class Mihari::Artifact
Public Class Methods
new(attributes)
click to toggle source
Calls superclass method
# File lib/mihari/models/artifact.rb, line 32 def initialize(attributes) super self.data_type = TypeChecker.type(data) end
Public Instance Methods
enrich_all()
click to toggle source
Enrich all the enrichable relationships of the artifact
# File lib/mihari/models/artifact.rb, line 106 def enrich_all enrich_autonomous_system enrich_dns enrich_geolocation enrich_reverse_dns enrich_whois end
enrich_autonomous_system()
click to toggle source
Enrich(add) geolocation
# File lib/mihari/models/artifact.rb, line 97 def enrich_autonomous_system return unless can_enrich_autonomous_system? self.autonomous_system = AutonomousSystem.build_by_ip(data) end
enrich_dns()
click to toggle source
Enrich(add) DNS records
# File lib/mihari/models/artifact.rb, line 70 def enrich_dns return unless can_enrich_dns? self.dns_records = DnsRecord.build_by_domain(normalize_as_domain(data)) end
enrich_geolocation()
click to toggle source
Enrich(add) geolocation
# File lib/mihari/models/artifact.rb, line 88 def enrich_geolocation return unless can_enrich_geolocation? self.geolocation = Geolocation.build_by_ip(data) end
enrich_reverse_dns()
click to toggle source
Enrich(add) reverse DNS names
# File lib/mihari/models/artifact.rb, line 79 def enrich_reverse_dns return unless can_enrich_revese_dns? self.reverse_dns_names = ReverseDnsName.build_by_ip(data) end
enrich_whois()
click to toggle source
Enrich(add) whois record
# File lib/mihari/models/artifact.rb, line 61 def enrich_whois return unless can_enrich_whois? self.whois_record = WhoisRecord.build_by_domain(normalize_as_domain(data)) end
unique?(ignore_old_artifacts: false, ignore_threshold: 0)
click to toggle source
Check uniqueness of artifact
@param [Boolean] ignore_old_artifacts @param [Integer] ignore_threshold
@return [Boolean] true if it is unique. Otherwise false.
# File lib/mihari/models/artifact.rb, line 46 def unique?(ignore_old_artifacts: false, ignore_threshold: 0) artifact = self.class.where(data: data).order(created_at: :desc).first return true if artifact.nil? return false unless ignore_old_artifacts days_before = (-ignore_threshold).days.from_now.utc # if an artifact is created before {ignore_threshold} days, ignore it # within {ignore_threshold} days, do not ignore it artifact.created_at < days_before end
Private Instance Methods
can_enrich_autonomous_system?()
click to toggle source
# File lib/mihari/models/artifact.rb, line 138 def can_enrich_autonomous_system? data_type == "ip" && autonomous_system.nil? end
can_enrich_dns?()
click to toggle source
# File lib/mihari/models/artifact.rb, line 126 def can_enrich_dns? %w[domain url].include?(data_type) && dns_records.empty? end
can_enrich_geolocation?()
click to toggle source
# File lib/mihari/models/artifact.rb, line 134 def can_enrich_geolocation? data_type == "ip" && geolocation.nil? end
can_enrich_revese_dns?()
click to toggle source
# File lib/mihari/models/artifact.rb, line 130 def can_enrich_revese_dns? data_type == "ip" && reverse_dns_names.empty? end
can_enrich_whois?()
click to toggle source
# File lib/mihari/models/artifact.rb, line 122 def can_enrich_whois? %w[domain url].include?(data_type) && whois_record.nil? end
normalize_as_domain(url_or_domain)
click to toggle source
# File lib/mihari/models/artifact.rb, line 116 def normalize_as_domain(url_or_domain) return url_or_domain if data_type == "domain" URI.parse(url_or_domain).host end