RubyGems - mihari - Versions diffs - 7.2.0 → 7.3.0 - Mend

mihari 7.2.0 → 7.3.0

Files changed (28) hide show

checksums.yaml +4 -4
data/Dockerfile +1 -1
data/lib/mihari/actor.rb +7 -0
data/lib/mihari/analyzers/base.rb +0 -7
data/lib/mihari/enrichers/base.rb +54 -12
data/lib/mihari/enrichers/google_public_dns.rb +28 -7
data/lib/mihari/enrichers/mmdb.rb +25 -7
data/lib/mihari/enrichers/shodan.rb +35 -4
data/lib/mihari/enrichers/whois.rb +32 -24
data/lib/mihari/models/alert.rb +12 -0
data/lib/mihari/models/artifact.rb +105 -181
data/lib/mihari/models/rule.rb +21 -0
data/lib/mihari/rule.rb +27 -6
data/lib/mihari/schemas/alert.rb +3 -3
data/lib/mihari/schemas/analyzer.rb +27 -27
data/lib/mihari/schemas/emitter.rb +9 -9
data/lib/mihari/schemas/macros.rb +2 -2
data/lib/mihari/schemas/options.rb +2 -5
data/lib/mihari/schemas/rule.rb +12 -12
data/lib/mihari/services/builders.rb +0 -153
data/lib/mihari/services/enrichers.rb +1 -1
data/lib/mihari/services/getters.rb +1 -1
data/lib/mihari/version.rb +1 -1
data/lib/mihari/web/public/assets/{index-GWurHG1o.js → index-JHS0L8KZ.js} +29 -29
data/lib/mihari/web/public/index.html +1 -1
data/mihari.gemspec +2 -2
data/requirements.txt +1 -1
metadata +7 -7

data/lib/mihari/services/builders.rb CHANGED Viewed

@@ -20,158 +20,5 @@ module Mihari
         Rule.from_yaml ERB.new(File.read(path_or_id)).result
       end
     end
-    #
-    # Autonomous system builder
-    #
-    class AutonomousSystemBuilder < Service
-      #
-      # @param [String] ip
-      # @param [Mihari::Enrichers::MMDB] enricher
-      #
-      # @return [Mihari::Models::AutonomousSystem, nil]
-      #
-      def call(ip, enricher: Enrichers::MMDB.new)
-        enricher.result(ip).fmap do |res|
-          Models::AutonomousSystem.new(number: res.asn) if res.asn
-        end.value_or nil
-      end
-    end
-    #
-    # CPE builder
-    #
-    class CPEBuilder < Service
-      #
-      # Build CPEs
-      #
-      # @param [String] ip
-      # @param [Mihari::Enrichers::Shodan] enricher
-      #
-      # @return [Array<Mihari::Models::CPE>]
-      #
-      def call(ip, enricher: Enrichers::Shodan.new)
-        enricher.result(ip).fmap do |res|
-          (res&.cpes || []).map { |cpe| Models::CPE.new(name: cpe) }
-        end.value_or []
-      end
-    end
-    #
-    # DNS record builder
-    #
-    class DnsRecordBuilder < Service
-      #
-      # Build DNS records
-      #
-      # @param [String] domain
-      # @param [Mihari::Enrichers::Shodan] enricher
-      #
-      # @return [Array<Mihari::Models::DnsRecord>]
-      #
-      def call(domain, enricher: Enrichers::GooglePublicDNS.new)
-        enricher.result(domain).fmap do |res|
-          res.answers.map { |answer| Models::DnsRecord.new(resource: answer.resource_type, value: answer.data) }
-        end.value_or []
-      end
-    end
-    #
-    # Geolocation builder
-    #
-    class GeolocationBuilder < Service
-      #
-      # Build Geolocation
-      #
-      # @param [String] ip
-      # @param [Mihari::Enrichers::MMDB] enricher
-      #
-      # @return [Mihari::Models::Geolocation, nil]
-      #
-      def call(ip, enricher: Enrichers::MMDB.new)
-        enricher.result(ip).fmap do |res|
-          if res.country_code
-            Models::Geolocation.new(
-              country: NormalizeCountry(res.country_code, to: :short),
-              country_code: res.country_code
-            )
-          end
-        end.value_or nil
-      end
-    end
-    #
-    # Port builder
-    #
-    class PortBuilder < Service
-      #
-      # Build ports
-      #
-      # @param [String] ip
-      # @param [Mihari::Enrichers::Shodan] enricher
-      #
-      # @return [Array<Mihari::Models::Port>]
-      #
-      def call(ip, enricher: Enrichers::Shodan.new)
-        enricher.result(ip).fmap do |res|
-          (res&.ports || []).map { |port| Models::Port.new(number: port) }
-        end.value_or []
-      end
-    end
-    #
-    # Reverse DNS name builder
-    #
-    class ReverseDnsNameBuilder < Service
-      #
-      # Build reverse DNS names
-      #
-      # @param [String] ip
-      # @param [Mihari::Enrichers::Shodan] enricher
-      #
-      # @return [Array<Mihari::Models::ReverseDnsName>]
-      #
-      def call(ip, enricher: Enrichers::Shodan.new)
-        enricher.result(ip).fmap do |res|
-          (res&.hostnames || []).map { |name| Models::ReverseDnsName.new(name: name) }
-        end.value_or []
-      end
-    end
-    #
-    # Vulnerability builder
-    #
-    class VulnerabilityBuilder < Service
-      #
-      # Build vulnerabilities
-      #
-      # @param [String] ip
-      # @param [Mihari::Enrichers::Shodan] enricher
-      #
-      # @return [Array<Mihari::Models::Vulnerability>]
-      #
-      def call(ip, enricher: Enrichers::Shodan.new)
-        enricher.result(ip).fmap do |res|
-          (res&.vulns || []).map { |name| Models::Vulnerability.new(name: name) }
-        end.value_or []
-      end
-    end
-    #
-    # Whois record builder
-    #
-    class WhoisRecordBuilder < Service
-      #
-      # Build whois record
-      #
-      # @param [String] domain
-      # @param [Mihari::Enrichers::Whois] enricher
-      #
-      # @return [Mihari::Models::WhoisRecord, nil]
-      #
-      def call(domain, enricher: Enrichers::Whois.new)
-        enricher.result(domain).value_or nil
-      end
-    end
   end
 end

data/lib/mihari/services/enrichers.rb CHANGED Viewed

@@ -19,7 +19,7 @@ module Mihari
         raise UnenrichableError.new, "#{artifact.id} is already enriched or unenrichable" unless artifact.enrichable?
-        artifact.enrich_all
+        artifact.enrich
         artifact.save
       end
     end

data/lib/mihari/services/getters.rb CHANGED Viewed

@@ -51,7 +51,7 @@ module Mihari
       # @return [Mihari::Structs::MMDB::Response]
       #
       def call(ip)
-        Mihari::Enrichers::MMDB.new.call ip
+        Clients::MMDB.new.query ip
       end
     end
   end

data/lib/mihari/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Mihari
-  VERSION = "7.2.0"
+  VERSION = "7.3.0"
 end