sqreen 1.20.1-java → 1.21.0.beta3-java

data/lib/sqreen/ecosystem_integration/instrumentation_service.rb

@@ -0,0 +1,42 @@
+require 'sqreen/graft/hook'
+require 'sqreen/ecosystem_integration/around_callbacks'
+
+module Sqreen
+  class EcosystemIntegration
+    module InstrumentationService
+      class << self
+        # @param [String] module_name
+        # @param [String] method in form A::B#c or A::B.c
+        # @param [Hash{Symbol=>Proc}] spec
+        def instrument(module_name, method, spec)
+          hook = Sqreen::Graft::Hook[method].add do
+            if spec[:before]
+              cb = AroundCallbacks.wrap_instrumentation_hook(module_name, 'pre', spec[:before])
+              tag = "weave,rule=ecosystem_#{module_name}"
+              before(tag, flow: true, &cb)
+            end
+
+            if spec[:after]
+              cb = AroundCallbacks.wrap_instrumentation_hook(module_name, 'post', spec[:after])
+              tag = "weave,rule=ecosystem_#{module_name}"
+              after(tag, flow: true, &cb)
+            end
+
+            if spec[:raised]
+              cb = AroundCallbacks.wrap_instrumentation_hook(module_name, 'failing', spec[:raised])
+              tag = "weave,rule=ecosystem_#{module_name}"
+              raised(tag, flow: true, &cb)
+            end
+
+            if spec[:ensured]
+              cb = AroundCallbacks.wrap_instrumentation_hook(module_name, 'finally', spec[:ensured])
+              tag = "weave,rule=ecosystem_#{module_name}"
+              ensured(tag, flow: true, &cb)
+            end
+          end
+          hook.install
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem_integration/request_lifecycle_tracking.rb

@@ -0,0 +1,58 @@
+require 'sqreen/events/remote_exception'
+require 'sqreen/log/loggable'
+
+module Sqreen
+  class EcosystemIntegration
+    # This class gets notified of request start/end and
+    # 1) distributes such events to listeners (typically ecosystem modules;
+    #    the method add_start_observer is exposed to ecosystem modules through
+    #    +Sqreen::Ecosystem::ModuleApi::EventListener+ and the dispatch table).
+    # 2) keeps track of whether a request is active on this thread. This is
+    #    so that users of this class can have this information without needing
+    #    to subscribe to request start/events and keeping thread local state
+    #    themselves.
+    # XXX: Since the Ecosystem is also notified of request start/end, it could
+    # notify its modules of request start without going through the dispatch
+    # table and call add_start_observer. We need to think if we want to keep
+    # the transaction / request distinction or if they should just be
+    # assumed to be the same, though.
+    class RequestLifecycleTracking
+      include Sqreen::Log::Loggable
+
+      def initialize
+        @start_observers = []
+        @tl_key = "#{object_id}_req_in_flight"
+      end
+
+      # API for classes needing to know the request state
+
+      # @param cb A callback taking a Rack::Request
+      def add_start_observer(cb)
+        @start_observers << cb
+      end
+
+      def in_request?
+        Thread.current[@tl_key] ? true : false
+      end
+
+      # API for classes notifying this one of request events
+
+      def notify_request_start(rack_req)
+        Thread.current[@tl_key] = true
+        return if @start_observers.empty?
+        @start_observers.each do |cb|
+          begin
+            cb.call(rack_req)
+          rescue ::Exception => e # rubocop:disable Lint/RescueException
+            logger.warn { "Error calling #{cb} on request start: #{e.message}" }
+            Sqreen::RemoteException.record(e)
+          end
+        end
+      end
+
+      def notify_request_end
+        Thread.current[@tl_key] = false
+      end
+    end
+  end
+end

data/lib/sqreen/ecosystem_integration/signal_consumption.rb

@@ -0,0 +1,35 @@
+require 'sqreen/log/loggable'
+
+module Sqreen
+  class EcosystemIntegration
+    class SignalConsumption
+      include Sqreen::Log::Loggable
+
+      PAYLOAD_CREATOR_SECTIONS = %w[request response params headers].freeze
+
+      # @param [Sqreen::Frameworks::GenericFramework] framework
+      # @param [Sqreen::EcosystemIntegration::RequestLifecycleTracking]
+      # @param [Sqreen::CappedQueue]
+      def initialize(framework, req_lifecycle, queue)
+        @framework = framework
+        @req_lifecycle = req_lifecycle
+        @queue = queue
+      end
+
+      def consume_signal(signal)
+        # transitional
+        unless Sqreen.features.fetch('use_signals', DEFAULT_USE_SIGNALS)
+          logger.debug { "Discarding signal #{signal} (signals disabled)" }
+          return
+        end
+
+        if @req_lifecycle.in_request?
+          # add it to the request record
+          @framework.observe(:signals, signal, PAYLOAD_CREATOR_SECTIONS, true)
+        else
+          @queue.push signal
+        end
+      end
+    end
+  end
+end

data/lib/sqreen/events/request_record.rb

@@ -8,7 +8,6 @@
 require 'json'
 require 'sqreen/log'
 require 'sqreen/event'
-require 'sqreen/encoding_sanitizer'
 require 'sqreen/sensitive_data_redactor'
 
 module Sqreen

data/lib/sqreen/frameworks/generic.rb

@@ -22,8 +22,17 @@ module Sqreen
       include RequestRecorder
       attr_accessor :sqreen_configuration
 
+      attr_writer :req_start_cb, :req_end_cb
+
       def initialize
         clean_request_record
+
+        # for notifying the ecosystem of request boundaries
+        # XXX: this should be refactored. It shouldn't be
+        # the framework doing these notifications to the ecosystem
+        # Probably the rule callback should do it itself
+        @req_start_cb = Proc.new {}
+        @req_end_cb = Proc.new {}
       end
 
       # What kind of database is this
@@ -209,7 +218,16 @@ module Sqreen
 
       # Should the agent not be starting up?
       def prevent_startup
+        # SQREEN-880 - prevent Sqreen startup on Sidekiq workers
+        return :sidekiq_cli if defined?(Sidekiq::CLI)
+        return :delayed_job if defined?(Delayed::Command)
+
+        # Prevent Sqreen startup on rake tasks - unless this is a Sqreen test
+        run_in_test = sqreen_configuration.get(:run_in_test)
+        return :rake if !run_in_test && $0.end_with?('rake')
+
         return :irb if $0 == 'irb'
+
         return if sqreen_configuration.nil?
         disable = sqreen_configuration.get(:disable)
         return :config_disable if disable == true || disable.to_s.to_i == 1
@@ -251,8 +269,12 @@ module Sqreen
       # Nota: cleanup should be performed at end of request (see clean_request)
       def store_request(object)
         return unless ensure_rack_loaded
+
+        rack_req = Rack::Request.new(object)
+        @req_start_cb.call(rack_req)
+
         self.remaining_perf_budget = Sqreen.performance_budget
-        SharedStorage.set(:request, Rack::Request.new(object))
+        SharedStorage.set(:request, rack_req)
         SharedStorage.set(:xss_params, nil)
         SharedStorage.set(:whitelisted, nil)
         SharedStorage.set(:request_overtime, nil)
@@ -281,6 +303,7 @@ module Sqreen
         SharedStorage.set(:xss_params, nil)
         SharedStorage.set(:whitelisted, nil)
         SharedStorage.set(:request_overtime, nil)
+        @req_end_cb.call
       end
 
       def remaining_perf_budget

data/lib/sqreen/frameworks/rails.rb

@@ -103,13 +103,6 @@ module Sqreen
         run_in_test = sqreen_configuration.get(:run_in_test)
         return :rails_test if !run_in_test && (Rails.env.test? || Rails.env.cucumber?)
 
-        # SQREEN-880 - prevent Sqreen startup on Sidekiq workers
-        return :sidekiq_cli if defined?(Sidekiq::CLI)
-        return :delayed_job if defined?(Delayed::Command)
-
-        # Prevent Sqreen startup on rake tasks - unless this is a Sqreen test
-        return :rake if !run_in_test && $0.end_with?('rake')
-
         return nil unless defined?(Rails::CommandsTasks)
         return nil if defined?(Rails::Server)
         return :rails_console    if defined?(Rails::Console)

data/lib/sqreen/frameworks/request_recorder.rb

@@ -69,6 +69,8 @@ module Sqreen
 
       # signals require request section to be present
       payload_requests << 'request'
+      # for signals, response is optional, but the backend team wants them
+      payload_requests << 'response'
       payload = payload_creator.payload(payload_requests)
       payload[:observed] = observed_items
 

data/lib/sqreen/graft/call.rb

@@ -27,6 +27,10 @@ module Sqreen
       def raise(value)
         Flow.raise(value)
       end
+
+      def noop
+        Flow.noop
+      end
     end
 
     class Flow
@@ -46,12 +50,17 @@ module Sqreen
         def raise(value)
           new(:raise, value)
         end
+
+        def noop
+          new(:noop, nil)
+        end
       end
 
       def initialize(action, value, brk = false)
         @action = action
         @value = value
         @break = brk
+        @passed_conditions = false
       end
 
       def return?
@@ -91,60 +100,138 @@ module Sqreen
       def break?
         @break ? true : false
       end
+
+      def passed_conditions!
+        @passed_conditions = true
+
+        self
+      end
+
+      def passed_conditions?
+        @passed_conditions
+      end
     end
 
+    class TimerError < StandardError; end
+
     class Timer
       def self.read
         Process.clock_gettime(Process::CLOCK_MONOTONIC)
       end
 
-      attr_reader :tag
+      attr_reader :tag, :size
+      attr_accessor :conditions_passed
 
       def initialize(tag, &block)
         @tag = tag
-        @blips = []
         @block = block
+        @tally = 0
+        @size = 0
       end
 
-      def duration
-        @blips.each_with_index.reduce(0) { |a, (e, i)| i.even? ? a - e : a + e }
+      def elapsed
+        raise(TimerError, 'Timer#elapsed when paused') if @size.even?
+
+        @tally + Timer.read
       end
 
-      def elapsed
-        @blips.each_with_index.reduce(0) { |a, (e, i)| i.even? ? a - e : a + e } + Timer.read
+      def duration
+        raise(TimerError, 'Timer#duration when running') if @size.odd?
+
+        @tally
       end
 
       def ignore
-        @blips << Timer.read
+        raise(TimerError, 'Timer#ignore when paused') if @size.even?
+
+        @size += 1
+        @tally += Timer.read
         yield(self)
       ensure
-        @blips << Timer.read
+        @size += 1
+        @tally -= Timer.read
       end
 
-      def measure
-        @blips << Timer.read
+      def measure(opts = nil)
+        raise(TimerError, 'Timer#measure when running') if @size.odd?
+
+        now = Timer.read
+
+        ignore = opts[:ignore] if opts
+        if ignore
+          ignore.size += 1
+          ignore.tally += now
+        end
+
+        @size += 1
+        @tally -= now
+
         yield(self)
       ensure
-        @blips << Timer.read
+        now = Timer.read
+
+        if ignore
+          ignore.size += 1
+          ignore.tally -= now
+        end
+
+        @size += 1
+        @tally += now
+
         @block.call(self) if @block
-        Sqreen::Graft.logger.debug { "#{@tag}: time=%.03fus" % (duration * 1_000_000) }
       end
 
-      def start
-        @blips << Timer.read
+      def start(at = Timer.read)
+        raise(TimerError, 'Timer#start when started') unless @size.even?
+
+        @size += 1
+        @tally -= at
+
+        at
+      end
+
+      def stop(at = Timer.read)
+        raise(TimerError, 'Timer#stop when unstarted') unless @size.odd?
+
+        @size += 1
+        @tally += at
+
+        at
       end
 
-      def stop
-        @blips << Timer.read
+      def started?
+        @size != 0 && @size.odd?
       end
 
-      def size
-        @blips.size
+      def stopped?
+        @size != 0 && @size.even?
+      end
+
+      def running?
+        @size.odd?
+      end
+
+      def paused?
+        @size.even?
+      end
+
+      def include_measurements(another_timer)
+        @blips += another_timer.instance_variable_get(:@blips)
+      end
+
+      def start_and_end
+        raise 'Not exactly two measurements recorded' unless size == 2
+        @blips
       end
 
       def to_s
-        "#{@tag}: time=%.03fus" % (duration * 1_000_000)
+        "#{@tag}: time=%.03fus" % (@tally * 1_000_000)
       end
+
+      protected
+
+      attr_reader :tally
+      attr_writer :size, :tally
     end
   end
 end

data/lib/sqreen/graft/callback.rb

@@ -21,7 +21,7 @@ module Sqreen
       end
 
       def call(*args, &block)
-        Sqreen::Graft.logger.debug { "[#{Process.pid}] Callback #{@name} disabled:#{disabled?}" }
+        # Sqreen::Graft.logger.debug { "[#{Process.pid}] Callback #{@name} disabled:#{disabled?}" } if Sqreen::Graft.logger.debug?
         return if @disabled
         @block.call(*args, &block)
       end

data/lib/sqreen/graft/hook.rb

@@ -7,23 +7,34 @@ require 'sqreen/graft'
 require 'sqreen/graft/call'
 require 'sqreen/graft/callback'
 require 'sqreen/graft/hook_point'
+require 'sqreen/weave'
+require 'sqreen/runner' # Sqreen.queue
 
 module Sqreen
   module Graft
     class Hook
+      DEFAULT_STRATEGY = Sqreen::Graft::HookPoint::DEFAULT_STRATEGY
+
       @hooks = {}
 
-      def self.[](hook_point, strategy = :chain)
+      def self.[](hook_point, strategy = DEFAULT_STRATEGY)
         @hooks[hook_point] ||= new(hook_point, nil, strategy)
       end
 
-      def self.add(hook_point, strategy = :chain, &block)
+      def self.add(hook_point, strategy = DEFAULT_STRATEGY, &block)
         self[hook_point, strategy].add(&block)
       end
 
+      def self.ignore
+        Thread.current[:sqreen_hook_entered] = true
+        yield
+      ensure
+        Thread.current[:sqreen_hook_entered] = false
+      end
+
       attr_reader :point
 
-      def initialize(hook_point, dependency_test = nil, strategy = :chain)
+      def initialize(hook_point, dependency_test = nil, strategy = DEFAULT_STRATEGY)
         @disabled = false
         @point = hook_point.is_a?(HookPoint) ? hook_point : HookPoint.new(hook_point, strategy)
         @before = []
@@ -46,27 +57,31 @@ module Sqreen
       end
 
       def before(tag = nil, opts = {}, &block)
-        return @before.sort_by(&:rank) if block.nil?
+        return @before if block.nil?
 
         @before << Callback.new(callback_name(:before, tag), opts, &block)
+        @before.sort_by!(&:rank)
       end
 
       def after(tag = nil, opts = {}, &block)
-        return @after.sort_by(&:rank) if block.nil?
+        return @after if block.nil?
 
         @after << Callback.new(callback_name(:after, tag), opts, &block)
+        @after.sort_by!(&:rank)
       end
 
       def raised(tag = nil, opts = {}, &block)
-        return @raised.sort_by(&:rank) if block.nil?
+        return @raised if block.nil?
 
         @raised << Callback.new(callback_name(:raised, tag), opts, &block)
+        @raised.sort_by!(&:rank)
       end
 
       def ensured(tag = nil, opts = {}, &block)
-        return @ensured.sort_by(&:rank) if block.nil?
+        return @ensured if block.nil?
 
         @ensured << Callback.new(callback_name(:ensured, tag), opts, &block)
+        @ensured.sort_by!(&:rank)
       end
 
       def depends_on(&block)
@@ -109,11 +124,32 @@ module Sqreen
         @before = []
         @after = []
         @raised = []
+        @ensured = []
       end
 
       def self.wrapper(hook)
+        timed_hooks_proc = proc do |t|
+          if (request = Thread.current[:sqreen_http_request])
+            request[:timed_hooks] << t if request[:timed_level] >= 1
+          end
+        end
+        timed_callbacks_proc = proc do |t|
+          if (request = Thread.current[:sqreen_http_request])
+            request[:timed_callbacks] << t if request[:timed_level] >= 1
+          end
+        end
+        # very hacky, but the non-local control flow with throw-catch
+        # makes the solution non-obvious. needs to be revisited
+        conditions_passed_proc = proc do
+          if (request = Thread.current[:sqreen_http_request])
+            request[:timed_callbacks].last.conditions_passed = true
+          end
+        end
+
         Proc.new do |*args, &block|
-          if Thread.current[:sqreen_hook_entered] || Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:time_budget_expended]
+          request = Thread.current[:sqreen_http_request]
+
+          if Thread.current[:sqreen_hook_entered]
             if hook.point.super?
               return super(*args, &block)
             else
@@ -121,113 +157,159 @@ module Sqreen
             end
           end
 
-          Timer.new(hook.point) do |t|
-            Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:timed_hooks] << t
-          end.measure do |chrono|
-            Sqreen::Graft.logger.debug { "[#{Process.pid}] Hook #{hook.point} disabled:#{hook.disabled?} caller:#{Kernel.caller[2].inspect}" }
+          if request && request[:time_budget_expended] && (hook.before + hook.after + hook.raised + hook.ensured).none?(&:mandatory)
+            if request[:timed_level] >= 2
+              begin
+                request[:skipped_callbacks].concat(hook.before)
+
+                if hook.point.super?
+                  return super(*args, &block)
+                else
+                  return hook.point.apply(self, 'sqreen_hook', *args, &block)
+                end
+              rescue ::Exception # rubocop:disable Lint/RescueException
+                request[:skipped_callbacks].concat(hook.raised)
+                raise
+              else
+                request[:skipped_callbacks].concat(hook.after)
+              ensure
+                request[:skipped_callbacks].concat(hook.ensured)
+              end
+            else
+              if hook.point.super? # rubocop:disable Style/IfInsideElse
+                return super(*args, &block)
+              else
+                return hook.point.apply(self, 'sqreen_hook', *args, &block)
+              end
+            end
+          end
+
+          hook_point_super = hook.point.super?
+          logger = Sqreen::Graft.logger
+          logger_debug = Sqreen::Graft.logger.debug?
+
+          Timer.new(hook.point, &timed_hooks_proc).measure do |chrono|
+            # budget implies request
+            # TODO: make budget depend on a generic context (currently "request")
+            budget = request[:time_budget] if request
+            if request && (budget || request[:timed_level] >= 1)
+              sqreen_timer = request[:sqreen_timer]
+            end
 
-            budget = Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:time_budget]
-            timer = Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:timer] if budget
             hooked_call = HookedCall.new(self, args)
 
             begin
-              timer.start if timer
-              Thread.current[:sqreen_hook_entered] = true
-
-              # TODO: make Call have #ball to throw by cb
-              # TODO: can Call be the ball? r = catch(Call.new, &c)
-              # TODO: is catch return value a Call? a #dispatch?
-              # TODO: make before/after/raised return a CallbackCollection << Array (or extend with module)
-              # TODO: add CallbackCollection#each_with_call(instance, args) { |call| ... } ?
-              # TODO: HookCall x CallbackCollection#each_with_call x Flow
-              # TODO: TimedHookCall TimedCallbackCall
-              # TODO: TimeBoundHookCall TimeBoundCallbackCall TimeBoundFlow?
-
-              Timer.new("#{hook.point}@before") do |t|
-                Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:timed_hooks_before] << t
-              end.measure do |before_chrono|
+              begin
+                sqreen_timer.start if sqreen_timer
+                Thread.current[:sqreen_hook_entered] = true
+
+                # TODO: make Call have #ball to throw by cb
+                # TODO: can Call be the ball? r = catch(Call.new, &c)
+                # TODO: is catch return value a Call? a #dispatch?
+                # TODO: make before/after/raised return a CallbackCollection << Array (or extend with module)
+                # TODO: add CallbackCollection#each_with_call(instance, args) { |call| ... } ?
+                # TODO: HookCall x CallbackCollection#each_with_call x Flow
+                # TODO: TimedHookCall TimedCallbackCall
+                # TODO: TimeBoundHookCall TimeBoundCallbackCall TimeBoundFlow?
+
                 hook.before.each do |c|
                   next if c.ignore && c.ignore.call
 
-                  if timer && !c.mandatory
-                    remaining = budget - timer.elapsed
-                    unless remaining > 0
-                      Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:skipped_callbacks] << c && Thread.current[:sqreen_http_request][:time_budget_expended] = true
-                      next
-                    end
+                  if budget && !c.mandatory && request[:time_budget_expended]
+                    request[:skipped_callbacks] << c
+                    next
                   end
 
+                  remaining = budget - sqreen_timer.elapsed if budget
+
+                  timer = nil
                   flow = catch(Ball.new) do |ball|
-                    Timer.new(c.name) do |t|
-                      Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:timed_callbacks] << t
-                    end.measure do
-                      before_chrono.ignore do
-                        c.call(CallbackCall.new(c, remaining, hooked_call.instance, hooked_call.args_passed), ball)
-                      end
+                    timer = Timer.new(c.name, &timed_callbacks_proc)
+                    timer.measure(ignore: chrono) do
+                      c.call(CallbackCall.new(c, remaining, hooked_call.instance, hooked_call.args_passed), ball)
+                    end
+                  end
+
+                  if budget && timer
+                    remaining -= timer.duration
+                    if remaining < 0.0
+                      request[:time_budget_expended]
+                      request[:overtime_cb] = c.name
                     end
                   end
 
                   next unless c.flow && flow.is_a?(Flow)
+                  conditions_passed_proc[] if flow.passed_conditions?
                   hooked_call.raise = flow.raise and hooked_call.raising = true if flow.raise?
                   hooked_call.args_pass = flow.args and hooked_call.args_passing = true if flow.args?
                   hooked_call.return = flow.return and hooked_call.returning = true if flow.return?
                   break if flow.break?
                 end unless hook.disabled?
+              rescue StandardError => e
+                Sqreen::Weave.logger.debug { "exception:#{e.class} message:'#{e.message}' location:\"#{e.backtrace[0]}\"" }
+                Sqreen::RemoteException.record(e) if Sqreen.queue
               end
 
               raise hooked_call.raise if hooked_call.raising
               return hooked_call.return if hooked_call.returning
             ensure
               Thread.current[:sqreen_hook_entered] = false
-              timer.stop if timer
-            end
+              sqreen_timer.stop if sqreen_timer
+            end unless hook.before.empty?
 
             begin
               chrono.ignore do
-                if hook.point.super?
+                if hook_point_super
                   hooked_call.returned = super(*(hooked_call.args_passing ? hooked_call.args_pass : hooked_call.args_passed), &block)
                 else
                   hooked_call.returned = hook.point.apply(hooked_call.instance, 'sqreen_hook', *(hooked_call.args_passing ? hooked_call.args_pass : hooked_call.args_passed), &block)
                 end
               end
             rescue ::Exception => e # rubocop:disable Lint/RescueException
-              timer.start if timer
-              Thread.current[:sqreen_hook_entered] = true
-              hooked_call.raised = e
+              begin
+                sqreen_timer.start if sqreen_timer
+                Thread.current[:sqreen_hook_entered] = true
+                hooked_call.raised = e
 
-              Sqreen::Graft.logger.debug { "[#{Process.pid}] Hook #{hook.point} disabled:#{hook.disabled?} exception:#{e}" }
-              raise if hook.raised.empty?
+                logger.debug { "[#{Process.pid}] Hook #{hook.point} disabled:#{hook.disabled?} exception:#{e}" } if logger_debug
+                raise if hook.raised.empty?
 
-              Timer.new("#{hook.point}@raised") do |t|
-                Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:timed_hooks_raised] << t
-              end.measure do |raised_chrono|
                 hook.raised.each do |c|
                   next if c.ignore && c.ignore.call
 
-                  if timer && !c.mandatory
-                    remaining = budget - timer.elapsed
-                    unless remaining > 0
-                      Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:skipped_callbacks] << c && Thread.current[:sqreen_http_request][:time_budget_expended] = true
-                      next
-                    end
+                  if budget && !c.mandatory && request[:time_budget_expended]
+                    request[:skipped_callbacks] << c
+                    next
                   end
 
+                  remaining = budget - sqreen_timer.elapsed if budget
+
+                  timer = nil
                   flow = catch(Ball.new) do |ball|
-                    Timer.new(c.name) do |t|
-                      Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:timed_callbacks] << t
-                    end.measure do
-                      raised_chrono.ignore do
-                        c.call(CallbackCall.new(c, remaining, hooked_call.instance, hooked_call.args_passing ? hooked_call.args_pass : hooked_call.args_passed, hooked_call.raised), ball)
-                      end
+                    timer = Timer.new(c.name, &timed_callbacks_proc)
+                    timer.measure(ignore: chrono) do
+                      c.call(CallbackCall.new(c, remaining, hooked_call.instance, hooked_call.args_passing ? hooked_call.args_pass : hooked_call.args_passed, hooked_call.raised), ball)
+                    end
+                  end
+
+                  if budget && timer
+                    remaining -= timer.duration
+                    if remaining < 0.0
+                      request[:time_budget_expended]
+                      request[:overtime_cb] = c.name
                     end
                   end
 
                   next unless c.flow && flow.is_a?(Flow)
+                  conditions_passed_proc[] if flow.passed_conditions?
                   hooked_call.raise = flow.raise and hooked_call.raising = true if flow.raise?
                   hooked_call.return = flow.return and hooked_call.returning = true if flow.return?
                   hooked_call.retrying = true if flow.retry?
                   break if flow.break?
                 end unless hook.disabled?
+              rescue StandardError => e
+                Sqreen::Weave.logger.debug { "exception:#{e.class} message:'#{e.message}' location:\"#{e.backtrace[0]}\"" }
+                Sqreen::RemoteException.record(e) if Sqreen.queue
               end
 
               retry if hooked_call.retrying
@@ -235,78 +317,108 @@ module Sqreen
               return hooked_call.return if hooked_call.returning
               raise
             else
-              timer.start if timer
-              Thread.current[:sqreen_hook_entered] = true
+              begin
+                sqreen_timer.start if sqreen_timer
+                Thread.current[:sqreen_hook_entered] = true
+
+                # TODO: hooked_call.returning should be always false here?
+                return hooked_call.returning ? hooked_call.return : hooked_call.returned if hook.after.empty?
 
-              Timer.new("#{hook.point}@after") do |t|
-                Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:timed_hooks_after] << t
-              end.measure do |after_chrono|
                 hook.after.each do |c|
                   next if c.ignore && c.ignore.call
 
-                  if timer && !c.mandatory
-                    remaining = budget - timer.elapsed
-                    unless remaining > 0
-                      Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:skipped_callbacks] << c && Thread.current[:sqreen_http_request][:time_budget_expended] = true
-                      next
-                    end
+                  if budget && !c.mandatory && request[:time_budget_expended]
+                    request[:skipped_callbacks] << c
+                    next
                   end
 
+                  remaining = budget - sqreen_timer.elapsed if budget
+
+                  timer = nil
                   flow = catch(Ball.new) do |ball|
-                    Timer.new(c.name) do |t|
-                      Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:timed_callbacks] << t
-                    end.measure do
-                      after_chrono.ignore do
-                        c.call(CallbackCall.new(c, remaining, hooked_call.instance, hooked_call.args_passing ? hooked_call.args_pass : hooked_call.args_passed, nil, hooked_call.returned), ball)
-                      end
+                    timer = Timer.new(c.name, &timed_callbacks_proc)
+                    timer.measure(ignore: chrono) do
+                      c.call(CallbackCall.new(c, remaining, hooked_call.instance, hooked_call.args_passing ? hooked_call.args_pass : hooked_call.args_passed, nil, hooked_call.returned), ball)
+                    end
+                  end
+
+                  if budget && timer
+                    remaining -= timer.duration
+                    if remaining < 0.0
+                      request[:time_budget_expended]
+                      request[:overtime_cb] = c.name
                     end
                   end
 
                   next unless c.flow && flow.is_a?(Flow)
+                  conditions_passed_proc[] if flow.passed_conditions?
                   hooked_call.raise = flow.raise and hooked_call.raising = true if flow.raise?
                   hooked_call.return = flow.return and hooked_call.returning = true if flow.return?
                   break if flow.break?
                 end unless hook.disabled?
+              rescue StandardError => e
+                Sqreen::Weave.logger.debug { "exception:#{e.class} message:'#{e.message}' location:\"#{e.backtrace[0]}\"" }
+                Sqreen::RemoteException.record(e) if Sqreen.queue
               end
 
               raise hooked_call.raise if hooked_call.raising
               return hooked_call.returning ? hooked_call.return : hooked_call.returned
             ensure
-              # TODO: timer.start if someone has thrown?
+              begin
+                # TODO: sqreen_timer.start if someone has thrown?
+                # TODO: sqreen_timer.stop at end of rescue+else?
+                # TODO: Thread.current[:sqreen_hook_entered] = true if neither rescue nor else ie thrown?
+                # TODO: Thread.current[:sqreen_hook_entered] = false at end of rescue+else? (risky?)
+
+                # TODO: uniform early bail out? (but don't forget sqreen_hook_entered and sqreen_timer)
+                # return hooked_call.returning ? hooked_call.return : hooked_call.returned if hook.ensured.empty?
+
+                # done at either rescue or else
+                # request_elapsed = request_timer.elapsed if budget # && !hook.ensured.empty?
 
-              Timer.new("#{hook.point}@ensured") do |t|
-                Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:timed_hooks_ensured] << t
-              end.measure do |ensured_chrono|
                 hook.ensured.each do |c|
                   next if c.ignore && c.ignore.call
 
-                  if timer && !c.mandatory
-                    remaining = budget - timer.elapsed
-                    unless remaining > 0
-                      Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:skipped_callbacks] << c && Thread.current[:sqreen_http_request][:time_budget_expended] = true
-                      next
-                    end
+                  if budget && !c.mandatory && request[:time_budget_expended]
+                    request[:skipped_callbacks] << c
+                    next
                   end
 
+                  remaining = budget - sqreen_timer.elapsed if budget
+
+                  timer = nil
                   flow = catch(Ball.new) do |ball|
-                    Timer.new(c.name) do |t|
-                      Thread.current[:sqreen_http_request] && Thread.current[:sqreen_http_request][:timed_callbacks] << t
-                    end.measure do
-                      ensured_chrono.ignore do
-                        c.call(CallbackCall.new(c, remaining, hooked_call.instance, hooked_call.args_passing ? hooked_call.args_pass : hooked_call.args_passed, nil, hooked_call.returned), ball)
-                      end
+                    timer = Timer.new(c.name, &timed_callbacks_proc)
+                    timer.measure(ignore: chrono) do
+                      c.call(CallbackCall.new(c, remaining, hooked_call.instance, hooked_call.args_passing ? hooked_call.args_pass : hooked_call.args_passed, nil, hooked_call.returned), ball)
+                    end
+                  end
+
+                  if budget && timer
+                    remaining -= timer.duration
+                    if remaining < 0.0
+                      request[:time_budget_expended]
+                      request[:overtime_cb] = c.name
                     end
                   end
 
                   next unless c.flow && flow.is_a?(Flow)
+                  conditions_passed_proc[] if flow.passed_conditions?
                   hooked_call.raise = flow.raise and hooked_call.raising = true if flow.raise?
                   hooked_call.return = flow.return and hooked_call.returning = true if flow.return?
                   break if flow.break?
-                end unless hook.disabled?
+                end unless hook.ensured.empty? || hook.disabled?
+
+                Thread.current[:sqreen_hook_entered] = false
+                sqreen_timer.stop if sqreen_timer
+              rescue StandardError => e
+                Sqreen::Weave.logger.debug { "exception:#{e.class} message:'#{e.message}' location:\"#{e.backtrace[0]}\"" }
+                Sqreen::RemoteException.record(e) if Sqreen.queue
               end
 
-              Thread.current[:sqreen_hook_entered] = false
-              timer.stop if timer
+              # TODO: should we run the following?
+              # raise hooked_call.raise if hooked_call.raising
+              # return hooked_call.returning ? hooked_call.return : hooked_call.returned
             end
           end # chrono
         end