mihari 7.1.1 → 7.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8ea0adf73bba53f264c22f8885d44e24de5657a2a77c2b7ea3533bb5acf6e78b
-  data.tar.gz: 77ab077d9322a22b0e399c81c057485aec1c4cdb1a14f15cbd81f1a3650f37a6
+  metadata.gz: d7463506c12a2476cfea5dda939e88e01150fb6539c232e102c15fca4c57ab99
+  data.tar.gz: fdb700f461140badc1d90b3199999a97e483e57ae9c9bfed2d0157a94f35529d
 SHA512:
-  metadata.gz: 3b68702c146819189140c0c5626c27f7b53f94021dd21138f0ac2758366486cebb7c450e0168f76cfc3d9940ee86eb2b279eb1725a3922614f51930dcb0e6b71
-  data.tar.gz: e30c01360a6d382e73a8e88a40a5cd3f1dba6bac9ebbbe9b87b9b51cff4a6dc59676d19eec4fe757a3a40d78a560886e434802b74fdf125e663b73ae4c7abd8a
+  metadata.gz: 18d9dd1f63056cd2731caa823904fd9df80ca21e63a540eab89d06e7951fa10cde498344049f3ba7de8740da2e8cfb9da9fe660f77c3a1abca5e308e36a6973c
+  data.tar.gz: 5a8ce97455cb0e68538af1ca2c8af5b89ea96f817d4f11cf6c00851035a20288f9bc2d2de16b58b52f3e72e988c77a2e4d8744a3fbebfd27c2cb6895d4c4dccb

data/Rakefile

@@ -50,14 +50,15 @@ namespace :build do
   end
 end
 
-def ci?
-  ENV.fetch("CI", false)
-end
-
-unless ci?
-  task :build do
-    sh "./build_frontend.sh"
-  end
+task :build do
+  # Build Swagger dos
+  Rake::Task["build:swagger"].invoke
+  # Build ReDocs docs & frontend assets
+  sh "cd frontend && npm install && npm run docs && npm run build-only"
+  # Copy built assets into ./lib/web/public/
+  sh "rm -rf ./lib/mihari/web/public/"
+  sh "mkdir -p ./lib/mihari/web/public/"
+  sh "cp -r frontend/dist/* ./lib/mihari/web/public"
 end
 
 # require it later enables doing pre-build step (= build the frontend app)

data/build_frontend.sh

@@ -3,7 +3,7 @@
 CURRENT_DIR=${PWD}
 
 cd frontend
-npm ci
+npm install
 npm run build
 
 trash -r ${CURRENT_DIR}/lib/mihari/web/public/

data/lib/mihari/actor.rb

@@ -53,10 +53,10 @@ module Mihari
     def validate_configuration!
       return if configured?
 
-      joined = self.class.configuration_keys.join(", ")
-      be = (self.class.configuration_keys.length > 1) ? "are" : "is"
-      message = "#{self.class.class_key} is not configured correctly. #{joined} #{be} missing."
-      raise ConfigurationError, message
+      message = "#{self.class.type.capitalize}:#{self.class.key} is not configured correctly"
+      detail = self.class.configuration_keys.map { |key| "#{key.upcase} is missing" }
+
+      raise ConfigurationError.new(message, detail)
     end
 
     def call(*args, **kwargs)
@@ -75,22 +75,30 @@ module Mihari
       #
       # @return [String]
       #
-      def class_key
+      def key
         to_s.split("::").last.downcase
       end
 
       #
       # @return [Array<String>, nil]
       #
-      def class_key_aliases
+      def key_aliases
         nil
       end
 
       #
       # @return [Array<String>]
       #
-      def class_keys
-        ([class_key] + [class_key_aliases]).flatten.compact.map(&:downcase)
+      def keys
+        ([key] + [key_aliases]).flatten.compact.map(&:downcase)
+      end
+
+      def type
+        return "analyzer" if ancestors.include?(Mihari::Analyzers::Base)
+        return "emitter" if ancestors.include?(Mihari::Emitters::Base)
+        return "enricher" if ancestors.include?(Mihari::Enrichers::Base)
+
+        nil
       end
     end
   end

data/lib/mihari/analyzers/base.rb

@@ -65,7 +65,7 @@ module Mihari
           # It is set automatically in #initialize
           artifact = artifact.is_a?(Models::Artifact) ? artifact : Models::Artifact.new(data: artifact)
 
-          artifact.source = self.class.class_key
+          artifact.source = self.class.key
           artifact.query = query
 
           artifact
@@ -93,14 +93,23 @@ module Mihari
         return result if result.success?
 
         # Wrap failure with AnalyzerError to explicitly name a failed analyzer
-        error = AnalyzerError.new(result.failure.message, self.class.class_key, cause: result.failure)
+        error = AnalyzerError.new(result.failure.message, self.class.key, cause: result.failure)
         return Failure(error) unless ignore_error?
 
         # Return Success if ignore_error? is true with logging
-        Mihari.logger.warn("Analyzer:#{self.class.class_key} failed - #{result.failure}")
+        Mihari.logger.warn("Analyzer:#{self.class.key} with #{truncated_query} failed - #{result.failure}")
         Success([])
       end
 
+      #
+      # Truncate query for logging
+      #
+      # @return [String]
+      #
+      def truncated_query
+        query.truncate(32)
+      end
+
       class << self
         #
         # Initialize an analyzer by query params

data/lib/mihari/analyzers/passivetotal.rb

@@ -57,7 +57,7 @@ module Mihari
         #
         # @return [Array<String>, nil]
         #
-        def class_key_aliases
+        def key_aliases
           ["pt"]
         end
       end

data/lib/mihari/analyzers/securitytrails.rb

@@ -51,7 +51,7 @@ module Mihari
         #
         # @return [Array<String>, nil]
         #
-        def class_key_aliases
+        def key_aliases
           ["st"]
         end
       end

data/lib/mihari/analyzers/virustotal.rb

@@ -46,7 +46,7 @@ module Mihari
         #
         # @return [Array<String>, nil]
         #
-        def class_key_aliases
+        def key_aliases
           ["vt"]
         end
       end

data/lib/mihari/analyzers/virustotal_intelligence.rb

@@ -34,14 +34,14 @@ module Mihari
         #
         # @return [String]
         #
-        def class_key
+        def key
           "virustotal_intelligence"
         end
 
         #
         # @return [Array<String>, nil]
         #
-        def class_key_aliases
+        def key_aliases
           ["vt_intel"]
         end
       end

data/lib/mihari/commands/web.rb

@@ -10,10 +10,10 @@ module Mihari
         def included(thor)
           thor.class_eval do
             desc "web", "Start the web app"
-            method_option :port, type: :numeric, default: 9292, desc: "Hostname to listen on"
-            method_option :host, type: :string, default: "localhost", desc: "Port to listen on"
+            method_option :port, type: :numeric, default: 9292, desc: "Port to listen on"
+            method_option :host, type: :string, default: "localhost", desc: "Hostname to listen on"
             method_option :threads, type: :string, default: "0:5", desc: "min:max threads to use"
-            method_option :verbose, type: :boolean, default: true, desc: "Report each request"
+            method_option :verbose, type: :boolean, default: false, desc: "Don't report each request"
             method_option :worker_timeout, type: :numeric, default: 60, desc: "Worker timeout value (in seconds)"
             method_option :open, type: :boolean, default: true, desc: "Whether to open the app in browser or not"
             method_option :env, type: :string, default: "production", desc: "Environment"

data/lib/mihari/constants.rb

@@ -5,7 +5,7 @@ module Mihari
   DEFAULT_DATA_TYPES = Types::DataTypes.values.freeze
 
   # @return [Array<Hash>]
-  DEFAULT_EMITTERS = Emitters::Database.class_keys.map { |name| { emitter: name.downcase } }.freeze
+  DEFAULT_EMITTERS = Emitters::Database.keys.map { |name| { emitter: name.downcase } }.freeze
 
   # @return [Array<Hash>]
   DEFAULT_ENRICHERS = Mihari.enricher_to_class.keys.map { |name| { enricher: name.downcase } }.freeze

data/lib/mihari/emitters/base.rb

@@ -19,6 +19,14 @@ module Mihari
         @rule = rule
       end
 
+      # A target to emit the data
+      #
+      # @return [String]
+      #
+      def target
+        raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+      end
+
       #
       # @param [Array<Mihari::Models::Artifact>] artifacts
       #
@@ -38,7 +46,9 @@ module Mihari
           ) { call(artifacts) }
         end.to_result
 
-        Mihari.logger.warn("Emitter:#{self.class.class_key} failed - #{result.failure}") if result.failure?
+        if result.failure?
+          Mihari.logger.warn("Emitter:#{self.class.key} for #{target.truncate(32)} failed - #{result.failure}")
+        end
 
         result
       end

data/lib/mihari/emitters/database.rb

@@ -21,6 +21,10 @@ module Mihari
         alert
       end
 
+      def target
+        Mihari.config.database_url.host || Mihari.config.database_url.to_s
+      end
+
       class << self
         def configuration_keys
           %w[database_url]

data/lib/mihari/emitters/misp.rb

@@ -56,6 +56,13 @@ module Mihari
         })
       end
 
+      #
+      # @return [String]
+      #
+      def target
+        URI(url).host || "N/A"
+      end
+
       class << self
         def configuration_keys
           %w[misp_url misp_api_key]

data/lib/mihari/emitters/slack.rb

@@ -165,6 +165,13 @@ module Mihari
         webhook_url?
       end
 
+      #
+      # @return [String]
+      #
+      def target
+        channel
+      end
+
       #
       # @return [::Slack::Notifier]
       #

data/lib/mihari/emitters/the_hive.rb

@@ -33,6 +33,13 @@ module Mihari
         api_key? && url?
       end
 
+      #
+      # @return [String]
+      #
+      def target
+        URI(url).host || "N/A"
+      end
+
       #
       # Create a Hive alert
       #

data/lib/mihari/emitters/webhook.rb

@@ -55,6 +55,13 @@ module Mihari
         %w[http https].include? url.scheme.downcase
       end
 
+      #
+      # @return [String]
+      #
+      def target
+        URI(url).host || "N/A"
+      end
+
       #
       # @param [Array<Mihari::Models::Artifact>] artifacts
       #

data/lib/mihari/enrichers/base.rb

@@ -33,7 +33,9 @@ module Mihari
           ) { call value }
         end.to_result
 
-        Mihari.logger.warn("Enricher:#{self.class.class_key} failed: #{result.failure}") if result.failure?
+        if result.failure?
+          Mihari.logger.warn("Enricher:#{self.class.key} for #{value.truncate(32)} failed: #{result.failure}")
+        end
 
         result
       end

data/lib/mihari/enrichers/google_public_dns.rb

@@ -21,7 +21,7 @@ module Mihari
         #
         # @return [String]
         #
-        def class_key
+        def key
           "google_public_dns"
         end
       end

data/lib/mihari/errors.rb

@@ -7,7 +7,20 @@ module Mihari
 
   class ValueError < Error; end
 
-  class ConfigurationError < Error; end
+  class ConfigurationError < Error
+    # @return [Array<String>, nil]
+    attr_reader :detail
+
+    #
+    # @param [String] msg
+    # @param [Array<String>, nil] detail
+    #
+    def initialize(msg, detail)
+      super(msg)
+
+      @detail = detail
+    end
+  end
 
   class ResponseError < Error; end
 

data/lib/mihari/schemas/analyzer.rb

@@ -10,12 +10,12 @@ module Mihari
 
       # Analyzer with API key and pagination
       [
-        Mihari::Analyzers::BinaryEdge.class_keys,
-        Mihari::Analyzers::GreyNoise.class_keys,
-        Mihari::Analyzers::Onyphe.class_keys,
-        Mihari::Analyzers::Shodan.class_keys,
-        Mihari::Analyzers::Urlscan.class_keys,
-        Mihari::Analyzers::VirusTotalIntelligence.class_keys
+        Mihari::Analyzers::BinaryEdge.keys,
+        Mihari::Analyzers::GreyNoise.keys,
+        Mihari::Analyzers::Onyphe.keys,
+        Mihari::Analyzers::Shodan.keys,
+        Mihari::Analyzers::Urlscan.keys,
+        Mihari::Analyzers::VirusTotalIntelligence.keys
       ].each do |keys|
         key = keys.first
         const_set(key.upcase, Dry::Schema.Params do
@@ -28,10 +28,10 @@ module Mihari
 
       # Analyzer with API key
       [
-        Mihari::Analyzers::OTX.class_keys,
-        Mihari::Analyzers::Pulsedive.class_keys,
-        Mihari::Analyzers::VirusTotal.class_keys,
-        Mihari::Analyzers::SecurityTrails.class_keys
+        Mihari::Analyzers::OTX.keys,
+        Mihari::Analyzers::Pulsedive.keys,
+        Mihari::Analyzers::VirusTotal.keys,
+        Mihari::Analyzers::SecurityTrails.keys
       ].each do |keys|
         key = keys.first
         const_set(key.upcase, Dry::Schema.Params do
@@ -43,13 +43,13 @@ module Mihari
       end
 
       DNSTwister = Dry::Schema.Params do
-        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::DNSTwister.class_keys))
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::DNSTwister.keys))
         required(:query).value(:string)
         optional(:options).hash(AnalyzerOptions)
       end
 
       Censys = Dry::Schema.Params do
-        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Censys.class_keys))
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Censys.keys))
         required(:query).value(:string)
         optional(:id).value(:string)
         optional(:secret).value(:string)
@@ -57,7 +57,7 @@ module Mihari
       end
 
       CIRCL = Dry::Schema.Params do
-        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::CIRCL.class_keys))
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::CIRCL.keys))
         required(:query).value(:string)
         optional(:username).value(:string)
         optional(:password).value(:string)
@@ -65,7 +65,7 @@ module Mihari
       end
 
       Fofa = Dry::Schema.Params do
-        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Fofa.class_keys))
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Fofa.keys))
         required(:query).value(:string)
         optional(:api_key).value(:string)
         optional(:email).value(:string)
@@ -73,7 +73,7 @@ module Mihari
       end
 
       PassiveTotal = Dry::Schema.Params do
-        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::PassiveTotal.class_keys))
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::PassiveTotal.keys))
         required(:query).value(:string)
         optional(:username).value(:string)
         optional(:api_key).value(:string)
@@ -81,14 +81,14 @@ module Mihari
       end
 
       ZoomEye = Dry::Schema.Params do
-        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::ZoomEye.class_keys))
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::ZoomEye.keys))
         required(:query).value(:string)
         required(:type).value(Types::String.enum("host", "web"))
         optional(:options).hash(AnalyzerPaginationOptions)
       end
 
       Crtsh = Dry::Schema.Params do
-        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Crtsh.class_keys))
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Crtsh.keys))
         required(:query).value(:string)
         optional(:exclude_expired).value(:bool).default(true)
         optional(:match).value(Types::String.enum("=", "ILIKE", "LIKE", "single", "any", "FTS")).default(nil)
@@ -96,7 +96,7 @@ module Mihari
       end
 
       HunterHow = Dry::Schema.Params do
-        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::HunterHow.class_keys))
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::HunterHow.keys))
         required(:query).value(:string)
         required(:start_time).value(:date)
         required(:end_time).value(:date)
@@ -105,7 +105,7 @@ module Mihari
       end
 
       Feed = Dry::Schema.Params do
-        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Feed.class_keys))
+        required(:analyzer).value(Types::String.enum(*Mihari::Analyzers::Feed.keys))
         required(:query).value(:string)
         required(:selector).value(:string)
         optional(:method).value(Types::HTTPRequestMethods).default("GET")

data/lib/mihari/schemas/emitter.rb

@@ -9,33 +9,33 @@ module Mihari
       extend Concerns::Orrable
 
       Database = Dry::Schema.Params do
-        required(:emitter).value(Types::String.enum(*Mihari::Emitters::Database.class_keys))
+        required(:emitter).value(Types::String.enum(*Mihari::Emitters::Database.keys))
         optional(:options).hash(Options)
       end
 
       MISP = Dry::Schema.Params do
-        required(:emitter).value(Types::String.enum(*Mihari::Emitters::MISP.class_keys))
+        required(:emitter).value(Types::String.enum(*Mihari::Emitters::MISP.keys))
         optional(:url).value(:string)
         optional(:api_key).value(:string)
         optional(:options).hash(Options)
       end
 
       TheHive = Dry::Schema.Params do
-        required(:emitter).value(Types::String.enum(*Mihari::Emitters::TheHive.class_keys))
+        required(:emitter).value(Types::String.enum(*Mihari::Emitters::TheHive.keys))
         optional(:url).value(:string)
         optional(:api_key).value(:string)
         optional(:options).hash(Options)
       end
 
       Slack = Dry::Schema.Params do
-        required(:emitter).value(Types::String.enum(*Mihari::Emitters::Slack.class_keys))
+        required(:emitter).value(Types::String.enum(*Mihari::Emitters::Slack.keys))
         optional(:webhook_url).value(:string)
         optional(:channel).value(:string)
         optional(:options).hash(Options)
       end
 
       Webhook = Dry::Schema.Params do
-        required(:emitter).value(Types::String.enum(*Mihari::Emitters::Webhook.class_keys))
+        required(:emitter).value(Types::String.enum(*Mihari::Emitters::Webhook.keys))
         required(:url).value(:string)
         optional(:method).value(Types::HTTPRequestMethods).default("POST")
         optional(:headers).value(:hash).default({})

data/lib/mihari/schemas/enricher.rb

@@ -9,22 +9,22 @@ module Mihari
       extend Concerns::Orrable
 
       MMDB = Dry::Schema.Params do
-        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::MMDB.class_keys))
+        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::MMDB.keys))
         optional(:options).hash(Options)
       end
 
       Whois = Dry::Schema.Params do
-        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Whois.class_keys))
+        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Whois.keys))
         optional(:options).hash(Options)
       end
 
       Shodan = Dry::Schema.Params do
-        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Shodan.class_keys))
+        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::Shodan.keys))
         optional(:options).hash(Options)
       end
 
       GooglePublicDNS = Dry::Schema.Params do
-        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::GooglePublicDNS.class_keys))
+        required(:enricher).value(Types::String.enum(*Mihari::Enrichers::GooglePublicDNS.keys))
         optional(:options).hash(Options)
       end
     end

data/lib/mihari/structs/config.rb

@@ -20,21 +20,6 @@ module Mihari
       attribute :items, Types.Array(Types::Hash).optional
 
       class << self
-        #
-        # Get a type of a class
-        #
-        # @param [Class<Mihari::Analyzers::Base>, Class<Mihari::Emitters::Base>, Class<Mihari::Enrichers::Base>] klass
-        #
-        # @return [String, nil]
-        #
-        def get_type(klass)
-          return "analyzer" if klass.ancestors.include?(Mihari::Analyzers::Base)
-          return "emitter" if klass.ancestors.include?(Mihari::Emitters::Base)
-          return "enricher" if klass.ancestors.include?(Mihari::Enrichers::Base)
-
-          nil
-        end
-
         #
         # Get a dummy instance
         #
@@ -43,8 +28,7 @@ module Mihari
         # @return [Mihari::Analyzers::Base, Mihari::Emitter::Base, Mihari::Enricher::Base] dummy
         #
         def get_dummy(klass)
-          type = get_type(klass)
-          case type
+          case klass.type
           when "analyzer"
             klass.new("dummy")
           when "emitter"
@@ -62,16 +46,15 @@ module Mihari
         def from_class(klass)
           return nil if klass == Mihari::Rule
 
-          type = get_type(klass)
-          return nil if type.nil?
+          return nil if klass.type.nil?
 
           begin
             instance = get_dummy(klass)
             new(
-              name: klass.class_key,
+              name: klass.key,
               items: klass.configuration_items,
               configured: instance.configured?,
-              type: type
+              type: klass.type
             )
           rescue ArgumentError
             nil

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "7.1.1"
+  VERSION = "7.1.3"
 end