lib/mihari/models/artifact.rb in mihari-4.12.0 vs lib/mihari/models/artifact.rb in mihari-5.0.0

@@ -23,42 +23,53 @@
 
     include ActiveModel::Validations
 
     validates_with ArtifactValidator
 
+    # @return [Array<Mihari::Tag>] Tags
     attr_accessor :tags
 
+    # @return [String, nil] Rule ID
+    attr_accessor :rule_id
+
     def initialize(*args, **kwargs)
       attrs = args.first || kwargs
       data_ = attrs[:data]
 
       raise InvalidArtifactFormatError if data_.is_a?(Array) || data_.is_a?(Hash)
 
       super(*args, **kwargs)
 
       self.data_type = TypeChecker.type(data)
-      self.tags = []
+
+      @tags = []
+      @rule_id = ""
     end
 
     #
     # Check uniqueness of artifact
     #
-    # @param [Boolean] ignore_old_artifacts
-    # @param [Integer] ignore_threshold
+    # @param [Time, nil] base_time Base time to check decaying
+    # @param [Integer, nil] artifact_lifetime Artifact lifetime (TTL) in seconds
     #
     # @return [Boolean] true if it is unique. Otherwise false.
     #
-    def unique?(ignore_old_artifacts: false, ignore_threshold: 0)
-      artifact = self.class.where(data: data).order(created_at: :desc).first
+    def unique?(base_time: nil, artifact_lifetime: nil)
+      artifact = self.class.joins(:alert).where(
+        data: data,
+        alert: { rule_id: rule_id }
+      ).order(created_at: :desc).first
       return true if artifact.nil?
 
-      return false unless ignore_old_artifacts
+      # check whetehr the artifact is decayed or not
+      return false if artifact_lifetime.nil?
 
-      days_before = (-ignore_threshold).days.from_now.utc
-      # if an artifact is created before {ignore_threshold} days, ignore it
-      #                           within {ignore_threshold} days, do not ignore it
-      artifact.created_at < days_before
+      # use the current UTC time if base_time is not given (for testing)
+      base_time ||= Time.now.utc
+
+      decayed_at = base_time - (artifact_lifetime || -1).seconds
+      artifact.created_at < decayed_at
     end
 
     #
     # Enrich(add) whois record
     #
@@ -137,17 +148,17 @@
 
     ENRICH_METHODS_BY_ENRICHER = {
       whois: [
         :enrich_whois
       ],
-      ipinfo: [
-        :enrich_autonomous_system,
-        :enrich_geolocation
+      ipinfo: %i[
+        enrich_autonomous_system
+        enrich_geolocation
       ],
-      shodan: [
-        :enrich_ports,
-        :enrich_cpes,
-        :enrich_reverse_dns
+      shodan: %i[
+        enrich_ports
+        enrich_cpes
+        enrich_reverse_dns
       ],
       google_public_dns: [
         :enrich_dns
       ]
     }.freeze