Commit d6af160
Changed files (6)
app
db
app/jobs/fingerprint_lookup_job.rb
@@ -0,0 +1,19 @@
+class FingerprintLookupJob < ActiveJob::Base
+ #ENDPOINT = "https://www.virustotal.com/vtapi/v2/file/report"
+ ENDPOINT = "https://www.virustotal.com/api/get_file_report.json"
+ queue_as :default
+
+ def perform(fingerprint)
+ response = Typhoeus.post(ENDPOINT, params: {
+ resource: fingerprint,
+ apiKey: ENV.fetch("VIRUS_TOTAL_API_KEY"),
+ })
+ report = JSON.parse(response.response_body)
+ puts "+++"
+ puts response.response_body.inspect
+ puts "---"
+ puts report.inspect
+ puts "+++"
+ Disposition.create_for(fingerprint, report)
+ end
+end
app/models/disposition.rb
@@ -1,6 +1,7 @@
class Disposition < ActiveRecord::Base
enum state: [ :clean, :malicious, :unknown ]
attr_readonly :fingerprint
+ has_many :file_reports
validates_uniqueness_of :fingerprint
validates_presence_of :fingerprint, :state
@@ -8,4 +9,11 @@ class Disposition < ActiveRecord::Base
def to_param
fingerprint
end
+
+ def self.create_for(fingerprint, report)
+ disposition = Disposition.find_by(fingerprint: fingerprint)
+ disposition = Disposition.new(fingerprint: fingerprint) if disposition.nil?
+ disposition.state = :unknown
+ disposition.file_reports.create!(data: report)
+ end
end
app/models/file_report.rb
@@ -0,0 +1,4 @@
+class FileReport < ActiveRecord::Base
+ belongs_to :disposition
+ validates_presence_of :disposition, :data
+end
app/workers/cloud_queries.rb
@@ -18,11 +18,12 @@ class CloudQueries
}), to_queue: "worker.events")
if disposition.nil?
- publish(JSON.generate({
- command: :request_analysis,
- agent_id: attributes["agent_id"],
- fingerprint: fingerprint,
- }), routing_key: "malwer.agents.#{attributes["agent_id"]}")
+ #publish(JSON.generate({
+ #command: :request_analysis,
+ #agent_id: attributes["agent_id"],
+ #fingerprint: fingerprint,
+ #}), routing_key: "malwer.commands")
+ FingerprintLookup.perform_later(fingerprint)
end
ack!
db/migrate/20150207151759_create_file_reports.rb
@@ -0,0 +1,10 @@
+class CreateFileReports < ActiveRecord::Migration
+ def change
+ create_table :file_reports, id: :uuid, default: 'uuid_generate_v4()' do |t|
+ t.uuid :disposition_id
+ t.json :data
+
+ t.timestamps null: false
+ end
+ end
+end
db/schema.rb
@@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20150204042612) do
+ActiveRecord::Schema.define(version: 20150207151759) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
@@ -40,4 +40,11 @@ ActiveRecord::Schema.define(version: 20150204042612) do
add_index "events", ["agent_id"], name: "index_events_on_agent_id", using: :btree
+ create_table "file_reports", id: :uuid, default: "uuid_generate_v4()", force: :cascade do |t|
+ t.uuid "disposition_id"
+ t.json "data"
+ t.datetime "created_at", null: false
+ t.datetime "updated_at", null: false
+ end
+
end