Merge pull request #29 from securenative/dev

Fix request headers structure
securenative · Oct 13, 2020 · 1b18ef2 · 1b18ef2
2 parents 0124fe3 + ec2c953
commit 1b18ef2
Show file tree

Hide file tree

Showing 10 changed files with 20 additions and 14 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    securenative (0.1.34)
+    securenative (0.1.35)
 
 GEM
   remote: https://rubygems.org/

diff --git a/lib/securenative/api_manager.rb b/lib/securenative/api_manager.rb
@@ -20,6 +20,12 @@ def verify(event_options)
       begin
         res = @event_manager.send_sync(event, SecureNative::Enums::ApiRoute::VERIFY)
         ver_result = JSON.parse(res.body)
+        if res.code != "200"
+          if @options.fail_over_strategy == SecureNative::FailOverStrategy::FAIL_OPEN
+            return SecureNative::VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::LOW, score: 0, triggers: [])
+          end
+          return VerifyResult.new(risk_level: SecureNative::Enums::RiskLevel::HIGH, score: 1, triggers: [])
+        end
         return VerifyResult.new(risk_level: ver_result['riskLevel'], score: ver_result['score'], triggers: ver_result['triggers'])
       rescue StandardError => e
         SecureNative::Log.debug("Failed to call verify; #{e}")

diff --git a/lib/securenative/context.rb b/lib/securenative/context.rb
@@ -34,7 +34,7 @@ def self.from_http_request(request, options)
         # Standard Ruby request
         headers = request.header.to_hash if headers.nil?
       rescue StandardError
-        headers = []
+        headers = {}
       end
 
       url = SecureNative::Frameworks::Rails.get_url(request)

diff --git a/lib/securenative/frameworks/hanami.rb b/lib/securenative/frameworks/hanami.rb
@@ -35,9 +35,9 @@ def self.get_method(request)
 
       def self.get_headers(request)
         begin
-          headers = []
+          headers = {}
           request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
-            headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
+            headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
           }
           return headers
         rescue StandardError

diff --git a/lib/securenative/frameworks/rails.rb b/lib/securenative/frameworks/rails.rb
@@ -37,9 +37,9 @@ def self.get_method(request)
 
       def self.get_headers(request)
         begin
-          headers = []
+          headers = {}
           request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
-            headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
+            headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
           }
           return headers
         rescue StandardError

diff --git a/lib/securenative/frameworks/sinatra.rb b/lib/securenative/frameworks/sinatra.rb
@@ -35,9 +35,9 @@ def self.get_method(request)
 
       def self.get_headers(request)
         begin
-          headers = []
+          headers = {}
           request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
-            headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
+            headers[header[0].downcase.gsub("http_", "").gsub("_", "-")] = header[1]
           }
           return headers
         rescue StandardError

diff --git a/lib/securenative/version.rb b/lib/securenative/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SecureNative
-  VERSION = '0.1.34'
+  VERSION = '0.1.35'
 end
diff --git a/spec/securenative/spec_api_manager.rb b/spec/securenative/spec_api_manager.rb
@@ -55,7 +55,7 @@
         'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
         'Authorization' => 'YOUR_API_KEY',
         'Content-Type' => 'application/json',
-        'Sn-Version' => '0.1.34',
+        'Sn-Version' => '0.1.35',
         'User-Agent' => 'SecureNative-ruby'
       }
     ).to_return(status: 200, body: '', headers: {})

diff --git a/spec/securenative/spec_event_manager.rb b/spec/securenative/spec_event_manager.rb
@@ -29,7 +29,7 @@ def initialize
               'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
               'Authorization' => 'YOUR_API_KEY',
               'Content-Type' => 'application/json',
-              'Sn-Version' => '0.1.34',
+              'Sn-Version' => '0.1.35',
               'User-Agent' => 'SecureNative-ruby'
             })
       .to_return(status: 200, body: '', headers: {})
@@ -53,7 +53,7 @@ def initialize
               'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
               'Authorization' => 'YOUR_API_KEY',
               'Content-Type' => 'application/json',
-              'Sn-Version' => '0.1.34',
+              'Sn-Version' => '0.1.35',
               'User-Agent' => 'SecureNative-ruby'
             })
       .to_return(status: 401, body: '', headers: {})
@@ -74,7 +74,7 @@ def initialize
               'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
               'Authorization' => 'YOUR_API_KEY',
               'Content-Type' => 'application/json',
-              'Sn-Version' => '0.1.34',
+              'Sn-Version' => '0.1.35',
               'User-Agent' => 'SecureNative-ruby'
             })
       .to_return(status: 500, body: '', headers: {})

diff --git a/spec/securenative/spec_http_client.rb b/spec/securenative/spec_http_client.rb
@@ -15,7 +15,7 @@
               'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
               'Authorization' => 'YOUR_API_KEY',
               'Content-Type' => 'application/json',
-              'Sn-Version' => '0.1.34',
+              'Sn-Version' => '0.1.35',
               'User-Agent' => 'SecureNative-ruby'
             }).to_return(status: 200, body: '', headers: {})