sqreen 0.7.01462198090-java → 0.7.01464629603-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/sqreen/condition_evaluator.rb +23 -2
- data/lib/sqreen/exception.rb +3 -0
- data/lib/sqreen/instrumentation.rb +1 -1
- data/lib/sqreen/rules.rb +3 -1
- data/lib/sqreen/rules_callbacks/execjs.rb +3 -0
- data/lib/sqreen/rules_callbacks/headers_insert.rb +6 -4
- data/lib/sqreen/rules_callbacks/inspect_rule.rb +9 -4
- data/lib/sqreen/rules_signature.rb +5 -3
- data/lib/sqreen/version.rb +1 -1
- metadata +3 -3
    
        checksums.yaml
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            ---
         | 
| 2 2 | 
             
            SHA1:
         | 
| 3 | 
            -
              metadata.gz:  | 
| 4 | 
            -
              data.tar.gz:  | 
| 3 | 
            +
              metadata.gz: 80d1d023f3b57ae372f03c67e2c916663a500a8c
         | 
| 4 | 
            +
              data.tar.gz: 7006f4103e6e1e99677dbb21d13c2f3dbe540bd0
         | 
| 5 5 | 
             
            SHA512:
         | 
| 6 | 
            -
              metadata.gz:  | 
| 7 | 
            -
              data.tar.gz:  | 
| 6 | 
            +
              metadata.gz: db99bc6d2b7c52f0f684cf18bbea98ec51c51c026cfdaea40a44260eec7921d25ef75772f6b2046259116d1f18fcdc57ce45731664058fd4b000a42b791eb061
         | 
| 7 | 
            +
              data.tar.gz: 57c54f89c94d734227840c3392035550bb83910c698f551c749e90dc3214c7d01e55865cdfa4e6ea9ee60127fd22e0860dfd26c44187413b726e31d4fe93f1f3
         | 
| @@ -41,11 +41,28 @@ class ConditionEvaluator | |
| 41 41 | 
             
                    return false if hval.respond_to?(:empty?) && hval.empty?
         | 
| 42 42 | 
             
                    v = hval.to_s
         | 
| 43 43 | 
             
                    return false if v.size < min_value_size
         | 
| 44 | 
            -
                    value.to_s | 
| 44 | 
            +
                    ConditionEvaluator.str_include?(value.to_s, v)
         | 
| 45 45 | 
             
                  end
         | 
| 46 46 | 
             
                end
         | 
| 47 47 | 
             
              end
         | 
| 48 48 |  | 
| 49 | 
            +
              # Test is a str contains what. Rencode if necessary
         | 
| 50 | 
            +
              def self.str_include?(str, what)
         | 
| 51 | 
            +
                str1 = if str.encoding != Encoding::UTF_8
         | 
| 52 | 
            +
                         str.encode(Encoding::UTF_8, :invalid => :replace,
         | 
| 53 | 
            +
                                                     :undef => :replace)
         | 
| 54 | 
            +
                       else
         | 
| 55 | 
            +
                         str
         | 
| 56 | 
            +
                       end
         | 
| 57 | 
            +
                str2 = if what.encoding != Encoding::UTF_8
         | 
| 58 | 
            +
                         what.encode(Encoding::UTF_8, :invalid => :replace,
         | 
| 59 | 
            +
                                                      :undef => :replace)
         | 
| 60 | 
            +
                       else
         | 
| 61 | 
            +
                         what
         | 
| 62 | 
            +
                       end
         | 
| 63 | 
            +
                str1.include?(str2)
         | 
| 64 | 
            +
              end
         | 
| 65 | 
            +
             | 
| 49 66 | 
             
              # Initialize evaluator
         | 
| 50 67 | 
             
              # @param cond [Hash] condition Hash
         | 
| 51 68 | 
             
              def initialize(cond)
         | 
| @@ -156,7 +173,11 @@ class ConditionEvaluator | |
| 156 173 | 
             
                           unless res[0].respond_to?(:include?)
         | 
| 157 174 | 
             
                             raise(Sqreen::Exception, "no include on res #{res[0].inspect}")
         | 
| 158 175 | 
             
                           end
         | 
| 159 | 
            -
                           res[0]. | 
| 176 | 
            +
                           if res[0].is_a?(String)
         | 
| 177 | 
            +
                             ConditionEvaluator.str_include?(res[0], res[1])
         | 
| 178 | 
            +
                           else
         | 
| 179 | 
            +
                             res[0].include?(res[1])
         | 
| 180 | 
            +
                           end
         | 
| 160 181 | 
             
                         when HASH_INC_OPERATOR
         | 
| 161 182 | 
             
                           ConditionEvaluator.hash_val_include?(res[0], res[1], res[2])
         | 
| 162 183 | 
             
                         else
         | 
    
        data/lib/sqreen/exception.rb
    CHANGED
    
    
| @@ -483,7 +483,7 @@ module Sqreen | |
| 483 483 | 
             
                  if Sqreen.features['rules_signature']         &&
         | 
| 484 484 | 
             
                     Sqreen.config_get(:rules_verify_signature) &&
         | 
| 485 485 | 
             
                     !defined?(::JRUBY_VERSION)
         | 
| 486 | 
            -
                    verifier = Sqreen:: | 
| 486 | 
            +
                    verifier = Sqreen::SqreenSignedVerifier.new
         | 
| 487 487 | 
             
                  else
         | 
| 488 488 | 
             
                    Sqreen.log.debug('Rules signature is not enabled')
         | 
| 489 489 | 
             
                  end
         | 
    
        data/lib/sqreen/rules.rb
    CHANGED
    
    | @@ -44,7 +44,9 @@ module Sqreen | |
| 44 44 | 
             
                # @param verifier      [SqreenSignedVerifier] Signed verifier
         | 
| 45 45 | 
             
                def self::cb_from_rule(hash_rule, metrics_store = nil, verifier = nil)
         | 
| 46 46 | 
             
                  # Check rules signature
         | 
| 47 | 
            -
                   | 
| 47 | 
            +
                  if verifier
         | 
| 48 | 
            +
                    raise InvalidSignatureException unless verifier.verify(hash_rule)
         | 
| 49 | 
            +
                  end
         | 
| 48 50 |  | 
| 49 51 | 
             
                  hook = hash_rule[Attrs::HOOKPOINT]
         | 
| 50 52 | 
             
                  klass = hook[Attrs::KLASS]
         | 
| @@ -75,6 +75,9 @@ module Sqreen | |
| 75 75 | 
             
                                                 k
         | 
| 76 76 | 
             
                                               end)] = ret[k] end
         | 
| 77 77 | 
             
                      record_event(ret[:record]) unless ret[:record].nil?
         | 
| 78 | 
            +
                      unless ret['observations'].nil?
         | 
| 79 | 
            +
                        ret['observations'].each { |obs| record_observation(*obs) }
         | 
| 80 | 
            +
                      end
         | 
| 78 81 | 
             
                      return !ret[:call].nil?
         | 
| 79 82 | 
             
                    else
         | 
| 80 83 | 
             
                      raise Sqreen::Exception, "Invalid return type #{ret.inspect}"
         | 
| @@ -5,14 +5,16 @@ require 'sqreen/rule_callback' | |
| 5 5 |  | 
| 6 6 | 
             
            module Sqreen
         | 
| 7 7 | 
             
              module Rules
         | 
| 8 | 
            -
                SQREEN_HEADER_NAME = 'X-Protected-By'.freeze
         | 
| 9 | 
            -
                SQREEN_HEADER_VALUE = 'Sqreen'.freeze
         | 
| 10 | 
            -
             | 
| 11 8 | 
             
                # Display sqreen presence
         | 
| 12 9 | 
             
                class HeadersInsertCB < RuleCB
         | 
| 13 10 | 
             
                  def post(rv, _inst, *_args, &_block)
         | 
| 14 11 | 
             
                    return unless rv && rv.respond_to?(:[]) && rv[1].is_a?(Hash)
         | 
| 15 | 
            -
                     | 
| 12 | 
            +
                    return nil unless @data
         | 
| 13 | 
            +
                    headers = @data['values'] || []
         | 
| 14 | 
            +
                    return if headers.empty?
         | 
| 15 | 
            +
                    headers.each do |name, value|
         | 
| 16 | 
            +
                      rv[1][name] = value
         | 
| 17 | 
            +
                    end
         | 
| 16 18 | 
             
                    nil
         | 
| 17 19 | 
             
                  end
         | 
| 18 20 | 
             
                end
         | 
| @@ -8,12 +8,17 @@ module Sqreen | |
| 8 8 | 
             
                class InspectRuleCB < RuleCB
         | 
| 9 9 | 
             
                  def pre(_inst, *args, &_block)
         | 
| 10 10 | 
             
                    Sqreen.log.debug { "<< #{@klass} #{@method} #{Thread.current}" }
         | 
| 11 | 
            -
                    Sqreen.log.debug { args.join | 
| 11 | 
            +
                    Sqreen.log.debug { args.map(&:inspect).join(' ') }
         | 
| 12 12 | 
             
                  end
         | 
| 13 13 |  | 
| 14 | 
            -
                  def post( | 
| 15 | 
            -
                    Sqreen.log.debug { ">> #{@klass} #{@method} #{Thread.current}" }
         | 
| 16 | 
            -
                    byebug if defined? byebug  | 
| 14 | 
            +
                  def post(rv, _inst, *_args, &_block)
         | 
| 15 | 
            +
                    Sqreen.log.debug { ">> #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
         | 
| 16 | 
            +
                    byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
         | 
| 17 | 
            +
                  end
         | 
| 18 | 
            +
             | 
| 19 | 
            +
                  def failing(rv, _inst, *_args, &_block)
         | 
| 20 | 
            +
                    Sqreen.log.debug { "># #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
         | 
| 21 | 
            +
                    byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
         | 
| 17 22 | 
             
                  end
         | 
| 18 23 | 
             
                end
         | 
| 19 24 | 
             
              end
         | 
| @@ -29,7 +29,7 @@ module Sqreen | |
| 29 29 | 
             
                REQUIRED_SIGNED_KEYS = %w(hookpoint name callbacks conditions).freeze
         | 
| 30 30 | 
             
                SIGNATURE_KEY        = 'signature'.freeze
         | 
| 31 31 | 
             
                SIGNATURE_VALUE_KEY  = 'value'.freeze
         | 
| 32 | 
            -
                SIGNED_KEYS_KEY      = ' | 
| 32 | 
            +
                SIGNED_KEYS_KEY      = 'keys'.freeze
         | 
| 33 33 | 
             
                SIGNATURE_VERSION    = 'v0_9'.freeze
         | 
| 34 34 | 
             
                PUBLIC_KEY           = <<-END.gsub(/^ */, '').freeze
         | 
| 35 35 | 
             
                -----BEGIN PUBLIC KEY-----
         | 
| @@ -114,14 +114,14 @@ module Sqreen | |
| 114 114 | 
             
                  raise Sqreen::Exception, 'no signature found' unless sigs
         | 
| 115 115 |  | 
| 116 116 | 
             
                  sig = sigs[SIGNATURE_VERSION]
         | 
| 117 | 
            -
                  msg = "signature #{SIGNATURE_VERSION} not found"
         | 
| 117 | 
            +
                  msg = "signature #{SIGNATURE_VERSION} not found (#{sigs})"
         | 
| 118 118 | 
             
                  raise Sqreen::Exception, msg unless sig
         | 
| 119 119 |  | 
| 120 120 | 
             
                  sig_value = sig[SIGNATURE_VALUE_KEY]
         | 
| 121 121 | 
             
                  raise Sqreen::Exception, 'no signature value found' unless sig_value
         | 
| 122 122 |  | 
| 123 123 | 
             
                  signed_keys = sig[SIGNED_KEYS_KEY]
         | 
| 124 | 
            -
                  raise Sqreen::Exception,  | 
| 124 | 
            +
                  raise Sqreen::Exception, "no signed keys found (#{sig})" unless signed_keys
         | 
| 125 125 |  | 
| 126 126 | 
             
                  inc = Set.new(signed_keys).superset?(Set.new(@required_signed_keys))
         | 
| 127 127 | 
             
                  raise Sqreen::Exception, 'signed keys miss equired keys' unless inc
         | 
| @@ -130,6 +130,8 @@ module Sqreen | |
| 130 130 | 
             
                end
         | 
| 131 131 |  | 
| 132 132 | 
             
                def verify(hash_rule)
         | 
| 133 | 
            +
                  # Return true if rule signature is correct, else false
         | 
| 134 | 
            +
             | 
| 133 135 | 
             
                  signed_keys, sig_value = get_sig_infos_or_fail(hash_rule)
         | 
| 134 136 |  | 
| 135 137 | 
             
                  norm_str = normalize(hash_rule, signed_keys)
         | 
    
        data/lib/sqreen/version.rb
    CHANGED
    
    
    
        metadata
    CHANGED
    
    | @@ -1,14 +1,14 @@ | |
| 1 1 | 
             
            --- !ruby/object:Gem::Specification
         | 
| 2 2 | 
             
            name: sqreen
         | 
| 3 3 | 
             
            version: !ruby/object:Gem::Version
         | 
| 4 | 
            -
              version: 0.7. | 
| 4 | 
            +
              version: 0.7.01464629603
         | 
| 5 5 | 
             
            platform: java
         | 
| 6 6 | 
             
            authors:
         | 
| 7 7 | 
             
            - Sqreen
         | 
| 8 8 | 
             
            autorequire:
         | 
| 9 9 | 
             
            bindir: bin
         | 
| 10 10 | 
             
            cert_chain: []
         | 
| 11 | 
            -
            date: 2016-05- | 
| 11 | 
            +
            date: 2016-05-30 00:00:00.000000000 Z
         | 
| 12 12 | 
             
            dependencies:
         | 
| 13 13 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 14 14 | 
             
              name: execjs
         | 
| @@ -136,7 +136,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement | |
| 136 136 | 
             
                  version: '0'
         | 
| 137 137 | 
             
            requirements: []
         | 
| 138 138 | 
             
            rubyforge_project:
         | 
| 139 | 
            -
            rubygems_version: 2.6. | 
| 139 | 
            +
            rubygems_version: 2.6.4
         | 
| 140 140 | 
             
            signing_key:
         | 
| 141 141 | 
             
            specification_version: 4
         | 
| 142 142 | 
             
            summary: Sqreen Ruby agent
         |