sqreen 1.18.3.beta1 → 1.18.3.beta2

data/lib/sqreen/token_invalid_exception.rb

@@ -0,0 +1,8 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
+require 'sqreen/exception'
+
+module Sqreen
+  class TokenInvalidException < Sqreen::Exception; end
+end

data/lib/sqreen/token_not_found_exception.rb

@@ -0,0 +1,9 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
+require 'sqreen/exception'
+
+module Sqreen
+  # When the token is not found
+  class TokenNotFoundException < Sqreen::Exception; end
+end

data/lib/sqreen/trie.rb

@@ -2,6 +2,9 @@
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 
 require 'ipaddr'
+require 'sqreen/node'
+
+# TODO: move to Sqreen::IP
 
 module Sqreen
   Trie = Struct.new(:head, :num_active_nodes, :family) do
@@ -211,68 +214,4 @@ module Sqreen
       xstack
     end
   end
-
-  Prefix = Struct.new(:family, :bitlen, :address, :data) do # addr is integer
-    def initialize(*args)
-      super
-      raise ArgumentError, 'no family given' unless family
-      raise ArgumentError, 'no bitlen given' unless bitlen
-      raise ArgumentError, 'no address given' unless address
-    end
-
-    def matches?(addr, family)
-      raise 'family mismatch' unless family == self.family
-      shift_amount = (family == Socket::AF_INET ? 32 : 128) - self.bitlen
-      (addr ^ self.address) >> shift_amount == 0
-    end
-  end
-
-  def Prefix.from_str(str, data = nil)
-    ip_addr = IPAddr.new(str)
-    if str =~ /\/(\d+)$/
-      bitlen = $~[1].to_i
-    else
-      bitlen = ip_addr.family == Socket::AF_INET6 ? 128 : 32
-    end
-    Prefix.new(ip_addr.family, bitlen, ip_addr.to_i, data)
-  end
-
-  # bit starts at 0 (most significant)
-  Node = Struct.new(:bit, :prefix, :l, :r, :parent) do
-    def initialize(*args)
-      super
-      raise ArgumentError, 'no bit given' if bit.nil?
-    end
-
-    def empty?
-      prefix.nil?
-    end
-
-    # cover the whole tree
-    def walk(max_bits, empty_nodes = false)
-      xstack = Array.new(max_bits + 1)
-      sidx = 0 # stack index
-      xhead = self
-      xcur = xhead
-      while !xcur.nil?
-        yield xcur unless xcur.empty? && !empty_nodes
-
-        if xcur.l
-          if xcur.r
-            xstack[sidx] = xcur.r
-            sidx += 1
-          end
-          xcur = xcur.l
-        elsif xcur.r
-          xcur = xcur.r
-        elsif sidx.nonzero?
-          sidx -= 1
-          xcur = xstack[sidx]
-        else
-          xcur = nil
-        end
-      end
-    end
-  end
-
 end

data/lib/sqreen/unauthorized.rb

@@ -0,0 +1,8 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
+require 'sqreen/exception'
+
+module Sqreen
+  class Unauthorized < Sqreen::Exception; end
+end

data/lib/sqreen/util.rb

@@ -0,0 +1,2 @@
+module Sqreen; end
+module Sqreen::Util; end

data/lib/sqreen/util/capped_array.rb

@@ -0,0 +1,30 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
+require 'sqreen/util'
+
+class Sqreen::Util::CappedArray < Array
+  attr_reader :size_cap, :depth_cap
+
+  def initialize(*args, size_cap: 150, depth_cap: 10, &block)
+    @size_cap = size_cap
+    @depth_cap = depth_cap
+
+    super(*args, &block)
+  end
+
+  def <<(value)
+    keep?(size, value) ? super : self
+  end
+  alias_method :append, :<<
+
+  def []=(index, value)
+    super if keep?(index, value)
+  end
+
+  private
+
+  def keep?(index, value)
+    index < size_cap && (depth_cap > 0 || !value.is_a?(Hash) && !value.is_a?(Array))
+  end
+end

data/lib/sqreen/util/capped_hash.rb

@@ -0,0 +1,36 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
+require 'sqreen/util'
+
+class Sqreen::Util::CappedHash < Hash
+  attr_reader :size_cap, :depth_cap
+
+  def initialize(*args, size_cap: 150, depth_cap: 10, &block)
+    @size_cap = size_cap
+    @depth_cap = depth_cap
+
+    super(*args, &block)
+  end
+
+  def []=(key, value)
+    super if key?(key) || keep?(value)
+  end
+  alias_method :store, :[]=
+
+  def merge!(h)
+    h.each { |k, v| self[k] = block_given? ? yield(k, self[k], v) : v }
+  end
+  alias_method :update, :merge!
+
+  def replace(h)
+    keep_if { false }
+    merge!(h)
+  end
+
+  private
+
+  def keep?(value)
+    size < size_cap && (depth_cap > 0 || !value.is_a?(Hash) && !value.is_a?(Array))
+  end
+end

data/lib/sqreen/util/capped_string.rb

@@ -0,0 +1,22 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
+require 'sqreen/util'
+
+class Sqreen::Util::CappedString < String
+  attr_reader :size_cap
+
+  def initialize(*args, size_cap: 4096, &block)
+    @size_cap = size_cap
+    super(*args, &block)
+  end
+
+  def <<(value)
+    return self unless size < size_cap
+
+    value = value[0, size_cap - size] if size + value.size > size_cap
+
+    super(value)
+  end
+  alias_method :concat, :<<
+end

data/lib/sqreen/util/capper.rb

@@ -0,0 +1,57 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
+require 'sqreen/util'
+require 'sqreen/util/capped_hash'
+require 'sqreen/util/capped_string'
+require 'sqreen/util/capped_array'
+
+class Sqreen::Util::Capper
+  attr_reader :string_size_cap, :size_cap, :depth_cap
+
+  def initialize(string_size_cap: 4096, size_cap: 150, depth_cap: 10, flat_size_cap: 10000)
+    @string_size_cap = string_size_cap
+    @size_cap = size_cap
+    @depth_cap = depth_cap
+    @flat_size_cap = flat_size_cap
+  end
+
+  def call(e)
+    r_call(e).first
+  end
+
+  private
+
+  def r_call(e, size: @flat_size_cap, depth: @depth_cap)
+    case e
+    when Hash
+      h = Sqreen::Util::CappedHash.new(size_cap: size_cap, depth_cap: depth)
+      e.each do |k, v|
+        break unless size > 0
+        k_capped,   = r_call(k, size: size, depth: depth - 1)
+        v_capped, s = r_call(v, size: size, depth: depth - 1)
+        size -= s
+        h[k_capped] = v_capped
+      end
+      [h, h.size]
+    when Array
+      a = Sqreen::Util::CappedArray.new(size_cap: size_cap, depth_cap: depth)
+      e.each do |v|
+        break unless size > 0
+        c, s = r_call(v, size: size, depth: depth - 1)
+        a << c
+        size -= s
+      end
+      [a, a.size]
+    when String
+      return unless size > 0
+      size -= 1
+      s = Sqreen::Util::CappedString.new(size_cap: string_size_cap) << e
+      [s, 1]
+    else
+      return unless size > 0
+      size -= 1
+      [e, 1]
+    end
+  end
+end

data/lib/sqreen/version.rb

@@ -2,5 +2,5 @@
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 
 module Sqreen
-  VERSION = '1.18.3.beta1'.freeze
+  VERSION = '1.18.3.beta2'.freeze
 end

data/lib/sqreen/waf_error.rb

@@ -0,0 +1,18 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
+require 'sqreen/exception'
+
+module Sqreen
+  class WAFError < Sqreen::Exception
+    attr_reader :rule_name, :error, :data, :args
+
+    def initialize(rule_name, error, data = nil, args = nil)
+      super(error.to_s)
+      @rule_name = rule_name
+      @error = error
+      @data = data
+      @args = args
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.18.3.beta1
+  version: 1.18.3.beta2
 platform: ruby
 authors:
 - Sqreen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-11-14 00:00:00.000000000 Z
+date: 2019-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sq_mini_racer
@@ -49,23 +49,38 @@ files:
 - CODE_OF_CONDUCT.md
 - README.md
 - Rakefile
-- lib/sqreen-alt.rb
 - lib/sqreen.rb
 - lib/sqreen/actions.rb
+- lib/sqreen/actions/base.rb
+- lib/sqreen/actions/block_ip.rb
+- lib/sqreen/actions/block_user.rb
+- lib/sqreen/actions/ip_range_indexed_action_class.rb
+- lib/sqreen/actions/ip_ranges_index.rb
+- lib/sqreen/actions/redirect_ip.rb
+- lib/sqreen/actions/redirect_user.rb
+- lib/sqreen/actions/repository.rb
+- lib/sqreen/actions/unknown_action_type.rb
+- lib/sqreen/actions/user_action_class.rb
 - lib/sqreen/agent.rb
+- lib/sqreen/attack_blocked.rb
 - lib/sqreen/attack_detected.html
 - lib/sqreen/backport.rb
 - lib/sqreen/backport/original_name.rb
 - lib/sqreen/binding_accessor.rb
+- lib/sqreen/binding_accessor/path_elem.rb
+- lib/sqreen/binding_accessor/transforms.rb
 - lib/sqreen/ca.crt
 - lib/sqreen/call_countable.rb
-- lib/sqreen/callback_tree.rb
-- lib/sqreen/callbacks.rb
 - lib/sqreen/capped_queue.rb
+- lib/sqreen/cb.rb
+- lib/sqreen/cb_tree.rb
 - lib/sqreen/condition_evaluator.rb
 - lib/sqreen/conditionable.rb
 - lib/sqreen/configuration.rb
 - lib/sqreen/context.rb
+- lib/sqreen/default_cb.rb
+- lib/sqreen/deferred_logger.rb
+- lib/sqreen/deliveries.rb
 - lib/sqreen/deliveries/batch.rb
 - lib/sqreen/deliveries/simple.rb
 - lib/sqreen/dependency.rb
@@ -79,11 +94,14 @@ files:
 - lib/sqreen/dependency/sentry.rb
 - lib/sqreen/dependency/sinatra.rb
 - lib/sqreen/encoding_sanitizer.rb
+- lib/sqreen/error_handling_middleware.rb
 - lib/sqreen/event.rb
 - lib/sqreen/events/attack.rb
 - lib/sqreen/events/remote_exception.rb
 - lib/sqreen/events/request_record.rb
 - lib/sqreen/exception.rb
+- lib/sqreen/formatter_with_tid.rb
+- lib/sqreen/framework_cb.rb
 - lib/sqreen/frameworks.rb
 - lib/sqreen/frameworks/generic.rb
 - lib/sqreen/frameworks/rails.rb
@@ -92,10 +110,20 @@ files:
 - lib/sqreen/frameworks/sinatra.rb
 - lib/sqreen/frameworks/sqreen_test.rb
 - lib/sqreen/instrumentation.rb
+- lib/sqreen/invalid_signature_exception.rb
+- lib/sqreen/js.rb
+- lib/sqreen/js/call_context.rb
+- lib/sqreen/js/context_pool.rb
+- lib/sqreen/js/exec_js_runnable.rb
 - lib/sqreen/js/execjs_adapter.rb
+- lib/sqreen/js/executable_js.rb
 - lib/sqreen/js/js_service.rb
+- lib/sqreen/js/js_service_adapter.rb
 - lib/sqreen/js/mini_racer_adapter.rb
+- lib/sqreen/js/mini_racer_executable_js.rb
+- lib/sqreen/js/thread_local_exec_js_runnable.rb
 - lib/sqreen/log.rb
+- lib/sqreen/logger.rb
 - lib/sqreen/metrics.rb
 - lib/sqreen/metrics/average.rb
 - lib/sqreen/metrics/base.rb
@@ -103,58 +131,79 @@ files:
 - lib/sqreen/metrics/collect.rb
 - lib/sqreen/metrics/sum.rb
 - lib/sqreen/metrics_store.rb
+- lib/sqreen/metrics_store/already_registered_metric.rb
+- lib/sqreen/metrics_store/unknown_metric.rb
+- lib/sqreen/metrics_store/unregistered_metric.rb
 - lib/sqreen/middleware.rb
 - lib/sqreen/mono_time.rb
+- lib/sqreen/node.rb
+- lib/sqreen/not_implemented_yet.rb
+- lib/sqreen/null_logger.rb
 - lib/sqreen/payload_creator.rb
+- lib/sqreen/payload_creator/header_section.rb
 - lib/sqreen/performance_notifications.rb
 - lib/sqreen/performance_notifications/binned_metrics.rb
 - lib/sqreen/performance_notifications/log.rb
 - lib/sqreen/performance_notifications/log_performance.rb
 - lib/sqreen/performance_notifications/metrics.rb
 - lib/sqreen/performance_notifications/newrelic.rb
+- lib/sqreen/prefix.rb
+- lib/sqreen/rails_middleware.rb
 - lib/sqreen/remote_command.rb
-- lib/sqreen/rule_attributes.rb
-- lib/sqreen/rule_callback.rb
+- lib/sqreen/remote_command/failure_output.rb
 - lib/sqreen/rules.rb
-- lib/sqreen/rules_callbacks.rb
-- lib/sqreen/rules_callbacks/binding_accessor_matcher.rb
-- lib/sqreen/rules_callbacks/binding_accessor_metrics.rb
-- lib/sqreen/rules_callbacks/blacklist_ips.rb
-- lib/sqreen/rules_callbacks/count_http_codes.rb
-- lib/sqreen/rules_callbacks/crawler_user_agent_matches.rb
-- lib/sqreen/rules_callbacks/crawler_user_agent_matches_metrics.rb
-- lib/sqreen/rules_callbacks/custom_error.rb
-- lib/sqreen/rules_callbacks/devise_auth_track.rb
-- lib/sqreen/rules_callbacks/devise_signup_track.rb
-- lib/sqreen/rules_callbacks/execjs.rb
-- lib/sqreen/rules_callbacks/headers_insert.rb
-- lib/sqreen/rules_callbacks/inspect_rule.rb
-- lib/sqreen/rules_callbacks/matcher_rule.rb
-- lib/sqreen/rules_callbacks/not_found.rb
-- lib/sqreen/rules_callbacks/rails_parameters.rb
-- lib/sqreen/rules_callbacks/record_request_context.rb
-- lib/sqreen/rules_callbacks/reflected_xss.rb
-- lib/sqreen/rules_callbacks/regexp_rule.rb
-- lib/sqreen/rules_callbacks/run_req_start_actions.rb
-- lib/sqreen/rules_callbacks/run_user_actions.rb
-- lib/sqreen/rules_callbacks/sdk_auth_track.rb
-- lib/sqreen/rules_callbacks/sdk_signup_track.rb
-- lib/sqreen/rules_callbacks/shell_env.rb
-- lib/sqreen/rules_callbacks/update_request_context.rb
-- lib/sqreen/rules_callbacks/url_matches.rb
-- lib/sqreen/rules_callbacks/user_agent_matches.rb
-- lib/sqreen/rules_callbacks/waf.rb
-- lib/sqreen/rules_signature.rb
+- lib/sqreen/rules/attrs.rb
+- lib/sqreen/rules/auth_track_cb.rb
+- lib/sqreen/rules/binding_accessor_matcher_cb.rb
+- lib/sqreen/rules/binding_accessor_metrics.rb
+- lib/sqreen/rules/blacklist_ips_cb.rb
+- lib/sqreen/rules/count_http_codes.rb
+- lib/sqreen/rules/crawler_user_agent_matches_cb.rb
+- lib/sqreen/rules/crawler_user_agent_matches_metrics_cb.rb
+- lib/sqreen/rules/custom_error_cb.rb
+- lib/sqreen/rules/devise_auth_track_cb.rb
+- lib/sqreen/rules/devise_signup_track_cb.rb
+- lib/sqreen/rules/execjs_cb.rb
+- lib/sqreen/rules/headers_insert_cb.rb
+- lib/sqreen/rules/matcher_rule.rb
+- lib/sqreen/rules/not_found_cb.rb
+- lib/sqreen/rules/rails_parameters_cb.rb
+- lib/sqreen/rules/record_request_context.rb
+- lib/sqreen/rules/regexp_rule_cb.rb
+- lib/sqreen/rules/rule_cb.rb
+- lib/sqreen/rules/run_req_start_actions.rb
+- lib/sqreen/rules/run_user_actions.rb
+- lib/sqreen/rules/shell_env_cb.rb
+- lib/sqreen/rules/signup_track_cb.rb
+- lib/sqreen/rules/update_request_context.rb
+- lib/sqreen/rules/url_matches_cb.rb
+- lib/sqreen/rules/user_agent_matches_cb.rb
+- lib/sqreen/rules/waf_cb.rb
+- lib/sqreen/rules/xss_cb.rb
+- lib/sqreen/run_when_called_cb.rb
 - lib/sqreen/runner.rb
 - lib/sqreen/runtime_infos.rb
 - lib/sqreen/safe_json.rb
 - lib/sqreen/sdk.rb
+- lib/sqreen/sensitive_data_redactor.rb
 - lib/sqreen/serializer.rb
 - lib/sqreen/session.rb
 - lib/sqreen/shared_storage.rb
 - lib/sqreen/shared_storage23.rb
+- lib/sqreen/signature_verifier.rb
+- lib/sqreen/sinatra_middleware.rb
+- lib/sqreen/sqreen_signed_verifier.rb
+- lib/sqreen/token_invalid_exception.rb
+- lib/sqreen/token_not_found_exception.rb
 - lib/sqreen/trie.rb
+- lib/sqreen/unauthorized.rb
+- lib/sqreen/util.rb
+- lib/sqreen/util/capped_array.rb
+- lib/sqreen/util/capped_hash.rb
+- lib/sqreen/util/capped_string.rb
+- lib/sqreen/util/capper.rb
 - lib/sqreen/version.rb
+- lib/sqreen/waf_error.rb
 - lib/sqreen/web_server.rb
 - lib/sqreen/web_server/generic.rb
 - lib/sqreen/web_server/passenger.rb