mihari 4.7.1 → 4.7.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (46) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test.yml +1 -0
  3. data/lib/mihari/analyzers/rule.rb +0 -1
  4. data/lib/mihari/commands/init.rb +25 -2
  5. data/lib/mihari/commands/search.rb +2 -7
  6. data/lib/mihari/commands/validator.rb +10 -5
  7. data/lib/mihari/errors.rb +2 -0
  8. data/lib/mihari/models/alert.rb +6 -1
  9. data/lib/mihari/models/geolocation.rb +2 -4
  10. data/lib/mihari/models/port.rb +1 -1
  11. data/lib/mihari/models/rule.rb +7 -2
  12. data/lib/mihari/schemas/rule.rb +5 -0
  13. data/lib/mihari/structs/filters.rb +71 -0
  14. data/lib/mihari/structs/ipinfo.rb +4 -4
  15. data/lib/mihari/structs/rule.rb +188 -144
  16. data/lib/mihari/version.rb +1 -1
  17. data/lib/mihari/web/endpoints/alerts.rb +1 -1
  18. data/lib/mihari/web/endpoints/rules.rb +13 -4
  19. data/lib/mihari/web/public/index.html +1 -1
  20. data/lib/mihari/web/public/redoc-static.html +796 -763
  21. data/lib/mihari/web/public/static/css/chunk-vendors.5013d549.css +7 -0
  22. data/lib/mihari/web/public/static/js/app.524d9ed2.js +2 -0
  23. data/lib/mihari/web/public/static/js/app.524d9ed2.js.map +1 -0
  24. data/lib/mihari/web/public/static/js/{chunk-vendors.dde2116c.js → chunk-vendors.64580a1f.js} +7 -7
  25. data/lib/mihari/web/public/static/js/chunk-vendors.64580a1f.js.map +1 -0
  26. data/lib/mihari.rb +1 -2
  27. data/mihari.gemspec +16 -16
  28. data/sig/lib/mihari/cli/base.rbs +0 -2
  29. data/sig/lib/mihari/models/alert.rbs +3 -3
  30. data/sig/lib/mihari/models/rule.rbs +2 -2
  31. data/sig/lib/mihari/structs/filters.rbs +40 -0
  32. data/sig/lib/mihari/structs/ipinfo.rbs +2 -2
  33. data/sig/lib/mihari/structs/rule.rbs +36 -43
  34. metadata +41 -47
  35. data/lib/mihari/mixins/rule.rb +0 -84
  36. data/lib/mihari/structs/alert.rb +0 -44
  37. data/lib/mihari/web/public/static/css/chunk-vendors.06251949.css +0 -7
  38. data/lib/mihari/web/public/static/js/app-legacy.9d5c9c3d.js +0 -2
  39. data/lib/mihari/web/public/static/js/app-legacy.9d5c9c3d.js.map +0 -1
  40. data/lib/mihari/web/public/static/js/app.823b5af7.js +0 -2
  41. data/lib/mihari/web/public/static/js/app.823b5af7.js.map +0 -1
  42. data/lib/mihari/web/public/static/js/chunk-vendors-legacy.b110c129.js +0 -25
  43. data/lib/mihari/web/public/static/js/chunk-vendors-legacy.b110c129.js.map +0 -1
  44. data/lib/mihari/web/public/static/js/chunk-vendors.dde2116c.js.map +0 -1
  45. data/sig/lib/mihari/mixins/rule.rbs +0 -36
  46. data/sig/lib/mihari/structs/alert.rbs +0 -27
data/lib/mihari/mixins/rule.rb DELETED
@@ -1,84 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require "date"
4
- require "erb"
5
- require "pathname"
6
-
7
- module Mihari
8
- module Mixins
9
- module Rule
10
- include Mixins::Database
11
-
12
- def load_erb_yaml(yaml)
13
- YAML.safe_load(ERB.new(yaml).result, permitted_classes: [Date], symbolize_names: true)
14
- end
15
-
16
- #
17
- # Load rule into hash
18
- #
19
- # @param [String] path_or_id Path to YAML file or YAML string or ID of a rule in the database
20
- #
21
- # @return [Mihari::Structs::Rule::Rule]
22
- #
23
- def load_rule(path_or_id)
24
- yaml = nil
25
-
26
- yaml = load_yaml_from_file(path_or_id) if File.exist?(path_or_id)
27
- yaml = load_yaml_from_db(path_or_id) if yaml.nil?
28
-
29
- Structs::Rule::Rule.from_yaml yaml
30
- end
31
-
32
- def load_yaml_from_file(path)
33
- return nil unless Pathname(path).exist?
34
-
35
- File.read path
36
- end
37
-
38
- def load_yaml_from_db(id)
39
- with_db_connection do
40
- rule = Mihari::Rule.find(id)
41
- rule.yaml || rule.symbolized_data.to_yaml
42
- rescue ActiveRecord::RecordNotFound
43
- raise ArgumentError, "ID:#{id} is not found in the database"
44
- end
45
- end
46
-
47
- #
48
- # Validate a rule
49
- #
50
- # @param [Mihari::Structs::Rule::Rule] rule
51
- #
52
- def validate_rule!(rule)
53
- rule.validate!
54
- rescue RuleValidationError => e
55
- Mihari.logger.error "Failed to parse the input as a rule"
56
- raise e
57
- end
58
-
59
- #
60
- # Returns a template for rule
61
- #
62
- # @return [String] A template for rule
63
- #
64
- def rule_template
65
- yaml = File.read(File.expand_path("../templates/rule.yml.erb", __dir__))
66
- Structs::Rule::Rule.from_yaml yaml
67
- yaml
68
- end
69
-
70
- #
71
- # Create (blank) rule file
72
- #
73
- # @param [String] filename
74
- # @param [Dry::Files] files
75
- # @param [String] template
76
- #
77
- # @return [nil]
78
- #
79
- def initialize_rule_yaml(filename, files = Dry::Files.new, template: rule_template)
80
- files.write(filename, template)
81
- end
82
- end
83
- end
84
- end
data/lib/mihari/structs/alert.rb DELETED
@@ -1,44 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- module Mihari
4
- module Structs
5
- module Alert
6
- class SearchFilter < Dry::Struct
7
- attribute? :artifact_data, Types::String.optional
8
- attribute? :description, Types::String.optional
9
- attribute? :source, Types::String.optional
10
- attribute? :tag_name, Types::String.optional
11
- attribute? :title, Types::String.optional
12
- attribute? :from_at, Types::DateTime.optional
13
- attribute? :to_at, Types::DateTime.optional
14
- attribute? :asn, Types::Int.optional
15
- attribute? :dns_record, Types::String.optional
16
- attribute? :reverse_dns_name, Types::String.optional
17
-
18
- def valid_artifact_filters?
19
- !(artifact_data || asn || dns_record || reverse_dns_name).nil?
20
- end
21
- end
22
-
23
- class SearchFilterWithPagination < SearchFilter
24
- attribute? :page, Types::Int.default(1)
25
- attribute? :limit, Types::Int.default(10)
26
-
27
- def without_pagination
28
- SearchFilter.new(
29
- artifact_data: artifact_data,
30
- description: description,
31
- from_at: from_at,
32
- source: source,
33
- tag_name: tag_name,
34
- title: title,
35
- to_at: to_at,
36
- asn: asn,
37
- dns_record: dns_record,
38
- reverse_dns_name: reverse_dns_name
39
- )
40
- end
41
- end
42
- end
43
- end
44
- end