Source code for plaso.cli.helpers.virustotal_analysis

# -*- coding: utf-8 -*-
"""The VirusTotal analysis plugin CLI arguments helper."""

from plaso.lib import errors
from plaso.cli.helpers import interface
from plaso.cli.helpers import manager
from plaso.analysis import virustotal

[docs]class VirusTotalAnalysisArgumentsHelper(interface.ArgumentsHelper): """VirusTotal analysis plugin CLI arguments helper.""" NAME = 'virustotal' CATEGORY = 'analysis' DESCRIPTION = 'Argument helper for the VirusTotal analysis plugin.' _DEFAULT_HASH = 'sha256' _DEFAULT_RATE_LIMIT = True
[docs] @classmethod def AddArguments(cls, argument_group): """Adds command line arguments the helper supports to an argument group. This function takes an argument parser or an argument group object and adds to it all the command line arguments this helper supports. Args: argument_group (argparse._ArgumentGroup|argparse.ArgumentParser): argparse group. """ argument_group.add_argument( '--virustotal-api-key', '--virustotal_api_key', dest='virustotal_api_key', type=str, action='store', default=None, metavar='API_KEY', help=( 'Specify the API key for use with VirusTotal.')) argument_group.add_argument( '--virustotal-free-rate-limit', '--virustotal_free_rate_limit', dest='virustotal_free_rate_limit', action='store_false', default=cls._DEFAULT_RATE_LIMIT, help=( 'Limit Virustotal requests to the default free API key rate of ' '4 requests per minute. Set this to false if you have an key ' 'for the private API.')) argument_group.add_argument( '--virustotal-hash', '--virustotal_hash', dest='virustotal_hash', type=str, action='store', choices=['md5', 'sha1', 'sha256'], default=cls._DEFAULT_HASH, metavar='HASH', help=( f'Type of hash to query VirusTotal, the default is: ' f'{cls._DEFAULT_HASH:s}'))
[docs] @classmethod def ParseOptions(cls, options, analysis_plugin): # pylint: disable=arguments-renamed """Parses and validates options. Args: options (argparse.Namespace): parser options. analysis_plugin (VirusTotalAnalysisPlugin): analysis plugin to configure. Raises: BadConfigObject: when the output module object is of the wrong type. BadConfigOption: when a configuration parameter fails validation or when unable to connect to VirusTotal. """ if not isinstance(analysis_plugin, virustotal.VirusTotalAnalysisPlugin): raise errors.BadConfigObject( 'Analysis plugin is not an instance of VirusTotalAnalysisPlugin') api_key = cls._ParseStringOption(options, 'virustotal_api_key') if not api_key: raise errors.BadConfigOption( 'VirusTotal API key not specified. Try again with ' '--virustotal-api-key.') analysis_plugin.SetAPIKey(api_key) enable_rate_limit = getattr( options, 'virustotal_free_rate_limit', cls._DEFAULT_RATE_LIMIT) if enable_rate_limit: analysis_plugin.EnableFreeAPIKeyRateLimit() lookup_hash = cls._ParseStringOption( options, 'virustotal_hash', default_value=cls._DEFAULT_HASH) analysis_plugin.SetLookupHash(lookup_hash) if not analysis_plugin.TestConnection(): raise errors.BadConfigOption('Unable to connect to VirusTotal')