sqreen 1.19.0.beta1 → 1.20.0

data/lib/sqreen/signals/signals_submission_strategy.rb

@@ -0,0 +1,78 @@
+require 'sqreen/aggregated_metric'
+require 'sqreen/kit'
+require 'sqreen/kit/string_sanitizer'
+require 'sqreen/signals/conversions'
+require 'sqreen/log/loggable'
+
+module Sqreen
+  module Signals
+    # see also Sqreen::Legacy::OldEventSubmissionStrategy
+    # usage in Sqreen:Session
+    class SignalsSubmissionStrategy
+      include Sqreen::Log::Loggable
+
+      # @param [Array<Sqreen::AggregatedMetric>] metrics
+      def post_metrics(metrics)
+        return if metrics.nil? || metrics.empty?
+
+        guarded 'Failed to serialize or submit aggregated metrics' do
+          batch = metrics.map do |m|
+            Conversions.convert_metric_sample(m)
+          end
+          client.report_batch(batch)
+        end
+      end
+
+      # @param _attack [Sqreen::Attack]
+      # XXX: unused
+      def post_attack(_attack)
+        raise NotImplementedError
+      end
+
+      # @param request_record [Sqreen::RequestRecord]
+      def post_request_record(request_record)
+        guarded 'Failed to serialize or submit request record' do
+          trace = Conversions.convert_req_record(request_record)
+          append_sanitizing_filter(trace)
+          client.report_trace(trace)
+        end
+      end
+
+      # Post an exception to Sqreen for analysis
+      # @param exception [RemoteException] Exception and context to be sent over
+      def post_sqreen_exception(exception)
+        guarded 'Failed to serialize or submit exception', false do
+          data = Conversions.convert_exception(exception)
+          append_sanitizing_filter(data)
+          client.report_signal(data)
+        end
+      end
+
+      def post_batch(events)
+        guarded 'Failed to serialize or submit batch of events' do
+          batch = Conversions.convert_batch(events)
+          batch.each { |sig_or_trace| append_sanitizing_filter(sig_or_trace) }
+          client.report_batch(batch)
+        end
+      end
+
+      private
+
+      def append_sanitizing_filter(sig_or_trace)
+        sig_or_trace.append_to_h_filter Kit::StringSanitizer.method(:sanitize)
+      end
+
+      # we don't want exceptions to propagate and kill the worker thread
+      def guarded(msg, report = true)
+        yield
+      rescue StandardError => e
+        logger.warn "#{msg}: #{e.message}\n#{e.backtrace.map { |x| "  #{x}" }.join("\n")}"
+        post_sqreen_exception(RemoteException.new(e)) if report
+      end
+
+      def client
+        Sqreen::Kit.auth_signals_client
+      end
+    end
+  end
+end

data/lib/sqreen/version.rb

@@ -4,5 +4,5 @@
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 
 module Sqreen
-  VERSION = '1.19.0.beta1'.freeze
+  VERSION = '1.20.0'.freeze
 end

data/lib/sqreen/weave/legacy/instrumentation.rb

@@ -76,6 +76,9 @@ class Sqreen::Weave::Legacy::Instrumentation
     if strategy == :prepend && !Module.respond_to?(:prepend)
       Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} unavailable, falling back to :chain" }
       strategy = :chain
+    elsif strategy == :chain && Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('>= 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} unavailable with scout_apm >= 2.5.2, switching to :prepend" }
+      strategy = :prepend
     end
     Sqreen::Weave.logger.debug { "strategy: #{strategy.inspect}" }
 
@@ -108,6 +111,8 @@ class Sqreen::Weave::Legacy::Instrumentation
     @hooks << request_hook
     request_hook.add do
       before('wave,meta,request', rank: -100000, mandatory: true) do |_call|
+        next unless Sqreen.instrumentation_ready
+
         uuid = SecureRandom.uuid
         now = Sqreen::Graft::Timer.read
         Thread.current[:sqreen_http_request] = {
@@ -130,6 +135,9 @@ class Sqreen::Weave::Legacy::Instrumentation
 
       ensured('weave,meta,request', rank: 100000, mandatory: true) do |_call|
         request = Thread.current[:sqreen_http_request]
+
+        next if request.nil?
+
         Thread.current[:sqreen_http_request] = nil
         now = Sqreen::Graft::Timer.read
         utc_now = Time.now.utc
@@ -261,7 +269,7 @@ class Sqreen::Weave::Legacy::Instrumentation
     hook.add do
       if callback.pre?
         before(rule, rank: priority, mandatory: !callback.overtimeable, flow: block, ignore: ignore) do |call, b|
-          return unless Sqreen.instrumentation_ready
+          next unless Thread.current[:sqreen_http_request]
 
           i = call.instance
           a = call.args
@@ -288,13 +296,13 @@ class Sqreen::Weave::Legacy::Instrumentation
           when :raise, 'raise'
             throw(b, b.raise(ret[:exception])) if ret.key?(:exception)
             throw(b, b.raise(Sqreen::AttackBlocked.new("Sqreen blocked a security threat (type: #{callback.rule_name}). No action is required.")))
-          end unless ret.nil?
+          end unless ret.nil? || !ret.is_a?(Hash)
         end
       end
 
       if callback.post?
         after(rule, rank: -priority, mandatory: !callback.overtimeable, flow: block, ignore: ignore) do |call, b|
-          return unless Sqreen.instrumentation_ready
+          next unless Thread.current[:sqreen_http_request]
 
           i = call.instance
           v = call.returned
@@ -320,13 +328,13 @@ class Sqreen::Weave::Legacy::Instrumentation
           when :raise, 'raise'
             throw(b, b.raise(ret[:exception])) if ret.key?(:exception)
             throw(b, b.raise(Sqreen::AttackBlocked.new("Sqreen blocked a security threat (type: #{callback.rule_name}). No action is required.")))
-          end unless ret.nil?
+          end unless ret.nil? || !ret.is_a?(Hash)
         end
       end
 
       if callback.failing?
         raised(rule, rank: priority, mandatory: !callback.overtimeable, flow: block, ignore: ignore) do |call, b|
-          return unless Sqreen.instrumentation_ready
+          next unless Thread.current[:sqreen_http_request]
 
           i = call.instance
           e = call.raised
@@ -346,7 +354,7 @@ class Sqreen::Weave::Legacy::Instrumentation
           end
           Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#failing instance=#{i} => return=#{ret.inspect}" }
 
-          raise e if ret.nil?
+          throw(b, b.raise(e)) if ret.nil? || !ret.is_a?(Hash)
 
           case ret[:status]
           when :override, 'override'
@@ -360,7 +368,7 @@ class Sqreen::Weave::Legacy::Instrumentation
             throw(b, b.raise(e))
           else
             throw(b, b.raise(e))
-          end unless ret.nil?
+          end unless ret.nil? || !ret.is_a?(Hash)
         end
       end
     end.install

metadata

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.19.0.beta1
+  version: 1.20.0
 platform: ruby
 authors:
 - Sqreen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-11 00:00:00.000000000 Z
+date: 2020-06-18 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: sqreen-backport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.1.0
+- !ruby/object:Gem::Dependency
+  name: sqreen-kit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.2.0
 - !ruby/object:Gem::Dependency
   name: sq_mini_racer
   requirement: !ruby/object:Gem::Requirement
@@ -30,14 +58,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0.0
+        version: 0.6.1.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.3.0.0
+        version: 0.6.1.0.0
 description: Sqreen is a SaaS based Application protection and monitoring platform
   that integrates directly into your Ruby applications. Learn more at https://sqreen.com.
 email: contact@sqreen.com
@@ -65,11 +93,9 @@ files:
 - lib/sqreen/actions/user_action_class.rb
 - lib/sqreen/actions/users_index.rb
 - lib/sqreen/agent.rb
+- lib/sqreen/aggregated_metric.rb
 - lib/sqreen/attack_blocked.rb
 - lib/sqreen/attack_detected.html
-- lib/sqreen/backport.rb
-- lib/sqreen/backport/clock_gettime.rb
-- lib/sqreen/backport/original_name.rb
 - lib/sqreen/binding_accessor.rb
 - lib/sqreen/binding_accessor/path_elem.rb
 - lib/sqreen/binding_accessor/transforms.rb
@@ -129,8 +155,16 @@ files:
 - lib/sqreen/js/mini_racer_adapter.rb
 - lib/sqreen/js/mini_racer_executable_js.rb
 - lib/sqreen/js/thread_local_exec_js_runnable.rb
+- lib/sqreen/kit/signals/specialized/aggregated_metric.rb
+- lib/sqreen/kit/signals/specialized/attack.rb
+- lib/sqreen/kit/signals/specialized/binning_metric.rb
+- lib/sqreen/kit/signals/specialized/http_trace.rb
+- lib/sqreen/kit/signals/specialized/sdk_track_call.rb
+- lib/sqreen/kit/signals/specialized/sqreen_exception.rb
 - lib/sqreen/legacy.rb
 - lib/sqreen/legacy/instrumentation.rb
+- lib/sqreen/legacy/old_event_submission_strategy.rb
+- lib/sqreen/legacy/waf_redactions.rb
 - lib/sqreen/log.rb
 - lib/sqreen/log/loggable.rb
 - lib/sqreen/logger.rb
@@ -201,6 +235,9 @@ files:
 - lib/sqreen/shared_storage.rb
 - lib/sqreen/shared_storage23.rb
 - lib/sqreen/shrink_wrap.rb
+- lib/sqreen/signals/conversions.rb
+- lib/sqreen/signals/http_trace_redaction.rb
+- lib/sqreen/signals/signals_submission_strategy.rb
 - lib/sqreen/signature_verifier.rb
 - lib/sqreen/sinatra_middleware.rb
 - lib/sqreen/sqreen_signed_verifier.rb
@@ -232,10 +269,13 @@ files:
 homepage: https://www.sqreen.com/
 licenses:
 - Sqreen
-metadata: {}
-post_install_message: |2
-      This is a Sqreen beta release and may not work in all situations.
-      Make sure to review CHANGELOG.md for important details.
+metadata:
+  homepage_uri: https://sqreen.com
+  documentation_uri: https://docs.sqreen.com/
+  changelog_uri: https://docs.sqreen.com/ruby/release-notes/
+  source_code_uri: https://github.com/sqreen/ruby-agent
+  bug_tracker_uri: https://github.com/sqreen/ruby-agent/issues
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -246,11 +286,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubyforge_project: 
+rubygems_version: 2.7.7
 signing_key: 
 specification_version: 4
 summary: Sqreen Ruby agent

data/lib/sqreen/backport.rb

@@ -1,9 +0,0 @@
-# typed: strong
-
-# Copyright (c) 2015 Sqreen. All Rights Reserved.
-# Please refer to our terms for more information: https://www.sqreen.com/terms.html
-
-module Sqreen
-  module Backport
-  end
-end

data/lib/sqreen/backport/clock_gettime.rb

@@ -1,74 +0,0 @@
-# typed: ignore
-
-# Copyright (c) 2015 Sqreen. All Rights Reserved.
-# Please refer to our terms for more information: https://www.sqreen.com/terms.html
-
-require 'sqreen/backport'
-
-module Sqreen
-  module Backport
-    module ClockGettime
-      class << self
-        def supported?
-          Process.respond_to?(:clock_gettime)
-        end
-      end
-
-      unless supported?
-        require 'ffi'
-
-        class Timespec < FFI::Struct
-          layout :tv_sec => :time_t, :tv_nsec => :long
-        end
-
-        module LibC
-          extend FFI::Library
-          ffi_lib FFI::Library::LIBC
-
-          # TODO: FFI::NotFoundError
-
-          if RUBY_PLATFORM =~ /darwin/
-            attach_function :mach_absolute_time, [], :uint64
-          end
-
-          attach_function :clock_gettime, [:int, :pointer], :int
-        end
-
-        module Constants
-          case RUBY_PLATFORM
-          when /darwin/
-            CLOCK_REALTIME = 0
-            CLOCK_MONOTONIC = 6
-            CLOCK_PROCESS_CPUTIME_ID = 12
-            CLOCK_THERAD_CPUTIME_ID = 16
-          when /linux/
-            CLOCK_REALTIME = 0
-            CLOCK_MONOTONIC = 1
-            CLOCK_PROCESS_CPUTIME_ID = 2
-            CLOCK_THREAD_CPUTIME_ID = 3
-          end
-        end
-
-        def clock_gettime(clock_id, unit = :float_second)
-          unless unit == :float_second
-            raise "Process.clock_gettime: unsupported unit #{unit.inspect}"
-          end
-
-          t = Timespec.new
-          ret = LibC.clock_gettime(clock_id, t.pointer)
-
-          raise SystemCallError, "Errno #{FFI.errno}" if ret == -1
-
-          t[:tv_sec].to_f + t[:tv_nsec].to_f / 1_000_000_000
-        end
-      end
-    end
-  end
-end
-
-unless Sqreen::Backport::ClockGettime.supported?
-  Process.instance_eval do
-    extend Sqreen::Backport::ClockGettime
-    include Sqreen::Backport::ClockGettime::Constants
-  end
-end

data/lib/sqreen/backport/original_name.rb

@@ -1,88 +0,0 @@
-# typed: false
-
-# Copyright (c) 2015 Sqreen. All Rights Reserved.
-# Please refer to our terms for more information: https://www.sqreen.com/terms.html
-
-module Sqreen
-  module Backport
-    module OriginalName
-      HAS_UNBOUND_METHOD_ORIGINAL_NAME = ::UnboundMethod.instance_methods(false).include?(:original_name)
-      HAS_METHOD_ORIGINAL_NAME = ::Method.instance_methods(false).include?(:original_name)
-
-      def original_name
-        self.class.get_original_name(owner, original_name_key) || self.original_name = name
-      end
-
-      private
-
-      def original_name=(name)
-        self.class.set_original_name(owner, original_name_key, name)
-      end
-
-      def original_name_key
-        return hash if is_a?(::UnboundMethod)
-
-        owner.instance_method(name).hash
-      end
-
-      class << self
-        def supported?
-          !::Kernel.const_defined?(:JRUBY_VERSION) && HAS_UNBOUND_METHOD_ORIGINAL_NAME && HAS_METHOD_ORIGINAL_NAME
-        end
-
-        def included(klass)
-          klass.extend(ClassMethods)
-        end
-
-        def prepended(klass)
-          klass.extend(ClassMethods)
-        end
-      end
-
-      class Store < ::Hash; end
-
-      module ClassMethods
-        def original_names(owner)
-          owner.instance_eval { @__sqreen_backport_original_names ||= Store.new }
-        end
-
-        def get_original_name(owner, key)
-          original_names(owner)[key]
-        end
-
-        def set_original_name(owner, key, name)
-          original_names(owner)[key] ||= name
-        end
-      end
-    end
-  end
-end
-
-class UnboundMethod
-  if Sqreen::Backport::OriginalName::HAS_UNBOUND_METHOD_ORIGINAL_NAME
-    prepend Sqreen::Backport::OriginalName
-  else
-    include Sqreen::Backport::OriginalName
-  end
-end unless Sqreen::Backport::OriginalName.supported?
-
-class Method
-  if Sqreen::Backport::OriginalName::HAS_METHOD_ORIGINAL_NAME
-    prepend Sqreen::Backport::OriginalName
-  else
-    include Sqreen::Backport::OriginalName
-  end
-end unless Sqreen::Backport::OriginalName.supported?
-
-class Module
-  alias_method(:alias_method_without_original_name, :alias_method)
-
-  def alias_method_with_original_name(newname, oldname)
-    alias_method_without_original_name(newname, oldname).tap do
-      instance_method(newname).send(:original_name=, :"#{oldname}")
-    end
-  end
-
-  alias_method_with_original_name(:alias_method_without_original_name, :alias_method)
-  alias_method_with_original_name(:alias_method, :alias_method_with_original_name)
-end unless Sqreen::Backport::OriginalName.supported?