sqreen 1.18.1-java → 1.18.2-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +1 -1
- data/Rakefile +1 -1
- data/lib/sqreen-alt.rb +3 -0
- data/lib/sqreen.rb +1 -1
- data/lib/sqreen/actions.rb +2 -2
- data/lib/sqreen/agent.rb +1 -1
- data/lib/sqreen/attack_detected.html +1 -1
- data/lib/sqreen/backport.rb +3 -0
- data/lib/sqreen/backport/original_name.rb +3 -0
- data/lib/sqreen/binding_accessor.rb +1 -1
- data/lib/sqreen/call_countable.rb +1 -1
- data/lib/sqreen/callback_tree.rb +1 -1
- data/lib/sqreen/callbacks.rb +1 -1
- data/lib/sqreen/capped_queue.rb +2 -1
- data/lib/sqreen/condition_evaluator.rb +1 -1
- data/lib/sqreen/conditionable.rb +1 -1
- data/lib/sqreen/configuration.rb +1 -1
- data/lib/sqreen/context.rb +1 -1
- data/lib/sqreen/deliveries/batch.rb +1 -1
- data/lib/sqreen/deliveries/simple.rb +1 -1
- data/lib/sqreen/dependency.rb +1 -1
- data/lib/sqreen/dependency/callback.rb +1 -1
- data/lib/sqreen/dependency/detector.rb +1 -1
- data/lib/sqreen/dependency/hook.rb +1 -1
- data/lib/sqreen/dependency/hook_point.rb +1 -1
- data/lib/sqreen/dependency/new_relic.rb +1 -1
- data/lib/sqreen/dependency/rack.rb +1 -1
- data/lib/sqreen/dependency/rails.rb +1 -1
- data/lib/sqreen/dependency/sentry.rb +1 -1
- data/lib/sqreen/dependency/sinatra.rb +1 -1
- data/lib/sqreen/encoding_sanitizer.rb +3 -0
- data/lib/sqreen/event.rb +1 -1
- data/lib/sqreen/events/attack.rb +1 -1
- data/lib/sqreen/events/remote_exception.rb +1 -1
- data/lib/sqreen/events/request_record.rb +1 -1
- data/lib/sqreen/exception.rb +13 -1
- data/lib/sqreen/frameworks.rb +1 -1
- data/lib/sqreen/frameworks/generic.rb +1 -1
- data/lib/sqreen/frameworks/rails.rb +2 -1
- data/lib/sqreen/frameworks/rails3.rb +1 -1
- data/lib/sqreen/frameworks/request_recorder.rb +2 -1
- data/lib/sqreen/frameworks/sinatra.rb +1 -1
- data/lib/sqreen/frameworks/sqreen_test.rb +1 -1
- data/lib/sqreen/instrumentation.rb +1 -1
- data/lib/sqreen/js/execjs_adapter.rb +3 -0
- data/lib/sqreen/js/js_service.rb +3 -0
- data/lib/sqreen/js/mini_racer_adapter.rb +3 -0
- data/lib/sqreen/log.rb +1 -1
- data/lib/sqreen/metrics.rb +1 -1
- data/lib/sqreen/metrics/average.rb +1 -1
- data/lib/sqreen/metrics/base.rb +1 -1
- data/lib/sqreen/metrics/binning.rb +2 -2
- data/lib/sqreen/metrics/collect.rb +1 -1
- data/lib/sqreen/metrics/sum.rb +1 -1
- data/lib/sqreen/metrics_store.rb +1 -1
- data/lib/sqreen/middleware.rb +1 -1
- data/lib/sqreen/mono_time.rb +3 -0
- data/lib/sqreen/payload_creator.rb +1 -1
- data/lib/sqreen/performance_notifications.rb +1 -1
- data/lib/sqreen/performance_notifications/binned_metrics.rb +2 -2
- data/lib/sqreen/performance_notifications/log.rb +1 -1
- data/lib/sqreen/performance_notifications/log_performance.rb +1 -1
- data/lib/sqreen/performance_notifications/metrics.rb +1 -1
- data/lib/sqreen/performance_notifications/newrelic.rb +1 -1
- data/lib/sqreen/remote_command.rb +2 -1
- data/lib/sqreen/rule_attributes.rb +1 -1
- data/lib/sqreen/rule_callback.rb +1 -1
- data/lib/sqreen/rules.rb +1 -1
- data/lib/sqreen/rules_callbacks.rb +2 -1
- data/lib/sqreen/rules_callbacks/binding_accessor_matcher.rb +1 -1
- data/lib/sqreen/rules_callbacks/binding_accessor_metrics.rb +1 -1
- data/lib/sqreen/rules_callbacks/blacklist_ips.rb +1 -1
- data/lib/sqreen/rules_callbacks/count_http_codes.rb +1 -1
- data/lib/sqreen/rules_callbacks/crawler_user_agent_matches.rb +1 -1
- data/lib/sqreen/rules_callbacks/crawler_user_agent_matches_metrics.rb +1 -1
- data/lib/sqreen/rules_callbacks/custom_error.rb +1 -1
- data/lib/sqreen/rules_callbacks/devise_auth_track.rb +3 -0
- data/lib/sqreen/rules_callbacks/devise_signup_track.rb +3 -0
- data/lib/sqreen/rules_callbacks/execjs.rb +1 -1
- data/lib/sqreen/rules_callbacks/headers_insert.rb +1 -1
- data/lib/sqreen/rules_callbacks/inspect_rule.rb +1 -1
- data/lib/sqreen/rules_callbacks/matcher_rule.rb +1 -1
- data/lib/sqreen/rules_callbacks/not_found.rb +74 -0
- data/lib/sqreen/rules_callbacks/rails_parameters.rb +1 -1
- data/lib/sqreen/rules_callbacks/record_request_context.rb +1 -1
- data/lib/sqreen/rules_callbacks/reflected_xss.rb +1 -1
- data/lib/sqreen/rules_callbacks/regexp_rule.rb +1 -1
- data/lib/sqreen/rules_callbacks/run_req_start_actions.rb +2 -2
- data/lib/sqreen/rules_callbacks/run_user_actions.rb +2 -2
- data/lib/sqreen/rules_callbacks/sdk_auth_track.rb +3 -0
- data/lib/sqreen/rules_callbacks/sdk_signup_track.rb +3 -0
- data/lib/sqreen/rules_callbacks/shell_env.rb +1 -1
- data/lib/sqreen/rules_callbacks/url_matches.rb +1 -1
- data/lib/sqreen/rules_callbacks/user_agent_matches.rb +1 -1
- data/lib/sqreen/rules_callbacks/waf.rb +43 -2
- data/lib/sqreen/rules_signature.rb +1 -1
- data/lib/sqreen/runner.rb +1 -1
- data/lib/sqreen/runtime_infos.rb +1 -1
- data/lib/sqreen/safe_json.rb +1 -1
- data/lib/sqreen/sdk.rb +1 -1
- data/lib/sqreen/serializer.rb +1 -1
- data/lib/sqreen/session.rb +1 -1
- data/lib/sqreen/shared_storage.rb +1 -1
- data/lib/sqreen/shared_storage23.rb +1 -1
- data/lib/sqreen/trie.rb +3 -0
- data/lib/sqreen/version.rb +3 -2
- data/lib/sqreen/web_server.rb +1 -1
- data/lib/sqreen/web_server/generic.rb +1 -1
- data/lib/sqreen/web_server/passenger.rb +1 -1
- data/lib/sqreen/web_server/puma.rb +1 -1
- data/lib/sqreen/web_server/rainbows.rb +1 -1
- data/lib/sqreen/web_server/thin.rb +1 -1
- data/lib/sqreen/web_server/unicorn.rb +1 -1
- data/lib/sqreen/web_server/webrick.rb +1 -1
- data/lib/sqreen/worker.rb +1 -1
- metadata +8 -6
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
# Copyright (c)
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/mono_time'
|
|
5
5
|
require 'sqreen/metrics/base'
|
data/lib/sqreen/metrics/sum.rb
CHANGED
data/lib/sqreen/metrics_store.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/exception'
|
|
5
5
|
require 'sqreen/metrics'
|
data/lib/sqreen/middleware.rb
CHANGED
data/lib/sqreen/mono_time.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/runtime_infos'
|
|
5
5
|
require 'sqreen/events/remote_exception'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
# Copyright (c)
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/performance_notifications'
|
|
5
5
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/performance_notifications'
|
|
5
5
|
require 'sqreen/performance_notifications/log'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/performance_notifications'
|
|
5
5
|
require 'sqreen/performance_notifications/log'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/performance_notifications'
|
|
5
5
|
require 'sqreen/performance_notifications/log'
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
|
+
|
|
3
4
|
require 'sqreen/log'
|
|
4
5
|
require 'sqreen/events/remote_exception'
|
|
5
6
|
|
data/lib/sqreen/rule_callback.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/callbacks'
|
|
5
5
|
require 'sqreen/context'
|
data/lib/sqreen/rules.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/log'
|
|
5
5
|
require 'sqreen/rule_attributes'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/regexp_rule'
|
|
5
5
|
require 'sqreen/rules_callbacks/matcher_rule'
|
|
@@ -24,6 +24,7 @@ require 'sqreen/rules_callbacks/execjs'
|
|
|
24
24
|
require 'sqreen/rules_callbacks/binding_accessor_metrics'
|
|
25
25
|
require 'sqreen/rules_callbacks/binding_accessor_matcher'
|
|
26
26
|
require 'sqreen/rules_callbacks/count_http_codes'
|
|
27
|
+
require 'sqreen/rules_callbacks/not_found'
|
|
27
28
|
require 'sqreen/rules_callbacks/crawler_user_agent_matches_metrics'
|
|
28
29
|
require 'sqreen/rules_callbacks/sdk_auth_track'
|
|
29
30
|
require 'sqreen/rules_callbacks/sdk_signup_track'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_callback'
|
|
5
5
|
require 'sqreen/binding_accessor'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_callback'
|
|
5
5
|
require 'sqreen/binding_accessor'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_attributes'
|
|
5
5
|
require 'sqreen/rule_callback'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/matcher_rule'
|
|
5
5
|
require 'sqreen/frameworks'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/matcher_rule'
|
|
5
5
|
require 'sqreen/frameworks'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_callback'
|
|
5
5
|
require 'sqreen/exception'
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
require 'sqreen/rule_attributes'
|
|
2
|
+
require 'sqreen/rule_callback'
|
|
3
|
+
|
|
4
|
+
module Sqreen
|
|
5
|
+
module Rules
|
|
6
|
+
class NotFoundCB < RuleCB
|
|
7
|
+
IGNORED_EXTENSIONS = ['.css', '.gif', '.jpg', '.jpeg', '.png', '.svg', '.ico', '.webp', '.pdf', '.woff'].freeze
|
|
8
|
+
|
|
9
|
+
def post(rv, _inst, args, _budget = nil, &_block)
|
|
10
|
+
return if rv[0].to_i != 404
|
|
11
|
+
|
|
12
|
+
env = args[0]
|
|
13
|
+
ua = env['HTTP_USER_AGENT']
|
|
14
|
+
script_name = env['SCRIPT_NAME']
|
|
15
|
+
path_info = env['PATH_INFO']
|
|
16
|
+
verb = env['REQUEST_METHOD']
|
|
17
|
+
host = env['SERVER_NAME']
|
|
18
|
+
override = env['action_dispatch.original_path']
|
|
19
|
+
exception = env['action_dispatch.exception']
|
|
20
|
+
|
|
21
|
+
record_from_env(ua, script_name, path_info, verb, override, host, exception)
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def record_from_env(ua, script_name, path_info, verb, override, host, exception)
|
|
25
|
+
path = path_from_variables(script_name, path_info, override)
|
|
26
|
+
|
|
27
|
+
return if extension?(path, IGNORED_EXTENSIONS)
|
|
28
|
+
|
|
29
|
+
if !override && exception && !exception.to_s.empty?
|
|
30
|
+
record_from_exception({ 'ua' => ua, 'verb' => verb, 'host' => host, 'script_name' => script_name, 'path_info' => path_info }, exception.exception)
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
record_event({ 'path' => path, 'ua' => ua, 'verb' => verb, 'host' => host })
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def record_from_exception(payload, exception)
|
|
37
|
+
message = exception.to_s
|
|
38
|
+
|
|
39
|
+
if message && !message.empty?
|
|
40
|
+
override = message =~ /No route matches\s+\[[a-z]+\]\s+"(.*)"/i && $1
|
|
41
|
+
end
|
|
42
|
+
payload['path'] = path_from_variables(payload['script_name'], payload['path_info'], override)
|
|
43
|
+
return if extension?(payload['path'], IGNORED_EXTENSIONS)
|
|
44
|
+
|
|
45
|
+
record = payload.reject { |k, v| v.nil? || ['path_info', 'script_name'].include?(k) }
|
|
46
|
+
payload.delete('path') # remove added claim
|
|
47
|
+
|
|
48
|
+
record_event(record)
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def path_from_variables(script_name, path_info, override)
|
|
52
|
+
path = script_name
|
|
53
|
+
|
|
54
|
+
if path.nil?
|
|
55
|
+
path = override || path_info
|
|
56
|
+
elsif override
|
|
57
|
+
path += override
|
|
58
|
+
elsif path_info
|
|
59
|
+
path += path_info
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
path
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
def extension?(path, extensions)
|
|
66
|
+
return false if path.nil?
|
|
67
|
+
|
|
68
|
+
candidate = File.extname(path).downcase
|
|
69
|
+
|
|
70
|
+
extensions.include?(candidate)
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
# Copyright (c)
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_callback'
|
|
5
5
|
require 'sqreen/actions'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
# Copyright (c)
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rule_callback'
|
|
5
5
|
require 'sqreen/actions'
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/regexp_rule'
|
|
5
5
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/regexp_rule'
|
|
5
5
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
-
# Please refer to our terms for more information: https://www.sqreen.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
3
|
|
|
4
4
|
require 'sqreen/rules_callbacks/regexp_rule'
|
|
5
5
|
|
|
@@ -1,8 +1,12 @@
|
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
|
+
|
|
1
4
|
require 'securerandom'
|
|
2
5
|
require 'sqreen/rule_attributes'
|
|
3
6
|
require 'sqreen/binding_accessor'
|
|
4
7
|
require 'sqreen/rule_callback'
|
|
5
8
|
require 'sqreen/safe_json'
|
|
9
|
+
require 'sqreen/exception'
|
|
6
10
|
|
|
7
11
|
module Sqreen
|
|
8
12
|
module Rules
|
|
@@ -81,9 +85,17 @@ module Sqreen
|
|
|
81
85
|
advise_action(:raise)
|
|
82
86
|
when :good
|
|
83
87
|
advise_action(nil)
|
|
84
|
-
when :timeout
|
|
85
|
-
Sqreen.log.
|
|
88
|
+
when :timeout
|
|
89
|
+
Sqreen.log.debug("WAF over time budget: #{action}")
|
|
90
|
+
advise_action(nil)
|
|
91
|
+
when :invalid_call
|
|
92
|
+
Sqreen.log.debug("Error from waf: #{action}")
|
|
93
|
+
advise_action(nil)
|
|
94
|
+
raise Sqreen::WAFError.new(waf_rule_name, action, data, waf_args)
|
|
95
|
+
when :invalid_rule, :invalid_flow, :no_rule
|
|
96
|
+
Sqreen.log.debug("error from waf: #{action}")
|
|
86
97
|
advise_action(nil)
|
|
98
|
+
raise Sqreen::WAFError.new(waf_rule_name, action, data)
|
|
87
99
|
else
|
|
88
100
|
Sqreen.log.warn("unexpected action returned from waf")
|
|
89
101
|
advise_action(nil)
|
|
@@ -98,6 +110,35 @@ module Sqreen
|
|
|
98
110
|
Sqreen.log.debug("WAF rule #{rule_name} deleted, from #<#{name}:0x#{object_id.to_s(16).rjust(16, '0')}>")
|
|
99
111
|
end
|
|
100
112
|
end
|
|
113
|
+
|
|
114
|
+
def record_exception(exception, infos = {}, at = Time.now.utc)
|
|
115
|
+
infos.merge!(exception_to_infos(exception))
|
|
116
|
+
super(exception, infos, at)
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
private
|
|
120
|
+
|
|
121
|
+
def exception_to_infos(e)
|
|
122
|
+
{
|
|
123
|
+
waf_rule: e.rule_name,
|
|
124
|
+
error_code: ERROR_CODES[e.error],
|
|
125
|
+
}.tap do |r|
|
|
126
|
+
r[:error_data] = e.data if e.data
|
|
127
|
+
r[:args] = e.args if e.args
|
|
128
|
+
end
|
|
129
|
+
end
|
|
130
|
+
|
|
131
|
+
ERROR_CODES = {
|
|
132
|
+
internal_error: -6,
|
|
133
|
+
timeout: -5,
|
|
134
|
+
invalid_call: -4,
|
|
135
|
+
invalud_rule: -3,
|
|
136
|
+
invalid_flow: -2,
|
|
137
|
+
no_rule: -1,
|
|
138
|
+
good: 0,
|
|
139
|
+
monitor: 1,
|
|
140
|
+
block: 2,
|
|
141
|
+
}.freeze
|
|
101
142
|
end
|
|
102
143
|
end
|
|
103
144
|
end
|