sqreen 1.14.1-java → 1.14.2-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 625e0b54a85e128be8a54aa94d91ff58d2dd99556fb6cfc79e22511731082fd3
-  data.tar.gz: 19ef99856cdc8269acf7888c424f2f80fdea4643b3c7deef4fa963f1de127923
+  metadata.gz: d64ca79b53ae2456a2c51b3939ff14c2d41b8dd82a7ce89860d82005cc75e1e5
+  data.tar.gz: fdee9e1364ff14e4167ae07bc9c1d878a073904a32d79acccbc1a041d96555c0
 SHA512:
-  metadata.gz: bbe599eea8b8f74ced0183e8ec6a2de5bc5cfd9506618fb21e5b526cca2611ed77cf94765abd39c8f136584c9f88fd7747f3ac29bd0729b57c9f5e647a7dfba1
-  data.tar.gz: 510eaa669c74a5989023b4b08da5158dd97e0e65e847301510e0c2e457e674b4b360c80a2996708aef37b05dd04fc5a56013278cc1003ed9c6f4e6fcf6acba5f
+  metadata.gz: 5a4b42b30b81fa25b154ccb5dea089dcd46ddb54c08fcb7e55946c8b45a03c74e4420bba338590b48582b3fea2084111c76b7ddffc4ff7fe862a0670e94ff5aa
+  data.tar.gz: 78e5b14939b1c743335b17fdaf9bc3d2d954c1806326edf4c88a2a58e5a170f87cf642bd8750caed162ec0090220b0d733f02cb38d3714403c46d8654cc249be

data/lib/sqreen.rb

@@ -17,6 +17,10 @@ require 'thread'
 # Auto start the instrumentation.
 
 Sqreen.framework.on_start do |framework|
+  if RUBY_VERSION =~ /\A2\.5\.[01]\z/ && Sqreen.framework.on_pre_fork_preload?
+    STDERR.puts("Avoiding launching sqreen thread pre-fork") # sqreen log unavailable
+    next
+  end
   Thread.new do
     begin
       runner = nil

data/lib/sqreen/frameworks/generic.rb

@@ -422,6 +422,15 @@ module Sqreen
         end
       end
 
+      def on_pre_fork_preload?
+        # unlike with worker_fork_detection, we can't be instrument Puma::Cluster
+        # in time for intercepting run
+        stack = Kernel.caller_locations
+
+        puma_preload?(stack) || unicorn_preload?(stack)
+      end
+
+
       protected
 
       # Is this a whitelisted path?
@@ -519,6 +528,7 @@ module Sqreen
         Sqreen.log.warn "Failed ignoring AttackBlocked on NewRelic: #{e.inspect}"
       end
 
+      # if it doesn't detect the fork it's not a problem
       def worker_fork_detection
         # only Puma currently supported
         return unless defined?(Puma::Cluster) && Puma::Cluster.instance_methods.include?(:worker)
@@ -533,6 +543,22 @@ module Sqreen
 
       private
 
+      def puma_preload?(stack)
+        cluster_run = stack.each_with_index.find { |b, _i| b.path =~ /puma\/cluster\.rb\z/ && b.label == 'run' }
+        return false unless cluster_run
+        frame_atop = stack[cluster_run[1] - 1]
+        frame_atop.label == 'load_and_bind'
+      end
+
+      def unicorn_preload?(stack)
+        build_app = stack.each_with_index.find do |b, _i|
+          b.path =~ /unicorn\/http_server\.rb\z/ && b.label == 'build_app!'
+        end
+        return false unless build_app
+        frame_below = stack[build_app[1] + 1]
+        frame_below.label == 'start'
+      end
+
       def split_ip_addresses(ip_addresses)
         ip_addresses ? ip_addresses.strip.split(/[,\s]+/) : []
       end

data/lib/sqreen/js/execjs_adapter.rb

@@ -1,15 +1,26 @@
 require 'execjs'
+require 'weakref'
 
 module Sqreen
   module Js
     class ExecjsAdapter < JsServiceAdapter
-      def preprocess(_rule_name, code)
-        ExecJsRunnable.new(ExecJS.compile(code))
+      def preprocess(rule_name, code)
+        if thread_safe?
+          ExecJsRunnable.new(ExecJS.compile(code))
+        else
+          ThreadLocalExecJsRunnable.new(code)
+        end
       end
 
       def variant_name
         ExecJS.runtime.name + ' (ExecJS)'
       end
+
+      private
+
+      def thread_safe?
+        ExecJS.runtime.name != 'therubyrhino (Rhino)'
+      end
     end
 
     class ExecJsRunnable < ExecutableJs
@@ -21,5 +32,42 @@ module Sqreen
         @compiled.call(cbname, *arguments)
       end
     end
+
+    class ThreadLocalExecJsRunnable < ExecutableJs
+      def initialize(code)
+        @code = code
+        @tl_key = "SQREEN_EXECJS_CONTEXT_#{object_id}".freeze
+        @runtimes = [] # place where to keep strong references
+        @runtimes_mutex = Mutex.new
+      end
+
+      def run_js_cb(cbname, _budget, arguments)
+        tl_exec_js_runnable.call(cbname, *arguments)
+      end
+
+      def with_runtimes_mutex
+        @runtimes_mutex.synchronize { yield }
+      end
+
+      private
+
+      def dispose_from_dead_threads
+        with_runtimes_mutex do
+          @runtimes.delete_if { |th, _runtime| !th.alive? }
+        end
+      end
+
+      def tl_exec_js_runnable
+        runnable = Thread.current[@tl_key]
+        return runnable if runnable && runnable.weakref_alive?
+
+        dispose_from_dead_threads
+        runtime = ExecJS.compile(@code)
+        with_runtimes_mutex do
+          @runtimes << [Thread.current, runtime]
+        end
+        Thread.current[@tl_key] = WeakRef.new(runtime)
+      end
+    end
   end
 end

data/lib/sqreen/js/js_service.rb

@@ -5,7 +5,7 @@ module Sqreen
     # start public interface
 
     class JsService
-      include Singleton
+      include ::Singleton
 
       def initialize
         detect_adapter
@@ -75,7 +75,7 @@ module Sqreen
     # end public interface
 
     class JsServiceAdapter
-      def preprocess(code)
+      def preprocess(rule_name, code)
         raise Sqreen::NotImplementedYet
       end
 

data/lib/sqreen/js/mini_racer_adapter.rb

@@ -1,4 +1,5 @@
 require 'weakref'
+require 'sqreen/runner' # for Sqreen.on_forked_worker?
 
 module Sqreen
   module Js
@@ -63,8 +64,9 @@ module Sqreen
 
         mini_racer_context[:c] += 1
         begin
+          json_args = "[#{arguments.map(&method(:fixup_bad_encoding)).map(&:to_json).join(',')}]"
           mini_racer_context[:r].eval_unsafe(
-              "#{cb_name}.apply(this, #{::JSON.generate(arguments)})", nil, budget)
+              "#{cb_name}.apply(this, #{json_args})", nil, budget)
         rescue @module::ScriptTerminatedError
           nil
         end
@@ -72,6 +74,23 @@ module Sqreen
 
       private
 
+      def fixup_bad_encoding(arg)
+        # NOTE: we don't fix encoding problems in deeper structures
+        return arg unless arg.is_a?(String)
+        unless arg.valid_encoding?
+          return arg.dup.force_encoding(Encoding::ISO_8859_1)
+        end
+
+        # encoding is valid if it reaches this point
+        return arg if arg.encoding == Encoding::UTF_8
+
+        begin
+          arg.encode(Encoding::UTF_8)
+        rescue Encoding::UndefinedConversionError
+          arg.dup.force_encoding(Encoding::ISO_8859_1)
+        end
+      end
+
       def snapshot
         @snapshot ||= @module::Snapshot.new(@source)
       end

data/lib/sqreen/performance_notifications/binned_metrics.rb

@@ -58,6 +58,8 @@ module Sqreen
 
         finish_time = SQREEN_MONO_TIME ? Time.now.utc : finish
         time_millis = (finish - start) * 1000
+        # Ensure we always have a timings if we somehow missed the request start
+        SharedStorage[:sqreen_request_time] ||= 0
         SharedStorage[:sqreen_request_time] += time_millis
         metrics_store.update(metric_name, finish_time, nil, time_millis)
       end

data/lib/sqreen/version.rb

@@ -1,5 +1,5 @@
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 module Sqreen
-  VERSION = '1.14.1'.freeze
+  VERSION = '1.14.2'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.14.1
+  version: 1.14.2
 platform: java
 authors:
 - Sqreen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-09-21 00:00:00.000000000 Z
+date: 2018-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement