ai_root_shield 0.3.0 → 0.5.0

data/lib/ai_root_shield.rb

@@ -11,12 +11,39 @@ require_relative "ai_root_shield/ai_behavioral_analyzer"
 require_relative "ai_root_shield/rasp_protection"
 require_relative "ai_root_shield/risk_calculator"
 require_relative "ai_root_shield/device_log_parser"
+require_relative "ai_root_shield/certificate_pinning_helper"
+require_relative "ai_root_shield/advanced_proxy_detector"
+require_relative "ai_root_shield/enterprise_policy_manager"
+
+# v0.5.0 Platform-specific security modules
+require_relative "ai_root_shield/platform/android_security_module"
+require_relative "ai_root_shield/platform/ios_security_module"
+require_relative "ai_root_shield/platform/hardware_security_analyzer"
+require_relative "ai_root_shield/platform/unified_report_generator"
+
+# v0.5.0 CI/CD and developer tools
+require_relative "ai_root_shield/ci_cd/security_test_module"
+
+# v0.5.0 Dashboard and visualization
+require_relative "ai_root_shield/dashboard/web_dashboard"
+
+# v0.5.0 Third-party integrations
+require_relative "ai_root_shield/integrations/siem_connector"
 
 module AiRootShield
   class Error < StandardError; end
 
-  # Global RASP protection instance
+  # Global instances
   @rasp_protection = nil
+  @policy_manager = nil
+  @certificate_pinning = nil
+  @proxy_detector = nil
+  @android_module = nil
+  @ios_module = nil
+  @hardware_analyzer = nil
+  @report_generator = nil
+  @ci_cd_module = nil
+  @siem_connector = nil
 
   # Main entry point for device scanning
   # @param device_logs_path [String] Path to device logs JSON file
@@ -25,13 +52,26 @@ module AiRootShield
     scan_device_with_config(device_logs_path)
   end
 
-  # Scan device with custom configuration
+  # Scan device with custom configuration and policy validation
   # @param device_logs_path [String] Path to device logs JSON file
   # @param config [Hash] Configuration options
-  # @return [Hash] Risk assessment result with score and factors
+  # @return [Hash] Risk assessment result with score, factors, and compliance
   def self.scan_device_with_config(device_logs_path, config = {})
     detector = Detector.new(config)
-    detector.scan(device_logs_path)
+    scan_result = detector.scan(device_logs_path)
+    
+    # Add network security analysis if enabled
+    if config[:enable_network_analysis]
+      scan_result = enhance_with_network_analysis(scan_result, config)
+    end
+    
+    # Add policy compliance validation if policy manager is configured
+    if @policy_manager
+      compliance_result = @policy_manager.validate_compliance(scan_result)
+      scan_result[:compliance] = compliance_result
+    end
+    
+    scan_result
   end
 
   # Start RASP protection
@@ -49,21 +89,267 @@ module AiRootShield
     @rasp_protection = nil
   end
 
+  # Configure enterprise policy
+  # @param policy_config [String, Hash] Policy file path or configuration hash
+  # @return [EnterprisePolicyManager] Policy manager instance
+  def self.configure_policy(policy_config)
+    @policy_manager = EnterprisePolicyManager.new(policy_config)
+  end
+
+  # Configure certificate pinning
+  # @param config [Hash] Certificate pinning configuration
+  # @return [CertificatePinningHelper] Certificate pinning helper instance
+  def self.configure_certificate_pinning(config = {})
+    @certificate_pinning = CertificatePinningHelper.new(config)
+  end
+
+  # Configure proxy detection
+  # @param config [Hash] Proxy detection configuration
+  # @return [AdvancedProxyDetector] Proxy detector instance
+  def self.configure_proxy_detection(config = {})
+    @proxy_detector = AdvancedProxyDetector.new(config)
+  end
+
+  # Validate certificate pinning for a URL
+  # @param url [String] URL to validate
+  # @return [Hash] Validation result
+  def self.validate_certificate_pinning(url)
+    return { error: "Certificate pinning not configured" } unless @certificate_pinning
+    
+    cert_chain = @certificate_pinning.get_certificate_chain(url)
+    @certificate_pinning.validate_pin(url, cert_chain)
+  end
+
+  # Detect proxy usage for an IP address
+  # @param ip_address [String] IP address to analyze
+  # @param additional_data [Hash] Additional network data
+  # @return [Hash] Proxy detection result
+  def self.detect_proxy(ip_address, additional_data = {})
+    return { error: "Proxy detection not configured" } unless @proxy_detector
+    
+    @proxy_detector.detect_proxy(ip_address, additional_data)
+  end
+
   # Get current RASP protection instance
   # @return [RaspProtection, nil] Current RASP protection instance
   def self.rasp_protection
     @rasp_protection
   end
 
+  # Get current policy manager instance
+  # @return [EnterprisePolicyManager, nil] Current policy manager instance
+  def self.policy_manager
+    @policy_manager
+  end
+
+  # Get current certificate pinning helper instance
+  # @return [CertificatePinningHelper, nil] Current certificate pinning helper instance
+  def self.certificate_pinning
+    @certificate_pinning
+  end
+
+  # Get current proxy detector instance
+  # @return [AdvancedProxyDetector, nil] Current proxy detector instance
+  def self.proxy_detector
+    @proxy_detector
+  end
+
+  # v0.5.0 Platform-specific security analysis
+  # Analyze Android device security using SafetyNet and Play Integrity APIs
+  # @param device_logs [Hash] Device logs data
+  # @param config [Hash] Configuration options
+  # @return [Hash] Android security analysis results
+  def self.analyze_android_security(device_logs, config = {})
+    @android_module ||= Platform::AndroidSecurityModule.new(config)
+    @android_module.analyze_device_security(device_logs)
+  end
+
+  # Analyze iOS device security with advanced jailbreak detection
+  # @param device_logs [Hash] Device logs data
+  # @return [Hash] iOS security analysis results
+  def self.analyze_ios_security(device_logs)
+    @ios_module ||= Platform::IosSecurityModule.new
+    @ios_module.analyze_device_security(device_logs)
+  end
+
+  # Analyze hardware security features (TEE/SE, biometrics)
+  # @param device_logs [Hash] Device logs data
+  # @param platform [String] Platform type ('android' or 'ios')
+  # @return [Hash] Hardware security analysis results
+  def self.analyze_hardware_security(device_logs, platform)
+    @hardware_analyzer ||= Platform::HardwareSecurityAnalyzer.new
+    @hardware_analyzer.analyze_hardware_security(device_logs, platform)
+  end
+
+  # Generate unified cross-platform security report
+  # @param android_results [Hash] Android analysis results
+  # @param ios_results [Hash] iOS analysis results
+  # @param metadata [Hash] Report metadata
+  # @return [Hash] Unified security report
+  def self.generate_unified_report(android_results: nil, ios_results: nil, metadata: {})
+    @report_generator ||= Platform::UnifiedReportGenerator.new
+    @report_generator.generate_unified_report(
+      android_results: android_results,
+      ios_results: ios_results,
+      metadata: metadata
+    )
+  end
+
+  # Run CI/CD security tests
+  # @param device_logs_path [String] Path to device logs file
+  # @param options [Hash] Test configuration options
+  # @return [Hash] CI/CD test results
+  def self.run_ci_cd_tests(device_logs_path, options = {})
+    @ci_cd_module ||= CiCd::SecurityTestModule.new(options)
+    @ci_cd_module.run_security_tests(device_logs_path, options)
+  end
+
+  # Generate CI/CD configuration for specified platform
+  # @param platform [String] CI/CD platform name
+  # @param options [Hash] Configuration options
+  # @return [String] CI/CD configuration content
+  def self.generate_ci_config(platform, options = {})
+    @ci_cd_module ||= CiCd::SecurityTestModule.new
+    @ci_cd_module.generate_ci_config(platform, options)
+  end
+
+  # Configure SIEM integration
+  # @param platform [Symbol] SIEM platform (:splunk, :elastic, etc.)
+  # @param config [Hash] SIEM configuration
+  # @return [Integrations::SiemConnector] SIEM connector instance
+  def self.configure_siem(platform, config = {})
+    @siem_connector = Integrations::SiemConnector.new(platform, config)
+  end
+
+  # Send security events to SIEM
+  # @param analysis_results [Hash] Security analysis results
+  # @param metadata [Hash] Event metadata
+  # @return [Hash] SIEM response
+  def self.send_to_siem(analysis_results, metadata = {})
+    return { error: "SIEM not configured" } unless @siem_connector
+    
+    @siem_connector.send_security_event(analysis_results, metadata)
+  end
+
+  # Start web dashboard
+  # @param port [Integer] Port number
+  def self.start_dashboard(port = 4567)
+    dashboard = AiRootShield::Dashboard::WebDashboard.new
+    dashboard.start(port)
+  end
+
+  # Platform-specific analysis methods for CLI
+  def self.analyze_android_device(device_logs_path, config = {})
+    device_logs = JSON.parse(File.read(device_logs_path))
+    android_module = AiRootShield::Platform::AndroidSecurityModule.new(
+      api_key: config[:safetynet_api_key],
+      package_name: config[:package_name]
+    )
+    android_module.analyze_device_security(device_logs)
+  end
+
+  def self.analyze_ios_device(device_logs_path, config = {})
+    device_logs = JSON.parse(File.read(device_logs_path))
+    ios_module = AiRootShield::Platform::IosSecurityModule.new
+    ios_module.analyze_device_security(device_logs)
+  end
+
+  # CI/CD integration method for CLI
+  def self.run_ci_cd_tests(device_logs_path, config = {})
+    ci_module = AiRootShield::CiCd::SecurityTestModule.new
+    ci_module.run_security_tests(device_logs_path, config)
+  end
+
+  # Generate CI configuration for CLI
+  def self.generate_ci_config(platform)
+    ci_module = AiRootShield::CiCd::SecurityTestModule.new
+    ci_module.generate_ci_config(platform)
+  end
+
+  # Generate unified cross-platform report for CLI
+  def self.generate_unified_report(android_results: nil, ios_results: nil, metadata: {})
+    report_generator = AiRootShield::Platform::UnifiedReportGenerator.new
+    report_generator.generate_unified_report(
+      android_results: android_results,
+      ios_results: ios_results,
+      metadata: metadata
+    )
+  end
+
   # Check if RASP protection is active
   # @return [Boolean] True if RASP protection is active
   def self.rasp_active?
     @rasp_protection&.protection_status&.dig(:active) || false
   end
 
+  # Get comprehensive security status
+  # @return [Hash] Security status across all components
+  def self.security_status
+    {
+      version: VERSION,
+      rasp_active: rasp_active?,
+      policy_configured: !@policy_manager.nil?,
+      certificate_pinning_configured: !@certificate_pinning.nil?,
+      proxy_detection_configured: !@proxy_detector.nil?,
+      siem_configured: !@siem_connector.nil?,
+      platform_modules: {
+        android_module: !@android_module.nil?,
+        ios_module: !@ios_module.nil?,
+        hardware_analyzer: !@hardware_analyzer.nil?,
+        report_generator: !@report_generator.nil?
+      },
+      components: {
+        rasp: @rasp_protection&.protection_status,
+        policy: @policy_manager&.policy_statistics,
+        certificate_pinning: @certificate_pinning&.pinning_status,
+        proxy_detection: @proxy_detector&.detection_statistics,
+        siem: @siem_connector ? { platform: @siem_connector.instance_variable_get(:@platform) } : nil
+      }
+    }
+  end
+
   # Get version information
   # @return [String] Current version
   def self.version
     VERSION
   end
+
+  private
+
+  # Enhance scan result with network security analysis
+  # @param scan_result [Hash] Original scan result
+  # @param config [Hash] Configuration options
+  # @return [Hash] Enhanced scan result
+  def self.enhance_with_network_analysis(scan_result, config)
+    network_analysis = {}
+    
+    # Add proxy detection if configured
+    if @proxy_detector && config[:target_ip]
+      proxy_result = @proxy_detector.detect_proxy(config[:target_ip], config[:network_data] || {})
+      network_analysis[:proxy_detection] = proxy_result
+      
+      # Add proxy indicators to risk factors if detected
+      if proxy_result[:proxy_detected]
+        scan_result[:factors] ||= []
+        proxy_result[:proxy_types].each do |type|
+          scan_result[:factors] << "NETWORK_#{type.upcase}_DETECTED"
+        end
+      end
+    end
+    
+    # Add certificate pinning validation if configured
+    if @certificate_pinning && config[:target_url]
+      pinning_result = validate_certificate_pinning(config[:target_url])
+      network_analysis[:certificate_pinning] = pinning_result
+      
+      # Add certificate pinning failure to risk factors if invalid
+      unless pinning_result[:valid]
+        scan_result[:factors] ||= []
+        scan_result[:factors] << "CERTIFICATE_PINNING_FAILED"
+      end
+    end
+    
+    scan_result[:network_analysis] = network_analysis unless network_analysis.empty?
+    scan_result
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ai_root_shield
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.0
 platform: ruby
 authors:
 - Ahmet KAHRAMAN
@@ -149,9 +149,12 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-description: An AI-powered Ruby library that performs on-device compromise detection
-  for mobile applications without requiring a backend. Detects root/jailbreak, emulators,
-  hooking frameworks, and provides behavioral risk analysis.
+description: An AI-powered Ruby library that performs comprehensive on-device compromise
+  detection for mobile applications. Features include root/jailbreak detection, emulator
+  detection, hooking framework detection, application integrity checks, advanced network
+  security analysis with certificate pinning and proxy detection, enterprise policy
+  management, AI behavioral analysis, and RASP protection - all without requiring
+  a backend.
 email:
 - ahmetxhero@gmail.com
 executables:
@@ -168,16 +171,22 @@ files:
 - Rakefile
 - examples/device_logs/clean_device.json
 - examples/device_logs/rooted_android.json
+- examples/policies/banking_policy.json
+- examples/policies/development_policy.json
+- examples/policies/enterprise_policy.json
 - exe/ai_root_shield
 - lib/ai_root_shield.rb
+- lib/ai_root_shield/advanced_proxy_detector.rb
 - lib/ai_root_shield/ai_behavioral_analyzer.rb
 - lib/ai_root_shield/analyzers/emulator_detector.rb
 - lib/ai_root_shield/analyzers/hooking_detector.rb
 - lib/ai_root_shield/analyzers/integrity_checker.rb
 - lib/ai_root_shield/analyzers/network_analyzer.rb
 - lib/ai_root_shield/analyzers/root_detector.rb
+- lib/ai_root_shield/certificate_pinning_helper.rb
 - lib/ai_root_shield/detector.rb
 - lib/ai_root_shield/device_log_parser.rb
+- lib/ai_root_shield/enterprise_policy_manager.rb
 - lib/ai_root_shield/rasp_protection.rb
 - lib/ai_root_shield/risk_calculator.rb
 - lib/ai_root_shield/version.rb
@@ -206,5 +215,6 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 rubygems_version: 3.6.9
 specification_version: 4
-summary: AI-powered mobile device compromise detection library
+summary: AI-powered mobile security library with advanced network security and enterprise
+  policy management
 test_files: []