Sha256: 9e3168f7237ccab6b05a143950c4aaaf4038bf18d4bd61d0d8f964ed4a33ebc6
Contents?: true
Size: 1.76 KB
Versions: 10
Compression:
Stored size: 1.76 KB
Contents
# frozen_string_literal: true
module Mihari
module Commands
module Search
include Mixins::Database
include Mixins::Rule
include Mixins::ErrorNotification
def self.included(thor)
thor.class_eval do
desc "search [RULE]", "Search by a rule"
method_option :yes, type: :boolean, aliases: "-y", desc: "yes to overwrite the rule in the database"
def search_by_rule(path_or_id)
rule = load_rule(path_or_id)
# validate
begin
validate_rule! rule
rescue RuleValidationError => e
raise e
end
# check update
id = rule.id
yes = options["yes"] || false
unless yes
with_db_connection do
rule_ = Mihari::Rule.find(id)
next if rule.yaml == rule_.yaml
return unless yes?("This operation will overwrite the rule in the database (Rule ID: #{id}). Are you sure you want to update the rule? (yes/no)")
rescue ActiveRecord::RecordNotFound
next
end
end
analyzer = rule.to_analyzer
with_error_notification do
alert = analyzer.run
if alert
data = Mihari::Entities::Alert.represent(alert)
puts JSON.pretty_generate(data.as_json)
else
Mihari.logger.info "There is no new artifact"
end
# record a rule
with_db_connection do
model = rule.to_model
model.save
rescue ActiveRecord::RecordNotUnique
nil
end
end
end
end
end
end
end
end
Version data entries
10 entries across 10 versions & 1 rubygems