mihari 4.7.0 → 4.7.3

data/lib/mihari/structs/rule.rb

@@ -1,187 +1,236 @@
 # frozen_string_literal: true
 
+require "date"
+require "erb"
+require "pathname"
+require "yaml"
+
 module Mihari
   module Structs
-    module Rule
-      class SearchFilter < Dry::Struct
-        attribute? :description, Types::String.optional
-        attribute? :tag_name, Types::String.optional
-        attribute? :title, Types::String.optional
-        attribute? :from_at, Types::DateTime.optional
-        attribute? :to_at, Types::DateTime.optional
+    class Rule
+      # @return [Hash]
+      attr_reader :data
+
+      # @return [String]
+      attr_reader :yaml
+
+      # @return [Array, nil]
+      attr_reader :errors
+
+      # @return [String]
+      attr_writer :id
+
+      def initialize(data, yaml)
+        @data = data.deep_symbolize_keys
+        @yaml = yaml
+
+        @errors = nil
+        @no_method_error = nil
+
+        validate
       end
 
-      class SearchFilterWithPagination < SearchFilter
-        attribute? :page, Types::Int.default(1)
-        attribute? :limit, Types::Int.default(10)
-
-        def without_pagination
-          SearchFilter.new(
-            description: description,
-            from_at: from_at,
-            tag_name: tag_name,
-            title: title,
-            to_at: to_at
-          )
+      #
+      # @return [Boolean]
+      #
+      def errors?
+        return false if @errors.nil?
+
+        !@errors.empty?
+      end
+
+      #
+      # @return [Array<String>]
+      #
+      def error_messages
+        return [] if @errors.nil?
+
+        @errors.messages.filter_map do |message|
+          path = message.path.map(&:to_s).join
+          "#{path} #{message.text}"
+        rescue NoMethodError
+          nil
         end
       end
 
-      class Rule
-        # @return [Hash]
-        attr_reader :data
+      def validate
+        begin
+          contract = Schemas::RuleContract.new
+          result = contract.call(data)
+        rescue NoMethodError => e
+          @no_method_error = e
+          return
+        end
+
+        @data = result.to_h
+        @errors = result.errors
+      end
 
-        # @return [String]
-        attr_reader :yaml
+      def validate!
+        raise RuleValidationError, "Data should be a hash" unless data.is_a?(Hash)
+        raise RuleValidationError, error_messages.join("\n") if errors?
+        raise RuleValidationError, "Something wrong with queries, emitters or enrichers." unless @no_method_error.nil?
+      rescue RuleValidationError => e
+        message = "Failed to parse the input as a rule"
+        message += ": #{e.message}" unless e.message.empty?
+        Mihari.logger.error message
 
-        # @return [Array, nil]
-        attr_reader :errors
+        raise e
+      end
 
-        # @return [String]
-        attr_writer :id
+      def [](key)
+        data[key.to_sym]
+      end
 
-        def initialize(data, yaml)
-          @data = data.deep_symbolize_keys
-          @yaml = yaml
+      #
+      # @return [String]
+      #
+      def id
+        @id ||= data[:id] || UUIDTools::UUID.md5_create(UUIDTools::UUID_URL_NAMESPACE, data.to_yaml).to_s
+      end
 
-          @errors = nil
-          @no_method_error = nil
+      #
+      # @return [String]
+      #
+      def title
+        @title ||= data[:title]
+      end
 
-          validate
-        end
+      #
+      # @return [String]
+      #
+      def description
+        @description ||= data[:description]
+      end
 
-        #
-        # @return [Boolean]
-        #
-        def errors?
-          return false if @errors.nil?
+      #
+      # @return [Mihari::Rule]
+      #
+      def to_model
+        rule = Mihari::Rule.find(id)
+
+        rule.title = title
+        rule.description = description
+        rule.data = data
+        rule.yaml = yaml
+
+        rule
+      rescue ActiveRecord::RecordNotFound
+        Mihari::Rule.new(
+          id: id,
+          title: title,
+          description: description,
+          data: data,
+          yaml: yaml
+        )
+      end
 
-          !@errors.empty?
-        end
+      #
+      # @return [Mihari::Analyzers::Rule]
+      #
+      def to_analyzer
+        analyzer = Mihari::Analyzers::Rule.new(
+          title: self[:title],
+          description: self[:description],
+          tags: self[:tags],
+          queries: self[:queries],
+          allowed_data_types: self[:allowed_data_types],
+          disallowed_data_values: self[:disallowed_data_values],
+          emitters: self[:emitters],
+          enrichers: self[:enrichers],
+          id: id
+        )
+        analyzer.ignore_old_artifacts = self[:ignore_old_artifacts]
+        analyzer.ignore_threshold = self[:ignore_threshold]
+
+        analyzer
+      end
+
+      class << self
+        include Mixins::Database
 
         #
-        # @return [Array<String>]
+        # @param [Mihari::Rule] model
         #
-        def error_messages
-          return [] if @errors.nil?
+        # @return [Mihari::Structs::Rule]
+        #
+        def from_model(model)
+          data = model.data.deep_symbolize_keys
+          # set ID if YAML data do not have ID
+          data[:id] = model.id unless data.key?(:id)
 
-          @errors.messages.map do |message|
-            path = message.path.map(&:to_s).join
-            "#{path} #{message.text}"
-          end
+          Structs::Rule.new(data, model.yaml)
         end
 
-        def validate
-          begin
-            contract = Schemas::RuleContract.new
-            result = contract.call(data)
-          rescue NoMethodError => e
-            @no_method_error = e
-            return
-          end
+        #
+        # @param [String] yaml
+        #
+        # @return [Mihari::Structs::Rule]
+        # @param [String, nil] id
+        #
+        def from_yaml(yaml, id: nil)
+          data = load_erb_yaml(yaml)
+          # set ID if id is given & YAML data do not have ID
+          data[:id] = id if !id.nil? && !data.key?(:id)
 
-          @data = result.to_h
-          @errors = result.errors
+          Structs::Rule.new(data, yaml)
         end
 
-        def validate!
-          raise RuleValidationError, "Data should be a hash" unless data.is_a?(Hash)
+        #
+        # @param [String] path_or_id Path to YAML file or YAML string or ID of a rule in the database
+        #
+        # @return [Mihari::Structs::Rule]
+        #
+        def from_path_or_id(path_or_id)
+          yaml = nil
 
-          raise RuleValidationError, error_messages.join("\n") if errors?
+          yaml = load_yaml_from_file(path_or_id) if File.exist?(path_or_id)
+          yaml = load_yaml_from_db(path_or_id) if yaml.nil?
 
-          raise RuleValidationError, "Something wrong with queries, emitters or enrichers." unless @no_method_error.nil?
+          Structs::Rule.from_yaml yaml
         end
 
-        def [](key)
-          data[key.to_sym]
-        end
+        private
 
         #
-        # @return [String]
+        # Load ERR templated YAML
         #
-        def id
-          @id ||= data[:id] || UUIDTools::UUID.md5_create(UUIDTools::UUID_URL_NAMESPACE, data.to_yaml).to_s
-        end
-
+        # @param [String] yaml
         #
-        # @return [String]
+        # @return [Hash]
         #
-        def title
-          @title ||= data[:title]
+        def load_erb_yaml(yaml)
+          YAML.safe_load(ERB.new(yaml).result, permitted_classes: [Date, Symbol], symbolize_names: true)
+        rescue Psych::SyntaxError => e
+          raise YAMLSyntaxError, e.message
         end
 
         #
-        # @return [String]
+        # Load YAML string from path
         #
-        def description
-          @description ||= data[:description]
-        end
-
+        # @param [String] path
         #
-        # @return [Mihari::Rule]
+        # @return [String, nil]
         #
-        def to_model
-          rule = Mihari::Rule.find(id)
+        def load_yaml_from_file(path)
+          return nil unless Pathname(path).exist?
 
-          rule.title = title
-          rule.description = description
-          rule.data = data
-          rule.yaml = yaml
-
-          rule
-        rescue ActiveRecord::RecordNotFound
-          Mihari::Rule.new(
-            id: id,
-            title: title,
-            description: description,
-            data: data,
-            yaml: yaml
-          )
+          File.read path
         end
 
         #
-        # @return [Mihari::Analyzers::Rule]
-        #
-        def to_analyzer
-          analyzer = Mihari::Analyzers::Rule.new(
-            title: self[:title],
-            description: self[:description],
-            tags: self[:tags],
-            queries: self[:queries],
-            allowed_data_types: self[:allowed_data_types],
-            disallowed_data_values: self[:disallowed_data_values],
-            emitters: self[:emitters],
-            enrichers: self[:enrichers],
-            id: id
-          )
-          analyzer.ignore_old_artifacts = self[:ignore_old_artifacts]
-          analyzer.ignore_threshold = self[:ignore_threshold]
-
-          analyzer
-        end
-
-        class << self
-          include Mixins::Rule
-
-          #
-          # @param [Mihari::Rule] model
-          #
-          # @return [Mihari::Structs::Rule::Rule]
-          #
-          def from_model(model)
-            data = model.data.deep_symbolize_keys
-            data[:id] = model.id unless data.key?(:id)
-
-            Structs::Rule::Rule.new(data, model.yaml)
-          end
-
-          #
-          # @param [String] yaml
-          #
-          # @return [Mihari::Structs::Rule::Rule]
-          #
-          def from_yaml(yaml)
-            data = load_erb_yaml(yaml)
-            Structs::Rule::Rule.new(data, yaml)
+        # Load YAML string from the database
+        #
+        # @param [String] id <description>
+        #
+        # @return [Hash]
+        #
+        def load_yaml_from_db(id)
+          with_db_connection do
+            rule = Mihari::Rule.find(id)
+            rule.yaml || rule.symbolized_data.to_yaml
+          rescue ActiveRecord::RecordNotFound
+            raise ArgumentError, "ID:#{id} is not found in the database"
           end
         end
       end

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "4.7.0"
+  VERSION = "4.7.3"
 end

data/lib/mihari/web/endpoints/alerts.rb

@@ -43,7 +43,7 @@ module Mihari
           # symbolize hash keys
           filter = filter.to_h.symbolize_keys
 
-          search_filter_with_pagenation = Structs::Alert::SearchFilterWithPagination.new(**filter)
+          search_filter_with_pagenation = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
           alerts = Mihari::Alert.search(search_filter_with_pagenation)
           total = Mihari::Alert.count(search_filter_with_pagenation.without_pagination)
 

data/lib/mihari/web/endpoints/rules.rb

@@ -36,7 +36,7 @@ module Mihari
           # symbolize hash keys
           filter = filter.to_h.symbolize_keys
 
-          search_filter_with_pagenation = Structs::Rule::SearchFilterWithPagination.new(**filter)
+          search_filter_with_pagenation = Structs::Filters::Rule::SearchFilterWithPagination.new(**filter)
           rules = Mihari::Rule.search(search_filter_with_pagenation)
           total = Mihari::Rule.count(search_filter_with_pagenation.without_pagination)
 
@@ -79,7 +79,7 @@ module Mihari
             error!({ message: "ID:#{id} is not found" }, 404)
           end
 
-          struct = Mihari::Structs::Rule::Rule.from_model(rule)
+          struct = Mihari::Structs::Rule.from_model(rule)
           analyzer = struct.to_analyzer
           analyzer.run
 
@@ -96,7 +96,12 @@ module Mihari
         end
         post "/" do
           yaml = params[:yaml]
-          rule = Structs::Rule::Rule.from_yaml(yaml)
+
+          begin
+            rule = Structs::Rule.from_yaml(yaml)
+          rescue YAMLSyntaxError => e
+            error!({ message: e.message }, 400)
+          end
 
           # check ID duplication
           begin
@@ -144,8 +149,11 @@ module Mihari
             error!({ message: "ID:#{id} is not found" }, 404)
           end
 
-          rule = Structs::Rule::Rule.from_yaml(yaml)
-          rule.id = id
+          begin
+            rule = Structs::Rule.from_yaml(yaml, id: id)
+          rescue YAMLSyntaxError => e
+            error!({ message: e.message }, 400)
+          end
 
           begin
             rule.validate!

data/lib/mihari/web/public/index.html

@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="/static/favicon.ico"/><title>Mihari</title><script defer="defer" type="module" src="/static/js/chunk-vendors.dde2116c.js"></script><script defer="defer" type="module" src="/static/js/app.823b5af7.js"></script><link href="/static/css/chunk-vendors.06251949.css" rel="stylesheet"><link href="/static/css/app.2a5d3d21.css" rel="stylesheet"><script defer="defer" src="/static/js/chunk-vendors-legacy.b110c129.js" nomodule></script><script defer="defer" src="/static/js/app-legacy.9d5c9c3d.js" nomodule></script></head><body><noscript><strong>We're sorry but Mihari doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div></body></html>
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="/static/favicon.ico"/><title>Mihari</title><script defer="defer" src="/static/js/chunk-vendors.64580a1f.js"></script><script defer="defer" src="/static/js/app.524d9ed2.js"></script><link href="/static/css/chunk-vendors.5013d549.css" rel="stylesheet"><link href="/static/css/app.2a5d3d21.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but Mihari doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div></body></html>