sqreen 1.17.2.beta2-java → 1.17.2.beta3-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 01c3c821c21de60612d7bea58944b0d350e97c31bc2506200c712f366b866285
-  data.tar.gz: be7c642d80bb226edb19e54d478ee3835eb1c1e61dd704b966d42bc7b12ae831
+  metadata.gz: 91a18a8bc48b07279910e5ad56ac12876450b700c4d051aa5f14e9d3e8a23c17
+  data.tar.gz: 80a83f307076cb929eb555788bb6427933b57ccca697e911e5f7f62a22bdd2cf
 SHA512:
-  metadata.gz: 3c5f2ea96cf758cd23628213ffae12c0183eba93106e59f0fbc40ee2237c2801ee635db7bf8448459644d7a70a1e6d7f7bcebdf7401583c7b7b8e534e62f6a29
-  data.tar.gz: 74c1989008d6b3053e15168c36e468e64af87ef088d91680538a47af3782ccf7925eb2da8d4aec96c4aaf72f2eadc21da26e4227993520d132f34c254d4b3be7
+  metadata.gz: 802cbeb428254e321641df1bb53474b0f7f77f0868a42a588ce275fc1d3b03f8404f080b7ff24a28d38f6594f6a3fbc4b36854c2f64ad6dbc49ef45b8eef814c
+  data.tar.gz: 39dbd0f66e2f642ebd80af3d2bd38b9df070fb0c34b35084128bb94d1977be74669331b5c12aa50fcfc8305b2ff8cf3e39a3043cee4c1fbc2fd53bf483d41fe8

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.17.2.beta3
+
+* Improve performance of user tracking
+* Improve reliability of user tracking against performance budget
+* Restore compatibility with Ruby 1.9.3, 2.0, and 2.1 and JRuby 9.2
+
 ## 1.17.2.beta2
 
 * Important note: this beta release supports Ruby 2.2 or above only

data/lib/sqreen/backport.rb

@@ -0,0 +1,4 @@
+module Sqreen
+  module Backport
+  end
+end

data/lib/sqreen/backport/original_name.rb

@@ -0,0 +1,83 @@
+module Sqreen
+  module Backport
+    module OriginalName
+      HAS_UNBOUND_METHOD_ORIGINAL_NAME = ::UnboundMethod.instance_methods(false).include?(:original_name)
+      HAS_METHOD_ORIGINAL_NAME = ::Method.instance_methods(false).include?(:original_name)
+
+      def original_name
+        self.class.get_original_name(owner, original_name_key) || self.original_name = name
+      end
+
+      private
+
+      def original_name=(name)
+        self.class.set_original_name(owner, original_name_key, name)
+      end
+
+      def original_name_key
+        return hash if is_a?(::UnboundMethod)
+
+        owner.instance_method(name).hash
+      end
+
+      class << self
+        def supported?
+          !::Kernel.const_defined?(:JRUBY_VERSION) && HAS_UNBOUND_METHOD_ORIGINAL_NAME && HAS_METHOD_ORIGINAL_NAME
+        end
+
+        def included(klass)
+          klass.extend(ClassMethods)
+        end
+
+        def prepended(klass)
+          klass.extend(ClassMethods)
+        end
+      end
+
+      class Store < ::Hash; end
+
+      module ClassMethods
+        def original_names(owner)
+          owner.instance_eval { @__sqreen_backport_original_names ||= Store.new }
+        end
+
+        def get_original_name(owner, key)
+          original_names(owner)[key]
+        end
+
+        def set_original_name(owner, key, name)
+          original_names(owner)[key] ||= name
+        end
+      end
+    end
+  end
+end
+
+class UnboundMethod
+  if Sqreen::Backport::OriginalName::HAS_UNBOUND_METHOD_ORIGINAL_NAME
+    prepend Sqreen::Backport::OriginalName
+  else
+    include Sqreen::Backport::OriginalName
+  end
+end unless Sqreen::Backport::OriginalName.supported?
+
+class Method
+  if Sqreen::Backport::OriginalName::HAS_METHOD_ORIGINAL_NAME
+    prepend Sqreen::Backport::OriginalName
+  else
+    include Sqreen::Backport::OriginalName
+  end
+end unless Sqreen::Backport::OriginalName.supported?
+
+class Module
+  alias_method(:alias_method_without_original_name, :alias_method)
+
+  def alias_method_with_original_name(newname, oldname)
+    alias_method_without_original_name(newname, oldname).tap do
+      instance_method(newname).send(:original_name=, :"#{oldname}")
+    end
+  end
+
+  alias_method_with_original_name(:alias_method_without_original_name, :alias_method)
+  alias_method_with_original_name(:alias_method, :alias_method_with_original_name)
+end unless Sqreen::Backport::OriginalName.supported?

data/lib/sqreen/dependency/hook_point.rb

@@ -2,6 +2,7 @@
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 
 require 'sqreen/dependency'
+require 'sqreen/backport/original_name'
 
 module Sqreen
   module Dependency

data/lib/sqreen/rules_callbacks.rb

@@ -25,5 +25,7 @@ require 'sqreen/rules_callbacks/binding_accessor_metrics'
 require 'sqreen/rules_callbacks/binding_accessor_matcher'
 require 'sqreen/rules_callbacks/count_http_codes'
 require 'sqreen/rules_callbacks/crawler_user_agent_matches_metrics'
+require 'sqreen/rules_callbacks/sdk_auth_track'
+require 'sqreen/rules_callbacks/devise_auth_track'
 
 require 'sqreen/rules_callbacks/custom_error'

data/lib/sqreen/rules_callbacks/devise_auth_track.rb

@@ -0,0 +1,33 @@
+require 'sqreen/rule_attributes'
+require 'sqreen/rule_callback'
+require 'sqreen/safe_json'
+
+module Sqreen
+  module Rules
+    class DeviseAuthTrackCB < RuleCB
+      def initialize(*args)
+        super(*args)
+        @overtimeable = false
+      end
+
+      def post(_rv, instance, _args, _budget)
+        status = instance.instance_variable_get(:@result).to_s
+        data = instance.authentication_hash
+        keys = instance.send(:authentication_keys)
+        ip = framework.client_ip
+        category = status == 'failure' ? 'auto-login-fail' : 'auto-login-success'
+        data = data.select { |k, _| keys.include?(k) }
+
+        if data.empty?
+          Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
+          return
+        end
+
+        payload = { keys: data.to_a, ip: ip }
+
+        record_observation(category, JSON.dump(payload), 1)
+        advise_action(nil)
+      end
+    end
+  end
+end

data/lib/sqreen/rules_callbacks/devise_signup_track.rb

@@ -0,0 +1,32 @@
+require 'sqreen/rule_attributes'
+require 'sqreen/rule_callback'
+require 'sqreen/safe_json'
+
+module Sqreen
+  module Rules
+    class DeviseSignupTrackCB < RuleCB
+      def initialize(*args)
+        super(*args)
+        @overtimeable = false
+      end
+
+      def pre(_instance, args, _budget)
+        data = args[1].attributes
+        keys = args[1].class.authentication_keys
+        ip = framework.client_ip
+        category = 'auto-signup'
+        data = data.select { |k, _| keys.include?(k) }
+
+        if data.empty?
+          Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
+          return
+        end
+
+        payload = { keys: data.to_a, ip: ip }
+
+        record_observation(category, JSON.dump(payload), 1)
+        advise_action(nil)
+      end
+    end
+  end
+end

data/lib/sqreen/rules_callbacks/sdk_auth_track.rb

@@ -0,0 +1,30 @@
+require 'sqreen/rule_attributes'
+require 'sqreen/rule_callback'
+require 'sqreen/safe_json'
+
+module Sqreen
+  module Rules
+    class AuthTrackCB < RuleCB
+      def initialize(*args)
+        super(*args)
+        @overtimeable = false
+      end
+
+      def pre(_instance, args, _budget)
+        success, authentication_keys = args
+        ip = framework.client_ip
+        category = success ? 'sdk-login-success' : 'sdk-login-fail'
+
+        if authentication_keys.empty?
+          Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
+          return
+        end
+
+        payload = { keys: authentication_keys.to_a, ip: ip }
+
+        record_observation(category, JSON.dump(payload), 1)
+        advise_action(nil)
+      end
+    end
+  end
+end

data/lib/sqreen/rules_callbacks/sdk_signup_track.rb

@@ -0,0 +1,30 @@
+require 'sqreen/rule_attributes'
+require 'sqreen/rule_callback'
+require 'sqreen/safe_json'
+
+module Sqreen
+  module Rules
+    class SignupTrackCB < RuleCB
+      def initialize(*args)
+        super(*args)
+        @overtimeable = false
+      end
+
+      def pre(_instance, args, _budget)
+        authentication_keys = args.first
+        ip = framework.client_ip
+        category = 'sdk-signup'
+
+        if authentication_keys.empty?
+          Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
+          return
+        end
+
+        payload = { keys: authentication_keys.to_a, ip: ip }
+
+        record_observation(category, JSON.dump(payload), 1)
+        advise_action(nil)
+      end
+    end
+  end
+end

data/lib/sqreen/version.rb

@@ -1,5 +1,5 @@
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 module Sqreen
-  VERSION = '1.17.2.beta2'.freeze
+  VERSION = '1.17.2.beta3'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.17.2.beta2
+  version: 1.17.2.beta3
 platform: java
 authors:
 - Sqreen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-07-23 00:00:00.000000000 Z
+date: 2019-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -54,6 +54,8 @@ files:
 - lib/sqreen/actions.rb
 - lib/sqreen/agent.rb
 - lib/sqreen/attack_detected.html
+- lib/sqreen/backport.rb
+- lib/sqreen/backport/original_name.rb
 - lib/sqreen/binding_accessor.rb
 - lib/sqreen/ca.crt
 - lib/sqreen/call_countable.rb
@@ -121,6 +123,8 @@ files:
 - lib/sqreen/rules_callbacks/crawler_user_agent_matches.rb
 - lib/sqreen/rules_callbacks/crawler_user_agent_matches_metrics.rb
 - lib/sqreen/rules_callbacks/custom_error.rb
+- lib/sqreen/rules_callbacks/devise_auth_track.rb
+- lib/sqreen/rules_callbacks/devise_signup_track.rb
 - lib/sqreen/rules_callbacks/execjs.rb
 - lib/sqreen/rules_callbacks/headers_insert.rb
 - lib/sqreen/rules_callbacks/inspect_rule.rb
@@ -131,6 +135,8 @@ files:
 - lib/sqreen/rules_callbacks/regexp_rule.rb
 - lib/sqreen/rules_callbacks/run_req_start_actions.rb
 - lib/sqreen/rules_callbacks/run_user_actions.rb
+- lib/sqreen/rules_callbacks/sdk_auth_track.rb
+- lib/sqreen/rules_callbacks/sdk_signup_track.rb
 - lib/sqreen/rules_callbacks/shell_env.rb
 - lib/sqreen/rules_callbacks/url_matches.rb
 - lib/sqreen/rules_callbacks/user_agent_matches.rb
@@ -167,7 +173,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">"