detrusion 0.1.0

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/Gemfile

@@ -0,0 +1,13 @@
+source "http://rubygems.org"
+# Add dependencies required to use your gem here.
+# Example:
+#   gem "activesupport", ">= 2.3.5"
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem "shoulda", ">= 0"
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.6.2"
+  gem "rcov", ">= 0"
+end

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2011 netsense GmbH, Switzerland
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,10 @@
+= detrusion
+
+Detrusion automatically detects XSS and JavaScript Injection attempts and blocks the attacker's IP address.
+It works together with the management interface on http://detrusion.com/
+
+
+== Copyright
+
+(c) 2011 netsense llc
+

data/Rakefile

@@ -0,0 +1,53 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "detrusion"
+  gem.homepage = "http://github.com/symontech/detrusion"
+  gem.license = "MIT"
+  gem.summary = "web application firewall for rails applications"
+  gem.description = "detrusion detects and prevents attacks on your web applications and blocks malicious users"
+  gem.email = "info@detrusion.com"
+  gem.authors = ["Simon Wepfer"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+require 'rcov/rcovtask'
+Rcov::RcovTask.new do |test|
+  test.libs << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+  test.rcov_opts << '--exclude "gems/*"'
+end
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "detrusion #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/lib/detrusion.rb

@@ -0,0 +1,138 @@
+require 'net/http'
+require 'net/https'
+
+module Detrusion
+
+  @@detrusion_config = {
+    :white_list => [],
+    :black_list => [],
+    :patterns => [],
+    :synced => false,
+    :last_sync => nil,
+    :sync_interval => 5.minutes,
+    :block_score => 10,
+    :redirect => '/blocked.html'
+  }
+   
+  # called from the before_filter of the application controller
+  def detrusion_check
+    return true unless defined?(DETRUSION_CONFIG)
+    
+    if @@detrusion_config[:last_sync] == nil or @@detrusion_config[:last_sync] + @@detrusion_config[:sync_interval] < Time.now
+      @@detrusion_config[:synced] = false
+    end
+         
+    # sync if required
+    detrusion_sync unless @@detrusion_config[:synced]
+    
+    # analyze and redirect if necessary
+    redirect_to @@detrusion_config[:redirect] and return if detrusion_analyze
+    
+  rescue
+    return true
+  end
+  
+  
+  def detrusion_analyze
+    ip = request.remote_addr
+    
+    # check whitelist
+    return false if @@detrusion_config[:white_list].include?(ip)
+    
+    # check blacklist
+    is_blocked = false
+    if @@detrusion_config[:black_list]
+      @@detrusion_config[:black_list].each do |blacklisted|
+        if blacklisted[:ip] == ip
+          is_blocked = blacklisted[:score] >= @@detrusion_config[:block_score]
+          break
+        end
+        
+      end
+      
+    end
+    return true if is_blocked
+    
+    detrusion_report if detrusion_recursive_check(params)
+    return is_blocked
+  end
+  
+  def detrusion_recursive_check(value)
+    if value.class == ActiveSupport::HashWithIndifferentAccess
+      value.each_value do |subvalue|
+        return true if detrusion_recursive_check(subvalue)
+      end
+    else
+      @@detrusion_config[:patterns].each do |pattern|
+        return true if pattern.match(value)
+      end  
+    end
+    return false
+  end
+  
+  def detrusion_get_https
+    # set defaults
+    host = DETRUSION_CONFIG[:host] ? DETRUSION_CONFIG[:host] : 'detrusion.com'
+    port = DETRUSION_CONFIG[:port] ? DETRUSION_CONFIG[:port] : 443
+    ssl  = DETRUSION_CONFIG[:ssl] != nil ? DETRUSION_CONFIG[:ssl] : true
+    
+    https = Net::HTTP.new(host, port)
+    https.use_ssl = ssl
+    https.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    return https
+  end
+  
+  def detrusion_report
+    https = detrusion_get_https
+    success = false
+
+    #response = nil
+    https.start { |connection|
+        req = Net::HTTP::Post.new('/api/report')
+      	req.set_form_data({
+      			'email' => DETRUSION_CONFIG[:user],
+      			'api' => DETRUSION_CONFIG[:api],
+      			'ip' => request.remote_addr,
+      			'url' => request.url
+        })
+      	resp, dat = connection.request(req)	   
+      	success = resp.body == 'OK'
+      	@@detrusion_config[:synced] = false if success # force resync
+      }
+    return success
+  end
+  
+  
+  def detrusion_sync
+    https = detrusion_get_https
+
+    response = nil
+    https.start { |connection|
+      req = Net::HTTP::Post.new('/api/sync')
+    	req.set_form_data({
+    			'email' => DETRUSION_CONFIG[:user],
+    			'api' => DETRUSION_CONFIG[:api],
+    			'url' => request.url
+      })
+    	resp, dat = connection.request(req)	   
+    	response = YAML::load(resp.body)    
+    }
+    
+    #puts response.to_yaml
+
+    # save results in memory
+    @@detrusion_config[:white_list] = response[:whitelist]
+    @@detrusion_config[:black_list] = response[:blacklist]
+    @@detrusion_config[:sync_interval] = response[:sync_interval]
+    @@detrusion_config[:block_score] = response[:block_score]
+    @@detrusion_config[:redirect] = response[:redirect]
+    @@detrusion_config[:patterns] = response[:patterns]
+    
+    @@detrusion_config[:synced] = true
+    @@detrusion_config[:last_sync] = Time.now
+    return true
+  rescue
+    return false
+  end
+  
+end

data/test/helper.rb

@@ -0,0 +1,18 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+require 'shoulda'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'detrusion'
+
+class Test::Unit::TestCase
+end

data/test/test_detrusion.rb

@@ -0,0 +1,7 @@
+require 'helper'
+
+class TestDetrusion < Test::Unit::TestCase
+  should "probably rename this file and start testing for real" do
+    flunk "hey buddy, you should probably rename this file and start testing for real"
+  end
+end

metadata

@@ -0,0 +1,111 @@
+--- !ruby/object:Gem::Specification 
+name: detrusion
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.1.0
+platform: ruby
+authors: 
+- Simon Wepfer
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-07-01 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: shoulda
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: jeweler
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.6.2
+  type: :development
+  prerelease: false
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: rcov
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id004
+description: detrusion detects and prevents attacks on your web applications and blocks malicious users
+email: info@detrusion.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE.txt
+- README.rdoc
+files: 
+- .document
+- Gemfile
+- LICENSE.txt
+- README.rdoc
+- Rakefile
+- VERSION
+- lib/detrusion.rb
+- test/helper.rb
+- test/test_detrusion.rb
+has_rdoc: true
+homepage: http://github.com/symontech/detrusion
+licenses: 
+- MIT
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 4603383419822872077
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.5.0
+signing_key: 
+specification_version: 3
+summary: web application firewall for rails applications
+test_files: []
+