mihari 5.6.1 → 5.7.0

data/lib/mihari/web/public/assets/mode-yaml-24faa242.js

@@ -0,0 +1,8 @@
+ace.define("ace/mode/yaml_highlight_rules",["require","exports","module","ace/lib/oop","ace/mode/text_highlight_rules"],function(e,t,n){"use strict";var r=e("../lib/oop"),i=e("./text_highlight_rules").TextHighlightRules,s=function(){this.$rules={start:[{token:"comment",regex:"#.*$"},{token:"list.markup",regex:/^(?:-{3}|\.{3})\s*(?=#|$)/},{token:"list.markup",regex:/^\s*[\-?](?:$|\s)/},{token:"constant",regex:"!![\\w//]+"},{token:"constant.language",regex:"[&\\*][a-zA-Z0-9-_]+"},{token:["meta.tag","keyword"],regex:/^(\s*\w[^\s:]*?)(:(?=\s|$))/},{token:["meta.tag","keyword"],regex:/(\w[^\s:]*?)(\s*:(?=\s|$))/},{token:"keyword.operator",regex:"<<\\w*:\\w*"},{token:"keyword.operator",regex:"-\\s*(?=[{])"},{token:"string",regex:'["](?:(?:\\\\.)|(?:[^"\\\\]))*?["]'},{token:"string",regex:/[|>][-+\d]*(?:$|\s+(?:$|#))/,onMatch:function(e,t,n,r){r=r.replace(/ #.*/,"");var i=/^ *((:\s*)?-(\s*[^|>])?)?/.exec(r)[0].replace(/\S\s*$/,"").length,s=parseInt(/\d+[\s+-]*$/.exec(r));return s?(i+=s-1,this.next="mlString"):this.next="mlStringPre",n.length?(n[0]=this.next,n[1]=i):(n.push(this.next),n.push(i)),this.token},next:"mlString"},{token:"string",regex:"['](?:(?:\\\\.)|(?:[^'\\\\]))*?[']"},{token:"constant.numeric",regex:/(\b|[+\-\.])[\d_]+(?:(?:\.[\d_]*)?(?:[eE][+\-]?[\d_]+)?)(?=[^\d-\w]|$)$/},{token:"constant.numeric",regex:/[+\-]?\.inf\b|NaN\b|0x[\dA-Fa-f_]+|0b[10_]+/},{token:"constant.language.boolean",regex:"\\b(?:true|false|TRUE|FALSE|True|False|yes|no)\\b"},{token:"paren.lparen",regex:"[[({]"},{token:"paren.rparen",regex:"[\\])}]"},{token:"text",regex:/[^\s,:\[\]\{\}]+/}],mlStringPre:[{token:"indent",regex:/^ *$/},{token:"indent",regex:/^ */,onMatch:function(e,t,n){var r=n[1];return r>=e.length?(this.next="start",n.shift(),n.shift()):(n[1]=e.length-1,this.next=n[0]="mlString"),this.token},next:"mlString"},{defaultToken:"string"}],mlString:[{token:"indent",regex:/^ *$/},{token:"indent",regex:/^ */,onMatch:function(e,t,n){var r=n[1];return r>=e.length?(this.next="start",n.splice(0)):this.next="mlString",this.token},next:"mlString"},{token:"string",regex:".+"}]},this.normalizeRules()};r.inherits(s,i),t.YamlHighlightRules=s}),ace.define("ace/mode/matching_brace_outdent",["require","exports","module","ace/range"],function(e,t,n){"use strict";var r=e("../range").Range,i=function(){};(function(){this.checkOutdent=function(e,t){return/^\s+$/.test(e)?/^\s*\}/.test(t):!1},this.autoOutdent=function(e,t){var n=e.getLine(t),i=n.match(/^(\s*\})/);if(!i)return 0;var s=i[1].length,o=e.findMatchingBracket({row:t,column:s});if(!o||o.row==t)return 0;var u=this.$getIndent(e.getLine(o.row));e.replace(new r(t,0,t,s-1),u)},this.$getIndent=function(e){return e.match(/^\s*/)[0]}}).call(i.prototype),t.MatchingBraceOutdent=i}),ace.define("ace/mode/folding/coffee",["require","exports","module","ace/lib/oop","ace/mode/folding/fold_mode","ace/range"],function(e,t,n){"use strict";var r=e("../../lib/oop"),i=e("./fold_mode").FoldMode,s=e("../../range").Range,o=t.FoldMode=function(){};r.inherits(o,i),function(){this.commentBlock=function(e,t){var n=/\S/,r=e.getLine(t),i=r.search(n);if(i==-1||r[i]!="#")return;var o=r.length,u=e.getLength(),a=t,f=t;while(++t<u){r=e.getLine(t);var l=r.search(n);if(l==-1)continue;if(r[l]!="#")break;f=t}if(f>a){var c=e.getLine(f).length;return new s(a,o,f,c)}},this.getFoldWidgetRange=function(e,t,n){var r=this.indentationBlock(e,n);if(r)return r;r=this.commentBlock(e,n);if(r)return r},this.getFoldWidget=function(e,t,n){var r=e.getLine(n),i=r.search(/\S/),s=e.getLine(n+1),o=e.getLine(n-1),u=o.search(/\S/),a=s.search(/\S/);if(i==-1)return e.foldWidgets[n-1]=u!=-1&&u<a?"start":"","";if(u==-1){if(i==a&&r[i]=="#"&&s[i]=="#")return e.foldWidgets[n-1]="",e.foldWidgets[n+1]="","start"}else if(u==i&&r[i]=="#"&&o[i]=="#"&&e.getLine(n-2).search(/\S/)==-1)return e.foldWidgets[n-1]="start",e.foldWidgets[n+1]="","";return u!=-1&&u<i?e.foldWidgets[n-1]="start":e.foldWidgets[n-1]="",i<a?"start":""}}.call(o.prototype)}),ace.define("ace/mode/folding/yaml",["require","exports","module","ace/lib/oop","ace/mode/folding/coffee","ace/range"],function(e,t,n){"use strict";var r=e("../../lib/oop"),i=e("./coffee").FoldMode,s=e("../../range").Range,o=t.FoldMode=function(){};r.inherits(o,i),function(){this.getFoldWidgetRange=function(e,t,n){var r=/\S/,i=e.getLine(n),o=i.search(r),u=i[o]==="#",a=i[o]==="-";if(o==-1)return;var f=i.length,l=e.getLength(),c=n,h=n;if(u){var p=this.commentBlock(e,n);if(p)return p}else if(a){var p=this.indentationBlock(e,n);if(p)return p}else while(++n<l){var i=e.getLine(n),d=i.search(r);if(d==-1)continue;if(d<=o&&i[o]!=="-"){var v=e.getTokenAt(n,0);if(!v||v.type!=="string")break}h=n}if(h>c){var m=e.getLine(h).length;return new s(c,f,h,m)}},this.getFoldWidget=function(e,t,n){var r=e.getLine(n),i=r.search(/\S/),s=e.getLine(n+1),o=e.getLine(n-1),u=o.search(/\S/),a=s.search(/\S/),f=r[i]==="-";if(i==-1)return e.foldWidgets[n-1]=u!=-1&&u<a?"start":"","";if(u==-1){if(i==a&&r[i]=="#"&&s[i]=="#")return e.foldWidgets[n-1]="",e.foldWidgets[n+1]="","start"}else if(u==i&&r[i]=="#"&&o[i]=="#"&&e.getLine(n-2).search(/\S/)==-1)return e.foldWidgets[n-1]="start",e.foldWidgets[n+1]="","";return u!=-1&&u<i?e.foldWidgets[n-1]="start":u!=-1&&u==i&&f?e.foldWidgets[n-1]="start":e.foldWidgets[n-1]="",i<a?"start":""}}.call(o.prototype)}),ace.define("ace/mode/yaml",["require","exports","module","ace/lib/oop","ace/mode/text","ace/mode/yaml_highlight_rules","ace/mode/matching_brace_outdent","ace/mode/folding/yaml","ace/worker/worker_client"],function(e,t,n){"use strict";var r=e("../lib/oop"),i=e("./text").Mode,s=e("./yaml_highlight_rules").YamlHighlightRules,o=e("./matching_brace_outdent").MatchingBraceOutdent,u=e("./folding/yaml").FoldMode,a=e("../worker/worker_client").WorkerClient,f=function(){this.HighlightRules=s,this.$outdent=new o,this.foldingRules=new u,this.$behaviour=this.$defaultBehaviour};r.inherits(f,i),function(){this.lineCommentStart=["#"],this.getNextLineIndent=function(e,t,n){var r=this.$getIndent(t);if(e=="start"){var i=t.match(/^.*[\{\(\[]\s*$/);i&&(r+=n)}return r},this.checkOutdent=function(e,t,n){return this.$outdent.checkOutdent(t,n)},this.autoOutdent=function(e,t,n){this.$outdent.autoOutdent(t,n)},this.createWorker=function(e){var t=new a(["ace"],"ace/mode/yaml_worker","YamlWorker");return t.attachToDocument(e.getDocument()),t.on("annotate",function(t){e.setAnnotations(t.data)}),t.on("terminate",function(){e.clearAnnotations()}),t},this.$id="ace/mode/yaml"}.call(f.prototype),t.Mode=f});                (function() {
+                    ace.require(["ace/mode/yaml"], function(m) {
+                        if (typeof module == "object" && typeof exports == "object" && module) {
+                            module.exports = m;
+                        }
+                    });
+                })();
+            

data/lib/mihari/web/public/index.html

@@ -6,7 +6,7 @@
     <meta name="viewport" content="width=device-width,initial-scale=1.0" />
     <link rel="icon" href="/favicon.ico" />
     <title>Mihari</title>
-    <script type="module" crossorigin src="/assets/index-9cc489e6.js"></script>
+    <script type="module" crossorigin src="/assets/index-821134e2.js"></script>
     <link rel="stylesheet" href="/assets/index-56fc2187.css">
   </head>
   <body>

data/lib/mihari.rb

@@ -3,8 +3,6 @@
 # standard libs
 require "ipaddr"
 require "json"
-require "net/http"
-require "net/https"
 require "resolv"
 require "yaml"
 
@@ -35,7 +33,6 @@ require "addressable/uri"
 require "awrence"
 require "email_address"
 require "memist"
-require "net/ping"
 require "parallel"
 require "plissken"
 require "public_suffix"
@@ -60,52 +57,67 @@ require "mihari/mixins/error_notification"
 require "mihari/mixins/refang"
 require "mihari/mixins/retriable"
 
+#
+# Mihari module
+#
 module Mihari
   class << self
     include Memist::Memoizable
 
+    #
+    # @return [Array<Mihari::Emitters::Base>]
+    #
     def emitters
       []
     end
     memoize :emitters
 
     #
-    # @return [Hash<String, Mihari::Enrichers::Base>]
+    # @return [Hash{String => Mihari::Enrichers::Base}]
     #
     def emitter_to_class
       @emitter_to_class ||= emitters.flat_map do |klass|
-        klass.class_keys.map { |key| [key.downcase, klass] }
+        klass.class_keys.map { |key| [key, klass] }
       end.to_h
     end
 
+    #
+    # @return [Array<Mihari::Analyzers::Base>]
+    #
     def analyzers
       []
     end
     memoize :analyzers
 
     #
-    # @return [Hash<String, Mihari::Analyzers::Base>]
+    # @return [Hash{String => Mihari::Analyzers::Base}]
     #
     def analyzer_to_class
       @analyzer_to_class ||= analyzers.flat_map do |klass|
-        klass.class_keys.map { |key| [key.downcase, klass] }
+        klass.class_keys.map { |key| [key, klass] }
       end.to_h
     end
 
+    #
+    # @return [Array<Mihari::Enrichers::Base>]
+    #
     def enrichers
       []
     end
     memoize :enrichers
 
     #
-    # @return [Hash<String, Mihari::Enrichers::Base>]
+    # @return [Hash{String => Mihari::Enrichers::Base}]
     #
     def enricher_to_class
       @enricher_to_class ||= enrichers.flat_map do |klass|
-        klass.class_keys.map { |key| [key.downcase, klass] }
+        klass.class_keys.map { |key| [key, klass] }
       end.to_h
     end
 
+    #
+    # @return [Mihari::Config]
+    #
     def config
       @config ||= Config.new
     end
@@ -131,10 +143,14 @@ module Mihari
 end
 
 # Core classes
-require "mihari/base"
+require "mihari/service"
+
+require "mihari/actor"
+
 require "mihari/database"
 require "mihari/http"
 require "mihari/type_checker"
+require "mihari/rule"
 
 # Enrichers
 require "mihari/enrichers/base"
@@ -174,6 +190,7 @@ require "mihari/clients/censys"
 require "mihari/clients/circl"
 require "mihari/clients/crtsh"
 require "mihari/clients/dnstwister"
+require "mihari/clients/fofa"
 require "mihari/clients/greynoise"
 require "mihari/clients/hunterhow"
 require "mihari/clients/misp"
@@ -197,6 +214,7 @@ require "mihari/analyzers/circl"
 require "mihari/analyzers/crtsh"
 require "mihari/analyzers/dnstwister"
 require "mihari/analyzers/feed"
+require "mihari/analyzers/fofa"
 require "mihari/analyzers/greynoise"
 require "mihari/analyzers/hunterhow"
 require "mihari/analyzers/onyphe"
@@ -210,8 +228,6 @@ require "mihari/analyzers/virustotal_intelligence"
 require "mihari/analyzers/virustotal"
 require "mihari/analyzers/zoomeye"
 
-require "mihari/analyzers/rule"
-
 # Types
 require "mihari/types"
 
@@ -223,6 +239,7 @@ require "mihari/structs/binaryedge"
 require "mihari/structs/censys"
 require "mihari/structs/config"
 require "mihari/structs/filters"
+require "mihari/structs/fofa"
 require "mihari/structs/google_public_dns"
 require "mihari/structs/greynoise"
 require "mihari/structs/ipinfo"
@@ -234,6 +251,7 @@ require "mihari/structs/virustotal_intelligence"
 
 # Schemas
 require "mihari/schemas/macros"
+require "mihari/schemas/mixins"
 
 require "mihari/schemas/options"
 
@@ -243,7 +261,6 @@ require "mihari/schemas/rule"
 
 # Services
 require "mihari/services/rule_builder"
-require "mihari/services/rule_proxy"
 require "mihari/services/rule_runner"
 
 require "mihari/services/alert_builder"

data/mihari.gemspec

@@ -10,6 +10,10 @@ def ci_env?
   ENV["CI"]
 end
 
+def is_ruby2?
+  RUBY_VERSION.to_s.start_with?("2.")
+end
+
 Gem::Specification.new do |spec|
   spec.name = "mihari"
   spec.version = Mihari::VERSION
@@ -48,7 +52,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rb-fsevent", "~> 0.11"
   spec.add_development_dependency "rerun", "~> 0.14"
   spec.add_development_dependency "rspec", "~> 3.12"
-  spec.add_development_dependency "rubocop-rspec", "~> 2.24"
+  spec.add_development_dependency "rubocop-rspec", "~> 2.25"
   spec.add_development_dependency "simplecov-lcov", "~> 0.8"
   spec.add_development_dependency "standard", "~> 1.31"
   spec.add_development_dependency "test-prof", "~> 1.2"
@@ -56,6 +60,8 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "vcr", "~> 6.2"
   spec.add_development_dependency "webmock", "~> 3.19"
 
+  spec.add_development_dependency "rubocop-yard", "~> 0.7" unless is_ruby2?
+
   unless ci_env?
     spec.add_development_dependency "lefthook", "~> 1.5"
     spec.add_development_dependency "solargraph", "~> 0.49"
@@ -63,6 +69,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "activerecord", "7.1.1"
   spec.add_dependency "addressable", "2.8.5"
+  spec.add_dependency "anyway_config", "2.5.4"
   spec.add_dependency "awrence", "2.0.1"
   spec.add_dependency "dotenv", "2.8.1"
   spec.add_dependency "dry-container", "0.11.0"
@@ -80,7 +87,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency "jr-cli", "0.6.0"
   spec.add_dependency "launchy", "2.5.2"
   spec.add_dependency "memist", "2.0.2"
-  spec.add_dependency "net-ping", "2.0.8"
   spec.add_dependency "normalize_country", "0.3.2"
   spec.add_dependency "parallel", "1.23.0"
   spec.add_dependency "plissken", "2.0.1"
@@ -92,7 +98,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "semantic_logger", "4.14.0"
   spec.add_dependency "sentry-ruby", "5.12.0"
   spec.add_dependency "slack-notifier", "2.4.0"
-  spec.add_dependency "sqlite3", "1.6.7"
+  spec.add_dependency "sqlite3", "1.6.8"
   spec.add_dependency "thor", "1.3.0"
   spec.add_dependency "thor-hollaback", "0.2.1"
   spec.add_dependency "uuidtools", "2.2.0"

data/mkdocs.yml

@@ -29,6 +29,7 @@ markdown_extensions:
       permalink: true
   - admonition
   - pymdownx.details
-  - pymdownx.superfences
-  - pymdownx.highlight
   - pymdownx.extra
+  - pymdownx.highlight
+  - pymdownx.magiclink
+  - pymdownx.superfences

data/requirements.txt

@@ -1,2 +1,2 @@
 mkdocs==1.5.3
-mkdocs-material==9.4.6
+mkdocs-material==9.4.7

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 5.6.1
+  version: 5.7.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-10-23 00:00:00.000000000 Z
+date: 2023-11-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -184,14 +184,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.24'
+        version: '2.25'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.24'
+        version: '2.25'
 - !ruby/object:Gem::Dependency
   name: simplecov-lcov
   requirement: !ruby/object:Gem::Requirement
@@ -276,6 +276,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.19'
+- !ruby/object:Gem::Dependency
+  name: rubocop-yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
 - !ruby/object:Gem::Dependency
   name: lefthook
   requirement: !ruby/object:Gem::Requirement
@@ -332,6 +346,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.8.5
+- !ruby/object:Gem::Dependency
+  name: anyway_config
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.5.4
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.5.4
 - !ruby/object:Gem::Dependency
   name: awrence
   requirement: !ruby/object:Gem::Requirement
@@ -570,20 +598,6 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.0.2
-- !ruby/object:Gem::Dependency
-  name: net-ping
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 2.0.8
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 2.0.8
 - !ruby/object:Gem::Dependency
   name: normalize_country
   requirement: !ruby/object:Gem::Requirement
@@ -744,14 +758,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.7
+        version: 1.6.8
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.6.7
+        version: 1.6.8
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -849,6 +863,7 @@ files:
 - docs/analyzers/crtsh.md
 - docs/analyzers/dnstwister.md
 - docs/analyzers/feed.md
+- docs/analyzers/fofa.md
 - docs/analyzers/greynoise.md
 - docs/analyzers/hunterhow.md
 - docs/analyzers/index.md
@@ -970,6 +985,7 @@ files:
 - frontend/vitest.config.ts
 - lefthook.yml
 - lib/mihari.rb
+- lib/mihari/actor.rb
 - lib/mihari/analyzers/base.rb
 - lib/mihari/analyzers/binaryedge.rb
 - lib/mihari/analyzers/censys.rb
@@ -977,20 +993,19 @@ files:
 - lib/mihari/analyzers/crtsh.rb
 - lib/mihari/analyzers/dnstwister.rb
 - lib/mihari/analyzers/feed.rb
+- lib/mihari/analyzers/fofa.rb
 - lib/mihari/analyzers/greynoise.rb
 - lib/mihari/analyzers/hunterhow.rb
 - lib/mihari/analyzers/onyphe.rb
 - lib/mihari/analyzers/otx.rb
 - lib/mihari/analyzers/passivetotal.rb
 - lib/mihari/analyzers/pulsedive.rb
-- lib/mihari/analyzers/rule.rb
 - lib/mihari/analyzers/securitytrails.rb
 - lib/mihari/analyzers/shodan.rb
 - lib/mihari/analyzers/urlscan.rb
 - lib/mihari/analyzers/virustotal.rb
 - lib/mihari/analyzers/virustotal_intelligence.rb
 - lib/mihari/analyzers/zoomeye.rb
-- lib/mihari/base.rb
 - lib/mihari/cli/alert.rb
 - lib/mihari/cli/base.rb
 - lib/mihari/cli/database.rb
@@ -1002,6 +1017,7 @@ files:
 - lib/mihari/clients/circl.rb
 - lib/mihari/clients/crtsh.rb
 - lib/mihari/clients/dnstwister.rb
+- lib/mihari/clients/fofa.rb
 - lib/mihari/clients/greynoise.rb
 - lib/mihari/clients/hunterhow.rb
 - lib/mihari/clients/misp.rb
@@ -1071,23 +1087,26 @@ files:
 - lib/mihari/models/tag.rb
 - lib/mihari/models/tagging.rb
 - lib/mihari/models/whois.rb
+- lib/mihari/rule.rb
 - lib/mihari/schemas/alert.rb
 - lib/mihari/schemas/analyzer.rb
 - lib/mihari/schemas/emitter.rb
 - lib/mihari/schemas/enricher.rb
 - lib/mihari/schemas/macros.rb
+- lib/mihari/schemas/mixins.rb
 - lib/mihari/schemas/options.rb
 - lib/mihari/schemas/rule.rb
+- lib/mihari/service.rb
 - lib/mihari/services/alert_builder.rb
 - lib/mihari/services/alert_proxy.rb
 - lib/mihari/services/alert_runner.rb
 - lib/mihari/services/rule_builder.rb
-- lib/mihari/services/rule_proxy.rb
 - lib/mihari/services/rule_runner.rb
 - lib/mihari/structs/binaryedge.rb
 - lib/mihari/structs/censys.rb
 - lib/mihari/structs/config.rb
 - lib/mihari/structs/filters.rb
+- lib/mihari/structs/fofa.rb
 - lib/mihari/structs/google_public_dns.rb
 - lib/mihari/structs/greynoise.rb
 - lib/mihari/structs/hunterhow.rb
@@ -1096,7 +1115,6 @@ files:
 - lib/mihari/structs/shodan.rb
 - lib/mihari/structs/urlscan.rb
 - lib/mihari/structs/virustotal_intelligence.rb
-- lib/mihari/templates/rule.yml.erb
 - lib/mihari/type_checker.rb
 - lib/mihari/types.rb
 - lib/mihari/version.rb
@@ -1111,8 +1129,8 @@ files:
 - lib/mihari/web/middleware/connection_adapter.rb
 - lib/mihari/web/middleware/error_notification_adapter.rb
 - lib/mihari/web/public/assets/index-56fc2187.css
-- lib/mihari/web/public/assets/index-9cc489e6.js
-- lib/mihari/web/public/assets/mode-yaml-a21faa53.js
+- lib/mihari/web/public/assets/index-821134e2.js
+- lib/mihari/web/public/assets/mode-yaml-24faa242.js
 - lib/mihari/web/public/favicon.ico
 - lib/mihari/web/public/index.html
 - lib/mihari/web/public/redoc-static.html

data/lib/mihari/analyzers/rule.rb

@@ -1,232 +0,0 @@
-# frozen_string_literal: true
-
-module Mihari
-  module Analyzers
-    class Rule
-      include Mixins::FalsePositive
-
-      # @return [Mihari::Services::RuleProxy]
-      attr_reader :rule
-
-      # @return [Time]
-      attr_reader :base_time
-
-      #
-      # @param [Mihari::Services::RuleProxy] rule
-      #
-      def initialize(rule)
-        @rule = rule
-        @base_time = Time.now.utc
-
-        validate_analyzer_configurations
-      end
-
-      #
-      # Returns a list of artifacts matched with queries/analyzers (with the rule ID)
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def artifacts
-        analyzers.flat_map do |analyzer|
-          result = analyzer.result
-
-          raise result.failure if result.failure? && !analyzer.ignore_error?
-
-          artifacts = result.value!
-          artifacts.map do |artifact|
-            artifact.rule_id = rule.id
-            artifact
-          end
-        end
-      end
-
-      #
-      # Normalize artifacts
-      # - Reject invalid artifacts (for just in case)
-      # - Select artifacts with allowed data types
-      # - Reject artifacts with false positive values
-      # - Set rule ID
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def normalized_artifacts
-        valid_artifacts = artifacts.uniq(&:data).select(&:valid?)
-        date_type_allowed_artifacts = valid_artifacts.select { |artifact| rule.data_types.include? artifact.data_type }
-        date_type_allowed_artifacts.reject { |artifact| falsepositive? artifact.data }
-      end
-
-      #
-      # Uniquify artifacts (assure rule level uniqueness)
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def unique_artifacts
-        normalized_artifacts.select do |artifact|
-          artifact.unique?(base_time: base_time, artifact_lifetime: rule.artifact_lifetime)
-        end
-      end
-
-      #
-      # Enriched artifacts
-      #
-      # @return [Array<Mihari::Artifact>]
-      #
-      def enriched_artifacts
-        @enriched_artifacts ||= Parallel.map(unique_artifacts) do |artifact|
-          enrichers.each { |enricher| artifact.enrich_by_enricher enricher }
-          artifact
-        end
-      end
-
-      #
-      # Bulk emit
-      #
-      # @return [Array<Mihari::Alert>]
-      #
-      def bulk_emit
-        return [] if enriched_artifacts.empty?
-
-        # NOTE: separate parallel execution and logging
-        #       because the logger does not work along with Parallel
-        results = Parallel.map(valid_emitters) do |emitter|
-          emitter.result
-        end
-
-        results.zip(valid_emitters).map do |result_and_emitter|
-          result, emitter = result_and_emitter
-
-          Mihari.logger.info "Emission by #{emitter.class} is failed: #{result.failure}" if result.failure?
-          Mihari.logger.info "Emission by #{emitter.class} is succeeded" if result.success?
-
-          result.value_or nil
-        end.compact
-      end
-
-      #
-      # Set artifacts & run emitters in parallel
-      #
-      # @return [Mihari::Alert, nil]
-      #
-      def run
-        alert_or_something = bulk_emit
-        # returns Mihari::Alert created by the database emitter
-        alert_or_something.find { |res| res.is_a?(Mihari::Alert) }
-      end
-
-      private
-
-      #
-      # Check whether a value is a falsepositive value or not
-      #
-      # @return [Boolean]
-      #
-      def falsepositive?(value)
-        return true if rule.falsepositives.include?(value)
-
-        regexps = rule.falsepositives.select { |fp| fp.is_a?(Regexp) }
-        regexps.any? { |fp| fp.match?(value) }
-      end
-
-      #
-      # Get analyzer class
-      #
-      # @param [String] key
-      #
-      # @return [Class<Mihari::Analyzers::Base>] analyzer class
-      #
-      def get_analyzer_class(key)
-        raise ArgumentError, "#{key} is not supported" unless Mihari.analyzer_to_class.key?(key)
-
-        Mihari.analyzer_to_class[key]
-      end
-
-      #
-      # @return [Array<Mihari::Analyzers::Base>]
-      #
-      def analyzers
-        rule.queries.map do |query_params|
-          analyzer_name = query_params[:analyzer]
-          klass = get_analyzer_class(analyzer_name)
-          klass.from_query(query_params)
-        end
-      end
-
-      #
-      # Get emitter class
-      #
-      # @param [String] key
-      #
-      # @return [Class<Mihari::Emitters::Base>] emitter class
-      #
-      def get_emitter_class(key)
-        raise ArgumentError, "#{key} is not supported" unless Mihari.emitter_to_class.key?(key)
-
-        Mihari.emitter_to_class[key]
-      end
-
-      #
-      # @return [Array<Mihari::Emitters::Base>]
-      #
-      def emitters
-        rule.emitters.map(&:deep_dup).map do |params|
-          name = params[:emitter]
-          options = params[:options]
-
-          %i[emitter options].each { |key| params.delete key }
-
-          klass = get_emitter_class(name)
-          klass.new(artifacts: enriched_artifacts, rule: rule, options: options, **params)
-        end
-      end
-
-      #
-      # @return [Array<Mihari::Emitters::Base>]
-      #
-      def valid_emitters
-        @valid_emitters ||= emitters.select(&:valid?)
-      end
-
-      #
-      # Get enricher class
-      #
-      # @param [String] key
-      #
-      # @return [Class<Mihari::Enrichers::Base>] enricher class
-      #
-      def get_enricher_class(key)
-        raise ArgumentError, "#{key} is not supported" unless Mihari.enricher_to_class.key?(key)
-
-        Mihari.enricher_to_class[key]
-      end
-
-      #
-      # @return [Array<Mihari::Enrichers::Base>] enrichers
-      #
-      def enrichers
-        @enrichers ||= rule.enrichers.map(&:deep_dup).map do |params|
-          name = params[:enricher]
-          options = params[:options]
-
-          %i[enricher options].each { |key| params.delete key }
-
-          klass = get_enricher_class(name)
-          klass.new(options: options, **params)
-        end
-      end
-
-      #
-      # Validate configuration of analyzers
-      #
-      def validate_analyzer_configurations
-        analyzers.map do |analyzer|
-          next if analyzer.configured?
-
-          joined = analyzer.configuration_keys.join(", ")
-          be = (analyzer.configuration_keys.length > 1) ? "are" : "is"
-          message = "#{analyzer.class.class_key} is not configured correctly. #{joined} #{be} missing."
-          raise ConfigurationError, message
-        end
-      end
-    end
-  end
-end