sqreen 1.20.0 → 1.20.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -0
- data/lib/sqreen/actions/block_user.rb +1 -1
- data/lib/sqreen/actions/redirect_ip.rb +1 -1
- data/lib/sqreen/actions/redirect_user.rb +1 -1
- data/lib/sqreen/agent_message.rb +20 -0
- data/lib/sqreen/attack_detected.html +1 -2
- data/lib/sqreen/ca.crt +24 -0
- data/lib/sqreen/condition_evaluator.rb +8 -2
- data/lib/sqreen/configuration.rb +5 -3
- data/lib/sqreen/deferred_logger.rb +50 -14
- data/lib/sqreen/deprecation.rb +38 -0
- data/lib/sqreen/endpoint_testing.rb +184 -0
- data/lib/sqreen/events/request_record.rb +0 -1
- data/lib/sqreen/frameworks/generic.rb +9 -0
- data/lib/sqreen/frameworks/rails.rb +0 -7
- data/lib/sqreen/frameworks/request_recorder.rb +2 -0
- data/lib/sqreen/graft/call.rb +76 -18
- data/lib/sqreen/graft/callback.rb +1 -1
- data/lib/sqreen/graft/hook.rb +187 -85
- data/lib/sqreen/graft/hook_point.rb +1 -1
- data/lib/sqreen/legacy/instrumentation.rb +22 -10
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +2 -1
- data/lib/sqreen/log.rb +3 -2
- data/lib/sqreen/log/loggable.rb +2 -1
- data/lib/sqreen/logger.rb +24 -0
- data/lib/sqreen/metrics_store.rb +11 -0
- data/lib/sqreen/null_logger.rb +22 -0
- data/lib/sqreen/remote_command.rb +1 -0
- data/lib/sqreen/rules.rb +8 -4
- data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -2
- data/lib/sqreen/rules/custom_error_cb.rb +3 -3
- data/lib/sqreen/rules/rule_cb.rb +2 -0
- data/lib/sqreen/rules/waf_cb.rb +3 -3
- data/lib/sqreen/runner.rb +64 -9
- data/lib/sqreen/session.rb +17 -11
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/budget.rb +46 -0
- data/lib/sqreen/weave/legacy/instrumentation.rb +194 -103
- data/lib/sqreen/worker.rb +6 -2
- metadata +9 -7
- data/lib/sqreen/encoding_sanitizer.rb +0 -27
@@ -109,7 +109,7 @@ module Legacy
|
|
109
109
|
break if res.is_a?(Hash) && res[:skip_rem_cbs]
|
110
110
|
rescue StandardError => e
|
111
111
|
Sqreen.log.warn { "we catch an exception: #{e.inspect}" }
|
112
|
-
Sqreen.log.debug e.backtrace
|
112
|
+
Sqreen.log.debug { e.backtrace }
|
113
113
|
if cb.respond_to?(:record_exception)
|
114
114
|
cb.record_exception(e)
|
115
115
|
else
|
@@ -162,7 +162,7 @@ module Legacy
|
|
162
162
|
returns << res
|
163
163
|
rescue StandardError => e
|
164
164
|
Sqreen.log.warn { "we catch an exception: #{e.inspect}" }
|
165
|
-
Sqreen.log.debug e.backtrace
|
165
|
+
Sqreen.log.debug { e.backtrace }
|
166
166
|
if cb.respond_to?(:record_exception)
|
167
167
|
cb.record_exception(e)
|
168
168
|
else
|
@@ -597,16 +597,25 @@ module Legacy
|
|
597
597
|
method = cb.method
|
598
598
|
key = [klass, method]
|
599
599
|
|
600
|
+
if (call_count = ENV['SQREEN_DEBUG_CALL_COUNT'])
|
601
|
+
call_count = JSON.parse(call_count)
|
602
|
+
if cb.respond_to?(:rule_name) && call_count.key?(cb.rule_name)
|
603
|
+
count = call_count[cb.rule_name]
|
604
|
+
Sqreen.log.debug { "override rule:#{cb.rule_name} call_count:#{count.inspect}" }
|
605
|
+
cb.instance_eval { @call_count_interval = call_count[cb.rule_name] }
|
606
|
+
end
|
607
|
+
end
|
608
|
+
|
600
609
|
@@record_request_hookpoints << key if cb.is_a?(Sqreen::Rules::RecordRequestContext)
|
601
610
|
|
602
611
|
already_overriden = @@overriden_methods.include? key
|
603
612
|
|
604
613
|
if !already_overriden
|
605
614
|
if is_class_method?(klass, method)
|
606
|
-
Sqreen.log.debug "overriding class method for #{cb}"
|
615
|
+
Sqreen.log.debug { "overriding class method for #{cb}" }
|
607
616
|
success = override_class_method(klass, method)
|
608
617
|
elsif is_instance_method?(klass, method)
|
609
|
-
Sqreen.log.debug "overriding instance method for #{cb}"
|
618
|
+
Sqreen.log.debug { "overriding instance method for #{cb}" }
|
610
619
|
success = override_instance_method(klass, method)
|
611
620
|
else
|
612
621
|
# FIXME: Override define_method and other dynamic ways to
|
@@ -623,7 +632,7 @@ module Legacy
|
|
623
632
|
|
624
633
|
@@overriden_methods += [key] if success
|
625
634
|
else
|
626
|
-
Sqreen.log.debug "#{key} was already overriden"
|
635
|
+
Sqreen.log.debug { "#{key} was already overriden" }
|
627
636
|
end
|
628
637
|
|
629
638
|
if klass != Object && klass != Kernel && !Sqreen.features['instrument_all_instances'] && !defined?(::JRUBY_VERSION)
|
@@ -638,7 +647,7 @@ module Legacy
|
|
638
647
|
end
|
639
648
|
end
|
640
649
|
|
641
|
-
Sqreen.log.debug "Adding callback #{cb} for #{klass} #{method}"
|
650
|
+
Sqreen.log.debug { "Adding callback #{cb} for #{klass} #{method}" }
|
642
651
|
@@registered_callbacks.add(cb)
|
643
652
|
@@unovertimable_hookpoints << key unless cb.overtimeable
|
644
653
|
@@instrumented_pid = Process.pid
|
@@ -659,7 +668,7 @@ module Legacy
|
|
659
668
|
|
660
669
|
already_overriden = @@overriden_methods.include? key
|
661
670
|
unless already_overriden
|
662
|
-
Sqreen.log.debug "#{key} apparently not overridden"
|
671
|
+
Sqreen.log.debug { "#{key} apparently not overridden" }
|
663
672
|
end
|
664
673
|
|
665
674
|
defined_cbs = @@registered_callbacks.get(klass, method).flatten
|
@@ -667,17 +676,17 @@ module Legacy
|
|
667
676
|
nb_removed = 0
|
668
677
|
defined_cbs.each do |found_cb|
|
669
678
|
if found_cb == cb
|
670
|
-
Sqreen.log.debug "Removing callback #{found_cb}"
|
679
|
+
Sqreen.log.debug { "Removing callback #{found_cb}" }
|
671
680
|
@@registered_callbacks.remove(found_cb)
|
672
681
|
nb_removed += 1
|
673
682
|
else
|
674
|
-
Sqreen.log.debug "Not removing callback #{found_cb} (remains #{defined_cbs.size} cbs)"
|
683
|
+
Sqreen.log.debug { "Not removing callback #{found_cb} (remains #{defined_cbs.size} cbs)" }
|
675
684
|
end
|
676
685
|
end
|
677
686
|
|
678
687
|
return unless nb_removed == defined_cbs.size
|
679
688
|
|
680
|
-
Sqreen.log.debug "Removing overriden method #{key}"
|
689
|
+
Sqreen.log.debug { "Removing overriden method #{key}" }
|
681
690
|
@@overriden_methods.delete(key)
|
682
691
|
|
683
692
|
if is_class_method?(klass, method)
|
@@ -705,6 +714,7 @@ module Legacy
|
|
705
714
|
remove_callback_no_lock(cb)
|
706
715
|
end
|
707
716
|
Sqreen.instrumentation_ready = false
|
717
|
+
Sqreen.log.info('Instrumentation deactivated')
|
708
718
|
end
|
709
719
|
end
|
710
720
|
|
@@ -757,6 +767,8 @@ module Legacy
|
|
757
767
|
### globally declare instrumentation ready
|
758
768
|
### from within instance method? not even thread local?
|
759
769
|
Sqreen.instrumentation_ready = true
|
770
|
+
|
771
|
+
Sqreen.log.info('Instrumentation activated')
|
760
772
|
end
|
761
773
|
|
762
774
|
def initialize(metrics_engine = nil)
|
@@ -6,6 +6,7 @@
|
|
6
6
|
require 'sqreen/aggregated_metric'
|
7
7
|
require 'sqreen/log/loggable'
|
8
8
|
require 'sqreen/legacy/waf_redactions'
|
9
|
+
require 'sqreen/kit/string_sanitizer'
|
9
10
|
|
10
11
|
module Sqreen
|
11
12
|
module Legacy
|
@@ -166,7 +167,7 @@ module Sqreen
|
|
166
167
|
res[:request][:parameters] = payload['params'] if payload['params']
|
167
168
|
res[:request][:headers] = payload['headers'] if payload['headers']
|
168
169
|
|
169
|
-
res = Sqreen::
|
170
|
+
res = Sqreen::Kit::StringSanitizer.sanitize(res)
|
170
171
|
|
171
172
|
if rr.redactor
|
172
173
|
res[:request], redacted = rr.redactor.redact(res[:request])
|
data/lib/sqreen/log.rb
CHANGED
@@ -14,16 +14,17 @@ require 'sqreen/deferred_logger'
|
|
14
14
|
|
15
15
|
module Sqreen
|
16
16
|
def self.log_init
|
17
|
+
deferred_logger = @logger
|
17
18
|
@logger = Sqreen::Logger.new(
|
18
19
|
Sqreen.config_get(:log_level).to_s.upcase,
|
19
20
|
Sqreen.config_get(:log_location)
|
20
21
|
)
|
21
|
-
|
22
|
+
deferred_logger.flush_to(@logger.instance_eval { @logger })
|
22
23
|
rescue => e
|
23
24
|
warn "Sqreen logger exception: #{e}"
|
24
25
|
end
|
25
26
|
|
26
27
|
def self::log
|
27
|
-
@logger
|
28
|
+
@logger ||= Sqreen::DeferredLogger.new
|
28
29
|
end
|
29
30
|
end
|
data/lib/sqreen/log/loggable.rb
CHANGED
@@ -4,6 +4,7 @@
|
|
4
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
5
|
|
6
6
|
require 'logger'
|
7
|
+
require 'sqreen/log'
|
7
8
|
|
8
9
|
module Sqreen; end
|
9
10
|
module Sqreen::Log; end
|
@@ -23,6 +24,6 @@ module Sqreen::Log::Loggable
|
|
23
24
|
end
|
24
25
|
|
25
26
|
def logger
|
26
|
-
@logger ||
|
27
|
+
@logger || singleton_class.logger
|
27
28
|
end
|
28
29
|
end
|
data/lib/sqreen/logger.rb
CHANGED
@@ -28,6 +28,26 @@ module Sqreen
|
|
28
28
|
create_error_logger
|
29
29
|
end
|
30
30
|
|
31
|
+
def debug?
|
32
|
+
@logger.debug?
|
33
|
+
end
|
34
|
+
|
35
|
+
def info?
|
36
|
+
@logger.info?
|
37
|
+
end
|
38
|
+
|
39
|
+
def warn?
|
40
|
+
@logger.warn?
|
41
|
+
end
|
42
|
+
|
43
|
+
def error?
|
44
|
+
@logger.error?
|
45
|
+
end
|
46
|
+
|
47
|
+
def fatal?
|
48
|
+
@logger.fatal?
|
49
|
+
end
|
50
|
+
|
31
51
|
def debug(msg = nil, &block)
|
32
52
|
@logger.debug(msg, &block)
|
33
53
|
end
|
@@ -45,6 +65,10 @@ module Sqreen
|
|
45
65
|
@logger.error(msg, &block)
|
46
66
|
end
|
47
67
|
|
68
|
+
def unknown(msg = nil, &block)
|
69
|
+
@logger.unknown(msg, &block)
|
70
|
+
end
|
71
|
+
|
48
72
|
def add(severity, msg = nil, &block)
|
49
73
|
send(SEVERITY_TO_METHOD[severity], msg, &block)
|
50
74
|
end
|
data/lib/sqreen/metrics_store.rb
CHANGED
@@ -27,6 +27,7 @@ module Sqreen
|
|
27
27
|
def initialize
|
28
28
|
@store = []
|
29
29
|
@metrics = {} # name => (metric, period, start)
|
30
|
+
@mutex = Mutex.new
|
30
31
|
end
|
31
32
|
|
32
33
|
# Definition contains a name,period and aggregate at least
|
@@ -34,6 +35,8 @@ module Sqreen
|
|
34
35
|
# @param rule [RuleCB] the rule associated with this metric, if any
|
35
36
|
# @param mklass [Object] Override metric object (used in testing)
|
36
37
|
def create_metric(definition, rule = nil, mklass = nil)
|
38
|
+
@mutex.lock
|
39
|
+
|
37
40
|
name = definition[NAME_KEY]
|
38
41
|
kind = definition[KIND_KEY]
|
39
42
|
klass = valid_metric(kind, name)
|
@@ -49,6 +52,8 @@ module Sqreen
|
|
49
52
|
metric.rule = rule
|
50
53
|
metric.period = definition[PERIOD_KEY]
|
51
54
|
metric
|
55
|
+
ensure
|
56
|
+
@mutex.unlock
|
52
57
|
end
|
53
58
|
|
54
59
|
def metric?(name)
|
@@ -57,21 +62,27 @@ module Sqreen
|
|
57
62
|
|
58
63
|
# @param at [Time] when is the store emptied
|
59
64
|
def update(name, at, key, value)
|
65
|
+
@mutex.lock
|
60
66
|
metric, period, start = @metrics[name]
|
61
67
|
raise UnregisteredMetric, "Unknown metric #{name}" unless metric
|
62
68
|
next_sample(name, at) if start.nil? || (start + period) < at
|
63
69
|
metric.update(key, value)
|
70
|
+
ensure
|
71
|
+
@mutex.unlock
|
64
72
|
end
|
65
73
|
|
66
74
|
# Drains every metrics and returns the store content
|
67
75
|
# @param at [Time] when is the store emptied
|
68
76
|
def publish(flush = true, at = Sqreen.time)
|
77
|
+
@mutex.lock
|
69
78
|
@metrics.each do |name, (_, period, start)|
|
70
79
|
next_sample(name, at) if flush || !start.nil? && (start + period) < at
|
71
80
|
end
|
72
81
|
out = @store
|
73
82
|
@store = []
|
74
83
|
out
|
84
|
+
ensure
|
85
|
+
@mutex.unlock
|
75
86
|
end
|
76
87
|
|
77
88
|
protected
|
data/lib/sqreen/null_logger.rb
CHANGED
@@ -9,6 +9,26 @@ module Sqreen
|
|
9
9
|
class NullLogger
|
10
10
|
include Singleton
|
11
11
|
|
12
|
+
def debug?
|
13
|
+
false
|
14
|
+
end
|
15
|
+
|
16
|
+
def info?
|
17
|
+
false
|
18
|
+
end
|
19
|
+
|
20
|
+
def warn?
|
21
|
+
false
|
22
|
+
end
|
23
|
+
|
24
|
+
def error?
|
25
|
+
false
|
26
|
+
end
|
27
|
+
|
28
|
+
def fatal?
|
29
|
+
false
|
30
|
+
end
|
31
|
+
|
12
32
|
def debug(_msg = nil); end
|
13
33
|
|
14
34
|
def info(_msg = nil); end
|
@@ -19,6 +39,8 @@ module Sqreen
|
|
19
39
|
|
20
40
|
def fatal(_msg = nil); end
|
21
41
|
|
42
|
+
def unknown(_msg = nil); end
|
43
|
+
|
22
44
|
def add(_severity, _msg = nil); end
|
23
45
|
|
24
46
|
def formatter=(_); end
|
@@ -18,6 +18,7 @@ module Sqreen
|
|
18
18
|
:features_get => :features,
|
19
19
|
:features_change => :change_features,
|
20
20
|
:force_logout => :shutdown,
|
21
|
+
:force_restart => :restart,
|
21
22
|
:paths_whitelist => :change_whitelisted_paths,
|
22
23
|
:ips_whitelist => :change_whitelisted_ips,
|
23
24
|
:get_bundle => :upload_bundle,
|
data/lib/sqreen/rules.rb
CHANGED
@@ -114,15 +114,19 @@ module Sqreen
|
|
114
114
|
Sqreen.log.warn('No JavaScript engine is available. ' \
|
115
115
|
'JavaScript callbacks will be ignored')
|
116
116
|
end
|
117
|
-
Sqreen.log.
|
117
|
+
Sqreen.log.debug("Ignoring JS callback #{rule_name}")
|
118
118
|
return nil
|
119
119
|
end
|
120
120
|
|
121
121
|
cb_class = ExecJSCB if js
|
122
122
|
|
123
|
-
if cbname
|
124
|
-
|
125
|
-
|
123
|
+
if cbname
|
124
|
+
cb_class = if cbname.include?('::')
|
125
|
+
# Only load callbacks from sqreen
|
126
|
+
Rules.walk_const_get(cbname) if cbname.start_with?('::Sqreen::', 'Sqreen::')
|
127
|
+
else
|
128
|
+
Rules.const_get(cbname) if Rules.const_defined?(cbname) # rubocop:disable Style/IfInsideElse
|
129
|
+
end
|
126
130
|
end
|
127
131
|
|
128
132
|
if cb_class.nil?
|
@@ -33,7 +33,7 @@ module Sqreen
|
|
33
33
|
private
|
34
34
|
|
35
35
|
def insert_values(ranges)
|
36
|
-
Sqreen.log.
|
36
|
+
Sqreen.log.debug 'no ips given for IP blacklisting' if ranges.empty?
|
37
37
|
|
38
38
|
ranges.map { |r| Prefix.from_str(r, r) }.each do |prefix|
|
39
39
|
trie_for(prefix).insert prefix
|
@@ -50,7 +50,7 @@ module Sqreen
|
|
50
50
|
begin
|
51
51
|
ipa = IPAddr.new(rip)
|
52
52
|
rescue StandardError
|
53
|
-
Sqreen.log.
|
53
|
+
Sqreen.log.debug "invalid IP address given by framework: #{rip}"
|
54
54
|
return nil
|
55
55
|
end
|
56
56
|
|
@@ -55,12 +55,12 @@ module Sqreen
|
|
55
55
|
end
|
56
56
|
|
57
57
|
def respond_page
|
58
|
-
page
|
58
|
+
@page ||= File.read(File.join(File.dirname(__FILE__), '../attack_detected.html'))
|
59
59
|
headers = {
|
60
60
|
'Content-Type' => 'text/html',
|
61
|
-
'Content-Length' => page.size.to_s,
|
61
|
+
'Content-Length' => @page.size.to_s,
|
62
62
|
}
|
63
|
-
[@status_code, headers, page]
|
63
|
+
[@status_code, headers, [@page]]
|
64
64
|
end
|
65
65
|
end
|
66
66
|
end
|
data/lib/sqreen/rules/rule_cb.rb
CHANGED
@@ -3,6 +3,7 @@
|
|
3
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
5
|
|
6
|
+
require 'sqreen/deprecation'
|
6
7
|
require 'sqreen/framework_cb'
|
7
8
|
require 'sqreen/context'
|
8
9
|
require 'sqreen/conditionable'
|
@@ -109,6 +110,7 @@ module Sqreen
|
|
109
110
|
)
|
110
111
|
true
|
111
112
|
end
|
113
|
+
Sqreen::Deprecation.deprecate(instance_method(:overtime!))
|
112
114
|
end
|
113
115
|
end
|
114
116
|
end
|
data/lib/sqreen/rules/waf_cb.rb
CHANGED
@@ -11,7 +11,7 @@ require 'sqreen/safe_json'
|
|
11
11
|
require 'sqreen/exception'
|
12
12
|
require 'sqreen/util/capper'
|
13
13
|
require 'sqreen/dependency/libsqreen'
|
14
|
-
require 'sqreen/
|
14
|
+
require 'sqreen/kit/string_sanitizer'
|
15
15
|
|
16
16
|
module Sqreen
|
17
17
|
module Rules
|
@@ -60,7 +60,7 @@ module Sqreen
|
|
60
60
|
end
|
61
61
|
|
62
62
|
# 0 for using defaults (PW_RUN_TIMEOUT)
|
63
|
-
@max_run_budget_us = (@data['values'].fetch('
|
63
|
+
@max_run_budget_us = (@data['values'].fetch('max_budget_ms', 0) * 1000).to_i
|
64
64
|
@max_run_budget_us = INFINITE_BUDGET_US if @max_run_budget_us >= INFINITE_BUDGET_US
|
65
65
|
|
66
66
|
Sqreen.log.debug { "Max WAF run budget for #{@waf_rule_name} set to #{@max_run_budget_us} us" }
|
@@ -82,7 +82,7 @@ module Sqreen
|
|
82
82
|
waf_args = binding_accessors.each_with_object({}) do |(e, b), h|
|
83
83
|
h[e] = capper.call(b.resolve(*env))
|
84
84
|
end
|
85
|
-
waf_args = Sqreen::
|
85
|
+
waf_args = Sqreen::Kit::StringSanitizer.sanitize(waf_args)
|
86
86
|
|
87
87
|
if budget
|
88
88
|
rem_budget_s = budget - (Sqreen.time - start)
|
data/lib/sqreen/runner.rb
CHANGED
@@ -11,6 +11,7 @@ require 'sqreen/events/attack'
|
|
11
11
|
|
12
12
|
require 'sqreen/log'
|
13
13
|
|
14
|
+
require 'sqreen/agent_message'
|
14
15
|
require 'sqreen/rules'
|
15
16
|
require 'sqreen/session'
|
16
17
|
require 'sqreen/remote_command'
|
@@ -18,6 +19,7 @@ require 'sqreen/capped_queue'
|
|
18
19
|
require 'sqreen/metrics_store'
|
19
20
|
require 'sqreen/deliveries/simple'
|
20
21
|
require 'sqreen/deliveries/batch'
|
22
|
+
require 'sqreen/endpoint_testing'
|
21
23
|
require 'sqreen/performance_notifications/metrics'
|
22
24
|
require 'sqreen/performance_notifications/binned_metrics'
|
23
25
|
require 'sqreen/legacy/instrumentation'
|
@@ -113,19 +115,23 @@ module Sqreen
|
|
113
115
|
@next_metrics = []
|
114
116
|
@running = true
|
115
117
|
|
118
|
+
@proxy_url = @configuration.get(:proxy_url)
|
119
|
+
chosen_endpoints = determine_endpoints
|
120
|
+
|
116
121
|
@token = @configuration.get(:token)
|
117
122
|
@app_name = @configuration.get(:app_name)
|
118
|
-
@url =
|
119
|
-
@
|
123
|
+
@url = chosen_endpoints.control.url
|
124
|
+
@cert_store = chosen_endpoints.control.ca_store
|
125
|
+
|
120
126
|
Sqreen.update_whitelisted_paths([])
|
121
127
|
Sqreen.update_whitelisted_ips({})
|
122
128
|
Sqreen.update_performance_budget(nil)
|
123
|
-
raise(Sqreen::Exception, 'no url found') unless @url
|
124
129
|
raise(Sqreen::TokenNotFoundException, 'no token found') unless @token
|
125
130
|
|
126
131
|
Sqreen::Kit::Configuration.logger = Sqreen.log
|
127
|
-
Sqreen::Kit::Configuration.ingestion_url =
|
128
|
-
Sqreen::Kit::Configuration.
|
132
|
+
Sqreen::Kit::Configuration.ingestion_url = chosen_endpoints.ingestion.url
|
133
|
+
Sqreen::Kit::Configuration.certificate_store = chosen_endpoints.ingestion.ca_store
|
134
|
+
Sqreen::Kit::Configuration.proxy_url = @proxy_url
|
129
135
|
|
130
136
|
register_exit_cb if set_at_exit
|
131
137
|
|
@@ -143,6 +149,7 @@ module Sqreen
|
|
143
149
|
|
144
150
|
Sqreen.log.debug "Using token #{@token}"
|
145
151
|
response = create_session(session_class)
|
152
|
+
post_endpoint_testing_msgs(chosen_endpoints)
|
146
153
|
wanted_features = response.fetch('features', {})
|
147
154
|
conf_initial_features = configuration.get(:initial_features)
|
148
155
|
unless conf_initial_features.nil?
|
@@ -155,7 +162,7 @@ module Sqreen
|
|
155
162
|
wanted_features = wanted_features.merge(conf_features)
|
156
163
|
rescue
|
157
164
|
Sqreen.log.warn do
|
158
|
-
"NOT using invalid
|
165
|
+
"NOT using invalid initial features #{conf_initial_features}"
|
159
166
|
end
|
160
167
|
end
|
161
168
|
end
|
@@ -171,7 +178,7 @@ module Sqreen
|
|
171
178
|
end
|
172
179
|
|
173
180
|
def create_session(session_class)
|
174
|
-
@session = session_class.new(@url, @token, @app_name, @proxy_url)
|
181
|
+
@session = session_class.new(@url, @cert_store, @token, @app_name, @proxy_url)
|
175
182
|
session.login(@framework)
|
176
183
|
end
|
177
184
|
|
@@ -380,8 +387,25 @@ module Sqreen
|
|
380
387
|
|
381
388
|
def change_performance_budget(budget, _context_infos = {})
|
382
389
|
return false unless budget.nil? || budget.to_f > 0
|
383
|
-
|
384
|
-
|
390
|
+
|
391
|
+
if @configuration.get(:weave)
|
392
|
+
prev = Sqreen::Weave::Budget.current
|
393
|
+
prev = prev.to_h if prev
|
394
|
+
|
395
|
+
budget_s = budget.to_f / 1000 if budget
|
396
|
+
|
397
|
+
feature = features['performance_budget']
|
398
|
+
if feature
|
399
|
+
budget_s = feature['threshold'] if feature.key?('threshold')
|
400
|
+
ratio = feature['ratio'] if feature.key?('ratio')
|
401
|
+
end
|
402
|
+
|
403
|
+
Sqreen::Weave::Budget.update(threshold: budget_s, ratio: ratio)
|
404
|
+
else
|
405
|
+
prev = Sqreen.performance_budget
|
406
|
+
Sqreen.update_performance_budget(budget)
|
407
|
+
end
|
408
|
+
|
385
409
|
{ :was => prev }
|
386
410
|
end
|
387
411
|
|
@@ -471,6 +495,15 @@ module Sqreen
|
|
471
495
|
logout
|
472
496
|
end
|
473
497
|
|
498
|
+
def restart(_context_infos = {})
|
499
|
+
shutdown
|
500
|
+
heartbeat_delay = @heartbeat_delay
|
501
|
+
Thread.new do
|
502
|
+
sleep(2 * heartbeat_delay)
|
503
|
+
Sqreen::Worker.start(Sqreen.framework)
|
504
|
+
end
|
505
|
+
end
|
506
|
+
|
474
507
|
def logout(retrying = true)
|
475
508
|
return unless session
|
476
509
|
Sqreen.log.debug("Logging out")
|
@@ -508,6 +541,28 @@ module Sqreen
|
|
508
541
|
|
509
542
|
private
|
510
543
|
|
544
|
+
def post_endpoint_testing_msgs(chosen_endpoints)
|
545
|
+
chosen_endpoints.messages.each do |msg|
|
546
|
+
session.post_agent_message(@framework, msg)
|
547
|
+
end
|
548
|
+
rescue => e
|
549
|
+
Sqreen.log.warn "Error submitting agent message: #{e}"
|
550
|
+
RemoteException.record(e)
|
551
|
+
end
|
552
|
+
|
553
|
+
def determine_endpoints
|
554
|
+
# there's no sniffing going on; just a misnamed config setting
|
555
|
+
if @configuration.get(:no_sniff_domains)
|
556
|
+
# reproduces behaviour before endpoint testing was introduced
|
557
|
+
EndpointTesting.no_test_endpoints(@configuration.get(:url),
|
558
|
+
@configuration.get(:ingestion_url))
|
559
|
+
else
|
560
|
+
EndpointTesting.test_endpoints(@proxy_url,
|
561
|
+
@configuration.get(:url),
|
562
|
+
@configuration.get(:ingestion_url))
|
563
|
+
end
|
564
|
+
end
|
565
|
+
|
511
566
|
def load_actions(hashes)
|
512
567
|
unsupported = Set.new
|
513
568
|
|