Class: Mihari::Analyzers::Base

Inherits:

Mihari::Actor

• Object
• Mihari::Actor
• Mihari::Analyzers::Base

Defined in:

lib/mihari/analyzers/base.rb

Overview

Base class for analyzers

Direct Known Subclasses

BinaryEdge, CIRCL, Censys, Crtsh, DNSTwister, Feed, Fofa, GreyNoise, HunterHow, OTX, Onyphe, PassiveTotal, Pulsedive, SecurityTrails, Shodan, Urlscan, VirusTotal, VirusTotalIntelligence, ZoomEye

Constant Summary

Constants included from Concerns::Retriable

Concerns::Retriable::DEFAULT_CONDITION, Concerns::Retriable::RETRIABLE_ERRORS

Instance Attribute Summary

• #query ⇒ String readonly

Attributes inherited from Mihari::Actor

#options

Class Method Summary

• .from_query(params) ⇒ Mihari::Analyzers::Base

  Initialize an analyzer by query params.

• .inherited(child) ⇒ Object

Instance Method Summary

• #artifacts ⇒ Array<String>, Array<Mihari::Models::Artifact>
• #call ⇒ Array<Mihari::Models::Artifact>
• #ignore_error? ⇒ Boolean
• #initialize(query, options: nil) ⇒ Base constructor

  A new instance of Base.

• #normalized_artifacts ⇒ Array<Mihari::Models::Artifact>

  Normalize artifacts - Convert data (string) into an artifact - Reject an invalid artifact.

• #pagination_interval ⇒ Integer
• #pagination_limit ⇒ Integer
• #parallel? ⇒ Boolean
• #result ⇒ Object
• #truncated_query ⇒ String

  Truncate query for logging.

Methods inherited from Mihari::Actor

key, key_aliases, keys, #retry_exponential_backoff, #retry_interval, #retry_times, #timeout, type, #validate_configuration!

Methods included from Concerns::Retriable

#retry_on_error

Methods included from Concerns::Configurable

#configuration_keys?, #configured?

Constructor Details

#initialize(query, options: nil) ⇒ Base

Returns a new instance of Base.

Parameters:

• query (String)
• options (Hash, nil) (defaults to: nil)

# File 'lib/mihari/analyzers/base.rb', line 16

def initialize(query, options: nil)
  super(options: options)

  @query = query
end

Instance Attribute Details

#query ⇒ String (readonly)

Returns:

• (String)

# File 'lib/mihari/analyzers/base.rb', line 10

def query
  @query
end

Class Method Details

.from_query(params) ⇒ Mihari::Analyzers::Base

Initialize an analyzer by query params

Parameters:

• params (Hash)

Returns:

• (Mihari::Analyzers::Base)

# File 'lib/mihari/analyzers/base.rb', line 121

def from_query(params)
  copied = params.deep_dup

  # convert params into arguments for initialization
  query = copied[:query]

  # delete analyzer and query
  i[analyzer query].each { |key| copied.delete key }

  copied[:options] = copied[:options] || nil

  new(query, **copied)
end

.inherited(child) ⇒ Object

# File 'lib/mihari/analyzers/base.rb', line 135

def inherited(child)
  super
  Mihari.analyzers << child
end

Instance Method Details

#artifacts ⇒ Array<String>, Array<Mihari::Models::Artifact>

Returns:

• (Array<String>, Array<Mihari::Models::Artifact>)

Raises:

• (NotImplementedError)

# File 'lib/mihari/analyzers/base.rb', line 51

def artifacts
  raise NotImplementedError, "You must implement #{self.class}##{__method__}"
end

#call ⇒ Array<Mihari::Models::Artifact>

Returns:

• (Array<Mihari::Models::Artifact>)

# File 'lib/mihari/analyzers/base.rb', line 78

def call
  normalized_artifacts
end

#ignore_error? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mihari/analyzers/base.rb', line 39

def ignore_error?
  options[:ignore_error] || Mihari.config.ignore_error
end

#normalized_artifacts ⇒ Array<Mihari::Models::Artifact>

Normalize artifacts

• Convert data (string) into an artifact

• Reject an invalid artifact

Returns:

• (Array<Mihari::Models::Artifact>)

# File 'lib/mihari/analyzers/base.rb', line 62

def normalized_artifacts
  artifacts.compact.sort.map do |artifact|
    # No need to set data_type manually
    # It is set automatically in #initialize
    artifact = artifact.is_a?(Models::Artifact) ? artifact : Models::Artifact.new(data: artifact)

    artifact.source = self.class.key
    artifact.query = query

    artifact
  end.select(&:valid?).uniq(&:data)
end

#pagination_interval ⇒ Integer

Returns:

• (Integer)

# File 'lib/mihari/analyzers/base.rb', line 25

def pagination_interval
  options[:pagination_interval] || Mihari.config.pagination_interval
end

#pagination_limit ⇒ Integer

Returns:

• (Integer)

# File 'lib/mihari/analyzers/base.rb', line 32

def pagination_limit
  options[:pagination_limit] || Mihari.config.pagination_limit
end

#parallel? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mihari/analyzers/base.rb', line 46

def parallel?
  options[:parallel] || Mihari.config.parallel
end

#result ⇒ Object

# File 'lib/mihari/analyzers/base.rb', line 82

def result(...)
  result = Try[StandardError] do
    retry_on_error(
      times: retry_times,
      interval: retry_interval,
      exponential_backoff: retry_exponential_backoff
    ) do
      call(...)
    end
  end.to_result

  return result if result.success?

  # Wrap failure with AnalyzerError to explicitly name a failed analyzer
  error = AnalyzerError.new(result.failure.message, self.class.key, cause: result.failure)
  return Failure(error) unless ignore_error?

  # Return Success if ignore_error? is true with logging
  Mihari.logger.warn("Analyzer:#{self.class.key} with #{truncated_query} failed - #{result.failure}")
  Success([])
end

#truncated_query ⇒ String

Truncate query for logging

Returns:

• (String)

# File 'lib/mihari/analyzers/base.rb', line 109

def truncated_query
  query.truncate(32)
end