Class: Mihari::Structs::Rule

Inherits:

Object

• Object
• Mihari::Structs::Rule

Extended by:

Mixins::Database

Defined in:

lib/mihari/structs/rule.rb

Instance Attribute Summary

• #data ⇒ Hash readonly
• #errors ⇒ Array^? readonly
• #id ⇒ String
• #yaml ⇒ String readonly

Class Method Summary

• .from_model(model) ⇒ Mihari::Structs::Rule
• .from_path_or_id(path_or_id) ⇒ Mihari::Structs::Rule
• .from_yaml(yaml, id: nil) ⇒ Mihari::Structs::Rule

Instance Method Summary

• #[](key) ⇒ Object
• #description ⇒ String
• #error_messages ⇒ Array<String>
• #errors? ⇒ Boolean
• #initialize(data, yaml) ⇒ Rule constructor

  A new instance of Rule.

• #title ⇒ String
• #to_analyzer ⇒ Mihari::Analyzers::Rule
• #to_model ⇒ Mihari::Rule
• #validate ⇒ Object
• #validate! ⇒ Object

Methods included from Mixins::Database

with_db_connection

Constructor Details

#initialize(data, yaml) ⇒ Rule

Returns a new instance of Rule.

# File 'lib/mihari/structs/rule.rb', line 23

def initialize(data, yaml)
  @data = data.deep_symbolize_keys
  @yaml = yaml

  @errors = nil
  @no_method_error = nil

  validate
end

Instance Attribute Details

#data ⇒ Hash (readonly)

Returns:

• (Hash)

# File 'lib/mihari/structs/rule.rb', line 12

def data
  @data
end

#errors ⇒ Array^? (readonly)

Returns:

• (Array, nil)

# File 'lib/mihari/structs/rule.rb', line 18

def errors
  @errors
end

#id ⇒ String

Returns:

• (String)

# File 'lib/mihari/structs/rule.rb', line 88

def id
  @id ||= data[:id] || UUIDTools::UUID.md5_create(UUIDTools::UUID_URL_NAMESPACE, data.to_yaml).to_s
end

#yaml ⇒ String (readonly)

Returns:

• (String)

# File 'lib/mihari/structs/rule.rb', line 15

def yaml
  @yaml
end

Class Method Details

.from_model(model) ⇒ Mihari::Structs::Rule

Parameters:

• model (Mihari::Rule)

Returns:

• (Mihari::Structs::Rule)

# File 'lib/mihari/structs/rule.rb', line 157

def from_model(model)
  data = model.data.deep_symbolize_keys
  # set ID if YAML data do not have ID
  data[:id] = model.id unless data.key?(:id)

  Structs::Rule.new(data, model.yaml)
end

.from_path_or_id(path_or_id) ⇒ Mihari::Structs::Rule

Parameters:

• path_or_id (String) —

  Path to YAML file or YAML string or ID of a rule in the database

Returns:

• (Mihari::Structs::Rule)

# File 'lib/mihari/structs/rule.rb', line 184

def from_path_or_id(path_or_id)
  yaml = nil

  yaml = load_yaml_from_file(path_or_id) if File.exist?(path_or_id)
  yaml = load_yaml_from_db(path_or_id) if yaml.nil?

  Structs::Rule.from_yaml yaml
end

.from_yaml(yaml, id: nil) ⇒ Mihari::Structs::Rule

Parameters:

• yaml (String)
• id (String, nil) (defaults to: nil)

Returns:

• (Mihari::Structs::Rule)

# File 'lib/mihari/structs/rule.rb', line 171

def from_yaml(yaml, id: nil)
  data = load_erb_yaml(yaml)
  # set ID if id is given & YAML data do not have ID
  data[:id] = id if !id.nil? && !data.key?(:id)

  Structs::Rule.new(data, yaml)
end

Instance Method Details

#[](key) ⇒ Object

# File 'lib/mihari/structs/rule.rb', line 81

def [](key)
  data[key.to_sym]
end

#description ⇒ String

Returns:

• (String)

# File 'lib/mihari/structs/rule.rb', line 102

def description
  @description ||= data[:description]
end

#error_messages ⇒ Array<String>

Returns:

• (Array<String>)

# File 'lib/mihari/structs/rule.rb', line 45

def error_messages
  return [] if @errors.nil?

  @errors.messages.filter_map do |message|
    path = message.path.map(&:to_s).join
    "#{path} #{message.text}"
  rescue NoMethodError
    nil
  end
end

#errors? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mihari/structs/rule.rb', line 36

def errors?
  return false if @errors.nil?

  !@errors.empty?
end

#title ⇒ String

Returns:

• (String)

# File 'lib/mihari/structs/rule.rb', line 95

def title
  @title ||= data[:title]
end

#to_analyzer ⇒ Mihari::Analyzers::Rule

Returns:

• (Mihari::Analyzers::Rule)

# File 'lib/mihari/structs/rule.rb', line 131

def to_analyzer
  analyzer = Mihari::Analyzers::Rule.new(
    title: self[:title],
    description: self[:description],
    tags: self[:tags],
    queries: self[:queries],
    allowed_data_types: self[:allowed_data_types],
    disallowed_data_values: self[:disallowed_data_values],
    emitters: self[:emitters],
    enrichers: self[:enrichers],
    id: id
  )
  analyzer.ignore_old_artifacts = self[:ignore_old_artifacts]
  analyzer.ignore_threshold = self[:ignore_threshold]

  analyzer
end

#to_model ⇒ Mihari::Rule

Returns:

• (Mihari::Rule)

# File 'lib/mihari/structs/rule.rb', line 109

def to_model
  rule = Mihari::Rule.find(id)

  rule.title = title
  rule.description = description
  rule.data = data
  rule.yaml = yaml

  rule
rescue ActiveRecord::RecordNotFound
  Mihari::Rule.new(
    id: id,
    title: title,
    description: description,
    data: data,
    yaml: yaml
  )
end

#validate ⇒ Object

# File 'lib/mihari/structs/rule.rb', line 56

def validate
  begin
    contract = Schemas::RuleContract.new
    result = contract.call(data)
  rescue NoMethodError => e
    @no_method_error = e
    return
  end

  @data = result.to_h
  @errors = result.errors
end

#validate! ⇒ Object

# File 'lib/mihari/structs/rule.rb', line 69

def validate!
  raise RuleValidationError, "Data should be a hash" unless data.is_a?(Hash)
  raise RuleValidationError, error_messages.join("\n") if errors?
  raise RuleValidationError, "Something wrong with queries, emitters or enrichers." unless @no_method_error.nil?
rescue RuleValidationError => e
  message = "Failed to parse the input as a rule"
  message += ": #{e.message}" unless e.message.empty?
  Mihari.logger.error message

  raise e
end