mihari 2.1.0 → 2.4.0

data/lib/mihari/models/artifact.rb

@@ -1,6 +1,9 @@
 # frozen_string_literal: true
 
 require "active_record"
+require "active_record/filter"
+require "active_support/core_ext/integer/time"
+require "active_support/core_ext/numeric/time"
 
 class ArtifactValidator < ActiveModel::Validator
   def validate(record)
@@ -20,8 +23,16 @@ module Mihari
       self.data_type = TypeChecker.type(data)
     end
 
-    def unique?
-      self.class.find_by(data: data).nil?
+    def unique?(ignore_old_artifacts: false, ignore_threshold: 0)
+      artifact = self.class.where(data: data).order(created_at: :desc).first
+      return true if artifact.nil?
+
+      return false unless ignore_old_artifacts
+
+      days_before = (-ignore_threshold).days.from_now
+      # if an artifact is created before {ignore_threshold} days, ignore it
+      #                           within {ignore_threshold} days, do not ignore it
+      artifact.created_at < days_before
     end
   end
 end

data/lib/mihari/notifiers/slack.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
 require "slack-notifier"
-require "mihari/slack_monkeypatch"
 
 module Mihari
   module Notifiers

data/lib/mihari/status.rb

@@ -3,7 +3,7 @@
 module Mihari
   class Status
     def check
-      statuses.transform_values { |value| convert(**value) }
+      statuses
     end
 
     def self.check
@@ -12,14 +12,6 @@ module Mihari
 
     private
 
-    def convert(is_configured:, values:, type:)
-      {
-        is_configured: is_configured,
-        values: values,
-        type: type
-      }
-    end
-
     def statuses
       (Mihari.analyzers + Mihari.emitters).map do |klass|
         name = klass.to_s.split("::").last.to_s

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "2.1.0"
+  VERSION = "2.4.0"
 end

data/lib/mihari/web/app.rb

@@ -1,16 +1,23 @@
-require "awrence"
-require "colorize"
+# frozen_string_literal: true
+
 require "launchy"
 require "rack"
-require "safe_shell"
+require "rack/handler/puma"
 require "sinatra"
-require "sinatra/json"
-require "sinatra/reloader"
+
+require "mihari/web/helpers/json"
+
+require "mihari/web/controllers/base_controller"
+
+require "mihari/web/controllers/alerts_controller"
+require "mihari/web/controllers/artifacts_controller"
+require "mihari/web/controllers/command_controller"
+require "mihari/web/controllers/config_controller"
+require "mihari/web/controllers/sources_controller"
+require "mihari/web/controllers/tags_controller"
 
 module Mihari
   class App < Sinatra::Base
-    register Sinatra::Reloader
-
     set :root, File.dirname(__FILE__)
     set :public_folder, File.join(root, "public")
 
@@ -18,140 +25,18 @@ module Mihari
       send_file File.join(settings.public_folder, "index.html")
     end
 
-    get "/api/alerts" do
-      page = params["page"] || 1
-      page = page.to_i
-      limit = 10
-
-      artifact_data = params["artifact"]
-      description = params["description"]
-      source = params["source"]
-      tag_name = params["tag"]
-      title = params["title"]
-
-      from_at = params["from_at"] || params["fromAt"]
-      from_at = DateTime.parse(from_at) if from_at
-      to_at = params["to_at"] || params["toAt"]
-      to_at = DateTime.parse(to_at) if to_at
-
-      alerts = Mihari::Alert.search(
-        artifact_data: artifact_data,
-        description: description,
-        from_at: from_at,
-        limit: limit,
-        page: page,
-        source: source,
-        tag_name: tag_name,
-        title: title,
-        to_at: to_at
-      )
-      total = Mihari::Alert.count(
-        artifact_data: artifact_data,
-        description: description,
-        from_at: from_at,
-        source: source,
-        tag_name: tag_name,
-        title: title,
-        to_at: to_at
-      )
-
-      json = { alerts: alerts, total: total, current_page: page, page_size: limit }
-      json json.to_camelback_keys
-    end
-
-    delete "/api/alerts/:id" do
-      id = params["id"]
-      id = id.to_i
-
-      begin
-        alert = Mihari::Alert.find(id)
-        alert.destroy
-
-        status 204
-        body ""
-      rescue ActiveRecord::RecordNotFound
-        status 404
-
-        message = { message: "ID:#{id} is not found" }
-        json message
-      end
-    end
-
-    delete "/api/artifacts/:id" do
-      id = params["id"]
-      id = id.to_i
-
-      begin
-        alert = Mihari::Artifact.find(id)
-        alert.delete
-
-        status 204
-        body ""
-      rescue ActiveRecord::RecordNotFound
-        status 404
-
-        message = { message: "ID:#{id} is not found" }
-        json message
-      end
-    end
-
-    delete "/api/tags/:name" do
-      name = params["name"]
-
-      begin
-        Mihari::Tag.where(name: name).destroy_all
-
-        status 204
-        body ""
-      rescue ActiveRecord::RecordNotFound
-        status 404
-
-        message = { message: "Name:#{name} is not found" }
-        json message
-      end
-    end
-
-    get "/api/sources" do
-      tags = Mihari::Alert.distinct.pluck(:source)
-      json tags
-    end
-
-    get "/api/tags" do
-      tags = Mihari::Tag.distinct.pluck(:name)
-      json tags
-    end
-
-    get "/api/config" do
-      report = Status.check
-
-      json report.to_camelback_keys
-    end
-
-    post "/api/command" do
-      payload = JSON.parse(request.body.read)
-
-      command = payload["command"]
-      if command.nil?
-        status 400
-        return json( { message: "command is required" })
-      end
-
-      command = command.split
-
-      output = SafeShell.execute("mihari", *command)
-      success = $?.success?
-
-      json({ output: output, success: success })
-    end
+    use Mihari::Controllers::AlertsController
+    use Mihari::Controllers::ArtifactsController
+    use Mihari::Controllers::CommandController
+    use Mihari::Controllers::ConfigController
+    use Mihari::Controllers::SourcesController
+    use Mihari::Controllers::TagsController
 
     class << self
       def run!(port: 9292, host: "localhost")
-        url =  "http://#{host}:#{port}"
-
-        puts "The app will be available at #{url}.".colorize(:blue)
-        puts "(Press Ctrl+C to quit)".colorize(:blue)
+        url = "http://#{host}:#{port}"
 
-        Rack::Handler::WEBrick.run self, Port: port, Host: host do |server|
+        Rack::Handler::Puma.run self, Port: port, Host: host do |server|
           Launchy.open url
 
           [:INT, :TERM].each do |sig|

data/lib/mihari/web/controllers/alerts_controller.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Controllers
+    class AlertsController < BaseController
+      get "/api/alerts" do
+        param :page, Integer
+        param :artifact, String
+        param :description, String
+        param :source, String
+        param :tag, String
+
+        param :from_at, DateTime
+        param :fromAt, DateTime
+        param :to_at, DateTime
+        param :toAt, DateTime
+
+        page = params["page"] || 1
+        page = page.to_i
+        limit = 10
+
+        artifact_data = params["artifact"]
+        description = params["description"]
+        source = params["source"]
+        tag_name = params["tag"]
+        title = params["title"]
+
+        from_at = params["from_at"] || params["fromAt"]
+        from_at = DateTime.parse(from_at) if from_at
+        to_at = params["to_at"] || params["toAt"]
+        to_at = DateTime.parse(to_at) if to_at
+
+        alerts = Mihari::Alert.search(
+          artifact_data: artifact_data,
+          description: description,
+          from_at: from_at,
+          limit: limit,
+          page: page,
+          source: source,
+          tag_name: tag_name,
+          title: title,
+          to_at: to_at
+        )
+        total = Mihari::Alert.count(
+          artifact_data: artifact_data,
+          description: description,
+          from_at: from_at,
+          source: source,
+          tag_name: tag_name,
+          title: title,
+          to_at: to_at
+        )
+
+        json({ alerts: alerts, total: total, current_page: page, page_size: limit })
+      end
+
+      delete "/api/alerts/:id" do
+        id = params["id"]
+        id = id.to_i
+
+        begin
+          alert = Mihari::Alert.find(id)
+          alert.destroy
+
+          status 204
+          body ""
+        rescue ActiveRecord::RecordNotFound
+          status 404
+
+          json({ message: "ID:#{id} is not found" })
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/artifacts_controller.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Controllers
+    class ArtifactsController < BaseController
+      delete "/api/artifacts/:id" do
+        id = params["id"]
+        id = id.to_i
+
+        begin
+          alert = Mihari::Artifact.find(id)
+          alert.delete
+
+          status 204
+          body ""
+        rescue ActiveRecord::RecordNotFound
+          status 404
+
+          json({ message: "ID:#{id} is not found" })
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/base_controller.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+require "rack/contrib/json_body_parser"
+require "sinatra"
+require "sinatra/param"
+
+module Mihari
+  module Controllers
+    class BaseController < Sinatra::Base
+      helpers Sinatra::Param
+
+      use Rack::JSONBodyParser
+
+      set :show_exceptions, false
+      set :raise_sinatra_param_exceptions, true
+
+      error Sinatra::Param::InvalidParameterError do
+        json({ error: "#{env['sinatra.error'].param} is invalid" })
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/command_controller.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require "safe_shell"
+
+module Mihari
+  module Controllers
+    class CommandController < BaseController
+      post "/api/command" do
+        param :command, String, required: true
+
+        command = params["command"]
+        if command.nil?
+          status 400
+          return json({ message: "command is required" })
+        end
+
+        command = command.split
+
+        output = SafeShell.execute("mihari", *command)
+        success = $?.success?
+
+        json({ output: output, success: success })
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/config_controller.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Controllers
+    class ConfigController < BaseController
+      get "/api/config" do
+        report = Status.check
+
+        json report.to_camelback_keys
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/sources_controller.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Controllers
+    class SourcesController < BaseController
+      get "/api/sources" do
+        tags = Mihari::Alert.distinct.pluck(:source)
+        json tags
+      end
+    end
+  end
+end

data/lib/mihari/web/controllers/tags_controller.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Controllers
+    class TagsController < BaseController
+      get "/api/tags" do
+        tags = Mihari::Tag.distinct.pluck(:name)
+        json tags
+      end
+
+      delete "/api/tags/:name" do
+        name = params["name"]
+
+        begin
+          Mihari::Tag.where(name: name).destroy_all
+
+          status 204
+          body ""
+        rescue ActiveRecord::RecordNotFound
+          status 404
+
+          message = { message: "Name:#{name} is not found" }
+          json message
+        end
+      end
+    end
+  end
+end