class Mihari::Analyzers::Rule
Constants
- ANALYZER_TO_CLASS
Attributes
source[R]
Public Class Methods
new(**kwargs)
click to toggle source
Calls superclass method
Mihari::Analyzers::Base::new
# File lib/mihari/analyzers/rule.rb, line 21 def initialize(**kwargs) super(**kwargs) @source = id || UUIDTools::UUID.md5_create(UUIDTools::UUID_URL_NAMESPACE, title + description).to_s validate_analyzer_configurations end
Public Instance Methods
artifacts()
click to toggle source
Returns a list of artifacts matched with queries
@return [Array<Mihari::Artifact>]
# File lib/mihari/analyzers/rule.rb, line 53 def artifacts artifacts = [] queries.each do |params| analyzer_name = params[:analyzer] klass = get_analyzer_class(analyzer_name) query = params[:query] analyzer = klass.new(query, **params) # Use #normalized_artifacts method to get atrifacts as Array<Mihari::Artifact> # So Mihari::Artifact object has "source" attribute (e.g. "Shodan") artifacts << analyzer.normalized_artifacts end artifacts.flatten end
disallowed_data_value?(value)
click to toggle source
Check whether a value is a disallowed data value or not
@return [Boolean]
# File lib/mihari/analyzers/rule.rb, line 102 def disallowed_data_value?(value) normalized_disallowed_data_values.any? do |disallowed_data_value| return value == disallowed_data_value if disallowed_data_value.is_a?(String) return disallowed_data_value.match?(value) if disallowed_data_value.is_a?(Regexp) end end
normalized_artifacts()
click to toggle source
Normalize artifacts
-
Uniquefy artifacts by uniq(&:data)
-
Reject an invalid artifact (for just in case)
-
Select artifacts with allowed data types
-
Reject artifacts with disallowed data values
@return [Array<Mihari::Artifact>]
# File lib/mihari/analyzers/rule.rb, line 80 def normalized_artifacts @normalized_artifacts ||= artifacts.uniq(&:data).select(&:valid?).select do |artifact| allowed_data_types.include? artifact.data_type end.reject do |artifact| disallowed_data_value? artifact.data end end
normalized_disallowed_data_values()
click to toggle source
Normalized disallowed data values
@return [Array<Regexp, String>]
# File lib/mihari/analyzers/rule.rb, line 93 def normalized_disallowed_data_values @normalized_disallowed_data_values ||= disallowed_data_values.map { |v| normalize_disallowed_data_value v } end
Private Instance Methods
get_analyzer_class(analyzer_name)
click to toggle source
Get analyzer class
@param [String] analyzer_name
@return [Class<Mihari::Analyzers::Base>] analyzer class
# File lib/mihari/analyzers/rule.rb, line 118 def get_analyzer_class(analyzer_name) analyzer = ANALYZER_TO_CLASS[analyzer_name] return analyzer if analyzer raise ArgumentError, "#{analyzer_name} is not supported" end
validate_analyzer_configurations()
click to toggle source
Validate configuration of analyzers
# File lib/mihari/analyzers/rule.rb, line 128 def validate_analyzer_configurations queries.each do |params| analyzer_name = params[:analyzer] klass = get_analyzer_class(analyzer_name) instance = klass.new("dummy") unless instance.configured? klass_name = klass.to_s.split("::").last raise ArgumentError, "#{klass_name} is not configured correctly" end end end