cif-client 1.0.2

Sign up to get free protection for your applications and to get access to all the features.
data.tar.gz.sig ADDED
@@ -0,0 +1,2 @@
1
+ ��l �|f��
2
+ TȤ�[ѝئw�qCG��N�;V<�N {�$_E�q����#�?d
data/.gitignore ADDED
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in cif-client.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2013 chrislee35
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,43 @@
1
+ # CIF::Client
2
+
3
+ This ruby module interfaces with the Collective Intelligence Framework (as a client) to display intrusion alerts pulled from various feeding systems. For more information, please visit the CIF Google Project Hosting page.
4
+
5
+ https://code.google.com/p/collective-intelligence-framework/
6
+
7
+
8
+ ## Installation
9
+
10
+ Add this line to your application's Gemfile:
11
+
12
+ gem 'cif-client'
13
+
14
+ And then execute:
15
+
16
+ $ bundle
17
+
18
+ Or install it yourself as:
19
+
20
+ $ gem install cif-client
21
+
22
+ ## Usage
23
+
24
+ config = "#{ENV['HOME']}/.cif"
25
+ severity = nil
26
+ restriction = nil
27
+ nolog = false
28
+
29
+ config = ConfigParser.new(config)
30
+ host = config['client']['host']
31
+ apikey = config['client']['apikey']
32
+ query = "64.120.146.250"
33
+ client = CIF::Client.new(host,apikey,severity,restriction,nolog)
34
+ results = client.query(query)
35
+ puts results
36
+
37
+ ## Contributing
38
+
39
+ 1. Fork it
40
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
41
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
42
+ 4. Push to the branch (`git push origin my-new-feature`)
43
+ 5. Create new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,12 @@
1
+ #!/usr/bin/env rake
2
+ require "bundler/gem_tasks"
3
+
4
+ require 'rake/testtask'
5
+
6
+ Rake::TestTask.new do |t|
7
+ t.libs << 'lib'
8
+ t.test_files = FileList['test/test_*.rb']
9
+ t.verbose = true
10
+ end
11
+
12
+ task :default => :test
@@ -0,0 +1,28 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'cif/client/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "cif-client"
8
+ spec.version = CIF::Client::VERSION
9
+ spec.authors = ["chrislee35"]
10
+ spec.email = ["rubygems@chrislee.dhs.org"]
11
+ spec.description = %q{CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route). The most common types of threat intelligence warehoused in CIF are IP addresses, domains and urls that are observed to be related to malicious activity.}
12
+ spec.summary = %q{Ruby-based client and library for the Collective Intelligence Framework}
13
+ spec.homepage = "https://code.google.com/p/collective-intelligence-framework/"
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files`.split($/)
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_runtime_dependency "configparser", "~> 0.1.1"
22
+ spec.add_runtime_dependency "json", "~> 1.4.3"
23
+ spec.add_development_dependency "bundler", "~> 1.3"
24
+ spec.add_development_dependency "rake"
25
+
26
+ spec.signing_key = "#{File.dirname(__FILE__)}/../gem-private_key.pem"
27
+ spec.cert_chain = ["#{File.dirname(__FILE__)}/../gem-public_cert.pem"]
28
+ end
data/lib/cif/client.rb ADDED
@@ -0,0 +1,45 @@
1
+ # DESCRIPTION: queries collective-intelligence-framework sources
2
+ require 'json'
3
+ require 'net/http'
4
+ require 'net/https'
5
+ require 'digest/sha1'
6
+ require 'zlib'
7
+ require 'base64'
8
+ require 'openssl'
9
+
10
+ module CIF
11
+ class Client
12
+ attr_accessor :fields
13
+ attr_writer :severity, :restriction, :fields
14
+ def initialize(host,apikey,severity=nil,restriction=nil,nolog=false)
15
+ @host = host
16
+ @apikey = apikey
17
+ @severity = severity
18
+ @nolog = nolog
19
+ @restriction = restriction
20
+ end
21
+
22
+ def query(q,severity=nil,restriction=nil,nolog=false)
23
+ params = {'apikey' => @apikey}
24
+ params['restriction'] = restriction || @restriction if restriction || @restriction
25
+ params['severity'] = severity || @severity if severity || @severity
26
+ params['nolog'] = 1 if nolog || @nolog
27
+ s = "#{@host}/#{q}?"+params.map{|k,v| "#{k}=#{v}"}.join("&")
28
+ url = URI.parse s
29
+ http = Net::HTTP.new(url.host, url.port)
30
+ http.use_ssl = (url.scheme == 'https')
31
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
32
+ http.verify_depth = 5
33
+ request = Net::HTTP::Get.new(url.path+"?"+url.query)
34
+ request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} cif-client v#{CIF::Client::VERSION}")
35
+ response = http.request(request)
36
+ doc = response.body
37
+ data = JSON.parse(doc)
38
+ @response_code = data['status']
39
+ if data['data'] and data['data']
40
+ feed = data['data']['feed']
41
+ end
42
+ feed
43
+ end
44
+ end
45
+ end
@@ -0,0 +1,5 @@
1
+ module CIF
2
+ class Client
3
+ VERSION = "1.0.2"
4
+ end
5
+ end
data/test/helper.rb ADDED
@@ -0,0 +1,3 @@
1
+ require 'test/unit'
2
+ require 'configparser'
3
+ require File.expand_path('../../lib/cif/client.rb', __FILE__)
@@ -0,0 +1,27 @@
1
+ unless Kernel.respond_to?(:require_relative)
2
+ module Kernel
3
+ def require_relative(path)
4
+ require File.join(File.dirname(caller[0]), path.to_str)
5
+ end
6
+ end
7
+ end
8
+
9
+ require_relative 'helper'
10
+
11
+ class TestCIFClient < Test::Unit::TestCase
12
+ def test_perform_a_query_and_receive_results
13
+ config = "#{ENV['HOME']}/.cif"
14
+ severity = nil
15
+ restriction = nil
16
+ nolog = false
17
+
18
+ config = ConfigParser.new(config)
19
+ host = config['client']['host']
20
+ apikey = config['client']['apikey']
21
+ query = "64.120.146.250"
22
+ client = CIF::Client.new(host,apikey,severity,restriction,nolog)
23
+ results = client.query(query)
24
+ assert_not_nil(results)
25
+ puts results
26
+ end
27
+ end
metadata ADDED
@@ -0,0 +1,158 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: cif-client
3
+ version: !ruby/object:Gem::Version
4
+ hash: 19
5
+ prerelease:
6
+ segments:
7
+ - 1
8
+ - 0
9
+ - 2
10
+ version: 1.0.2
11
+ platform: ruby
12
+ authors:
13
+ - chrislee35
14
+ autorequire:
15
+ bindir: bin
16
+ cert_chain:
17
+ - |
18
+ -----BEGIN CERTIFICATE-----
19
+ MIIDYjCCAkqgAwIBAgIBADANBgkqhkiG9w0BAQUFADBXMREwDwYDVQQDDAhydWJ5
20
+ Z2VtczEYMBYGCgmSJomT8ixkARkWCGNocmlzbGVlMRMwEQYKCZImiZPyLGQBGRYD
21
+ ZGhzMRMwEQYKCZImiZPyLGQBGRYDb3JnMB4XDTEzMDUyMjEyNTk0N1oXDTE0MDUy
22
+ MjEyNTk0N1owVzERMA8GA1UEAwwIcnVieWdlbXMxGDAWBgoJkiaJk/IsZAEZFghj
23
+ aHJpc2xlZTETMBEGCgmSJomT8ixkARkWA2RoczETMBEGCgmSJomT8ixkARkWA29y
24
+ ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANcPrx8BZiWIR9xWWG8I
25
+ tqR538tS1t+UJ4FZFl+1vrtU9TiuWX3Vj37TwUpa2fFkziK0n5KupVThyEhcem5m
26
+ OGRjvgrRFbWQJSSscIKOpwqURHVKRpV9gVz/Hnzk8S+xotUR1Buo3Ugr+I1jHewD
27
+ Cgr+y+zgZbtjtHsJtsuujkOcPhEjjUinj68L9Fz9BdeJQt+IacjwAzULix6jWCht
28
+ Uc+g+0z8Esryca2G6I1GsrgX6WHw8dykyQDT9dCtS2flCOwSC1R0K5T/xHW54f+5
29
+ wcw8mm53KLNe+tmgVC6ZHyME+qJsBnP6uxF0aTEnGA/jDBQDhQNTF0ZP/abzyTsL
30
+ zjUCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFO8w
31
+ +aeP7T6kVJblCg6eusOII9DfMA0GCSqGSIb3DQEBBQUAA4IBAQBCQyRJLXsBo2Fy
32
+ 8W6e/W4RemQRrlAw9DK5O6U71JtedVob2oq+Ob+zmS+PifE2+L+3RiJ2H6VTlOzi
33
+ x+A061MUXhGraqVq4J2FC8kt4EQywAD0P0Ta5GU24CGSF08Y3GkJy1Sa4XqTC2YC
34
+ o51s7JP+tkCCtpVYSdzJhTllieRAWBpGV1dtaoeUKE6tYPMBkosxSRcVGczk/Sc3
35
+ 7eQCpexYy9JlUBI9u3BqIY9E+l+MSn8ihXSPmyK0DgrhaCu+voaSFVOX6Y+B5qbo
36
+ jLXMQu2ZgISYwXNjNbGVHehut82U7U9oiHoWcrOGazaRUmGO9TXP+aJLH0gw2dcK
37
+ AfMglXPi
38
+ -----END CERTIFICATE-----
39
+
40
+ date: 2013-06-02 00:00:00 Z
41
+ dependencies:
42
+ - !ruby/object:Gem::Dependency
43
+ name: configparser
44
+ version_requirements: &id001 !ruby/object:Gem::Requirement
45
+ none: false
46
+ requirements:
47
+ - - ~>
48
+ - !ruby/object:Gem::Version
49
+ hash: 25
50
+ segments:
51
+ - 0
52
+ - 1
53
+ - 1
54
+ version: 0.1.1
55
+ prerelease: false
56
+ type: :runtime
57
+ requirement: *id001
58
+ - !ruby/object:Gem::Dependency
59
+ name: json
60
+ version_requirements: &id002 !ruby/object:Gem::Requirement
61
+ none: false
62
+ requirements:
63
+ - - ~>
64
+ - !ruby/object:Gem::Version
65
+ hash: 1
66
+ segments:
67
+ - 1
68
+ - 4
69
+ - 3
70
+ version: 1.4.3
71
+ prerelease: false
72
+ type: :runtime
73
+ requirement: *id002
74
+ - !ruby/object:Gem::Dependency
75
+ name: bundler
76
+ version_requirements: &id003 !ruby/object:Gem::Requirement
77
+ none: false
78
+ requirements:
79
+ - - ~>
80
+ - !ruby/object:Gem::Version
81
+ hash: 9
82
+ segments:
83
+ - 1
84
+ - 3
85
+ version: "1.3"
86
+ prerelease: false
87
+ type: :development
88
+ requirement: *id003
89
+ - !ruby/object:Gem::Dependency
90
+ name: rake
91
+ version_requirements: &id004 !ruby/object:Gem::Requirement
92
+ none: false
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ hash: 3
97
+ segments:
98
+ - 0
99
+ version: "0"
100
+ prerelease: false
101
+ type: :development
102
+ requirement: *id004
103
+ description: CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route). The most common types of threat intelligence warehoused in CIF are IP addresses, domains and urls that are observed to be related to malicious activity.
104
+ email:
105
+ - rubygems@chrislee.dhs.org
106
+ executables: []
107
+
108
+ extensions: []
109
+
110
+ extra_rdoc_files: []
111
+
112
+ files:
113
+ - .gitignore
114
+ - Gemfile
115
+ - LICENSE.txt
116
+ - README.md
117
+ - Rakefile
118
+ - cif-client.gemspec
119
+ - lib/cif/client.rb
120
+ - lib/cif/client/version.rb
121
+ - test/helper.rb
122
+ - test/test_cif-client.rb
123
+ homepage: https://code.google.com/p/collective-intelligence-framework/
124
+ licenses:
125
+ - MIT
126
+ post_install_message:
127
+ rdoc_options: []
128
+
129
+ require_paths:
130
+ - lib
131
+ required_ruby_version: !ruby/object:Gem::Requirement
132
+ none: false
133
+ requirements:
134
+ - - ">="
135
+ - !ruby/object:Gem::Version
136
+ hash: 3
137
+ segments:
138
+ - 0
139
+ version: "0"
140
+ required_rubygems_version: !ruby/object:Gem::Requirement
141
+ none: false
142
+ requirements:
143
+ - - ">="
144
+ - !ruby/object:Gem::Version
145
+ hash: 3
146
+ segments:
147
+ - 0
148
+ version: "0"
149
+ requirements: []
150
+
151
+ rubyforge_project:
152
+ rubygems_version: 1.8.25
153
+ signing_key:
154
+ specification_version: 3
155
+ summary: Ruby-based client and library for the Collective Intelligence Framework
156
+ test_files:
157
+ - test/helper.rb
158
+ - test/test_cif-client.rb
metadata.gz.sig ADDED
Binary file