lib/mihari/analyzers/rule.rb in mihari-5.4.0 vs lib/mihari/analyzers/rule.rb in mihari-5.4.1
- old
+ new
@@ -53,16 +53,19 @@
validate_analyzer_configurations
end
#
- # Returns a list of artifacts matched with queries/analyzers
+ # Returns a list of artifacts matched with queries/analyzers (with the rule ID)
#
# @return [Array<Mihari::Artifact>]
#
def artifacts
- analyzers.flat_map(&:normalized_artifacts)
+ analyzers.flat_map(&:normalized_artifacts).map do |artifact|
+ artifact.rule_id = rule.id
+ artifact
+ end
end
#
# Normalize artifacts
# - Reject invalid artifacts (for just in case)
@@ -71,27 +74,22 @@
# - Set rule ID
#
# @return [Array<Mihari::Artifact>]
#
def normalized_artifacts
- @normalized_artifacts ||= artifacts.uniq(&:data).select(&:valid?).select do |artifact|
- rule.data_types.include? artifact.data_type
- end.reject do |artifact|
- falsepositive? artifact.data
- end.map do |artifact|
- artifact.rule_id = rule.id
- artifact
- end
+ valid_artifacts = artifacts.uniq(&:data).select(&:valid?)
+ date_type_allowed_artifacts = valid_artifacts.select { |artifact| rule.data_types.include? artifact.data_type }
+ date_type_allowed_artifacts.reject { |artifact| falsepositive? artifact.data }
end
#
# Uniquify artifacts (assure rule level uniqueness)
#
# @return [Array<Mihari::Artifact>]
#
def unique_artifacts
- @unique_artifacts ||= normalized_artifacts.select do |artifact|
+ normalized_artifacts.select do |artifact|
artifact.unique?(base_time: base_time, artifact_lifetime: rule.artifact_lifetime)
end
end
#
@@ -215,10 +213,13 @@
#
# Validate configuration of analyzers
#
def validate_analyzer_configurations
analyzers.map do |analyzer|
- raise ConfigurationError, "#{analyzer.source} is not configured correctly" unless analyzer.configured?
+ next if analyzer.configured?
+
+ message = "#{analyzer.source} is not configured correctly. #{analyzer.configuration_keys.join(", ")} is/are missing."
+ raise ConfigurationError, message
end
end
end
end
end