sqreen 1.18.1-java → 1.18.2-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +1 -1
- data/Rakefile +1 -1
- data/lib/sqreen-alt.rb +3 -0
- data/lib/sqreen.rb +1 -1
- data/lib/sqreen/actions.rb +2 -2
- data/lib/sqreen/agent.rb +1 -1
- data/lib/sqreen/attack_detected.html +1 -1
- data/lib/sqreen/backport.rb +3 -0
- data/lib/sqreen/backport/original_name.rb +3 -0
- data/lib/sqreen/binding_accessor.rb +1 -1
- data/lib/sqreen/call_countable.rb +1 -1
- data/lib/sqreen/callback_tree.rb +1 -1
- data/lib/sqreen/callbacks.rb +1 -1
- data/lib/sqreen/capped_queue.rb +2 -1
- data/lib/sqreen/condition_evaluator.rb +1 -1
- data/lib/sqreen/conditionable.rb +1 -1
- data/lib/sqreen/configuration.rb +1 -1
- data/lib/sqreen/context.rb +1 -1
- data/lib/sqreen/deliveries/batch.rb +1 -1
- data/lib/sqreen/deliveries/simple.rb +1 -1
- data/lib/sqreen/dependency.rb +1 -1
- data/lib/sqreen/dependency/callback.rb +1 -1
- data/lib/sqreen/dependency/detector.rb +1 -1
- data/lib/sqreen/dependency/hook.rb +1 -1
- data/lib/sqreen/dependency/hook_point.rb +1 -1
- data/lib/sqreen/dependency/new_relic.rb +1 -1
- data/lib/sqreen/dependency/rack.rb +1 -1
- data/lib/sqreen/dependency/rails.rb +1 -1
- data/lib/sqreen/dependency/sentry.rb +1 -1
- data/lib/sqreen/dependency/sinatra.rb +1 -1
- data/lib/sqreen/encoding_sanitizer.rb +3 -0
- data/lib/sqreen/event.rb +1 -1
- data/lib/sqreen/events/attack.rb +1 -1
- data/lib/sqreen/events/remote_exception.rb +1 -1
- data/lib/sqreen/events/request_record.rb +1 -1
- data/lib/sqreen/exception.rb +13 -1
- data/lib/sqreen/frameworks.rb +1 -1
- data/lib/sqreen/frameworks/generic.rb +1 -1
- data/lib/sqreen/frameworks/rails.rb +2 -1
- data/lib/sqreen/frameworks/rails3.rb +1 -1
- data/lib/sqreen/frameworks/request_recorder.rb +2 -1
- data/lib/sqreen/frameworks/sinatra.rb +1 -1
- data/lib/sqreen/frameworks/sqreen_test.rb +1 -1
- data/lib/sqreen/instrumentation.rb +1 -1
- data/lib/sqreen/js/execjs_adapter.rb +3 -0
- data/lib/sqreen/js/js_service.rb +3 -0
- data/lib/sqreen/js/mini_racer_adapter.rb +3 -0
- data/lib/sqreen/log.rb +1 -1
- data/lib/sqreen/metrics.rb +1 -1
- data/lib/sqreen/metrics/average.rb +1 -1
- data/lib/sqreen/metrics/base.rb +1 -1
- data/lib/sqreen/metrics/binning.rb +2 -2
- data/lib/sqreen/metrics/collect.rb +1 -1
- data/lib/sqreen/metrics/sum.rb +1 -1
- data/lib/sqreen/metrics_store.rb +1 -1
- data/lib/sqreen/middleware.rb +1 -1
- data/lib/sqreen/mono_time.rb +3 -0
- data/lib/sqreen/payload_creator.rb +1 -1
- data/lib/sqreen/performance_notifications.rb +1 -1
- data/lib/sqreen/performance_notifications/binned_metrics.rb +2 -2
- data/lib/sqreen/performance_notifications/log.rb +1 -1
- data/lib/sqreen/performance_notifications/log_performance.rb +1 -1
- data/lib/sqreen/performance_notifications/metrics.rb +1 -1
- data/lib/sqreen/performance_notifications/newrelic.rb +1 -1
- data/lib/sqreen/remote_command.rb +2 -1
- data/lib/sqreen/rule_attributes.rb +1 -1
- data/lib/sqreen/rule_callback.rb +1 -1
- data/lib/sqreen/rules.rb +1 -1
- data/lib/sqreen/rules_callbacks.rb +2 -1
- data/lib/sqreen/rules_callbacks/binding_accessor_matcher.rb +1 -1
- data/lib/sqreen/rules_callbacks/binding_accessor_metrics.rb +1 -1
- data/lib/sqreen/rules_callbacks/blacklist_ips.rb +1 -1
- data/lib/sqreen/rules_callbacks/count_http_codes.rb +1 -1
- data/lib/sqreen/rules_callbacks/crawler_user_agent_matches.rb +1 -1
- data/lib/sqreen/rules_callbacks/crawler_user_agent_matches_metrics.rb +1 -1
- data/lib/sqreen/rules_callbacks/custom_error.rb +1 -1
- data/lib/sqreen/rules_callbacks/devise_auth_track.rb +3 -0
- data/lib/sqreen/rules_callbacks/devise_signup_track.rb +3 -0
- data/lib/sqreen/rules_callbacks/execjs.rb +1 -1
- data/lib/sqreen/rules_callbacks/headers_insert.rb +1 -1
- data/lib/sqreen/rules_callbacks/inspect_rule.rb +1 -1
- data/lib/sqreen/rules_callbacks/matcher_rule.rb +1 -1
- data/lib/sqreen/rules_callbacks/not_found.rb +74 -0
- data/lib/sqreen/rules_callbacks/rails_parameters.rb +1 -1
- data/lib/sqreen/rules_callbacks/record_request_context.rb +1 -1
- data/lib/sqreen/rules_callbacks/reflected_xss.rb +1 -1
- data/lib/sqreen/rules_callbacks/regexp_rule.rb +1 -1
- data/lib/sqreen/rules_callbacks/run_req_start_actions.rb +2 -2
- data/lib/sqreen/rules_callbacks/run_user_actions.rb +2 -2
- data/lib/sqreen/rules_callbacks/sdk_auth_track.rb +3 -0
- data/lib/sqreen/rules_callbacks/sdk_signup_track.rb +3 -0
- data/lib/sqreen/rules_callbacks/shell_env.rb +1 -1
- data/lib/sqreen/rules_callbacks/url_matches.rb +1 -1
- data/lib/sqreen/rules_callbacks/user_agent_matches.rb +1 -1
- data/lib/sqreen/rules_callbacks/waf.rb +43 -2
- data/lib/sqreen/rules_signature.rb +1 -1
- data/lib/sqreen/runner.rb +1 -1
- data/lib/sqreen/runtime_infos.rb +1 -1
- data/lib/sqreen/safe_json.rb +1 -1
- data/lib/sqreen/sdk.rb +1 -1
- data/lib/sqreen/serializer.rb +1 -1
- data/lib/sqreen/session.rb +1 -1
- data/lib/sqreen/shared_storage.rb +1 -1
- data/lib/sqreen/shared_storage23.rb +1 -1
- data/lib/sqreen/trie.rb +3 -0
- data/lib/sqreen/version.rb +3 -2
- data/lib/sqreen/web_server.rb +1 -1
- data/lib/sqreen/web_server/generic.rb +1 -1
- data/lib/sqreen/web_server/passenger.rb +1 -1
- data/lib/sqreen/web_server/puma.rb +1 -1
- data/lib/sqreen/web_server/rainbows.rb +1 -1
- data/lib/sqreen/web_server/thin.rb +1 -1
- data/lib/sqreen/web_server/unicorn.rb +1 -1
- data/lib/sqreen/web_server/webrick.rb +1 -1
- data/lib/sqreen/worker.rb +1 -1
- metadata +8 -6
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
# Copyright (c)
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/mono_time'
|
|
5
5
|
require 'sqreen/metrics/base'
|
data/lib/sqreen/metrics/sum.rb
CHANGED
data/lib/sqreen/metrics_store.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/exception'
|
|
5
5
|
require 'sqreen/metrics'
|
data/lib/sqreen/middleware.rb
CHANGED
data/lib/sqreen/mono_time.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/runtime_infos'
|
|
5
5
|
require 'sqreen/events/remote_exception'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
# Copyright (c)
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/performance_notifications'
|
|
5
5
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/performance_notifications'
|
|
5
5
|
require 'sqreen/performance_notifications/log'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/performance_notifications'
|
|
5
5
|
require 'sqreen/performance_notifications/log'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/performance_notifications'
|
|
5
5
|
require 'sqreen/performance_notifications/log'
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
|
+
|
|
3
4
|
require 'sqreen/log'
|
|
4
5
|
require 'sqreen/events/remote_exception'
|
|
5
6
|
|
data/lib/sqreen/rule_callback.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/callbacks'
|
|
5
5
|
require 'sqreen/context'
|
data/lib/sqreen/rules.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/log'
|
|
5
5
|
require 'sqreen/rule_attributes'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/regexp_rule'
|
|
5
5
|
require 'sqreen/rules_callbacks/matcher_rule'
|
|
@@ -24,6 +24,7 @@ require 'sqreen/rules_callbacks/execjs'
|
|
|
24
24
|
require 'sqreen/rules_callbacks/binding_accessor_metrics'
|
|
25
25
|
require 'sqreen/rules_callbacks/binding_accessor_matcher'
|
|
26
26
|
require 'sqreen/rules_callbacks/count_http_codes'
|
|
27
|
+
require 'sqreen/rules_callbacks/not_found'
|
|
27
28
|
require 'sqreen/rules_callbacks/crawler_user_agent_matches_metrics'
|
|
28
29
|
require 'sqreen/rules_callbacks/sdk_auth_track'
|
|
29
30
|
require 'sqreen/rules_callbacks/sdk_signup_track'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_callback'
|
|
5
5
|
require 'sqreen/binding_accessor'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_callback'
|
|
5
5
|
require 'sqreen/binding_accessor'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_attributes'
|
|
5
5
|
require 'sqreen/rule_callback'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/matcher_rule'
|
|
5
5
|
require 'sqreen/frameworks'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/matcher_rule'
|
|
5
5
|
require 'sqreen/frameworks'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_callback'
|
|
5
5
|
require 'sqreen/exception'
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
require 'sqreen/rule_attributes'
|
|
2
|
+
require 'sqreen/rule_callback'
|
|
3
|
+
|
|
4
|
+
module Sqreen
|
|
5
|
+
module Rules
|
|
6
|
+
class NotFoundCB < RuleCB
|
|
7
|
+
IGNORED_EXTENSIONS = ['.css', '.gif', '.jpg', '.jpeg', '.png', '.svg', '.ico', '.webp', '.pdf', '.woff'].freeze
|
|
8
|
+
|
|
9
|
+
def post(rv, _inst, args, _budget = nil, &_block)
|
|
10
|
+
return if rv[0].to_i != 404
|
|
11
|
+
|
|
12
|
+
env = args[0]
|
|
13
|
+
ua = env['HTTP_USER_AGENT']
|
|
14
|
+
script_name = env['SCRIPT_NAME']
|
|
15
|
+
path_info = env['PATH_INFO']
|
|
16
|
+
verb = env['REQUEST_METHOD']
|
|
17
|
+
host = env['SERVER_NAME']
|
|
18
|
+
override = env['action_dispatch.original_path']
|
|
19
|
+
exception = env['action_dispatch.exception']
|
|
20
|
+
|
|
21
|
+
record_from_env(ua, script_name, path_info, verb, override, host, exception)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def record_from_env(ua, script_name, path_info, verb, override, host, exception)
|
|
25
|
+
path = path_from_variables(script_name, path_info, override)
|
|
26
|
+
|
|
27
|
+
return if extension?(path, IGNORED_EXTENSIONS)
|
|
28
|
+
|
|
29
|
+
if !override && exception && !exception.to_s.empty?
|
|
30
|
+
record_from_exception({ 'ua' => ua, 'verb' => verb, 'host' => host, 'script_name' => script_name, 'path_info' => path_info }, exception.exception)
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
record_event({ 'path' => path, 'ua' => ua, 'verb' => verb, 'host' => host })
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def record_from_exception(payload, exception)
|
|
37
|
+
message = exception.to_s
|
|
38
|
+
|
|
39
|
+
if message && !message.empty?
|
|
40
|
+
override = message =~ /No route matches\s+\[[a-z]+\]\s+"(.*)"/i && $1
|
|
41
|
+
end
|
|
42
|
+
payload['path'] = path_from_variables(payload['script_name'], payload['path_info'], override)
|
|
43
|
+
return if extension?(payload['path'], IGNORED_EXTENSIONS)
|
|
44
|
+
|
|
45
|
+
record = payload.reject { |k, v| v.nil? || ['path_info', 'script_name'].include?(k) }
|
|
46
|
+
payload.delete('path') # remove added claim
|
|
47
|
+
|
|
48
|
+
record_event(record)
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def path_from_variables(script_name, path_info, override)
|
|
52
|
+
path = script_name
|
|
53
|
+
|
|
54
|
+
if path.nil?
|
|
55
|
+
path = override || path_info
|
|
56
|
+
elsif override
|
|
57
|
+
path += override
|
|
58
|
+
elsif path_info
|
|
59
|
+
path += path_info
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
path
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def extension?(path, extensions)
|
|
66
|
+
return false if path.nil?
|
|
67
|
+
|
|
68
|
+
candidate = File.extname(path).downcase
|
|
69
|
+
|
|
70
|
+
extensions.include?(candidate)
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
# Copyright (c)
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_callback'
|
|
5
5
|
require 'sqreen/actions'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
# Copyright (c)
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_callback'
|
|
5
5
|
require 'sqreen/actions'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/regexp_rule'
|
|
5
5
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/regexp_rule'
|
|
5
5
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/regexp_rule'
|
|
5
5
|
|
|
@@ -1,8 +1,12 @@
|
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
|
+
|
|
1
4
|
require 'securerandom'
|
|
2
5
|
require 'sqreen/rule_attributes'
|
|
3
6
|
require 'sqreen/binding_accessor'
|
|
4
7
|
require 'sqreen/rule_callback'
|
|
5
8
|
require 'sqreen/safe_json'
|
|
9
|
+
require 'sqreen/exception'
|
|
6
10
|
|
|
7
11
|
module Sqreen
|
|
8
12
|
module Rules
|
|
@@ -81,9 +85,17 @@ module Sqreen
|
|
|
81
85
|
advise_action(:raise)
|
|
82
86
|
when :good
|
|
83
87
|
advise_action(nil)
|
|
84
|
-
when :timeout
|
|
85
|
-
Sqreen.log.
|
|
88
|
+
when :timeout
|
|
89
|
+
Sqreen.log.debug("WAF over time budget: #{action}")
|
|
90
|
+
advise_action(nil)
|
|
91
|
+
when :invalid_call
|
|
92
|
+
Sqreen.log.debug("Error from waf: #{action}")
|
|
93
|
+
advise_action(nil)
|
|
94
|
+
raise Sqreen::WAFError.new(waf_rule_name, action, data, waf_args)
|
|
95
|
+
when :invalid_rule, :invalid_flow, :no_rule
|
|
96
|
+
Sqreen.log.debug("error from waf: #{action}")
|
|
86
97
|
advise_action(nil)
|
|
98
|
+
raise Sqreen::WAFError.new(waf_rule_name, action, data)
|
|
87
99
|
else
|
|
88
100
|
Sqreen.log.warn("unexpected action returned from waf")
|
|
89
101
|
advise_action(nil)
|
|
@@ -98,6 +110,35 @@ module Sqreen
|
|
|
98
110
|
Sqreen.log.debug("WAF rule #{rule_name} deleted, from #<#{name}:0x#{object_id.to_s(16).rjust(16, '0')}>")
|
|
99
111
|
end
|
|
100
112
|
end
|
|
113
|
+
|
|
114
|
+
def record_exception(exception, infos = {}, at = Time.now.utc)
|
|
115
|
+
infos.merge!(exception_to_infos(exception))
|
|
116
|
+
super(exception, infos, at)
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
private
|
|
120
|
+
|
|
121
|
+
def exception_to_infos(e)
|
|
122
|
+
{
|
|
123
|
+
waf_rule: e.rule_name,
|
|
124
|
+
error_code: ERROR_CODES[e.error],
|
|
125
|
+
}.tap do |r|
|
|
126
|
+
r[:error_data] = e.data if e.data
|
|
127
|
+
r[:args] = e.args if e.args
|
|
128
|
+
end
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
ERROR_CODES = {
|
|
132
|
+
internal_error: -6,
|
|
133
|
+
timeout: -5,
|
|
134
|
+
invalid_call: -4,
|
|
135
|
+
invalud_rule: -3,
|
|
136
|
+
invalid_flow: -2,
|
|
137
|
+
no_rule: -1,
|
|
138
|
+
good: 0,
|
|
139
|
+
monitor: 1,
|
|
140
|
+
block: 2,
|
|
141
|
+
}.freeze
|
|
101
142
|
end
|
|
102
143
|
end
|
|
103
144
|
end
|