sqreen 1.18.2-java → 1.18.3-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +11 -0
- data/LICENSE +3 -0
- data/lib/sqreen/actions.rb +11 -337
- data/lib/sqreen/actions/base.rb +110 -0
- data/lib/sqreen/actions/block_ip.rb +32 -0
- data/lib/sqreen/actions/block_user.rb +44 -0
- data/lib/sqreen/actions/ip_range_indexed_action_class.rb +36 -0
- data/lib/sqreen/actions/ip_ranges_index.rb +36 -0
- data/lib/sqreen/actions/redirect_ip.rb +40 -0
- data/lib/sqreen/actions/redirect_user.rb +45 -0
- data/lib/sqreen/actions/repository.rb +24 -0
- data/lib/sqreen/actions/unknown_action_type.rb +16 -0
- data/lib/sqreen/actions/user_action_class.rb +41 -0
- data/lib/sqreen/agent.rb +4 -1
- data/lib/sqreen/attack_blocked.rb +17 -0
- data/lib/sqreen/binding_accessor.rb +9 -102
- data/lib/sqreen/binding_accessor/path_elem.rb +8 -0
- data/lib/sqreen/binding_accessor/transforms.rb +107 -0
- data/lib/sqreen/capped_queue.rb +2 -0
- data/lib/sqreen/{callbacks.rb → cb.rb} +1 -53
- data/lib/sqreen/{callback_tree.rb → cb_tree.rb} +2 -2
- data/lib/sqreen/condition_evaluator.rb +22 -5
- data/lib/sqreen/configuration.rb +5 -0
- data/lib/sqreen/default_cb.rb +20 -0
- data/lib/sqreen/deferred_logger.rb +63 -0
- data/lib/sqreen/deliveries.rb +10 -0
- data/lib/sqreen/deliveries/batch.rb +7 -1
- data/lib/sqreen/deliveries/simple.rb +5 -0
- data/lib/sqreen/dependency/detector.rb +1 -1
- data/lib/sqreen/dependency/libsqreen.rb +28 -0
- data/lib/sqreen/dependency/rails.rb +4 -0
- data/lib/sqreen/dependency/sinatra.rb +47 -14
- data/lib/sqreen/error_handling_middleware.rb +30 -0
- data/lib/sqreen/event.rb +2 -0
- data/lib/sqreen/events/attack.rb +2 -0
- data/lib/sqreen/events/request_record.rb +11 -56
- data/lib/sqreen/exception.rb +9 -40
- data/lib/sqreen/formatter_with_tid.rb +45 -0
- data/lib/sqreen/framework_cb.rb +28 -0
- data/lib/sqreen/frameworks.rb +7 -0
- data/lib/sqreen/frameworks/generic.rb +20 -2
- data/lib/sqreen/frameworks/rails.rb +2 -0
- data/lib/sqreen/frameworks/request_recorder.rb +3 -0
- data/lib/sqreen/frameworks/sinatra.rb +2 -0
- data/lib/sqreen/frameworks/sqreen_test.rb +2 -0
- data/lib/sqreen/instrumentation.rb +5 -5
- data/lib/sqreen/invalid_signature_exception.rb +8 -0
- data/lib/{sqreen-alt.rb → sqreen/js.rb} +6 -1
- data/lib/sqreen/js/call_context.rb +10 -0
- data/lib/sqreen/js/context_pool.rb +60 -0
- data/lib/sqreen/js/exec_js_runnable.rb +20 -0
- data/lib/sqreen/js/execjs_adapter.rb +6 -47
- data/lib/sqreen/js/executable_js.rb +12 -0
- data/lib/sqreen/js/js_service.rb +2 -22
- data/lib/sqreen/js/js_service_adapter.rb +18 -0
- data/lib/sqreen/js/mini_racer_adapter.rb +6 -180
- data/lib/sqreen/js/mini_racer_executable_js.rb +142 -0
- data/lib/sqreen/js/thread_local_exec_js_runnable.rb +47 -0
- data/lib/sqreen/log.rb +8 -188
- data/lib/sqreen/logger.rb +83 -0
- data/lib/sqreen/metrics_store.rb +3 -11
- data/lib/sqreen/metrics_store/already_registered_metric.rb +11 -0
- data/lib/sqreen/metrics_store/unknown_metric.rb +11 -0
- data/lib/sqreen/metrics_store/unregistered_metric.rb +11 -0
- data/lib/sqreen/middleware.rb +0 -34
- data/lib/sqreen/mono_time.rb +2 -0
- data/lib/sqreen/node.rb +44 -0
- data/lib/sqreen/not_implemented_yet.rb +8 -0
- data/lib/sqreen/null_logger.rb +24 -0
- data/lib/sqreen/payload_creator.rb +2 -19
- data/lib/sqreen/payload_creator/header_section.rb +28 -0
- data/lib/sqreen/prefix.rb +33 -0
- data/lib/sqreen/rails_middleware.rb +14 -0
- data/lib/sqreen/remote_command.rb +1 -8
- data/lib/sqreen/remote_command/failure_output.rb +11 -0
- data/lib/sqreen/rules.rb +32 -2
- data/lib/sqreen/{rule_attributes.rb → rules/attrs.rb} +0 -0
- data/lib/sqreen/{rules_callbacks/sdk_auth_track.rb → rules/auth_track_cb.rb} +2 -2
- data/lib/sqreen/{rules_callbacks/binding_accessor_matcher.rb → rules/binding_accessor_matcher_cb.rb} +4 -8
- data/lib/sqreen/{rules_callbacks → rules}/binding_accessor_metrics.rb +1 -1
- data/lib/sqreen/{rules_callbacks/blacklist_ips.rb → rules/blacklist_ips_cb.rb} +3 -2
- data/lib/sqreen/{rules_callbacks → rules}/count_http_codes.rb +2 -2
- data/lib/sqreen/{rules_callbacks/crawler_user_agent_matches.rb → rules/crawler_user_agent_matches_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/crawler_user_agent_matches_metrics.rb → rules/crawler_user_agent_matches_metrics_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/custom_error.rb → rules/custom_error_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/devise_auth_track.rb → rules/devise_auth_track_cb.rb} +2 -2
- data/lib/sqreen/{rules_callbacks/devise_signup_track.rb → rules/devise_signup_track_cb.rb} +2 -2
- data/lib/sqreen/{rules_callbacks/execjs.rb → rules/execjs_cb.rb} +49 -50
- data/lib/sqreen/{rules_callbacks/headers_insert.rb → rules/headers_insert_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks → rules}/matcher_rule.rb +2 -2
- data/lib/sqreen/{rules_callbacks/not_found.rb → rules/not_found_cb.rb} +2 -2
- data/lib/sqreen/{rules_callbacks/rails_parameters.rb → rules/rails_parameters_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks → rules}/record_request_context.rb +1 -1
- data/lib/sqreen/{rules_callbacks/regexp_rule.rb → rules/regexp_rule_cb.rb} +1 -1
- data/lib/sqreen/{rule_callback.rb → rules/rule_cb.rb} +2 -2
- data/lib/sqreen/{rules_callbacks → rules}/run_req_start_actions.rb +4 -2
- data/lib/sqreen/{rules_callbacks → rules}/run_user_actions.rb +1 -1
- data/lib/sqreen/{rules_callbacks/shell_env.rb → rules/shell_env_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/sdk_signup_track.rb → rules/signup_track_cb.rb} +2 -2
- data/lib/sqreen/rules/update_request_context.rb +20 -0
- data/lib/sqreen/{rules_callbacks/url_matches.rb → rules/url_matches_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/user_agent_matches.rb → rules/user_agent_matches_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/waf.rb → rules/waf_cb.rb} +10 -14
- data/lib/sqreen/{rules_callbacks/reflected_xss.rb → rules/xss_cb.rb} +10 -7
- data/lib/sqreen/run_when_called_cb.rb +21 -0
- data/lib/sqreen/runtime_infos.rb +2 -9
- data/lib/sqreen/sensitive_data_redactor.rb +111 -0
- data/lib/sqreen/signature_verifier.rb +20 -0
- data/lib/sqreen/sinatra_middleware.rb +14 -0
- data/lib/sqreen/{rules_signature.rb → sqreen_signed_verifier.rb} +5 -17
- data/lib/sqreen/token_invalid_exception.rb +8 -0
- data/lib/sqreen/token_not_found_exception.rb +9 -0
- data/lib/sqreen/trie.rb +3 -64
- data/lib/sqreen/unauthorized.rb +8 -0
- data/lib/sqreen/util.rb +2 -0
- data/lib/sqreen/util/capped_array.rb +33 -0
- data/lib/sqreen/util/capped_hash.rb +39 -0
- data/lib/sqreen/util/capped_string.rb +24 -0
- data/lib/sqreen/util/capper.rb +65 -0
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/waf_error.rb +18 -0
- metadata +87 -35
- data/lib/sqreen/rules_callbacks.rb +0 -35
- data/lib/sqreen/rules_callbacks/inspect_rule.rb +0 -25
@@ -1,6 +1,10 @@
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
2
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
3
|
|
4
|
+
require 'sqreen/middleware'
|
5
|
+
require 'sqreen/error_handling_middleware'
|
6
|
+
require 'sqreen/rails_middleware'
|
7
|
+
|
4
8
|
module Sqreen
|
5
9
|
module Dependency
|
6
10
|
module Rails
|
@@ -1,6 +1,10 @@
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
2
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
3
|
|
4
|
+
require 'sqreen/middleware'
|
5
|
+
require 'sqreen/error_handling_middleware'
|
6
|
+
require 'sqreen/sinatra_middleware'
|
7
|
+
|
4
8
|
module Sqreen
|
5
9
|
module Dependency
|
6
10
|
module Sinatra
|
@@ -12,25 +16,54 @@ module Sqreen
|
|
12
16
|
|
13
17
|
def insert_sqreen_middlewares(builder, *args, &block)
|
14
18
|
Sqreen.log.debug { 'Inserting Sqreen middlewares for Sinatra' }
|
15
|
-
middleware = Sqreen::ErrorHandlingMiddleware
|
16
|
-
use = builder.instance_variable_get('@use')
|
17
19
|
|
18
|
-
|
20
|
+
insert_middleware(builder, Sqreen::ErrorHandlingMiddleware, args, block) do |p, u|
|
21
|
+
if middlewares(builder).include?(::Sinatra::ShowExceptions)
|
22
|
+
Sqreen.log.warn('Sinatra :show_exceptions detected: Sinatra exception handling may prevent the Sqreen error page to display on attacks.')
|
23
|
+
end
|
19
24
|
|
20
|
-
|
25
|
+
if (i = middlewares(builder).index(::Rack::Head))
|
26
|
+
u.insert(i, p)
|
27
|
+
elsif (i = middlewares(builder).index(::Rack::MethodOverride))
|
28
|
+
u.insert(i + 1, p)
|
29
|
+
elsif (i = middlewares(builder).index(::Sinatra::ExtendedRack))
|
30
|
+
u.insert(i + 1, p)
|
31
|
+
else
|
32
|
+
u.insert(0, p)
|
33
|
+
end
|
34
|
+
end
|
21
35
|
|
22
|
-
|
23
|
-
|
36
|
+
insert_middleware(builder, Sqreen::Middleware, args, block) do |p, u|
|
37
|
+
if (i = middlewares(builder).index(::Sinatra::ExtendedRack))
|
38
|
+
u.insert(i, p)
|
39
|
+
else
|
40
|
+
u.insert(0, p)
|
41
|
+
end
|
24
42
|
end
|
25
43
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
44
|
+
insert_middleware(builder, Sqreen::SinatraMiddleware, args, block) do |p, u|
|
45
|
+
if ::Sqreen::Dependency.const_exist?('Rack::PostBodyContentTypeParser') && (i = middlewares(builder).index(::Rack::PostBodyContentTypeParser))
|
46
|
+
u.insert(i + 1, p)
|
47
|
+
elsif (i = middlewares(builder).index(::Rack::Protection))
|
48
|
+
u.insert(i + 1, p)
|
49
|
+
else
|
50
|
+
u.append(p)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def wrap_middleware(middleware, *args, &block)
|
56
|
+
proc { |app| middleware.new(app, *args, &block) }
|
57
|
+
end
|
58
|
+
|
59
|
+
def insert_middleware(builder, middleware, args, block)
|
60
|
+
use = builder.instance_variable_get('@use')
|
61
|
+
wrapped = wrap_middleware(middleware, *args, &block)
|
62
|
+
|
63
|
+
catch(:skip) do
|
64
|
+
throw(:skip) if middlewares(builder).include?(middleware)
|
65
|
+
|
66
|
+
yield(wrapped, use)
|
34
67
|
end
|
35
68
|
end
|
36
69
|
|
@@ -0,0 +1,30 @@
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
|
+
|
4
|
+
require 'sqreen/attack_blocked'
|
5
|
+
|
6
|
+
module Sqreen
|
7
|
+
class ErrorHandlingMiddleware
|
8
|
+
def initialize(app)
|
9
|
+
@app = app
|
10
|
+
end
|
11
|
+
|
12
|
+
def call(env)
|
13
|
+
@app.call(env)
|
14
|
+
rescue StandardError => e
|
15
|
+
sqreen_attack = nil
|
16
|
+
if e.is_a?(Sqreen::AttackBlocked)
|
17
|
+
sqreen_attack = e
|
18
|
+
elsif e.respond_to?(:original_exception) &&
|
19
|
+
e.original_exception.is_a?(Sqreen::AttackBlocked)
|
20
|
+
sqreen_attack = e.original_exception
|
21
|
+
end
|
22
|
+
|
23
|
+
if sqreen_attack && sqreen_attack.redirect_url
|
24
|
+
return [303, { 'Location' => sqreen_attack.redirect_url }, ['']]
|
25
|
+
end
|
26
|
+
|
27
|
+
raise
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
data/lib/sqreen/event.rb
CHANGED
@@ -1,6 +1,8 @@
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
2
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
3
|
|
4
|
+
# TODO: see sqreen/events
|
5
|
+
|
4
6
|
module Sqreen
|
5
7
|
# Master interface for point in time events (e.g. Attack, RemoteException)
|
6
8
|
class Event
|
data/lib/sqreen/events/attack.rb
CHANGED
@@ -1,9 +1,13 @@
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
2
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
3
|
|
4
|
+
# TODO: sqreen/events
|
5
|
+
|
4
6
|
require 'json'
|
7
|
+
require 'sqreen/log'
|
5
8
|
require 'sqreen/event'
|
6
9
|
require 'sqreen/encoding_sanitizer'
|
10
|
+
require 'sqreen/sensitive_data_redactor'
|
7
11
|
|
8
12
|
module Sqreen
|
9
13
|
# When a request is deeemed worthy of being sent to the backend
|
@@ -70,7 +74,13 @@ module Sqreen
|
|
70
74
|
res = Sqreen::EncodingSanitizer.sanitize(res)
|
71
75
|
|
72
76
|
if @redactor
|
73
|
-
res[:request] = @redactor.redact(res[:request])
|
77
|
+
res[:request], redacted = @redactor.redact(res[:request])
|
78
|
+
if redacted.any? && res[:observed] && res[:observed][:attacks]
|
79
|
+
res[:observed][:attacks] = @redactor.redact_attacks!(res[:observed][:attacks], redacted)
|
80
|
+
end
|
81
|
+
if redacted.any? && res[:observed] && res[:observed][:sqreen_exceptions]
|
82
|
+
res[:observed][:sqreen_exceptions] = @redactor.redact_exceptions!(res[:observed][:sqreen_exceptions], redacted)
|
83
|
+
end
|
74
84
|
end
|
75
85
|
|
76
86
|
res
|
@@ -115,59 +125,4 @@ module Sqreen
|
|
115
125
|
nil
|
116
126
|
end
|
117
127
|
end
|
118
|
-
|
119
|
-
# For redacting sensitive data and avoid having it sent to our servers
|
120
|
-
class SensitiveDataRedactor
|
121
|
-
DEFAULT_SENSITIVE_KEYS = Set.new(%w[password secret passwd authorization api_key apikey access_token]).freeze
|
122
|
-
DEFAULT_REGEX = /\A(?:\d[ -]*?){13,16}\z/
|
123
|
-
MASK = '<Redacted by Sqreen>'.freeze
|
124
|
-
|
125
|
-
def self.from_config
|
126
|
-
keys = Sqreen.config_get(:strip_sensitive_keys)
|
127
|
-
if keys && keys.is_a?(String)
|
128
|
-
keys = keys.split(',')
|
129
|
-
else
|
130
|
-
keys = nil
|
131
|
-
end
|
132
|
-
|
133
|
-
regex = Sqreen.config_get(:strip_sensitive_regex)
|
134
|
-
if regex && regex.is_a?(String)
|
135
|
-
begin
|
136
|
-
regex = Regexp.compile(regex)
|
137
|
-
rescue RegexpError
|
138
|
-
Sqreen.log.warn("Invalid regular expression given in strip_sensitive_regex: #{regex}")
|
139
|
-
regex = nil
|
140
|
-
end
|
141
|
-
else
|
142
|
-
regex = nil
|
143
|
-
end
|
144
|
-
|
145
|
-
new(keys: keys, regex: regex)
|
146
|
-
end
|
147
|
-
|
148
|
-
def initialize(params = {})
|
149
|
-
@regex = params[:regex] || DEFAULT_REGEX
|
150
|
-
@keys = (params[:keys] || DEFAULT_SENSITIVE_KEYS).map(&:downcase)
|
151
|
-
end
|
152
|
-
|
153
|
-
def redact(obj)
|
154
|
-
case obj
|
155
|
-
when String
|
156
|
-
return MASK if obj =~ @regex
|
157
|
-
|
158
|
-
when Array
|
159
|
-
return obj.map(&method(:redact))
|
160
|
-
|
161
|
-
when Hash
|
162
|
-
return Hash[
|
163
|
-
obj.map do |k, v|
|
164
|
-
ck = k.is_a?(String) ? k.downcase : k
|
165
|
-
[k, @keys.include?(ck) ? MASK : redact(v)]
|
166
|
-
end
|
167
|
-
]
|
168
|
-
end
|
169
|
-
|
170
|
-
obj
|
171
|
-
end
|
172
|
-
end
|
173
128
|
end
|
data/lib/sqreen/exception.rb
CHANGED
@@ -4,6 +4,7 @@
|
|
4
4
|
require 'sqreen/log'
|
5
5
|
|
6
6
|
module Sqreen
|
7
|
+
# TODO: do we really want this to be StandardError?
|
7
8
|
# Base exeception class for sqreen
|
8
9
|
class Exception < ::StandardError
|
9
10
|
def initialize(msg = nil, *args)
|
@@ -15,44 +16,12 @@ module Sqreen
|
|
15
16
|
Sqreen.log.error(msg)
|
16
17
|
end
|
17
18
|
end
|
18
|
-
|
19
|
-
# When the token is not found
|
20
|
-
class TokenNotFoundException < Exception
|
21
|
-
end
|
22
|
-
|
23
|
-
# When the token is invalid
|
24
|
-
class TokenInvalidException < Exception
|
25
|
-
end
|
26
|
-
|
27
|
-
# This exception name is particularly important since it is often seen by
|
28
|
-
# Sqreen users when watching their logs. It should not raise any concern to
|
29
|
-
# them.
|
30
|
-
class AttackBlocked < Exception
|
31
|
-
attr_accessor :redirect_url
|
32
|
-
|
33
|
-
def log_message(msg)
|
34
|
-
Sqreen.log.warn(msg)
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
38
|
-
class NotImplementedYet < Exception
|
39
|
-
end
|
40
|
-
|
41
|
-
class InvalidSignatureException < Exception
|
42
|
-
end
|
43
|
-
|
44
|
-
class Unauthorized < Exception
|
45
|
-
end
|
46
|
-
|
47
|
-
class WAFError < Exception
|
48
|
-
attr_reader :rule_name, :error, :data, :args
|
49
|
-
|
50
|
-
def initialize(rule_name, error, data = nil, args = nil)
|
51
|
-
super(error.to_s)
|
52
|
-
@rule_name = rule_name
|
53
|
-
@error = error
|
54
|
-
@data = data
|
55
|
-
@args = args
|
56
|
-
end
|
57
|
-
end
|
58
19
|
end
|
20
|
+
|
21
|
+
require 'sqreen/token_not_found_exception'
|
22
|
+
require 'sqreen/token_invalid_exception'
|
23
|
+
require 'sqreen/attack_blocked'
|
24
|
+
require 'sqreen/not_implemented_yet'
|
25
|
+
require 'sqreen/invalid_signature_exception'
|
26
|
+
require 'sqreen/unauthorized'
|
27
|
+
require 'sqreen/waf_error'
|
@@ -0,0 +1,45 @@
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
|
+
|
4
|
+
require 'sqreen/log'
|
5
|
+
|
6
|
+
module Sqreen
|
7
|
+
# Ruby default formatter modified to display current thread_id
|
8
|
+
class FormatterWithTid
|
9
|
+
# TODO: constant name
|
10
|
+
Format = "%s, [%s#%d.%s] %5s -- %s: %s\n".freeze
|
11
|
+
DatetimeFormat = '%Y-%m-%dT%H:%M:%S.%6N '.freeze
|
12
|
+
|
13
|
+
attr_accessor :datetime_format
|
14
|
+
|
15
|
+
def initialize
|
16
|
+
@datetime_format = nil
|
17
|
+
end
|
18
|
+
|
19
|
+
def call(severity, time, progname, msg)
|
20
|
+
format(
|
21
|
+
Format,
|
22
|
+
severity[0..0], format_datetime(time), $$,
|
23
|
+
Thread.current.object_id.to_s(36),
|
24
|
+
severity, progname, msg2str(msg),
|
25
|
+
)
|
26
|
+
end
|
27
|
+
|
28
|
+
private
|
29
|
+
|
30
|
+
def format_datetime(time)
|
31
|
+
time.strftime(DatetimeFormat)
|
32
|
+
end
|
33
|
+
|
34
|
+
def msg2str(msg)
|
35
|
+
case msg
|
36
|
+
when ::String
|
37
|
+
msg
|
38
|
+
when ::Exception
|
39
|
+
"#{msg.message} (#{msg.class})\n" << (msg.backtrace || []).join("\n")
|
40
|
+
else
|
41
|
+
msg.inspect
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
|
+
|
4
|
+
require 'sqreen/cb'
|
5
|
+
require 'sqreen/shared_storage'
|
6
|
+
|
7
|
+
module Sqreen
|
8
|
+
# Framework-aware callback
|
9
|
+
class FrameworkCB < CB
|
10
|
+
attr_accessor :framework
|
11
|
+
|
12
|
+
def whitelisted?
|
13
|
+
whitelisted = SharedStorage.get(:whitelisted)
|
14
|
+
return whitelisted unless whitelisted.nil?
|
15
|
+
framework && !framework.whitelisted_match.nil?
|
16
|
+
end
|
17
|
+
|
18
|
+
# Record a metric observation
|
19
|
+
# @param category [String] Name of the metric observed
|
20
|
+
# @param key [String] aggregation key
|
21
|
+
# @param observation [Object] data observed
|
22
|
+
# @param at [Time] time when observation was made
|
23
|
+
def record_observation(category, key, observation, at = Time.now.utc)
|
24
|
+
return unless framework
|
25
|
+
framework.observe(:observations, [category, key, observation, at], [], false)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
data/lib/sqreen/frameworks.rb
CHANGED
@@ -1,7 +1,14 @@
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
2
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
3
|
|
4
|
+
# TODO: @@framework global of hell, misscoped (move to Sqreen::Framework?)
|
5
|
+
# TODO: Sqreen::Frameworks => Sqreen::Framework
|
6
|
+
|
7
|
+
require 'sqreen/log'
|
8
|
+
|
4
9
|
module Sqreen
|
10
|
+
module Frameworks; end
|
11
|
+
|
5
12
|
@@framework = nil
|
6
13
|
|
7
14
|
def self::set_framework(fwk)
|
@@ -1,13 +1,16 @@
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
2
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
3
|
|
4
|
+
# TODO: Sqreen::NotImplementedYet => sqreen/exceptions
|
5
|
+
|
4
6
|
require 'ipaddr'
|
5
7
|
require 'set'
|
6
8
|
|
7
9
|
require 'sqreen/events/remote_exception'
|
8
|
-
require 'sqreen/
|
10
|
+
require 'sqreen/shared_storage'
|
9
11
|
require 'sqreen/exception'
|
10
12
|
require 'sqreen/log'
|
13
|
+
|
11
14
|
require 'sqreen/frameworks/request_recorder'
|
12
15
|
|
13
16
|
module Sqreen
|
@@ -49,6 +52,7 @@ module Sqreen
|
|
49
52
|
HTTP_X_CLUSTER_CLIENT_IP HTTP_FORWARDED_FOR
|
50
53
|
HTTP_FORWARDED HTTP_VIA].freeze
|
51
54
|
|
55
|
+
# TODO: remove global config_get
|
52
56
|
def preferred_ip_headers
|
53
57
|
@preferred_ip_headers ||=
|
54
58
|
begin
|
@@ -295,13 +299,14 @@ module Sqreen
|
|
295
299
|
params
|
296
300
|
end
|
297
301
|
|
298
|
-
%w(form query cookies).each do |section|
|
302
|
+
%w(form query cookies rack).each do |section|
|
299
303
|
define_method("#{section}_params") do
|
300
304
|
self.class.send("#{section}_params", request)
|
301
305
|
end
|
302
306
|
end
|
303
307
|
|
304
308
|
P_FORM = 'form'.freeze
|
309
|
+
P_RACK = 'rack'.freeze
|
305
310
|
P_QUERY = 'query'.freeze
|
306
311
|
P_COOKIE = 'cookies'.freeze
|
307
312
|
P_GRAPE = 'grape_params'.freeze
|
@@ -317,6 +322,16 @@ module Sqreen
|
|
317
322
|
end
|
318
323
|
end
|
319
324
|
|
325
|
+
def self.rack_params(request)
|
326
|
+
return nil unless request
|
327
|
+
begin
|
328
|
+
request.params
|
329
|
+
rescue => e
|
330
|
+
Sqreen.log.debug("Rack Parameters are invalid #{e.inspect}")
|
331
|
+
nil
|
332
|
+
end
|
333
|
+
end
|
334
|
+
|
320
335
|
def self.cookies_params(request)
|
321
336
|
return nil unless request
|
322
337
|
begin
|
@@ -345,6 +360,9 @@ module Sqreen
|
|
345
360
|
P_QUERY => query_params(request),
|
346
361
|
P_COOKIE => cookies_params(request),
|
347
362
|
}
|
363
|
+
if (p = rack_params(request))
|
364
|
+
r[P_RACK] = p
|
365
|
+
end
|
348
366
|
# Add grape parameters if seen
|
349
367
|
p = request.env['grape.request.params']
|
350
368
|
r[P_GRAPE] = p if p
|