t-1000 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 885f3a2a22890b51f2901e751a0e08b6dd42ad7d
4
+ data.tar.gz: a4c9deab54bfba06faea2536d110bcf86a6b76e9
5
+ SHA512:
6
+ metadata.gz: dae7eddc9fa1124ed7938a68988d0444263b9514adca4627cdb164edd92b76720b3497009f10a503c531242a1050349eef96fe3d66b9476f90be6f10adab365b
7
+ data.tar.gz: 830cbe2ba385e70478187d0aca16baf8082364ac1bd00e36e8239f04d189be61c500910c890cc211d820f28ff0a6c77a6091a7fae9f2fcf0992c0d47344c4970
data/.gitignore ADDED
@@ -0,0 +1,11 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /Gemfile.lock
4
+ /_yardoc/
5
+ /coverage/
6
+ /doc/
7
+ /pkg/
8
+ /spec/reports/
9
+ /tmp/
10
+ *.gem
11
+
data/.rspec ADDED
@@ -0,0 +1,2 @@
1
+ --format documentation
2
+ --color
data/.travis.yml ADDED
@@ -0,0 +1,3 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.2.2
@@ -0,0 +1,13 @@
1
+ # Contributor Code of Conduct
2
+
3
+ As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
4
+
5
+ We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, age, or religion.
6
+
7
+ Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
8
+
9
+ Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
10
+
11
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
12
+
13
+ This Code of Conduct is adapted from the [Contributor Covenant](http:contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in t-1000.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2015 Jason Waldrip
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,99 @@
1
+ # T1000
2
+
3
+ Rack::Attack with common attack vectors such as denial-of-service, repeated failures, malicious strings, etc.
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ ```ruby
10
+ gem 't-1000'
11
+ ```
12
+
13
+ And then execute:
14
+
15
+ $ bundle
16
+
17
+ Or install it yourself as:
18
+
19
+ $ gem install t-1000
20
+
21
+ ## Usage
22
+
23
+ ### Middleware
24
+
25
+ Insert the middleware
26
+
27
+ ```
28
+ use T1000::Middleware
29
+ ```
30
+
31
+ ### Rack::Attack
32
+
33
+ T1000 supports all the normal rack-attack methods by calling the method on T1000.
34
+
35
+ **Example:**
36
+
37
+ ```ruby
38
+ blocked_ip = '59.12.120.18'
39
+ T1000.blacklist 'ip' do |req|
40
+ req.ip = blocked_ip
41
+ end
42
+ ```
43
+
44
+ ### Allow Vectors
45
+
46
+ * `allow_localhost`
47
+ * `allow_ips(*ips, name: nil, &block)`
48
+ * `allow_user_agents(*user_agents, name: nil, &block)`
49
+
50
+ ### Block Vectors
51
+
52
+ * `block_ips(*ips, name: nil, &block)`
53
+ * `block_failures(name: nil, within: 30, retries: 10, lock_for: 6000, &block)`
54
+ * `block_denial_of_service(name: nil, within: 30, requests: 1000, lock_for: 6000, &block)`
55
+ * `block_strings(*strings, name: nil, &block)`
56
+ * `block_user_agents(*user_agents, name:nil &block)`
57
+
58
+ #### The `&block`
59
+
60
+ If a block is given to any of the above methods it will be evaluated along with
61
+ the vector. Both the vector and the block must return true for an action to take
62
+ place.
63
+
64
+ **Example**
65
+
66
+ ```ruby
67
+ T1000.block_failures do |req|
68
+ req.session['user_id'] != nil
69
+ end
70
+ ```
71
+
72
+ ### Setting Responses
73
+
74
+ Responses can be set for throttled and blacklisted responses. Responses have
75
+ access to the rack environment and must return a rack compatible response.
76
+
77
+ ```ruby
78
+ T1000.blacklisted_response do |env|
79
+ [502, {}, ['Service Not Available']
80
+ end
81
+
82
+ T1000.throttled_response do |env|
83
+ [502, {}, ['Service Not Available']
84
+ end
85
+ ```
86
+
87
+ ## Development
88
+
89
+ After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
90
+
91
+ To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release` to create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
92
+
93
+ ## Contributing
94
+
95
+ 1. Fork it ( https://github.com/[my-github-username]/t_1000/fork )
96
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
97
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
98
+ 4. Push to the branch (`git push origin my-new-feature`)
99
+ 5. Create a new Pull Request
data/Rakefile ADDED
@@ -0,0 +1 @@
1
+ require "bundler/gem_tasks"
data/bin/console ADDED
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "t-1000"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start
data/bin/setup ADDED
@@ -0,0 +1,7 @@
1
+ #!/bin/bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+
5
+ bundle install
6
+
7
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,4 @@
1
+ module T1000
2
+ class Cache < Rack::Attack::Cache
3
+ end
4
+ end
@@ -0,0 +1,17 @@
1
+ module T1000
2
+ class Lock < Struct.new :ip
3
+
4
+ def key
5
+ @key ||= ActiveSupport::Cache.expand_cache_key [ip], :ip_lock
6
+ end
7
+
8
+ def lock!(time = 1.minute)
9
+ T1000.cache.store.write(key, true, expires_in: time)
10
+ end
11
+
12
+ def locked?
13
+ !!T1000.cache.store.read(key)
14
+ end
15
+
16
+ end
17
+ end
@@ -0,0 +1,24 @@
1
+ module T1000
2
+ class Middleware < Rack::Attack
3
+
4
+ extend Forwardable
5
+ def_delegators self, :whitelisted?,
6
+ :blacklisted?,
7
+ :throttled?,
8
+ :tracked?
9
+
10
+ def cache
11
+ T1000.cache
12
+ end
13
+
14
+ def call(env)
15
+ req = Request.new(env)
16
+ transactions = TransactionList.for_ip(req.ip)
17
+ super.tap do |status, headers, *|
18
+ transaction = Transaction.new req, Response.new(status, headers)
19
+ transactions.push transaction
20
+ end
21
+ end
22
+
23
+ end
24
+ end
@@ -0,0 +1,14 @@
1
+ module T1000
2
+ class Request
3
+ attr_reader :ip, :params, :path, :body, :headers, :session
4
+
5
+ def initialize(env)
6
+ request = Rack::Request.new env
7
+ @params = request.params
8
+ @body = request.body.read
9
+ @path = request.path
10
+ @ip = request.ip
11
+ @headers = env.select { |k, _| k =~ /[A-Z]+/ }
12
+ end
13
+ end
14
+ end
@@ -0,0 +1,4 @@
1
+ module T1000
2
+ class Response < Struct.new :status, :headers
3
+ end
4
+ end
@@ -0,0 +1,11 @@
1
+ module T1000
2
+ class Transaction
3
+ attr_reader :request, :response, :time
4
+
5
+ def initialize(request, response)
6
+ @request = request
7
+ @response = response
8
+ @time = Time.now
9
+ end
10
+ end
11
+ end
@@ -0,0 +1,40 @@
1
+ require 'active_support/cache'
2
+
3
+ module T1000
4
+ class TransactionList < Array
5
+
6
+ alias_method :track_before, :dup
7
+
8
+ Array.instance_methods(false).each do |meth|
9
+ old = instance_method(meth)
10
+ define_method(meth) do |*args, &block|
11
+ before = to_a
12
+ old.bind(self).call(*args, &block).tap do
13
+ changed if before != to_a
14
+ end
15
+ end unless %i{to_a}.include? meth
16
+ end
17
+
18
+ def self.for_ip(ip, timeout: 3600)
19
+ new(ip, timeout: timeout)
20
+ end
21
+
22
+ def initialize(ip, timeout: 3600)
23
+ @timeout = timeout
24
+ @key = ActiveSupport::Cache.expand_cache_key [ip], :ip_request_tracker
25
+ replace T1000.cache.store.read(@key) || []
26
+ end
27
+
28
+ def within(time)
29
+ dup.replace select { |t| t.time > time.ago }
30
+ end
31
+
32
+ def with_error
33
+ dup.replace select { |t| t.response.status >= 400 }
34
+ end
35
+
36
+ def changed
37
+ T1000.cache.store.write @key, self, expires_in: @timeout
38
+ end
39
+ end
40
+ end
@@ -0,0 +1,3 @@
1
+ module T1000
2
+ VERSION = "0.1.0"
3
+ end
data/lib/t-1000.rb ADDED
@@ -0,0 +1,144 @@
1
+ # external
2
+ require 'active_support/cache'
3
+ require 'rack/attack'
4
+ require 'forwardable'
5
+ require 'colorize'
6
+
7
+ # internal
8
+ require 't-1000/version'
9
+ require 't-1000/middleware'
10
+ require 't-1000/transaction_list'
11
+ require 't-1000/transaction'
12
+ require 't-1000/request'
13
+ require 't-1000/response'
14
+ require 't-1000/cache'
15
+ require 't-1000/lock'
16
+
17
+ module T1000
18
+ extend self
19
+ extend Forwardable
20
+
21
+ module Refinements
22
+ refine Array do
23
+ def map_regex
24
+ map { |s| Regexp.new s.to_s }
25
+ end
26
+
27
+ def match_any?(string)
28
+ map_regex.any? do |regex|
29
+ string =~ regex
30
+ end
31
+ end
32
+
33
+ def stringify
34
+ map(&:to_s).join ', '
35
+ end
36
+ end
37
+ end
38
+
39
+ using Refinements
40
+
41
+ def_delegators Middleware, *Rack::Attack.methods(false)
42
+
43
+ def allow_localhost
44
+ allow_ips '::1', '127.0.0.1'
45
+ end
46
+
47
+ def block_ips(*ips, name: nil, &block)
48
+ block ||= proc { true }
49
+ blacklist(humanize __method__, name, *ips) do |req|
50
+ ips.include?(req.ip) && block.call(req)
51
+ end
52
+ end
53
+
54
+ def allow_ips(*ips, name: nil, &block)
55
+ block ||= proc { true }
56
+ whitelist(humanize __method__, name, *ips) do |req|
57
+ ips.include?(req.ip) && block.call(req)
58
+ end
59
+ end
60
+
61
+ def block_failures(name: nil, within: 30, retries: 10, lock_for: 6000, &block)
62
+ block ||= proc { true }
63
+ blacklist(humanize __method__, name) do |req|
64
+ reqs = TransactionList.for_ip(req.ip, timeout: within)
65
+ ip_lock = Lock.new(req.ip)
66
+ ip_lock.lock! lock_for if reqs.within(within).with_error.count > retries &&
67
+ block.call(req)
68
+ ip_lock.locked?
69
+ end
70
+ end
71
+
72
+ def block_denial_of_service(name: nil, within: 30, requests: 1_000, lock_for: 6000, &block)
73
+ block ||= proc { true }
74
+ blacklist(humanize __method__, name) do |req|
75
+ reqs = TransactionList.for_ip(req.ip, timeout: within)
76
+ ip_lock = Lock.new(req.ip)
77
+ ip_lock.lock! lock_for if reqs.within(within).count > requests &&
78
+ block.call(req)
79
+ ip_lock.locked?
80
+ end
81
+ end
82
+
83
+ def block_strings(*strings, name: nil, &block)
84
+ block ||= proc { true }
85
+ blacklist(humanize __method__, name, *strings) do |req|
86
+ strings.match_any?(req.params.map(&:join).join) && block.call(req)
87
+ end
88
+ end
89
+
90
+ def allow_user_agents(*user_agents, name: nil, &block)
91
+ block ||= proc { true }
92
+ whitelist(humanize __method__, name, *user_agents) do
93
+ user_agents.match_any?(req.user_agent) && block.call(req)
94
+ end
95
+ end
96
+
97
+ def block_user_agents(*user_agents, name: nil, &block)
98
+ block ||= proc { true }
99
+ blacklist(humanize __method__, name, *user_agents) do
100
+ user_agents.match_any?(req.user_agent) && block.call(req)
101
+ end
102
+ end
103
+
104
+ def blacklisted_response(&block)
105
+ Middleware.blacklisted_response = block
106
+ end
107
+
108
+ def throttled_response(&block)
109
+ Middleware.throttled_response = block
110
+ end
111
+
112
+ def cache
113
+ @cache ||= Cache.new
114
+ end
115
+
116
+ def logger=(logger)
117
+ @logger = logger
118
+ end
119
+
120
+ def logger
121
+ @logger ||= defined?(Rails) ? Rails.logger : Logger.new(STDOUT)
122
+ end
123
+
124
+ def notify(name, type)
125
+ logger.warn case type
126
+ when :whitelist
127
+ "T1000 Allowed Request: #{name.inspect}".green
128
+ when :blacklist
129
+ "T1000 Terminated Request: #{name.inspect}".red
130
+ end
131
+ end
132
+
133
+ blacklisted_response do |env|
134
+ notify env['rack.attack.matched'], env['rack.attack.match_type']
135
+ [503, {}, ['503 Service Unavailable']]
136
+ end
137
+
138
+ private
139
+
140
+ def humanize(meth, name = nil, *vectors)
141
+ "#{meth.to_s.split('_').join(' ').capitalize}#{ " (#{name})" if name }#{ ": #{vectors.stringify}" if vectors.length > 0 }"
142
+ end
143
+
144
+ end
data/t-1000.gemspec ADDED
@@ -0,0 +1,28 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 't-1000/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "t-1000"
8
+ spec.version = T1000::VERSION
9
+ spec.authors = ["Jason Waldrip"]
10
+ spec.email = ["jason@waldrip.net"]
11
+
12
+ spec.summary = %q{Rack::Attack + Common attack vectors}
13
+ spec.description = %q{Rack::Attack with common attack vectors such as denial-of-service, repeated failures, malicious strings, etc.}
14
+ spec.homepage = "https://github.com/brandfolder/t-1000"
15
+ spec.license = "MIT"
16
+
17
+ spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
18
+ spec.bindir = "exe"
19
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
20
+ spec.require_paths = ["lib"]
21
+
22
+ spec.add_dependency 'rack-attack', '~> 4.3'
23
+ spec.add_dependency 'activesupport', ['>= 3.2', '< 5']
24
+ spec.add_dependency 'colorize', '~> 0.7'
25
+
26
+ spec.add_development_dependency "bundler", "~> 1.9"
27
+ spec.add_development_dependency "rake", "~> 10.0"
28
+ end
metadata ADDED
@@ -0,0 +1,142 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: t-1000
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - Jason Waldrip
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2015-07-15 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rack-attack
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '4.3'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '4.3'
27
+ - !ruby/object:Gem::Dependency
28
+ name: activesupport
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '3.2'
34
+ - - "<"
35
+ - !ruby/object:Gem::Version
36
+ version: '5'
37
+ type: :runtime
38
+ prerelease: false
39
+ version_requirements: !ruby/object:Gem::Requirement
40
+ requirements:
41
+ - - ">="
42
+ - !ruby/object:Gem::Version
43
+ version: '3.2'
44
+ - - "<"
45
+ - !ruby/object:Gem::Version
46
+ version: '5'
47
+ - !ruby/object:Gem::Dependency
48
+ name: colorize
49
+ requirement: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - "~>"
52
+ - !ruby/object:Gem::Version
53
+ version: '0.7'
54
+ type: :runtime
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - "~>"
59
+ - !ruby/object:Gem::Version
60
+ version: '0.7'
61
+ - !ruby/object:Gem::Dependency
62
+ name: bundler
63
+ requirement: !ruby/object:Gem::Requirement
64
+ requirements:
65
+ - - "~>"
66
+ - !ruby/object:Gem::Version
67
+ version: '1.9'
68
+ type: :development
69
+ prerelease: false
70
+ version_requirements: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - "~>"
73
+ - !ruby/object:Gem::Version
74
+ version: '1.9'
75
+ - !ruby/object:Gem::Dependency
76
+ name: rake
77
+ requirement: !ruby/object:Gem::Requirement
78
+ requirements:
79
+ - - "~>"
80
+ - !ruby/object:Gem::Version
81
+ version: '10.0'
82
+ type: :development
83
+ prerelease: false
84
+ version_requirements: !ruby/object:Gem::Requirement
85
+ requirements:
86
+ - - "~>"
87
+ - !ruby/object:Gem::Version
88
+ version: '10.0'
89
+ description: Rack::Attack with common attack vectors such as denial-of-service, repeated
90
+ failures, malicious strings, etc.
91
+ email:
92
+ - jason@waldrip.net
93
+ executables: []
94
+ extensions: []
95
+ extra_rdoc_files: []
96
+ files:
97
+ - ".gitignore"
98
+ - ".rspec"
99
+ - ".travis.yml"
100
+ - CODE_OF_CONDUCT.md
101
+ - Gemfile
102
+ - LICENSE.txt
103
+ - README.md
104
+ - Rakefile
105
+ - bin/console
106
+ - bin/setup
107
+ - lib/t-1000.rb
108
+ - lib/t-1000/cache.rb
109
+ - lib/t-1000/lock.rb
110
+ - lib/t-1000/middleware.rb
111
+ - lib/t-1000/request.rb
112
+ - lib/t-1000/response.rb
113
+ - lib/t-1000/transaction.rb
114
+ - lib/t-1000/transaction_list.rb
115
+ - lib/t-1000/version.rb
116
+ - t-1000.gemspec
117
+ homepage: https://github.com/brandfolder/t-1000
118
+ licenses:
119
+ - MIT
120
+ metadata: {}
121
+ post_install_message:
122
+ rdoc_options: []
123
+ require_paths:
124
+ - lib
125
+ required_ruby_version: !ruby/object:Gem::Requirement
126
+ requirements:
127
+ - - ">="
128
+ - !ruby/object:Gem::Version
129
+ version: '0'
130
+ required_rubygems_version: !ruby/object:Gem::Requirement
131
+ requirements:
132
+ - - ">="
133
+ - !ruby/object:Gem::Version
134
+ version: '0'
135
+ requirements: []
136
+ rubyforge_project:
137
+ rubygems_version: 2.4.5
138
+ signing_key:
139
+ specification_version: 4
140
+ summary: Rack::Attack + Common attack vectors
141
+ test_files: []
142
+ has_rdoc: