RubyGems - mihari - Versions diffs - 3.8.1 → 3.10.0 - Mend

mihari 3.8.1 → 3.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

checksums.yaml +4 -4
data/.github/workflows/test.yml +6 -7
data/config.ru +1 -1
data/lib/mihari/analyzers/greynoise.rb +65 -0
data/lib/mihari/analyzers/rule.rb +1 -0
data/lib/mihari/analyzers/shodan.rb +3 -1
data/lib/mihari/cli/analyzer.rb +2 -0
data/lib/mihari/commands/greynoise.rb +21 -0
data/lib/mihari/commands/search.rb +3 -2
data/lib/mihari/commands/web.rb +9 -5
data/lib/mihari/database.rb +1 -1
data/lib/mihari/errors.rb +2 -0
data/lib/mihari/mixins/configuration.rb +12 -2
data/lib/mihari/models/alert.rb +29 -54
data/lib/mihari/models/artifact.rb +3 -0
data/lib/mihari/schemas/configuration.rb +3 -2
data/lib/mihari/structs/alert.rb +45 -0
data/lib/mihari/structs/greynoise.rb +55 -0
data/lib/mihari/structs/ipinfo.rb +3 -4
data/lib/mihari/structs/shodan.rb +2 -2
data/lib/mihari/types.rb +2 -0
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/api.rb +43 -0
data/lib/mihari/web/app.rb +48 -30
data/lib/mihari/web/endpoints/alerts.rb +74 -0
data/lib/mihari/web/endpoints/artifacts.rb +92 -0
data/lib/mihari/web/endpoints/command.rb +32 -0
data/lib/mihari/web/endpoints/configs.rb +22 -0
data/lib/mihari/web/endpoints/ip_addresses.rb +27 -0
data/lib/mihari/web/endpoints/sources.rb +18 -0
data/lib/mihari/web/endpoints/tags.rb +38 -0
data/lib/mihari/web/entities/alert.rb +23 -0
data/lib/mihari/web/entities/artifact.rb +24 -0
data/lib/mihari/web/entities/autonomous_system.rb +9 -0
data/lib/mihari/web/entities/command.rb +14 -0
data/lib/mihari/web/entities/config.rb +16 -0
data/lib/mihari/web/entities/dns.rb +10 -0
data/lib/mihari/web/entities/geolocation.rb +10 -0
data/lib/mihari/web/entities/ip_address.rb +13 -0
data/lib/mihari/web/entities/message.rb +9 -0
data/lib/mihari/web/entities/reverse_dns.rb +9 -0
data/lib/mihari/web/entities/source.rb +9 -0
data/lib/mihari/web/entities/tag.rb +13 -0
data/lib/mihari/web/entities/whois.rb +16 -0
data/lib/mihari/web/public/grape.rb +73 -0
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +53 -27
data/lib/mihari/web/public/static/js/app.0a0cc502.js +21 -0
data/lib/mihari/web/public/static/js/app.0a0cc502.js.map +1 -0
data/lib/mihari/web/public/static/js/app.14008741.js +21 -0
data/lib/mihari/web/public/static/js/app.14008741.js.map +1 -0
data/lib/mihari/web/public/static/js/app.378da3dc.js +50 -0
data/lib/mihari/web/public/static/js/app.378da3dc.js.map +1 -0
data/lib/mihari/web/public/static/js/app.6b636b62.js +50 -0
data/lib/mihari/web/public/static/js/app.6b636b62.js.map +1 -0
data/lib/mihari.rb +8 -14
data/mihari.gemspec +10 -6
data/sig/lib/mihari/analyzers/rule.rbs +1 -1
data/sig/lib/mihari/models/alert.rbs +3 -31
data/sig/lib/mihari/structs/alert.rbs +27 -0
data/sig/lib/mihari/structs/greynoise.rbs +30 -0
data/sig/lib/mihari/structs/shodan.rbs +1 -1
data/sig/lib/mihari/web/app.rbs +2 -2
metadata +150 -76
data/lib/mihari/serializers/alert.rb +0 -14
data/lib/mihari/serializers/artifact.rb +0 -18
data/lib/mihari/serializers/autonomous_system.rb +0 -9
data/lib/mihari/serializers/dns.rb +0 -11
data/lib/mihari/serializers/geolocation.rb +0 -11
data/lib/mihari/serializers/reverse_dns.rb +0 -11
data/lib/mihari/serializers/tag.rb +0 -11
data/lib/mihari/serializers/whois.rb +0 -11
data/lib/mihari/web/controllers/alerts_controller.rb +0 -74
data/lib/mihari/web/controllers/analyzers_controller.rb +0 -38
data/lib/mihari/web/controllers/artifacts_controller.rb +0 -94
data/lib/mihari/web/controllers/base_controller.rb +0 -22
data/lib/mihari/web/controllers/command_controller.rb +0 -26
data/lib/mihari/web/controllers/config_controller.rb +0 -13
data/lib/mihari/web/controllers/ip_address_controller.rb +0 -21
data/lib/mihari/web/controllers/sources_controller.rb +0 -12
data/lib/mihari/web/controllers/tags_controller.rb +0 -30
data/lib/mihari/web/helpers/json.rb +0 -53

data/lib/mihari/serializers/dns.rb DELETED Viewed

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-require "active_model_serializers"
-module Mihari
-  module Serializers
-    class DnsRecordSerializer < ActiveModel::Serializer
-      attributes :resource, :value
-    end
-  end
-end

data/lib/mihari/serializers/geolocation.rb DELETED Viewed

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-require "active_model_serializers"
-module Mihari
-  module Serializers
-    class GeolocationSerializer < ActiveModel::Serializer
-      attributes :country, :country_code
-    end
-  end
-end

data/lib/mihari/serializers/reverse_dns.rb DELETED Viewed

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-require "active_model_serializers"
-module Mihari
-  module Serializers
-    class ReverseDnsNameSerializer < ActiveModel::Serializer
-      attributes :name
-    end
-  end
-end

data/lib/mihari/serializers/tag.rb DELETED Viewed

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-require "active_model_serializers"
-module Mihari
-  module Serializers
-    class TagSerializer < ActiveModel::Serializer
-      attributes :id, :name
-    end
-  end
-end

data/lib/mihari/serializers/whois.rb DELETED Viewed

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-require "active_model_serializers"
-module Mihari
-  module Serializers
-    class WhoisRecordSerializer < ActiveModel::Serializer
-      attributes :domain, :created_on, :updated_on, :expires_on, :registrar, :contacts
-    end
-  end
-end

data/lib/mihari/web/controllers/alerts_controller.rb DELETED Viewed

@@ -1,74 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class AlertsController < BaseController
-      get "/api/alerts" do
-        param :page, Integer
-        param :artifact, String
-        param :description, String
-        param :source, String
-        param :tag, String
-        param :from_at, DateTime
-        param :fromAt, DateTime
-        param :to_at, DateTime
-        param :toAt, DateTime
-        page = params["page"] || 1
-        page = page.to_i
-        limit = 10
-        artifact_data = params["artifact"]
-        description = params["description"]
-        source = params["source"]
-        tag_name = params["tag"]
-        title = params["title"]
-        from_at = params["from_at"] || params["fromAt"]
-        to_at = params["to_at"] || params["toAt"]
-        alerts = Mihari::Alert.search(
-          artifact_data: artifact_data,
-          description: description,
-          from_at: from_at,
-          limit: limit,
-          page: page,
-          source: source,
-          tag_name: tag_name,
-          title: title,
-          to_at: to_at
-        )
-        total = Mihari::Alert.count(
-          artifact_data: artifact_data,
-          description: description,
-          from_at: from_at,
-          source: source,
-          tag_name: tag_name,
-          title: title,
-          to_at: to_at
-        )
-        json({ alerts: alerts, total: total, current_page: page, page_size: limit })
-      end
-      delete "/api/alerts/:id" do
-        param :id, Integer, required: true
-        id = params["id"].to_i
-        begin
-          alert = Mihari::Alert.find(id)
-          alert.destroy
-          status 204
-          body ""
-        rescue ActiveRecord::RecordNotFound
-          status 404
-          json({ message: "ID:#{id} is not found" })
-        end
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/analyzers_controller.rb DELETED Viewed

@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class AnalyzersController < BaseController
-      post "/api/analyzer" do
-        contract = Mihari::Schemas::AnalyzerRunContract.new
-        result = contract.call(params)
-        unless result.errors.empty?
-          status 400
-          return json(result.errors.to_h)
-        end
-        args = result.to_h
-        ignore_old_artifacts = args[:ignoreOldArtifacts]
-        ignore_threshold = args[:ignoreThreshold]
-        analyzer = Mihari::Analyzers::Basic.new(
-          title: args[:title],
-          description: args[:description],
-          source: args[:source],
-          artifacts: args[:artifacts],
-          tags: args[:tags]
-        )
-        analyzer.ignore_old_artifacts = ignore_old_artifacts
-        analyzer.ignore_threshold = ignore_threshold
-        analyzer.run
-        status 201
-        body ""
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/artifacts_controller.rb DELETED Viewed

@@ -1,94 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class ArtifactsController < BaseController
-      get "/api/artifacts/:id" do
-        param :id, Integer, required: true
-        id = params["id"].to_i
-        begin
-          artifact = Mihari::Artifact.includes(
-            :autonomous_system,
-            :geolocation,
-            :whois_record,
-            :dns_records,
-            :reverse_dns_names
-          ).find(id)
-        rescue ActiveRecord::RecordNotFound
-          status 404
-          return json({ message: "ID:#{id} is not found" })
-        end
-        # TODO: improve queries
-        alert_ids = Mihari::Artifact.where(data: artifact.data).pluck(:alert_id)
-        tag_ids = Mihari::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
-        tag_names = Mihari::Tag.where(id: tag_ids).distinct.pluck(:name)
-        artifact_json = Serializers::ArtifactSerializer.new(artifact).as_json
-        # convert reverse DNS names into an array of string
-        # also change it as nil if it is empty
-        reverse_dns_names = (artifact_json[:reverse_dns_names] || []).filter_map { |v| v[:name] }
-        reverse_dns_names = nil if reverse_dns_names.empty?
-        artifact_json[:reverse_dns_names] = reverse_dns_names
-        # change DNS records as nil if it is empty
-        dns_records = artifact_json[:dns_records] || []
-        dns_records = nil if dns_records.empty?
-        artifact_json[:dns_records] = dns_records
-        # set tags
-        artifact_json[:tags] = tag_names
-        json artifact_json
-      end
-      get "/api/artifacts/:id/enrich" do
-        param :id, Integer, required: true
-        id = params["id"].to_i
-        begin
-          artifact = Mihari::Artifact.includes(
-            :autonomous_system,
-            :geolocation,
-            :whois_record,
-            :dns_records,
-            :reverse_dns_names
-          ).find(id)
-        rescue ActiveRecord::RecordNotFound
-          status 404
-          return json({ message: "ID:#{id} is not found" })
-        end
-        artifact.enrich_all
-        artifact.save
-        status 201
-        body ""
-      end
-      delete "/api/artifacts/:id" do
-        param :id, Integer, required: true
-        id = params["id"].to_i
-        begin
-          alert = Mihari::Artifact.find(id)
-          alert.destroy
-          status 204
-          body ""
-        rescue ActiveRecord::RecordNotFound
-          status 404
-          json({ message: "ID:#{id} is not found" })
-        end
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/base_controller.rb DELETED Viewed

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-require "rack/contrib/json_body_parser"
-require "sinatra"
-require "sinatra/param"
-module Mihari
-  module Controllers
-    class BaseController < Sinatra::Base
-      helpers Sinatra::Param
-      use Rack::JSONBodyParser
-      set :show_exceptions, false
-      set :raise_sinatra_param_exceptions, true
-      error Sinatra::Param::InvalidParameterError do
-        json({ error: "#{env["sinatra.error"].param} is invalid" })
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/command_controller.rb DELETED Viewed

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-require "safe_shell"
-module Mihari
-  module Controllers
-    class CommandController < BaseController
-      post "/api/command" do
-        param :command, String, required: true
-        command = params["command"]
-        if command.nil?
-          status 400
-          return json({ message: "command is required" })
-        end
-        command = command.split
-        output = SafeShell.execute("mihari", *command)
-        success = $?.success?
-        json({ output: output, success: success })
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/config_controller.rb DELETED Viewed

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class ConfigController < BaseController
-      get "/api/config" do
-        report = Status.check
-        json report.to_camelback_keys
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/ip_address_controller.rb DELETED Viewed

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class IPAddressController < BaseController
-      get "/api/ip_addresses/:ip" do
-        param :ip, String, required: true
-        ip = params["ip"].to_s
-        data = Enrichers::IPInfo.query(ip)
-        if data.nil?
-          status 404
-          json({ message: "IP:#{ip} is not found" })
-        else
-          json data.to_hash
-        end
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/sources_controller.rb DELETED Viewed

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class SourcesController < BaseController
-      get "/api/sources" do
-        sources = Mihari::Alert.distinct.pluck(:source)
-        json sources
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/tags_controller.rb DELETED Viewed

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class TagsController < BaseController
-      get "/api/tags" do
-        tags = Mihari::Tag.distinct.pluck(:name)
-        json tags
-      end
-      delete "/api/tags/:name" do
-        param :name, String, required: true
-        name = params["name"].to_s
-        begin
-          Mihari::Tag.where(name: name).destroy_all
-          status 204
-          body ""
-        rescue ActiveRecord::RecordNotFound
-          status 404
-          message = { message: "Name:#{name} is not found" }
-          json message
-        end
-      end
-    end
-  end
-end

data/lib/mihari/web/helpers/json.rb DELETED Viewed

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-require "awrence"
-require "multi_json"
-require "sinatra/base"
-module Sinatra
-  module JSON
-    class << self
-      def encode(object)
-        ::MultiJson.dump(object)
-      end
-    end
-    def json(object, options = {})
-      object = object.to_camelback_keys
-      content_type resolve_content_type(options)
-      resolve_encoder_action object, resolve_encoder(options)
-    end
-    private
-    def resolve_content_type(options = {})
-      options[:content_type] || settings.json_content_type
-    end
-    def resolve_encoder(options = {})
-      options[:json_encoder] || settings.json_encoder
-    end
-    def resolve_encoder_action(object, encoder)
-      [:encode, :generate].each do |method|
-        return encoder.send(method, object) if encoder.respond_to? method
-      end
-      if encoder.is_a? Symbol
-        object.__send__(encoder)
-      else
-        fail "#{encoder} does not respond to #generate nor #encode"
-      end
-    end
-  end
-  Base.set :json_encoder do
-    ::MultiJson
-  end
-  Base.set :json_content_type, :json
-  # Load the JSON helpers in modular style automatically
-  Base.helpers JSON
-end