sqreen 1.18.4 → 1.18.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c45fb1ef0cc0144c31a590a99efd24dc36224425e3eaa03702d7f04337437c80
4
- data.tar.gz: 6d0c44ddafa3547a74ffdbd1123d9f17d33a54699203baa7f4cbec91a3fd5bc3
3
+ metadata.gz: 321074d4cc69c79e906d6b4a865e49a36a22f786201a8def57d48d1164716282
4
+ data.tar.gz: 1edd7b85daa4ef20b624d0ff2ee16178b4cfe14d948c065cceba7374f1ad41d2
5
5
  SHA512:
6
- metadata.gz: b6104a3ec75fce7d9e4bfc5c75a106f536dcaa103c7350560713aae37820baead05d81f037d56133a5913620004f46611addf61bfe76a4868ac9407ba5b5d56f
7
- data.tar.gz: f11adaa346fe2296289483c7d958a9ab7f67aebd01a22c8848f77fbb0d79dec2f9088f346d30a712472b2d4e783ea3cc7da66cb4944341419434bb4ef363ca99
6
+ metadata.gz: '0085800cf5856cdab2003506d1fad265b1bb5744cf80063e4e380af44a5cc4d49a6bca7a2e6199882cea7d296511089ae1c8c2155c4e04840795afb5bbcd6817'
7
+ data.tar.gz: f1f2dc1680ec65f9cfd8cefde2c47fae7bbf0300f9c2d18811a21b0d1e6ac01abb0679027ce69b5faf322975ab5d17afd92c05a6bc85cf2459fc514f385e0bbc
@@ -1,3 +1,8 @@
1
+ ## 1.18.5
2
+
3
+ * Fix type mismatch in WAF time budget handling
4
+ * Improve exception handling for non-WAF errors within WAF
5
+
1
6
  ## 1.18.4
2
7
 
3
8
  * Fix instrumentation conflict when a class defines a send method
@@ -13,7 +13,7 @@ require 'sqreen/dependency/libsqreen'
13
13
  module Sqreen
14
14
  module Rules
15
15
  class WAFCB < RuleCB
16
- BUDGET_MAX = 5000
16
+ BUDGET_MAX = 5
17
17
 
18
18
  def self.libsqreen?
19
19
  Sqreen::Dependency::LibSqreen.required?
@@ -52,7 +52,7 @@ module Sqreen
52
52
  @binding_accessors = @data['values'].fetch('binding_accessors', []).each_with_object({}) do |e, h|
53
53
  h[e] = BindingAccessor.new(e)
54
54
  end
55
- @budget = @data['values'].fetch('budget', BUDGET_MAX)
55
+ @budget = @data['values'].fetch('budget_in_ms', BUDGET_MAX) * 1000
56
56
 
57
57
  ObjectSpace.define_finalizer(self, WAFCB.finalizer(@waf_rule_name.dup))
58
58
  end
@@ -70,8 +70,8 @@ module Sqreen
70
70
  h[e] = capper.call(b.resolve(*env))
71
71
  end
72
72
  waf_args = Sqreen::EncodingSanitizer.sanitize(waf_args)
73
- budget = [self.budget, budget].compact.min
74
- action, data = ::LibSqreen::WAF.run(waf_rule_name, waf_args, budget)
73
+ waf_budget = [self.budget, budget * 1_000_000].compact.min.to_i
74
+ action, data = ::LibSqreen::WAF.run(waf_rule_name, waf_args, waf_budget)
75
75
 
76
76
  case action
77
77
  when :monitor
@@ -103,13 +103,13 @@ module Sqreen
103
103
  lambda do |object_id|
104
104
  return unless WAFCB.libsqreen?
105
105
 
106
- ::LibSqreen::WAF.delete(waf_rule_name, waf_args, budget)
106
+ ::LibSqreen::WAF.delete(waf_rule_name)
107
107
  Sqreen.log.debug("WAF rule #{rule_name} deleted, from #<#{name}:0x#{object_id.to_s(16).rjust(16, '0')}>")
108
108
  end
109
109
  end
110
110
 
111
111
  def record_exception(exception, infos = {}, at = Time.now.utc)
112
- infos.merge!(exception_to_infos(exception))
112
+ infos.merge!(exception_to_infos(exception)) if exception.is_a?(Sqreen::WAFError)
113
113
  super(exception, infos, at)
114
114
  end
115
115
 
@@ -2,5 +2,5 @@
2
2
  # Please refer to our terms for more information: https://www.sqreen.com/terms.html
3
3
 
4
4
  module Sqreen
5
- VERSION = '1.18.4'.freeze
5
+ VERSION = '1.18.5'.freeze
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.18.4
4
+ version: 1.18.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-02-10 00:00:00.000000000 Z
11
+ date: 2020-02-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sq_mini_racer