sqreen 1.21.0.beta2 → 1.22.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e5b3d6fc37fd5d2431e622d302fd3f58d35dd64a3fc7abca741a84b213688025
-  data.tar.gz: a3443a3f1c95841af9deb7eb5f4a5ab8c47aabf6c6f42eeb902d828edd3ad91d
+  metadata.gz: 57d4b7264d76b91e470ef68f34927c03050684f38cd02c4c00e22cf6119da732
+  data.tar.gz: 4e4d4ad4e0967db38931e6fe8bcce3ca437b20e7a8db302ef3c51ecfdf999bd7
 SHA512:
-  metadata.gz: 487d63ea8f4bc8c5d3da55dced0c8d458c6a6c7f218689027925d8f6ca2808fc4eda478e57ca67764edb8a049fb8fae60b552974ffa39dfaa0dcd15d31f34071
-  data.tar.gz: 23cf04763b76e95d421a36593c2b96d91aad0f40bc206fe8608606fad803a464d03518ac92b40e4c1bb667dbd163ba79c6380f605b1133270f65d66fb8314173
+  metadata.gz: 6191b1900193ee47b0794aecd80ba598642f10b643c1f98d425006e116a3d2b49eec61bde709fd19bfa721400a362c1f07f3707d09fa8843f7d6b630a6fe3e7a
+  data.tar.gz: 6f90abf84cf3a036bb1dfe2474500f36266fe8dad4f5886c1c1226e0e211a093c0d9b09750cef9c8ee3052cdc19c69203e10d7701a626fd63cb42550cd8eab06

data/CHANGELOG.md

@@ -1,10 +1,50 @@
-## 1.21.0.beta2
+## 1.22.1
 
-* Improve transport and tracing internals
+* Fix excessive exception reporting, reducing CPU and network load
+* Fix sensitive information attachment on pure tracing payloads
+* Redact more sensitive fields by default
+* Ensure preliminary compatibility with Ruby 3.0 previews
+* Allow update to Sqreen MiniRacer 0.3.1
 
-## 1.21.0.beta1
+## 1.22.0
 
-* Add transport and tracing internals
+* Update WAF via libsqreen
+* Add support for raw body
+* Improve signature check
+* Improve APM detection
+
+## 1.21.1
+
+* Work around NewRelic initialisation (see https://github.com/newrelic/newrelic-ruby-agent/issues/461)
+
+## 1.21.0
+
+* Add support for transport and tracing facilities
+
+## 1.20.4
+
+* Fix missing budget check
+* Improve performance
+* Align internal setting name for WAF
+* Include response information in all payloads
+* Improve robustness against invalid Unicode
+* Prevent rule execution to pursue in early block cases
+
+## 1.20.4.beta1
+
+* Add optional dynamic time budget
+* Add advanced per request metrics
+* Improve robustness against exception in instrumentation
+* Improve metric engine thread safety
+* Restrict deferred logger to final logger severity on agent boot
+
+## 1.20.3
+
+* Fix signature check
+
+## 1.20.2
+
+* Fix performance regression in instrumentation engine
 
 ## 1.20.1
 

data/lib/sqreen/actions.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/actions_index.rb

@@ -1,4 +1,8 @@
-# typed: true
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 module Sqreen
   module Actions
     # documents the operations an actions index should implement

data/lib/sqreen/actions/base.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/block_ip.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/block_user.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
@@ -22,7 +22,7 @@ module Sqreen
       end
 
       def do_run(identity_params)
-        Sqreen.log.info(
+        Sqreen.log.debug(
           "Will raise due to user being blocked by action #{id}. " \
           "Blocked user identity: #{identity_params}"
         )

data/lib/sqreen/actions/ip_range_indexed_action_class.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/ip_ranges_index.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/redirect_ip.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
@@ -25,7 +25,7 @@ module Sqreen
       end
 
       def do_run(client_ip)
-        Sqreen.log.info "Will request redirect for client with IP #{client_ip} " \
+        Sqreen.log.debug "Will request redirect for client with IP #{client_ip} " \
           "(action: #{id})."
         {
           :status => :skip,

data/lib/sqreen/actions/redirect_user.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
@@ -24,7 +24,7 @@ module Sqreen
       end
 
       def do_run(identity_params)
-        Sqreen.log.info 'Will request redirect for user with identity ' \
+        Sqreen.log.debug 'Will request redirect for user with identity ' \
           "#{identity_params} (action: #{id})."
 
         e = Sqreen::AttackBlocked.new(

data/lib/sqreen/actions/repository.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/unknown_action_type.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/user_action_class.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/users_index.rb

@@ -1,4 +1,8 @@
-# typed: true
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/actions/actions_index'
 
 module Sqreen

data/lib/sqreen/agent_message.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'digest'
 
 module Sqreen

data/lib/sqreen/aggregated_metric.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/rules/rule_cb'
 require 'sqreen/metrics/base'
 

data/lib/sqreen/attack_blocked.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/binding_accessor.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/binding_accessor/path_elem.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/binding_accessor/transforms.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/call_countable.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/capped_queue.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/cb.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/condition_evaluator.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
@@ -67,7 +67,7 @@ module Sqreen
       return true if rem <= 0
       if hash.is_a?(Array)
         return hash.any? do |v|
-          ConditionEvaluator.hash_key_include?(values, v, min_value_size, rem - 1)
+          hash_key_include?(values, v, min_value_size, rem - 1)
         end
       end
 
@@ -81,7 +81,13 @@ module Sqreen
           if hkey.respond_to?(:empty?) && hkey.empty?
             false
           else
-            values.include?(hkey.to_s) || ConditionEvaluator.hash_key_include?(values, hval, min_value_size, rem - 1)
+            key_incl = if values.is_a?(String)
+                         str_include?(values, hkey.to_s)
+                       else
+                         values.include?(hkey.to_s)
+                       end
+
+            key_incl || hash_key_include?(values, hval, min_value_size, rem - 1)
           end
         end
       end

data/lib/sqreen/conditionable.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/configuration.rb

@@ -57,7 +57,7 @@ module Sqreen
     { :env => :SQREEN_RULES_SIGNATURE, :name => :rules_verify_signature,
       :default => true },
     { :env => :SQREEN_LOG_LEVEL, :name => :log_level,
-      :default => 'WARN', :choice => %w[UNKNOWN FATAL ERROR WARN INFO DEBUG] },
+      :default => 'INFO', :choice => %w[UNKNOWN FATAL ERROR WARN INFO DEBUG] },
     { :env => :SQREEN_LOG_LOCATION, :name => :log_location,
       :default => 'log/sqreen.log' },
     { :env => :SQREEN_RUN_IN_TEST, :name => :run_in_test,

data/lib/sqreen/context.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/default_cb.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/deferred_logger.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
@@ -9,35 +9,70 @@ require 'sqreen/logger'
 
 module Sqreen
   class DeferredLogger
-    include Singleton
+    MAX_ENTRIES = 1000
+
+    Entry = Struct.new(:severity, :message)
 
     def initialize
       @buffer = StringIO.new
       @logger = ::Logger.new(@buffer)
+      @entries = []
+      @mutex = Mutex.new
+    end
+
+    def debug?
+      true
+    end
+
+    def info?
+      true
+    end
+
+    def warn?
+      true
+    end
+
+    def error?
+      true
+    end
+
+    def fatal?
+      true
     end
 
     def debug(msg = nil, &block)
-      @logger.debug(msg, &block)
+      add(::Logger::DEBUG, msg, &block)
     end
 
     def info(msg = nil, &block)
-      @logger.info(msg, &block)
+      add(::Logger::INFO, msg, &block)
     end
 
     def warn(msg = nil, &block)
-      @logger.warn(msg, &block)
+      add(::Logger::WARN, msg, &block)
     end
 
     def error(msg = nil, &block)
-      @logger.error(msg, &block)
+      add(::Logger::ERROR, msg, &block)
     end
 
     def fatal(msg = nil, &block)
-      @logger.error(msg, &block)
+      add(::Logger::FATAL, msg, &block)
+    end
+
+    def unknown(msg = nil, &block)
+      add(::Logger::UNKNOWN, msg, &block)
     end
 
     def add(severity, msg = nil, &block)
-      send(Sqreen::Logger::SEVERITY_TO_METHOD[severity], msg, &block)
+      @mutex.synchronize do
+        @entries.shift if @entries.count >= MAX_ENTRIES
+        mark = @buffer.pos
+        @logger.add(severity, msg, &block)
+        @buffer.seek(mark)
+        @entries << Entry.new(severity, @buffer.read)
+        @buffer.truncate(0)
+      end
     end
 
     def formatter=(value)
@@ -45,21 +80,22 @@ module Sqreen
     end
 
     def flush_to(logger)
-      logger.instance_eval { @logdev }.write(read).tap { reset }
+      @mutex.synchronize do
+        @entries.each do |entry|
+          next if entry.severity < logger.level
+          logger.instance_eval { @logdev }.write(entry.message)
+        end
+        reset
+      end
     end
 
     private
 
-    def read
-      @buffer.rewind
-      @buffer.read
-    end
-
     def reset
       buffer = StringIO.new
       logger = ::Logger.new(buffer)
       logger.formatter = @logger.formatter
-      @buffer, @logger = buffer, logger
+      @buffer, @logger, @entries = buffer, logger, []
     end
   end
 end

data/lib/sqreen/deliveries.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/deliveries/batch.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html