wafris 2.1.1 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/wafris/configuration.rb +39 -71
- data/lib/wafris/version.rb +1 -1
- data/lib/wafris/wafris_request.rb +1 -5
- data/lib/wafris.rb +13 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 722b44b21ce69ec8d515c442b3ee5fd783298de0714105eb9cd9585f3f007af9
|
|
4
|
+
data.tar.gz: d93da5905d328163e235e193998e63033a2be5b1e509a4b62ecbe804b0023289
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9945fef04660a4e6aeaf6aac33669bcfc210c1386ba684e7a147602f76542c0764c98dd9072fe35faace14bbaaf5d0be492e21c754da9b2607dae204ee350b1b
|
|
7
|
+
data.tar.gz: d219c32ddb8f9375bb1b006d3b0b3d49c5fe47ca4632e5bb8b8bd93a398c05d2dd183d5ad5a79510d4de89bf6f677d0c84ed038ea40fd0a7b4319bc6aff28d03
|
data/lib/wafris/configuration.rb
CHANGED
|
@@ -1,98 +1,66 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require_relative "version"
|
|
2
4
|
|
|
3
5
|
module Wafris
|
|
4
6
|
class Configuration
|
|
5
|
-
attr_accessor :api_key
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
7
|
+
attr_accessor :api_key,
|
|
8
|
+
:db_file_path,
|
|
9
|
+
:db_file_name,
|
|
10
|
+
:downsync_custom_rules_interval,
|
|
11
|
+
:downsync_data_subscriptions_interval,
|
|
12
|
+
:downsync_url,
|
|
13
|
+
:upsync_url,
|
|
14
|
+
:upsync_interval,
|
|
15
|
+
:upsync_queue_limit,
|
|
16
|
+
:upsync_status,
|
|
17
|
+
:upsync_queue,
|
|
18
|
+
:local_only,
|
|
19
|
+
:last_upsync_timestamp,
|
|
20
|
+
:max_body_size_mb,
|
|
21
|
+
:rate_limiters
|
|
20
22
|
|
|
21
23
|
def initialize
|
|
22
|
-
|
|
23
|
-
if ENV["WAFRIS_API_KEY"]
|
|
24
|
-
@api_key = ENV["WAFRIS_API_KEY"]
|
|
25
|
-
else
|
|
26
|
-
unless @api_key
|
|
27
|
-
LogSuppressor.puts_log("Firewall disabled as neither local only or API key set")
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
# DB FILE PATH LOCATION - Optional
|
|
24
|
+
@api_key = ENV["WAFRIS_API_KEY"]
|
|
32
25
|
@db_file_path = ENV["WAFRIS_DB_FILE_PATH"] || "./tmp/wafris"
|
|
33
|
-
|
|
34
|
-
# Ensure that the db_file_path exists
|
|
35
|
-
unless File.directory?(@db_file_path)
|
|
36
|
-
LogSuppressor.puts_log("DB File Path does not exist - creating it now.")
|
|
37
|
-
FileUtils.mkdir_p(@db_file_path) unless File.exist?(@db_file_path)
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
# DB FILE NAME - For local
|
|
41
26
|
@db_file_name = ENV["WAFRIS_DB_FILE_NAME"] || "wafris.db"
|
|
42
|
-
|
|
43
|
-
# DOWNSYNC
|
|
44
|
-
# Custom Rules are checked often (default 1 minute) - Optional
|
|
45
27
|
@downsync_custom_rules_interval = ENV["WAFRIS_DOWNSYNC_CUSTOM_RULES_INTERVAL"]&.to_i || 60
|
|
46
|
-
|
|
47
|
-
# Data Subscriptions are checked rarely (default 1 day) - Optional
|
|
48
28
|
@downsync_data_subscriptions_interval = ENV["WAFRIS_DOWNSYNC_DATA_SUBSCRIPTIONS_INTERVAL"]&.to_i || 60
|
|
49
|
-
|
|
50
|
-
# Set Downsync URL - Optional
|
|
51
|
-
# Used for both DataSubscription and CustomRules
|
|
52
29
|
@downsync_url = ENV["WAFRIS_DOWNSYNC_URL"] || "https://distributor.wafris.org/v2/downsync"
|
|
53
|
-
|
|
54
|
-
# UPSYNC - Optional
|
|
55
|
-
# Set Upsync URL
|
|
56
30
|
@upsync_url = ENV["WAFRIS_UPSYNC_URL"] || "https://collector.wafris.org/v2/upsync"
|
|
57
|
-
|
|
58
|
-
# Set Upsync Interval - Optional
|
|
59
31
|
@upsync_interval = ENV["WAFRIS_UPSYNC_INTERVAL"]&.to_i || 10
|
|
60
|
-
|
|
61
|
-
# Set Upsync Queued Request Limit - Optional
|
|
62
32
|
@upsync_queue_limit = ENV["WAFRIS_UPSYNC_QUEUE_LIMIT"]&.to_i || 250
|
|
63
|
-
|
|
64
|
-
# Set Maximium Body Size for Requests - Optional (in Megabytes)
|
|
65
|
-
@max_body_size_mb = if ENV["WAFRIS_MAX_BODY_SIZE_MB"] && ENV["WAFRIS_MAX_BODY_SIZE_MB"].to_i > 0
|
|
66
|
-
ENV["WAFRIS_MAX_BODY_SIZE_MB"].to_i
|
|
67
|
-
else
|
|
68
|
-
10
|
|
69
|
-
end
|
|
70
|
-
|
|
71
|
-
# Upsync Queue Defaults
|
|
33
|
+
@max_body_size_mb = set_max_body_size
|
|
72
34
|
@upsync_queue = []
|
|
73
35
|
@last_upsync_timestamp = Time.now.to_i
|
|
74
|
-
|
|
75
|
-
# Memory structure for rate limiting
|
|
76
36
|
@rate_limiters = {}
|
|
77
|
-
|
|
78
|
-
# Disable Upsync if Downsync API Key is invalid
|
|
79
|
-
# This prevents the client from sending upsync requests
|
|
80
|
-
# if the API key is known bad
|
|
81
37
|
@upsync_status = "Disabled"
|
|
82
38
|
end
|
|
83
39
|
|
|
84
|
-
def
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
40
|
+
def setup
|
|
41
|
+
if @api_key
|
|
42
|
+
create_db_file_path
|
|
43
|
+
else
|
|
44
|
+
LogSuppressor.puts_log("Firewall disabled as API key is not set.")
|
|
89
45
|
end
|
|
46
|
+
end
|
|
90
47
|
|
|
91
|
-
|
|
48
|
+
private
|
|
49
|
+
|
|
50
|
+
def set_max_body_size
|
|
51
|
+
if ENV["WAFRIS_MAX_BODY_SIZE_MB"] && ENV["WAFRIS_MAX_BODY_SIZE_MB"].to_i > 0
|
|
52
|
+
ENV["WAFRIS_MAX_BODY_SIZE_MB"].to_i
|
|
53
|
+
else
|
|
54
|
+
10
|
|
55
|
+
end
|
|
92
56
|
end
|
|
93
57
|
|
|
94
|
-
def
|
|
95
|
-
|
|
58
|
+
def create_db_file_path
|
|
59
|
+
# Ensure that the db_file_path exists
|
|
60
|
+
unless File.directory?(@db_file_path)
|
|
61
|
+
LogSuppressor.puts_log("DB File Path does not exist - creating it now.")
|
|
62
|
+
FileUtils.mkdir_p(@db_file_path) unless File.exist?(@db_file_path)
|
|
63
|
+
end
|
|
96
64
|
end
|
|
97
65
|
end
|
|
98
66
|
end
|
data/lib/wafris/version.rb
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
module Wafris
|
|
4
4
|
class WafrisRequest
|
|
5
5
|
attr_reader :ip, :user_agent, :path, :parameters, :host, :method,
|
|
6
|
-
:headers, :
|
|
6
|
+
:headers, :request_id, :request_timestamp
|
|
7
7
|
|
|
8
8
|
def initialize(request, env)
|
|
9
9
|
@ip = encode_to_utf8(IpResolver.new(request).resolve)
|
|
@@ -15,10 +15,6 @@ module Wafris
|
|
|
15
15
|
@headers = extract_headers(env)
|
|
16
16
|
@request_id = env.fetch("action_dispatch.request_id", SecureRandom.uuid.to_s)
|
|
17
17
|
@request_timestamp = Time.now.utc.to_i
|
|
18
|
-
|
|
19
|
-
pos = request.body&.pos
|
|
20
|
-
@body = encode_to_utf8(request.body&.read)
|
|
21
|
-
request.body&.rewind if request.body&.pos != pos
|
|
22
18
|
end
|
|
23
19
|
|
|
24
20
|
def data(treatment:, category:, rule:)
|
data/lib/wafris.rb
CHANGED
|
@@ -34,12 +34,18 @@ module Wafris
|
|
|
34
34
|
|
|
35
35
|
def configure
|
|
36
36
|
self.configuration ||= Wafris::Configuration.new
|
|
37
|
-
|
|
37
|
+
if block_given?
|
|
38
|
+
yield(configuration)
|
|
39
|
+
LogSuppressor.puts_log("Configuration settings created with configure block.")
|
|
40
|
+
else
|
|
41
|
+
LogSuppressor.puts_log("Configuration settings created with defaults and ENV vars.")
|
|
42
|
+
end
|
|
38
43
|
|
|
39
|
-
|
|
40
|
-
|
|
44
|
+
configuration.setup
|
|
45
|
+
|
|
46
|
+
return configuration
|
|
41
47
|
rescue => e
|
|
42
|
-
|
|
48
|
+
LogSuppressor.puts_log("Firewall disabled due to: #{e.message}. Please check your configuration settings.")
|
|
43
49
|
end
|
|
44
50
|
|
|
45
51
|
def zero_pad(number, length)
|
|
@@ -432,7 +438,9 @@ module Wafris
|
|
|
432
438
|
# This is the main loop that evaluates the request
|
|
433
439
|
# as well as sorts out when downsync and upsync should be called
|
|
434
440
|
def evaluate(request)
|
|
435
|
-
@configuration
|
|
441
|
+
if @configuration.nil?
|
|
442
|
+
configure
|
|
443
|
+
end
|
|
436
444
|
|
|
437
445
|
return "Passed" if @configuration.api_key.nil?
|
|
438
446
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: wafris
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael Buckbee
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2024-11-
|
|
12
|
+
date: 2024-11-26 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: rack
|