sqreen 1.18.6-java → 1.20.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +27 -0
- data/lib/sqreen/actions.rb +2 -0
- data/lib/sqreen/actions/actions_index.rb +16 -0
- data/lib/sqreen/actions/base.rb +4 -10
- data/lib/sqreen/actions/block_ip.rb +2 -0
- data/lib/sqreen/actions/block_user.rb +2 -0
- data/lib/sqreen/actions/ip_range_indexed_action_class.rb +4 -24
- data/lib/sqreen/actions/ip_ranges_index.rb +32 -11
- data/lib/sqreen/actions/redirect_ip.rb +2 -0
- data/lib/sqreen/actions/redirect_user.rb +2 -0
- data/lib/sqreen/actions/repository.rb +27 -8
- data/lib/sqreen/actions/unknown_action_type.rb +4 -0
- data/lib/sqreen/actions/user_action_class.rb +5 -30
- data/lib/sqreen/actions/users_index.rb +35 -0
- data/lib/sqreen/agent.rb +2 -1
- data/lib/sqreen/aggregated_metric.rb +25 -0
- data/lib/sqreen/attack_blocked.rb +2 -0
- data/lib/sqreen/binding_accessor.rb +2 -0
- data/lib/sqreen/binding_accessor/path_elem.rb +2 -0
- data/lib/sqreen/binding_accessor/transforms.rb +8 -1
- data/lib/sqreen/call_countable.rb +2 -0
- data/lib/sqreen/capped_queue.rb +2 -0
- data/lib/sqreen/cb.rb +2 -0
- data/lib/sqreen/cb_tree.rb +2 -0
- data/lib/sqreen/condition_evaluator.rb +2 -0
- data/lib/sqreen/conditionable.rb +2 -0
- data/lib/sqreen/configuration.rb +19 -1
- data/lib/sqreen/context.rb +2 -0
- data/lib/sqreen/default_cb.rb +2 -0
- data/lib/sqreen/deferred_logger.rb +2 -0
- data/lib/sqreen/deliveries.rb +2 -0
- data/lib/sqreen/deliveries/batch.rb +6 -1
- data/lib/sqreen/deliveries/simple.rb +6 -0
- data/lib/sqreen/dependency.rb +3 -1
- data/lib/sqreen/dependency/detector.rb +22 -14
- data/lib/sqreen/dependency/libsqreen.rb +4 -0
- data/lib/sqreen/dependency/new_relic.rb +2 -0
- data/lib/sqreen/dependency/rack.rb +10 -5
- data/lib/sqreen/dependency/rails.rb +4 -0
- data/lib/sqreen/dependency/sentry.rb +2 -0
- data/lib/sqreen/dependency/sinatra.rb +12 -1
- data/lib/sqreen/encoding_sanitizer.rb +2 -0
- data/lib/sqreen/error_handling_middleware.rb +2 -0
- data/lib/sqreen/event.rb +9 -5
- data/lib/sqreen/events/attack.rb +25 -18
- data/lib/sqreen/events/remote_exception.rb +2 -22
- data/lib/sqreen/events/request_record.rb +17 -70
- data/lib/sqreen/exception.rb +2 -0
- data/lib/sqreen/formatter_with_tid.rb +2 -0
- data/lib/sqreen/framework_cb.rb +2 -0
- data/lib/sqreen/frameworks.rb +2 -0
- data/lib/sqreen/frameworks/generic.rb +2 -0
- data/lib/sqreen/frameworks/rails.rb +1 -0
- data/lib/sqreen/frameworks/rails3.rb +2 -0
- data/lib/sqreen/frameworks/request_recorder.rb +15 -2
- data/lib/sqreen/frameworks/sinatra.rb +2 -0
- data/lib/sqreen/frameworks/sqreen_test.rb +2 -0
- data/lib/sqreen/graft.rb +12 -0
- data/lib/sqreen/graft/call.rb +150 -0
- data/lib/sqreen/{dependency → graft}/callback.rb +12 -4
- data/lib/sqreen/graft/hook.rb +316 -0
- data/lib/sqreen/{dependency → graft}/hook_point.rb +152 -33
- data/lib/sqreen/graft/hook_point_error.rb +10 -0
- data/lib/sqreen/invalid_signature_exception.rb +2 -0
- data/lib/sqreen/js.rb +2 -0
- data/lib/sqreen/js/call_context.rb +2 -0
- data/lib/sqreen/js/context_pool.rb +2 -0
- data/lib/sqreen/js/exec_js_runnable.rb +2 -0
- data/lib/sqreen/js/execjs_adapter.rb +2 -0
- data/lib/sqreen/js/executable_js.rb +2 -0
- data/lib/sqreen/js/js_service.rb +2 -0
- data/lib/sqreen/js/js_service_adapter.rb +2 -0
- data/lib/sqreen/js/mini_racer_adapter.rb +2 -0
- data/lib/sqreen/js/mini_racer_executable_js.rb +2 -0
- data/lib/sqreen/js/thread_local_exec_js_runnable.rb +2 -0
- data/lib/sqreen/kit/signals/specialized/aggregated_metric.rb +72 -0
- data/lib/sqreen/kit/signals/specialized/attack.rb +57 -0
- data/lib/sqreen/kit/signals/specialized/binning_metric.rb +76 -0
- data/lib/sqreen/kit/signals/specialized/http_trace.rb +26 -0
- data/lib/sqreen/kit/signals/specialized/sdk_track_call.rb +50 -0
- data/lib/sqreen/kit/signals/specialized/sqreen_exception.rb +57 -0
- data/lib/sqreen/{backport.rb → legacy.rb} +3 -2
- data/lib/sqreen/{instrumentation.rb → legacy/instrumentation.rb} +31 -2
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +221 -0
- data/lib/sqreen/legacy/waf_redactions.rb +49 -0
- data/lib/sqreen/log.rb +2 -0
- data/lib/sqreen/log/loggable.rb +28 -0
- data/lib/sqreen/logger.rb +2 -0
- data/lib/sqreen/metrics.rb +2 -0
- data/lib/sqreen/metrics/average.rb +2 -0
- data/lib/sqreen/metrics/base.rb +5 -0
- data/lib/sqreen/metrics/binning.rb +2 -0
- data/lib/sqreen/metrics/collect.rb +2 -0
- data/lib/sqreen/metrics/sum.rb +2 -0
- data/lib/sqreen/metrics_store.rb +24 -12
- data/lib/sqreen/metrics_store/already_registered_metric.rb +2 -0
- data/lib/sqreen/metrics_store/unknown_metric.rb +2 -0
- data/lib/sqreen/metrics_store/unregistered_metric.rb +2 -0
- data/lib/sqreen/middleware.rb +2 -0
- data/lib/sqreen/mono_time.rb +2 -0
- data/lib/sqreen/node.rb +2 -0
- data/lib/sqreen/not_implemented_yet.rb +2 -0
- data/lib/sqreen/null_logger.rb +2 -0
- data/lib/sqreen/payload_creator.rb +2 -0
- data/lib/sqreen/payload_creator/header_section.rb +2 -0
- data/lib/sqreen/performance_notifications.rb +2 -0
- data/lib/sqreen/performance_notifications/binned_metrics.rb +10 -2
- data/lib/sqreen/performance_notifications/log.rb +2 -0
- data/lib/sqreen/performance_notifications/log_performance.rb +2 -0
- data/lib/sqreen/performance_notifications/metrics.rb +2 -0
- data/lib/sqreen/performance_notifications/newrelic.rb +2 -0
- data/lib/sqreen/prefix.rb +2 -0
- data/lib/sqreen/rails_middleware.rb +2 -0
- data/lib/sqreen/remote_command.rb +2 -0
- data/lib/sqreen/remote_command/failure_output.rb +5 -0
- data/lib/sqreen/rules.rb +6 -2
- data/lib/sqreen/rules/attrs.rb +2 -0
- data/lib/sqreen/rules/auth_track_cb.rb +2 -0
- data/lib/sqreen/rules/binding_accessor_matcher_cb.rb +2 -0
- data/lib/sqreen/rules/binding_accessor_metrics.rb +2 -0
- data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -0
- data/lib/sqreen/rules/count_http_codes.rb +2 -0
- data/lib/sqreen/rules/crawler_user_agent_matches_cb.rb +2 -0
- data/lib/sqreen/rules/crawler_user_agent_matches_metrics_cb.rb +2 -0
- data/lib/sqreen/rules/custom_error_cb.rb +2 -0
- data/lib/sqreen/rules/devise_auth_track_cb.rb +2 -0
- data/lib/sqreen/rules/devise_signup_track_cb.rb +2 -0
- data/lib/sqreen/rules/execjs_cb.rb +2 -0
- data/lib/sqreen/rules/headers_insert_cb.rb +7 -0
- data/lib/sqreen/rules/matcher_rule.rb +2 -0
- data/lib/sqreen/rules/not_found_cb.rb +7 -0
- data/lib/sqreen/rules/rails_parameters_cb.rb +2 -0
- data/lib/sqreen/rules/record_request_context.rb +2 -0
- data/lib/sqreen/rules/regexp_rule_cb.rb +2 -0
- data/lib/sqreen/rules/rule_cb.rb +4 -0
- data/lib/sqreen/rules/run_req_start_actions.rb +3 -1
- data/lib/sqreen/rules/run_user_actions.rb +3 -1
- data/lib/sqreen/rules/shell_env_cb.rb +2 -0
- data/lib/sqreen/rules/signup_track_cb.rb +2 -0
- data/lib/sqreen/rules/update_request_context.rb +2 -0
- data/lib/sqreen/rules/url_matches_cb.rb +2 -0
- data/lib/sqreen/rules/user_agent_matches_cb.rb +2 -0
- data/lib/sqreen/rules/waf_cb.rb +41 -16
- data/lib/sqreen/rules/xss_cb.rb +2 -0
- data/lib/sqreen/run_when_called_cb.rb +2 -0
- data/lib/sqreen/runner.rb +68 -12
- data/lib/sqreen/runtime_infos.rb +2 -0
- data/lib/sqreen/safe_json.rb +2 -0
- data/lib/sqreen/sdk.rb +4 -0
- data/lib/sqreen/sensitive_data_redactor.rb +21 -31
- data/lib/sqreen/serializer.rb +2 -0
- data/lib/sqreen/session.rb +41 -37
- data/lib/sqreen/shared_storage.rb +2 -0
- data/lib/sqreen/shared_storage23.rb +2 -0
- data/lib/sqreen/shrink_wrap.rb +16 -0
- data/lib/sqreen/signals/conversions.rb +283 -0
- data/lib/sqreen/signals/http_trace_redaction.rb +111 -0
- data/lib/sqreen/signals/signals_submission_strategy.rb +78 -0
- data/lib/sqreen/signature_verifier.rb +2 -0
- data/lib/sqreen/sinatra_middleware.rb +2 -0
- data/lib/sqreen/sqreen_signed_verifier.rb +2 -0
- data/lib/sqreen/token_invalid_exception.rb +2 -0
- data/lib/sqreen/token_not_found_exception.rb +2 -0
- data/lib/sqreen/trie.rb +2 -0
- data/lib/sqreen/unauthorized.rb +2 -0
- data/lib/sqreen/util.rb +5 -0
- data/lib/sqreen/util/capped_array.rb +2 -0
- data/lib/sqreen/util/capped_hash.rb +2 -0
- data/lib/sqreen/util/capped_string.rb +2 -0
- data/lib/sqreen/util/capper.rb +2 -0
- data/lib/sqreen/version.rb +3 -1
- data/lib/sqreen/waf_error.rb +2 -0
- data/lib/sqreen/weave.rb +12 -0
- data/lib/sqreen/weave/hardcoded.rb +19 -0
- data/lib/sqreen/weave/instrumentor.rb +48 -0
- data/lib/sqreen/weave/legacy.rb +12 -0
- data/lib/sqreen/weave/legacy/instrumentation.rb +406 -0
- data/lib/sqreen/web_server.rb +2 -0
- data/lib/sqreen/web_server/generic.rb +2 -0
- data/lib/sqreen/web_server/passenger.rb +2 -0
- data/lib/sqreen/web_server/puma.rb +2 -0
- data/lib/sqreen/web_server/rainbows.rb +2 -0
- data/lib/sqreen/web_server/thin.rb +2 -0
- data/lib/sqreen/web_server/unicorn.rb +2 -0
- data/lib/sqreen/web_server/webrick.rb +2 -0
- data/lib/sqreen/worker.rb +2 -0
- metadata +65 -9
- data/lib/sqreen/backport/original_name.rb +0 -86
- data/lib/sqreen/dependency/hook.rb +0 -102
data/lib/sqreen/logger.rb
CHANGED
data/lib/sqreen/metrics.rb
CHANGED
data/lib/sqreen/metrics/base.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# typed: true
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
@@ -10,6 +12,9 @@ module Sqreen
|
|
|
10
12
|
FINISH_KEY = 'finish'.freeze
|
|
11
13
|
# Base interface for a metric
|
|
12
14
|
class Base
|
|
15
|
+
attr_accessor :name, :period # for signals serialization
|
|
16
|
+
attr_accessor :rule # optional
|
|
17
|
+
|
|
13
18
|
def initialize(_opts={})
|
|
14
19
|
@sample = nil
|
|
15
20
|
end
|
data/lib/sqreen/metrics/sum.rb
CHANGED
data/lib/sqreen/metrics_store.rb
CHANGED
|
@@ -1,6 +1,9 @@
|
|
|
1
|
+
# typed: true
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
6
|
+
require 'sqreen/aggregated_metric'
|
|
4
7
|
require 'sqreen/metrics'
|
|
5
8
|
require 'sqreen/mono_time'
|
|
6
9
|
require 'sqreen/metrics_store/unknown_metric'
|
|
@@ -28,8 +31,9 @@ module Sqreen
|
|
|
28
31
|
|
|
29
32
|
# Definition contains a name,period and aggregate at least
|
|
30
33
|
# @param definition [Hash] a metric definition
|
|
34
|
+
# @param rule [RuleCB] the rule associated with this metric, if any
|
|
31
35
|
# @param mklass [Object] Override metric object (used in testing)
|
|
32
|
-
def create_metric(definition, mklass = nil)
|
|
36
|
+
def create_metric(definition, rule = nil, mklass = nil)
|
|
33
37
|
name = definition[NAME_KEY]
|
|
34
38
|
kind = definition[KIND_KEY]
|
|
35
39
|
klass = valid_metric(kind, name)
|
|
@@ -41,6 +45,9 @@ module Sqreen
|
|
|
41
45
|
definition[PERIOD_KEY],
|
|
42
46
|
nil # Start
|
|
43
47
|
]
|
|
48
|
+
metric.name = name
|
|
49
|
+
metric.rule = rule
|
|
50
|
+
metric.period = definition[PERIOD_KEY]
|
|
44
51
|
metric
|
|
45
52
|
end
|
|
46
53
|
|
|
@@ -48,7 +55,7 @@ module Sqreen
|
|
|
48
55
|
@metrics.key?(name)
|
|
49
56
|
end
|
|
50
57
|
|
|
51
|
-
# @
|
|
58
|
+
# @param at [Time] when is the store emptied
|
|
52
59
|
def update(name, at, key, value)
|
|
53
60
|
metric, period, start = @metrics[name]
|
|
54
61
|
raise UnregisteredMetric, "Unknown metric #{name}" unless metric
|
|
@@ -57,7 +64,7 @@ module Sqreen
|
|
|
57
64
|
end
|
|
58
65
|
|
|
59
66
|
# Drains every metrics and returns the store content
|
|
60
|
-
# @
|
|
67
|
+
# @param at [Time] when is the store emptied
|
|
61
68
|
def publish(flush = true, at = Sqreen.time)
|
|
62
69
|
@metrics.each do |name, (_, period, start)|
|
|
63
70
|
next_sample(name, at) if flush || !start.nil? && (start + period) < at
|
|
@@ -73,15 +80,20 @@ module Sqreen
|
|
|
73
80
|
metric = @metrics[name][0]
|
|
74
81
|
r = metric.next_sample(at)
|
|
75
82
|
@metrics[name][2] = at # new start
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
83
|
+
return unless r
|
|
84
|
+
|
|
85
|
+
r[NAME_KEY] = name
|
|
86
|
+
obs = r[Metric::OBSERVATION_KEY]
|
|
87
|
+
return unless obs && (!obs.respond_to?(:empty?) || !obs.empty?)
|
|
88
|
+
start_of_mono = Time.now.utc - Sqreen.time
|
|
89
|
+
|
|
90
|
+
agg = AggregatedMetric.new
|
|
91
|
+
agg.metric = metric
|
|
92
|
+
agg.rule = agg.metric.rule
|
|
93
|
+
agg.start = start_of_mono + r[Metric::START_KEY]
|
|
94
|
+
agg.finish = start_of_mono + r[Metric::FINISH_KEY]
|
|
95
|
+
agg.data = obs
|
|
96
|
+
@store << agg
|
|
85
97
|
end
|
|
86
98
|
|
|
87
99
|
def valid_metric(kind, name)
|
data/lib/sqreen/middleware.rb
CHANGED
data/lib/sqreen/mono_time.rb
CHANGED
data/lib/sqreen/node.rb
CHANGED
data/lib/sqreen/null_logger.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# typed: true
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
@@ -120,10 +122,16 @@ module Sqreen
|
|
|
120
122
|
attr_reader :metrics_store
|
|
121
123
|
attr_reader :period
|
|
122
124
|
|
|
123
|
-
def ensure_metric(metric_name)
|
|
125
|
+
def ensure_metric(metric_name, rule = nil)
|
|
124
126
|
return if metrics_store.metric?(metric_name)
|
|
125
127
|
metrics_store.create_metric(
|
|
126
|
-
|
|
128
|
+
{
|
|
129
|
+
'name' => metric_name,
|
|
130
|
+
'period' => period,
|
|
131
|
+
'kind' => 'Binning',
|
|
132
|
+
'options' => @perf_metric_opts,
|
|
133
|
+
},
|
|
134
|
+
rule
|
|
127
135
|
)
|
|
128
136
|
end
|
|
129
137
|
|
data/lib/sqreen/prefix.rb
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# typed: true
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
5
|
+
|
|
1
6
|
module Sqreen
|
|
2
7
|
class RemoteCommand
|
|
3
8
|
# wraps output returned by a command that should also result in status: false
|
data/lib/sqreen/rules.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
@@ -133,13 +135,15 @@ module Sqreen
|
|
|
133
135
|
return nil
|
|
134
136
|
end
|
|
135
137
|
|
|
138
|
+
rule_cb = cb_class.new(instr_class, instr_method, hash_rule)
|
|
139
|
+
|
|
136
140
|
if metrics_store
|
|
137
141
|
(hash_rule[Attrs::METRICS] || []).each do |metric|
|
|
138
|
-
metrics_store.create_metric(metric)
|
|
142
|
+
metrics_store.create_metric(metric, rule_cb)
|
|
139
143
|
end
|
|
140
144
|
end
|
|
141
145
|
|
|
142
|
-
|
|
146
|
+
rule_cb
|
|
143
147
|
rescue => e
|
|
144
148
|
rule_name = nil
|
|
145
149
|
rulespack_id = nil
|
data/lib/sqreen/rules/attrs.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
1
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
2
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
3
5
|
|
|
@@ -7,6 +9,11 @@ module Sqreen
|
|
|
7
9
|
module Rules
|
|
8
10
|
# Display sqreen presence
|
|
9
11
|
class HeadersInsertCB < RuleCB
|
|
12
|
+
def initialize(*args)
|
|
13
|
+
super
|
|
14
|
+
@overtimeable = false
|
|
15
|
+
end
|
|
16
|
+
|
|
10
17
|
def post(rv, _inst, _args, _budget = nil, &_block)
|
|
11
18
|
return unless rv && rv.respond_to?(:[]) && rv[1].is_a?(Hash)
|
|
12
19
|
return nil unless @data
|
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# typed: ignore
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
5
|
+
|
|
1
6
|
require 'sqreen/rules/attrs'
|
|
2
7
|
require 'sqreen/rules/rule_cb'
|
|
3
8
|
|
|
@@ -19,6 +24,8 @@ module Sqreen
|
|
|
19
24
|
exception = env['action_dispatch.exception']
|
|
20
25
|
|
|
21
26
|
record_from_env(ua, script_name, path_info, verb, override, host, exception)
|
|
27
|
+
|
|
28
|
+
nil
|
|
22
29
|
end
|
|
23
30
|
|
|
24
31
|
def record_from_env(ua, script_name, path_info, verb, override, host, exception)
|