added risk_cookie_max_iterations config (#45)

* added risk_cookie_max_iterations config

* minimal number of risk cookie iterations - 500

Author: chennakarpx

changelog.md

@@ -16,6 +16,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
  - Added support for bypass monitor header
  - Added support for extracting vid from _pxvid cookie
  - Added support for rate limit
+ - Added risk_cookie_max_iterations configuration
 
 ### Fixed
  - Updated dependencies

lib/perimeterx/configuration.rb

@@ -8,28 +8,29 @@ class Configuration
     attr_accessor :PX_DEFAULT
 
     PX_DEFAULT = {
-      :app_id                   => nil,
-      :cookie_key               => nil,
-      :auth_token               => nil,
-      :module_enabled           => true,
-      :challenge_enabled        => true,
-      :encryption_enabled       => true,
-      :blocking_score           => 100,
-      :sensitive_headers        => ["http-cookie", "http-cookies"],
-      :api_connect_timeout      => 1,
-      :api_timeout              => 1,
-      :max_buffer_len           => 10,
-      :send_page_activities     => true,
-      :send_block_activities    => true,
-      :sdk_name                 => PxModule::SDK_NAME,
-      :debug                    => false,
-      :module_mode              => PxModule::MONITOR_MODE,
-      :local_proxy              => false,
-      :sensitive_routes         => [],
-      :whitelist_routes         => [],
-      :ip_headers               => [],
-      :ip_header_function       => nil,
-      :bypass_monitor_header    => nil
+      :app_id                       => nil,
+      :cookie_key                   => nil,
+      :auth_token                   => nil,
+      :module_enabled               => true,
+      :challenge_enabled            => true,
+      :encryption_enabled           => true,
+      :blocking_score               => 100,
+      :sensitive_headers            => ["http-cookie", "http-cookies"],
+      :api_connect_timeout          => 1,
+      :api_timeout                  => 1,
+      :max_buffer_len               => 10,
+      :send_page_activities         => true,
+      :send_block_activities        => true,
+      :sdk_name                     => PxModule::SDK_NAME,
+      :debug                        => false,
+      :module_mode                  => PxModule::MONITOR_MODE,
+      :local_proxy                  => false,
+      :sensitive_routes             => [],
+      :whitelist_routes             => [],
+      :ip_headers                   => [],
+      :ip_header_function           => nil,
+      :bypass_monitor_header        => nil,
+      :risk_cookie_max_iterations   => 5000
     }
 
     def initialize(params)

lib/perimeterx/internal/payload/perimeter_x_payload.rb

@@ -108,6 +108,9 @@ def decrypt(px_cookie)
         px_cookie = px_cookie.gsub(' ', '+')
         salt, iterations, cipher_text = px_cookie.split(':')
         iterations = iterations.to_i
+        if (iterations > @px_config[:risk_cookie_max_iterations] || iterations < 500)
+          return
+        end
         salt = Base64.decode64(salt)
         cipher_text = Base64.decode64(cipher_text)
         digest = OpenSSL::Digest::SHA256.new