mihari 5.4.0 → 5.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (20) hide show
  1. checksums.yaml +4 -4
  2. data/lib/mihari/analyzers/binaryedge.rb +4 -4
  3. data/lib/mihari/analyzers/censys.rb +2 -2
  4. data/lib/mihari/analyzers/circl.rb +2 -2
  5. data/lib/mihari/analyzers/greynoise.rb +2 -2
  6. data/lib/mihari/analyzers/hunterhow.rb +5 -5
  7. data/lib/mihari/analyzers/onyphe.rb +4 -4
  8. data/lib/mihari/analyzers/otx.rb +2 -2
  9. data/lib/mihari/analyzers/passivetotal.rb +2 -2
  10. data/lib/mihari/analyzers/pulsedive.rb +2 -2
  11. data/lib/mihari/analyzers/rule.rb +13 -12
  12. data/lib/mihari/analyzers/securitytrails.rb +2 -2
  13. data/lib/mihari/analyzers/shodan.rb +4 -4
  14. data/lib/mihari/analyzers/urlscan.rb +2 -2
  15. data/lib/mihari/analyzers/virustotal.rb +2 -2
  16. data/lib/mihari/analyzers/virustotal_intelligence.rb +2 -2
  17. data/lib/mihari/analyzers/zoomeye.rb +4 -4
  18. data/lib/mihari/config.rb +1 -1
  19. data/lib/mihari/version.rb +1 -1
  20. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f5e0b2b39737a0a5490683673459f85a1f8c526cbf50c6faf9fddace549366a8
4
- data.tar.gz: 3db32b6839d7dff83f9ff112f29917f823358f63d9985d6ba8ba3fc909462a83
3
+ metadata.gz: edebe866fc56948d66d144b5c84ea1dea09984e19418fdb205f0da7aac199268
4
+ data.tar.gz: 033fa5e060e2dae50f9e380ba9436ede1d6ec508b5a895c0fc6b987bb11f2a30
5
5
  SHA512:
6
- metadata.gz: 01bae867250b825f00fd0e0350bd451b909d3b05314e5e6a89f294c8e690587ad55c685087ff7c05dd17a48277309258906e53b5ed1ee7ddbc71834e116c41d4
7
- data.tar.gz: 6cb15c263b8db6f6de052272d40b8da4936a625c0f3c16408a2f3877693ecc84754452388cc5fe33471461fc403ff9a9f3515c95146303c354d71822f33511cc
6
+ metadata.gz: 92f545736664296853d771b3044448ee7be6f6f91a56a0b51d99f8d083ed625fd2bf66172fbda6a2a8ca193e6729a712142cd6e5b55d42b22f0f4ab3168b3a09
7
+ data.tar.gz: 51c68c809bb3abd8c7a61621bcc3cde2bc6488351a36c96ec8074f9d322f88fb74eddc3595ff4ec972b385354642037332015b5a004c894e4ab0ea7c988c47f6
data/lib/mihari/analyzers/binaryedge.rb CHANGED
@@ -30,6 +30,10 @@ module Mihari
30
30
  end.flatten
31
31
  end
32
32
 
33
+ def configuration_keys
34
+ %w[binaryedge_api_key]
35
+ end
36
+
33
37
  private
34
38
 
35
39
  PAGE_SIZE = 20
@@ -69,10 +73,6 @@ module Mihari
69
73
  responses
70
74
  end
71
75
 
72
- def configuration_keys
73
- %w[binaryedge_api_key]
74
- end
75
-
76
76
  #
77
77
  #
78
78
  # @return [Mihari::Clients::BinaryEdge]
data/lib/mihari/analyzers/censys.rb CHANGED
@@ -55,8 +55,6 @@ module Mihari
55
55
  configuration_keys? || (id? && secret?)
56
56
  end
57
57
 
58
- private
59
-
60
58
  #
61
59
  # @return [Array<String>]
62
60
  #
@@ -64,6 +62,8 @@ module Mihari
64
62
  %w[censys_id censys_secret]
65
63
  end
66
64
 
65
+ private
66
+
67
67
  #
68
68
  # @return [Mihari::Clients::Censys]
69
69
  #
data/lib/mihari/analyzers/circl.rb CHANGED
@@ -44,12 +44,12 @@ module Mihari
44
44
  configuration_keys? || (username? && password?)
45
45
  end
46
46
 
47
- private
48
-
49
47
  def configuration_keys
50
48
  %w[circl_passive_password circl_passive_username]
51
49
  end
52
50
 
51
+ private
52
+
53
53
  def client
54
54
  @client ||= Clients::CIRCL.new(username: username, password: password)
55
55
  end
data/lib/mihari/analyzers/greynoise.rb CHANGED
@@ -23,12 +23,12 @@ module Mihari
23
23
  client.gnql_search(query, size: PAGE_SIZE).to_artifacts
24
24
  end
25
25
 
26
- private
27
-
28
26
  def configuration_keys
29
27
  %w[greynoise_api_key]
30
28
  end
31
29
 
30
+ private
31
+
32
32
  def client
33
33
  @client ||= Clients::GreyNoise.new(api_key: api_key)
34
34
  end
data/lib/mihari/analyzers/hunterhow.rb CHANGED
@@ -3,9 +3,6 @@
3
3
  module Mihari
4
4
  module Analyzers
5
5
  class HunterHow < Base
6
- # @return [Integer]
7
- PAGE_SIZE = 100
8
-
9
6
  # @return [String, nil]
10
7
  attr_reader :api_key
11
8
 
@@ -54,12 +51,15 @@ module Mihari
54
51
  artifacts.flatten
55
52
  end
56
53
 
57
- private
58
-
59
54
  def configuration_keys
60
55
  %w[hunterhow_api_key]
61
56
  end
62
57
 
58
+ private
59
+
60
+ # @return [Integer]
61
+ PAGE_SIZE = 100
62
+
63
63
  def client
64
64
  @client ||= Clients::HunterHow.new(api_key: api_key)
65
65
  end
data/lib/mihari/analyzers/onyphe.rb CHANGED
@@ -26,14 +26,14 @@ module Mihari
26
26
  responses.map(&:to_artifacts).flatten
27
27
  end
28
28
 
29
- private
30
-
31
- PAGE_SIZE = 10
32
-
33
29
  def configuration_keys
34
30
  %w[onyphe_api_key]
35
31
  end
36
32
 
33
+ private
34
+
35
+ PAGE_SIZE = 10
36
+
37
37
  def client
38
38
  @client ||= Clients::Onyphe.new(api_key: api_key)
39
39
  end
data/lib/mihari/analyzers/otx.rb CHANGED
@@ -35,12 +35,12 @@ module Mihari
35
35
  end
36
36
  end
37
37
 
38
- private
39
-
40
38
  def configuration_keys
41
39
  %w[otx_api_key]
42
40
  end
43
41
 
42
+ private
43
+
44
44
  def client
45
45
  @client ||= Mihari::Clients::OTX.new(api_key: api_key)
46
46
  end
data/lib/mihari/analyzers/passivetotal.rb CHANGED
@@ -46,12 +46,12 @@ module Mihari
46
46
  configuration_keys? || (username? && api_key?)
47
47
  end
48
48
 
49
- private
50
-
51
49
  def configuration_keys
52
50
  %w[passivetotal_username passivetotal_api_key]
53
51
  end
54
52
 
53
+ private
54
+
55
55
  def client
56
56
  @client ||= Clients::PassiveTotal.new(username: username, api_key: api_key)
57
57
  end
data/lib/mihari/analyzers/pulsedive.rb CHANGED
@@ -40,12 +40,12 @@ module Mihari
40
40
  end
41
41
  end
42
42
 
43
- private
44
-
45
43
  def configuration_keys
46
44
  %w[pulsedive_api_key]
47
45
  end
48
46
 
47
+ private
48
+
49
49
  def client
50
50
  @client ||= Clients::PulseDive.new(api_key: api_key)
51
51
  end
data/lib/mihari/analyzers/rule.rb CHANGED
@@ -55,12 +55,15 @@ module Mihari
55
55
  end
56
56
 
57
57
  #
58
- # Returns a list of artifacts matched with queries/analyzers
58
+ # Returns a list of artifacts matched with queries/analyzers (with the rule ID)
59
59
  #
60
60
  # @return [Array<Mihari::Artifact>]
61
61
  #
62
62
  def artifacts
63
- analyzers.flat_map(&:normalized_artifacts)
63
+ analyzers.flat_map(&:normalized_artifacts).map do |artifact|
64
+ artifact.rule_id = rule.id
65
+ artifact
66
+ end
64
67
  end
65
68
 
66
69
  #
@@ -73,14 +76,9 @@ module Mihari
73
76
  # @return [Array<Mihari::Artifact>]
74
77
  #
75
78
  def normalized_artifacts
76
- @normalized_artifacts ||= artifacts.uniq(&:data).select(&:valid?).select do |artifact|
77
- rule.data_types.include? artifact.data_type
78
- end.reject do |artifact|
79
- falsepositive? artifact.data
80
- end.map do |artifact|
81
- artifact.rule_id = rule.id
82
- artifact
83
- end
79
+ valid_artifacts = artifacts.uniq(&:data).select(&:valid?)
80
+ date_type_allowed_artifacts = valid_artifacts.select { |artifact| rule.data_types.include? artifact.data_type }
81
+ date_type_allowed_artifacts.reject { |artifact| falsepositive? artifact.data }
84
82
  end
85
83
 
86
84
  #
@@ -89,7 +87,7 @@ module Mihari
89
87
  # @return [Array<Mihari::Artifact>]
90
88
  #
91
89
  def unique_artifacts
92
- @unique_artifacts ||= normalized_artifacts.select do |artifact|
90
+ normalized_artifacts.select do |artifact|
93
91
  artifact.unique?(base_time: base_time, artifact_lifetime: rule.artifact_lifetime)
94
92
  end
95
93
  end
@@ -217,7 +215,10 @@ module Mihari
217
215
  #
218
216
  def validate_analyzer_configurations
219
217
  analyzers.map do |analyzer|
220
- raise ConfigurationError, "#{analyzer.source} is not configured correctly" unless analyzer.configured?
218
+ next if analyzer.configured?
219
+
220
+ message = "#{analyzer.source} is not configured correctly. #{analyzer.configuration_keys.join(", ")} is/are missing."
221
+ raise ConfigurationError, message
221
222
  end
222
223
  end
223
224
  end
data/lib/mihari/analyzers/securitytrails.rb CHANGED
@@ -40,12 +40,12 @@ module Mihari
40
40
  end
41
41
  end
42
42
 
43
- private
44
-
45
43
  def configuration_keys
46
44
  %w[securitytrails_api_key]
47
45
  end
48
46
 
47
+ private
48
+
49
49
  def client
50
50
  @client ||= Clients::SecurityTrails.new(api_key: api_key)
51
51
  end
data/lib/mihari/analyzers/shodan.rb CHANGED
@@ -24,14 +24,14 @@ module Mihari
24
24
  results.map(&:to_artifacts).flatten.uniq(&:data)
25
25
  end
26
26
 
27
- private
28
-
29
- PAGE_SIZE = 100
30
-
31
27
  def configuration_keys
32
28
  %w[shodan_api_key]
33
29
  end
34
30
 
31
+ private
32
+
33
+ PAGE_SIZE = 100
34
+
35
35
  def client
36
36
  @client ||= Clients::Shodan.new(api_key: api_key)
37
37
  end
data/lib/mihari/analyzers/urlscan.rb CHANGED
@@ -39,12 +39,12 @@ module Mihari
39
39
  end
40
40
  end
41
41
 
42
- private
43
-
44
42
  def configuration_keys
45
43
  %w[urlscan_api_key]
46
44
  end
47
45
 
46
+ private
47
+
48
48
  def client
49
49
  @client ||= Clients::UrlScan.new(api_key: api_key)
50
50
  end
data/lib/mihari/analyzers/virustotal.rb CHANGED
@@ -35,12 +35,12 @@ module Mihari
35
35
  end
36
36
  end
37
37
 
38
- private
39
-
40
38
  def configuration_keys
41
39
  %w[virustotal_api_key]
42
40
  end
43
41
 
42
+ private
43
+
44
44
  def client
45
45
  @client = Clients::VirusTotal.new(api_key: api_key)
46
46
  end
data/lib/mihari/analyzers/virustotal_intelligence.rb CHANGED
@@ -21,12 +21,12 @@ module Mihari
21
21
  search_with_cursor.map(&:to_artifacts).flatten
22
22
  end
23
23
 
24
- private
25
-
26
24
  def configuration_keys
27
25
  %w[virustotal_api_key]
28
26
  end
29
27
 
28
+ private
29
+
30
30
  #
31
31
  # VT API
32
32
  #
data/lib/mihari/analyzers/zoomeye.rb CHANGED
@@ -33,6 +33,10 @@ module Mihari
33
33
  end
34
34
  end
35
35
 
36
+ def configuration_keys
37
+ %w[zoomeye_api_key]
38
+ end
39
+
36
40
  private
37
41
 
38
42
  PAGE_SIZE = 10
@@ -46,10 +50,6 @@ module Mihari
46
50
  %w[host web].include? type
47
51
  end
48
52
 
49
- def configuration_keys
50
- %w[zoomeye_api_key]
51
- end
52
-
53
53
  def client
54
54
  @client ||= Clients::ZoomEye.new(api_key: api_key)
55
55
  end
data/lib/mihari/config.rb CHANGED
@@ -82,7 +82,7 @@ module Mihari
82
82
  attr_reader :sentry_dsn
83
83
 
84
84
  # @return [Boolean]
85
- attr_reader :hide_config_values
85
+ attr_accessor :hide_config_values
86
86
 
87
87
  # @return [Integer]
88
88
  attr_reader :retry_interval
data/lib/mihari/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Mihari
4
- VERSION = "5.4.0"
4
+ VERSION = "5.4.1"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mihari
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.4.0
4
+ version: 5.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-08-11 00:00:00.000000000 Z
11
+ date: 2023-08-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler