securenative 0.1.34 → 0.1.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +1 -1
  4. data/lib/securenative/api_manager.rb +6 -0
  5. data/lib/securenative/context.rb +1 -1
  6. data/lib/securenative/event_manager.rb +1 -1
  7. data/lib/securenative/frameworks/hanami.rb +10 -3
  8. data/lib/securenative/frameworks/rails.rb +10 -3
  9. data/lib/securenative/frameworks/sinatra.rb +10 -3
  10. data/lib/securenative/http_client.rb +1 -1
  11. data/lib/securenative/utils/request_utils.rb +81 -14
  12. data/lib/securenative/version.rb +1 -1
  13. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8d37acae083e992b50287c1531d21bf1dc5794a94de5198dd3e7cf0dd29fd53c
4
- data.tar.gz: 0aec5e752e9cb16c05b3ba70e4f05d9e842e34c63198575815c1f7f9f8590a52
3
+ metadata.gz: f51a9bf80e38a18bca0466b36a1a47266ae8dfe33df9130d0c0f22a8fa17d10e
4
+ data.tar.gz: 8e3e7b2cc512a4de5ff841679eea3a89083744ea281ecd26826a9ae38ccc607f
5
5
  SHA512:
6
- metadata.gz: a69cf0db09fa4de8d1e3973f718d880d0ec43cef652b3a556fbfd57188907a52f0ecce1b1f452088423e05e4b44453da21c1f84f30a6ec510c906fff7217ea9c
7
- data.tar.gz: 2e1949c2c0b4924eab51b93a36a5e092516830edb424ef7914389b9ec6b1d235cc50f5f62b36e7ef72d0343fe05ee7c871c486ef57a89cfd061332b886a63e17
6
+ metadata.gz: 975307d2f8e367f0add4255357fb90e53ee3c761f0ae9527023aac385e375d8fe5ddcd60de9c10c9b24aab4468e5e8bf88bce945fb2ffaf4e9404de9f31540cc
7
+ data.tar.gz: 7418c8fad032dde0bb3175d3028336662d313fc0d358664e9f2712aba83dd496c858a7c2cc950f57d0a9a73c80ab26e081f15271b5c6cfdee12e0fd70206ce64
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- securenative (0.1.34)
4
+ securenative (0.1.39)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/README.md CHANGED
@@ -176,7 +176,7 @@ SECURENATIVE_API_KEY: dsbe27fh3437r2yd326fg3fdg36f43
176
176
  SECURENATIVE_PROXY_HEADERS: ["CF-Connecting-IP"]
177
177
  ```
178
178
 
179
- Initialize sdk as showed above.
179
+ Initialize sdk as shown above.
180
180
 
181
181
  ### Options 2: Using ConfigurationBuilder
182
182
 
data/lib/securenative/api_manager.rb CHANGED
@@ -20,6 +20,12 @@ module SecureNative
20
20
  begin
21
21
  res = @event_manager.send_sync(event, SecureNative::Enums::ApiRoute::VERIFY)
22
22
  ver_result = JSON.parse(res.body)
23
+ if res.code != "200"
24
+ if @options.fail_over_strategy == SecureNative::FailOverStrategy::FAIL_OPEN
25
+ return SecureNative::VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::LOW, score: 0, triggers: [])
26
+ end
27
+ return VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::HIGH, score: 1, triggers: [])
28
+ end
23
29
  return VerifyResult.new(risk_level: ver_result['riskLevel'], score: ver_result['score'], triggers: ver_result['triggers'])
24
30
  rescue StandardError => e
25
31
  SecureNative::Log.debug("Failed to call verify; #{e}")
data/lib/securenative/context.rb CHANGED
@@ -34,7 +34,7 @@ module SecureNative
34
34
  # Standard Ruby request
35
35
  headers = request.header.to_hash if headers.nil?
36
36
  rescue StandardError
37
- headers = []
37
+ headers = {}
38
38
  end
39
39
 
40
40
  url = SecureNative::Frameworks::Rails.get_url(request)
data/lib/securenative/event_manager.rb CHANGED
@@ -62,7 +62,7 @@ class EventManager
62
62
  res = @http_client.post(resource_path, EventManager.serialize(event).to_json)
63
63
 
64
64
  if res.nil? || res.code != '200'
65
- SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}. adding back to queue")
65
+ SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}")
66
66
  end
67
67
 
68
68
  res
data/lib/securenative/frameworks/hanami.rb CHANGED
@@ -35,10 +35,17 @@ module SecureNative
35
35
 
36
36
  def self.get_headers(request)
37
37
  begin
38
- headers = []
39
- request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
40
- headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
38
+ headers = {}
39
+
40
+ request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
41
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
41
42
  }
43
+
44
+ if headers.length == 0
45
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
46
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
47
+ }
48
+ end
42
49
  return headers
43
50
  rescue StandardError
44
51
  nil
data/lib/securenative/frameworks/rails.rb CHANGED
@@ -37,10 +37,17 @@ module SecureNative
37
37
 
38
38
  def self.get_headers(request)
39
39
  begin
40
- headers = []
41
- request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
42
- headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
40
+ headers = {}
41
+
42
+ request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
43
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
43
44
  }
45
+
46
+ if headers.length == 0
47
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
48
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
49
+ }
50
+ end
44
51
  return headers
45
52
  rescue StandardError
46
53
  nil
data/lib/securenative/frameworks/sinatra.rb CHANGED
@@ -35,10 +35,17 @@ module SecureNative
35
35
 
36
36
  def self.get_headers(request)
37
37
  begin
38
- headers = []
39
- request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
40
- headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
38
+ headers = {}
39
+
40
+ request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
41
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
41
42
  }
43
+
44
+ if headers.length == 0
45
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
46
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
47
+ }
48
+ end
42
49
  return headers
43
50
  rescue StandardError
44
51
  nil
data/lib/securenative/http_client.rb CHANGED
@@ -27,7 +27,7 @@ module SecureNative
27
27
  headers = _headers
28
28
 
29
29
  client = Net::HTTP.new(uri.host, uri.port)
30
- client.read_timeout = @options.timeout
30
+ client.read_timeout = @options.timeout / 1000
31
31
  client.use_ssl = true
32
32
  client.verify_mode = OpenSSL::SSL::VERIFY_NONE
33
33
 
data/lib/securenative/utils/request_utils.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'ipaddr'
4
+
3
5
  module SecureNative
4
6
  module Utils
5
7
  class RequestUtils
@@ -24,14 +26,20 @@ module SecureNative
24
26
  if h.nil?
25
27
  h = request.env[self.parse_ip(header)]
26
28
  end
27
- return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
29
+ parsed = self.parse_proxy_header(h, header)
30
+ if self.validate_ip(parsed)
31
+ return parsed
32
+ end
28
33
  rescue NoMethodError
29
34
  begin
30
35
  h = request[header]
31
36
  if h.nil?
32
37
  h = request.env[self.parse_ip(header)]
33
38
  end
34
- return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
39
+ parsed = self.parse_proxy_header(h, header)
40
+ if self.validate_ip(parsed)
41
+ return parsed
42
+ end
35
43
  rescue NoMethodError
36
44
  # Ignored
37
45
  end
@@ -40,36 +48,66 @@ module SecureNative
40
48
  end
41
49
 
42
50
  begin
43
- x_forwarded_for = request.env['HTTP_X_FORWARDED_FOR']
44
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
51
+ header_value = request.env['HTTP_X_FORWARDED_FOR']
52
+ if header_value.include? ','
53
+ header_value = header_value.split(',')[0]
54
+ end
55
+ if self.validate_ip(header_value)
56
+ return header_value
57
+ end
45
58
  rescue NoMethodError
46
59
  begin
47
- x_forwarded_for = request['HTTP_X_FORWARDED_FOR']
48
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
60
+ header_value = request['HTTP_X_FORWARDED_FOR']
61
+ if header_value.include? ','
62
+ header_value = header_value.split(',')[0]
63
+ end
64
+ if self.validate_ip(header_value)
65
+ return header_value
66
+ end
49
67
  rescue NoMethodError
50
68
  # Ignored
51
69
  end
52
70
  end
53
71
 
54
72
  begin
55
- x_forwarded_for = request.env['HTTP_X_REAL_IP']
56
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
73
+ header_value = request.env['HTTP_X_REAL_IP']
74
+ if header_value.include? ','
75
+ header_value = header_value.split(',')[0]
76
+ end
77
+ if self.validate_ip(header_value)
78
+ return header
79
+ end
57
80
  rescue NoMethodError
58
81
  begin
59
- x_forwarded_for = request['HTTP_X_REAL_IP']
60
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
82
+ header_value = request['HTTP_X_REAL_IP']
83
+ if header_value.include? ','
84
+ header_value = header_value.split(',')[0]
85
+ end
86
+ if self.validate_ip(header_value)
87
+ return header_value
88
+ end
61
89
  rescue NoMethodError
62
90
  # Ignored
63
91
  end
64
92
  end
65
93
 
66
94
  begin
67
- x_forwarded_for = request.env['REMOTE_ADDR']
68
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
95
+ header_value = request.env['REMOTE_ADDR']
96
+ if header_value.include? ','
97
+ header_value = header_value.split(',')[0]
98
+ end
99
+ if self.validate_ip(header_value)
100
+ return header_value
101
+ end
69
102
  rescue NoMethodError
70
103
  begin
71
- x_forwarded_for = request['REMOTE_ADDR']
72
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
104
+ header_value = request['REMOTE_ADDR']
105
+ if header_value.include? ','
106
+ header_value = header_value.split(',')[0]
107
+ end
108
+ if self.validate_ip(header_value)
109
+ return header_value
110
+ end
73
111
  rescue NoMethodError
74
112
  # Ignored
75
113
  end
@@ -96,6 +134,35 @@ module SecureNative
96
134
  h = headers.gsub('-', '_')
97
135
  return PREFIX + h.upcase
98
136
  end
137
+
138
+ def self.parse_proxy_header(headers, header_key)
139
+ h = headers.gsub(header_key + ': ', '')
140
+ if headers.include? ','
141
+ h = h.split(',')[0]
142
+ end
143
+ return h
144
+ end
145
+
146
+ def self.validate_ip(ip)
147
+ if ip.nil?
148
+ return false
149
+ end
150
+
151
+ begin
152
+ ipaddr = IPAddr.new(ip)
153
+ if ipaddr.ipv4?
154
+ return true
155
+ end
156
+
157
+ if ipaddr.ipv6?
158
+ return true
159
+ end
160
+ rescue Exception
161
+ # Ignored
162
+ end
163
+
164
+ return false
165
+ end
99
166
  end
100
167
  end
101
168
  end
data/lib/securenative/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module SecureNative
4
- VERSION = '0.1.34'
4
+ VERSION = '0.1.39'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: securenative
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.34
4
+ version: 0.1.39
5
5
  platform: ruby
6
6
  authors:
7
7
  - SecureNative
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-10-13 00:00:00.000000000 Z
11
+ date: 2020-10-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler