Merge pull request #28 from securenative/dev

inbaltako · web-flow · commit 0124fe336c42 · 2020-10-13T16:25:44.000+03:00
Filter out unnecessary headers
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,61 +1,61 @@
 PATH
   remote: .
   specs:
-    securenative (0.1.33)
+    securenative (0.1.34)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.0.3.3)
-      actionpack (= 6.0.3.3)
+    actioncable (6.0.3.4)
+      actionpack (= 6.0.3.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.0.3.3)
-      actionpack (= 6.0.3.3)
-      activejob (= 6.0.3.3)
-      activerecord (= 6.0.3.3)
-      activestorage (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
+    actionmailbox (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activejob (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
+      activestorage (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       mail (>= 2.7.1)
-    actionmailer (6.0.3.3)
-      actionpack (= 6.0.3.3)
-      actionview (= 6.0.3.3)
-      activejob (= 6.0.3.3)
+    actionmailer (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      actionview (= 6.0.3.4)
+      activejob (= 6.0.3.4)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.0.3.3)
-      actionview (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
+    actionpack (6.0.3.4)
+      actionview (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.0.3.3)
-      actionpack (= 6.0.3.3)
-      activerecord (= 6.0.3.3)
-      activestorage (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
+    actiontext (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
+      activestorage (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       nokogiri (>= 1.8.5)
-    actionview (6.0.3.3)
-      activesupport (= 6.0.3.3)
+    actionview (6.0.3.4)
+      activesupport (= 6.0.3.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.0.3.3)
-      activesupport (= 6.0.3.3)
+    activejob (6.0.3.4)
+      activesupport (= 6.0.3.4)
       globalid (>= 0.3.6)
-    activemodel (6.0.3.3)
-      activesupport (= 6.0.3.3)
-    activerecord (6.0.3.3)
-      activemodel (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
-    activestorage (6.0.3.3)
-      actionpack (= 6.0.3.3)
-      activejob (= 6.0.3.3)
-      activerecord (= 6.0.3.3)
+    activemodel (6.0.3.4)
+      activesupport (= 6.0.3.4)
+    activerecord (6.0.3.4)
+      activemodel (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
+    activestorage (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activejob (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
       marcel (~> 0.3.1)
-    activesupport (6.0.3.3)
+    activesupport (6.0.3.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
@@ -64,7 +64,7 @@ GEM
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
     builder (3.2.4)
-    codecov (0.2.11)
+    codecov (0.2.12)
       json
       simplecov
     concurrent-ruby (1.1.7)
@@ -177,29 +177,29 @@ GEM
       rack
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
-    rails (6.0.3.3)
-      actioncable (= 6.0.3.3)
-      actionmailbox (= 6.0.3.3)
-      actionmailer (= 6.0.3.3)
-      actionpack (= 6.0.3.3)
-      actiontext (= 6.0.3.3)
-      actionview (= 6.0.3.3)
-      activejob (= 6.0.3.3)
-      activemodel (= 6.0.3.3)
-      activerecord (= 6.0.3.3)
-      activestorage (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
+    rails (6.0.3.4)
+      actioncable (= 6.0.3.4)
+      actionmailbox (= 6.0.3.4)
+      actionmailer (= 6.0.3.4)
+      actionpack (= 6.0.3.4)
+      actiontext (= 6.0.3.4)
+      actionview (= 6.0.3.4)
+      activejob (= 6.0.3.4)
+      activemodel (= 6.0.3.4)
+      activerecord (= 6.0.3.4)
+      activestorage (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       bundler (>= 1.3.0)
-      railties (= 6.0.3.3)
+      railties (= 6.0.3.4)
       sprockets-rails (>= 2.0.0)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.0.3.3)
-      actionpack (= 6.0.3.3)
-      activesupport (= 6.0.3.3)
+    railties (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.20.3, < 2.0)
@@ -242,7 +242,7 @@ GEM
       thread_safe (~> 0.1)
     url_mount (0.2.1)
       rack
-    webmock (3.9.1)
+    webmock (3.9.2)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
diff --git a/lib/securenative/frameworks/hanami.rb b/lib/securenative/frameworks/hanami.rb
@@ -35,8 +35,11 @@ def self.get_method(request)
 
       def self.get_headers(request)
         begin
-          # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
-          { 'user-agent' => request.env['HTTP_USER_AGENT'] }
+          headers = []
+          request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
+            headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
+          }
+          return headers
         rescue StandardError
           nil
         end
diff --git a/lib/securenative/frameworks/rails.rb b/lib/securenative/frameworks/rails.rb
@@ -37,8 +37,11 @@ def self.get_method(request)
 
       def self.get_headers(request)
         begin
-          # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
-          {'user-agent' => request.env['HTTP_USER_AGENT']}
+          headers = []
+          request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
+            headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
+          }
+          return headers
         rescue StandardError
           nil
         end
diff --git a/lib/securenative/frameworks/sinatra.rb b/lib/securenative/frameworks/sinatra.rb
@@ -35,8 +35,11 @@ def self.get_method(request)
 
       def self.get_headers(request)
         begin
-          # Note: At the moment we're filtering out everything but user-agent since ruby's payload is way too big
-          {'user-agent' => request.env['HTTP_USER_AGENT']}
+          headers = []
+          request.headers.env.select { |k, _| k.in?(ActionDispatch::Http::Headers::CGI_VARIABLES) || k =~ /^HTTP_/ }.each { |header|
+            headers.append(header[0].downcase.gsub("http_", "").gsub("_", "-"))
+          }
+          return headers
         rescue StandardError
           nil
         end
diff --git a/lib/securenative/version.rb b/lib/securenative/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module SecureNative
-  VERSION = '0.1.33'
+  VERSION = '0.1.34'
 end
diff --git a/spec/securenative/spec_api_manager.rb b/spec/securenative/spec_api_manager.rb
@@ -55,7 +55,7 @@
         'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
         'Authorization' => 'YOUR_API_KEY',
         'Content-Type' => 'application/json',
-        'Sn-Version' => '0.1.33',
+        'Sn-Version' => '0.1.34',
         'User-Agent' => 'SecureNative-ruby'
       }
     ).to_return(status: 200, body: '', headers: {})
diff --git a/spec/securenative/spec_event_manager.rb b/spec/securenative/spec_event_manager.rb
@@ -29,7 +29,7 @@ def initialize
               'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
               'Authorization' => 'YOUR_API_KEY',
               'Content-Type' => 'application/json',
-              'Sn-Version' => '0.1.33',
+              'Sn-Version' => '0.1.34',
               'User-Agent' => 'SecureNative-ruby'
             })
       .to_return(status: 200, body: '', headers: {})
@@ -53,7 +53,7 @@ def initialize
               'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
               'Authorization' => 'YOUR_API_KEY',
               'Content-Type' => 'application/json',
-              'Sn-Version' => '0.1.33',
+              'Sn-Version' => '0.1.34',
               'User-Agent' => 'SecureNative-ruby'
             })
       .to_return(status: 401, body: '', headers: {})
@@ -74,7 +74,7 @@ def initialize
               'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
               'Authorization' => 'YOUR_API_KEY',
               'Content-Type' => 'application/json',
-              'Sn-Version' => '0.1.33',
+              'Sn-Version' => '0.1.34',
               'User-Agent' => 'SecureNative-ruby'
             })
       .to_return(status: 500, body: '', headers: {})
diff --git a/spec/securenative/spec_http_client.rb b/spec/securenative/spec_http_client.rb
@@ -15,7 +15,7 @@
               'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
               'Authorization' => 'YOUR_API_KEY',
               'Content-Type' => 'application/json',
-              'Sn-Version' => '0.1.33',
+              'Sn-Version' => '0.1.34',
               'User-Agent' => 'SecureNative-ruby'
             }).to_return(status: 200, body: '', headers: {})
 

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@`
`55`	`55`	`'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',`
`56`	`56`	`'Authorization' => 'YOUR_API_KEY',`
`57`	`57`	`'Content-Type' => 'application/json',`
`58`		`- 'Sn-Version' => '0.1.33',`
	`58`	`+ 'Sn-Version' => '0.1.34',`
`59`	`59`	`'User-Agent' => 'SecureNative-ruby'`
`60`	`60`	`}`
`61`	`61`	`).to_return(status: 200, body: '', headers: {})`