RubyGems - aikido-zen - Versions diffs - 1.0.1.beta.2-x86_64-linux-musl - Mend

aikido-zen 1.0.1.beta.2-x86_64-linux-musl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

checksums.yaml +7 -0
data/.aikido +6 -0
data/.ruby-version +1 -0
data/.simplecov +26 -0
data/.standard.yml +3 -0
data/LICENSE +674 -0
data/README.md +146 -0
data/Rakefile +67 -0
data/benchmarks/README.md +23 -0
data/benchmarks/rails7.1_sql_injection.js +70 -0
data/docs/banner.svg +202 -0
data/docs/config.md +125 -0
data/docs/rails.md +70 -0
data/lib/aikido/zen/actor.rb +116 -0
data/lib/aikido/zen/agent/heartbeats_manager.rb +66 -0
data/lib/aikido/zen/agent.rb +179 -0
data/lib/aikido/zen/api_client.rb +142 -0
data/lib/aikido/zen/attack.rb +207 -0
data/lib/aikido/zen/background_worker.rb +52 -0
data/lib/aikido/zen/capped_collections.rb +68 -0
data/lib/aikido/zen/collector/hosts.rb +15 -0
data/lib/aikido/zen/collector/routes.rb +66 -0
data/lib/aikido/zen/collector/sink_stats.rb +95 -0
data/lib/aikido/zen/collector/stats.rb +111 -0
data/lib/aikido/zen/collector/users.rb +30 -0
data/lib/aikido/zen/collector.rb +144 -0
data/lib/aikido/zen/config.rb +279 -0
data/lib/aikido/zen/context/rack_request.rb +24 -0
data/lib/aikido/zen/context/rails_request.rb +42 -0
data/lib/aikido/zen/context.rb +112 -0
data/lib/aikido/zen/detached_agent/agent.rb +78 -0
data/lib/aikido/zen/detached_agent/front_object.rb +37 -0
data/lib/aikido/zen/detached_agent/server.rb +41 -0
data/lib/aikido/zen/detached_agent.rb +2 -0
data/lib/aikido/zen/errors.rb +107 -0
data/lib/aikido/zen/event.rb +71 -0
data/lib/aikido/zen/internals.rb +102 -0
data/lib/aikido/zen/libzen-v0.1.39-x86_64-linux-musl.so +0 -0
data/lib/aikido/zen/middleware/check_allowed_addresses.rb +26 -0
data/lib/aikido/zen/middleware/middleware.rb +11 -0
data/lib/aikido/zen/middleware/rack_throttler.rb +48 -0
data/lib/aikido/zen/middleware/request_tracker.rb +192 -0
data/lib/aikido/zen/middleware/set_context.rb +26 -0
data/lib/aikido/zen/outbound_connection.rb +45 -0
data/lib/aikido/zen/outbound_connection_monitor.rb +23 -0
data/lib/aikido/zen/package.rb +22 -0
data/lib/aikido/zen/payload.rb +50 -0
data/lib/aikido/zen/rails_engine.rb +70 -0
data/lib/aikido/zen/rate_limiter/breaker.rb +61 -0
data/lib/aikido/zen/rate_limiter/bucket.rb +76 -0
data/lib/aikido/zen/rate_limiter/result.rb +31 -0
data/lib/aikido/zen/rate_limiter.rb +50 -0
data/lib/aikido/zen/request/heuristic_router.rb +115 -0
data/lib/aikido/zen/request/rails_router.rb +72 -0
data/lib/aikido/zen/request/schema/auth_discovery.rb +86 -0
data/lib/aikido/zen/request/schema/auth_schemas.rb +54 -0
data/lib/aikido/zen/request/schema/builder.rb +121 -0
data/lib/aikido/zen/request/schema/definition.rb +107 -0
data/lib/aikido/zen/request/schema/empty_schema.rb +28 -0
data/lib/aikido/zen/request/schema.rb +87 -0
data/lib/aikido/zen/request.rb +103 -0
data/lib/aikido/zen/route.rb +39 -0
data/lib/aikido/zen/runtime_settings/endpoints.rb +49 -0
data/lib/aikido/zen/runtime_settings/ip_set.rb +36 -0
data/lib/aikido/zen/runtime_settings/protection_settings.rb +62 -0
data/lib/aikido/zen/runtime_settings/rate_limit_settings.rb +47 -0
data/lib/aikido/zen/runtime_settings.rb +65 -0
data/lib/aikido/zen/scan.rb +75 -0
data/lib/aikido/zen/scanners/path_traversal/helpers.rb +65 -0
data/lib/aikido/zen/scanners/path_traversal_scanner.rb +63 -0
data/lib/aikido/zen/scanners/shell_injection/helpers.rb +159 -0
data/lib/aikido/zen/scanners/shell_injection_scanner.rb +64 -0
data/lib/aikido/zen/scanners/sql_injection_scanner.rb +93 -0
data/lib/aikido/zen/scanners/ssrf/dns_lookups.rb +27 -0
data/lib/aikido/zen/scanners/ssrf/private_ip_checker.rb +97 -0
data/lib/aikido/zen/scanners/ssrf_scanner.rb +265 -0
data/lib/aikido/zen/scanners/stored_ssrf_scanner.rb +49 -0
data/lib/aikido/zen/scanners.rb +7 -0
data/lib/aikido/zen/sink.rb +118 -0
data/lib/aikido/zen/sinks/action_controller.rb +83 -0
data/lib/aikido/zen/sinks/async_http.rb +82 -0
data/lib/aikido/zen/sinks/curb.rb +115 -0
data/lib/aikido/zen/sinks/em_http.rb +85 -0
data/lib/aikido/zen/sinks/excon.rb +121 -0
data/lib/aikido/zen/sinks/file.rb +116 -0
data/lib/aikido/zen/sinks/http.rb +95 -0
data/lib/aikido/zen/sinks/httpclient.rb +97 -0
data/lib/aikido/zen/sinks/httpx.rb +80 -0
data/lib/aikido/zen/sinks/kernel.rb +34 -0
data/lib/aikido/zen/sinks/mysql2.rb +33 -0
data/lib/aikido/zen/sinks/net_http.rb +103 -0
data/lib/aikido/zen/sinks/patron.rb +105 -0
data/lib/aikido/zen/sinks/pg.rb +74 -0
data/lib/aikido/zen/sinks/resolv.rb +62 -0
data/lib/aikido/zen/sinks/socket.rb +80 -0
data/lib/aikido/zen/sinks/sqlite3.rb +49 -0
data/lib/aikido/zen/sinks/trilogy.rb +33 -0
data/lib/aikido/zen/sinks/typhoeus.rb +78 -0
data/lib/aikido/zen/sinks.rb +39 -0
data/lib/aikido/zen/sinks_dsl.rb +226 -0
data/lib/aikido/zen/synchronizable.rb +24 -0
data/lib/aikido/zen/system_info.rb +84 -0
data/lib/aikido/zen/version.rb +10 -0
data/lib/aikido/zen/worker.rb +87 -0
data/lib/aikido/zen.rb +206 -0
data/lib/aikido-zen.rb +3 -0
data/placeholder/.gitignore +4 -0
data/placeholder/README.md +11 -0
data/placeholder/Rakefile +75 -0
data/placeholder/lib/placeholder.rb.template +3 -0
data/placeholder/placeholder.gemspec.template +20 -0
data/tasklib/bench.rake +94 -0
data/tasklib/libzen.rake +132 -0
data/tasklib/wrk.rb +88 -0
metadata +204 -0

data/lib/aikido/zen.rb ADDED Viewed

@@ -0,0 +1,206 @@
+# frozen_string_literal: true
+# IMPORTANT: Any files that load sinks or start the Aikido Agent should
+# be required in `Aikido::Zen.protect!`.
+require_relative "zen/version"
+require_relative "zen/errors"
+require_relative "zen/actor"
+require_relative "zen/config"
+require_relative "zen/collector"
+require_relative "zen/system_info"
+require_relative "zen/worker"
+require_relative "zen/agent"
+require_relative "zen/api_client"
+require_relative "zen/context"
+require_relative "zen/detached_agent"
+require_relative "zen/middleware/check_allowed_addresses"
+require_relative "zen/middleware/middleware"
+require_relative "zen/middleware/request_tracker"
+require_relative "zen/middleware/set_context"
+require_relative "zen/outbound_connection"
+require_relative "zen/outbound_connection_monitor"
+require_relative "zen/runtime_settings"
+require_relative "zen/rate_limiter"
+require_relative "zen/scanners"
+module Aikido
+  module Zen
+    # Enable protection. Until this method is called no sinks are loaded
+    # and the Aikido Agent does not start.
+    #
+    # @return [void]
+    def self.protect!
+      if config.disabled?
+        config.logger.warn("Zen has been disabled and will not run.")
+        return
+      end
+      # IMPORTANT: Any files that load sinks or start the Aikido Agent
+      # should be required here only.
+      require_relative "zen/rails_engine" if defined?(::Rails)
+    end
+    # @return [Aikido::Zen::Config] the agent configuration.
+    def self.config
+      @config ||= Config.new
+    end
+    # @return [Aikido::Zen::RuntimeSettings] the firewall configuration sourced
+    #   from your Aikido dashboard. This is periodically polled for updates.
+    def self.runtime_settings
+      @runtime_settings ||= RuntimeSettings.new
+    end
+    def self.runtime_settings=(settings)
+      @runtime_settings = settings
+    end
+    # Gets information about the current system configuration, which is sent to
+    # the server along with any events.
+    def self.system_info
+      @system_info ||= SystemInfo.new
+    end
+    # Manages runtime metrics extracted from your app, which are uploaded to the
+    # Aikido servers if configured to do so.
+    def self.collector
+      check_and_handle_fork
+      @collector ||= Collector.new
+    end
+    def self.detached_agent
+      check_and_handle_fork
+      @detached_agent ||= DetachedAgent::Agent.new
+    end
+    # Gets the current context object that holds all information about the
+    # current request.
+    #
+    # @return [Aikido::Zen::Context, nil]
+    def self.current_context
+      Thread.current[:_aikido_current_context_]
+    end
+    # Sets the current context object that holds all information about the
+    # current request, or +nil+ to clear the current context.
+    #
+    # @param context [Aikido::Zen::Context, nil]
+    # @return [Aikido::Zen::Context, nil]
+    def self.current_context=(context)
+      Thread.current[:_aikido_current_context_] = context
+    end
+    # Track statistics about an HTTP request the app is handling.
+    #
+    # @param request [Aikido::Zen::Request]
+    # @return [void]
+    def self.track_request(request)
+      collector.track_request
+    end
+    def self.track_discovered_route(request)
+      collector.track_route(request)
+    end
+    # Tracks a network connection made to an external service.
+    #
+    # @param connection [Aikido::Zen::OutboundConnection]
+    # @return [void]
+    def self.track_outbound(connection)
+      collector.track_outbound(connection)
+    end
+    # Track statistics about the result of a Sink's scan, and report it as
+    # an Attack if one is detected.
+    #
+    # @param scan [Aikido::Zen::Scan]
+    # @return [void]
+    # @raise [Aikido::Zen::UnderAttackError] if the scan detected an Attack
+    #   and blocking_mode is enabled.
+    def self.track_scan(scan)
+      collector.track_scan(scan)
+      agent.handle_attack(scan.attack) if scan.attack?
+    end
+    # Track the user making the current request.
+    #
+    # @param (see Aikido::Zen.Actor)
+    # @return [void]
+    def self.track_user(user)
+      return if config.disabled?
+      if (actor = Aikido::Zen::Actor(user))
+        collector.track_user(actor)
+        current_context.request.actor = actor if current_context
+      else
+        config.logger.warn(format(<<~LOG, obj: user))
+          Incompatible object sent to track_user: %<obj>p
+          The object must either implement #to_aikido_actor, or be a Hash with
+          an :id (or "id") and, optionally, a :name (or "name") key.
+        LOG
+      end
+    end
+    # Marks that the Zen middleware was installed properly
+    # @return void
+    def self.middleware_installed!
+      collector.middleware_installed!
+    end
+    # Load all sinks matching libraries loaded into memory. This method should
+    # be called after all other dependencies have been loaded into memory (i.e.
+    # at the end of the initialization process).
+    #
+    # If a new gem is required, this method can be called again safely.
+    #
+    # @return [void]
+    def self.load_sinks!
+      require_relative "zen/sinks"
+    end
+    # @!visibility private
+    # Stop any background threads.
+    def self.stop!
+      @agent&.stop!
+      @detached_agent_server&.stop!
+    end
+    # @!visibility private
+    # Starts the background agent if it has not been started yet.
+    def self.agent
+      @agent ||= Agent.start
+    end
+    def self.detached_agent_server
+      @detached_agent_server ||= DetachedAgent::Server.start!
+    end
+    class << self
+      # `agent` and `detached_agent` are started on the first method call.
+      # A mutex controls thread execution to prevent multiple attempts.
+      LOCK = Mutex.new
+      def start!
+        @pid = Process.pid
+        LOCK.synchronize do
+          agent
+          detached_agent_server
+        end
+      end
+      def check_and_handle_fork
+        if has_forked
+          @detached_agent&.handle_fork
+        end
+      end
+      def has_forked
+        pid_changed = Process.pid != @pid
+        @pid = Process.pid
+        pid_changed
+      end
+    end
+  end
+end

data/lib/aikido-zen.rb ADDED Viewed

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+require_relative "aikido/zen"

data/placeholder/.gitignore ADDED Viewed

@@ -0,0 +1,4 @@
+LICENSE
+*.gemspec
+/lib/*.rb
+*.gem

data/placeholder/README.md ADDED Viewed

@@ -0,0 +1,11 @@
+# Security Placeholder
+This gem has been published by [Aikido Security](https://aikido.dev) to help prevent supply chain attacks and protect the integrity of the Ruby ecosystem.
+It is **not intended for direct use** and contains no functional code.
+If you are looking for the actual library, please use [`aikido-zen`](https://rubygems.org/gems/aikido-zen).
+---
+This package exists solely for security purposes. For more information, visit [aikido.dev](https://aikido.dev).

data/placeholder/Rakefile ADDED Viewed

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+require "rake"
+require "rake/clean"
+require "rubygems/package"
+require "fileutils"
+GEM_NAMES = %w[aikido]
+# Clean up created files
+CLEAN.include("LICENSE")
+CLEAN.include(*GEM_NAMES.map { |name| "#{name}.gemspec" })
+CLEAN.include(*GEM_NAMES.map { |name| "lib/#{name}.rb" })
+CLOBBER.include(*GEM_NAMES.map { |name| "#{name}-*.gem" })
+namespace :build do
+  GEM_NAMES.each do |gem_name|
+    file "LICENSE" => ["../LICENSE"] do
+      FileUtils.cp("../LICENSE", "LICENSE")
+      puts "Copied LICENSE"
+    end
+    entry_point_path = "lib/#{gem_name}.rb"
+    # Generate the entry point file from template if needed
+    file entry_point_path => ["lib/placeholder.rb.template"] do
+      template = File.read("lib/placeholder.rb.template")
+      content = template.gsub("@GEM_NAME", gem_name)
+      File.write(entry_point_path, content)
+      puts "Generated #{entry_point_path}"
+    end
+    gemspec_path = "#{gem_name}.gemspec"
+    # Generate gemspec file from template if needed
+    file gemspec_path => ["placeholder.gemspec.template"] do
+      template = File.read("placeholder.gemspec.template")
+      content = template.gsub("@GEM_NAME", gem_name)
+      File.write(gemspec_path, content)
+      puts "Generated #{gemspec_path}"
+    end
+    desc "Build the #{gem_name} gem"
+    task gem_name => [entry_point_path, gemspec_path, "LICENSE"] do
+      gemspec = Gem::Specification.load(gemspec_path)
+      raise "Failed to load gemspec: #{gemspec_path}" unless gemspec
+      gem_path = Gem::Package.build(gemspec)
+      puts "Built #{gem_path}"
+    end
+  end
+  desc "Build all gems"
+  task all: GEM_NAMES.map { |gem_name| "build:#{gem_name}" }
+end
+namespace :release do
+  GEM_NAMES.each do |gem_name|
+    gemspec_path = "#{gem_name}.gemspec"
+    desc "Build and publish the #{gem_name} to RubyGems"
+    task gem_name => ["build:#{gem_name}"] do
+      gemspec = Gem::Specification.load(gemspec_path)
+      raise "Failed to load gemspec: #{gemspec_path}" unless gemspec
+      gem_path = "#{gemspec.name}-#{gemspec.version}.gem"
+      puts "Publishing #{gem_path} to RubyGem..."
+      sh "gem push #{gem_path}"
+    end
+  end
+  desc "Build and publish all gems to RubyGems"
+  task all: GEM_NAMES.map { |gem_name| "release:#{gem_name}" }
+end

data/placeholder/lib/placeholder.rb.template ADDED Viewed

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+raise LoadError, "This gem has been published by Aikido Security to help prevent supply chain attacks. It is not intended for direct use. Please use 'aikido-zen' instead."

data/placeholder/placeholder.gemspec.template ADDED Viewed

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+Gem::Specification.new do |spec|
+  spec.name = "@GEM_NAME"
+  spec.version = "0.0.2"
+  spec.authors = ["Aikido Security"]
+  spec.email = ["dev-admin@aikido.dev"]
+  spec.summary = "Security placeholder for 'aikido-zen'."
+  spec.description = "This gem has been published by Aikido Security to help prevent supply chain attacks. It is not intended for direct use. Please use 'aikido-zen' instead."
+  spec.homepage = "https://aikido.dev/zen"
+  spec.license = "AGPL-3.0-or-later"
+  spec.required_ruby_version = ">= 2.3"
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/aikidosec/firewall-ruby"
+  spec.files = ["lib/@GEM_NAME.rb", "README.md", "LICENSE"]
+  spec.require_paths = ["lib"]
+end

data/tasklib/bench.rake ADDED Viewed

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+require "socket"
+require "timeout"
+require_relative "wrk"
+SERVER_PIDS = {}
+PORT_PROTECTED = 3001
+PORT_UNPROTECTED = 3002
+def stop_servers
+  SERVER_PIDS.each { |_, pid| Process.kill("TERM", pid) }
+  SERVER_PIDS.clear
+end
+def boot_server(dir, port:, env: {})
+  env["RAILS_MIN_THREADS"] = NUMBER_OF_THREADS
+  env["RAILS_MAX_THREADS"] = NUMBER_OF_THREADS
+  env["PORT"] = port.to_s
+  env["SECRET_KEY_BASE"] = rand(36**64).to_s(36)
+  Dir.chdir(dir) do
+    SERVER_PIDS[port] = Process.spawn(
+      env,
+      "rails", "server", "--pid", "#{Dir.pwd}/tmp/pids/server.#{port}.pid", "-e", "production",
+      out: "/dev/null"
+    )
+  rescue
+    SERVER_PIDS.delete(port)
+  end
+end
+def port_open?(port, timeout: 1)
+  Timeout.timeout(timeout) do
+    TCPSocket.new("127.0.0.1", port).close
+    true
+  rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH, SocketError
+    false
+  end
+rescue Timeout::Error
+  false
+end
+def wait_for_servers
+  ports = SERVER_PIDS.keys
+  Timeout.timeout(10) do
+    ports.reject! { |port| port_open?(port) } while ports.any?
+  end
+rescue Timeout::Error
+  raise "Could not reach ports: #{ports.join(", ")}"
+end
+Pathname.glob("sample_apps/*").select(&:directory?).each do |dir|
+  namespace :bench do
+    namespace dir.basename.to_s do
+      desc "Run WRK benchmarks for the #{dir.basename} sample app"
+      task wrk_run: [:boot_protected_app, :boot_unprotected_app] do
+        throughput_decrease_limit_perc = 25
+        if Gem::Version.new(RUBY_VERSION) >= Gem::Version.new("3.0.0") && Gem::Version.new(RUBY_VERSION) < Gem::Version.new("3.1.0")
+          # add higher limit for ruby 3.0
+          throughput_decrease_limit_perc = 35
+        end
+        wait_for_servers
+        run_benchmark(
+          route_zen: "http://localhost:#{PORT_PROTECTED}/benchmark", # Application with Zen
+          route_no_zen: "http://localhost:#{PORT_UNPROTECTED}/benchmark", # Application without Zen
+          description: "An empty route (1ms simulated delay)",
+          throughput_decrease_limit_perc: throughput_decrease_limit_perc,
+          latency_increase_limit_ms: 200
+        )
+      ensure
+        stop_servers
+      end
+      desc "Run K6 benchmarks for the #{dir.basename} sample app"
+      task k6_run: [:boot_protected_app, :boot_unprotected_app] do
+        wait_for_servers
+        Dir.chdir("benchmarks") { sh "k6 run #{dir.basename}.js" }
+      ensure
+        stop_servers
+      end
+      task :boot_protected_app do
+        boot_server(dir, port: PORT_PROTECTED)
+      end
+      task :boot_unprotected_app do
+        boot_server(dir, port: PORT_UNPROTECTED, env: {"AIKIDO_DISABLED" => "true"})
+      end
+    end
+  end
+end

data/tasklib/libzen.rake ADDED Viewed

@@ -0,0 +1,132 @@
+# frozen_string_literal: true
+require "ffi"
+require "open-uri"
+require "rubygems/package_task"
+require_relative "../lib/aikido/zen/version"
+class LibZen
+  attr_reader :platform, :suffix, :artifact
+  def initialize(platform_suffix, artifact = nil)
+    platform, suffix = platform_suffix.split(".", 2)
+    @platform = Gem::Platform.new(platform)
+    @suffix = suffix
+    @artifact = artifact
+  end
+  def version
+    "v#{Aikido::Zen::LIBZEN_VERSION}"
+  end
+  def path
+    "lib/aikido/zen/libzen-#{version}-#{platform}.#{suffix}"
+  end
+  def url
+    File.join("https://github.com/AikidoSec/zen-internals/releases/download", version, artifact)
+  end
+  def gemspec(source = Bundler.load_gemspec("aikido-zen.gemspec"))
+    return @spec if defined?(@spec)
+    @spec = source.dup
+    @spec.platform = platform
+    @spec.files << path
+    @spec
+  end
+  def gem_path
+    "pkg/#{gemspec.name}-#{gemspec.version}-#{gemspec.platform}.gem"
+  end
+  def resolvable?
+    downloadable? || File.exist?(path)
+  end
+  def downloadable?
+    !artifact.nil?
+  end
+  def download
+    puts "Downloading #{path}"
+    File.open(path, "wb") { |file| FileUtils.copy_stream(URI(url).open("rb"), file) }
+  end
+  def verify
+    expected = URI(url + ".sha256sum").read.split(/\s+/).first
+    actual = Digest::SHA256.file(path).to_s
+    if expected != actual
+      abort "Checksum verification failed for #{path}: expected #{expected}, but got #{actual}"
+    end
+  end
+  def namespace
+    platform.to_s
+  end
+  def pkg_dir
+    File.dirname(gem_path)
+  end
+end
+LIBZENS = [
+  LibZen.new("arm64-darwin.dylib", "libzen_internals_aarch64-apple-darwin.dylib"),
+  LibZen.new("arm64-linux.so", "libzen_internals_aarch64-unknown-linux-gnu.so"),
+  LibZen.new("arm64-linux-musl.so", "libzen_internals_aarch64-unknown-linux-musl.so"),
+  LibZen.new("x86_64-darwin.dylib", "libzen_internals_x86_64-apple-darwin.dylib"),
+  LibZen.new("x86_64-linux.so", "libzen_internals_x86_64-unknown-linux-gnu.so"),
+  LibZen.new("x86_64-linux-musl.so", "libzen_internals_x86_64-unknown-linux-musl.so"),
+  LibZen.new("x86_64-mingw64.dll", "libzen_internals_x86_64-pc-windows-gnu.dll"),
+  # Not officially supported, but used during testing:
+  LibZen.new("x86_64-freebsd.so"),
+  LibZen.new("x86_64-solaris.so")
+].filter(&:resolvable?)
+namespace :libzen do
+  LIBZENS.each do |lib|
+    desc "Download libzen for #{lib.platform} if necessary"
+    task(lib.namespace => lib.path)
+    if lib.downloadable?
+      file(lib.path) do
+        lib.download
+        lib.verify
+      end
+      CLEAN.include(lib.path)
+    end
+    directory lib.pkg_dir
+    CLOBBER.include(lib.pkg_dir)
+    file(lib.gem_path => [lib.path, lib.pkg_dir]) do
+      path = Gem::Package.build(lib.gemspec)
+      mv path, lib.pkg_dir
+    end
+    CLOBBER.include(lib.pkg_dir)
+    task "#{lib.namespace}:release" => [lib.gem_path, "release:guard_clean"] do
+      sh "gem", "push", lib.gem_path
+    end
+  end
+  desc "Build all the native gems"
+  task gems: LIBZENS.map(&:gem_path)
+  desc "Push all the native gems to RubyGems"
+  task release: LIBZENS.map { |lib| "#{lib.namespace}:release" }
+  desc "Download the libzen pre-built library for all platforms"
+  task "download:all" => LIBZENS.map(&:path)
+  desc "Downloads the libzen library for the current platform"
+  task "download:current" do
+    platform = Gem::Platform.local.dup
+    platform.version = nil unless Rake::Task.task_defined?("libzen:#{platform}")
+    # Invoke the most specific task
+    Rake::Task["libzen:#{platform}"].invoke
+  end
+end

data/tasklib/wrk.rb ADDED Viewed

@@ -0,0 +1,88 @@
+require "open3"
+require "time"
+NUMBER_OF_THREADS = ENV.fetch("BENCHMARK_NUMBER_OF_THREADS") { 12 }.to_s
+CONNECTIONS = ENV.fetch("BENCHMARK_WRK_CONNECTIONS") { 400 }
+def generate_wrk_command_for_url(url)
+  # Define the command with wrk included
+  "wrk --threads #{NUMBER_OF_THREADS} --connections #{CONNECTIONS} --duration 15s --timeout 5s --latency #{url}"
+end
+def cold_start(url)
+  10.times do
+    _, err, status = Open3.capture3("curl #{url}")
+    if status != 0
+      puts err
+      exit(-1)
+    end
+  end
+end
+def extract_requests_and_latency_tuple(out, err, status)
+  if status == 0
+    # Extracting requests/sec
+    requests_sec_match = out.match(/Requests\/sec:\s+([\d.]+)/)
+    requests_sec = requests_sec_match[1].to_f if requests_sec_match
+    # Extracting latency
+    latency_match = out.match(/Latency\s+([\d.]+)(ms|s)/)
+    latency = latency_match[1].to_f if latency_match
+    latency_unit = latency_match[2] if latency_match
+    if latency_unit == "s"
+      latency *= 1000
+    end
+    {requests_sec: requests_sec, latency: latency}
+  else
+    puts "Error occurred running benchmark command:"
+    puts err.strip
+    exit(1)
+  end
+end
+def run_benchmark(route_no_zen:, route_zen:, description:, throughput_decrease_limit_perc:, latency_increase_limit_ms:)
+  # Cold start
+  cold_start(route_no_zen)
+  cold_start(route_zen)
+  out, err, status = Open3.capture3(generate_wrk_command_for_url(route_zen))
+  puts <<~MSG
+    WRK OUTPUT
+    ================
+    FIREWALL ENABLED:
+        #{out}
+    ----------------
+  MSG
+  result_zen_enabled = extract_requests_and_latency_tuple(out, err, status)
+  out, err, status = Open3.capture3(generate_wrk_command_for_url(route_no_zen))
+  puts <<~MSG
+    FIREWALL DISABLED:
+        #{out}
+    ================
+  MSG
+  result_zen_disabled = extract_requests_and_latency_tuple(out, err, status)
+  # Check if the command was successful
+  if result_zen_enabled && result_zen_disabled
+    # Print the output, which should be the Requests/sec value
+    puts "[ZEN ENABLED ] Requests/sec: #{result_zen_enabled[:requests_sec]} | Latency in ms: #{result_zen_enabled[:latency]}"
+    puts "[ZEN DISABLED] Requests/sec: #{result_zen_disabled[:requests_sec]} | Latency in ms: #{result_zen_disabled[:latency]}"
+    latency_increase_ms = (result_zen_enabled[:latency] - result_zen_disabled[:latency]).round(2)
+    puts "-> Delta in ms: #{latency_increase_ms}ms after running load test on #{description}"
+    throughput_decrease_perc = ((result_zen_disabled[:requests_sec] - result_zen_enabled[:requests_sec]) / result_zen_disabled[:requests_sec] * 100).round
+    puts "-> #{throughput_decrease_perc}% decrease in throughput after running load test on #{description}\n"
+    if latency_increase_ms >= latency_increase_limit_ms
+      exit(1)
+    end
+    if throughput_decrease_perc >= throughput_decrease_limit_perc
+      exit(1)
+    end
+  end
+end