Inconsistent JSON/Docs

When calling /hashes/{hash} json that is returned is inconsistent. For example for the hash aaca5e8e163503ff5fadb764433f8abb, engine_results->dti_lookup->overall_weight is an integer as described in the schema. For the hash 7fbd9af4000b2ef386bd7a3c37bad1ad, engine_results->dti_lookup->overall_weight is a string.

This also appears to be the case for /hashes engine_results->av_lookup->scan_count & scan_match. Compare types in hashes f2192e273178d869576dadf81c65e65b and 7fbd9af4000b2ef386bd7a3c37bad1ad. One is an int, the other is an empty string. they should probably be null as to not change the datatype. first_seen and last_seen are normally dates, but could be an empty string. It might be good to have these be null instead as well.

EDIT: It looks like /files engine_results->av_lookup->scan_count & scan_match & first_seen & last_seen can be null. /hashes should match this instead of an empty string.

In the ReportExtended schema engine_results->dynamic_analysis->is_malicious is documented as an integer. It should be documented as a boolean.

In the example values for /hashes many items are shown as arrays of arrays instead of arrays of strings.

  • engine_results->av_lookup->signature_name
  • engine_results->dti_lookup->display_message
  • engine_results->dti_lookup->signature_name

In /reports engine_results->dynamic_analysis->id is documented but never returned (at least not in my tests)

In /reports engine_results->dynamic_analysis->analysis_info->analysis_objects->chk_sum returned value does not match documented schema.

It looks like there are more inconsistencies under dynamic_analysis. I can continue listing them if you want some help tracking them all down. But in the end the provided schemas need to match what is returned. If some values may be missing that’s ok, but it should either have null values provided in json, or be marked as optional in the schema and omitted in json.

Keep up the good work. The api is looking good, we just need to update the docs to match.

Thank you @sam.kleiner for the feedback. I have captured in our issue tracking system. We will let you know once its resolved.