RubyGems - ai_root_shield - Versions diffs - 0.4.0 → 1.0.0 - Mend

ai_root_shield 0.4.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +52 -4
data/README.md +191 -14
data/bindings/python/README.md +304 -0
data/bindings/python/ai_root_shield.py +438 -0
data/bindings/python/setup.py +65 -0
data/examples/device_logs/android_safetynet_device.json +148 -0
data/examples/device_logs/ios_jailbroken_device.json +172 -0
data/exe/ai_root_shield +220 -7
data/lib/ai_root_shield/ci_cd/security_test_module.rb +743 -0
data/lib/ai_root_shield/dashboard/web_dashboard.rb +441 -0
data/lib/ai_root_shield/enterprise/alert_system.rb +601 -0
data/lib/ai_root_shield/enterprise/hybrid_detection_engine.rb +650 -0
data/lib/ai_root_shield/enterprise/performance_optimizer.rb +613 -0
data/lib/ai_root_shield/enterprise/policy_manager.rb +637 -0
data/lib/ai_root_shield/integrations/siem_connector.rb +695 -0
data/lib/ai_root_shield/platform/android_security_module.rb +263 -0
data/lib/ai_root_shield/platform/hardware_security_analyzer.rb +452 -0
data/lib/ai_root_shield/platform/ios_security_module.rb +513 -0
data/lib/ai_root_shield/platform/unified_report_generator.rb +613 -0
data/lib/ai_root_shield/version.rb +1 -1
data/lib/ai_root_shield.rb +152 -1
data/security_test_artifacts/security_report.json +124 -0
data/security_test_artifacts/security_results.sarif +16 -0
data/security_test_artifacts/security_tests.xml +3 -0
metadata +20 -1

data/lib/ai_root_shield/enterprise/alert_system.rb ADDED Viewed

@@ -0,0 +1,601 @@
+# frozen_string_literal: true
+require 'json'
+require 'net/http'
+require 'uri'
+require 'syslog'
+require 'time'
+module AiRootShield
+  module Enterprise
+    # Advanced reporting and alert system with multiple notification channels
+    class AlertSystem
+      ALERT_LEVELS = %w[info warning critical emergency].freeze
+      SUPPORTED_CHANNELS = %w[syslog webhook email slack teams].freeze
+      attr_reader :channels, :alert_history, :status
+      def initialize(config = {})
+        @config = default_config.merge(config)
+        @channels = {}
+        @alert_history = []
+        @status = { active: false, alerts_sent: 0 }
+        @rate_limiter = {}
+        initialize_channels
+      end
+      # Start alert system
+      def start
+        @status[:active] = true
+        @status[:started_at] = Time.now.utc.iso8601
+        # Initialize syslog if configured
+        if @config[:syslog][:enabled]
+          Syslog.open("ai_root_shield", Syslog::LOG_PID, Syslog::LOG_LOCAL0)
+        end
+        log_system_event("Alert system started")
+        true
+      end
+      # Stop alert system
+      def stop
+        @status[:active] = false
+        @status[:stopped_at] = Time.now.utc.iso8601
+        Syslog.close if @config[:syslog][:enabled] && Syslog.opened?
+        log_system_event("Alert system stopped")
+        true
+      end
+      # Send alert through configured channels
+      def send_alert(alert_data)
+        return false unless @status[:active]
+        return false if rate_limited?(alert_data)
+        alert = prepare_alert(alert_data)
+        results = {}
+        @config[:channels].each do |channel_name, channel_config|
+          next unless channel_config[:enabled]
+          begin
+            result = send_to_channel(channel_name, alert, channel_config)
+            results[channel_name] = result
+            log_channel_result(channel_name, result, alert[:id])
+          rescue StandardError => e
+            results[channel_name] = { success: false, error: e.message }
+            log_system_event("Alert channel error", { channel: channel_name, error: e.message })
+          end
+        end
+        # Store alert in history
+        store_alert_history(alert, results)
+        @status[:alerts_sent] += 1
+        results
+      end
+      # Send security incident alert
+      def send_security_alert(analysis_result, severity = 'warning')
+        alert_data = {
+          type: 'security_incident',
+          severity: severity,
+          title: "Security Threat Detected",
+          message: format_security_message(analysis_result),
+          data: analysis_result,
+          source: 'ai_root_shield',
+          timestamp: Time.now.utc.iso8601
+        }
+        send_alert(alert_data)
+      end
+      # Send compliance violation alert
+      def send_compliance_alert(compliance_result, policy_type)
+        severity = compliance_result[:compliant] ? 'info' : 'critical'
+        alert_data = {
+          type: 'compliance_violation',
+          severity: severity,
+          title: "Compliance Status Update",
+          message: format_compliance_message(compliance_result, policy_type),
+          data: compliance_result,
+          source: 'ai_root_shield_compliance',
+          timestamp: Time.now.utc.iso8601
+        }
+        send_alert(alert_data)
+      end
+      # Send system health alert
+      def send_health_alert(health_data, severity = 'info')
+        alert_data = {
+          type: 'system_health',
+          severity: severity,
+          title: "System Health Update",
+          message: format_health_message(health_data),
+          data: health_data,
+          source: 'ai_root_shield_system',
+          timestamp: Time.now.utc.iso8601
+        }
+        send_alert(alert_data)
+      end
+      # Get alert statistics
+      def get_statistics
+        {
+          total_alerts: @alert_history.length,
+          alerts_by_severity: count_by_severity,
+          alerts_by_type: count_by_type,
+          alerts_by_channel: count_by_channel,
+          success_rate: calculate_success_rate,
+          recent_alerts: @alert_history.last(10)
+        }
+      end
+      # Configure alert channel
+      def configure_channel(channel_name, config)
+        @config[:channels][channel_name.to_sym] = config
+        initialize_channel(channel_name, config)
+      end
+      private
+      # Default configuration
+      def default_config
+        {
+          rate_limit: {
+            enabled: true,
+            max_alerts_per_minute: 10,
+            max_alerts_per_hour: 100
+          },
+          syslog: {
+            enabled: true,
+            facility: Syslog::LOG_LOCAL0,
+            level: Syslog::LOG_INFO
+          },
+          channels: {
+            syslog: {
+              enabled: true,
+              format: 'json',
+              include_metadata: true
+            },
+            webhook: {
+              enabled: false,
+              url: nil,
+              headers: {},
+              timeout: 30,
+              retry_count: 3
+            }
+          }
+        }
+      end
+      # Initialize all configured channels
+      def initialize_channels
+        @config[:channels].each do |channel_name, channel_config|
+          initialize_channel(channel_name, channel_config) if channel_config[:enabled]
+        end
+      end
+      # Initialize specific channel
+      def initialize_channel(channel_name, config)
+        case channel_name.to_sym
+        when :syslog
+          @channels[:syslog] = SyslogChannel.new(config)
+        when :webhook
+          @channels[:webhook] = WebhookChannel.new(config)
+        when :slack
+          @channels[:slack] = SlackChannel.new(config)
+        when :teams
+          @channels[:teams] = TeamsChannel.new(config)
+        end
+      end
+      # Prepare alert for sending
+      def prepare_alert(alert_data)
+        {
+          id: generate_alert_id,
+          timestamp: alert_data[:timestamp] || Time.now.utc.iso8601,
+          type: alert_data[:type],
+          severity: alert_data[:severity],
+          title: alert_data[:title],
+          message: alert_data[:message],
+          data: alert_data[:data],
+          source: alert_data[:source],
+          metadata: {
+            version: AiRootShield::VERSION,
+            hostname: Socket.gethostname,
+            process_id: Process.pid
+          }
+        }
+      end
+      # Send alert to specific channel
+      def send_to_channel(channel_name, alert, config)
+        channel = @channels[channel_name.to_sym]
+        return { success: false, error: "Channel not initialized" } unless channel
+        channel.send_alert(alert)
+      end
+      # Check if alert is rate limited
+      def rate_limited?(alert_data)
+        return false unless @config[:rate_limit][:enabled]
+        now = Time.now
+        key = "#{alert_data[:type]}_#{alert_data[:severity]}"
+        @rate_limiter[key] ||= { minute: [], hour: [] }
+        # Clean old entries
+        @rate_limiter[key][:minute].reject! { |time| now - time > 60 }
+        @rate_limiter[key][:hour].reject! { |time| now - time > 3600 }
+        # Check limits
+        minute_limit = @config[:rate_limit][:max_alerts_per_minute]
+        hour_limit = @config[:rate_limit][:max_alerts_per_hour]
+        if @rate_limiter[key][:minute].length >= minute_limit ||
+           @rate_limiter[key][:hour].length >= hour_limit
+          return true
+        end
+        # Add current time
+        @rate_limiter[key][:minute] << now
+        @rate_limiter[key][:hour] << now
+        false
+      end
+      # Format security alert message
+      def format_security_message(analysis_result)
+        risk_score = analysis_result[:risk_score] || 0
+        factors = analysis_result[:factors] || []
+        message = "Security analysis completed with risk score: #{risk_score}/100"
+        message += "\nDetected factors: #{factors.join(', ')}" if factors.any?
+        message += "\nRecommendations: #{analysis_result[:recommendations].join(', ')}" if analysis_result[:recommendations]
+        message
+      end
+      # Format compliance alert message
+      def format_compliance_message(compliance_result, policy_type)
+        status = compliance_result[:compliant] ? "COMPLIANT" : "NON-COMPLIANT"
+        score = compliance_result[:compliance_score] || 0
+        message = "Compliance check for #{policy_type} policy: #{status} (Score: #{score}/100)"
+        if compliance_result[:violations]&.any?
+          message += "\nViolations found:"
+          compliance_result[:violations].each do |violation|
+            message += "\n- #{violation[:message]} (#{violation[:severity]})"
+          end
+        end
+        message
+      end
+      # Format health alert message
+      def format_health_message(health_data)
+        "System health check: #{health_data[:status] || 'Unknown'}"
+      end
+      # Store alert in history
+      def store_alert_history(alert, results)
+        history_entry = {
+          alert: alert,
+          results: results,
+          sent_at: Time.now.utc.iso8601,
+          success: results.values.all? { |r| r[:success] }
+        }
+        @alert_history << history_entry
+        # Keep only last 1000 alerts
+        @alert_history = @alert_history.last(1000) if @alert_history.length > 1000
+      end
+      # Count alerts by severity
+      def count_by_severity
+        @alert_history.group_by { |entry| entry[:alert][:severity] }
+                     .transform_values(&:count)
+      end
+      # Count alerts by type
+      def count_by_type
+        @alert_history.group_by { |entry| entry[:alert][:type] }
+                     .transform_values(&:count)
+      end
+      # Count alerts by channel
+      def count_by_channel
+        channel_counts = {}
+        @alert_history.each do |entry|
+          entry[:results].each do |channel, result|
+            channel_counts[channel] ||= 0
+            channel_counts[channel] += 1 if result[:success]
+          end
+        end
+        channel_counts
+      end
+      # Calculate success rate
+      def calculate_success_rate
+        return 100.0 if @alert_history.empty?
+        successful = @alert_history.count { |entry| entry[:success] }
+        (successful.to_f / @alert_history.length * 100).round(2)
+      end
+      # Generate unique alert ID
+      def generate_alert_id
+        "ARS-ALERT-#{Time.now.strftime('%Y%m%d%H%M%S')}-#{SecureRandom.hex(4).upcase}"
+      end
+      # Log system events
+      def log_system_event(message, details = {})
+        puts "[#{Time.now.utc.iso8601}] AlertSystem: #{message} #{details.to_json}" if @config[:debug]
+      end
+      # Log channel results
+      def log_channel_result(channel_name, result, alert_id)
+        status = result[:success] ? "SUCCESS" : "FAILED"
+        log_system_event("Alert sent", {
+          channel: channel_name,
+          status: status,
+          alert_id: alert_id,
+          error: result[:error]
+        })
+      end
+    end
+    # Syslog channel implementation
+    class SyslogChannel
+      def initialize(config)
+        @config = config
+      end
+      def send_alert(alert)
+        return { success: false, error: "Syslog not available" } unless Syslog.opened?
+        priority = map_severity_to_syslog(alert[:severity])
+        message = format_syslog_message(alert)
+        Syslog.log(priority, message)
+        { success: true, channel: 'syslog', timestamp: Time.now.utc.iso8601 }
+      rescue StandardError => e
+        { success: false, error: e.message, channel: 'syslog' }
+      end
+      private
+      def map_severity_to_syslog(severity)
+        case severity
+        when 'emergency'
+          Syslog::LOG_EMERG
+        when 'critical'
+          Syslog::LOG_CRIT
+        when 'warning'
+          Syslog::LOG_WARNING
+        when 'info'
+          Syslog::LOG_INFO
+        else
+          Syslog::LOG_INFO
+        end
+      end
+      def format_syslog_message(alert)
+        if @config[:format] == 'json'
+          alert.to_json
+        else
+          "#{alert[:title]}: #{alert[:message]}"
+        end
+      end
+    end
+    # Webhook channel implementation
+    class WebhookChannel
+      def initialize(config)
+        @config = config
+      end
+      def send_alert(alert)
+        return { success: false, error: "No webhook URL configured" } unless @config[:url]
+        uri = URI(@config[:url])
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = uri.scheme == 'https'
+        http.read_timeout = @config[:timeout] || 30
+        request = Net::HTTP::Post.new(uri)
+        request['Content-Type'] = 'application/json'
+        # Add custom headers
+        @config[:headers]&.each do |key, value|
+          request[key] = value
+        end
+        request.body = format_webhook_payload(alert)
+        response = http.request(request)
+        if response.code.to_i.between?(200, 299)
+          { success: true, channel: 'webhook', response_code: response.code }
+        else
+          { success: false, error: "HTTP #{response.code}: #{response.body}", channel: 'webhook' }
+        end
+      rescue StandardError => e
+        { success: false, error: e.message, channel: 'webhook' }
+      end
+      private
+      def format_webhook_payload(alert)
+        {
+          alert_id: alert[:id],
+          timestamp: alert[:timestamp],
+          type: alert[:type],
+          severity: alert[:severity],
+          title: alert[:title],
+          message: alert[:message],
+          source: alert[:source],
+          data: alert[:data],
+          metadata: alert[:metadata]
+        }.to_json
+      end
+    end
+    # Slack channel implementation
+    class SlackChannel
+      def initialize(config)
+        @config = config
+      end
+      def send_alert(alert)
+        return { success: false, error: "No Slack webhook URL configured" } unless @config[:webhook_url]
+        payload = format_slack_payload(alert)
+        uri = URI(@config[:webhook_url])
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+        request = Net::HTTP::Post.new(uri)
+        request['Content-Type'] = 'application/json'
+        request.body = payload.to_json
+        response = http.request(request)
+        if response.code == '200'
+          { success: true, channel: 'slack' }
+        else
+          { success: false, error: "Slack API error: #{response.body}", channel: 'slack' }
+        end
+      rescue StandardError => e
+        { success: false, error: e.message, channel: 'slack' }
+      end
+      private
+      def format_slack_payload(alert)
+        color = case alert[:severity]
+                when 'emergency', 'critical'
+                  'danger'
+                when 'warning'
+                  'warning'
+                else
+                  'good'
+                end
+        {
+          text: alert[:title],
+          attachments: [
+            {
+              color: color,
+              fields: [
+                {
+                  title: "Severity",
+                  value: alert[:severity].upcase,
+                  short: true
+                },
+                {
+                  title: "Type",
+                  value: alert[:type],
+                  short: true
+                },
+                {
+                  title: "Message",
+                  value: alert[:message],
+                  short: false
+                }
+              ],
+              footer: "AI Root Shield",
+              ts: Time.parse(alert[:timestamp]).to_i
+            }
+          ]
+        }
+      end
+    end
+    # Microsoft Teams channel implementation
+    class TeamsChannel
+      def initialize(config)
+        @config = config
+      end
+      def send_alert(alert)
+        return { success: false, error: "No Teams webhook URL configured" } unless @config[:webhook_url]
+        payload = format_teams_payload(alert)
+        uri = URI(@config[:webhook_url])
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+        request = Net::HTTP::Post.new(uri)
+        request['Content-Type'] = 'application/json'
+        request.body = payload.to_json
+        response = http.request(request)
+        if response.code == '200'
+          { success: true, channel: 'teams' }
+        else
+          { success: false, error: "Teams API error: #{response.body}", channel: 'teams' }
+        end
+      rescue StandardError => e
+        { success: false, error: e.message, channel: 'teams' }
+      end
+      private
+      def format_teams_payload(alert)
+        theme_color = case alert[:severity]
+                      when 'emergency', 'critical'
+                        'FF0000'
+                      when 'warning'
+                        'FFA500'
+                      else
+                        '00FF00'
+                      end
+        {
+          "@type": "MessageCard",
+          "@context": "http://schema.org/extensions",
+          themeColor: theme_color,
+          summary: alert[:title],
+          sections: [
+            {
+              activityTitle: alert[:title],
+              activitySubtitle: "AI Root Shield Alert",
+              facts: [
+                {
+                  name: "Severity",
+                  value: alert[:severity].upcase
+                },
+                {
+                  name: "Type",
+                  value: alert[:type]
+                },
+                {
+                  name: "Timestamp",
+                  value: alert[:timestamp]
+                }
+              ],
+              text: alert[:message]
+            }
+          ]
+        }
+      end
+    end
+  end
+end