mihari 5.2.0 → 5.2.2

data/lib/mihari/structs/rule.rb

@@ -10,6 +10,8 @@ require "yaml"
 module Mihari
   module Structs
     class Rule
+      include Mixins::FalsePositive
+
       # @return [Hash]
       attr_reader :data
 
@@ -109,10 +111,10 @@ module Mihari
       end
 
       #
-      # @return [Array<String>]
+      # @return [Array<String, RegExp>]
       #
       def falsepositives
-        @falsepositives ||= data[:falsepositives]
+        @falsepositives ||= data[:falsepositives].map { |fp| normalize_falsepositive fp }
       end
 
       #

data/lib/mihari/structs/shodan.rb

@@ -7,6 +7,20 @@ module Mihari
         attribute :country_code, Types::String.optional
         attribute :country_name, Types::String.optional
 
+        #
+        # @return [String, nil]
+        #
+        def country_code
+          attributes[:country_code]
+        end
+
+        #
+        # @return [String, nil]
+        #
+        def country_name
+          attributes[:country_name]
+        end
+
         #
         # @return [Mihari::Geolocation, nil]
         #
@@ -19,6 +33,11 @@ module Mihari
           )
         end
 
+        #
+        # @param [Hash] d
+        #
+        # @return [Location]
+        #
         def self.from_dynamic!(d)
           d = Types::Hash[d]
           new(
@@ -39,6 +58,48 @@ module Mihari
         attribute :port, Types::Integer
         attribute :metadata, Types::Hash
 
+        #
+        # @return [String, nil]
+        #
+        def asn
+          attributes[:asn]
+        end
+
+        #
+        # @return [Array<String>]
+        #
+        def hostnames
+          attributes[:hostnames]
+        end
+
+        #
+        # @return [Location]
+        #
+        def location
+          attributes[:location]
+        end
+
+        #
+        # @return [String]
+        #
+        def ip_str
+          attributes[:ip_str]
+        end
+
+        #
+        # @return [Integer]
+        #
+        def port
+          attributes[:port]
+        end
+
+        #
+        # @return [Hash]
+        #
+        def metadata
+          attributes[:metadata]
+        end
+
         #
         # @return [Mihari::AutonomousSystem, nil]
         #
@@ -48,6 +109,11 @@ module Mihari
           Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
         end
 
+        #
+        # @param [Hash] d
+        #
+        # @return [Match]
+        #
         def self.from_dynamic!(d)
           d = Types::Hash[d]
 
@@ -74,6 +140,20 @@ module Mihari
         attribute :matches, Types.Array(Match)
         attribute :total, Types::Int
 
+        #
+        # @return [Array<Match>]
+        #
+        def matches
+          attributes[:matches]
+        end
+
+        #
+        # @return [Integer]
+        #
+        def total
+          attributes[:total]
+        end
+
         #
         # Collect metadata from matches
         #
@@ -107,12 +187,10 @@ module Mihari
           matches.select { |match| match.ip_str == ip }.map(&:hostnames).flatten.uniq
         end
 
-        #
-        # @param [Source] source
         #
         # @return [Array<Mihari::Artifact>]
         #
-        def to_artifacts(source = "Shodan")
+        def to_artifacts
           matches.map do |match|
             metadata = collect_metadata_by_ip(match.ip_str)
             ports = collect_ports_by_ip(match.ip_str).map do |port|
@@ -124,7 +202,6 @@ module Mihari
 
             Mihari::Artifact.new(
               data: match.ip_str,
-              source: source,
               metadata: metadata,
               autonomous_system: match.to_asn,
               geolocation: match.location.to_geolocation,
@@ -134,6 +211,11 @@ module Mihari
           end
         end
 
+        #
+        # @param [Hash] d
+        #
+        # @return [Result]
+        #
         def self.from_dynamic!(d)
           d = Types::Hash[d]
           new(
@@ -151,6 +233,53 @@ module Mihari
         attribute :tags, Types.Array(Types::String)
         attribute :vulns, Types.Array(Types::String)
 
+        #
+        # @return [String]
+        #
+        def ip
+          attributes[:ip]
+        end
+
+        #
+        # @return [Array<Integer>]
+        #
+        def ports
+          attributes[:ports]
+        end
+
+        #
+        # @return [Array<String>]
+        #
+        def cpes
+          attributes[:cpes]
+        end
+
+        #
+        # @return [Array<String>]
+        #
+        def hostnames
+          attributes[:hostnames]
+        end
+
+        #
+        # @return [Array<String>]
+        #
+        def tags
+          attributes[:tags]
+        end
+
+        #
+        # @return [Array<String>]
+        #
+        def vulns
+          attributes[:vulns]
+        end
+
+        #
+        # @param [Hash] d
+        #
+        # @return [InternetDBResponse]
+        #
         def self.from_dynamic!(d)
           d = Types::Hash[d]
           new(
@@ -163,6 +292,11 @@ module Mihari
           )
         end
 
+        #
+        # @param [String] json
+        #
+        # @return [InternetDBResponse]
+        #
         def self.from_json!(json)
           from_dynamic!(JSON.parse(json))
         end

data/lib/mihari/structs/urlscan.rb

@@ -8,6 +8,32 @@ module Mihari
         attribute :ip, Types::String.optional
         attribute :url, Types::String
 
+        #
+        # @return [String, nil]
+        #
+        def domain
+          attributes[:domain]
+        end
+
+        #
+        # @return [String, nil]
+        #
+        def ip
+          attributes[:ip]
+        end
+
+        #
+        # @return [String]
+        #
+        def url
+          attributes[:url]
+        end
+
+        #
+        # @param [Hash] d
+        #
+        # @return [Page]
+        #
         def self.from_dynamic!(d)
           d = Types::Hash[d]
           new(
@@ -22,13 +48,58 @@ module Mihari
         attribute :page, Page
         attribute :id, Types::String
         attribute :sort, Types.Array(Types::String | Types::Integer)
+        attribute :metadata, Types::Hash
+
+        #
+        # @return [Page]
+        #
+        def page
+          attributes[:page]
+        end
+
+        #
+        # @return [String]
+        #
+        def id
+          attributes[:id]
+        end
+
+        #
+        # @return [Array<String, Integer>]
+        #
+        def sort
+          attributes[:sort]
+        end
+
+        #
+        # @return [Array<String, Integer>]
+        #
+        def metadata
+          attributes[:metadata]
+        end
 
+        #
+        # @return [Array<Mihari::Artifact>]
+        #
+        def to_artifacts
+          values = [page.url, page.domain, page.ip].compact
+          values.map do |value|
+            Mihari::Artifact.new(data: value, metadata: metadata)
+          end
+        end
+
+        #
+        # @param [Hash] d
+        #
+        # @return [Result]
+        #
         def self.from_dynamic!(d)
           d = Types::Hash[d]
           new(
             page: Page.from_dynamic!(d.fetch("page")),
             id: d.fetch("_id"),
-            sort: d.fetch("sort")
+            sort: d.fetch("sort"),
+            metadata: d
           )
         end
       end
@@ -37,6 +108,32 @@ module Mihari
         attribute :results, Types.Array(Result)
         attribute :has_more, Types::Bool
 
+        #
+        # @return [Array<Result>]
+        #
+        def results
+          attributes[:results]
+        end
+
+        #
+        # @return [Boolean]
+        #
+        def has_more
+          attributes[:has_more]
+        end
+
+        #
+        # @return [Array<Mihari::Artifact>]
+        #
+        def to_artifacts
+          results.map(&:to_artifacts).flatten
+        end
+
+        #
+        # @param [Hash] d
+        #
+        # @return [Response]
+        #
         def self.from_dynamic!(d)
           d = Types::Hash[d]
           new(

data/lib/mihari/structs/virustotal_intelligence.rb

@@ -6,6 +6,18 @@ module Mihari
       class ContextAttributes < Dry::Struct
         attribute :url, Types::String.optional
 
+        #
+        # @return [String, nil]
+        #
+        def url
+          attributes[:url]
+        end
+
+        #
+        # @param [Hash] d
+        #
+        # @return [ContextAttributes]
+        #
         def self.from_dynamic!(d)
           d = Types::Hash[d]
           new(
@@ -20,6 +32,37 @@ module Mihari
         attribute :context_attributes, ContextAttributes.optional
         attribute :metadata, Types::Hash
 
+        #
+        # @return [String]
+        #
+        def type
+          attributes[:type]
+        end
+
+        #
+        # @return [String]
+        #
+        def id
+          attributes[:id]
+        end
+
+        #
+        # @return [ContextAttributes, nil]
+        #
+        def context_attributes
+          attributes[:context_attributes]
+        end
+
+        #
+        # @return [Hash, nil]
+        #
+        def metadata
+          attributes[:metadata]
+        end
+
+        #
+        # @return [String, nil]
+        #
         def value
           case type
           when "file"
@@ -33,11 +76,25 @@ module Mihari
           end
         end
 
+        #
+        # @return [Mihari::Artifact]
+        #
+        def to_artifact
+          Artifact.new(data: value, metadata: metadata)
+        end
+
+        #
+        # @param [Hash] d
+        #
+        # @return [Datum]
+        #
         def self.from_dynamic!(d)
           d = Types::Hash[d]
 
           context_attributes = nil
-          context_attributes = ContextAttributes.from_dynamic!(d.fetch("context_attributes")) if d.key?("context_attributes")
+          if d.key?("context_attributes")
+            context_attributes = ContextAttributes.from_dynamic!(d.fetch("context_attributes"))
+          end
 
           new(
             type: d.fetch("type"),
@@ -51,6 +108,18 @@ module Mihari
       class Meta < Dry::Struct
         attribute :cursor, Types::String.optional
 
+        #
+        # @return [String, nil]
+        #
+        def cursor
+          attributes[:cursor]
+        end
+
+        #
+        # @param [Hash] d
+        #
+        # @return [Meta]
+        #
         def self.from_dynamic!(d)
           d = Types::Hash[d]
           new(
@@ -63,6 +132,32 @@ module Mihari
         attribute :meta, Meta
         attribute :data, Types.Array(Datum)
 
+        #
+        # @return [Meta]
+        #
+        def meta
+          attributes[:meta]
+        end
+
+        #
+        # @return [Array<Datum>]
+        #
+        def data
+          attributes[:data]
+        end
+
+        #
+        # @return [Array<Mihari::Artifact>]
+        #
+        def to_artifacts
+          data.map(&:to_artifact)
+        end
+
+        #
+        # @param [Hash] d
+        #
+        # @return [Response]
+        #
         def self.from_dynamic!(d)
           d = Types::Hash[d]
           new(

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "5.2.0"
+  VERSION = "5.2.2"
 end

data/lib/mihari/web/app.rb

@@ -44,7 +44,7 @@ module Mihari
         end.to_app
       end
 
-      def run!(port: 9292, host: "localhost", threads: "0:5", verbose: false, worker_timeout: 60)
+      def run!(port: 9292, host: "localhost", threads: "0:5", verbose: false, worker_timeout: 60, open: true)
         url = "http://#{host}:#{port}"
 
         # set maximum number of threads to use as PARALLEL_PROCESSOR_COUNT (if it is not set)
@@ -60,7 +60,7 @@ module Mihari
           Verbose: verbose,
           worker_timeout: worker_timeout
         ) do |_|
-          Launchy.open(url) if ENV["RACK_ENV"] != "development"
+          Launchy.open(url) if ENV["RACK_ENV"] != "development" && open
         rescue Launchy::CommandNotFoundError
           # ref. https://github.com/ninoseki/mihari/issues/477
           # do nothing