virustotal_api 0.5.3 → 0.5.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 549e10acf953216ded9295c21129e76fc737bd63f29703af799499c6feed2c6e
-  data.tar.gz: d20c12d67d748d329e3b0e340a4857115d516d942af5e3a282bb72e80a90e373
+  metadata.gz: 6cc7f702a37c929aa442614681a5b34d12d11d5f1e1e04c8190c89184edb588f
+  data.tar.gz: 98e21db2c21a632610e0d9961ff7884bbae0df2072e9647d17c608c06881b0c7
 SHA512:
-  metadata.gz: 394ad7a9dbf0f4c59d7e286acd57974e042427f0f4c82d1c652195b0dca4d17a0eeed28cd82946da2a072679a824060bacf184c741ecd0578e383386295c328d
-  data.tar.gz: 0f9b0e2bc76a11d1b496ac1b0fb266875ed36cbfb51b27396396b555c3e47d5e411073e8bef956e1e44d08ec395e1165a45df8e525b24af6a0ae915d2c9c1b79
+  metadata.gz: 278d6a9c1ff7aa68b05f131afcca21935720fc7c5db760a09f6db6d6cd693e7fa48ad2e5397b953ebb24da00d25cebf105ba52575c9e96ea79e2b20a3c21eda0
+  data.tar.gz: 965e4304dfa6e52287d05c3ebba817fbb0e3801f7fb353f8253fea98d7a1b118a2f0d14486883b94f2ce465cf807b151a9b69e5da75c18d9f4f075d066748af8

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

data/.github/pull_request_template.md

@@ -0,0 +1,11 @@
+CHANGELOG: no-impact/Added/Changed/Deprecated/Removed/Fixed/Security
+
+## Summary
+
+## Testing
+
+1. _Describe how to test this change_
+
+## Other Information
+
+_Include screenshots, GIFs, and/or API responses as appropriate._

data/.github/workflows/ruby.yml

@@ -7,17 +7,37 @@ on:
     branches: [ master ]
 
 jobs:
-  Test:
+  Test-Ruby-2-7:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1.70.1
+      with:
+        ruby-version: 2.7
+    - name: Show Ruby Version
+      run: ruby --version
+    - name: Install dependencies
+      run: bundle install
+    - name: Lint
+      run: bundle exec rake rubocop
+    - name: Run tests
+      run: bundle exec rake
+      
+  Test-Ruby-3-0:
     runs-on: ubuntu-latest
-
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby
     # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
     # change this to (see https://github.com/ruby/setup-ruby#versioning):
-      uses: ruby/setup-ruby@v1.46.0
+      uses: ruby/setup-ruby@v1.70.1
       with:
-        ruby-version: 2.5
+        ruby-version: 3.0
+    - name: Show Ruby Version
+      run: ruby --version
     - name: Install dependencies
       run: bundle install
     - name: Lint

data/.gitignore

@@ -13,3 +13,4 @@
 *.a
 mkmf.log
 .rake_tasks~
+.tool-versions

data/CHANGELOG.md

@@ -1,5 +1,28 @@
 # VirusTotal API Changelog
 
+## [0.5.7] - 2021-09-20
+
+* Remove EOL Ruby 2.5
+
+## [0.5.6] - 2021-09-20
+
+* Use urlsafe base64 encoding
+* Fix changelog
+  * [@jonnynux](https://github.com/jonnynux)
+
+## [0.5.5] - 2021-05-10
+
+* Add support for larger files
+  * [@Grandman](https://github.com/Grandman)
+
+## [0.5.4] - 2020-12-10
+
+* Manage bad requests like not found
+* Use strict base64 encoding
+  * [@crondaemon](https://github.com/crondaemon)
+
+## [0.5.3] = 2020-10-12
+
 ## [0.5.2] - 2020-10-06
 
 * Fix Fix exists? check

data/README.md

@@ -65,7 +65,10 @@ require 'virustotal_api'
 file    = '/path/to/file'
 api_key = 'MY_API_KEY'
 
+# for upload file
 vtscan = VirustotalAPI::File.upload(file, api_key)
+# or large file (more than 32MB)
+vtscan = VirustotalAPI::File.upload_large(file, api_key)
 
 # Virustotal ID of file
 vtscan.id
@@ -233,10 +236,11 @@ vtgroup_report.report
 
 ## Contributors
 
-- [@postmodern](https://github.com/postmodern)
-- [@mkunkel](https://github.com/mkunkel)
 - [@jonnynux](https://github.com/jonnynux)
 - [@crondaemon](https://github.com/crondaemon/)
+- [@postmodern](https://github.com/postmodern)
+- [@mkunkel](https://github.com/mkunkel)
+- [@Grandman](https://github.com/Grandman)
 
 ## Contributing
 

data/lib/virustotal_api/base.rb

@@ -12,9 +12,9 @@ module VirustotalAPI
     attr_reader :report, :report_url, :id
 
     def initialize(report)
-      @report = report
+      @report     = report
       @report_url = report&.dig('data', 'links', 'self')
-      @id = report&.dig('data', 'id')
+      @id         = report&.dig('data', 'id')
     end
 
     # @return [String] string of API URI class method
@@ -22,6 +22,14 @@ module VirustotalAPI
       VirustotalAPI::URI
     end
 
+    def self.perform(path, api_key, method = :get, options = {})
+      base_perform(api_uri + path, api_key, method, options)
+    end
+
+    def self.perform_absolute(url, api_key, method = :get, options = {})
+      base_perform(url, api_key, method, options)
+    end
+
     # The actual method performing a call to Virustotal
     #
     # @param [String] url The url of the API
@@ -29,15 +37,15 @@ module VirustotalAPI
     # @param [String] method The HTTP method to use
     # @param [Hash] options Options to pass as payload
     # @return [VirustotalAPI::Domain] Report Search Result
-    def self.perform(url, api_key, method = :get, options = {})
+    def self.base_perform(url, api_key, method = :get, options = {})
       response = RestClient::Request.execute(
         method: method,
-        url: api_uri + url,
+        url: url,
         headers: { 'x-apikey': api_key },
         payload: options
       )
       JSON.parse(response.body)
-    rescue RestClient::NotFound
+    rescue RestClient::NotFound, RestClient::BadRequest
       {}
     rescue RestClient::Unauthorized
       # Raise a custom exception not to expose the underlying
@@ -49,6 +57,8 @@ module VirustotalAPI
       raise VirustotalAPI::RateLimitError
     end
 
+    private_class_method :base_perform
+
     # @return [String] string of API URI instance method
     def api_uri
       self.class.api_uri
@@ -62,7 +72,7 @@ module VirustotalAPI
     # Generate a URL identifier.
     # @see https://developers.virustotal.com/v3.0/reference#url
     def self.url_identifier(url)
-      Base64.encode64(url).strip.gsub('=', '')
+      Base64.urlsafe_encode64(url).strip.gsub('=', '')
     end
   end
 end

data/lib/virustotal_api/file.rb

@@ -23,7 +23,20 @@ module VirustotalAPI
     # @return [VirusotalAPI::File] Report
     def self.upload(file_path, api_key, opts = {})
       filename = opts.fetch('filename') { ::File.basename(file_path) }
-      report = perform('/files', api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
+      report   = perform('/files', api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
+      new(report)
+    end
+
+    # Upload a new file with size more than 32MB.
+    #
+    # @param [String] file_path for file to be sent for scan
+    # @param [String] api_key The key for virustotal
+    # @param [Hash] opts hash for additional options
+    # @return [VirusotalAPI::File] Report
+    def self.upload_large(file_path, api_key, opts = {})
+      filename = opts.fetch('filename') { ::File.basename(file_path) }
+      url      = upload_url(api_key)
+      report   = perform_absolute(url, api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
       new(report)
     end
 
@@ -37,6 +50,12 @@ module VirustotalAPI
       new(report)
     end
 
+    # @return [String] url for upload file
+    def self.upload_url(api_key)
+      data = perform('/files/upload_url', api_key)
+      data&.dig('data')
+    end
+
     # Check if the submitted hash is detected by an AV engine.
     #
     # @param [String] engine The engine to check.

data/lib/virustotal_api/version.rb

@@ -2,5 +2,5 @@
 
 module VirustotalAPI
   # The GEM version
-  VERSION = '0.5.3'
+  VERSION = '0.5.7'
 end

data/test/base_test.rb

@@ -4,7 +4,9 @@ require './test/test_helper'
 
 class VirustotalAPIBaseTest < Minitest::Test
   def setup
+    @domain  = 'xpressco.za'
     @sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
+    @url     = 'https://www.dropbox.com/s/qmi112rc4ns75eb/Confidential_123.xls?dl=1'
     @api_key = 'testapikey'
   end
 
@@ -43,5 +45,19 @@ class VirustotalAPIBaseTest < Minitest::Test
 
       assert !virustotal_report.exists?
     end
+
+    VCR.use_cassette('domain_bad_request') do
+      virustotal_report = VirustotalAPI::Domain.find(@domain, @api_key)
+
+      assert !virustotal_report.exists?
+    end
+  end
+
+  def test_url_encoding
+    VCR.use_cassette('url_encoding_find') do
+      virustotal_report = VirustotalAPI::URL.find(@url, @api_key)
+
+      assert virustotal_report.exists?
+    end
   end
 end

data/test/file_test.rb

@@ -51,6 +51,16 @@ class VirustotalAPIFileTest < Minitest::Test
     end
   end
 
+  def test_upload_large
+    VCR.use_cassette('large_file_upload') do
+      vt_file_upload = VirustotalAPI::File.upload_large(@file_path, @api_key)
+
+      assert vt_file_upload.exists?
+      assert vt_file_upload.report.is_a?(Hash)
+      assert vt_file_upload.id.is_a?(String)
+    end
+  end
+
   def test_analyse
     VCR.use_cassette('file_analyse') do
       vt_file_analyse = VirustotalAPI::File.analyse(@sha256, @api_key)

data/test/fixtures/domain_bad_request.yml

@@ -0,0 +1,52 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://www.virustotal.com/api/v3/domains/xpressco.za
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      Accept:
+      - "*/*"
+      User-Agent:
+      - rest-client/2.1.0 (linux-gnu x86_64) ruby/2.5.1p57
+      X-Apikey:
+      - testapikey
+      Content-Length:
+      - '0'
+      Content-Type:
+      - application/x-www-form-urlencoded
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Host:
+      - www.virustotal.com
+  response:
+    status:
+      code: 400
+      message: Bad Request
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Type:
+      - application/json; charset=utf-8
+      X-Cloud-Trace-Context:
+      - f9f5f005efc95b0390a91fb6306201d6
+      Date:
+      - Mon, 28 Dec 2020 13:56:50 GMT
+      Server:
+      - Google Frontend
+      Content-Length:
+      - '138'
+    body:
+      encoding: UTF-8
+      string: |-
+        {
+            "error": {
+                "code": "InvalidArgumentError",
+                "message": "Domain \"xpressco.za\" is not a valid domain pattern"
+            }
+        }
+    http_version: 
+  recorded_at: Mon, 28 Dec 2020 13:56:50 GMT
+recorded_with: VCR 5.0.0

data/test/fixtures/file_upload.yml

@@ -49,6 +49,6 @@ http_interactions:
                 "type": "analysis"
             }
         }
-    http_version: 
+    http_version:
   recorded_at: Wed, 02 Sep 2020 14:02:37 GMT
 recorded_with: VCR 5.0.0

data/test/fixtures/large_file_upload.yml

@@ -0,0 +1,99 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://www.virustotal.com/api/v3/files/upload_url
+    body:
+    headers:
+      Accept:
+      - "*/*"
+      User-Agent:
+      - rest-client/2.1.0 (linux-gnu x86_64) ruby/2.5.1p57
+      X-Apikey:
+      - testapikey
+      Content-Length:
+      - '282'
+      Content-Type:
+      - multipart/form-data; boundary=----RubyFormBoundaryjv5FxFNLpwqDoUQA
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Host:
+      - www.virustotal.com
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Type:
+      - application/json; charset=utf-8
+      X-Cloud-Trace-Context:
+      - 9c3d1ae8f345c5ca8060a4b793174891
+      Date:
+      - Wed, 02 Sep 2020 14:02:36 GMT
+      Server:
+      - Google Frontend
+      Content-Length:
+      - '128'
+    body:
+      encoding: UTF-8
+      string: |-
+        {
+            "data": "https://www.virustotal.com/_ah/upload/AMmfu6b-_DXUeFe36Sb3b0F4B8mH9Nb-CHbRoUNVOPwG/"
+        }
+    http_version:
+  recorded_at: Wed, 02 Sep 2020 14:02:37 GMT
+
+- request:
+    method: post
+    uri: https://www.virustotal.com/_ah/upload/AMmfu6b-_DXUeFe36Sb3b0F4B8mH9Nb-CHbRoUNVOPwG/
+    body:
+      encoding: ASCII-8BIT
+      string: "------RubyFormBoundaryjv5FxFNLpwqDoUQA\r\nContent-Disposition: form-data;
+        name=\"filename\"\r\n\r\nnull_file\r\n------RubyFormBoundaryjv5FxFNLpwqDoUQA\r\nContent-Disposition:
+        form-data; name=\"file\"; filename=\"null_file\"\r\nContent-Type: text/plain\r\n\r\n\n\r\n------RubyFormBoundaryjv5FxFNLpwqDoUQA--\r\n"
+    headers:
+      Accept:
+      - "*/*"
+      User-Agent:
+      - rest-client/2.1.0 (linux-gnu x86_64) ruby/2.5.1p57
+      X-Apikey:
+      - testapikey
+      Content-Length:
+      - '282'
+      Content-Type:
+      - multipart/form-data; boundary=----RubyFormBoundaryjv5FxFNLpwqDoUQA
+      Accept-Encoding:
+      - gzip;q=1.0,deflate;q=0.6,identity;q=0.3
+      Host:
+      - www.virustotal.com
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Type:
+      - application/json; charset=utf-8
+      X-Cloud-Trace-Context:
+      - 9c3d1ae8f345c5ca8060a4b793174891
+      Date:
+      - Wed, 02 Sep 2020 14:02:36 GMT
+      Server:
+      - Google Frontend
+      Content-Length:
+      - '128'
+    body:
+      encoding: UTF-8
+      string: |-
+        {
+            "data": {
+                "id": "NjhiMzI5ZGE5ODkzZTM0MDk5YzdkOGFkNWNiOWM5NDA6MTU5OTA1NTM1Ng==",
+                "type": "analysis"
+            }
+        }
+    http_version:
+  recorded_at: Wed, 02 Sep 2020 14:02:37 GMT
+recorded_with: VCR 5.0.0