0

I have a python script where I'm trying to read all .txt files in a directory and determine if they return True or False for any conditions that are in my script. I don't get an error message but the script doesn't produce any output. I want the script to read in .txt files that contain text formatted in .json format. Then I want the script to determine if the .txt file matches any of the statements in my code below. I then want to output the result to a csv file. Your help is very much appreciated!

#!/usr/bin/env python
# regarding whether any positive results were found for the domain on VT.


import csv
import json
import pprint
import sys
import os


CSVPATH = 'CsvResults.csv'
VTOUTPUTPATH = './output/'
VTOUTPUTEXT = '.txt'
#files_to_search = [f for f in os.listdir('./output/') if f[-4:] == '.txt']
#vt_result_path = files_to_search
#vt_result = vt_result_check(vt_result_path)

pp = pprint.PrettyPrinter(indent=4)


# Check files from VirusTotal queries for any positive results
# Result is false unless any nonzero positive result is true
def vt_result_check(vt_result_path):
    vt_result = None
    try:
        vt_result = False
        for filename in os.listdir(path):
            with open(filename, 'r', encoding='utf-16') as vt_result_file:
                vt_data = json.load(vt_result_file)
            #vt_result_path = [f for f in os.listdir('./output/') if f[-4:] == '.txt']
            #vt_result = None
            #try:
            #    vt_result = False
            #    with open(infile) as vt_result_file:
            #        vt_data = json.load(vt_result_file)

            # Look for any positive detected referrer samples
            try:
                for sample in (vt_data['detected_referrer_samples']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for any positive detected communicating samples
            try:
                for sample in (vt_data['detected_communicating_samples']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for any positive detected downloaded samples
            try:
                for sample in (vt_data['detected_downloaded_samples']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for any positive detected URLs
            try:
                for sample in (vt_data['detected_urls']):
                    if (sample['positives'] > 0):
                        vt_result = True
            except:
                pass

            # Look for a Dr. Web category of known infection source
            try:
                if (vt_data['Dr.Web category'] == "known infection source"):
                    vt_result = True
            except:
                pass

            # Look for a Forecepoint ThreatSeeker category of elevated exposure
            try:
                if (vt_data['Forcepoint ThreatSeeker category'] == "elevated exposure"):
                    vt_result = True
            except:
                pass

            # Look for a Forecepoint ThreatSeeker category of phishing and other frauds
            try:
                if (vt_data['Forcepoint ThreatSeeker category'] == "phishing and other frauds"):
                    vt_result = True
            except:
                pass

            # Look for a Forecepoint ThreatSeeker category of suspicious content
            try:
                if (vt_data['Forcepoint ThreatSeeker category'] == "suspicious content"):
                    vt_result = True
            except:
                pass

            #pp.pprint(vt_data)
    except:
        pass
    return vt_result



def cert_check(csvpath):
    with open(csvpath, 'w') as csvfile:
        fieldnames = ['vt_result']
        writer = csv.writer(csvfile)
        writer.writerow(['VirusTotal Results'])
        vt_result_path = VTOUTPUTPATH + subject_dom + VTOUTPUTEXT
        vt_result = vt_result_check(vt_result_file)
        writer.writerow([vt_result])
Improve this question
5
  • Have you done any debugging? Its hard for us to walk through a program because we'd have to make sample files with names- or read through the entire program and see if we can see the issue without running the code Commented Jul 25, 2018 at 15:33
  • 1
    The script does nothing but defining two functions. You should run them. Commented Jul 25, 2018 at 15:34
  • @KlausD. How do I get it working then? I would greatly appreciate your assistance? Commented Jul 25, 2018 at 15:37
  • @chevybow I've tried to do some debugging but I'm not getting any error message. Do you have any idea of what to do? Commented Jul 25, 2018 at 15:43
  • What's with all the useless try/except: pass? There's even one around the entire body of the function! You won't see any exceptions and just wonder what's wrong with your code. Commented Jul 25, 2018 at 15:55

2 Answers 2

Reset to default
2

You need to actually call the functions my dude

def my_func(stuff):
    print(stuff) #or whatever

my_func(1234)

Update per comment

import os
p=r'path\to\your\files' 

filelist=os.listdir(p) #creates list of all files/folders in this dir

#make a loop for each file in the dir
for file in filelist:
    f=os.path.join(p,file) #this just joins the file name and path for full file path
    your_func(f)  #here you can pass the full file name to your functions
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks you for your response! I got it to print out of the result for the first .txt file in the console but how do I get the loop to go through all of the files in the directory? I very much appreciate your help!!!
Sure, i updated my answer to show how to do that. Or at least one way to do that, there are probably lots
0

As already stated, the immediate problem seems to be that you simply never call your cert_check function. However, while this site is actually not for codereview, I can't help but suggest some improvements to your code. In particular, all those try/except:pass constructs make it exceedingly hard to detect any errors in your code, as all exceptions will just silently be catched and swallowed by the except: pass.

  • you should remove all those try/except:pass blocks, in particular the one surrounding the entire function body
  • if some of the keys are non-existing, you can use dict.get instead of [], which will not raise a key error but return None (or some default) instead, and all your checks will still work
  • you can use |= instead of the if checks to or the result of the check to the variable
  • you can use any to check whether any element in some list satifies some condition

My version of your vt_result_check function:

def vt_result_check(vt_result_path):
    vt_result = False
    for filename in os.listdir(path):
        with open(filename, 'r', encoding='utf-16') as vt_result_file:
            vt_data = json.load(vt_result_file)

        # Look for any positive detected referrer samples
        # Look for any positive detected communicating samples
        # Look for any positive detected downloaded samples
        # Look for any positive detected URLs
        sample_types = ('detected_referrer_samples', 'detected_communicating_samples',
                        'detected_downloaded_samples', 'detected_urls')
        vt_result |= any(sample['positives'] > 0 for sample_type in sample_types 
                                                 for sample in vt_data.get(sample_type, []))

        # Look for a Dr. Web category of known infection source
        vt_result |= vt_data.get('Dr.Web category') == "known infection source"

        # Look for a Forecepoint ThreatSeeker category of elevated exposure
        # Look for a Forecepoint ThreatSeeker category of phishing and other frauds
        # Look for a Forecepoint ThreatSeeker category of suspicious content
        threats = ("elevated exposure", "phishing and other frauds", "suspicious content")
        vt_result |= vt_data.get('Forcepoint ThreatSeeker category') in threats

    return vt_result
Improve this answer

5 Comments

Thank you for your response. I tired running your script and I unfortunately got a couple error messages above invalid syntax at lines 17 and 22. I'm having trouble figuring out what the proper syntax is. I would greatly appreciate your help!
@bedford There was a mismatched parens in one line, but I can't find another syntax error. Does it work now, or do you get a runtime error? If so, which one?
Thank you for your response! If I setup dunder main and try to print out vt_result_check like this: if name == 'main': print(vt_result_check(path)) Then I get this error message: line 33, in <module> print(vt_result_check(path))
Well, that's not inside the function, but the code calling the function. What is path? In you original code, you used vt_result_file, which was not defined (but vt_result_path instead); maybe the problem is similar here?
I set the path as just path this type and I declared it at the top of my script.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.