mihari 5.0.0 → 5.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/mihari/analyzers/base.rb +6 -9
  3. data/lib/mihari/commands/searcher.rb +31 -26
  4. data/lib/mihari/structs/rule.rb +2 -6
  5. data/lib/mihari/version.rb +1 -1
  6. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 41784cbe3811a8f5f2a6a4de663ceaa03e2635c329c455b523e5fc55fda0c9e7
4
- data.tar.gz: '052987fcb8805a8f71a0716d5e0970b0c4c7451059dded4b5149679ccda6c999'
3
+ metadata.gz: b7944fcbb2ef6b1ff7fccbe5c8158bd21a186b05e8fae70a6700256dce10adbb
4
+ data.tar.gz: 36605153506952b323be6e3a7646fd4446f280943fc6c587d7885e8eec413c33
5
5
  SHA512:
6
- metadata.gz: f16447e83adb4630baf9587eecea0dbb6f580de23894d70fa2c1729483faa6dc1c86fe5de2bd782100f8cba89e2a50e7ce2f0ab675de822fe5fb767fb2c6f45f
7
- data.tar.gz: af70fcc510ed4fd6a434481a8372c56d20a54b605ee0b49425a1315531d2261db6df9588f1961ba34796728ff40f0ce188ad58e6c542f4c3644a8c8251b37eb5
6
+ metadata.gz: ba53c1fb987ffd933017ccc64a3a72adc032de81a377e34684c4927304d295d85531ad11e796abd3c17489411fcf15eedd494d7ff7a8b7d0c53fdeb511eb5a8d
7
+ data.tar.gz: 6dff687f32dfef7f0cc19b76cba77a6233ebbefa9b90f522f37092468370eb5abb0e7f185d86f74077944cb0c76609b01390e7878ca494a82419ac44e59d93e5
data/lib/mihari/analyzers/base.rb CHANGED
@@ -9,7 +9,6 @@ module Mihari
9
9
 
10
10
  include Mixins::AutonomousSystem
11
11
  include Mixins::Configurable
12
- include Mixins::Database
13
12
  include Mixins::Retriable
14
13
 
15
14
  # @return [Mihari::Structs::Rule, nil]
@@ -42,16 +41,14 @@ module Mihari
42
41
  raise ConfigurationError, "#{class_name} is not configured correctly"
43
42
  end
44
43
 
45
- with_db_connection do
46
- set_enriched_artifacts
44
+ set_enriched_artifacts
47
45
 
48
- responses = Parallel.map(valid_emitters) do |emitter|
49
- run_emitter emitter
50
- end
51
-
52
- # returns Mihari::Alert created by the database emitter
53
- responses.find { |res| res.is_a?(Mihari::Alert) }
46
+ responses = Parallel.map(valid_emitters) do |emitter|
47
+ run_emitter emitter
54
48
  end
49
+
50
+ # returns Mihari::Alert created by the database emitter
51
+ responses.find { |res| res.is_a?(Mihari::Alert) }
55
52
  end
56
53
 
57
54
  #
data/lib/mihari/commands/searcher.rb CHANGED
@@ -9,39 +9,44 @@ module Mihari
9
9
  def self.included(thor)
10
10
  thor.class_eval do
11
11
  desc "search [PATH]", "Search by a rule"
12
- method_option :yes, type: :boolean, aliases: "-y", desc: "yes to overwrite the rule in the database"
12
+ method_option :force_overwrite, type: :boolean, aliases: "-f", desc: "Force an overwrite the rule"
13
13
  def search(path_or_id)
14
- rule = Structs::Rule.from_path_or_id path_or_id
14
+ with_db_connection do
15
+ rule = Structs::Rule.from_path_or_id path_or_id
15
16
 
16
- # validate
17
- begin
18
- rule.validate!
19
- rescue RuleValidationError
20
- return
21
- end
17
+ # validate
18
+ begin
19
+ rule.validate!
20
+ rescue RuleValidationError
21
+ return
22
+ end
23
+
24
+ force_overwrite = options["force_overwrite"] || false
25
+
26
+ begin
27
+ rule_model = Mihari::Rule.find(rule.id)
28
+ has_change = rule_model.data != rule.data.deep_stringify_keys
29
+ has_change_and_not_force_overwrite = has_change & !force_overwrite
22
30
 
23
- # check update
24
- yes = options["yes"] || false
25
- unless yes
26
- with_db_connection do
27
- next if Mihari::Rule.find(rule.id).data == rule.data.deep_stringify_keys
28
- unless yes?("This operation will overwrite the rule in the database (Rule ID: #{rule.id}). Are you sure you want to update the rule? (y/n)")
31
+ if has_change_and_not_force_overwrite && !yes?("This operation will overwrite the rule in the database (Rule ID: #{rule.id}). Are you sure you want to update the rule? (y/n)")
29
32
  return
30
33
  end
34
+
35
+ # update the rule
36
+ rule.model.save
31
37
  rescue ActiveRecord::RecordNotFound
32
- next
38
+ # create a new rule
39
+ rule.model.save
33
40
  end
34
- end
35
- # update rule model
36
- rule.model.save
37
-
38
- with_error_notification do
39
- alert = rule.analyzer.run
40
- if alert
41
- data = Mihari::Entities::Alert.represent(alert)
42
- puts JSON.pretty_generate(data.as_json)
43
- else
44
- Mihari.logger.info "There is no new alert created in the database"
41
+
42
+ with_error_notification do
43
+ alert = rule.analyzer.run
44
+ if alert
45
+ data = Mihari::Entities::Alert.represent(alert)
46
+ puts JSON.pretty_generate(data.as_json)
47
+ else
48
+ Mihari.logger.info "There is no new alert created in the database"
49
+ end
45
50
  end
46
51
  end
47
52
  end
data/lib/mihari/structs/rule.rb CHANGED
@@ -164,8 +164,6 @@ module Mihari
164
164
  end
165
165
 
166
166
  class << self
167
- include Mixins::Database
168
-
169
167
  #
170
168
  # Load rule from YAML string
171
169
  #
@@ -209,11 +207,9 @@ module Mihari
209
207
  # @return [Mihari::Structs::Rule, nil]
210
208
  #
211
209
  def from_id(id)
212
- with_db_connection do
213
- return nil unless Mihari::Rule.exists?(id)
210
+ return nil unless Mihari::Rule.exists?(id)
214
211
 
215
- Structs::Rule.from_model Mihari::Rule.find(id)
216
- end
212
+ Structs::Rule.from_model Mihari::Rule.find(id)
217
213
  end
218
214
 
219
215
  #
data/lib/mihari/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Mihari
4
- VERSION = "5.0.0"
4
+ VERSION = "5.0.1"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mihari
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.0
4
+ version: 5.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki