Add ability to check issues against Virus Total #945
Conversation
|
Example of the details comments with the information added can be seen here: With viruses in the report: AdmiringWorm#59 (comment) |
|
|
|
@tunisiano187 the intention from my end isn't to upload any files, only to check and verify any existing virus scan results. |
|
yes , Hybrid analysis do that with their own scans + Virus Total's without limit per hour ... that was the interesting point. |
|
I see, TBH, I had never heard of the website before. |
It looks like those limits only apply to direct uploads, though -- I just submitted a Chocolatey package to their API directly via the download URL (swig.4.0.2.04082020.nupkg, chosen pretty much at random), and they were able to scan it from there. A bigger issue may be that they don't appear to support They list the type as "Microsoft OOXML" (which is accurate), and the type strings as "docx" and "office" (which are not). The scan seems to be treating the package as a document, rather than an executable. Ahhh, dangit. I just tried to point it at the URL for a larger |
AdmiringWorm
force-pushed
the
virus-total
branch
2 times, most recently
from
7f3fd9b
to
08d7df4
Compare
|
Hi @AdmiringWorm I wanted to take this for a spin on your branch, but it seems that you have switched branches |
Yeah, I was working on something else and had the branch changed to the work in progress there. I have switched back to the branch for this PR, so if you want to check it out then feel free to do so now. |
AdmiringWorm
force-pushed
the
virus-total
branch
from
08d7df4
to
f220d2f
Compare
AdmiringWorm
force-pushed
the
virus-total
branch
from
f220d2f
to
efb482b
Compare
.vscode/settings.json
Outdated
| @@ -0,0 +1,3 @@ | |||
| { | |||
| "powershell.codeFormatting.addWhitespaceAroundPipe": true | |||
There was a problem hiding this comment.
This seems like a fine change, but may have been an unintended addition?
There was a problem hiding this comment.
When this change was added it was automatically added by vscode, however as it is the default I decided to leave it in.
There was a problem hiding this comment.
I've decided to get this removed again
|
|
||
| try { | ||
| # next we try to serialize as hash table | ||
| return $inputObject | ConvertFrom-Json -AsHashtable |
There was a problem hiding this comment.
-AsHashtable may not be supported in PS5. We're using windows-latest in our tasks, but I think the way we're running it may take us to PowerShell rather than Pwsh. May be wrong! I don't know what we're targetting here, just noting as we normally dive into backwards compatibility.
That may also be fine, as this is being used post-IRM, which (I thought) should convert from JSON anyway, and this may just fall down to returning the object as-is. Looking at the API, though, it's... hm, fun.
There was a problem hiding this comment.
-AsHashtable may not be supported in PS5.
You are right, it is not supported in PS5. We are however explicitly telling GitHub action to use Pwsh, so that is fine. Backwards compatibility is not a concern as these files aren't supposed to be ran on a users computer.
Also to mention, from what I remember when this was added the entire thing would fall over if -AsHashtable wasn't used.
scripts/private/messages.ps1
Outdated
| @@ -19,7 +19,7 @@ class StatusCheckMessages { | |||
| static [string]$checkingUserMarkedDownloadUrlPublic = "Checking if user have marked the download URL as being public and not bedind a paywall"; | |||
| static [string]$checkingUserProvidedDirectDownloadUrl = "Checking if the user have provided a direct download URL"; | |||
| static [string]$checkingUserProvidedSoftwareProjectUrl = "Checking if user have provided a URL to the software project"; | |||
| static [string]$checkingUserSearchedForOpenIssues = "Checking if the user have checked for already opened issues"; | |||
There was a problem hiding this comment.
I can't see associated calls for this being removed (e.g. line 69 of scripts/private/validations/Get-NewPackageValidationResult.ps1).
There was a problem hiding this comment.
Good catch, not sure why it was removed, but I'll get it added back.
scripts/private/messages.ps1
Outdated
| @@ -19,7 +19,7 @@ class StatusCheckMessages { | |||
| static [string]$checkingUserMarkedDownloadUrlPublic = "Checking if user have marked the download URL as being public and not bedind a paywall"; | |||
| static [string]$checkingUserProvidedDirectDownloadUrl = "Checking if the user have provided a direct download URL"; | |||
| static [string]$checkingUserProvidedSoftwareProjectUrl = "Checking if user have provided a URL to the software project"; | |||
| static [string]$checkingUserSearchedForOpenIssues = "Checking if the user have checked for already opened issues"; | |||
| static [string]$checkingvirusTotalCheckSearchedForOpenIssues = "Checking if the user have checked for already opened issues"; | |||
There was a problem hiding this comment.
| static [string]$checkingvirusTotalCheckSearchedForOpenIssues = "Checking if the user have checked for already opened issues"; | |
| static [string]$checkingvirusTotalCheckSearchedForOpenIssues = "Checking for Virus Total issues"; |
Minor, phrasing to update from the previous message. The variable name is a little... cloudy. It seems like $virusTotalCheck, below, is doing this work for this. It's possible this line should be rolled back?
There was a problem hiding this comment.
The suggestion here doesn't follow the same format as the other check messages (These are the messages outputted in the GitHub action, but not anywhere else).
I'll figure out something to change this to, as it is currently wrong.
EDIT: When looking again, this was incorrectly renamed. Not sure what was going on here.
| @@ -0,0 +1,72 @@ | |||
| function Get-JsonResults() { | |||
There was a problem hiding this comment.
| function Get-JsonResults() { | |
| function Get-JsonResults { |
I didn't realise you could specify param blocks both as a simple and advanced function at once! Probably worth tidying up, though.
Edit: Ah, had a play. Looks like it's only trouble if you specify parameters in both places. Interesting!
There was a problem hiding this comment.
It may also be worth supporting pipelining here, but... it's here, it works. No point in changing it if it's fine, etc.
AdmiringWorm
force-pushed
the
virus-total
branch
from
efb482b
to
8fb1267
Compare
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
Sorry, something went wrong.
This pull requests adds the ability to check if there are already virus reports available on VirusTotal for the specified download url.
If there is no report available, it will add to the comment details as such.
This code requires that a
secretvariable is added to the Settings page of this repository calledVIRUS_TOTAL_API_KEY, and needs to be added by someone with access to a VirusTotal api key and the repository settings page.