mihari 5.6.2 → 5.7.0

data/lib/mihari/models/geolocation.rb

@@ -4,6 +4,9 @@ require "normalize_country"
 
 module Mihari
   module Models
+    #
+    # Geolocation model
+    #
     class Geolocation < ActiveRecord::Base
       belongs_to :artifact
 
@@ -19,7 +22,7 @@ module Mihari
         # @return [Mihari::Geolocation, nil]
         #
         def build_by_ip(ip, enricher: Enrichers::IPInfo.new)
-          result = enricher.query_result(ip).bind do |res|
+          result = enricher.result(ip).bind do |res|
             value = res&.country_code
             if value.nil?
               Success nil

data/lib/mihari/models/port.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Models
+    #
+    # Port model
+    #
     class Port < ActiveRecord::Base
       belongs_to :artifact
 
@@ -17,7 +20,7 @@ module Mihari
         # @return [Array<Mihari::Port>]
         #
         def build_by_ip(ip, enricher: Enrichers::Shodan.new)
-          result = enricher.query_result(ip).bind do |res|
+          result = enricher.result(ip).bind do |res|
             if res.nil?
               Success []
             else

data/lib/mihari/models/reverse_dns.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Models
+    #
+    # Reverse DNS name model
+    #
     class ReverseDnsName < ActiveRecord::Base
       belongs_to :artifact
 
@@ -17,7 +20,7 @@ module Mihari
         # @return [Array<Mihari::Models::ReverseDnsName>]
         #
         def build_by_ip(ip, enricher: Enrichers::Shodan.new)
-          result = enricher.query_result(ip).bind do |res|
+          result = enricher.result(ip).bind do |res|
             if res.nil?
               Success []
             else

data/lib/mihari/models/rule.rb

@@ -4,6 +4,9 @@ require "yaml"
 
 module Mihari
   module Models
+    #
+    # Rule model
+    #
     class Rule < ActiveRecord::Base
       has_many :alerts, dependent: :destroy
 
@@ -23,7 +26,7 @@ module Mihari
         #
         # Search rules
         #
-        # @param [Structs::Filters::Rule::SearchFilterWithPagination] filter
+        # @param [Mihari::Structs::Filters::Rule::SearchFilterWithPagination] filter
         #
         # @return [Array<Rule>]
         #
@@ -46,7 +49,7 @@ module Mihari
         #
         # Count alerts
         #
-        # @param [Structs::Filters::Rule::SearchFilterWithPagination] filter
+        # @param [Mihari::Structs::Filters::Rule::SearchFilterWithPagination] filter
         #
         # @return [Integer]
         #
@@ -58,7 +61,7 @@ module Mihari
         private
 
         #
-        # @param [Structs::Filters::Rule::SearchFilter] filter
+        # @param [Mihari::Structs::Filters::Rule::SearchFilter] filter
         #
         # @return [Mihari::Models::Rule]
         #

data/lib/mihari/models/tag.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Models
+    #
+    # Tag model
+    #
     class Tag < ActiveRecord::Base
       has_many :taggings, dependent: :destroy
       has_many :tags, through: :taggings

data/lib/mihari/models/tagging.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Models
+    #
+    # Tagging model
+    #
     class Tagging < ActiveRecord::Base
       belongs_to :alert
       belongs_to :tag

data/lib/mihari/models/whois.rb

@@ -2,14 +2,15 @@
 
 module Mihari
   module Models
+    #
+    # Whois record model
+    #
     class WhoisRecord < ActiveRecord::Base
       belongs_to :artifact
 
       @memo = {}
 
       class << self
-        include Dry::Monads[:result]
-
         #
         # Build whois record
         #
@@ -19,7 +20,7 @@ module Mihari
         # @return [WhoisRecord, nil]
         #
         def build_by_domain(domain, enricher: Enrichers::Whois.new)
-          result = enricher.query_result(domain)
+          result = enricher.result(domain)
           result.value_or nil
         end
       end

data/lib/mihari/rule.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Mihari
-  class Rule
+  class Rule < Service
     include Mixins::FalsePositive
 
     # @return [Hash]
@@ -19,6 +19,8 @@ module Mihari
     # @param [Hash] data
     #
     def initialize(**data)
+      super()
+
       @data = data.deep_symbolize_keys
       @errors = nil
       @base_time = Time.now.utc
@@ -109,16 +111,19 @@ module Mihari
     #
     def artifacts
       analyzers.flat_map do |analyzer|
+        # @type [Dry::Monads::Result::Success<Array<Mihari::Models::Artifact>>, Dry::Monads::Result::Failure]
         result = analyzer.result
 
-        raise result.failure if result.failure? && !analyzer.ignore_error?
-
-        artifacts = result.value!
-        artifacts.map do |artifact|
-          artifact.rule_id = id
-          artifact
+        if result.failure?
+          raise result.failure unless analyzer.ignore_error?
+        else
+          artifacts = result.value!
+          artifacts.map do |artifact|
+            artifact.rule_id = id
+            artifact
+          end
         end
-      end
+      end.compact
     end
 
     #
@@ -169,7 +174,7 @@ module Mihari
 
       # NOTE: separate parallel execution and logging
       #       because the logger does not work along with Parallel
-      results = Parallel.map(emitters) { |emitter| emitter.emit_result(enriched_artifacts) }
+      results = Parallel.map(emitters) { |emitter| emitter.result enriched_artifacts }
       results.zip(emitters).map do |result_and_emitter|
         result, emitter = result_and_emitter
         Mihari.logger.info "Emission by #{emitter.class} is failed: #{result.failure}" if result.failure?
@@ -183,7 +188,7 @@ module Mihari
     #
     # @return [Mihari::Models::Alert, nil]
     #
-    def run
+    def call
       # Validate analyzers & emitters before using them
       analyzers
       emitters
@@ -219,7 +224,7 @@ module Mihari
       #
       # @param [String] yaml
       #
-      # @return [Mihari::Services::Rule]
+      # @return [Mihari::Rule]
       #
       def from_yaml(yaml)
         data = YAML.safe_load(ERB.new(yaml).result, permitted_classes: [Date, Symbol])
@@ -229,7 +234,7 @@ module Mihari
       #
       # @param [Mihari::Models::Rule] model
       #
-      # @return [Mihari::Services::Rule]
+      # @return [Mihari::Rule]
       #
       def from_model(model)
         new(**model.data)

data/lib/mihari/schemas/alert.rb

@@ -7,6 +7,9 @@ module Mihari
       required(:artifacts).value(array[:string])
     end
 
+    #
+    # Alert schema contract
+    #
     class AlertContract < Dry::Validation::Contract
       params(Alert)
     end

data/lib/mihari/schemas/analyzer.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Schemas
+    #
+    # Analyzer schemas
+    #
     module Analyzers
       extend Schemas::Mixins
 
@@ -61,6 +64,14 @@ module Mihari
         optional(:options).hash(AnalyzerOptions)
       end
 
+      Fofa = Dry::Schema.Params do
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Fofa.class_keys))
+        required(:query).value(:string)
+        optional(:api_key).value(:string)
+        optional(:email).value(:string)
+        optional(:options).hash(AnalyzerPaginationOptions)
+      end
+
       PassiveTotal = Dry::Schema.Params do
         required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::PassiveTotal.class_keys))
         required(:query).value(:string)

data/lib/mihari/schemas/emitter.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Schemas
+    #
+    # Emitter schemas
+    #
     module Emitters
       extend Schemas::Mixins
 

data/lib/mihari/schemas/enricher.rb

@@ -2,6 +2,9 @@
 
 module Mihari
   module Schemas
+    #
+    # Enricher schemas
+    #
     module Enrichers
       extend Schemas::Mixins
 

data/lib/mihari/schemas/macros.rb

@@ -3,6 +3,10 @@
 module Dry
   module Schema
     module Macros
+      #
+      # Macros DSL for options with default values
+      # (see https://github.com/dry-rb/dry-schema/issues/70)
+      #
       class DSL
         def default(value)
           schema_dsl.before(:rule_applier) do |result|

data/lib/mihari/schemas/mixins.rb

@@ -1,5 +1,10 @@
+# frozen_string_literal: true
+
 module Mihari
   module Schemas
+    #
+    # Mixins for schemas
+    #
     module Mixins
       def get_or_composition
         schemas = constants.map { |sym| const_get sym }

data/lib/mihari/schemas/rule.rb

@@ -33,6 +33,9 @@ module Mihari
       optional(:artifact_ttl).value(:integer)
     end
 
+    #
+    # Rule schema contract
+    #
     class RuleContract < Dry::Validation::Contract
       include Mihari::Mixins::FalsePositive
 

data/lib/mihari/service.rb

@@ -0,0 +1,16 @@
+module Mihari
+  #
+  # Base class for services
+  #
+  class Service
+    include Dry::Monads[:result, :try]
+
+    def call(*args, **kwargs)
+      raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+    end
+
+    def result
+      Try[StandardError] { call }.to_result
+    end
+  end
+end

data/lib/mihari/services/alert_builder.rb

@@ -8,9 +8,10 @@ require "yaml"
 
 module Mihari
   module Services
-    class AlertBuilder
-      include Dry::Monads[:result, :try]
-
+    #
+    # Alert builder
+    #
+    class AlertBuilder < Service
       # @return [String]
       attr_reader :path
 
@@ -20,6 +21,8 @@ module Mihari
       # @param [String] path
       #
       def initialize(path)
+        super()
+
         @path = path
       end
 
@@ -35,8 +38,8 @@ module Mihari
         )
       end
 
-      def result
-        Try[StandardError] { AlertProxy.new(**data) }.to_result
+      def call
+        AlertProxy.new(**data)
       end
     end
   end

data/lib/mihari/services/alert_proxy.rb

@@ -4,7 +4,10 @@ require "json"
 
 module Mihari
   module Services
-    class AlertProxy
+    #
+    # Alert proxy
+    #
+    class AlertProxy < Service
       # @return [Hash]
       attr_reader :data
 
@@ -17,6 +20,8 @@ module Mihari
       # @param [Hash] data
       #
       def initialize(**data)
+        super()
+
         @data = data.deep_symbolize_keys
         @errors = nil
 

data/lib/mihari/services/alert_runner.rb

@@ -2,29 +2,25 @@
 
 module Mihari
   module Services
-    class AlertRunner
-      include Dry::Monads[:result, :try]
-
+    #
+    # Alert runner
+    #
+    class AlertRunner < Service
       # @return [Mihari::Services::AlertProxy]
       attr_reader :alert
 
       def initialize(alert)
+        super()
+
         @alert = alert
       end
 
       #
       # @return [Mihari::Models::Alert]
       #
-      def run
+      def call
         emitter = Emitters::Database.new(rule: alert.rule)
-        emitter.emit alert.artifacts
-      end
-
-      #
-      # @return [Dry::Monads::Result::Success<Mihari::Models::Alert, nil>, Dry::Monads::Result::Failure]
-      #
-      def result
-        Try[StandardError] { run }.to_result
+        emitter.call alert.artifacts
       end
     end
   end

data/lib/mihari/services/rule_builder.rb

@@ -7,9 +7,10 @@ require "yaml"
 
 module Mihari
   module Services
-    class RuleBuilder
-      include Dry::Monads[:result, :try]
-
+    #
+    # Rule builder
+    #
+    class RuleBuilder < Service
       # @return [String]
       attr_reader :path_or_id
 
@@ -19,6 +20,8 @@ module Mihari
       # @param [String] path_or_id
       #
       def initialize(path_or_id)
+        super()
+
         @path_or_id = path_or_id
       end
 
@@ -39,8 +42,8 @@ module Mihari
         )
       end
 
-      def result
-        Try[StandardError] { Rule.new(**data) }.to_result
+      def call
+        Rule.new(**data)
       end
     end
   end

data/lib/mihari/services/rule_runner.rb

@@ -2,13 +2,18 @@
 
 module Mihari
   module Services
-    class RuleRunner
+    #
+    # Rule runner
+    #
+    class RuleRunner < Service
       include Dry::Monads[:result, :try]
 
       # @return [Mihari::Rule]
       attr_reader :rule
 
       def initialize(rule)
+        super()
+
         @rule = rule
       end
 
@@ -29,15 +34,8 @@ module Mihari
       #
       # @return [Mihari::Models::Alert, nil]
       #
-      def run
-        rule.run
-      end
-
-      #
-      # @return [Dry::Monads::Result::Success<Mihari::Models::Alert, nil>, Dry::Monads::Result::Failure]
-      #
-      def result
-        Try[StandardError] { run }.to_result
+      def call
+        rule.call
       end
     end
   end

data/lib/mihari/structs/binaryedge.rb

@@ -1,16 +1,13 @@
+# frozen_string_literal: true
+
 module Mihari
   module Structs
     module BinaryEdge
       class Target < Dry::Struct
+        # @!attribute [r] ip
+        #   @return [String]
         attribute :ip, Types::String
 
-        #
-        # @return [String]
-        #
-        def ip
-          attributes[:ip]
-        end
-
         class << self
           def from_dynamic!(d)
             d = Types::Hash[d]
@@ -22,15 +19,10 @@ module Mihari
       end
 
       class Event < Dry::Struct
+        # @!attribute [r] target
+        #   @return [Target]
         attribute :target, Target
 
-        #
-        # @return [Target]
-        #
-        def target
-          attributes[:target]
-        end
-
         class << self
           def from_dynamic!(d)
             d = Types::Hash[d]
@@ -43,28 +35,21 @@ module Mihari
 
       class Response < Dry::Struct
         # @!attribute [r] page
-        # @return [Integer]
-        attribute :page, Types::Integer
+        #   @return [Integer]
+        attribute :page, Types::Int
 
         # @!attribute [r] pagesize
-        # @return [Integer]
-        attribute :pagesize, Types::Integer
+        #   @return [Integer]
+        attribute :pagesize, Types::Int
 
         # @!attribute [r] total
-        # @return [Integer]
-        attribute :total, Types::Integer
+        #   @return [Integer]
+        attribute :total, Types::Int
 
         # @!attribute [r] events
-        # @return [Array<Event>]
+        #   @return [Array<Event>]
         attribute :events, Types.Array(Event)
 
-        #
-        # @return [Array<Event>]
-        #
-        def events
-          attributes[:events]
-        end
-
         #
         # @return [Array<Artifact>]
         #