mihari 5.6.1 → 5.7.0

data/lib/mihari/schemas/mixins.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Schemas
+    #
+    # Mixins for schemas
+    #
+    module Mixins
+      def get_or_composition
+        schemas = constants.map { |sym| const_get sym }
+        return schemas.first if schemas.length <= 1
+
+        base, *others = schemas
+        others.each { |other| base = base.or(other) }
+
+        base
+      end
+    end
+  end
+end

data/lib/mihari/schemas/rule.rb

@@ -21,17 +21,10 @@ module Mihari
       optional(:created_on).value(:date)
       optional(:updated_on).value(:date)
 
-      required(:queries).value(:array).each do
-        AnalyzerAPIKey | AnalyzerAPIKeyPagination | Censys | CIRCL | PassiveTotal | ZoomEye | Crtsh | Feed | HunterHow | DNSTwister
-      end
-
-      optional(:emitters).value(:array).each do
-        Emitters::Database | Emitters::MISP | Emitters::TheHive | Emitters::Slack | Emitters::Webhook
-      end.default(DEFAULT_EMITTERS)
+      required(:queries).value(:array).each { Analyzer } # rubocop:disable Lint/Void
 
-      optional(:enrichers).value(:array).each do
-        Enrichers::Whois | Enrichers::IPInfo | Enrichers::Shodan | Enrichers::GooglePublicDNS
-      end.default(DEFAULT_ENRICHERS)
+      optional(:emitters).value(:array).each { Emitter }.default(DEFAULT_EMITTERS) # rubocop:disable Lint/Void
+      optional(:enrichers).value(:array).each { Enricher }.default(DEFAULT_ENRICHERS) # rubocop:disable Lint/Void
 
       optional(:data_types).value(array[Types::DataTypes]).default(Mihari::Types::DataTypes.values)
       optional(:falsepositives).value(array[:string]).default([])
@@ -40,6 +33,9 @@ module Mihari
       optional(:artifact_ttl).value(:integer)
     end
 
+    #
+    # Rule schema contract
+    #
     class RuleContract < Dry::Validation::Contract
       include Mihari::Mixins::FalsePositive
 

data/lib/mihari/service.rb

@@ -0,0 +1,16 @@
+module Mihari
+  #
+  # Base class for services
+  #
+  class Service
+    include Dry::Monads[:result, :try]
+
+    def call(*args, **kwargs)
+      raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+    end
+
+    def result
+      Try[StandardError] { call }.to_result
+    end
+  end
+end

data/lib/mihari/services/alert_builder.rb

@@ -8,9 +8,10 @@ require "yaml"
 
 module Mihari
   module Services
-    class AlertBuilder
-      include Dry::Monads[:result, :try]
-
+    #
+    # Alert builder
+    #
+    class AlertBuilder < Service
       # @return [String]
       attr_reader :path
 
@@ -20,6 +21,8 @@ module Mihari
       # @param [String] path
       #
       def initialize(path)
+        super()
+
         @path = path
       end
 
@@ -35,8 +38,8 @@ module Mihari
         )
       end
 
-      def result
-        Try[StandardError] { AlertProxy.new(data) }.to_result
+      def call
+        AlertProxy.new(**data)
       end
     end
   end

data/lib/mihari/services/alert_proxy.rb

@@ -4,7 +4,10 @@ require "json"
 
 module Mihari
   module Services
-    class AlertProxy
+    #
+    # Alert proxy
+    #
+    class AlertProxy < Service
       # @return [Hash]
       attr_reader :data
 
@@ -16,7 +19,9 @@ module Mihari
       #
       # @param [Hash] data
       #
-      def initialize(data)
+      def initialize(**data)
+        super()
+
         @data = data.deep_symbolize_keys
         @errors = nil
 
@@ -54,21 +59,24 @@ module Mihari
       end
 
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def artifacts
         @artifacts ||= data[:artifacts].map do |data|
-          artifact = Artifact.new(data: data)
+          artifact = Models::Artifact.new(data: data)
           artifact.rule_id = rule_id
           artifact
         end.uniq(&:data).select(&:valid?)
       end
 
       #
-      # @return [Mihari::Services::RuleProxy]
+      # @return [Mihari::Rule]
       #
       def rule
-        @rule ||= Services::RuleProxy.new(Mihari::Rule.find(rule_id).data)
+        @rule ||= [].tap do |out|
+          data = Mihari::Models::Rule.find(rule_id).data
+          out << Rule.new(**data)
+        end.first
       end
 
       class << self
@@ -80,7 +88,8 @@ module Mihari
         # @return [Mihari::Services::Alert]
         #
         def from_yaml(yaml)
-          new YAML.safe_load(yaml, permitted_classes: [Date, Symbol])
+          data = YAML.safe_load(yaml, permitted_classes: [Date, Symbol])
+          new(**data)
         end
       end
     end

data/lib/mihari/services/alert_runner.rb

@@ -2,29 +2,25 @@
 
 module Mihari
   module Services
-    class AlertRunner
-      include Dry::Monads[:result, :try]
-
+    #
+    # Alert runner
+    #
+    class AlertRunner < Service
       # @return [Mihari::Services::AlertProxy]
       attr_reader :alert
 
       def initialize(alert)
-        @alert = alert
-      end
+        super()
 
-      #
-      # @return [Mihari::Alert]
-      #
-      def run
-        emitter = Emitters::Database.new(artifacts: alert.artifacts, rule: alert.rule)
-        emitter.emit
+        @alert = alert
       end
 
       #
-      # @return [Dry::Monads::Result::Success<Mihari::Alert, nil>, Dry::Monads::Result::Failure]
+      # @return [Mihari::Models::Alert]
       #
-      def result
-        Try[StandardError] { run }.to_result
+      def call
+        emitter = Emitters::Database.new(rule: alert.rule)
+        emitter.call alert.artifacts
       end
     end
   end

data/lib/mihari/services/rule_builder.rb

@@ -7,9 +7,10 @@ require "yaml"
 
 module Mihari
   module Services
-    class RuleBuilder
-      include Dry::Monads[:result, :try]
-
+    #
+    # Rule builder
+    #
+    class RuleBuilder < Service
       # @return [String]
       attr_reader :path_or_id
 
@@ -19,6 +20,8 @@ module Mihari
       # @param [String] path_or_id
       #
       def initialize(path_or_id)
+        super()
+
         @path_or_id = path_or_id
       end
 
@@ -26,8 +29,8 @@ module Mihari
       # @return [Hash]
       #
       def data
-        if Mihari::Rule.exists?(path_or_id)
-          rule = Mihari::Rule.find(path_or_id)
+        if Mihari::Models::Rule.exists?(path_or_id)
+          rule = Mihari::Models::Rule.find(path_or_id)
           return rule.data
         end
 
@@ -39,8 +42,8 @@ module Mihari
         )
       end
 
-      def result
-        Try[StandardError] { RuleProxy.new(data) }.to_result
+      def call
+        Rule.new(**data)
       end
     end
   end

data/lib/mihari/services/rule_runner.rb

@@ -2,13 +2,18 @@
 
 module Mihari
   module Services
-    class RuleRunner
+    #
+    # Rule runner
+    #
+    class RuleRunner < Service
       include Dry::Monads[:result, :try]
 
-      # @return [Mihari::Services::RuleProxy]
+      # @return [Mihari::Rule]
       attr_reader :rule
 
       def initialize(rule)
+        super()
+
         @rule = rule
       end
 
@@ -16,7 +21,7 @@ module Mihari
       # @return [Boolean]
       #
       def diff?
-        model = Mihari::Rule.find(rule.id)
+        model = Mihari::Models::Rule.find(rule.id)
         model.data != rule.data.deep_stringify_keys
       rescue ActiveRecord::RecordNotFound
         false
@@ -27,17 +32,10 @@ module Mihari
       end
 
       #
-      # @return [Mihari::Alert, nil]
-      #
-      def run
-        rule.analyzer.run
-      end
-
-      #
-      # @return [Dry::Monads::Result::Success<Mihari::Alert, nil>, Dry::Monads::Result::Failure]
+      # @return [Mihari::Models::Alert, nil]
       #
-      def result
-        Try[StandardError] { run }.to_result
+      def call
+        rule.call
       end
     end
   end

data/lib/mihari/structs/binaryedge.rb

@@ -1,16 +1,13 @@
+# frozen_string_literal: true
+
 module Mihari
   module Structs
     module BinaryEdge
       class Target < Dry::Struct
+        # @!attribute [r] ip
+        #   @return [String]
         attribute :ip, Types::String
 
-        #
-        # @return [String]
-        #
-        def ip
-          attributes[:ip]
-        end
-
         class << self
           def from_dynamic!(d)
             d = Types::Hash[d]
@@ -22,15 +19,10 @@ module Mihari
       end
 
       class Event < Dry::Struct
+        # @!attribute [r] target
+        #   @return [Target]
         attribute :target, Target
 
-        #
-        # @return [Target]
-        #
-        def target
-          attributes[:target]
-        end
-
         class << self
           def from_dynamic!(d)
             d = Types::Hash[d]
@@ -43,33 +35,26 @@ module Mihari
 
       class Response < Dry::Struct
         # @!attribute [r] page
-        # @return [Integer]
-        attribute :page, Types::Integer
+        #   @return [Integer]
+        attribute :page, Types::Int
 
         # @!attribute [r] pagesize
-        # @return [Integer]
-        attribute :pagesize, Types::Integer
+        #   @return [Integer]
+        attribute :pagesize, Types::Int
 
         # @!attribute [r] total
-        # @return [Integer]
-        attribute :total, Types::Integer
+        #   @return [Integer]
+        attribute :total, Types::Int
 
         # @!attribute [r] events
-        # @return [Array<Event>]
+        #   @return [Array<Event>]
         attribute :events, Types.Array(Event)
 
-        #
-        # @return [Array<Event>]
-        #
-        def events
-          attributes[:events]
-        end
-
         #
         # @return [Array<Artifact>]
         #
         def artifacts
-          events.map { |event| Artifact.new(data: event.target.ip) }
+          events.map { |event| Models::Artifact.new(data: event.target.ip) }
         end
 
         class << self

data/lib/mihari/structs/censys.rb

@@ -6,20 +6,15 @@ module Mihari
       class AutonomousSystem < Dry::Struct
         include Mixins::AutonomousSystem
 
+        # @!attribute [r] asn
+        #   @return [Integer]
         attribute :asn, Types::Int
 
-        #
-        # @return [Integer]
-        #
-        def asn
-          attributes[:asn]
-        end
-
         #
         # @return [Mihari::AutonomousSystem]
         #
         def as
-          Mihari::AutonomousSystem.new(asn: normalize_asn(asn))
+          Mihari::Models::AutonomousSystem.new(asn: normalize_asn(asn))
         end
 
         class << self
@@ -38,22 +33,13 @@ module Mihari
       end
 
       class Location < Dry::Struct
+        # @!attribute [r] country
+        #   @return [String, nil]
         attribute :country, Types::String.optional
-        attribute :country_code, Types::String.optional
 
-        #
-        # @return [String, nil]
-        #
-        def country
-          attributes[:country]
-        end
-
-        #
-        # @return [String, nil]
-        #
-        def country_code
-          attributes[:country_code]
-        end
+        # @!attribute [r] country_code
+        #   @return [String, nil]
+        attribute :country_code, Types::String.optional
 
         #
         # @return [Mihari::Geolocation] <description>
@@ -63,7 +49,7 @@ module Mihari
           # then set geolocation as nil
           return nil if country.nil?
 
-          Mihari::Geolocation.new(
+          Mihari::Models::Geolocation.new(
             country: country,
             country_code: country_code
           )
@@ -86,20 +72,15 @@ module Mihari
       end
 
       class Service < Dry::Struct
-        attribute :port, Types::Integer
-
-        #
-        # @return [Integer]
-        #
-        def port
-          attributes[:port]
-        end
+        # @!attribute [r] port
+        #   @return [Integer, nil]
+        attribute :port, Types::Int
 
         #
         # @return [Mihari::Port]
         #
         def _port
-          Port.new(port: port)
+          Models::Port.new(port: port)
         end
 
         class << self
@@ -118,46 +99,25 @@ module Mihari
       end
 
       class Hit < Dry::Struct
+        # @!attribute [r] ip
+        #   @return [String]
         attribute :ip, Types::String
-        attribute :location, Location
-        attribute :autonomous_system, AutonomousSystem
-        attribute :metadata, Types::Hash
-        attribute :services, Types.Array(Service)
 
-        #
-        # @return [String]
-        #
-        def ip
-          attributes[:ip]
-        end
-
-        #
-        # @return [Location]
-        #
-        def location
-          attributes[:location]
-        end
+        # @!attribute [r] location
+        #   @return [Location]
+        attribute :location, Location
 
-        #
-        # @return [AutonomousSystem]
-        #
-        def autonomous_system
-          attributes[:autonomous_system]
-        end
+        # @!attribute [r] autonomous_system
+        #   @return [AutonomousSystem]
+        attribute :autonomous_system, AutonomousSystem
 
-        #
-        # @return [Hash]
-        #
-        def metadata
-          attributes[:metadata]
-        end
+        # @!attribute [r] metadata
+        #   @return [Hash]
+        attribute :metadata, Types::Hash
 
-        #
-        # @return [Array<Service>]
-        #
-        def services
-          attributes[:services]
-        end
+        # @!attribute [r] services
+        #   @return [Array<Service>]
+        attribute :services, Types.Array(Service)
 
         #
         # @return [Array<Mihari::Port>]
@@ -167,10 +127,10 @@ module Mihari
         end
 
         #
-        # @return [Mihari::Artifact]
+        # @return [Mihari::Models::Artifact]
         #
         def artifact
-          Artifact.new(
+          Models::Artifact.new(
             data: ip,
             metadata: metadata,
             autonomous_system: autonomous_system.as,
@@ -199,22 +159,13 @@ module Mihari
       end
 
       class Links < Dry::Struct
+        # @!attribute [r] next
+        #   @return [String, nil]
         attribute :next, Types::String.optional
-        attribute :prev, Types::String.optional
 
-        #
-        # @return [String, nil]
-        #
-        def next
-          attributes[:next]
-        end
-
-        #
-        # @return [String, nil]
-        #
-        def prev
-          attributes[:prev]
-        end
+        # @!attribute [r] prev
+        #   @return [String, nil]
+        attribute :prev, Types::String.optional
 
         class << self
           #
@@ -233,41 +184,24 @@ module Mihari
       end
 
       class Result < Dry::Struct
+        # @!attribute [r] query
+        #   @return [String]
         attribute :query, Types::String
-        attribute :total, Types::Int
-        attribute :hits, Types.Array(Hit)
-        attribute :links, Links
 
-        #
-        # @return [String]
-        #
-        def query
-          attributes[:query]
-        end
-
-        #
-        # @return [Integer]
-        #
-        def total
-          attributes[:total]
-        end
+        # @!attribute [r] total
+        #   @return [Integer]
+        attribute :total, Types::Int
 
-        #
-        # @return [Array<Hit>]
-        #
-        def hits
-          attributes[:hits]
-        end
+        # @!attribute [r] hits
+        #   @return [Array<Hit>]
+        attribute :hits, Types.Array(Hit)
 
-        #
-        # @return [Links]
-        #
-        def links
-          attributes[:links]
-        end
+        # @!attribute [r] links
+        #   @return [Links]
+        attribute :links, Links
 
         #
-        # @return [Array<Mihari::Artifact>]
+        # @return [Array<Mihari::Models::Artifact>]
         #
         def artifacts
           hits.map(&:artifact)
@@ -292,30 +226,17 @@ module Mihari
       end
 
       class Response < Dry::Struct
+        # @!attribute [r] code
+        #   @return [Integer]
         attribute :code, Types::Int
-        attribute :status, Types::String
-        attribute :result, Result
-
-        #
-        # @return [Integer]
-        #
-        def code
-          attributes[:code]
-        end
 
-        #
-        # @return [String]
-        #
-        def status
-          attributes[:status]
-        end
+        # @!attribute [r] status
+        #   @return [String]
+        attribute :status, Types::String
 
-        #
-        # @return [Result]
-        #
-        def result
-          attributes[:result]
-        end
+        # @!attribute [r] result
+        #   @return [Result]
+        attribute :result, Result
 
         class << self
           #