RubyGems - wepawet - Versions diffs - 0.1.0 → 0.1.1 - Mend

wepawet 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,24 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    git (1.2.5)
+    jeweler (1.5.2)
+      bundler (~> 1.0.0)
+      git (>= 1.2.5)
+      rake
+    libxml-ruby (1.1.4)
+    multipart-post (1.1.0)
+    rake (0.8.7)
+    rcov (0.9.9)
+    shoulda (2.11.3)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (~> 1.0.0)
+  jeweler (~> 1.5.2)
+  libxml-ruby (>= 1.1.4)
+  multipart-post (>= 1.1.0)
+  rcov
+  shoulda

data/README.rdoc CHANGED Viewed

@@ -1,6 +1,6 @@
 = wepawet
-This gem provides an interface to UAB's wepawet malicious URL analysis project
+This gem provides an interface to UCSB's wepawet malicious URL analysis project
 Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files. http://wepawet.cs.ucsb.edu
 Example usage:

data/Rakefile CHANGED Viewed

@@ -15,7 +15,7 @@ Jeweler::Tasks.new do |gem|
 	gem.name = "wepawet"
 	gem.homepage = "http://github.com/chrislee35/wepawet"
 	gem.license = "MIT"
-	gem.summary = %Q{provides an interface to UAB's wepawet malicious URL analysis project}
+	gem.summary = %Q{provides an interface to UCSB's wepawet malicious URL analysis project}
 	gem.description = %Q{Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files. http://wepawet.cs.ucsb.edu}
 	gem.email = "rubygems@chrislee.dhs.org"
 	gem.authors = ["Chris Lee"]

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.1.0
1	+ 0.1.1

data/lib/wepawet/wepawet.rb ADDED Viewed

@@ -0,0 +1,106 @@
+require 'net/http'
+require 'net/https'
+require 'uri'
+require 'net/http/post/multipart'
+require 'xml'
+require 'cgi'
+# The Wepawet module contains all the query and submission classes for wepawet
+module Wepawet
+	# Wepawet::Submit is used to submit new files and/or URLs into the wepawet system.
+	class Submit
+		def initialize(config)
+			@config = config
+		end
+		def submit_file(filename, resource_type='js')
+			params = {'resource_type' => resource_type}
+			['user','passwd','referer'].each do |opt|
+				params[opt] = @config[opt] if @config[opt]
+			end
+			file = File.open(filename)
+			params['file'] = UploadIO.new(file, "application/octet-stream", File.basename(filename))
+			uri = URI.parse(@config['wepawetSubmitUrl'])
+			http = Net::HTTP.new(uri.host, uri.port)
+			http.use_ssl = (url.scheme == 'https')
+			http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+			request = Net::HTTP::Post::Multipart.new(uri.path, params)
+			request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} wepawet gem (https://github.com/chrislee35/wepawet)")
+			response = http.request(request)
+			parse_response(response.body)
+		end
+		# Wepawet::Submit#submit_url(url) submits a new URL to the wepawet system and returns a task ID (a hash).
+		def submit_url(url, resource_type='js')
+			params = {'resource_type' => resource_type, 'url' => url}
+			['user','passwd','referer'].each do |opt|
+				params[opt] = @config[opt] if @config[opt]
+			end
+			puts @config['wepawetSubmitUrl']
+			uri = URI.parse(@config['wepawetSubmitUrl'])
+			http = Net::HTTP.new(uri.host, uri.port)
+			http.use_ssl = (uri.scheme == 'https')
+			http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+			request = Net::HTTP::Post.new(uri.path)
+			request.set_form_data(params)
+			request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} wepawet gem (https://github.com/chrislee35/wepawet)")
+			response = http.request(request)
+			parse_response(response.body)
+		end
+		def parse_response(doc)
+			xml = XML::Document.string(doc)
+			h = xml.find("hash")
+			h[0].child.to_s
+		rescue Exception
+			return nil
+		end
+	end
+	class Query
+		def initialize(config)
+			@config = config
+		end
+		def by_whatever(whatever, value)
+			params = {'resource_type' => 'js', whatever => value}
+			urlkey = (whatever == 'hash') ? 'wepawetQueryUrl' : (whatever == 'domain') ? 'wepawetDomainUrl' : (whatever == 'url') ? 'wepawetUrlUrl' : 'wepawetQueryUrl'
+			uri = URI.parse(@config[urlkey]+"?"+params.map{|k,v| "#{k}=#{v}"}.join("&"))
+			http = Net::HTTP.new(uri.host, uri.port)
+			http.use_ssl = (uri.scheme == 'https')
+			http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+			request = Net::HTTP::Get.new(uri.path+"?"+uri.query)
+			request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} wepawet gem (https://github.com/chrislee35/wepawet)")
+			response = http.request(request)
+			_parse_response(response.body)
+		end
+		def by_taskid(taskid)
+			by_whatever('hash',taskid)
+		end
+		alias :by_hash :by_taskid
+		def by_domain(domain)
+			by_whatever('domain',domain)
+		end
+		def by_url(url)
+			by_whatever('url', CGI.escape(url))
+		end
+		def _parse_response(doc)
+			xml = XML::Document.string(doc)
+			hash = {}
+			xml.child.children.each do |node|
+				if node.name =~ /\w/ and node.child
+					hash[node.name] = node.child.content
+				end
+			end
+			hash
+		rescue Exception
+			return nil
+		end
+	end
+end

data/wepawet.gemspec ADDED Viewed

@@ -0,0 +1,78 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+Gem::Specification.new do |s|
+  s.name = %q{wepawet}
+  s.version = "0.1.1"
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Chris Lee"]
+  s.date = %q{2011-04-24}
+  s.description = %q{Wepawet is a service for detecting and analyzing web-based malware. It currently handles Flash, JavaScript, and PDF files. http://wepawet.cs.ucsb.edu}
+  s.email = %q{rubygems@chrislee.dhs.org}
+  s.executables = ["wepawet"]
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "bin/wepawet",
+    "lib/wepawet.rb",
+    "lib/wepawet/wepawet.rb",
+    "test/helper.rb",
+    "test/test_wepawet.rb",
+    "wepawet.gemspec"
+  ]
+  s.homepage = %q{http://github.com/chrislee35/wepawet}
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.7.2}
+  s.summary = %q{provides an interface to UCSB's wepawet malicious URL analysis project}
+  s.test_files = [
+    "test/helper.rb",
+    "test/test_wepawet.rb"
+  ]
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<multipart-post>, [">= 1.1.0"])
+      s.add_runtime_dependency(%q<libxml-ruby>, [">= 1.1.4"])
+      s.add_development_dependency(%q<shoulda>, [">= 0"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_development_dependency(%q<rcov>, [">= 0"])
+      s.add_runtime_dependency(%q<multipart-post>, [">= 1.1.0"])
+      s.add_runtime_dependency(%q<libxml-ruby>, [">= 1.1.4"])
+    else
+      s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
+      s.add_dependency(%q<libxml-ruby>, [">= 1.1.4"])
+      s.add_dependency(%q<shoulda>, [">= 0"])
+      s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+      s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+      s.add_dependency(%q<rcov>, [">= 0"])
+      s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
+      s.add_dependency(%q<libxml-ruby>, [">= 1.1.4"])
+    end
+  else
+    s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
+    s.add_dependency(%q<libxml-ruby>, [">= 1.1.4"])
+    s.add_dependency(%q<shoulda>, [">= 0"])
+    s.add_dependency(%q<bundler>, ["~> 1.0.0"])
+    s.add_dependency(%q<jeweler>, ["~> 1.5.2"])
+    s.add_dependency(%q<rcov>, [">= 0"])
+    s.add_dependency(%q<multipart-post>, [">= 1.1.0"])
+    s.add_dependency(%q<libxml-ruby>, [">= 1.1.4"])
+  end
+end

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: wepawet
 version: !ruby/object:Gem::Version
-  hash: 27
+  hash: 25
   prerelease:
   segments:
   - 0
   - 1
-  - 0
-  version: 0.1.0
+  - 1
+  version: 0.1.1
 platform: ruby
 authors:
 - Chris Lee
@@ -153,14 +153,17 @@ extra_rdoc_files:
 files:
 - .document
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.rdoc
 - Rakefile
 - VERSION
+- bin/wepawet
 - lib/wepawet.rb
+- lib/wepawet/wepawet.rb
 - test/helper.rb
 - test/test_wepawet.rb
-- bin/wepawet
+- wepawet.gemspec
 homepage: http://github.com/chrislee35/wepawet
 licenses:
 - MIT
@@ -193,7 +196,7 @@ rubyforge_project:
 rubygems_version: 1.7.2
 signing_key:
 specification_version: 3
-summary: provides an interface to UAB's wepawet malicious URL analysis project
+summary: provides an interface to UCSB's wepawet malicious URL analysis project
 test_files:
 - test/helper.rb
 - test/test_wepawet.rb