VirusTotal integration bug
EagleOneJK opened this issue · 4 comments
I noticed that thug wasn't submitting samples or querying virustotal as requested. Perhaps I installed incorrectly or used the wrong version of python, but I was able to fix the bug by modifying line 85 of the VirusTotal.py module from:
response_code = response_dict.get("response_code")
to:
response_code = response_dict.get(u'response_code').
I did deep inspection of the responses coming back from the virustotal API and the response_code json field (along with all other fields) were unicode strings, so this modification prevented an error from being thrown (and not printed) thus stopping VirusTotal module evaluation. Please consider reviewing to see if this needs to be fixed in the project or is an artifact of my environment/inexperience. Thanks!
Based on the VT API documentation (https://www.virustotal.com/en/documentation/public-api/) response_code should be an integer. Would you mind printing and attaching the JSON response (response_dict)? Feel free to redact the output or to share privately if it contains sensitive data. Thanks!
I performed some tests and no issue occurred both with the current and with your version of line 85. Can you please collect a trace of the exception and share? Patching the way you proposed sounds fine to me but I would like to understand why we see such different behaviors before doing that. Thanks!
The keys and the responses are in fact in Unicode instead of str. I am not sure how this issue might have appeared because Python2 behaves very weirdly with encodings for example
>>> foo = u"Hello World"
>>> bar = "Hello World"
>>> foo == bar
True
imo patching the way @EagleOneJK suggests is fine because it maintains consistency and helps tell us the fact that the keys/responses are Unicode. Also we can avoid all this once we port to Py3