perimeter_x 1.0.4 → 1.0.5.pre.alpha

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2e226c7753af5094d03889b452cb6208ca1c264b
-  data.tar.gz: d4cbd74100e85512f11ad154761ce6813ecf22a4
+  metadata.gz: b015e00fb8c09f7ee38acf332393fb70b46ae72a
+  data.tar.gz: 2cd9d8c9c6a1a670c2b5b978eafca66fc6af0e6a
 SHA512:
-  metadata.gz: 9fc6c5652f1a22da0b604bf72a072ba8eb4b43762217fc33f93fae0709ab0573ee19cb8aa8dcf11aa06339c9ef11097de39d9ecbfb8fdcdaaa5e61c6d1f526ba
-  data.tar.gz: ca7c07317ddbf5cb7a3987451b2ef6e0658fa95e6a27ae2be2243a3c1a5bfdc6ef9e6ea9c3a744bc9f854c7700a80bd1249839607613b2603e4fee6530c2ac16
+  metadata.gz: 021d15436252d2aed4cec3407b558a41e8ea4b1c9c953b1db84aefa9a352c9146325ca3f024945623fea8f75ea974c880b3950ab2f93a7df4bd7cabbbb7fc2be
+  data.tar.gz: 95ffb7428a041e79295d2e750064f00e389522af1eb8e84e6e279c2375c1f3c818ec8793098b5a433da23c012a3259b173e8b4a4b669cb419653eb5da9c041d2

data/.gitignore

@@ -3,15 +3,13 @@ capybara-*.html
 .rspec
 /log
 /tmp
-/bin
 /dev
 /db/*.sqlite3
 /db/*.sqlite3-journal
 /public/system
 /coverage/
 /spec/tmp
-examples/config/initializers/perimeterx.rb
-examples/app/views/home/index.html.erb
+examples/home_controller.rb
 **.orig
 *.gem
 rerun.txt

data/Dockerfile

@@ -37,14 +37,12 @@ RUN /bin/bash -l -c "gem install bundler"
 RUN /bin/bash -l -c "gem install rails -v 4.2.0"
 RUN mkdir -p /tmp/ruby_sandbox
 WORKDIR /tmp/ruby_sandbox
-RUN git clone https://github.com/PerimeterX/perimeterx-ruby-sdk.git
 RUN /bin/bash -l -c "rails new webapp"
 WORKDIR /tmp/ruby_sandbox/webapp
 RUN /bin/bash -l -c "rails generate controller home index"
 WORKDIR /tmp/ruby_sandbox/webapp
 EXPOSE 3000
-# TODO: make it take the files from git
-RUN sed -i '2i gem "perimeter_x", :path => "/tmp/ruby_sandbox/perimeterx-ruby-sdk"' /tmp/ruby_sandbox/webapp/Gemfile
+RUN sed -i "2i gem 'perimeter_x', '~> 1.0.3.pre.alpha'" /tmp/ruby_sandbox/webapp/Gemfile
 RUN /bin/bash -l -c "bundler update"
-COPY ./examples/ /tmp/ruby_sandbox/webapp
+RUN /bin/bash -l -c "gem list|grep peri"
 CMD ["/bin/bash", "-l", "-c", "rails server -b 0.0.0.0;"]

data/Gemfile

@@ -1,3 +1,3 @@
 source "https://rubygems.org"
 
-gemspec
+gem 'httpclient', '2.8.2.4'

data/Gemfile.lock

@@ -1,55 +1,13 @@
-PATH
-  remote: .
-  specs:
-    perimeter_x (1.0.3)
-      activesupport (>= 4.2.0)
-      httpclient (= 2.8.2.4)
-      mustache (~> 1.0, >= 1.0.3)
-
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.0.2)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    concurrent-ruby (1.0.5)
-    diff-lcs (1.3)
-    httpclient (2.8.2.4)
-    i18n (0.8.1)
-    metaclass (0.0.4)
-    minitest (5.10.1)
-    mocha (1.2.1)
-      metaclass (~> 0.0.1)
-    mustache (1.0.4)
-    rake (10.4.2)
-    rspec (3.5.0)
-      rspec-core (~> 3.5.0)
-      rspec-expectations (~> 3.5.0)
-      rspec-mocks (~> 3.5.0)
-    rspec-core (3.5.4)
-      rspec-support (~> 3.5.0)
-    rspec-expectations (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-mocks (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-support (3.5.0)
-    thread_safe (0.3.6)
-    tzinfo (1.2.3)
-      thread_safe (~> 0.1)
+    httpclient (2.8.3)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (~> 1.14)
-  mocha (~> 1.2, >= 1.2.1)
-  perimeter_x!
-  rake (~> 10.0)
-  rspec (~> 3.0)
+  httpclient (= 2.8.3)
 
 BUNDLED WITH
    1.14.6

data/LICENSE.txt

@@ -1,4 +1,6 @@
-Copyright © 2016 PerimeterX, Inc.
+The MIT License (MIT)
+
+Copyright (c) 2017 nitzanpx
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -7,12 +9,13 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
-OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
-DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
-USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/Rakefile

@@ -1,9 +1,2 @@
-begin
-  require 'rspec/core/rake_task'
-
-  RSpec::Core::RakeTask.new(:spec)
-
-  task :test => :spec
-rescue LoadError
-  # no rspec available
-end
+require "bundler/gem_tasks"
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "perimeter_x"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/changelog.md

@@ -1,12 +0,0 @@
-# Change Log
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](http://keepachangelog.com/)
-and this project adheres to [Semantic Versioning](http://semver.org/).
-
-## [1.0.4] - 2017-04-27
-### Fixed
- - Constants on px_constants
- - Cookie Validation flow when cookie score was over the configured threshold
- - Using symbols instead of strings for requests body

data/examples/home_controller.rb.dist

@@ -0,0 +1,23 @@
+class HomeController < ApplicationController
+  include PerimeterX
+
+  before_action :px_middleware
+
+  attr_accessor :px
+
+  def initialize()
+    params = {
+      "app_id" => <APP_ID>,
+      "cookie_key" => <COOKIE_KEY>,
+      "auth_token" => <AUTH_TOKEN>
+    }
+    @px = PxModule.instance(params)
+  end
+
+  def index
+  end
+
+  def px_middleware
+    px.px_verify(request.env)
+  end
+end

data/lib/perimeter_x.rb

@@ -1,145 +1,69 @@
 require 'perimeterx/configuration'
 require 'perimeterx/utils/px_logger'
-require 'perimeterx/utils/px_constants'
 require 'perimeterx/utils/px_http_client'
-require 'perimeterx/utils/px_template_factory'
 require 'perimeterx/internal/perimeter_x_context'
-require 'perimeterx/internal/clients/perimeter_x_activity_client'
-require 'perimeterx/internal/validators/perimeter_x_s2s_validator'
-require 'perimeterx/internal/validators/perimeter_x_cookie_validator'
-require 'perimeterx/internal/validators/perimeter_x_captcha_validator'
+require 'perimeterx/internal/perimeter_x_s2s_validator'
 
-module PxModule
+module PerimeterX
+  class PxModule
+    L = PxLogger.instance
 
-  # Module expose API
-  def px_verify_request
-    verified, px_ctx = PerimeterX.instance.verify(env)
-
-    # Invalidate _pxCaptcha, can be done only on the controller level
-    cookies[:_pxCaptcha] = { value: "", expires: -1.minutes.from_now }
-
-    if (!verified)
-      # In case custon block handler exists
-      if (PerimeterX.instance.px_config.key?(:custom_block_handler))
-        PerimeterX.instance.px_config[:logger].debug("PxModule[px_verify_request]: custom_block_handler triggered")
-        return instance_exec(px_ctx, &PerimeterX.instance.px_config[:custom_block_handler])
-      else
-        # Generate template
-        PerimeterX.instance.px_config[:logger].debug("PxModule[px_verify_request]: sending default block page")
-        html = PxTemplateFactory.get_template(px_ctx, PerimeterX.instance.px_config)
-        response.headers["Content-Type"] = "text/html"
-        response.status = 403
-        render :html => html
-      end
-    end
-
-    return verified
-  end
-
-  def self.configure(params)
-    @px_instance = PerimeterX.configure(params)
-  end
-
-
-  # PerimtereX Module
-  class PerimeterX
-    @@__instance = nil
-    @@mutex = Mutex.new
+    @@singleton__instance__ = nil
+    @@singleton__mutex__ = Mutex.new
 
     attr_reader :px_config
     attr_accessor :px_http_client
-    attr_accessor :px_activity_client
 
-    #Static methods
-    def self.configure(params)
-      return true if @@__instance
-      @@mutex.synchronize {
-        return @@__instance if @@__instance
-        @@__instance = new(params)
+    def self.instance(params)
+      return @@singleton__instance__ if @@singleton__instance__
+      @@singleton__mutex__.synchronize {
+        return @@singleton__instance__ if @@singleton__instance__
+        @@singleton__instance__ = new(params)
       }
-      return true
+      @@singleton__instance__
     end
 
-    def self.instance
-      return @@__instance if !@@__instance.nil?
-      raise Exception.new("Please initialize perimeter x first")
-    end
 
+    private def initialize(params)
+      L.info("PerimeterX[initialize]")
+      @px_config = Configuration.new(params).configuration
+      @px_http_client = PxHttpClient.new(@px_config)
+    end
 
-    #Instance Methods
-    def verify(env)
+    def px_verify(env)
       begin
-        @logger.debug("PerimeterX[pxVerify]")
+        L.info("PerimeterX[pxVerify]")
         req = ActionDispatch::Request.new(env)
-        if (!@px_config[:module_enabled])
-          @logger.warn("Module is disabled")
+
+        if (!@px_config['module_enabled'])
+          L.warn("Module is disabled")
           return true
         end
-        px_ctx = PerimeterXContext.new(@px_config, req)
 
-        # Captcha phase
-        captcha_verified, px_ctx = @px_captcha_validator.verify(px_ctx)
-        if (captcha_verified)
-          return handle_verification(px_ctx)
-        end
+        px_ctx = PerimeterXContext.new(@px_config, req)
+        px_ctx.context[:s2s_call_reason] = "no_cookie"
 
-        # Cookie phase
-        cookie_verified, px_ctx = @px_cookie_validator.verify(px_ctx)
-        if (!cookie_verified)
-          @px_s2s_validator.verify(px_ctx)
-        end
+        s2sValidator = PerimeterxS2SValidator.new(px_ctx, @px_config, @px_http_client)
+        px_ctx = s2sValidator.verify()
 
-        if (@px_config.key?(:custom_verification_handler))
-          return @px_config[:custom_verification_handler].call(px_ctx.context)
+        if (px_config.key?('custom_verification_handler'))
+          return px_config['custom_verification_handler'].call(px_ctx.context)
         else
           return handle_verification(px_ctx)
         end
       rescue Exception => e
-        @logger.error("#{e.backtrace.first}: #{e.message} (#{e.class})")
-        e.backtrace.drop(1).map { |s| @logger.error("\t#{s}") }
+        puts("#{e.backtrace.first}: #{e.message} (#{e.class})", e.backtrace.drop(1).map { |s| "\t#{s}" })
         return true
       end
     end
 
-    private def initialize(params)
-      @px_config = Configuration.new(params).configuration
-      @logger = @px_config[:logger]
-      @px_http_client = PxHttpClient.new(@px_config)
-
-      @px_activity_client = PerimeterxActivitiesClient.new(@px_config, @px_http_client)
-
-      @px_cookie_validator = PerimeterxCookieValidator.new(@px_config)
-      @px_s2s_validator = PerimeterxS2SValidator.new(@px_config, @px_http_client)
-      @px_captcha_validator = PerimeterxCaptchaValidator.new(@px_config, @px_http_client)
-      @logger.debug("PerimeterX[initialize]")
-    end
-
+    # private methods
     private def handle_verification(px_ctx)
-      @logger.debug("PerimeterX[handle_verification]")
-      @logger.debug("PerimeterX[handle_verification]: processing ended - score:#{px_ctx.context[:score]}, uuid:#{px_ctx.context[:uuid]}")
-
-      score = px_ctx.context[:score]
-      # Case PASS request
-      if (score < @px_config[:blocking_score])
-        @logger.debug("PerimeterX[handle_verification]: score:#{score} < blocking score, passing request")
-        @px_activity_client.send_page_requested_activity(px_ctx)
-        return true
-      end
-
-      # Case blocking activity
-      @px_activity_client.send_block_activity(px_ctx)
-
-      # In case were in monitor mode, end here
-      if(@px_config[:module_mode] == PxModule::MONITOR_MODE)
-        @logger.debug("PerimeterX[handle_verification]: monitor mode is on, passing request")
-        return true
-      end
-
-      @logger.debug("PerimeterX[handle_verification]: verification ended, the request should be blocked")
-
-      return false, px_ctx
+      L.info("perimeterx processing ended - score:#{px_ctx.context[:score]}, uuid:#{px_ctx.context[:uuid]}")
+      return true
     end
 
     private_class_method :new
   end
+
 end

data/lib/perimeterx/configuration.rb

@@ -1,37 +1,30 @@
-require 'perimeterx/utils/px_logger'
-require 'perimeterx/utils/px_constants'
-
-module PxModule
+module PerimeterX
   class Configuration
 
     attr_accessor :configuration
     attr_accessor :PX_DEFAULT
+    attr_accessor :MONITOR_MODE
+    attr_accessor :ACTIVE_MODE
+
+    MONITOR_MODE = 1
+    ACTIVE_MODE = 2
 
     PX_DEFAULT = {
-      :app_id                   => nil,
-      :cookie_key               => nil,
-      :auth_token               => nil,
-      :module_enabled           => true,
-      :captcha_enabled          => true,
-      :challenge_enabled        => true,
-      :encryption_enabled       => true,
-      :blocking_score           => 70,
-      :sensitive_headers        => ["http-cookie", "http-cookies"],
-      :api_connect_timeout      => 0,
-      :api_timeout              => 0,
-      :max_buffer_len           => 30,
-      :send_page_activities     => false,
-      :send_block_activities    => true,
-      :sdk_name                 => PxModule::SDK_NAME,
-      :debug                    => false,
-      :module_mode              => PxModule::ACTIVE_MODE,
-      :local_proxy              => false
+      "app_id"                   => nil,
+      "auth_token"               => nil,
+      "module_enabled"           => true,
+      "blocking_score"           => 70,
+      "sensitive_headers"        => ["cookie", "cookies"],
+      "api_connect_timeout"      => 1,
+      "api_timeout"              => 1,
+      "sdk_name"                 => "RUBY SLIM SDK v1.0.0",
+      "debug_mode"               => false,
+      "module_mode"              => MONITOR_MODE,
     }
 
     def initialize(params)
-      PX_DEFAULT[:perimeterx_server_host] = "https://sapi-#{params[:app_id].downcase}.perimeterx.net"
+      PX_DEFAULT["perimeterx_server_host"] = "https://sapi-#{params['app_id'].downcase}.perimeterx.net"
       @configuration = PX_DEFAULT.merge(params);
-      @configuration[:logger] = PxLogger.new(@configuration[:debug])
     end
   end
 end

data/lib/perimeterx/internal/perimeter_x_context.rb

@@ -1,82 +1,73 @@
 require 'perimeterx/utils/px_logger'
 
-module PxModule
-  class PerimeterXContext
+class PerimeterXContext
+  L = PxLogger.instance
 
-    attr_accessor :context
-    attr_accessor :px_config
+  attr_accessor :context
+  attr_accessor :px_config
 
-    def initialize(px_config, req)
-      @logger = px_config[:logger];
-      @logger.debug("PerimeterXContext[initialize] ")
-      @context = Hash.new
+  def initialize(px_config, req)
+    L.info("PerimeterXContext: initialize")
+    @context = Hash.new
 
-      @context[:px_cookie] = Hash.new
-      @context[:headers] = Hash.new
-      cookies = req.cookies
-      if (!cookies.empty?)
-        # Prepare hashed cookies
-        cookies.each do |k, v|
-          case k.to_s
-            when "_px3"
-              @context[:px_cookie][:v3] = v
-            when "_px"
-              @context[:px_cookie][:v1] = v
-            when "_pxCaptcha"
-              @context[:px_captcha] = v
-          end
-        end #end case
-      end #end empty cookies
-
-      req.headers.each do |k, v|
-        if (k.start_with? "HTTP_")
-          header = k.to_s.gsub("HTTP_", "")
-          header = header.gsub("_", "-").downcase
-          @context[:headers][header.to_sym] = v
+    @context[:px_cookies] = Hash.new
+    @context[:headers] = Hash.new
+    cookies = req.cookies
+    if (!cookies.empty?)
+      # Prepare hashed cookies
+      cookies.each do |k,v|
+        case k
+          when"_px3"
+            @context[:px_cookies] = v
+          when "_px"
+            @context[:px_cookies] = v
+          when "_pxCaptcha"
+            @context[:px_captcha] = v
         end
-      end #end headers foreach
-
-      @context[:hostname]= req.server_name
-      @context[:user_agent] = req.user_agent ? req.user_agent : ''
-      @context[:uri] = px_config[:custom_uri] ? px_config[:custom_uri].call(req)  : req.headers['REQUEST_URI']
-      @context[:full_url] = req.original_url
-      @context[:score] = 0
+      end #end case
+    end#end empty cookies
 
-      if px_config.key?(:custom_user_ip)
-        @context[:ip] = req.headers[px_config[:custom_user_ip]]
-      elsif px_config.key?(:px_custom_user_ip_method)
-        @context[:ip] = px_config[:px_custom_user_ip_method].call(req)
-      else
-        @context[:ip] = req.ip
+    req.headers.each do |k,v|
+      if(k.start_with? "HTTP_")
+        header = k.to_s.gsub("HTTP_","")
+        header = header.gsub("_","-").downcase
+        @context[:headers][header.to_sym] = v
       end
+    end#end headers foreach
 
-      if req.server_protocol
-          httpVer = req.server_protocol.split("/")
-          if httpVer.size > 0
-              @context[:http_version] = httpVer[1];
-          end
-      end
-      @context[:http_method] = req.method
+    @context[:hostname]= req.headers['HTTP_HOST']
+    @context[:user_agent] = req.headers['HTTP_USER_AGENT'] ? req.headers['HTTP_USER_AGENT'] : ''
+    @context[:uri] = px_config[:custom_uri] ? px_config[:custom_uri]  : req.headers['REQUEST_URI']
+    @context[:full_url] = self_url(req)
+    @context[:score] = 0
 
-    end #end init
+    if px_config.key?('custom_user_ip')
+      @context[:ip] = px_config['custom_user_ip']
+    elsif px_config.key?('px_custom_user_ip_method')
+      puts "px_custom_user_ip_method triggered"
+      @context[:ip] = px_config['px_custom_user_ip_method'].call(req)
+    else
+      @context[:ip] = req.headers['REMOTE_ADDR'];
+    end
 
-    def set_block_action_type(action)
-      @context[:block_action] = case action
-        when "c"
-          "captcha"
-        when "b"
-          return "block"
-        when "j"
-          return "challenge"
-        else
-          return "captcha"
+    if req.headers['SERVER_PROTOCOL']
+        httpVer = req.headers['SERVER_PROTOCOL'].split("/")
+        if httpVer.size > 0
+            @context[:http_version] = httpVer[1];
         end
     end
+    @context[:http_method] = req.headers['REQUEST_METHOD'];
 
-    def get_px_cookie
-      cookie = @context[:px_cookie].key?(:v3) ? @context[:px_cookie][:v3] : @context[:px_cookie][:v1]
-      return cookie.tr(' ','+') if !cookie.nil?
-    end
+  end #end init
 
+  def self_url(req)
+    s = req.headers.key?('HTTPS') && req.headers['HTTPS'] == "on" ? "s" : "" #check if HTTPS or HTTP
+    l = req.headers['SERVER_PROTOCOL'].downcase #get protocol and downcase it
+    protocol = "#{l[0,l.index('/')]}#{s}#{l[(l.index('/') ),l.size]}" #concat http{s}:/x.y
+    port = (req.headers["SERVER_PORT"] != "80") ? ":#{req.headers["SERVER_PORT"]}" : ""
+    return "#{l}://#{req.headers['HTTP_HOST']}#{@uri}" #concant str
   end
-end
+
+  private :self_url
+
+end #end class

data/lib/perimeterx/internal/perimeter_x_risk_client.rb

@@ -0,0 +1,29 @@
+require 'perimeterx/utils/px_logger'
+
+class PerimeterxRiskClient
+  L = PxLogger.instance
+
+  attr_accessor :px_ctx
+  attr_accessor :px_config
+  attr_accessor :http_client
+
+  def initialize(px_ctx, px_config, http_client)
+    @px_ctx = px_ctx
+    @px_config = px_config
+    @http_client = http_client;
+  end
+
+  def format_headers()
+      formated_headers = []
+      @px_ctx.context[:headers].each do |k,v|
+        if (!@px_config["sensitive_headers"].include? k.to_s)
+          formated_headers.push({
+            :name => k.to_s,
+            :value => v
+            })
+        end #end if
+      end #end forech
+      return formated_headers
+  end #end method
+
+end #end class