padrino-framework | Padrino is a full-stack ruby framework built upon Sinatra | Firewall library

by padrino Ruby Version: 0.15.3 License: MIT

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | padrino-framework Summary

padrino-framework is a Ruby library typically used in Security, Firewall, Framework applications. padrino-framework has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can download it from GitHub.

Padrino is a full-stack ruby framework built upon Sinatra.

Support

Quality

Security

License

Reuse

Support

padrino-framework has a medium active ecosystem.

It has 3349 star(s) with 514 fork(s). There are 119 watchers for this library.

It had no major release in the last 6 months.

There are 50 open issues and 1343 have been closed. On average issues are closed in 237 days. There are 2 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of padrino-framework is 0.15.3

Quality

padrino-framework has 0 bugs and 593 code smells.

Security

padrino-framework has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

padrino-framework code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

padrino-framework is licensed under the MIT License. This license is Permissive.

Permissive licenses have the least restrictions, and you can use them in most projects.

Reuse

padrino-framework releases are not available. You will need to build from source code and install.

padrino-framework saves you 15298 person hours of effort in developing the same functionality from scratch.

It has 30527 lines of code, 1150 functions and 413 files.

It has medium code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed padrino-framework and discovered the below as its top functions. This is intended to give you an instant insight into padrino-framework implemented functionality, and help decide if they suit your requirements.

Creates a new Rack application .
Require that the given file has been loaded .
Maps the routes to the router
Tries to load the file if not already exists
Render a template .
Returns an array of all the sources in the source_source .
Initialize a new App instance
Adds a part part to the parts of the part part part .
Adds a part to this part .
Configure shipping method

Get all kandi verified functions for this library.

padrino-framework Key Features

No Key Features are available at this moment for padrino-framework.

padrino-framework Examples and Code Snippets

No Code Snippets are available at this moment for padrino-framework.

Community Discussions

Trending Discussions on padrino-framework

How does CloudKMS encryption/decryption work securely when being called from a non-Google system?

QUESTION

How does CloudKMS encryption/decryption work securely when being called from a non-Google system?

Asked 2018-May-01 at 14:24

I need to know that the plaintext/ciphertext being sent to Google CloudKMS, and the public/private key used to authenticate, are secure in transit, but I don't know how to prove that.

As per KMS docs, I created a service account, downloaded the JSON key file, and have hooked it up via the environment variable GOOGLE_APPLICATION_CREDENTIALS=/path/to/service-account-key.json.

I am using the google-api-client gem (at version 0.10.3, released 13 months old, because I can't install mime-types >= 3.0 whilst using padrino-mailer: see this commit), have tested the Google::Apis::CloudkmsV1::CloudKMSService methods encrypt_crypto_key and decrypt_crypto_key, and they're working nicely.

I have tried reading through the source code of the google-api-client, googleauth, and signet gems. All I'm certain of is:

The JSON key file is loaded and the private_key value is used to make OpenSSL::PKey::RSA.new here
Signet::OAuth2::Client is given the RSA key as signing_key in this file

I would consider the security proven if the JSON key file is used to encrypt the string sent through encrypt_crypto_key on the calling server, and likewise to decrypt the string received by decrypt_crypto_key, and the CloudKMS server on the other end behaves similarly. This is what I'm assuming the library does – End-to-end encryption – but I must see it to believe it. I attempted to view the traffic in Wireshark but couldn't make any sense of it (maybe that fact proves it? I don't know )

Can anyone help me prove or disprove this method of calling CloudKMS to encrypt/decrypt user data – using the google-api-client gem with a JSON key file downloaded as per the docs – is secure?

Related: for those of you who are interested, the CloudKMS API is on the roadmap to be included in the newer google-cloud gem.

...

ANSWER

Answered 2018-May-01 at 14:24

The communications between your client and Google are secured via TLS. You can see in Wireshark that the communications are on port 443 and that a TLS connection is negotiated.

Your requests are authenticated using OAuth. In this case (using a service account from outside of GCP), this is done using the flow documented in Using OAuth 2.0 for Server to Server Applications:

you are responsible for provisioning your off-GCP app with the private key issued to the service account you wish to assert;
it then uses that private key to sign a JWT and submit it to Google's OAuth server;
Google replies with an OAuth access token which is a bearer credential which identifies the service account in question;
You then provide that access token with your requests to KMS to identify the entity making the requests as the service account and using its authority;
KMS and GCP then use that identity to evaluate IAM access controls to determine whether particular operations are authorized.

This is secured end-to-end (the TLS connection is end-to-end security since the parties to the communication—your service and Google—are the TLS endpoints). Since your question seems to be "are these requests secure in transit, and how can I show this", I think it's sufficient to show that a TLS connection is being negotiated, Wireshark should be able to show you this. (Your connection library also needs to be doing a suitable PKI evaluation of the presented certificate; validating that this is taking place correctly is a little more involved, but it's a reasonable thing to trust is happening correctly if you investigate the tools you're using and their assertions around certificate validation).

Best wishes and thanks for using GCP and Cloud KMS. Let us know if you have any further questions.

Source https://stackoverflow.com/questions/50117509

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install padrino-framework

You can download it from GitHub.
On a UNIX-like operating system, using your system’s package manager is easiest. However, the packaged Ruby version may not be the newest one. There is also an installer for Windows. Managers help you to switch between multiple Ruby versions on your system. Installers can be used to install a specific or multiple Ruby versions. Please refer ruby-lang.org for more information.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: