def check_virus_total(self, blockable_id): blockable = binary_models.Blockable.get_by_id(blockable_id) if not blockable: self.abort(httplib.NOT_FOUND, explanation='Blockable not found') if isinstance(blockable, package_models.SantaBundle): keys = package_models.SantaBundle.GetBundleBinaryKeys( blockable.key) all_results = { 'response_code': vt_constants.RESPONSE_CODE.UNKNOWN, 'positives': 0, 'reports': {} } for key in keys: try: results = analysis_api.VirusTotalLookup(key.id()) except analysis_api.FailedLookupError as e: # pylint: disable=broad-except # NOTE: We suppress all errors here because an omitted entry will be # considered an error and prevent the response from being considered # fully analyzed. logging.warning(str(e)) else: if 'scans' in results: del results['scans'] all_results['positives'] += bool(results.get('positives')) all_results['reports'][key.id()] = results # If all binaries have reports, set response to ANALYZED. if (len(all_results['reports']) == len(keys) and all('total' in report for report in all_results['reports'].values())): all_results[ 'response_code'] = vt_constants.RESPONSE_CODE.ANALYZED self.respond_json(all_results) else: try: results = analysis_api.VirusTotalLookup(blockable_id) except analysis_api.FailedLookupError as e: # pylint: disable=broad-except logging.exception(str(e)) self.abort(httplib.NOT_FOUND) else: self.respond_json(results)
def _CollectVirusTotalLookup(blockable_id, reason): """Fetches VT analysis for the given blockable and saves the result.""" results = analysis_api.VirusTotalLookup(blockable_id) response_code = results['response_code'] analysis_state = ( vt_constants.ANALYSIS_STATE.MAP_FROM_RESPONSE_CODE[response_code]) positives = results.get('positives', -1) blockable = base_models.Blockable.get_by_id(blockable_id) metric = metrics_db.VirusTotalAnalysisMetric( blockable_id=blockable_id, platform=blockable.GetPlatformName(), analysis_state=analysis_state, analysis_reason=reason, positives=positives) metric.put() monitoring.virustotal_new_lookups.Increment(analysis_state)