mihari 5.2.2 → 5.2.4

data/frontend/src/types.ts

@@ -0,0 +1,188 @@
+export interface Pagination {
+  total: number;
+  currentPage: number;
+  pageSize: number;
+}
+
+export interface ConfigValue {
+  key: string;
+  value: string | null;
+}
+
+export interface Config {
+  name: string;
+  isConfigured: boolean;
+  values: ConfigValue[];
+  type: string;
+}
+
+export interface Tag {
+  name: string;
+}
+
+export interface Tags {
+  tags: string[];
+}
+
+export interface RuleSet {
+  ruleIds: string[];
+}
+
+export interface DnsRecord {
+  resource: string;
+  value: string;
+}
+
+export interface Contact {
+  name: string | null;
+  organization: string | null;
+}
+
+export interface Registrar {
+  name: string | null;
+  organization: string | null;
+}
+
+export interface WhoisRecord {
+  createdOn: Date | null;
+  updatedOn: Date | null;
+  expiresOn: Date | null;
+  registrar: Registrar | null;
+  contacts: Contact[];
+}
+
+export interface AutonomousSystem {
+  asn: number;
+}
+
+export interface Geolocation {
+  country: string;
+  countryCode: string;
+}
+
+export interface ReverseDnsName {
+  name: string;
+}
+
+export interface CPE {
+  cpe: string;
+}
+
+export interface Port {
+  port: string;
+}
+
+export interface Artifact {
+  id: string;
+  data: string;
+  dataType: string;
+  source: string;
+  metadata: unknown | null;
+  createdAt: string;
+
+  autonomousSystem: AutonomousSystem | null;
+  whoisRecord: WhoisRecord | null;
+  geolocation: Geolocation | null;
+
+  dnsRecords: DnsRecord[] | null;
+  reverseDnsNames: ReverseDnsName[] | null;
+  cpes: CPE[] | null;
+  ports: Port[] | null;
+}
+
+export interface ArtifactWithTags extends Artifact {
+  tags: string[];
+}
+
+export interface Alert {
+  id: string;
+  ruleId: string;
+  createdAt: string;
+
+  tags: Tag[];
+  artifacts: Artifact[];
+}
+
+export interface Alerts extends Pagination {
+  alerts: Alert[];
+}
+
+export interface PaginationParams {
+  page: number | undefined;
+}
+
+export interface AlertSearchParams extends PaginationParams {
+  artifact: string | undefined;
+  ruleId: string | undefined;
+  tag: string | undefined;
+  fromAt: string | undefined;
+  toAt: string | undefined;
+}
+
+export interface IPInfo {
+  ip: string;
+  hostname: string | null;
+  loc: string;
+  countryCode: string;
+  asn: string;
+}
+
+export interface GCS {
+  lat: number;
+  long: number;
+}
+
+export interface Country {
+  name: string;
+  code: string;
+  lat: number;
+  long: number;
+}
+
+export type LinkType = "ip" | "domain" | "url" | "hash";
+
+export interface Link {
+  name: string;
+  type: string;
+  baseURL: string;
+  // eslint-disable-next-line no-unused-vars
+  href(data: string): string;
+  favicon(): string;
+}
+
+export interface Rule {
+  id: string;
+  title: string;
+  description: string;
+  yaml: string;
+  createdAt: string;
+  updatedAt: string;
+  tags: Tag[];
+}
+
+export interface CreateRule {
+  yaml: string;
+}
+
+export interface UpdateRule {
+  id: string;
+  yaml: string;
+}
+
+export interface Query {
+  analyzer: string;
+  query: string;
+  interval: null;
+}
+
+export interface Rules extends Pagination {
+  rules: Rule[];
+}
+
+export interface RuleSearchParams extends PaginationParams {
+  description: string | undefined;
+  tag: string | undefined;
+  title: string | undefined;
+  fromAt: string | undefined;
+  toAt: string | undefined;
+}

data/frontend/src/utils.ts

@@ -0,0 +1,60 @@
+import dayjs from "dayjs";
+import relativeTime from "dayjs/plugin/relativeTime";
+import timezone from "dayjs/plugin/timezone";
+import utc from "dayjs/plugin/utc";
+import { LocationQueryValue } from "vue-router";
+
+import { getCountryByCode } from "@/countries";
+import { GCS, IPInfo } from "@/types";
+
+dayjs.extend(relativeTime);
+dayjs.extend(timezone);
+dayjs.extend(utc);
+
+export function getLocalDatetime(datetime: string): string {
+  return dayjs(datetime).local().format("YYYY-MM-DD HH:mm:ss");
+}
+
+export function getHumanizedRelativeTime(datetime: string): string {
+  return dayjs(datetime).local().fromNow();
+}
+
+export function getGCSByCountryCode(countryCode: string): GCS | undefined {
+  const country = getCountryByCode(countryCode);
+  if (country !== undefined) {
+    return { lat: country.lat, long: country.long };
+  }
+}
+
+export function getGCSByIPInfo(ipinfo: IPInfo): GCS | undefined {
+  if (ipinfo.loc !== undefined) {
+    const numbers = ipinfo.loc.split(",");
+    if (numbers.length === 2) {
+      const lat = numbers[0];
+      const long = numbers[1];
+
+      return { lat: parseFloat(lat), long: parseFloat(long) };
+    }
+  }
+  return getGCSByCountryCode(ipinfo.countryCode);
+}
+
+export function normalizeQueryParam(
+  param:
+    | undefined
+    | null
+    | string
+    | string[]
+    | LocationQueryValue
+    | LocationQueryValue[]
+): string | undefined {
+  if (param === undefined || param === null) {
+    return undefined;
+  }
+
+  if (typeof param === "string") {
+    return param;
+  }
+
+  return param.toString();
+}

data/frontend/src/views/Alerts.vue

@@ -0,0 +1,20 @@
+<template>
+  <Alerts></Alerts>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent } from "vue";
+
+import Alerts from "@/components/alert/AlertsWrapper.vue";
+
+export default defineComponent({
+  name: "AlertsView",
+  components: {
+    Alerts,
+  },
+  setup() {
+    useTitle("Alerts - Mihari");
+  },
+});
+</script>

data/frontend/src/views/Artifact.vue

@@ -0,0 +1,44 @@
+<template>
+  <Artifact :id="artifactId"></Artifact>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent, onMounted, ref, watch } from "vue";
+
+import Artifact from "@/components/artifact/ArtifactWrapper.vue";
+
+export default defineComponent({
+  name: "ArtifactView",
+  components: {
+    Artifact,
+  },
+  props: {
+    id: {
+      type: String,
+      required: true,
+    },
+  },
+  setup(props) {
+    const artifactId = ref<string>(props.id);
+
+    const updateTitle = () => {
+      useTitle(`Artifact:${artifactId.value} - Mihari`);
+    };
+
+    onMounted(() => {
+      updateTitle();
+    });
+
+    watch(
+      () => props.id,
+      () => {
+        artifactId.value = props.id;
+        updateTitle();
+      }
+    );
+
+    return { artifactId };
+  },
+});
+</script>

data/frontend/src/views/Configs.vue

@@ -0,0 +1,20 @@
+<template>
+  <Configs></Configs>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent } from "vue";
+
+import Configs from "@/components/config/ConfigsWrapper.vue";
+
+export default defineComponent({
+  name: "ConfigView",
+  components: {
+    Configs,
+  },
+  setup() {
+    useTitle("Config - Mihari");
+  },
+});
+</script>

data/frontend/src/views/EditRule.vue

@@ -0,0 +1,44 @@
+<template>
+  <EditRule :id="id"></EditRule>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent, onMounted, ref, watch } from "vue";
+
+import EditRule from "@/components/rule/EditRuleWrapper.vue";
+
+export default defineComponent({
+  name: "EditRuleView",
+  components: {
+    EditRule,
+  },
+  props: {
+    id: {
+      type: String,
+      required: true,
+    },
+  },
+  setup(props) {
+    const ruleId = ref<string>(props.id);
+
+    const updateTitle = () => {
+      useTitle(`Edit rule:${ruleId.value} - Mihari`);
+    };
+
+    onMounted(() => {
+      updateTitle();
+    });
+
+    watch(
+      () => props.id,
+      () => {
+        ruleId.value = props.id;
+        updateTitle();
+      }
+    );
+
+    return { ruleId };
+  },
+});
+</script>

data/frontend/src/views/NewRule.vue

@@ -0,0 +1,26 @@
+<template>
+  <NewRule></NewRule>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent, onMounted } from "vue";
+
+import NewRule from "@/components/rule/NewRule.vue";
+
+export default defineComponent({
+  name: "NewRuleView",
+  components: {
+    NewRule,
+  },
+  setup() {
+    const updateTitle = () => {
+      useTitle(`New rule - Mihari`);
+    };
+
+    onMounted(() => {
+      updateTitle();
+    });
+  },
+});
+</script>

data/frontend/src/views/Rule.vue

@@ -0,0 +1,44 @@
+<template>
+  <Rule :id="ruleId"></Rule>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent, onMounted, ref, watch } from "vue";
+
+import Rule from "@/components/rule/RuleWrapper.vue";
+
+export default defineComponent({
+  name: "RuleView",
+  components: {
+    Rule,
+  },
+  props: {
+    id: {
+      type: String,
+      required: true,
+    },
+  },
+  setup(props) {
+    const ruleId = ref<string>(props.id);
+
+    const updateTitle = () => {
+      useTitle(`Rule:${ruleId.value} - Mihari`);
+    };
+
+    onMounted(() => {
+      updateTitle();
+    });
+
+    watch(
+      () => props.id,
+      () => {
+        ruleId.value = props.id;
+        updateTitle();
+      }
+    );
+
+    return { ruleId };
+  },
+});
+</script>

data/frontend/src/views/Rules.vue

@@ -0,0 +1,20 @@
+<template>
+  <Rules></Rules>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent } from "vue";
+
+import Rules from "@/components/rule/RulesWrapper.vue";
+
+export default defineComponent({
+  name: "RulesView",
+  components: {
+    Rules,
+  },
+  setup() {
+    useTitle("Rules - Mihari");
+  },
+});
+</script>

data/frontend/tests/unit/utils.spec.ts

@@ -0,0 +1,7 @@
+import { getHumanizedRelativeTime } from "@/utils";
+
+describe("getHumanizedRelativeTime", () => {
+  it("returns a relative time in humanized format", () => {
+    expect(getHumanizedRelativeTime("1970-01-01 00:00:00")).toContain("years");
+  });
+});

data/frontend/tsconfig.json

@@ -0,0 +1,40 @@
+{
+  "compilerOptions": {
+    "target": "esnext",
+    "module": "esnext",
+    "strict": true,
+    "jsx": "preserve",
+    "importHelpers": true,
+    "moduleResolution": "node",
+    "skipLibCheck": true,
+    "esModuleInterop": true,
+    "allowSyntheticDefaultImports": true,
+    "sourceMap": true,
+    "baseUrl": ".",
+    "types": [
+      "webpack-env",
+      "jest"
+    ],
+    "paths": {
+      "@/*": [
+        "src/*"
+      ]
+    },
+    "lib": [
+      "esnext",
+      "dom",
+      "dom.iterable",
+      "scripthost"
+    ]
+  },
+  "include": [
+    "src/**/*.ts",
+    "src/**/*.tsx",
+    "src/**/*.vue",
+    "tests/**/*.ts",
+    "tests/**/*.tsx"
+  ],
+  "exclude": [
+    "node_modules"
+  ]
+}

data/frontend/vite.config.js

@@ -0,0 +1,24 @@
+import vue from "@vitejs/plugin-vue";
+import path from "path";
+import { defineConfig, loadEnv } from "vite";
+
+export default defineConfig(({ _, mode }) => {
+  const env = loadEnv(mode, process.cwd(), "");
+  const target = env.BACKEND_URL || "http://localhost:9292/";
+  const port = env.port || 8080;
+
+  return {
+    plugins: [vue()],
+    server: {
+      port,
+      proxy: {
+        "/api": target,
+      },
+    },
+    resolve: {
+      alias: {
+        "@": path.resolve(__dirname, "./src"),
+      },
+    },
+  };
+});

data/lefthook.yml

@@ -0,0 +1,10 @@
+pre-commit:
+  parallel: true
+  commands:
+    standard:
+      glob: "*.rb"
+      run: bundle exec standardrb --fix {staged_files} && git add {staged_files}
+    eslint:
+      root: "frontend/"
+      glob: "*.{js,ts,vue}"
+      run: npx eslint --fix {staged_files} && git add {staged_files}

data/lib/mihari/analyzers/base.rb

@@ -35,17 +35,34 @@ module Mihari
         end
       end
 
-      # @return [String]
-      def source
-        self.class.to_s.split("::").last.to_s
-      end
-
       # @return [String]
       def class_name
         self.class.to_s.split("::").last
       end
 
+      alias_method :source, :class_name
+
       class << self
+        #
+        # Initialize an analyzer by query params
+        #
+        # @param [Hash] params
+        #
+        # @return [Mihari::Analyzers::Base]
+        #
+        def from_query(params)
+          # get options and set default value as an empty hash
+          options = params[:options] || {}
+
+          # set interval in the top level
+          interval = options[:interval]
+          params[:interval] = interval if interval
+
+          query = params[:query]
+
+          new(query, **params)
+        end
+
         def inherited(child)
           super
           Mihari.analyzers << child

data/lib/mihari/analyzers/binaryedge.rb

@@ -42,7 +42,6 @@ module Mihari
       #
       # Search with pagination
       #
-      # @param [String] query
       # @param [Integer] page
       #
       # @return [Hash]

data/lib/mihari/analyzers/censys.rb

@@ -37,7 +37,12 @@ module Mihari
           response = client.search(query, cursor: cursor)
           artifacts << response.result.to_artifacts
           cursor = response.result.links.next
-          break if cursor.nil?
+          # NOTE: Censys's search API is unstable recently
+          # it may returns empty links or empty string cursors
+          # - Empty links: "links": {}
+          # - Empty cursors: "links": { "next": "", "prev": "" }
+          # So it needs to check both cases
+          break if cursor.nil? || cursor.empty?
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
           sleep interval
@@ -50,7 +55,7 @@ module Mihari
       # @return [Boolean]
       #
       def configured?
-        configuration_keys.all? { |key| Mihari.config.send(key) } || (id? && secret?)
+        configuration_keys? || (id? && secret?)
       end
 
       private

data/lib/mihari/analyzers/circl.rb

@@ -41,7 +41,7 @@ module Mihari
       end
 
       def configured?
-        configuration_keys.all? { |key| Mihari.config.send(key) } || (username? && password?)
+        configuration_keys? || (username? && password?)
       end
 
       private

data/lib/mihari/analyzers/passivetotal.rb

@@ -43,7 +43,7 @@ module Mihari
       end
 
       def configured?
-        configuration_keys.all? { |key| Mihari.config.send(key) } || (username? && api_key?)
+        configuration_keys? || (username? && api_key?)
       end
 
       private