lib/mihari/analyzers/rule.rb in mihari-5.4.9 vs lib/mihari/analyzers/rule.rb in mihari-5.5.0

@@ -33,21 +33,28 @@
       "slack" => Emitters::Slack,
       "the_hive" => Emitters::TheHive,
       "webhook" => Emitters::Webhook
     }.freeze
 
+    ENRICHER_TO_CLASS = {
+      "whois" => Enrichers::Whois,
+      "ipinfo" => Enrichers::IPInfo,
+      "shodan" => Enrichers::Shodan,
+      "google_public_dns" => Enrichers::GooglePublicDNS
+    }.freeze
+
     class Rule
       include Mixins::FalsePositive
 
-      # @return [Mihari::Services::Rule]
+      # @return [Mihari::Services::RuleProxy]
       attr_reader :rule
 
       # @return [Time]
       attr_reader :base_time
 
       #
-      # @param [Mihari::Services::Rule] rule
+      # @param [Mihari::Services::RuleProxy] rule
       #
       def initialize(rule)
         @rule = rule
         @base_time = Time.now.utc
 
@@ -104,11 +111,11 @@
       #
       # @return [Array<Mihari::Artifact>]
       #
       def enriched_artifacts
         @enriched_artifacts ||= Parallel.map(unique_artifacts) do |artifact|
-          rule.enrichers.each { |enricher| artifact.enrich_by_enricher enricher[:enricher] }
+          enrichers.each { |enricher| artifact.enrich_by_enricher enricher }
           artifact
         end
       end
 
       #
@@ -192,28 +199,57 @@
 
         raise ArgumentError, "#{emitter_name} is not supported"
       end
 
       #
-      # Deep copied emitters
-      #
       # @return [Array<Mihari::Emitters::Base>]
       #
       def emitters
         rule.emitters.map(&:deep_dup).map do |params|
           name = params[:emitter]
-          params.delete(:emitter)
+          options = params[:options]
 
+          %i[emitter options].each { |key| params.delete key }
+
           klass = get_emitter_class(name)
-          klass.new(artifacts: enriched_artifacts, rule: rule, **params)
+          klass.new(artifacts: enriched_artifacts, rule: rule, options: options, **params)
         end
       end
 
       #
       # @return [Array<Mihari::Emitters::Base>]
       #
       def valid_emitters
         emitters.select(&:valid?)
+      end
+
+      #
+      # Get enricher class
+      #
+      # @param [String] enricher_name
+      #
+      # @return [Class<Mihari::Enrichers::Base>] enricher class
+      #
+      def get_enricher_class(enricher_name)
+        enricher = ENRICHER_TO_CLASS[enricher_name]
+        return enricher if enricher
+
+        raise ArgumentError, "#{enricher_name} is not supported"
+      end
+
+      #
+      # @return [Array<Mihari::Enrichers::Base>] enrichers
+      #
+      def enrichers
+        @enrichers ||= rule.enrichers.map(&:deep_dup).map do |params|
+          name = params[:enricher]
+          options = params[:options]
+
+          %i[enricher options].each { |key| params.delete key }
+
+          klass = get_enricher_class(name)
+          klass.new(options: options, **params)
+        end
       end
 
       #
       # Validate configuration of analyzers
       #