sqreen-alt 1.10.0

data/lib/sqreen/conditionable.rb

@@ -0,0 +1,50 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'sqreen/condition_evaluator'
+
+module Sqreen
+  # A module that will dynamically had preconditions to the pre/post/failing
+  # callbacks
+  module Conditionable
+    # Hook the necessary callback function
+    #
+    # @param conditions [Hash] hash of callback names => conditions
+    def condition_callbacks(conditions)
+      conditions = {} if conditions.nil?
+      base = self.class
+      %w(pre post failing).each do |cb|
+        conds = conditions[cb]
+        next unless base.method_defined?(cb)
+        send("#{cb}_conditions=", ConditionEvaluator.new(conds)) unless conds.nil?
+        defd = base.instance_variable_defined?("@conditional_hooked_#{cb}")
+        next if defd && base.instance_variable_get("@conditional_hooked_#{cb}")
+        base.send(:alias_method, "#{cb}_without_conditions", cb)
+        base.send(:alias_method, cb, "#{cb}_with_conditions")
+        base.instance_variable_set("@conditional_hooked_#{cb}", true)
+      end
+    end
+
+    def pre_with_conditions(inst, *args, &block)
+      eargs = [binding, framework, inst, args, @data, nil]
+      return nil if !pre_conditions.nil? && !pre_conditions.evaluate(*eargs)
+      pre_without_conditions(inst, *args, &block)
+    end
+
+    def post_with_conditions(rv, inst, *args, &block)
+      eargs = [binding, framework, inst, args, @data, rv]
+      return nil if !post_conditions.nil? && !post_conditions.evaluate(*eargs)
+      post_without_conditions(rv, inst, *args, &block)
+    end
+
+    def failing_with_conditions(rv, inst, *args, &block)
+      eargs = [binding, framework, inst, args, @data, rv]
+      return nil if !failing_conditions.nil? && !failing_conditions.evaluate(*eargs)
+      failing_without_conditions(rv, inst, *args, &block)
+    end
+
+    protected
+
+    attr_accessor :pre_conditions, :post_conditions, :failing_conditions
+  end
+end

data/lib/sqreen/configuration.rb

@@ -0,0 +1,168 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'yaml'
+require 'erb'
+require 'sqreen/performance_notifications/newrelic'
+
+module Sqreen
+  @config = nil
+
+  def self.config_init(framework = nil)
+    @config = Configuration.new(framework)
+    @config.load!
+    if @config && config_get(:report_perf_newrelic)
+      Sqreen::PerformanceNotifications::NewRelic.enable
+    end
+    @config
+  end
+
+  def self.config_get(name)
+    raise 'No configuration defined' if @config.nil?
+    @config.get(name)
+  end
+
+  CONFIG_FILE_BY_ENV = 'SQREEN_CONFIG_FILE'.freeze
+
+  CONFIG_DESCRIPTION = [
+    { :env => :SQREEN_DISABLE, :name => :disable,
+      :default => false, :convert => :to_bool },
+    { :env => :SQREEN_URL,       :name => :url,
+      :default => 'https://back.sqreen.io' },
+    { :env => :SQREEN_TOKEN,     :name => :token,
+      :default => nil },
+    { :env => :SQREEN_RULES,     :name => :local_rules,
+      :default => nil },
+    { :env => :SQREEN_RULES_SIGNATURE, :name => :rules_verify_signature,
+      :default => true },
+    { :env => :SQREEN_LOG_LEVEL, :name => :log_level,
+      :default => 'WARN', :choice => %w[UNKNOWN FATAL ERROR WARN INFO DEBUG] },
+    { :env => :SQREEN_LOG_LOCATION, :name => :log_location,
+      :default => 'log/sqreen.log' },
+    { :env => :SQREEN_RUN_IN_TEST, :name => :run_in_test,
+      :default => false, :convert => :to_bool },
+    { :env => :SQREEN_BLOCK_ALL_RULES, :name => :block_all_rules,
+      :default => nil },
+    { :env => :SQREEN_REPORT_PERF_NR, :name => :report_perf_newrelic,
+      :default => false, :convert => :to_bool },
+    { :env => :SQREEN_INITIAL_FEATURES, :name => :initial_features,
+      :default => nil },
+
+  ].freeze
+
+  CONFIG_FILE_NAME = 'sqreen.yml'.freeze
+
+  def self.to_bool(value)
+      %w[1 true].include?(value.to_s.downcase.strip)
+  end
+
+  # Class to access configurations variables
+  # This try to load environment by different ways.
+  # 1. By file:
+  #   a. From path in environment variable SQREEN_CONFIG_FILE
+  #   b. From path in #{Rails.root}/config/sqreen.yml
+  #   c. From home in ~/.sqreen.yml
+  # 2. From the environment, which overrides whatever result we found in 1.
+  class Configuration
+    def initialize(framework = nil)
+      @framework = framework
+      @config = default_values
+    end
+
+    def load!
+      path = find_configuration_file
+      if path
+        file_config = parse_configuration_file(path)
+        @config.merge!(file_config)
+      end
+
+      env_config = from_environment
+      @config.merge!(env_config)
+    end
+
+    def get(name)
+      @config[name.to_sym]
+    end
+
+    def default_values
+      res = {}
+      Sqreen::CONFIG_DESCRIPTION.each do |param|
+        name      = param[:name]
+        value     = param[:default]
+        choices   = param[:choices]
+        if choices && !choices.include?(value)
+          msg = format("Invalid value '%s' for env '%s' (allowed: %s)", value, name, choices)
+          raise Sqreen::Exception, msg
+        end
+        res[name] = param[:convert] ? send(param[:convert], value) : value
+      end
+      res
+    end
+
+    def from_environment
+      res = {}
+      Sqreen::CONFIG_DESCRIPTION.each do |param|
+        name      = param[:name]
+        value     = ENV[param[:env].to_s]
+        next unless value
+        res[name] = param[:convert] ? send(param[:convert], value) : value
+      end
+      res
+    end
+
+    def parse_configuration_file(path)
+      yaml = YAML.load(ERB.new(File.read(path)).result)
+      return {} unless yaml.is_a?(Hash)
+      if @framework
+        env = @framework.framework_infos[:environment]
+        yaml = yaml[env] if env && yaml[env].is_a?(Hash)
+      end
+      res = {}
+      # hash keys loaded by YAML are strings instead of symbols
+      Sqreen::CONFIG_DESCRIPTION.each do |param|
+        name      = param[:name]
+        value     = yaml[name.to_s]
+        next unless value
+        res[name] = param[:convert] ? send(param[:convert], value) : value
+      end
+      res
+    end
+
+    def find_user_home
+      homes = %w[HOME HOMEPATH]
+      homes.detect { |h| !ENV[h].nil? }
+    end
+
+    def find_configuration_file
+      config_file_from_env || local_config_file || config_file_from_home
+    end
+
+    protected
+
+    def config_file_from_env
+      path = ENV[Sqreen::CONFIG_FILE_BY_ENV]
+      return path if path && File.exist?(path)
+    end
+
+    def local_config_file
+      if @framework && @framework.root
+        path = File.join(@framework.root.to_s, 'config', CONFIG_FILE_NAME)
+        return path if File.exist?(path)
+      else
+        path = File.expand_path(File.join('config', 'sqreen.yml'))
+        return path if File.exist?(path)
+      end
+    end
+
+    def config_file_from_home
+      home = find_user_home
+      return unless home
+      path = File.join(ENV[home], '.' + CONFIG_FILE_NAME)
+      return path if File.exist?(path)
+    end
+
+    def to_bool(value)
+      Sqreen::to_bool(value)
+    end
+  end
+end

data/lib/sqreen/context.rb

@@ -0,0 +1,26 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+module Sqreen
+  # Context
+  class Context
+    attr_accessor :bt
+
+    def self.bt
+      Context.new.bt
+    end
+
+    def initialize
+      @bt = get_current_backtrace
+    end
+
+    def get_current_backtrace
+      # Force caller to be resolved now
+      caller.map(&:to_s)
+    end
+
+    def ==(other)
+      other.bt == @bt
+    end
+  end
+end

data/lib/sqreen/deliveries/batch.rb

@@ -0,0 +1,84 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'sqreen/deliveries/simple'
+require 'sqreen/events/remote_exception'
+module Sqreen
+  module Deliveries
+    # Simple delivery method that batch event already seen in a batch
+    class Batch < Simple
+      attr_accessor :max_batch, :max_staleness
+      attr_accessor :current_batch, :first_seen
+
+      def initialize(session,
+                     max_batch,
+                     max_staleness,
+                     randomize_staleness = true)
+        super(session)
+        self.max_batch = max_batch
+        self.max_staleness = max_staleness
+        @original_max_staleness = max_staleness
+        self.current_batch = []
+        @first_seen = {}
+        @randomize_staleness = randomize_staleness
+      end
+
+      def post_event(event)
+        current_batch.push(event)
+        post_batch if post_batch_needed?(event)
+      end
+
+      def drain
+        post_batch unless current_batch.empty?
+      end
+
+      def tick
+        post_batch if !current_batch.empty? && stale?
+      end
+
+      protected
+
+      def stale?
+        min = @first_seen.values.min
+        return false if min.nil?
+        (min + max_staleness) < Time.now
+      end
+
+      def post_batch_needed?(event)
+        now = Time.now
+        event_keys(event).map do |key|
+          was = @first_seen[key]
+          @first_seen[key] ||= now
+          was.nil? || current_batch.size > max_batch || (was + max_staleness) < now
+        end.any?
+      end
+
+      def post_batch
+        session.post_batch(current_batch)
+        current_batch.clear
+        now = Time.now
+        @first_seen.each_key do |key|
+          @first_seen[key] = now
+        end
+        return unless @randomize_staleness
+        self.max_staleness = @original_max_staleness
+        # Adds up to 10% of lateness
+        self.max_staleness += rand(@original_max_staleness / 10)
+      end
+
+      def event_keys(event)
+        return [event_key(event)] unless event.is_a?(Sqreen::RequestRecord)
+        event.observed.fetch(:attacks, []).map { |e| "att-#{e[:rule_name]}" } + event.observed.fetch(:sqreen_exceptions, []).map { |e| "rex-#{e[:exception].class}" }
+      end
+
+      def event_key(event)
+        case event
+        when Sqreen::Attack
+          "att-#{event.type}"
+        when Sqreen::RemoteException
+          "rex-#{event.klass}"
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/deliveries/simple.rb

@@ -0,0 +1,39 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'sqreen/events/remote_exception'
+require 'sqreen/events/request_record'
+
+module Sqreen
+  module Deliveries
+    # Simple delivery method that directly call session on event
+    class Simple
+      attr_accessor :session
+
+      def initialize(session)
+        self.session = session
+      end
+
+      def post_event(event)
+        case event
+        when Sqreen::Attack
+          session.post_attack(event)
+        when Sqreen::RemoteException
+          session.post_sqreen_exception(event)
+        when Sqreen::RequestRecord
+          session.post_request_record(event)
+        else
+          session.post_event(event)
+        end
+      end
+
+      def drain
+        # Since everything is posted at once nothing needs to be done here
+      end
+
+      def tick
+        # Since everything is posted at once nothing needs to be done here
+      end
+    end
+  end
+end

data/lib/sqreen/event.rb

@@ -0,0 +1,16 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+module Sqreen
+  # Master interface for point in time events (e.g. Attack, RemoteException)
+  class Event
+    attr_reader :payload
+    def initialize(payload)
+      @payload = payload
+    end
+
+    def to_hash
+      payload.to_hash
+    end
+  end
+end

data/lib/sqreen/events/attack.rb

@@ -0,0 +1,61 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'sqreen/event'
+
+module Sqreen
+  # Attack
+  # When creating a new attack, it gets automatically pushed to the event's
+  # queue.
+  class Attack < Event
+    def self.record(payload)
+      attack = Attack.new(payload)
+      attack.enqueue
+    end
+
+    def infos
+      payload['infos']
+    end
+
+    def rulespack_id
+      return nil unless payload['rule']
+      payload['rule']['rulespack_id']
+    end
+
+    def type
+      return nil unless payload['rule']
+      payload['rule']['name']
+    end
+
+    def time
+      return nil unless payload['local']
+      payload['local']['time']
+    end
+
+    def backtrace
+      return nil unless payload['context']
+      payload['context']['backtrace']
+    end
+
+    def enqueue
+      Sqreen.queue.push(self)
+    end
+
+    def to_hash
+      res = {}
+      rule_p = payload['rule']
+      request_p = payload['request']
+      res[:rule_name]    = rule_p['name']         if rule_p && rule_p['name']
+      res[:rulespack_id] = rule_p['rulespack_id'] if rule_p && rule_p['rulespack_id']
+      res[:test]         = rule_p['test']         if rule_p && rule_p['test']
+      res[:infos]        = payload['infos']       if payload['infos']
+      res[:time]         = time                   if time
+      res[:client_ip]    = request_p[:addr]       if request_p && request_p[:addr]
+      res[:request]      = request_p              if request_p
+      res[:params]       = payload['params']      if payload['params']
+      res[:context]      = payload['context']     if payload['context']
+      res[:headers]      = payload['headers']     if payload['headers']
+      res
+    end
+  end
+end