sqreen 1.20.0-java → 1.21.1-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +37 -0
- data/lib/sqreen/actions/block_user.rb +1 -1
- data/lib/sqreen/actions/redirect_ip.rb +1 -1
- data/lib/sqreen/actions/redirect_user.rb +1 -1
- data/lib/sqreen/agent_message.rb +20 -0
- data/lib/sqreen/attack_detected.html +1 -2
- data/lib/sqreen/ca.crt +24 -0
- data/lib/sqreen/condition_evaluator.rb +8 -2
- data/lib/sqreen/configuration.rb +5 -3
- data/lib/sqreen/deferred_logger.rb +50 -14
- data/lib/sqreen/deliveries/batch.rb +8 -1
- data/lib/sqreen/dependency/detector.rb +11 -3
- data/lib/sqreen/dependency/new_relic.rb +10 -1
- data/lib/sqreen/deprecation.rb +38 -0
- data/lib/sqreen/ecosystem.rb +123 -0
- data/lib/sqreen/ecosystem/databases/database_connection_data.rb +23 -0
- data/lib/sqreen/ecosystem/databases/mongo.rb +39 -0
- data/lib/sqreen/ecosystem/databases/mysql.rb +54 -0
- data/lib/sqreen/ecosystem/databases/postgres.rb +51 -0
- data/lib/sqreen/ecosystem/databases/redis.rb +36 -0
- data/lib/sqreen/ecosystem/dispatch_table.rb +43 -0
- data/lib/sqreen/ecosystem/exception_reporting.rb +28 -0
- data/lib/sqreen/ecosystem/http/net_http.rb +50 -0
- data/lib/sqreen/ecosystem/http/rack_request.rb +39 -0
- data/lib/sqreen/ecosystem/loggable.rb +13 -0
- data/lib/sqreen/ecosystem/messaging/bunny.rb +61 -0
- data/lib/sqreen/ecosystem/messaging/kafka.rb +70 -0
- data/lib/sqreen/ecosystem/messaging/kinesis.rb +66 -0
- data/lib/sqreen/ecosystem/messaging/sqs.rb +68 -0
- data/lib/sqreen/ecosystem/module_api.rb +30 -0
- data/lib/sqreen/ecosystem/module_api/event_listener.rb +18 -0
- data/lib/sqreen/ecosystem/module_api/instrumentation.rb +23 -0
- data/lib/sqreen/ecosystem/module_api/message_producer.rb +57 -0
- data/lib/sqreen/ecosystem/module_api/signal_producer.rb +24 -0
- data/lib/sqreen/ecosystem/module_api/tracing.rb +45 -0
- data/lib/sqreen/ecosystem/module_api/tracing/client_data.rb +31 -0
- data/lib/sqreen/ecosystem/module_api/tracing/consumer_data.rb +13 -0
- data/lib/sqreen/ecosystem/module_api/tracing/messaging_data.rb +35 -0
- data/lib/sqreen/ecosystem/module_api/tracing/producer_data.rb +13 -0
- data/lib/sqreen/ecosystem/module_api/tracing/server_data.rb +27 -0
- data/lib/sqreen/ecosystem/module_api/tracing_id_generation.rb +16 -0
- data/lib/sqreen/ecosystem/module_api/transaction_storage.rb +71 -0
- data/lib/sqreen/ecosystem/module_registry.rb +48 -0
- data/lib/sqreen/ecosystem/tracing/modules/client.rb +35 -0
- data/lib/sqreen/ecosystem/tracing/modules/consumer.rb +35 -0
- data/lib/sqreen/ecosystem/tracing/modules/determine_ip.rb +28 -0
- data/lib/sqreen/ecosystem/tracing/modules/producer.rb +35 -0
- data/lib/sqreen/ecosystem/tracing/modules/server.rb +30 -0
- data/lib/sqreen/ecosystem/tracing/sampler.rb +160 -0
- data/lib/sqreen/ecosystem/tracing/sampling_configuration.rb +150 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_client.rb +53 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_consumer.rb +56 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_producer.rb +56 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_server.rb +53 -0
- data/lib/sqreen/ecosystem/tracing_broker.rb +101 -0
- data/lib/sqreen/ecosystem/tracing_id_setup.rb +34 -0
- data/lib/sqreen/ecosystem/transaction_storage.rb +64 -0
- data/lib/sqreen/ecosystem/util/call_writers_from_init.rb +13 -0
- data/lib/sqreen/ecosystem_integration.rb +81 -0
- data/lib/sqreen/ecosystem_integration/around_callbacks.rb +89 -0
- data/lib/sqreen/ecosystem_integration/instrumentation_service.rb +38 -0
- data/lib/sqreen/ecosystem_integration/request_lifecycle_tracking.rb +58 -0
- data/lib/sqreen/ecosystem_integration/signal_consumption.rb +35 -0
- data/lib/sqreen/endpoint_testing.rb +184 -0
- data/lib/sqreen/events/request_record.rb +0 -1
- data/lib/sqreen/frameworks/generic.rb +24 -1
- data/lib/sqreen/frameworks/rails.rb +0 -7
- data/lib/sqreen/frameworks/request_recorder.rb +2 -0
- data/lib/sqreen/graft/call.rb +85 -18
- data/lib/sqreen/graft/callback.rb +1 -1
- data/lib/sqreen/graft/hook.rb +192 -88
- data/lib/sqreen/graft/hook_point.rb +18 -11
- data/lib/sqreen/kit/signals/specialized/sqreen_exception.rb +2 -0
- data/lib/sqreen/legacy/instrumentation.rb +22 -10
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +9 -2
- data/lib/sqreen/log.rb +3 -2
- data/lib/sqreen/log/loggable.rb +2 -1
- data/lib/sqreen/logger.rb +24 -0
- data/lib/sqreen/metrics_store.rb +11 -0
- data/lib/sqreen/null_logger.rb +22 -0
- data/lib/sqreen/remote_command.rb +4 -0
- data/lib/sqreen/rules.rb +8 -4
- data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -2
- data/lib/sqreen/rules/custom_error_cb.rb +3 -3
- data/lib/sqreen/rules/rule_cb.rb +2 -0
- data/lib/sqreen/rules/waf_cb.rb +3 -3
- data/lib/sqreen/runner.rb +83 -14
- data/lib/sqreen/session.rb +19 -11
- data/lib/sqreen/signals/conversions.rb +6 -1
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/budget.rb +46 -0
- data/lib/sqreen/weave/legacy/instrumentation.rb +194 -103
- data/lib/sqreen/worker.rb +6 -2
- metadata +58 -6
- data/lib/sqreen/encoding_sanitizer.rb +0 -27
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 7da0143942d8b7ab1904204694ff425b28063c4a
|
|
4
|
+
data.tar.gz: 9c18ce7181ba9e6d059f7265108fa1abbc8d9c99
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 54eba17e83cb41dd546c16caa7543da24b72b7c2768e782a667278a0ce7d07c18cbd6477fa72f71530e0fe34cf64e1a691ed179a6c07c9d883030560791f7659
|
|
7
|
+
data.tar.gz: 3e716230761babffbe1abe97d18062887ea371800d98c5a6a85a92970c61b59cf7d2ca2d99f3947be54b1e6ef99ed19e557b8c39a662bdaeefaebec8e148f937
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,40 @@
|
|
|
1
|
+
## 1.21.1
|
|
2
|
+
|
|
3
|
+
* Work around NewRelic initialisation (see https://github.com/newrelic/newrelic-ruby-agent/issues/461)
|
|
4
|
+
|
|
5
|
+
## 1.21.0
|
|
6
|
+
|
|
7
|
+
* Add support for transport and tracing facilities
|
|
8
|
+
|
|
9
|
+
## 1.20.4
|
|
10
|
+
|
|
11
|
+
* Fix missing budget check
|
|
12
|
+
* Improve performance
|
|
13
|
+
* Align internal setting name for WAF
|
|
14
|
+
* Include response information in all payloads
|
|
15
|
+
* Improve robustness against invalid Unicode
|
|
16
|
+
* Prevent rule execution to pursue in early block cases
|
|
17
|
+
|
|
18
|
+
## 1.20.4.beta1
|
|
19
|
+
|
|
20
|
+
* Add optional dynamic time budget
|
|
21
|
+
* Add advanced per request metrics
|
|
22
|
+
* Improve robustness against exception in instrumentation
|
|
23
|
+
* Improve metric engine thread safety
|
|
24
|
+
* Restrict deferred logger to final logger severity on agent boot
|
|
25
|
+
|
|
26
|
+
## 1.20.3
|
|
27
|
+
|
|
28
|
+
* Fix signature check
|
|
29
|
+
|
|
30
|
+
## 1.20.2
|
|
31
|
+
|
|
32
|
+
* Fix performance regression in instrumentation engine
|
|
33
|
+
|
|
34
|
+
## 1.20.1
|
|
35
|
+
|
|
36
|
+
* Add fallback mechanisms when connecting to new Sqreen backend API domains
|
|
37
|
+
|
|
1
38
|
## 1.20.0
|
|
2
39
|
|
|
3
40
|
* Enable new instrumentation engine by default
|
|
@@ -24,7 +24,7 @@ module Sqreen
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def do_run(identity_params)
|
|
27
|
-
Sqreen.log.
|
|
27
|
+
Sqreen.log.debug 'Will request redirect for user with identity ' \
|
|
28
28
|
"#{identity_params} (action: #{id})."
|
|
29
29
|
|
|
30
30
|
e = Sqreen::AttackBlocked.new(
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
require 'digest'
|
|
2
|
+
|
|
3
|
+
module Sqreen
|
|
4
|
+
class AgentMessage
|
|
5
|
+
def initialize(kind, message, id = nil)
|
|
6
|
+
id ||= message + "\x00" + kind
|
|
7
|
+
@hash_hex = Digest::SHA1.hexdigest(id)
|
|
8
|
+
@kind = kind
|
|
9
|
+
@message = message
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def to_h
|
|
13
|
+
{
|
|
14
|
+
id: @hash_hex,
|
|
15
|
+
kind: @kind,
|
|
16
|
+
message: @message,
|
|
17
|
+
}
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -1,2 +1 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
<!-- Sorry, you’ve been blocked --><!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>You've been blocked</title><style>a,body,div,h1,html,span{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}body{background:-webkit-radial-gradient(26% 19%,circle,#fff,#f4f7f9);background:radial-gradient(circle at 26% 19%,#fff,#f4f7f9);display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;width:100%;min-height:100vh;line-height:1;flex-direction:column}h1,p,svg{display:block}svg{margin:0 auto 4vh}main{text-align:center;flex:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;flex-direction:column}h1{font-family:sans-serif;font-weight:600;font-size:34px;color:#1e0936;line-height:1.2}p{font-size:18px;line-height:normal;color:#646464;font-family:sans-serif;font-weight:400}a{color:#4842b7}footer{width:100%;text-align:center}footer p{font-size:16px}</style></head><body><main><svg width="170px" height="193px" viewBox="0 0 170 193" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true"><g id="exports" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g id="Artboard" transform="translate(-186.000000, -189.000000)"><g id="logo-cmyk-indigo" transform="translate(186.000000, 189.000000)"><g id="nest-cmyk-indigo"><ellipse id="sqreen" fill="#B0ACFF" cx="85" cy="96.5" rx="45.7692308" ry="45.7966102"></ellipse><path d="M78.4615385,175.749389 L78.4615385,102.2092 L13.1398162,64.4731256 L13.1398162,129.181112 L36.352167,115.771438 C37.9764468,119.873152 40.1038639,123.720553 42.6582364,127.237412 L18.5723996,141.151695 L78.4615385,175.749389 Z M91.5384615,175.749389 L151.4276,141.151695 L127.341764,127.237412 C129.896136,123.720553 132.023553,119.873152 133.647833,115.771438 L156.860184,129.181112 L156.860184,64.4731256 L91.5384615,102.2092 L91.5384615,175.749389 Z M18.0061522,52.1754237 L85,90.8774777 L151.993848,52.1754237 L91.5384615,17.2506105 L91.5384615,44.565949 C89.3964992,44.2986903 87.2143177,44.1610169 85,44.1610169 C82.7856823,44.1610169 80.6035008,44.2986903 78.4615385,44.565949 L78.4615385,17.2506105 L18.0061522,52.1754237 Z M90.8846156,1.76392358 L164.052491,44.0326866 C167.693904,46.1363149 169.937107,50.0239804 169.937107,54.231237 L169.937107,138.768763 C169.937107,142.97602 167.693904,146.863685 164.052491,148.967313 L90.8846156,191.236076 C87.2432028,193.339705 82.7567972,193.339705 79.1153844,191.236076 L5.94750871,148.967313 C2.30609589,146.863685 0.0628930904,142.97602 0.0628930904,138.768763 L0.0628930904,54.231237 C0.0628930904,50.0239804 2.30609589,46.1363149 5.94750871,44.0326866 L79.1153844,1.76392358 C82.7567972,-0.339704735 87.2432028,-0.339704735 90.8846156,1.76392358 Z" id="app" fill="#4842B7"></path></g></g></g></g></svg><h1>Sorry, you've been blocked</h1><p>Contact the website owner</p></main><footer><p>Security provided by <a href="https://www.sqreen.com/?utm_medium=block_page" target="_blank">Sqreen</a></p></footer></body></html>
|
data/lib/sqreen/ca.crt
CHANGED
|
@@ -70,3 +70,27 @@ WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
|
|
|
70
70
|
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
|
|
71
71
|
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
|
|
72
72
|
-----END CERTIFICATE-----
|
|
73
|
+
-----BEGIN CERTIFICATE-----
|
|
74
|
+
MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx
|
|
75
|
+
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
|
|
76
|
+
HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs
|
|
77
|
+
ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
|
|
78
|
+
MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD
|
|
79
|
+
VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy
|
|
80
|
+
ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy
|
|
81
|
+
dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
|
|
82
|
+
hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p
|
|
83
|
+
OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2
|
|
84
|
+
8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K
|
|
85
|
+
Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe
|
|
86
|
+
hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk
|
|
87
|
+
6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw
|
|
88
|
+
DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q
|
|
89
|
+
AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI
|
|
90
|
+
bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB
|
|
91
|
+
ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z
|
|
92
|
+
qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
|
|
93
|
+
iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
|
|
94
|
+
0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
|
|
95
|
+
sSi6
|
|
96
|
+
-----END CERTIFICATE-----
|
|
@@ -67,7 +67,7 @@ module Sqreen
|
|
|
67
67
|
return true if rem <= 0
|
|
68
68
|
if hash.is_a?(Array)
|
|
69
69
|
return hash.any? do |v|
|
|
70
|
-
|
|
70
|
+
hash_key_include?(values, v, min_value_size, rem - 1)
|
|
71
71
|
end
|
|
72
72
|
end
|
|
73
73
|
|
|
@@ -81,7 +81,13 @@ module Sqreen
|
|
|
81
81
|
if hkey.respond_to?(:empty?) && hkey.empty?
|
|
82
82
|
false
|
|
83
83
|
else
|
|
84
|
-
|
|
84
|
+
key_incl = if values.is_a?(String)
|
|
85
|
+
str_include?(values, hkey.to_s)
|
|
86
|
+
else
|
|
87
|
+
values.include?(hkey.to_s)
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
key_incl || hash_key_include?(values, hval, min_value_size, rem - 1)
|
|
85
91
|
end
|
|
86
92
|
end
|
|
87
93
|
end
|
data/lib/sqreen/configuration.rb
CHANGED
|
@@ -43,9 +43,9 @@ module Sqreen
|
|
|
43
43
|
{ :env => :SQREEN_WEAVE_STRATEGY, :name => :weave_strategy,
|
|
44
44
|
:default => :prepend, :convert => :to_sym },
|
|
45
45
|
{ :env => :SQREEN_URL, :name => :url,
|
|
46
|
-
:default =>
|
|
46
|
+
:default => nil },
|
|
47
47
|
{ :env => :SQREEN_INGESTION_URL, :name => :ingestion_url,
|
|
48
|
-
:default =>
|
|
48
|
+
:default => nil },
|
|
49
49
|
{ :env => :SQREEN_PROXY_URL, :name => :proxy_url,
|
|
50
50
|
:default => nil },
|
|
51
51
|
{ :env => :SQREEN_TOKEN, :name => :token,
|
|
@@ -57,7 +57,7 @@ module Sqreen
|
|
|
57
57
|
{ :env => :SQREEN_RULES_SIGNATURE, :name => :rules_verify_signature,
|
|
58
58
|
:default => true },
|
|
59
59
|
{ :env => :SQREEN_LOG_LEVEL, :name => :log_level,
|
|
60
|
-
:default => '
|
|
60
|
+
:default => 'INFO', :choice => %w[UNKNOWN FATAL ERROR WARN INFO DEBUG] },
|
|
61
61
|
{ :env => :SQREEN_LOG_LOCATION, :name => :log_location,
|
|
62
62
|
:default => 'log/sqreen.log' },
|
|
63
63
|
{ :env => :SQREEN_RUN_IN_TEST, :name => :run_in_test,
|
|
@@ -78,6 +78,8 @@ module Sqreen
|
|
|
78
78
|
:default => nil },
|
|
79
79
|
{ :env => :SQREEN_STRIP_SENSITIVE_REGEX, :name => :strip_sensitive_regex,
|
|
80
80
|
:default => nil },
|
|
81
|
+
{ :env => :SQREEN_NO_SNIFF_DOMAINS, :name => :no_sniff_domains,
|
|
82
|
+
:default => false },
|
|
81
83
|
|
|
82
84
|
].freeze
|
|
83
85
|
|
|
@@ -9,35 +9,70 @@ require 'sqreen/logger'
|
|
|
9
9
|
|
|
10
10
|
module Sqreen
|
|
11
11
|
class DeferredLogger
|
|
12
|
-
|
|
12
|
+
MAX_ENTRIES = 1000
|
|
13
|
+
|
|
14
|
+
Entry = Struct.new(:severity, :message)
|
|
13
15
|
|
|
14
16
|
def initialize
|
|
15
17
|
@buffer = StringIO.new
|
|
16
18
|
@logger = ::Logger.new(@buffer)
|
|
19
|
+
@entries = []
|
|
20
|
+
@mutex = Mutex.new
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def debug?
|
|
24
|
+
true
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def info?
|
|
28
|
+
true
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def warn?
|
|
32
|
+
true
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def error?
|
|
36
|
+
true
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def fatal?
|
|
40
|
+
true
|
|
17
41
|
end
|
|
18
42
|
|
|
19
43
|
def debug(msg = nil, &block)
|
|
20
|
-
|
|
44
|
+
add(::Logger::DEBUG, msg, &block)
|
|
21
45
|
end
|
|
22
46
|
|
|
23
47
|
def info(msg = nil, &block)
|
|
24
|
-
|
|
48
|
+
add(::Logger::INFO, msg, &block)
|
|
25
49
|
end
|
|
26
50
|
|
|
27
51
|
def warn(msg = nil, &block)
|
|
28
|
-
|
|
52
|
+
add(::Logger::WARN, msg, &block)
|
|
29
53
|
end
|
|
30
54
|
|
|
31
55
|
def error(msg = nil, &block)
|
|
32
|
-
|
|
56
|
+
add(::Logger::ERROR, msg, &block)
|
|
33
57
|
end
|
|
34
58
|
|
|
35
59
|
def fatal(msg = nil, &block)
|
|
36
|
-
|
|
60
|
+
add(::Logger::FATAL, msg, &block)
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def unknown(msg = nil, &block)
|
|
64
|
+
add(::Logger::UNKNOWN, msg, &block)
|
|
37
65
|
end
|
|
38
66
|
|
|
39
67
|
def add(severity, msg = nil, &block)
|
|
40
|
-
|
|
68
|
+
@mutex.synchronize do
|
|
69
|
+
@entries.shift if @entries.count >= MAX_ENTRIES
|
|
70
|
+
mark = @buffer.pos
|
|
71
|
+
@logger.add(severity, msg, &block)
|
|
72
|
+
@buffer.seek(mark)
|
|
73
|
+
@entries << Entry.new(severity, @buffer.read)
|
|
74
|
+
@buffer.truncate(0)
|
|
75
|
+
end
|
|
41
76
|
end
|
|
42
77
|
|
|
43
78
|
def formatter=(value)
|
|
@@ -45,21 +80,22 @@ module Sqreen
|
|
|
45
80
|
end
|
|
46
81
|
|
|
47
82
|
def flush_to(logger)
|
|
48
|
-
|
|
83
|
+
@mutex.synchronize do
|
|
84
|
+
@entries.each do |entry|
|
|
85
|
+
next if entry.severity < logger.level
|
|
86
|
+
logger.instance_eval { @logdev }.write(entry.message)
|
|
87
|
+
end
|
|
88
|
+
reset
|
|
89
|
+
end
|
|
49
90
|
end
|
|
50
91
|
|
|
51
92
|
private
|
|
52
93
|
|
|
53
|
-
def read
|
|
54
|
-
@buffer.rewind
|
|
55
|
-
@buffer.read
|
|
56
|
-
end
|
|
57
|
-
|
|
58
94
|
def reset
|
|
59
95
|
buffer = StringIO.new
|
|
60
96
|
logger = ::Logger.new(buffer)
|
|
61
97
|
logger.formatter = @logger.formatter
|
|
62
|
-
@buffer, @logger = buffer, logger
|
|
98
|
+
@buffer, @logger, @entries = buffer, logger, []
|
|
63
99
|
end
|
|
64
100
|
end
|
|
65
101
|
end
|
|
@@ -13,6 +13,8 @@ require 'sqreen/events/attack'
|
|
|
13
13
|
require 'sqreen/events/remote_exception'
|
|
14
14
|
require 'sqreen/mono_time'
|
|
15
15
|
require 'sqreen/deliveries/simple'
|
|
16
|
+
require 'sqreen/kit/signals/signal'
|
|
17
|
+
require 'sqreen/kit/signals/trace'
|
|
16
18
|
|
|
17
19
|
module Sqreen
|
|
18
20
|
module Deliveries
|
|
@@ -58,7 +60,7 @@ module Sqreen
|
|
|
58
60
|
def post_batch_needed?(event)
|
|
59
61
|
now = Sqreen.time
|
|
60
62
|
# do not use any? {} due to side effects inside block
|
|
61
|
-
event_keys(event).map do |key|
|
|
63
|
+
event_keys(event).uniq.map do |key|
|
|
62
64
|
was = @first_seen[key]
|
|
63
65
|
@first_seen[key] ||= now
|
|
64
66
|
was.nil? || current_batch.size > max_batch || now > (was + max_staleness)
|
|
@@ -86,6 +88,7 @@ module Sqreen
|
|
|
86
88
|
res += event.observed.fetch(:sdk, []).select { |e|
|
|
87
89
|
e[0] == :track
|
|
88
90
|
}.map { |e| "sdk-track".freeze }
|
|
91
|
+
res += event.observed.fetch(:signals, []).map { "signal".freeze }
|
|
89
92
|
return res
|
|
90
93
|
end
|
|
91
94
|
|
|
@@ -97,6 +100,10 @@ module Sqreen
|
|
|
97
100
|
"rex-#{event.klass}"
|
|
98
101
|
when Sqreen::AggregatedMetric
|
|
99
102
|
"agg-metric"
|
|
103
|
+
when Sqreen::Kit::Signals::Signal
|
|
104
|
+
"signal"
|
|
105
|
+
when Sqreen::Kit::Signals::Trace
|
|
106
|
+
"signal"
|
|
100
107
|
end
|
|
101
108
|
end
|
|
102
109
|
end
|
|
@@ -25,6 +25,14 @@ module Sqreen
|
|
|
25
25
|
end
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
+
def to_app_hook_strategy
|
|
29
|
+
if Sqreen::Dependency::NewRelic.bundled? || Sqreen::Dependency::NewRelic.required?
|
|
30
|
+
:chain
|
|
31
|
+
else
|
|
32
|
+
:prepend
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
28
36
|
def hook(&block)
|
|
29
37
|
Sqreen.log.debug "[#{Process.pid}] Startup command: #{$0}"
|
|
30
38
|
|
|
@@ -34,7 +42,7 @@ module Sqreen
|
|
|
34
42
|
Sqreen::Dependency::Rails.insert_sqreen_middlewares
|
|
35
43
|
end if Sqreen::Dependency::Rails.required?
|
|
36
44
|
|
|
37
|
-
Sqreen::Graft::Hook.add('Rack::Builder#to_app') do
|
|
45
|
+
Sqreen::Graft::Hook.add('Rack::Builder#to_app', to_app_hook_strategy) do
|
|
38
46
|
after do
|
|
39
47
|
Sqreen::Dependency::Rails.inspect_middlewares
|
|
40
48
|
end
|
|
@@ -48,7 +56,7 @@ module Sqreen
|
|
|
48
56
|
end
|
|
49
57
|
end.install if Sqreen::Dependency::Sinatra.required?
|
|
50
58
|
|
|
51
|
-
Sqreen::Graft::Hook.add('Rack::Builder#to_app') do
|
|
59
|
+
Sqreen::Graft::Hook.add('Rack::Builder#to_app', to_app_hook_strategy) do
|
|
52
60
|
after do |call|
|
|
53
61
|
builder = call.instance
|
|
54
62
|
|
|
@@ -58,7 +66,7 @@ module Sqreen
|
|
|
58
66
|
|
|
59
67
|
# ensure startup of thread in request handling processes
|
|
60
68
|
|
|
61
|
-
Sqreen::Graft::Hook.add('Rack::Builder#to_app') do
|
|
69
|
+
Sqreen::Graft::Hook.add('Rack::Builder#to_app', to_app_hook_strategy) do
|
|
62
70
|
after do |call|
|
|
63
71
|
callback = call.callback
|
|
64
72
|
|
|
@@ -8,8 +8,17 @@ module Sqreen
|
|
|
8
8
|
module NewRelic
|
|
9
9
|
module_function
|
|
10
10
|
|
|
11
|
+
def bundled?
|
|
12
|
+
defined?(Gem) && Gem.respond_to?(:loaded_specs) && !Gem.loaded_specs['newrelic_rpm'].nil?
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def required?
|
|
16
|
+
Sqreen::Dependency.const_exist?('NewRelic::Agent::Agent')
|
|
17
|
+
end
|
|
18
|
+
|
|
11
19
|
def ignore_sqreen_exceptions
|
|
12
|
-
return unless
|
|
20
|
+
return unless required?
|
|
21
|
+
|
|
13
22
|
NewRelic::Agent::Agent.instance.error_collector.ignore(['Sqreen::AttackBlocked'])
|
|
14
23
|
rescue ::Exception => e # rubocop:disable Lint/RescueException
|
|
15
24
|
Sqreen.log.warn "Failed ignoring AttackBlocked on NewRelic: #{e.inspect}"
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
5
|
+
|
|
6
|
+
require 'sqreen/log/loggable'
|
|
7
|
+
|
|
8
|
+
module Sqreen
|
|
9
|
+
module Deprecation
|
|
10
|
+
include Sqreen::Log::Loggable
|
|
11
|
+
|
|
12
|
+
module_function
|
|
13
|
+
|
|
14
|
+
def deprecate(method)
|
|
15
|
+
return unless ENV['SQREEN_DEBUG_DEPRECATION']
|
|
16
|
+
|
|
17
|
+
owner = method.owner
|
|
18
|
+
deprecated = :"_deprecated_#{method.name}"
|
|
19
|
+
klass = owner.is_a?(Module)
|
|
20
|
+
target = klass ? owner.to_s : owner.class.to_s
|
|
21
|
+
|
|
22
|
+
method.owner.instance_eval do
|
|
23
|
+
alias_method deprecated, method.name
|
|
24
|
+
|
|
25
|
+
define_method(method.name) do |*args, &block|
|
|
26
|
+
msg = [
|
|
27
|
+
"deprecation",
|
|
28
|
+
"target:#{target}",
|
|
29
|
+
"method:#{method.name}",
|
|
30
|
+
"caller:#{Kernel.caller_locations[0]}",
|
|
31
|
+
].join(' ')
|
|
32
|
+
Sqreen::Deprecation.logger.info(msg)
|
|
33
|
+
send(deprecated, *args, &block)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
require 'securerandom'
|
|
2
|
+
require 'sqreen/ecosystem/module_registry'
|
|
3
|
+
require 'sqreen/ecosystem/tracing/sampling_configuration'
|
|
4
|
+
require 'sqreen/ecosystem/transaction_storage'
|
|
5
|
+
require 'sqreen/ecosystem/tracing_broker'
|
|
6
|
+
require 'sqreen/ecosystem/tracing_id_setup'
|
|
7
|
+
require 'sqreen/ecosystem/module_api/message_producer'
|
|
8
|
+
require 'sqreen/ecosystem/module_api/tracing_id_generation'
|
|
9
|
+
require 'sqreen/ecosystem/module_api/tracing'
|
|
10
|
+
|
|
11
|
+
module Sqreen
|
|
12
|
+
# The API for the ecosystem client (together with the dispatch table)
|
|
13
|
+
module Ecosystem
|
|
14
|
+
class << self
|
|
15
|
+
def init(opts = {})
|
|
16
|
+
@registry = ModuleRegistry.new
|
|
17
|
+
register_modules(opts[:modules])
|
|
18
|
+
@registry.init_all
|
|
19
|
+
|
|
20
|
+
# setup tracing generation
|
|
21
|
+
tracing_id_mods = @registry.module_subset(ModuleApi::TracingIdGeneration)
|
|
22
|
+
@tracing_id_setup = TracingIdSetup.new(tracing_id_mods)
|
|
23
|
+
@tracing_id_setup.setup_modules
|
|
24
|
+
|
|
25
|
+
# configure tracing broker with the consumers (tracing modules)
|
|
26
|
+
tracing_modules = @registry.module_subset(ModuleApi::Tracing)
|
|
27
|
+
@tracing_broker = TracingBroker.new(tracing_modules)
|
|
28
|
+
|
|
29
|
+
# inject tracing broker in message producers
|
|
30
|
+
@registry.each_module(ModuleApi::MessageProducer) do |mod|
|
|
31
|
+
mod.tracing_broker = @tracing_broker
|
|
32
|
+
end
|
|
33
|
+
rescue ::Exception # rubocop:disable Lint/RescueException
|
|
34
|
+
# TODO: modules must be disabled at this point
|
|
35
|
+
raise
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def reset
|
|
39
|
+
instance_variables.each do |ia|
|
|
40
|
+
instance_variable_set(ia, nil)
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
# To be called by the Ecosystem client when a new transaction
|
|
45
|
+
# (generally: request) is started
|
|
46
|
+
# In the future, it's intended that request end/start detection be handled
|
|
47
|
+
# by the Ecosystem itself, so control will flow in the other direction,
|
|
48
|
+
# from the ecosystem to its client
|
|
49
|
+
def start_transaction
|
|
50
|
+
TransactionStorage.create_thread_local
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def end_transaction
|
|
54
|
+
TransactionStorage.destroy_thread_local
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# @param [String] tracing_id_prefix
|
|
58
|
+
# @param [Array<Hash{String=>Object}>] sampling_config
|
|
59
|
+
def configure_sampling(tracing_id_prefix, sampling_config)
|
|
60
|
+
@tracing_id_setup.tracing_id_prefix = tracing_id_prefix
|
|
61
|
+
built_samp_cfg = Tracing::SamplingConfiguration.new(sampling_config)
|
|
62
|
+
@tracing_broker.sampling_configuration = built_samp_cfg
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
private
|
|
66
|
+
|
|
67
|
+
def register_modules(modules)
|
|
68
|
+
return register_all_modules unless modules
|
|
69
|
+
|
|
70
|
+
modules.each { |mod| register mod }
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def register_all_modules
|
|
74
|
+
# replace with something more magical?
|
|
75
|
+
require_relative 'ecosystem/http/rack_request'
|
|
76
|
+
register Http::RackRequest.new
|
|
77
|
+
|
|
78
|
+
require_relative 'ecosystem/http/net_http'
|
|
79
|
+
register Http::NetHttp.new
|
|
80
|
+
|
|
81
|
+
require_relative 'ecosystem/databases/postgres'
|
|
82
|
+
register Databases::Postgres.new
|
|
83
|
+
|
|
84
|
+
require_relative 'ecosystem/databases/mysql'
|
|
85
|
+
register Databases::Mysql.new
|
|
86
|
+
|
|
87
|
+
require_relative 'ecosystem/databases/mongo'
|
|
88
|
+
register Databases::Mongo.new
|
|
89
|
+
|
|
90
|
+
require_relative 'ecosystem/databases/redis'
|
|
91
|
+
register Databases::Redis.new
|
|
92
|
+
|
|
93
|
+
require_relative 'ecosystem/messaging/sqs'
|
|
94
|
+
register Messaging::Sqs.new
|
|
95
|
+
|
|
96
|
+
require_relative 'ecosystem/messaging/kinesis'
|
|
97
|
+
register Messaging::Kinesis.new
|
|
98
|
+
|
|
99
|
+
require_relative 'ecosystem/messaging/bunny'
|
|
100
|
+
register Messaging::Bunny.new
|
|
101
|
+
|
|
102
|
+
require_relative 'ecosystem/messaging/kafka'
|
|
103
|
+
register Messaging::Kafka.new
|
|
104
|
+
|
|
105
|
+
require_relative 'ecosystem/tracing/modules/client'
|
|
106
|
+
register Tracing::Modules::Client.new
|
|
107
|
+
|
|
108
|
+
require_relative 'ecosystem/tracing/modules/server'
|
|
109
|
+
register Tracing::Modules::Server.new
|
|
110
|
+
|
|
111
|
+
require_relative 'ecosystem/tracing/modules/producer'
|
|
112
|
+
register Tracing::Modules::Producer.new
|
|
113
|
+
|
|
114
|
+
require_relative 'ecosystem/tracing/modules/consumer'
|
|
115
|
+
register Tracing::Modules::Consumer.new
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
def register(mod)
|
|
119
|
+
@registry.register mod
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
end
|