mihari 5.0.0 → 5.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 41784cbe3811a8f5f2a6a4de663ceaa03e2635c329c455b523e5fc55fda0c9e7
-  data.tar.gz: '052987fcb8805a8f71a0716d5e0970b0c4c7451059dded4b5149679ccda6c999'
+  metadata.gz: b7944fcbb2ef6b1ff7fccbe5c8158bd21a186b05e8fae70a6700256dce10adbb
+  data.tar.gz: 36605153506952b323be6e3a7646fd4446f280943fc6c587d7885e8eec413c33
 SHA512:
-  metadata.gz: f16447e83adb4630baf9587eecea0dbb6f580de23894d70fa2c1729483faa6dc1c86fe5de2bd782100f8cba89e2a50e7ce2f0ab675de822fe5fb767fb2c6f45f
-  data.tar.gz: af70fcc510ed4fd6a434481a8372c56d20a54b605ee0b49425a1315531d2261db6df9588f1961ba34796728ff40f0ce188ad58e6c542f4c3644a8c8251b37eb5
+  metadata.gz: ba53c1fb987ffd933017ccc64a3a72adc032de81a377e34684c4927304d295d85531ad11e796abd3c17489411fcf15eedd494d7ff7a8b7d0c53fdeb511eb5a8d
+  data.tar.gz: 6dff687f32dfef7f0cc19b76cba77a6233ebbefa9b90f522f37092468370eb5abb0e7f185d86f74077944cb0c76609b01390e7878ca494a82419ac44e59d93e5

data/lib/mihari/analyzers/base.rb

@@ -9,7 +9,6 @@ module Mihari
 
       include Mixins::AutonomousSystem
       include Mixins::Configurable
-      include Mixins::Database
       include Mixins::Retriable
 
       # @return [Mihari::Structs::Rule, nil]
@@ -42,16 +41,14 @@ module Mihari
           raise ConfigurationError, "#{class_name} is not configured correctly"
         end
 
-        with_db_connection do
-          set_enriched_artifacts
+        set_enriched_artifacts
 
-          responses = Parallel.map(valid_emitters) do |emitter|
-            run_emitter emitter
-          end
-
-          # returns Mihari::Alert created by the database emitter
-          responses.find { |res| res.is_a?(Mihari::Alert) }
+        responses = Parallel.map(valid_emitters) do |emitter|
+          run_emitter emitter
         end
+
+        # returns Mihari::Alert created by the database emitter
+        responses.find { |res| res.is_a?(Mihari::Alert) }
       end
 
       #

data/lib/mihari/commands/searcher.rb

@@ -9,39 +9,44 @@ module Mihari
       def self.included(thor)
         thor.class_eval do
           desc "search [PATH]", "Search by a rule"
-          method_option :yes, type: :boolean, aliases: "-y", desc: "yes to overwrite the rule in the database"
+          method_option :force_overwrite, type: :boolean, aliases: "-f", desc: "Force an overwrite the rule"
           def search(path_or_id)
-            rule = Structs::Rule.from_path_or_id path_or_id
+            with_db_connection do
+              rule = Structs::Rule.from_path_or_id path_or_id
 
-            # validate
-            begin
-              rule.validate!
-            rescue RuleValidationError
-              return
-            end
+              # validate
+              begin
+                rule.validate!
+              rescue RuleValidationError
+                return
+              end
+
+              force_overwrite = options["force_overwrite"] || false
+
+              begin
+                rule_model = Mihari::Rule.find(rule.id)
+                has_change = rule_model.data != rule.data.deep_stringify_keys
+                has_change_and_not_force_overwrite = has_change & !force_overwrite
 
-            # check update
-            yes = options["yes"] || false
-            unless yes
-              with_db_connection do
-                next if Mihari::Rule.find(rule.id).data == rule.data.deep_stringify_keys
-                unless yes?("This operation will overwrite the rule in the database (Rule ID: #{rule.id}). Are you sure you want to update the rule? (y/n)")
+                if has_change_and_not_force_overwrite && !yes?("This operation will overwrite the rule in the database (Rule ID: #{rule.id}). Are you sure you want to update the rule? (y/n)")
                   return
                 end
+
+                # update the rule
+                rule.model.save
               rescue ActiveRecord::RecordNotFound
-                next
+                # create a new rule
+                rule.model.save
               end
-            end
-            # update rule model
-            rule.model.save
-
-            with_error_notification do
-              alert = rule.analyzer.run
-              if alert
-                data = Mihari::Entities::Alert.represent(alert)
-                puts JSON.pretty_generate(data.as_json)
-              else
-                Mihari.logger.info "There is no new alert created in the database"
+
+              with_error_notification do
+                alert = rule.analyzer.run
+                if alert
+                  data = Mihari::Entities::Alert.represent(alert)
+                  puts JSON.pretty_generate(data.as_json)
+                else
+                  Mihari.logger.info "There is no new alert created in the database"
+                end
               end
             end
           end

data/lib/mihari/structs/rule.rb

@@ -164,8 +164,6 @@ module Mihari
       end
 
       class << self
-        include Mixins::Database
-
         #
         # Load rule from YAML string
         #
@@ -209,11 +207,9 @@ module Mihari
         # @return [Mihari::Structs::Rule, nil]
         #
         def from_id(id)
-          with_db_connection do
-            return nil unless Mihari::Rule.exists?(id)
+          return nil unless Mihari::Rule.exists?(id)
 
-            Structs::Rule.from_model Mihari::Rule.find(id)
-          end
+          Structs::Rule.from_model Mihari::Rule.find(id)
         end
 
         #

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "5.0.0"
+  VERSION = "5.0.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 5.0.1
 platform: ruby
 authors:
 - Manabu Niseki