sqreen 1.18.6-java → 1.20.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +27 -0
- data/lib/sqreen/actions.rb +2 -0
- data/lib/sqreen/actions/actions_index.rb +16 -0
- data/lib/sqreen/actions/base.rb +4 -10
- data/lib/sqreen/actions/block_ip.rb +2 -0
- data/lib/sqreen/actions/block_user.rb +2 -0
- data/lib/sqreen/actions/ip_range_indexed_action_class.rb +4 -24
- data/lib/sqreen/actions/ip_ranges_index.rb +32 -11
- data/lib/sqreen/actions/redirect_ip.rb +2 -0
- data/lib/sqreen/actions/redirect_user.rb +2 -0
- data/lib/sqreen/actions/repository.rb +27 -8
- data/lib/sqreen/actions/unknown_action_type.rb +4 -0
- data/lib/sqreen/actions/user_action_class.rb +5 -30
- data/lib/sqreen/actions/users_index.rb +35 -0
- data/lib/sqreen/agent.rb +2 -1
- data/lib/sqreen/aggregated_metric.rb +25 -0
- data/lib/sqreen/attack_blocked.rb +2 -0
- data/lib/sqreen/binding_accessor.rb +2 -0
- data/lib/sqreen/binding_accessor/path_elem.rb +2 -0
- data/lib/sqreen/binding_accessor/transforms.rb +8 -1
- data/lib/sqreen/call_countable.rb +2 -0
- data/lib/sqreen/capped_queue.rb +2 -0
- data/lib/sqreen/cb.rb +2 -0
- data/lib/sqreen/cb_tree.rb +2 -0
- data/lib/sqreen/condition_evaluator.rb +2 -0
- data/lib/sqreen/conditionable.rb +2 -0
- data/lib/sqreen/configuration.rb +19 -1
- data/lib/sqreen/context.rb +2 -0
- data/lib/sqreen/default_cb.rb +2 -0
- data/lib/sqreen/deferred_logger.rb +2 -0
- data/lib/sqreen/deliveries.rb +2 -0
- data/lib/sqreen/deliveries/batch.rb +6 -1
- data/lib/sqreen/deliveries/simple.rb +6 -0
- data/lib/sqreen/dependency.rb +3 -1
- data/lib/sqreen/dependency/detector.rb +22 -14
- data/lib/sqreen/dependency/libsqreen.rb +4 -0
- data/lib/sqreen/dependency/new_relic.rb +2 -0
- data/lib/sqreen/dependency/rack.rb +10 -5
- data/lib/sqreen/dependency/rails.rb +4 -0
- data/lib/sqreen/dependency/sentry.rb +2 -0
- data/lib/sqreen/dependency/sinatra.rb +12 -1
- data/lib/sqreen/encoding_sanitizer.rb +2 -0
- data/lib/sqreen/error_handling_middleware.rb +2 -0
- data/lib/sqreen/event.rb +9 -5
- data/lib/sqreen/events/attack.rb +25 -18
- data/lib/sqreen/events/remote_exception.rb +2 -22
- data/lib/sqreen/events/request_record.rb +17 -70
- data/lib/sqreen/exception.rb +2 -0
- data/lib/sqreen/formatter_with_tid.rb +2 -0
- data/lib/sqreen/framework_cb.rb +2 -0
- data/lib/sqreen/frameworks.rb +2 -0
- data/lib/sqreen/frameworks/generic.rb +2 -0
- data/lib/sqreen/frameworks/rails.rb +1 -0
- data/lib/sqreen/frameworks/rails3.rb +2 -0
- data/lib/sqreen/frameworks/request_recorder.rb +15 -2
- data/lib/sqreen/frameworks/sinatra.rb +2 -0
- data/lib/sqreen/frameworks/sqreen_test.rb +2 -0
- data/lib/sqreen/graft.rb +12 -0
- data/lib/sqreen/graft/call.rb +150 -0
- data/lib/sqreen/{dependency → graft}/callback.rb +12 -4
- data/lib/sqreen/graft/hook.rb +316 -0
- data/lib/sqreen/{dependency → graft}/hook_point.rb +152 -33
- data/lib/sqreen/graft/hook_point_error.rb +10 -0
- data/lib/sqreen/invalid_signature_exception.rb +2 -0
- data/lib/sqreen/js.rb +2 -0
- data/lib/sqreen/js/call_context.rb +2 -0
- data/lib/sqreen/js/context_pool.rb +2 -0
- data/lib/sqreen/js/exec_js_runnable.rb +2 -0
- data/lib/sqreen/js/execjs_adapter.rb +2 -0
- data/lib/sqreen/js/executable_js.rb +2 -0
- data/lib/sqreen/js/js_service.rb +2 -0
- data/lib/sqreen/js/js_service_adapter.rb +2 -0
- data/lib/sqreen/js/mini_racer_adapter.rb +2 -0
- data/lib/sqreen/js/mini_racer_executable_js.rb +2 -0
- data/lib/sqreen/js/thread_local_exec_js_runnable.rb +2 -0
- data/lib/sqreen/kit/signals/specialized/aggregated_metric.rb +72 -0
- data/lib/sqreen/kit/signals/specialized/attack.rb +57 -0
- data/lib/sqreen/kit/signals/specialized/binning_metric.rb +76 -0
- data/lib/sqreen/kit/signals/specialized/http_trace.rb +26 -0
- data/lib/sqreen/kit/signals/specialized/sdk_track_call.rb +50 -0
- data/lib/sqreen/kit/signals/specialized/sqreen_exception.rb +57 -0
- data/lib/sqreen/{backport.rb → legacy.rb} +3 -2
- data/lib/sqreen/{instrumentation.rb → legacy/instrumentation.rb} +31 -2
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +221 -0
- data/lib/sqreen/legacy/waf_redactions.rb +49 -0
- data/lib/sqreen/log.rb +2 -0
- data/lib/sqreen/log/loggable.rb +28 -0
- data/lib/sqreen/logger.rb +2 -0
- data/lib/sqreen/metrics.rb +2 -0
- data/lib/sqreen/metrics/average.rb +2 -0
- data/lib/sqreen/metrics/base.rb +5 -0
- data/lib/sqreen/metrics/binning.rb +2 -0
- data/lib/sqreen/metrics/collect.rb +2 -0
- data/lib/sqreen/metrics/sum.rb +2 -0
- data/lib/sqreen/metrics_store.rb +24 -12
- data/lib/sqreen/metrics_store/already_registered_metric.rb +2 -0
- data/lib/sqreen/metrics_store/unknown_metric.rb +2 -0
- data/lib/sqreen/metrics_store/unregistered_metric.rb +2 -0
- data/lib/sqreen/middleware.rb +2 -0
- data/lib/sqreen/mono_time.rb +2 -0
- data/lib/sqreen/node.rb +2 -0
- data/lib/sqreen/not_implemented_yet.rb +2 -0
- data/lib/sqreen/null_logger.rb +2 -0
- data/lib/sqreen/payload_creator.rb +2 -0
- data/lib/sqreen/payload_creator/header_section.rb +2 -0
- data/lib/sqreen/performance_notifications.rb +2 -0
- data/lib/sqreen/performance_notifications/binned_metrics.rb +10 -2
- data/lib/sqreen/performance_notifications/log.rb +2 -0
- data/lib/sqreen/performance_notifications/log_performance.rb +2 -0
- data/lib/sqreen/performance_notifications/metrics.rb +2 -0
- data/lib/sqreen/performance_notifications/newrelic.rb +2 -0
- data/lib/sqreen/prefix.rb +2 -0
- data/lib/sqreen/rails_middleware.rb +2 -0
- data/lib/sqreen/remote_command.rb +2 -0
- data/lib/sqreen/remote_command/failure_output.rb +5 -0
- data/lib/sqreen/rules.rb +6 -2
- data/lib/sqreen/rules/attrs.rb +2 -0
- data/lib/sqreen/rules/auth_track_cb.rb +2 -0
- data/lib/sqreen/rules/binding_accessor_matcher_cb.rb +2 -0
- data/lib/sqreen/rules/binding_accessor_metrics.rb +2 -0
- data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -0
- data/lib/sqreen/rules/count_http_codes.rb +2 -0
- data/lib/sqreen/rules/crawler_user_agent_matches_cb.rb +2 -0
- data/lib/sqreen/rules/crawler_user_agent_matches_metrics_cb.rb +2 -0
- data/lib/sqreen/rules/custom_error_cb.rb +2 -0
- data/lib/sqreen/rules/devise_auth_track_cb.rb +2 -0
- data/lib/sqreen/rules/devise_signup_track_cb.rb +2 -0
- data/lib/sqreen/rules/execjs_cb.rb +2 -0
- data/lib/sqreen/rules/headers_insert_cb.rb +7 -0
- data/lib/sqreen/rules/matcher_rule.rb +2 -0
- data/lib/sqreen/rules/not_found_cb.rb +7 -0
- data/lib/sqreen/rules/rails_parameters_cb.rb +2 -0
- data/lib/sqreen/rules/record_request_context.rb +2 -0
- data/lib/sqreen/rules/regexp_rule_cb.rb +2 -0
- data/lib/sqreen/rules/rule_cb.rb +4 -0
- data/lib/sqreen/rules/run_req_start_actions.rb +3 -1
- data/lib/sqreen/rules/run_user_actions.rb +3 -1
- data/lib/sqreen/rules/shell_env_cb.rb +2 -0
- data/lib/sqreen/rules/signup_track_cb.rb +2 -0
- data/lib/sqreen/rules/update_request_context.rb +2 -0
- data/lib/sqreen/rules/url_matches_cb.rb +2 -0
- data/lib/sqreen/rules/user_agent_matches_cb.rb +2 -0
- data/lib/sqreen/rules/waf_cb.rb +41 -16
- data/lib/sqreen/rules/xss_cb.rb +2 -0
- data/lib/sqreen/run_when_called_cb.rb +2 -0
- data/lib/sqreen/runner.rb +68 -12
- data/lib/sqreen/runtime_infos.rb +2 -0
- data/lib/sqreen/safe_json.rb +2 -0
- data/lib/sqreen/sdk.rb +4 -0
- data/lib/sqreen/sensitive_data_redactor.rb +21 -31
- data/lib/sqreen/serializer.rb +2 -0
- data/lib/sqreen/session.rb +41 -37
- data/lib/sqreen/shared_storage.rb +2 -0
- data/lib/sqreen/shared_storage23.rb +2 -0
- data/lib/sqreen/shrink_wrap.rb +16 -0
- data/lib/sqreen/signals/conversions.rb +283 -0
- data/lib/sqreen/signals/http_trace_redaction.rb +111 -0
- data/lib/sqreen/signals/signals_submission_strategy.rb +78 -0
- data/lib/sqreen/signature_verifier.rb +2 -0
- data/lib/sqreen/sinatra_middleware.rb +2 -0
- data/lib/sqreen/sqreen_signed_verifier.rb +2 -0
- data/lib/sqreen/token_invalid_exception.rb +2 -0
- data/lib/sqreen/token_not_found_exception.rb +2 -0
- data/lib/sqreen/trie.rb +2 -0
- data/lib/sqreen/unauthorized.rb +2 -0
- data/lib/sqreen/util.rb +5 -0
- data/lib/sqreen/util/capped_array.rb +2 -0
- data/lib/sqreen/util/capped_hash.rb +2 -0
- data/lib/sqreen/util/capped_string.rb +2 -0
- data/lib/sqreen/util/capper.rb +2 -0
- data/lib/sqreen/version.rb +3 -1
- data/lib/sqreen/waf_error.rb +2 -0
- data/lib/sqreen/weave.rb +12 -0
- data/lib/sqreen/weave/hardcoded.rb +19 -0
- data/lib/sqreen/weave/instrumentor.rb +48 -0
- data/lib/sqreen/weave/legacy.rb +12 -0
- data/lib/sqreen/weave/legacy/instrumentation.rb +406 -0
- data/lib/sqreen/web_server.rb +2 -0
- data/lib/sqreen/web_server/generic.rb +2 -0
- data/lib/sqreen/web_server/passenger.rb +2 -0
- data/lib/sqreen/web_server/puma.rb +2 -0
- data/lib/sqreen/web_server/rainbows.rb +2 -0
- data/lib/sqreen/web_server/thin.rb +2 -0
- data/lib/sqreen/web_server/unicorn.rb +2 -0
- data/lib/sqreen/web_server/webrick.rb +2 -0
- data/lib/sqreen/worker.rb +2 -0
- metadata +65 -9
- data/lib/sqreen/backport/original_name.rb +0 -86
- data/lib/sqreen/dependency/hook.rb +0 -102
data/lib/sqreen/capped_queue.rb
CHANGED
data/lib/sqreen/cb.rb
CHANGED
data/lib/sqreen/cb_tree.rb
CHANGED
data/lib/sqreen/conditionable.rb
CHANGED
data/lib/sqreen/configuration.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
5
|
|
@@ -36,8 +38,16 @@ module Sqreen
|
|
36
38
|
:default => false, :convert => :to_bool },
|
37
39
|
{ :env => :SQREEN_LIBSQREEN, :name => :libsqreen,
|
38
40
|
:default => true, :convert => :to_bool },
|
39
|
-
{ :env => :
|
41
|
+
{ :env => :SQREEN_WEAVE, :name => :weave,
|
42
|
+
:default => true, :convert => :to_bool },
|
43
|
+
{ :env => :SQREEN_WEAVE_STRATEGY, :name => :weave_strategy,
|
44
|
+
:default => :prepend, :convert => :to_sym },
|
45
|
+
{ :env => :SQREEN_URL, :name => :url,
|
40
46
|
:default => 'https://back.sqreen.io' },
|
47
|
+
{ :env => :SQREEN_INGESTION_URL, :name => :ingestion_url,
|
48
|
+
:default => 'https://ingestion.sqreen.com/' },
|
49
|
+
{ :env => :SQREEN_PROXY_URL, :name => :proxy_url,
|
50
|
+
:default => nil },
|
41
51
|
{ :env => :SQREEN_TOKEN, :name => :token,
|
42
52
|
:default => nil },
|
43
53
|
{ :env => :SQREEN_APP_NAME, :name => :app_name,
|
@@ -83,6 +93,10 @@ module Sqreen
|
|
83
93
|
str.to_i
|
84
94
|
end
|
85
95
|
|
96
|
+
def self.to_sym(value)
|
97
|
+
value.to_sym
|
98
|
+
end
|
99
|
+
|
86
100
|
# Class to access configurations variables
|
87
101
|
# This try to load environment by different ways.
|
88
102
|
# 1. By file:
|
@@ -206,5 +220,9 @@ module Sqreen
|
|
206
220
|
def to_int(value)
|
207
221
|
Sqreen::to_int(value)
|
208
222
|
end
|
223
|
+
|
224
|
+
def to_sym(value)
|
225
|
+
Sqreen::to_sym(value)
|
226
|
+
end
|
209
227
|
end
|
210
228
|
end
|
data/lib/sqreen/context.rb
CHANGED
data/lib/sqreen/default_cb.rb
CHANGED
data/lib/sqreen/deliveries.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# typed: true
|
2
|
+
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
5
|
|
@@ -6,6 +8,7 @@
|
|
6
8
|
# TODO: Sqreen::RequestRecord => sqreen/events
|
7
9
|
# TODO: Sqreen.time
|
8
10
|
|
11
|
+
require 'sqreen/aggregated_metric'
|
9
12
|
require 'sqreen/events/attack'
|
10
13
|
require 'sqreen/events/remote_exception'
|
11
14
|
require 'sqreen/mono_time'
|
@@ -89,9 +92,11 @@ module Sqreen
|
|
89
92
|
def event_key(event)
|
90
93
|
case event
|
91
94
|
when Sqreen::Attack
|
92
|
-
"att-#{event.
|
95
|
+
"att-#{event.rule_name}"
|
93
96
|
when Sqreen::RemoteException
|
94
97
|
"rex-#{event.klass}"
|
98
|
+
when Sqreen::AggregatedMetric
|
99
|
+
"agg-metric"
|
95
100
|
end
|
96
101
|
end
|
97
102
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# typed: true
|
2
|
+
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
5
|
|
@@ -5,6 +7,7 @@
|
|
5
7
|
# TODO: Sqreen::RemoteException => sqreen/events
|
6
8
|
# TODO: Sqreen::RequestRecord => sqreen/events
|
7
9
|
|
10
|
+
require 'sqreen/log/loggable'
|
8
11
|
require 'sqreen/events/attack'
|
9
12
|
require 'sqreen/events/remote_exception'
|
10
13
|
require 'sqreen/events/request_record'
|
@@ -13,6 +16,7 @@ module Sqreen
|
|
13
16
|
module Deliveries
|
14
17
|
# Simple delivery method that directly call session on event
|
15
18
|
class Simple
|
19
|
+
include Log::Loggable
|
16
20
|
attr_accessor :session
|
17
21
|
|
18
22
|
def initialize(session)
|
@@ -27,6 +31,8 @@ module Sqreen
|
|
27
31
|
session.post_sqreen_exception(event)
|
28
32
|
when Sqreen::RequestRecord
|
29
33
|
session.post_request_record(event)
|
34
|
+
when Sqreen::AggregatedMetric
|
35
|
+
logger.warn 'Delivery of metrics using signals is not supported with simple delivery'
|
30
36
|
else
|
31
37
|
session.post_event(event)
|
32
38
|
end
|
data/lib/sqreen/dependency.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# typed: true
|
2
|
+
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
5
|
|
@@ -12,7 +14,7 @@ module Sqreen
|
|
12
14
|
def self.resolve_const(name)
|
13
15
|
raise ArgumentError if name.nil? || name.empty?
|
14
16
|
|
15
|
-
name.to_s.split('::').inject(Object) { |a, e| a.const_get(e) }
|
17
|
+
name.to_s.split('::').inject(Object) { |a, e| a.const_get(e, false) }
|
16
18
|
end
|
17
19
|
end
|
18
20
|
end
|
@@ -1,7 +1,9 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
5
|
|
4
|
-
require 'sqreen/
|
6
|
+
require 'sqreen/graft/hook'
|
5
7
|
require 'sqreen/dependency/rails'
|
6
8
|
require 'sqreen/dependency/sinatra'
|
7
9
|
require 'sqreen/dependency/rack'
|
@@ -32,28 +34,34 @@ module Sqreen
|
|
32
34
|
Sqreen::Dependency::Rails.insert_sqreen_middlewares
|
33
35
|
end if Sqreen::Dependency::Rails.required?
|
34
36
|
|
35
|
-
Sqreen::
|
37
|
+
Sqreen::Graft::Hook.add('Rack::Builder#to_app') do
|
36
38
|
after do
|
37
39
|
Sqreen::Dependency::Rails.inspect_middlewares
|
38
40
|
end
|
39
41
|
end if Sqreen::Dependency::Rails.required?
|
40
42
|
|
41
|
-
Sqreen::
|
42
|
-
after do |
|
43
|
+
Sqreen::Graft::Hook.add('Sinatra::Base.setup_middleware') do
|
44
|
+
after do |call|
|
45
|
+
args = call.args
|
46
|
+
|
43
47
|
Sqreen::Dependency::Sinatra.insert_sqreen_middlewares(args.first)
|
44
48
|
end
|
45
49
|
end.install if Sqreen::Dependency::Sinatra.required?
|
46
50
|
|
47
|
-
Sqreen::
|
48
|
-
after do |
|
51
|
+
Sqreen::Graft::Hook.add('Rack::Builder#to_app') do
|
52
|
+
after do |call|
|
53
|
+
builder = call.instance
|
54
|
+
|
49
55
|
Sqreen::Dependency::Sinatra.inspect_middlewares(builder)
|
50
56
|
end
|
51
57
|
end if Sqreen::Dependency::Sinatra.required?
|
52
58
|
|
53
59
|
# ensure startup of thread in request handling processes
|
54
60
|
|
55
|
-
Sqreen::
|
56
|
-
after do |
|
61
|
+
Sqreen::Graft::Hook.add('Rack::Builder#to_app') do
|
62
|
+
after do |call|
|
63
|
+
callback = call.callback
|
64
|
+
|
57
65
|
Sqreen.log.debug "[#{Process.pid}] Start mode #{Sqreen::Dependency::Detector.start_mode}"
|
58
66
|
if Sqreen::Dependency::Detector.start_mode == :rails || Sqreen::Dependency::Detector.start_mode == :rackup
|
59
67
|
|
@@ -61,7 +69,7 @@ module Sqreen
|
|
61
69
|
Sqreen::Dependency::Rack.on_run(handler) do
|
62
70
|
case handler.name
|
63
71
|
when 'Rack::Handler::Puma'
|
64
|
-
Sqreen::
|
72
|
+
Sqreen::Graft::Hook.add('Puma::Launcher#run') do
|
65
73
|
before do
|
66
74
|
# HACK: Puma master? hack falls apart when not preloading
|
67
75
|
# it would think master is not, triggering startup
|
@@ -73,12 +81,12 @@ module Sqreen
|
|
73
81
|
end
|
74
82
|
end
|
75
83
|
end
|
76
|
-
Sqreen::
|
84
|
+
Sqreen::Graft::Hook['Puma::Launcher#run'].install
|
77
85
|
when 'Rack::Handler::PhusionPassenger'
|
78
86
|
# noop, passenger will start his own separate process
|
79
87
|
Sqreen.log.debug "[#{Process.pid}] Passenger will start in standalone process"
|
80
88
|
when 'Rack::Handler::Unicorn' # unicorn-rails
|
81
|
-
Sqreen::
|
89
|
+
Sqreen::Graft::Hook.add('Unicorn::HttpServer.new') do
|
82
90
|
before do
|
83
91
|
# BUG: detects single process...
|
84
92
|
end
|
@@ -97,12 +105,12 @@ module Sqreen
|
|
97
105
|
end
|
98
106
|
end
|
99
107
|
|
100
|
-
Sqreen::
|
108
|
+
Sqreen::Graft::Hook['Rack::Builder#to_app'].install
|
101
109
|
|
102
|
-
# Sqreen::
|
110
|
+
# Sqreen::Graft::Hook.add('Rails::Server#start') do
|
103
111
|
# before { }
|
104
112
|
# end
|
105
|
-
# Sqreen::
|
113
|
+
# Sqreen::Graft::Hook['Rails::Server#start'].install
|
106
114
|
# /!\ double instrument Rails < Rack => Rails.start_with -> Rails.start_without -> super -> Rack.start_with -> Rails.start_without
|
107
115
|
end
|
108
116
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
5
|
|
@@ -7,23 +9,26 @@ module Sqreen
|
|
7
9
|
module_function
|
8
10
|
|
9
11
|
def find_handler(&block)
|
10
|
-
Sqreen::
|
11
|
-
after do |
|
12
|
+
Sqreen::Graft::Hook.add('Rack::Server#server') do
|
13
|
+
after do |call|
|
14
|
+
callback = call.callback
|
15
|
+
server = call.returned
|
16
|
+
|
12
17
|
block.call(server)
|
13
18
|
callback.disable # do this once, :server is a lazy init accessor
|
14
19
|
end
|
15
20
|
end
|
16
|
-
Sqreen::
|
21
|
+
Sqreen::Graft::Hook['Rack::Server#server'].install
|
17
22
|
end
|
18
23
|
|
19
24
|
def on_run(handler, &block)
|
20
25
|
Sqreen.log.debug "[#{Process.pid}] #{handler.inspect}"
|
21
26
|
hookpoint_name = "#{handler.name}.run"
|
22
27
|
|
23
|
-
Sqreen::
|
28
|
+
Sqreen::Graft::Hook.add(hookpoint_name) do
|
24
29
|
before { block.call(handler) }
|
25
30
|
end
|
26
|
-
Sqreen::
|
31
|
+
Sqreen::Graft::Hook[hookpoint_name].install
|
27
32
|
end
|
28
33
|
|
29
34
|
def rackup?
|
@@ -1,6 +1,9 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
5
|
|
6
|
+
require 'sqreen/shrink_wrap'
|
4
7
|
require 'sqreen/middleware'
|
5
8
|
require 'sqreen/error_handling_middleware'
|
6
9
|
require 'sqreen/rails_middleware'
|
@@ -27,6 +30,7 @@ module Sqreen
|
|
27
30
|
def insert_sqreen_middlewares
|
28
31
|
Sqreen.log.debug { 'Inserting Sqreen middlewares for Rails' }
|
29
32
|
app = ::Rails.application
|
33
|
+
app.middleware.insert(0, Sqreen::ShrinkWrap)
|
30
34
|
app.middleware.insert_after(::Rack::Runtime, Sqreen::Middleware)
|
31
35
|
app.middleware.insert_after(::ActionDispatch::DebugExceptions, Sqreen::RailsMiddleware)
|
32
36
|
app.middleware.insert_after(::ActionDispatch::DebugExceptions, Sqreen::ErrorHandlingMiddleware)
|
@@ -1,6 +1,9 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
5
|
|
6
|
+
require 'sqreen/shrink_wrap'
|
4
7
|
require 'sqreen/middleware'
|
5
8
|
require 'sqreen/error_handling_middleware'
|
6
9
|
require 'sqreen/sinatra_middleware'
|
@@ -33,7 +36,7 @@ module Sqreen
|
|
33
36
|
end
|
34
37
|
end
|
35
38
|
|
36
|
-
insert_middleware(builder, Sqreen::
|
39
|
+
insert_middleware(builder, Sqreen::ShrinkWrap, args, block) do |p, u|
|
37
40
|
if (i = middlewares(builder).index(::Sinatra::ExtendedRack))
|
38
41
|
u.insert(i, p)
|
39
42
|
else
|
@@ -41,6 +44,14 @@ module Sqreen
|
|
41
44
|
end
|
42
45
|
end
|
43
46
|
|
47
|
+
insert_middleware(builder, Sqreen::Middleware, args, block) do |p, u|
|
48
|
+
if (i = middlewares(builder).index(::Sinatra::ExtendedRack))
|
49
|
+
u.insert(i, p)
|
50
|
+
else
|
51
|
+
u.insert(1, p)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
44
55
|
insert_middleware(builder, Sqreen::SinatraMiddleware, args, block) do |p, u|
|
45
56
|
if ::Sqreen::Dependency.const_exist?('Rack::PostBodyContentTypeParser') && (i = middlewares(builder).index(::Rack::PostBodyContentTypeParser))
|
46
57
|
u.insert(i + 1, p)
|
data/lib/sqreen/event.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# typed: true
|
2
|
+
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
5
|
|
@@ -6,17 +8,19 @@
|
|
6
8
|
module Sqreen
|
7
9
|
# Master interface for point in time events (e.g. Attack, RemoteException)
|
8
10
|
class Event
|
11
|
+
# @return [Hash]
|
9
12
|
attr_reader :payload
|
13
|
+
|
14
|
+
# @return [Time]
|
15
|
+
attr_accessor :time # writer used only in tests
|
16
|
+
|
10
17
|
def initialize(payload)
|
11
18
|
@payload = payload
|
12
|
-
|
13
|
-
|
14
|
-
def to_hash
|
15
|
-
payload.to_hash
|
19
|
+
@time = Time.now.utc
|
16
20
|
end
|
17
21
|
|
18
22
|
def to_s
|
19
|
-
"<#{self.class.name}: #{to_hash}>"
|
23
|
+
"<#{self.class.name}: #{payload.to_hash}>"
|
20
24
|
end
|
21
25
|
end
|
22
26
|
end
|
data/lib/sqreen/events/attack.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# typed: true
|
2
|
+
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
3
5
|
|
@@ -9,6 +11,8 @@ module Sqreen
|
|
9
11
|
# Attack
|
10
12
|
# When creating a new attack, it gets automatically pushed to the event's
|
11
13
|
# queue.
|
14
|
+
# XXX: TURNS OUT THIS CLASS IS ACTUALLY NOT USED ANYMORE
|
15
|
+
# Framework.observe is used instead with unstructured attack details
|
12
16
|
class Attack < Event
|
13
17
|
def self.record(payload)
|
14
18
|
attack = Attack.new(payload)
|
@@ -24,11 +28,31 @@ module Sqreen
|
|
24
28
|
payload['rule']['rulespack_id']
|
25
29
|
end
|
26
30
|
|
27
|
-
def
|
31
|
+
def rule_name
|
28
32
|
return nil unless payload['rule']
|
29
33
|
payload['rule']['name']
|
30
34
|
end
|
31
35
|
|
36
|
+
def test?
|
37
|
+
return nil unless payload['rule']
|
38
|
+
payload['rule']['test'] ? true : false
|
39
|
+
end
|
40
|
+
|
41
|
+
def beta?
|
42
|
+
return nil unless payload['rule']
|
43
|
+
payload['rule']['beta'] ? true : false
|
44
|
+
end
|
45
|
+
|
46
|
+
def block?
|
47
|
+
return nil unless payload['rule']
|
48
|
+
payload['rule']['block'] ? true : false
|
49
|
+
end
|
50
|
+
|
51
|
+
def attack_type
|
52
|
+
return nil unless payload['rule']
|
53
|
+
payload['rule']['attack_type']
|
54
|
+
end
|
55
|
+
|
32
56
|
def time
|
33
57
|
return nil unless payload['local']
|
34
58
|
payload['local']['time']
|
@@ -42,22 +66,5 @@ module Sqreen
|
|
42
66
|
def enqueue
|
43
67
|
Sqreen.queue.push(self)
|
44
68
|
end
|
45
|
-
|
46
|
-
def to_hash
|
47
|
-
res = {}
|
48
|
-
rule_p = payload['rule']
|
49
|
-
request_p = payload['request']
|
50
|
-
res[:rule_name] = rule_p['name'] if rule_p && rule_p['name']
|
51
|
-
res[:rulespack_id] = rule_p['rulespack_id'] if rule_p && rule_p['rulespack_id']
|
52
|
-
res[:test] = rule_p['test'] if rule_p && rule_p['test']
|
53
|
-
res[:infos] = payload['infos'] if payload['infos']
|
54
|
-
res[:time] = time if time
|
55
|
-
res[:client_ip] = request_p[:addr] if request_p && request_p[:addr]
|
56
|
-
res[:request] = request_p if request_p
|
57
|
-
res[:params] = payload['params'] if payload['params']
|
58
|
-
res[:context] = payload['context'] if payload['context']
|
59
|
-
res[:headers] = payload['headers'] if payload['headers']
|
60
|
-
res
|
61
|
-
end
|
62
69
|
end
|
63
70
|
end
|