securenative 0.1.31 → 0.1.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +53 -53
  3. data/README.md +1 -1
  4. data/lib/securenative/api_manager.rb +8 -2
  5. data/lib/securenative/context.rb +2 -2
  6. data/lib/securenative/event_manager.rb +1 -1
  7. data/lib/securenative/frameworks/hanami.rb +5 -2
  8. data/lib/securenative/frameworks/rails.rb +5 -2
  9. data/lib/securenative/frameworks/sinatra.rb +5 -2
  10. data/lib/securenative/http_client.rb +1 -1
  11. data/lib/securenative/utils/request_utils.rb +10 -5
  12. data/lib/securenative/version.rb +1 -1
  13. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e936efafd72a5c0c1a5014d6649b6fafff6494a117a7dcd04090f031971cc5af
4
- data.tar.gz: db9ba27daf67f22e6764632d944a24039b617b71a4364a7180ef792b9e631ee6
3
+ metadata.gz: '011925ba26bc507a1b13b835a1ed500ab6dfed5fa25bac41536182ffcff9d70b'
4
+ data.tar.gz: 65b86aa2ab265bf3ccb65f56534f55fcd9124b191bbd6b361eacd6c13064a730
5
5
  SHA512:
6
- metadata.gz: f1009b1d827f473ea051b0e9bfd406508c8e6e9019009c3cb1b43a6aee6d1c551c41dfd1956d9a45e0f2f52eea633a9f183c3327cb93eb7a94c6357570d5c1a6
7
- data.tar.gz: 843dd129a073f551ce5878fc788809b3611e98769cb4723ff2563176016be7a26f7190ff0a8d20bc513420dfe067943bf16e7efd52ce1ba51a13e98b203293e6
6
+ metadata.gz: b7c19b0f05ab873a9066431db238043a452b12620fc1a8d2e8cabb179d59eebd671d719cfac2a6b0d7592c2bbc2b462c0b7fa598548bcf6e01a779d412904c60
7
+ data.tar.gz: 43e0c8215def3fd13acbcc77ec7030b5fe70f9a000e328dbfab44f50a3a28da913aaaa7fa5092e8ca8ad19aaa71cab5e7620c3d21a92bf33a24135c2e9ac0e05
data/Gemfile.lock CHANGED
@@ -1,61 +1,61 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- securenative (0.1.31)
4
+ securenative (0.1.36)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
8
8
  specs:
9
- actioncable (6.0.3.3)
10
- actionpack (= 6.0.3.3)
9
+ actioncable (6.0.3.4)
10
+ actionpack (= 6.0.3.4)
11
11
  nio4r (~> 2.0)
12
12
  websocket-driver (>= 0.6.1)
13
- actionmailbox (6.0.3.3)
14
- actionpack (= 6.0.3.3)
15
- activejob (= 6.0.3.3)
16
- activerecord (= 6.0.3.3)
17
- activestorage (= 6.0.3.3)
18
- activesupport (= 6.0.3.3)
13
+ actionmailbox (6.0.3.4)
14
+ actionpack (= 6.0.3.4)
15
+ activejob (= 6.0.3.4)
16
+ activerecord (= 6.0.3.4)
17
+ activestorage (= 6.0.3.4)
18
+ activesupport (= 6.0.3.4)
19
19
  mail (>= 2.7.1)
20
- actionmailer (6.0.3.3)
21
- actionpack (= 6.0.3.3)
22
- actionview (= 6.0.3.3)
23
- activejob (= 6.0.3.3)
20
+ actionmailer (6.0.3.4)
21
+ actionpack (= 6.0.3.4)
22
+ actionview (= 6.0.3.4)
23
+ activejob (= 6.0.3.4)
24
24
  mail (~> 2.5, >= 2.5.4)
25
25
  rails-dom-testing (~> 2.0)
26
- actionpack (6.0.3.3)
27
- actionview (= 6.0.3.3)
28
- activesupport (= 6.0.3.3)
26
+ actionpack (6.0.3.4)
27
+ actionview (= 6.0.3.4)
28
+ activesupport (= 6.0.3.4)
29
29
  rack (~> 2.0, >= 2.0.8)
30
30
  rack-test (>= 0.6.3)
31
31
  rails-dom-testing (~> 2.0)
32
32
  rails-html-sanitizer (~> 1.0, >= 1.2.0)
33
- actiontext (6.0.3.3)
34
- actionpack (= 6.0.3.3)
35
- activerecord (= 6.0.3.3)
36
- activestorage (= 6.0.3.3)
37
- activesupport (= 6.0.3.3)
33
+ actiontext (6.0.3.4)
34
+ actionpack (= 6.0.3.4)
35
+ activerecord (= 6.0.3.4)
36
+ activestorage (= 6.0.3.4)
37
+ activesupport (= 6.0.3.4)
38
38
  nokogiri (>= 1.8.5)
39
- actionview (6.0.3.3)
40
- activesupport (= 6.0.3.3)
39
+ actionview (6.0.3.4)
40
+ activesupport (= 6.0.3.4)
41
41
  builder (~> 3.1)
42
42
  erubi (~> 1.4)
43
43
  rails-dom-testing (~> 2.0)
44
44
  rails-html-sanitizer (~> 1.1, >= 1.2.0)
45
- activejob (6.0.3.3)
46
- activesupport (= 6.0.3.3)
45
+ activejob (6.0.3.4)
46
+ activesupport (= 6.0.3.4)
47
47
  globalid (>= 0.3.6)
48
- activemodel (6.0.3.3)
49
- activesupport (= 6.0.3.3)
50
- activerecord (6.0.3.3)
51
- activemodel (= 6.0.3.3)
52
- activesupport (= 6.0.3.3)
53
- activestorage (6.0.3.3)
54
- actionpack (= 6.0.3.3)
55
- activejob (= 6.0.3.3)
56
- activerecord (= 6.0.3.3)
48
+ activemodel (6.0.3.4)
49
+ activesupport (= 6.0.3.4)
50
+ activerecord (6.0.3.4)
51
+ activemodel (= 6.0.3.4)
52
+ activesupport (= 6.0.3.4)
53
+ activestorage (6.0.3.4)
54
+ actionpack (= 6.0.3.4)
55
+ activejob (= 6.0.3.4)
56
+ activerecord (= 6.0.3.4)
57
57
  marcel (~> 0.3.1)
58
- activesupport (6.0.3.3)
58
+ activesupport (6.0.3.4)
59
59
  concurrent-ruby (~> 1.0, >= 1.0.2)
60
60
  i18n (>= 0.7, < 2)
61
61
  minitest (~> 5.1)
@@ -64,7 +64,7 @@ GEM
64
64
  addressable (2.7.0)
65
65
  public_suffix (>= 2.0.2, < 5.0)
66
66
  builder (3.2.4)
67
- codecov (0.2.11)
67
+ codecov (0.2.12)
68
68
  json
69
69
  simplecov
70
70
  concurrent-ruby (1.1.7)
@@ -177,29 +177,29 @@ GEM
177
177
  rack
178
178
  rack-test (1.1.0)
179
179
  rack (>= 1.0, < 3)
180
- rails (6.0.3.3)
181
- actioncable (= 6.0.3.3)
182
- actionmailbox (= 6.0.3.3)
183
- actionmailer (= 6.0.3.3)
184
- actionpack (= 6.0.3.3)
185
- actiontext (= 6.0.3.3)
186
- actionview (= 6.0.3.3)
187
- activejob (= 6.0.3.3)
188
- activemodel (= 6.0.3.3)
189
- activerecord (= 6.0.3.3)
190
- activestorage (= 6.0.3.3)
191
- activesupport (= 6.0.3.3)
180
+ rails (6.0.3.4)
181
+ actioncable (= 6.0.3.4)
182
+ actionmailbox (= 6.0.3.4)
183
+ actionmailer (= 6.0.3.4)
184
+ actionpack (= 6.0.3.4)
185
+ actiontext (= 6.0.3.4)
186
+ actionview (= 6.0.3.4)
187
+ activejob (= 6.0.3.4)
188
+ activemodel (= 6.0.3.4)
189
+ activerecord (= 6.0.3.4)
190
+ activestorage (= 6.0.3.4)
191
+ activesupport (= 6.0.3.4)
192
192
  bundler (>= 1.3.0)
193
- railties (= 6.0.3.3)
193
+ railties (= 6.0.3.4)
194
194
  sprockets-rails (>= 2.0.0)
195
195
  rails-dom-testing (2.0.3)
196
196
  activesupport (>= 4.2.0)
197
197
  nokogiri (>= 1.6)
198
198
  rails-html-sanitizer (1.3.0)
199
199
  loofah (~> 2.3)
200
- railties (6.0.3.3)
201
- actionpack (= 6.0.3.3)
202
- activesupport (= 6.0.3.3)
200
+ railties (6.0.3.4)
201
+ actionpack (= 6.0.3.4)
202
+ activesupport (= 6.0.3.4)
203
203
  method_source
204
204
  rake (>= 0.8.7)
205
205
  thor (>= 0.20.3, < 2.0)
@@ -242,7 +242,7 @@ GEM
242
242
  thread_safe (~> 0.1)
243
243
  url_mount (0.2.1)
244
244
  rack
245
- webmock (3.9.1)
245
+ webmock (3.9.2)
246
246
  addressable (>= 2.3.6)
247
247
  crack (>= 0.3.2)
248
248
  hashdiff (>= 0.4.0, < 2.0.0)
data/README.md CHANGED
@@ -176,7 +176,7 @@ SECURENATIVE_API_KEY: dsbe27fh3437r2yd326fg3fdg36f43
176
176
  SECURENATIVE_PROXY_HEADERS: ["CF-Connecting-IP"]
177
177
  ```
178
178
 
179
- Initialize sdk as showed above.
179
+ Initialize sdk as shown above.
180
180
 
181
181
  ### Options 2: Using ConfigurationBuilder
182
182
 
data/lib/securenative/api_manager.rb CHANGED
@@ -20,15 +20,21 @@ module SecureNative
20
20
  begin
21
21
  res = @event_manager.send_sync(event, SecureNative::Enums::ApiRoute::VERIFY)
22
22
  ver_result = JSON.parse(res.body)
23
+ if res.code != "200"
24
+ if @options.fail_over_strategy == SecureNative::FailOverStrategy::FAIL_OPEN
25
+ return SecureNative::VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::LOW, score: 0, triggers: [])
26
+ end
27
+ return VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::HIGH, score: 1, triggers: [])
28
+ end
23
29
  return VerifyResult.new(risk_level: ver_result['riskLevel'], score: ver_result['score'], triggers: ver_result['triggers'])
24
30
  rescue StandardError => e
25
31
  SecureNative::Log.debug("Failed to call verify; #{e}")
26
32
  end
27
33
  if @options.fail_over_strategy == SecureNative::FailOverStrategy::FAIL_OPEN
28
- return SecureNative::VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::LOW, score: 0, triggers: nil)
34
+ return SecureNative::VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::LOW, score: 0, triggers: [])
29
35
  end
30
36
 
31
- VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::HIGH, score: 1, triggers: nil)
37
+ VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::HIGH, score: 1, triggers: [])
32
38
  end
33
39
  end
34
40
  end
data/lib/securenative/context.rb CHANGED
@@ -34,7 +34,7 @@ module SecureNative
34
34
  # Standard Ruby request
35
35
  headers = request.header.to_hash if headers.nil?
36
36
  rescue StandardError
37
- headers = []
37
+ headers = {}
38
38
  end
39
39
 
40
40
  url = SecureNative::Frameworks::Rails.get_url(request)
@@ -54,7 +54,7 @@ module SecureNative
54
54
  end
55
55
 
56
56
  if SecureNative::Utils::Utils.null_or_empty?(client_token)
57
- client_token = SecureNative::Utils::RequestUtils.get_secure_header_from_request(headers)
57
+ client_token = SecureNative::Utils::RequestUtils.get_secure_header_from_request(request.headers)
58
58
  end
59
59
 
60
60
  SecureNative::Context.new(client_token: client_token, ip: SecureNative::Utils::RequestUtils.get_client_ip_from_request(request, options),
data/lib/securenative/event_manager.rb CHANGED
@@ -62,7 +62,7 @@ class EventManager
62
62
  res = @http_client.post(resource_path, EventManager.serialize(event).to_json)
63
63
 
64
64
  if res.nil? || res.code != '200'
65
- SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}. adding back to queue")
65
+ SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}")
66
66
  end
67
67
 
68
68
  res
data/lib/securenative/frameworks/hanami.rb CHANGED
@@ -35,8 +35,11 @@ module SecureNative
35
35
 
36
36
  def self.get_headers(request)
37
37
  begin
38
- # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
39
- { 'user-agent' => request.env['HTTP_USER_AGENT'] }
38
+ headers = {}
39
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
40
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
41
+ }
42
+ return headers
40
43
  rescue StandardError
41
44
  nil
42
45
  end
data/lib/securenative/frameworks/rails.rb CHANGED
@@ -37,8 +37,11 @@ module SecureNative
37
37
 
38
38
  def self.get_headers(request)
39
39
  begin
40
- # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
41
- {'user-agent' => request.env['HTTP_USER_AGENT']}
40
+ headers = {}
41
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
42
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
43
+ }
44
+ return headers
42
45
  rescue StandardError
43
46
  nil
44
47
  end
data/lib/securenative/frameworks/sinatra.rb CHANGED
@@ -35,8 +35,11 @@ module SecureNative
35
35
 
36
36
  def self.get_headers(request)
37
37
  begin
38
- # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
39
- {'user-agent' => request.env['HTTP_USER_AGENT']}
38
+ headers = {}
39
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
40
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
41
+ }
42
+ return headers
40
43
  rescue StandardError
41
44
  nil
42
45
  end
data/lib/securenative/http_client.rb CHANGED
@@ -27,7 +27,7 @@ module SecureNative
27
27
  headers = _headers
28
28
 
29
29
  client = Net::HTTP.new(uri.host, uri.port)
30
- client.read_timeout = @options.timeout
30
+ client.read_timeout = @options.timeout / 1000
31
31
  client.use_ssl = true
32
32
  client.verify_mode = OpenSSL::SSL::VERIFY_NONE
33
33
 
data/lib/securenative/utils/request_utils.rb CHANGED
@@ -17,25 +17,26 @@ module SecureNative
17
17
  end
18
18
 
19
19
  def self.get_client_ip_from_request(request, options)
20
- unless options.nil?
21
- for header in options.proxy_headers do
20
+ unless options.proxy_headers.nil?
21
+ options.proxy_headers.each { |header|
22
22
  begin
23
23
  h = request.env[header]
24
- unless !h.nil?
24
+ if h.nil?
25
25
  h = request.env[self.parse_ip(header)]
26
26
  end
27
27
  return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
28
28
  rescue NoMethodError
29
29
  begin
30
30
  h = request[header]
31
- unless !h.nil?
31
+ if h.nil?
32
32
  h = request.env[self.parse_ip(header)]
33
33
  end
34
34
  return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
35
35
  rescue NoMethodError
36
+ # Ignored
36
37
  end
37
38
  end
38
- end
39
+ }
39
40
  end
40
41
 
41
42
  begin
@@ -46,6 +47,7 @@ module SecureNative
46
47
  x_forwarded_for = request['HTTP_X_FORWARDED_FOR']
47
48
  return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
48
49
  rescue NoMethodError
50
+ # Ignored
49
51
  end
50
52
  end
51
53
 
@@ -57,6 +59,7 @@ module SecureNative
57
59
  x_forwarded_for = request['HTTP_X_REAL_IP']
58
60
  return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
59
61
  rescue NoMethodError
62
+ # Ignored
60
63
  end
61
64
  end
62
65
 
@@ -68,12 +71,14 @@ module SecureNative
68
71
  x_forwarded_for = request['REMOTE_ADDR']
69
72
  return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
70
73
  rescue NoMethodError
74
+ # Ignored
71
75
  end
72
76
  end
73
77
 
74
78
  begin
75
79
  return request.ip unless request.ip.nil?
76
80
  rescue NoMethodError
81
+ # Ignored
77
82
  end
78
83
 
79
84
  ''
data/lib/securenative/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module SecureNative
4
- VERSION = '0.1.31'
4
+ VERSION = '0.1.36'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: securenative
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.31
4
+ version: 0.1.36
5
5
  platform: ruby
6
6
  authors:
7
7
  - SecureNative
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-10-04 00:00:00.000000000 Z
11
+ date: 2020-10-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler