sqreen 1.19.1 → 1.20.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -0
- data/lib/sqreen/agent_message.rb +20 -0
- data/lib/sqreen/aggregated_metric.rb +25 -0
- data/lib/sqreen/attack_detected.html +1 -2
- data/lib/sqreen/ca.crt +24 -0
- data/lib/sqreen/configuration.rb +10 -4
- data/lib/sqreen/deferred_logger.rb +4 -0
- data/lib/sqreen/deliveries/batch.rb +4 -1
- data/lib/sqreen/deliveries/simple.rb +4 -0
- data/lib/sqreen/endpoint_testing.rb +184 -0
- data/lib/sqreen/event.rb +7 -5
- data/lib/sqreen/events/attack.rb +23 -18
- data/lib/sqreen/events/remote_exception.rb +0 -22
- data/lib/sqreen/events/request_record.rb +15 -70
- data/lib/sqreen/frameworks/request_recorder.rb +13 -2
- data/lib/sqreen/graft/call.rb +32 -19
- data/lib/sqreen/graft/callback.rb +1 -1
- data/lib/sqreen/graft/hook.rb +97 -116
- data/lib/sqreen/graft/hook_point.rb +1 -1
- data/lib/sqreen/kit/signals/specialized/aggregated_metric.rb +72 -0
- data/lib/sqreen/kit/signals/specialized/attack.rb +57 -0
- data/lib/sqreen/kit/signals/specialized/binning_metric.rb +76 -0
- data/lib/sqreen/kit/signals/specialized/http_trace.rb +26 -0
- data/lib/sqreen/kit/signals/specialized/sdk_track_call.rb +50 -0
- data/lib/sqreen/kit/signals/specialized/sqreen_exception.rb +57 -0
- data/lib/sqreen/legacy/instrumentation.rb +10 -10
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +221 -0
- data/lib/sqreen/legacy/waf_redactions.rb +49 -0
- data/lib/sqreen/log/loggable.rb +2 -1
- data/lib/sqreen/logger.rb +4 -0
- data/lib/sqreen/metrics/base.rb +3 -0
- data/lib/sqreen/metrics_store.rb +22 -12
- data/lib/sqreen/performance_notifications/binned_metrics.rb +8 -2
- data/lib/sqreen/rules.rb +4 -2
- data/lib/sqreen/rules/not_found_cb.rb +2 -0
- data/lib/sqreen/rules/rule_cb.rb +2 -0
- data/lib/sqreen/rules/waf_cb.rb +13 -10
- data/lib/sqreen/runner.rb +75 -8
- data/lib/sqreen/sensitive_data_redactor.rb +19 -31
- data/lib/sqreen/session.rb +51 -43
- data/lib/sqreen/signals/conversions.rb +283 -0
- data/lib/sqreen/signals/http_trace_redaction.rb +111 -0
- data/lib/sqreen/signals/signals_submission_strategy.rb +78 -0
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/legacy/instrumentation.rb +56 -53
- metadata +45 -7
- data/lib/sqreen/backport.rb +0 -9
- data/lib/sqreen/backport/clock_gettime.rb +0 -74
- data/lib/sqreen/backport/original_name.rb +0 -88
@@ -0,0 +1,111 @@
|
|
1
|
+
require 'json'
|
2
|
+
require 'sqreen/kit/loggable'
|
3
|
+
require 'sqreen/kit/signals/specialized/http_trace'
|
4
|
+
|
5
|
+
module Sqreen
|
6
|
+
module Signals
|
7
|
+
module HttpTraceRedaction
|
8
|
+
class << self
|
9
|
+
include Sqreen::Kit::Loggable
|
10
|
+
|
11
|
+
# @param [Sqreen::Kit::Signals::Specialized::HttpTrace] trace
|
12
|
+
# @param [Sqreen::SensitiveDataRedactor] redactor
|
13
|
+
def redact_trace!(trace, redactor)
|
14
|
+
return unless redactor
|
15
|
+
# redact headers (keys unsafe)
|
16
|
+
# @type [Sqreen::Kit::Signals::Context::HttpContext]
|
17
|
+
http_context = trace.context
|
18
|
+
|
19
|
+
all_redacted = []
|
20
|
+
|
21
|
+
# Redact headers; save redacted values
|
22
|
+
# headers are encoded as [key, value], not a hash, so
|
23
|
+
# they require some transformation
|
24
|
+
orig_headers = http_context.headers
|
25
|
+
if orig_headers
|
26
|
+
headers = orig_headers.map { |(k, v)| { k => v } }
|
27
|
+
headers, redacted = redactor.redact(headers)
|
28
|
+
http_context.headers = headers.map(&:first)
|
29
|
+
all_redacted += redacted
|
30
|
+
end
|
31
|
+
|
32
|
+
# Redact params; save redacted values
|
33
|
+
Kit::Signals::Context::HttpContext::PARAMS_ATTRS.each do |attr|
|
34
|
+
value = http_context.public_send(attr)
|
35
|
+
next unless value
|
36
|
+
value, redacted = redactor.redact(value)
|
37
|
+
all_redacted += redacted
|
38
|
+
http_context.public_send(:"#{attr}=", value)
|
39
|
+
end
|
40
|
+
|
41
|
+
all_redacted = all_redacted.uniq.map(&:downcase)
|
42
|
+
|
43
|
+
# Redact attacks and exceptions
|
44
|
+
# XXX: no redaction for infos in attacks/exceptions except for WAF data
|
45
|
+
# Is this the correct behavior?
|
46
|
+
redact_attacks!(trace, redactor, all_redacted)
|
47
|
+
redact_exceptions!(trace, redactor, all_redacted)
|
48
|
+
end
|
49
|
+
|
50
|
+
private
|
51
|
+
|
52
|
+
# @param [Sqreen::Kit::Signals::Specialized::HttpTrace] trace
|
53
|
+
# @param [Sqreen::SensitiveDataRedactor] redactor
|
54
|
+
# Redacts WAF data according to specific rules therefor
|
55
|
+
# Redacts infos according to general rules
|
56
|
+
def redact_attacks!(trace, redactor, redacted_data)
|
57
|
+
trace.data.each do |signal|
|
58
|
+
next unless signal.is_a?(Kit::Signals::Specialized::Attack)
|
59
|
+
# @type [Sqreen::Kit::Signals::Specialized::Attack::Payload] payload
|
60
|
+
payload = signal.payload
|
61
|
+
next unless payload.infos
|
62
|
+
|
63
|
+
if payload.infos[:waf_data]
|
64
|
+
redact_waf_attack_data!(payload.infos, redacted_data)
|
65
|
+
end
|
66
|
+
payload.infos, = redactor.redact(payload.infos)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
def redact_exceptions!(trace, redactor, redacted_data)
|
71
|
+
trace.data.each do |signal|
|
72
|
+
next unless signal.is_a?(Kit::Signals::Specialized::SqreenException)
|
73
|
+
infos = signal.infos
|
74
|
+
next unless infos
|
75
|
+
|
76
|
+
redact_waf_exception_data!(signal.infos, redacted_data) if signal.infos[:waf]
|
77
|
+
signal.infos, = redactor.redact(infos)
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
# @param [Hash] infos from WAF attack
|
82
|
+
def redact_waf_attack_data!(infos, redacted_data)
|
83
|
+
begin
|
84
|
+
parsed = JSON.parse(infos[:waf_data])
|
85
|
+
rescue JSON::JSONError => e
|
86
|
+
logger.warn("waf_data is not valid json: #{e.message}")
|
87
|
+
return
|
88
|
+
end
|
89
|
+
redacted = parsed.each do |w|
|
90
|
+
next unless (filters = w['filter'])
|
91
|
+
|
92
|
+
filters.each do |f|
|
93
|
+
next unless (v = f['resolved_value'])
|
94
|
+
next unless redacted_data.include?(v.downcase)
|
95
|
+
|
96
|
+
f['match_status'] = SensitiveDataRedactor::MASK
|
97
|
+
f['resolved_value'] = SensitiveDataRedactor::MASK
|
98
|
+
end
|
99
|
+
end
|
100
|
+
infos[:waf_data] = JSON.dump(redacted)
|
101
|
+
end
|
102
|
+
|
103
|
+
# see https://github.com/sqreen/TechDoc/blob/master/content/specs/spec000022-waf-data-sanitization.md#changes-to-the-agents
|
104
|
+
def redact_waf_exception_data!(infos, redacted_data)
|
105
|
+
return if redacted_data.empty?
|
106
|
+
infos[:waf].delete(:args)
|
107
|
+
end
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
@@ -0,0 +1,78 @@
|
|
1
|
+
require 'sqreen/aggregated_metric'
|
2
|
+
require 'sqreen/kit'
|
3
|
+
require 'sqreen/kit/string_sanitizer'
|
4
|
+
require 'sqreen/signals/conversions'
|
5
|
+
require 'sqreen/log/loggable'
|
6
|
+
|
7
|
+
module Sqreen
|
8
|
+
module Signals
|
9
|
+
# see also Sqreen::Legacy::OldEventSubmissionStrategy
|
10
|
+
# usage in Sqreen:Session
|
11
|
+
class SignalsSubmissionStrategy
|
12
|
+
include Sqreen::Log::Loggable
|
13
|
+
|
14
|
+
# @param [Array<Sqreen::AggregatedMetric>] metrics
|
15
|
+
def post_metrics(metrics)
|
16
|
+
return if metrics.nil? || metrics.empty?
|
17
|
+
|
18
|
+
guarded 'Failed to serialize or submit aggregated metrics' do
|
19
|
+
batch = metrics.map do |m|
|
20
|
+
Conversions.convert_metric_sample(m)
|
21
|
+
end
|
22
|
+
client.report_batch(batch)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
# @param _attack [Sqreen::Attack]
|
27
|
+
# XXX: unused
|
28
|
+
def post_attack(_attack)
|
29
|
+
raise NotImplementedError
|
30
|
+
end
|
31
|
+
|
32
|
+
# @param request_record [Sqreen::RequestRecord]
|
33
|
+
def post_request_record(request_record)
|
34
|
+
guarded 'Failed to serialize or submit request record' do
|
35
|
+
trace = Conversions.convert_req_record(request_record)
|
36
|
+
append_sanitizing_filter(trace)
|
37
|
+
client.report_trace(trace)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
# Post an exception to Sqreen for analysis
|
42
|
+
# @param exception [RemoteException] Exception and context to be sent over
|
43
|
+
def post_sqreen_exception(exception)
|
44
|
+
guarded 'Failed to serialize or submit exception', false do
|
45
|
+
data = Conversions.convert_exception(exception)
|
46
|
+
append_sanitizing_filter(data)
|
47
|
+
client.report_signal(data)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def post_batch(events)
|
52
|
+
guarded 'Failed to serialize or submit batch of events' do
|
53
|
+
batch = Conversions.convert_batch(events)
|
54
|
+
batch.each { |sig_or_trace| append_sanitizing_filter(sig_or_trace) }
|
55
|
+
client.report_batch(batch)
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
private
|
60
|
+
|
61
|
+
def append_sanitizing_filter(sig_or_trace)
|
62
|
+
sig_or_trace.append_to_h_filter Kit::StringSanitizer.method(:sanitize)
|
63
|
+
end
|
64
|
+
|
65
|
+
# we don't want exceptions to propagate and kill the worker thread
|
66
|
+
def guarded(msg, report = true)
|
67
|
+
yield
|
68
|
+
rescue StandardError => e
|
69
|
+
logger.warn "#{msg}: #{e.message}\n#{e.backtrace.map { |x| " #{x}" }.join("\n")}"
|
70
|
+
post_sqreen_exception(RemoteException.new(e)) if report
|
71
|
+
end
|
72
|
+
|
73
|
+
def client
|
74
|
+
Sqreen::Kit.auth_signals_client
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
data/lib/sqreen/version.rb
CHANGED
@@ -60,6 +60,27 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
60
60
|
'options' => opts[:perf_metric_percent] || { 'base' => 1.3, 'factor' => 1.0 },
|
61
61
|
)
|
62
62
|
|
63
|
+
metrics_engine.create_metric(
|
64
|
+
'name' => 'req_sq_hook_overhead',
|
65
|
+
'period' => 60,
|
66
|
+
'kind' => 'Binning',
|
67
|
+
'options' => { 'base' => 2.0, 'factor' => 0.1 },
|
68
|
+
)
|
69
|
+
|
70
|
+
metrics_engine.create_metric(
|
71
|
+
'name' => 'sq.hook.overhead',
|
72
|
+
'period' => 60,
|
73
|
+
'kind' => 'Binning',
|
74
|
+
'options' => { 'base' => 2.0, 'factor' => 0.1 },
|
75
|
+
)
|
76
|
+
|
77
|
+
metrics_engine.create_metric(
|
78
|
+
'name' => 'sq.shrinkwrap',
|
79
|
+
'period' => 60,
|
80
|
+
'kind' => 'Binning',
|
81
|
+
'options' => { 'base' => 2.0, 'factor' => 0.1 },
|
82
|
+
)
|
83
|
+
|
63
84
|
Sqreen.thread_cpu_time? && metrics_engine.create_metric(
|
64
85
|
'name' => 'sq_thread_cpu_pct',
|
65
86
|
'period' => opts[:period] || 60,
|
@@ -113,6 +134,9 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
113
134
|
before('wave,meta,request', rank: -100000, mandatory: true) do |_call|
|
114
135
|
next unless Sqreen.instrumentation_ready
|
115
136
|
|
137
|
+
# shrinkwrap_timer = Sqreen::Graft::Timer.new('weave,shrinkwrap')
|
138
|
+
# shrinkwrap_timer.start
|
139
|
+
|
116
140
|
uuid = SecureRandom.uuid
|
117
141
|
now = Sqreen::Graft::Timer.read
|
118
142
|
Thread.current[:sqreen_http_request] = {
|
@@ -123,14 +147,13 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
123
147
|
timer: Sqreen::Graft::Timer.new("request_#{uuid}"),
|
124
148
|
timed_callbacks: [],
|
125
149
|
timed_hooks: [],
|
126
|
-
timed_hooks_before: [],
|
127
|
-
timed_hooks_after: [],
|
128
|
-
timed_hooks_raised: [],
|
129
|
-
timed_hooks_ensured: [],
|
130
150
|
skipped_callbacks: [],
|
151
|
+
# timed_shrinkwrap: shrinkwrap_timer,
|
131
152
|
}
|
132
153
|
|
133
154
|
Sqreen::Weave.logger.debug { "request.uuid: #{uuid}" }
|
155
|
+
|
156
|
+
# shrinkwrap_timer.stop
|
134
157
|
end
|
135
158
|
|
136
159
|
ensured('weave,meta,request', rank: 100000, mandatory: true) do |_call|
|
@@ -138,6 +161,9 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
138
161
|
|
139
162
|
next if request.nil?
|
140
163
|
|
164
|
+
# shrinkwrap_timer = request[:timed_shrinkwrap]
|
165
|
+
# shrinkwrap_timer.start
|
166
|
+
|
141
167
|
Thread.current[:sqreen_http_request] = nil
|
142
168
|
now = Sqreen::Graft::Timer.read
|
143
169
|
utc_now = Time.now.utc
|
@@ -167,59 +193,28 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
167
193
|
metrics_engine.update(metric_name, now, nil, duration * 1000)
|
168
194
|
end
|
169
195
|
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
metrics_engine.create_metric(
|
174
|
-
'name' => metric_name,
|
175
|
-
'period' => 60,
|
176
|
-
'kind' => 'Binning',
|
177
|
-
'options' => { 'base' => 2.0, 'factor' => 0.1 },
|
178
|
-
)
|
179
|
-
end
|
180
|
-
metrics_engine.update(metric_name, now, nil, duration * 1000)
|
181
|
-
|
182
|
-
metric_name = 'sq.hooks_post.post'
|
183
|
-
duration = request[:timed_hooks_after].sum(&:duration)
|
184
|
-
unless metrics_engine.metric?(metric_name)
|
185
|
-
metrics_engine.create_metric(
|
186
|
-
'name' => metric_name,
|
187
|
-
'period' => 60,
|
188
|
-
'kind' => 'Binning',
|
189
|
-
'options' => { 'base' => 2.0, 'factor' => 0.1 },
|
190
|
-
)
|
191
|
-
end
|
192
|
-
metrics_engine.update(metric_name, now, nil, duration * 1000)
|
193
|
-
|
194
|
-
metric_name = 'sq.hooks_failing.failing'
|
195
|
-
duration = request[:timed_hooks_raised].sum(&:duration)
|
196
|
-
unless metrics_engine.metric?(metric_name)
|
197
|
-
metrics_engine.create_metric(
|
198
|
-
'name' => metric_name,
|
199
|
-
'period' => 60,
|
200
|
-
'kind' => 'Binning',
|
201
|
-
'options' => { 'base' => 2.0, 'factor' => 0.1 },
|
202
|
-
)
|
196
|
+
request[:timed_hooks].each do |timer|
|
197
|
+
duration = timer.duration
|
198
|
+
metrics_engine.update('sq.hook.overhead', now, nil, duration * 1000)
|
203
199
|
end
|
204
|
-
metrics_engine.update(metric_name, now, nil, duration * 1000)
|
205
200
|
|
206
201
|
skipped = request[:skipped_callbacks].map(&:name)
|
207
|
-
Sqreen::Weave.logger.debug { "request:#{request[:uuid]} callback.skipped.size: #{skipped.count} callback.skipped: [#{skipped.join(', ')}]" }
|
202
|
+
Sqreen::Weave.logger.debug { "request:#{request[:uuid]} callback.skipped.size: #{skipped.count} callback.skipped: [#{skipped.join(', ')}]" } if Sqreen::Weave.logger.debug?
|
208
203
|
timer = request[:timer]
|
209
204
|
total = timer.duration
|
210
|
-
Sqreen::Weave.logger.debug { "request:#{request[:uuid]} timer.total: #{'%.03fus' % (total * 1_000_000)}
|
205
|
+
Sqreen::Weave.logger.debug { "request:#{request[:uuid]} timer.total: #{'%.03fus' % (total * 1_000_000)}" } if Sqreen::Weave.logger.debug?
|
211
206
|
timings = request[:timed_callbacks].map(&:to_s)
|
212
207
|
total = request[:timed_callbacks].sum(&:duration)
|
213
|
-
Sqreen::Weave.logger.debug { "request:#{request[:uuid]} callback.total: #{'%.03fus' % (total * 1_000_000)} callback.timings: [#{timings.join(', ')}]" }
|
208
|
+
Sqreen::Weave.logger.debug { "request:#{request[:uuid]} callback.total: #{'%.03fus' % (total * 1_000_000)} callback.timings: [#{timings.join(', ')}]" } if Sqreen::Weave.logger.debug?
|
214
209
|
timings = request[:timed_hooks].map(&:to_s)
|
215
210
|
total = request[:timed_hooks].sum(&:duration)
|
216
|
-
Sqreen::Weave.logger.debug { "request:#{request[:uuid]} hook.total: #{'%.03fus' % (total * 1_000_000)} hook.timings: [#{timings.join(', ')}]" }
|
211
|
+
Sqreen::Weave.logger.debug { "request:#{request[:uuid]} hook.total: #{'%.03fus' % (total * 1_000_000)} hook.timings: [#{timings.join(', ')}]" } if Sqreen::Weave.logger.debug?
|
217
212
|
|
218
213
|
skipped = request[:skipped_callbacks].map(&:name)
|
219
214
|
skipped_rule_name = skipped.first && skipped.first =~ /weave,rule=(.*)$/ && $1
|
220
215
|
Sqreen.observations_queue.push(['request_overtime', skipped_rule_name, 1, utc_now]) if skipped_rule_name
|
221
216
|
|
222
|
-
sqreen_request_duration =
|
217
|
+
sqreen_request_duration = request[:timed_hooks].sum(&:duration) + request[:timed_callbacks].sum(&:duration)
|
223
218
|
Sqreen.observations_queue.push(['sq', nil, sqreen_request_duration * 1000, utc_now])
|
224
219
|
|
225
220
|
request_duration = now - request[:start_time]
|
@@ -227,6 +222,14 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
227
222
|
|
228
223
|
sqreen_request_ratio = (sqreen_request_duration * 100.0) / (request_duration - sqreen_request_duration)
|
229
224
|
Sqreen.observations_queue.push(['pct', nil, sqreen_request_ratio, utc_now])
|
225
|
+
|
226
|
+
duration = request[:timed_hooks].sum(&:duration)
|
227
|
+
metrics_engine.update('req_sq_hook_overhead', now, nil, duration * 1000)
|
228
|
+
|
229
|
+
# shrinkwrap_timer.stop
|
230
|
+
|
231
|
+
# duration = shrinkwrap_timer.duration
|
232
|
+
# metrics_engine.update('sq.shrinkwrap', now, nil, duration * 1000)
|
230
233
|
end
|
231
234
|
end.install
|
232
235
|
|
@@ -275,7 +278,7 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
275
278
|
a = call.args
|
276
279
|
r = call.remaining
|
277
280
|
|
278
|
-
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#pre instance=#{i}" }
|
281
|
+
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#pre instance=#{i}" } if Sqreen::Weave.logger.debug?
|
279
282
|
begin
|
280
283
|
ret = callback.pre(i, a, r)
|
281
284
|
rescue StandardError => e
|
@@ -286,7 +289,7 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
286
289
|
Sqreen::RemoteException.record(e)
|
287
290
|
end
|
288
291
|
end
|
289
|
-
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#pre instance=#{i} => return=#{ret.inspect}" }
|
292
|
+
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#pre instance=#{i} => return=#{ret.inspect}" } if Sqreen::Weave.logger.debug?
|
290
293
|
|
291
294
|
case ret[:status]
|
292
295
|
when :skip, 'skip'
|
@@ -296,7 +299,7 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
296
299
|
when :raise, 'raise'
|
297
300
|
throw(b, b.raise(ret[:exception])) if ret.key?(:exception)
|
298
301
|
throw(b, b.raise(Sqreen::AttackBlocked.new("Sqreen blocked a security threat (type: #{callback.rule_name}). No action is required.")))
|
299
|
-
end unless ret.nil?
|
302
|
+
end unless ret.nil? || !ret.is_a?(Hash)
|
300
303
|
end
|
301
304
|
end
|
302
305
|
|
@@ -309,7 +312,7 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
309
312
|
a = call.args
|
310
313
|
r = call.remaining
|
311
314
|
|
312
|
-
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#post instance=#{i}" }
|
315
|
+
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#post instance=#{i}" } if Sqreen::Weave.logger.debug?
|
313
316
|
begin
|
314
317
|
ret = callback.post(v, i, a, r)
|
315
318
|
rescue StandardError => e
|
@@ -320,7 +323,7 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
320
323
|
Sqreen::RemoteException.record(e)
|
321
324
|
end
|
322
325
|
end
|
323
|
-
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#post instance=#{i} => return=#{ret.inspect}" }
|
326
|
+
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#post instance=#{i} => return=#{ret.inspect}" } if Sqreen::Weave.logger.debug?
|
324
327
|
|
325
328
|
case ret[:status]
|
326
329
|
when :override, 'override'
|
@@ -328,7 +331,7 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
328
331
|
when :raise, 'raise'
|
329
332
|
throw(b, b.raise(ret[:exception])) if ret.key?(:exception)
|
330
333
|
throw(b, b.raise(Sqreen::AttackBlocked.new("Sqreen blocked a security threat (type: #{callback.rule_name}). No action is required.")))
|
331
|
-
end unless ret.nil?
|
334
|
+
end unless ret.nil? || !ret.is_a?(Hash)
|
332
335
|
end
|
333
336
|
end
|
334
337
|
|
@@ -341,7 +344,7 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
341
344
|
a = call.args
|
342
345
|
r = call.remaining
|
343
346
|
|
344
|
-
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#failing instance=#{i}" }
|
347
|
+
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#failing instance=#{i}" } if Sqreen::Weave.logger.debug?
|
345
348
|
begin
|
346
349
|
ret = callback.failing(e, i, a, r)
|
347
350
|
rescue StandardError => e
|
@@ -352,9 +355,9 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
352
355
|
Sqreen::RemoteException.record(e)
|
353
356
|
end
|
354
357
|
end
|
355
|
-
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#failing instance=#{i} => return=#{ret.inspect}" }
|
358
|
+
Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#failing instance=#{i} => return=#{ret.inspect}" } if Sqreen::Weave.logger.debug?
|
356
359
|
|
357
|
-
raise
|
360
|
+
throw(b, b.raise(e)) if ret.nil? || !ret.is_a?(Hash)
|
358
361
|
|
359
362
|
case ret[:status]
|
360
363
|
when :override, 'override'
|
@@ -368,7 +371,7 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
368
371
|
throw(b, b.raise(e))
|
369
372
|
else
|
370
373
|
throw(b, b.raise(e))
|
371
|
-
end unless ret.nil?
|
374
|
+
end unless ret.nil? || !ret.is_a?(Hash)
|
372
375
|
end
|
373
376
|
end
|
374
377
|
end.install
|
metadata
CHANGED
@@ -1,15 +1,43 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sqreen
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.20.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sqreen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-07-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: sqreen-backport
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 0.1.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 0.1.0
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: sqreen-kit
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 0.2.1
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 0.2.1
|
13
41
|
- !ruby/object:Gem::Dependency
|
14
42
|
name: sq_mini_racer
|
15
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -65,11 +93,10 @@ files:
|
|
65
93
|
- lib/sqreen/actions/user_action_class.rb
|
66
94
|
- lib/sqreen/actions/users_index.rb
|
67
95
|
- lib/sqreen/agent.rb
|
96
|
+
- lib/sqreen/agent_message.rb
|
97
|
+
- lib/sqreen/aggregated_metric.rb
|
68
98
|
- lib/sqreen/attack_blocked.rb
|
69
99
|
- lib/sqreen/attack_detected.html
|
70
|
-
- lib/sqreen/backport.rb
|
71
|
-
- lib/sqreen/backport/clock_gettime.rb
|
72
|
-
- lib/sqreen/backport/original_name.rb
|
73
100
|
- lib/sqreen/binding_accessor.rb
|
74
101
|
- lib/sqreen/binding_accessor/path_elem.rb
|
75
102
|
- lib/sqreen/binding_accessor/transforms.rb
|
@@ -96,6 +123,7 @@ files:
|
|
96
123
|
- lib/sqreen/dependency/sentry.rb
|
97
124
|
- lib/sqreen/dependency/sinatra.rb
|
98
125
|
- lib/sqreen/encoding_sanitizer.rb
|
126
|
+
- lib/sqreen/endpoint_testing.rb
|
99
127
|
- lib/sqreen/error_handling_middleware.rb
|
100
128
|
- lib/sqreen/event.rb
|
101
129
|
- lib/sqreen/events/attack.rb
|
@@ -129,8 +157,16 @@ files:
|
|
129
157
|
- lib/sqreen/js/mini_racer_adapter.rb
|
130
158
|
- lib/sqreen/js/mini_racer_executable_js.rb
|
131
159
|
- lib/sqreen/js/thread_local_exec_js_runnable.rb
|
160
|
+
- lib/sqreen/kit/signals/specialized/aggregated_metric.rb
|
161
|
+
- lib/sqreen/kit/signals/specialized/attack.rb
|
162
|
+
- lib/sqreen/kit/signals/specialized/binning_metric.rb
|
163
|
+
- lib/sqreen/kit/signals/specialized/http_trace.rb
|
164
|
+
- lib/sqreen/kit/signals/specialized/sdk_track_call.rb
|
165
|
+
- lib/sqreen/kit/signals/specialized/sqreen_exception.rb
|
132
166
|
- lib/sqreen/legacy.rb
|
133
167
|
- lib/sqreen/legacy/instrumentation.rb
|
168
|
+
- lib/sqreen/legacy/old_event_submission_strategy.rb
|
169
|
+
- lib/sqreen/legacy/waf_redactions.rb
|
134
170
|
- lib/sqreen/log.rb
|
135
171
|
- lib/sqreen/log/loggable.rb
|
136
172
|
- lib/sqreen/logger.rb
|
@@ -201,6 +237,9 @@ files:
|
|
201
237
|
- lib/sqreen/shared_storage.rb
|
202
238
|
- lib/sqreen/shared_storage23.rb
|
203
239
|
- lib/sqreen/shrink_wrap.rb
|
240
|
+
- lib/sqreen/signals/conversions.rb
|
241
|
+
- lib/sqreen/signals/http_trace_redaction.rb
|
242
|
+
- lib/sqreen/signals/signals_submission_strategy.rb
|
204
243
|
- lib/sqreen/signature_verifier.rb
|
205
244
|
- lib/sqreen/sinatra_middleware.rb
|
206
245
|
- lib/sqreen/sqreen_signed_verifier.rb
|
@@ -253,8 +292,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
253
292
|
- !ruby/object:Gem::Version
|
254
293
|
version: '0'
|
255
294
|
requirements: []
|
256
|
-
|
257
|
-
rubygems_version: 2.7.7
|
295
|
+
rubygems_version: 3.1.2
|
258
296
|
signing_key:
|
259
297
|
specification_version: 4
|
260
298
|
summary: Sqreen Ruby agent
|