mihari 3.7.0 → 3.7.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6e9001e10ac0891e2e10d90bccbd165afbdfc3bcd2724a3d5adf521b2be843b
-  data.tar.gz: 98119fae9302eb4251ceda56c1ddb0ab615fbf36d67505fd8af2ffb08f1dcfaf
+  metadata.gz: 50093699c012400a3f870f4bc44e373d8b2bf897ba47026f68f91c0899eaa42a
+  data.tar.gz: d690e4c92aa71ed193dfce5576b305698a74d3cf5ca99e0e6b7e696fd502254f
 SHA512:
-  metadata.gz: 92ae37318ffb97ab4746cb44c266e63fba5c505a6c81c141be362c11ecf4e399850f1921b2907bf511f6b0a4ea5884642282f319962af1628fc8bf9e69503fa8
-  data.tar.gz: 45f2a2a748bb362a0daa7f9c3c7da5329cb7bab002f1ddcec4a56d111102d311471b3904b2d77f50f406e05f43deeacbd8f235e5ff4ae2dd2a0096a4dd98074d
+  metadata.gz: 27d489befd3a96dd8da1a8c5117f148500cd76acd66124c2d9111d15aecbb92e52ac5432edb1f7af1a69d4241ed90698aba615a802a89f2d20f2caf17154752e
+  data.tar.gz: 1f1cf73cb2eabb643d6be55786aa2e4e598c19d2e6de0c6467ea49667c04596e4366a8c301efb189f125429e05ba2e96e8ba8c79baf775e474ed0869705d1048

data/lib/mihari/enrichers/base.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Mihari
+  module Enrichers
+    class Base
+      include Mixins::Configurable
+
+      def self.inherited(child)
+        Mihari.enrichers << child
+      end
+
+      # @return [Boolean]
+      def valid?
+        raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+      end
+    end
+  end
+end

data/lib/mihari/enrichers/ipinfo.rb

@@ -4,7 +4,18 @@ require "memist"
 
 module Mihari
   module Enrichers
-    class IPInfo
+    class IPInfo < Base
+      # @return [Boolean]
+      def valid?
+        Mihari.config.ipinfo_api_key.nil?
+      end
+
+      private
+
+      def configuration_keys
+        %w[ipinfo_api_key]
+      end
+
       class << self
         include Memist::Memoizable
 

data/lib/mihari/models/autonomous_system.rb

@@ -17,11 +17,9 @@ module Mihari
       def build_by_ip(ip)
         res = Enrichers::IPInfo.query(ip)
 
-        unless res.nil?
-          return new(asn: res.asn)
-        end
+        return nil if res.nil? || res.asn.nil?
 
-        nil
+        new(asn: res.asn)
       end
     end
   end

data/lib/mihari/status.rb

@@ -18,7 +18,7 @@ module Mihari
     # @return [Array<Hash>]
     #
     def statuses
-      (Mihari.analyzers + Mihari.emitters).map do |klass|
+      (Mihari.analyzers + Mihari.emitters + Mihari.enrichers).map do |klass|
         name = klass.to_s.split("::").last.to_s
 
         [name, build_status(klass)]
@@ -36,11 +36,16 @@ module Mihari
       return nil if klass == Mihari::Analyzers::Rule
 
       is_analyzer = klass.ancestors.include?(Mihari::Analyzers::Base)
+      is_emitter = klass.ancestors.include?(Mihari::Emitters::Base)
+      is_enricher = klass.ancestors.include?(Mihari::Enrichers::Base)
 
       instance = is_analyzer ? klass.new("dummy") : klass.new
       is_configured = instance.configured?
       values = instance.configuration_values
-      type = is_analyzer ? "Analyzer" : "Emitter"
+
+      type = "Analyzer"
+      type = "Emitter" if is_emitter
+      type = "Enricher" if is_enricher
 
       values ? { is_configured: is_configured, values: values, type: type } : nil
     rescue ArgumentError => _e

data/lib/mihari/structs/ipinfo.rb

@@ -9,7 +9,7 @@ module Mihari
         attribute :hostname, Types::String.optional
         attribute :loc, Types::String
         attribute :country_code, Types::String
-        attribute :asn, Types::Integer
+        attribute :asn, Types::Integer.optional
 
         class << self
           include Mixins::AutonomousSystem
@@ -17,9 +17,12 @@ module Mihari
           def from_dynamic!(d)
             d = Types::Hash[d]
 
-            org = d.fetch("org")
-            asn = org.split.first
-            asn = normalize_asn(asn)
+            asn = nil
+            org = d["org"]
+            unless org.nil?
+              asn = org.split.first
+              asn = normalize_asn(asn)
+            end
 
             new(
               ip: d.fetch("ip"),
@@ -29,7 +32,7 @@ module Mihari
               asn: asn
             )
           end
-      end
+        end
       end
     end
   end

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "3.7.0"
+  VERSION = "3.7.1"
 end

data/lib/mihari.rb

@@ -6,6 +6,9 @@ require "dry/files"
 require "mem"
 require "yaml"
 
+# Load .env
+require "dotenv/load"
+
 # Mixins
 require "mihari/mixins/autonomous_system"
 require "mihari/mixins/configurable"
@@ -32,7 +35,7 @@ module Mihari
   setting :censys_secret, ENV["CENSYS_SECRET"]
   setting :circl_passive_password, ENV["CIRCL_PASSIVE_PASSWORD"]
   setting :circl_passive_username, ENV["CIRCL_PASSIVE_USERNAME"]
-  setting :ipinfo_api_key, ENV["ipinfo_api_key"]
+  setting :ipinfo_api_key, ENV["IPINFO_API_KEY"]
   setting :misp_api_endpoint, ENV["MISP_API_ENDPOINT"]
   setting :misp_api_key, ENV["MISP_API_KEY"]
   setting :onyphe_api_key, ENV["ONYPHE_API_KEY"]
@@ -67,6 +70,11 @@ module Mihari
     end
     memoize :analyzers
 
+    def enrichers
+      []
+    end
+    memoize :enrichers
+
     #
     # Load configuration from YAML file
     #
@@ -111,6 +119,7 @@ require "mihari/schemas/configuration"
 require "mihari/schemas/rule"
 
 # Enrichers
+require "mihari/enrichers/base"
 require "mihari/enrichers/ipinfo"
 
 # Models

data/mihari.gemspec

@@ -54,6 +54,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "cymbal", "~> 2.0"
   spec.add_dependency "dnpedia", "~> 0.1"
   spec.add_dependency "dnstwister", "~> 0.1"
+  spec.add_dependency "dotenv", "~> 2.7"
   spec.add_dependency "dry-configurable", "~> 0.12"
   spec.add_dependency "dry-files", "~> 0.1"
   spec.add_dependency "dry-initializer", "~> 3.0"

data/sig/lib/mihari/enrichers/base.rbs

@@ -0,0 +1,12 @@
+module Mihari
+  module Enrichers
+    class Base
+      include Mixins::Configurable
+
+      def self.inherited: (untyped child) -> untyped
+
+      # @return [Boolean]
+      def valid?: () -> bool
+    end
+  end
+end

data/sig/lib/mihari/enrichers/ipinfo.rbs

@@ -1,6 +1,8 @@
 module Mihari
   module Enrichers
     class IPInfo
+      def valid?: () -> bool
+
       #
       # Query IPInfo
       #

data/sig/lib/mihari/structs/ipinfo.rbs

@@ -6,7 +6,7 @@ module Mihari
         attr_reader hostname: String?
         attr_reader loc: String
         attr_reader country_code: String
-        attr_reader asn: String
+        attr_reader asn: Integer?
 
         def self.from_dynamic!: (Hash[(String | Symbol), untyped] d) -> Mihari::Structs::IPInfo::Response
 

data/sig/lib/mihari.rbs

@@ -42,6 +42,8 @@ module Mihari
 
   def self.analyzers: () -> ::Array[singleton(Mihari::Analyzers::Base)]
 
+  def self.enrichers: () -> ::Array[singleton(Mihari::Enrichers::Base)]
+
   #
   # Load configuration from YAML file
   #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 3.7.0
+  version: 3.7.1
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-09-03 00:00:00.000000000 Z
+date: 2021-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -402,6 +402,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: dotenv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.7'
 - !ruby/object:Gem::Dependency
   name: dry-configurable
   requirement: !ruby/object:Gem::Requirement
@@ -1069,6 +1083,7 @@ files:
 - lib/mihari/emitters/stdout.rb
 - lib/mihari/emitters/the_hive.rb
 - lib/mihari/emitters/webhook.rb
+- lib/mihari/enrichers/base.rb
 - lib/mihari/enrichers/ipinfo.rb
 - lib/mihari/errors.rb
 - lib/mihari/mixins/autonomous_system.rb
@@ -1226,6 +1241,7 @@ files:
 - sig/lib/mihari/emitters/stdout.rbs
 - sig/lib/mihari/emitters/the_hive.rbs
 - sig/lib/mihari/emitters/webhook.rbs
+- sig/lib/mihari/enrichers/base.rbs
 - sig/lib/mihari/enrichers/ipinfo.rbs
 - sig/lib/mihari/errors.rbs
 - sig/lib/mihari/mixins/autonomous_system.rbs