sqreen 1.19.4 → 1.20.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -2
- data/lib/sqreen/aggregated_metric.rb +25 -0
- data/lib/sqreen/configuration.rb +7 -3
- data/lib/sqreen/deliveries/batch.rb +4 -1
- data/lib/sqreen/deliveries/simple.rb +4 -0
- data/lib/sqreen/event.rb +7 -5
- data/lib/sqreen/events/attack.rb +23 -18
- data/lib/sqreen/events/remote_exception.rb +0 -22
- data/lib/sqreen/events/request_record.rb +15 -70
- data/lib/sqreen/frameworks/request_recorder.rb +13 -2
- data/lib/sqreen/kit/signals/specialized/aggregated_metric.rb +72 -0
- data/lib/sqreen/kit/signals/specialized/attack.rb +57 -0
- data/lib/sqreen/kit/signals/specialized/binning_metric.rb +76 -0
- data/lib/sqreen/kit/signals/specialized/http_trace.rb +26 -0
- data/lib/sqreen/kit/signals/specialized/sdk_track_call.rb +50 -0
- data/lib/sqreen/kit/signals/specialized/sqreen_exception.rb +57 -0
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +221 -0
- data/lib/sqreen/legacy/waf_redactions.rb +49 -0
- data/lib/sqreen/metrics/base.rb +3 -0
- data/lib/sqreen/metrics_store.rb +22 -12
- data/lib/sqreen/performance_notifications/binned_metrics.rb +8 -2
- data/lib/sqreen/rules.rb +4 -2
- data/lib/sqreen/rules/rule_cb.rb +2 -0
- data/lib/sqreen/rules/waf_cb.rb +11 -8
- data/lib/sqreen/runner.rb +43 -5
- data/lib/sqreen/sensitive_data_redactor.rb +19 -31
- data/lib/sqreen/session.rb +39 -37
- data/lib/sqreen/signals/conversions.rb +283 -0
- data/lib/sqreen/signals/http_trace_redaction.rb +111 -0
- data/lib/sqreen/signals/signals_submission_strategy.rb +78 -0
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/legacy/instrumentation.rb +0 -10
- metadata +44 -6
- data/lib/sqreen/backport.rb +0 -9
- data/lib/sqreen/backport/clock_gettime.rb +0 -74
- data/lib/sqreen/backport/original_name.rb +0 -88
data/lib/sqreen/version.rb
CHANGED
@@ -8,7 +8,6 @@ require 'sqreen/graft/hook_point'
|
|
8
8
|
require 'sqreen/call_countable'
|
9
9
|
require 'sqreen/rules'
|
10
10
|
require 'sqreen/rules/record_request_context'
|
11
|
-
require 'sqreen/sqreen_signed_verifier'
|
12
11
|
|
13
12
|
class Sqreen::Weave::Legacy::Instrumentation
|
14
13
|
attr_accessor :metrics_engine
|
@@ -85,15 +84,6 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
85
84
|
|
86
85
|
### set up rule signature verifier
|
87
86
|
verifier = nil
|
88
|
-
if Sqreen.features['rules_signature'] &&
|
89
|
-
Sqreen.config_get(:rules_verify_signature) == true &&
|
90
|
-
!defined?(::JRUBY_VERSION)
|
91
|
-
verifier = Sqreen::SqreenSignedVerifier.new
|
92
|
-
Sqreen::Weave.logger.debug('Rules signature enabled')
|
93
|
-
else
|
94
|
-
Sqreen::Weave.logger.debug('Rules signature disabled')
|
95
|
-
end
|
96
|
-
|
97
87
|
### force clean instrumentation callback list
|
98
88
|
@hooks = []
|
99
89
|
### for each rule description
|
metadata
CHANGED
@@ -1,15 +1,43 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sqreen
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.20.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sqreen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-06-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: sqreen-backport
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 0.1.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 0.1.0
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: sqreen-kit
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: 0.2.0
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: 0.2.0
|
13
41
|
- !ruby/object:Gem::Dependency
|
14
42
|
name: sq_mini_racer
|
15
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -65,11 +93,9 @@ files:
|
|
65
93
|
- lib/sqreen/actions/user_action_class.rb
|
66
94
|
- lib/sqreen/actions/users_index.rb
|
67
95
|
- lib/sqreen/agent.rb
|
96
|
+
- lib/sqreen/aggregated_metric.rb
|
68
97
|
- lib/sqreen/attack_blocked.rb
|
69
98
|
- lib/sqreen/attack_detected.html
|
70
|
-
- lib/sqreen/backport.rb
|
71
|
-
- lib/sqreen/backport/clock_gettime.rb
|
72
|
-
- lib/sqreen/backport/original_name.rb
|
73
99
|
- lib/sqreen/binding_accessor.rb
|
74
100
|
- lib/sqreen/binding_accessor/path_elem.rb
|
75
101
|
- lib/sqreen/binding_accessor/transforms.rb
|
@@ -129,8 +155,16 @@ files:
|
|
129
155
|
- lib/sqreen/js/mini_racer_adapter.rb
|
130
156
|
- lib/sqreen/js/mini_racer_executable_js.rb
|
131
157
|
- lib/sqreen/js/thread_local_exec_js_runnable.rb
|
158
|
+
- lib/sqreen/kit/signals/specialized/aggregated_metric.rb
|
159
|
+
- lib/sqreen/kit/signals/specialized/attack.rb
|
160
|
+
- lib/sqreen/kit/signals/specialized/binning_metric.rb
|
161
|
+
- lib/sqreen/kit/signals/specialized/http_trace.rb
|
162
|
+
- lib/sqreen/kit/signals/specialized/sdk_track_call.rb
|
163
|
+
- lib/sqreen/kit/signals/specialized/sqreen_exception.rb
|
132
164
|
- lib/sqreen/legacy.rb
|
133
165
|
- lib/sqreen/legacy/instrumentation.rb
|
166
|
+
- lib/sqreen/legacy/old_event_submission_strategy.rb
|
167
|
+
- lib/sqreen/legacy/waf_redactions.rb
|
134
168
|
- lib/sqreen/log.rb
|
135
169
|
- lib/sqreen/log/loggable.rb
|
136
170
|
- lib/sqreen/logger.rb
|
@@ -201,6 +235,9 @@ files:
|
|
201
235
|
- lib/sqreen/shared_storage.rb
|
202
236
|
- lib/sqreen/shared_storage23.rb
|
203
237
|
- lib/sqreen/shrink_wrap.rb
|
238
|
+
- lib/sqreen/signals/conversions.rb
|
239
|
+
- lib/sqreen/signals/http_trace_redaction.rb
|
240
|
+
- lib/sqreen/signals/signals_submission_strategy.rb
|
204
241
|
- lib/sqreen/signature_verifier.rb
|
205
242
|
- lib/sqreen/sinatra_middleware.rb
|
206
243
|
- lib/sqreen/sqreen_signed_verifier.rb
|
@@ -253,7 +290,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
253
290
|
- !ruby/object:Gem::Version
|
254
291
|
version: '0'
|
255
292
|
requirements: []
|
256
|
-
|
293
|
+
rubyforge_project:
|
294
|
+
rubygems_version: 2.7.7
|
257
295
|
signing_key:
|
258
296
|
specification_version: 4
|
259
297
|
summary: Sqreen Ruby agent
|
data/lib/sqreen/backport.rb
DELETED
@@ -1,74 +0,0 @@
|
|
1
|
-
# typed: ignore
|
2
|
-
|
3
|
-
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
-
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
-
|
6
|
-
require 'sqreen/backport'
|
7
|
-
|
8
|
-
module Sqreen
|
9
|
-
module Backport
|
10
|
-
module ClockGettime
|
11
|
-
class << self
|
12
|
-
def supported?
|
13
|
-
Process.respond_to?(:clock_gettime)
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
unless supported?
|
18
|
-
require 'ffi'
|
19
|
-
|
20
|
-
class Timespec < FFI::Struct
|
21
|
-
layout :tv_sec => :time_t, :tv_nsec => :long
|
22
|
-
end
|
23
|
-
|
24
|
-
module LibC
|
25
|
-
extend FFI::Library
|
26
|
-
ffi_lib FFI::Library::LIBC
|
27
|
-
|
28
|
-
# TODO: FFI::NotFoundError
|
29
|
-
|
30
|
-
if RUBY_PLATFORM =~ /darwin/
|
31
|
-
attach_function :mach_absolute_time, [], :uint64
|
32
|
-
end
|
33
|
-
|
34
|
-
attach_function :clock_gettime, [:int, :pointer], :int
|
35
|
-
end
|
36
|
-
|
37
|
-
module Constants
|
38
|
-
case RUBY_PLATFORM
|
39
|
-
when /darwin/
|
40
|
-
CLOCK_REALTIME = 0
|
41
|
-
CLOCK_MONOTONIC = 6
|
42
|
-
CLOCK_PROCESS_CPUTIME_ID = 12
|
43
|
-
CLOCK_THERAD_CPUTIME_ID = 16
|
44
|
-
when /linux/
|
45
|
-
CLOCK_REALTIME = 0
|
46
|
-
CLOCK_MONOTONIC = 1
|
47
|
-
CLOCK_PROCESS_CPUTIME_ID = 2
|
48
|
-
CLOCK_THREAD_CPUTIME_ID = 3
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
def clock_gettime(clock_id, unit = :float_second)
|
53
|
-
unless unit == :float_second
|
54
|
-
raise "Process.clock_gettime: unsupported unit #{unit.inspect}"
|
55
|
-
end
|
56
|
-
|
57
|
-
t = Timespec.new
|
58
|
-
ret = LibC.clock_gettime(clock_id, t.pointer)
|
59
|
-
|
60
|
-
raise SystemCallError, "Errno #{FFI.errno}" if ret == -1
|
61
|
-
|
62
|
-
t[:tv_sec].to_f + t[:tv_nsec].to_f / 1_000_000_000
|
63
|
-
end
|
64
|
-
end
|
65
|
-
end
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
unless Sqreen::Backport::ClockGettime.supported?
|
70
|
-
Process.instance_eval do
|
71
|
-
extend Sqreen::Backport::ClockGettime
|
72
|
-
include Sqreen::Backport::ClockGettime::Constants
|
73
|
-
end
|
74
|
-
end
|
@@ -1,88 +0,0 @@
|
|
1
|
-
# typed: false
|
2
|
-
|
3
|
-
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
-
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
-
|
6
|
-
module Sqreen
|
7
|
-
module Backport
|
8
|
-
module OriginalName
|
9
|
-
HAS_UNBOUND_METHOD_ORIGINAL_NAME = ::UnboundMethod.instance_methods(false).include?(:original_name)
|
10
|
-
HAS_METHOD_ORIGINAL_NAME = ::Method.instance_methods(false).include?(:original_name)
|
11
|
-
|
12
|
-
def original_name
|
13
|
-
self.class.get_original_name(owner, original_name_key) || self.original_name = name
|
14
|
-
end
|
15
|
-
|
16
|
-
private
|
17
|
-
|
18
|
-
def original_name=(name)
|
19
|
-
self.class.set_original_name(owner, original_name_key, name)
|
20
|
-
end
|
21
|
-
|
22
|
-
def original_name_key
|
23
|
-
return hash if is_a?(::UnboundMethod)
|
24
|
-
|
25
|
-
owner.instance_method(name).hash
|
26
|
-
end
|
27
|
-
|
28
|
-
class << self
|
29
|
-
def supported?
|
30
|
-
!::Kernel.const_defined?(:JRUBY_VERSION) && HAS_UNBOUND_METHOD_ORIGINAL_NAME && HAS_METHOD_ORIGINAL_NAME
|
31
|
-
end
|
32
|
-
|
33
|
-
def included(klass)
|
34
|
-
klass.extend(ClassMethods)
|
35
|
-
end
|
36
|
-
|
37
|
-
def prepended(klass)
|
38
|
-
klass.extend(ClassMethods)
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
class Store < ::Hash; end
|
43
|
-
|
44
|
-
module ClassMethods
|
45
|
-
def original_names(owner)
|
46
|
-
owner.instance_eval { @__sqreen_backport_original_names ||= Store.new }
|
47
|
-
end
|
48
|
-
|
49
|
-
def get_original_name(owner, key)
|
50
|
-
original_names(owner)[key]
|
51
|
-
end
|
52
|
-
|
53
|
-
def set_original_name(owner, key, name)
|
54
|
-
original_names(owner)[key] ||= name
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
class UnboundMethod
|
62
|
-
if Sqreen::Backport::OriginalName::HAS_UNBOUND_METHOD_ORIGINAL_NAME
|
63
|
-
prepend Sqreen::Backport::OriginalName
|
64
|
-
else
|
65
|
-
include Sqreen::Backport::OriginalName
|
66
|
-
end
|
67
|
-
end unless Sqreen::Backport::OriginalName.supported?
|
68
|
-
|
69
|
-
class Method
|
70
|
-
if Sqreen::Backport::OriginalName::HAS_METHOD_ORIGINAL_NAME
|
71
|
-
prepend Sqreen::Backport::OriginalName
|
72
|
-
else
|
73
|
-
include Sqreen::Backport::OriginalName
|
74
|
-
end
|
75
|
-
end unless Sqreen::Backport::OriginalName.supported?
|
76
|
-
|
77
|
-
class Module
|
78
|
-
alias_method(:alias_method_without_original_name, :alias_method)
|
79
|
-
|
80
|
-
def alias_method_with_original_name(newname, oldname)
|
81
|
-
alias_method_without_original_name(newname, oldname).tap do
|
82
|
-
instance_method(newname).send(:original_name=, :"#{oldname}")
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
alias_method_with_original_name(:alias_method_without_original_name, :alias_method)
|
87
|
-
alias_method_with_original_name(:alias_method, :alias_method_with_original_name)
|
88
|
-
end unless Sqreen::Backport::OriginalName.supported?
|