RubyGems - virustotal_api - Versions diffs - 0.4.1 → 0.5.0 - Mend

virustotal_api 0.4.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

checksums.yaml +4 -4
data/.github/workflows/ruby.yml +26 -0
data/.gitignore +1 -0
data/.rubocop.yml +12 -5
data/CHANGELOG.md +7 -2
data/README.md +48 -56
data/lib/virustotal_api.rb +5 -7
data/lib/virustotal_api/analysis.rb +24 -0
data/lib/virustotal_api/base.rb +35 -10
data/lib/virustotal_api/domain.rb +24 -0
data/lib/virustotal_api/exceptions.rb +3 -0
data/lib/virustotal_api/file.rb +56 -0
data/lib/virustotal_api/ip.rb +24 -0
data/lib/virustotal_api/uri.rb +2 -1
data/lib/virustotal_api/url.rb +46 -0
data/lib/virustotal_api/version.rb +2 -1
data/test/analysis_test.rb +23 -0
data/test/base_test.rb +8 -28
data/test/domain_test.rb +32 -0
data/test/exceptions_test.rb +14 -0
data/test/file_test.rb +68 -0
data/test/fixtures/analysis.yml +544 -0
data/test/fixtures/domain.yml +830 -0
data/test/fixtures/file_analyse.yml +52 -0
data/test/fixtures/file_find.yml +1236 -0
data/test/fixtures/file_unauthorized.yml +51 -0
data/test/fixtures/file_upload.yml +54 -0
data/test/fixtures/ip.yml +716 -0
data/test/fixtures/unscanned_url_find.yml +44 -0
data/test/fixtures/url_analyse.yml +52 -0
data/test/fixtures/url_find.yml +599 -0
data/test/{ip_report_test.rb → ip_test.rb} +4 -4
data/test/uri_test.rb +1 -1
data/test/url_test.rb +65 -0
data/test/version_test.rb +1 -1
data/virustotal_api.gemspec +10 -8
metadata +86 -70
data/.github/workflows/gem_publish.yml +0 -38
data/lib/virustotal_api/domain_report.rb +0 -36
data/lib/virustotal_api/file_report.rb +0 -37
data/lib/virustotal_api/file_rescan.rb +0 -36
data/lib/virustotal_api/file_scan.rb +0 -38
data/lib/virustotal_api/ip_report.rb +0 -36
data/lib/virustotal_api/url_report.rb +0 -41
data/lib/virustotal_api/url_scan.rb +0 -36
data/test/domain_report_test.rb +0 -32
data/test/file_report_test.rb +0 -36
data/test/file_rescan_test.rb +0 -32
data/test/file_scan_test.rb +0 -30
data/test/fixtures/domain_report.yml +0 -311
data/test/fixtures/ip_report.yml +0 -1323
data/test/fixtures/queue_unscanned_url_report.yml +0 -46
data/test/fixtures/report.yml +0 -110
data/test/fixtures/report_not_found.yml +0 -42
data/test/fixtures/request_forbidden.yml +0 -38
data/test/fixtures/rescan.yml +0 -47
data/test/fixtures/scan.yml +0 -49
data/test/fixtures/unscanned_url_report.yml +0 -43
data/test/fixtures/url_report.yml +0 -95
data/test/fixtures/url_scan.yml +0 -48
data/test/url_report_test.rb +0 -57
data/test/url_scan_test.rb +0 -30

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 59f51d8dce27daace930afc9786485d497e79b3ba9afc6b82bffbb1ac1c98b36
-  data.tar.gz: 1fe1adf06f5135342dd48cade1d28c78a97530885e51e6d0993d0a971e31cec4
+  metadata.gz: 68e1f3494830e62ef04f24a74431a540d3dd6943ee329b772b8a3629798f0856
+  data.tar.gz: 58e0b36a8a6745b2db5957ab4b48da429f9ec154b1116d0110933cbc54d9f456
 SHA512:
-  metadata.gz: 30985ac7e3aec76bf9fd6ab41f9b1b1ec46edb96ba5e3ab12e9d1c993aeff665cc41fb5644db97afb26d41605208f4b0a116856fed5cfe22872571da429e3882
-  data.tar.gz: ea9be7f207a5805fecc1e1e321c07ade17cafc1eb0b1c85416117985f54837b6951c6285562f0ffffac32933fd9ff0bd66e1561f0d15ccb6555f0998d6d8a0de
+  metadata.gz: 03cf94231610ed5e8002c60dde3cc6d3b3d4ab52682be470023911559c0df6f2cf9230532fe3f002bd2587268405b086742e73a9edba86a4de49eaca37ab1b6b
+  data.tar.gz: a831140e24d0302e971a33f3b44d7c9760aa271b27d4036bf310ada72f09aa9cd11d1c685793d2a78a0ac6814725de873f8ea6419e92461febef84bb909f2065

data/.github/workflows/ruby.yml ADDED

@@ -0,0 +1,26 @@
+name: Ruby
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+jobs:
+  Test:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Ruby
+    # To automatically get bug fixes and new Ruby versions for ruby/setup-ruby,
+    # change this to (see https://github.com/ruby/setup-ruby#versioning):
+      uses: ruby/setup-ruby@v1.46.0
+      with:
+        ruby-version: 2.6
+    - name: Install dependencies
+      run: bundle install
+    - name: Lint
+      run: bundle exec rake rubocop
+    - name: Run tests
+      run: bundle exec rake

data/.gitignore CHANGED

@@ -12,3 +12,4 @@
 *.o
 *.a
 mkmf.log
+.rake_tasks~

data/.rubocop.yml CHANGED

@@ -1,13 +1,14 @@
 # This is the configuration used to check the rubocop source code.
 AllCops:
+  NewCops: enable
   Exclude:
     - 'test/fixtures/*'
 Style/StringLiterals:
   Enabled: true
-Style/UnneededPercentQ:
+Style/RedundantPercentQ:
   Enabled: true
 # Disabled Checks
@@ -20,13 +21,19 @@ Style/PercentLiteralDelimiters:
 Style/RegexpLiteral:
   Enabled: false
-Style/BracesAroundHashParameters:
-  Enabled: false
 Lint/MissingCopEnableDirective:
   Exclude:
     - 'test/base_test.rb'
-Naming/UncommunicativeMethodParamName:
+Naming/MethodParameterName:
   Exclude:
     - 'lib/virustotal_api/ip_report.rb'
+Layout/LineLength:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Gemspec/RequiredRubyVersion:
+  Enabled: false

data/CHANGELOG.md CHANGED

@@ -1,10 +1,15 @@
 # VirusTotal API Changelog
+## [0.5.0] - 2020-09-02
+* Full rework to support API V3.
+  * [@crondaemon](https://github.com/crondaemon) & [@jonnynux](https://github.com/jonnynux)
+* Move to Ruby 2.6 for minimum Ruby version
 ## [0.4.1] - 2019-09-04
 * Fixed Reponse Parsing
-  * [@jonnynux](https://github.com/jonnynux)
+  * [@jonnynux](https://github.com/jonnynux)
 ## [0.4.0] - 2019-07-23

data/README.md CHANGED

@@ -1,9 +1,11 @@
 # VirustotalAPI
-Ruby Gem for [VirusTotal](https://www.virustotal.com) [V2 API](https://www.virustotal.com/en/documentation/public-api/)
+Ruby Gem for [VirusTotal](https://www.virustotal.com) [V3 API](https://developers.virustotal.com/v3.0/reference).
+If you want the version 2, check out the gem versions up to [0.4.0](https://github.com/crondaemon/virustotal_api/tree/v0.4.0).
+![Ruby](https://github.com/pwelch/virustotal_api/workflows/Ruby/badge.svg)
 [![Gem Version](https://badge.fury.io/rb/virustotal_api.svg)](http://badge.fury.io/rb/virustotal_api)
-[![CircleCI](https://circleci.com/gh/pwelch/virustotal_api.svg?style=svg)](https://circleci.com/gh/pwelch/virustotal_api)
 ## Installation
@@ -27,7 +29,7 @@ VirusTotal only allows 4 queries per minute for their Public API. https://www.vi
 You will need a Private API Key if you require more queries per minute.
-### File Report
+### File Find
 ```ruby
 require 'virustotal_api'
@@ -35,7 +37,7 @@ require 'virustotal_api'
 sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
 api_key = 'MY_API_KEY'
-vtreport = VirustotalAPI::FileReport.find(sha256, api_key)
+vtreport = VirustotalAPI::File.find(sha256, api_key)
 # Does the resource have any results?
 vtreport.exists?
@@ -43,14 +45,19 @@ vtreport.exists?
 # URL for File Report (if it exists)
 vtreport.report_url
-# => "https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1418032127/"
+# => "https://www.virustotal.com/api/v3/files/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"
 # Report results (if they exist) are available via #report
-vtreport.report["scans"]["ClamAV"]
-# => {"detected"=>false, "version"=>"0.98.5.0", "result"=>nil, "update"=>"20141208"}
+vtreport.report['data']['attributes']['last_analysis_results']['ClamAV']
+# => {"category"=>"undetected", "engine_name"=>"ClamAV", "engine_update"=>"20200826",
+# "engine_version"=>"0.102.4.0", "method"=>"blacklist", "result"=>nil}
+# Check whether an Antivirus detected this sample or not
+vtreport.detected_by('ClamAV')
+# => false
 ```
-### File Scan
+### File Upload
 ```ruby
 require 'virustotal_api'
@@ -58,28 +65,21 @@ require 'virustotal_api'
 file    = '/path/to/file'
 api_key = 'MY_API_KEY'
-vtscan = VirustotalAPI::FileScan.scan(file, api_key)
+vtscan = VirustotalAPI::File.upload(file, api_key)
-# Scan ID of file
-vtscan.scan_id
+# Virustotal ID of file
+vtscan.id
 # => "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668"
 # Response results are available via #response
 vtscan.report
 # =>
-{
-  "scan_id"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1419454668",
-  "sha1"=>"adc83b19e793491b1c6ea0fd8b46cd9f32e592fc",
-  "resource"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "response_code"=>1,
-  "sha256"=>"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "permalink"=>"https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1419454668/",
-  "md5"=>"68b329da9893e34099c7d8ad5cb9c940",
-  "verbose_msg"=>"Scan request successfully queued, come back later for the report"
-}
+{"data"=>
+  {"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
+   "type"=>"analysis"}}
 ```
-### File Rescan
+### File Analyse
 ```ruby
 require 'virustotal_api'
@@ -87,25 +87,21 @@ require 'virustotal_api'
 sha256  = '01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b'
 api_key = 'MY_API_KEY'
-vtrescan = VirustotalAPI::FileRescan.rescan(sha256, api_key)
+vtrescan = VirustotalAPI::File.analyse(sha256, api_key)
-# Rescan ID of file
-vtrescan.rescan_id
-# => "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1562684247"
+# Virustotal ID of file
+vtrescan.id
+# => "MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ=="
 # Response results are available via #response
 vtrescan.report
 # =>
-{
-  "permalink": "https://www.virustotal.com/file/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b/analysis/1562684247/",
-  "response_code": 1,
-  "sha256": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "resource": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b",
-  "scan_id": "01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-1562684247"
-}
+{"data"=>
+  {"id"=>"MTkxNDBmMjU4ZGY1OGZiYzZjNmU2ODcyMWNhYjhkZTM6MTU5ODUzMTE5OQ==",
+   "type"=>"analysis"}}
 ```
-### URL Report
+### URL find
 ```ruby
 require 'virustotal_api'
@@ -113,7 +109,7 @@ require 'virustotal_api'
 url     = 'http://www.google.com'
 api_key = 'MY_API_KEY'
-vturl_report = VirustotalAPI::URLReport.find(url, api_key)
+vturl_report = VirustotalAPI::URL.find(url, api_key)
 # Does the resource have any results?
 vturl_report.exists?
@@ -121,14 +117,14 @@ vturl_report.exists?
 # URL for Report (if it exists)
 vturl_report.report_url
-# => "https://www.virustotal.com/url/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/analysis/1419457210/"
+# => "https://www.virustotal.com/api/v3/urls/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/"
 # Report results (if they exist) are available via #report
-vturl_report.report["scans"]["Opera"]
-# => {"detected"=>false, "result"=>"clean site"}
+vturl_report.report['data']['attributes']['last_analysis_results']['Avira']
+# => {"category"=>"harmless", "engine_name"=>"Avira", "method"=>"blacklist", "result"=>"clean"}
 ```
-### URL Scan
+### URL Upload
 ```ruby
 require 'virustotal_api'
@@ -136,27 +132,22 @@ require 'virustotal_api'
 url     = 'http://www.google.com'
 api_key = 'MY_API_KEY'
-vturl_scan = VirustotalAPI::URLScan.scan(url, api_key)
+vturl_scan = VirustotalAPI::URL.upload(url, api_key)
-# Scan ID of file
-vturl_scan.scan_id
-# => "dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1562751553"
+# Virustotal ID of file
+vturl_scan.id
+# => "u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929"
 # Response results are available via #response
 vturl_scan.report
 # =>
-{
-  "permalink": "https://www.virustotal.com/url/dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf/analysis/1562751553/",
-  "resource": "http://www.google.com/",
-  "url": "http://www.google.com/",
-  "response_code": 1,
-  "scan_date": "2019-07-10 09:39:13",
-  "scan_id": "dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1562751553",
-  "verbose_msg": "Scan request successfully queued, come back later for the report"
-}
+{"data"=>
+  {"id"=>
+    "u-dd014af5ed6b38d9130e3f466f850e46d21b951199d53a18ef29ee9341614eaf-1598531929",
+   "type"=>"analysis"}}
 ```
-### IP Report
+### IP Find
 ```ruby
 require 'virustotal_api'
@@ -164,7 +155,7 @@ require 'virustotal_api'
 ip      = '8.8.8.8'
 api_key = 'MY_API_KEY'
-vtip_report = VirustotalAPI::IPReport.find(ip, api_key)
+vtip_report = VirustotalAPI::IP.find(ip, api_key)
 # Does the resource have any results?
 vtip_report.exists?
@@ -175,7 +166,7 @@ vtip_report.report
 # => Hash of report results
 ```
-### Domain Report
+### Domain Find
 ```ruby
 require 'virustotal_api'
@@ -183,7 +174,7 @@ require 'virustotal_api'
 domain  = 'virustotal.com'
 api_key = 'MY_API_KEY'
-vtdomain_report = VirustotalAPI::DomainReport.find(domain, api_key)
+vtdomain_report = VirustotalAPI::Domain.find(domain, api_key)
 # Does the resource have any results?
 vtdomain_report.exists?
@@ -199,6 +190,7 @@ vtdomain_report.report
 - [@postmodern](https://github.com/postmodern)
 - [@mkunkel](https://github.com/mkunkel)
 - [@jonnynux](https://github.com/jonnynux)
+- [@crondaemon](https://github.com/crondaemon/)
 ## Contributing

data/lib/virustotal_api.rb CHANGED

@@ -1,11 +1,9 @@
 # frozen_string_literal: true
-require 'virustotal_api/domain_report'
-require 'virustotal_api/file_report'
-require 'virustotal_api/file_rescan'
-require 'virustotal_api/file_scan'
-require 'virustotal_api/ip_report'
-require 'virustotal_api/url_report'
-require 'virustotal_api/url_scan'
+require 'virustotal_api/analysis'
+require 'virustotal_api/domain'
+require 'virustotal_api/file'
+require 'virustotal_api/ip'
+require 'virustotal_api/url'
 require 'virustotal_api/uri'
 require 'virustotal_api/version'

data/lib/virustotal_api/analysis.rb ADDED

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+require_relative 'base'
+module VirustotalAPI
+  # A class for '/analyses' API
+  class Analysis < Base
+    attr_reader :report
+    # rubocop:disable Lint/MissingSuper
+    def initialize(report)
+      @report = report
+    end
+    # @param [String] id The Virustotal ID to get the report for.
+    # @param [String] api_key The key for virustotal
+    # @return [VirustotalAPI::IP] Report
+    def self.find(id, api_key)
+      report = perform("/analyses/#{id}", api_key)
+      new(report)
+    end
+  end
+end
+# rubocop:enable Lint/MissingSuper

data/lib/virustotal_api/base.rb CHANGED

@@ -3,22 +3,44 @@
 require 'virustotal_api/exceptions'
 require 'rest-client'
 require 'json'
+require 'base64'
+# The base VirustotalAPI module.
 module VirustotalAPI
+  # The base class implementing the raw calls to Virustotal API V3.
   class Base
+    attr_reader :report
+    def initialize(report)
+      @report = report
+    end
     # @return [String] string of API URI class method
     def self.api_uri
       VirustotalAPI::URI
     end
-    # @param [RestClient::Response] response
-    # @return [Hash] the parsed JSON.
-    def self.parse(response)
-      if response.code == 204
-        raise(RateLimitError, 'maximum number of 4 requests per minute reached')
-      end
+    # The actual method performing a call to Virustotal
+    #
+    # @param [String] url The url of the API
+    # @param [String] api_key The key for virustotal
+    # @param [String] method The HTTP method to use
+    # @param [Hash] options Options to pass as payload
+    # @return [VirustotalAPI::Domain] Report Search Result
+    def self.perform(url, api_key, method = :get, options = {})
+      response = RestClient::Request.execute(
+        method: method,
+        url: api_uri + url,
+        headers: { 'x-apikey': api_key },
+        payload: options
+      )
       JSON.parse(response.body)
+    rescue RestClient::NotFound
+      nil
+    rescue RestClient::Unauthorized
+      # Raise a custom exception not to expose the underlying
+      # HTTP client.
+      raise VirustotalAPI::Unauthorized
     end
     # @return [String] string of API URI instance method
@@ -27,11 +49,14 @@ module VirustotalAPI
     end
     # @return [Boolean] if report for resource exists
-    # 0 => not_present, 1 => exists, -1 => invalid_ip_address
     def exists?
-      response_code = report.fetch('response_code') { nil }
+      !report.empty?
+    end
-      response_code == 1
+    # Generate a URL identifier.
+    # @see https://developers.virustotal.com/v3.0/reference#url
+    def self.url_identifier(url)
+      Base64.encode64(url).strip.gsub('=', '')
     end
   end
 end

data/lib/virustotal_api/domain.rb ADDED

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+require_relative 'base'
+module VirustotalAPI
+  # A class for '/domains' API
+  class Domain < Base
+    # rubocop:disable Lint/UselessMethodDefinition
+    def initialize(report)
+      super(report)
+    end
+    # Find a domain.
+    #
+    # @param [String] domain The domain to search
+    # @param [String] api_key for virustotal
+    # @return [VirustotalAPI::Domain] Report Search Result
+    def self.find(domain, api_key)
+      report = perform("/domains/#{domain}", api_key)
+      new(report)
+    end
+  end
+end
+# rubocop:enable Lint/UselessMethodDefinition