mihari 5.3.1 → 5.3.2

data/frontend/package.json

@@ -14,11 +14,12 @@
     "type-check": "vue-tsc --noEmit -p tsconfig.app.json --composite false"
   },
   "dependencies": {
-    "@fortawesome/fontawesome-svg-core": "^6.4.0",
-    "@fortawesome/free-solid-svg-icons": "^6.4.0",
+    "@fortawesome/fontawesome-svg-core": "^6.4.2",
+    "@fortawesome/free-solid-svg-icons": "^6.4.2",
     "@fortawesome/vue-fontawesome": "^3.0.3",
-    "@vueuse/core": "^10.2.1",
-    "@vueuse/router": "^10.2.1",
+    "@vueuse/core": "^10.3.0",
+    "@vueuse/router": "^10.3.0",
+    "ace-builds": "^1.23.4",
     "axios": "^1.4.0",
     "bulma": "^0.9.4",
     "bulma-helpers": "^0.4.3",
@@ -32,36 +33,35 @@
     "vue": "^3.3.4",
     "vue-concurrency": "4.0.1",
     "vue-json-pretty": "^2.2.4",
-    "vue-prism-editor": "^2.0.0-alpha.2",
-    "vue-router": "^4.2.4"
+    "vue-router": "^4.2.4",
+    "vue3-ace-editor": "^2.2.3"
   },
   "devDependencies": {
-    "@redocly/cli": "^1.0.0-beta.131",
+    "@redocly/cli": "1.0.0",
     "@rushstack/eslint-patch": "^1.3.2",
-    "@tsconfig/node20": "^1.0.2",
+    "@tsconfig/node20": "^20.1.1",
     "@types/jsdom": "^21.1.1",
-    "@types/node": "^20.4.2",
-    "@types/prismjs": "^1.26.0",
+    "@types/node": "^20.4.8",
     "@types/url-parse": "^1.4.8",
-    "@typescript-eslint/eslint-plugin": "^6.0.0",
-    "@typescript-eslint/parser": "^6.0.0",
+    "@typescript-eslint/eslint-plugin": "^6.2.1",
+    "@typescript-eslint/parser": "^6.2.1",
     "@vitejs/plugin-vue": "^4.2.3",
-    "@vue/eslint-config-prettier": "^7.1.0",
+    "@vue/eslint-config-prettier": "^8.0.0",
     "@vue/eslint-config-typescript": "^11.0.3",
-    "@vue/test-utils": "2.4.0",
+    "@vue/test-utils": "2.4.1",
     "@vue/tsconfig": "^0.4.0",
-    "eslint": "^8.45.0",
-    "eslint-config-prettier": "^8.8.0",
+    "eslint": "^8.46.0",
+    "eslint-config-prettier": "^9.0.0",
     "eslint-plugin-prettier": "^5.0.0",
     "eslint-plugin-simple-import-sort": "^10.0.0",
-    "eslint-plugin-vue": "^9.15.1",
+    "eslint-plugin-vue": "^9.16.1",
     "husky": "^8.0.3",
     "jsdom": "^22.1.0",
     "npm-run-all": "^4.1.5",
-    "prettier": "^3.0.0",
+    "prettier": "^3.0.1",
     "typescript": "~5.1.6",
-    "vite": "^4.4.4",
-    "vitest": "^0.33.0",
-    "vue-tsc": "^1.8.5"
+    "vite": "^4.4.9",
+    "vitest": "^0.34.1",
+    "vue-tsc": "^1.8.8"
   }
 }

data/frontend/src/ace-config.ts

@@ -0,0 +1,6 @@
+import ace from "ace-builds"
+import modeYamlUrl from "ace-builds/src-min-noconflict/mode-yaml?url"
+import themeMonokaiUrl from "ace-builds/src-min-noconflict/theme-monokai?url"
+
+ace.config.setModuleUrl("ace/mode/yaml", modeYamlUrl)
+ace.config.setModuleUrl("ace/theme/monokai", themeMonokaiUrl)

data/frontend/src/components/alert/Form.vue

@@ -95,7 +95,7 @@
 </template>
 
 <script lang="ts">
-import { defineComponent, type PropType, ref, watch } from "vue"
+import { defineComponent, type PropType, ref, toRef,watch } from "vue"
 import { useRoute } from "vue-router"
 
 import type { AlertSearchParams } from "@/types"
@@ -126,7 +126,7 @@ export default defineComponent({
 
     const artifact = ref<string | undefined>(undefined)
     const fromAt = ref<string | undefined>(undefined)
-    const tagInput = ref<string | undefined>(props.tag)
+    const tagInput = toRef(props, "tag")
     const ruleId = ref<string | undefined>(undefined)
     const toAt = ref<string | undefined>(undefined)
     const asn = ref<number | undefined>(undefined)

data/frontend/src/components/rule/EditRule.vue

@@ -23,7 +23,7 @@
 </template>
 
 <script lang="ts">
-import { defineComponent, type PropType, ref } from "vue"
+import { defineComponent, type PropType, toRef } from "vue"
 import { useRouter } from "vue-router"
 
 import { generateUpdateRuleTask } from "@/api-helper"
@@ -46,7 +46,8 @@ export default defineComponent({
   setup(props) {
     const router = useRouter()
 
-    const yaml = ref(props.rule.yaml)
+    const rule = toRef(props, "rule")
+    const yaml = toRef(rule.value, "yaml")
 
     const updateRuleTask = generateUpdateRuleTask()
 

data/frontend/src/components/rule/Form.vue

@@ -88,7 +88,7 @@
 </template>
 
 <script lang="ts">
-import { defineComponent, type PropType, ref, watch } from "vue"
+import { defineComponent, type PropType, ref, toRef,watch } from "vue"
 import { useRoute } from "vue-router"
 
 import type { RuleSearchParams } from "@/types"
@@ -115,7 +115,7 @@ export default defineComponent({
 
     const description = ref<string | undefined>(undefined)
     const fromAt = ref<string | undefined>(undefined)
-    const tagInput = ref<string | undefined>(props.tag)
+    const tagInput = toRef(props, "tag")
     const title = ref<string | undefined>(undefined)
     const toAt = ref<string | undefined>(undefined)
 

data/frontend/src/components/rule/InputForm.vue

@@ -1,31 +1,29 @@
 <template>
-  <div class="block my-editor-wrapper" ref="wrapper">
-    <PrismEditor
-      class="my-editor"
-      v-model="yamlInput"
-      :highlight="highlighter"
-      line-numbers
-    ></PrismEditor>
+  <div class="block">
+    <VAceEditor
+      class="vue-ace-editor"
+      v-model:value="yamlInput"
+      lang="yaml"
+      theme="monokai"
+      :options="{
+        fontSize: 16,
+        minLines: 6,
+        maxLines: 10000
+      }"
+    ></VAceEditor>
   </div>
 </template>
 
 <script lang="ts">
-// eslint-disable-next-line simple-import-sort/imports
-import "vue-prism-editor/dist/prismeditor.min.css"
+import "@/ace-config"
 
-import { defineComponent, ref, watchEffect } from "vue"
-import { PrismEditor } from "vue-prism-editor"
-
-import Prism from "prismjs"
-
-import "prismjs/components/prism-yaml"
-import "prismjs/plugins/custom-class/prism-custom-class"
-import "prismjs/themes/prism-twilight.css"
+import { defineComponent, toRef, watchEffect } from "vue"
+import { VAceEditor } from "vue3-ace-editor"
 
 export default defineComponent({
   name: "RuleInputForm",
   components: {
-    PrismEditor
+    VAceEditor
   },
   props: {
     yaml: {
@@ -35,52 +33,13 @@ export default defineComponent({
   },
   emits: ["update-yaml"],
   setup(props, context) {
-    const yamlInput = ref(props.yaml)
-    const wrapper = ref<HTMLElement | undefined>(undefined)
-
-    Prism.plugins.customClass.map({
-      number: "prism-number",
-      tag: "prism-tag"
-    })
-
-    const highlighter = (code: string) => {
-      return Prism.highlight(code, Prism.languages.yaml, "yaml")
-    }
+    const yamlInput = toRef(props, "yaml")
 
     watchEffect(() => {
       context.emit("update-yaml", yamlInput.value)
-
-      // TODO: a dirty hack to change the default text color
-      if (wrapper.value) {
-        const strings = wrapper.value.querySelectorAll(":not(span.token)")
-        strings.forEach((string) => {
-          ;(string as HTMLElement).style.color = "white"
-        })
-      }
     })
 
-    return { yamlInput, highlighter, wrapper }
+    return { yamlInput }
   }
 })
 </script>
-
-<style scoped>
-.my-editor {
-  background: hsl(0, 0%, 8%);
-  font-family:
-    Fira code,
-    Fira Mono,
-    Consolas,
-    Menlo,
-    Courier,
-    monospace;
-  font-size: 1em;
-  line-height: 1.5;
-  padding: 5px;
-}
-
-.my-editor-wrapper {
-  background: hsl(0, 0%, 8%);
-  padding: 10px;
-}
-</style>

data/frontend/src/components/rule/YAML.vue

@@ -1,44 +1,37 @@
 <template>
-  <pre ref="pre" class="line-numbers"><code class="language-yaml">{{ yaml }}</code></pre>
+  <div class="block">
+    <VAceEditor
+      class="vue-ace-editor"
+      :value="yaml"
+      lang="yaml"
+      theme="monokai"
+      :options="{
+        readOnly: true,
+        fontSize: 16,
+        maxLines: 10000,
+        minLines: 6
+      }"
+    ></VAceEditor>
+  </div>
 </template>
 
 <script lang="ts">
-// eslint-disable-next-line simple-import-sort/imports
-import { defineComponent, onMounted, ref } from "vue"
+import "@/ace-config"
 
-import Prism from "prismjs"
-
-import "prismjs/components/prism-yaml"
-import "prismjs/plugins/custom-class/prism-custom-class"
-import "prismjs/plugins/line-numbers/prism-line-numbers.css"
-import "prismjs/plugins/line-numbers/prism-line-numbers"
-import "prismjs/themes/prism-twilight.css"
+import { defineComponent } from "vue"
+import { VAceEditor } from "vue3-ace-editor"
 
 export default defineComponent({
   name: "YAML",
+  components: {
+    VAceEditor
+  },
   props: {
     yaml: {
       type: String,
       required: true
     }
   },
-  setup() {
-    const pre = ref<HTMLElement | undefined>(undefined)
-
-    Prism.plugins.customClass.map({
-      number: "prism-number",
-      tag: "prism-tag"
-    })
-
-    onMounted(() => {
-      if (pre.value) {
-        pre.value.querySelectorAll("code").forEach((elem) => {
-          Prism.highlightElement(elem)
-        })
-      }
-    })
-
-    return { pre }
-  }
+  setup() {}
 })
 </script>

data/frontend/src/views/Artifact.vue

@@ -1,10 +1,10 @@
 <template>
-  <Artifact :id="artifactId"></Artifact>
+  <Artifact :id="id"></Artifact>
 </template>
 
 <script lang="ts">
 import { useTitle } from "@vueuse/core"
-import { defineComponent, onMounted, ref, watch } from "vue"
+import { defineComponent, onMounted, watch } from "vue"
 
 import Artifact from "@/components/artifact/ArtifactWrapper.vue"
 
@@ -20,10 +20,8 @@ export default defineComponent({
     }
   },
   setup(props) {
-    const artifactId = ref<string>(props.id)
-
     const updateTitle = () => {
-      useTitle(`Artifact:${artifactId.value} - Mihari`)
+      useTitle(`Artifact:${props.id} - Mihari`)
     }
 
     onMounted(() => {
@@ -33,12 +31,9 @@ export default defineComponent({
     watch(
       () => props.id,
       () => {
-        artifactId.value = props.id
         updateTitle()
       }
     )
-
-    return { artifactId }
   }
 })
 </script>

data/frontend/src/views/EditRule.vue

@@ -4,7 +4,7 @@
 
 <script lang="ts">
 import { useTitle } from "@vueuse/core"
-import { defineComponent, onMounted, ref, watch } from "vue"
+import { defineComponent, onMounted, watch } from "vue"
 
 import EditRule from "@/components/rule/EditRuleWrapper.vue"
 
@@ -20,10 +20,8 @@ export default defineComponent({
     }
   },
   setup(props) {
-    const ruleId = ref<string>(props.id)
-
     const updateTitle = () => {
-      useTitle(`Edit rule:${ruleId.value} - Mihari`)
+      useTitle(`Edit rule:${props.id} - Mihari`)
     }
 
     onMounted(() => {
@@ -33,12 +31,9 @@ export default defineComponent({
     watch(
       () => props.id,
       () => {
-        ruleId.value = props.id
         updateTitle()
       }
     )
-
-    return { ruleId }
   }
 })
 </script>

data/frontend/src/views/Rule.vue

@@ -1,10 +1,10 @@
 <template>
-  <Rule :id="ruleId"></Rule>
+  <Rule :id="id"></Rule>
 </template>
 
 <script lang="ts">
 import { useTitle } from "@vueuse/core"
-import { defineComponent, onMounted, ref, watch } from "vue"
+import { defineComponent, onMounted, watch } from "vue"
 
 import Rule from "@/components/rule/RuleWrapper.vue"
 
@@ -20,10 +20,8 @@ export default defineComponent({
     }
   },
   setup(props) {
-    const ruleId = ref<string>(props.id)
-
     const updateTitle = () => {
-      useTitle(`Rule:${ruleId.value} - Mihari`)
+      useTitle(`Rule:${props.id} - Mihari`)
     }
 
     onMounted(() => {
@@ -33,12 +31,9 @@ export default defineComponent({
     watch(
       () => props.id,
       () => {
-        ruleId.value = props.id
         updateTitle()
       }
     )
-
-    return { ruleId }
   }
 })
 </script>

data/lib/mihari/analyzers/base.rb

@@ -73,6 +73,12 @@ module Mihari
 
       alias_method :source, :class_name
 
+      private
+
+      def sleep_interval
+        sleep(interval) if interval
+      end
+
       class << self
         #
         # Initialize an analyzer by query params

data/lib/mihari/analyzers/binaryedge.rb

@@ -64,7 +64,7 @@ module Mihari
           break if total <= page * PAGE_SIZE
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
         responses
       end

data/lib/mihari/analyzers/censys.rb

@@ -42,7 +42,7 @@ module Mihari
           break if cursor.nil? || cursor.empty?
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
 
         artifacts.flatten.uniq(&:data)

data/lib/mihari/analyzers/onyphe.rb

@@ -65,7 +65,7 @@ module Mihari
           break if total <= page * PAGE_SIZE
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
         responses
       end

data/lib/mihari/analyzers/rule.rb

@@ -37,14 +37,14 @@ module Mihari
     class Rule
       include Mixins::FalsePositive
 
-      # @return [Mihari::Structs::Rule]
+      # @return [Mihari::Services::Rule]
       attr_reader :rule
 
       # @return [Time]
       attr_reader :base_time
 
       #
-      # @param [Mihari::Structs::Rule] rule
+      # @param [Mihari::Services::Rule] rule
       #
       def initialize(rule)
         @rule = rule
@@ -146,11 +146,8 @@ module Mihari
       def falsepositive?(value)
         return true if rule.falsepositives.include?(value)
 
-        rule.falsepositives.select do |falsepositive|
-          falsepositive.is_a?(Regexp)
-        end.any? do |falseposistive|
-          falseposistive.match?(value)
-        end
+        regexps = rule.falsepositives.select { |fp| fp.is_a?(Regexp) }
+        regexps.any? { |fp| fp.match?(value) }
       end
 
       #

data/lib/mihari/analyzers/shodan.rb

@@ -60,7 +60,7 @@ module Mihari
           break if res.total <= page * PAGE_SIZE
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep interval
+          sleep_interval
         rescue JSON::ParserError
           # ignore JSON::ParserError
           # ref. https://github.com/ninoseki/mihari/issues/197

data/lib/mihari/analyzers/urlscan.rb

@@ -77,7 +77,7 @@ module Mihari
           search_after = res.results.last.sort.join(",")
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
 
         responses

data/lib/mihari/analyzers/virustotal_intelligence.rb

@@ -53,7 +53,7 @@ module Mihari
 
           cursor = response.meta.cursor
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
 
         responses

data/lib/mihari/analyzers/zoomeye.rb

@@ -104,7 +104,7 @@ module Mihari
           break if total <= page * PAGE_SIZE
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
         convert_responses responses.compact
       end
@@ -137,7 +137,7 @@ module Mihari
           break if total <= page * PAGE_SIZE
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
         convert_responses responses.compact
       end

data/lib/mihari/commands/rule.rb

@@ -15,7 +15,7 @@ module Mihari
             # @param [String] path
             #
             def validate(path)
-              rule = Structs::Rule.from_path_or_id(path)
+              rule = Services::Rule.from_path_or_id(path)
 
               begin
                 rule.validate!
@@ -44,10 +44,10 @@ module Mihari
 
             no_commands do
               #
-              # @return [Mihari::Structs::Rule]
+              # @return [Mihari::Services::Rule]
               #
               def rule_template
-                Structs::Rule.from_path File.expand_path("../templates/rule.yml.erb", __dir__)
+                Services::Rule.from_path File.expand_path("../templates/rule.yml.erb", __dir__)
               end
 
               #

data/lib/mihari/commands/search.rb

@@ -33,12 +33,12 @@ module Mihari
           end
 
           def update_or_create
-            rule.model.save
+            rule.to_model.save
           end
 
           def run
             begin
-              analyzer = rule.analyzer
+              analyzer = rule.to_analyzer
             rescue ConfigurationError => e
               # if there is a configuration error, output that error without the stack trace
               Mihari.logger.error e.to_s
@@ -69,7 +69,7 @@ module Mihari
             #
             def search(path_or_id)
               Mihari::Database.with_db_connection do
-                rule = Structs::Rule.from_path_or_id path_or_id
+                rule = Services::Rule.from_path_or_id path_or_id
 
                 begin
                   rule.validate!

data/lib/mihari/constants.rb

@@ -1,10 +1,13 @@
 # frozen_string_literal: true
 
 module Mihari
+  # @return [Array<String>]
   DEFAULT_DATA_TYPES = %w[hash ip domain url mail].freeze
 
+  # @return [Array<Hash>]
   DEFAULT_EMITTERS = %w[database misp slack the_hive].map { |name| { emitter: name } }.freeze
 
+  # @return [Array<Hash>]
   DEFAULT_ENRICHERS = %w[whois ipinfo shodan google_public_dns].map { |name| { enricher: name } }.freeze
 
   DEFAULT_RETRY_TIMES = 3

data/lib/mihari/emitters/base.rb

@@ -9,12 +9,12 @@ module Mihari
       # @return [Array<Mihari::Artifact>]
       attr_reader :artifacts
 
-      # @return [Mihari::Structs::Rule]
+      # @return [Mihari::Services::Rule]
       attr_reader :rule
 
       #
       # @param [Array<Mihari::Artifact>] artifacts
-      # @param [Mihari::Structs::Rule] rule
+      # @param [Mihari::Services::Rule] rule
       # @param [Hash] **_options
       #
       def initialize(artifacts:, rule:, **_options)

data/lib/mihari/emitters/misp.rb

@@ -12,12 +12,12 @@ module Mihari
       # @return [Array<Mihari::Artifact>]
       attr_reader :artifacts
 
-      # @return [Mihari::Structs::Rule]
+      # @return [Mihari::Services::Rule]
       attr_reader :rule
 
       #
       # @param [Array<Mihari::Artifact>] artifacts
-      # @param [Mihari::Structs::Rule] rule
+      # @param [Mihari::Services::Rule] rule
       # @param [Hash] **options
       #
       def initialize(artifacts:, rule:, **options)
@@ -47,7 +47,7 @@ module Mihari
       # Create a MISP event
       #
       # @param [Arra<Mihari::Artifact>] artifacts
-      # @param [Mihari::Structs::Rule] rule
+      # @param [Mihari::Services::Rule] rule
       #
       # @return [::MISP::Event]
       #

data/lib/mihari/emitters/slack.rb

@@ -133,7 +133,7 @@ module Mihari
 
       #
       # @param [Array<Mihari::Artifact>] artifacts
-      # @param [Mihari::Structs::Rule] rule
+      # @param [Mihari::Services::Rule] rule
       # @param [Hash] **_options
       #
       def initialize(artifacts:, rule:, **options)

data/lib/mihari/emitters/the_hive.rb

@@ -14,7 +14,7 @@ module Mihari
 
       #
       # @param [Array<Mihari::Artifact>] artifacts
-      # @param [Mihari::Structs::Rule] rule
+      # @param [Mihari::Services::Rule] rule
       # @param [Hash] **options
       #
       def initialize(artifacts:, rule:, **options)