sqreen 1.19.1-java → 1.21.0.beta3-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +34 -0
- data/lib/sqreen/actions/block_user.rb +1 -1
- data/lib/sqreen/actions/redirect_ip.rb +1 -1
- data/lib/sqreen/actions/redirect_user.rb +1 -1
- data/lib/sqreen/agent_message.rb +20 -0
- data/lib/sqreen/aggregated_metric.rb +25 -0
- data/lib/sqreen/attack_detected.html +1 -2
- data/lib/sqreen/ca.crt +24 -0
- data/lib/sqreen/condition_evaluator.rb +9 -2
- data/lib/sqreen/conditionable.rb +24 -6
- data/lib/sqreen/configuration.rb +11 -5
- data/lib/sqreen/deferred_logger.rb +50 -14
- data/lib/sqreen/deliveries/batch.rb +12 -2
- data/lib/sqreen/deliveries/simple.rb +4 -0
- data/lib/sqreen/deprecation.rb +38 -0
- data/lib/sqreen/ecosystem.rb +96 -0
- data/lib/sqreen/ecosystem/dispatch_table.rb +43 -0
- data/lib/sqreen/ecosystem/exception_reporting.rb +26 -0
- data/lib/sqreen/ecosystem/http/net_http.rb +50 -0
- data/lib/sqreen/ecosystem/http/rack_request.rb +39 -0
- data/lib/sqreen/ecosystem/loggable.rb +13 -0
- data/lib/sqreen/ecosystem/module_api.rb +30 -0
- data/lib/sqreen/ecosystem/module_api/event_listener.rb +18 -0
- data/lib/sqreen/ecosystem/module_api/instrumentation.rb +23 -0
- data/lib/sqreen/ecosystem/module_api/message_producer.rb +51 -0
- data/lib/sqreen/ecosystem/module_api/signal_producer.rb +24 -0
- data/lib/sqreen/ecosystem/module_api/tracing.rb +45 -0
- data/lib/sqreen/ecosystem/module_api/tracing/client_data.rb +31 -0
- data/lib/sqreen/ecosystem/module_api/tracing/server_data.rb +27 -0
- data/lib/sqreen/ecosystem/module_api/tracing_id_generation.rb +16 -0
- data/lib/sqreen/ecosystem/module_api/transaction_storage.rb +71 -0
- data/lib/sqreen/ecosystem/module_registry.rb +44 -0
- data/lib/sqreen/ecosystem/redis/redis_connection.rb +43 -0
- data/lib/sqreen/ecosystem/tracing/modules/client.rb +31 -0
- data/lib/sqreen/ecosystem/tracing/modules/server.rb +30 -0
- data/lib/sqreen/ecosystem/tracing/sampler.rb +160 -0
- data/lib/sqreen/ecosystem/tracing/sampling_configuration.rb +150 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_client.rb +53 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_server.rb +53 -0
- data/lib/sqreen/ecosystem/tracing_broker.rb +101 -0
- data/lib/sqreen/ecosystem/tracing_id_setup.rb +34 -0
- data/lib/sqreen/ecosystem/transaction_storage.rb +64 -0
- data/lib/sqreen/ecosystem/util/call_writers_from_init.rb +13 -0
- data/lib/sqreen/ecosystem_integration.rb +87 -0
- data/lib/sqreen/ecosystem_integration/around_callbacks.rb +99 -0
- data/lib/sqreen/ecosystem_integration/instrumentation_service.rb +42 -0
- data/lib/sqreen/ecosystem_integration/request_lifecycle_tracking.rb +58 -0
- data/lib/sqreen/ecosystem_integration/signal_consumption.rb +35 -0
- data/lib/sqreen/endpoint_testing.rb +184 -0
- data/lib/sqreen/event.rb +7 -5
- data/lib/sqreen/events/attack.rb +23 -18
- data/lib/sqreen/events/remote_exception.rb +0 -22
- data/lib/sqreen/events/request_record.rb +15 -71
- data/lib/sqreen/frameworks/generic.rb +24 -1
- data/lib/sqreen/frameworks/rails.rb +0 -7
- data/lib/sqreen/frameworks/request_recorder.rb +15 -2
- data/lib/sqreen/graft/call.rb +106 -19
- data/lib/sqreen/graft/callback.rb +1 -1
- data/lib/sqreen/graft/hook.rb +212 -100
- data/lib/sqreen/graft/hook_point.rb +18 -11
- data/lib/sqreen/kit/signals/specialized/aggregated_metric.rb +72 -0
- data/lib/sqreen/kit/signals/specialized/attack.rb +57 -0
- data/lib/sqreen/kit/signals/specialized/binning_metric.rb +76 -0
- data/lib/sqreen/kit/signals/specialized/http_trace.rb +26 -0
- data/lib/sqreen/kit/signals/specialized/sdk_track_call.rb +50 -0
- data/lib/sqreen/kit/signals/specialized/sqreen_exception.rb +57 -0
- data/lib/sqreen/legacy/instrumentation.rb +22 -10
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +228 -0
- data/lib/sqreen/legacy/waf_redactions.rb +49 -0
- data/lib/sqreen/log.rb +3 -2
- data/lib/sqreen/log/loggable.rb +2 -1
- data/lib/sqreen/logger.rb +24 -0
- data/lib/sqreen/metrics.rb +1 -0
- data/lib/sqreen/metrics/base.rb +3 -0
- data/lib/sqreen/metrics/req_detailed.rb +41 -0
- data/lib/sqreen/metrics_store.rb +33 -12
- data/lib/sqreen/null_logger.rb +22 -0
- data/lib/sqreen/performance_notifications/binned_metrics.rb +8 -2
- data/lib/sqreen/remote_command.rb +4 -0
- data/lib/sqreen/rules.rb +12 -6
- data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -2
- data/lib/sqreen/rules/custom_error_cb.rb +3 -3
- data/lib/sqreen/rules/not_found_cb.rb +2 -0
- data/lib/sqreen/rules/rule_cb.rb +6 -2
- data/lib/sqreen/rules/waf_cb.rb +16 -13
- data/lib/sqreen/runner.rb +138 -16
- data/lib/sqreen/sensitive_data_redactor.rb +19 -31
- data/lib/sqreen/session.rb +53 -43
- data/lib/sqreen/signals/conversions.rb +288 -0
- data/lib/sqreen/signals/http_trace_redaction.rb +111 -0
- data/lib/sqreen/signals/signals_submission_strategy.rb +78 -0
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/budget.rb +35 -0
- data/lib/sqreen/weave/legacy/instrumentation.rb +277 -135
- data/lib/sqreen/worker.rb +6 -2
- metadata +86 -10
- data/lib/sqreen/backport.rb +0 -9
- data/lib/sqreen/backport/clock_gettime.rb +0 -74
- data/lib/sqreen/backport/original_name.rb +0 -88
- data/lib/sqreen/encoding_sanitizer.rb +0 -27
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 00e4d67d3fbef516336bc81d189df526cfd4e67c
|
|
4
|
+
data.tar.gz: d66dc33e04ec02c6f7e3118ba7d2727ee20dbd4d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b9ea001f33c1daf64e8e6cecfdb3463f70c67bbec7db64b1b138216178a769451b0190d3101a67d0b0d5326f7cb3d717fb0b277720fbedcdeefb9bfcaf05018a
|
|
7
|
+
data.tar.gz: f56453335a9e3340e5434b376322a8e0993df25ddfb16df34c26e88aa30eccb3bab4bb31c04a0c6174f5119f65a2ede9d3732103809ee12ffa8da1d22213c361
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,37 @@
|
|
|
1
|
+
## 1.21.0.beta3
|
|
2
|
+
|
|
3
|
+
* Avoid fd leak in `custom_error_cb` (ARB-109)
|
|
4
|
+
* Support `skip_rem_cbs` (ARB-107)
|
|
5
|
+
* Fix instrumentation in Ruby 2.0
|
|
6
|
+
* Fix encoding exception on `hash_key_include` (ARB-53)
|
|
7
|
+
* Fix erroneous start in non-Rails context (SQREEN-880)
|
|
8
|
+
* Make metrics thread-safe
|
|
9
|
+
* Add restart command
|
|
10
|
+
* Fix `overtime_cb`
|
|
11
|
+
* Add `perf_level` 2
|
|
12
|
+
* Several performance optimizations
|
|
13
|
+
* WAF: rename `budget_in_ms` to `max_budget_ms`
|
|
14
|
+
* Transport/Tracing with http module
|
|
15
|
+
* Update the blocking page
|
|
16
|
+
|
|
17
|
+
## 1.20.1
|
|
18
|
+
|
|
19
|
+
* Add fallback mechanisms when connecting to new Sqreen backend API domains
|
|
20
|
+
|
|
21
|
+
## 1.20.0
|
|
22
|
+
|
|
23
|
+
* Enable new instrumentation engine by default
|
|
24
|
+
* Add signal-based backend communication
|
|
25
|
+
|
|
26
|
+
## 1.19.3
|
|
27
|
+
|
|
28
|
+
* Improve WAF PII protection
|
|
29
|
+
|
|
30
|
+
## 1.19.2
|
|
31
|
+
|
|
32
|
+
* Handle unexpected rule callback return values more gracefully
|
|
33
|
+
* Fix incorrect return value for 404 native callback
|
|
34
|
+
|
|
1
35
|
## 1.19.1
|
|
2
36
|
|
|
3
37
|
* Fix LocalJumpError when reaching a Rack app nested in a Rails app
|
|
@@ -24,7 +24,7 @@ module Sqreen
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def do_run(identity_params)
|
|
27
|
-
Sqreen.log.
|
|
27
|
+
Sqreen.log.debug 'Will request redirect for user with identity ' \
|
|
28
28
|
"#{identity_params} (action: #{id})."
|
|
29
29
|
|
|
30
30
|
e = Sqreen::AttackBlocked.new(
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
require 'digest'
|
|
2
|
+
|
|
3
|
+
module Sqreen
|
|
4
|
+
class AgentMessage
|
|
5
|
+
def initialize(kind, message, id = nil)
|
|
6
|
+
id ||= message + "\x00" + kind
|
|
7
|
+
@hash_hex = Digest::SHA1.hexdigest(id)
|
|
8
|
+
@kind = kind
|
|
9
|
+
@message = message
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def to_h
|
|
13
|
+
{
|
|
14
|
+
id: @hash_hex,
|
|
15
|
+
kind: @kind,
|
|
16
|
+
message: @message,
|
|
17
|
+
}
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
require 'sqreen/rules/rule_cb'
|
|
2
|
+
require 'sqreen/metrics/base'
|
|
3
|
+
|
|
4
|
+
module Sqreen
|
|
5
|
+
class AggregatedMetric
|
|
6
|
+
def initialize(values = {})
|
|
7
|
+
values.each do |k, v|
|
|
8
|
+
public_send "#{k}=", v
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
# @return [Sqreen::Rules::RuleCB]
|
|
13
|
+
attr_accessor :rule # optional
|
|
14
|
+
|
|
15
|
+
# @return [Sqreen::Metric::Base]
|
|
16
|
+
attr_accessor :metric
|
|
17
|
+
|
|
18
|
+
attr_accessor :start, :finish
|
|
19
|
+
attr_accessor :data
|
|
20
|
+
|
|
21
|
+
def name
|
|
22
|
+
metric.name
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -1,2 +1 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
<!-- Sorry, you’ve been blocked --><!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>You've been blocked</title><style>a,body,div,h1,html,span{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}body{background:-webkit-radial-gradient(26% 19%,circle,#fff,#f4f7f9);background:radial-gradient(circle at 26% 19%,#fff,#f4f7f9);display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;width:100%;min-height:100vh;line-height:1;flex-direction:column}h1,p,svg{display:block}svg{margin:0 auto 4vh}main{text-align:center;flex:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;flex-direction:column}h1{font-family:sans-serif;font-weight:600;font-size:34px;color:#1e0936;line-height:1.2}p{font-size:18px;line-height:normal;color:#646464;font-family:sans-serif;font-weight:400}a{color:#4842b7}footer{width:100%;text-align:center}footer p{font-size:16px}</style></head><body><main><svg width="170px" height="193px" viewBox="0 0 170 193" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true"><g id="exports" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g id="Artboard" transform="translate(-186.000000, -189.000000)"><g id="logo-cmyk-indigo" transform="translate(186.000000, 189.000000)"><g id="nest-cmyk-indigo"><ellipse id="sqreen" fill="#B0ACFF" cx="85" cy="96.5" rx="45.7692308" ry="45.7966102"></ellipse><path d="M78.4615385,175.749389 L78.4615385,102.2092 L13.1398162,64.4731256 L13.1398162,129.181112 L36.352167,115.771438 C37.9764468,119.873152 40.1038639,123.720553 42.6582364,127.237412 L18.5723996,141.151695 L78.4615385,175.749389 Z M91.5384615,175.749389 L151.4276,141.151695 L127.341764,127.237412 C129.896136,123.720553 132.023553,119.873152 133.647833,115.771438 L156.860184,129.181112 L156.860184,64.4731256 L91.5384615,102.2092 L91.5384615,175.749389 Z M18.0061522,52.1754237 L85,90.8774777 L151.993848,52.1754237 L91.5384615,17.2506105 L91.5384615,44.565949 C89.3964992,44.2986903 87.2143177,44.1610169 85,44.1610169 C82.7856823,44.1610169 80.6035008,44.2986903 78.4615385,44.565949 L78.4615385,17.2506105 L18.0061522,52.1754237 Z M90.8846156,1.76392358 L164.052491,44.0326866 C167.693904,46.1363149 169.937107,50.0239804 169.937107,54.231237 L169.937107,138.768763 C169.937107,142.97602 167.693904,146.863685 164.052491,148.967313 L90.8846156,191.236076 C87.2432028,193.339705 82.7567972,193.339705 79.1153844,191.236076 L5.94750871,148.967313 C2.30609589,146.863685 0.0628930904,142.97602 0.0628930904,138.768763 L0.0628930904,54.231237 C0.0628930904,50.0239804 2.30609589,46.1363149 5.94750871,44.0326866 L79.1153844,1.76392358 C82.7567972,-0.339704735 87.2432028,-0.339704735 90.8846156,1.76392358 Z" id="app" fill="#4842B7"></path></g></g></g></g></svg><h1>Sorry, you've been blocked</h1><p>Contact the website owner</p></main><footer><p>Security provided by <a href="https://www.sqreen.com/?utm_medium=block_page" target="_blank">Sqreen</a></p></footer></body></html>
|
data/lib/sqreen/ca.crt
CHANGED
|
@@ -70,3 +70,27 @@ WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
|
|
|
70
70
|
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
|
|
71
71
|
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
|
|
72
72
|
-----END CERTIFICATE-----
|
|
73
|
+
-----BEGIN CERTIFICATE-----
|
|
74
|
+
MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx
|
|
75
|
+
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
|
|
76
|
+
HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs
|
|
77
|
+
ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
|
|
78
|
+
MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD
|
|
79
|
+
VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy
|
|
80
|
+
ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy
|
|
81
|
+
dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
|
|
82
|
+
hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p
|
|
83
|
+
OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2
|
|
84
|
+
8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K
|
|
85
|
+
Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe
|
|
86
|
+
hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk
|
|
87
|
+
6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw
|
|
88
|
+
DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q
|
|
89
|
+
AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI
|
|
90
|
+
bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB
|
|
91
|
+
ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z
|
|
92
|
+
qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
|
|
93
|
+
iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
|
|
94
|
+
0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
|
|
95
|
+
sSi6
|
|
96
|
+
-----END CERTIFICATE-----
|
|
@@ -67,7 +67,7 @@ module Sqreen
|
|
|
67
67
|
return true if rem <= 0
|
|
68
68
|
if hash.is_a?(Array)
|
|
69
69
|
return hash.any? do |v|
|
|
70
|
-
|
|
70
|
+
hash_key_include?(values, v, min_value_size, rem - 1)
|
|
71
71
|
end
|
|
72
72
|
end
|
|
73
73
|
|
|
@@ -81,7 +81,14 @@ module Sqreen
|
|
|
81
81
|
if hkey.respond_to?(:empty?) && hkey.empty?
|
|
82
82
|
false
|
|
83
83
|
else
|
|
84
|
-
|
|
84
|
+
key_incl =
|
|
85
|
+
if values.is_a?(String)
|
|
86
|
+
str_include? values, hkey.to_s
|
|
87
|
+
else
|
|
88
|
+
values.include?(hkey.to_s)
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
key_incl || hash_key_include?(values, hval, min_value_size, rem - 1)
|
|
85
92
|
end
|
|
86
93
|
end
|
|
87
94
|
end
|
data/lib/sqreen/conditionable.rb
CHANGED
|
@@ -28,21 +28,39 @@ module Sqreen
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
def pre_with_conditions(inst, args, budget = nil, &block)
|
|
31
|
+
return pre_without_conditions(inst, args, budget, &block) if pre_conditions.nil?
|
|
32
|
+
|
|
31
33
|
eargs = [nil, framework, inst, args, @data, nil]
|
|
32
|
-
return nil
|
|
33
|
-
|
|
34
|
+
return nil unless pre_conditions.evaluate(*eargs)
|
|
35
|
+
|
|
36
|
+
res = pre_without_conditions(inst, args, budget, &block)
|
|
37
|
+
return { passed_conditions: true } unless res.is_a?(Hash)
|
|
38
|
+
res[:passed_conditions] = true
|
|
39
|
+
res
|
|
34
40
|
end
|
|
35
41
|
|
|
36
42
|
def post_with_conditions(rv, inst, args, budget = nil, &block)
|
|
43
|
+
return post_without_conditions(rv, inst, args, budget, &block) if post_conditions.nil?
|
|
44
|
+
|
|
37
45
|
eargs = [nil, framework, inst, args, @data, rv]
|
|
38
|
-
return nil
|
|
39
|
-
|
|
46
|
+
return nil unless post_conditions.evaluate(*eargs)
|
|
47
|
+
|
|
48
|
+
res = post_without_conditions(rv, inst, args, budget, &block)
|
|
49
|
+
return { passed_conditions: true } if res.nil?
|
|
50
|
+
res[:passed_conditions] = true
|
|
51
|
+
res
|
|
40
52
|
end
|
|
41
53
|
|
|
42
54
|
def failing_with_conditions(rv, inst, args, budget = nil, &block)
|
|
55
|
+
return failing_without_conditions(rv, inst, args, budget, &block) if failing_conditions.nil?
|
|
56
|
+
|
|
43
57
|
eargs = [nil, framework, inst, args, @data, rv]
|
|
44
|
-
return nil
|
|
45
|
-
|
|
58
|
+
return nil unless failing_conditions.evaluate(*eargs)
|
|
59
|
+
|
|
60
|
+
res = failing_without_conditions(rv, inst, args, budget, &block)
|
|
61
|
+
return { passed_conditions: true } if res.nil?
|
|
62
|
+
res[:passed_conditions] = true
|
|
63
|
+
res
|
|
46
64
|
end
|
|
47
65
|
|
|
48
66
|
protected
|
data/lib/sqreen/configuration.rb
CHANGED
|
@@ -39,11 +39,15 @@ module Sqreen
|
|
|
39
39
|
{ :env => :SQREEN_LIBSQREEN, :name => :libsqreen,
|
|
40
40
|
:default => true, :convert => :to_bool },
|
|
41
41
|
{ :env => :SQREEN_WEAVE, :name => :weave,
|
|
42
|
-
:default =>
|
|
42
|
+
:default => true, :convert => :to_bool },
|
|
43
43
|
{ :env => :SQREEN_WEAVE_STRATEGY, :name => :weave_strategy,
|
|
44
|
-
:default => :
|
|
45
|
-
{ :env => :SQREEN_URL,
|
|
46
|
-
:default =>
|
|
44
|
+
:default => :prepend, :convert => :to_sym },
|
|
45
|
+
{ :env => :SQREEN_URL, :name => :url,
|
|
46
|
+
:default => nil },
|
|
47
|
+
{ :env => :SQREEN_INGESTION_URL, :name => :ingestion_url,
|
|
48
|
+
:default => nil },
|
|
49
|
+
{ :env => :SQREEN_PROXY_URL, :name => :proxy_url,
|
|
50
|
+
:default => nil },
|
|
47
51
|
{ :env => :SQREEN_TOKEN, :name => :token,
|
|
48
52
|
:default => nil },
|
|
49
53
|
{ :env => :SQREEN_APP_NAME, :name => :app_name,
|
|
@@ -53,7 +57,7 @@ module Sqreen
|
|
|
53
57
|
{ :env => :SQREEN_RULES_SIGNATURE, :name => :rules_verify_signature,
|
|
54
58
|
:default => true },
|
|
55
59
|
{ :env => :SQREEN_LOG_LEVEL, :name => :log_level,
|
|
56
|
-
:default => '
|
|
60
|
+
:default => 'INFO', :choice => %w[UNKNOWN FATAL ERROR WARN INFO DEBUG] },
|
|
57
61
|
{ :env => :SQREEN_LOG_LOCATION, :name => :log_location,
|
|
58
62
|
:default => 'log/sqreen.log' },
|
|
59
63
|
{ :env => :SQREEN_RUN_IN_TEST, :name => :run_in_test,
|
|
@@ -74,6 +78,8 @@ module Sqreen
|
|
|
74
78
|
:default => nil },
|
|
75
79
|
{ :env => :SQREEN_STRIP_SENSITIVE_REGEX, :name => :strip_sensitive_regex,
|
|
76
80
|
:default => nil },
|
|
81
|
+
{ :env => :SQREEN_NO_SNIFF_DOMAINS, :name => :no_sniff_domains,
|
|
82
|
+
:default => false },
|
|
77
83
|
|
|
78
84
|
].freeze
|
|
79
85
|
|
|
@@ -9,35 +9,70 @@ require 'sqreen/logger'
|
|
|
9
9
|
|
|
10
10
|
module Sqreen
|
|
11
11
|
class DeferredLogger
|
|
12
|
-
|
|
12
|
+
MAX_ENTRIES = 1000
|
|
13
|
+
|
|
14
|
+
Entry = Struct.new(:severity, :message)
|
|
13
15
|
|
|
14
16
|
def initialize
|
|
15
17
|
@buffer = StringIO.new
|
|
16
18
|
@logger = ::Logger.new(@buffer)
|
|
19
|
+
@entries = []
|
|
20
|
+
@mutex = Mutex.new
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def debug?
|
|
24
|
+
true
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def info?
|
|
28
|
+
true
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def warn?
|
|
32
|
+
true
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def error?
|
|
36
|
+
true
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def fatal?
|
|
40
|
+
true
|
|
17
41
|
end
|
|
18
42
|
|
|
19
43
|
def debug(msg = nil, &block)
|
|
20
|
-
|
|
44
|
+
add(::Logger::DEBUG, msg, &block)
|
|
21
45
|
end
|
|
22
46
|
|
|
23
47
|
def info(msg = nil, &block)
|
|
24
|
-
|
|
48
|
+
add(::Logger::INFO, msg, &block)
|
|
25
49
|
end
|
|
26
50
|
|
|
27
51
|
def warn(msg = nil, &block)
|
|
28
|
-
|
|
52
|
+
add(::Logger::WARN, msg, &block)
|
|
29
53
|
end
|
|
30
54
|
|
|
31
55
|
def error(msg = nil, &block)
|
|
32
|
-
|
|
56
|
+
add(::Logger::ERROR, msg, &block)
|
|
33
57
|
end
|
|
34
58
|
|
|
35
59
|
def fatal(msg = nil, &block)
|
|
36
|
-
|
|
60
|
+
add(::Logger::FATAL, msg, &block)
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def unknown(msg = nil, &block)
|
|
64
|
+
add(::Logger::UNKNOWN, msg, &block)
|
|
37
65
|
end
|
|
38
66
|
|
|
39
67
|
def add(severity, msg = nil, &block)
|
|
40
|
-
|
|
68
|
+
@mutex.synchronize do
|
|
69
|
+
@entries.shift if @entries.count >= MAX_ENTRIES
|
|
70
|
+
mark = @buffer.pos
|
|
71
|
+
@logger.add(severity, msg, &block)
|
|
72
|
+
@buffer.seek(mark)
|
|
73
|
+
@entries << Entry.new(severity, @buffer.read)
|
|
74
|
+
@buffer.truncate(0)
|
|
75
|
+
end
|
|
41
76
|
end
|
|
42
77
|
|
|
43
78
|
def formatter=(value)
|
|
@@ -45,21 +80,22 @@ module Sqreen
|
|
|
45
80
|
end
|
|
46
81
|
|
|
47
82
|
def flush_to(logger)
|
|
48
|
-
|
|
83
|
+
@mutex.synchronize do
|
|
84
|
+
@entries.each do |entry|
|
|
85
|
+
next if entry.severity < logger.level
|
|
86
|
+
logger.instance_eval { @logdev }.write(entry.message)
|
|
87
|
+
end
|
|
88
|
+
reset
|
|
89
|
+
end
|
|
49
90
|
end
|
|
50
91
|
|
|
51
92
|
private
|
|
52
93
|
|
|
53
|
-
def read
|
|
54
|
-
@buffer.rewind
|
|
55
|
-
@buffer.read
|
|
56
|
-
end
|
|
57
|
-
|
|
58
94
|
def reset
|
|
59
95
|
buffer = StringIO.new
|
|
60
96
|
logger = ::Logger.new(buffer)
|
|
61
97
|
logger.formatter = @logger.formatter
|
|
62
|
-
@buffer, @logger = buffer, logger
|
|
98
|
+
@buffer, @logger, @entries = buffer, logger, []
|
|
63
99
|
end
|
|
64
100
|
end
|
|
65
101
|
end
|
|
@@ -8,10 +8,13 @@
|
|
|
8
8
|
# TODO: Sqreen::RequestRecord => sqreen/events
|
|
9
9
|
# TODO: Sqreen.time
|
|
10
10
|
|
|
11
|
+
require 'sqreen/aggregated_metric'
|
|
11
12
|
require 'sqreen/events/attack'
|
|
12
13
|
require 'sqreen/events/remote_exception'
|
|
13
14
|
require 'sqreen/mono_time'
|
|
14
15
|
require 'sqreen/deliveries/simple'
|
|
16
|
+
require 'sqreen/kit/signals/signal'
|
|
17
|
+
require 'sqreen/kit/signals/trace'
|
|
15
18
|
|
|
16
19
|
module Sqreen
|
|
17
20
|
module Deliveries
|
|
@@ -57,7 +60,7 @@ module Sqreen
|
|
|
57
60
|
def post_batch_needed?(event)
|
|
58
61
|
now = Sqreen.time
|
|
59
62
|
# do not use any? {} due to side effects inside block
|
|
60
|
-
event_keys(event).map do |key|
|
|
63
|
+
event_keys(event).uniq.map do |key|
|
|
61
64
|
was = @first_seen[key]
|
|
62
65
|
@first_seen[key] ||= now
|
|
63
66
|
was.nil? || current_batch.size > max_batch || now > (was + max_staleness)
|
|
@@ -85,15 +88,22 @@ module Sqreen
|
|
|
85
88
|
res += event.observed.fetch(:sdk, []).select { |e|
|
|
86
89
|
e[0] == :track
|
|
87
90
|
}.map { |e| "sdk-track".freeze }
|
|
91
|
+
res += event.observed.fetch(:signals, []).map { "signal".freeze }
|
|
88
92
|
return res
|
|
89
93
|
end
|
|
90
94
|
|
|
91
95
|
def event_key(event)
|
|
92
96
|
case event
|
|
93
97
|
when Sqreen::Attack
|
|
94
|
-
"att-#{event.
|
|
98
|
+
"att-#{event.rule_name}"
|
|
95
99
|
when Sqreen::RemoteException
|
|
96
100
|
"rex-#{event.klass}"
|
|
101
|
+
when Sqreen::AggregatedMetric
|
|
102
|
+
"agg-metric"
|
|
103
|
+
when Sqreen::Kit::Signals::Signal
|
|
104
|
+
"signal"
|
|
105
|
+
when Sqreen::Kit::Signals::Trace
|
|
106
|
+
"signal"
|
|
97
107
|
end
|
|
98
108
|
end
|
|
99
109
|
end
|
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
# TODO: Sqreen::RemoteException => sqreen/events
|
|
8
8
|
# TODO: Sqreen::RequestRecord => sqreen/events
|
|
9
9
|
|
|
10
|
+
require 'sqreen/log/loggable'
|
|
10
11
|
require 'sqreen/events/attack'
|
|
11
12
|
require 'sqreen/events/remote_exception'
|
|
12
13
|
require 'sqreen/events/request_record'
|
|
@@ -15,6 +16,7 @@ module Sqreen
|
|
|
15
16
|
module Deliveries
|
|
16
17
|
# Simple delivery method that directly call session on event
|
|
17
18
|
class Simple
|
|
19
|
+
include Log::Loggable
|
|
18
20
|
attr_accessor :session
|
|
19
21
|
|
|
20
22
|
def initialize(session)
|
|
@@ -29,6 +31,8 @@ module Sqreen
|
|
|
29
31
|
session.post_sqreen_exception(event)
|
|
30
32
|
when Sqreen::RequestRecord
|
|
31
33
|
session.post_request_record(event)
|
|
34
|
+
when Sqreen::AggregatedMetric
|
|
35
|
+
logger.warn 'Delivery of metrics using signals is not supported with simple delivery'
|
|
32
36
|
else
|
|
33
37
|
session.post_event(event)
|
|
34
38
|
end
|