mihari 5.6.1 → 5.7.0

data/lib/mihari/web/api.rb

@@ -9,17 +9,22 @@ require "mihari/web/endpoints/rules"
 require "mihari/web/endpoints/tags"
 
 module Mihari
-  class API < Grape::API
-    prefix "api"
-    format :json
+  module Web
+    #
+    # Grape API
+    #
+    class API < Grape::API
+      prefix "api"
+      format :json
 
-    mount Endpoints::Alerts
-    mount Endpoints::Artifacts
-    mount Endpoints::Configs
-    mount Endpoints::IPAddresses
-    mount Endpoints::Rules
-    mount Endpoints::Tags
+      mount Endpoints::Alerts
+      mount Endpoints::Artifacts
+      mount Endpoints::Configs
+      mount Endpoints::IPAddresses
+      mount Endpoints::Rules
+      mount Endpoints::Tags
 
-    add_swagger_documentation(api_version: "v1", info: { title: "Mihari API" })
+      add_swagger_documentation(api_version: "v1", info: { title: "Mihari API" })
+    end
   end
 end

data/lib/mihari/web/app.rb

@@ -17,72 +17,77 @@ require "mihari/web/middleware/error_notification_adapter"
 require "mihari/web/api"
 
 module Mihari
-  class App
-    def initialize
-      @filenames = ["", ".html", "index.html", "/index.html"]
-      @rack_static = Rack::Static.new(
-        -> { [404, {}, []] },
-        root: File.expand_path("./public", __dir__),
-        urls: ["/"]
-      )
-    end
+  module Web
+    #
+    # Rack + Grape based web app
+    #
+    class App
+      def initialize
+        @filenames = ["", ".html", "index.html", "/index.html"]
+        @rack_static = Rack::Static.new(
+          -> { [404, {}, []] },
+          root: File.expand_path("./public", __dir__),
+          urls: ["/"]
+        )
+      end
 
-    class << self
-      def instance
-        @instance ||= Rack::Builder.new do
-          use Rack::Cors do
-            allow do
-              origins "*"
-              resource "*", headers: :any, methods: %i[get post put delete options]
+      class << self
+        def instance
+          @instance ||= Rack::Builder.new do
+            use Rack::Cors do
+              allow do
+                origins "*"
+                resource "*", headers: :any, methods: %i[get post put delete options]
+              end
             end
-          end
 
-          use Middleware::ConnectionAdapter
-          use Middleware::ErrorNotificationAdapter
+            use Middleware::ConnectionAdapter
+            use Middleware::ErrorNotificationAdapter
 
-          run App.new
-        end.to_app
-      end
+            run App.new
+          end.to_app
+        end
 
-      def run!(port: 9292, host: "localhost", threads: "0:5", verbose: false, worker_timeout: 60, open: true)
-        url = "http://#{host}:#{port}"
+        def run!(port: 9292, host: "localhost", threads: "0:5", verbose: false, worker_timeout: 60, open: true)
+          url = "http://#{host}:#{port}"
 
-        # set maximum number of threads to use as PARALLEL_PROCESSOR_COUNT (if it is not set)
-        # ref. https://github.com/grosser/parallel#tips
-        # TODO: is this the best way?
-        _min_thread, max_thread = threads.split(":")
-        ENV["PARALLEL_PROCESSOR_COUNT"] = max_thread if ENV["PARALLEL_PROCESSOR_COUNT"].nil?
-        Rackup::Handler::Puma.run(
-          instance,
-          Port: port,
-          Host: host,
-          Threads: threads,
-          Verbose: verbose,
-          worker_timeout: worker_timeout
-        ) do |_|
-          Launchy.open(url) if ENV["RACK_ENV"] != "development" && open
-        rescue Launchy::CommandNotFoundError
-          # ref. https://github.com/ninoseki/mihari/issues/477
-          # do nothing
+          # set maximum number of threads to use as PARALLEL_PROCESSOR_COUNT (if it is not set)
+          # ref. https://github.com/grosser/parallel#tips
+          # TODO: is this the best way?
+          _min_thread, max_thread = threads.split(":")
+          ENV["PARALLEL_PROCESSOR_COUNT"] = max_thread if ENV["PARALLEL_PROCESSOR_COUNT"].nil?
+          Rackup::Handler::Puma.run(
+            instance,
+            Port: port,
+            Host: host,
+            Threads: threads,
+            Verbose: verbose,
+            worker_timeout: worker_timeout
+          ) do |_|
+            Launchy.open(url) if ENV["RACK_ENV"] != "development" && open
+          rescue Launchy::CommandNotFoundError
+            # ref. https://github.com/ninoseki/mihari/issues/477
+            # do nothing
+          end
         end
       end
-    end
 
-    def call(env)
-      # api
-      api_response = API.call(env)
+      def call(env)
+        # api
+        api_response = API.call(env)
 
-      # Check if the App wants us to pass the response along to others
-      if api_response[1]["X-Cascade"] == "pass"
-        # static files
-        request_path = env["PATH_INFO"]
-        @filenames.each do |path|
-          response = @rack_static.call(env.merge("PATH_INFO" => request_path + path))
-          return response if response[0] != 404
+        # Check if the App wants us to pass the response along to others
+        if api_response[1]["X-Cascade"] == "pass"
+          # static files
+          request_path = env["PATH_INFO"]
+          @filenames.each do |path|
+            response = @rack_static.call(env.merge("PATH_INFO" => request_path + path))
+            return response if response[0] != 404
+          end
         end
-      end
 
-      api_response
+        api_response
+      end
     end
   end
 end

data/lib/mihari/web/endpoints/alerts.rb

@@ -1,110 +1,115 @@
 # frozen_string_literal: true
 
 module Mihari
-  module Endpoints
-    class Alerts < Grape::API
-      namespace :alerts do
-        desc "Search alerts", {
-          is_array: true,
-          success: Entities::AlertsWithPagination,
-          failure: [{ code: 404, message: "Not found", model: Entities::Message }],
-          summary: "Search alerts"
-        }
-        params do
-          optional :page, type: Integer, default: 1
-          optional :limit, type: Integer, default: 10
+  module Web
+    module Endpoints
+      #
+      # Alert API endpoint
+      #
+      class Alerts < Grape::API
+        namespace :alerts do
+          desc "Search alerts", {
+            is_array: true,
+            success: Entities::AlertsWithPagination,
+            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            summary: "Search alerts"
+          }
+          params do
+            optional :page, type: Integer, default: 1
+            optional :limit, type: Integer, default: 10
 
-          optional :artifact, type: String
-          optional :rule_id, type: String
-          optional :tag, type: String
+            optional :artifact, type: String
+            optional :rule_id, type: String
+            optional :tag, type: String
 
-          optional :fromAt, type: DateTime
-          optional :toAt, type: DateTime
-        end
-        get "/" do
-          filter = params.to_h.to_snake_keys
+            optional :fromAt, type: DateTime
+            optional :toAt, type: DateTime
+          end
+          get "/" do
+            filter = params.to_h.to_snake_keys
 
-          # normalize keys
-          filter["artifact_data"] = filter["artifact"]
-          filter["tag_name"] = filter["tag"]
-          # symbolize hash keys
-          filter = filter.to_h.symbolize_keys
+            # normalize keys
+            filter["artifact_data"] = filter["artifact"]
+            filter["tag_name"] = filter["tag"]
+            # symbolize hash keys
+            filter = filter.to_h.symbolize_keys
 
-          search_filter_with_pagination = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
-          alerts = Mihari::Alert.search(search_filter_with_pagination)
-          total = Mihari::Alert.count(search_filter_with_pagination.without_pagination)
+            search_filter_with_pagination = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
+            alerts = Mihari::Models::Alert.search(search_filter_with_pagination)
+            total = Mihari::Models::Alert.count(search_filter_with_pagination.without_pagination)
 
-          present(
-            {
-              alerts: alerts,
-              total: total,
-              current_page: filter[:page].to_i,
-              page_size: filter[:limit].to_i
-            },
-            with: Entities::AlertsWithPagination
-          )
-        end
+            present(
+              {
+                alerts: alerts,
+                total: total,
+                current_page: filter[:page].to_i,
+                page_size: filter[:limit].to_i
+              },
+              with: Entities::AlertsWithPagination
+            )
+          end
 
-        desc "Delete an alert", {
-          success: Entities::Message,
-          failure: [{ code: 404, message: "Not found", model: Entities::Message }],
-          summary: "Delete an alert"
-        }
-        params do
-          requires :id, type: Integer
-        end
-        delete "/:id" do
-          extend Dry::Monads[:result, :try]
+          desc "Delete an alert", {
+            success: Entities::Message,
+            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            summary: "Delete an alert"
+          }
+          params do
+            requires :id, type: Integer
+          end
+          delete "/:id" do
+            extend Dry::Monads[:result, :try]
 
-          id = params["id"].to_i
+            id = params["id"].to_i
 
-          result = Try do
-            alert = Mihari::Alert.find(id)
-            alert.destroy
-          end.to_result
+            result = Try do
+              alert = Mihari::Models::Alert.find(id)
+              alert.destroy
+            end.to_result
 
-          if result.success?
-            status 204
-            return present({ message: "" }, with: Entities::Message)
-          end
+            if result.success?
+              status 204
+              return present({ message: "" }, with: Entities::Message)
+            end
 
-          failure = result.failure
-          case failure
-          when ActiveRecord::RecordNotFound
-            error!({ message: "ID:#{id} is not found" }, 404)
-          else
-            raise failure
+            failure = result.failure
+            case failure
+            when ActiveRecord::RecordNotFound
+              error!({ message: "ID:#{id} is not found" }, 404)
+            else
+              raise failure
+            end
           end
-        end
 
-        desc "Create an alert", {
-          success: Entities::Alert,
-          summary: "Create an alert"
-        }
-        params do
-          requires :ruleId, type: String, documentation: { param_type: "body" }
-          requires :artifacts, type: Array, documentation: { type: String, is_array: true, param_type: "body" }
-        end
-        post "/" do
-          extend Dry::Monads[:result, :try]
+          desc "Create an alert", {
+            success: Entities::Alert,
+            summary: "Create an alert"
+          }
+          params do
+            requires :ruleId, type: String, documentation: { param_type: "body" }
+            requires :artifacts, type: Array, documentation: { type: String, is_array: true, param_type: "body" }
+          end
+          post "/" do
+            extend Dry::Monads[:result, :try]
 
-          result = Try do
-            proxy = Services::AlertProxy.new(params.to_snake_keys)
-            runner = Services::AlertRunner.new(proxy)
-            runner.run
-          end.to_result
+            result = Try do
+              proxy = Services::AlertProxy.new(**params.to_snake_keys)
+              runner = Services::AlertRunner.new(proxy)
+              runner.call
+            end.to_result
 
-          if result.success?
-            status 201
-            return present(result.value!, with: Entities::Alert)
-          end
+            if result.success?
+              status 201
+              return present(result.value!, with: Entities::Alert)
+            end
 
-          failure = result.failure
-          case failure
-          when ActiveRecord::RecordNotFound
-            error!({ message: "Rule:#{params["ruleId"]} is not found" }, 404)
-          else
-            raise failure
+            failure = result.failure
+            case failure
+            when ActiveRecord::RecordNotFound
+              error!({ message: "Rule:#{params["ruleId"]} is not found" }, 404)
+            else
+              raise failure
+            end
           end
         end
       end

data/lib/mihari/web/endpoints/artifacts.rb

@@ -1,122 +1,127 @@
 # frozen_string_literal: true
 
 module Mihari
-  module Endpoints
-    class Artifacts < Grape::API
-      namespace :artifacts do
-        desc "Get an artifact", {
-          success: Entities::Artifact,
-          failure: [{ code: 404, message: "Not found", model: Entities::Message }],
-          summary: "Get an artifact"
-        }
-        params do
-          requires :id, type: Integer
-        end
-        get "/:id" do
-          extend Dry::Monads[:result, :try]
-
-          id = params[:id].to_i
-
-          result = Try do
-            artifact = Mihari::Artifact.includes(
-              :autonomous_system,
-              :geolocation,
-              :whois_record,
-              :dns_records,
-              :reverse_dns_names
-            ).find(id)
-            # TODO: improve queries
-            alert_ids = Mihari::Artifact.where(data: artifact.data).pluck(:alert_id)
-            tag_ids = Mihari::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
-            tag_names = Mihari::Tag.where(id: tag_ids).distinct.pluck(:name)
-
-            artifact.tags = tag_names
-
-            artifact
-          end.to_result
-
-          return present(result.value!, with: Entities::Artifact) if result.success?
-
-          failure = result.failure
-          case failure
-          when ActiveRecord::RecordNotFound
-            error!({ message: "ID:#{id} is not found" }, 404)
-          else
-            raise failure
+  module Web
+    module Endpoints
+      #
+      # Artifact API endpoint
+      #
+      class Artifacts < Grape::API
+        namespace :artifacts do
+          desc "Get an artifact", {
+            success: Entities::Artifact,
+            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            summary: "Get an artifact"
+          }
+          params do
+            requires :id, type: Integer
           end
-        end
-
-        desc "Enrich an artifact", {
-          success: Entities::Message,
-          failure: [{ code: 404, message: "Not found", model: Entities::Message }],
-          summary: "Enrich an artifact"
-        }
-        params do
-          requires :id, type: Integer
-        end
-        get "/:id/enrich" do
-          extend Dry::Monads[:result, :try]
-
-          id = params["id"].to_i
-
-          result = Try do
-            artifact = Mihari::Artifact.includes(
-              :autonomous_system,
-              :geolocation,
-              :whois_record,
-              :dns_records,
-              :reverse_dns_names,
-              :cpes,
-              :ports
-            ).find(id)
-
-            artifact.enrich_all
-            artifact.save
-          end.to_result
-
-          if result.success?
-            status 201
-            return present({ message: "" }, with: Entities::Message)
+          get "/:id" do
+            extend Dry::Monads[:result, :try]
+
+            id = params[:id].to_i
+
+            result = Try do
+              artifact = Mihari::Models::Artifact.includes(
+                :autonomous_system,
+                :geolocation,
+                :whois_record,
+                :dns_records,
+                :reverse_dns_names
+              ).find(id)
+              # TODO: improve queries
+              alert_ids = Mihari::Models::Artifact.where(data: artifact.data).pluck(:alert_id)
+              tag_ids = Mihari::Models::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
+              tag_names = Mihari::Models::Tag.where(id: tag_ids).distinct.pluck(:name)
+
+              artifact.tags = tag_names
+
+              artifact
+            end.to_result
+
+            return present(result.value!, with: Entities::Artifact) if result.success?
+
+            failure = result.failure
+            case failure
+            when ActiveRecord::RecordNotFound
+              error!({ message: "ID:#{id} is not found" }, 404)
+            else
+              raise failure
+            end
           end
 
-          failure = result.failure
-          case failure
-          when ActiveRecord::RecordNotFound
-            error!({ message: "ID:#{id} is not found" }, 404)
-          else
-            raise failure
+          desc "Enrich an artifact", {
+            success: Entities::Message,
+            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            summary: "Enrich an artifact"
+          }
+          params do
+            requires :id, type: Integer
           end
-        end
-
-        desc "Delete an artifact", {
-          success: Entities::Message,
-          failure: [{ code: 404, message: "Not found", model: Entities::Message }],
-          summary: "Delete an artifact"
-        }
-        params do
-          requires :id, type: Integer
-        end
-        delete "/:id" do
-          extend Dry::Monads[:result, :try]
-
-          id = params["id"].to_i
-
-          result = Try do
-            alert = Mihari::Artifact.find(id)
-            alert.destroy
-          end.to_result
-
-          if result.success?
-            status 204
-            return present({ message: "" }, with: Entities::Message)
+          get "/:id/enrich" do
+            extend Dry::Monads[:result, :try]
+
+            id = params["id"].to_i
+
+            result = Try do
+              artifact = Mihari::Models::Artifact.includes(
+                :autonomous_system,
+                :geolocation,
+                :whois_record,
+                :dns_records,
+                :reverse_dns_names,
+                :cpes,
+                :ports
+              ).find(id)
+
+              artifact.enrich_all
+              artifact.save
+            end.to_result
+
+            if result.success?
+              status 201
+              return present({ message: "" }, with: Entities::Message)
+            end
+
+            failure = result.failure
+            case failure
+            when ActiveRecord::RecordNotFound
+              error!({ message: "ID:#{id} is not found" }, 404)
+            else
+              raise failure
+            end
           end
 
-          failure = result.failure
-          case failure
-          when ActiveRecord::RecordNotFound
-            error!({ message: "ID:#{id} is not found" }, 404)
-          else
-            raise failure
+          desc "Delete an artifact", {
+            success: Entities::Message,
+            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            summary: "Delete an artifact"
+          }
+          params do
+            requires :id, type: Integer
+          end
+          delete "/:id" do
+            extend Dry::Monads[:result, :try]
+
+            id = params["id"].to_i
+
+            result = Try do
+              alert = Mihari::Models::Artifact.find(id)
+              alert.destroy
+            end.to_result
+
+            if result.success?
+              status 204
+              return present({ message: "" }, with: Entities::Message)
+            end
+
+            failure = result.failure
+            case failure
+            when ActiveRecord::RecordNotFound
+              error!({ message: "ID:#{id} is not found" }, 404)
+            else
+              raise failure
+            end
           end
         end
       end

data/lib/mihari/web/endpoints/configs.rb

@@ -1,20 +1,25 @@
 # frozen_string_literal: true
 
 module Mihari
-  module Endpoints
-    class Configs < Grape::API
-      namespace :configs do
-        desc "Get configs", {
-          is_array: true,
-          success: Entities::Config,
-          summary: "Get configs"
-        }
-        get "/" do
-          configs = (Mihari.analyzers + Mihari.emitters + Mihari.enrichers).filter_map do |klass|
-            Mihari::Structs::Config.from_class(klass)
-          end
+  module Web
+    module Endpoints
+      #
+      # Config API endpoint
+      #
+      class Configs < Grape::API
+        namespace :configs do
+          desc "Get configs", {
+            is_array: true,
+            success: Entities::Config,
+            summary: "Get configs"
+          }
+          get "/" do
+            configs = (Mihari.analyzers + Mihari.emitters + Mihari.enrichers).filter_map do |klass|
+              Mihari::Structs::Config.from_class(klass)
+            end
 
-          present(configs, with: Entities::Config)
+            present(configs, with: Entities::Config)
+          end
         end
       end
     end