paraxial 0.2.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 70c0596f1eef97562cfcb511a053227074b08349c28081f76fde5e7481085eeb
-  data.tar.gz: a129cedace488343816f94ad89a712825b9e000de2dffa041f0ba9ab997f18d7
+  metadata.gz: ce7c75f780f9b356d4a15b4fb834bb6f064a8f5a39ead6e629a4f42ff2768010
+  data.tar.gz: 929b701d0e47c7a12b1654c3426e515b37824f591b7a65b2c9a22630c72bc8cc
 SHA512:
-  metadata.gz: 3e67e1dc3fe51b437fc52b6ad026d155b7caea38a9d804e7676d96a2825fcd8833b320dd88f1151c313784eb7b49468c07a6f37275cdbf25bd5d66fda0d00c39
-  data.tar.gz: 0c93c320b498c22f7feaea3483562da418fe36af99c587652ffa8a19a2da10216b8ec4b131c44096dd6a3fd46a7ded086c161ff035f8b3264868b5e64ae15f3a
+  metadata.gz: b1d9decea112098e9c71cf36d071fe1fbe86028ac23b34d4b9a704771d7a007a42f56abbaea51dc65825067e0ac5d029781b7c344c82a3cd339716908f6d8451
+  data.tar.gz: 54bff15c7c351b7f3e74eae787d2858f12e4ded57be06cb3f5872147cdccae90819396837fa60e5ddeda6fff758eddeef0868fed4d02748c3873282c6c59306e

data/lib/paraxial/checker.rb

@@ -0,0 +1,130 @@
+require 'rpatricia'
+module Paraxial
+  module Checker
+    @allows = { 'v4' => Patricia.new, 'v6' => Patricia.new(:AF_INET6) }
+    @bans = { 'v4' => Patricia.new, 'v6' => Patricia.new(:AF_INET6) }
+
+    @thread = Thread.new do
+      loop do
+        get_abr
+        sleep(10)
+      end
+    end
+
+    def self.get_abr
+      uri = URI.parse(Paraxial::Helpers.get_paraxial_url + '/api/abr')
+      headers = { 'Content-Type': 'application/json' }
+
+      body = { api_key: ENV['PARAXIAL_API_KEY'] }
+      r = Net::HTTP.post(uri, body.to_json, headers)
+      if r.code == '200'
+        put_abr(JSON.parse(r.body))
+      else
+        'ab_failed'
+      end
+    end
+
+    def self.put_abr(abr)
+      # Expected input: a hash
+      # {"allows"=>[{"address"=>[96, 56, 162, 210], "netmask"=>32}],
+      # "bans"=>
+      # [{"address"=>[8193, 3512, 34211, 0, 0, 35374, 880, 29492], "netmask"=>128},
+      # {"address"=>[111, 56, 162, 210], "netmask"=>32}],
+      # "rules"=>[]}
+      ipv4_a = []
+      ipv4_b = []
+      ipv6_a = []
+      ipv6_b = []
+      abr.each do |key, value|
+        next if key == 'rules' # skip rules for now
+
+        value.each do |ip|
+          address = ip['address']
+          if address.length == 4
+            if key == 'allows'
+              ipv4_a << address.join('.')
+            elsif key == 'bans'
+              ipv4_b << address.join('.')
+            end
+          elsif key == 'allows'
+            ipv6_a << address.map { |n| n.to_s(16).rjust(4, '0') }.join(':')
+          elsif key == 'bans'
+            ipv6_b << address.map { |n| n.to_s(16).rjust(4, '0') }.join(':')
+          end
+        end
+      end
+
+      ab = { 'allows' => { 'v4' => ipv4_a, 'v6' => ipv6_a }, 'bans' => { 'v4' => ipv4_b, 'v6' => ipv6_b } }
+      Paraxial::Checker.put(ab)
+    end
+
+    def self.put(allow_ban)
+      allows = allow_ban['allows']
+      bans = allow_ban['bans']
+      @allows = { 'v4' => create_patricia(allows['v4'], 'v4'), 'v6' => create_patricia(allows['v6'], 'v6') }
+      @bans = { 'v4' => create_patricia(bans['v4'], 'v4'), 'v6' => create_patricia(bans['v6'], 'v6') }
+      :ok
+    end
+
+    def self.create_patricia(list, type)
+      if type == 'v4'
+        p = Patricia.new
+        list.each do |ip|
+          p.add(ip)
+        end
+        p
+      elsif type == 'v6'
+        p = Patricia.new(:AF_INET6)
+        list.each do |ip|
+          p.add(ip)
+        end
+        p
+      else
+        raise 'Wrong type in Paraxial::Checker.create_patricia'
+      end
+    end
+
+    def self.ban_ip(ip)
+      if ip.include?('.')
+        # IPv4
+        current_t = @bans['v4']
+        current_t.add(ip)
+        @bans['v4'] = current_t
+      else
+        # IPv6
+        current_t = @bans['v6']
+        current_t.add(ip)
+        @bans['v6'] = current_t
+      end
+
+      uri = URI.parse(Paraxial::Helpers.get_ban_url)
+      headers = { 'Content-Type': 'application/json' }
+
+      body = { api_key: ENV['PARAXIAL_API_KEY'], ip_address: ip }
+      r = Net::HTTP.post(uri, body.to_json, headers)
+      if r.code == '200'
+        :ok
+      else
+        :error
+      end
+    end
+
+    def self.allow_ip?(ip)
+      if ip.include?('.')
+        if !@allows['v4'].search_best(ip).nil? # v4 on allow list
+          true
+        elsif !@bans['v4'].search_best(ip).nil? # v4 on ban list
+          false
+        else # v4 on no list
+          true
+        end
+      elsif !@allows['v6'].search_best(ip).nil? # v6 on allow list
+        true
+      elsif !@bans['v6'].search_best(ip).nil? # v6 on ban list
+        false
+      else # v6 on no list
+        true
+      end
+    end
+  end
+end

data/lib/paraxial/cli.rb

@@ -4,6 +4,8 @@ require 'net/http'
 require 'uri'
 require 'json'
 require 'time'
+require 'yaml'
+require_relative 'helpers'
 
 module Paraxial
   class CLI < Thor
@@ -16,6 +18,13 @@ module Paraxial
 
     def scan
       puts '[Paraxial] Scan starting...'
+      if check_rubocop_configuration
+        puts '[Paraxial] .rubocop.yml contains the required paraxial configuration.'
+      else
+        puts '[Paraxial] .rubocop.yml does not contain the required paraxial configuration.'
+        puts '[Paraxial] How to configure: TODO_URL'
+        exit
+      end
 
       if ENV['PARAXIAL_API_KEY'].nil?
         puts '[Paraxial] Environment variable PARAXIAL_API_KEY not found'
@@ -30,21 +39,32 @@ module Paraxial
         rubocop = `rubocop --only #{cops} --format json`
         lockfile = File.read('./Gemfile.lock')
         api_key = ENV['PARAXIAL_API_KEY']
-        uri = URI.parse(ENV['PARAXIAL_URL'] + '/api/ruby_scan')
+        uri = URI.parse(Paraxial::Helpers.get_paraxial_url + '/api/ruby_scan')
         headers = { 'Content-Type': 'application/json' }
 
-        body = { rubocop:, lockfile:, api_key:, timestamp: Paraxial.get_timestamp }
+        body = { rubocop: rubocop, lockfile: lockfile, api_key: api_key, timestamp: Paraxial.get_timestamp }
         response = Net::HTTP.post(uri, body.to_json, headers)
-        puts "[Paraxial] scan result: #{response.body}"
+        m = JSON.parse(response.body)
+        findings = m['ok']['findings']
+        puts
+        puts "[Paraxial] Scan count #{findings.length}"
+        puts
+        findings.each do |finding|
+          puts finding
+          puts
+        end
+        puts "[Paraxial] Scan UUID #{m['ok']['scan_uuid']}"
+        puts "[Paraxial] Scan URL #{m['ok']['scan_url']}"
         github_valid = (!!github_app and !!install_id and !!repo_owner and !!repo_name and !!pr_number)
 
         if github_app and github_valid == false
           puts '[Paraxial] --github_app missing arguments'
           puts '[Paraxial] Required: --github_app, --install_id, --repo_owner, --repo_name, --pr_number'
         elsif github_app and github_valid
-          uuid_regex = /UUID\s+(\S+)/
-          match = response.body.match(uuid_regex)
-          uuid = match[1] if match
+          # uuid_regex = /UUID\s+(\S+)/
+          # match = response.body.match(uuid_regex)
+          # uuid = match[1] if match
+          uuid = m['ok']['scan_uuid']
           if uuid
             final_uuid = uuid.chomp('.')
             censored_backend_map = {
@@ -60,7 +80,7 @@ module Paraxial
 
             censored_backend_map['api_key'] = api_key
             backend_map = censored_backend_map
-            parax_uri = URI.parse(ENV['PARAXIAL_URL'] + '/api/github_app')
+            parax_uri = URI.parse(Paraxial::Helpers.get_paraxial_url + '/api/github_app')
             github_pr_url = "https://github.com/#{repo_owner}/#{repo_name}/pull/#{pr_number}"
 
             rr = Net::HTTP.post(parax_uri, backend_map.to_json, headers)
@@ -75,5 +95,22 @@ module Paraxial
         end
       end
     end
+
+    private
+
+    def check_rubocop_configuration
+      rubocop_file = File.join(Dir.pwd, '.rubocop.yml')
+
+      return false unless File.exist?(rubocop_file)
+
+      config = YAML.load_file(rubocop_file)
+      required_key = 'require'
+
+      if config.is_a?(Hash) && config[required_key].is_a?(Array)
+        config[required_key].include?('paraxial')
+      else
+        false
+      end
+    end
   end
 end

data/lib/paraxial/helpers.rb

@@ -0,0 +1,11 @@
+module Paraxial
+  module Helpers
+    def self.get_paraxial_url
+      @paraxial_url ||= ENV['PARAXIAL_URL'] || 'https://app.paraxial.io/'
+    end
+
+    def self.get_ban_url
+      get_paraxial_url + '/api/ban_ip'
+    end
+  end
+end

data/lib/paraxial/initializers/startup.rb

@@ -1,57 +1,73 @@
 require 'bundler'
 require 'paraxial'
 require 'rpatricia'
+require_relative '../helpers'
+require_relative '../checker'
 
 Bundler.setup
 
-Rails.application.config.to_prepare do
-  # Your code here
-  puts '[Paraxial] Runtime start'
-  api_key = ENV['PARAXIAL_API_KEY']
+unless Rails.env.test? || File.basename($0) == 'rake' || defined?(Rails::Generators)
+  Rails.application.config.to_prepare do
+    puts '[Paraxial] Init start'
+    api_key = ENV['PARAXIAL_API_KEY']
 
-  if api_key.nil?
-    puts '[Paraxial] PARAXIAL_API_KEY key not set, agent not started'
-  elsif ENV['PARAXIAL_URL'].nil?
-    puts '[Paraxial] PARAXIAL_URL key not set, agent not started'
-  elsif Rails.env.test?
-    puts '[Paraxial] Test environment detected, agent not started'
-  else
-    deps_and_licenses = []
-    Bundler.load.specs.each do |spec|
-      # Print the gem name and license
-      h = { name: spec.name, version: spec.version.to_s, description: Paraxial.trim_dep(spec.description),
-            license: spec.license || 'None' }
-      deps_and_licenses << h
-    end
-    deps_and_licenses << { name: 'ruby', version: RUBY_VERSION, description: 'The Ruby Programming Language',
-                           license: 'Ruby' }
-    uri = URI.parse(ENV['PARAXIAL_URL'] + '/api/ruby_app_lic')
-    headers = { 'Content-Type': 'application/json' }
+    if api_key.nil?
+      puts '[Paraxial] Init PARAXIAL_API_KEY key not set, agent not started'
+    elsif Rails.env.test?
+      puts '[Paraxial] Init Test environment detected, agent not started'
+    else
+      begin
+        puts '[Paraxial] Init config valid, agent starting'
+        deps_and_licenses = []
+        Bundler.load.specs.each do |spec|
+          # Print the gem name and license
+          h = { name: spec.name, version: spec.version.to_s, description: Paraxial.trim_dep(spec.description),
+                license: spec.license || 'None' }
+          deps_and_licenses << h
+        end
+        deps_and_licenses << { name: 'ruby', version: RUBY_VERSION, description: 'The Ruby Programming Language',
+                               license: 'Ruby' }
+        uri = URI.parse(Paraxial::Helpers.get_paraxial_url + '/api/ruby_app_lic')
+        headers = { 'Content-Type': 'application/json' }
 
-    body = { app_lic: deps_and_licenses, api_key:, timestamp: Paraxial.get_timestamp }
-    Thread.new do
-      Net::HTTP.post(uri, body.to_json, headers)
-    end
+        body = { app_lic: deps_and_licenses, api_key:, timestamp: Paraxial.get_timestamp }
+        cloud_uri = URI.parse(Paraxial::Helpers.get_paraxial_url + '/api/cloud_ip_list')
+        response = Net::HTTP.get(cloud_uri)
 
-    cloud_uri = URI.parse(ENV['PARAXIAL_URL'] + '/api/cloud_ip_list')
-    response = Net::HTTP.get(cloud_uri)
+        Thread.new do
+          Net::HTTP.post(uri, body.to_json, headers)
+        end
 
-    # https://github.com/jkitching/rpatricia
-    pt_v4 = Patricia.new
-    pt_v6 = Patricia.new(:AF_INET6)
-    cloud_list = JSON.parse(response)
-    cloud_list.each do |k, v|
-      if k.include?('::')
-        pt_v6.add(k, v)
-      else
-        pt_v4.add(k, v)
+        # https://github.com/jkitching/rpatricia
+        pt_v4 = Patricia.new
+        pt_v6 = Patricia.new(:AF_INET6)
+        cloud_list = JSON.parse(response)
+        cloud_list.each do |k, v|
+          if k.include?('::')
+            pt_v6.add(k, v)
+          else
+            pt_v4.add(k, v)
+          end
+        end
+        puts '[Paraxial] Cloud IPs set'
+        # puts '[Paraxial] pt_v4.num_nodes'
+        # puts pt_v4.num_nodes
+        # puts 'pt_v6.num_nodes'
+        # puts pt_v6.num_nodes
+        PARAXIAL_IPV4 = pt_v4
+        PARAXIAL_IPV6 = pt_v6
+        # ab = Paraxial.get_abr
+        # puts "[Paraxial] Allows/Bans set: #{ab}"
+      rescue Errno::ECONNREFUSED => _e
+        puts '[Paraxial] Init HTTP request failed, check configuration'
+        PARAXIAL_IPV4 = Patricia.new unless defined?(PARAXIAL_IPV4)
+        PARAXIAL_IPV6 = Patricia.new(:AF_INET6) unless defined?(PARAXIAL_IPV4)
+      rescue StandardError => e
+        puts e
+        puts '[Paraxial] Init error, check configuration'
+        PARAXIAL_IPV4 = Patricia.new unless defined?(PARAXIAL_IPV4)
+        PARAXIAL_IPV6 = Patricia.new(:AF_INET6) unless defined?(PARAXIAL_IPV4)
       end
     end
-    # puts '[Paraxial] pt_v4.num_nodes'
-    # puts pt_v4.num_nodes
-    # puts 'pt_v6.num_nodes'
-    # puts pt_v6.num_nodes
-    PARAXIAL_IPV4 = pt_v4
-    PARAXIAL_IPV6 = pt_v6
   end
 end

data/lib/paraxial/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Paraxial
-  VERSION = '0.2.0'
+  VERSION = '0.4.0'
 end

data/lib/paraxial.rb

@@ -9,10 +9,9 @@ require_relative 'rubocop/cop/paraxial/send'
 require_relative 'rubocop/cop/paraxial/constantize'
 require_relative 'rubocop/cop/paraxial/html_safe'
 require_relative 'rubocop/cop/paraxial/sql'
-require_relative "paraxial/version"
+require_relative 'paraxial/version'
 require_relative 'paraxial/cli'
 
-
 module Paraxial
   class Error < StandardError; end
   # Your code goes here...
@@ -27,7 +26,7 @@ module Paraxial
 
       if request_path.end_with?('.php')
         # Return a 404 response if the request path ends with '.php'
-        [404, { 'Content-Type' => 'text/plain' }, ["Not Found from Paraxial.io"]]
+        [404, { 'Content-Type' => 'text/plain' }, ['Not Found from Paraxial.io']]
       else
         # Pass the request to the next middleware or the application
         @app.call(env)
@@ -37,15 +36,23 @@ module Paraxial
 
   def self.get_timestamp
     utc_time = Time.now.utc
-    utc_time.strftime("%Y-%m-%d %H:%M:%S.%6N") + "Z"
+    utc_time.strftime('%Y-%m-%d %H:%M:%S.%6N') + 'Z'
   end
 
   def self.cloud_ip?(ip)
     !!(PARAXIAL_IPV4.search_best(ip) or PARAXIAL_IPV6.search_best(ip))
   end
 
+  def self.ban_ip(ip)
+    Paraxial::Checker.ban_ip(ip)
+  end
+
+  def self.allow_ip?(ip)
+    Paraxial::Checker.allow_ip?(ip)
+  end
+
   def self.trim_dep(input)
-    if input == nil
+    if input.nil?
       nil
     else
       cleaned_string = input.gsub(/\n/, '')
@@ -54,9 +61,7 @@ module Paraxial
       period_index = cleaned_string.index('.')
 
       # If there's a period, truncate the string up to that point
-      if period_index
-        cleaned_string = cleaned_string[0..period_index]
-      end
+      cleaned_string = cleaned_string[0..period_index] if period_index
 
       cleaned_string
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: paraxial
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Michael Lubas
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-08-06 00:00:00.000000000 Z
+date: 2024-08-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -80,8 +80,10 @@ files:
 - Rakefile
 - exe/paraxial
 - lib/paraxial.rb
+- lib/paraxial/checker.rb
 - lib/paraxial/cli.rb
 - lib/paraxial/engine.rb
+- lib/paraxial/helpers.rb
 - lib/paraxial/initializers/startup.rb
 - lib/paraxial/version.rb
 - lib/rubocop/cop/paraxial/constantize.rb