RubyGems - virustotal_api - Versions diffs - 0.3.0 → 0.5.2 - Mend

virustotal_api 0.3.0 → 0.5.2

Files changed (67) hide show

checksums.yaml +4 -4
data/.github/workflows/ruby.yml +26 -0
data/.gitignore +1 -0
data/.rubocop.yml +12 -8
data/CHANGELOG.md +38 -6
data/Gemfile +2 -0
data/README.md +121 -31
data/Rakefile +2 -1
data/lib/virustotal_api.rb +8 -5
data/lib/virustotal_api/analysis.rb +24 -0
data/lib/virustotal_api/base.rb +41 -10
data/lib/virustotal_api/domain.rb +24 -0
data/lib/virustotal_api/exceptions.rb +5 -0
data/lib/virustotal_api/file.rb +56 -0
data/lib/virustotal_api/group.rb +26 -0
data/lib/virustotal_api/ip.rb +24 -0
data/lib/virustotal_api/uri.rb +3 -1
data/lib/virustotal_api/url.rb +46 -0
data/lib/virustotal_api/user.rb +26 -0
data/lib/virustotal_api/version.rb +3 -1
data/test/analysis_test.rb +23 -0
data/test/base_test.rb +14 -25
data/test/domain_test.rb +32 -0
data/test/exceptions_test.rb +23 -0
data/test/file_test.rb +71 -0
data/test/fixtures/analysis.yml +544 -0
data/test/fixtures/domain.yml +830 -0
data/test/fixtures/file_analyse.yml +52 -0
data/test/fixtures/file_find.yml +853 -0
data/test/fixtures/file_not_found.yml +52 -0
data/test/fixtures/file_rate_limit.yml +52 -0
data/test/fixtures/file_unauthorized.yml +51 -0
data/test/fixtures/file_upload.yml +54 -0
data/test/fixtures/group_find.yml +216 -0
data/test/fixtures/ip.yml +716 -0
data/test/fixtures/unscanned_url_find.yml +44 -0
data/test/fixtures/url_analyse.yml +52 -0
data/test/fixtures/url_find.yml +599 -0
data/test/fixtures/user_find.yml +213 -0
data/test/group_test.rb +32 -0
data/test/{ip_report_test.rb → ip_test.rb} +5 -4
data/test/test_helper.rb +1 -0
data/test/uri_test.rb +2 -1
data/test/url_test.rb +65 -0
data/test/user_test.rb +31 -0
data/test/version_test.rb +2 -2
data/virustotal_api.gemspec +12 -9
metadata +104 -65
data/.travis.yml +0 -15
data/lib/virustotal_api/domain_report.rb +0 -35
data/lib/virustotal_api/file_report.rb +0 -36
data/lib/virustotal_api/file_scan.rb +0 -36
data/lib/virustotal_api/ip_report.rb +0 -35
data/lib/virustotal_api/url_report.rb +0 -40
data/test/domain_report_test.rb +0 -31
data/test/file_report_test.rb +0 -34
data/test/file_scan_test.rb +0 -29
data/test/fixtures/domain_report.yml +0 -311
data/test/fixtures/ip_report.yml +0 -1323
data/test/fixtures/queue_unscanned_url_report.yml +0 -46
data/test/fixtures/report.yml +0 -110
data/test/fixtures/report_not_found.yml +0 -42
data/test/fixtures/request_forbidden.yml +0 -38
data/test/fixtures/scan.yml +0 -49
data/test/fixtures/unscanned_url_report.yml +0 -43
data/test/fixtures/url_report.yml +0 -95
data/test/url_report_test.rb +0 -56

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8bed66a7fba9485458455710be627e1f833347bceb426162e95580a0523f709e
-  data.tar.gz: 958f96c673f266360f5da1f5c28e9c948407956176be6af1196ad53aee7ab551
+  metadata.gz: 1bed8beb641ac85649be4628d37065079d3f2c881499a67065200eeba57f2176
+  data.tar.gz: a55ce4ed4bdc573607389e20578efd53f10d7ab1597b3deb05644571dac752c6
 SHA512:
-  metadata.gz: b633ba4b732ea5cc41470928879ef92c75000a66df300d7640a4e28d210a85192cd69fb5a4c96e4fd37f1434eda2c0678a3ac359c235fb46a588f67cebe20d51
-  data.tar.gz: 25bf3927a97a5fdc9435caa0073223b46fb4af8badc0f18edb735c5ce34174b585a98db7b04a05b9aea35213a2f0d1e9f6c47be1c9132c78668c04334776dac6
+  metadata.gz: 13c8674a48591fd1c063a4d76040555aeace01a19981feb558241ff1843984f2e8052c6169bec8a1ec4f63519e14bf9b3a109fcf7f8fc667d8a1e0cbfe7f99aa
+  data.tar.gz: b64cfe0bfa5fa79927d22d591534f2b7db2b3ca7f572e8360b0423c3de5def7948f3264381e001596c095c66ec04187fe5fddf1d4148ad21bcf66a08eaf981ac

data/.github/workflows/ruby.yml ADDED

@@ -0,0 +1,26 @@
+name: Ruby
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+jobs:
+  Test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1.46.0
+      with:
+        ruby-version: 2.5
+    - name: Install dependencies
+      run: bundle install
+    - name: Lint
+      run: bundle exec rake rubocop
+    - name: Run tests
+      run: bundle exec rake

data/.gitignore CHANGED

@@ -12,3 +12,4 @@
 *.o
 *.a
 mkmf.log
+.rake_tasks~

data/.rubocop.yml CHANGED

@@ -1,18 +1,16 @@
 # This is the configuration used to check the rubocop source code.
 AllCops:
+  NewCops: enable
   Exclude:
     - 'test/fixtures/*'
 Style/StringLiterals:
   Enabled: true
-Style/UnneededPercentQ:
+Style/RedundantPercentQ:
   Enabled: true
-Style/HashSyntax:
-  EnforcedStyle: hash_rockets
 # Disabled Checks
 Style/Documentation:
   Enabled: false
@@ -23,13 +21,19 @@ Style/PercentLiteralDelimiters:
 Style/RegexpLiteral:
   Enabled: false
-Style/BracesAroundHashParameters:
-  Enabled: false
 Lint/MissingCopEnableDirective:
   Exclude:
     - 'test/base_test.rb'
-Naming/UncommunicativeMethodParamName:
+Naming/MethodParameterName:
   Exclude:
     - 'lib/virustotal_api/ip_report.rb'
+Layout/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Gemspec/RequiredRubyVersion:
+  Enabled: false

data/CHANGELOG.md CHANGED

@@ -1,15 +1,47 @@
 # VirusTotal API Changelog
-## 0.3.0
+## [0.5.2] - 2020-10-06
-* Add optional scan param for url report API [#5](https://github.com/pwelch/virustotal_api/pull/5)
+* Fix Fix exists? check
+* Fix detected_by for File
+* Fix RateLimitError
+* Added User and Group API
+  * [@jonnynux](https://github.com/jonnynux)
+## [0.5.1] - 2020-10-06
+* Downgrade ruby requirement to 2.5.
+  * [@crondaemon](https://github.com/crondaemon)
+## [0.5.0] - 2020-09-02
+* Full rework to support API V3 [#30](https://github.com/pwelch/virustotal_api/pull/30)
+  * [@crondaemon](https://github.com/crondaemon) & [@jonnynux](https://github.com/jonnynux)
+* Move to Ruby 2.6 for minimum Ruby version
+## [0.4.1] - 2019-09-04
+* Fixed Reponse Parsing
+  * [@jonnynux](https://github.com/jonnynux)
+## [0.4.0] - 2019-07-23
+* Added ReScan [#15](https://github.com/pwelch/virustotal_api/pull/15)
+* Added URL Scan [#16](https://github.com/pwelch/virustotal_api/pull/16)
+  * [@jonnynux](https://github.com/jonnynux)
+## [0.3.0] - 2018-03-31
+* Added optional scan param for url report API [#5](https://github.com/pwelch/virustotal_api/pull/5)
   * [@mkunkel ](https://github.com/mkunkel)
-## 0.2.0
+## [0.2.0] - 2015-12-19
-* Check if the respone is 204 [#2](https://github.com/pwelch/virustotal_api/pull/2)
-  * Check if the respone is 204 (No Content) and raise an exception. [@postmodern](https://github.com/postmodern)
+* Added Check if the respone is 204 [#2](https://github.com/pwelch/virustotal_api/pull/2)
+  * [@postmodern](https://github.com/postmodern)
-## 0.1.0
+## [0.1.0] - 2014-12-26
 * First Release
+https://keepachangelog.com

data/Gemfile CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 source 'https://rubygems.org'
 gemspec

data/README.md CHANGED

@@ -1,9 +1,11 @@
 # VirustotalAPI
-Ruby Gem for [VirusTotal](https://www.virustotal.com) [V2 API](https://www.virustotal.com/en/documentation/public-api/)
+Ruby Gem for [VirusTotal](https://www.virustotal.com) [V3 API](https://developers.virustotal.com/v3.0/reference).
+If you want the version 2, check out the gem versions up to [0.4.0](https://github.com/crondaemon/virustotal_api/tree/v0.4.0).
+![Ruby](https://github.com/pwelch/virustotal_api/workflows/Ruby/badge.svg)
 [![Gem Version](https://badge.fury.io/rb/virustotal_api.svg)](http://badge.fury.io/rb/virustotal_api)
-[![Build Status](https://secure.travis-ci.org/pwelch/virustotal_api.svg)](http://travis-ci.org/pwelch/virustotal_api)
 ## Installation
@@ -27,7 +29,7 @@ VirusTotal only allows 4 queries per minute for their Public API. https://www.vi
 You will need a Private API Key if you require more queries per minute.
-### File Report
+### File Find
 ```ruby
 require 'virustotal_api'
@@ -35,7 +37,7 @@ require 'virustotal_api'
 sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
 api_key = 'MY_API_KEY'
-vtreport = VirustotalAPI::FileReport.find(sha256, api_key)
+vtreport = VirustotalAPI::File.find(sha256, api_key)
 # Does the resource have any results?
 vtreport.exists?
@@ -43,14 +45,19 @@ vtreport.exists?
 # URL for File Report (if it exists)
 vtreport.report_url
-# => "https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1418032127/"
+# => "https://www.virustotal.com/api/v3/files/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"
 # Report results (if they exist) are available via #report
-vtreport.report["scans"]["ClamAV"]
-# => {"detected"=>false, "version"=>"0.98.5.0", "result"=>nil, "update"=>"20141208"}
+vtreport.report['data']['attributes']['last_analysis_results']['ClamAV']
+# => {"category"=>"undetected", "engine_name"=>"ClamAV", "engine_update"=>"20200826",
+# "engine_version"=>"0.102.4.0", "method"=>"blacklist", "result"=>nil}
+# Check whether an Antivirus detected this sample or not
+vtreport.detected_by('ClamAV')
+# => false
 ```
-### File Scan
+### File Upload
 ```ruby
 require 'virustotal_api'
@@ -58,28 +65,43 @@ require 'virustotal_api'
 file    = '/path/to/file'
 api_key = 'MY_API_KEY'
-vtscan = VirustotalAPI::FileScan.scan(file, api_key)
+vtscan = VirustotalAPI::File.upload(file, api_key)
-# Scan ID of file
-vtscan.scan_id
+# Virustotal ID of file
+vtscan.id
 # => "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668"
 # Response results are available via #response
-vtreport.response
+vtscan.report
+# =>
+{"data"=>
+  {"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
+   "type"=>"analysis"}}
+```
+### File Analyse
+```ruby
+require 'virustotal_api'
+sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
+api_key = 'MY_API_KEY'
+vtrescan = VirustotalAPI::File.analyse(sha256, api_key)
+# Virustotal ID of file
+vtrescan.id
+# => "MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ=="
+# Response results are available via #response
+vtrescan.report
 # =>
-{
-  "scan_id"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668",
-  "sha1"=>"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
-  "resource"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "response_code"=>1,
-  "sha256"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "permalink"=>"https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1419454668/",
-  "md5"=>"68b329da9893e34099c7d8ad5cb9c940",
-  "verbose_msg"=>"Scan request successfully queued, come back later for the report"
-}
+{"data"=>
+  {"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
+   "type"=>"analysis"}}
 ```
-### URL Report
+### URL find
 ```ruby
 require 'virustotal_api'
@@ -87,7 +109,7 @@ require 'virustotal_api'
 url     = 'http://www.google.com'
 api_key = 'MY_API_KEY'
-vturl_report = VirustotalAPI::URLReport.find(url, api_key)
+vturl_report = VirustotalAPI::URL.find(url, api_key)
 # Does the resource have any results?
 vturl_report.exists?
@@ -95,14 +117,37 @@ vturl_report.exists?
 # URL for Report (if it exists)
 vturl_report.report_url
-# => "https://www.virustotal.com/url/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/analysis/1419457210/"
+# => "https://www.virustotal.com/api/v3/urls/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/"
 # Report results (if they exist) are available via #report
-vturl_report.report["scans"]["Opera"]
-# => {"detected"=>false, "result"=>"clean site"}
+vturl_report.report['data']['attributes']['last_analysis_results']['Avira']
+# => {"category"=>"harmless", "engine_name"=>"Avira", "method"=>"blacklist", "result"=>"clean"}
 ```
-### IP Report
+### URL Upload
+```ruby
+require 'virustotal_api'
+url     = 'http://www.google.com'
+api_key = 'MY_API_KEY'
+vturl_scan = VirustotalAPI::URL.upload(url, api_key)
+# Virustotal ID of file
+vturl_scan.id
+# => "u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929"
+# Response results are available via #response
+vturl_scan.report
+# =>
+{"data"=>
+  {"id"=>
+    "u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929",
+   "type"=>"analysis"}}
+```
+### IP Find
 ```ruby
 require 'virustotal_api'
@@ -110,7 +155,7 @@ require 'virustotal_api'
 ip      = '8.8.8.8'
 api_key = 'MY_API_KEY'
-vtip_report = VirustotalAPI::IPReport.find(ip, api_key)
+vtip_report = VirustotalAPI::IP.find(ip, api_key)
 # Does the resource have any results?
 vtip_report.exists?
@@ -121,7 +166,7 @@ vtip_report.report
 # => Hash of report results
 ```
-### Domain Report
+### Domain Find
 ```ruby
 require 'virustotal_api'
@@ -129,7 +174,7 @@ require 'virustotal_api'
 domain  = 'virustotal.com'
 api_key = 'MY_API_KEY'
-vtdomain_report = VirustotalAPI::DomainReport.find(domain, api_key)
+vtdomain_report = VirustotalAPI::Domain.find(domain, api_key)
 # Does the resource have any results?
 vtdomain_report.exists?
@@ -140,6 +185,51 @@ vtdomain_report.report
 # => Hash of report results
 ```
+### User Find
+```ruby
+require 'virustotal_api'
+user_key  = 'user_key' # user_id or api_key
+api_key = 'MY_API_KEY'
+vtuser_report = VirustotalAPI::User.find(user_key, api_key)
+# Does the resource have any results?
+vtuser_report.exists?
+# => true
+# Report results (if they exist) are available via #report
+vtuser_report.report
+# => Hash of report results
+```
+### Group Find
+```ruby
+require 'virustotal_api'
+group_id  = 'GROUP_id'
+api_key = 'MY_API_KEY'
+vtgroup_report = VirustotalAPI::Group.find(group_id, api_key)
+# Does the resource have any results?
+vtgroup_report.exists?
+# => true
+# Report results (if they exist) are available via #report
+vtgroup_report.report
+# => Hash of report results
+```
+## Contributors
+- [@postmodern](https://github.com/postmodern)
+- [@mkunkel](https://github.com/mkunkel)
+- [@jonnynux](https://github.com/jonnynux)
+- [@crondaemon](https://github.com/crondaemon/)
 ## Contributing
 1. Fork it ( https://github.com/pwelch/virustotal_api/fork )

data/Rakefile CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'bundler/gem_tasks'
 require 'rake/testtask'
@@ -21,4 +22,4 @@ namespace :yard do
   end
 end
-task :default => :test
+task default: :test

data/lib/virustotal_api.rb CHANGED

@@ -1,8 +1,11 @@
+# frozen_string_literal: true
-require 'virustotal_api/domain_report'
-require 'virustotal_api/file_report'
-require 'virustotal_api/file_scan'
-require 'virustotal_api/ip_report'
-require 'virustotal_api/url_report'
+require 'virustotal_api/analysis'
+require 'virustotal_api/domain'
+require 'virustotal_api/file'
+require 'virustotal_api/group'
+require 'virustotal_api/ip'
+require 'virustotal_api/url'
 require 'virustotal_api/uri'
+require 'virustotal_api/user'
 require 'virustotal_api/version'

data/lib/virustotal_api/analysis.rb ADDED

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+require_relative 'base'
+module VirustotalAPI
+  # A class for '/analyses' API
+  class Analysis < Base
+    attr_reader :report
+    # rubocop:disable Lint/MissingSuper
+    def initialize(report)
+      @report = report
+    end
+    # @param [String] id The Virustotal ID to get the report for.
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::IP] Report
+    def self.find(id, api_key)
+      report = perform("/analyses/#{id}", api_key)
+      new(report)
+    end
+  end
+end
+# rubocop:enable Lint/MissingSuper

data/lib/virustotal_api/base.rb CHANGED

@@ -1,22 +1,50 @@
+# frozen_string_literal: true
 require 'virustotal_api/exceptions'
 require 'rest-client'
 require 'json'
+require 'base64'
+# The base VirustotalAPI module.
 module VirustotalAPI
+  # The base class implementing the raw calls to Virustotal API V3.
   class Base
+    attr_reader :report
+    def initialize(report)
+      @report = report
+    end
     # @return [String] string of API URI class method
     def self.api_uri
       VirustotalAPI::URI
     end
-    # @param [RestClient::Response] response
-    # @return [Hash] the parsed JSON.
-    def self.parse(response)
-      if response.code == 204
-        raise(RateLimitError, 'maximum number of 4 requests per minute reached')
-      end
+    # The actual method performing a call to Virustotal
+    #
+    # @param [String] url The url of the API
+    # @param [String] api_key The key for virustotal
+    # @param [String] method The HTTP method to use
+    # @param [Hash] options Options to pass as payload
+    # @return [VirustotalAPI::Domain] Report Search Result
+    def self.perform(url, api_key, method = :get, options = {})
+      response = RestClient::Request.execute(
+        method: method,
+        url: api_uri + url,
+        headers: { 'x-apikey': api_key },
+        payload: options
+      )
       JSON.parse(response.body)
+    rescue RestClient::NotFound
+      {}
+    rescue RestClient::Unauthorized
+      # Raise a custom exception not to expose the underlying
+      # HTTP client.
+      raise VirustotalAPI::Unauthorized
+    rescue RestClient::TooManyRequests
+      # Raise a custom exception not to expose the underlying
+      # HTTP client.
+      raise VirustotalAPI::RateLimitError
     end
     # @return [String] string of API URI instance method
@@ -25,11 +53,14 @@ module VirustotalAPI
     end
     # @return [Boolean] if report for resource exists
-    # 0 => not_present, 1 => exists, -1 => invalid_ip_address
     def exists?
-      response_code = report.fetch('response_code') { nil }
+      !report.empty?
+    end
-      response_code == 1
+    # Generate a URL identifier.
+    # @see https://developers.virustotal.com/v3.0/reference#url
+    def self.url_identifier(url)
+      Base64.encode64(url).strip.gsub('=', '')
     end
   end
 end