mihari 3.7.1 → 3.9.0

data/lib/mihari.rb

@@ -30,32 +30,32 @@ module Mihari
   extend Dry::Configurable
   extend Mixins::Configuration
 
-  setting :binaryedge_api_key, ENV["BINARYEDGE_API_KEY"]
-  setting :censys_id, ENV["CENSYS_ID"]
-  setting :censys_secret, ENV["CENSYS_SECRET"]
-  setting :circl_passive_password, ENV["CIRCL_PASSIVE_PASSWORD"]
-  setting :circl_passive_username, ENV["CIRCL_PASSIVE_USERNAME"]
-  setting :ipinfo_api_key, ENV["IPINFO_API_KEY"]
-  setting :misp_api_endpoint, ENV["MISP_API_ENDPOINT"]
-  setting :misp_api_key, ENV["MISP_API_KEY"]
-  setting :onyphe_api_key, ENV["ONYPHE_API_KEY"]
-  setting :otx_api_key, ENV["OTX_API_KEY"]
-  setting :passivetotal_api_key, ENV["PASSIVETOTAL_API_KEY"]
-  setting :passivetotal_username, ENV["PASSIVETOTAL_USERNAME"]
-  setting :pulsedive_api_key, ENV["PULSEDIVE_API_KEY"]
-  setting :securitytrails_api_key, ENV["SECURITYTRAILS_API_KEY"]
-  setting :shodan_api_key, ENV["SHODAN_API_KEY"]
-  setting :slack_channel, ENV["SLACK_CHANNEL"]
-  setting :slack_webhook_url, ENV["SLACK_WEBHOOK_URL"]
-  setting :spyse_api_key, ENV["SPYSE_API_KEY"]
-  setting :thehive_api_endpoint, ENV["THEHIVE_API_ENDPOINT"]
-  setting :thehive_api_key, ENV["THEHIVE_API_KEY"]
-  setting :urlscan_api_key, ENV["URLSCAN_API_KEY"]
-  setting :virustotal_api_key, ENV["VIRUSTOTAL_API_KEY"]
-  setting :zoomeye_api_key, ENV["ZOOMEYE_API_KEY"]
-  setting :webhook_url, ENV["WEBHOOK_URL"]
-  setting(:webhook_use_json_body, ENV["WEBHOOK_USE_JSON_BODY"]) { |value| truthy?(value) }
-  setting :database, ENV["DATABASE"] || "mihari.db"
+  setting :binaryedge_api_key, default: ENV["BINARYEDGE_API_KEY"]
+  setting :censys_id, default: ENV["CENSYS_ID"]
+  setting :censys_secret, default: ENV["CENSYS_SECRET"]
+  setting :circl_passive_password, default: ENV["CIRCL_PASSIVE_PASSWORD"]
+  setting :circl_passive_username, default: ENV["CIRCL_PASSIVE_USERNAME"]
+  setting :ipinfo_api_key, default: ENV["IPINFO_API_KEY"]
+  setting :misp_api_endpoint, default: ENV["MISP_API_ENDPOINT"]
+  setting :misp_api_key, default: ENV["MISP_API_KEY"]
+  setting :onyphe_api_key, default: ENV["ONYPHE_API_KEY"]
+  setting :otx_api_key, default: ENV["OTX_API_KEY"]
+  setting :passivetotal_api_key, default: ENV["PASSIVETOTAL_API_KEY"]
+  setting :passivetotal_username, default: ENV["PASSIVETOTAL_USERNAME"]
+  setting :pulsedive_api_key, default: ENV["PULSEDIVE_API_KEY"]
+  setting :securitytrails_api_key, default: ENV["SECURITYTRAILS_API_KEY"]
+  setting :shodan_api_key, default: ENV["SHODAN_API_KEY"]
+  setting :slack_channel, default: ENV["SLACK_CHANNEL"]
+  setting :slack_webhook_url, default: ENV["SLACK_WEBHOOK_URL"]
+  setting :spyse_api_key, default: ENV["SPYSE_API_KEY"]
+  setting :thehive_api_endpoint, default: ENV["THEHIVE_API_ENDPOINT"]
+  setting :thehive_api_key, default: ENV["THEHIVE_API_KEY"]
+  setting :urlscan_api_key, default: ENV["URLSCAN_API_KEY"]
+  setting :virustotal_api_key, default: ENV["VIRUSTOTAL_API_KEY"]
+  setting :zoomeye_api_key, default: ENV["ZOOMEYE_API_KEY"]
+  setting :webhook_url, default: ENV["WEBHOOK_URL"]
+  setting :webhook_use_json_body, constructor: ->(value = ENV["WEBHOOK_USE_JSON_BODY"]) { truthy?(value) }
+  setting :database, default: ENV["DATABASE"] || "mihari.db"
 
   class << self
     include Mem
@@ -108,10 +108,12 @@ require "mihari/constants"
 require "mihari/types"
 
 # Structs
+require "mihari/structs/alert"
 require "mihari/structs/censys"
 require "mihari/structs/ipinfo"
 require "mihari/structs/onyphe"
 require "mihari/structs/shodan"
+require "mihari/structs/virustotal_intelligence"
 
 # Schemas
 require "mihari/schemas/analyzer"
@@ -163,9 +165,9 @@ require "mihari/analyzers/securitytrails"
 require "mihari/analyzers/shodan"
 require "mihari/analyzers/spyse"
 require "mihari/analyzers/urlscan"
+require "mihari/analyzers/virustotal_intelligence"
 require "mihari/analyzers/virustotal"
 require "mihari/analyzers/zoomeye"
-
 require "mihari/analyzers/rule"
 
 # Notifiers

data/mihari.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_development_dependency "bundler", "~> 2.2"
-  spec.add_development_dependency "coveralls_reborn", "~> 0.22"
+  spec.add_development_dependency "coveralls_reborn", "~> 0.23"
   spec.add_development_dependency "fakefs", "~> 1.3"
   spec.add_development_dependency "mysql2", "~> 0.5"
   spec.add_development_dependency "overcommit", "~> 0.58"
@@ -55,11 +55,11 @@ Gem::Specification.new do |spec|
   spec.add_dependency "dnpedia", "~> 0.1"
   spec.add_dependency "dnstwister", "~> 0.1"
   spec.add_dependency "dotenv", "~> 2.7"
-  spec.add_dependency "dry-configurable", "~> 0.12"
+  spec.add_dependency "dry-configurable", "~> 0.13"
   spec.add_dependency "dry-files", "~> 0.1"
   spec.add_dependency "dry-initializer", "~> 3.0"
   spec.add_dependency "dry-struct", "~> 1.4"
-  spec.add_dependency "dry-validation", "~> 1.6"
+  spec.add_dependency "dry-validation", "~> 1.7"
   spec.add_dependency "email_address", "~> 0.2"
   spec.add_dependency "hachi", "~> 1.0"
   spec.add_dependency "http", "~> 5.0"
@@ -76,7 +76,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "passivetotalx", "~> 0.1"
   spec.add_dependency "public_suffix", "~> 4.0"
   spec.add_dependency "pulsedive", "~> 0.1"
-  spec.add_dependency "puma", "~> 5.4"
+  spec.add_dependency "puma", "~> 5.5"
   spec.add_dependency "rack", "~> 2.2"
   spec.add_dependency "rack-contrib", "~> 2.3"
   spec.add_dependency "safe_shell", "~> 1.1"
@@ -92,7 +92,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "thread_safe", "~> 0.3"
   spec.add_dependency "urlscan", "~> 0.7"
   spec.add_dependency "uuidtools", "~> 2.2"
-  spec.add_dependency "virustotalx", "~> 1.1"
+  spec.add_dependency "virustotalx", "~> 1.2"
   spec.add_dependency "whois", "~> 5.0"
   spec.add_dependency "whois-parser", "~> 1.2"
   spec.add_dependency "zoomeye-rb", "~> 0.2"

data/sig/lib/mihari/analyzers/rule.rbs

@@ -1,5 +1,7 @@
 module Mihari
   module Analyzers
+    ANALYZER_TO_CLASS: Hash[String, singleton(Mihari::Analyzers::Base)]
+
     class Rule < Base
       include Mihari::Mixins::DisallowedDataValue
 
@@ -14,14 +16,12 @@ module Mihari
 
       def initialize: (**untyped kwargs) -> void
 
-      ANALYZER_TO_CLASS: Hash[String, singleton(Mihari::Analyzers::Base)]
-
       #
       # Returns a list of artifacts matched with queries
       #
       # @return [Array<Mihari::Artifact>]
       #
-      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+      def artifacts: () -> (Array[Mihari::Artifact])
 
       #
       # Normalize artifacts

data/sig/lib/mihari/analyzers/virustotal_intelligence.rbs

@@ -0,0 +1,32 @@
+module Mihari
+  module Analyzers
+    class VirusTotalIntelligence < Base
+      attr_reader query: String
+      attr_reader title: String
+      attr_reader description: String
+      attr_reader tags: Array[String]
+
+      def initialize: (*untyped args, **untyped kwargs) -> void
+
+      def artifacts: () -> (Array[String] | Array[Mihari::Artifact])
+
+      private
+
+      def configuration_keys: () -> ::Array["virustotal_api_key"]
+
+      #
+      # VT API
+      #
+      # @return [::VirusTotal::API]
+      #
+      def api: () -> untyped
+
+      #
+      # Search with cursor
+      #
+      # @return [Array<Mihari::Structs::VirusTotalIntelligence::Response>]
+      #
+      def search_witgh_cursor: () -> Array[Mihari::Structs::VirusTotalIntelligence::Response]
+    end
+  end
+end

data/sig/lib/mihari/models/alert.rbs

@@ -7,40 +7,12 @@ module Mihari
     attr_accessor artifacts(): Array[Mihari::Artifact]
     attr_accessor Tags(): Array[Mihari::Tag]
 
-    #
-    # Search alerts
-    #
-    # @param [String, nil] artifact_data
-    # @param [String, nil] description
-    # @param [String, nil] source
-    # @param [String, nil] tag_name
-    # @param [String, nil] title
-    # @param [DateTime, nil] from_at
-    # @param [DateTime, nil] to_at
-    # @param [Integer, nil] limit
-    # @param [Integer, nil] page
-    #
-    # @return [Array<Hash>]
-    #
-    def self.search: (?artifact_data: String? artifact_data, ?description: String? description, ?source: String? source, ?tag_name: String? tag_name, ?title: String? title, ?from_at: DateTime? from_at, ?to_at: DateTime? to_at, ?limit: ::Integer limit, ?page: ::Integer page) -> Array[Hash[(String | Symbol), untyped]]
+    def self.search: (Mihari::Structs::Alert::SearchFilterWithPagination filter) -> Array[Hash[(String | Symbol), untyped]]
 
-    #
-    # Count alerts
-    #
-    # @param [String, nil] artifact_data
-    # @param [String, nil] description
-    # @param [String, nil] source
-    # @param [String, nil] tag_name
-    # @param [String, nil] title
-    # @param [DateTime, nil] from_at
-    # @param [DateTime, nil] to_at
-    #
-    # @return [Integer]
-    #
-    def self.count: (?artifact_data: String? artifact_data, ?description: String? description, ?source: String? source, ?tag_name: String? tag_name, ?title: String? title, ?from_at: DateTime? from_at, ?to_at: DateTime? to_at) -> Integer
+    def self.count: (Mihari::Structs::Alert::SearchFilter filter) -> Integer
 
     private
 
-    def self.build_relation: (?artifact_data: String? artifact_data, ?title: String? title, ?description: String? description, ?source: String? source, ?tag_name: String? tag_name, ?from_at: DateTime? from_at, ?to_at: DateTime? to_at) -> Mihari::Alert
+    def self.build_relation: (Mihari::Structs::Alert::SearchFilter filter) -> Mihari::Alert
   end
 end

data/sig/lib/mihari/structs/alert.rbs

@@ -0,0 +1,27 @@
+module Mihari
+  module Structs
+    module Alert
+      class SearchFilter
+        attr_reader artifact_data: String?
+        attr_reader description: String?
+        attr_reader source: String?
+        attr_reader tag_name: String?
+        attr_reader title: String?
+        attr_reader from_at: DateTime?
+        attr_reader to_at: DateTime?
+        attr_reader asn: Integer?
+        attr_reader dns_record: String?
+        attr_reader reverse_dns_name: String?
+
+        def has_valid_artifact_filters: () -> bool
+      end
+
+      class SearchFilterWithPagination
+        attr_reader page: Integer
+        attr_reader limit: Integer
+
+        def without_pagination: () -> Mihari::Structs::Alert::SearchFilter
+      end
+    end
+  end
+end

data/sig/lib/mihari/structs/virustotal_intelligence.rbs

@@ -0,0 +1,33 @@
+module Mihari
+  module Structs
+    module VirusTotalIntelligence
+      class ContextAttributes
+        attr_reader url: Array[String]?
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::ContextAttributes
+      end
+
+      class Datum
+        attr_reader type: String
+        attr_reader context_attributes: Mihari::Structs::VirusTotalIntelligence::ContextAttributes?
+
+        def value: () -> String?
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::Datum
+      end
+
+      class Meta
+        attr_reader cursor: String?
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::Meta
+      end
+
+      class Response
+        attr_reader meta: Mihari::Structs::VirusTotalIntelligence::Meta
+        attr_reader data: Array[Mihari::Structs::VirusTotalIntelligence::Datum]
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::VirusTotalIntelligence::Response
+      end
+    end
+  end
+end

data/sig/lib/mihari/web/app.rbs

@@ -1,5 +1,5 @@
 module Mihari
   class App # < Sinatra::Base
-    def self.run!: (?port: ::Integer port, ?host: ::String host) -> void
+    def self.run!: (?port: ::Integer port, ?host: ::String host, ?threads: ::String threads, ?verbose: bool verbose) -> void
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 3.7.1
+  version: 3.9.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-09-04 00:00:00.000000000 Z
+date: 2021-09-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.22'
+        version: '0.23'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.22'
+        version: '0.23'
 - !ruby/object:Gem::Dependency
   name: fakefs
   requirement: !ruby/object:Gem::Requirement
@@ -422,14 +422,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: '0.13'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.12'
+        version: '0.13'
 - !ruby/object:Gem::Dependency
   name: dry-files
   requirement: !ruby/object:Gem::Requirement
@@ -478,14 +478,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.7'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '1.7'
 - !ruby/object:Gem::Dependency
   name: email_address
   requirement: !ruby/object:Gem::Requirement
@@ -716,14 +716,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.4'
+        version: '5.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.4'
+        version: '5.5'
 - !ruby/object:Gem::Dependency
   name: rack
   requirement: !ruby/object:Gem::Requirement
@@ -940,14 +940,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: whois
   requirement: !ruby/object:Gem::Requirement
@@ -1046,6 +1046,7 @@ files:
 - lib/mihari/analyzers/spyse.rb
 - lib/mihari/analyzers/urlscan.rb
 - lib/mihari/analyzers/virustotal.rb
+- lib/mihari/analyzers/virustotal_intelligence.rb
 - lib/mihari/analyzers/zoomeye.rb
 - lib/mihari/cli/analyzer.rb
 - lib/mihari/cli/base.rb
@@ -1072,6 +1073,7 @@ files:
 - lib/mihari/commands/urlscan.rb
 - lib/mihari/commands/validator.rb
 - lib/mihari/commands/virustotal.rb
+- lib/mihari/commands/virustotal_intelligence.rb
 - lib/mihari/commands/web.rb
 - lib/mihari/commands/zoomeye.rb
 - lib/mihari/constants.rb
@@ -1119,10 +1121,12 @@ files:
 - lib/mihari/serializers/tag.rb
 - lib/mihari/serializers/whois.rb
 - lib/mihari/status.rb
+- lib/mihari/structs/alert.rb
 - lib/mihari/structs/censys.rb
 - lib/mihari/structs/ipinfo.rb
 - lib/mihari/structs/onyphe.rb
 - lib/mihari/structs/shodan.rb
+- lib/mihari/structs/virustotal_intelligence.rb
 - lib/mihari/templates/rule.yml.erb
 - lib/mihari/type_checker.rb
 - lib/mihari/types.rb
@@ -1175,8 +1179,12 @@ files:
 - lib/mihari/web/public/static/js/app.06d5cf1c.js.map
 - lib/mihari/web/public/static/js/app.365f1907.js
 - lib/mihari/web/public/static/js/app.365f1907.js.map
+- lib/mihari/web/public/static/js/app.378da3dc.js
+- lib/mihari/web/public/static/js/app.378da3dc.js.map
 - lib/mihari/web/public/static/js/app.8e3e5150.js
 - lib/mihari/web/public/static/js/app.8e3e5150.js.map
+- lib/mihari/web/public/static/js/app.a862ebca.js
+- lib/mihari/web/public/static/js/app.a862ebca.js.map
 - lib/mihari/web/public/static/js/app.ab213f7c.js
 - lib/mihari/web/public/static/js/app.ab213f7c.js.map
 - lib/mihari/web/public/static/js/app.b5914c39.js
@@ -1204,6 +1212,7 @@ files:
 - sig/lib/mihari/analyzers/spyse.rbs
 - sig/lib/mihari/analyzers/urlscan.rbs
 - sig/lib/mihari/analyzers/virustotal.rbs
+- sig/lib/mihari/analyzers/virustotal_intelligence.rbs
 - sig/lib/mihari/analyzers/zoomeye.rbs
 - sig/lib/mihari/cli/analyzer.rbs
 - sig/lib/mihari/cli/base.rbs
@@ -1265,10 +1274,12 @@ files:
 - sig/lib/mihari/notifiers/exception_notifier.rbs
 - sig/lib/mihari/notifiers/slack.rbs
 - sig/lib/mihari/status.rbs
+- sig/lib/mihari/structs/alert.rbs
 - sig/lib/mihari/structs/censys.rbs
 - sig/lib/mihari/structs/ipinfo.rbs
 - sig/lib/mihari/structs/onyphe.rbs
 - sig/lib/mihari/structs/shodan.rbs
+- sig/lib/mihari/structs/virustotal_intelligence.rbs
 - sig/lib/mihari/type_checker.rbs
 - sig/lib/mihari/types.rbs
 - sig/lib/mihari/version.rbs