sqreen 1.21.1 → 1.22.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/lib/sqreen/frameworks/generic.rb +12 -0
  4. data/lib/sqreen/version.rb +1 -1
  5. data/lib/sqreen/weave/legacy/instrumentation.rb +63 -11
  6. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6611caf7add24e05a248fce4026be48a4c47612335c5fc9a26c64c33cd0409e9
4
- data.tar.gz: 8381eba611e37df32a8744848661bcf144eaffe00c818e306355508fe0267394
3
+ metadata.gz: 72fc8c4943ce7cb8cd45a80553ae02ae8c28086ca1895a89f2ec5840b2e6a883
4
+ data.tar.gz: ca46dc3483df4a16fca77e0226ca7c9a3d832c5a837155b86f0ee70c5fc12226
5
5
  SHA512:
6
- metadata.gz: 65c820c306961ed812360c2c73a1f37396433238cff8fd79e2676132d7842eaa86d3555bf860d7c2f6fd465783f8c1aeb59100c94349b8c53588d83513265d2e
7
- data.tar.gz: 38cda532df6f1037ac243c8cd5ccaecd708b880ff377d3fcbcecad329be184d40ec9f27deb61b69124be3d37ff74a16f88a7ab1032a6e6a0f6b5387645181027
6
+ metadata.gz: 112a455abff8baca0c586f1479351e8e900e73d7f89b31e83fcbdc07ae99dbfa86f7439541a2f1688d56b481ce9094e16cd6bf860cb9959c7edd7be80ed66f92
7
+ data.tar.gz: 3f867ee75cf103c8817007540151e189c10116e0da8fa0bdad324de3bfa611d2bb4f888fdccf1074248f7976f26eb68fc81f987fcae0db5208ee9c00569f9797
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ## 1.22.0
2
+
3
+ * Update WAF via libsqreen
4
+ * Add support for raw body
5
+ * Improve signature check
6
+ * Improve APM detection
7
+
1
8
  ## 1.21.1
2
9
 
3
10
  * Work around NewRelic initialisation (see https://github.com/newrelic/newrelic-ruby-agent/issues/461)
data/lib/sqreen/frameworks/generic.rb CHANGED
@@ -400,6 +400,18 @@ module Sqreen
400
400
  r
401
401
  end
402
402
 
403
+ def body
404
+ return nil unless request.respond_to?(:body)
405
+ return nil unless request.body.respond_to?(:read)
406
+ return nil unless request.body.respond_to?(:rewind)
407
+
408
+ body_io = request.body
409
+ body = body_io.read(4096)
410
+ body_io.rewind
411
+
412
+ body
413
+ end
414
+
403
415
  # Expose current working directory
404
416
  def cwd
405
417
  Dir.getwd
data/lib/sqreen/version.rb CHANGED
@@ -4,5 +4,5 @@
4
4
  # Please refer to our terms for more information: https://www.sqreen.com/terms.html
5
5
 
6
6
  module Sqreen
7
- VERSION = '1.21.1'.freeze
7
+ VERSION = '1.22.0'.freeze
8
8
  end
data/lib/sqreen/weave/legacy/instrumentation.rb CHANGED
@@ -96,25 +96,77 @@ class Sqreen::Weave::Legacy::Instrumentation
96
96
  def instrument!(rules, framework)
97
97
  Sqreen::Weave.logger.debug { "#{rules.count} rules, #{framework}" }
98
98
 
99
+ # TODO: make config able to see if value was user-set or default
99
100
  strategy = Sqreen.config_get(:weave_strategy)
101
+ # TODO: factor generic hint system out
102
+ # TODO: factor those hint definitions to dependency
103
+ strategy_hints = []
100
104
  if strategy == :prepend && !Module.respond_to?(:prepend)
101
- Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} unavailable, falling back to :chain" }
102
- strategy = :chain
103
- elsif strategy == :chain && Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('>= 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
104
- Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} unavailable with scout_apm >= 2.5.2, switching to :prepend" }
105
- strategy = :prepend
105
+ Sqreen::Weave.logger.debug { "strategy: #{strategy.inspect} unavailable, falling back to :chain" }
106
+ strategy_hints << [:chain, 'Module.respond_to?(:prepend)', 'false']
107
+ end
108
+ if Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('< 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
109
+ Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with scout_apm < 2.5.2, switching to :chain" }
110
+ strategy_hints << [:chain, 'scout_apm', '< 2.5.2']
111
+ end
112
+ if Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('>= 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
113
+ Sqreen::Weave.logger.debug { "strategy: :chain unavailable with scout_apm >= 2.5.2, switching to :prepend" }
114
+ strategy_hints << [:prepend, 'scout_apm', '>= 2.5.2']
115
+ end
116
+ if Gem::Specification.select { |s| s.name == 'ddtrace' && Gem::Requirement.new('< 0.27').satisfied_by?(Gem::Version.new(s.version)) }.any?
117
+ Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with ddtrace < 0.27, switching to :chain" }
118
+ strategy_hints << [:chain, 'ddtrace', '< 0.27']
119
+ end
120
+ if Gem::Specification.select { |s| s.name == 'ddtrace' && Gem::Requirement.new('>= 0.27').satisfied_by?(Gem::Version.new(s.version)) }.any?
121
+ Sqreen::Weave.logger.debug { "strategy: :chain unavailable with ddtrace >= 0.27, switching to :prepend" }
122
+ strategy_hints << [:prepend, 'ddtrace', '>= 0.27']
123
+ end
124
+ if Gem::Specification.select { |s| s.name == 'skylight' && Gem::Requirement.new('< 5.0.0.beta').satisfied_by?(Gem::Version.new(s.version)) }.any?
125
+ Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with skylight < 5.0.0.beta, switching to :chain" }
126
+ strategy_hints << [:chain, 'skylight', '< 5.0.0.beta']
127
+ end
128
+ if Gem::Specification.select { |s| s.name == 'skylight' && Gem::Requirement.new('>= 5.0.0.beta').satisfied_by?(Gem::Version.new(s.version)) }.any?
129
+ Sqreen::Weave.logger.debug { "strategy: :chain unavailable with skylight >= 5.0.0.beta, switching to :prepend" }
130
+ strategy_hints << [:prepend, 'skylight', '>= 5.0.0.beta']
131
+ end
132
+ if strategy_hints.map(&:first).uniq.count > 1
133
+ raise Sqreen::Exception, "conflicting instrumentation strategies: #{strategy_hints.inspect}"
134
+ end
135
+ if strategy_hints.map(&:first).uniq.count == 1 && strategy != strategy_hints.first.first
136
+ was = strategy
137
+ strategy = strategy_hints.first.first
138
+ Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} was: #{was.inspect} hints: #{strategy_hints.inspect}" }
139
+ else
140
+ Sqreen::Weave.logger.info { "strategy: #{strategy.inspect}" }
106
141
  end
107
- Sqreen::Weave.logger.debug { "strategy: #{strategy.inspect}" }
108
142
 
109
143
  ### set up rule signature verifier
110
144
  verifier = nil
111
- if Sqreen.features['rules_signature'] &&
112
- Sqreen.config_get(:rules_verify_signature) == true &&
113
- !defined?(::JRUBY_VERSION)
145
+ # TODO: check for JRuby via dependency
146
+ # TODO: reinstate signatures for JRuby
147
+ if Sqreen.config_get(:rules_verify_signature) == true && !defined?(::JRUBY_VERSION)
114
148
  verifier = Sqreen::SqreenSignedVerifier.new
115
- Sqreen::Weave.logger.debug('Rules signature enabled')
149
+ Sqreen::Weave.logger.debug('rules: signature status: enabled')
116
150
  else
117
- Sqreen::Weave.logger.debug('Rules signature disabled')
151
+ Sqreen::Weave.logger.debug('rules: signature status: disabled')
152
+ end
153
+
154
+ if verifier
155
+ invalid_rules = rules.reject do |rule|
156
+ valid = verifier.verify(rule)
157
+
158
+ if valid
159
+ Sqreen::Weave.logger.debug { "rule: #{rule['name']} signed: true result: ok" }
160
+ else
161
+ Sqreen::Weave.logger.error { "rule: #{rule['name']} singed: true result: fail" }
162
+ end
163
+ end
164
+ if invalid_rules.any?
165
+ Sqreen::Weave.logger.error { "weave: instrument status: abort reason: signature result: fail" }
166
+ raise Sqreen::Exception, "Signature error: rules: #{invalid_rules.map { |r| r['name'] }.inspect}"
167
+ else
168
+ Sqreen::Weave.logger.info { "weave: instrument rules: signed result: ok" }
169
+ end
118
170
  end
119
171
 
120
172
  ### force clean instrumentation callback list
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.21.1
4
+ version: 1.22.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-06 00:00:00.000000000 Z
11
+ date: 2020-11-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sqreen-backport
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: 0.6.1.0.0
61
+ version: '1.0'
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: 0.6.1.0.0
68
+ version: '1.0'
69
69
  description: Sqreen is a SaaS based Application protection and monitoring platform
70
70
  that integrates directly into your Ruby applications. Learn more at https://sqreen.com.
71
71
  email: contact@sqreen.com
@@ -342,7 +342,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
342
342
  - !ruby/object:Gem::Version
343
343
  version: '0'
344
344
  requirements: []
345
- rubygems_version: 3.1.4
345
+ rubygems_version: 3.1.2
346
346
  signing_key:
347
347
  specification_version: 4
348
348
  summary: Sqreen Ruby agent