RubyGems - mihari - Versions diffs - 3.6.0 → 3.6.1 - Mend

mihari 3.6.0 → 3.6.1

Files changed (117) hide show

checksums.yaml +4 -4
data/.gitmodules +3 -0
data/README.md +2 -0
data/Steepfile +32 -0
data/lib/mihari/analyzers/base.rb +5 -5
data/lib/mihari/analyzers/binaryedge.rb +13 -0
data/lib/mihari/analyzers/censys.rb +5 -0
data/lib/mihari/analyzers/circl.rb +15 -0
data/lib/mihari/analyzers/crtsh.rb +5 -0
data/lib/mihari/analyzers/dnpedia.rb +5 -0
data/lib/mihari/analyzers/dnstwister.rb +17 -0
data/lib/mihari/analyzers/onyphe.rb +20 -4
data/lib/mihari/analyzers/otx.rb +20 -0
data/lib/mihari/analyzers/passivetotal.rb +25 -0
data/lib/mihari/analyzers/pulsedive.rb +10 -0
data/lib/mihari/analyzers/rule.rb +18 -0
data/lib/mihari/analyzers/securitytrails.rb +25 -0
data/lib/mihari/analyzers/shodan.rb +13 -0
data/lib/mihari/analyzers/spyse.rb +20 -0
data/lib/mihari/analyzers/urlscan.rb +10 -0
data/lib/mihari/analyzers/virustotal.rb +20 -0
data/lib/mihari/analyzers/zoomeye.rb +38 -0
data/lib/mihari/emitters/base.rb +1 -1
data/lib/mihari/emitters/misp.rb +38 -5
data/lib/mihari/emitters/slack.rb +20 -2
data/lib/mihari/emitters/the_hive.rb +16 -3
data/lib/mihari/emitters/webhook.rb +18 -3
data/lib/mihari/mixins/disallowed_data_value.rb +1 -1
data/lib/mihari/structs/onyphe.rb +2 -2
data/lib/mihari/type_checker.rb +9 -9
data/lib/mihari/version.rb +1 -1
data/mihari.gemspec +1 -0
data/sig/lib/mihari/analyzers/base.rbs +99 -0
data/sig/lib/mihari/analyzers/basic.rbs +17 -0
data/sig/lib/mihari/analyzers/binaryedge.rbs +25 -0
data/sig/lib/mihari/analyzers/censys.rbs +38 -0
data/sig/lib/mihari/analyzers/circl.rbs +29 -0
data/sig/lib/mihari/analyzers/crtsh.rbs +19 -0
data/sig/lib/mihari/analyzers/dnpedia.rbs +18 -0
data/sig/lib/mihari/analyzers/dnstwister.rbs +27 -0
data/sig/lib/mihari/analyzers/onyphe.rbs +33 -0
data/sig/lib/mihari/analyzers/otx.rbs +33 -0
data/sig/lib/mihari/analyzers/passivetotal.rbs +33 -0
data/sig/lib/mihari/analyzers/pulsedive.rbs +27 -0
data/sig/lib/mihari/analyzers/rule.rbs +68 -0
data/sig/lib/mihari/analyzers/securitytrails.rbs +33 -0
data/sig/lib/mihari/analyzers/shodan.rbs +33 -0
data/sig/lib/mihari/analyzers/spyse.rbs +29 -0
data/sig/lib/mihari/analyzers/urlscan.rbs +28 -0
data/sig/lib/mihari/analyzers/virustotal.rbs +31 -0
data/sig/lib/mihari/analyzers/zoomeye.rbs +33 -0
data/sig/lib/mihari/cli/analyzer.rbs +39 -0
data/sig/lib/mihari/cli/base.rbs +11 -0
data/sig/lib/mihari/cli/init.rbs +7 -0
data/sig/lib/mihari/cli/main.rbs +9 -0
data/sig/lib/mihari/cli/mixins/utils.rbs +50 -0
data/sig/lib/mihari/cli/validator.rbs +7 -0
data/sig/lib/mihari/commands/binaryedge.rbs +7 -0
data/sig/lib/mihari/commands/censys.rbs +7 -0
data/sig/lib/mihari/commands/circl.rbs +7 -0
data/sig/lib/mihari/commands/crtsh.rbs +7 -0
data/sig/lib/mihari/commands/dnpedia.rbs +7 -0
data/sig/lib/mihari/commands/dnstwister.rbs +7 -0
data/sig/lib/mihari/commands/init.rbs +11 -0
data/sig/lib/mihari/commands/json.rbs +7 -0
data/sig/lib/mihari/commands/onyphe.rbs +7 -0
data/sig/lib/mihari/commands/otx.rbs +7 -0
data/sig/lib/mihari/commands/passivetotal.rbs +7 -0
data/sig/lib/mihari/commands/pulsedive.rbs +7 -0
data/sig/lib/mihari/commands/search.rbs +35 -0
data/sig/lib/mihari/commands/securitytrails.rbs +7 -0
data/sig/lib/mihari/commands/shodan.rbs +7 -0
data/sig/lib/mihari/commands/spyse.rbs +7 -0
data/sig/lib/mihari/commands/urlscan.rbs +7 -0
data/sig/lib/mihari/commands/validator.rbs +11 -0
data/sig/lib/mihari/commands/virustotal.rbs +7 -0
data/sig/lib/mihari/commands/web.rbs +7 -0
data/sig/lib/mihari/commands/zoomeye.rbs +7 -0
data/sig/lib/mihari/constants.rbs +3 -0
data/sig/lib/mihari/database.rbs +25 -0
data/sig/lib/mihari/emitters/base.rbs +18 -0
data/sig/lib/mihari/emitters/database.rbs +9 -0
data/sig/lib/mihari/emitters/misp.rbs +28 -0
data/sig/lib/mihari/emitters/slack.rbs +58 -0
data/sig/lib/mihari/emitters/stdout.rbs +9 -0
data/sig/lib/mihari/emitters/the_hive.rbs +24 -0
data/sig/lib/mihari/emitters/webhook.rbs +20 -0
data/sig/lib/mihari/errors.rbs +10 -0
data/sig/lib/mihari/mixins/configurable.rbs +26 -0
data/sig/lib/mihari/mixins/configuration.rbs +45 -0
data/sig/lib/mihari/mixins/disallowed_data_value.rbs +25 -0
data/sig/lib/mihari/mixins/hash.rbs +14 -0
data/sig/lib/mihari/mixins/refang.rbs +14 -0
data/sig/lib/mihari/mixins/retriable.rbs +15 -0
data/sig/lib/mihari/mixins/rule.rbs +41 -0
data/sig/lib/mihari/models/alert.rbs +46 -0
data/sig/lib/mihari/models/artifact.rbs +54 -0
data/sig/lib/mihari/models/autonomous_system.rbs +5 -0
data/sig/lib/mihari/models/dns.rbs +19 -0
data/sig/lib/mihari/models/geolocation.rbs +6 -0
data/sig/lib/mihari/models/reverse_dns.rbs +14 -0
data/sig/lib/mihari/models/tag.rbs +5 -0
data/sig/lib/mihari/models/tagging.rbs +4 -0
data/sig/lib/mihari/models/whois.rbs +66 -0
data/sig/lib/mihari/notifiers/base.rbs +18 -0
data/sig/lib/mihari/notifiers/exception_notifier.rbs +75 -0
data/sig/lib/mihari/notifiers/slack.rbs +50 -0
data/sig/lib/mihari/status.rbs +25 -0
data/sig/lib/mihari/structs/censys.rbs +50 -0
data/sig/lib/mihari/structs/onyphe.rbs +25 -0
data/sig/lib/mihari/structs/shodan.rbs +28 -0
data/sig/lib/mihari/type_checker.rbs +48 -0
data/sig/lib/mihari/types.rbs +17 -0
data/sig/lib/mihari/version.rbs +3 -0
data/sig/lib/mihari/web/app.rbs +5 -0
data/sig/lib/mihari.rbs +57 -0
metadata +102 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c9c1cbdf0570c25e2d89d7f6fd402b64991dfaebc75cf3cf5422a56504287ae9
-  data.tar.gz: d5b7a0db7b49f245e3c949135011fb674e28a9d3c251e165f827e8f3d90673b1
+  metadata.gz: 14d0c74e85fbf6ef624afefe7e948595586d6c00fa8bc32f211e60caee581fc3
+  data.tar.gz: 9d5fde6d69f664efac0d6c56e6a0ba60adcad0edcfe45c69f285ffcaba8d11f0
 SHA512:
-  metadata.gz: e76a216dedbc1aec17748c37a1b874c2c825fed6f7716ef356a48ddf2861584da299c384737e588a48b67165874f495192bb42a4c20c2f29f4620f8b559d1a83
-  data.tar.gz: 2f3e380b252ba238594ccacd2df8e362a62b9685aafeff34d6506e7301184cf5b38c4244db9498842f4aee9df109d7c43a9ad99cecc3b63616d333a7f5093333
+  metadata.gz: 30597743e91f124388fbdf426199d97a00f92db9e525fe5725643d529d319ca670d1e9aa6eccff86c0844802157ca3d5c7db9b9afd925d6f0ac4d8b881c44949
+  data.tar.gz: 9d199a3c2f6c7794214730de7c8db812e939c5ddd11ab06d1c6f28c3b8764b2881958b0684adb59e8516d0ac4b6a1dc66b19c5a593efaac9695cb6e317ce8105

data/.gitmodules ADDED Viewed

@@ -0,0 +1,3 @@
+[submodule "vendor/rbs/gem_rbs_collection"]
+	path = vendor/rbs/gem_rbs_collection
+	url = https://github.com/ruby/gem_rbs_collection.git

data/README.md CHANGED Viewed

@@ -64,3 +64,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
 ## Acknowledgement
 Mihari is proudly supported by [Tines.io](https://tines.io?utm_source=github&utm_medium=sponsorship&utm_campaign=ninoseki), The SOAR Platform for Enterprise Security Teams.
+$ bundle exec rbs -rpathname  --repo=gem_rbs/gems -ractivesupport -ractionpack -ractivejob -ractivemodel -ractionview -ractiverecord -rrailties -I sig validate

data/Steepfile ADDED Viewed

@@ -0,0 +1,32 @@
+target :lib do
+  signature "sig"
+  check "lib"
+  repo_path "vendor/rbs/gem_rbs_collection/gems"
+  library "date"
+  library "json"
+  library "logger"
+  library "monitor"
+  library "mutex_m"
+  library "pathname"
+  library "securerandom"
+  library "singleton"
+  library "time"
+  library "tsort"
+  library "uri"
+  library "resolv"
+  library "timeout"
+  library "socket"
+  library "rack"
+  library "actionpack"
+  library "actionview"
+  library "activejob"
+  library "activemodel"
+  library "activerecord"
+  library "activesupport"
+  library "parallel"
+  library "railties"
+end

data/lib/mihari/analyzers/base.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module Mihari
       # @return [String]
       def title
-        self.class.to_s.split("::").last
+        self.class.to_s.split("::").last.to_s
       end
       # @return [String]
@@ -37,7 +37,7 @@ module Mihari
       # @return [String]
       def source
-        self.class.to_s.split("::").last
+        self.class.to_s.split("::").last.to_s
       end
       # @return [Array<String>]
@@ -125,9 +125,9 @@ module Mihari
       #
       def set_enriched_artifacts
         retry_on_error { enriched_artifacts }
-      rescue ArgumentError => _e
+      rescue ArgumentError => e
         klass = self.class.to_s.split("::").last.to_s
-        raise Error, "Please configure #{klass} API settings properly"
+        raise Error, "Please configure #{klass} settings properly. (#{e})"
       end
       #
@@ -139,7 +139,7 @@ module Mihari
         @valid_emitters ||= Mihari.emitters.filter_map do |klass|
           emitter = klass.new
           emitter.valid? ? emitter : nil
-        end
+        end.compact
       end
       #

data/lib/mihari/analyzers/binaryedge.rb CHANGED Viewed

@@ -26,6 +26,14 @@ module Mihari
       PAGE_SIZE = 20
+      #
+      # Search with pagination
+      #
+      # @param [String] query
+      # @param [Integer] page
+      #
+      # @return [Hash]
+      #
       def search_with_page(query, page: 1)
         api.host.search(query, page: page)
       rescue ::BinaryEdge::Error => e
@@ -34,6 +42,11 @@ module Mihari
         raise e
       end
+      #
+      # Search
+      #
+      # @return [Array<Hash>]
+      #
       def search
         responses = []
         (1..Float::INFINITY).each do |page|

data/lib/mihari/analyzers/censys.rb CHANGED Viewed

@@ -16,6 +16,11 @@ module Mihari
       private
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         artifacts = []

data/lib/mihari/analyzers/circl.rb CHANGED Viewed

@@ -35,6 +35,11 @@ module Mihari
         @api ||= ::PassiveCIRCL::API.new(username: Mihari.config.circl_passive_username, password: Mihari.config.circl_passive_password)
       end
+      #
+      # Passive DNS/SSL search
+      #
+      # @return [Array<String>]
+      #
       def search
         case @type
         when "domain"
@@ -46,6 +51,11 @@ module Mihari
         end
       end
+      #
+      # Passive DNS search
+      #
+      # @return [Array<String>]
+      #
       def passive_dns_search
         results = api.dns.query(@query)
         results.filter_map do |result|
@@ -54,6 +64,11 @@ module Mihari
         end.uniq
       end
+      #
+      # Passive SSL search
+      #
+      # @return [Array<String>]
+      #
       def passive_ssl_search
         result = api.ssl.cquery(@query)
         seen = result["seen"] || []

data/lib/mihari/analyzers/crtsh.rb CHANGED Viewed

@@ -23,6 +23,11 @@ module Mihari
         @api ||= ::Crtsh::API.new
       end
+      #
+      # Search
+      #
+      # @return [Array<Hash>]
+      #
       def search
         exclude = exclude_expired ? "expired" : nil
         api.search(query, exclude: exclude)

data/lib/mihari/analyzers/dnpedia.rb CHANGED Viewed

@@ -20,6 +20,11 @@ module Mihari
         @api ||= ::DNPedia::API.new
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         res = api.search(query)
         rows = res["rows"] || []

data/lib/mihari/analyzers/dnstwister.rb CHANGED Viewed

@@ -29,6 +29,11 @@ module Mihari
       private
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         type == "domain"
       end
@@ -37,6 +42,13 @@ module Mihari
         @api ||= ::DNSTwister::API.new
       end
+      #
+      # Check whether a domain is resolvable or not
+      #
+      # @param [String] domain
+      #
+      # @return [Boolean]
+      #
       def resolvable?(domain)
         Resolv.getaddress domain
         true
@@ -44,6 +56,11 @@ module Mihari
         false
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?

data/lib/mihari/analyzers/onyphe.rb CHANGED Viewed

@@ -33,11 +33,24 @@ module Mihari
         @api ||= ::Onyphe::API.new(Mihari.config.onyphe_api_key)
       end
+      #
+      # Search with pagination
+      #
+      # @param [String] query
+      # @param [Integer] page
+      #
+      # @return [Structs::Onyphe::Response]
+      #
       def search_with_page(query, page: 1)
         res = api.simple.datascan(query, page: page)
         Structs::Onyphe::Response.from_dynamic!(res)
       end
+      #
+      # Search
+      #
+      # @return [Array<Structs::Onyphe::Response>]
+      #
       def search
         responses = []
         (1..Float::INFINITY).each do |page|
@@ -60,10 +73,13 @@ module Mihari
       def build_artifact(result)
         as = AutonomousSystem.new(asn: normalize_asn(result.asn))
-        geolocation = Geolocation.new(
-          country: NormalizeCountry(result.country_code, to: :short),
-          country_code: result.country_code
-        )
+        geolocation = nil
+        unless result.country_code.nil?
+          geolocation = Geolocation.new(
+            country: NormalizeCountry(result.country_code, to: :short),
+            country_code: result.country_code
+          )
+        end
         Artifact.new(
           data: result.ip,

data/lib/mihari/analyzers/otx.rb CHANGED Viewed

@@ -39,10 +39,20 @@ module Mihari
         @ip_client ||= ::OTX::IP.new(Mihari.config.otx_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain].include? type
       end
+      #
+      # IP/domain search
+      #
+      # @return [Array<String>]
+      #
       def search
         case type
         when "domain"
@@ -54,6 +64,11 @@ module Mihari
         end
       end
+      #
+      # Domain search
+      #
+      # @return [Array<String>]
+      #
       def domain_search
         records = domain_client.get_passive_dns(query)
         records.filter_map do |record|
@@ -61,6 +76,11 @@ module Mihari
         end.uniq
       end
+      #
+      # IP search
+      #
+      # @return [Array<String>]
+      #
       def ip_search
         records = ip_client.get_passive_dns(query)
         records.filter_map do |record|

data/lib/mihari/analyzers/passivetotal.rb CHANGED Viewed

@@ -35,10 +35,20 @@ module Mihari
         @api ||= ::PassiveTotal::API.new(username: Mihari.config.passivetotal_username, api_key: Mihari.config.passivetotal_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain mail hash].include? type
       end
+      #
+      # Passive DNS/SSL, reverse whois search
+      #
+      # @return [Array<String>]
+      #
       def search
         case type
         when "domain", "ip"
@@ -52,11 +62,21 @@ module Mihari
         end
       end
+      #
+      # Passive DNS search
+      #
+      # @return [Array<String>]
+      #
       def passive_dns_search
         res = api.dns.passive_unique(query)
         res["results"] || []
       end
+      #
+      # Reverse whois search
+      #
+      # @return [Array<String>]
+      #
       def reverse_whois_search
         res = api.whois.search(query: query, field: "email")
         results = res["results"] || []
@@ -65,6 +85,11 @@ module Mihari
         end.flatten.compact.uniq
       end
+      #
+      # Passive SSL search
+      #
+      # @return [Array<String>]
+      #
       def ssl_search
         res = api.ssl.history(query)
         results = res["results"] || []

data/lib/mihari/analyzers/pulsedive.rb CHANGED Viewed

@@ -35,10 +35,20 @@ module Mihari
         @api ||= ::Pulsedive::API.new(Mihari.config.pulsedive_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain].include? type
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?

data/lib/mihari/analyzers/rule.rb CHANGED Viewed

@@ -22,6 +22,8 @@ module Mihari
         super(**kwargs)
         @source = id || UUIDTools::UUID.md5_create(UUIDTools::UUID_URL_NAMESPACE, title + description).to_s
+        validate_analyzer_configurations
       end
       ANALYZER_TO_CLASS = {
@@ -119,6 +121,22 @@ module Mihari
         raise ArgumentError, "#{analyzer_name} is not supported"
       end
+      #
+      # Validate configuration of analyzers
+      #
+      def validate_analyzer_configurations
+        queries.each do |params|
+          analyzer_name = params[:analyzer]
+          klass = get_analyzer_class(analyzer_name)
+          instance = klass.new("dummy")
+          unless instance.configured?
+            klass_name = klass.to_s.split("::").last
+            raise ArgumentError, "#{klass_name} is not configured correctly"
+          end
+        end
+      end
     end
   end
 end

data/lib/mihari/analyzers/securitytrails.rb CHANGED Viewed

@@ -35,10 +35,20 @@ module Mihari
         @api ||= ::SecurityTrails::API.new(Mihari.config.securitytrails_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain mail].include? type
       end
+      #
+      # IP/domain/mail search
+      #
+      # @return [Array<String>]
+      #
       def search
         case type
         when "domain"
@@ -52,6 +62,11 @@ module Mihari
         end
       end
+      #
+      # Domain search
+      #
+      # @return [Array<String>]
+      #
       def domain_search
         result = api.history.get_all_dns_history(query, type: "a")
         records = result["records"] || []
@@ -60,12 +75,22 @@ module Mihari
         end.flatten.compact.uniq
       end
+      #
+      # IP search
+      #
+      # @return [Array<String>]
+      #
       def ip_search
         result = api.domains.search(filter: { ipv4: query })
         records = result["records"] || []
         records.filter_map { |record| record["hostname"] }.uniq
       end
+      #
+      # Mail search
+      #
+      # @return [Array<String>]
+      #
       def mail_search
         result = api.domains.search(filter: { whois_email: query })
         records = result["records"] || []