mihari 6.1.0 → 6.3.0

data/lib/mihari/structs/filters.rb

@@ -3,19 +3,63 @@
 module Mihari
   module Structs
     module Filters
+      module Artifact
+        class SearchFilter < Dry::Struct
+          # @!attribute [r] data_type
+          #   @return [String, nil]
+          attribute? :data_type, Types::String.optional
+
+          # @!attribute [r] rule_id
+          #   @return [String, nil]
+          attribute? :rule_id, Types::String.optional
+
+          # @!attribute [r] tag
+          #   @return [String, nil]
+          attribute? :tag, Types::String.optional
+
+          # @!attribute [r] from_at
+          #   @return [DateTime, nil]
+          attribute? :from_at, Types::DateTime.optional
+
+          # @!attribute [r] to_at
+          #   @return [DateTime, nil]
+          attribute? :to_at, Types::DateTime.optional
+        end
+
+        class SearchFilterWithPagination < SearchFilter
+          # @!attribute [r] page
+          #   @return [Integer, nil]
+          attribute? :page, Types::Int.default(1)
+
+          # @!attribute [r] limit
+          #   @return [Integer, nil]
+          attribute? :limit, Types::Int.default(10)
+
+          def without_pagination
+            SearchFilter.new(
+              data_type: data_type,
+              from_at: from_at,
+              rule_id: rule_id,
+              tag: tag,
+              to_at: to_at
+            )
+          end
+        end
+      end
+
       module Alert
         class SearchFilter < Dry::Struct
-          # @!attribute [r] artifact_data
+          # @!attribute [r] artifact
           #   @return [String, nil]
-          attribute? :artifact_data, Types::String.optional
+          attribute? :artifact, Types::String.optional
 
           # @!attribute [r] rule_id
           #   @return [String, nil]
           attribute? :rule_id, Types::String.optional
 
-          # @!attribute [r] tag_name
+          # @!attribute [r] tag
           #   @return [String, nil]
-          attribute? :tag_name, Types::String.optional
+          attribute? :tag, Types::String.optional
 
           # @!attribute [r] from_at
           #   @return [DateTime, nil]
@@ -37,10 +81,10 @@ module Mihari
 
           def without_pagination
             SearchFilter.new(
-              artifact_data: artifact_data,
+              artifact: artifact,
               from_at: from_at,
               rule_id: rule_id,
-              tag_name: tag_name,
+              tag: tag,
               to_at: to_at
             )
           end
@@ -53,9 +97,9 @@ module Mihari
           #   @return [String, nil]
           attribute? :description, Types::String.optional
 
-          # @!attribute [r] tag_name
+          # @!attribute [r] tag
           #   @return [String, nil]
-          attribute? :tag_name, Types::String.optional
+          attribute? :tag, Types::String.optional
 
           # @!attribute [r] title
           #   @return [String, nil]
@@ -83,7 +127,7 @@ module Mihari
             SearchFilter.new(
               description: description,
               from_at: from_at,
-              tag_name: tag_name,
+              tag: tag,
               title: title,
               to_at: to_at
             )

data/lib/mihari/structs/google_public_dns.rb

@@ -3,13 +3,9 @@
 module Mihari
   module Structs
     module GooglePublicDNS
-      INT_TYPE_TO_TYPE = {
-        1 => "A",
-        2 => "NS",
-        5 => "CNAME",
-        16 => "TXT",
-        28 => "AAAA"
-      }.freeze
+      INT_TYPE_TO_TYPE =
+        { 1 => :A, 38 => :A6, 28 => :AAAA, 18 => :AFSDB, 255 => :ANY, 42 => :APL, 34 => :ATMA, 252 => :AXFR, 37 => :CERT,
+          5 => :CNAME, 49 => :DHCID, 32_769 => :DLV, 39 => :DNAME, 48 => :DNSKEY, 43 => :DS, 31 => :EID, 102 => :GID, 27 => :GPOS, 13 => :HINFO, 45 => :IPSECKEY, 20 => :ISDN, 251 => :IXFR, 25 => :KEY, 36 => :KX, 29 => :LOC, 254 => :MAILA, 253 => :MAILB, 7 => :MB, 3 => :MD, 4 => :MF, 8 => :MG, 14 => :MINFO, 9 => :MR, 15 => :MX, 35 => :NAPTR, 32 => :NIMLOC, 2 => :NS, 22 => :NSAP, 23 => :NSAP_PTR, 47 => :NSEC, 50 => :NSEC3, 51 => :NSEC3PARAMS, 10 => :NULL, 30 => :NXT, 41 => :OPT, 12 => :PTR, 26 => :PX, 17 => :RP, 46 => :RRSIG, 21 => :RT, 24 => :SIG, 40 => :SINK, 6 => :SOA, 33 => :SRV, 44 => :SSHFP, 250 => :TSIG, 16 => :TXT, 101 => :UID, 100 => :UINFO, 103 => :UNSPEC, 11 => :WKS, 19 => :X25 }
 
       class Answer < Dry::Struct
         # @!attribute [r] name
@@ -30,7 +26,7 @@ module Mihari
           #
           def from_dynamic!(d)
             d = Types::Hash[d]
-            resource_type = INT_TYPE_TO_TYPE[d.fetch("type")]
+            resource_type = INT_TYPE_TO_TYPE[d.fetch("type")].to_s
             new(
               name: d.fetch("name"),
               data: d.fetch("data"),

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "6.1.0"
+  VERSION = "6.3.0"
 end

data/lib/mihari/web/endpoints/alerts.rb

@@ -36,18 +36,10 @@ module Mihari
           # @return [ResultValue]
           #
           def call(params)
-            filter = params.to_h.to_snake_keys
-
-            # normalize keys
-            filter["artifact_data"] = filter["artifact"]
-            filter["tag_name"] = filter["tag"]
-            # symbolize hash keys
-            filter = filter.to_h.symbolize_keys
-
+            filter = params.to_h.to_snake_keys.symbolize_keys
             search_filter_with_pagination = Structs::Filters::Alert::SearchFilterWithPagination.new(**filter)
             alerts = Mihari::Models::Alert.search(search_filter_with_pagination)
             total = Mihari::Models::Alert.count(search_filter_with_pagination.without_pagination)
-
             ResultValue.new(alerts: alerts, total: total, filter: filter)
           end
         end
@@ -83,7 +75,7 @@ module Mihari
             optional :page, type: Integer, default: 1
             optional :limit, type: Integer, default: 10
             optional :artifact, type: String
-            optional :rule_id, type: String
+            optional :ruleId, type: String
             optional :tag, type: String
             optional :fromAt, type: DateTime
             optional :toAt, type: DateTime

data/lib/mihari/web/endpoints/artifacts.rb

@@ -61,7 +61,71 @@ module Mihari
           end
         end
 
+        class ArtifactSearcher < Mihari::Service
+          class ResultValue
+            # @return [Array<Mihari::Models::Artifacts>]
+            attr_reader :artifacts
+
+            # @return [Integer]
+            attr_reader :total
+
+            # @return [Mihari::Structs::Filters::Artifact::SearchFilterWithPagination]
+            attr_reader :filter
+
+            #
+            # @param [Array<Mihari::Models::Artifact>] artifacts
+            # @param [Integer] total
+            # @param [Mihari::Structs::Filters::Artifacts::SearchFilterWithPagination] filter
+            #
+            def initialize(artifacts:, total:, filter:)
+              @artifacts = artifacts
+              @total = total
+              @filter = filter
+            end
+          end
+
+          #
+          # @param [Hash] params
+          #
+          # @return [ResultValue]
+          #
+          def call(params)
+            filter = params.to_h.to_snake_keys.symbolize_keys
+            search_filter_with_pagination = Structs::Filters::Artifact::SearchFilterWithPagination.new(**filter)
+            artifacts = Mihari::Models::Artifact.search(search_filter_with_pagination)
+            total = Mihari::Models::Artifact.count(search_filter_with_pagination.without_pagination)
+            ResultValue.new(artifacts: artifacts, total: total, filter: filter)
+          end
+        end
+
         namespace :artifacts do
+          desc "Search artifacts", {
+            is_array: true,
+            success: Entities::ArtifactsWithPagination,
+            summary: "Search artifacts"
+          }
+          params do
+            optional :page, type: Integer, default: 1
+            optional :limit, type: Integer, default: 10
+            optional :dataType, type: String
+            optional :ruleId, type: String
+            optional :tag, type: String
+            optional :fromAt, type: DateTime
+            optional :toAt, type: DateTime
+          end
+          get "/" do
+            value = ArtifactSearcher.call(params.to_h)
+            present(
+              {
+                artifacts: value.artifacts,
+                total: value.total,
+                current_page: value.filter[:page].to_i,
+                page_size: value.filter[:limit].to_i
+              },
+              with: Entities::ArtifactsWithPagination
+            )
+          end
+
           desc "Get an artifact", {
             success: Entities::Artifact,
             failure: [{ code: 404, model: Entities::Message }],

data/lib/mihari/web/endpoints/rules.rb

@@ -36,17 +36,10 @@ module Mihari
           # @return [ResultValue]
           #
           def call(params)
-            filter = params.to_h.to_snake_keys
-
-            # normalize keys
-            filter["tag_name"] = filter["tag"]
-            # symbolize hash keys
-            filter = filter.to_h.symbolize_keys
-
+            filter = params.to_h.to_snake_keys.symbolize_keys
             search_filter_with_pagination = Mihari::Structs::Filters::Rule::SearchFilterWithPagination.new(**filter)
             rules = Mihari::Models::Rule.search(search_filter_with_pagination)
             total = Mihari::Models::Rule.count(search_filter_with_pagination.without_pagination)
-
             ResultValue.new(rules: rules, total: total, filter: filter)
           end
         end