sqreen 0.7.01462198090-java → 0.7.01464629603-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: c894685dce5beefefaf5c48a1eb62a45f16ce2a0
4
- data.tar.gz: 034caa13665675561c4880d67b2073d5d843e042
3
+ metadata.gz: 80d1d023f3b57ae372f03c67e2c916663a500a8c
4
+ data.tar.gz: 7006f4103e6e1e99677dbb21d13c2f3dbe540bd0
5
5
  SHA512:
6
- metadata.gz: 9b6aba627699858a45b971466f4d84521c021e92d51bf80de24facacd0e5d2a25425a9de147cd83fa07ff23709af3b56d7efc53b0931361eedf8faf1afc91492
7
- data.tar.gz: 0b326706836e3bd162064ab8d3aca7d0085b79a893c90d8f35ffff6bc367bf718454ab5f705bd2bee012a6b3634ad5012dd519ad0d3082ccd1546a61b95d7b8b
6
+ metadata.gz: db99bc6d2b7c52f0f684cf18bbea98ec51c51c026cfdaea40a44260eec7921d25ef75772f6b2046259116d1f18fcdc57ce45731664058fd4b000a42b791eb061
7
+ data.tar.gz: 57c54f89c94d734227840c3392035550bb83910c698f551c749e90dc3214c7d01e55865cdfa4e6ea9ee60127fd22e0860dfd26c44187413b726e31d4fe93f1f3
@@ -41,11 +41,28 @@ class ConditionEvaluator
41
41
  return false if hval.respond_to?(:empty?) && hval.empty?
42
42
  v = hval.to_s
43
43
  return false if v.size < min_value_size
44
- value.to_s.include?(v)
44
+ ConditionEvaluator.str_include?(value.to_s, v)
45
45
  end
46
46
  end
47
47
  end
48
48
 
49
+ # Test is a str contains what. Rencode if necessary
50
+ def self.str_include?(str, what)
51
+ str1 = if str.encoding != Encoding::UTF_8
52
+ str.encode(Encoding::UTF_8, :invalid => :replace,
53
+ :undef => :replace)
54
+ else
55
+ str
56
+ end
57
+ str2 = if what.encoding != Encoding::UTF_8
58
+ what.encode(Encoding::UTF_8, :invalid => :replace,
59
+ :undef => :replace)
60
+ else
61
+ what
62
+ end
63
+ str1.include?(str2)
64
+ end
65
+
49
66
  # Initialize evaluator
50
67
  # @param cond [Hash] condition Hash
51
68
  def initialize(cond)
@@ -156,7 +173,11 @@ class ConditionEvaluator
156
173
  unless res[0].respond_to?(:include?)
157
174
  raise(Sqreen::Exception, "no include on res #{res[0].inspect}")
158
175
  end
159
- res[0].include?(res[1])
176
+ if res[0].is_a?(String)
177
+ ConditionEvaluator.str_include?(res[0], res[1])
178
+ else
179
+ res[0].include?(res[1])
180
+ end
160
181
  when HASH_INC_OPERATOR
161
182
  ConditionEvaluator.hash_val_include?(res[0], res[1], res[2])
162
183
  else
@@ -28,4 +28,7 @@ module Sqreen
28
28
 
29
29
  class NotImplementedYet < Exception
30
30
  end
31
+
32
+ class InvalidSignatureException < Exception
33
+ end
31
34
  end
@@ -483,7 +483,7 @@ module Sqreen
483
483
  if Sqreen.features['rules_signature'] &&
484
484
  Sqreen.config_get(:rules_verify_signature) &&
485
485
  !defined?(::JRUBY_VERSION)
486
- verifier = Sqreen::RulesSignature.new
486
+ verifier = Sqreen::SqreenSignedVerifier.new
487
487
  else
488
488
  Sqreen.log.debug('Rules signature is not enabled')
489
489
  end
@@ -44,7 +44,9 @@ module Sqreen
44
44
  # @param verifier [SqreenSignedVerifier] Signed verifier
45
45
  def self::cb_from_rule(hash_rule, metrics_store = nil, verifier = nil)
46
46
  # Check rules signature
47
- verifier.verify(hash_rule) if verifier
47
+ if verifier
48
+ raise InvalidSignatureException unless verifier.verify(hash_rule)
49
+ end
48
50
 
49
51
  hook = hash_rule[Attrs::HOOKPOINT]
50
52
  klass = hook[Attrs::KLASS]
@@ -75,6 +75,9 @@ module Sqreen
75
75
  k
76
76
  end)] = ret[k] end
77
77
  record_event(ret[:record]) unless ret[:record].nil?
78
+ unless ret['observations'].nil?
79
+ ret['observations'].each { |obs| record_observation(*obs) }
80
+ end
78
81
  return !ret[:call].nil?
79
82
  else
80
83
  raise Sqreen::Exception, "Invalid return type #{ret.inspect}"
@@ -5,14 +5,16 @@ require 'sqreen/rule_callback'
5
5
 
6
6
  module Sqreen
7
7
  module Rules
8
- SQREEN_HEADER_NAME = 'X-Protected-By'.freeze
9
- SQREEN_HEADER_VALUE = 'Sqreen'.freeze
10
-
11
8
  # Display sqreen presence
12
9
  class HeadersInsertCB < RuleCB
13
10
  def post(rv, _inst, *_args, &_block)
14
11
  return unless rv && rv.respond_to?(:[]) && rv[1].is_a?(Hash)
15
- rv[1][SQREEN_HEADER_NAME] = SQREEN_HEADER_VALUE
12
+ return nil unless @data
13
+ headers = @data['values'] || []
14
+ return if headers.empty?
15
+ headers.each do |name, value|
16
+ rv[1][name] = value
17
+ end
16
18
  nil
17
19
  end
18
20
  end
@@ -8,12 +8,17 @@ module Sqreen
8
8
  class InspectRuleCB < RuleCB
9
9
  def pre(_inst, *args, &_block)
10
10
  Sqreen.log.debug { "<< #{@klass} #{@method} #{Thread.current}" }
11
- Sqreen.log.debug { args.join ' ' }
11
+ Sqreen.log.debug { args.map(&:inspect).join(' ') }
12
12
  end
13
13
 
14
- def post(_rv, _inst, *_args, &_block)
15
- Sqreen.log.debug { ">> #{@klass} #{@method} #{Thread.current}" }
16
- byebug if defined? byebug and @data.is_a?(Hash) and @data[:break] == 1
14
+ def post(rv, _inst, *_args, &_block)
15
+ Sqreen.log.debug { ">> #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
16
+ byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
17
+ end
18
+
19
+ def failing(rv, _inst, *_args, &_block)
20
+ Sqreen.log.debug { "># #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
21
+ byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
17
22
  end
18
23
  end
19
24
  end
@@ -29,7 +29,7 @@ module Sqreen
29
29
  REQUIRED_SIGNED_KEYS = %w(hookpoint name callbacks conditions).freeze
30
30
  SIGNATURE_KEY = 'signature'.freeze
31
31
  SIGNATURE_VALUE_KEY = 'value'.freeze
32
- SIGNED_KEYS_KEY = 'signed_keys'.freeze
32
+ SIGNED_KEYS_KEY = 'keys'.freeze
33
33
  SIGNATURE_VERSION = 'v0_9'.freeze
34
34
  PUBLIC_KEY = <<-END.gsub(/^ */, '').freeze
35
35
  -----BEGIN PUBLIC KEY-----
@@ -114,14 +114,14 @@ module Sqreen
114
114
  raise Sqreen::Exception, 'no signature found' unless sigs
115
115
 
116
116
  sig = sigs[SIGNATURE_VERSION]
117
- msg = "signature #{SIGNATURE_VERSION} not found"
117
+ msg = "signature #{SIGNATURE_VERSION} not found (#{sigs})"
118
118
  raise Sqreen::Exception, msg unless sig
119
119
 
120
120
  sig_value = sig[SIGNATURE_VALUE_KEY]
121
121
  raise Sqreen::Exception, 'no signature value found' unless sig_value
122
122
 
123
123
  signed_keys = sig[SIGNED_KEYS_KEY]
124
- raise Sqreen::Exception, 'no signed keys found' unless signed_keys
124
+ raise Sqreen::Exception, "no signed keys found (#{sig})" unless signed_keys
125
125
 
126
126
  inc = Set.new(signed_keys).superset?(Set.new(@required_signed_keys))
127
127
  raise Sqreen::Exception, 'signed keys miss equired keys' unless inc
@@ -130,6 +130,8 @@ module Sqreen
130
130
  end
131
131
 
132
132
  def verify(hash_rule)
133
+ # Return true if rule signature is correct, else false
134
+
133
135
  signed_keys, sig_value = get_sig_infos_or_fail(hash_rule)
134
136
 
135
137
  norm_str = normalize(hash_rule, signed_keys)
@@ -2,5 +2,5 @@
2
2
  # Please refer to our terms for more information: https://www.sqreen.io/terms.html
3
3
  # Warning This file is auto generated! DO NOT edit.
4
4
  module Sqreen
5
- VERSION = "0.7.01462198090".freeze
5
+ VERSION = "0.7.01464629603".freeze
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.01462198090
4
+ version: 0.7.01464629603
5
5
  platform: java
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-02 00:00:00.000000000 Z
11
+ date: 2016-05-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: execjs
@@ -136,7 +136,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
136
136
  version: '0'
137
137
  requirements: []
138
138
  rubyforge_project:
139
- rubygems_version: 2.6.2
139
+ rubygems_version: 2.6.4
140
140
  signing_key:
141
141
  specification_version: 4
142
142
  summary: Sqreen Ruby agent