cif-client 1.0.2

data.tar.gz.sig

@@ -0,0 +1,2 @@
+��l �|f��
+TȤ�[ѝئw�qCG��N�;V<�N{�$_E�q����#�?d

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in cif-client.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 chrislee35
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,43 @@
+# CIF::Client
+
+This ruby module interfaces with the Collective Intelligence Framework (as a client) to display intrusion alerts pulled from various feeding systems.  For more information, please visit the CIF Google Project Hosting page.
+
+https://code.google.com/p/collective-intelligence-framework/
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'cif-client'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install cif-client
+
+## Usage
+
+	config = "#{ENV['HOME']}/.cif"
+	severity = nil
+	restriction = nil
+	nolog = false
+
+	config = ConfigParser.new(config)
+	host = config['client']['host']
+	apikey = config['client']['apikey']
+	query = "64.120.146.250"
+	client = CIF::Client.new(host,apikey,severity,restriction,nolog)
+	results = client.query(query)
+	puts results
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,12 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'lib'
+  t.test_files = FileList['test/test_*.rb']
+  t.verbose = true
+end
+
+task :default => :test

data/cif-client.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'cif/client/version'
+
+Gem::Specification.new do |spec|
+	spec.name          = "cif-client"
+	spec.version       = CIF::Client::VERSION
+	spec.authors       = ["chrislee35"]
+	spec.email         = ["rubygems@chrislee.dhs.org"]
+	spec.description   = %q{CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route). The most common types of threat intelligence warehoused in CIF are IP addresses, domains and urls that are observed to be related to malicious activity.}
+	spec.summary       = %q{Ruby-based client and library for the Collective Intelligence Framework}
+	spec.homepage      = "https://code.google.com/p/collective-intelligence-framework/"
+	spec.license       = "MIT"
+
+	spec.files         = `git ls-files`.split($/)
+	spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+	spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+	spec.require_paths = ["lib"]
+
+	spec.add_runtime_dependency "configparser", "~> 0.1.1"
+	spec.add_runtime_dependency "json", "~> 1.4.3"
+	spec.add_development_dependency "bundler", "~> 1.3"
+	spec.add_development_dependency "rake"
+
+	spec.signing_key   = "#{File.dirname(__FILE__)}/../gem-private_key.pem"
+	spec.cert_chain    = ["#{File.dirname(__FILE__)}/../gem-public_cert.pem"]
+end

data/lib/cif/client.rb

@@ -0,0 +1,45 @@
+# DESCRIPTION: queries collective-intelligence-framework sources
+require 'json'
+require 'net/http'
+require 'net/https'
+require 'digest/sha1'
+require 'zlib'
+require 'base64'
+require 'openssl'
+
+module CIF
+	class Client
+		attr_accessor :fields
+		attr_writer :severity, :restriction, :fields
+		def initialize(host,apikey,severity=nil,restriction=nil,nolog=false)
+			@host = host
+			@apikey = apikey
+			@severity = severity
+			@nolog = nolog
+			@restriction = restriction
+		end
+		
+		def query(q,severity=nil,restriction=nil,nolog=false)
+			params = {'apikey' => @apikey}
+			params['restriction'] = restriction || @restriction if restriction || @restriction
+			params['severity'] = severity || @severity if severity || @severity
+			params['nolog'] = 1 if nolog || @nolog
+			s = "#{@host}/#{q}?"+params.map{|k,v| "#{k}=#{v}"}.join("&")
+			url = URI.parse s
+			http = Net::HTTP.new(url.host, url.port)
+			http.use_ssl = (url.scheme == 'https')
+			http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+			http.verify_depth = 5
+			request = Net::HTTP::Get.new(url.path+"?"+url.query)
+			request.add_field("User-Agent", "Ruby/#{RUBY_VERSION} cif-client v#{CIF::Client::VERSION}")
+			response = http.request(request)
+			doc = response.body
+			data = JSON.parse(doc)
+			@response_code = data['status']
+			if data['data'] and data['data']
+				feed = data['data']['feed']
+			end
+			feed
+		end
+	end
+end

data/lib/cif/client/version.rb

@@ -0,0 +1,5 @@
+module CIF
+  class Client
+    VERSION = "1.0.2"
+  end
+end

data/test/helper.rb

@@ -0,0 +1,3 @@
+require 'test/unit'
+require 'configparser'
+require File.expand_path('../../lib/cif/client.rb', __FILE__)

data/test/test_cif-client.rb

@@ -0,0 +1,27 @@
+unless Kernel.respond_to?(:require_relative)
+	module Kernel
+		def require_relative(path)
+			require File.join(File.dirname(caller[0]), path.to_str)
+		end
+	end
+end
+
+require_relative 'helper'
+
+class TestCIFClient < Test::Unit::TestCase
+	def test_perform_a_query_and_receive_results
+		config = "#{ENV['HOME']}/.cif"
+		severity = nil
+		restriction = nil
+		nolog = false
+
+		config = ConfigParser.new(config)
+		host = config['client']['host']
+		apikey = config['client']['apikey']
+		query = "64.120.146.250"
+		client = CIF::Client.new(host,apikey,severity,restriction,nolog)
+		results = client.query(query)
+		assert_not_nil(results)
+		puts results
+	end
+end

metadata

@@ -0,0 +1,158 @@
+--- !ruby/object:Gem::Specification 
+name: cif-client
+version: !ruby/object:Gem::Version 
+  hash: 19
+  prerelease: 
+  segments: 
+  - 1
+  - 0
+  - 2
+  version: 1.0.2
+platform: ruby
+authors: 
+- chrislee35
+autorequire: 
+bindir: bin
+cert_chain: 
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDYjCCAkqgAwIBAgIBADANBgkqhkiG9w0BAQUFADBXMREwDwYDVQQDDAhydWJ5
+  Z2VtczEYMBYGCgmSJomT8ixkARkWCGNocmlzbGVlMRMwEQYKCZImiZPyLGQBGRYD
+  ZGhzMRMwEQYKCZImiZPyLGQBGRYDb3JnMB4XDTEzMDUyMjEyNTk0N1oXDTE0MDUy
+  MjEyNTk0N1owVzERMA8GA1UEAwwIcnVieWdlbXMxGDAWBgoJkiaJk/IsZAEZFghj
+  aHJpc2xlZTETMBEGCgmSJomT8ixkARkWA2RoczETMBEGCgmSJomT8ixkARkWA29y
+  ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANcPrx8BZiWIR9xWWG8I
+  tqR538tS1t+UJ4FZFl+1vrtU9TiuWX3Vj37TwUpa2fFkziK0n5KupVThyEhcem5m
+  OGRjvgrRFbWQJSSscIKOpwqURHVKRpV9gVz/Hnzk8S+xotUR1Buo3Ugr+I1jHewD
+  Cgr+y+zgZbtjtHsJtsuujkOcPhEjjUinj68L9Fz9BdeJQt+IacjwAzULix6jWCht
+  Uc+g+0z8Esryca2G6I1GsrgX6WHw8dykyQDT9dCtS2flCOwSC1R0K5T/xHW54f+5
+  wcw8mm53KLNe+tmgVC6ZHyME+qJsBnP6uxF0aTEnGA/jDBQDhQNTF0ZP/abzyTsL
+  zjUCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFO8w
+  +aeP7T6kVJblCg6eusOII9DfMA0GCSqGSIb3DQEBBQUAA4IBAQBCQyRJLXsBo2Fy
+  8W6e/W4RemQRrlAw9DK5O6U71JtedVob2oq+Ob+zmS+PifE2+L+3RiJ2H6VTlOzi
+  x+A061MUXhGraqVq4J2FC8kt4EQywAD0P0Ta5GU24CGSF08Y3GkJy1Sa4XqTC2YC
+  o51s7JP+tkCCtpVYSdzJhTllieRAWBpGV1dtaoeUKE6tYPMBkosxSRcVGczk/Sc3
+  7eQCpexYy9JlUBI9u3BqIY9E+l+MSn8ihXSPmyK0DgrhaCu+voaSFVOX6Y+B5qbo
+  jLXMQu2ZgISYwXNjNbGVHehut82U7U9oiHoWcrOGazaRUmGO9TXP+aJLH0gw2dcK
+  AfMglXPi
+  -----END CERTIFICATE-----
+
+date: 2013-06-02 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: configparser
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 25
+        segments: 
+        - 0
+        - 1
+        - 1
+        version: 0.1.1
+  prerelease: false
+  type: :runtime
+  requirement: *id001
+- !ruby/object:Gem::Dependency 
+  name: json
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 1
+        segments: 
+        - 1
+        - 4
+        - 3
+        version: 1.4.3
+  prerelease: false
+  type: :runtime
+  requirement: *id002
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 9
+        segments: 
+        - 1
+        - 3
+        version: "1.3"
+  prerelease: false
+  type: :development
+  requirement: *id003
+- !ruby/object:Gem::Dependency 
+  name: rake
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  prerelease: false
+  type: :development
+  requirement: *id004
+description: CIF is a cyber threat intelligence management system. CIF allows you to combine known malicious threat information from many sources and use that information for identification (incident response), detection (IDS) and mitigation (null route). The most common types of threat intelligence warehoused in CIF are IP addresses, domains and urls that are observed to be related to malicious activity.
+email: 
+- rubygems@chrislee.dhs.org
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- cif-client.gemspec
+- lib/cif/client.rb
+- lib/cif/client/version.rb
+- test/helper.rb
+- test/test_cif-client.rb
+homepage: https://code.google.com/p/collective-intelligence-framework/
+licenses: 
+- MIT
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Ruby-based client and library for the Collective Intelligence Framework
+test_files: 
+- test/helper.rb
+- test/test_cif-client.rb