mihari 5.4.9 → 5.6.0

data/lib/mihari/schemas/enricher.rb

@@ -2,8 +2,27 @@
 
 module Mihari
   module Schemas
-    Enricher = Dry::Schema.Params do
-      required(:enricher).value(Types::EnricherTypes)
+    module Enrichers
+      IPInfo = Dry::Schema.Params do
+        required(:enricher).value(Types::String.enum("ipinfo"))
+        optional(:api_key).value(:string)
+        optional(:options).hash(Options)
+      end
+
+      Whois = Dry::Schema.Params do
+        required(:enricher).value(Types::String.enum("whois"))
+        optional(:options).hash(Options)
+      end
+
+      Shodan = Dry::Schema.Params do
+        required(:enricher).value(Types::String.enum("shodan"))
+        optional(:options).hash(Options)
+      end
+
+      GooglePublicDNS = Dry::Schema.Params do
+        required(:enricher).value(Types::String.enum("google_public_dns"))
+        optional(:options).hash(Options)
+      end
     end
   end
 end

data/lib/mihari/schemas/options.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require "dry/schema"
+
+module Mihari
+  module Schemas
+    Options = Dry::Schema.Params do
+      optional(:retry_times).value(:integer).default(Mihari.config.retry_times)
+      optional(:retry_interval).value(:integer).default(Mihari.config.retry_interval)
+      optional(:retry_exponential_backoff).value(:bool).default(Mihari.config.retry_exponential_backoff)
+      optional(:timeout).value(:integer)
+    end
+
+    IgnoreErrorOptions = Dry::Schema.Params do
+      optional(:ignore_error).value(:bool).default(Mihari.config.ignore_error)
+    end
+
+    AnalyzerOptions = Options | IgnoreErrorOptions
+
+    PaginationOptions = Dry::Schema.Params do
+      optional(:pagination_interval).value(:integer).default(Mihari.config.pagination_interval)
+      optional(:pagination_limit).value(:integer).default(Mihari.config.pagination_limit)
+    end
+
+    AnalyzerPaginationOptions = AnalyzerOptions | PaginationOptions
+  end
+end

data/lib/mihari/schemas/rule.rb

@@ -22,14 +22,18 @@ module Mihari
       optional(:updated_on).value(:date)
 
       required(:queries).value(:array).each do
-        AnalyzerWithoutAPIKey | AnalyzerWithAPIKey | Censys | CIRCL | PassiveTotal | ZoomEye | Crtsh | Feed | HunterHow
+        AnalyzerAPIKey | AnalyzerAPIKeyPagination | Censys | CIRCL | PassiveTotal | ZoomEye | Crtsh | Feed | HunterHow | DNSTwister
       end
 
-      optional(:emitters).value(:array).each { Database | MISP | TheHive | Slack | Webhook }.default(DEFAULT_EMITTERS)
+      optional(:emitters).value(:array).each do
+        Emitters::Database | Emitters::MISP | Emitters::TheHive | Emitters::Slack | Emitters::Webhook
+      end.default(DEFAULT_EMITTERS)
 
-      optional(:enrichers).value(:array).each(Enricher).default(DEFAULT_ENRICHERS)
+      optional(:enrichers).value(:array).each do
+        Enrichers::Whois | Enrichers::IPInfo | Enrichers::Shodan | Enrichers::GooglePublicDNS
+      end.default(DEFAULT_ENRICHERS)
 
-      optional(:data_types).value(array[Types::DataTypes]).default(DEFAULT_DATA_TYPES)
+      optional(:data_types).value(array[Types::DataTypes]).default(Mihari::Types::DataTypes.values)
       optional(:falsepositives).value(array[:string]).default([])
 
       optional(:artifact_lifetime).value(:integer)

data/lib/mihari/services/alert_runner.rb

@@ -16,7 +16,7 @@ module Mihari
       # @return [Mihari::Alert]
       #
       def run
-        emitter = Mihari::Emitters::Database.new(artifacts: alert.artifacts, rule: alert.rule)
+        emitter = Emitters::Database.new(artifacts: alert.artifacts, rule: alert.rule)
         emitter.emit
       end
 

data/lib/mihari/services/rule_runner.rb

@@ -5,21 +5,11 @@ module Mihari
     class RuleRunner
       include Dry::Monads[:result, :try]
 
-      include Mixins::ErrorNotification
-
       # @return [Mihari::Services::RuleProxy]
       attr_reader :rule
 
-      # @return [Boolean]
-      attr_reader :force_overwrite
-
-      def initialize(rule, force_overwrite:)
+      def initialize(rule)
         @rule = rule
-        @force_overwrite = force_overwrite
-      end
-
-      def force_overwrite?
-        force_overwrite
       end
 
       #

data/lib/mihari/types.rb

@@ -12,21 +12,8 @@ module Mihari
     Double = Strict::Float | Strict::Integer
     DateTime = Strict::DateTime
 
-    DataTypes = Types::String.enum(*DEFAULT_DATA_TYPES)
+    DataTypes = Types::String.enum("hash", "ip", "domain", "url", "mail")
 
     HTTPRequestMethods = Types::String.enum("GET", "POST")
-    HTTPRequestPayloadTypes = Types::String.enum("application/json", "application/x-www-form-urlencoded")
-
-    EmitterTypes = Types::String.enum(
-      "database",
-      "webhook"
-    )
-
-    EnricherTypes = Types::String.enum(
-      "whois",
-      "ipinfo",
-      "shodan",
-      "google_public_dns"
-    )
   end
 end

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "5.4.9"
+  VERSION = "5.6.0"
 end

data/lib/mihari/web/endpoints/ip_addresses.rb

@@ -15,7 +15,7 @@ module Mihari
         get "/:ip", requirements: { ip: %r{[^/]+} } do
           ip = params[:ip].to_s
 
-          data = Enrichers::IPInfo.query(ip)
+          data = Enrichers::IPInfo.new.query(ip)
           error!({ message: "IP:#{ip} is not found" }, 404) if data.nil?
 
           present data, with: Entities::IPAddress