virustotal_api 0.5.2 → 0.5.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1bed8beb641ac85649be4628d37065079d3f2c881499a67065200eeba57f2176
-  data.tar.gz: a55ce4ed4bdc573607389e20578efd53f10d7ab1597b3deb05644571dac752c6
+  metadata.gz: bee3cd27ce8111b538905c1946c0ce5937c64852d8b7c2220727dd3d8720e3b3
+  data.tar.gz: be167894fbbe3a4ca1c6915aaab6796c350ef0115b6a7b1a9c13dbbf8ba1d068
 SHA512:
-  metadata.gz: 13c8674a48591fd1c063a4d76040555aeace01a19981feb558241ff1843984f2e8052c6169bec8a1ec4f63519e14bf9b3a109fcf7f8fc667d8a1e0cbfe7f99aa
-  data.tar.gz: b64cfe0bfa5fa79927d22d591534f2b7db2b3ca7f572e8360b0423c3de5def7948f3264381e001596c095c66ec04187fe5fddf1d4148ad21bcf66a08eaf981ac
+  metadata.gz: f43f121b8b44967792d9ebaa7e047658b5f16b355cc9c74eb6474b061b43717a5675768a99ae8bcd6bbeb6e645b924fa09f647145dcd43275acf69685cdb86dc
+  data.tar.gz: efcd01e2d34e0ca29c7bfe2aeac95af54d9e97d0e2fc55611c84059379df95322fb82fd4e7b8e834bd196aa09b2c24b9b3bff2272b7f81e1ac615ab904dc82c8

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

data/.github/pull_request_template.md

@@ -0,0 +1,11 @@
+CHANGELOG: no-impact/Added/Changed/Deprecated/Removed/Fixed/Security
+
+## Summary
+
+## Testing
+
+1. _Describe how to test this change_
+
+## Other Information
+
+_Include screenshots, GIFs, and/or API responses as appropriate._

data/.github/workflows/ruby.yml

@@ -7,17 +7,56 @@ on:
     branches: [ master ]
 
 jobs:
-  Test:
+  Test-Ruby-2-5:
     runs-on: ubuntu-latest
-
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby
     # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
     # change this to (see https://github.com/ruby/setup-ruby#versioning):
-      uses: ruby/setup-ruby@v1.46.0
+      uses: ruby/setup-ruby@v1.70.1
       with:
         ruby-version: 2.5
+    - name: Show Ruby Version
+      run: ruby --version
+    - name: Install dependencies
+      run: bundle install
+    - name: Lint
+      run: bundle exec rake rubocop
+    - name: Run tests
+      run: bundle exec rake
+      
+  Test-Ruby-2-7:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1.70.1
+      with:
+        ruby-version: 2.7
+    - name: Show Ruby Version
+      run: ruby --version
+    - name: Install dependencies
+      run: bundle install
+    - name: Lint
+      run: bundle exec rake rubocop
+    - name: Run tests
+      run: bundle exec rake
+      
+  Test-Ruby-3-0:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1.70.1
+      with:
+        ruby-version: 3.0
+    - name: Show Ruby Version
+      run: ruby --version
     - name: Install dependencies
       run: bundle install
     - name: Lint

data/CHANGELOG.md

@@ -1,5 +1,24 @@
 # VirusTotal API Changelog
 
+## [0.5.6] - 2021-09-20
+
+* Use urlsafe base64 encoding
+* Fix changelog
+  * [@jonnynux](https://github.com/jonnynux)
+
+## [0.5.5] - 2021-05-10
+
+* Add support for larger files
+  * [@Grandman](https://github.com/Grandman)
+
+## [0.5.4] - 2020-12-10
+
+* Manage bad requests like not found
+* Use strict base64 encoding
+  * [@crondaemon](https://github.com/crondaemon)
+
+## [0.5.3] = 2020-10-12
+
 ## [0.5.2] - 2020-10-06
 
 * Fix Fix exists? check

data/README.md

@@ -65,7 +65,10 @@ require 'virustotal_api'
 file    = '/path/to/file'
 api_key = 'MY_API_KEY'
 
+# for upload file
 vtscan = VirustotalAPI::File.upload(file, api_key)
+# or large file (more than 32MB)
+vtscan = VirustotalAPI::File.upload_large(file, api_key)
 
 # Virustotal ID of file
 vtscan.id
@@ -117,7 +120,7 @@ vturl_report.exists?
 
 # URL for Report (if it exists)
 vturl_report.report_url
-# => "https://www.virustotal.com/api/v3/urls/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/"
+# => "https://www.virustotal.com/api/v3/urls/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf"
 
 # Report results (if they exist) are available via #report
 vturl_report.report['data']['attributes']['last_analysis_results']['Avira']
@@ -161,6 +164,10 @@ vtip_report = VirustotalAPI::IP.find(ip, api_key)
 vtip_report.exists?
 # => true
 
+# URL for Report (if it exists)
+vtip_report.report_url
+# => "https://www.virustotal.com/api/v3/ip_addresses/8.8.8.8"
+
 # Report results (if they exist) are available via #report
 vtip_report.report
 # => Hash of report results
@@ -180,6 +187,10 @@ vtdomain_report = VirustotalAPI::Domain.find(domain, api_key)
 vtdomain_report.exists?
 # => true
 
+# URL for Report (if it exists)
+vtdomain_report.report_url
+# => "https://www.virustotal.com/api/v3/domains/virustotal.com"
+
 # Report results (if they exist) are available via #report
 vtdomain_report.report
 # => Hash of report results
@@ -225,10 +236,11 @@ vtgroup_report.report
 
 ## Contributors
 
-- [@postmodern](https://github.com/postmodern)
-- [@mkunkel](https://github.com/mkunkel)
 - [@jonnynux](https://github.com/jonnynux)
 - [@crondaemon](https://github.com/crondaemon/)
+- [@postmodern](https://github.com/postmodern)
+- [@mkunkel](https://github.com/mkunkel)
+- [@Grandman](https://github.com/Grandman)
 
 ## Contributing
 

data/lib/virustotal_api/analysis.rb

@@ -5,13 +5,6 @@ require_relative 'base'
 module VirustotalAPI
   # A class for '/analyses' API
   class Analysis < Base
-    attr_reader :report
-
-    # rubocop:disable Lint/MissingSuper
-    def initialize(report)
-      @report = report
-    end
-
     # @param [String] id The Virustotal ID to get the report for.
     # @param [String] api_key The key for virustotal
     # @return [VirustotalAPI::IP] Report
@@ -21,4 +14,3 @@ module VirustotalAPI
     end
   end
 end
-# rubocop:enable Lint/MissingSuper

data/lib/virustotal_api/base.rb

@@ -9,10 +9,12 @@ require 'base64'
 module VirustotalAPI
   # The base class implementing the raw calls to Virustotal API V3.
   class Base
-    attr_reader :report
+    attr_reader :report, :report_url, :id
 
     def initialize(report)
-      @report = report
+      @report     = report
+      @report_url = report&.dig('data', 'links', 'self')
+      @id         = report&.dig('data', 'id')
     end
 
     # @return [String] string of API URI class method
@@ -20,6 +22,14 @@ module VirustotalAPI
       VirustotalAPI::URI
     end
 
+    def self.perform(path, api_key, method = :get, options = {})
+      base_perform(api_uri + path, api_key, method, options)
+    end
+
+    def self.perform_absolute(url, api_key, method = :get, options = {})
+      base_perform(url, api_key, method, options)
+    end
+
     # The actual method performing a call to Virustotal
     #
     # @param [String] url The url of the API
@@ -27,15 +37,15 @@ module VirustotalAPI
     # @param [String] method The HTTP method to use
     # @param [Hash] options Options to pass as payload
     # @return [VirustotalAPI::Domain] Report Search Result
-    def self.perform(url, api_key, method = :get, options = {})
+    def self.base_perform(url, api_key, method = :get, options = {})
       response = RestClient::Request.execute(
         method: method,
-        url: api_uri + url,
+        url: url,
         headers: { 'x-apikey': api_key },
         payload: options
       )
       JSON.parse(response.body)
-    rescue RestClient::NotFound
+    rescue RestClient::NotFound, RestClient::BadRequest
       {}
     rescue RestClient::Unauthorized
       # Raise a custom exception not to expose the underlying
@@ -47,6 +57,8 @@ module VirustotalAPI
       raise VirustotalAPI::RateLimitError
     end
 
+    private_class_method :base_perform
+
     # @return [String] string of API URI instance method
     def api_uri
       self.class.api_uri
@@ -60,7 +72,7 @@ module VirustotalAPI
     # Generate a URL identifier.
     # @see https://developers.virustotal.com/v3.0/reference#url
     def self.url_identifier(url)
-      Base64.encode64(url).strip.gsub('=', '')
+      Base64.urlsafe_encode64(url).strip.gsub('=', '')
     end
   end
 end

data/lib/virustotal_api/domain.rb

@@ -5,11 +5,6 @@ require_relative 'base'
 module VirustotalAPI
   # A class for '/domains' API
   class Domain < Base
-    # rubocop:disable Lint/UselessMethodDefinition
-    def initialize(report)
-      super(report)
-    end
-
     # Find a domain.
     #
     # @param [String] domain The domain to search
@@ -21,4 +16,3 @@ module VirustotalAPI
     end
   end
 end
-# rubocop:enable Lint/UselessMethodDefinition

data/lib/virustotal_api/file.rb

@@ -5,14 +5,6 @@ require_relative 'base'
 module VirustotalAPI
   # A class for '/files' API
   class File < Base
-    attr_reader :id, :report_url
-
-    def initialize(report)
-      super(report)
-      @id = report&.dig('data', 'id')
-      @report_url = report&.dig('data', 'links', 'self')
-    end
-
     # Find a hash.
     #
     # @param [String] resource file as a md5/sha1/sha256 hash
@@ -31,7 +23,20 @@ module VirustotalAPI
     # @return [VirusotalAPI::File] Report
     def self.upload(file_path, api_key, opts = {})
       filename = opts.fetch('filename') { ::File.basename(file_path) }
-      report = perform('/files', api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
+      report   = perform('/files', api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
+      new(report)
+    end
+
+    # Upload a new file with size more than 32MB.
+    #
+    # @param [String] file_path for file to be sent for scan
+    # @param [String] api_key The key for virustotal
+    # @param [Hash] opts hash for additional options
+    # @return [VirusotalAPI::File] Report
+    def self.upload_large(file_path, api_key, opts = {})
+      filename = opts.fetch('filename') { ::File.basename(file_path) }
+      url      = upload_url(api_key)
+      report   = perform_absolute(url, api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
       new(report)
     end
 
@@ -45,6 +50,12 @@ module VirustotalAPI
       new(report)
     end
 
+    # @return [String] url for upload file
+    def self.upload_url(api_key)
+      data = perform('/files/upload_url', api_key)
+      data&.dig('data')
+    end
+
     # Check if the submitted hash is detected by an AV engine.
     #
     # @param [String] engine The engine to check.

data/lib/virustotal_api/group.rb

@@ -5,14 +5,6 @@ require_relative 'base'
 module VirustotalAPI
   # A class for '/groups' API
   class Group < Base
-    attr_reader :report_url, :id
-
-    def initialize(report)
-      super(report)
-      @report_url = report&.dig('data', 'links', 'self')
-      @id = report&.dig('data', 'id')
-    end
-
     # Find a Group.
     #
     # @param [String] group_id to find

data/lib/virustotal_api/ip.rb

@@ -5,11 +5,6 @@ require_relative 'base'
 module VirustotalAPI
   # A class for '/ip_addresses' API
   class IP < Base
-    # rubocop:disable Lint/UselessMethodDefinition
-    def initialize(report)
-      super(report)
-    end
-
     # Find an IP.
     #
     # @param [String] ip address The IP to find.
@@ -21,4 +16,3 @@ module VirustotalAPI
     end
   end
 end
-# rubocop:enable Lint/UselessMethodDefinition

data/lib/virustotal_api/url.rb

@@ -5,14 +5,6 @@ require_relative 'base'
 module VirustotalAPI
   # A class for '/urls' API
   class URL < Base
-    attr_reader :report_url, :id
-
-    def initialize(report)
-      super(report)
-      @report_url = report&.dig('data', 'links', 'self')
-      @id = report&.dig('data', 'id')
-    end
-
     # Find a URL.
     #
     # @param [String] resource as an ip/domain/url

data/lib/virustotal_api/user.rb

@@ -5,14 +5,6 @@ require_relative 'base'
 module VirustotalAPI
   # A class for '/users' API
   class User < Base
-    attr_reader :report_url, :id
-
-    def initialize(report)
-      super(report)
-      @report_url = report&.dig('data', 'links', 'self')
-      @id = report&.dig('data', 'id')
-    end
-
     # Find a User.
     #
     # @param [String] user_key with id or api_key

data/lib/virustotal_api/version.rb

@@ -2,5 +2,5 @@
 
 module VirustotalAPI
   # The GEM version
-  VERSION = '0.5.2'
+  VERSION = '0.5.6'
 end

data/test/analysis_test.rb

@@ -11,13 +11,16 @@ class VirustotalAPIAnalysisTest < Minitest::Test
   def test_todo
     VCR.use_cassette('url_find') do
       vtreport = VirustotalAPI::URL.find(@url, @api_key)
+
       @id = vtreport.id
-      assert @id
+      assert @id.is_a?(String)
     end
 
     VCR.use_cassette('analysis') do
       analysis = VirustotalAPI::Analysis.find(@id, @api_key)
+
       assert analysis.exists?
+      assert analysis.id.is_a?(String)
     end
   end
 end

data/test/base_test.rb

@@ -4,7 +4,9 @@ require './test/test_helper'
 
 class VirustotalAPIBaseTest < Minitest::Test
   def setup
+    @domain  = 'xpressco.za'
     @sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
+    @url     = 'https://www.dropbox.com/s/qmi112rc4ns75eb/Confidential_123.xls?dl=1'
     @api_key = 'testapikey'
   end
 
@@ -43,5 +45,19 @@ class VirustotalAPIBaseTest < Minitest::Test
 
       assert !virustotal_report.exists?
     end
+
+    VCR.use_cassette('domain_bad_request') do
+      virustotal_report = VirustotalAPI::Domain.find(@domain, @api_key)
+
+      assert !virustotal_report.exists?
+    end
+  end
+
+  def test_url_encoding
+    VCR.use_cassette('url_encoding_find') do
+      virustotal_report = VirustotalAPI::URL.find(@url, @api_key)
+
+      assert virustotal_report.exists?
+    end
   end
 end

data/test/domain_test.rb

@@ -17,16 +17,11 @@ class VirustotalAPIDomainTest < Minitest::Test
       vtdomain_report = VirustotalAPI::Domain.find(@domain, @api_key)
 
       # Make sure that the JSON was parsed
+      assert vtdomain_report.exists?
       assert vtdomain_report.is_a?(VirustotalAPI::Domain)
       assert vtdomain_report.report.is_a?(Hash)
-    end
-  end
-
-  def test_exists?
-    VCR.use_cassette('domain') do
-      vtdomain_report = VirustotalAPI::Domain.find(@domain, @api_key)
-
-      assert vtdomain_report.exists?
+      assert vtdomain_report.id.is_a?(String)
+      assert vtdomain_report.report_url.is_a?(String)
     end
   end
 end

data/test/file_test.rb

@@ -4,9 +4,9 @@ require './test/test_helper'
 
 class VirustotalAPIFileTest < Minitest::Test
   def setup
-    @sha256 = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
+    @sha256    = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
     @file_path = File.expand_path('test/fixtures/null_file')
-    @api_key = 'testapikey'
+    @api_key   = 'testapikey'
   end
 
   def test_class_exists
@@ -15,57 +15,59 @@ class VirustotalAPIFileTest < Minitest::Test
 
   def test_report_response
     VCR.use_cassette('file_find') do
-      virustotal_report = VirustotalAPI::File.find(@sha256, @api_key)
+      vt_file_report = VirustotalAPI::File.find(@sha256, @api_key)
 
       # Make sure that the JSON was parsed
-      assert virustotal_report.is_a?(VirustotalAPI::File)
-      assert virustotal_report.report.is_a?(Hash)
+      assert vt_file_report.exists?
+      assert vt_file_report.is_a?(VirustotalAPI::File)
+      assert vt_file_report.report.is_a?(Hash)
+      assert vt_file_report.id.is_a?(String)
+      assert vt_file_report.report_url.is_a?(String)
     end
   end
 
   def test_find
-    permalink = 'https://www.virustotal.com/api/v3/files/' \
-                '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
+    id        = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
+    permalink = "https://www.virustotal.com/api/v3/files/#{id}"
+
     VCR.use_cassette('file_find') do
-      virustotal_report = VirustotalAPI::File.find(@sha256, @api_key)
+      vt_file_report = VirustotalAPI::File.find(@sha256, @api_key)
 
-      assert virustotal_report.report_url.is_a?(String)
-      assert_equal permalink, virustotal_report.report_url
-      assert virustotal_report.detected_by('Avira')
-      assert !virustotal_report.detected_by('Acronis')
-      assert !virustotal_report.detected_by('Yeyeyeye') # not present in file
+      assert_equal permalink, vt_file_report.report_url
+      assert_equal id, vt_file_report.id
+      assert vt_file_report.detected_by('Avira')
+      assert !vt_file_report.detected_by('Acronis')
+      assert !vt_file_report.detected_by('Yeyeyeye') # not present in file
     end
   end
 
   def test_upload
     VCR.use_cassette('file_upload') do
-      virustotal_upload = VirustotalAPI::File.upload(@file_path, @api_key)
+      vt_file_upload = VirustotalAPI::File.upload(@file_path, @api_key)
 
-      assert virustotal_upload.report.is_a?(Hash)
+      assert vt_file_upload.exists?
+      assert vt_file_upload.report.is_a?(Hash)
+      assert vt_file_upload.id.is_a?(String)
     end
   end
 
-  def test_upload_id
-    VCR.use_cassette('file_upload') do
-      virustotal_upload = VirustotalAPI::File.upload(@file_path, @api_key)
+  def test_upload_large
+    VCR.use_cassette('large_file_upload') do
+      vt_file_upload = VirustotalAPI::File.upload_large(@file_path, @api_key)
 
-      assert virustotal_upload.id.is_a?(String)
+      assert vt_file_upload.exists?
+      assert vt_file_upload.report.is_a?(Hash)
+      assert vt_file_upload.id.is_a?(String)
     end
   end
 
   def test_analyse
     VCR.use_cassette('file_analyse') do
-      virustotal_analyse = VirustotalAPI::File.analyse(@sha256, @api_key)
-
-      assert virustotal_analyse.report.is_a?(Hash)
-    end
-  end
-
-  def test_analyse_id
-    VCR.use_cassette('file_analyse') do
-      virustotal_analyse = VirustotalAPI::File.analyse(@sha256, @api_key)
+      vt_file_analyse = VirustotalAPI::File.analyse(@sha256, @api_key)
 
-      assert virustotal_analyse.id.is_a?(String)
+      assert vt_file_analyse.exists?
+      assert vt_file_analyse.report.is_a?(Hash)
+      assert vt_file_analyse.id.is_a?(String)
     end
   end
 end

data/test/fixtures/domain_bad_request.yml

@@ -0,0 +1,52 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://www.virustotal.com/api/v3/domains/xpressco.za
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      Accept:
+      - "*/*"
+      User-Agent:
+      - rest-client/2.1.0 (linux-gnu x86_64) ruby/2.5.1p57
+      X-Apikey:
+      - testapikey
+      Content-Length:
+      - '0'
+      Content-Type:
+      - application/x-www-form-urlencoded
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Host:
+      - www.virustotal.com
+  response:
+    status:
+      code: 400
+      message: Bad Request
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Type:
+      - application/json; charset=utf-8
+      X-Cloud-Trace-Context:
+      - f9f5f005efc95b0390a91fb6306201d6
+      Date:
+      - Mon, 28 Dec 2020 13:56:50 GMT
+      Server:
+      - Google Frontend
+      Content-Length:
+      - '138'
+    body:
+      encoding: UTF-8
+      string: |-
+        {
+            "error": {
+                "code": "InvalidArgumentError",
+                "message": "Domain \"xpressco.za\" is not a valid domain pattern"
+            }
+        }
+    http_version: 
+  recorded_at: Mon, 28 Dec 2020 13:56:50 GMT
+recorded_with: VCR 5.0.0