gem-firewall 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: b5e2e4ad290ed5bb5ef7adcdd549701d7d8901c3
4
+ data.tar.gz: 48f19cceb8e5351adeb9b1af4f333b7280e069b3
5
+ SHA512:
6
+ metadata.gz: a7bfaf925c05c9118a72d9a284d21c1d50dcd2ea70d731d8dc09ba80a806ea7ba546ef610f798c907e205c11d060f452728012857fa00aee9f0ad498c7a7bd44
7
+ data.tar.gz: 19f0976a2f7107cd38cfdd0b53e68919a48ac4443c3d2bfa936f0142984b93423e491c9db4976798c005e4670573af683e22aa23e866dd6c0a830d174ce23ec4
data/.gitignore ADDED
@@ -0,0 +1,22 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
18
+ *.bundle
19
+ *.so
20
+ *.o
21
+ *.a
22
+ mkmf.log
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in firewall.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2014 Terranova David
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,72 @@
1
+ # Firewall
2
+
3
+ Very simple firewall
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ gem 'firewall'
10
+
11
+ And then execute:
12
+
13
+ $ bundle
14
+
15
+ Or install it yourself as:
16
+
17
+ $ gem install firewall
18
+
19
+ ## Basic usage
20
+
21
+ - Create a firewall instance
22
+
23
+ ```
24
+ fw = Firewall::Firewall.new(false) # reject by default
25
+ ```
26
+
27
+ - Add some rules
28
+
29
+ ```
30
+ r = Firewall::Rule.new("192.168.1.0/24", true) # allow network
31
+ fw.add_rule(r)
32
+ ```
33
+
34
+ - Let's check
35
+
36
+ ```
37
+ fw.allowed?("192.168.1.15") # true
38
+ fw.allowed?("127.0.0.1") # false
39
+ ```
40
+
41
+ ## Advanced rules
42
+
43
+ Lets assume you have an object that can do some checks
44
+
45
+ ```
46
+ class Deletest
47
+
48
+ def complex_check
49
+ true
50
+ end
51
+
52
+ end
53
+ ```
54
+
55
+ ```
56
+ delegate = Deletest.new
57
+
58
+ fw = Firewall::Firewall.new(false)
59
+ r = Firewall::ComplexRule.new("192.168.1.1", true, {delegate: delegate, method: :complex_check})
60
+ fw.add_rule(r)
61
+
62
+ fw.allowed?("192.168.1.1", true) # true
63
+ fw.allowed?("192.168.1.1", false) # false
64
+ ```
65
+
66
+ ## Contributing
67
+
68
+ 1. Fork it ( https://github.com/davidterranova/firewall/fork )
69
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
70
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
71
+ 4. Push to the branch (`git push origin my-new-feature`)
72
+ 5. Create a new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,10 @@
1
+ require "bundler/gem_tasks"
2
+ require 'rake/testtask'
3
+
4
+ Rake::TestTask.new do |t|
5
+ t.libs << 'test'
6
+ t.pattern = "test/*_test.rb"
7
+ end
8
+
9
+ desc "Run tests"
10
+ task :default => :test
data/firewall.gemspec ADDED
@@ -0,0 +1,27 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'firewall/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "gem-firewall"
8
+ spec.version = Firewall::VERSION
9
+ spec.authors = ["Terranova David"]
10
+ spec.email = ["dterranova@adhara-cybersecurity.com"]
11
+ spec.summary = %q{IP based authorisation system}
12
+ spec.description = %q{IP based authorisation system}
13
+ spec.homepage = ""
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files -z`.split("\x0")
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_development_dependency "bundler", "~> 1.6"
22
+ spec.add_development_dependency "minitest", "~> 4.7.3"
23
+ spec.add_development_dependency "rake"
24
+ spec.add_development_dependency "debugger2"
25
+
26
+ spec.add_dependency "ipaddress", "~> 0.8.0"
27
+ end
@@ -0,0 +1,22 @@
1
+ module Firewall
2
+ class ComplexRule < Rule
3
+
4
+ def initialize(ip, allowed, check = {delegate: nil, method: nil})
5
+ super(ip, allowed)
6
+ @delegate = check[:delegate]
7
+ @method = check[:method]
8
+ end
9
+
10
+ def pass?(ip, value = nil)
11
+ pass = false
12
+ if @delegate
13
+ pass = (super(ip) and (value == @delegate.send(@method)))
14
+ else
15
+ pass = super(ip)
16
+ end
17
+
18
+ pass
19
+ end
20
+
21
+ end
22
+ end
@@ -0,0 +1,3 @@
1
+ module Firewall
2
+ VERSION = "0.0.5"
3
+ end
data/lib/firewall.rb ADDED
@@ -0,0 +1,37 @@
1
+ require "firewall/version"
2
+ require "ipaddress"
3
+ require "rule"
4
+ require "complex_rule"
5
+
6
+ module Firewall
7
+ class Firewall
8
+
9
+ def initialize(default = false)
10
+ @default = default
11
+ @rules = []
12
+ end
13
+
14
+ def rules
15
+ @rules
16
+ end
17
+
18
+ def add_rule rule
19
+ @rules << rule
20
+ end
21
+
22
+ def allowed? *args
23
+ allowed = @default
24
+ @rules.each do |rule|
25
+ if rule.kind_of? ComplexRule
26
+ value = (args.length > 1) ? args[1] : nil
27
+ allowed = (allowed || rule.pass?(args[0], value))
28
+ else
29
+ allowed = (allowed || rule.pass?(args[0]))
30
+ end
31
+ end
32
+
33
+ allowed
34
+ end
35
+
36
+ end
37
+ end
data/lib/rule.rb ADDED
@@ -0,0 +1,38 @@
1
+ module Firewall
2
+ class Rule
3
+
4
+ def initialize(ip, allowed)
5
+ @ip = IPAddress.parse ip
6
+ @allowed = allowed
7
+ end
8
+
9
+ def ip
10
+ @ip
11
+ end
12
+
13
+ def allowed
14
+ @allowed
15
+ end
16
+
17
+ def pass? str_ip
18
+ value = false
19
+ ip = IPAddress.parse str_ip
20
+ if @ip.prefix == 32 or ! @ip.network? # single address
21
+ if @ip.address == ip.address
22
+ value = @allowed
23
+ end
24
+ else # network
25
+ if @ip.include?(ip)
26
+ value = @allowed
27
+ end
28
+ end
29
+
30
+ value
31
+ end
32
+
33
+ def to_s
34
+ "#{@ip.to_string} - #{@allowed}"
35
+ end
36
+
37
+ end
38
+ end
@@ -0,0 +1,55 @@
1
+ require 'spec_helper'
2
+
3
+ class ComplexRuleTest < Minitest::Unit::TestCase
4
+
5
+ class Deletest
6
+
7
+ def return_true
8
+ true
9
+ end
10
+
11
+ end
12
+
13
+
14
+ def test_with_delegate_allowed
15
+ ip = "192.168.1.10/24"
16
+ ip2 = "192.168.1.10"
17
+
18
+ dt = Deletest.new
19
+
20
+ r1 = Firewall::ComplexRule.new(ip, true, {delegate: dt, method: :return_true})
21
+ assert_equal r1.pass?(ip2, true), true
22
+ end
23
+
24
+ def test_with_delegate_blocked
25
+ ip = "192.168.1.10/24"
26
+ ip2 = "192.168.1.10"
27
+
28
+ dt = Deletest.new
29
+
30
+ r1 = Firewall::ComplexRule.new(ip, true, {delegate: dt, method: :return_true})
31
+ assert_equal false, r1.pass?(ip2, false)
32
+ end
33
+
34
+ def test_complex_rule_as_normal_rule_allowed
35
+ ip = "192.168.1.10/24"
36
+ ip2 = "192.168.1.10"
37
+
38
+ dt = Deletest.new
39
+
40
+ r1 = Firewall::ComplexRule.new(ip, true)
41
+ assert_equal r1.pass?(ip2), true
42
+ end
43
+
44
+ def test_complex_rule_as_normal_rule_blocked
45
+ ip = "192.168.1.10/24"
46
+ ip2 = "192.168.1.10"
47
+
48
+ dt = Deletest.new
49
+
50
+ r1 = Firewall::ComplexRule.new(ip, false)
51
+ assert_equal r1.pass?(ip2), false
52
+ end
53
+
54
+
55
+ end
@@ -0,0 +1,120 @@
1
+ require 'spec_helper'
2
+
3
+ class FirewallTest < Minitest::Unit::TestCase
4
+
5
+ def setup
6
+ @fw = Firewall::Firewall.new
7
+ end
8
+
9
+ def test_no_rule
10
+ ip = "192.168.1.10/32"
11
+
12
+ assert_equal @fw.allowed?(ip), false
13
+ end
14
+
15
+ def test_no_rule_true
16
+ @fw = Firewall::Firewall.new(true)
17
+ ip = "192.168.1.10/32"
18
+
19
+ assert_equal @fw.allowed?(ip), true
20
+ end
21
+
22
+ def test_same_ip_pass
23
+ ip = "192.168.1.10/32"
24
+ r1 = Firewall::Rule.new(ip, true)
25
+ @fw.add_rule r1
26
+
27
+ assert_equal @fw.allowed?(ip), true
28
+ end
29
+
30
+ def test_same_ip_block
31
+ ip = "192.168.1.10/32"
32
+ r1 = Firewall::Rule.new(ip, false)
33
+ @fw.add_rule r1
34
+
35
+ assert_equal @fw.allowed?(ip), false
36
+ end
37
+
38
+ def test_network_blocked
39
+ network = "192.168.1.0/24"
40
+ ips = IPAddress.parse(network).hosts
41
+
42
+ r1 = Firewall::Rule.new(network, false)
43
+ @fw.add_rule r1
44
+
45
+ ips.each do |ip|
46
+ assert_equal @fw.allowed?(ip.to_string), false
47
+ end
48
+ end
49
+
50
+ def test_network_pass
51
+ network = "192.168.1.0/24"
52
+ ips = IPAddress.parse(network).hosts
53
+
54
+ ip = "192.168.1.10/24"
55
+
56
+ r1 = Firewall::Rule.new(network, true)
57
+ @fw.add_rule r1
58
+
59
+ ips.each do |ip|
60
+ assert_equal @fw.allowed?(ip.to_string), true
61
+ end
62
+ end
63
+
64
+ def test_out_of_network_blocked
65
+ network = "192.168.1.0/24"
66
+ ip = "192.168.2.10/24"
67
+
68
+ r1 = Firewall::Rule.new(network, true)
69
+ @fw.add_rule r1
70
+
71
+ assert_equal @fw.allowed?(ip), false
72
+ end
73
+
74
+ def test_out_of_network_blocked_2
75
+ network = "192.168.1.0/24"
76
+ ip = "192.168.2.10/24"
77
+
78
+ r1 = Firewall::Rule.new(network, false)
79
+ @fw.add_rule r1
80
+
81
+ assert_equal @fw.allowed?(ip), false
82
+ end
83
+
84
+ def test_block_allowed
85
+ network = "192.168.1.0/24"
86
+ ip = "192.168.1.10"
87
+
88
+ r1 = Firewall::Rule.new(network, false)
89
+ r2 = Firewall::Rule.new(network, true)
90
+ @fw.add_rule r1
91
+ @fw.add_rule r2
92
+
93
+ assert_equal @fw.allowed?(ip), true
94
+ end
95
+
96
+ def test_block_allowed_2
97
+ network = "192.168.1.0/24"
98
+ ip = "192.168.1.10"
99
+
100
+ r1 = Firewall::Rule.new(network, false)
101
+ r2 = Firewall::Rule.new(network, true)
102
+ @fw.add_rule r2
103
+ @fw.add_rule r1
104
+
105
+ assert_equal @fw.allowed?(ip), true
106
+ end
107
+
108
+ def test_multiple_rules
109
+ network = "192.168.1.0/24"
110
+ ip = "192.168.1.10"
111
+
112
+ r1 = Firewall::Rule.new(network, false)
113
+ r2 = Firewall::ComplexRule.new(network, true)
114
+ @fw.add_rule r2
115
+ @fw.add_rule r1
116
+
117
+ assert_equal @fw.allowed?(ip), true
118
+ end
119
+
120
+ end
data/test/rule_test.rb ADDED
@@ -0,0 +1,93 @@
1
+ require 'spec_helper'
2
+
3
+ class RuleTest < Minitest::Unit::TestCase
4
+
5
+ def test_same_ip_pass
6
+ ip = "192.168.1.10/32"
7
+ r1 = Firewall::Rule.new(ip, true)
8
+
9
+ assert_equal r1.pass?(ip), true
10
+ end
11
+
12
+ def test_same_ip_block
13
+ ip = "192.168.1.10/32"
14
+ r1 = Firewall::Rule.new(ip, false)
15
+
16
+ assert_equal r1.pass?(ip), false
17
+ end
18
+
19
+ def test_network_blocked
20
+ network = "192.168.1.0/24"
21
+ ips = IPAddress.parse(network).hosts
22
+
23
+ r1 = Firewall::Rule.new(network, false)
24
+
25
+ ips.each do |ip|
26
+ assert_equal r1.pass?(ip.to_string), false
27
+ end
28
+ end
29
+
30
+ def test_network_pass
31
+ network = "192.168.1.0/24"
32
+ ips = IPAddress.parse(network).hosts
33
+
34
+ ip = "192.168.1.10/24"
35
+
36
+ r1 = Firewall::Rule.new(network, true)
37
+
38
+ ips.each do |ip|
39
+ assert_equal r1.pass?(ip.to_string), true
40
+ end
41
+ end
42
+
43
+ def test_out_of_network_blocked
44
+ network = "192.168.1.0/24"
45
+ ip = "192.168.2.10/24"
46
+
47
+ r1 = Firewall::Rule.new(network, true)
48
+
49
+ assert_equal r1.pass?(ip), false
50
+ end
51
+
52
+ def test_out_of_network_blocked_2
53
+ network = "192.168.1.0/24"
54
+ ip = "192.168.2.10/24"
55
+
56
+ r1 = Firewall::Rule.new(network, false)
57
+
58
+ assert_equal r1.pass?(ip), false
59
+ end
60
+
61
+ def test_out_of_ip_blocked
62
+ ip = "192.168.1.10/24"
63
+ ip2 = "192.168.1.11/24"
64
+
65
+ r1 = Firewall::Rule.new(ip, false)
66
+ assert_equal r1.pass?(ip2), false
67
+ end
68
+
69
+ def test_out_of_ip_blocked_2
70
+ ip = "192.168.1.10/24"
71
+ ip2 = "192.168.2.10/24"
72
+
73
+ r1 = Firewall::Rule.new(ip, false)
74
+ assert_equal r1.pass?(ip2), false
75
+ end
76
+
77
+ def test_out_of_ip_blocked_3
78
+ ip = "192.168.1.10/24"
79
+ ip2 = "192.168.1.11"
80
+
81
+ r1 = Firewall::Rule.new(ip, false)
82
+ assert_equal r1.pass?(ip2), false
83
+ end
84
+
85
+ def test_in_network_allowed
86
+ ip = "192.168.1.10/24"
87
+ ip2 = "192.168.1.10"
88
+
89
+ r1 = Firewall::Rule.new(ip, true)
90
+ assert_equal r1.pass?(ip2), true
91
+ end
92
+
93
+ end
@@ -0,0 +1,6 @@
1
+ require 'firewall'
2
+ require 'minitest/unit'
3
+ require 'minitest/spec'
4
+ require 'minitest/autorun'
5
+ require 'minitest/pride'
6
+ require 'debugger'
metadata ADDED
@@ -0,0 +1,132 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: gem-firewall
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.5
5
+ platform: ruby
6
+ authors:
7
+ - Terranova David
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2014-10-09 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bundler
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.6'
20
+ type: :development
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.6'
27
+ - !ruby/object:Gem::Dependency
28
+ name: minitest
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: 4.7.3
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: 4.7.3
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: debugger2
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: ipaddress
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: 0.8.0
76
+ type: :runtime
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: 0.8.0
83
+ description: IP based authorisation system
84
+ email:
85
+ - dterranova@adhara-cybersecurity.com
86
+ executables: []
87
+ extensions: []
88
+ extra_rdoc_files: []
89
+ files:
90
+ - ".gitignore"
91
+ - Gemfile
92
+ - LICENSE.txt
93
+ - README.md
94
+ - Rakefile
95
+ - firewall.gemspec
96
+ - lib/complex_rule.rb
97
+ - lib/firewall.rb
98
+ - lib/firewall/version.rb
99
+ - lib/rule.rb
100
+ - test/complex_rule_test.rb
101
+ - test/firewall_test.rb
102
+ - test/rule_test.rb
103
+ - test/spec_helper.rb
104
+ homepage: ''
105
+ licenses:
106
+ - MIT
107
+ metadata: {}
108
+ post_install_message:
109
+ rdoc_options: []
110
+ require_paths:
111
+ - lib
112
+ required_ruby_version: !ruby/object:Gem::Requirement
113
+ requirements:
114
+ - - ">="
115
+ - !ruby/object:Gem::Version
116
+ version: '0'
117
+ required_rubygems_version: !ruby/object:Gem::Requirement
118
+ requirements:
119
+ - - ">="
120
+ - !ruby/object:Gem::Version
121
+ version: '0'
122
+ requirements: []
123
+ rubyforge_project:
124
+ rubygems_version: 2.2.2
125
+ signing_key:
126
+ specification_version: 4
127
+ summary: IP based authorisation system
128
+ test_files:
129
+ - test/complex_rule_test.rb
130
+ - test/firewall_test.rb
131
+ - test/rule_test.rb
132
+ - test/spec_helper.rb