sqreen 1.20.4 → 1.21.0.beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +0 -25
- data/lib/sqreen/actions/block_user.rb +1 -1
- data/lib/sqreen/actions/redirect_ip.rb +1 -1
- data/lib/sqreen/actions/redirect_user.rb +1 -1
- data/lib/sqreen/condition_evaluator.rb +2 -8
- data/lib/sqreen/configuration.rb +1 -1
- data/lib/sqreen/deferred_logger.rb +14 -50
- data/lib/sqreen/deliveries/batch.rb +8 -1
- data/lib/sqreen/ecosystem.rb +80 -0
- data/lib/sqreen/ecosystem/dispatch_table.rb +43 -0
- data/lib/sqreen/ecosystem/http/net_http.rb +51 -0
- data/lib/sqreen/ecosystem/http/rack_request.rb +38 -0
- data/lib/sqreen/ecosystem/loggable.rb +13 -0
- data/lib/sqreen/ecosystem/module_api.rb +30 -0
- data/lib/sqreen/ecosystem/module_api/event_listener.rb +18 -0
- data/lib/sqreen/ecosystem/module_api/instrumentation.rb +23 -0
- data/lib/sqreen/ecosystem/module_api/signal_producer.rb +26 -0
- data/lib/sqreen/ecosystem/module_api/tracing_push_down.rb +34 -0
- data/lib/sqreen/ecosystem/module_api/transaction_storage.rb +71 -0
- data/lib/sqreen/ecosystem/module_registry.rb +39 -0
- data/lib/sqreen/ecosystem/redis/redis_connection.rb +35 -0
- data/lib/sqreen/ecosystem/tracing/sampler.rb +160 -0
- data/lib/sqreen/ecosystem/tracing/sampling_configuration.rb +150 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_client.rb +53 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_server.rb +53 -0
- data/lib/sqreen/ecosystem/tracing_id_setup.rb +34 -0
- data/lib/sqreen/ecosystem/transaction_storage.rb +64 -0
- data/lib/sqreen/ecosystem_integration.rb +70 -0
- data/lib/sqreen/ecosystem_integration/around_callbacks.rb +89 -0
- data/lib/sqreen/ecosystem_integration/instrumentation_service.rb +38 -0
- data/lib/sqreen/ecosystem_integration/request_lifecycle_tracking.rb +56 -0
- data/lib/sqreen/ecosystem_integration/signal_consumption.rb +35 -0
- data/lib/sqreen/encoding_sanitizer.rb +27 -0
- data/lib/sqreen/events/request_record.rb +1 -0
- data/lib/sqreen/frameworks/generic.rb +15 -10
- data/lib/sqreen/frameworks/rails.rb +7 -0
- data/lib/sqreen/frameworks/request_recorder.rb +0 -2
- data/lib/sqreen/graft/call.rb +23 -72
- data/lib/sqreen/graft/callback.rb +1 -1
- data/lib/sqreen/graft/hook.rb +85 -187
- data/lib/sqreen/graft/hook_point.rb +1 -1
- data/lib/sqreen/legacy/instrumentation.rb +10 -22
- data/lib/sqreen/legacy/old_event_submission_strategy.rb +8 -3
- data/lib/sqreen/log.rb +2 -3
- data/lib/sqreen/log/loggable.rb +0 -1
- data/lib/sqreen/logger.rb +0 -24
- data/lib/sqreen/metrics_store.rb +0 -11
- data/lib/sqreen/null_logger.rb +0 -22
- data/lib/sqreen/remote_command.rb +3 -1
- data/lib/sqreen/rules.rb +4 -8
- data/lib/sqreen/rules/blacklist_ips_cb.rb +2 -2
- data/lib/sqreen/rules/custom_error_cb.rb +3 -3
- data/lib/sqreen/rules/rule_cb.rb +0 -2
- data/lib/sqreen/rules/waf_cb.rb +3 -3
- data/lib/sqreen/runner.rb +21 -33
- data/lib/sqreen/session.rb +2 -0
- data/lib/sqreen/signals/conversions.rb +6 -1
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/legacy/instrumentation.rb +103 -194
- data/lib/sqreen/worker.rb +2 -6
- metadata +35 -10
- data/lib/sqreen/deprecation.rb +0 -38
- data/lib/sqreen/weave/budget.rb +0 -46
@@ -109,7 +109,7 @@ module Legacy
|
|
109
109
|
break if res.is_a?(Hash) && res[:skip_rem_cbs]
|
110
110
|
rescue StandardError => e
|
111
111
|
Sqreen.log.warn { "we catch an exception: #{e.inspect}" }
|
112
|
-
Sqreen.log.debug
|
112
|
+
Sqreen.log.debug e.backtrace
|
113
113
|
if cb.respond_to?(:record_exception)
|
114
114
|
cb.record_exception(e)
|
115
115
|
else
|
@@ -162,7 +162,7 @@ module Legacy
|
|
162
162
|
returns << res
|
163
163
|
rescue StandardError => e
|
164
164
|
Sqreen.log.warn { "we catch an exception: #{e.inspect}" }
|
165
|
-
Sqreen.log.debug
|
165
|
+
Sqreen.log.debug e.backtrace
|
166
166
|
if cb.respond_to?(:record_exception)
|
167
167
|
cb.record_exception(e)
|
168
168
|
else
|
@@ -597,25 +597,16 @@ module Legacy
|
|
597
597
|
method = cb.method
|
598
598
|
key = [klass, method]
|
599
599
|
|
600
|
-
if (call_count = ENV['SQREEN_DEBUG_CALL_COUNT'])
|
601
|
-
call_count = JSON.parse(call_count)
|
602
|
-
if cb.respond_to?(:rule_name) && call_count.key?(cb.rule_name)
|
603
|
-
count = call_count[cb.rule_name]
|
604
|
-
Sqreen.log.debug { "override rule:#{cb.rule_name} call_count:#{count.inspect}" }
|
605
|
-
cb.instance_eval { @call_count_interval = call_count[cb.rule_name] }
|
606
|
-
end
|
607
|
-
end
|
608
|
-
|
609
600
|
@@record_request_hookpoints << key if cb.is_a?(Sqreen::Rules::RecordRequestContext)
|
610
601
|
|
611
602
|
already_overriden = @@overriden_methods.include? key
|
612
603
|
|
613
604
|
if !already_overriden
|
614
605
|
if is_class_method?(klass, method)
|
615
|
-
Sqreen.log.debug
|
606
|
+
Sqreen.log.debug "overriding class method for #{cb}"
|
616
607
|
success = override_class_method(klass, method)
|
617
608
|
elsif is_instance_method?(klass, method)
|
618
|
-
Sqreen.log.debug
|
609
|
+
Sqreen.log.debug "overriding instance method for #{cb}"
|
619
610
|
success = override_instance_method(klass, method)
|
620
611
|
else
|
621
612
|
# FIXME: Override define_method and other dynamic ways to
|
@@ -632,7 +623,7 @@ module Legacy
|
|
632
623
|
|
633
624
|
@@overriden_methods += [key] if success
|
634
625
|
else
|
635
|
-
Sqreen.log.debug
|
626
|
+
Sqreen.log.debug "#{key} was already overriden"
|
636
627
|
end
|
637
628
|
|
638
629
|
if klass != Object && klass != Kernel && !Sqreen.features['instrument_all_instances'] && !defined?(::JRUBY_VERSION)
|
@@ -647,7 +638,7 @@ module Legacy
|
|
647
638
|
end
|
648
639
|
end
|
649
640
|
|
650
|
-
Sqreen.log.debug
|
641
|
+
Sqreen.log.debug "Adding callback #{cb} for #{klass} #{method}"
|
651
642
|
@@registered_callbacks.add(cb)
|
652
643
|
@@unovertimable_hookpoints << key unless cb.overtimeable
|
653
644
|
@@instrumented_pid = Process.pid
|
@@ -668,7 +659,7 @@ module Legacy
|
|
668
659
|
|
669
660
|
already_overriden = @@overriden_methods.include? key
|
670
661
|
unless already_overriden
|
671
|
-
Sqreen.log.debug
|
662
|
+
Sqreen.log.debug "#{key} apparently not overridden"
|
672
663
|
end
|
673
664
|
|
674
665
|
defined_cbs = @@registered_callbacks.get(klass, method).flatten
|
@@ -676,17 +667,17 @@ module Legacy
|
|
676
667
|
nb_removed = 0
|
677
668
|
defined_cbs.each do |found_cb|
|
678
669
|
if found_cb == cb
|
679
|
-
Sqreen.log.debug
|
670
|
+
Sqreen.log.debug "Removing callback #{found_cb}"
|
680
671
|
@@registered_callbacks.remove(found_cb)
|
681
672
|
nb_removed += 1
|
682
673
|
else
|
683
|
-
Sqreen.log.debug
|
674
|
+
Sqreen.log.debug "Not removing callback #{found_cb} (remains #{defined_cbs.size} cbs)"
|
684
675
|
end
|
685
676
|
end
|
686
677
|
|
687
678
|
return unless nb_removed == defined_cbs.size
|
688
679
|
|
689
|
-
Sqreen.log.debug
|
680
|
+
Sqreen.log.debug "Removing overriden method #{key}"
|
690
681
|
@@overriden_methods.delete(key)
|
691
682
|
|
692
683
|
if is_class_method?(klass, method)
|
@@ -714,7 +705,6 @@ module Legacy
|
|
714
705
|
remove_callback_no_lock(cb)
|
715
706
|
end
|
716
707
|
Sqreen.instrumentation_ready = false
|
717
|
-
Sqreen.log.info('Instrumentation deactivated')
|
718
708
|
end
|
719
709
|
end
|
720
710
|
|
@@ -767,8 +757,6 @@ module Legacy
|
|
767
757
|
### globally declare instrumentation ready
|
768
758
|
### from within instance method? not even thread local?
|
769
759
|
Sqreen.instrumentation_ready = true
|
770
|
-
|
771
|
-
Sqreen.log.info('Instrumentation activated')
|
772
760
|
end
|
773
761
|
|
774
762
|
def initialize(metrics_engine = nil)
|
@@ -6,7 +6,6 @@
|
|
6
6
|
require 'sqreen/aggregated_metric'
|
7
7
|
require 'sqreen/log/loggable'
|
8
8
|
require 'sqreen/legacy/waf_redactions'
|
9
|
-
require 'sqreen/kit/string_sanitizer'
|
10
9
|
|
11
10
|
module Sqreen
|
12
11
|
module Legacy
|
@@ -56,6 +55,12 @@ module Sqreen
|
|
56
55
|
when AggregatedMetric
|
57
56
|
logger.warn "Aggregated metric event in non-signal mode. Signals disabled at runtime?"
|
58
57
|
next
|
58
|
+
when Sqreen::Kit::Signals::Signal
|
59
|
+
logger.warn "Signal event in non-signal mode"
|
60
|
+
next
|
61
|
+
when Sqreen::Kit::Signals::Trace
|
62
|
+
logger.warn "Trace event in non-signal mode"
|
63
|
+
next
|
59
64
|
when Attack # in practice only found inside req rec
|
60
65
|
EventToHash.convert_attack event
|
61
66
|
when RemoteException
|
@@ -73,7 +78,7 @@ module Sqreen
|
|
73
78
|
tally = Hash[events.group_by(&:class).map { |k, v| [k, v.count] }]
|
74
79
|
"Doing batch with the following tally of event types: #{tally}"
|
75
80
|
end
|
76
|
-
post('batch', { batch: batch }, {}, RETRY_MANY)
|
81
|
+
post('batch', { batch: batch.compact }, {}, RETRY_MANY)
|
77
82
|
end
|
78
83
|
|
79
84
|
private
|
@@ -167,7 +172,7 @@ module Sqreen
|
|
167
172
|
res[:request][:parameters] = payload['params'] if payload['params']
|
168
173
|
res[:request][:headers] = payload['headers'] if payload['headers']
|
169
174
|
|
170
|
-
res = Sqreen::
|
175
|
+
res = Sqreen::EncodingSanitizer.sanitize(res)
|
171
176
|
|
172
177
|
if rr.redactor
|
173
178
|
res[:request], redacted = rr.redactor.redact(res[:request])
|
data/lib/sqreen/log.rb
CHANGED
@@ -14,17 +14,16 @@ require 'sqreen/deferred_logger'
|
|
14
14
|
|
15
15
|
module Sqreen
|
16
16
|
def self.log_init
|
17
|
-
deferred_logger = @logger
|
18
17
|
@logger = Sqreen::Logger.new(
|
19
18
|
Sqreen.config_get(:log_level).to_s.upcase,
|
20
19
|
Sqreen.config_get(:log_location)
|
21
20
|
)
|
22
|
-
|
21
|
+
Sqreen::DeferredLogger.instance.flush_to(@logger.instance_eval { @logger })
|
23
22
|
rescue => e
|
24
23
|
warn "Sqreen logger exception: #{e}"
|
25
24
|
end
|
26
25
|
|
27
26
|
def self::log
|
28
|
-
@logger
|
27
|
+
@logger || Sqreen::DeferredLogger.instance
|
29
28
|
end
|
30
29
|
end
|
data/lib/sqreen/log/loggable.rb
CHANGED
data/lib/sqreen/logger.rb
CHANGED
@@ -28,26 +28,6 @@ module Sqreen
|
|
28
28
|
create_error_logger
|
29
29
|
end
|
30
30
|
|
31
|
-
def debug?
|
32
|
-
@logger.debug?
|
33
|
-
end
|
34
|
-
|
35
|
-
def info?
|
36
|
-
@logger.info?
|
37
|
-
end
|
38
|
-
|
39
|
-
def warn?
|
40
|
-
@logger.warn?
|
41
|
-
end
|
42
|
-
|
43
|
-
def error?
|
44
|
-
@logger.error?
|
45
|
-
end
|
46
|
-
|
47
|
-
def fatal?
|
48
|
-
@logger.fatal?
|
49
|
-
end
|
50
|
-
|
51
31
|
def debug(msg = nil, &block)
|
52
32
|
@logger.debug(msg, &block)
|
53
33
|
end
|
@@ -65,10 +45,6 @@ module Sqreen
|
|
65
45
|
@logger.error(msg, &block)
|
66
46
|
end
|
67
47
|
|
68
|
-
def unknown(msg = nil, &block)
|
69
|
-
@logger.unknown(msg, &block)
|
70
|
-
end
|
71
|
-
|
72
48
|
def add(severity, msg = nil, &block)
|
73
49
|
send(SEVERITY_TO_METHOD[severity], msg, &block)
|
74
50
|
end
|
data/lib/sqreen/metrics_store.rb
CHANGED
@@ -27,7 +27,6 @@ module Sqreen
|
|
27
27
|
def initialize
|
28
28
|
@store = []
|
29
29
|
@metrics = {} # name => (metric, period, start)
|
30
|
-
@mutex = Mutex.new
|
31
30
|
end
|
32
31
|
|
33
32
|
# Definition contains a name,period and aggregate at least
|
@@ -35,8 +34,6 @@ module Sqreen
|
|
35
34
|
# @param rule [RuleCB] the rule associated with this metric, if any
|
36
35
|
# @param mklass [Object] Override metric object (used in testing)
|
37
36
|
def create_metric(definition, rule = nil, mklass = nil)
|
38
|
-
@mutex.lock
|
39
|
-
|
40
37
|
name = definition[NAME_KEY]
|
41
38
|
kind = definition[KIND_KEY]
|
42
39
|
klass = valid_metric(kind, name)
|
@@ -52,8 +49,6 @@ module Sqreen
|
|
52
49
|
metric.rule = rule
|
53
50
|
metric.period = definition[PERIOD_KEY]
|
54
51
|
metric
|
55
|
-
ensure
|
56
|
-
@mutex.unlock
|
57
52
|
end
|
58
53
|
|
59
54
|
def metric?(name)
|
@@ -62,27 +57,21 @@ module Sqreen
|
|
62
57
|
|
63
58
|
# @param at [Time] when is the store emptied
|
64
59
|
def update(name, at, key, value)
|
65
|
-
@mutex.lock
|
66
60
|
metric, period, start = @metrics[name]
|
67
61
|
raise UnregisteredMetric, "Unknown metric #{name}" unless metric
|
68
62
|
next_sample(name, at) if start.nil? || (start + period) < at
|
69
63
|
metric.update(key, value)
|
70
|
-
ensure
|
71
|
-
@mutex.unlock
|
72
64
|
end
|
73
65
|
|
74
66
|
# Drains every metrics and returns the store content
|
75
67
|
# @param at [Time] when is the store emptied
|
76
68
|
def publish(flush = true, at = Sqreen.time)
|
77
|
-
@mutex.lock
|
78
69
|
@metrics.each do |name, (_, period, start)|
|
79
70
|
next_sample(name, at) if flush || !start.nil? && (start + period) < at
|
80
71
|
end
|
81
72
|
out = @store
|
82
73
|
@store = []
|
83
74
|
out
|
84
|
-
ensure
|
85
|
-
@mutex.unlock
|
86
75
|
end
|
87
76
|
|
88
77
|
protected
|
data/lib/sqreen/null_logger.rb
CHANGED
@@ -9,26 +9,6 @@ module Sqreen
|
|
9
9
|
class NullLogger
|
10
10
|
include Singleton
|
11
11
|
|
12
|
-
def debug?
|
13
|
-
false
|
14
|
-
end
|
15
|
-
|
16
|
-
def info?
|
17
|
-
false
|
18
|
-
end
|
19
|
-
|
20
|
-
def warn?
|
21
|
-
false
|
22
|
-
end
|
23
|
-
|
24
|
-
def error?
|
25
|
-
false
|
26
|
-
end
|
27
|
-
|
28
|
-
def fatal?
|
29
|
-
false
|
30
|
-
end
|
31
|
-
|
32
12
|
def debug(_msg = nil); end
|
33
13
|
|
34
14
|
def info(_msg = nil); end
|
@@ -39,8 +19,6 @@ module Sqreen
|
|
39
19
|
|
40
20
|
def fatal(_msg = nil); end
|
41
21
|
|
42
|
-
def unknown(_msg = nil); end
|
43
|
-
|
44
22
|
def add(_severity, _msg = nil); end
|
45
23
|
|
46
24
|
def formatter=(_); end
|
@@ -18,11 +18,11 @@ module Sqreen
|
|
18
18
|
:features_get => :features,
|
19
19
|
:features_change => :change_features,
|
20
20
|
:force_logout => :shutdown,
|
21
|
-
:force_restart => :restart,
|
22
21
|
:paths_whitelist => :change_whitelisted_paths,
|
23
22
|
:ips_whitelist => :change_whitelisted_ips,
|
24
23
|
:get_bundle => :upload_bundle,
|
25
24
|
:performance_budget => :change_performance_budget,
|
25
|
+
:tracing_enable => :tracing_enable,
|
26
26
|
}.freeze
|
27
27
|
|
28
28
|
attr_reader :uuid
|
@@ -40,6 +40,8 @@ module Sqreen
|
|
40
40
|
begin
|
41
41
|
output = runner.send(KNOWN_COMMANDS[@name], *@params, context_infos)
|
42
42
|
rescue => e
|
43
|
+
Sqreen.log.warn { "Command failed with #{e}" }
|
44
|
+
Sqreen.log.debug { e.backtrace.map { |x| " #{x}" }.join("\n") }
|
43
45
|
Sqreen::RemoteException.record(e)
|
44
46
|
return { :status => false, :reason => "error: #{e.inspect}" }
|
45
47
|
end
|
data/lib/sqreen/rules.rb
CHANGED
@@ -114,19 +114,15 @@ module Sqreen
|
|
114
114
|
Sqreen.log.warn('No JavaScript engine is available. ' \
|
115
115
|
'JavaScript callbacks will be ignored')
|
116
116
|
end
|
117
|
-
Sqreen.log.
|
117
|
+
Sqreen.log.info("Ignoring JS callback #{rule_name}")
|
118
118
|
return nil
|
119
119
|
end
|
120
120
|
|
121
121
|
cb_class = ExecJSCB if js
|
122
122
|
|
123
|
-
if cbname
|
124
|
-
|
125
|
-
|
126
|
-
Rules.walk_const_get(cbname) if cbname.start_with?('::Sqreen::', 'Sqreen::')
|
127
|
-
else
|
128
|
-
Rules.const_get(cbname) if Rules.const_defined?(cbname) # rubocop:disable Style/IfInsideElse
|
129
|
-
end
|
123
|
+
if cbname && Rules.const_defined?(cbname)
|
124
|
+
# Only load callbacks from sqreen
|
125
|
+
cb_class = Rules.const_get(cbname)
|
130
126
|
end
|
131
127
|
|
132
128
|
if cb_class.nil?
|
@@ -33,7 +33,7 @@ module Sqreen
|
|
33
33
|
private
|
34
34
|
|
35
35
|
def insert_values(ranges)
|
36
|
-
Sqreen.log.
|
36
|
+
Sqreen.log.info 'no ips given for IP blacklisting' if ranges.empty?
|
37
37
|
|
38
38
|
ranges.map { |r| Prefix.from_str(r, r) }.each do |prefix|
|
39
39
|
trie_for(prefix).insert prefix
|
@@ -50,7 +50,7 @@ module Sqreen
|
|
50
50
|
begin
|
51
51
|
ipa = IPAddr.new(rip)
|
52
52
|
rescue StandardError
|
53
|
-
Sqreen.log.
|
53
|
+
Sqreen.log.info "invalid IP address given by framework: #{rip}"
|
54
54
|
return nil
|
55
55
|
end
|
56
56
|
|
@@ -55,12 +55,12 @@ module Sqreen
|
|
55
55
|
end
|
56
56
|
|
57
57
|
def respond_page
|
58
|
-
|
58
|
+
page = open(File.join(File.dirname(__FILE__), '../attack_detected.html'))
|
59
59
|
headers = {
|
60
60
|
'Content-Type' => 'text/html',
|
61
|
-
'Content-Length' =>
|
61
|
+
'Content-Length' => page.size.to_s,
|
62
62
|
}
|
63
|
-
[@status_code, headers,
|
63
|
+
[@status_code, headers, page]
|
64
64
|
end
|
65
65
|
end
|
66
66
|
end
|
data/lib/sqreen/rules/rule_cb.rb
CHANGED
@@ -3,7 +3,6 @@
|
|
3
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
5
|
|
6
|
-
require 'sqreen/deprecation'
|
7
6
|
require 'sqreen/framework_cb'
|
8
7
|
require 'sqreen/context'
|
9
8
|
require 'sqreen/conditionable'
|
@@ -110,7 +109,6 @@ module Sqreen
|
|
110
109
|
)
|
111
110
|
true
|
112
111
|
end
|
113
|
-
Sqreen::Deprecation.deprecate(instance_method(:overtime!))
|
114
112
|
end
|
115
113
|
end
|
116
114
|
end
|
data/lib/sqreen/rules/waf_cb.rb
CHANGED
@@ -11,7 +11,7 @@ require 'sqreen/safe_json'
|
|
11
11
|
require 'sqreen/exception'
|
12
12
|
require 'sqreen/util/capper'
|
13
13
|
require 'sqreen/dependency/libsqreen'
|
14
|
-
require 'sqreen/
|
14
|
+
require 'sqreen/encoding_sanitizer'
|
15
15
|
|
16
16
|
module Sqreen
|
17
17
|
module Rules
|
@@ -60,7 +60,7 @@ module Sqreen
|
|
60
60
|
end
|
61
61
|
|
62
62
|
# 0 for using defaults (PW_RUN_TIMEOUT)
|
63
|
-
@max_run_budget_us = (@data['values'].fetch('
|
63
|
+
@max_run_budget_us = (@data['values'].fetch('budget_in_ms', 0) * 1000).to_i
|
64
64
|
@max_run_budget_us = INFINITE_BUDGET_US if @max_run_budget_us >= INFINITE_BUDGET_US
|
65
65
|
|
66
66
|
Sqreen.log.debug { "Max WAF run budget for #{@waf_rule_name} set to #{@max_run_budget_us} us" }
|
@@ -82,7 +82,7 @@ module Sqreen
|
|
82
82
|
waf_args = binding_accessors.each_with_object({}) do |(e, b), h|
|
83
83
|
h[e] = capper.call(b.resolve(*env))
|
84
84
|
end
|
85
|
-
waf_args = Sqreen::
|
85
|
+
waf_args = Sqreen::EncodingSanitizer.sanitize(waf_args)
|
86
86
|
|
87
87
|
if budget
|
88
88
|
rem_budget_s = budget - (Sqreen.time - start)
|
data/lib/sqreen/runner.rb
CHANGED
@@ -14,6 +14,7 @@ require 'sqreen/log'
|
|
14
14
|
require 'sqreen/agent_message'
|
15
15
|
require 'sqreen/rules'
|
16
16
|
require 'sqreen/session'
|
17
|
+
require 'sqreen/version'
|
17
18
|
require 'sqreen/remote_command'
|
18
19
|
require 'sqreen/capped_queue'
|
19
20
|
require 'sqreen/metrics_store'
|
@@ -26,6 +27,7 @@ require 'sqreen/legacy/instrumentation'
|
|
26
27
|
require 'sqreen/call_countable'
|
27
28
|
require 'sqreen/weave/legacy/instrumentation'
|
28
29
|
require 'sqreen/kit/configuration'
|
30
|
+
require 'sqreen/ecosystem_integration'
|
29
31
|
|
30
32
|
module Sqreen
|
31
33
|
@features = {}
|
@@ -52,10 +54,6 @@ module Sqreen
|
|
52
54
|
@queue ||= CappedQueue.new(MAX_QUEUE_LENGTH)
|
53
55
|
end
|
54
56
|
|
55
|
-
def update_queue(queue)
|
56
|
-
@queue = queue
|
57
|
-
end
|
58
|
-
|
59
57
|
def observations_queue
|
60
58
|
@observations_queue ||= CappedQueue.new(MAX_OBS_QUEUE_LENGTH)
|
61
59
|
end
|
@@ -104,8 +102,8 @@ module Sqreen
|
|
104
102
|
# we may want to do that in a thread in order to prevent delaying app
|
105
103
|
# startup
|
106
104
|
# set_at_exit do not place a global at_exit (used for testing)
|
105
|
+
# @param [Sqreen::Frameworks::GenericFramework] framework
|
107
106
|
def initialize(configuration, framework, set_at_exit = true, session_class = Sqreen::Session)
|
108
|
-
Sqreen.update_queue(CappedQueue.new(MAX_QUEUE_LENGTH))
|
109
107
|
@logged_out_tried = false
|
110
108
|
@configuration = configuration
|
111
109
|
@framework = framework
|
@@ -132,6 +130,7 @@ module Sqreen
|
|
132
130
|
Sqreen::Kit::Configuration.ingestion_url = chosen_endpoints.ingestion.url
|
133
131
|
Sqreen::Kit::Configuration.certificate_store = chosen_endpoints.ingestion.ca_store
|
134
132
|
Sqreen::Kit::Configuration.proxy_url = @proxy_url
|
133
|
+
Sqreen::Kit::Configuration.default_source = "sqreen:agent:ruby:#{Sqreen::VERSION}"
|
135
134
|
|
136
135
|
register_exit_cb if set_at_exit
|
137
136
|
|
@@ -168,6 +167,10 @@ module Sqreen
|
|
168
167
|
end
|
169
168
|
self.features = wanted_features
|
170
169
|
|
170
|
+
@ecosystem_integration = EcosystemIntegration.new(framework, Sqreen.queue)
|
171
|
+
framework.req_start_cb = @ecosystem_integration.method(:request_start)
|
172
|
+
framework.req_end_cb = @ecosystem_integration.method(:request_end)
|
173
|
+
|
171
174
|
# Ensure a deliverer is there unless features have set it first
|
172
175
|
self.deliverer ||= Deliveries::Simple.new(session)
|
173
176
|
context_infos = {}
|
@@ -268,6 +271,10 @@ module Sqreen
|
|
268
271
|
rulespack_id, rules = load_rules(context_infos)
|
269
272
|
@framework.instrument_when_ready!(instrumenter, rules)
|
270
273
|
Sqreen.log.info 'Instrumentation set up'
|
274
|
+
|
275
|
+
# XXX: ecosystem instrumentation should likely be deferred
|
276
|
+
# the same way the rest might be
|
277
|
+
@ecosystem_integration.init
|
271
278
|
rulespack_id.to_s
|
272
279
|
end
|
273
280
|
|
@@ -387,28 +394,18 @@ module Sqreen
|
|
387
394
|
|
388
395
|
def change_performance_budget(budget, _context_infos = {})
|
389
396
|
return false unless budget.nil? || budget.to_f > 0
|
390
|
-
|
391
|
-
|
392
|
-
prev = Sqreen::Weave::Budget.current
|
393
|
-
prev = prev.to_h if prev
|
394
|
-
|
395
|
-
budget_s = budget.to_f / 1000 if budget
|
396
|
-
|
397
|
-
feature = features['performance_budget']
|
398
|
-
if feature
|
399
|
-
budget_s = feature['threshold'] if feature.key?('threshold')
|
400
|
-
ratio = feature['ratio'] if feature.key?('ratio')
|
401
|
-
end
|
402
|
-
|
403
|
-
Sqreen::Weave::Budget.update(threshold: budget_s, ratio: ratio)
|
404
|
-
else
|
405
|
-
prev = Sqreen.performance_budget
|
406
|
-
Sqreen.update_performance_budget(budget)
|
407
|
-
end
|
408
|
-
|
397
|
+
prev = Sqreen.performance_budget
|
398
|
+
Sqreen.update_performance_budget(budget)
|
409
399
|
{ :was => prev }
|
410
400
|
end
|
411
401
|
|
402
|
+
# @param [String] tracing_id_prefix
|
403
|
+
# @param [Array<Hash{String=>Object}>] sampling_config
|
404
|
+
def tracing_enable(tracing_id_prefix, sampling_config, _context_infos = {})
|
405
|
+
@ecosystem_integration.handle_tracing_command(tracing_id_prefix, sampling_config)
|
406
|
+
{ status: true }
|
407
|
+
end
|
408
|
+
|
412
409
|
def upload_bundle(_context_infos = {})
|
413
410
|
t = Time.now
|
414
411
|
session.post_bundle(RuntimeInfos.dependencies_signature, RuntimeInfos.dependencies)
|
@@ -495,15 +492,6 @@ module Sqreen
|
|
495
492
|
logout
|
496
493
|
end
|
497
494
|
|
498
|
-
def restart(_context_infos = {})
|
499
|
-
shutdown
|
500
|
-
heartbeat_delay = @heartbeat_delay
|
501
|
-
Thread.new do
|
502
|
-
sleep(2 * heartbeat_delay)
|
503
|
-
Sqreen::Worker.start(Sqreen.framework)
|
504
|
-
end
|
505
|
-
end
|
506
|
-
|
507
495
|
def logout(retrying = true)
|
508
496
|
return unless session
|
509
497
|
Sqreen.log.debug("Logging out")
|