RubyGems - securenative - Versions diffs - 0.1.36 → 0.1.37 - Mend

securenative 0.1.36 → 0.1.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/lib/securenative/utils/request_utils.rb +81 -14
data/lib/securenative/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '011925ba26bc507a1b13b835a1ed500ab6dfed5fa25bac41536182ffcff9d70b'
-  data.tar.gz: 65b86aa2ab265bf3ccb65f56534f55fcd9124b191bbd6b361eacd6c13064a730
+  metadata.gz: 3f258cab118617264eaa1ad5d7b0abbbd5fa9c439e45af3d8d88e0320670d20b
+  data.tar.gz: 87b53a09ee36d04f9693af844caa31690ccbe54bb2d09e1892fb84ee069ad140
 SHA512:
-  metadata.gz: b7c19b0f05ab873a9066431db238043a452b12620fc1a8d2e8cabb179d59eebd671d719cfac2a6b0d7592c2bbc2b462c0b7fa598548bcf6e01a779d412904c60
-  data.tar.gz: 43e0c8215def3fd13acbcc77ec7030b5fe70f9a000e328dbfab44f50a3a28da913aaaa7fa5092e8ca8ad19aaa71cab5e7620c3d21a92bf33a24135c2e9ac0e05
+  metadata.gz: 51083109a36777a4b4a58218ed18d3f122dbef31cac44d36897533e51bce4138e6a8e10adb47d7103f3d8232b9abe4306d46646094737bb718ffcad1daa63ff3
+  data.tar.gz: 7835b102c8ef63018ce0bd590e65bb95466225b83c931c8a2711ac7148f6e455b16b8fd534ae3f62be954ee4ffeb42ae5f2528117e461c9dde0fd6b229229ff7

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    securenative (0.1.36)
+    securenative (0.1.37)
 GEM
   remote: https://rubygems.org/

data/lib/securenative/utils/request_utils.rb CHANGED

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require 'ipaddr'
 module SecureNative
   module Utils
     class RequestUtils
@@ -24,14 +26,20 @@ module SecureNative
               if h.nil?
                 h = request.env[self.parse_ip(header)]
               end
-              return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
+              parsed = self.parse_proxy_header(h, header)
+              if self.validate_ip(parsed)
+                return parsed
+              end
             rescue NoMethodError
               begin
                 h = request[header]
                 if h.nil?
                   h = request.env[self.parse_ip(header)]
                 end
-                return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
+                parsed = self.parse_proxy_header(h, header)
+                if self.validate_ip(parsed)
+                  return parsed
+                end
               rescue NoMethodError
                 # Ignored
               end
@@ -40,36 +48,66 @@ module SecureNative
         end
         begin
-          x_forwarded_for = request.env['HTTP_X_FORWARDED_FOR']
-          return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+          header_value = request.env['HTTP_X_FORWARDED_FOR']
+          if header_value.include? ','
+            header_value = ip.split(',')[0]
+          end
+          if self.validate_ip(header_value)
+            return header_value
+          end
         rescue NoMethodError
           begin
-            x_forwarded_for = request['HTTP_X_FORWARDED_FOR']
-            return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+            header_value = request['HTTP_X_FORWARDED_FOR']
+            if header_value.include? ','
+              header_value = ip.split(',')[0]
+            end
+            if self.validate_ip(header_value)
+              return header_value
+            end
           rescue NoMethodError
             # Ignored
           end
         end
         begin
-          x_forwarded_for = request.env['HTTP_X_REAL_IP']
-          return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+          header_value = request.env['HTTP_X_REAL_IP']
+          if header_value.include? ','
+            header_value = ip.split(',')[0]
+          end
+          if self.validate_ip(header_value)
+            return header
+          end
         rescue NoMethodError
           begin
-            x_forwarded_for = request['HTTP_X_REAL_IP']
-            return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+            header_value = request['HTTP_X_REAL_IP']
+            if header_value.include? ','
+              header_value = ip.split(',')[0]
+            end
+            if self.validate_ip(header_value)
+              return header_value
+            end
           rescue NoMethodError
             # Ignored
           end
         end
         begin
-          x_forwarded_for = request.env['REMOTE_ADDR']
-          return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+          header_value = request.env['REMOTE_ADDR']
+          if header_value.include? ','
+            header_value = ip.split(',')[0]
+          end
+          if self.validate_ip(header_value)
+            return header_value
+          end
         rescue NoMethodError
           begin
-            x_forwarded_for = request['REMOTE_ADDR']
-            return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+            header_value = request['REMOTE_ADDR']
+            if header_value.include? ','
+              header_value = ip.split(',')[0]
+            end
+            if self.validate_ip(header_value)
+              return header_value
+            end
           rescue NoMethodError
             # Ignored
           end
@@ -96,6 +134,35 @@ module SecureNative
         h = headers.gsub('-', '_')
         return PREFIX + h.upcase
       end
+      def self.parse_proxy_header(headers, header_key)
+        h = headers.gsub(header_key + ': ', '')
+        if headers.include? ','
+          h = h.split(',')[0]
+        end
+        return h
+      end
+      def self.validate_ip(ip)
+        if ip.nil?
+          return false
+        end
+        begin
+          ipaddr = IPAddr.new(ip)
+          if ipaddr.ipv4?
+            return true
+          end
+          if ipaddr.ipv6?
+            return true
+          end
+        rescue Exception
+          # Ignored
+        end
+        return false
+      end
     end
   end
 end

data/lib/securenative/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module SecureNative
-  VERSION = '0.1.36'
+  VERSION = '0.1.37'
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: securenative
 version: !ruby/object:Gem::Version
-  version: 0.1.36
+  version: 0.1.37
 platform: ruby
 authors:
 - SecureNative
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-10-26 00:00:00.000000000 Z
+date: 2020-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler