securenative 0.1.34 → 0.1.39

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +1 -1
  3. data/README.md +1 -1
  4. data/lib/securenative/api_manager.rb +6 -0
  5. data/lib/securenative/context.rb +1 -1
  6. data/lib/securenative/event_manager.rb +1 -1
  7. data/lib/securenative/frameworks/hanami.rb +10 -3
  8. data/lib/securenative/frameworks/rails.rb +10 -3
  9. data/lib/securenative/frameworks/sinatra.rb +10 -3
  10. data/lib/securenative/http_client.rb +1 -1
  11. data/lib/securenative/utils/request_utils.rb +81 -14
  12. data/lib/securenative/version.rb +1 -1
  13. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8d37acae083e992b50287c1531d21bf1dc5794a94de5198dd3e7cf0dd29fd53c
4
- data.tar.gz: 0aec5e752e9cb16c05b3ba70e4f05d9e842e34c63198575815c1f7f9f8590a52
3
+ metadata.gz: f51a9bf80e38a18bca0466b36a1a47266ae8dfe33df9130d0c0f22a8fa17d10e
4
+ data.tar.gz: 8e3e7b2cc512a4de5ff841679eea3a89083744ea281ecd26826a9ae38ccc607f
5
5
  SHA512:
6
- metadata.gz: a69cf0db09fa4de8d1e3973f718d880d0ec43cef652b3a556fbfd57188907a52f0ecce1b1f452088423e05e4b44453da21c1f84f30a6ec510c906fff7217ea9c
7
- data.tar.gz: 2e1949c2c0b4924eab51b93a36a5e092516830edb424ef7914389b9ec6b1d235cc50f5f62b36e7ef72d0343fe05ee7c871c486ef57a89cfd061332b886a63e17
6
+ metadata.gz: 975307d2f8e367f0add4255357fb90e53ee3c761f0ae9527023aac385e375d8fe5ddcd60de9c10c9b24aab4468e5e8bf88bce945fb2ffaf4e9404de9f31540cc
7
+ data.tar.gz: 7418c8fad032dde0bb3175d3028336662d313fc0d358664e9f2712aba83dd496c858a7c2cc950f57d0a9a73c80ab26e081f15271b5c6cfdee12e0fd70206ce64
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- securenative (0.1.34)
4
+ securenative (0.1.39)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/README.md CHANGED
@@ -176,7 +176,7 @@ SECURENATIVE_API_KEY: dsbe27fh3437r2yd326fg3fdg36f43
176
176
  SECURENATIVE_PROXY_HEADERS: ["CF-Connecting-IP"]
177
177
  ```
178
178
 
179
- Initialize sdk as showed above.
179
+ Initialize sdk as shown above.
180
180
 
181
181
  ### Options 2: Using ConfigurationBuilder
182
182
 
data/lib/securenative/api_manager.rb CHANGED
@@ -20,6 +20,12 @@ module SecureNative
20
20
  begin
21
21
  res = @event_manager.send_sync(event, SecureNative::Enums::ApiRoute::VERIFY)
22
22
  ver_result = JSON.parse(res.body)
23
+ if res.code != "200"
24
+ if @options.fail_over_strategy == SecureNative::FailOverStrategy::FAIL_OPEN
25
+ return SecureNative::VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::LOW, score: 0, triggers: [])
26
+ end
27
+ return VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::HIGH, score: 1, triggers: [])
28
+ end
23
29
  return VerifyResult.new(risk_level: ver_result['riskLevel'], score: ver_result['score'], triggers: ver_result['triggers'])
24
30
  rescue StandardError => e
25
31
  SecureNative::Log.debug("Failed to call verify; #{e}")
data/lib/securenative/context.rb CHANGED
@@ -34,7 +34,7 @@ module SecureNative
34
34
  # Standard Ruby request
35
35
  headers = request.header.to_hash if headers.nil?
36
36
  rescue StandardError
37
- headers = []
37
+ headers = {}
38
38
  end
39
39
 
40
40
  url = SecureNative::Frameworks::Rails.get_url(request)
data/lib/securenative/event_manager.rb CHANGED
@@ -62,7 +62,7 @@ class EventManager
62
62
  res = @http_client.post(resource_path, EventManager.serialize(event).to_json)
63
63
 
64
64
  if res.nil? || res.code != '200'
65
- SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}. adding back to queue")
65
+ SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}")
66
66
  end
67
67
 
68
68
  res
data/lib/securenative/frameworks/hanami.rb CHANGED
@@ -35,10 +35,17 @@ module SecureNative
35
35
 
36
36
  def self.get_headers(request)
37
37
  begin
38
- headers = []
39
- request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
40
- headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
38
+ headers = {}
39
+
40
+ request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
41
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
41
42
  }
43
+
44
+ if headers.length == 0
45
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
46
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
47
+ }
48
+ end
42
49
  return headers
43
50
  rescue StandardError
44
51
  nil
data/lib/securenative/frameworks/rails.rb CHANGED
@@ -37,10 +37,17 @@ module SecureNative
37
37
 
38
38
  def self.get_headers(request)
39
39
  begin
40
- headers = []
41
- request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
42
- headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
40
+ headers = {}
41
+
42
+ request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
43
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
43
44
  }
45
+
46
+ if headers.length == 0
47
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
48
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
49
+ }
50
+ end
44
51
  return headers
45
52
  rescue StandardError
46
53
  nil
data/lib/securenative/frameworks/sinatra.rb CHANGED
@@ -35,10 +35,17 @@ module SecureNative
35
35
 
36
36
  def self.get_headers(request)
37
37
  begin
38
- headers = []
39
- request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
40
- headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
38
+ headers = {}
39
+
40
+ request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
41
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
41
42
  }
43
+
44
+ if headers.length == 0
45
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
46
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
47
+ }
48
+ end
42
49
  return headers
43
50
  rescue StandardError
44
51
  nil
data/lib/securenative/http_client.rb CHANGED
@@ -27,7 +27,7 @@ module SecureNative
27
27
  headers = _headers
28
28
 
29
29
  client = Net::HTTP.new(uri.host, uri.port)
30
- client.read_timeout = @options.timeout
30
+ client.read_timeout = @options.timeout / 1000
31
31
  client.use_ssl = true
32
32
  client.verify_mode = OpenSSL::SSL::VERIFY_NONE
33
33
 
data/lib/securenative/utils/request_utils.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'ipaddr'
4
+
3
5
  module SecureNative
4
6
  module Utils
5
7
  class RequestUtils
@@ -24,14 +26,20 @@ module SecureNative
24
26
  if h.nil?
25
27
  h = request.env[self.parse_ip(header)]
26
28
  end
27
- return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
29
+ parsed = self.parse_proxy_header(h, header)
30
+ if self.validate_ip(parsed)
31
+ return parsed
32
+ end
28
33
  rescue NoMethodError
29
34
  begin
30
35
  h = request[header]
31
36
  if h.nil?
32
37
  h = request.env[self.parse_ip(header)]
33
38
  end
34
- return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
39
+ parsed = self.parse_proxy_header(h, header)
40
+ if self.validate_ip(parsed)
41
+ return parsed
42
+ end
35
43
  rescue NoMethodError
36
44
  # Ignored
37
45
  end
@@ -40,36 +48,66 @@ module SecureNative
40
48
  end
41
49
 
42
50
  begin
43
- x_forwarded_for = request.env['HTTP_X_FORWARDED_FOR']
44
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
51
+ header_value = request.env['HTTP_X_FORWARDED_FOR']
52
+ if header_value.include? ','
53
+ header_value = header_value.split(',')[0]
54
+ end
55
+ if self.validate_ip(header_value)
56
+ return header_value
57
+ end
45
58
  rescue NoMethodError
46
59
  begin
47
- x_forwarded_for = request['HTTP_X_FORWARDED_FOR']
48
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
60
+ header_value = request['HTTP_X_FORWARDED_FOR']
61
+ if header_value.include? ','
62
+ header_value = header_value.split(',')[0]
63
+ end
64
+ if self.validate_ip(header_value)
65
+ return header_value
66
+ end
49
67
  rescue NoMethodError
50
68
  # Ignored
51
69
  end
52
70
  end
53
71
 
54
72
  begin
55
- x_forwarded_for = request.env['HTTP_X_REAL_IP']
56
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
73
+ header_value = request.env['HTTP_X_REAL_IP']
74
+ if header_value.include? ','
75
+ header_value = header_value.split(',')[0]
76
+ end
77
+ if self.validate_ip(header_value)
78
+ return header
79
+ end
57
80
  rescue NoMethodError
58
81
  begin
59
- x_forwarded_for = request['HTTP_X_REAL_IP']
60
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
82
+ header_value = request['HTTP_X_REAL_IP']
83
+ if header_value.include? ','
84
+ header_value = header_value.split(',')[0]
85
+ end
86
+ if self.validate_ip(header_value)
87
+ return header_value
88
+ end
61
89
  rescue NoMethodError
62
90
  # Ignored
63
91
  end
64
92
  end
65
93
 
66
94
  begin
67
- x_forwarded_for = request.env['REMOTE_ADDR']
68
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
95
+ header_value = request.env['REMOTE_ADDR']
96
+ if header_value.include? ','
97
+ header_value = header_value.split(',')[0]
98
+ end
99
+ if self.validate_ip(header_value)
100
+ return header_value
101
+ end
69
102
  rescue NoMethodError
70
103
  begin
71
- x_forwarded_for = request['REMOTE_ADDR']
72
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
104
+ header_value = request['REMOTE_ADDR']
105
+ if header_value.include? ','
106
+ header_value = header_value.split(',')[0]
107
+ end
108
+ if self.validate_ip(header_value)
109
+ return header_value
110
+ end
73
111
  rescue NoMethodError
74
112
  # Ignored
75
113
  end
@@ -96,6 +134,35 @@ module SecureNative
96
134
  h = headers.gsub('-', '_')
97
135
  return PREFIX + h.upcase
98
136
  end
137
+
138
+ def self.parse_proxy_header(headers, header_key)
139
+ h = headers.gsub(header_key + ': ', '')
140
+ if headers.include? ','
141
+ h = h.split(',')[0]
142
+ end
143
+ return h
144
+ end
145
+
146
+ def self.validate_ip(ip)
147
+ if ip.nil?
148
+ return false
149
+ end
150
+
151
+ begin
152
+ ipaddr = IPAddr.new(ip)
153
+ if ipaddr.ipv4?
154
+ return true
155
+ end
156
+
157
+ if ipaddr.ipv6?
158
+ return true
159
+ end
160
+ rescue Exception
161
+ # Ignored
162
+ end
163
+
164
+ return false
165
+ end
99
166
  end
100
167
  end
101
168
  end
data/lib/securenative/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module SecureNative
4
- VERSION = '0.1.34'
4
+ VERSION = '0.1.39'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: securenative
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.34
4
+ version: 0.1.39
5
5
  platform: ruby
6
6
  authors:
7
7
  - SecureNative
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-10-13 00:00:00.000000000 Z
11
+ date: 2020-10-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler