RubyGems - securenative - Versions diffs - 0.1.36 → 0.1.37 - Mend

securenative 0.1.36 → 0.1.37

Files changed (5) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/lib/securenative/utils/request_utils.rb +81 -14
data/lib/securenative/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '011925ba26bc507a1b13b835a1ed500ab6dfed5fa25bac41536182ffcff9d70b'
-  data.tar.gz: 65b86aa2ab265bf3ccb65f56534f55fcd9124b191bbd6b361eacd6c13064a730
+  metadata.gz: 3f258cab118617264eaa1ad5d7b0abbbd5fa9c439e45af3d8d88e0320670d20b
+  data.tar.gz: 87b53a09ee36d04f9693af844caa31690ccbe54bb2d09e1892fb84ee069ad140
 SHA512:
-  metadata.gz: b7c19b0f05ab873a9066431db238043a452b12620fc1a8d2e8cabb179d59eebd671d719cfac2a6b0d7592c2bbc2b462c0b7fa598548bcf6e01a779d412904c60
-  data.tar.gz: 43e0c8215def3fd13acbcc77ec7030b5fe70f9a000e328dbfab44f50a3a28da913aaaa7fa5092e8ca8ad19aaa71cab5e7620c3d21a92bf33a24135c2e9ac0e05
+  metadata.gz: 51083109a36777a4b4a58218ed18d3f122dbef31cac44d36897533e51bce4138e6a8e10adb47d7103f3d8232b9abe4306d46646094737bb718ffcad1daa63ff3
+  data.tar.gz: 7835b102c8ef63018ce0bd590e65bb95466225b83c931c8a2711ac7148f6e455b16b8fd534ae3f62be954ee4ffeb42ae5f2528117e461c9dde0fd6b229229ff7

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    securenative (0.1.36)
+    securenative (0.1.37)
 GEM
   remote: https://rubygems.org/

data/lib/securenative/utils/request_utils.rb CHANGED

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
+require 'ipaddr'
 module SecureNative
   module Utils
     class RequestUtils
@@ -24,14 +26,20 @@ module SecureNative
               if h.nil?
                 h = request.env[self.parse_ip(header)]
               end
-              return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
+              parsed = self.parse_proxy_header(h, header)
+              if self.validate_ip(parsed)
+                return parsed
+              end
             rescue NoMethodError
               begin
                 h = request[header]
                 if h.nil?
                   h = request.env[self.parse_ip(header)]
                 end
-                return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
+                parsed = self.parse_proxy_header(h, header)
+                if self.validate_ip(parsed)
+                  return parsed
+                end
               rescue NoMethodError
                 # Ignored
               end
@@ -40,36 +48,66 @@ module SecureNative
         end
         begin
-          x_forwarded_for = request.env['HTTP_X_FORWARDED_FOR']
-          return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+          header_value = request.env['HTTP_X_FORWARDED_FOR']
+          if header_value.include? ','
+            header_value = ip.split(',')[0]
+          end
+          if self.validate_ip(header_value)
+            return header_value
+          end
         rescue NoMethodError
           begin
-            x_forwarded_for = request['HTTP_X_FORWARDED_FOR']
-            return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+            header_value = request['HTTP_X_FORWARDED_FOR']
+            if header_value.include? ','
+              header_value = ip.split(',')[0]
+            end
+            if self.validate_ip(header_value)
+              return header_value
+            end
           rescue NoMethodError
             # Ignored
           end
         end
         begin
-          x_forwarded_for = request.env['HTTP_X_REAL_IP']
-          return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+          header_value = request.env['HTTP_X_REAL_IP']
+          if header_value.include? ','
+            header_value = ip.split(',')[0]
+          end
+          if self.validate_ip(header_value)
+            return header
+          end
         rescue NoMethodError
           begin
-            x_forwarded_for = request['HTTP_X_REAL_IP']
-            return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+            header_value = request['HTTP_X_REAL_IP']
+            if header_value.include? ','
+              header_value = ip.split(',')[0]
+            end
+            if self.validate_ip(header_value)
+              return header_value
+            end
           rescue NoMethodError
             # Ignored
           end
         end
         begin
-          x_forwarded_for = request.env['REMOTE_ADDR']
-          return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+          header_value = request.env['REMOTE_ADDR']
+          if header_value.include? ','
+            header_value = ip.split(',')[0]
+          end
+          if self.validate_ip(header_value)
+            return header_value
+          end
         rescue NoMethodError
           begin
-            x_forwarded_for = request['REMOTE_ADDR']
-            return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
+            header_value = request['REMOTE_ADDR']
+            if header_value.include? ','
+              header_value = ip.split(',')[0]
+            end
+            if self.validate_ip(header_value)
+              return header_value
+            end
           rescue NoMethodError
             # Ignored
           end
@@ -96,6 +134,35 @@ module SecureNative
         h = headers.gsub('-', '_')
         return PREFIX + h.upcase
       end
+      def self.parse_proxy_header(headers, header_key)
+        h = headers.gsub(header_key + ': ', '')
+        if headers.include? ','
+          h = h.split(',')[0]
+        end
+        return h
+      end
+      def self.validate_ip(ip)
+        if ip.nil?
+          return false
+        end
+        begin
+          ipaddr = IPAddr.new(ip)
+          if ipaddr.ipv4?
+            return true
+          end
+          if ipaddr.ipv6?
+            return true
+          end
+        rescue Exception
+          # Ignored
+        end
+        return false
+      end
     end
   end
 end

data/lib/securenative/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module SecureNative
-  VERSION = '0.1.36'
+  VERSION = '0.1.37'
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: securenative
 version: !ruby/object:Gem::Version
-  version: 0.1.36
+  version: 0.1.37
 platform: ruby
 authors:
 - SecureNative
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-10-26 00:00:00.000000000 Z
+date: 2020-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler