prevoty-rails

prevoty-rails is a plugin to automatically integrate Prevoty's content filtering and SQL anlysis engine into a Rails application. The content filter is distributed as a Rack middleware and can be used on any rack based framework including Rails. The SQL analysis is tied specifically to Rails due to the ActiveRecord and ActiveSupport integration that it depends on.

Installation

  1. Add this line to your application's Gemfile:
gem 'prevoty-rails'

  1. And then execute:

    $ bundle

Or install it yourself as:

$ gem install prevoty-rails
  1. Run the installer
rails generate prevoty:rails:install
  1. Update the configuration file

Running the installer will generate the Prevoty Rails plugin configuration file located at config/prevoty_rails.yml. This file has all of the possible options with default values. Unless desired to change from the defaults all values may be left commented out. The only required options are a v1 api key located in the Prevoty Manager and policy keys for content and query.

ActiveSupport::Notification Events

The following are a list of all Prevoty supplied notifications that can be subscribed to via the ActiveSupport::Notifications class. You may subscribe to these events with as many callbacks as you like but each one will be called sequentially and block the application until control is returned.

prevoty:content:protect - Prevoty has processed the querystring or body of a request in protect mode prevoty:content:monitor - Prevoty has processed a batch of querystrings and bodies in monitor mode prevoty:query:protect - Prevoty has processed a SQL query in protect mode prevoty:query:monitor - Prevoty has processed a batch of queries in monitor mode prevoty:query:failure - Prevoty has failed to process a SQL query

An example for using these events to access information about the various notifications is as follows.. This code should be place in an initializer, such as in 'config/initializers/prevoty_listeners.rb', or somewhere that is expected to run on startup of the Rails application.

handler = ->(name, start, finish, id, payload) do
  puts name
  puts start
  puts finish
  puts id
  puts payload.inspect
end

ActiveSupport::Notifications.subscribe 'prevoty:content:protect', handler
ActiveSupport::Notifications.subscribe 'prevoty:content:monitor', handler
ActiveSupport::Notifications.subscribe 'prevoty:query:protect', handler
ActiveSupport::Notifications.subscribe 'prevoty:query:monitor', handler
ActiveSupport::Notifications.subscribe 'prevoty:query:failure', handler