ensnare 0.1beta
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE +10 -0
- data/README.md +77 -0
- data/Rakefile +40 -0
- data/app/assets/javascripts/application.js +10 -0
- data/app/assets/javascripts/ensnare/ZeroClipboard.js +474 -0
- data/app/assets/javascripts/ensnare/ZeroClipboard.min.js +9 -0
- data/app/assets/javascripts/ensnare/ZeroClipboard.swf +0 -0
- data/app/assets/javascripts/ensnare/application.js +20 -0
- data/app/assets/javascripts/ensnare/bootstrap-switch.js +382 -0
- data/app/assets/javascripts/ensnare/bootstrap_and_overrides.js +4 -0
- data/app/assets/javascripts/ensnare/clippy.js +18 -0
- data/app/assets/javascripts/ensnare/config_switch.js +19 -0
- data/app/assets/javascripts/ensnare/on_handler.js +9 -0
- data/app/assets/stylesheets/application.css +7 -0
- data/app/assets/stylesheets/bootstrap_and_overrides.css.less +30 -0
- data/app/assets/stylesheets/ensnare/application.css +13 -0
- data/app/assets/stylesheets/ensnare/bootstrap-switch.css +408 -0
- data/app/assets/stylesheets/ensnare/bootstrap_and_overrides.css +7 -0
- data/app/assets/stylesheets/ensnare/dashboard.css +4 -0
- data/app/assets/stylesheets/ensnare/toggle-switch.css +310 -0
- data/app/assets/stylesheets/ensnare/violation.css +4 -0
- data/app/controllers/ensnare/application_controller.rb +22 -0
- data/app/controllers/ensnare/configuration_controller.rb +15 -0
- data/app/controllers/ensnare/dashboard_controller.rb +32 -0
- data/app/controllers/ensnare/violations_controller.rb +36 -0
- data/app/helpers/ensnare/application_helper.rb +4 -0
- data/app/helpers/ensnare/dashboard_helper.rb +6 -0
- data/app/helpers/ensnare/violation_helper.rb +4 -0
- data/app/models/ensnare/violation.rb +6 -0
- data/app/views/ensnare/dashboard/configs.html.erb +1191 -0
- data/app/views/ensnare/dashboard/edit.html.erb +2 -0
- data/app/views/ensnare/dashboard/metrics.html.erb +38 -0
- data/app/views/ensnare/dashboard/metrics/_table.html.erb +17 -0
- data/app/views/ensnare/dashboard/mode.html.erb +75 -0
- data/app/views/ensnare/dashboard/violations.html.erb +32 -0
- data/app/views/ensnare/violations/captcha.html.erb +11 -0
- data/app/views/ensnare/violations/redirect.html.erb +2 -0
- data/app/views/ensnare/violations/show.html.erb +2 -0
- data/app/views/layouts/ensnare/application.html.erb +77 -0
- data/app/views/layouts/ensnare/captcha.html.erb +51 -0
- data/config/locales/en.bootstrap.yml +18 -0
- data/config/routes.rb +14 -0
- data/db/migrate/20131007205246_create_ensnare_violations.rb +10 -0
- data/db/migrate/20131007210137_rename_violation_type_field.rb +6 -0
- data/db/migrate/20131029010445_add_fields_to_violation.rb +8 -0
- data/db/migrate/20131031001835_add_name_to_ensnare_violation.rb +5 -0
- data/db/migrate/20131121163305_add_weight_to_violations.rb +5 -0
- data/lib/ensnare.rb +306 -0
- data/lib/ensnare/controllers/helpers.rb +143 -0
- data/lib/ensnare/engine.rb +30 -0
- data/lib/ensnare/form_tag_helper.rb +116 -0
- data/lib/ensnare/responses/block.rb +8 -0
- data/lib/ensnare/responses/captcha.rb +20 -0
- data/lib/ensnare/responses/flash_error.rb +11 -0
- data/lib/ensnare/responses/none.rb +10 -0
- data/lib/ensnare/responses/not_found.rb +9 -0
- data/lib/ensnare/responses/random_content.rb +11 -0
- data/lib/ensnare/responses/redirect.rb +8 -0
- data/lib/ensnare/responses/redirect_loop.rb +10 -0
- data/lib/ensnare/responses/response.rb +19 -0
- data/lib/ensnare/responses/server_error.rb +8 -0
- data/lib/ensnare/responses/throttle.rb +8 -0
- data/lib/ensnare/traps/cookie.rb +98 -0
- data/lib/ensnare/traps/parameter.rb +88 -0
- data/lib/ensnare/traps/reg_ex.rb +26 -0
- data/lib/ensnare/traps/routing_error.rb +25 -0
- data/lib/ensnare/traps/trap.rb +36 -0
- data/lib/ensnare/version.rb +3 -0
- data/lib/generators/ensnare/install_generator.rb +12 -0
- data/lib/generators/templates/ensnare.rb +44 -0
- data/lib/tasks/ensnare_tasks.rb +4 -0
- data/test/dummy/Gemfile +46 -0
- data/test/dummy/Gemfile.lock +149 -0
- data/test/dummy/README.rdoc +261 -0
- data/test/dummy/Rakefile +7 -0
- data/test/dummy/app/assets/images/rails.png +0 -0
- data/test/dummy/app/assets/javascripts/application.js +16 -0
- data/test/dummy/app/assets/javascripts/bootstrap.js +4 -0
- data/test/dummy/app/assets/javascripts/bootstrap.js.coffee +3 -0
- data/test/dummy/app/assets/javascripts/widgets.js.coffee +3 -0
- data/test/dummy/app/assets/stylesheets/application.css +13 -0
- data/test/dummy/app/assets/stylesheets/bootstrap_and_overrides.css +7 -0
- data/test/dummy/app/assets/stylesheets/scaffolds.css.scss +69 -0
- data/test/dummy/app/assets/stylesheets/widgets.css.scss +3 -0
- data/test/dummy/app/controllers/application_controller.rb +12 -0
- data/test/dummy/app/controllers/widgets_controller.rb +94 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/helpers/widgets_helper.rb +2 -0
- data/test/dummy/app/models/user.rb +15 -0
- data/test/dummy/app/models/widget.rb +4 -0
- data/test/dummy/app/views/layouts/application.html.erb +108 -0
- data/test/dummy/app/views/widgets/_form.html.erb +25 -0
- data/test/dummy/app/views/widgets/edit.html.erb +6 -0
- data/test/dummy/app/views/widgets/index.html.erb +25 -0
- data/test/dummy/app/views/widgets/new.html.erb +5 -0
- data/test/dummy/app/views/widgets/show.html.erb +15 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/config/application.rb +65 -0
- data/test/dummy/config/boot.rb +6 -0
- data/test/dummy/config/database.yml +25 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +41 -0
- data/test/dummy/config/environments/production.rb +67 -0
- data/test/dummy/config/environments/test.rb +37 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/captcha.rb +5 -0
- data/test/dummy/config/initializers/devise.rb +258 -0
- data/test/dummy/config/initializers/ensnare.rb +272 -0
- data/test/dummy/config/initializers/ensnare.sample +323 -0
- data/test/dummy/config/initializers/examples.example +323 -0
- data/test/dummy/config/initializers/inflections.rb +15 -0
- data/test/dummy/config/initializers/mime_types.rb +5 -0
- data/test/dummy/config/initializers/quiet_assets.rb +13 -0
- data/test/dummy/config/initializers/secret_token.rb +7 -0
- data/test/dummy/config/initializers/session_store.rb +8 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/devise.en.yml +60 -0
- data/test/dummy/config/locales/en.bootstrap.yml +18 -0
- data/test/dummy/config/locales/en.yml +5 -0
- data/test/dummy/config/routes.rb +68 -0
- data/test/dummy/db/development.sqlite3 +0 -0
- data/test/dummy/db/migrate/20131007193540_create_widgets.rb +10 -0
- data/test/dummy/db/migrate/20131031153254_devise_create_users.rb +42 -0
- data/test/dummy/db/migrate/20140405051634_create_ensnare_violations.ensnare.rb +11 -0
- data/test/dummy/db/migrate/20140405051635_rename_violation_type_field.ensnare.rb +7 -0
- data/test/dummy/db/migrate/20140405051636_add_fields_to_violation.ensnare.rb +9 -0
- data/test/dummy/db/migrate/20140405051637_add_name_to_ensnare_violation.ensnare.rb +6 -0
- data/test/dummy/db/migrate/20140405051638_add_weight_to_violations.ensnare.rb +6 -0
- data/test/dummy/db/schema.rb +54 -0
- data/test/dummy/db/seeds.rb +7 -0
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/doc/README_FOR_APP +2 -0
- data/test/dummy/lib/ensnare/responses/custom.rb_sample +11 -0
- data/test/dummy/lib/ensnare/traps/custom.rb_sample +26 -0
- data/test/dummy/log/development.log +92903 -0
- data/test/dummy/log/production.log +158 -0
- data/test/dummy/public/404.html +26 -0
- data/test/dummy/public/422.html +26 -0
- data/test/dummy/public/500.html +25 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/dummy/public/robots.txt +5 -0
- data/test/dummy/script/rails +6 -0
- data/test/dummy/test/fixtures/users.yml +11 -0
- data/test/dummy/test/fixtures/widgets.yml +9 -0
- data/test/dummy/test/functional/widgets_controller_test.rb +49 -0
- data/test/dummy/test/performance/browsing_test.rb +12 -0
- data/test/dummy/test/test_helper.rb +13 -0
- data/test/dummy/test/unit/helpers/widgets_helper_test.rb +4 -0
- data/test/dummy/test/unit/user_test.rb +7 -0
- data/test/dummy/test/unit/widget_test.rb +7 -0
- data/test/dummy/tmp/cache/assets/C10/FA0/sprockets%2F269fa26485a91206814a45af06210315 +0 -0
- data/test/dummy/tmp/cache/assets/C23/310/sprockets%2Fc79437284218b38e613366d14284ac07 +0 -0
- data/test/dummy/tmp/cache/assets/C40/710/sprockets%2F545779172fbf9cf79082774a07841659 +0 -0
- data/test/dummy/tmp/cache/assets/C48/0D0/sprockets%2F75b535a43e06025546821f95d011d85b +0 -0
- data/test/dummy/tmp/cache/assets/C4E/110/sprockets%2Fb806449c86337e3e06070c462280e90b +0 -0
- data/test/dummy/tmp/cache/assets/C57/BD0/sprockets%2Facd987410b744152d157762609194e8c +0 -0
- data/test/dummy/tmp/cache/assets/C5D/9E0/sprockets%2F0d79b66115628050357f99d36aa4876d +0 -0
- data/test/dummy/tmp/cache/assets/C80/840/sprockets%2F562c2d168da585f80579347d10790a0a +0 -0
- data/test/dummy/tmp/cache/assets/C84/DD0/sprockets%2F3e508585142de6585818df6a2290bf11 +0 -0
- data/test/dummy/tmp/cache/assets/C85/E00/sprockets%2Fcbe2d565923657893e41f9160d30e540 +0 -0
- data/test/dummy/tmp/cache/assets/C88/BC0/sprockets%2F341dd4748a8a73570a59264e9f9540b2 +0 -0
- data/test/dummy/tmp/cache/assets/C8D/F80/sprockets%2F81e191073a2f74b9eca460537339789f +0 -0
- data/test/dummy/tmp/cache/assets/C98/B10/sprockets%2F94976d41a9fc1279e0cd996c78087410 +0 -0
- data/test/dummy/tmp/cache/assets/C9F/190/sprockets%2Fb8f3f499dc494543381d55292e346e99 +0 -0
- data/test/dummy/tmp/cache/assets/CA4/1A0/sprockets%2F629131c0f22f0d55ed1725737a343bd7 +0 -0
- data/test/dummy/tmp/cache/assets/CAD/EB0/sprockets%2F481955f78ac093b746e0512b4a9c1b24 +0 -0
- data/test/dummy/tmp/cache/assets/CB0/8D0/sprockets%2Fba6342b6172d4ee18e951f667e237313 +0 -0
- data/test/dummy/tmp/cache/assets/CB4/DC0/sprockets%2F48af5bbf36e6f2720f4144f928129612 +0 -0
- data/test/dummy/tmp/cache/assets/CB7/5B0/sprockets%2F67a1cdb0edc3998371d944050583e358 +0 -0
- data/test/dummy/tmp/cache/assets/CB8/F00/sprockets%2F089f52a057d7a14247c7f93e8b59143b +0 -0
- data/test/dummy/tmp/cache/assets/CBD/0E0/sprockets%2F662f42b5efa6584377436f1d94318cd4 +0 -0
- data/test/dummy/tmp/cache/assets/CBF/4D0/sprockets%2F1462d4ee75c877880447a02b2f58e6b9 +0 -0
- data/test/dummy/tmp/cache/assets/CC3/220/sprockets%2F218c30380a6f2bae6b7402068da50f01 +0 -0
- data/test/dummy/tmp/cache/assets/CC7/200/sprockets%2F5366d8fff996ca22271713d1ca987379 +0 -0
- data/test/dummy/tmp/cache/assets/CCE/810/sprockets%2F90453c5b48e1f0a4f1a6836135c1c4b1 +0 -0
- data/test/dummy/tmp/cache/assets/CD4/E90/sprockets%2F5464e430cbb52421e1f9c23947fe31c1 +0 -0
- data/test/dummy/tmp/cache/assets/CD5/2C0/sprockets%2F166c056119ebdfb8b7104c97b424b423 +0 -0
- data/test/dummy/tmp/cache/assets/CD7/6F0/sprockets%2Fbd3936370d0f952ada5774e2230046ed +0 -0
- data/test/dummy/tmp/cache/assets/CD7/C90/sprockets%2F5382f60c349e1511eefc83803fa450c1 +0 -0
- data/test/dummy/tmp/cache/assets/CD8/370/sprockets%2F357970feca3ac29060c1e3861e2c0953 +0 -0
- data/test/dummy/tmp/cache/assets/CDC/5C0/sprockets%2F9767868b3b77f9164f290797f1d8fe5c +0 -0
- data/test/dummy/tmp/cache/assets/CDE/570/sprockets%2F0e30065c6148a1ef8d5e42439e148f4d +0 -0
- data/test/dummy/tmp/cache/assets/CE0/CC0/sprockets%2F2b38c3fb549036de5c4666637a0c80c6 +0 -0
- data/test/dummy/tmp/cache/assets/CE0/F80/sprockets%2F487624acd392c0310f0c7434e88d48bf +0 -0
- data/test/dummy/tmp/cache/assets/CE4/570/sprockets%2F306a61edb38d739bb2f81b448b376818 +0 -0
- data/test/dummy/tmp/cache/assets/CE5/C70/sprockets%2F681ae890ae2f44aee1099119d04a7938 +0 -0
- data/test/dummy/tmp/cache/assets/CE5/CE0/sprockets%2F9d186abc5f6a106511502d60d98ff939 +0 -0
- data/test/dummy/tmp/cache/assets/CE6/B90/sprockets%2F5997a940521ec92b2ea92eb63c49a562 +0 -0
- data/test/dummy/tmp/cache/assets/CE6/DE0/sprockets%2F9889a2fbf25b223583561299dfca004e +0 -0
- data/test/dummy/tmp/cache/assets/CE7/6F0/sprockets%2F6ac42c22840f7d853b6184b6f94a65c8 +0 -0
- data/test/dummy/tmp/cache/assets/CE7/E70/sprockets%2F704fcbd6f72c99767550538053a0bc7d +0 -0
- data/test/dummy/tmp/cache/assets/CE8/6E0/sprockets%2F51f80f23e41678e790edd8710c6d75c0 +0 -0
- data/test/dummy/tmp/cache/assets/CE9/510/sprockets%2F0c8887733a9e311fd348f21029d6bef6 +0 -0
- data/test/dummy/tmp/cache/assets/CEA/BA0/sprockets%2F98e291b46a924814292e2daf17ad8c84 +0 -0
- data/test/dummy/tmp/cache/assets/CF4/140/sprockets%2F22a3157d204c1f8e417a25f01a2dbe45 +0 -0
- data/test/dummy/tmp/cache/assets/CF6/EE0/sprockets%2F9e92e631fb88a8e23180da66c77859f0 +0 -0
- data/test/dummy/tmp/cache/assets/CF7/8B0/sprockets%2F0f091833381aa52e100fb74924fdc1aa +0 -0
- data/test/dummy/tmp/cache/assets/CF9/AF0/sprockets%2Fe6cf7ff483a7c68902418a2f4b374889 +0 -0
- data/test/dummy/tmp/cache/assets/CFF/C60/sprockets%2F0889d12d44383c7e7a859966f686badf +0 -0
- data/test/dummy/tmp/cache/assets/D04/D90/sprockets%2F617b1ad4f3ced27a38b689309c3240a2 +0 -0
- data/test/dummy/tmp/cache/assets/D06/D60/sprockets%2Fa09118ec6cd7033eb762b64a1ae58274 +0 -0
- data/test/dummy/tmp/cache/assets/D07/8B0/sprockets%2Ff123328eedad10b6f547eba992560504 +0 -0
- data/test/dummy/tmp/cache/assets/D09/740/sprockets%2Fb4177155aa0b2a846458b4da378dbe56 +0 -0
- data/test/dummy/tmp/cache/assets/D0A/6F0/sprockets%2Fa394b21853c45302cad3b17f7de2489e +0 -0
- data/test/dummy/tmp/cache/assets/D0B/E00/sprockets%2Fce33d32f3235ad54031338e689a8bdc7 +0 -0
- data/test/dummy/tmp/cache/assets/D0C/3B0/sprockets%2Ff34ef114cb808f84780a11082ade91d7 +0 -0
- data/test/dummy/tmp/cache/assets/D0F/3E0/sprockets%2F6654975eaa53a225d976278fcb6baa00 +0 -0
- data/test/dummy/tmp/cache/assets/D0F/550/sprockets%2F9927550095e029ace0d4d5add6901ce5 +0 -0
- data/test/dummy/tmp/cache/assets/D10/790/sprockets%2F31d2271940e9d19a9a5fb42fc70f26d7 +0 -0
- data/test/dummy/tmp/cache/assets/D12/1F0/sprockets%2Fce0c803f16e21317768892d42f1a8efc +0 -0
- data/test/dummy/tmp/cache/assets/D12/8E0/sprockets%2F93656a1c9a1db15ff824a84f3867c3b0 +0 -0
- data/test/dummy/tmp/cache/assets/D14/380/sprockets%2F7d5975b3efc5ace265c437a91539101f +0 -0
- data/test/dummy/tmp/cache/assets/D14/890/sprockets%2F2cb018dd1879c96fa83d4909b04f21e5 +0 -0
- data/test/dummy/tmp/cache/assets/D16/1F0/sprockets%2Fb19e1a25f43ad7167231aee857288f6f +0 -0
- data/test/dummy/tmp/cache/assets/D18/150/sprockets%2F524feca5ed7674507bd2e517943f45c4 +0 -0
- data/test/dummy/tmp/cache/assets/D19/6F0/sprockets%2Fc63725cd8e7d8f30818f7a82a75cc331 +0 -0
- data/test/dummy/tmp/cache/assets/D1A/600/sprockets%2F56bf56fa14222faef68241a4866f9e28 +0 -0
- data/test/dummy/tmp/cache/assets/D1E/AF0/sprockets%2F38fb02a7c41a3f3956e1f8b783885af8 +0 -0
- data/test/dummy/tmp/cache/assets/D21/2A0/sprockets%2F1fa2a4758d368a4ed74af19d94958d53 +0 -0
- data/test/dummy/tmp/cache/assets/D23/C30/sprockets%2F30a075c86c0057f03ed03a1a6c1ac74f +0 -0
- data/test/dummy/tmp/cache/assets/D2C/3A0/sprockets%2F5fb3206e15e73cbac0463d4e0633b9c1 +0 -0
- data/test/dummy/tmp/cache/assets/D2D/B40/sprockets%2F214ba38cd9bae5351510b85c60b1cf66 +0 -0
- data/test/dummy/tmp/cache/assets/D31/410/sprockets%2F1fb41a8351cfe74b19081d3a0a8cd186 +0 -0
- data/test/dummy/tmp/cache/assets/D32/A10/sprockets%2F13fe41fee1fe35b49d145bcc06610705 +0 -0
- data/test/dummy/tmp/cache/assets/D34/3C0/sprockets%2Fd6f33bf9ea577a425537e31a1b1436aa +0 -0
- data/test/dummy/tmp/cache/assets/D36/A50/sprockets%2F4c5a2303a78ff5007cba199ec980b41d +0 -0
- data/test/dummy/tmp/cache/assets/D38/300/sprockets%2F231189114e3e16c0af8cbbfb922a7c89 +0 -0
- data/test/dummy/tmp/cache/assets/D3A/320/sprockets%2Fb4e466a4108157e7bbdf8a80530e76ab +0 -0
- data/test/dummy/tmp/cache/assets/D3C/430/sprockets%2Fc1850205179d6bc0315cf87db4edd7a8 +0 -0
- data/test/dummy/tmp/cache/assets/D3C/600/sprockets%2F6cb9fa003e4ae915755dbc429d54b255 +0 -0
- data/test/dummy/tmp/cache/assets/D3D/970/sprockets%2F9e70fe2b22f4504ee45029b9d04ce46c +0 -0
- data/test/dummy/tmp/cache/assets/D3F/4A0/sprockets%2F9d1d25fb38006ddc0e6fcf42190d8583 +0 -0
- data/test/dummy/tmp/cache/assets/D3F/D70/sprockets%2Fa7d40ead3d8014db7e90ec643e323969 +0 -0
- data/test/dummy/tmp/cache/assets/D43/7F0/sprockets%2F05ba12f3e980c9658d979415aca6a3ce +0 -0
- data/test/dummy/tmp/cache/assets/D45/7E0/sprockets%2Fc24e2e08818f34b11af78c7b4467fb5f +0 -0
- data/test/dummy/tmp/cache/assets/D45/970/sprockets%2Ff0e7b8648d5a2519256c1eeb2d9f08d2 +0 -0
- data/test/dummy/tmp/cache/assets/D45/F90/sprockets%2F6b6e959a5f0990831a196b6bddb05f3b +0 -0
- data/test/dummy/tmp/cache/assets/D47/E90/sprockets%2Fa578fc0e68c5d167fc5c365e2c09a616 +0 -0
- data/test/dummy/tmp/cache/assets/D48/090/sprockets%2F7a07a493490b7ac1cc0466a9eed8e589 +0 -0
- data/test/dummy/tmp/cache/assets/D4A/820/sprockets%2Feb00ebb7f262bff8638844571e1a859f +0 -0
- data/test/dummy/tmp/cache/assets/D4B/160/sprockets%2F78835ac7e39b080e262f9a4b76cbd65d +0 -0
- data/test/dummy/tmp/cache/assets/D4B/320/sprockets%2F4a570986eef4f2707130eb8c9c36d9ad +0 -0
- data/test/dummy/tmp/cache/assets/D4C/7F0/sprockets%2F5c0e220ac801d18f4bd1bd65e043d20a +0 -0
- data/test/dummy/tmp/cache/assets/D4E/1B0/sprockets%2Ff7cbd26ba1d28d48de824f0e94586655 +0 -0
- data/test/dummy/tmp/cache/assets/D4F/E20/sprockets%2F2da45938fca5e6979baa57c61b43b689 +0 -0
- data/test/dummy/tmp/cache/assets/D51/C40/sprockets%2F9c881f9a0edd974bf6ff0f83a4308192 +0 -0
- data/test/dummy/tmp/cache/assets/D52/6A0/sprockets%2F8b5de085dffa4897817e72a1b75348cd +0 -0
- data/test/dummy/tmp/cache/assets/D54/210/sprockets%2F8d24b46f6838cc66ddb9c7b07d32e939 +0 -0
- data/test/dummy/tmp/cache/assets/D56/C20/sprockets%2F4ce9229c7c971ce590189cfea1e74d95 +0 -0
- data/test/dummy/tmp/cache/assets/D5A/310/sprockets%2F7f968e95238c9866f6ebd76a16b2aab6 +0 -0
- data/test/dummy/tmp/cache/assets/D5A/7B0/sprockets%2Fda913ea979b742f1f7418f488e32fe8f +0 -0
- data/test/dummy/tmp/cache/assets/D5A/EA0/sprockets%2Fd771ace226fc8215a3572e0aa35bb0d6 +0 -0
- data/test/dummy/tmp/cache/assets/D5C/1F0/sprockets%2Fed34fbbec82818204a214b5114d3dce5 +0 -0
- data/test/dummy/tmp/cache/assets/D64/700/sprockets%2F76c71d55a65dae34d0f60d62ee3a63b0 +0 -0
- data/test/dummy/tmp/cache/assets/D64/DE0/sprockets%2F655e1ca6a735ac75093c0e01febce293 +0 -0
- data/test/dummy/tmp/cache/assets/D72/4B0/sprockets%2F34ba5dd43adc2c826b79ce9a944f8620 +0 -0
- data/test/dummy/tmp/cache/assets/D76/710/sprockets%2F6740efeff28c623e091100f28f7c9eaf +0 -0
- data/test/dummy/tmp/cache/assets/D77/3D0/sprockets%2F76515b80ab945bb46f93cdace3993c4e +0 -0
- data/test/dummy/tmp/cache/assets/D78/C60/sprockets%2F3ed4e68ec22d09a66c1ea96e6b733d66 +0 -0
- data/test/dummy/tmp/cache/assets/D92/5E0/sprockets%2F17d03aff61dbd220217eb7f159bb8df2 +0 -0
- data/test/dummy/tmp/cache/assets/D96/CE0/sprockets%2Fff431fe62bbb5f0e9d63c43c4010fd56 +0 -0
- data/test/dummy/tmp/cache/assets/D9C/CF0/sprockets%2Fde9afe6f38620c4144b5a5fd1dc36f23 +0 -0
- data/test/dummy/tmp/cache/assets/D9C/EA0/sprockets%2Ff1cdf6c71079c7b373b1b842bf4e9a3a +0 -0
- data/test/dummy/tmp/cache/assets/D9D/590/sprockets%2F93ee64febc21345494bfbd0a8aad6446 +0 -0
- data/test/dummy/tmp/cache/assets/D9E/490/sprockets%2Fe231e8b6ec488aecaf61d84bb542e029 +0 -0
- data/test/dummy/tmp/cache/assets/D9E/6A0/sprockets%2F0a9e2c29287a00d9b9cc94cd9b3af63a +0 -0
- data/test/dummy/tmp/cache/assets/DA0/110/sprockets%2F29a7ddee7ded49b2613bb26f5d0980a3 +0 -0
- data/test/dummy/tmp/cache/assets/DA2/580/sprockets%2F35d3674fac89e6235b3fa6b251fbc3ff +0 -0
- data/test/dummy/tmp/cache/assets/DA2/780/sprockets%2F83886a2d2dba19d6cf5a2ea7fe7213d7 +0 -0
- data/test/dummy/tmp/cache/assets/DA3/9C0/sprockets%2F7f2d6495f1f675acc353e0a37adc94ae +0 -0
- data/test/dummy/tmp/cache/assets/DA6/B80/sprockets%2F60bbf1fc573c8bc35c8da9082888cb6c +0 -0
- data/test/dummy/tmp/cache/assets/DA6/EB0/sprockets%2F83015053ed9a581994cafcbbf9e7e6ab +0 -0
- data/test/dummy/tmp/cache/assets/DA7/0C0/sprockets%2Fc9194b0b488f53a9afc0540ced96ad9e +0 -0
- data/test/dummy/tmp/cache/assets/DA7/6D0/sprockets%2F28ce714e9b9d6aa16c4604bc9b5afd79 +0 -0
- data/test/dummy/tmp/cache/assets/DA9/490/sprockets%2F9815ad0a7dab6fbdfb2856654298acf7 +0 -0
- data/test/dummy/tmp/cache/assets/DAC/E40/sprockets%2Fec3c6d68d0e246ed889fe31471dc44fc +0 -0
- data/test/dummy/tmp/cache/assets/DAE/050/sprockets%2F6a3d58d879f5afbf0ad526425fe76a5f +0 -0
- data/test/dummy/tmp/cache/assets/DB8/040/sprockets%2F218aaca004d507da6f207ce9de821bea +0 -0
- data/test/dummy/tmp/cache/assets/DBB/E80/sprockets%2Fa01bf17ca00dc2b43f749abe69cad680 +0 -0
- data/test/dummy/tmp/cache/assets/DBD/170/sprockets%2Fc229df8cfb1c041769d0bb3c8eb310ac +0 -0
- data/test/dummy/tmp/cache/assets/DBF/770/sprockets%2F89c90a5f9259fc5b1b6ed69efe7c88d2 +0 -0
- data/test/dummy/tmp/cache/assets/DBF/850/sprockets%2Fb37d146f03d1ab72bd81afa3b7c295bf +0 -0
- data/test/dummy/tmp/cache/assets/DC3/E90/sprockets%2F63fce83ccf6fed1a634c00ec9623ba30 +0 -0
- data/test/dummy/tmp/cache/assets/DC4/1B0/sprockets%2Fedae9235cb5ca2fc97c2d335ba27a660 +0 -0
- data/test/dummy/tmp/cache/assets/DC7/2B0/sprockets%2Fda49c151b0b2be5bf6e8e135bd6f80d6 +0 -0
- data/test/dummy/tmp/cache/assets/DC9/C70/sprockets%2Fba5f2321c2ee8c42d0ff498a12e5bf7e +0 -0
- data/test/dummy/tmp/cache/assets/DCA/DC0/sprockets%2F7ed2addf814bfd28c3bad7790e005d53 +0 -0
- data/test/dummy/tmp/cache/assets/DCB/320/sprockets%2F672cc04c39b0a37cbe89cecbf3580ad7 +0 -0
- data/test/dummy/tmp/cache/assets/DCB/AE0/sprockets%2Fd14638ac9aaefa36ca75c1d66cb727e3 +0 -0
- data/test/dummy/tmp/cache/assets/DCC/1D0/sprockets%2Ff6defe1375c5acb57e141263b70fe5eb +0 -0
- data/test/dummy/tmp/cache/assets/DD1/DB0/sprockets%2Fc7a35f025c7fb33a2d9ce83ce4bd4f86 +0 -0
- data/test/dummy/tmp/cache/assets/DD2/5B0/sprockets%2F91c620bad817c7ffa64d5ea8b446db6f +0 -0
- data/test/dummy/tmp/cache/assets/DD2/D60/sprockets%2Fcc373f8a8e1d94ed2154dc37ca0f3ff6 +0 -0
- data/test/dummy/tmp/cache/assets/DD5/8E0/sprockets%2F0dde6f938e5addbdab55f6e7037e1482 +0 -0
- data/test/dummy/tmp/cache/assets/DD5/B80/sprockets%2Fdd3beb4c76fbf877171fd66192ebc4b2 +0 -0
- data/test/dummy/tmp/cache/assets/DD7/F30/sprockets%2Fe5fedf2dc39b7a678447c63ee2601ebc +0 -0
- data/test/dummy/tmp/cache/assets/DDB/200/sprockets%2F9dd434d9f9a3f7f4b35d90a0ddd6fb19 +0 -0
- data/test/dummy/tmp/cache/assets/DDC/1F0/sprockets%2F7533abdaee852b1c7bb05cabe3b2040a +0 -0
- data/test/dummy/tmp/cache/assets/DDC/400/sprockets%2Fcffd775d018f68ce5dba1ee0d951a994 +0 -0
- data/test/dummy/tmp/cache/assets/DDD/190/sprockets%2F85d9f2c43cee7e82bdf893e0d35ac66a +0 -0
- data/test/dummy/tmp/cache/assets/DDD/1E0/sprockets%2F951cfc59ce1918fcb37c28fa20e9ebf7 +0 -0
- data/test/dummy/tmp/cache/assets/DDE/590/sprockets%2F2e7b6f67b665649ced381dfe37ce2abe +0 -0
- data/test/dummy/tmp/cache/assets/DDE/660/sprockets%2Ff64ad0798dfc7f6da9fcd83b53c8c250 +0 -0
- data/test/dummy/tmp/cache/assets/DE8/2A0/sprockets%2F37ceb226c01db0bd317e3f3fcfcf1c51 +0 -0
- data/test/dummy/tmp/cache/assets/DE8/440/sprockets%2F5559ecfd0ee508d816e4dc889cd8fe3b +0 -0
- data/test/dummy/tmp/cache/assets/DEE/730/sprockets%2F8121bbae4961aeba50bdb2cbd939c09f +0 -0
- data/test/dummy/tmp/cache/assets/DEF/AB0/sprockets%2Ff8c08dc2009dc1c91a4da29cc852badb +0 -0
- data/test/dummy/tmp/cache/assets/DF1/9C0/sprockets%2F7bbd18d10dc4ea3f5d6b137a5b0c9e7b +0 -0
- data/test/dummy/tmp/cache/assets/DF8/6B0/sprockets%2F3b2dfa4e62529eeedd6de03ab7b26b19 +0 -0
- data/test/dummy/tmp/cache/assets/DFA/CE0/sprockets%2F11f1769f11ddfe50ae1ec399fafa1cf3 +0 -0
- data/test/dummy/tmp/cache/assets/DFE/C50/sprockets%2F0af9ec26a81ea5fa1e72f6de4f7a8e03 +0 -0
- data/test/dummy/tmp/cache/assets/DFF/900/sprockets%2Fd6d6cf5ff58edce3840dc45621fb1a1d +0 -0
- data/test/dummy/tmp/cache/assets/E02/C30/sprockets%2Fecc53a781b3bf1fbcc94fc77c951c5c5 +0 -0
- data/test/dummy/tmp/cache/assets/E04/440/sprockets%2F28fe8df46cdf880c8aa0cced70bb7570 +0 -0
- data/test/dummy/tmp/cache/assets/E04/890/sprockets%2F2f5173deea6c795b8fdde723bb4b63af +0 -0
- data/test/dummy/tmp/cache/assets/E08/200/sprockets%2Fed91cd00ed3e395eef48f19c62de6e1d +0 -0
- data/test/dummy/tmp/cache/assets/E10/340/sprockets%2F7ebd866bfd5a89bfdbf6d928b1d7341d +0 -0
- data/test/dummy/tmp/cache/assets/E19/2A0/sprockets%2F10fcfbe6ebae11a40c8eac41939a1b9a +0 -0
- data/test/dummy/tmp/cache/assets/E23/A10/sprockets%2F03c4303cddb0cfd8cc9e67aa76c70aee +0 -0
- data/test/dummy/tmp/cache/assets/E24/670/sprockets%2Fb857c29efff63c768fbb48ef8e79aae7 +0 -0
- data/test/dummy/tmp/cache/assets/E2E/550/sprockets%2Ffb7d8bb50347f4edae6b56ca4bdf07b7 +0 -0
- data/test/dummy/tmp/cache/assets/E3B/080/sprockets%2F09e2a090befacdae0db10cafb1893a0a +0 -0
- data/test/dummy/tmp/cache/assets/E3E/DE0/sprockets%2Fa977ff5dc4e348f89fe35af4bd2aae3c +0 -0
- data/test/dummy/tmp/cache/assets/E45/C30/sprockets%2F69ccc9abc9b338aeee9ee4f1958fb64c +0 -0
- data/test/dummy/tmp/cache/assets/E83/1F0/sprockets%2F936cdaaa3e9ff0aafac3bc95ea45a3c6 +0 -0
- data/test/dummy/tmp/cache/assets/E85/370/sprockets%2Fca34a37aca7a3f4fe4b2d9ad46ecccc9 +0 -0
- data/test/dummy/tmp/cache/assets/E89/CE0/sprockets%2F86a2fd89bf33cbbacf438bb6ef0f3aca +0 -0
- data/test/dummy/tmp/cache/assets/F45/590/sprockets%2Fedcf9d1288bc0cfabaccf35fa6ecceca +0 -0
- data/test/dummy/tmp/cache/sass/867224f66ea2bfec241b4cee6d1fd9626cb72b7e/scaffolds.css.scssc +0 -0
- data/test/dummy/tmp/cache/sass/867224f66ea2bfec241b4cee6d1fd9626cb72b7e/widgets.css.scssc +0 -0
- data/test/ensnare_test.rb +7 -0
- data/test/fixtures/ensnare/violations.yml +9 -0
- data/test/functional/ensnare/dashboard_controller_test.rb +16 -0
- data/test/functional/ensnare/violation_controller_test.rb +11 -0
- data/test/integration/navigation_test.rb +10 -0
- data/test/test_helper.rb +15 -0
- data/test/unit/ensnare/violation_test.rb +9 -0
- data/test/unit/helpers/ensnare/dashboard_helper_test.rb +6 -0
- data/test/unit/helpers/ensnare/violation_helper_test.rb +6 -0
- metadata +692 -0
@@ -0,0 +1,143 @@
|
|
1
|
+
module Ensnare
|
2
|
+
module Controllers
|
3
|
+
module Helpers
|
4
|
+
module InstanceMethods
|
5
|
+
|
6
|
+
def ensnare
|
7
|
+
Rails.logger.debug("I am running!!")
|
8
|
+
|
9
|
+
violations = []
|
10
|
+
|
11
|
+
if(Ensnare.current_user_method)
|
12
|
+
user = method(Ensnare.current_user_method).call unless !respond_to?(Ensnare.current_user_method)
|
13
|
+
if(user && Ensnare.current_user_identifier)
|
14
|
+
user = user.send(Ensnare.current_user_identifier)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
if(Ensnare.mode == :enforce || Ensnare.mode == :log)
|
19
|
+
Rails.logger.debug("Enabled traps: #{Ensnare.enabled_traps.inspect}")
|
20
|
+
Ensnare.enabled_traps.each do |t|
|
21
|
+
Rails.logger.debug("Trap: #{t.inspect}")
|
22
|
+
trap_type = t[:type]
|
23
|
+
trap_options = t[:options]
|
24
|
+
violations.concat(
|
25
|
+
("Ensnare::Trap::" + trap_type.to_s.classify).constantize.new(controller_name, action_name, session, params, cookies, request, user, trap_options).run
|
26
|
+
)
|
27
|
+
|
28
|
+
end
|
29
|
+
|
30
|
+
if(Ensnare.mode == :enforce)
|
31
|
+
enforce_violations(violations)
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
def enforce_violations(new_violations)
|
38
|
+
if(new_violations.blank?)
|
39
|
+
Rails.logger.debug "There were NO new violations identified this request: " + new_violations.inspect
|
40
|
+
else
|
41
|
+
Rails.logger.debug "There WERE new violations identified this request: " + new_violations.inspect
|
42
|
+
end
|
43
|
+
|
44
|
+
violations=nil
|
45
|
+
|
46
|
+
conditions = {}
|
47
|
+
conditions[:ip_address] = request.remote_ip if [*Ensnare::trap_on].include?(:ip)
|
48
|
+
conditions[:session_id] = session["session_id"] if (session.try(:[],"session_id").present? && [*Ensnare::trap_on].include?(:session))
|
49
|
+
|
50
|
+
|
51
|
+
|
52
|
+
if(Ensnare.current_user_method)
|
53
|
+
user = method(Ensnare.current_user_method).call
|
54
|
+
if(user && Ensnare.current_user_identifier)
|
55
|
+
user = user.send(Ensnare.current_user_identifier)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
conditions[:user_id] = user if (user && [*Ensnare::trap_on].include?(:user))
|
60
|
+
|
61
|
+
query = conditions.map{|k,v| "#{k} = ?"}.join(" OR ")
|
62
|
+
|
63
|
+
Rails.logger.debug query.to_s
|
64
|
+
|
65
|
+
violations = Ensnare::Violation.where(query, *conditions.map{|k,v| v.to_s})
|
66
|
+
.where("created_at > ?",Ensnare.global_timer != nil ? Time.now - Ensnare.global_timer.seconds : Time.now - 24.hours)
|
67
|
+
.order("created_at desc")
|
68
|
+
|
69
|
+
|
70
|
+
if(!violations.blank?)
|
71
|
+
violation_count = violations.sum(:weight)
|
72
|
+
last_violation_time = violations.first.created_at
|
73
|
+
Rails.logger.debug("*** Violations identified (#{violation_count})")
|
74
|
+
|
75
|
+
|
76
|
+
threshold = Ensnare.thresholds.find_all{|x| x[:trap_count] <= violation_count}.max_by{|x| x[:trap_count] }
|
77
|
+
|
78
|
+
if(threshold && Time.now - last_violation_time <= threshold[:timer])
|
79
|
+
Rails.logger.debug("*** Violations found on threshold: " + threshold.to_s)
|
80
|
+
process_violation(threshold, new_violations)
|
81
|
+
end
|
82
|
+
else
|
83
|
+
Rails.logger.debug("*** No violations found")
|
84
|
+
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
|
89
|
+
|
90
|
+
private
|
91
|
+
|
92
|
+
|
93
|
+
|
94
|
+
|
95
|
+
def process_violation(threshold, new_violations)
|
96
|
+
|
97
|
+
persistent_responses = threshold[:traps].find_all{|x| x[:persist] == true}
|
98
|
+
random_response = threshold[:traps].find{ |x| (x[:persist] != true && x[:weight] >= Random.rand)}
|
99
|
+
|
100
|
+
|
101
|
+
persistent_responses.each do |r|
|
102
|
+
trap_response=nil
|
103
|
+
Rails.logger.debug "Going to run persistent trap: #{r[:trap]}"
|
104
|
+
begin
|
105
|
+
trap_response = ("Ensnare::Response::" + r[:trap].to_s.classify).constantize.new(self, session, new_violations, flash, r)
|
106
|
+
rescue
|
107
|
+
Rails.logger.error "Could not find persistent response type: #{r[:trap]}"
|
108
|
+
trap_response = nil
|
109
|
+
end
|
110
|
+
|
111
|
+
if(trap_response)
|
112
|
+
Rails.logger.debug("Running...")
|
113
|
+
if(trap_response.run == true)
|
114
|
+
Rails.logger.debug("A response has rendered. Returning...")
|
115
|
+
return
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
end
|
120
|
+
|
121
|
+
trap_response=nil
|
122
|
+
if(random_response)
|
123
|
+
Rails.logger.debug "Going to run trap: #{random_response[:trap]}"
|
124
|
+
|
125
|
+
begin
|
126
|
+
trap_response = ("Ensnare::Response::" + random_response[:trap].to_s.classify).constantize.new(self, session, new_violations, flash, random_response)
|
127
|
+
rescue
|
128
|
+
Rails.logger.error "Could not find response type: #{random_response[:trap]}"
|
129
|
+
trap_response = nil
|
130
|
+
end
|
131
|
+
if(trap_response)
|
132
|
+
Rails.logger.debug("Running...")
|
133
|
+
if(trap_response.run == true)
|
134
|
+
Rails.logger.debug("A response has rendered. Returning...")
|
135
|
+
return
|
136
|
+
end
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
141
|
+
end
|
142
|
+
end
|
143
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
#require 'ensnare'
|
2
|
+
require 'ensnare/controllers/helpers'
|
3
|
+
require 'ensnare/form_tag_helper.rb'
|
4
|
+
require 'rails'
|
5
|
+
require "twitter-bootstrap-rails"
|
6
|
+
#require "recaptcha/rails"
|
7
|
+
require "ensnare/responses/response"
|
8
|
+
require "ensnare/traps/trap"
|
9
|
+
|
10
|
+
|
11
|
+
module Ensnare
|
12
|
+
class Engine < ::Rails::Engine
|
13
|
+
isolate_namespace Ensnare
|
14
|
+
|
15
|
+
config.to_prepare do
|
16
|
+
Dir[Rails.root + "lib/ensnare/responses/*.rb"].each {|file| require file }
|
17
|
+
Dir[Rails.root + "lib/ensnare/traps/*.rb"].each {|file| require file }
|
18
|
+
Dir[File.dirname(__FILE__)+ "/responses/*.rb"].each {|file| require file }
|
19
|
+
Dir[File.dirname(__FILE__)+ "/traps/*.rb"].each {|file| require file }
|
20
|
+
|
21
|
+
end
|
22
|
+
|
23
|
+
initializer 'ensnare.app_controller' do |app|
|
24
|
+
ActiveSupport.on_load(:action_controller) do
|
25
|
+
#extend Ensnare::Controllers::Helpers::ClassMethods
|
26
|
+
include Ensnare::Controllers::Helpers::InstanceMethods
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,116 @@
|
|
1
|
+
|
2
|
+
|
3
|
+
module ActionView
|
4
|
+
module Helpers
|
5
|
+
module FormHelper
|
6
|
+
#Overload form_for to pass in the object name as part of the options hash
|
7
|
+
def form_for_with_trap(record, options = {}, &block)
|
8
|
+
options[:html] ||= {}
|
9
|
+
|
10
|
+
case record
|
11
|
+
when String, Symbol
|
12
|
+
options[:html][:object_name] = record
|
13
|
+
|
14
|
+
else
|
15
|
+
object = record.is_a?(Array) ? record.last : record
|
16
|
+
options[:html][:object_name] = options[:as] || ActiveModel::Naming.param_key(object)
|
17
|
+
end
|
18
|
+
|
19
|
+
|
20
|
+
form_for_without_trap(record, options, &block)
|
21
|
+
|
22
|
+
end
|
23
|
+
|
24
|
+
alias_method_chain :form_for, :trap
|
25
|
+
end
|
26
|
+
|
27
|
+
module FormTagHelper
|
28
|
+
#Overload form_tag to insert a hidden parameter called "admin" with a value of false
|
29
|
+
#Assuming a real "admin" attribute is not accessible, this will throw a mass assignment
|
30
|
+
#error when submitted
|
31
|
+
|
32
|
+
def form_tag_with_trap(url_for_options = {}, options = {}, *parameters_for_url, &block)
|
33
|
+
|
34
|
+
object_name = options.delete(:object_name)
|
35
|
+
honeypot = options.delete(:honeypot)
|
36
|
+
html = form_tag_without_trap(url_for_options, options, *parameters_for_url, &block)
|
37
|
+
|
38
|
+
if(Ensnare.mode == :enforce || Ensnare.mode == :log)
|
39
|
+
|
40
|
+
#puts "url_for_options: " + url_for_options.inspect
|
41
|
+
#puts "options: " + options.inspect
|
42
|
+
#puts "paramaters_for_url: " + parameters_for_url.inspect
|
43
|
+
|
44
|
+
object_name ||= controller_name.tableize.singularize.to_s
|
45
|
+
|
46
|
+
|
47
|
+
session[:ensnare] ||= {}
|
48
|
+
session[:ensnare][:params] ||= {}
|
49
|
+
|
50
|
+
|
51
|
+
# :admin => this sets a cookie named admin with a boolean value set to false
|
52
|
+
# :debug => this sets a cookie named debug with a boolean value set to false
|
53
|
+
# :random => this cookie generates a random N character cookie with a random encrypted value
|
54
|
+
# :uid => this sets a series of parameters that look like UIDs and GIDs
|
55
|
+
|
56
|
+
if(trap = Ensnare.enabled_traps.find{|trap| trap[:type] == :parameter})
|
57
|
+
predefined_parameters = trap.try(:[],:options).try(:[],:predefined_parameters) || []
|
58
|
+
predefined_parameters.each do |p|
|
59
|
+
k = v = nil
|
60
|
+
case p
|
61
|
+
when :admin
|
62
|
+
k="admin"
|
63
|
+
v="false"
|
64
|
+
when :debug
|
65
|
+
k="debug"
|
66
|
+
v="false"
|
67
|
+
when :random
|
68
|
+
k="random"
|
69
|
+
v= session[:ensnare][:params][k.to_s] || SecureRandom.hex
|
70
|
+
when :gid
|
71
|
+
k="gid"
|
72
|
+
v= session[:ensnare][:params][k.to_s] || Random.rand(100000)
|
73
|
+
when :uid
|
74
|
+
k="uid"
|
75
|
+
v= session[:ensnare][:params][k.to_s] || Random.rand(100000)
|
76
|
+
end
|
77
|
+
if( !k.nil? && !p.nil? )
|
78
|
+
session[:ensnare][:params][k.to_s] = v.to_s
|
79
|
+
trap_parameter = text_field_tag(object_name.to_s+"[#{k.to_s}]", v.to_s, options.except(:class).stringify_keys.merge({:id=>object_name.to_s+"_#{k.to_s}"}).update("type" => "hidden"))
|
80
|
+
if block_given?
|
81
|
+
html.insert(html.index('>')+1, trap_parameter)
|
82
|
+
#html.insert(html.index('</form>'), trap_parameter)
|
83
|
+
else
|
84
|
+
html = trap_parameter+html
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
89
|
+
parameter_names = trap.try(:[],:options).try(:[],:parameter_names) || {}
|
90
|
+
parameter_names.each do |k,v|
|
91
|
+
if(v.class == Method)
|
92
|
+
v = session[:ensnare][:params][k.to_s] || v.call
|
93
|
+
end
|
94
|
+
session[:ensnare][:params][k.to_s] = v
|
95
|
+
trap_parameter = text_field_tag(object_name.to_s+"[#{k.to_s}]", v.to_s, options.except(:class).stringify_keys.merge({:id=>object_name.to_s+"_#{k.to_s}"}).update("type" => "hidden"))
|
96
|
+
if block_given?
|
97
|
+
html.insert(html.index('>')+1, trap_parameter)
|
98
|
+
#html.insert(html.index('</form>'), trap_parameter)
|
99
|
+
else
|
100
|
+
html = trap_parameter+html
|
101
|
+
end
|
102
|
+
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
106
|
+
#end
|
107
|
+
html
|
108
|
+
end
|
109
|
+
alias_method_chain :form_tag, :trap
|
110
|
+
|
111
|
+
private
|
112
|
+
|
113
|
+
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
class Ensnare::Response::Captcha < Ensnare::Response::Response
|
2
|
+
|
3
|
+
def run
|
4
|
+
|
5
|
+
@session[:ensnare] ||={}
|
6
|
+
|
7
|
+
if(!@violations.blank?)
|
8
|
+
@session[:ensnare].delete(:captcha_solved)
|
9
|
+
end
|
10
|
+
|
11
|
+
if(@session[:ensnare].try(:[],:captcha_solved) != true)
|
12
|
+
@controller.redirect_to Ensnare::Engine.routes.url_helpers.captcha_path
|
13
|
+
return true
|
14
|
+
end
|
15
|
+
|
16
|
+
return false
|
17
|
+
|
18
|
+
end
|
19
|
+
|
20
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class Ensnare::Response::FlashError < Ensnare::Response::Response
|
2
|
+
|
3
|
+
def run
|
4
|
+
if(!@violations.blank?)
|
5
|
+
@flash[:error] = @options[:content] || "We have noticed malicious activity from your IP Address/session. Please do not be evil."
|
6
|
+
end
|
7
|
+
|
8
|
+
return false
|
9
|
+
end
|
10
|
+
|
11
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class Ensnare::Response::RandomContent < Ensnare::Response::Response
|
2
|
+
|
3
|
+
def run
|
4
|
+
o = [('a'..'z'), ('A'..'Z')].map { |i| i.to_a }.flatten
|
5
|
+
string = (0...Random.rand(50000)).map{ o[rand(o.length)] }.join
|
6
|
+
|
7
|
+
@controller.render :text=>string, :layout=>true
|
8
|
+
return true
|
9
|
+
end
|
10
|
+
|
11
|
+
end
|
@@ -0,0 +1,10 @@
|
|
1
|
+
class Ensnare::Response::RedirectLoop < Ensnare::Response::Response
|
2
|
+
|
3
|
+
|
4
|
+
def run
|
5
|
+
@options[:parameter] ||= "id"
|
6
|
+
@controller.redirect_to Ensnare::Engine.routes.url_helpers.redir_path @options[:parameter].to_sym=>Random.rand(1000000)
|
7
|
+
return true
|
8
|
+
end
|
9
|
+
|
10
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module Ensnare
|
2
|
+
module Response
|
3
|
+
class Response
|
4
|
+
|
5
|
+
def initialize(controller, session, violations, flash, options={})
|
6
|
+
@controller = controller
|
7
|
+
@options = options
|
8
|
+
@violations = violations
|
9
|
+
@session = session
|
10
|
+
@flash = flash
|
11
|
+
end
|
12
|
+
|
13
|
+
|
14
|
+
def run
|
15
|
+
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -0,0 +1,98 @@
|
|
1
|
+
class Ensnare::Trap::Cookie < Ensnare::Trap::Trap
|
2
|
+
def initialize(controller_name, action_name, session, parameters, cookies, request, user_id, options={})
|
3
|
+
super(controller_name, action_name, session, parameters, cookies, request, user_id, options)
|
4
|
+
@violation_type = "Cookie"
|
5
|
+
end
|
6
|
+
|
7
|
+
def run
|
8
|
+
violations = []
|
9
|
+
|
10
|
+
|
11
|
+
cookie_hash = @session.try(:[],:ensnare).try(:[],:cookies) || {}
|
12
|
+
cookie_hash.each do |k,v|
|
13
|
+
|
14
|
+
if(@cookies[k.to_s] != v.to_s)
|
15
|
+
Rails.logger.debug("Trap Triggered. REASON: Cookie violation detected. IP:" + @request.remote_ip.to_s)
|
16
|
+
violations << log_violation(k.to_s, v.to_s, @cookies[k.to_s].to_s)
|
17
|
+
|
18
|
+
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
setup_cookies
|
23
|
+
|
24
|
+
violations
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def setup_cookies
|
30
|
+
Rails.logger.debug("Setting up cookies")
|
31
|
+
|
32
|
+
@session[:ensnare] ||= {}
|
33
|
+
@session[:ensnare][:cookies] ||= {}
|
34
|
+
|
35
|
+
|
36
|
+
if(@options[:cookie_names].class == Hash)
|
37
|
+
@options[:cookie_names].each do |k,v|
|
38
|
+
@cookies[k.to_s] = v.to_s
|
39
|
+
@session[:ensnare][:cookies][k.to_s] = v.to_s
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
|
44
|
+
if(@options[:predefined_cookies].class == Array)
|
45
|
+
@options[:predefined_cookies].each do |c|
|
46
|
+
case c
|
47
|
+
when :admin
|
48
|
+
cookies = {"admin" => "false"}
|
49
|
+
when :debug
|
50
|
+
cookies = {"debug" => "false"}
|
51
|
+
|
52
|
+
when :random
|
53
|
+
#This is set to a pre-set "random" string for now. Would be nice to have this generated on the fly
|
54
|
+
k= 'vnenSdjfxLgjFDSra'
|
55
|
+
v= @session[:ensnare][:cookies][k.to_s] || SecureRandom.urlsafe_base64(40)
|
56
|
+
cookies = {k => v}
|
57
|
+
when :google
|
58
|
+
|
59
|
+
cookies = {
|
60
|
+
"__utma" => (0...7).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
|
61
|
+
(0...9).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
|
62
|
+
(0...10).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
|
63
|
+
(0...10).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
|
64
|
+
(0...2).map{ ('0'..'9').to_a[rand(10)] }.join ,
|
65
|
+
"__utmb" => (0...8).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
|
66
|
+
(0...1).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
|
67
|
+
(0...2).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
|
68
|
+
(0...10).map{ ('0'..'9').to_a[rand(10)] }.join ,
|
69
|
+
"__utmc" => (0...7).map{ ('0'..'9').to_a[rand(8)] }.join ,
|
70
|
+
"__utmv" => (0...8).map{ ('0'..'9').to_a[rand(10)] }.join + ".lang%3A%20en" ,
|
71
|
+
"__utmz" => (0...8).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
|
72
|
+
(0...10).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
|
73
|
+
(0...1).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
|
74
|
+
(0...1).map{ ('0'..'9').to_a[rand(10)] }.join + "." +
|
75
|
+
"utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)"
|
76
|
+
}
|
77
|
+
|
78
|
+
when :uid
|
79
|
+
k="uid"
|
80
|
+
v= @session[:ensnare][:cookies][k.to_s] || SecureRandom.urlsafe_base64(25)
|
81
|
+
cookies = {k => v}
|
82
|
+
|
83
|
+
when :gid
|
84
|
+
k="gid"
|
85
|
+
v= @session[:ensnare][:cookies][k.to_s] || SecureRandom.urlsafe_base64(25)
|
86
|
+
cookies = {k => v}
|
87
|
+
end
|
88
|
+
|
89
|
+
cookies.each do |key,value|
|
90
|
+
@cookies[key.to_s] = value.to_s
|
91
|
+
@session[:ensnare][:cookies][key.to_s] = value.to_s
|
92
|
+
end
|
93
|
+
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
end
|
98
|
+
end
|