Release 3.0.0

Merge pull request #59 from PerimeterX/dev

.gitignore

@@ -281,4 +281,6 @@ __pycache__/
 # tools/**
 # !tools/packages.config
 
-# End of https://www.gitignore.io/api/VisualStudio
+.vscode
+
+# End of https://www.gitignore.io/api/VisualStudio

CHANGELOG.md

@@ -3,89 +3,94 @@
 All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 
-##[2.7.0] - 2018-09-16
+## [3.0.0] - 2019-01-17
 ### Added
- - Support for simulated_block
+- Added PXHD handling
+- Added cookie names extraction
+- Added data enrichment cookie handling to context
+- Added custom block page with redirects feature
+
+## [2.7.0] - 2018-09-16
+### Added
+- Support for simulated_block
 ### Fixed
- - Captcha v2 template and error handling 
- - Various stablity and performance fixes
+- Captcha v2 template and error handling 
+- Various stablity and performance fixes
 
-##[2.6.0] - 2018-08-07
+## [2.6.0] - 2018-08-07
 ### Added
- - Support for captcha v2
+- Support for captcha v2
 
-##[2.5.1] - 2018-11-06
+## [2.5.1] - 2018-11-06
 ### Fixed
- - Mobile token extraction in cookie validator
+- Mobile token extraction in cookie validator
 
-##[2.5.0] - 2018-14-03
+## [2.5.0] - 2018-14-03
 ### Added
- - Support for first party
+- Support for first party
 
-##[2.4.0] - 2018-21-02
+## [2.4.0] - 2018-21-02
 ### Added
- - Support enforced specific routes
+- Support enforced specific routes
 
-##[2.3.0] - 2018-05-02
+## [2.3.0] - 2018-05-02
 ### Added
- - Support for mobile sdk
- - Support for original tokens
- - Support funCaptcha in mobile
- - Enforcer Telemetry
+- Support for mobile sdk
+- Support for original tokens
+- Support funCaptcha in mobile
+- Enforcer Telemetry
 ### Modified
- - Edit block page footer
- - Edit reCaptcha template to use b64 captcha
- - Enrichment for async activities
+- Edit block page footer
+- Edit reCaptcha template to use b64 captcha
+- Enrichment for async activities
 ### Fixed
- - Handling duplicate cookies
+- Handling duplicate cookies
 
-##[2.2.0] - 2017-11-10
+## [2.2.0] - 2017-11-10
 ### Fixed
- - Fixed default value for sensitive_route
- - Using action_block to render block pages
- - Naming for s2s expired_cookie reason to cookie_expired
+- Fixed default value for sensitive_route
+- Using action_block to render block pages
+- Naming for s2s expired_cookie reason to cookie_expired
 ### Added
- - JS Challenge support
- - FunCaptcha support
- - CustomVerificationHandler support
- - MonitorMode and set default to true
-  Please note: MonitorMode is breaking backward support
-   if you upgrade to this version or further
-   and want to keep your blocking active, please set its value to False
+- JS Challenge support
+- FunCaptcha support
+- CustomVerificationHandler support
+- MonitorMode and set default to true
+ Please note: MonitorMode is breaking backward support
+  if you upgrade to this version or further
+  and want to keep your blocking active, please set its value to False
 
-##[2.1.0] - 2017-04-06
+## [2.1.0] - 2017-04-06
 ### Fixed
- - Renamed risk_score to block_score in activity details
- - Fixed block score threshold
+- Renamed risk_score to block_score in activity details
+- Fixed block score threshold
 ## Added
- - Support for sensitive routes
- - Log page requested reason
- - Mesure risk rout trip time
+- Support for sensitive routes
+- Log page requested reason
+- Mesure risk rout trip time
 
-
-##[2.0.3] - 2017-15-05
+## [2.0.3] - 2017-15-05
 ### Fixed
- - Collect right Hostname in context
- - Renamed module_version
+- Collect right Hostname in context
+- Renamed module_version
 ### Added
- - Block/Page Requested Activities now sends module_verison and risk_socre
- - Support Cookie v3
- - Support RiskAPI v2
+- Block/Page Requested Activities now sends module_verison and risk_socre
+- Support Cookie v3
+- Support RiskAPI v2
 ### Changed
- - Moved PxModule verification code, request state, api calls to managable files
- - New classes, Validators, DataContracts (Cookies, Activities, Requests etc...)
- - Refactor module to work with PxContext
- - Reordered library into folders
-
+- Moved PxModule verification code, request state, api calls to managable files
+- New classes, Validators, DataContracts (Cookies, Activities, Requests etc...)
+- Refactor module to work with PxContext
+- Reordered library into folders
 
-##[1.2.0] - 2017-24-04
+## [1.2.0] - 2017-24-04
 - Support custom header for user-agent
 
-##[1.1.1] - 2017-20-04
+## [1.1.1] - 2017-20-04
 - added .axd files to whitelist files
 - sending px_orig_value when decryption fails
 
-##[1.1] - 2017-28-03
+## [1.1] - 2017-28-03
 - Moved server url to new URL
 - New design for block pages
 - Block page customisation

PerimeterXModule/DataContracts/Activities/Activity.cs

@@ -32,5 +32,8 @@ public class Activity
 
  [DataMember(Name = "http_method", EmitDefaultValue = false)]
  public string HttpMethod;
+
+ [DataMember(Name = "pxhd", EmitDefaultValue = false)]
+ public string Pxhd;
  }
 }

PerimeterXModule/DataContracts/Activities/ActivityDetails.cs

@@ -31,7 +31,11 @@ public class ActivityDetails : IActivityDetails
 
  [DataMember(Name = "risk_rtt")]
  public long RiskRoundtripTime;
- }
+
+ [DataMember(Name = "block_action")]
+ public string BlockAction;
+
+ }
 
  [DataContract]
  public class EnforcerTelemetryActivityDetails : IActivityDetails
@@ -51,4 +55,4 @@ public class EnforcerTelemetryActivityDetails : IActivityDetails
  [DataMember(Name = "enforcer_configs")]
  public string EnforcerConfigs;
  }
-}
+}

PerimeterXModule/DataContracts/Requests/Additional.cs

@@ -44,5 +44,10 @@ public class Additional
  [DataMember(Name = "simulated_block")]
  public object SimulatedBlock;
 
+ [DataMember(Name = "request_cookie_names")]
+ public string[] RequestCookieNames;
+
+ [DataMember(Name = "enforcer_vid_source", EmitDefaultValue = false)]
+ public string VidSource;
  }
 }

PerimeterXModule/DataContracts/Requests/RiskRequest.cs

@@ -19,5 +19,8 @@ public class RiskRequest
 
  [DataMember(Name = "additional", EmitDefaultValue = false)]
  public Additional Additional;
+
+ [DataMember(Name = "pxhd", EmitDefaultValue = false)]
+ public string Pxhd;
  }
 }

PerimeterXModule/DataContracts/Responses/RiskResponse.cs

@@ -25,6 +25,13 @@ public class RiskResponse
 
  [DataMember(Name = "error_msg")]
  public string ErrorMessage;
+
+ [DataMember(Name = "data_enrichment")]
+ public object DataEnrichment;
+
+ [DataMember(Name = "pxhd")]
+ public string Pxhd;
+
  }
 
 

PerimeterXModule/Internals/Cookies/DataEnrichmentCookie.cs

@@ -0,0 +1,19 @@
+using System.Text;
+
+namespace PerimeterX.DataContracts.Cookies
+{
+ public sealed class DataEnrichmentCookie
+ {
+ private bool isValid = false;
+ private dynamic jsonPayload;
+
+ public bool IsValid { set { isValid = value; } get { return isValid; } }
+ public dynamic JsonPayload { set { jsonPayload = value; } get { return jsonPayload; } }
+
+ public DataEnrichmentCookie(dynamic jsonPayload, bool isValid)
+ {
+ this.jsonPayload = jsonPayload;
+ this.isValid = isValid;
+ }
+ }
+}

PerimeterXModule/Internals/Cookies/PxCookieUtils.cs

@@ -7,61 +7,90 @@
 
 namespace PerimeterX
 {
- public static class PxCookieUtils
- {
- public static IPxCookie BuildCookie(PxModuleConfigurationSection config, Dictionary<string,string> cookies, ICookieDecoder cookieDecoder)
- {
- if (cookies.Count == 0)
+ public static class PxCookieUtils
+ {
+ public static IPxCookie BuildCookie(PxModuleConfigurationSection config, Dictionary<string, string> cookies, ICookieDecoder cookieDecoder)
+ {
+ if (cookies.ContainsKey(PxConstants.COOKIE_V1_PREFIX))
+ {
+ return new PxCookieV1(cookieDecoder, cookies[PxConstants.COOKIE_V1_PREFIX]);
+ }
+ else if(cookies.ContainsKey(PxConstants.COOKIE_V3_PREFIX))
  {
- return null;
+ return new PxCookieV3(cookieDecoder, cookies[PxConstants.COOKIE_V3_PREFIX]);
  }
 
- if (cookies.ContainsKey(PxConstants.COOKIE_V1_PREFIX))
- {
- return new PxCookieV1(cookieDecoder, cookies[PxConstants.COOKIE_V1_PREFIX]);
- }
-
- return new PxCookieV3(cookieDecoder, cookies[PxConstants.COOKIE_V3_PREFIX]);
+ return null;
  }
 
- public static T Deserialize<T>(ICookieDecoder cookieDecoder, string rawCookie)
- {
- string cookieString = cookieDecoder.Decode(rawCookie);
- if (string.IsNullOrEmpty(cookieString))
- {
- return default(T);
- }
+ public static T Deserialize<T>(ICookieDecoder cookieDecoder, string rawCookie)
+ {
+ string cookieString = cookieDecoder.Decode(rawCookie);
+ if (string.IsNullOrEmpty(cookieString))
+ {
+ return default(T);
+ }
 
- return JSON.Deserialize<T>(cookieString, PxConstants.JSON_OPTIONS);
- }
+ return JSON.Deserialize<T>(cookieString, PxConstants.JSON_OPTIONS);
+ }
 
- public static bool IsExpired(double date)
- {
- double now = DateTime.UtcNow
- .Subtract(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc))
- .TotalMilliseconds;
- return date < now;
- }
+ public static bool IsExpired(double date)
+ {
+ double now = DateTime.UtcNow
+ .Subtract(new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc))
+ .TotalMilliseconds;
+ return date < now;
+ }
 
- public static bool IsHMACValid(string cookieKey, string UncodedHmac, string CookieHmac)
- {
- var cookieKeyBytes = Encoding.UTF8.GetBytes(cookieKey);
- var hash = new HMACSHA256(cookieKeyBytes);
- var expectedHashBytes = hash.ComputeHash(Encoding.UTF8.GetBytes(UncodedHmac));
- var encodedHmac = ByteArrayToHexString(expectedHashBytes);
- return encodedHmac == CookieHmac;
- }
+ public static bool IsHMACValid(string cookieKey, string UncodedHmac, string CookieHmac)
+ {
+ var cookieKeyBytes = Encoding.UTF8.GetBytes(cookieKey);
+ var hash = new HMACSHA256(cookieKeyBytes);
+ var expectedHashBytes = hash.ComputeHash(Encoding.UTF8.GetBytes(UncodedHmac));
+ var encodedHmac = ByteArrayToHexString(expectedHashBytes);
+ return encodedHmac == CookieHmac;
+ }
 
- public static string ByteArrayToHexString(byte[] input)
- {
- StringBuilder sb = new StringBuilder(input.Length * 2);
- foreach (byte b in input)
- {
- sb.Append(PxConstants.HEX_ALPHABET[b >> 4]);
- sb.Append(PxConstants.HEX_ALPHABET[b & 0xF]);
- }
- return sb.ToString();
- }
- }
+ public static string ByteArrayToHexString(byte[] input)
+ {
+ StringBuilder sb = new StringBuilder(input.Length * 2);
+ foreach (byte b in input)
+ {
+ sb.Append(PxConstants.HEX_ALPHABET[b >> 4]);
+ sb.Append(PxConstants.HEX_ALPHABET[b & 0xF]);
+ }
+ return sb.ToString();
+ }
+
+ public static DataEnrichmentCookie GetDataEnrichmentCookie(Dictionary<string, string> PxCookies, string cookieKey)
+ {
+ DataEnrichmentCookie dataEnrichment = new DataEnrichmentCookie(JSON.DeserializeDynamic("{}"), false);
+ if (PxCookies.ContainsKey(PxConstants.COOKIE_DATA_ENRICHMENT_PREFIX))
+ {
+ string rawCookie = PxCookies[PxConstants.COOKIE_DATA_ENRICHMENT_PREFIX];
+ string[] splitRawCookie = rawCookie.Split(new char[] { ':' }, 2);
+ if (splitRawCookie.Length != 2)
+ {
+ return dataEnrichment;
+ }
+
+ string hmac = splitRawCookie[0];
+ string encodedPayload = splitRawCookie[1];
+ bool isValid = IsHMACValid(cookieKey, encodedPayload, hmac);
+ dataEnrichment.IsValid = isValid;
+ byte[] bytes = Convert.FromBase64String(encodedPayload);
+ string decodedPayload = Encoding.UTF8.GetString(bytes);
+ try
+ {
+ dataEnrichment.JsonPayload = JSON.DeserializeDynamic(decodedPayload);
+ }
+ catch (Exception err)
+ {
+ PxLoggingUtils.LogDebug(string.Format("Failed deserializing pxde into json"));
+ }
+ }
 
+ return dataEnrichment;
+ }
+ }
 }

PerimeterXModule/Internals/Helpers/HttpHandler.cs

@@ -38,7 +38,7 @@ public string Post(string requestJson, string uri)
  }
  }
 
- public void Dispose()
+ public void Dispose()
  {
  this.httpClient.Dispose();
  this.httpClient = null;