sqreen 0.7.01462198090 → 0.7.01464629603
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/sqreen/condition_evaluator.rb +23 -2
- data/lib/sqreen/exception.rb +3 -0
- data/lib/sqreen/instrumentation.rb +1 -1
- data/lib/sqreen/rules.rb +3 -1
- data/lib/sqreen/rules_callbacks/execjs.rb +3 -0
- data/lib/sqreen/rules_callbacks/headers_insert.rb +6 -4
- data/lib/sqreen/rules_callbacks/inspect_rule.rb +9 -4
- data/lib/sqreen/rules_signature.rb +5 -3
- data/lib/sqreen/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 192a7661d705323a2231c73cb7101a28e183c54e
|
4
|
+
data.tar.gz: 8ee71b4f23eecf8156755c3ce2e228f49a355d8c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9cc79b500fc8f2ad8e22f2e464982420677b32a70189f08c50a48341bd0bcc80e29f131eda961344875bc9df305263300ccd067cbd834ddce8fc288b7c4e9947
|
7
|
+
data.tar.gz: 8825f4ef858f66786b55f80ee7287f6274341a372a2ac6cf7707c354b0a3293953a20237c45ef00a832d587b7ddba8a507b388aa7de9583ec7f48d0f3f716f9d
|
@@ -41,11 +41,28 @@ class ConditionEvaluator
|
|
41
41
|
return false if hval.respond_to?(:empty?) && hval.empty?
|
42
42
|
v = hval.to_s
|
43
43
|
return false if v.size < min_value_size
|
44
|
-
value.to_s
|
44
|
+
ConditionEvaluator.str_include?(value.to_s, v)
|
45
45
|
end
|
46
46
|
end
|
47
47
|
end
|
48
48
|
|
49
|
+
# Test is a str contains what. Rencode if necessary
|
50
|
+
def self.str_include?(str, what)
|
51
|
+
str1 = if str.encoding != Encoding::UTF_8
|
52
|
+
str.encode(Encoding::UTF_8, :invalid => :replace,
|
53
|
+
:undef => :replace)
|
54
|
+
else
|
55
|
+
str
|
56
|
+
end
|
57
|
+
str2 = if what.encoding != Encoding::UTF_8
|
58
|
+
what.encode(Encoding::UTF_8, :invalid => :replace,
|
59
|
+
:undef => :replace)
|
60
|
+
else
|
61
|
+
what
|
62
|
+
end
|
63
|
+
str1.include?(str2)
|
64
|
+
end
|
65
|
+
|
49
66
|
# Initialize evaluator
|
50
67
|
# @param cond [Hash] condition Hash
|
51
68
|
def initialize(cond)
|
@@ -156,7 +173,11 @@ class ConditionEvaluator
|
|
156
173
|
unless res[0].respond_to?(:include?)
|
157
174
|
raise(Sqreen::Exception, "no include on res #{res[0].inspect}")
|
158
175
|
end
|
159
|
-
res[0].
|
176
|
+
if res[0].is_a?(String)
|
177
|
+
ConditionEvaluator.str_include?(res[0], res[1])
|
178
|
+
else
|
179
|
+
res[0].include?(res[1])
|
180
|
+
end
|
160
181
|
when HASH_INC_OPERATOR
|
161
182
|
ConditionEvaluator.hash_val_include?(res[0], res[1], res[2])
|
162
183
|
else
|
data/lib/sqreen/exception.rb
CHANGED
@@ -483,7 +483,7 @@ module Sqreen
|
|
483
483
|
if Sqreen.features['rules_signature'] &&
|
484
484
|
Sqreen.config_get(:rules_verify_signature) &&
|
485
485
|
!defined?(::JRUBY_VERSION)
|
486
|
-
verifier = Sqreen::
|
486
|
+
verifier = Sqreen::SqreenSignedVerifier.new
|
487
487
|
else
|
488
488
|
Sqreen.log.debug('Rules signature is not enabled')
|
489
489
|
end
|
data/lib/sqreen/rules.rb
CHANGED
@@ -44,7 +44,9 @@ module Sqreen
|
|
44
44
|
# @param verifier [SqreenSignedVerifier] Signed verifier
|
45
45
|
def self::cb_from_rule(hash_rule, metrics_store = nil, verifier = nil)
|
46
46
|
# Check rules signature
|
47
|
-
|
47
|
+
if verifier
|
48
|
+
raise InvalidSignatureException unless verifier.verify(hash_rule)
|
49
|
+
end
|
48
50
|
|
49
51
|
hook = hash_rule[Attrs::HOOKPOINT]
|
50
52
|
klass = hook[Attrs::KLASS]
|
@@ -75,6 +75,9 @@ module Sqreen
|
|
75
75
|
k
|
76
76
|
end)] = ret[k] end
|
77
77
|
record_event(ret[:record]) unless ret[:record].nil?
|
78
|
+
unless ret['observations'].nil?
|
79
|
+
ret['observations'].each { |obs| record_observation(*obs) }
|
80
|
+
end
|
78
81
|
return !ret[:call].nil?
|
79
82
|
else
|
80
83
|
raise Sqreen::Exception, "Invalid return type #{ret.inspect}"
|
@@ -5,14 +5,16 @@ require 'sqreen/rule_callback'
|
|
5
5
|
|
6
6
|
module Sqreen
|
7
7
|
module Rules
|
8
|
-
SQREEN_HEADER_NAME = 'X-Protected-By'.freeze
|
9
|
-
SQREEN_HEADER_VALUE = 'Sqreen'.freeze
|
10
|
-
|
11
8
|
# Display sqreen presence
|
12
9
|
class HeadersInsertCB < RuleCB
|
13
10
|
def post(rv, _inst, *_args, &_block)
|
14
11
|
return unless rv && rv.respond_to?(:[]) && rv[1].is_a?(Hash)
|
15
|
-
|
12
|
+
return nil unless @data
|
13
|
+
headers = @data['values'] || []
|
14
|
+
return if headers.empty?
|
15
|
+
headers.each do |name, value|
|
16
|
+
rv[1][name] = value
|
17
|
+
end
|
16
18
|
nil
|
17
19
|
end
|
18
20
|
end
|
@@ -8,12 +8,17 @@ module Sqreen
|
|
8
8
|
class InspectRuleCB < RuleCB
|
9
9
|
def pre(_inst, *args, &_block)
|
10
10
|
Sqreen.log.debug { "<< #{@klass} #{@method} #{Thread.current}" }
|
11
|
-
Sqreen.log.debug { args.join
|
11
|
+
Sqreen.log.debug { args.map(&:inspect).join(' ') }
|
12
12
|
end
|
13
13
|
|
14
|
-
def post(
|
15
|
-
Sqreen.log.debug { ">> #{@klass} #{@method} #{Thread.current}" }
|
16
|
-
byebug if defined? byebug
|
14
|
+
def post(rv, _inst, *_args, &_block)
|
15
|
+
Sqreen.log.debug { ">> #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
|
16
|
+
byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
|
17
|
+
end
|
18
|
+
|
19
|
+
def failing(rv, _inst, *_args, &_block)
|
20
|
+
Sqreen.log.debug { "># #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
|
21
|
+
byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
|
17
22
|
end
|
18
23
|
end
|
19
24
|
end
|
@@ -29,7 +29,7 @@ module Sqreen
|
|
29
29
|
REQUIRED_SIGNED_KEYS = %w(hookpoint name callbacks conditions).freeze
|
30
30
|
SIGNATURE_KEY = 'signature'.freeze
|
31
31
|
SIGNATURE_VALUE_KEY = 'value'.freeze
|
32
|
-
SIGNED_KEYS_KEY = '
|
32
|
+
SIGNED_KEYS_KEY = 'keys'.freeze
|
33
33
|
SIGNATURE_VERSION = 'v0_9'.freeze
|
34
34
|
PUBLIC_KEY = <<-END.gsub(/^ */, '').freeze
|
35
35
|
-----BEGIN PUBLIC KEY-----
|
@@ -114,14 +114,14 @@ module Sqreen
|
|
114
114
|
raise Sqreen::Exception, 'no signature found' unless sigs
|
115
115
|
|
116
116
|
sig = sigs[SIGNATURE_VERSION]
|
117
|
-
msg = "signature #{SIGNATURE_VERSION} not found"
|
117
|
+
msg = "signature #{SIGNATURE_VERSION} not found (#{sigs})"
|
118
118
|
raise Sqreen::Exception, msg unless sig
|
119
119
|
|
120
120
|
sig_value = sig[SIGNATURE_VALUE_KEY]
|
121
121
|
raise Sqreen::Exception, 'no signature value found' unless sig_value
|
122
122
|
|
123
123
|
signed_keys = sig[SIGNED_KEYS_KEY]
|
124
|
-
raise Sqreen::Exception,
|
124
|
+
raise Sqreen::Exception, "no signed keys found (#{sig})" unless signed_keys
|
125
125
|
|
126
126
|
inc = Set.new(signed_keys).superset?(Set.new(@required_signed_keys))
|
127
127
|
raise Sqreen::Exception, 'signed keys miss equired keys' unless inc
|
@@ -130,6 +130,8 @@ module Sqreen
|
|
130
130
|
end
|
131
131
|
|
132
132
|
def verify(hash_rule)
|
133
|
+
# Return true if rule signature is correct, else false
|
134
|
+
|
133
135
|
signed_keys, sig_value = get_sig_infos_or_fail(hash_rule)
|
134
136
|
|
135
137
|
norm_str = normalize(hash_rule, signed_keys)
|
data/lib/sqreen/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sqreen
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.7.
|
4
|
+
version: 0.7.01464629603
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sqreen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-05-
|
11
|
+
date: 2016-05-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: execjs
|
@@ -137,7 +137,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
137
137
|
version: '0'
|
138
138
|
requirements: []
|
139
139
|
rubyforge_project:
|
140
|
-
rubygems_version: 2.6.
|
140
|
+
rubygems_version: 2.6.4
|
141
141
|
signing_key:
|
142
142
|
specification_version: 4
|
143
143
|
summary: Sqreen Ruby agent
|