Skip to content

feat: add VirusTotal process scan via SHA-256 hash#198

Open
IslamAbdelslam wants to merge 1 commit intoAbdenasser:mainfrom
IslamAbdelslam:feat/virustotal-process-scan
Open

feat: add VirusTotal process scan via SHA-256 hash#198
IslamAbdelslam wants to merge 1 commit intoAbdenasser:mainfrom
IslamAbdelslam:feat/virustotal-process-scan

Conversation

@IslamAbdelslam
Copy link
Copy Markdown

@IslamAbdelslam IslamAbdelslam commented Mar 23, 2026

Adds on-demand security scanning for any running process by:

  • Hashing the process executable (SHA-256 via /proc//exe)
  • Querying the VirusTotal v3 API with the computed hash
  • Displaying a colour-coded verdict in a dedicated modal

Backend (Rust)

  • New virustotal module with hash_executable() and check_virustotal() functions
  • Two new Tauri commands: hash_process and check_virustotal_hash
  • Graceful error handling: permission denied, rate limits (429), invalid API key (401), file not in database (404)
  • Reads executable in 64 KiB chunks to avoid loading large binaries fully into memory

Frontend (Svelte)

  • New VirusTotalModal component with three phases: idle → loading (hashing / querying) → result
  • Colour-coded verdict badge using existing CSS palette: green (clean), red (malicious), yellow (suspicious), grey (unknown)
  • SHA-256 hash display + per-engine stats grid
  • API key persisted to localStorage; never sent to the backend at rest
  • "View on VirusTotal" opens the system browser via the shell plugin
  • New teal shield button added to per-row action buttons

Tests

  • 9 new unit tests covering: SHA-256 format, determinism, invalid PIDs, empty/whitespace API key rejection, VTReport JSON serialisation, and all four verdict values
  • All 13 tests (including pre-existing ones) pass

@IslamAbdelslam
feat: add VirusTotal process scan via SHA-256 hash
5118c1a 
Adds on-demand security scanning for any running process by:
- Hashing the process executable (SHA-256 via /proc/<pid>/exe)
- Querying the VirusTotal v3 API with the computed hash
- Displaying a colour-coded verdict in a dedicated modal

## Backend (Rust)
- New `virustotal` module with `hash_executable()` and
  `check_virustotal()` functions
- Two new Tauri commands: `hash_process` and `check_virustotal_hash`
- Graceful error handling: permission denied, rate limits (429),
  invalid API key (401), file not in database (404)
- Reads executable in 64 KiB chunks to avoid loading large binaries
  fully into memory

## Frontend (Svelte)
- New `VirusTotalModal` component with three phases:
  idle → loading (hashing / querying) → result
- Colour-coded verdict badge using existing CSS palette:
  green (clean), red (malicious), yellow (suspicious), grey (unknown)
- SHA-256 hash display + per-engine stats grid
- API key persisted to localStorage; never sent to the backend at rest
- "View on VirusTotal" opens the system browser via the shell plugin
- New teal shield button added to per-row action buttons

## Tests
- 9 new unit tests covering: SHA-256 format, determinism, invalid PIDs,
  empty/whitespace API key rejection, VTReport JSON serialisation,
  and all four verdict values
- All 13 tests (including pre-existing ones) pass

Closes #<issue-number>
@IslamAbdelslam IslamAbdelslam force-pushed the feat/virustotal-process-scan branch from e0cd601 to 5118c1a Compare March 23, 2026 22:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Abdenasser Abdenasser Awaiting requested review from Abdenasser Abdenasser is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@IslamAbdelslam