Class: Mihari::Analyzers::Base

Inherits:

Mihari::Actor

• Object
• Mihari::Actor
• Mihari::Analyzers::Base

Defined in:

lib/mihari/analyzers/base.rb

Overview

Base class for analyzers

Direct Known Subclasses

BinaryEdge, CIRCL, Censys, Crtsh, DNSTwister, Feed, Fofa, GreyNoise, HunterHow, OTX, Onyphe, PassiveTotal, Pulsedive, SecurityTrails, Shodan, Urlscan, Validin, VirusTotal, VirusTotalIntelligence, ZoomEye

Constant Summary

Constants included from Concerns::Retriable

Concerns::Retriable::DEFAULT_CONDITION, Concerns::Retriable::RETRIABLE_ERRORS

Instance Attribute Summary

• #query ⇒ String readonly

Attributes inherited from Mihari::Actor

#options

Class Method Summary

• .from_params(params) ⇒ Mihari::Analyzers::Base

  Initialize an analyzer by query params.

• .inherited(child) ⇒ Object

Instance Method Summary

• #artifacts ⇒ Array<String>, Array<Mihari::Models::Artifact>
• #call ⇒ Array<Mihari::Models::Artifact>
• #ignore_error? ⇒ Boolean
• #initialize(query, options: nil) ⇒ Base constructor

  A new instance of Base.

• #normalized_artifacts ⇒ Array<Mihari::Models::Artifact>

  Normalize artifacts - Convert data (string) into an artifact - Reject an invalid artifact.

• #pagination_interval ⇒ Integer
• #pagination_limit ⇒ Integer
• #parallel? ⇒ Boolean
• #result ⇒ Object
• #truncated_query ⇒ String

  Truncate query for logging.

Methods inherited from Mihari::Actor

configuration_keys, key, key_aliases, keys, #retry_exponential_backoff, #retry_interval, #retry_times, #timeout, type, #validate_configuration!

Methods included from Concerns::Retriable

#retry_on_error

Methods included from Concerns::Configurable

#configuration_keys?, #configured?

Constructor Details

#initialize(query, options: nil) ⇒ Base

Returns a new instance of Base.

Parameters:

• query (String)
• options (Hash, nil) (defaults to: nil)

# File 'lib/mihari/analyzers/base.rb', line 16

def initialize(query, options: nil)
  super(options:)

  @query = query
end

Instance Attribute Details

#query ⇒ String (readonly)

Returns:

• (String)

# File 'lib/mihari/analyzers/base.rb', line 10

def query
  @query
end

Class Method Details

.from_params(params) ⇒ Mihari::Analyzers::Base

Initialize an analyzer by query params

Parameters:

• params (Hash)

Returns:

• (Mihari::Analyzers::Base)

# File 'lib/mihari/analyzers/base.rb', line 119

def from_params(params)
  query = params.delete(:query)
  new(query, **params)
end

.inherited(child) ⇒ Object

# File 'lib/mihari/analyzers/base.rb', line 124

def inherited(child)
  super
  Mihari.analyzers << child
end

Instance Method Details

#artifacts ⇒ Array<String>, Array<Mihari::Models::Artifact>

Returns:

• (Array<String>, Array<Mihari::Models::Artifact>)

Raises:

• (NotImplementedError)

# File 'lib/mihari/analyzers/base.rb', line 51

def artifacts
  raise NotImplementedError, "You must implement #{self.class}##{__method__}"
end

#call ⇒ Array<Mihari::Models::Artifact>

Returns:

• (Array<Mihari::Models::Artifact>)

# File 'lib/mihari/analyzers/base.rb', line 76

def call
  normalized_artifacts
end

#ignore_error? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mihari/analyzers/base.rb', line 39

def ignore_error?
  options[:ignore_error] || Mihari.config.ignore_error
end

#normalized_artifacts ⇒ Array<Mihari::Models::Artifact>

Normalize artifacts

• Convert data (string) into an artifact

• Reject an invalid artifact

Returns:

• (Array<Mihari::Models::Artifact>)

# File 'lib/mihari/analyzers/base.rb', line 62

def normalized_artifacts
  artifacts.compact.sort.map do |artifact|
    # No need to set data_type manually
    # It is set automatically in #initialize
    (artifact.is_a?(Models::Artifact) ? artifact : Models::Artifact.new(data: artifact)).tap do |normalized|
      normalized.source = self.class.key
      normalized.query = query
    end
  end.select(&:valid?).uniq(&:data)
end

#pagination_interval ⇒ Integer

Returns:

• (Integer)

# File 'lib/mihari/analyzers/base.rb', line 25

def pagination_interval
  options[:pagination_interval] || Mihari.config.pagination_interval
end

#pagination_limit ⇒ Integer

Returns:

• (Integer)

# File 'lib/mihari/analyzers/base.rb', line 32

def pagination_limit
  options[:pagination_limit] || Mihari.config.pagination_limit
end

#parallel? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/mihari/analyzers/base.rb', line 46

def parallel?
  options[:parallel] || Mihari.config.analyzer_parallelism
end

#result ⇒ Object

# File 'lib/mihari/analyzers/base.rb', line 80

def result(...)
  result = Try[StandardError] do
    retry_on_error(
      times: retry_times,
      interval: retry_interval,
      exponential_backoff: retry_exponential_backoff
    ) do
      call(...)
    end
  end.to_result

  return result if result.success?

  # Wrap failure with AnalyzerError to explicitly name a failed analyzer
  error = AnalyzerError.new(result.failure.message, self.class.key, cause: result.failure)
  return Failure(error) unless ignore_error?

  # Return Success if ignore_error? is true with logging
  Mihari.logger.warn("Analyzer:#{self.class.key} with #{truncated_query} failed - #{result.failure}")
  Success([])
end

#truncated_query ⇒ String

Truncate query for logging

Returns:

• (String)

# File 'lib/mihari/analyzers/base.rb', line 107

def truncated_query
  query.truncate(32)
end