securenative 0.1.35 → 0.1.40
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +1 -1
- data/.github/workflows/test.yml +1 -1
- data/Gemfile.lock +1 -1
- data/README.md +1 -1
- data/lib/securenative/context.rb +1 -1
- data/lib/securenative/event_manager.rb +1 -1
- data/lib/securenative/frameworks/hanami.rb +8 -1
- data/lib/securenative/frameworks/rails.rb +8 -1
- data/lib/securenative/frameworks/sinatra.rb +8 -1
- data/lib/securenative/http_client.rb +1 -1
- data/lib/securenative/utils/request_utils.rb +81 -14
- data/lib/securenative/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e1524c2a6da61fa55a95f7934b08bea91905fa43a4a36ff4b0fc5183edf5ab2f
|
4
|
+
data.tar.gz: '0915dd3e1ebbe7c665d66965e6ee274f2a9b55dbd7fc5745047a26be6b202f72'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e9d062d7222932be86a84e528a1265d18e8d2777aae3dbf786423ad14be3266b038e5345d046949a8e7c2b1c3e4e2ccfc941122fd853f92129f159cdb2a2f86b
|
7
|
+
data.tar.gz: c640a7286aa36570e4e86a9fe9c28efa47284e1b908e7a02ffa64d5e58437340707c49851032e3993985d7142bc192b63d8e38ac27448c0f7d07c9bce3917fa7
|
data/.github/workflows/ci.yml
CHANGED
data/.github/workflows/test.yml
CHANGED
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
data/lib/securenative/context.rb
CHANGED
@@ -54,7 +54,7 @@ module SecureNative
|
|
54
54
|
end
|
55
55
|
|
56
56
|
if SecureNative::Utils::Utils.null_or_empty?(client_token)
|
57
|
-
|
57
|
+
client_token = SecureNative::Utils::RequestUtils.get_secure_header_from_request(headers)
|
58
58
|
end
|
59
59
|
|
60
60
|
SecureNative::Context.new(client_token: client_token, ip: SecureNative::Utils::RequestUtils.get_client_ip_from_request(request, options),
|
@@ -62,7 +62,7 @@ class EventManager
|
|
62
62
|
res = @http_client.post(resource_path, EventManager.serialize(event).to_json)
|
63
63
|
|
64
64
|
if res.nil? || res.code != '200'
|
65
|
-
SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}
|
65
|
+
SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}")
|
66
66
|
end
|
67
67
|
|
68
68
|
res
|
@@ -36,9 +36,16 @@ module SecureNative
|
|
36
36
|
def self.get_headers(request)
|
37
37
|
begin
|
38
38
|
headers = {}
|
39
|
-
|
39
|
+
|
40
|
+
request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
|
40
41
|
headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
|
41
42
|
}
|
43
|
+
|
44
|
+
if headers.length == 0
|
45
|
+
request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
|
46
|
+
headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
|
47
|
+
}
|
48
|
+
end
|
42
49
|
return headers
|
43
50
|
rescue StandardError
|
44
51
|
nil
|
@@ -38,9 +38,16 @@ module SecureNative
|
|
38
38
|
def self.get_headers(request)
|
39
39
|
begin
|
40
40
|
headers = {}
|
41
|
-
|
41
|
+
|
42
|
+
request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
|
42
43
|
headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
|
43
44
|
}
|
45
|
+
|
46
|
+
if headers.length == 0
|
47
|
+
request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
|
48
|
+
headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
|
49
|
+
}
|
50
|
+
end
|
44
51
|
return headers
|
45
52
|
rescue StandardError
|
46
53
|
nil
|
@@ -36,9 +36,16 @@ module SecureNative
|
|
36
36
|
def self.get_headers(request)
|
37
37
|
begin
|
38
38
|
headers = {}
|
39
|
-
|
39
|
+
|
40
|
+
request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
|
40
41
|
headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
|
41
42
|
}
|
43
|
+
|
44
|
+
if headers.length == 0
|
45
|
+
request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
|
46
|
+
headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
|
47
|
+
}
|
48
|
+
end
|
42
49
|
return headers
|
43
50
|
rescue StandardError
|
44
51
|
nil
|
@@ -1,5 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'ipaddr'
|
4
|
+
|
3
5
|
module SecureNative
|
4
6
|
module Utils
|
5
7
|
class RequestUtils
|
@@ -24,14 +26,20 @@ module SecureNative
|
|
24
26
|
if h.nil?
|
25
27
|
h = request.env[self.parse_ip(header)]
|
26
28
|
end
|
27
|
-
|
29
|
+
parsed = self.parse_proxy_header(h, header)
|
30
|
+
if self.validate_ip(parsed)
|
31
|
+
return parsed
|
32
|
+
end
|
28
33
|
rescue NoMethodError
|
29
34
|
begin
|
30
35
|
h = request[header]
|
31
36
|
if h.nil?
|
32
37
|
h = request.env[self.parse_ip(header)]
|
33
38
|
end
|
34
|
-
|
39
|
+
parsed = self.parse_proxy_header(h, header)
|
40
|
+
if self.validate_ip(parsed)
|
41
|
+
return parsed
|
42
|
+
end
|
35
43
|
rescue NoMethodError
|
36
44
|
# Ignored
|
37
45
|
end
|
@@ -40,36 +48,66 @@ module SecureNative
|
|
40
48
|
end
|
41
49
|
|
42
50
|
begin
|
43
|
-
|
44
|
-
|
51
|
+
header_value = request.env['HTTP_X_FORWARDED_FOR']
|
52
|
+
if header_value.include? ','
|
53
|
+
header_value = header_value.split(',')[0]
|
54
|
+
end
|
55
|
+
if self.validate_ip(header_value)
|
56
|
+
return header_value
|
57
|
+
end
|
45
58
|
rescue NoMethodError
|
46
59
|
begin
|
47
|
-
|
48
|
-
|
60
|
+
header_value = request['HTTP_X_FORWARDED_FOR']
|
61
|
+
if header_value.include? ','
|
62
|
+
header_value = header_value.split(',')[0]
|
63
|
+
end
|
64
|
+
if self.validate_ip(header_value)
|
65
|
+
return header_value
|
66
|
+
end
|
49
67
|
rescue NoMethodError
|
50
68
|
# Ignored
|
51
69
|
end
|
52
70
|
end
|
53
71
|
|
54
72
|
begin
|
55
|
-
|
56
|
-
|
73
|
+
header_value = request.env['HTTP_X_REAL_IP']
|
74
|
+
if header_value.include? ','
|
75
|
+
header_value = header_value.split(',')[0]
|
76
|
+
end
|
77
|
+
if self.validate_ip(header_value)
|
78
|
+
return header
|
79
|
+
end
|
57
80
|
rescue NoMethodError
|
58
81
|
begin
|
59
|
-
|
60
|
-
|
82
|
+
header_value = request['HTTP_X_REAL_IP']
|
83
|
+
if header_value.include? ','
|
84
|
+
header_value = header_value.split(',')[0]
|
85
|
+
end
|
86
|
+
if self.validate_ip(header_value)
|
87
|
+
return header_value
|
88
|
+
end
|
61
89
|
rescue NoMethodError
|
62
90
|
# Ignored
|
63
91
|
end
|
64
92
|
end
|
65
93
|
|
66
94
|
begin
|
67
|
-
|
68
|
-
|
95
|
+
header_value = request.env['REMOTE_ADDR']
|
96
|
+
if header_value.include? ','
|
97
|
+
header_value = header_value.split(',')[0]
|
98
|
+
end
|
99
|
+
if self.validate_ip(header_value)
|
100
|
+
return header_value
|
101
|
+
end
|
69
102
|
rescue NoMethodError
|
70
103
|
begin
|
71
|
-
|
72
|
-
|
104
|
+
header_value = request['REMOTE_ADDR']
|
105
|
+
if header_value.include? ','
|
106
|
+
header_value = header_value.split(',')[0]
|
107
|
+
end
|
108
|
+
if self.validate_ip(header_value)
|
109
|
+
return header_value
|
110
|
+
end
|
73
111
|
rescue NoMethodError
|
74
112
|
# Ignored
|
75
113
|
end
|
@@ -96,6 +134,35 @@ module SecureNative
|
|
96
134
|
h = headers.gsub('-', '_')
|
97
135
|
return PREFIX + h.upcase
|
98
136
|
end
|
137
|
+
|
138
|
+
def self.parse_proxy_header(headers, header_key)
|
139
|
+
h = headers.gsub(header_key + ': ', '')
|
140
|
+
if headers.include? ','
|
141
|
+
h = h.split(',')[0]
|
142
|
+
end
|
143
|
+
return h
|
144
|
+
end
|
145
|
+
|
146
|
+
def self.validate_ip(ip)
|
147
|
+
if ip.nil?
|
148
|
+
return false
|
149
|
+
end
|
150
|
+
|
151
|
+
begin
|
152
|
+
ipaddr = IPAddr.new(ip)
|
153
|
+
if ipaddr.ipv4?
|
154
|
+
return true
|
155
|
+
end
|
156
|
+
|
157
|
+
if ipaddr.ipv6?
|
158
|
+
return true
|
159
|
+
end
|
160
|
+
rescue Exception
|
161
|
+
# Ignored
|
162
|
+
end
|
163
|
+
|
164
|
+
return false
|
165
|
+
end
|
99
166
|
end
|
100
167
|
end
|
101
168
|
end
|
data/lib/securenative/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: securenative
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.40
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- SecureNative
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-10-
|
11
|
+
date: 2020-10-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -121,7 +121,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
121
121
|
- !ruby/object:Gem::Version
|
122
122
|
version: '0'
|
123
123
|
requirements: []
|
124
|
-
rubygems_version: 3.1.
|
124
|
+
rubygems_version: 3.1.4
|
125
125
|
signing_key:
|
126
126
|
specification_version: 4
|
127
127
|
summary: SecureNative SDK for Ruby
|