Class: Uirusu::VTResult

Inherits:
Object
  • Object
show all
Defined in:
lib/uirusu/vtresult.rb

Overview

A wrapper class to hold all of the data for a single Virus total result

Constant Summary collapse

RESULT_FIELDS = 
Uirusu::RESULT_FIELDS

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(hash, results) ⇒ VTResult

Builds a VTResult object based on the hash and results passed to it

Parameters:

  • hash,

    Cryptographic hash that was searched

  • results,

    Results of the search on Virustotal.com



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/uirusu/vtresult.rb', line 40

def initialize hash, results
	if results == nil or results.empty?
		return

	# Take into consideration being passed an array of results.
	# For instance, rescan_file will return an array if more than
	# one sample is given.  This ensures single results work.
	elsif not results.is_a? Array
		results = [ [ hash, results ] ]
	end

	@results = Array.new

	# Results will be an array of: [ [resource, result hash ] ]
	results.each do |entry|
		hash   = entry.first # Grab the resource (checksum hash)
		result = entry.last  # Grab the query report

		if result['response_code'] == 0
			res = Hash.new
			RESULT_FIELDS.each{|field| res[field] = '-' }
			res[:hash] = hash
			res['result'] = result['verbose_msg']
			@results.push res

		elsif result['response_code'] == 0
			abort "[!] Invalid API KEY! Please correct this! Check ~/.uirusu"
		else
			permalink = result['permalink']
			date = result['scan_date']
			md5 = result['md5']
			sha1 = result['sha1']
			sha256 = result['sha256']

			result['scans'].each do |scanner, value|
				if value != ''
					res = Hash.new
					res[:hash] = hash
					res[:md5] = md5
					res[:sha1] = sha1
					res[:sha256] = sha256
					res[:scanner] = scanner
					res[:detected] = value['detected']
					res[:version] = value['version']

					if value['result'] == nil
						res[:result] = "Nothing detected"
					else
						res[:result] = value['result']
					end

					res[:update] = value['update']
					res[:permalink] = permalink unless permalink == nil

					@results.push res
				end
			end
		end
	end

	#if we didn't have any results lets create a fake not found
	if @results.size == 0
		res = Hash.new
		RESULT_FIELDS.each{|field| res[field] = '-' }
		res[:hash] = hash
		res['result'] = result['verbose_msg']
		@results.push res
	end
end

Instance Attribute Details

#resultsObject

Returns the value of attribute results.



33
34
35
 
# File 'lib/uirusu/vtresult.rb', line 33

def results
  @results
end

Instance Method Details

#to_json(options = {}) ⇒ String

Outputs the result to JSON

Returns:

  • (String)

    JSON representation of the result



131
132
133
 
# File 'lib/uirusu/vtresult.rb', line 131

def to_json(options={})
	JSON::pretty_generate(@results.map{|entry| { :vtresult => entry } })
end

#to_stdoutString

Outputs the result to STDOUT

Returns:

  • (String)

    Pretty text printable representation of the result



113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'lib/uirusu/vtresult.rb', line 113

def to_stdout
	result_string = String.new
	hashes = Array.new

	@results.sort_by {|k| k[:scanner] }.each do |result|
		unless hashes.include? result[:hash].downcase
			result_string << "#{result[:hash]}:\n"
			hashes << result[:hash].downcase
		end
		result_string << "#{result[:scanner]}: ".rjust(25) + "#{result[:result]}\n"
	end if @results != nil

	result_string
end

#to_xmlString

Outputs the result to XML

Returns:

  • (String)

    XML representation of the result



145
146
147
148
149
150
151
152
153
154
155
156
157
158
 
# File 'lib/uirusu/vtresult.rb', line 145

def to_xml
	result_string = String.new
	result_string << "<results>\n"
	@results.each do |result|
		result_string << "\t<vtresult>\n"
		RESULT_FIELDS.each{|field|
			result_string << "\t\t<#{field.to_s}>#{result[field]}</#{field.to_s}>\n" unless field == :permalink and result['permalink'].nil?
		}
		result_string << "\t</vtresult>\n"
	end if @results != nil
	result_string << "</results>\n"

	result_string
end

#to_yamlString

Outputs the result to YAML

Returns:

  • (String)

    YAML representation of the result



138
139
140
 
# File 'lib/uirusu/vtresult.rb', line 138

def to_yaml
	@results.map{|entry| { :vtresult => entry } }.to_yaml
end