honeypot 0.0.6 → 0.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. data/README.rdoc +5 -5
  2. data/VERSION +1 -1
  3. data/honeypot.gemspec +4 -4
  4. data/lib/honeypot.rb +14 -9
  5. data/lib/honeypot/ipaddr_ext.rb +5 -5
  6. data/lib/honeypot/rack.rb +33 -8
  7. metadata +19 -4
data/README.rdoc CHANGED
@@ -2,9 +2,9 @@
2
2
 
3
3
  Catch bad guys when they stick their hands in the honey.
4
4
 
5
- == rails 3 only
5
+ == rails 3 best
6
6
 
7
- uses rack
7
+ uses rack... it might work on late versions of rails 2
8
8
 
9
9
  == honeypot models
10
10
 
@@ -29,7 +29,7 @@ when somebody touches a honeypot, make sure to log it:
29
29
  class UsersController < ApplicationController
30
30
  def create
31
31
  # [...]
32
- @user.log_remote_request(request)
32
+ @user.log_action_dispatch_request(request)
33
33
  # [...]
34
34
  end
35
35
  end
@@ -37,7 +37,7 @@ when somebody touches a honeypot, make sure to log it:
37
37
  class VotesController < ApplicationController
38
38
  def create
39
39
  # [...]
40
- @vote.log_remote_request(request)
40
+ @vote.log_action_dispatch_request(request)
41
41
  # [...]
42
42
  end
43
43
  end
@@ -48,7 +48,7 @@ and be creative...
48
48
  # notice when a User logs in
49
49
  def create
50
50
  # [...]
51
- current_user.log_remote_request(request)
51
+ current_user.log_action_dispatch_request(request)
52
52
  # [...]
53
53
  end
54
54
  end
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.6
1
+ 0.0.7
data/honeypot.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{honeypot}
8
- s.version = "0.0.6"
8
+ s.version = "0.0.7"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Seamus Abshere"]
12
- s.date = %q{2010-05-27}
12
+ s.date = %q{2010-07-02}
13
13
  s.description = %q{Catch bad guys when they stick their hands in the honey.}
14
14
  s.email = %q{seamus@abshere.net}
15
15
  s.extra_rdoc_files = [
@@ -37,7 +37,7 @@ Gem::Specification.new do |s|
37
37
  s.homepage = %q{http://github.com/seamusabshere/honeypot}
38
38
  s.rdoc_options = ["--charset=UTF-8"]
39
39
  s.require_paths = ["lib"]
40
- s.rubygems_version = %q{1.3.6}
40
+ s.rubygems_version = %q{1.3.7}
41
41
  s.summary = %q{Track remote requests to catch fraud.}
42
42
  s.test_files = [
43
43
  "test/helper.rb",
@@ -48,7 +48,7 @@ Gem::Specification.new do |s|
48
48
  current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
49
49
  s.specification_version = 3
50
50
 
51
- if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
51
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
52
52
  s.add_runtime_dependency(%q<fast_timestamp>, [">= 0.0.4"])
53
53
  s.add_runtime_dependency(%q<geokit>, [">= 1.5.0"])
54
54
  s.add_runtime_dependency(%q<activesupport>, [">= 2.3.8"])
data/lib/honeypot.rb CHANGED
@@ -25,21 +25,26 @@ module Honeypot
25
25
  end
26
26
  end
27
27
 
28
- def log_remote_request(request)
29
- effective_ip_address = [
30
- request.env['rack.session'].andand['honeypot.last_known_remote_ip'].to_s,
31
- request.remote_ip.to_s
32
- ].detect(&:present?)
33
- remote_host = RemoteHost.find_or_create_by_ip_address effective_ip_address
28
+ def log_action_dispatch_request(request)
29
+ log_remote_request request.env['honeypot.remote_ip'], request.url, request.referer
30
+ end
31
+
32
+ def log_rack_env(env)
33
+ request = ::Rack::Request.new env
34
+ log_remote_request request.env['honeypot.remote_ip'], request.url, request.referer
35
+ end
36
+
37
+ def log_remote_request(ip_address, url, referer)
38
+ remote_host = RemoteHost.find_or_create_by_ip_address ip_address
34
39
  remote_request = remote_requests.find_or_create_by_remote_host_id remote_host.id
35
- remote_request.last_http_referer = request.referer if request.referer.present?
36
- remote_request.last_request_uri = request.url if request.url.present?
40
+ remote_request.last_http_referer = referer
41
+ remote_request.last_request_uri = url
37
42
  remote_request.increment :hits
38
43
  remote_request.save!
39
44
  true
40
45
  end
41
46
 
42
- def related_requestables(seen_remote_host_ids = [])
47
+ def related_requestables(seen_remote_host_ids = Array.new)
43
48
  set = Set.new
44
49
  conditions = seen_remote_host_ids.present? ? [ "remote_hosts.id NOT IN (?)", seen_remote_host_ids ] : nil
45
50
  remote_hosts.where(conditions).find_in_batches do |batch|
data/lib/honeypot/ipaddr_ext.rb CHANGED
@@ -1,18 +1,18 @@
1
1
  # http://codesnippets.joyent.com/posts/show/7546
2
2
  class IPAddr
3
- PRIVATE_RANGES = [
3
+ UNROUTEABLE_RANGES = [
4
4
  IPAddr.new('127.0.0.1/32'),
5
5
  IPAddr.new('10.0.0.0/8'),
6
6
  IPAddr.new('172.16.0.0/12'),
7
7
  IPAddr.new('192.168.0.0/16')
8
8
  ]
9
9
 
10
- def private?
10
+ def unrouteable?
11
11
  return false unless self.ipv4?
12
- PRIVATE_RANGES.any? { |ipr| ipr.include? self }
12
+ UNROUTEABLE_RANGES.any? { |ipr| ipr.include? self }
13
13
  end
14
14
 
15
- def public?
16
- !private?
15
+ def routeable?
16
+ !unrouteable?
17
17
  end
18
18
  end
data/lib/honeypot/rack.rb CHANGED
@@ -8,16 +8,41 @@ module Honeypot
8
8
  end
9
9
 
10
10
  def call(env)
11
- raw_remote_ip = if env.has_key?('action_dispatch.remote_ip') # rails 3
12
- env['action_dispatch.remote_ip']
13
- elsif env.has_key?('action_controller.rescue.request') # rails 2
14
- env['action_controller.rescue.request'].remote_ip
15
- end
16
- if raw_remote_ip and session = env['rack.session']
17
- remote_ip = IPAddr.new raw_remote_ip.to_s
18
- session['honeypot.last_known_remote_ip'] = remote_ip.to_s if remote_ip.public?
11
+ remote_ip = _most_likely_remote_ip env
12
+
13
+ # For the next request, in case the next time we see this session the remote ip is obscured
14
+ # (for example, that happens if you're on engineyard and the request comes in over SSL)
15
+ if env.has_key? 'rack.session' and remote_ip.routeable?
16
+ env['rack.session']['honeypot.last_known_routeable_remote_ip'] = remote_ip.to_s
19
17
  end
18
+
19
+ # For use by other middleware or the app itself
20
+ env['honeypot.remote_ip'] = remote_ip.to_s
21
+
20
22
  @app.call env
21
23
  end
24
+
25
+ def _most_likely_remote_ip(env)
26
+ candidates = _collect_possible_remote_ips env
27
+ candidates.detect { |remote_ip| remote_ip.routeable? } || candidates.first
28
+ end
29
+
30
+ def _collect_possible_remote_ips(env)
31
+ candidates = Array.new
32
+ # rails 3
33
+ if env.has_key? 'action_dispatch.remote_ip'
34
+ candidates.push env['action_dispatch.remote_ip']
35
+ end
36
+ # rails 2
37
+ if env.has_key? 'action_controller.rescue.request'
38
+ candidates.push env['action_controller.rescue.request']
39
+ end
40
+ # saved by honeypot between requests
41
+ if env.has_key? 'rack.session'
42
+ candidates.push env['rack.session']['honeypot.last_known_routeable_remote_ip']
43
+ end
44
+ candidates.map! { |raw_ip_address| IPAddr.new raw_ip_address.to_s }
45
+ candidates
46
+ end
22
47
  end
23
48
  end
metadata CHANGED
@@ -1,12 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: honeypot
3
3
  version: !ruby/object:Gem::Version
4
+ hash: 17
4
5
  prerelease: false
5
6
  segments:
6
7
  - 0
7
8
  - 0
8
- - 6
9
- version: 0.0.6
9
+ - 7
10
+ version: 0.0.7
10
11
  platform: ruby
11
12
  authors:
12
13
  - Seamus Abshere
@@ -14,16 +15,18 @@ autorequire:
14
15
  bindir: bin
15
16
  cert_chain: []
16
17
 
17
- date: 2010-05-27 00:00:00 -04:00
18
+ date: 2010-07-02 00:00:00 -04:00
18
19
  default_executable:
19
20
  dependencies:
20
21
  - !ruby/object:Gem::Dependency
21
22
  name: fast_timestamp
22
23
  prerelease: false
23
24
  requirement: &id001 !ruby/object:Gem::Requirement
25
+ none: false
24
26
  requirements:
25
27
  - - ">="
26
28
  - !ruby/object:Gem::Version
29
+ hash: 23
27
30
  segments:
28
31
  - 0
29
32
  - 0
@@ -35,9 +38,11 @@ dependencies:
35
38
  name: geokit
36
39
  prerelease: false
37
40
  requirement: &id002 !ruby/object:Gem::Requirement
41
+ none: false
38
42
  requirements:
39
43
  - - ">="
40
44
  - !ruby/object:Gem::Version
45
+ hash: 3
41
46
  segments:
42
47
  - 1
43
48
  - 5
@@ -49,9 +54,11 @@ dependencies:
49
54
  name: activesupport
50
55
  prerelease: false
51
56
  requirement: &id003 !ruby/object:Gem::Requirement
57
+ none: false
52
58
  requirements:
53
59
  - - ">="
54
60
  - !ruby/object:Gem::Version
61
+ hash: 19
55
62
  segments:
56
63
  - 2
57
64
  - 3
@@ -63,9 +70,11 @@ dependencies:
63
70
  name: activerecord
64
71
  prerelease: false
65
72
  requirement: &id004 !ruby/object:Gem::Requirement
73
+ none: false
66
74
  requirements:
67
75
  - - ">="
68
76
  - !ruby/object:Gem::Version
77
+ hash: 19
69
78
  segments:
70
79
  - 2
71
80
  - 3
@@ -77,9 +86,11 @@ dependencies:
77
86
  name: andand
78
87
  prerelease: false
79
88
  requirement: &id005 !ruby/object:Gem::Requirement
89
+ none: false
80
90
  requirements:
81
91
  - - ">="
82
92
  - !ruby/object:Gem::Version
93
+ hash: 25
83
94
  segments:
84
95
  - 1
85
96
  - 3
@@ -123,23 +134,27 @@ rdoc_options:
123
134
  require_paths:
124
135
  - lib
125
136
  required_ruby_version: !ruby/object:Gem::Requirement
137
+ none: false
126
138
  requirements:
127
139
  - - ">="
128
140
  - !ruby/object:Gem::Version
141
+ hash: 3
129
142
  segments:
130
143
  - 0
131
144
  version: "0"
132
145
  required_rubygems_version: !ruby/object:Gem::Requirement
146
+ none: false
133
147
  requirements:
134
148
  - - ">="
135
149
  - !ruby/object:Gem::Version
150
+ hash: 3
136
151
  segments:
137
152
  - 0
138
153
  version: "0"
139
154
  requirements: []
140
155
 
141
156
  rubyforge_project:
142
- rubygems_version: 1.3.6
157
+ rubygems_version: 1.3.7
143
158
  signing_key:
144
159
  specification_version: 3
145
160
  summary: Track remote requests to catch fraud.