honeypot 0.0.8 → 0.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Rakefile +2 -3
- data/VERSION +1 -1
- data/honeypot.gemspec +9 -14
- data/lib/honeypot.rb +39 -10
- data/lib/honeypot/railtie.rb +1 -1
- data/lib/honeypot/true_remote_ip.rb +38 -0
- metadata +11 -29
- data/lib/honeypot/best_guess_routeable_remote_ip.rb +0 -55
- data/lib/honeypot/ipaddr_ext.rb +0 -18
- data/lib/honeypot/rails.rb +0 -5
data/Rakefile
CHANGED
@@ -12,9 +12,8 @@ begin
|
|
12
12
|
gem.authors = ["Seamus Abshere"]
|
13
13
|
gem.add_dependency 'fast_timestamp', '>=0.0.4'
|
14
14
|
gem.add_dependency 'geokit', '>=1.5.0'
|
15
|
-
gem.add_dependency 'activesupport', '>=2.3.
|
16
|
-
gem.add_dependency 'activerecord', '>=2.3.
|
17
|
-
gem.add_dependency 'andand', '>=1.3.1'
|
15
|
+
gem.add_dependency 'activesupport', '>=2.3.5'
|
16
|
+
gem.add_dependency 'activerecord', '>=2.3.5'
|
18
17
|
# gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
|
19
18
|
end
|
20
19
|
Jeweler::GemcutterTasks.new
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0.
|
1
|
+
0.0.9
|
data/honeypot.gemspec
CHANGED
@@ -5,11 +5,11 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{honeypot}
|
8
|
-
s.version = "0.0.
|
8
|
+
s.version = "0.0.9"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Seamus Abshere"]
|
12
|
-
s.date = %q{2010-07-
|
12
|
+
s.date = %q{2010-07-20}
|
13
13
|
s.description = %q{Catch bad guys when they stick their hands in the honey.}
|
14
14
|
s.email = %q{seamus@abshere.net}
|
15
15
|
s.extra_rdoc_files = [
|
@@ -25,12 +25,10 @@ Gem::Specification.new do |s|
|
|
25
25
|
"VERSION",
|
26
26
|
"honeypot.gemspec",
|
27
27
|
"lib/honeypot.rb",
|
28
|
-
"lib/honeypot/best_guess_routeable_remote_ip.rb",
|
29
|
-
"lib/honeypot/ipaddr_ext.rb",
|
30
|
-
"lib/honeypot/rails.rb",
|
31
28
|
"lib/honeypot/railtie.rb",
|
32
29
|
"lib/honeypot/remote_host.rb",
|
33
30
|
"lib/honeypot/remote_request.rb",
|
31
|
+
"lib/honeypot/true_remote_ip.rb",
|
34
32
|
"test/helper.rb",
|
35
33
|
"test/test_honeypot.rb"
|
36
34
|
]
|
@@ -51,22 +49,19 @@ Gem::Specification.new do |s|
|
|
51
49
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
52
50
|
s.add_runtime_dependency(%q<fast_timestamp>, [">= 0.0.4"])
|
53
51
|
s.add_runtime_dependency(%q<geokit>, [">= 1.5.0"])
|
54
|
-
s.add_runtime_dependency(%q<activesupport>, [">= 2.3.
|
55
|
-
s.add_runtime_dependency(%q<activerecord>, [">= 2.3.
|
56
|
-
s.add_runtime_dependency(%q<andand>, [">= 1.3.1"])
|
52
|
+
s.add_runtime_dependency(%q<activesupport>, [">= 2.3.5"])
|
53
|
+
s.add_runtime_dependency(%q<activerecord>, [">= 2.3.5"])
|
57
54
|
else
|
58
55
|
s.add_dependency(%q<fast_timestamp>, [">= 0.0.4"])
|
59
56
|
s.add_dependency(%q<geokit>, [">= 1.5.0"])
|
60
|
-
s.add_dependency(%q<activesupport>, [">= 2.3.
|
61
|
-
s.add_dependency(%q<activerecord>, [">= 2.3.
|
62
|
-
s.add_dependency(%q<andand>, [">= 1.3.1"])
|
57
|
+
s.add_dependency(%q<activesupport>, [">= 2.3.5"])
|
58
|
+
s.add_dependency(%q<activerecord>, [">= 2.3.5"])
|
63
59
|
end
|
64
60
|
else
|
65
61
|
s.add_dependency(%q<fast_timestamp>, [">= 0.0.4"])
|
66
62
|
s.add_dependency(%q<geokit>, [">= 1.5.0"])
|
67
|
-
s.add_dependency(%q<activesupport>, [">= 2.3.
|
68
|
-
s.add_dependency(%q<activerecord>, [">= 2.3.
|
69
|
-
s.add_dependency(%q<andand>, [">= 1.3.1"])
|
63
|
+
s.add_dependency(%q<activesupport>, [">= 2.3.5"])
|
64
|
+
s.add_dependency(%q<activerecord>, [">= 2.3.5"])
|
70
65
|
end
|
71
66
|
end
|
72
67
|
|
data/lib/honeypot.rb
CHANGED
@@ -1,6 +1,5 @@
|
|
1
1
|
require 'ipaddr'
|
2
2
|
require 'set'
|
3
|
-
require 'andand'
|
4
3
|
require 'active_support'
|
5
4
|
require 'active_support/version'
|
6
5
|
%w{
|
@@ -10,12 +9,8 @@ require 'active_support/version'
|
|
10
9
|
end if ActiveSupport::VERSION::MAJOR == 3
|
11
10
|
require 'active_record'
|
12
11
|
require 'fast_timestamp'
|
13
|
-
require 'honeypot/ipaddr_ext'
|
14
12
|
require 'honeypot/remote_request'
|
15
13
|
require 'honeypot/remote_host'
|
16
|
-
require 'honeypot/best_guess_routeable_remote_ip'
|
17
|
-
|
18
|
-
require 'honeypot/railtie' if defined? ::Rails::Railtie
|
19
14
|
|
20
15
|
module Honeypot
|
21
16
|
def self.included(base)
|
@@ -25,17 +20,46 @@ module Honeypot
|
|
25
20
|
end
|
26
21
|
end
|
27
22
|
|
28
|
-
|
29
|
-
|
23
|
+
# Returns a String of the first remote ip, or nil if it doesn't find any.
|
24
|
+
def self.true_remote_ip(ips)
|
25
|
+
hit = ips.detect { |ip| routeable_ip? ip }
|
26
|
+
return unless hit
|
27
|
+
hit.to_s
|
28
|
+
end
|
29
|
+
|
30
|
+
UNROUTEABLE_CIDRS = [
|
31
|
+
::IPAddr.new('127.0.0.1/32'),
|
32
|
+
::IPAddr.new('10.0.0.0/8'),
|
33
|
+
::IPAddr.new('172.16.0.0/12'),
|
34
|
+
::IPAddr.new('192.168.0.0/16')
|
35
|
+
]
|
36
|
+
|
37
|
+
def self.routeable_ip?(ip)
|
38
|
+
ip_addr = ::IPAddr.new ip.to_s
|
39
|
+
ip_addr.ipv4? and UNROUTEABLE_CIDRS.none? { |cidr| cidr.include? ip_addr }
|
40
|
+
rescue ArgumentError
|
41
|
+
false
|
42
|
+
end
|
43
|
+
|
44
|
+
# The Rack middleware isn't enabled, so we have to do it here.
|
45
|
+
# On other requests you'll have to manually save session['honeypot.true_remote_ip']
|
46
|
+
def log_rails_2_request(request, session)
|
47
|
+
if ip = ::Honeypot.true_remote_ip([request.remote_ip, session['honeypot.true_remote_ip']])
|
48
|
+
session['honeypot.true_remote_ip'] = ip
|
49
|
+
log_remote_request ip, request.url, request.referer
|
50
|
+
end
|
30
51
|
end
|
31
52
|
|
53
|
+
# For use in Rails 3 and other Rack apps.
|
32
54
|
def log_rack_env(env)
|
33
55
|
request = ::Rack::Request.new env
|
34
|
-
|
56
|
+
if env['honeypot.true_remote_ip'].present?
|
57
|
+
log_remote_request env['honeypot.true_remote_ip'], request.url, request.referer
|
58
|
+
end
|
35
59
|
end
|
36
60
|
|
37
|
-
def log_remote_request(
|
38
|
-
remote_host = RemoteHost.find_or_create_by_ip_address
|
61
|
+
def log_remote_request(ip, url, referer)
|
62
|
+
remote_host = RemoteHost.find_or_create_by_ip_address ip
|
39
63
|
remote_request = remote_requests.find_or_create_by_remote_host_id remote_host.id
|
40
64
|
remote_request.last_http_referer = referer
|
41
65
|
remote_request.last_request_uri = url
|
@@ -62,3 +86,8 @@ module Honeypot
|
|
62
86
|
set
|
63
87
|
end
|
64
88
|
end
|
89
|
+
|
90
|
+
if defined? ::Rails::Railtie and ActiveSupport::VERSION::MAJOR > 2
|
91
|
+
require 'honeypot/true_remote_ip'
|
92
|
+
require 'honeypot/railtie'
|
93
|
+
end
|
data/lib/honeypot/railtie.rb
CHANGED
@@ -4,6 +4,6 @@ require 'rails'
|
|
4
4
|
module Honeypot
|
5
5
|
class Railtie < Rails::Railtie
|
6
6
|
# more or less, this puts us after the rails helper stuff (ActionDispatch::RemoteIp) but before most custom middleware
|
7
|
-
config.app_middleware.insert_after '::Rack::MethodOverride', '::Honeypot::
|
7
|
+
config.app_middleware.insert_after '::Rack::MethodOverride', '::Honeypot::TrueRemoteIp'
|
8
8
|
end
|
9
9
|
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
# inspired by hoptoad_notifier
|
2
|
+
# http://charlesmaxwood.com/sessions-in-rack-and-rails-metal/
|
3
|
+
module Honeypot
|
4
|
+
# Middleware for Rack applications. Remote hosts will be tied together with remote requests.
|
5
|
+
class TrueRemoteIp
|
6
|
+
def initialize(app)
|
7
|
+
@app = app
|
8
|
+
end
|
9
|
+
|
10
|
+
def call(env)
|
11
|
+
ip = ::Honeypot.true_remote_ip _possible_remote_ips(env)
|
12
|
+
|
13
|
+
# For the next request, in case the next time we see this session the remote ip is obscured
|
14
|
+
# (for example, that happens if you're on engineyard and the request comes in over SSL)
|
15
|
+
if ip and env.has_key? 'rack.session'
|
16
|
+
env['rack.session']['honeypot.true_remote_ip'] = ip
|
17
|
+
end
|
18
|
+
|
19
|
+
# For use by other middleware or the app itself
|
20
|
+
env['honeypot.true_remote_ip'] = ip
|
21
|
+
|
22
|
+
@app.call env
|
23
|
+
end
|
24
|
+
|
25
|
+
def _possible_remote_ips(env)
|
26
|
+
candidates = Array.new
|
27
|
+
# nicely provided by Rails 3
|
28
|
+
if env['action_dispatch.remote_ip']
|
29
|
+
candidates.push env['action_dispatch.remote_ip']
|
30
|
+
end
|
31
|
+
# saved by honeypot between requests
|
32
|
+
if env['rack.session']
|
33
|
+
candidates.push env['rack.session']['honeypot.true_remote_ip']
|
34
|
+
end
|
35
|
+
candidates
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: honeypot
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 13
|
5
5
|
prerelease: false
|
6
6
|
segments:
|
7
7
|
- 0
|
8
8
|
- 0
|
9
|
-
-
|
10
|
-
version: 0.0.
|
9
|
+
- 9
|
10
|
+
version: 0.0.9
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Seamus Abshere
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2010-07-
|
18
|
+
date: 2010-07-20 00:00:00 -05:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|
@@ -58,12 +58,12 @@ dependencies:
|
|
58
58
|
requirements:
|
59
59
|
- - ">="
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
hash:
|
61
|
+
hash: 9
|
62
62
|
segments:
|
63
63
|
- 2
|
64
64
|
- 3
|
65
|
-
-
|
66
|
-
version: 2.3.
|
65
|
+
- 5
|
66
|
+
version: 2.3.5
|
67
67
|
type: :runtime
|
68
68
|
version_requirements: *id003
|
69
69
|
- !ruby/object:Gem::Dependency
|
@@ -74,30 +74,14 @@ dependencies:
|
|
74
74
|
requirements:
|
75
75
|
- - ">="
|
76
76
|
- !ruby/object:Gem::Version
|
77
|
-
hash:
|
77
|
+
hash: 9
|
78
78
|
segments:
|
79
79
|
- 2
|
80
80
|
- 3
|
81
|
-
-
|
82
|
-
version: 2.3.
|
81
|
+
- 5
|
82
|
+
version: 2.3.5
|
83
83
|
type: :runtime
|
84
84
|
version_requirements: *id004
|
85
|
-
- !ruby/object:Gem::Dependency
|
86
|
-
name: andand
|
87
|
-
prerelease: false
|
88
|
-
requirement: &id005 !ruby/object:Gem::Requirement
|
89
|
-
none: false
|
90
|
-
requirements:
|
91
|
-
- - ">="
|
92
|
-
- !ruby/object:Gem::Version
|
93
|
-
hash: 25
|
94
|
-
segments:
|
95
|
-
- 1
|
96
|
-
- 3
|
97
|
-
- 1
|
98
|
-
version: 1.3.1
|
99
|
-
type: :runtime
|
100
|
-
version_requirements: *id005
|
101
85
|
description: Catch bad guys when they stick their hands in the honey.
|
102
86
|
email: seamus@abshere.net
|
103
87
|
executables: []
|
@@ -116,12 +100,10 @@ files:
|
|
116
100
|
- VERSION
|
117
101
|
- honeypot.gemspec
|
118
102
|
- lib/honeypot.rb
|
119
|
-
- lib/honeypot/best_guess_routeable_remote_ip.rb
|
120
|
-
- lib/honeypot/ipaddr_ext.rb
|
121
|
-
- lib/honeypot/rails.rb
|
122
103
|
- lib/honeypot/railtie.rb
|
123
104
|
- lib/honeypot/remote_host.rb
|
124
105
|
- lib/honeypot/remote_request.rb
|
106
|
+
- lib/honeypot/true_remote_ip.rb
|
125
107
|
- test/helper.rb
|
126
108
|
- test/test_honeypot.rb
|
127
109
|
has_rdoc: true
|
@@ -1,55 +0,0 @@
|
|
1
|
-
# inspired by hoptoad_notifier
|
2
|
-
# http://charlesmaxwood.com/sessions-in-rack-and-rails-metal/
|
3
|
-
module Honeypot
|
4
|
-
# Middleware for Rack applications. Remote hosts will be tied together with remote requests.
|
5
|
-
class BestGuessRouteableRemoteIp
|
6
|
-
def initialize(app)
|
7
|
-
@app = app
|
8
|
-
end
|
9
|
-
|
10
|
-
def call(env)
|
11
|
-
ip = _best_guess_remote_ip env
|
12
|
-
|
13
|
-
# For the next request, in case the next time we see this session the remote ip is obscured
|
14
|
-
# (for example, that happens if you're on engineyard and the request comes in over SSL)
|
15
|
-
if env.has_key? 'rack.session' and ip.routeable?
|
16
|
-
env['rack.session']['honeypot.best_guess_routeable_remote_ip'] = ip.to_s
|
17
|
-
end
|
18
|
-
|
19
|
-
# For use by other middleware or the app itself
|
20
|
-
env['honeypot.best_guess_routeable_remote_ip'] = ip.to_s
|
21
|
-
|
22
|
-
@app.call env
|
23
|
-
end
|
24
|
-
|
25
|
-
def _best_guess_remote_ip(env)
|
26
|
-
candidates = _collect_possible_remote_ips env
|
27
|
-
candidates.detect { |remote_ip| remote_ip.routeable? } || candidates.first
|
28
|
-
end
|
29
|
-
|
30
|
-
def _collect_possible_remote_ips(env)
|
31
|
-
candidates = Array.new
|
32
|
-
# rails 3
|
33
|
-
if env.has_key? 'action_dispatch.remote_ip'
|
34
|
-
candidates.push env['action_dispatch.remote_ip']
|
35
|
-
end
|
36
|
-
# rails 2
|
37
|
-
if env.has_key? 'action_controller.rescue.request'
|
38
|
-
candidates.push env['action_controller.rescue.request']
|
39
|
-
end
|
40
|
-
# saved by honeypot between requests
|
41
|
-
if env.has_key? 'rack.session'
|
42
|
-
candidates.push env['rack.session']['honeypot.best_guess_routeable_remote_ip']
|
43
|
-
end
|
44
|
-
candidates.map! do |raw_ip_address|
|
45
|
-
begin
|
46
|
-
IPAddr.new raw_ip_address.to_s
|
47
|
-
rescue ArgumentError
|
48
|
-
# ignore it, maybe bad data got in here somehow
|
49
|
-
end
|
50
|
-
end
|
51
|
-
candidates.compact!
|
52
|
-
candidates
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
data/lib/honeypot/ipaddr_ext.rb
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
# http://codesnippets.joyent.com/posts/show/7546
|
2
|
-
class IPAddr
|
3
|
-
UNROUTEABLE_RANGES = [
|
4
|
-
IPAddr.new('127.0.0.1/32'),
|
5
|
-
IPAddr.new('10.0.0.0/8'),
|
6
|
-
IPAddr.new('172.16.0.0/12'),
|
7
|
-
IPAddr.new('192.168.0.0/16')
|
8
|
-
]
|
9
|
-
|
10
|
-
def unrouteable?
|
11
|
-
return false unless self.ipv4?
|
12
|
-
UNROUTEABLE_RANGES.any? { |ipr| ipr.include? self }
|
13
|
-
end
|
14
|
-
|
15
|
-
def routeable?
|
16
|
-
!unrouteable?
|
17
|
-
end
|
18
|
-
end
|