Skip to content

Latest commit

 

History

History

vaas

README.md

vaas-golang-ci Vulnerability Check Go Reference Go Report Card

Go VaaS Client

This is a Golang package that provides a client for the G DATA VaaS API.

Verdict-as-a-Service (VaaS) is a service that provides a platform for scanning files for malware and other threats. It allows easy integration into your application. With a few lines of code, you can start scanning files for malware.

Table of Contents

What does the SDK do?

It gives you as a developer functions to talk to G DATA VaaS. It wraps away the complexity of the API into basic functions.

Connect(ctx context.Context, auth authenticator.Authenticator) (termChan <-chan error, err error)

Connect opens a websocket connection to the VAAS Server, which is kept open until the context.Context expires. The termChan indicates when a connection was closed. In the case of an unexpected close, an error is written to the channel.

ForSha256(ctx context.Context, sha256 string) (messages.VaasVerdict, error)

Retrieves the verdict for the given SHA256 hash from the G DATA VaaS API. ctx is the context for request cancellation, and sha256 is the SHA256 hash of the file. If the request fails, an error will be returned. Otherwise, a messages.VaasVerdict object containing the verdict will be returned.

ForFile(ctx context.Context, filePath string) (messages.VaasVerdict, error)

Retrieves the verdict for the given file at the specified filePath from the G DATA VaaS API. ctx is the context for request cancellation. If the file cannot be opened, an error will be returned. Otherwise, a messages.VaasVerdict object containing the verdict will be returned.

ForFileInMemory(ctx context.Context, fileData io.Reader) (messages.VaasVerdict, error)

Retrieves the verdict for file data provided as an io.Reader to the G DATA VaaS API. ctx is the context for request cancellation. If the request fails, an error will be returned. Otherwise, a messages.VaasVerdict object containing the verdict will be returned.

ForUrl(ctx context.Context, url string) (messages.VaasVerdict, error)

Retrieves the verdict for the given file URL from the G DATA VaaS API. ctx is the context for request cancellation. If the request fails, an error will be returned. Otherwise, a messages.VaasVerdict object containing the verdict will be returned.

How to use

Installation

go get github.com/GDATASoftwareAG/vaas/golang/vaas

Import

import (
      "github.com/GDATASoftwareAG/vaas/golang/vaas/pkg/authenticator"
      "github.com/GDATASoftwareAG/vaas/golang/vaas/pkg/vaas"
)

Authentication

VaaS offers two authentication methods:

Client Credentials Grant

This is suitable for cases where you have a client_idand client_secret. Here's how to use it:

authenticator := authenticator.New("client_id", "client_secret", "token_endpoint")

or

authenticator := authenticator.NewWithDefaultTokenEndpoint("client_id", "client_secret")

Resource Owner Password Grant

This method is used when you have a username and password. Here's how to use it:

authenticator := authenticator.NewWithResourceOwnerPassword("client_id", "username", "password", "token_endpoint")

If you do not have a specific Client ID, please use "vaas-customer" as the client_id.

Request a verdict

Authentication & Initialization:

// Create a new authenticator with the provided Client ID and Client Secret
auth := authenticator.NewWithDefaultTokenEndpoint(clientID, clientSecret)

// Create a new VaaS client with default options
vaasClient := vaas.NewWithDefaultEndpoint(options.VaasOptions{
      UseHashLookup: true,
      UseCache:      false,
      EnableLogs:    false,
})

// Create a context with a cancellation function
ctx, webSocketCancel := context.WithCancel(context.Background())

// Establish a WebSocket connection to the VaaS server
termChan, err := vaasClient.Connect(ctx, auth)
if err != nil {
      log.Fatalf("failed to connect to VaaS %s", err.Error())
}

// Create a context with a timeout for the analysis
analysisCtx, analysisCancel := context.WithTimeout(context.Background(), 20*time.Second)
defer analysisCancel()

Verdict Request for SHA256:

// Request a verdict for a specific SHA256 hash (replace "sha256-hash" with the actual SHA256 hash)
result, err := vaasClient.ForFile(analysisCtx, "sha256-hash")
if err != nil {
    log.Fatalf("Failed to get verdict: %v", err)
}
fmt.Println(result.Verdict)

Verdict Request for a file:

// Request a verdict for a specific file (replace "path-to-your-file" with the actual file path)
result, err := vaasClient.ForFile(analysisCtx, "path-to-your-file")
if err != nil {
    log.Fatalf("Failed to get verdict: %v", err)
}
fmt.Printf("Verdict: %s\n", result.Verdict)

Verdict Request for file data provided as an io.Reader:

fileData := bytes.NewReader([]byte("file contents"))
result, err := vaasClient.ForFileInMemory(analysisCtx, fileData)
if err != nil {
    log.Fatalf("Failed to get verdict: %v", err)
}
fmt.Printf("Verdict: %s\n", result.Verdict)

Verdict Request for a file URL:

result, err := vaasClient.ForUrl(analysisCtx, "https://example.com/examplefile")
if err != nil {
    log.Fatalf("Failed to get verdict: %v", err)
}
fmt.Printf("Verdict: %s\n", result.Verdict)

I'm interested in VaaS

You need credentials to use the service in your application. If you are interested in using VaaS, please contact us.

Developing with Visual Studio Code

Every single SDKs also includes Devcontainer. If you use the Visual Studio Code Dev Containers extension, you can run the code in a full-featured development environment.