security-gem 0.1.3 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1e19b4ce5337fef141ece0c5db7d4b76031f6171065a9fee2ff1444692b3c2de
-  data.tar.gz: 85b6afc1258a32aa7ce7c61a8b465384630bb0838122b6d2d19e2cd2a270c5ae
+  metadata.gz: 1861d7d816f659f59c15391e75fb1e95aeac0088dff85af4ee111f76e743b936
+  data.tar.gz: 63dba123845017c076c57b52b64fa1be6425de43ced46e74d628deab1e0db29f
 SHA512:
-  metadata.gz: b3f5b0d39f1b9f2a88f8a573881dad6e2cc265706e2fad78501c2d338f3cd431c9886f5ac60c8fd70af55aca6fc28aff5ac5c458d86512f2b3c6ba053ca003c8
-  data.tar.gz: 1a8a91cc11c917bf651c8675f90a16db7c5833ce9830eb8424647ea67095ce6f7089dd631cf7c6e0239be8f470a42dd8ce7072ebb31becb7e6cb47bf173558f1
+  metadata.gz: c70695d1dffa5d4b06710182dc885854f95eccaee3f90efaca572d1f1b4487edc29cf2fbe169291dfb2d58e7dcbdbabe257e89d5360677df307d9c2e8a6f85ad
+  data.tar.gz: b8150a3d21a3a0aada6f788d0ffe5f30dcd31fd27e29cd1a71a1ca5b5bb814e5677078e59cb24801bc518006040cb4858f43e5bfd4f61204031db14b6fd686a1

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    security-gem (0.1.3)
+    security-gem (0.1.4)
 
 GEM
   remote: https://rubygems.org/

data/lib/security/gem/security.rb

@@ -0,0 +1,79 @@
+require 'json'
+require 'logger'
+require 'logger/formatter'
+require 'net/http'
+require 'open-uri'
+require 'dotenv'
+Dotenv.load
+
+module SecurityLogger
+
+    #Create logs used for SQL Injection detections
+    class Sql_Injection
+        def initialize (ip_origin:)
+            @ip_origin = ip_origin
+        end
+
+        def log(input)
+            logger = Logger.new(STDOUT)
+            logger.formatter = proc do |severity, datetime, progname, msg|
+                {
+                  severity: severity,
+                  timestamp: datetime.to_s,
+                  app: progname,
+                  message: msg
+                }.to_json + $/  
+            end
+
+            error = {:threat => "sql_injection_attack", :input => input, :ip_origin => @ip_origin}
+            logger.warn(JSON.parse(error.to_json))
+        end
+
+        def check_input(input)
+          uri = ENV['PATH_TO_SQL_PAYLOAD']
+          uri = URI(uri)
+          file = Net::HTTP.get(uri)
+            file.each_line do |file|
+                if file.strip == input.strip
+                    self.log(input.strip)
+                    break
+                end
+            end
+
+        end
+    end
+
+    class Xss_Injection
+        def initialize (ip_origin:)
+            @ip_origin = ip_origin
+        end
+
+        def log(input)
+            logger = Logger.new(STDOUT)
+            logger.formatter = proc do |severity, datetime, progname, msg|
+                {
+                  severity: severity,
+                  timestamp: datetime.to_s,
+                  app: progname,
+                  message: msg
+                }.to_json + $/  
+            end
+
+            error = {:threat => "xss_attack", :input => input, :ip_origin => @ip_origin}
+            logger.warn(JSON.parse(error.to_json))
+        end
+
+        def check_input(input)
+          uri = ENV['PATH_TO_XSS_PAYLOAD']
+          uri = URI(uri)
+          file = Net::HTTP.get(uri)
+            file.each_line do |file|
+                if file.strip == input.strip
+                    self.log(input.strip)
+                    break
+                end
+            end
+
+        end
+    end
+end

data/lib/security/gem/version.rb

@@ -2,6 +2,6 @@
 
 module Security
   module Gem
-    VERSION = "0.1.3"
+    VERSION = "0.1.4"
   end
 end

data/lib/security/gem.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 require_relative "gem/version"
-require_relative "gem/builder"
+require_relative "gem/security"
 
 module Security
   module Gem

data/lib/security/test.rb

@@ -1,7 +1,12 @@
-require_relative "gem/builder"
+require_relative "gem/security"
 
 # Sample SQL input
 input = "or 1=1"
 
 # Using the gem to log injection attempts
-SecurityLogger::Sql_Injection.new(ip_origin: "123.123.123.1").check_input(input)
+SecurityLogger::Sql_Injection.new(ip_origin: "123.123.123.1").check_input(input)
+
+input = "<script>alert(0)</script>"
+
+# Using gem to log xss attempts
+SecurityLogger::Xss_Injection.new(ip_origin: "123.123.123.1").check_input(input)

data/xss_payloads.txt

@@ -0,0 +1 @@
+<script>alert(0)</script>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: security-gem
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.4
 platform: ruby
 authors:
 - tuckerweibell
@@ -28,11 +28,12 @@ files:
 - bin/setup
 - file.json
 - lib/security/gem.rb
-- lib/security/gem/builder.rb
+- lib/security/gem/security.rb
 - lib/security/gem/version.rb
 - lib/security/test.rb
-- payloads.txt
 - security-gem.gemspec
+- sql_payloads.txt
+- xss_payloads.txt
 homepage: https://github.com/tuckerweibell/security-gem
 licenses:
 - MIT

data/lib/security/gem/builder.rb

@@ -1,45 +0,0 @@
-require 'json'
-require 'logger'
-require 'logger/formatter'
-require 'net/http'
-require 'open-uri'
-require 'dotenv'
-Dotenv.load
-
-module SecurityLogger
-
-    #Create logs used for SQL Injection detections
-    class Sql_Injection
-        def initialize (ip_origin:)
-            @ip_origin = ip_origin
-        end
-
-        def log(input)
-            logger = Logger.new(STDOUT)
-            logger.formatter = proc do |severity, datetime, progname, msg|
-                {
-                  severity: severity,
-                  timestamp: datetime.to_s,
-                  app: progname,
-                  message: msg
-                }.to_json + $/  
-            end
-
-            error = {:input => input, :ip_origin => @ip_origin}
-            logger.warn(JSON.parse(error.to_json))
-        end
-
-        def check_input(input)
-          uri = ENV['PATH_TO_PAYLOAD']
-          uri = URI(uri)
-          file = Net::HTTP.get(uri)
-            file.each_line do |file|
-                if file.strip == input.strip
-                    self.log(input.strip)
-                    break
-                end
-            end
-
-        end
-    end
-end