sqreen 1.13.2-java → 1.13.4-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/sqreen/configuration.rb +2 -0
  3. data/lib/sqreen/events/request_record.rb +33 -0
  4. data/lib/sqreen/frameworks/generic.rb +2 -0
  5. data/lib/sqreen/rules_callbacks/reflected_xss.rb +2 -1
  6. data/lib/sqreen/version.rb +1 -1
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 18abfc3db56502d7447f673f0e79ad135ba5246b
4
- data.tar.gz: 688b156e32f26224128fedcc4aaf3bd37b7df279
3
+ metadata.gz: 2d9abe0c770383b57205c2eb661c33ed286ed18a
4
+ data.tar.gz: d802f183cc3fe90149eb1e1ccce5faba70be653d
5
5
  SHA512:
6
- metadata.gz: ad3ab2d5c7b748bd7767654687de8ab1655de2f55abd84b32713da49d7d423ece161978fd7b86149ec977ea01b31ad110bb1a2dabe6bc1c87d3e6d722a42a63f
7
- data.tar.gz: e9bf1fdd0924cea32abcf0dc887b4471d671fc5215a6e668240e3c9f58610cf2d571102f6e9a9e8c63b7a9115cacd954fa1e9bde20b5d01cbc321e77bd29e937
6
+ metadata.gz: c4f72bc138efcde980f98924266e8dd861a46aadf2221a0e17a8520c6066bfa921c8cfdf5407143b8c8a20fa0340ced7dd02a784ea62fc86fd3079902b9de909
7
+ data.tar.gz: cbb3d0a5123068c0e23739d4261b731917d4ce77c9c8ceac854610b9df39b994bfe69ca23a23148a2346f7644fa4452cea468ae8737d1ff27213afe991f625bd
data/lib/sqreen/configuration.rb CHANGED
@@ -51,6 +51,8 @@ module Sqreen
51
51
  :default => nil },
52
52
  { :env => :SQREEN_IP_HEADER, :name => :ip_header,
53
53
  :default => nil },
54
+ { :env => :SQREEN_STRIP_SENSITIVE_DATA, :name => :strip_sensitive_data,
55
+ :default => true, :convert => :to_bool },
54
56
 
55
57
  ].freeze
56
58
 
data/lib/sqreen/events/request_record.rb CHANGED
@@ -52,8 +52,14 @@ module Sqreen
52
52
  else
53
53
  res[:request] = {}
54
54
  end
55
+
55
56
  res[:request][:parameters] = payload['params'] if payload['params']
56
57
  res[:request][:headers] = payload['headers'] if payload['headers']
58
+
59
+ if Sqreen.config_get(:strip_sensitive_data)
60
+ res[:request] = SensitiveDataRedactor.redact(res[:request])
61
+ end
62
+
57
63
  res
58
64
  end
59
65
 
@@ -96,4 +102,31 @@ module Sqreen
96
102
  nil
97
103
  end
98
104
  end
105
+
106
+ # For redacting sensitive data and avoid having it sent to our servers
107
+ class SensitiveDataRedactor
108
+ SENSITIVE_KEYS = Set.new(%w[password secret passwd authorization api_key apikey access_token]).freeze
109
+ MASK = '<Redacted by Sqreen>'.freeze
110
+ REGEX = /\A(?:\d[ -]*?){13,16}\z/
111
+
112
+ def self.redact(obj)
113
+ case obj
114
+ when String
115
+ return MASK if obj =~ REGEX
116
+
117
+ when Array
118
+ return obj.map(&method(:redact))
119
+
120
+ when Hash
121
+ return Hash[
122
+ obj.map do |k, v|
123
+ ck = k.is_a?(String) ? k.downcase : k
124
+ [k, SENSITIVE_KEYS.include?(ck) ? MASK : redact(v)]
125
+ end
126
+ ]
127
+ end
128
+
129
+ obj
130
+ end
131
+ end
99
132
  end
data/lib/sqreen/frameworks/generic.rb CHANGED
@@ -393,6 +393,7 @@ module Sqreen
393
393
  each_key_value_for_hash(p) do |value|
394
394
  next unless value.is_a?(String)
395
395
  next if value.size < 5
396
+ value = value.force_encoding(Encoding::ISO_8859_1).encode(Encoding::UTF_8) unless value.valid_encoding?
396
397
  next if regexp && !regexp.match?(value)
397
398
  parm << value
398
399
  end
@@ -410,6 +411,7 @@ module Sqreen
410
411
  each_key_value_for_hash(p) do |value|
411
412
  next unless value.is_a?(String)
412
413
  next if value.size < 5
414
+ value = value.force_encoding(Encoding::ISO_8859_1).encode(Encoding::UTF_8) unless value.valid_encoding?
413
415
  next if regexp && !regexp.match(value)
414
416
  parm << value
415
417
  end
data/lib/sqreen/rules_callbacks/reflected_xss.rb CHANGED
@@ -140,7 +140,8 @@ module Sqreen
140
140
  tag = ret
141
141
  if tag.value[:escape_html] == false &&
142
142
  tag.value[:value].respond_to?(:include?) &&
143
- !tag.value[:value].include?('html_escape')
143
+ !tag.value[:value].include?('html_escape') &&
144
+ tag.value[:parse] == true
144
145
  tag.value[:value] = "Sqreen.escape_haml((#{tag.value[:value]}))"
145
146
  return { :status => :override, :new_return_value => tag }
146
147
  end
data/lib/sqreen/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # Copyright (c) 2015 Sqreen. All Rights Reserved.
2
2
  # Please refer to our terms for more information: https://www.sqreen.io/terms.html
3
3
  module Sqreen
4
- VERSION = '1.13.2'.freeze
4
+ VERSION = '1.13.4'.freeze
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.13.2
4
+ version: 1.13.4
5
5
  platform: java
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-07-23 00:00:00.000000000 Z
11
+ date: 2018-08-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement