class Mihari::Artifact

Public Class Methods

new(attributes) click to toggle source
Calls superclass method
# File lib/mihari/models/artifact.rb, line 32
def initialize(attributes)
  super

  self.data_type = TypeChecker.type(data)
end

Public Instance Methods

enrich_all() click to toggle source

Enrich all the enrichable relationships of the artifact

# File lib/mihari/models/artifact.rb, line 106
def enrich_all
  enrich_autonomous_system
  enrich_dns
  enrich_geolocation
  enrich_reverse_dns
  enrich_whois
end
enrich_autonomous_system() click to toggle source

Enrich(add) geolocation

# File lib/mihari/models/artifact.rb, line 97
def enrich_autonomous_system
  return unless can_enrich_autonomous_system?

  self.autonomous_system = AutonomousSystem.build_by_ip(data)
end
enrich_dns() click to toggle source

Enrich(add) DNS records

# File lib/mihari/models/artifact.rb, line 70
def enrich_dns
  return unless can_enrich_dns?

  self.dns_records = DnsRecord.build_by_domain(normalize_as_domain(data))
end
enrich_geolocation() click to toggle source

Enrich(add) geolocation

# File lib/mihari/models/artifact.rb, line 88
def enrich_geolocation
  return unless can_enrich_geolocation?

  self.geolocation = Geolocation.build_by_ip(data)
end
enrich_reverse_dns() click to toggle source

Enrich(add) reverse DNS names

# File lib/mihari/models/artifact.rb, line 79
def enrich_reverse_dns
  return unless can_enrich_revese_dns?

  self.reverse_dns_names = ReverseDnsName.build_by_ip(data)
end
enrich_whois() click to toggle source

Enrich(add) whois record

# File lib/mihari/models/artifact.rb, line 61
def enrich_whois
  return unless can_enrich_whois?

  self.whois_record = WhoisRecord.build_by_domain(normalize_as_domain(data))
end
unique?(ignore_old_artifacts: false, ignore_threshold: 0) click to toggle source

Check uniqueness of artifact

@param [Boolean] ignore_old_artifacts @param [Integer] ignore_threshold

@return [Boolean] true if it is unique. Otherwise false.

# File lib/mihari/models/artifact.rb, line 46
def unique?(ignore_old_artifacts: false, ignore_threshold: 0)
  artifact = self.class.where(data: data).order(created_at: :desc).first
  return true if artifact.nil?

  return false unless ignore_old_artifacts

  days_before = (-ignore_threshold).days.from_now.utc
  # if an artifact is created before {ignore_threshold} days, ignore it
  #                           within {ignore_threshold} days, do not ignore it
  artifact.created_at < days_before
end

Private Instance Methods

can_enrich_autonomous_system?() click to toggle source
# File lib/mihari/models/artifact.rb, line 138
def can_enrich_autonomous_system?
  data_type == "ip" && autonomous_system.nil?
end
can_enrich_dns?() click to toggle source
# File lib/mihari/models/artifact.rb, line 126
def can_enrich_dns?
  %w[domain url].include?(data_type) && dns_records.empty?
end
can_enrich_geolocation?() click to toggle source
# File lib/mihari/models/artifact.rb, line 134
def can_enrich_geolocation?
  data_type == "ip" && geolocation.nil?
end
can_enrich_revese_dns?() click to toggle source
# File lib/mihari/models/artifact.rb, line 130
def can_enrich_revese_dns?
  data_type == "ip" && reverse_dns_names.empty?
end
can_enrich_whois?() click to toggle source
# File lib/mihari/models/artifact.rb, line 122
def can_enrich_whois?
  %w[domain url].include?(data_type) && whois_record.nil?
end
normalize_as_domain(url_or_domain) click to toggle source
# File lib/mihari/models/artifact.rb, line 116
def normalize_as_domain(url_or_domain)
  return url_or_domain if data_type == "domain"

  URI.parse(url_or_domain).host
end