RubyGems - sqreen - Versions diffs - 1.20.1-java → 1.21.0.beta3-java - Mend

sqreen 1.20.1-java → 1.21.0.beta3-java

Files changed (77) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +16 -0
data/lib/sqreen/actions/block_user.rb +1 -1
data/lib/sqreen/actions/redirect_ip.rb +1 -1
data/lib/sqreen/actions/redirect_user.rb +1 -1
data/lib/sqreen/attack_detected.html +1 -2
data/lib/sqreen/condition_evaluator.rb +9 -2
data/lib/sqreen/conditionable.rb +24 -6
data/lib/sqreen/configuration.rb +1 -1
data/lib/sqreen/deferred_logger.rb +50 -14
data/lib/sqreen/deliveries/batch.rb +8 -1
data/lib/sqreen/deprecation.rb +38 -0
data/lib/sqreen/ecosystem.rb +96 -0
data/lib/sqreen/ecosystem/dispatch_table.rb +43 -0
data/lib/sqreen/ecosystem/exception_reporting.rb +26 -0
data/lib/sqreen/ecosystem/http/net_http.rb +50 -0
data/lib/sqreen/ecosystem/http/rack_request.rb +39 -0
data/lib/sqreen/ecosystem/loggable.rb +13 -0
data/lib/sqreen/ecosystem/module_api.rb +30 -0
data/lib/sqreen/ecosystem/module_api/event_listener.rb +18 -0
data/lib/sqreen/ecosystem/module_api/instrumentation.rb +23 -0
data/lib/sqreen/ecosystem/module_api/message_producer.rb +51 -0
data/lib/sqreen/ecosystem/module_api/signal_producer.rb +24 -0
data/lib/sqreen/ecosystem/module_api/tracing.rb +45 -0
data/lib/sqreen/ecosystem/module_api/tracing/client_data.rb +31 -0
data/lib/sqreen/ecosystem/module_api/tracing/server_data.rb +27 -0
data/lib/sqreen/ecosystem/module_api/tracing_id_generation.rb +16 -0
data/lib/sqreen/ecosystem/module_api/transaction_storage.rb +71 -0
data/lib/sqreen/ecosystem/module_registry.rb +44 -0
data/lib/sqreen/ecosystem/redis/redis_connection.rb +43 -0
data/lib/sqreen/ecosystem/tracing/modules/client.rb +31 -0
data/lib/sqreen/ecosystem/tracing/modules/server.rb +30 -0
data/lib/sqreen/ecosystem/tracing/sampler.rb +160 -0
data/lib/sqreen/ecosystem/tracing/sampling_configuration.rb +150 -0
data/lib/sqreen/ecosystem/tracing/signals/tracing_client.rb +53 -0
data/lib/sqreen/ecosystem/tracing/signals/tracing_server.rb +53 -0
data/lib/sqreen/ecosystem/tracing_broker.rb +101 -0
data/lib/sqreen/ecosystem/tracing_id_setup.rb +34 -0
data/lib/sqreen/ecosystem/transaction_storage.rb +64 -0
data/lib/sqreen/ecosystem/util/call_writers_from_init.rb +13 -0
data/lib/sqreen/ecosystem_integration.rb +87 -0
data/lib/sqreen/ecosystem_integration/around_callbacks.rb +99 -0
data/lib/sqreen/ecosystem_integration/instrumentation_service.rb +42 -0
data/lib/sqreen/ecosystem_integration/request_lifecycle_tracking.rb +58 -0
data/lib/sqreen/ecosystem_integration/signal_consumption.rb +35 -0
data/lib/sqreen/events/request_record.rb +0 -1
data/lib/sqreen/frameworks/generic.rb +24 -1
data/lib/sqreen/frameworks/rails.rb +0 -7
data/lib/sqreen/frameworks/request_recorder.rb +2 -0
data/lib/sqreen/graft/call.rb +106 -19
data/lib/sqreen/graft/callback.rb +1 -1
data/lib/sqreen/graft/hook.rb +212 -100
data/lib/sqreen/graft/hook_point.rb +18 -11
data/lib/sqreen/legacy/instrumentation.rb +22 -10
data/lib/sqreen/legacy/old_event_submission_strategy.rb +9 -2
data/lib/sqreen/log.rb +3 -2
data/lib/sqreen/log/loggable.rb +1 -0
data/lib/sqreen/logger.rb +24 -0
data/lib/sqreen/metrics.rb +1 -0
data/lib/sqreen/metrics/req_detailed.rb +41 -0
data/lib/sqreen/metrics_store.rb +11 -0
data/lib/sqreen/null_logger.rb +22 -0
data/lib/sqreen/remote_command.rb +4 -0
data/lib/sqreen/rules.rb +8 -4
data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -2
data/lib/sqreen/rules/custom_error_cb.rb +3 -3
data/lib/sqreen/rules/rule_cb.rb +4 -2
data/lib/sqreen/rules/waf_cb.rb +3 -3
data/lib/sqreen/runner.rb +63 -8
data/lib/sqreen/session.rb +2 -0
data/lib/sqreen/signals/conversions.rb +6 -1
data/lib/sqreen/version.rb +1 -1
data/lib/sqreen/weave/budget.rb +35 -0
data/lib/sqreen/weave/legacy/instrumentation.rb +274 -132
data/lib/sqreen/worker.rb +6 -2
metadata +46 -9
data/lib/sqreen/encoding_sanitizer.rb +0 -27

data/lib/sqreen/ecosystem/tracing/signals/tracing_client.rb ADDED

@@ -0,0 +1,53 @@
+require 'sqreen/kit/configuration'
+require 'sqreen/kit/signals/point'
+require 'sqreen/kit/signals/dto_helper'
+# reference: https://github.com/sqreen/SignalsSchemas/blob/master/schemas/payload/tracing/client-2020-04-21/schema.cue
+module Sqreen
+  module Ecosystem
+    module Tracing
+      module Signals
+      end
+    end
+  end
+end
+class Sqreen::Ecosystem::Tracing::Signals::TracingClient < Sqreen::Kit::Signals::Point
+  readonly_attrs :payload_schema, :source, :signal_name
+  def initialize(values = {})
+    self.payload_schema = Payload::SCHEMA_VERSION
+    self.source = Sqreen::Kit::Configuration.default_source
+    self.signal_name = 'tracing.client'
+    self.time = values[:time] || Time.now
+    super
+  end
+  def payload=(payload)
+    unless payload.is_a?(Payload)
+      raise ArgumentError, "Payload should be a #{Payload}"
+    end
+    super
+  end
+  class Payload
+    include Sqreen::Kit::Signals::DtoHelper
+    add_mandatory_attrs :transport, :host
+    SCHEMA_VERSION = 'tracing/client-2020-04-21'.freeze
+    # @return [Symbol]
+    attr_accessor :transport
+    # @return [String]
+    attr_accessor :host
+    # @return [String]
+    attr_accessor :ip
+    # @return [String]
+    attr_accessor :tracing_identifier
+  end
+end

data/lib/sqreen/ecosystem/tracing/signals/tracing_server.rb ADDED

@@ -0,0 +1,53 @@
+require 'sqreen/kit/configuration'
+require 'sqreen/kit/signals/point'
+require 'sqreen/kit/signals/dto_helper'
+# reference: https://github.com/sqreen/SignalsSchemas/blob/master/schemas/payload/tracing/server-2020-04-21/schema.cue
+module Sqreen
+  module Ecosystem
+    module Tracing
+      module Signals
+      end
+    end
+  end
+end
+class Sqreen::Ecosystem::Tracing::Signals::TracingServer < Sqreen::Kit::Signals::Point
+  readonly_attrs :payload_schema, :source, :signal_name
+  def initialize(values = {})
+    self.payload_schema = Payload::SCHEMA_VERSION
+    self.source = Sqreen::Kit::Configuration.default_source
+    self.signal_name = 'tracing.server'
+    self.time = values[:time] || Time.now
+    super
+  end
+  def payload=(payload)
+    unless payload.is_a?(Payload)
+      raise ArgumentError, "Payload should be a #{Payload}"
+    end
+    super
+  end
+  class Payload
+    include Sqreen::Kit::Signals::DtoHelper
+    add_mandatory_attrs :transport, :client_ip
+    SCHEMA_VERSION = 'tracing/server-2020-04-21'.freeze
+    # @return [Symbol]
+    attr_accessor :transport
+    # @return [String]
+    attr_accessor :client_ip
+    # @return [Array<String>]
+    attr_accessor :previous_hops
+    # @return [String]
+    attr_accessor :tracing_identifier
+  end
+end

data/lib/sqreen/ecosystem/tracing_broker.rb ADDED

@@ -0,0 +1,101 @@
+require 'sqreen/ecosystem/loggable'
+require 'sqreen/ecosystem/exception_reporting'
+module Sqreen
+  module Ecosystem
+    class TracingBroker
+      include Loggable
+      include ExceptionReporting
+      # Stores a lookup resolution so that lookup (incl. sampling) is done
+      # only once, not in the beginning of the producer code (when it asks
+      # whether it should proceed) and again once it delivers the data
+      ObserverLookup = Struct.new(:modules)
+      # @return [Sqreen::Ecosystem::Tracing::SamplingConfiguration]
+      attr_writer :sampling_configuration
+      # @param [Array<Sqreen::Ecosystem::ModuleApi::Tracing>] tracing_modules
+      def initialize(tracing_modules)
+        @sampling_configuration = nil
+        @type_to_subscribers = {}
+        tracing_modules.each do |mod|
+          consumed_type = mod.consumed_type
+          @type_to_subscribers[consumed_type] ||= []
+          @type_to_subscribers[consumed_type] << mod
+        end
+      end
+      # @param [Object] data
+      # @param [Sqreen::Ecosystem::TracingBroker::ObserverLookup] prev_lookup
+      def publish(data, prev_lookup)
+        prev_lookup.modules.each do |mod|
+          mod_process_data mod, data
+        end
+      end
+      # @param [Module] data_type
+      # @param [Hash] _hints reserved for future use, e.g. virtual scopes
+      # @return [Sqreen::Ecosystem::TracingBroker::ObserverLookup]
+      def interested_consumers(data_type, _hints = {})
+        unless @sampling_configuration
+          logger.debug do
+            "Declaring no one is interested in #{data_type} " \
+            "because tracing hasn't been enabled yet"
+          end
+          return false
+        end
+        # if we have several modules with the same scope, we
+        # should ask whether we should sample only once
+        scope_to_should_sample = Hash.new do |hash, scope|
+          result = @sampling_configuration.should_sample?(scope)
+          if result
+            logger.debug { "Will sample scope #{scope}. Sampling line: #{result}" }
+          else
+            logger.debug { "Will NOT sample scope #{scope}" }
+          end
+          hash[scope] = result
+        end
+        res = subscribers(data_type).select do |mod|
+          scope_to_should_sample[mod.scope]
+        end
+        res.empty? ? false : ObserverLookup.new(res)
+      end
+      private
+      # @param [Sqreen::Ecosystem::ModuleApi::Tracing] mod
+      def mod_process_data(mod, data)
+        mod.receive(data)
+      rescue ::Exception => e # rubocop:disable Lint/RescueException
+        report_exception("Error invoking tracing module #{mod}", e)
+      end
+      # @param [Module] data_type
+      # @return Array<Sqreen::Ecosystem::ModuleApi::Tracing>
+      def subscribers(data_type)
+        subscribers = @type_to_subscribers[data_type]
+        # None of the modules subscribes to data_type directly,
+        # but maybe they subscribe to one of the ancestors
+        # Cache this lookup
+        unless subscribers
+          subscribers = parents(data_type).inject([]) do |accum, type|
+            accum + (@type_to_subscribers[type] || [])
+          end
+          @type_to_subscribers[data_type] = subscribers
+        end
+        subscribers
+      end
+      def parents(type)
+        type.ancestors - Object.ancestors - [type]
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/tracing_id_setup.rb ADDED

@@ -0,0 +1,34 @@
+require 'sqreen/ecosystem/module_registry'
+require 'sqreen/ecosystem/transaction_storage'
+require 'sqreen/ecosystem/module_api/signal_producer'
+module Sqreen
+  module Ecosystem
+    class TracingIdSetup
+      # @param [Array<Sqreen::Ecosystem::ModuleApi::SignalProducer>] signal_producer_modules
+      def initialize(signal_producer_modules)
+        @modules = signal_producer_modules
+        @tracing_id_prefix = nil
+      end
+      def setup_modules
+        inject_out_of_tx_tracing_id_gen
+      end
+      attr_writer :tracing_id_prefix
+      private
+      def inject_out_of_tx_tracing_id_gen
+        @modules.each do |mod|
+          mod.tracing_id_producer = method(:generate_tracing_id)
+        end
+      end
+      def generate_tracing_id
+        return nil unless @tracing_id_prefix
+        "#{@tracing_id_prefix}.#{SecureRandom.uuid}"
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/transaction_storage.rb ADDED

@@ -0,0 +1,64 @@
+require 'sqreen/ecosystem/loggable'
+module Sqreen
+  module Ecosystem
+    # The transaction storage is a mechanism for the modules to share
+    # request-scoped data with each other or to keep request-scoped objects
+    # themselves, although, for this last use case to be effective,
+    # propagation of request start/end events to the modules will likely be
+    # needed. A more generic notification of data availability to modules
+    # also may be needed in the future.
+    #
+    # This is not be used to share data with the Ecosystem client
+    #
+    # This class is not thread safe because it can call the lazy getter
+    # twice if [] is called concurrently.
+    class TransactionStorage
+      include Loggable
+      class << self
+        # @return [Sqreen::Ecosystem::TransactionStorage]
+        def create_thread_local
+          Thread.current[:tx_storage] = new
+        end
+        # @return [Sqreen::Ecosystem::TransactionStorage]
+        def fetch_thread_local
+          Thread.current[:tx_storage]
+        end
+        def destroy_thread_local
+          Thread.current[:tx_storage] = nil
+        end
+      end
+      def initialize
+        @values = {}
+        @values_lazy = {}
+      end
+      def []=(key, value)
+        @values[key] = value
+      end
+      def set_lazy(key, &block)
+        @values_lazy[key] = block
+      end
+      def [](key)
+        v = @values[key]
+        return v unless v.nil?
+        v = @values_lazy[key]
+        return nil if v.nil?
+        begin
+          @values[key] = v.call
+        rescue StandardError => e
+          logger.warn { "Error resolving key #{e} with lazy value: #{e.message}" }
+          raise
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem/util/call_writers_from_init.rb ADDED

@@ -0,0 +1,13 @@
+module Sqreen
+  module Ecosystem
+    module Util
+      module CallWritersFromInit
+        def initialize(values = {})
+          values.each do |attr, val|
+            public_send("#{attr}=", val)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem_integration.rb ADDED

@@ -0,0 +1,87 @@
+require 'sqreen/log/loggable'
+require 'sqreen/metrics_store'
+require 'sqreen/ecosystem'
+require 'sqreen/ecosystem/dispatch_table'
+require 'sqreen/ecosystem_integration/around_callbacks'
+require 'sqreen/ecosystem_integration/instrumentation_service'
+require 'sqreen/ecosystem_integration/request_lifecycle_tracking'
+require 'sqreen/ecosystem_integration/signal_consumption'
+module Sqreen
+  # This class is the interface through which the agent interacts
+  # with the ecosystem.
+  #
+  # Other classes in the EcosystemIntegration module implement the
+  # functionality that the ecosystem requires in order to deliver
+  # data to the agent and to be informed by the agent of certain
+  # key events (see Sqreen::Ecosystem::DispatchTable).
+  class EcosystemIntegration
+    include Sqreen::Log::Loggable
+    # @param [Sqreen::Framework] framework
+    # @param [Proc] create_binning_metric
+    def initialize(framework, queue, create_binning_metric)
+      @framework = framework
+      @queue = queue
+      # XXX: created metrics are insulated from feature upgrades
+      @create_binning_metric = create_binning_metric
+      @request_lifecycle = RequestLifecycleTracking.new
+      @online = false
+    end
+    def init
+      raise 'already initialized' if @online
+      setup_dispatch_table
+      AroundCallbacks.create_metric = @create_binning_metric
+      Ecosystem.init
+      logger.info 'Ecosystem successfully initialized'
+      @online = true
+    rescue ::Exception => e # rubocop:disable Lint/RescueException
+      logger.warn { "Error initializing Ecosystem: #{e.message}" }
+      logger.debug { e.backtrace.map { |x| "  #{x}" }.join("\n") }
+      Sqreen::RemoteException.record(e)
+    end
+    def disable
+      raise NotImplementedYet
+    end
+    def request_start(rack_request)
+      return unless @online
+      Ecosystem.start_transaction
+      @request_lifecycle.notify_request_start(rack_request)
+    end
+    def request_end
+      return unless @online
+      Ecosystem.end_transaction
+    end
+    def handle_tracing_command(trace_id_prefix, scopes_config)
+      return unless @online
+      Ecosystem.configure_sampling(trace_id_prefix, scopes_config)
+    end
+    private
+    def setup_dispatch_table
+      Ecosystem::DispatchTable.consume_signal =
+        create_signal_consumption.method(:consume_signal)
+      Ecosystem::DispatchTable.add_request_start_listener =
+        @request_lifecycle.method(:add_start_observer)
+      Ecosystem::DispatchTable.fetch_logger = lambda { logger }
+      Ecosystem::DispatchTable.instrument = InstrumentationService.method(:instrument)
+    end
+    def create_signal_consumption
+      SignalConsumption.new(@framework, @request_lifecycle, @queue)
+    end
+  end
+end

data/lib/sqreen/ecosystem_integration/around_callbacks.rb ADDED

@@ -0,0 +1,99 @@
+require 'sqreen/metrics_store'
+require 'sqreen/log/loggable'
+require 'sqreen/events/remote_exception'
+require 'sqreen/mono_time'
+require 'sqreen/graft/call'
+module Sqreen
+  class EcosystemIntegration
+    module AroundCallbacks
+      class << self
+        include Log::Loggable::ClassMethods
+        # @return [Proc]
+        attr_accessor :create_metric
+        # for instrumentation hooks
+        # instrumentation hooks already handle budgets/metrics
+        def wrap_instrumentation_hook(module_name, action, callable)
+          # make tag similar to that of rules
+          # TODO: move to structured tags to avoid silly string manips
+          action_for_metric = if %w[pre post failing finally].include?(action)
+                                action
+                              else
+                                'pre'
+                              end
+          metric_name = "sq.ecosystem_#{module_name}.#{action_for_metric}"
+          create_metric.call(metric_name)
+          Proc.new do |*args|
+            begin
+              callable.call(*args)
+            rescue ::Exception => e # rubocop:disable Lint/RescueException
+              # 2) rescue exceptions
+              logger.warn { "Error in #{module_name}:#{action}: #{e.message}" }
+              logger.debug { e.backtrace.map { |x| "  #{x}" }.join("\n") }
+              Sqreen::RemoteException.record(e)
+            end # end begin
+          end # end proc
+        end
+        # XXX: not used yet
+        def wrap_generic_callback(module_name, action, callable)
+          timer_name = "ecosystem:#{module_name}@#{action}"
+          perf_notif_name = "ecosystem_#{module_name}"
+          # XXX: register metric
+          Proc.new do |*args|
+            begin
+              req_storage = Thread.current[:sqreen_http_request]
+              timer = Graft::Timer.new(timer_name) do |t|
+                # this is an epilogue to measure()
+                req_storage && req_storage[:timed_hooks] << t
+              end
+              req_timer = nil
+              timer.measure do
+                # not in a request, no budget; call cb
+                next callable.call(*args) unless req_storage
+                # 1) budget enforcement
+                # skip callback if budget already expended
+                next if req_storage[:time_budget_expended]
+                budget = req_storage[:time_budget]
+                if budget
+                  req_timer = req_storage[:timer]
+                  remaining = budget - req_timer.elapsed
+                  unless remaining > 0
+                    req_storage[:time_budget_expended] = true
+                    next # skip callback
+                  end
+                end
+                callable.call(*args)
+              end
+            rescue ::Exception => e # rubocop:disable Lint/RescueException
+              # 2) rescue exceptions
+              logger.warn { "Error in #{module_name}:#{action}: #{e.message}" }
+              logger.debug { e.backtrace.map { |x| "  #{x}" }.join("\n") }
+              Sqreen::RemoteException.record(e)
+            ensure
+              # 3) contribute to performance metrics
+              if timer
+                req_timer.include_measurements(timer) if req_timer
+                # XXX: PerformanceNotifications is used no more
+                Sqreen::PerformanceNotifications.notify(
+                  perf_notif_name, action, *timer.start_and_end
+                )
+              end
+            end # end begin
+          end # end proc
+        end
+      end
+    end
+  end
+end