securenative 0.1.31 → 0.1.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +53 -53
- data/README.md +1 -1
- data/lib/securenative/api_manager.rb +8 -2
- data/lib/securenative/context.rb +2 -2
- data/lib/securenative/event_manager.rb +1 -1
- data/lib/securenative/frameworks/hanami.rb +5 -2
- data/lib/securenative/frameworks/rails.rb +5 -2
- data/lib/securenative/frameworks/sinatra.rb +5 -2
- data/lib/securenative/http_client.rb +1 -1
- data/lib/securenative/utils/request_utils.rb +10 -5
- data/lib/securenative/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '011925ba26bc507a1b13b835a1ed500ab6dfed5fa25bac41536182ffcff9d70b'
|
4
|
+
data.tar.gz: 65b86aa2ab265bf3ccb65f56534f55fcd9124b191bbd6b361eacd6c13064a730
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b7c19b0f05ab873a9066431db238043a452b12620fc1a8d2e8cabb179d59eebd671d719cfac2a6b0d7592c2bbc2b462c0b7fa598548bcf6e01a779d412904c60
|
7
|
+
data.tar.gz: 43e0c8215def3fd13acbcc77ec7030b5fe70f9a000e328dbfab44f50a3a28da913aaaa7fa5092e8ca8ad19aaa71cab5e7620c3d21a92bf33a24135c2e9ac0e05
|
data/Gemfile.lock
CHANGED
@@ -1,61 +1,61 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
securenative (0.1.
|
4
|
+
securenative (0.1.36)
|
5
5
|
|
6
6
|
GEM
|
7
7
|
remote: https://rubygems.org/
|
8
8
|
specs:
|
9
|
-
actioncable (6.0.3.
|
10
|
-
actionpack (= 6.0.3.
|
9
|
+
actioncable (6.0.3.4)
|
10
|
+
actionpack (= 6.0.3.4)
|
11
11
|
nio4r (~> 2.0)
|
12
12
|
websocket-driver (>= 0.6.1)
|
13
|
-
actionmailbox (6.0.3.
|
14
|
-
actionpack (= 6.0.3.
|
15
|
-
activejob (= 6.0.3.
|
16
|
-
activerecord (= 6.0.3.
|
17
|
-
activestorage (= 6.0.3.
|
18
|
-
activesupport (= 6.0.3.
|
13
|
+
actionmailbox (6.0.3.4)
|
14
|
+
actionpack (= 6.0.3.4)
|
15
|
+
activejob (= 6.0.3.4)
|
16
|
+
activerecord (= 6.0.3.4)
|
17
|
+
activestorage (= 6.0.3.4)
|
18
|
+
activesupport (= 6.0.3.4)
|
19
19
|
mail (>= 2.7.1)
|
20
|
-
actionmailer (6.0.3.
|
21
|
-
actionpack (= 6.0.3.
|
22
|
-
actionview (= 6.0.3.
|
23
|
-
activejob (= 6.0.3.
|
20
|
+
actionmailer (6.0.3.4)
|
21
|
+
actionpack (= 6.0.3.4)
|
22
|
+
actionview (= 6.0.3.4)
|
23
|
+
activejob (= 6.0.3.4)
|
24
24
|
mail (~> 2.5, >= 2.5.4)
|
25
25
|
rails-dom-testing (~> 2.0)
|
26
|
-
actionpack (6.0.3.
|
27
|
-
actionview (= 6.0.3.
|
28
|
-
activesupport (= 6.0.3.
|
26
|
+
actionpack (6.0.3.4)
|
27
|
+
actionview (= 6.0.3.4)
|
28
|
+
activesupport (= 6.0.3.4)
|
29
29
|
rack (~> 2.0, >= 2.0.8)
|
30
30
|
rack-test (>= 0.6.3)
|
31
31
|
rails-dom-testing (~> 2.0)
|
32
32
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
33
|
-
actiontext (6.0.3.
|
34
|
-
actionpack (= 6.0.3.
|
35
|
-
activerecord (= 6.0.3.
|
36
|
-
activestorage (= 6.0.3.
|
37
|
-
activesupport (= 6.0.3.
|
33
|
+
actiontext (6.0.3.4)
|
34
|
+
actionpack (= 6.0.3.4)
|
35
|
+
activerecord (= 6.0.3.4)
|
36
|
+
activestorage (= 6.0.3.4)
|
37
|
+
activesupport (= 6.0.3.4)
|
38
38
|
nokogiri (>= 1.8.5)
|
39
|
-
actionview (6.0.3.
|
40
|
-
activesupport (= 6.0.3.
|
39
|
+
actionview (6.0.3.4)
|
40
|
+
activesupport (= 6.0.3.4)
|
41
41
|
builder (~> 3.1)
|
42
42
|
erubi (~> 1.4)
|
43
43
|
rails-dom-testing (~> 2.0)
|
44
44
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
45
|
-
activejob (6.0.3.
|
46
|
-
activesupport (= 6.0.3.
|
45
|
+
activejob (6.0.3.4)
|
46
|
+
activesupport (= 6.0.3.4)
|
47
47
|
globalid (>= 0.3.6)
|
48
|
-
activemodel (6.0.3.
|
49
|
-
activesupport (= 6.0.3.
|
50
|
-
activerecord (6.0.3.
|
51
|
-
activemodel (= 6.0.3.
|
52
|
-
activesupport (= 6.0.3.
|
53
|
-
activestorage (6.0.3.
|
54
|
-
actionpack (= 6.0.3.
|
55
|
-
activejob (= 6.0.3.
|
56
|
-
activerecord (= 6.0.3.
|
48
|
+
activemodel (6.0.3.4)
|
49
|
+
activesupport (= 6.0.3.4)
|
50
|
+
activerecord (6.0.3.4)
|
51
|
+
activemodel (= 6.0.3.4)
|
52
|
+
activesupport (= 6.0.3.4)
|
53
|
+
activestorage (6.0.3.4)
|
54
|
+
actionpack (= 6.0.3.4)
|
55
|
+
activejob (= 6.0.3.4)
|
56
|
+
activerecord (= 6.0.3.4)
|
57
57
|
marcel (~> 0.3.1)
|
58
|
-
activesupport (6.0.3.
|
58
|
+
activesupport (6.0.3.4)
|
59
59
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
60
60
|
i18n (>= 0.7, < 2)
|
61
61
|
minitest (~> 5.1)
|
@@ -64,7 +64,7 @@ GEM
|
|
64
64
|
addressable (2.7.0)
|
65
65
|
public_suffix (>= 2.0.2, < 5.0)
|
66
66
|
builder (3.2.4)
|
67
|
-
codecov (0.2.
|
67
|
+
codecov (0.2.12)
|
68
68
|
json
|
69
69
|
simplecov
|
70
70
|
concurrent-ruby (1.1.7)
|
@@ -177,29 +177,29 @@ GEM
|
|
177
177
|
rack
|
178
178
|
rack-test (1.1.0)
|
179
179
|
rack (>= 1.0, < 3)
|
180
|
-
rails (6.0.3.
|
181
|
-
actioncable (= 6.0.3.
|
182
|
-
actionmailbox (= 6.0.3.
|
183
|
-
actionmailer (= 6.0.3.
|
184
|
-
actionpack (= 6.0.3.
|
185
|
-
actiontext (= 6.0.3.
|
186
|
-
actionview (= 6.0.3.
|
187
|
-
activejob (= 6.0.3.
|
188
|
-
activemodel (= 6.0.3.
|
189
|
-
activerecord (= 6.0.3.
|
190
|
-
activestorage (= 6.0.3.
|
191
|
-
activesupport (= 6.0.3.
|
180
|
+
rails (6.0.3.4)
|
181
|
+
actioncable (= 6.0.3.4)
|
182
|
+
actionmailbox (= 6.0.3.4)
|
183
|
+
actionmailer (= 6.0.3.4)
|
184
|
+
actionpack (= 6.0.3.4)
|
185
|
+
actiontext (= 6.0.3.4)
|
186
|
+
actionview (= 6.0.3.4)
|
187
|
+
activejob (= 6.0.3.4)
|
188
|
+
activemodel (= 6.0.3.4)
|
189
|
+
activerecord (= 6.0.3.4)
|
190
|
+
activestorage (= 6.0.3.4)
|
191
|
+
activesupport (= 6.0.3.4)
|
192
192
|
bundler (>= 1.3.0)
|
193
|
-
railties (= 6.0.3.
|
193
|
+
railties (= 6.0.3.4)
|
194
194
|
sprockets-rails (>= 2.0.0)
|
195
195
|
rails-dom-testing (2.0.3)
|
196
196
|
activesupport (>= 4.2.0)
|
197
197
|
nokogiri (>= 1.6)
|
198
198
|
rails-html-sanitizer (1.3.0)
|
199
199
|
loofah (~> 2.3)
|
200
|
-
railties (6.0.3.
|
201
|
-
actionpack (= 6.0.3.
|
202
|
-
activesupport (= 6.0.3.
|
200
|
+
railties (6.0.3.4)
|
201
|
+
actionpack (= 6.0.3.4)
|
202
|
+
activesupport (= 6.0.3.4)
|
203
203
|
method_source
|
204
204
|
rake (>= 0.8.7)
|
205
205
|
thor (>= 0.20.3, < 2.0)
|
@@ -242,7 +242,7 @@ GEM
|
|
242
242
|
thread_safe (~> 0.1)
|
243
243
|
url_mount (0.2.1)
|
244
244
|
rack
|
245
|
-
webmock (3.9.
|
245
|
+
webmock (3.9.2)
|
246
246
|
addressable (>= 2.3.6)
|
247
247
|
crack (>= 0.3.2)
|
248
248
|
hashdiff (>= 0.4.0, < 2.0.0)
|
data/README.md
CHANGED
@@ -20,15 +20,21 @@ module SecureNative
|
|
20
20
|
begin
|
21
21
|
res = @event_manager.send_sync(event, SecureNative::Enums::ApiRoute::VERIFY)
|
22
22
|
ver_result = JSON.parse(res.body)
|
23
|
+
if res.code != "200"
|
24
|
+
if @options.fail_over_strategy == SecureNative::FailOverStrategy::FAIL_OPEN
|
25
|
+
return SecureNative::VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::LOW, score: 0, triggers: [])
|
26
|
+
end
|
27
|
+
return VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::HIGH, score: 1, triggers: [])
|
28
|
+
end
|
23
29
|
return VerifyResult.new(risk_level: ver_result['riskLevel'], score: ver_result['score'], triggers: ver_result['triggers'])
|
24
30
|
rescue StandardError => e
|
25
31
|
SecureNative::Log.debug("Failed to call verify; #{e}")
|
26
32
|
end
|
27
33
|
if @options.fail_over_strategy == SecureNative::FailOverStrategy::FAIL_OPEN
|
28
|
-
return SecureNative::VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::LOW, score: 0, triggers:
|
34
|
+
return SecureNative::VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::LOW, score: 0, triggers: [])
|
29
35
|
end
|
30
36
|
|
31
|
-
VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::HIGH, score: 1, triggers:
|
37
|
+
VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::HIGH, score: 1, triggers: [])
|
32
38
|
end
|
33
39
|
end
|
34
40
|
end
|
data/lib/securenative/context.rb
CHANGED
@@ -34,7 +34,7 @@ module SecureNative
|
|
34
34
|
# Standard Ruby request
|
35
35
|
headers = request.header.to_hash if headers.nil?
|
36
36
|
rescue StandardError
|
37
|
-
headers =
|
37
|
+
headers = {}
|
38
38
|
end
|
39
39
|
|
40
40
|
url = SecureNative::Frameworks::Rails.get_url(request)
|
@@ -54,7 +54,7 @@ module SecureNative
|
|
54
54
|
end
|
55
55
|
|
56
56
|
if SecureNative::Utils::Utils.null_or_empty?(client_token)
|
57
|
-
client_token = SecureNative::Utils::RequestUtils.get_secure_header_from_request(headers)
|
57
|
+
client_token = SecureNative::Utils::RequestUtils.get_secure_header_from_request(request.headers)
|
58
58
|
end
|
59
59
|
|
60
60
|
SecureNative::Context.new(client_token: client_token, ip: SecureNative::Utils::RequestUtils.get_client_ip_from_request(request, options),
|
@@ -62,7 +62,7 @@ class EventManager
|
|
62
62
|
res = @http_client.post(resource_path, EventManager.serialize(event).to_json)
|
63
63
|
|
64
64
|
if res.nil? || res.code != '200'
|
65
|
-
SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}
|
65
|
+
SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}")
|
66
66
|
end
|
67
67
|
|
68
68
|
res
|
@@ -35,8 +35,11 @@ module SecureNative
|
|
35
35
|
|
36
36
|
def self.get_headers(request)
|
37
37
|
begin
|
38
|
-
|
39
|
-
{
|
38
|
+
headers = {}
|
39
|
+
request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
|
40
|
+
headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
|
41
|
+
}
|
42
|
+
return headers
|
40
43
|
rescue StandardError
|
41
44
|
nil
|
42
45
|
end
|
@@ -37,8 +37,11 @@ module SecureNative
|
|
37
37
|
|
38
38
|
def self.get_headers(request)
|
39
39
|
begin
|
40
|
-
|
41
|
-
{
|
40
|
+
headers = {}
|
41
|
+
request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
|
42
|
+
headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
|
43
|
+
}
|
44
|
+
return headers
|
42
45
|
rescue StandardError
|
43
46
|
nil
|
44
47
|
end
|
@@ -35,8 +35,11 @@ module SecureNative
|
|
35
35
|
|
36
36
|
def self.get_headers(request)
|
37
37
|
begin
|
38
|
-
|
39
|
-
{
|
38
|
+
headers = {}
|
39
|
+
request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
|
40
|
+
headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
|
41
|
+
}
|
42
|
+
return headers
|
40
43
|
rescue StandardError
|
41
44
|
nil
|
42
45
|
end
|
@@ -17,25 +17,26 @@ module SecureNative
|
|
17
17
|
end
|
18
18
|
|
19
19
|
def self.get_client_ip_from_request(request, options)
|
20
|
-
unless options.nil?
|
21
|
-
|
20
|
+
unless options.proxy_headers.nil?
|
21
|
+
options.proxy_headers.each { |header|
|
22
22
|
begin
|
23
23
|
h = request.env[header]
|
24
|
-
|
24
|
+
if h.nil?
|
25
25
|
h = request.env[self.parse_ip(header)]
|
26
26
|
end
|
27
27
|
return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
|
28
28
|
rescue NoMethodError
|
29
29
|
begin
|
30
30
|
h = request[header]
|
31
|
-
|
31
|
+
if h.nil?
|
32
32
|
h = request.env[self.parse_ip(header)]
|
33
33
|
end
|
34
34
|
return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
|
35
35
|
rescue NoMethodError
|
36
|
+
# Ignored
|
36
37
|
end
|
37
38
|
end
|
38
|
-
|
39
|
+
}
|
39
40
|
end
|
40
41
|
|
41
42
|
begin
|
@@ -46,6 +47,7 @@ module SecureNative
|
|
46
47
|
x_forwarded_for = request['HTTP_X_FORWARDED_FOR']
|
47
48
|
return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
|
48
49
|
rescue NoMethodError
|
50
|
+
# Ignored
|
49
51
|
end
|
50
52
|
end
|
51
53
|
|
@@ -57,6 +59,7 @@ module SecureNative
|
|
57
59
|
x_forwarded_for = request['HTTP_X_REAL_IP']
|
58
60
|
return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
|
59
61
|
rescue NoMethodError
|
62
|
+
# Ignored
|
60
63
|
end
|
61
64
|
end
|
62
65
|
|
@@ -68,12 +71,14 @@ module SecureNative
|
|
68
71
|
x_forwarded_for = request['REMOTE_ADDR']
|
69
72
|
return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
|
70
73
|
rescue NoMethodError
|
74
|
+
# Ignored
|
71
75
|
end
|
72
76
|
end
|
73
77
|
|
74
78
|
begin
|
75
79
|
return request.ip unless request.ip.nil?
|
76
80
|
rescue NoMethodError
|
81
|
+
# Ignored
|
77
82
|
end
|
78
83
|
|
79
84
|
''
|
data/lib/securenative/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: securenative
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.36
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- SecureNative
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-10-
|
11
|
+
date: 2020-10-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|