Merge pull request #91 from PerimeterX/release/v3.3.0

Release/v3.3.0

Author: chen-zimmer-px

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Change Log
 
+## [v3.3.0](https://github.com/PerimeterX/perimeterx-python-wsgi) (2022-04-11)
+- Changed to new version of block page
+- Configurable max buffer length
+- Configurable px_backend_url
+- Sending activities at the end of request cycle rather than beginning of the next one
+- Removed problematic fields in Risk API request
+
 ## [v3.2.1](https://github.com/PerimeterX/perimeterx-python-wsgi) (2019-08-22)
 - Upgrade dependency for security issue.
 

README.md

@@ -4,9 +4,9 @@
 
 [PerimeterX](http://www.perimeterx.com) Python Middleware
 =============================================================
-> Latest stable version: [v3.2.1](https://pypi.org/project/perimeterx-python-wsgi/)
+> Latest stable version: [v3.3.0](https://pypi.org/project/perimeterx-python-wsgi/)
 
-> Latest GAE stable version: [v3.2.1](https://pypi.org/project/perimeterx-python-wsgi-gae/)
+> Latest GAE stable version: [v3.3.0](https://pypi.org/project/perimeterx-python-wsgi-gae/)
 
 Table of Contents
 -----------------
@@ -100,8 +100,8 @@ px_config = {
 application = get_wsgi_application()
 application = PerimeterX(application, px_config)
 ```
-- The PerimeterX **Application ID** / **AppId** and PerimeterX **Token** / **Auth Token** can be found in the Portal, in [Applications](https://console.perimeterx.com/#/app/applicationsmgmt).
-- PerimeterX **Risk Cookie** / **Cookie Key** can be found in the portal, in [Policies](https://console.perimeterx.com/#/app/policiesmgmt).
+- The PerimeterX **Application ID** / **AppId** and PerimeterX **Token** / **Auth Token** can be found in the Portal, in [Applications](https://console.perimeterx.com/botDefender/admin?page=applicationsmgmt).
+- PerimeterX **Risk Cookie** / **Cookie Key** can be found in the portal, in [Policies](https://console.perimeterx.com/botDefender/admin?page=policiesmgmt).
 The Policy from where the **Risk Cookie** / **Cookie Key** is taken must correspond with the Application from where the **Application ID** / **AppId** and PerimeterX **Token** / **Auth Token**.
 For details on how to create a custom Captcha page, refer to the [documentation](https://console.perimeterx.com/docs/server_integration_new.html#custom-captcha-section)
 ## <a name="configuration"></a>Optional Configuration

perimeterx/middleware.py

@@ -35,7 +35,6 @@ def __init__(self, app, config=None):
         px_activities_client.send_enforcer_telemetry_activity(config=px_config, update_reason='initial_config')
 
     def __call__(self, environ, start_response):
-        px_activities_client.send_activities_in_thread()
         context = None
         try:
             start = time.time()
@@ -47,6 +46,7 @@ def __call__(self, environ, start_response):
             context, verified_response = self.verify(request)
             pxhd_callback = create_custom_pxhd_callback(context, start_response)
             self._config.logger.debug("PerimeterX Enforcer took: {} ms".format((time.time() - start) * 1000))
+            px_activities_client.send_activities_in_thread()
             if verified_response is True:
                 return self.app(environ, pxhd_callback)
 

perimeterx/px_activities_client.py

@@ -24,13 +24,13 @@ def _send_activities_chunk():
         'Content-Type': 'application/json'
     }
     full_url = CONFIG.server_host + px_constants.API_ACTIVITIES
-    chunk = ACTIVITIES_BUFFER[:10]
+    chunk = ACTIVITIES_BUFFER[:CONFIG.max_buffer_len]
     for _ in range(len(chunk)):
         ACTIVITIES_BUFFER.pop(0)
     px_httpc.send(full_url=full_url, body=json.dumps(chunk), headers=default_headers, config=CONFIG, method='POST')
 
 def send_activities_in_thread():
-    if len(ACTIVITIES_BUFFER) >= 10:
+    if len(ACTIVITIES_BUFFER) >= CONFIG.max_buffer_len:
         CONFIG.logger.debug('Posting {} Activities'.format(len(ACTIVITIES_BUFFER)))
         t1 = threading.Thread(target=_send_activities_chunk)
         t1.daemon = True

perimeterx/px_api.py

@@ -115,9 +115,7 @@ def prepare_risk_body(ctx, config):
         'request': {
             'ip': ctx.ip,
             'headers': format_headers(ctx.headers),
-            'uri': ctx.uri,
             'url': ctx.full_url,
-            'firstParty': 'true' if config.first_party else 'false'
         },
         'additional': {
             's2s_call_reason': ctx.s2s_call_reason,

perimeterx/px_blocker.py

@@ -76,6 +76,7 @@ def prepare_properties(self, ctx, config):
         custom_logo = config.custom_logo
         is_mobile_num = 1 if ctx.is_mobile else 0
         captcha_uri = 'captcha.js?a={}&u={}&v={}&m={}'.format(ctx.block_action, uuid, vid, is_mobile_num)
+        alt_captcha_src = '//{}/{}/{}'.format(px_constants.ALT_CAPTCHA_HOST, app_id, captcha_uri)
 
         if config.first_party and not ctx.is_mobile:
             prefix = app_id[2:]
@@ -88,18 +89,17 @@ def prepare_properties(self, ctx, config):
             host_url = px_constants.COLLECTOR_URL.format(app_id.lower())
 
         return {
-            'refId': uuid,
             'appId': app_id,
             'vid': vid,
             'uuid': uuid,
-            'customLogo': custom_logo,
+            'customLogo': custom_logo if custom_logo else '',
             'cssRef': config.css_ref,
             'jsRef': config.js_ref,
-            'logoVisibility': 'visible' if custom_logo is not None else 'hidden',
             'hostUrl': host_url,
             'jsClientSrc': js_client_src,
             'firstPartyEnabled': 'true' if config.first_party else 'false',
-            'blockScript': captcha_src
+            'blockScript': captcha_src,
+            'altBlockScript': alt_captcha_src
         }
 
     def is_json_response(self, ctx):
@@ -118,7 +118,7 @@ def parse_action(action):
     if 'b' == action:
         return 'block'
     elif 'j' == action:
-        return 'challege'
+        return 'challenge'
     elif 'r' == action:
         return 'ratelimit'
     else:

perimeterx/px_config.py

@@ -10,15 +10,16 @@ def __init__(self, config_dict):
         module_mode = config_dict.get('module_mode', px_constants.MODULE_MODE_MONITORING)
         custom_logo = config_dict.get('custom_logo', None)
         testing_mode = config_dict.get('testing_mode', False)
+        px_backend_host = config_dict.get('px_backend_url', None)
+        max_buffer_len = config_dict.get('max_buffer_len', 30)
         self._px_app_id = app_id
         self._blocking_score = config_dict.get('blocking_score', 100)
         self._debug_mode = debug_mode
         self._module_version = config_dict.get('module_version', px_constants.MODULE_VERSION)
         self._module_version = px_constants.MODULE_VERSION.format(' GAE') if os.environ.get('SERVER_SOFTWARE','').startswith('Google') else px_constants.MODULE_VERSION.format('')
         self._module_mode = module_mode
-        self._server_host = 'sapi.perimeterx.net' if app_id is None else px_constants.SERVER_URL.format(app_id.lower())
-        self._collector_host = 'collector.perimeterx.net' if app_id is None else px_constants.COLLECTOR_URL.format(
-            app_id.lower())
+        self._server_host = px_backend_host if px_backend_host else 'sapi.perimeterx.net' if app_id is None else px_constants.SERVER_URL.format(app_id.lower())
+        self._collector_host = px_backend_host if px_backend_host else 'collector.perimeterx.net' if app_id is None else px_constants.COLLECTOR_URL.format(app_id.lower())
         self._encryption_enabled = config_dict.get('encryption_enabled', True)
         self._sensitive_headers = map(lambda header: header.lower(),
                                       config_dict.get('sensitive_headers', ['cookie', 'cookies']))
@@ -36,7 +37,7 @@ def __init__(self, config_dict):
         self._first_party_xhr_enabled = config_dict.get('first_party_xhr_enabled', True)
         self._ip_headers = config_dict.get('ip_headers', [])
         self._proxy_url = config_dict.get('proxy_url', None)
-        self._max_buffer_len = config_dict.get('max_buffer_len', 30)
+        self._max_buffer_len = max_buffer_len if max_buffer_len > 0 else 1
         self._bypass_monitor_header = config_dict.get('bypass_monitor_header','')
 
         sensitive_routes = config_dict.get('sensitive_routes', [])
@@ -55,7 +56,6 @@ def __init__(self, config_dict):
         self._enforced_specific_routes = enforced_routes
 
         self._block_html = 'BLOCK'
-        self._logo_visibility = 'visible' if custom_logo is not None else 'hidden'
         self._telemetry_config = self.__create_telemetry_config()
         self._testing_mode = testing_mode
         self._auth_token = config_dict.get('auth_token', None)
@@ -169,10 +169,6 @@ def whitelist_routes(self):
     def block_html(self):
         return self._block_html
 
-    @property
-    def logo_visibility(self):
-        return self._logo_visibility
-
     @property
     def additional_activity_handler(self):
         return self._additional_activity_handler

perimeterx/px_constants.py

@@ -17,6 +17,7 @@
 RATELIMIT_TEMPLATE = 'ratelimit.mustache'
 CLIENT_HOST = 'client.perimeterx.net'
 CAPTCHA_HOST = 'captcha.px-cdn.net'
+ALT_CAPTCHA_HOST = 'captcha.px-cloud.net'
 COLLECTOR_URL = 'collector-{}.perimeterx.net'
 SERVER_URL = 'sapi-{}.perimeterx.net'
 CLIENT_FP_PATH = 'init.js'
@@ -30,7 +31,7 @@
 EMPTY_GIF_B64 = 'R0lGODlhAQABAPAAAAAAAAAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw=='
 COLLECTOR_HOST = 'collector.perimeterx.net'
 FIRST_PARTY_FORWARDED_FOR = 'X-FORWARDED-FOR'
-MODULE_VERSION = 'Python WSGI Module{} v3.2.1'
+MODULE_VERSION = 'Python WSGI Module{} v3.3.0'
 API_RISK = '/api/v3/risk'
 PAGE_REQUESTED_ACTIVITY = 'page_requested'
 BLOCK_ACTIVITY = 'block'
@@ -41,3 +42,4 @@
 ACTION_BLOCK = 'b'
 ACTION_RATELIMIT = 'r'
 ACTION_CAPTCHA = 'c'
+

perimeterx/px_httpc.py

@@ -23,12 +23,12 @@ def send(full_url, body, headers, config, method, raise_error = False):
     try:
         start = time.time()
         if method == 'GET':
-            response = requests.get(url='https://' + full_url, headers=headers, timeout=config.api_timeout, stream=True)
+            response = requests.get(url=normalize_url(full_url), headers=headers, timeout=config.api_timeout, stream=True)
         else:
-            response = requests.post(url='https://' + full_url, headers=headers, data=body, timeout=config.api_timeout)
+            response = requests.post(url=normalize_url(full_url), headers=headers, data=body, timeout=config.api_timeout)
 
         if response.status_code >= 400:
-            logger.debug('PerimeterX server call failed')
+            logger.debug('PerimeterX server call failed with status ' + str(response.status_code))
             return False
         finish = time.time()
         request_time = finish - start
@@ -38,3 +38,10 @@ def send(full_url, body, headers, config, method, raise_error = False):
         logger.debug('PerimeterX Received Request Exception. Error: {}'.format(err))
         if raise_error:
             raise err
+
+
+def normalize_url(url):
+    if url.startswith("http://") or url.startswith("https://"):
+        return url
+    else:
+        return "https://" + url

perimeterx/px_request_verifier.py

@@ -10,7 +10,6 @@
 
 
 class PxRequestVerifier(object):
-
     def __init__(self, config):
         self.config = config
         self.logger = config.logger