mihari 4.6.1 → 4.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 491cb9d0477c4101251c1f3e5705328008a196920efb41c239048247937f21f4
-  data.tar.gz: 14bcfd11b8871a759e70f6658cf2773dadc6afe7ffde44dbbffaef99961b8e00
+  metadata.gz: '091892853042ab3f1010c89b943eb2a885370da2d619016f3f3cd9dcb59e80cf'
+  data.tar.gz: 119ccbb407a49c741a4bf6c7cfafc7cd99855c3af950af9d0f1dc3735fc24672
 SHA512:
-  metadata.gz: d833915545629ade609ec994e6139387fd66247fa1c48fdbe4e3eab01679fb42820e3b07cb95fdbb8cff092753394f1dfa9aaa4459259837c2c0d7d5f2f855ed
-  data.tar.gz: dcbb112faa805b27157ec72d0f3544031c7e7789e855eb082a69a76216d0fcd644013ade95aea28ae138ebfb3bc8eb90d8fb922c83999d292c12b78d15acfe5c
+  metadata.gz: 5364837634a6cde1b370db5613e745f05b40bf7321a5b7fcc4a2c7d32b1d395fa45e4472ef2a5f9f28d664f0b45e31d0554acec7bb641a21ce179ebf70bf9317
+  data.tar.gz: 57ca2f920db2da9e8c9a10f59aa81984dff0a81f0073ba839c351f3fe5e7979358ce44d87f48adcffd7df1bf7268bab178fec82731f72d62c24aa9ce04eed026

data/lib/mihari/analyzers/rule.rb

@@ -51,6 +51,7 @@ module Mihari
       option :disallowed_data_values, default: proc { [] }
 
       option :emitters, optional: true
+      option :enrichers, optional: true
 
       attr_reader :source
 
@@ -60,6 +61,7 @@ module Mihari
         @source = id
 
         @emitters = emitters || DEFAULT_EMITTERS
+        @enrichers = enrichers || DEFAULT_ENRICHERS
 
         validate_analyzer_configurations
       end
@@ -112,6 +114,21 @@ module Mihari
         end
       end
 
+      #
+      # Enriched artifacts
+      #
+      # @return [Array<Mihari::Artifact>]
+      #
+      def enriched_artifacts
+        @enriched_artifacts ||= Parallel.map(unique_artifacts) do |artifact|
+          enrichers.each do |enricher|
+            artifact.enrich_by_enricher(enricher[:enricher])
+          end
+
+          artifact
+        end
+      end
+
       #
       # Normalized disallowed data values
       #

data/lib/mihari/constants.rb

@@ -4,4 +4,6 @@ module Mihari
   ALLOWED_DATA_TYPES = ["hash", "ip", "domain", "url", "mail"].freeze
 
   DEFAULT_EMITTERS = ["database", "misp", "slack", "the_hive", "webhook"].map { |name| { emitter: name } }.freeze
+
+  DEFAULT_ENRICHERS = ["whois", "ipinfo", "shodan", "google_public_dns"].map { |name| { enricher: name } }.freeze
 end

data/lib/mihari/enrichers/google_public_dns.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+require "net/https"
+
+module Mihari
+  module Enrichers
+    class GooglePublicDNS < Base
+      # @return [Boolean]
+      def valid?
+        true
+      end
+
+      class << self
+        #
+        # Query Google Public DNS
+        #
+        # @param [String] name
+        # @param [String] resource_type
+        #
+        # @return [Mihari::Structs::Shodan::GooglePublicDNS::Response, nil]
+        #
+        def query(name, resource_type)
+          url = "https://dns.google/resolve"
+          params = { name: name, type: resource_type }
+          res = HTTP.get(url, params: params)
+
+          data = JSON.parse(res.body.to_s)
+
+          Structs::GooglePublicDNS::Response.from_dynamic! data
+        rescue HTTPError
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/mihari/enrichers/whois.rb

@@ -0,0 +1,126 @@
+# frozen_string_literal: true
+
+require "whois-parser"
+
+module Mihari
+  module Enrichers
+    class Whois < Base
+      @memo = {}
+
+      # @return [Boolean]
+      def valid?
+        true
+      end
+
+      class << self
+        #
+        # Query IAIA Whois API
+        #
+        # @param [String] name
+        #
+        # @return [Mihari::WhoisRecord, nil]
+        #
+        def query(domain)
+          domain = PublicSuffix.domain(domain)
+
+          # check memo
+          if @memo.key?(domain)
+            whois_record = @memo[domain]
+            # return clone of the record
+            return whois_record.dup
+          end
+
+          record = ::Whois.whois(domain)
+          parser = record.parser
+
+          return nil if parser.available?
+
+          whois_record = WhoisRecord.new(
+            domain: domain,
+            created_on: get_created_on(parser),
+            updated_on: get_updated_on(parser),
+            expires_on: get_expires_on(parser),
+            registrar: get_registrar(parser),
+            contacts: get_contacts(parser)
+          )
+          # set memo
+          @memo[domain] = whois_record
+          whois_record
+        rescue ::Whois::Error, ::Whois::ParserError, Timeout::Error
+          nil
+        end
+
+        def reset_cache
+          @memo = {}
+        end
+
+        private
+
+        #
+        # Get created_on
+        #
+        # @param [::Whois::Parser:] parser
+        #
+        # @return [Date, nil]
+        #
+        def get_created_on(parser)
+          parser.created_on
+        rescue ::Whois::AttributeNotImplemented
+          nil
+        end
+
+        #
+        # Get updated_on
+        #
+        # @param [::Whois::Parser:] parser
+        #
+        # @return [Date, nil]
+        #
+        def get_updated_on(parser)
+          parser.updated_on
+        rescue ::Whois::AttributeNotImplemented
+          nil
+        end
+
+        #
+        # Get expires_on
+        #
+        # @param [::Whois::Parser:] parser
+        #
+        # @return [Date, nil]
+        #
+        def get_expires_on(parser)
+          parser.expires_on
+        rescue ::Whois::AttributeNotImplemented
+          nil
+        end
+
+        #
+        # Get registrar
+        #
+        # @param [::Whois::Parser:] parser
+        #
+        # @return [Hash, nil]
+        #
+        def get_registrar(parser)
+          parser.registrar&.to_h
+        rescue ::Whois::AttributeNotImplemented
+          nil
+        end
+
+        #
+        # Get contacts
+        #
+        # @param [::Whois::Parser:] parser
+        #
+        # @return [Array[Hash], nil]
+        #
+        def get_contacts(parser)
+          parser.contacts.map(&:to_h)
+        rescue ::Whois::AttributeNotImplemented
+          nil
+        end
+      end
+    end
+  end
+end

data/lib/mihari/http.rb

@@ -44,8 +44,8 @@ module Mihari
     end
 
     class << self
-      def get(uri, headers: {}, payload: {})
-        client = new(uri, headers: headers, payload: payload)
+      def get(uri, headers: {}, params: {})
+        client = new(uri, headers: headers, payload: params)
         client.get
       end
 

data/lib/mihari/models/artifact.rb

@@ -135,6 +135,36 @@ module Mihari
       enrich_cpes
     end
 
+    ENRICH_METHODS_BY_ENRICHER = {
+      whois: [
+        :enrich_whois
+      ],
+      ipinfo: [
+        :enrich_autonomous_system,
+        :enrich_geolocation
+      ],
+      shodan: [
+        :enrich_ports,
+        :enrich_cpes,
+        :enrich_reverse_dns
+      ],
+      google_public_dns: [
+        :enrich_dns
+      ]
+    }.freeze
+
+    #
+    # Enrich by name of enricher
+    #
+    # @param [String] enricher
+    #
+    def enrich_by_enricher(enricher)
+      methods = ENRICH_METHODS_BY_ENRICHER[enricher.downcase.to_sym] || []
+      methods.each do |method|
+        send(method) if respond_to?(method)
+      end
+    end
+
     private
 
     def normalize_as_domain(url_or_domain)

data/lib/mihari/models/dns.rb

@@ -13,14 +13,7 @@ module Mihari
       # @return [Array<Mihari::DnsRecord>]
       #
       def build_by_domain(domain)
-        resource_types = [
-          Resolv::DNS::Resource::IN::A,
-          Resolv::DNS::Resource::IN::AAAA,
-          Resolv::DNS::Resource::IN::CNAME,
-          Resolv::DNS::Resource::IN::TXT,
-          Resolv::DNS::Resource::IN::NS
-        ]
-
+        resource_types = %w[A AAAA CNAME TXT NS]
         resource_types.map do |resource_type|
           get_values domain, resource_type
         rescue Resolv::ResolvError
@@ -31,20 +24,11 @@ module Mihari
       private
 
       def get_values(domain, resource_type)
-        resources = Resolv::DNS.new.getresources(domain, resource_type)
-        resource_name = resource_type.to_s.split("::").last
+        response = Enrichers::GooglePublicDNS.query(domain, resource_type)
+        answers = response.answers || []
 
-        resources.filter_map do |resource|
-          # A, AAAA
-          if resource.respond_to?(:address)
-            new(resource: resource_name, value: resource.address.to_s)
-          # CNAME, NS
-          elsif resource.respond_to?(:name)
-            new(resource: resource_name, value: resource.name.to_s)
-          # TXT
-          elsif resource.respond_to?(:data)
-            new(resource: resource_name, value: resource.data.to_s)
-          end
+        answers.filter_map do |answer|
+          new(resource: answer.resource_type, value: answer.data)
         end
       end
     end

data/lib/mihari/models/whois.rb

@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require "whois-parser"
-
 module Mihari
   class WhoisRecord < ActiveRecord::Base
     belongs_to :artifact
@@ -17,100 +15,7 @@ module Mihari
       # @return [WhoisRecord, nil]
       #
       def build_by_domain(domain)
-        domain = PublicSuffix.domain(domain)
-
-        # check memo
-        if @memo.key?(domain)
-          whois_record = @memo[domain]
-          # return clone of the record
-          return whois_record.dup
-        end
-
-        record = Whois.whois(domain)
-        parser = record.parser
-
-        return nil if parser.available?
-
-        whois_record = new(
-          domain: domain,
-          created_on: get_created_on(parser),
-          updated_on: get_updated_on(parser),
-          expires_on: get_expires_on(parser),
-          registrar: get_registrar(parser),
-          contacts: get_contacts(parser)
-        )
-        # set memo
-        @memo[domain] = whois_record
-        whois_record
-      rescue Whois::Error, Whois::ParserError, Timeout::Error
-        nil
-      end
-
-      private
-
-      #
-      # Get created_on
-      #
-      # @param [::Whois::Parser:] parser
-      #
-      # @return [Date, nil]
-      #
-      def get_created_on(parser)
-        parser.created_on
-      rescue ::Whois::AttributeNotImplemented
-        nil
-      end
-
-      #
-      # Get updated_on
-      #
-      # @param [::Whois::Parser:] parser
-      #
-      # @return [Date, nil]
-      #
-      def get_updated_on(parser)
-        parser.updated_on
-      rescue ::Whois::AttributeNotImplemented
-        nil
-      end
-
-      #
-      # Get expires_on
-      #
-      # @param [::Whois::Parser:] parser
-      #
-      # @return [Date, nil]
-      #
-      def get_expires_on(parser)
-        parser.expires_on
-      rescue ::Whois::AttributeNotImplemented
-        nil
-      end
-
-      #
-      # Get registrar
-      #
-      # @param [::Whois::Parser:] parser
-      #
-      # @return [Hash, nil]
-      #
-      def get_registrar(parser)
-        parser.registrar&.to_h
-      rescue ::Whois::AttributeNotImplemented
-        nil
-      end
-
-      #
-      # Get contacts
-      #
-      # @param [::Whois::Parser:] parser
-      #
-      # @return [Array[Hash], nil]
-      #
-      def get_contacts(parser)
-        parser.contacts.map(&:to_h)
-      rescue ::Whois::AttributeNotImplemented
-        nil
+        Enrichers::Whois.query domain
       end
     end
   end

data/lib/mihari/schemas/enricher.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Schemas
+    Enricher = Dry::Schema.Params do
+      required(:enricher).value(Types::EnricherTypes)
+    end
+  end
+end

data/lib/mihari/schemas/rule.rb

@@ -2,6 +2,7 @@
 
 require "mihari/schemas/analyzer"
 require "mihari/schemas/emitter"
+require "mihari/schemas/enricher"
 
 module Mihari
   module Schemas
@@ -20,6 +21,8 @@ module Mihari
 
       optional(:emitters).value(:array).each { Emitter | MISP | TheHive | Slack | HTTP }
 
+      optional(:enrichers).value(:array).each(Enricher)
+
       optional(:allowed_data_types).value(array[Types::DataTypes]).default(ALLOWED_DATA_TYPES)
       optional(:disallowed_data_values).value(array[:string]).default([])
 
@@ -35,6 +38,9 @@ module Mihari
         emitters = h[:emitters]
         h[:emitters] = emitters || DEFAULT_EMITTERS
 
+        enrichers = h[:enrichers]
+        h[:enrichers] = enrichers || DEFAULT_ENRICHERS
+
         h
       end
     end

data/lib/mihari/structs/google_public_dns.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Structs
+    module GooglePublicDNS
+      INT_TYPE_TO_TYPE = {
+        1 => "A",
+        2 => "NS",
+        5 => "CNAME",
+        16 => "TXT",
+        28 => "AAAA"
+      }
+
+      class Answer < Dry::Struct
+        attribute :name, Types::String
+        attribute :data, Types::String
+        attribute :resource_type, Types::String
+
+        def self.from_dynamic!(d)
+          d = Types::Hash[d]
+          resource_type = INT_TYPE_TO_TYPE[d.fetch("type")]
+          new(
+            name: d.fetch("name"),
+            data: d.fetch("data"),
+            resource_type: resource_type
+          )
+        end
+      end
+
+      class Response < Dry::Struct
+        attribute :answers, Types.Array(Answer)
+
+        def self.from_dynamic!(d)
+          d = Types::Hash[d]
+          new(
+            answers: d.fetch("Answer", []).map { |x| Answer.from_dynamic!(x) }
+          )
+        end
+      end
+    end
+  end
+end

data/lib/mihari/structs/rule.rb

@@ -88,7 +88,7 @@ module Mihari
 
           raise RuleValidationError, error_messages.join("\n") if errors?
 
-          raise RuleValidationError, "Something wrong with queries or emitters." unless @no_method_error.nil?
+          raise RuleValidationError, "Something wrong with queries, emitters or enrichers." unless @no_method_error.nil?
         end
 
         def [](key)
@@ -150,6 +150,7 @@ module Mihari
             allowed_data_types: self[:allowed_data_types],
             disallowed_data_values: self[:disallowed_data_values],
             emitters: self[:emitters],
+            enrichers: self[:enrichers],
             id: id
           )
           analyzer.ignore_old_artifacts = self[:ignore_old_artifacts]

data/lib/mihari/types.rb

@@ -21,5 +21,12 @@ module Mihari
       "database",
       "webhook"
     )
+
+    EnricherTypes = Types::String.enum(
+      "whois",
+      "ipinfo",
+      "shodan",
+      "google_public_dns"
+    )
   end
 end

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "4.6.1"
+  VERSION = "4.7.0"
 end

data/lib/mihari.rb

@@ -173,6 +173,7 @@ require "mihari/types"
 # Structs
 require "mihari/structs/alert"
 require "mihari/structs/censys"
+require "mihari/structs/google_public_dns"
 require "mihari/structs/greynoise"
 require "mihari/structs/ipinfo"
 require "mihari/structs/onyphe"
@@ -189,8 +190,10 @@ require "mihari/schemas/rule"
 
 # Enrichers
 require "mihari/enrichers/base"
+require "mihari/enrichers/google_public_dns"
 require "mihari/enrichers/ipinfo"
 require "mihari/enrichers/shodan"
+require "mihari/enrichers/whois"
 
 # Models
 require "mihari/models/alert"

data/mihari.gemspec

@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 2.3"
   spec.add_development_dependency "coveralls_reborn", "~> 0.24"
-  spec.add_development_dependency "fakefs", "~> 1.4"
+  spec.add_development_dependency "fakefs", "~> 1.5"
   spec.add_development_dependency "mysql2", "~> 0.5"
   spec.add_development_dependency "overcommit", "~> 0.59"
   spec.add_development_dependency "pg", "~> 1.3"
@@ -40,7 +40,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec", "~> 3.11"
   spec.add_development_dependency "simplecov-lcov", "~> 0.8.0"
   spec.add_development_dependency "standard", "~> 1.12"
-  spec.add_development_dependency "steep", "~> 0.52"
+  spec.add_development_dependency "steep", "~> 1.0"
   spec.add_development_dependency "timecop", "~> 0.9"
   spec.add_development_dependency "vcr", "~> 6.1"
   spec.add_development_dependency "webmock", "~> 3.14"
@@ -58,9 +58,9 @@ Gem::Specification.new do |spec|
   spec.add_dependency "dry-container", "0.9.0"
   spec.add_dependency "dry-files", "0.1.0"
   spec.add_dependency "dry-initializer", "3.1.1"
-  spec.add_dependency "dry-schema", "1.9.1"
+  spec.add_dependency "dry-schema", "1.9.2"
   spec.add_dependency "dry-struct", "1.4.0"
-  spec.add_dependency "dry-validation", "1.8.0"
+  spec.add_dependency "dry-validation", "1.8.1"
   spec.add_dependency "email_address", "0.2.3"
   spec.add_dependency "grape", "1.6.2"
   spec.add_dependency "grape-entity", "0.10.1"
@@ -84,7 +84,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "public_suffix", "4.0.7"
   spec.add_dependency "pulsedive", "0.1.5"
   spec.add_dependency "puma", "5.6.4"
-  spec.add_dependency "rack", "2.2.3"
+  spec.add_dependency "rack", "2.2.3.1"
   spec.add_dependency "rack-contrib", "2.3.0"
   spec.add_dependency "rack-cors", "1.1.1"
   spec.add_dependency "securitytrails", "1.0.0"

data/sig/lib/mihari/enrichers/google_public_dns.rbs

@@ -0,0 +1,18 @@
+module Mihari
+  module Enrichers
+    class GooglePublicDNS < Base
+      # @return [Boolean]
+      def valid?: () -> true
+
+      #
+      # Query Google Public DNS
+      #
+      # @param [String] name
+      # @param [String] resource_type
+      #
+      # @return [Mihari::Structs::Shodan::GooglePublicDNS::Response, nil]
+      #
+      def self.query: (String name, String resource_type) -> Mihari::Structs::Shodan::GooglePublicDNS::Response?
+    end
+  end
+end

data/sig/lib/mihari/structs/google_public_dns.rbs

@@ -0,0 +1,21 @@
+module Mihari
+  module Structs
+    module GooglePublicDNS
+      INT_TYPE_TO_TYPE: { 1 => "A", 2 => "NS", 5 => "CNAME", 16 => "TXT", 28 => "AAAA" }
+
+      class Answer < Dry::Struct
+			  attr_reader name: String
+        attr_reader data: String
+        attr_reader resource_type: String
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::GooglePublicDNS::Answer
+      end
+
+      class Response < Dry::Struct
+        attr_reader answers: Array[Mihari::Structs::GooglePublicDNS::Answer]
+
+        def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::GooglePublicDNS::Response
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 4.6.1
+  version: 4.7.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-05-19 00:00:00.000000000 Z
+date: 2022-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: mysql2
   requirement: !ruby/object:Gem::Requirement
@@ -198,14 +198,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.52'
+        version: '1.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.52'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -436,14 +436,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.9.1
+        version: 1.9.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.9.1
+        version: 1.9.2
 - !ruby/object:Gem::Dependency
   name: dry-struct
   requirement: !ruby/object:Gem::Requirement
@@ -464,14 +464,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: 1.8.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.8.0
+        version: 1.8.1
 - !ruby/object:Gem::Dependency
   name: email_address
   requirement: !ruby/object:Gem::Requirement
@@ -800,14 +800,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.3
+        version: 2.2.3.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.2.3
+        version: 2.2.3.1
 - !ruby/object:Gem::Dependency
   name: rack-contrib
   requirement: !ruby/object:Gem::Requirement
@@ -1110,8 +1110,10 @@ files:
 - lib/mihari/emitters/the_hive.rb
 - lib/mihari/emitters/webhook.rb
 - lib/mihari/enrichers/base.rb
+- lib/mihari/enrichers/google_public_dns.rb
 - lib/mihari/enrichers/ipinfo.rb
 - lib/mihari/enrichers/shodan.rb
+- lib/mihari/enrichers/whois.rb
 - lib/mihari/entities/alert.rb
 - lib/mihari/entities/artifact.rb
 - lib/mihari/entities/autonomous_system.rb
@@ -1153,11 +1155,13 @@ files:
 - lib/mihari/models/whois.rb
 - lib/mihari/schemas/analyzer.rb
 - lib/mihari/schemas/emitter.rb
+- lib/mihari/schemas/enricher.rb
 - lib/mihari/schemas/macros.rb
 - lib/mihari/schemas/rule.rb
 - lib/mihari/status.rb
 - lib/mihari/structs/alert.rb
 - lib/mihari/structs/censys.rb
+- lib/mihari/structs/google_public_dns.rb
 - lib/mihari/structs/greynoise.rb
 - lib/mihari/structs/ipinfo.rb
 - lib/mihari/structs/onyphe.rb
@@ -1243,6 +1247,7 @@ files:
 - sig/lib/mihari/emitters/the_hive.rbs
 - sig/lib/mihari/emitters/webhook.rbs
 - sig/lib/mihari/enrichers/base.rbs
+- sig/lib/mihari/enrichers/google_public_dns.rbs
 - sig/lib/mihari/enrichers/ipinfo.rbs
 - sig/lib/mihari/errors.rbs
 - sig/lib/mihari/feed/parser.rbs
@@ -1272,6 +1277,7 @@ files:
 - sig/lib/mihari/status.rbs
 - sig/lib/mihari/structs/alert.rbs
 - sig/lib/mihari/structs/censys.rbs
+- sig/lib/mihari/structs/google_public_dns.rbs
 - sig/lib/mihari/structs/greynoise.rbs
 - sig/lib/mihari/structs/ipinfo.rbs
 - sig/lib/mihari/structs/onyphe.rbs