sqreen 1.20.0 → 1.20.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +29 -0
- data/lib/sqreen/actions/block_user.rb +1 -1
- data/lib/sqreen/actions/redirect_ip.rb +1 -1
- data/lib/sqreen/actions/redirect_user.rb +1 -1
- data/lib/sqreen/agent_message.rb +20 -0
- data/lib/sqreen/attack_detected.html +1 -2
- data/lib/sqreen/ca.crt +24 -0
- data/lib/sqreen/condition_evaluator.rb +8 -2
- data/lib/sqreen/configuration.rb +5 -3
- data/lib/sqreen/deferred_logger.rb +50 -14
- data/lib/sqreen/deprecation.rb +38 -0
- data/lib/sqreen/endpoint_testing.rb +184 -0
- data/lib/sqreen/events/request_record.rb +0 -1
- data/lib/sqreen/frameworks/generic.rb +9 -0
- data/lib/sqreen/frameworks/rails.rb +0 -7
- data/lib/sqreen/frameworks/request_recorder.rb +2 -0
- data/lib/sqreen/graft/call.rb +76 -18
- data/lib/sqreen/graft/callback.rb +1 -1
- data/lib/sqreen/graft/hook.rb +187 -85
- data/lib/sqreen/graft/hook_point.rb +1 -1
- data/lib/sqreen/legacy/instrumentation.rb +22 -10
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +2 -1
- data/lib/sqreen/log.rb +3 -2
- data/lib/sqreen/log/loggable.rb +2 -1
- data/lib/sqreen/logger.rb +24 -0
- data/lib/sqreen/metrics_store.rb +11 -0
- data/lib/sqreen/null_logger.rb +22 -0
- data/lib/sqreen/remote_command.rb +1 -0
- data/lib/sqreen/rules.rb +8 -4
- data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -2
- data/lib/sqreen/rules/custom_error_cb.rb +3 -3
- data/lib/sqreen/rules/rule_cb.rb +2 -0
- data/lib/sqreen/rules/waf_cb.rb +3 -3
- data/lib/sqreen/runner.rb +64 -9
- data/lib/sqreen/session.rb +17 -11
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/budget.rb +46 -0
- data/lib/sqreen/weave/legacy/instrumentation.rb +194 -103
- data/lib/sqreen/worker.rb +6 -2
- metadata +9 -7
- data/lib/sqreen/encoding_sanitizer.rb +0 -27
@@ -109,7 +109,7 @@ module Legacy
|
|
109
109
|
break if res.is_a?(Hash) && res[:skip_rem_cbs]
|
110
110
|
rescue StandardError => e
|
111
111
|
Sqreen.log.warn { "we catch an exception: #{e.inspect}" }
|
112
|
-
Sqreen.log.debug e.backtrace
|
112
|
+
Sqreen.log.debug { e.backtrace }
|
113
113
|
if cb.respond_to?(:record_exception)
|
114
114
|
cb.record_exception(e)
|
115
115
|
else
|
@@ -162,7 +162,7 @@ module Legacy
|
|
162
162
|
returns << res
|
163
163
|
rescue StandardError => e
|
164
164
|
Sqreen.log.warn { "we catch an exception: #{e.inspect}" }
|
165
|
-
Sqreen.log.debug e.backtrace
|
165
|
+
Sqreen.log.debug { e.backtrace }
|
166
166
|
if cb.respond_to?(:record_exception)
|
167
167
|
cb.record_exception(e)
|
168
168
|
else
|
@@ -597,16 +597,25 @@ module Legacy
|
|
597
597
|
method = cb.method
|
598
598
|
key = [klass, method]
|
599
599
|
|
600
|
+
if (call_count = ENV['SQREEN_DEBUG_CALL_COUNT'])
|
601
|
+
call_count = JSON.parse(call_count)
|
602
|
+
if cb.respond_to?(:rule_name) && call_count.key?(cb.rule_name)
|
603
|
+
count = call_count[cb.rule_name]
|
604
|
+
Sqreen.log.debug { "override rule:#{cb.rule_name} call_count:#{count.inspect}" }
|
605
|
+
cb.instance_eval { @call_count_interval = call_count[cb.rule_name] }
|
606
|
+
end
|
607
|
+
end
|
608
|
+
|
600
609
|
@@record_request_hookpoints << key if cb.is_a?(Sqreen::Rules::RecordRequestContext)
|
601
610
|
|
602
611
|
already_overriden = @@overriden_methods.include? key
|
603
612
|
|
604
613
|
if !already_overriden
|
605
614
|
if is_class_method?(klass, method)
|
606
|
-
Sqreen.log.debug "overriding class method for #{cb}"
|
615
|
+
Sqreen.log.debug { "overriding class method for #{cb}" }
|
607
616
|
success = override_class_method(klass, method)
|
608
617
|
elsif is_instance_method?(klass, method)
|
609
|
-
Sqreen.log.debug "overriding instance method for #{cb}"
|
618
|
+
Sqreen.log.debug { "overriding instance method for #{cb}" }
|
610
619
|
success = override_instance_method(klass, method)
|
611
620
|
else
|
612
621
|
# FIXME: Override define_method and other dynamic ways to
|
@@ -623,7 +632,7 @@ module Legacy
|
|
623
632
|
|
624
633
|
@@overriden_methods += [key] if success
|
625
634
|
else
|
626
|
-
Sqreen.log.debug "#{key} was already overriden"
|
635
|
+
Sqreen.log.debug { "#{key} was already overriden" }
|
627
636
|
end
|
628
637
|
|
629
638
|
if klass != Object && klass != Kernel && !Sqreen.features['instrument_all_instances'] && !defined?(::JRUBY_VERSION)
|
@@ -638,7 +647,7 @@ module Legacy
|
|
638
647
|
end
|
639
648
|
end
|
640
649
|
|
641
|
-
Sqreen.log.debug "Adding callback #{cb} for #{klass} #{method}"
|
650
|
+
Sqreen.log.debug { "Adding callback #{cb} for #{klass} #{method}" }
|
642
651
|
@@registered_callbacks.add(cb)
|
643
652
|
@@unovertimable_hookpoints << key unless cb.overtimeable
|
644
653
|
@@instrumented_pid = Process.pid
|
@@ -659,7 +668,7 @@ module Legacy
|
|
659
668
|
|
660
669
|
already_overriden = @@overriden_methods.include? key
|
661
670
|
unless already_overriden
|
662
|
-
Sqreen.log.debug "#{key} apparently not overridden"
|
671
|
+
Sqreen.log.debug { "#{key} apparently not overridden" }
|
663
672
|
end
|
664
673
|
|
665
674
|
defined_cbs = @@registered_callbacks.get(klass, method).flatten
|
@@ -667,17 +676,17 @@ module Legacy
|
|
667
676
|
nb_removed = 0
|
668
677
|
defined_cbs.each do |found_cb|
|
669
678
|
if found_cb == cb
|
670
|
-
Sqreen.log.debug "Removing callback #{found_cb}"
|
679
|
+
Sqreen.log.debug { "Removing callback #{found_cb}" }
|
671
680
|
@@registered_callbacks.remove(found_cb)
|
672
681
|
nb_removed += 1
|
673
682
|
else
|
674
|
-
Sqreen.log.debug "Not removing callback #{found_cb} (remains #{defined_cbs.size} cbs)"
|
683
|
+
Sqreen.log.debug { "Not removing callback #{found_cb} (remains #{defined_cbs.size} cbs)" }
|
675
684
|
end
|
676
685
|
end
|
677
686
|
|
678
687
|
return unless nb_removed == defined_cbs.size
|
679
688
|
|
680
|
-
Sqreen.log.debug "Removing overriden method #{key}"
|
689
|
+
Sqreen.log.debug { "Removing overriden method #{key}" }
|
681
690
|
@@overriden_methods.delete(key)
|
682
691
|
|
683
692
|
if is_class_method?(klass, method)
|
@@ -705,6 +714,7 @@ module Legacy
|
|
705
714
|
remove_callback_no_lock(cb)
|
706
715
|
end
|
707
716
|
Sqreen.instrumentation_ready = false
|
717
|
+
Sqreen.log.info('Instrumentation deactivated')
|
708
718
|
end
|
709
719
|
end
|
710
720
|
|
@@ -757,6 +767,8 @@ module Legacy
|
|
757
767
|
### globally declare instrumentation ready
|
758
768
|
### from within instance method? not even thread local?
|
759
769
|
Sqreen.instrumentation_ready = true
|
770
|
+
|
771
|
+
Sqreen.log.info('Instrumentation activated')
|
760
772
|
end
|
761
773
|
|
762
774
|
def initialize(metrics_engine = nil)
|
@@ -6,6 +6,7 @@
|
|
6
6
|
require 'sqreen/aggregated_metric'
|
7
7
|
require 'sqreen/log/loggable'
|
8
8
|
require 'sqreen/legacy/waf_redactions'
|
9
|
+
require 'sqreen/kit/string_sanitizer'
|
9
10
|
|
10
11
|
module Sqreen
|
11
12
|
module Legacy
|
@@ -166,7 +167,7 @@ module Sqreen
|
|
166
167
|
res[:request][:parameters] = payload['params'] if payload['params']
|
167
168
|
res[:request][:headers] = payload['headers'] if payload['headers']
|
168
169
|
|
169
|
-
res = Sqreen::
|
170
|
+
res = Sqreen::Kit::StringSanitizer.sanitize(res)
|
170
171
|
|
171
172
|
if rr.redactor
|
172
173
|
res[:request], redacted = rr.redactor.redact(res[:request])
|
data/lib/sqreen/log.rb
CHANGED
@@ -14,16 +14,17 @@ require 'sqreen/deferred_logger'
|
|
14
14
|
|
15
15
|
module Sqreen
|
16
16
|
def self.log_init
|
17
|
+
deferred_logger = @logger
|
17
18
|
@logger = Sqreen::Logger.new(
|
18
19
|
Sqreen.config_get(:log_level).to_s.upcase,
|
19
20
|
Sqreen.config_get(:log_location)
|
20
21
|
)
|
21
|
-
|
22
|
+
deferred_logger.flush_to(@logger.instance_eval { @logger })
|
22
23
|
rescue => e
|
23
24
|
warn "Sqreen logger exception: #{e}"
|
24
25
|
end
|
25
26
|
|
26
27
|
def self::log
|
27
|
-
@logger
|
28
|
+
@logger ||= Sqreen::DeferredLogger.new
|
28
29
|
end
|
29
30
|
end
|
data/lib/sqreen/log/loggable.rb
CHANGED
@@ -4,6 +4,7 @@
|
|
4
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
5
|
|
6
6
|
require 'logger'
|
7
|
+
require 'sqreen/log'
|
7
8
|
|
8
9
|
module Sqreen; end
|
9
10
|
module Sqreen::Log; end
|
@@ -23,6 +24,6 @@ module Sqreen::Log::Loggable
|
|
23
24
|
end
|
24
25
|
|
25
26
|
def logger
|
26
|
-
@logger ||
|
27
|
+
@logger || singleton_class.logger
|
27
28
|
end
|
28
29
|
end
|
data/lib/sqreen/logger.rb
CHANGED
@@ -28,6 +28,26 @@ module Sqreen
|
|
28
28
|
create_error_logger
|
29
29
|
end
|
30
30
|
|
31
|
+
def debug?
|
32
|
+
@logger.debug?
|
33
|
+
end
|
34
|
+
|
35
|
+
def info?
|
36
|
+
@logger.info?
|
37
|
+
end
|
38
|
+
|
39
|
+
def warn?
|
40
|
+
@logger.warn?
|
41
|
+
end
|
42
|
+
|
43
|
+
def error?
|
44
|
+
@logger.error?
|
45
|
+
end
|
46
|
+
|
47
|
+
def fatal?
|
48
|
+
@logger.fatal?
|
49
|
+
end
|
50
|
+
|
31
51
|
def debug(msg = nil, &block)
|
32
52
|
@logger.debug(msg, &block)
|
33
53
|
end
|
@@ -45,6 +65,10 @@ module Sqreen
|
|
45
65
|
@logger.error(msg, &block)
|
46
66
|
end
|
47
67
|
|
68
|
+
def unknown(msg = nil, &block)
|
69
|
+
@logger.unknown(msg, &block)
|
70
|
+
end
|
71
|
+
|
48
72
|
def add(severity, msg = nil, &block)
|
49
73
|
send(SEVERITY_TO_METHOD[severity], msg, &block)
|
50
74
|
end
|
data/lib/sqreen/metrics_store.rb
CHANGED
@@ -27,6 +27,7 @@ module Sqreen
|
|
27
27
|
def initialize
|
28
28
|
@store = []
|
29
29
|
@metrics = {} # name => (metric, period, start)
|
30
|
+
@mutex = Mutex.new
|
30
31
|
end
|
31
32
|
|
32
33
|
# Definition contains a name,period and aggregate at least
|
@@ -34,6 +35,8 @@ module Sqreen
|
|
34
35
|
# @param rule [RuleCB] the rule associated with this metric, if any
|
35
36
|
# @param mklass [Object] Override metric object (used in testing)
|
36
37
|
def create_metric(definition, rule = nil, mklass = nil)
|
38
|
+
@mutex.lock
|
39
|
+
|
37
40
|
name = definition[NAME_KEY]
|
38
41
|
kind = definition[KIND_KEY]
|
39
42
|
klass = valid_metric(kind, name)
|
@@ -49,6 +52,8 @@ module Sqreen
|
|
49
52
|
metric.rule = rule
|
50
53
|
metric.period = definition[PERIOD_KEY]
|
51
54
|
metric
|
55
|
+
ensure
|
56
|
+
@mutex.unlock
|
52
57
|
end
|
53
58
|
|
54
59
|
def metric?(name)
|
@@ -57,21 +62,27 @@ module Sqreen
|
|
57
62
|
|
58
63
|
# @param at [Time] when is the store emptied
|
59
64
|
def update(name, at, key, value)
|
65
|
+
@mutex.lock
|
60
66
|
metric, period, start = @metrics[name]
|
61
67
|
raise UnregisteredMetric, "Unknown metric #{name}" unless metric
|
62
68
|
next_sample(name, at) if start.nil? || (start + period) < at
|
63
69
|
metric.update(key, value)
|
70
|
+
ensure
|
71
|
+
@mutex.unlock
|
64
72
|
end
|
65
73
|
|
66
74
|
# Drains every metrics and returns the store content
|
67
75
|
# @param at [Time] when is the store emptied
|
68
76
|
def publish(flush = true, at = Sqreen.time)
|
77
|
+
@mutex.lock
|
69
78
|
@metrics.each do |name, (_, period, start)|
|
70
79
|
next_sample(name, at) if flush || !start.nil? && (start + period) < at
|
71
80
|
end
|
72
81
|
out = @store
|
73
82
|
@store = []
|
74
83
|
out
|
84
|
+
ensure
|
85
|
+
@mutex.unlock
|
75
86
|
end
|
76
87
|
|
77
88
|
protected
|
data/lib/sqreen/null_logger.rb
CHANGED
@@ -9,6 +9,26 @@ module Sqreen
|
|
9
9
|
class NullLogger
|
10
10
|
include Singleton
|
11
11
|
|
12
|
+
def debug?
|
13
|
+
false
|
14
|
+
end
|
15
|
+
|
16
|
+
def info?
|
17
|
+
false
|
18
|
+
end
|
19
|
+
|
20
|
+
def warn?
|
21
|
+
false
|
22
|
+
end
|
23
|
+
|
24
|
+
def error?
|
25
|
+
false
|
26
|
+
end
|
27
|
+
|
28
|
+
def fatal?
|
29
|
+
false
|
30
|
+
end
|
31
|
+
|
12
32
|
def debug(_msg = nil); end
|
13
33
|
|
14
34
|
def info(_msg = nil); end
|
@@ -19,6 +39,8 @@ module Sqreen
|
|
19
39
|
|
20
40
|
def fatal(_msg = nil); end
|
21
41
|
|
42
|
+
def unknown(_msg = nil); end
|
43
|
+
|
22
44
|
def add(_severity, _msg = nil); end
|
23
45
|
|
24
46
|
def formatter=(_); end
|
@@ -18,6 +18,7 @@ module Sqreen
|
|
18
18
|
:features_get => :features,
|
19
19
|
:features_change => :change_features,
|
20
20
|
:force_logout => :shutdown,
|
21
|
+
:force_restart => :restart,
|
21
22
|
:paths_whitelist => :change_whitelisted_paths,
|
22
23
|
:ips_whitelist => :change_whitelisted_ips,
|
23
24
|
:get_bundle => :upload_bundle,
|
data/lib/sqreen/rules.rb
CHANGED
@@ -114,15 +114,19 @@ module Sqreen
|
|
114
114
|
Sqreen.log.warn('No JavaScript engine is available. ' \
|
115
115
|
'JavaScript callbacks will be ignored')
|
116
116
|
end
|
117
|
-
Sqreen.log.
|
117
|
+
Sqreen.log.debug("Ignoring JS callback #{rule_name}")
|
118
118
|
return nil
|
119
119
|
end
|
120
120
|
|
121
121
|
cb_class = ExecJSCB if js
|
122
122
|
|
123
|
-
if cbname
|
124
|
-
|
125
|
-
|
123
|
+
if cbname
|
124
|
+
cb_class = if cbname.include?('::')
|
125
|
+
# Only load callbacks from sqreen
|
126
|
+
Rules.walk_const_get(cbname) if cbname.start_with?('::Sqreen::', 'Sqreen::')
|
127
|
+
else
|
128
|
+
Rules.const_get(cbname) if Rules.const_defined?(cbname) # rubocop:disable Style/IfInsideElse
|
129
|
+
end
|
126
130
|
end
|
127
131
|
|
128
132
|
if cb_class.nil?
|
@@ -33,7 +33,7 @@ module Sqreen
|
|
33
33
|
private
|
34
34
|
|
35
35
|
def insert_values(ranges)
|
36
|
-
Sqreen.log.
|
36
|
+
Sqreen.log.debug 'no ips given for IP blacklisting' if ranges.empty?
|
37
37
|
|
38
38
|
ranges.map { |r| Prefix.from_str(r, r) }.each do |prefix|
|
39
39
|
trie_for(prefix).insert prefix
|
@@ -50,7 +50,7 @@ module Sqreen
|
|
50
50
|
begin
|
51
51
|
ipa = IPAddr.new(rip)
|
52
52
|
rescue StandardError
|
53
|
-
Sqreen.log.
|
53
|
+
Sqreen.log.debug "invalid IP address given by framework: #{rip}"
|
54
54
|
return nil
|
55
55
|
end
|
56
56
|
|
@@ -55,12 +55,12 @@ module Sqreen
|
|
55
55
|
end
|
56
56
|
|
57
57
|
def respond_page
|
58
|
-
page
|
58
|
+
@page ||= File.read(File.join(File.dirname(__FILE__), '../attack_detected.html'))
|
59
59
|
headers = {
|
60
60
|
'Content-Type' => 'text/html',
|
61
|
-
'Content-Length' => page.size.to_s,
|
61
|
+
'Content-Length' => @page.size.to_s,
|
62
62
|
}
|
63
|
-
[@status_code, headers, page]
|
63
|
+
[@status_code, headers, [@page]]
|
64
64
|
end
|
65
65
|
end
|
66
66
|
end
|
data/lib/sqreen/rules/rule_cb.rb
CHANGED
@@ -3,6 +3,7 @@
|
|
3
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
5
|
|
6
|
+
require 'sqreen/deprecation'
|
6
7
|
require 'sqreen/framework_cb'
|
7
8
|
require 'sqreen/context'
|
8
9
|
require 'sqreen/conditionable'
|
@@ -109,6 +110,7 @@ module Sqreen
|
|
109
110
|
)
|
110
111
|
true
|
111
112
|
end
|
113
|
+
Sqreen::Deprecation.deprecate(instance_method(:overtime!))
|
112
114
|
end
|
113
115
|
end
|
114
116
|
end
|
data/lib/sqreen/rules/waf_cb.rb
CHANGED
@@ -11,7 +11,7 @@ require 'sqreen/safe_json'
|
|
11
11
|
require 'sqreen/exception'
|
12
12
|
require 'sqreen/util/capper'
|
13
13
|
require 'sqreen/dependency/libsqreen'
|
14
|
-
require 'sqreen/
|
14
|
+
require 'sqreen/kit/string_sanitizer'
|
15
15
|
|
16
16
|
module Sqreen
|
17
17
|
module Rules
|
@@ -60,7 +60,7 @@ module Sqreen
|
|
60
60
|
end
|
61
61
|
|
62
62
|
# 0 for using defaults (PW_RUN_TIMEOUT)
|
63
|
-
@max_run_budget_us = (@data['values'].fetch('
|
63
|
+
@max_run_budget_us = (@data['values'].fetch('max_budget_ms', 0) * 1000).to_i
|
64
64
|
@max_run_budget_us = INFINITE_BUDGET_US if @max_run_budget_us >= INFINITE_BUDGET_US
|
65
65
|
|
66
66
|
Sqreen.log.debug { "Max WAF run budget for #{@waf_rule_name} set to #{@max_run_budget_us} us" }
|
@@ -82,7 +82,7 @@ module Sqreen
|
|
82
82
|
waf_args = binding_accessors.each_with_object({}) do |(e, b), h|
|
83
83
|
h[e] = capper.call(b.resolve(*env))
|
84
84
|
end
|
85
|
-
waf_args = Sqreen::
|
85
|
+
waf_args = Sqreen::Kit::StringSanitizer.sanitize(waf_args)
|
86
86
|
|
87
87
|
if budget
|
88
88
|
rem_budget_s = budget - (Sqreen.time - start)
|
data/lib/sqreen/runner.rb
CHANGED
@@ -11,6 +11,7 @@ require 'sqreen/events/attack'
|
|
11
11
|
|
12
12
|
require 'sqreen/log'
|
13
13
|
|
14
|
+
require 'sqreen/agent_message'
|
14
15
|
require 'sqreen/rules'
|
15
16
|
require 'sqreen/session'
|
16
17
|
require 'sqreen/remote_command'
|
@@ -18,6 +19,7 @@ require 'sqreen/capped_queue'
|
|
18
19
|
require 'sqreen/metrics_store'
|
19
20
|
require 'sqreen/deliveries/simple'
|
20
21
|
require 'sqreen/deliveries/batch'
|
22
|
+
require 'sqreen/endpoint_testing'
|
21
23
|
require 'sqreen/performance_notifications/metrics'
|
22
24
|
require 'sqreen/performance_notifications/binned_metrics'
|
23
25
|
require 'sqreen/legacy/instrumentation'
|
@@ -113,19 +115,23 @@ module Sqreen
|
|
113
115
|
@next_metrics = []
|
114
116
|
@running = true
|
115
117
|
|
118
|
+
@proxy_url = @configuration.get(:proxy_url)
|
119
|
+
chosen_endpoints = determine_endpoints
|
120
|
+
|
116
121
|
@token = @configuration.get(:token)
|
117
122
|
@app_name = @configuration.get(:app_name)
|
118
|
-
@url =
|
119
|
-
@
|
123
|
+
@url = chosen_endpoints.control.url
|
124
|
+
@cert_store = chosen_endpoints.control.ca_store
|
125
|
+
|
120
126
|
Sqreen.update_whitelisted_paths([])
|
121
127
|
Sqreen.update_whitelisted_ips({})
|
122
128
|
Sqreen.update_performance_budget(nil)
|
123
|
-
raise(Sqreen::Exception, 'no url found') unless @url
|
124
129
|
raise(Sqreen::TokenNotFoundException, 'no token found') unless @token
|
125
130
|
|
126
131
|
Sqreen::Kit::Configuration.logger = Sqreen.log
|
127
|
-
Sqreen::Kit::Configuration.ingestion_url =
|
128
|
-
Sqreen::Kit::Configuration.
|
132
|
+
Sqreen::Kit::Configuration.ingestion_url = chosen_endpoints.ingestion.url
|
133
|
+
Sqreen::Kit::Configuration.certificate_store = chosen_endpoints.ingestion.ca_store
|
134
|
+
Sqreen::Kit::Configuration.proxy_url = @proxy_url
|
129
135
|
|
130
136
|
register_exit_cb if set_at_exit
|
131
137
|
|
@@ -143,6 +149,7 @@ module Sqreen
|
|
143
149
|
|
144
150
|
Sqreen.log.debug "Using token #{@token}"
|
145
151
|
response = create_session(session_class)
|
152
|
+
post_endpoint_testing_msgs(chosen_endpoints)
|
146
153
|
wanted_features = response.fetch('features', {})
|
147
154
|
conf_initial_features = configuration.get(:initial_features)
|
148
155
|
unless conf_initial_features.nil?
|
@@ -155,7 +162,7 @@ module Sqreen
|
|
155
162
|
wanted_features = wanted_features.merge(conf_features)
|
156
163
|
rescue
|
157
164
|
Sqreen.log.warn do
|
158
|
-
"NOT using invalid
|
165
|
+
"NOT using invalid initial features #{conf_initial_features}"
|
159
166
|
end
|
160
167
|
end
|
161
168
|
end
|
@@ -171,7 +178,7 @@ module Sqreen
|
|
171
178
|
end
|
172
179
|
|
173
180
|
def create_session(session_class)
|
174
|
-
@session = session_class.new(@url, @token, @app_name, @proxy_url)
|
181
|
+
@session = session_class.new(@url, @cert_store, @token, @app_name, @proxy_url)
|
175
182
|
session.login(@framework)
|
176
183
|
end
|
177
184
|
|
@@ -380,8 +387,25 @@ module Sqreen
|
|
380
387
|
|
381
388
|
def change_performance_budget(budget, _context_infos = {})
|
382
389
|
return false unless budget.nil? || budget.to_f > 0
|
383
|
-
|
384
|
-
|
390
|
+
|
391
|
+
if @configuration.get(:weave)
|
392
|
+
prev = Sqreen::Weave::Budget.current
|
393
|
+
prev = prev.to_h if prev
|
394
|
+
|
395
|
+
budget_s = budget.to_f / 1000 if budget
|
396
|
+
|
397
|
+
feature = features['performance_budget']
|
398
|
+
if feature
|
399
|
+
budget_s = feature['threshold'] if feature.key?('threshold')
|
400
|
+
ratio = feature['ratio'] if feature.key?('ratio')
|
401
|
+
end
|
402
|
+
|
403
|
+
Sqreen::Weave::Budget.update(threshold: budget_s, ratio: ratio)
|
404
|
+
else
|
405
|
+
prev = Sqreen.performance_budget
|
406
|
+
Sqreen.update_performance_budget(budget)
|
407
|
+
end
|
408
|
+
|
385
409
|
{ :was => prev }
|
386
410
|
end
|
387
411
|
|
@@ -471,6 +495,15 @@ module Sqreen
|
|
471
495
|
logout
|
472
496
|
end
|
473
497
|
|
498
|
+
def restart(_context_infos = {})
|
499
|
+
shutdown
|
500
|
+
heartbeat_delay = @heartbeat_delay
|
501
|
+
Thread.new do
|
502
|
+
sleep(2 * heartbeat_delay)
|
503
|
+
Sqreen::Worker.start(Sqreen.framework)
|
504
|
+
end
|
505
|
+
end
|
506
|
+
|
474
507
|
def logout(retrying = true)
|
475
508
|
return unless session
|
476
509
|
Sqreen.log.debug("Logging out")
|
@@ -508,6 +541,28 @@ module Sqreen
|
|
508
541
|
|
509
542
|
private
|
510
543
|
|
544
|
+
def post_endpoint_testing_msgs(chosen_endpoints)
|
545
|
+
chosen_endpoints.messages.each do |msg|
|
546
|
+
session.post_agent_message(@framework, msg)
|
547
|
+
end
|
548
|
+
rescue => e
|
549
|
+
Sqreen.log.warn "Error submitting agent message: #{e}"
|
550
|
+
RemoteException.record(e)
|
551
|
+
end
|
552
|
+
|
553
|
+
def determine_endpoints
|
554
|
+
# there's no sniffing going on; just a misnamed config setting
|
555
|
+
if @configuration.get(:no_sniff_domains)
|
556
|
+
# reproduces behaviour before endpoint testing was introduced
|
557
|
+
EndpointTesting.no_test_endpoints(@configuration.get(:url),
|
558
|
+
@configuration.get(:ingestion_url))
|
559
|
+
else
|
560
|
+
EndpointTesting.test_endpoints(@proxy_url,
|
561
|
+
@configuration.get(:url),
|
562
|
+
@configuration.get(:ingestion_url))
|
563
|
+
end
|
564
|
+
end
|
565
|
+
|
511
566
|
def load_actions(hashes)
|
512
567
|
unsupported = Set.new
|
513
568
|
|