misp 0.1.0 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: db847f1e32b2e0a1064180b310b087ade5c9d608282bcbeebc5403f02b0cb71d
-  data.tar.gz: e1090389330d2de0bfd8b0c58cd0768f1a9bc58bb220d80c9d74aea6cb9ec738
+  metadata.gz: dc2ae518cdfe5d3872000bf12bd1083a4a8540a3e6857e50573b1b8011604605
+  data.tar.gz: 25917d69a7a912ace45ccaa43f5bc0a5202e37e66532e1eabf30a09df0478c2e
 SHA512:
-  metadata.gz: a4b3e71c139193309e919b6dc344f4fb200521b07a90fd3e45384d272549632af96eec9852416fdc8ddbfda31c9675f5ab107ae4cb1b2ff61b98dbeba0979457
-  data.tar.gz: 16b98a9dae45d273b70600565f8130d43d592e4097b517f49a69177c367a8c88a5841e4eb238a9629f9a45d1ca12ce7addfb5118c27f52d45a9c4a0ae3e56f61
+  metadata.gz: 4691cfaffdc82bc4580e08ede833788371b0c9df3b4013bb96a777b2c8b35f92889d466274b301370daa0014a087ad0006d3f92a1de62de9cbea3f5e6e2d78e4
+  data.tar.gz: 2c7e5a0d2c3d5c503346d0a208f6dc9efc4b7b5b8470655e0bf29ea89ed4cbe4d8f4cf2e002738d62cb5b74dfd8b175ed99d01dfaf02fa0cc24c3e85029532c0

data/.github/workflows/test.yaml

@@ -0,0 +1,23 @@
+name: Ruby CI
+
+on: [pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: [2.7, "3.0"]
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Build and test with Rake
+        run: |
+          bundle exec rake

data/README.md

@@ -1,5 +1,6 @@
 # misp-rb
 
+[![Gem Version](https://badge.fury.io/rb/misp.svg)](https://badge.fury.io/rb/misp)
 [![Build Status](https://travis-ci.com/ninoseki/misp-rb.svg?branch=master)](https://travis-ci.com/ninoseki/misp-rb)
 [![Coverage Status](https://coveralls.io/repos/github/ninoseki/misp-rb/badge.svg?branch=master)](https://coveralls.io/github/ninoseki/misp-rb?branch=master)
 [![CodeFactor](https://www.codefactor.io/repository/github/ninoseki/misp-rb/badge)](https://www.codefactor.io/repository/github/ninoseki/misp-rb)
@@ -20,8 +21,8 @@ gem install misp
 
 By default, it tries to load configurations from environmental variables:
 
-- MISP API endpoint from ENV["MISP_API_ENDPOINT"]
-- MISP API key from ENV["MISP_API_KEY"]
+- `MISP_API_ENDPOINT`: MISP API endpoint (e.g. https://misppriv.circl.lu)
+- `MISP_API_KEY`: MISP API key
 
 Also, you can configure them manually.
 
@@ -60,7 +61,7 @@ event.update
 event = MISP::Event.get(17)
 event.add_attribute(value: "8.8.8.8", type: "ip-dst")
 # or
-attribute = MISP::Attribute(value: "1.1.1.1", type: "ip-dst")
+attribute = MISP::Attribute.new(value: "1.1.1.1", type: "ip-dst")
 event.add_attribute attribute
 event.update
 ```
@@ -109,6 +110,14 @@ event.tags << MISP::Tag.new(name: "my event-level tag")
 event.create
 ```
 
+### Search for events / attributes
+
+```ruby
+events = MISP::Event.search(info: "test")
+
+attributes = MISP::Attribute.search(type: "ip-dst")
+```
+
 ## Acknowledgement
 
 The implementation design of this gem is highly influenced by [FloatingGhost/mispex](https://github.com/FloatingGhost/mispex).

data/lib/misp/attribute.rb

@@ -2,48 +2,70 @@
 
 module MISP
   class Attribute < Base
+    # @return [String]
     attr_reader :id
+    # @return [String]
     attr_accessor :type
+    # @return [String]
     attr_accessor :category
+    # @return [Boolean]
     attr_accessor :to_ids
+    # @return [String]
     attr_reader :uuid
+    # @return [String]
     attr_reader :event_id
+    # @return [String]
     attr_accessor :distribution
+    # @return [String]
     attr_accessor :timestamp
+    # @return [String]
     attr_accessor :comment
+    # @return [String]
     attr_accessor :sharing_group_id
+    # @return [Boolean]
     attr_accessor :deleted
+    # @return [Boolean]
     attr_accessor :disable_correlation
+    # @return [String]
     attr_accessor :value
+    # @return [String]
     attr_accessor :data
 
+    # @return [Array<MISP::SharingGroup>]
     attr_accessor :sharing_groups
+    # @return [Array<MISP::Attribute>]
     attr_accessor :shadow_attributes
+    # @return [Array<MISP::Tag>]
     attr_accessor :tags
 
     def initialize(**attributes)
-      attributes = normalize_attributes(attributes)
-
-      @id = attributes.dig(:id)
-      @type = attributes.dig(:type)
-      @category = attributes.dig(:category)
-      @to_ids = attributes.dig(:to_ids)
-      @uuid = attributes.dig(:uuid)
-      @event_id = attributes.dig(:event_id)
-      @distribution = attributes.dig(:distribution)
-      @timestamp = attributes.dig(:timestamp)
-      @comment = attributes.dig(:comment)
-      @sharing_group_id = attributes.dig(:sharing_group_id)
-      @deleted = attributes.dig(:deleted)
-      @disable_correlation = attributes.dig(:disable_correlation)
-      @value = attributes.dig(:value)
-      @data = attributes.dig(:data)
-
-      @sharing_groups = build_plural_attribute(items: attributes.dig(:SharingGroup), klass: SharingGroup)
-      @shadow_attributes = build_plural_attribute(items: attributes.dig(:ShadowAttribute), klass: Attribute )
-      @tags = build_plural_attribute(items: attributes.dig(:Tag), klass: Tag)
+      attributes = normalize_attributes(**attributes)
+
+      @id = attributes[:id]
+      @type = attributes[:type]
+      @category = attributes[:category]
+      @to_ids = attributes[:to_ids]
+      @uuid = attributes[:uuid]
+      @event_id = attributes[:event_id]
+      @distribution = attributes[:distribution]
+      @timestamp = attributes[:timestamp]
+      @comment = attributes[:comment]
+      @sharing_group_id = attributes[:sharing_group_id]
+      @deleted = attributes[:deleted]
+      @disable_correlation = attributes[:disable_correlation]
+      @value = attributes[:value]
+      @data = attributes[:data]
+
+      @sharing_groups = build_plural_attribute(items: attributes[:SharingGroup], klass: SharingGroup)
+      @shadow_attributes = build_plural_attribute(items: attributes[:ShadowAttribute], klass: Attribute )
+      @tags = build_plural_attribute(items: attributes[:Tag], klass: Tag)
     end
 
+    #
+    # Returns a hash representation of the attribute data.
+    #
+    # @return [Hash]
+    #
     def to_h
       {
         id: id,
@@ -66,36 +88,53 @@ module MISP
       }.compact
     end
 
+    #
+    # Get an attribute
+    #
+    # @return [MISP::Attribute]
+    #
     def get
-      _get("/attributes/#{id}") { |attribute| Attribute.new symbolize_keys(attribute) }
-    end
-
-    def self.get(id)
-      new(id: id).get
+      _get("/attributes/#{id}") { |attribute| Attribute.new attribute }
     end
 
+    #
+    # Delete an attribute
+    #
+    # @return [Hash]
+    #
     def delete
       _post("/attributes/delete/#{id}") { |json| json }
     end
 
-    def self.delete(id)
-      new(id: id).delete
-    end
-
+    #
+    # Create an attribute
+    #
+    # @return [MISP::Attribute]
+    #
     def create(event_id)
-      _post("/attributes/add/#{event_id}", wrap(to_h)) { |attribute| Attribute.new symbolize_keys(attribute) }
-    end
-
-    def self.create(event_id, **attributes)
-      new(attributes).create(event_id)
+      _post("/attributes/add/#{event_id}", wrap(to_h)) { |attribute| Attribute.new(**attribute) }
     end
 
+    #
+    # Update an attribute
+    #
+    # @param [Hash] **attrs attributes
+    #
+    # @return [MISP::Attribute]
+    #
     def update(**attrs)
       payload = to_h.merge(attrs)
       payload[:timestamp] = nil
-      _post("/attributes/edit/#{id}", wrap(payload)) { |json| Attribute.new symbolize_keys(json.dig("response", "Attribute")) }
+      _post("/attributes/edit/#{id}", wrap(payload)) { |json| Attribute.new(**json.dig(:response, :Attribute)) }
     end
 
+    #
+    # Search for attributes
+    #
+    # @param [Hash] **params parameters
+    #
+    # @return [Array<MISP::Attributes>]
+    #
     def search(**params)
       base = {
         returnFormat: "json",
@@ -104,25 +143,53 @@ module MISP
       }
 
       _post("/attributes/restSearch", base.merge(params)) do |json|
-        attributes = json.dig("response", "Attribute") || []
-        attributes.map { |attribute| Attribute.new symbolize_keys(attribute) }
+        attributes = json.dig(:response, :Attribute) || []
+        attributes.map { |attribute| Attribute.new(**attribute) }
       end
     end
 
-    def self.search(**params)
-      new.search params
-    end
-
+    #
+    # Add a tag to an attribute
+    #
+    # @param [MISP::Tag, Hash] tag
+    #
+    # @return [MISP::Tag]
+    #
     def add_tag(tag)
-      tag = Tag.new(symbolize_keys(tag)) unless tag.is_a?(MISP::Tag)
+      tag = Tag.new(**tag) unless tag.is_a?(MISP::Tag)
       payload = { uuid: uuid, tag: tag.name }
-      _post("/tags/attachTagToObject", payload) { |json| Tag.new symbolize_keys(json) }
+      _post("/tags/attachTagToObject", payload) { |json| Tag.new(**json) }
     end
 
+    #
+    # Remove a tag from an attribute
+    #
+    # @param [MISP::Tag, Hash] tag
+    #
+    # @return [Hash]
+    #
     def remove_tag(tag)
-      tag = Tag.new(symbolize_keys(tag)) unless tag.is_a?(MISP::Tag)
+      tag = Tag.new(**tag) unless tag.is_a?(MISP::Tag)
       payload = { uuid: uuid, tag: tag.name }
       _post("/tags/removeTagFromObject", payload) { |json| json }
     end
+
+    class << self
+      def get(id)
+        new(id: id).get
+      end
+
+      def delete(id)
+        new(id: id).delete
+      end
+
+      def create(event_id, **attributes)
+        new(**attributes).create(event_id)
+      end
+
+      def search(**params)
+        new.search(**params)
+      end
+    end
   end
 end

data/lib/misp/base.rb

@@ -6,40 +6,67 @@ require "uri"
 
 module MISP
   class Base
+    private
+
+    #
+    # API endpoint
+    #
+    # @return [URI]
+    #
     def api_endpoint
       @api_endpoint ||= URI(MISP.configuration.api_endpoint)
     end
 
+    #
+    # API key
+    #
+    # @return [String]
+    #
     def api_key
       @api_key ||= MISP.configuration.api_key
     end
 
-    private
-
+    #
+    # Build an instance of a class
+    #
+    # @param [Hash] item
+    # @param [Class] klass
+    #
+    # @return [Class]
+    #
     def build_attribute(item:, klass:)
       return nil unless item
 
-      klass.new symbolize_keys(item)
+      klass.new(**item)
     end
 
+    #
+    # Build an array of an instance of a class
+    #
+    # @param [Array<Hash>] items
+    # @param [Class] klass
+    #
+    # @return [Arra<Class>]
+    #
     def build_plural_attribute(items:, klass:)
       (items || []).map do |item|
-        klass.new symbolize_keys(item)
+        klass.new(**item)
       end
     end
 
-    def symbolize_keys(hash)
-      hash.map { |k, v| [k.to_sym, v] }.to_h
-    end
-
+    #
+    # a name of the class
+    #
+    # @return [String]
+    #
     def class_name
       self.class.to_s.split("::").last.to_s
     end
 
-    def normalize_attributes(attributes)
+    def normalize_attributes(**attributes)
       klass = class_name.to_sym
 
-      attributes.key?(klass) ? symbolize_keys(attributes.dig(klass)) : attributes
+      attributes.key?(klass) ? attributes[klass] : attributes
     end
 
     def wrap(params)
@@ -99,7 +126,7 @@ module MISP
     end
 
     def parse_body(body)
-      JSON.parse body.to_s
+      JSON.parse body.to_s, symbolize_names: true
     rescue JSON::ParserError => _e
       body.to_s
     end
@@ -122,9 +149,9 @@ module MISP
 
     def default_headers
       {
-        "Content-Type": "application/json",
-        "Accept": "application/json",
-        "Authorization": api_key
+        'Content-Type': "application/json",
+        Accept: "application/json",
+        Authorization: api_key
       }
     end
 

data/lib/misp/configuration.rb

@@ -14,15 +14,15 @@ module MISP
     end
   end
 
-  def self.configuration
-    @configuration ||= Configuration.new
-  end
+  class << self
+    def configuration
+      @configuration ||= Configuration.new
+    end
 
-  def self.configuration=(config)
-    @configuration = config
-  end
+    attr_writer :configuration
 
-  def self.configure
-    yield configuration
+    def configure
+      yield configuration
+    end
   end
 end