UNPKG

@passmarked/malware

Version:

Rules that check if the page or linked pages on the same domain (or external) contain any unwanted software,malware or reported phishing attacks

github.com/passmarked/malware

passmarked/malware

159 lines (110 loc) 3.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
/** * Required modules **/ const crypto = require('crypto'); const async = require('async'); const url = require('url'); const request = require('request'); const S = require('string'); const _ = require('underscore'); const Constants = require('../constants'); /** * Object to expose **/ var PhisTank = {}; /** * Generates a hash that we can use to check against our local cache **/ PhisTank.getHash = function(payload, link, fn) { // remove the query and hash params var uri = url.parse( (link || '').toLowerCase() ); // remove the hash uri.hash = ''; uri.search = ''; // create the hash object sha = crypto.createHash('sha1'); sha.update( url.format(uri) ); var hash = sha.digest('hex'); // done fn(null, hash); }; /** * Does the actual check **/ PhisTank.check = function(payload, link, fn) { // parse the url var uri = url.parse(link); // get the hash PhisTank.getHash(payload, link, function(err, hash) { // handle a error if any if(err) { // output error payload.error('Something went wrong while generating the hash for PhisTank from link ' + link, err); // finish return fn(err); } // the key to use for caching var cachingKey = [ 'passmarked', 'phishtank', hash ].join(':'); // check the cache payload.get(cachingKey, function(err, cachedResults) { // handle any errors if(err) { // output to stderr payload.error('Problem checking cache for Phistank results', err); // even if the cache is not working still continue // return fn(err); } // was it cached ? if(!cachedResults) return fn(null, []); // the value var detections = []; // split the results var results = null; // try to parse the results try { // parse it results = JSON.parse(cachedResults); } catch(err) { // failed to parse payload.error('Failed to parse the response from Cache for Phistank', err); // finish return fn(null, []); } // go through the results one by one async.each(results || [], function(result, cb) { // the type we will go searching for var type = Constants.DETECTIONS.PHISHING; // must be a known type if(!type) return cb(null); // add it detections.push({ source: Constants.PHISTANK_SOURCE, // API name provider: Constants.PHISTANK_COMPANY, // Company Name preview: result.phish_detail_url, // Preview url to view why online website: Constants.PHISTANK_WEBSITE, result: results, type: Constants.DETECTIONS.PHISHING, url: link }); // done cb(null); }, function(err) { // handle the output if(err) { // output as error payload.error('Something went wrong while parsing the results from SAFE BROWSING: ' + results, err); } // finish with the error if given fn(err, detections); }); }); }); }; /** * Expose the given object **/ module.exports = exports = PhisTank;