RubyGems - ensnare - Versions diffs - 0.1beta - Mend

ensnare 0.1beta

Files changed (341) hide show

data/lib/ensnare/controllers/helpers.rb ADDED Viewed

@@ -0,0 +1,143 @@
+module Ensnare
+  module Controllers
+    module Helpers
+      module InstanceMethods
+        def ensnare
+          Rails.logger.debug("I am running!!")
+          violations = []
+          if(Ensnare.current_user_method)
+            user = method(Ensnare.current_user_method).call unless !respond_to?(Ensnare.current_user_method)
+            if(user && Ensnare.current_user_identifier)
+              user = user.send(Ensnare.current_user_identifier)
+            end
+          end
+          if(Ensnare.mode == :enforce || Ensnare.mode == :log)
+            Rails.logger.debug("Enabled traps: #{Ensnare.enabled_traps.inspect}")
+            Ensnare.enabled_traps.each do |t|
+              Rails.logger.debug("Trap: #{t.inspect}")
+              trap_type = t[:type]
+              trap_options = t[:options]
+              violations.concat(
+                ("Ensnare::Trap::" + trap_type.to_s.classify).constantize.new(controller_name, action_name, session, params, cookies, request, user, trap_options).run
+              )
+            end
+            if(Ensnare.mode == :enforce)
+              enforce_violations(violations)
+            end
+          end
+        end
+        def enforce_violations(new_violations)
+          if(new_violations.blank?)
+            Rails.logger.debug "There were NO new violations identified this request: " + new_violations.inspect
+          else
+            Rails.logger.debug "There WERE new violations identified this request: " + new_violations.inspect
+          end
+          violations=nil
+          conditions = {}
+          conditions[:ip_address] = request.remote_ip if [*Ensnare::trap_on].include?(:ip)
+          conditions[:session_id] = session["session_id"] if (session.try(:[],"session_id").present? && [*Ensnare::trap_on].include?(:session))
+          if(Ensnare.current_user_method)
+            user = method(Ensnare.current_user_method).call
+            if(user && Ensnare.current_user_identifier)
+              user = user.send(Ensnare.current_user_identifier)
+            end
+          end
+          conditions[:user_id] = user if (user && [*Ensnare::trap_on].include?(:user))
+          query = conditions.map{|k,v| "#{k} = ?"}.join(" OR ")
+          Rails.logger.debug query.to_s
+          violations = Ensnare::Violation.where(query, *conditions.map{|k,v| v.to_s})
+          .where("created_at > ?",Ensnare.global_timer != nil ? Time.now - Ensnare.global_timer.seconds : Time.now - 24.hours)
+          .order("created_at desc")
+          if(!violations.blank?)
+            violation_count = violations.sum(:weight)
+            last_violation_time = violations.first.created_at
+            Rails.logger.debug("*** Violations identified (#{violation_count})")
+            threshold = Ensnare.thresholds.find_all{|x| x[:trap_count] <= violation_count}.max_by{|x| x[:trap_count] }
+            if(threshold && Time.now - last_violation_time <= threshold[:timer])
+              Rails.logger.debug("*** Violations found on threshold: " + threshold.to_s)
+              process_violation(threshold, new_violations)
+            end
+          else
+            Rails.logger.debug("*** No violations found")
+          end
+        end
+        private
+        def process_violation(threshold, new_violations)
+          persistent_responses = threshold[:traps].find_all{|x| x[:persist] == true}
+          random_response = threshold[:traps].find{ |x| (x[:persist] != true && x[:weight] >= Random.rand)}
+          persistent_responses.each do |r|
+            trap_response=nil
+            Rails.logger.debug "Going to run persistent trap: #{r[:trap]}"
+            begin
+              trap_response = ("Ensnare::Response::" + r[:trap].to_s.classify).constantize.new(self, session, new_violations, flash, r)
+            rescue
+              Rails.logger.error "Could not find persistent response type: #{r[:trap]}"
+              trap_response = nil
+            end
+            if(trap_response)
+              Rails.logger.debug("Running...")
+              if(trap_response.run == true)
+                Rails.logger.debug("A response has rendered. Returning...")
+                return
+              end
+            end
+          end
+          trap_response=nil
+          if(random_response)
+            Rails.logger.debug "Going to run trap: #{random_response[:trap]}"
+            begin
+              trap_response = ("Ensnare::Response::" + random_response[:trap].to_s.classify).constantize.new(self, session, new_violations, flash, random_response)
+            rescue
+              Rails.logger.error "Could not find response type: #{random_response[:trap]}"
+              trap_response = nil
+            end
+            if(trap_response)
+              Rails.logger.debug("Running...")
+              if(trap_response.run == true)
+                Rails.logger.debug("A response has rendered. Returning...")
+                return
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ensnare/engine.rb ADDED Viewed

@@ -0,0 +1,30 @@
+#require 'ensnare'
+require 'ensnare/controllers/helpers'
+require 'ensnare/form_tag_helper.rb'
+require 'rails'
+require "twitter-bootstrap-rails"
+#require "recaptcha/rails"
+require "ensnare/responses/response"
+require "ensnare/traps/trap"
+module Ensnare
+  class Engine < ::Rails::Engine
+    isolate_namespace Ensnare
+    config.to_prepare do
+      Dir[Rails.root + "lib/ensnare/responses/*.rb"].each {|file| require file }
+      Dir[Rails.root + "lib/ensnare/traps/*.rb"].each {|file| require file }
+      Dir[File.dirname(__FILE__)+ "/responses/*.rb"].each {|file| require file }
+      Dir[File.dirname(__FILE__)+ "/traps/*.rb"].each {|file| require file }
+    end
+    initializer 'ensnare.app_controller' do |app|
+      ActiveSupport.on_load(:action_controller) do
+        #extend Ensnare::Controllers::Helpers::ClassMethods
+        include Ensnare::Controllers::Helpers::InstanceMethods
+      end
+    end
+  end
+end

data/lib/ensnare/form_tag_helper.rb ADDED Viewed

@@ -0,0 +1,116 @@
+module ActionView
+  module Helpers
+    module FormHelper
+      #Overload form_for to pass in the object name as part of the options hash
+      def form_for_with_trap(record, options = {}, &block)
+        options[:html] ||= {}
+        case record
+        when String, Symbol
+          options[:html][:object_name]  = record
+        else
+          object = record.is_a?(Array) ? record.last : record
+          options[:html][:object_name]  = options[:as] || ActiveModel::Naming.param_key(object)
+        end
+        form_for_without_trap(record, options, &block)
+      end
+      alias_method_chain :form_for, :trap
+    end
+    module FormTagHelper
+      #Overload form_tag to insert a hidden parameter called "admin" with a value of false
+      #Assuming a real "admin" attribute is not accessible, this will throw a mass assignment
+      #error when submitted
+      def form_tag_with_trap(url_for_options = {}, options = {}, *parameters_for_url, &block)
+        object_name = options.delete(:object_name)
+        honeypot = options.delete(:honeypot)
+        html = form_tag_without_trap(url_for_options, options, *parameters_for_url, &block)
+        if(Ensnare.mode == :enforce || Ensnare.mode == :log)
+          #puts "url_for_options: " + url_for_options.inspect
+          #puts "options: " + options.inspect
+          #puts "paramaters_for_url: " + parameters_for_url.inspect
+          object_name ||= controller_name.tableize.singularize.to_s
+          session[:ensnare] ||= {}
+          session[:ensnare][:params] ||= {}
+            # :admin => this sets a cookie named admin with a boolean value set to false
+            # :debug => this sets a cookie named debug with a boolean value set to false
+            # :random => this cookie generates a random N character cookie with a random encrypted value
+            # :uid => this sets a series of parameters that look like UIDs and GIDs
+          if(trap = Ensnare.enabled_traps.find{|trap| trap[:type] == :parameter})
+            predefined_parameters = trap.try(:[],:options).try(:[],:predefined_parameters) || []
+            predefined_parameters.each do |p|
+               k = v = nil
+              case p
+              when :admin
+                k="admin"
+                v="false"
+              when :debug
+                k="debug"
+                v="false"
+              when :random
+                k="random"
+                v= session[:ensnare][:params][k.to_s] || SecureRandom.hex
+              when :gid
+                k="gid"
+                v= session[:ensnare][:params][k.to_s] || Random.rand(100000)
+              when :uid
+                k="uid"
+                v= session[:ensnare][:params][k.to_s] || Random.rand(100000)
+              end
+              if( !k.nil? && !p.nil? )
+                session[:ensnare][:params][k.to_s] = v.to_s
+                trap_parameter = text_field_tag(object_name.to_s+"[#{k.to_s}]", v.to_s, options.except(:class).stringify_keys.merge({:id=>object_name.to_s+"_#{k.to_s}"}).update("type" => "hidden"))
+                if block_given?
+                  html.insert(html.index('>')+1, trap_parameter)
+                  #html.insert(html.index('</form>'), trap_parameter)
+                else
+                  html = trap_parameter+html
+                end
+              end
+            end
+            parameter_names = trap.try(:[],:options).try(:[],:parameter_names) || {}
+            parameter_names.each do |k,v|
+              if(v.class == Method)
+                v = session[:ensnare][:params][k.to_s] || v.call
+              end
+              session[:ensnare][:params][k.to_s] = v
+              trap_parameter = text_field_tag(object_name.to_s+"[#{k.to_s}]", v.to_s, options.except(:class).stringify_keys.merge({:id=>object_name.to_s+"_#{k.to_s}"}).update("type" => "hidden"))
+              if block_given?
+                html.insert(html.index('>')+1, trap_parameter)
+                #html.insert(html.index('</form>'), trap_parameter)
+              else
+                html = trap_parameter+html
+              end
+            end
+          end
+        end
+        #end
+        html
+      end
+      alias_method_chain :form_tag, :trap
+    private
+    end
+  end
+end

data/lib/ensnare/responses/block.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class Ensnare::Response::Block < Ensnare::Response::Response
+    def run
+        @controller.render 'ensnare/violations/show'
+        return true
+    end
+end

data/lib/ensnare/responses/captcha.rb ADDED Viewed

@@ -0,0 +1,20 @@
+class Ensnare::Response::Captcha < Ensnare::Response::Response
+    def run
+        @session[:ensnare] ||={}
+        if(!@violations.blank?)
+            @session[:ensnare].delete(:captcha_solved)
+        end
+        if(@session[:ensnare].try(:[],:captcha_solved) != true)
+            @controller.redirect_to Ensnare::Engine.routes.url_helpers.captcha_path
+            return true
+        end
+        return false
+    end
+end

data/lib/ensnare/responses/flash_error.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class Ensnare::Response::FlashError < Ensnare::Response::Response
+    def run
+        if(!@violations.blank?)
+            @flash[:error] = @options[:content] || "We have noticed malicious activity from your IP Address/session. Please do not be evil."
+        end
+        return false
+    end
+end

data/lib/ensnare/responses/none.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class Ensnare::Response::None < Ensnare::Response::Response
+    def run
+        #render 'ensnare/violations/show'
+        #return
+        return false
+    end
+end

data/lib/ensnare/responses/not_found.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class Ensnare::Response::NotFound < Ensnare::Response::Response
+    def run
+        raise ActionController::RoutingError.new('Not Found')
+        return true
+    end
+end

data/lib/ensnare/responses/random_content.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class Ensnare::Response::RandomContent < Ensnare::Response::Response
+    def run
+        o = [('a'..'z'), ('A'..'Z')].map { |i| i.to_a }.flatten
+        string = (0...Random.rand(50000)).map{ o[rand(o.length)] }.join
+        @controller.render :text=>string, :layout=>true
+        return true
+    end
+end

data/lib/ensnare/responses/redirect.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class Ensnare::Response::Redirect < Ensnare::Response::Response
+    def run
+        @controller.redirect_to  @options[:url]
+        return true
+    end
+end

data/lib/ensnare/responses/redirect_loop.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class Ensnare::Response::RedirectLoop < Ensnare::Response::Response
+    def run
+        @options[:parameter] ||= "id"
+        @controller.redirect_to Ensnare::Engine.routes.url_helpers.redir_path @options[:parameter].to_sym=>Random.rand(1000000)
+        return true
+    end
+end

data/lib/ensnare/responses/response.rb ADDED Viewed

@@ -0,0 +1,19 @@
+module Ensnare
+    module Response
+        class Response
+            def initialize(controller, session, violations, flash, options={})
+                @controller = controller
+                @options = options
+                @violations = violations
+                @session = session
+                @flash = flash
+            end
+            def run
+            end
+        end
+    end
+end

data/lib/ensnare/responses/server_error.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class Ensnare::Response::ServerError < Ensnare::Response::Response
+    def run
+        @controller.render(:file => File.join(Rails.root, 'public/500.html'), :status => 500, :layout => false)
+        return true
+    end
+end

data/lib/ensnare/responses/throttle.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class Ensnare::Response::Throttle < Ensnare::Response::Response
+    def run
+        sleep(@options[:min_delay] + ((@options[:max_delay] == @options[:min_delay]) ? 0 : Random.rand(@options[:max_delay] - @options[:min_delay])))
+        return false
+    end
+end

data/lib/ensnare/traps/cookie.rb ADDED Viewed

@@ -0,0 +1,98 @@
+class Ensnare::Trap::Cookie < Ensnare::Trap::Trap
+    def initialize(controller_name, action_name, session, parameters, cookies, request, user_id, options={})
+        super(controller_name, action_name, session, parameters, cookies, request, user_id, options)
+        @violation_type = "Cookie"
+    end
+    def run
+        violations = []
+        cookie_hash = @session.try(:[],:ensnare).try(:[],:cookies) || {}
+        cookie_hash.each do |k,v|
+            if(@cookies[k.to_s] != v.to_s)
+                Rails.logger.debug("Trap Triggered. REASON: Cookie violation detected. IP:" + @request.remote_ip.to_s)
+                violations <<  log_violation(k.to_s, v.to_s, @cookies[k.to_s].to_s)
+            end
+        end
+        setup_cookies
+        violations
+    end
+    private
+    def setup_cookies
+        Rails.logger.debug("Setting up cookies")
+        @session[:ensnare] ||= {}
+        @session[:ensnare][:cookies] ||= {}
+        if(@options[:cookie_names].class == Hash)
+            @options[:cookie_names].each do |k,v|
+                @cookies[k.to_s] = v.to_s
+                @session[:ensnare][:cookies][k.to_s] = v.to_s
+            end
+        end
+        if(@options[:predefined_cookies].class == Array)
+            @options[:predefined_cookies].each do |c|
+                case c
+                when :admin
+                    cookies = {"admin" => "false"}
+                when :debug
+                    cookies = {"debug" => "false"}
+                when :random
+                    #This is set to a pre-set "random" string for now. Would be nice to have this generated on the fly
+                    k= 'vnenSdjfxLgjFDSra'
+                    v= @session[:ensnare][:cookies][k.to_s] || SecureRandom.urlsafe_base64(40)
+                    cookies = {k => v}
+                when :google
+                    cookies = {
+                        "__utma" => (0...7).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
+                            (0...9).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
+                            (0...10).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
+                            (0...10).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
+                            (0...2).map{ ('0'..'9').to_a[rand(10)] }.join ,
+                        "__utmb" => (0...8).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
+                            (0...1).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
+                            (0...2).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
+                            (0...10).map{ ('0'..'9').to_a[rand(10)] }.join ,
+                        "__utmc" => (0...7).map{ ('0'..'9').to_a[rand(8)] }.join ,
+                        "__utmv" => (0...8).map{ ('0'..'9').to_a[rand(10)] }.join + ".lang%3A%20en" ,
+                        "__utmz" =>  (0...8).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
+                            (0...10).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
+                            (0...1).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
+                            (0...1).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
+                            "utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)"
+                    }
+                when :uid
+                    k="uid"
+                    v= @session[:ensnare][:cookies][k.to_s] || SecureRandom.urlsafe_base64(25)
+                    cookies =  {k => v}
+                when :gid
+                    k="gid"
+                    v= @session[:ensnare][:cookies][k.to_s] || SecureRandom.urlsafe_base64(25)
+                    cookies =  {k => v}
+                end
+                cookies.each do |key,value|
+                    @cookies[key.to_s] = value.to_s
+                    @session[:ensnare][:cookies][key.to_s] = value.to_s
+                end
+            end
+        end
+    end
+end