hammackj / uirusu Goto Github PK

➜ uirusu git:(master) bin/uirusu --verbose -j -u ~/Downloads/GoogleVoiceAndVideoSetup.dmg
[+] Adding file /Users/kplummer/Downloads/GoogleVoiceAndVideoSetup.dmg
[] Attempting to rescan /Users/kplummer/Downloads/GoogleVoiceAndVideoSetup.dmg
[] Attempting to parse the results for: 0b8eebc6b06476af36ebd943fe64a4c941db874cc21b64e184230ae8d03b6ce6
/Users/kplummer/Codes/uirusu/lib/uirusu/vtresult.rb:127:in to_json': undefined methodmap' for nil:NilClass (NoMethodError)
from /Users/kplummer/Codes/uirusu/lib/uirusu/cli/application.rb:328:in block in main' from /Users/kplummer/Codes/uirusu/lib/uirusu/cli/application.rb:325:ineach'
from /Users/kplummer/Codes/uirusu/lib/uirusu/cli/application.rb:325:in each_with_index' from /Users/kplummer/Codes/uirusu/lib/uirusu/cli/application.rb:325:inmain'
from bin/uirusu:37:in `

This is because the actual info is in results[0][0] and results[0][1]. Looking at the returned value from I verified this.

Think it is just because of the Array brackets around the return value. Removed and tested everything it seems to work. Can you verify that you see this too? I noticed it when uploading a file.

I'll submit a PR which you can accept if it solves the problem for you too.

I discovered this issue when using the latest version of the gem to get comments for a file. My API key is valid, and the gem was working fine for other requests such as 'Uirusu::VTFile.query_report'.

Upon investigating, I found out the underlying issue was line 49 of 'uirusu.rb'. This line was not sending the parameters properly, instead it was sending the params hash as additional headers. According to the rest-client documentation, the first param for RestClient::Resource#get is additional_headers so our params were being merged in with the headers.

The reason why RestClient::Resource#post still works, is because the first parameter is for the payload, so our params has still gets passed.

This failure was not picked up by the tests because none of the test cases included a GET request.

testing on aws; might want to go with this instead:

CONFIG_FILE = "#{ENV['HOME']}/.uirusu"

https://github.com/arxopia/uirusu/blob/master/lib/uirusu.rb#L34

haven't done extensive testing; but aws doesn't like Dir.home in it's default configuration of the nodes.

fwiw.

Change the rest_client gem to rest-client...

According to the VT documentation at https://www.virustotal.com/en/documentation/public-api/ HTTP response code 204 is the "API request limit reached" response code, not 429. When 204 is returned, it's raised as an Unknown Server error. instead of Virustotal limit reached. Try again later.

When I run ruby scan.rb I get:

/usr/local/rvm/gems/ruby-2.3.0/gems/uirusu-1.0.2/lib/uirusu.rb:73:in `parse_response': Unknown Server error. (400) (RuntimeError)
        from /usr/local/rvm/gems/ruby-2.3.0/gems/uirusu-1.0.2/lib/uirusu.rb:48:in `query_api'
        from /usr/local/rvm/gems/ruby-2.3.0/gems/uirusu-1.0.2/lib/uirusu/vturl.rb:61:in `query_report'
        from scan.rb:6:in `<main>'

My code is as follows:

require 'uirusu'

urls = "url1.com\nurl2.com\url3.com\url4.com[,...urln.com\n]" # I'm using multiple URLs; VirusTotal exemplifies in their Python script that you can append \n between URLs to query multiple entries
API_KEY = "not_for_you"

results = Uirusu::VTUrl.query_report(API_KEY, urls)
result  = Uirusu::VTResult.new(urls, results)
if result != nil then print result.to_stdout else puts "Sorry, there was an error." end

Why would I get this error? Have you encountered this before?

I use the Private API to get additional metadata from VirusTotal, and it would be nice for this gem to support that. It's just a matter of adding some additional optional parameters and some more API calls.

I currently have a fork where I'm working on adding some of these features.

Here's a list of the additional endpoints and ones that need modification (add optional parameters)

Modify current calls

• POST /vtapi/v2/file/scan
• POST /vtapi/v2/file/rescan
• GET /vtapi/v2/file/report
• POST /vtapi/v2/url/scan
• GET /vtapi/v2/url/report
• POST /vtapi/v2/comments/put

Additional calls

• GET /vtapi/v2/file/scan/upload_url
• POST /vtapi/v2/file/rescan/delete
• GET /vtapi/v2/file/behaviour
• GET /vtapi/v2/file/network-traffic
• GET /vtapi/v2/file/search
• GET /vtapi/v2/file/clusters
• GET /vtapi/v2/file/feed
• GET /vtapi/v2/file/download
• GET /vtapi/v2/file/false-positives
• GET /vtapi/v2/url/feed
• GET /vtapi/v2/ip-address/report
• GET /vtapi/v2/domain/report
• GET /vtapi/v2/comments/get

I'm not sure if Private API support is something you'd like to add to your gem, but adding it won't hurt the other functionality and would add to the use cases your gem currently provides.