Class: VirustotalAPI::File

Inherits:

Base

• Object
• Base
• VirustotalAPI::File

Defined in:

lib/virustotal_api/file.rb

Overview

A class for ‘/files’ API

Instance Attribute Summary

Attributes inherited from Base

#id, #report, #report_url

Class Method Summary

• .analyse(resource, api_key) ⇒ VirustotalAPI::File

  Analyse a hash again.

• .find(resource, api_key) ⇒ VirustotalAPI::File

  Find a hash.

• .upload(file_path, api_key, opts = {}) ⇒ VirusotalAPI::File

  Upload a new file.

• .upload_large(file_path, api_key, opts = {}) ⇒ VirusotalAPI::File

  Upload a new file with size more than 32MB.

• .upload_url(api_key) ⇒ String

  Url for upload file.

Instance Method Summary

• #detected_by(engine) ⇒ Boolean

  Check if the submitted hash is detected by an AV engine.

Methods inherited from Base

#api_uri, api_uri, #exists?, #initialize, perform, perform_absolute, url_identifier

Constructor Details

This class inherits a constructor from VirustotalAPI::Base

Class Method Details

.analyse(resource, api_key) ⇒ VirustotalAPI::File

Analyse a hash again.

Parameters:

• resource (String) —

  file as a md5/sha1/sha256 hash

• api_key (String) —

  The key for virustotal

Returns:

• (VirustotalAPI::File) —

  Report

# File 'lib/virustotal_api/file.rb', line 48

def self.analyse(resource, api_key)
  report = perform("/files/#{resource}/analyse", api_key, :post)
  new(report)
end

.find(resource, api_key) ⇒ VirustotalAPI::File

Find a hash.

Parameters:

• resource (String) —

  file as a md5/sha1/sha256 hash

• api_key (String) —

  The key for virustotal

Returns:

• (VirustotalAPI::File) —

  Report Search Result

# File 'lib/virustotal_api/file.rb', line 13

def self.find(resource, api_key)
  report = perform("/files/#{resource}", api_key)
  new(report)
end

.upload(file_path, api_key, opts = {}) ⇒ VirusotalAPI::File

Upload a new file.

Parameters:

• file_path (String) —

  for file to be sent for scan

• api_key (String) —

  The key for virustotal

• opts (Hash) (defaults to: {}) —

  hash for additional options

Returns:

• (VirusotalAPI::File) —

  Report

# File 'lib/virustotal_api/file.rb', line 24

def self.upload(file_path, api_key, opts = {})
  filename = opts.fetch('filename') { ::File.basename(file_path) }
  report   = perform('/files', api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
  new(report)
end

.upload_large(file_path, api_key, opts = {}) ⇒ VirusotalAPI::File

Upload a new file with size more than 32MB.

Parameters:

• file_path (String) —

  for file to be sent for scan

• api_key (String) —

  The key for virustotal

• opts (Hash) (defaults to: {}) —

  hash for additional options

Returns:

• (VirusotalAPI::File) —

  Report

# File 'lib/virustotal_api/file.rb', line 36

def self.upload_large(file_path, api_key, opts = {})
  filename = opts.fetch('filename') { ::File.basename(file_path) }
  url      = upload_url(api_key)
  report   = perform_absolute(url, api_key, :post, filename: filename, file: ::File.open(file_path, 'r'))
  new(report)
end

.upload_url(api_key) ⇒ String

Returns url for upload file.

Returns:

• (String) —

  url for upload file

# File 'lib/virustotal_api/file.rb', line 54

def self.upload_url(api_key)
  data = perform('/files/upload_url', api_key)
  data&.dig('data')
end

Instance Method Details

#detected_by(engine) ⇒ Boolean

Check if the submitted hash is detected by an AV engine.

Parameters:

• engine (String) —

  The engine to check.

Returns:

• (Boolean) —

  true if detected

# File 'lib/virustotal_api/file.rb', line 63

def detected_by(engine)
  report&.dig('data', 'attributes', 'last_analysis_results', engine, 'category') == 'malicious'
end