honeypot 0.0.6 → 0.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. data/README.rdoc +5 -5
  2. data/VERSION +1 -1
  3. data/honeypot.gemspec +4 -4
  4. data/lib/honeypot.rb +14 -9
  5. data/lib/honeypot/ipaddr_ext.rb +5 -5
  6. data/lib/honeypot/rack.rb +33 -8
  7. metadata +19 -4
data/README.rdoc CHANGED
@@ -2,9 +2,9 @@
2
2
 
3
3
  Catch bad guys when they stick their hands in the honey.
4
4
 
5
- == rails 3 only
5
+ == rails 3 best
6
6
 
7
- uses rack
7
+ uses rack... it might work on late versions of rails 2
8
8
 
9
9
  == honeypot models
10
10
 
@@ -29,7 +29,7 @@ when somebody touches a honeypot, make sure to log it:
29
29
  class UsersController < ApplicationController
30
30
  def create
31
31
  # [...]
32
- @user.log_remote_request(request)
32
+ @user.log_action_dispatch_request(request)
33
33
  # [...]
34
34
  end
35
35
  end
@@ -37,7 +37,7 @@ when somebody touches a honeypot, make sure to log it:
37
37
  class VotesController < ApplicationController
38
38
  def create
39
39
  # [...]
40
- @vote.log_remote_request(request)
40
+ @vote.log_action_dispatch_request(request)
41
41
  # [...]
42
42
  end
43
43
  end
@@ -48,7 +48,7 @@ and be creative...
48
48
  # notice when a User logs in
49
49
  def create
50
50
  # [...]
51
- current_user.log_remote_request(request)
51
+ current_user.log_action_dispatch_request(request)
52
52
  # [...]
53
53
  end
54
54
  end
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.6
1
+ 0.0.7
data/honeypot.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{honeypot}
8
- s.version = "0.0.6"
8
+ s.version = "0.0.7"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Seamus Abshere"]
12
- s.date = %q{2010-05-27}
12
+ s.date = %q{2010-07-02}
13
13
  s.description = %q{Catch bad guys when they stick their hands in the honey.}
14
14
  s.email = %q{seamus@abshere.net}
15
15
  s.extra_rdoc_files = [
@@ -37,7 +37,7 @@ Gem::Specification.new do |s|
37
37
  s.homepage = %q{http://github.com/seamusabshere/honeypot}
38
38
  s.rdoc_options = ["--charset=UTF-8"]
39
39
  s.require_paths = ["lib"]
40
- s.rubygems_version = %q{1.3.6}
40
+ s.rubygems_version = %q{1.3.7}
41
41
  s.summary = %q{Track remote requests to catch fraud.}
42
42
  s.test_files = [
43
43
  "test/helper.rb",
@@ -48,7 +48,7 @@ Gem::Specification.new do |s|
48
48
  current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
49
49
  s.specification_version = 3
50
50
 
51
- if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
51
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
52
52
  s.add_runtime_dependency(%q<fast_timestamp>, [">= 0.0.4"])
53
53
  s.add_runtime_dependency(%q<geokit>, [">= 1.5.0"])
54
54
  s.add_runtime_dependency(%q<activesupport>, [">= 2.3.8"])
data/lib/honeypot.rb CHANGED
@@ -25,21 +25,26 @@ module Honeypot
25
25
  end
26
26
  end
27
27
 
28
- def log_remote_request(request)
29
- effective_ip_address = [
30
- request.env['rack.session'].andand['honeypot.last_known_remote_ip'].to_s,
31
- request.remote_ip.to_s
32
- ].detect(&:present?)
33
- remote_host = RemoteHost.find_or_create_by_ip_address effective_ip_address
28
+ def log_action_dispatch_request(request)
29
+ log_remote_request request.env['honeypot.remote_ip'], request.url, request.referer
30
+ end
31
+
32
+ def log_rack_env(env)
33
+ request = ::Rack::Request.new env
34
+ log_remote_request request.env['honeypot.remote_ip'], request.url, request.referer
35
+ end
36
+
37
+ def log_remote_request(ip_address, url, referer)
38
+ remote_host = RemoteHost.find_or_create_by_ip_address ip_address
34
39
  remote_request = remote_requests.find_or_create_by_remote_host_id remote_host.id
35
- remote_request.last_http_referer = request.referer if request.referer.present?
36
- remote_request.last_request_uri = request.url if request.url.present?
40
+ remote_request.last_http_referer = referer
41
+ remote_request.last_request_uri = url
37
42
  remote_request.increment :hits
38
43
  remote_request.save!
39
44
  true
40
45
  end
41
46
 
42
- def related_requestables(seen_remote_host_ids = [])
47
+ def related_requestables(seen_remote_host_ids = Array.new)
43
48
  set = Set.new
44
49
  conditions = seen_remote_host_ids.present? ? [ "remote_hosts.id NOT IN (?)", seen_remote_host_ids ] : nil
45
50
  remote_hosts.where(conditions).find_in_batches do |batch|
data/lib/honeypot/ipaddr_ext.rb CHANGED
@@ -1,18 +1,18 @@
1
1
  # http://codesnippets.joyent.com/posts/show/7546
2
2
  class IPAddr
3
- PRIVATE_RANGES = [
3
+ UNROUTEABLE_RANGES = [
4
4
  IPAddr.new('127.0.0.1/32'),
5
5
  IPAddr.new('10.0.0.0/8'),
6
6
  IPAddr.new('172.16.0.0/12'),
7
7
  IPAddr.new('192.168.0.0/16')
8
8
  ]
9
9
 
10
- def private?
10
+ def unrouteable?
11
11
  return false unless self.ipv4?
12
- PRIVATE_RANGES.any? { |ipr| ipr.include? self }
12
+ UNROUTEABLE_RANGES.any? { |ipr| ipr.include? self }
13
13
  end
14
14
 
15
- def public?
16
- !private?
15
+ def routeable?
16
+ !unrouteable?
17
17
  end
18
18
  end
data/lib/honeypot/rack.rb CHANGED
@@ -8,16 +8,41 @@ module Honeypot
8
8
  end
9
9
 
10
10
  def call(env)
11
- raw_remote_ip = if env.has_key?('action_dispatch.remote_ip') # rails 3
12
- env['action_dispatch.remote_ip']
13
- elsif env.has_key?('action_controller.rescue.request') # rails 2
14
- env['action_controller.rescue.request'].remote_ip
15
- end
16
- if raw_remote_ip and session = env['rack.session']
17
- remote_ip = IPAddr.new raw_remote_ip.to_s
18
- session['honeypot.last_known_remote_ip'] = remote_ip.to_s if remote_ip.public?
11
+ remote_ip = _most_likely_remote_ip env
12
+
13
+ # For the next request, in case the next time we see this session the remote ip is obscured
14
+ # (for example, that happens if you're on engineyard and the request comes in over SSL)
15
+ if env.has_key? 'rack.session' and remote_ip.routeable?
16
+ env['rack.session']['honeypot.last_known_routeable_remote_ip'] = remote_ip.to_s
19
17
  end
18
+
19
+ # For use by other middleware or the app itself
20
+ env['honeypot.remote_ip'] = remote_ip.to_s
21
+
20
22
  @app.call env
21
23
  end
24
+
25
+ def _most_likely_remote_ip(env)
26
+ candidates = _collect_possible_remote_ips env
27
+ candidates.detect { |remote_ip| remote_ip.routeable? } || candidates.first
28
+ end
29
+
30
+ def _collect_possible_remote_ips(env)
31
+ candidates = Array.new
32
+ # rails 3
33
+ if env.has_key? 'action_dispatch.remote_ip'
34
+ candidates.push env['action_dispatch.remote_ip']
35
+ end
36
+ # rails 2
37
+ if env.has_key? 'action_controller.rescue.request'
38
+ candidates.push env['action_controller.rescue.request']
39
+ end
40
+ # saved by honeypot between requests
41
+ if env.has_key? 'rack.session'
42
+ candidates.push env['rack.session']['honeypot.last_known_routeable_remote_ip']
43
+ end
44
+ candidates.map! { |raw_ip_address| IPAddr.new raw_ip_address.to_s }
45
+ candidates
46
+ end
22
47
  end
23
48
  end
metadata CHANGED
@@ -1,12 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: honeypot
3
3
  version: !ruby/object:Gem::Version
4
+ hash: 17
4
5
  prerelease: false
5
6
  segments:
6
7
  - 0
7
8
  - 0
8
- - 6
9
- version: 0.0.6
9
+ - 7
10
+ version: 0.0.7
10
11
  platform: ruby
11
12
  authors:
12
13
  - Seamus Abshere
@@ -14,16 +15,18 @@ autorequire:
14
15
  bindir: bin
15
16
  cert_chain: []
16
17
 
17
- date: 2010-05-27 00:00:00 -04:00
18
+ date: 2010-07-02 00:00:00 -04:00
18
19
  default_executable:
19
20
  dependencies:
20
21
  - !ruby/object:Gem::Dependency
21
22
  name: fast_timestamp
22
23
  prerelease: false
23
24
  requirement: &id001 !ruby/object:Gem::Requirement
25
+ none: false
24
26
  requirements:
25
27
  - - ">="
26
28
  - !ruby/object:Gem::Version
29
+ hash: 23
27
30
  segments:
28
31
  - 0
29
32
  - 0
@@ -35,9 +38,11 @@ dependencies:
35
38
  name: geokit
36
39
  prerelease: false
37
40
  requirement: &id002 !ruby/object:Gem::Requirement
41
+ none: false
38
42
  requirements:
39
43
  - - ">="
40
44
  - !ruby/object:Gem::Version
45
+ hash: 3
41
46
  segments:
42
47
  - 1
43
48
  - 5
@@ -49,9 +54,11 @@ dependencies:
49
54
  name: activesupport
50
55
  prerelease: false
51
56
  requirement: &id003 !ruby/object:Gem::Requirement
57
+ none: false
52
58
  requirements:
53
59
  - - ">="
54
60
  - !ruby/object:Gem::Version
61
+ hash: 19
55
62
  segments:
56
63
  - 2
57
64
  - 3
@@ -63,9 +70,11 @@ dependencies:
63
70
  name: activerecord
64
71
  prerelease: false
65
72
  requirement: &id004 !ruby/object:Gem::Requirement
73
+ none: false
66
74
  requirements:
67
75
  - - ">="
68
76
  - !ruby/object:Gem::Version
77
+ hash: 19
69
78
  segments:
70
79
  - 2
71
80
  - 3
@@ -77,9 +86,11 @@ dependencies:
77
86
  name: andand
78
87
  prerelease: false
79
88
  requirement: &id005 !ruby/object:Gem::Requirement
89
+ none: false
80
90
  requirements:
81
91
  - - ">="
82
92
  - !ruby/object:Gem::Version
93
+ hash: 25
83
94
  segments:
84
95
  - 1
85
96
  - 3
@@ -123,23 +134,27 @@ rdoc_options:
123
134
  require_paths:
124
135
  - lib
125
136
  required_ruby_version: !ruby/object:Gem::Requirement
137
+ none: false
126
138
  requirements:
127
139
  - - ">="
128
140
  - !ruby/object:Gem::Version
141
+ hash: 3
129
142
  segments:
130
143
  - 0
131
144
  version: "0"
132
145
  required_rubygems_version: !ruby/object:Gem::Requirement
146
+ none: false
133
147
  requirements:
134
148
  - - ">="
135
149
  - !ruby/object:Gem::Version
150
+ hash: 3
136
151
  segments:
137
152
  - 0
138
153
  version: "0"
139
154
  requirements: []
140
155
 
141
156
  rubyforge_project:
142
- rubygems_version: 1.3.6
157
+ rubygems_version: 1.3.7
143
158
  signing_key:
144
159
  specification_version: 3
145
160
  summary: Track remote requests to catch fraud.