RubyGems - wafris - Versions diffs - 0.1.2 → 0.3.0 - Mend

wafris 0.1.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/lua/dist/wafris_core.lua +19 -5
data/lib/wafris/configuration.rb +0 -8
data/lib/wafris/version.rb +1 -1
data/lib/wafris.rb +15 -51
metadata +2 -3
data/lib/lua/dist/get_graph_data.lua +0 -81

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 05707fe625f71f24a02f26585d89356156b1dc83887195f1042a47856d3c86cf
-  data.tar.gz: 05e798e3298518a0310f1cdf6a68426b2b12f9c066acc74e78833987e26f2e31
+  metadata.gz: 2da3a1b92fba96e01f65433a9388d7dbeb8f24225b352e1958f392cd82fc8522
+  data.tar.gz: c8a72dcb1459454890d11d5ba0190f2b4a7f0d13cc63ce9d7038e87cb8ca7af7
 SHA512:
-  metadata.gz: b41d4ee2190f5a88e263ef6905ffe43e6727923df4f3f1a600f203d10ea2010409e95c02c965cc2161fce47d5d541aaa1217beeb05097134fcaecdcfcd4305f1
-  data.tar.gz: dd940d846b7892a4607c78767f2ca364c62ab33782deb76b863d8b393f1a5c82134f0b3f6c76a438f9993e7d7702df67899d9e6485bc5491e03fcc3e02a38c1e
+  metadata.gz: ef4e1b43b6ae8f9060e8ba936ebffed084288e3a0df798c487141dd608f9f136e4cde74babc9ed9ab9c908f96a558fd674dcc9b579f94cc0bc95da581a973a20
+  data.tar.gz: a252ddc02c510c14c011c23d3127a5f17d7dc97dc6b44a46e889b85b4130e9897c4d9623fb6ad144e6cc32f21524ad5d58f008d9d1b6376c47884c2f42c94008

data/lib/lua/dist/wafris_core.lua CHANGED Viewed

@@ -60,28 +60,42 @@ local function add_to_HLL_request_count(timebucket, request_id)
 end
 -- For: Leaderboard of IPs with Request count as score
-local function increment_timebucket_for_ip(timebucket, ip)
-  redis.call("ZINCRBY", "ip-leader-sset:" .. timebucket, 1, ip)
+local function increment_timebucket_for(type, timebucket, property)
+  -- TODO: breaking change will to switch to client_ip: prefix
+  type = type or "ip-"
+  redis.call("ZINCRBY", type .. "leader-sset:" .. timebucket, 1, property)
 end
 -- Configuration
 local max_requests = 100000
 local max_requests_per_ip = 10000
-local ip = ARGV[1]
+local client_ip = ARGV[1]
 local ip_to_decimal = ARGV[2]
 local unix_time_milliseconds = ARGV[3]
 local unix_time = ARGV[3] / 1000
+local proxy_ip = ARGV[4]
+local user_agent = ARGV[5]
+local request_path = ARGV[6]
+local host = ARGV[7]
 -- Initialize local variables
-local request_id = get_request_id(nil, ip, max_requests)
+local request_id = get_request_id(nil, client_ip, max_requests)
 local current_timebucket = get_time_bucket_from_timestamp(unix_time_milliseconds)
 -- GRAPH DATA COLLECTION
 add_to_HLL_request_count(current_timebucket, request_id)
 -- LEADERBOARD DATA COLLECTION
-increment_timebucket_for_ip(current_timebucket, ip)
+-- TODO: breaking change will to switch to client_ip: prefix
+increment_timebucket_for(nil, current_timebucket, client_ip)
+if proxy_ip ~= nil then
+  increment_timebucket_for(nil, current_timebucket, proxy_ip)
+end
+increment_timebucket_for("proxy_ip:", current_timebucket, proxy_ip)
+increment_timebucket_for("user_agent:", current_timebucket, user_agent)
+increment_timebucket_for("request_path:", current_timebucket, request_path)
+increment_timebucket_for("host:", current_timebucket, host)
 -- BLOCKING LOGIC
 -- Safelist Range Check

data/lib/wafris/configuration.rb CHANGED Viewed

@@ -36,14 +36,6 @@ module Wafris
       read_lua_dist("wafris_core")
     end
-    def graph_sha
-      @graph_sha ||= redis.script(:load, wafris_graph)
-    end
-    def wafris_graph
-      read_lua_dist("get_graph_data")
-    end
     private
     def read_lua_dist(filename)

data/lib/wafris/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Wafris
-  VERSION = "0.1.2"
+  VERSION = "0.3.0"
 end

data/lib/wafris.rb CHANGED Viewed

@@ -32,12 +32,18 @@ module Wafris
     def allow_request?(request)
       configuration.connection_pool.with do |conn|
         time = Time.now.to_f * 1000
+        puts "WAF LOG: Client IP #{client_ip(request)}"
+        puts "WAF LOG: Proxy IP #{proxy_ip(request)}"
         status = conn.evalsha(
           configuration.core_sha,
           argv: [
-            request.ip,
+            client_ip(request),
             IPAddr.new(request.ip).to_i,
-            time.to_i
+            time.to_i,
+            proxy_ip(request),
+            request.user_agent,
+            request.path,
+            request.host
           ]
         )
@@ -49,60 +55,18 @@ module Wafris
       end
     end
-    def add_block(ip)
-      configuration.connection_pool.with do |conn|
-        conn.zadd(
-          'blocked_ranges',
-          IPAddr.new(ip).to_i,
-          ip
-        )
-      end
-    end
-    def remove_block(ip)
-      configuration.connection_pool.with do |conn|
-        conn.zrem(
-          'blocked_ranges',
-          ip
-        )
-      end
-    end
-    def request_buckets(_now)
-      graph_data = []
-      configuration.connection_pool.with do |conn|
-        time = Time.now.to_f * 1000
-        graph_data = conn.evalsha(
-          configuration.graph_sha,
-          argv: [
-            time.to_i
-          ]
-        )
-      end
+    private
-      return graph_data
-    end
+    def client_ip(request)
+      return request.ip if request.headers['x-forwarded-for'].nil?
-    def ips_with_num_requests
-      configuration.connection_pool.with do |conn|
-        return conn.zunion(
-          *leader_timebuckets,
-          0, -1, with_scores: true
-        )
-      end
+      request.headers['x-forwarded-for'].split(',').first
     end
-    private
-    def leader_timebuckets
-      timebuckets = []
-      time = Time.now.utc
-      24.times do |hours|
-        timebuckets << "ip-leader-sset:#{(time - 60 * 60 * hours).strftime("%Y-%m-%d-%H")}"
-      end
+    def proxy_ip(request)
+      return nil if request.headers['x-forwarded-for'].nil?
-      return timebuckets
+      request.headers['x-forwarded-for'].split(',').last
     end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: wafris
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.3.0
 platform: ruby
 authors:
 - Micahel Buckbee
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-04-23 00:00:00.000000000 Z
+date: 2023-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: connection_pool
@@ -185,7 +185,6 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- lib/lua/dist/get_graph_data.lua
 - lib/lua/dist/wafris_core.lua
 - lib/lua/src/get_time_buckets.lua
 - lib/lua/src/queries.lua

data/lib/lua/dist/get_graph_data.lua DELETED Viewed

@@ -1,81 +0,0 @@
--- Compiled from:
--- src/get_time_buckets.lua
--- Code was pulled from https://otland.net/threads/how-convert-timestamp-to-date-type.251657/
--- An alternate solution is https://gist.github.com/markuman/e96d04139cd8acc33604
-local function get_time_bucket_from_timestamp(unix_time_milliseconds)
-  local function calculate_years_number_of_days(yr)
-    return (yr % 4 == 0 and (yr % 100 ~= 0 or yr % 400 == 0)) and 366 or 365
-  end
-  local function get_year_and_day_number(year, days)
-    while days >= calculate_years_number_of_days(year) do
-      days = days - calculate_years_number_of_days(year)
-      year = year + 1
-    end
-    return year, days
-  end
-  local function get_month_and_month_day(days, year)
-    local days_in_each_month = {
-      31,
-      (calculate_years_number_of_days(year) == 366 and 29 or 28),
-      31,
-      30,
-      31,
-      30,
-      31,
-      31,
-      30,
-      31,
-      30,
-      31,
-    }
-    for month = 1, #days_in_each_month do
-      if days - days_in_each_month[month] <= 0 then
-        return month, days
-      end
-      days = days - days_in_each_month[month]
-    end
-  end
-  local unix_time = unix_time_milliseconds / 1000
-  local year = 1970
-  local days = math.ceil(unix_time / 86400)
-  local month = nil
-  year, days = get_year_and_day_number(year, days)
-  month, days = get_month_and_month_day(days, year)
-  local hours = math.floor(unix_time / 3600 % 24)
-  -- local minutes, seconds = math.floor(unix_time / 60 % 60), math.floor(unix_time % 60)
-  -- hours = hours > 12 and hours - 12 or hours == 0 and 12 or hours
-  return string.format("%04d-%02d-%02d-%02d", year, month, days, hours)
-end
-local function get_time_buckets(unix_time_milliseconds)
-  local time_buckets = {}
-  for i = 23, 0, -1 do
-    table.insert(time_buckets, get_time_bucket_from_timestamp(unix_time_milliseconds - (1000 * 60 * 60 * i)))
-  end
-  return time_buckets
-end
-local function num_requests(time_bucket)
-  local request_keys = redis.call("KEYS", "unique-requests:" .. time_bucket)
-  redis.call("PFMERGE", "merged_unique-requests", unpack(request_keys))
-  return redis.call("PFCOUNT", "merged_unique-requests")
-end
-local graph_data = {}
-local unix_time_milliseconds = ARGV[1]
-local time_buckets = get_time_buckets(unix_time_milliseconds)
--- use the get_time_buckets method to get each time bucket and
--- the associated count for that bucket
-for bucket in pairs(time_buckets) do
-  table.insert(graph_data, time_buckets[bucket])
-  table.insert(graph_data, num_requests(time_buckets[bucket]))
-end
-return graph_data