RubyGems - virustotal_api - Versions diffs - 0.4.0 → 0.5.3 - Mend

virustotal_api 0.4.0 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

checksums.yaml +4 -4
data/.github/workflows/ruby.yml +26 -0
data/.gitignore +1 -0
data/.rubocop.yml +12 -5
data/CHANGELOG.md +35 -9
data/README.md +97 -59
data/lib/virustotal_api.rb +7 -7
data/lib/virustotal_api/analysis.rb +16 -0
data/lib/virustotal_api/base.rb +41 -10
data/lib/virustotal_api/domain.rb +18 -0
data/lib/virustotal_api/exceptions.rb +3 -0
data/lib/virustotal_api/file.rb +48 -0
data/lib/virustotal_api/group.rb +18 -0
data/lib/virustotal_api/ip.rb +18 -0
data/lib/virustotal_api/uri.rb +2 -1
data/lib/virustotal_api/url.rb +38 -0
data/lib/virustotal_api/user.rb +18 -0
data/lib/virustotal_api/version.rb +2 -1
data/test/analysis_test.rb +26 -0
data/test/base_test.rb +13 -25
data/test/domain_test.rb +27 -0
data/test/exceptions_test.rb +22 -0
data/test/file_test.rb +63 -0
data/test/fixtures/analysis.yml +544 -0
data/test/fixtures/domain.yml +830 -0
data/test/fixtures/file_analyse.yml +52 -0
data/test/fixtures/file_find.yml +853 -0
data/test/fixtures/file_not_found.yml +52 -0
data/test/fixtures/file_rate_limit.yml +52 -0
data/test/fixtures/file_unauthorized.yml +51 -0
data/test/fixtures/file_upload.yml +54 -0
data/test/fixtures/group_find.yml +216 -0
data/test/fixtures/ip.yml +716 -0
data/test/fixtures/unscanned_url_find.yml +44 -0
data/test/fixtures/url_analyse.yml +52 -0
data/test/fixtures/url_find.yml +599 -0
data/test/fixtures/user_find.yml +213 -0
data/test/group_test.rb +27 -0
data/test/{ip_report_test.rb → ip_test.rb} +6 -4
data/test/uri_test.rb +1 -1
data/test/url_test.rb +47 -0
data/test/user_test.rb +26 -0
data/test/version_test.rb +1 -2
data/virustotal_api.gemspec +10 -8
metadata +99 -69
data/.circleci/config.yml +0 -19
data/lib/virustotal_api/domain_report.rb +0 -36
data/lib/virustotal_api/file_report.rb +0 -37
data/lib/virustotal_api/file_rescan.rb +0 -35
data/lib/virustotal_api/file_scan.rb +0 -37
data/lib/virustotal_api/ip_report.rb +0 -36
data/lib/virustotal_api/url_report.rb +0 -41
data/lib/virustotal_api/url_scan.rb +0 -35
data/test/domain_report_test.rb +0 -32
data/test/file_report_test.rb +0 -36
data/test/file_rescan_test.rb +0 -32
data/test/file_scan_test.rb +0 -30
data/test/fixtures/domain_report.yml +0 -311
data/test/fixtures/ip_report.yml +0 -1323
data/test/fixtures/queue_unscanned_url_report.yml +0 -46
data/test/fixtures/report.yml +0 -110
data/test/fixtures/report_not_found.yml +0 -42
data/test/fixtures/request_forbidden.yml +0 -38
data/test/fixtures/rescan.yml +0 -47
data/test/fixtures/scan.yml +0 -49
data/test/fixtures/unscanned_url_report.yml +0 -43
data/test/fixtures/url_report.yml +0 -95
data/test/fixtures/url_scan.yml +0 -48
data/test/url_report_test.rb +0 -57
data/test/url_scan_test.rb +0 -30

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d5cb4002cc7336dab43ad9cad54f42f646428c80b80bdd9c21c54d16dfa971a4
-  data.tar.gz: 2e4091e0944e2ae0e4038574964035690e43eaf5aab0f69e26cb51ce1f6d36aa
+  metadata.gz: 549e10acf953216ded9295c21129e76fc737bd63f29703af799499c6feed2c6e
+  data.tar.gz: d20c12d67d748d329e3b0e340a4857115d516d942af5e3a282bb72e80a90e373
 SHA512:
-  metadata.gz: 3635ade214ad1a803a85a7169c84eedc085a5793bc3973aebe73e30f9f7b54cb4f6d46b79d66403441f02729f9f74ea52b70e147cdcee4a1181539c8a393a47d
-  data.tar.gz: 27ae5dffc0d0fbbaa379b9dd96daab5a4fe513c406a5234d4d481bcd25016084c2a589e3fa01ad0792d2ee2eda71d9e5884144b9198bb305e5c80f5e6a22c3cf
+  metadata.gz: 394ad7a9dbf0f4c59d7e286acd57974e042427f0f4c82d1c652195b0dca4d17a0eeed28cd82946da2a072679a824060bacf184c741ecd0578e383386295c328d
+  data.tar.gz: 0f9b0e2bc76a11d1b496ac1b0fb266875ed36cbfb51b27396396b555c3e47d5e411073e8bef956e1e44d08ec395e1165a45df8e525b24af6a0ae915d2c9c1b79

data/.github/workflows/ruby.yml ADDED

@@ -0,0 +1,26 @@
+name: Ruby
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+jobs:
+  Test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1.46.0
+      with:
+        ruby-version: 2.5
+    - name: Install dependencies
+      run: bundle install
+    - name: Lint
+      run: bundle exec rake rubocop
+    - name: Run tests
+      run: bundle exec rake

data/.gitignore CHANGED

@@ -12,3 +12,4 @@
 *.o
 *.a
 mkmf.log
+.rake_tasks~

data/.rubocop.yml CHANGED

@@ -1,13 +1,14 @@
 # This is the configuration used to check the rubocop source code.
 AllCops:
+  NewCops: enable
   Exclude:
     - 'test/fixtures/*'
 Style/StringLiterals:
   Enabled: true
-Style/UnneededPercentQ:
+Style/RedundantPercentQ:
   Enabled: true
 # Disabled Checks
@@ -20,13 +21,19 @@ Style/PercentLiteralDelimiters:
 Style/RegexpLiteral:
   Enabled: false
-Style/BracesAroundHashParameters:
-  Enabled: false
 Lint/MissingCopEnableDirective:
   Exclude:
     - 'test/base_test.rb'
-Naming/UncommunicativeMethodParamName:
+Naming/MethodParameterName:
   Exclude:
     - 'lib/virustotal_api/ip_report.rb'
+Layout/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Gemspec/RequiredRubyVersion:
+  Enabled: false

data/CHANGELOG.md CHANGED

@@ -1,21 +1,47 @@
 # VirusTotal API Changelog
-## 0.4.0
+## [0.5.2] - 2020-10-06
-* Add ReScan [#15](https://github.com/pwelch/virustotal_api/pull/15)
-* Add URL Scan [#16](https://github.com/pwelch/virustotal_api/pull/16)
+* Fix Fix exists? check
+* Fix detected_by for File
+* Fix RateLimitError
+* Added User and Group API
+  * [@jonnynux](https://github.com/jonnynux)
+## [0.5.1] - 2020-10-06
+* Downgrade ruby requirement to 2.5.
+  * [@crondaemon](https://github.com/crondaemon)
+## [0.5.0] - 2020-09-02
+* Full rework to support API V3 [#30](https://github.com/pwelch/virustotal_api/pull/30)
+  * [@crondaemon](https://github.com/crondaemon) & [@jonnynux](https://github.com/jonnynux)
+* Move to Ruby 2.6 for minimum Ruby version
+## [0.4.1] - 2019-09-04
+* Fixed Reponse Parsing
+  * [@jonnynux](https://github.com/jonnynux)
+## [0.4.0] - 2019-07-23
+* Added ReScan [#15](https://github.com/pwelch/virustotal_api/pull/15)
+* Added URL Scan [#16](https://github.com/pwelch/virustotal_api/pull/16)
   * [@jonnynux](https://github.com/jonnynux)
-## 0.3.0
+## [0.3.0] - 2018-03-31
-* Add optional scan param for url report API [#5](https://github.com/pwelch/virustotal_api/pull/5)
+* Added optional scan param for url report API [#5](https://github.com/pwelch/virustotal_api/pull/5)
   * [@mkunkel ](https://github.com/mkunkel)
-## 0.2.0
+## [0.2.0] - 2015-12-19
-* Check if the respone is 204 [#2](https://github.com/pwelch/virustotal_api/pull/2)
-  * Check if the respone is 204 (No Content) and raise an exception. [@postmodern](https://github.com/postmodern)
+* Added Check if the respone is 204 [#2](https://github.com/pwelch/virustotal_api/pull/2)
+  * [@postmodern](https://github.com/postmodern)
-## 0.1.0
+## [0.1.0] - 2014-12-26
 * First Release
+https://keepachangelog.com

data/README.md CHANGED

@@ -1,9 +1,11 @@
 # VirustotalAPI
-Ruby Gem for [VirusTotal](https://www.virustotal.com) [V2 API](https://www.virustotal.com/en/documentation/public-api/)
+Ruby Gem for [VirusTotal](https://www.virustotal.com) [V3 API](https://developers.virustotal.com/v3.0/reference).
+If you want the version 2, check out the gem versions up to [0.4.0](https://github.com/crondaemon/virustotal_api/tree/v0.4.0).
+![Ruby](https://github.com/pwelch/virustotal_api/workflows/Ruby/badge.svg)
 [![Gem Version](https://badge.fury.io/rb/virustotal_api.svg)](http://badge.fury.io/rb/virustotal_api)
-[![CircleCI](https://circleci.com/gh/pwelch/virustotal_api.svg?style=svg)](https://circleci.com/gh/pwelch/virustotal_api)
 ## Installation
@@ -27,7 +29,7 @@ VirusTotal only allows 4 queries per minute for their Public API. https://www.vi
 You will need a Private API Key if you require more queries per minute.
-### File Report
+### File Find
 ```ruby
 require 'virustotal_api'
@@ -35,7 +37,7 @@ require 'virustotal_api'
 sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
 api_key = 'MY_API_KEY'
-vtreport = VirustotalAPI::FileReport.find(sha256, api_key)
+vtreport = VirustotalAPI::File.find(sha256, api_key)
 # Does the resource have any results?
 vtreport.exists?
@@ -43,14 +45,19 @@ vtreport.exists?
 # URL for File Report (if it exists)
 vtreport.report_url
-# => "https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1418032127/"
+# => "https://www.virustotal.com/api/v3/files/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"
 # Report results (if they exist) are available via #report
-vtreport.report["scans"]["ClamAV"]
-# => {"detected"=>false, "version"=>"0.98.5.0", "result"=>nil, "update"=>"20141208"}
+vtreport.report['data']['attributes']['last_analysis_results']['ClamAV']
+# => {"category"=>"undetected", "engine_name"=>"ClamAV", "engine_update"=>"20200826",
+# "engine_version"=>"0.102.4.0", "method"=>"blacklist", "result"=>nil}
+# Check whether an Antivirus detected this sample or not
+vtreport.detected_by('ClamAV')
+# => false
 ```
-### File Scan
+### File Upload
 ```ruby
 require 'virustotal_api'
@@ -58,28 +65,21 @@ require 'virustotal_api'
 file    = '/path/to/file'
 api_key = 'MY_API_KEY'
-vtscan = VirustotalAPI::FileScan.scan(file, api_key)
+vtscan = VirustotalAPI::File.upload(file, api_key)
-# Scan ID of file
-vtscan.scan_id
+# Virustotal ID of file
+vtscan.id
 # => "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668"
 # Response results are available via #response
-vtscan.response
+vtscan.report
 # =>
-{
-  "scan_id"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668",
-  "sha1"=>"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
-  "resource"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "response_code"=>1,
-  "sha256"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "permalink"=>"https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1419454668/",
-  "md5"=>"68b329da9893e34099c7d8ad5cb9c940",
-  "verbose_msg"=>"Scan request successfully queued, come back later for the report"
-}
+{"data"=>
+  {"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
+   "type"=>"analysis"}}
 ```
-### File Rescan
+### File Analyse
 ```ruby
 require 'virustotal_api'
@@ -87,25 +87,21 @@ require 'virustotal_api'
 sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
 api_key = 'MY_API_KEY'
-vtrescan = VirustotalAPI::FileRescan.rescan(sha256, api_key)
+vtrescan = VirustotalAPI::File.analyse(sha256, api_key)
-# Rescan ID of file
-vtrescan.rescan_id
-# => "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1562684247"
+# Virustotal ID of file
+vtrescan.id
+# => "MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ=="
 # Response results are available via #response
-vtrescan.response
+vtrescan.report
 # =>
-{
-  "permalink": "https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1562684247/",
-  "response_code": 1,
-  "sha256": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "resource": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "scan_id": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1562684247"
-}
+{"data"=>
+  {"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
+   "type"=>"analysis"}}
 ```
-### URL Report
+### URL find
 ```ruby
 require 'virustotal_api'
@@ -113,7 +109,7 @@ require 'virustotal_api'
 url     = 'http://www.google.com'
 api_key = 'MY_API_KEY'
-vturl_report = VirustotalAPI::URLReport.find(url, api_key)
+vturl_report = VirustotalAPI::URL.find(url, api_key)
 # Does the resource have any results?
 vturl_report.exists?
@@ -121,14 +117,14 @@ vturl_report.exists?
 # URL for Report (if it exists)
 vturl_report.report_url
-# => "https://www.virustotal.com/url/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/analysis/1419457210/"
+# => "https://www.virustotal.com/api/v3/urls/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf"
 # Report results (if they exist) are available via #report
-vturl_report.report["scans"]["Opera"]
-# => {"detected"=>false, "result"=>"clean site"}
+vturl_report.report['data']['attributes']['last_analysis_results']['Avira']
+# => {"category"=>"harmless", "engine_name"=>"Avira", "method"=>"blacklist", "result"=>"clean"}
 ```
-### URL Scan
+### URL Upload
 ```ruby
 require 'virustotal_api'
@@ -136,27 +132,22 @@ require 'virustotal_api'
 url     = 'http://www.google.com'
 api_key = 'MY_API_KEY'
-vturl_scan = VirustotalAPI::URLScan.scan(url, api_key)
+vturl_scan = VirustotalAPI::URL.upload(url, api_key)
-# Scan ID of file
-vturl_scan.scan_id
-# => "dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1562751553"
+# Virustotal ID of file
+vturl_scan.id
+# => "u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929"
 # Response results are available via #response
-vturl_scan.response
+vturl_scan.report
 # =>
-{
-  "permalink": "https://www.virustotal.com/url/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/analysis/1562751553/",
-  "resource": "http://www.google.com/",
-  "url": "http://www.google.com/",
-  "response_code": 1,
-  "scan_date": "2019-07-10 09:39:13",
-  "scan_id": "dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1562751553",
-  "verbose_msg": "Scan request successfully queued, come back later for the report"
-}
+{"data"=>
+  {"id"=>
+    "u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929",
+   "type"=>"analysis"}}
 ```
-### IP Report
+### IP Find
 ```ruby
 require 'virustotal_api'
@@ -164,18 +155,22 @@ require 'virustotal_api'
 ip      = '8.8.8.8'
 api_key = 'MY_API_KEY'
-vtip_report = VirustotalAPI::IPReport.find(ip, api_key)
+vtip_report = VirustotalAPI::IP.find(ip, api_key)
 # Does the resource have any results?
 vtip_report.exists?
 # => true
+# URL for Report (if it exists)
+vtip_report.report_url
+# => "https://www.virustotal.com/api/v3/ip_addresses/8.8.8.8"
 # Report results (if they exist) are available via #report
 vtip_report.report
 # => Hash of report results
 ```
-### Domain Report
+### Domain Find
 ```ruby
 require 'virustotal_api'
@@ -183,22 +178,65 @@ require 'virustotal_api'
 domain  = 'virustotal.com'
 api_key = 'MY_API_KEY'
-vtdomain_report = VirustotalAPI::DomainReport.find(domain, api_key)
+vtdomain_report = VirustotalAPI::Domain.find(domain, api_key)
 # Does the resource have any results?
 vtdomain_report.exists?
 # => true
+# URL for Report (if it exists)
+vtdomain_report.report_url
+# => "https://www.virustotal.com/api/v3/domains/virustotal.com"
 # Report results (if they exist) are available via #report
 vtdomain_report.report
 # => Hash of report results
 ```
+### User Find
+```ruby
+require 'virustotal_api'
+user_key  = 'user_key' # user_id or api_key
+api_key = 'MY_API_KEY'
+vtuser_report = VirustotalAPI::User.find(user_key, api_key)
+# Does the resource have any results?
+vtuser_report.exists?
+# => true
+# Report results (if they exist) are available via #report
+vtuser_report.report
+# => Hash of report results
+```
+### Group Find
+```ruby
+require 'virustotal_api'
+group_id  = 'GROUP_id'
+api_key = 'MY_API_KEY'
+vtgroup_report = VirustotalAPI::Group.find(group_id, api_key)
+# Does the resource have any results?
+vtgroup_report.exists?
+# => true
+# Report results (if they exist) are available via #report
+vtgroup_report.report
+# => Hash of report results
+```
 ## Contributors
 - [@postmodern](https://github.com/postmodern)
 - [@mkunkel](https://github.com/mkunkel)
 - [@jonnynux](https://github.com/jonnynux)
+- [@crondaemon](https://github.com/crondaemon/)
 ## Contributing

data/lib/virustotal_api.rb CHANGED

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
-require 'virustotal_api/domain_report'
-require 'virustotal_api/file_report'
-require 'virustotal_api/file_rescan'
-require 'virustotal_api/file_scan'
-require 'virustotal_api/ip_report'
-require 'virustotal_api/url_report'
-require 'virustotal_api/url_scan'
+require 'virustotal_api/analysis'
+require 'virustotal_api/domain'
+require 'virustotal_api/file'
+require 'virustotal_api/group'
+require 'virustotal_api/ip'
+require 'virustotal_api/url'
 require 'virustotal_api/uri'
+require 'virustotal_api/user'
 require 'virustotal_api/version'

data/lib/virustotal_api/analysis.rb ADDED

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+require_relative 'base'
+module VirustotalAPI
+  # A class for '/analyses' API
+  class Analysis < Base
+    # @param [String] id The Virustotal ID to get the report for.
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::IP] Report
+    def self.find(id, api_key)
+      report = perform("/analyses/#{id}", api_key)
+      new(report)
+    end
+  end
+end