relintio-agent 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: fc636bfe2c42e5e87e3df93f66d2512b3f53f380d63b1df784d7f7cc649c2999
4
+ data.tar.gz: 89ec48b720d353cc1944914041c102c603757c58ffb084a22d8fd657f67ae0fa
5
+ SHA512:
6
+ metadata.gz: 70642ee2f9483290076edbb8c851e0ceae26ab2d2cd0048d7f0b4eff61cc52b2b1c5afdf60691ed19b1baf2853b3d4eaea1861184458a803056ab8eb6113d1d6
7
+ data.tar.gz: ce5658d1fc8a76bb4eb13db5ef3335fc888fb8011be4baa8dd056b404cc9bc73de0381b795e7bd72a498daa5a2de50df11425ae72e74ebc8fb527f113dd1f11d
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Relintio
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,73 @@
1
+ # Relintio WAF Protection Agent SDK (Ruby)
2
+
3
+ Official Ruby WAF integration for Rack-based web frameworks (Sinatra, Rails, Hanami).
4
+
5
+ ## Installation
6
+
7
+ Add the gem to your application's Gemfile:
8
+
9
+ ```ruby
10
+ gem 'relintio-agent', github: 'Relintio/relintio-ruby-agent'
11
+ ```
12
+
13
+ And then execute:
14
+ ```bash
15
+ bundle install
16
+ ```
17
+
18
+ ## Features
19
+
20
+ - **Rule Cache Sync:** Periodically syncs active rules in a thread-safe background thread.
21
+ - **WAF Check Engine:** Instant threat analysis against local cached rules.
22
+ - **Rack Middleware:** Standard Rack integration supporting all major Ruby web frameworks.
23
+ - **Telemetry Loop:** Non-blocking telemetry reporting back to the Relintio console.
24
+
25
+ ## Quickstart
26
+
27
+ ### Sinatra Integration
28
+
29
+ ```ruby
30
+ # config.ru
31
+ require 'sinatra'
32
+ require 'relintio-agent'
33
+
34
+ class App < Sinatra::Base
35
+ get '/' do
36
+ "Protected App"
37
+ end
38
+ end
39
+
40
+ # Initialize Relintio Agent
41
+ agent = Relintio::Agent.new(
42
+ license_key: "YOUR_LICENSE_KEY",
43
+ api_url: "https://api.relintio.com/api"
44
+ )
45
+ agent.start_sync
46
+
47
+ # Register Relintio Middleware
48
+ use Relintio::Middleware, agent
49
+
50
+ run App
51
+ ```
52
+
53
+ ### Rails Integration
54
+
55
+ Add the middleware in your Rails configuration:
56
+
57
+ ```ruby
58
+ # config/application.rb
59
+ module YourApp
60
+ class Application < Rails::Application
61
+ # Initialize Relintio Agent
62
+ config.after_initialize do
63
+ $relintio_agent = Relintio::Agent.new(
64
+ license_key: ENV['RELINTIO_LICENSE_KEY'] || 'YOUR_LICENSE_KEY'
65
+ )
66
+ $relintio_agent.start_sync
67
+ end
68
+
69
+ # Register Rack Middleware
70
+ config.middleware.use Relintio::Middleware, -> { $relintio_agent }
71
+ end
72
+ end
73
+ ```
@@ -0,0 +1,41 @@
1
+ require 'rack'
2
+
3
+ module Relintio
4
+ class Middleware
5
+ def initialize(app, agent)
6
+ @app = app
7
+ @agent = agent
8
+ end
9
+
10
+ def call(env)
11
+ request = Rack::Request.new(env)
12
+
13
+ # Skip security check for internal challenge routes
14
+ if request.path_info == "/_relintio/challenge" || request.path_info == "/_relintio/verify"
15
+ return @app.call(env)
16
+ end
17
+
18
+ res = @agent.check_request(request)
19
+ @agent.send_telemetry(request, res)
20
+
21
+ if res[:action] == "block"
22
+ return [403, { 'Content-Type' => 'text/html' }, [
23
+ `<!DOCTYPE html><html><head><title>Access Denied</title><style>body{background:#000;color:#fff;font-family:sans-serif;padding:50px;text-align:center;}</style></head><body><h1>403 Forbidden</h1><p>Request blocked by Relintio WAF protection.</p></body></html>`
24
+ ]]
25
+ end
26
+
27
+ if res[:action] == "challenge"
28
+ challenge_url = "/_relintio/challenge?ref=#{URI.encode_www_form_component(request.path_info)}"
29
+ return [403, {
30
+ 'Content-Type' => 'text/html',
31
+ 'X-Relintio-Action' => 'challenge',
32
+ 'X-Relintio-Challenge-URL' => challenge_url
33
+ }, [
34
+ `<!DOCTYPE html><html><head><title>Security Challenge</title></head><body><script>window.location.href="#{challenge_url}";</script></body></html>`
35
+ ]]
36
+ end
37
+
38
+ @app.call(env)
39
+ end
40
+ end
41
+ end
@@ -0,0 +1,138 @@
1
+ require 'net/http'
2
+ require 'json'
3
+ require 'uri'
4
+ require 'thread'
5
+
6
+ module Relintio
7
+ class Agent
8
+ attr_reader :config, :rules
9
+
10
+ def initialize(config = {})
11
+ @config = {
12
+ license_key: config[:license_key],
13
+ api_url: config[:api_url] || "https://api.relintio.com/api",
14
+ sync_interval: config[:sync_interval] || 60
15
+ }
16
+ @rules = []
17
+ @rules_mutex = Mutex.new
18
+ @client = Net::HTTP
19
+ end
20
+
21
+ def start_sync
22
+ Thread.new do
23
+ loop do
24
+ sync_rules
25
+ sleep @config[:sync_interval]
26
+ end
27
+ end
28
+ end
29
+
30
+ def sync_rules
31
+ begin
32
+ uri = URI.parse("#{@config[:api_url].chomp('/')}/rules/sync")
33
+ req = Net::HTTP::Get.new(uri)
34
+ req['Authorization'] = "Bearer #{@config[:license_key]}"
35
+ req['Content-Type'] = 'application/json'
36
+
37
+ http = Net::HTTP.new(uri.host, uri.port)
38
+ http.use_ssl = (uri.scheme == 'https')
39
+ http.read_timeout = 10
40
+
41
+ res = http.request(req)
42
+ if res.code == '200'
43
+ data = JSON.parse(res.body)
44
+ @rules_mutex.synchronize do
45
+ @rules = data['rules'] || []
46
+ end
47
+ end
48
+ rescue => e
49
+ # Fail-open: ignore errors during sync
50
+ end
51
+ end
52
+
53
+ def check_request(request)
54
+ @rules_mutex.synchronize do
55
+ ip = request.ip
56
+ user_agent = request.user_agent || ""
57
+ path = request.path_info
58
+
59
+ score = 0
60
+ action = "allow"
61
+
62
+ @rules.each do |rule|
63
+ matched = false
64
+ case rule['type']
65
+ when 'ip'
66
+ matched = match_value(ip, rule['pattern'], rule['condition'])
67
+ when 'user_agent'
68
+ matched = match_value(user_agent, rule['pattern'], rule['condition'])
69
+ when 'path'
70
+ matched = match_value(path, rule['pattern'], rule['condition'])
71
+ end
72
+
73
+ if matched
74
+ score += (rule['score'] || 0)
75
+ if rule['action'] == "block"
76
+ action = "block"
77
+ elsif rule['action'] == "challenge" && action != "block"
78
+ action = "challenge"
79
+ end
80
+ end
81
+ end
82
+
83
+ if score >= 100
84
+ action = "block"
85
+ elsif score >= 50 && action != "block"
86
+ action = "challenge"
87
+ end
88
+
89
+ { score: score, action: action }
90
+ end
91
+ end
92
+
93
+ def send_telemetry(request, result)
94
+ Thread.new do
95
+ begin
96
+ uri = URI.parse("#{@config[:api_url].chomp('/')}/telemetry/log")
97
+ req = Net::HTTP::Post.new(uri)
98
+ req['Authorization'] = "Bearer #{@config[:license_key]}"
99
+ req['Content-Type'] = 'application/json'
100
+
101
+ payload = {
102
+ ip: request.ip,
103
+ user_agent: request.user_agent || "",
104
+ path: request.path_info,
105
+ score: result[:score],
106
+ action: result[:action],
107
+ timestamp: Time.now.to_i
108
+ }
109
+
110
+ req.body = payload.to_json
111
+
112
+ http = Net::HTTP.new(uri.host, uri.port)
113
+ http.use_ssl = (uri.scheme == 'https')
114
+ http.read_timeout = 10
115
+ http.request(req)
116
+ rescue
117
+ # Fail-open
118
+ end
119
+ end
120
+ end
121
+
122
+ private
123
+
124
+ def match_value(val, pattern, condition)
125
+ return false if val.nil? || pattern.nil?
126
+ case condition
127
+ when 'equals'
128
+ val == pattern
129
+ when 'contains'
130
+ val.downcase.include?(pattern.downcase)
131
+ else
132
+ val.downcase.include?(pattern.downcase)
133
+ end
134
+ end
135
+ end
136
+ end
137
+
138
+ require_relative 'relintio/middleware'
metadata ADDED
@@ -0,0 +1,59 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: relintio-agent
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Relintio Operations
8
+ bindir: bin
9
+ cert_chain: []
10
+ date: 1980-01-02 00:00:00.000000000 Z
11
+ dependencies:
12
+ - !ruby/object:Gem::Dependency
13
+ name: rack
14
+ requirement: !ruby/object:Gem::Requirement
15
+ requirements:
16
+ - - ">="
17
+ - !ruby/object:Gem::Version
18
+ version: '2.0'
19
+ type: :runtime
20
+ prerelease: false
21
+ version_requirements: !ruby/object:Gem::Requirement
22
+ requirements:
23
+ - - ">="
24
+ - !ruby/object:Gem::Version
25
+ version: '2.0'
26
+ description: Intercepts and protects Rack-based Ruby web applications (Rails, Sinatra)
27
+ using the Relintio WAF rules synchronizer.
28
+ email:
29
+ - operations@relintio.com
30
+ executables: []
31
+ extensions: []
32
+ extra_rdoc_files: []
33
+ files:
34
+ - LICENSE
35
+ - README.md
36
+ - lib/relintio-agent.rb
37
+ - lib/relintio/middleware.rb
38
+ homepage: https://github.com/Relintio/relintio-ruby-agent
39
+ licenses:
40
+ - MIT
41
+ metadata: {}
42
+ rdoc_options: []
43
+ require_paths:
44
+ - lib
45
+ required_ruby_version: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - ">="
48
+ - !ruby/object:Gem::Version
49
+ version: 3.0.0
50
+ required_rubygems_version: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ requirements: []
56
+ rubygems_version: 3.6.9
57
+ specification_version: 4
58
+ summary: Official Ruby WAF protection agent SDK for Relintio.
59
+ test_files: []