Class: Mihari::Analyzers::Urlscan

Inherits:

Base

• Object
• Mihari::Actor
• Base
• Mihari::Analyzers::Urlscan

Defined in:

lib/mihari/analyzers/urlscan.rb

Overview

urlscan.io analyzer

Constant Summary

SUPPORTED_DATA_TYPES =

%w[url domain ip].freeze

Constants included from Concerns::Retriable

Concerns::Retriable::DEFAULT_CONDITION, Concerns::Retriable::RETRIABLE_ERRORS

Instance Attribute Summary

• #allowed_data_types ⇒ Array<String> readonly
• #api_key ⇒ String^? readonly

Attributes inherited from Base

#query

Attributes inherited from Mihari::Actor

#options

Class Method Summary

• .configuration_keys ⇒ Object

Instance Method Summary

• #artifacts ⇒ Object
• #initialize(query, options: nil, api_key: nil, allowed_data_types: SUPPORTED_DATA_TYPES) ⇒ Urlscan constructor

  A new instance of Urlscan.

Methods inherited from Base

#call, from_query, #ignore_error?, inherited, #normalized_artifacts, #pagination_interval, #pagination_limit, #parallel?, #result, #truncated_query

Methods inherited from Mihari::Actor

#call, key, key_aliases, keys, #result, #retry_exponential_backoff, #retry_interval, #retry_times, #timeout, type, #validate_configuration!

Methods included from Concerns::Retriable

#retry_on_error

Methods included from Concerns::Configurable

#configuration_keys?, #configured?

Constructor Details

#initialize(query, options: nil, api_key: nil, allowed_data_types: SUPPORTED_DATA_TYPES) ⇒ Urlscan

Returns a new instance of Urlscan.

Parameters:

• query (String)
• options (Hash, nil) (defaults to: nil)
• api_key (String, nil) (defaults to: nil)
• allowed_data_types (Array<String>) (defaults to: SUPPORTED_DATA_TYPES)

Raises:

• (ValueError)

# File 'lib/mihari/analyzers/urlscan.rb', line 23

def initialize(query, options: nil, api_key: nil, allowed_data_types: SUPPORTED_DATA_TYPES)
  super(query, options: options)

  @api_key = api_key || Mihari.config.urlscan_api_key
  @allowed_data_types = allowed_data_types

  return if valid_allowed_data_types?

  raise ValueError, "allowed_data_types should be any of url, domain and ip."
end

Instance Attribute Details

#allowed_data_types ⇒ Array<String> (readonly)

Returns:

• (Array<String>)

# File 'lib/mihari/analyzers/urlscan.rb', line 15

def allowed_data_types
  @allowed_data_types
end

#api_key ⇒ String^? (readonly)

Returns:

• (String, nil)

# File 'lib/mihari/analyzers/urlscan.rb', line 12

def api_key
  @api_key
end

Class Method Details

.configuration_keys ⇒ Object

# File 'lib/mihari/analyzers/urlscan.rb', line 41

def configuration_keys
  %w[urlscan_api_key]
end

Instance Method Details

#artifacts ⇒ Object

# File 'lib/mihari/analyzers/urlscan.rb', line 34

def artifacts
  # @type [Array<Mihari::Models::Artifact>]
  artifacts = client.search_with_pagination(query, pagination_limit: pagination_limit).map(&:artifacts).flatten
  artifacts.select { |artifact| allowed_data_types.include? artifact.data_type }
end