mihari 5.6.1 → 5.6.2

data/lib/mihari/schemas/analyzer.rb

@@ -2,102 +2,109 @@
 
 module Mihari
   module Schemas
-    AnalyzerAPIKeyPagination = Dry::Schema.Params do
-      required(:analyzer).value(
-        Types::String.enum(
-          "binaryedge",
-          "greynoise",
-          "onyphe",
-          "shodan",
-          "urlscan",
-          "virustotal_intelligence",
-          "vt_intel"
-        )
-      )
-      required(:query).value(:string)
-      optional(:api_key).value(:string)
-      optional(:options).hash(AnalyzerPaginationOptions)
-    end
+    module Analyzers
+      extend Schemas::Mixins
 
-    AnalyzerAPIKey = Dry::Schema.Params do
-      required(:analyzer).value(
-        Types::String.enum(
-          "otx",
-          "pulsedive",
-          "securitytrails",
-          "st",
-          "virustotal",
-          "vt"
-        )
-      )
-      required(:query).value(:string)
-      optional(:api_key).value(:string)
-      optional(:options).hash(AnalyzerOptions)
-    end
+      # Analyzer with API key and pagination
+      [
+        Mihari::Analyzers::BinaryEdge.class_keys,
+        Mihari::Analyzers::GreyNoise.class_keys,
+        Mihari::Analyzers::Onyphe.class_keys,
+        Mihari::Analyzers::Shodan.class_keys,
+        Mihari::Analyzers::Urlscan.class_keys,
+        Mihari::Analyzers::VirusTotalIntelligence.class_keys
+      ].each do |keys|
+        key = keys.first
+        const_set(key.upcase, Dry::Schema.Params do
+          required(:analyzer).value(Types::String.enum(*keys))
+          required(:query).value(:string)
+          optional(:api_key).value(:string)
+          optional(:options).hash(AnalyzerPaginationOptions)
+        end)
+      end
 
-    DNSTwister = Dry::Schema.Params do
-      required(:analyzer).value(Types::String.enum("dnstwister"))
-      required(:query).value(:string)
-      optional(:options).hash(AnalyzerOptions)
-    end
+      # Analyzer with API key
+      [
+        Mihari::Analyzers::OTX.class_keys,
+        Mihari::Analyzers::Pulsedive.class_keys,
+        Mihari::Analyzers::VirusTotal.class_keys,
+        Mihari::Analyzers::SecurityTrails.class_keys
+      ].each do |keys|
+        key = keys.first
+        const_set(key.upcase, Dry::Schema.Params do
+          required(:analyzer).value(Types::String.enum(*keys))
+          required(:query).value(:string)
+          optional(:api_key).value(:string)
+          optional(:options).hash(AnalyzerOptions)
+        end)
+      end
 
-    Censys = Dry::Schema.Params do
-      required(:analyzer).value(Types::String.enum("censys"))
-      required(:query).value(:string)
-      optional(:id).value(:string)
-      optional(:secret).value(:string)
-      optional(:options).hash(AnalyzerPaginationOptions)
-    end
+      DNSTwister = Dry::Schema.Params do
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::DNSTwister.class_keys))
+        required(:query).value(:string)
+        optional(:options).hash(AnalyzerOptions)
+      end
 
-    CIRCL = Dry::Schema.Params do
-      required(:analyzer).value(Types::String.enum("circl"))
-      required(:query).value(:string)
-      optional(:username).value(:string)
-      optional(:password).value(:string)
-      optional(:options).hash(AnalyzerOptions)
-    end
+      Censys = Dry::Schema.Params do
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Censys.class_keys))
+        required(:query).value(:string)
+        optional(:id).value(:string)
+        optional(:secret).value(:string)
+        optional(:options).hash(AnalyzerPaginationOptions)
+      end
 
-    PassiveTotal = Dry::Schema.Params do
-      required(:analyzer).value(Types::String.enum("passivetotal", "pt"))
-      required(:query).value(:string)
-      optional(:username).value(:string)
-      optional(:api_key).value(:string)
-      optional(:options).hash(AnalyzerOptions)
-    end
+      CIRCL = Dry::Schema.Params do
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::CIRCL.class_keys))
+        required(:query).value(:string)
+        optional(:username).value(:string)
+        optional(:password).value(:string)
+        optional(:options).hash(AnalyzerOptions)
+      end
 
-    ZoomEye = Dry::Schema.Params do
-      required(:analyzer).value(Types::String.enum("zoomeye"))
-      required(:query).value(:string)
-      required(:type).value(Types::String.enum("host", "web"))
-      optional(:options).hash(AnalyzerPaginationOptions)
-    end
+      PassiveTotal = Dry::Schema.Params do
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::PassiveTotal.class_keys))
+        required(:query).value(:string)
+        optional(:username).value(:string)
+        optional(:api_key).value(:string)
+        optional(:options).hash(AnalyzerOptions)
+      end
 
-    Crtsh = Dry::Schema.Params do
-      required(:analyzer).value(Types::String.enum("crtsh"))
-      required(:query).value(:string)
-      optional(:exclude_expired).value(:bool).default(true)
-      optional(:options).hash(AnalyzerOptions)
-    end
+      ZoomEye = Dry::Schema.Params do
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::ZoomEye.class_keys))
+        required(:query).value(:string)
+        required(:type).value(Types::String.enum("host", "web"))
+        optional(:options).hash(AnalyzerPaginationOptions)
+      end
 
-    HunterHow = Dry::Schema.Params do
-      required(:analyzer).value(Types::String.enum("hunterhow"))
-      required(:query).value(:string)
-      required(:start_time).value(:date)
-      required(:end_time).value(:date)
-      optional(:api_key).value(:string)
-      optional(:options).hash(AnalyzerPaginationOptions)
-    end
+      Crtsh = Dry::Schema.Params do
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Crtsh.class_keys))
+        required(:query).value(:string)
+        optional(:exclude_expired).value(:bool).default(true)
+        optional(:options).hash(AnalyzerOptions)
+      end
 
-    Feed = Dry::Schema.Params do
-      required(:analyzer).value(Types::String.enum("feed"))
-      required(:query).value(:string)
-      required(:selector).value(:string)
-      optional(:method).value(Types::HTTPRequestMethods).default("GET")
-      optional(:headers).value(:hash).default({})
-      optional(:params).value(:hash)
-      optional(:data).value(:hash)
-      optional(:json).value(:hash)
-      optional(:options).hash(AnalyzerOptions)
+      HunterHow = Dry::Schema.Params do
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::HunterHow.class_keys))
+        required(:query).value(:string)
+        required(:start_time).value(:date)
+        required(:end_time).value(:date)
+        optional(:api_key).value(:string)
+        optional(:options).hash(AnalyzerPaginationOptions)
+      end
+
+      Feed = Dry::Schema.Params do
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Feed.class_keys))
+        required(:query).value(:string)
+        required(:selector).value(:string)
+        optional(:method).value(Types::HTTPRequestMethods).default("GET")
+        optional(:headers).value(:hash).default({})
+        optional(:params).value(:hash)
+        optional(:data).value(:hash)
+        optional(:json).value(:hash)
+        optional(:options).hash(AnalyzerOptions)
+      end
     end
+
+    Analyzer = Schemas::Analyzers.get_or_composition
   end
 end

data/lib/mihari/schemas/emitter.rb

@@ -3,20 +3,22 @@
 module Mihari
   module Schemas
     module Emitters
+      extend Schemas::Mixins
+
       Database = Dry::Schema.Params do
-        required(:emitter).value(Types::String.enum("database"))
+        required(:emitter).value(Types::String.enum(*Mihari::Emitters::Database.class_keys))
         optional(:options).hash(Options)
       end
 
       MISP = Dry::Schema.Params do
-        required(:emitter).value(Types::String.enum("misp"))
+        required(:emitter).value(Types::String.enum(*Mihari::Emitters::MISP.class_keys))
         optional(:url).value(:string)
         optional(:api_key).value(:string)
         optional(:options).hash(Options)
       end
 
       TheHive = Dry::Schema.Params do
-        required(:emitter).value(Types::String.enum("thehive"))
+        required(:emitter).value(Types::String.enum(*Mihari::Emitters::TheHive.class_keys))
         optional(:url).value(:string)
         optional(:api_key).value(:string)
         optional(:api_version).value(Types::String.enum("v4", "v5")).default("v4")
@@ -24,14 +26,14 @@ module Mihari
       end
 
       Slack = Dry::Schema.Params do
-        required(:emitter).value(Types::String.enum("slack"))
+        required(:emitter).value(Types::String.enum(*Mihari::Emitters::Slack.class_keys))
         optional(:webhook_url).value(:string)
         optional(:channel).value(:string)
         optional(:options).hash(Options)
       end
 
       Webhook = Dry::Schema.Params do
-        required(:emitter).value(Types::String.enum("webhook"))
+        required(:emitter).value(Types::String.enum(*Mihari::Emitters::Webhook.class_keys))
         required(:url).value(:string)
         optional(:method).value(Types::HTTPRequestMethods).default("POST")
         optional(:headers).value(:hash).default({})
@@ -39,5 +41,7 @@ module Mihari
         optional(:options).hash(Options)
       end
     end
+
+    Emitter = Schemas::Emitters.get_or_composition
   end
 end

data/lib/mihari/schemas/enricher.rb

@@ -3,26 +3,30 @@
 module Mihari
   module Schemas
     module Enrichers
+      extend Schemas::Mixins
+
       IPInfo = Dry::Schema.Params do
-        required(:enricher).value(Types::String.enum("ipinfo"))
+        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::IPInfo.class_keys))
         optional(:api_key).value(:string)
         optional(:options).hash(Options)
       end
 
       Whois = Dry::Schema.Params do
-        required(:enricher).value(Types::String.enum("whois"))
+        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Whois.class_keys))
         optional(:options).hash(Options)
       end
 
       Shodan = Dry::Schema.Params do
-        required(:enricher).value(Types::String.enum("shodan"))
+        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Shodan.class_keys))
         optional(:options).hash(Options)
       end
 
       GooglePublicDNS = Dry::Schema.Params do
-        required(:enricher).value(Types::String.enum("google_public_dns"))
+        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::GooglePublicDNS.class_keys))
         optional(:options).hash(Options)
       end
     end
+
+    Enricher = Schemas::Enrichers.get_or_composition
   end
 end

data/lib/mihari/schemas/mixins.rb

@@ -0,0 +1,15 @@
+module Mihari
+  module Schemas
+    module Mixins
+      def get_or_composition
+        schemas = constants.map { |sym| const_get sym }
+        return schemas.first if schemas.length <= 1
+
+        base, *others = schemas
+        others.each { |other| base = base.or(other) }
+
+        base
+      end
+    end
+  end
+end

data/lib/mihari/schemas/rule.rb

@@ -21,17 +21,10 @@ module Mihari
       optional(:created_on).value(:date)
       optional(:updated_on).value(:date)
 
-      required(:queries).value(:array).each do
-        AnalyzerAPIKey | AnalyzerAPIKeyPagination | Censys | CIRCL | PassiveTotal | ZoomEye | Crtsh | Feed | HunterHow | DNSTwister
-      end
-
-      optional(:emitters).value(:array).each do
-        Emitters::Database | Emitters::MISP | Emitters::TheHive | Emitters::Slack | Emitters::Webhook
-      end.default(DEFAULT_EMITTERS)
+      required(:queries).value(:array).each { Analyzer } # rubocop:disable Lint/Void
 
-      optional(:enrichers).value(:array).each do
-        Enrichers::Whois | Enrichers::IPInfo | Enrichers::Shodan | Enrichers::GooglePublicDNS
-      end.default(DEFAULT_ENRICHERS)
+      optional(:emitters).value(:array).each { Emitter }.default(DEFAULT_EMITTERS) # rubocop:disable Lint/Void
+      optional(:enrichers).value(:array).each { Enricher }.default(DEFAULT_ENRICHERS) # rubocop:disable Lint/Void
 
       optional(:data_types).value(array[Types::DataTypes]).default(Mihari::Types::DataTypes.values)
       optional(:falsepositives).value(array[:string]).default([])

data/lib/mihari/services/alert_builder.rb

@@ -36,7 +36,7 @@ module Mihari
       end
 
       def result
-        Try[StandardError] { AlertProxy.new(data) }.to_result
+        Try[StandardError] { AlertProxy.new(**data) }.to_result
       end
     end
   end

data/lib/mihari/services/alert_proxy.rb

@@ -16,7 +16,7 @@ module Mihari
       #
       # @param [Hash] data
       #
-      def initialize(data)
+      def initialize(**data)
         @data = data.deep_symbolize_keys
         @errors = nil
 
@@ -54,21 +54,24 @@ module Mihari
       end
 
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def artifacts
         @artifacts ||= data[:artifacts].map do |data|
-          artifact = Artifact.new(data: data)
+          artifact = Models::Artifact.new(data: data)
           artifact.rule_id = rule_id
           artifact
         end.uniq(&:data).select(&:valid?)
       end
 
       #
-      # @return [Mihari::Services::RuleProxy]
+      # @return [Mihari::Rule]
       #
       def rule
-        @rule ||= Services::RuleProxy.new(Mihari::Rule.find(rule_id).data)
+        @rule ||= [].tap do |out|
+          data = Mihari::Models::Rule.find(rule_id).data
+          out << Rule.new(**data)
+        end.first
       end
 
       class << self
@@ -80,7 +83,8 @@ module Mihari
         # @return [Mihari::Services::Alert]
         #
         def from_yaml(yaml)
-          new YAML.safe_load(yaml, permitted_classes: [Date, Symbol])
+          data = YAML.safe_load(yaml, permitted_classes: [Date, Symbol])
+          new(**data)
         end
       end
     end

data/lib/mihari/services/alert_runner.rb

@@ -13,15 +13,15 @@ module Mihari
       end
 
       #
-      # @return [Mihari::Alert]
+      # @return [Mihari::Models::Alert]
       #
       def run
-        emitter = Emitters::Database.new(artifacts: alert.artifacts, rule: alert.rule)
-        emitter.emit
+        emitter = Emitters::Database.new(rule: alert.rule)
+        emitter.emit alert.artifacts
       end
 
       #
-      # @return [Dry::Monads::Result::Success<Mihari::Alert, nil>, Dry::Monads::Result::Failure]
+      # @return [Dry::Monads::Result::Success<Mihari::Models::Alert, nil>, Dry::Monads::Result::Failure]
       #
       def result
         Try[StandardError] { run }.to_result

data/lib/mihari/services/rule_builder.rb

@@ -26,8 +26,8 @@ module Mihari
       # @return [Hash]
       #
       def data
-        if Mihari::Rule.exists?(path_or_id)
-          rule = Mihari::Rule.find(path_or_id)
+        if Mihari::Models::Rule.exists?(path_or_id)
+          rule = Mihari::Models::Rule.find(path_or_id)
           return rule.data
         end
 
@@ -40,7 +40,7 @@ module Mihari
       end
 
       def result
-        Try[StandardError] { RuleProxy.new(data) }.to_result
+        Try[StandardError] { Rule.new(**data) }.to_result
       end
     end
   end

data/lib/mihari/services/rule_runner.rb

@@ -5,7 +5,7 @@ module Mihari
     class RuleRunner
       include Dry::Monads[:result, :try]
 
-      # @return [Mihari::Services::RuleProxy]
+      # @return [Mihari::Rule]
       attr_reader :rule
 
       def initialize(rule)
@@ -16,7 +16,7 @@ module Mihari
       # @return [Boolean]
       #
       def diff?
-        model = Mihari::Rule.find(rule.id)
+        model = Mihari::Models::Rule.find(rule.id)
         model.data != rule.data.deep_stringify_keys
       rescue ActiveRecord::RecordNotFound
         false
@@ -27,14 +27,14 @@ module Mihari
       end
 
       #
-      # @return [Mihari::Alert, nil]
+      # @return [Mihari::Models::Alert, nil]
       #
       def run
-        rule.analyzer.run
+        rule.run
       end
 
       #
-      # @return [Dry::Monads::Result::Success<Mihari::Alert, nil>, Dry::Monads::Result::Failure]
+      # @return [Dry::Monads::Result::Success<Mihari::Models::Alert, nil>, Dry::Monads::Result::Failure]
       #
       def result
         Try[StandardError] { run }.to_result

data/lib/mihari/structs/binaryedge.rb

@@ -69,7 +69,7 @@ module Mihari
         # @return [Array<Artifact>]
         #
         def artifacts
-          events.map { |event| Artifact.new(data: event.target.ip) }
+          events.map { |event| Models::Artifact.new(data: event.target.ip) }
         end
 
         class << self

data/lib/mihari/structs/censys.rb

@@ -19,7 +19,7 @@ module Mihari
         # @return [Mihari::AutonomousSystem]
         #
         def as
-          Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
+          Mihari::Models::AutonomousSystem.new(asn: normalize_asn(asn))
         end
 
         class << self
@@ -63,7 +63,7 @@ module Mihari
           # then set geolocation as nil
           return nil if country.nil?
 
-          Mihari::Geolocation.new(
+          Mihari::Models::Geolocation.new(
             country: country,
             country_code: country_code
           )
@@ -99,7 +99,7 @@ module Mihari
         # @return [Mihari::Port]
         #
         def _port
-          Port.new(port: port)
+          Models::Port.new(port: port)
         end
 
         class << self
@@ -167,10 +167,10 @@ module Mihari
         end
 
         #
-        # @return [Mihari::Artifact]
+        # @return [Mihari::Models::Artifact]
         #
         def artifact
-          Artifact.new(
+          Models::Artifact.new(
             data: ip,
             metadata: metadata,
             autonomous_system: autonomous_system.as,
@@ -267,7 +267,7 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           hits.map(&:artifact)

data/lib/mihari/structs/config.rb

@@ -71,7 +71,7 @@ module Mihari
         # @return [Mihari::Structs::Config, nil] config
         #
         def from_class(klass)
-          return nil if klass == Mihari::Analyzers::Rule
+          return nil if klass == Mihari::Rule
 
           type = get_type(klass)
           return nil if type.nil?

data/lib/mihari/structs/greynoise.rb

@@ -35,14 +35,14 @@ module Mihari
         # @return [Mihari::AutonomousSystem]
         #
         def as
-          Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
+          Mihari::Models::AutonomousSystem.new(asn: normalize_asn(asn))
         end
 
         #
         # @return [Mihari::Geolocation]
         #
         def geolocation
-          Mihari::Geolocation.new(
+          Mihari::Models::Geolocation.new(
             country: country,
             country_code: country_code
           )
@@ -92,10 +92,10 @@ module Mihari
         end
 
         #
-        # @return [Mihari::Artifact]
+        # @return [Mihari::Models::Artifact]
         #
         def artifact
-          Mihari::Artifact.new(
+          Mihari::Models::Artifact.new(
             data: ip,
             metadata: metadata_,
             autonomous_system: metadata.as,
@@ -171,7 +171,7 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           data.map(&:artifact)

data/lib/mihari/structs/hunterhow.rb

@@ -14,10 +14,10 @@ module Mihari
         end
 
         #
-        # @return [Mihari::Artifact]
+        # @return [Mihari::Models::Artifact]
         #
         def artifact
-          Artifact.new(data: ip)
+          Models::Artifact.new(data: ip)
         end
 
         class << self
@@ -49,7 +49,7 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           list.map(&:artifact)

data/lib/mihari/structs/onyphe.rb

@@ -40,10 +40,10 @@ module Mihari
         end
 
         #
-        # @return [Mihari::Artifact]
+        # @return [Mihari::Models::Artifact]
         #
         def artifact
-          Mihari::Artifact.new(
+          Mihari::Models::Artifact.new(
             data: ip,
             metadata: metadata,
             autonomous_system: as,
@@ -57,7 +57,7 @@ module Mihari
         def geolocation
           return nil if country_code.nil?
 
-          Mihari::Geolocation.new(
+          Mihari::Models::Geolocation.new(
             country: NormalizeCountry(country_code, to: :short),
             country_code: country_code
           )
@@ -67,7 +67,7 @@ module Mihari
         # @return [Mihari::AutonomousSystem]
         #
         def as
-          Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
+          Mihari::Models::AutonomousSystem.new(asn: normalize_asn(asn))
         end
 
         class << self
@@ -148,7 +148,7 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           results.map(&:artifact)

data/lib/mihari/structs/shodan.rb

@@ -27,7 +27,7 @@ module Mihari
         def geolocation
           return nil if country_name.nil? && country_code.nil?
 
-          Mihari::Geolocation.new(
+          Mihari::Models::Geolocation.new(
             country: country_name,
             country_code: country_code
           )
@@ -108,7 +108,7 @@ module Mihari
         def _asn
           return nil if asn.nil?
 
-          Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
+          Mihari::Models::AutonomousSystem.new(asn: normalize_asn(asn))
         end
 
         class << self
@@ -192,20 +192,20 @@ module Mihari
         end
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           matches.map do |match|
             metadata = collect_metadata_by_ip(match.ip_str)
 
             ports = collect_ports_by_ip(match.ip_str).map do |port|
-              Mihari::Port.new(port: port)
+              Mihari::Models::Port.new(port: port)
             end
             reverse_dns_names = collect_hostnames_by_ip(match.ip_str).map do |name|
-              Mihari::ReverseDnsName.new(name: name)
+              Mihari::Models::ReverseDnsName.new(name: name)
             end
 
-            Mihari::Artifact.new(
+            Mihari::Models::Artifact.new(
               data: match.ip_str,
               metadata: metadata,
               autonomous_system: match._asn,