Class: Uirusu::VTResult

Inherits:
Object
  • Object
show all
Defined in:
lib/uirusu/vtresult.rb

Overview

A wrapper class to hold all of the data for a single Virus total result

Constant Summary collapse

RESULT_FIELDS = 
Uirusu::RESULT_FIELDS

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(hash, results) ⇒ VTResult

Builds a VTResult object based on the hash and results passed to it

Parameters:

  • hash,

    Cryptographic hash that was searched

  • results,

    Results of the search on Virustotal.com



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/uirusu/vtresult.rb', line 34

def initialize hash, results
	if results == nil or results.empty?
		return

	# Take into consideration being passed an array of results.
	# For instance, rescan_file will return an array if more than
	# one sample is given.  This ensures single results work.
	elsif not results.is_a? Array
		results = [ [ hash, results ] ]
	end

	@results = Array.new

	# Results will be an array of: [ [resource, result hash ] ]
	results.each do |entry|
		hash   = entry.first # Grab the resource (checksum hash)
		result = entry.last  # Grab the query report

		if result['response_code'] == 0
			res = Hash.new
			RESULT_FIELDS.each{|field| res[field] = '-' }
			res[:hash] = hash
			res['result'] = result['verbose_msg']
			@results.push res

		elsif result['response_code'] == 0
			abort "[!] Invalid API KEY! Please correct this! Check ~/.uirusu"
		else
			permalink = result['permalink']
			scan_date = result['scan_date']
			md5 = result['md5']
			sha1 = result['sha1']
			sha256 = result['sha256']

			result['scans'].each do |scanner, value|
				if value != ''
					res = Hash.new
					res[:hash] = hash
					res[:md5] = md5
					res[:sha1] = sha1
					res[:sha256] = sha256
					res[:scanner] = scanner
					res[:detected] = value['detected']
					res[:version] = value['version']

					if value['result'] == nil
						res[:result] = "Nothing detected"
					else
						res[:result] = value['result']
					end

					res[:scan_date] = scan_date
					res[:update] = value['update']
					res[:permalink] = permalink unless permalink == nil

					@results.push res
				end
			end
		end
	end

	#if we didn't have any results lets create a fake not found
	if @results.size == 0
		res = Hash.new
		RESULT_FIELDS.each{|field| res[field] = '-' }
		res[:hash] = hash
		res['result'] = result['verbose_msg']
		@results.push res
	end
end

Instance Attribute Details

#resultsObject

Returns the value of attribute results.



27
28
29
 
# File 'lib/uirusu/vtresult.rb', line 27

def results
  @results
end

Instance Method Details

#to_json(options = {}) ⇒ String

Outputs the result to JSON

Returns:

  • (String)

    JSON representation of the result



126
127
128
 
# File 'lib/uirusu/vtresult.rb', line 126

def to_json(options={})
	JSON::pretty_generate(@results.map{|entry| { :vtresult => entry } })
end

#to_stdoutString

Outputs the result to STDOUT

Returns:

  • (String)

    Pretty text printable representation of the result



108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'lib/uirusu/vtresult.rb', line 108

def to_stdout
	result_string = String.new
	hashes = Array.new

	@results.sort_by {|k| k[:scanner] }.each do |result|
		unless hashes.include? result[:hash].downcase
			result_string << "#{result[:hash]}:\n"
			hashes << result[:hash].downcase
		end
		result_string << "#{result[:scanner]}: ".rjust(25) + "#{result[:result]}\n"
	end if @results != nil

	result_string
end

#to_xmlString

Outputs the result to XML

Returns:

  • (String)

    XML representation of the result



140
141
142
143
144
145
146
147
148
149
150
151
152
153
 
# File 'lib/uirusu/vtresult.rb', line 140

def to_xml
	result_string = String.new
	result_string << "<results>\n"
	@results.each do |result|
		result_string << "\t<vtresult>\n"
		RESULT_FIELDS.each{|field|
			result_string << "\t\t<#{field.to_s}>#{result[field]}</#{field.to_s}>\n" unless field == :permalink and result['permalink'].nil?
		}
		result_string << "\t</vtresult>\n"
	end if @results != nil
	result_string << "</results>\n"

	result_string
end

#to_yamlString

Outputs the result to YAML

Returns:

  • (String)

    YAML representation of the result



133
134
135
 
# File 'lib/uirusu/vtresult.rb', line 133

def to_yaml
	@results.map{|entry| { :vtresult => entry } }.to_yaml
end