sqreen 1.20.1-java → 1.21.0.beta3-java

data/lib/sqreen/graft/hook_point.rb

@@ -23,6 +23,8 @@ module Sqreen
     end
 
     class HookPoint
+      DEFAULT_STRATEGY = Module.respond_to?(:prepend) ? :prepend : :chain
+
       def self.parse(hook_point)
         klass_name, separator, method_name = hook_point.split(/(\#|\.)/, 2)
 
@@ -36,13 +38,13 @@ module Sqreen
 
       attr_reader :klass_name, :method_kind, :method_name
 
-      def initialize(hook_point, strategy = :chain)
+      def initialize(hook_point, strategy = DEFAULT_STRATEGY)
         @klass_name, @method_kind, @method_name = Sqreen::Graft::HookPoint.parse(hook_point)
         @strategy = strategy
       end
 
       def to_s
-        "#{@klass_name}#{@method_kind == :instance_method ? '#' : '.'}#{@method_name}"
+        @to_s ||= "#{@klass_name}#{@method_kind == :instance_method ? '#' : '.'}#{@method_name}"
       end
 
       def exist?
@@ -177,23 +179,30 @@ module Sqreen
 
       private
 
-      def prepend(key)
+      def hook_spot(key)
         target = klass_method? ? klass.singleton_class : klass
         mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+        raise "Inconsistency detected: #{target} missing from its own ancestors" if mod.is_a?(Array)
+
+        [target, mod]
+      end
+
+      def prepend(key)
+        target, mod = hook_spot(key)
+
         mod ||= HookSpot.new(key)
+
         target.instance_eval { prepend(mod) }
       end
 
       def prepended?(key)
-        target = klass_method? ? klass.singleton_class : klass
-        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+        _, mod = hook_spot(key)
 
         mod != nil
       end
 
       def overridden?(key)
-        target = klass_method? ? klass.singleton_class : klass
-        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+        _, mod = hook_spot(key)
 
         (mod.instance_methods(false) + mod.protected_instance_methods(false) + mod.private_instance_methods(false)).include?(method_name)
       end
@@ -202,8 +211,7 @@ module Sqreen
         hook_point = self
         method_name = @method_name
 
-        target = klass_method? ? klass.singleton_class : klass
-        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+        _, mod = hook_spot(key)
 
         mod.instance_eval do
           if hook_point.private_method?
@@ -221,8 +229,7 @@ module Sqreen
       def unoverride(key)
         method_name = @method_name
 
-        target = klass_method? ? klass.singleton_class : klass
-        mod = target.ancestors.each { |e| break if e == target; break(e) if e.class == HookSpot && e.key == key }
+        _, mod = hook_spot(key)
 
         mod.instance_eval { remove_method(method_name) }
       end

data/lib/sqreen/legacy/instrumentation.rb

@@ -109,7 +109,7 @@ module Legacy
             break if res.is_a?(Hash) && res[:skip_rem_cbs]
           rescue StandardError => e
             Sqreen.log.warn { "we catch an exception: #{e.inspect}" }
-            Sqreen.log.debug e.backtrace
+            Sqreen.log.debug { e.backtrace }
             if cb.respond_to?(:record_exception)
               cb.record_exception(e)
             else
@@ -162,7 +162,7 @@ module Legacy
             returns << res
           rescue StandardError => e
             Sqreen.log.warn { "we catch an exception: #{e.inspect}" }
-            Sqreen.log.debug e.backtrace
+            Sqreen.log.debug { e.backtrace }
             if cb.respond_to?(:record_exception)
               cb.record_exception(e)
             else
@@ -597,16 +597,25 @@ module Legacy
         method = cb.method
         key = [klass, method]
 
+        if (call_count = ENV['SQREEN_DEBUG_CALL_COUNT'])
+          call_count = JSON.parse(call_count)
+          if cb.respond_to?(:rule_name) && call_count.key?(cb.rule_name)
+            count = call_count[cb.rule_name]
+            Sqreen.log.debug { "override rule:#{cb.rule_name} call_count:#{count.inspect}" }
+            cb.instance_eval { @call_count_interval = call_count[cb.rule_name] }
+          end
+        end
+
         @@record_request_hookpoints << key if cb.is_a?(Sqreen::Rules::RecordRequestContext)
 
         already_overriden = @@overriden_methods.include? key
 
         if !already_overriden
           if is_class_method?(klass, method)
-            Sqreen.log.debug "overriding class method for #{cb}"
+            Sqreen.log.debug { "overriding class method for #{cb}" }
             success = override_class_method(klass, method)
           elsif is_instance_method?(klass, method)
-            Sqreen.log.debug "overriding instance method for #{cb}"
+            Sqreen.log.debug { "overriding instance method for #{cb}" }
             success = override_instance_method(klass, method)
           else
             # FIXME: Override define_method and other dynamic ways to
@@ -623,7 +632,7 @@ module Legacy
 
           @@overriden_methods += [key] if success
         else
-          Sqreen.log.debug "#{key} was already overriden"
+          Sqreen.log.debug { "#{key} was already overriden" }
         end
 
         if klass != Object && klass != Kernel && !Sqreen.features['instrument_all_instances'] && !defined?(::JRUBY_VERSION)
@@ -638,7 +647,7 @@ module Legacy
           end
         end
 
-        Sqreen.log.debug "Adding callback #{cb} for #{klass} #{method}"
+        Sqreen.log.debug { "Adding callback #{cb} for #{klass} #{method}" }
         @@registered_callbacks.add(cb)
         @@unovertimable_hookpoints << key unless cb.overtimeable
         @@instrumented_pid = Process.pid
@@ -659,7 +668,7 @@ module Legacy
 
       already_overriden = @@overriden_methods.include? key
       unless already_overriden
-        Sqreen.log.debug "#{key} apparently not overridden"
+        Sqreen.log.debug { "#{key} apparently not overridden" }
       end
 
       defined_cbs = @@registered_callbacks.get(klass, method).flatten
@@ -667,17 +676,17 @@ module Legacy
       nb_removed = 0
       defined_cbs.each do |found_cb|
         if found_cb == cb
-          Sqreen.log.debug "Removing callback #{found_cb}"
+          Sqreen.log.debug { "Removing callback #{found_cb}" }
           @@registered_callbacks.remove(found_cb)
           nb_removed += 1
         else
-          Sqreen.log.debug "Not removing callback #{found_cb} (remains #{defined_cbs.size} cbs)"
+          Sqreen.log.debug { "Not removing callback #{found_cb} (remains #{defined_cbs.size} cbs)" }
         end
       end
 
       return unless nb_removed == defined_cbs.size
 
-      Sqreen.log.debug "Removing overriden method #{key}"
+      Sqreen.log.debug { "Removing overriden method #{key}" }
       @@overriden_methods.delete(key)
 
       if is_class_method?(klass, method)
@@ -705,6 +714,7 @@ module Legacy
           remove_callback_no_lock(cb)
         end
         Sqreen.instrumentation_ready = false
+        Sqreen.log.info('Instrumentation deactivated')
       end
     end
 
@@ -757,6 +767,8 @@ module Legacy
       ### globally declare instrumentation ready
       ### from within instance method? not even thread local?
       Sqreen.instrumentation_ready = true
+
+      Sqreen.log.info('Instrumentation activated')
     end
 
     def initialize(metrics_engine = nil)

data/lib/sqreen/legacy/old_event_submission_strategy.rb

@@ -6,6 +6,7 @@
 require 'sqreen/aggregated_metric'
 require 'sqreen/log/loggable'
 require 'sqreen/legacy/waf_redactions'
+require 'sqreen/kit/string_sanitizer'
 
 module Sqreen
   module Legacy
@@ -55,6 +56,12 @@ module Sqreen
               when AggregatedMetric
                 logger.warn "Aggregated metric event in non-signal mode. Signals disabled at runtime?"
                 next
+              when Sqreen::Kit::Signals::Signal
+                logger.warn "Signal event in non-signal mode"
+                next
+              when Sqreen::Kit::Signals::Trace
+                logger.warn "Trace event in non-signal mode"
+                next
               when Attack # in practice only found inside req rec
                 EventToHash.convert_attack event
               when RemoteException
@@ -72,7 +79,7 @@ module Sqreen
           tally = Hash[events.group_by(&:class).map { |k, v| [k, v.count] }]
           "Doing batch with the following tally of event types: #{tally}"
         end
-        post('batch', { batch: batch }, {}, RETRY_MANY)
+        post('batch', { batch: batch.compact }, {}, RETRY_MANY)
       end
 
       private
@@ -166,7 +173,7 @@ module Sqreen
           res[:request][:parameters] = payload['params'] if payload['params']
           res[:request][:headers] = payload['headers'] if payload['headers']
 
-          res = Sqreen::EncodingSanitizer.sanitize(res)
+          res = Sqreen::Kit::StringSanitizer.sanitize(res)
 
           if rr.redactor
             res[:request], redacted = rr.redactor.redact(res[:request])

data/lib/sqreen/log.rb

@@ -14,16 +14,17 @@ require 'sqreen/deferred_logger'
 
 module Sqreen
   def self.log_init
+    deferred_logger = @logger
     @logger = Sqreen::Logger.new(
       Sqreen.config_get(:log_level).to_s.upcase,
       Sqreen.config_get(:log_location)
     )
-    Sqreen::DeferredLogger.instance.flush_to(@logger.instance_eval { @logger })
+    deferred_logger.flush_to(@logger.instance_eval { @logger })
   rescue => e
     warn "Sqreen logger exception: #{e}"
   end
 
   def self::log
-    @logger || Sqreen::DeferredLogger.instance
+    @logger ||= Sqreen::DeferredLogger.new
   end
 end

data/lib/sqreen/log/loggable.rb

@@ -4,6 +4,7 @@
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 
 require 'logger'
+require 'sqreen/log'
 
 module Sqreen; end
 module Sqreen::Log; end

data/lib/sqreen/logger.rb

@@ -28,6 +28,26 @@ module Sqreen
       create_error_logger
     end
 
+    def debug?
+      @logger.debug?
+    end
+
+    def info?
+      @logger.info?
+    end
+
+    def warn?
+      @logger.warn?
+    end
+
+    def error?
+      @logger.error?
+    end
+
+    def fatal?
+      @logger.fatal?
+    end
+
     def debug(msg = nil, &block)
       @logger.debug(msg, &block)
     end
@@ -45,6 +65,10 @@ module Sqreen
       @logger.error(msg, &block)
     end
 
+    def unknown(msg = nil, &block)
+      @logger.unknown(msg, &block)
+    end
+
     def add(severity, msg = nil, &block)
       send(SEVERITY_TO_METHOD[severity], msg, &block)
     end

data/lib/sqreen/metrics.rb

@@ -7,3 +7,4 @@ require 'sqreen/metrics/collect'
 require 'sqreen/metrics/average'
 require 'sqreen/metrics/sum'
 require 'sqreen/metrics/binning'
+require 'sqreen/metrics/req_detailed'

data/lib/sqreen/metrics/req_detailed.rb

@@ -0,0 +1,41 @@
+require 'base64'
+require 'sqreen/mono_time'
+require 'sqreen/metrics/base'
+begin
+  require 'sq_detailed_metrics'
+rescue LoadError => _e # rubocop:disable Lint/HandleExceptions
+end
+
+module Sqreen
+  module Metric
+    class ReqDetailed < Base
+      attr_reader :num_requests
+
+      def initialize(opts = {})
+        raise 'SqDetailedMetrics unavailable' unless defined?(SqDetailedMetrics)
+        super(opts)
+        @coll = SqDetailedMetrics::RequestCollection.new
+        @start_time = Sqreen.time
+        @num_requests = 0
+      end
+
+      # @param [SqDetailedMetrics::Request] value
+      def update(_key, value)
+        @coll << value
+        @num_requests += 1
+      end
+
+      def next_sample(time)
+        data = @coll.serialize
+        @num_requests = 0
+        return nil unless data
+
+        {
+          OBSERVATION_KEY => { 'v1' => Base64.strict_encode64(data) },
+          START_KEY => @start_time,
+          FINISH_KEY => (@start_time = time),
+        }
+      end
+    end
+  end
+end

data/lib/sqreen/metrics_store.rb

@@ -27,6 +27,7 @@ module Sqreen
     def initialize
       @store = []
       @metrics = {} # name => (metric, period, start)
+      @mutex = Mutex.new
     end
 
     # Definition contains a name,period and aggregate at least
@@ -34,6 +35,8 @@ module Sqreen
     # @param rule [RuleCB] the rule associated with this metric, if any
     # @param mklass [Object] Override metric object (used in testing)
     def create_metric(definition, rule = nil, mklass = nil)
+      @mutex.lock
+
       name = definition[NAME_KEY]
       kind = definition[KIND_KEY]
       klass = valid_metric(kind, name)
@@ -49,6 +52,8 @@ module Sqreen
       metric.rule = rule
       metric.period = definition[PERIOD_KEY]
       metric
+    ensure
+      @mutex.unlock
     end
 
     def metric?(name)
@@ -57,21 +62,27 @@ module Sqreen
 
     # @param at [Time] when is the store emptied
     def update(name, at, key, value)
+      @mutex.lock
       metric, period, start = @metrics[name]
       raise UnregisteredMetric, "Unknown metric #{name}" unless metric
       next_sample(name, at) if start.nil? || (start + period) < at
       metric.update(key, value)
+    ensure
+      @mutex.unlock
     end
 
     # Drains every metrics and returns the store content
     # @param at [Time] when is the store emptied
     def publish(flush = true, at = Sqreen.time)
+      @mutex.lock
       @metrics.each do |name, (_, period, start)|
         next_sample(name, at) if flush || !start.nil? && (start + period) < at
       end
       out = @store
       @store = []
       out
+    ensure
+      @mutex.unlock
     end
 
     protected

data/lib/sqreen/null_logger.rb

@@ -9,6 +9,26 @@ module Sqreen
   class NullLogger
     include Singleton
 
+    def debug?
+      false
+    end
+
+    def info?
+      false
+    end
+
+    def warn?
+      false
+    end
+
+    def error?
+      false
+    end
+
+    def fatal?
+      false
+    end
+
     def debug(_msg = nil); end
 
     def info(_msg = nil); end
@@ -19,6 +39,8 @@ module Sqreen
 
     def fatal(_msg = nil); end
 
+    def unknown(_msg = nil); end
+
     def add(_severity, _msg = nil); end
 
     def formatter=(_); end

data/lib/sqreen/remote_command.rb

@@ -18,10 +18,12 @@ module Sqreen
       :features_get => :features,
       :features_change => :change_features,
       :force_logout => :shutdown,
+      :force_restart => :restart,
       :paths_whitelist => :change_whitelisted_paths,
       :ips_whitelist => :change_whitelisted_ips,
       :get_bundle => :upload_bundle,
       :performance_budget => :change_performance_budget,
+      :tracing_enable => :tracing_enable,
     }.freeze
 
     attr_reader :uuid
@@ -39,6 +41,8 @@ module Sqreen
       begin
         output = runner.send(KNOWN_COMMANDS[@name], *@params, context_infos)
       rescue => e
+        Sqreen.log.warn { "Command failed with #{e}" }
+        Sqreen.log.debug { e.backtrace.map { |x| "  #{x}" }.join("\n") }
         Sqreen::RemoteException.record(e)
         return { :status => false, :reason => "error: #{e.inspect}" }
       end