sqreen 1.18.6-java → 1.20.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +27 -0
- data/lib/sqreen/actions.rb +2 -0
- data/lib/sqreen/actions/actions_index.rb +16 -0
- data/lib/sqreen/actions/base.rb +4 -10
- data/lib/sqreen/actions/block_ip.rb +2 -0
- data/lib/sqreen/actions/block_user.rb +2 -0
- data/lib/sqreen/actions/ip_range_indexed_action_class.rb +4 -24
- data/lib/sqreen/actions/ip_ranges_index.rb +32 -11
- data/lib/sqreen/actions/redirect_ip.rb +2 -0
- data/lib/sqreen/actions/redirect_user.rb +2 -0
- data/lib/sqreen/actions/repository.rb +27 -8
- data/lib/sqreen/actions/unknown_action_type.rb +4 -0
- data/lib/sqreen/actions/user_action_class.rb +5 -30
- data/lib/sqreen/actions/users_index.rb +35 -0
- data/lib/sqreen/agent.rb +2 -1
- data/lib/sqreen/aggregated_metric.rb +25 -0
- data/lib/sqreen/attack_blocked.rb +2 -0
- data/lib/sqreen/binding_accessor.rb +2 -0
- data/lib/sqreen/binding_accessor/path_elem.rb +2 -0
- data/lib/sqreen/binding_accessor/transforms.rb +8 -1
- data/lib/sqreen/call_countable.rb +2 -0
- data/lib/sqreen/capped_queue.rb +2 -0
- data/lib/sqreen/cb.rb +2 -0
- data/lib/sqreen/cb_tree.rb +2 -0
- data/lib/sqreen/condition_evaluator.rb +2 -0
- data/lib/sqreen/conditionable.rb +2 -0
- data/lib/sqreen/configuration.rb +19 -1
- data/lib/sqreen/context.rb +2 -0
- data/lib/sqreen/default_cb.rb +2 -0
- data/lib/sqreen/deferred_logger.rb +2 -0
- data/lib/sqreen/deliveries.rb +2 -0
- data/lib/sqreen/deliveries/batch.rb +6 -1
- data/lib/sqreen/deliveries/simple.rb +6 -0
- data/lib/sqreen/dependency.rb +3 -1
- data/lib/sqreen/dependency/detector.rb +22 -14
- data/lib/sqreen/dependency/libsqreen.rb +4 -0
- data/lib/sqreen/dependency/new_relic.rb +2 -0
- data/lib/sqreen/dependency/rack.rb +10 -5
- data/lib/sqreen/dependency/rails.rb +4 -0
- data/lib/sqreen/dependency/sentry.rb +2 -0
- data/lib/sqreen/dependency/sinatra.rb +12 -1
- data/lib/sqreen/encoding_sanitizer.rb +2 -0
- data/lib/sqreen/error_handling_middleware.rb +2 -0
- data/lib/sqreen/event.rb +9 -5
- data/lib/sqreen/events/attack.rb +25 -18
- data/lib/sqreen/events/remote_exception.rb +2 -22
- data/lib/sqreen/events/request_record.rb +17 -70
- data/lib/sqreen/exception.rb +2 -0
- data/lib/sqreen/formatter_with_tid.rb +2 -0
- data/lib/sqreen/framework_cb.rb +2 -0
- data/lib/sqreen/frameworks.rb +2 -0
- data/lib/sqreen/frameworks/generic.rb +2 -0
- data/lib/sqreen/frameworks/rails.rb +1 -0
- data/lib/sqreen/frameworks/rails3.rb +2 -0
- data/lib/sqreen/frameworks/request_recorder.rb +15 -2
- data/lib/sqreen/frameworks/sinatra.rb +2 -0
- data/lib/sqreen/frameworks/sqreen_test.rb +2 -0
- data/lib/sqreen/graft.rb +12 -0
- data/lib/sqreen/graft/call.rb +150 -0
- data/lib/sqreen/{dependency → graft}/callback.rb +12 -4
- data/lib/sqreen/graft/hook.rb +316 -0
- data/lib/sqreen/{dependency → graft}/hook_point.rb +152 -33
- data/lib/sqreen/graft/hook_point_error.rb +10 -0
- data/lib/sqreen/invalid_signature_exception.rb +2 -0
- data/lib/sqreen/js.rb +2 -0
- data/lib/sqreen/js/call_context.rb +2 -0
- data/lib/sqreen/js/context_pool.rb +2 -0
- data/lib/sqreen/js/exec_js_runnable.rb +2 -0
- data/lib/sqreen/js/execjs_adapter.rb +2 -0
- data/lib/sqreen/js/executable_js.rb +2 -0
- data/lib/sqreen/js/js_service.rb +2 -0
- data/lib/sqreen/js/js_service_adapter.rb +2 -0
- data/lib/sqreen/js/mini_racer_adapter.rb +2 -0
- data/lib/sqreen/js/mini_racer_executable_js.rb +2 -0
- data/lib/sqreen/js/thread_local_exec_js_runnable.rb +2 -0
- data/lib/sqreen/kit/signals/specialized/aggregated_metric.rb +72 -0
- data/lib/sqreen/kit/signals/specialized/attack.rb +57 -0
- data/lib/sqreen/kit/signals/specialized/binning_metric.rb +76 -0
- data/lib/sqreen/kit/signals/specialized/http_trace.rb +26 -0
- data/lib/sqreen/kit/signals/specialized/sdk_track_call.rb +50 -0
- data/lib/sqreen/kit/signals/specialized/sqreen_exception.rb +57 -0
- data/lib/sqreen/{backport.rb → legacy.rb} +3 -2
- data/lib/sqreen/{instrumentation.rb → legacy/instrumentation.rb} +31 -2
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +221 -0
- data/lib/sqreen/legacy/waf_redactions.rb +49 -0
- data/lib/sqreen/log.rb +2 -0
- data/lib/sqreen/log/loggable.rb +28 -0
- data/lib/sqreen/logger.rb +2 -0
- data/lib/sqreen/metrics.rb +2 -0
- data/lib/sqreen/metrics/average.rb +2 -0
- data/lib/sqreen/metrics/base.rb +5 -0
- data/lib/sqreen/metrics/binning.rb +2 -0
- data/lib/sqreen/metrics/collect.rb +2 -0
- data/lib/sqreen/metrics/sum.rb +2 -0
- data/lib/sqreen/metrics_store.rb +24 -12
- data/lib/sqreen/metrics_store/already_registered_metric.rb +2 -0
- data/lib/sqreen/metrics_store/unknown_metric.rb +2 -0
- data/lib/sqreen/metrics_store/unregistered_metric.rb +2 -0
- data/lib/sqreen/middleware.rb +2 -0
- data/lib/sqreen/mono_time.rb +2 -0
- data/lib/sqreen/node.rb +2 -0
- data/lib/sqreen/not_implemented_yet.rb +2 -0
- data/lib/sqreen/null_logger.rb +2 -0
- data/lib/sqreen/payload_creator.rb +2 -0
- data/lib/sqreen/payload_creator/header_section.rb +2 -0
- data/lib/sqreen/performance_notifications.rb +2 -0
- data/lib/sqreen/performance_notifications/binned_metrics.rb +10 -2
- data/lib/sqreen/performance_notifications/log.rb +2 -0
- data/lib/sqreen/performance_notifications/log_performance.rb +2 -0
- data/lib/sqreen/performance_notifications/metrics.rb +2 -0
- data/lib/sqreen/performance_notifications/newrelic.rb +2 -0
- data/lib/sqreen/prefix.rb +2 -0
- data/lib/sqreen/rails_middleware.rb +2 -0
- data/lib/sqreen/remote_command.rb +2 -0
- data/lib/sqreen/remote_command/failure_output.rb +5 -0
- data/lib/sqreen/rules.rb +6 -2
- data/lib/sqreen/rules/attrs.rb +2 -0
- data/lib/sqreen/rules/auth_track_cb.rb +2 -0
- data/lib/sqreen/rules/binding_accessor_matcher_cb.rb +2 -0
- data/lib/sqreen/rules/binding_accessor_metrics.rb +2 -0
- data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -0
- data/lib/sqreen/rules/count_http_codes.rb +2 -0
- data/lib/sqreen/rules/crawler_user_agent_matches_cb.rb +2 -0
- data/lib/sqreen/rules/crawler_user_agent_matches_metrics_cb.rb +2 -0
- data/lib/sqreen/rules/custom_error_cb.rb +2 -0
- data/lib/sqreen/rules/devise_auth_track_cb.rb +2 -0
- data/lib/sqreen/rules/devise_signup_track_cb.rb +2 -0
- data/lib/sqreen/rules/execjs_cb.rb +2 -0
- data/lib/sqreen/rules/headers_insert_cb.rb +7 -0
- data/lib/sqreen/rules/matcher_rule.rb +2 -0
- data/lib/sqreen/rules/not_found_cb.rb +7 -0
- data/lib/sqreen/rules/rails_parameters_cb.rb +2 -0
- data/lib/sqreen/rules/record_request_context.rb +2 -0
- data/lib/sqreen/rules/regexp_rule_cb.rb +2 -0
- data/lib/sqreen/rules/rule_cb.rb +4 -0
- data/lib/sqreen/rules/run_req_start_actions.rb +3 -1
- data/lib/sqreen/rules/run_user_actions.rb +3 -1
- data/lib/sqreen/rules/shell_env_cb.rb +2 -0
- data/lib/sqreen/rules/signup_track_cb.rb +2 -0
- data/lib/sqreen/rules/update_request_context.rb +2 -0
- data/lib/sqreen/rules/url_matches_cb.rb +2 -0
- data/lib/sqreen/rules/user_agent_matches_cb.rb +2 -0
- data/lib/sqreen/rules/waf_cb.rb +41 -16
- data/lib/sqreen/rules/xss_cb.rb +2 -0
- data/lib/sqreen/run_when_called_cb.rb +2 -0
- data/lib/sqreen/runner.rb +68 -12
- data/lib/sqreen/runtime_infos.rb +2 -0
- data/lib/sqreen/safe_json.rb +2 -0
- data/lib/sqreen/sdk.rb +4 -0
- data/lib/sqreen/sensitive_data_redactor.rb +21 -31
- data/lib/sqreen/serializer.rb +2 -0
- data/lib/sqreen/session.rb +41 -37
- data/lib/sqreen/shared_storage.rb +2 -0
- data/lib/sqreen/shared_storage23.rb +2 -0
- data/lib/sqreen/shrink_wrap.rb +16 -0
- data/lib/sqreen/signals/conversions.rb +283 -0
- data/lib/sqreen/signals/http_trace_redaction.rb +111 -0
- data/lib/sqreen/signals/signals_submission_strategy.rb +78 -0
- data/lib/sqreen/signature_verifier.rb +2 -0
- data/lib/sqreen/sinatra_middleware.rb +2 -0
- data/lib/sqreen/sqreen_signed_verifier.rb +2 -0
- data/lib/sqreen/token_invalid_exception.rb +2 -0
- data/lib/sqreen/token_not_found_exception.rb +2 -0
- data/lib/sqreen/trie.rb +2 -0
- data/lib/sqreen/unauthorized.rb +2 -0
- data/lib/sqreen/util.rb +5 -0
- data/lib/sqreen/util/capped_array.rb +2 -0
- data/lib/sqreen/util/capped_hash.rb +2 -0
- data/lib/sqreen/util/capped_string.rb +2 -0
- data/lib/sqreen/util/capper.rb +2 -0
- data/lib/sqreen/version.rb +3 -1
- data/lib/sqreen/waf_error.rb +2 -0
- data/lib/sqreen/weave.rb +12 -0
- data/lib/sqreen/weave/hardcoded.rb +19 -0
- data/lib/sqreen/weave/instrumentor.rb +48 -0
- data/lib/sqreen/weave/legacy.rb +12 -0
- data/lib/sqreen/weave/legacy/instrumentation.rb +406 -0
- data/lib/sqreen/web_server.rb +2 -0
- data/lib/sqreen/web_server/generic.rb +2 -0
- data/lib/sqreen/web_server/passenger.rb +2 -0
- data/lib/sqreen/web_server/puma.rb +2 -0
- data/lib/sqreen/web_server/rainbows.rb +2 -0
- data/lib/sqreen/web_server/thin.rb +2 -0
- data/lib/sqreen/web_server/unicorn.rb +2 -0
- data/lib/sqreen/web_server/webrick.rb +2 -0
- data/lib/sqreen/worker.rb +2 -0
- metadata +65 -9
- data/lib/sqreen/backport/original_name.rb +0 -86
- data/lib/sqreen/dependency/hook.rb +0 -102
data/lib/sqreen/logger.rb
CHANGED
data/lib/sqreen/metrics.rb
CHANGED
data/lib/sqreen/metrics/base.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# typed: true
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
@@ -10,6 +12,9 @@ module Sqreen
|
|
|
10
12
|
FINISH_KEY = 'finish'.freeze
|
|
11
13
|
# Base interface for a metric
|
|
12
14
|
class Base
|
|
15
|
+
attr_accessor :name, :period # for signals serialization
|
|
16
|
+
attr_accessor :rule # optional
|
|
17
|
+
|
|
13
18
|
def initialize(_opts={})
|
|
14
19
|
@sample = nil
|
|
15
20
|
end
|
data/lib/sqreen/metrics/sum.rb
CHANGED
data/lib/sqreen/metrics_store.rb
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
|
+
# typed: true
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
6
|
+
require 'sqreen/aggregated_metric'
|
|
4
7
|
require 'sqreen/metrics'
|
|
5
8
|
require 'sqreen/mono_time'
|
|
6
9
|
require 'sqreen/metrics_store/unknown_metric'
|
|
@@ -28,8 +31,9 @@ module Sqreen
|
|
|
28
31
|
|
|
29
32
|
# Definition contains a name,period and aggregate at least
|
|
30
33
|
# @param definition [Hash] a metric definition
|
|
34
|
+
# @param rule [RuleCB] the rule associated with this metric, if any
|
|
31
35
|
# @param mklass [Object] Override metric object (used in testing)
|
|
32
|
-
def create_metric(definition, mklass = nil)
|
|
36
|
+
def create_metric(definition, rule = nil, mklass = nil)
|
|
33
37
|
name = definition[NAME_KEY]
|
|
34
38
|
kind = definition[KIND_KEY]
|
|
35
39
|
klass = valid_metric(kind, name)
|
|
@@ -41,6 +45,9 @@ module Sqreen
|
|
|
41
45
|
definition[PERIOD_KEY],
|
|
42
46
|
nil # Start
|
|
43
47
|
]
|
|
48
|
+
metric.name = name
|
|
49
|
+
metric.rule = rule
|
|
50
|
+
metric.period = definition[PERIOD_KEY]
|
|
44
51
|
metric
|
|
45
52
|
end
|
|
46
53
|
|
|
@@ -48,7 +55,7 @@ module Sqreen
|
|
|
48
55
|
@metrics.key?(name)
|
|
49
56
|
end
|
|
50
57
|
|
|
51
|
-
# @
|
|
58
|
+
# @param at [Time] when is the store emptied
|
|
52
59
|
def update(name, at, key, value)
|
|
53
60
|
metric, period, start = @metrics[name]
|
|
54
61
|
raise UnregisteredMetric, "Unknown metric #{name}" unless metric
|
|
@@ -57,7 +64,7 @@ module Sqreen
|
|
|
57
64
|
end
|
|
58
65
|
|
|
59
66
|
# Drains every metrics and returns the store content
|
|
60
|
-
# @
|
|
67
|
+
# @param at [Time] when is the store emptied
|
|
61
68
|
def publish(flush = true, at = Sqreen.time)
|
|
62
69
|
@metrics.each do |name, (_, period, start)|
|
|
63
70
|
next_sample(name, at) if flush || !start.nil? && (start + period) < at
|
|
@@ -73,15 +80,20 @@ module Sqreen
|
|
|
73
80
|
metric = @metrics[name][0]
|
|
74
81
|
r = metric.next_sample(at)
|
|
75
82
|
@metrics[name][2] = at # new start
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
83
|
+
return unless r
|
|
84
|
+
|
|
85
|
+
r[NAME_KEY] = name
|
|
86
|
+
obs = r[Metric::OBSERVATION_KEY]
|
|
87
|
+
return unless obs && (!obs.respond_to?(:empty?) || !obs.empty?)
|
|
88
|
+
start_of_mono = Time.now.utc - Sqreen.time
|
|
89
|
+
|
|
90
|
+
agg = AggregatedMetric.new
|
|
91
|
+
agg.metric = metric
|
|
92
|
+
agg.rule = agg.metric.rule
|
|
93
|
+
agg.start = start_of_mono + r[Metric::START_KEY]
|
|
94
|
+
agg.finish = start_of_mono + r[Metric::FINISH_KEY]
|
|
95
|
+
agg.data = obs
|
|
96
|
+
@store << agg
|
|
85
97
|
end
|
|
86
98
|
|
|
87
99
|
def valid_metric(kind, name)
|
data/lib/sqreen/middleware.rb
CHANGED
data/lib/sqreen/mono_time.rb
CHANGED
data/lib/sqreen/node.rb
CHANGED
data/lib/sqreen/null_logger.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# typed: true
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
@@ -120,10 +122,16 @@ module Sqreen
|
|
|
120
122
|
attr_reader :metrics_store
|
|
121
123
|
attr_reader :period
|
|
122
124
|
|
|
123
|
-
def ensure_metric(metric_name)
|
|
125
|
+
def ensure_metric(metric_name, rule = nil)
|
|
124
126
|
return if metrics_store.metric?(metric_name)
|
|
125
127
|
metrics_store.create_metric(
|
|
126
|
-
|
|
128
|
+
{
|
|
129
|
+
'name' => metric_name,
|
|
130
|
+
'period' => period,
|
|
131
|
+
'kind' => 'Binning',
|
|
132
|
+
'options' => @perf_metric_opts,
|
|
133
|
+
},
|
|
134
|
+
rule
|
|
127
135
|
)
|
|
128
136
|
end
|
|
129
137
|
|
data/lib/sqreen/prefix.rb
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# typed: true
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
5
|
+
|
|
1
6
|
module Sqreen
|
|
2
7
|
class RemoteCommand
|
|
3
8
|
# wraps output returned by a command that should also result in status: false
|
data/lib/sqreen/rules.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
@@ -133,13 +135,15 @@ module Sqreen
|
|
|
133
135
|
return nil
|
|
134
136
|
end
|
|
135
137
|
|
|
138
|
+
rule_cb = cb_class.new(instr_class, instr_method, hash_rule)
|
|
139
|
+
|
|
136
140
|
if metrics_store
|
|
137
141
|
(hash_rule[Attrs::METRICS] || []).each do |metric|
|
|
138
|
-
metrics_store.create_metric(metric)
|
|
142
|
+
metrics_store.create_metric(metric, rule_cb)
|
|
139
143
|
end
|
|
140
144
|
end
|
|
141
145
|
|
|
142
|
-
|
|
146
|
+
rule_cb
|
|
143
147
|
rescue => e
|
|
144
148
|
rule_name = nil
|
|
145
149
|
rulespack_id = nil
|
data/lib/sqreen/rules/attrs.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
@@ -7,6 +9,11 @@ module Sqreen
|
|
|
7
9
|
module Rules
|
|
8
10
|
# Display sqreen presence
|
|
9
11
|
class HeadersInsertCB < RuleCB
|
|
12
|
+
def initialize(*args)
|
|
13
|
+
super
|
|
14
|
+
@overtimeable = false
|
|
15
|
+
end
|
|
16
|
+
|
|
10
17
|
def post(rv, _inst, _args, _budget = nil, &_block)
|
|
11
18
|
return unless rv && rv.respond_to?(:[]) && rv[1].is_a?(Hash)
|
|
12
19
|
return nil unless @data
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
5
|
+
|
|
1
6
|
require 'sqreen/rules/attrs'
|
|
2
7
|
require 'sqreen/rules/rule_cb'
|
|
3
8
|
|
|
@@ -19,6 +24,8 @@ module Sqreen
|
|
|
19
24
|
exception = env['action_dispatch.exception']
|
|
20
25
|
|
|
21
26
|
record_from_env(ua, script_name, path_info, verb, override, host, exception)
|
|
27
|
+
|
|
28
|
+
nil
|
|
22
29
|
end
|
|
23
30
|
|
|
24
31
|
def record_from_env(ua, script_name, path_info, verb, override, host, exception)
|