From a8c8728c223e72ff843faba5aed7de2d2d5330e1 Mon Sep 17 00:00:00 2001
From: Jon Bergli Heier <snakebite@jvnv.net>
Date: Tue, 28 Jul 2020 09:30:43 +0200
Subject: Allow single VT match on specific results

By including a result name in the VIRUSTOTAL_SINGULAR_MATCHES setting we
can override VIRUSTOTAL_MINIMUM_POSITIVES. This is useful for some
matches that's usually only matched by a few engines, such as phishing.
---
 fbin/fbin.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fbin/fbin.py b/fbin/fbin.py
index cf7de02..02337f5 100755
--- a/fbin/fbin.py
+++ b/fbin/fbin.py
@@ -191,7 +191,9 @@ def uploaded(hash):
 @app.route('/file/<hash:hash>/<path:filename>', endpoint = 'file')
 def _file(hash, ext=None, filename=None):
     f = get_file(hash)
-    if not f or (f.blocked_reason and f.blocked_reason['positives'] >= current_app.config['VIRUSTOTAL_MINIMUM_POSITIVES']):
+    if not f or (f.blocked_reason and (f.blocked_reason['positives'] >= current_app.config['VIRUSTOTAL_MINIMUM_POSITIVES'] \
+            or any(scan['detected'] and scan['result'] in current_app.config['VIRUSTOTAL_SINGULAR_MATCHES']
+                    for scan in f.blocked_reason['scans']))):
         abort(404)
     path = storage.get_file(f)
     if isinstance(path, Response):
-- 
cgit v1.2.3