securenative
diff --git a/‎Gemfile.lock‎
Lines changed: 1 addition & 1 deletion b/‎Gemfile.lock‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/config/configuration_builder.rb‎
Lines changed: 4 additions & 3 deletions b/‎lib/config/configuration_builder.rb‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎lib/config/configuration_manager.rb‎
Lines changed: 2 additions & 1 deletion b/‎lib/config/configuration_manager.rb‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎lib/config/securenative_options.rb‎
Lines changed: 4 additions & 3 deletions b/‎lib/config/securenative_options.rb‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎lib/utils/request_utils.rb‎
Lines changed: 20 additions & 5 deletions b/‎lib/utils/request_utils.rb‎
Lines changed: 20 additions & 5 deletions
diff --git a/‎out/production/securenative-ruby/api_manager.rb‎
Lines changed: 13 additions & 5 deletions b/‎out/production/securenative-ruby/api_manager.rb‎
Lines changed: 13 additions & 5 deletions
diff --git a/‎out/production/securenative-ruby/config/configuration_builder.rb‎
Lines changed: 6 additions & 9 deletions b/‎out/production/securenative-ruby/config/configuration_builder.rb‎
Lines changed: 6 additions & 9 deletions
diff --git a/‎out/production/securenative-ruby/config/configuration_manager.rb‎
Lines changed: 24 additions & 23 deletions b/‎out/production/securenative-ruby/config/configuration_manager.rb‎
Lines changed: 24 additions & 23 deletions
diff --git a/‎out/production/securenative-ruby/config/securenative_options.rb‎
Lines changed: 8 additions & 5 deletions b/‎out/production/securenative-ruby/config/securenative_options.rb‎
Lines changed: 8 additions & 5 deletions
diff --git a/‎out/production/securenative-ruby/context/hanami_context.rb‎
Lines changed: 42 additions & 0 deletions b/‎out/production/securenative-ruby/context/hanami_context.rb‎
Lines changed: 42 additions & 0 deletions
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    securenative (0.1.22)
+    securenative (0.1.23)
 
 GEM
   remote: https://rubygems.org/
 
@@ -3,12 +3,12 @@
 require 'enums/failover_strategy'
 
 class ConfigurationBuilder
-  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
-  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
+  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
+  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
 
   def initialize(api_key: nil, api_url: 'https://api.securenative.com/collector/api/v1', interval: 1000,
                  max_events: 1000, timeout: 1500, auto_send: true, disable: false, log_level: 'FATAL',
-                 fail_over_strategy: FailOverStrategy::FAIL_OPEN)
+                 fail_over_strategy: FailOverStrategy::FAIL_OPEN, proxy_headers: [])
     @api_key = api_key
     @api_url = api_url
     @interval = interval
@@ -18,6 +18,7 @@ def initialize(api_key: nil, api_url: 'https://api.securenative.com/collector/ap
     @disable = disable
     @log_level = log_level
     @fail_over_strategy = fail_over_strategy
+    @proxy_headers = proxy_headers
   end
 
   def self.default_securenative_options
 
@@ -50,6 +50,7 @@ def self.load_config
                              auto_send: _get_env_or_default(properties, 'SECURENATIVE_AUTO_SEND', options.auto_send),
                              disable: _get_env_or_default(properties, 'SECURENATIVE_DISABLE', options.disable),
                              log_level: _get_env_or_default(properties, 'SECURENATIVE_LOG_LEVEL', options.log_level),
-                             fail_over_strategy: _get_env_or_default(properties, 'SECURENATIVE_FAILOVER_STRATEGY', options.fail_over_strategy))
+                             fail_over_strategy: _get_env_or_default(properties, 'SECURENATIVE_FAILOVER_STRATEGY', options.fail_over_strategy),
+                             proxy_headers: _get_env_or_default(properties, 'SECURENATIVE_PROXY_HEADERS', options.proxy_headers))
   end
 end
@@ -3,12 +3,12 @@
 require 'enums/failover_strategy'
 
 class SecureNativeOptions
-  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
-  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
+  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
+  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
 
   def initialize(api_key: nil, api_url: "https://api.securenative.com/collector/api/v1", interval: 1000,
                  max_events: 1000, timeout: 1500, auto_send: true, disable: false, log_level: "FATAL",
-                 fail_over_strategy: FailOverStrategy::FAIL_OPEN)
+                 fail_over_strategy: FailOverStrategy::FAIL_OPEN, proxy_headers: [])
     @api_key = api_key
     @api_url = api_url
     @interval = interval
@@ -18,5 +18,6 @@ def initialize(api_key: nil, api_url: "https://api.securenative.com/collector/ap
     @disable = disable
     @log_level = log_level
     @fail_over_strategy = fail_over_strategy
+    @proxy_headers = proxy_headers
   end
 end
@@ -13,34 +13,49 @@ def self.get_secure_header_from_request(headers)
     []
   end
 
-  def self.get_client_ip_from_request(request)
+  def self.get_client_ip_from_request(request, options = nil)
     begin
       return request.ip unless request.ip.nil?
     rescue NoMethodError
     end
 
     begin
       x_forwarded_for = request.env['HTTP_X_FORWARDED_FOR']
-      return x_forwarded_for unless x_forwarded_for.nil?
+      return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
     rescue NoMethodError
       begin
         x_forwarded_for = request['HTTP_X_FORWARDED_FOR']
-        return x_forwarded_for unless x_forwarded_for.nil?
+        return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
       rescue NoMethodError
       end
     end
 
     begin
       x_forwarded_for = request.env['REMOTE_ADDR']
-      return x_forwarded_for unless x_forwarded_for.nil?
+      return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
     rescue NoMethodError
       begin
         x_forwarded_for = request['REMOTE_ADDR']
-        return x_forwarded_for unless x_forwarded_for.nil?
+        return x_forwarded_for.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless x_forwarded_for.nil?
       rescue NoMethodError
       end
     end
 
+    unless options.nil?
+      for header in options.proxy_headers do
+        begin
+          h = request.env[header]
+          return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
+        rescue NoMethodError
+          begin
+            h = request[header]
+            return h.scan(/\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b/)[0] unless h.nil?
+          rescue NoMethodError
+          end
+        end
+      end
+    end
+
     ''
   end
 
 
@@ -1,5 +1,10 @@
 # frozen_string_literal: true
 
+require 'models/sdk_event'
+require 'enums/failover_strategy'
+require 'enums/risk_level'
+require 'enums/api_route'
+require 'models/verify_result'
 require 'json'
 
 class ApiManager
@@ -19,13 +24,16 @@ def verify(event_options)
     event = SDKEvent.new(event_options, @options)
 
     begin
-      res = JSON.parse(@event_manager.send_sync(event, ApiRoute::VERIFY, false))
-      return VerifyResult.new(res['riskLevel'], res['score'], res['triggers'])
+      res = @event_manager.send_sync(event, ApiRoute::VERIFY, false)
+      ver_result = JSON.parse(res.body)
+      return VerifyResult.new(risk_level: ver_result['riskLevel'], score: ver_result['score'], triggers: ver_result['triggers'])
     rescue StandardError => e
-      SecureNativeLogger.debug('Failed to call verify; {}'.format(e))
+      SecureNativeLogger.debug("Failed to call verify; #{e}")
+    end
+    if @options.fail_over_strategy == FailOverStrategy::FAIL_OPEN
+      return VerifyResult.new(risk_level: RiskLevel::LOW, score: 0, triggers: nil)
     end
-    return VerifyResult.new(RiskLevel::LOW, 0, nil) if @options.fail_over_strategy == FailOverStrategy::FAIL_OPEN
 
-    VerifyResult.new(RiskLevel::HIGH, 1, nil)
+    VerifyResult.new(risk_level: RiskLevel::HIGH, score: 1, triggers: nil)
   end
 end
@@ -3,12 +3,12 @@
 require 'enums/failover_strategy'
 
 class ConfigurationBuilder
-  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
-  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
+  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
+  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
 
-  def initialize(api_key = nil, api_url = 'https://api.securenative.com/collector/api/v1', interval = 1000,
-                 max_events = 1000, timeout = 1500, auto_send = true, disable = false, log_level = 'FATAL',
-                 fail_over_strategy = FailOverStrategy::FAIL_OPEN)
+  def initialize(api_key: nil, api_url: 'https://api.securenative.com/collector/api/v1', interval: 1000,
+                 max_events: 1000, timeout: 1500, auto_send: true, disable: false, log_level: 'FATAL',
+                 fail_over_strategy: FailOverStrategy::FAIL_OPEN, proxy_headers: [])
     @api_key = api_key
     @api_url = api_url
     @interval = interval
@@ -18,10 +18,7 @@ def initialize(api_key = nil, api_url = 'https://api.securenative.com/collector/
     @disable = disable
     @log_level = log_level
     @fail_over_strategy = fail_over_strategy
-  end
-
-  def self.default_config_builder
-    ConfigurationBuilder.new
+    @proxy_headers = proxy_headers
   end
 
   def self.default_securenative_options
 
@@ -1,21 +1,21 @@
 # frozen_string_literal: true
 
-require 'parseconfig'
+require 'yaml'
+require 'config/configuration_builder'
 
 class ConfigurationManager
-  DEFAULT_CONFIG_FILE = 'securenative.cfg'
-  CUSTOM_CONFIG_FILE_ENV_NAME = 'SECURENATIVE_COMFIG_FILE'
+  DEFAULT_CONFIG_FILE = 'securenative.yml'
+  CUSTOM_CONFIG_FILE_ENV_NAME = 'SECURENATIVE_CONFIG_FILE'
   @config = nil
 
   def self.read_resource_file(resource_path)
-    @config = ParseConfig.new(resource_path)
-
     properties = {}
-    @config.get_groups.each { |group|
-      group.each do |key, value|
-        properties[key.upcase] = value
-      end
-    }
+    begin
+      @config = YAML.load_file(resource_path)
+      properties = @config unless @config.nil?
+    rescue StandardError => e
+      SecureNativeLogger.error("Could not parse config file #{resource_path}; #{e}")
+    end
     properties
   end
 
@@ -24,32 +24,33 @@ def self._get_resource_path(env_name)
   end
 
   def self.config_builder
-    ConfigurationBuilder.default_config_builder
+    ConfigurationBuilder.new
   end
 
   def self._get_env_or_default(properties, key, default)
-    return Env[key] if Env[key]
+    return ENV[key] if ENV[key]
     return properties[key] if properties[key]
 
     default
   end
 
   def self.load_config
-    options = ConfigurationBuilder().default_securenative_options
+    options = ConfigurationBuilder.default_securenative_options
 
     resource_path = DEFAULT_CONFIG_FILE
-    resource_path = Env[CUSTOM_CONFIG_FILE_ENV_NAME] if Env[CUSTOM_CONFIG_FILE_ENV_NAME]
+    resource_path = ENV[CUSTOM_CONFIG_FILE_ENV_NAME] unless ENV[CUSTOM_CONFIG_FILE_ENV_NAME].nil?
 
     properties = read_resource_file(resource_path)
 
-    ConfigurationBuilder(_get_env_or_default(properties, 'SECURENATIVE_API_KEY', options.api_key),
-                         _get_env_or_default(properties, 'SECURENATIVE_API_URL', options.api_url),
-                         _get_env_or_default(properties, 'SECURENATIVE_INTERVAL', options.interval),
-                         _get_env_or_default(properties, 'SECURENATIVE_MAX_EVENTS', options.max_events),
-                         _get_env_or_default(properties, 'SECURENATIVE_TIMEOUT', options.timeout),
-                         _get_env_or_default(properties, 'SECURENATIVE_AUTO_SEND', options.auto_send),
-                         _get_env_or_default(properties, 'SECURENATIVE_DISABLE', options.disable),
-                         _get_env_or_default(properties, 'SECURENATIVE_LOG_LEVEL', options.log_level),
-                         _get_env_or_default(properties, 'SECURENATIVE_FAILOVER_STRATEGY', options.fail_over_strategy))
+    ConfigurationBuilder.new(api_key: _get_env_or_default(properties, 'SECURENATIVE_API_KEY', options.api_key),
+                             api_url: _get_env_or_default(properties, 'SECURENATIVE_API_URL', options.api_url),
+                             interval: _get_env_or_default(properties, 'SECURENATIVE_INTERVAL', options.interval),
+                             max_events: _get_env_or_default(properties, 'SECURENATIVE_MAX_EVENTS', options.max_events),
+                             timeout: _get_env_or_default(properties, 'SECURENATIVE_TIMEOUT', options.timeout),
+                             auto_send: _get_env_or_default(properties, 'SECURENATIVE_AUTO_SEND', options.auto_send),
+                             disable: _get_env_or_default(properties, 'SECURENATIVE_DISABLE', options.disable),
+                             log_level: _get_env_or_default(properties, 'SECURENATIVE_LOG_LEVEL', options.log_level),
+                             fail_over_strategy: _get_env_or_default(properties, 'SECURENATIVE_FAILOVER_STRATEGY', options.fail_over_strategy),
+                             proxy_headers: _get_env_or_default(properties, 'SECURENATIVE_PROXY_HEADERS', options.proxy_headers))
   end
 end
@@ -1,12 +1,14 @@
 # frozen_string_literal: true
 
+require 'enums/failover_strategy'
+
 class SecureNativeOptions
-  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
-  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy
+  attr_reader :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
+  attr_writer :api_key, :api_url, :interval, :max_events, :timeout, :auto_send, :disable, :log_level, :fail_over_strategy, :proxy_headers
 
-  def initialize(api_key = nil, api_url = "https://api.securenative.com/collector/api/v1", interval = 1000,
-                 max_events = 1000, timeout = 1500, auto_send = true, disable = false, log_level = "FATAL",
-                 fail_over_strategy = FailOverStrategy::FAIL_OPEN)
+  def initialize(api_key: nil, api_url: "https://api.securenative.com/collector/api/v1", interval: 1000,
+                 max_events: 1000, timeout: 1500, auto_send: true, disable: false, log_level: "FATAL",
+                 fail_over_strategy: FailOverStrategy::FAIL_OPEN, proxy_headers: [])
     @api_key = api_key
     @api_url = api_url
     @interval = interval
@@ -16,5 +18,6 @@ def initialize(api_key = nil, api_url = "https://api.securenative.com/collector/
     @disable = disable
     @log_level = log_level
     @fail_over_strategy = fail_over_strategy
+    @proxy_headers = proxy_headers
   end
 end
@@ -0,0 +1,42 @@
+# frozen_string_literal: true
+
+class HanamiContext
+  SECURENATIVE_COOKIE = '_sn'
+
+  def self.get_client_token(request)
+    begin
+      request.env[SECURENATIVE_COOKIE]
+    rescue StandardError
+      begin
+        request.cookies[SECURENATIVE_COOKIE]
+      rescue StandardError
+        nil
+      end
+    end
+  end
+
+  def self.get_url(request)
+    begin
+      request.env['REQUEST_PATH']
+    rescue StandardError
+      nil
+    end
+  end
+
+  def self.get_method(request)
+    begin
+      request.request_method
+    rescue StandardError
+      nil
+    end
+  end
+
+  def self.get_headers(request)
+    begin
+      # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
+      { 'user-agent' => request.env['HTTP_USER_AGENT'] }
+    rescue StandardError
+      nil
+    end
+  end
+end