mihari 4.7.4 → 4.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4afac31be7c26f9357097db69a0f5e8e175b9d7bb14f66adc85d38f8d5606dad
-  data.tar.gz: c6259db1f4f4ed657993e817d3f8fafec5632370f0d21e761ee1dba5fb490321
+  metadata.gz: 85756e55047ef3bde95c50c1ac3c474adbd29828bf1f95618f3aac85638a1752
+  data.tar.gz: babe64cf74a96f659057b06ac3b5864b6faa2c3ec9b7e3f0f9b57bce7dd635a8
 SHA512:
-  metadata.gz: 0dff43154e317cc31dc13a85f3d7ae14c362ea23ccec2f0d48cff1f12ffb5a0f8f292465888ca9044234963bf5ba5fe5c4ce920111d9b0a8f083c067896e2efa
-  data.tar.gz: 46e9e1a2fd39d1bb61d8f3db73362074df83d80c5b37c39923a71ed9388059eef249b257116944016c33199c17dd283bbae41325ea29e74dd9759f0acfd6a14c
+  metadata.gz: 5c15c65a8952c1fbcf695feba8add8a7fc962eaac9ca426a18dd510663573dc9fe6b27472ca0edcd1ff9fb86b68a49ce8c459e3a7d90eabe9dbbe1e4506181d8
+  data.tar.gz: aceb04f0f6e78af7f0df2293d78a4d4d20bcf1827e70d45e3f425e38b128c5f9194dbdac608b29b44852af77b626ccbdd03583e7170d5330a2b584c7cbdca55b

data/.rubocop.yml

@@ -0,0 +1,4 @@
+Style/HashSyntax:
+  EnforcedShorthandSyntax: either
+Style/StringLiterals:
+  EnforcedStyle: double_quotes

data/README.md

@@ -44,7 +44,6 @@ Mihari supports the following services by default.
 - [Pulsedive](https://pulsedive.com/)
 - [SecurityTrails](https://securitytrails.com/)
 - [Shodan](https://shodan.io)
-- [Spyse](https://spyse.com)
 - [urlscan.io](https://urlscan.io)
 - [VirusTotal](http://virustotal.com) & [VirusTotal Intelligence](https://www.virustotal.com/gui/intelligence-overview)
 - [ZoomEye](https://zoomeye.org)

data/lib/mihari/analyzers/rule.rb

@@ -18,7 +18,6 @@ module Mihari
       "pulsedive" => Pulsedive,
       "securitytrails" => SecurityTrails,
       "shodan" => Shodan,
-      "spyse" => Spyse,
       "st" => SecurityTrails,
       "urlscan" => Urlscan,
       "virustotal_intelligence" => VirusTotalIntelligence,

data/lib/mihari/commands/search.rb

@@ -14,7 +14,11 @@ module Mihari
             rule = Structs::Rule.from_path_or_id path_or_id
 
             # validate
-            rule.validate!
+            begin
+              rule.validate!
+            rescue RuleValidationError
+              return
+            end
 
             # check update
             id = rule.id
@@ -23,7 +27,9 @@ module Mihari
               with_db_connection do
                 rule_ = Mihari::Rule.find(id)
                 next if rule.yaml == rule_.yaml
-                return unless yes?("This operation will overwrite the rule in the database (Rule ID: #{id}). Are you sure you want to update the rule? (yes/no)")
+                unless yes?("This operation will overwrite the rule in the database (Rule ID: #{id}). Are you sure you want to update the rule? (yes/no)")
+                  return
+                end
               rescue ActiveRecord::RecordNotFound
                 next
               end

data/lib/mihari/commands/validator.rb

@@ -18,7 +18,8 @@ module Mihari
 
             begin
               rule.validate!
-              Mihari.logger.info "Valid format. The input is parsed as the following:\n#{rule.data.to_yaml}"
+              Mihari.logger.info "Valid format. The input is parsed as the following:"
+              Mihari.logger.info rule.data.to_yaml
             rescue RuleValidationError
               nil
             end

data/lib/mihari/schemas/analyzer.rb

@@ -58,13 +58,6 @@ module Mihari
       optional(:options).hash(AnalyzerOptions)
     end
 
-    Spyse = Dry::Schema.Params do
-      required(:analyzer).value(Types::String.enum("spyse"))
-      required(:query).value(:string)
-      required(:type).value(Types::String.enum("ip", "domain"))
-      optional(:options).hash(AnalyzerOptions)
-    end
-
     ZoomEye = Dry::Schema.Params do
       required(:analyzer).value(Types::String.enum("zoomeye"))
       required(:query).value(:string)

data/lib/mihari/schemas/rule.rb

@@ -22,7 +22,9 @@ module Mihari
       optional(:created_on).value(:date)
       optional(:updated_on).value(:date)
 
-      required(:queries).value(:array).each { AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | Spyse | ZoomEye | Urlscan | Crtsh | Feed }
+      required(:queries).value(:array).each do
+        AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | ZoomEye | Urlscan | Crtsh | Feed
+      end
 
       optional(:emitters).value(:array).each { Emitter | MISP | TheHive | Slack | HTTP }
 
@@ -57,9 +59,7 @@ module Mihari
 
       rule(:disallowed_data_values) do
         value.each do |v|
-          unless valid_disallowed_data_value?(v)
-            key.failure("#{v} is not a valid format.")
-          end
+          key.failure("#{v} is not a valid format.") unless valid_disallowed_data_value?(v)
         end
       end
     end

data/lib/mihari/structs/rule.rb

@@ -2,6 +2,7 @@
 
 require "date"
 require "erb"
+require "json"
 require "pathname"
 require "yaml"
 
@@ -20,12 +21,17 @@ module Mihari
       # @return [String]
       attr_writer :id
 
+      #
+      # Initialize
+      #
+      # @param [Hash] data
+      # @param [String] yaml
+      #
       def initialize(data, yaml)
         @data = data.deep_symbolize_keys
         @yaml = yaml
 
         @errors = nil
-        @no_method_error = nil
 
         validate
       end
@@ -39,41 +45,19 @@ module Mihari
         !@errors.empty?
       end
 
-      #
-      # @return [Array<String>]
-      #
-      def error_messages
-        return [] if @errors.nil?
-
-        @errors.messages.filter_map do |message|
-          path = message.path.map(&:to_s).join
-          "#{path} #{message.text}"
-        rescue NoMethodError
-          nil
-        end
-      end
-
       def validate
-        begin
-          contract = Schemas::RuleContract.new
-          result = contract.call(data)
-        rescue NoMethodError => e
-          @no_method_error = e
-          return
-        end
+        contract = Schemas::RuleContract.new
+        result = contract.call(data)
 
         @data = result.to_h
         @errors = result.errors
       end
 
       def validate!
-        raise RuleValidationError, "Data should be a hash" unless data.is_a?(Hash)
-        raise RuleValidationError, error_messages.join("\n") if errors?
-        raise RuleValidationError, "Something wrong with queries, emitters or enrichers." unless @no_method_error.nil?
+        raise RuleValidationError if errors?
       rescue RuleValidationError => e
-        message = "Failed to parse the input as a rule"
-        message += ": #{e.message}" unless e.message.empty?
-        Mihari.logger.error message
+        Mihari.logger.error "Failed to parse the input as a rule:"
+        Mihari.logger.error JSON.pretty_generate(errors.to_h)
 
         raise e
       end

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "4.7.4"
+  VERSION = "4.9.0"
 end

data/lib/mihari/web/public/index.html

@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="/static/favicon.ico"/><title>Mihari</title><script defer="defer" src="/static/js/chunk-vendors.64580a1f.js"></script><script defer="defer" src="/static/js/app.524d9ed2.js"></script><link href="/static/css/chunk-vendors.5013d549.css" rel="stylesheet"><link href="/static/css/app.2a5d3d21.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but Mihari doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div></body></html>
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width,initial-scale=1"/><link rel="icon" href="/static/favicon.ico"/><title>Mihari</title><script defer="defer" src="/static/js/chunk-vendors.723e02cf.js"></script><script defer="defer" src="/static/js/app.6413bf4f.js"></script><link href="/static/css/chunk-vendors.380724be.css" rel="stylesheet"><link href="/static/css/app.2a5d3d21.css" rel="stylesheet"></head><body><noscript><strong>We're sorry but Mihari doesn't work properly without JavaScript enabled. Please enable it to continue.</strong></noscript><div id="app"></div></body></html>