CIRCL
/
lookyloo
mirror of https://github.com/CIRCL/lookyloo
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Calls with the VT lib fail when not in async mode.

pull/946/head
Raphaël Vinot 2024-10-02 01:42:47 +02:00
parent 84edd62b28
commit db5644d782
1 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lookyloo/modules/vt.py
View File

@ -2,12 +2,14 @@
from __future__ import annotations from __future__ import annotations
import asyncio
import json import json
import time import time
from datetime import date from datetime import date
from typing import Any, TYPE_CHECKING from typing import Any, TYPE_CHECKING
import vt # type: ignore[import-untyped] import vt # type: ignore[import-untyped]
from vt import ClientResponse
from vt.error import APIError # type: ignore[import-untyped] from vt.error import APIError # type: ignore[import-untyped]
from vt.object import WhistleBlowerDict # type: ignore[import-untyped] from vt.object import WhistleBlowerDict # type: ignore[import-untyped]
@ -71,6 +73,15 @@ class VirusTotal(AbstractModule):
self.url_lookup(cache.url, force) self.url_lookup(cache.url, force)
return {'success': 'Module triggered'} return {'success': 'Module triggered'}
async def get_object_vt(self, url: str) -> ClientResponse:
url_id = vt.url_id(url)
async with vt.Client(self.config['apikey'], trust_env=self.config.get('trustenv', False)) as client:
return await client.get_object_async(f"/urls/{url_id}")
async def scan_url(self, url: str) -> None:
async with vt.Client(self.config['apikey'], trust_env=self.config.get('trustenv', False)) as client:
await client.scan_url_async(url)
def url_lookup(self, url: str, force: bool=False) -> None: def url_lookup(self, url: str, force: bool=False) -> None:
'''Lookup an URL on VT '''Lookup an URL on VT
Note: force means 2 things: Note: force means 2 things:
@ -89,7 +100,7 @@ class VirusTotal(AbstractModule):
scan_requested = False scan_requested = False
if self.autosubmit and force: if self.autosubmit and force:
try: try:
self.client.scan_url(url) asyncio.run(self.scan_url(url))
except APIError as e: except APIError as e:
if e.code == 'QuotaExceededError': if e.code == 'QuotaExceededError':
self.logger.warning('VirusTotal quota exceeded, sry.') self.logger.warning('VirusTotal quota exceeded, sry.')
@ -100,10 +111,9 @@ class VirusTotal(AbstractModule):
if not force and vt_file.exists(): if not force and vt_file.exists():
return return
url_id = vt.url_id(url)
for _ in range(3): for _ in range(3):
try: try:
url_information = self.client.get_object(f"/urls/{url_id}") url_information = asyncio.run(self.get_object_vt(url))
with vt_file.open('w') as _f: with vt_file.open('w') as _f:
json.dump(url_information.to_dict(), _f, default=jsonify_vt) json.dump(url_information.to_dict(), _f, default=jsonify_vt)
break break
@ -112,7 +122,7 @@ class VirusTotal(AbstractModule):
break break
if not scan_requested and e.code == 'NotFoundError': if not scan_requested and e.code == 'NotFoundError':
try: try:
self.client.scan_url(url) asyncio.run(self.scan_url(url))
scan_requested = True scan_requested = True
except APIError as e: except APIError as e:
self.logger.warning(f'Unable to trigger VirusTotal on {url}: {e}') self.logger.warning(f'Unable to trigger VirusTotal on {url}: {e}')