sqreen-alt 1.10.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 8e911ef9a6f8fc1dff0ec458f44860f9c43acce72c704f48865e7170dbf5e99f
+  data.tar.gz: 6df56f16bfdddcdbf28b68b23c75d904a5a736d77ba9f4d4cef8b7ac7ef373e3
+SHA512:
+  metadata.gz: 7985d8110bf3fb387fd14d17938e46439a33e503bb704dd801156d16444944e6a2e5df4a1fca0e736cc8e624bea365440573857af17985d51fd2acf6ac82fa8a
+  data.tar.gz: 80a78aa06bbfedbcd1a27c5b64877e4022669aac3ac6a4c5fdcfa458508c43936076ea1111804f9e57cfe1f8d446e3f4083709613d8a432e7582b2c57b9e5fef

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,22 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic addresses, without explicit permission
+* Other unethical or unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)

data/README.md

@@ -0,0 +1,77 @@
+# Sqreen
+
+Auto protection for you application.
+
+Copyright (c) 2015 Sqreen. All Rights Reserved.
+Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'sqreen'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install sqreen
+
+## Configuration
+
+The only required parameter is your application's `token`.
+
+### By file
+- for Rails:
+```shell
+  $ echo token: your_token > /path/to/RailsApp/config/sqreen.yml
+```
+- for anything else:
+```shell
+      $ echo token: your_token > ~/sqreen.yml
+    ```
+
+### By environment:
+    ```shell
+          $ export SQREEN_TOKEN=your_token
+    ```
+
+The following can be set:
+
+*file*      | *environment*
+------------|-------------
+token       | SQREEN_TOKEN
+url         | SQREEN_URL
+verbosity   | SQREEN_VERBOSITY
+local_rules | SQREEN_RULES
+
+SQREEN_RULES allows the agent to use rules that do not come from the server, but
+from a local file.
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+```shell
+$ gem install bundler
+$ bundle
+```
+
+Check that everything is all right:
+```shell
+$ bundle exec rake test
+```
+
+Use `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/sqreen/RubyAgent. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.

data/Rakefile

@@ -0,0 +1,20 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+
+if RUBY_VERSION >= '1.9.3'
+  require 'ci/reporter/rake/minitest'
+  task :testunit => 'ci:setup:minitest'
+else
+  task :testunit => :test
+end
+
+Rake::TestTask.new do |t|
+  t.pattern = 'test/**/*.rb'
+  t.libs << 'test'
+end
+
+desc 'Run tests'
+task :default => :test

data/lib/sqreen-alt.rb

@@ -0,0 +1 @@
+require "sqreen"

data/lib/sqreen.rb

@@ -0,0 +1,68 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'sqreen/instrumentation'
+require 'sqreen/session'
+require 'sqreen/runner'
+require 'sqreen/callbacks'
+require 'sqreen/version'
+require 'sqreen/log'
+require 'sqreen/stats'
+require 'sqreen/exception'
+require 'sqreen/configuration'
+require 'sqreen/events/attack'
+require 'sqreen/sdk'
+
+require 'thread'
+
+# Auto start the instrumentation.
+
+Sqreen.framework.on_start do |framework|
+  Thread.new do
+    begin
+      runner = nil
+      configuration = Sqreen.config_init(framework)
+      Sqreen.log.debug("Starting Sqreen #{Sqreen::VERSION}")
+      framework.sqreen_configuration = configuration
+      prevent_startup = Sqreen.framework.prevent_startup
+      if !prevent_startup
+        runner = Sqreen::Runner.new(configuration, framework)
+        runner.run_watcher
+      else
+        Sqreen.log.debug("#{prevent_startup} prevented Sqreen startup")
+      end
+    rescue Sqreen::TokenNotFoundException
+      Sqreen.log.error "Sorry but we couldn't find your Sqreen token.\nYour application is NOT currently protected by Sqreen.\n\nHave you filled your config/sqreen.yml?\n\n"
+    rescue Sqreen::TokenInvalidException
+      Sqreen.log.error "Sorry but your Sqreen token appears to be invalid.\nYour application is NOT currently protected by Sqreen.\n\nHave you correctly filled your config/sqreen.yml?\n\n"
+    rescue Exception => e
+      Sqreen.log.error e.inspect
+      Sqreen.log.debug e.backtrace.join("\n")
+      if runner
+        # immediately post exception
+        runner.session.post_sqreen_exception(Sqreen::RemoteException.new(e))
+        Sqreen.log.debug("runner = #{runner.inspect}")
+        begin
+          runner.remove_instrumentation
+        rescue => remove_exception
+          Sqreen.log.debug(remove_exception.inspect)
+          # We did not manage to remove instrumentation, state is unclear:
+          # terminate thread
+          return nil
+        end
+        begin
+          runner.logout(false)
+        rescue => logout_exception
+          Sqreen.log.debug(logout_exception.inspect)
+          nil
+        end
+      end
+      # Wait a few seconds before retrying
+      delay = rand(120)
+      Sqreen.log.debug("Sleeping #{delay} seconds before retry")
+      sleep(delay)
+      retry
+    end
+    Sqreen.log.debug("shutting down Sqreen #{Sqreen::VERSION}")
+  end
+end unless Sqreen::to_bool(ENV['SQREEN_DISABLE'])

data/lib/sqreen/attack_detected.html

@@ -0,0 +1,2 @@
+<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <title>Sqreen has detected an attack.</title> <style>html, body, div, span, h1, a{margin: 0; padding: 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline}body{background: -webkit-radial-gradient(26% 19%, circle, #fff, #f4f7f9); background: radial-gradient(circle at 26% 19%, #fff, #f4f7f9); display: -webkit-box; display: -ms-flexbox; display: flex; -webkit-box-pack: center; -ms-flex-pack: center; justify-content: center; -webkit-box-align: center; -ms-flex-align: center; align-items: center; -ms-flex-line-pack: center; align-content: center; width: 100%; min-height: 100vh; line-height: 1}svg, h1, p{display: block}svg{margin: 0 auto 4vh}h1{font-family: sans-serif; font-weight: 300; font-size: 34px; color: #384886; line-height: normal}p{font-size: 18px; line-height: normal; color: #b8bccc; font-family: sans-serif; font-weight: 300}a{color: #b8bccc}.flex{text-align: center}</style></head><body> <div class="flex"> <svg xmlns="http://www.w3.org/2000/svg" width="230" height="250" viewBox="0 0 230 250" enable-background="new 0 0 230 250"> <style>.st0{opacity: 0.4; filter: url(#a);}.st1{fill: #FFFFFF;}.st2{fill: #B0ACFF;}.st3{fill: #4842B7;}.st4{fill: #1E0936;}</style> <filter id="a" width="151.7%" height="146%" x="-25.8%" y="-16%" filterUnits="objectBoundingBox"> <feOffset dy="14" in="SourceAlpha" result="shadowOffsetOuter1"/> <feGaussianBlur in="shadowOffsetOuter1" result="shadowBlurOuter1" stdDeviation="13"/> <feColorMatrix in="shadowBlurOuter1" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.05 0"/> </filter> <g class="st0"> <path id="b_2_" d="M202.6 34.9c-.2-1.2-.8-2.1-1.9-2.8-3.8-2-37.9-20.1-85.7-20.1-48.8 0-84.2 19.3-85.7 20.1-1 .6-1.6 1.6-1.8 2.7-14.8 123.2 84.7 176.3 85.7 176.8.6.3 1.2.4 1.8.4.6 0 1.2-.1 1.7-.4 1-.5 100.4-55 85.9-176.7z"/> </g> <path id="b_1_" d="M202.6 34.9c-.2-1.2-.8-2.1-1.9-2.8-3.8-2-37.9-20.1-85.7-20.1-48.8 0-84.2 19.3-85.7 20.1-1 .6-1.6 1.6-1.8 2.7-14.8 123.2 84.7 176.3 85.7 176.8.6.3 1.2.4 1.8.4.6 0 1.2-.1 1.7-.4 1-.5 100.4-55 85.9-176.7z" class="st1"/> <g id="nest-cmyk-indigo"> <ellipse id="sqreen" cx="115.5" cy="69.9" class="st2" rx="12.7" ry="12.7"/> <path id="app" d="M113.6 91.9V71.5L95.5 61.1v18l6.4-3.7c.5 1.1 1 2.2 1.7 3.2L97 82.3l16.6 9.6zm3.7 0l16.6-9.6-6.7-3.9c.7-1 1.3-2 1.7-3.2l6.4 3.7v-18l-18.1 10.5v20.5zM96.9 57.6l18.6 10.7L134 57.6 117.3 48v7.6c-.6-.1-1.2-.1-1.8-.1-.6 0-1.2 0-1.8.1V48l-16.8 9.6zm20.2-13.9l20.3 11.7c1 .6 1.6 1.7 1.6 2.8v23.5c0 1.2-.6 2.2-1.6 2.8l-20.3 11.7c-1 .6-2.3.6-3.3 0L93.5 84.5c-1-.6-1.6-1.7-1.6-2.8V58.2c0-1.2.6-2.2 1.6-2.8l20.3-11.7c1-.6 2.3-.6 3.3 0z" class="st3"/> </g> <path id="s" d="M74.6 113c-1.8-1-3.5-1.5-5.2-1.5-1.4 0-2.3.6-2.3 1.5 0 2.7 10.1.4 10.1 7.7 0 3.3-2.9 6-7.6 6-2.1 0-4.7-.5-6.4-1.4l-.1-.1c-.3-.2-.3-.5-.2-.8l1.2-2.7c.1-.3.5-.5.9-.3.1 0 .1.1.2.1 1.5.6 3.1 1 4.6 1 2.2 0 2.9-.6 2.9-1.7 0-3-10.1-.8-10.1-7.7 0-3.1 2.7-5.8 7-5.8 2.1 0 5 .7 6.9 1.8.1 0 .1.1.2.1.3.2.4.5.3.8l-1.2 2.7c-.1.3-.5.5-.9.3h-.3z" class="st4"/> <path id="q" d="M93.6 107.8h3.2c.4 0 .7.3.7.7v25.9c0 .4-.3.7-.7.7h-3.2c-.4 0-.7-.3-.7-.7v-9.1c-1.2.8-2.9 1.4-4.7 1.4-5.4 0-9.6-4.3-9.6-9.7 0-5.4 4.1-9.7 9.6-9.7 1.8 0 3.5.6 4.7 1.4v-.1c0-.5.3-.8.7-.8zm-.7 12.4v-6.5c-1.3-1.3-2.8-2.1-4.5-2.1-2.9 0-5.1 2.3-5.1 5.4s2.2 5.4 5.1 5.4c1.7-.1 3.2-.7 4.5-2.2z" class="st4"/> <path id="r" d="M112.5 107.8c-1-.4-2-.6-3-.6-1.8 0-3.5.6-4.9 1.4v-.2c0-.3-.2-.5-.5-.5h-3.4c-.3 0-.5.2-.5.5v17.8c0 .3.2.5.5.5h3.4c.3 0 .5-.2.5-.5v-12.6c1.1-1.2 2.8-1.9 4.6-1.9.4 0 .9 0 1.5.2.3.1.6-.1.7-.4l1.3-2.9c.1-.4 0-.7-.2-.8z" class="st4"/> <path id="e" d="M129 124.7c-1.7 1-4.2 2-6.7 2-6 0-10.3-4.4-10.3-9.9 0-5.3 3.7-9.6 9.4-9.6 5.2 0 8.4 4.4 8.4 9 0 .4 0 .9-.1 1.2 0 .3-.3.6-.7.6h-12.5c.5 2.8 2.8 4.5 5.8 4.5 1.7 0 3.4-.5 5.1-1.4.3-.2.6-.1.8.2l1.2 2.6c.1.2 0 .4-.2.6-.2.1-.2.2-.2.2zm-12.4-10h8.5c-.2-1.8-1.9-3.3-3.9-3.3-2.5-.1-4 1.4-4.6 3.3z" class="st4"/> <path id="e_1_" d="M148.7 124.7c-1.7 1-4.2 2-6.7 2-6 0-10.3-4.4-10.3-9.9 0-5.3 3.7-9.6 9.4-9.6 5.2 0 8.4 4.4 8.4 9 0 .4 0 .9-.1 1.2 0 .3-.3.6-.7.6h-12.5c.5 2.8 2.8 4.5 5.8 4.5 1.7 0 3.4-.5 5.1-1.4.3-.2.6-.1.8.2l1.2 2.6c.1.2 0 .4-.2.6-.2.1-.2.2-.2.2zm-12.4-10h8.5c-.2-1.8-1.9-3.3-3.9-3.3-2.5-.1-4 1.4-4.6 3.3z" class="st4"/> <path id="n" d="M151.5 108.5V126c0 .4.3.7.7.7h3.2c.4 0 .7-.3.7-.7v-12.5c1.1-1.2 2.8-1.9 4.6-1.9 2.9 0 4.5 1.6 4.5 4.7v9.7c0 .4.3.7.7.7h3.2c.4 0 .7-.3.7-.7v-10.2c0-5.2-2.9-8.5-8.8-8.5-1.8 0-3.5.6-4.9 1.4v-.1c0-.4-.3-.7-.7-.7h-3.2c-.4-.1-.7.2-.7.6z" class="st4"/> </svg> <h1>Uh Oh! Sqreen has detected an attack.</h1> <p>If you are the application owner, check the Sqreen <a href="https://my.sqreen.io/">dashboard</a> for more information.</p></div></body></html>
+

data/lib/sqreen/binding_accessor.rb

@@ -0,0 +1,288 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'strscan'
+require 'sqreen/exception'
+require 'set'
+
+module Sqreen
+  # the value located at the given binding
+  class BindingAccessor
+    PathElem = Struct.new(:kind, :value)
+    attr_reader :path, :expression, :final_transform
+
+    # Expression to be accessed
+    # @param expression [String] expression to read
+    # @param convert [Boolean] wheter to convert objects to
+    #                          simpler types (Array, Hash, String...)
+    def initialize(expression, convert = false)
+      @final_transform = nil
+      @expression = expression
+      @path = []
+      @convert = convert
+      parse(expression)
+    end
+
+    # Access data from the expression
+    def access(binding, framework = nil, instance = nil, arguments = nil, cbdata = nil, last_return = nil)
+      env = [framework, instance, arguments, cbdata, last_return]
+      value = nil
+      @path.each do |component|
+        value = resolve_component(value, component, binding, env)
+      end
+      value
+    end
+
+    # access and transform expression for the given binding
+    def resolve(*args)
+      value = access(*args)
+      value = transform(value) if @final_transform
+      return convert(value) if @convert
+      value
+    end
+
+    protected
+
+    STRING_KIND = 'string'.freeze
+    SYMBOL_KIND = 'symbol'.freeze
+    INTEGER_KIND = 'integer'.freeze
+    LOCAL_VAR_KIND = 'local-variable'.freeze
+    INSTANCE_VAR_KIND = 'instance-variable'.freeze
+    CLASS_VAR_KIND = 'class-variable'.freeze
+    GLOBAL_VAR_KIND = 'global-variable'.freeze
+    CONSTANT_KIND = 'constant'.freeze
+    METHOD_KIND = 'method'.freeze
+    INDEX_KIND = 'index'.freeze
+    SQREEN_VAR_KIND = 'sqreen-variable'.freeze
+
+    if binding.respond_to?(:local_variable_get)
+      def get_local(name, bind)
+        bind.local_variable_get(name)
+      end
+    else
+      def get_local(name, bind)
+        eval(name, bind)
+      end
+    end
+
+    def resolve_component(current_value, component, binding, env)
+      case component[:kind]
+      when STRING_KIND, SYMBOL_KIND, INTEGER_KIND
+        component[:value]
+      when LOCAL_VAR_KIND
+        get_local(component[:value], binding)
+      when INSTANCE_VAR_KIND
+        current_value.instance_variable_get("@#{component[:value]}")
+      when CLASS_VAR_KIND
+        current_value.class.class_variable_get("@@#{component[:value]}")
+      when GLOBAL_VAR_KIND
+        instance_eval("$#{component[:value]}")
+      when CONSTANT_KIND
+        if current_value
+          current_value.const_get(component[:value].to_s)
+        else
+          Object.const_get(component[:value].to_s)
+        end
+      when METHOD_KIND
+        current_value.send(component[:value])
+      when INDEX_KIND
+        current_value[component[:value]]
+      when SQREEN_VAR_KIND
+        resolve_sqreen_variable(component[:value], *env)
+      else
+        raise "Do not know how to handle this component #{component.inspect}"
+      end
+    end
+
+    def resolve_sqreen_variable(what, framework, instance, args, cbdata, rv)
+      case what
+      when 'data'
+        cbdata
+      when 'rv'
+        rv
+      when 'args'
+        args
+      when 'inst'
+        instance
+      else
+        framework.send(what)
+      end
+    end
+
+    def parse(expression)
+      expression = extract_transform(expression)
+      @scan = StringScanner.new(expression)
+      until @scan.eos?
+        pos = @scan.pos
+        scalar = scan_scalar
+        if scalar
+          @path.push scalar
+          return
+        end
+        if @path.empty?
+          scan_push_variable
+        else
+          scan_push_method
+        end
+        scan_push_indexes
+        scan_push_more_constant if @scan.scan(/\./).nil?
+        raise Sqreen::Exception, error_state('Scan stuck') if @scan.pos == pos
+      end
+    ensure
+      @scan = nil
+    end
+
+    def extract_transform(expression)
+      parts = expression.split('|')
+      self.final_transform = parts.pop if parts.size > 1
+      parts.join('|').rstrip
+    end
+
+    def final_transform=(transform)
+      transform.strip!
+      unless KNOWN_TRANSFORMS.include?(transform)
+        raise Sqreen::Exception, "Invalid transform #{transform}"
+      end
+      @final_transform = transform
+    end
+
+    def scan_scalar
+      if @scan.scan(/\d+/)
+        PathElem.new(INTEGER_KIND, @scan[0].to_i)
+      elsif @scan.scan(/:(\w+)/)
+        PathElem.new(SYMBOL_KIND, @scan[1].to_sym)
+      elsif @scan.scan(/'((?:\\.|[^\\'])*)'/)
+        PathElem.new(STRING_KIND, @scan[1])
+      end
+    end
+
+    RUBY_IDENTIFIER_CHAR = if ''.respond_to? :encoding
+                             '[\w\u0080-\u{10ffff}]'
+                           else
+                             '[\w\x80-\xFF]'
+                           end
+
+    def scan_push_constant
+      return unless @scan.scan(/([A-Z]#{RUBY_IDENTIFIER_CHAR}+)/)
+      @path << PathElem.new(CONSTANT_KIND, @scan[1])
+    end
+
+    def scan_push_more_constant
+      while @scan.scan(/::/)
+        unless scan_push_constant
+          raise Sqreen::Exception, error_state('No more constant')
+        end
+      end
+    end
+
+    def scan_push_variable
+      if @scan.scan(/\$(#{RUBY_IDENTIFIER_CHAR}+)/)
+        @path << PathElem.new(GLOBAL_VAR_KIND, @scan[1])
+      elsif @scan.scan(/@@(#{RUBY_IDENTIFIER_CHAR}+)/)
+        @path << PathElem.new(CLASS_VAR_KIND, @scan[1])
+      elsif @scan.scan(/@(#{RUBY_IDENTIFIER_CHAR}+)/)
+        @path << PathElem.new(INSTANCE_VAR_KIND, @scan[1])
+      elsif @scan.scan(/#\.(\w+)/)
+        @path << PathElem.new(SQREEN_VAR_KIND, @scan[1])
+      elsif scan_push_constant
+        nil
+      elsif @scan.scan(/(#{RUBY_IDENTIFIER_CHAR}+)/u)
+        @path << PathElem.new(LOCAL_VAR_KIND, @scan[1])
+      end
+    end
+
+    def scan_push_method
+      if @scan.scan(/@@(#{RUBY_IDENTIFIER_CHAR}+)/)
+        @path << PathElem.new(CLASS_VAR_KIND, @scan[1])
+      elsif @scan.scan(/@(#{RUBY_IDENTIFIER_CHAR}+)/)
+        @path << PathElem.new(INSTANCE_VAR_KIND, @scan[1])
+      elsif @scan.scan(/(#{RUBY_IDENTIFIER_CHAR}+)/)
+        @path << PathElem.new(METHOD_KIND, @scan[1])
+      end
+    end
+
+    def scan_push_indexes
+      while @scan.scan(/\[/)
+        scalar = scan_scalar
+        raise Sqreen::Exception, error_state('Invalid index') unless scalar
+        unless @scan.scan(/\]/)
+          raise Sqreen::Exception, error_state('Unfinished index')
+        end
+        @path << PathElem.new(INDEX_KIND, scalar[:value])
+      end
+    end
+
+    def error_state(msg)
+      "#{msg} at #{@scan.pos} after #{@scan.string[0...@scan.pos]} (#{@scan.string})"
+    end
+
+    def convert(value)
+      case value
+      when ::Exception
+        { 'message' => value.message, 'backtrace' => value.backtrace }
+      else
+        value
+      end
+    end
+
+    # Available final transformations
+    module Transforms
+      def flat_keys(value, max_iter = 1000)
+        return nil if value.nil?
+        seen = Set.new
+        look_into = [value]
+        keys = []
+        idx = 0
+        until look_into.empty? || max_iter <= idx
+          idx += 1
+          val = look_into.pop
+          next unless seen.add?(val.object_id)
+          case val
+          when Hash
+            keys.concat(val.keys)
+            look_into.concat(val.values)
+          when Array
+            look_into.concat(val)
+          else
+            next if val.respond_to?(:seek)
+            val.each { |v| look_into << v } if val.respond_to?(:each)
+          end
+        end
+        keys
+      end
+
+      def flat_values(value, max_iter = 1000)
+        return nil if value.nil?
+        seen = Set.new
+        look_into = [value]
+        values = []
+        idx = 0
+        until look_into.empty? || max_iter <= idx
+          idx += 1
+          val = look_into.shift
+          next unless seen.add?(val.object_id)
+          case val
+          when Hash
+            look_into.concat(val.values)
+          when Array
+            look_into.concat(val)
+          else
+            next if val.respond_to?(:seek)
+            if val.respond_to?(:each)
+              val.each { |v| look_into << v }
+            else
+              values << val
+            end
+          end
+        end
+        values
+      end
+    end
+    include Transforms
+    KNOWN_TRANSFORMS = Transforms.public_instance_methods.map(&:to_s)
+
+    def transform(value)
+      send(@final_transform, value) if @final_transform
+    end
+  end
+end