Sha256: 995abfef616941b20b6a5d1e7a55d31c258fe6c78605f05c0af78600a7732c43

Contents?: true

Size: 1.22 KB

Versions: 5

Compression:

Stored size: 1.22 KB

Contents

# frozen_string_literal: true

require "onyphe"

module Mihari
  module Analyzers
    class Onyphe < Base
      attr_reader :title, :description, :query, :tags

      def initialize(query, title: nil, description: nil, tags: [])
        super()

        @query = query
        @title = title || "Onyphe lookup"
        @description = description || "query = #{query}"
        @tags = tags
      end

      def artifacts
        results = search
        return [] unless results

        flat_results = results.map do |result|
          result["results"]
        end.flatten.compact

        flat_results.map { |result| result["ip"] }.compact.uniq
      end

      private

      PAGE_SIZE = 10

      def config_keys
        %w[onyphe_api_key]
      end

      def api
        @api ||= ::Onyphe::API.new(Mihari.config.onyphe_api_key)
      end

      def search_with_page(query, page: 1)
        api.simple.datascan(query, page: page)
      end

      def search
        responses = []
        (1..Float::INFINITY).each do |page|
          res = search_with_page(query, page: page)
          responses << res
          total = res["total"].to_i
          break if total <= page * PAGE_SIZE
        end
        responses
      end
    end
  end
end

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
mihari-2.4.0 lib/mihari/analyzers/onyphe.rb
mihari-2.3.1 lib/mihari/analyzers/onyphe.rb
mihari-2.3.0 lib/mihari/analyzers/onyphe.rb
mihari-2.2.1 lib/mihari/analyzers/onyphe.rb
mihari-2.2.0 lib/mihari/analyzers/onyphe.rb