RubyGems - sqreen - Versions diffs - 1.18.4 → 1.18.5 - Mend

sqreen 1.18.4 → 1.18.5

Files changed (5) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c45fb1ef0cc0144c31a590a99efd24dc36224425e3eaa03702d7f04337437c80
-  data.tar.gz: 6d0c44ddafa3547a74ffdbd1123d9f17d33a54699203baa7f4cbec91a3fd5bc3
+  metadata.gz: 321074d4cc69c79e906d6b4a865e49a36a22f786201a8def57d48d1164716282
+  data.tar.gz: 1edd7b85daa4ef20b624d0ff2ee16178b4cfe14d948c065cceba7374f1ad41d2
 SHA512:
-  metadata.gz: b6104a3ec75fce7d9e4bfc5c75a106f536dcaa103c7350560713aae37820baead05d81f037d56133a5913620004f46611addf61bfe76a4868ac9407ba5b5d56f
-  data.tar.gz: f11adaa346fe2296289483c7d958a9ab7f67aebd01a22c8848f77fbb0d79dec2f9088f346d30a712472b2d4e783ea3cc7da66cb4944341419434bb4ef363ca99
+  metadata.gz: '0085800cf5856cdab2003506d1fad265b1bb5744cf80063e4e380af44a5cc4d49a6bca7a2e6199882cea7d296511089ae1c8c2155c4e04840795afb5bbcd6817'
+  data.tar.gz: f1f2dc1680ec65f9cfd8cefde2c47fae7bbf0300f9c2d18811a21b0d1e6ac01abb0679027ce69b5faf322975ab5d17afd92c05a6bc85cf2459fc514f385e0bbc

data/CHANGELOG.md CHANGED

@@ -1,3 +1,8 @@
+## 1.18.5
+* Fix type mismatch in WAF time budget handling
+* Improve exception handling for non-WAF errors within WAF
 ## 1.18.4
 * Fix instrumentation conflict when a class defines a send method

data/lib/sqreen/rules/waf_cb.rb CHANGED

@@ -13,7 +13,7 @@ require 'sqreen/dependency/libsqreen'
 module Sqreen
   module Rules
     class WAFCB < RuleCB
-      BUDGET_MAX = 5000
+      BUDGET_MAX = 5
       def self.libsqreen?
         Sqreen::Dependency::LibSqreen.required?
@@ -52,7 +52,7 @@ module Sqreen
         @binding_accessors = @data['values'].fetch('binding_accessors', []).each_with_object({}) do |e, h|
           h[e] = BindingAccessor.new(e)
         end
-        @budget = @data['values'].fetch('budget', BUDGET_MAX)
+        @budget = @data['values'].fetch('budget_in_ms', BUDGET_MAX) * 1000
         ObjectSpace.define_finalizer(self, WAFCB.finalizer(@waf_rule_name.dup))
       end
@@ -70,8 +70,8 @@ module Sqreen
           h[e] = capper.call(b.resolve(*env))
         end
         waf_args = Sqreen::EncodingSanitizer.sanitize(waf_args)
-        budget = [self.budget, budget].compact.min
-        action, data = ::LibSqreen::WAF.run(waf_rule_name, waf_args, budget)
+        waf_budget = [self.budget, budget * 1_000_000].compact.min.to_i
+        action, data = ::LibSqreen::WAF.run(waf_rule_name, waf_args, waf_budget)
         case action
         when :monitor
@@ -103,13 +103,13 @@ module Sqreen
         lambda do |object_id|
           return unless WAFCB.libsqreen?
-          ::LibSqreen::WAF.delete(waf_rule_name, waf_args, budget)
+          ::LibSqreen::WAF.delete(waf_rule_name)
           Sqreen.log.debug("WAF rule #{rule_name} deleted, from #<#{name}:0x#{object_id.to_s(16).rjust(16, '0')}>")
         end
       end
       def record_exception(exception, infos = {}, at = Time.now.utc)
-        infos.merge!(exception_to_infos(exception))
+        infos.merge!(exception_to_infos(exception)) if exception.is_a?(Sqreen::WAFError)
         super(exception, infos, at)
       end

data/lib/sqreen/version.rb CHANGED

@@ -2,5 +2,5 @@
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 module Sqreen
-  VERSION = '1.18.4'.freeze
+  VERSION = '1.18.5'.freeze
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.18.4
+  version: 1.18.5
 platform: ruby
 authors:
 - Sqreen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-10 00:00:00.000000000 Z
+date: 2020-02-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sq_mini_racer