From 493f91fb5a0c37992a35abab5afba94528a75a0e Mon Sep 17 00:00:00 2001
From: Manabu Niseki <manabu.niseki@gmail.com>
Date: Wed, 10 Jan 2024 13:08:04 +0900
Subject: [PATCH 1/3] refactor: improve logging

---
 lib/mihari/analyzers/base.rb    | 11 ++++++++++-
 lib/mihari/enrichers/base.rb    |  4 +++-
 spec/analyzers/analyzer_spec.rb |  7 +++++++
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/lib/mihari/analyzers/base.rb b/lib/mihari/analyzers/base.rb
index d8a2637f..577daae6 100644
--- a/lib/mihari/analyzers/base.rb
+++ b/lib/mihari/analyzers/base.rb
@@ -97,10 +97,19 @@ def result(...)
         return Failure(error) unless ignore_error?
 
         # Return Success if ignore_error? is true with logging
-        Mihari.logger.warn("Analyzer:#{self.class.key} failed - #{result.failure}")
+        Mihari.logger.warn("Analyzer:#{self.class.key} with #{truncated_query} failed - #{result.failure}")
         Success([])
       end
 
+      #
+      # Truncate query for logging
+      #
+      # @return [String]
+      #
+      def truncated_query
+        query.truncate(32)
+      end
+
       class << self
         #
         # Initialize an analyzer by query params
diff --git a/lib/mihari/enrichers/base.rb b/lib/mihari/enrichers/base.rb
index a1478c5c..2aef9eae 100644
--- a/lib/mihari/enrichers/base.rb
+++ b/lib/mihari/enrichers/base.rb
@@ -33,7 +33,9 @@ def result(value)
           ) { call value }
         end.to_result
 
-        Mihari.logger.warn("Enricher:#{self.class.key} failed: #{result.failure}") if result.failure?
+        if result.failure?
+          Mihari.logger.warn("Enricher:#{self.class.key} for #{value.truncate(32)} failed: #{result.failure}")
+        end
 
         result
       end
diff --git a/spec/analyzers/analyzer_spec.rb b/spec/analyzers/analyzer_spec.rb
index b72f4677..cbac4a3c 100644
--- a/spec/analyzers/analyzer_spec.rb
+++ b/spec/analyzers/analyzer_spec.rb
@@ -39,4 +39,11 @@ def keys
       expect(test.normalized_artifacts.map(&:data)).to eq(%w[1.1.1.1 2.2.2.2 example.com google.com])
     end
   end
+
+  describe "#truncated_query" do
+    it do
+      analyzer = AnalyzerTest.new(Faker::String.random(length: 64))
+      expect(analyzer.truncated_query.length).to eq(32)
+    end
+  end
 end

From 88eaa6fa00be98204b6f49d3b4c93acbc0f1a6dd Mon Sep 17 00:00:00 2001
From: Manabu Niseki <manabu.niseki@gmail.com>
Date: Wed, 10 Jan 2024 19:35:34 +0900
Subject: [PATCH 2/3] refactor: set target in emitters

---
 lib/mihari/emitters/base.rb     | 12 +++++++++++-
 lib/mihari/emitters/database.rb |  4 ++++
 lib/mihari/emitters/misp.rb     |  7 +++++++
 lib/mihari/emitters/slack.rb    |  7 +++++++
 lib/mihari/emitters/the_hive.rb |  7 +++++++
 lib/mihari/emitters/webhook.rb  |  7 +++++++
 spec/emitters/database_spec.rb  |  6 ++++++
 spec/emitters/misp_spec.rb      |  6 ++++++
 spec/emitters/slack_spec.rb     |  6 ++++++
 spec/emitters/the_hive_spec.rb  |  6 ++++++
 spec/emitters/webhook_spec.rb   | 16 ++++++++++++----
 11 files changed, 79 insertions(+), 5 deletions(-)

diff --git a/lib/mihari/emitters/base.rb b/lib/mihari/emitters/base.rb
index 9d2998c7..d6392c43 100644
--- a/lib/mihari/emitters/base.rb
+++ b/lib/mihari/emitters/base.rb
@@ -19,6 +19,14 @@ def initialize(rule:, options: nil)
         @rule = rule
       end
 
+      # A target to emit the data
+      #
+      # @return [String]
+      #
+      def target
+        raise NotImplementedError, "You must implement #{self.class}##{__method__}"
+      end
+
       #
       # @param [Array<Mihari::Models::Artifact>] artifacts
       #
@@ -38,7 +46,9 @@ def result(artifacts)
           ) { call(artifacts) }
         end.to_result
 
-        Mihari.logger.warn("Emitter:#{self.class.key} failed - #{result.failure}") if result.failure?
+        if result.failure?
+          Mihari.logger.warn("Emitter:#{self.class.key} for #{target.truncate(32)} failed - #{result.failure}")
+        end
 
         result
       end
diff --git a/lib/mihari/emitters/database.rb b/lib/mihari/emitters/database.rb
index bad64172..763fbc70 100644
--- a/lib/mihari/emitters/database.rb
+++ b/lib/mihari/emitters/database.rb
@@ -21,6 +21,10 @@ def call(artifacts)
         alert
       end
 
+      def target
+        Mihari.config.database_url.host || Mihari.config.database_url.to_s
+      end
+
       class << self
         def configuration_keys
           %w[database_url]
diff --git a/lib/mihari/emitters/misp.rb b/lib/mihari/emitters/misp.rb
index 82e46c74..b46e83d4 100644
--- a/lib/mihari/emitters/misp.rb
+++ b/lib/mihari/emitters/misp.rb
@@ -56,6 +56,13 @@ def call(artifacts)
         })
       end
 
+      #
+      # @return [String]
+      #
+      def target
+        URI(url).host || "N/A"
+      end
+
       class << self
         def configuration_keys
           %w[misp_url misp_api_key]
diff --git a/lib/mihari/emitters/slack.rb b/lib/mihari/emitters/slack.rb
index 765d6d42..823a62f0 100644
--- a/lib/mihari/emitters/slack.rb
+++ b/lib/mihari/emitters/slack.rb
@@ -165,6 +165,13 @@ def configured?
         webhook_url?
       end
 
+      #
+      # @return [String]
+      #
+      def target
+        channel
+      end
+
       #
       # @return [::Slack::Notifier]
       #
diff --git a/lib/mihari/emitters/the_hive.rb b/lib/mihari/emitters/the_hive.rb
index 127c535c..493a45e9 100644
--- a/lib/mihari/emitters/the_hive.rb
+++ b/lib/mihari/emitters/the_hive.rb
@@ -33,6 +33,13 @@ def configured?
         api_key? && url?
       end
 
+      #
+      # @return [String]
+      #
+      def target
+        URI(url).host || "N/A"
+      end
+
       #
       # Create a Hive alert
       #
diff --git a/lib/mihari/emitters/webhook.rb b/lib/mihari/emitters/webhook.rb
index 444a4ccd..7080a2c7 100644
--- a/lib/mihari/emitters/webhook.rb
+++ b/lib/mihari/emitters/webhook.rb
@@ -55,6 +55,13 @@ def configured?
         %w[http https].include? url.scheme.downcase
       end
 
+      #
+      # @return [String]
+      #
+      def target
+        URI(url).host || "N/A"
+      end
+
       #
       # @param [Array<Mihari::Models::Artifact>] artifacts
       #
diff --git a/spec/emitters/database_spec.rb b/spec/emitters/database_spec.rb
index 4b389c10..12fb482a 100644
--- a/spec/emitters/database_spec.rb
+++ b/spec/emitters/database_spec.rb
@@ -18,4 +18,10 @@
       expect(created_artifacts.length).to eq(artifacts.length)
     end
   end
+
+  describe "#target" do
+    it do
+      expect(emitter.target).to eq("sqlite3::memory:")
+    end
+  end
 end
diff --git a/spec/emitters/misp_spec.rb b/spec/emitters/misp_spec.rb
index 7d933b28..94eeb843 100644
--- a/spec/emitters/misp_spec.rb
+++ b/spec/emitters/misp_spec.rb
@@ -26,4 +26,10 @@
       emitter.call artifacts
     end
   end
+
+  describe "#target" do
+    it do
+      expect(emitter.target).to be_a(String)
+    end
+  end
 end
diff --git a/spec/emitters/slack_spec.rb b/spec/emitters/slack_spec.rb
index d92f1f10..79abb657 100644
--- a/spec/emitters/slack_spec.rb
+++ b/spec/emitters/slack_spec.rb
@@ -72,4 +72,10 @@
       expect(mock).to have_received(:post).once
     end
   end
+
+  describe "#target" do
+    it do
+      expect(emitter.target).to be_a(String)
+    end
+  end
 end
diff --git a/spec/emitters/the_hive_spec.rb b/spec/emitters/the_hive_spec.rb
index 70563e00..2c9d2798 100644
--- a/spec/emitters/the_hive_spec.rb
+++ b/spec/emitters/the_hive_spec.rb
@@ -42,4 +42,10 @@
       expect(mock_client).to have_received(:alert)
     end
   end
+
+  describe "#target" do
+    it do
+      expect(emitter.target).to be_a(String)
+    end
+  end
 end
diff --git a/spec/emitters/webhook_spec.rb b/spec/emitters/webhook_spec.rb
index 998815e1..ebde8805 100644
--- a/spec/emitters/webhook_spec.rb
+++ b/spec/emitters/webhook_spec.rb
@@ -11,7 +11,7 @@
 
   describe "#configured?" do
     context "without URL" do
-      subject(:emitter) { described_class.new(rule: rule) }
+      let(:emitter) { described_class.new(rule: rule) }
 
       it do
         expect(emitter.configured?).to be false
@@ -19,7 +19,7 @@
     end
 
     context "with URL" do
-      subject(:emitter) { described_class.new(rule: rule, url: url) }
+      let(:emitter) { described_class.new(rule: rule, url: url) }
 
       it do
         expect(emitter.configured?).to be true
@@ -28,7 +28,7 @@
   end
 
   describe "#call" do
-    subject(:emitter) do
+    let(:emitter) do
       described_class.new(
         rule: rule,
         url: url,
@@ -45,7 +45,7 @@
     end
 
     context "with a template file" do
-      subject(:emitter) do
+      let(:emitter) do
         described_class.new(
           rule: rule,
           url: url,
@@ -61,4 +61,12 @@
       end
     end
   end
+
+  describe "#target" do
+    let(:emitter) { described_class.new(rule: rule, url: url) }
+
+    it do
+      expect(emitter.target).to be_a(String)
+    end
+  end
 end

From 58323a5777654149ecae21fe46cec3654966679f Mon Sep 17 00:00:00 2001
From: Manabu Niseki <manabu.niseki@gmail.com>
Date: Wed, 10 Jan 2024 19:39:49 +0900
Subject: [PATCH 3/3] fix: use be_a comparison

---
 spec/emitters/database_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/emitters/database_spec.rb b/spec/emitters/database_spec.rb
index 12fb482a..dbf317e0 100644
--- a/spec/emitters/database_spec.rb
+++ b/spec/emitters/database_spec.rb
@@ -21,7 +21,7 @@
 
   describe "#target" do
     it do
-      expect(emitter.target).to eq("sqlite3::memory:")
+      expect(emitter.target).to be_a(String)
     end
   end
 end