sqreen 1.20.0-java → 1.21.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +37 -0
- data/lib/sqreen/actions/block_user.rb +1 -1
- data/lib/sqreen/actions/redirect_ip.rb +1 -1
- data/lib/sqreen/actions/redirect_user.rb +1 -1
- data/lib/sqreen/agent_message.rb +20 -0
- data/lib/sqreen/attack_detected.html +1 -2
- data/lib/sqreen/ca.crt +24 -0
- data/lib/sqreen/condition_evaluator.rb +8 -2
- data/lib/sqreen/configuration.rb +5 -3
- data/lib/sqreen/deferred_logger.rb +50 -14
- data/lib/sqreen/deliveries/batch.rb +8 -1
- data/lib/sqreen/dependency/detector.rb +11 -3
- data/lib/sqreen/dependency/new_relic.rb +10 -1
- data/lib/sqreen/deprecation.rb +38 -0
- data/lib/sqreen/ecosystem.rb +123 -0
- data/lib/sqreen/ecosystem/databases/database_connection_data.rb +23 -0
- data/lib/sqreen/ecosystem/databases/mongo.rb +39 -0
- data/lib/sqreen/ecosystem/databases/mysql.rb +54 -0
- data/lib/sqreen/ecosystem/databases/postgres.rb +51 -0
- data/lib/sqreen/ecosystem/databases/redis.rb +36 -0
- data/lib/sqreen/ecosystem/dispatch_table.rb +43 -0
- data/lib/sqreen/ecosystem/exception_reporting.rb +28 -0
- data/lib/sqreen/ecosystem/http/net_http.rb +50 -0
- data/lib/sqreen/ecosystem/http/rack_request.rb +39 -0
- data/lib/sqreen/ecosystem/loggable.rb +13 -0
- data/lib/sqreen/ecosystem/messaging/bunny.rb +61 -0
- data/lib/sqreen/ecosystem/messaging/kafka.rb +70 -0
- data/lib/sqreen/ecosystem/messaging/kinesis.rb +66 -0
- data/lib/sqreen/ecosystem/messaging/sqs.rb +68 -0
- data/lib/sqreen/ecosystem/module_api.rb +30 -0
- data/lib/sqreen/ecosystem/module_api/event_listener.rb +18 -0
- data/lib/sqreen/ecosystem/module_api/instrumentation.rb +23 -0
- data/lib/sqreen/ecosystem/module_api/message_producer.rb +57 -0
- data/lib/sqreen/ecosystem/module_api/signal_producer.rb +24 -0
- data/lib/sqreen/ecosystem/module_api/tracing.rb +45 -0
- data/lib/sqreen/ecosystem/module_api/tracing/client_data.rb +31 -0
- data/lib/sqreen/ecosystem/module_api/tracing/consumer_data.rb +13 -0
- data/lib/sqreen/ecosystem/module_api/tracing/messaging_data.rb +35 -0
- data/lib/sqreen/ecosystem/module_api/tracing/producer_data.rb +13 -0
- data/lib/sqreen/ecosystem/module_api/tracing/server_data.rb +27 -0
- data/lib/sqreen/ecosystem/module_api/tracing_id_generation.rb +16 -0
- data/lib/sqreen/ecosystem/module_api/transaction_storage.rb +71 -0
- data/lib/sqreen/ecosystem/module_registry.rb +48 -0
- data/lib/sqreen/ecosystem/tracing/modules/client.rb +35 -0
- data/lib/sqreen/ecosystem/tracing/modules/consumer.rb +35 -0
- data/lib/sqreen/ecosystem/tracing/modules/determine_ip.rb +28 -0
- data/lib/sqreen/ecosystem/tracing/modules/producer.rb +35 -0
- data/lib/sqreen/ecosystem/tracing/modules/server.rb +30 -0
- data/lib/sqreen/ecosystem/tracing/sampler.rb +160 -0
- data/lib/sqreen/ecosystem/tracing/sampling_configuration.rb +150 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_client.rb +53 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_consumer.rb +56 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_producer.rb +56 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_server.rb +53 -0
- data/lib/sqreen/ecosystem/tracing_broker.rb +101 -0
- data/lib/sqreen/ecosystem/tracing_id_setup.rb +34 -0
- data/lib/sqreen/ecosystem/transaction_storage.rb +64 -0
- data/lib/sqreen/ecosystem/util/call_writers_from_init.rb +13 -0
- data/lib/sqreen/ecosystem_integration.rb +81 -0
- data/lib/sqreen/ecosystem_integration/around_callbacks.rb +89 -0
- data/lib/sqreen/ecosystem_integration/instrumentation_service.rb +38 -0
- data/lib/sqreen/ecosystem_integration/request_lifecycle_tracking.rb +58 -0
- data/lib/sqreen/ecosystem_integration/signal_consumption.rb +35 -0
- data/lib/sqreen/endpoint_testing.rb +184 -0
- data/lib/sqreen/events/request_record.rb +0 -1
- data/lib/sqreen/frameworks/generic.rb +24 -1
- data/lib/sqreen/frameworks/rails.rb +0 -7
- data/lib/sqreen/frameworks/request_recorder.rb +2 -0
- data/lib/sqreen/graft/call.rb +85 -18
- data/lib/sqreen/graft/callback.rb +1 -1
- data/lib/sqreen/graft/hook.rb +192 -88
- data/lib/sqreen/graft/hook_point.rb +18 -11
- data/lib/sqreen/kit/signals/specialized/sqreen_exception.rb +2 -0
- data/lib/sqreen/legacy/instrumentation.rb +22 -10
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +9 -2
- data/lib/sqreen/log.rb +3 -2
- data/lib/sqreen/log/loggable.rb +2 -1
- data/lib/sqreen/logger.rb +24 -0
- data/lib/sqreen/metrics_store.rb +11 -0
- data/lib/sqreen/null_logger.rb +22 -0
- data/lib/sqreen/remote_command.rb +4 -0
- data/lib/sqreen/rules.rb +8 -4
- data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -2
- data/lib/sqreen/rules/custom_error_cb.rb +3 -3
- data/lib/sqreen/rules/rule_cb.rb +2 -0
- data/lib/sqreen/rules/waf_cb.rb +3 -3
- data/lib/sqreen/runner.rb +83 -14
- data/lib/sqreen/session.rb +19 -11
- data/lib/sqreen/signals/conversions.rb +6 -1
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/budget.rb +46 -0
- data/lib/sqreen/weave/legacy/instrumentation.rb +194 -103
- data/lib/sqreen/worker.rb +6 -2
- metadata +58 -6
- data/lib/sqreen/encoding_sanitizer.rb +0 -27
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA1:
|
|
3
|
+
metadata.gz: 7da0143942d8b7ab1904204694ff425b28063c4a
|
|
4
|
+
data.tar.gz: 9c18ce7181ba9e6d059f7265108fa1abbc8d9c99
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 54eba17e83cb41dd546c16caa7543da24b72b7c2768e782a667278a0ce7d07c18cbd6477fa72f71530e0fe34cf64e1a691ed179a6c07c9d883030560791f7659
|
|
7
|
+
data.tar.gz: 3e716230761babffbe1abe97d18062887ea371800d98c5a6a85a92970c61b59cf7d2ca2d99f3947be54b1e6ef99ed19e557b8c39a662bdaeefaebec8e148f937
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,40 @@
|
|
|
1
|
+
## 1.21.1
|
|
2
|
+
|
|
3
|
+
* Work around NewRelic initialisation (see https://github.com/newrelic/newrelic-ruby-agent/issues/461)
|
|
4
|
+
|
|
5
|
+
## 1.21.0
|
|
6
|
+
|
|
7
|
+
* Add support for transport and tracing facilities
|
|
8
|
+
|
|
9
|
+
## 1.20.4
|
|
10
|
+
|
|
11
|
+
* Fix missing budget check
|
|
12
|
+
* Improve performance
|
|
13
|
+
* Align internal setting name for WAF
|
|
14
|
+
* Include response information in all payloads
|
|
15
|
+
* Improve robustness against invalid Unicode
|
|
16
|
+
* Prevent rule execution to pursue in early block cases
|
|
17
|
+
|
|
18
|
+
## 1.20.4.beta1
|
|
19
|
+
|
|
20
|
+
* Add optional dynamic time budget
|
|
21
|
+
* Add advanced per request metrics
|
|
22
|
+
* Improve robustness against exception in instrumentation
|
|
23
|
+
* Improve metric engine thread safety
|
|
24
|
+
* Restrict deferred logger to final logger severity on agent boot
|
|
25
|
+
|
|
26
|
+
## 1.20.3
|
|
27
|
+
|
|
28
|
+
* Fix signature check
|
|
29
|
+
|
|
30
|
+
## 1.20.2
|
|
31
|
+
|
|
32
|
+
* Fix performance regression in instrumentation engine
|
|
33
|
+
|
|
34
|
+
## 1.20.1
|
|
35
|
+
|
|
36
|
+
* Add fallback mechanisms when connecting to new Sqreen backend API domains
|
|
37
|
+
|
|
1
38
|
## 1.20.0
|
|
2
39
|
|
|
3
40
|
* Enable new instrumentation engine by default
|
|
@@ -24,7 +24,7 @@ module Sqreen
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def do_run(identity_params)
|
|
27
|
-
Sqreen.log.
|
|
27
|
+
Sqreen.log.debug 'Will request redirect for user with identity ' \
|
|
28
28
|
"#{identity_params} (action: #{id})."
|
|
29
29
|
|
|
30
30
|
e = Sqreen::AttackBlocked.new(
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
require 'digest'
|
|
2
|
+
|
|
3
|
+
module Sqreen
|
|
4
|
+
class AgentMessage
|
|
5
|
+
def initialize(kind, message, id = nil)
|
|
6
|
+
id ||= message + "\x00" + kind
|
|
7
|
+
@hash_hex = Digest::SHA1.hexdigest(id)
|
|
8
|
+
@kind = kind
|
|
9
|
+
@message = message
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def to_h
|
|
13
|
+
{
|
|
14
|
+
id: @hash_hex,
|
|
15
|
+
kind: @kind,
|
|
16
|
+
message: @message,
|
|
17
|
+
}
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
@@ -1,2 +1 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
<!-- Sorry, you’ve been blocked --><!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>You've been blocked</title><style>a,body,div,h1,html,span{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}body{background:-webkit-radial-gradient(26% 19%,circle,#fff,#f4f7f9);background:radial-gradient(circle at 26% 19%,#fff,#f4f7f9);display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;width:100%;min-height:100vh;line-height:1;flex-direction:column}h1,p,svg{display:block}svg{margin:0 auto 4vh}main{text-align:center;flex:1;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;flex-direction:column}h1{font-family:sans-serif;font-weight:600;font-size:34px;color:#1e0936;line-height:1.2}p{font-size:18px;line-height:normal;color:#646464;font-family:sans-serif;font-weight:400}a{color:#4842b7}footer{width:100%;text-align:center}footer p{font-size:16px}</style></head><body><main><svg width="170px" height="193px" viewBox="0 0 170 193" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" aria-hidden="true"><g id="exports" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd"><g id="Artboard" transform="translate(-186.000000, -189.000000)"><g id="logo-cmyk-indigo" transform="translate(186.000000, 189.000000)"><g id="nest-cmyk-indigo"><ellipse id="sqreen" fill="#B0ACFF" cx="85" cy="96.5" rx="45.7692308" ry="45.7966102"></ellipse><path d="M78.4615385,175.749389 L78.4615385,102.2092 L13.1398162,64.4731256 L13.1398162,129.181112 L36.352167,115.771438 C37.9764468,119.873152 40.1038639,123.720553 42.6582364,127.237412 L18.5723996,141.151695 L78.4615385,175.749389 Z M91.5384615,175.749389 L151.4276,141.151695 L127.341764,127.237412 C129.896136,123.720553 132.023553,119.873152 133.647833,115.771438 L156.860184,129.181112 L156.860184,64.4731256 L91.5384615,102.2092 L91.5384615,175.749389 Z M18.0061522,52.1754237 L85,90.8774777 L151.993848,52.1754237 L91.5384615,17.2506105 L91.5384615,44.565949 C89.3964992,44.2986903 87.2143177,44.1610169 85,44.1610169 C82.7856823,44.1610169 80.6035008,44.2986903 78.4615385,44.565949 L78.4615385,17.2506105 L18.0061522,52.1754237 Z M90.8846156,1.76392358 L164.052491,44.0326866 C167.693904,46.1363149 169.937107,50.0239804 169.937107,54.231237 L169.937107,138.768763 C169.937107,142.97602 167.693904,146.863685 164.052491,148.967313 L90.8846156,191.236076 C87.2432028,193.339705 82.7567972,193.339705 79.1153844,191.236076 L5.94750871,148.967313 C2.30609589,146.863685 0.0628930904,142.97602 0.0628930904,138.768763 L0.0628930904,54.231237 C0.0628930904,50.0239804 2.30609589,46.1363149 5.94750871,44.0326866 L79.1153844,1.76392358 C82.7567972,-0.339704735 87.2432028,-0.339704735 90.8846156,1.76392358 Z" id="app" fill="#4842B7"></path></g></g></g></g></svg><h1>Sorry, you've been blocked</h1><p>Contact the website owner</p></main><footer><p>Security provided by <a href="https://www.sqreen.com/?utm_medium=block_page" target="_blank">Sqreen</a></p></footer></body></html>
|
data/lib/sqreen/ca.crt
CHANGED
|
@@ -70,3 +70,27 @@ WE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiCKm0oHw0LxOXnGiYZ
|
|
|
70
70
|
4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vEZV8N
|
|
71
71
|
hnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
|
|
72
72
|
-----END CERTIFICATE-----
|
|
73
|
+
-----BEGIN CERTIFICATE-----
|
|
74
|
+
MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx
|
|
75
|
+
EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT
|
|
76
|
+
HFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs
|
|
77
|
+
ZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
|
|
78
|
+
MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD
|
|
79
|
+
VQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy
|
|
80
|
+
ZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy
|
|
81
|
+
dmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
|
|
82
|
+
hvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p
|
|
83
|
+
OsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2
|
|
84
|
+
8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K
|
|
85
|
+
Ts9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe
|
|
86
|
+
hRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk
|
|
87
|
+
6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw
|
|
88
|
+
DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q
|
|
89
|
+
AdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI
|
|
90
|
+
bw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB
|
|
91
|
+
ve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z
|
|
92
|
+
qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
|
|
93
|
+
iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn
|
|
94
|
+
0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN
|
|
95
|
+
sSi6
|
|
96
|
+
-----END CERTIFICATE-----
|
|
@@ -67,7 +67,7 @@ module Sqreen
|
|
|
67
67
|
return true if rem <= 0
|
|
68
68
|
if hash.is_a?(Array)
|
|
69
69
|
return hash.any? do |v|
|
|
70
|
-
|
|
70
|
+
hash_key_include?(values, v, min_value_size, rem - 1)
|
|
71
71
|
end
|
|
72
72
|
end
|
|
73
73
|
|
|
@@ -81,7 +81,13 @@ module Sqreen
|
|
|
81
81
|
if hkey.respond_to?(:empty?) && hkey.empty?
|
|
82
82
|
false
|
|
83
83
|
else
|
|
84
|
-
|
|
84
|
+
key_incl = if values.is_a?(String)
|
|
85
|
+
str_include?(values, hkey.to_s)
|
|
86
|
+
else
|
|
87
|
+
values.include?(hkey.to_s)
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
key_incl || hash_key_include?(values, hval, min_value_size, rem - 1)
|
|
85
91
|
end
|
|
86
92
|
end
|
|
87
93
|
end
|
data/lib/sqreen/configuration.rb
CHANGED
|
@@ -43,9 +43,9 @@ module Sqreen
|
|
|
43
43
|
{ :env => :SQREEN_WEAVE_STRATEGY, :name => :weave_strategy,
|
|
44
44
|
:default => :prepend, :convert => :to_sym },
|
|
45
45
|
{ :env => :SQREEN_URL, :name => :url,
|
|
46
|
-
:default =>
|
|
46
|
+
:default => nil },
|
|
47
47
|
{ :env => :SQREEN_INGESTION_URL, :name => :ingestion_url,
|
|
48
|
-
:default =>
|
|
48
|
+
:default => nil },
|
|
49
49
|
{ :env => :SQREEN_PROXY_URL, :name => :proxy_url,
|
|
50
50
|
:default => nil },
|
|
51
51
|
{ :env => :SQREEN_TOKEN, :name => :token,
|
|
@@ -57,7 +57,7 @@ module Sqreen
|
|
|
57
57
|
{ :env => :SQREEN_RULES_SIGNATURE, :name => :rules_verify_signature,
|
|
58
58
|
:default => true },
|
|
59
59
|
{ :env => :SQREEN_LOG_LEVEL, :name => :log_level,
|
|
60
|
-
:default => '
|
|
60
|
+
:default => 'INFO', :choice => %w[UNKNOWN FATAL ERROR WARN INFO DEBUG] },
|
|
61
61
|
{ :env => :SQREEN_LOG_LOCATION, :name => :log_location,
|
|
62
62
|
:default => 'log/sqreen.log' },
|
|
63
63
|
{ :env => :SQREEN_RUN_IN_TEST, :name => :run_in_test,
|
|
@@ -78,6 +78,8 @@ module Sqreen
|
|
|
78
78
|
:default => nil },
|
|
79
79
|
{ :env => :SQREEN_STRIP_SENSITIVE_REGEX, :name => :strip_sensitive_regex,
|
|
80
80
|
:default => nil },
|
|
81
|
+
{ :env => :SQREEN_NO_SNIFF_DOMAINS, :name => :no_sniff_domains,
|
|
82
|
+
:default => false },
|
|
81
83
|
|
|
82
84
|
].freeze
|
|
83
85
|
|
|
@@ -9,35 +9,70 @@ require 'sqreen/logger'
|
|
|
9
9
|
|
|
10
10
|
module Sqreen
|
|
11
11
|
class DeferredLogger
|
|
12
|
-
|
|
12
|
+
MAX_ENTRIES = 1000
|
|
13
|
+
|
|
14
|
+
Entry = Struct.new(:severity, :message)
|
|
13
15
|
|
|
14
16
|
def initialize
|
|
15
17
|
@buffer = StringIO.new
|
|
16
18
|
@logger = ::Logger.new(@buffer)
|
|
19
|
+
@entries = []
|
|
20
|
+
@mutex = Mutex.new
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def debug?
|
|
24
|
+
true
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def info?
|
|
28
|
+
true
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
def warn?
|
|
32
|
+
true
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def error?
|
|
36
|
+
true
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def fatal?
|
|
40
|
+
true
|
|
17
41
|
end
|
|
18
42
|
|
|
19
43
|
def debug(msg = nil, &block)
|
|
20
|
-
|
|
44
|
+
add(::Logger::DEBUG, msg, &block)
|
|
21
45
|
end
|
|
22
46
|
|
|
23
47
|
def info(msg = nil, &block)
|
|
24
|
-
|
|
48
|
+
add(::Logger::INFO, msg, &block)
|
|
25
49
|
end
|
|
26
50
|
|
|
27
51
|
def warn(msg = nil, &block)
|
|
28
|
-
|
|
52
|
+
add(::Logger::WARN, msg, &block)
|
|
29
53
|
end
|
|
30
54
|
|
|
31
55
|
def error(msg = nil, &block)
|
|
32
|
-
|
|
56
|
+
add(::Logger::ERROR, msg, &block)
|
|
33
57
|
end
|
|
34
58
|
|
|
35
59
|
def fatal(msg = nil, &block)
|
|
36
|
-
|
|
60
|
+
add(::Logger::FATAL, msg, &block)
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
def unknown(msg = nil, &block)
|
|
64
|
+
add(::Logger::UNKNOWN, msg, &block)
|
|
37
65
|
end
|
|
38
66
|
|
|
39
67
|
def add(severity, msg = nil, &block)
|
|
40
|
-
|
|
68
|
+
@mutex.synchronize do
|
|
69
|
+
@entries.shift if @entries.count >= MAX_ENTRIES
|
|
70
|
+
mark = @buffer.pos
|
|
71
|
+
@logger.add(severity, msg, &block)
|
|
72
|
+
@buffer.seek(mark)
|
|
73
|
+
@entries << Entry.new(severity, @buffer.read)
|
|
74
|
+
@buffer.truncate(0)
|
|
75
|
+
end
|
|
41
76
|
end
|
|
42
77
|
|
|
43
78
|
def formatter=(value)
|
|
@@ -45,21 +80,22 @@ module Sqreen
|
|
|
45
80
|
end
|
|
46
81
|
|
|
47
82
|
def flush_to(logger)
|
|
48
|
-
|
|
83
|
+
@mutex.synchronize do
|
|
84
|
+
@entries.each do |entry|
|
|
85
|
+
next if entry.severity < logger.level
|
|
86
|
+
logger.instance_eval { @logdev }.write(entry.message)
|
|
87
|
+
end
|
|
88
|
+
reset
|
|
89
|
+
end
|
|
49
90
|
end
|
|
50
91
|
|
|
51
92
|
private
|
|
52
93
|
|
|
53
|
-
def read
|
|
54
|
-
@buffer.rewind
|
|
55
|
-
@buffer.read
|
|
56
|
-
end
|
|
57
|
-
|
|
58
94
|
def reset
|
|
59
95
|
buffer = StringIO.new
|
|
60
96
|
logger = ::Logger.new(buffer)
|
|
61
97
|
logger.formatter = @logger.formatter
|
|
62
|
-
@buffer, @logger = buffer, logger
|
|
98
|
+
@buffer, @logger, @entries = buffer, logger, []
|
|
63
99
|
end
|
|
64
100
|
end
|
|
65
101
|
end
|
|
@@ -13,6 +13,8 @@ require 'sqreen/events/attack'
|
|
|
13
13
|
require 'sqreen/events/remote_exception'
|
|
14
14
|
require 'sqreen/mono_time'
|
|
15
15
|
require 'sqreen/deliveries/simple'
|
|
16
|
+
require 'sqreen/kit/signals/signal'
|
|
17
|
+
require 'sqreen/kit/signals/trace'
|
|
16
18
|
|
|
17
19
|
module Sqreen
|
|
18
20
|
module Deliveries
|
|
@@ -58,7 +60,7 @@ module Sqreen
|
|
|
58
60
|
def post_batch_needed?(event)
|
|
59
61
|
now = Sqreen.time
|
|
60
62
|
# do not use any? {} due to side effects inside block
|
|
61
|
-
event_keys(event).map do |key|
|
|
63
|
+
event_keys(event).uniq.map do |key|
|
|
62
64
|
was = @first_seen[key]
|
|
63
65
|
@first_seen[key] ||= now
|
|
64
66
|
was.nil? || current_batch.size > max_batch || now > (was + max_staleness)
|
|
@@ -86,6 +88,7 @@ module Sqreen
|
|
|
86
88
|
res += event.observed.fetch(:sdk, []).select { |e|
|
|
87
89
|
e[0] == :track
|
|
88
90
|
}.map { |e| "sdk-track".freeze }
|
|
91
|
+
res += event.observed.fetch(:signals, []).map { "signal".freeze }
|
|
89
92
|
return res
|
|
90
93
|
end
|
|
91
94
|
|
|
@@ -97,6 +100,10 @@ module Sqreen
|
|
|
97
100
|
"rex-#{event.klass}"
|
|
98
101
|
when Sqreen::AggregatedMetric
|
|
99
102
|
"agg-metric"
|
|
103
|
+
when Sqreen::Kit::Signals::Signal
|
|
104
|
+
"signal"
|
|
105
|
+
when Sqreen::Kit::Signals::Trace
|
|
106
|
+
"signal"
|
|
100
107
|
end
|
|
101
108
|
end
|
|
102
109
|
end
|
|
@@ -25,6 +25,14 @@ module Sqreen
|
|
|
25
25
|
end
|
|
26
26
|
end
|
|
27
27
|
|
|
28
|
+
def to_app_hook_strategy
|
|
29
|
+
if Sqreen::Dependency::NewRelic.bundled? || Sqreen::Dependency::NewRelic.required?
|
|
30
|
+
:chain
|
|
31
|
+
else
|
|
32
|
+
:prepend
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
28
36
|
def hook(&block)
|
|
29
37
|
Sqreen.log.debug "[#{Process.pid}] Startup command: #{$0}"
|
|
30
38
|
|
|
@@ -34,7 +42,7 @@ module Sqreen
|
|
|
34
42
|
Sqreen::Dependency::Rails.insert_sqreen_middlewares
|
|
35
43
|
end if Sqreen::Dependency::Rails.required?
|
|
36
44
|
|
|
37
|
-
Sqreen::Graft::Hook.add('Rack::Builder#to_app') do
|
|
45
|
+
Sqreen::Graft::Hook.add('Rack::Builder#to_app', to_app_hook_strategy) do
|
|
38
46
|
after do
|
|
39
47
|
Sqreen::Dependency::Rails.inspect_middlewares
|
|
40
48
|
end
|
|
@@ -48,7 +56,7 @@ module Sqreen
|
|
|
48
56
|
end
|
|
49
57
|
end.install if Sqreen::Dependency::Sinatra.required?
|
|
50
58
|
|
|
51
|
-
Sqreen::Graft::Hook.add('Rack::Builder#to_app') do
|
|
59
|
+
Sqreen::Graft::Hook.add('Rack::Builder#to_app', to_app_hook_strategy) do
|
|
52
60
|
after do |call|
|
|
53
61
|
builder = call.instance
|
|
54
62
|
|
|
@@ -58,7 +66,7 @@ module Sqreen
|
|
|
58
66
|
|
|
59
67
|
# ensure startup of thread in request handling processes
|
|
60
68
|
|
|
61
|
-
Sqreen::Graft::Hook.add('Rack::Builder#to_app') do
|
|
69
|
+
Sqreen::Graft::Hook.add('Rack::Builder#to_app', to_app_hook_strategy) do
|
|
62
70
|
after do |call|
|
|
63
71
|
callback = call.callback
|
|
64
72
|
|
|
@@ -8,8 +8,17 @@ module Sqreen
|
|
|
8
8
|
module NewRelic
|
|
9
9
|
module_function
|
|
10
10
|
|
|
11
|
+
def bundled?
|
|
12
|
+
defined?(Gem) && Gem.respond_to?(:loaded_specs) && !Gem.loaded_specs['newrelic_rpm'].nil?
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def required?
|
|
16
|
+
Sqreen::Dependency.const_exist?('NewRelic::Agent::Agent')
|
|
17
|
+
end
|
|
18
|
+
|
|
11
19
|
def ignore_sqreen_exceptions
|
|
12
|
-
return unless
|
|
20
|
+
return unless required?
|
|
21
|
+
|
|
13
22
|
NewRelic::Agent::Agent.instance.error_collector.ignore(['Sqreen::AttackBlocked'])
|
|
14
23
|
rescue ::Exception => e # rubocop:disable Lint/RescueException
|
|
15
24
|
Sqreen.log.warn "Failed ignoring AttackBlocked on NewRelic: #{e.inspect}"
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# typed: strong
|
|
2
|
+
|
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
5
|
+
|
|
6
|
+
require 'sqreen/log/loggable'
|
|
7
|
+
|
|
8
|
+
module Sqreen
|
|
9
|
+
module Deprecation
|
|
10
|
+
include Sqreen::Log::Loggable
|
|
11
|
+
|
|
12
|
+
module_function
|
|
13
|
+
|
|
14
|
+
def deprecate(method)
|
|
15
|
+
return unless ENV['SQREEN_DEBUG_DEPRECATION']
|
|
16
|
+
|
|
17
|
+
owner = method.owner
|
|
18
|
+
deprecated = :"_deprecated_#{method.name}"
|
|
19
|
+
klass = owner.is_a?(Module)
|
|
20
|
+
target = klass ? owner.to_s : owner.class.to_s
|
|
21
|
+
|
|
22
|
+
method.owner.instance_eval do
|
|
23
|
+
alias_method deprecated, method.name
|
|
24
|
+
|
|
25
|
+
define_method(method.name) do |*args, &block|
|
|
26
|
+
msg = [
|
|
27
|
+
"deprecation",
|
|
28
|
+
"target:#{target}",
|
|
29
|
+
"method:#{method.name}",
|
|
30
|
+
"caller:#{Kernel.caller_locations[0]}",
|
|
31
|
+
].join(' ')
|
|
32
|
+
Sqreen::Deprecation.logger.info(msg)
|
|
33
|
+
send(deprecated, *args, &block)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
require 'securerandom'
|
|
2
|
+
require 'sqreen/ecosystem/module_registry'
|
|
3
|
+
require 'sqreen/ecosystem/tracing/sampling_configuration'
|
|
4
|
+
require 'sqreen/ecosystem/transaction_storage'
|
|
5
|
+
require 'sqreen/ecosystem/tracing_broker'
|
|
6
|
+
require 'sqreen/ecosystem/tracing_id_setup'
|
|
7
|
+
require 'sqreen/ecosystem/module_api/message_producer'
|
|
8
|
+
require 'sqreen/ecosystem/module_api/tracing_id_generation'
|
|
9
|
+
require 'sqreen/ecosystem/module_api/tracing'
|
|
10
|
+
|
|
11
|
+
module Sqreen
|
|
12
|
+
# The API for the ecosystem client (together with the dispatch table)
|
|
13
|
+
module Ecosystem
|
|
14
|
+
class << self
|
|
15
|
+
def init(opts = {})
|
|
16
|
+
@registry = ModuleRegistry.new
|
|
17
|
+
register_modules(opts[:modules])
|
|
18
|
+
@registry.init_all
|
|
19
|
+
|
|
20
|
+
# setup tracing generation
|
|
21
|
+
tracing_id_mods = @registry.module_subset(ModuleApi::TracingIdGeneration)
|
|
22
|
+
@tracing_id_setup = TracingIdSetup.new(tracing_id_mods)
|
|
23
|
+
@tracing_id_setup.setup_modules
|
|
24
|
+
|
|
25
|
+
# configure tracing broker with the consumers (tracing modules)
|
|
26
|
+
tracing_modules = @registry.module_subset(ModuleApi::Tracing)
|
|
27
|
+
@tracing_broker = TracingBroker.new(tracing_modules)
|
|
28
|
+
|
|
29
|
+
# inject tracing broker in message producers
|
|
30
|
+
@registry.each_module(ModuleApi::MessageProducer) do |mod|
|
|
31
|
+
mod.tracing_broker = @tracing_broker
|
|
32
|
+
end
|
|
33
|
+
rescue ::Exception # rubocop:disable Lint/RescueException
|
|
34
|
+
# TODO: modules must be disabled at this point
|
|
35
|
+
raise
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def reset
|
|
39
|
+
instance_variables.each do |ia|
|
|
40
|
+
instance_variable_set(ia, nil)
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
# To be called by the Ecosystem client when a new transaction
|
|
45
|
+
# (generally: request) is started
|
|
46
|
+
# In the future, it's intended that request end/start detection be handled
|
|
47
|
+
# by the Ecosystem itself, so control will flow in the other direction,
|
|
48
|
+
# from the ecosystem to its client
|
|
49
|
+
def start_transaction
|
|
50
|
+
TransactionStorage.create_thread_local
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def end_transaction
|
|
54
|
+
TransactionStorage.destroy_thread_local
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# @param [String] tracing_id_prefix
|
|
58
|
+
# @param [Array<Hash{String=>Object}>] sampling_config
|
|
59
|
+
def configure_sampling(tracing_id_prefix, sampling_config)
|
|
60
|
+
@tracing_id_setup.tracing_id_prefix = tracing_id_prefix
|
|
61
|
+
built_samp_cfg = Tracing::SamplingConfiguration.new(sampling_config)
|
|
62
|
+
@tracing_broker.sampling_configuration = built_samp_cfg
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
private
|
|
66
|
+
|
|
67
|
+
def register_modules(modules)
|
|
68
|
+
return register_all_modules unless modules
|
|
69
|
+
|
|
70
|
+
modules.each { |mod| register mod }
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def register_all_modules
|
|
74
|
+
# replace with something more magical?
|
|
75
|
+
require_relative 'ecosystem/http/rack_request'
|
|
76
|
+
register Http::RackRequest.new
|
|
77
|
+
|
|
78
|
+
require_relative 'ecosystem/http/net_http'
|
|
79
|
+
register Http::NetHttp.new
|
|
80
|
+
|
|
81
|
+
require_relative 'ecosystem/databases/postgres'
|
|
82
|
+
register Databases::Postgres.new
|
|
83
|
+
|
|
84
|
+
require_relative 'ecosystem/databases/mysql'
|
|
85
|
+
register Databases::Mysql.new
|
|
86
|
+
|
|
87
|
+
require_relative 'ecosystem/databases/mongo'
|
|
88
|
+
register Databases::Mongo.new
|
|
89
|
+
|
|
90
|
+
require_relative 'ecosystem/databases/redis'
|
|
91
|
+
register Databases::Redis.new
|
|
92
|
+
|
|
93
|
+
require_relative 'ecosystem/messaging/sqs'
|
|
94
|
+
register Messaging::Sqs.new
|
|
95
|
+
|
|
96
|
+
require_relative 'ecosystem/messaging/kinesis'
|
|
97
|
+
register Messaging::Kinesis.new
|
|
98
|
+
|
|
99
|
+
require_relative 'ecosystem/messaging/bunny'
|
|
100
|
+
register Messaging::Bunny.new
|
|
101
|
+
|
|
102
|
+
require_relative 'ecosystem/messaging/kafka'
|
|
103
|
+
register Messaging::Kafka.new
|
|
104
|
+
|
|
105
|
+
require_relative 'ecosystem/tracing/modules/client'
|
|
106
|
+
register Tracing::Modules::Client.new
|
|
107
|
+
|
|
108
|
+
require_relative 'ecosystem/tracing/modules/server'
|
|
109
|
+
register Tracing::Modules::Server.new
|
|
110
|
+
|
|
111
|
+
require_relative 'ecosystem/tracing/modules/producer'
|
|
112
|
+
register Tracing::Modules::Producer.new
|
|
113
|
+
|
|
114
|
+
require_relative 'ecosystem/tracing/modules/consumer'
|
|
115
|
+
register Tracing::Modules::Consumer.new
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
def register(mod)
|
|
119
|
+
@registry.register mod
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
end
|
|
123
|
+
end
|