Skip to content

Commit

Permalink
Merge pull request #1002 from ninoseki/improve-logging
Browse files Browse the repository at this point in the history
Improve logging
  • Loading branch information
ninoseki authored Jan 10, 2024
2 parents e0103cb + 58323a5 commit 49883da
Show file tree
Hide file tree
Showing 14 changed files with 99 additions and 7 deletions.
11 changes: 10 additions & 1 deletion lib/mihari/analyzers/base.rb
Original file line number Diff line number Diff line change
Expand Up @@ -97,10 +97,19 @@ def result(...)
return Failure(error) unless ignore_error?

# Return Success if ignore_error? is true with logging
Mihari.logger.warn("Analyzer:#{self.class.key} failed - #{result.failure}")
Mihari.logger.warn("Analyzer:#{self.class.key} with #{truncated_query} failed - #{result.failure}")
Success([])
end

#
# Truncate query for logging
#
# @return [String]
#
def truncated_query
query.truncate(32)
end

class << self
#
# Initialize an analyzer by query params
Expand Down
12 changes: 11 additions & 1 deletion lib/mihari/emitters/base.rb
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,14 @@ def initialize(rule:, options: nil)
@rule = rule
end

# A target to emit the data
#
# @return [String]
#
def target
raise NotImplementedError, "You must implement #{self.class}##{__method__}"
end

#
# @param [Array<Mihari::Models::Artifact>] artifacts
#
Expand All @@ -38,7 +46,9 @@ def result(artifacts)
) { call(artifacts) }
end.to_result

Mihari.logger.warn("Emitter:#{self.class.key} failed - #{result.failure}") if result.failure?
if result.failure?
Mihari.logger.warn("Emitter:#{self.class.key} for #{target.truncate(32)} failed - #{result.failure}")
end

result
end
Expand Down
4 changes: 4 additions & 0 deletions lib/mihari/emitters/database.rb
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ def call(artifacts)
alert
end

def target
Mihari.config.database_url.host || Mihari.config.database_url.to_s
end

class << self
def configuration_keys
%w[database_url]
Expand Down
7 changes: 7 additions & 0 deletions lib/mihari/emitters/misp.rb
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,13 @@ def call(artifacts)
})
end

#
# @return [String]
#
def target
URI(url).host || "N/A"
end

class << self
def configuration_keys
%w[misp_url misp_api_key]
Expand Down
7 changes: 7 additions & 0 deletions lib/mihari/emitters/slack.rb
Original file line number Diff line number Diff line change
Expand Up @@ -165,6 +165,13 @@ def configured?
webhook_url?
end

#
# @return [String]
#
def target
channel
end

#
# @return [::Slack::Notifier]
#
Expand Down
7 changes: 7 additions & 0 deletions lib/mihari/emitters/the_hive.rb
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,13 @@ def configured?
api_key? && url?
end

#
# @return [String]
#
def target
URI(url).host || "N/A"
end

#
# Create a Hive alert
#
Expand Down
7 changes: 7 additions & 0 deletions lib/mihari/emitters/webhook.rb
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,13 @@ def configured?
%w[http https].include? url.scheme.downcase
end

#
# @return [String]
#
def target
URI(url).host || "N/A"
end

#
# @param [Array<Mihari::Models::Artifact>] artifacts
#
Expand Down
4 changes: 3 additions & 1 deletion lib/mihari/enrichers/base.rb
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,9 @@ def result(value)
) { call value }
end.to_result

Mihari.logger.warn("Enricher:#{self.class.key} failed: #{result.failure}") if result.failure?
if result.failure?
Mihari.logger.warn("Enricher:#{self.class.key} for #{value.truncate(32)} failed: #{result.failure}")
end

result
end
Expand Down
7 changes: 7 additions & 0 deletions spec/analyzers/analyzer_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,11 @@ def keys
expect(test.normalized_artifacts.map(&:data)).to eq(%w[1.1.1.1 2.2.2.2 example.com google.com])
end
end

describe "#truncated_query" do
it do
analyzer = AnalyzerTest.new(Faker::String.random(length: 64))
expect(analyzer.truncated_query.length).to eq(32)
end
end
end
6 changes: 6 additions & 0 deletions spec/emitters/database_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,10 @@
expect(created_artifacts.length).to eq(artifacts.length)
end
end

describe "#target" do
it do
expect(emitter.target).to be_a(String)
end
end
end
6 changes: 6 additions & 0 deletions spec/emitters/misp_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,10 @@
emitter.call artifacts
end
end

describe "#target" do
it do
expect(emitter.target).to be_a(String)
end
end
end
6 changes: 6 additions & 0 deletions spec/emitters/slack_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -72,4 +72,10 @@
expect(mock).to have_received(:post).once
end
end

describe "#target" do
it do
expect(emitter.target).to be_a(String)
end
end
end
6 changes: 6 additions & 0 deletions spec/emitters/the_hive_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -42,4 +42,10 @@
expect(mock_client).to have_received(:alert)
end
end

describe "#target" do
it do
expect(emitter.target).to be_a(String)
end
end
end
16 changes: 12 additions & 4 deletions spec/emitters/webhook_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,15 @@

describe "#configured?" do
context "without URL" do
subject(:emitter) { described_class.new(rule: rule) }
let(:emitter) { described_class.new(rule: rule) }

it do
expect(emitter.configured?).to be false
end
end

context "with URL" do
subject(:emitter) { described_class.new(rule: rule, url: url) }
let(:emitter) { described_class.new(rule: rule, url: url) }

it do
expect(emitter.configured?).to be true
Expand All @@ -28,7 +28,7 @@
end

describe "#call" do
subject(:emitter) do
let(:emitter) do
described_class.new(
rule: rule,
url: url,
Expand All @@ -45,7 +45,7 @@
end

context "with a template file" do
subject(:emitter) do
let(:emitter) do
described_class.new(
rule: rule,
url: url,
Expand All @@ -61,4 +61,12 @@
end
end
end

describe "#target" do
let(:emitter) { described_class.new(rule: rule, url: url) }

it do
expect(emitter.target).to be_a(String)
end
end
end

0 comments on commit 49883da

Please sign in to comment.