Closed Stefan-Code closed 8 years ago
Stefan-Code
commented
8 years ago It looks like the developers guide doesn't cover a filename without extension and the current python implementation seems to be correct. I am wondering though, why google's lookup tool handles this differently/
afilipovich
commented
8 years ago Good catch.
I guess diagnostic page works directly with blacklisted URLs rather than hashes, otherwise it would not be able to tell if http://malware.testing.google.test/testing is "partially dangerous".
I think the best course of actions is to report this use case to Google.
Stefan-Code
commented
8 years ago Yeah you're right, didn't see the "partially dangerous" happen before. I'll see if I can find a way to contact someone (but I think it might be difficult to get a response). I guess we can close this too, because implementing this change would be against the developers guide.
afilipovich
commented
8 years ago Yeah, I agree. Thanks.
When looking up
http://malware.testing.google.test/testing/malwareusing the python implementation, it returns NOT blacklisted. When performing the same lookup on the google lookup page it is listed. Maybe when generating the permutations, a trailing slash should be appended to urls likehttp://foo.com/bar/filebecause that's what google seems to do on their lookup page. When looking uphttp://malware.testing.google.test/testing/malware/with python, you see it is blacklisted. Link to gglsbl3 issue