RubyGems - hedra - Versions diffs - 1.0.1 → 2.0.1 - Mend

hedra 1.0.1 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

checksums.yaml +4 -4
data/LICENSE +1 -1
data/README.md +399 -107
data/config/example_config.yml +88 -10
data/lib/hedra/analyzer.rb +74 -8
data/lib/hedra/baseline.rb +83 -0
data/lib/hedra/cache.rb +93 -0
data/lib/hedra/certificate_checker.rb +94 -0
data/lib/hedra/circuit_breaker.rb +80 -0
data/lib/hedra/cli.rb +271 -18
data/lib/hedra/config.rb +1 -1
data/lib/hedra/exporter.rb +7 -0
data/lib/hedra/html_reporter.rb +143 -0
data/lib/hedra/http_client.rb +49 -9
data/lib/hedra/progress_tracker.rb +45 -0
data/lib/hedra/rate_limiter.rb +60 -0
data/lib/hedra/security_txt_checker.rb +93 -0
data/lib/hedra/version.rb +1 -1
data/lib/hedra.rb +17 -9
metadata +12 -4

data/lib/hedra/rate_limiter.rb ADDED Viewed

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+module Hedra
+  # Token bucket rate limiter
+  class RateLimiter
+    def initialize(rate_string)
+      @requests, period = parse_rate(rate_string)
+      @period = period_to_seconds(period)
+      @tokens = @requests
+      @last_refill = Time.now
+      @mutex = Mutex.new
+    end
+    def acquire
+      @mutex.synchronize do
+        refill_tokens
+        if @tokens >= 1
+          @tokens -= 1
+          return
+        end
+        # Wait until we have tokens
+        sleep_time = @period / @requests
+        sleep(sleep_time)
+        refill_tokens
+        @tokens -= 1
+      end
+    end
+    private
+    def parse_rate(rate_string)
+      # Format: "10/s", "100/m", "1000/h"
+      match = rate_string.match(%r{^(\d+)/([smh])$})
+      raise Error, "Invalid rate format: #{rate_string}" unless match
+      [match[1].to_i, match[2]]
+    end
+    def period_to_seconds(period)
+      case period
+      when 's' then 1
+      when 'm' then 60
+      when 'h' then 3600
+      else
+        raise Error, "Invalid period: #{period}"
+      end
+    end
+    def refill_tokens
+      now = Time.now
+      elapsed = now - @last_refill
+      tokens_to_add = (elapsed / @period) * @requests
+      @tokens = [@tokens + tokens_to_add, @requests].min
+      @last_refill = now
+    end
+  end
+end

data/lib/hedra/security_txt_checker.rb ADDED Viewed

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+module Hedra
+  # Check for security.txt file (RFC 9116)
+  class SecurityTxtChecker
+    SECURITY_TXT_PATHS = [
+      '/.well-known/security.txt',
+      '/security.txt'
+    ].freeze
+    def check(url, http_client)
+      uri = URI.parse(url)
+      base_url = "#{uri.scheme}://#{uri.host}#{":#{uri.port}" if uri.port && ![80, 443].include?(uri.port)}"
+      findings = []
+      found = false
+      SECURITY_TXT_PATHS.each do |path|
+        response = http_client.get("#{base_url}#{path}")
+        if response.status.success?
+          found = true
+          findings.concat(validate_security_txt(response.body.to_s))
+          break
+        end
+      rescue StandardError
+        # Continue to next path
+      end
+      unless found
+        findings << {
+          header: 'security.txt',
+          issue: 'security.txt file not found',
+          severity: :info,
+          recommended_fix: 'Add security.txt file at /.well-known/security.txt'
+        }
+      end
+      findings
+    rescue StandardError => e
+      warn "security.txt check failed: #{e.message}"
+      []
+    end
+    private
+    def validate_security_txt(content)
+      findings = []
+      required_fields = %w[Contact]
+      recommended_fields = %w[Expires]
+      required_fields.each do |field|
+        next if content.match?(/^#{field}:/i)
+        findings << {
+          header: 'security.txt',
+          issue: "Missing required field: #{field}",
+          severity: :warning,
+          recommended_fix: "Add #{field} field to security.txt"
+        }
+      end
+      recommended_fields.each do |field|
+        next if content.match?(/^#{field}:/i)
+        findings << {
+          header: 'security.txt',
+          issue: "Missing recommended field: #{field}",
+          severity: :info,
+          recommended_fix: "Consider adding #{field} field to security.txt"
+        }
+      end
+      # Check expiry
+      if content =~ /^Expires:\s*(.+)$/i
+        begin
+          expiry = Time.parse(::Regexp.last_match(1))
+          if expiry < Time.now
+            findings << {
+              header: 'security.txt',
+              issue: 'security.txt has expired',
+              severity: :warning,
+              recommended_fix: 'Update Expires field in security.txt'
+            }
+          end
+        rescue StandardError
+          # Invalid date format
+        end
+      end
+      findings
+    end
+  end
+end

data/lib/hedra/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Hedra
-  VERSION = '1.0.1'
+  VERSION = '2.0.1'
 end

data/lib/hedra.rb CHANGED Viewed

@@ -1,16 +1,24 @@
 # frozen_string_literal: true
-require_relative 'hedra/version'
-require_relative 'hedra/cli'
-require_relative 'hedra/analyzer'
-require_relative 'hedra/http_client'
-require_relative 'hedra/config'
-require_relative 'hedra/plugin_manager'
-require_relative 'hedra/exporter'
-require_relative 'hedra/scorer'
 module Hedra
   class Error < StandardError; end
   class NetworkError < Error; end
   class ConfigError < Error; end
 end
+require_relative 'hedra/version'
+require_relative 'hedra/config'
+require_relative 'hedra/scorer'
+require_relative 'hedra/circuit_breaker'
+require_relative 'hedra/certificate_checker'
+require_relative 'hedra/cache'
+require_relative 'hedra/security_txt_checker'
+require_relative 'hedra/progress_tracker'
+require_relative 'hedra/baseline'
+require_relative 'hedra/rate_limiter'
+require_relative 'hedra/http_client'
+require_relative 'hedra/plugin_manager'
+require_relative 'hedra/exporter'
+require_relative 'hedra/html_reporter'
+require_relative 'hedra/analyzer'
+require_relative 'hedra/cli'

metadata CHANGED Viewed

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: hedra
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 2.0.1
 platform: ruby
 authors:
-- BlackStack
+- bl4ckstack
 bindir: bin
 cert_chain: []
-date: 2025-11-12 00:00:00.000000000 Z
+date: 2025-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -96,7 +96,7 @@ dependencies:
 description: A comprehensive security header analyzer with scanning, auditing, and
   monitoring capabilities
 email:
-- info@blackstack.com
+- info@bl4ckstack.com
 executables:
 - hedra
 extensions: []
@@ -109,12 +109,20 @@ files:
 - config/example_rules.yml
 - lib/hedra.rb
 - lib/hedra/analyzer.rb
+- lib/hedra/baseline.rb
+- lib/hedra/cache.rb
+- lib/hedra/certificate_checker.rb
+- lib/hedra/circuit_breaker.rb
 - lib/hedra/cli.rb
 - lib/hedra/config.rb
 - lib/hedra/exporter.rb
+- lib/hedra/html_reporter.rb
 - lib/hedra/http_client.rb
 - lib/hedra/plugin_manager.rb
+- lib/hedra/progress_tracker.rb
+- lib/hedra/rate_limiter.rb
 - lib/hedra/scorer.rb
+- lib/hedra/security_txt_checker.rb
 - lib/hedra/version.rb
 homepage: https://github.com/bl4ckstack/hedra
 licenses: