RubyGems - sqreen - Versions diffs - 1.18.2-java → 1.19.0-java - Mend

sqreen 1.18.2-java → 1.19.0-java

Files changed (184) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +35 -0
data/LICENSE +3 -0
data/lib/sqreen.rb +2 -0
data/lib/sqreen/actions.rb +13 -337
data/lib/sqreen/actions/actions_index.rb +16 -0
data/lib/sqreen/actions/base.rb +104 -0
data/lib/sqreen/actions/block_ip.rb +34 -0
data/lib/sqreen/actions/block_user.rb +46 -0
data/lib/sqreen/actions/ip_range_indexed_action_class.rb +16 -0
data/lib/sqreen/actions/ip_ranges_index.rb +57 -0
data/lib/sqreen/actions/redirect_ip.rb +42 -0
data/lib/sqreen/actions/redirect_user.rb +47 -0
data/lib/sqreen/actions/repository.rb +43 -0
data/lib/sqreen/actions/unknown_action_type.rb +20 -0
data/lib/sqreen/actions/user_action_class.rb +16 -0
data/lib/sqreen/actions/users_index.rb +35 -0
data/lib/sqreen/agent.rb +6 -2
data/lib/sqreen/attack_blocked.rb +19 -0
data/lib/sqreen/backport.rb +2 -0
data/lib/sqreen/backport/clock_gettime.rb +74 -0
data/lib/sqreen/backport/original_name.rb +2 -0
data/lib/sqreen/binding_accessor.rb +11 -102
data/lib/sqreen/binding_accessor/path_elem.rb +10 -0
data/lib/sqreen/binding_accessor/transforms.rb +114 -0
data/lib/sqreen/call_countable.rb +2 -0
data/lib/sqreen/capped_queue.rb +4 -0
data/lib/sqreen/{callbacks.rb → cb.rb} +3 -53
data/lib/sqreen/{callback_tree.rb → cb_tree.rb} +4 -2
data/lib/sqreen/condition_evaluator.rb +24 -5
data/lib/sqreen/conditionable.rb +2 -0
data/lib/sqreen/configuration.rb +19 -0
data/lib/sqreen/context.rb +2 -0
data/lib/sqreen/default_cb.rb +22 -0
data/lib/sqreen/deferred_logger.rb +65 -0
data/lib/sqreen/deliveries.rb +12 -0
data/lib/sqreen/deliveries/batch.rb +9 -1
data/lib/sqreen/deliveries/simple.rb +7 -0
data/lib/sqreen/dependency.rb +3 -1
data/lib/sqreen/dependency/detector.rb +22 -14
data/lib/sqreen/dependency/libsqreen.rb +32 -0
data/lib/sqreen/dependency/new_relic.rb +2 -0
data/lib/sqreen/dependency/rack.rb +10 -5
data/lib/sqreen/dependency/rails.rb +8 -0
data/lib/sqreen/dependency/sentry.rb +2 -0
data/lib/sqreen/dependency/sinatra.rb +58 -14
data/lib/sqreen/encoding_sanitizer.rb +2 -0
data/lib/sqreen/error_handling_middleware.rb +32 -0
data/lib/sqreen/event.rb +4 -0
data/lib/sqreen/events/attack.rb +4 -0
data/lib/sqreen/events/remote_exception.rb +2 -0
data/lib/sqreen/events/request_record.rb +13 -56
data/lib/sqreen/exception.rb +11 -40
data/lib/sqreen/formatter_with_tid.rb +47 -0
data/lib/sqreen/framework_cb.rb +30 -0
data/lib/sqreen/frameworks.rb +9 -0
data/lib/sqreen/frameworks/generic.rb +22 -2
data/lib/sqreen/frameworks/rails.rb +3 -0
data/lib/sqreen/frameworks/rails3.rb +2 -0
data/lib/sqreen/frameworks/request_recorder.rb +5 -0
data/lib/sqreen/frameworks/sinatra.rb +4 -0
data/lib/sqreen/frameworks/sqreen_test.rb +4 -0
data/lib/sqreen/graft.rb +12 -0
data/lib/sqreen/graft/call.rb +150 -0
data/lib/sqreen/{dependency → graft}/callback.rb +12 -4
data/lib/sqreen/graft/hook.rb +316 -0
data/lib/sqreen/{dependency → graft}/hook_point.rb +152 -33
data/lib/sqreen/graft/hook_point_error.rb +10 -0
data/lib/sqreen/invalid_signature_exception.rb +10 -0
data/lib/sqreen/js.rb +11 -0
data/lib/sqreen/js/call_context.rb +12 -0
data/lib/sqreen/js/context_pool.rb +62 -0
data/lib/sqreen/js/exec_js_runnable.rb +22 -0
data/lib/sqreen/js/execjs_adapter.rb +8 -47
data/lib/sqreen/js/executable_js.rb +14 -0
data/lib/sqreen/js/js_service.rb +4 -22
data/lib/sqreen/js/js_service_adapter.rb +20 -0
data/lib/sqreen/js/mini_racer_adapter.rb +8 -180
data/lib/sqreen/js/mini_racer_executable_js.rb +144 -0
data/lib/sqreen/js/thread_local_exec_js_runnable.rb +49 -0
data/lib/{sqreen-alt.rb → sqreen/legacy.rb} +5 -1
data/lib/sqreen/{instrumentation.rb → legacy/instrumentation.rb} +44 -15
data/lib/sqreen/log.rb +10 -188
data/lib/sqreen/log/loggable.rb +28 -0
data/lib/sqreen/logger.rb +85 -0
data/lib/sqreen/metrics.rb +2 -0
data/lib/sqreen/metrics/average.rb +2 -0
data/lib/sqreen/metrics/base.rb +2 -0
data/lib/sqreen/metrics/binning.rb +2 -0
data/lib/sqreen/metrics/collect.rb +2 -0
data/lib/sqreen/metrics/sum.rb +2 -0
data/lib/sqreen/metrics_store.rb +5 -11
data/lib/sqreen/metrics_store/already_registered_metric.rb +13 -0
data/lib/sqreen/metrics_store/unknown_metric.rb +13 -0
data/lib/sqreen/metrics_store/unregistered_metric.rb +13 -0
data/lib/sqreen/middleware.rb +2 -34
data/lib/sqreen/mono_time.rb +4 -0
data/lib/sqreen/node.rb +46 -0
data/lib/sqreen/not_implemented_yet.rb +10 -0
data/lib/sqreen/null_logger.rb +26 -0
data/lib/sqreen/payload_creator.rb +4 -19
data/lib/sqreen/payload_creator/header_section.rb +30 -0
data/lib/sqreen/performance_notifications.rb +2 -0
data/lib/sqreen/performance_notifications/binned_metrics.rb +2 -0
data/lib/sqreen/performance_notifications/log.rb +2 -0
data/lib/sqreen/performance_notifications/log_performance.rb +2 -0
data/lib/sqreen/performance_notifications/metrics.rb +2 -0
data/lib/sqreen/performance_notifications/newrelic.rb +2 -0
data/lib/sqreen/prefix.rb +35 -0
data/lib/sqreen/rails_middleware.rb +16 -0
data/lib/sqreen/remote_command.rb +3 -8
data/lib/sqreen/remote_command/failure_output.rb +16 -0
data/lib/sqreen/rules.rb +34 -2
data/lib/sqreen/{rule_attributes.rb → rules/attrs.rb} +2 -0
data/lib/sqreen/{rules_callbacks/sdk_auth_track.rb → rules/auth_track_cb.rb} +4 -2
data/lib/sqreen/{rules_callbacks/binding_accessor_matcher.rb → rules/binding_accessor_matcher_cb.rb} +6 -8
data/lib/sqreen/{rules_callbacks → rules}/binding_accessor_metrics.rb +3 -1
data/lib/sqreen/{rules_callbacks/blacklist_ips.rb → rules/blacklist_ips_cb.rb} +5 -2
data/lib/sqreen/{rules_callbacks → rules}/count_http_codes.rb +4 -2
data/lib/sqreen/{rules_callbacks/crawler_user_agent_matches.rb → rules/crawler_user_agent_matches_cb.rb} +3 -1
data/lib/sqreen/{rules_callbacks/crawler_user_agent_matches_metrics.rb → rules/crawler_user_agent_matches_metrics_cb.rb} +3 -1
data/lib/sqreen/{rules_callbacks/custom_error.rb → rules/custom_error_cb.rb} +3 -1
data/lib/sqreen/{rules_callbacks/devise_auth_track.rb → rules/devise_auth_track_cb.rb} +4 -2
data/lib/sqreen/{rules_callbacks/devise_signup_track.rb → rules/devise_signup_track_cb.rb} +4 -2
data/lib/sqreen/{rules_callbacks/execjs.rb → rules/execjs_cb.rb} +51 -50
data/lib/sqreen/{rules_callbacks/headers_insert.rb → rules/headers_insert_cb.rb} +8 -1
data/lib/sqreen/{rules_callbacks → rules}/matcher_rule.rb +4 -2
data/lib/sqreen/{rules_callbacks/not_found.rb → rules/not_found_cb.rb} +7 -2
data/lib/sqreen/{rules_callbacks/rails_parameters.rb → rules/rails_parameters_cb.rb} +3 -1
data/lib/sqreen/{rules_callbacks → rules}/record_request_context.rb +3 -1
data/lib/sqreen/{rules_callbacks/regexp_rule.rb → rules/regexp_rule_cb.rb} +3 -1
data/lib/sqreen/{rule_callback.rb → rules/rule_cb.rb} +4 -2
data/lib/sqreen/{rules_callbacks → rules}/run_req_start_actions.rb +7 -3
data/lib/sqreen/{rules_callbacks → rules}/run_user_actions.rb +4 -2
data/lib/sqreen/{rules_callbacks/shell_env.rb → rules/shell_env_cb.rb} +3 -1
data/lib/sqreen/{rules_callbacks/sdk_signup_track.rb → rules/signup_track_cb.rb} +4 -2
data/lib/sqreen/rules/update_request_context.rb +22 -0
data/lib/sqreen/{rules_callbacks/url_matches.rb → rules/url_matches_cb.rb} +3 -1
data/lib/sqreen/{rules_callbacks/user_agent_matches.rb → rules/user_agent_matches_cb.rb} +3 -1
data/lib/sqreen/{rules_callbacks/waf.rb → rules/waf_cb.rb} +41 -21
data/lib/sqreen/{rules_callbacks/reflected_xss.rb → rules/xss_cb.rb} +12 -7
data/lib/sqreen/run_when_called_cb.rb +23 -0
data/lib/sqreen/runner.rb +25 -7
data/lib/sqreen/runtime_infos.rb +4 -9
data/lib/sqreen/safe_json.rb +2 -0
data/lib/sqreen/sdk.rb +4 -0
data/lib/sqreen/sensitive_data_redactor.rb +113 -0
data/lib/sqreen/serializer.rb +2 -0
data/lib/sqreen/session.rb +2 -0
data/lib/sqreen/shared_storage.rb +2 -0
data/lib/sqreen/shared_storage23.rb +2 -0
data/lib/sqreen/shrink_wrap.rb +16 -0
data/lib/sqreen/signature_verifier.rb +22 -0
data/lib/sqreen/sinatra_middleware.rb +16 -0
data/lib/sqreen/{rules_signature.rb → sqreen_signed_verifier.rb} +7 -17
data/lib/sqreen/token_invalid_exception.rb +10 -0
data/lib/sqreen/token_not_found_exception.rb +11 -0
data/lib/sqreen/trie.rb +5 -64
data/lib/sqreen/unauthorized.rb +10 -0
data/lib/sqreen/util.rb +7 -0
data/lib/sqreen/util/capped_array.rb +35 -0
data/lib/sqreen/util/capped_hash.rb +41 -0
data/lib/sqreen/util/capped_string.rb +26 -0
data/lib/sqreen/util/capper.rb +67 -0
data/lib/sqreen/version.rb +3 -1
data/lib/sqreen/waf_error.rb +20 -0
data/lib/sqreen/weave.rb +12 -0
data/lib/sqreen/weave/hardcoded.rb +19 -0
data/lib/sqreen/weave/instrumentor.rb +48 -0
data/lib/sqreen/weave/legacy.rb +12 -0
data/lib/sqreen/weave/legacy/instrumentation.rb +406 -0
data/lib/sqreen/web_server.rb +2 -0
data/lib/sqreen/web_server/generic.rb +2 -0
data/lib/sqreen/web_server/passenger.rb +2 -0
data/lib/sqreen/web_server/puma.rb +2 -0
data/lib/sqreen/web_server/rainbows.rb +2 -0
data/lib/sqreen/web_server/thin.rb +2 -0
data/lib/sqreen/web_server/unicorn.rb +2 -0
data/lib/sqreen/web_server/webrick.rb +2 -0
data/lib/sqreen/worker.rb +2 -0
metadata +105 -39
data/lib/sqreen/dependency/hook.rb +0 -102
data/lib/sqreen/rules_callbacks.rb +0 -35
data/lib/sqreen/rules_callbacks/inspect_rule.rb +0 -25

data/lib/sqreen/js/executable_js.rb ADDED

@@ -0,0 +1,14 @@
+# typed: true
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+module Sqreen
+  module Js
+    class ExecutableJs
+      def run_js_cb(_cb_name, _budget, _arguments)
+        raise Sqreen::NotImplementedYet
+      end
+    end
+  end
+end

data/lib/sqreen/js/js_service.rb CHANGED

@@ -1,12 +1,14 @@
+# typed: ignore
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
+require 'sqreen/log'
 require 'sqreen/exception'
+require 'singleton'
 module Sqreen
   module Js
-    # start public interface
     class JsService
       include ::Singleton
@@ -66,25 +68,5 @@ module Sqreen
         false
       end
     end
-    CallContext = Struct.new(:inst, :args, :rv)
-    class ExecutableJs
-      def run_js_cb(_cb_name, _budget, _arguments)
-        raise Sqreen::NotImplementedYet
-      end
-    end
-    # end public interface
-    class JsServiceAdapter
-      def preprocess(rule_name, code)
-        raise Sqreen::NotImplementedYet
-      end
-      def variant_name
-        'unspecified'
-      end
-    end
   end
 end

data/lib/sqreen/js/js_service_adapter.rb ADDED

@@ -0,0 +1,20 @@
+# typed: true
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+require 'sqreen/exception'
+module Sqreen
+  module Js
+    class JsServiceAdapter
+      def preprocess(_rule_name, _code)
+        raise Sqreen::NotImplementedYet
+      end
+      def variant_name
+        'unspecified'
+      end
+    end
+  end
+end

data/lib/sqreen/js/mini_racer_adapter.rb CHANGED

@@ -1,14 +1,21 @@
+# typed: ignore
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
+# TODO: => Sqreen::JS:MiniRacer
 require 'digest'
 require 'json'
+require 'sqreen/js/executable_js'
+require 'sqreen/js/js_service_adapter'
+require 'sqreen/js/context_pool'
+require 'sqreen/js/mini_racer_executable_js'
 module Sqreen
   module Js
     DEFAULT_GC_THRESHOLD = 15000000  # 15 MB
     class MiniRacerAdapter < JsServiceAdapter
       def initialize(vendored = false)
         @vendored = vendored
@@ -30,184 +37,5 @@ module Sqreen
         @done_static_init = true
       end
     end
-    # Auxiliary classes
-    class ContextPool
-      def initialize
-        @mutex = Mutex.new
-        @total_ctxs = 0
-        @contexts = []
-      end
-      def with_context(&block)
-        isolate = get_context
-        begin
-          block[isolate]
-        ensure
-          give_back_context isolate
-        end
-      end
-      private
-      def get_context
-        @mutex.synchronize do
-          if @contexts.empty?
-            @total_ctxs += 1
-            Sqreen.log.debug "Creating new V8 context (#{@total_ctxs})"
-            SqreenContext.new
-          else
-            @contexts.pop
-          end
-        end
-      end
-      def give_back_context(context)
-        context.possibly_gc
-        if context.gc_load > 30
-          if context.gc_threshold_in_bytes == DEFAULT_GC_THRESHOLD
-            context.gc_threshold_in_bytes *= 2
-            Sqreen.log.warn("Context #{context} had too many close garbage " \
-                            'collections; doubling the threshold to ' \
-                            "#{context.gc_threshold_in_bytes} bytes")
-            context.gc_load = 0
-          else
-            Sqreen.log.warn("Context #{context} had too many close garbage " \
-                            'collections; discarding it')
-            context.dispose
-            return
-          end
-        end
-        @mutex.synchronize { @contexts.push(context); }
-      end
-    end
-    class MiniRacerExecutableJs < ExecutableJs
-      @@ctx_defined = false
-      def initialize(pool, code, vendored)
-        @pool = pool
-        @code = code
-        @code_id = self.class.code_id(code)
-        @module = vendored ? Sqreen::MiniRacer : MiniRacer
-        mod = vendored ? Sqreen::MiniRacer : MiniRacer
-        unless @@ctx_defined
-          self.class.define_sqreen_context(mod)
-          @@ctx_defined = true
-        end
-      end
-      def run_js_cb(cb_name, budget, arguments)
-        @pool.with_context do |ctx|
-          if ctx.code_failed?(@code_id)
-            Sqreen.log.debug do
-              "Skipping execution of callback #{cb_name} (code md5 #{@code_id})" \
-              " due to prev failure of definition evaluation"
-            end
-            return nil
-          end
-          ctx.add_code(@code_id, @code) unless ctx.has_code?(@code_id)
-          # mini_racer expects timeout to be in ms
-          ctx.timeout = budget ? budget * 1000.0 : nil
-          begin
-            ctx.call("sqreen_#{@code_id}_#{cb_name}", *arguments)
-          rescue @module::ScriptTerminatedError
-            Sqreen.log.debug "ScriptTerminatedError/#{cb_name}"
-            nil
-          end
-        end
-      end
-      def self.code_id(code)
-        Digest::MD5.hexdigest(code)
-      end
-      private
-      class << self
-        def define_sqreen_context(modoole)
-          # Context specialized for Sqreen usage
-          Sqreen::Js.const_set 'SqreenContext', Class.new(modoole.const_get('Context'))
-          SqreenContext.class_eval do
-            attr_accessor :gc_threshold_in_bytes
-            attr_accessor :gc_load
-            attr_writer   :timeout
-            def has_code?(code_id)
-              return false unless @code_ids
-              @code_ids.include?(code_id)
-            end
-            def code_failed?(code_id)
-              return false unless @failed_code_ids
-              @failed_code_ids.include?(code_id)
-            end
-            def add_code(code_id, code)
-              # It's important that the definition is run in its own scope (by executing it inside an anonymous function)
-              # Otherwise some auxiliary functions that the backend server sends will collide the name
-              # Because they're defined with `var`, running the definitions inside a function is enough
-              eval_unsafe "(function() { #{code} })()"
-              transf_global_funcs code_id
-              @code_ids ||= Set.new
-              @code_ids << code_id
-            rescue
-              @failed_code_ids ||= Set.new
-              @failed_code_ids << code_id
-              raise
-            end
-            def eval_unsafe(str, filename = nil, timeoutv = nil)
-              # Beware, timeout could be kept in the context
-              # if perf cap is removed after having been activated
-              # As it's unused by execjscb we are not cleaning it
-              return super(str, filename) if timeoutv.nil?
-              return if timeoutv <= 0.0
-              timeoutv *= 1000 # Timeout are currently expressed in seconds
-              @timeout = timeoutv
-              @eval_thread = Thread.current
-              timeout do
-                super(str, filename)
-              end
-            end
-            def possibly_gc
-              @gc_threshold_in_bytes ||= DEFAULT_GC_THRESHOLD
-              @gc_load ||= 0
-              # garbage collections max 1 in every 4 calls (avg)
-              if heap_stats[:total_heap_size] > @gc_threshold_in_bytes
-                low_memory_notification
-                @gc_load += 4
-              else
-                @gc_load = [0, @gc_load - 1].max
-              end
-            end
-            private
-            def transf_global_funcs(code_id)
-              # Multiple callbacks may share the same name. In order to avoid collisions, we rename them here.
-              eval_unsafe <<EOD
-                Object.keys(this).forEach(name => {
-                  if (typeof this[name] === "function" && !name.startsWith("sqreen_")) {
-                    this['sqreen_#{code_id}_' + name] = this[name];
-                    this[name] = undefined;
-                  }
-                });
-EOD
-            end
-          end
-        end
-      end
-    end
   end
 end

data/lib/sqreen/js/mini_racer_executable_js.rb ADDED

@@ -0,0 +1,144 @@
+# typed: ignore
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+# TODO: => Sqreen::JS:MiniRacer
+# TODO: remove class vars
+require 'sqreen/log'
+module Sqreen
+  module Js
+    class MiniRacerExecutableJs < ExecutableJs
+      @@ctx_defined = false # rubocop:disable Style/ClassVars
+      def ctx_defined?
+        @@ctx_defined
+      end
+      def define_ctx!
+        @@ctx_defined = true # rubocop:disable Style/ClassVars
+      end
+      def initialize(pool, code, vendored)
+        @pool = pool
+        @code = code
+        @code_id = self.class.code_id(code)
+        @module = vendored ? Sqreen::MiniRacer : MiniRacer
+        mod = vendored ? Sqreen::MiniRacer : MiniRacer
+        return if ctx_defined?
+        self.class.define_sqreen_context(mod)
+        define_ctx!
+      end
+      def run_js_cb(cb_name, budget, arguments)
+        @pool.with_context do |ctx|
+          if ctx.code_failed?(@code_id)
+            Sqreen.log.debug do
+              "Skipping execution of callback #{cb_name} (code md5 #{@code_id})" \
+              " due to prev failure of definition evaluation"
+            end
+            return nil
+          end
+          ctx.add_code(@code_id, @code) unless ctx.code?(@code_id)
+          # mini_racer expects timeout to be in ms
+          ctx.timeout = budget ? budget * 1000.0 : nil
+          begin
+            ctx.call("sqreen_#{@code_id}_#{cb_name}", *arguments)
+          rescue @module::ScriptTerminatedError
+            Sqreen.log.debug "ScriptTerminatedError/#{cb_name}"
+            nil
+          end
+        end
+      end
+      def self.code_id(code)
+        Digest::MD5.hexdigest(code)
+      end
+      class << self
+        def define_sqreen_context(modoole)
+          # Context specialized for Sqreen usage
+          Sqreen::Js.const_set 'SqreenContext', Class.new(modoole.const_get('Context'))
+          SqreenContext.class_eval do
+            attr_accessor :gc_threshold_in_bytes
+            attr_accessor :gc_load
+            attr_writer   :timeout
+            def code?(code_id)
+              return false unless @code_ids
+              @code_ids.include?(code_id)
+            end
+            def code_failed?(code_id)
+              return false unless @failed_code_ids
+              @failed_code_ids.include?(code_id)
+            end
+            def add_code(code_id, code)
+              # It's important that the definition is run in its own scope (by executing it inside an anonymous function)
+              # Otherwise some auxiliary functions that the backend server sends will collide the name
+              # Because they're defined with `var`, running the definitions inside a function is enough
+              eval_unsafe "(function() { #{code} })()"
+              transf_global_funcs code_id
+              @code_ids ||= Set.new
+              @code_ids << code_id
+            rescue StandardError
+              @failed_code_ids ||= Set.new
+              @failed_code_ids << code_id
+              raise
+            end
+            def eval_unsafe(str, filename = nil, timeoutv = nil)
+              # Beware, timeout could be kept in the context
+              # if perf cap is removed after having been activated
+              # As it's unused by execjscb we are not cleaning it
+              return super(str, filename) if timeoutv.nil?
+              return if timeoutv <= 0.0
+              timeoutv *= 1000 # Timeout are currently expressed in seconds
+              @timeout = timeoutv
+              @eval_thread = Thread.current
+              timeout do
+                super(str, filename)
+              end
+            end
+            def possibly_gc
+              @gc_threshold_in_bytes ||= DEFAULT_GC_THRESHOLD
+              @gc_load ||= 0
+              # garbage collections max 1 in every 4 calls (avg)
+              if heap_stats[:total_heap_size] > @gc_threshold_in_bytes
+                low_memory_notification
+                @gc_load += 4
+              else
+                @gc_load = [0, @gc_load - 1].max
+              end
+            end
+            private
+            def transf_global_funcs(code_id)
+              # Multiple callbacks may share the same name. In order to avoid collisions, we rename them here.
+              eval_unsafe <<-JS
+                Object.keys(this).forEach(name => {
+                  if (typeof this[name] === "function" && !name.startsWith("sqreen_")) {
+                    this['sqreen_#{code_id}_' + name] = this[name];
+                    this[name] = undefined;
+                  }
+                });
+              JS
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/js/thread_local_exec_js_runnable.rb ADDED

@@ -0,0 +1,49 @@
+# typed: true
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+# TODO: => Sqreen::JS:ExecJS
+require 'sqreen/js/executable_js'
+module Sqreen
+  module Js
+    class ThreadLocalExecJsRunnable < ExecutableJs
+      def initialize(code)
+        @code = code
+        @tl_key = "SQREEN_EXECJS_CONTEXT_#{object_id}".freeze
+        @runtimes = [] # place where to keep strong references
+        @runtimes_mutex = Mutex.new
+      end
+      def run_js_cb(cbname, _budget, arguments)
+        tl_exec_js_runnable.call(cbname, *arguments)
+      end
+      def with_runtimes_mutex
+        @runtimes_mutex.synchronize { yield }
+      end
+      private
+      def dispose_from_dead_threads
+        with_runtimes_mutex do
+          @runtimes.delete_if { |th, _runtime| !th.alive? }
+        end
+      end
+      def tl_exec_js_runnable
+        runnable = Thread.current[@tl_key]
+        return runnable if runnable && runnable.weakref_alive?
+        dispose_from_dead_threads
+        runtime = ExecJS.compile(@code)
+        with_runtimes_mutex do
+          @runtimes << [Thread.current, runtime]
+        end
+        Thread.current[@tl_key] = WeakRef.new(runtime)
+      end
+    end
+  end
+end