lib/mihari/rule.rb in mihari-6.3.0 vs lib/mihari/rule.rb in mihari-7.0.0
- old
+ new
@@ -1,10 +1,10 @@
# frozen_string_literal: true
module Mihari
class Rule < Service
- include Mixins::FalsePositive
+ include Concerns::FalsePositiveValidatable
# @return [Hash]
attr_reader :data
# @return [Array, nil]
@@ -82,46 +82,50 @@
def data_types
data[:data_types]
end
#
- # @return [Array<String>]
+ # @return [Array<Mihari::Models::Tag>]
#
def tags
- data[:tags]
+ data[:tags].uniq.filter_map do |name|
+ Models::Tag.find_or_create_by(name: name)
+ end
end
#
+ # @return [Array<Mihari::Models::Tagging>]
+ #
+ def taggings
+ tags.map { |tag| Models::Tagging.find_or_create_by(tag_id: tag.id, rule_id: id) }
+ end
+
+ #
# @return [Array<String, RegExp>]
#
def falsepositives
@falsepositives ||= data[:falsepositives].map { |fp| normalize_falsepositive fp }
end
#
# @return [Integer, nil]
#
- def artifact_lifetime
- data[:artifact_lifetime] || data[:artifact_ttl]
+ def artifact_ttl
+ data[:artifact_ttl]
end
#
# Returns a list of artifacts matched with queries/analyzers (with the rule ID)
#
# @return [Array<Mihari::Models::Artifact>]
#
def artifacts
analyzer_results.flat_map do |result|
- case result
- when Success
- artifacts = result.value!
- artifacts.map do |artifact|
- artifact.rule_id = id
- artifact
- end
- else
- raise result.failure unless analyzer.ignore_error?
+ artifacts = result.value!
+ artifacts.map do |artifact|
+ artifact.rule_id = id
+ artifact
end
end
end
#
@@ -144,11 +148,11 @@
#
# @return [Array<Mihari::Models::Artifact>]
#
def unique_artifacts
normalized_artifacts.select do |artifact|
- artifact.unique?(base_time: base_time, artifact_lifetime: artifact_lifetime)
+ artifact.unique?(base_time: base_time, artifact_ttl: artifact_ttl)
end
end
#
# Enriched artifacts
@@ -204,23 +208,23 @@
#
# @return [Mihari::Models::Rule]
#
def model
- rule = Mihari::Models::Rule.find(id)
-
- rule.title = title
- rule.description = description
- rule.data = data
-
- rule
+ Mihari::Models::Rule.find(id).tap do |rule|
+ rule.title = title
+ rule.description = description
+ rule.data = data
+ rule.taggings = taggings
+ end
rescue ActiveRecord::RecordNotFound
Mihari::Models::Rule.new(
id: id,
title: title,
description: description,
- data: data
+ data: data,
+ taggings: taggings
)
end
#
# @return [Boolean]
@@ -230,10 +234,17 @@
model.data != data.deep_stringify_keys
rescue ActiveRecord::RecordNotFound
false
end
+ #
+ # @return [Boolean]
+ #
+ def exists?
+ Mihari::Models::Rule.exists? id
+ end
+
def update_or_create
model.save
end
class << self
@@ -307,10 +318,10 @@
analyzers.reject(&:parallel?)
end
# @return [Array<Dry::Monads::Result::Success<Array<Mihari::Models::Artifact>>, Dry::Monads::Result::Failure>]
def analyzer_results
- parallel_results = Parallel.map(parallel_analyzers) { |analyzer| analyzer.result }
+ parallel_results = Parallel.map(parallel_analyzers, &:result)
serial_results = serial_analyzers.map(&:result)
parallel_results + serial_results
end
#