RubyGems - wafris - Versions diffs - 0.5.4 → 0.7.0 - Mend

wafris 0.5.4 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/lua/dist/wafris_core.lua +26 -13
data/lib/wafris/middleware.rb +17 -0
data/lib/wafris/version.rb +1 -1
data/lib/wafris.rb +2 -18
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 16f5664939e2ff16c9741e4da47113d28535869a2f143d21fceca33caec7dbb7
-  data.tar.gz: 54bc209bf0c7ee9d225d5623681a0d391599a51f2113343f5f9c5f3b57e044bd
+  metadata.gz: 8cbb8c27a7af9771ecf6c07a34fd7da75f4ebacf4fd21dba0b37551a8b2ca2cd
+  data.tar.gz: 492a0f193e4c976a612106b5a0bb8c25aa008f170ec8111fa9504bd1cf585faf
 SHA512:
-  metadata.gz: e08b0d51693d3489cb5a225a50cb7241ab5f81571ef32f14c4c91cfabef861ed9fba3766477aac3d2baea81d46536c655b99d19715fb4cd496f608df43b15d85
-  data.tar.gz: d024cbdfc8923d23b0ebe81080a0238f6741f971b0f7488db376291b5cbe3d585bda06ab7a6ad3547224a95c80e2e182434c28c1c483ed47c70300f16b226289
+  metadata.gz: b50f3ad94a373c55285d5e800e55a483f7311a45d18c80d42464931f265edae1bc36a39f97ecf803a99065e5f12b106cc1739cd3716b3219f3a1a60f31b1a6c5
+  data.tar.gz: d23d85b065a338c454216d37755ec6d112d4392f9415e7e13df30c4610c96ab58a15a046211332a273cee3da12bdeae2fc3c4f09722239e5cd3b414fa09d4351

data/lib/lua/dist/wafris_core.lua CHANGED Viewed

@@ -1,4 +1,4 @@
-local function get_time_bucket_from_timestamp(unix_time_milliseconds)
+local function get_time_bucket_from_timestamp(unix_time_milliseconds, minutes_flag)
   local function calculate_years_number_of_days(yr)
     return (yr % 4 == 0 and (yr % 100 ~= 0 or yr % 400 == 0)) and 366 or 365
   end
@@ -45,7 +45,12 @@ local function get_time_bucket_from_timestamp(unix_time_milliseconds)
   local hours = math.floor(unix_time / 3600 % 24)
   -- local minutes, seconds = math.floor(unix_time / 60 % 60), math.floor(unix_time % 60)
   -- hours = hours > 12 and hours - 12 or hours == 0 and 12 or hours
-  return string.format("%04d-%02d-%02d-%02d", year, month, days, hours)
+  if minutes_flag == false then
+    return string.format("%04d-%02d-%02d-%02d", year, month, days, hours)
+  elseif minutes_flag == true then
+    local minutes = math.floor(unix_time / 60 % 60)
+    return string.format("%04d-%02d-%02d-%02d-%02d", year, month, days, hours, minutes)
+  end
 end
 -- For: Relationship of IP to time of Request (Stream)
@@ -66,6 +71,17 @@ local function increment_timebucket_for(type, timebucket, property)
   redis.call("ZINCRBY", type .. "leader-sset:" .. timebucket, 1, property)
 end
+local function increment_hourly_request_counters(unix_time_milliseconds)
+  for i = 1, 60 do
+    local timebucket_in_milliseconds = unix_time_milliseconds + 60000 * (i - 1)
+    local timebucket = get_time_bucket_from_timestamp(timebucket_in_milliseconds, true)
+    local key = "w:v0:hr-ct:" .. timebucket
+    redis.call("INCR", key)
+    -- Expire the key after 61 minutes if it has no expiry
+    redis.call("EXPIRE", key, 3660, "NX")
+  end
+end
 -- Configuration
 local max_requests = 100000
 local max_requests_per_ip = 10000
@@ -74,14 +90,16 @@ local client_ip = ARGV[1]
 local client_ip_to_decimal = ARGV[2]
 local unix_time_milliseconds = ARGV[3]
 local unix_time = ARGV[3] / 1000
-local proxy_ip = ARGV[4]
-local user_agent = ARGV[5]
-local request_path = ARGV[6]
-local host = ARGV[7]
+local user_agent = ARGV[4]
+local request_path = ARGV[5]
+local host = ARGV[6]
 -- Initialize local variables
 local request_id = get_request_id(nil, client_ip, max_requests)
-local current_timebucket = get_time_bucket_from_timestamp(unix_time_milliseconds)
+local current_timebucket = get_time_bucket_from_timestamp(unix_time_milliseconds, false)
+-- CARD DATA COLLECTION
+increment_hourly_request_counters(unix_time_milliseconds)
 -- GRAPH DATA COLLECTION
 add_to_HLL_request_count(current_timebucket, request_id)
@@ -89,16 +107,11 @@ add_to_HLL_request_count(current_timebucket, request_id)
 -- LEADERBOARD DATA COLLECTION
 -- TODO: breaking change will to switch to client_ip: prefix
 increment_timebucket_for(nil, current_timebucket, client_ip)
-if proxy_ip ~= nil and proxy_ip ~= "" then
-  increment_timebucket_for("proxy_ip:", current_timebucket, proxy_ip)
-end
 increment_timebucket_for("user_agent:", current_timebucket, user_agent)
 increment_timebucket_for("request_path:", current_timebucket, request_path)
 increment_timebucket_for("host:", current_timebucket, host)
-local foobar = redis.call("ZRANGEBYSCORE", "blocked_ranges", client_ip_to_decimal, client_ip_to_decimal, "LIMIT", 0, 1)
-redis.breakpoint()
+redis.call("ZRANGEBYSCORE", "blocked_ranges", client_ip_to_decimal, client_ip_to_decimal, "LIMIT", 0, 1)
 -- BLOCKING LOGIC
 -- TODO: ZRANGEBYSCORE is deprecated in Redis 6.2+. Replace with ZRANGE

data/lib/wafris/middleware.rb CHANGED Viewed

@@ -7,6 +7,23 @@ module Wafris
     end
     def call(env)
+      user_defined_proxies = ENV['MY_PROXIES'].split(',') if ENV['MY_PROXIES']
+      valid_ipv4_octet = /\.(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])/
+      trusted_proxies = Regexp.union(
+        /\A127#{valid_ipv4_octet}{3}\z/,                          # localhost IPv4 range 127.x.x.x, per RFC-3330
+        /\A::1\z/,                                                # localhost IPv6 ::1
+        /\Af[cd][0-9a-f]{2}(?::[0-9a-f]{0,4}){0,7}\z/i,           # private IPv6 range fc00 .. fdff
+        /\A10#{valid_ipv4_octet}{3}\z/,                           # private IPv4 range 10.x.x.x
+        /\A172\.(1[6-9]|2[0-9]|3[01])#{valid_ipv4_octet}{2}\z/,   # private IPv4 range 172.16.0.0 .. 172.31.255.255
+        /\A192\.168#{valid_ipv4_octet}{2}\z/,                     # private IPv4 range 192.168.x.x
+        /\Alocalhost\z|\Aunix(\z|:)/i,                            # localhost hostname, and unix domain sockets
+        *user_defined_proxies
+      )
+      Rack::Request.ip_filter = lambda { |ip| trusted_proxies.match?(ip) }
       request = Rack::Request.new(env)
       if Wafris.configuration.enabled? && Wafris.allow_request?(request)

data/lib/wafris/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Wafris
-  VERSION = "0.5.4"
+  VERSION = "0.7.0"
 end

data/lib/wafris.rb CHANGED Viewed

@@ -33,15 +33,13 @@ module Wafris
       configuration.connection_pool.with do |conn|
         time = Time.now.to_f * 1000
         puts "WAF LOG: headers with http-x-forwarded-for key #{request.get_header(Rack::Request::HTTP_X_FORWARDED_FOR)}"
-        puts "WAF LOG: Client IP #{client_ip(request)}"
-        puts "WAF LOG: Proxy IP #{proxy_ip(request)}"
+        puts "WAF LOG: Client IP #{request.ip}"
         status = conn.evalsha(
           configuration.core_sha,
           argv: [
-            client_ip(request),
+            request.ip,
             IPAddr.new(request.ip).to_i,
             time.to_i,
-            proxy_ip(request),
             request.user_agent,
             request.path,
             request.host
@@ -55,19 +53,5 @@ module Wafris
         end
       end
     end
-    private
-    def client_ip(request)
-      return request.ip if request.get_header(Rack::Request::HTTP_X_FORWARDED_FOR).eql?(request.ip)
-      request.get_header(Rack::Request::HTTP_X_FORWARDED_FOR).split(',').first
-    end
-    def proxy_ip(request)
-      return nil if request.get_header(Rack::Request::HTTP_X_FORWARDED_FOR).eql?(request.ip)
-      request.get_header(Rack::Request::HTTP_X_FORWARDED_FOR).split(',').last
-    end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: wafris
 version: !ruby/object:Gem::Version
-  version: 0.5.4
+  version: 0.7.0
 platform: ruby
 authors:
 - Micahel Buckbee
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-05 00:00:00.000000000 Z
+date: 2023-06-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: connection_pool