From 8eaf0bc53da0634dfed90f1a64649ebb1397692b Mon Sep 17 00:00:00 2001
From: Jerome Leonard <jerome@upbeat.fr>
Date: Fri, 17 Feb 2017 07:28:30 +0100
Subject: [PATCH] #9 compute file hash if no hash is given with the file

---
 analyzers/VirusTotal/virustotal.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/analyzers/VirusTotal/virustotal.py b/analyzers/VirusTotal/virustotal.py
index dfebdf245..ae9be6b65 100755
--- a/analyzers/VirusTotal/virustotal.py
+++ b/analyzers/VirusTotal/virustotal.py
@@ -5,6 +5,7 @@
 import json
 import codecs
 import time
+import hashlib
 
 from virustotal_api import PublicApi as VirusTotalPublicApi
 from cortexutils.analyzer import Analyzer
@@ -117,11 +118,18 @@ def run(self):
                 data = self.getParam('data', None, 'Data is missing')
                 self.report(self.check_response(self.vt.get_ip_report(data)))
             elif self.data_type == 'file':
+
                 hashes = self.getParam('attachment.hashes',
-                                       None, 'Hash is missing')
+                                    None)
+                if hashes is None:
+                    filepath = self.getParam('file', None, 'File is missing')
+                    hash = hashlib.sha256(open(filepath, 'r').read()).hexdigest();
+                else:
                 # find SHA256 hash
-                hash = next(h for h in hashes if len(h) == 64)
+                    hash = next(h for h in hashes if len(h) == 64)
+
                 self.report(self.check_response(self.vt.get_file_report(hash)))
+
             elif self.data_type == 'hash':
                 data = self.getParam('data', None, 'Data is missing')
                 self.report(self.check_response(self.vt.get_file_report(data)))