lib/mihari/rule.rb in mihari-7.2.0 vs lib/mihari/rule.rb in mihari-7.3.0
- old
+ new
@@ -172,12 +172,14 @@
# Enriched artifacts
#
# @return [Array<Mihari::Models::Artifact>]
#
def enriched_artifacts
- @enriched_artifacts ||= Parallel.map(unique_artifacts) do |artifact|
- enrichers.each { |enricher| artifact.enrich_by_enricher enricher }
+ @enriched_artifacts ||= unique_artifacts.map do |artifact|
+ serial_enrichers.each { |enricher| enricher.result(artifact) }
+ Parallel.each(parallel_enrichers) { |enricher| enricher.result(artifact) }
+
artifact
end
end
#
@@ -186,11 +188,14 @@
# @return [Array<Mihari::Models::Alert>]
#
def bulk_emit
return [] if enriched_artifacts.empty?
- Parallel.map(emitters) { |emitter| emitter.result(enriched_artifacts).value_or nil }.compact
+ [].tap do |out|
+ out << serial_emitters.map { |emitter| emitter.result(enriched_artifacts).value_or(nil) }
+ out << Parallel.map(parallel_emitters) { |emitter| emitter.result(enriched_artifacts).value_or(nil) }
+ end.flatten.compact
end
#
# Set artifacts & run emitters in parallel
#
@@ -287,15 +292,15 @@
#
# Check whether a value is a falsepositive value or not
#
# @return [Boolean]
#
- def falsepositive?(value)
- return true if falsepositives.include?(value)
+ def falsepositive?(artifact)
+ return true if falsepositives.include?(artifact)
regexps = falsepositives.select { |fp| fp.is_a?(Regexp) }
- regexps.any? { |fp| fp.match?(value) }
+ regexps.any? { |fp| fp.match?(artifact) }
end
#
# Get analyzer class
#
@@ -363,10 +368,18 @@
emitter.validate_configuration!
end
end
end
+ def parallel_emitters
+ emitters.select(&:parallel?)
+ end
+
+ def serial_emitters
+ emitters.reject(&:parallel?)
+ end
+
#
# Get enricher class
#
# @param [String] key
#
@@ -387,9 +400,17 @@
options = params.delete(:options)
klass = get_enricher_class(name)
klass.new(options: options, **params)
end
+ end
+
+ def parallel_enrichers
+ enrichers.select(&:parallel?)
+ end
+
+ def serial_enrichers
+ enrichers.reject(&:parallel?)
end
#
# Validate the data format
#