RubyGems - mihari - Versions diffs - 5.6.1 → 5.6.2 - Mend

mihari 5.6.1 → 5.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (71) hide show

checksums.yaml +4 -4
data/frontend/package-lock.json +173 -176
data/frontend/package.json +9 -9
data/lib/mihari/{base.rb → actor.rb} +16 -2
data/lib/mihari/analyzers/base.rb +5 -10
data/lib/mihari/analyzers/censys.rb +1 -1
data/lib/mihari/analyzers/hunterhow.rb +1 -1
data/lib/mihari/analyzers/passivetotal.rb +1 -1
data/lib/mihari/analyzers/pulsedive.rb +1 -1
data/lib/mihari/analyzers/securitytrails.rb +1 -1
data/lib/mihari/analyzers/urlscan.rb +1 -1
data/lib/mihari/analyzers/virustotal.rb +5 -5
data/lib/mihari/analyzers/zoomeye.rb +3 -3
data/lib/mihari/clients/crtsh.rb +2 -2
data/lib/mihari/clients/passivetotal.rb +4 -4
data/lib/mihari/clients/securitytrails.rb +3 -3
data/lib/mihari/commands/rule.rb +2 -11
data/lib/mihari/commands/search.rb +1 -1
data/lib/mihari/emitters/base.rb +13 -24
data/lib/mihari/emitters/database.rb +7 -9
data/lib/mihari/emitters/misp.rb +14 -38
data/lib/mihari/emitters/slack.rb +14 -11
data/lib/mihari/emitters/the_hive.rb +16 -44
data/lib/mihari/emitters/webhook.rb +31 -21
data/lib/mihari/enrichers/base.rb +1 -6
data/lib/mihari/enrichers/whois.rb +1 -1
data/lib/mihari/models/alert.rb +75 -73
data/lib/mihari/models/artifact.rb +182 -180
data/lib/mihari/models/autonomous_system.rb +22 -20
data/lib/mihari/models/cpe.rb +21 -19
data/lib/mihari/models/dns.rb +24 -22
data/lib/mihari/models/geolocation.rb +22 -20
data/lib/mihari/models/port.rb +21 -19
data/lib/mihari/models/reverse_dns.rb +21 -19
data/lib/mihari/models/rule.rb +67 -65
data/lib/mihari/models/tag.rb +5 -3
data/lib/mihari/models/tagging.rb +5 -3
data/lib/mihari/models/whois.rb +18 -16
data/lib/mihari/rule.rb +352 -0
data/lib/mihari/schemas/analyzer.rb +94 -87
data/lib/mihari/schemas/emitter.rb +9 -5
data/lib/mihari/schemas/enricher.rb +8 -4
data/lib/mihari/schemas/mixins.rb +15 -0
data/lib/mihari/schemas/rule.rb +3 -10
data/lib/mihari/services/alert_builder.rb +1 -1
data/lib/mihari/services/alert_proxy.rb +10 -6
data/lib/mihari/services/alert_runner.rb +4 -4
data/lib/mihari/services/rule_builder.rb +3 -3
data/lib/mihari/services/rule_runner.rb +5 -5
data/lib/mihari/structs/binaryedge.rb +1 -1
data/lib/mihari/structs/censys.rb +6 -6
data/lib/mihari/structs/config.rb +1 -1
data/lib/mihari/structs/greynoise.rb +5 -5
data/lib/mihari/structs/hunterhow.rb +3 -3
data/lib/mihari/structs/onyphe.rb +5 -5
data/lib/mihari/structs/shodan.rb +6 -6
data/lib/mihari/structs/urlscan.rb +3 -3
data/lib/mihari/structs/virustotal_intelligence.rb +3 -3
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/endpoints/alerts.rb +4 -4
data/lib/mihari/web/endpoints/artifacts.rb +6 -6
data/lib/mihari/web/endpoints/rules.rb +10 -17
data/lib/mihari/web/endpoints/tags.rb +2 -2
data/lib/mihari/web/public/assets/{index-9cc489e6.js → index-28d4c79d.js} +48 -48
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari.rb +6 -8
data/mihari.gemspec +1 -2
data/requirements.txt +1 -1
metadata +8 -22
data/lib/mihari/analyzers/rule.rb +0 -232
data/lib/mihari/services/rule_proxy.rb +0 -182

data/lib/mihari/emitters/the_hive.rb CHANGED Viewed

@@ -12,45 +12,42 @@ module Mihari
       # @return [String, nil]
       attr_reader :api_version
+      # @return [Array<Mihari::Models::Artifact>]
+      attr_accessor :artifacts
       #
-      # @param [Array<Mihari::Artifact>] artifacts
       # @param [Mihari::Services::Rule] rule
       # @param [Hash, nil] options
       # @param [Hash] **params
       #
-      def initialize(artifacts:, rule:, options: nil, **params)
-        super(artifacts: artifacts, rule: rule, options: options)
+      def initialize(rule:, options: nil, **params)
+        super(rule: rule, options: options)
         @url = params[:url] || Mihari.config.thehive_url
         @api_key = params[:api_key] || Mihari.config.thehive_api_key
         @api_version = params[:api_version] || Mihari.config.thehive_api_version
+        @artifacts = []
       end
+      #
       # @return [Boolean]
-      def valid?
-        unless url? && api_key?
-          Mihari.logger.info("TheHive URL is not set") unless url?
-          Mihari.logger.info("TheHive API key is not set") unless api_key?
-          return false
-        end
-        unless ping?
-          Mihari.logger.info("TheHive URL (#{url}) is not reachable")
-          return false
-        end
-        true
+      #
+      def configured?
+        api_key? && url?
       end
       #
       # Create a Hive alert
       #
-      # @return [::MISP::Event]
+      # @param [Array<Mihari::Models::Artifact>] artifacts
       #
-      def emit
+      def emit(artifacts)
         return if artifacts.empty?
-        client.alert(payload)
+        @artifacts = artifacts
+        client.alert payload
       end
       #
@@ -146,31 +143,6 @@ module Mihari
           source_ref: "1"
         }
       end
-      #
-      # Check whether a URL is reachable or not
-      #
-      # @return [Boolean]
-      #
-      def ping?
-        base_url = url.end_with?("/") ? url[0..-2] : url
-        if normalized_api_version.nil?
-          # for v4
-          base_url = url.end_with?("/") ? url[0..-2] : url
-          public_url = "#{base_url}/index.html"
-        else
-          # for v5
-          public_url = "#{base_url}/api/v1/status/public"
-        end
-        http = Net::Ping::HTTP.new(public_url)
-        # use GET for v5
-        http.get_request = true if normalized_api_version
-        http.ping?
-      end
     end
   end
 end

data/lib/mihari/emitters/webhook.rb CHANGED Viewed

@@ -57,23 +57,41 @@ module Mihari
       # @return [String, nil]
       attr_reader :template
+      # @return [Array<Mihari::Models::Artifact>]
+      attr_accessor :artifacts
       #
-      # @param [Array<Mihari::Artifact>] artifacts
       # @param [Mihari::Services::Rule] rule
       # @param [Hash] **options
       #
-      def initialize(artifacts:, rule:, options: nil, **params)
-        super(artifacts: artifacts, rule: rule, options: options)
+      def initialize(rule:, options: nil, **params)
+        super(rule: rule, options: options)
         @url = Addressable::URI.parse(params[:url])
         @headers = params[:headers] || {}
         @method = params[:method] || "POST"
         @template = params[:template]
+        @artifacts = []
+      end
+      #
+      # @return [Boolean]
+      #
+      def configured?
+        return false if url.nil?
+        %w[http https].include? url.scheme.downcase
       end
-      def emit
+      #
+      # @param [Array<Mihari::Models::Artifact>] artifacts
+      #
+      def emit(artifacts)
         return if artifacts.empty?
+        @artifacts = artifacts
         # returns body to prevent Parallel issue (Parallel fails to handle HTTP:Response object)
         case method
         when "GET"
@@ -83,12 +101,6 @@ module Mihari
         end
       end
-      def valid?
-        return false if url.nil?
-        %w[http https].include? url.scheme.downcase
-      end
       private
       def http
@@ -101,17 +113,15 @@ module Mihari
       # @return [String]
       #
       def rendered_template
-        [].tap do |out|
-          options = {}
-          options[:template] = File.read(template) unless template.nil?
-          payload_template = PayloadTemplate.new(
-            artifacts: artifacts,
-            rule: rule,
-            options: options
-          )
-          out << payload_template.result
-        end.first
+        options = {}
+        options[:template] = File.read(template) unless template.nil?
+        payload_template = PayloadTemplate.new(
+          artifacts: artifacts,
+          rule: rule,
+          options: options
+        )
+        payload_template.result
       end
       #

data/lib/mihari/enrichers/base.rb CHANGED Viewed

@@ -2,12 +2,7 @@
 module Mihari
   module Enrichers
-    class Base < Mihari::Base
-      include Mixins::Configurable
-      include Mixins::Retriable
-      include Dry::Monads[:result, :try]
+    class Base < Actor
       def initialize(options: nil)
         super(options: options)
       end

data/lib/mihari/enrichers/whois.rb CHANGED Viewed

@@ -34,7 +34,7 @@ module Mihari
         parser = record.parser
         return nil if parser.available?
-        whois_record = WhoisRecord.new(
+        whois_record = Models::WhoisRecord.new(
           domain: domain,
           created_on: get_created_on(parser),
           updated_on: get_updated_on(parser),

data/lib/mihari/models/alert.rb CHANGED Viewed

@@ -1,88 +1,90 @@
 # frozen_string_literal: true
 module Mihari
-  class Alert < ActiveRecord::Base
-    has_many :taggings, dependent: :destroy
-    has_many :artifacts, dependent: :destroy
-    has_many :tags, through: :taggings
-    belongs_to :rule
-    class << self
-      #
-      # Search alerts
-      #
-      # @param [Structs::Filters::Alert::SearchFilterWithPagination] filter
-      #
-      # @return [Array<Alert>]
-      #
-      def search(filter)
-        limit = filter.limit.to_i
-        raise ArgumentError, "limit should be bigger than zero" unless limit.positive?
-        page = filter.page.to_i
-        raise ArgumentError, "page should be bigger than zero" unless page.positive?
-        offset = (page - 1) * limit
-        relation = build_relation(filter.without_pagination)
-        alert_ids = relation.limit(limit).offset(offset).order(id: :desc).pluck(:id).uniq
-        eager_load(:artifacts, :tags).where(id: [alert_ids]).order(id: :desc)
-      end
-      #
-      # Count alerts
-      #
-      # @param [String, nil] artifact_data
-      #
-      # @return [Integer]
-      #
-      def count(filter)
-        relation = build_relation(filter)
-        relation.distinct("alerts.id").count
-      end
+  module Models
+    class Alert < ActiveRecord::Base
+      has_many :taggings, dependent: :destroy
+      has_many :artifacts, dependent: :destroy
+      has_many :tags, through: :taggings
+      belongs_to :rule
+      class << self
+        #
+        # Search alerts
+        #
+        # @param [Structs::Filters::Alert::SearchFilterWithPagination] filter
+        #
+        # @return [Array<Alert>]
+        #
+        def search(filter)
+          limit = filter.limit.to_i
+          raise ArgumentError, "limit should be bigger than zero" unless limit.positive?
+          page = filter.page.to_i
+          raise ArgumentError, "page should be bigger than zero" unless page.positive?
+          offset = (page - 1) * limit
+          relation = build_relation(filter.without_pagination)
+          alert_ids = relation.limit(limit).offset(offset).order(id: :desc).pluck(:id).uniq
+          eager_load(:artifacts, :tags).where(id: [alert_ids]).order(id: :desc)
+        end
-      private
-      #
-      # @param [Structs::Filters::Alert::SearchFilter] filter
-      #
-      # @return [Array<Integer>]
-      #
-      def get_artifact_ids_by_filter(filter)
-        artifact_ids = []
-        if filter.artifact_data
-          artifact = Artifact.where(data: filter.artifact_data)
-          artifact_ids = artifact.pluck(:id)
-          # set invalid ID if nothing is matched with the filters
-          artifact_ids = [-1] if artifact_ids.empty?
+        #
+        # Count alerts
+        #
+        # @param [String, nil] artifact_data
+        #
+        # @return [Integer]
+        #
+        def count(filter)
+          relation = build_relation(filter)
+          relation.distinct("alerts.id").count
         end
-        artifact_ids
-      end
+        private
-      #
-      # @param [Structs::Filters::Alert::SearchFilter] filter
-      #
-      # @return [Mihari::Alert]
-      #
-      def build_relation(filter)
-        artifact_ids = get_artifact_ids_by_filter(filter)
+        #
+        # @param [Structs::Filters::Alert::SearchFilter] filter
+        #
+        # @return [Array<Integer>]
+        #
+        def get_artifact_ids_by_filter(filter)
+          artifact_ids = []
-        relation = self
-        relation = relation.includes(:artifacts, :tags)
+          if filter.artifact_data
+            artifact = Artifact.where(data: filter.artifact_data)
+            artifact_ids = artifact.pluck(:id)
+            # set invalid ID if nothing is matched with the filters
+            artifact_ids = [-1] if artifact_ids.empty?
+          end
-        relation = relation.where(artifacts: { id: artifact_ids }) unless artifact_ids.empty?
-        relation = relation.where(tags: { name: filter.tag_name }) if filter.tag_name
+          artifact_ids
+        end
+        #
+        # @param [Structs::Filters::Alert::SearchFilter] filter
+        #
+        # @return [Mihari::Models::Alert]
+        #
+        def build_relation(filter)
+          artifact_ids = get_artifact_ids_by_filter(filter)
+          relation = self
+          relation = relation.includes(:artifacts, :tags)
-        relation = relation.where(rule_id: filter.rule_id) if filter.rule_id
+          relation = relation.where(artifacts: { id: artifact_ids }) unless artifact_ids.empty?
+          relation = relation.where(tags: { name: filter.tag_name }) if filter.tag_name
-        relation = relation.where("alerts.created_at >= ?", filter.from_at) if filter.from_at
-        relation = relation.where("alerts.created_at <= ?", filter.to_at) if filter.to_at
+          relation = relation.where(rule_id: filter.rule_id) if filter.rule_id
-        relation
+          relation = relation.where("alerts.created_at >= ?", filter.from_at) if filter.from_at
+          relation = relation.where("alerts.created_at <= ?", filter.to_at) if filter.to_at
+          relation
+        end
       end
     end
   end