wafris 2.0.5 → 2.0.7

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d1a6832a6803974c5ebc7e337c3e118fb876dececdb8154f9877411e4169baca
4
- data.tar.gz: f8c60d439b09b2b299bb17f6ab233fb265b214e72ea1791cc43d5c8a34aa2264
3
+ metadata.gz: 18143fac18debaf1b85c3b0bcef4deef24ea2fd27fbfaca36969a860e2ba1829
4
+ data.tar.gz: cc6c953ec32d817b2484336902c9474fea514a47d1e43860f7699bed2a79524e
5
5
  SHA512:
6
- metadata.gz: 020ff0f8179cfd43719fc7e44814fb734873f7f496e6c8a5498800643f06bb9fc1914f255cbbbb4b5b96f7a91d2fe20d6e5c9f26ed8b623684823818e9a6d970
7
- data.tar.gz: d9e6a41ea3ab39f34fbf74a81cea82846b3ad2861939c06f9ec3cb6a5f6f95e198c1af3e83c5af7ed3cffb53313398e852f163489fc4b07dc595bc5f6b4d94d3
6
+ metadata.gz: 73d478b06f745fc49c2f073466c931fe118ed1a3fc127ad6598087d5aab1d2f5009bac3dc588aa597f802402cbc0262a147866f43815ef9e4f0ba0d73a4be592
7
+ data.tar.gz: 1ce9b2e491f7c776ee0ec113d515b5c9a47bfc1ee5debd0a59a0684e81771870a022886131fc8c7605776d6c52e52f1854f318b41cc63b9240c897203e83e39b
@@ -4,16 +4,20 @@ module Wafris
4
4
  class Middleware
5
5
  def initialize(app)
6
6
  @app = app
7
+ @notifier = ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
7
8
  ProxyFilter.set_filter
8
9
  end
9
10
 
10
11
  def call(env)
11
- request = Rack::Request.new(env)
12
-
13
- treatment = Wafris.evaluate(
14
- WafrisRequest.new(request, env)
12
+ wafris_request = WafrisRequest.new(
13
+ Rack::Request.new(env),
14
+ env
15
15
  )
16
16
 
17
+ treatment = Wafris.evaluate(wafris_request)
18
+
19
+ @notifier&.instrument("#{treatment}.wafris", request: wafris_request, treatment: treatment)
20
+
17
21
  # These values match what the client tests expect (200, 404, 403, 500)
18
22
  if treatment == "Allowed" || treatment == "Passed"
19
23
  @app.call(env)
@@ -1,3 +1,25 @@
1
+ # This file includes code from the https://github.com/rack/rack project,
2
+ # which is licensed under the MIT License.
3
+ # Copyright (C) 2007-2021 Leah Neukirchen <http://leahneukirchen.org/infopage.html>
4
+ #
5
+ # Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ # of this software and associated documentation files (the "Software"), to deal
7
+ # in the Software without restriction, including without limitation the rights
8
+ # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ # copies of the Software, and to permit persons to whom the Software is
10
+ # furnished to do so, subject to the following conditions:
11
+ #
12
+ # The above copyright notice and this permission notice shall be included in
13
+ # all copies or substantial portions of the Software.
14
+ #
15
+ # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ # THE SOFTWARE.
22
+
1
23
  # frozen_string_literal: true
2
24
 
3
25
  module Wafris
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Wafris
4
- VERSION = "2.0.5"
4
+ VERSION = "2.0.7"
5
5
  end
data/lib/wafris.rb CHANGED
@@ -19,6 +19,19 @@ module Wafris
19
19
  class << self
20
20
  attr_accessor :configuration
21
21
 
22
+ ALLOWED_IP = "ai"
23
+ ALLOWED_CIDR = "ac"
24
+ BLOCKED_IP = "bi"
25
+ BLOCKED_CIDR = "bc"
26
+ BLOCKED_REPUTATION = "brep"
27
+ BLOCKED_COUNTRY = "bctry"
28
+ BLOCKED_USER_AGENT = "bu"
29
+ BLOCKED_PATH = "bp"
30
+ BLOCKED_PARAM = "bparam"
31
+ BLOCKED_HOST = "bh"
32
+ BLOCKED_METHOD = "bm"
33
+ BLOCKED_RATE_LIMIT = "brl"
34
+
22
35
  def configure
23
36
  self.configuration ||= Wafris::Configuration.new
24
37
  yield(configuration)
@@ -434,34 +447,35 @@ module Wafris
434
447
  SQLite3::Database.new "#{@configuration.db_file_path}/#{data_subscriptions_db_filename}"
435
448
 
436
449
  ip = request.ip
437
- return queue_upsync_request(request, "Allowed", "ai", ip) if exact_match(ip, "allowed_ips", rules_db)
438
- return queue_upsync_request(request, "Allowed", "ac", ip) if ip_in_cidr_range(ip, "allowed_cidr_ranges", rules_db)
439
- return queue_upsync_request(request, "Blocked", "bi", ip) if exact_match(ip, "blocked_ips", rules_db)
440
- return queue_upsync_request(request, "Blocked", "bc", ip) if ip_in_cidr_range(ip, "blocked_cidr_ranges", rules_db)
450
+
451
+ return queue_upsync_request(request, "Allowed", ALLOWED_IP, ip) if exact_match(ip, "allowed_ips", rules_db)
452
+ return queue_upsync_request(request, "Allowed", ALLOWED_CIDR, ip) if ip_in_cidr_range(ip, "allowed_cidr_ranges", rules_db)
453
+ return queue_upsync_request(request, "Blocked", BLOCKED_IP, ip) if exact_match(ip, "blocked_ips", rules_db)
454
+ return queue_upsync_request(request, "Blocked", BLOCKED_CIDR, ip) if ip_in_cidr_range(ip, "blocked_cidr_ranges", rules_db)
441
455
 
442
456
  country_code = get_country_code(ip, data_subscriptions_db)
443
- return queue_upsync_request(request, "Blocked", "bs", "G_#{country_code}") if exact_match(country_code, "blocked_country_codes", rules_db)
457
+ return queue_upsync_request(request, "Blocked", BLOCKED_COUNTRY, "G_#{country_code}") if exact_match(country_code, "blocked_country_codes", rules_db)
444
458
 
445
459
  # Blocked Reputation IP Ranges
446
- return queue_upsync_request(request, "Blocked", "bs", "R") if ip_in_cidr_range(ip, "reputation_ip_ranges", data_subscriptions_db)
460
+ return queue_upsync_request(request, "Blocked", BLOCKED_REPUTATION, "R") if ip_in_cidr_range(ip, "reputation_ip_ranges", data_subscriptions_db)
447
461
 
448
462
  user_agent_match = substring_match(request.user_agent, "blocked_user_agents", rules_db)
449
- return queue_upsync_request(request, "Blocked", "bu", user_agent_match) if user_agent_match
463
+ return queue_upsync_request(request, "Blocked", BLOCKED_USER_AGENT, user_agent_match) if user_agent_match
450
464
 
451
465
  path_match = substring_match(request.path, "blocked_paths", rules_db)
452
- return queue_upsync_request(request, "Blocked", "bp", path_match) if path_match
466
+ return queue_upsync_request(request, "Blocked", BLOCKED_PATH, path_match) if path_match
453
467
 
454
468
  parameters_match = substring_match(request.parameters, "blocked_parameters", rules_db)
455
- return queue_upsync_request(request, "Blocked", "ba", parameters_match) if parameters_match
469
+ return queue_upsync_request(request, "Blocked", BLOCKED_PARAM, parameters_match) if parameters_match
456
470
 
457
- return queue_upsync_request(request, "Blocked", "bh", request.host) if exact_match(request.host, "blocked_hosts", rules_db)
471
+ return queue_upsync_request(request, "Blocked", BLOCKED_HOST, request.host) if exact_match(request.host, "blocked_hosts", rules_db)
458
472
 
459
- return queue_upsync_request(request, "Blocked", "bm", request.method) if exact_match(request.method, "blocked_methods", rules_db)
473
+ return queue_upsync_request(request, "Blocked", BLOCKED_METHOD, request.method) if exact_match(request.method, "blocked_methods", rules_db)
460
474
 
461
475
  # Rate Limiting
462
476
  rule_id = check_rate_limit(ip, request.path, request.method, rules_db)
463
477
  if rule_id
464
- return queue_upsync_request(request, "Blocked", "brl", rule_id)
478
+ return queue_upsync_request(request, "Blocked", BLOCKED_RATE_LIMIT, rule_id)
465
479
  end
466
480
  end
467
481
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: wafris
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.5
4
+ version: 2.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Buckbee
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2024-10-23 00:00:00.000000000 Z
12
+ date: 2024-10-31 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rack