mihari 5.7.0 → 5.7.1

data/lib/mihari/web/app.rb

@@ -22,6 +22,12 @@ module Mihari
     # Rack + Grape based web app
     #
     class App
+      # @return [Array<String>]
+      attr_reader :filenames
+
+      # @return [Rack::Static]
+      attr_reader :rack_static
+
       def initialize
         @filenames = ["", ".html", "index.html", "/index.html"]
         @rack_static = Rack::Static.new(
@@ -31,6 +37,20 @@ module Mihari
         )
       end
 
+      def call(env)
+        status, headers, body = API.call(env)
+        return [status, headers, body] unless headers["X-Cascade"] == "pass"
+
+        # Check if the App wants us to pass the response along to others
+        request_path = env["PATH_INFO"]
+        filenames.each do |path|
+          static_status, static_headers, static_body = rack_static.call(env.merge("PATH_INFO" => request_path + path))
+          return [static_status, static_headers, static_body] if static_status != 404
+        end
+
+        [status, headers, body]
+      end
+
       class << self
         def instance
           @instance ||= Rack::Builder.new do
@@ -71,23 +91,6 @@ module Mihari
           end
         end
       end
-
-      def call(env)
-        # api
-        api_response = API.call(env)
-
-        # Check if the App wants us to pass the response along to others
-        if api_response[1]["X-Cascade"] == "pass"
-          # static files
-          request_path = env["PATH_INFO"]
-          @filenames.each do |path|
-            response = @rack_static.call(env.merge("PATH_INFO" => request_path + path))
-            return response if response[0] != 404
-          end
-        end
-
-        api_response
-      end
     end
   end
 end

data/lib/mihari/web/endpoints/alerts.rb

@@ -7,6 +7,72 @@ module Mihari
       # Alert API endpoint
       #
       class Alerts < Grape::API
+        class AlertSearcher < Mihari::Service
+          class ResultValue
+            # @return [Array<Mihari::Models::Alert>]
+            attr_reader :alerts
+
+            # @return [Integer]
+            attr_reader :total
+
+            # @return [Mihari::Structs::Filters::Alert::SearchFilterWithPagination]
+            attr_reader :filter
+
+            #
+            # @param [Array<Mihari::Models::Alert>] alerts
+            # @param [Integer] total
+            # @param [Mihari::Structs::Filters::Alert::SearchFilterWithPagination] filter
+            #
+            def initialize(alerts:, total:, filter:)
+              @alerts = alerts
+              @total = total
+              @filter = filter
+            end
+          end
+
+          #
+          # @param [Hash] params
+          #
+          # @return [ResultValue]
+          #
+          def call(params)
+            filter = params.to_h.to_snake_keys
+
+            # normalize keys
+            filter["artifact_data"] = filter["artifact"]
+            filter["tag_name"] = filter["tag"]
+            # symbolize hash keys
+            filter = filter.to_h.symbolize_keys
+
+            search_filter_with_pagination = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
+            alerts = Mihari::Models::Alert.search(search_filter_with_pagination)
+            total = Mihari::Models::Alert.count(search_filter_with_pagination.without_pagination)
+
+            ResultValue.new(alerts: alerts, total: total, filter: filter)
+          end
+        end
+
+        class AlertCreator < Service
+          #
+          # @param [Hash] params
+          #
+          # @return [Mihari::Models::Alert]
+          #
+          def call(params)
+            proxy = Services::AlertProxy.new(**params.to_snake_keys)
+            Services::AlertRunner.call proxy
+          end
+        end
+
+        class AlertDestroyer < Service
+          #
+          # @param [String] id
+          #
+          def call(id)
+            Mihari::Models::Alert.find(id).destroy
+          end
+        end
+
         namespace :alerts do
           desc "Search alerts", {
             is_array: true,
@@ -17,33 +83,20 @@ module Mihari
           params do
             optional :page, type: Integer, default: 1
             optional :limit, type: Integer, default: 10
-
             optional :artifact, type: String
             optional :rule_id, type: String
             optional :tag, type: String
-
             optional :fromAt, type: DateTime
             optional :toAt, type: DateTime
           end
           get "/" do
-            filter = params.to_h.to_snake_keys
-
-            # normalize keys
-            filter["artifact_data"] = filter["artifact"]
-            filter["tag_name"] = filter["tag"]
-            # symbolize hash keys
-            filter = filter.to_h.symbolize_keys
-
-            search_filter_with_pagination = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
-            alerts = Mihari::Models::Alert.search(search_filter_with_pagination)
-            total = Mihari::Models::Alert.count(search_filter_with_pagination.without_pagination)
-
+            value = AlertSearcher.call(params.to_h)
             present(
               {
-                alerts: alerts,
-                total: total,
-                current_page: filter[:page].to_i,
-                page_size: filter[:limit].to_i
+                alerts: value.alerts,
+                total: value.total,
+                current_page: value.filter[:page].to_i,
+                page_size: value.filter[:limit].to_i
               },
               with: Entities::AlertsWithPagination
             )
@@ -58,15 +111,8 @@ module Mihari
             requires :id, type: Integer
           end
           delete "/:id" do
-            extend Dry::Monads[:result, :try]
-
             id = params["id"].to_i
-
-            result = Try do
-              alert = Mihari::Models::Alert.find(id)
-              alert.destroy
-            end.to_result
-
+            result = AlertDestroyer.result(id)
             if result.success?
               status 204
               return present({ message: "" }, with: Entities::Message)
@@ -76,9 +122,8 @@ module Mihari
             case failure
             when ActiveRecord::RecordNotFound
               error!({ message: "ID:#{id} is not found" }, 404)
-            else
-              raise failure
             end
+            raise failure
           end
 
           desc "Create an alert", {
@@ -90,14 +135,7 @@ module Mihari
             requires :artifacts, type: Array, documentation: { type: String, is_array: true, param_type: "body" }
           end
           post "/" do
-            extend Dry::Monads[:result, :try]
-
-            result = Try do
-              proxy = Services::AlertProxy.new(**params.to_snake_keys)
-              runner = Services::AlertRunner.new(proxy)
-              runner.call
-            end.to_result
-
+            result = AlertCreator.result(params)
             if result.success?
               status 201
               return present(result.value!, with: Entities::Alert)
@@ -107,9 +145,8 @@ module Mihari
             case failure
             when ActiveRecord::RecordNotFound
               error!({ message: "Rule:#{params["ruleId"]} is not found" }, 404)
-            else
-              raise failure
             end
+            raise failure
           end
         end
       end

data/lib/mihari/web/endpoints/artifacts.rb

@@ -7,6 +7,60 @@ module Mihari
       # Artifact API endpoint
       #
       class Artifacts < Grape::API
+        class ArtifactGetter < Service
+          #
+          # @param [Integer] id
+          #
+          # @return [Mihari::Models::Artifact]
+          #
+          def call(id)
+            artifact = Mihari::Models::Artifact.includes(
+              :autonomous_system,
+              :geolocation,
+              :whois_record,
+              :dns_records,
+              :reverse_dns_names
+            ).find(id)
+            # TODO: improve queries
+            alert_ids = Mihari::Models::Artifact.where(data: artifact.data).pluck(:alert_id)
+            tag_ids = Mihari::Models::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
+            tags = Mihari::Models::Tag.where(id: tag_ids)
+
+            artifact.tags = tags
+
+            artifact
+          end
+        end
+
+        class ArtifactEnricher < Service
+          #
+          # @param [String] id
+          #
+          def call(id)
+            artifact = Mihari::Models::Artifact.includes(
+              :autonomous_system,
+              :geolocation,
+              :whois_record,
+              :dns_records,
+              :reverse_dns_names,
+              :cpes,
+              :ports
+            ).find(id)
+
+            artifact.enrich_all
+            artifact.save
+          end
+        end
+
+        class ArtifactDestroyer < Service
+          #
+          # @param [Integer] id
+          #
+          def call(id)
+            Mihari::Models::Artifact.find(id).destroy
+          end
+        end
+
         namespace :artifacts do
           desc "Get an artifact", {
             success: Entities::Artifact,
@@ -17,37 +71,16 @@ module Mihari
             requires :id, type: Integer
           end
           get "/:id" do
-            extend Dry::Monads[:result, :try]
-
             id = params[:id].to_i
-
-            result = Try do
-              artifact = Mihari::Models::Artifact.includes(
-                :autonomous_system,
-                :geolocation,
-                :whois_record,
-                :dns_records,
-                :reverse_dns_names
-              ).find(id)
-              # TODO: improve queries
-              alert_ids = Mihari::Models::Artifact.where(data: artifact.data).pluck(:alert_id)
-              tag_ids = Mihari::Models::Tagging.where(alert_id: alert_ids).pluck(:tag_id)
-              tag_names = Mihari::Models::Tag.where(id: tag_ids).distinct.pluck(:name)
-
-              artifact.tags = tag_names
-
-              artifact
-            end.to_result
-
+            result = ArtifactGetter.result(id)
             return present(result.value!, with: Entities::Artifact) if result.success?
 
             failure = result.failure
             case failure
             when ActiveRecord::RecordNotFound
               error!({ message: "ID:#{id} is not found" }, 404)
-            else
-              raise failure
             end
+            raise failure
           end
 
           desc "Enrich an artifact", {
@@ -59,25 +92,8 @@ module Mihari
             requires :id, type: Integer
           end
           get "/:id/enrich" do
-            extend Dry::Monads[:result, :try]
-
             id = params["id"].to_i
-
-            result = Try do
-              artifact = Mihari::Models::Artifact.includes(
-                :autonomous_system,
-                :geolocation,
-                :whois_record,
-                :dns_records,
-                :reverse_dns_names,
-                :cpes,
-                :ports
-              ).find(id)
-
-              artifact.enrich_all
-              artifact.save
-            end.to_result
-
+            result = ArtifactEnricher.result(id)
             if result.success?
               status 201
               return present({ message: "" }, with: Entities::Message)
@@ -87,9 +103,8 @@ module Mihari
             case failure
             when ActiveRecord::RecordNotFound
               error!({ message: "ID:#{id} is not found" }, 404)
-            else
-              raise failure
             end
+            raise failure
           end
 
           desc "Delete an artifact", {
@@ -101,15 +116,8 @@ module Mihari
             requires :id, type: Integer
           end
           delete "/:id" do
-            extend Dry::Monads[:result, :try]
-
             id = params["id"].to_i
-
-            result = Try do
-              alert = Mihari::Models::Artifact.find(id)
-              alert.destroy
-            end.to_result
-
+            result = ArtifactDestroyer.result(id)
             if result.success?
               status 204
               return present({ message: "" }, with: Entities::Message)
@@ -119,9 +127,8 @@ module Mihari
             case failure
             when ActiveRecord::RecordNotFound
               error!({ message: "ID:#{id} is not found" }, 404)
-            else
-              raise failure
             end
+            raise failure
           end
         end
       end

data/lib/mihari/web/endpoints/ip_addresses.rb

@@ -7,6 +7,17 @@ module Mihari
       # IP address API endpoint
       #
       class IPAddresses < Grape::API
+        class IPGetter < Service
+          #
+          # @param [String] ip
+          #
+          # @return [Mihari::Structs::IPInfo::Response]
+          #
+          def call(ip)
+            Mihari::Enrichers::IPInfo.new.call ip
+          end
+        end
+
         namespace :ip_addresses do
           desc "Get an IP address", {
             success: Entities::IPAddress,
@@ -18,11 +29,15 @@ module Mihari
           end
           get "/:ip", requirements: { ip: %r{[^/]+} } do
             ip = params[:ip].to_s
+            result = IPGetter.result(ip)
+            return present(result.value!, with: Entities::IPAddress) if result.success?
 
-            data = Enrichers::IPInfo.new.call(ip)
-            error!({ message: "IP:#{ip} is not found" }, 404) if data.nil?
-
-            present data, with: Entities::IPAddress
+            failure = result.failure
+            case failure
+            when Mihari::StatusCodeError
+              error!({ message: "ID:#{id} is not found" }, 404) if failure.status_code == 404
+            end
+            raise failure
           end
         end
       end