RubyGems - security-gem - Versions diffs - 0.1.1 → 0.1.4 - Mend

security-gem 0.1.1 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/.gitignore +2 -1
data/Gemfile.lock +1 -1
data/lib/security/gem/security.rb +79 -0
data/lib/security/gem/version.rb +1 -1
data/lib/security/gem.rb +1 -6
data/lib/security/test.rb +12 -0
data/sql_payloads.txt +1826 -0
data/xss_payloads.txt +1 -0
metadata +6 -3
data/lib/security/gem/builder.rb +0 -45

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6edb94cc1e01b1cafa41c80efb2757beea865b8b08323294a62b0e173e376eae
-  data.tar.gz: a541e237ef277663cdbd4983df66b96335e59807581f696600cfbdc6996ceb8b
+  metadata.gz: 1861d7d816f659f59c15391e75fb1e95aeac0088dff85af4ee111f76e743b936
+  data.tar.gz: 63dba123845017c076c57b52b64fa1be6425de43ced46e74d628deab1e0db29f
 SHA512:
-  metadata.gz: 1fbda697f1b85d8ecbff4bffb359b703f5465af87c625f3c8e87aed0d431f7b4b11c67c8018c5eb89a69f4d33fa4bb1857a5de6d011ef8d153166a70e4462d9f
-  data.tar.gz: a11f2331724910658bac30a8880555762c3149509aa483fb01718a208e02e64a329ff6b7b2e6db79045cf4b9d653e3086927602363a216f33d76507db66e2929
+  metadata.gz: c70695d1dffa5d4b06710182dc885854f95eccaee3f90efaca572d1f1b4487edc29cf2fbe169291dfb2d58e7dcbdbabe257e89d5360677df307d9c2e8a6f85ad
+  data.tar.gz: b8150a3d21a3a0aada6f788d0ffe5f30dcd31fd27e29cd1a71a1ca5b5bb814e5677078e59cb24801bc518006040cb4858f43e5bfd4f61204031db14b6fd686a1

data/.gitignore CHANGED Viewed

@@ -6,4 +6,5 @@
 /pkg/
 /spec/reports/
 /tmp/
-*.gem
+*.gem
+.env

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    security-gem (0.1.1)
+    security-gem (0.1.4)
 GEM
   remote: https://rubygems.org/

data/lib/security/gem/security.rb ADDED Viewed

@@ -0,0 +1,79 @@
+require 'json'
+require 'logger'
+require 'logger/formatter'
+require 'net/http'
+require 'open-uri'
+require 'dotenv'
+Dotenv.load
+module SecurityLogger
+    #Create logs used for SQL Injection detections
+    class Sql_Injection
+        def initialize (ip_origin:)
+            @ip_origin = ip_origin
+        end
+        def log(input)
+            logger = Logger.new(STDOUT)
+            logger.formatter = proc do |severity, datetime, progname, msg|
+                {
+                  severity: severity,
+                  timestamp: datetime.to_s,
+                  app: progname,
+                  message: msg
+                }.to_json + $/
+            end
+            error = {:threat => "sql_injection_attack", :input => input, :ip_origin => @ip_origin}
+            logger.warn(JSON.parse(error.to_json))
+        end
+        def check_input(input)
+          uri = ENV['PATH_TO_SQL_PAYLOAD']
+          uri = URI(uri)
+          file = Net::HTTP.get(uri)
+            file.each_line do |file|
+                if file.strip == input.strip
+                    self.log(input.strip)
+                    break
+                end
+            end
+        end
+    end
+    class Xss_Injection
+        def initialize (ip_origin:)
+            @ip_origin = ip_origin
+        end
+        def log(input)
+            logger = Logger.new(STDOUT)
+            logger.formatter = proc do |severity, datetime, progname, msg|
+                {
+                  severity: severity,
+                  timestamp: datetime.to_s,
+                  app: progname,
+                  message: msg
+                }.to_json + $/
+            end
+            error = {:threat => "xss_attack", :input => input, :ip_origin => @ip_origin}
+            logger.warn(JSON.parse(error.to_json))
+        end
+        def check_input(input)
+          uri = ENV['PATH_TO_XSS_PAYLOAD']
+          uri = URI(uri)
+          file = Net::HTTP.get(uri)
+            file.each_line do |file|
+                if file.strip == input.strip
+                    self.log(input.strip)
+                    break
+                end
+            end
+        end
+    end
+end

data/lib/security/gem/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Security
   module Gem
-    VERSION = "0.1.1"
+    VERSION = "0.1.4"
   end
 end

data/lib/security/gem.rb CHANGED Viewed

@@ -1,8 +1,7 @@
 # frozen_string_literal: true
 require_relative "gem/version"
-require_relative "gem/builder"
-require 'socket'
+require_relative "gem/security"
 module Security
   module Gem
@@ -10,7 +9,3 @@ module Security
   end
 end
-input = "delete"
-SecurityLogger::Sql_Injection.new().check_input(input)

data/lib/security/test.rb ADDED Viewed

@@ -0,0 +1,12 @@
+require_relative "gem/security"
+# Sample SQL input
+input = "or 1=1"
+# Using the gem to log injection attempts
+SecurityLogger::Sql_Injection.new(ip_origin: "123.123.123.1").check_input(input)
+input = "<script>alert(0)</script>"
+# Using gem to log xss attempts
+SecurityLogger::Xss_Injection.new(ip_origin: "123.123.123.1").check_input(input)