RubyGems - wafris - Versions diffs - 2.0.0 → 2.0.1 - Mend

wafris 2.0.0 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/wafris/ip_resolver.rb +30 -0
data/lib/wafris/middleware.rb +18 -55
data/lib/wafris/proxy_filter.rb +24 -0
data/lib/wafris/version.rb +1 -1
data/lib/wafris/wafris_request.rb +33 -0
data/lib/wafris.rb +3 -2
metadata +5 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f0dfe47e533d91f974d391af755f1bd8e148808cbfe86dd6755b839201282b47
-  data.tar.gz: bd7135922d96fa7789cc65dbd47635c4b1e84a4e7b27a6b4dde5a1a00cc15ac8
+  metadata.gz: 856e806ccf66f3810f2395de0062e005940bb8c06f66987b8ec3670126fb9dac
+  data.tar.gz: 24278b15cb5178ac90cce1cfdd35769d508cca5dd21fb655f79a23629c18ab91
 SHA512:
-  metadata.gz: 0c1e66690ca97e6f9a9349f1960f92f5376175660bebc9a172eabe849af6806d4c5f278f1765a22b36ce75797a757bf9cb3719a58446aaa5fa8fe0356c348cf0
-  data.tar.gz: 35a3e86f1f3c63ec38c3d67adbfb952fa89a062dad78450bfd365f45c1a1607f689e104e2c7ef6faac3a00461e07022d041e5d2f667396ad81baa3af30be8acf
+  metadata.gz: fa60b8e07f6960d69fd79a50661e25b8fdfd47a1d364bdfdb0e6d398117d36ebfa845f98475b8db4a9d102d317c50e5379acf249cfd10d5cba645f176d6a9e2e
+  data.tar.gz: 647bc36e84bf57c3f076ca83101cdf59e0d03cf3d51f3c39feb53af5be936b6e74368a9810ba6612e2149576f41dd25eb8fa92b2cc85bdda8d62afda0db8e4cd

data/lib/wafris/ip_resolver.rb ADDED Viewed

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+module Wafris
+  class IpResolver
+    # List of possible IP headers in order of priority
+    IP_HEADERS = %w[
+      HTTP_X_REAL_IP
+      HTTP_X_TRUE_CLIENT_IP
+      HTTP_FLY_CLIENT_IP
+      HTTP_CF_CONNECTING_IP
+    ].freeze
+    def initialize(request)
+      @request_env = request.env
+      @ip = request.ip
+    end
+    def resolve
+      return @request_env[ip_header] if ip_header
+      @ip
+    end
+    private
+    def ip_header
+      IP_HEADERS.find { |header| @request_env[header] }
+    end
+  end
+end

data/lib/wafris/middleware.rb CHANGED Viewed

@@ -1,80 +1,43 @@
 # frozen_string_literal: true
 module Wafris
   class Middleware
     def initialize(app)
       @app = app
+      ProxyFilter.set_filter
     end
     def call(env)
-      user_defined_proxies = ENV['TRUSTED_PROXY_RANGES'].split(',') if ENV['TRUSTED_PROXY_RANGES']
-      valid_ipv4_octet = /\.(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])/
-      trusted_proxies = Regexp.union(
-        /\A127#{valid_ipv4_octet}{3}\z/,                          # localhost IPv4 range 127.x.x.x, per RFC-3330
-        /\A::1\z/,                                                # localhost IPv6 ::1
-        /\Af[cd][0-9a-f]{2}(?::[0-9a-f]{0,4}){0,7}\z/i,           # private IPv6 range fc00 .. fdff
-        /\A10#{valid_ipv4_octet}{3}\z/,                           # private IPv4 range 10.x.x.x
-        /\A172\.(1[6-9]|2[0-9]|3[01])#{valid_ipv4_octet}{2}\z/,   # private IPv4 range 172.16.0.0 .. 172.31.255.255
-        /\A192\.168#{valid_ipv4_octet}{2}\z/,                     # private IPv4 range 192.168.x.x
-        /\Alocalhost\z|\Aunix(\z|:)/i,                            # localhost hostname, and unix domain sockets
-        *user_defined_proxies
-      )
-      Rack::Request.ip_filter = lambda { |ip| trusted_proxies.match?(ip) }
       request = Rack::Request.new(env)
-      # Forcing UTF-8 encoding on all strings for Sqlite3 compatibility
-      # List of possible IP headers in order of priority
-      ip_headers = [
-        'HTTP_X_REAL_IP',
-        'HTTP_X_TRUE_CLIENT_IP',
-        'HTTP_FLY_CLIENT_IP',
-        'HTTP_CF_CONNECTING_IP'
-      ]
-      # Find the first header that is present in the environment
-      ip_header = ip_headers.find { |header| env[header] }
-      # Use the found header or fallback to remote_ip if none of the headers are present
-      ip = (ip_header ? env[ip_header] : request.ip).force_encoding('UTF-8')
-      user_agent = request.user_agent ? request.user_agent.force_encoding('UTF-8') : nil
-      path = request.path.force_encoding('UTF-8')
-      parameters = Rack::Utils.build_query(request.params).force_encoding('UTF-8')
-      host = request.host.to_s.force_encoding('UTF-8')
-      request_method = String.new(request.request_method).force_encoding('UTF-8')
-      # Submitted for evaluation
-      headers = env.each_with_object({}) { |(k, v), h| h[k] = v.force_encoding('UTF-8') if k.start_with?('HTTP_') }
-      body = request.body.read
-      request_id = env.fetch('action_dispatch.request_id', SecureRandom.uuid.to_s)
-      request_timestamp = Time.now.utc.to_i
-      treatment = Wafris.evaluate(ip, user_agent, path, parameters, host, request_method, headers, body, request_id, request_timestamp)
+      wafris_request = WafrisRequest.new(request, env)
+      treatment = Wafris.evaluate(
+        wafris_request.ip,
+        wafris_request.user_agent,
+        wafris_request.path,
+        wafris_request.parameters,
+        wafris_request.host,
+        wafris_request.request_method,
+        wafris_request.headers,
+        wafris_request.body,
+        wafris_request.request_id,
+        wafris_request.request_timestamp
+      )
-      # These values match what the client tests expect (200, 404, 403, 500
+      # These values match what the client tests expect (200, 404, 403, 500)
       if treatment == 'Allowed' || treatment == 'Passed'
-        @app.call(env)
+        @app.call(env)
       elsif treatment == 'Blocked'
         [403, { 'content-type' => 'text/plain' }, ['Blocked']]
       else
-        #ap request
+        #ap request
         [500, { 'content-type' => 'text/plain' }, ['Error']]
       end
     rescue StandardError => e
       LogSuppressor.puts_log "[Wafris] Detailed Error: #{e.class} - #{e.message}"
       LogSuppressor.puts_log "[Wafris] Backtrace: #{e.backtrace.join("\n")}"
       @app.call(env)
     end
   end
 end

data/lib/wafris/proxy_filter.rb ADDED Viewed

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+module Wafris
+  module ProxyFilter
+    def self.set_filter
+      user_defined_proxies = ENV['TRUSTED_PROXY_RANGES'].split(',') if ENV['TRUSTED_PROXY_RANGES']
+      valid_ipv4_octet = /\.(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])/
+      trusted_proxies = Regexp.union(
+        /\A127#{valid_ipv4_octet}{3}\z/,                          # localhost IPv4 range 127.x.x.x, per RFC-3330
+        /\A::1\z/,                                                # localhost IPv6 ::1
+        /\Af[cd][0-9a-f]{2}(?::[0-9a-f]{0,4}){0,7}\z/i,           # private IPv6 range fc00 .. fdff
+        /\A10#{valid_ipv4_octet}{3}\z/,                           # private IPv4 range 10.x.x.x
+        /\A172\.(1[6-9]|2[0-9]|3[01])#{valid_ipv4_octet}{2}\z/,   # private IPv4 range 172.16.0.0 .. 172.31.255.255
+        /\A192\.168#{valid_ipv4_octet}{2}\z/,                     # private IPv4 range 192.168.x.x
+        /\Alocalhost\z|\Aunix(\z|:)/i,                            # localhost hostname, and unix domain sockets
+        *user_defined_proxies
+      )
+      Rack::Request.ip_filter = lambda { |ip| trusted_proxies.match?(ip) }
+    end
+  end
+end

data/lib/wafris/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Wafris
-  VERSION = "2.0.0"
+  VERSION = "2.0.1"
 end

data/lib/wafris/wafris_request.rb ADDED Viewed

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+module Wafris
+  class WafrisRequest
+    attr_reader :ip, :user_agent, :path, :parameters, :host, :request_method,
+                :headers, :body, :request_id, :request_timestamp
+    def initialize(request, env)
+      @ip = encode_to_utf8(IpResolver.new(request).resolve)
+      @user_agent = encode_to_utf8(request.user_agent)
+      @path = encode_to_utf8(request.path)
+      @parameters = encode_to_utf8(Rack::Utils.build_query(request.params))
+      @host = encode_to_utf8(request.host.to_s)
+      @request_method = encode_to_utf8(request.request_method)
+      @headers = extract_headers(env)
+      @body = request.body.read
+      @request_id = env.fetch('action_dispatch.request_id', SecureRandom.uuid.to_s)
+      @request_timestamp = Time.now.utc.to_i
+    end
+    private
+    def extract_headers(env)
+      env.each_with_object({}) do |(k, v), h|
+        h[k] = encode_to_utf8(v) if k.start_with?('HTTP_')
+      end
+    end
+    def encode_to_utf8(value)
+      value&.dup&.force_encoding('UTF-8')
+    end
+  end
+end

data/lib/wafris.rb CHANGED Viewed

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 require 'rails'
 require 'sqlite3'
 require 'ipaddr'
@@ -10,9 +9,11 @@ require 'awesome_print'
 require 'wafris/configuration'
 require 'wafris/middleware'
 require 'wafris/log_suppressor'
+require 'wafris/proxy_filter'
+require 'wafris/ip_resolver'
+require 'wafris/wafris_request'
 require 'wafris/railtie' if defined?(Rails::Railtie)
-ActiveSupport::Deprecation.behavior = :silence
 module Wafris
   class << self

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: wafris
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Michael Buckbee
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-07-17 00:00:00.000000000 Z
+date: 2024-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rack
@@ -179,10 +179,13 @@ extra_rdoc_files: []
 files:
 - lib/wafris.rb
 - lib/wafris/configuration.rb
+- lib/wafris/ip_resolver.rb
 - lib/wafris/log_suppressor.rb
 - lib/wafris/middleware.rb
+- lib/wafris/proxy_filter.rb
 - lib/wafris/railtie.rb
 - lib/wafris/version.rb
+- lib/wafris/wafris_request.rb
 homepage:
 licenses:
 - Elastic-2.0