mihari 4.0.0 → 4.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1a42a8897840d2f2268f88c6734c1633642256ef08667c39f45f5d03ac13874f
-  data.tar.gz: 89bdd5aa38f833e3158464915ec46c05e8c0bb6f17d34fe397d1590c59a57d7c
+  metadata.gz: f96f1f1e70601518505d5b48aba5a9e0c60f1555e9d7c96ca307a32f5214a568
+  data.tar.gz: 87910483603ccf914b867bede2ea287d456c9bde59ccfebd2324c42b8b1c6928
 SHA512:
-  metadata.gz: f62927fdb96eabffd99106bf03178e6eb573ee5e58b8fa2bb94b6b6b2ea898324fd65656bbb128aab67196ad03da959603dd73108c8840e883560d673c8afa5f
-  data.tar.gz: 2e752fa7ab93691ad6c38ec534af3bab14e27f2b66127dc00fc016f26554ea29fc2c743d2bdaef93d85e816d8a47e54d2d41bb6dafaabf711cfb2c833c3ff0ff
+  metadata.gz: 71fc241abdc3c41f28d49e7a2004957edaf0f09adc2f96b634af9dc5ea6de02fb2377fe0f88fbdb3c72816b2f72ebb4f6747e959a0dc7b13fff8377806bc57db
+  data.tar.gz: 9270f526e57e69df875f5a4cdacc0905cf8e8635f4fcea734f9a52b4f8b2e81a732a1990c4def0c53623ee57b60e7c40ee249a1b9501f866b1aec64fbbc1b47c

data/lib/mihari/analyzers/shodan.rb

@@ -16,7 +16,7 @@ module Mihari
         results = results.map { |result| Structs::Shodan::Result.from_dynamic!(result) }
         results.map do |result|
           matches = result.matches || []
-          matches.map { |match| build_artifact match }
+          matches.map { |match| build_artifact(match, matches) }
         end.flatten.uniq(&:data)
       end
 
@@ -73,14 +73,27 @@ module Mihari
         responses
       end
 
+      #
+      # Collect metadata from matches
+      #
+      # @param [Array<Structs::Shodan::Match>] matches
+      # @param [String] ip
+      #
+      # @return [Array<Hash>]
+      #
+      def collect_metadata_by_ip(matches, ip)
+        matches.select { |match| match.ip_str == ip }.map(&:metadata)
+      end
+
       #
       # Build an artifact from a Shodan search API response
       #
       # @param [Structs::Shodan::Match] match
+      # @param [Array<Structs::Shodan::Match>] matches
       #
       # @return [Artifact]
       #
-      def build_artifact(match)
+      def build_artifact(match, matches)
         as = nil
         as = AutonomousSystem.new(asn: normalize_asn(match.asn)) unless match.asn.nil?
 
@@ -92,10 +105,12 @@ module Mihari
           )
         end
 
+        metadata = collect_metadata_by_ip(matches, match.ip_str)
+
         Artifact.new(
           data: match.ip_str,
           source: source,
-          metadata: match.metadata,
+          metadata: metadata,
           autonomous_system: as,
           geolocation: geolocation
         )

data/lib/mihari/models/rule.rb

@@ -11,7 +11,7 @@ module Mihari
     #
     def to_h
       symbolized_data = data.deep_symbolize_keys
-      h = { id: id, created_at: created_at, yaml: symbolized_data.to_yaml }
+      h = { id: id, created_at: created_at, yaml: data.to_yaml }
       h.merge symbolized_data
     end
 

data/lib/mihari/structs/rule.rb

@@ -108,6 +108,12 @@ module Mihari
         # @return [Mihari::Rule]
         #
         def to_model
+          rule = Mihari::Rule.find(id)
+          rule.title = title
+          rule.description = description
+          rule.data = data
+          rule
+        rescue ActiveRecord::RecordNotFound
           Mihari::Rule.new(
             id: id,
             title: title,

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "4.0.0"
+  VERSION = "4.1.0"
 end

data/lib/mihari/web/endpoints/rules.rb

@@ -112,6 +112,41 @@ module Mihari
           present model.to_h, with: Entities::Rule
         end
 
+        desc "Update a rule", {
+          success: Entities::Rule,
+          summary: "Update a rule"
+        }
+        put "/" do
+          id = params["id"].to_s
+
+          begin
+            Mihari::Rule.find(id)
+          rescue ActiveRecord::RecordNotFound
+            error!({ message: "ID:#{id} is not found" }, 404)
+          end
+
+          rule = Structs::Rule::Rule.new(params)
+
+          begin
+            rule.validate!
+          rescue RuleValidationError
+            error!({ message: "Data format is invalid", details: rule.errors.to_h }, 400) if rule.errors?
+
+            # when NoMethodError occurs
+            error!({ message: "Data format is invalid" }, 400)
+          end
+
+          begin
+            model = rule.to_model
+            model.save
+          rescue ActiveRecord::RecordNotUnique
+            error!({ message: "ID:#{rule.id} is already registered" }, 400)
+          end
+
+          status 201
+          present model.to_h, with: Entities::Rule
+        end
+
         desc "Delete a rule", {
           success: Entities::Message,
           failure: [{ code: 404, message: "Not found", model: Entities::Message }],

data/lib/mihari/web/public/index.html

@@ -1 +1 @@
-<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" href="/static/favicon.ico"><title>Mihari</title><link href="/static/js/app.49ab738a.js" rel="preload" as="script"></head><body><noscript><strong>We're sorry but Mihari doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div><script src="/static/js/app.49ab738a.js"></script></body></html>
+<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width,initial-scale=1"><link rel="icon" href="/static/favicon.ico"><title>Mihari</title><link href="/static/js/app.cb1fa7be.js" rel="preload" as="script"></head><body><noscript><strong>We're sorry but Mihari doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div><script src="/static/js/app.cb1fa7be.js"></script></body></html>