libsqreen 0.3.0.0.3 → 0.6.1.0.0

data/ext/libsqreen_extension/logging.c

@@ -0,0 +1,207 @@
+#ifndef _GNU_SOURCE
+#define DEFINED_GNU_SOURCE
+// for vaspritnf
+#define _GNU_SOURCE
+#endif
+#include <stdio.h>
+#ifdef DEFINED_GNU_SOURCE
+#undef _GNU_SOURCE
+#endif
+
+#include "logging.h"
+#include <ruby.h>
+#include <string.h>
+
+#ifdef _WIN32
+# define DIR_SEP '\\'
+#else
+# define DIR_SEP '/'
+#endif
+
+extern VALUE waf_mod;
+PW_LOG_LEVEL log_threshold;
+static int file_strip_idx;
+
+void
+log_init() {
+    const char *file = __FILE__;
+    size_t file_len = strlen(file);
+
+    const char *loc;
+    for (loc = file + file_len - 1; loc >= file; loc--) {
+        if (*loc == DIR_SEP) {
+            break;
+        }
+    }
+    file_strip_idx = loc >= file ? (int)(loc - file + 1) : 0;
+}
+
+static  void
+on_log(PW_LOG_LEVEL level, const char *function, const char *file,
+       int line, const char *message, size_t message_len);
+
+
+static VALUE log_level_to_fixnum(PW_LOG_LEVEL level) {
+    VALUE sym;
+
+    switch (level) {
+    case PWL_TRACE:
+        sym = INT2FIX(0); // Logger::DEBUG
+        break;
+    case PWL_DEBUG:
+        sym = INT2FIX(0); // Logger::DEBUG
+        break;
+    case PWL_INFO:
+        sym = INT2FIX(1); // Logger::INFO
+        break;
+    case PWL_WARN:
+        sym = INT2FIX(2); // Logger::WARN
+        break;
+    case PWL_ERROR:
+        sym = INT2FIX(3); // Logger::ERROR
+        break;
+    default:
+        rb_raise(rb_eArgError, "not valid value");
+    }
+
+    return sym;
+}
+
+static PW_LOG_LEVEL
+sym_to_log_level(VALUE sym) {
+    PW_LOG_LEVEL level;
+
+    Check_Type(sym, T_SYMBOL);
+
+    if (SYM2ID(sym) == rb_intern("trace")) {
+        level = PWL_TRACE;
+    } else if (SYM2ID(sym) == rb_intern("debug")) {
+        level = PWL_DEBUG;
+    } else if (SYM2ID(sym) == rb_intern("info")) {
+        level = PWL_INFO;
+    } else if (SYM2ID(sym) == rb_intern("warn")) {
+        level = PWL_WARN;
+    } else if (SYM2ID(sym) == rb_intern("error")) {
+        level = PWL_ERROR;
+    } else {
+        rb_raise(rb_eArgError, "not valid value");
+    }
+
+    return level;
+}
+
+static VALUE
+call_logger_add(VALUE ary) {
+    VALUE logger = rb_ary_entry(ary, 0);
+    VALUE severity = rb_ary_entry(ary, 1);
+    VALUE log_msg = rb_ary_entry(ary, 2);
+
+    return rb_funcall(logger, rb_intern("add"), 2, severity, log_msg);
+}
+
+
+VALUE
+libsqreen_waf_log_enable(VALUE self, VALUE severity) {
+    (void)self;
+    PW_LOG_LEVEL level;
+
+    Check_Type(severity, T_SYMBOL);
+
+    level = sym_to_log_level(severity);
+    powerwaf_setupLogging(on_log, level);
+    log_threshold = level;
+
+    return Qnil;
+}
+
+VALUE
+libsqreen_waf_log_disable(VALUE self) {
+    (void)self;
+    PW_LOG_LEVEL level = PWL_ERROR;
+
+    powerwaf_setupLogging(NULL, level);
+    log_threshold = _PWL_AFTER_LAST;
+
+    return Qnil;
+}
+
+VALUE
+libsqreen_waf_set_logger(VALUE self, VALUE logger) {
+    ID i_logger;
+
+    if (logger == Qnil) {
+        libsqreen_waf_log_disable(self);
+    }
+
+    i_logger = rb_intern("@logger");
+    rb_ivar_set(self, i_logger, logger);
+
+    if (logger != Qnil) {
+        libsqreen_waf_log_enable(self, ID2SYM(rb_intern("error")));
+    }
+
+    return logger;
+}
+
+VALUE
+libsqreen_waf_get_logger(VALUE self) {
+    VALUE logger;
+    ID i_logger;
+
+    i_logger = rb_intern("@logger");
+    logger = rb_ivar_get(self, i_logger);
+
+    return logger;
+}
+
+static void
+on_log(PW_LOG_LEVEL level,
+       const char *function,
+       const char *file,
+       int line,
+       const char *message, size_t message_len) {
+    VALUE severity;
+    VALUE logger;
+    VALUE log_msg;
+
+    logger = libsqreen_waf_get_logger(waf_mod);
+    if (logger == Qnil) {
+        return;
+    }
+
+    severity = log_level_to_fixnum(level);
+    if (severity == Qnil) {
+        return;
+    }
+
+    if (message_len > INT_MAX) {
+        return;
+    }
+
+    log_msg = rb_sprintf("from %s:%d:in `%s': %.*s",  file, line, function,
+                         (int)message_len, message);
+
+    VALUE log_args = rb_ary_new3(3L, logger, severity, log_msg);
+    (void) rb_protect(call_logger_add, log_args, &(int) { 0 });
+}
+
+void
+ruby_log(PW_LOG_LEVEL level,
+         const char *function,
+         const char *file,
+         int line,
+         const char *fmt, ...)
+{
+    char *message = NULL;
+    va_list ap;
+    va_start(ap, fmt);
+    int message_len = vasprintf(&message, fmt, ap);
+    va_end(ap);
+
+    if (!message) {
+        return;
+    }
+    on_log(level, function, file + file_strip_idx, line,
+           message, (size_t)message_len);
+    free(message);
+}

data/ext/libsqreen_extension/logging.h

@@ -0,0 +1,29 @@
+#ifndef LOGGING_H
+#define LOGGING_H
+
+#include <waf.h>
+#include <stdlib.h>
+#include <ruby.h>
+
+void log_init(void);
+
+extern PW_LOG_LEVEL log_threshold;
+// TODO: skip call if the log level is too low
+#define RUBY_LOG(level, fmt, ...) \
+    do { \
+        if (level >= log_threshold) { \
+            ruby_log(level, __FUNCTION__, __FILE__, __LINE__, fmt, ##__VA_ARGS__); \
+        } \
+    } while(0)
+
+void ruby_log(PW_LOG_LEVEL level, const char *function, const char *file,
+              int line, const char *fmt, ...)
+__attribute__((format (printf, 5, 6)));
+
+// ruby methods
+VALUE libsqreen_waf_log_enable(VALUE self, VALUE severity);
+VALUE libsqreen_waf_log_disable(VALUE self);
+VALUE libsqreen_waf_set_logger(VALUE self, VALUE logger);
+VALUE libsqreen_waf_get_logger(VALUE self);
+
+#endif // LOGGING_H

data/ext/libsqreen_extension/stub/libsqreen_stub.c

@@ -0,0 +1,2 @@
+void Init_libsqreen_extension(void);
+void Init_libsqreen_extension() {}

data/lib/libsqreen.rb

@@ -4,22 +4,15 @@
 require 'libsqreen/version'
 
 module LibSqreen
-  (@load_order ||= []).push(:'libsqreen.rb')
-
   def self.extension_path
     RUBY_VERSION =~ /^(\d+\.\d+)/ && "ext/#{RUBY_PLATFORM}/#{$1}"
   end
 
   def self.require_extension
-    begin
-      require "#{extension_path}/libsqreen.so"
-    rescue LoadError
-      require "libsqreen.so"
-    end
     begin
       require "#{extension_path}/libsqreen_extension.so"
     rescue LoadError
-      require "libsqreen_extension.so"
+      require 'libsqreen_extension.so'
     end
   end
 

data/lib/libsqreen/version.rb

@@ -2,5 +2,5 @@
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 
 module LibSqreen
-  VERSION = "0.3.0.0.3"
+  VERSION = "0.6.1.0.0"
 end

data/libsqreen.gemspec

@@ -13,17 +13,27 @@ Gem::Specification.new do |s|
   s.license     = "Sqreen"
 
   s.files  = `git ls-files`.split("\n")
+    .reject { |f| f =~ /^release\// }
+    .reject { |f| f =~ /\.gitkeep$/ }
+    .reject { |f| f =~ /^rakefile_bins\.rb$/ }
+    .reject { |f| f =~ /^valgrind\.supp$/ }
     .reject { |f| f =~ /^release\// }
     .reject { |f| f =~ /^vendor\// }
     .reject { |f| f =~ /^.git\// }
     .reject { |f| f =~ /^docker\// }
+    .reject { |f| f =~ /^ruby_pkgs\// }
+    .reject { |f| f =~ /^azure-/ }
+    .reject { |f| f =~ /^\.git/ }
+    .reject { |f| %w{Makefile Rakefile s3get}.include?(f) }
     .reject { |f| f =~ /^test\// } + Dir.glob('vendor/lib*/**/*')
 
   s.require_paths = ["lib"]
   s.require_paths += ["lib/ext"]
-  s.extensions = ["ext/libsqreen/extconf.rb", "ext/libsqreen_extension/extconf.rb"]
+  s.extensions = ["ext/libsqreen_extension/extconf.rb"]
 
   s.add_development_dependency 'rake', '~> 11.0'
   s.add_development_dependency 'rake-compiler', '~> 0'
+  s.add_development_dependency 'minitest', '5.11.3'
+  s.add_development_dependency 'minitest-junit', '~> 0.2.0'
 end
 

data/vendor/libsqreen/include/waf.h

@@ -14,7 +14,10 @@ extern "C" {
 #include <stdbool.h>
 #include <stdlib.h>
 
-#define MAX_REGEX_STRING_LENGTH 4096
+#define PW_MAX_STRING_LENGTH 4096
+#define PW_MAX_MAP_DEPTH 20
+#define PW_MAX_ARRAY_LENGTH 256
+#define PW_RUN_TIMEOUT 5000
 
 typedef enum
 {
@@ -26,14 +29,28 @@ typedef enum
 	PWI_MAP              = 1 << 4,	// `value` shall be decoded as an array of PWArgs of length `nbEntries`, each item having a `parameterName`
 } PW_INPUT_TYPE;
 
-typedef struct
+typedef struct _PWArgs PWArgs;
+
+struct _PWArgs
 {
 	const char * parameterName;
 	uint64_t parameterNameLength;
-	const void * value;
+	union {
+		const char * stringValue;
+		uint64_t uintValue;
+		int64_t intValue;
+		const PWArgs * array;
+		const void * rawHandle;
+	};
 	uint64_t nbEntries;
 	PW_INPUT_TYPE type;
-} PWArgs;
+};
+
+typedef struct
+{
+	uint64_t maxArrayLength;
+	uint64_t maxMapDepth;
+} PWConfig;
 
 /// InitializePowerWAF
 ///
@@ -43,9 +60,10 @@ typedef struct
 ///
 /// @param ruleName Name the atom that provided the patterns we're about to initialize with
 /// @param wafRule JSON blob containing the patterns to work with
+/// @param config Customized limits for the PWArgs validation
 /// @return The success (true) or faillure (false) of the init
 
-extern bool powerwaf_initializePowerWAF(const char * ruleName, const char * wafRule);
+extern bool powerwaf_init(const char * ruleName, const char * wafRule, const PWConfig * config);
 
 
 typedef enum
@@ -62,7 +80,7 @@ typedef enum
 	PWD_DUPLICATE_FLOW_STEP,
 } PW_DIAG_CODE;
 
-/// powerwaf_initializePowerWAFWithDiag
+/// powerwaf_initWithDiag
 ///
 /// Initialize a rule in the PowerWAF
 /// Must be called before calling RunPowerWAF on this rule name
@@ -71,15 +89,16 @@ typedef enum
 ///
 /// @param ruleName Name the atom that provided the patterns we're about to initialize with
 /// @param wafRule JSON blob containing the patterns to work with
+/// @param config Customized limits for the PWArgs validation. NULL or a value of 0 mean using the default value described above
 /// @param errors Pointer to the pointer to be populated with a potential error report. Set to NULL not to generate such a report
 /// @return The success (true) or faillure (false) of the init
 
 
-extern bool powerwaf_initializePowerWAFWithDiag(const char * ruleName, const char * wafRule, char ** errors);
+extern bool powerwaf_initWithDiag(const char * ruleName, const char * wafRule, const PWConfig * config, char ** errors);
 
 /// powerwaf_freeDiagnotics
 ///
-/// Free the error report generated by powerwaf_initializePowerWAFWithDiag
+/// Free the error report generated by powerwaf_initWithDiag
 ///
 /// @param errors Pointer to a populated error report. NULL will be safely ignored
 
@@ -126,8 +145,8 @@ typedef struct
 ///
 /// Threading guarantees: When calling this API, a lock will be taken for a very short window as this call will take ownership of a shared smart pointer.
 /// 	This pointer implement reference counting and can be owned by as many thread as you want.
-/// 	If you call powerwaf_initializePowerWAF while evaluation of powerwaf_runPowerWAF is ongoing, the calls having already taken ownership will safely finish processing.
-/// 	The shared pointer will be destroyed, without locking powerwaf_initializePowerWAF, when the last powerwaf_runPowerWAF finish processing.
+/// 	If you call powerwaf_init while evaluation of powerwaf_run is ongoing, the calls having already taken ownership will safely finish processing.
+/// 	The shared pointer will be destroyed, without locking powerwaf_init, when the last powerwaf_run finish processing.
 ///
 /// Maximum budget: The budget is internally stored in nanoseconds in an int64_t variable. This is then added to the current time, also coded in nano seconds.
 /// 	Due to those convertions, the maximum safe value for the next 15 years is 2^52. After that, 2^51.
@@ -137,7 +156,7 @@ typedef struct
 /// @param timeLeftInUs The maximum time in microsecond PowerWAF is allowed to take
 /// @return Whether the pattern matched or whether we encountered an error
 
-extern PWRet * powerwaf_runPowerWAF(const char * ruleName, const PWArgs * parameters, size_t timeLeftInUs);
+extern PWRet * powerwaf_run(const char * ruleName, const PWArgs * parameters, size_t timeLeftInUs);
 
 
 typedef struct {
@@ -152,7 +171,7 @@ typedef struct {
 ///
 /// @return The API version in SemVer form
 
-extern const PWVersion powerwaf_getVersion(void);
+extern PWVersion powerwaf_getVersion(void);
 
 
 typedef enum

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: libsqreen
 version: !ruby/object:Gem::Version
-  version: 0.3.0.0.3
+  version: 0.6.1.0.0
 platform: ruby
 authors:
 - Sqreen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-07 00:00:00.000000000 Z
+date: 2020-05-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -38,36 +38,56 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 5.11.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 5.11.3
+- !ruby/object:Gem::Dependency
+  name: minitest-junit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
 description: Distributes fast compiled functions for the Sqreen agent
 email:
 - contact@sqreen.com
 executables: []
 extensions:
-- ext/libsqreen/extconf.rb
 - ext/libsqreen_extension/extconf.rb
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- ".gitmodules"
 - CHANGELOG.md
 - Gemfile
 - LICENSE
-- Makefile
 - README.md
-- Rakefile
-- azure-pipelines.yml
-- ext/libsqreen/arch.rb
-- ext/libsqreen/extconf.rb
-- ext/libsqreen/libsqreen.c
-- ext/libsqreen/location.rb
-- ext/libsqreen/paths.rb
+- ext/env_overrides.rb
 - ext/libsqreen_extension/extconf.rb
 - ext/libsqreen_extension/libsqreen_extension.c
 - ext/libsqreen_extension/libsqreen_extension.version
+- ext/libsqreen_extension/logging.c
+- ext/libsqreen_extension/logging.h
+- ext/libsqreen_extension/stub/libsqreen_stub.c
 - lib/libsqreen.rb
 - lib/libsqreen/version.rb
 - libsqreen.gemspec
-- s3get
 - vendor/libc++/LICENSE.libc++.txt
 - vendor/libc++/LICENSE.libunwind.txt
 - vendor/libc++/x86_64/linux/libc++.a