paraxial 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1bd3d81eda937e486869f0796af505440ba3268ef365a59170ac0545dcf06a10
-  data.tar.gz: '099afef44bbc41beb2fdad948610864fa4592837428701c77d0f965d047e7d68'
+  metadata.gz: 70c0596f1eef97562cfcb511a053227074b08349c28081f76fde5e7481085eeb
+  data.tar.gz: a129cedace488343816f94ad89a712825b9e000de2dffa041f0ba9ab997f18d7
 SHA512:
-  metadata.gz: 59db9199f831f0d4b65d8aa56bfca1ed976da91c03799b237c5b2d4fe62d5df1fd76c9de6dbf4969c90c6a0c50d6cfedfe57762f89a36f63997f1df7f811178c
-  data.tar.gz: 5efcc6c94e05db287a6679e06188f86b354ec4c098c8f2f4276e10a73385895cbbf3b2c6bc2a7364e11c26d3ae4e953ff18109193d533eec6e41e0356895c9b8
+  metadata.gz: 3e67e1dc3fe51b437fc52b6ad026d155b7caea38a9d804e7676d96a2825fcd8833b320dd88f1151c313784eb7b49468c07a6f37275cdbf25bd5d66fda0d00c39
+  data.tar.gz: 0c93c320b498c22f7feaea3483562da418fe36af99c587652ffa8a19a2da10216b8ec4b131c44096dd6a3fd46a7ded086c161ff035f8b3264868b5e64ae15f3a

data/lib/paraxial/cli.rb

@@ -7,27 +7,72 @@ require 'time'
 
 module Paraxial
   class CLI < Thor
-    desc "scan", "Run scan"
+    desc 'scan', 'Run scan'
+    option :github_app, type: :boolean, default: false, desc: 'Use GitHub app'
+    option :install_id, type: :numeric, desc: 'GitHub App installation ID'
+    option :repo_owner, type: :string, desc: 'Repository owner'
+    option :repo_name, type: :string, desc: 'Repository name'
+    option :pr_number, type: :numeric, desc: 'Pull request number'
+
     def scan
-      puts "[Paraxial] Scan NOW"
-      cops = "Paraxial,Security/Eval,Security/IoMethods,Security/JSONLoad,Security/MarshalLoad,Security/Open,Security/YAMLLoad"
-      rubocop = `rubocop --only #{cops} --format json`
-      lockfile = File.read("./Gemfile.lock")
-      api_key = ENV['PARAXIAL_API_KEY']
-      uri = URI.parse(ENV['PARAXIAL_URL'] + "/api/ruby_scan")
-      headers = { 'Content-Type': 'application/json' }
-
-      body = { rubocop: rubocop, lockfile: lockfile, api_key: api_key, timestamp: Paraxial.get_timestamp() }
-      response = Net::HTTP.post(uri, body.to_json, headers)
-      puts response.body
-
-      if ENV['PARAXIAL_API_KEY'] == nil
-        puts "[Paraxial] Environment variable PARAXIAL_API_KEY not found, set with: "
-        puts "[Paraxial] export PARAXIAL_API_KEY=your_site_api_key_here"
-        puts "[Paraxial] Exiting"
-        exit()
+      puts '[Paraxial] Scan starting...'
+
+      if ENV['PARAXIAL_API_KEY'].nil?
+        puts '[Paraxial] Environment variable PARAXIAL_API_KEY not found'
       else
-        puts "[Paraxial] Scan result here"
+        github_app = options[:github_app]
+        install_id = options[:install_id]
+        repo_owner = options[:repo_owner]
+        repo_name = options[:repo_name]
+        pr_number = options[:pr_number]
+
+        cops = 'Paraxial,Security/Eval,Security/IoMethods,Security/JSONLoad,Security/MarshalLoad,Security/Open,Security/YAMLLoad'
+        rubocop = `rubocop --only #{cops} --format json`
+        lockfile = File.read('./Gemfile.lock')
+        api_key = ENV['PARAXIAL_API_KEY']
+        uri = URI.parse(ENV['PARAXIAL_URL'] + '/api/ruby_scan')
+        headers = { 'Content-Type': 'application/json' }
+
+        body = { rubocop:, lockfile:, api_key:, timestamp: Paraxial.get_timestamp }
+        response = Net::HTTP.post(uri, body.to_json, headers)
+        puts "[Paraxial] scan result: #{response.body}"
+        github_valid = (!!github_app and !!install_id and !!repo_owner and !!repo_name and !!pr_number)
+
+        if github_app and github_valid == false
+          puts '[Paraxial] --github_app missing arguments'
+          puts '[Paraxial] Required: --github_app, --install_id, --repo_owner, --repo_name, --pr_number'
+        elsif github_app and github_valid
+          uuid_regex = /UUID\s+(\S+)/
+          match = response.body.match(uuid_regex)
+          uuid = match[1] if match
+          if uuid
+            final_uuid = uuid.chomp('.')
+            censored_backend_map = {
+              'installation_id' => install_id,
+              'repository_owner' => repo_owner,
+              'repository_name' => repo_name,
+              'pull_request_number' => pr_number,
+              'scan_uuid' => final_uuid,
+              'api_key' => 'REDACTED'
+            }
+            cbms = JSON.pretty_generate(censored_backend_map)
+            puts "[Paraxial] GitHub hash: #{cbms}"
+
+            censored_backend_map['api_key'] = api_key
+            backend_map = censored_backend_map
+            parax_uri = URI.parse(ENV['PARAXIAL_URL'] + '/api/github_app')
+            github_pr_url = "https://github.com/#{repo_owner}/#{repo_name}/pull/#{pr_number}"
+
+            rr = Net::HTTP.post(parax_uri, backend_map.to_json, headers)
+            puts "[Paraxial] parax_uri response: #{rr.body}"
+            puts "[Paraxial] #{github_pr_url}"
+          else
+            puts '[Paraxial] No scan UUID found'
+          end
+
+        else
+          :ok
+        end
       end
     end
   end

data/lib/paraxial/initializers/startup.rb

@@ -1,25 +1,57 @@
 require 'bundler'
 require 'paraxial'
+require 'rpatricia'
+
 Bundler.setup
 
 Rails.application.config.to_prepare do
   # Your code here
-  puts "[Paraxial] Runtime start"
-
-  deps_and_licenses = []
-  Bundler.load.specs.each do |spec|
-    # Print the gem name and license
-    h = { name: spec.name, version: spec.version.to_s, description: Paraxial.trim_dep(spec.description), license: spec.license || 'None' }
-    deps_and_licenses << h
-  end
-  deps_and_licenses << { name: "ruby", version: RUBY_VERSION, description: "The Ruby Programming Language", license: "Ruby"}
+  puts '[Paraxial] Runtime start'
   api_key = ENV['PARAXIAL_API_KEY']
-  uri = URI.parse(ENV['PARAXIAL_URL'] + "/api/ruby_app_lic")
-  headers = { 'Content-Type': 'application/json' }
 
-  body = { app_lic: deps_and_licenses, api_key: api_key, timestamp: Paraxial.get_timestamp() }
-  Thread.new do
-    response = Net::HTTP.post(uri, body.to_json, headers)
-  end
+  if api_key.nil?
+    puts '[Paraxial] PARAXIAL_API_KEY key not set, agent not started'
+  elsif ENV['PARAXIAL_URL'].nil?
+    puts '[Paraxial] PARAXIAL_URL key not set, agent not started'
+  elsif Rails.env.test?
+    puts '[Paraxial] Test environment detected, agent not started'
+  else
+    deps_and_licenses = []
+    Bundler.load.specs.each do |spec|
+      # Print the gem name and license
+      h = { name: spec.name, version: spec.version.to_s, description: Paraxial.trim_dep(spec.description),
+            license: spec.license || 'None' }
+      deps_and_licenses << h
+    end
+    deps_and_licenses << { name: 'ruby', version: RUBY_VERSION, description: 'The Ruby Programming Language',
+                           license: 'Ruby' }
+    uri = URI.parse(ENV['PARAXIAL_URL'] + '/api/ruby_app_lic')
+    headers = { 'Content-Type': 'application/json' }
 
+    body = { app_lic: deps_and_licenses, api_key:, timestamp: Paraxial.get_timestamp }
+    Thread.new do
+      Net::HTTP.post(uri, body.to_json, headers)
+    end
+
+    cloud_uri = URI.parse(ENV['PARAXIAL_URL'] + '/api/cloud_ip_list')
+    response = Net::HTTP.get(cloud_uri)
+
+    # https://github.com/jkitching/rpatricia
+    pt_v4 = Patricia.new
+    pt_v6 = Patricia.new(:AF_INET6)
+    cloud_list = JSON.parse(response)
+    cloud_list.each do |k, v|
+      if k.include?('::')
+        pt_v6.add(k, v)
+      else
+        pt_v4.add(k, v)
+      end
+    end
+    # puts '[Paraxial] pt_v4.num_nodes'
+    # puts pt_v4.num_nodes
+    # puts 'pt_v6.num_nodes'
+    # puts pt_v6.num_nodes
+    PARAXIAL_IPV4 = pt_v4
+    PARAXIAL_IPV6 = pt_v6
+  end
 end

data/lib/paraxial/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Paraxial
-  VERSION = "0.1.0"
+  VERSION = '0.2.0'
 end

data/lib/paraxial.rb

@@ -17,11 +17,33 @@ module Paraxial
   class Error < StandardError; end
   # Your code goes here...
 
+  class Defense
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      request_path = env['PATH_INFO']
+
+      if request_path.end_with?('.php')
+        # Return a 404 response if the request path ends with '.php'
+        [404, { 'Content-Type' => 'text/plain' }, ["Not Found from Paraxial.io"]]
+      else
+        # Pass the request to the next middleware or the application
+        @app.call(env)
+      end
+    end
+  end
+
   def self.get_timestamp
     utc_time = Time.now.utc
     utc_time.strftime("%Y-%m-%d %H:%M:%S.%6N") + "Z"
   end
 
+  def self.cloud_ip?(ip)
+    !!(PARAXIAL_IPV4.search_best(ip) or PARAXIAL_IPV6.search_best(ip))
+  end
+
   def self.trim_dep(input)
     if input == nil
       nil

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: paraxial
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Michael Lubas
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-07-24 00:00:00.000000000 Z
+date: 2024-08-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -24,6 +24,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: rpatricia
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement