sqreen 1.19.1 → 1.21.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 13c863dd8c0e49e9164815c3ecd89d59a9d108cf5aa4490dcb7e7e863510101b
-  data.tar.gz: 4f64b7137761f06e1d5a31c0d28beac05b8812c21f35be867437e8483ffaa693
+  metadata.gz: 49a6c95ab34d19ae0f769e475ae67c2c3e4d19b17582ee09d8a6d231ac3d9150
+  data.tar.gz: ad1ea7a80f3582ba90ffc6aa1cef7040459c56f65ea4712a023923b8bc7801e3
 SHA512:
-  metadata.gz: 79705ca9287463239a563875803d6317afba6a5fa70e90f5762a41112f474967a8d50ca03f34f9b48d190e3a8bc3d2e8b87c081974378238b39207258d7f0028
-  data.tar.gz: a8bea1ecce97617bd4d54c49a493b9268a0971099abadd70220d235914803aab9b2d6a8ede28493eae4578f13d2777b41d31e770c98c27dc1c4f3eaed6f30286
+  metadata.gz: 0da6438f20a00a84914db2bb06c24feab53e164feae1cb7d2af0b53afe24c5d5ea54a0cb68a8872a49aadedae4450de57e63da6a4f4a2ec21ac85eaa84c13acf
+  data.tar.gz: 3e75918e810529674e10d693fd2a62c0eeeeecb18bac06a25fdd686d29c45d55333abb0feea790ec1d89e29ce71097bd1de16c2d31d98a6219e985d806793008

data/CHANGELOG.md

@@ -1,3 +1,21 @@
+## 1.20.1
+
+* Add fallback mechanisms when connecting to new Sqreen backend API domains
+
+## 1.20.0
+
+* Enable new instrumentation engine by default
+* Add signal-based backend communication
+
+## 1.19.3
+
+* Improve WAF PII protection
+
+## 1.19.2
+
+* Handle unexpected rule callback return values more gracefully
+* Fix incorrect return value for 404 native callback
+
 ## 1.19.1
 
 * Fix LocalJumpError when reaching a Rack app nested in a Rails app

data/lib/sqreen/agent_message.rb

@@ -0,0 +1,20 @@
+require 'digest'
+
+module Sqreen
+  class AgentMessage
+    def initialize(kind, message, id = nil)
+      id ||= message + "\x00" + kind
+      @hash_hex = Digest::SHA1.hexdigest(id)
+      @kind = kind
+      @message = message
+    end
+
+    def to_h
+      {
+        id: @hash_hex,
+        kind: @kind,
+        message: @message,
+      }
+    end
+  end
+end

data/lib/sqreen/aggregated_metric.rb

@@ -0,0 +1,25 @@
+require 'sqreen/rules/rule_cb'
+require 'sqreen/metrics/base'
+
+module Sqreen
+  class AggregatedMetric
+    def initialize(values = {})
+      values.each do |k, v|
+        public_send "#{k}=", v
+      end
+    end
+
+    # @return [Sqreen::Rules::RuleCB]
+    attr_accessor :rule # optional
+
+    # @return [Sqreen::Metric::Base]
+    attr_accessor :metric
+
+    attr_accessor :start, :finish
+    attr_accessor :data
+
+    def name
+      metric.name
+    end
+  end
+end

data/lib/sqreen/attack_detected.html

@@ -1,2 +1 @@
-<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <title>Sqreen has detected an attack.</title> <style>html, body, div, span, h1, a{margin: 0; padding: 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline}body{background: -webkit-radial-gradient(26% 19%, circle, #fff, #f4f7f9); background: radial-gradient(circle at 26% 19%, #fff, #f4f7f9); display: -webkit-box; display: -ms-flexbox; display: flex; -webkit-box-pack: center; -ms-flex-pack: center; justify-content: center; -webkit-box-align: center; -ms-flex-align: center; align-items: center; -ms-flex-line-pack: center; align-content: center; width: 100%; min-height: 100vh; line-height: 1}svg, h1, p{display: block}svg{margin: 0 auto 4vh}h1{font-family: sans-serif; font-weight: 300; font-size: 34px; color: #384886; line-height: normal}p{font-size: 18px; line-height: normal; color: #b8bccc; font-family: sans-serif; font-weight: 300}a{color: #b8bccc}.flex{text-align: center}</style></head><body> <div class="flex"> <svg xmlns="http://www.w3.org/2000/svg" width="230" height="250" viewBox="0 0 230 250" enable-background="new 0 0 230 250"> <style>.st0{opacity: 0.4; filter: url(#a);}.st1{fill: #FFFFFF;}.st2{fill: #B0ACFF;}.st3{fill: #4842B7;}.st4{fill: #1E0936;}</style> <filter id="a" width="151.7%" height="146%" x="-25.8%" y="-16%" filterUnits="objectBoundingBox"> <feOffset dy="14" in="SourceAlpha" result="shadowOffsetOuter1"/> <feGaussianBlur in="shadowOffsetOuter1" result="shadowBlurOuter1" stdDeviation="13"/> <feColorMatrix in="shadowBlurOuter1" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.05 0"/> </filter> <g class="st0"> <path id="b_2_" d="M202.6 34.9c-.2-1.2-.8-2.1-1.9-2.8-3.8-2-37.9-20.1-85.7-20.1-48.8 0-84.2 19.3-85.7 20.1-1 .6-1.6 1.6-1.8 2.7-14.8 123.2 84.7 176.3 85.7 176.8.6.3 1.2.4 1.8.4.6 0 1.2-.1 1.7-.4 1-.5 100.4-55 85.9-176.7z"/> </g> <path id="b_1_" d="M202.6 34.9c-.2-1.2-.8-2.1-1.9-2.8-3.8-2-37.9-20.1-85.7-20.1-48.8 0-84.2 19.3-85.7 20.1-1 .6-1.6 1.6-1.8 2.7-14.8 123.2 84.7 176.3 85.7 176.8.6.3 1.2.4 1.8.4.6 0 1.2-.1 1.7-.4 1-.5 100.4-55 85.9-176.7z" class="st1"/> <g id="nest-cmyk-indigo"> <ellipse id="sqreen" cx="115.5" cy="69.9" class="st2" rx="12.7" ry="12.7"/> <path id="app" d="M113.6 91.9V71.5L95.5 61.1v18l6.4-3.7c.5 1.1 1 2.2 1.7 3.2L97 82.3l16.6 9.6zm3.7 0l16.6-9.6-6.7-3.9c.7-1 1.3-2 1.7-3.2l6.4 3.7v-18l-18.1 10.5v20.5zM96.9 57.6l18.6 10.7L134 57.6 117.3 48v7.6c-.6-.1-1.2-.1-1.8-.1-.6 0-1.2 0-1.8.1V48l-16.8 9.6zm20.2-13.9l20.3 11.7c1 .6 1.6 1.7 1.6 2.8v23.5c0 1.2-.6 2.2-1.6 2.8l-20.3 11.7c-1 .6-2.3.6-3.3 0L93.5 84.5c-1-.6-1.6-1.7-1.6-2.8V58.2c0-1.2.6-2.2 1.6-2.8l20.3-11.7c1-.6 2.3-.6 3.3 0z" class="st3"/> </g> <path id="s" d="M74.6 113c-1.8-1-3.5-1.5-5.2-1.5-1.4 0-2.3.6-2.3 1.5 0 2.7 10.1.4 10.1 7.7 0 3.3-2.9 6-7.6 6-2.1 0-4.7-.5-6.4-1.4l-.1-.1c-.3-.2-.3-.5-.2-.8l1.2-2.7c.1-.3.5-.5.9-.3.1 0 .1.1.2.1 1.5.6 3.1 1 4.6 1 2.2 0 2.9-.6 2.9-1.7 0-3-10.1-.8-10.1-7.7 0-3.1 2.7-5.8 7-5.8 2.1 0 5 .7 6.9 1.8.1 0 .1.1.2.1.3.2.4.5.3.8l-1.2 2.7c-.1.3-.5.5-.9.3h-.3z" class="st4"/> <path id="q" d="M93.6 107.8h3.2c.4 0 .7.3.7.7v25.9c0 .4-.3.7-.7.7h-3.2c-.4 0-.7-.3-.7-.7v-9.1c-1.2.8-2.9 1.4-4.7 1.4-5.4 0-9.6-4.3-9.6-9.7 0-5.4 4.1-9.7 9.6-9.7 1.8 0 3.5.6 4.7 1.4v-.1c0-.5.3-.8.7-.8zm-.7 12.4v-6.5c-1.3-1.3-2.8-2.1-4.5-2.1-2.9 0-5.1 2.3-5.1 5.4s2.2 5.4 5.1 5.4c1.7-.1 3.2-.7 4.5-2.2z" class="st4"/> <path id="r" d="M112.5 107.8c-1-.4-2-.6-3-.6-1.8 0-3.5.6-4.9 1.4v-.2c0-.3-.2-.5-.5-.5h-3.4c-.3 0-.5.2-.5.5v17.8c0 .3.2.5.5.5h3.4c.3 0 .5-.2.5-.5v-12.6c1.1-1.2 2.8-1.9 4.6-1.9.4 0 .9 0 1.5.2.3.1.6-.1.7-.4l1.3-2.9c.1-.4 0-.7-.2-.8z" class="st4"/> <path id="e" d="M129 124.7c-1.7 1-4.2 2-6.7 2-6 0-10.3-4.4-10.3-9.9 0-5.3 3.7-9.6 9.4-9.6 5.2 0 8.4 4.4 8.4 9 0 .4 0 .9-.1 1.2 0 .3-.3.6-.7.6h-12.5c.5 2.8 2.8 4.5 5.8 4.5 1.7 0 3.4-.5 5.1-1.4.3-.2.6-.1.8.2l1.2 2.6c.1.2 0 .4-.2.6-.2.1-.2.2-.2.2zm-12.4-10h8.5c-.2-1.8-1.9-3.3-3.9-3.3-2.5-.1-4 1.4-4.6 3.3z" class="st4"/> <path id="e_1_" d="M148.7 124.7c-1.7 1-4.2 2-6.7 2-6 0-10.3-4.4-10.3-9.9 0-5.3 3.7-9.6 9.4-9.6 5.2 0 8.4 4.4 8.4 9 0 .4 0 .9-.1 1.2 0 .3-.3.6-.7.6h-12.5c.5 2.8 2.8 4.5 5.8 4.5 1.7 0 3.4-.5 5.1-1.4.3-.2.6-.1.8.2l1.2 2.6c.1.2 0 .4-.2.6-.2.1-.2.2-.2.2zm-12.4-10h8.5c-.2-1.8-1.9-3.3-3.9-3.3-2.5-.1-4 1.4-4.6 3.3z" class="st4"/> <path id="n" d="M151.5 108.5V126c0 .4.3.7.7.7h3.2c.4 0 .7-.3.7-.7v-12.5c1.1-1.2 2.8-1.9 4.6-1.9 2.9 0 4.5 1.6 4.5 4.7v9.7c0 .4.3.7.7.7h3.2c.4 0 .7-.3.7-.7v-10.2c0-5.2-2.9-8.5-8.8-8.5-1.8 0-3.5.6-4.9 1.4v-.1c0-.4-.3-.7-.7-.7h-3.2c-.4-.1-.7.2-.7.6z" class="st4"/> </svg> <h1>Uh Oh! Sqreen has detected an attack.</h1> <p>If you are the application owner, check the Sqreen <a href="https://my.sqreen.com/">dashboard</a> for more information.</p></div></body></html>
-
+<!-- Sorry, you’ve been blocked --><!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>You've been blocked</title><style>a,body,div,h1,html,span{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}body{background:-webkit-radial-gradient(26% 19%,circle,#fff,#f4f7f9);background:radial-gradient(circle at 26% 19%,#fff,#f4f7f9);display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;width:100%;min-height:100vh;line-height:1;flex-direction:column}h1,p,svg{display:block}svg{margin:0 auto 4vh}main{text-align:center;flex:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;flex-direction:column}h1{font-family:sans-serif;font-weight:600;font-size:34px;color:#1e0936;line-height:1.2}p{font-size:18px;line-height:normal;color:#646464;font-family:sans-serif;font-weight:400}a{color:#4842b7}footer{width:100%;text-align:center}footer p{font-size:16px}</style></head><body><main><svg width="170px" height="193px" viewBox="0 0 170 193" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true"><g id="exports" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g id="Artboard" transform="translate(-186.000000, -189.000000)"><g id="logo-cmyk-indigo" transform="translate(186.000000, 189.000000)"><g id="nest-cmyk-indigo"><ellipse id="sqreen" fill="#B0ACFF" cx="85" cy="96.5" rx="45.7692308" ry="45.7966102"></ellipse><path d="M78.4615385,175.749389 L78.4615385,102.2092 L13.1398162,64.4731256 L13.1398162,129.181112 L36.352167,115.771438 C37.9764468,119.873152 40.1038639,123.720553 42.6582364,127.237412 L18.5723996,141.151695 L78.4615385,175.749389 Z M91.5384615,175.749389 L151.4276,141.151695 L127.341764,127.237412 C129.896136,123.720553 132.023553,119.873152 133.647833,115.771438 L156.860184,129.181112 L156.860184,64.4731256 L91.5384615,102.2092 L91.5384615,175.749389 Z M18.0061522,52.1754237 L85,90.8774777 L151.993848,52.1754237 L91.5384615,17.2506105 L91.5384615,44.565949 C89.3964992,44.2986903 87.2143177,44.1610169 85,44.1610169 C82.7856823,44.1610169 80.6035008,44.2986903 78.4615385,44.565949 L78.4615385,17.2506105 L18.0061522,52.1754237 Z M90.8846156,1.76392358 L164.052491,44.0326866 C167.693904,46.1363149 169.937107,50.0239804 169.937107,54.231237 L169.937107,138.768763 C169.937107,142.97602 167.693904,146.863685 164.052491,148.967313 L90.8846156,191.236076 C87.2432028,193.339705 82.7567972,193.339705 79.1153844,191.236076 L5.94750871,148.967313 C2.30609589,146.863685 0.0628930904,142.97602 0.0628930904,138.768763 L0.0628930904,54.231237 C0.0628930904,50.0239804 2.30609589,46.1363149 5.94750871,44.0326866 L79.1153844,1.76392358 C82.7567972,-0.339704735 87.2432028,-0.339704735 90.8846156,1.76392358 Z" id="app" fill="#4842B7"></path></g></g></g></g></svg><h1>Sorry, you've been blocked</h1><p>Contact the website owner</p></main><footer><p>Security provided by <a href="https://www.sqreen.com/?utm_medium=block_page" target="_blank">Sqreen</a></p></footer></body></html>

data/lib/sqreen/ca.crt

@@ -70,3 +70,27 @@ WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
 4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
 hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
 -----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx
+EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
+HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs
+ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD
+VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy
+ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy
+dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p
+OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2
+8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K
+Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe
+hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk
+6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw
+DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q
+AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI
+bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB
+ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z
+qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
+0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
+sSi6
+-----END CERTIFICATE-----

data/lib/sqreen/configuration.rb

@@ -39,11 +39,15 @@ module Sqreen
     { :env => :SQREEN_LIBSQREEN, :name => :libsqreen,
       :default => true, :convert => :to_bool },
     { :env => :SQREEN_WEAVE, :name => :weave,
-      :default => false, :convert => :to_bool },
+      :default => true, :convert => :to_bool },
     { :env => :SQREEN_WEAVE_STRATEGY, :name => :weave_strategy,
-      :default => :chain, :convert => :to_sym },
-    { :env => :SQREEN_URL,       :name => :url,
-      :default => 'https://back.sqreen.io' },
+      :default => :prepend, :convert => :to_sym },
+    { :env => :SQREEN_URL, :name => :url,
+      :default => nil },
+    { :env => :SQREEN_INGESTION_URL, :name => :ingestion_url,
+      :default => nil },
+    { :env => :SQREEN_PROXY_URL, :name => :proxy_url,
+      :default => nil },
     { :env => :SQREEN_TOKEN,     :name => :token,
       :default => nil },
     { :env => :SQREEN_APP_NAME,  :name => :app_name,
@@ -74,6 +78,8 @@ module Sqreen
       :default => nil },
     { :env => :SQREEN_STRIP_SENSITIVE_REGEX, :name => :strip_sensitive_regex,
       :default => nil },
+    { :env => :SQREEN_NO_SNIFF_DOMAINS, :name => :no_sniff_domains,
+      :default => false },
 
   ].freeze
 

data/lib/sqreen/deliveries/batch.rb

@@ -8,10 +8,13 @@
 # TODO: Sqreen::RequestRecord => sqreen/events
 # TODO: Sqreen.time
 
+require 'sqreen/aggregated_metric'
 require 'sqreen/events/attack'
 require 'sqreen/events/remote_exception'
 require 'sqreen/mono_time'
 require 'sqreen/deliveries/simple'
+require 'sqreen/kit/signals/signal'
+require 'sqreen/kit/signals/trace'
 
 module Sqreen
   module Deliveries
@@ -57,7 +60,7 @@ module Sqreen
       def post_batch_needed?(event)
         now = Sqreen.time
         # do not use any? {} due to side effects inside block
-        event_keys(event).map do |key|
+        event_keys(event).uniq.map do |key|
           was = @first_seen[key]
           @first_seen[key] ||= now
           was.nil? || current_batch.size > max_batch || now > (was + max_staleness)
@@ -85,15 +88,22 @@ module Sqreen
         res += event.observed.fetch(:sdk, []).select { |e|
             e[0] == :track
         }.map { |e| "sdk-track".freeze }
+        res += event.observed.fetch(:signals, []).map { "signal".freeze }
         return res
       end
 
       def event_key(event)
         case event
         when Sqreen::Attack
-          "att-#{event.type}"
+          "att-#{event.rule_name}"
         when Sqreen::RemoteException
           "rex-#{event.klass}"
+        when Sqreen::AggregatedMetric
+          "agg-metric"
+        when Sqreen::Kit::Signals::Signal
+          "signal"
+        when Sqreen::Kit::Signals::Trace
+          "signal"
         end
       end
     end

data/lib/sqreen/deliveries/simple.rb

@@ -7,6 +7,7 @@
 # TODO: Sqreen::RemoteException  => sqreen/events
 # TODO: Sqreen::RequestRecord => sqreen/events
 
+require 'sqreen/log/loggable'
 require 'sqreen/events/attack'
 require 'sqreen/events/remote_exception'
 require 'sqreen/events/request_record'
@@ -15,6 +16,7 @@ module Sqreen
   module Deliveries
     # Simple delivery method that directly call session on event
     class Simple
+      include Log::Loggable
       attr_accessor :session
 
       def initialize(session)
@@ -29,6 +31,8 @@ module Sqreen
           session.post_sqreen_exception(event)
         when Sqreen::RequestRecord
           session.post_request_record(event)
+        when Sqreen::AggregatedMetric
+          logger.warn 'Delivery of metrics using signals is not supported with simple delivery'
         else
           session.post_event(event)
         end

data/lib/sqreen/ecosystem.rb

@@ -0,0 +1,80 @@
+require 'securerandom'
+require 'sqreen/ecosystem/module_registry'
+require 'sqreen/ecosystem/tracing/sampling_configuration'
+require 'sqreen/ecosystem/transaction_storage'
+require 'sqreen/ecosystem/tracing_id_setup'
+require 'sqreen/ecosystem/module_api/tracing_push_down'
+
+module Sqreen
+  # The API for the ecosystem client (together with the dispatch table)
+  module Ecosystem
+    class << self
+      def init(opts = {})
+        @registry = ModuleRegistry.new
+        register_modules(opts[:modules])
+        @registry.init_all
+
+        @tracing_id_setup = TracingIdSetup.new(@registry)
+        @tracing_id_setup.setup_modules
+      end
+
+      def reset
+        instance_variables.each do |ia|
+          instance_variable_set(ia, nil)
+        end
+      end
+
+      # To be called by the Ecosystem client when a new transaction
+      # (generally: request) is started
+      # In the future, it's intended that request end/start detection be handled
+      # by the Ecosystem itself, so control will flow in the other direction,
+      # from the ecosystem to its client
+      def start_transaction
+        TransactionStorage.create_thread_local
+      end
+
+      def end_transaction
+        TransactionStorage.destroy_thread_local
+      end
+
+      # @param [String] tracing_id_prefix
+      # @param [Array<Hash{String=>Object}>] sampling_config
+      def configure_sampling(tracing_id_prefix, sampling_config)
+        @tracing_id_setup.tracing_id_prefix = tracing_id_prefix
+        built_samp_cfg = Tracing::SamplingConfiguration.new(sampling_config)
+        inject_sampling_config(built_samp_cfg)
+      end
+
+      private
+
+      def register_modules(modules)
+        return register_all_modules unless modules
+
+        modules.each { |mod| register mod }
+      end
+
+      def register_all_modules
+        # replace with something more magical?
+        require_relative 'ecosystem/http/rack_request'
+        register Http::RackRequest.new
+
+        require_relative 'ecosystem/http/net_http'
+        register Http::NetHttp.new
+
+        require_relative 'ecosystem/redis/redis_connection'
+        register Redis::RedisConnection.new
+      end
+
+      def register(mod)
+        @registry.register mod
+      end
+
+      # @param [Sqreen::Ecosystem::SamplingConfiguration] config
+      def inject_sampling_config(config)
+        @registry.each_module(Sqreen::Ecosystem::ModuleApi::TracingPushDown) do |mod|
+          mod.sampling_config = config
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/dispatch_table.rb

@@ -0,0 +1,43 @@
+require 'logger'
+
+module Sqreen
+  module Ecosystem
+    # Configured by the ecosystem client
+    module DispatchTable
+      class << self
+        # data consumption
+        # argument: +Sqreen::Kit::Signals::Signal+
+        # see +Sqreen::EcosystemIntegration::SignalConsumption#consume_signal+
+        attr_accessor :consume_signal
+
+        # argument: block taking a Rack::Request
+        # see +Sqreen::EcosystemIntegration::RequestLifecycleTracking#add_start_observer+
+        attr_accessor :add_request_start_listener
+
+        attr_accessor :fetch_logger
+
+        # argument: callback taking:
+        # * the method to instrument
+        # * A Hash{Symbol=>Proc} with the advice. The proc takes the
+        # arguments and the ball, so these details of the instrumentation
+        # implementation leak through the abstraction
+        # see +Sqreen::EcosystemIntegration::InstrumentationService+
+        attr_accessor :instrument
+
+        def reset
+          instance_variables.each do |ia|
+            instance_variable_set(ia, nil)
+          end
+
+          # set default logger
+          logger = ::Logger.new(STDERR)
+          logger.level = ::Logger::WARN
+          logger.progname = 'sqreen-ecosystem'
+          self.fetch_logger = proc { logger }
+        end
+      end
+
+      reset
+    end
+  end
+end

data/lib/sqreen/ecosystem/http/net_http.rb

@@ -0,0 +1,51 @@
+require 'sqreen/ecosystem/module_api'
+require 'sqreen/ecosystem/module_api/instrumentation'
+require 'sqreen/ecosystem/module_api/tracing_push_down'
+require 'sqreen/ecosystem/module_api/signal_producer'
+require 'sqreen/ecosystem/module_api/transaction_storage'
+require 'sqreen/ecosystem/tracing/signals/tracing_client'
+
+module Sqreen
+  module Ecosystem
+    module Http
+      class NetHttp
+        include ModuleApi::Instrumentation
+        include ModuleApi::SignalProducer
+        include ModuleApi::TracingPushDown
+
+        def setup
+          instrument 'Net::HTTP#request', before: method(:before_advice)
+        end
+
+        private
+
+        # instr. def request(req, body = nil, &block)  # :yield: +response+
+        # req is of type +Net::HTTPGenericRequest+
+        def before_advice(call, _ball)
+          return unless should_sample?('client')
+
+          tracing_id = create_tracing_id
+
+          # build & submit signal
+          host = call.instance.address
+          port = call.instance.port
+
+          host += ':' + port.to_s if port != 80 && port != 443
+
+          signal = Tracing::Signals::TracingClient.new
+          signal.payload = Tracing::Signals::TracingClient::Payload.new(
+            transport: 'http',
+            host: host,
+            tracing_identifier: tracing_id
+          )
+
+          submit_signal signal
+
+          # add tracing header, if available
+          req = call.args[0]
+          req[ModuleApi::TRACE_ID_HEADER] = tracing_id
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/http/rack_request.rb

@@ -0,0 +1,38 @@
+require 'sqreen/ecosystem/module_api'
+require 'sqreen/ecosystem/module_api/event_listener'
+require 'sqreen/ecosystem/module_api/signal_producer'
+require 'sqreen/ecosystem/module_api/tracing_push_down'
+require 'sqreen/ecosystem/tracing/signals/tracing_server'
+
+module Sqreen
+  module Ecosystem
+    module Http
+      class RackRequest
+        include ModuleApi::EventListener
+        include ModuleApi::TracingPushDown
+        include ModuleApi::SignalProducer
+
+        def setup
+          on_request_start(&method(:handle_request))
+        end
+
+        private
+
+        def handle_request(rack_request)
+          return unless should_sample?('server')
+
+          trace_id = rack_request.env[ModuleApi::TRACE_ID_ENV_KEY]
+
+          signal = Tracing::Signals::TracingServer.new
+          signal.payload = Tracing::Signals::TracingServer::Payload.new(
+            transport: 'http',
+            client_ip: rack_request.ip,
+            tracing_identifier: trace_id
+          )
+
+          submit_signal signal
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/loggable.rb

@@ -0,0 +1,13 @@
+require 'sqreen/ecosystem/dispatch_table'
+
+module Sqreen
+  module Ecosystem
+    module Loggable
+      private
+
+      def logger
+        DispatchTable.fetch_logger.call
+      end
+    end
+  end
+end