mihari 5.4.3 → 5.4.5

data/lib/mihari/emitters/base.rb

@@ -3,6 +3,8 @@
 module Mihari
   module Emitters
     class Base
+      include Dry::Monads[:result, :try]
+
       include Mixins::Configurable
       include Mixins::Retriable
 
@@ -34,11 +36,15 @@ module Mihari
         raise NotImplementedError, "You must implement #{self.class}##{__method__}"
       end
 
-      def run(**params)
-        retry_on_error { emit(**params) }
+      def run
+        retry_on_error { emit }
+      end
+
+      def result
+        Try[StandardError] { run }.to_result
       end
 
-      def emit(*)
+      def emit
         raise NotImplementedError, "You must implement #{self.class}##{__method__}"
       end
     end

data/lib/mihari/emitters/slack.rb

@@ -114,7 +114,7 @@ module Mihari
 
       # @return [String]
       def defanged_data
-        @defanged_data ||= data.to_s.gsub(/\./, "[.]")
+        @defanged_data ||= data.to_s.gsub(".", "[.]")
       end
     end
 

data/lib/mihari/enrichers/base.rb

@@ -6,10 +6,23 @@ module Mihari
       include Mixins::Configurable
 
       class << self
+        include Dry::Monads[:result, :try]
+
         def inherited(child)
           super
           Mihari.enrichers << child
         end
+
+        def query_result(value)
+          Try[StandardError] { query(value) }.to_result
+        end
+
+        #
+        # @param [String] value
+        #
+        def query(value)
+          raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+        end
       end
 
       # @return [Boolean]

data/lib/mihari/enrichers/google_public_dns.rb

@@ -11,15 +11,30 @@ module Mihari
       end
 
       class << self
+        include Dry::Monads[:result]
+
         #
         # Query Google Public DNS
         #
         # @param [String] name
+        #
+        # @return [Array<Mihari::Structs::Shodan::GooglePublicDNS::Response>]
+        #
+        def query(name)
+          %w[A AAAA CNAME TXT NS].filter_map do |resource_type|
+            query_by_type(name, resource_type)
+          end
+        end
+
+        #
+        # Query Google Public DNS by resource type
+        #
+        # @param [String] name
         # @param [String] resource_type
         #
         # @return [Mihari::Structs::Shodan::GooglePublicDNS::Response, nil]
         #
-        def query(name, resource_type)
+        def query_by_type(name, resource_type)
           url = "https://dns.google/resolve"
           params = { name: name, type: resource_type }
           res = HTTP.get(url, params: params)

data/lib/mihari/enrichers/ipinfo.rb

@@ -17,6 +17,7 @@ module Mihari
       end
 
       class << self
+        include Dry::Monads[:result]
         include Memist::Memoizable
 
         #
@@ -28,20 +29,15 @@ module Mihari
         #
         def query(ip)
           headers = {}
+
           token = Mihari.config.ipinfo_api_key
-          unless token.nil?
-            headers[:authorization] = "Bearer #{token}"
-          end
-
-          begin
-            url = "https://ipinfo.io/#{ip}/json"
-            res = HTTP.get(url, headers: headers)
-            data = JSON.parse(res.body.to_s)
-
-            Structs::IPInfo::Response.from_dynamic! data
-          rescue HTTPError
-            nil
-          end
+          headers[:authorization] = "Bearer #{token}" unless token.nil?
+
+          url = "https://ipinfo.io/#{ip}/json"
+          res = HTTP.get(url, headers: headers)
+          data = JSON.parse(res.body.to_s)
+
+          Structs::IPInfo::Response.from_dynamic! data
         end
         memoize :query
       end

data/lib/mihari/enrichers/shodan.rb

@@ -11,6 +11,7 @@ module Mihari
       end
 
       class << self
+        include Dry::Monads[:result]
         include Memist::Memoizable
 
         #
@@ -26,8 +27,6 @@ module Mihari
           data = JSON.parse(res.body.to_s)
 
           Structs::Shodan::InternetDBResponse.from_dynamic! data
-        rescue HTTPError
-          nil
         end
         memoize :query
       end

data/lib/mihari/enrichers/whois.rb

@@ -14,6 +14,8 @@ module Mihari
       end
 
       class << self
+        include Dry::Monads[:result]
+
         #
         # Query IAIA Whois API
         #
@@ -47,8 +49,6 @@ module Mihari
           # set memo
           @memo[domain] = whois_record
           whois_record
-        rescue ::Whois::Error, ::Whois::ParserError, Timeout::Error
-          nil
         end
 
         def reset_cache

data/lib/mihari/errors.rb

@@ -3,22 +3,14 @@
 module Mihari
   class Error < StandardError; end
 
-  class InvalidInputError < Error; end
+  class ValueError < Error; end
 
-  class InvalidArtifactFormatError < Error; end
+  class TypeError < Error; end
 
   class RetryableError < Error; end
 
   class FileNotFoundError < Error; end
 
-  class FeedParseError < Error; end
-
-  class RuleValidationError < Error; end
-
-  class AlertValidationError < Error; end
-
-  class YAMLSyntaxError < Error; end
-
   class ConfigurationError < Error; end
 
   # errors for HTTP interactions
@@ -49,4 +41,18 @@ module Mihari
       @body = body
     end
   end
+
+  class ValidationError < Error
+    attr_reader :errors
+
+    #
+    # @param [String] msg
+    # @param [Dry::Schema::MessageSet] errors
+    #
+    def initialize(msg, errors)
+      super(msg)
+
+      @errors = errors
+    end
+  end
 end

data/lib/mihari/feed/parser.rb

@@ -25,8 +25,8 @@ module Mihari
       def parse(selector)
         parsed = data.instance_eval(selector)
 
-        raise FeedParseError unless parsed.is_a?(Array) || parsed.is_a?(Enumerator)
-        raise FeedParseError unless parsed.all?(String)
+        raise TypeError unless parsed.is_a?(Array) || parsed.is_a?(Enumerator)
+        raise TypeError unless parsed.all?(String)
 
         parsed.to_a
       end

data/lib/mihari/models/artifact.rb

@@ -35,7 +35,7 @@ module Mihari
       attrs = args.first || kwargs
       data_ = attrs[:data]
 
-      raise InvalidArtifactFormatError if data_.is_a?(Array) || data_.is_a?(Hash)
+      raise TypeError if data_.is_a?(Array) || data_.is_a?(Hash)
 
       super(*args, **kwargs)
 

data/lib/mihari/models/autonomous_system.rb

@@ -5,6 +5,8 @@ module Mihari
     belongs_to :artifact
 
     class << self
+      include Dry::Monads[:result]
+
       #
       # Build AS
       #
@@ -13,11 +15,15 @@ module Mihari
       # @return [Mihari::AutonomousSystem, nil]
       #
       def build_by_ip(ip)
-        res = Enrichers::IPInfo.query(ip)
-
-        return nil if res.nil? || res.asn.nil?
-
-        new(asn: res.asn)
+        result = Enrichers::IPInfo.query_result(ip).bind do |res|
+          value = res&.asn
+          if value.nil?
+            Success nil
+          else
+            Success new(asn: value)
+          end
+        end
+        result.value_or nil
       end
     end
   end

data/lib/mihari/models/cpe.rb

@@ -5,6 +5,8 @@ module Mihari
     belongs_to :artifact
 
     class << self
+      include Dry::Monads[:result]
+
       #
       # Build CPEs
       #
@@ -13,10 +15,14 @@ module Mihari
       # @return [Array<Mihari::CPE>]
       #
       def build_by_ip(ip)
-        res = Enrichers::Shodan.query(ip)
-        return [] if res.nil?
-
-        res.cpes.map { |cpe| new(cpe: cpe) }
+        result = Enrichers::Shodan.query_result(ip).bind do |res|
+          if res.nil?
+            Success []
+          else
+            Success(res.cpes.map { |cpe| new(cpe: cpe) })
+          end
+        end
+        result.value_or []
       end
     end
   end

data/lib/mihari/models/dns.rb

@@ -5,6 +5,8 @@ module Mihari
     belongs_to :artifact
 
     class << self
+      include Dry::Monads[:result]
+
       #
       # Build DNS records
       #
@@ -13,23 +15,16 @@ module Mihari
       # @return [Array<Mihari::DnsRecord>]
       #
       def build_by_domain(domain)
-        resource_types = %w[A AAAA CNAME TXT NS]
-        resource_types.map do |resource_type|
-          get_values domain, resource_type
-        rescue Resolv::ResolvError
-          nil
-        end.flatten.compact
-      end
-
-      private
-
-      def get_values(domain, resource_type)
-        response = Enrichers::GooglePublicDNS.query(domain, resource_type)
-        answers = response.answers || []
-
-        answers.filter_map do |answer|
-          new(resource: answer.resource_type, value: answer.data)
+        result = Enrichers::GooglePublicDNS.query_result(domain).bind do |responses|
+          Success(
+            responses.map do |res|
+              res.answers.map do |answer|
+                new(resource: answer.resource_type, value: answer.data)
+              end
+            end.flatten
+          )
         end
+        result.value_or []
       end
     end
   end

data/lib/mihari/models/geolocation.rb

@@ -7,6 +7,8 @@ module Mihari
     belongs_to :artifact
 
     class << self
+      include Dry::Monads[:result]
+
       #
       # Build Geolocation
       #
@@ -15,11 +17,15 @@ module Mihari
       # @return [Mihari::Geolocation, nil]
       #
       def build_by_ip(ip)
-        res = Enrichers::IPInfo.query(ip)
-
-        return nil if res&.country_code.nil?
-
-        new(country: NormalizeCountry(res.country_code, to: :short), country_code: res.country_code)
+        result = Enrichers::IPInfo.query_result(ip).bind do |res|
+          value = res&.country_code
+          if value.nil?
+            Success nil
+          else
+            Success new(country: NormalizeCountry(value, to: :short), country_code: value)
+          end
+        end
+        result.value_or nil
       end
     end
   end

data/lib/mihari/models/port.rb

@@ -5,6 +5,8 @@ module Mihari
     belongs_to :artifact
 
     class << self
+      include Dry::Monads[:result]
+
       #
       # Build ports
       #
@@ -13,10 +15,14 @@ module Mihari
       # @return [Array<Mihari::Port>]
       #
       def build_by_ip(ip)
-        res = Enrichers::Shodan.query(ip)
-        return [] if res.nil?
-
-        res.ports.map { |port| new(port: port) }
+        result = Enrichers::Shodan.query_result(ip).bind do |res|
+          if res.nil?
+            Success []
+          else
+            Success(res.ports.map { |port| new(port: port) })
+          end
+        end
+        result.value_or []
       end
     end
   end

data/lib/mihari/models/reverse_dns.rb

@@ -5,6 +5,8 @@ module Mihari
     belongs_to :artifact
 
     class << self
+      include Dry::Monads[:result]
+
       #
       # Build reverse DNS names
       #
@@ -13,10 +15,14 @@ module Mihari
       # @return [Array<Mihari::ReverseDnsName>]
       #
       def build_by_ip(ip)
-        res = Enrichers::Shodan.query(ip)
-        return [] if res.nil?
-
-        res.hostnames.map { |name| new(name: name) }
+        result = Enrichers::Shodan.query_result(ip).bind do |res|
+          if res.nil?
+            Success []
+          else
+            Success(res.hostnames.map { |name| new(name: name) })
+          end
+        end
+        result.value_or []
       end
     end
   end

data/lib/mihari/models/whois.rb

@@ -7,6 +7,8 @@ module Mihari
     @memo = {}
 
     class << self
+      include Dry::Monads[:result]
+
       #
       # Build whois record
       #
@@ -15,7 +17,8 @@ module Mihari
       # @return [WhoisRecord, nil]
       #
       def build_by_domain(domain)
-        Enrichers::Whois.query domain
+        result = Enrichers::Whois.query_result(domain)
+        result.value_or nil
       end
     end
   end

data/lib/mihari/schemas/analyzer.rb

@@ -7,6 +7,7 @@ module Mihari
       optional(:pagination_limit).value(:integer).default(Mihari.config.pagination_limit)
       optional(:retry_times).value(:integer).default(Mihari.config.retry_times)
       optional(:retry_interval).value(:integer).default(Mihari.config.retry_interval)
+      optional(:ignore_error).value(:bool).default(Mihari.config.ignore_error)
     end
 
     AnalyzerWithoutAPIKey = Dry::Schema.Params do

data/lib/mihari/services/alert_builder.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require "date"
+
+require "erb"
+require "pathname"
+require "yaml"
+
+module Mihari
+  module Services
+    class AlertBuilder
+      include Dry::Monads[:result, :try]
+
+      # @return [String]
+      attr_reader :path
+
+      #
+      # Initialize
+      #
+      # @param [String] path
+      #
+      def initialize(path)
+        @path = path
+      end
+
+      #
+      # @return [Hash]
+      #
+      def data
+        raise ArgumentError, "#{path} does not exist" unless Pathname(path).exist?
+
+        YAML.safe_load(
+          ERB.new(File.read(path)).result,
+          permitted_classes: [Date, Symbol]
+        )
+      end
+
+      def result
+        Try[StandardError] { AlertProxy.new(data) }.to_result
+      end
+    end
+  end
+end

data/lib/mihari/services/alert_proxy.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "json"
+
 module Mihari
   module Services
     class AlertProxy
@@ -16,10 +18,9 @@ module Mihari
       #
       def initialize(data)
         @data = data.deep_symbolize_keys
-
         @errors = nil
 
-        validate
+        validate!
       end
 
       #
@@ -31,21 +32,14 @@ module Mihari
         !@errors.empty?
       end
 
-      def validate
+      def validate!
         contract = Schemas::AlertContract.new
         result = contract.call(data)
 
         @data = result.to_h
         @errors = result.errors
-      end
-
-      def validate!
-        return unless errors?
 
-        Mihari.logger.error "Failed to parse the input as an alert:"
-        Mihari.logger.error JSON.pretty_generate(errors.to_h)
-
-        raise AlertValidationError, errors
+        raise ValidationError.new("Validation failed", errors) if errors?
       end
 
       def [](key)
@@ -74,7 +68,7 @@ module Mihari
       # @return [Mihari::Services::RuleProxy]
       #
       def rule
-        @rule ||= Services::RuleProxy.from_model(Mihari::Rule.find(rule_id))
+        @rule ||= Services::RuleProxy.new(Mihari::Rule.find(rule_id).data)
       end
 
       class << self
@@ -86,19 +80,7 @@ module Mihari
         # @return [Mihari::Services::Alert]
         #
         def from_yaml(yaml)
-          Services::AlertProxy.new YAML.safe_load(yaml, permitted_classes: [Date, Symbol])
-        rescue Psych::SyntaxError => e
-          raise YAMLSyntaxError, e.message
-        end
-
-        # @param [String] path
-        #
-        # @return [Mihari::Services::Alert, nil]
-        #
-        def from_path(path)
-          return nil unless Pathname(path).exist?
-
-          from_yaml File.read(path)
+          new YAML.safe_load(yaml, permitted_classes: [Date, Symbol])
         end
       end
     end

data/lib/mihari/services/alert_runner.rb

@@ -3,6 +3,8 @@
 module Mihari
   module Services
     class AlertRunner
+      include Dry::Monads[:result, :try]
+
       # @return [Mihari::Services::AlertProxy]
       attr_reader :alert
 
@@ -17,6 +19,13 @@ module Mihari
         emitter = Mihari::Emitters::Database.new(artifacts: alert.artifacts, rule: alert.rule)
         emitter.emit
       end
+
+      #
+      # @return [Dry::Monads::Result::Success<Mihari::Alert, nil>, Dry::Monads::Result::Failure]
+      #
+      def result
+        Try[StandardError] { run }.to_result
+      end
     end
   end
 end

data/lib/mihari/services/rule_builder.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require "date"
+require "erb"
+require "pathname"
+require "yaml"
+
+module Mihari
+  module Services
+    class RuleBuilder
+      include Dry::Monads[:result, :try]
+
+      # @return [String]
+      attr_reader :path_or_id
+
+      #
+      # Initialize
+      #
+      # @param [String] path_or_id
+      #
+      def initialize(path_or_id)
+        @path_or_id = path_or_id
+      end
+
+      #
+      # @return [Hash]
+      #
+      def data
+        if Mihari::Rule.exists?(path_or_id)
+          rule = Mihari::Rule.find(path_or_id)
+          return rule.data
+        end
+
+        raise ArgumentError, "#{path_or_id} does not exist" unless Pathname(path_or_id).exist?
+
+        YAML.safe_load(
+          ERB.new(File.read(path_or_id)).result,
+          permitted_classes: [Date, Symbol]
+        )
+      end
+
+      def result
+        Try[StandardError] { RuleProxy.new(data) }.to_result
+      end
+    end
+  end
+end