URL Scanner automation

[PabloOQ]

Describe a related problem (optional)

With automations, URLs are able to be opened automatically. But what if VirusTotal flags said URL as malicious? Previously the user could see the warning an act accordingly, but if it is automated this is not possible.

Describe your suggested feature

Solutions I have thought:

• Have VirusTotal be able to disable the open button in the OpenModule (and in consequence, the automation)
  • With an alternative to open the URL if the user desires so, maybe holding the button to bypass the restriction
• When VirusTotal flags the URL, then, after opening the url, an extra dialog will be show, "Are you sure? This URL has been flagged as malicious" y/n

_{Yes, those imply communication between modules, I don't think that is avoidable for this feature.}

Describe alternatives you've considered for your suggested feature

No response

Other details

Maybe related to #192.
This could also be extended to the patterns module.

Acknowledgements

• I have searched the existing issues and this is a new ticket, NOT a duplicate or related to another open issue.
• I have written a short but informative title.
• I will fill out all of the requested information in this form.

[TrianguloY]

That is in fact something that I have think about, and is planned in the third phase of the automation (in a far future unfortunately).

Phase 2 will add parameters to the automations, to allow for example to open a specific app for a given url (not just 'the default').

Phase 3, as I envisioned it, will use the current feature of 'url data' (the one that I think you added/used for the flags module) to add 'tags' to the current url, like for example an 'scanned ok' or 'host flagged' or even 'webhook sent', things like that. Then the automations should have an option to match those tags. This way you can create an automation that will trigger the scanner, then another that will open the url but only if the scanned was successful. This will avoid inter-module communication (technically automations are not a module...for this reason ;)

If this is properly implemented, then modules could in fact also use these tags, for example I could move all 'applied things' to the history module, or have a new module for 'warnings', although I would still like to keep modules as independent as possible.

But, as usual, lots of ideas, little time. For now I'll focus on phase 2, but I'll keep this issue open to discuss phase 3.