fetch report for file from virus total.

6 files changed, 55 insertions, 6 deletions

diff --git a/app/jobs/fingerprint_lookup_job.rb b/app/jobs/fingerprint_lookup_job.rb
new file mode 100644
index 0000000..3085564
--- /dev/null
+++ b/app/jobs/fingerprint_lookup_job.rb
@@ -0,0 +1,19 @@
+class FingerprintLookupJob < ActiveJob::Base
+  #ENDPOINT = "https://www.virustotal.com/vtapi/v2/file/report"
+  ENDPOINT = "https://www.virustotal.com/api/get_file_report.json"
+  queue_as :default
+
+  def perform(fingerprint)
+    response = Typhoeus.post(ENDPOINT, params: {
+      resource: fingerprint,
+      apiKey: ENV.fetch("VIRUS_TOTAL_API_KEY"),
+    })
+    report = JSON.parse(response.response_body)
+    puts "+++"
+    puts response.response_body.inspect
+    puts "---"
+    puts report.inspect
+    puts "+++"
+    Disposition.create_for(fingerprint, report)
+  end
+end
diff --git a/app/models/disposition.rb b/app/models/disposition.rb
index 1bf43c7..87ce27e 100644
--- a/app/models/disposition.rb
+++ b/app/models/disposition.rb
@@ -1,6 +1,7 @@
 class Disposition < ActiveRecord::Base
   enum state: [ :clean, :malicious, :unknown ]
   attr_readonly :fingerprint
+  has_many :file_reports
 
   validates_uniqueness_of :fingerprint
   validates_presence_of :fingerprint, :state
@@ -8,4 +9,11 @@ class Disposition < ActiveRecord::Base
   def to_param
     fingerprint
   end
+
+  def self.create_for(fingerprint, report)
+    disposition = Disposition.find_by(fingerprint: fingerprint)
+    disposition = Disposition.new(fingerprint: fingerprint) if disposition.nil?
+    disposition.state = :unknown
+    disposition.file_reports.create!(data: report)
+  end
 end
diff --git a/app/models/file_report.rb b/app/models/file_report.rb
new file mode 100644
index 0000000..a0363f9
--- /dev/null
+++ b/app/models/file_report.rb
@@ -0,0 +1,4 @@
+class FileReport < ActiveRecord::Base
+  belongs_to :disposition
+  validates_presence_of :disposition, :data
+end
diff --git a/app/workers/cloud_queries.rb b/app/workers/cloud_queries.rb
index 5592ed9..4e87649 100644
--- a/app/workers/cloud_queries.rb
+++ b/app/workers/cloud_queries.rb
@@ -18,11 +18,12 @@ class CloudQueries
     }), to_queue: "worker.events")
 
     if disposition.nil?
-      publish(JSON.generate({
-        command: :request_analysis,
-        agent_id: attributes["agent_id"],
-        fingerprint: fingerprint,
-      }), routing_key: "malwer.agents.#{attributes["agent_id"]}")
+      #publish(JSON.generate({
+        #command: :request_analysis,
+        #agent_id: attributes["agent_id"],
+        #fingerprint: fingerprint,
+      #}), routing_key: "malwer.commands")
+      FingerprintLookup.perform_later(fingerprint)
     end
 
     ack!
diff --git a/db/migrate/20150207151759_create_file_reports.rb b/db/migrate/20150207151759_create_file_reports.rb
new file mode 100644
index 0000000..63a1702
--- /dev/null
+++ b/db/migrate/20150207151759_create_file_reports.rb
@@ -0,0 +1,10 @@
+class CreateFileReports < ActiveRecord::Migration
+  def change
+    create_table :file_reports, id: :uuid, default: 'uuid_generate_v4()' do |t|
+      t.uuid :disposition_id
+      t.json :data
+
+      t.timestamps null: false
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 1011d84..88839f9 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20150204042612) do
+ActiveRecord::Schema.define(version: 20150207151759) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -40,4 +40,11 @@ ActiveRecord::Schema.define(version: 20150204042612) do
 
   add_index "events", ["agent_id"], name: "index_events_on_agent_id", using: :btree
 
+  create_table "file_reports", id: :uuid, default: "uuid_generate_v4()", force: :cascade do |t|
+    t.uuid     "disposition_id"
+    t.json     "data"
+    t.datetime "created_at",     null: false
+    t.datetime "updated_at",     null: false
+  end
+
 end