mihari 6.0.0 → 6.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2846f5154fcdde4cda4f0237c79e047fc498b96b5c21a6152287ac9ab11faac9
-  data.tar.gz: f43b4e20a59b1274b62c5e9768f153429540067882508b34f0c36932cc9cb5ef
+  metadata.gz: dc2d39ad14f53cf88ed2c68bb2e2668e9a43f36444099401ef9fbe1347948644
+  data.tar.gz: 2d08fed6ec6f82da36f72a2fb05ae1ede82ba65d6bc9bcdb7c60b8f7e244c71a
 SHA512:
-  metadata.gz: b54da0da25e57531c1efef94bdc42df715569b9e88842ca330d1d0893f4c20990bb2ded22a001f31816cbd72f00f43473f0254f222a9849308be746576128e3c
-  data.tar.gz: 7167afd356c4f945e66631bb3c6cefc06678961b480511d85939e6ede9eccec9a5f83a948a169be9ee7ba5cc79af918a447b8f01e5280faff3138071e7808beb
+  metadata.gz: 684c4106554f9c11bc7ff7f8633b32c5fa24b4127001415e6d14bd4de73e51a04084eb802a29cac109d8b56c71bc7068c8657f4d6ec7cd53e0519ef353aa859f
+  data.tar.gz: 4a4c3183ca85d47b54f7a98837059a9fae585c2d079fe005336520c62290bc317aa61880695f923a2ad0ad7ba5cf18e3e888990a9394d82b4ac41939f34b3403

data/.rubocop.yml

@@ -13,6 +13,10 @@ Metrics/MethodLength:
   Max: 50
 Metrics/AbcSize:
   Max: 50
+RSpec/MultipleMemoizedHelpers:
+  Max: 10
+RSpec/ExampleLength:
+  Max: 20
 require:
   - rubocop-rspec
   - rubocop-yard

data/lib/mihari/actor.rb

@@ -78,7 +78,7 @@ module Mihari
       # @return [String]
       #
       def class_key
-        to_s.split("::").last
+        to_s.split("::").last.downcase
       end
 
       #

data/lib/mihari/analyzers/base.rb

@@ -60,7 +60,10 @@ module Mihari
           # No need to set data_type manually
           # It is set automatically in #initialize
           artifact = artifact.is_a?(Models::Artifact) ? artifact : Models::Artifact.new(data: artifact)
+
           artifact.source = self.class.class_key
+          artifact.query = query
+
           artifact
         end.select(&:valid?).uniq(&:data)
       end

data/lib/mihari/analyzers/hunterhow.rb

@@ -22,7 +22,7 @@ module Mihari
       # @param [Hash, nil] options
       # @param [String, nil] api_key
       #
-      def initialize(query, start_time:, end_time:, options: nil, api_key: nil)
+      def initialize(query, start_time: nil, end_time: nil, options: nil, api_key: nil)
         super(query, options: options)
 
         @api_key = api_key || Mihari.config.hunterhow_api_key

data/lib/mihari/config.rb

@@ -45,7 +45,8 @@ module Mihari
       retry_exponential_backoff: true,
       retry_interval: 5,
       retry_times: 3,
-      sentry_dsn: nil
+      sentry_dsn: nil,
+      sentry_trace_sample_rate: 0.25
     )
 
     # @!attribute [r] binaryedge_api_key
@@ -132,6 +133,9 @@ module Mihari
     # @!attribute [r] sentry_dsn
     #   @return [String, nil]
 
+    # @!attribute [r] sentry_trace_sample_rate
+    #   @return [Float]
+
     # @!attribute [r] retry_interval
     #   @return [Integer]
 

data/lib/mihari/database.rb

@@ -111,6 +111,12 @@ class V5Schema < ActiveRecord::Migration[7.1]
   end
 end
 
+class V61Schema < ActiveRecord::Migration[7.1]
+  def change
+    add_column :artifacts, :query, :string
+  end
+end
+
 def adapter
   return "postgresql" if %w[postgresql postgres].include?(Mihari.config.database_url.scheme)
   return "mysql2" if Mihari.config.database_url.scheme == "mysql2"
@@ -122,7 +128,7 @@ end
 # @return [Array<ActiveRecord::Migration>] schemas
 #
 def schemas
-  [V5Schema]
+  [V5Schema, V61Schema]
 end
 
 module Mihari

data/lib/mihari/emitters/misp.rb

@@ -56,12 +56,12 @@ module Mihari
         })
       end
 
-      private
-
       def configuration_keys
         %w[misp_url misp_api_key]
       end
 
+      private
+
       def client
         @client ||= Clients::MISP.new(url, api_key: api_key, timeout: timeout)
       end

data/lib/mihari/emitters/slack.rb

@@ -6,7 +6,7 @@ require "slack-notifier"
 module Mihari
   module Emitters
     class Attachment
-      include Memist::Memoizable
+      prepend MemoWise
 
       # @return [String]
       attr_reader :data
@@ -76,7 +76,7 @@ module Mihari
           "https://urlscan.io/domain/#{uri.hostname}"
         end
       end
-      memoize :_urlscan_link
+      memo_wise :_urlscan_link
 
       # @return [String, nil]
       def _vt_link
@@ -93,19 +93,19 @@ module Mihari
           "https://www.virustotal.com/#/search/#{data}"
         end
       end
-      memoize :_vt_link
+      memo_wise :_vt_link
 
       # @return [String, nil]
       def _censys_link
         (data_type == "ip") ? "https://search.censys.io/hosts/#{data}" : nil
       end
-      memoize :_censys_link
+      memo_wise :_censys_link
 
       # @return [String, nil]
       def _shodan_link
         (data_type == "ip") ? "https://www.shodan.io/host/#{data}" : nil
       end
-      memoize :_shodan_link
+      memo_wise :_shodan_link
 
       # @return [String]
       def sha256

data/lib/mihari/emitters/the_hive.rb

@@ -66,12 +66,12 @@ module Mihari
         end.first
       end
 
-      private
-
       def configuration_keys
         %w[thehive_url thehive_api_key]
       end
 
+      private
+
       def client
         @client ||= Clients::TheHive.new(url, api_key: api_key, api_version: normalized_api_version, timeout: timeout)
       end

data/lib/mihari/enrichers/base.rb

@@ -6,6 +6,8 @@ module Mihari
     # Base class for enrichers
     #
     class Base < Actor
+      prepend MemoWise
+
       def initialize(options: nil)
         super(options: options)
       end

data/lib/mihari/enrichers/ipinfo.rb

@@ -35,6 +35,7 @@ module Mihari
         res = http.get(url)
         Structs::IPInfo::Response.from_dynamic! JSON.parse(res.body.to_s)
       end
+      memo_wise :call
 
       private
 

data/lib/mihari/enrichers/shodan.rb

@@ -18,6 +18,7 @@ module Mihari
         res = http.get(url)
         Structs::Shodan::InternetDBResponse.from_dynamic! JSON.parse(res.body.to_s)
       end
+      memo_wise :call
 
       private
 

data/lib/mihari/enrichers/whois.rb

@@ -8,16 +8,11 @@ module Mihari
     # Whois enricher
     #
     class Whois < Base
-      # @return [Hash]
-      attr_accessor :memo
-
       #
       # @param [Hash, nil] options
       #
       def initialize(options: nil)
         super(options: options)
-
-        @memo = {}
       end
 
       #
@@ -28,16 +23,22 @@ module Mihari
       # @return [Mihari::Models::WhoisRecord, nil]
       #
       def call(domain)
-        domain = PublicSuffix.domain(domain)
+        _call PublicSuffix.domain(domain)
+      end
 
-        # check memo
-        return memo[domain].dup if memo.key?(domain)
+      private
 
+      #
+      # @param [String] domain
+      #
+      # @return [Mihari::Models::WhoisRecord, nil]
+      #
+      def _call(domain)
         record = whois.lookup(domain)
         parser = record.parser
         return nil if parser.available?
 
-        whois_record = Models::WhoisRecord.new(
+        Models::WhoisRecord.new(
           domain: domain,
           created_on: get_created_on(parser),
           updated_on: get_updated_on(parser),
@@ -45,14 +46,8 @@ module Mihari
           registrar: get_registrar(parser),
           contacts: get_contacts(parser)
         )
-
-        # set memo
-        memo[domain] = whois_record
-
-        whois_record
       end
-
-      private
+      memo_wise :_call
 
       #
       # @return [::Whois::Client]

data/lib/mihari/entities/artifact.rb

@@ -11,6 +11,7 @@ module Mihari
       expose :data, documentation: { type: String, required: true }
       expose :data_type, documentation: { type: String, required: true }, as: :dataType
       expose :source, documentation: { type: String, required: true }
+      expose :query, documentation: { type: String, required: false }
       expose :tags, documentation: { type: String, is_array: true }
     end
 

data/lib/mihari/mixins/falsepositive.rb

@@ -6,7 +6,7 @@ module Mihari
     # False positive mixins
     #
     module FalsePositive
-      include Memist::Memoizable
+      prepend MemoWise
 
       #
       # Normalize a falsepositive value
@@ -22,7 +22,7 @@ module Mihari
         value_without_slashes = value[1..-2]
         Regexp.compile value_without_slashes.to_s
       end
-      memoize :normalize_falsepositive
+      memo_wise :normalize_falsepositive
 
       #
       # Check whether a value is valid format as a disallowed data value

data/lib/mihari/models/artifact.rb

@@ -158,13 +158,13 @@ module Mihari
       # Enrich all the enrichable relationships of the artifact
       #
       def enrich_all
-        enrich_autonomous_system
+        enrich_autonomous_system ipinfo
         enrich_dns
-        enrich_geolocation
-        enrich_reverse_dns
+        enrich_geolocation ipinfo
+        enrich_reverse_dns shodan
         enrich_whois
-        enrich_ports
-        enrich_cpes
+        enrich_ports shodan
+        enrich_cpes shodan
       end
 
       ENRICH_METHODS_BY_ENRICHER = {
@@ -197,6 +197,14 @@ module Mihari
 
       private
 
+      def ipinfo
+        @ipinfo ||= Enrichers::IPInfo.new
+      end
+
+      def shodan
+        @shodan ||= Enrichers::Shodan.new
+      end
+
       def normalize_as_domain(url_or_domain)
         return url_or_domain if data_type == "domain"
 

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "6.0.0"
+  VERSION = "6.1.0"
 end

data/lib/mihari/web/app.rb

@@ -53,17 +53,17 @@ module Mihari
 
       class << self
         def instance
-          @instance ||= Rack::Builder.new do
+          Rack::Builder.new do
             use Rack::Cors do
               allow do
                 origins "*"
                 resource "*", headers: :any, methods: %i[get post put delete options]
               end
             end
-
             use Middleware::ConnectionAdapter
             use Middleware::ErrorNotificationAdapter
 
+            use Sentry::Rack::CaptureExceptions if Sentry.initialized?
             use BetterErrors::Middleware if ENV["RACK_ENV"] == "development" && defined?(BetterErrors::Middleware)
 
             run App.new