sqreen 1.19.1-java → 1.21.0.beta3-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +34 -0
- data/lib/sqreen/actions/block_user.rb +1 -1
- data/lib/sqreen/actions/redirect_ip.rb +1 -1
- data/lib/sqreen/actions/redirect_user.rb +1 -1
- data/lib/sqreen/agent_message.rb +20 -0
- data/lib/sqreen/aggregated_metric.rb +25 -0
- data/lib/sqreen/attack_detected.html +1 -2
- data/lib/sqreen/ca.crt +24 -0
- data/lib/sqreen/condition_evaluator.rb +9 -2
- data/lib/sqreen/conditionable.rb +24 -6
- data/lib/sqreen/configuration.rb +11 -5
- data/lib/sqreen/deferred_logger.rb +50 -14
- data/lib/sqreen/deliveries/batch.rb +12 -2
- data/lib/sqreen/deliveries/simple.rb +4 -0
- data/lib/sqreen/deprecation.rb +38 -0
- data/lib/sqreen/ecosystem.rb +96 -0
- data/lib/sqreen/ecosystem/dispatch_table.rb +43 -0
- data/lib/sqreen/ecosystem/exception_reporting.rb +26 -0
- data/lib/sqreen/ecosystem/http/net_http.rb +50 -0
- data/lib/sqreen/ecosystem/http/rack_request.rb +39 -0
- data/lib/sqreen/ecosystem/loggable.rb +13 -0
- data/lib/sqreen/ecosystem/module_api.rb +30 -0
- data/lib/sqreen/ecosystem/module_api/event_listener.rb +18 -0
- data/lib/sqreen/ecosystem/module_api/instrumentation.rb +23 -0
- data/lib/sqreen/ecosystem/module_api/message_producer.rb +51 -0
- data/lib/sqreen/ecosystem/module_api/signal_producer.rb +24 -0
- data/lib/sqreen/ecosystem/module_api/tracing.rb +45 -0
- data/lib/sqreen/ecosystem/module_api/tracing/client_data.rb +31 -0
- data/lib/sqreen/ecosystem/module_api/tracing/server_data.rb +27 -0
- data/lib/sqreen/ecosystem/module_api/tracing_id_generation.rb +16 -0
- data/lib/sqreen/ecosystem/module_api/transaction_storage.rb +71 -0
- data/lib/sqreen/ecosystem/module_registry.rb +44 -0
- data/lib/sqreen/ecosystem/redis/redis_connection.rb +43 -0
- data/lib/sqreen/ecosystem/tracing/modules/client.rb +31 -0
- data/lib/sqreen/ecosystem/tracing/modules/server.rb +30 -0
- data/lib/sqreen/ecosystem/tracing/sampler.rb +160 -0
- data/lib/sqreen/ecosystem/tracing/sampling_configuration.rb +150 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_client.rb +53 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_server.rb +53 -0
- data/lib/sqreen/ecosystem/tracing_broker.rb +101 -0
- data/lib/sqreen/ecosystem/tracing_id_setup.rb +34 -0
- data/lib/sqreen/ecosystem/transaction_storage.rb +64 -0
- data/lib/sqreen/ecosystem/util/call_writers_from_init.rb +13 -0
- data/lib/sqreen/ecosystem_integration.rb +87 -0
- data/lib/sqreen/ecosystem_integration/around_callbacks.rb +99 -0
- data/lib/sqreen/ecosystem_integration/instrumentation_service.rb +42 -0
- data/lib/sqreen/ecosystem_integration/request_lifecycle_tracking.rb +58 -0
- data/lib/sqreen/ecosystem_integration/signal_consumption.rb +35 -0
- data/lib/sqreen/endpoint_testing.rb +184 -0
- data/lib/sqreen/event.rb +7 -5
- data/lib/sqreen/events/attack.rb +23 -18
- data/lib/sqreen/events/remote_exception.rb +0 -22
- data/lib/sqreen/events/request_record.rb +15 -71
- data/lib/sqreen/frameworks/generic.rb +24 -1
- data/lib/sqreen/frameworks/rails.rb +0 -7
- data/lib/sqreen/frameworks/request_recorder.rb +15 -2
- data/lib/sqreen/graft/call.rb +106 -19
- data/lib/sqreen/graft/callback.rb +1 -1
- data/lib/sqreen/graft/hook.rb +212 -100
- data/lib/sqreen/graft/hook_point.rb +18 -11
- data/lib/sqreen/kit/signals/specialized/aggregated_metric.rb +72 -0
- data/lib/sqreen/kit/signals/specialized/attack.rb +57 -0
- data/lib/sqreen/kit/signals/specialized/binning_metric.rb +76 -0
- data/lib/sqreen/kit/signals/specialized/http_trace.rb +26 -0
- data/lib/sqreen/kit/signals/specialized/sdk_track_call.rb +50 -0
- data/lib/sqreen/kit/signals/specialized/sqreen_exception.rb +57 -0
- data/lib/sqreen/legacy/instrumentation.rb +22 -10
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +228 -0
- data/lib/sqreen/legacy/waf_redactions.rb +49 -0
- data/lib/sqreen/log.rb +3 -2
- data/lib/sqreen/log/loggable.rb +2 -1
- data/lib/sqreen/logger.rb +24 -0
- data/lib/sqreen/metrics.rb +1 -0
- data/lib/sqreen/metrics/base.rb +3 -0
- data/lib/sqreen/metrics/req_detailed.rb +41 -0
- data/lib/sqreen/metrics_store.rb +33 -12
- data/lib/sqreen/null_logger.rb +22 -0
- data/lib/sqreen/performance_notifications/binned_metrics.rb +8 -2
- data/lib/sqreen/remote_command.rb +4 -0
- data/lib/sqreen/rules.rb +12 -6
- data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -2
- data/lib/sqreen/rules/custom_error_cb.rb +3 -3
- data/lib/sqreen/rules/not_found_cb.rb +2 -0
- data/lib/sqreen/rules/rule_cb.rb +6 -2
- data/lib/sqreen/rules/waf_cb.rb +16 -13
- data/lib/sqreen/runner.rb +138 -16
- data/lib/sqreen/sensitive_data_redactor.rb +19 -31
- data/lib/sqreen/session.rb +53 -43
- data/lib/sqreen/signals/conversions.rb +288 -0
- data/lib/sqreen/signals/http_trace_redaction.rb +111 -0
- data/lib/sqreen/signals/signals_submission_strategy.rb +78 -0
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/budget.rb +35 -0
- data/lib/sqreen/weave/legacy/instrumentation.rb +277 -135
- data/lib/sqreen/worker.rb +6 -2
- metadata +86 -10
- data/lib/sqreen/backport.rb +0 -9
- data/lib/sqreen/backport/clock_gettime.rb +0 -74
- data/lib/sqreen/backport/original_name.rb +0 -88
- data/lib/sqreen/encoding_sanitizer.rb +0 -27
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 00e4d67d3fbef516336bc81d189df526cfd4e67c
|
|
4
|
+
data.tar.gz: d66dc33e04ec02c6f7e3118ba7d2727ee20dbd4d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b9ea001f33c1daf64e8e6cecfdb3463f70c67bbec7db64b1b138216178a769451b0190d3101a67d0b0d5326f7cb3d717fb0b277720fbedcdeefb9bfcaf05018a
|
|
7
|
+
data.tar.gz: f56453335a9e3340e5434b376322a8e0993df25ddfb16df34c26e88aa30eccb3bab4bb31c04a0c6174f5119f65a2ede9d3732103809ee12ffa8da1d22213c361
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,37 @@
|
|
|
1
|
+
## 1.21.0.beta3
|
|
2
|
+
|
|
3
|
+
* Avoid fd leak in `custom_error_cb` (ARB-109)
|
|
4
|
+
* Support `skip_rem_cbs` (ARB-107)
|
|
5
|
+
* Fix instrumentation in Ruby 2.0
|
|
6
|
+
* Fix encoding exception on `hash_key_include` (ARB-53)
|
|
7
|
+
* Fix erroneous start in non-Rails context (SQREEN-880)
|
|
8
|
+
* Make metrics thread-safe
|
|
9
|
+
* Add restart command
|
|
10
|
+
* Fix `overtime_cb`
|
|
11
|
+
* Add `perf_level` 2
|
|
12
|
+
* Several performance optimizations
|
|
13
|
+
* WAF: rename `budget_in_ms` to `max_budget_ms`
|
|
14
|
+
* Transport/Tracing with http module
|
|
15
|
+
* Update the blocking page
|
|
16
|
+
|
|
17
|
+
## 1.20.1
|
|
18
|
+
|
|
19
|
+
* Add fallback mechanisms when connecting to new Sqreen backend API domains
|
|
20
|
+
|
|
21
|
+
## 1.20.0
|
|
22
|
+
|
|
23
|
+
* Enable new instrumentation engine by default
|
|
24
|
+
* Add signal-based backend communication
|
|
25
|
+
|
|
26
|
+
## 1.19.3
|
|
27
|
+
|
|
28
|
+
* Improve WAF PII protection
|
|
29
|
+
|
|
30
|
+
## 1.19.2
|
|
31
|
+
|
|
32
|
+
* Handle unexpected rule callback return values more gracefully
|
|
33
|
+
* Fix incorrect return value for 404 native callback
|
|
34
|
+
|
|
1
35
|
## 1.19.1
|
|
2
36
|
|
|
3
37
|
* Fix LocalJumpError when reaching a Rack app nested in a Rails app
|
|
@@ -24,7 +24,7 @@ module Sqreen
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def do_run(identity_params)
|
|
27
|
-
Sqreen.log.
|
|
27
|
+
Sqreen.log.debug 'Will request redirect for user with identity ' \
|
|
28
28
|
"#{identity_params} (action: #{id})."
|
|
29
29
|
|
|
30
30
|
e = Sqreen::AttackBlocked.new(
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
require 'digest'
|
|
2
|
+
|
|
3
|
+
module Sqreen
|
|
4
|
+
class AgentMessage
|
|
5
|
+
def initialize(kind, message, id = nil)
|
|
6
|
+
id ||= message + "\x00" + kind
|
|
7
|
+
@hash_hex = Digest::SHA1.hexdigest(id)
|
|
8
|
+
@kind = kind
|
|
9
|
+
@message = message
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def to_h
|
|
13
|
+
{
|
|
14
|
+
id: @hash_hex,
|
|
15
|
+
kind: @kind,
|
|
16
|
+
message: @message,
|
|
17
|
+
}
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
require 'sqreen/rules/rule_cb'
|
|
2
|
+
require 'sqreen/metrics/base'
|
|
3
|
+
|
|
4
|
+
module Sqreen
|
|
5
|
+
class AggregatedMetric
|
|
6
|
+
def initialize(values = {})
|
|
7
|
+
values.each do |k, v|
|
|
8
|
+
public_send "#{k}=", v
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
# @return [Sqreen::Rules::RuleCB]
|
|
13
|
+
attr_accessor :rule # optional
|
|
14
|
+
|
|
15
|
+
# @return [Sqreen::Metric::Base]
|
|
16
|
+
attr_accessor :metric
|
|
17
|
+
|
|
18
|
+
attr_accessor :start, :finish
|
|
19
|
+
attr_accessor :data
|
|
20
|
+
|
|
21
|
+
def name
|
|
22
|
+
metric.name
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
@@ -1,2 +1 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
<!-- Sorry, you’ve been blocked --><!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>You've been blocked</title><style>a,body,div,h1,html,span{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}body{background:-webkit-radial-gradient(26% 19%,circle,#fff,#f4f7f9);background:radial-gradient(circle at 26% 19%,#fff,#f4f7f9);display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;width:100%;min-height:100vh;line-height:1;flex-direction:column}h1,p,svg{display:block}svg{margin:0 auto 4vh}main{text-align:center;flex:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;flex-direction:column}h1{font-family:sans-serif;font-weight:600;font-size:34px;color:#1e0936;line-height:1.2}p{font-size:18px;line-height:normal;color:#646464;font-family:sans-serif;font-weight:400}a{color:#4842b7}footer{width:100%;text-align:center}footer p{font-size:16px}</style></head><body><main><svg width="170px" height="193px" viewBox="0 0 170 193" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true"><g id="exports" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g id="Artboard" transform="translate(-186.000000, -189.000000)"><g id="logo-cmyk-indigo" transform="translate(186.000000, 189.000000)"><g id="nest-cmyk-indigo"><ellipse id="sqreen" fill="#B0ACFF" cx="85" cy="96.5" rx="45.7692308" ry="45.7966102"></ellipse><path d="M78.4615385,175.749389 L78.4615385,102.2092 L13.1398162,64.4731256 L13.1398162,129.181112 L36.352167,115.771438 C37.9764468,119.873152 40.1038639,123.720553 42.6582364,127.237412 L18.5723996,141.151695 L78.4615385,175.749389 Z M91.5384615,175.749389 L151.4276,141.151695 L127.341764,127.237412 C129.896136,123.720553 132.023553,119.873152 133.647833,115.771438 L156.860184,129.181112 L156.860184,64.4731256 L91.5384615,102.2092 L91.5384615,175.749389 Z M18.0061522,52.1754237 L85,90.8774777 L151.993848,52.1754237 L91.5384615,17.2506105 L91.5384615,44.565949 C89.3964992,44.2986903 87.2143177,44.1610169 85,44.1610169 C82.7856823,44.1610169 80.6035008,44.2986903 78.4615385,44.565949 L78.4615385,17.2506105 L18.0061522,52.1754237 Z M90.8846156,1.76392358 L164.052491,44.0326866 C167.693904,46.1363149 169.937107,50.0239804 169.937107,54.231237 L169.937107,138.768763 C169.937107,142.97602 167.693904,146.863685 164.052491,148.967313 L90.8846156,191.236076 C87.2432028,193.339705 82.7567972,193.339705 79.1153844,191.236076 L5.94750871,148.967313 C2.30609589,146.863685 0.0628930904,142.97602 0.0628930904,138.768763 L0.0628930904,54.231237 C0.0628930904,50.0239804 2.30609589,46.1363149 5.94750871,44.0326866 L79.1153844,1.76392358 C82.7567972,-0.339704735 87.2432028,-0.339704735 90.8846156,1.76392358 Z" id="app" fill="#4842B7"></path></g></g></g></g></svg><h1>Sorry, you've been blocked</h1><p>Contact the website owner</p></main><footer><p>Security provided by <a href="https://www.sqreen.com/?utm_medium=block_page" target="_blank">Sqreen</a></p></footer></body></html>
|
data/lib/sqreen/ca.crt
CHANGED
|
@@ -70,3 +70,27 @@ WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
|
|
|
70
70
|
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
|
|
71
71
|
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
|
|
72
72
|
-----END CERTIFICATE-----
|
|
73
|
+
-----BEGIN CERTIFICATE-----
|
|
74
|
+
MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx
|
|
75
|
+
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
|
|
76
|
+
HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs
|
|
77
|
+
ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
|
|
78
|
+
MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD
|
|
79
|
+
VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy
|
|
80
|
+
ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy
|
|
81
|
+
dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
|
|
82
|
+
hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p
|
|
83
|
+
OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2
|
|
84
|
+
8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K
|
|
85
|
+
Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe
|
|
86
|
+
hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk
|
|
87
|
+
6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw
|
|
88
|
+
DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q
|
|
89
|
+
AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI
|
|
90
|
+
bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB
|
|
91
|
+
ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z
|
|
92
|
+
qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
|
|
93
|
+
iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
|
|
94
|
+
0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
|
|
95
|
+
sSi6
|
|
96
|
+
-----END CERTIFICATE-----
|
|
@@ -67,7 +67,7 @@ module Sqreen
|
|
|
67
67
|
return true if rem <= 0
|
|
68
68
|
if hash.is_a?(Array)
|
|
69
69
|
return hash.any? do |v|
|
|
70
|
-
|
|
70
|
+
hash_key_include?(values, v, min_value_size, rem - 1)
|
|
71
71
|
end
|
|
72
72
|
end
|
|
73
73
|
|
|
@@ -81,7 +81,14 @@ module Sqreen
|
|
|
81
81
|
if hkey.respond_to?(:empty?) && hkey.empty?
|
|
82
82
|
false
|
|
83
83
|
else
|
|
84
|
-
|
|
84
|
+
key_incl =
|
|
85
|
+
if values.is_a?(String)
|
|
86
|
+
str_include? values, hkey.to_s
|
|
87
|
+
else
|
|
88
|
+
values.include?(hkey.to_s)
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
key_incl || hash_key_include?(values, hval, min_value_size, rem - 1)
|
|
85
92
|
end
|
|
86
93
|
end
|
|
87
94
|
end
|
data/lib/sqreen/conditionable.rb
CHANGED
|
@@ -28,21 +28,39 @@ module Sqreen
|
|
|
28
28
|
end
|
|
29
29
|
|
|
30
30
|
def pre_with_conditions(inst, args, budget = nil, &block)
|
|
31
|
+
return pre_without_conditions(inst, args, budget, &block) if pre_conditions.nil?
|
|
32
|
+
|
|
31
33
|
eargs = [nil, framework, inst, args, @data, nil]
|
|
32
|
-
return nil
|
|
33
|
-
|
|
34
|
+
return nil unless pre_conditions.evaluate(*eargs)
|
|
35
|
+
|
|
36
|
+
res = pre_without_conditions(inst, args, budget, &block)
|
|
37
|
+
return { passed_conditions: true } unless res.is_a?(Hash)
|
|
38
|
+
res[:passed_conditions] = true
|
|
39
|
+
res
|
|
34
40
|
end
|
|
35
41
|
|
|
36
42
|
def post_with_conditions(rv, inst, args, budget = nil, &block)
|
|
43
|
+
return post_without_conditions(rv, inst, args, budget, &block) if post_conditions.nil?
|
|
44
|
+
|
|
37
45
|
eargs = [nil, framework, inst, args, @data, rv]
|
|
38
|
-
return nil
|
|
39
|
-
|
|
46
|
+
return nil unless post_conditions.evaluate(*eargs)
|
|
47
|
+
|
|
48
|
+
res = post_without_conditions(rv, inst, args, budget, &block)
|
|
49
|
+
return { passed_conditions: true } if res.nil?
|
|
50
|
+
res[:passed_conditions] = true
|
|
51
|
+
res
|
|
40
52
|
end
|
|
41
53
|
|
|
42
54
|
def failing_with_conditions(rv, inst, args, budget = nil, &block)
|
|
55
|
+
return failing_without_conditions(rv, inst, args, budget, &block) if failing_conditions.nil?
|
|
56
|
+
|
|
43
57
|
eargs = [nil, framework, inst, args, @data, rv]
|
|
44
|
-
return nil
|
|
45
|
-
|
|
58
|
+
return nil unless failing_conditions.evaluate(*eargs)
|
|
59
|
+
|
|
60
|
+
res = failing_without_conditions(rv, inst, args, budget, &block)
|
|
61
|
+
return { passed_conditions: true } if res.nil?
|
|
62
|
+
res[:passed_conditions] = true
|
|
63
|
+
res
|
|
46
64
|
end
|
|
47
65
|
|
|
48
66
|
protected
|
data/lib/sqreen/configuration.rb
CHANGED
|
@@ -39,11 +39,15 @@ module Sqreen
|
|
|
39
39
|
{ :env => :SQREEN_LIBSQREEN, :name => :libsqreen,
|
|
40
40
|
:default => true, :convert => :to_bool },
|
|
41
41
|
{ :env => :SQREEN_WEAVE, :name => :weave,
|
|
42
|
-
:default =>
|
|
42
|
+
:default => true, :convert => :to_bool },
|
|
43
43
|
{ :env => :SQREEN_WEAVE_STRATEGY, :name => :weave_strategy,
|
|
44
|
-
:default => :
|
|
45
|
-
{ :env => :SQREEN_URL,
|
|
46
|
-
:default =>
|
|
44
|
+
:default => :prepend, :convert => :to_sym },
|
|
45
|
+
{ :env => :SQREEN_URL, :name => :url,
|
|
46
|
+
:default => nil },
|
|
47
|
+
{ :env => :SQREEN_INGESTION_URL, :name => :ingestion_url,
|
|
48
|
+
:default => nil },
|
|
49
|
+
{ :env => :SQREEN_PROXY_URL, :name => :proxy_url,
|
|
50
|
+
:default => nil },
|
|
47
51
|
{ :env => :SQREEN_TOKEN, :name => :token,
|
|
48
52
|
:default => nil },
|
|
49
53
|
{ :env => :SQREEN_APP_NAME, :name => :app_name,
|
|
@@ -53,7 +57,7 @@ module Sqreen
|
|
|
53
57
|
{ :env => :SQREEN_RULES_SIGNATURE, :name => :rules_verify_signature,
|
|
54
58
|
:default => true },
|
|
55
59
|
{ :env => :SQREEN_LOG_LEVEL, :name => :log_level,
|
|
56
|
-
:default => '
|
|
60
|
+
:default => 'INFO', :choice => %w[UNKNOWN FATAL ERROR WARN INFO DEBUG] },
|
|
57
61
|
{ :env => :SQREEN_LOG_LOCATION, :name => :log_location,
|
|
58
62
|
:default => 'log/sqreen.log' },
|
|
59
63
|
{ :env => :SQREEN_RUN_IN_TEST, :name => :run_in_test,
|
|
@@ -74,6 +78,8 @@ module Sqreen
|
|
|
74
78
|
:default => nil },
|
|
75
79
|
{ :env => :SQREEN_STRIP_SENSITIVE_REGEX, :name => :strip_sensitive_regex,
|
|
76
80
|
:default => nil },
|
|
81
|
+
{ :env => :SQREEN_NO_SNIFF_DOMAINS, :name => :no_sniff_domains,
|
|
82
|
+
:default => false },
|
|
77
83
|
|
|
78
84
|
].freeze
|
|
79
85
|
|
|
@@ -9,35 +9,70 @@ require 'sqreen/logger'
|
|
|
9
9
|
|
|
10
10
|
module Sqreen
|
|
11
11
|
class DeferredLogger
|
|
12
|
-
|
|
12
|
+
MAX_ENTRIES = 1000
|
|
13
|
+
|
|
14
|
+
Entry = Struct.new(:severity, :message)
|
|
13
15
|
|
|
14
16
|
def initialize
|
|
15
17
|
@buffer = StringIO.new
|
|
16
18
|
@logger = ::Logger.new(@buffer)
|
|
19
|
+
@entries = []
|
|
20
|
+
@mutex = Mutex.new
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def debug?
|
|
24
|
+
true
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def info?
|
|
28
|
+
true
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def warn?
|
|
32
|
+
true
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def error?
|
|
36
|
+
true
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def fatal?
|
|
40
|
+
true
|
|
17
41
|
end
|
|
18
42
|
|
|
19
43
|
def debug(msg = nil, &block)
|
|
20
|
-
|
|
44
|
+
add(::Logger::DEBUG, msg, &block)
|
|
21
45
|
end
|
|
22
46
|
|
|
23
47
|
def info(msg = nil, &block)
|
|
24
|
-
|
|
48
|
+
add(::Logger::INFO, msg, &block)
|
|
25
49
|
end
|
|
26
50
|
|
|
27
51
|
def warn(msg = nil, &block)
|
|
28
|
-
|
|
52
|
+
add(::Logger::WARN, msg, &block)
|
|
29
53
|
end
|
|
30
54
|
|
|
31
55
|
def error(msg = nil, &block)
|
|
32
|
-
|
|
56
|
+
add(::Logger::ERROR, msg, &block)
|
|
33
57
|
end
|
|
34
58
|
|
|
35
59
|
def fatal(msg = nil, &block)
|
|
36
|
-
|
|
60
|
+
add(::Logger::FATAL, msg, &block)
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def unknown(msg = nil, &block)
|
|
64
|
+
add(::Logger::UNKNOWN, msg, &block)
|
|
37
65
|
end
|
|
38
66
|
|
|
39
67
|
def add(severity, msg = nil, &block)
|
|
40
|
-
|
|
68
|
+
@mutex.synchronize do
|
|
69
|
+
@entries.shift if @entries.count >= MAX_ENTRIES
|
|
70
|
+
mark = @buffer.pos
|
|
71
|
+
@logger.add(severity, msg, &block)
|
|
72
|
+
@buffer.seek(mark)
|
|
73
|
+
@entries << Entry.new(severity, @buffer.read)
|
|
74
|
+
@buffer.truncate(0)
|
|
75
|
+
end
|
|
41
76
|
end
|
|
42
77
|
|
|
43
78
|
def formatter=(value)
|
|
@@ -45,21 +80,22 @@ module Sqreen
|
|
|
45
80
|
end
|
|
46
81
|
|
|
47
82
|
def flush_to(logger)
|
|
48
|
-
|
|
83
|
+
@mutex.synchronize do
|
|
84
|
+
@entries.each do |entry|
|
|
85
|
+
next if entry.severity < logger.level
|
|
86
|
+
logger.instance_eval { @logdev }.write(entry.message)
|
|
87
|
+
end
|
|
88
|
+
reset
|
|
89
|
+
end
|
|
49
90
|
end
|
|
50
91
|
|
|
51
92
|
private
|
|
52
93
|
|
|
53
|
-
def read
|
|
54
|
-
@buffer.rewind
|
|
55
|
-
@buffer.read
|
|
56
|
-
end
|
|
57
|
-
|
|
58
94
|
def reset
|
|
59
95
|
buffer = StringIO.new
|
|
60
96
|
logger = ::Logger.new(buffer)
|
|
61
97
|
logger.formatter = @logger.formatter
|
|
62
|
-
@buffer, @logger = buffer, logger
|
|
98
|
+
@buffer, @logger, @entries = buffer, logger, []
|
|
63
99
|
end
|
|
64
100
|
end
|
|
65
101
|
end
|
|
@@ -8,10 +8,13 @@
|
|
|
8
8
|
# TODO: Sqreen::RequestRecord => sqreen/events
|
|
9
9
|
# TODO: Sqreen.time
|
|
10
10
|
|
|
11
|
+
require 'sqreen/aggregated_metric'
|
|
11
12
|
require 'sqreen/events/attack'
|
|
12
13
|
require 'sqreen/events/remote_exception'
|
|
13
14
|
require 'sqreen/mono_time'
|
|
14
15
|
require 'sqreen/deliveries/simple'
|
|
16
|
+
require 'sqreen/kit/signals/signal'
|
|
17
|
+
require 'sqreen/kit/signals/trace'
|
|
15
18
|
|
|
16
19
|
module Sqreen
|
|
17
20
|
module Deliveries
|
|
@@ -57,7 +60,7 @@ module Sqreen
|
|
|
57
60
|
def post_batch_needed?(event)
|
|
58
61
|
now = Sqreen.time
|
|
59
62
|
# do not use any? {} due to side effects inside block
|
|
60
|
-
event_keys(event).map do |key|
|
|
63
|
+
event_keys(event).uniq.map do |key|
|
|
61
64
|
was = @first_seen[key]
|
|
62
65
|
@first_seen[key] ||= now
|
|
63
66
|
was.nil? || current_batch.size > max_batch || now > (was + max_staleness)
|
|
@@ -85,15 +88,22 @@ module Sqreen
|
|
|
85
88
|
res += event.observed.fetch(:sdk, []).select { |e|
|
|
86
89
|
e[0] == :track
|
|
87
90
|
}.map { |e| "sdk-track".freeze }
|
|
91
|
+
res += event.observed.fetch(:signals, []).map { "signal".freeze }
|
|
88
92
|
return res
|
|
89
93
|
end
|
|
90
94
|
|
|
91
95
|
def event_key(event)
|
|
92
96
|
case event
|
|
93
97
|
when Sqreen::Attack
|
|
94
|
-
"att-#{event.
|
|
98
|
+
"att-#{event.rule_name}"
|
|
95
99
|
when Sqreen::RemoteException
|
|
96
100
|
"rex-#{event.klass}"
|
|
101
|
+
when Sqreen::AggregatedMetric
|
|
102
|
+
"agg-metric"
|
|
103
|
+
when Sqreen::Kit::Signals::Signal
|
|
104
|
+
"signal"
|
|
105
|
+
when Sqreen::Kit::Signals::Trace
|
|
106
|
+
"signal"
|
|
97
107
|
end
|
|
98
108
|
end
|
|
99
109
|
end
|
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
# TODO: Sqreen::RemoteException => sqreen/events
|
|
8
8
|
# TODO: Sqreen::RequestRecord => sqreen/events
|
|
9
9
|
|
|
10
|
+
require 'sqreen/log/loggable'
|
|
10
11
|
require 'sqreen/events/attack'
|
|
11
12
|
require 'sqreen/events/remote_exception'
|
|
12
13
|
require 'sqreen/events/request_record'
|
|
@@ -15,6 +16,7 @@ module Sqreen
|
|
|
15
16
|
module Deliveries
|
|
16
17
|
# Simple delivery method that directly call session on event
|
|
17
18
|
class Simple
|
|
19
|
+
include Log::Loggable
|
|
18
20
|
attr_accessor :session
|
|
19
21
|
|
|
20
22
|
def initialize(session)
|
|
@@ -29,6 +31,8 @@ module Sqreen
|
|
|
29
31
|
session.post_sqreen_exception(event)
|
|
30
32
|
when Sqreen::RequestRecord
|
|
31
33
|
session.post_request_record(event)
|
|
34
|
+
when Sqreen::AggregatedMetric
|
|
35
|
+
logger.warn 'Delivery of metrics using signals is not supported with simple delivery'
|
|
32
36
|
else
|
|
33
37
|
session.post_event(event)
|
|
34
38
|
end
|