mihari 5.7.2 → 6.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5c7fa4de39ec815c08930311d4ed642857236021301508c47d298cba157dd811
-  data.tar.gz: 1598a9992be6739957bc5145c11d93f8a869588d42985799d527703178f78a8f
+  metadata.gz: 2846f5154fcdde4cda4f0237c79e047fc498b96b5c21a6152287ac9ab11faac9
+  data.tar.gz: f43b4e20a59b1274b62c5e9768f153429540067882508b34f0c36932cc9cb5ef
 SHA512:
-  metadata.gz: 6c96715d51778d724b4df1c502d3083c4af084997019cc7ef43fc5d131cfeb02c4b0f06d6353c0d8e75e26dec0fb20038fa36718f9a65bb1a3a771224442bc3e
-  data.tar.gz: 655c0efa77ff2602fef509b351ebf02ab9c222728ddfcfc0da36ba8fa27a4e1518f1d70406b5ba3ace86012c196954a98c9af10a4de58c5dcdf73bbc760d2056
+  metadata.gz: b54da0da25e57531c1efef94bdc42df715569b9e88842ca330d1d0893f4c20990bb2ded22a001f31816cbd72f00f43473f0254f222a9849308be746576128e3c
+  data.tar.gz: 7167afd356c4f945e66631bb3c6cefc06678961b480511d85939e6ede9eccec9a5f83a948a169be9ee7ba5cc79af918a447b8f01e5280faff3138071e7808beb

data/config.ru

@@ -1,5 +1,7 @@
 require "./lib/mihari"
 
+require "better_errors"
+
 # set rack env as development
 ENV["RACK_ENV"] ||= "development"
 

data/lib/mihari/analyzers/dnstwister.rb

@@ -25,9 +25,7 @@ module Mihari
         raise ValueError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?
 
         domains = client.fuzz(query)
-        Parallel.map(domains) do |domain|
-          resolvable?(domain) ? domain : nil
-        end.compact
+        Parallel.map(domains) { |domain| resolvable?(domain) ? domain : nil }.compact
       end
 
       private
@@ -55,7 +53,7 @@ module Mihari
       def resolvable?(domain)
         Resolv.getaddress domain
         true
-      rescue Resolv::ResolvError => _e
+      rescue Resolv::ResolvError
         false
       end
     end

data/lib/mihari/analyzers/urlscan.rb

@@ -34,10 +34,7 @@ module Mihari
       def artifacts
         # @type [Array<Mihari::Models::Artifact>]
         artifacts = client.search_with_pagination(query, pagination_limit: pagination_limit).map(&:artifacts).flatten
-
-        artifacts.select do |artifact|
-          allowed_data_types.include? artifact.data_type
-        end
+        artifacts.select { |artifact| allowed_data_types.include? artifact.data_type }
       end
 
       def configuration_keys

data/lib/mihari/cli/main.rb

@@ -32,19 +32,9 @@ module Mihari
       include Mihari::Commands::Version
       include Mihari::Commands::Web
 
-      no_commands do
-        def unwrap_error(err)
-          return err unless err.is_a?(Dry::Monads::UnwrapError)
-
-          # NOTE: UnwrapError's receiver can be either of:
-          #       - Dry::Monads::Try::Error
-          #       - Dry::Monads::Result::Failure
-          receiver = err.receiver
-          return receiver.exception if receiver.is_a?(Dry::Monads::Try::Error)
-
-          receiver.failure
-        end
+      include Mihari::Mixins::UnwrapError
 
+      no_commands do
         def safe_execute
           yield
         rescue StandardError => e

data/lib/mihari/commands/database.rb

@@ -19,7 +19,6 @@ module Mihari
             #
             def migrate(direction = "up")
               ActiveRecord::Migration.verbose = options["verbose"]
-
               Mihari::Database.migrate direction.to_sym
             end
           end

data/lib/mihari/database.rb

@@ -1,9 +1,7 @@
 # frozen_string_literal: true
 
 # Make possible to use upper case acronyms in class names
-ActiveSupport::Inflector.inflections(:en) do |inflect|
-  inflect.acronym "CPE"
-end
+ActiveSupport::Inflector.inflections(:en) { |inflect| inflect.acronym "CPE" }
 
 def env
   ENV["APP_ENV"] || ENV["RACK_ENV"]
@@ -175,7 +173,7 @@ module Mihari
         Mihari::Database.connect
         yield
       rescue ActiveRecord::StatementInvalid
-        Mihari.logger.error("You haven't finished the DB migration! Please run 'mihari db migrate'.")
+        Mihari.logger.error("The DB migration is not yet complete. Please run 'mihari db migrate'.")
       ensure
         Mihari::Database.close
       end

data/lib/mihari/emitters/slack.rb

@@ -192,9 +192,7 @@ module Mihari
       # @return [Array<Mihari::Emitters::Attachment>]
       #
       def attachments
-        artifacts.map do |artifact|
-          Attachment.new(data: artifact.data, data_type: artifact.data_type).to_a
-        end.flatten
+        artifacts.map { |artifact| Attachment.new(data: artifact.data, data_type: artifact.data_type).to_a }.flatten
       end
 
       #
@@ -205,7 +203,6 @@ module Mihari
       def text
         tags = rule.tags
         tags = ["N/A"] if tags.empty?
-
         [
           "*#{rule.title}*",
           "*Desc.*: #{rule.description}",
@@ -217,10 +214,10 @@ module Mihari
       # @param [Array<Mihari::Models::Artifact>] artifacts
       #
       def call(artifacts)
-        return if artifacts.empty?
-
         @artifacts = artifacts
 
+        return if artifacts.empty?
+
         notifier.post(text: text, attachments: attachments, mrkdwn: true)
       end
 

data/lib/mihari/emitters/the_hive.rb

@@ -43,10 +43,10 @@ module Mihari
       # @param [Array<Mihari::Models::Artifact>] artifacts
       #
       def call(artifacts)
-        return if artifacts.empty?
-
         @artifacts = artifacts
 
+        return if artifacts.empty?
+
         client.alert payload
       end
 
@@ -61,11 +61,7 @@ module Mihari
         @normalized_api_version ||= [].tap do |out|
           # v4 does not have version prefix in path (/api/)
           # v5 has version prefix in path (/api/v1/)
-          table = {
-            "" => nil,
-            "v4" => nil,
-            "v5" => "v1"
-          }
+          table = { "" => nil, "v4" => nil, "v5" => "v1" }
           out << table[api_version.to_s.downcase]
         end.first
       end

data/lib/mihari/enrichers/google_public_dns.rb

@@ -14,9 +14,7 @@ module Mihari
       # @return [Array<Mihari::Structs::GooglePublicDNS::Response>]
       #
       def call(name)
-        %w[A AAAA CNAME TXT NS].filter_map do |resource_type|
-          query_by_type(name, resource_type)
-        end
+        %w[A AAAA CNAME TXT NS].filter_map { |resource_type| query_by_type(name, resource_type) }
       end
 
       #
@@ -31,10 +29,7 @@ module Mihari
         url = "https://dns.google/resolve"
         params = { name: name, type: resource_type }
         res = http.get(url, params: params)
-
-        data = JSON.parse(res.body.to_s)
-
-        Structs::GooglePublicDNS::Response.from_dynamic! data
+        Structs::GooglePublicDNS::Response.from_dynamic! JSON.parse(res.body.to_s)
       rescue HTTPError
         nil
       end

data/lib/mihari/enrichers/ipinfo.rb

@@ -33,9 +33,7 @@ module Mihari
       def call(ip)
         url = "https://ipinfo.io/#{ip}/json"
         res = http.get(url)
-        data = JSON.parse(res.body.to_s)
-
-        Structs::IPInfo::Response.from_dynamic! data
+        Structs::IPInfo::Response.from_dynamic! JSON.parse(res.body.to_s)
       end
 
       private

data/lib/mihari/enrichers/shodan.rb

@@ -16,9 +16,7 @@ module Mihari
       def call(ip)
         url = "https://internetdb.shodan.io/#{ip}"
         res = http.get(url)
-        data = JSON.parse(res.body.to_s)
-
-        Structs::Shodan::InternetDBResponse.from_dynamic! data
+        Structs::Shodan::InternetDBResponse.from_dynamic! JSON.parse(res.body.to_s)
       end
 
       private

data/lib/mihari/enrichers/whois.rb

@@ -52,10 +52,6 @@ module Mihari
         whois_record
       end
 
-      def reset_cache
-        @memo = {}
-      end
-
       private
 
       #

data/lib/mihari/mixins/refang.rb

@@ -14,10 +14,7 @@ module Mihari
       # @return [String]
       #
       def refang(indicator)
-        return indicator.gsub("[.]", ".").gsub("(.)", ".") if indicator.is_a?(String)
-
-        # for RSpec & Ruby 2.7
-        indicator
+        indicator.gsub("[.]", ".").gsub("(.)", ".")
       end
     end
   end

data/lib/mihari/mixins/unwrap_error.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Mixins
+    #
+    # Unwrap error mixins
+    #
+    module UnwrapError
+      def unwrap_error(err)
+        return err unless err.is_a?(Dry::Monads::UnwrapError)
+
+        # NOTE: UnwrapError's receiver can be either of:
+        #       - Dry::Monads::Try::Error
+        #       - Dry::Monads::Result::Failure
+        receiver = err.receiver
+        case receiver
+        when Dry::Monads::Try::Error
+          receiver.exception
+        when Dry::Monads::Failure
+          receiver.failure
+        else
+          err
+        end
+      end
+    end
+  end
+end

data/lib/mihari/models/alert.rb

@@ -30,7 +30,6 @@ module Mihari
           offset = (page - 1) * limit
 
           relation = build_relation(filter.without_pagination)
-
           alert_ids = relation.limit(limit).offset(offset).order(id: :desc).pluck(:id).uniq
           eager_load(:artifacts, :tags).where(id: [alert_ids]).order(id: :desc)
         end
@@ -75,8 +74,7 @@ module Mihari
         def build_relation(filter)
           artifact_ids = get_artifact_ids_by_filter(filter)
 
-          relation = self
-          relation = relation.includes(:artifacts, :tags)
+          relation = includes(:artifacts, :tags)
 
           relation = relation.where(artifacts: { id: artifact_ids }) unless artifact_ids.empty?
           relation = relation.where(tags: { name: filter.tag_name }) if filter.tag_name

data/lib/mihari/models/artifact.rb

@@ -78,7 +78,7 @@ module Mihari
       end
 
       #
-      # Enrich(add) whois record
+      # Enrich whois record
       #
       # @param [Mihari::Enrichers::Whois] enricher
       #
@@ -89,7 +89,7 @@ module Mihari
       end
 
       #
-      # Enrich(add) DNS records
+      # Enrich DNS records
       #
       # @param [Mihari::Enrichers::GooglePublicDNS] enricher
       #
@@ -100,7 +100,7 @@ module Mihari
       end
 
       #
-      # Enrich(add) reverse DNS names
+      # Enrich reverse DNS names
       #
       # @param [Mihari::Enrichers::Shodan] enricher
       #
@@ -111,7 +111,7 @@ module Mihari
       end
 
       #
-      # Enrich(add) geolocation
+      # Enrich geolocation
       #
       # @param [Mihari::Enrichers::IPInfo] enricher
       #
@@ -192,9 +192,7 @@ module Mihari
       #
       def enrich_by_enricher(enricher)
         methods = ENRICH_METHODS_BY_ENRICHER[enricher.class] || []
-        methods.each do |method|
-          send(method, enricher) if respond_to?(method)
-        end
+        methods.each { |method| send(method, enricher) if respond_to?(method) }
       end
 
       private

data/lib/mihari/models/rule.rb

@@ -66,8 +66,7 @@ module Mihari
         # @return [Mihari::Models::Rule]
         #
         def build_relation(filter)
-          relation = self
-          relation = relation.includes(alerts: :tags)
+          relation = includes(alerts: :tags)
 
           relation = relation.where(alerts: { tags: { name: filter.tag_name } }) if filter.tag_name
 

data/lib/mihari/rule.rb

@@ -113,15 +113,15 @@ module Mihari
       analyzers.flat_map do |analyzer|
         # @type [Dry::Monads::Result::Success<Array<Mihari::Models::Artifact>>, Dry::Monads::Result::Failure]
         result = analyzer.result
-
-        if result.failure?
-          raise result.failure unless analyzer.ignore_error?
-        else
+        case result
+        when Success
           artifacts = result.value!
           artifacts.map do |artifact|
             artifact.rule_id = id
             artifact
           end
+        else
+          raise result.failure unless analyzer.ignore_error?
         end
       end.compact
     end
@@ -177,8 +177,14 @@ module Mihari
       results = Parallel.map(emitters) { |emitter| emitter.result enriched_artifacts }
       results.zip(emitters).map do |result_and_emitter|
         result, emitter = result_and_emitter
-        Mihari.logger.info "Emission by #{emitter.class} is failed: #{result.failure}" if result.failure?
-        Mihari.logger.info "Emission by #{emitter.class} is succeeded" if result.success?
+
+        case result
+        when Success
+          Mihari.logger.info "Emission by #{emitter.class} succeed"
+        else
+          Mihari.logger.info "Emission by #{emitter.class} failed: #{result.failure}"
+        end
+
         result.value_or nil
       end.compact
     end
@@ -289,8 +295,7 @@ module Mihari
       @analyzers ||= queries.map do |query_params|
         analyzer_name = query_params[:analyzer]
         klass = get_analyzer_class(analyzer_name)
-        klass.from_query(query_params)
-      end.map do |analyzer|
+        analyzer = klass.from_query(query_params)
         analyzer.validate_configuration!
         analyzer
       end
@@ -320,8 +325,7 @@ module Mihari
         %i[emitter options].each { |key| params.delete key }
 
         klass = get_emitter_class(name)
-        klass.new(rule: self, options: options, **params)
-      end.map do |emitter|
+        emitter = klass.new(rule: self, options: options, **params)
         emitter.validate_configuration!
         emitter
       end

data/lib/mihari/service.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Mihari
   #
   # Base class for services

data/lib/mihari/services/rule_builder.rb

@@ -20,10 +20,8 @@ module Mihari
       # @return [Hash]
       #
       def data
-        if Mihari::Models::Rule.exists?(path_or_id)
-          rule = Mihari::Models::Rule.find(path_or_id)
-          return rule.data
-        end
+        result = Try { Mihari::Models::Rule.find path_or_id }.to_result
+        return result.value! if result.success?
 
         raise ArgumentError, "#{path_or_id} does not exist" unless Pathname(path_or_id).exist?
 

data/lib/mihari/structs/fofa.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Mihari
   module Structs
     module Fofa

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "5.7.2"
+  VERSION = "6.0.0"
 end

data/lib/mihari/web/app.rb

@@ -39,7 +39,7 @@ module Mihari
 
       def call(env)
         status, headers, body = API.call(env)
-        return [status, headers, body] unless headers["X-Cascade"] == "pass"
+        return [status, headers, body] unless headers["x-cascade"] == "pass"
 
         # Check if the App wants us to pass the response along to others
         request_path = env["PATH_INFO"]
@@ -64,6 +64,8 @@ module Mihari
             use Middleware::ConnectionAdapter
             use Middleware::ErrorNotificationAdapter
 
+            use BetterErrors::Middleware if ENV["RACK_ENV"] == "development" && defined?(BetterErrors::Middleware)
+
             run App.new
           end.to_app
         end

data/lib/mihari/web/endpoints/alerts.rb

@@ -77,7 +77,6 @@ module Mihari
           desc "Search alerts", {
             is_array: true,
             success: Entities::AlertsWithPagination,
-            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
             summary: "Search alerts"
           }
           params do
@@ -103,31 +102,30 @@ module Mihari
           end
 
           desc "Delete an alert", {
-            success: Entities::Message,
-            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            success: { code: 204, model: Entities::Message },
+            failure: [{ code: 404, model: Entities::Message }],
             summary: "Delete an alert"
           }
           params do
             requires :id, type: Integer
           end
           delete "/:id" do
+            status 204
+
             id = params["id"].to_i
             result = AlertDestroyer.result(id)
-            if result.success?
-              status 204
-              return present({ message: "" }, with: Entities::Message)
-            end
+            return present({ message: "" }, with: Entities::Message) if result.success?
 
-            failure = result.failure
-            case failure
+            case result.failure
             when ActiveRecord::RecordNotFound
               error!({ message: "ID:#{id} is not found" }, 404)
             end
-            raise failure
+            raise result.failure
           end
 
           desc "Create an alert", {
-            success: Entities::Alert,
+            success: { code: 201, model: Entities::Alert },
+            failure: [{ code: 404, model: Entities::Message }],
             summary: "Create an alert"
           }
           params do
@@ -135,18 +133,16 @@ module Mihari
             requires :artifacts, type: Array, documentation: { type: String, is_array: true, param_type: "body" }
           end
           post "/" do
+            status 201
+
             result = AlertCreator.result(params)
-            if result.success?
-              status 201
-              return present(result.value!, with: Entities::Alert)
-            end
+            return present(result.value!, with: Entities::Alert) if result.success?
 
-            failure = result.failure
-            case failure
+            case result.failure
             when ActiveRecord::RecordNotFound
               error!({ message: "Rule:#{params["ruleId"]} is not found" }, 404)
             end
-            raise failure
+            raise result.failure
           end
         end
       end

data/lib/mihari/web/endpoints/artifacts.rb

@@ -64,7 +64,7 @@ module Mihari
         namespace :artifacts do
           desc "Get an artifact", {
             success: Entities::Artifact,
-            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            failure: [{ code: 404, model: Entities::Message }],
             summary: "Get an artifact"
           }
           params do
@@ -75,60 +75,55 @@ module Mihari
             result = ArtifactGetter.result(id)
             return present(result.value!, with: Entities::Artifact) if result.success?
 
-            failure = result.failure
-            case failure
+            case result.failure
             when ActiveRecord::RecordNotFound
               error!({ message: "ID:#{id} is not found" }, 404)
             end
-            raise failure
+            raise result.failure
           end
 
           desc "Enrich an artifact", {
-            success: Entities::Message,
-            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            success: { code: 201, model: Entities::Message },
+            failure: [{ code: 404, model: Entities::Message }],
             summary: "Enrich an artifact"
           }
           params do
             requires :id, type: Integer
           end
           get "/:id/enrich" do
+            status 201
+
             id = params["id"].to_i
             result = ArtifactEnricher.result(id)
-            if result.success?
-              status 201
-              return present({ message: "" }, with: Entities::Message)
-            end
+            return present({ message: "#{id} has been enriched" }, with: Entities::Message) if result.success?
 
-            failure = result.failure
-            case failure
+            case result.failure
             when ActiveRecord::RecordNotFound
               error!({ message: "ID:#{id} is not found" }, 404)
             end
-            raise failure
+            raise result.failure
           end
 
           desc "Delete an artifact", {
-            success: Entities::Message,
-            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            success: { code: 204, model: Entities::Message },
+            failure: [{ code: 404, model: Entities::Message }],
             summary: "Delete an artifact"
           }
           params do
             requires :id, type: Integer
           end
           delete "/:id" do
+            status 204
+
             id = params["id"].to_i
             result = ArtifactDestroyer.result(id)
-            if result.success?
-              status 204
-              return present({ message: "" }, with: Entities::Message)
-            end
+            return present({ message: "" }, with: Entities::Message) if result.success?
 
-            failure = result.failure
-            case failure
+            case result.failure
             when ActiveRecord::RecordNotFound
               error!({ message: "ID:#{id} is not found" }, 404)
             end
-            raise failure
+            raise result.failure
           end
         end
       end

data/lib/mihari/web/endpoints/configs.rb

@@ -17,7 +17,6 @@ module Mihari
             configs = (Mihari.analyzers + Mihari.emitters + Mihari.enrichers).filter_map do |klass|
               Mihari::Structs::Config.from_class(klass)
             end
-
             present(configs, with: Entities::Config)
           end
         end

data/lib/mihari/web/endpoints/ip_addresses.rb

@@ -21,7 +21,7 @@ module Mihari
         namespace :ip_addresses do
           desc "Get an IP address", {
             success: Entities::IPAddress,
-            failure: [{ code: 404, message: "Not found", model: Entities::Message }],
+            failure: [{ code: 404, model: Entities::Message }],
             summary: "Get an IP address"
           }
           params do