mihari 5.3.1 → 5.4.0

data/frontend/package.json

@@ -14,11 +14,12 @@
     "type-check": "vue-tsc --noEmit -p tsconfig.app.json --composite false"
   },
   "dependencies": {
-    "@fortawesome/fontawesome-svg-core": "^6.4.0",
-    "@fortawesome/free-solid-svg-icons": "^6.4.0",
+    "@fortawesome/fontawesome-svg-core": "^6.4.2",
+    "@fortawesome/free-solid-svg-icons": "^6.4.2",
     "@fortawesome/vue-fontawesome": "^3.0.3",
-    "@vueuse/core": "^10.2.1",
-    "@vueuse/router": "^10.2.1",
+    "@vueuse/core": "^10.3.0",
+    "@vueuse/router": "^10.3.0",
+    "ace-builds": "^1.24.0",
     "axios": "^1.4.0",
     "bulma": "^0.9.4",
     "bulma-helpers": "^0.4.3",
@@ -32,36 +33,35 @@
     "vue": "^3.3.4",
     "vue-concurrency": "4.0.1",
     "vue-json-pretty": "^2.2.4",
-    "vue-prism-editor": "^2.0.0-alpha.2",
-    "vue-router": "^4.2.4"
+    "vue-router": "^4.2.4",
+    "vue3-ace-editor": "^2.2.3"
   },
   "devDependencies": {
-    "@redocly/cli": "^1.0.0-beta.131",
-    "@rushstack/eslint-patch": "^1.3.2",
-    "@tsconfig/node20": "^1.0.2",
+    "@redocly/cli": "1.0.2",
+    "@rushstack/eslint-patch": "^1.3.3",
+    "@tsconfig/node20": "^20.1.1",
     "@types/jsdom": "^21.1.1",
-    "@types/node": "^20.4.2",
-    "@types/prismjs": "^1.26.0",
+    "@types/node": "^20.4.9",
     "@types/url-parse": "^1.4.8",
-    "@typescript-eslint/eslint-plugin": "^6.0.0",
-    "@typescript-eslint/parser": "^6.0.0",
+    "@typescript-eslint/eslint-plugin": "^6.3.0",
+    "@typescript-eslint/parser": "^6.3.0",
     "@vitejs/plugin-vue": "^4.2.3",
-    "@vue/eslint-config-prettier": "^7.1.0",
+    "@vue/eslint-config-prettier": "^8.0.0",
     "@vue/eslint-config-typescript": "^11.0.3",
-    "@vue/test-utils": "2.4.0",
+    "@vue/test-utils": "2.4.1",
     "@vue/tsconfig": "^0.4.0",
-    "eslint": "^8.45.0",
-    "eslint-config-prettier": "^8.8.0",
+    "eslint": "^8.46.0",
+    "eslint-config-prettier": "^9.0.0",
     "eslint-plugin-prettier": "^5.0.0",
     "eslint-plugin-simple-import-sort": "^10.0.0",
-    "eslint-plugin-vue": "^9.15.1",
+    "eslint-plugin-vue": "^9.17.0",
     "husky": "^8.0.3",
     "jsdom": "^22.1.0",
     "npm-run-all": "^4.1.5",
-    "prettier": "^3.0.0",
+    "prettier": "^3.0.1",
     "typescript": "~5.1.6",
-    "vite": "^4.4.4",
-    "vitest": "^0.33.0",
-    "vue-tsc": "^1.8.5"
+    "vite": "^4.4.9",
+    "vitest": "^0.34.1",
+    "vue-tsc": "^1.8.8"
   }
 }

data/frontend/src/ace-config.ts

@@ -0,0 +1,6 @@
+import ace from "ace-builds"
+import modeYamlUrl from "ace-builds/src-min-noconflict/mode-yaml?url"
+import themeMonokaiUrl from "ace-builds/src-min-noconflict/theme-monokai?url"
+
+ace.config.setModuleUrl("ace/mode/yaml", modeYamlUrl)
+ace.config.setModuleUrl("ace/theme/monokai", themeMonokaiUrl)

data/frontend/src/components/alert/Form.vue

@@ -95,7 +95,7 @@
 </template>
 
 <script lang="ts">
-import { defineComponent, type PropType, ref, watch } from "vue"
+import { defineComponent, type PropType, ref, toRef,watch } from "vue"
 import { useRoute } from "vue-router"
 
 import type { AlertSearchParams } from "@/types"
@@ -126,7 +126,7 @@ export default defineComponent({
 
     const artifact = ref<string | undefined>(undefined)
     const fromAt = ref<string | undefined>(undefined)
-    const tagInput = ref<string | undefined>(props.tag)
+    const tagInput = toRef(props, "tag")
     const ruleId = ref<string | undefined>(undefined)
     const toAt = ref<string | undefined>(undefined)
     const asn = ref<number | undefined>(undefined)

data/frontend/src/components/rule/EditRule.vue

@@ -23,7 +23,7 @@
 </template>
 
 <script lang="ts">
-import { defineComponent, type PropType, ref } from "vue"
+import { defineComponent, type PropType, toRef } from "vue"
 import { useRouter } from "vue-router"
 
 import { generateUpdateRuleTask } from "@/api-helper"
@@ -46,7 +46,8 @@ export default defineComponent({
   setup(props) {
     const router = useRouter()
 
-    const yaml = ref(props.rule.yaml)
+    const rule = toRef(props, "rule")
+    const yaml = toRef(rule.value, "yaml")
 
     const updateRuleTask = generateUpdateRuleTask()
 

data/frontend/src/components/rule/Form.vue

@@ -88,7 +88,7 @@
 </template>
 
 <script lang="ts">
-import { defineComponent, type PropType, ref, watch } from "vue"
+import { defineComponent, type PropType, ref, toRef,watch } from "vue"
 import { useRoute } from "vue-router"
 
 import type { RuleSearchParams } from "@/types"
@@ -115,7 +115,7 @@ export default defineComponent({
 
     const description = ref<string | undefined>(undefined)
     const fromAt = ref<string | undefined>(undefined)
-    const tagInput = ref<string | undefined>(props.tag)
+    const tagInput = toRef(props, "tag")
     const title = ref<string | undefined>(undefined)
     const toAt = ref<string | undefined>(undefined)
 

data/frontend/src/components/rule/InputForm.vue

@@ -1,31 +1,29 @@
 <template>
-  <div class="block my-editor-wrapper" ref="wrapper">
-    <PrismEditor
-      class="my-editor"
-      v-model="yamlInput"
-      :highlight="highlighter"
-      line-numbers
-    ></PrismEditor>
+  <div class="block">
+    <VAceEditor
+      class="vue-ace-editor"
+      v-model:value="yamlInput"
+      lang="yaml"
+      theme="monokai"
+      :options="{
+        fontSize: 16,
+        minLines: 6,
+        maxLines: 10000
+      }"
+    ></VAceEditor>
   </div>
 </template>
 
 <script lang="ts">
-// eslint-disable-next-line simple-import-sort/imports
-import "vue-prism-editor/dist/prismeditor.min.css"
+import "@/ace-config"
 
-import { defineComponent, ref, watchEffect } from "vue"
-import { PrismEditor } from "vue-prism-editor"
-
-import Prism from "prismjs"
-
-import "prismjs/components/prism-yaml"
-import "prismjs/plugins/custom-class/prism-custom-class"
-import "prismjs/themes/prism-twilight.css"
+import { defineComponent, toRef, watchEffect } from "vue"
+import { VAceEditor } from "vue3-ace-editor"
 
 export default defineComponent({
   name: "RuleInputForm",
   components: {
-    PrismEditor
+    VAceEditor
   },
   props: {
     yaml: {
@@ -35,52 +33,13 @@ export default defineComponent({
   },
   emits: ["update-yaml"],
   setup(props, context) {
-    const yamlInput = ref(props.yaml)
-    const wrapper = ref<HTMLElement | undefined>(undefined)
-
-    Prism.plugins.customClass.map({
-      number: "prism-number",
-      tag: "prism-tag"
-    })
-
-    const highlighter = (code: string) => {
-      return Prism.highlight(code, Prism.languages.yaml, "yaml")
-    }
+    const yamlInput = toRef(props, "yaml")
 
     watchEffect(() => {
       context.emit("update-yaml", yamlInput.value)
-
-      // TODO: a dirty hack to change the default text color
-      if (wrapper.value) {
-        const strings = wrapper.value.querySelectorAll(":not(span.token)")
-        strings.forEach((string) => {
-          ;(string as HTMLElement).style.color = "white"
-        })
-      }
     })
 
-    return { yamlInput, highlighter, wrapper }
+    return { yamlInput }
   }
 })
 </script>
-
-<style scoped>
-.my-editor {
-  background: hsl(0, 0%, 8%);
-  font-family:
-    Fira code,
-    Fira Mono,
-    Consolas,
-    Menlo,
-    Courier,
-    monospace;
-  font-size: 1em;
-  line-height: 1.5;
-  padding: 5px;
-}
-
-.my-editor-wrapper {
-  background: hsl(0, 0%, 8%);
-  padding: 10px;
-}
-</style>

data/frontend/src/components/rule/YAML.vue

@@ -1,44 +1,37 @@
 <template>
-  <pre ref="pre" class="line-numbers"><code class="language-yaml">{{ yaml }}</code></pre>
+  <div class="block">
+    <VAceEditor
+      class="vue-ace-editor"
+      :value="yaml"
+      lang="yaml"
+      theme="monokai"
+      :options="{
+        readOnly: true,
+        fontSize: 16,
+        maxLines: 10000,
+        minLines: 6
+      }"
+    ></VAceEditor>
+  </div>
 </template>
 
 <script lang="ts">
-// eslint-disable-next-line simple-import-sort/imports
-import { defineComponent, onMounted, ref } from "vue"
+import "@/ace-config"
 
-import Prism from "prismjs"
-
-import "prismjs/components/prism-yaml"
-import "prismjs/plugins/custom-class/prism-custom-class"
-import "prismjs/plugins/line-numbers/prism-line-numbers.css"
-import "prismjs/plugins/line-numbers/prism-line-numbers"
-import "prismjs/themes/prism-twilight.css"
+import { defineComponent } from "vue"
+import { VAceEditor } from "vue3-ace-editor"
 
 export default defineComponent({
   name: "YAML",
+  components: {
+    VAceEditor
+  },
   props: {
     yaml: {
       type: String,
       required: true
     }
   },
-  setup() {
-    const pre = ref<HTMLElement | undefined>(undefined)
-
-    Prism.plugins.customClass.map({
-      number: "prism-number",
-      tag: "prism-tag"
-    })
-
-    onMounted(() => {
-      if (pre.value) {
-        pre.value.querySelectorAll("code").forEach((elem) => {
-          Prism.highlightElement(elem)
-        })
-      }
-    })
-
-    return { pre }
-  }
+  setup() {}
 })
 </script>

data/frontend/src/views/Artifact.vue

@@ -1,10 +1,10 @@
 <template>
-  <Artifact :id="artifactId"></Artifact>
+  <Artifact :id="id"></Artifact>
 </template>
 
 <script lang="ts">
 import { useTitle } from "@vueuse/core"
-import { defineComponent, onMounted, ref, watch } from "vue"
+import { defineComponent, onMounted, watch } from "vue"
 
 import Artifact from "@/components/artifact/ArtifactWrapper.vue"
 
@@ -20,10 +20,8 @@ export default defineComponent({
     }
   },
   setup(props) {
-    const artifactId = ref<string>(props.id)
-
     const updateTitle = () => {
-      useTitle(`Artifact:${artifactId.value} - Mihari`)
+      useTitle(`Artifact:${props.id} - Mihari`)
     }
 
     onMounted(() => {
@@ -33,12 +31,9 @@ export default defineComponent({
     watch(
       () => props.id,
       () => {
-        artifactId.value = props.id
         updateTitle()
       }
     )
-
-    return { artifactId }
   }
 })
 </script>

data/frontend/src/views/EditRule.vue

@@ -4,7 +4,7 @@
 
 <script lang="ts">
 import { useTitle } from "@vueuse/core"
-import { defineComponent, onMounted, ref, watch } from "vue"
+import { defineComponent, onMounted, watch } from "vue"
 
 import EditRule from "@/components/rule/EditRuleWrapper.vue"
 
@@ -20,10 +20,8 @@ export default defineComponent({
     }
   },
   setup(props) {
-    const ruleId = ref<string>(props.id)
-
     const updateTitle = () => {
-      useTitle(`Edit rule:${ruleId.value} - Mihari`)
+      useTitle(`Edit rule:${props.id} - Mihari`)
     }
 
     onMounted(() => {
@@ -33,12 +31,9 @@ export default defineComponent({
     watch(
       () => props.id,
       () => {
-        ruleId.value = props.id
         updateTitle()
       }
     )
-
-    return { ruleId }
   }
 })
 </script>

data/frontend/src/views/Rule.vue

@@ -1,10 +1,10 @@
 <template>
-  <Rule :id="ruleId"></Rule>
+  <Rule :id="id"></Rule>
 </template>
 
 <script lang="ts">
 import { useTitle } from "@vueuse/core"
-import { defineComponent, onMounted, ref, watch } from "vue"
+import { defineComponent, onMounted, watch } from "vue"
 
 import Rule from "@/components/rule/RuleWrapper.vue"
 
@@ -20,10 +20,8 @@ export default defineComponent({
     }
   },
   setup(props) {
-    const ruleId = ref<string>(props.id)
-
     const updateTitle = () => {
-      useTitle(`Rule:${ruleId.value} - Mihari`)
+      useTitle(`Rule:${props.id} - Mihari`)
     }
 
     onMounted(() => {
@@ -33,12 +31,9 @@ export default defineComponent({
     watch(
       () => props.id,
       () => {
-        ruleId.value = props.id
         updateTitle()
       }
     )
-
-    return { ruleId }
   }
 })
 </script>

data/lib/mihari/analyzers/base.rb

@@ -25,21 +25,28 @@ module Mihari
       # @return [Integer, nil]
       #
       def interval
-        @interval = options[:interval]
+        @interval ||= options[:interval]
       end
 
       #
       # @return [Integer]
       #
       def retry_interval
-        @retry_interval ||= options[:retry_interval] || DEFAULT_RETRY_INTERVAL
+        @retry_interval ||= options[:retry_interval] || Mihari.config.retry_interval
       end
 
       #
       # @return [Integer]
       #
       def retry_times
-        @retry_times ||= options[:retry_times] || DEFAULT_RETRY_TIMES
+        @retry_times ||= options[:retry_times] || Mihari.config.retry_times
+      end
+
+      #
+      # @return [Integer]
+      #
+      def pagination_limit
+        @pagination_limit ||= options[:pagination_limit] || Mihari.config.pagination_limit
       end
 
       # @return [Array<String>, Array<Mihari::Artifact>]
@@ -73,6 +80,12 @@ module Mihari
 
       alias_method :source, :class_name
 
+      private
+
+      def sleep_interval
+        sleep(interval) if interval
+      end
+
       class << self
         #
         # Initialize an analyzer by query params

data/lib/mihari/analyzers/binaryedge.rb

@@ -56,7 +56,7 @@ module Mihari
       #
       def search
         responses = []
-        (1..500).each do |page|
+        (1..pagination_limit).each do |page|
           res = search_with_page(page: page)
           total = res["total"].to_i
 
@@ -64,7 +64,7 @@ module Mihari
           break if total <= page * PAGE_SIZE
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
         responses
       end

data/lib/mihari/analyzers/censys.rb

@@ -30,7 +30,7 @@ module Mihari
         artifacts = []
 
         cursor = nil
-        loop do
+        pagination_limit.times do
           response = client.search(query, cursor: cursor)
           artifacts << response.result.to_artifacts
           cursor = response.result.links.next
@@ -42,7 +42,7 @@ module Mihari
           break if cursor.nil? || cursor.empty?
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
 
         artifacts.flatten.uniq(&:data)

data/lib/mihari/analyzers/hunterhow.rb

@@ -0,0 +1,68 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Analyzers
+    class HunterHow < Base
+      # @return [Integer]
+      PAGE_SIZE = 100
+
+      # @return [String, nil]
+      attr_reader :api_key
+
+      # @return [Date]
+      attr_reader :start_time
+
+      # @return [Date]
+      attr_reader :end_time
+
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      #
+      def initialize(query, start_time:, end_time:, options: nil, api_key: nil)
+        super(query, options: options)
+
+        @api_key = api_key || Mihari.config.hunterhow_api_key
+
+        @start_time = start_time
+        @end_time = end_time
+      end
+
+      #
+      # @return [Array<Mihari::Artifact>]
+      #
+      def artifacts
+        artifacts = []
+
+        (1..pagination_limit).each do |page|
+          res = client.search(
+            query,
+            page: page,
+            page_size: PAGE_SIZE,
+            start_time: start_time.strftime("%Y-%m-%d"),
+            end_time: end_time.strftime("%Y-%m-%d")
+          )
+
+          artifacts << res.data.artifacts
+
+          break if res.data.list.length < PAGE_SIZE
+
+          sleep_interval
+        end
+
+        artifacts.flatten
+      end
+
+      private
+
+      def configuration_keys
+        %w[hunterhow_api_key]
+      end
+
+      def client
+        @client ||= Clients::HunterHow.new(api_key: api_key)
+      end
+    end
+  end
+end

data/lib/mihari/analyzers/onyphe.rb

@@ -57,7 +57,7 @@ module Mihari
       #
       def search
         responses = []
-        (1..Float::INFINITY).each do |page|
+        (1..pagination_limit).each do |page|
           res = search_with_page(query, page: page)
           responses << res
 
@@ -65,7 +65,7 @@ module Mihari
           break if total <= page * PAGE_SIZE
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
         responses
       end

data/lib/mihari/analyzers/rule.rb

@@ -10,6 +10,7 @@ module Mihari
       "dnstwister" => DNSTwister,
       "feed" => Feed,
       "greynoise" => GreyNoise,
+      "hunterhow" => HunterHow,
       "onyphe" => Onyphe,
       "otx" => OTX,
       "passivetotal" => PassiveTotal,
@@ -37,14 +38,14 @@ module Mihari
     class Rule
       include Mixins::FalsePositive
 
-      # @return [Mihari::Structs::Rule]
+      # @return [Mihari::Services::Rule]
       attr_reader :rule
 
       # @return [Time]
       attr_reader :base_time
 
       #
-      # @param [Mihari::Structs::Rule] rule
+      # @param [Mihari::Services::Rule] rule
       #
       def initialize(rule)
         @rule = rule
@@ -146,11 +147,8 @@ module Mihari
       def falsepositive?(value)
         return true if rule.falsepositives.include?(value)
 
-        rule.falsepositives.select do |falsepositive|
-          falsepositive.is_a?(Regexp)
-        end.any? do |falseposistive|
-          falseposistive.match?(value)
-        end
+        regexps = rule.falsepositives.select { |fp| fp.is_a?(Regexp) }
+        regexps.any? { |fp| fp.match?(value) }
       end
 
       #

data/lib/mihari/analyzers/shodan.rb

@@ -54,13 +54,13 @@ module Mihari
       #
       def search
         responses = []
-        (1..Float::INFINITY).each do |page|
+        (1..pagination_limit).each do |page|
           res = search_with_page(page: page)
           responses << res
           break if res.total <= page * PAGE_SIZE
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep interval
+          sleep_interval
         rescue JSON::ParserError
           # ignore JSON::ParserError
           # ref. https://github.com/ninoseki/mihari/issues/197

data/lib/mihari/analyzers/urlscan.rb

@@ -68,7 +68,7 @@ module Mihari
         responses = []
 
         search_after = nil
-        loop do
+        pagination_limit.times do
           res = search_with_search_after(search_after: search_after)
           responses << res
 
@@ -77,7 +77,7 @@ module Mihari
           search_after = res.results.last.sort.join(",")
 
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
 
         responses

data/lib/mihari/analyzers/virustotal_intelligence.rb

@@ -45,7 +45,7 @@ module Mihari
         cursor = nil
         responses = []
 
-        loop do
+        pagination_limit.times do
           response = Structs::VirusTotalIntelligence::Response.from_dynamic!(client.intel_search(query,
             cursor: cursor))
           responses << response
@@ -53,7 +53,7 @@ module Mihari
 
           cursor = response.meta.cursor
           # sleep #{interval} seconds to avoid the rate limitation (if it is set)
-          sleep(interval) if interval
+          sleep_interval
         end
 
         responses