mihari 5.6.2 → 5.7.1

data/frontend/src/types.ts

@@ -1,188 +0,0 @@
-export interface Pagination {
-  total: number
-  currentPage: number
-  pageSize: number
-}
-
-export interface ConfigValue {
-  key: string
-  value: string | null
-}
-
-export interface Config {
-  name: string
-  isConfigured: boolean
-  values: ConfigValue[]
-  type: string
-}
-
-export interface Tag {
-  name: string
-}
-
-export interface Tags {
-  tags: string[]
-}
-
-export interface RuleSet {
-  ruleIds: string[]
-}
-
-export interface DnsRecord {
-  resource: string
-  value: string
-}
-
-export interface Contact {
-  name: string | null
-  organization: string | null
-}
-
-export interface Registrar {
-  name: string | null
-  organization: string | null
-}
-
-export interface WhoisRecord {
-  createdOn: Date | null
-  updatedOn: Date | null
-  expiresOn: Date | null
-  registrar: Registrar | null
-  contacts: Contact[]
-}
-
-export interface AutonomousSystem {
-  asn: number
-}
-
-export interface Geolocation {
-  country: string
-  countryCode: string
-}
-
-export interface ReverseDnsName {
-  name: string
-}
-
-export interface CPE {
-  cpe: string
-}
-
-export interface Port {
-  port: string
-}
-
-export interface Artifact {
-  id: string
-  data: string
-  dataType: string
-  source: string
-  metadata: unknown | null
-  createdAt: string
-
-  autonomousSystem: AutonomousSystem | null
-  whoisRecord: WhoisRecord | null
-  geolocation: Geolocation | null
-
-  dnsRecords: DnsRecord[] | null
-  reverseDnsNames: ReverseDnsName[] | null
-  cpes: CPE[] | null
-  ports: Port[] | null
-}
-
-export interface ArtifactWithTags extends Artifact {
-  tags: string[]
-}
-
-export interface Alert {
-  id: string
-  ruleId: string
-  createdAt: string
-
-  tags: Tag[]
-  artifacts: Artifact[]
-}
-
-export interface Alerts extends Pagination {
-  alerts: Alert[]
-}
-
-export interface PaginationParams {
-  page: number | undefined
-}
-
-export interface AlertSearchParams extends PaginationParams {
-  artifact: string | undefined
-  ruleId: string | undefined
-  tag: string | undefined
-  fromAt: string | undefined
-  toAt: string | undefined
-}
-
-export interface IPInfo {
-  ip: string
-  hostname: string | null
-  loc: string
-  countryCode: string
-  asn: string
-}
-
-export interface GCS {
-  lat: number
-  long: number
-}
-
-export interface Country {
-  name: string
-  code: string
-  lat: number
-  long: number
-}
-
-export type LinkType = "ip" | "domain" | "url" | "hash"
-
-export interface Link {
-  name: string
-  type: string
-  baseURL: string
-  // eslint-disable-next-line no-unused-vars
-  href(data: string): string
-  favicon(): string
-}
-
-export interface Rule {
-  id: string
-  title: string
-  description: string
-  yaml: string
-  createdAt: string
-  updatedAt: string
-  tags: Tag[]
-}
-
-export interface CreateRule {
-  yaml: string
-}
-
-export interface UpdateRule {
-  id: string
-  yaml: string
-}
-
-export interface Query {
-  analyzer: string
-  query: string
-  interval: null
-}
-
-export interface Rules extends Pagination {
-  rules: Rule[]
-}
-
-export interface RuleSearchParams extends PaginationParams {
-  description: string | undefined
-  tag: string | undefined
-  title: string | undefined
-  fromAt: string | undefined
-  toAt: string | undefined
-}

data/frontend/src/utils.ts

@@ -1,54 +0,0 @@
-import dayjs from "dayjs"
-import relativeTime from "dayjs/plugin/relativeTime"
-import timezone from "dayjs/plugin/timezone"
-import utc from "dayjs/plugin/utc"
-import type { LocationQueryValue } from "vue-router"
-
-import { getCountryByCode } from "@/countries"
-import type { GCS, IPInfo } from "@/types"
-
-dayjs.extend(relativeTime)
-dayjs.extend(timezone)
-dayjs.extend(utc)
-
-export function getLocalDatetime(datetime: string): string {
-  return dayjs(datetime).local().format("YYYY-MM-DD HH:mm:ss")
-}
-
-export function getHumanizedRelativeTime(datetime: string): string {
-  return dayjs(datetime).local().fromNow()
-}
-
-export function getGCSByCountryCode(countryCode: string): GCS | undefined {
-  const country = getCountryByCode(countryCode)
-  if (country !== undefined) {
-    return { lat: country.lat, long: country.long }
-  }
-}
-
-export function getGCSByIPInfo(ipinfo: IPInfo): GCS | undefined {
-  if (ipinfo.loc !== undefined) {
-    const numbers = ipinfo.loc.split(",")
-    if (numbers.length === 2) {
-      const lat = numbers[0]
-      const long = numbers[1]
-
-      return { lat: parseFloat(lat), long: parseFloat(long) }
-    }
-  }
-  return getGCSByCountryCode(ipinfo.countryCode)
-}
-
-export function normalizeQueryParam(
-  param: undefined | null | string | string[] | LocationQueryValue | LocationQueryValue[]
-): string | undefined {
-  if (param === undefined || param === null) {
-    return undefined
-  }
-
-  if (typeof param === "string") {
-    return param
-  }
-
-  return param.toString()
-}

data/frontend/src/views/Alerts.vue

@@ -1,20 +0,0 @@
-<template>
-  <Alerts></Alerts>
-</template>
-
-<script lang="ts">
-import { useTitle } from "@vueuse/core"
-import { defineComponent } from "vue"
-
-import Alerts from "@/components/alert/AlertsWrapper.vue"
-
-export default defineComponent({
-  name: "AlertsView",
-  components: {
-    Alerts
-  },
-  setup() {
-    useTitle("Alerts - Mihari")
-  }
-})
-</script>

data/frontend/src/views/Artifact.vue

@@ -1,39 +0,0 @@
-<template>
-  <Artifact :id="id"></Artifact>
-</template>
-
-<script lang="ts">
-import { useTitle } from "@vueuse/core"
-import { defineComponent, onMounted, watch } from "vue"
-
-import Artifact from "@/components/artifact/ArtifactWrapper.vue"
-
-export default defineComponent({
-  name: "ArtifactView",
-  components: {
-    Artifact
-  },
-  props: {
-    id: {
-      type: String,
-      required: true
-    }
-  },
-  setup(props) {
-    const updateTitle = () => {
-      useTitle(`Artifact:${props.id} - Mihari`)
-    }
-
-    onMounted(() => {
-      updateTitle()
-    })
-
-    watch(
-      () => props.id,
-      () => {
-        updateTitle()
-      }
-    )
-  }
-})
-</script>

data/frontend/src/views/Configs.vue

@@ -1,20 +0,0 @@
-<template>
-  <Configs></Configs>
-</template>
-
-<script lang="ts">
-import { useTitle } from "@vueuse/core"
-import { defineComponent } from "vue"
-
-import Configs from "@/components/config/ConfigsWrapper.vue"
-
-export default defineComponent({
-  name: "ConfigView",
-  components: {
-    Configs
-  },
-  setup() {
-    useTitle("Config - Mihari")
-  }
-})
-</script>

data/frontend/src/views/EditRule.vue

@@ -1,39 +0,0 @@
-<template>
-  <EditRule :id="id"></EditRule>
-</template>
-
-<script lang="ts">
-import { useTitle } from "@vueuse/core"
-import { defineComponent, onMounted, watch } from "vue"
-
-import EditRule from "@/components/rule/EditRuleWrapper.vue"
-
-export default defineComponent({
-  name: "EditRuleView",
-  components: {
-    EditRule
-  },
-  props: {
-    id: {
-      type: String,
-      required: true
-    }
-  },
-  setup(props) {
-    const updateTitle = () => {
-      useTitle(`Edit rule:${props.id} - Mihari`)
-    }
-
-    onMounted(() => {
-      updateTitle()
-    })
-
-    watch(
-      () => props.id,
-      () => {
-        updateTitle()
-      }
-    )
-  }
-})
-</script>

data/frontend/src/views/NewRule.vue

@@ -1,26 +0,0 @@
-<template>
-  <NewRule></NewRule>
-</template>
-
-<script lang="ts">
-import { useTitle } from "@vueuse/core"
-import { defineComponent, onMounted } from "vue"
-
-import NewRule from "@/components/rule/NewRule.vue"
-
-export default defineComponent({
-  name: "NewRuleView",
-  components: {
-    NewRule
-  },
-  setup() {
-    const updateTitle = () => {
-      useTitle(`New rule - Mihari`)
-    }
-
-    onMounted(() => {
-      updateTitle()
-    })
-  }
-})
-</script>

data/frontend/src/views/Rule.vue

@@ -1,39 +0,0 @@
-<template>
-  <Rule :id="id"></Rule>
-</template>
-
-<script lang="ts">
-import { useTitle } from "@vueuse/core"
-import { defineComponent, onMounted, watch } from "vue"
-
-import Rule from "@/components/rule/RuleWrapper.vue"
-
-export default defineComponent({
-  name: "RuleView",
-  components: {
-    Rule
-  },
-  props: {
-    id: {
-      type: String,
-      required: true
-    }
-  },
-  setup(props) {
-    const updateTitle = () => {
-      useTitle(`Rule:${props.id} - Mihari`)
-    }
-
-    onMounted(() => {
-      updateTitle()
-    })
-
-    watch(
-      () => props.id,
-      () => {
-        updateTitle()
-      }
-    )
-  }
-})
-</script>

data/frontend/src/views/Rules.vue

@@ -1,20 +0,0 @@
-<template>
-  <Rules></Rules>
-</template>
-
-<script lang="ts">
-import { useTitle } from "@vueuse/core"
-import { defineComponent } from "vue"
-
-import Rules from "@/components/rule/RulesWrapper.vue"
-
-export default defineComponent({
-  name: "RulesView",
-  components: {
-    Rules
-  },
-  setup() {
-    useTitle("Rules - Mihari")
-  }
-})
-</script>

data/frontend/tests/utils.spec.ts

@@ -1,9 +0,0 @@
-import { describe, expect, it } from 'vitest'
-
-import { getHumanizedRelativeTime } from '@/utils'
-
-describe('getHumanizedRelativeTime', () => {
-  it('returns a relative time in humanized format', () => {
-    expect(getHumanizedRelativeTime('1970-01-01 00:00:00')).toContain('years')
-  })
-})

data/frontend/tsconfig.app.json

@@ -1,21 +0,0 @@
-{
-  "extends": "@vue/tsconfig/tsconfig.dom.json",
-  "include": [
-    "env.d.ts",
-    "src/**/*",
-    "src/**/*.vue",
-    "tests/**/*"
-  ],
-  "exclude": [
-    "src/**/__tests__/*"
-  ],
-  "compilerOptions": {
-    "composite": true,
-    "baseUrl": ".",
-    "paths": {
-      "@/*": [
-        "./src/*"
-      ]
-    }
-  }
-}

data/frontend/tsconfig.json

@@ -1,14 +0,0 @@
-{
-  "files": [],
-  "references": [
-    {
-      "path": "./tsconfig.node.json"
-    },
-    {
-      "path": "./tsconfig.app.json"
-    },
-    {
-      "path": "./tsconfig.vitest.json"
-    }
-  ]
-}

data/frontend/tsconfig.node.json

@@ -1,13 +0,0 @@
-{
-  "extends": "@tsconfig/node20/tsconfig.json",
-  "include": [
-    "vite.config.*",
-  ],
-  "compilerOptions": {
-    "composite": true,
-    "module": "ESNext",
-    "types": [
-      "node"
-    ]
-  }
-}

data/frontend/tsconfig.vitest.json

@@ -1,12 +0,0 @@
-{
-  "extends": "./tsconfig.app.json",
-  "exclude": [],
-  "compilerOptions": {
-    "composite": true,
-    "lib": [],
-    "types": [
-      "node",
-      "jsdom"
-    ]
-  }
-}

data/frontend/vite.config.ts

@@ -1,24 +0,0 @@
-import { fileURLToPath, URL } from "node:url"
-
-import vue from "@vitejs/plugin-vue"
-import { defineConfig } from "vite"
-
-const env = process.env
-const target = env.BACKEND_URL || "http://localhost:9292/"
-const port = parseInt(env.port || "8080")
-
-// https://vitejs.dev/config/
-export default defineConfig({
-  plugins: [vue()],
-  server: {
-    port,
-    proxy: {
-      "/api": target
-    }
-  },
-  resolve: {
-    alias: {
-      "@": fileURLToPath(new URL("./src", import.meta.url))
-    }
-  }
-})

data/frontend/vitest.config.ts

@@ -1,21 +0,0 @@
-import { fileURLToPath } from "node:url"
-
-import { mergeConfig } from "vite"
-import { configDefaults, defineConfig } from "vitest/config"
-
-import viteConfig from "./vite.config"
-
-export default mergeConfig(
-  viteConfig,
-  defineConfig({
-    test: {
-      environment: "jsdom",
-      exclude: [...configDefaults.exclude, "e2e/*"],
-      root: fileURLToPath(new URL("./", import.meta.url)),
-      transformMode: {
-        web: [/\.[jt]sx$/]
-      },
-      include: ["**/__tests__/**/*.?(c|m)[jt]s?(x)", "**/?(*.){test,spec}.?(c|m)[jt]s?(x)"]
-    }
-  })
-)

data/lib/mihari/services/alert_proxy.rb

@@ -1,92 +0,0 @@
-# frozen_string_literal: true
-
-require "json"
-
-module Mihari
-  module Services
-    class AlertProxy
-      # @return [Hash]
-      attr_reader :data
-
-      # @return [Array, nil]
-      attr_reader :errors
-
-      #
-      # Initialize
-      #
-      # @param [Hash] data
-      #
-      def initialize(**data)
-        @data = data.deep_symbolize_keys
-        @errors = nil
-
-        validate!
-      end
-
-      #
-      # @return [Boolean]
-      #
-      def errors?
-        return false if @errors.nil?
-
-        !@errors.empty?
-      end
-
-      def validate!
-        contract = Schemas::AlertContract.new
-        result = contract.call(data)
-
-        @data = result.to_h
-        @errors = result.errors
-
-        raise ValidationError.new("Validation failed", errors) if errors?
-      end
-
-      def [](key)
-        data key.to_sym
-      end
-
-      #
-      # @return [String]
-      #
-      def rule_id
-        @rule_id ||= data[:rule_id]
-      end
-
-      #
-      # @return [Array<Mihari::Models::Artifact>]
-      #
-      def artifacts
-        @artifacts ||= data[:artifacts].map do |data|
-          artifact = Models::Artifact.new(data: data)
-          artifact.rule_id = rule_id
-          artifact
-        end.uniq(&:data).select(&:valid?)
-      end
-
-      #
-      # @return [Mihari::Rule]
-      #
-      def rule
-        @rule ||= [].tap do |out|
-          data = Mihari::Models::Rule.find(rule_id).data
-          out << Rule.new(**data)
-        end.first
-      end
-
-      class << self
-        #
-        # Load rule from YAML string
-        #
-        # @param [String] yaml
-        #
-        # @return [Mihari::Services::Alert]
-        #
-        def from_yaml(yaml)
-          data = YAML.safe_load(yaml, permitted_classes: [Date, Symbol])
-          new(**data)
-        end
-      end
-    end
-  end
-end

data/lib/mihari/templates/rule.yml.erb

@@ -1,5 +0,0 @@
-id: <%= SecureRandom.uuid %>
-title: Title goes here
-description: Description goes here
-created_on: <%= Date.today %>
-queries: []

data/lib/mihari/web/public/assets/mode-yaml-a21faa53.js

@@ -1,8 +0,0 @@
-ace.define("ace/mode/yaml_highlight_rules",["require","exports","module","ace/lib/oop","ace/mode/text_highlight_rules"],function(e,t,n){"use strict";var r=e("../lib/oop"),i=e("./text_highlight_rules").TextHighlightRules,s=function(){this.$rules={start:[{token:"comment",regex:"#.*$"},{token:"list.markup",regex:/^(?:-{3}|\.{3})\s*(?=#|$)/},{token:"list.markup",regex:/^\s*[\-?](?:$|\s)/},{token:"constant",regex:"!![\\w//]+"},{token:"constant.language",regex:"[&\\*][a-zA-Z0-9-_]+"},{token:["meta.tag","keyword"],regex:/^(\s*\w[^\s:]*?)(:(?=\s|$))/},{token:["meta.tag","keyword"],regex:/(\w[^\s:]*?)(\s*:(?=\s|$))/},{token:"keyword.operator",regex:"<<\\w*:\\w*"},{token:"keyword.operator",regex:"-\\s*(?=[{])"},{token:"string",regex:'["](?:(?:\\\\.)|(?:[^"\\\\]))*?["]'},{token:"string",regex:/[|>][-+\d]*(?:$|\s+(?:$|#))/,onMatch:function(e,t,n,r){r=r.replace(/ #.*/,"");var i=/^ *((:\s*)?-(\s*[^|>])?)?/.exec(r)[0].replace(/\S\s*$/,"").length,s=parseInt(/\d+[\s+-]*$/.exec(r));return s?(i+=s-1,this.next="mlString"):this.next="mlStringPre",n.length?(n[0]=this.next,n[1]=i):(n.push(this.next),n.push(i)),this.token},next:"mlString"},{token:"string",regex:"['](?:(?:\\\\.)|(?:[^'\\\\]))*?[']"},{token:"constant.numeric",regex:/(\b|[+\-\.])[\d_]+(?:(?:\.[\d_]*)?(?:[eE][+\-]?[\d_]+)?)(?=[^\d-\w]|$)$/},{token:"constant.numeric",regex:/[+\-]?\.inf\b|NaN\b|0x[\dA-Fa-f_]+|0b[10_]+/},{token:"constant.language.boolean",regex:"\\b(?:true|false|TRUE|FALSE|True|False|yes|no)\\b"},{token:"paren.lparen",regex:"[[({]"},{token:"paren.rparen",regex:"[\\])}]"},{token:"text",regex:/[^\s,:\[\]\{\}]+/}],mlStringPre:[{token:"indent",regex:/^ *$/},{token:"indent",regex:/^ */,onMatch:function(e,t,n){var r=n[1];return r>=e.length?(this.next="start",n.shift(),n.shift()):(n[1]=e.length-1,this.next=n[0]="mlString"),this.token},next:"mlString"},{defaultToken:"string"}],mlString:[{token:"indent",regex:/^ *$/},{token:"indent",regex:/^ */,onMatch:function(e,t,n){var r=n[1];return r>=e.length?(this.next="start",n.splice(0)):this.next="mlString",this.token},next:"mlString"},{token:"string",regex:".+"}]},this.normalizeRules()};r.inherits(s,i),t.YamlHighlightRules=s}),ace.define("ace/mode/matching_brace_outdent",["require","exports","module","ace/range"],function(e,t,n){"use strict";var r=e("../range").Range,i=function(){};(function(){this.checkOutdent=function(e,t){return/^\s+$/.test(e)?/^\s*\}/.test(t):!1},this.autoOutdent=function(e,t){var n=e.getLine(t),i=n.match(/^(\s*\})/);if(!i)return 0;var s=i[1].length,o=e.findMatchingBracket({row:t,column:s});if(!o||o.row==t)return 0;var u=this.$getIndent(e.getLine(o.row));e.replace(new r(t,0,t,s-1),u)},this.$getIndent=function(e){return e.match(/^\s*/)[0]}}).call(i.prototype),t.MatchingBraceOutdent=i}),ace.define("ace/mode/folding/coffee",["require","exports","module","ace/lib/oop","ace/mode/folding/fold_mode","ace/range"],function(e,t,n){"use strict";var r=e("../../lib/oop"),i=e("./fold_mode").FoldMode,s=e("../../range").Range,o=t.FoldMode=function(){};r.inherits(o,i),function(){this.getFoldWidgetRange=function(e,t,n){var r=this.indentationBlock(e,n);if(r)return r;var i=/\S/,o=e.getLine(n),u=o.search(i);if(u==-1||o[u]!="#")return;var a=o.length,f=e.getLength(),l=n,c=n;while(++n<f){o=e.getLine(n);var h=o.search(i);if(h==-1)continue;if(o[h]!="#")break;c=n}if(c>l){var p=e.getLine(c).length;return new s(l,a,c,p)}},this.getFoldWidget=function(e,t,n){var r=e.getLine(n),i=r.search(/\S/),s=e.getLine(n+1),o=e.getLine(n-1),u=o.search(/\S/),a=s.search(/\S/);if(i==-1)return e.foldWidgets[n-1]=u!=-1&&u<a?"start":"","";if(u==-1){if(i==a&&r[i]=="#"&&s[i]=="#")return e.foldWidgets[n-1]="",e.foldWidgets[n+1]="","start"}else if(u==i&&r[i]=="#"&&o[i]=="#"&&e.getLine(n-2).search(/\S/)==-1)return e.foldWidgets[n-1]="start",e.foldWidgets[n+1]="","";return u!=-1&&u<i?e.foldWidgets[n-1]="start":e.foldWidgets[n-1]="",i<a?"start":""}}.call(o.prototype)}),ace.define("ace/mode/yaml",["require","exports","module","ace/lib/oop","ace/mode/text","ace/mode/yaml_highlight_rules","ace/mode/matching_brace_outdent","ace/mode/folding/coffee","ace/worker/worker_client"],function(e,t,n){"use strict";var r=e("../lib/oop"),i=e("./text").Mode,s=e("./yaml_highlight_rules").YamlHighlightRules,o=e("./matching_brace_outdent").MatchingBraceOutdent,u=e("./folding/coffee").FoldMode,a=e("../worker/worker_client").WorkerClient,f=function(){this.HighlightRules=s,this.$outdent=new o,this.foldingRules=new u,this.$behaviour=this.$defaultBehaviour};r.inherits(f,i),function(){this.lineCommentStart=["#"],this.getNextLineIndent=function(e,t,n){var r=this.$getIndent(t);if(e=="start"){var i=t.match(/^.*[\{\(\[]\s*$/);i&&(r+=n)}return r},this.checkOutdent=function(e,t,n){return this.$outdent.checkOutdent(t,n)},this.autoOutdent=function(e,t,n){this.$outdent.autoOutdent(t,n)},this.createWorker=function(e){var t=new a(["ace"],"ace/mode/yaml_worker","YamlWorker");return t.attachToDocument(e.getDocument()),t.on("annotate",function(t){e.setAnnotations(t.data)}),t.on("terminate",function(){e.clearAnnotations()}),t},this.$id="ace/mode/yaml"}.call(f.prototype),t.Mode=f});                (function() {
-                    ace.require(["ace/mode/yaml"], function(m) {
-                        if (typeof module == "object" && typeof exports == "object" && module) {
-                            module.exports = m;
-                        }
-                    });
-                })();
-