def get_urlscan_details(url_body): try: jsonschema.validate(url_body, details_url_schema) except jsonschema.exceptions.ValidationError as exc: raise BadRequest(exc.message) URL = url_body.get('url') historic_search, when_performed = urlscan.search_newest(URL) found = False if when_performed and when_performed > datetime.utcnow() - timedelta(days=Const.DAY): results = urlscan.results(historic_search.get('_id')) if results: found = True if not found: try: url_id = urlscan.submit(URL) except urlscan.ApiKeyException as exc: raise Unauthorized(exc.message) except urlscan.UrlscanException as exc: raise BadRequest(exc.message) results = urlscan.results(url_id, wait_time=60) if not results: return _no_data_response() response_text = { "details": results } return Response(json.dumps( response_text, default=_default_json_model ), 200, mimetype="application/json")
def verify_urlscan(URL, passive=False, urlscan_wait_time=Const.URLSCAN_WAIT_SECONDS): historic_search, when_performed = urlscan.search_newest(URL) if passive and when_performed and when_performed > datetime.utcnow() - timedelta(days=3 * Const.DAY): results = urlscan.results(historic_search.get('_id')) if results and results.get('malicious'): return True, Const.URLSCAN_FINISHED_MESSAGE else: return False, Const.URLSCAN_FINISHED_MESSAGE elif not passive: log.debug('[URL_VERIFY] Force scanning URL') try: url_id = urlscan.submit(URL) except urlscan.UrlscanException: return False, Const.URLSCAN_NOT_FINISHED_ERROR results = urlscan.results(url_id, wait_time=urlscan_wait_time) if results: if results.get('malicious'): return True, Const.URLSCAN_FINISHED_MESSAGE else: return False, Const.URLSCAN_FINISHED_MESSAGE else: return False, Const.URLSCAN_NOT_FINISHED_ERROR else: return False, Const.URLSCAN_NOT_FINISHED_ERROR
def urlscan_data(): search_url = "example.com" wait(5) info("Requested url - {}".format(search_url)) uid = submit(search_url) info("Submited search with id {}".format(uid), pre=True) r = results(uid, wait_time=120) newest = search_newest(search_url) yield search_url, uid, r, newest
def test_results_invalid_uid(self): uid = token_hex(25) info("Requested id: {}".format(uid)) r = results(uid, wait_time=10) assert_none(r, "Check if returned search data is None")
def test_results(self, urlscan_data): uid = urlscan_data[1] info("Requested id: {}".format(uid)) r = results(uid, wait_time=10) assert_type(r, dict, "Check if returned search data is valid dict") assert_not_empty(r, "Check if returned search data is not empty")