paraxial 0.1.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1bd3d81eda937e486869f0796af505440ba3268ef365a59170ac0545dcf06a10
-  data.tar.gz: '099afef44bbc41beb2fdad948610864fa4592837428701c77d0f965d047e7d68'
+  metadata.gz: ea5f2156685b5204495019d6a72ad0f433326438abfef4e70e26b39ab62bf58b
+  data.tar.gz: 4dd855ada83c429df5422b42177af07863041ef94feb14912375df5f8d18e807
 SHA512:
-  metadata.gz: 59db9199f831f0d4b65d8aa56bfca1ed976da91c03799b237c5b2d4fe62d5df1fd76c9de6dbf4969c90c6a0c50d6cfedfe57762f89a36f63997f1df7f811178c
-  data.tar.gz: 5efcc6c94e05db287a6679e06188f86b354ec4c098c8f2f4276e10a73385895cbbf3b2c6bc2a7364e11c26d3ae4e953ff18109193d533eec6e41e0356895c9b8
+  metadata.gz: 5f458988de37e4a6c9c0a8f8e1489b613925faf48d11dc59c1addbcca49acc740292cddae12bd675c25c8c640a2f45133e5ed6d9232c8319f74fe868c2e2396e
+  data.tar.gz: 81504558ae7231a7f5f5397f6ca640faf63532c15686d61942d54a306c0d28b865f3e11e8c17973729a1b200c74ad3246f149ca46a53635e91dfa229fe57a998

data/lib/paraxial/cli.rb

@@ -4,30 +4,101 @@ require 'net/http'
 require 'uri'
 require 'json'
 require 'time'
+require 'yaml'
+require_relative 'helpers'
 
 module Paraxial
   class CLI < Thor
-    desc "scan", "Run scan"
+    desc 'scan', 'Run scan'
+    option :github_app, type: :boolean, default: false, desc: 'Use GitHub app'
+    option :install_id, type: :numeric, desc: 'GitHub App installation ID'
+    option :repo_owner, type: :string, desc: 'Repository owner'
+    option :repo_name, type: :string, desc: 'Repository name'
+    option :pr_number, type: :numeric, desc: 'Pull request number'
+
     def scan
-      puts "[Paraxial] Scan NOW"
-      cops = "Paraxial,Security/Eval,Security/IoMethods,Security/JSONLoad,Security/MarshalLoad,Security/Open,Security/YAMLLoad"
-      rubocop = `rubocop --only #{cops} --format json`
-      lockfile = File.read("./Gemfile.lock")
-      api_key = ENV['PARAXIAL_API_KEY']
-      uri = URI.parse(ENV['PARAXIAL_URL'] + "/api/ruby_scan")
-      headers = { 'Content-Type': 'application/json' }
-
-      body = { rubocop: rubocop, lockfile: lockfile, api_key: api_key, timestamp: Paraxial.get_timestamp() }
-      response = Net::HTTP.post(uri, body.to_json, headers)
-      puts response.body
-
-      if ENV['PARAXIAL_API_KEY'] == nil
-        puts "[Paraxial] Environment variable PARAXIAL_API_KEY not found, set with: "
-        puts "[Paraxial] export PARAXIAL_API_KEY=your_site_api_key_here"
-        puts "[Paraxial] Exiting"
-        exit()
+      puts '[Paraxial] Scan starting...'
+      if check_rubocop_configuration
+        puts '[Paraxial] .rubocop.yml contains the required paraxial configuration.'
+      else
+        puts '[Paraxial] .rubocop.yml does not contain the required paraxial configuration.'
+        puts '[Paraxial] How to configure: TODO_URL'
+        exit
+      end
+
+      if ENV['PARAXIAL_API_KEY'].nil?
+        puts '[Paraxial] Environment variable PARAXIAL_API_KEY not found'
+      else
+        github_app = options[:github_app]
+        install_id = options[:install_id]
+        repo_owner = options[:repo_owner]
+        repo_name = options[:repo_name]
+        pr_number = options[:pr_number]
+
+        cops = 'Paraxial,Security/Eval,Security/IoMethods,Security/JSONLoad,Security/MarshalLoad,Security/Open,Security/YAMLLoad'
+        rubocop = `rubocop --only #{cops} --format json`
+        lockfile = File.read('./Gemfile.lock')
+        api_key = ENV['PARAXIAL_API_KEY']
+        uri = URI.parse(Paraxial::Helpers.get_paraxial_url + '/api/ruby_scan')
+        headers = { 'Content-Type': 'application/json' }
+
+        body = { rubocop:, lockfile:, api_key:, timestamp: Paraxial.get_timestamp }
+        response = Net::HTTP.post(uri, body.to_json, headers)
+        puts "[Paraxial] scan result: #{response.body}"
+        github_valid = (!!github_app and !!install_id and !!repo_owner and !!repo_name and !!pr_number)
+
+        if github_app and github_valid == false
+          puts '[Paraxial] --github_app missing arguments'
+          puts '[Paraxial] Required: --github_app, --install_id, --repo_owner, --repo_name, --pr_number'
+        elsif github_app and github_valid
+          uuid_regex = /UUID\s+(\S+)/
+          match = response.body.match(uuid_regex)
+          uuid = match[1] if match
+          if uuid
+            final_uuid = uuid.chomp('.')
+            censored_backend_map = {
+              'installation_id' => install_id,
+              'repository_owner' => repo_owner,
+              'repository_name' => repo_name,
+              'pull_request_number' => pr_number,
+              'scan_uuid' => final_uuid,
+              'api_key' => 'REDACTED'
+            }
+            cbms = JSON.pretty_generate(censored_backend_map)
+            puts "[Paraxial] GitHub hash: #{cbms}"
+
+            censored_backend_map['api_key'] = api_key
+            backend_map = censored_backend_map
+            parax_uri = URI.parse(Paraxial::Helpers.get_paraxial_url + '/api/github_app')
+            github_pr_url = "https://github.com/#{repo_owner}/#{repo_name}/pull/#{pr_number}"
+
+            rr = Net::HTTP.post(parax_uri, backend_map.to_json, headers)
+            puts "[Paraxial] parax_uri response: #{rr.body}"
+            puts "[Paraxial] #{github_pr_url}"
+          else
+            puts '[Paraxial] No scan UUID found'
+          end
+
+        else
+          :ok
+        end
+      end
+    end
+
+    private
+
+    def check_rubocop_configuration
+      rubocop_file = File.join(Dir.pwd, '.rubocop.yml')
+
+      return false unless File.exist?(rubocop_file)
+
+      config = YAML.load_file(rubocop_file)
+      required_key = 'require'
+
+      if config.is_a?(Hash) && config[required_key].is_a?(Array)
+        config[required_key].include?('paraxial')
       else
-        puts "[Paraxial] Scan result here"
+        false
       end
     end
   end

data/lib/paraxial/helpers.rb

@@ -0,0 +1,7 @@
+module Paraxial
+  module Helpers
+    def self.get_paraxial_url
+      @paraxial_url ||= ENV['PARAXIAL_URL'] || 'https://app.paraxial.io/'
+    end
+  end
+end

data/lib/paraxial/initializers/startup.rb

@@ -1,25 +1,66 @@
 require 'bundler'
 require 'paraxial'
+require 'rpatricia'
+require_relative '../helpers'
+
 Bundler.setup
 
 Rails.application.config.to_prepare do
-  # Your code here
-  puts "[Paraxial] Runtime start"
-
-  deps_and_licenses = []
-  Bundler.load.specs.each do |spec|
-    # Print the gem name and license
-    h = { name: spec.name, version: spec.version.to_s, description: Paraxial.trim_dep(spec.description), license: spec.license || 'None' }
-    deps_and_licenses << h
-  end
-  deps_and_licenses << { name: "ruby", version: RUBY_VERSION, description: "The Ruby Programming Language", license: "Ruby"}
+  puts '[Paraxial] Init start'
   api_key = ENV['PARAXIAL_API_KEY']
-  uri = URI.parse(ENV['PARAXIAL_URL'] + "/api/ruby_app_lic")
-  headers = { 'Content-Type': 'application/json' }
 
-  body = { app_lic: deps_and_licenses, api_key: api_key, timestamp: Paraxial.get_timestamp() }
-  Thread.new do
-    response = Net::HTTP.post(uri, body.to_json, headers)
-  end
+  if api_key.nil?
+    puts '[Paraxial] Init PARAXIAL_API_KEY key not set, agent not started'
+  elsif Rails.env.test?
+    puts '[Paraxial] Init Test environment detected, agent not started'
+  else
+    begin
+      puts '[Paraxial] Init config valid, agent starting'
+      deps_and_licenses = []
+      Bundler.load.specs.each do |spec|
+        # Print the gem name and license
+        h = { name: spec.name, version: spec.version.to_s, description: Paraxial.trim_dep(spec.description),
+              license: spec.license || 'None' }
+        deps_and_licenses << h
+      end
+      deps_and_licenses << { name: 'ruby', version: RUBY_VERSION, description: 'The Ruby Programming Language',
+                             license: 'Ruby' }
+      uri = URI.parse(Paraxial::Helpers.get_paraxial_url + '/api/ruby_app_lic')
+      headers = { 'Content-Type': 'application/json' }
 
+      body = { app_lic: deps_and_licenses, api_key:, timestamp: Paraxial.get_timestamp }
+      cloud_uri = URI.parse(Paraxial::Helpers.get_paraxial_url + '/api/cloud_ip_list')
+      response = Net::HTTP.get(cloud_uri)
+
+      Thread.new do
+        Net::HTTP.post(uri, body.to_json, headers)
+      end
+
+      # https://github.com/jkitching/rpatricia
+      pt_v4 = Patricia.new
+      pt_v6 = Patricia.new(:AF_INET6)
+      cloud_list = JSON.parse(response)
+      cloud_list.each do |k, v|
+        if k.include?('::')
+          pt_v6.add(k, v)
+        else
+          pt_v4.add(k, v)
+        end
+      end
+      # puts '[Paraxial] pt_v4.num_nodes'
+      # puts pt_v4.num_nodes
+      # puts 'pt_v6.num_nodes'
+      # puts pt_v6.num_nodes
+      PARAXIAL_IPV4 = pt_v4
+      PARAXIAL_IPV6 = pt_v6
+    rescue Errno::ECONNREFUSED => _e
+      puts '[Paraxial] Init HTTP request failed, check configuration'
+      PARAXIAL_IPV4 = Patricia.new
+      PARAXIAL_IPV6 = Patricia.new(:AF_INET6)
+    rescue StandardError => _e
+      puts '[Paraxial] Init error, check configuration'
+      PARAXIAL_IPV4 = Patricia.new
+      PARAXIAL_IPV6 = Patricia.new(:AF_INET6)
+    end
+  end
 end

data/lib/paraxial/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Paraxial
-  VERSION = "0.1.0"
+  VERSION = '0.3.0'
 end

data/lib/paraxial.rb

@@ -17,11 +17,33 @@ module Paraxial
   class Error < StandardError; end
   # Your code goes here...
 
+  class Defense
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      request_path = env['PATH_INFO']
+
+      if request_path.end_with?('.php')
+        # Return a 404 response if the request path ends with '.php'
+        [404, { 'Content-Type' => 'text/plain' }, ["Not Found from Paraxial.io"]]
+      else
+        # Pass the request to the next middleware or the application
+        @app.call(env)
+      end
+    end
+  end
+
   def self.get_timestamp
     utc_time = Time.now.utc
     utc_time.strftime("%Y-%m-%d %H:%M:%S.%6N") + "Z"
   end
 
+  def self.cloud_ip?(ip)
+    !!(PARAXIAL_IPV4.search_best(ip) or PARAXIAL_IPV6.search_best(ip))
+  end
+
   def self.trim_dep(input)
     if input == nil
       nil

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: paraxial
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Michael Lubas
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-07-24 00:00:00.000000000 Z
+date: 2024-08-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -24,6 +24,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: rpatricia
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -54,6 +82,7 @@ files:
 - lib/paraxial.rb
 - lib/paraxial/cli.rb
 - lib/paraxial/engine.rb
+- lib/paraxial/helpers.rb
 - lib/paraxial/initializers/startup.rb
 - lib/paraxial/version.rb
 - lib/rubocop/cop/paraxial/constantize.rb