sqreen-alt 1.13.4 → 1.14.0.beta3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +2 -20
- metadata +25 -117
- data/CODE_OF_CONDUCT.md +0 -22
- data/README.md +0 -77
- data/lib/sqreen-alt.rb +0 -1
- data/lib/sqreen.rb +0 -67
- data/lib/sqreen/actions.rb +0 -261
- data/lib/sqreen/attack_detected.html +0 -2
- data/lib/sqreen/binding_accessor.rb +0 -357
- data/lib/sqreen/ca.crt +0 -72
- data/lib/sqreen/call_countable.rb +0 -67
- data/lib/sqreen/callback_tree.rb +0 -92
- data/lib/sqreen/callbacks.rb +0 -167
- data/lib/sqreen/capped_queue.rb +0 -22
- data/lib/sqreen/condition_evaluator.rb +0 -235
- data/lib/sqreen/conditionable.rb +0 -50
- data/lib/sqreen/configuration.rb +0 -184
- data/lib/sqreen/context.rb +0 -26
- data/lib/sqreen/deliveries/batch.rb +0 -90
- data/lib/sqreen/deliveries/simple.rb +0 -39
- data/lib/sqreen/event.rb +0 -16
- data/lib/sqreen/events/attack.rb +0 -61
- data/lib/sqreen/events/remote_exception.rb +0 -54
- data/lib/sqreen/events/request_record.rb +0 -132
- data/lib/sqreen/exception.rb +0 -34
- data/lib/sqreen/frameworks.rb +0 -40
- data/lib/sqreen/frameworks/generic.rb +0 -536
- data/lib/sqreen/frameworks/rails.rb +0 -151
- data/lib/sqreen/frameworks/rails3.rb +0 -36
- data/lib/sqreen/frameworks/request_recorder.rb +0 -71
- data/lib/sqreen/frameworks/sinatra.rb +0 -59
- data/lib/sqreen/frameworks/sqreen_test.rb +0 -26
- data/lib/sqreen/instrumentation.rb +0 -732
- data/lib/sqreen/log.rb +0 -122
- data/lib/sqreen/metrics.rb +0 -7
- data/lib/sqreen/metrics/average.rb +0 -39
- data/lib/sqreen/metrics/base.rb +0 -45
- data/lib/sqreen/metrics/binning.rb +0 -74
- data/lib/sqreen/metrics/collect.rb +0 -22
- data/lib/sqreen/metrics/sum.rb +0 -20
- data/lib/sqreen/metrics_store.rb +0 -100
- data/lib/sqreen/middleware.rb +0 -34
- data/lib/sqreen/payload_creator.rb +0 -137
- data/lib/sqreen/performance_notifications.rb +0 -92
- data/lib/sqreen/performance_notifications/binned_metrics.rb +0 -119
- data/lib/sqreen/performance_notifications/log.rb +0 -35
- data/lib/sqreen/performance_notifications/log_performance.rb +0 -69
- data/lib/sqreen/performance_notifications/metrics.rb +0 -35
- data/lib/sqreen/performance_notifications/newrelic.rb +0 -91
- data/lib/sqreen/remote_command.rb +0 -105
- data/lib/sqreen/rule_attributes.rb +0 -26
- data/lib/sqreen/rule_callback.rb +0 -72
- data/lib/sqreen/rules.rb +0 -126
- data/lib/sqreen/rules_callbacks.rb +0 -29
- data/lib/sqreen/rules_callbacks/binding_accessor_matcher.rb +0 -85
- data/lib/sqreen/rules_callbacks/binding_accessor_metrics.rb +0 -79
- data/lib/sqreen/rules_callbacks/blacklist_ips.rb +0 -44
- data/lib/sqreen/rules_callbacks/count_http_codes.rb +0 -45
- data/lib/sqreen/rules_callbacks/crawler_user_agent_matches.rb +0 -24
- data/lib/sqreen/rules_callbacks/crawler_user_agent_matches_metrics.rb +0 -24
- data/lib/sqreen/rules_callbacks/custom_error.rb +0 -65
- data/lib/sqreen/rules_callbacks/execjs.rb +0 -315
- data/lib/sqreen/rules_callbacks/headers_insert.rb +0 -22
- data/lib/sqreen/rules_callbacks/inspect_rule.rb +0 -25
- data/lib/sqreen/rules_callbacks/matcher_rule.rb +0 -139
- data/lib/sqreen/rules_callbacks/rails_parameters.rb +0 -14
- data/lib/sqreen/rules_callbacks/record_request_context.rb +0 -44
- data/lib/sqreen/rules_callbacks/reflected_xss.rb +0 -291
- data/lib/sqreen/rules_callbacks/regexp_rule.rb +0 -45
- data/lib/sqreen/rules_callbacks/run_block_user_actions.rb +0 -34
- data/lib/sqreen/rules_callbacks/run_req_start_actions.rb +0 -61
- data/lib/sqreen/rules_callbacks/shell_env.rb +0 -32
- data/lib/sqreen/rules_callbacks/url_matches.rb +0 -25
- data/lib/sqreen/rules_callbacks/user_agent_matches.rb +0 -22
- data/lib/sqreen/rules_signature.rb +0 -165
- data/lib/sqreen/runner.rb +0 -466
- data/lib/sqreen/runtime_infos.rb +0 -138
- data/lib/sqreen/safe_json.rb +0 -60
- data/lib/sqreen/sdk.rb +0 -56
- data/lib/sqreen/serializer.rb +0 -46
- data/lib/sqreen/session.rb +0 -322
- data/lib/sqreen/shared_storage.rb +0 -40
- data/lib/sqreen/shared_storage23.rb +0 -10
- data/lib/sqreen/version.rb +0 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2c708d001228bf315406811cfee3b173a35d05da108713b45dc4bb29af9d7f15
|
4
|
+
data.tar.gz: dc2a4a9f4c2ae9d5d93d3694570b07ab5d18d5a3742ac6401fcb2c30ce3ccb10
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 92a3706845d4bdda4081e77281aa8a9c48fc3198f36b82783640cab59d2256e5abec38ddaeca9b816843c9f48f38174b219b4747347810d91786787ba09f8882
|
7
|
+
data.tar.gz: e4036dbbce01e2f5bb3de9014dc4576d48e181a949a077eb6c0a82ffd71518f5caf42df72d4ca6e7fd4fc5756639ff282d6d8371077fca4284d94de14d678bc3
|
data/Rakefile
CHANGED
@@ -1,20 +1,2 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
require 'bundler/gem_tasks'
|
5
|
-
require 'rake/testtask'
|
6
|
-
|
7
|
-
if RUBY_VERSION >= '1.9.3'
|
8
|
-
require 'ci/reporter/rake/minitest'
|
9
|
-
task :testunit => 'ci:setup:minitest'
|
10
|
-
else
|
11
|
-
task :testunit => :test
|
12
|
-
end
|
13
|
-
|
14
|
-
Rake::TestTask.new do |t|
|
15
|
-
t.pattern = 'test/**/*.rb'
|
16
|
-
t.libs << 'test'
|
17
|
-
end
|
18
|
-
|
19
|
-
desc 'Run tests'
|
20
|
-
task :default => :test
|
1
|
+
require "bundler/gem_tasks"
|
2
|
+
task :default => :spec
|
metadata
CHANGED
@@ -1,69 +1,57 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sqreen-alt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.14.0.beta3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sqreen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-09-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name:
|
14
|
+
name: bundler
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
|
-
- - "
|
17
|
+
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
20
|
-
type: :
|
19
|
+
version: '1.16'
|
20
|
+
type: :development
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
|
-
- - "
|
24
|
+
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: '1.16'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
28
|
+
name: rake
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
|
-
- - "
|
32
|
-
- !ruby/object:Gem::Version
|
33
|
-
version: 0.1.15
|
34
|
-
- - "<"
|
31
|
+
- - "~>"
|
35
32
|
- !ruby/object:Gem::Version
|
36
|
-
version: '0
|
37
|
-
type: :
|
33
|
+
version: '10.0'
|
34
|
+
type: :development
|
38
35
|
prerelease: false
|
39
36
|
version_requirements: !ruby/object:Gem::Requirement
|
40
37
|
requirements:
|
41
|
-
- - "
|
42
|
-
- !ruby/object:Gem::Version
|
43
|
-
version: 0.1.15
|
44
|
-
- - "<"
|
38
|
+
- - "~>"
|
45
39
|
- !ruby/object:Gem::Version
|
46
|
-
version: '0
|
40
|
+
version: '10.0'
|
47
41
|
- !ruby/object:Gem::Dependency
|
48
|
-
name:
|
42
|
+
name: sqreen
|
49
43
|
requirement: !ruby/object:Gem::Requirement
|
50
44
|
requirements:
|
51
|
-
- -
|
45
|
+
- - '='
|
52
46
|
- !ruby/object:Gem::Version
|
53
|
-
version:
|
54
|
-
- - "<"
|
55
|
-
- !ruby/object:Gem::Version
|
56
|
-
version: '6.4'
|
47
|
+
version: 1.14.0.beta3
|
57
48
|
type: :runtime
|
58
49
|
prerelease: false
|
59
50
|
version_requirements: !ruby/object:Gem::Requirement
|
60
51
|
requirements:
|
61
|
-
- -
|
62
|
-
- !ruby/object:Gem::Version
|
63
|
-
version: '6.3'
|
64
|
-
- - "<"
|
52
|
+
- - '='
|
65
53
|
- !ruby/object:Gem::Version
|
66
|
-
version:
|
54
|
+
version: 1.14.0.beta3
|
67
55
|
description: Sqreen is a SaaS based Application protection and monitoring platform
|
68
56
|
that integrates directly into your Ruby applications. Learn more at https://sqreen.io.
|
69
57
|
email: contact@sqreen.io
|
@@ -71,93 +59,13 @@ executables: []
|
|
71
59
|
extensions: []
|
72
60
|
extra_rdoc_files: []
|
73
61
|
files:
|
74
|
-
- CODE_OF_CONDUCT.md
|
75
|
-
- README.md
|
76
62
|
- Rakefile
|
77
|
-
- lib/sqreen-alt.rb
|
78
|
-
- lib/sqreen.rb
|
79
|
-
- lib/sqreen/actions.rb
|
80
|
-
- lib/sqreen/attack_detected.html
|
81
|
-
- lib/sqreen/binding_accessor.rb
|
82
|
-
- lib/sqreen/ca.crt
|
83
|
-
- lib/sqreen/call_countable.rb
|
84
|
-
- lib/sqreen/callback_tree.rb
|
85
|
-
- lib/sqreen/callbacks.rb
|
86
|
-
- lib/sqreen/capped_queue.rb
|
87
|
-
- lib/sqreen/condition_evaluator.rb
|
88
|
-
- lib/sqreen/conditionable.rb
|
89
|
-
- lib/sqreen/configuration.rb
|
90
|
-
- lib/sqreen/context.rb
|
91
|
-
- lib/sqreen/deliveries/batch.rb
|
92
|
-
- lib/sqreen/deliveries/simple.rb
|
93
|
-
- lib/sqreen/event.rb
|
94
|
-
- lib/sqreen/events/attack.rb
|
95
|
-
- lib/sqreen/events/remote_exception.rb
|
96
|
-
- lib/sqreen/events/request_record.rb
|
97
|
-
- lib/sqreen/exception.rb
|
98
|
-
- lib/sqreen/frameworks.rb
|
99
|
-
- lib/sqreen/frameworks/generic.rb
|
100
|
-
- lib/sqreen/frameworks/rails.rb
|
101
|
-
- lib/sqreen/frameworks/rails3.rb
|
102
|
-
- lib/sqreen/frameworks/request_recorder.rb
|
103
|
-
- lib/sqreen/frameworks/sinatra.rb
|
104
|
-
- lib/sqreen/frameworks/sqreen_test.rb
|
105
|
-
- lib/sqreen/instrumentation.rb
|
106
|
-
- lib/sqreen/log.rb
|
107
|
-
- lib/sqreen/metrics.rb
|
108
|
-
- lib/sqreen/metrics/average.rb
|
109
|
-
- lib/sqreen/metrics/base.rb
|
110
|
-
- lib/sqreen/metrics/binning.rb
|
111
|
-
- lib/sqreen/metrics/collect.rb
|
112
|
-
- lib/sqreen/metrics/sum.rb
|
113
|
-
- lib/sqreen/metrics_store.rb
|
114
|
-
- lib/sqreen/middleware.rb
|
115
|
-
- lib/sqreen/payload_creator.rb
|
116
|
-
- lib/sqreen/performance_notifications.rb
|
117
|
-
- lib/sqreen/performance_notifications/binned_metrics.rb
|
118
|
-
- lib/sqreen/performance_notifications/log.rb
|
119
|
-
- lib/sqreen/performance_notifications/log_performance.rb
|
120
|
-
- lib/sqreen/performance_notifications/metrics.rb
|
121
|
-
- lib/sqreen/performance_notifications/newrelic.rb
|
122
|
-
- lib/sqreen/remote_command.rb
|
123
|
-
- lib/sqreen/rule_attributes.rb
|
124
|
-
- lib/sqreen/rule_callback.rb
|
125
|
-
- lib/sqreen/rules.rb
|
126
|
-
- lib/sqreen/rules_callbacks.rb
|
127
|
-
- lib/sqreen/rules_callbacks/binding_accessor_matcher.rb
|
128
|
-
- lib/sqreen/rules_callbacks/binding_accessor_metrics.rb
|
129
|
-
- lib/sqreen/rules_callbacks/blacklist_ips.rb
|
130
|
-
- lib/sqreen/rules_callbacks/count_http_codes.rb
|
131
|
-
- lib/sqreen/rules_callbacks/crawler_user_agent_matches.rb
|
132
|
-
- lib/sqreen/rules_callbacks/crawler_user_agent_matches_metrics.rb
|
133
|
-
- lib/sqreen/rules_callbacks/custom_error.rb
|
134
|
-
- lib/sqreen/rules_callbacks/execjs.rb
|
135
|
-
- lib/sqreen/rules_callbacks/headers_insert.rb
|
136
|
-
- lib/sqreen/rules_callbacks/inspect_rule.rb
|
137
|
-
- lib/sqreen/rules_callbacks/matcher_rule.rb
|
138
|
-
- lib/sqreen/rules_callbacks/rails_parameters.rb
|
139
|
-
- lib/sqreen/rules_callbacks/record_request_context.rb
|
140
|
-
- lib/sqreen/rules_callbacks/reflected_xss.rb
|
141
|
-
- lib/sqreen/rules_callbacks/regexp_rule.rb
|
142
|
-
- lib/sqreen/rules_callbacks/run_block_user_actions.rb
|
143
|
-
- lib/sqreen/rules_callbacks/run_req_start_actions.rb
|
144
|
-
- lib/sqreen/rules_callbacks/shell_env.rb
|
145
|
-
- lib/sqreen/rules_callbacks/url_matches.rb
|
146
|
-
- lib/sqreen/rules_callbacks/user_agent_matches.rb
|
147
|
-
- lib/sqreen/rules_signature.rb
|
148
|
-
- lib/sqreen/runner.rb
|
149
|
-
- lib/sqreen/runtime_infos.rb
|
150
|
-
- lib/sqreen/safe_json.rb
|
151
|
-
- lib/sqreen/sdk.rb
|
152
|
-
- lib/sqreen/serializer.rb
|
153
|
-
- lib/sqreen/session.rb
|
154
|
-
- lib/sqreen/shared_storage.rb
|
155
|
-
- lib/sqreen/shared_storage23.rb
|
156
|
-
- lib/sqreen/version.rb
|
157
63
|
homepage: https://www.sqreen.io/
|
158
64
|
licenses: []
|
159
65
|
metadata: {}
|
160
|
-
post_install_message:
|
66
|
+
post_install_message: |
|
67
|
+
'sqreen-alt' is deprecated and just points to the 'sqreen' gem now.
|
68
|
+
Replace it with the 'sqreen' gem.
|
161
69
|
rdoc_options: []
|
162
70
|
require_paths:
|
163
71
|
- lib
|
@@ -168,12 +76,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
168
76
|
version: '0'
|
169
77
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
170
78
|
requirements:
|
171
|
-
- - "
|
79
|
+
- - ">"
|
172
80
|
- !ruby/object:Gem::Version
|
173
|
-
version:
|
81
|
+
version: 1.3.1
|
174
82
|
requirements: []
|
175
83
|
rubyforge_project:
|
176
|
-
rubygems_version: 2.7.
|
84
|
+
rubygems_version: 2.7.7
|
177
85
|
signing_key:
|
178
86
|
specification_version: 4
|
179
87
|
summary: Sqreen Ruby agent
|
data/CODE_OF_CONDUCT.md
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
# Contributor Code of Conduct
|
2
|
-
|
3
|
-
As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
|
4
|
-
|
5
|
-
We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
|
6
|
-
|
7
|
-
Examples of unacceptable behavior by participants include:
|
8
|
-
|
9
|
-
* The use of sexualized language or imagery
|
10
|
-
* Personal attacks
|
11
|
-
* Trolling or insulting/derogatory comments
|
12
|
-
* Public or private harassment
|
13
|
-
* Publishing other's private information, such as physical or electronic addresses, without explicit permission
|
14
|
-
* Other unethical or unprofessional conduct.
|
15
|
-
|
16
|
-
Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team.
|
17
|
-
|
18
|
-
This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.
|
19
|
-
|
20
|
-
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
|
21
|
-
|
22
|
-
This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)
|
data/README.md
DELETED
@@ -1,77 +0,0 @@
|
|
1
|
-
# Sqreen
|
2
|
-
|
3
|
-
Auto protection for you application.
|
4
|
-
|
5
|
-
Copyright (c) 2015 Sqreen. All Rights Reserved.
|
6
|
-
Please refer to our terms for more information: https://www.sqreen.io/terms.html
|
7
|
-
|
8
|
-
## Installation
|
9
|
-
|
10
|
-
Add this line to your application's Gemfile:
|
11
|
-
|
12
|
-
```ruby
|
13
|
-
gem 'sqreen'
|
14
|
-
```
|
15
|
-
|
16
|
-
And then execute:
|
17
|
-
|
18
|
-
$ bundle
|
19
|
-
|
20
|
-
Or install it yourself as:
|
21
|
-
|
22
|
-
$ gem install sqreen
|
23
|
-
|
24
|
-
## Configuration
|
25
|
-
|
26
|
-
The only required parameter is your application's `token`.
|
27
|
-
|
28
|
-
### By file
|
29
|
-
- for Rails:
|
30
|
-
```shell
|
31
|
-
$ echo token: your_token > /path/to/RailsApp/config/sqreen.yml
|
32
|
-
```
|
33
|
-
- for anything else:
|
34
|
-
```shell
|
35
|
-
$ echo token: your_token > ~/sqreen.yml
|
36
|
-
```
|
37
|
-
|
38
|
-
### By environment:
|
39
|
-
```shell
|
40
|
-
$ export SQREEN_TOKEN=your_token
|
41
|
-
```
|
42
|
-
|
43
|
-
The following can be set:
|
44
|
-
|
45
|
-
*file* | *environment*
|
46
|
-
------------|-------------
|
47
|
-
token | SQREEN_TOKEN
|
48
|
-
url | SQREEN_URL
|
49
|
-
verbosity | SQREEN_VERBOSITY
|
50
|
-
local_rules | SQREEN_RULES
|
51
|
-
|
52
|
-
SQREEN_RULES allows the agent to use rules that do not come from the server, but
|
53
|
-
from a local file.
|
54
|
-
|
55
|
-
## Usage
|
56
|
-
|
57
|
-
TODO: Write usage instructions here
|
58
|
-
|
59
|
-
## Development
|
60
|
-
|
61
|
-
```shell
|
62
|
-
$ gem install bundler
|
63
|
-
$ bundle
|
64
|
-
```
|
65
|
-
|
66
|
-
Check that everything is all right:
|
67
|
-
```shell
|
68
|
-
$ bundle exec rake test
|
69
|
-
```
|
70
|
-
|
71
|
-
Use `bin/console` for an interactive prompt that will allow you to experiment.
|
72
|
-
|
73
|
-
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
74
|
-
|
75
|
-
## Contributing
|
76
|
-
|
77
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/sqreen/RubyAgent. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](contributor-covenant.org) code of conduct.
|
data/lib/sqreen-alt.rb
DELETED
@@ -1 +0,0 @@
|
|
1
|
-
require "sqreen"
|
data/lib/sqreen.rb
DELETED
@@ -1,67 +0,0 @@
|
|
1
|
-
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.io/terms.html
|
3
|
-
|
4
|
-
require 'sqreen/instrumentation'
|
5
|
-
require 'sqreen/session'
|
6
|
-
require 'sqreen/runner'
|
7
|
-
require 'sqreen/callbacks'
|
8
|
-
require 'sqreen/version'
|
9
|
-
require 'sqreen/log'
|
10
|
-
require 'sqreen/exception'
|
11
|
-
require 'sqreen/configuration'
|
12
|
-
require 'sqreen/events/attack'
|
13
|
-
require 'sqreen/sdk'
|
14
|
-
|
15
|
-
require 'thread'
|
16
|
-
|
17
|
-
# Auto start the instrumentation.
|
18
|
-
|
19
|
-
Sqreen.framework.on_start do |framework|
|
20
|
-
Thread.new do
|
21
|
-
begin
|
22
|
-
runner = nil
|
23
|
-
configuration = Sqreen.config_init(framework)
|
24
|
-
Sqreen.log.debug("Starting Sqreen #{Sqreen::VERSION}")
|
25
|
-
framework.sqreen_configuration = configuration
|
26
|
-
prevent_startup = Sqreen.framework.prevent_startup
|
27
|
-
if !prevent_startup
|
28
|
-
runner = Sqreen::Runner.new(configuration, framework)
|
29
|
-
runner.run_watcher
|
30
|
-
else
|
31
|
-
Sqreen.log.debug("#{prevent_startup} prevented Sqreen startup")
|
32
|
-
end
|
33
|
-
rescue Sqreen::TokenNotFoundException
|
34
|
-
Sqreen.log.error "Sorry but we couldn't find your Sqreen token.\nYour application is NOT currently protected by Sqreen.\n\nHave you filled your config/sqreen.yml?\n\n"
|
35
|
-
rescue Sqreen::TokenInvalidException
|
36
|
-
Sqreen.log.error "Sorry but your Sqreen token appears to be invalid.\nYour application is NOT currently protected by Sqreen.\n\nHave you correctly filled your config/sqreen.yml?\n\n"
|
37
|
-
rescue Exception => e
|
38
|
-
Sqreen.log.error e.inspect
|
39
|
-
Sqreen.log.debug e.backtrace.join("\n")
|
40
|
-
if runner
|
41
|
-
# immediately post exception
|
42
|
-
runner.session.post_sqreen_exception(Sqreen::RemoteException.new(e))
|
43
|
-
Sqreen.log.debug("runner = #{runner.inspect}")
|
44
|
-
begin
|
45
|
-
runner.remove_instrumentation
|
46
|
-
rescue => remove_exception
|
47
|
-
Sqreen.log.debug(remove_exception.inspect)
|
48
|
-
# We did not manage to remove instrumentation, state is unclear:
|
49
|
-
# terminate thread
|
50
|
-
return nil
|
51
|
-
end
|
52
|
-
begin
|
53
|
-
runner.logout(false)
|
54
|
-
rescue => logout_exception
|
55
|
-
Sqreen.log.debug(logout_exception.inspect)
|
56
|
-
nil
|
57
|
-
end
|
58
|
-
end
|
59
|
-
# Wait a few seconds before retrying
|
60
|
-
delay = rand(120)
|
61
|
-
Sqreen.log.debug("Sleeping #{delay} seconds before retry")
|
62
|
-
sleep(delay)
|
63
|
-
retry
|
64
|
-
end
|
65
|
-
Sqreen.log.debug("shutting down Sqreen #{Sqreen::VERSION}")
|
66
|
-
end
|
67
|
-
end unless Sqreen::to_bool(ENV['SQREEN_DISABLE'])
|
data/lib/sqreen/actions.rb
DELETED
@@ -1,261 +0,0 @@
|
|
1
|
-
# Copyright (c) 2018 Sqreen. All Rights Reserved.
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.io/terms.html
|
3
|
-
|
4
|
-
require 'ipaddr'
|
5
|
-
require 'sqreen/log'
|
6
|
-
require 'sqreen/exception'
|
7
|
-
require 'sqreen/sdk'
|
8
|
-
require 'sqreen/frameworks'
|
9
|
-
require 'singleton'
|
10
|
-
|
11
|
-
module Sqreen
|
12
|
-
# Implements actions (behavior taken in response to agent signals)
|
13
|
-
module Actions
|
14
|
-
# Exception for when an unknown action type is gotten from the server
|
15
|
-
class UnknownActionType < ::Sqreen::Exception
|
16
|
-
attr_reader :action_type
|
17
|
-
def initialize(action_type)
|
18
|
-
super("no such action type: #{action_type}. Must be one of #{Base.known_types}")
|
19
|
-
@action_type = action_type
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
# Where the currently loaded actions are stored. Singleton
|
24
|
-
class Repository
|
25
|
-
include Singleton
|
26
|
-
|
27
|
-
def initialize
|
28
|
-
@actions = {} # indexed by subclass
|
29
|
-
@actions.default_proc = proc { |h, k| h[k] = [] }
|
30
|
-
end
|
31
|
-
|
32
|
-
def <<(action)
|
33
|
-
@actions[action.class] << action
|
34
|
-
end
|
35
|
-
|
36
|
-
def [](action_class)
|
37
|
-
@actions[action_class]
|
38
|
-
end
|
39
|
-
|
40
|
-
def clear
|
41
|
-
@actions.clear
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
# @return [Sqreen::Actions::Base]
|
46
|
-
def self.deserialize_action(hash)
|
47
|
-
action_type = hash['action']
|
48
|
-
raise 'no action type available' unless action_type
|
49
|
-
|
50
|
-
subclass = Base.get_type_class(action_type)
|
51
|
-
raise UnknownActionType, action_type unless subclass
|
52
|
-
|
53
|
-
id = hash['action_id']
|
54
|
-
raise 'no action id available' unless id
|
55
|
-
|
56
|
-
duration = hash['duration']
|
57
|
-
if !duration.nil? && duration <= 0
|
58
|
-
Sqreen.log.debug "Action #{id} is already expired"
|
59
|
-
return nil
|
60
|
-
end
|
61
|
-
|
62
|
-
opts = {
|
63
|
-
:duration => duration,
|
64
|
-
:send_response => hash['send_response'],
|
65
|
-
}
|
66
|
-
|
67
|
-
subclass.new(id, opts, hash['parameters'] || {})
|
68
|
-
end
|
69
|
-
|
70
|
-
# Base class for actions
|
71
|
-
class Base
|
72
|
-
attr_reader :id, :expiry, :send_response
|
73
|
-
|
74
|
-
def initialize(id, opts)
|
75
|
-
@id = id
|
76
|
-
duration = opts[:duration]
|
77
|
-
@expiry = Time.new + duration unless duration.nil?
|
78
|
-
@send_response = if opts[:send_response].nil?
|
79
|
-
true
|
80
|
-
else
|
81
|
-
!!opts[:send_response]
|
82
|
-
end
|
83
|
-
end
|
84
|
-
|
85
|
-
# See Sqreen::CB for return values
|
86
|
-
def run(*args)
|
87
|
-
return if expiry && Time.new > expiry
|
88
|
-
ret = do_run *args
|
89
|
-
unless ret.nil? || !@send_response
|
90
|
-
Sqreen.internal_track(event_name,
|
91
|
-
'properties' => {
|
92
|
-
'output' => event_properties(*args),
|
93
|
-
'action_id' => id,
|
94
|
-
})
|
95
|
-
end
|
96
|
-
ret
|
97
|
-
end
|
98
|
-
|
99
|
-
protected
|
100
|
-
|
101
|
-
def do_run(*_args)
|
102
|
-
raise ::Sqreen::NotImplementedYet, "do_run not implemented in #{self.class}"
|
103
|
-
# implement in subclasses
|
104
|
-
end
|
105
|
-
|
106
|
-
def event_properties(*_run_args)
|
107
|
-
raise ::Sqreen::NotImplementedYet, "event_properties not implemented in #{self.class}"
|
108
|
-
# implement in subclasses
|
109
|
-
end
|
110
|
-
|
111
|
-
private
|
112
|
-
|
113
|
-
def event_name
|
114
|
-
"sq.action.#{self.class.type_name}"
|
115
|
-
end
|
116
|
-
|
117
|
-
@@subclasses = {}
|
118
|
-
class << self
|
119
|
-
private :new
|
120
|
-
|
121
|
-
attr_reader :type_name
|
122
|
-
|
123
|
-
def get_type_class(name)
|
124
|
-
@@subclasses[name]
|
125
|
-
end
|
126
|
-
|
127
|
-
def known_types
|
128
|
-
@@subclasses.keys
|
129
|
-
end
|
130
|
-
|
131
|
-
def inherited(subclass)
|
132
|
-
class << subclass
|
133
|
-
public :new
|
134
|
-
end
|
135
|
-
end
|
136
|
-
|
137
|
-
protected
|
138
|
-
|
139
|
-
def type_name=(name)
|
140
|
-
@type_name = name
|
141
|
-
@@subclasses[name] = self
|
142
|
-
end
|
143
|
-
end
|
144
|
-
end
|
145
|
-
|
146
|
-
module IpRanges
|
147
|
-
attr_reader :ranges
|
148
|
-
|
149
|
-
def parse_ip_ranges(params)
|
150
|
-
ranges = params['ip_cidr']
|
151
|
-
unless ranges && ranges.is_a?(Array) && !ranges.empty?
|
152
|
-
raise 'no non-empty ip_cidr array present'
|
153
|
-
end
|
154
|
-
|
155
|
-
@ranges = ranges.map &IPAddr.method(:new)
|
156
|
-
end
|
157
|
-
|
158
|
-
def matches_ip?(client_ip)
|
159
|
-
parsed_ip = IPAddr.new client_ip
|
160
|
-
found = ranges.find { |r| r.include? parsed_ip }
|
161
|
-
return false unless found
|
162
|
-
|
163
|
-
Sqreen.log.debug("Client ip #{client_ip} matches #{found.inspect}")
|
164
|
-
true
|
165
|
-
end
|
166
|
-
end
|
167
|
-
|
168
|
-
# Block a list of IP address ranges. Standard "raise" behavior.
|
169
|
-
class BlockIp < Base
|
170
|
-
include IpRanges
|
171
|
-
self.type_name = 'block_ip'
|
172
|
-
|
173
|
-
def initialize(id, opts, params = {})
|
174
|
-
super(id, opts)
|
175
|
-
parse_ip_ranges params
|
176
|
-
end
|
177
|
-
|
178
|
-
def do_run(client_ip)
|
179
|
-
return nil unless matches_ip? client_ip
|
180
|
-
e = Sqreen::AttackBlocked.new("Blocked client's IP (action: #{id}). No action is required")
|
181
|
-
{ :status => :raise, :exception => e }
|
182
|
-
end
|
183
|
-
|
184
|
-
def event_properties(client_ip)
|
185
|
-
{ 'ip_address' => client_ip }
|
186
|
-
end
|
187
|
-
end
|
188
|
-
|
189
|
-
# Block a list of IP address ranges by forcefully redirecting the user
|
190
|
-
# to a specific URL.
|
191
|
-
class RedirectIp < Base
|
192
|
-
include IpRanges
|
193
|
-
self.type_name = 'redirect_ip'
|
194
|
-
|
195
|
-
attr_reader :redirect_url
|
196
|
-
|
197
|
-
def initialize(id, opts, params = {})
|
198
|
-
super(id, opts)
|
199
|
-
@redirect_url = params['url']
|
200
|
-
raise "no url provided for action #{id}" unless @redirect_url
|
201
|
-
parse_ip_ranges params
|
202
|
-
end
|
203
|
-
|
204
|
-
def do_run(client_ip)
|
205
|
-
return nil unless matches_ip? client_ip
|
206
|
-
Sqreen.log.info "Will request redirect for client with IP #{client_ip} (action: #{id}). "
|
207
|
-
{
|
208
|
-
:status => :skip,
|
209
|
-
:new_return_value => [303, { 'Location' => @redirect_url }, ['']],
|
210
|
-
}
|
211
|
-
end
|
212
|
-
|
213
|
-
def event_properties(client_ip)
|
214
|
-
{ 'ip_address' => client_ip, 'url' => @redirect_url }
|
215
|
-
end
|
216
|
-
end
|
217
|
-
|
218
|
-
# Blocks a user at the point Sqreen::identify()
|
219
|
-
# or Sqreen::auth_track() are called
|
220
|
-
class BlockUser < Base
|
221
|
-
self.type_name = 'block_user'
|
222
|
-
|
223
|
-
def initialize(id, opts, params = {})
|
224
|
-
super(id, opts)
|
225
|
-
@users = params['users']
|
226
|
-
raise ::Sqreen::Exception, 'nil "users" param for block_user action' if @users.nil?
|
227
|
-
raise ::Sqreen::Exception, '"users" param must be an array' unless @users.is_a? Array
|
228
|
-
end
|
229
|
-
|
230
|
-
def do_run(identity_params)
|
231
|
-
return unless @users.include? stringify_keys(identity_params)
|
232
|
-
Sqreen.log.info(
|
233
|
-
"Will raise due to user being blocked by action #{id}. " \
|
234
|
-
"Blocked user identity: #{identity_params}"
|
235
|
-
)
|
236
|
-
|
237
|
-
e = Sqreen::AttackBlocked.new(
|
238
|
-
"Blocked user with identity #{identity_params} " \
|
239
|
-
'due to automatic security response. No action is required'
|
240
|
-
)
|
241
|
-
|
242
|
-
{
|
243
|
-
:status => :raise,
|
244
|
-
:exception => e,
|
245
|
-
}
|
246
|
-
end
|
247
|
-
|
248
|
-
def event_properties(identity_params)
|
249
|
-
{ 'user' => identity_params }
|
250
|
-
end
|
251
|
-
|
252
|
-
private
|
253
|
-
|
254
|
-
def stringify_keys(hash)
|
255
|
-
Hash[
|
256
|
-
hash.map { |k, v| [k.to_s, v] }
|
257
|
-
]
|
258
|
-
end
|
259
|
-
end
|
260
|
-
end
|
261
|
-
end
|