vt scan experiment

Author: aloneguid

.github/workflows/build.yml

@@ -40,6 +40,15 @@ jobs:
         # set to false to clear any cache in case of build errors
         cache: false
 
+    - name: Setup Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.11' 
+
+    - name: Install Python dependencies
+      run: pip install -r requirements.txt
+      working-directory: scripts
+
     - name: ⚙️ configure
       run: >
         cmake -B build -S .
@@ -60,9 +69,9 @@ jobs:
       run: cpack -C ${{ env.BUILD_TYPE }}
       working-directory: build
 
-    - name: debug
-      run: ls -R
-      working-directory: build 
+    # - name: debug
+    #   run: ls -R
+    #   working-directory: build 
 
     # creates "atf" subdir and put the following:
     # 1. msi installer, renamed after version number
@@ -74,6 +83,7 @@ jobs:
         cp build/bt.msi atf/${{ env.MSI_FILE_NAME }}
         Compress-Archive -Path build/bt/Release/bt.exe -DestinationPath atf/${{ env.ZIP_FILE_NAME }} -CompressionLevel Optimal
         Compress-Archive -Path build/bt/Release/bt.pdb -DestinationPath atf/${{ env.PDB_FILE_NAME }} -CompressionLevel Optimal
+        python scripts/vt_scan.py --files atf/${{ env.ZIP_FILE_NAME }} atf/${{ env.MSI_FILE_NAME }} --md-output atf/vt.md
         "${{ env.VERSION }}" | Out-File atf/version.txt -NoNewline
         (Get-FileHash -Algorithm SHA256 -Path atf/${{ env.ZIP_FILE_NAME }}).Hash | Out-File atf/${{ env.ZIP_FILE_NAME }}.sha256.txt
         (Get-FileHash -Algorithm SHA256 -Path atf/${{ env.MSI_FILE_NAME }}).Hash | Out-File atf/${{ env.MSI_FILE_NAME }}.sha256.txt

.github/workflows/release.yml

@@ -44,6 +44,7 @@ jobs:
             bin/*.sha256.txt
           body_path: final_notes.md
 
+      # update_release_body does not actually work, i'll revisit how to do it automatically later
       - name: VirusTotal Scan
         uses: crazy-max/ghaction-virustotal@v4
         with:

.gitignore

@@ -5,4 +5,5 @@ build/
 bin/
 obj/
 vcpkg_installed/
-btcheck-cppcheck-build-dir/
+btcheck-cppcheck-build-dir/
+*.iml

scripts/requirements.txt

@@ -0,0 +1,2 @@
+vt-py==0.17.5
+rich==13.5.3

scripts/vt_scan.py

@@ -0,0 +1,68 @@
+import rich.progress
+import os
+import argparse
+import glob
+import hashlib
+from rich.progress import Progress
+from vt.client import Client
+from vt.error import APIError
+from dataclasses import dataclass
+
+@dataclass
+class ScanResult:
+    file_path: str
+    file_name: str
+    sha256: str
+    web_url: str
+
+def scan_file(vt: Client, path: str, progress: rich.progress.Progress) -> ScanResult:
+    with open(path, "rb", buffering=0) as f:
+        sha256 = hashlib.file_digest(f, "sha256").hexdigest()
+        progress.console.print(sha256)
+
+        # get info or scan
+        try:
+            vt.get_object(f"/files/{sha256}")
+        except APIError:
+            vt.scan_file(f)
+
+    return ScanResult(path,
+                      os.path.split(path)[1],
+                      sha256,
+                      f"https://www.virustotal.com/gui/file/{sha256}?nocache=1")
+
+
+if __name__ == "__main__":
+    # parse input args
+    parser = argparse.ArgumentParser("VT Scanner")
+    parser.add_argument("--files", nargs="*")
+    parser.add_argument("--md-output")
+    args, _ = parser.parse_known_args()
+    input_file_globs = args.files
+    input_files = []
+    for ifg in input_file_globs:
+        for input_file in glob.glob(ifg):
+            input_files.append(input_file)
+
+    print(f"files to scan: {input_files}")
+
+    api_key = os.getenv("VT_API_KEY")
+    client = Client(api_key)
+    results = []
+
+    with Progress() as progress:
+        file_task = progress.add_task("Processing files...", total=len(input_files))
+        for input_file in input_files:
+            results.append(scan_file(client, input_file, progress))
+            progress.update(file_task, advance=1)
+
+    # generate markdown
+    if args.md_output:
+        smd = ["## 🛡️ VirusTotal Analysis", "" ]
+        for result in results:
+            smd.append(f"\n - [{result.file_name}]({result.web_url})")
+
+        with open(args.md_output, "w", encoding="utf-8") as f:
+            f.writelines(smd)
+
+    client.close()