sqreen 1.18.2-java → 1.19.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +35 -0
- data/LICENSE +3 -0
- data/lib/sqreen.rb +2 -0
- data/lib/sqreen/actions.rb +13 -337
- data/lib/sqreen/actions/actions_index.rb +16 -0
- data/lib/sqreen/actions/base.rb +104 -0
- data/lib/sqreen/actions/block_ip.rb +34 -0
- data/lib/sqreen/actions/block_user.rb +46 -0
- data/lib/sqreen/actions/ip_range_indexed_action_class.rb +16 -0
- data/lib/sqreen/actions/ip_ranges_index.rb +57 -0
- data/lib/sqreen/actions/redirect_ip.rb +42 -0
- data/lib/sqreen/actions/redirect_user.rb +47 -0
- data/lib/sqreen/actions/repository.rb +43 -0
- data/lib/sqreen/actions/unknown_action_type.rb +20 -0
- data/lib/sqreen/actions/user_action_class.rb +16 -0
- data/lib/sqreen/actions/users_index.rb +35 -0
- data/lib/sqreen/agent.rb +6 -2
- data/lib/sqreen/attack_blocked.rb +19 -0
- data/lib/sqreen/backport.rb +2 -0
- data/lib/sqreen/backport/clock_gettime.rb +74 -0
- data/lib/sqreen/backport/original_name.rb +2 -0
- data/lib/sqreen/binding_accessor.rb +11 -102
- data/lib/sqreen/binding_accessor/path_elem.rb +10 -0
- data/lib/sqreen/binding_accessor/transforms.rb +114 -0
- data/lib/sqreen/call_countable.rb +2 -0
- data/lib/sqreen/capped_queue.rb +4 -0
- data/lib/sqreen/{callbacks.rb → cb.rb} +3 -53
- data/lib/sqreen/{callback_tree.rb → cb_tree.rb} +4 -2
- data/lib/sqreen/condition_evaluator.rb +24 -5
- data/lib/sqreen/conditionable.rb +2 -0
- data/lib/sqreen/configuration.rb +19 -0
- data/lib/sqreen/context.rb +2 -0
- data/lib/sqreen/default_cb.rb +22 -0
- data/lib/sqreen/deferred_logger.rb +65 -0
- data/lib/sqreen/deliveries.rb +12 -0
- data/lib/sqreen/deliveries/batch.rb +9 -1
- data/lib/sqreen/deliveries/simple.rb +7 -0
- data/lib/sqreen/dependency.rb +3 -1
- data/lib/sqreen/dependency/detector.rb +22 -14
- data/lib/sqreen/dependency/libsqreen.rb +32 -0
- data/lib/sqreen/dependency/new_relic.rb +2 -0
- data/lib/sqreen/dependency/rack.rb +10 -5
- data/lib/sqreen/dependency/rails.rb +8 -0
- data/lib/sqreen/dependency/sentry.rb +2 -0
- data/lib/sqreen/dependency/sinatra.rb +58 -14
- data/lib/sqreen/encoding_sanitizer.rb +2 -0
- data/lib/sqreen/error_handling_middleware.rb +32 -0
- data/lib/sqreen/event.rb +4 -0
- data/lib/sqreen/events/attack.rb +4 -0
- data/lib/sqreen/events/remote_exception.rb +2 -0
- data/lib/sqreen/events/request_record.rb +13 -56
- data/lib/sqreen/exception.rb +11 -40
- data/lib/sqreen/formatter_with_tid.rb +47 -0
- data/lib/sqreen/framework_cb.rb +30 -0
- data/lib/sqreen/frameworks.rb +9 -0
- data/lib/sqreen/frameworks/generic.rb +22 -2
- data/lib/sqreen/frameworks/rails.rb +3 -0
- data/lib/sqreen/frameworks/rails3.rb +2 -0
- data/lib/sqreen/frameworks/request_recorder.rb +5 -0
- data/lib/sqreen/frameworks/sinatra.rb +4 -0
- data/lib/sqreen/frameworks/sqreen_test.rb +4 -0
- data/lib/sqreen/graft.rb +12 -0
- data/lib/sqreen/graft/call.rb +150 -0
- data/lib/sqreen/{dependency → graft}/callback.rb +12 -4
- data/lib/sqreen/graft/hook.rb +316 -0
- data/lib/sqreen/{dependency → graft}/hook_point.rb +152 -33
- data/lib/sqreen/graft/hook_point_error.rb +10 -0
- data/lib/sqreen/invalid_signature_exception.rb +10 -0
- data/lib/sqreen/js.rb +11 -0
- data/lib/sqreen/js/call_context.rb +12 -0
- data/lib/sqreen/js/context_pool.rb +62 -0
- data/lib/sqreen/js/exec_js_runnable.rb +22 -0
- data/lib/sqreen/js/execjs_adapter.rb +8 -47
- data/lib/sqreen/js/executable_js.rb +14 -0
- data/lib/sqreen/js/js_service.rb +4 -22
- data/lib/sqreen/js/js_service_adapter.rb +20 -0
- data/lib/sqreen/js/mini_racer_adapter.rb +8 -180
- data/lib/sqreen/js/mini_racer_executable_js.rb +144 -0
- data/lib/sqreen/js/thread_local_exec_js_runnable.rb +49 -0
- data/lib/{sqreen-alt.rb → sqreen/legacy.rb} +5 -1
- data/lib/sqreen/{instrumentation.rb → legacy/instrumentation.rb} +44 -15
- data/lib/sqreen/log.rb +10 -188
- data/lib/sqreen/log/loggable.rb +28 -0
- data/lib/sqreen/logger.rb +85 -0
- data/lib/sqreen/metrics.rb +2 -0
- data/lib/sqreen/metrics/average.rb +2 -0
- data/lib/sqreen/metrics/base.rb +2 -0
- data/lib/sqreen/metrics/binning.rb +2 -0
- data/lib/sqreen/metrics/collect.rb +2 -0
- data/lib/sqreen/metrics/sum.rb +2 -0
- data/lib/sqreen/metrics_store.rb +5 -11
- data/lib/sqreen/metrics_store/already_registered_metric.rb +13 -0
- data/lib/sqreen/metrics_store/unknown_metric.rb +13 -0
- data/lib/sqreen/metrics_store/unregistered_metric.rb +13 -0
- data/lib/sqreen/middleware.rb +2 -34
- data/lib/sqreen/mono_time.rb +4 -0
- data/lib/sqreen/node.rb +46 -0
- data/lib/sqreen/not_implemented_yet.rb +10 -0
- data/lib/sqreen/null_logger.rb +26 -0
- data/lib/sqreen/payload_creator.rb +4 -19
- data/lib/sqreen/payload_creator/header_section.rb +30 -0
- data/lib/sqreen/performance_notifications.rb +2 -0
- data/lib/sqreen/performance_notifications/binned_metrics.rb +2 -0
- data/lib/sqreen/performance_notifications/log.rb +2 -0
- data/lib/sqreen/performance_notifications/log_performance.rb +2 -0
- data/lib/sqreen/performance_notifications/metrics.rb +2 -0
- data/lib/sqreen/performance_notifications/newrelic.rb +2 -0
- data/lib/sqreen/prefix.rb +35 -0
- data/lib/sqreen/rails_middleware.rb +16 -0
- data/lib/sqreen/remote_command.rb +3 -8
- data/lib/sqreen/remote_command/failure_output.rb +16 -0
- data/lib/sqreen/rules.rb +34 -2
- data/lib/sqreen/{rule_attributes.rb → rules/attrs.rb} +2 -0
- data/lib/sqreen/{rules_callbacks/sdk_auth_track.rb → rules/auth_track_cb.rb} +4 -2
- data/lib/sqreen/{rules_callbacks/binding_accessor_matcher.rb → rules/binding_accessor_matcher_cb.rb} +6 -8
- data/lib/sqreen/{rules_callbacks → rules}/binding_accessor_metrics.rb +3 -1
- data/lib/sqreen/{rules_callbacks/blacklist_ips.rb → rules/blacklist_ips_cb.rb} +5 -2
- data/lib/sqreen/{rules_callbacks → rules}/count_http_codes.rb +4 -2
- data/lib/sqreen/{rules_callbacks/crawler_user_agent_matches.rb → rules/crawler_user_agent_matches_cb.rb} +3 -1
- data/lib/sqreen/{rules_callbacks/crawler_user_agent_matches_metrics.rb → rules/crawler_user_agent_matches_metrics_cb.rb} +3 -1
- data/lib/sqreen/{rules_callbacks/custom_error.rb → rules/custom_error_cb.rb} +3 -1
- data/lib/sqreen/{rules_callbacks/devise_auth_track.rb → rules/devise_auth_track_cb.rb} +4 -2
- data/lib/sqreen/{rules_callbacks/devise_signup_track.rb → rules/devise_signup_track_cb.rb} +4 -2
- data/lib/sqreen/{rules_callbacks/execjs.rb → rules/execjs_cb.rb} +51 -50
- data/lib/sqreen/{rules_callbacks/headers_insert.rb → rules/headers_insert_cb.rb} +8 -1
- data/lib/sqreen/{rules_callbacks → rules}/matcher_rule.rb +4 -2
- data/lib/sqreen/{rules_callbacks/not_found.rb → rules/not_found_cb.rb} +7 -2
- data/lib/sqreen/{rules_callbacks/rails_parameters.rb → rules/rails_parameters_cb.rb} +3 -1
- data/lib/sqreen/{rules_callbacks → rules}/record_request_context.rb +3 -1
- data/lib/sqreen/{rules_callbacks/regexp_rule.rb → rules/regexp_rule_cb.rb} +3 -1
- data/lib/sqreen/{rule_callback.rb → rules/rule_cb.rb} +4 -2
- data/lib/sqreen/{rules_callbacks → rules}/run_req_start_actions.rb +7 -3
- data/lib/sqreen/{rules_callbacks → rules}/run_user_actions.rb +4 -2
- data/lib/sqreen/{rules_callbacks/shell_env.rb → rules/shell_env_cb.rb} +3 -1
- data/lib/sqreen/{rules_callbacks/sdk_signup_track.rb → rules/signup_track_cb.rb} +4 -2
- data/lib/sqreen/rules/update_request_context.rb +22 -0
- data/lib/sqreen/{rules_callbacks/url_matches.rb → rules/url_matches_cb.rb} +3 -1
- data/lib/sqreen/{rules_callbacks/user_agent_matches.rb → rules/user_agent_matches_cb.rb} +3 -1
- data/lib/sqreen/{rules_callbacks/waf.rb → rules/waf_cb.rb} +41 -21
- data/lib/sqreen/{rules_callbacks/reflected_xss.rb → rules/xss_cb.rb} +12 -7
- data/lib/sqreen/run_when_called_cb.rb +23 -0
- data/lib/sqreen/runner.rb +25 -7
- data/lib/sqreen/runtime_infos.rb +4 -9
- data/lib/sqreen/safe_json.rb +2 -0
- data/lib/sqreen/sdk.rb +4 -0
- data/lib/sqreen/sensitive_data_redactor.rb +113 -0
- data/lib/sqreen/serializer.rb +2 -0
- data/lib/sqreen/session.rb +2 -0
- data/lib/sqreen/shared_storage.rb +2 -0
- data/lib/sqreen/shared_storage23.rb +2 -0
- data/lib/sqreen/shrink_wrap.rb +16 -0
- data/lib/sqreen/signature_verifier.rb +22 -0
- data/lib/sqreen/sinatra_middleware.rb +16 -0
- data/lib/sqreen/{rules_signature.rb → sqreen_signed_verifier.rb} +7 -17
- data/lib/sqreen/token_invalid_exception.rb +10 -0
- data/lib/sqreen/token_not_found_exception.rb +11 -0
- data/lib/sqreen/trie.rb +5 -64
- data/lib/sqreen/unauthorized.rb +10 -0
- data/lib/sqreen/util.rb +7 -0
- data/lib/sqreen/util/capped_array.rb +35 -0
- data/lib/sqreen/util/capped_hash.rb +41 -0
- data/lib/sqreen/util/capped_string.rb +26 -0
- data/lib/sqreen/util/capper.rb +67 -0
- data/lib/sqreen/version.rb +3 -1
- data/lib/sqreen/waf_error.rb +20 -0
- data/lib/sqreen/weave.rb +12 -0
- data/lib/sqreen/weave/hardcoded.rb +19 -0
- data/lib/sqreen/weave/instrumentor.rb +48 -0
- data/lib/sqreen/weave/legacy.rb +12 -0
- data/lib/sqreen/weave/legacy/instrumentation.rb +406 -0
- data/lib/sqreen/web_server.rb +2 -0
- data/lib/sqreen/web_server/generic.rb +2 -0
- data/lib/sqreen/web_server/passenger.rb +2 -0
- data/lib/sqreen/web_server/puma.rb +2 -0
- data/lib/sqreen/web_server/rainbows.rb +2 -0
- data/lib/sqreen/web_server/thin.rb +2 -0
- data/lib/sqreen/web_server/unicorn.rb +2 -0
- data/lib/sqreen/web_server/webrick.rb +2 -0
- data/lib/sqreen/worker.rb +2 -0
- metadata +105 -39
- data/lib/sqreen/dependency/hook.rb +0 -102
- data/lib/sqreen/rules_callbacks.rb +0 -35
- data/lib/sqreen/rules_callbacks/inspect_rule.rb +0 -25
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
# typed: false
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
5
|
+
|
|
6
|
+
require 'ipaddr'
|
|
7
|
+
|
|
8
|
+
# TODO: move to Sqreen::IP
|
|
9
|
+
|
|
10
|
+
module Sqreen
|
|
11
|
+
Prefix = Struct.new(:family, :bitlen, :address, :data) do # addr is integer
|
|
12
|
+
def initialize(*args)
|
|
13
|
+
super
|
|
14
|
+
raise ArgumentError, 'no family given' unless family
|
|
15
|
+
raise ArgumentError, 'no bitlen given' unless bitlen
|
|
16
|
+
raise ArgumentError, 'no address given' unless address
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def matches?(address, family)
|
|
20
|
+
raise 'family mismatch' unless family == self.family
|
|
21
|
+
shift_amount = (family == Socket::AF_INET ? 32 : 128) - bitlen
|
|
22
|
+
(address ^ self.address) >> shift_amount == 0
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def Prefix.from_str(str, data = nil)
|
|
27
|
+
ip_addr = IPAddr.new(str)
|
|
28
|
+
bitlen = if str =~ /\/(\d+)$/
|
|
29
|
+
$~[1].to_i
|
|
30
|
+
else
|
|
31
|
+
ip_addr.family == Socket::AF_INET6 ? 128 : 32
|
|
32
|
+
end
|
|
33
|
+
Prefix.new(ip_addr.family, bitlen, ip_addr.to_i, data)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# typed: true
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
5
|
+
|
|
6
|
+
module Sqreen
|
|
7
|
+
class RailsMiddleware
|
|
8
|
+
def initialize(app)
|
|
9
|
+
@app = app
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def call(env)
|
|
13
|
+
@app.call(env)
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
@@ -1,8 +1,11 @@
|
|
|
1
|
+
# typed: false
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
6
|
require 'sqreen/log'
|
|
5
7
|
require 'sqreen/events/remote_exception'
|
|
8
|
+
require 'sqreen/remote_command/failure_output'
|
|
6
9
|
|
|
7
10
|
module Sqreen
|
|
8
11
|
# Execute and sanitize remote commands
|
|
@@ -21,14 +24,6 @@ module Sqreen
|
|
|
21
24
|
:performance_budget => :change_performance_budget,
|
|
22
25
|
}.freeze
|
|
23
26
|
|
|
24
|
-
# wraps output returned by a command that should also result in status: false
|
|
25
|
-
class FailureOutput
|
|
26
|
-
attr_reader :wrapped_output
|
|
27
|
-
def initialize(output)
|
|
28
|
-
@wrapped_output = output
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
|
|
32
27
|
attr_reader :uuid
|
|
33
28
|
|
|
34
29
|
def initialize(json_desc)
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# typed: true
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
5
|
+
|
|
6
|
+
module Sqreen
|
|
7
|
+
class RemoteCommand
|
|
8
|
+
# wraps output returned by a command that should also result in status: false
|
|
9
|
+
class FailureOutput
|
|
10
|
+
attr_reader :wrapped_output
|
|
11
|
+
def initialize(output)
|
|
12
|
+
@wrapped_output = output
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
data/lib/sqreen/rules.rb
CHANGED
|
@@ -1,10 +1,42 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
6
|
require 'sqreen/log'
|
|
5
|
-
require 'sqreen/
|
|
6
|
-
|
|
7
|
+
require 'sqreen/rules/attrs'
|
|
8
|
+
|
|
9
|
+
require 'sqreen/rules/regexp_rule_cb'
|
|
10
|
+
require 'sqreen/rules/matcher_rule'
|
|
11
|
+
|
|
12
|
+
require 'sqreen/rules/record_request_context'
|
|
13
|
+
require 'sqreen/rules/update_request_context'
|
|
14
|
+
require 'sqreen/rules/rails_parameters_cb'
|
|
15
|
+
|
|
16
|
+
require 'sqreen/rules/headers_insert_cb'
|
|
17
|
+
require 'sqreen/rules/blacklist_ips_cb'
|
|
18
|
+
|
|
19
|
+
require 'sqreen/rules/shell_env_cb'
|
|
20
|
+
|
|
21
|
+
require 'sqreen/rules/url_matches_cb'
|
|
22
|
+
require 'sqreen/rules/user_agent_matches_cb'
|
|
23
|
+
require 'sqreen/rules/crawler_user_agent_matches_cb'
|
|
24
|
+
|
|
25
|
+
require 'sqreen/rules/xss_cb'
|
|
26
|
+
require 'sqreen/rules/execjs_cb'
|
|
27
|
+
|
|
28
|
+
require 'sqreen/rules/binding_accessor_metrics'
|
|
29
|
+
require 'sqreen/rules/binding_accessor_matcher_cb'
|
|
30
|
+
require 'sqreen/rules/count_http_codes'
|
|
31
|
+
require 'sqreen/rules/not_found_cb'
|
|
32
|
+
require 'sqreen/rules/crawler_user_agent_matches_metrics_cb'
|
|
33
|
+
require 'sqreen/rules/auth_track_cb'
|
|
34
|
+
require 'sqreen/rules/signup_track_cb'
|
|
35
|
+
require 'sqreen/rules/devise_auth_track_cb'
|
|
36
|
+
require 'sqreen/rules/devise_signup_track_cb'
|
|
7
37
|
|
|
38
|
+
require 'sqreen/rules/custom_error_cb'
|
|
39
|
+
require 'sqreen/rules/waf_cb'
|
|
8
40
|
|
|
9
41
|
## Rules
|
|
10
42
|
#
|
|
@@ -1,8 +1,10 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
|
-
require 'sqreen/
|
|
5
|
-
require 'sqreen/
|
|
6
|
+
require 'sqreen/rules/attrs'
|
|
7
|
+
require 'sqreen/rules/rule_cb'
|
|
6
8
|
require 'sqreen/safe_json'
|
|
7
9
|
|
|
8
10
|
module Sqreen
|
data/lib/sqreen/{rules_callbacks/binding_accessor_matcher.rb → rules/binding_accessor_matcher_cb.rb}
RENAMED
|
@@ -1,10 +1,12 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
|
-
require 'sqreen/
|
|
6
|
+
require 'sqreen/rules/rule_cb'
|
|
5
7
|
require 'sqreen/binding_accessor'
|
|
6
8
|
require 'sqreen/mono_time'
|
|
7
|
-
require 'sqreen/
|
|
9
|
+
require 'sqreen/rules/matcher_rule'
|
|
8
10
|
|
|
9
11
|
module Sqreen
|
|
10
12
|
module Rules
|
|
@@ -49,9 +51,7 @@ module Sqreen
|
|
|
49
51
|
end
|
|
50
52
|
|
|
51
53
|
def pre(inst, args, budget = nil, &_block)
|
|
52
|
-
unless budget.nil?
|
|
53
|
-
finish = budget + Sqreen.time
|
|
54
|
-
end
|
|
54
|
+
finish = budget + Sqreen.time unless budget.nil?
|
|
55
55
|
resol_cache = Hash.new do |hash, accessor|
|
|
56
56
|
hash[accessor] = accessor.resolve(binding, framework, inst, args)
|
|
57
57
|
end
|
|
@@ -62,9 +62,7 @@ module Sqreen
|
|
|
62
62
|
next unless val.respond_to?(:each)
|
|
63
63
|
next if val.respond_to?(:seek)
|
|
64
64
|
val.each do |v|
|
|
65
|
-
if !budget.nil? && Sqreen.time > finish
|
|
66
|
-
return nil
|
|
67
|
-
end
|
|
65
|
+
return nil if !budget.nil? && Sqreen.time > finish
|
|
68
66
|
next if !v.is_a?(String) || (!matcher.min_size.nil? && v.size < matcher.min_size)
|
|
69
67
|
next if v.size > MAX_LENGTH
|
|
70
68
|
next if matcher.match(v).nil?
|
|
@@ -1,7 +1,9 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
|
-
require 'sqreen/
|
|
6
|
+
require 'sqreen/rules/rule_cb'
|
|
5
7
|
require 'sqreen/binding_accessor'
|
|
6
8
|
require 'sqreen/events/remote_exception'
|
|
7
9
|
|
|
@@ -1,9 +1,12 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
6
|
require 'sqreen/trie'
|
|
7
|
+
require 'sqreen/prefix'
|
|
5
8
|
|
|
6
|
-
require 'sqreen/
|
|
9
|
+
require 'sqreen/rules/rule_cb'
|
|
7
10
|
|
|
8
11
|
module Sqreen
|
|
9
12
|
module Rules
|
|
@@ -46,7 +49,7 @@ module Sqreen
|
|
|
46
49
|
def find_blacklisted_ip(rip)
|
|
47
50
|
begin
|
|
48
51
|
ipa = IPAddr.new(rip)
|
|
49
|
-
rescue
|
|
52
|
+
rescue StandardError
|
|
50
53
|
Sqreen.log.info "invalid IP address given by framework: #{rip}"
|
|
51
54
|
return nil
|
|
52
55
|
end
|
|
@@ -1,8 +1,10 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
|
-
require 'sqreen/
|
|
5
|
-
require 'sqreen/
|
|
6
|
+
require 'sqreen/rules/attrs'
|
|
7
|
+
require 'sqreen/rules/rule_cb'
|
|
6
8
|
require 'sqreen/safe_json'
|
|
7
9
|
|
|
8
10
|
module Sqreen
|
|
@@ -1,7 +1,9 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
|
-
require 'sqreen/
|
|
6
|
+
require 'sqreen/rules/matcher_rule'
|
|
5
7
|
require 'sqreen/frameworks'
|
|
6
8
|
|
|
7
9
|
module Sqreen
|
|
@@ -1,7 +1,9 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
|
-
require 'sqreen/
|
|
6
|
+
require 'sqreen/rules/matcher_rule'
|
|
5
7
|
require 'sqreen/frameworks'
|
|
6
8
|
|
|
7
9
|
module Sqreen
|
|
@@ -1,7 +1,9 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
|
-
require 'sqreen/
|
|
6
|
+
require 'sqreen/rules/rule_cb'
|
|
5
7
|
require 'sqreen/exception'
|
|
6
8
|
|
|
7
9
|
module Sqreen
|
|
@@ -1,8 +1,10 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
|
-
require 'sqreen/
|
|
5
|
-
require 'sqreen/
|
|
6
|
+
require 'sqreen/rules/attrs'
|
|
7
|
+
require 'sqreen/rules/rule_cb'
|
|
6
8
|
require 'sqreen/safe_json'
|
|
7
9
|
|
|
8
10
|
module Sqreen
|
|
@@ -1,8 +1,10 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
|
-
require 'sqreen/
|
|
5
|
-
require 'sqreen/
|
|
6
|
+
require 'sqreen/rules/attrs'
|
|
7
|
+
require 'sqreen/rules/rule_cb'
|
|
6
8
|
require 'sqreen/safe_json'
|
|
7
9
|
|
|
8
10
|
module Sqreen
|
|
@@ -1,11 +1,12 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
4
|
-
|
|
5
6
|
require 'sqreen/js/js_service'
|
|
6
7
|
|
|
7
|
-
require 'sqreen/
|
|
8
|
-
require 'sqreen/
|
|
8
|
+
require 'sqreen/rules/attrs'
|
|
9
|
+
require 'sqreen/rules/rule_cb'
|
|
9
10
|
require 'sqreen/condition_evaluator'
|
|
10
11
|
require 'sqreen/binding_accessor'
|
|
11
12
|
require 'sqreen/events/remote_exception'
|
|
@@ -14,7 +15,6 @@ module Sqreen
|
|
|
14
15
|
module Rules
|
|
15
16
|
# Exec js callbacks
|
|
16
17
|
class ExecJSCB < RuleCB
|
|
17
|
-
|
|
18
18
|
class << self
|
|
19
19
|
# @return [Sqreen::Js::JsService]
|
|
20
20
|
def js_service
|
|
@@ -77,7 +77,7 @@ module Sqreen
|
|
|
77
77
|
when NilClass
|
|
78
78
|
false
|
|
79
79
|
when Hash
|
|
80
|
-
ret.keys.each do |k|
|
|
80
|
+
ret.keys.each do |k| # rubocop:disable Performance/HashEachMethods
|
|
81
81
|
ret[(begin
|
|
82
82
|
k.to_sym
|
|
83
83
|
rescue StandardError
|
|
@@ -119,7 +119,6 @@ module Sqreen
|
|
|
119
119
|
|
|
120
120
|
# XXX: budgets was not subtracted from
|
|
121
121
|
call_callback(name, budget, inst, new_ba_args, args, rv)
|
|
122
|
-
|
|
123
122
|
rescue StandardError => e
|
|
124
123
|
Sqreen.log.warn { "Caught JS callback exception: #{e.inspect}" }
|
|
125
124
|
Sqreen.log.debug e.backtrace
|
|
@@ -127,10 +126,11 @@ module Sqreen
|
|
|
127
126
|
nil
|
|
128
127
|
end
|
|
129
128
|
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
129
|
+
class << self
|
|
130
|
+
def build_accessors(reqs)
|
|
131
|
+
reqs.map do |req|
|
|
132
|
+
BindingAccessor.new(req, true)
|
|
133
|
+
end
|
|
134
134
|
end
|
|
135
135
|
end
|
|
136
136
|
|
|
@@ -176,10 +176,10 @@ module Sqreen
|
|
|
176
176
|
next unless haystack_idx
|
|
177
177
|
|
|
178
178
|
arguments[haystack_idx] = ArgumentFilter.hash_val_included(
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
179
|
+
arguments[needed_idx],
|
|
180
|
+
arguments[haystack_idx],
|
|
181
|
+
min_length.to_i,
|
|
182
|
+
MAX_DEPTH
|
|
183
183
|
)
|
|
184
184
|
end
|
|
185
185
|
|
|
@@ -193,7 +193,7 @@ module Sqreen
|
|
|
193
193
|
next unless args_or_func.is_a?(Array)
|
|
194
194
|
args_bas = args_or_func[0..-2] unless args_or_func.empty?
|
|
195
195
|
@ba_expressions[name] =
|
|
196
|
-
|
|
196
|
+
ExecJSCB.build_accessors(args_bas).map(&:expression)
|
|
197
197
|
end
|
|
198
198
|
end
|
|
199
199
|
|
|
@@ -212,47 +212,48 @@ module Sqreen
|
|
|
212
212
|
end
|
|
213
213
|
end
|
|
214
214
|
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
215
|
+
class << self
|
|
216
|
+
def hash_val_included(needed, haystack, min_length = 8, max_depth = 20)
|
|
217
|
+
new_obj = {}
|
|
218
|
+
insert = []
|
|
219
|
+
to_do = haystack.map { |k, v| [new_obj, k, v, 0] }
|
|
220
|
+
until to_do.empty?
|
|
221
|
+
where, key, value, deepness = to_do.pop
|
|
222
|
+
safe_key = key.is_a?(Integer) ? key : key.to_s
|
|
223
|
+
if value.is_a?(Hash) && deepness < max_depth
|
|
224
|
+
val = {}
|
|
225
|
+
insert << [where, safe_key, val]
|
|
226
|
+
to_do += value.map { |k, v| [val, k, v, deepness + 1] }
|
|
227
|
+
elsif value.is_a?(Array) && deepness < max_depth
|
|
228
|
+
val = []
|
|
229
|
+
insert << [where, safe_key, val]
|
|
230
|
+
i = -1
|
|
231
|
+
to_do += value.map { |v| [val, i += 1, v, deepness + 1] }
|
|
232
|
+
elsif deepness >= max_depth # if we are after max_depth don't try to filter
|
|
233
|
+
insert << [where, safe_key, value]
|
|
234
|
+
else
|
|
235
|
+
v = value.to_s
|
|
236
|
+
if v.size >= min_length && ConditionEvaluator.str_include?(needed.to_s, v)
|
|
237
|
+
case where
|
|
238
|
+
when Array
|
|
239
|
+
where << value
|
|
240
|
+
else
|
|
241
|
+
where[safe_key] = value
|
|
242
|
+
end
|
|
241
243
|
end
|
|
242
244
|
end
|
|
243
245
|
end
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
246
|
+
insert.reverse.each do |wh, ikey, ival|
|
|
247
|
+
case wh
|
|
248
|
+
when Array
|
|
249
|
+
wh << ival unless ival.respond_to?(:empty?) && ival.empty?
|
|
250
|
+
else
|
|
251
|
+
wh[ikey] = ival unless ival.respond_to?(:empty?) && ival.empty?
|
|
252
|
+
end
|
|
251
253
|
end
|
|
254
|
+
new_obj
|
|
252
255
|
end
|
|
253
|
-
new_obj
|
|
254
256
|
end
|
|
255
257
|
end
|
|
256
258
|
end
|
|
257
259
|
end
|
|
258
|
-
|