securenative 0.1.5 → 0.1.16

data/lib/securenative/event_options_builder.rb

@@ -0,0 +1,21 @@
+class EventOptionsBuilder
+  MAX_PROPERTIES_SIZE = 10
+
+  def initialize(event_type, user_id, user_traits, user_name, email, created_at, context, properties, timestamp)
+    @event_options = EventOptions(event_type)
+    @event_options.user_id = user_id
+    @event_options.user_traits = user_traits if user_traits
+    @event_options.user_traits = UserTraits(name, email, created_at) if user_name && email && created_at
+    @event_options.context = context
+    @event_options.properties = properties
+    @event_options.timestamp = timestamp
+  end
+
+  def build
+    if !@event_options.properties.nil? && @event_options.properties.length > MAX_PROPERTIES_SIZE
+      raise SecureNativeInvalidOptionsException('You can have only up to {} custom properties', MAX_PROPERTIES_SIZE)
+    end
+
+    @event_options
+  end
+end

data/lib/securenative/exceptions/securenative_config_exception.rb

@@ -0,0 +1,2 @@
+class SecureNativeConfigException < StandardError
+end

data/lib/securenative/exceptions/securenative_http_exception.rb

@@ -0,0 +1,2 @@
+class SecureNativeHttpException < StandardError
+end

data/lib/securenative/exceptions/securenative_invalid_options_exception.rb

@@ -0,0 +1,2 @@
+class SecureNativeInvalidOptionsException < StandardError
+end

data/lib/securenative/exceptions/securenative_invalid_uri_exception.rb

@@ -0,0 +1,2 @@
+class SecureNativeInvalidUriException < StandardError
+end

data/lib/securenative/exceptions/securenative_parse_exception.rb

@@ -0,0 +1,2 @@
+class SecureNativeParseException < StandardError
+end

data/lib/securenative/exceptions/securenative_sdk_Illegal_state_exception.rb

@@ -0,0 +1,2 @@
+class SecureNativeSDKIllegalStateException < StandardError
+end

data/lib/securenative/exceptions/securenative_sdk_exception.rb

@@ -0,0 +1,2 @@
+class SecureNativeSDKException < StandardError
+end

data/lib/securenative/http/http_response.rb

@@ -0,0 +1,10 @@
+class HttpResponse
+  attr_reader :ok, :status_code, :body
+  attr_writer :ok, :status_code, :body
+
+  def initialize(ok, status_code, body)
+    @ok = ok
+    @status_code = status_code
+    @body = body
+  end
+end

data/lib/securenative/http/securenative_http_client.rb

@@ -0,0 +1,30 @@
+require 'httpclient'
+
+class SecureNativeHttpClient
+  AUTHORIZATION_HEADER = 'Authorization'.freeze
+  VERSION_HEADER = 'SN-Version'.freeze
+  USER_AGENT_HEADER = 'User-Agent'.freeze
+  USER_AGENT_HEADER_VALUE = 'SecureNative-python'.freeze
+  CONTENT_TYPE_HEADER = 'Content-Type'.freeze
+  CONTENT_TYPE_HEADER_VALUE = 'application/json'.freeze
+
+  def __init__(securenative_options)
+    @options = securenative_options
+    @client = HTTPClient.new
+  end
+
+  def _headers
+    {
+        CONTENT_TYPE_HEADER => CONTENT_TYPE_HEADER_VALUE,
+        USER_AGENT_HEADER => USER_AGENT_HEADER_VALUE,
+        VERSION_HEADER => VersionUtils.version,
+        AUTHORIZATION_HEADER => options.api_key
+    }
+  end
+
+  def post(path, body)
+    url = '{}/{}'.format(@options.api_url, path)
+    headers = _headers
+    @client.post(url, body, headers)
+  end
+end

data/lib/securenative/logger.rb

@@ -0,0 +1,42 @@
+require 'logger'
+
+class Logger
+  @logger = Logger.new(STDOUT)
+
+  def self.init_logger(level)
+    @logger.level = case level
+                    when 'WARN'
+                      Logger::WARN
+                    when 'DEBUG'
+                      Logger::DEBUG
+                    when 'ERROR'
+                      Logger::ERROR
+                    when 'FATAL'
+                      Logger::FATAL
+                    when 'INFO'
+                      Logger::INFO
+                    else
+                      Logger::FATAL
+                    end
+
+    @logger.formatter = proc do |severity, datetime, progname, msg|
+      "[#{datetime}] #{severity}  (#{progname}): #{msg}\n"
+    end
+  end
+
+  def self.info(msg)
+    @logger.info(msg)
+  end
+
+  def self.debug(msg)
+    @logger.debug(msg)
+  end
+
+  def self.warning(msg)
+    @logger.warning(msg)
+  end
+
+  def self.error(msg)
+    @logger.error(msg)
+  end
+end

data/lib/securenative/models/client_token.rb

@@ -0,0 +1,10 @@
+class ClientToken
+  attr_reader :cid, :vid, :fp
+  attr_writer :cid, :vid, :fp
+
+  def initialize(cid, vid, fp)
+    @cid = cid
+    @vid = vid
+    @fp = fp
+  end
+end

data/lib/securenative/models/device.rb

@@ -0,0 +1,8 @@
+class Device
+  attr_reader :device_id
+  attr_writer :device_id
+
+  def initialize(device_id)
+    @device_id = device_id
+  end
+end

data/lib/securenative/models/event_options.rb

@@ -0,0 +1,13 @@
+class EventOptions
+  attr_reader :event, :user_id, :user_traits, :context, :properties, :timestamp
+  attr_writer :event, :user_id, :user_traits, :context, :properties, :timestamp
+
+  def initialize(event, user_id = nil, user_traits = nil, context = nil, properties = nil, timestamp = nil)
+    @event = event
+    @user_id = user_id
+    @user_traits = user_traits
+    @context = context
+    @properties = properties
+    @timestamp = timestamp
+  end
+end

data/lib/securenative/models/request_context.rb

@@ -0,0 +1,15 @@
+class RequestContext
+  attr_reader :cid, :vid, :fp, :ip, :remote_ip, :headers, :url, :method
+  attr_writer :cid, :vid, :fp, :ip, :remote_ip, :headers, :url, :method
+
+  def initialize(cid = nil, vid = nil, fp = nil, ip = nil, remote_ip = nil, headers = nil, url = nil, method = nil)
+    @cid = cid
+    @vid = vid
+    @fp = fp
+    @ip = ip
+    @remote_ip = remote_ip
+    @headers = headers
+    @url = url
+    @method = method
+  end
+end

data/lib/securenative/models/request_options.rb

@@ -0,0 +1,10 @@
+class RequestOptions
+  attr_reader :url, :body, :retry
+  attr_writer :url, :body, :retry
+
+  def initialize(url, body, _retry)
+    @url = url
+    @body = body
+    @retry = _retry
+  end
+end

data/lib/securenative/models/sdk_event.rb

@@ -0,0 +1,25 @@
+class SDKEvent
+  attr_reader :context, :rid, :event_type, :user_id, :user_traits, :request, :timestamp, :properties
+  attr_writer :context, :rid, :event_type, :user_id, :user_traits, :request, :timestamp, :properties
+
+  def initialize(event_options, securenative_options)
+    @context = if !event_options.context.nil?
+                 event_options.context
+               else
+                 ContextBuilder.default_context_builder
+               end
+
+    client_token = EncryptionUtils.decrypt(@context.client_token, securenative_options.api_key)
+
+    @rid = SecureRandom.uuid.to_str
+    @event_type = event_options.event
+    @user_id = event_options.user_id
+    @user_traits = event_options.user_traits
+    @request = RequestContext(cid = client_token ? client_token.cid : '', vid = client_token ? client_token.vid : '',
+                              fp = client_token ? client_token.fp : '', ip = @context.ip, remote_ip = @context.remote_ip,
+                              method = @context.method, url = @context.url, headers = @context.headers)
+
+    @timestamp = DateUtils.to_timestamp(event_options.timestamp)
+    @properties = event_options.properties
+  end
+end

data/lib/securenative/models/user_traits.rb

@@ -0,0 +1,10 @@
+class UserTraits
+  attr_reader :name, :email, :created_at
+  attr_writer :name, :email, :created_at
+
+  def initialize(name = nil, email = nil, created_at = nil)
+    @name = name
+    @email = email
+    @created_at = created_at
+  end
+end

data/lib/securenative/models/verify_result.rb

@@ -0,0 +1,10 @@
+class VerifyResult
+  attr_reader :risk_level, :score, :triggers
+  attr_writer :risk_level, :score, :triggers
+
+  def initialize(risk_level = nil, score = nil, triggers = nil)
+    @risk_level = risk_level
+    @score = score
+    @triggers = triggers
+  end
+end

data/lib/securenative/securenative.iml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="RUBY_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="jdk" jdkName="ruby-2.7.1-p83" jdkType="RUBY_SDK" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>

data/lib/securenative/securenative.rb

@@ -0,0 +1,82 @@
+require_relative 'logger'
+require_relative 'utils/signature_utils'
+
+class SecureNative
+  attr_reader :options
+
+  def initialize(options)
+    @securenative = nil
+    raise SecureNativeSDKException('You must pass your SecureNative api key') if Utils.null_or_empty?(options.api_key)
+
+    @options = options
+    @event_manager = EventManager(@options)
+
+    @event_manager.start_event_persist unless @options.api_url.nil?
+
+    @api_manager = ApiManager.new(@event_manager, @options)
+    Logger.init_logger(@options.log_level)
+  end
+
+  def self.init_with_options(options)
+    if @securenative.nil?
+      @securenative = SecureNative.new(options)
+      @securenative
+    else
+      Logger.debug('This SDK was already initialized.')
+      raise SecureNativeSDKException('This SDK was already initialized.')
+    end
+  end
+
+  def self.init_with_api_key(api_key)
+    raise SecureNativeConfigException('You must pass your SecureNative api key') if Utils.null_or_empty?(api_key)
+
+    if @securenative.nil?
+      options = ConfigurationBuilder(api_key = api_key)
+      @securenative = SecureNative.new(options)
+      @securenative
+    else
+      Logger.debug('This SDK was already initialized.')
+      raise SecureNativeSDKException(u('This SDK was already initialized.'))
+    end
+  end
+
+  def self.init
+    options = ConfigurationManager.load_config
+    init_with_options(options)
+  end
+
+  def self.instance
+    raise SecureNativeSDKIllegalStateException() if @securenative.nil?
+
+    @securenative
+  end
+
+  def self.config_builder(api_key = nil, api_url = 'https://api.securenative.com/collector/api/v1', interval = 1000,
+                          max_events = 1000, timeout = 1500, auto_send = true, disable = false, log_level = 'FATAL',
+                          fail_over_strategy = FailOverStrategy::FAIL_OPEN)
+    ConfigurationBuilder(api_key, api_url, interval, max_events, timeout, auto_send, disable, log_level, fail_over_strategy)
+  end
+
+  def self.context_builder(client_token = nil, ip = nil, remote_ip = nil, headers = nil, url = nil, method = nil, body = nil)
+    ContextBuilder(client_token, ip, remote_ip, headers, url, method, body)
+  end
+
+  def track(event_options)
+    @api_manager.track(event_options)
+  end
+
+  def verify(event_options)
+    @api_manager.verify(event_options)
+  end
+
+  def self._flush
+    @securenative = nil
+  end
+
+  def verify_request_payload(request)
+    request_signature = request.header[SignatureUtils.SIGNATURE_HEADER]
+    body = request.body
+
+    SignatureUtils.valid_signature?(@options.api_key, body, request_signature)
+  end
+end

data/lib/securenative/utils/date_utils.rb

@@ -0,0 +1,7 @@
+class DateUtils
+  def self.to_timestamp(date)
+    return Time.now.strftime('%Y-%m-%dT%H:%M:%S.%L%Z') if date.nil?
+
+    Time.strptime(date, '%Y-%m-%dT%H:%M:%S.%L%Z')
+  end
+end

data/lib/securenative/utils/encryption_utils.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+class EncryptionUtils
+  BLOCK_SIZE = 16
+  KEY_SIZE = 32
+
+  def self.encrypt(text, cipher_key)
+    cipher = OpenSSL::Cipher::AES.new(KEY_SIZE, :CBC).encrypt
+    cipher.padding = 0
+
+    if text.size % BLOCK_SIZE != 0
+      logger = Logger.new(STDOUT)
+      logger.level = Logger::WARN
+      logger.fatal('data not multiple of block length')
+      return nil
+    end
+
+    cipher_key = Digest::SHA1.hexdigest cipher_key
+    cipher.key = cipher_key.slice(0, BLOCK_SIZE)
+    s = cipher.update(text) + cipher.final
+
+    s.unpack('H*')[0].upcase
+  end
+
+  def self.decrypt(encrypted, cipher_key)
+    cipher = OpenSSL::Cipher::AES.new(KEY_SIZE, :CBC).decrypt
+    cipher.padding = 0
+
+    cipher_key = Digest::SHA1.hexdigest cipher_key
+    cipher.key = cipher_key.slice(0, BLOCK_SIZE)
+    s = [encrypted].pack('H*').unpack('C*').pack('c*')
+
+    rv = cipher.update(s) + cipher.final
+    rv.strip
+  end
+end

data/lib/securenative/utils/ip_utils.rb

@@ -0,0 +1,22 @@
+class IpUtils
+  VALID_IPV4_PATTERN = '(([01]?\\d\\d?|2[0-4]\\d|25[0-5])\\.){3}([01]?\\d\\d?|2[0-4]\\d|25[0-5])'.freeze
+  VALID_IPV6_PATTERN = '([0-9a-f]{1,4}:){7}([0-9a-f]){1,4}'.freeze
+
+  def self.ip_address?(ip_address)
+    return true if IpUtils.VALID_IPV4_PATTERN.match(ip_address)
+    return true if IpUtils.VALID_IPV6_PATTERN.match(ip_address)
+
+    false
+  end
+
+  def self.valid_public_ip?(ip_address)
+    ip = IPAddr.new(ip_address)
+    return false if ip.loopback? || ip.private? || ip.link_local? || ip.untrusted? || ip.tainted?
+
+    true
+  end
+
+  def self.loop_back?(ip_address)
+    IPAddr.new(ip_address).loopback?
+  end
+end

data/lib/securenative/utils/request_utils.rb

@@ -0,0 +1,21 @@
+class RequestUtils
+  SECURENATIVE_COOKIE = '_sn'.freeze
+  SECURENATIVE_HEADER = 'x-securenative'.freeze
+
+  def self.get_secure_header_from_request(headers)
+    return headers[RequestUtils.SECURENATIVE_HEADER] unless headers.nil?
+
+    []
+  end
+
+  def self.get_client_ip_from_request(request)
+    x_forwarded_for = request.env['HTTP_X_FORWARDED_FOR']
+    return x_forwarded_for unless x_forwarded_for.nil?
+
+    request.env['REMOTE_ADDR']
+  end
+
+  def self.get_remote_ip_from_request(request)
+    request.remote_ip
+  end
+end

data/lib/securenative/utils/signature_utils.rb

@@ -0,0 +1,14 @@
+require 'openssl'
+
+class SignatureUtils
+  SIGNATURE_HEADER = 'x-securenative'.freeze
+
+  def self.valid_signature?(api_key, payload, header_signature)
+    key = api_key.encode('utf-8')
+    body = payload.encode('utf-8')
+    calculated_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha512'), key, body)
+    calculated_signature.eql? header_signature
+  rescue StandardError
+    false
+  end
+end