mihari 5.6.0 → 5.6.2

data/lib/mihari/services/alert_proxy.rb

@@ -16,7 +16,7 @@ module Mihari
       #
       # @param [Hash] data
       #
-      def initialize(data)
+      def initialize(**data)
         @data = data.deep_symbolize_keys
         @errors = nil
 
@@ -54,21 +54,24 @@ module Mihari
       end
 
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def artifacts
         @artifacts ||= data[:artifacts].map do |data|
-          artifact = Artifact.new(data: data)
+          artifact = Models::Artifact.new(data: data)
           artifact.rule_id = rule_id
           artifact
         end.uniq(&:data).select(&:valid?)
       end
 
       #
-      # @return [Mihari::Services::RuleProxy]
+      # @return [Mihari::Rule]
       #
       def rule
-        @rule ||= Services::RuleProxy.new(Mihari::Rule.find(rule_id).data)
+        @rule ||= [].tap do |out|
+          data = Mihari::Models::Rule.find(rule_id).data
+          out << Rule.new(**data)
+        end.first
       end
 
       class << self
@@ -80,7 +83,8 @@ module Mihari
         # @return [Mihari::Services::Alert]
         #
         def from_yaml(yaml)
-          new YAML.safe_load(yaml, permitted_classes: [Date, Symbol])
+          data = YAML.safe_load(yaml, permitted_classes: [Date, Symbol])
+          new(**data)
         end
       end
     end

data/lib/mihari/services/alert_runner.rb

@@ -13,15 +13,15 @@ module Mihari
       end
 
       #
-      # @return [Mihari::Alert]
+      # @return [Mihari::Models::Alert]
       #
       def run
-        emitter = Emitters::Database.new(artifacts: alert.artifacts, rule: alert.rule)
-        emitter.emit
+        emitter = Emitters::Database.new(rule: alert.rule)
+        emitter.emit alert.artifacts
       end
 
       #
-      # @return [Dry::Monads::Result::Success<Mihari::Alert, nil>, Dry::Monads::Result::Failure]
+      # @return [Dry::Monads::Result::Success<Mihari::Models::Alert, nil>, Dry::Monads::Result::Failure]
       #
       def result
         Try[StandardError] { run }.to_result

data/lib/mihari/services/rule_builder.rb

@@ -26,8 +26,8 @@ module Mihari
       # @return [Hash]
       #
       def data
-        if Mihari::Rule.exists?(path_or_id)
-          rule = Mihari::Rule.find(path_or_id)
+        if Mihari::Models::Rule.exists?(path_or_id)
+          rule = Mihari::Models::Rule.find(path_or_id)
           return rule.data
         end
 
@@ -40,7 +40,7 @@ module Mihari
       end
 
       def result
-        Try[StandardError] { RuleProxy.new(data) }.to_result
+        Try[StandardError] { Rule.new(**data) }.to_result
       end
     end
   end

data/lib/mihari/services/rule_runner.rb

@@ -5,7 +5,7 @@ module Mihari
     class RuleRunner
       include Dry::Monads[:result, :try]
 
-      # @return [Mihari::Services::RuleProxy]
+      # @return [Mihari::Rule]
       attr_reader :rule
 
       def initialize(rule)
@@ -16,7 +16,7 @@ module Mihari
       # @return [Boolean]
       #
       def diff?
-        model = Mihari::Rule.find(rule.id)
+        model = Mihari::Models::Rule.find(rule.id)
         model.data != rule.data.deep_stringify_keys
       rescue ActiveRecord::RecordNotFound
         false
@@ -27,14 +27,14 @@ module Mihari
       end
 
       #
-      # @return [Mihari::Alert, nil]
+      # @return [Mihari::Models::Alert, nil]
       #
       def run
-        rule.analyzer.run
+        rule.run
       end
 
       #
-      # @return [Dry::Monads::Result::Success<Mihari::Alert, nil>, Dry::Monads::Result::Failure]
+      # @return [Dry::Monads::Result::Success<Mihari::Models::Alert, nil>, Dry::Monads::Result::Failure]
       #
       def result
         Try[StandardError] { run }.to_result

data/lib/mihari/structs/binaryedge.rb

@@ -69,7 +69,7 @@ module Mihari
         # @return [Array<Artifact>]
         #
         def artifacts
-          events.map { |event| Artifact.new(data: event.target.ip) }
+          events.map { |event| Models::Artifact.new(data: event.target.ip) }
         end
 
         class << self

data/lib/mihari/structs/censys.rb

@@ -19,7 +19,7 @@ module Mihari
         # @return [Mihari::AutonomousSystem]
         #
         def as
-          Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
+          Mihari::Models::AutonomousSystem.new(asn: normalize_asn(asn))
         end
 
         class << self
@@ -63,7 +63,7 @@ module Mihari
           # then set geolocation as nil
           return nil if country.nil?
 
-          Mihari::Geolocation.new(
+          Mihari::Models::Geolocation.new(
             country: country,
             country_code: country_code
           )
@@ -99,7 +99,7 @@ module Mihari
         # @return [Mihari::Port]
         #
         def _port
-          Port.new(port: port)
+          Models::Port.new(port: port)
         end
 
         class << self
@@ -167,10 +167,10 @@ module Mihari
         end
 
         #
-        # @return [Mihari::Artifact]
+        # @return [Mihari::Models::Artifact]
         #
         def artifact
-          Artifact.new(
+          Models::Artifact.new(
             data: ip,
             metadata: metadata,
             autonomous_system: autonomous_system.as,
@@ -267,7 +267,7 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           hits.map(&:artifact)

data/lib/mihari/structs/config.rb

@@ -71,7 +71,7 @@ module Mihari
         # @return [Mihari::Structs::Config, nil] config
         #
         def from_class(klass)
-          return nil if klass == Mihari::Analyzers::Rule
+          return nil if klass == Mihari::Rule
 
           type = get_type(klass)
           return nil if type.nil?

data/lib/mihari/structs/greynoise.rb

@@ -35,14 +35,14 @@ module Mihari
         # @return [Mihari::AutonomousSystem]
         #
         def as
-          Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
+          Mihari::Models::AutonomousSystem.new(asn: normalize_asn(asn))
         end
 
         #
         # @return [Mihari::Geolocation]
         #
         def geolocation
-          Mihari::Geolocation.new(
+          Mihari::Models::Geolocation.new(
             country: country,
             country_code: country_code
           )
@@ -92,10 +92,10 @@ module Mihari
         end
 
         #
-        # @return [Mihari::Artifact]
+        # @return [Mihari::Models::Artifact]
         #
         def artifact
-          Mihari::Artifact.new(
+          Mihari::Models::Artifact.new(
             data: ip,
             metadata: metadata_,
             autonomous_system: metadata.as,
@@ -171,7 +171,7 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           data.map(&:artifact)

data/lib/mihari/structs/hunterhow.rb

@@ -14,10 +14,10 @@ module Mihari
         end
 
         #
-        # @return [Mihari::Artifact]
+        # @return [Mihari::Models::Artifact]
         #
         def artifact
-          Artifact.new(data: ip)
+          Models::Artifact.new(data: ip)
         end
 
         class << self
@@ -49,7 +49,7 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           list.map(&:artifact)

data/lib/mihari/structs/onyphe.rb

@@ -40,10 +40,10 @@ module Mihari
         end
 
         #
-        # @return [Mihari::Artifact]
+        # @return [Mihari::Models::Artifact]
         #
         def artifact
-          Mihari::Artifact.new(
+          Mihari::Models::Artifact.new(
             data: ip,
             metadata: metadata,
             autonomous_system: as,
@@ -57,7 +57,7 @@ module Mihari
         def geolocation
           return nil if country_code.nil?
 
-          Mihari::Geolocation.new(
+          Mihari::Models::Geolocation.new(
             country: NormalizeCountry(country_code, to: :short),
             country_code: country_code
           )
@@ -67,7 +67,7 @@ module Mihari
         # @return [Mihari::AutonomousSystem]
         #
         def as
-          Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
+          Mihari::Models::AutonomousSystem.new(asn: normalize_asn(asn))
         end
 
         class << self
@@ -148,7 +148,7 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           results.map(&:artifact)

data/lib/mihari/structs/shodan.rb

@@ -27,7 +27,7 @@ module Mihari
         def geolocation
           return nil if country_name.nil? && country_code.nil?
 
-          Mihari::Geolocation.new(
+          Mihari::Models::Geolocation.new(
             country: country_name,
             country_code: country_code
           )
@@ -108,7 +108,7 @@ module Mihari
         def _asn
           return nil if asn.nil?
 
-          Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
+          Mihari::Models::AutonomousSystem.new(asn: normalize_asn(asn))
         end
 
         class << self
@@ -192,20 +192,20 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           matches.map do |match|
             metadata = collect_metadata_by_ip(match.ip_str)
 
             ports = collect_ports_by_ip(match.ip_str).map do |port|
-              Mihari::Port.new(port: port)
+              Mihari::Models::Port.new(port: port)
             end
             reverse_dns_names = collect_hostnames_by_ip(match.ip_str).map do |name|
-              Mihari::ReverseDnsName.new(name: name)
+              Mihari::Models::ReverseDnsName.new(name: name)
             end
 
-            Mihari::Artifact.new(
+            Mihari::Models::Artifact.new(
               data: match.ip_str,
               metadata: metadata,
               autonomous_system: match._asn,

data/lib/mihari/structs/urlscan.rb

@@ -81,11 +81,11 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           values = [page.url, page.domain, page.ip].compact
-          values.map { |value| Mihari::Artifact.new(data: value, metadata: metadata) }
+          values.map { |value| Mihari::Models::Artifact.new(data: value, metadata: metadata) }
         end
 
         class << self
@@ -125,7 +125,7 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           results.map(&:artifacts).flatten

data/lib/mihari/structs/virustotal_intelligence.rb

@@ -77,10 +77,10 @@ module Mihari
         end
 
         #
-        # @return [Mihari::Artifact]
+        # @return [Mihari::Models::Artifact]
         #
         def artifact
-          Artifact.new(data: value, metadata: metadata)
+          Models::Artifact.new(data: value, metadata: metadata)
         end
 
         class << self
@@ -151,7 +151,7 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           data.map(&:artifact)

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "5.6.0"
+  VERSION = "5.6.2"
 end

data/lib/mihari/web/endpoints/alerts.rb

@@ -31,8 +31,8 @@ module Mihari
           filter = filter.to_h.symbolize_keys
 
           search_filter_with_pagination = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
-          alerts = Mihari::Alert.search(search_filter_with_pagination)
-          total = Mihari::Alert.count(search_filter_with_pagination.without_pagination)
+          alerts = Mihari::Models::Alert.search(search_filter_with_pagination)
+          total = Mihari::Models::Alert.count(search_filter_with_pagination.without_pagination)
 
           present(
             {
@@ -59,7 +59,7 @@ module Mihari
           id = params["id"].to_i
 
           result = Try do
-            alert = Mihari::Alert.find(id)
+            alert = Mihari::Models::Alert.find(id)
             alert.destroy
           end.to_result
 
@@ -89,7 +89,7 @@ module Mihari
           extend Dry::Monads[:result, :try]
 
           result = Try do
-            proxy = Services::AlertProxy.new(params.to_snake_keys)
+            proxy = Services::AlertProxy.new(**params.to_snake_keys)
             runner = Services::AlertRunner.new(proxy)
             runner.run
           end.to_result

data/lib/mihari/web/endpoints/artifacts.rb

@@ -18,7 +18,7 @@ module Mihari
           id = params[:id].to_i
 
           result = Try do
-            artifact = Mihari::Artifact.includes(
+            artifact = Mihari::Models::Artifact.includes(
               :autonomous_system,
               :geolocation,
               :whois_record,
@@ -26,9 +26,9 @@ module Mihari
               :reverse_dns_names
             ).find(id)
             # TODO: improve queries
-            alert_ids = Mihari::Artifact.where(data: artifact.data).pluck(:alert_id)
-            tag_ids = Mihari::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
-            tag_names = Mihari::Tag.where(id: tag_ids).distinct.pluck(:name)
+            alert_ids = Mihari::Models::Artifact.where(data: artifact.data).pluck(:alert_id)
+            tag_ids = Mihari::Models::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
+            tag_names = Mihari::Models::Tag.where(id: tag_ids).distinct.pluck(:name)
 
             artifact.tags = tag_names
 
@@ -60,7 +60,7 @@ module Mihari
           id = params["id"].to_i
 
           result = Try do
-            artifact = Mihari::Artifact.includes(
+            artifact = Mihari::Models::Artifact.includes(
               :autonomous_system,
               :geolocation,
               :whois_record,
@@ -102,7 +102,7 @@ module Mihari
           id = params["id"].to_i
 
           result = Try do
-            alert = Mihari::Artifact.find(id)
+            alert = Mihari::Models::Artifact.find(id)
             alert.destroy
           end.to_result
 

data/lib/mihari/web/endpoints/rules.rb

@@ -10,7 +10,7 @@ module Mihari
           summary: "Get rule IDs"
         }
         get "/ids" do
-          rule_ids = Mihari::Rule.distinct.pluck(:id)
+          rule_ids = Mihari::Models::Rule.distinct.pluck(:id)
           present({ rule_ids: rule_ids }, with: Entities::RuleIDs)
         end
 
@@ -40,8 +40,8 @@ module Mihari
           filter = filter.to_h.symbolize_keys
 
           search_filter_with_pagenation = Structs::Filters::Rule::SearchFilterWithPagination.new(**filter)
-          rules = Mihari::Rule.search(search_filter_with_pagenation)
-          total = Mihari::Rule.count(search_filter_with_pagenation.without_pagination)
+          rules = Mihari::Models::Rule.search(search_filter_with_pagenation)
+          total = Mihari::Models::Rule.count(search_filter_with_pagenation.without_pagination)
 
           present(
             { rules: rules,
@@ -66,7 +66,7 @@ module Mihari
           id = params["id"].to_s
 
           result = Try do
-            Mihari::Rule.find(id)
+            Mihari::Models::Rule.find(id)
           end.to_result
 
           return present(result.value!, with: Entities::Rule) if result.success?
@@ -92,10 +92,7 @@ module Mihari
 
           id = params["id"].to_s
 
-          result = Try do
-            Mihari::Services::RuleProxy.from_model(Mihari::Rule.find(id))
-          end.to_result
-
+          result = Try { Rule.from_model(Mihari::Models::Rule.find(id)) }.to_result
           if result.success?
             result.value!.analyzer.run
             status 201
@@ -122,11 +119,9 @@ module Mihari
           extend Dry::Monads[:result, :try]
 
           yaml = params[:yaml]
-          result = Try do
-            Services::RuleProxy.from_yaml(yaml)
-          end.to_result.bind do |rule|
+          result = Try { Rule.from_yaml(yaml) }.to_result.bind do |rule|
             Try do
-              found = Mihari::Rule.find_by_id(rule.id)
+              found = Mihari::Models::Rule.find_by_id(rule.id)
               error!({ message: "ID:#{rule.id} is already registered" }, 400) unless found.nil?
               rule
             end.to_result
@@ -168,11 +163,9 @@ module Mihari
           yaml = params[:yaml]
 
           result = Try do
-            Mihari::Rule.find(id)
+            Mihari::Models::Rule.find(id)
           end.to_result.bind do |_|
-            Try do
-              Services::RuleProxy.from_yaml(yaml)
-            end.to_result
+            Try { Rule.from_yaml(yaml) }.to_result
           end.bind do |rule|
             Try do
               rule.model.save
@@ -212,7 +205,7 @@ module Mihari
           id = params["id"].to_s
 
           result = Try do
-            rule = Mihari::Rule.find(id)
+            rule = Mihari::Models::Rule.find(id)
             rule.destroy
           end.to_result
 

data/lib/mihari/web/endpoints/tags.rb

@@ -10,7 +10,7 @@ module Mihari
           summary: "Get tags"
         }
         get "/" do
-          tags = Mihari::Tag.distinct.pluck(:name)
+          tags = Mihari::Models::Tag.distinct.pluck(:name)
           present({ tags: tags }, with: Entities::Tags)
         end
 
@@ -28,7 +28,7 @@ module Mihari
           name = params[:name].to_s
 
           result = Try do
-            Mihari::Tag.where(name: name).destroy_all
+            Mihari::Models::Tag.where(name: name).destroy_all
           end.to_result
 
           if result.success?