RubyGems - mihari - Versions diffs - 5.6.1 → 5.6.2 - Mend

mihari 5.6.1 → 5.6.2

Files changed (71) hide show

checksums.yaml +4 -4
data/frontend/package-lock.json +173 -176
data/frontend/package.json +9 -9
data/lib/mihari/{base.rb → actor.rb} +16 -2
data/lib/mihari/analyzers/base.rb +5 -10
data/lib/mihari/analyzers/censys.rb +1 -1
data/lib/mihari/analyzers/hunterhow.rb +1 -1
data/lib/mihari/analyzers/passivetotal.rb +1 -1
data/lib/mihari/analyzers/pulsedive.rb +1 -1
data/lib/mihari/analyzers/securitytrails.rb +1 -1
data/lib/mihari/analyzers/urlscan.rb +1 -1
data/lib/mihari/analyzers/virustotal.rb +5 -5
data/lib/mihari/analyzers/zoomeye.rb +3 -3
data/lib/mihari/clients/crtsh.rb +2 -2
data/lib/mihari/clients/passivetotal.rb +4 -4
data/lib/mihari/clients/securitytrails.rb +3 -3
data/lib/mihari/commands/rule.rb +2 -11
data/lib/mihari/commands/search.rb +1 -1
data/lib/mihari/emitters/base.rb +13 -24
data/lib/mihari/emitters/database.rb +7 -9
data/lib/mihari/emitters/misp.rb +14 -38
data/lib/mihari/emitters/slack.rb +14 -11
data/lib/mihari/emitters/the_hive.rb +16 -44
data/lib/mihari/emitters/webhook.rb +31 -21
data/lib/mihari/enrichers/base.rb +1 -6
data/lib/mihari/enrichers/whois.rb +1 -1
data/lib/mihari/models/alert.rb +75 -73
data/lib/mihari/models/artifact.rb +182 -180
data/lib/mihari/models/autonomous_system.rb +22 -20
data/lib/mihari/models/cpe.rb +21 -19
data/lib/mihari/models/dns.rb +24 -22
data/lib/mihari/models/geolocation.rb +22 -20
data/lib/mihari/models/port.rb +21 -19
data/lib/mihari/models/reverse_dns.rb +21 -19
data/lib/mihari/models/rule.rb +67 -65
data/lib/mihari/models/tag.rb +5 -3
data/lib/mihari/models/tagging.rb +5 -3
data/lib/mihari/models/whois.rb +18 -16
data/lib/mihari/rule.rb +352 -0
data/lib/mihari/schemas/analyzer.rb +94 -87
data/lib/mihari/schemas/emitter.rb +9 -5
data/lib/mihari/schemas/enricher.rb +8 -4
data/lib/mihari/schemas/mixins.rb +15 -0
data/lib/mihari/schemas/rule.rb +3 -10
data/lib/mihari/services/alert_builder.rb +1 -1
data/lib/mihari/services/alert_proxy.rb +10 -6
data/lib/mihari/services/alert_runner.rb +4 -4
data/lib/mihari/services/rule_builder.rb +3 -3
data/lib/mihari/services/rule_runner.rb +5 -5
data/lib/mihari/structs/binaryedge.rb +1 -1
data/lib/mihari/structs/censys.rb +6 -6
data/lib/mihari/structs/config.rb +1 -1
data/lib/mihari/structs/greynoise.rb +5 -5
data/lib/mihari/structs/hunterhow.rb +3 -3
data/lib/mihari/structs/onyphe.rb +5 -5
data/lib/mihari/structs/shodan.rb +6 -6
data/lib/mihari/structs/urlscan.rb +3 -3
data/lib/mihari/structs/virustotal_intelligence.rb +3 -3
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/endpoints/alerts.rb +4 -4
data/lib/mihari/web/endpoints/artifacts.rb +6 -6
data/lib/mihari/web/endpoints/rules.rb +10 -17
data/lib/mihari/web/endpoints/tags.rb +2 -2
data/lib/mihari/web/public/assets/{index-9cc489e6.js → index-28d4c79d.js} +48 -48
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari.rb +6 -8
data/mihari.gemspec +1 -2
data/requirements.txt +1 -1
metadata +8 -22
data/lib/mihari/analyzers/rule.rb +0 -232
data/lib/mihari/services/rule_proxy.rb +0 -182

data/lib/mihari/structs/urlscan.rb CHANGED Viewed

@@ -81,11 +81,11 @@ module Mihari
         end
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           values = [page.url, page.domain, page.ip].compact
-          values.map { |value| Mihari::Artifact.new(data: value, metadata: metadata) }
+          values.map { |value| Mihari::Models::Artifact.new(data: value, metadata: metadata) }
         end
         class << self
@@ -125,7 +125,7 @@ module Mihari
         end
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           results.map(&:artifacts).flatten

data/lib/mihari/structs/virustotal_intelligence.rb CHANGED Viewed

@@ -77,10 +77,10 @@ module Mihari
         end
         #
-        # @return [Mihari::Artifact]
+        # @return [Mihari::Models::Artifact]
         #
         def artifact
-          Artifact.new(data: value, metadata: metadata)
+          Models::Artifact.new(data: value, metadata: metadata)
         end
         class << self
@@ -151,7 +151,7 @@ module Mihari
         end
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           data.map(&:artifact)

data/lib/mihari/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Mihari
-  VERSION = "5.6.1"
+  VERSION = "5.6.2"
 end

data/lib/mihari/web/endpoints/alerts.rb CHANGED Viewed

@@ -31,8 +31,8 @@ module Mihari
           filter = filter.to_h.symbolize_keys
           search_filter_with_pagination = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
-          alerts = Mihari::Alert.search(search_filter_with_pagination)
-          total = Mihari::Alert.count(search_filter_with_pagination.without_pagination)
+          alerts = Mihari::Models::Alert.search(search_filter_with_pagination)
+          total = Mihari::Models::Alert.count(search_filter_with_pagination.without_pagination)
           present(
             {
@@ -59,7 +59,7 @@ module Mihari
           id = params["id"].to_i
           result = Try do
-            alert = Mihari::Alert.find(id)
+            alert = Mihari::Models::Alert.find(id)
             alert.destroy
           end.to_result
@@ -89,7 +89,7 @@ module Mihari
           extend Dry::Monads[:result, :try]
           result = Try do
-            proxy = Services::AlertProxy.new(params.to_snake_keys)
+            proxy = Services::AlertProxy.new(**params.to_snake_keys)
             runner = Services::AlertRunner.new(proxy)
             runner.run
           end.to_result

data/lib/mihari/web/endpoints/artifacts.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module Mihari
           id = params[:id].to_i
           result = Try do
-            artifact = Mihari::Artifact.includes(
+            artifact = Mihari::Models::Artifact.includes(
               :autonomous_system,
               :geolocation,
               :whois_record,
@@ -26,9 +26,9 @@ module Mihari
               :reverse_dns_names
             ).find(id)
             # TODO: improve queries
-            alert_ids = Mihari::Artifact.where(data: artifact.data).pluck(:alert_id)
-            tag_ids = Mihari::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
-            tag_names = Mihari::Tag.where(id: tag_ids).distinct.pluck(:name)
+            alert_ids = Mihari::Models::Artifact.where(data: artifact.data).pluck(:alert_id)
+            tag_ids = Mihari::Models::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
+            tag_names = Mihari::Models::Tag.where(id: tag_ids).distinct.pluck(:name)
             artifact.tags = tag_names
@@ -60,7 +60,7 @@ module Mihari
           id = params["id"].to_i
           result = Try do
-            artifact = Mihari::Artifact.includes(
+            artifact = Mihari::Models::Artifact.includes(
               :autonomous_system,
               :geolocation,
               :whois_record,
@@ -102,7 +102,7 @@ module Mihari
           id = params["id"].to_i
           result = Try do
-            alert = Mihari::Artifact.find(id)
+            alert = Mihari::Models::Artifact.find(id)
             alert.destroy
           end.to_result

data/lib/mihari/web/endpoints/rules.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Mihari
           summary: "Get rule IDs"
         }
         get "/ids" do
-          rule_ids = Mihari::Rule.distinct.pluck(:id)
+          rule_ids = Mihari::Models::Rule.distinct.pluck(:id)
           present({ rule_ids: rule_ids }, with: Entities::RuleIDs)
         end
@@ -40,8 +40,8 @@ module Mihari
           filter = filter.to_h.symbolize_keys
           search_filter_with_pagenation = Structs::Filters::Rule::SearchFilterWithPagination.new(**filter)
-          rules = Mihari::Rule.search(search_filter_with_pagenation)
-          total = Mihari::Rule.count(search_filter_with_pagenation.without_pagination)
+          rules = Mihari::Models::Rule.search(search_filter_with_pagenation)
+          total = Mihari::Models::Rule.count(search_filter_with_pagenation.without_pagination)
           present(
             { rules: rules,
@@ -66,7 +66,7 @@ module Mihari
           id = params["id"].to_s
           result = Try do
-            Mihari::Rule.find(id)
+            Mihari::Models::Rule.find(id)
           end.to_result
           return present(result.value!, with: Entities::Rule) if result.success?
@@ -92,10 +92,7 @@ module Mihari
           id = params["id"].to_s
-          result = Try do
-            Mihari::Services::RuleProxy.from_model(Mihari::Rule.find(id))
-          end.to_result
+          result = Try { Rule.from_model(Mihari::Models::Rule.find(id)) }.to_result
           if result.success?
             result.value!.analyzer.run
             status 201
@@ -122,11 +119,9 @@ module Mihari
           extend Dry::Monads[:result, :try]
           yaml = params[:yaml]
-          result = Try do
-            Services::RuleProxy.from_yaml(yaml)
-          end.to_result.bind do |rule|
+          result = Try { Rule.from_yaml(yaml) }.to_result.bind do |rule|
             Try do
-              found = Mihari::Rule.find_by_id(rule.id)
+              found = Mihari::Models::Rule.find_by_id(rule.id)
               error!({ message: "ID:#{rule.id} is already registered" }, 400) unless found.nil?
               rule
             end.to_result
@@ -168,11 +163,9 @@ module Mihari
           yaml = params[:yaml]
           result = Try do
-            Mihari::Rule.find(id)
+            Mihari::Models::Rule.find(id)
           end.to_result.bind do |_|
-            Try do
-              Services::RuleProxy.from_yaml(yaml)
-            end.to_result
+            Try { Rule.from_yaml(yaml) }.to_result
           end.bind do |rule|
             Try do
               rule.model.save
@@ -212,7 +205,7 @@ module Mihari
           id = params["id"].to_s
           result = Try do
-            rule = Mihari::Rule.find(id)
+            rule = Mihari::Models::Rule.find(id)
             rule.destroy
           end.to_result

data/lib/mihari/web/endpoints/tags.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module Mihari
           summary: "Get tags"
         }
         get "/" do
-          tags = Mihari::Tag.distinct.pluck(:name)
+          tags = Mihari::Models::Tag.distinct.pluck(:name)
           present({ tags: tags }, with: Entities::Tags)
         end
@@ -28,7 +28,7 @@ module Mihari
           name = params[:name].to_s
           result = Try do
-            Mihari::Tag.where(name: name).destroy_all
+            Mihari::Models::Tag.where(name: name).destroy_all
           end.to_result
           if result.success?