RubyGems - sqreen - Versions diffs - 1.19.1-java → 1.21.0.beta3-java - Mend

sqreen 1.19.1-java → 1.21.0.beta3-java

Files changed (101) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +34 -0
data/lib/sqreen/actions/block_user.rb +1 -1
data/lib/sqreen/actions/redirect_ip.rb +1 -1
data/lib/sqreen/actions/redirect_user.rb +1 -1
data/lib/sqreen/agent_message.rb +20 -0
data/lib/sqreen/aggregated_metric.rb +25 -0
data/lib/sqreen/attack_detected.html +1 -2
data/lib/sqreen/ca.crt +24 -0
data/lib/sqreen/condition_evaluator.rb +9 -2
data/lib/sqreen/conditionable.rb +24 -6
data/lib/sqreen/configuration.rb +11 -5
data/lib/sqreen/deferred_logger.rb +50 -14
data/lib/sqreen/deliveries/batch.rb +12 -2
data/lib/sqreen/deliveries/simple.rb +4 -0
data/lib/sqreen/deprecation.rb +38 -0
data/lib/sqreen/ecosystem.rb +96 -0
data/lib/sqreen/ecosystem/dispatch_table.rb +43 -0
data/lib/sqreen/ecosystem/exception_reporting.rb +26 -0
data/lib/sqreen/ecosystem/http/net_http.rb +50 -0
data/lib/sqreen/ecosystem/http/rack_request.rb +39 -0
data/lib/sqreen/ecosystem/loggable.rb +13 -0
data/lib/sqreen/ecosystem/module_api.rb +30 -0
data/lib/sqreen/ecosystem/module_api/event_listener.rb +18 -0
data/lib/sqreen/ecosystem/module_api/instrumentation.rb +23 -0
data/lib/sqreen/ecosystem/module_api/message_producer.rb +51 -0
data/lib/sqreen/ecosystem/module_api/signal_producer.rb +24 -0
data/lib/sqreen/ecosystem/module_api/tracing.rb +45 -0
data/lib/sqreen/ecosystem/module_api/tracing/client_data.rb +31 -0
data/lib/sqreen/ecosystem/module_api/tracing/server_data.rb +27 -0
data/lib/sqreen/ecosystem/module_api/tracing_id_generation.rb +16 -0
data/lib/sqreen/ecosystem/module_api/transaction_storage.rb +71 -0
data/lib/sqreen/ecosystem/module_registry.rb +44 -0
data/lib/sqreen/ecosystem/redis/redis_connection.rb +43 -0
data/lib/sqreen/ecosystem/tracing/modules/client.rb +31 -0
data/lib/sqreen/ecosystem/tracing/modules/server.rb +30 -0
data/lib/sqreen/ecosystem/tracing/sampler.rb +160 -0
data/lib/sqreen/ecosystem/tracing/sampling_configuration.rb +150 -0
data/lib/sqreen/ecosystem/tracing/signals/tracing_client.rb +53 -0
data/lib/sqreen/ecosystem/tracing/signals/tracing_server.rb +53 -0
data/lib/sqreen/ecosystem/tracing_broker.rb +101 -0
data/lib/sqreen/ecosystem/tracing_id_setup.rb +34 -0
data/lib/sqreen/ecosystem/transaction_storage.rb +64 -0
data/lib/sqreen/ecosystem/util/call_writers_from_init.rb +13 -0
data/lib/sqreen/ecosystem_integration.rb +87 -0
data/lib/sqreen/ecosystem_integration/around_callbacks.rb +99 -0
data/lib/sqreen/ecosystem_integration/instrumentation_service.rb +42 -0
data/lib/sqreen/ecosystem_integration/request_lifecycle_tracking.rb +58 -0
data/lib/sqreen/ecosystem_integration/signal_consumption.rb +35 -0
data/lib/sqreen/endpoint_testing.rb +184 -0
data/lib/sqreen/event.rb +7 -5
data/lib/sqreen/events/attack.rb +23 -18
data/lib/sqreen/events/remote_exception.rb +0 -22
data/lib/sqreen/events/request_record.rb +15 -71
data/lib/sqreen/frameworks/generic.rb +24 -1
data/lib/sqreen/frameworks/rails.rb +0 -7
data/lib/sqreen/frameworks/request_recorder.rb +15 -2
data/lib/sqreen/graft/call.rb +106 -19
data/lib/sqreen/graft/callback.rb +1 -1
data/lib/sqreen/graft/hook.rb +212 -100
data/lib/sqreen/graft/hook_point.rb +18 -11
data/lib/sqreen/kit/signals/specialized/aggregated_metric.rb +72 -0
data/lib/sqreen/kit/signals/specialized/attack.rb +57 -0
data/lib/sqreen/kit/signals/specialized/binning_metric.rb +76 -0
data/lib/sqreen/kit/signals/specialized/http_trace.rb +26 -0
data/lib/sqreen/kit/signals/specialized/sdk_track_call.rb +50 -0
data/lib/sqreen/kit/signals/specialized/sqreen_exception.rb +57 -0
data/lib/sqreen/legacy/instrumentation.rb +22 -10
data/lib/sqreen/legacy/old_event_submission_strategy.rb +228 -0
data/lib/sqreen/legacy/waf_redactions.rb +49 -0
data/lib/sqreen/log.rb +3 -2
data/lib/sqreen/log/loggable.rb +2 -1
data/lib/sqreen/logger.rb +24 -0
data/lib/sqreen/metrics.rb +1 -0
data/lib/sqreen/metrics/base.rb +3 -0
data/lib/sqreen/metrics/req_detailed.rb +41 -0
data/lib/sqreen/metrics_store.rb +33 -12
data/lib/sqreen/null_logger.rb +22 -0
data/lib/sqreen/performance_notifications/binned_metrics.rb +8 -2
data/lib/sqreen/remote_command.rb +4 -0
data/lib/sqreen/rules.rb +12 -6
data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -2
data/lib/sqreen/rules/custom_error_cb.rb +3 -3
data/lib/sqreen/rules/not_found_cb.rb +2 -0
data/lib/sqreen/rules/rule_cb.rb +6 -2
data/lib/sqreen/rules/waf_cb.rb +16 -13
data/lib/sqreen/runner.rb +138 -16
data/lib/sqreen/sensitive_data_redactor.rb +19 -31
data/lib/sqreen/session.rb +53 -43
data/lib/sqreen/signals/conversions.rb +288 -0
data/lib/sqreen/signals/http_trace_redaction.rb +111 -0
data/lib/sqreen/signals/signals_submission_strategy.rb +78 -0
data/lib/sqreen/version.rb +1 -1
data/lib/sqreen/weave/budget.rb +35 -0
data/lib/sqreen/weave/legacy/instrumentation.rb +277 -135
data/lib/sqreen/worker.rb +6 -2
metadata +86 -10
data/lib/sqreen/backport.rb +0 -9
data/lib/sqreen/backport/clock_gettime.rb +0 -74
data/lib/sqreen/backport/original_name.rb +0 -88
data/lib/sqreen/encoding_sanitizer.rb +0 -27

@@ -0,0 +1,38 @@
+# typed: strong
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+require 'sqreen/log/loggable'
+module Sqreen
+  module Deprecation
+    include Sqreen::Log::Loggable
+    module_function
+    def deprecate(method)
+      return unless ENV['SQREEN_DEBUG_DEPRECATION']
+      owner = method.owner
+      deprecated = :"_deprecated_#{method.name}"
+      klass = owner.is_a?(Module)
+      target = klass ? owner.to_s : owner.class.to_s
+      method.owner.instance_eval do
+        alias_method deprecated, method.name
+        define_method(method.name) do |*args, &block|
+          msg = [
+            "deprecation",
+            "target:#{target}",
+            "method:#{method.name}",
+            "caller:#{Kernel.caller_locations[0]}",
+          ].join(' ')
+          Sqreen::Deprecation.logger.info(msg)
+          send(deprecated, *args, &block)
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem.rb ADDED

@@ -0,0 +1,96 @@
+require 'securerandom'
+require 'sqreen/ecosystem/module_registry'
+require 'sqreen/ecosystem/tracing/sampling_configuration'
+require 'sqreen/ecosystem/transaction_storage'
+require 'sqreen/ecosystem/tracing_broker'
+require 'sqreen/ecosystem/tracing_id_setup'
+require 'sqreen/ecosystem/module_api/message_producer'
+require 'sqreen/ecosystem/module_api/tracing_id_generation'
+require 'sqreen/ecosystem/module_api/tracing'
+module Sqreen
+  # The API for the ecosystem client (together with the dispatch table)
+  module Ecosystem
+    class << self
+      def init(opts = {})
+        @registry = ModuleRegistry.new
+        register_modules(opts[:modules])
+        @registry.init_all
+        # setup tracing generation
+        tracing_id_mods = @registry.module_subset(ModuleApi::TracingIdGeneration)
+        @tracing_id_setup = TracingIdSetup.new(tracing_id_mods)
+        @tracing_id_setup.setup_modules
+        # configure tracing broker with the consumers (tracing modules)
+        tracing_modules = @registry.module_subset(ModuleApi::Tracing)
+        @tracing_broker = TracingBroker.new(tracing_modules)
+        # inject tracing broker in message producers
+        @registry.each_module(ModuleApi::MessageProducer) do |mod|
+          mod.tracing_broker = @tracing_broker
+        end
+      rescue ::Exception # rubocop:disable Lint/RescueException
+        # TODO: modules must be disabled at this point
+        raise
+      end
+      def reset
+        instance_variables.each do |ia|
+          instance_variable_set(ia, nil)
+        end
+      end
+      # To be called by the Ecosystem client when a new transaction
+      # (generally: request) is started
+      # In the future, it's intended that request end/start detection be handled
+      # by the Ecosystem itself, so control will flow in the other direction,
+      # from the ecosystem to its client
+      def start_transaction
+        TransactionStorage.create_thread_local
+      end
+      def end_transaction
+        TransactionStorage.destroy_thread_local
+      end
+      # @param [String] tracing_id_prefix
+      # @param [Array<Hash{String=>Object}>] sampling_config
+      def configure_sampling(tracing_id_prefix, sampling_config)
+        @tracing_id_setup.tracing_id_prefix = tracing_id_prefix
+        built_samp_cfg = Tracing::SamplingConfiguration.new(sampling_config)
+        @tracing_broker.sampling_configuration = built_samp_cfg
+      end
+      private
+      def register_modules(modules)
+        return register_all_modules unless modules
+        modules.each { |mod| register mod }
+      end
+      def register_all_modules
+        # replace with something more magical?
+        require_relative 'ecosystem/http/rack_request'
+        register Http::RackRequest.new
+        require_relative 'ecosystem/http/net_http'
+        register Http::NetHttp.new
+        require_relative 'ecosystem/redis/redis_connection'
+        register Redis::RedisConnection.new
+        require_relative 'ecosystem/tracing/modules/client'
+        register Tracing::Modules::Client.new
+        require_relative 'ecosystem/tracing/modules/server'
+        register Tracing::Modules::Server.new
+      end
+      def register(mod)
+        @registry.register mod
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/dispatch_table.rb ADDED

@@ -0,0 +1,43 @@
+require 'logger'
+module Sqreen
+  module Ecosystem
+    # Configured by the ecosystem client
+    module DispatchTable
+      class << self
+        # data consumption
+        # argument: +Sqreen::Kit::Signals::Signal+
+        # see +Sqreen::EcosystemIntegration::SignalConsumption#consume_signal+
+        attr_accessor :consume_signal
+        # argument: block taking a Rack::Request
+        # see +Sqreen::EcosystemIntegration::RequestLifecycleTracking#add_start_observer+
+        attr_accessor :add_request_start_listener
+        attr_accessor :fetch_logger
+        # argument: callback taking:
+        # * the method to instrument
+        # * A Hash{Symbol=>Proc} with the advice. The proc takes the
+        # arguments and the ball, so these details of the instrumentation
+        # implementation leak through the abstraction
+        # see +Sqreen::EcosystemIntegration::InstrumentationService+
+        attr_accessor :instrument
+        def reset
+          instance_variables.each do |ia|
+            instance_variable_set(ia, nil)
+          end
+          # set default logger
+          logger = ::Logger.new(STDERR)
+          logger.level = ::Logger::WARN
+          logger.progname = 'sqreen-ecosystem'
+          self.fetch_logger = proc { logger }
+        end
+      end
+      reset
+    end
+  end
+end

data/lib/sqreen/ecosystem/exception_reporting.rb ADDED

@@ -0,0 +1,26 @@
+require 'sqreen/ecosystem/dispatch_table'
+require 'sqreen/ecosystem/loggable'
+require 'sqreen/kit/signals/specialized/sqreen_exception'
+module Sqreen
+  module Ecosystem
+    module ExceptionReporting
+      include Loggable
+      private
+      # @param [String] message
+      # @param [Exception] e
+      def report_exception(message, e)
+        logger.warn { "#{message}: #{e.message}" }
+        logger.debug { e.backtrace.map { |x| "  #{x}" }.join("\n") }
+        signal = Sqreen::Kit::Signals::Specialized::SqreenException.new(
+          ruby_exception: e
+        )
+        DispatchTable.consume_signal signal
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/http/net_http.rb ADDED

@@ -0,0 +1,50 @@
+require 'sqreen/ecosystem/module_api'
+require 'sqreen/ecosystem/module_api/instrumentation'
+require 'sqreen/ecosystem/module_api/message_producer'
+require 'sqreen/ecosystem/module_api/tracing_id_generation'
+require 'sqreen/ecosystem/module_api/tracing/client_data'
+module Sqreen
+  module Ecosystem
+    module Http
+      class NetHttp
+        class HttpConnectionData
+          include ModuleApi::Tracing::ClientData
+        end
+        include ModuleApi::Instrumentation
+        include ModuleApi::MessageProducer
+        include ModuleApi::TracingIdGeneration
+        def setup
+          advice = wrap_for_interest(HttpConnectionData, &method(:before_advice))
+          instrument 'Net::HTTP#request', before: advice
+        end
+        private
+        # instr. def request(req, body = nil, &block)  # :yield: +response+
+        # req is of type +Net::HTTPGenericRequest+
+        def before_advice(call, _ball)
+          tracing_id = create_tracing_id
+          # build & submit signal
+          host = call.instance.address
+          port = call.instance.port
+          # add tracing header
+          req = call.args[0]
+          req[ModuleApi::TRACE_ID_HEADER] = tracing_id
+          host += ':' + port.to_s if port != 80 && port != 443
+          HttpConnectionData.new(
+            transport: 'http',
+            host: host,
+            tracing_identifier: tracing_id
+          )
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/http/rack_request.rb ADDED

@@ -0,0 +1,39 @@
+require 'sqreen/ecosystem/module_api'
+require 'sqreen/ecosystem/module_api/event_listener'
+require 'sqreen/ecosystem/module_api/message_producer'
+require 'sqreen/ecosystem/module_api/tracing/server_data'
+module Sqreen
+  module Ecosystem
+    module Http
+      class RackRequest
+        class HttpServerData
+          include ModuleApi::Tracing::ServerData
+        end
+        include ModuleApi::EventListener
+        include ModuleApi::MessageProducer
+        def setup
+          advice = wrap_for_interest(
+            ModuleApi::Tracing::ServerData,
+            &method(:handle_request)
+          )
+          on_request_start(&advice)
+        end
+        private
+        def handle_request(rack_request)
+          trace_id = rack_request.env[ModuleApi::TRACE_ID_ENV_KEY]
+          HttpServerData.new(
+            transport: 'http',
+            client_ip: rack_request.ip,
+            tracing_identifier: trace_id
+          )
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/loggable.rb ADDED

@@ -0,0 +1,13 @@
+require 'sqreen/ecosystem/dispatch_table'
+module Sqreen
+  module Ecosystem
+    module Loggable
+      private
+      def logger
+        DispatchTable.fetch_logger.call
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/module_api.rb ADDED

@@ -0,0 +1,30 @@
+require 'sqreen/ecosystem/loggable'
+module Sqreen
+  module Ecosystem
+    # The API that the transport/tracing modules are written against
+    module ModuleApi
+      TRACE_ID_HEADER = 'X-Sqreen-Trace-Identifier'.freeze
+      TRACE_ID_ENV_KEY = 'HTTP_X_SQREEN_TRACE_IDENTIFIER'.freeze
+      Loggable = Sqreen::Ecosystem::Loggable
+      module ClassMethods
+        attr_writer :module_name
+        def module_name
+          if instance_variable_defined?(:@module_name)
+            @module_name
+          else
+            # to snake case
+            @module_name = to_s.sub(/.*::/, '').gsub(/([a-z])([A-Z])/, '\1_\2').downcase
+          end
+        end
+      end
+      def self.included(mod)
+        mod.extend(ClassMethods)
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/module_api/event_listener.rb ADDED

@@ -0,0 +1,18 @@
+require 'sqreen/ecosystem/dispatch_table'
+module Sqreen
+  module Ecosystem
+    module ModuleApi
+      module EventListener
+        private
+        # XXX: callbacks need to be wrapped in order ot handle
+        # perfcap, exceptions, and maybe other concerns applying
+        # across the board
+        def on_request_start(&cb)
+          DispatchTable.add_request_start_listener.call(cb)
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/module_api/instrumentation.rb ADDED

@@ -0,0 +1,23 @@
+require 'sqreen/ecosystem/module_api'
+module Sqreen
+  module Ecosystem
+    module ModuleApi
+      module Instrumentation
+        def self.included(mod)
+          mod.send :include, ModuleApi unless mod.ancestors.include?(ModuleApi)
+        end
+        private
+        # Just forwards the call to the instrumentation service
+        # @param [String] method
+        # @param [Hash{Symbol=>Proc}] advice keys are one of: :before, :after,
+        #                             :raised,
+        def instrument(method, advice)
+          DispatchTable.instrument.call(self.class.module_name, method, advice)
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/module_api/message_producer.rb ADDED

@@ -0,0 +1,51 @@
+require 'sqreen/ecosystem/loggable'
+module Sqreen
+  module Ecosystem
+    module ModuleApi
+      module MessageProducer
+        include Loggable
+        # method for ecosystem to inject the config
+        # @param [Sqreen::Ecosystem::TracingBroker]
+        attr_writer :tracing_broker
+        private
+        def determine_interest(type, hints = {})
+          @tracing_broker.interested_consumers(type, hints)
+        end
+        def publish(data, interested)
+          @tracing_broker.publish(data, interested)
+        end
+        # Convenience wrapper.
+        # Wraps a callback, skipping it if there is no interest in the type
+        # produced and submitting the return value as a message to the
+        # tracing broker
+        def wrap_for_interest(type, gen_hints = nil, &block)
+          raise ArgumentError, 'no block passed' if block.nil?
+          proc do |*args|
+            hints = gen_hints[*args] if gen_hints
+            interested = determine_interest(type, hints || {})
+            unless interested
+              logger.debug { "No interested consumers in #{type}" }
+              next
+            end
+            res = block[*args]
+            next if res.nil?
+            raise 'unexpected return type' unless res.is_a?(type)
+            @tracing_broker.publish(res, interested)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/module_api/signal_producer.rb ADDED

@@ -0,0 +1,24 @@
+require 'sqreen/ecosystem/dispatch_table'
+module Sqreen
+  module Ecosystem
+    module ModuleApi
+      module SignalProducer
+        # for injection
+        # callable taking no arguments and generating a tracing id
+        attr_writer :tracing_id_producer
+        private
+        def create_tracing_id
+          @tracing_id_producer.call
+        end
+        # @param [Sqreen::Kit::Signals::Signal] signal
+        def submit_signal(signal)
+          DispatchTable.consume_signal.call(signal)
+        end
+      end
+    end
+  end
+end