Sha256: b402534482b07eaddd650c447b1c21855a9e068d214b48989e6fd60b3b4ae9dd

Contents?: true

Size: 1.5 KB

Versions: 21

Compression:

Stored size: 1.5 KB

Contents

# frozen_string_literal: true

require "virustotal"

module Mihari
  module Analyzers
    class VirusTotalIntelligence < Base
      param :query

      option :interval, default: proc { 0 }

      # @return [String, nil]
      attr_reader :api_key

      def initialize(*args, **kwargs)
        super

        @query = query

        @api_key = kwargs[:api_key] || Mihari.config.virustotal_api_key
      end

      def artifacts
        responses = search_witgh_cursor
        responses.map do |response|
          response.data.map do |datum|
            Artifact.new(data: datum.value, source: source, metadata: datum.metadata)
          end
        end.flatten
      end

      private

      def configuration_keys
        %w[virustotal_api_key]
      end

      #
      # VT API
      #
      # @return [::VirusTotal::API]
      #
      def api
        @api = ::VirusTotal::API.new(key: api_key)
      end

      #
      # Search with cursor
      #
      # @return [Array<Structs::VirusTotalIntelligence::Response>]
      #
      def search_witgh_cursor
        cursor = nil
        responses = []

        loop do
          response = Structs::VirusTotalIntelligence::Response.from_dynamic!(api.intelligence.search(query, cursor: cursor))
          responses << response

          break if response.meta.cursor.nil?

          cursor = response.meta.cursor

          # sleep #{interval} seconds to avoid the rate limitation (if it is set)
          sleep interval
        end

        responses
      end
    end
  end
end

Version data entries

21 entries across 21 versions & 1 rubygems

Version Path
mihari-5.1.0 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-5.0.1 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-5.0.0 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.12.0 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.11.0 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.10.0 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.9.0 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.8.0 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.7.4 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.7.3 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.7.2 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.7.1 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.7.0 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.6.1 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.6.0 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.5.3 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.5.2 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.5.1 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.5.0 lib/mihari/analyzers/virustotal_intelligence.rb
mihari-4.4.1 lib/mihari/analyzers/virustotal_intelligence.rb