@@ -207,105 +207,110 @@ function Get-VirusTotalApiKey {
207207 return $api_key
208208}
209209
210- function virustotal_check_app ($app , $manifest , $architecture , $api_key , $scan ) {
211- [int ]$index = 0
212- $urls = script:url $manifest $architecture
213- $urls | ForEach-Object {
214- $url = $_
215- $index ++
216- if ($urls.GetType ().IsArray) {
217- info " $app `: url $index "
210+ function Check-VirusTotalUrl ($app , $url , $hash , $api_key , $scan ) {
211+ $isHashUnsupported = $false
212+ $algo = $null
213+
214+ if ($hash -match ' (?<algo>[^:]+):(?<hash>.*)'
215+ $algo = $matches.algo
216+ $hash = $matches.hash
217+ if ($matches.algo -inotin ' md5' , ' sha1' , ' sha256'
218+ $hash = $null
219+ $isHashUnsupported = $true
220+ warn " $app `: Unsupported hash $ ( $matches.algo ) . Will search by url instead."
218221 }
219- $hash = hash_for_url $manifest $url $architecture
222+ } elseif ($hash ) {
223+ $algo = ' sha256'
224+ }
220225
221- try {
222- $isHashUnsupported = $false
223- if ($hash -match ' (?<algo>[^:]+):(?<hash>.*)'
224- $algo = $matches.algo
225- $hash = $matches.hash
226- if ($matches.algo -inotin ' md5' , ' sha1' , ' sha256'
227- $hash = $null
228- $isHashUnsupported = $true
229- warn " $app `: Unsupported hash $ ( $matches.algo ) . Will search by url instead."
230- }
231- } elseif ($hash ) {
232- $algo = ' sha256'
233- }
234- if ($hash ) {
235- $file_report = Get-VirusTotalResultByHash $hash $url $app $api_key
236- $file_report .' App.HashType' = $algo
237- $file_report
238- return
239- } elseif (! $isHashUnsupported ) {
240- warn " $app `: Hash not found. Will search by url instead."
241- }
242- } catch [Exception ] {
243- $script :exit_code = $exit_code -bor $script :_ERR_EXCEPTION
244- if ($_.Exception.Response.StatusCode -eq 404 ) {
245- $file_report_not_found = $true
246- warn " $app `: File report not found. Will search by url instead."
247- } else {
248- warn " $app `: VirusTotal file report query failed`: $ ( $_.Exception.Message ) "
249- if ($_.Exception.Response ) {
250- warn " `t API returned $ ( $_.Exception.Response.StatusCode ) "
251- }
252- return
226+ try {
227+ if ($hash ) {
228+ $file_report = Get-VirusTotalResultByHash $hash $url $app $api_key
229+ $file_report .' App.HashType' = $algo
230+ return $file_report
231+ } elseif (! $isHashUnsupported ) {
232+ warn " $app `: Hash not found. Will search by url instead."
233+ }
234+ } catch [Exception ] {
235+ $script :exit_code = $exit_code -bor $script :_ERR_EXCEPTION
236+ if ($_.Exception.Response.StatusCode -eq 404 ) {
237+ $file_report_not_found = $true
238+ warn " $app `: File report not found. Will search by url instead."
239+ } else {
240+ warn " $app `: VirusTotal file report query failed`: $ ( $_.Exception.Message ) "
241+ if ($_.Exception.Response ) {
242+ warn " `t API returned $ ( $_.Exception.Response.StatusCode ) "
253243 }
244+ return
254245 }
246+ }
255247
256- try {
257- $url_report = Get-VirusTotalResultByUrl $url $app $api_key
258- $url_report .' App.Hash' = $hash
259- $url_report .' App.HashType' = $matches [' algo'
260- if ($url_report .' UrlReport.Hash' -and ($file_report_not_found -eq $true ) -and $hash ) {
261- try {
262- $file_report = Get-VirusTotalResultByHash $url_report .' UrlReport.Hash' $url $app $api_key
263- if ($file_report .' FileReport.Hash' -ieq $matches [' hash'
264- $file_report .' App.HashType' = $matches [' algo'
265- $file_report .' UrlReport.Url' = $url_report .' UrlReport.Url'
266- return $file_report
267- }
268- } catch {
269- warn " $app `: Unable to get file report for $ ( $url_report .' UrlReport.Hash' ) "
248+ try {
249+ $url_report = Get-VirusTotalResultByUrl $url $app $api_key
250+ $url_report .' App.Hash' = $hash
251+ $url_report .' App.HashType' = $algo
252+ if ($url_report .' UrlReport.Hash' -and ($file_report_not_found -eq $true ) -and $hash ) {
253+ try {
254+ $file_report = Get-VirusTotalResultByHash $url_report .' UrlReport.Hash' $url $app $api_key
255+ if ($file_report .' FileReport.Hash' -ieq $matches [' hash'
256+ $file_report .' App.HashType' = $algo
257+ $file_report .' UrlReport.Url' = $url_report .' UrlReport.Url'
258+ return $file_report
270259 }
260+ } catch {
261+ warn " $app `: Unable to get file report for $ ( $url_report .' UrlReport.Hash' ) "
271262 }
272- if (! $url_report .' UrlReport.Hash'
273- Submit-ToVirusTotal $url $app $scan $api_key
274- return $url_report
275- }
276- } catch [Exception ] {
277- $script :exit_code = $exit_code -bor $script :_ERR_EXCEPTION
278- if ($_.Exception.Response.StatusCode -eq 404 ) {
279- Submit-ToVirusTotal $url $app $scan $api_key
280- return
281- } else {
282- warn " $app `: VirusTotal URL report query failed`: $ ( $_.Exception.Message ) "
283- if ($_.Exception.Response ) {
284- warn " `t API returned $ ( $_.Exception.Response.StatusCode ) "
285- }
286- return
263+ }
264+ if (! $url_report .' UrlReport.Hash'
265+ Submit-ToVirusTotal $url $app $scan $api_key
266+ return $url_report
267+ }
268+ } catch [Exception ] {
269+ $script :exit_code = $exit_code -bor $script :_ERR_EXCEPTION
270+ if ($_.Exception.Response.StatusCode -eq 404 ) {
271+ Submit-ToVirusTotal $url $app $scan $api_key
272+ return
273+ } else {
274+ warn " $app `: VirusTotal URL report query failed`: $ ( $_.Exception.Message ) "
275+ if ($_.Exception.Response ) {
276+ warn " `t API returned $ ( $_.Exception.Response.StatusCode ) "
287277 }
278+ return
288279 }
280+ }
289281
290- try {
291- $file_report = Get-VirusTotalResultByHash $url_report .' UrlReport.Hash' $url $app $api_key
292- $file_report .' App.Hash' = $hash
293- $file_report .' App.HashType' = $matches [' algo'
294- $file_report .' UrlReport.Url' = $url_report .' UrlReport.Url'
295- $file_report
296- warn " $app `: Unable to check hash match for $url "
297- } catch [Exception ] {
298- $script :exit_code = $exit_code -bor $script :_ERR_EXCEPTION
299- if ($_.Exception.Response.StatusCode -eq 404 ) {
300- Submit-ToVirusTotal $url $app $scan $api_key
301- $url_report
302- } else {
303- warn " $app `: VirusTotal file report query failed`: $ ( $_.Exception.Message ) "
304- if ($_.Exception.Response ) {
305- warn " `t API returned $ ( $_.Exception.Response.StatusCode ) "
306- }
307- return
282+ try {
283+ $file_report = Get-VirusTotalResultByHash $url_report .' UrlReport.Hash' $url $app $api_key
284+ $file_report .' App.Hash' = $hash
285+ $file_report .' App.HashType' = $algo
286+ $file_report .' UrlReport.Url' = $url_report .' UrlReport.Url'
287+ $file_report
288+ warn " $app `: Unable to check hash match for $url "
289+ } catch [Exception ] {
290+ $script :exit_code = $exit_code -bor $script :_ERR_EXCEPTION
291+ if ($_.Exception.Response.StatusCode -eq 404 ) {
292+ Submit-ToVirusTotal $url $app $scan $api_key
293+ $url_report
294+ } else {
295+ warn " $app `: VirusTotal file report query failed`: $ ( $_.Exception.Message ) "
296+ if ($_.Exception.Response ) {
297+ warn " `t API returned $ ( $_.Exception.Response.StatusCode ) "
308298 }
299+ return
300+ }
301+ }
302+ }
303+
304+ function virustotal_check_app ($app , $manifest , $architecture , $api_key , $scan ) {
305+ [int ]$index = 0
306+ $urls = script:url $manifest $architecture
307+ $urls | ForEach-Object {
308+ $url = $_
309+ $index ++
310+ if ($urls.GetType ().IsArray) {
311+ info " $app `: url $index "
309312 }
313+ $hash = hash_for_url $manifest $url $architecture
314+ Check- VirusTotalUrl $app $url $hash $api_key $scan
310315 }
311316}
0 commit comments