mihari 4.9.0 → 4.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 85756e55047ef3bde95c50c1ac3c474adbd29828bf1f95618f3aac85638a1752
-  data.tar.gz: babe64cf74a96f659057b06ac3b5864b6faa2c3ec9b7e3f0f9b57bce7dd635a8
+  metadata.gz: 54ef0421cb5da34c8174fe0fdc3b43d310770dca779dd51fac284a678b86fc0a
+  data.tar.gz: 6b24c7b37c00f7ebed9ee0fcfbfb66b95d7d60ea7c7792a40be32607bdda07fe
 SHA512:
-  metadata.gz: 5c15c65a8952c1fbcf695feba8add8a7fc962eaac9ca426a18dd510663573dc9fe6b27472ca0edcd1ff9fb86b68a49ce8c459e3a7d90eabe9dbbe1e4506181d8
-  data.tar.gz: aceb04f0f6e78af7f0df2293d78a4d4d20bcf1827e70d45e3f425e38b128c5f9194dbdac608b29b44852af77b626ccbdd03583e7170d5330a2b584c7cbdca55b
+  metadata.gz: 941a6e47d53a2287d793fe28fab3e6e9295076ed39e50fcf8f55e6cdca102381ae425b3db603acdfea9b28e438a7f57627ed793be1efcb0093d83b17ac128535
+  data.tar.gz: 25055c04746f33620e0c762f1d79d6407d8a9156d47820c2129ed4b72e926e7cf2d3ea275ff546046bb5b9ce82fe069b222d56f5b69700eb44179f83d80c058c

data/lib/mihari/analyzers/base.rb

@@ -72,10 +72,22 @@ module Mihari
       #
       # @param [Mihari::Emitters::Base] emitter
       #
-      # @return [nil]
+      # @return [Mihari::Alert, nil]
       #
       def run_emitter(emitter)
-        emitter.run(title: title, description: description, artifacts: enriched_artifacts, source: source, tags: tags)
+        return if enriched_artifacts.empty?
+
+        alert_or_something = emitter.run(
+          title: title,
+          description: description,
+          artifacts: enriched_artifacts,
+          source: source,
+          tags: tags
+        )
+
+        Mihari.logger.info "Emission by #{emitter.class} is succedded"
+
+        alert_or_something
       rescue StandardError => e
         Mihari.logger.info "Emission by #{emitter.class} is failed: #{e}"
       end

data/lib/mihari/commands/search.rb

@@ -44,7 +44,7 @@ module Mihari
                 data = Mihari::Entities::Alert.represent(alert)
                 puts JSON.pretty_generate(data.as_json)
               else
-                Mihari.logger.info "There is no new artifact"
+                Mihari.logger.info "No new alert created in the database"
               end
 
               # record a rule

data/lib/mihari/emitters/misp.rb

@@ -6,7 +6,7 @@ module Mihari
   module Emitters
     class MISP < Base
       # @return [String, nil]
-      attr_reader :api_endpoint
+      attr_reader :url
 
       # @return [String, nil]
       attr_reader :api_key
@@ -14,18 +14,29 @@ module Mihari
       def initialize(*args, **kwargs)
         super(*args, **kwargs)
 
-        @api_endpoint = kwargs[:api_endpoint] || Mihari.config.misp_api_endpoint
+        @url = kwargs[:url] || kwargs[:api_endpoint] || Mihari.config.misp_url
         @api_key = kwargs[:api_key] || Mihari.config.misp_api_key
 
         ::MISP.configure do |config|
-          config.api_endpoint = api_endpoint
+          config.api_endpoint = url
           config.api_key = api_key
         end
       end
 
       # @return [Boolean]
       def valid?
-        api_endpoint? && api_key? && ping?
+        unless url? && api_key?
+          Mihari.logger.info("MISP URL is not set") unless url?
+          Mihari.logger.info("MISP API key is not set") unless api_key?
+          return false
+        end
+
+        unless ping?
+          Mihari.logger.info("MISP URL (#{url}) is not reachable")
+          return false
+        end
+
+        true
       end
 
       def emit(title:, artifacts:, tags: [], **_options)
@@ -47,7 +58,7 @@ module Mihari
       private
 
       def configuration_keys
-        %w[misp_api_endpoint misp_api_key]
+        %w[misp_url misp_api_key]
       end
 
       #
@@ -103,12 +114,12 @@ module Mihari
       end
 
       #
-      # Check whether an API endpoint is set or not
+      # Check whether a URL is set or not
       #
       # @return [Boolean]
       #
-      def api_endpoint?
-        !api_endpoint.nil? && !api_endpoint.empty?
+      def url?
+        !url.nil? && !url.empty?
       end
 
       #
@@ -121,15 +132,15 @@ module Mihari
       end
 
       #
-      # Check whether an API endpoint is reachable or not
+      # Check whether a URL is reachable or not
       #
       # @return [Boolean]
       #
       def ping?
-        base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
-        url = "#{base_url}/users/login"
+        base_url = url.end_with?("/") ? url[0..-2] : url
+        login_url = "#{base_url}/users/login"
 
-        http = Net::Ping::HTTP.new(url)
+        http = Net::Ping::HTTP.new(login_url)
         http.ping?
       end
     end

data/lib/mihari/emitters/the_hive.rb

@@ -6,7 +6,7 @@ module Mihari
   module Emitters
     class TheHive < Base
       # @return [String, nil]
-      attr_reader :api_endpoint
+      attr_reader :url
 
       # @return [String, nil]
       attr_reader :api_key
@@ -17,14 +17,25 @@ module Mihari
       def initialize(*args, **kwargs)
         super(*args, **kwargs)
 
-        @api_endpoint = kwargs[:api_endpoint] || Mihari.config.thehive_api_endpoint
+        @url = kwargs[:url] || kwargs[:api_endpoint] || Mihari.config.thehive_url
         @api_key = kwargs[:api_key] || Mihari.config.thehive_api_key
         @api_version = kwargs[:api_version] || Mihari.config.thehive_api_version
       end
 
       # @return [Boolean]
       def valid?
-        api_endpont? && api_key? && ping?
+        unless url? && api_key?
+          Mihari.logger.info("TheHive URL is not set") unless url?
+          Mihari.logger.info("TheHive API key is not set") unless api_key?
+          return false
+        end
+
+        unless ping?
+          Mihari.logger.info("TheHive URL (#{url}) is not reachable")
+          return false
+        end
+
+        true
       end
 
       def emit(title:, description:, artifacts:, tags: [], **_options)
@@ -57,20 +68,20 @@ module Mihari
       private
 
       def configuration_keys
-        %w[thehive_api_endpoint thehive_api_key]
+        %w[thehive_url thehive_api_key]
       end
 
       def api
-        @api ||= Hachi::API.new(api_endpoint: api_endpoint, api_key: api_key, api_version: normalized_api_version)
+        @api ||= Hachi::API.new(api_endpoint: url, api_key: api_key, api_version: normalized_api_version)
       end
 
       #
-      # Check whether an API endpoint is set or not
+      # Check whether a URL is set or not
       #
       # @return [Boolean]
       #
-      def api_endpont?
-        !api_endpoint.nil?
+      def url?
+        !url.nil?
       end
 
       #
@@ -83,7 +94,10 @@ module Mihari
       end
 
       def payload(title:, description:, artifacts:, tags: [])
-        return v4_payload(title: title, description: description, artifacts: artifacts, tags: tags) if normalized_api_version.nil?
+        if normalized_api_version.nil?
+          return v4_payload(title: title, description: description, artifacts: artifacts,
+            tags: tags)
+        end
 
         v5_payload(title: title, description: description, artifacts: artifacts, tags: tags)
       end
@@ -92,7 +106,9 @@ module Mihari
         {
           title: title,
           description: description,
-          artifacts: artifacts.map { |artifact| { data: artifact.data, data_type: artifact.data_type, message: description } },
+          artifacts: artifacts.map do |artifact|
+                       { data: artifact.data, data_type: artifact.data_type, message: description }
+                     end,
           tags: tags,
           type: "external",
           source: "mihari"
@@ -103,7 +119,9 @@ module Mihari
         {
           title: title,
           description: description,
-          observables: artifacts.map { |artifact| { data: artifact.data, data_type: artifact.data_type, message: description } },
+          observables: artifacts.map do |artifact|
+                         { data: artifact.data, data_type: artifact.data_type, message: description }
+                       end,
           tags: tags,
           type: "external",
           source: "mihari",
@@ -112,23 +130,23 @@ module Mihari
       end
 
       #
-      # Check whether an API endpoint is reachable or not
+      # Check whether a URL is reachable or not
       #
       # @return [Boolean]
       #
       def ping?
-        base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
+        base_url = url.end_with?("/") ? url[0..-2] : url
 
         if normalized_api_version.nil?
           # for v4
-          base_url = api_endpoint.end_with?("/") ? api_endpoint[0..-2] : api_endpoint
-          url = "#{base_url}/index.html"
+          base_url = url.end_with?("/") ? url[0..-2] : url
+          public_url = "#{base_url}/index.html"
         else
           # for v5
-          url = "#{base_url}/api/v1/status/public"
+          public_url = "#{base_url}/api/v1/status/public"
         end
 
-        http = Net::Ping::HTTP.new(url)
+        http = Net::Ping::HTTP.new(public_url)
 
         # use GET for v5
         http.get_request = true if normalized_api_version

data/lib/mihari/schemas/emitter.rb

@@ -9,12 +9,14 @@ module Mihari
     MISP = Dry::Schema.Params do
       required(:emitter).value(Types::String.enum("misp"))
       optional(:api_endpoint).value(:string)
+      optional(:url).value(:string)
       optional(:api_key).value(:string)
     end
 
     TheHive = Dry::Schema.Params do
       required(:emitter).value(Types::String.enum("the_hive"))
       optional(:api_endpoint).value(:string)
+      optional(:url).value(:string)
       optional(:api_key).value(:string)
       optional(:api_version).value(Types::String.enum("v4", "v5")).default("v4")
     end

data/lib/mihari/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Mihari
-  VERSION = "4.9.0"
+  VERSION = "4.10.0"
 end

data/lib/mihari.rb

@@ -84,7 +84,8 @@ module Mihari
 
   setting :ipinfo_api_key, default: ENV.fetch("IPINFO_API_KEY", nil)
 
-  setting :misp_api_endpoint, default: ENV.fetch("MISP_API_ENDPOINT", nil)
+  # TODO: deprecate MISP_API_ENDPOINT
+  setting :misp_url, default: ENV.fetch("MISP_URL", nil) || ENV.fetch("MISP_API_ENDPOINT", nil)
   setting :misp_api_key, default: ENV.fetch("MISP_API_KEY", nil)
 
   setting :onyphe_api_key, default: ENV.fetch("ONYPHE_API_KEY", nil)
@@ -105,7 +106,8 @@ module Mihari
 
   setting :spyse_api_key, default: ENV.fetch("SPYSE_API_KEY", nil)
 
-  setting :thehive_api_endpoint, default: ENV.fetch("THEHIVE_API_ENDPOINT", nil)
+  # TODO: deprecate THEHIVE_API_ENDPOINT
+  setting :thehive_url, default: ENV.fetch("THEHIVE_URL", nil) || ENV.fetch("THEHIVE_API_ENDPOINT", nil)
   setting :thehive_api_key, default: ENV.fetch("THEHIVE_API_KEY", nil)
   setting :thehive_api_version, default: ENV.fetch("THEHIVE_API_VERSION", nil)
 

data/mihari.gemspec

@@ -40,7 +40,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec", "~> 3.11"
   spec.add_development_dependency "simplecov-lcov", "~> 0.8.0"
   spec.add_development_dependency "standard", "~> 1.16"
-  spec.add_development_dependency "steep", "~> 1.1"
+  spec.add_development_dependency "steep", "~> 1.2"
   spec.add_development_dependency "timecop", "~> 0.9"
   spec.add_development_dependency "vcr", "~> 6.1"
   spec.add_development_dependency "webmock", "~> 3.18"
@@ -54,11 +54,11 @@ Gem::Specification.new do |spec|
   spec.add_dependency "dnpedia", "0.1.0"
   spec.add_dependency "dnstwister", "0.1.0"
   spec.add_dependency "dotenv", "2.8.1"
-  spec.add_dependency "dry-configurable", "0.15.0"
+  spec.add_dependency "dry-configurable", "0.16.0"
   spec.add_dependency "dry-container", "0.11.0"
   spec.add_dependency "dry-files", "0.3.0"
   spec.add_dependency "dry-initializer", "3.1.1"
-  spec.add_dependency "dry-schema", "1.10.5"
+  spec.add_dependency "dry-schema", "1.10.6"
   spec.add_dependency "dry-struct", "1.4.0"
   spec.add_dependency "dry-validation", "1.8.1"
   spec.add_dependency "email_address", "0.2.4"
@@ -88,10 +88,9 @@ Gem::Specification.new do |spec|
   spec.add_dependency "rack-cors", "1.1.1"
   spec.add_dependency "securitytrails", "1.0.0"
   spec.add_dependency "semantic_logger", "4.11.0"
-  spec.add_dependency "sentry-ruby", "5.4.2"
+  spec.add_dependency "sentry-ruby", "5.5.0"
   spec.add_dependency "shodanx", "0.2.1"
   spec.add_dependency "slack-notifier", "2.4.0"
-  spec.add_dependency "spysex", "0.2.0"
   spec.add_dependency "sqlite3", "1.5.0"
   spec.add_dependency "thor", "1.2.1"
   spec.add_dependency "urlscan", "0.8.0"

data/sig/lib/mihari/emitters/misp.rbs

@@ -2,7 +2,7 @@ module Mihari
   module Emitters
     class MISP < Base
 
-      attr_reader api_endpiont: String?
+      attr_reader url: String?
 
       attr_reader api_key: String?
 
@@ -16,7 +16,7 @@ module Mihari
 
       private
 
-      def configuration_keys: () -> ::Array["misp_api_endpoint" | "misp_api_key"]
+      def configuration_keys: () -> ::Array["misp_url" | "misp_api_key"]
 
       def build_attribute: (Mihari::Artifact artifact) -> untyped
 
@@ -24,7 +24,7 @@ module Mihari
 
       def to_misp_type: (type: String `type`, value: String value) -> String?
 
-      def api_endpoint?: () -> bool
+      def url?: () -> bool
 
       def api_key?: () -> bool
 

data/sig/lib/mihari/emitters/the_hive.rbs

@@ -1,7 +1,7 @@
 module Mihari
   module Emitters
     class TheHive < Base
-      attr_reader api_endpiont: String?
+      attr_reader url: String?
 
       attr_reader api_key: String?
 
@@ -16,12 +16,12 @@ module Mihari
 
       private
 
-      def configuration_keys: () -> ::Array["thehive_api_endpoint" | "thehive_api_key"]
+      def configuration_keys: () -> ::Array["thehive_url" | "thehive_api_key"]
 
       def api: () -> untyped
 
       # @return [true, false]
-      def api_endpont?: () -> bool
+      def url?: () -> bool
 
       # @return [true, false]
       def api_key?: () -> bool

data/sig/lib/mihari.rbs

@@ -5,7 +5,7 @@ class Configuration
   attr_accessor circl_passive_password (): String?
   attr_accessor circl_passive_username (): String?
   attr_accessor ipinfo_api_key (): String?
-  attr_accessor misp_api_endpoint (): String?
+  attr_accessor misp_url (): String?
   attr_accessor misp_api_key (): String?
   attr_accessor onyphe_api_key (): String?
   attr_accessor otx_api_key (): String?
@@ -17,7 +17,7 @@ class Configuration
   attr_accessor slack_channel (): String?
   attr_accessor slack_webhook_url (): String?
   attr_accessor spyse_api_key (): String?
-  attr_accessor thehive_api_endpoint (): String?
+  attr_accessor thehive_url (): String?
   attr_accessor thehive_api_key (): String?
   attr_accessor thehive_api_version (): String?
   attr_accessor urlscan_api_key (): String?

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mihari
 version: !ruby/object:Gem::Version
-  version: 4.9.0
+  version: 4.10.0
 platform: ruby
 authors:
 - Manabu Niseki
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-10-01 00:00:00.000000000 Z
+date: 2022-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -198,14 +198,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -380,14 +380,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.15.0
+        version: 0.16.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.15.0
+        version: 0.16.0
 - !ruby/object:Gem::Dependency
   name: dry-container
   requirement: !ruby/object:Gem::Requirement
@@ -436,14 +436,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.10.5
+        version: 1.10.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.10.5
+        version: 1.10.6
 - !ruby/object:Gem::Dependency
   name: dry-struct
   requirement: !ruby/object:Gem::Requirement
@@ -856,14 +856,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.4.2
+        version: 5.5.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 5.4.2
+        version: 5.5.0
 - !ruby/object:Gem::Dependency
   name: shodanx
   requirement: !ruby/object:Gem::Requirement
@@ -892,20 +892,6 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.4.0
-- !ruby/object:Gem::Dependency
-  name: spysex
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.2.0
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement