RubyGems - mihari - Versions diffs - 3.9.0 → 3.10.1 - Mend

mihari 3.9.0 → 3.10.1

Files changed (77) hide show

checksums.yaml +4 -4
data/.github/workflows/test.yml +6 -7
data/README.md +1 -0
data/config.ru +1 -1
data/lib/mihari/analyzers/greynoise.rb +65 -0
data/lib/mihari/analyzers/rule.rb +1 -0
data/lib/mihari/analyzers/shodan.rb +11 -5
data/lib/mihari/cli/analyzer.rb +2 -0
data/lib/mihari/commands/greynoise.rb +21 -0
data/lib/mihari/commands/search.rb +3 -2
data/lib/mihari/errors.rb +2 -0
data/lib/mihari/mixins/configuration.rb +12 -2
data/lib/mihari/models/alert.rb +1 -8
data/lib/mihari/models/artifact.rb +3 -0
data/lib/mihari/schemas/configuration.rb +3 -2
data/lib/mihari/structs/greynoise.rb +55 -0
data/lib/mihari/structs/ipinfo.rb +3 -4
data/lib/mihari/structs/shodan.rb +6 -6
data/lib/mihari/types.rb +1 -0
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/api.rb +43 -0
data/lib/mihari/web/app.rb +47 -29
data/lib/mihari/web/endpoints/alerts.rb +74 -0
data/lib/mihari/web/endpoints/artifacts.rb +92 -0
data/lib/mihari/web/endpoints/command.rb +32 -0
data/lib/mihari/web/endpoints/configs.rb +22 -0
data/lib/mihari/web/endpoints/ip_addresses.rb +27 -0
data/lib/mihari/web/endpoints/sources.rb +18 -0
data/lib/mihari/web/endpoints/tags.rb +38 -0
data/lib/mihari/web/entities/alert.rb +23 -0
data/lib/mihari/web/entities/artifact.rb +24 -0
data/lib/mihari/web/entities/autonomous_system.rb +9 -0
data/lib/mihari/web/entities/command.rb +14 -0
data/lib/mihari/web/entities/config.rb +16 -0
data/lib/mihari/web/entities/dns.rb +10 -0
data/lib/mihari/web/entities/geolocation.rb +10 -0
data/lib/mihari/web/entities/ip_address.rb +13 -0
data/lib/mihari/web/entities/message.rb +9 -0
data/lib/mihari/web/entities/reverse_dns.rb +9 -0
data/lib/mihari/web/entities/source.rb +9 -0
data/lib/mihari/web/entities/tag.rb +13 -0
data/lib/mihari/web/entities/whois.rb +16 -0
data/lib/mihari/web/public/grape.rb +73 -0
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari/web/public/redoc-static.html +54 -28
data/lib/mihari/web/public/static/js/app.0a0cc502.js +21 -0
data/lib/mihari/web/public/static/js/app.0a0cc502.js.map +1 -0
data/lib/mihari/web/public/static/js/app.14008741.js +21 -0
data/lib/mihari/web/public/static/js/app.14008741.js.map +1 -0
data/lib/mihari/web/public/static/js/app.6b636b62.js +50 -0
data/lib/mihari/web/public/static/js/app.6b636b62.js.map +1 -0
data/lib/mihari/web/public/static/js/app.fbc19869.js +21 -0
data/lib/mihari/web/public/static/js/app.fbc19869.js.map +1 -0
data/lib/mihari.rb +7 -14
data/mihari.gemspec +9 -5
data/sig/lib/mihari/structs/greynoise.rbs +30 -0
data/sig/lib/mihari/structs/shodan.rbs +3 -3
data/sig/lib/mihari/web/app.rbs +1 -1
metadata +146 -74
data/lib/mihari/serializers/alert.rb +0 -14
data/lib/mihari/serializers/artifact.rb +0 -18
data/lib/mihari/serializers/autonomous_system.rb +0 -9
data/lib/mihari/serializers/dns.rb +0 -11
data/lib/mihari/serializers/geolocation.rb +0 -11
data/lib/mihari/serializers/reverse_dns.rb +0 -11
data/lib/mihari/serializers/tag.rb +0 -11
data/lib/mihari/serializers/whois.rb +0 -11
data/lib/mihari/web/controllers/alerts_controller.rb +0 -67
data/lib/mihari/web/controllers/analyzers_controller.rb +0 -38
data/lib/mihari/web/controllers/artifacts_controller.rb +0 -94
data/lib/mihari/web/controllers/base_controller.rb +0 -22
data/lib/mihari/web/controllers/command_controller.rb +0 -26
data/lib/mihari/web/controllers/config_controller.rb +0 -13
data/lib/mihari/web/controllers/ip_address_controller.rb +0 -21
data/lib/mihari/web/controllers/sources_controller.rb +0 -12
data/lib/mihari/web/controllers/tags_controller.rb +0 -30
data/lib/mihari/web/helpers/json.rb +0 -53

data/lib/mihari/web/controllers/alerts_controller.rb DELETED Viewed

@@ -1,67 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class AlertsController < BaseController
-      get "/api/alerts" do
-        param :page, Integer
-        param :artifact, String
-        param :description, String
-        param :source, String
-        param :tag, String
-        param :from_at, DateTime
-        param :fromAt, DateTime
-        param :to_at, DateTime
-        param :toAt, DateTime
-        param :asn, Integer
-        param :dns_record, String
-        param :dnsRecord, String
-        param :reverse_dns_name, String
-        param :reverseDnsName, String
-        # set page & limit
-        page = params["page"] || 1
-        params["page"] = page.to_i
-        limit = 10
-        params["limit"] = 10
-        # normalize keys
-        params["artifact_data"] = params["artifact"]
-        params["from_at"] = params["from_at"] || params["fromAt"]
-        params["to_at"] = params["to_at"] || params["toAt"]
-        params["dns_record"] = params["dns_record"] || params["dnsRecord"]
-        params["reverse_dns_name"] = params["reverse_dns_name"] || params["reverseDnsName"]
-        # symbolize hash keys
-        filter = params.to_h.transform_keys(&:to_sym)
-        search_filter_with_pagenation = Structs::Alert::SearchFilterWithPagination.new(**filter)
-        alerts = Mihari::Alert.search(search_filter_with_pagenation)
-        total = Mihari::Alert.count(search_filter_with_pagenation.without_pagination)
-        json({ alerts: alerts, total: total, current_page: page, page_size: limit })
-      end
-      delete "/api/alerts/:id" do
-        param :id, Integer, required: true
-        id = params["id"].to_i
-        begin
-          alert = Mihari::Alert.find(id)
-          alert.destroy
-          status 204
-          body ""
-        rescue ActiveRecord::RecordNotFound
-          status 404
-          json({ message: "ID:#{id} is not found" })
-        end
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/analyzers_controller.rb DELETED Viewed

@@ -1,38 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class AnalyzersController < BaseController
-      post "/api/analyzer" do
-        contract = Mihari::Schemas::AnalyzerRunContract.new
-        result = contract.call(params)
-        unless result.errors.empty?
-          status 400
-          return json(result.errors.to_h)
-        end
-        args = result.to_h
-        ignore_old_artifacts = args[:ignoreOldArtifacts]
-        ignore_threshold = args[:ignoreThreshold]
-        analyzer = Mihari::Analyzers::Basic.new(
-          title: args[:title],
-          description: args[:description],
-          source: args[:source],
-          artifacts: args[:artifacts],
-          tags: args[:tags]
-        )
-        analyzer.ignore_old_artifacts = ignore_old_artifacts
-        analyzer.ignore_threshold = ignore_threshold
-        analyzer.run
-        status 201
-        body ""
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/artifacts_controller.rb DELETED Viewed

@@ -1,94 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class ArtifactsController < BaseController
-      get "/api/artifacts/:id" do
-        param :id, Integer, required: true
-        id = params["id"].to_i
-        begin
-          artifact = Mihari::Artifact.includes(
-            :autonomous_system,
-            :geolocation,
-            :whois_record,
-            :dns_records,
-            :reverse_dns_names
-          ).find(id)
-        rescue ActiveRecord::RecordNotFound
-          status 404
-          return json({ message: "ID:#{id} is not found" })
-        end
-        # TODO: improve queries
-        alert_ids = Mihari::Artifact.where(data: artifact.data).pluck(:alert_id)
-        tag_ids = Mihari::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
-        tag_names = Mihari::Tag.where(id: tag_ids).distinct.pluck(:name)
-        artifact_json = Serializers::ArtifactSerializer.new(artifact).as_json
-        # convert reverse DNS names into an array of string
-        # also change it as nil if it is empty
-        reverse_dns_names = (artifact_json[:reverse_dns_names] || []).filter_map { |v| v[:name] }
-        reverse_dns_names = nil if reverse_dns_names.empty?
-        artifact_json[:reverse_dns_names] = reverse_dns_names
-        # change DNS records as nil if it is empty
-        dns_records = artifact_json[:dns_records] || []
-        dns_records = nil if dns_records.empty?
-        artifact_json[:dns_records] = dns_records
-        # set tags
-        artifact_json[:tags] = tag_names
-        json artifact_json
-      end
-      get "/api/artifacts/:id/enrich" do
-        param :id, Integer, required: true
-        id = params["id"].to_i
-        begin
-          artifact = Mihari::Artifact.includes(
-            :autonomous_system,
-            :geolocation,
-            :whois_record,
-            :dns_records,
-            :reverse_dns_names
-          ).find(id)
-        rescue ActiveRecord::RecordNotFound
-          status 404
-          return json({ message: "ID:#{id} is not found" })
-        end
-        artifact.enrich_all
-        artifact.save
-        status 201
-        body ""
-      end
-      delete "/api/artifacts/:id" do
-        param :id, Integer, required: true
-        id = params["id"].to_i
-        begin
-          alert = Mihari::Artifact.find(id)
-          alert.destroy
-          status 204
-          body ""
-        rescue ActiveRecord::RecordNotFound
-          status 404
-          json({ message: "ID:#{id} is not found" })
-        end
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/base_controller.rb DELETED Viewed

@@ -1,22 +0,0 @@
-# frozen_string_literal: true
-require "rack/contrib/json_body_parser"
-require "sinatra"
-require "sinatra/param"
-module Mihari
-  module Controllers
-    class BaseController < Sinatra::Base
-      helpers Sinatra::Param
-      use Rack::JSONBodyParser
-      set :show_exceptions, false
-      set :raise_sinatra_param_exceptions, true
-      error Sinatra::Param::InvalidParameterError do
-        json({ error: "#{env["sinatra.error"].param} is invalid" })
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/command_controller.rb DELETED Viewed

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-require "safe_shell"
-module Mihari
-  module Controllers
-    class CommandController < BaseController
-      post "/api/command" do
-        param :command, String, required: true
-        command = params["command"]
-        if command.nil?
-          status 400
-          return json({ message: "command is required" })
-        end
-        command = command.split
-        output = SafeShell.execute("mihari", *command)
-        success = $?.success?
-        json({ output: output, success: success })
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/config_controller.rb DELETED Viewed

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class ConfigController < BaseController
-      get "/api/config" do
-        report = Status.check
-        json report.to_camelback_keys
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/ip_address_controller.rb DELETED Viewed

@@ -1,21 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class IPAddressController < BaseController
-      get "/api/ip_addresses/:ip" do
-        param :ip, String, required: true
-        ip = params["ip"].to_s
-        data = Enrichers::IPInfo.query(ip)
-        if data.nil?
-          status 404
-          json({ message: "IP:#{ip} is not found" })
-        else
-          json data.to_hash
-        end
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/sources_controller.rb DELETED Viewed

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class SourcesController < BaseController
-      get "/api/sources" do
-        sources = Mihari::Alert.distinct.pluck(:source)
-        json sources
-      end
-    end
-  end
-end

data/lib/mihari/web/controllers/tags_controller.rb DELETED Viewed

@@ -1,30 +0,0 @@
-# frozen_string_literal: true
-module Mihari
-  module Controllers
-    class TagsController < BaseController
-      get "/api/tags" do
-        tags = Mihari::Tag.distinct.pluck(:name)
-        json tags
-      end
-      delete "/api/tags/:name" do
-        param :name, String, required: true
-        name = params["name"].to_s
-        begin
-          Mihari::Tag.where(name: name).destroy_all
-          status 204
-          body ""
-        rescue ActiveRecord::RecordNotFound
-          status 404
-          message = { message: "Name:#{name} is not found" }
-          json message
-        end
-      end
-    end
-  end
-end

data/lib/mihari/web/helpers/json.rb DELETED Viewed

@@ -1,53 +0,0 @@
-# frozen_string_literal: true
-require "awrence"
-require "multi_json"
-require "sinatra/base"
-module Sinatra
-  module JSON
-    class << self
-      def encode(object)
-        ::MultiJson.dump(object)
-      end
-    end
-    def json(object, options = {})
-      object = object.to_camelback_keys
-      content_type resolve_content_type(options)
-      resolve_encoder_action object, resolve_encoder(options)
-    end
-    private
-    def resolve_content_type(options = {})
-      options[:content_type] || settings.json_content_type
-    end
-    def resolve_encoder(options = {})
-      options[:json_encoder] || settings.json_encoder
-    end
-    def resolve_encoder_action(object, encoder)
-      [:encode, :generate].each do |method|
-        return encoder.send(method, object) if encoder.respond_to? method
-      end
-      if encoder.is_a? Symbol
-        object.__send__(encoder)
-      else
-        fail "#{encoder} does not respond to #generate nor #encode"
-      end
-    end
-  end
-  Base.set :json_encoder do
-    ::MultiJson
-  end
-  Base.set :json_content_type, :json
-  # Load the JSON helpers in modular style automatically
-  Base.helpers JSON
-end