* Fix interpretation of response's status code to detect redirections
* Improve documentation of virustotal subcommand
- usage & configuration of virustotal_api_key
- special parameter '*' to test all installed apps
- make necessity of having a virustotal_api_key for --scan explicit
- show that it's possible to check several packages at once
* Never use virustotal_api_key to query if a package is safe
The URL in the code wasn't an API end-point anyway.
* Refactor logic to warn user about apps unknown to VirusTotal
* Warn once when virustotal_api_key's absence prevents VirusTotal submission
This is preparation for changes to come in the package submission logic.
* Use API to submit download link to VirusTotal, rate limited in EAFP fashion
This is a roundabout way to get the file to be scanned without having
to download & upload it ourselves.
Rate limiting is implemented using EAFP: if submission fails, we wait
at least 60s before retrying at most once.
* Color undecided VirusTotal information the same way as `dangerous' files
If the scanning is still in progress, VirusTotal returns 0 malicious,
0 suspicious and 0 undetected. Err on the safe side and color this
the same way as `dangerous' files.
* Remove requirement to only verify installed apps
The initial use case for this feature was to scan packages to avoid
installing dangerous apps. Assuming they are infected, we want if
possible to avoid downloading them at all.
* Check dependencies with VirusTotal, too (by default)
* Manually apply `Lint: PSAvoidUsingCmdletAliases' (see e1bb1e91, #2075)
This is to avoid conflicts when merging lukesampson:master
* Explain applist's return value transformation: drop `global' flag for each app
* Move variable declarations and apps list generation to the top
* Reformat code and comply to linted function names
* Reduce nesting, remove hacky hash/url retrieval
* Remove $global variables
* Fix regression bug in Search-VirusTotal()
* Remove applist() because it's irrelevant if app is installed globally
Removes extra 'ERROR' in text where the `error` method is used.
Converts some `write-host "error message"` to use the `error` method
Converts some `write-host "error message"; exit 1` to use the `abort`
method.
- Add * option to check all installed apps
- Add 60+ sec. pause after 4 queries/min to avoid 429/Too Many Requests
- Add immediate abort if query limit is exceeded
- Add INFO/WARN/ERROR prefixes to messages
- Add DarkGray/DarkCyan/DarkRed colors to INFO/WARN/ERROR messages
- Add using apikey if stored via: scoop config virustotal_api_key apikey
- Change colors to DarkGreen/DarkYellow/Yellow/Red for 0/1/2/3+ hit count
- Remove fragment from URL when submitting to virustotal.com
- Standardized INFO/WARN/ERROR messages
- virustotal: clean up per r15ch13's feedback
I took the initial implementation by r15ch13 in #1902, then added a
link to the webpages with the scan results (links are clickable in my
console, so it's an easy way to get at the details).
This change should reduce issues with outdated manifests/hashes/URLs.
Every successful execution of `scoop update` will save the date/time to `~\.scoop`
Every execution of `scoop update x` or `scoop install x` will check last saved date/time and run `scoop update` beforehand if the last run was more than 3 hours ago.
Richard Kuhnt