securenative 0.1.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b39e9c3c819d0191bcf78f5813681f6679b82c5a864eb04f7bdd05d754b01643
+  data.tar.gz: a21bcbf70729dace6553c7853154f6a76d341d894a9398cce5c298e9201e8ed7
+SHA512:
+  metadata.gz: e4e85d1e8119c75f2e31dfdf74231a20bfc0b5af77b30cca2886a2860a0f7354d28956fcb8aa9a155b3a68c4fe383de9789d9d751ee11111f34646e9aa01db70
+  data.tar.gz: fc5a540361c33c0570d7be6769418cc2b58ed484e22ca59697508c5f67aca673674c7dd505f53d23ddf0022335a26dc04c95bc93cc1507e174f0af423b1c791e

data/.gitignore

@@ -0,0 +1,38 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+.idea
+# Used by dotenv library to load environment variables.
+# .env
+
+# Ignore Byebug command history file.
+.byebug_history
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+.DS_Store

data/Gemfile

@@ -0,0 +1,6 @@
+source "https://rubygems.org"
+
+gemspec
+gem "rspec"
+gem "rake"
+gem "httpclient"

data/Gemfile.lock

@@ -0,0 +1,37 @@
+PATH
+  remote: .
+  specs:
+    securenative (0.1.5)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.3)
+    httpclient (2.8.3)
+    rake (12.3.3)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.2)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.4)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 2.0)
+  httpclient
+  rake
+  rspec
+  securenative!
+
+BUNDLED WITH
+   2.1.0.pre.1

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License
+
+Copyright (c) 2019 SecureNative
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,102 @@
+# SecureNative
+**[SecureNative](https://www.securenative.com/) is rethinking-security-as-a-service, disrupting the cyber security space and the way enterprises consume and implement security solutions.**
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'securenative'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install securenative
+
+## Initialize the SDK
+Retrieve your API key from settings page of your SecureNative account and use the following in your code to initialize and use the sdk.
+```ruby
+require 'securenative'
+
+# Do some cool stuff here
+# ...
+# ...
+ 
+begin
+  SecureNative.init('YOUR_API_KEY') # Should be called before any other call to securenative
+rescue SecureNativeSDKException => e
+  # Do some error handling
+end
+```
+
+## Tracking events
+Once the SDK has been initialized, you can start sending new events with the `track` function:
+```ruby
+require 'securenative'
+require 'securenative/event_type'
+
+
+def login
+  # Do some cool stuff here
+  # ...
+  # ...
+  
+  SecureNative.track(Event.new(
+            event_type = EventTypes::LOG_IN,
+            user: User.new("1", "Jon Snow", "jon@snow.com"),
+            ip: "1.2.3.4",
+            remote_ip: "5.6.7.8",
+            user_agent: "Mozilla/5.0 (Linux; U; Android 4.4.2; zh-cn; GT-I9500 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.0 QQ-URL-Manager Mobile Safari/537.36",
+            sn_cookie: "cookie"))
+end
+```
+
+## Verification events
+Once the SDK has been initialized, you can start sending new events with the `verify` function:
+```ruby
+require 'securenative'
+require 'securenative/event_type'
+
+
+def reset_password   
+    res = SecureNative.verify(Event.new(
+              event_type = EventTypes::PASSWORD_RESET,
+              user: User.new("1", "Jon Snow", "jon@snow.com"),
+              ip: "1.2.3.4",
+              remote_ip: "5.6.7.8",
+              user_agent: "Mozilla/5.0 (Linux; U; Android 4.4.2; zh-cn; GT-I9500 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.0 QQ-URL-Manager Mobile Safari/537.36",
+              sn_cookie: "cookie"))
+                  
+    if res['riskLevel'] == 'high'
+        return 'Cannot change password'
+    else res['riskLevel'] == 'medium'
+        return 'MFA'
+     end   
+end
+```
+
+## Using webhooks
+You can use the SDK to verify incoming webhooks from SecureNative, just call the `veriy_webhook` function which return a boolean which indicates if the webhook came from Secure Native servers.
+```ruby
+require 'securenative'
+
+begin
+  SecureNative.init('YOUR_API_KEY') # Should be called before any other call to securenative
+rescue SecureNativeSDKException => e
+  # Do some error handling
+end
+
+def handle_some_code(headers, body)
+  sig_header = headers["X-SecureNative"]
+  if SecureNative.verify_webhook(sig_header, body)
+      # Handle the webhook
+      level = body['riskLevel']
+  else
+      # This request wasn't sent from Secure Native servers, you can dismiss/investigate it
+  end
+end
+```

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "securenative"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/securenative.rb

@@ -0,0 +1,39 @@
+require_relative 'securenative/sn_exception'
+require_relative 'securenative/secure_native_sdk'
+
+$securenative = nil
+
+module SecureNative
+  def self.init(api_key, options: SecureNativeOptions.new)
+    if $securenative == nil
+      $securenative = SecureNativeSDK.new(api_key, options: options)
+    end
+  end
+
+  def self.track(event)
+    sdk = _get_or_throw
+    sdk.track(event)
+  end
+
+  def self.verify(event)
+    sdk = _get_or_throw
+    sdk.verify(event)
+  end
+
+  def self.verify_webhook(hmac_header, body)
+    sdk = _get_or_throw
+    sdk.verify_webhook(hmac_header = hmac_header, body = body)
+  end
+
+  def self.flush
+    sdk = _get_or_throw
+    sdk.flush
+  end
+
+  def self._get_or_throw
+    if $securenative == nil
+      raise SecureNativeSDKException.new
+    end
+    $securenative
+  end
+end

data/lib/securenative/config.rb

@@ -0,0 +1,9 @@
+module Config
+    SDK_VERSION = '0.1.5'
+    MAX_ALLOWED_PARAMS = 6
+    API_URL_PROD = "https://api.securenative.com/collector/api/v1"
+    API_URL_STG = "https://api.securenative-stg.com/collector/api/v1"
+    TRACK_EVENT = "/track"
+    VERIFY_EVENT = "/verify"
+    FLOW_EVENT = "/flow"
+end

data/lib/securenative/event_manager.rb

@@ -0,0 +1,88 @@
+require_relative 'securenative_options'
+require_relative 'http_client'
+require_relative 'sn_exception'
+require 'json'
+require 'thread'
+
+class QueueItem
+  def initialize(url, body)
+    @url = url
+    @body = body
+  end
+
+  attr_reader :url
+  attr_reader :body
+end
+
+class EventManager
+  def initialize(api_key, options: SecureNativeOptions.new, http_client: HttpClient.new)
+    if api_key == nil
+      raise SecureNativeSDKException.new
+    end
+
+    @api_key = api_key
+    @options = options
+    @http_client = http_client
+    @queue = Queue.new
+
+    if @options.auto_send
+      interval_seconds = [(@options.interval / 1000).floor, 1].max
+      Thread.new do
+        loop do
+          flush
+          sleep(interval_seconds)
+        end
+      end
+    end
+  end
+
+  def send_async(event, path)
+    q_item = QueueItem.new(build_url(path), event)
+    @queue.push(q_item)
+  end
+
+  def send_sync(event, path)
+    @http_client.post(
+        build_url(path),
+        @api_key,
+        event.to_hash.to_json
+    )
+  end
+
+  def flush
+    if is_queue_full
+      i = @options.max_events - 1
+      while i >= 0
+        item = @queue.pop
+        @http_client.post(
+            build_url(item.url),
+            @api_key,
+            item.body.to_hash.to_json
+        )
+      end
+    else
+      q = Array.new(@queue.size) {@queue.pop}
+      q.each do |item|
+        @http_client.post(
+            build_url(item.url),
+            @api_key,
+            item.body
+        )
+        @queue = Queue.new
+      end
+    end
+  end
+
+  private
+
+  def build_url(path)
+    @options.api_url + path
+  end
+
+  private
+
+  def is_queue_full
+    @queue.length > @options.max_events
+  end
+
+end

data/lib/securenative/event_options.rb

@@ -0,0 +1,86 @@
+require 'securerandom'
+
+class User
+  def initialize(user_id: "", user_email: "", user_name: "")
+    @user_id = user_id
+    @user_email = user_email
+    @user_name = user_name
+  end
+
+  attr_reader :user_id
+  attr_reader :user_email
+  attr_reader :user_name
+end
+
+class Event
+  def initialize(event_type, user: User(), ip: "127.0.0.1", remote_ip: "127.0.0.1", user_agent: "unknown", sn_cookie: nil, params: nil)
+    @event_type = event_type
+    @user = user
+    @ip = ip
+    @remote_ip = remote_ip
+    @user_agent = user_agent
+    @cid = ""
+    @fp = ""
+
+    if params
+      unless params.length > 0 && params[0].instance_of?(CustomParam)
+        raise ArgumentError("custom params should be a list of CustomParams")
+      end
+    end
+    @params = params
+
+    if sn_cookie
+      @cid, @cid = Utils.parse_cookie(sn_cookie)
+    end
+    @vid = SecureRandom.uuid
+    @ts = Time.now.getutc.to_i
+  end
+
+  def to_hash
+    p = Array.new
+    if @params
+      @params.each do |param|
+        p << {:key => param.key, :value => param.value}
+      end
+    end
+
+    {
+        :eventType => @event_type,
+        :user => {
+            :id => @user.user_id,
+            :email => @user.user_email,
+            :name => @user.user_name
+        },
+        :remoteIP => @remote_ip,
+        :ip => @ip,
+        :cid => @cid,
+        :fp => @fp,
+        :ts => @ts,
+        :vid => @vid,
+        :userAgent => @user_agent,
+        :device => Hash.new,
+        :params => p
+    }
+  end
+
+  attr_reader :cid
+  attr_reader :params
+  attr_reader :user_agent
+  attr_reader :user
+  attr_reader :remote_ip
+  attr_reader :event_type
+  attr_reader :fp
+  attr_reader :ip
+  attr_reader :ts
+  attr_reader :vid
+end
+
+class CustomParam
+  def initialize(key, value)
+    @key = key
+    @value = value
+  end
+
+  attr_reader :key
+  attr_reader :value
+end

data/lib/securenative/event_type.rb

@@ -0,0 +1,21 @@
+module EventType
+  LOG_IN = "sn.user.login"
+  LOG_IN_CHALLENGE = "sn.user.login.challenge"
+  LOG_IN_FAILURE = "sn.user.login.failure"
+  LOG_OUT = "sn.user.logout"
+  SIGN_UP = "sn.user.signup"
+  AUTH_CHALLENGE = "sn.user.auth.challenge"
+  AUTH_CHALLENGE_SUCCESS = "sn.user.auth.challenge.success"
+  AUTH_CHALLENGE_FAILURE = "sn.user.auth.challenge.failure"
+  TWO_FACTOR_DISABLE = "sn.user.2fa.disable"
+  EMAIL_UPDATE = "sn.user.email.update"
+  PASSWORD_RESET = "sn.user.password.reset"
+  PASSWORD_RESET_SUCCESS = "sn.user.password.reset.success"
+  PASSWORD_UPDATE = "sn.user.password.update"
+  PASSWORD_RESET_FAILURE = "sn.user.password.reset.failure"
+  USER_INVITE = "sn.user.invite"
+  ROLE_UPDATE = "sn.user.role.update"
+  PROFILE_UPDATE = "sn.user.profile.update"
+  PAGE_VIEW = "sn.user.page.view"
+  VERIFY = "sn.verify"
+end

data/lib/securenative/http_client.rb

@@ -0,0 +1,20 @@
+require 'httpclient'
+
+class HttpClient
+  def initialize
+    @client = HTTPClient.new
+  end
+
+  def headers(api_key)
+    {
+        "Content-Type" => 'application/json',
+        "User-Agent" => 'SecureNative-ruby',
+        "Sn-Version" => Config::SDK_VERSION,
+        "Authorization" => api_key
+    }
+  end
+
+  def post(url, api_key, body)
+    @client.post(url, body, self.headers(api_key))
+  end
+end

data/lib/securenative/secure_native_sdk.rb

@@ -0,0 +1,62 @@
+require_relative 'event_manager'
+require_relative 'config'
+require_relative 'sn_exception'
+require_relative 'utils'
+require 'json'
+
+class SecureNativeSDK
+  def initialize(api_key, options: SecureNativeOptions.new)
+    if api_key == nil
+      raise SecureNativeSDKException.new
+    end
+
+    @api_key = api_key
+    @options = options
+    @event_manager = EventManager.new(@api_key, options: @options)
+  end
+
+  def api_key
+    @api_key
+  end
+
+  def version
+    Config::SDK_VERSION
+  end
+
+  def track(event)
+    validate_event(event)
+    @event_manager.send_async(event, Config::TRACK_EVENT)
+  end
+
+  def verify(event)
+    validate_event(event)
+    res = @event_manager.send_sync(event, Config::VERIFY_EVENT)
+    if res.status_code == 200
+      return JSON.parse(res.body)
+    end
+    nil
+  end
+
+  def flow(event) # Note: For future purposes
+    validate_event(event)
+    @event_manager.send_async(event, Config::FLOW_EVENT)
+  end
+
+  def verify_webhook(hmac_header, body)
+    Utils.verify_signature(@api_key, body, hmac_header)
+  end
+
+  def flush
+    @event_manager.flush
+  end
+
+  private
+
+  def validate_event(event)
+    unless event.params.nil?
+      if event.params.length > Config::MAX_ALLOWED_PARAMS
+        event.params = event.params[0, Config::MAX_ALLOWED_PARAMS]
+      end
+    end
+  end
+end

data/lib/securenative/securenative_options.rb

@@ -0,0 +1,17 @@
+require_relative 'config'
+
+class SecureNativeOptions
+  def initialize(api_url: Config::API_URL_PROD, interval: 1000, max_events: 1000, timeout: 1500, auto_send: true)
+    @timeout = timeout
+    @max_events = max_events
+    @api_url = api_url
+    @interval = interval
+    @auto_send = auto_send
+  end
+
+  attr_reader :timeout
+  attr_reader :max_events
+  attr_reader :api_url
+  attr_reader :interval
+  attr_reader :auto_send
+end

data/lib/securenative/sn_exception.rb

@@ -0,0 +1,5 @@
+class SecureNativeSDKException < StandardError
+  def initialize(msg: "API key cannot be nil, please get your API key from SecureNative console")
+    super
+  end
+end

data/lib/securenative/utils.rb

@@ -0,0 +1,41 @@
+require "base64"
+require "json"
+require 'openssl'
+
+module Utils
+  def self.verify_signature(secret, text_body, header_signature)
+    begin
+      key = secret.encode('utf-8')
+      body = text_body.encode('utf-8')
+      calculated_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha512'), key, body)
+      calculated_signature.eql? header_signature
+    rescue Exception
+      return false
+    end
+  end
+
+  def self.parse_cookie(cookie = nil)
+    fp = ""
+    cid = ""
+    unless cookie
+      return fp, cid
+    end
+
+    begin
+      decoded_cookie = Base64.decode64(cookie)
+      unless decoded_cookie
+        decoded_cookie = "{}"
+      end
+      jsonified = JSON.generate(decoded_cookie)
+      if jsonified["fp"]
+        fp = jsonified["fp"]
+      end
+      if jsonified["cid"]
+        cid = jsonified["cid"]
+      end
+    rescue Exception
+    ensure
+      return fp, cid
+    end
+  end
+end

data/securenative.gemspec

@@ -0,0 +1,28 @@
+lib = File.expand_path("lib", __dir__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "securenative/config"
+
+Gem::Specification.new do |spec|
+  spec.name          = "securenative"
+  spec.version       = Config::SDK_VERSION
+  spec.authors       = ["SecureNative"]
+  spec.email         = ["support@securenative.com"]
+
+  spec.summary       = %q{SecureNative SDK for ruby}
+  spec.homepage      = "https://www.securenative.com"
+  spec.license       = "MIT"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 2.0"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

metadata

@@ -0,0 +1,91 @@
+--- !ruby/object:Gem::Specification
+name: securenative
+version: !ruby/object:Gem::Version
+  version: 0.1.5
+platform: ruby
+authors:
+- SecureNative
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2019-08-14 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: 
+email:
+- support@securenative.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/securenative.rb
+- lib/securenative/config.rb
+- lib/securenative/event_manager.rb
+- lib/securenative/event_options.rb
+- lib/securenative/event_type.rb
+- lib/securenative/http_client.rb
+- lib/securenative/secure_native_sdk.rb
+- lib/securenative/securenative_options.rb
+- lib/securenative/sn_exception.rb
+- lib/securenative/utils.rb
+- securenative.gemspec
+homepage: https://www.securenative.com
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://www.securenative.com
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.4
+signing_key: 
+specification_version: 4
+summary: SecureNative SDK for ruby
+test_files: []