class Mihari::Analyzers::Rule

Constants

ANALYZER_TO_CLASS

Attributes

source[R]

Public Class Methods

new(**kwargs) click to toggle source
Calls superclass method Mihari::Analyzers::Base::new
# File lib/mihari/analyzers/rule.rb, line 21
def initialize(**kwargs)
  super(**kwargs)

  @source = id || UUIDTools::UUID.md5_create(UUIDTools::UUID_URL_NAMESPACE, title + description).to_s

  validate_analyzer_configurations
end

Public Instance Methods

artifacts() click to toggle source

Returns a list of artifacts matched with queries

@return [Array<Mihari::Artifact>]

# File lib/mihari/analyzers/rule.rb, line 53
def artifacts
  artifacts = []

  queries.each do |params|
    analyzer_name = params[:analyzer]
    klass = get_analyzer_class(analyzer_name)

    query = params[:query]
    analyzer = klass.new(query, **params)

    # Use #normalized_artifacts method to get atrifacts as Array<Mihari::Artifact>
    # So Mihari::Artifact object has "source" attribute (e.g. "Shodan")
    artifacts << analyzer.normalized_artifacts
  end

  artifacts.flatten
end
disallowed_data_value?(value) click to toggle source

Check whether a value is a disallowed data value or not

@return [Boolean]

# File lib/mihari/analyzers/rule.rb, line 102
def disallowed_data_value?(value)
  normalized_disallowed_data_values.any? do |disallowed_data_value|
    return value == disallowed_data_value if disallowed_data_value.is_a?(String)
    return disallowed_data_value.match?(value) if disallowed_data_value.is_a?(Regexp)
  end
end
normalized_artifacts() click to toggle source

Normalize artifacts

  • Uniquefy artifacts by uniq(&:data)

  • Reject an invalid artifact (for just in case)

  • Select artifacts with allowed data types

  • Reject artifacts with disallowed data values

@return [Array<Mihari::Artifact>]

# File lib/mihari/analyzers/rule.rb, line 80
def normalized_artifacts
  @normalized_artifacts ||= artifacts.uniq(&:data).select(&:valid?).select do |artifact|
    allowed_data_types.include? artifact.data_type
  end.reject do |artifact|
    disallowed_data_value? artifact.data
  end
end
normalized_disallowed_data_values() click to toggle source

Normalized disallowed data values

@return [Array<Regexp, String>]

# File lib/mihari/analyzers/rule.rb, line 93
def normalized_disallowed_data_values
  @normalized_disallowed_data_values ||= disallowed_data_values.map { |v| normalize_disallowed_data_value v }
end

Private Instance Methods

get_analyzer_class(analyzer_name) click to toggle source

Get analyzer class

@param [String] analyzer_name

@return [Class<Mihari::Analyzers::Base>] analyzer class

# File lib/mihari/analyzers/rule.rb, line 118
def get_analyzer_class(analyzer_name)
  analyzer = ANALYZER_TO_CLASS[analyzer_name]
  return analyzer if analyzer

  raise ArgumentError, "#{analyzer_name} is not supported"
end
validate_analyzer_configurations() click to toggle source

Validate configuration of analyzers

# File lib/mihari/analyzers/rule.rb, line 128
def validate_analyzer_configurations
  queries.each do |params|
    analyzer_name = params[:analyzer]
    klass = get_analyzer_class(analyzer_name)

    instance = klass.new("dummy")
    unless instance.configured?
      klass_name = klass.to_s.split("::").last
      raise ArgumentError, "#{klass_name} is not configured correctly"
    end
  end
end