RubyGems - virustotal_api - Versions diffs - 0.3.0 → 0.5.2 - Mend

virustotal_api 0.3.0 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

checksums.yaml +4 -4
data/.github/workflows/ruby.yml +26 -0
data/.gitignore +1 -0
data/.rubocop.yml +12 -8
data/CHANGELOG.md +38 -6
data/Gemfile +2 -0
data/README.md +121 -31
data/Rakefile +2 -1
data/lib/virustotal_api.rb +8 -5
data/lib/virustotal_api/analysis.rb +24 -0
data/lib/virustotal_api/base.rb +41 -10
data/lib/virustotal_api/domain.rb +24 -0
data/lib/virustotal_api/exceptions.rb +5 -0
data/lib/virustotal_api/file.rb +56 -0
data/lib/virustotal_api/group.rb +26 -0
data/lib/virustotal_api/ip.rb +24 -0
data/lib/virustotal_api/uri.rb +3 -1
data/lib/virustotal_api/url.rb +46 -0
data/lib/virustotal_api/user.rb +26 -0
data/lib/virustotal_api/version.rb +3 -1
data/test/analysis_test.rb +23 -0
data/test/base_test.rb +14 -25
data/test/domain_test.rb +32 -0
data/test/exceptions_test.rb +23 -0
data/test/file_test.rb +71 -0
data/test/fixtures/analysis.yml +544 -0
data/test/fixtures/domain.yml +830 -0
data/test/fixtures/file_analyse.yml +52 -0
data/test/fixtures/file_find.yml +853 -0
data/test/fixtures/file_not_found.yml +52 -0
data/test/fixtures/file_rate_limit.yml +52 -0
data/test/fixtures/file_unauthorized.yml +51 -0
data/test/fixtures/file_upload.yml +54 -0
data/test/fixtures/group_find.yml +216 -0
data/test/fixtures/ip.yml +716 -0
data/test/fixtures/unscanned_url_find.yml +44 -0
data/test/fixtures/url_analyse.yml +52 -0
data/test/fixtures/url_find.yml +599 -0
data/test/fixtures/user_find.yml +213 -0
data/test/group_test.rb +32 -0
data/test/{ip_report_test.rb → ip_test.rb} +5 -4
data/test/test_helper.rb +1 -0
data/test/uri_test.rb +2 -1
data/test/url_test.rb +65 -0
data/test/user_test.rb +31 -0
data/test/version_test.rb +2 -2
data/virustotal_api.gemspec +12 -9
metadata +104 -65
data/.travis.yml +0 -15
data/lib/virustotal_api/domain_report.rb +0 -35
data/lib/virustotal_api/file_report.rb +0 -36
data/lib/virustotal_api/file_scan.rb +0 -36
data/lib/virustotal_api/ip_report.rb +0 -35
data/lib/virustotal_api/url_report.rb +0 -40
data/test/domain_report_test.rb +0 -31
data/test/file_report_test.rb +0 -34
data/test/file_scan_test.rb +0 -29
data/test/fixtures/domain_report.yml +0 -311
data/test/fixtures/ip_report.yml +0 -1323
data/test/fixtures/queue_unscanned_url_report.yml +0 -46
data/test/fixtures/report.yml +0 -110
data/test/fixtures/report_not_found.yml +0 -42
data/test/fixtures/request_forbidden.yml +0 -38
data/test/fixtures/scan.yml +0 -49
data/test/fixtures/unscanned_url_report.yml +0 -43
data/test/fixtures/url_report.yml +0 -95
data/test/url_report_test.rb +0 -56

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8bed66a7fba9485458455710be627e1f833347bceb426162e95580a0523f709e
-  data.tar.gz: 958f96c673f266360f5da1f5c28e9c948407956176be6af1196ad53aee7ab551
+  metadata.gz: 1bed8beb641ac85649be4628d37065079d3f2c881499a67065200eeba57f2176
+  data.tar.gz: a55ce4ed4bdc573607389e20578efd53f10d7ab1597b3deb05644571dac752c6
 SHA512:
-  metadata.gz: b633ba4b732ea5cc41470928879ef92c75000a66df300d7640a4e28d210a85192cd69fb5a4c96e4fd37f1434eda2c0678a3ac359c235fb46a588f67cebe20d51
-  data.tar.gz: 25bf3927a97a5fdc9435caa0073223b46fb4af8badc0f18edb735c5ce34174b585a98db7b04a05b9aea35213a2f0d1e9f6c47be1c9132c78668c04334776dac6
+  metadata.gz: 13c8674a48591fd1c063a4d76040555aeace01a19981feb558241ff1843984f2e8052c6169bec8a1ec4f63519e14bf9b3a109fcf7f8fc667d8a1e0cbfe7f99aa
+  data.tar.gz: b64cfe0bfa5fa79927d22d591534f2b7db2b3ca7f572e8360b0423c3de5def7948f3264381e001596c095c66ec04187fe5fddf1d4148ad21bcf66a08eaf981ac

data/.github/workflows/ruby.yml ADDED

@@ -0,0 +1,26 @@
+name: Ruby
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+jobs:
+  Test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1.46.0
+      with:
+        ruby-version: 2.5
+    - name: Install dependencies
+      run: bundle install
+    - name: Lint
+      run: bundle exec rake rubocop
+    - name: Run tests
+      run: bundle exec rake

data/.gitignore CHANGED

@@ -12,3 +12,4 @@
 *.o
 *.a
 mkmf.log
+.rake_tasks~

data/.rubocop.yml CHANGED

@@ -1,18 +1,16 @@
 # This is the configuration used to check the rubocop source code.
 AllCops:
+  NewCops: enable
   Exclude:
     - 'test/fixtures/*'
 Style/StringLiterals:
   Enabled: true
-Style/UnneededPercentQ:
+Style/RedundantPercentQ:
   Enabled: true
-Style/HashSyntax:
-  EnforcedStyle: hash_rockets
 # Disabled Checks
 Style/Documentation:
   Enabled: false
@@ -23,13 +21,19 @@ Style/PercentLiteralDelimiters:
 Style/RegexpLiteral:
   Enabled: false
-Style/BracesAroundHashParameters:
-  Enabled: false
 Lint/MissingCopEnableDirective:
   Exclude:
     - 'test/base_test.rb'
-Naming/UncommunicativeMethodParamName:
+Naming/MethodParameterName:
   Exclude:
     - 'lib/virustotal_api/ip_report.rb'
+Layout/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Gemspec/RequiredRubyVersion:
+  Enabled: false

data/CHANGELOG.md CHANGED

@@ -1,15 +1,47 @@
 # VirusTotal API Changelog
-## 0.3.0
+## [0.5.2] - 2020-10-06
-* Add optional scan param for url report API [#5](https://github.com/pwelch/virustotal_api/pull/5)
+* Fix Fix exists? check
+* Fix detected_by for File
+* Fix RateLimitError
+* Added User and Group API
+  * [@jonnynux](https://github.com/jonnynux)
+## [0.5.1] - 2020-10-06
+* Downgrade ruby requirement to 2.5.
+  * [@crondaemon](https://github.com/crondaemon)
+## [0.5.0] - 2020-09-02
+* Full rework to support API V3 [#30](https://github.com/pwelch/virustotal_api/pull/30)
+  * [@crondaemon](https://github.com/crondaemon) & [@jonnynux](https://github.com/jonnynux)
+* Move to Ruby 2.6 for minimum Ruby version
+## [0.4.1] - 2019-09-04
+* Fixed Reponse Parsing
+  * [@jonnynux](https://github.com/jonnynux)
+## [0.4.0] - 2019-07-23
+* Added ReScan [#15](https://github.com/pwelch/virustotal_api/pull/15)
+* Added URL Scan [#16](https://github.com/pwelch/virustotal_api/pull/16)
+  * [@jonnynux](https://github.com/jonnynux)
+## [0.3.0] - 2018-03-31
+* Added optional scan param for url report API [#5](https://github.com/pwelch/virustotal_api/pull/5)
   * [@mkunkel ](https://github.com/mkunkel)
-## 0.2.0
+## [0.2.0] - 2015-12-19
-* Check if the respone is 204 [#2](https://github.com/pwelch/virustotal_api/pull/2)
-  * Check if the respone is 204 (No Content) and raise an exception. [@postmodern](https://github.com/postmodern)
+* Added Check if the respone is 204 [#2](https://github.com/pwelch/virustotal_api/pull/2)
+  * [@postmodern](https://github.com/postmodern)
-## 0.1.0
+## [0.1.0] - 2014-12-26
 * First Release
+https://keepachangelog.com

data/Gemfile CHANGED

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 source 'https://rubygems.org'
 gemspec

data/README.md CHANGED

@@ -1,9 +1,11 @@
 # VirustotalAPI
-Ruby Gem for [VirusTotal](https://www.virustotal.com) [V2 API](https://www.virustotal.com/en/documentation/public-api/)
+Ruby Gem for [VirusTotal](https://www.virustotal.com) [V3 API](https://developers.virustotal.com/v3.0/reference).
+If you want the version 2, check out the gem versions up to [0.4.0](https://github.com/crondaemon/virustotal_api/tree/v0.4.0).
+![Ruby](https://github.com/pwelch/virustotal_api/workflows/Ruby/badge.svg)
 [![Gem Version](https://badge.fury.io/rb/virustotal_api.svg)](http://badge.fury.io/rb/virustotal_api)
-[![Build Status](https://secure.travis-ci.org/pwelch/virustotal_api.svg)](http://travis-ci.org/pwelch/virustotal_api)
 ## Installation
@@ -27,7 +29,7 @@ VirusTotal only allows 4 queries per minute for their Public API. https://www.vi
 You will need a Private API Key if you require more queries per minute.
-### File Report
+### File Find
 ```ruby
 require 'virustotal_api'
@@ -35,7 +37,7 @@ require 'virustotal_api'
 sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
 api_key = 'MY_API_KEY'
-vtreport = VirustotalAPI::FileReport.find(sha256, api_key)
+vtreport = VirustotalAPI::File.find(sha256, api_key)
 # Does the resource have any results?
 vtreport.exists?
@@ -43,14 +45,19 @@ vtreport.exists?
 # URL for File Report (if it exists)
 vtreport.report_url
-# => "https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1418032127/"
+# => "https://www.virustotal.com/api/v3/files/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"
 # Report results (if they exist) are available via #report
-vtreport.report["scans"]["ClamAV"]
-# => {"detected"=>false, "version"=>"0.98.5.0", "result"=>nil, "update"=>"20141208"}
+vtreport.report['data']['attributes']['last_analysis_results']['ClamAV']
+# => {"category"=>"undetected", "engine_name"=>"ClamAV", "engine_update"=>"20200826",
+# "engine_version"=>"0.102.4.0", "method"=>"blacklist", "result"=>nil}
+# Check whether an Antivirus detected this sample or not
+vtreport.detected_by('ClamAV')
+# => false
 ```
-### File Scan
+### File Upload
 ```ruby
 require 'virustotal_api'
@@ -58,28 +65,43 @@ require 'virustotal_api'
 file    = '/path/to/file'
 api_key = 'MY_API_KEY'
-vtscan = VirustotalAPI::FileScan.scan(file, api_key)
+vtscan = VirustotalAPI::File.upload(file, api_key)
-# Scan ID of file
-vtscan.scan_id
+# Virustotal ID of file
+vtscan.id
 # => "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668"
 # Response results are available via #response
-vtreport.response
+vtscan.report
+# =>
+{"data"=>
+  {"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
+   "type"=>"analysis"}}
+```
+### File Analyse
+```ruby
+require 'virustotal_api'
+sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
+api_key = 'MY_API_KEY'
+vtrescan = VirustotalAPI::File.analyse(sha256, api_key)
+# Virustotal ID of file
+vtrescan.id
+# => "MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ=="
+# Response results are available via #response
+vtrescan.report
 # =>
-{
-  "scan_id"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668",
-  "sha1"=>"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
-  "resource"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "response_code"=>1,
-  "sha256"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "permalink"=>"https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1419454668/",
-  "md5"=>"68b329da9893e34099c7d8ad5cb9c940",
-  "verbose_msg"=>"Scan request successfully queued, come back later for the report"
-}
+{"data"=>
+  {"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
+   "type"=>"analysis"}}
 ```
-### URL Report
+### URL find
 ```ruby
 require 'virustotal_api'
@@ -87,7 +109,7 @@ require 'virustotal_api'
 url     = 'http://www.google.com'
 api_key = 'MY_API_KEY'
-vturl_report = VirustotalAPI::URLReport.find(url, api_key)
+vturl_report = VirustotalAPI::URL.find(url, api_key)
 # Does the resource have any results?
 vturl_report.exists?
@@ -95,14 +117,37 @@ vturl_report.exists?
 # URL for Report (if it exists)
 vturl_report.report_url
-# => "https://www.virustotal.com/url/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/analysis/1419457210/"
+# => "https://www.virustotal.com/api/v3/urls/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/"
 # Report results (if they exist) are available via #report
-vturl_report.report["scans"]["Opera"]
-# => {"detected"=>false, "result"=>"clean site"}
+vturl_report.report['data']['attributes']['last_analysis_results']['Avira']
+# => {"category"=>"harmless", "engine_name"=>"Avira", "method"=>"blacklist", "result"=>"clean"}
 ```
-### IP Report
+### URL Upload
+```ruby
+require 'virustotal_api'
+url     = 'http://www.google.com'
+api_key = 'MY_API_KEY'
+vturl_scan = VirustotalAPI::URL.upload(url, api_key)
+# Virustotal ID of file
+vturl_scan.id
+# => "u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929"
+# Response results are available via #response
+vturl_scan.report
+# =>
+{"data"=>
+  {"id"=>
+    "u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929",
+   "type"=>"analysis"}}
+```
+### IP Find
 ```ruby
 require 'virustotal_api'
@@ -110,7 +155,7 @@ require 'virustotal_api'
 ip      = '8.8.8.8'
 api_key = 'MY_API_KEY'
-vtip_report = VirustotalAPI::IPReport.find(ip, api_key)
+vtip_report = VirustotalAPI::IP.find(ip, api_key)
 # Does the resource have any results?
 vtip_report.exists?
@@ -121,7 +166,7 @@ vtip_report.report
 # => Hash of report results
 ```
-### Domain Report
+### Domain Find
 ```ruby
 require 'virustotal_api'
@@ -129,7 +174,7 @@ require 'virustotal_api'
 domain  = 'virustotal.com'
 api_key = 'MY_API_KEY'
-vtdomain_report = VirustotalAPI::DomainReport.find(domain, api_key)
+vtdomain_report = VirustotalAPI::Domain.find(domain, api_key)
 # Does the resource have any results?
 vtdomain_report.exists?
@@ -140,6 +185,51 @@ vtdomain_report.report
 # => Hash of report results
 ```
+### User Find
+```ruby
+require 'virustotal_api'
+user_key  = 'user_key' # user_id or api_key
+api_key = 'MY_API_KEY'
+vtuser_report = VirustotalAPI::User.find(user_key, api_key)
+# Does the resource have any results?
+vtuser_report.exists?
+# => true
+# Report results (if they exist) are available via #report
+vtuser_report.report
+# => Hash of report results
+```
+### Group Find
+```ruby
+require 'virustotal_api'
+group_id  = 'GROUP_id'
+api_key = 'MY_API_KEY'
+vtgroup_report = VirustotalAPI::Group.find(group_id, api_key)
+# Does the resource have any results?
+vtgroup_report.exists?
+# => true
+# Report results (if they exist) are available via #report
+vtgroup_report.report
+# => Hash of report results
+```
+## Contributors
+- [@postmodern](https://github.com/postmodern)
+- [@mkunkel](https://github.com/mkunkel)
+- [@jonnynux](https://github.com/jonnynux)
+- [@crondaemon](https://github.com/crondaemon/)
 ## Contributing
 1. Fork it ( https://github.com/pwelch/virustotal_api/fork )

data/Rakefile CHANGED

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require 'bundler/gem_tasks'
 require 'rake/testtask'
@@ -21,4 +22,4 @@ namespace :yard do
   end
 end
-task :default => :test
+task default: :test

data/lib/virustotal_api.rb CHANGED

@@ -1,8 +1,11 @@
+# frozen_string_literal: true
-require 'virustotal_api/domain_report'
-require 'virustotal_api/file_report'
-require 'virustotal_api/file_scan'
-require 'virustotal_api/ip_report'
-require 'virustotal_api/url_report'
+require 'virustotal_api/analysis'
+require 'virustotal_api/domain'
+require 'virustotal_api/file'
+require 'virustotal_api/group'
+require 'virustotal_api/ip'
+require 'virustotal_api/url'
 require 'virustotal_api/uri'
+require 'virustotal_api/user'
 require 'virustotal_api/version'

data/lib/virustotal_api/analysis.rb ADDED

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+require_relative 'base'
+module VirustotalAPI
+  # A class for '/analyses' API
+  class Analysis < Base
+    attr_reader :report
+    # rubocop:disable Lint/MissingSuper
+    def initialize(report)
+      @report = report
+    end
+    # @param [String] id The Virustotal ID to get the report for.
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::IP] Report
+    def self.find(id, api_key)
+      report = perform("/analyses/#{id}", api_key)
+      new(report)
+    end
+  end
+end
+# rubocop:enable Lint/MissingSuper

data/lib/virustotal_api/base.rb CHANGED

@@ -1,22 +1,50 @@
+# frozen_string_literal: true
 require 'virustotal_api/exceptions'
 require 'rest-client'
 require 'json'
+require 'base64'
+# The base VirustotalAPI module.
 module VirustotalAPI
+  # The base class implementing the raw calls to Virustotal API V3.
   class Base
+    attr_reader :report
+    def initialize(report)
+      @report = report
+    end
     # @return [String] string of API URI class method
     def self.api_uri
       VirustotalAPI::URI
     end
-    # @param [RestClient::Response] response
-    # @return [Hash] the parsed JSON.
-    def self.parse(response)
-      if response.code == 204
-        raise(RateLimitError, 'maximum number of 4 requests per minute reached')
-      end
+    # The actual method performing a call to Virustotal
+    #
+    # @param [String] url The url of the API
+    # @param [String] api_key The key for virustotal
+    # @param [String] method The HTTP method to use
+    # @param [Hash] options Options to pass as payload
+    # @return [VirustotalAPI::Domain] Report Search Result
+    def self.perform(url, api_key, method = :get, options = {})
+      response = RestClient::Request.execute(
+        method: method,
+        url: api_uri + url,
+        headers: { 'x-apikey': api_key },
+        payload: options
+      )
       JSON.parse(response.body)
+    rescue RestClient::NotFound
+      {}
+    rescue RestClient::Unauthorized
+      # Raise a custom exception not to expose the underlying
+      # HTTP client.
+      raise VirustotalAPI::Unauthorized
+    rescue RestClient::TooManyRequests
+      # Raise a custom exception not to expose the underlying
+      # HTTP client.
+      raise VirustotalAPI::RateLimitError
     end
     # @return [String] string of API URI instance method
@@ -25,11 +53,14 @@ module VirustotalAPI
     end
     # @return [Boolean] if report for resource exists
-    # 0 => not_present, 1 => exists, -1 => invalid_ip_address
     def exists?
-      response_code = report.fetch('response_code') { nil }
+      !report.empty?
+    end
-      response_code == 1
+    # Generate a URL identifier.
+    # @see https://developers.virustotal.com/v3.0/reference#url
+    def self.url_identifier(url)
+      Base64.encode64(url).strip.gsub('=', '')
     end
   end
 end