ai_root_shield 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f0d354e66eecc271bd43c8ac6625c186a3aa38789ac19abbe5eabc0bf4fc1641
-  data.tar.gz: f2ce01ca5f411532737549e534db15dd1be0f942c3ef3427e1685a4fe7c964da
+  metadata.gz: 7aa3147f758f9775ee0b5739aa6edf8c6a905052b72760bbbe5991c80a2c4925
+  data.tar.gz: bc5d646ce2e6c86bceef124763ed0ff3168a70bb90c6946f24e8e37fe5310df4
 SHA512:
-  metadata.gz: 05e5cfacfef14284c46aa5dbc7ae33ae5a1f70a5262c6341de8b22e968feb71c4e2f91385672d3032ea02e47ab1d21d504dfe4c0a3bb2134b9807aaea7647554
-  data.tar.gz: 0cc0cd97dab91107681bbbe04951f8c966a23de3e35965e8ed0d50afba5212133c2ef41b569560000c73b2b9ee22b869d22994ed73ca57749e1345c09a36e89d
+  metadata.gz: 8a1160dbbbc26d2956ec0262ec5fbeeacce25335229cafdce11d88311bffe1fa040d060b47db07aff39344f3bd7f468433ea5ca2d4d768fc5d39d7e8b898de05
+  data.tar.gz: 0cfb012442a47483f041651fc47089348e115c1837583d54de71584f5678e5ccc34458f98adf40084f49d7149459e7c0d7f01fa9d8dd4af77b77ae76b06aeb44

data/CHANGELOG.md

@@ -12,6 +12,31 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Real-time threat monitoring capabilities
 - Custom rule engine for security policies
 
+## [0.4.0] - 2024-12-XX
+
+### Added
+- **Advanced Network Security** capabilities
+- Certificate pinning helper with TLS public key pinning integration
+- Advanced proxy detection (VPN, Tor, custom DNS, MITM appliance detection)
+- Enterprise policy management with JSON-based customizable security rules
+- Policy compliance validation and violation reporting
+- Network security analysis integration
+- Support for banking, enterprise, and development policy templates
+- CLI support for network security features (`--enable-cert-pinning`, `--enable-proxy-detection`, `--policy`)
+
+### Enhanced
+- Comprehensive security status reporting across all components
+- Enhanced CLI with network analysis options (`--target-ip`, `--target-url`)
+- Policy-driven risk assessment and compliance checking
+- Real-time network threat detection and reporting
+
+### Technical
+- Certificate chain validation and pin extraction
+- Multi-layered proxy detection (Tor exit nodes, VPN services, MITM appliances)
+- JSON policy definition with inheritance and merging
+- Audit logging and compliance reporting
+- Network analysis integration with existing risk calculation
+
 ## [0.3.0] - 2024-01-03
 
 ### Added

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    ai_root_shield (0.3.0)
+    ai_root_shield (0.4.0)
       digest (~> 3.1)
       json (~> 2.6)
       numo-narray (~> 0.9)

data/README.md

@@ -4,6 +4,7 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Ruby](https://img.shields.io/badge/ruby-%23CC342D.svg?style=flat&logo=ruby&logoColor=white)](https://www.ruby-lang.org/)
 [![Security](https://img.shields.io/badge/security-first-green.svg)](https://github.com/ahmetxhero/ai-root-shield)
+[![Buy Me A Coffee](https://img.shields.io/badge/Buy%20Me%20A%20Coffee-support%20my%20work-FFDD00?style=flat&logo=buy-me-a-coffee&logoColor=black)](https://buymeacoffee.com/ahmetxhero)
 
 > **Created by [Ahmet KAHRAMAN](https://ahmetxhero.web.app)** - Mobile Developer & Cyber Security Expert  
 > *"Security first, innovation always"* 🛡️
@@ -17,11 +18,15 @@ An AI-powered Ruby library that performs comprehensive on-device compromise dete
 - **Hooking Framework Detection**: Detects Frida, Xposed, Substrate, and other instrumentation tools
 - **Application Integrity Checks**: Validates app signatures and detects repackaging/tampering
 - **Network Security Analysis**: Identifies TLS issues, custom CAs, and MITM tools
-- **🆕 RASP Protection**: Runtime Application Self-Protection with real-time threat blocking
-- **🆕 Anti-Debug Mechanisms**: Ptrace, GDB, LLDB detection and blocking
-- **🆕 Anti-Tamper Protection**: Code integrity and memory patch detection
-- **🆕 Dynamic Memory Protection**: Frida injection hook mitigation
-- **🆕 Runtime Integrity Monitor**: Critical function hash validation
+- **🆕 Advanced Network Security**: Certificate pinning helper and comprehensive proxy detection
+- **🆕 Enterprise Policy Management**: JSON-based customizable security rules and compliance validation
+- **🆕 Certificate Pinning Helper**: TLS public key pinning with easy integration
+- **🆕 Advanced Proxy Detection**: VPN, Tor, custom DNS, and MITM appliance detection
+- **RASP Protection**: Runtime Application Self-Protection with real-time threat blocking
+- **Anti-Debug Mechanisms**: Ptrace, GDB, LLDB detection and blocking
+- **Anti-Tamper Protection**: Code integrity and memory patch detection
+- **Dynamic Memory Protection**: Frida injection hook mitigation
+- **Runtime Integrity Monitor**: Critical function hash validation
 - **AI Behavioral Analysis**: ONNX-powered behavioral pattern analysis with anomaly detection
 - **ML-Based Emulator Detection**: Advanced machine learning techniques for emulator identification
 - **AI Confidence Scoring**: Confidence metrics integrated into risk assessment
@@ -132,7 +137,54 @@ puts "AI Confidence: #{result[:ai_confidence]}"
 puts "ML Emulator Score: #{result[:ml_emulator_score]}"
 ```
 
-## RASP Protection (New in v0.3.0)
+## Advanced Network Security & Policy Management (New in v0.4.0)
+
+Enterprise-grade network security and policy management capabilities:
+
+### Features
+- **Certificate Pinning Helper**: Easy TLS public key pinning integration with common CA support
+- **Advanced Proxy Detection**: Comprehensive detection of VPN, Tor, custom DNS, and MITM appliances
+- **Enterprise Policy Management**: JSON-based customizable security rules and compliance validation
+- **Policy Templates**: Pre-built policies for banking, enterprise, and development environments
+- **Compliance Reporting**: Detailed violation tracking and audit logging
+- **Network Analysis Integration**: Real-time network threat detection and assessment
+
+### Usage
+
+```ruby
+# Configure enterprise policy
+AiRootShield.configure_policy('examples/policies/banking_policy.json')
+
+# Set up certificate pinning
+pinning = AiRootShield.configure_certificate_pinning
+pinning.add_pin('api.mybank.com', ['sha256/YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg='])
+
+# Configure proxy detection
+AiRootShield.configure_proxy_detection
+
+# Scan with network analysis
+result = AiRootShield.scan_device_with_config('device_logs.json', {
+  enable_network_analysis: true,
+  target_ip: '192.168.1.100',
+  target_url: 'https://api.mybank.com'
+})
+
+puts "Compliance Status: #{result[:compliance][:compliant] ? 'COMPLIANT' : 'NON-COMPLIANT'}"
+puts "Network Analysis: #{result[:network_analysis]}"
+```
+
+### CLI Usage
+
+```bash
+# Scan with enterprise policy and network security
+$ ai_root_shield --policy examples/policies/banking_policy.json \
+                 --enable-cert-pinning \
+                 --enable-proxy-detection \
+                 --target-url https://api.mybank.com \
+                 --verbose device_logs.json
+```
+
+## RASP Protection (v0.3.0)
 
 Runtime Application Self-Protection provides real-time threat detection and blocking:
 

data/examples/policies/banking_policy.json

@@ -0,0 +1,79 @@
+{
+  "version": "1.0",
+  "name": "Banking Security Policy",
+  "description": "High-security policy for banking and financial applications",
+  "minimum_security_level": 95,
+  "compliance_rules": {
+    "device_requirements": {
+      "allow_rooted_devices": false,
+      "allow_jailbroken_devices": false,
+      "allow_emulators": false,
+      "require_screen_lock": true,
+      "minimum_os_version": {
+        "android": "10.0",
+        "ios": "14.0"
+      },
+      "require_biometric_authentication": true,
+      "require_device_encryption": true
+    },
+    "network_security": {
+      "allow_vpn": false,
+      "allow_proxy": false,
+      "allow_tor": false,
+      "require_certificate_pinning": true,
+      "allowed_dns_servers": [
+        "8.8.8.8",
+        "1.1.1.1"
+      ],
+      "blocked_dns_servers": [],
+      "require_tls_1_3_minimum": true,
+      "block_self_signed_certificates": true,
+      "require_hsts": true
+    },
+    "application_integrity": {
+      "allow_debug_builds": false,
+      "allow_repackaged_apps": false,
+      "require_code_signing": true,
+      "allowed_certificate_issuers": [
+        "Bank Certificate Authority"
+      ],
+      "require_app_store_installation": true,
+      "block_sideloaded_apps": true,
+      "require_integrity_verification": true
+    },
+    "runtime_protection": {
+      "enable_rasp": true,
+      "allow_debugging": false,
+      "allow_hooking_frameworks": false,
+      "enable_tamper_detection": true,
+      "enable_anti_debug": true,
+      "enable_memory_protection": true,
+      "protection_interval": 500,
+      "enable_screenshot_protection": true
+    }
+  },
+  "risk_thresholds": {
+    "low": 5,
+    "medium": 15,
+    "high": 30,
+    "critical": 50
+  },
+  "actions": {
+    "on_policy_violation": "immediate_block",
+    "on_high_risk": "immediate_block",
+    "on_critical_risk": "immediate_block",
+    "custom_actions": {
+      "any_security_threat": "immediate_block_and_alert"
+    }
+  },
+  "reporting": {
+    "enable_audit_logs": true,
+    "log_level": "info",
+    "retention_days": 365,
+    "enable_real_time_alerts": true,
+    "alert_endpoints": [
+      "https://security.bank.com/critical-alerts",
+      "https://soc.bank.com/mobile-threats"
+    ]
+  }
+}

data/examples/policies/development_policy.json

@@ -0,0 +1,64 @@
+{
+  "version": "1.0",
+  "name": "Development Environment Policy",
+  "description": "Relaxed policy for development and testing environments",
+  "minimum_security_level": 40,
+  "compliance_rules": {
+    "device_requirements": {
+      "allow_rooted_devices": true,
+      "allow_jailbroken_devices": true,
+      "allow_emulators": true,
+      "require_screen_lock": false,
+      "minimum_os_version": {
+        "android": "7.0",
+        "ios": "11.0"
+      }
+    },
+    "network_security": {
+      "allow_vpn": true,
+      "allow_proxy": true,
+      "allow_tor": false,
+      "require_certificate_pinning": false,
+      "allowed_dns_servers": [],
+      "blocked_dns_servers": [],
+      "require_tls_1_2_minimum": false,
+      "block_self_signed_certificates": false
+    },
+    "application_integrity": {
+      "allow_debug_builds": true,
+      "allow_repackaged_apps": true,
+      "require_code_signing": false,
+      "allowed_certificate_issuers": [],
+      "require_app_store_installation": false,
+      "block_sideloaded_apps": false
+    },
+    "runtime_protection": {
+      "enable_rasp": false,
+      "allow_debugging": true,
+      "allow_hooking_frameworks": true,
+      "enable_tamper_detection": false,
+      "enable_anti_debug": false,
+      "enable_memory_protection": false,
+      "protection_interval": 5000
+    }
+  },
+  "risk_thresholds": {
+    "low": 30,
+    "medium": 60,
+    "high": 80,
+    "critical": 95
+  },
+  "actions": {
+    "on_policy_violation": "log_only",
+    "on_high_risk": "log_only",
+    "on_critical_risk": "alert",
+    "custom_actions": {}
+  },
+  "reporting": {
+    "enable_audit_logs": true,
+    "log_level": "debug",
+    "retention_days": 30,
+    "enable_real_time_alerts": false,
+    "alert_endpoints": []
+  }
+}

data/examples/policies/enterprise_policy.json

@@ -0,0 +1,89 @@
+{
+  "version": "1.0",
+  "name": "Enterprise Security Policy",
+  "description": "Comprehensive enterprise security policy for mobile applications",
+  "minimum_security_level": 80,
+  "compliance_rules": {
+    "device_requirements": {
+      "allow_rooted_devices": false,
+      "allow_jailbroken_devices": false,
+      "allow_emulators": false,
+      "require_screen_lock": true,
+      "minimum_os_version": {
+        "android": "9.0",
+        "ios": "13.0"
+      },
+      "allowed_device_models": [],
+      "blocked_device_models": []
+    },
+    "network_security": {
+      "allow_vpn": false,
+      "allow_proxy": false,
+      "allow_tor": false,
+      "require_certificate_pinning": true,
+      "allowed_dns_servers": [
+        "8.8.8.8",
+        "8.8.4.4",
+        "1.1.1.1",
+        "1.0.0.1"
+      ],
+      "blocked_dns_servers": [
+        "94.140.14.14",
+        "76.76.19.19"
+      ],
+      "require_tls_1_2_minimum": true,
+      "block_self_signed_certificates": true
+    },
+    "application_integrity": {
+      "allow_debug_builds": false,
+      "allow_repackaged_apps": false,
+      "require_code_signing": true,
+      "allowed_certificate_issuers": [
+        "Apple Inc.",
+        "Google Inc.",
+        "Enterprise CA"
+      ],
+      "require_app_store_installation": true,
+      "block_sideloaded_apps": true
+    },
+    "runtime_protection": {
+      "enable_rasp": true,
+      "allow_debugging": false,
+      "allow_hooking_frameworks": false,
+      "enable_tamper_detection": true,
+      "enable_anti_debug": true,
+      "enable_memory_protection": true,
+      "protection_interval": 1000
+    }
+  },
+  "risk_thresholds": {
+    "low": 15,
+    "medium": 35,
+    "high": 60,
+    "critical": 80
+  },
+  "actions": {
+    "on_policy_violation": "block",
+    "on_high_risk": "alert_and_log",
+    "on_critical_risk": "block_and_alert",
+    "custom_actions": {
+      "device_rooted": "immediate_block",
+      "tor_detected": "immediate_block",
+      "debugging_detected": "immediate_block"
+    }
+  },
+  "reporting": {
+    "enable_audit_logs": true,
+    "log_level": "warning",
+    "retention_days": 180,
+    "enable_real_time_alerts": true,
+    "alert_endpoints": [
+      "https://security.company.com/alerts"
+    ]
+  },
+  "exemptions": {
+    "test_devices": [],
+    "development_environments": [],
+    "emergency_override_codes": []
+  }
+}

data/exe/ai_root_shield

@@ -19,7 +19,12 @@ class AiRootShieldCLI
       enable_network_analysis: true,
       enable_ai_behavioral_analysis: true,
       enable_rasp_protection: false,
-      rasp_monitoring_time: 5
+      rasp_monitoring_time: 5,
+      policy_file: nil,
+      enable_certificate_pinning: false,
+      enable_proxy_detection: false,
+      target_ip: nil,
+      target_url: nil
     }
   end
 
@@ -40,6 +45,24 @@ class AiRootShieldCLI
     end
 
     begin
+      # Configure enterprise policy if provided
+      if @options[:policy_file]
+        puts "Loading enterprise policy from #{@options[:policy_file]}..." if @options[:verbose]
+        AiRootShield.configure_policy(@options[:policy_file])
+      end
+      
+      # Configure certificate pinning if enabled
+      if @options[:enable_certificate_pinning]
+        puts "Configuring certificate pinning..." if @options[:verbose]
+        AiRootShield.configure_certificate_pinning
+      end
+      
+      # Configure proxy detection if enabled
+      if @options[:enable_proxy_detection]
+        puts "Configuring proxy detection..." if @options[:verbose]
+        AiRootShield.configure_proxy_detection
+      end
+      
       # Start RASP protection if enabled
       if @options[:enable_rasp_protection]
         puts "Starting RASP protection..." if @options[:verbose]
@@ -67,6 +90,11 @@ class AiRootShieldCLI
         result[:rasp_status] = AiRootShield.rasp_protection.protection_status
       end
       
+      # Add security status if verbose
+      if @options[:verbose]
+        result[:security_status] = AiRootShield.security_status
+      end
+      
       output_result(result)
       
     rescue AiRootShield::Error => e
@@ -136,6 +164,26 @@ class AiRootShieldCLI
         @options[:rasp_monitoring_time] = time
       end
 
+      opts.on("--policy FILE", "Enterprise policy file path") do |file|
+        @options[:policy_file] = file
+      end
+
+      opts.on("--enable-cert-pinning", "Enable certificate pinning validation") do
+        @options[:enable_certificate_pinning] = true
+      end
+
+      opts.on("--enable-proxy-detection", "Enable advanced proxy detection") do
+        @options[:enable_proxy_detection] = true
+      end
+
+      opts.on("--target-ip IP", "Target IP address for network analysis") do |ip|
+        @options[:target_ip] = ip
+      end
+
+      opts.on("--target-url URL", "Target URL for certificate pinning validation") do |url|
+        @options[:target_url] = url
+      end
+
       opts.on("-h", "--help", "Show this help message") do
         puts opts
         exit
@@ -149,7 +197,7 @@ class AiRootShieldCLI
   end
 
   def output_result(result)
-    case @options[:output_format]
+    case @options[:format]
     when "json"
       puts JSON.pretty_generate(result)
     when "text"
@@ -167,6 +215,42 @@ class AiRootShieldCLI
     puts "Version: #{result[:version]}"
     puts ""
     
+    # Display compliance status if available
+    if result[:compliance]
+      puts "Policy Compliance:"
+      puts "  Status: #{result[:compliance][:compliant] ? 'COMPLIANT' : 'NON-COMPLIANT'}"
+      puts "  Policy Version: #{result[:compliance][:policy_version]}"
+      
+      if result[:compliance][:violations].any?
+        puts "  Violations:"
+        result[:compliance][:violations].each do |violation|
+          puts "    • #{violation[:message]} (#{violation[:severity]})"
+        end
+      end
+      puts ""
+    end
+    
+    # Display network analysis if available
+    if result[:network_analysis]
+      puts "Network Security Analysis:"
+      
+      if result[:network_analysis][:proxy_detection]
+        proxy = result[:network_analysis][:proxy_detection]
+        puts "  Proxy Detection: #{proxy[:proxy_detected] ? 'DETECTED' : 'Clean'}"
+        if proxy[:proxy_detected]
+          puts "    Types: #{proxy[:proxy_types].join(', ')}"
+          puts "    Confidence: #{(proxy[:confidence_score] * 100).round}%"
+        end
+      end
+      
+      if result[:network_analysis][:certificate_pinning]
+        pinning = result[:network_analysis][:certificate_pinning]
+        puts "  Certificate Pinning: #{pinning[:valid] ? 'VALID' : 'FAILED'}"
+        puts "    Reason: #{pinning[:reason]}" unless pinning[:valid]
+      end
+      puts ""
+    end
+    
     if result[:factors].any?
       puts "Detected Security Factors:"
       result[:factors].each do |factor|
@@ -184,6 +268,15 @@ class AiRootShieldCLI
     else
       puts "No security threats detected."
     end
+    
+    # Display RASP status if available
+    if result[:rasp_status]
+      puts ""
+      puts "RASP Protection Status:"
+      puts "  Active: #{result[:rasp_status][:active] ? 'YES' : 'NO'}"
+      puts "  Events Detected: #{result[:rasp_status][:events_detected] || 0}"
+      puts "  Protection Level: #{result[:rasp_status][:protection_level] || 'Standard'}"
+    end
   end
 
   def output_summary_format(result)