securenative 0.1.35 → 0.1.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/ci.yml +1 -1
  3. data/.github/workflows/test.yml +1 -1
  4. data/Gemfile.lock +1 -1
  5. data/README.md +1 -1
  6. data/lib/securenative/context.rb +1 -1
  7. data/lib/securenative/event_manager.rb +1 -1
  8. data/lib/securenative/frameworks/hanami.rb +8 -1
  9. data/lib/securenative/frameworks/rails.rb +8 -1
  10. data/lib/securenative/frameworks/sinatra.rb +8 -1
  11. data/lib/securenative/http_client.rb +1 -1
  12. data/lib/securenative/utils/request_utils.rb +81 -14
  13. data/lib/securenative/version.rb +1 -1
  14. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 20dc3ef7982fbbe1393a802c4b3e146bc5e2c156bbe47d69ab51de349af96897
4
- data.tar.gz: 7f45ebdfc1015a73c592e38bb51b1dde881db64268c7de7844a0891fcebfd6af
3
+ metadata.gz: e1524c2a6da61fa55a95f7934b08bea91905fa43a4a36ff4b0fc5183edf5ab2f
4
+ data.tar.gz: '0915dd3e1ebbe7c665d66965e6ee274f2a9b55dbd7fc5745047a26be6b202f72'
5
5
  SHA512:
6
- metadata.gz: d9dec72d78c52595114438d45f22d14ae719f1852050af0c694791e66cc8292d9b9b1a6eabd4ea459f192bac694272f2f1167d9e147512df01e9c605a7bef9cd
7
- data.tar.gz: e88c021e75f087d06f7ba6ba9760fe71ee9b49c950d9d69da424a95e17b2b17e9f6b56c08b70486e245425f5147954ab9bed60a37c9b34784dcda4d29a8ca9b9
6
+ metadata.gz: e9d062d7222932be86a84e528a1265d18e8d2777aae3dbf786423ad14be3266b038e5345d046949a8e7c2b1c3e4e2ccfc941122fd853f92129f159cdb2a2f86b
7
+ data.tar.gz: c640a7286aa36570e4e86a9fe9c28efa47284e1b908e7a02ffa64d5e58437340707c49851032e3993985d7142bc192b63d8e38ac27448c0f7d07c9bce3917fa7
data/.github/workflows/ci.yml CHANGED
@@ -24,7 +24,7 @@ jobs:
24
24
  gem install bundler
25
25
  bundler install
26
26
  - name: Run tests
27
- run: bundle exec rspec spec --pattern **/spec_*.rb
27
+ run: bundle exec rspec spec --pattern **/**/spec_*.rb
28
28
 
29
29
  - name: Notify slack success
30
30
  if: success()
data/.github/workflows/test.yml CHANGED
@@ -23,7 +23,7 @@ jobs:
23
23
  gem install bundler
24
24
  bundler install
25
25
  - name: Run tests
26
- run: bundle exec rspec spec --pattern **/spec_*.rb
26
+ run: bundle exec rspec spec --pattern **/**/spec_*.rb
27
27
 
28
28
  - name: Notify slack success
29
29
  if: success()
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- securenative (0.1.35)
4
+ securenative (0.1.40)
5
5
 
6
6
  GEM
7
7
  remote: https://rubygems.org/
data/README.md CHANGED
@@ -176,7 +176,7 @@ SECURENATIVE_API_KEY: dsbe27fh3437r2yd326fg3fdg36f43
176
176
  SECURENATIVE_PROXY_HEADERS: ["CF-Connecting-IP"]
177
177
  ```
178
178
 
179
- Initialize sdk as showed above.
179
+ Initialize sdk as shown above.
180
180
 
181
181
  ### Options 2: Using ConfigurationBuilder
182
182
 
data/lib/securenative/context.rb CHANGED
@@ -54,7 +54,7 @@ module SecureNative
54
54
  end
55
55
 
56
56
  if SecureNative::Utils::Utils.null_or_empty?(client_token)
57
- client_token = SecureNative::Utils::RequestUtils.get_secure_header_from_request(request.headers)
57
+ client_token = SecureNative::Utils::RequestUtils.get_secure_header_from_request(headers)
58
58
  end
59
59
 
60
60
  SecureNative::Context.new(client_token: client_token, ip: SecureNative::Utils::RequestUtils.get_client_ip_from_request(request, options),
data/lib/securenative/event_manager.rb CHANGED
@@ -62,7 +62,7 @@ class EventManager
62
62
  res = @http_client.post(resource_path, EventManager.serialize(event).to_json)
63
63
 
64
64
  if res.nil? || res.code != '200'
65
- SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}. adding back to queue")
65
+ SecureNative::Log.info("SecureNative failed to call endpoint #{resource_path} with event #{event}")
66
66
  end
67
67
 
68
68
  res
data/lib/securenative/frameworks/hanami.rb CHANGED
@@ -36,9 +36,16 @@ module SecureNative
36
36
  def self.get_headers(request)
37
37
  begin
38
38
  headers = {}
39
- request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
39
+
40
+ request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
40
41
  headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
41
42
  }
43
+
44
+ if headers.length == 0
45
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
46
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
47
+ }
48
+ end
42
49
  return headers
43
50
  rescue StandardError
44
51
  nil
data/lib/securenative/frameworks/rails.rb CHANGED
@@ -38,9 +38,16 @@ module SecureNative
38
38
  def self.get_headers(request)
39
39
  begin
40
40
  headers = {}
41
- request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
41
+
42
+ request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
42
43
  headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
43
44
  }
45
+
46
+ if headers.length == 0
47
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
48
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
49
+ }
50
+ end
44
51
  return headers
45
52
  rescue StandardError
46
53
  nil
data/lib/securenative/frameworks/sinatra.rb CHANGED
@@ -36,9 +36,16 @@ module SecureNative
36
36
  def self.get_headers(request)
37
37
  begin
38
38
  headers = {}
39
- request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
39
+
40
+ request.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
40
41
  headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
41
42
  }
43
+
44
+ if headers.length == 0
45
+ request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
46
+ headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
47
+ }
48
+ end
42
49
  return headers
43
50
  rescue StandardError
44
51
  nil
data/lib/securenative/http_client.rb CHANGED
@@ -27,7 +27,7 @@ module SecureNative
27
27
  headers = _headers
28
28
 
29
29
  client = Net::HTTP.new(uri.host, uri.port)
30
- client.read_timeout = @options.timeout
30
+ client.read_timeout = @options.timeout / 1000
31
31
  client.use_ssl = true
32
32
  client.verify_mode = OpenSSL::SSL::VERIFY_NONE
33
33
 
data/lib/securenative/utils/request_utils.rb CHANGED
@@ -1,5 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require 'ipaddr'
4
+
3
5
  module SecureNative
4
6
  module Utils
5
7
  class RequestUtils
@@ -24,14 +26,20 @@ module SecureNative
24
26
  if h.nil?
25
27
  h = request.env[self.parse_ip(header)]
26
28
  end
27
- return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
29
+ parsed = self.parse_proxy_header(h, header)
30
+ if self.validate_ip(parsed)
31
+ return parsed
32
+ end
28
33
  rescue NoMethodError
29
34
  begin
30
35
  h = request[header]
31
36
  if h.nil?
32
37
  h = request.env[self.parse_ip(header)]
33
38
  end
34
- return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
39
+ parsed = self.parse_proxy_header(h, header)
40
+ if self.validate_ip(parsed)
41
+ return parsed
42
+ end
35
43
  rescue NoMethodError
36
44
  # Ignored
37
45
  end
@@ -40,36 +48,66 @@ module SecureNative
40
48
  end
41
49
 
42
50
  begin
43
- x_forwarded_for = request.env['HTTP_X_FORWARDED_FOR']
44
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
51
+ header_value = request.env['HTTP_X_FORWARDED_FOR']
52
+ if header_value.include? ','
53
+ header_value = header_value.split(',')[0]
54
+ end
55
+ if self.validate_ip(header_value)
56
+ return header_value
57
+ end
45
58
  rescue NoMethodError
46
59
  begin
47
- x_forwarded_for = request['HTTP_X_FORWARDED_FOR']
48
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
60
+ header_value = request['HTTP_X_FORWARDED_FOR']
61
+ if header_value.include? ','
62
+ header_value = header_value.split(',')[0]
63
+ end
64
+ if self.validate_ip(header_value)
65
+ return header_value
66
+ end
49
67
  rescue NoMethodError
50
68
  # Ignored
51
69
  end
52
70
  end
53
71
 
54
72
  begin
55
- x_forwarded_for = request.env['HTTP_X_REAL_IP']
56
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
73
+ header_value = request.env['HTTP_X_REAL_IP']
74
+ if header_value.include? ','
75
+ header_value = header_value.split(',')[0]
76
+ end
77
+ if self.validate_ip(header_value)
78
+ return header
79
+ end
57
80
  rescue NoMethodError
58
81
  begin
59
- x_forwarded_for = request['HTTP_X_REAL_IP']
60
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
82
+ header_value = request['HTTP_X_REAL_IP']
83
+ if header_value.include? ','
84
+ header_value = header_value.split(',')[0]
85
+ end
86
+ if self.validate_ip(header_value)
87
+ return header_value
88
+ end
61
89
  rescue NoMethodError
62
90
  # Ignored
63
91
  end
64
92
  end
65
93
 
66
94
  begin
67
- x_forwarded_for = request.env['REMOTE_ADDR']
68
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
95
+ header_value = request.env['REMOTE_ADDR']
96
+ if header_value.include? ','
97
+ header_value = header_value.split(',')[0]
98
+ end
99
+ if self.validate_ip(header_value)
100
+ return header_value
101
+ end
69
102
  rescue NoMethodError
70
103
  begin
71
- x_forwarded_for = request['REMOTE_ADDR']
72
- return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
104
+ header_value = request['REMOTE_ADDR']
105
+ if header_value.include? ','
106
+ header_value = header_value.split(',')[0]
107
+ end
108
+ if self.validate_ip(header_value)
109
+ return header_value
110
+ end
73
111
  rescue NoMethodError
74
112
  # Ignored
75
113
  end
@@ -96,6 +134,35 @@ module SecureNative
96
134
  h = headers.gsub('-', '_')
97
135
  return PREFIX + h.upcase
98
136
  end
137
+
138
+ def self.parse_proxy_header(headers, header_key)
139
+ h = headers.gsub(header_key + ': ', '')
140
+ if headers.include? ','
141
+ h = h.split(',')[0]
142
+ end
143
+ return h
144
+ end
145
+
146
+ def self.validate_ip(ip)
147
+ if ip.nil?
148
+ return false
149
+ end
150
+
151
+ begin
152
+ ipaddr = IPAddr.new(ip)
153
+ if ipaddr.ipv4?
154
+ return true
155
+ end
156
+
157
+ if ipaddr.ipv6?
158
+ return true
159
+ end
160
+ rescue Exception
161
+ # Ignored
162
+ end
163
+
164
+ return false
165
+ end
99
166
  end
100
167
  end
101
168
  end
data/lib/securenative/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module SecureNative
4
- VERSION = '0.1.35'
4
+ VERSION = '0.1.40'
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: securenative
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.35
4
+ version: 0.1.40
5
5
  platform: ruby
6
6
  authors:
7
7
  - SecureNative
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-10-13 00:00:00.000000000 Z
11
+ date: 2020-10-29 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -121,7 +121,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
121
121
  - !ruby/object:Gem::Version
122
122
  version: '0'
123
123
  requirements: []
124
- rubygems_version: 3.1.2
124
+ rubygems_version: 3.1.4
125
125
  signing_key:
126
126
  specification_version: 4
127
127
  summary: SecureNative SDK for Ruby