Class: Mihari::Structs::Rule

Inherits:
Object
  • Object
show all
Defined in:
lib/mihari/structs/rule.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(data) ⇒ Rule

Initialize

Parameters:

  • data (Hash) 


24
25
26
27
28
29
30
 
# File 'lib/mihari/structs/rule.rb', line 24

def initialize(data)
  @data = data.deep_symbolize_keys

  @errors = nil

  validate
end

Instance Attribute Details

#dataHash (readonly)

Returns:

  • (Hash) 


14
15
16
 
# File 'lib/mihari/structs/rule.rb', line 14

def data
  @data
end

#errorsArray? (readonly)

Returns:

  • (Array, nil) 


17
18
19
 
# File 'lib/mihari/structs/rule.rb', line 17

def errors
  @errors
end

Class Method Details

.from_id(id) ⇒ Mihari::Structs::Rule?

Load a rule from DB

Parameters:

  • id (String)

Returns:



209
210
211
212
213
 
# File 'lib/mihari/structs/rule.rb', line 209

def from_id(id)
  return nil unless Mihari::Rule.exists?(id)

  Structs::Rule.from_model Mihari::Rule.find(id)
end

.from_model(model) ⇒ Mihari::Structs::Rule

Parameters:

Returns:



185
186
187
 
# File 'lib/mihari/structs/rule.rb', line 185

def from_model(model)
  Structs::Rule.new(model.data)
end

.from_path(path) ⇒ Mihari::Structs::Rule?

Load a rule from path

Parameters:

  • path (String)

Returns:



196
197
198
199
200
 
# File 'lib/mihari/structs/rule.rb', line 196

def from_path(path)
  return nil unless Pathname(path).exist?

  from_yaml File.read(path)
end

.from_path_or_id(path_or_id) ⇒ Mihari::Structs::Rule

Parameters:

  • path_or_id (String)

    Path to YAML file or YAML string or ID of a rule in the database

Returns:

Raises:

  • (ArgumentError) 


220
221
222
223
224
225
226
227
228
 
# File 'lib/mihari/structs/rule.rb', line 220

def from_path_or_id(path_or_id)
  rule = from_path(path_or_id)
  return rule unless rule.nil?

  rule = from_id(path_or_id)
  return rule unless rule.nil?

  raise ArgumentError, "#{path_or_id} does not exist"
end

.from_yaml(yaml) ⇒ Mihari::Structs::Rule

Load rule from YAML string

Parameters:

  • yaml (String)

Returns:



174
175
176
177
178
 
# File 'lib/mihari/structs/rule.rb', line 174

def from_yaml(yaml)
  Structs::Rule.new YAML.safe_load(ERB.new(yaml).result, permitted_classes: [Date, Symbol])
rescue Psych::SyntaxError => e
  raise YAMLSyntaxError, e.message
end

Instance Method Details

#[](key) ⇒ Object 



58
59
60
 
# File 'lib/mihari/structs/rule.rb', line 58

def [](key)
  data[key.to_sym]
end

#analyzerMihari::Analyzers::Rule

Returns:



162
163
164
 
# File 'lib/mihari/structs/rule.rb', line 162

def analyzer
  Mihari::Analyzers::Rule.new(rule: self)
end

#artifact_lifetimeInteger?

Returns:

  • (Integer, nil) 


135
136
137
 
# File 'lib/mihari/structs/rule.rb', line 135

def artifact_lifetime
  @artifact_lifetime ||= data[:artifact_lifetime]
end

#data_typesArray<String>

Returns:

  • (Array<String>) 


100
101
102
 
# File 'lib/mihari/structs/rule.rb', line 100

def data_types
  @data_types ||= data[:data_types]
end

#descriptionString

Returns:

  • (String) 


79
80
81
 
# File 'lib/mihari/structs/rule.rb', line 79

def description
  @description ||= data[:description]
end

#emittersArray<Hash>

Returns:

  • (Array<Hash>) 


121
122
123
 
# File 'lib/mihari/structs/rule.rb', line 121

def emitters
  @emitters ||= data[:emitters]
end

#enrichersArray<Hash>

Returns:

  • (Array<Hash>) 


128
129
130
 
# File 'lib/mihari/structs/rule.rb', line 128

def enrichers
  @enrichers ||= data[:enrichers]
end

#errors?Boolean

Returns:

  • (Boolean) 


35
36
37
38
39
 
# File 'lib/mihari/structs/rule.rb', line 35

def errors?
  return false if @errors.nil?

  !@errors.empty?
end

#falsepositivesArray<String>

Returns:

  • (Array<String>) 


114
115
116
 
# File 'lib/mihari/structs/rule.rb', line 114

def falsepositives
  @falsepositives ||= data[:falsepositives]
end

#idString

Returns:

  • (String) 


65
66
67
 
# File 'lib/mihari/structs/rule.rb', line 65

def id
  @id ||= data[:id]
end

#modelMihari::Rule

Returns:



142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
 
# File 'lib/mihari/structs/rule.rb', line 142

def model
  rule = Mihari::Rule.find(id)

  rule.title = title
  rule.description = description
  rule.data = data

  rule
rescue ActiveRecord::RecordNotFound
  Mihari::Rule.new(
    id: id,
    title: title,
    description: description,
    data: data
  )
end

#queriesArray<Hash>

Returns:

  • (Array<Hash>) 


93
94
95
 
# File 'lib/mihari/structs/rule.rb', line 93

def queries
  @queries ||= data[:queries]
end

#tagsArray<String>

Returns:

  • (Array<String>) 


107
108
109
 
# File 'lib/mihari/structs/rule.rb', line 107

def tags
  @tags ||= data[:tags]
end

#titleString

Returns:

  • (String) 


72
73
74
 
# File 'lib/mihari/structs/rule.rb', line 72

def title
  @title ||= data[:title]
end

#validateObject 



41
42
43
44
45
46
47
 
# File 'lib/mihari/structs/rule.rb', line 41

def validate
  contract = Schemas::RuleContract.new
  result = contract.call(data)

  @data = result.to_h
  @errors = result.errors
end

#validate!Object 



49
50
51
52
53
54
55
56
 
# File 'lib/mihari/structs/rule.rb', line 49

def validate!
  raise RuleValidationError if errors?
rescue RuleValidationError => e
  Mihari.logger.error "Failed to parse the input as a rule:"
  Mihari.logger.error JSON.pretty_generate(errors.to_h)

  raise e
end

#yamlString

Returns:

  • (String) 


86
87
88
 
# File 'lib/mihari/structs/rule.rb', line 86

def yaml
  @yaml ||= data.deep_stringify_keys.to_yaml
end