RubyGems - mihari - Versions diffs - 3.6.0 → 3.6.1 - Mend

mihari 3.6.0 → 3.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (117) hide show

checksums.yaml +4 -4
data/.gitmodules +3 -0
data/README.md +2 -0
data/Steepfile +32 -0
data/lib/mihari/analyzers/base.rb +5 -5
data/lib/mihari/analyzers/binaryedge.rb +13 -0
data/lib/mihari/analyzers/censys.rb +5 -0
data/lib/mihari/analyzers/circl.rb +15 -0
data/lib/mihari/analyzers/crtsh.rb +5 -0
data/lib/mihari/analyzers/dnpedia.rb +5 -0
data/lib/mihari/analyzers/dnstwister.rb +17 -0
data/lib/mihari/analyzers/onyphe.rb +20 -4
data/lib/mihari/analyzers/otx.rb +20 -0
data/lib/mihari/analyzers/passivetotal.rb +25 -0
data/lib/mihari/analyzers/pulsedive.rb +10 -0
data/lib/mihari/analyzers/rule.rb +18 -0
data/lib/mihari/analyzers/securitytrails.rb +25 -0
data/lib/mihari/analyzers/shodan.rb +13 -0
data/lib/mihari/analyzers/spyse.rb +20 -0
data/lib/mihari/analyzers/urlscan.rb +10 -0
data/lib/mihari/analyzers/virustotal.rb +20 -0
data/lib/mihari/analyzers/zoomeye.rb +38 -0
data/lib/mihari/emitters/base.rb +1 -1
data/lib/mihari/emitters/misp.rb +38 -5
data/lib/mihari/emitters/slack.rb +20 -2
data/lib/mihari/emitters/the_hive.rb +16 -3
data/lib/mihari/emitters/webhook.rb +18 -3
data/lib/mihari/mixins/disallowed_data_value.rb +1 -1
data/lib/mihari/structs/onyphe.rb +2 -2
data/lib/mihari/type_checker.rb +9 -9
data/lib/mihari/version.rb +1 -1
data/mihari.gemspec +1 -0
data/sig/lib/mihari/analyzers/base.rbs +99 -0
data/sig/lib/mihari/analyzers/basic.rbs +17 -0
data/sig/lib/mihari/analyzers/binaryedge.rbs +25 -0
data/sig/lib/mihari/analyzers/censys.rbs +38 -0
data/sig/lib/mihari/analyzers/circl.rbs +29 -0
data/sig/lib/mihari/analyzers/crtsh.rbs +19 -0
data/sig/lib/mihari/analyzers/dnpedia.rbs +18 -0
data/sig/lib/mihari/analyzers/dnstwister.rbs +27 -0
data/sig/lib/mihari/analyzers/onyphe.rbs +33 -0
data/sig/lib/mihari/analyzers/otx.rbs +33 -0
data/sig/lib/mihari/analyzers/passivetotal.rbs +33 -0
data/sig/lib/mihari/analyzers/pulsedive.rbs +27 -0
data/sig/lib/mihari/analyzers/rule.rbs +68 -0
data/sig/lib/mihari/analyzers/securitytrails.rbs +33 -0
data/sig/lib/mihari/analyzers/shodan.rbs +33 -0
data/sig/lib/mihari/analyzers/spyse.rbs +29 -0
data/sig/lib/mihari/analyzers/urlscan.rbs +28 -0
data/sig/lib/mihari/analyzers/virustotal.rbs +31 -0
data/sig/lib/mihari/analyzers/zoomeye.rbs +33 -0
data/sig/lib/mihari/cli/analyzer.rbs +39 -0
data/sig/lib/mihari/cli/base.rbs +11 -0
data/sig/lib/mihari/cli/init.rbs +7 -0
data/sig/lib/mihari/cli/main.rbs +9 -0
data/sig/lib/mihari/cli/mixins/utils.rbs +50 -0
data/sig/lib/mihari/cli/validator.rbs +7 -0
data/sig/lib/mihari/commands/binaryedge.rbs +7 -0
data/sig/lib/mihari/commands/censys.rbs +7 -0
data/sig/lib/mihari/commands/circl.rbs +7 -0
data/sig/lib/mihari/commands/crtsh.rbs +7 -0
data/sig/lib/mihari/commands/dnpedia.rbs +7 -0
data/sig/lib/mihari/commands/dnstwister.rbs +7 -0
data/sig/lib/mihari/commands/init.rbs +11 -0
data/sig/lib/mihari/commands/json.rbs +7 -0
data/sig/lib/mihari/commands/onyphe.rbs +7 -0
data/sig/lib/mihari/commands/otx.rbs +7 -0
data/sig/lib/mihari/commands/passivetotal.rbs +7 -0
data/sig/lib/mihari/commands/pulsedive.rbs +7 -0
data/sig/lib/mihari/commands/search.rbs +35 -0
data/sig/lib/mihari/commands/securitytrails.rbs +7 -0
data/sig/lib/mihari/commands/shodan.rbs +7 -0
data/sig/lib/mihari/commands/spyse.rbs +7 -0
data/sig/lib/mihari/commands/urlscan.rbs +7 -0
data/sig/lib/mihari/commands/validator.rbs +11 -0
data/sig/lib/mihari/commands/virustotal.rbs +7 -0
data/sig/lib/mihari/commands/web.rbs +7 -0
data/sig/lib/mihari/commands/zoomeye.rbs +7 -0
data/sig/lib/mihari/constants.rbs +3 -0
data/sig/lib/mihari/database.rbs +25 -0
data/sig/lib/mihari/emitters/base.rbs +18 -0
data/sig/lib/mihari/emitters/database.rbs +9 -0
data/sig/lib/mihari/emitters/misp.rbs +28 -0
data/sig/lib/mihari/emitters/slack.rbs +58 -0
data/sig/lib/mihari/emitters/stdout.rbs +9 -0
data/sig/lib/mihari/emitters/the_hive.rbs +24 -0
data/sig/lib/mihari/emitters/webhook.rbs +20 -0
data/sig/lib/mihari/errors.rbs +10 -0
data/sig/lib/mihari/mixins/configurable.rbs +26 -0
data/sig/lib/mihari/mixins/configuration.rbs +45 -0
data/sig/lib/mihari/mixins/disallowed_data_value.rbs +25 -0
data/sig/lib/mihari/mixins/hash.rbs +14 -0
data/sig/lib/mihari/mixins/refang.rbs +14 -0
data/sig/lib/mihari/mixins/retriable.rbs +15 -0
data/sig/lib/mihari/mixins/rule.rbs +41 -0
data/sig/lib/mihari/models/alert.rbs +46 -0
data/sig/lib/mihari/models/artifact.rbs +54 -0
data/sig/lib/mihari/models/autonomous_system.rbs +5 -0
data/sig/lib/mihari/models/dns.rbs +19 -0
data/sig/lib/mihari/models/geolocation.rbs +6 -0
data/sig/lib/mihari/models/reverse_dns.rbs +14 -0
data/sig/lib/mihari/models/tag.rbs +5 -0
data/sig/lib/mihari/models/tagging.rbs +4 -0
data/sig/lib/mihari/models/whois.rbs +66 -0
data/sig/lib/mihari/notifiers/base.rbs +18 -0
data/sig/lib/mihari/notifiers/exception_notifier.rbs +75 -0
data/sig/lib/mihari/notifiers/slack.rbs +50 -0
data/sig/lib/mihari/status.rbs +25 -0
data/sig/lib/mihari/structs/censys.rbs +50 -0
data/sig/lib/mihari/structs/onyphe.rbs +25 -0
data/sig/lib/mihari/structs/shodan.rbs +28 -0
data/sig/lib/mihari/type_checker.rbs +48 -0
data/sig/lib/mihari/types.rbs +17 -0
data/sig/lib/mihari/version.rbs +3 -0
data/sig/lib/mihari/web/app.rbs +5 -0
data/sig/lib/mihari.rbs +57 -0
metadata +102 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c9c1cbdf0570c25e2d89d7f6fd402b64991dfaebc75cf3cf5422a56504287ae9
-  data.tar.gz: d5b7a0db7b49f245e3c949135011fb674e28a9d3c251e165f827e8f3d90673b1
+  metadata.gz: 14d0c74e85fbf6ef624afefe7e948595586d6c00fa8bc32f211e60caee581fc3
+  data.tar.gz: 9d5fde6d69f664efac0d6c56e6a0ba60adcad0edcfe45c69f285ffcaba8d11f0
 SHA512:
-  metadata.gz: e76a216dedbc1aec17748c37a1b874c2c825fed6f7716ef356a48ddf2861584da299c384737e588a48b67165874f495192bb42a4c20c2f29f4620f8b559d1a83
-  data.tar.gz: 2f3e380b252ba238594ccacd2df8e362a62b9685aafeff34d6506e7301184cf5b38c4244db9498842f4aee9df109d7c43a9ad99cecc3b63616d333a7f5093333
+  metadata.gz: 30597743e91f124388fbdf426199d97a00f92db9e525fe5725643d529d319ca670d1e9aa6eccff86c0844802157ca3d5c7db9b9afd925d6f0ac4d8b881c44949
+  data.tar.gz: 9d199a3c2f6c7794214730de7c8db812e939c5ddd11ab06d1c6f28c3b8764b2881958b0684adb59e8516d0ac4b6a1dc66b19c5a593efaac9695cb6e317ce8105

data/.gitmodules ADDED Viewed

@@ -0,0 +1,3 @@
+[submodule "vendor/rbs/gem_rbs_collection"]
+	path = vendor/rbs/gem_rbs_collection
+	url = https://github.com/ruby/gem_rbs_collection.git

data/README.md CHANGED Viewed

@@ -64,3 +64,5 @@ The gem is available as open source under the terms of the [MIT License](https:/
 ## Acknowledgement
 Mihari is proudly supported by [Tines.io](https://tines.io?utm_source=github&utm_medium=sponsorship&utm_campaign=ninoseki), The SOAR Platform for Enterprise Security Teams.
+$ bundle exec rbs -rpathname  --repo=gem_rbs/gems -ractivesupport -ractionpack -ractivejob -ractivemodel -ractionview -ractiverecord -rrailties -I sig validate

data/Steepfile ADDED Viewed

@@ -0,0 +1,32 @@
+target :lib do
+  signature "sig"
+  check "lib"
+  repo_path "vendor/rbs/gem_rbs_collection/gems"
+  library "date"
+  library "json"
+  library "logger"
+  library "monitor"
+  library "mutex_m"
+  library "pathname"
+  library "securerandom"
+  library "singleton"
+  library "time"
+  library "tsort"
+  library "uri"
+  library "resolv"
+  library "timeout"
+  library "socket"
+  library "rack"
+  library "actionpack"
+  library "actionview"
+  library "activejob"
+  library "activemodel"
+  library "activerecord"
+  library "activesupport"
+  library "parallel"
+  library "railties"
+end

data/lib/mihari/analyzers/base.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module Mihari
       # @return [String]
       def title
-        self.class.to_s.split("::").last
+        self.class.to_s.split("::").last.to_s
       end
       # @return [String]
@@ -37,7 +37,7 @@ module Mihari
       # @return [String]
       def source
-        self.class.to_s.split("::").last
+        self.class.to_s.split("::").last.to_s
       end
       # @return [Array<String>]
@@ -125,9 +125,9 @@ module Mihari
       #
       def set_enriched_artifacts
         retry_on_error { enriched_artifacts }
-      rescue ArgumentError => _e
+      rescue ArgumentError => e
         klass = self.class.to_s.split("::").last.to_s
-        raise Error, "Please configure #{klass} API settings properly"
+        raise Error, "Please configure #{klass} settings properly. (#{e})"
       end
       #
@@ -139,7 +139,7 @@ module Mihari
         @valid_emitters ||= Mihari.emitters.filter_map do |klass|
           emitter = klass.new
           emitter.valid? ? emitter : nil
-        end
+        end.compact
       end
       #

data/lib/mihari/analyzers/binaryedge.rb CHANGED Viewed

@@ -26,6 +26,14 @@ module Mihari
       PAGE_SIZE = 20
+      #
+      # Search with pagination
+      #
+      # @param [String] query
+      # @param [Integer] page
+      #
+      # @return [Hash]
+      #
       def search_with_page(query, page: 1)
         api.host.search(query, page: page)
       rescue ::BinaryEdge::Error => e
@@ -34,6 +42,11 @@ module Mihari
         raise e
       end
+      #
+      # Search
+      #
+      # @return [Array<Hash>]
+      #
       def search
         responses = []
         (1..Float::INFINITY).each do |page|

data/lib/mihari/analyzers/censys.rb CHANGED Viewed

@@ -16,6 +16,11 @@ module Mihari
       private
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         artifacts = []

data/lib/mihari/analyzers/circl.rb CHANGED Viewed

@@ -35,6 +35,11 @@ module Mihari
         @api ||= ::PassiveCIRCL::API.new(username: Mihari.config.circl_passive_username, password: Mihari.config.circl_passive_password)
       end
+      #
+      # Passive DNS/SSL search
+      #
+      # @return [Array<String>]
+      #
       def search
         case @type
         when "domain"
@@ -46,6 +51,11 @@ module Mihari
         end
       end
+      #
+      # Passive DNS search
+      #
+      # @return [Array<String>]
+      #
       def passive_dns_search
         results = api.dns.query(@query)
         results.filter_map do |result|
@@ -54,6 +64,11 @@ module Mihari
         end.uniq
       end
+      #
+      # Passive SSL search
+      #
+      # @return [Array<String>]
+      #
       def passive_ssl_search
         result = api.ssl.cquery(@query)
         seen = result["seen"] || []

data/lib/mihari/analyzers/crtsh.rb CHANGED Viewed

@@ -23,6 +23,11 @@ module Mihari
         @api ||= ::Crtsh::API.new
       end
+      #
+      # Search
+      #
+      # @return [Array<Hash>]
+      #
       def search
         exclude = exclude_expired ? "expired" : nil
         api.search(query, exclude: exclude)

data/lib/mihari/analyzers/dnpedia.rb CHANGED Viewed

@@ -20,6 +20,11 @@ module Mihari
         @api ||= ::DNPedia::API.new
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         res = api.search(query)
         rows = res["rows"] || []

data/lib/mihari/analyzers/dnstwister.rb CHANGED Viewed

@@ -29,6 +29,11 @@ module Mihari
       private
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         type == "domain"
       end
@@ -37,6 +42,13 @@ module Mihari
         @api ||= ::DNSTwister::API.new
       end
+      #
+      # Check whether a domain is resolvable or not
+      #
+      # @param [String] domain
+      #
+      # @return [Boolean]
+      #
       def resolvable?(domain)
         Resolv.getaddress domain
         true
@@ -44,6 +56,11 @@ module Mihari
         false
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?

data/lib/mihari/analyzers/onyphe.rb CHANGED Viewed

@@ -33,11 +33,24 @@ module Mihari
         @api ||= ::Onyphe::API.new(Mihari.config.onyphe_api_key)
       end
+      #
+      # Search with pagination
+      #
+      # @param [String] query
+      # @param [Integer] page
+      #
+      # @return [Structs::Onyphe::Response]
+      #
       def search_with_page(query, page: 1)
         res = api.simple.datascan(query, page: page)
         Structs::Onyphe::Response.from_dynamic!(res)
       end
+      #
+      # Search
+      #
+      # @return [Array<Structs::Onyphe::Response>]
+      #
       def search
         responses = []
         (1..Float::INFINITY).each do |page|
@@ -60,10 +73,13 @@ module Mihari
       def build_artifact(result)
         as = AutonomousSystem.new(asn: normalize_asn(result.asn))
-        geolocation = Geolocation.new(
-          country: NormalizeCountry(result.country_code, to: :short),
-          country_code: result.country_code
-        )
+        geolocation = nil
+        unless result.country_code.nil?
+          geolocation = Geolocation.new(
+            country: NormalizeCountry(result.country_code, to: :short),
+            country_code: result.country_code
+          )
+        end
         Artifact.new(
           data: result.ip,

data/lib/mihari/analyzers/otx.rb CHANGED Viewed

@@ -39,10 +39,20 @@ module Mihari
         @ip_client ||= ::OTX::IP.new(Mihari.config.otx_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain].include? type
       end
+      #
+      # IP/domain search
+      #
+      # @return [Array<String>]
+      #
       def search
         case type
         when "domain"
@@ -54,6 +64,11 @@ module Mihari
         end
       end
+      #
+      # Domain search
+      #
+      # @return [Array<String>]
+      #
       def domain_search
         records = domain_client.get_passive_dns(query)
         records.filter_map do |record|
@@ -61,6 +76,11 @@ module Mihari
         end.uniq
       end
+      #
+      # IP search
+      #
+      # @return [Array<String>]
+      #
       def ip_search
         records = ip_client.get_passive_dns(query)
         records.filter_map do |record|

data/lib/mihari/analyzers/passivetotal.rb CHANGED Viewed

@@ -35,10 +35,20 @@ module Mihari
         @api ||= ::PassiveTotal::API.new(username: Mihari.config.passivetotal_username, api_key: Mihari.config.passivetotal_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain mail hash].include? type
       end
+      #
+      # Passive DNS/SSL, reverse whois search
+      #
+      # @return [Array<String>]
+      #
       def search
         case type
         when "domain", "ip"
@@ -52,11 +62,21 @@ module Mihari
         end
       end
+      #
+      # Passive DNS search
+      #
+      # @return [Array<String>]
+      #
       def passive_dns_search
         res = api.dns.passive_unique(query)
         res["results"] || []
       end
+      #
+      # Reverse whois search
+      #
+      # @return [Array<String>]
+      #
       def reverse_whois_search
         res = api.whois.search(query: query, field: "email")
         results = res["results"] || []
@@ -65,6 +85,11 @@ module Mihari
         end.flatten.compact.uniq
       end
+      #
+      # Passive SSL search
+      #
+      # @return [Array<String>]
+      #
       def ssl_search
         res = api.ssl.history(query)
         results = res["results"] || []

data/lib/mihari/analyzers/pulsedive.rb CHANGED Viewed

@@ -35,10 +35,20 @@ module Mihari
         @api ||= ::Pulsedive::API.new(Mihari.config.pulsedive_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain].include? type
       end
+      #
+      # Search
+      #
+      # @return [Array<String>]
+      #
       def search
         raise InvalidInputError, "#{query}(type: #{type || "unknown"}) is not supported." unless valid_type?

data/lib/mihari/analyzers/rule.rb CHANGED Viewed

@@ -22,6 +22,8 @@ module Mihari
         super(**kwargs)
         @source = id || UUIDTools::UUID.md5_create(UUIDTools::UUID_URL_NAMESPACE, title + description).to_s
+        validate_analyzer_configurations
       end
       ANALYZER_TO_CLASS = {
@@ -119,6 +121,22 @@ module Mihari
         raise ArgumentError, "#{analyzer_name} is not supported"
       end
+      #
+      # Validate configuration of analyzers
+      #
+      def validate_analyzer_configurations
+        queries.each do |params|
+          analyzer_name = params[:analyzer]
+          klass = get_analyzer_class(analyzer_name)
+          instance = klass.new("dummy")
+          unless instance.configured?
+            klass_name = klass.to_s.split("::").last
+            raise ArgumentError, "#{klass_name} is not configured correctly"
+          end
+        end
+      end
     end
   end
 end

data/lib/mihari/analyzers/securitytrails.rb CHANGED Viewed

@@ -35,10 +35,20 @@ module Mihari
         @api ||= ::SecurityTrails::API.new(Mihari.config.securitytrails_api_key)
       end
+      #
+      # Check whether a type is valid or not
+      #
+      # @return [Boolean]
+      #
       def valid_type?
         %w[ip domain mail].include? type
       end
+      #
+      # IP/domain/mail search
+      #
+      # @return [Array<String>]
+      #
       def search
         case type
         when "domain"
@@ -52,6 +62,11 @@ module Mihari
         end
       end
+      #
+      # Domain search
+      #
+      # @return [Array<String>]
+      #
       def domain_search
         result = api.history.get_all_dns_history(query, type: "a")
         records = result["records"] || []
@@ -60,12 +75,22 @@ module Mihari
         end.flatten.compact.uniq
       end
+      #
+      # IP search
+      #
+      # @return [Array<String>]
+      #
       def ip_search
         result = api.domains.search(filter: { ipv4: query })
         records = result["records"] || []
         records.filter_map { |record| record["hostname"] }.uniq
       end
+      #
+      # Mail search
+      #
+      # @return [Array<String>]
+      #
       def mail_search
         result = api.domains.search(filter: { whois_email: query })
         records = result["records"] || []