_development_dependency 'bundler', '~> 1.7'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'minitest'
+  spec.add_development_dependency 'vcr'
+  spec.add_development_dependency 'webmock'
+  spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'yard', '~> 0.8'
+  spec.add_development_dependency 'rubocop'
+end