sqreen 1.17.2.beta2-java → 1.17.2.beta3-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/lib/sqreen/backport.rb +4 -0
- data/lib/sqreen/backport/original_name.rb +83 -0
- data/lib/sqreen/dependency/hook_point.rb +1 -0
- data/lib/sqreen/rules_callbacks.rb +2 -0
- data/lib/sqreen/rules_callbacks/devise_auth_track.rb +33 -0
- data/lib/sqreen/rules_callbacks/devise_signup_track.rb +32 -0
- data/lib/sqreen/rules_callbacks/sdk_auth_track.rb +30 -0
- data/lib/sqreen/rules_callbacks/sdk_signup_track.rb +30 -0
- data/lib/sqreen/version.rb +1 -1
- metadata +9 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 91a18a8bc48b07279910e5ad56ac12876450b700c4d051aa5f14e9d3e8a23c17
|
4
|
+
data.tar.gz: 80a83f307076cb929eb555788bb6427933b57ccca697e911e5f7f62a22bdd2cf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 802cbeb428254e321641df1bb53474b0f7f77f0868a42a588ce275fc1d3b03f8404f080b7ff24a28d38f6594f6a3fbc4b36854c2f64ad6dbc49ef45b8eef814c
|
7
|
+
data.tar.gz: 39dbd0f66e2f642ebd80af3d2bd38b9df070fb0c34b35084128bb94d1977be74669331b5c12aa50fcfc8305b2ff8cf3e39a3043cee4c1fbc2fd53bf483d41fe8
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,9 @@
|
|
1
|
+
## 1.17.2.beta3
|
2
|
+
|
3
|
+
* Improve performance of user tracking
|
4
|
+
* Improve reliability of user tracking against performance budget
|
5
|
+
* Restore compatibility with Ruby 1.9.3, 2.0, and 2.1 and JRuby 9.2
|
6
|
+
|
1
7
|
## 1.17.2.beta2
|
2
8
|
|
3
9
|
* Important note: this beta release supports Ruby 2.2 or above only
|
@@ -0,0 +1,83 @@
|
|
1
|
+
module Sqreen
|
2
|
+
module Backport
|
3
|
+
module OriginalName
|
4
|
+
HAS_UNBOUND_METHOD_ORIGINAL_NAME = ::UnboundMethod.instance_methods(false).include?(:original_name)
|
5
|
+
HAS_METHOD_ORIGINAL_NAME = ::Method.instance_methods(false).include?(:original_name)
|
6
|
+
|
7
|
+
def original_name
|
8
|
+
self.class.get_original_name(owner, original_name_key) || self.original_name = name
|
9
|
+
end
|
10
|
+
|
11
|
+
private
|
12
|
+
|
13
|
+
def original_name=(name)
|
14
|
+
self.class.set_original_name(owner, original_name_key, name)
|
15
|
+
end
|
16
|
+
|
17
|
+
def original_name_key
|
18
|
+
return hash if is_a?(::UnboundMethod)
|
19
|
+
|
20
|
+
owner.instance_method(name).hash
|
21
|
+
end
|
22
|
+
|
23
|
+
class << self
|
24
|
+
def supported?
|
25
|
+
!::Kernel.const_defined?(:JRUBY_VERSION) && HAS_UNBOUND_METHOD_ORIGINAL_NAME && HAS_METHOD_ORIGINAL_NAME
|
26
|
+
end
|
27
|
+
|
28
|
+
def included(klass)
|
29
|
+
klass.extend(ClassMethods)
|
30
|
+
end
|
31
|
+
|
32
|
+
def prepended(klass)
|
33
|
+
klass.extend(ClassMethods)
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
class Store < ::Hash; end
|
38
|
+
|
39
|
+
module ClassMethods
|
40
|
+
def original_names(owner)
|
41
|
+
owner.instance_eval { @__sqreen_backport_original_names ||= Store.new }
|
42
|
+
end
|
43
|
+
|
44
|
+
def get_original_name(owner, key)
|
45
|
+
original_names(owner)[key]
|
46
|
+
end
|
47
|
+
|
48
|
+
def set_original_name(owner, key, name)
|
49
|
+
original_names(owner)[key] ||= name
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
class UnboundMethod
|
57
|
+
if Sqreen::Backport::OriginalName::HAS_UNBOUND_METHOD_ORIGINAL_NAME
|
58
|
+
prepend Sqreen::Backport::OriginalName
|
59
|
+
else
|
60
|
+
include Sqreen::Backport::OriginalName
|
61
|
+
end
|
62
|
+
end unless Sqreen::Backport::OriginalName.supported?
|
63
|
+
|
64
|
+
class Method
|
65
|
+
if Sqreen::Backport::OriginalName::HAS_METHOD_ORIGINAL_NAME
|
66
|
+
prepend Sqreen::Backport::OriginalName
|
67
|
+
else
|
68
|
+
include Sqreen::Backport::OriginalName
|
69
|
+
end
|
70
|
+
end unless Sqreen::Backport::OriginalName.supported?
|
71
|
+
|
72
|
+
class Module
|
73
|
+
alias_method(:alias_method_without_original_name, :alias_method)
|
74
|
+
|
75
|
+
def alias_method_with_original_name(newname, oldname)
|
76
|
+
alias_method_without_original_name(newname, oldname).tap do
|
77
|
+
instance_method(newname).send(:original_name=, :"#{oldname}")
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
alias_method_with_original_name(:alias_method_without_original_name, :alias_method)
|
82
|
+
alias_method_with_original_name(:alias_method, :alias_method_with_original_name)
|
83
|
+
end unless Sqreen::Backport::OriginalName.supported?
|
@@ -25,5 +25,7 @@ require 'sqreen/rules_callbacks/binding_accessor_metrics'
|
|
25
25
|
require 'sqreen/rules_callbacks/binding_accessor_matcher'
|
26
26
|
require 'sqreen/rules_callbacks/count_http_codes'
|
27
27
|
require 'sqreen/rules_callbacks/crawler_user_agent_matches_metrics'
|
28
|
+
require 'sqreen/rules_callbacks/sdk_auth_track'
|
29
|
+
require 'sqreen/rules_callbacks/devise_auth_track'
|
28
30
|
|
29
31
|
require 'sqreen/rules_callbacks/custom_error'
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'sqreen/rule_attributes'
|
2
|
+
require 'sqreen/rule_callback'
|
3
|
+
require 'sqreen/safe_json'
|
4
|
+
|
5
|
+
module Sqreen
|
6
|
+
module Rules
|
7
|
+
class DeviseAuthTrackCB < RuleCB
|
8
|
+
def initialize(*args)
|
9
|
+
super(*args)
|
10
|
+
@overtimeable = false
|
11
|
+
end
|
12
|
+
|
13
|
+
def post(_rv, instance, _args, _budget)
|
14
|
+
status = instance.instance_variable_get(:@result).to_s
|
15
|
+
data = instance.authentication_hash
|
16
|
+
keys = instance.send(:authentication_keys)
|
17
|
+
ip = framework.client_ip
|
18
|
+
category = status == 'failure' ? 'auto-login-fail' : 'auto-login-success'
|
19
|
+
data = data.select { |k, _| keys.include?(k) }
|
20
|
+
|
21
|
+
if data.empty?
|
22
|
+
Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
|
23
|
+
return
|
24
|
+
end
|
25
|
+
|
26
|
+
payload = { keys: data.to_a, ip: ip }
|
27
|
+
|
28
|
+
record_observation(category, JSON.dump(payload), 1)
|
29
|
+
advise_action(nil)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'sqreen/rule_attributes'
|
2
|
+
require 'sqreen/rule_callback'
|
3
|
+
require 'sqreen/safe_json'
|
4
|
+
|
5
|
+
module Sqreen
|
6
|
+
module Rules
|
7
|
+
class DeviseSignupTrackCB < RuleCB
|
8
|
+
def initialize(*args)
|
9
|
+
super(*args)
|
10
|
+
@overtimeable = false
|
11
|
+
end
|
12
|
+
|
13
|
+
def pre(_instance, args, _budget)
|
14
|
+
data = args[1].attributes
|
15
|
+
keys = args[1].class.authentication_keys
|
16
|
+
ip = framework.client_ip
|
17
|
+
category = 'auto-signup'
|
18
|
+
data = data.select { |k, _| keys.include?(k) }
|
19
|
+
|
20
|
+
if data.empty?
|
21
|
+
Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
|
22
|
+
return
|
23
|
+
end
|
24
|
+
|
25
|
+
payload = { keys: data.to_a, ip: ip }
|
26
|
+
|
27
|
+
record_observation(category, JSON.dump(payload), 1)
|
28
|
+
advise_action(nil)
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require 'sqreen/rule_attributes'
|
2
|
+
require 'sqreen/rule_callback'
|
3
|
+
require 'sqreen/safe_json'
|
4
|
+
|
5
|
+
module Sqreen
|
6
|
+
module Rules
|
7
|
+
class AuthTrackCB < RuleCB
|
8
|
+
def initialize(*args)
|
9
|
+
super(*args)
|
10
|
+
@overtimeable = false
|
11
|
+
end
|
12
|
+
|
13
|
+
def pre(_instance, args, _budget)
|
14
|
+
success, authentication_keys = args
|
15
|
+
ip = framework.client_ip
|
16
|
+
category = success ? 'sdk-login-success' : 'sdk-login-fail'
|
17
|
+
|
18
|
+
if authentication_keys.empty?
|
19
|
+
Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
|
20
|
+
return
|
21
|
+
end
|
22
|
+
|
23
|
+
payload = { keys: authentication_keys.to_a, ip: ip }
|
24
|
+
|
25
|
+
record_observation(category, JSON.dump(payload), 1)
|
26
|
+
advise_action(nil)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require 'sqreen/rule_attributes'
|
2
|
+
require 'sqreen/rule_callback'
|
3
|
+
require 'sqreen/safe_json'
|
4
|
+
|
5
|
+
module Sqreen
|
6
|
+
module Rules
|
7
|
+
class SignupTrackCB < RuleCB
|
8
|
+
def initialize(*args)
|
9
|
+
super(*args)
|
10
|
+
@overtimeable = false
|
11
|
+
end
|
12
|
+
|
13
|
+
def pre(_instance, args, _budget)
|
14
|
+
authentication_keys = args.first
|
15
|
+
ip = framework.client_ip
|
16
|
+
category = 'sdk-signup'
|
17
|
+
|
18
|
+
if authentication_keys.empty?
|
19
|
+
Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
|
20
|
+
return
|
21
|
+
end
|
22
|
+
|
23
|
+
payload = { keys: authentication_keys.to_a, ip: ip }
|
24
|
+
|
25
|
+
record_observation(category, JSON.dump(payload), 1)
|
26
|
+
advise_action(nil)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
data/lib/sqreen/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sqreen
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.17.2.
|
4
|
+
version: 1.17.2.beta3
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Sqreen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-08-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -54,6 +54,8 @@ files:
|
|
54
54
|
- lib/sqreen/actions.rb
|
55
55
|
- lib/sqreen/agent.rb
|
56
56
|
- lib/sqreen/attack_detected.html
|
57
|
+
- lib/sqreen/backport.rb
|
58
|
+
- lib/sqreen/backport/original_name.rb
|
57
59
|
- lib/sqreen/binding_accessor.rb
|
58
60
|
- lib/sqreen/ca.crt
|
59
61
|
- lib/sqreen/call_countable.rb
|
@@ -121,6 +123,8 @@ files:
|
|
121
123
|
- lib/sqreen/rules_callbacks/crawler_user_agent_matches.rb
|
122
124
|
- lib/sqreen/rules_callbacks/crawler_user_agent_matches_metrics.rb
|
123
125
|
- lib/sqreen/rules_callbacks/custom_error.rb
|
126
|
+
- lib/sqreen/rules_callbacks/devise_auth_track.rb
|
127
|
+
- lib/sqreen/rules_callbacks/devise_signup_track.rb
|
124
128
|
- lib/sqreen/rules_callbacks/execjs.rb
|
125
129
|
- lib/sqreen/rules_callbacks/headers_insert.rb
|
126
130
|
- lib/sqreen/rules_callbacks/inspect_rule.rb
|
@@ -131,6 +135,8 @@ files:
|
|
131
135
|
- lib/sqreen/rules_callbacks/regexp_rule.rb
|
132
136
|
- lib/sqreen/rules_callbacks/run_req_start_actions.rb
|
133
137
|
- lib/sqreen/rules_callbacks/run_user_actions.rb
|
138
|
+
- lib/sqreen/rules_callbacks/sdk_auth_track.rb
|
139
|
+
- lib/sqreen/rules_callbacks/sdk_signup_track.rb
|
134
140
|
- lib/sqreen/rules_callbacks/shell_env.rb
|
135
141
|
- lib/sqreen/rules_callbacks/url_matches.rb
|
136
142
|
- lib/sqreen/rules_callbacks/user_agent_matches.rb
|
@@ -167,7 +173,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
167
173
|
requirements:
|
168
174
|
- - ">="
|
169
175
|
- !ruby/object:Gem::Version
|
170
|
-
version:
|
176
|
+
version: 1.9.3
|
171
177
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
172
178
|
requirements:
|
173
179
|
- - ">"
|