prevoty 1.1.1 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -7
- data/lib/prevoty.rb +0 -1
- data/lib/prevoty/client.rb +142 -15
- data/lib/prevoty/responses/api_key_info.rb +1 -1
- data/lib/prevoty/responses/decrypt_result.rb +1 -1
- data/lib/prevoty/responses/delete_token.rb +1 -1
- data/lib/prevoty/responses/ecdsa_private_key.rb +1 -1
- data/lib/prevoty/responses/ecdsa_public_key.rb +1 -1
- data/lib/prevoty/responses/ecdsa_signature.rb +1 -1
- data/lib/prevoty/responses/encrypt_result.rb +1 -1
- data/lib/prevoty/responses/filter_content.rb +1 -1
- data/lib/prevoty/responses/filter_statistics.rb +1 -1
- data/lib/prevoty/responses/generate_token.rb +1 -1
- data/lib/prevoty/responses/hash_result.rb +1 -1
- data/lib/prevoty/responses/input_validation.rb +1 -1
- data/lib/prevoty/responses/monitor_content.rb +1 -1
- data/lib/prevoty/responses/query_analysis.rb +115 -10
- data/lib/prevoty/responses/rsa_private_key.rb +1 -1
- data/lib/prevoty/responses/rsa_public_key.rb +1 -1
- data/lib/prevoty/responses/rsa_signature.rb +1 -1
- data/lib/prevoty/responses/validate_token.rb +1 -1
- data/lib/prevoty/version.rb +1 -1
- data/prevoty.gemspec +1 -0
- metadata +18 -5
- data/.gitignore +0 -19
- data/lib/prevoty/responses/monitor_query.rb +0 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fecf756843ccd0e613801114afe63558ecbe4340
|
4
|
+
data.tar.gz: c0b796704e01cdfc8e7494c0b57a28b7e36ebd08
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1b1813d8e70e600083f6bc62a7632321796c538030d8097cb5ffec8eefe7ac416347cf67e689731bdd6a64a932bad436bfc50dcd3d10067e5e7687acb97bd236
|
7
|
+
data.tar.gz: c7453c7c9501ea5fcdf3f402e216fb1994615c9982dc72f671e7ecf80d40caee6f06ef59b9f4a21d306de233d0bcd3565865a83cfaabdcfc6144bde5b26e90e0
|
data/README.md
CHANGED
@@ -21,13 +21,11 @@ Or install it yourself as:
|
|
21
21
|
|
22
22
|
## Usage
|
23
23
|
|
24
|
-
1
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
4) Run `ruby example.rb`
|
24
|
+
1. Pull a copy or .zip/.tar of this repository
|
25
|
+
2. Make sure you have a v1 API key (shown at the bottom of the API Keys page in Prevoty Manager Console)
|
26
|
+
3. Edit `example.rb` - you will want to put in your API and policy configuration keys (from the Security
|
27
|
+
Policies page in Prevoty Manager Console, not to be confused with the keys from the Plugin Configurations page)
|
28
|
+
4. Run `ruby example.rb`
|
31
29
|
|
32
30
|
## Contributing
|
33
31
|
|
data/lib/prevoty.rb
CHANGED
data/lib/prevoty/client.rb
CHANGED
@@ -2,14 +2,24 @@ require 'httparty'
|
|
2
2
|
require 'json'
|
3
3
|
|
4
4
|
module Prevoty
|
5
|
+
|
6
|
+
# The Client is used to call specific methods that represent the various
|
7
|
+
# endpoints of the Prevoty API.
|
8
|
+
|
5
9
|
class Client
|
6
10
|
attr_accessor :api_key, :base
|
7
11
|
|
12
|
+
# Create a new Client
|
13
|
+
# @param api_key [String] the api_key
|
14
|
+
# @param base [String] the base url to request
|
15
|
+
# @return [Client] a new Client
|
8
16
|
def initialize(api_key=nil, base=nil)
|
9
17
|
@api_key = api_key
|
10
18
|
@base = base ||= 'https://api.prevoty.com'
|
11
19
|
end
|
12
20
|
|
21
|
+
# Verify that the supplied API key is valid
|
22
|
+
# @return [true, false]
|
13
23
|
def verify_api_key
|
14
24
|
params = {api_key: @api_key}
|
15
25
|
|
@@ -23,6 +33,8 @@ module Prevoty
|
|
23
33
|
end
|
24
34
|
end
|
25
35
|
|
36
|
+
# Get information about the current api key
|
37
|
+
# @return [APIKeyInfo] api key info
|
26
38
|
def api_key_info
|
27
39
|
params = {api_key: @api_key}
|
28
40
|
|
@@ -36,6 +48,9 @@ module Prevoty
|
|
36
48
|
end
|
37
49
|
end
|
38
50
|
|
51
|
+
# Verify that the specified content configuration key is valid
|
52
|
+
# @param configuration_key [String] content configuration key
|
53
|
+
# @return [true, false]
|
39
54
|
def verify_content_configuration(configuration_key)
|
40
55
|
params = {api_key: @api_key, rule_key: configuration_key}
|
41
56
|
|
@@ -49,6 +64,10 @@ module Prevoty
|
|
49
64
|
end
|
50
65
|
end
|
51
66
|
|
67
|
+
# Filter content through the prevoty engine
|
68
|
+
# @param input [String] content to be filtered
|
69
|
+
# @param configuration_key [String] configuration to filter the content with
|
70
|
+
# @return [FilterContent] filtered response from the api
|
52
71
|
def filter_content(input, configuration_key)
|
53
72
|
params = {api_key: @api_key, rule_key: configuration_key, input: input}
|
54
73
|
|
@@ -64,6 +83,10 @@ module Prevoty
|
|
64
83
|
end
|
65
84
|
end
|
66
85
|
|
86
|
+
# Filter a full query string from a request
|
87
|
+
# @param input [String] query string to filter
|
88
|
+
# @param configuration_key [String] configuration to filter content with
|
89
|
+
# @return [FilterContent] filtered response from the api
|
67
90
|
def bulk_filter(input, configuration_key)
|
68
91
|
params = {api_key: @api_key, rule_key: configuration_key, input: input}
|
69
92
|
|
@@ -79,10 +102,13 @@ module Prevoty
|
|
79
102
|
end
|
80
103
|
end
|
81
104
|
|
105
|
+
# Monitor content
|
106
|
+
# @param input [Array] content to perform analysis on
|
107
|
+
# @return [Array] array of content that has been analyzed
|
82
108
|
def monitor_content(input)
|
83
109
|
params = {api_key: @api_key, input: JSON.dump(input)}
|
84
110
|
|
85
|
-
response = HTTParty.post("#{@base}/1/xss/monitor",
|
111
|
+
response = HTTParty.post("#{@base}/1/xss/monitor", body: params)
|
86
112
|
case response.code
|
87
113
|
when 200 then return JSON.parse(response.body).map {|record| MonitorContent.new(record)}
|
88
114
|
when 400 then raise BadInputParameter
|
@@ -94,6 +120,11 @@ module Prevoty
|
|
94
120
|
end
|
95
121
|
end
|
96
122
|
|
123
|
+
# Generate a timed CSRF token
|
124
|
+
# @param user_identifier [String] unique identifier for a user (eg. session id)
|
125
|
+
# @param action [String] action the token is being generated for
|
126
|
+
# @param ttl [Integer] time in seconds the token is valid for (min: 0, max: 86400)
|
127
|
+
# @return [GenerateToken] generated token
|
97
128
|
def generate_timed_token(user_identifier, action, ttl)
|
98
129
|
params = {api_key: @api_key, user_identifier: user_identifier, action: action, ttl: ttl}
|
99
130
|
|
@@ -108,6 +139,11 @@ module Prevoty
|
|
108
139
|
end
|
109
140
|
end
|
110
141
|
|
142
|
+
# Validate a timed CSRF token
|
143
|
+
# @param user_identifier [String] unique identifier for a user (eg. session id)
|
144
|
+
# @param action [String] action the token is being validated for
|
145
|
+
# @param token [String] token to be validated
|
146
|
+
# @return [ValidateToken] result of validating
|
111
147
|
def validate_timed_token(user_identifier, action, token)
|
112
148
|
params = {api_key: @api_key, user_identifier: user_identifier, action: action, token: token}
|
113
149
|
|
@@ -122,6 +158,11 @@ module Prevoty
|
|
122
158
|
end
|
123
159
|
end
|
124
160
|
|
161
|
+
# Delete a timed token
|
162
|
+
# @param user_identifier [String] unique identifier for a user (eg. session id)
|
163
|
+
# @param action [String] action the token is being deleted for
|
164
|
+
# @param token [String] token to delete
|
165
|
+
# @return [DeleteToken] result of deleting the token
|
125
166
|
def delete_timed_token(user_identifier, action, token)
|
126
167
|
params = {api_key: @api_key, user_identifier: user_identifier, action: action, token: token}
|
127
168
|
|
@@ -136,6 +177,10 @@ module Prevoty
|
|
136
177
|
end
|
137
178
|
end
|
138
179
|
|
180
|
+
# Generate a persisted token
|
181
|
+
# @param user_identifier [String] unique identifier for a user (eg. session id)
|
182
|
+
# @param action [String] action the token is being generated for
|
183
|
+
# @return [GenerateToken] generated token
|
139
184
|
def generate_persisted_token(user_identifier, action)
|
140
185
|
params = {api_key: @api_key, user_identifier: user_identifier, action: action}
|
141
186
|
|
@@ -150,6 +195,11 @@ module Prevoty
|
|
150
195
|
end
|
151
196
|
end
|
152
197
|
|
198
|
+
# Validate a persisted token
|
199
|
+
# @param user_identifier [String] unique identifier for a user (eg. session id)
|
200
|
+
# @param action [String] action the token is being validated for
|
201
|
+
# @param token [String] token to be validated
|
202
|
+
# @return [ValidateToken] result of validating
|
153
203
|
def validate_persisted_token(user_identifier, action, token)
|
154
204
|
params = {api_key: @api_key, user_identifier: user_identifier, action: action, token: token}
|
155
205
|
|
@@ -164,6 +214,11 @@ module Prevoty
|
|
164
214
|
end
|
165
215
|
end
|
166
216
|
|
217
|
+
# Delete a persisted
|
218
|
+
# @param user_identifier [String] unique identifier for a user (eg. session id)
|
219
|
+
# @param action [String] action the token is being deleted for
|
220
|
+
# @param token [String] token to delete
|
221
|
+
# @return [DeleteToken] result of deleting the token
|
167
222
|
def delete_persisted_token(user_identifier, action, token)
|
168
223
|
params = {api_key: @api_key, user_identifier: user_identifier, action: action, token: token}
|
169
224
|
|
@@ -178,6 +233,10 @@ module Prevoty
|
|
178
233
|
end
|
179
234
|
end
|
180
235
|
|
236
|
+
# Analyze an SQL query
|
237
|
+
# @param query [String] query to analyze
|
238
|
+
# @param config_key [String] configuration to analyze with
|
239
|
+
# @return [QueryAnalysis] analysis of the query
|
181
240
|
def analyze_query(query, config_key)
|
182
241
|
params = {api_key: @api_key, query: query, config_key: config_key}
|
183
242
|
|
@@ -192,10 +251,13 @@ module Prevoty
|
|
192
251
|
end
|
193
252
|
end
|
194
253
|
|
254
|
+
# Monitor an SQL query
|
255
|
+
# @param query [Array] array of queries to monitor
|
256
|
+
# @return [Array] array of analysis results
|
195
257
|
def monitor_query(query)
|
196
258
|
params = {api_key: @api_key, inputs: JSON.dump(query)}
|
197
259
|
|
198
|
-
response = HTTParty.post("#{@base}/1/query/monitor",
|
260
|
+
response = HTTParty.post("#{@base}/1/query/monitor", body: params)
|
199
261
|
case response.code
|
200
262
|
when 200 then return JSON.parse(response.body).map {|record| MonitorQuery.new(record)}
|
201
263
|
when 400 then raise BadInputParameter
|
@@ -207,12 +269,30 @@ module Prevoty
|
|
207
269
|
end
|
208
270
|
end
|
209
271
|
|
272
|
+
# Validate input with a pattern
|
273
|
+
# @param pattern [Integer, String] pattern to validate with. For built-ins constants can be found in {Prevoty::Pattern}
|
274
|
+
# @param input [String] input to validate
|
275
|
+
# @return [InputValidation] pattern validation result
|
210
276
|
def validate_pattern(pattern, input)
|
211
277
|
params = {api_key: @api_key, input: input}
|
212
278
|
|
213
|
-
|
279
|
+
response = HTTParty.get("#{@base}/1/pattern/#{pattern}", query: params)
|
280
|
+
case response.code
|
281
|
+
when 200 then return InputValidation.new(JSON.parse(response.body))
|
282
|
+
when 400 then raise BadInputParameter
|
283
|
+
when 403 then raise BadAPIKey
|
284
|
+
when 500 then raise InternalError
|
285
|
+
when 507 then raise AccountQuotaExceeded
|
286
|
+
else raise Exception
|
287
|
+
end
|
214
288
|
end
|
215
289
|
|
290
|
+
# Hash input with a specified algorithm
|
291
|
+
#
|
292
|
+
# @note Constants for hash functions are specified in {Prevoty::Hash}
|
293
|
+
# @param input [String] input to hash
|
294
|
+
# @param function [Integer] hash function to use
|
295
|
+
# @return [HashResult] hashed input
|
216
296
|
def hash(input, function)
|
217
297
|
params = {api_key: @api_key, payload: input, function: function}
|
218
298
|
|
@@ -227,6 +307,12 @@ module Prevoty
|
|
227
307
|
end
|
228
308
|
end
|
229
309
|
|
310
|
+
# Encrypt input with a specified algorithm
|
311
|
+
#
|
312
|
+
# @param input [String] into to encrypt
|
313
|
+
# @param algorithm [Integer] algorithm to encrypt with. Constants are specified in {Prevoty::Crypto::Algorithms}
|
314
|
+
# @param mode [Integer] mode to use. Constants are specified in {Prevoty::Crypto::Modes}
|
315
|
+
# @return [EncryptResult] encrypted data
|
230
316
|
def encrypt(input, algorithm, mode)
|
231
317
|
params = {api_key: @api_key, payload: input, algorithm: algorithm, mode: mode}
|
232
318
|
|
@@ -241,6 +327,10 @@ module Prevoty
|
|
241
327
|
end
|
242
328
|
end
|
243
329
|
|
330
|
+
# Decrypt encrypted data
|
331
|
+
#
|
332
|
+
# @param result [EncryptResult] data to decrypt
|
333
|
+
# @return [DecryptResult] decrypted data
|
244
334
|
def decrypt(result)
|
245
335
|
params = {api_key: @api_key, obj: result.to_json}
|
246
336
|
|
@@ -255,6 +345,10 @@ module Prevoty
|
|
255
345
|
end
|
256
346
|
end
|
257
347
|
|
348
|
+
# Generate a keypair using RSA
|
349
|
+
#
|
350
|
+
# @param keysize [Integer] number of bits for the keysize
|
351
|
+
# @return [RSAPrivateKey] private key
|
258
352
|
def generate_rsa_keypair(keysize)
|
259
353
|
params = {api_key: @api_key, algorithm: Prevoty::Crypto::KeyAlgorithms::RSA_PKCS, meta: keysize}
|
260
354
|
|
@@ -269,6 +363,10 @@ module Prevoty
|
|
269
363
|
end
|
270
364
|
end
|
271
365
|
|
366
|
+
# Generate a keypair using ECDSA
|
367
|
+
#
|
368
|
+
# @param curve [Integer] curve to use. Constants exist in {Prevoty::Crypto::Curves}
|
369
|
+
# @return [ECDSAPrivateKey] private key
|
272
370
|
def generate_ecdsa_keypair(curve)
|
273
371
|
params = {api_key: @api_key, algorithm: Prevoty::Crypto::KeyAlgorithms::ECDSA, meta: curve}
|
274
372
|
|
@@ -283,49 +381,78 @@ module Prevoty
|
|
283
381
|
end
|
284
382
|
end
|
285
383
|
|
384
|
+
# Sign data using RSA PSS
|
385
|
+
#
|
386
|
+
# @param payload [String] the data to sign
|
387
|
+
# @param func [Integer] the hash function to sign with. Constants can be found in {Prevoty::Hash}
|
388
|
+
# @param private_key [RSAPrivateKey] private key to sign with
|
389
|
+
# @param options [Integer] RSA PSS options. Constants can be found in {Prevoty::Crypto::PSSSaltOptions}
|
390
|
+
# @return [RSASignature] signature of data
|
286
391
|
def rsa_pss_signature(payload, func, private_key, options)
|
287
392
|
params = {api_key: @api_key, algorithm: Prevoty::Crypto::KeyAlgorithms::RSA_PSS, hash: func, key: private_key.to_json, payload: payload, opt: options}
|
288
393
|
return call_rsa_signature(params)
|
289
394
|
end
|
290
395
|
|
396
|
+
# Sign data using RSA PKCS
|
397
|
+
#
|
398
|
+
# @param payload [String] the data to sign
|
399
|
+
# @param func [Integer] the hash function to sign with. Constants can be found in {Prevoty::Hash}
|
400
|
+
# @param private_key [RSAPrivateKey] private key to sign with
|
401
|
+
# @return [RSASignature] signature of data
|
291
402
|
def rsa_pkcs_signature(payload, func, private_key)
|
292
403
|
params = {api_key: @api_key, algorithm: Prevoty::Crypto::KeyAlgorithms::RSA_PKCS, hash: func, key: private_key.to_json, payload: payload}
|
293
404
|
return call_rsa_signature(params)
|
294
405
|
end
|
295
406
|
|
407
|
+
# Sign data using ECDSA
|
408
|
+
#
|
409
|
+
# @param payload [String] the data to sign
|
410
|
+
# @param func [Integer] the hash function to sign with. Constants can be found in {Prevoty::Hash}
|
411
|
+
# @param private_key [ECDSAPrivateKey] private key to sign with
|
412
|
+
# @return [RSASignature] signature of data
|
296
413
|
def ecdsa_signature(payload, func, private_key)
|
297
414
|
params = {api_key: @api_key, algorithm: Prevoty::Crypto::KeyAlgorithms::ECDSA, hash: func, key: private_key.to_json, payload: payload}
|
298
415
|
return call_ecdsa_signature(params)
|
299
416
|
end
|
300
417
|
|
418
|
+
# Verify RSA PSS signature
|
419
|
+
#
|
420
|
+
# @param payload [String] the data to verify
|
421
|
+
# @param func [Integer] the hash function to sign with. Constants can be found in {Prevoty::Hash}
|
422
|
+
# @param public_key [RSAPublicKey] public key to verify signature with
|
423
|
+
# @param signature [String] signature to verify
|
424
|
+
# @param options [Integer] RSA PSS options. Constants can be found in {Prevoty::Crypto::PSSSaltOptions}
|
425
|
+
# @return [SignatureVerify] signature of data
|
301
426
|
def verify_rsa_pss_signature(payload, func, public_key, signature, options)
|
302
427
|
params = {api_key: @api_key, algorithm: Prevoty::Crypto::KeyAlgorithms::RSA_PSS, hash: func, key: public_key.to_json, sig: signature.to_json, payload: payload, opt: options}
|
303
428
|
return call_verify_signature(params)
|
304
429
|
end
|
305
430
|
|
431
|
+
# Verify RSA PSS signature
|
432
|
+
#
|
433
|
+
# @param payload [String] the data to verify
|
434
|
+
# @param func [Integer] the hash function to sign with. Constants can be found in {Prevoty::Hash}
|
435
|
+
# @param public_key [RSAPublicKey] public key to verify signature with
|
436
|
+
# @param signature [String] signature to verify
|
437
|
+
# @return [SignatureVerify] signature of data
|
306
438
|
def verify_rsa_pkcs_signature(payload, func, public_key, signature)
|
307
439
|
params = {api_key: @api_key, algorithm: Prevoty::Crypto::KeyAlgorithms::RSA_PKCS, hash: func, key: public_key.to_json, sig: signature.to_json, payload: payload}
|
308
440
|
return call_verify_signature(params)
|
309
441
|
end
|
310
442
|
|
443
|
+
# Verify ECDSA signature
|
444
|
+
#
|
445
|
+
# @param payload [String] the data to verify
|
446
|
+
# @param func [Integer] the hash function to sign with. Constants can be found in {Prevoty::Hash}
|
447
|
+
# @param public_key [ECDSAPublicKey] public key to verify signature with
|
448
|
+
# @param signature [String] signature to verify
|
449
|
+
# @return [SignatureVerify] signature of data
|
311
450
|
def verify_ecdsa_signature(payload, func, public_key, signature)
|
312
451
|
params = {api_key: @api_key, algorithm: Prevoty::Crypto::KeyAlgorithms::ECDSA, hash: func, key: public_key.to_json, sig: signature.to_json, payload: payload}
|
313
452
|
return call_verify_signature(params)
|
314
453
|
end
|
315
454
|
|
316
455
|
private
|
317
|
-
def call_pattern(url, params)
|
318
|
-
response = HTTParty.get(url, query: params)
|
319
|
-
case response.code
|
320
|
-
when 200 then return InputValidation.new(JSON.parse(response.body))
|
321
|
-
when 400 then raise BadInputParameter
|
322
|
-
when 403 then raise BadAPIKey
|
323
|
-
when 500 then raise InternalError
|
324
|
-
when 507 then raise AccountQuotaExceeded
|
325
|
-
else raise Exception
|
326
|
-
end
|
327
|
-
end
|
328
|
-
|
329
456
|
def call_rsa_signature(params)
|
330
457
|
response = HTTParty.post("#{@base}/1/crypto/sign", query: params)
|
331
458
|
case response.code
|
@@ -1,32 +1,76 @@
|
|
1
1
|
module Prevoty
|
2
2
|
class QueryAnalysis
|
3
|
-
|
3
|
+
attr_reader :engine_version, :processed, :vendor, :vendor_version,
|
4
|
+
:compliant, :statements, :error
|
4
5
|
|
5
6
|
def initialize(data)
|
6
|
-
@
|
7
|
+
@engine_version = data["engine_version"]
|
7
8
|
@processed = data["processed"]
|
9
|
+
@vendor = data["vendor"]
|
10
|
+
@vendor_version = data["vendor_version"]
|
8
11
|
@compliant = data["compliant"]
|
9
12
|
@statements = data["statements"].map {|statement| Statement.new(statement)}
|
10
13
|
@error = data["error"]
|
11
14
|
end
|
15
|
+
|
16
|
+
def to_json(options)
|
17
|
+
return {
|
18
|
+
engine_version: @engine_version, processed: @processed,
|
19
|
+
vendor: @vendor, vendor_version: @vendor_version,
|
20
|
+
compliant: @compliant, statements: @statements, error: @error
|
21
|
+
}.to_json
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
class MonitorQuery
|
26
|
+
attr_reader :engine_version, :processed, :vendor, :vendor_version,
|
27
|
+
:intelligence, :error
|
28
|
+
|
29
|
+
def initialize(data)
|
30
|
+
@engine_version = data["engine_version"]
|
31
|
+
@processed = data["processed"]
|
32
|
+
@vendor = data["vendor"]
|
33
|
+
@vendor_version = data["vendor_version"]
|
34
|
+
@intelligence = data["intelligence"].map {|statement| Intelligence.new(statement)}
|
35
|
+
@error = data["error"]
|
36
|
+
end
|
37
|
+
|
38
|
+
def to_json(options)
|
39
|
+
return {
|
40
|
+
engine_version: @engine_version, processed: @processed,
|
41
|
+
vendor: @vendor, vendor_version: @vendor_version,
|
42
|
+
intelligence: @intelligence, error: @error
|
43
|
+
}.to_json
|
44
|
+
end
|
12
45
|
end
|
13
46
|
|
14
47
|
class Statement
|
15
|
-
|
48
|
+
attr_reader :intelligence, :violations
|
16
49
|
|
17
50
|
def initialize(data)
|
18
51
|
@intelligence = Intelligence.new(data["intelligence"])
|
19
52
|
@violations = Violations.new(data["violations"])
|
20
53
|
end
|
54
|
+
|
55
|
+
def to_json(options)
|
56
|
+
return {
|
57
|
+
intelligence: @intelligence, violations: @violations
|
58
|
+
}.to_json
|
59
|
+
end
|
21
60
|
end
|
22
61
|
|
23
62
|
class Intelligence
|
24
|
-
|
25
|
-
|
26
|
-
|
63
|
+
attr_reader :statement_type, :sanitized_statement, :hashed_statement,
|
64
|
+
:has_comment, :comparison_types, :row_creates, :column_reads,
|
65
|
+
:column_updates, :row_deletes, :has_admin, :function_calls,
|
66
|
+
:joins, :unions, :subqueries
|
27
67
|
|
28
68
|
def initialize(data)
|
29
69
|
@statement_type = data["statement_type"]
|
70
|
+
@sanitized_statement = data["sanitized_statement"]
|
71
|
+
@hashed_statement = data["hashed_statement"]
|
72
|
+
@has_comment = data["has_comment"]
|
73
|
+
@comparison_types = ComparisonTypes.new(data["comparison_types"])
|
30
74
|
@row_creates = data["row_creates"].map {|el| Table.new(el)}
|
31
75
|
@column_reads = data["column_reads"].map {|el| Column.new(el)}
|
32
76
|
@column_updates = data["column_updates"].map {|el| Column.new(el)}
|
@@ -37,38 +81,87 @@ module Prevoty
|
|
37
81
|
@unions = data["unions"].map {|el| Table.new(el)}
|
38
82
|
@subqueries = data["subqueries"].map {|el| Table.new(el)}
|
39
83
|
end
|
84
|
+
|
85
|
+
def to_json(options)
|
86
|
+
return {
|
87
|
+
statement_type: @statement_type,
|
88
|
+
sanitized_statement: @sanitized_statement,
|
89
|
+
hashed_statement: @hashed_statement, has_comment: @has_comment,
|
90
|
+
comparison_types: @comparison_types, row_creates: @row_creates,
|
91
|
+
column_reads: @column_reads, column_upates: @column_updates,
|
92
|
+
row_deletes: @row_deletes, has_admin: @has_admin,
|
93
|
+
function_calls: @function_calls, joins: @joins, unions: @unions,
|
94
|
+
subqueries: @subqueries
|
95
|
+
}.to_json
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
class ComparisonTypes
|
100
|
+
attr_reader :contradiction, :dynamic, :static, :tautology
|
101
|
+
|
102
|
+
def initialize(data)
|
103
|
+
@contradiction = data["contradiction"]
|
104
|
+
@dynamic = data["dynamic"]
|
105
|
+
@static = data["static"]
|
106
|
+
@tautology = data["tautology"]
|
107
|
+
end
|
108
|
+
|
109
|
+
def to_json(options)
|
110
|
+
return {
|
111
|
+
contradiction: @contradiction, dynamic: @dynamic, static: @static,
|
112
|
+
tautology: @tautology
|
113
|
+
}.to_json
|
114
|
+
end
|
40
115
|
end
|
41
116
|
|
42
117
|
class Table
|
43
|
-
|
118
|
+
attr_reader :database, :table
|
44
119
|
|
45
120
|
def initialize(data)
|
46
121
|
@database = data["database"]
|
47
122
|
@table = data["table"]
|
48
123
|
end
|
124
|
+
|
125
|
+
def to_json(options)
|
126
|
+
return {
|
127
|
+
database: @database, table: @table
|
128
|
+
}.to_json
|
129
|
+
end
|
49
130
|
end
|
50
131
|
|
51
132
|
class Column
|
52
|
-
|
133
|
+
attr_reader :database, :table, :column
|
53
134
|
|
54
135
|
def initialize(data)
|
55
136
|
@database = data["database"]
|
56
137
|
@table = data["table"]
|
57
138
|
@column = data["column"]
|
58
139
|
end
|
140
|
+
|
141
|
+
def to_json(options)
|
142
|
+
return {
|
143
|
+
database: @database, table: @table, column: @column
|
144
|
+
}.to_json
|
145
|
+
end
|
59
146
|
end
|
60
147
|
|
61
148
|
class FunctionCall
|
62
|
-
|
149
|
+
attr_reader :name, :arguments
|
63
150
|
|
64
151
|
def initialize(data)
|
65
152
|
@name = data["name"]
|
66
153
|
@arguments = data["arguments"]
|
67
154
|
end
|
155
|
+
|
156
|
+
def to_json(options)
|
157
|
+
return {
|
158
|
+
name: @name, arguments: @arguments
|
159
|
+
}.to_json
|
160
|
+
end
|
68
161
|
end
|
69
162
|
|
70
163
|
class Violations
|
71
|
-
|
164
|
+
attr_reader :row_create_violations, :column_read_violations, :column_update_violations,
|
72
165
|
:row_delete_violation, :admin_violation, :union_violations, :join_violations,
|
73
166
|
:subquery_violations, :function_violations
|
74
167
|
|
@@ -83,5 +176,17 @@ module Prevoty
|
|
83
176
|
@subquery_violations = data["subquery_violations"].map {|el| Table.new(el)}
|
84
177
|
@function_violations = data["function_violations"].map {|el| FunctionCall.new(el)}
|
85
178
|
end
|
179
|
+
|
180
|
+
def to_json(options)
|
181
|
+
return {
|
182
|
+
row_create_violations: @row_create_violations,
|
183
|
+
column_read_violations: @column_read_violations,
|
184
|
+
column_update_violations: @column_update_violations,
|
185
|
+
row_delete_violations: @row_delete_violations,
|
186
|
+
admin_violation: @admin_violation, union_violation: @union_violation,
|
187
|
+
join_violations: @join_violations, subquery_violations: @subquery_violations,
|
188
|
+
function_violations: @function_violations
|
189
|
+
}.to_json
|
190
|
+
end
|
86
191
|
end
|
87
192
|
end
|
data/lib/prevoty/version.rb
CHANGED
data/prevoty.gemspec
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: prevoty
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Joe Rozner
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-08-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: httparty
|
@@ -66,6 +66,20 @@ dependencies:
|
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '0.10'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: yard
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0.8'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0.8'
|
69
83
|
description: Implementation of the Prevoty API
|
70
84
|
email:
|
71
85
|
- joe@prevoty.com
|
@@ -73,7 +87,6 @@ executables: []
|
|
73
87
|
extensions: []
|
74
88
|
extra_rdoc_files: []
|
75
89
|
files:
|
76
|
-
- ".gitignore"
|
77
90
|
- Gemfile
|
78
91
|
- LICENSE
|
79
92
|
- README.md
|
@@ -100,7 +113,6 @@ files:
|
|
100
113
|
- lib/prevoty/responses/hash_result.rb
|
101
114
|
- lib/prevoty/responses/input_validation.rb
|
102
115
|
- lib/prevoty/responses/monitor_content.rb
|
103
|
-
- lib/prevoty/responses/monitor_query.rb
|
104
116
|
- lib/prevoty/responses/query_analysis.rb
|
105
117
|
- lib/prevoty/responses/rsa_private_key.rb
|
106
118
|
- lib/prevoty/responses/rsa_public_key.rb
|
@@ -131,10 +143,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
131
143
|
version: '0'
|
132
144
|
requirements: []
|
133
145
|
rubyforge_project:
|
134
|
-
rubygems_version: 2.
|
146
|
+
rubygems_version: 2.5.1
|
135
147
|
signing_key:
|
136
148
|
specification_version: 4
|
137
149
|
summary: Pevoty API client for Ruby
|
138
150
|
test_files:
|
139
151
|
- test/specs/client_spec.rb
|
140
152
|
- test/test_helper.rb
|
153
|
+
has_rdoc:
|
data/.gitignore
DELETED
@@ -1,12 +0,0 @@
|
|
1
|
-
module Prevoty
|
2
|
-
class MonitorQuery
|
3
|
-
attr_accessor :version, :processed, :intelligence, :error
|
4
|
-
|
5
|
-
def initialize(data)
|
6
|
-
@version = data["version"]
|
7
|
-
@processed = data["processed"]
|
8
|
-
@intelligence = data["intel"].map {|statement| Intelligence.new(statement)}
|
9
|
-
@error = data["error"]
|
10
|
-
end
|
11
|
-
end
|
12
|
-
end
|