mihari 5.2.3 → 5.2.4

data/frontend/src/types.ts

@@ -0,0 +1,188 @@
+export interface Pagination {
+  total: number;
+  currentPage: number;
+  pageSize: number;
+}
+
+export interface ConfigValue {
+  key: string;
+  value: string | null;
+}
+
+export interface Config {
+  name: string;
+  isConfigured: boolean;
+  values: ConfigValue[];
+  type: string;
+}
+
+export interface Tag {
+  name: string;
+}
+
+export interface Tags {
+  tags: string[];
+}
+
+export interface RuleSet {
+  ruleIds: string[];
+}
+
+export interface DnsRecord {
+  resource: string;
+  value: string;
+}
+
+export interface Contact {
+  name: string | null;
+  organization: string | null;
+}
+
+export interface Registrar {
+  name: string | null;
+  organization: string | null;
+}
+
+export interface WhoisRecord {
+  createdOn: Date | null;
+  updatedOn: Date | null;
+  expiresOn: Date | null;
+  registrar: Registrar | null;
+  contacts: Contact[];
+}
+
+export interface AutonomousSystem {
+  asn: number;
+}
+
+export interface Geolocation {
+  country: string;
+  countryCode: string;
+}
+
+export interface ReverseDnsName {
+  name: string;
+}
+
+export interface CPE {
+  cpe: string;
+}
+
+export interface Port {
+  port: string;
+}
+
+export interface Artifact {
+  id: string;
+  data: string;
+  dataType: string;
+  source: string;
+  metadata: unknown | null;
+  createdAt: string;
+
+  autonomousSystem: AutonomousSystem | null;
+  whoisRecord: WhoisRecord | null;
+  geolocation: Geolocation | null;
+
+  dnsRecords: DnsRecord[] | null;
+  reverseDnsNames: ReverseDnsName[] | null;
+  cpes: CPE[] | null;
+  ports: Port[] | null;
+}
+
+export interface ArtifactWithTags extends Artifact {
+  tags: string[];
+}
+
+export interface Alert {
+  id: string;
+  ruleId: string;
+  createdAt: string;
+
+  tags: Tag[];
+  artifacts: Artifact[];
+}
+
+export interface Alerts extends Pagination {
+  alerts: Alert[];
+}
+
+export interface PaginationParams {
+  page: number | undefined;
+}
+
+export interface AlertSearchParams extends PaginationParams {
+  artifact: string | undefined;
+  ruleId: string | undefined;
+  tag: string | undefined;
+  fromAt: string | undefined;
+  toAt: string | undefined;
+}
+
+export interface IPInfo {
+  ip: string;
+  hostname: string | null;
+  loc: string;
+  countryCode: string;
+  asn: string;
+}
+
+export interface GCS {
+  lat: number;
+  long: number;
+}
+
+export interface Country {
+  name: string;
+  code: string;
+  lat: number;
+  long: number;
+}
+
+export type LinkType = "ip" | "domain" | "url" | "hash";
+
+export interface Link {
+  name: string;
+  type: string;
+  baseURL: string;
+  // eslint-disable-next-line no-unused-vars
+  href(data: string): string;
+  favicon(): string;
+}
+
+export interface Rule {
+  id: string;
+  title: string;
+  description: string;
+  yaml: string;
+  createdAt: string;
+  updatedAt: string;
+  tags: Tag[];
+}
+
+export interface CreateRule {
+  yaml: string;
+}
+
+export interface UpdateRule {
+  id: string;
+  yaml: string;
+}
+
+export interface Query {
+  analyzer: string;
+  query: string;
+  interval: null;
+}
+
+export interface Rules extends Pagination {
+  rules: Rule[];
+}
+
+export interface RuleSearchParams extends PaginationParams {
+  description: string | undefined;
+  tag: string | undefined;
+  title: string | undefined;
+  fromAt: string | undefined;
+  toAt: string | undefined;
+}

data/frontend/src/utils.ts

@@ -0,0 +1,60 @@
+import dayjs from "dayjs";
+import relativeTime from "dayjs/plugin/relativeTime";
+import timezone from "dayjs/plugin/timezone";
+import utc from "dayjs/plugin/utc";
+import { LocationQueryValue } from "vue-router";
+
+import { getCountryByCode } from "@/countries";
+import { GCS, IPInfo } from "@/types";
+
+dayjs.extend(relativeTime);
+dayjs.extend(timezone);
+dayjs.extend(utc);
+
+export function getLocalDatetime(datetime: string): string {
+  return dayjs(datetime).local().format("YYYY-MM-DD HH:mm:ss");
+}
+
+export function getHumanizedRelativeTime(datetime: string): string {
+  return dayjs(datetime).local().fromNow();
+}
+
+export function getGCSByCountryCode(countryCode: string): GCS | undefined {
+  const country = getCountryByCode(countryCode);
+  if (country !== undefined) {
+    return { lat: country.lat, long: country.long };
+  }
+}
+
+export function getGCSByIPInfo(ipinfo: IPInfo): GCS | undefined {
+  if (ipinfo.loc !== undefined) {
+    const numbers = ipinfo.loc.split(",");
+    if (numbers.length === 2) {
+      const lat = numbers[0];
+      const long = numbers[1];
+
+      return { lat: parseFloat(lat), long: parseFloat(long) };
+    }
+  }
+  return getGCSByCountryCode(ipinfo.countryCode);
+}
+
+export function normalizeQueryParam(
+  param:
+    | undefined
+    | null
+    | string
+    | string[]
+    | LocationQueryValue
+    | LocationQueryValue[]
+): string | undefined {
+  if (param === undefined || param === null) {
+    return undefined;
+  }
+
+  if (typeof param === "string") {
+    return param;
+  }
+
+  return param.toString();
+}

data/frontend/src/views/Alerts.vue

@@ -0,0 +1,20 @@
+<template>
+  <Alerts></Alerts>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent } from "vue";
+
+import Alerts from "@/components/alert/AlertsWrapper.vue";
+
+export default defineComponent({
+  name: "AlertsView",
+  components: {
+    Alerts,
+  },
+  setup() {
+    useTitle("Alerts - Mihari");
+  },
+});
+</script>

data/frontend/src/views/Artifact.vue

@@ -0,0 +1,44 @@
+<template>
+  <Artifact :id="artifactId"></Artifact>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent, onMounted, ref, watch } from "vue";
+
+import Artifact from "@/components/artifact/ArtifactWrapper.vue";
+
+export default defineComponent({
+  name: "ArtifactView",
+  components: {
+    Artifact,
+  },
+  props: {
+    id: {
+      type: String,
+      required: true,
+    },
+  },
+  setup(props) {
+    const artifactId = ref<string>(props.id);
+
+    const updateTitle = () => {
+      useTitle(`Artifact:${artifactId.value} - Mihari`);
+    };
+
+    onMounted(() => {
+      updateTitle();
+    });
+
+    watch(
+      () => props.id,
+      () => {
+        artifactId.value = props.id;
+        updateTitle();
+      }
+    );
+
+    return { artifactId };
+  },
+});
+</script>

data/frontend/src/views/Configs.vue

@@ -0,0 +1,20 @@
+<template>
+  <Configs></Configs>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent } from "vue";
+
+import Configs from "@/components/config/ConfigsWrapper.vue";
+
+export default defineComponent({
+  name: "ConfigView",
+  components: {
+    Configs,
+  },
+  setup() {
+    useTitle("Config - Mihari");
+  },
+});
+</script>

data/frontend/src/views/EditRule.vue

@@ -0,0 +1,44 @@
+<template>
+  <EditRule :id="id"></EditRule>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent, onMounted, ref, watch } from "vue";
+
+import EditRule from "@/components/rule/EditRuleWrapper.vue";
+
+export default defineComponent({
+  name: "EditRuleView",
+  components: {
+    EditRule,
+  },
+  props: {
+    id: {
+      type: String,
+      required: true,
+    },
+  },
+  setup(props) {
+    const ruleId = ref<string>(props.id);
+
+    const updateTitle = () => {
+      useTitle(`Edit rule:${ruleId.value} - Mihari`);
+    };
+
+    onMounted(() => {
+      updateTitle();
+    });
+
+    watch(
+      () => props.id,
+      () => {
+        ruleId.value = props.id;
+        updateTitle();
+      }
+    );
+
+    return { ruleId };
+  },
+});
+</script>

data/frontend/src/views/NewRule.vue

@@ -0,0 +1,26 @@
+<template>
+  <NewRule></NewRule>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent, onMounted } from "vue";
+
+import NewRule from "@/components/rule/NewRule.vue";
+
+export default defineComponent({
+  name: "NewRuleView",
+  components: {
+    NewRule,
+  },
+  setup() {
+    const updateTitle = () => {
+      useTitle(`New rule - Mihari`);
+    };
+
+    onMounted(() => {
+      updateTitle();
+    });
+  },
+});
+</script>

data/frontend/src/views/Rule.vue

@@ -0,0 +1,44 @@
+<template>
+  <Rule :id="ruleId"></Rule>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent, onMounted, ref, watch } from "vue";
+
+import Rule from "@/components/rule/RuleWrapper.vue";
+
+export default defineComponent({
+  name: "RuleView",
+  components: {
+    Rule,
+  },
+  props: {
+    id: {
+      type: String,
+      required: true,
+    },
+  },
+  setup(props) {
+    const ruleId = ref<string>(props.id);
+
+    const updateTitle = () => {
+      useTitle(`Rule:${ruleId.value} - Mihari`);
+    };
+
+    onMounted(() => {
+      updateTitle();
+    });
+
+    watch(
+      () => props.id,
+      () => {
+        ruleId.value = props.id;
+        updateTitle();
+      }
+    );
+
+    return { ruleId };
+  },
+});
+</script>

data/frontend/src/views/Rules.vue

@@ -0,0 +1,20 @@
+<template>
+  <Rules></Rules>
+</template>
+
+<script lang="ts">
+import { useTitle } from "@vueuse/core";
+import { defineComponent } from "vue";
+
+import Rules from "@/components/rule/RulesWrapper.vue";
+
+export default defineComponent({
+  name: "RulesView",
+  components: {
+    Rules,
+  },
+  setup() {
+    useTitle("Rules - Mihari");
+  },
+});
+</script>

data/frontend/tests/unit/utils.spec.ts

@@ -0,0 +1,7 @@
+import { getHumanizedRelativeTime } from "@/utils";
+
+describe("getHumanizedRelativeTime", () => {
+  it("returns a relative time in humanized format", () => {
+    expect(getHumanizedRelativeTime("1970-01-01 00:00:00")).toContain("years");
+  });
+});

data/frontend/tsconfig.json

@@ -0,0 +1,40 @@
+{
+  "compilerOptions": {
+    "target": "esnext",
+    "module": "esnext",
+    "strict": true,
+    "jsx": "preserve",
+    "importHelpers": true,
+    "moduleResolution": "node",
+    "skipLibCheck": true,
+    "esModuleInterop": true,
+    "allowSyntheticDefaultImports": true,
+    "sourceMap": true,
+    "baseUrl": ".",
+    "types": [
+      "webpack-env",
+      "jest"
+    ],
+    "paths": {
+      "@/*": [
+        "src/*"
+      ]
+    },
+    "lib": [
+      "esnext",
+      "dom",
+      "dom.iterable",
+      "scripthost"
+    ]
+  },
+  "include": [
+    "src/**/*.ts",
+    "src/**/*.tsx",
+    "src/**/*.vue",
+    "tests/**/*.ts",
+    "tests/**/*.tsx"
+  ],
+  "exclude": [
+    "node_modules"
+  ]
+}

data/frontend/vite.config.js

@@ -0,0 +1,24 @@
+import vue from "@vitejs/plugin-vue";
+import path from "path";
+import { defineConfig, loadEnv } from "vite";
+
+export default defineConfig(({ _, mode }) => {
+  const env = loadEnv(mode, process.cwd(), "");
+  const target = env.BACKEND_URL || "http://localhost:9292/";
+  const port = env.port || 8080;
+
+  return {
+    plugins: [vue()],
+    server: {
+      port,
+      proxy: {
+        "/api": target,
+      },
+    },
+    resolve: {
+      alias: {
+        "@": path.resolve(__dirname, "./src"),
+      },
+    },
+  };
+});

data/lefthook.yml

@@ -0,0 +1,10 @@
+pre-commit:
+  parallel: true
+  commands:
+    standard:
+      glob: "*.rb"
+      run: bundle exec standardrb --fix {staged_files} && git add {staged_files}
+    eslint:
+      root: "frontend/"
+      glob: "*.{js,ts,vue}"
+      run: npx eslint --fix {staged_files} && git add {staged_files}

data/lib/mihari/analyzers/base.rb

@@ -35,17 +35,34 @@ module Mihari
         end
       end
 
-      # @return [String]
-      def source
-        self.class.to_s.split("::").last.to_s
-      end
-
       # @return [String]
       def class_name
         self.class.to_s.split("::").last
       end
 
+      alias_method :source, :class_name
+
       class << self
+        #
+        # Initialize an analyzer by query params
+        #
+        # @param [Hash] params
+        #
+        # @return [Mihari::Analyzers::Base]
+        #
+        def from_query(params)
+          # get options and set default value as an empty hash
+          options = params[:options] || {}
+
+          # set interval in the top level
+          interval = options[:interval]
+          params[:interval] = interval if interval
+
+          query = params[:query]
+
+          new(query, **params)
+        end
+
         def inherited(child)
           super
           Mihari.analyzers << child

data/lib/mihari/analyzers/rule.rb

@@ -46,7 +46,7 @@ module Mihari
       #
       # @param [Mihari::Structs::Rule] rule
       #
-      def initialize(rule:)
+      def initialize(rule)
         @rule = rule
         @base_time = Time.now.utc
 
@@ -153,15 +153,6 @@ module Mihari
         end
       end
 
-      #
-      # Deep copied queries
-      #
-      # @return [Array<Hash>]
-      #
-      def queries
-        rule.queries.map(&:deep_dup)
-      end
-
       #
       # Get analyzer class
       #
@@ -177,26 +168,13 @@ module Mihari
       end
 
       #
-      # @return [Array<Mihari::Analyzers::Base>] <description>
+      # @return [Array<Mihari::Analyzers::Base>]
       #
       def analyzers
-        @analyzers ||= queries.map do |params|
-          analyzer_name = params[:analyzer]
+        @analyzers ||= rule.queries.map do |query_params|
+          analyzer_name = query_params[:analyzer]
           klass = get_analyzer_class(analyzer_name)
-
-          # set interval in the top level
-          options = params[:options] || {}
-          interval = options[:interval]
-          params[:interval] = interval if interval
-
-          # set rule
-          params[:rule] = rule
-          query = params[:query]
-
-          analyzer = klass.new(query, **params)
-          raise ConfigurationError, "#{analyzer.source} is not configured correctly" unless analyzer.configured?
-
-          analyzer
+          klass.from_query(query_params)
         end
       end
 
@@ -240,8 +218,9 @@ module Mihari
       # Validate configuration of analyzers
       #
       def validate_analyzer_configurations
-        # memoize analyzers & raise ConfigurationError if there is an analyzer which is not configured
-        analyzers
+        analyzers.map do |analyzer|
+          raise ConfigurationError, "#{analyzer.source} is not configured correctly" unless analyzer.configured?
+        end
       end
     end
   end