Class: Mihari::Artifact

Inherits:
ActiveRecord::Base
  • Object
show all
Includes:
ActiveModel::Validations
Defined in:
lib/mihari/models/artifact.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(*args, **kwargs) ⇒ Artifact

Returns a new instance of Artifact.

Raises:



30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/mihari/models/artifact.rb', line 30

def initialize(*args, **kwargs)
  attrs = args.first || kwargs
  data_ = attrs[:data]

  raise InvalidArtifactFormatError if data_.is_a?(Array) || data_.is_a?(Hash)

  super(*args, **kwargs)

  self.data_type = TypeChecker.type(data)
  self.tags = []
end

Instance Attribute Details

#tagsObject

Returns the value of attribute tags.



28
29
30
 
# File 'lib/mihari/models/artifact.rb', line 28

def tags
  @tags
end

Instance Method Details

#enrich_allObject

Enrich all the enrichable relationships of the artifact



128
129
130
131
132
133
134
135
136
 
# File 'lib/mihari/models/artifact.rb', line 128

def enrich_all
  enrich_autonomous_system
  enrich_dns
  enrich_geolocation
  enrich_reverse_dns
  enrich_whois
  enrich_ports
  enrich_cpes
end

#enrich_autonomous_systemObject

Enrich AS



101
102
103
104
105
 
# File 'lib/mihari/models/artifact.rb', line 101

def enrich_autonomous_system
  return unless can_enrich_autonomous_system?

  self.autonomous_system = AutonomousSystem.build_by_ip(data)
end

#enrich_cpesObject

Enrich CPEs



119
120
121
122
123
 
# File 'lib/mihari/models/artifact.rb', line 119

def enrich_cpes
  return unless can_enrich_cpes?

  self.cpes = CPE.build_by_ip(data)
end

#enrich_dnsObject

Enrich(add) DNS records



74
75
76
77
78
 
# File 'lib/mihari/models/artifact.rb', line 74

def enrich_dns
  return unless can_enrich_dns?

  self.dns_records = DnsRecord.build_by_domain(normalize_as_domain(data))
end

#enrich_geolocationObject

Enrich(add) geolocation



92
93
94
95
96
 
# File 'lib/mihari/models/artifact.rb', line 92

def enrich_geolocation
  return unless can_enrich_geolocation?

  self.geolocation = Geolocation.build_by_ip(data)
end

#enrich_portsObject

Enrich ports



110
111
112
113
114
 
# File 'lib/mihari/models/artifact.rb', line 110

def enrich_ports
  return unless can_enrich_ports?

  self.ports = Port.build_by_ip(data)
end

#enrich_reverse_dnsObject

Enrich(add) reverse DNS names



83
84
85
86
87
 
# File 'lib/mihari/models/artifact.rb', line 83

def enrich_reverse_dns
  return unless can_enrich_revese_dns?

  self.reverse_dns_names = ReverseDnsName.build_by_ip(data)
end

#enrich_whoisObject

Enrich(add) whois record



65
66
67
68
69
 
# File 'lib/mihari/models/artifact.rb', line 65

def enrich_whois
  return unless can_enrich_whois?

  self.whois_record = WhoisRecord.build_by_domain(normalize_as_domain(data))
end

#unique?(ignore_old_artifacts: false, ignore_threshold: 0) ⇒ Boolean

Check uniqueness of artifact

Parameters:

  • ignore_old_artifacts (Boolean) (defaults to: false)
  • ignore_threshold (Integer) (defaults to: 0)

Returns:

  • (Boolean)

    true if it is unique. Otherwise false.



50
51
52
53
54
55
56
57
58
59
60
 
# File 'lib/mihari/models/artifact.rb', line 50

def unique?(ignore_old_artifacts: false, ignore_threshold: 0)
  artifact = self.class.where(data: data).order(created_at: :desc).first
  return true if artifact.nil?

  return false unless ignore_old_artifacts

  days_before = (-ignore_threshold).days.from_now.utc
  # if an artifact is created before {ignore_threshold} days, ignore it
  #                           within {ignore_threshold} days, do not ignore it
  artifact.created_at < days_before
end