crazy-max / ghaction-virustotal Goto Github PK

View Code? Open in Web Editor NEW

146.0 7.0 19.0 11.65 MB

GitHub Action to upload and scan files with VirusTotal

Home Page: https://github.com/marketplace/actions/virustotal-github-action

License: MIT License

Go 0.32% TypeScript 81.56% Dockerfile 11.86% HCL 6.26%

github-actions virustotal actions

ghaction-virustotal's Introduction

About

GitHub Action to upload and scan files with VirusTotal.

Usage
Customizing
- inputs
- outputs
Contributing
License

Usage

Scan local files

This action can be used to scan local files with VirusTotal:

name: build

on:
  pull_request:
  push:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Go
        uses: actions/setup-go@v4
      -
        name: Build
        run: |
          GOOS=windows GOARCH=386 go build -o ./ghaction-virustotal-win32.exe -v -ldflags "-s -w"
          GOOS=windows GOARCH=amd64 go build -o ./ghaction-virustotal-win64.exe -v -ldflags "-s -w"
      -
        name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v4
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            ./ghaction-virustotal-win32.exe
            ./ghaction-virustotal-win64.exe

Scan assets of a published release

You can also use this action to scan assets of a published release on GitHub when a release event is triggered:

name: released

on:
  release:
    types: [published]

jobs:
  virustotal:
    runs-on: ubuntu-latest
    steps:
      -
        name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v4
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            .exe$

If you set update_release_body: true input, analysis link(s) will be appended to the release body and will look like this:

Scan through VirusTotal Monitor

To scan your assets through VirusTotal Monitor you can use the following workflow:

name: build

on:
  pull_request:
  push:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Go
        uses: actions/setup-go@v4
      -
        name: Build
        run: |
          GOOS=windows GOARCH=386 go build -o ./ghaction-virustotal-win32.exe -v -ldflags "-s -w"
          GOOS=windows GOARCH=amd64 go build -o ./ghaction-virustotal-win64.exe -v -ldflags "-s -w"
      -
        name: VirusTotal Monitor Scan
        uses: crazy-max/ghaction-virustotal@v4
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          vt_monitor: true
          monitor_path: /ghaction-virustotal
          files: |
            ./ghaction-virustotal-*.exe

Customizing

inputs

Following inputs can be used as step.with keys

Name	Type	Default	Description
`vt_api_key`	String		VirusTotal API key to upload assets (required)
`files`	String		Newline-delimited list of path globs/patterns for asset files to upload for analysis (required)
`vt_monitor`	Bool	`false`	If enabled, files will be uploaded to VirusTotal Monitor endpoint
`monitor_path`¹	String	`/`	A path relative to current monitor user root folder to upload files
`update_release_body`²	Bool	`false`	If enabled, analysis link(s) will be appended to the release body
`github_token`³	String		GitHub Token used to create an authenticated client for GitHub API as provided by `secrets`
`request_rate`	Number	`0`	API request-rate in requests/minute. Set to `4` or lower when using the standard free public API. `0` to disable rate-limit.

¹ Only available if vt_monitor is enabled.

² Only available if release event is triggered in your workflow.

³ Required if release event is triggered in your workflow.

outputs

The following outputs are available

Name	Type	Description
`analysis`	String	Analysis results formatted as `<filename>=<analysisURL>` (comma separated)

Contributing

Want to contribute? Awesome! The most basic way to show your support is to star the project, or to raise issues. You can also support this project by becoming a sponsor on GitHub or by making a PayPal donation to ensure this journey continues indefinitely!

Thanks again for your support, it is much appreciated! 🙏

License

MIT. See LICENSE for more details.

ghaction-virustotal's People

Contributors

Stargazers

Watchers

Forkers

k3p1k5-87 uniqueitmail pbca26 tryallthethings frogi666 gitjoven optix2000 kennethehmsen syllogy xjin-splunk nikhilbadyal grctest 5l1v3r1 llde ericoporto shashank-1003 nvdaes spetr vaginessa

ghaction-virustotal's Issues

Axios limits max file size with VirusTotal Monitor

Behaviour

Unable to upload a large file to virustotal with action.

Steps to reproduce this issue

Create a file with size 140MB (React + Electron app)
Attempt to upload via action
Get error

Expected behaviour

File is uploaded to virustotal via upload url, well within larger file size limits.

Actual behaviour

The following error is output: AxiosError: Request failed with status code 413

Configuration

    - name: VirusTotal Monitor Scan
      uses: crazy-max/ghaction-virustotal@v3
      with:
        vt_api_key: ${{ secrets.VT_API_KEY }}
        vt_monitor: true
        request_rate: 2
        monitor_path: /home/runner/
        files: |
          /home/runner/nft_viewer.exe
          /home/runner/nft_viewer.deb

Logs

Cannot send nft_viewer.exe to VirusTotal Monitor at /home/runner/nft_viewer.exe: AxiosError: Request failed with status code 413

Support VirusTotal API quota restrictions

Hi all,

From VT documentation, the free accounts are limited to 4 requests/minute.
It would be useful if this GHA would support this rate limit (that could be turned on through a flag) in case there are more than 4 files to be analyzed by VT (e.g. several NuGet packages/dlls).

Thank you.

Feature Request: Badges for Readme

We'd really like to see an automated badge be generated for the repo somehow so that users can know our code is clean without having to browse to the actions badge and click through to find the virustotal scan url.

Wildcards Don't Actually Work

I've tried multiple ways, including the exampled methods to no avail. It doesn't work.

name: VirusTotal Scan

on:
  pull_request:
  push:

jobs:
  scan:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Scan files
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            *.html
            *.ps1

Also have tried

name: VirusTotal Scan

on:
 pull_request:
 push:

jobs:
 scan:
   runs-on: ubuntu-latest

   steps:
     - name: Checkout code
       uses: actions/checkout@v2

     - name: Scan files
       uses: crazy-max/ghaction-virustotal@v3
       with:
         vt_api_key: ${{ secrets.VT_API_KEY }}
         files: |
           .html$
           .ps1$

As well as

name: VirusTotal Scan

on:
  pull_request:
  push:

jobs:
  scan:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Scan files
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            .*\.html$
            .*\.ps1$

Also tried passing it in using a var or text file.

name: VirusTotal Scan

on:
  pull_request:
  push:

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Find Files
        id: find_files
        run: |
          files_to_scan=$(find . -type f \( -name "*.html" -o -name "*.ps1" \))
          files_to_scan=$(echo "$files_to_scan" | sed 's,^\./,$GITHUB_WORKSPACE/,g')
          echo "FILES_TO_SCAN=$files_to_scan" >> $GITHUB_ENV

      - name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            ${{ env.FILES_TO_SCAN }}

Add release id input to include step in release workflow rather than adding a secondary workflow

It'd be useful to include an input for a release ID so a second workflow isn't required for this action and it may be added to an existing release workflow where a previous step outputs the release ID.

Request body larger than maxBodyLength limit

Behaviour

Steps to reproduce this issue

https://github.com/smk762/atomicDEX-Desktop/runs/1502695126?check_suite_focus=true

🔔 Release event detected for refs/tags/0.3.1-beta2 in this workflow. Preparing to scan assets...
📦 1 asset(s) will be sent to VirusTotal for analysis.
⬇️ Downloading atomicdex-desktop-0.3.1-beta-windows.zip...
Error: Request body larger than maxBodyLength limit

Option to use cached hash results

I would like to see an option to use cached VT results if the hash already exists. This way keeping the API limit for files that do not exists on VT already. This idea is similar to the below project.

https://github.com/0xThiebaut/virustotal

Only few releases are picked.

Behaviour

I had a release that contained 4 APK files. Out of those 4 files. I can only see the analysis of 2 files.

Expected behavior

All 4 files should be sent for a scan.

Actual behaviour

Only 2 files were sent for a scan.

Configuration

Repository URL (if public): Repo
Build URL (if public): Build

name: VirusTotal Scan

on:
  release:
    types: [published]
  workflow_dispatch: # to trigger manually

jobs:
  virustotal:
    runs-on: ubuntu-latest
    steps:
      - name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          update_release_body: true
          github_token: ${{ secrets.GH_TOKEN }}
          files: |
            .apk$

Logs

Action fails to run - Invalid regular expression: /*.exe/: Nothing to repeat

Behaviour

The GitHub Action to check a releases' files on VirusTotal always fails with
Invalid regular expression: /*.exe/: Nothing to repeat

Steps to reproduce this issue

Create new GitHub Action .yml as per instructions on https://github.com/marketplace/actions/virustotal-github-action#scan-assets-of-a-published-release
Publish a new release

Expected behaviour

The Action should run and update the release with the analysis report

Actual behaviour

Action fails with error

Invalid regular expression: /*.exe/: Nothing to repeat

Configuration

Repository URL (if public): https://github.com/tryallthethings/Discord-Disco
Build URL (if public): ?

name: VirusTotal release scan

on:
  release:
    types: [published]

jobs:
  virustotal:
    runs-on: ubuntu-latest
    steps:
      -
        name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v2
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          github_token: ${{ github.token }}
          update_release_body: true
          files: |
              *.exe

Logs

logs_6.zip

Upload Larger Sizes

I'm trying to get a report for a file ~60MB in size. This is the result:

Run crazy-max/ghaction-virustotal@v2
  with:
    vt_api_key: ***
    files: dist/meerk40t.exe
  
    vt_monitor: false
    monitor_path: /
    update_release_body: false
    github_token: ***
  env:
    pythonLocation: C:\hostedtoolcache\windows\Python\3.7.9\x86
📦 1 file(s) will be sent to VirusTotal for analysis.
Error: Cannot send meerk40t.exe to VirusTotal: Error: Request failed with status code 413

In issue #60 you say that 32MB is the limit for submission according to the API docs -- https://developers.virustotal.com/reference#files-scan
That page offers another approach for files up to 200MB in size.

The question is, does this action support this usage, and/or can it be made to do so?

Create markdown output

There is a use case where someone might want the markdown release body output but not when a release is published.

AxiosError code 401

Behaviour

Steps to reproduce this issue

Configure GitHub-CI with this workflow file
Trigger the GitHub Action (automatically triggered via push rule)
Check the logs

Expected behaviour

It should upload the file

Actual behaviour

It raises a 401 error.

Configuration

Repository URL (if public): https://github.com/dreamwhite/dell-inspiron-5370-hackintosh
Build URL (if public): don't have one to be fair, just wanted to scan the files in my repo

name: VirusTotal scan
on:
  workflow_call:

jobs:
  virustotal:
    name: VirusTotal
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@v3
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          files: |
            EFI/BOOT/*.efi
            EFI/OC/ACPI/*.aml
            EFI/OC/Drivers/*.efi
            EFI/OC/Kexts/*.kext/*/*/*
            EFI/OC/Kexts/*.kext/*/PlugIns/*/*/*
            EFI/OC/Tools/*.efi
          update_release_body: true
          request_rate: 4

Logs

logs_61.zip

Release asset not found when triggered from release event

Behaviour

Expected behaviour

When triggered from release event and adding a release asset to the release in a previous step, the action should be able to download the asset and send it to VirusTotal for analysis.

Actual behaviour

The action sees the added file but cannot download it, and fails with a "(85874065): Not Found" error. I can confirm that the file has been added to the release since I can download the file manually from the release page after the workflow has run. Also, this same workflow works when triggered manually (with slight adjustments to account for having to create the release in the workflow), it just seems to fail with this error when triggered by publishing a new release. I've also tried adding a "sleep" step before crazy-max/ghaction-virustotal to account for any delay in the file being available to download but this made no difference.

Configuration

name: Release

on:
  release:
    types: [published]

jobs:
  release:
    name: Update GitHub Release
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v3

      - name: Setup Node
        uses: actions/setup-node@v3
        with:
          node-version: 'lts/*'
          registry-url: https://registry.npmjs.org

      - name: Download artifacts
        uses: actions/download-artifact@v3
        with:
          path: artifacts

      - name: Update release
        uses: ncipollo/[email protected]
        with:
          allowUpdates: ${{ true }}
          artifacts: 'artifacts/release.zip'
          tag: ${{ env.GITHUB_REF_NAME }}
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Upload adapter zip file to VirusTotal
        if: '!github.event.release.prerelease'
        id: virustotal-scan
        uses: crazy-max/[email protected]
        with:
          files: |
            .zip$
          vt_api_key: ${{ secrets.VIRUSTOTAL_API_KEY }}

Logs

2022-11-24T23:22:16.3312894Z ##[group]Run ncipollo/[email protected]
2022-11-24T23:22:16.3313303Z with:
2022-11-24T23:22:16.3313510Z   allowUpdates: true
2022-11-24T23:22:16.3313905Z   artifacts: artifacts/release.zip
2022-11-24T23:22:16.3314232Z   name: v1.4.0-beta.1
2022-11-24T23:22:16.3314459Z   omitPrereleaseDuringUpdate: true
2022-11-24T23:22:16.3314909Z   token: ***
2022-11-24T23:22:16.3315119Z   generateReleaseNotes: false
2022-11-24T23:22:16.3315329Z   omitBody: false
2022-11-24T23:22:16.3315539Z   omitBodyDuringUpdate: false
2022-11-24T23:22:16.3315775Z   omitDraftDuringUpdate: false
2022-11-24T23:22:16.3316075Z   omitName: false
2022-11-24T23:22:16.3316428Z   omitNameDuringUpdate: false
2022-11-24T23:22:16.3316649Z   removeArtifacts: false
2022-11-24T23:22:16.3316864Z   replacesArtifacts: true
2022-11-24T23:22:16.3317086Z   skipIfReleaseExists: false
2022-11-24T23:22:16.3317879Z   updateOnlyUnreleased: false
2022-11-24T23:22:16.3318110Z env:
2022-11-24T23:22:16.3318338Z   NPM_CONFIG_USERCONFIG: C:\actions-runner\_work\_temp\.npmrc
2022-11-24T23:22:16.3318612Z   NODE_AUTH_TOKEN: XXXXX-XXXXX-XXXXX-XXXXX
2022-11-24T23:22:16.3318820Z ##[endgroup]
2022-11-24T23:22:27.9887938Z ##[group]Run crazy-max/[email protected]
2022-11-24T23:22:27.9888713Z with:
2022-11-24T23:22:27.9889212Z   files: .zip$
2022-11-24T23:22:27.9890198Z   vt_api_key: ***
2022-11-24T23:22:27.9890741Z   vt_monitor: false
2022-11-24T23:22:27.9891293Z   monitor_path: /
2022-11-24T23:22:27.9891887Z   update_release_body: false
2022-11-24T23:22:27.9892767Z   github_token: ***
2022-11-24T23:22:27.9893296Z   request_rate: 0
2022-11-24T23:22:27.9893989Z env:
2022-11-24T23:22:27.9894685Z   NPM_CONFIG_USERCONFIG: C:\actions-runner\_work\_temp\.npmrc
2022-11-24T23:22:27.9895532Z   NODE_AUTH_TOKEN: XXXXX-XXXXX-XXXXX-XXXXX
2022-11-24T23:22:27.9896175Z ##[endgroup]
2022-11-24T23:22:28.3972094Z Release event detected for refs/tags/v1.4.0-beta.1 in this workflow. Preparing to scan assets...
2022-11-24T23:22:28.7701951Z 1 asset(s) will be sent to VirusTotal for analysis.
2022-11-24T23:22:28.7714764Z ##[group]1 asset(s) will be sent to VirusTotal for analysis.
2022-11-24T23:22:28.8623900Z ##[endgroup]
2022-11-24T23:22:28.8716486Z ##[error]Cannot download release asset release.zip (85874782): Not Found

Cannot download release asset (Not Found)

Behaviour

Expected behaviour

File should be found and send to VT

Actual behaviour

Cant found it

Configuration

Repository URL (if public):
Build URL (if public):

name: Virustotal Scan

on:
  release:
    types: [published]

jobs:
  virustotal:
    runs-on: ubuntu-latest
    steps:
      - name: VirusTotal Scan
        uses: crazy-max/ghaction-virustotal@master
        with:
          vt_api_key: ${{ secrets.VT_API_KEY }}
          github_token: ${{ secrets.GITHUB_TOKEN }}
          update_release_body: true
          files: |
            .exe$

Logs

2023-08-10T17:59:41.3566402Z Requested labels: ubuntu-latest
2023-08-10T17:59:41.3566674Z Job defined at: Nosvoid/nosvoid-launcher/.github/workflows/virustotal.yml@refs/tags/v1.12.2
2023-08-10T17:59:41.3566781Z Waiting for a runner to pick up this job...
2023-08-10T17:59:41.9495780Z Job is waiting for a hosted runner to come online.
2023-08-10T17:59:44.3530561Z Job is about to start running on the hosted runner: GitHub Actions 2 (hosted)
2023-08-10T17:59:47.4768716Z Current runner version: '2.307.1'
2023-08-10T17:59:47.4799231Z ##[group]Operating System
2023-08-10T17:59:47.4799921Z Ubuntu
2023-08-10T17:59:47.4800386Z 22.04.3
2023-08-10T17:59:47.4800687Z LTS
2023-08-10T17:59:47.4801080Z ##[endgroup]
2023-08-10T17:59:47.4801481Z ##[group]Runner Image
2023-08-10T17:59:47.4801920Z Image: ubuntu-22.04
2023-08-10T17:59:47.4802367Z Version: 20230806.1.0
2023-08-10T17:59:47.4802991Z Included Software: https://github.com/actions/runner-images/blob/ubuntu22/20230806.1/images/linux/Ubuntu2204-Readme.md
2023-08-10T17:59:47.4803805Z Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu22%2F20230806.1
2023-08-10T17:59:47.4804677Z ##[endgroup]
2023-08-10T17:59:47.4805164Z ##[group]Runner Image Provisioner
2023-08-10T17:59:47.4805609Z 2.0.264.1
2023-08-10T17:59:47.4806009Z ##[endgroup]
2023-08-10T17:59:47.4807193Z ##[group]GITHUB_TOKEN Permissions
2023-08-10T17:59:47.4808058Z Actions: write
2023-08-10T17:59:47.4808406Z Checks: write
2023-08-10T17:59:47.4809076Z Contents: write
2023-08-10T17:59:47.4809643Z Deployments: write
2023-08-10T17:59:47.4810009Z Discussions: write
2023-08-10T17:59:47.4810409Z Issues: write
2023-08-10T17:59:47.4810796Z Metadata: read
2023-08-10T17:59:47.4811241Z Packages: write
2023-08-10T17:59:47.4811637Z Pages: write
2023-08-10T17:59:47.4811988Z PullRequests: write
2023-08-10T17:59:47.4812430Z RepositoryProjects: write
2023-08-10T17:59:47.4812933Z SecurityEvents: write
2023-08-10T17:59:47.4813368Z Statuses: write
2023-08-10T17:59:47.4813758Z ##[endgroup]
2023-08-10T17:59:47.4818084Z Secret source: Actions
2023-08-10T17:59:47.4818714Z Prepare workflow directory
2023-08-10T17:59:47.5705786Z Prepare all required actions
2023-08-10T17:59:47.5936451Z Getting action download info
2023-08-10T17:59:47.8831876Z Download action repository 'crazy-max/ghaction-virustotal@v3' (SHA:6d0c025d8231cb0687a3173a515177b3cac8e064)
2023-08-10T17:59:48.7535827Z Complete job name: virustotal
2023-08-10T17:59:48.8717168Z ##[group]Run crazy-max/ghaction-virustotal@v3
2023-08-10T17:59:48.8717619Z with:
2023-08-10T17:59:48.8718324Z   vt_api_key: ***
2023-08-10T17:59:48.8718828Z   github_token: ***
2023-08-10T17:59:48.8719122Z   update_release_body: true
2023-08-10T17:59:48.8719410Z   files: .exe$

2023-08-10T17:59:48.8719680Z   vt_monitor: false
2023-08-10T17:59:48.8719937Z   monitor_path: /
2023-08-10T17:59:48.8720266Z   request_rate: 0
2023-08-10T17:59:48.8720538Z ##[endgroup]
2023-08-10T17:59:49.2057629Z Release event detected for refs/tags/v1.12.2 in this workflow. Preparing to scan assets...
2023-08-10T17:59:49.6628789Z 1 asset(s) will be sent to VirusTotal for analysis.
2023-08-10T17:59:49.6746756Z ##[group]1 asset(s) will be sent to VirusTotal for analysis.
2023-08-10T17:59:49.8543377Z ##[endgroup]
2023-08-10T17:59:49.8621763Z ##[error]Cannot download release asset ElectronApp-Setup-1.12.2.exe (120979415): Not Found
2023-08-10T17:59:49.9021947Z Cleaning up orphan processes

More Information

My repo is private
Propably the same error as #146 (but in my case i want send it to VT when i manualy publish release)
Tryed use my own GITHUB_TOKEN (using PAC https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens) but still dont work
tryed add

permissions:
  contents: write
  packages: write

To yml (still dont work)

I'm sure file is found in informations about release but for some reason cant download it (no permission?)

crazy-max / ghaction-virustotal Goto Github PK

ghaction-virustotal's Introduction

About

Usage

Scan local files

Scan assets of a published release

Scan through VirusTotal Monitor

Customizing

inputs

outputs

Contributing

License

ghaction-virustotal's People

Contributors

Stargazers

Watchers

Forkers

ghaction-virustotal's Issues

Behaviour

Steps to reproduce this issue

Expected behaviour

Actual behaviour

Configuration

Logs

Behaviour

Steps to reproduce this issue

Behaviour

Expected behavior

Actual behaviour

Configuration

Behaviour

Steps to reproduce this issue

Expected behaviour

Actual behaviour

Configuration

Logs

Behaviour

Steps to reproduce this issue

Expected behaviour

Actual behaviour

Configuration

Logs

Behaviour

Expected behaviour

Actual behaviour

Configuration

Logs

Behaviour

Expected behaviour

Actual behaviour

Configuration

Logs

More Information

Recommend Projects

Recommend Topics

Recommend Org