sqreen 1.18.3.beta1 → 1.18.3.beta2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +0 -5
- data/lib/sqreen/actions.rb +11 -337
- data/lib/sqreen/actions/base.rb +110 -0
- data/lib/sqreen/actions/block_ip.rb +32 -0
- data/lib/sqreen/actions/block_user.rb +44 -0
- data/lib/sqreen/actions/ip_range_indexed_action_class.rb +36 -0
- data/lib/sqreen/actions/ip_ranges_index.rb +36 -0
- data/lib/sqreen/actions/redirect_ip.rb +40 -0
- data/lib/sqreen/actions/redirect_user.rb +45 -0
- data/lib/sqreen/actions/repository.rb +24 -0
- data/lib/sqreen/actions/unknown_action_type.rb +16 -0
- data/lib/sqreen/actions/user_action_class.rb +41 -0
- data/lib/sqreen/agent.rb +4 -1
- data/lib/sqreen/attack_blocked.rb +17 -0
- data/lib/sqreen/binding_accessor.rb +9 -102
- data/lib/sqreen/binding_accessor/path_elem.rb +8 -0
- data/lib/sqreen/binding_accessor/transforms.rb +107 -0
- data/lib/sqreen/capped_queue.rb +2 -0
- data/lib/sqreen/{callbacks.rb → cb.rb} +1 -53
- data/lib/sqreen/{callback_tree.rb → cb_tree.rb} +2 -2
- data/lib/sqreen/condition_evaluator.rb +22 -5
- data/lib/sqreen/configuration.rb +3 -0
- data/lib/sqreen/default_cb.rb +20 -0
- data/lib/sqreen/deferred_logger.rb +63 -0
- data/lib/sqreen/deliveries.rb +10 -0
- data/lib/sqreen/deliveries/batch.rb +7 -1
- data/lib/sqreen/deliveries/simple.rb +5 -0
- data/lib/sqreen/dependency/rails.rb +4 -0
- data/lib/sqreen/dependency/sinatra.rb +4 -0
- data/lib/sqreen/error_handling_middleware.rb +30 -0
- data/lib/sqreen/event.rb +2 -0
- data/lib/sqreen/events/attack.rb +2 -0
- data/lib/sqreen/events/request_record.rb +11 -56
- data/lib/sqreen/exception.rb +9 -40
- data/lib/sqreen/formatter_with_tid.rb +45 -0
- data/lib/sqreen/framework_cb.rb +28 -0
- data/lib/sqreen/frameworks.rb +7 -0
- data/lib/sqreen/frameworks/generic.rb +5 -1
- data/lib/sqreen/frameworks/rails.rb +2 -0
- data/lib/sqreen/frameworks/request_recorder.rb +3 -0
- data/lib/sqreen/frameworks/sinatra.rb +2 -0
- data/lib/sqreen/frameworks/sqreen_test.rb +2 -0
- data/lib/sqreen/instrumentation.rb +5 -5
- data/lib/sqreen/invalid_signature_exception.rb +8 -0
- data/lib/{sqreen-alt.rb → sqreen/js.rb} +6 -1
- data/lib/sqreen/js/call_context.rb +10 -0
- data/lib/sqreen/js/context_pool.rb +60 -0
- data/lib/sqreen/js/exec_js_runnable.rb +20 -0
- data/lib/sqreen/js/execjs_adapter.rb +6 -47
- data/lib/sqreen/js/executable_js.rb +12 -0
- data/lib/sqreen/js/js_service.rb +2 -22
- data/lib/sqreen/js/js_service_adapter.rb +18 -0
- data/lib/sqreen/js/mini_racer_adapter.rb +6 -180
- data/lib/sqreen/js/mini_racer_executable_js.rb +142 -0
- data/lib/sqreen/js/thread_local_exec_js_runnable.rb +47 -0
- data/lib/sqreen/log.rb +8 -188
- data/lib/sqreen/logger.rb +83 -0
- data/lib/sqreen/metrics_store.rb +3 -11
- data/lib/sqreen/metrics_store/already_registered_metric.rb +11 -0
- data/lib/sqreen/metrics_store/unknown_metric.rb +11 -0
- data/lib/sqreen/metrics_store/unregistered_metric.rb +11 -0
- data/lib/sqreen/middleware.rb +0 -44
- data/lib/sqreen/mono_time.rb +2 -0
- data/lib/sqreen/node.rb +44 -0
- data/lib/sqreen/not_implemented_yet.rb +8 -0
- data/lib/sqreen/null_logger.rb +24 -0
- data/lib/sqreen/payload_creator.rb +2 -19
- data/lib/sqreen/payload_creator/header_section.rb +28 -0
- data/lib/sqreen/prefix.rb +33 -0
- data/lib/sqreen/rails_middleware.rb +14 -0
- data/lib/sqreen/remote_command.rb +1 -8
- data/lib/sqreen/remote_command/failure_output.rb +11 -0
- data/lib/sqreen/rules.rb +32 -2
- data/lib/sqreen/{rule_attributes.rb → rules/attrs.rb} +0 -0
- data/lib/sqreen/{rules_callbacks/sdk_auth_track.rb → rules/auth_track_cb.rb} +2 -2
- data/lib/sqreen/{rules_callbacks/binding_accessor_matcher.rb → rules/binding_accessor_matcher_cb.rb} +4 -8
- data/lib/sqreen/{rules_callbacks → rules}/binding_accessor_metrics.rb +1 -1
- data/lib/sqreen/{rules_callbacks/blacklist_ips.rb → rules/blacklist_ips_cb.rb} +3 -2
- data/lib/sqreen/{rules_callbacks → rules}/count_http_codes.rb +2 -2
- data/lib/sqreen/{rules_callbacks/crawler_user_agent_matches.rb → rules/crawler_user_agent_matches_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/crawler_user_agent_matches_metrics.rb → rules/crawler_user_agent_matches_metrics_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/custom_error.rb → rules/custom_error_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/devise_auth_track.rb → rules/devise_auth_track_cb.rb} +2 -2
- data/lib/sqreen/{rules_callbacks/devise_signup_track.rb → rules/devise_signup_track_cb.rb} +2 -2
- data/lib/sqreen/{rules_callbacks/execjs.rb → rules/execjs_cb.rb} +49 -50
- data/lib/sqreen/{rules_callbacks/headers_insert.rb → rules/headers_insert_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks → rules}/matcher_rule.rb +2 -2
- data/lib/sqreen/{rules_callbacks/not_found.rb → rules/not_found_cb.rb} +2 -2
- data/lib/sqreen/{rules_callbacks/rails_parameters.rb → rules/rails_parameters_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks → rules}/record_request_context.rb +1 -1
- data/lib/sqreen/{rules_callbacks/regexp_rule.rb → rules/regexp_rule_cb.rb} +1 -1
- data/lib/sqreen/{rule_callback.rb → rules/rule_cb.rb} +2 -2
- data/lib/sqreen/{rules_callbacks → rules}/run_req_start_actions.rb +4 -2
- data/lib/sqreen/{rules_callbacks → rules}/run_user_actions.rb +1 -1
- data/lib/sqreen/{rules_callbacks/shell_env.rb → rules/shell_env_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/sdk_signup_track.rb → rules/signup_track_cb.rb} +2 -2
- data/lib/sqreen/{rules_callbacks → rules}/update_request_context.rb +1 -1
- data/lib/sqreen/{rules_callbacks/url_matches.rb → rules/url_matches_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/user_agent_matches.rb → rules/user_agent_matches_cb.rb} +1 -1
- data/lib/sqreen/{rules_callbacks/waf.rb → rules/waf_cb.rb} +7 -3
- data/lib/sqreen/{rules_callbacks/reflected_xss.rb → rules/xss_cb.rb} +10 -7
- data/lib/sqreen/run_when_called_cb.rb +21 -0
- data/lib/sqreen/sensitive_data_redactor.rb +111 -0
- data/lib/sqreen/signature_verifier.rb +20 -0
- data/lib/sqreen/sinatra_middleware.rb +14 -0
- data/lib/sqreen/{rules_signature.rb → sqreen_signed_verifier.rb} +5 -17
- data/lib/sqreen/token_invalid_exception.rb +8 -0
- data/lib/sqreen/token_not_found_exception.rb +9 -0
- data/lib/sqreen/trie.rb +3 -64
- data/lib/sqreen/unauthorized.rb +8 -0
- data/lib/sqreen/util.rb +2 -0
- data/lib/sqreen/util/capped_array.rb +30 -0
- data/lib/sqreen/util/capped_hash.rb +36 -0
- data/lib/sqreen/util/capped_string.rb +22 -0
- data/lib/sqreen/util/capper.rb +57 -0
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/waf_error.rb +18 -0
- metadata +85 -36
- data/lib/sqreen/rules_callbacks.rb +0 -36
- data/lib/sqreen/rules_callbacks/inspect_rule.rb +0 -25
@@ -0,0 +1,20 @@
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
|
+
|
4
|
+
# TODO: => Sqreen::JS:ExecJS
|
5
|
+
|
6
|
+
require 'sqreen/js/executable_js'
|
7
|
+
|
8
|
+
module Sqreen
|
9
|
+
module Js
|
10
|
+
class ExecJsRunnable < ExecutableJs
|
11
|
+
def initialize(compiled)
|
12
|
+
@compiled = compiled
|
13
|
+
end
|
14
|
+
|
15
|
+
def run_js_cb(cbname, _budget, arguments)
|
16
|
+
@compiled.call(cbname, *arguments)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -1,8 +1,14 @@
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
2
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
3
|
|
4
|
+
# TODO: => Sqreen::JS:ExecJS
|
5
|
+
|
4
6
|
require 'execjs'
|
5
7
|
require 'weakref'
|
8
|
+
require 'sqreen/js/executable_js'
|
9
|
+
require 'sqreen/js/js_service_adapter'
|
10
|
+
require 'sqreen/js/exec_js_runnable'
|
11
|
+
require 'sqreen/js/thread_local_exec_js_runnable'
|
6
12
|
|
7
13
|
module Sqreen
|
8
14
|
module Js
|
@@ -25,52 +31,5 @@ module Sqreen
|
|
25
31
|
ExecJS.runtime.name != 'therubyrhino (Rhino)'
|
26
32
|
end
|
27
33
|
end
|
28
|
-
|
29
|
-
class ExecJsRunnable < ExecutableJs
|
30
|
-
def initialize(compiled)
|
31
|
-
@compiled = compiled
|
32
|
-
end
|
33
|
-
|
34
|
-
def run_js_cb(cbname, _budget, arguments)
|
35
|
-
@compiled.call(cbname, *arguments)
|
36
|
-
end
|
37
|
-
end
|
38
|
-
|
39
|
-
class ThreadLocalExecJsRunnable < ExecutableJs
|
40
|
-
def initialize(code)
|
41
|
-
@code = code
|
42
|
-
@tl_key = "SQREEN_EXECJS_CONTEXT_#{object_id}".freeze
|
43
|
-
@runtimes = [] # place where to keep strong references
|
44
|
-
@runtimes_mutex = Mutex.new
|
45
|
-
end
|
46
|
-
|
47
|
-
def run_js_cb(cbname, _budget, arguments)
|
48
|
-
tl_exec_js_runnable.call(cbname, *arguments)
|
49
|
-
end
|
50
|
-
|
51
|
-
def with_runtimes_mutex
|
52
|
-
@runtimes_mutex.synchronize { yield }
|
53
|
-
end
|
54
|
-
|
55
|
-
private
|
56
|
-
|
57
|
-
def dispose_from_dead_threads
|
58
|
-
with_runtimes_mutex do
|
59
|
-
@runtimes.delete_if { |th, _runtime| !th.alive? }
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
def tl_exec_js_runnable
|
64
|
-
runnable = Thread.current[@tl_key]
|
65
|
-
return runnable if runnable && runnable.weakref_alive?
|
66
|
-
|
67
|
-
dispose_from_dead_threads
|
68
|
-
runtime = ExecJS.compile(@code)
|
69
|
-
with_runtimes_mutex do
|
70
|
-
@runtimes << [Thread.current, runtime]
|
71
|
-
end
|
72
|
-
Thread.current[@tl_key] = WeakRef.new(runtime)
|
73
|
-
end
|
74
|
-
end
|
75
34
|
end
|
76
35
|
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
|
+
|
4
|
+
module Sqreen
|
5
|
+
module Js
|
6
|
+
class ExecutableJs
|
7
|
+
def run_js_cb(_cb_name, _budget, _arguments)
|
8
|
+
raise Sqreen::NotImplementedYet
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
data/lib/sqreen/js/js_service.rb
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
2
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
3
|
|
4
|
+
require 'sqreen/log'
|
4
5
|
require 'sqreen/exception'
|
6
|
+
require 'singleton'
|
5
7
|
|
6
8
|
module Sqreen
|
7
9
|
module Js
|
8
|
-
# start public interface
|
9
|
-
|
10
10
|
class JsService
|
11
11
|
include ::Singleton
|
12
12
|
|
@@ -66,25 +66,5 @@ module Sqreen
|
|
66
66
|
false
|
67
67
|
end
|
68
68
|
end
|
69
|
-
|
70
|
-
CallContext = Struct.new(:inst, :args, :rv)
|
71
|
-
|
72
|
-
class ExecutableJs
|
73
|
-
def run_js_cb(_cb_name, _budget, _arguments)
|
74
|
-
raise Sqreen::NotImplementedYet
|
75
|
-
end
|
76
|
-
end
|
77
|
-
|
78
|
-
# end public interface
|
79
|
-
|
80
|
-
class JsServiceAdapter
|
81
|
-
def preprocess(rule_name, code)
|
82
|
-
raise Sqreen::NotImplementedYet
|
83
|
-
end
|
84
|
-
|
85
|
-
def variant_name
|
86
|
-
'unspecified'
|
87
|
-
end
|
88
|
-
end
|
89
69
|
end
|
90
70
|
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
|
+
|
4
|
+
require 'sqreen/exception'
|
5
|
+
|
6
|
+
module Sqreen
|
7
|
+
module Js
|
8
|
+
class JsServiceAdapter
|
9
|
+
def preprocess(_rule_name, _code)
|
10
|
+
raise Sqreen::NotImplementedYet
|
11
|
+
end
|
12
|
+
|
13
|
+
def variant_name
|
14
|
+
'unspecified'
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -1,14 +1,19 @@
|
|
1
1
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
2
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
3
|
|
4
|
+
# TODO: => Sqreen::JS:MiniRacer
|
5
|
+
|
4
6
|
require 'digest'
|
5
7
|
require 'json'
|
8
|
+
require 'sqreen/js/executable_js'
|
9
|
+
require 'sqreen/js/js_service_adapter'
|
10
|
+
require 'sqreen/js/context_pool'
|
11
|
+
require 'sqreen/js/mini_racer_executable_js'
|
6
12
|
|
7
13
|
module Sqreen
|
8
14
|
module Js
|
9
15
|
DEFAULT_GC_THRESHOLD = 15000000 # 15 MB
|
10
16
|
|
11
|
-
|
12
17
|
class MiniRacerAdapter < JsServiceAdapter
|
13
18
|
def initialize(vendored = false)
|
14
19
|
@vendored = vendored
|
@@ -30,184 +35,5 @@ module Sqreen
|
|
30
35
|
@done_static_init = true
|
31
36
|
end
|
32
37
|
end
|
33
|
-
|
34
|
-
# Auxiliary classes
|
35
|
-
|
36
|
-
class ContextPool
|
37
|
-
def initialize
|
38
|
-
@mutex = Mutex.new
|
39
|
-
@total_ctxs = 0
|
40
|
-
@contexts = []
|
41
|
-
end
|
42
|
-
|
43
|
-
def with_context(&block)
|
44
|
-
isolate = get_context
|
45
|
-
begin
|
46
|
-
block[isolate]
|
47
|
-
ensure
|
48
|
-
give_back_context isolate
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
private
|
53
|
-
|
54
|
-
def get_context
|
55
|
-
@mutex.synchronize do
|
56
|
-
if @contexts.empty?
|
57
|
-
@total_ctxs += 1
|
58
|
-
Sqreen.log.debug "Creating new V8 context (#{@total_ctxs})"
|
59
|
-
SqreenContext.new
|
60
|
-
else
|
61
|
-
@contexts.pop
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
def give_back_context(context)
|
67
|
-
context.possibly_gc
|
68
|
-
|
69
|
-
if context.gc_load > 30
|
70
|
-
if context.gc_threshold_in_bytes == DEFAULT_GC_THRESHOLD
|
71
|
-
context.gc_threshold_in_bytes *= 2
|
72
|
-
Sqreen.log.warn("Context #{context} had too many close garbage " \
|
73
|
-
'collections; doubling the threshold to ' \
|
74
|
-
"#{context.gc_threshold_in_bytes} bytes")
|
75
|
-
context.gc_load = 0
|
76
|
-
else
|
77
|
-
Sqreen.log.warn("Context #{context} had too many close garbage " \
|
78
|
-
'collections; discarding it')
|
79
|
-
context.dispose
|
80
|
-
return
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
@mutex.synchronize { @contexts.push(context); }
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
|
-
class MiniRacerExecutableJs < ExecutableJs
|
89
|
-
@@ctx_defined = false
|
90
|
-
|
91
|
-
def initialize(pool, code, vendored)
|
92
|
-
@pool = pool
|
93
|
-
@code = code
|
94
|
-
@code_id = self.class.code_id(code)
|
95
|
-
|
96
|
-
@module = vendored ? Sqreen::MiniRacer : MiniRacer
|
97
|
-
|
98
|
-
mod = vendored ? Sqreen::MiniRacer : MiniRacer
|
99
|
-
unless @@ctx_defined
|
100
|
-
self.class.define_sqreen_context(mod)
|
101
|
-
@@ctx_defined = true
|
102
|
-
end
|
103
|
-
end
|
104
|
-
|
105
|
-
def run_js_cb(cb_name, budget, arguments)
|
106
|
-
@pool.with_context do |ctx|
|
107
|
-
if ctx.code_failed?(@code_id)
|
108
|
-
Sqreen.log.debug do
|
109
|
-
"Skipping execution of callback #{cb_name} (code md5 #{@code_id})" \
|
110
|
-
" due to prev failure of definition evaluation"
|
111
|
-
end
|
112
|
-
return nil
|
113
|
-
end
|
114
|
-
|
115
|
-
ctx.add_code(@code_id, @code) unless ctx.has_code?(@code_id)
|
116
|
-
|
117
|
-
# mini_racer expects timeout to be in ms
|
118
|
-
ctx.timeout = budget ? budget * 1000.0 : nil
|
119
|
-
begin
|
120
|
-
ctx.call("sqreen_#{@code_id}_#{cb_name}", *arguments)
|
121
|
-
rescue @module::ScriptTerminatedError
|
122
|
-
Sqreen.log.debug "ScriptTerminatedError/#{cb_name}"
|
123
|
-
nil
|
124
|
-
end
|
125
|
-
end
|
126
|
-
end
|
127
|
-
|
128
|
-
def self.code_id(code)
|
129
|
-
Digest::MD5.hexdigest(code)
|
130
|
-
end
|
131
|
-
|
132
|
-
private
|
133
|
-
|
134
|
-
class << self
|
135
|
-
def define_sqreen_context(modoole)
|
136
|
-
# Context specialized for Sqreen usage
|
137
|
-
Sqreen::Js.const_set 'SqreenContext', Class.new(modoole.const_get('Context'))
|
138
|
-
SqreenContext.class_eval do
|
139
|
-
attr_accessor :gc_threshold_in_bytes
|
140
|
-
attr_accessor :gc_load
|
141
|
-
attr_writer :timeout
|
142
|
-
|
143
|
-
def has_code?(code_id)
|
144
|
-
return false unless @code_ids
|
145
|
-
@code_ids.include?(code_id)
|
146
|
-
end
|
147
|
-
|
148
|
-
def code_failed?(code_id)
|
149
|
-
return false unless @failed_code_ids
|
150
|
-
@failed_code_ids.include?(code_id)
|
151
|
-
end
|
152
|
-
|
153
|
-
def add_code(code_id, code)
|
154
|
-
# It's important that the definition is run in its own scope (by executing it inside an anonymous function)
|
155
|
-
# Otherwise some auxiliary functions that the backend server sends will collide the name
|
156
|
-
# Because they're defined with `var`, running the definitions inside a function is enough
|
157
|
-
eval_unsafe "(function() { #{code} })()"
|
158
|
-
transf_global_funcs code_id
|
159
|
-
@code_ids ||= Set.new
|
160
|
-
@code_ids << code_id
|
161
|
-
rescue
|
162
|
-
@failed_code_ids ||= Set.new
|
163
|
-
@failed_code_ids << code_id
|
164
|
-
raise
|
165
|
-
end
|
166
|
-
|
167
|
-
def eval_unsafe(str, filename = nil, timeoutv = nil)
|
168
|
-
# Beware, timeout could be kept in the context
|
169
|
-
# if perf cap is removed after having been activated
|
170
|
-
# As it's unused by execjscb we are not cleaning it
|
171
|
-
return super(str, filename) if timeoutv.nil?
|
172
|
-
return if timeoutv <= 0.0
|
173
|
-
timeoutv *= 1000 # Timeout are currently expressed in seconds
|
174
|
-
@timeout = timeoutv
|
175
|
-
@eval_thread = Thread.current
|
176
|
-
timeout do
|
177
|
-
super(str, filename)
|
178
|
-
end
|
179
|
-
end
|
180
|
-
|
181
|
-
def possibly_gc
|
182
|
-
@gc_threshold_in_bytes ||= DEFAULT_GC_THRESHOLD
|
183
|
-
@gc_load ||= 0
|
184
|
-
|
185
|
-
# garbage collections max 1 in every 4 calls (avg)
|
186
|
-
if heap_stats[:total_heap_size] > @gc_threshold_in_bytes
|
187
|
-
low_memory_notification
|
188
|
-
@gc_load += 4
|
189
|
-
else
|
190
|
-
@gc_load = [0, @gc_load - 1].max
|
191
|
-
end
|
192
|
-
end
|
193
|
-
|
194
|
-
private
|
195
|
-
|
196
|
-
def transf_global_funcs(code_id)
|
197
|
-
# Multiple callbacks may share the same name. In order to avoid collisions, we rename them here.
|
198
|
-
eval_unsafe <<EOD
|
199
|
-
Object.keys(this).forEach(name => {
|
200
|
-
if (typeof this[name] === "function" && !name.startsWith("sqreen_")) {
|
201
|
-
this['sqreen_#{code_id}_' + name] = this[name];
|
202
|
-
this[name] = undefined;
|
203
|
-
}
|
204
|
-
});
|
205
|
-
EOD
|
206
|
-
|
207
|
-
end
|
208
|
-
end
|
209
|
-
end
|
210
|
-
end
|
211
|
-
end
|
212
38
|
end
|
213
39
|
end
|
@@ -0,0 +1,142 @@
|
|
1
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
|
+
|
4
|
+
# TODO: => Sqreen::JS:MiniRacer
|
5
|
+
# TODO: remove class vars
|
6
|
+
|
7
|
+
require 'sqreen/log'
|
8
|
+
|
9
|
+
module Sqreen
|
10
|
+
module Js
|
11
|
+
class MiniRacerExecutableJs < ExecutableJs
|
12
|
+
@@ctx_defined = false # rubocop:disable Style/ClassVars
|
13
|
+
|
14
|
+
def ctx_defined?
|
15
|
+
@@ctx_defined
|
16
|
+
end
|
17
|
+
|
18
|
+
def define_ctx!
|
19
|
+
@@ctx_defined = true # rubocop:disable Style/ClassVars
|
20
|
+
end
|
21
|
+
|
22
|
+
def initialize(pool, code, vendored)
|
23
|
+
@pool = pool
|
24
|
+
@code = code
|
25
|
+
@code_id = self.class.code_id(code)
|
26
|
+
|
27
|
+
@module = vendored ? Sqreen::MiniRacer : MiniRacer
|
28
|
+
|
29
|
+
mod = vendored ? Sqreen::MiniRacer : MiniRacer
|
30
|
+
|
31
|
+
return if ctx_defined?
|
32
|
+
|
33
|
+
self.class.define_sqreen_context(mod)
|
34
|
+
define_ctx!
|
35
|
+
end
|
36
|
+
|
37
|
+
def run_js_cb(cb_name, budget, arguments)
|
38
|
+
@pool.with_context do |ctx|
|
39
|
+
if ctx.code_failed?(@code_id)
|
40
|
+
Sqreen.log.debug do
|
41
|
+
"Skipping execution of callback #{cb_name} (code md5 #{@code_id})" \
|
42
|
+
" due to prev failure of definition evaluation"
|
43
|
+
end
|
44
|
+
return nil
|
45
|
+
end
|
46
|
+
|
47
|
+
ctx.add_code(@code_id, @code) unless ctx.code?(@code_id)
|
48
|
+
|
49
|
+
# mini_racer expects timeout to be in ms
|
50
|
+
ctx.timeout = budget ? budget * 1000.0 : nil
|
51
|
+
begin
|
52
|
+
ctx.call("sqreen_#{@code_id}_#{cb_name}", *arguments)
|
53
|
+
rescue @module::ScriptTerminatedError
|
54
|
+
Sqreen.log.debug "ScriptTerminatedError/#{cb_name}"
|
55
|
+
nil
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
def self.code_id(code)
|
61
|
+
Digest::MD5.hexdigest(code)
|
62
|
+
end
|
63
|
+
|
64
|
+
class << self
|
65
|
+
def define_sqreen_context(modoole)
|
66
|
+
# Context specialized for Sqreen usage
|
67
|
+
Sqreen::Js.const_set 'SqreenContext', Class.new(modoole.const_get('Context'))
|
68
|
+
SqreenContext.class_eval do
|
69
|
+
attr_accessor :gc_threshold_in_bytes
|
70
|
+
attr_accessor :gc_load
|
71
|
+
attr_writer :timeout
|
72
|
+
|
73
|
+
def code?(code_id)
|
74
|
+
return false unless @code_ids
|
75
|
+
@code_ids.include?(code_id)
|
76
|
+
end
|
77
|
+
|
78
|
+
def code_failed?(code_id)
|
79
|
+
return false unless @failed_code_ids
|
80
|
+
@failed_code_ids.include?(code_id)
|
81
|
+
end
|
82
|
+
|
83
|
+
def add_code(code_id, code)
|
84
|
+
# It's important that the definition is run in its own scope (by executing it inside an anonymous function)
|
85
|
+
# Otherwise some auxiliary functions that the backend server sends will collide the name
|
86
|
+
# Because they're defined with `var`, running the definitions inside a function is enough
|
87
|
+
eval_unsafe "(function() { #{code} })()"
|
88
|
+
transf_global_funcs code_id
|
89
|
+
@code_ids ||= Set.new
|
90
|
+
@code_ids << code_id
|
91
|
+
rescue StandardError
|
92
|
+
@failed_code_ids ||= Set.new
|
93
|
+
@failed_code_ids << code_id
|
94
|
+
raise
|
95
|
+
end
|
96
|
+
|
97
|
+
def eval_unsafe(str, filename = nil, timeoutv = nil)
|
98
|
+
# Beware, timeout could be kept in the context
|
99
|
+
# if perf cap is removed after having been activated
|
100
|
+
# As it's unused by execjscb we are not cleaning it
|
101
|
+
return super(str, filename) if timeoutv.nil?
|
102
|
+
return if timeoutv <= 0.0
|
103
|
+
timeoutv *= 1000 # Timeout are currently expressed in seconds
|
104
|
+
@timeout = timeoutv
|
105
|
+
@eval_thread = Thread.current
|
106
|
+
timeout do
|
107
|
+
super(str, filename)
|
108
|
+
end
|
109
|
+
end
|
110
|
+
|
111
|
+
def possibly_gc
|
112
|
+
@gc_threshold_in_bytes ||= DEFAULT_GC_THRESHOLD
|
113
|
+
@gc_load ||= 0
|
114
|
+
|
115
|
+
# garbage collections max 1 in every 4 calls (avg)
|
116
|
+
if heap_stats[:total_heap_size] > @gc_threshold_in_bytes
|
117
|
+
low_memory_notification
|
118
|
+
@gc_load += 4
|
119
|
+
else
|
120
|
+
@gc_load = [0, @gc_load - 1].max
|
121
|
+
end
|
122
|
+
end
|
123
|
+
|
124
|
+
private
|
125
|
+
|
126
|
+
def transf_global_funcs(code_id)
|
127
|
+
# Multiple callbacks may share the same name. In order to avoid collisions, we rename them here.
|
128
|
+
eval_unsafe <<-JS
|
129
|
+
Object.keys(this).forEach(name => {
|
130
|
+
if (typeof this[name] === "function" && !name.startsWith("sqreen_")) {
|
131
|
+
this['sqreen_#{code_id}_' + name] = this[name];
|
132
|
+
this[name] = undefined;
|
133
|
+
}
|
134
|
+
});
|
135
|
+
JS
|
136
|
+
end
|
137
|
+
end
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
141
|
+
end
|
142
|
+
end
|