RubyGems - mihari - Versions diffs - 5.7.0 → 5.7.1 - Mend

mihari 5.7.0 → 5.7.1

Files changed (164) hide show

checksums.yaml +4 -4
data/.rubocop.yml +1 -1
data/lib/mihari/actor.rb +10 -4
data/lib/mihari/commands/alert.rb +6 -4
data/lib/mihari/commands/search.rb +10 -29
data/lib/mihari/enrichers/ipinfo.rb +1 -1
data/lib/mihari/entities/tag.rb +1 -0
data/lib/mihari/rule.rb +14 -0
data/lib/mihari/service.rb +12 -2
data/lib/mihari/services/alert_builder.rb +81 -8
data/lib/mihari/services/alert_runner.rb +3 -10
data/lib/mihari/services/rule_builder.rb +8 -10
data/lib/mihari/services/rule_runner.rb +2 -25
data/lib/mihari/structs/binaryedge.rb +9 -0
data/lib/mihari/structs/censys.rb +0 -14
data/lib/mihari/structs/fofa.rb +3 -0
data/lib/mihari/structs/google_public_dns.rb +0 -4
data/lib/mihari/structs/greynoise.rb +0 -6
data/lib/mihari/structs/hunterhow.rb +0 -6
data/lib/mihari/structs/ipinfo.rb +0 -2
data/lib/mihari/structs/onyphe.rb +0 -4
data/lib/mihari/structs/shodan.rb +0 -2
data/lib/mihari/structs/urlscan.rb +0 -6
data/lib/mihari/structs/virustotal_intelligence.rb +0 -8
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/app.rb +20 -17
data/lib/mihari/web/endpoints/alerts.rb +75 -38
data/lib/mihari/web/endpoints/artifacts.rb +60 -53
data/lib/mihari/web/endpoints/ip_addresses.rb +19 -4
data/lib/mihari/web/endpoints/rules.rb +132 -88
data/lib/mihari/web/endpoints/tags.rb +15 -13
data/lib/mihari/web/public/assets/{index-821134e2.js → index-07fafab5.js} +4 -3
data/lib/mihari/web/public/index.html +1 -1
data/lib/mihari.rb +0 -1
data/mihari.gemspec +1 -1
data/mkdocs.yml +1 -0
metadata +3 -130
data/docs/alternatives.md +0 -5
data/docs/analyzers/binaryedge.md +0 -26
data/docs/analyzers/censys.md +0 -31
data/docs/analyzers/circl.md +0 -37
data/docs/analyzers/crtsh.md +0 -26
data/docs/analyzers/dnstwister.md +0 -25
data/docs/analyzers/feed.md +0 -73
data/docs/analyzers/fofa.md +0 -31
data/docs/analyzers/greynoise.md +0 -26
data/docs/analyzers/hunterhow.md +0 -33
data/docs/analyzers/index.md +0 -104
data/docs/analyzers/onyphe.md +0 -26
data/docs/analyzers/otx.md +0 -28
data/docs/analyzers/passivetotal.md +0 -52
data/docs/analyzers/pulsedive.md +0 -28
data/docs/analyzers/securitytrails.md +0 -41
data/docs/analyzers/shodan.md +0 -26
data/docs/analyzers/urlscan.md +0 -28
data/docs/analyzers/virustotal.md +0 -43
data/docs/analyzers/virustotal_intelligence.md +0 -33
data/docs/analyzers/zoomeye.md +0 -38
data/docs/configuration.md +0 -35
data/docs/emitters/database.md +0 -22
data/docs/emitters/hive.md +0 -26
data/docs/emitters/index.md +0 -36
data/docs/emitters/misp.md +0 -21
data/docs/emitters/slack.md +0 -21
data/docs/emitters/webhook.md +0 -63
data/docs/enrichers/google_public_dns.md +0 -19
data/docs/enrichers/index.md +0 -35
data/docs/enrichers/ipinfo.md +0 -26
data/docs/enrichers/shodan.md +0 -22
data/docs/enrichers/whois.md +0 -17
data/docs/github_actions.md +0 -43
data/docs/index.md +0 -11
data/docs/installation.md +0 -31
data/docs/requirements.md +0 -13
data/docs/rule.md +0 -168
data/docs/tags.md +0 -3
data/docs/usage.md +0 -103
data/frontend/.eslintrc.cjs +0 -22
data/frontend/.gitignore +0 -31
data/frontend/.prettierrc.json +0 -8
data/frontend/README.md +0 -3
data/frontend/env.d.ts +0 -5
data/frontend/index.html +0 -21
data/frontend/package-lock.json +0 -7219
data/frontend/package.json +0 -67
data/frontend/public/favicon.ico +0 -0
data/frontend/scripts/swagger_doc_to_yaml.rb +0 -23
data/frontend/src/App.vue +0 -27
data/frontend/src/ace-config.ts +0 -6
data/frontend/src/api-helper.ts +0 -111
data/frontend/src/api.ts +0 -105
data/frontend/src/components/ErrorMessage.vue +0 -31
data/frontend/src/components/Loading.vue +0 -15
data/frontend/src/components/Navbar.vue +0 -42
data/frontend/src/components/Pagination.vue +0 -119
data/frontend/src/components/alert/Alert.vue +0 -87
data/frontend/src/components/alert/Alerts.vue +0 -63
data/frontend/src/components/alert/AlertsWithPagination.vue +0 -90
data/frontend/src/components/alert/AlertsWrapper.vue +0 -128
data/frontend/src/components/alert/Form.vue +0 -169
data/frontend/src/components/artifact/AS.vue +0 -23
data/frontend/src/components/artifact/Artifact.vue +0 -287
data/frontend/src/components/artifact/ArtifactTag.vue +0 -64
data/frontend/src/components/artifact/ArtifactTags.vue +0 -29
data/frontend/src/components/artifact/ArtifactWrapper.vue +0 -57
data/frontend/src/components/artifact/CPEs.vue +0 -23
data/frontend/src/components/artifact/DnsRecords.vue +0 -32
data/frontend/src/components/artifact/Ports.vue +0 -23
data/frontend/src/components/artifact/ReverseDnsNames.vue +0 -23
data/frontend/src/components/artifact/Tags.vue +0 -29
data/frontend/src/components/artifact/WhoisRecord.vue +0 -44
data/frontend/src/components/config/Configs.vue +0 -65
data/frontend/src/components/config/ConfigsWrapper.vue +0 -32
data/frontend/src/components/link/Link.vue +0 -32
data/frontend/src/components/link/Links.vue +0 -42
data/frontend/src/components/rule/EditRule.vue +0 -72
data/frontend/src/components/rule/EditRuleWrapper.vue +0 -48
data/frontend/src/components/rule/Form.vue +0 -158
data/frontend/src/components/rule/InputForm.vue +0 -45
data/frontend/src/components/rule/NewRule.vue +0 -57
data/frontend/src/components/rule/Rule.vue +0 -100
data/frontend/src/components/rule/RuleWrapper.vue +0 -53
data/frontend/src/components/rule/Rules.vue +0 -84
data/frontend/src/components/rule/RulesWrapper.vue +0 -121
data/frontend/src/components/rule/YAML.vue +0 -37
data/frontend/src/components/tag/Tag.vue +0 -65
data/frontend/src/components/tag/Tags.vue +0 -37
data/frontend/src/countries.ts +0 -350
data/frontend/src/index.ts +0 -20
data/frontend/src/links/anyrun.ts +0 -19
data/frontend/src/links/base.ts +0 -14
data/frontend/src/links/censys.ts +0 -20
data/frontend/src/links/crtsh.ts +0 -20
data/frontend/src/links/dnslytics.ts +0 -38
data/frontend/src/links/greynoise.ts +0 -20
data/frontend/src/links/index.ts +0 -40
data/frontend/src/links/intezer.ts +0 -20
data/frontend/src/links/otx.ts +0 -33
data/frontend/src/links/securitytrails.ts +0 -38
data/frontend/src/links/shodan.ts +0 -20
data/frontend/src/links/urlscan.ts +0 -50
data/frontend/src/links/virustotal.ts +0 -72
data/frontend/src/main.ts +0 -41
data/frontend/src/router/index.ts +0 -57
data/frontend/src/rule.ts +0 -14
data/frontend/src/shims-vue.d.ts +0 -6
data/frontend/src/swagger.yaml +0 -771
data/frontend/src/types.ts +0 -188
data/frontend/src/utils.ts +0 -54
data/frontend/src/views/Alerts.vue +0 -20
data/frontend/src/views/Artifact.vue +0 -39
data/frontend/src/views/Configs.vue +0 -20
data/frontend/src/views/EditRule.vue +0 -39
data/frontend/src/views/NewRule.vue +0 -26
data/frontend/src/views/Rule.vue +0 -39
data/frontend/src/views/Rules.vue +0 -20
data/frontend/tests/utils.spec.ts +0 -9
data/frontend/tsconfig.app.json +0 -21
data/frontend/tsconfig.json +0 -14
data/frontend/tsconfig.node.json +0 -13
data/frontend/tsconfig.vitest.json +0 -12
data/frontend/vite.config.ts +0 -24
data/frontend/vitest.config.ts +0 -21
data/lib/mihari/services/alert_proxy.rb +0 -97

data/frontend/src/components/alert/Alerts.vue DELETED Viewed

@@ -1,63 +0,0 @@
-<template>
-  <Alert
-    v-for="(alert, index) in alerts.alerts"
-    :alert="alert"
-    :key="index"
-    @refresh-page="refreshPage"
-    @update-tag="updateTag"
-  ></Alert>
-  <Pagination
-    :total="alerts.total"
-    :currentPage="alerts.currentPage"
-    :pageSize="alerts.pageSize"
-    @update-page="updatePage"
-  ></Pagination>
-  <p class="help">({{ alerts.total }} results in total, {{ alerts.alerts.length }} shown)</p>
-</template>
-<script lang="ts">
-import { defineComponent, type PropType } from "vue"
-import Alert from "@/components/alert/Alert.vue"
-import Pagination from "@/components/Pagination.vue"
-import type { Alerts } from "@/types"
-export default defineComponent({
-  name: "AlertsItem",
-  components: {
-    Alert,
-    Pagination
-  },
-  props: {
-    alerts: {
-      type: Object as PropType<Alerts>,
-      required: true
-    }
-  },
-  emits: ["update-page", "refresh-page", "update-tag"],
-  setup(_, context) {
-    const scrollToTop = () => {
-      window.scrollTo({
-        top: 0
-      })
-    }
-    const updatePage = (page: number) => {
-      scrollToTop()
-      context.emit("update-page", page)
-    }
-    const refreshPage = () => {
-      scrollToTop()
-      context.emit("refresh-page")
-    }
-    const updateTag = (tag: string) => {
-      scrollToTop()
-      context.emit("update-tag", tag)
-    }
-    return { updatePage, updateTag, refreshPage }
-  }
-})
-</script>

data/frontend/src/components/alert/AlertsWithPagination.vue DELETED Viewed

@@ -1,90 +0,0 @@
-<template>
-  <Loading v-if="getAlertsTask.isRunning"></Loading>
-  <Alerts
-    :alerts="getAlertsTask.last.value"
-    v-if="getAlertsTask.last?.value"
-    @refresh-page="refreshPage"
-    @update-page="updatePage"
-    @update-tag="updateTag"
-  >
-  </Alerts>
-</template>
-<script lang="ts">
-import { defineComponent, nextTick, onMounted, ref, watch } from "vue"
-import { generateGetAlertsTask } from "@/api-helper"
-import Alerts from "@/components/alert/Alerts.vue"
-import Loading from "@/components/Loading.vue"
-import type { AlertSearchParams } from "@/types"
-export default defineComponent({
-  name: "AlertsWithPagination",
-  props: {
-    ruleId: {
-      type: String
-    },
-    artifact: {
-      type: String
-    }
-  },
-  components: {
-    Alerts,
-    Loading
-  },
-  setup(props) {
-    const page = ref(1)
-    const tag = ref<string | undefined>(undefined)
-    const getAlertsTask = generateGetAlertsTask()
-    const getAlerts = async () => {
-      const params: AlertSearchParams = {
-        artifact: props.artifact,
-        page: page.value,
-        ruleId: props.ruleId,
-        tag: tag.value,
-        toAt: undefined,
-        fromAt: undefined
-      }
-      return await getAlertsTask.perform(params)
-    }
-    const updatePage = (newPage: number) => {
-      page.value = newPage
-    }
-    const resetPage = () => {
-      page.value = 1
-    }
-    const refreshPage = async () => {
-      resetPage()
-      await getAlerts()
-    }
-    const updateTag = (newTag: string | undefined) => {
-      if (tag.value === newTag) {
-        tag.value = undefined
-      } else {
-        tag.value = newTag
-      }
-    }
-    onMounted(async () => {
-      await getAlerts()
-    })
-    watch([props, page, tag], async () => {
-      nextTick(async () => await getAlerts())
-    })
-    return {
-      getAlertsTask,
-      refreshPage,
-      updatePage,
-      updateTag
-    }
-  }
-})
-</script>

data/frontend/src/components/alert/AlertsWrapper.vue DELETED Viewed

@@ -1,128 +0,0 @@
-<template>
-  <div class="box mb-6">
-    <FormComponent
-      ref="form"
-      :ruleSet="getRuleSetTask.last?.value || []"
-      :tags="getTagsTask.last?.value || []"
-      :page="page"
-      :tag="tag"
-    ></FormComponent>
-    <hr />
-    <div class="columns">
-      <div class="column">
-        <div class="field is-grouped is-grouped-centered">
-          <p class="control">
-            <a class="button is-primary" @click="search">
-              <span class="icon is-small">
-                <font-awesome-icon icon="search"></font-awesome-icon>
-              </span>
-              <span>Search</span>
-            </a>
-          </p>
-        </div>
-      </div>
-    </div>
-  </div>
-  <div v-if="getAlertsTask.performCount > 0">
-    <hr />
-    <Loading v-if="getAlertsTask.isRunning"></Loading>
-    <ErrorMessage v-if="getAlertsTask.isError" :error="getAlertsTask.last?.error"></ErrorMessage>
-    <AlertsComponent
-      :alerts="getAlertsTask.last.value"
-      v-if="getAlertsTask.last?.value"
-      @refresh-page="refreshPage"
-      @update-page="updatePage"
-      @update-tag="updateTag"
-    ></AlertsComponent>
-  </div>
-</template>
-<script lang="ts">
-import { defineComponent, nextTick, onMounted, ref, watch } from "vue"
-import { generateGetAlertsTask, generateGetRuleSetTask, generateGetTagsTask } from "@/api-helper"
-import AlertsComponent from "@/components/alert/Alerts.vue"
-import FormComponent from "@/components/alert/Form.vue"
-import ErrorMessage from "@/components/ErrorMessage.vue"
-import Loading from "@/components/Loading.vue"
-import type { AlertSearchParams } from "@/types"
-export default defineComponent({
-  name: "AlertsWrapper",
-  components: {
-    AlertsComponent,
-    FormComponent,
-    Loading,
-    ErrorMessage
-  },
-  setup() {
-    const page = ref(1)
-    const tag = ref<string | undefined>(undefined)
-    const form = ref<InstanceType<typeof FormComponent>>()
-    const getAlertsTask = generateGetAlertsTask()
-    const getTagsTask = generateGetTagsTask()
-    const getRuleSetTask = generateGetRuleSetTask()
-    const getAlerts = async () => {
-      const params = form.value?.getSearchParams() as AlertSearchParams
-      return await getAlertsTask.perform(params)
-    }
-    const updatePage = (newPage: number) => {
-      page.value = newPage
-    }
-    const resetPage = () => {
-      page.value = 1
-    }
-    const search = async () => {
-      // reset page
-      resetPage()
-      await getAlerts()
-    }
-    const updateTag = (newTag: string | undefined) => {
-      if (tag.value === newTag) {
-        tag.value = undefined
-      } else {
-        tag.value = newTag
-      }
-      nextTick(async () => await search())
-    }
-    const refreshPage = async () => {
-      // it is just an alias of search
-      // this function will be invoked when an alert is deleted
-      await search()
-    }
-    onMounted(async () => {
-      getTagsTask.perform()
-      getRuleSetTask.perform()
-      await getAlerts()
-    })
-    watch([page, tag], async () => {
-      nextTick(async () => await getAlerts())
-    })
-    return {
-      getAlertsTask,
-      getRuleSetTask,
-      getTagsTask,
-      refreshPage,
-      search,
-      tag,
-      updatePage,
-      updateTag,
-      form,
-      page
-    }
-  }
-})
-</script>

data/frontend/src/components/alert/Form.vue DELETED Viewed

@@ -1,169 +0,0 @@
-<template>
-  <div class="columns">
-    <div class="column">
-      <div class="field is-horizontal">
-        <div class="field-label is-normal">
-          <label class="label">Rule</label>
-        </div>
-        <div class="field-body">
-          <div class="field">
-            <div class="control">
-              <div class="select">
-                <select v-model="ruleId">
-                  <option></option>
-                  <option v-for="ruleId_ in ruleSet" :key="ruleId_">
-                    {{ ruleId_ }}
-                  </option>
-                </select>
-              </div>
-            </div>
-          </div>
-        </div>
-      </div>
-    </div>
-    <div class="column">
-      <div class="field is-horizontal">
-        <div class="field-label is-normal">
-          <label class="label">Artifact</label>
-        </div>
-        <div class="field-body">
-          <div class="field">
-            <p class="control">
-              <input class="input" type="text" v-model="artifact" />
-            </p>
-          </div>
-        </div>
-      </div>
-    </div>
-  </div>
-  <div class="columns">
-    <div class="column">
-      <div class="field is-horizontal">
-        <div class="field-label is-normal">
-          <label class="label">Tag</label>
-        </div>
-        <div class="field-body">
-          <div class="field">
-            <div class="control">
-              <div class="select">
-                <select v-model="tagInput">
-                  <option></option>
-                  <option v-for="tag_ in tags" :key="tag_">
-                    {{ tag_ }}
-                  </option>
-                </select>
-              </div>
-            </div>
-          </div>
-        </div>
-      </div>
-    </div>
-    <div class="column"></div>
-  </div>
-  <div class="columns">
-    <div class="column">
-      <div class="field is-horizontal">
-        <div class="field-label is-normal">
-          <label class="label">From</label>
-        </div>
-        <div class="field-body">
-          <div class="field">
-            <p class="control">
-              <input class="input" type="date" v-model="fromAt" />
-            </p>
-          </div>
-        </div>
-      </div>
-    </div>
-    <div class="column">
-      <div class="field is-horizontal">
-        <div class="field-label is-normal">
-          <label class="label">To</label>
-        </div>
-        <div class="field-body">
-          <div class="field">
-            <p class="control">
-              <input class="input" type="date" v-model="toAt" />
-            </p>
-          </div>
-        </div>
-      </div>
-    </div>
-  </div>
-</template>
-<script lang="ts">
-import { defineComponent, type PropType, ref, toRef, watch } from "vue"
-import { useRoute } from "vue-router"
-import type { AlertSearchParams } from "@/types"
-import { normalizeQueryParam } from "@/utils"
-export default defineComponent({
-  name: "AlertsForm",
-  props: {
-    tags: {
-      type: Array as PropType<string[]>,
-      required: true
-    },
-    ruleSet: {
-      type: Array as PropType<string[]>,
-      required: true
-    },
-    page: {
-      type: Number,
-      required: true
-    },
-    tag: {
-      type: String,
-      required: false
-    }
-  },
-  setup(props) {
-    const route = useRoute()
-    const artifact = ref<string | undefined>(undefined)
-    const fromAt = ref<string | undefined>(undefined)
-    const tagInput = ref<string | undefined>(props.tag)
-    const ruleId = ref<string | undefined>(undefined)
-    const toAt = ref<string | undefined>(undefined)
-    const updateByQueryParams = () => {
-      const tag_ = route.query["tag"]
-      if (tagInput.value === undefined) {
-        tagInput.value = normalizeQueryParam(tag_)
-      }
-    }
-    const getSearchParams = (): AlertSearchParams => {
-      updateByQueryParams()
-      const params: AlertSearchParams = {
-        artifact: artifact.value === "" ? undefined : artifact.value,
-        page: props.page,
-        ruleId: ruleId.value === "" ? undefined : ruleId.value,
-        tag: tagInput.value === "" ? undefined : tagInput.value,
-        toAt: toAt.value === "" ? undefined : toAt.value,
-        fromAt: fromAt.value === "" ? undefined : fromAt.value
-      }
-      return params
-    }
-    watch(
-      () => props.tag,
-      () => {
-        tagInput.value = props.tag
-      }
-    )
-    return {
-      artifact,
-      fromAt,
-      getSearchParams,
-      ruleId,
-      toAt,
-      tagInput
-    }
-  }
-})
-</script>

data/frontend/src/components/artifact/AS.vue DELETED Viewed

@@ -1,23 +0,0 @@
-<template>
-  <div class="tags are-medium">
-    <span class="tag">
-      {{ autonomousSystem.asn }}
-    </span>
-  </div>
-</template>
-<script lang="ts">
-import { defineComponent, type PropType } from "vue"
-import type { AutonomousSystem } from "@/types"
-export default defineComponent({
-  name: "AS",
-  props: {
-    autonomousSystem: {
-      type: Object as PropType<AutonomousSystem>,
-      required: true
-    }
-  }
-})
-</script>