Merge pull request #55 from Ostorlab/feature/add-scan-link-and/or-has…

…h-to-virustotal-findings Add scan link to virus total findings
Ostorlab · Jul 22, 2024 · d03f38a · d03f38a
2 parents a471a08 + 54d5d98
commit d03f38a
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 5 deletions.
diff --git a/agent/process_scans.py b/agent/process_scans.py
@@ -10,13 +10,16 @@
 EXCLUDED_SCANNERS = ["K7GW", "TrendMicro-HouseCall"]
 
 
-def get_technical_details(scans: dict[str, Any], target: str | None) -> str:
+def get_technical_details(
+    scans: dict[str, Any], target: str | None, scans_link: str | None
+) -> str:
     """Returns a markdown table of the technical report of the scan.
     Each row presents an antivirus with corresponding scan result : Malicious/Safe.
 
     Args:
         scans : Dictionary of the scans.
         target : target to scan.
+        scans_link : Link to the scan report.
 
     Returns:
         technical_detail : Markdown table of the scans results.
@@ -26,6 +29,10 @@ def get_technical_details(scans: dict[str, Any], target: str | None) -> str:
     if target is not None:
         technical_detail = f"Analysis of the target `{target}`:\n"
     technical_detail += markdown.table_markdown(formatted_scans)
+    if scans_link is not None:
+        technical_detail += (
+            f"\nFor more details, visit the [scan report]({scans_link})."
+        )
     return technical_detail
 
 

diff --git a/agent/virus_total_agent.py b/agent/virus_total_agent.py
@@ -86,10 +86,13 @@ def process(self, message: msg.Message) -> None:
 
     def _process_response(self, response: dict[str, Any], target: str | None) -> None:
         scans = virustotal.get_scans(response)
+        scans_link = response.get("results", {}).get("permalink")
         try:
             if scans is not None:
                 scans = process_scans.exclude_unreliable_scans(scans)
-                technical_detail = process_scans.get_technical_details(scans, target)
+                technical_detail = process_scans.get_technical_details(
+                    scans, target, scans_link
+                )
 
                 if process_scans.is_scan_malicious(scans) is True:
                     self.report_vulnerability(

diff --git a/tests/virus_total_agent_test.py b/tests/virus_total_agent_test.py
@@ -102,6 +102,7 @@ def virustotal_url_valid_response(url: str, timeout: int) -> dict[str, Any]:
             "sha1": "some_sha1",
             "resource": "some_ressource_id",
             "response_code": 1,
+            "permalink": "http://www.virustotal.com/url/1db0ad7dbcec0676710ea0eaacd35d5e471d3e11944d53bcbd31f0cbd11bce31/analysis/1320752364/",
         },
         "response_code": 200,
     }
@@ -131,6 +132,7 @@ def virustotal_valid_response(message: msg.Message) -> dict[str, Any]:
             "sha1": "some_sha1",
             "resource": "some_ressource_id",
             "response_code": 1,
+            "permalink": "https://www.virustotal.com/file/52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c/analysis/1273894724/",
         },
         "response_code": 200,
     }
@@ -163,6 +165,10 @@ def testVirusTotalAgent_whenVirusTotalApiReturnsValidResponse_noExceptionRaised(
         == "VirusTotal scan flagged malicious asset(s) (MD5 based search)"
     )
     assert isinstance(agent_mock[0].data["technical_detail"], str)
+    assert (
+        "For more details, visit the [scan report](https://www.virustotal.com/file/52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c/analysis/1273894724/)."
+        in agent_mock[0].data["technical_detail"]
+    )
     assert all(
         msg.data["short_description"] == "VirusTotal Malware analysis."
         for msg in agent_mock
@@ -228,6 +234,11 @@ def testVirusTotalAgent_whenLinkReceived_virusTotalApiReturnsValidResponse(
         == "VirusTotal scan flagged malicious asset(s) (MD5 based search)"
     )
     assert isinstance(agent_mock[0].data["technical_detail"], str)
+    assert (
+        "For more details, visit the [scan report]("
+        "http://www.virustotal.com/url/1db0ad7dbcec0676710ea0eaacd35d5e471d3e11944d53bcbd31f0cbd11bce31/analysis"
+        "/1320752364/)."
+    ) in agent_mock[0].data["technical_detail"]
     assert all(
         msg.data["short_description"] == "VirusTotal Malware analysis."
         for msg in agent_mock
@@ -410,9 +421,15 @@ def testVirusTotalAgent_whenFileHasNoPath_shouldReportWithHash(
     virustotal_agent.process(message_without_path)
 
     assert len(agent_mock) == 1
-    assert agent_mock[0].data["technical_detail"] == (
-        "Analysis of the target `44d88612fea8a8f36de82e1278abb02f`:\n|Package|  Result  |"
-        "  \n|-------|----------|  \n|Bkav   |_Safe_    |  \n|Elastic|_Malicous_|  \n"
+    assert (
+        agent_mock[0].data["technical_detail"]
+        == """Analysis of the target `44d88612fea8a8f36de82e1278abb02f`:
+|Package|  Result  |  
+|-------|----------|  
+|Bkav   |_Safe_    |  
+|Elastic|_Malicous_|  
+
+For more details, visit the [scan report](https://www.virustotal.com/file/52d3df0ed60c46f336c131bf2ca454f73bafdc4b04dfa2aea80746f5ba9e6d1c/analysis/1273894724/)."""
     )