mihari 5.6.1 → 5.6.2

data/frontend/package.json

@@ -19,8 +19,8 @@
     "@fortawesome/vue-fontawesome": "^3.0.3",
     "@vueuse/core": "^10.5.0",
     "@vueuse/router": "^10.5.0",
-    "ace-builds": "^1.30.0",
-    "axios": "^1.5.1",
+    "ace-builds": "^1.31.0",
+    "axios": "^1.6.0",
     "bulma": "^0.9.4",
     "bulma-helpers": "^0.4.3",
     "dayjs": "^1.11.10",
@@ -30,21 +30,21 @@
     "ts-dedent": "^2.2.0",
     "url-parse": "^1.5.10",
     "uuidv4": "^6.2.13",
-    "vue": "^3.3.6",
+    "vue": "^3.3.7",
     "vue-concurrency": "4.0.1",
     "vue-json-pretty": "^2.2.4",
     "vue-router": "^4.2.5",
     "vue3-ace-editor": "^2.2.3"
   },
   "devDependencies": {
-    "@redocly/cli": "1.3.0",
+    "@redocly/cli": "1.4.0",
     "@rushstack/eslint-patch": "^1.5.1",
     "@tsconfig/node20": "^20.1.2",
     "@types/jsdom": "^21.1.4",
-    "@types/node": "^20.8.7",
+    "@types/node": "^20.8.9",
     "@types/url-parse": "^1.4.10",
-    "@typescript-eslint/eslint-plugin": "^6.8.0",
-    "@typescript-eslint/parser": "^6.8.0",
+    "@typescript-eslint/eslint-plugin": "^6.9.0",
+    "@typescript-eslint/parser": "^6.9.0",
     "@vitejs/plugin-vue": "^4.4.0",
     "@vue/eslint-config-prettier": "^8.0.0",
     "@vue/eslint-config-typescript": "^12.0.0",
@@ -54,7 +54,7 @@
     "eslint-config-prettier": "^9.0.0",
     "eslint-plugin-prettier": "^5.0.1",
     "eslint-plugin-simple-import-sort": "^10.0.0",
-    "eslint-plugin-vue": "^9.17.0",
+    "eslint-plugin-vue": "^9.18.1",
     "husky": "^8.0.3",
     "jsdom": "^22.1.0",
     "npm-run-all": "^4.1.5",
@@ -62,6 +62,6 @@
     "typescript": "~5.2.2",
     "vite": "^4.5.0",
     "vitest": "^0.34.6",
-    "vue-tsc": "^1.8.19"
+    "vue-tsc": "^1.8.22"
   }
 }

data/lib/mihari/{base.rb → actor.rb}

@@ -4,7 +4,12 @@ module Mihari
   #
   # Base class for Analyzer, Emitter and Enricher
   #
-  class Base
+  class Actor
+    include Dry::Monads[:result, :try]
+
+    include Mixins::Configurable
+    include Mixins::Retriable
+
     # @return [Hash]
     attr_reader :options
 
@@ -43,6 +48,15 @@ module Mihari
       options[:timeout]
     end
 
+    def validate_configuration!
+      return if configured?
+
+      joined = configuration_keys.join(", ")
+      be = (configuration_keys.length > 1) ? "are" : "is"
+      message = "#{self.class.class_key} is not configured correctly. #{joined} #{be} missing."
+      raise ConfigurationError, message
+    end
+
     class << self
       #
       # @return [String]
@@ -62,7 +76,7 @@ module Mihari
       # @return [Array<String>]
       #
       def class_keys
-        ([class_key] + [class_key_aliases]).flatten.compact
+        ([class_key] + [class_key_aliases]).flatten.compact.map(&:downcase)
       end
     end
   end

data/lib/mihari/analyzers/base.rb

@@ -2,12 +2,7 @@
 
 module Mihari
   module Analyzers
-    class Base < Mihari::Base
-      include Dry::Monads[:result, :try]
-
-      include Mixins::Configurable
-      include Mixins::Retriable
-
+    class Base < Actor
       # @return [String]
       attr_reader :query
 
@@ -45,7 +40,7 @@ module Mihari
         Mihari.config.ignore_error
       end
 
-      # @return [Array<String>, Array<Mihari::Artifact>]
+      # @return [Array<String>, Array<Mihari::Models::Artifact>]
       def artifacts
         raise NotImplementedError, "You must implement #{self.class}##{__method__}"
       end
@@ -55,14 +50,14 @@ module Mihari
       # - Convert data (string) into an artifact
       # - Reject an invalid artifact
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def normalized_artifacts
         retry_on_error(times: retry_times, interval: retry_interval, exponential_backoff: retry_exponential_backoff) do
           artifacts.compact.sort.map do |artifact|
             # No need to set data_type manually
             # It is set automatically in #initialize
-            artifact = artifact.is_a?(Artifact) ? artifact : Artifact.new(data: artifact)
+            artifact = artifact.is_a?(Models::Artifact) ? artifact : Models::Artifact.new(data: artifact)
             artifact.source = self.class.class_key
             artifact
           end.select(&:valid?).uniq(&:data)
@@ -70,7 +65,7 @@ module Mihari
       end
 
       #
-      # @return [Dry::Monads::Result::Success<Array<Mihari::Artifact>>, Dry::Monads::Result::Failure]
+      # @return [Dry::Monads::Result::Success<Array<Mihari::Models::Artifact>>, Dry::Monads::Result::Failure]
       #
       def result
         Try[StandardError] { normalized_artifacts }.to_result

data/lib/mihari/analyzers/censys.rb

@@ -24,7 +24,7 @@ module Mihari
       end
 
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def artifacts
         client.search_with_pagination(query, pagination_limit: pagination_limit).map do |res|

data/lib/mihari/analyzers/hunterhow.rb

@@ -27,7 +27,7 @@ module Mihari
       end
 
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def artifacts
         client.search_with_pagination(

data/lib/mihari/analyzers/passivetotal.rb

@@ -54,7 +54,7 @@ module Mihari
         #
         # @return [Array<String>, nil]
         #
-        def key_aliases
+        def class_key_aliases
           ["pt"]
         end
       end

data/lib/mihari/analyzers/pulsedive.rb

@@ -35,7 +35,7 @@ module Mihari
             nil
           else
             data = property["value"]
-            Artifact.new(data: data, metadata: property)
+            Models::Artifact.new(data: data, metadata: property)
           end
         end
       end

data/lib/mihari/analyzers/securitytrails.rb

@@ -48,7 +48,7 @@ module Mihari
         #
         # @return [Array<String>, nil]
         #
-        def key_aliases
+        def class_key_aliases
           ["st"]
         end
       end

data/lib/mihari/analyzers/urlscan.rb

@@ -29,7 +29,7 @@ module Mihari
       end
 
       def artifacts
-        # @type [Array<Mihari::Artifact>]
+        # @type [Array<Mihari::Models::Artifact>]
         artifacts = client.search_with_pagination(query, pagination_limit: pagination_limit).map(&:artifacts).flatten
 
         artifacts.select do |artifact|

data/lib/mihari/analyzers/virustotal.rb

@@ -43,7 +43,7 @@ module Mihari
         #
         # @return [Array<String>, nil]
         #
-        def key_aliases
+        def class_key_aliases
           ["vt"]
         end
       end
@@ -66,7 +66,7 @@ module Mihari
       #
       # Domain search
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def domain_search
         res = client.domain_search(query)
@@ -74,14 +74,14 @@ module Mihari
         data = res["data"] || []
         data.filter_map do |item|
           data = item.dig("attributes", "ip_address")
-          data.nil? ? nil : Artifact.new(data: data, metadata: item)
+          data.nil? ? nil : Models::Artifact.new(data: data, metadata: item)
         end
       end
 
       #
       # IP search
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def ip_search
         res = client.ip_search(query)
@@ -89,7 +89,7 @@ module Mihari
         data = res["data"] || []
         data.filter_map do |item|
           data = item.dig("attributes", "host_name")
-          Artifact.new(data: data, metadata: item)
+          Models::Artifact.new(data: data, metadata: item)
         end.uniq
       end
     end

data/lib/mihari/analyzers/zoomeye.rb

@@ -65,7 +65,7 @@ module Mihari
       #
       # @param [Hash] response
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def convert(res)
         matches = res["matches"] || []
@@ -73,9 +73,9 @@ module Mihari
           data = match["ip"]
 
           if data.is_a?(Array)
-            data.map { |d| Artifact.new(data: d, metadata: match) }
+            data.map { |d| Models::Artifact.new(data: d, metadata: match) }
           else
-            Artifact.new(data: data, metadata: match)
+            Models::Artifact.new(data: data, metadata: match)
           end
         end.flatten
       end

data/lib/mihari/clients/crtsh.rb

@@ -19,7 +19,7 @@ module Mihari
       # @param [String, nil] match "=", "ILIKE", "LIKE", "single", "any" or nil
       # @param [String, nil] exclude "expired" or nil
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def search(identity, match: nil, exclude: nil)
         params = { identity: identity, match: match, exclude: exclude, output: "json" }.compact
@@ -29,7 +29,7 @@ module Mihari
 
         parsed.map do |result|
           values = result["name_value"].to_s.lines.map(&:chomp)
-          values.map { |value| Artifact.new(data: value, metadata: result) }
+          values.map { |value| Models::Artifact.new(data: value, metadata: result) }
         end.flatten
       end
     end

data/lib/mihari/clients/passivetotal.rb

@@ -39,7 +39,7 @@ module Mihari
       #
       # @param [String] query
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def reverse_whois_search(query)
         params = {
@@ -50,7 +50,7 @@ module Mihari
         results = res["results"] || []
         results.map do |result|
           data = result["domain"]
-          Artifact.new(data: data, metadata: result)
+          Models::Artifact.new(data: data, metadata: result)
         end.flatten
       end
 
@@ -59,7 +59,7 @@ module Mihari
       #
       # @param [String] query
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def ssl_search(query)
         params = { query: query }
@@ -67,7 +67,7 @@ module Mihari
         results = res["results"] || []
         results.map do |result|
           data = result["ipAddresses"]
-          data.map { |d| Artifact.new(data: d, metadata: result) }
+          data.map { |d| Models::Artifact.new(data: d, metadata: result) }
         end.flatten
       end
 

data/lib/mihari/clients/securitytrails.rb

@@ -36,13 +36,13 @@ module Mihari
       #
       # @param [String] query
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def ip_search(query)
         records = search_by_ip(query)
         records.filter_map do |record|
           data = record["hostname"]
-          Artifact.new(data: data, metadata: record)
+          Models::Artifact.new(data: data, metadata: record)
         end
       end
 
@@ -57,7 +57,7 @@ module Mihari
         records = search_by_mail(query)
         records.filter_map do |record|
           data = record["hostname"]
-          Artifact.new(data: data, metadata: record)
+          Models::Artifact.new(data: data, metadata: record)
         end
       end
 

data/lib/mihari/commands/rule.rb

@@ -17,10 +17,7 @@ module Mihari
             # @param [String] path
             #
             def validate(path)
-              res = Dry::Monads::Try[ValidationError] do
-                Services::RuleProxy.from_yaml File.read(path)
-              end
-
+              res = Dry::Monads::Try[ValidationError] { Mihari::Rule.from_yaml File.read(path) }
               rule = res.value!
               puts rule.data.to_yaml
             end
@@ -42,13 +39,6 @@ module Mihari
             end
 
             no_commands do
-              #
-              # @return [Mihari::Services::Rule]
-              #
-              def rule
-                Services::RuleProxy.from_yaml File.read(File.expand_path("../templates/rule.yml.erb", __dir__))
-              end
-
               #
               # Create a new rule
               #
@@ -58,6 +48,7 @@ module Mihari
               # @return [nil]
               #
               def initialize_rule(path, files = Dry::Files.new)
+                rule = Mihari::Rule.from_yaml File.read(File.expand_path("../templates/rule.yml.erb", __dir__))
                 files.write(path, rule.yaml)
               end
             end

data/lib/mihari/commands/search.rb

@@ -32,7 +32,7 @@ module Mihari
 
             no_commands do
               #
-              # @param [Mihari::Services::RuleProxy] rule
+              # @param [Mihari::Services::RuleRunner] rule
               #
               def check_diff(rule)
                 force_overwrite = options["force_overwrite"] || false

data/lib/mihari/emitters/base.rb

@@ -2,49 +2,38 @@
 
 module Mihari
   module Emitters
-    class Base < Mihari::Base
-      include Dry::Monads[:result, :try]
-
-      include Mixins::Configurable
-      include Mixins::Retriable
-
-      # @return [Array<Mihari::Artifact>]
-      attr_reader :artifacts
-
-      # @return [Mihari::Services::Rule]
+    class Base < Actor
+      # @return [Mihari::Rule]
       attr_reader :rule
 
       #
-      # @param [Array<Mihari::Artifact>] artifacts
-      # @param [Mihari::Services::RuleProxy] rule
+      # @param [Mihari::Rule] rule
       # @param [Hash, nil] options
       # @param [Hash] **_params
       #
-      def initialize(artifacts:, rule:, options: nil, **_params)
+      def initialize(rule:, options: nil, **_params)
         super(options: options)
 
-        @artifacts = artifacts
         @rule = rule
       end
 
-      # @return [Boolean]
-      def valid?
-        raise NotImplementedError, "You must implement #{self.class}##{__method__}"
-      end
-
-      def result
+      #
+      # @param [Array<Mihari::Models::Artifact>] artifacts
+      #
+      def emit_result(artifacts)
         Try[StandardError] do
           retry_on_error(
             times: retry_times,
             interval: retry_interval,
             exponential_backoff: retry_exponential_backoff
-          ) do
-            emit
-          end
+          ) { emit artifacts }
         end.to_result
       end
 
-      def emit
+      #
+      # @param [Array<Mihari::Models::Artifact>] artifacts
+      #
+      def emit(artifacts)
         raise NotImplementedError, "You must implement #{self.class}##{__method__}"
       end
 

data/lib/mihari/emitters/database.rb

@@ -3,22 +3,20 @@
 module Mihari
   module Emitters
     class Database < Base
-      def valid?
-        configured?
-      end
-
       #
       # Create an alert
       #
-      # @return [Mihari::Alert, nil]
+      # @param [Array<Mihari::Models::Artifact>] artifacts
+      #
+      # @return [Mihari::Models::Alert, nil]
       #
-      def emit
+      def emit(artifacts)
         return if artifacts.empty?
 
-        tags = rule.tags.filter_map { |name| Tag.find_or_create_by(name: name) }.uniq
-        taggings = tags.map { |tag| Tagging.new(tag_id: tag.id) }
+        tags = rule.tags.filter_map { |name| Models::Tag.find_or_create_by(name: name) }.uniq
+        taggings = tags.map { |tag| Models::Tagging.new(tag_id: tag.id) }
 
-        alert = Alert.new(artifacts: artifacts, taggings: taggings, rule_id: rule.id)
+        alert = Models::Alert.new(artifacts: artifacts, taggings: taggings, rule_id: rule.id)
         alert.save
         alert
       end

data/lib/mihari/emitters/misp.rb

@@ -9,50 +9,39 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_key
 
-      # @return [Array<Mihari::Artifact>]
-      attr_reader :artifacts
-
       # @return [Mihari::Services::Rule]
       attr_reader :rule
 
+      # @return [Array<Mihari::Models::Artifact>]
+      attr_accessor :artifacts
+
       #
-      # @param [Array<Mihari::Artifact>] artifacts
       # @param [Mihari::Services::Rule] rule
       # @param [Hash, nil] options
       # @param [Hash] **params
       #
-      def initialize(artifacts:, rule:, options: nil, **params)
-        super(artifacts: artifacts, rule: rule, options: options)
+      def initialize(rule:, options: nil, **params)
+        super(rule: rule, options: options)
 
         @url = params[:url] || Mihari.config.misp_url
         @api_key = params[:api_key] || Mihari.config.misp_api_key
+
+        @artifacts = []
       end
 
+      #
       # @return [Boolean]
-      def valid?
-        unless url? && api_key?
-          Mihari.logger.info("MISP URL is not set") unless url?
-          Mihari.logger.info("MISP API key is not set") unless api_key?
-          return false
-        end
-
-        unless ping?
-          Mihari.logger.info("MISP URL (#{url}) is not reachable")
-          return false
-        end
-
-        true
+      #
+      def configured?
+        api_key? && url?
       end
 
       #
       # Create a MISP event
       #
-      # @param [Arra<Mihari::Artifact>] artifacts
-      # @param [Mihari::Services::Rule] rule
-      #
-      # @return [::MISP::Event]
+      # @param [Array<Mihari::Models::Artifact>] artifacts
       #
-      def emit
+      def emit(artifacts)
         return if artifacts.empty?
 
         client.create_event({
@@ -77,7 +66,7 @@ module Mihari
       #
       # Build a MISP attribute
       #
-      # @param [Mihari::Artifact] artifact
+      # @param [Mihari::Models::Artifact] artifact
       #
       # @return [Hash]
       #
@@ -143,19 +132,6 @@ module Mihari
       def api_key?
         !api_key.nil? && !api_key.empty?
       end
-
-      #
-      # Check whether a URL is reachable or not
-      #
-      # @return [Boolean]
-      #
-      def ping?
-        base_url = url.end_with?("/") ? url[0..-2] : url
-        login_url = "#{base_url}/users/login"
-
-        http = Net::Ping::HTTP.new(login_url)
-        http.ping?
-      end
     end
   end
 end

data/lib/mihari/emitters/slack.rb

@@ -131,18 +131,22 @@ module Mihari
       # @return [String]
       attr_reader :username
 
+      # @return [Array<Mihari::Models::Artifact>]
+      attr_accessor :artifacts
+
       #
-      # @param [Array<Mihari::Artifact>] artifacts
       # @param [Mihari::Services::Rule] rule
       # @param [Hash, nil] options
       # @param [Hash] **params
       #
-      def initialize(artifacts:, rule:, options: nil, **params)
-        super(artifacts: artifacts, rule: rule, options: options)
+      def initialize(rule:, options: nil, **params)
+        super(rule: rule, options: options)
 
         @webhook_url = params[:webhook_url] || Mihari.config.slack_webhook_url
         @channel = params[:channel] || Mihari.config.slack_channel || DEFAULT_CHANNEL
         @username = DEFAULT_USERNAME
+
+        @artifacts = []
       end
 
       #
@@ -154,12 +158,10 @@ module Mihari
         !webhook_url.nil?
       end
 
-      #
-      # Check webhook URL is set. Alias of #webhook_url?
       #
       # @return [Boolean]
       #
-      def valid?
+      def configured?
         webhook_url?
       end
 
@@ -211,19 +213,20 @@ module Mihari
         ].join("\n")
       end
 
-      def emit
+      #
+      # @param [Array<Mihari::Models::Artifact>] artifacts
+      #
+      def emit(artifacts)
         return if artifacts.empty?
 
+        @artifacts = artifacts
+
         notifier.post(text: text, attachments: attachments, mrkdwn: true)
       end
 
       def configuration_keys
         %w[slack_webhook_url slack_channel]
       end
-
-      def configured?
-        valid?
-      end
     end
   end
 end