mihari 5.6.0 → 5.6.2

data/lib/mihari/clients/the_hive.rb

@@ -11,7 +11,7 @@ module Mihari
       # @param [Integer, nil] timeout
       #
       def initialize(base_url, api_key:, api_version:, headers: {}, timeout: nil)
-        raise(ArgumentError, "'api_key' argument is required") unless api_key
+        raise(ArgumentError, "api_key is required") unless api_key
 
         base_url += "/#{api_version}" unless api_version.nil?
         headers["authorization"] = "Bearer #{api_key}"

data/lib/mihari/clients/urlscan.rb

@@ -7,17 +7,17 @@ module Mihari
       # @param [String] base_url
       # @param [String, nil] api_key
       # @param [Hash] headers
-      # @param [Interval, nil] interval
-      # @param [Interval, nil] timeout
+      # @param [Integer, nil] interval
+      # @param [Integer, nil] timeout
       #
       def initialize(
         base_url = "https://urlscan.io",
         api_key:,
         headers: {},
-        pagination_interval: 0,
+        pagination_interval: Mihari.config.pagination_interval,
         timeout: nil
       )
-        raise(ArgumentError, "'api_key' argument is required") if api_key.nil?
+        raise(ArgumentError, "api_key is required") if api_key.nil?
 
         headers["api-key"] = api_key
 

data/lib/mihari/clients/virustotal.rb

@@ -14,10 +14,10 @@ module Mihari
         base_url = "https://www.virustotal.com",
         api_key:,
         headers: {},
-        pagination_interval: 0,
+        pagination_interval: Mihari.config.pagination_interval,
         timeout: nil
       )
-        raise(ArgumentError, "'api_key' argument is required") if api_key.nil?
+        raise(ArgumentError, "api_key is required") if api_key.nil?
 
         headers["x-apikey"] = api_key
 

data/lib/mihari/clients/zoomeye.rb

@@ -18,10 +18,10 @@ module Mihari
         base_url = "https://api.zoomeye.org",
         api_key:,
         headers: {},
-        pagination_interval: 0,
+        pagination_interval: Mihari.config.pagination_interval,
         timeout: nil
       )
-        raise(ArgumentError, "'api_key' argument is required") unless api_key
+        raise(ArgumentError, "api_key is required") unless api_key
 
         headers["api-key"] = api_key
         super(base_url, headers: headers, pagination_interval: pagination_interval, timeout: timeout)

data/lib/mihari/commands/rule.rb

@@ -17,10 +17,7 @@ module Mihari
             # @param [String] path
             #
             def validate(path)
-              res = Dry::Monads::Try[ValidationError] do
-                Services::RuleProxy.from_yaml File.read(path)
-              end
-
+              res = Dry::Monads::Try[ValidationError] { Mihari::Rule.from_yaml File.read(path) }
               rule = res.value!
               puts rule.data.to_yaml
             end
@@ -42,13 +39,6 @@ module Mihari
             end
 
             no_commands do
-              #
-              # @return [Mihari::Services::Rule]
-              #
-              def rule
-                Services::RuleProxy.from_yaml File.read(File.expand_path("../templates/rule.yml.erb", __dir__))
-              end
-
               #
               # Create a new rule
               #
@@ -58,6 +48,7 @@ module Mihari
               # @return [nil]
               #
               def initialize_rule(path, files = Dry::Files.new)
+                rule = Mihari::Rule.from_yaml File.read(File.expand_path("../templates/rule.yml.erb", __dir__))
                 files.write(path, rule.yaml)
               end
             end

data/lib/mihari/commands/search.rb

@@ -32,7 +32,7 @@ module Mihari
 
             no_commands do
               #
-              # @param [Mihari::Services::RuleProxy] rule
+              # @param [Mihari::Services::RuleRunner] rule
               #
               def check_diff(rule)
                 force_overwrite = options["force_overwrite"] || false

data/lib/mihari/emitters/base.rb

@@ -2,49 +2,38 @@
 
 module Mihari
   module Emitters
-    class Base < Mihari::Base
-      include Dry::Monads[:result, :try]
-
-      include Mixins::Configurable
-      include Mixins::Retriable
-
-      # @return [Array<Mihari::Artifact>]
-      attr_reader :artifacts
-
-      # @return [Mihari::Services::Rule]
+    class Base < Actor
+      # @return [Mihari::Rule]
       attr_reader :rule
 
       #
-      # @param [Array<Mihari::Artifact>] artifacts
-      # @param [Mihari::Services::RuleProxy] rule
+      # @param [Mihari::Rule] rule
       # @param [Hash, nil] options
       # @param [Hash] **_params
       #
-      def initialize(artifacts:, rule:, options: nil, **_params)
+      def initialize(rule:, options: nil, **_params)
         super(options: options)
 
-        @artifacts = artifacts
         @rule = rule
       end
 
-      # @return [Boolean]
-      def valid?
-        raise NotImplementedError, "You must implement #{self.class}##{__method__}"
-      end
-
-      def result
+      #
+      # @param [Array<Mihari::Models::Artifact>] artifacts
+      #
+      def emit_result(artifacts)
         Try[StandardError] do
           retry_on_error(
             times: retry_times,
             interval: retry_interval,
             exponential_backoff: retry_exponential_backoff
-          ) do
-            emit
-          end
+          ) { emit artifacts }
         end.to_result
       end
 
-      def emit
+      #
+      # @param [Array<Mihari::Models::Artifact>] artifacts
+      #
+      def emit(artifacts)
         raise NotImplementedError, "You must implement #{self.class}##{__method__}"
       end
 

data/lib/mihari/emitters/database.rb

@@ -3,22 +3,20 @@
 module Mihari
   module Emitters
     class Database < Base
-      def valid?
-        configured?
-      end
-
       #
       # Create an alert
       #
-      # @return [Mihari::Alert, nil]
+      # @param [Array<Mihari::Models::Artifact>] artifacts
+      #
+      # @return [Mihari::Models::Alert, nil]
       #
-      def emit
+      def emit(artifacts)
         return if artifacts.empty?
 
-        tags = rule.tags.filter_map { |name| Tag.find_or_create_by(name: name) }.uniq
-        taggings = tags.map { |tag| Tagging.new(tag_id: tag.id) }
+        tags = rule.tags.filter_map { |name| Models::Tag.find_or_create_by(name: name) }.uniq
+        taggings = tags.map { |tag| Models::Tagging.new(tag_id: tag.id) }
 
-        alert = Alert.new(artifacts: artifacts, taggings: taggings, rule_id: rule.id)
+        alert = Models::Alert.new(artifacts: artifacts, taggings: taggings, rule_id: rule.id)
         alert.save
         alert
       end

data/lib/mihari/emitters/misp.rb

@@ -9,50 +9,39 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [Array<Mihari::Artifact>]
-      attr_reader :artifacts
-
       # @return [Mihari::Services::Rule]
       attr_reader :rule
 
+      # @return [Array<Mihari::Models::Artifact>]
+      attr_accessor :artifacts
+
       #
-      # @param [Array<Mihari::Artifact>] artifacts
       # @param [Mihari::Services::Rule] rule
       # @param [Hash, nil] options
       # @param [Hash] **params
       #
-      def initialize(artifacts:, rule:, options: nil, **params)
-        super(artifacts: artifacts, rule: rule, options: options)
+      def initialize(rule:, options: nil, **params)
+        super(rule: rule, options: options)
 
         @url = params[:url] || Mihari.config.misp_url
         @api_key = params[:api_key] || Mihari.config.misp_api_key
+
+        @artifacts = []
       end
 
+      #
       # @return [Boolean]
-      def valid?
-        unless url? && api_key?
-          Mihari.logger.info("MISP URL is not set") unless url?
-          Mihari.logger.info("MISP API key is not set") unless api_key?
-          return false
-        end
-
-        unless ping?
-          Mihari.logger.info("MISP URL (#{url}) is not reachable")
-          return false
-        end
-
-        true
+      #
+      def configured?
+        api_key? && url?
       end
 
       #
       # Create a MISP event
       #
-      # @param [Arra<Mihari::Artifact>] artifacts
-      # @param [Mihari::Services::Rule] rule
-      #
-      # @return [::MISP::Event]
+      # @param [Array<Mihari::Models::Artifact>] artifacts
       #
-      def emit
+      def emit(artifacts)
         return if artifacts.empty?
 
         client.create_event({
@@ -77,7 +66,7 @@ module Mihari
       #
       # Build a MISP attribute
       #
-      # @param [Mihari::Artifact] artifact
+      # @param [Mihari::Models::Artifact] artifact
       #
       # @return [Hash]
       #
@@ -143,19 +132,6 @@ module Mihari
       def api_key?
         !api_key.nil? && !api_key.empty?
       end
-
-      #
-      # Check whether a URL is reachable or not
-      #
-      # @return [Boolean]
-      #
-      def ping?
-        base_url = url.end_with?("/") ? url[0..-2] : url
-        login_url = "#{base_url}/users/login"
-
-        http = Net::Ping::HTTP.new(login_url)
-        http.ping?
-      end
     end
   end
 end

data/lib/mihari/emitters/slack.rb

@@ -131,18 +131,22 @@ module Mihari
       # @return [String]
       attr_reader :username
 
+      # @return [Array<Mihari::Models::Artifact>]
+      attr_accessor :artifacts
+
       #
-      # @param [Array<Mihari::Artifact>] artifacts
       # @param [Mihari::Services::Rule] rule
       # @param [Hash, nil] options
       # @param [Hash] **params
       #
-      def initialize(artifacts:, rule:, options: nil, **params)
-        super(artifacts: artifacts, rule: rule, options: options)
+      def initialize(rule:, options: nil, **params)
+        super(rule: rule, options: options)
 
         @webhook_url = params[:webhook_url] || Mihari.config.slack_webhook_url
         @channel = params[:channel] || Mihari.config.slack_channel || DEFAULT_CHANNEL
         @username = DEFAULT_USERNAME
+
+        @artifacts = []
       end
 
       #
@@ -154,12 +158,10 @@ module Mihari
         !webhook_url.nil?
       end
 
-      #
-      # Check webhook URL is set. Alias of #webhook_url?
       #
       # @return [Boolean]
       #
-      def valid?
+      def configured?
         webhook_url?
       end
 
@@ -211,19 +213,20 @@ module Mihari
         ].join("\n")
       end
 
-      def emit
+      #
+      # @param [Array<Mihari::Models::Artifact>] artifacts
+      #
+      def emit(artifacts)
         return if artifacts.empty?
 
+        @artifacts = artifacts
+
         notifier.post(text: text, attachments: attachments, mrkdwn: true)
       end
 
       def configuration_keys
         %w[slack_webhook_url slack_channel]
       end
-
-      def configured?
-        valid?
-      end
     end
   end
 end

data/lib/mihari/emitters/the_hive.rb

@@ -12,45 +12,42 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_version
 
+      # @return [Array<Mihari::Models::Artifact>]
+      attr_accessor :artifacts
+
       #
-      # @param [Array<Mihari::Artifact>] artifacts
       # @param [Mihari::Services::Rule] rule
       # @param [Hash, nil] options
       # @param [Hash] **params
       #
-      def initialize(artifacts:, rule:, options: nil, **params)
-        super(artifacts: artifacts, rule: rule, options: options)
+      def initialize(rule:, options: nil, **params)
+        super(rule: rule, options: options)
 
         @url = params[:url] || Mihari.config.thehive_url
         @api_key = params[:api_key] || Mihari.config.thehive_api_key
         @api_version = params[:api_version] || Mihari.config.thehive_api_version
+
+        @artifacts = []
       end
 
+      #
       # @return [Boolean]
-      def valid?
-        unless url? && api_key?
-          Mihari.logger.info("TheHive URL is not set") unless url?
-          Mihari.logger.info("TheHive API key is not set") unless api_key?
-          return false
-        end
-
-        unless ping?
-          Mihari.logger.info("TheHive URL (#{url}) is not reachable")
-          return false
-        end
-
-        true
+      #
+      def configured?
+        api_key? && url?
       end
 
       #
       # Create a Hive alert
       #
-      # @return [::MISP::Event]
+      # @param [Array<Mihari::Models::Artifact>] artifacts
       #
-      def emit
+      def emit(artifacts)
         return if artifacts.empty?
 
-        client.alert(payload)
+        @artifacts = artifacts
+
+        client.alert payload
       end
 
       #
@@ -146,31 +143,6 @@ module Mihari
           source_ref: "1"
         }
       end
-
-      #
-      # Check whether a URL is reachable or not
-      #
-      # @return [Boolean]
-      #
-      def ping?
-        base_url = url.end_with?("/") ? url[0..-2] : url
-
-        if normalized_api_version.nil?
-          # for v4
-          base_url = url.end_with?("/") ? url[0..-2] : url
-          public_url = "#{base_url}/index.html"
-        else
-          # for v5
-          public_url = "#{base_url}/api/v1/status/public"
-        end
-
-        http = Net::Ping::HTTP.new(public_url)
-
-        # use GET for v5
-        http.get_request = true if normalized_api_version
-
-        http.ping?
-      end
     end
   end
 end

data/lib/mihari/emitters/webhook.rb

@@ -57,23 +57,41 @@ module Mihari
       # @return [String, nil]
       attr_reader :template
 
+      # @return [Array<Mihari::Models::Artifact>]
+      attr_accessor :artifacts
+
       #
-      # @param [Array<Mihari::Artifact>] artifacts
       # @param [Mihari::Services::Rule] rule
       # @param [Hash] **options
       #
-      def initialize(artifacts:, rule:, options: nil, **params)
-        super(artifacts: artifacts, rule: rule, options: options)
+      def initialize(rule:, options: nil, **params)
+        super(rule: rule, options: options)
 
         @url = Addressable::URI.parse(params[:url])
         @headers = params[:headers] || {}
         @method = params[:method] || "POST"
         @template = params[:template]
+
+        @artifacts = []
+      end
+
+      #
+      # @return [Boolean]
+      #
+      def configured?
+        return false if url.nil?
+
+        %w[http https].include? url.scheme.downcase
       end
 
-      def emit
+      #
+      # @param [Array<Mihari::Models::Artifact>] artifacts
+      #
+      def emit(artifacts)
         return if artifacts.empty?
 
+        @artifacts = artifacts
+
         # returns body to prevent Parallel issue (Parallel fails to handle HTTP:Response object)
         case method
         when "GET"
@@ -83,12 +101,6 @@ module Mihari
         end
       end
 
-      def valid?
-        return false if url.nil?
-
-        %w[http https].include? url.scheme.downcase
-      end
-
       private
 
       def http
@@ -101,17 +113,15 @@ module Mihari
       # @return [String]
       #
       def rendered_template
-        [].tap do |out|
-          options = {}
-          options[:template] = File.read(template) unless template.nil?
-
-          payload_template = PayloadTemplate.new(
-            artifacts: artifacts,
-            rule: rule,
-            options: options
-          )
-          out << payload_template.result
-        end.first
+        options = {}
+        options[:template] = File.read(template) unless template.nil?
+
+        payload_template = PayloadTemplate.new(
+          artifacts: artifacts,
+          rule: rule,
+          options: options
+        )
+        payload_template.result
       end
 
       #

data/lib/mihari/enrichers/base.rb

@@ -2,12 +2,7 @@
 
 module Mihari
   module Enrichers
-    class Base < Mihari::Base
-      include Mixins::Configurable
-      include Mixins::Retriable
-
-      include Dry::Monads[:result, :try]
-
+    class Base < Actor
       def initialize(options: nil)
         super(options: options)
       end

data/lib/mihari/enrichers/whois.rb

@@ -34,7 +34,7 @@ module Mihari
         parser = record.parser
         return nil if parser.available?
 
-        whois_record = WhoisRecord.new(
+        whois_record = Models::WhoisRecord.new(
           domain: domain,
           created_on: get_created_on(parser),
           updated_on: get_updated_on(parser),