perimeter_x 1.0.5 → 1.0.6.pre.alpha

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b524739e4d2df489ebc30c582912eadb7eb26681
-  data.tar.gz: 6f70604be366db4cb4520d6b1da6ac8bd5d8069f
+  metadata.gz: 2d1e967ee5f87625d37e4c7ca523b00ae089f512
+  data.tar.gz: b08932769740ec74416a0072dc0313c12ce4ea78
 SHA512:
-  metadata.gz: 30fe7157555b9d62a8f0e66237fd2c6bce3a2ecf448d9f81ef98d178570e1df0ab5941c4a26323b3bf279390c3016d58c0f6a9414db625b33057960d3aada3f9
-  data.tar.gz: 2fd1be8ddc39fe6544a5f6b1d62043480c22a6b8a4eed2b684031a963b61ec89301958f2d4bffa00506251ee50ffa65f5cd0483b0441d092d8367528be114e5e
+  metadata.gz: 52a63dd5557e73e43f7db668f804997d57c27dd3a609f252346353e264a85c8649254e5053e3cd3db86b6a531dd45f40a97bf9de3195daee89e4b21cce2dfb6b
+  data.tar.gz: 5d213eb7b31094d369959acbd2ea240d2f747298466a922a760836b1d706017a96a6f4a3b9bac7f6865c268ec70f7f718b53fb5b1bea04de61ec83a62f21b8aa

data/.gitignore

@@ -3,20 +3,18 @@ capybara-*.html
 .rspec
 /log
 /tmp
-/bin
 /dev
 /db/*.sqlite3
 /db/*.sqlite3-journal
 /public/system
 /coverage/
 /spec/tmp
-examples/config/initializers/perimeterx.rb
-examples/app/views/home/index.html.erb
+examples/home_controller.rb
 **.orig
 *.gem
 rerun.txt
 pickle-email-*.html
-
+dev
 # TODO Comment out these rules if you are OK with secrets being uploaded to the repo
 config/initializers/secret_token.rb
 config/secrets.yml
@@ -24,7 +22,7 @@ config/secrets.yml
 # dotenv
 # TODO Comment out this rule if environment variables can be committed
 .env
-
+.idea
 ## Environment normalization:
 /.bundle
 /vendor/bundle

data/Dockerfile

@@ -37,14 +37,12 @@ RUN /bin/bash -l -c "gem install bundler"
 RUN /bin/bash -l -c "gem install rails -v 4.2.0"
 RUN mkdir -p /tmp/ruby_sandbox
 WORKDIR /tmp/ruby_sandbox
-RUN git clone https://github.com/PerimeterX/perimeterx-ruby-sdk.git
 RUN /bin/bash -l -c "rails new webapp"
 WORKDIR /tmp/ruby_sandbox/webapp
 RUN /bin/bash -l -c "rails generate controller home index"
 WORKDIR /tmp/ruby_sandbox/webapp
 EXPOSE 3000
-# TODO: make it take the files from git
-RUN sed -i '2i gem "perimeter_x", :path => "/tmp/ruby_sandbox/perimeterx-ruby-sdk"' /tmp/ruby_sandbox/webapp/Gemfile
+RUN sed -i "2i gem 'perimeter_x', '~> 1.0.5.pre.alpha'" /tmp/ruby_sandbox/webapp/Gemfile
 RUN /bin/bash -l -c "bundler update"
-COPY ./examples/ /tmp/ruby_sandbox/webapp
-CMD ["/bin/bash", "-l", "-c", "rails server -b 0.0.0.0;"]
+RUN /bin/bash -l -c "gem list|grep peri"
+CMD ["/bin/bash", "-l", "-c", "rails server -b 0.0.0.0;"]

data/Gemfile

@@ -1,3 +1,3 @@
 source "https://rubygems.org"
 
-gemspec
+gem 'httpclient', '2.8.2.4'

data/Gemfile.lock

@@ -1,55 +1,13 @@
-PATH
-  remote: .
-  specs:
-    perimeter_x (1.0.3)
-      activesupport (>= 4.2.0)
-      httpclient (= 2.8.2.4)
-      mustache (~> 1.0, >= 1.0.3)
-
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.0.2)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    concurrent-ruby (1.0.5)
-    diff-lcs (1.3)
-    httpclient (2.8.2.4)
-    i18n (0.8.1)
-    metaclass (0.0.4)
-    minitest (5.10.1)
-    mocha (1.2.1)
-      metaclass (~> 0.0.1)
-    mustache (1.0.4)
-    rake (10.4.2)
-    rspec (3.5.0)
-      rspec-core (~> 3.5.0)
-      rspec-expectations (~> 3.5.0)
-      rspec-mocks (~> 3.5.0)
-    rspec-core (3.5.4)
-      rspec-support (~> 3.5.0)
-    rspec-expectations (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-mocks (3.5.0)
-      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.5.0)
-    rspec-support (3.5.0)
-    thread_safe (0.3.6)
-    tzinfo (1.2.3)
-      thread_safe (~> 0.1)
+    httpclient (2.8.3)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (~> 1.14)
-  mocha (~> 1.2, >= 1.2.1)
-  perimeter_x!
-  rake (~> 10.0)
-  rspec (~> 3.0)
+  httpclient (= 2.8.3)
 
 BUNDLED WITH
    1.14.6

data/LICENSE.txt

@@ -1,4 +1,6 @@
-Copyright © 2016 PerimeterX, Inc.
+The MIT License (MIT)
+
+Copyright (c) 2017 nitzanpx
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -7,12 +9,13 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
-OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
-DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
-USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/Rakefile

@@ -1,9 +1,2 @@
-begin
-  require 'rspec/core/rake_task'
-
-  RSpec::Core::RakeTask.new(:spec)
-
-  task :test => :spec
-rescue LoadError
-  # no rspec available
-end
+require "bundler/gem_tasks"
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "perimeter_x"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/changelog.md

@@ -1,16 +0,0 @@
-# Change Log
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](http://keepachangelog.com/)
-and this project adheres to [Semantic Versioning](http://semver.org/).
-
-## [1.0.5] - 2017-05-07
-### Fixed
- - Added request format into context for custom callbacks
-
-## [1.0.4] - 2017-04-27
-### Fixed
- - Constants on px_constants
- - Cookie Validation flow when cookie score was over the configured threshold
- - Using symbols instead of strings for requests body

data/examples/home_controller.rb.dist

@@ -0,0 +1,23 @@
+class HomeController < ApplicationController
+  include PerimeterX
+
+  before_action :px_middleware
+
+  attr_accessor :px
+
+  def initialize()
+    params = {
+      "app_id" => <APP_ID>,
+      "cookie_key" => <COOKIE_KEY>,
+      "auth_token" => <AUTH_TOKEN>
+    }
+    @px = PxModule.instance(params)
+  end
+
+  def index
+  end
+
+  def px_middleware
+    px.px_verify(request.env)
+  end
+end

data/lib/perimeter_x.rb

@@ -1,145 +1,69 @@
 require 'perimeterx/configuration'
 require 'perimeterx/utils/px_logger'
-require 'perimeterx/utils/px_constants'
 require 'perimeterx/utils/px_http_client'
-require 'perimeterx/utils/px_template_factory'
 require 'perimeterx/internal/perimeter_x_context'
-require 'perimeterx/internal/clients/perimeter_x_activity_client'
-require 'perimeterx/internal/validators/perimeter_x_s2s_validator'
-require 'perimeterx/internal/validators/perimeter_x_cookie_validator'
-require 'perimeterx/internal/validators/perimeter_x_captcha_validator'
+require 'perimeterx/internal/perimeter_x_s2s_validator'
 
-module PxModule
+module PerimeterX
+  class PxModule
+    L = PxLogger.instance
 
-  # Module expose API
-  def px_verify_request
-    verified, px_ctx = PerimeterX.instance.verify(env)
-
-    # Invalidate _pxCaptcha, can be done only on the controller level
-    cookies[:_pxCaptcha] = { value: "", expires: -1.minutes.from_now }
-
-    if (!verified)
-      # In case custon block handler exists
-      if (PerimeterX.instance.px_config.key?(:custom_block_handler))
-        PerimeterX.instance.px_config[:logger].debug("PxModule[px_verify_request]: custom_block_handler triggered")
-        return instance_exec(px_ctx, &PerimeterX.instance.px_config[:custom_block_handler])
-      else
-        # Generate template
-        PerimeterX.instance.px_config[:logger].debug("PxModule[px_verify_request]: sending default block page")
-        html = PxTemplateFactory.get_template(px_ctx, PerimeterX.instance.px_config)
-        response.headers["Content-Type"] = "text/html"
-        response.status = 403
-        render :html => html
-      end
-    end
-
-    return verified
-  end
-
-  def self.configure(params)
-    @px_instance = PerimeterX.configure(params)
-  end
-
-
-  # PerimtereX Module
-  class PerimeterX
-    @@__instance = nil
-    @@mutex = Mutex.new
+    @@singleton__instance__ = nil
+    @@singleton__mutex__ = Mutex.new
 
     attr_reader :px_config
     attr_accessor :px_http_client
-    attr_accessor :px_activity_client
 
-    #Static methods
-    def self.configure(params)
-      return true if @@__instance
-      @@mutex.synchronize {
-        return @@__instance if @@__instance
-        @@__instance = new(params)
+    def self.instance(params)
+      return @@singleton__instance__ if @@singleton__instance__
+      @@singleton__mutex__.synchronize {
+        return @@singleton__instance__ if @@singleton__instance__
+        @@singleton__instance__ = new(params)
       }
-      return true
+      @@singleton__instance__
     end
 
-    def self.instance
-      return @@__instance if !@@__instance.nil?
-      raise Exception.new("Please initialize perimeter x first")
-    end
 
+    private def initialize(params)
+      L.info("PerimeterX[initialize]")
+      @px_config = Configuration.new(params).configuration
+      @px_http_client = PxHttpClient.new(@px_config)
+    end
 
-    #Instance Methods
-    def verify(env)
+    def px_verify(env)
       begin
-        @logger.debug("PerimeterX[pxVerify]")
+        L.info("PerimeterX[pxVerify]")
         req = ActionDispatch::Request.new(env)
-        if (!@px_config[:module_enabled])
-          @logger.warn("Module is disabled")
+
+        if (!@px_config['module_enabled'])
+          L.warn("Module is disabled")
           return true
         end
-        px_ctx = PerimeterXContext.new(@px_config, req)
 
-        # Captcha phase
-        captcha_verified, px_ctx = @px_captcha_validator.verify(px_ctx)
-        if (captcha_verified)
-          return handle_verification(px_ctx)
-        end
+        px_ctx = PerimeterXContext.new(@px_config, req)
+        px_ctx.context[:s2s_call_reason] = "no_cookie"
 
-        # Cookie phase
-        cookie_verified, px_ctx = @px_cookie_validator.verify(px_ctx)
-        if (!cookie_verified)
-          @px_s2s_validator.verify(px_ctx)
-        end
+        s2sValidator = PerimeterxS2SValidator.new(px_ctx, @px_config, @px_http_client)
+        px_ctx = s2sValidator.verify()
 
-        if (@px_config.key?(:custom_verification_handler))
-          return @px_config[:custom_verification_handler].call(px_ctx.context)
+        if (px_config.key?('custom_verification_handler'))
+          return px_config['custom_verification_handler'].call(px_ctx.context)
         else
           return handle_verification(px_ctx)
         end
       rescue Exception => e
-        @logger.error("#{e.backtrace.first}: #{e.message} (#{e.class})")
-        e.backtrace.drop(1).map { |s| @logger.error("\t#{s}") }
+        puts("#{e.backtrace.first}: #{e.message} (#{e.class})", e.backtrace.drop(1).map { |s| "\t#{s}" })
         return true
       end
     end
 
-    private def initialize(params)
-      @px_config = Configuration.new(params).configuration
-      @logger = @px_config[:logger]
-      @px_http_client = PxHttpClient.new(@px_config)
-
-      @px_activity_client = PerimeterxActivitiesClient.new(@px_config, @px_http_client)
-
-      @px_cookie_validator = PerimeterxCookieValidator.new(@px_config)
-      @px_s2s_validator = PerimeterxS2SValidator.new(@px_config, @px_http_client)
-      @px_captcha_validator = PerimeterxCaptchaValidator.new(@px_config, @px_http_client)
-      @logger.debug("PerimeterX[initialize]")
-    end
-
+    # private methods
     private def handle_verification(px_ctx)
-      @logger.debug("PerimeterX[handle_verification]")
-      @logger.debug("PerimeterX[handle_verification]: processing ended - score:#{px_ctx.context[:score]}, uuid:#{px_ctx.context[:uuid]}")
-
-      score = px_ctx.context[:score]
-      # Case PASS request
-      if (score < @px_config[:blocking_score])
-        @logger.debug("PerimeterX[handle_verification]: score:#{score} < blocking score, passing request")
-        @px_activity_client.send_page_requested_activity(px_ctx)
-        return true
-      end
-
-      # Case blocking activity
-      @px_activity_client.send_block_activity(px_ctx)
-
-      # In case were in monitor mode, end here
-      if(@px_config[:module_mode] == PxModule::MONITOR_MODE)
-        @logger.debug("PerimeterX[handle_verification]: monitor mode is on, passing request")
-        return true
-      end
-
-      @logger.debug("PerimeterX[handle_verification]: verification ended, the request should be blocked")
-
-      return false, px_ctx
+      L.info("perimeterx processing ended - score:#{px_ctx.context[:score]}, uuid:#{px_ctx.context[:uuid]}")
+      return true
     end
 
     private_class_method :new
   end
+
 end

data/lib/perimeterx/configuration.rb

@@ -1,37 +1,30 @@
-require 'perimeterx/utils/px_logger'
-require 'perimeterx/utils/px_constants'
-
-module PxModule
+module PerimeterX
   class Configuration
 
     attr_accessor :configuration
     attr_accessor :PX_DEFAULT
+    attr_accessor :MONITOR_MODE
+    attr_accessor :ACTIVE_MODE
+
+    MONITOR_MODE = 1
+    ACTIVE_MODE = 2
 
     PX_DEFAULT = {
-      :app_id                   => nil,
-      :cookie_key               => nil,
-      :auth_token               => nil,
-      :module_enabled           => true,
-      :captcha_enabled          => true,
-      :challenge_enabled        => true,
-      :encryption_enabled       => true,
-      :blocking_score           => 70,
-      :sensitive_headers        => ["http-cookie", "http-cookies"],
-      :api_connect_timeout      => 0,
-      :api_timeout              => 0,
-      :max_buffer_len           => 30,
-      :send_page_activities     => false,
-      :send_block_activities    => true,
-      :sdk_name                 => PxModule::SDK_NAME,
-      :debug                    => false,
-      :module_mode              => PxModule::ACTIVE_MODE,
-      :local_proxy              => false
+      "app_id"                   => nil,
+      "auth_token"               => nil,
+      "module_enabled"           => true,
+      "blocking_score"           => 70,
+      "sensitive_headers"        => ["cookie", "cookies"],
+      "api_connect_timeout"      => 1,
+      "api_timeout"              => 1,
+      "sdk_name"                 => "RUBY SLIM SDK v1.0.0",
+      "debug_mode"               => false,
+      "module_mode"              => MONITOR_MODE,
     }
 
     def initialize(params)
-      PX_DEFAULT[:perimeterx_server_host] = "https://sapi-#{params[:app_id].downcase}.perimeterx.net"
+      PX_DEFAULT["perimeterx_server_host"] = "https://sapi-#{params['app_id'].downcase}.perimeterx.net"
       @configuration = PX_DEFAULT.merge(params);
-      @configuration[:logger] = PxLogger.new(@configuration[:debug])
     end
   end
 end

data/lib/perimeterx/internal/perimeter_x_context.rb

@@ -1,83 +1,62 @@
 require 'perimeterx/utils/px_logger'
 
-module PxModule
-  class PerimeterXContext
-
-    attr_accessor :context
-    attr_accessor :px_config
-
-    def initialize(px_config, req)
-      @logger = px_config[:logger];
-      @logger.debug("PerimeterXContext[initialize] ")
-      @context = Hash.new
-
-      @context[:px_cookie] = Hash.new
-      @context[:headers] = Hash.new
-      cookies = req.cookies
-      if (!cookies.empty?)
-        # Prepare hashed cookies
-        cookies.each do |k, v|
-          case k.to_s
-            when "_px3"
-              @context[:px_cookie][:v3] = v
-            when "_px"
-              @context[:px_cookie][:v1] = v
-            when "_pxCaptcha"
-              @context[:px_captcha] = v
-          end
-        end #end case
-      end #end empty cookies
-
-      req.headers.each do |k, v|
-        if (k.start_with? "HTTP_")
-          header = k.to_s.gsub("HTTP_", "")
-          header = header.gsub("_", "-").downcase
-          @context[:headers][header.to_sym] = v
+class PerimeterXContext
+  L = PxLogger.instance
+
+  attr_accessor :context
+  attr_accessor :px_config
+
+  def initialize(px_config, req)
+    L.info("PerimeterXContext: initialize")
+    @context = Hash.new
+
+    @context[:px_cookies] = Hash.new
+    @context[:headers] = Hash.new
+    cookies = req.cookies
+    if (!cookies.empty?)
+      # Prepare hashed cookies
+      cookies.each do |k, v|
+        case k
+          when "_px3"
+            @context[:px_cookies] = v
+          when "_px"
+            @context[:px_cookies] = v
+          when "_pxCaptcha"
+            @context[:px_captcha] = v
         end
-      end #end headers foreach
-
-      @context[:hostname]= req.server_name
-      @context[:user_agent] = req.user_agent ? req.user_agent : ''
-      @context[:uri] = px_config[:custom_uri] ? px_config[:custom_uri].call(req)  : req.headers['REQUEST_URI']
-      @context[:full_url] = req.original_url
-      @context[:format] = req.format.symbol
-      @context[:score] = 0
-
-      if px_config.key?(:custom_user_ip)
-        @context[:ip] = req.headers[px_config[:custom_user_ip]]
-      elsif px_config.key?(:px_custom_user_ip_method)
-        @context[:ip] = px_config[:px_custom_user_ip_method].call(req)
-      else
-        @context[:ip] = req.ip
+      end #end case
+    end #end empty cookies
+
+    req.headers.each do |k, v|
+      if (k.start_with? "HTTP_")
+        header = k.to_s.gsub("HTTP_", "")
+        header = header.gsub("_", "-").downcase
+        @context[:headers][header.to_sym] = v
       end
+    end #end headers foreach
+
+    @context[:hostname]= req.headers['HTTP_HOST']
+    @context[:user_agent] = req.headers['HTTP_USER_AGENT'] ? req.headers['HTTP_USER_AGENT'] : ''
+    @context[:full_url] = req.original_url
+    @context[:score] = 0
+
+    if px_config.key?('custom_user_ip')
+      @context[:ip] = px_config['custom_user_ip']
+    elsif px_config.key?('px_custom_user_ip_method')
+      puts "px_custom_user_ip_method triggered"
+      @context[:ip] = px_config['px_custom_user_ip_method'].call(req)
+    else
+      @context[:ip] = req.headers['REMOTE_ADDR'];
+    end
 
-      if req.server_protocol
-          httpVer = req.server_protocol.split("/")
-          if httpVer.size > 0
-              @context[:http_version] = httpVer[1];
-          end
+    if req.headers['SERVER_PROTOCOL']
+      httpVer = req.headers['SERVER_PROTOCOL'].split("/")
+      if httpVer.size > 0
+        @context[:http_version] = httpVer[1];
       end
-      @context[:http_method] = req.method
-
-    end #end init
-
-    def set_block_action_type(action)
-      @context[:block_action] = case action
-        when "c"
-          "captcha"
-        when "b"
-          return "block"
-        when "j"
-          return "challenge"
-        else
-          return "captcha"
-        end
     end
+    @context[:http_method] = req.headers['REQUEST_METHOD'];
 
-    def get_px_cookie
-      cookie = @context[:px_cookie].key?(:v3) ? @context[:px_cookie][:v3] : @context[:px_cookie][:v1]
-      return cookie.tr(' ','+') if !cookie.nil?
-    end
+  end #end init
 
-  end
-end
+end #end class

data/lib/perimeterx/internal/perimeter_x_risk_client.rb

@@ -0,0 +1,29 @@
+require 'perimeterx/utils/px_logger'
+
+class PerimeterxRiskClient
+  L = PxLogger.instance
+
+  attr_accessor :px_ctx
+  attr_accessor :px_config
+  attr_accessor :http_client
+
+  def initialize(px_ctx, px_config, http_client)
+    @px_ctx = px_ctx
+    @px_config = px_config
+    @http_client = http_client;
+  end
+
+  def format_headers()
+      formated_headers = []
+      @px_ctx.context[:headers].each do |k,v|
+        if (!@px_config["sensitive_headers"].include? k.to_s)
+          formated_headers.push({
+            :name => k.to_s,
+            :value => v
+            })
+        end #end if
+      end #end forech
+      return formated_headers
+  end #end method
+
+end #end class