daino 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 88c21305b34d0d8c669770ec9ba40497f3c6cf18ad5fe21591ca8ffeda527051
+  data.tar.gz: 4fe7cc4fe0fd24ebeff6d76b22a4dd1b6c58766b8e5ceff95faa69ed365aff81
+SHA512:
+  metadata.gz: 5f154a40263dea68fbe8623d4c8795d3f0230de7f98c53b794e41504df5041b916cee5067b5b9f2f8c6b82ea95e944e76bc4cc27e8d766732b82368f5fd60072
+  data.tar.gz: 1d402c74e4ceced9bbc6638a2c0ed1f9d7eaae683a74d631687ab7c97e77affe400094343a4ce6978fccc89dcf9301c1a22f3c869b1b25e2cd5d9aaf93d07dac

data/.gitignore

@@ -0,0 +1,52 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+# Used by dotenv library to load environment variables.
+# .env
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+*.bridgesupport
+build-iPhoneOS/
+build-iPhoneSimulator/
+
+## Specific to RubyMotion (use of CocoaPods):
+#
+# We recommend against adding the Pods directory to your .gitignore. However
+# you should judge for yourself, the pros and cons are mentioned at:
+# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
+#
+# vendor/Pods/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+Gemfile.lock
+.ruby-version
+.ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.travis.yml

@@ -0,0 +1,7 @@
+---
+sudo: false
+language: ruby
+cache: bundler
+rvm:
+  - 2.6.1
+before_install: gem install bundler -v 2.0.1

data/Gemfile

@@ -0,0 +1,4 @@
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in daino.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Manabu Niseki
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,82 @@
+# daino
+
+[![Build Status](https://travis-ci.org/ninoseki/daino.svg?branch=master)](https://travis-ci.org/ninoseki/daino)
+[![Coverage Status](https://coveralls.io/repos/github/ninoseki/daino/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/daino?branch=master)
+
+daino(`大脳`) is a dead simple [Cortex](https://github.com/TheHive-Project/Cortex) API wrapper for Ruby.
+
+## Installation
+
+```bash
+gem install daino
+```
+
+## Usage
+
+```ruby
+require "daino"
+
+# when given nothing, it tries to load your API key from ENV["CORTEX_API_KEY"] & API endpoint from ENV["CORTEX_API_ENDPOINT"]
+api = Daino::API.new
+# or you can set them manually
+api = Daino::API.new(api_endpoint: "http://your_api_endpoint", api_key: "yoru_api_key")
+
+# search jobs
+jobs = api.job.search(data: "1.1.1.1", data_type: "ip")
+
+jobs.each do |job|
+  id = job.dig("id")
+  next unless id
+
+  # get a report of a job
+  report = api.job.report(id)
+  puts JSON.pretty_generate(report)
+end
+```
+
+## Implemented methods
+
+### Analyzer
+
+| HTTP Method | URI                           | Action                | API method                                                                                                                                                                                                     |
+|-------------|-------------------------------|-----------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| GET         | /api/analyzer                 | List analyzers        | `#api.analyzer.list`                                                                                                                                                                                           |
+| POST        | /api/analyzer/_search         | Search analyzers      | `#api.analyzer.search(attributes)`                                                                                                                                                                             |
+| GET         | /api/analyzer/:analyzerId     | Get an analyzer       | `#api.analyzer.get_by_id(id)`                                                                                                                                                                                  |
+| GET         | /api/analyzer/:analyzerId     | Get an analyzer       | `#api.analyzer.get_by_id(id)` or `#api.analyzer.get_by_name(name)`                                                                                                                                             |
+| GET         | /api/analyzer/type/:dataType  | Get analyzers by type | `#api.analyzer.get_by_type(type)`                                                                                                                                                                              |
+| POST        | /api/analyzer/:analyzerId/run | Run an analyzer       | `#api.analyzer.run_by_id(id, data:, data_type:, tlp: 0, message: nil, parameters: nil, force: nil)` or `#api.analyzer.run_by_name(name, data:, data_type:, tlp: 0, message: nil, parameters: nil, force: nil)` |
+
+### Job
+
+| HTTP Method | URI                       | Action                 | API method                      |
+|-------------|---------------------------|------------------------|---------------------------------|
+| POST        | /api/job/_search          | Search jobs            | `#api.job.search(range: "all")` |
+| GET         | /api/job/:jobId           | Get a job by id        | `#api.job.get_by_id(id)`        |
+| GET         | /api/job/:jobId/report    | Get a report of a job  | `#api.job.report(id)`           |
+| GET         | /api/job/:jobID/artifacts | Get artifacts of a job | `#api.job.artifacts(id)`        |
+| DELETE      | /api/job/:jobId           | Delete a job           | `#api.job.delete_by_id(id)`     |
+
+### Organization
+
+| HTTP Method | URI                                    | Action                       | API method                                                        |
+|-------------|----------------------------------------|------------------------------|-------------------------------------------------------------------|
+| GET         | /api/organization                      | List organizations           | `#api.organization.list`                                          |
+| POST        | /api/organization/_search              | Search organizations         | `#api.organization.search(attributes)`                            |
+| GET         | /api/organization/:organizationId      | Get an organization          | `#api.organization.get_by_id(id)`                                 |
+| GET         | /api/organization/:organizationId/user | Get users of an organization | `#api.organization.users(id)`                                     |
+| POST        | /api/organization                      | Create an organization       | `#api.organization.create(name:, description:, status: "Active")` |
+| DELETE      | /api/organization/:organizationId      | Delete an organization       | `#api.organization.delete_by_id(id)`                              |
+
+### User
+
+| HTTP Method | URI                 | Action        | API method                                                             |
+|-------------|---------------------|---------------|------------------------------------------------------------------------|
+| GET         | /api/user           | List users    | `#api.user.list`                                                       |
+| POST        | /api/user/_search   | Search users  | `#api.user.search(attributes)`                                         |
+| GET         | /api/user/:userName | Get a user    | `#api.user.get_by_name(name)`                                          |
+| POST        | /api/user           | Create a user | `#api.user.create(name:, roles:, organization:, login:, status: "Ok")` |
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "daino"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/daino.gemspec

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "daino/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "daino"
+  spec.version       = Daino::VERSION
+  spec.authors       = ["Manabu Niseki"]
+  spec.email         = ["manabu.niseki@gmail.com"]
+
+  spec.summary       = "A dead simple Cortex API wrapper for Ruby."
+  spec.description   = "A dead simple Cortex API wrapper for Ruby."
+  spec.homepage      = "https://github.com/ninoseki/daino"
+  spec.license       = "MIT"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "coveralls", "~> 0.8"
+  spec.add_development_dependency "rake", "~> 12.3"
+  spec.add_development_dependency "rspec", "~> 3.8"
+  spec.add_development_dependency "vcr", "~> 5.0"
+  spec.add_development_dependency "webmock", "~> 3.6"
+end

data/lib/daino.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+require "daino/version"
+
+require "daino/clients/base"
+require "daino/clients/job"
+require "daino/clients/analyzer"
+require "daino/clients/organization"
+require "daino/clients/user"
+
+require "daino/api"
+
+module Daino
+  class Error < StandardError; end
+end

data/lib/daino/api.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Daino
+  class API
+    attr_reader :job
+    attr_reader :analyzer
+    attr_reader :organization
+
+    def initialize(api_endpoint: ENV["CORTEX_API_ENDPOINT"], api_key: ENV["CORTEX_API_KEY"])
+      raise(ArgumentError, "api_endpoint argument is required") unless api_endpoint
+      raise(ArgumentError, "api_key argument is required") unless api_key
+
+      @job = Clients::Job.new(api_endpoint: api_endpoint, api_key: api_key)
+      @analyzer = Clients::Analyzer.new(api_endpoint: api_endpoint, api_key: api_key)
+      @organization = Clients::Organization.new(api_endpoint: api_endpoint, api_key: api_key)
+      @user = Clients::User.new(api_endpoint: api_endpoint, api_key: api_key)
+    end
+  end
+end

data/lib/daino/clients/analyzer.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+module Daino
+  module Clients
+    class Analyzer < Base
+      def list
+        get("/api/analyzer") { |json| json }
+      end
+
+      def search(attributes)
+        post("/api/analyzer/_search", query: attributes) { |json| json }
+      end
+
+      def get_by_id(id)
+        get("/api/analyzer/#{id}") { |json| json }
+      end
+
+      def get_by_name(name)
+        search(name: name)&.first
+      end
+
+      def get_by_type(type)
+        get("/api/analyzer/type/#{type}") { |json| json }
+      end
+
+      def run_by_id(id, data:, data_type:, tlp: 0, message: nil, parameters: nil, force: nil)
+        payload = {
+          data: data,
+          dataType: data_type,
+          tlp: tlp,
+          message: message,
+          parameters: parameters
+        }.compact
+
+        options = force.nil? ? {} : { force: force }
+
+        post("/api/analyzer/#{id}/run", payload, options) { |json| json }
+      end
+
+      def run_by_name(name, data:, data_type:, tlp: 0, message: nil, parameters: nil, force: nil)
+        analyzer = get_by_name(name)
+        raise ArgumentError, "#{name} does not exist." unless analyzer
+
+        id = analyzer.dig("id")
+        run_by_id(id, data: data, data_type: data_type, tlp: tlp, message: message, parameters: parameters, force: force)
+      end
+    end
+  end
+end

data/lib/daino/clients/base.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+require "json"
+require "net/https"
+
+module Daino
+  module Clients
+    class Base
+      attr_reader :api_endpoint
+      attr_reader :api_key
+
+      def initialize(api_endpoint:, api_key:)
+        @api_endpoint = URI(api_endpoint)
+        @api_key = api_key
+      end
+
+      private
+
+      def base_url
+        "#{api_endpoint.scheme}://#{api_endpoint.hostname}:#{api_endpoint.port}"
+      end
+
+      def url_for(path)
+        URI(base_url + path)
+      end
+
+      def https_options
+        return nil if api_endpoint.scheme != "https"
+
+        if proxy = ENV["HTTPS_PROXY"] || ENV["https_proxy"]
+          uri = URI(proxy)
+          {
+            proxy_address: uri.hostname,
+            proxy_port: uri.port,
+            proxy_from_env: false,
+            use_ssl: true,
+          }
+        else
+          { use_ssl: true }
+        end
+      end
+
+      def http_options
+        if proxy = ENV["HTTP_PROXY"] || ENV["http_proxy"]
+          uri = URI(proxy)
+          {
+            proxy_address: uri.hostname,
+            proxy_port: uri.port,
+            proxy_from_env: false,
+          }
+        else
+          {}
+        end
+      end
+
+      def parse_body(body)
+        JSON.parse body.to_s
+      rescue JSON::ParserError => _e
+        body.to_s
+      end
+
+      def request(req)
+        Net::HTTP.start(api_endpoint.hostname, api_endpoint.port, https_options || http_options) do |http|
+          response = http.request(req)
+          json = parse_body(response.body)
+
+          raise(Error, "Unsupported response code returned: #{response.code} (#{json&.dig('message')})") unless response.code.start_with? "20"
+
+          yield json
+        end
+      end
+
+      def get(path, params = {}, &block)
+        url = url_for(path)
+        url.query = URI.encode_www_form(params) unless params.empty?
+
+        get = Net::HTTP::Get.new(url)
+        get.add_field "Authorization", "Bearer #{api_key}"
+        request(get, &block)
+      end
+
+      def post(path, data, params = {}, &block)
+        url = url_for(path)
+        url.query = URI.encode_www_form(params) unless params.empty?
+
+        post = Net::HTTP::Post.new(url)
+        post.body = data.is_a?(Hash) ? data.to_json : data.to_s
+
+        post.add_field "Content-Type", "application/json"
+        post.add_field "Authorization", "Bearer #{api_key}"
+
+        request(post, &block)
+      end
+
+      def delete(path, params = {}, &block)
+        url = url_for(path)
+        url.query = URI.encode_www_form(params) unless params.empty?
+
+        delete = Net::HTTP::Delete.new(url)
+        delete.add_field "Authorization", "Bearer #{api_key}"
+        request(delete, &block)
+      end
+    end
+  end
+end

data/lib/daino/clients/job.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Daino
+  module Clients
+    class Job < Base
+      def list(range: "all")
+        search({}, range: range)
+      end
+
+      def search(attributes, range: "all")
+        post("/api/job/_search", attributes, range: range) { |json| json }
+      end
+
+      def get_by_id(id)
+        get("/api/job/#{id}") { |json| json }
+      end
+
+      def report(id)
+        get("/api/job/#{id}/report") { |json| json }
+      end
+
+      def artifacts(id)
+        get("/api/job/#{id}/artifacts") { |json| json }
+      end
+
+      def delete_by_id(id)
+        delete("/api/job/#{id}") { |json| json }
+      end
+    end
+  end
+end

data/lib/daino/clients/organization.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Daino
+  module Clients
+    class Organization < Base
+      def list
+        get("/api/organization") { |json| json }
+      end
+
+      def search(attributes)
+        post("/api/organization/_search", query: attributes) { |json| json }
+      end
+
+      def get_by_id(id)
+        get("/api/organization/#{id}") { |json| json }
+      end
+
+      def users(id)
+        get("/api/organization/#{id}/user") { |json| json }
+      end
+
+      def create(name:, description:, status: "Active")
+        payload = { name: name, description: description, status: status }
+        post("/api/organization", payload) { |json| json }
+      end
+
+      def delete_by_id(id)
+        delete("/api/organization/#{id}") { |res| res }
+      end
+    end
+  end
+end

data/lib/daino/clients/user.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Daino
+  module Clients
+    class User < Base
+      def list
+        get("/api/user") { |json| json }
+      end
+
+      def search(attributes)
+        post("/api/user/_search", query: attributes) { |json| json }
+      end
+
+      def get_by_name(name)
+        get("/api/user/#{name}") { |json| json }
+      end
+
+      def create(name:, roles:, organization:, login:, status: "Ok")
+        payload = {
+          name: name,
+          roles: roles,
+          organization: organization,
+          login: login,
+          status: status
+        }
+        post("/api/user", payload) { |json| json }
+      end
+    end
+  end
+end

data/lib/daino/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module Daino
+  VERSION = "0.1.0"
+end

metadata

@@ -0,0 +1,145 @@
+--- !ruby/object:Gem::Specification
+name: daino
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Manabu Niseki
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-06-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12.3'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: vcr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '5.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+description: A dead simple Cortex API wrapper for Ruby.
+email:
+- manabu.niseki@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- daino.gemspec
+- lib/daino.rb
+- lib/daino/api.rb
+- lib/daino/clients/analyzer.rb
+- lib/daino/clients/base.rb
+- lib/daino/clients/job.rb
+- lib/daino/clients/organization.rb
+- lib/daino/clients/user.rb
+- lib/daino/version.rb
+homepage: https://github.com/ninoseki/daino
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.2
+signing_key: 
+specification_version: 4
+summary: A dead simple Cortex API wrapper for Ruby.
+test_files: []