threatstack-agent-ruby 0.2.1

data/lib/jobs/delayed_job.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require_relative './recurrent_job'
+
+module Threatstack
+  module Jobs
+
+    class DelayedJob
+      def initialize(name_or_logger, initial_delay = 0, args = nil, &block)
+        @job = RecurrentJob.new(name_or_logger,1, initial_delay, 1, args, &block)
+      end
+
+      def stop
+        @job.stop
+      end
+
+      def exec_count
+        @job.exec_count
+      end
+
+      def stopped
+        @job.stopped
+      end
+    end
+  end
+end

data/lib/jobs/event_submitter.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+require 'singleton'
+require 'net/https'
+require 'thread'
+require 'uri'
+
+require_relative '../events/event_accumulator'
+require_relative '../constants'
+require_relative '../utils/logger'
+require_relative './recurrent_job'
+
+module Threatstack
+  module Jobs
+    # Singleton class that creates a job to submit events asynchronously
+    class EventSubmitter
+      include Singleton
+      include Threatstack::Constants
+
+      SUBMITTER_NAME = 'EventSubmitter'
+
+      attr_reader :job
+
+      def initialize
+        @pid = nil
+        @mutex = Mutex.new
+        @accumulator = Threatstack::Events::EventAccumulator.instance
+      end
+
+      # start recurrent job
+      def start
+        pid = Process.pid
+        if @pid != pid
+          @mutex.synchronize do
+            if @pid != pid
+              @logger = Threatstack::Utils::TSLogger.create SUBMITTER_NAME
+              @logger.debug 'Launching an EventSubmitter instance'
+              # clear events in case the accumulator was forked and already had queued events
+              @accumulator.clear_events
+              # submit every JOB_INTERVAL seconds
+              @job = RecurrentJob.new(@logger, JOB_INTERVAL, 5) { submit }
+              @pid = pid
+            end
+          end
+        end
+      end
+
+      def submit
+        @logger.debug 'Starting event submission'
+
+        # fetch events from the accumulator
+        events = fetch_events
+        @logger.debug "Found a total of #{events.length} events"
+
+        if events.empty?
+          @logger.debug 'No events to report'
+          return
+        end
+
+        # split events array into groups of EVENTS_PER_REQ
+        events.each_slice(EVENTS_PER_REQ) do |group|
+          # convert payload to JSON
+          json_payload = "[#{group.collect(&:to_json_string).join(', ')}]"
+          # submit http request
+          uri = URI.parse(APPSEC_BASE_URL + APPSEC_EVENTS_URL)
+          headers = {
+            'Content-Type' => 'application/json',
+            'bluefyre-agent-id' => AGENT_ID,
+            'bluefyre-agent-instance-id' => AGENT_INSTANCE_ID
+          }
+          http = Net::HTTP.new(uri.host, uri.port)
+          http.use_ssl = true
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+          req = Net::HTTP::Post.new(uri.request_uri, headers)
+          req.body = json_payload
+          @logger.debug "Sending #{group.length} events with payload: #{json_payload}"
+          begin
+            resp = http.request(req)
+            @logger.debug "Sent #{group.length} events, HTTP code: #{resp.code}"
+          rescue StandardError => e
+            @logger.error "StandardError: #{e.inspect}"
+          end
+        end
+      end
+
+      def queue_event(event)
+        start
+        @accumulator.add_event event
+      end
+
+      def fetch_events
+        # check total number of events first
+        total_events = @accumulator.events.length
+        return [] unless total_events > 0
+
+        # retrieve events from the accumulator in a thread-safe manner
+        @accumulator.remove_events total_events
+      end
+    end
+  end
+end

data/lib/jobs/job_queue.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Threatstack
+  module Jobs
+
+    class JobQueue
+      attr_reader :job_queue
+      attr_reader :job_thread
+      attr_reader :stopped
+
+      def initialize
+        @stopped = false
+        @job_queue = Queue.new
+        @job_thread = Thread.new do
+          # Fetch an item from the worker queue, or wait until one is available
+          while (job = @job_queue.pop)
+            Thread.stop if @stopped
+            job[:action].call(job[:args])
+          end
+          @stopped = true
+          Thread.stop
+        end
+      end
+
+      def add_job(args = nil, &block)
+        raise 'Invalid proc provided' unless block_given?
+
+        @job_queue.push(:action => block, :args => args)
+      end
+
+      def stop
+        @stopped = true
+        # push nil to stop the while loop
+        add_job nil
+      end
+    end
+  end
+end

data/lib/jobs/recurrent_job.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+require 'thread/every'
+
+require_relative '../utils/logger'
+
+module Threatstack
+  module Jobs
+
+    class RecurrentJob
+      attr_reader :exec_count
+      attr_reader :stopped
+      attr_reader :logger
+
+      def initialize(name_or_logger, repeat_every_sec = 10, initial_delay_sec = 0, total_times = nil, args = nil, &block)
+        raise 'Block not specified' unless block_given?
+
+        # create logger or use passed one if available
+        if name_or_logger.respond_to?(:debug) && name_or_logger.respond_to?(:info) && name_or_logger.respond_to?(:error)
+          @logger = name_or_logger
+        else
+          @logger = Threatstack::Utils::TSLogger.create "#{name_or_logger}Job"
+        end
+
+        @stopped = false
+        @exec_count = 0
+        @logger.debug "Creating recurrent job with #{initial_delay_sec} sec delay, repeat every #{repeat_every_sec} sec, #{total_times || 'infinite'} time(s)"
+        Thread.new do
+          # wait before starting
+          sleep initial_delay_sec
+          # repeat every X secs
+          Thread.every(repeat_every_sec) do
+            @logger.debug 'Starting job iteration...'
+            # stop if stop method called or exec limit reached
+            if @stopped || (!total_times.nil? && @exec_count == total_times)
+              @logger.debug 'Job stopped'
+              @stopped = true
+              Thread.stop
+              return
+            end
+            # increment
+            @exec_count += 1
+            # perform main action
+            begin
+              @logger.debug 'Calling job action'
+              block.call args
+              @logger.debug 'Job action called'
+            rescue StandardError => e
+              @logger.error "StandardError in job action: #{e.inspect}"
+            end
+          end
+        end
+      end
+
+      def stop
+        @logger.debug 'Stopping recurrent job'
+        @stopped = true
+      end
+    end
+  end
+end

data/lib/threatstack-agent-ruby.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+require_relative './constants'
+require_relative './control'
+
+# initialize agent
+Threatstack::Control._setup_agent

data/lib/utils/aws_utils.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'json'
+
+require_relative './logger'
+require_relative '../constants'
+
+module Threatstack
+  module Utils
+    class Aws
+      include Singleton
+      include Threatstack::Constants
+
+      def initialize
+        @logger = Threatstack::Utils::TSLogger.create 'AwsUtils'
+      end
+
+      def get_aws_metadata
+        aws_metadata = {}
+        timeout = 5 # secs
+
+        begin
+          # prepare request
+          @logger.debug 'Preparing request to fetch AWS metadata'
+          aws_uri = URI(AWS_METADATA_URL)
+          http = Net::HTTP.new(aws_uri.host, aws_uri.port)
+          http.open_timeout = timeout
+          http.read_timeout = timeout
+          # http.keep_alive_timeout = 2
+          req = Net::HTTP::Get.new(aws_uri.path)
+          # fire request
+          @logger.debug 'Firing request to fetch AWS metadata'
+          resp = http.request(req)
+          @logger.debug "AWS metadata request HTTP code #{resp.code} and response: #{resp.body}"
+          # convert response to hash
+          aws_metadata = resp.body ? JSON.parse(resp.body) : aws_metadata
+        rescue StandardError => e
+          @logger.error "StandardError: #{e.inspect}"
+        end
+
+        # return
+        aws_metadata
+      end
+    end
+  end
+end

data/lib/utils/formatter.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Threatstack
+  module Utils
+    class TSFormatter
+      def regular(str)
+        "\e[00m#{str}\e[0m"
+      end
+
+      def bright(str)
+        "\e[01m#{str}\e[0m"
+      end
+
+      def black(str)
+        "\e[30m#{str}\e[0m"
+      end
+
+      def red(str)
+        "\e[31m#{str}\e[0m"
+      end
+
+      def green(str)
+        "\e[32m#{str}\e[0m"
+      end
+
+      def yellow(str)
+        "\e[33m#{str}\e[0m"
+      end
+
+      def blue(str)
+        "\e[34m#{str}\e[0m"
+      end
+
+      def magenta(str)
+        "\e[35m#{str}\e[0m"
+      end
+
+      def cyan(str)
+        "\e[36m#{str}\e[0m"
+      end
+
+      def gray(str)
+        "\e[37m#{str}\e[0m"
+      end
+    end
+  end
+end

data/lib/utils/logger.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require 'logger'
+
+require_relative '../constants'
+require_relative './formatter'
+
+module Threatstack
+  module Utils
+    module TSLogger
+      def self.create(name)
+        formatter = TSFormatter.new
+        logger = Logger.new STDOUT
+        logger.progname = "TS#{name}"
+        logger.datetime_format = '%FT%T%:z'
+        logger.level = Threatstack::Constants::LOG_LEVEL
+        colors = Threatstack::Constants::LOG_COLORS
+        random_color = ['blue', 'gray', 'green', 'yellow', 'cyan', 'magenta'].sample
+        progname = colors ? formatter.send(random_color, '%16.16s' % logger.progname) : '%16.16s' % logger.progname
+        logger.formatter = proc do |severity, datetime, _progname, msg|
+          pid = Process.pid
+          sev_padded = '%5.5s' % severity
+          sev_final = sev_padded
+          if colors
+            pid = formatter.green pid
+            if severity == 'INFO'
+              sev_final = formatter.cyan sev_padded
+            elsif severity == 'WARN'
+              sev_final = formatter.yellow sev_padded
+            elsif severity == 'ERROR' || severity == 'FATAL'
+              sev_final = formatter.red sev_padded
+            else
+              sev_final = formatter.regular sev_padded
+            end
+          end
+
+          "[#{datetime}] #{pid} - #{sev_final} - #{progname}: #{msg}\n"
+        end
+        logger
+      end
+    end
+  end
+end

data/threatstack-agent-ruby.gemspec

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name          = 'threatstack-agent-ruby'
+  spec.version       = '0.2.1'
+  spec.authors       = ['Threat Stack Inc']
+  spec.email         = ['support@threatstack.com']
+  spec.summary       = 'Ruby version of the ThreatStack agent which helps identify security vulnerabilities at runtime'
+  spec.license       = 'Threat Stack'
+  spec.homepage      = 'https://www.threatstack.com'
+  spec.extra_rdoc_files = [
+    "LICENSE"
+  ]  
+
+  spec.files         = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^((test|spec|features|)/|Gemfile_release|Rakefile|README.md|.gitlab-ci.yml|.rubocop.yml|Gemfile.lock|.gitignore)}) }
+  end
+  spec.require_paths = ['lib']
+  spec.extensions    = ['ext/libinjection/extconf.rb']
+
+  spec.add_dependency 'network_interface', '0.0.2'
+  spec.add_dependency 'Platform', '0.4.2'
+  spec.add_dependency 'thread', '0.2.2'
+
+  spec.add_development_dependency 'rubocop'
+  spec.add_development_dependency 'aws-sdk-s3'
+  spec.add_development_dependency 'builder'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'webmock'
+end

metadata

@@ -0,0 +1,221 @@
+--- !ruby/object:Gem::Specification
+name: threatstack-agent-ruby
+version: !ruby/object:Gem::Version
+  version: 0.2.1
+platform: ruby
+authors:
+- Threat Stack Inc
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-05-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: network_interface
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.2
+- !ruby/object:Gem::Dependency
+  name: Platform
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.4.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.4.2
+- !ruby/object:Gem::Dependency
+  name: thread
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.2.2
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-s3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: builder
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- support@threatstack.com
+executables: []
+extensions:
+- ext/libinjection/extconf.rb
+extra_rdoc_files:
+- LICENSE
+files:
+- Gemfile
+- LICENSE
+- ext/libinjection/extconf.rb
+- ext/libinjection/libinjection.h
+- ext/libinjection/libinjection.i
+- ext/libinjection/libinjection_html5.c
+- ext/libinjection/libinjection_html5.h
+- ext/libinjection/libinjection_sqli.c
+- ext/libinjection/libinjection_sqli.h
+- ext/libinjection/libinjection_sqli_data.h
+- ext/libinjection/libinjection_wrap.c
+- ext/libinjection/libinjection_xss.c
+- ext/libinjection/libinjection_xss.h
+- lib/constants.rb
+- lib/control.rb
+- lib/events/event_accumulator.rb
+- lib/events/models/attack_event.rb
+- lib/events/models/base_event.rb
+- lib/events/models/dependency_event.rb
+- lib/events/models/environment_event.rb
+- lib/events/models/instrumentation_event.rb
+- lib/exceptions/request_blocked_error.rb
+- lib/instrumentation/common.rb
+- lib/instrumentation/instrumenter.rb
+- lib/instrumentation/kernel.rb
+- lib/instrumentation/rails.rb
+- lib/jobs/delayed_job.rb
+- lib/jobs/event_submitter.rb
+- lib/jobs/job_queue.rb
+- lib/jobs/recurrent_job.rb
+- lib/threatstack-agent-ruby.rb
+- lib/utils/aws_utils.rb
+- lib/utils/formatter.rb
+- lib/utils/logger.rb
+- threatstack-agent-ruby.gemspec
+homepage: https://www.threatstack.com
+licenses:
+- Threat Stack
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.2
+signing_key: 
+specification_version: 4
+summary: Ruby version of the ThreatStack agent which helps identify security vulnerabilities
+  at runtime
+test_files: []