mihari 5.6.2 → 5.7.1

data/lib/mihari/web/api.rb

@@ -9,17 +9,22 @@ require "mihari/web/endpoints/rules"
 require "mihari/web/endpoints/tags"
 
 module Mihari
-  class API < Grape::API
-    prefix "api"
-    format :json
+  module Web
+    #
+    # Grape API
+    #
+    class API < Grape::API
+      prefix "api"
+      format :json
 
-    mount Endpoints::Alerts
-    mount Endpoints::Artifacts
-    mount Endpoints::Configs
-    mount Endpoints::IPAddresses
-    mount Endpoints::Rules
-    mount Endpoints::Tags
+      mount Endpoints::Alerts
+      mount Endpoints::Artifacts
+      mount Endpoints::Configs
+      mount Endpoints::IPAddresses
+      mount Endpoints::Rules
+      mount Endpoints::Tags
 
-    add_swagger_documentation(api_version: "v1", info: { title: "Mihari API" })
+      add_swagger_documentation(api_version: "v1", info: { title: "Mihari API" })
+    end
   end
 end

data/lib/mihari/web/app.rb

@@ -17,72 +17,80 @@ require "mihari/web/middleware/error_notification_adapter"
 require "mihari/web/api"
 
 module Mihari
-  class App
-    def initialize
-      @filenames = ["", ".html", "index.html", "/index.html"]
-      @rack_static = Rack::Static.new(
-        -> { [404, {}, []] },
-        root: File.expand_path("./public", __dir__),
-        urls: ["/"]
-      )
-    end
-
-    class << self
-      def instance
-        @instance ||= Rack::Builder.new do
-          use Rack::Cors do
-            allow do
-              origins "*"
-              resource "*", headers: :any, methods: %i[get post put delete options]
-            end
-          end
+  module Web
+    #
+    # Rack + Grape based web app
+    #
+    class App
+      # @return [Array<String>]
+      attr_reader :filenames
 
-          use Middleware::ConnectionAdapter
-          use Middleware::ErrorNotificationAdapter
+      # @return [Rack::Static]
+      attr_reader :rack_static
 
-          run App.new
-        end.to_app
+      def initialize
+        @filenames = ["", ".html", "index.html", "/index.html"]
+        @rack_static = Rack::Static.new(
+          -> { [404, {}, []] },
+          root: File.expand_path("./public", __dir__),
+          urls: ["/"]
+        )
       end
 
-      def run!(port: 9292, host: "localhost", threads: "0:5", verbose: false, worker_timeout: 60, open: true)
-        url = "http://#{host}:#{port}"
-
-        # set maximum number of threads to use as PARALLEL_PROCESSOR_COUNT (if it is not set)
-        # ref. https://github.com/grosser/parallel#tips
-        # TODO: is this the best way?
-        _min_thread, max_thread = threads.split(":")
-        ENV["PARALLEL_PROCESSOR_COUNT"] = max_thread if ENV["PARALLEL_PROCESSOR_COUNT"].nil?
-        Rackup::Handler::Puma.run(
-          instance,
-          Port: port,
-          Host: host,
-          Threads: threads,
-          Verbose: verbose,
-          worker_timeout: worker_timeout
-        ) do |_|
-          Launchy.open(url) if ENV["RACK_ENV"] != "development" && open
-        rescue Launchy::CommandNotFoundError
-          # ref. https://github.com/ninoseki/mihari/issues/477
-          # do nothing
+      def call(env)
+        status, headers, body = API.call(env)
+        return [status, headers, body] unless headers["X-Cascade"] == "pass"
+
+        # Check if the App wants us to pass the response along to others
+        request_path = env["PATH_INFO"]
+        filenames.each do |path|
+          static_status, static_headers, static_body = rack_static.call(env.merge("PATH_INFO" => request_path + path))
+          return [static_status, static_headers, static_body] if static_status != 404
         end
+
+        [status, headers, body]
       end
-    end
 
-    def call(env)
-      # api
-      api_response = API.call(env)
+      class << self
+        def instance
+          @instance ||= Rack::Builder.new do
+            use Rack::Cors do
+              allow do
+                origins "*"
+                resource "*", headers: :any, methods: %i[get post put delete options]
+              end
+            end
 
-      # Check if the App wants us to pass the response along to others
-      if api_response[1]["X-Cascade"] == "pass"
-        # static files
-        request_path = env["PATH_INFO"]
-        @filenames.each do |path|
-          response = @rack_static.call(env.merge("PATH_INFO" => request_path + path))
-          return response if response[0] != 404
+            use Middleware::ConnectionAdapter
+            use Middleware::ErrorNotificationAdapter
+
+            run App.new
+          end.to_app
         end
-      end
 
-      api_response
+        def run!(port: 9292, host: "localhost", threads: "0:5", verbose: false, worker_timeout: 60, open: true)
+          url = "http://#{host}:#{port}"
+
+          # set maximum number of threads to use as PARALLEL_PROCESSOR_COUNT (if it is not set)
+          # ref. https://github.com/grosser/parallel#tips
+          # TODO: is this the best way?
+          _min_thread, max_thread = threads.split(":")
+          ENV["PARALLEL_PROCESSOR_COUNT"] = max_thread if ENV["PARALLEL_PROCESSOR_COUNT"].nil?
+          Rackup::Handler::Puma.run(
+            instance,
+            Port: port,
+            Host: host,
+            Threads: threads,
+            Verbose: verbose,
+            worker_timeout: worker_timeout
+          ) do |_|
+            Launchy.open(url) if ENV["RACK_ENV"] != "development" && open
+          rescue Launchy::CommandNotFoundError
+            # ref. https://github.com/ninoseki/mihari/issues/477
+            # do nothing
+          end
+        end
+      end
     end
   end
 end

data/lib/mihari/web/endpoints/alerts.rb

@@ -1,109 +1,151 @@
 # frozen_string_literal: true
 
 module Mihari
-  module Endpoints
-    class Alerts < Grape::API
-      namespace :alerts do
-        desc "Search alerts", {
-          is_array: true,
-          success: Entities::AlertsWithPagination,
-          failure: [{ code: 404, message: "Not found", model: Entities::Message }],
-          summary: "Search alerts"
-        }
-        params do
-          optional :page, type: Integer, default: 1
-          optional :limit, type: Integer, default: 10
+  module Web
+    module Endpoints
+      #
+      # Alert API endpoint
+      #
+      class Alerts < Grape::API
+        class AlertSearcher < Mihari::Service
+          class ResultValue
+            # @return [Array<Mihari::Models::Alert>]
+            attr_reader :alerts
 
-          optional :artifact, type: String
-          optional :rule_id, type: String
-          optional :tag, type: String
+            # @return [Integer]
+            attr_reader :total
 
-          optional :fromAt, type: DateTime
-          optional :toAt, type: DateTime
-        end
-        get "/" do
-          filter = params.to_h.to_snake_keys
+            # @return [Mihari::Structs::Filters::Alert::SearchFilterWithPagination]
+            attr_reader :filter
+
+            #
+            # @param [Array<Mihari::Models::Alert>] alerts
+            # @param [Integer] total
+            # @param [Mihari::Structs::Filters::Alert::SearchFilterWithPagination] filter
+            #
+            def initialize(alerts:, total:, filter:)
+              @alerts = alerts
+              @total = total
+              @filter = filter
+            end
+          end
+
+          #
+          # @param [Hash] params
+          #
+          # @return [ResultValue]
+          #
+          def call(params)
+            filter = params.to_h.to_snake_keys
 
-          # normalize keys
-          filter["artifact_data"] = filter["artifact"]
-          filter["tag_name"] = filter["tag"]
-          # symbolize hash keys
-          filter = filter.to_h.symbolize_keys
+            # normalize keys
+            filter["artifact_data"] = filter["artifact"]
+            filter["tag_name"] = filter["tag"]
+            # symbolize hash keys
+            filter = filter.to_h.symbolize_keys
 
-          search_filter_with_pagination = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
-          alerts = Mihari::Models::Alert.search(search_filter_with_pagination)
-          total = Mihari::Models::Alert.count(search_filter_with_pagination.without_pagination)
+            search_filter_with_pagination = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
+            alerts = Mihari::Models::Alert.search(search_filter_with_pagination)
+            total = Mihari::Models::Alert.count(search_filter_with_pagination.without_pagination)
 
-          present(
-            {
-              alerts: alerts,
-              total: total,
-              current_page: filter[:page].to_i,
-              page_size: filter[:limit].to_i
-            },
-            with: Entities::AlertsWithPagination
-          )
+            ResultValue.new(alerts: alerts, total: total, filter: filter)
+          end
         end
 
-        desc "Delete an alert", {
-          success: Entities::Message,
-          failure: [{ code: 404, message: "Not found", model: Entities::Message }],
-          summary: "Delete an alert"
-        }
-        params do
-          requires :id, type: Integer
+        class AlertCreator < Service
+          #
+          # @param [Hash] params
+          #
+          # @return [Mihari::Models::Alert]
+          #
+          def call(params)
+            proxy = Services::AlertProxy.new(**params.to_snake_keys)
+            Services::AlertRunner.call proxy
+          end
         end
-        delete "/:id" do
-          extend Dry::Monads[:result, :try]
 
-          id = params["id"].to_i
+        class AlertDestroyer < Service
+          #
+          # @param [String] id
+          #
+          def call(id)
+            Mihari::Models::Alert.find(id).destroy
+          end
+        end
 
-          result = Try do
-            alert = Mihari::Models::Alert.find(id)
-            alert.destroy
-          end.to_result
+        namespace :alerts do
+          desc "Search alerts", {
+            is_array: true,
+            success: Entities::AlertsWithPagination,
+            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            summary: "Search alerts"
+          }
+          params do
+            optional :page, type: Integer, default: 1
+            optional :limit, type: Integer, default: 10
+            optional :artifact, type: String
+            optional :rule_id, type: String
+            optional :tag, type: String
+            optional :fromAt, type: DateTime
+            optional :toAt, type: DateTime
+          end
+          get "/" do
+            value = AlertSearcher.call(params.to_h)
+            present(
+              {
+                alerts: value.alerts,
+                total: value.total,
+                current_page: value.filter[:page].to_i,
+                page_size: value.filter[:limit].to_i
+              },
+              with: Entities::AlertsWithPagination
+            )
+          end
 
-          if result.success?
-            status 204
-            return present({ message: "" }, with: Entities::Message)
+          desc "Delete an alert", {
+            success: Entities::Message,
+            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            summary: "Delete an alert"
+          }
+          params do
+            requires :id, type: Integer
           end
+          delete "/:id" do
+            id = params["id"].to_i
+            result = AlertDestroyer.result(id)
+            if result.success?
+              status 204
+              return present({ message: "" }, with: Entities::Message)
+            end
 
-          failure = result.failure
-          case failure
-          when ActiveRecord::RecordNotFound
-            error!({ message: "ID:#{id} is not found" }, 404)
-          else
+            failure = result.failure
+            case failure
+            when ActiveRecord::RecordNotFound
+              error!({ message: "ID:#{id} is not found" }, 404)
+            end
             raise failure
           end
-        end
-
-        desc "Create an alert", {
-          success: Entities::Alert,
-          summary: "Create an alert"
-        }
-        params do
-          requires :ruleId, type: String, documentation: { param_type: "body" }
-          requires :artifacts, type: Array, documentation: { type: String, is_array: true, param_type: "body" }
-        end
-        post "/" do
-          extend Dry::Monads[:result, :try]
-
-          result = Try do
-            proxy = Services::AlertProxy.new(**params.to_snake_keys)
-            runner = Services::AlertRunner.new(proxy)
-            runner.run
-          end.to_result
 
-          if result.success?
-            status 201
-            return present(result.value!, with: Entities::Alert)
+          desc "Create an alert", {
+            success: Entities::Alert,
+            summary: "Create an alert"
+          }
+          params do
+            requires :ruleId, type: String, documentation: { param_type: "body" }
+            requires :artifacts, type: Array, documentation: { type: String, is_array: true, param_type: "body" }
           end
+          post "/" do
+            result = AlertCreator.result(params)
+            if result.success?
+              status 201
+              return present(result.value!, with: Entities::Alert)
+            end
 
-          failure = result.failure
-          case failure
-          when ActiveRecord::RecordNotFound
-            error!({ message: "Rule:#{params["ruleId"]} is not found" }, 404)
-          else
+            failure = result.failure
+            case failure
+            when ActiveRecord::RecordNotFound
+              error!({ message: "Rule:#{params["ruleId"]} is not found" }, 404)
+            end
             raise failure
           end
         end

data/lib/mihari/web/endpoints/artifacts.rb

@@ -1,23 +1,19 @@
 # frozen_string_literal: true
 
 module Mihari
-  module Endpoints
-    class Artifacts < Grape::API
-      namespace :artifacts do
-        desc "Get an artifact", {
-          success: Entities::Artifact,
-          failure: [{ code: 404, message: "Not found", model: Entities::Message }],
-          summary: "Get an artifact"
-        }
-        params do
-          requires :id, type: Integer
-        end
-        get "/:id" do
-          extend Dry::Monads[:result, :try]
-
-          id = params[:id].to_i
-
-          result = Try do
+  module Web
+    module Endpoints
+      #
+      # Artifact API endpoint
+      #
+      class Artifacts < Grape::API
+        class ArtifactGetter < Service
+          #
+          # @param [Integer] id
+          #
+          # @return [Mihari::Models::Artifact]
+          #
+          def call(id)
             artifact = Mihari::Models::Artifact.includes(
               :autonomous_system,
               :geolocation,
@@ -28,38 +24,19 @@ module Mihari
             # TODO: improve queries
             alert_ids = Mihari::Models::Artifact.where(data: artifact.data).pluck(:alert_id)
             tag_ids = Mihari::Models::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
-            tag_names = Mihari::Models::Tag.where(id: tag_ids).distinct.pluck(:name)
+            tags = Mihari::Models::Tag.where(id: tag_ids)
 
-            artifact.tags = tag_names
+            artifact.tags = tags
 
             artifact
-          end.to_result
-
-          return present(result.value!, with: Entities::Artifact) if result.success?
-
-          failure = result.failure
-          case failure
-          when ActiveRecord::RecordNotFound
-            error!({ message: "ID:#{id} is not found" }, 404)
-          else
-            raise failure
           end
         end
 
-        desc "Enrich an artifact", {
-          success: Entities::Message,
-          failure: [{ code: 404, message: "Not found", model: Entities::Message }],
-          summary: "Enrich an artifact"
-        }
-        params do
-          requires :id, type: Integer
-        end
-        get "/:id/enrich" do
-          extend Dry::Monads[:result, :try]
-
-          id = params["id"].to_i
-
-          result = Try do
+        class ArtifactEnricher < Service
+          #
+          # @param [String] id
+          #
+          def call(id)
             artifact = Mihari::Models::Artifact.includes(
               :autonomous_system,
               :geolocation,
@@ -72,50 +49,85 @@ module Mihari
 
             artifact.enrich_all
             artifact.save
-          end.to_result
-
-          if result.success?
-            status 201
-            return present({ message: "" }, with: Entities::Message)
-          end
-
-          failure = result.failure
-          case failure
-          when ActiveRecord::RecordNotFound
-            error!({ message: "ID:#{id} is not found" }, 404)
-          else
-            raise failure
           end
         end
 
-        desc "Delete an artifact", {
-          success: Entities::Message,
-          failure: [{ code: 404, message: "Not found", model: Entities::Message }],
-          summary: "Delete an artifact"
-        }
-        params do
-          requires :id, type: Integer
+        class ArtifactDestroyer < Service
+          #
+          # @param [Integer] id
+          #
+          def call(id)
+            Mihari::Models::Artifact.find(id).destroy
+          end
         end
-        delete "/:id" do
-          extend Dry::Monads[:result, :try]
 
-          id = params["id"].to_i
-
-          result = Try do
-            alert = Mihari::Models::Artifact.find(id)
-            alert.destroy
-          end.to_result
+        namespace :artifacts do
+          desc "Get an artifact", {
+            success: Entities::Artifact,
+            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            summary: "Get an artifact"
+          }
+          params do
+            requires :id, type: Integer
+          end
+          get "/:id" do
+            id = params[:id].to_i
+            result = ArtifactGetter.result(id)
+            return present(result.value!, with: Entities::Artifact) if result.success?
+
+            failure = result.failure
+            case failure
+            when ActiveRecord::RecordNotFound
+              error!({ message: "ID:#{id} is not found" }, 404)
+            end
+            raise failure
+          end
 
-          if result.success?
-            status 204
-            return present({ message: "" }, with: Entities::Message)
+          desc "Enrich an artifact", {
+            success: Entities::Message,
+            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            summary: "Enrich an artifact"
+          }
+          params do
+            requires :id, type: Integer
+          end
+          get "/:id/enrich" do
+            id = params["id"].to_i
+            result = ArtifactEnricher.result(id)
+            if result.success?
+              status 201
+              return present({ message: "" }, with: Entities::Message)
+            end
+
+            failure = result.failure
+            case failure
+            when ActiveRecord::RecordNotFound
+              error!({ message: "ID:#{id} is not found" }, 404)
+            end
+            raise failure
           end
 
-          failure = result.failure
-          case failure
-          when ActiveRecord::RecordNotFound
-            error!({ message: "ID:#{id} is not found" }, 404)
-          else
+          desc "Delete an artifact", {
+            success: Entities::Message,
+            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            summary: "Delete an artifact"
+          }
+          params do
+            requires :id, type: Integer
+          end
+          delete "/:id" do
+            id = params["id"].to_i
+            result = ArtifactDestroyer.result(id)
+            if result.success?
+              status 204
+              return present({ message: "" }, with: Entities::Message)
+            end
+
+            failure = result.failure
+            case failure
+            when ActiveRecord::RecordNotFound
+              error!({ message: "ID:#{id} is not found" }, 404)
+            end
             raise failure
           end
         end

data/lib/mihari/web/endpoints/configs.rb

@@ -1,20 +1,25 @@
 # frozen_string_literal: true
 
 module Mihari
-  module Endpoints
-    class Configs < Grape::API
-      namespace :configs do
-        desc "Get configs", {
-          is_array: true,
-          success: Entities::Config,
-          summary: "Get configs"
-        }
-        get "/" do
-          configs = (Mihari.analyzers + Mihari.emitters + Mihari.enrichers).filter_map do |klass|
-            Mihari::Structs::Config.from_class(klass)
-          end
+  module Web
+    module Endpoints
+      #
+      # Config API endpoint
+      #
+      class Configs < Grape::API
+        namespace :configs do
+          desc "Get configs", {
+            is_array: true,
+            success: Entities::Config,
+            summary: "Get configs"
+          }
+          get "/" do
+            configs = (Mihari.analyzers + Mihari.emitters + Mihari.enrichers).filter_map do |klass|
+              Mihari::Structs::Config.from_class(klass)
+            end
 
-          present(configs, with: Entities::Config)
+            present(configs, with: Entities::Config)
+          end
         end
       end
     end