sqreen 1.18.3-java → 1.19.1-java

data/lib/sqreen/{dependency → graft}/hook_point.rb

@@ -1,12 +1,26 @@
+# typed: false
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 
 require 'sqreen/dependency'
 require 'sqreen/backport/original_name'
+require 'sqreen/graft'
+require 'sqreen/graft/hook_point_error'
 
 module Sqreen
-  module Dependency
-    class HookPointError < StandardError; end
+  module Graft
+    class HookSpot < Module
+      def initialize(key)
+        @key = key
+      end
+
+      attr_reader :key
+
+      def inspect
+        "#<#{self.class.name}: #{@key.inspect}>"
+      end
+    end
 
     class HookPoint
       def self.parse(hook_point)
@@ -22,8 +36,9 @@ module Sqreen
 
       attr_reader :klass_name, :method_kind, :method_name
 
-      def initialize(hook_point)
-        @klass_name, @method_kind, @method_name = Sqreen::Dependency::HookPoint.parse(hook_point)
+      def initialize(hook_point, strategy = :chain)
+        @klass_name, @method_kind, @method_name = Sqreen::Graft::HookPoint.parse(hook_point)
+        @strategy = strategy
       end
 
       def to_s
@@ -34,11 +49,12 @@ module Sqreen
         return false unless Sqreen::Dependency.const_exist?(@klass_name)
 
         if klass_method?
-          (klass.methods + klass.protected_methods + klass.private_methods).include?(@method_name)
+          (klass.singleton_class.public_instance_methods(false) + klass.singleton_class.protected_instance_methods(false) + klass.singleton_class.private_instance_methods(false)).include?(@method_name)
         elsif instance_method?
-          (klass.instance_methods + klass.protected_instance_methods + klass.private_instance_methods).include?(@method_name)
+          (klass.public_instance_methods(false) + klass.protected_instance_methods(false) + klass.private_instance_methods(false)).include?(@method_name)
         else
-          raise HookPointError, 'unknown hook point kind'
+          Sqreen::Graft.logger.error { "[#{Process.pid}] #{self} unknown hook point kind" }
+          raise HookPointError, "#{self} unknown hook point kind"
         end
       end
 
@@ -56,7 +72,8 @@ module Sqreen
         elsif instance_method?
           klass.private_instance_methods.include?(@method_name)
         else
-          raise HookPointError, 'unknown hook point kind'
+          Sqreen::Graft.logger.error { "[#{Process.pid}] #{self} unknown hook point kind" }
+          raise HookPointError, "#{self} unknown hook point kind"
         end
       end
 
@@ -66,7 +83,8 @@ module Sqreen
         elsif instance_method?
           klass.protected_instance_methods.include?(@method_name)
         else
-          raise HookPointError, 'unknown hook point kind'
+          Sqreen::Graft.logger.error { "[#{Process.pid}] #{self} unknown hook point kind" }
+          raise HookPointError, "#{self} unknown hook point kind"
         end
       end
 
@@ -74,58 +92,159 @@ module Sqreen
         @method_kind == :instance_method
       end
 
-      def installed?(suffix)
-        if klass_method?
-          (klass.methods + klass.protected_methods + klass.private_methods).include?(:"#{method_name}_with_#{suffix}")
-        elsif instance_method?
-          (klass.instance_methods + klass.protected_instance_methods + klass.private_instance_methods).include?(:"#{method_name}_with_#{suffix}")
-        else
-          raise HookPointError, 'unknown hook point kind'
+      def installed?(key)
+        case @strategy
+        when :chain then defined(key)
+        when :prepend then prepended?(key) && overridden?(key)
         end
       end
 
+      def super?
+        @strategy == :prepend
+      end
+
       def apply(obj, suffix, *args, &block)
+        raise 'use super' if super?
+
         obj.send("#{method_name}_without_#{suffix}", *args, &block)
       end
 
-      def install(suffix, &block)
-        if installed?(suffix)
-          Sqreen.log.debug "[#{Process.pid}] #{self} already installed"
+      def install(key, &block)
+        if installed?(key)
+          Sqreen::Graft.logger.debug { "[#{Process.pid}] #{self} already installed" }
+          return
         end
         unless exist?
-          Sqreen.log.debug "[#{Process.pid}] #{self} hook point not found"
+          Sqreen::Graft.logger.debug { "[#{Process.pid}] #{self} hook point not found" }
+          return
         end
 
-        define(suffix, &block)
-        enable(suffix)
+        case @strategy
+        when :chain
+          define(key, &block)
+          chain(key)
+        when :prepend
+          prepend(key)
+          override(key, &block)
+        end
       end
 
-      def uninstall(suffix)
-        disable(suffix)
-        remove(suffix)
+      def uninstall(key)
+        unless installed?(key)
+          Sqreen::Graft.logger.debug { "[#{Process.pid}] #{self} not installed" }
+          return
+        end
+        unless exist?
+          Sqreen::Graft.logger.debug { "[#{Process.pid}] #{self} hook point not found" }
+          return
+        end
+
+        case @strategy
+        when :chain
+          disable(key)
+          remove(key)
+        when :prepend
+          unoverride(key) if overridden?(key)
+        end
       end
 
-      def enable(suffix)
-        chain(suffix)
+      def enable(key)
+        case @strategy
+        when :chain
+          chain(key)
+        when :prepend
+          raise HookPointError, "enable called on prepend mode"
+        end
       end
 
-      def disable(suffix)
-        unchain(suffix)
+      def disable(key)
+        case @strategy
+        when :chain
+          unchain(key)
+        when :prepend
+          unoverride(key)
+        end
       end
 
-      def disabled?(suffix)
-        !chained?(suffix)
+      def disabled?(key)
+        case @strategy
+        when :chain
+          !chained?(key)
+        when :prepend
+          !overridden?(key)
+        end
       end
 
       private
 
+      def prepend(key)
+        target = klass_method? ? klass.singleton_class : klass
+        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+        mod ||= HookSpot.new(key)
+        target.instance_eval { prepend(mod) }
+      end
+
+      def prepended?(key)
+        target = klass_method? ? klass.singleton_class : klass
+        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+
+        mod != nil
+      end
+
+      def overridden?(key)
+        target = klass_method? ? klass.singleton_class : klass
+        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+
+        (mod.instance_methods(false) + mod.protected_instance_methods(false) + mod.private_instance_methods(false)).include?(method_name)
+      end
+
+      def override(key, &block)
+        hook_point = self
+        method_name = @method_name
+
+        target = klass_method? ? klass.singleton_class : klass
+        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+
+        mod.instance_eval do
+          if hook_point.private_method?
+            private
+          elsif hook_point.protected_method?
+            protected
+          else
+            public
+          end
+
+          define_method(:"#{method_name}", &block)
+        end
+      end
+
+      def unoverride(key)
+        method_name = @method_name
+
+        target = klass_method? ? klass.singleton_class : klass
+        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+
+        mod.instance_eval { remove_method(method_name) }
+      end
+
+      def defined(suffix)
+        if klass_method?
+          (klass.methods + klass.protected_methods + klass.private_methods).include?(:"#{method_name}_with_#{suffix}")
+        elsif instance_method?
+          (klass.instance_methods + klass.protected_instance_methods + klass.private_instance_methods).include?(:"#{method_name}_with_#{suffix}")
+        else
+          Sqreen::Graft.logger.error { "[#{Process.pid}] #{self} unknown hook point kind" }
+          raise HookPointError, "#{self} unknown hook point kind"
+        end
+      end
+
       def define(suffix, &block)
         hook_point = self
         method_name = @method_name
 
         if klass_method?
           klass.singleton_class.instance_eval do
-            if hook_point.protected_method?
+            if hook_point.private_method?
               private
             elsif hook_point.protected_method?
               protected
@@ -137,7 +256,7 @@ module Sqreen
           end
         elsif instance_method?
           klass.class_eval do
-            if hook_point.protected_method?
+            if hook_point.private_method?
               private
             elsif hook_point.protected_method?
               protected

data/lib/sqreen/graft/hook_point_error.rb

@@ -0,0 +1,10 @@
+# typed: strong
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
+module Sqreen
+  module Graft
+    class HookPointError < StandardError; end
+  end
+end

data/lib/sqreen/invalid_signature_exception.rb

@@ -1,3 +1,5 @@
+# typed: strong
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/js.rb

@@ -1,3 +1,5 @@
+# typed: strong
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/js/call_context.rb

@@ -1,3 +1,5 @@
+# typed: true
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/js/context_pool.rb

@@ -1,3 +1,5 @@
+# typed: ignore
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/js/exec_js_runnable.rb

@@ -1,3 +1,5 @@
+# typed: true
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/js/execjs_adapter.rb

@@ -1,3 +1,5 @@
+# typed: true
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/js/executable_js.rb

@@ -1,3 +1,5 @@
+# typed: true
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/js/js_service.rb

@@ -1,3 +1,5 @@
+# typed: ignore
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/js/js_service_adapter.rb

@@ -1,3 +1,5 @@
+# typed: true
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/js/mini_racer_adapter.rb

@@ -1,3 +1,5 @@
+# typed: ignore
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/js/mini_racer_executable_js.rb

@@ -1,3 +1,5 @@
+# typed: ignore
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/js/thread_local_exec_js_runnable.rb

@@ -1,3 +1,5 @@
+# typed: true
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 

data/lib/sqreen/legacy.rb

@@ -0,0 +1,8 @@
+# typed: strong
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
+module Sqreen
+  module Legacy; end
+end

data/lib/sqreen/{instrumentation.rb → legacy/instrumentation.rb}

@@ -1,6 +1,9 @@
+# typed: ignore
+
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 
+require 'sqreen/legacy'
 require 'sqreen/cb_tree'
 require 'sqreen/log'
 require 'sqreen/exception'
@@ -36,6 +39,8 @@ require 'set'
 # end
 
 module Sqreen
+
+module Legacy
   class Instrumentation
     OVERTIME_METRIC = 'request_overtime'.freeze
 
@@ -84,6 +89,7 @@ module Sqreen
             start = Sqreen.time
             res = cb.pre(instance, args, budget, &block)
             stop = Sqreen.time
+            Sqreen.log.debug { "ran pre cb #{cb} => #{res.inspect}" }
             # The first few pre callbacks could not have a request & hence a budget just yet so we try harder to find it
             budget = framework.remaining_perf_budget if framework && !budget && Sqreen.performance_budget
             if budget
@@ -139,6 +145,7 @@ module Sqreen
             start = Sqreen.time
             res = cb.post(return_val, instance, args, budget, &block)
             stop = Sqreen.time
+            Sqreen.log.debug { "ran post cb #{cb} => #{res.inspect}" }
             if budget
               budget -= (stop - start)
               cb.overtime! if budget <= 0.0
@@ -193,6 +200,7 @@ module Sqreen
             start = Sqreen.time
             res = cb.failing(exception, instance, args, budget, &block)
             stop = Sqreen.time
+            Sqreen.log.debug { "ran failing cb #{cb} => #{res.inspect}" }
             if budget
               budget -= (stop - start)
               cb.overtime! if budget <= 0.0
@@ -237,7 +245,7 @@ module Sqreen
       key = [method]
       args.each { |e| key.push(e.object_id) }
       if key && @sqreen_multi_instr && @sqreen_multi_instr[instance.object_id].member?(key)
-        return instance.send(original_method, *args, &block)
+        return instance.__send__(original_method, *args, &block)
       end
       @sqreen_multi_instr ||= Hash.new { |h, k| h[k] = Set.new } # TODO: this should probably be a thread local
       @sqreen_multi_instr[instance.object_id].add(key)
@@ -273,7 +281,7 @@ module Sqreen
           skip_call = true
         end
         # If we are already overbudget let's not work at all
-        return send(original_meth, *args, &block) if skip_call
+        return __send__(original_meth, *args, &block) if skip_call
         Instrumentation.guard_multi_call(self, meth, original_meth, args, block) do
           precbs, postcbs, failcbs = Instrumentation.callbacks.get(klass_name, meth)
           Thread.current[:sqreen_in_use] = true
@@ -328,7 +336,7 @@ module Sqreen
           Thread.current[:sqreen_in_use] = false
           return result if skip
           begin
-            result = send(original_meth, *args, &block)
+            result = __send__(original_meth, *args, &block)
           rescue StandardError => e
             Thread.current[:sqreen_in_use] = true
             budget = Sqreen.performance_budget && framework && framework.remaining_perf_budget
@@ -401,7 +409,7 @@ module Sqreen
         Sqreen::PerformanceNotifications::BinnedMetrics.start_request if has_notifications
 
         begin
-          send(original_meth, *args, &block)
+          __send__(original_meth, *args, &block)
         ensure
           if has_notifications
             Sqreen::PerformanceNotifications.instrument('next_req_notifs', PRE_CB) do
@@ -437,7 +445,7 @@ module Sqreen
         end
 
         alias_method original, new_method
-        send(method_kind, original)
+        __send__(method_kind, original)
         private saved_meth_name
       end
     end
@@ -456,7 +464,7 @@ module Sqreen
           method_kind = :private
         end
         alias_method meth, saved_meth_name
-        send(method_kind, meth)
+        __send__(method_kind, meth)
 
         remove_method saved_meth_name
       end
@@ -503,11 +511,12 @@ module Sqreen
         alias_method meth, new_method
         private saved_meth_name
         private new_method
-        send(method_kind, meth)
+        __send__(method_kind, meth)
       end
       saved_meth_name
     end
 
+    ### bad idea anyway
     # WARNING We do not actually remove `meth`
     def unoverride_class_method(klass, meth)
       saved_meth_name = get_saved_method_name(meth)
@@ -522,10 +531,11 @@ module Sqreen
           method_kind = :private
         end
         alias_method meth.to_sym, saved_meth_name.to_sym
-        send(method_kind, meth.to_sym)
+        __send__(method_kind, meth.to_sym)
       end
     end
 
+    ### useless now
     if RUBY_VERSION < '1.9'
       def adjust_method_name(method)
         method.to_s
@@ -554,6 +564,8 @@ module Sqreen
       is_instance_method?(obj, method)
     end
 
+    ### is that actually used?
+    ### if so, do not attempt to alter frozen instances
     # Override a singleton method on an instance
     def override_singleton_method(instance, klass_name, meth)
       @@overriden_singleton_methods = true
@@ -647,8 +659,7 @@ module Sqreen
 
       already_overriden = @@overriden_methods.include? key
       unless already_overriden
-        Sqreen.log.debug "#{key} not overriden, returning"
-        return
+        Sqreen.log.debug "#{key} apparently not overridden"
       end
 
       defined_cbs = @@registered_callbacks.get(klass, method).flatten
@@ -674,6 +685,7 @@ module Sqreen
       elsif is_instance_method?(klass, method)
         unoverride_instance_method(klass, method)
       else
+        ### Module#prepend will take care of that
         # FIXME: Override define_method and other dynamic ways to
         # The following should be monitored to make sure we
         # don't forget dynamically added methods:
@@ -701,8 +713,13 @@ module Sqreen
     # @return [Array<Sqreen::CB>]
     def hardcoded_callbacks(framework)
       [
+        ### callback for performing sec responses based on ip
+        ### init redefined to implement smartass way to hook it upon the
+        ### framework's middleware #call
         Sqreen::Rules::RunReqStartActions.new(framework),
+        ### callback for performing sec responses based on user
         Sqreen::Rules::RunUserActions.new(Sqreen, :identify, 0),
+        ### callback for performing sec responses based on user
         Sqreen::Rules::RunUserActions.new(Sqreen, :auth_track, 1),
       ]
     end
@@ -711,6 +728,7 @@ module Sqreen
     # @param rules [Array<Hash>] Rules to instrument
     # @param framework [Sqreen::Frameworks::GenericFramework]
     def instrument!(rules, framework)
+      ### set up rule signature verifier
       verifier = nil
       if Sqreen.features['rules_signature'] &&
          Sqreen.config_get(:rules_verify_signature) == true &&
@@ -720,33 +738,44 @@ module Sqreen
         Sqreen.log.debug('Rules signature is not enabled')
       end
 
+      ### force clean instrumentation callback list
       remove_all_callbacks # Force cb tree to be empty before instrumenting
 
+      ### for each rule description, transform into format for adding callback
       rules.each do |rule|
         rcb = Sqreen::Rules.cb_from_rule(rule, self, metrics_engine, verifier)
         next unless rcb
+        ### attach framework to callback
         rcb.framework = framework
+        ### add callback
         add_callback(rcb)
       end
 
       # add hardcoded callbacks, observing priority
       hardcoded_callbacks(framework).each { |cb| add_callback(cb) }
 
+      ### globally declare instrumentation ready
+      ### from within instance method? not even thread local?
       Sqreen.instrumentation_ready = true
     end
 
     def initialize(metrics_engine = nil)
       self.metrics_engine = metrics_engine
       return if metrics_engine.nil?
+      ### init metric to count calls to sqreen
       metrics_engine.create_metric('name' => CallCountable::COUNT_CALLS,
                                    'period' => 60,
                                    'kind' => 'Sum')
+      ### init metric to count request whitelist matches (ip or path whitelist)
       metrics_engine.create_metric('name' => Sqreen::Rules::RecordRequestContext::WHITELISTED_METRIC,
                                    'period' => 60,
                                    'kind' => 'Sum')
+      ### init metric to count over budget hits
       metrics_engine.create_metric('name' => OVERTIME_METRIC,
                                    'period' => 60,
                                    'kind' => 'Sum')
     end
   end
 end
+
+end