sqreen 0.1.0.pre → 0.7.01461158029

data/lib/sqreen/exception.rb

@@ -0,0 +1,31 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'sqreen/log'
+
+module Sqreen
+  # Base exeception class for sqreen
+  class Exception < ::StandardError
+    def initialize(msg = nil, *args)
+      super(msg, *args)
+      Sqreen.log.error msg if msg
+    end
+  end
+
+  # When the token is not found
+  class TokenNotFoundException < Exception
+  end
+
+  # When the token is invalid
+  class TokenInvalidException < Exception
+  end
+
+  # This exception name is particularly important since it is often seen by
+  # Sqreen users when watching their logs. It should not raise any concern to
+  # them.
+  class AttackBlocked < Exception
+  end
+
+  class NotImplementedYet < Exception
+  end
+end

data/lib/sqreen/frameworks.rb

@@ -0,0 +1,40 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+module Sqreen
+  @@framework = nil
+
+  def self::set_framework(fwk)
+    @@framework = fwk
+  end
+
+  def self::framework
+    return @@framework if @@framework
+    klass = case
+            when defined?(::Rails)
+              case Rails::VERSION::MAJOR.to_i
+              when 4, 5
+                require 'sqreen/frameworks/rails'
+                Sqreen::Frameworks::RailsFramework
+              when 3
+                require 'sqreen/frameworks/rails3'
+                Sqreen::Frameworks::Rails3Framework
+              else
+                raise "Rails version #{Rails.version} not supported"
+              end
+            when defined?(::Sinatra)
+              require 'sqreen/frameworks/sinatra'
+              Sqreen::Frameworks::SinatraFramework
+            when defined?(::SqreenTest)
+              require 'sqreen/frameworks/sqreen_test'
+              Sqreen::Frameworks::SqreenTestFramework
+            else
+              # FIXME: use sqreen logger before configuration?
+              STDERR.puts "Error: cannot find any framework\n"
+              require 'sqreen/frameworks/generic'
+              Sqreen::Frameworks::GenericFramework
+            end
+    fwk = klass.new
+    Sqreen.set_framework(fwk)
+  end
+end

data/lib/sqreen/frameworks/generic.rb

@@ -0,0 +1,243 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'sqreen/events/remote_exception'
+
+module Sqreen
+  module Frameworks
+    # This is the base class for framework specific code
+    class GenericFramework
+      attr_accessor :sqreen_configuration
+
+      # What kind of database is this
+      def db_settings(_options = {})
+        raise Sqreen::NotImplementedYet
+      end
+
+      # More information about the current framework
+      def framework_infos
+        raise Sqreen::NotImplementedYet unless ensure_rack_loaded
+        {
+          :framework_type => 'Rack',
+          :framework_version => Rack.version,
+          :environment => ENV['RACK_ENV'],
+        }
+      end
+
+      # What is the current client IP
+      def client_ip
+        req = request
+        return nil unless req
+        return req.ip if req.respond_to?(:ip)
+        req.env['REMOTE_ADDR']
+      end
+
+      def hostname
+        req = request
+        return nil unless req
+        http_host = req.env['HTTP_HOST']
+        return http_host if http_host && !http_host.empty?
+        req.env['SERVER_NAME']
+      end
+
+      def request_id
+        req = request
+        return nil unless req
+        req.env['HTTP_X_REQUEST_ID']
+      end
+
+      # Summary of known request infos
+      def request_infos
+        req = request
+        return {} unless req
+        # FIXME: Use frozen string keys
+        {
+          :rid => request_id,
+          :user_agent => client_user_agent,
+          :scheme => req.scheme,
+          :verb => req.env['REQUEST_METHOD'],
+          :host => hostname,
+          :port => req.env['SERVER_PORT'],
+          :rport => req.env['REMOTE_PORT'],
+          :referer => req.env['HTTP_REFERER'],
+          :path => request_path,
+          :addr => client_ip,
+        }
+      end
+
+      # Request URL path
+      def request_path
+        req = request
+        return nil unless req
+        req.script_name + req.path_info
+      end
+
+      # request user agent
+      def client_user_agent
+        req = request
+        return nil unless req
+        req.env['HTTP_USER_AGENT']
+      end
+
+      # Application root
+      def root
+        nil
+      end
+
+      # Main entry point for sqreen.
+      # launch whenever we are ready
+      def on_start
+        yield self
+      end
+
+      # Should the agent not be starting up?
+      def prevent_startup
+        :irb if $0 == 'irb'
+      end
+
+      # Instrument with our rules when the framework as finished loading
+      def instrument_when_ready!(instrumentor, rules)
+        done = false
+        # FIXME: why is this called twice
+        unless defined?(Rack::Builder)
+          done = true
+          return
+        end
+        cb = Sqreen::RunWhenCalledCB.new(Rack::Builder, :to_app) do
+          if done
+            Sqreen.log.debug('Already instrumented to_app')
+          else
+            instrumentor.instrument!(rules, self)
+            done = true
+          end
+        end
+        instrumentor.add_callback(cb)
+      end
+
+      # Does the parameters include this value
+      def params_include?(value)
+        params = request_params
+        return false if params.nil?
+        each_value_for_hash(params) do |param|
+          return true if param == value
+        end
+        false
+      end
+
+      # Fetch and store the current request object
+      # Nota: cleanup should be performed at end of request (see clean_request)
+      def store_request(object)
+        return unless ensure_rack_loaded
+        SharedStorage.set(:request, Rack::Request.new(object))
+        SharedStorage.inc(:stored_requests)
+      end
+
+      # Get the currently stored request
+      def request
+        SharedStorage.get(:request)
+      end
+
+      # Cleanup request context
+      def clean_request
+        return unless SharedStorage.dec(:stored_requests) <= 0
+        SharedStorage.set(:request, nil)
+      end
+
+      def request_params
+        self.class.parameters_from_request(request)
+      end
+
+      def filtered_request_params
+        params = request_params
+        params.delete('cookies')
+        params
+      end
+
+      %w(form query cookies).each do |section|
+        define_method("#{section}_params") do
+          self.class.send("#{section}_params", request)
+        end
+      end
+
+      P_FORM = 'form'.freeze
+      P_QUERY = 'query'.freeze
+      P_COOKIE = 'cookies'.freeze
+      P_GRAPE = 'grape_params'.freeze
+      P_RACK_ROUTING = 'rack_routing'.freeze
+
+      def self.form_params(request)
+        return nil unless request
+        begin
+          request.POST
+        rescue => e
+          Sqreen.log.debug("POST Parameters are invalid #{e.inspect}")
+          nil
+        end
+      end
+
+      def self.cookies_params(request)
+        return nil unless request
+        begin
+          request.cookies
+        rescue => e
+          Sqreen.log.debug("cookies are invalid #{e.inspect}")
+          nil
+        end
+      end
+
+      def self.query_params(request)
+        return nil unless request
+        begin
+          request.GET
+        rescue => e
+          Sqreen.log.debug("GET Parameters are invalid #{e.inspect}")
+          nil
+        end
+      end
+
+      def self.parameters_from_request(request)
+        return {} unless request
+
+        r = {
+          P_FORM   => form_params(request),
+          P_QUERY  => query_params(request),
+          P_COOKIE => cookies_params(request),
+        }
+        # Add grape parameters if seen
+        p = request.env['grape.request.params']
+        r[P_GRAPE] = p if p
+        p = request.env['rack.routing_args']
+        if p
+          r[P_RACK_ROUTING] = p.dup
+          r[P_RACK_ROUTING].delete :route_info
+          r[P_RACK_ROUTING].delete :version
+        end
+        r
+      end
+
+      protected
+
+      # FIXME: Extract to another object (utils?)
+      # FIXME: protect against cycles ?
+      def each_value_for_hash(params, &block)
+        case params
+        when Hash  then params.each { |_k, v| each_value_for_hash(v, &block) }
+        when Array then params.each { |v| each_value_for_hash(v, &block) }
+        else
+          yield params
+        end
+      end
+
+      def ensure_rack_loaded
+        return false if @cannot_load_rack
+        require 'rack' unless defined?(Rack)
+        true
+      rescue LoadError => e
+        # FIXME find a nice way to test this branch
+        Sqreen::RemoteException.record(e)
+        @cannot_load_rack = true
+        false
+      end
+    end
+  end
+end

data/lib/sqreen/frameworks/rails.rb

@@ -0,0 +1,155 @@
+# frozen_string_literal: true
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'sqreen/frameworks/generic'
+
+module Sqreen
+  module Frameworks
+    # Rails related framework code
+    class RailsFramework < GenericFramework
+      DB_MAPPING = {
+        'SQLite' => :sqlite,
+        'MySQL' => :mysql,
+        'Mysql2' => :mysql,
+      }.freeze
+
+      def framework_infos
+        {
+          :framework_type => 'Rails',
+          :framework_version => Rails::VERSION::STRING,
+          :environment => Rails.env.to_s,
+        }
+      end
+
+      def db_settings(options = {})
+        adapter = options[:connection_adapter]
+        return nil unless adapter
+
+        begin
+          adapter_name = adapter.adapter_name
+        rescue
+          # FIXME: we may want to log that
+          Sqreen.log.error 'cannot find ADAPTER_NAME'
+          return nil
+        end
+        db_type = DB_MAPPING[adapter_name]
+        db_infos = { :name => adapter_name }
+        [db_type, db_infos]
+      end
+
+      def client_ip
+        request = SharedStorage.get :request
+        return unless request && request.env
+        remote_ip = request.env['action_dispatch.remote_ip']
+        return super unless remote_ip
+        # FIXME: - this exist only since Rails 3.2.1
+        # http://apidock.com/rails/v3.2.1/ActionDispatch/RemoteIp/GetIp/calculate_ip
+        if remote_ip.respond_to?(:calculate_ip)
+          return remote_ip.calculate_ip
+        else
+          # This might not return the same value as calculate IP
+          return remote_ip.to_s
+        end
+      end
+
+      def request_id
+        req = request
+        return super unless req
+        req.env['action_dispatch.request_id'] || super
+      end
+
+      def root
+        return nil unless @application
+        @application.root
+      end
+
+      # Register a new initializer in rails to ba called when we are starting up
+      class Init < ::Rails::Railtie
+        def self.startup
+          initializer 'sqreen.startup' do |app|
+            yield app
+          end
+        end
+      end
+
+      def hook_rack_request(app)
+        saved_meth_name = :call_without_sqreen_hooked
+        new_method = :call_with_sqreen_hooked
+
+        app.class.class_eval do
+          alias_method saved_meth_name, :call
+
+          define_method(new_method) do |*args, &cblock|
+            rv = send(saved_meth_name, *args, &cblock)
+            if Sqreen.framework.instance_variable_get('@calling_pid') != Process.pid
+              Sqreen.framework.instance_variable_set('@calling_pid', Process.pid)
+              yield Sqreen.framework
+            end
+            rv
+          end
+
+          alias_method :call, new_method
+        end
+      end
+
+      def on_start(&block)
+        @calling_pid = Process.pid
+        Init.startup do |app|
+          hook_rack_request(app, &block)
+          app.config.after_initialize do
+            yield self
+          end
+        end
+      end
+
+      def prevent_startup
+        res = super
+        return res if res
+        run_in_test = sqreen_configuration.get(:run_in_test)
+        return :rails_test if !run_in_test && Rails.env.test?
+
+        # SQREEN-880 - prevent Sqreen startup on Sidekiq workers
+        return :sidekiq_cli if defined?(Sidekiq::CLI)
+
+        # Prevent Sqreen startup on rake tasks - unless this is a Sqreen test
+        return :rake if !run_in_test && $0.end_with?('rake')
+
+        return nil unless defined?(Rails::CommandsTasks)
+        return nil if defined?(Rails::Server)
+        return :rails_console    if defined?(Rails::Console)
+        return :rails_dbconsole  if defined?(Rails::DBConsole)
+        return :rails_generators if defined?(Rails::Generators)
+        nil
+      end
+
+      def instrument_when_ready!(instrumentor, rules)
+        instrumentor.instrument!(rules, self)
+      end
+
+      def rails_params
+        self.class.rails_params(request)
+      end
+
+      def self.rails_params(request)
+        return nil unless request
+        other = request.env['action_dispatch.request.parameters']
+        return nil unless other
+        # Remove Rails created parameters:
+        other = other.dup
+        other.delete :action
+        other.delete :controller
+        other
+      end
+
+      P_OTHER = 'other'.freeze
+
+      def self.parameters_from_request(request)
+        return {} unless request
+        ret = super(request)
+        ret[P_OTHER] = rails_params(request)
+        ret
+      end
+    end
+  end
+end