Class: PxModule::PerimeterxPayload

Inherits:

Object

• Object
• PxModule::PerimeterxPayload

Defined in:

lib/perimeterx/internal/payload/perimeter_x_payload.rb

Direct Known Subclasses

PerimeterxCookieV1, PerimeterxCookieV3, PerimeterxTokenV1, PerimeterxTokenV3

Instance Attribute Summary

• #cookie_secret ⇒ Object

  Returns the value of attribute cookie_secret.

• #decoded_cookie ⇒ Object

  Returns the value of attribute decoded_cookie.

• #px_config ⇒ Object

  Returns the value of attribute px_config.

• #px_cookie ⇒ Object

  Returns the value of attribute px_cookie.

• #px_ctx ⇒ Object

  Returns the value of attribute px_ctx.

Class Method Summary

• .px_cookie_factory(px_ctx, px_config) ⇒ Object

Instance Method Summary

• #cookie_block_action ⇒ Object
• #cookie_hmac ⇒ Object
• #cookie_score ⇒ Object
• #cookie_time ⇒ Object
• #cookie_uuid ⇒ Object
• #cookie_vid ⇒ Object
• #decode(px_cookie) ⇒ Object
• #decrypt(px_cookie) ⇒ Object
• #deserialize ⇒ Object
• #expired? ⇒ Boolean
• #high_score? ⇒ Boolean
• #hmac_valid?(hmac_str, cookie_hmac) ⇒ Boolean
• #initialize(px_config) ⇒ PerimeterxPayload constructor

  A new instance of PerimeterxPayload.

• #is_valid? ⇒ Boolean
• #secure_compare(a, b) ⇒ Object
• #secured? ⇒ Boolean
• #valid_format?(cookie) ⇒ Boolean

Constructor Details

#initialize(px_config) ⇒ PerimeterxPayload

Returns a new instance of PerimeterxPayload.

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 10

def initialize(px_config)
  @px_config = px_config
  @logger = px_config[:logger]
end

Instance Attribute Details

#cookie_secret ⇒ Object

Returns the value of attribute cookie_secret.

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 8

def cookie_secret
  @cookie_secret
end

#decoded_cookie ⇒ Object

Returns the value of attribute decoded_cookie.

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 8

def decoded_cookie
  @decoded_cookie
end

#px_config ⇒ Object

Returns the value of attribute px_config.

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 8

def px_config
  @px_config
end

#px_cookie ⇒ Object

Returns the value of attribute px_cookie.

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 8

def px_cookie
  @px_cookie
end

#px_ctx ⇒ Object

Returns the value of attribute px_ctx.

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 8

def px_ctx
  @px_ctx
end

Class Method Details

.px_cookie_factory(px_ctx, px_config) ⇒ Object

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 15

def self.px_cookie_factory(px_ctx, px_config)
  if px_ctx.context[:cookie_origin] == 'header'
    if (px_ctx.context[:px_cookie].key?(:v3))
      return PerimeterxTokenV3.new(px_config,px_ctx)
    end
    return PerimeterxTokenV1.new(px_config,px_ctx)
  elsif (px_ctx.context[:px_cookie].key?(:v3))
    return PerimeterxCookieV3.new(px_config, px_ctx)
  end
  return PerimeterxCookieV1.new(px_config, px_ctx)
end

Instance Method Details

#cookie_block_action ⇒ Object

Raises:

• (Exception)

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 42

def cookie_block_action
  #abstract, must be implemented
  raise Exception.new("Unimplemented method")
end

#cookie_hmac ⇒ Object

Raises:

• (Exception)

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 32

def cookie_hmac
  #abstract, must be implemented
  raise Exception.new("Unimplemented method")
end

#cookie_score ⇒ Object

Raises:

• (Exception)

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 27

def cookie_score
  #abstract, must be implemented
  raise Exception.new("Unimplemented method")
end

#cookie_time ⇒ Object

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 56

def cookie_time
  return @decoded_cookie[:t]
end

#cookie_uuid ⇒ Object

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 60

def cookie_uuid
  return @decoded_cookie[:u]
end

#cookie_vid ⇒ Object

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 64

def cookie_vid
  return @decoded_cookie[:v]
end

#decode(px_cookie) ⇒ Object

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 133

def decode(px_cookie)
  return JSON.parse(Base64.decode64(px_cookie), symbolize_names: true)
end

#decrypt(px_cookie) ⇒ Object

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 103

def decrypt(px_cookie)
  begin
    if (px_cookie.nil?)
      return
    end
    px_cookie = px_cookie.gsub(' ', '+')
    salt, iterations, cipher_text = px_cookie.split(':')
    iterations = iterations.to_i
    if (iterations > @px_config[:risk_cookie_max_iterations] || iterations < 500)
      return
    end
    salt = Base64.decode64(salt)
    cipher_text = Base64.decode64(cipher_text)
    digest = OpenSSL::Digest::SHA256.new
    value = OpenSSL::PKCS5.pbkdf2_hmac(@px_config[:cookie_key], salt, iterations, 48, digest)
    key = value[0..31]
    iv = value[32..-1]
    cipher = OpenSSL::Cipher::AES256.new(:CBC)
    cipher.decrypt
    cipher.key = key
    cipher.iv = iv
    plaintext = cipher.update(cipher_text) + cipher.final

    return JSON.parse(plaintext, symbolize_names: true)
  rescue Exception => e
    @logger.debug("PerimeterxCookie[decrypt]: Cookie decrypt fail #{e.message}")
    raise PxCookieDecryptionException.new("Cookie decrypt fail => #{e.message}");
  end
end

#deserialize ⇒ Object

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 77

def deserialize
  if (!@decoded_cookie.nil?)
    return true
  end

  # Decode or decrypt, depends on configuration
  if (@px_config[:encryption_enabled])
    cookie = decrypt(@px_cookie)
  else
    cookie = decode(@px_cookie)
  end

  if (cookie.nil?)
    return false
  end

  if (!valid_format?(cookie))
    return false
  end

  @decoded_cookie = cookie

  return true
end

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 72

def expired?
  return cookie_time < (Time.now.to_f*1000).floor
end

#high_score? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 68

def high_score?
  return cookie_score >= @px_config[:blocking_score]
end

#hmac_valid?(hmac_str, cookie_hmac) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 138

def hmac_valid?(hmac_str, cookie_hmac)
  hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::SHA256.new, @cookie_secret, hmac_str)
  password_correct = secure_compare(hmac, cookie_hmac)
end

#is_valid? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 52

def is_valid?
  return deserialize && !expired? && secured?
end

#secure_compare(a, b) ⇒ Object

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 143

def secure_compare(a, b)
  # https://github.com/rails/rails/blob/main/activesupport/lib/active_support/security_utils.rb
  if (a.bytesize != b.bytesize)
    return false
  end

  l = a.unpack "C#{a.bytesize}"

  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

#secured? ⇒ Boolean

Returns:

• (Boolean)

Raises:

• (Exception)

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 47

def secured?
  #abstract, must be implemented
  raise Exception.new("Unimplemented method")
end

#valid_format?(cookie) ⇒ Boolean

Returns:

• (Boolean)

Raises:

• (Exception)

# File 'lib/perimeterx/internal/payload/perimeter_x_payload.rb', line 37

def valid_format?(cookie)
  #abstract, must be implemented
  raise Exception.new("Unimplemented method")
end