securenative 0.1.20 → 0.1.26

data/lib/securenative/utils/secure_native_logger.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'logger'
+
+module SecureNative
+  class SecureNativeLogger
+    @logger = Logger.new(STDOUT)
+
+    def self.init_logger(level = 'DEBUG')
+      @logger.level = case level
+                      when 'WARN'
+                        Logger::WARN
+                      when 'DEBUG'
+                        Logger::DEBUG
+                      when 'ERROR'
+                        Logger::ERROR
+                      when 'FATAL'
+                        Logger::FATAL
+                      when 'INFO'
+                        Logger::INFO
+                      else
+                        Logger::FATAL
+                      end
+
+      @logger.formatter = proc do |severity, datetime, progname, msg|
+        "[#{datetime}] #{severity}  (#{progname}): #{msg}\n"
+      end
+    end
+
+    def self.info(msg)
+      @logger.info(msg)
+    end
+
+    def self.debug(msg)
+      @logger.debug(msg)
+    end
+
+    def self.warning(msg)
+      @logger.warning(msg)
+    end
+
+    def self.error(msg)
+      @logger.error(msg)
+    end
+  end
+end

data/lib/securenative/utils/signature_utils.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module SecureNative
+  class SignatureUtils
+    SIGNATURE_HEADER = 'x-securenative'
+
+    def self.valid_signature?(api_key, payload, header_signature)
+      key = api_key.encode('utf-8')
+      body = payload.encode('utf-8')
+      calculated_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha512'), key, body)
+      calculated_signature.eql? header_signature
+    rescue StandardError
+      false
+    end
+  end
+end

data/lib/securenative/utils/utils.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module SecureNative
+  class Utils
+    def self.null_or_empty?(string)
+      return true if !string || string.empty? || string.nil?
+
+      false
+    end
+  end
+end

data/lib/securenative/utils/version_utils.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module SecureNative
+  class VersionUtils
+    def self.version
+      begin
+        Gem.loaded_specs['securenative'].version.to_s
+      rescue StandardError
+        'unknown'
+      end
+    end
+  end
+end

data/out/production/securenative-ruby/api_manager.rb

@@ -1,5 +1,10 @@
 # frozen_string_literal: true
 
+require 'models/sdk_event'
+require 'enums/failover_strategy'
+require 'enums/risk_level'
+require 'enums/api_route'
+require 'models/verify_result'
 require 'json'
 
 class ApiManager
@@ -19,13 +24,16 @@ class ApiManager
     event = SDKEvent.new(event_options, @options)
 
     begin
-      res = JSON.parse(@event_manager.send_sync(event, ApiRoute::VERIFY, false))
-      return VerifyResult.new(res['riskLevel'], res['score'], res['triggers'])
+      res = @event_manager.send_sync(event, ApiRoute::VERIFY, false)
+      ver_result = JSON.parse(res.body)
+      return VerifyResult.new(risk_level: ver_result['riskLevel'], score: ver_result['score'], triggers: ver_result['triggers'])
     rescue StandardError => e
-      SecureNativeLogger.debug('Failed to call verify; {}'.format(e))
+      SecureNativeLogger.debug("Failed to call verify; #{e}")
+    end
+    if @options.fail_over_strategy == FailOverStrategy::FAIL_OPEN
+      return VerifyResult.new(risk_level: RiskLevel::LOW, score: 0, triggers: nil)
     end
-    return VerifyResult.new(RiskLevel::LOW, 0, nil) if @options.fail_over_strategy == FailOverStrategy::FAIL_OPEN
 
-    VerifyResult.new(RiskLevel::HIGH, 1, nil)
+    VerifyResult.new(risk_level: RiskLevel::HIGH, score: 1, triggers: nil)
   end
 end

data/out/production/securenative-ruby/config/configuration_builder.rb

@@ -3,12 +3,12 @@
 require 'enums/failover_strategy'
 
 class ConfigurationBuilder
-  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
-  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
+  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
+  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
 
-  def initialize(api_key = nil, api_url = 'https://api.securenative.com/collector/api/v1', interval = 1000,
-                 max_events = 1000, timeout = 1500, auto_send = true, disable = false, log_level = 'FATAL',
-                 fail_over_strategy = FailOverStrategy::FAIL_OPEN)
+  def initialize(api_key: nil, api_url: 'https://api.securenative.com/collector/api/v1', interval: 1000,
+                 max_events: 1000, timeout: 1500, auto_send: true, disable: false, log_level: 'FATAL',
+                 fail_over_strategy: FailOverStrategy::FAIL_OPEN, proxy_headers: [])
     @api_key = api_key
     @api_url = api_url
     @interval = interval
@@ -18,10 +18,7 @@ class ConfigurationBuilder
     @disable = disable
     @log_level = log_level
     @fail_over_strategy = fail_over_strategy
-  end
-
-  def self.default_config_builder
-    ConfigurationBuilder.new
+    @proxy_headers = proxy_headers
   end
 
   def self.default_securenative_options

data/out/production/securenative-ruby/config/configuration_manager.rb

@@ -1,21 +1,21 @@
 # frozen_string_literal: true
 
-require 'parseconfig'
+require 'yaml'
+require 'config/configuration_builder'
 
 class ConfigurationManager
-  DEFAULT_CONFIG_FILE = 'securenative.cfg'
-  CUSTOM_CONFIG_FILE_ENV_NAME = 'SECURENATIVE_COMFIG_FILE'
+  DEFAULT_CONFIG_FILE = 'securenative.yml'
+  CUSTOM_CONFIG_FILE_ENV_NAME = 'SECURENATIVE_CONFIG_FILE'
   @config = nil
 
   def self.read_resource_file(resource_path)
-    @config = ParseConfig.new(resource_path)
-
     properties = {}
-    @config.get_groups.each { |group|
-      group.each do |key, value|
-        properties[key.upcase] = value
-      end
-    }
+    begin
+      @config = YAML.load_file(resource_path)
+      properties = @config unless @config.nil?
+    rescue StandardError => e
+      SecureNativeLogger.error("Could not parse config file #{resource_path}; #{e}")
+    end
     properties
   end
 
@@ -24,32 +24,33 @@ class ConfigurationManager
   end
 
   def self.config_builder
-    ConfigurationBuilder.default_config_builder
+    ConfigurationBuilder.new
   end
 
   def self._get_env_or_default(properties, key, default)
-    return Env[key] if Env[key]
+    return ENV[key] if ENV[key]
     return properties[key] if properties[key]
 
     default
   end
 
   def self.load_config
-    options = ConfigurationBuilder().default_securenative_options
+    options = ConfigurationBuilder.default_securenative_options
 
     resource_path = DEFAULT_CONFIG_FILE
-    resource_path = Env[CUSTOM_CONFIG_FILE_ENV_NAME] if Env[CUSTOM_CONFIG_FILE_ENV_NAME]
+    resource_path = ENV[CUSTOM_CONFIG_FILE_ENV_NAME] unless ENV[CUSTOM_CONFIG_FILE_ENV_NAME].nil?
 
     properties = read_resource_file(resource_path)
 
-    ConfigurationBuilder(_get_env_or_default(properties, 'SECURENATIVE_API_KEY', options.api_key),
-                         _get_env_or_default(properties, 'SECURENATIVE_API_URL', options.api_url),
-                         _get_env_or_default(properties, 'SECURENATIVE_INTERVAL', options.interval),
-                         _get_env_or_default(properties, 'SECURENATIVE_MAX_EVENTS', options.max_events),
-                         _get_env_or_default(properties, 'SECURENATIVE_TIMEOUT', options.timeout),
-                         _get_env_or_default(properties, 'SECURENATIVE_AUTO_SEND', options.auto_send),
-                         _get_env_or_default(properties, 'SECURENATIVE_DISABLE', options.disable),
-                         _get_env_or_default(properties, 'SECURENATIVE_LOG_LEVEL', options.log_level),
-                         _get_env_or_default(properties, 'SECURENATIVE_FAILOVER_STRATEGY', options.fail_over_strategy))
+    ConfigurationBuilder.new(api_key: _get_env_or_default(properties, 'SECURENATIVE_API_KEY', options.api_key),
+                             api_url: _get_env_or_default(properties, 'SECURENATIVE_API_URL', options.api_url),
+                             interval: _get_env_or_default(properties, 'SECURENATIVE_INTERVAL', options.interval),
+                             max_events: _get_env_or_default(properties, 'SECURENATIVE_MAX_EVENTS', options.max_events),
+                             timeout: _get_env_or_default(properties, 'SECURENATIVE_TIMEOUT', options.timeout),
+                             auto_send: _get_env_or_default(properties, 'SECURENATIVE_AUTO_SEND', options.auto_send),
+                             disable: _get_env_or_default(properties, 'SECURENATIVE_DISABLE', options.disable),
+                             log_level: _get_env_or_default(properties, 'SECURENATIVE_LOG_LEVEL', options.log_level),
+                             fail_over_strategy: _get_env_or_default(properties, 'SECURENATIVE_FAILOVER_STRATEGY', options.fail_over_strategy),
+                             proxy_headers: _get_env_or_default(properties, 'SECURENATIVE_PROXY_HEADERS', options.proxy_headers))
   end
 end

data/out/production/securenative-ruby/config/securenative_options.rb

@@ -1,12 +1,14 @@
 # frozen_string_literal: true
 
+require 'enums/failover_strategy'
+
 class SecureNativeOptions
-  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
-  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
+  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
+  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
 
-  def initialize(api_key = nil, api_url = "https://api.securenative.com/collector/api/v1", interval = 1000,
-                 max_events = 1000, timeout = 1500, auto_send = true, disable = false, log_level = "FATAL",
-                 fail_over_strategy = FailOverStrategy::FAIL_OPEN)
+  def initialize(api_key: nil, api_url: "https://api.securenative.com/collector/api/v1", interval: 1000,
+                 max_events: 1000, timeout: 1500, auto_send: true, disable: false, log_level: "FATAL",
+                 fail_over_strategy: FailOverStrategy::FAIL_OPEN, proxy_headers: [])
     @api_key = api_key
     @api_url = api_url
     @interval = interval
@@ -16,5 +18,6 @@ class SecureNativeOptions
     @disable = disable
     @log_level = log_level
     @fail_over_strategy = fail_over_strategy
+    @proxy_headers = proxy_headers
   end
 end

data/{lib → out/production/securenative-ruby}/context/hanami_context.rb

@@ -1,11 +1,17 @@
 # frozen_string_literal: true
 
 class HanamiContext
+  SECURENATIVE_COOKIE = '_sn'
+
   def self.get_client_token(request)
     begin
       request.env[SECURENATIVE_COOKIE]
     rescue StandardError
-      nil
+      begin
+        request.cookies[SECURENATIVE_COOKIE]
+      rescue StandardError
+        nil
+      end
     end
   end
 
@@ -27,7 +33,8 @@ class HanamiContext
 
   def self.get_headers(request)
     begin
-      request.headers.to_hash
+      # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
+      { 'user-agent' => request.env['HTTP_USER_AGENT'] }
     rescue StandardError
       nil
     end

data/{lib → out/production/securenative-ruby}/context/rails_context.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class RailsContext
+  SECURENATIVE_COOKIE = '_sn'
+
   def self.get_client_token(request)
     begin
       request.cookies[SECURENATIVE_COOKIE]
@@ -33,7 +35,8 @@ class RailsContext
 
   def self.get_headers(request)
     begin
-      request.headers.to_hash
+      # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
+      { 'user-agent' => request.env['HTTP_USER_AGENT'] }
     rescue StandardError
       nil
     end

data/out/production/securenative-ruby/context/securenative_context.rb

@@ -1,10 +1,18 @@
 # frozen_string_literal: true
 
+require 'utils/request_utils'
+require 'utils/utils'
+require 'context/rails_context'
+require 'context/hanami_context'
+require 'context/sinatra_context'
+
 class SecureNativeContext
   attr_reader :client_token, :ip, :remote_ip, :headers, :url, :http_method, :body
   attr_writer :client_token, :ip, :remote_ip, :headers, :url, :http_method, :body
 
-  def initialize(client_token = nil, ip = nil, remote_ip = nil, headers = nil, url = nil, http_method = nil, body = nil)
+  SECURENATIVE_COOKIE = '_sn'
+
+  def initialize(client_token: '', ip: '', remote_ip: '', headers: nil, url: '', http_method: '', body: '')
     @client_token = client_token
     @ip = ip
     @remote_ip = remote_ip
@@ -19,22 +27,41 @@ class SecureNativeContext
   end
 
   def self.from_http_request(request)
+    client_token = RailsContext.get_client_token(request)
+    client_token = SinatraContext.get_client_token(request) if client_token.nil?
+    client_token = HanamiContext.get_client_token(request) if client_token.nil?
+
     begin
-      client_token = request.cookies[RequestUtils.SECURENATIVE_COOKIE]
+      headers = RailsContext.get_headers(request)
+      headers = SinatraContext.get_headers(request) if headers.nil?
+      headers = HanamiContext.get_headers(request) if headers.nil?
+
+      # Standard Ruby request
+      headers = request.header.to_hash if headers.nil?
     rescue StandardError
-      client_token = nil
+      headers = []
     end
 
+    url = RailsContext.get_url(request)
+    url = SinatraContext.get_url(request) if url.nil?
+    url = HanamiContext.get_url(request) if url.nil?
+    url = '' if url.nil?
+
+    method = RailsContext.get_method(request)
+    method = SinatraContext.get_method(request) if method.nil?
+    method = HanamiContext.get_method(request) if method.nil?
+    method = '' if method.nil?
+
     begin
-      headers = request.headers
+      body = request.body.to_s
     rescue StandardError
-      headers = nil
+      body = ''
     end
 
     client_token = RequestUtils.get_secure_header_from_request(headers) if Utils.null_or_empty?(client_token)
 
-    SecureNativeContext.new(url: request.url, method: request.http_method, header: headers, client_token: client_token,
-                            client_ip: RequestUtils.get_client_ip_from_request(request),
-                            remote_ip: RequestUtils.get_remote_ip_from_request(request), body: nil)
+    SecureNativeContext.new(client_token: client_token, ip: RequestUtils.get_client_ip_from_request(request),
+                            remote_ip: RequestUtils.get_remote_ip_from_request(request),
+                            headers: headers, url: url, http_method: method || '', body: body)
   end
 end

data/{lib → out/production/securenative-ruby}/context/sinatra_context.rb

@@ -1,17 +1,23 @@
 # frozen_string_literal: true
 
 class SinatraContext
+  SECURENATIVE_COOKIE = '_sn'
+
   def self.get_client_token(request)
     begin
       request.env[SECURENATIVE_COOKIE]
     rescue StandardError
-      nil
+      begin
+        request.cookies[SECURENATIVE_COOKIE]
+      rescue StandardError
+        nil
+      end
     end
   end
 
   def self.get_url(request)
     begin
-      request.url
+      request.env['REQUEST_URI']
     rescue StandardError
       nil
     end
@@ -19,7 +25,7 @@ class SinatraContext
 
   def self.get_method(request)
     begin
-      request.method
+      request.env['REQUEST_METHOD']
     rescue StandardError
       nil
     end
@@ -27,7 +33,8 @@ class SinatraContext
 
   def self.get_headers(request)
     begin
-      request.headers.to_hash
+      # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
+      { 'user-agent' => request.env['HTTP_USER_AGENT'] }
     rescue StandardError
       nil
     end

data/out/production/securenative-ruby/event_manager.rb

@@ -4,6 +4,7 @@ require 'utils/secure_native_logger'
 require 'config/securenative_options'
 require 'http/securenative_http_client'
 require 'errors/securenative_sdk_error'
+require 'errors/securenative_http_error'
 
 class QueueItem
   attr_reader :url, :body, :retry_sending
@@ -36,7 +37,7 @@ class EventManager
     @attempt = 0
     @coefficients = [1, 1, 2, 3, 5, 8, 13]
 
-    @thread = Thread.new {run}
+    @thread = Thread.new { run }
   end
 
   def send_async(event, resource_path)
@@ -45,7 +46,7 @@ class EventManager
       return
     end
 
-    item = QueueItem(resource_path, JSON.parse(EventManager.serialize(event)), false)
+    item = QueueItem.new(resource_path, EventManager.serialize(event).to_json, false)
     @queue.append(item)
   end
 
@@ -62,11 +63,11 @@ class EventManager
     end
 
     SecureNativeLogger.debug("Attempting to send event #{event}")
-    res = @http_client.post(resource_path, JSON.parse(EventManager.serialize(event)))
+    res = @http_client.post(resource_path, EventManager.serialize(event).to_json)
 
-    if res.status_code != 200
-      SecureNativeLogger.info('SecureNative failed to call endpoint {} with event {}. adding back to queue'.format(resource_path, event))
-      item = QueueItem(resource_path, JSON.parse(EventManager.serialize(event)), retry_sending)
+    if res.nil? || res.code != '200'
+      SecureNativeLogger.info("SecureNative failed to call endpoint #{resource_path} with event #{event}. adding back to queue")
+      item = QueueItem.new(resource_path, EventManager.serialize(event).to_json, retry_sending)
       @queue.append(item)
     end
 
@@ -81,20 +82,20 @@ class EventManager
         @queue.each do |item|
           begin
             res = @http_client.post(item.url, item.body)
-            if res.status_code == 401
+            if res.code == '401'
               item.retry_sending = false
-            elsif res.status_code != 200
+            elsif res.code != '200'
               raise SecureNativeHttpError, res.status_code
             end
-            SecureNativeLogger.debug('Event successfully sent; {}'.format(item.body))
+            SecureNativeLogger.debug("Event successfully sent; #{item.body}")
             return res
           rescue StandardError => e
-            SecureNativeLogger.error('Failed to send event; {}'.format(e))
+            SecureNativeLogger.error("Failed to send event; #{e}")
             if item.retry_sending
               @attempt = 0 if @coefficients.length == @attempt + 1
 
               back_off = @coefficients[@attempt] * @options.interval
-              SecureNativeLogger.debug('Automatic back-off of {}'.format(back_off))
+              SecureNativeLogger.debug("Automatic back-off of #{back_off}")
               @send_enabled = false
               sleep back_off
               @send_enabled = true
@@ -120,10 +121,10 @@ class EventManager
       SecureNativeLogger.debug('Attempting to stop automatic event persistence')
       begin
         flush
-        @thread&.stop
+        @thread&.stop?
         SecureNativeLogger.debug('Stopped event persistence')
       rescue StandardError => e
-        SecureNativeLogger.error('Could not stop event scheduler; {}'.format(e))
+        SecureNativeLogger.error("Could not stop event scheduler; #{e}")
       end
     end
   end
@@ -145,7 +146,7 @@ class EventManager
         fp: obj.request.fp,
         ip: obj.request.ip,
         remoteIp: obj.request.remote_ip,
-        http_method: obj.request.http_method,
+        method: obj.request.http_method || '',
         url: obj.request.url,
         headers: obj.request.headers
       },