prevoty 1.0.1 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e2f1c570217f3b21f6f836011447c9987480658d
4
- data.tar.gz: 5514c8210fbd6936c447554d592902fbb64c6e28
3
+ metadata.gz: ad5b5a54c536fe5f3fb549c378397945327ea326
4
+ data.tar.gz: e155ae00f346da84b53aee63f4b951e90220b176
5
5
  SHA512:
6
- metadata.gz: 862c68168adc6ab55830efefa966e7a442d1fc2823f5ff35ce343f10d86fc6aff824a1d54ed052bb25ccbd39b0c77d4b821e63757c6bdc55975b1ac243cdd920
7
- data.tar.gz: eff1028ca5fafe112ebb0ab3d81734e65abe2aef4ae91c4ae040f9c0baa7c8d56a92755dfb6bf42f27b48f44844b33a8e8b3ba7c58c072dd38be1cb73b2e1d7d
6
+ metadata.gz: 2aedb6bee19a97421af036868eec01180450eb9b263085babdd831d9151331399938d508cbe848db2d1aac3d0117a2b5619213b68956234752c6384ecc6d0ad6
7
+ data.tar.gz: c67de2fa8357b5d16567a37974f9bf9d60e4cba2d48c0b9b3baa6ab2f14544a192aaaeff75f49592a824c0b6e91fc74ec4818da4d30625f9ae90abb415c90215
@@ -29,3 +29,5 @@ require 'prevoty/responses/ecdsa_private_key'
29
29
  require 'prevoty/responses/rsa_signature'
30
30
  require 'prevoty/responses/ecdsa_signature'
31
31
  require 'prevoty/responses/signature_verify'
32
+ require 'prevoty/responses/monitor_content'
33
+ require 'Prevoty/responses/monitor_query'
@@ -79,6 +79,21 @@ module Prevoty
79
79
  end
80
80
  end
81
81
 
82
+ def monitor_content(input)
83
+ params = {api_key: @api_key, input: JSON.dump(input)}
84
+
85
+ response = HTTParty.post("#{@base}/1/xss/monitor", query: params)
86
+ case response.code
87
+ when 200 then return JSON.parse(response.body).map {|record| MonitorContent.new(record)}
88
+ when 400 then raise BadInputParameter
89
+ when 403 then raise BadAPIKey
90
+ when 413 then raise RequestTooLarge
91
+ when 500 then raise InternalError
92
+ when 507 then raise AccountQuotaExceeded
93
+ else raise Exception
94
+ end
95
+ end
96
+
82
97
  def generate_timed_token(user_identifier, action, ttl)
83
98
  params = {api_key: @api_key, user_identifier: user_identifier, action: action, ttl: ttl}
84
99
 
@@ -177,16 +192,25 @@ module Prevoty
177
192
  end
178
193
  end
179
194
 
180
- def validate_pattern(pattern, input)
181
- params = {api_key: @api_key, input: input}
195
+ def monitor_query(query)
196
+ params = {api_key: @api_key, inputs: JSON.dump(query)}
182
197
 
183
- return call_pattern("#{@base}/1/pattern/#{pattern}", params)
198
+ response = HTTParty.post("#{@base}/1/query/monitor", query: params)
199
+ case response.code
200
+ when 200 then return JSON.parse(response.body).map {|record| MonitorQuery.new(record)}
201
+ when 400 then raise BadInputParameter
202
+ when 403 then raise BadAPIKey
203
+ when 413 then raise RequestTooLarge
204
+ when 500 then raise InternalError
205
+ when 507 then raise AccountQuotaExceeded
206
+ else raise Exception
207
+ end
184
208
  end
185
209
 
186
- def validate_string(input, min, max, length)
187
- params = {api_key: @api_key, input: input, min: min, max: max, length: length}
210
+ def validate_pattern(pattern, input)
211
+ params = {api_key: @api_key, input: input}
188
212
 
189
- return call_pattern("#{@base}/1/pattern/string", params)
213
+ return call_pattern("#{@base}/1/pattern/#{pattern}", params)
190
214
  end
191
215
 
192
216
  def hash(input, function)
@@ -5,7 +5,6 @@ module Prevoty
5
5
  :blacklisted_phrases, :flagged_phrases,
6
6
  :javascript_attributes, :javascript_protocols, :javascript_tags,
7
7
  :prevoty_profanity_features, :prevoty_spam_features,
8
- :prevoty_link_metadata, :prevoty_link_density,
9
8
  :tags_balanced, :transformations
10
9
  def initialize(data)
11
10
  @bytes = data["bytes"]
@@ -19,8 +18,6 @@ module Prevoty
19
18
  @javascript_tags = data["javascript_tags"]
20
19
  @prevoty_profanity_features = data["prevoty_profanity_features"]
21
20
  @prevoty_spam_features = data["prevoty_spam_features"]
22
- @prevoty_link_metadata = data["prevoty_link_metadata"]
23
- @prevoty_link_density = data["prevoty_link_density"]
24
21
  @tags_balanced = data["tags_balanced"]
25
22
  @transformations = data["transformations"]
26
23
  end
@@ -0,0 +1,12 @@
1
+ module Prevoty
2
+ class MonitorContent
3
+ attr_accessor :bytes, :javascript_attributes, :javascript_protocols, :javascript_tags
4
+
5
+ def initialize(data)
6
+ @bytes = data["bytes"]
7
+ @javascript_attributes = data["javascript_attributes"]
8
+ @javascript_protocols = data["javascript_protocols"]
9
+ @javascript_tags = data["javascript_tags"]
10
+ end
11
+ end
12
+ end
@@ -0,0 +1,12 @@
1
+ module Prevoty
2
+ class MonitorQuery
3
+ attr_accessor :version, :processed, :intelligence, :error
4
+
5
+ def initialize(data)
6
+ @version = data["version"]
7
+ @processed = data["processed"]
8
+ @intelligence = data["intel"].map {|statement| Intelligence.new(statement)}
9
+ @error = data["error"]
10
+ end
11
+ end
12
+ end
@@ -1,3 +1,3 @@
1
1
  module Prevoty
2
- VERSION = "1.0.1"
2
+ VERSION = "1.1.0"
3
3
  end
@@ -22,4 +22,5 @@ Gem::Specification.new do |spec|
22
22
 
23
23
  spec.add_development_dependency "bundler", "~> 1.5"
24
24
  spec.add_development_dependency "rake", "~> 10.0"
25
+ spec.add_development_dependency "pry", "~> 0.10"
25
26
  end
@@ -124,6 +124,26 @@ describe Prevoty::Client do
124
124
  response.statistics.class.must_equal Prevoty::FilterStatistics
125
125
  end
126
126
 
127
+ it 'should throw BadInputParameter for monitor_content without an api key' do
128
+ client = Prevoty::Client.new('')
129
+ assert_raises Prevoty::BadInputParameter do
130
+ client.monitor_content(CONTENT_PAYLOAD)
131
+ end
132
+ end
133
+
134
+ it 'should throw BadAPIKey for monitor_content with an invalid api key' do
135
+ client = Prevoty::Client.new('badapikey')
136
+ assert_raises Prevoty::BadAPIKey do
137
+ client.monitor_content(CONTENT_PAYLOAD)
138
+ end
139
+ end
140
+
141
+ it 'should return a valid response for monitor with a valid api key' do
142
+ client = Prevoty::Client.new(API_KEY)
143
+ response = client.monitor_content(["stuff=lol", "things=<script>alert()</script>"])
144
+ response.class.must_equal Array
145
+ end
146
+
127
147
  it 'should throw BadInputParameter for generate_timed_token without an api key' do
128
148
  client = Prevoty::Client.new('')
129
149
  assert_raises Prevoty::BadInputParameter do
@@ -245,21 +265,21 @@ describe Prevoty::Client do
245
265
  it 'should throw BadInputParameter for analyze_query without an api key' do
246
266
  client = Prevoty::Client.new('')
247
267
  assert_raises Prevoty::BadInputParameter do
248
- client.analyze_query(CONTENT_PAYLOAD, '')
268
+ client.analyze_query(QUERY_PAYLOAD, '')
249
269
  end
250
270
  end
251
271
 
252
272
  it 'should throw BadAPIKey for analyze_query with an invalid api key' do
253
273
  client = Prevoty::Client.new('badapikey')
254
274
  assert_raises Prevoty::BadAPIKey do
255
- client.analyze_query(CONTENT_PAYLOAD, '')
275
+ client.analyze_query(QUERY_PAYLOAD, '')
256
276
  end
257
277
  end
258
278
 
259
279
  it 'should throw BadInputParameter for analyze_query with an invalid query key' do
260
280
  client = Prevoty::Client.new(API_KEY)
261
281
  assert_raises Prevoty::BadInputParameter do
262
- client.analyze_query(CONTENT_PAYLOAD, 'badkey')
282
+ client.analyze_query(QUERY_PAYLOAD, 'badkey')
263
283
  end
264
284
  end
265
285
 
@@ -269,51 +289,49 @@ describe Prevoty::Client do
269
289
  response.class.must_equal Prevoty::QueryAnalysis
270
290
  end
271
291
 
272
-
273
- it 'should throw BadInputParameter for validate_pattern without an api key' do
292
+ it 'should throw BadInputParameter for monitor_query without an api key' do
274
293
  client = Prevoty::Client.new('')
275
294
  assert_raises Prevoty::BadInputParameter do
276
- client.validate_pattern(Prevoty::Pattern::NUMERIC, '')
295
+ client.monitor_query(MONITOR_QUERY_PAYLOAD)
277
296
  end
278
297
  end
279
298
 
280
- it 'should throw BadAPIKey for validate_pattern with an invalid api key' do
299
+ it 'should throw BadAPIKey for monitor_query with an invalid api key' do
281
300
  client = Prevoty::Client.new('badapikey')
282
301
  assert_raises Prevoty::BadAPIKey do
283
- client.validate_pattern(Prevoty::Pattern::NUMERIC, '')
302
+ client.monitor_query(MONITOR_QUERY_PAYLOAD)
284
303
  end
285
304
  end
286
305
 
287
- it 'should throw BadInputParameter for validate_pattern with an invalid pattern' do
288
- client = Prevoty::Client.new(API_KEY)
289
- response = client.validate_pattern('badpattern', '12345')
290
- response.matched.must_equal false
291
- end
292
-
293
- it 'should return a valid response for validate_pattern' do
306
+ it 'should return a valid response for monitor with a valid api key' do
294
307
  client = Prevoty::Client.new(API_KEY)
295
- response = client.validate_pattern(Prevoty::Pattern::NUMERIC, '12345')
296
- response.class.must_equal Prevoty::InputValidation
297
- response.matched.must_equal true
308
+ response = client.monitor_query(MONITOR_QUERY_PAYLOAD)
309
+ response.class.must_equal Array
298
310
  end
299
311
 
300
- it 'should throw BadInputParameter for validate_string without an api key' do
312
+ it 'should throw BadInputParameter for validate_pattern without an api key' do
301
313
  client = Prevoty::Client.new('')
302
314
  assert_raises Prevoty::BadInputParameter do
303
- client.validate_string('test', 0, 5, 4)
315
+ client.validate_pattern(Prevoty::Pattern::NUMERIC, '')
304
316
  end
305
317
  end
306
318
 
307
- it 'should throw BadAPIKey for validate_string with an invalid api key' do
319
+ it 'should throw BadAPIKey for validate_pattern with an invalid api key' do
308
320
  client = Prevoty::Client.new('badapikey')
309
321
  assert_raises Prevoty::BadAPIKey do
310
- client.validate_string('test', 0, 5, 4)
322
+ client.validate_pattern(Prevoty::Pattern::NUMERIC, '')
311
323
  end
312
324
  end
313
325
 
314
- it 'should return a valid response for validate_string' do
326
+ it 'should throw BadInputParameter for validate_pattern with an invalid pattern' do
327
+ client = Prevoty::Client.new(API_KEY)
328
+ response = client.validate_pattern('badpattern', '12345')
329
+ response.matched.must_equal false
330
+ end
331
+
332
+ it 'should return a valid response for validate_pattern' do
315
333
  client = Prevoty::Client.new(API_KEY)
316
- response = client.validate_string('test', 0, 5, 4)
334
+ response = client.validate_pattern(Prevoty::Pattern::NUMERIC, '12345')
317
335
  response.class.must_equal Prevoty::InputValidation
318
336
  response.matched.must_equal true
319
337
  end
@@ -8,3 +8,4 @@ CONTENT_KEY = ''
8
8
  CONTENT_PAYLOAD = "the <script>alert('quick brown fox');</script> jumps over the lazy dog & mouse"
9
9
  QUERY_KEY = ''
10
10
  QUERY_PAYLOAD = 'select * from users'
11
+ MONITOR_QUERY_PAYLOAD = [{vendor: 'mysql', query: QUERY_PAYLOAD, database: 'ruby_test'}]
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: prevoty
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Joe Rozner
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-02-13 00:00:00.000000000 Z
11
+ date: 2015-03-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: httparty
@@ -52,6 +52,20 @@ dependencies:
52
52
  - - "~>"
53
53
  - !ruby/object:Gem::Version
54
54
  version: '10.0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: pry
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '0.10'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '0.10'
55
69
  description: Implementation of the Prevoty API
56
70
  email:
57
71
  - joe@prevoty.com
@@ -85,6 +99,8 @@ files:
85
99
  - lib/prevoty/responses/generate_token.rb
86
100
  - lib/prevoty/responses/hash_result.rb
87
101
  - lib/prevoty/responses/input_validation.rb
102
+ - lib/prevoty/responses/monitor_content.rb
103
+ - lib/prevoty/responses/monitor_query.rb
88
104
  - lib/prevoty/responses/query_analysis.rb
89
105
  - lib/prevoty/responses/rsa_private_key.rb
90
106
  - lib/prevoty/responses/rsa_public_key.rb