Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(scoop-virustotal): Migrate to VirusTotal API v3 #4983

Merged
merged 30 commits into from
Jun 15, 2022
Merged

feat(scoop-virustotal): Migrate to VirusTotal API v3 #4983

Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
37f448b
feat(scoop-virustotal): migrate to virustotal api v3, improve flows, …
Jun 10, 2022
94bacbc
remove unused codes
Jun 11, 2022
bc6fa8c
fix bug
Jun 11, 2022
8a497fa
adjust output
Jun 11, 2022
5f5eb32
fix
Jun 11, 2022
81e759e
fix output
Jun 11, 2022
1a40167
Adjust output
Jun 12, 2022
8737f9e
show vendors directly if malicious/suspicious != 0
Jun 12, 2022
e4207f4
adjust output
Jun 13, 2022
e3249ed
fix for some rare cases
Jun 13, 2022
301c7e9
add '--passthru' parameter
Jun 13, 2022
a925252
feat(scoop-virustotal): migrate to virustotal api v3, improve flows, …
Jun 10, 2022
aa830bd
remove unused codes
Jun 11, 2022
331f134
fix bug
Jun 11, 2022
20d5f47
adjust output
Jun 11, 2022
5a20a6c
fix
Jun 11, 2022
1fc1cbb
fix output
Jun 11, 2022
9d9fc9c
Adjust output
Jun 12, 2022
36d5ce3
show vendors directly if malicious/suspicious != 0
Jun 12, 2022
152f21a
adjust output
Jun 13, 2022
dd797d6
fix for some rare cases
Jun 13, 2022
08e81c7
add '--passthru' parameter
Jun 13, 2022
3b293df
Merge branch 'virustotal' of https://github.com/ClassicDarkChocolate/…
Jun 13, 2022
3bdd4f5
add '-p' parameter
Jun 13, 2022
c60558d
fix special cases
Jun 14, 2022
92e481c
fix help message
ClassicDarkChocolate Jun 14, 2022
1d05ea3
add API Key hint
ClassicDarkChocolate Jun 14, 2022
593a968
Merge branch 'develop' into virustotal
ClassicDarkChocolate Jun 14, 2022
0d88679
update changelog
Jun 14, 2022
6ced2c3
fix case
Jun 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
adjust output
  • Loading branch information
ClassicDarkChocolate committed Jun 11, 2022
commit 8a497fadae0d6ebe7302bd8a591e94fbde576f68
59 changes: 39 additions & 20 deletions libexec/scoop-virustotal.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,30 +116,36 @@ Function Get-VirusTotalResultByHash ($hash, $app) {
'App.Name' = $app
'App.Hash' = $hash
FileReport = $report_url
Malicious = $null
Suspicious = $null
Timeout = $null
Undetected = $null
UrlReport = $null
}
} else {
switch ($unsafe) {
0 {
Write-Information "$($PSStyle.Foreground.BrightGreen)INFO : $app`: $unsafe / $total$($PSStyle.Reset)" -InformationAction 'Continue'
Write-Information "$($PSStyle.Foreground.BrightGreen)INFO : $app`: $unsafe/$total$($PSStyle.Reset)" -InformationAction 'Continue'
}
1 {
Write-Warning "$app`: $unsafe / $total"
Write-Warning "$app`: $unsafe/$total"
}
2 {
Write-Warning "$app`: $unsafe / $total"
Write-Warning "$app`: $unsafe $total"
}
Default {
Write-Warning "$app`: $($PSStyle.Formatting.Error)$unsafe$($PSStyle.Formatting.Warning) / $total"
Write-Warning "$app`: $($PSStyle.Formatting.Error)$unsafe$($PSStyle.Formatting.Warning)/$total"
}
}
[PSCustomObject] @{
'App.Name' = $app
'App.Hash' = $hash
FileReport = $report_url
Malicious = $malicious
Suspicious = $suspicious
Timeout = $timeout
Undetected = $undetected
FileReport = $report_url
UrlReport = $null
}
}
if ($unsafe -gt 0) {
Expand All @@ -158,21 +164,29 @@ Function Get-VirusTotalResultByUrl ($url, $app) {
$id = json_path $result '$.data.id'
$hash = json_path $result '$.data.attributes.last_http_response_content_sha256' 6>$null
$url_report_url = "https://www.virustotal.com/gui/url/$id"
Write-Information "INFO : $app`: Url report found: $url_report_url" -InformationAction 'Continue'
Write-Information "INFO : $($PSStyle.Formatting.Warning)Url report is not accurate.$($PSStyle.Reset)" -InformationAction 'Continue'
Write-Information "INFO : $app`: Url report found."
if (!$hash) {
Write-Warning "$app`: File report not found. Manual file upload is required (instead of url submission)."
Write-Information "INFO : $app`: Related file report not found."
Write-Warning "$app`: Manual file upload is required (instead of url submission)."
[PSCustomObject] @{
'App.Name' = $app
'App.Url' = $url
FileReport = $null
Malicious = $null
Suspicious = $null
Timeout = $null
Undetected = $null
UrlReport = $url_report_url
}
} else {
Write-Information "INFO : $app`: Related file report found." -InformationAction 'Continue'
Write-Information "INFO : $app`: Related file report found."
[PSCustomObject] @{
'App.Name' = $app
'App.Hash' = $hash
'App.Url' = $url
FileReport = $null
Malicious = $null
Suspicious = $null
Timeout = $null
Undetected = $null
UrlReport = $url_report_url
}
}
Expand Down Expand Up @@ -210,9 +224,8 @@ Function Submit-ToVirusTotal ($url, $app, $do_scan, $retrying = $False) {
$id = ((json_path $result '$.data.id') -split '-')[1]
$url_report_url = "https://www.virustotal.com/gui/url/$id"
$fileSize = Get-RemoteFileSize $url
Write-Information "INFO : $app`: Remote file size: $($fileSize.ToString('0.00 MB'))" -InformationAction 'Continue'
if ($fileSize -gt 70) {
Write-Information "INFO : $($PSStyle.Formatting.Warning)Large files might require manual file upload instead of url submission.$($PSStyle.Reset)"
Write-Information "INFO : $app`: Remote file size: $($fileSize.ToString('0.00 MB')). Large files might require manual file upload instead of url submission." -InformationAction 'Continue'
}
Write-Information "INFO : $app`: Analysis in progress." -InformationAction 'Continue'
return
Expand All @@ -236,7 +249,7 @@ Function Submit-ToVirusTotal ($url, $app, $do_scan, $retrying = $False) {
}
}

$apps | ForEach-Object {
$reports = $apps | ForEach-Object {
$app = $_
$null, $manifest, $bucket, $null = Get-Manifest $app
if (!$manifest) {
Expand All @@ -251,19 +264,21 @@ $apps | ForEach-Object {
$hash = hash_for_url $manifest $url $architecture

try {
$isHashUnsupported = $false
if ($hash -match '(?<algo>[^:]+):(?<hash>.*)') {
$hash = $matches.hash
if ($matches.algo -notmatch '(md5|sha1|sha256)') {
$hash = $null
$isHashUnsupported = $true
Write-Warning "$app`: Unsupported hash $($matches.algo). Will search by url instead."
}
}
if ($hash) {
$report = Get-VirusTotalResultByHash $hash $app
$report
$file_report = Get-VirusTotalResultByHash $hash $app
$file_report
return
} else {
Write-Warning "$app`: Hash for $url not found. Will search by url instead."
} elseif (!$isHashUnsupported) {
Write-Warning "$app`: Hash not found. Will search by url instead."
}
} catch [Exception] {
$exit_code = $exit_code -bor $_ERR_EXCEPTION
Expand All @@ -282,8 +297,11 @@ $apps | ForEach-Object {
$url_report = Get-VirusTotalResultByUrl $url $app
$hash = $url_report.'App.Hash'
if ($hash) {
$report = Get-VirusTotalResultByHash $hash $app
$report
$file_report = Get-VirusTotalResultByHash $hash $app
$file_report.'UrlReport' = $url_report.'UrlReport'
$file_report
} else {
$url_report
}
} catch [Exception] {
$exit_code = $exit_code -bor $_ERR_EXCEPTION
Expand All @@ -300,5 +318,6 @@ $apps | ForEach-Object {
}
}
}
$reports

exit $exit_code