mihari 5.6.1 → 5.7.0

data/frontend/package.json

@@ -19,8 +19,8 @@
     "@fortawesome/vue-fontawesome": "^3.0.3",
     "@vueuse/core": "^10.5.0",
     "@vueuse/router": "^10.5.0",
-    "ace-builds": "^1.30.0",
-    "axios": "^1.5.1",
+    "ace-builds": "^1.31.1",
+    "axios": "^1.6.0",
     "bulma": "^0.9.4",
     "bulma-helpers": "^0.4.3",
     "dayjs": "^1.11.10",
@@ -30,21 +30,21 @@
     "ts-dedent": "^2.2.0",
     "url-parse": "^1.5.10",
     "uuidv4": "^6.2.13",
-    "vue": "^3.3.6",
+    "vue": "^3.3.7",
     "vue-concurrency": "4.0.1",
     "vue-json-pretty": "^2.2.4",
     "vue-router": "^4.2.5",
-    "vue3-ace-editor": "^2.2.3"
+    "vue3-ace-editor": "^2.2.4"
   },
   "devDependencies": {
-    "@redocly/cli": "1.3.0",
+    "@redocly/cli": "1.4.0",
     "@rushstack/eslint-patch": "^1.5.1",
     "@tsconfig/node20": "^20.1.2",
     "@types/jsdom": "^21.1.4",
-    "@types/node": "^20.8.7",
+    "@types/node": "^20.8.10",
     "@types/url-parse": "^1.4.10",
-    "@typescript-eslint/eslint-plugin": "^6.8.0",
-    "@typescript-eslint/parser": "^6.8.0",
+    "@typescript-eslint/eslint-plugin": "^6.9.1",
+    "@typescript-eslint/parser": "^6.9.1",
     "@vitejs/plugin-vue": "^4.4.0",
     "@vue/eslint-config-prettier": "^8.0.0",
     "@vue/eslint-config-typescript": "^12.0.0",
@@ -54,7 +54,7 @@
     "eslint-config-prettier": "^9.0.0",
     "eslint-plugin-prettier": "^5.0.1",
     "eslint-plugin-simple-import-sort": "^10.0.0",
-    "eslint-plugin-vue": "^9.17.0",
+    "eslint-plugin-vue": "^9.18.1",
     "husky": "^8.0.3",
     "jsdom": "^22.1.0",
     "npm-run-all": "^4.1.5",
@@ -62,6 +62,6 @@
     "typescript": "~5.2.2",
     "vite": "^4.5.0",
     "vitest": "^0.34.6",
-    "vue-tsc": "^1.8.19"
+    "vue-tsc": "^1.8.22"
   }
 }

data/frontend/src/components/alert/Form.vue

@@ -124,24 +124,11 @@ export default defineComponent({
 
     const artifact = ref<string | undefined>(undefined)
     const fromAt = ref<string | undefined>(undefined)
-    const tagInput = toRef(props, "tag")
+    const tagInput = ref<string | undefined>(props.tag)
     const ruleId = ref<string | undefined>(undefined)
     const toAt = ref<string | undefined>(undefined)
-    const asn = ref<number | undefined>(undefined)
-    const dnsRecord = ref<string | undefined>(undefined)
-    const reverseDnsName = ref<string | undefined>(undefined)
 
     const updateByQueryParams = () => {
-      const asn_ = route.query["asn"]
-      const normalizedAsn = normalizeQueryParam(asn_)
-      asn.value = normalizedAsn === undefined ? undefined : parseInt(normalizedAsn)
-
-      const dnsRecord_ = route.query["dnsRecord"]
-      dnsRecord.value = normalizeQueryParam(dnsRecord_)
-
-      const reverseDnsName_ = route.query["reverseDnsName"]
-      reverseDnsName.value = normalizeQueryParam(reverseDnsName_)
-
       const tag_ = route.query["tag"]
       if (tagInput.value === undefined) {
         tagInput.value = normalizeQueryParam(tag_)

data/frontend/src/components/artifact/AS.vue

@@ -1,14 +1,8 @@
 <template>
   <div class="tags are-medium">
-    <router-link
-      class="tag"
-      :to="{
-        name: 'Alerts',
-        query: { asn: autonomousSystem.asn }
-      }"
-    >
+    <span class="tag">
       {{ autonomousSystem.asn }}
-    </router-link>
+    </span>
   </div>
 </template>
 

data/frontend/src/components/artifact/DnsRecords.vue

@@ -3,15 +3,9 @@
     <div class="control" v-for="(dnsRecord, index) in dnsRecords" :key="index">
       <div class="tags has-addons are-medium">
         <span class="tag is-dark"> {{ dnsRecord.resource }}</span>
-        <router-link
-          class="tag"
-          :to="{
-            name: 'Alerts',
-            query: { dnsRecord: dnsRecord.value }
-          }"
-        >
+        <span class="tag">
           {{ truncate(dnsRecord.value, 50) }}
-        </router-link>
+        </span>
       </div>
     </div>
   </div>

data/frontend/src/components/artifact/ReverseDnsNames.vue

@@ -1,16 +1,8 @@
 <template>
   <div class="tags are-medium">
-    <router-link
-      class="tag"
-      v-for="reverseDnsName in reverseDnsNames"
-      :key="reverseDnsName.name"
-      :to="{
-        name: 'Alerts',
-        query: { reverseDnsName: reverseDnsName.name }
-      }"
-    >
+    <span class="tag" v-for="reverseDnsName in reverseDnsNames" :key="reverseDnsName.name">
       {{ reverseDnsName.name }}
-    </router-link>
+    </span>
   </div>
 </template>
 

data/frontend/src/components/artifact/WhoisRecord.vue

@@ -20,7 +20,7 @@
     </div>
     <div class="control">
       <div class="tags has-addons are-medium">
-        <span class="tag is-dark">Exipres on</span>
+        <span class="tag is-dark">Expires on</span>
         <span class="tag is-light">{{ whoisRecord.expiresOn || "N/A" }}</span>
       </div>
     </div>

data/lib/mihari/{base.rb → actor.rb}

@@ -4,14 +4,19 @@ module Mihari
   #
   # Base class for Analyzer, Emitter and Enricher
   #
-  class Base
+  class Actor < Service
+    include Mixins::Configurable
+    include Mixins::Retriable
+
     # @return [Hash]
     attr_reader :options
 
     #
     # @param [Hash, nil] options
     #
-    def initialize(*_args, options: nil, **_kwargs)
+    def initialize(options: nil)
+      super()
+
       @options = options || {}
     end
 
@@ -43,6 +48,25 @@ module Mihari
       options[:timeout]
     end
 
+    def validate_configuration!
+      return if configured?
+
+      joined = configuration_keys.join(", ")
+      be = (configuration_keys.length > 1) ? "are" : "is"
+      message = "#{self.class.class_key} is not configured correctly. #{joined} #{be} missing."
+      raise ConfigurationError, message
+    end
+
+    def result
+      Try[StandardError] do
+        retry_on_error(
+          times: retry_times,
+          interval: retry_interval,
+          exponential_backoff: retry_exponential_backoff
+        ) { call }
+      end.to_result
+    end
+
     class << self
       #
       # @return [String]
@@ -62,7 +86,7 @@ module Mihari
       # @return [Array<String>]
       #
       def class_keys
-        ([class_key] + [class_key_aliases]).flatten.compact
+        ([class_key] + [class_key_aliases]).flatten.compact.map(&:downcase)
       end
     end
   end

data/lib/mihari/analyzers/base.rb

@@ -2,12 +2,10 @@
 
 module Mihari
   module Analyzers
-    class Base < Mihari::Base
-      include Dry::Monads[:result, :try]
-
-      include Mixins::Configurable
-      include Mixins::Retriable
-
+    #
+    # Base class for analyzers
+    #
+    class Base < Actor
       # @return [String]
       attr_reader :query
 
@@ -45,7 +43,7 @@ module Mihari
         Mihari.config.ignore_error
       end
 
-      # @return [Array<String>, Array<Mihari::Artifact>]
+      # @return [Array<String>, Array<Mihari::Models::Artifact>]
       def artifacts
         raise NotImplementedError, "You must implement #{self.class}##{__method__}"
       end
@@ -55,25 +53,23 @@ module Mihari
       # - Convert data (string) into an artifact
       # - Reject an invalid artifact
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def normalized_artifacts
-        retry_on_error(times: retry_times, interval: retry_interval, exponential_backoff: retry_exponential_backoff) do
-          artifacts.compact.sort.map do |artifact|
-            # No need to set data_type manually
-            # It is set automatically in #initialize
-            artifact = artifact.is_a?(Artifact) ? artifact : Artifact.new(data: artifact)
-            artifact.source = self.class.class_key
-            artifact
-          end.select(&:valid?).uniq(&:data)
-        end
+        artifacts.compact.sort.map do |artifact|
+          # No need to set data_type manually
+          # It is set automatically in #initialize
+          artifact = artifact.is_a?(Models::Artifact) ? artifact : Models::Artifact.new(data: artifact)
+          artifact.source = self.class.class_key
+          artifact
+        end.select(&:valid?).uniq(&:data)
       end
 
       #
-      # @return [Dry::Monads::Result::Success<Array<Mihari::Artifact>>, Dry::Monads::Result::Failure]
+      # @return [Array<Mihari::Models::Artifact>]
       #
-      def result
-        Try[StandardError] { normalized_artifacts }.to_result
+      def call
+        normalized_artifacts
       end
 
       class << self

data/lib/mihari/analyzers/binaryedge.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # BinaryEdge analyzer
+    #
     class BinaryEdge < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -32,7 +35,7 @@ module Mihari
       # @return [Mihari::Clients::BinaryEdge]
       #
       def client
-        @client ||= Clients::BinaryEdge.new(
+        Clients::BinaryEdge.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/censys.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # Censys analyzer
+    #
     class Censys < Base
       # @return [String, nil]
       attr_reader :id
@@ -12,7 +15,6 @@ module Mihari
       #
       # @param [String] query
       # @param [hash, nil] options
-      # @param [String, nil] api_key
       # @param [String, nil] id
       # @param [String, nil] secret
       #
@@ -24,7 +26,7 @@ module Mihari
       end
 
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def artifacts
         client.search_with_pagination(query, pagination_limit: pagination_limit).map do |res|
@@ -52,7 +54,7 @@ module Mihari
       # @return [Mihari::Clients::Censys]
       #
       def client
-        @client ||= Clients::Censys.new(
+        Clients::Censys.new(
           id: id,
           secret: secret,
           pagination_interval: pagination_interval,

data/lib/mihari/analyzers/circl.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # CIRCL passive DNS/SSL analyzer
+    #
     class CIRCL < Base
       include Mixins::Refang
 
@@ -51,7 +54,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::CIRCL.new(username: username, password: password, timeout: timeout)
+        Clients::CIRCL.new(username: username, password: password, timeout: timeout)
       end
 
       def username?

data/lib/mihari/analyzers/crtsh.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # crt.sh analyzer
+    #
     class Crtsh < Base
       # @return [Boolean]
       attr_reader :exclude_expired
@@ -28,7 +31,7 @@ module Mihari
       # @return [Mihari::Clients::Crtsh]
       #
       def client
-        @client ||= Mihari::Clients::Crtsh.new(timeout: timeout)
+        Mihari::Clients::Crtsh.new(timeout: timeout)
       end
     end
   end

data/lib/mihari/analyzers/dnstwister.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # DNSTwister analyzer
+    #
     class DNSTwister < Base
       include Mixins::Refang
 
@@ -39,7 +42,7 @@ module Mihari
       end
 
       def client
-        @client ||= Clients::DNSTwister.new(timeout: timeout)
+        Clients::DNSTwister.new(timeout: timeout)
       end
 
       #

data/lib/mihari/analyzers/feed.rb

@@ -5,6 +5,9 @@ require "mihari/feed/parser"
 
 module Mihari
   module Analyzers
+    #
+    # Feed analyzer
+    #
     class Feed < Base
       # @return [Hash, nil]
       attr_reader :data

data/lib/mihari/analyzers/fofa.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Analyzers
+    #
+    # Fofa analyzer
+    #
+    class Fofa < Base
+      # @return [String, nil]
+      attr_reader :api_key
+
+      # @return [String, nil]
+      attr_reader :email
+
+      #
+      # @param [String] query
+      # @param [Hash, nil] options
+      # @param [String, nil] api_key
+      # @param [String, nil] email
+      #
+      def initialize(query, options: nil, api_key: nil, email: nil)
+        super(query, options: options)
+
+        @api_key = api_key || Mihari.config.fofa_api_key
+        @email = email || Mihari.config.fofa_email
+      end
+
+      def artifacts
+        client.search_with_pagination(query, pagination_limit: pagination_limit).map do |res|
+          (res.results || []).map { |result| result[1] }
+        end.flatten.compact
+      end
+
+      def configuration_keys
+        %w[fofa_api_key fofa_email]
+      end
+
+      def configured?
+        api_key? && email?
+      end
+
+      private
+
+      def api_key?
+        !api_key.nil?
+      end
+
+      def email?
+        !email.nil?
+      end
+
+      #
+      # @return [Mihari::Clients::Fofa]
+      #
+      def client
+        Clients::Fofa.new(
+          api_key: api_key,
+          email: email,
+          pagination_interval: pagination_interval,
+          timeout: timeout
+        )
+      end
+    end
+  end
+end

data/lib/mihari/analyzers/greynoise.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # GreyNoise analyzer
+    #
     class GreyNoise < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -31,7 +34,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::GreyNoise.new(
+        Clients::GreyNoise.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/hunterhow.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # hunter.how analyzer
+    #
     class HunterHow < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -14,6 +17,8 @@ module Mihari
 
       #
       # @param [String] query
+      # @param [Date] start_time
+      # @param [Date] end_time
       # @param [Hash, nil] options
       # @param [String, nil] api_key
       #
@@ -27,7 +32,7 @@ module Mihari
       end
 
       #
-      # @return [Array<Mihari::Artifact>]
+      # @return [Array<Mihari::Models::Artifact>]
       #
       def artifacts
         client.search_with_pagination(
@@ -46,7 +51,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::HunterHow.new(
+        Clients::HunterHow.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/onyphe.rb

@@ -4,6 +4,9 @@ require "normalize_country"
 
 module Mihari
   module Analyzers
+    #
+    # Onyphe analyzer
+    #
     class Onyphe < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -33,7 +36,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::Onyphe.new(
+        Clients::Onyphe.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/otx.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # OTX analyzer
+    #
     class OTX < Base
       include Mixins::Refang
 
@@ -42,7 +45,7 @@ module Mihari
       private
 
       def client
-        @client ||= Mihari::Clients::OTX.new(api_key: api_key, timeout: timeout)
+        Mihari::Clients::OTX.new(api_key: api_key, timeout: timeout)
       end
 
       #

data/lib/mihari/analyzers/passivetotal.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # PassiveTotal analyzer
+    #
     class PassiveTotal < Base
       include Mixins::Refang
 
@@ -54,7 +57,7 @@ module Mihari
         #
         # @return [Array<String>, nil]
         #
-        def key_aliases
+        def class_key_aliases
           ["pt"]
         end
       end
@@ -62,7 +65,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::PassiveTotal.new(username: username, api_key: api_key, timeout: timeout)
+        Clients::PassiveTotal.new(username: username, api_key: api_key, timeout: timeout)
       end
 
       #

data/lib/mihari/analyzers/pulsedive.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # Pulsedive analyzer
+    #
     class Pulsedive < Base
       include Mixins::Refang
 
@@ -35,7 +38,7 @@ module Mihari
             nil
           else
             data = property["value"]
-            Artifact.new(data: data, metadata: property)
+            Models::Artifact.new(data: data, metadata: property)
           end
         end
       end

data/lib/mihari/analyzers/securitytrails.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # SecurityTrails
+    #
     class SecurityTrails < Base
       include Mixins::Refang
 
@@ -48,7 +51,7 @@ module Mihari
         #
         # @return [Array<String>, nil]
         #
-        def key_aliases
+        def class_key_aliases
           ["st"]
         end
       end
@@ -56,7 +59,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::SecurityTrails.new(api_key: api_key, timeout: timeout)
+        Clients::SecurityTrails.new(api_key: api_key, timeout: timeout)
       end
 
       #

data/lib/mihari/analyzers/shodan.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # Shodan analyzer
+    #
     class Shodan < Base
       # @return [String, nil]
       attr_reader :api_key
@@ -34,7 +37,7 @@ module Mihari
       # @return [Clients::Shodan]
       #
       def client
-        @client ||= Clients::Shodan.new(
+        Clients::Shodan.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout

data/lib/mihari/analyzers/urlscan.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Analyzers
+    #
+    # urlscan.io analyzer
+    #
     class Urlscan < Base
       SUPPORTED_DATA_TYPES = %w[url domain ip].freeze
 
@@ -29,7 +32,7 @@ module Mihari
       end
 
       def artifacts
-        # @type [Array<Mihari::Artifact>]
+        # @type [Array<Mihari::Models::Artifact>]
         artifacts = client.search_with_pagination(query, pagination_limit: pagination_limit).map(&:artifacts).flatten
 
         artifacts.select do |artifact|
@@ -44,7 +47,7 @@ module Mihari
       private
 
       def client
-        @client ||= Clients::UrlScan.new(
+        Clients::Urlscan.new(
           api_key: api_key,
           pagination_interval: pagination_interval,
           timeout: timeout