securenative 0.1.17 → 0.1.23

data/lib/{securenative/logger.rb → utils/secure_native_logger.rb}

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 require 'logger'
 
-class Logger
+class SecureNativeLogger
   @logger = Logger.new(STDOUT)
 
-  def self.init_logger(level)
+  def self.init_logger(level = 'DEBUG')
     @logger.level = case level
                     when 'WARN'
                       Logger::WARN
@@ -39,4 +41,4 @@ class Logger
   def self.error(msg)
     @logger.error(msg)
   end
-end
+end

data/lib/{securenative/utils → utils}/signature_utils.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 require 'openssl'
 
 class SignatureUtils
-  SIGNATURE_HEADER = 'x-securenative'.freeze
+  SIGNATURE_HEADER = 'x-securenative'
 
   def self.valid_signature?(api_key, payload, header_signature)
     key = api_key.encode('utf-8')
@@ -11,4 +13,4 @@ class SignatureUtils
   rescue StandardError
     false
   end
-end
+end

data/lib/utils/utils.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class Utils
+  def self.null_or_empty?(string)
+    return true if !string || string.empty? || string.nil?
+
+    false
+  end
+end

data/lib/utils/version_utils.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+class VersionUtils
+  def self.version
+    begin
+      Gem.loaded_specs['securenative'].version.to_s
+    rescue StandardError
+      'unknown'
+    end
+  end
+end

data/out/production/securenative-ruby/api_manager.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'models/sdk_event'
+require 'enums/failover_strategy'
+require 'enums/risk_level'
+require 'enums/api_route'
+require 'models/verify_result'
+require 'json'
+
+class ApiManager
+  def initialize(event_manager, securenative_options)
+    @event_manager = event_manager
+    @options = securenative_options
+  end
+
+  def track(event_options)
+    SecureNativeLogger.debug('Track event call')
+    event = SDKEvent.new(event_options, @options)
+    @event_manager.send_async(event, ApiRoute::TRACK)
+  end
+
+  def verify(event_options)
+    SecureNativeLogger.debug('Verify event call')
+    event = SDKEvent.new(event_options, @options)
+
+    begin
+      res = @event_manager.send_sync(event, ApiRoute::VERIFY, false)
+      ver_result = JSON.parse(res.body)
+      return VerifyResult.new(risk_level: ver_result['riskLevel'], score: ver_result['score'], triggers: ver_result['triggers'])
+    rescue StandardError => e
+      SecureNativeLogger.debug("Failed to call verify; #{e}")
+    end
+    if @options.fail_over_strategy == FailOverStrategy::FAIL_OPEN
+      return VerifyResult.new(risk_level: RiskLevel::LOW, score: 0, triggers: nil)
+    end
+
+    VerifyResult.new(risk_level: RiskLevel::HIGH, score: 1, triggers: nil)
+  end
+end

data/out/production/securenative-ruby/config/configuration_builder.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'enums/failover_strategy'
+
+class ConfigurationBuilder
+  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
+  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
+
+  def initialize(api_key: nil, api_url: 'https://api.securenative.com/collector/api/v1', interval: 1000,
+                 max_events: 1000, timeout: 1500, auto_send: true, disable: false, log_level: 'FATAL',
+                 fail_over_strategy: FailOverStrategy::FAIL_OPEN, proxy_headers: [])
+    @api_key = api_key
+    @api_url = api_url
+    @interval = interval
+    @max_events = max_events
+    @timeout = timeout
+    @auto_send = auto_send
+    @disable = disable
+    @log_level = log_level
+    @fail_over_strategy = fail_over_strategy
+    @proxy_headers = proxy_headers
+  end
+
+  def self.default_securenative_options
+    SecureNativeOptions.new
+  end
+end

data/out/production/securenative-ruby/config/configuration_manager.rb

@@ -0,0 +1,56 @@
+# frozen_string_literal: true
+
+require 'yaml'
+require 'config/configuration_builder'
+
+class ConfigurationManager
+  DEFAULT_CONFIG_FILE = 'securenative.yml'
+  CUSTOM_CONFIG_FILE_ENV_NAME = 'SECURENATIVE_CONFIG_FILE'
+  @config = nil
+
+  def self.read_resource_file(resource_path)
+    properties = {}
+    begin
+      @config = YAML.load_file(resource_path)
+      properties = @config unless @config.nil?
+    rescue StandardError => e
+      SecureNativeLogger.error("Could not parse config file #{resource_path}; #{e}")
+    end
+    properties
+  end
+
+  def self._get_resource_path(env_name)
+    Env.fetch(env_name, ENV[DEFAULT_CONFIG_FILE])
+  end
+
+  def self.config_builder
+    ConfigurationBuilder.new
+  end
+
+  def self._get_env_or_default(properties, key, default)
+    return ENV[key] if ENV[key]
+    return properties[key] if properties[key]
+
+    default
+  end
+
+  def self.load_config
+    options = ConfigurationBuilder.default_securenative_options
+
+    resource_path = DEFAULT_CONFIG_FILE
+    resource_path = ENV[CUSTOM_CONFIG_FILE_ENV_NAME] unless ENV[CUSTOM_CONFIG_FILE_ENV_NAME].nil?
+
+    properties = read_resource_file(resource_path)
+
+    ConfigurationBuilder.new(api_key: _get_env_or_default(properties, 'SECURENATIVE_API_KEY', options.api_key),
+                             api_url: _get_env_or_default(properties, 'SECURENATIVE_API_URL', options.api_url),
+                             interval: _get_env_or_default(properties, 'SECURENATIVE_INTERVAL', options.interval),
+                             max_events: _get_env_or_default(properties, 'SECURENATIVE_MAX_EVENTS', options.max_events),
+                             timeout: _get_env_or_default(properties, 'SECURENATIVE_TIMEOUT', options.timeout),
+                             auto_send: _get_env_or_default(properties, 'SECURENATIVE_AUTO_SEND', options.auto_send),
+                             disable: _get_env_or_default(properties, 'SECURENATIVE_DISABLE', options.disable),
+                             log_level: _get_env_or_default(properties, 'SECURENATIVE_LOG_LEVEL', options.log_level),
+                             fail_over_strategy: _get_env_or_default(properties, 'SECURENATIVE_FAILOVER_STRATEGY', options.fail_over_strategy),
+                             proxy_headers: _get_env_or_default(properties, 'SECURENATIVE_PROXY_HEADERS', options.proxy_headers))
+  end
+end

data/out/production/securenative-ruby/config/securenative_options.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'enums/failover_strategy'
+
+class SecureNativeOptions
+  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
+  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
+
+  def initialize(api_key: nil, api_url: "https://api.securenative.com/collector/api/v1", interval: 1000,
+                 max_events: 1000, timeout: 1500, auto_send: true, disable: false, log_level: "FATAL",
+                 fail_over_strategy: FailOverStrategy::FAIL_OPEN, proxy_headers: [])
+    @api_key = api_key
+    @api_url = api_url
+    @interval = interval
+    @max_events = max_events
+    @timeout = timeout
+    @auto_send = auto_send
+    @disable = disable
+    @log_level = log_level
+    @fail_over_strategy = fail_over_strategy
+    @proxy_headers = proxy_headers
+  end
+end

data/out/production/securenative-ruby/context/hanami_context.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+class HanamiContext
+  SECURENATIVE_COOKIE = '_sn'
+
+  def self.get_client_token(request)
+    begin
+      request.env[SECURENATIVE_COOKIE]
+    rescue StandardError
+      begin
+        request.cookies[SECURENATIVE_COOKIE]
+      rescue StandardError
+        nil
+      end
+    end
+  end
+
+  def self.get_url(request)
+    begin
+      request.env['REQUEST_PATH']
+    rescue StandardError
+      nil
+    end
+  end
+
+  def self.get_method(request)
+    begin
+      request.request_method
+    rescue StandardError
+      nil
+    end
+  end
+
+  def self.get_headers(request)
+    begin
+      # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
+      { 'user-agent' => request.env['HTTP_USER_AGENT'] }
+    rescue StandardError
+      nil
+    end
+  end
+end

data/out/production/securenative-ruby/context/rails_context.rb

@@ -0,0 +1,44 @@
+# frozen_string_literal: true
+
+class RailsContext
+  SECURENATIVE_COOKIE = '_sn'
+
+  def self.get_client_token(request)
+    begin
+      request.cookies[SECURENATIVE_COOKIE]
+    rescue StandardError
+      nil
+    end
+  end
+
+  def self.get_url(request)
+    begin
+      # Rails >= 3.x
+      request.fullpath
+    rescue StandardError
+      begin
+        # Rails < 3.x & Sinatra
+        request.url if url.nil?
+      rescue StandardError
+        nil
+      end
+    end
+  end
+
+  def self.get_method(request)
+    begin
+      request.method
+    rescue StandardError
+      nil
+    end
+  end
+
+  def self.get_headers(request)
+    begin
+      # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
+      { 'user-agent' => request.env['HTTP_USER_AGENT'] }
+    rescue StandardError
+      nil
+    end
+  end
+end

data/out/production/securenative-ruby/context/securenative_context.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+require 'utils/request_utils'
+require 'utils/utils'
+require 'context/rails_context'
+require 'context/hanami_context'
+require 'context/sinatra_context'
+
+class SecureNativeContext
+  attr_reader :client_token, :ip, :remote_ip, :headers, :url, :http_method, :body
+  attr_writer :client_token, :ip, :remote_ip, :headers, :url, :http_method, :body
+
+  SECURENATIVE_COOKIE = '_sn'
+
+  def initialize(client_token: '', ip: '', remote_ip: '', headers: nil, url: '', http_method: '', body: '')
+    @client_token = client_token
+    @ip = ip
+    @remote_ip = remote_ip
+    @headers = headers
+    @url = url
+    @http_method = http_method
+    @body = body
+  end
+
+  def self.default_context_builder
+    SecureNativeContext.new
+  end
+
+  def self.from_http_request(request)
+    client_token = RailsContext.get_client_token(request)
+    client_token = SinatraContext.get_client_token(request) if client_token.nil?
+    client_token = HanamiContext.get_client_token(request) if client_token.nil?
+
+    begin
+      headers = RailsContext.get_headers(request)
+      headers = SinatraContext.get_headers(request) if headers.nil?
+      headers = HanamiContext.get_headers(request) if headers.nil?
+
+      # Standard Ruby request
+      headers = request.header.to_hash if headers.nil?
+    rescue StandardError
+      headers = []
+    end
+
+    url = RailsContext.get_url(request)
+    url = SinatraContext.get_url(request) if url.nil?
+    url = HanamiContext.get_url(request) if url.nil?
+    url = '' if url.nil?
+
+    method = RailsContext.get_method(request)
+    method = SinatraContext.get_method(request) if method.nil?
+    method = HanamiContext.get_method(request) if method.nil?
+    method = '' if method.nil?
+
+    begin
+      body = request.body.to_s
+    rescue StandardError
+      body = ''
+    end
+
+    client_token = RequestUtils.get_secure_header_from_request(headers) if Utils.null_or_empty?(client_token)
+
+    SecureNativeContext.new(client_token: client_token, ip: RequestUtils.get_client_ip_from_request(request),
+                            remote_ip: RequestUtils.get_remote_ip_from_request(request),
+                            headers: headers, url: url, http_method: method || '', body: body)
+  end
+end

data/out/production/securenative-ruby/context/sinatra_context.rb

@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+class SinatraContext
+  SECURENATIVE_COOKIE = '_sn'
+
+  def self.get_client_token(request)
+    begin
+      request.env[SECURENATIVE_COOKIE]
+    rescue StandardError
+      begin
+        request.cookies[SECURENATIVE_COOKIE]
+      rescue StandardError
+        nil
+      end
+    end
+  end
+
+  def self.get_url(request)
+    begin
+      request.env['REQUEST_URI']
+    rescue StandardError
+      nil
+    end
+  end
+
+  def self.get_method(request)
+    begin
+      request.env['REQUEST_METHOD']
+    rescue StandardError
+      nil
+    end
+  end
+
+  def self.get_headers(request)
+    begin
+      # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
+      { 'user-agent' => request.env['HTTP_USER_AGENT'] }
+    rescue StandardError
+      nil
+    end
+  end
+end

data/out/production/securenative-ruby/enums/api_route.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module ApiRoute
+  TRACK = 'track'
+  VERIFY = 'verify'
+end

data/out/production/securenative-ruby/enums/event_types.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module EventTypes
+  LOG_IN = 'sn.user.login'
+  LOG_IN_CHALLENGE = 'sn.user.login.challenge'
+  LOG_IN_FAILURE = 'sn.user.login.failure'
+  LOG_OUT = 'sn.user.logout'
+  SIGN_UP = 'sn.user.signup'
+  AUTH_CHALLENGE = 'sn.user.auth.challenge'
+  AUTH_CHALLENGE_SUCCESS = 'sn.user.auth.challenge.success'
+  AUTH_CHALLENGE_FAILURE = 'sn.user.auth.challenge.failure'
+  TWO_FACTOR_DISABLE = 'sn.user.2fa.disable'
+  EMAIL_UPDATE = 'sn.user.email.update'
+  PASSWORD_REST = 'sn.user.password.reset'
+  PASSWORD_REST_SUCCESS = 'sn.user.password.reset.success'
+  PASSWORD_UPDATE = 'sn.user.password.update'
+  PASSWORD_REST_FAILURE = 'sn.user.password.reset.failure'
+  USER_INVITE = 'sn.user.invite'
+  ROLE_UPDATE = 'sn.user.role.update'
+  PROFILE_UPDATE = 'sn.user.profile.update'
+  PAGE_VIEW = 'sn.user.page.view'
+  VERIFY = 'sn.verify'
+end

data/out/production/securenative-ruby/enums/failover_strategy.rb

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+
+module FailOverStrategy
+  FAIL_OPEN = 'fail-open'
+  FAIL_CLOSED = 'fail-closed'
+end