virustotal_api 0.5.0 → 0.5.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 68e1f3494830e62ef04f24a74431a540d3dd6943ee329b772b8a3629798f0856
-  data.tar.gz: 58e0b36a8a6745b2db5957ab4b48da429f9ec154b1116d0110933cbc54d9f456
+  metadata.gz: 4d61c90abdeb3a513e29da52a083c10044eace4aa1f51e6b758798abfee9137a
+  data.tar.gz: eae6f4130f49c3e5b6d17553aaf4c4e6725e7e74260ae2c0c250bc0130823c55
 SHA512:
-  metadata.gz: 03cf94231610ed5e8002c60dde3cc6d3b3d4ab52682be470023911559c0df6f2cf9230532fe3f002bd2587268405b086742e73a9edba86a4de49eaca37ab1b6b
-  data.tar.gz: a831140e24d0302e971a33f3b44d7c9760aa271b27d4036bf310ada72f09aa9cd11d1c685793d2a78a0ac6814725de873f8ea6419e92461febef84bb909f2065
+  metadata.gz: ef0c2142c1e1ad07be96a88a035f7c906c22c67bb183e7c5906256a1ba83a03378eb985eb02fae68362bb9d9e1439fffef7c82eccfd9a3004144ac6640dd14f3
+  data.tar.gz: 2016ad82dadcc09fd03e3ca89cc324bcf7670a3a762a0ea1464569171e589e9d83052f7f95210406747f3d7b3b0ff93e8f67801a35c8d1d42bb482270b036717

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

data/.github/pull_request_template.md

@@ -0,0 +1,11 @@
+CHANGELOG: no-impact/Added/Changed/Deprecated/Removed/Fixed/Security
+
+## Summary
+
+## Testing
+
+1. _Describe how to test this change_
+
+## Other Information
+
+_Include screenshots, GIFs, and/or API responses as appropriate._

data/.github/workflows/ruby.yml

@@ -7,17 +7,56 @@ on:
     branches: [ master ]
 
 jobs:
-  Test:
+  Test-Ruby-2-5:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1.70.1
+      with:
+        ruby-version: 2.5
+    - name: Show Ruby Version
+      run: ruby --version
+    - name: Install dependencies
+      run: bundle install
+    - name: Lint
+      run: bundle exec rake rubocop
+    - name: Run tests
+      run: bundle exec rake
+      
+  Test-Ruby-2-7:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1.70.1
+      with:
+        ruby-version: 2.7
+    - name: Show Ruby Version
+      run: ruby --version
+    - name: Install dependencies
+      run: bundle install
+    - name: Lint
+      run: bundle exec rake rubocop
+    - name: Run tests
+      run: bundle exec rake
+      
+  Test-Ruby-3-0:
     runs-on: ubuntu-latest
-
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby
     # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
     # change this to (see https://github.com/ruby/setup-ruby#versioning):
-      uses: ruby/setup-ruby@v1.46.0
+      uses: ruby/setup-ruby@v1.70.1
       with:
-        ruby-version: 2.6
+        ruby-version: 3.0
+    - name: Show Ruby Version
+      run: ruby --version
     - name: Install dependencies
       run: bundle install
     - name: Lint

data/CHANGELOG.md

@@ -1,8 +1,32 @@
 # VirusTotal API Changelog
 
+## [0.5.5] - 2021-05-10
+* Add support for larger files
+  * [@Grandman](https://github.com/Grandman)
+
+## [0.5.4] - 2020-12-10
+* Manage bad requests like not found
+* Use strict base64 encoding
+  * [@crondaemon](https://github.com/crondaemon)
+
+## [0.5.3] = 2020-10-12
+
+## [0.5.2] - 2020-10-06
+
+* Fix Fix exists? check
+* Fix detected_by for File
+* Fix RateLimitError
+* Added User and Group API
+  * [@jonnynux](https://github.com/jonnynux)
+
+## [0.5.1] - 2020-10-06
+
+* Downgrade ruby requirement to 2.5.
+  * [@crondaemon](https://github.com/crondaemon)
+
 ## [0.5.0] - 2020-09-02
 
-* Full rework to support API V3.
+* Full rework to support API V3 [#30](https://github.com/pwelch/virustotal_api/pull/30)
   * [@crondaemon](https://github.com/crondaemon) & [@jonnynux](https://github.com/jonnynux)
 * Move to Ruby 2.6 for minimum Ruby version
 

data/README.md

@@ -65,7 +65,10 @@ require 'virustotal_api'
 file    = '/path/to/file'
 api_key = 'MY_API_KEY'
 
+# for upload file
 vtscan = VirustotalAPI::File.upload(file, api_key)
+# or large file (more than 32MB)
+vtscan = VirustotalAPI::File.upload_large(file, api_key)
 
 # Virustotal ID of file
 vtscan.id
@@ -117,7 +120,7 @@ vturl_report.exists?
 
 # URL for Report (if it exists)
 vturl_report.report_url
-# => "https://www.virustotal.com/api/v3/urls/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/"
+# => "https://www.virustotal.com/api/v3/urls/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf"
 
 # Report results (if they exist) are available via #report
 vturl_report.report['data']['attributes']['last_analysis_results']['Avira']
@@ -161,6 +164,10 @@ vtip_report = VirustotalAPI::IP.find(ip, api_key)
 vtip_report.exists?
 # => true
 
+# URL for Report (if it exists)
+vtip_report.report_url
+# => "https://www.virustotal.com/api/v3/ip_addresses/8.8.8.8"
+
 # Report results (if they exist) are available via #report
 vtip_report.report
 # => Hash of report results
@@ -180,17 +187,60 @@ vtdomain_report = VirustotalAPI::Domain.find(domain, api_key)
 vtdomain_report.exists?
 # => true
 
+# URL for Report (if it exists)
+vtdomain_report.report_url
+# => "https://www.virustotal.com/api/v3/domains/virustotal.com"
+
 # Report results (if they exist) are available via #report
 vtdomain_report.report
 # => Hash of report results
 ```
 
+### User Find
+
+```ruby
+require 'virustotal_api'
+
+user_key  = 'user_key' # user_id or api_key
+api_key = 'MY_API_KEY'
+
+vtuser_report = VirustotalAPI::User.find(user_key, api_key)
+
+# Does the resource have any results?
+vtuser_report.exists?
+# => true
+
+# Report results (if they exist) are available via #report
+vtuser_report.report
+# => Hash of report results
+```
+
+### Group Find
+
+```ruby
+require 'virustotal_api'
+
+group_id  = 'GROUP_id'
+api_key = 'MY_API_KEY'
+
+vtgroup_report = VirustotalAPI::Group.find(group_id, api_key)
+
+# Does the resource have any results?
+vtgroup_report.exists?
+# => true
+
+# Report results (if they exist) are available via #report
+vtgroup_report.report
+# => Hash of report results
+```
+
 ## Contributors
 
-- [@postmodern](https://github.com/postmodern)
-- [@mkunkel](https://github.com/mkunkel)
 - [@jonnynux](https://github.com/jonnynux)
 - [@crondaemon](https://github.com/crondaemon/)
+- [@postmodern](https://github.com/postmodern)
+- [@mkunkel](https://github.com/mkunkel)
+- [@Grandman](https://github.com/Grandman)
 
 ## Contributing
 

data/lib/virustotal_api.rb

@@ -3,7 +3,9 @@
 require 'virustotal_api/analysis'
 require 'virustotal_api/domain'
 require 'virustotal_api/file'
+require 'virustotal_api/group'
 require 'virustotal_api/ip'
 require 'virustotal_api/url'
 require 'virustotal_api/uri'
+require 'virustotal_api/user'
 require 'virustotal_api/version'

data/lib/virustotal_api/analysis.rb

@@ -5,13 +5,6 @@ require_relative 'base'
 module VirustotalAPI
   # A class for '/analyses' API
   class Analysis < Base
-    attr_reader :report
-
-    # rubocop:disable Lint/MissingSuper
-    def initialize(report)
-      @report = report
-    end
-
     # @param [String] id The Virustotal ID to get the report for.
     # @param [String] api_key The key for virustotal
     # @return [VirustotalAPI::IP] Report
@@ -21,4 +14,3 @@ module VirustotalAPI
     end
   end
 end
-# rubocop:enable Lint/MissingSuper

data/lib/virustotal_api/base.rb

@@ -9,10 +9,12 @@ require 'base64'
 module VirustotalAPI
   # The base class implementing the raw calls to Virustotal API V3.
   class Base
-    attr_reader :report
+    attr_reader :report, :report_url, :id
 
     def initialize(report)
-      @report = report
+      @report     = report
+      @report_url = report&.dig('data', 'links', 'self')
+      @id         = report&.dig('data', 'id')
     end
 
     # @return [String] string of API URI class method
@@ -20,6 +22,14 @@ module VirustotalAPI
       VirustotalAPI::URI
     end
 
+    def self.perform(path, api_key, method = :get, options = {})
+      base_perform(api_uri + path, api_key, method, options)
+    end
+
+    def self.perform_absolute(url, api_key, method = :get, options = {})
+      base_perform(url, api_key, method, options)
+    end
+
     # The actual method performing a call to Virustotal
     #
     # @param [String] url The url of the API
@@ -27,22 +37,28 @@ module VirustotalAPI
     # @param [String] method The HTTP method to use
     # @param [Hash] options Options to pass as payload
     # @return [VirustotalAPI::Domain] Report Search Result
-    def self.perform(url, api_key, method = :get, options = {})
+    def self.base_perform(url, api_key, method = :get, options = {})
       response = RestClient::Request.execute(
         method: method,
-        url: api_uri + url,
+        url: url,
         headers: { 'x-apikey': api_key },
         payload: options
       )
       JSON.parse(response.body)
-    rescue RestClient::NotFound
-      nil
+    rescue RestClient::NotFound, RestClient::BadRequest
+      {}
     rescue RestClient::Unauthorized
       # Raise a custom exception not to expose the underlying
       # HTTP client.
       raise VirustotalAPI::Unauthorized
+    rescue RestClient::TooManyRequests
+      # Raise a custom exception not to expose the underlying
+      # HTTP client.
+      raise VirustotalAPI::RateLimitError
     end
 
+    private_class_method :base_perform
+
     # @return [String] string of API URI instance method
     def api_uri
       self.class.api_uri
@@ -56,7 +72,7 @@ module VirustotalAPI
     # Generate a URL identifier.
     # @see https://developers.virustotal.com/v3.0/reference#url
     def self.url_identifier(url)
-      Base64.encode64(url).strip.gsub('=', '')
+      Base64.strict_encode64(url).strip.gsub('=', '')
     end
   end
 end

data/lib/virustotal_api/domain.rb

@@ -5,11 +5,6 @@ require_relative 'base'
 module VirustotalAPI
   # A class for '/domains' API
   class Domain < Base
-    # rubocop:disable Lint/UselessMethodDefinition
-    def initialize(report)
-      super(report)
-    end
-
     # Find a domain.
     #
     # @param [String] domain The domain to search
@@ -21,4 +16,3 @@ module VirustotalAPI
     end
   end
 end
-# rubocop:enable Lint/UselessMethodDefinition

data/lib/virustotal_api/file.rb

@@ -5,14 +5,6 @@ require_relative 'base'
 module VirustotalAPI
   # A class for '/files' API
   class File < Base
-    attr_reader :id, :report_url
-
-    def initialize(report)
-      super(report)
-      @id = report&.dig('data', 'id')
-      @report_url = report&.dig('data', 'links', 'self')
-    end
-
     # Find a hash.
     #
     # @param [String] resource file as a md5/sha1/sha256 hash
@@ -31,7 +23,20 @@ module VirustotalAPI
     # @return [VirusotalAPI::File] Report
     def self.upload(file_path, api_key, opts = {})
       filename = opts.fetch('filename') { ::File.basename(file_path) }
-      report = perform('/files', api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
+      report   = perform('/files', api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
+      new(report)
+    end
+
+    # Upload a new file with size more than 32MB.
+    #
+    # @param [String] file_path for file to be sent for scan
+    # @param [String] api_key The key for virustotal
+    # @param [Hash] opts hash for additional options
+    # @return [VirusotalAPI::File] Report
+    def self.upload_large(file_path, api_key, opts = {})
+      filename = opts.fetch('filename') { ::File.basename(file_path) }
+      url      = upload_url(api_key)
+      report   = perform_absolute(url, api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
       new(report)
     end
 
@@ -45,12 +50,18 @@ module VirustotalAPI
       new(report)
     end
 
+    # @return [String] url for upload file
+    def self.upload_url(api_key)
+      data = perform('/files/upload_url', api_key)
+      data&.dig('data')
+    end
+
     # Check if the submitted hash is detected by an AV engine.
     #
     # @param [String] engine The engine to check.
     # @return [Boolean] true if detected
     def detected_by(engine)
-      report['data']['attributes']['last_analysis_results'][engine]['category'] == 'harmless'
+      report&.dig('data', 'attributes', 'last_analysis_results', engine, 'category') == 'malicious'
     end
   end
 end