wafris 1.1.11 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e2fcb2f6f87a3f5fe3f89091437cad264aa10b8a8e0440ab6568e172674fc9a7
-  data.tar.gz: 1713ee535af2200d1c8b9b0512456c2a96544942e552fbe487a77690d66ac262
+  metadata.gz: f0dfe47e533d91f974d391af755f1bd8e148808cbfe86dd6755b839201282b47
+  data.tar.gz: bd7135922d96fa7789cc65dbd47635c4b1e84a4e7b27a6b4dde5a1a00cc15ac8
 SHA512:
-  metadata.gz: 0312e05a8cf9687dd222263a75a3fcec4590bdd325b3d3f01d80ed211c6810b99bcaa9cfd1b682767f6cba9ba7f97240f7faf6d78d549a7cc03df4d9c40fad68
-  data.tar.gz: 5e897f2ea32786c2b82e39f2f5b9385bd862b255294f92e59f405a8327d16e96efeb6d38194ba0490b8b9020e22931dae06c7d28112e7bd71efc456b4841ccc8
+  metadata.gz: 0c1e66690ca97e6f9a9349f1960f92f5376175660bebc9a172eabe849af6806d4c5f278f1765a22b36ce75797a757bf9cb3719a58446aaa5fa8fe0356c348cf0
+  data.tar.gz: 35a3e86f1f3c63ec38c3d67adbfb952fa89a062dad78450bfd365f45c1a1607f689e104e2c7ef6faac3a00461e07022d041e5d2f667396ad81baa3af30be8acf

data/lib/wafris/configuration.rb

@@ -1,56 +1,140 @@
-# frozen_string_literal: true
 
 require_relative 'version'
 
 module Wafris
   class Configuration
-    attr_accessor :redis
-    attr_accessor :redis_pool_size
-    attr_accessor :maxmemory
-    attr_accessor :quiet_mode
+
+    attr_accessor :api_key
+    attr_accessor :db_file_path
+    attr_accessor :db_file_name
+    attr_accessor :downsync_custom_rules_interval
+    attr_accessor :downsync_data_subscriptions_interval
+    attr_accessor :downsync_url
+    attr_accessor :upsync_url
+    attr_accessor :upsync_interval
+    attr_accessor :upsync_queue_limit
+    attr_accessor :upsync_status
+    attr_accessor :upsync_queue
+    attr_accessor :local_only
+    attr_accessor :last_upsync_timestamp
+    attr_accessor :max_body_size_mb
+    attr_accessor :rate_limiters
 
     def initialize
-      @redis_pool_size = 20
-      @maxmemory = 25
-      @quiet_mode = false
-    end
 
-    def connection_pool
-      @connection_pool ||=
-        ConnectionPool.new(size: redis_pool_size) { redis }
-    end
+      # API Key - Required
+      if ENV['WAFRIS_API_KEY']
+        @api_key = ENV['WAFRIS_API_KEY']        
+      else
+        unless @api_key         
+          LogSuppressor.puts_log("Firewall disabled as neither local only or API key set")        
+        end
+      end
 
-    def create_settings
-      redis.hset('waf-settings',
-                 'version', Wafris::VERSION,
-                 'client', 'ruby',
-                 'maxmemory', @maxmemory)
-      LogSuppressor.puts_log(
-        "[Wafris] firewall enabled. Connected to Redis on #{redis.connection[:host]}. Ready to process requests. Set rules at: https://wafris.org/hub"
-      ) unless @quiet_mode
-    end
+      # DB FILE PATH LOCATION - Optional
+      if ENV['WAFRIS_DB_FILE_PATH']
+        @db_file_path = ENV['WAFRIS_DB_FILE_PATH']      
+      else
+        #@db_file_path = Rails.root.join('tmp', 'wafris').to_s
+        @db_file_path = './tmp/wafris'
+      end
 
-    def core_sha
-      @core_sha ||= redis.script(:load, wafris_core)
-    end
+      # Ensure that the db_file_path exists
+      unless File.directory?(@db_file_path)
+        LogSuppressor.puts_log("DB File Path does not exist - creating it now.")
+        FileUtils.mkdir_p(@db_file_path) unless File.exist?(@db_file_path)
+      end
+
+      # DB FILE NAME - For local
+      if ENV['WAFRIS_DB_FILE_NAME']
+        @db_file_name = ENV['WAFRIS_DB_FILE_NAME']
+      else
+        @db_file_name = 'wafris.db'
+      end
+  
+      # DOWNSYNC
+      # Custom Rules are checked often (default 1 minute) - Optional
+      if ENV['WAFRIS_DOWNSYNC_CUSTOM_RULES_INTERVAL']
+        @downsync_custom_rules_interval = ENV['WAFRIS_DOWNSYNC_CUSTOM_RULES_INTERVAL'].to_i
+      else
+        @downsync_custom_rules_interval = 60
+      end
+  
+      # Data Subscriptions are checked rarely (default 1 day) - Optional
+      if ENV['WAFRIS_DOWNSYNC_DATA_SUBSCRIPTIONS_INTERVAL'] 
+        @downsync_data_subscriptions_interval = ENV['WAFRIS_DOWNSYNC_DATA_SUBSCRIPTIONS_INTERVAL'].to_i
+      else
+        @downsync_data_subscriptions_interval = 60
+      end
+  
+      # Set Downsync URL - Optional
+      # Used for both DataSubscription and CustomRules
+      if ENV['WAFRIS_DOWNSYNC_URL']
+        @downsync_url = ENV['WAFRIS_DOWNSYNC_URL']
+      else
+        @downsync_url = 'https://distributor.wafris.org/v2/downsync'
+      end
+      
+      # UPSYNC - Optional
+      # Set Upsync URL
+      if ENV['WAFRIS_UPSYNC_URL']
+        @upsync_url = ENV['WAFRIS_UPSYNC_URL']
+      else
+        @upsync_url = 'https://collector.wafris.org/v2/upsync' 
+      end
+  
+      # Set Upsync Interval - Optional
+      if ENV['WAFRIS_UPSYNC_INTERVAL']
+        @upsync_interval = ENV['WAFRIS_UPSYNC_INTERVAL'].to_i
+      else
+        @upsync_interval = 10
+      end
+    
+      # Set Upsync Queued Request Limit - Optional
+      if ENV['WAFRIS_UPSYNC_QUEUE_LIMIT']
+        @upsync_queue_limit = ENV['WAFRIS_UPSYNC_QUEUE_LIMIT'].to_i
+      else
+        @upsync_queue_limit = 250
+      end
+  
+      # Set Maximium Body Size for Requests - Optional (in Megabytes)
+      if ENV['WAFRIS_MAX_BODY_SIZE_MB'] && ENV['WAFRIS_MAX_BODY_SIZE_MB'].to_i > 0  
+        @max_body_size_mb = ENV['WAFRIS_MAX_BODY_SIZE_MB'].to_i
+      else
+        @max_body_size_mb = 10
+      end
 
-    def wafris_core
-      read_lua_dist("wafris_core")
+      # Upsync Queue Defaults
+      @upsync_queue = []
+      @last_upsync_timestamp = Time.now.to_i
+  
+      # Memory structure for rate limiting
+      @rate_limiters = {}
+  
+      # Disable Upsync if Downsync API Key is invalid
+      # This prevents the client from sending upsync requests
+      # if the API key is known bad
+      @upsync_status = 'Disabled'
+
+      return true
+  
     end
 
-    private
+    def current_config
+
+      output = {}
+
+      instance_variables.each do |var|
+        output[var.to_s] = instance_variable_get(var)
+      end
+
+      return output
 
-    def read_lua_dist(filename)
-      File.read(
-        file_path(filename)
-      )
     end
 
-    def file_path(filename)
-      File.join(
-        File.dirname(__FILE__),
-        "../lua/dist/#{filename}.lua"
-      )
+    def create_settings
+      @version = Wafris::VERSION
     end
+
   end
 end

data/lib/wafris/log_suppressor.rb

@@ -3,11 +3,12 @@
 module Wafris
   class LogSuppressor
     def self.puts_log(message)
-      puts(message) unless suppress_logs?
+      puts("[Wafris] " + message) unless suppress_logs?
     end
 
     def self.suppress_logs?
-      suppressed_environments.include?(current_environment)
+      suppressed_environments.include?(current_environment) || 
+      (ENV['WAFRIS_LOG_LEVEL'] && ENV['WAFRIS_LOG_LEVEL'] == 'silent')
     end
 
     def self.suppressed_environments

data/lib/wafris/middleware.rb

@@ -1,12 +1,15 @@
 # frozen_string_literal: true
 
+
 module Wafris
   class Middleware
     def initialize(app)
       @app = app
     end
 
+    
     def call(env)
+
       user_defined_proxies = ENV['TRUSTED_PROXY_RANGES'].split(',') if ENV['TRUSTED_PROXY_RANGES']
 
       valid_ipv4_octet = /\.(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])/
@@ -25,34 +28,53 @@ module Wafris
       Rack::Request.ip_filter = lambda { |ip| trusted_proxies.match?(ip) }
 
       request = Rack::Request.new(env)
+      # Forcing UTF-8 encoding on all strings for Sqlite3 compatibility
 
-      if Wafris.allow_request?(request)
-        @app.call(env)
-      else
-        LogSuppressor.puts_log(
-          "[Wafris] Blocked: #{request.ip} #{request.request_method} #{request.host} #{request.url}}"
-        )
-        [403, {}, ['Blocked']]
-      end
-    rescue Redis::TimeoutError
-      LogSuppressor.puts_log(
-        "[Wafris] Wafris timed out during processing. Request passed without rules check."
-      )
-      @app.call(env)
-    rescue NoMethodError => e
-      if e.message.include?("undefined method `connection_pool'")
-        LogSuppressor.puts_log(
-          "[Wafris] Wafris is not configured. Please check your configuration settings. Request passed without rules check. More info can be found at: https://github.com/Wafris/wafris-rb"
-        )
+      # List of possible IP headers in order of priority
+      ip_headers = [
+        'HTTP_X_REAL_IP', 
+        'HTTP_X_TRUE_CLIENT_IP', 
+        'HTTP_FLY_CLIENT_IP', 
+        'HTTP_CF_CONNECTING_IP'
+      ]
+
+      # Find the first header that is present in the environment
+      ip_header = ip_headers.find { |header| env[header] }
+
+      # Use the found header or fallback to remote_ip if none of the headers are present
+      ip = (ip_header ? env[ip_header] : request.ip).force_encoding('UTF-8')
+
+      user_agent = request.user_agent ? request.user_agent.force_encoding('UTF-8') : nil
+      path = request.path.force_encoding('UTF-8')    
+      parameters = Rack::Utils.build_query(request.params).force_encoding('UTF-8')
+      host = request.host.to_s.force_encoding('UTF-8')      
+      request_method = String.new(request.request_method).force_encoding('UTF-8')
+
+      # Submitted for evaluation
+      headers = env.each_with_object({}) { |(k, v), h| h[k] = v.force_encoding('UTF-8') if k.start_with?('HTTP_') }
+      body = request.body.read
+
+      request_id = env.fetch('action_dispatch.request_id', SecureRandom.uuid.to_s)
+      request_timestamp = Time.now.utc.to_i
+
+      treatment = Wafris.evaluate(ip, user_agent, path, parameters, host, request_method, headers, body, request_id, request_timestamp)
+
+      # These values match what the client tests expect (200, 404, 403, 500
+      if treatment == 'Allowed' || treatment == 'Passed'
+        @app.call(env)        
+      elsif treatment == 'Blocked'
+        [403, { 'content-type' => 'text/plain' }, ['Blocked']]
       else
-        raise e
+        #ap request 
+        [500, { 'content-type' => 'text/plain' }, ['Error']]
       end
-      @app.call(env)
+
     rescue StandardError => e
-      LogSuppressor.puts_log(
-        "[Wafris] Redis connection error: #{e.message}. Request passed without rules check."
-      )
+
+      LogSuppressor.puts_log "[Wafris] Detailed Error: #{e.class} - #{e.message}"
+      LogSuppressor.puts_log "[Wafris] Backtrace: #{e.backtrace.join("\n")}"
       @app.call(env)
+
     end
   end
 end

data/lib/wafris/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Wafris
-  VERSION = "1.1.11"
+  VERSION = "2.0.0"
 end