mihari 3.8.1 → 3.10.0

data/lib/mihari/web/app.rb

@@ -2,46 +2,47 @@
 
 require "launchy"
 require "rack"
+require "rack/contrib"
 require "rack/handler/puma"
-require "sinatra"
+require "rack/cors"
 
-require "mihari/web/helpers/json"
+require "grape"
+require "grape-entity"
+require "grape-swagger"
+require "grape-swagger-entity"
 
-require "mihari/web/controllers/base_controller"
-
-require "mihari/web/controllers/alerts_controller"
-require "mihari/web/controllers/analyzers_controller"
-require "mihari/web/controllers/artifacts_controller"
-require "mihari/web/controllers/command_controller"
-require "mihari/web/controllers/config_controller"
-require "mihari/web/controllers/ip_address_controller"
-require "mihari/web/controllers/sources_controller"
-require "mihari/web/controllers/tags_controller"
+require "mihari/web/api"
 
 module Mihari
-  class App < Sinatra::Base
-    set :root, File.dirname(__FILE__)
-    set :public_folder, File.join(root, "public")
-
-    get "/" do
-      send_file File.join(settings.public_folder, "index.html")
+  class App
+    def initialize
+      @filenames = ["", ".html", "index.html", "/index.html"]
+      @rack_static = ::Rack::Static.new(
+        -> { [404, {}, []] },
+        root: File.expand_path("./public", __dir__),
+        urls: ["/"]
+      )
     end
 
-    use Mihari::Controllers::AlertsController
-    use Mihari::Controllers::AnalyzersController
-    use Mihari::Controllers::ArtifactsController
-    use Mihari::Controllers::CommandController
-    use Mihari::Controllers::ConfigController
-    use Mihari::Controllers::IPAddressController
-    use Mihari::Controllers::SourcesController
-    use Mihari::Controllers::TagsController
-
     class << self
-      def run!(port: 9292, host: "localhost")
+      def instance
+        @instance ||= Rack::Builder.new do
+          use Rack::Cors do
+            allow do
+              origins "*"
+              resource "*", headers: :any, methods: [:get, :post, :put, :delete, :options]
+            end
+          end
+
+          run App.new
+        end.to_app
+      end
+
+      def run!(port: 9292, host: "localhost", threads: "0:16", verbose: false)
         url = "http://#{host}:#{port}"
 
-        Rack::Handler::Puma.run self, Port: port, Host: host do |server|
-          Launchy.open url
+        Rack::Handler::Puma.run(instance, Port: port, Host: host, Threads: threads, Verbose: verbose) do |server|
+          Launchy.open(url) if ENV["RACK_ENV"] != "development"
 
           [:INT, :TERM].each do |sig|
             trap(sig) do
@@ -51,5 +52,22 @@ module Mihari
         end
       end
     end
+
+    def call(env)
+      # api
+      api_response = API.call(env)
+
+      # Check if the App wants us to pass the response along to others
+      if api_response[1]["X-Cascade"] == "pass"
+        # static files
+        request_path = env["PATH_INFO"]
+        @filenames.each do |path|
+          response = @rack_static.call(env.merge("PATH_INFO" => request_path + path))
+          return response if response[0] != 404
+        end
+      end
+
+      api_response
+    end
   end
 end

data/lib/mihari/web/endpoints/alerts.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Endpoints
+    class Alerts < Grape::API
+      namespace :alerts do
+        desc "Search alerts", {
+          is_array: true,
+          success: Entities::Alert,
+          failure: [{ code: 404, message: "Not found", model: Entities::Message }]
+        }
+        params do
+          optional :page, type: Integer
+          optional :artifact, type: String
+          optional :description, type: String
+          optional :source, type: String
+          optional :tag, type: String
+
+          optional :fromAt, type: DateTime
+          optional :toAt, type: DateTime
+
+          optional :asn, type: Integer
+          optional :dnsRecord, type: String
+          optional :reverseDnsName, type: String
+        end
+        get "/" do
+          filter = params.to_h.to_snake_keys
+
+          # set page & limit
+          page = filter["page"] || 1
+          filter["page"] = page.to_i
+
+          limit = 10
+          filter["limit"] = 10
+
+          # normalize keys
+          filter["artifact_data"] = filter["artifact"]
+          filter["tag_name"] = filter["tag"]
+
+          # symbolize hash keys
+          filter = filter.to_h.transform_keys(&:to_sym)
+
+          search_filter_with_pagenation = Structs::Alert::SearchFilterWithPagination.new(**filter)
+          alerts = Mihari::Alert.search(search_filter_with_pagenation)
+          total = Mihari::Alert.count(search_filter_with_pagenation.without_pagination)
+
+          present({ alerts: alerts, total: total, current_page: page, page_size: limit }, with: Entities::AlertsWithPagination)
+        end
+
+        desc "Delete an alert", {
+          success: Entities::Message,
+          failure: [{ code: 404, message: "Not found", model: Entities::Message }]
+        }
+        params do
+          requires :id, type: Integer
+        end
+        delete "/:id" do
+          id = params["id"].to_i
+
+          begin
+            alert = Mihari::Alert.find(id)
+          rescue ActiveRecord::RecordNotFound
+            error!({ message: "ID:#{id} is not found" }, 404)
+          end
+
+          alert.destroy
+
+          status 204
+          present({ message: "" }, with: Entities::Message)
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/endpoints/artifacts.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Endpoints
+    class Artifacts < Grape::API
+      namespace :artifacts do
+        desc "Get an artifact", {
+          success: Entities::Artifact,
+          failure: [{ code: 404, message: "Not found", model: Entities::Message }]
+        }
+        params do
+          requires :id, type: Integer
+        end
+        get "/:id" do
+          id = params[:id].to_i
+
+          begin
+            artifact = Mihari::Artifact.includes(
+              :autonomous_system,
+              :geolocation,
+              :whois_record,
+              :dns_records,
+              :reverse_dns_names
+            ).find(id)
+          rescue ActiveRecord::RecordNotFound
+            error!({ message: "ID:#{id} is not found" }, 404)
+          end
+
+          # TODO: improve queries
+          alert_ids = Mihari::Artifact.where(data: artifact.data).pluck(:alert_id)
+          tag_ids = Mihari::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
+          tag_names = Mihari::Tag.where(id: tag_ids).distinct.pluck(:name)
+
+          artifact.tags = tag_names
+
+          present artifact, with: Entities::Artifact
+        end
+
+        desc "Enrich an artifact", {
+          success: Entities::Message,
+          failure: [{ code: 404, message: "Not found", model: Entities::Message }]
+        }
+        params do
+          requires :id, type: Integer
+        end
+        get "/:id/enrich" do
+          id = params["id"].to_i
+
+          begin
+            artifact = Mihari::Artifact.includes(
+              :autonomous_system,
+              :geolocation,
+              :whois_record,
+              :dns_records,
+              :reverse_dns_names
+            ).find(id)
+          rescue ActiveRecord::RecordNotFound
+            error!({ message: "ID:#{id} is not found" }, 404)
+          end
+
+          artifact.enrich_all
+          artifact.save
+
+          status 201
+          present({ message: "" }, with: Entities::Message)
+        end
+
+        desc "Delete an artifact", {
+          success: Entities::Message,
+          failure: [{ code: 404, message: "Not found", model: Entities::Message }]
+        }
+        params do
+          requires :id, type: Integer
+        end
+        delete "/:id" do
+          id = params["id"].to_i
+
+          begin
+            alert = Mihari::Artifact.find(id)
+          rescue ActiveRecord::RecordNotFound
+            error!({ message: "ID:#{id} is not found" }, 404)
+          end
+
+          alert.destroy
+
+          status 204
+          present({ message: "" }, with: Entities::Message)
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/endpoints/command.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require "safe_shell"
+
+module Mihari
+  module Endpoints
+    class Command < Grape::API
+      namespace :command do
+        desc "Run a command", {
+          success: Entities::CommandResult,
+          failure: [{ code: 400, message: "Bad request", model: Entities::Message }]
+        }
+        params do
+          requires :command, type: String, documentation: { param_type: "body" }
+        end
+        post "/" do
+          command = params[:command]
+          if command.nil?
+            error!({ message: "command is required" }, 400)
+          end
+
+          command = command.split
+
+          output = SafeShell.execute("mihari", *command)
+          success = $?.success?
+
+          present({ output: output, success: success }, with: Entities::CommandResult)
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/endpoints/configs.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Endpoints
+    class Configs < Grape::API
+      namespace :configs do
+        desc "Get configs", {
+          is_array: true,
+          success: Entities::Config
+        }
+        get "/" do
+          statuses = Status.check
+
+          configs = statuses.map do |key, value|
+            { name: key, status: value }
+          end
+          present(configs, with: Entities::Config)
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/endpoints/ip_addresses.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Endpoints
+    class IPAddresses < Grape::API
+      namespace :ip_addresses do
+        desc "Get an IP address", {
+          success: Entities::IPAddress,
+          failure: [{ code: 404, message: "Not found", model: Entities::Message }]
+        }
+        params do
+          requires :ip, type: String, regexp: /\A[0-9.]+\z/
+        end
+        get "/:ip", requirements: { ip: %r{[^/]+} } do
+          ip = params[:ip].to_s
+
+          data = Enrichers::IPInfo.query(ip)
+          if data.nil?
+            error!({ message: "IP:#{ip} is not found" }, 404)
+          else
+            present data, with: Entities::IPAddress
+          end
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/endpoints/sources.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Endpoints
+    class Sources < Grape::API
+      namespace :sources do
+        desc "Get sources", {
+          is_array: true,
+          success: Entities::Sources
+        }
+        get "/" do
+          sources = Mihari::Alert.distinct.pluck(:source)
+          present({ sources: sources }, with: Entities::Sources)
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/endpoints/tags.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Endpoints
+    class Tags < Grape::API
+      namespace :tags do
+        desc "Get tags", {
+          is_array: true,
+          success: Entities::Tags
+        }
+        get "/" do
+          tags = Mihari::Tag.distinct.pluck(:name)
+          present({ tags: tags }, with: Entities::Tags)
+        end
+
+        desc "Delete a tag", {
+          success: Entities::Message,
+          failure: [{ code: 404, message: "Not found", model: Entities::Message }]
+        }
+        params do
+          requires :name, type: String
+        end
+        delete "/:name" do
+          name = params[:name].to_s
+
+          begin
+            Mihari::Tag.where(name: name).destroy_all
+          rescue ActiveRecord::RecordNotFound
+            error!({ message: "Name:#{name} is not found" }, 404)
+          end
+
+          status 204
+          present({ message: "" }, with: Entities::Message)
+        end
+      end
+    end
+  end
+end

data/lib/mihari/web/entities/alert.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class Alert < Grape::Entity
+      expose :id, documentation: { type: Integer, required: true }
+      expose :title, documentation: { type: String, required: true }
+      expose :description, documentation: { type: String, required: true }
+      expose :source, documentation: { type: String, required: true }
+      expose :created_at, documentation: { type: DateTime, required: true }, as: :createdAt
+
+      expose :artifacts, using: Entities::Artifact, documentation: { type: Entities::Artifact, is_array: true }
+      expose :tags, using: Entities::Tag, documentation: { type: Entities::Tag, is_array: true, required: true }
+    end
+
+    class AlertsWithPagination < Grape::Entity
+      expose :alerts, using: Entities::Alert, documentation: { type: Entities::Alert, is_array: true, required: true }
+      expose :total, documentation: { type: Integer, required: true }
+      expose :current_page, documentation: { type: Integer, required: true }, as: :currentPage
+      expose :page_size, documentation: { type: Integer, required: true }, as: :pageSize
+    end
+  end
+end

data/lib/mihari/web/entities/artifact.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class Artifact < Grape::Entity
+      expose :id, documentation: { type: Integer, required: true }
+      expose :data, documentation: { type: String, required: true }
+      expose :data_type, documentation: { type: String, required: true }, as: :dataType
+      expose :source, documentation: { type: String, required: true }
+      expose :tags, documentation: { type: String, is_array: true }
+
+      expose :autonomous_system, using: Entities::AutonomousSystem, documentation: { type: Entities::AutonomousSystem, required: false }, as: :autonomousSystem
+      expose :geolocation, using: Entities::Geolocation, documentation: { type: Entities::Geolocation, required: false }
+      expose :whois_record, using: Entities::WhoisRecord, documentation: { type: Entities::WhoisRecord, required: false }, as: :whoisRecord
+
+      expose :reverse_dns_names, using: Entities::ReverseDnsName, documentation: { type: Entities::ReverseDnsName, is_array: true, required: false }, as: :reverseDnsNames do |status, _options|
+        status.reverse_dns_names.length > 0 ? status.reverse_dns_names : nil
+      end
+      expose :dns_records, using: Entities::DnsRecord, documentation: { type: Entities::DnsRecord, is_array: true, required: false }, as: :dnsRecords do |status, _options|
+        status.dns_records.length > 0 ? status.dns_records : nil
+      end
+    end
+  end
+end

data/lib/mihari/web/entities/autonomous_system.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class AutonomousSystem < Grape::Entity
+      expose :asn, documentation: { type: Integer, required: true }
+    end
+  end
+end

data/lib/mihari/web/entities/command.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class CommandInput < Grape::Entity
+      expose :command, documentation: { type: String, required: true }
+    end
+
+    class CommandResult < Grape::Entity
+      expose :output, documentation: { type: String, required: true }
+      expose :success, documentation: { type: Grape::API::Boolean, required: true }
+    end
+  end
+end

data/lib/mihari/web/entities/config.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class ConfigStatus < Grape::Entity
+      expose :type, documentation: { type: String, required: true }
+      expose :values, documentation: { type: String, is_array: true, required: true }
+      expose :is_configured, documentation: { type: Grape::API::Boolean, required: true }, as: :isConfigured
+    end
+
+    class Config < Grape::Entity
+      expose :name, documentation: { type: String, required: true }
+      expose :status, using: Entities::ConfigStatus, documentation: { type: ConfigStatus, required: true }
+    end
+  end
+end

data/lib/mihari/web/entities/dns.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class DnsRecord < Grape::Entity
+      expose :resource, documentation: { type: String, required: true }
+      expose :value, documentation: { type: String, required: true }
+    end
+  end
+end

data/lib/mihari/web/entities/geolocation.rb

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class Geolocation < Grape::Entity
+      expose :country, documentation: { type: String, required: true }
+      expose :country_code, documentation: { type: String, required: true }, as: :countryCode
+    end
+  end
+end

data/lib/mihari/web/entities/ip_address.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class IPAddress < Grape::Entity
+      expose :ip, documentation: { type: String, required: true }
+      expose :country_code, documentation: { type: String, required: true }, as: :countryCode
+      expose :hostname, documentation: { type: String, required: false }
+      expose :loc, documentation: { type: String, required: true }
+      expose :asn, documentation: { type: Integer, required: false }
+    end
+  end
+end

data/lib/mihari/web/entities/message.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class Message < Grape::Entity
+      expose :message, documentation: { type: String, required: true }
+    end
+  end
+end

data/lib/mihari/web/entities/reverse_dns.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class ReverseDnsName < Grape::Entity
+      expose :name, documentation: { type: String, required: true }
+    end
+  end
+end

data/lib/mihari/web/entities/source.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class Sources < Grape::Entity
+      expose :sources, documentation: { type: Array[String], required: true }
+    end
+  end
+end

data/lib/mihari/web/entities/tag.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class Tag < Grape::Entity
+      expose :name, documentation: { type: String, required: true }
+    end
+
+    class Tags < Grape::Entity
+      expose :tags, documentation: { type: Array[String], required: true }
+    end
+  end
+end

data/lib/mihari/web/entities/whois.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Entities
+    class WhoisRecord < Grape::Entity
+      expose :domain, documentation: { type: String, required: true }
+      expose :created_on, documentation: { type: Date, required: false }, as: :createdOn
+      expose :updated_on, documentation: { type: Date, required: false }, as: :updatedOn
+      expose :expires_on, documentation: { type: Date, required: false }, as: :expiresOn
+      expose :registrar, documentation: { type: Hash, required: false }
+      expose :contacts, documentation: { type: Hash, is_array: true, required: true } do |whois_record, _options|
+        whois_record.contacts.map { |h| h.to_camelback_keys }
+      end
+    end
+  end
+end

data/lib/mihari/web/public/grape.rb

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+require "launchy"
+require "rack"
+require "rack/contrib"
+require "rack/handler/puma"
+require "rack/cors"
+
+require "grape"
+require "grape-swagger"
+
+require "mihari/web/apis/ping"
+
+module Mihari
+  class API < Grape::API
+    prefix "api"
+    format :json
+    mount Apis::Ping
+    add_swagger_documentation api_version: "v1"
+  end
+
+  class GrapeApp
+    def initialize
+      @filenames = ["", ".html", "index.html", "/index.html"]
+      @rack_static = ::Rack::Static.new(
+        lambda { [404, {}, []] },
+        root: File.expand_path("public", __dir__),
+        urls: ["/"]
+      )
+    end
+
+    class << self
+      def instance
+        @instance ||= Rack::Builder.new do
+          run GrapeApp.new
+        end.to_app
+      end
+
+      def run!(port: 9292, host: "localhost", threads: "0:16", verbose: false)
+        url = "http://#{host}:#{port}"
+
+        Rack::Handler::Puma.run(instance, Port: port, Host: host, Threads: threads, Verbose: verbose) do |server|
+          p ENV["RACK_ENV"]
+          p instance.class
+
+          Launchy.open(url) if ENV["RACK_ENV"] != "development"
+
+          [:INT, :TERM].each do |sig|
+            trap(sig) do
+              server.shutdown
+            end
+          end
+        end
+      end
+    end
+
+    def call(env)
+      # api
+      p GrapeApp.instance
+      response = API.call(env)
+
+      # Check if the App wants us to pass the response along to others
+      if response[1]["X-Cascade"] == "pass"
+        # static files
+        request_path = env["PATH_INFO"]
+        @filenames.each do |path|
+          response = @rack_static.call(env.merge("PATH_INFO" => request_path + path))
+          return response if response[0] != 404
+        end
+      end
+    end
+  end
+end