paraxial 0.7.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ae07951f0f8acaa36743cf6262075828235520ddc3ffb2ff7f4a29643ddd6e1d
-  data.tar.gz: a865ff890ed5e9a802b9462e236a8efaa4b494d5b5973cf13720446c76174444
+  metadata.gz: 0a6510720489f0277f96eef42e60e10e7f3958ab6a3763aa3941c022c497a314
+  data.tar.gz: 497e56a5048f7b6cbb5d2238e5d9059a66cec676dde27d9474faaaee6a5d0fb6
 SHA512:
-  metadata.gz: 4cfda9292ce733e777a2198b97e30443a68d8348dd822ff60f680da43af6b47aa18c2318bcf01565689ba8961bc695a71fccf31814a46092c256f52ce7893810
-  data.tar.gz: e10ef61a321f57660a35d706cdab3b000852c68ca66c89299fe54a95daa785e008446ffa06d9ede8bca8a7ed6bd9e1a9e7c6e11ddaa78f79a8d25b5539edd48b
+  metadata.gz: 64182cfa8039d867bbc5e113e5f421a3e1141e833790222c52ae6191099289fbd056cef3163442c949db576d1de76402c8d5196fd05da46169e34f64de77ab71
+  data.tar.gz: 7fbc2ed7db3b3afb3d43a935e667d4ffc26464034c7070f8d15ba28db03c9ee5fb1fc327d56005ecefd615a39845cc8fe5f5e5aa92975186b3c9f3b615c1410b

data/lib/paraxial/checker.rb

@@ -3,19 +3,59 @@ module Paraxial
   module Checker
     @allows = { 'v4' => Patricia.new, 'v6' => Patricia.new(:AF_INET6) }
     @bans = { 'v4' => Patricia.new, 'v6' => Patricia.new(:AF_INET6) }
-
+    @buffer = Queue.new
+    @mutex = Mutex.new
 
     if Paraxial::Helpers.get_api_key
       @thread = Thread.new do
         loop do
           get_abr
           sleep(10)
+          flush_buffer
+        end
+      end
+    end
+
+    def self.req_to_buff(req_hash)
+      @buffer << req_hash
+    end
+
+    def self.flush_buffer
+      @mutex.synchronize do
+        requests = []
+        until @buffer.empty?
+          requests << @buffer.pop(true) rescue nil
         end
+
+        send_async_request(requests) unless requests.empty?
       end
     end
 
+    def self.send_async_request(requests)
+      body =
+        {
+          http_requests: requests,
+          private_api_key: Paraxial::Helpers.get_api_key
+        }
+
+      # Do not send HTTP events when free tier is set to true
+      ft = Paraxial::FreeTier.is_free_tier
+      if ft
+        puts "[Paraxial] HTTP ingest not supported on free tier"
+      else
+        Thread.new do
+          uri = URI.parse(Paraxial::Helpers.get_ingest_url)  # Replace with your endpoint
+          headers = { 'Content-Type': 'application/json' }
+          resp = Net::HTTP.post(uri, body.to_json, headers)
+          puts "ingest_url resp.code: #{resp.code}"
+          puts resp.body
+        end
+      end
+    end
+
+
     def self.get_abr
-      uri = URI.parse(Paraxial::Helpers.get_paraxial_url + '/api/abr')
+      uri = URI.parse(Paraxial::Helpers.get_abr_url)
       headers = { 'Content-Type': 'application/json' }
 
       body = { api_key: Paraxial::Helpers.get_api_key }

data/lib/paraxial/free_tier.rb

@@ -0,0 +1,34 @@
+require 'net/http'
+require 'json'
+
+module Paraxial
+  module FreeTier
+    class << self
+      attr_reader :is_free_tier
+
+      def initialize
+        @is_free_tier = true
+        check_free_tier_status
+      end
+
+      private
+
+      # Kicks off an async HTTP request
+      def check_free_tier_status
+        Thread.new do
+          uri = URI.parse(Paraxial::Helpers.get_free_tier_url())
+          headers = { 'Content-Type': 'application/json' }
+          body = { api_key: Paraxial::Helpers.get_api_key }
+          r = Net::HTTP.post(uri, body.to_json, headers)
+          result = JSON.parse(r.body)
+          # Assume the API response contains a field `free_tier` (true/false)
+          @is_free_tier = result['free_tier']
+        rescue StandardError => e
+          # Handle any errors (network issues, parsing errors, etc.)
+          puts "Error fetching free tier status: #{e.message}"
+          @is_free_tier = true
+        end
+      end
+    end
+  end
+end

data/lib/paraxial/helpers.rb

@@ -12,6 +12,18 @@ module Paraxial
       get_paraxial_url + '/api/exploit'
     end
 
+    def self.get_free_tier_url
+      get_paraxial_url + '/api/free_tier'
+    end
+
+    def self.get_abr_url
+      get_paraxial_url + '/api/abr'
+    end
+
+    def self.get_ingest_url
+      get_paraxial_url + '/api/ingest'
+    end
+
     def self.get_api_key
       @paraxial_api_key ||= ENV['PARAXIAL_API_KEY']
     end

data/lib/paraxial/initializers/marshal_patch.rb

@@ -4,9 +4,9 @@ unless Rails.env.test? || File.basename($0) == 'rake' || defined?(Rails::Generat
       alias_method :original_load, :load
 
       def load(source, proc = nil)
-        exg = Paraxial.configuration.exploit_guard
+        exg = Paraxial.configuration&.exploit_guard || nil
         if [:monitor, :block].include?(exg)
-          if source.is_a?(String) && source.match?(/ActionView|Net::BufferedIO|ERB|ActiveSupport/)
+          if source.is_a?(String) && source.match?(/ActionView|Net::BufferedIO|ERB/)
             puts "[Paraxial] Exploit Guard triggered, malicious input to Marshal.load"
             puts source
 

data/lib/paraxial/initializers/startup.rb

@@ -3,6 +3,7 @@ require 'paraxial'
 require 'rpatricia'
 require_relative '../helpers'
 require_relative '../checker'
+require_relative '../free_tier'
 
 Bundler.setup
 
@@ -20,6 +21,7 @@ unless Rails.env.test? || File.basename($0) == 'rake' || defined?(Rails::Generat
         puts '[Paraxial] API key detected, agent starting'
 
         Paraxial.check_exploit_guard
+        Paraxial::FreeTier.initialize
 
         deps_and_licenses = []
         Bundler.load.specs.each do |spec|

data/lib/paraxial/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Paraxial
-  VERSION = '0.7.0'
+  VERSION = '0.9.0'
 end

data/lib/paraxial.rb

@@ -44,7 +44,66 @@ module Paraxial
     utc_time.strftime('%Y-%m-%d %H:%M:%S.%6N') + 'Z'
   end
 
+  def self.record(request, status)
+    return if Paraxial::Helpers.get_api_key.nil?
+
+    req_hash =
+      {
+        ip_address: request.remote_ip,
+        http_method: request.request_method,
+        path: request.path,
+        user_agent: request.user_agent,
+        allowed: !request.env['paraxial.deny'],
+        status_code: status,
+        inserted_at: get_timestamp,
+        cloud_ip: request.env['paraxial.cloud_ip'],
+        host: request.host
+      }
+    puts req_hash
+    Paraxial::Checker.req_to_buff(req_hash)
+  end
+
+  # routes = ['/login', '/users/:id']
+  def self.block_cloud_ip(request, routes)
+    return if Paraxial::Helpers.get_api_key.nil?
+
+    ip = request.remote_ip
+    cloud_provider = get_cloud_provider(ip)
+
+    if cloud_provider
+      request.env['paraxial.cloud_ip'] = cloud_provider
+    else
+      request.env['paraxial.cloud_ip'] = nil
+    end
+
+    route_patterns = routes.map do |route|
+      Regexp.new("^" + route.gsub(/:\w+/, '\d+') + "$")
+    end
+
+    match = route_patterns.any? { |pattern| pattern.match?(request.path) }
+
+    if match and cloud_provider
+      request.env['paraxial.deny'] = true
+    end
+  end
+
+  def self.req_allowed?(request)
+    return if Paraxial::Helpers.get_api_key.nil?
+
+    if request.env['paraxial.deny'] == true
+      false
+    elsif Paraxial::Checker.allow_ip?(request.remote_ip) == true
+      request.env['paraxial.deny'] = false
+      true
+    else
+      request.env['paraxial.deny'] = true
+      false
+    end
+  end
+
   def self.cloud_ip?(ip)
+    return if Paraxial::Helpers.get_api_key.nil?
+
     if ip.include?('.')
       !!PARAXIAL_IPV4.search_best(ip)
     else
@@ -52,11 +111,25 @@ module Paraxial
     end
   end
 
+  def self.get_cloud_provider(ip)
+    return if Paraxial::Helpers.get_api_key.nil?
+
+    if ip.include?('.')
+      PARAXIAL_IPV4.search_best(ip)&.data
+    else
+      PARAXIAL_IPV6.search_best(ip)&.data
+    end
+  end
+
   def self.ban_ip(ip)
+    return if Paraxial::Helpers.get_api_key.nil?
+
     Paraxial::Checker.ban_ip(ip)
   end
 
   def self.allow_ip?(ip)
+    return if Paraxial::Helpers.get_api_key.nil?
+
     Paraxial::Checker.allow_ip?(ip)
   end
 
@@ -83,7 +156,7 @@ module Paraxial
 
   def self.check_exploit_guard
     if configuration.nil?
-      puts "[Paraxial] Exploit Guard, no config exists, will not run"
+      puts "[Paraxial] Exploit Guard, no configuration exists, will not run"
       return
     end
 
@@ -95,7 +168,7 @@ module Paraxial
     when nil
       puts "[Paraxial] Exploit Guard, not configured, will not run"
     else
-      puts "[Paraxial] Exploit Guard, bad value"
+      puts "[Paraxial] Exploit Guard, bad configuration value: #{configuration.exploit_guard}, will not run"
     end
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: paraxial
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Michael Lubas
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-09-13 00:00:00.000000000 Z
+date: 2024-09-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
@@ -97,6 +97,7 @@ files:
 - lib/paraxial/checker.rb
 - lib/paraxial/cli.rb
 - lib/paraxial/engine.rb
+- lib/paraxial/free_tier.rb
 - lib/paraxial/helpers.rb
 - lib/paraxial/initializers/marshal_patch.rb
 - lib/paraxial/initializers/startup.rb