class Backend

Public Class Methods

activity(connection, actor) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 47
def self.activity(connection, actor)
  connection.lrange("#{actor}:requests", 0, -1)
end
blacklist_total(connection) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 2
def self.blacklist_total(connection)
  connection.smembers("repsheet:blacklist:history").size
end
blacklisted?(connection, ip) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 10
def self.blacklisted?(connection, ip)
  connection.exists("#{ip}:repsheet:blacklist")
end
breakdown(connection) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 36
def self.breakdown(connection)
  data = Hash.new(0)
  offenders = connection.keys("*:repsheet").map {|o| o.split(":").first}
  offenders.each do |offender|
    connection.zrange("#{offender}:detected", 0, -1).each do |rule|
      data[rule] += connection.zscore("#{offender}:detected", rule).to_i
    end
  end
  data.take(10)
end
ofdp_score(connection, ip) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 14
def self.ofdp_score(connection, ip)
  connection.get("#{ip}:score")
end
summary(connection) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 18
def self.summary(connection)
  if connection.exists("offenders")
    suspects, blacklisted = optimized(connection)
  else
    suspects, blacklisted = standard(connection)
  end

  [suspects.sort_by{|k,v| -v[:total]}.take(10), blacklisted]
end
suspects(connection) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 28
def self.suspects(connection)
  if connection.exists("offenders")
    suspects = optimized(connection)
  else
    suspects = standard(connection)
  end
end
whitelisted?(connection, ip) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 6
def self.whitelisted?(connection, ip)
  connection.exists("#{ip}:repsheet:whitelist")
end
worldview(connection, database) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 51
def self.worldview(connection, database)
  data = {}
  offenders = connection.keys("*:repsheet:blacklist").map {|o| o.split(":").first}
  offenders.each do |address|
    details = database.country(address)
    next if details.nil?
    data[address] = [details.latitude, details.longitude]
  end
  data
end

Private Class Methods

blacklist(connection, optimized=false) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 100
def self.blacklist(connection, optimized=false)
  blacklisted = {}

  connection.keys("*:*:blacklist").map {|d| d.split(":").first}.reject {|ip| ip.empty?}.each do |actor|
    next unless connection.get("#{actor}:repsheet:blacklist") == "true"
    detected = triggered_rules(connection, actor)
    blacklisted[actor] = Hash.new 0
    blacklisted[actor][:detected] = detected.join(", ")
    blacklisted[actor][:total] = score_actor(connection, actor, detected, optimized)
    blacklisted[actor][:requests] = connection.llen("#{actor}:requests")
  end

  blacklisted
end
optimized(connection) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 68
def self.optimized(connection)
  suspects = {}

  connection.zrevrangebyscore("offenders", "+inf", "0").each do |actor|
    next if connection.get("#{actor}:repsheet:blacklist") == "true"
    suspects[actor] = Hash.new 0
    suspects[actor][:detected] = triggered_rules(connection, actor).join(", ")
    suspects[actor][:total] = score_actor(connection, actor, nil, true)
    suspects[actor][:requests] = connection.llen("#{actor}:requests")
  end

  [suspects, blacklist(connection)]
end
score_actor(connection, actor, detected, optimized=false) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 119
def self.score_actor(connection, actor, detected, optimized=false)
  return connection.zscore("offenders", "#{actor}").to_i if optimized

  detected.reduce(0) do |memo, rule|
    memo += connection.zscore("#{actor}:detected", rule).to_i
  end
end
standard(connection) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 82
def self.standard(connection)
  suspects = {}

  connection.keys("*:requests").map {|d| d.split(":").first}.reject {|ip| ip.empty?}.each do |actor|
    detected = triggered_rules(connection, actor)
    blacklist = connection.get("#{actor}:repsheet:blacklist")

    if !detected.empty? && blacklist != "true"
      suspects[actor] = Hash.new 0
      suspects[actor][:detected] = detected.join(", ")
      suspects[actor][:total] = score_actor(connection, actor, detected)
      suspects[actor][:requests] = connection.llen("#{actor}:requests")
    end
  end

  [suspects, blacklist(connection)]
end
triggered_rules(connection, actor) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 64
def self.triggered_rules(connection, actor)
  connection.zrange("#{actor}:detected", 0, -1)
end
whitelist(connection) click to toggle source
# File lib/repsheet_visualizer/application/backend.rb, line 115
def self.whitelist(connection)
  connection.keys("*:*:whitelist").map {|record| record.split(":").first}.reject {|ip| ip.empty?}
end