Public/Send-FileToGlimpsMalware.ps1
|
function Send-FileToGlimpsMalware { <# .SYNOPSIS Send file to Glimps .DESCRIPTION .PARAMETER FilePath Provide FilePath to a file to check. .PARAMETER FileInformation Provide FileInformation to a file to check. .EXAMPLE .NOTES #> [CmdletBinding(DefaultParameterSetName = 'none')] Param( [Parameter(Mandatory, ParameterSetName = 'FileInformation', ValueFromPipeline, Position = 0)] [System.IO.FileInfo] $FileInformation, [Parameter(Mandatory, ParameterSetName = 'FilePath', ValueFromPipeline, Position = 0)] [string] $FilePath, [Parameter()] [switch] $AsZip ) Begin { Test-GlimpsMalwareConnection $listFiles = [System.Collections.ArrayList]@() $results = [System.Collections.ArrayList]@() } Process { if ($FilePath) { Write-Verbose "Path received" Try { $FileInformation = Get-Item $FilePath } Catch { throw "Can't get file at $FilePath" } } if ($FileInformation) { Write-Verbose "File Information received $($FileInformation.GetType())" $listFiles.Add($FileInformation) | Out-Null } } End { if ($AsZip) { $archiveName = "$([guid]::NewGuid() | Select-Object -ExpandProperty Guid).zip" Write-Verbose "Adding as $archiveName" $compressArguments = @{ LiteralPath = $listFiles | Select-Object -ExpandProperty FullName CompressionLevel = "NoCompression" DestinationPath = $(Join-Path $($env:temp) $archiveName) } $ProgressPreference = 'silentlycontinue' Compress-Archive @compressArguments $listFiles = Get-Item $compressArguments.DestinationPath } foreach ($file in $listFiles) { Write-Verbose "Sending file $($file.FullName)" $Boundary = [Guid]::NewGuid().ToString() $params = @{ Method = "POST" Uri = $($_ApiURL.AbsoluteUri + "submit") ContentType = "multipart/form-data; boundary=`"$boundary`"" Headers = @{"Accept"="application/json"; "X-Auth-Token"=$(New-Object PSCredential 0, $_ApiKey).GetNetworkCredential().Password} Body = $(ConvertTo-GlimpsMalwareBody -FileInformation $file -Boundary $Boundary) } if ($AsZip) { Write-Verbose "Remove item $($file.fullName)" Remove-Item $file | Out-Null } Try { $WebResponse = Invoke-WebRequest @params } Catch { Write-Verbose "Response $($WebResponse.Content)" $details = $_.Exception throw $details } Try { Write-Verbose "Response $($WebResponse.Content)" $response = $WebResponse.Content | ConvertFrom-Json } Catch { throw "Can't parse content $($WebResponse.Content): $_" } If ($response.status) { $results.Add($response.uuid) | Out-Null } else { throw "Status Wrong $($result)" } } Write-Verbose "Return $($results.Count)" $results } } |