mihari 5.2.1 → 5.2.3

data/mihari.gemspec

@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features|images|docker|.github)/}) }
   end
   spec.bindir = "exe"
   spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
@@ -34,28 +34,29 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 2.4"
   spec.add_development_dependency "coveralls_reborn", "~> 0.27"
-  spec.add_development_dependency "fakefs", "~> 2.4"
+  spec.add_development_dependency "fakefs", "~> 2.5"
   spec.add_development_dependency "fuubar", "~> 2.5"
   spec.add_development_dependency "mysql2", "~> 0.5"
-  spec.add_development_dependency "pg", "~> 1.4"
+  spec.add_development_dependency "pg", "~> 1.5"
   spec.add_development_dependency "rack-test", "~> 2.1"
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rb-fsevent", "~> 0.11"
   spec.add_development_dependency "rerun", "~> 0.14"
   spec.add_development_dependency "rspec", "~> 3.12"
   spec.add_development_dependency "simplecov-lcov", "~> 0.8.0"
-  spec.add_development_dependency "standard", "~> 1.27"
+  spec.add_development_dependency "standard", "~> 1.28"
   spec.add_development_dependency "timecop", "~> 0.9"
   spec.add_development_dependency "vcr", "~> 6.1"
   spec.add_development_dependency "webmock", "~> 3.18"
 
   unless ci_env?
     spec.add_development_dependency "overcommit", "~> 0.60"
-    spec.add_development_dependency "ruby-lsp", "~> 0.4"
-    spec.add_development_dependency "steep", "~> 1.3"
+    spec.add_development_dependency "ruby-lsp", "~> 0.5"
+    spec.add_development_dependency "solargraph", "~> 0.49"
+    spec.add_development_dependency "steep", "~> 1.4"
   end
 
-  spec.add_dependency "activerecord", "7.0.4.3"
+  spec.add_dependency "activerecord", "7.0.5"
   spec.add_dependency "addressable", "2.8.4"
   spec.add_dependency "awrence", "2.0.1"
   spec.add_dependency "dotenv", "2.8.1"
@@ -69,7 +70,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "email_address", "0.2.4"
   spec.add_dependency "grape", "1.7.0"
   spec.add_dependency "grape-entity", "1.0.0"
-  spec.add_dependency "grape-swagger", "1.6.0"
+  spec.add_dependency "grape-swagger", "1.6.1"
   spec.add_dependency "grape-swagger-entity", "0.5.1"
   spec.add_dependency "insensitive_hash", "0.3.3"
   spec.add_dependency "jr-cli", "0.6.0"
@@ -87,8 +88,8 @@ Gem::Specification.new do |spec|
   spec.add_dependency "semantic_logger", "4.13.0"
   spec.add_dependency "sentry-ruby", "5.9.0"
   spec.add_dependency "slack-notifier", "2.4.0"
-  spec.add_dependency "sqlite3", "1.6.2"
-  spec.add_dependency "thor", "1.2.1"
+  spec.add_dependency "sqlite3", "1.6.3"
+  spec.add_dependency "thor", "1.2.2"
   spec.add_dependency "uuidtools", "2.2.0"
   spec.add_dependency "whois", "5.1.0"
   spec.add_dependency "whois-parser", "2.0.0"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 5.2.1
+  version: 5.2.3
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-04-23 00:00:00.000000000 Z
+date: 2023-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.4'
+        version: '2.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.4'
+        version: '2.5'
 - !ruby/object:Gem::Dependency
   name: fuubar
   requirement: !ruby/object:Gem::Requirement
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.4'
+        version: '1.5'
 - !ruby/object:Gem::Dependency
   name: rack-test
   requirement: !ruby/object:Gem::Requirement
@@ -184,14 +184,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.27'
+        version: '1.28'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.27'
+        version: '1.28'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -254,42 +254,56 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: '0.5'
+- !ruby/object:Gem::Dependency
+  name: solargraph
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
 - !ruby/object:Gem::Dependency
   name: steep
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.4.3
+        version: 7.0.5
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 7.0.4.3
+        version: 7.0.5
 - !ruby/object:Gem::Dependency
   name: addressable
   requirement: !ruby/object:Gem::Requirement
@@ -478,14 +492,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 1.6.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.0
+        version: 1.6.1
 - !ruby/object:Gem::Dependency
   name: grape-swagger-entity
   requirement: !ruby/object:Gem::Requirement
@@ -730,28 +744,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: 1.6.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.2
+        version: 1.6.3
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.2.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.2.1
+        version: 1.2.2
 - !ruby/object:Gem::Dependency
   name: uuidtools
   requirement: !ruby/object:Gem::Requirement
@@ -802,9 +816,6 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/ISSUE_TEMPLATE/bug_report.md"
-- ".github/ISSUE_TEMPLATE/feature_request.md"
-- ".github/workflows/test.yml"
 - ".gitignore"
 - ".gitmodules"
 - ".overcommit.yml"
@@ -820,19 +831,7 @@ files:
 - bin/setup
 - build_frontend.sh
 - config.ru
-- config/pre_commit.yml
-- docker/Dockerfile
-- examples/ipinfo_hosted_domains.rb
 - exe/mihari
-- images/Tines-Full_Logo-Tines_Black.png
-- images/alert.png
-- images/logo.png
-- images/misp.png
-- images/overview.jpg
-- images/slack.png
-- images/tines.png
-- images/web_alerts.png
-- images/web_config.png
 - lib/mihari.rb
 - lib/mihari/analyzers/base.rb
 - lib/mihari/analyzers/binaryedge.rb
@@ -877,7 +876,7 @@ files:
 - lib/mihari/clients/zoomeye.rb
 - lib/mihari/commands/database.rb
 - lib/mihari/commands/rule.rb
-- lib/mihari/commands/searcher.rb
+- lib/mihari/commands/search.rb
 - lib/mihari/commands/version.rb
 - lib/mihari/commands/web.rb
 - lib/mihari/constants.rb

data/.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,43 +0,0 @@
----
-name: Bug report
-about: Create a bug report to help us improve
-title: "[BUG]"
-labels: bug
-assignees: ''
-
----
-
-<!--
-Thank you for taking the time to report a bug.
-Please make sure there is no existing issue about this kind of bug.
--->
-
-### **Describe the bug**
-
-A clear and concise description of what the bug is.
-
-### **Steps to reproduce**
-
-- ...
-
-### **Expected behavior**
-
-A clear and concise description of what you expected to happen.
-
-### **Actual behavior**
-
-A clear and concise description of what actually happened.
-
-### **Screenshots**
-
-Add screenshots to help explain your problem.
-
-### **System Information:**
-
-- OS: [e.g. Windows10]
-- Ruby version: [e.g. 3.0]
-- Mihari version: [e.g. 2.0.0]
-
-### **Additional context**
-
-Add any other context about the problem here.

data/.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,15 +0,0 @@
----
-name: Feature request
-about: Suggest a new Feature for Mihari
-title: "[Feature Request]"
-labels: enhancement
-assignees: ''
-
----
-<!--
-
-1. Make sure your requested feature makes sense for Mihari.
-
-2. If you want to suggest a new integration of a service, please provide detailed information of it. (e.g. API docs)
-
--->

data/.github/workflows/test.yml

@@ -1,90 +0,0 @@
-name: Ruby CI
-
-on:
-  push:
-    branches: [master]
-  pull_request:
-    branches: [master]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-
-    services:
-      postgres:
-        image: postgres:12
-        env:
-          POSTGRES_USER: postgres
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_DB: test
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-        ports:
-          - 5432:5432
-
-      mysql:
-        image: mysql:8.0
-        env:
-          MYSQL_USER: mysql
-          MYSQL_PASSWORD: mysql
-          MYSQL_DATABASE: test
-          MYSQL_ROOT_PASSWORD: rootpassword
-        ports:
-          - 3306:3306
-        options: >-
-          --health-cmd="mysqladmin ping"
-          --health-interval=10s
-          --health-timeout=5s
-          --health-retries=3
-
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby: [2.7, "3.0", 3.1, 3.2]
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Install dependencies
-        run: |
-          sudo apt-get -yqq install libpq-dev libmysqlclient-dev
-
-      - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: ${{ matrix.ruby }}
-          bundler: latest
-          bundler-cache: true
-
-      - name: Test with PostgreSQL
-        env:
-          DATABASE: postgresql://postgres:postgres@localhost:5432/test
-        run: |
-          bundle exec rake
-
-      - name: Test with MySQL
-        env:
-          DATABASE: mysql2://mysql:mysql@127.0.0.1:3306/test
-        run: |
-          bundle exec rake
-
-      - name: Coveralls Parallel
-        uses: coverallsapp/github-action@master
-        with:
-          github-token: ${{ secrets.github_token }}
-          flag-name: run-${{ matrix.ruby-version }}
-          parallel: true
-
-  coverage:
-    name: Coverage
-    needs: test
-    runs-on: ubuntu-latest
-    steps:
-      - name: Coveralls Finished
-        uses: coverallsapp/github-action@master
-        with:
-          github-token: ${{ secrets.github_token }}
-          parallel-finished: true

data/config/pre_commit.yml

@@ -1,3 +0,0 @@
----
-:checks_add:
-  - :rubocop

data/docker/Dockerfile

@@ -1,14 +0,0 @@
-FROM ruby:3.1.3-alpine3.17
-
-RUN apk --no-cache add git build-base ruby-dev sqlite-dev postgresql-dev mysql-client mysql-dev && \
-  gem install pg mysql2
-
-ARG MIHARI_VERSION=5.1.0
-
-RUN gem install mihari -v ${MIHARI_VERSION}
-
-RUN apk del --purge git build-base ruby-dev
-
-ENTRYPOINT ["mihari"]
-
-CMD ["--help"]

data/examples/ipinfo_hosted_domains.rb

@@ -1,45 +0,0 @@
-# frozen_string_literal: true
-
-$LOAD_PATH.unshift("#{__dir__}/../lib")
-
-require "json"
-require "mihari"
-require "open-uri"
-
-module Mihari
-  module Analyzers
-    class HostedDomains < Base
-      attr_reader :ip
-
-      IPINFO_API_ENDPOINT = "https://ipinfo.io"
-
-      def initialize(ip, token: nil)
-        @ip = ip
-        @token = token
-      end
-
-      def title
-        "IPinfo hosted domains"
-      end
-
-      def description
-        "IP info hosted domains: #{ip}"
-      end
-
-      def token
-        ENV["IPINFO_TOKEN"] || @token
-      end
-
-      def artifacts
-        uri = URI("#{IPINFO_API_ENDPOINT}/domains/#{ip}?token=#{token}")
-        res = uri.read
-        json = JSON.parse(res)
-        json["domains"] || []
-      end
-    end
-  end
-end
-
-ip = "TARGET_IP"
-analyzer = Mihari::Analyzers::HostedDomains.new(ip)
-analyzer.run

data/lib/mihari/commands/searcher.rb

@@ -1,61 +0,0 @@
-# frozen_string_literal: true
-
-module Mihari
-  module Commands
-    module Searcher
-      include Mixins::ErrorNotification
-
-      def self.included(thor)
-        thor.class_eval do
-          desc "search [PATH]", "Search by a rule"
-          method_option :force_overwrite, type: :boolean, aliases: "-f", desc: "Force an overwrite the rule"
-          #
-          # Search by a rule
-          #
-          # @param [String] path_or_id
-          #
-          def search(path_or_id)
-            Mihari::Database.with_db_connection do
-              rule = Structs::Rule.from_path_or_id path_or_id
-
-              # validate
-              begin
-                rule.validate!
-              rescue RuleValidationError
-                return
-              end
-
-              force_overwrite = options["force_overwrite"] || false
-
-              begin
-                rule_model = Mihari::Rule.find(rule.id)
-                has_change = rule_model.data != rule.data.deep_stringify_keys
-                has_change_and_not_force_overwrite = has_change & !force_overwrite
-
-                if has_change_and_not_force_overwrite && !yes?("This operation will overwrite the rule in the database (Rule ID: #{rule.id}). Are you sure you want to update the rule? (y/n)")
-                  return
-                end
-
-                # update the rule
-                rule.model.save
-              rescue ActiveRecord::RecordNotFound
-                # create a new rule
-                rule.model.save
-              end
-
-              with_error_notification do
-                alert = rule.analyzer.run
-                if alert
-                  data = Mihari::Entities::Alert.represent(alert)
-                  puts JSON.pretty_generate(data.as_json)
-                else
-                  Mihari.logger.info "There is no new alert created in the database"
-                end
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end