RubyGems - securenative - Versions diffs - 0.1.22 → 0.1.23 - Mend

securenative 0.1.22 → 0.1.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

data/out/production/securenative-ruby/models/user_traits.rb CHANGED

@@ -4,7 +4,7 @@ class UserTraits
   attr_reader :name, :email, :phone, :created_at
   attr_writer :name, :email, :phone, :created_at
-  def initialize(name = nil, email = nil, phone = nil, created_at = nil)
+  def initialize(name: nil, email: nil, phone: nil, created_at: nil)
     @name = name
     @email = email
     @created_at = created_at

data/out/production/securenative-ruby/models/verify_result.rb CHANGED

@@ -4,9 +4,13 @@ class VerifyResult
   attr_reader :risk_level, :score, :triggers
   attr_writer :risk_level, :score, :triggers
-  def initialize(risk_level = nil, score = nil, triggers = nil)
+  def initialize(risk_level: nil, score: nil, triggers: nil)
     @risk_level = risk_level
     @score = score
     @triggers = triggers
   end
+  def to_s
+    "risk_level: #{@risk_level}, score: #{@score}, triggers: #{@triggers}"
+  end
 end

data/out/production/securenative-ruby/securenative.rb CHANGED

@@ -8,7 +8,9 @@ require 'errors/securenative_sdk_Illegal_state_error'
 require 'errors/securenative_config_error'
 require 'enums/failover_strategy'
 require 'config/configuration_builder'
+require 'config/configuration_manager'
 require 'event_manager'
+require 'api_manager'
 class SecureNative
   attr_reader :options
@@ -60,16 +62,6 @@ class SecureNative
     @securenative
   end
-  def self.config_builder(api_key = nil, api_url = 'https://api.securenative.com/collector/api/v1', interval = 1000,
-                          max_events = 1000, timeout = 1500, auto_send = true, disable = false, log_level = 'FATAL',
-                          fail_over_strategy = FailOverStrategy::FAIL_OPEN)
-    ConfigurationBuilder.new(api_key, api_url, interval, max_events, timeout, auto_send, disable, log_level, fail_over_strategy)
-  end
-  def self.context_builder(client_token = nil, ip = nil, remote_ip = nil, headers = nil, url = nil, method = nil, body = nil)
-    ContextBuilder.new(client_token, ip, remote_ip, headers, url, method, body)
-  end
   def track(event_options)
     @api_manager.track(event_options)
   end

data/out/production/securenative-ruby/utils/date_utils.rb CHANGED

@@ -2,7 +2,7 @@
 class DateUtils
   def self.to_timestamp(date)
-    return Time.now.strftime('%Y-%m-%dT%H:%M:%S%Z') if date.nil?
+    return Time.now.utc.iso8601 if date.nil?
     Time.parse(date).iso8601
   end

data/out/production/securenative-ruby/utils/encryption_utils.rb CHANGED

@@ -1,35 +1,49 @@
 # frozen_string_literal: true
 require 'openssl'
+require 'digest'
+require 'base64'
+require 'models/client_token'
 class EncryptionUtils
-  BLOCK_SIZE = 16
-  KEY_SIZE = 32
-  def self.encrypt(text, cipher_key)
-    cipher = OpenSSL::Cipher::AES.new(KEY_SIZE, :CBC).encrypt
-    cipher.padding = 0
-    if text.size % BLOCK_SIZE != 0
-      return nil
+  def self.padding_key(key, length)
+    if key.length == length
+      key
+    else
+      if key.length > length
+        key.slice(0, length)
+      else
+        (length - key.length).times { key << '0' }
+        key
+      end
     end
-    cipher_key = Digest::SHA1.hexdigest cipher_key
-    cipher.key = cipher_key.slice(0, BLOCK_SIZE)
-    s = cipher.update(text) + cipher.final
-    s.unpack('H*')[0].upcase
   end
-  def self.decrypt(encrypted, cipher_key)
-    cipher = OpenSSL::Cipher::AES.new(KEY_SIZE, :CBC).decrypt
-    cipher.padding = 0
-    cipher_key = Digest::SHA1.hexdigest cipher_key
-    cipher.key = cipher_key.slice(0, BLOCK_SIZE)
-    s = [encrypted].pack('H*').unpack('C*').pack('c*')
+  def self.encrypt(plain_text, secret_key)
+    begin
+      cipher = OpenSSL::Cipher.new('aes-256-cbc')
+      cipher.encrypt
+      iv = cipher.random_iv
+      cipher.key = padding_key(secret_key, 32)
+      encrypted = cipher.update(plain_text) + cipher.final
+      (iv + encrypted).unpack1('H*')
+    rescue StandardError
+      ''
+    end
+  end
-    rv = cipher.update(s) + cipher.final
-    rv.strip
+  def self.decrypt(cipher_text, secret_key)
+    begin
+      cipher = OpenSSL::Cipher.new('aes-256-cbc')
+      cipher.decrypt
+      raw_data = [cipher_text].pack('H*')
+      cipher.iv = raw_data.slice(0, 16)
+      cipher.key = padding_key(secret_key, 32)
+      decrypted = JSON.parse(cipher.update(raw_data.slice(16, raw_data.length)) + cipher.final)
+      return ClientToken.new(decrypted['cid'], decrypted['vid'], decrypted['fp'])
+    rescue StandardError
+      ClientToken.new('', '','')
+    end
   end
 end

data/out/production/securenative-ruby/utils/request_utils.rb CHANGED

@@ -5,19 +5,65 @@ class RequestUtils
   SECURENATIVE_HEADER = 'x-securenative'
   def self.get_secure_header_from_request(headers)
-    return headers[RequestUtils.SECURENATIVE_HEADER] unless headers.nil?
+    begin
+      return headers[SECURENATIVE_HEADER] unless headers.nil?
+    rescue StandardError
+      []
+    end
     []
   end
-  def self.get_client_ip_from_request(request)
-    x_forwarded_for = request.env['HTTP_X_FORWARDED_FOR']
-    return x_forwarded_for unless x_forwarded_for.nil?
+  def self.get_client_ip_from_request(request, options = nil)
+    begin
+      return request.ip unless request.ip.nil?
+    rescue NoMethodError
+    end
+    begin
+      x_forwarded_for = request.env['HTTP_X_FORWARDED_FOR']
+      return x_forwarded_for unless x_forwarded_for.nil?
+    rescue NoMethodError
+      begin
+        x_forwarded_for = request['HTTP_X_FORWARDED_FOR']
+        return x_forwarded_for unless x_forwarded_for.nil?
+      rescue NoMethodError
+      end
+    end
+    begin
+      x_forwarded_for = request.env['REMOTE_ADDR']
+      return x_forwarded_for unless x_forwarded_for.nil?
+    rescue NoMethodError
+      begin
+        x_forwarded_for = request['REMOTE_ADDR']
+        return x_forwarded_for unless x_forwarded_for.nil?
+      rescue NoMethodError
+      end
+    end
+    unless options.nil?
+      for header in options.proxy_headers do
+        begin
+          h = request.env[header]
+          return h unless h.nil?
+        rescue NoMethodError
+          begin
+            h = request[header]
+            return h unless h.nil?
+          rescue NoMethodError
+          end
+        end
+      end
+    end
-    request.env['REMOTE_ADDR']
+    ''
   end
   def self.get_remote_ip_from_request(request)
-    request.remote_ip
+    begin
+      request.remote_ip
+    rescue NoMethodError
+      ''
+    end
   end
 end

data/out/production/securenative-ruby/utils/secure_native_logger.rb CHANGED

@@ -8,17 +8,17 @@ class SecureNativeLogger
   def self.init_logger(level = 'DEBUG')
     @logger.level = case level
                     when 'WARN'
-                      SecureNativeLogger::WARN
+                      Logger::WARN
                     when 'DEBUG'
-                      SecureNativeLogger::DEBUG
+                      Logger::DEBUG
                     when 'ERROR'
-                      SecureNativeLogger::ERROR
+                      Logger::ERROR
                     when 'FATAL'
-                      SecureNativeLogger::FATAL
+                      Logger::FATAL
                     when 'INFO'
-                      SecureNativeLogger::INFO
+                      Logger::INFO
                     else
-                      SecureNativeLogger::FATAL
+                      Logger::FATAL
                     end
     @logger.formatter = proc do |severity, datetime, progname, msg|

data/out/production/securenative-ruby/utils/version_utils.rb CHANGED

@@ -2,11 +2,10 @@
 class VersionUtils
   def self.version
-    path = 'VERSION'
-    file = File.open(path)
-    version = file.read
-    file.close
-    version
+    begin
+      Gem.loaded_specs['securenative'].version.to_s
+    rescue StandardError
+      'unknown'
+    end
   end
 end

data/out/test/securenative-ruby/spec_api_manager.rb CHANGED

@@ -2,45 +2,39 @@
 require 'api_manager'
 require 'webmock/rspec'
+require 'config/configuration_builder'
+require 'errors/securenative_invalid_options_error'
+require 'models/event_options'
+require 'models/verify_result'
+require 'models/user_traits'
+require 'enums/event_types'
+require 'enums/risk_level'
+require 'event_manager'
 require 'rspec'
 RSpec.describe ApiManager do
-  let(:context) do
-    ContextBuilder(ip: '127.0.0.1', client_token: 'SECURED_CLIENT_TOKEN',
-                   headers: { 'user-agent' => 'Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us)
-                   AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405' })
-  end
-  let(:event_options) do
-    EventOptions(event_type: EventTypes.LOG_IN, user_id: 'USER_ID',
-                 user_traits: UserTraits('USER_NAME', 'USER_EMAIL', '+1234567890'),
-                 properties: { prop1: 'CUSTOM_PARAM_VALUE', prop2: true, prop3: 3 }).build
-  end
   it 'tracks an event' do
     options = ConfigurationBuilder.new(api_key: 'YOUR_API_KEY', auto_send: true, interval: 10, api_url: 'https://api.securenative-stg.com/collector/api/v1')
-    expected = '{"eventType":"sn.user.login","userId":"USER_ID","userTraits":{' \
-                   '"name":"USER_NAME","email":"USER_EMAIL","phone":"+1234567890","createdAt":null},"request":{' \
-                   '"cid":null,"vid":null,"fp":null,"ip":"127.0.0.1","remoteIp":null,"headers":{' \
-                   '"user-agent":"Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) ' \
-                   'AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405"},"url":null,"method":null},' \
-                   '"properties":{"prop2":true,"prop1":"CUSTOM_PARAM_VALUE","prop3":3}}'
-    stub_request(:post, 'https://api.securenative-stg.com/collector/api/v1/track')
-      .with(body: JSON.parse(expected)).to_return(status: 200)
+    stub_request(:post, 'https://api.securenative-stg.com/collector/api/v1/track').to_return(status: 200)
     event_manager = EventManager.new(options)
     event_manager.start_event_persist
     api_manager = ApiManager.new(event_manager, options)
+    event_options = EventOptions.new(event: EventTypes::LOG_IN, user_id: 'USER_ID',
+                                     user_traits: UserTraits.new(name: 'USER_NAME', email: 'USER_EMAIL', phone: '+1234567890'),
+                                     properties: { prop1: 'CUSTOM_PARAM_VALUE', prop2: true, prop3: 3 })
     begin
-      api_manager.track(:event_options)
+      res = api_manager.track(event_options)
     ensure
       event_manager.stop_event_persist
     end
+    expect(res).to_not be_nil
   end
   it 'uses invalid options' do
-    options = ConfigurationBuilder(api_key: 'YOUR_API_KEY', auto_send: true, interval: 10, api_url: 'https://api.securenative-stg.com/collector/api/v1')
+    options = ConfigurationBuilder.new(api_key: 'YOUR_API_KEY', auto_send: true, interval: 10, api_url: 'https://api.securenative-stg.com/collector/api/v1')
     properties = {}
     (0..12).each do |i|
@@ -53,7 +47,7 @@ RSpec.describe ApiManager do
     api_manager = ApiManager.new(event_manager, options)
     begin
-      expect { api_manager.track(EventOptions(event_type: EventTypes.LOG_IN, properties: properties).build) }
+      expect { api_manager.track(EventOptions.new(event: EventTypes::LOG_IN, properties: properties)) }
         .to raise_error(SecureNativeInvalidOptionsError)
     ensure
       event_manager.stop_event_persist
@@ -61,21 +55,33 @@ RSpec.describe ApiManager do
   end
   it 'verifies an event' do
-    options = ConfigurationBuilder(api_key: 'YOUR_API_KEY', api_url: 'https://api.securenative-stg.com/collector/api/v1')
+    options = ConfigurationBuilder.new(api_key: 'YOUR_API_KEY', api_url: 'https://api.securenative-stg.com/collector/api/v1')
+    stub_request(:post, "https://api.securenative-stg.com/collector/api/v1/verify").
+        with(
+            headers: {
+                'Accept'=>'*/*',
+                'Accept-Encoding'=>'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
+                'Authorization'=>'YOUR_API_KEY',
+                'Content-Type'=>'application/json',
+                'Sn-Version'=>'0.1.22',
+                'User-Agent'=>'SecureNative-ruby'
+            }).
+        to_return(status: 200, body: "", headers: {})
-    stub_request(:post, 'https://api.securenative-stg.com/collector/api/v1/track')
-      .with(body: { riskLevel: 'medium', score: 0.32, triggers: ['New IP', 'New City'] }).to_return(status: 200)
-    verify_result = VerifyResult.new(RiskLevel.LOW, 0, nil)
     event_manager = EventManager.new(options)
     event_manager.start_event_persist
     api_manager = ApiManager.new(event_manager, options)
+    event_options = EventOptions.new(event: EventTypes::LOG_IN, user_id: 'USER_ID',
+                                     user_traits: UserTraits.new(name: 'USER_NAME', email: 'USER_EMAIL', phone: '+1234567890'),
+                                     properties: { prop1: 'CUSTOM_PARAM_VALUE', prop2: true, prop3: 3 })
-    result = api_manager.verify(:event_options)
+    result = api_manager.verify(event_options)
     expect(result).not_to be_nil
-    expect(result.risk_level).to eq(verify_result.risk_level)
-    expect(result.score).to eq(verify_result.score)
-    expect(result.triggers).to eq(verify_result.triggers)
+    expect(result.risk_level).to eq('low')
+    expect(result.score).to eq(0)
+    expect(result.triggers).to eq(nil)
   end
 end

data/out/test/securenative-ruby/spec_context_builder.rb CHANGED

@@ -2,61 +2,79 @@
 require 'context/securenative_context'
 require 'webmock/rspec'
+require 'rails'
+require 'hanami'
+require 'sinatra'
 require 'rspec'
 RSpec.describe SecureNativeContext do
-  it 'creates context from request' do
+  it 'creates context from ruby default request' do
     stub_request(:any, 'www.example.com')
-      .to_return(body: nil, status: 200,
-                 headers: { 'x-securenative': '71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a' },
-                 remote_ip: '', uri: 'www.securenative.com', http_method: 'Post', ip: '51.68.201.122',
-                 client_token: '71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a')
+      .to_return(status: 200,
+                 headers: { '_sn': '71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a' })
-    request = Net::HTTP.get('www.example.com', '/')
+    request = Net::HTTP.get_response('www.example.com', '/')
     context = SecureNativeContext.from_http_request(request)
-    expect(context.client_token).to eq('71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a')
-    expect(context.ip).to eq('51.68.201.122')
-    expect(context.http_method).to eq('Post')
-    expect(context.uri).to eq('www.securenative.com')
+    expect(context.ip).to eq('')
+    expect(context.http_method).to eq('')
+    expect(context.url).to eq('')
     expect(context.remote_ip).to eq('')
-    expect(context.headers).to eq({ 'x-securenative': '71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a' })
-    expect(context.body).to be_nil
+    expect(context.headers['-sn']).to eq(['71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a'])
+    expect(context.body).to eq('')
   end
-  it 'creates context from request with cookie' do
-    stub_request(:any, 'www.example.com')
-      .to_return(body: nil, status: 200,
-                 cookies: { '_sn': '71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a' },
-                 remote_ip: '', uri: 'www.securenative.com', http_method: 'Post', ip: '51.68.201.122',
-                 client_token: '71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a')
+  it 'creates context from rails request' do
+    request = ActionDispatch::Request.new(nil)
+    context = SecureNativeContext.from_http_request(request)
+    expect(context.ip).to eq('')
+    expect(context.http_method).to eq('')
+    expect(context.url).to eq('')
+    expect(context.remote_ip).to eq('')
+    expect(context.headers).to eq([])
+    expect(context.body).to eq('')
+  end
-    request = Net::HTTP.get('www.example.com', '/')
-    con = SecureNativeContext.from_http_request(request)
+  it 'creates context from sinatra request' do
+    request = Sinatra::Request.new(nil)
+    context = SecureNativeContext.from_http_request(request)
-    expect(con.context.client_token).to eq('71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a')
-    expect(con.context.ip).to eq('51.68.201.122')
-    expect(con.context.http_method).to eq('Post')
-    expect(con.context.uri).to eq('www.securenative.com')
-    expect(con.context.remote_ip).to eq('')
-    expect(con.context.body).to be_nil
+    expect(context.ip).to eq('')
+    expect(context.http_method).to eq('')
+    expect(context.url).to eq('')
+    expect(context.remote_ip).to eq('')
+    expect(context.headers).to eq([])
+    expect(context.body).to eq('')
+  end
+  it 'creates context from hanami request' do
+    request = Hanami::Action::Request
+    context = SecureNativeContext.from_http_request(request)
+    expect(context.ip).to eq('')
+    expect(context.http_method).to eq('')
+    expect(context.url).to eq('')
+    expect(context.remote_ip).to eq('')
+    expect(context.headers).to eq([])
+    expect(context.body).to eq('')
   end
   it 'creates default context builder' do
     context = SecureNativeContext.default_context_builder
-    expect(context.client_token).to be_nil
-    expect(context.ip).to be_nil
-    expect(context.http_method).to be_nil
-    expect(context.url).to be_nil
-    expect(context.remote_ip).to be_nil
+    expect(context.client_token).to eq('')
+    expect(context.ip).to eq('')
+    expect(context.http_method).to eq('')
+    expect(context.url).to eq('')
+    expect(context.remote_ip).to eq('')
     expect(context.headers).to be_nil
-    expect(context.body).to be_nil
+    expect(context.body).to eq('')
   end
   it 'creates custom context with context builder' do
-    context = SecureNativeContext.new('SECRET_TOKEN', '10.0.0.0', '10.0.0.0',
-                                      { 'header' => 'value1' }, '/some-url', 'Get', nil)
+    context = SecureNativeContext.new(client_token: 'SECRET_TOKEN', ip: '10.0.0.0', remote_ip: '10.0.0.0',
+                                      headers: { 'header' => 'value1' }, url: '/some-url', http_method: 'Get', body: nil)
     expect(context.url).to eq('/some-url')
     expect(context.client_token).to eq('SECRET_TOKEN')