BackAtCha 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +20 -0
- data/README.md +55 -0
- data/Rakefile +13 -0
- data/lib/back_at_cha.rb +36 -0
- data/lib/version.rb +5 -0
- metadata +133 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 3fa1bd236ed6b6dd206c30360c373b05bae155f8e6f9b1d5421e97539ef29838
|
4
|
+
data.tar.gz: 2b05c416b01d46a4e6ee3813ef0e105429df3f62e371196f2a18f8ce994098c9
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 1ca898308d0465fe7114078de5f8987468b291e1716728cab7c5f7fa6caf343ce608b682328bc541b323930a4c5c31decee4728c74f515e2a76b6a93c5737fb2
|
7
|
+
data.tar.gz: 7c83fe13e4373fa67c29e04cb7132329818c0375ab62e2e728d9ec4b5255ff6a2b2d91ae376884f8e9760e12e74fb1e170822340890d7a348ec9d7e4a664823d
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
# Changelog
|
2
|
+
|
3
|
+
All notable changes to this project will be documented in this file.
|
4
|
+
|
5
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
6
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
7
|
+
|
8
|
+
## [Unreleased]
|
9
|
+
|
10
|
+
- Sorbet incoming
|
11
|
+
|
12
|
+
## [0.0.5] - 2020-04-06
|
13
|
+
|
14
|
+
### Added
|
15
|
+
|
16
|
+
- Created the gem itself
|
17
|
+
- Bootstrapped a rack testing framework
|
18
|
+
- Code Coverage tooling implemented
|
19
|
+
- Mocha and Rack testing tooling implemented
|
20
|
+
- gemspec created
|
data/README.md
ADDED
@@ -0,0 +1,55 @@
|
|
1
|
+
# BackAtCha
|
2
|
+
Oh hey! Didn't see you there! Did I tell you about the time my friend [@jusleg](https://github.com/jusleg) accidentally ordered me some "Ben and Jerry's Cookies Dough Ice Cream" © and how I then promplty reciprocated with 3 "SpongeBob Squarepants" © popsickles... Oh what's that you don't care? You're just here to find out what this repo is about? Well that's kinda rude but ok...
|
3
|
+
|
4
|
+
## What is this ?
|
5
|
+
|
6
|
+
Ok picture this the other day I was taking my daily scheduled self isolation walk, if you're looking at this repo in the year 2133 and wondering what the hell is a social isolation walk here's a diagram to show you what the looks like in a bit more detail:
|
7
|
+
![social distancing](https://user-images.githubusercontent.com/14715156/78517320-c9059580-778a-11ea-9184-8854bc7bb4ff.png)
|
8
|
+
Technically speaking this involves the following:
|
9
|
+
- You maintain at least 6 ft of distance from any living being
|
10
|
+
- You muffle any semblance of a cough because otherwise people will look at you like you're a zombie
|
11
|
+
- You awe at how empty the streets are
|
12
|
+
- You post a story on the gram with the #stayhome tag to let everyone know that you're being active and they're not
|
13
|
+
|
14
|
+
But back to this, this repo. So on said walk I started thinking to myself "What if you could UNO© Reverse Card a DDOS attacker by sending them back a giant packet over http from any Rack based application?" and then I thought "You're fairly decent at Ruby why not!". So that's when I embarked on a wild coding flurry that night. I wanted to make sure that this middleware was tested to the nines. So I bootstrapped a quick testing framework using Sinatra, Mocha and Rack's MockRequest tooling in order to simulate incoming http request.
|
15
|
+
|
16
|
+
Essentially what this middleware does is it grabs any incoming http request and checks for the Device-Memory header and then using Famingo Labs' patent pending memoization technology grabs the response coming out of the Rack app in question and multiplies the payload until it matches the requestee's Device-Memory size. So I finished writing all of this code up, with 100% code coverage, complete with rake tasks for automation, 0 errors with RuboCop and ready to take on the world.
|
17
|
+
|
18
|
+
I then messaged my friend [@jusleg](https://github.com/jusleg) and it went a little something like this:
|
19
|
+
```
|
20
|
+
Me: yo dawg get ready soon next level gem incoming [100% code coverage](https://user-images.githubusercontent.com/14715156/78518827-898d7800-778f-11ea-9477-0ac91edb47c1.png) it'll have static analysis
|
21
|
+
Justin: what gem
|
22
|
+
Me: brand new gem being created rn
|
23
|
+
Justin: what purpose
|
24
|
+
Me: oufffff you will know soon
|
25
|
+
Justin: are you even using sorbet
|
26
|
+
Me: ahhhh shit I should damn it
|
27
|
+
Justin: Watch this great wholesome tiktok
|
28
|
+
Me: Here's a link to a great article I was reading the other day in the economist on hyperparameters
|
29
|
+
Justin: Read it already
|
30
|
+
Justin: Wait a minute aren't browsers already resillient against large http packets being shot at them
|
31
|
+
Me: That's a good point but what about this [this](https://www.youtube.com/watch?v=l6quREmoPVM)
|
32
|
+
Justin: I could go for some five guys for sure
|
33
|
+
Me: Also according to this screenshot there might be a chance for this thing afterall (below)
|
34
|
+
```
|
35
|
+
|
36
|
+
|**Records**|**Download Time\***|**Chrome (OS X)**|**Firefox (OS X)**|**Safari (OS X)**|**IE9 (Win 7)**|
|
37
|
+
|---|---|---|---|---|---|
|
38
|
+
|**1,000,000 (153.37MB)**|19:51|**DOM Ready:** 16.4s<br>**RAM:** 1.09GB<br>**Loading:** browser hang<br>**Loaded:** usable, 1 tab crash|**DOM Ready:** 14.29s<br>**RAM:** 1.82GB<br>**Loading:** untestable<br>**Loaded:** usable|**DOM Ready:** 5.13s<br>**RAM:** 1.76GB<br>**Loading:** browser hang<br>**Loaded:** usable|Data failed to load and browser became unresponsive.<br><img src="https://media.giphy.com/media/l0HTYUmU67pLWv1a8/giphy.gif" alt="nice" width=80>|
|
39
|
+
|**750,000 (115.13MB)**|14:54|**DOM Ready:** 12.24s<br>**RAM:** 727.3MB<br>**Loading:** browser hang<br>**Loaded:** usable|**DOM Ready:** 13.8s<br>**RAM:** 1.48GB<br>**Loading:** browser hang<br>**Loaded:** usable|**DOM Ready:** 3.82s<br>**RAM:** 1.39GB<br>**Loading:** barely usable<br>**Loaded:** usable|Data failed to load and browser became unresponsive.<br><img src="https://media.giphy.com/media/Ls6ahtmYHU760/giphy.gif" alt="nice" width=80>|
|
40
|
+
|**500,000 (76.69MB)**|9:56|**DOM Ready:** 9.13s<br>**RAM:** 512.0MB<br>**Loading:** browser hang<br>**Loaded:** usable|**DOM Ready:** 12.19s<br>**RAM:** 1.14G<br>**Loading:** browser hang<br>**Loaded:** usable|**DOM Ready:** 2.49s<br>**RAM:** 1.02GB<br>**Loading:** usable<br>**Loaded:** usable|Data failed to load and browser became unresponsive.<br><img src="https://media.giphy.com/media/fs6rnt1K0YyVWRXNwY/giphy.gif" alt="nice" width=80>|
|
41
|
+
|
42
|
+
Data from https://joshzeigler.com/technology/web-development/how-big-is-too-big-for-json
|
43
|
+
|
44
|
+
And with that I kept pressing forward, created some more tests for extra resiliency and even created some github actions to push this useless gem onto rubygems.
|
45
|
+
|
46
|
+
## Did I actually try this on a real rack app?
|
47
|
+
|
48
|
+
Nope, because 100% code covered unit testing is enough isn't it?
|
49
|
+
|
50
|
+
## What's next?
|
51
|
+
|
52
|
+
As for me, I'm going to playing around with my new guitar and taking some more self isolation walks. As for the gem, I'm going to be adding in sorbet type checking and making sure it works with TruffleRuby.
|
53
|
+
|
54
|
+
## The Pivot
|
55
|
+
After discussing this further with [@jusleg](https://github.com/jusleg) we've come to the conclusion that a more pressing right now is creating a service which would allow blog writers to embed ModelViews into Medium articles. So look out for that next time you write a Medium article.
|
data/Rakefile
ADDED
data/lib/back_at_cha.rb
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
class BackAtCha
|
4
|
+
def initialize(app)
|
5
|
+
@app = app
|
6
|
+
@previous_bodies = {}
|
7
|
+
end
|
8
|
+
|
9
|
+
def call(env)
|
10
|
+
status, @headers, body = @app.call(env)
|
11
|
+
if env['Device-Memory']
|
12
|
+
body = gettem(
|
13
|
+
size_in_gb: Float(env['Device-Memory']),
|
14
|
+
body: body,
|
15
|
+
content_type: env['Content-Type']
|
16
|
+
)
|
17
|
+
else
|
18
|
+
@headers['Accept-CH'] = 'Device-Memory'
|
19
|
+
@headers['Accept-CH-Lifetime'] = '86400'
|
20
|
+
end
|
21
|
+
[status, @headers, body]
|
22
|
+
end
|
23
|
+
|
24
|
+
def gettem(size_in_gb:, body:, content_type:)
|
25
|
+
size_in_bytes = size_in_gb * 10**9
|
26
|
+
return body unless body.last.is_a?(String)
|
27
|
+
|
28
|
+
key = size_in_gb.to_s + content_type
|
29
|
+
return [@previous_bodies[key]] if @previous_bodies[key]
|
30
|
+
|
31
|
+
response = body.last
|
32
|
+
response += "#{body}\n" while response.bytesize <= size_in_bytes
|
33
|
+
@previous_bodies[key] ||= response
|
34
|
+
[response]
|
35
|
+
end
|
36
|
+
end
|
data/lib/version.rb
ADDED
metadata
ADDED
@@ -0,0 +1,133 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: BackAtCha
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.5
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Michel Chatmajian
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2020-04-06 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: mocha
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - ">="
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '0'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rubocop
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: simplecov
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :development
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: test-unit
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: sinatra
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
description: 'Rack Middleware to hit those attackers back '
|
98
|
+
email: chamich196@hotmail.com
|
99
|
+
executables: []
|
100
|
+
extensions: []
|
101
|
+
extra_rdoc_files: []
|
102
|
+
files:
|
103
|
+
- CHANGELOG.md
|
104
|
+
- README.md
|
105
|
+
- Rakefile
|
106
|
+
- lib/back_at_cha.rb
|
107
|
+
- lib/version.rb
|
108
|
+
homepage: http://rubygems.org/gems/backatcha
|
109
|
+
licenses:
|
110
|
+
- MIT
|
111
|
+
metadata:
|
112
|
+
source_code_uri: https://github.com/almiche/BackAtCha
|
113
|
+
changelog_uri: https://github.com/almiche/BackAtCha/blob/master/CHANGELOG.md
|
114
|
+
post_install_message:
|
115
|
+
rdoc_options: []
|
116
|
+
require_paths:
|
117
|
+
- lib
|
118
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
119
|
+
requirements:
|
120
|
+
- - ">="
|
121
|
+
- !ruby/object:Gem::Version
|
122
|
+
version: '0'
|
123
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
124
|
+
requirements:
|
125
|
+
- - ">="
|
126
|
+
- !ruby/object:Gem::Version
|
127
|
+
version: '0'
|
128
|
+
requirements: []
|
129
|
+
rubygems_version: 3.0.3
|
130
|
+
signing_key:
|
131
|
+
specification_version: 4
|
132
|
+
summary: The uno-reverse card for DDOS attacks
|
133
|
+
test_files: []
|