mihari 6.1.0 → 6.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (40) hide show
  1. checksums.yaml +4 -4
  2. data/lib/mihari/actor.rb +3 -5
  3. data/lib/mihari/analyzers/base.rb +7 -3
  4. data/lib/mihari/analyzers/circl.rb +1 -1
  5. data/lib/mihari/analyzers/dnstwister.rb +1 -1
  6. data/lib/mihari/analyzers/otx.rb +1 -1
  7. data/lib/mihari/analyzers/passivetotal.rb +1 -1
  8. data/lib/mihari/analyzers/pulsedive.rb +1 -1
  9. data/lib/mihari/analyzers/securitytrails.rb +1 -1
  10. data/lib/mihari/analyzers/virustotal.rb +1 -1
  11. data/lib/mihari/clients/google_public_dns.rb +31 -0
  12. data/lib/mihari/config.rb +5 -1
  13. data/lib/mihari/{type_checker.rb → data_type.rb} +32 -37
  14. data/lib/mihari/database.rb +1 -3
  15. data/lib/mihari/enrichers/google_public_dns.rb +4 -21
  16. data/lib/mihari/entities/artifact.rb +8 -0
  17. data/lib/mihari/models/alert.rb +4 -27
  18. data/lib/mihari/models/artifact.rb +65 -3
  19. data/lib/mihari/models/dns.rb +3 -8
  20. data/lib/mihari/models/rule.rb +2 -5
  21. data/lib/mihari/rule.rb +20 -7
  22. data/lib/mihari/schemas/options.rb +5 -1
  23. data/lib/mihari/structs/filters.rb +53 -9
  24. data/lib/mihari/structs/google_public_dns.rb +4 -8
  25. data/lib/mihari/version.rb +1 -1
  26. data/lib/mihari/web/endpoints/alerts.rb +2 -10
  27. data/lib/mihari/web/endpoints/artifacts.rb +64 -0
  28. data/lib/mihari/web/endpoints/exports.rb +0 -0
  29. data/lib/mihari/web/endpoints/rules.rb +1 -8
  30. data/lib/mihari/web/public/assets/index-81613_nX.js +1763 -0
  31. data/lib/mihari/web/public/assets/index-Wv6xUrTI.css +1 -0
  32. data/lib/mihari/web/public/index.html +2 -3
  33. data/lib/mihari/web/public/redoc-static.html +20 -16
  34. data/lib/mihari.rb +2 -1
  35. data/mihari.gemspec +8 -7
  36. data/requirements.txt +1 -1
  37. metadata +30 -56
  38. data/lib/mihari/web/public/assets/index-216d49d1.js +0 -1750
  39. data/lib/mihari/web/public/assets/index-4c8509ee.css +0 -1
  40. /data/lib/mihari/web/public/assets/{mode-yaml-24faa242.js → mode-yaml-BC4MIiYj.js} +0 -0
@@ -3,19 +3,63 @@
3
3
  module Mihari
4
4
  module Structs
5
5
  module Filters
6
+ module Artifact
7
+ class SearchFilter < Dry::Struct
8
+ # @!attribute [r] data_type
9
+ # @return [String, nil]
10
+ attribute? :data_type, Types::String.optional
11
+
12
+ # @!attribute [r] rule_id
13
+ # @return [String, nil]
14
+ attribute? :rule_id, Types::String.optional
15
+
16
+ # @!attribute [r] tag
17
+ # @return [String, nil]
18
+ attribute? :tag, Types::String.optional
19
+
20
+ # @!attribute [r] from_at
21
+ # @return [DateTime, nil]
22
+ attribute? :from_at, Types::DateTime.optional
23
+
24
+ # @!attribute [r] to_at
25
+ # @return [DateTime, nil]
26
+ attribute? :to_at, Types::DateTime.optional
27
+ end
28
+
29
+ class SearchFilterWithPagination < SearchFilter
30
+ # @!attribute [r] page
31
+ # @return [Integer, nil]
32
+ attribute? :page, Types::Int.default(1)
33
+
34
+ # @!attribute [r] limit
35
+ # @return [Integer, nil]
36
+ attribute? :limit, Types::Int.default(10)
37
+
38
+ def without_pagination
39
+ SearchFilter.new(
40
+ data_type: data_type,
41
+ from_at: from_at,
42
+ rule_id: rule_id,
43
+ tag: tag,
44
+ to_at: to_at
45
+ )
46
+ end
47
+ end
48
+ end
49
+
6
50
  module Alert
7
51
  class SearchFilter < Dry::Struct
8
- # @!attribute [r] artifact_data
52
+ # @!attribute [r] artifact
9
53
  # @return [String, nil]
10
- attribute? :artifact_data, Types::String.optional
54
+ attribute? :artifact, Types::String.optional
11
55
 
12
56
  # @!attribute [r] rule_id
13
57
  # @return [String, nil]
14
58
  attribute? :rule_id, Types::String.optional
15
59
 
16
- # @!attribute [r] tag_name
60
+ # @!attribute [r] tag
17
61
  # @return [String, nil]
18
- attribute? :tag_name, Types::String.optional
62
+ attribute? :tag, Types::String.optional
19
63
 
20
64
  # @!attribute [r] from_at
21
65
  # @return [DateTime, nil]
@@ -37,10 +81,10 @@ module Mihari
37
81
 
38
82
  def without_pagination
39
83
  SearchFilter.new(
40
- artifact_data: artifact_data,
84
+ artifact: artifact,
41
85
  from_at: from_at,
42
86
  rule_id: rule_id,
43
- tag_name: tag_name,
87
+ tag: tag,
44
88
  to_at: to_at
45
89
  )
46
90
  end
@@ -53,9 +97,9 @@ module Mihari
53
97
  # @return [String, nil]
54
98
  attribute? :description, Types::String.optional
55
99
 
56
- # @!attribute [r] tag_name
100
+ # @!attribute [r] tag
57
101
  # @return [String, nil]
58
- attribute? :tag_name, Types::String.optional
102
+ attribute? :tag, Types::String.optional
59
103
 
60
104
  # @!attribute [r] title
61
105
  # @return [String, nil]
@@ -83,7 +127,7 @@ module Mihari
83
127
  SearchFilter.new(
84
128
  description: description,
85
129
  from_at: from_at,
86
- tag_name: tag_name,
130
+ tag: tag,
87
131
  title: title,
88
132
  to_at: to_at
89
133
  )
@@ -3,13 +3,9 @@
3
3
  module Mihari
4
4
  module Structs
5
5
  module GooglePublicDNS
6
- INT_TYPE_TO_TYPE = {
7
- 1 => "A",
8
- 2 => "NS",
9
- 5 => "CNAME",
10
- 16 => "TXT",
11
- 28 => "AAAA"
12
- }.freeze
6
+ INT_TYPE_TO_TYPE =
7
+ { 1 => :A, 38 => :A6, 28 => :AAAA, 18 => :AFSDB, 255 => :ANY, 42 => :APL, 34 => :ATMA, 252 => :AXFR, 37 => :CERT,
8
+ 5 => :CNAME, 49 => :DHCID, 32_769 => :DLV, 39 => :DNAME, 48 => :DNSKEY, 43 => :DS, 31 => :EID, 102 => :GID, 27 => :GPOS, 13 => :HINFO, 45 => :IPSECKEY, 20 => :ISDN, 251 => :IXFR, 25 => :KEY, 36 => :KX, 29 => :LOC, 254 => :MAILA, 253 => :MAILB, 7 => :MB, 3 => :MD, 4 => :MF, 8 => :MG, 14 => :MINFO, 9 => :MR, 15 => :MX, 35 => :NAPTR, 32 => :NIMLOC, 2 => :NS, 22 => :NSAP, 23 => :NSAP_PTR, 47 => :NSEC, 50 => :NSEC3, 51 => :NSEC3PARAMS, 10 => :NULL, 30 => :NXT, 41 => :OPT, 12 => :PTR, 26 => :PX, 17 => :RP, 46 => :RRSIG, 21 => :RT, 24 => :SIG, 40 => :SINK, 6 => :SOA, 33 => :SRV, 44 => :SSHFP, 250 => :TSIG, 16 => :TXT, 101 => :UID, 100 => :UINFO, 103 => :UNSPEC, 11 => :WKS, 19 => :X25 }
13
9
 
14
10
  class Answer < Dry::Struct
15
11
  # @!attribute [r] name
@@ -30,7 +26,7 @@ module Mihari
30
26
  #
31
27
  def from_dynamic!(d)
32
28
  d = Types::Hash[d]
33
- resource_type = INT_TYPE_TO_TYPE[d.fetch("type")]
29
+ resource_type = INT_TYPE_TO_TYPE[d.fetch("type")].to_s
34
30
  new(
35
31
  name: d.fetch("name"),
36
32
  data: d.fetch("data"),
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Mihari
4
- VERSION = "6.1.0"
4
+ VERSION = "6.3.0"
5
5
  end
@@ -36,18 +36,10 @@ module Mihari
36
36
  # @return [ResultValue]
37
37
  #
38
38
  def call(params)
39
- filter = params.to_h.to_snake_keys
40
-
41
- # normalize keys
42
- filter["artifact_data"] = filter["artifact"]
43
- filter["tag_name"] = filter["tag"]
44
- # symbolize hash keys
45
- filter = filter.to_h.symbolize_keys
46
-
39
+ filter = params.to_h.to_snake_keys.symbolize_keys
47
40
  search_filter_with_pagination = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
48
41
  alerts = Mihari::Models::Alert.search(search_filter_with_pagination)
49
42
  total = Mihari::Models::Alert.count(search_filter_with_pagination.without_pagination)
50
-
51
43
  ResultValue.new(alerts: alerts, total: total, filter: filter)
52
44
  end
53
45
  end
@@ -83,7 +75,7 @@ module Mihari
83
75
  optional :page, type: Integer, default: 1
84
76
  optional :limit, type: Integer, default: 10
85
77
  optional :artifact, type: String
86
- optional :rule_id, type: String
78
+ optional :ruleId, type: String
87
79
  optional :tag, type: String
88
80
  optional :fromAt, type: DateTime
89
81
  optional :toAt, type: DateTime
@@ -61,7 +61,71 @@ module Mihari
61
61
  end
62
62
  end
63
63
 
64
+ class ArtifactSearcher < Mihari::Service
65
+ class ResultValue
66
+ # @return [Array<Mihari::Models::Artifacts>]
67
+ attr_reader :artifacts
68
+
69
+ # @return [Integer]
70
+ attr_reader :total
71
+
72
+ # @return [Mihari::Structs::Filters::Artifact::SearchFilterWithPagination]
73
+ attr_reader :filter
74
+
75
+ #
76
+ # @param [Array<Mihari::Models::Artifact>] artifacts
77
+ # @param [Integer] total
78
+ # @param [Mihari::Structs::Filters::Artifacts::SearchFilterWithPagination] filter
79
+ #
80
+ def initialize(artifacts:, total:, filter:)
81
+ @artifacts = artifacts
82
+ @total = total
83
+ @filter = filter
84
+ end
85
+ end
86
+
87
+ #
88
+ # @param [Hash] params
89
+ #
90
+ # @return [ResultValue]
91
+ #
92
+ def call(params)
93
+ filter = params.to_h.to_snake_keys.symbolize_keys
94
+ search_filter_with_pagination = Structs::Filters::Artifact::SearchFilterWithPagination.new(**filter)
95
+ artifacts = Mihari::Models::Artifact.search(search_filter_with_pagination)
96
+ total = Mihari::Models::Artifact.count(search_filter_with_pagination.without_pagination)
97
+ ResultValue.new(artifacts: artifacts, total: total, filter: filter)
98
+ end
99
+ end
100
+
64
101
  namespace :artifacts do
102
+ desc "Search artifacts", {
103
+ is_array: true,
104
+ success: Entities::ArtifactsWithPagination,
105
+ summary: "Search artifacts"
106
+ }
107
+ params do
108
+ optional :page, type: Integer, default: 1
109
+ optional :limit, type: Integer, default: 10
110
+ optional :dataType, type: String
111
+ optional :ruleId, type: String
112
+ optional :tag, type: String
113
+ optional :fromAt, type: DateTime
114
+ optional :toAt, type: DateTime
115
+ end
116
+ get "/" do
117
+ value = ArtifactSearcher.call(params.to_h)
118
+ present(
119
+ {
120
+ artifacts: value.artifacts,
121
+ total: value.total,
122
+ current_page: value.filter[:page].to_i,
123
+ page_size: value.filter[:limit].to_i
124
+ },
125
+ with: Entities::ArtifactsWithPagination
126
+ )
127
+ end
128
+
65
129
  desc "Get an artifact", {
66
130
  success: Entities::Artifact,
67
131
  failure: [{ code: 404, model: Entities::Message }],
File without changes
@@ -36,17 +36,10 @@ module Mihari
36
36
  # @return [ResultValue]
37
37
  #
38
38
  def call(params)
39
- filter = params.to_h.to_snake_keys
40
-
41
- # normalize keys
42
- filter["tag_name"] = filter["tag"]
43
- # symbolize hash keys
44
- filter = filter.to_h.symbolize_keys
45
-
39
+ filter = params.to_h.to_snake_keys.symbolize_keys
46
40
  search_filter_with_pagination = Mihari::Structs::Filters::Rule::SearchFilterWithPagination.new(**filter)
47
41
  rules = Mihari::Models::Rule.search(search_filter_with_pagination)
48
42
  total = Mihari::Models::Rule.count(search_filter_with_pagination.without_pagination)
49
-
50
43
  ResultValue.new(rules: rules, total: total, filter: filter)
51
44
  end
52
45
  end