virustotal_api 0.4.1 → 0.5.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 59f51d8dce27daace930afc9786485d497e79b3ba9afc6b82bffbb1ac1c98b36
-  data.tar.gz: 1fe1adf06f5135342dd48cade1d28c78a97530885e51e6d0993d0a971e31cec4
+  metadata.gz: 8bf33b0c496e55c74969e71e323aa64c664a4e7090db4f849601829143ee976a
+  data.tar.gz: 13eed4b64f8923c637e2155c3ece40f9bf55378c3f3a4cc7a321e29f58d8a357
 SHA512:
-  metadata.gz: 30985ac7e3aec76bf9fd6ab41f9b1b1ec46edb96ba5e3ab12e9d1c993aeff665cc41fb5644db97afb26d41605208f4b0a116856fed5cfe22872571da429e3882
-  data.tar.gz: ea9be7f207a5805fecc1e1e321c07ade17cafc1eb0b1c85416117985f54837b6951c6285562f0ffffac32933fd9ff0bd66e1561f0d15ccb6555f0998d6d8a0de
+  metadata.gz: 168c48232321aecaa6ad6bf5d34d07eb417cbf82f4bcd9a69ed678bb1c28c23a0121a859151662d0e810ea1ca4d8cda2dc50a771d98eaf85f5c98f424b9c4458
+  data.tar.gz: '021498bfce536a34eadc04c7b12766ff605b1f3ae61163be4c88e72aba5e05f2ce4be692aaa601420bdc480327d81e6e5496fd4c293c60f6fdb11f9537d68363'

data/.github/workflows/ruby.yml

@@ -0,0 +1,26 @@
+name: Ruby
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  Test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.5
+    - name: Install dependencies
+      run: bundle install
+    - name: Lint
+      run: bundle exec rake rubocop
+    - name: Run tests
+      run: bundle exec rake

data/.gitignore

@@ -12,3 +12,4 @@
 *.o
 *.a
 mkmf.log
+.rake_tasks~

data/.rubocop.yml

@@ -1,13 +1,14 @@
 # This is the configuration used to check the rubocop source code.
 
 AllCops:
+  NewCops: enable
   Exclude:
     - 'test/fixtures/*'
 
 Style/StringLiterals:
   Enabled: true
 
-Style/UnneededPercentQ:
+Style/RedundantPercentQ:
   Enabled: true
 
 # Disabled Checks
@@ -20,13 +21,19 @@ Style/PercentLiteralDelimiters:
 Style/RegexpLiteral:
   Enabled: false
 
-Style/BracesAroundHashParameters:
-  Enabled: false
-
 Lint/MissingCopEnableDirective:
   Exclude:
     - 'test/base_test.rb'
 
-Naming/UncommunicativeMethodParamName:
+Naming/MethodParameterName:
   Exclude:
     - 'lib/virustotal_api/ip_report.rb'
+
+Layout/LineLength:
+  Enabled: false
+
+Metrics/MethodLength:
+  Enabled: false
+
+Gemspec/RequiredRubyVersion:
+  Enabled: false

data/CHANGELOG.md

@@ -1,10 +1,35 @@
 # VirusTotal API Changelog
 
+## [0.5.4] - 2020-12-10
+* Manage bad requests like not found
+* Use strict base64 encoding
+  * [@crondaemon](https://github.com/crondaemon)
+
+## [0.5.3] = 2020-10-12
+
+## [0.5.2] - 2020-10-06
+
+* Fix Fix exists? check
+* Fix detected_by for File
+* Fix RateLimitError
+* Added User and Group API
+  * [@jonnynux](https://github.com/jonnynux)
+
+## [0.5.1] - 2020-10-06
+
+* Downgrade ruby requirement to 2.5.
+  * [@crondaemon](https://github.com/crondaemon)
+
+## [0.5.0] - 2020-09-02
+
+* Full rework to support API V3 [#30](https://github.com/pwelch/virustotal_api/pull/30)
+  * [@crondaemon](https://github.com/crondaemon) & [@jonnynux](https://github.com/jonnynux)
+* Move to Ruby 2.6 for minimum Ruby version
+
 ## [0.4.1] - 2019-09-04
 
 * Fixed Reponse Parsing
-  * [@jonnynux](https://github.com/jonnynux)
-  
+  * [@jonnynux](https://github.com/jonnynux) 
 
 ## [0.4.0] - 2019-07-23
 

data/README.md

@@ -1,9 +1,11 @@
 # VirustotalAPI
 
-Ruby Gem for [VirusTotal](https://www.virustotal.com) [V2 API](https://www.virustotal.com/en/documentation/public-api/)
+Ruby Gem for [VirusTotal](https://www.virustotal.com) [V3 API](https://developers.virustotal.com/v3.0/reference).
+If you want the version 2, check out the gem versions up to [0.4.0](https://github.com/crondaemon/virustotal_api/tree/v0.4.0).
+
+![Ruby](https://github.com/pwelch/virustotal_api/workflows/Ruby/badge.svg)
 
 [![Gem Version](https://badge.fury.io/rb/virustotal_api.svg)](http://badge.fury.io/rb/virustotal_api)
-[![CircleCI](https://circleci.com/gh/pwelch/virustotal_api.svg?style=svg)](https://circleci.com/gh/pwelch/virustotal_api)
 
 ## Installation
 
@@ -27,7 +29,7 @@ VirusTotal only allows 4 queries per minute for their Public API. https://www.vi
 
 You will need a Private API Key if you require more queries per minute.
 
-### File Report
+### File Find
 
 ```ruby
 require 'virustotal_api'
@@ -35,7 +37,7 @@ require 'virustotal_api'
 sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
 api_key = 'MY_API_KEY'
 
-vtreport = VirustotalAPI::FileReport.find(sha256, api_key)
+vtreport = VirustotalAPI::File.find(sha256, api_key)
 
 # Does the resource have any results?
 vtreport.exists?
@@ -43,14 +45,19 @@ vtreport.exists?
 
 # URL for File Report (if it exists)
 vtreport.report_url
-# => "https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1418032127/"
+# => "https://www.virustotal.com/api/v3/files/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"
 
 # Report results (if they exist) are available via #report
-vtreport.report["scans"]["ClamAV"]
-# => {"detected"=>false, "version"=>"0.98.5.0", "result"=>nil, "update"=>"20141208"}
+vtreport.report['data']['attributes']['last_analysis_results']['ClamAV']
+# => {"category"=>"undetected", "engine_name"=>"ClamAV", "engine_update"=>"20200826",
+# "engine_version"=>"0.102.4.0", "method"=>"blacklist", "result"=>nil}
+
+# Check whether an Antivirus detected this sample or not
+vtreport.detected_by('ClamAV')
+# => false
 ```
 
-### File Scan
+### File Upload
 
 ```ruby
 require 'virustotal_api'
@@ -58,28 +65,21 @@ require 'virustotal_api'
 file    = '/path/to/file'
 api_key = 'MY_API_KEY'
 
-vtscan = VirustotalAPI::FileScan.scan(file, api_key)
+vtscan = VirustotalAPI::File.upload(file, api_key)
 
-# Scan ID of file
-vtscan.scan_id
+# Virustotal ID of file
+vtscan.id
 # => "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668"
 
 # Response results are available via #response
 vtscan.report
 # =>
-{
-  "scan_id"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668",
-  "sha1"=>"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
-  "resource"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "response_code"=>1,
-  "sha256"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "permalink"=>"https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1419454668/",
-  "md5"=>"68b329da9893e34099c7d8ad5cb9c940",
-  "verbose_msg"=>"Scan request successfully queued, come back later for the report"
-}
+{"data"=>
+  {"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
+   "type"=>"analysis"}}
 ```
 
-### File Rescan
+### File Analyse
 
 ```ruby
 require 'virustotal_api'
@@ -87,25 +87,21 @@ require 'virustotal_api'
 sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
 api_key = 'MY_API_KEY'
 
-vtrescan = VirustotalAPI::FileRescan.rescan(sha256, api_key)
+vtrescan = VirustotalAPI::File.analyse(sha256, api_key)
 
-# Rescan ID of file
-vtrescan.rescan_id
-# => "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1562684247"
+# Virustotal ID of file
+vtrescan.id
+# => "MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ=="
 
 # Response results are available via #response
 vtrescan.report
 # =>
-{
-  "permalink": "https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1562684247/",
-  "response_code": 1,
-  "sha256": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "resource": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "scan_id": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1562684247"
-}
+{"data"=>
+  {"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
+   "type"=>"analysis"}}
 ```
 
-### URL Report
+### URL find
 
 ```ruby
 require 'virustotal_api'
@@ -113,7 +109,7 @@ require 'virustotal_api'
 url     = 'http://www.google.com'
 api_key = 'MY_API_KEY'
 
-vturl_report = VirustotalAPI::URLReport.find(url, api_key)
+vturl_report = VirustotalAPI::URL.find(url, api_key)
 
 # Does the resource have any results?
 vturl_report.exists?
@@ -121,14 +117,14 @@ vturl_report.exists?
 
 # URL for Report (if it exists)
 vturl_report.report_url
-# => "https://www.virustotal.com/url/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/analysis/1419457210/"
+# => "https://www.virustotal.com/api/v3/urls/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf"
 
 # Report results (if they exist) are available via #report
-vturl_report.report["scans"]["Opera"]
-# => {"detected"=>false, "result"=>"clean site"}
+vturl_report.report['data']['attributes']['last_analysis_results']['Avira']
+# => {"category"=>"harmless", "engine_name"=>"Avira", "method"=>"blacklist", "result"=>"clean"}
 ```
 
-### URL Scan
+### URL Upload
 
 ```ruby
 require 'virustotal_api'
@@ -136,27 +132,22 @@ require 'virustotal_api'
 url     = 'http://www.google.com'
 api_key = 'MY_API_KEY'
 
-vturl_scan = VirustotalAPI::URLScan.scan(url, api_key)
+vturl_scan = VirustotalAPI::URL.upload(url, api_key)
 
-# Scan ID of file
-vturl_scan.scan_id
-# => "dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1562751553"
+# Virustotal ID of file
+vturl_scan.id
+# => "u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929"
 
 # Response results are available via #response
 vturl_scan.report
 # =>
-{
-  "permalink": "https://www.virustotal.com/url/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/analysis/1562751553/",
-  "resource": "http://www.google.com/",
-  "url": "http://www.google.com/",
-  "response_code": 1,
-  "scan_date": "2019-07-10 09:39:13",
-  "scan_id": "dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1562751553",
-  "verbose_msg": "Scan request successfully queued, come back later for the report"
-}
+{"data"=>
+  {"id"=>
+    "u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929",
+   "type"=>"analysis"}}
 ```
 
-### IP Report
+### IP Find
 
 ```ruby
 require 'virustotal_api'
@@ -164,18 +155,22 @@ require 'virustotal_api'
 ip      = '8.8.8.8'
 api_key = 'MY_API_KEY'
 
-vtip_report = VirustotalAPI::IPReport.find(ip, api_key)
+vtip_report = VirustotalAPI::IP.find(ip, api_key)
 
 # Does the resource have any results?
 vtip_report.exists?
 # => true
 
+# URL for Report (if it exists)
+vtip_report.report_url
+# => "https://www.virustotal.com/api/v3/ip_addresses/8.8.8.8"
+
 # Report results (if they exist) are available via #report
 vtip_report.report
 # => Hash of report results
 ```
 
-### Domain Report
+### Domain Find
 
 ```ruby
 require 'virustotal_api'
@@ -183,22 +178,65 @@ require 'virustotal_api'
 domain  = 'virustotal.com'
 api_key = 'MY_API_KEY'
 
-vtdomain_report = VirustotalAPI::DomainReport.find(domain, api_key)
+vtdomain_report = VirustotalAPI::Domain.find(domain, api_key)
 
 # Does the resource have any results?
 vtdomain_report.exists?
 # => true
 
+# URL for Report (if it exists)
+vtdomain_report.report_url
+# => "https://www.virustotal.com/api/v3/domains/virustotal.com"
+
 # Report results (if they exist) are available via #report
 vtdomain_report.report
 # => Hash of report results
 ```
 
+### User Find
+
+```ruby
+require 'virustotal_api'
+
+user_key  = 'user_key' # user_id or api_key
+api_key = 'MY_API_KEY'
+
+vtuser_report = VirustotalAPI::User.find(user_key, api_key)
+
+# Does the resource have any results?
+vtuser_report.exists?
+# => true
+
+# Report results (if they exist) are available via #report
+vtuser_report.report
+# => Hash of report results
+```
+
+### Group Find
+
+```ruby
+require 'virustotal_api'
+
+group_id  = 'GROUP_id'
+api_key = 'MY_API_KEY'
+
+vtgroup_report = VirustotalAPI::Group.find(group_id, api_key)
+
+# Does the resource have any results?
+vtgroup_report.exists?
+# => true
+
+# Report results (if they exist) are available via #report
+vtgroup_report.report
+# => Hash of report results
+```
+
 ## Contributors
 
 - [@postmodern](https://github.com/postmodern)
 - [@mkunkel](https://github.com/mkunkel)
 - [@jonnynux](https://github.com/jonnynux)
+- [@crondaemon](https://github.com/crondaemon/)
 
 ## Contributing
 

data/lib/virustotal_api.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
-require 'virustotal_api/domain_report'
-require 'virustotal_api/file_report'
-require 'virustotal_api/file_rescan'
-require 'virustotal_api/file_scan'
-require 'virustotal_api/ip_report'
-require 'virustotal_api/url_report'
-require 'virustotal_api/url_scan'
+require 'virustotal_api/analysis'
+require 'virustotal_api/domain'
+require 'virustotal_api/file'
+require 'virustotal_api/group'
+require 'virustotal_api/ip'
+require 'virustotal_api/url'
 require 'virustotal_api/uri'
+require 'virustotal_api/user'
 require 'virustotal_api/version'

data/lib/virustotal_api/analysis.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require_relative 'base'
+
+module VirustotalAPI
+  # A class for '/analyses' API
+  class Analysis < Base
+    # @param [String] id The Virustotal ID to get the report for.
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::IP] Report
+    def self.find(id, api_key)
+      report = perform("/analyses/#{id}", api_key)
+      new(report)
+    end
+  end
+end

data/lib/virustotal_api/base.rb

@@ -3,22 +3,50 @@
 require 'virustotal_api/exceptions'
 require 'rest-client'
 require 'json'
+require 'base64'
 
+# The base VirustotalAPI module.
 module VirustotalAPI
+  # The base class implementing the raw calls to Virustotal API V3.
   class Base
+    attr_reader :report, :report_url, :id
+
+    def initialize(report)
+      @report = report
+      @report_url = report&.dig('data', 'links', 'self')
+      @id = report&.dig('data', 'id')
+    end
+
     # @return [String] string of API URI class method
     def self.api_uri
       VirustotalAPI::URI
     end
 
-    # @param [RestClient::Response] response
-    # @return [Hash] the parsed JSON.
-    def self.parse(response)
-      if response.code == 204
-        raise(RateLimitError, 'maximum number of 4 requests per minute reached')
-      end
-
+    # The actual method performing a call to Virustotal
+    #
+    # @param [String] url The url of the API
+    # @param [String] api_key The key for virustotal
+    # @param [String] method The HTTP method to use
+    # @param [Hash] options Options to pass as payload
+    # @return [VirustotalAPI::Domain] Report Search Result
+    def self.perform(url, api_key, method = :get, options = {})
+      response = RestClient::Request.execute(
+        method: method,
+        url: api_uri + url,
+        headers: { 'x-apikey': api_key },
+        payload: options
+      )
       JSON.parse(response.body)
+    rescue RestClient::NotFound, RestClient::BadRequest
+      {}
+    rescue RestClient::Unauthorized
+      # Raise a custom exception not to expose the underlying
+      # HTTP client.
+      raise VirustotalAPI::Unauthorized
+    rescue RestClient::TooManyRequests
+      # Raise a custom exception not to expose the underlying
+      # HTTP client.
+      raise VirustotalAPI::RateLimitError
     end
 
     # @return [String] string of API URI instance method
@@ -27,11 +55,14 @@ module VirustotalAPI
     end
 
     # @return [Boolean] if report for resource exists
-    # 0 => not_present, 1 => exists, -1 => invalid_ip_address
     def exists?
-      response_code = report.fetch('response_code') { nil }
+      !report.empty?
+    end
 
-      response_code == 1
+    # Generate a URL identifier.
+    # @see https://developers.virustotal.com/v3.0/reference#url
+    def self.url_identifier(url)
+      Base64.strict_encode64(url).strip.gsub('=', '')
     end
   end
 end