diff --git a/api/routes/file.js b/api/routes/file.js index e64dde3..06b0139 100644 --- a/api/routes/file.js +++ b/api/routes/file.js @@ -177,11 +177,13 @@ export function* post(next) { // Check in the background process.nextTick(function* malwareScan() { debug('Malware Scan'); - const { positive, result } = yield malware(dbFile); - if (positive) { - this.statsd.incr('file.malware', 1); + const result = yield malware(dbFile); + if (result) { + yield Files.updateOne({_id: fileId}, {'$set': {malware: positive, virustotal: result}}); + if (result.positive) { + this.statsd.incr('file.malware', 1); + } } - yield Files.updateOne({_id: fileId}, {'$set': {malware: positive, virustotal: result}}); }); } else { debug('Skipping Malware Scan, VIRUSTOTAL env variable not found.'); diff --git a/app.js b/app.js index 6ab8721..93b09d3 100644 --- a/app.js +++ b/app.js @@ -17,8 +17,6 @@ import web from './web/app'; import debugname from 'debug'; const debug = debugname('hostr'); -debug(process.env.COOKIE_KEY); - const app = websockify(koa()); app.keys = [process.env.COOKIE_KEY]; diff --git a/circle.yml b/circle.yml index a1a7edb..516ad4a 100644 --- a/circle.yml +++ b/circle.yml @@ -12,8 +12,5 @@ dependencies: cache_directories: - node_modules - web/public/jspm_packages - pre: - - npm install -g node-gyp-install - - node-gyp-install post: - npm run jspm diff --git a/lib/malware.js b/lib/malware.js index 0fb1221..e628474 100644 --- a/lib/malware.js +++ b/lib/malware.js @@ -1,6 +1,4 @@ -import virustotal from 'virustotal.js'; - -virustotal.setKey(process.env.VIRUSTOTAL_KEY); +import virustotal from './virustotal'; const extensions = ['EXE', 'PIF', 'APPLICATION', 'GADGET', 'MSI', 'MSP', 'COM', 'SCR', 'HTA', 'CPL', 'MSC', 'JAR', 'BAT', 'CMD', 'VB', 'VBS', 'VBE', 'JS', 'JSE', 'WS', 'WSF', 'WSC', 'WSH', 'PS1', 'PS1XML', 'PS2', @@ -14,21 +12,13 @@ function getExtension(filename) { return (i < 0) ? '' : filename.substr(i + 1); } -export default function(file) { - return new Promise((resolve, reject) => { - if (extensions.indexOf(getExtension(file.file_name.toUpperCase())) >= 0) { - virustotal.getFileReport(file.md5, (err, res) => { - if (err) { - return reject(err); - } - if (res.scans) { - resolve({positive: res.positives >= 5, result: res}); - } else { - resolve(); - } - }); - } else { - resolve(); - } - }); +export default function* (file) { + if (extensions.indexOf(getExtension(file.file_name.toUpperCase())) < 0) { + return false; + } + const result = yield virustotal.getFileReport(file.md5); + return { + positive: result.positives >= 5, + result: result, + }; } diff --git a/lib/virustotal.js b/lib/virustotal.js new file mode 100644 index 0000000..b7bb36e --- /dev/null +++ b/lib/virustotal.js @@ -0,0 +1,11 @@ +import fetch from 'node-fetch'; +import FormData from 'form-data'; + +const apiRoot = 'https://www.virustotal.com/vtapi/v2'; + +export function* getFileReport(resource, apiKey = process.env.VIRUSTOTAL_KEY) { + const form = new FormData(); + form.append('apikey', apiKey); + form.append('resource', resource); + return yield fetch(`${apiRoot}/file/report`, { method: 'POST'}); +} diff --git a/package.json b/package.json index 4e36182..dba1989 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ "test": "mongo hostr test/fixtures/mongo-*.js && mocha -r babel/register test/**/*.spec.js", "watch": "parallelshell \"npm run watch-js\" \"npm run watch-sass\" \"npm run watch-server\"", "watch-js": "babel -Dw -m system -d web/public/build web/public/src", - "watch-server": "nodemon node -r babel/register app.js", + "watch-server": "nodemon -r babel/register app.js", "watch-sass": "node-sass -w -r -o web/public/styles/ web/public/styles/" }, "dependencies": { @@ -32,6 +32,7 @@ "co-views": "~2.1.0", "debug": "~2.2.0", "ejs": "~2.3.2", + "form-data": "^0.2.0", "gm": "~1.18.1", "http-errors": "~1.3.1", "jspm": "~0.16.0", @@ -54,6 +55,7 @@ "mime-types": "~2.1.5", "moment": "~2.10.6", "mongodb-promisified": "~1.0.3", + "node-fetch": "^1.3.2", "node-sass": "~3.3.0", "node-uuid": "~1.4.3", "passwords": "~1.3.0", @@ -63,8 +65,7 @@ "s3-upload-stream": "~1.0.7", "statsy": "~0.2.0", "stripe": "~3.7.1", - "swig": "~1.4.2", - "virustotal.js": "~0.3.1" + "swig": "~1.4.2" }, "devDependencies": { "babel-eslint": "^4.0.10",