dap 0.1.22 → 0.1.23

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 84ec18716c559d5fb16104b20e381be40aef8636
-  data.tar.gz: 85e9bbb9c9828aa523e375c260bdd544e873b51b
+  metadata.gz: a7825d15d19bfc4d5e8c3186b3061cfbdeec4544
+  data.tar.gz: 44db06642179239ec8cd0dd5a74b942d7ddd2099
 SHA512:
-  metadata.gz: 8980ba6f81210d355f9adde3210b32c2dc9f919d815662930e54eb43b0cfe053c1e4be7e518274276eef4bd6b2abfc427d93b990fcca49a29162ed2db7099683
-  data.tar.gz: a1434241543ffa939c7936773fea158ada58dc07d6038cb9fefd179637d99f4ab8feae64f84a6a6e4be3f270f41ccd78d3031ff55d572bd544dd738a432cdec2
+  metadata.gz: 39b2014c7ff8dae7f9b7fc682e11ced8a440e6851f7a3a2f66e2650e8b003ace087bbd1dbf61e4edbf6a9c1187dc5f30d08120e07caa5d57d5bf35da5562af16
+  data.tar.gz: d8ba566df260622890b602b21dd41cf5a69e90da230532640ccc4d9d0dfc3805e298c73df92f84ffed31b823b340a28d482b7c6a5aeea1bb186f8bc4686d6278

data/CONTRIBUTING.md

@@ -81,7 +81,7 @@ Finally, submit the PR.  Navigate to ```https://github.com/<your-github-username
 
 ### Testing
 
-When your PR is submitted, it will be automatically subjected to the full run of tests in [Travis](https://travis-ci.org/rapid7/dap/), however you are encourage to perform testing _before_ submitting the PR.  To do this, simply run `rake tests`.
+When your PR is submitted, it will be automatically subjected to the full run of tests in [Travis](https://travis-ci.org/rapid7/dap/), however you are encourage to perform testing _before_ submitting the PR.  To do this, simply run `bundle exec rspec spec`.
 
 ## Landing PRs
 
@@ -138,3 +138,7 @@ When a new version of dap is to be released, you _must_ follow the instructions
 2. Edit [lib/dap/version.rb](https://github.com/rapid7/dap/blob/master/lib/dap/version.rb) and increment ```VERSION```.  Commit and push to rapid7/dap master.
 3. Run `rake release`.  Among other things, this creates the new gem, uploads it to Rubygems and tags the release with a tag like `v<VERSION>`, where `<VERSION>` is replaced with the version from `version.rb`.  For example, if you release version 1.2.3 of the gem, the tag will be `v1.2.3`.
 4. If your default remote repository is not `rapid7/dap`, you must ensure that the tags created in the previous step are also pushed to the right location(s).  For example, if `origin` is your fork of dap and `upstream` is `rapid7/master`, you should run `git push --tags --dry-run upstream` to confirm what tags will be pushed and then `git push --tags upstream` to push the tags.
+
+## Misc tips on building dap
+
+Ruby often comes prepackaged on linux/mac os systems. Although the README already mentions using rbenv, it useful to make sure your envoiroment is actually using the rbenv version of ruby, gem, & bundler before running any ruby commands such as gem, bundle, ruby or dap itself utilizing the which command.

data/README.md

@@ -10,6 +10,7 @@ DAP reads data using an input plugin, transforms it through a series of filters,
 DAP was written to process terabyte-sized public scan datasets, such as those provided by https://scans.io/. Although DAP isn't particularly fast, it can be used across multiple cores (and machines) by splitting the input source and wrapping the execution with GNU Parallel.
 
 
+
 ## Installation
 
 ### Prerequisites
@@ -25,7 +26,6 @@ DAP depends on [Maxmind's geoip database](http://dev.maxmind.com/geoip/legacy/do
 sudo mkdir -p /var/lib/geoip && cd /var/lib/geoip && sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz && sudo gunzip GeoLiteCity.dat.gz && sudo wget http://geolite.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz && sudo gunzip GeoIPASNum.dat.gz
 
 ```
-
 ### Ubuntu 16.04
 
 ```bash

data/lib/dap/filter.rb

@@ -10,3 +10,4 @@ require 'dap/filter/vulnmatch'
 require 'dap/filter/ssh_keyscan'
 require 'dap/filter/smbclient'
 require 'dap/filter/ldap'
+require 'dap/filter/gquic'

data/lib/dap/filter/gquic.rb

@@ -0,0 +1,40 @@
+module Dap
+   module Filter
+
+      #
+      # Decode a Google Quic VersionsRequest probe response
+      #
+      class FilterDecodeGquicVersionsResult
+        include BaseDecoder
+
+        #
+        # Decode an GQUIC ( Google Quic) versions probe response
+        #
+        # @param data [String] Binary string containing raw response from server
+        # @return [Hash] containing all GQUIC versions supported else nil
+        #
+        def decode(data)
+           return unless data
+           # need to skip 9 bytes and assume at least one valid version Q044
+           if data.length > 9 + 4 && (data.length - 9) % 4
+              versions = []
+              i = 9
+              step = 4
+              while i < data.length 
+                 version = data[i..i+4-1]
+                 # Versions start with the letter Q
+                 if data[i] == 'Q'
+                    versions.push(version)
+                 end
+                 i = i + step
+              end
+              if versions.length > 0
+                 # examples show versions in descending order, but in case its not reverse sort
+                 info = {'versions' => versions.sort.reverse}
+                 return info
+              end
+           end
+        end
+      end
+   end
+end

data/lib/dap/version.rb

@@ -1,3 +1,3 @@
 module Dap
-  VERSION = "0.1.22"
+  VERSION = "0.1.23"
 end

data/spec/dap/filter/gquic_filter_spec.rb

@@ -0,0 +1,37 @@
+require "base64"
+
+describe Dap::Filter::FilterDecodeGquicVersionsResult do
+  describe '.decode' do
+
+    let(:filter) { described_class.new(['data']) }
+
+    context 'testing gquic valid input' do
+      let(:decode) { filter.decode(Base64.decode64("DQAAAAECAwQFUTA0NFEwNDNRMDM5UTAzNQ=="))}
+      it 'returns an hash w/ versions as list of versions' do
+        expect(decode).to eq({"versions"=> ["Q044","Q043","Q039","Q035"]})
+      end
+    end
+
+    context 'testing valid string but not gquic versions' do
+      let(:decode) { filter.decode("H044R043E039L035") }
+      it 'returns nil' do
+        expect(decode).to eq(nil)
+      end
+    end
+
+    context 'testing gquic empty string input' do
+      let(:decode) { filter.decode("") }
+      it 'returns nil' do
+        expect(decode).to eq(nil)
+      end
+    end
+
+    context 'testing gquic nil input' do
+      let(:decode) { filter.decode(nil) }
+      it 'returns nil' do
+        expect(decode).to eq(nil)
+      end
+    end
+
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dap
 version: !ruby/object:Gem::Version
-  version: 0.1.22
+  version: 0.1.23
 platform: ruby
 authors:
 - Rapid7 Research
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-06 00:00:00.000000000 Z
+date: 2018-12-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -181,6 +181,7 @@ files:
 - lib/dap/filter.rb
 - lib/dap/filter/base.rb
 - lib/dap/filter/geoip.rb
+- lib/dap/filter/gquic.rb
 - lib/dap/filter/http.rb
 - lib/dap/filter/ldap.rb
 - lib/dap/filter/names.rb
@@ -220,6 +221,7 @@ files:
 - samples/ssl_certs_org.sh
 - samples/udp-netbios.csv.bz2
 - samples/udp-netbios.sh
+- spec/dap/filter/gquic_filter_spec.rb
 - spec/dap/filter/http_filter_spec.rb
 - spec/dap/filter/ldap_filter_spec.rb
 - spec/dap/filter/simple_filter_spec.rb
@@ -253,11 +255,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.6.11
 signing_key: 
 specification_version: 4
 summary: 'DAP: The Data Analysis Pipeline'
 test_files:
+- spec/dap/filter/gquic_filter_spec.rb
 - spec/dap/filter/http_filter_spec.rb
 - spec/dap/filter/ldap_filter_spec.rb
 - spec/dap/filter/simple_filter_spec.rb