Contents

# frozen_string_literal: true

require "onyphe"

module Mihari
  module Analyzers
    class Onyphe < Base
      param :query
      option :title, default: proc { "Onyphe search" }
      option :description, default: proc { "query = #{query}" }
      option :tags, default: proc { [] }

      def artifacts
        results = search
        return [] unless results

        flat_results = results.map do |result|
          result["results"]
        end.flatten.compact

        flat_results.filter_map { |result| result["ip"] }.uniq
      end

      private

      PAGE_SIZE = 10

      def configuration_keys
        %w[onyphe_api_key]
      end

      def api
        @api ||= ::Onyphe::API.new(Mihari.config.onyphe_api_key)
      end

      def search_with_page(query, page: 1)
        api.simple.datascan(query, page: page)
      end

      def search
        responses = []
        (1..Float::INFINITY).each do |page|
          res = search_with_page(query, page: page)
          responses << res
          total = res["total"].to_i
          break if total <= page * PAGE_SIZE
        end
        responses
      end
    end
  end
end

Version data entries

8 entries across 8 versions & 1 rubygems

Version	Path
mihari-3.5.0	lib/mihari/analyzers/onyphe.rb
mihari-3.4.1	lib/mihari/analyzers/onyphe.rb
mihari-3.4.0	lib/mihari/analyzers/onyphe.rb
mihari-3.3.0	lib/mihari/analyzers/onyphe.rb
mihari-3.2.0	lib/mihari/analyzers/onyphe.rb
mihari-3.1.0	lib/mihari/analyzers/onyphe.rb
mihari-3.0.1	lib/mihari/analyzers/onyphe.rb
mihari-3.0.0	lib/mihari/analyzers/onyphe.rb