sqreen 1.21.1 → 1.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/lib/sqreen/frameworks/generic.rb +12 -0
  4. data/lib/sqreen/version.rb +1 -1
  5. data/lib/sqreen/weave/legacy/instrumentation.rb +63 -11
  6. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6611caf7add24e05a248fce4026be48a4c47612335c5fc9a26c64c33cd0409e9
4
- data.tar.gz: 8381eba611e37df32a8744848661bcf144eaffe00c818e306355508fe0267394
3
+ metadata.gz: 72fc8c4943ce7cb8cd45a80553ae02ae8c28086ca1895a89f2ec5840b2e6a883
4
+ data.tar.gz: ca46dc3483df4a16fca77e0226ca7c9a3d832c5a837155b86f0ee70c5fc12226
5
5
  SHA512:
6
- metadata.gz: 65c820c306961ed812360c2c73a1f37396433238cff8fd79e2676132d7842eaa86d3555bf860d7c2f6fd465783f8c1aeb59100c94349b8c53588d83513265d2e
7
- data.tar.gz: 38cda532df6f1037ac243c8cd5ccaecd708b880ff377d3fcbcecad329be184d40ec9f27deb61b69124be3d37ff74a16f88a7ab1032a6e6a0f6b5387645181027
6
+ metadata.gz: 112a455abff8baca0c586f1479351e8e900e73d7f89b31e83fcbdc07ae99dbfa86f7439541a2f1688d56b481ce9094e16cd6bf860cb9959c7edd7be80ed66f92
7
+ data.tar.gz: 3f867ee75cf103c8817007540151e189c10116e0da8fa0bdad324de3bfa611d2bb4f888fdccf1074248f7976f26eb68fc81f987fcae0db5208ee9c00569f9797
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ## 1.22.0
2
+
3
+ * Update WAF via libsqreen
4
+ * Add support for raw body
5
+ * Improve signature check
6
+ * Improve APM detection
7
+
1
8
  ## 1.21.1
2
9
 
3
10
  * Work around NewRelic initialisation (see https://github.com/newrelic/newrelic-ruby-agent/issues/461)
data/lib/sqreen/frameworks/generic.rb CHANGED
@@ -400,6 +400,18 @@ module Sqreen
400
400
  r
401
401
  end
402
402
 
403
+ def body
404
+ return nil unless request.respond_to?(:body)
405
+ return nil unless request.body.respond_to?(:read)
406
+ return nil unless request.body.respond_to?(:rewind)
407
+
408
+ body_io = request.body
409
+ body = body_io.read(4096)
410
+ body_io.rewind
411
+
412
+ body
413
+ end
414
+
403
415
  # Expose current working directory
404
416
  def cwd
405
417
  Dir.getwd
data/lib/sqreen/version.rb CHANGED
@@ -4,5 +4,5 @@
4
4
  # Please refer to our terms for more information: https://www.sqreen.com/terms.html
5
5
 
6
6
  module Sqreen
7
- VERSION = '1.21.1'.freeze
7
+ VERSION = '1.22.0'.freeze
8
8
  end
data/lib/sqreen/weave/legacy/instrumentation.rb CHANGED
@@ -96,25 +96,77 @@ class Sqreen::Weave::Legacy::Instrumentation
96
96
  def instrument!(rules, framework)
97
97
  Sqreen::Weave.logger.debug { "#{rules.count} rules, #{framework}" }
98
98
 
99
+ # TODO: make config able to see if value was user-set or default
99
100
  strategy = Sqreen.config_get(:weave_strategy)
101
+ # TODO: factor generic hint system out
102
+ # TODO: factor those hint definitions to dependency
103
+ strategy_hints = []
100
104
  if strategy == :prepend && !Module.respond_to?(:prepend)
101
- Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} unavailable, falling back to :chain" }
102
- strategy = :chain
103
- elsif strategy == :chain && Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('>= 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
104
- Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} unavailable with scout_apm >= 2.5.2, switching to :prepend" }
105
- strategy = :prepend
105
+ Sqreen::Weave.logger.debug { "strategy: #{strategy.inspect} unavailable, falling back to :chain" }
106
+ strategy_hints << [:chain, 'Module.respond_to?(:prepend)', 'false']
107
+ end
108
+ if Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('< 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
109
+ Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with scout_apm < 2.5.2, switching to :chain" }
110
+ strategy_hints << [:chain, 'scout_apm', '< 2.5.2']
111
+ end
112
+ if Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('>= 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
113
+ Sqreen::Weave.logger.debug { "strategy: :chain unavailable with scout_apm >= 2.5.2, switching to :prepend" }
114
+ strategy_hints << [:prepend, 'scout_apm', '>= 2.5.2']
115
+ end
116
+ if Gem::Specification.select { |s| s.name == 'ddtrace' && Gem::Requirement.new('< 0.27').satisfied_by?(Gem::Version.new(s.version)) }.any?
117
+ Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with ddtrace < 0.27, switching to :chain" }
118
+ strategy_hints << [:chain, 'ddtrace', '< 0.27']
119
+ end
120
+ if Gem::Specification.select { |s| s.name == 'ddtrace' && Gem::Requirement.new('>= 0.27').satisfied_by?(Gem::Version.new(s.version)) }.any?
121
+ Sqreen::Weave.logger.debug { "strategy: :chain unavailable with ddtrace >= 0.27, switching to :prepend" }
122
+ strategy_hints << [:prepend, 'ddtrace', '>= 0.27']
123
+ end
124
+ if Gem::Specification.select { |s| s.name == 'skylight' && Gem::Requirement.new('< 5.0.0.beta').satisfied_by?(Gem::Version.new(s.version)) }.any?
125
+ Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with skylight < 5.0.0.beta, switching to :chain" }
126
+ strategy_hints << [:chain, 'skylight', '< 5.0.0.beta']
127
+ end
128
+ if Gem::Specification.select { |s| s.name == 'skylight' && Gem::Requirement.new('>= 5.0.0.beta').satisfied_by?(Gem::Version.new(s.version)) }.any?
129
+ Sqreen::Weave.logger.debug { "strategy: :chain unavailable with skylight >= 5.0.0.beta, switching to :prepend" }
130
+ strategy_hints << [:prepend, 'skylight', '>= 5.0.0.beta']
131
+ end
132
+ if strategy_hints.map(&:first).uniq.count > 1
133
+ raise Sqreen::Exception, "conflicting instrumentation strategies: #{strategy_hints.inspect}"
134
+ end
135
+ if strategy_hints.map(&:first).uniq.count == 1 && strategy != strategy_hints.first.first
136
+ was = strategy
137
+ strategy = strategy_hints.first.first
138
+ Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} was: #{was.inspect} hints: #{strategy_hints.inspect}" }
139
+ else
140
+ Sqreen::Weave.logger.info { "strategy: #{strategy.inspect}" }
106
141
  end
107
- Sqreen::Weave.logger.debug { "strategy: #{strategy.inspect}" }
108
142
 
109
143
  ### set up rule signature verifier
110
144
  verifier = nil
111
- if Sqreen.features['rules_signature'] &&
112
- Sqreen.config_get(:rules_verify_signature) == true &&
113
- !defined?(::JRUBY_VERSION)
145
+ # TODO: check for JRuby via dependency
146
+ # TODO: reinstate signatures for JRuby
147
+ if Sqreen.config_get(:rules_verify_signature) == true && !defined?(::JRUBY_VERSION)
114
148
  verifier = Sqreen::SqreenSignedVerifier.new
115
- Sqreen::Weave.logger.debug('Rules signature enabled')
149
+ Sqreen::Weave.logger.debug('rules: signature status: enabled')
116
150
  else
117
- Sqreen::Weave.logger.debug('Rules signature disabled')
151
+ Sqreen::Weave.logger.debug('rules: signature status: disabled')
152
+ end
153
+
154
+ if verifier
155
+ invalid_rules = rules.reject do |rule|
156
+ valid = verifier.verify(rule)
157
+
158
+ if valid
159
+ Sqreen::Weave.logger.debug { "rule: #{rule['name']} signed: true result: ok" }
160
+ else
161
+ Sqreen::Weave.logger.error { "rule: #{rule['name']} singed: true result: fail" }
162
+ end
163
+ end
164
+ if invalid_rules.any?
165
+ Sqreen::Weave.logger.error { "weave: instrument status: abort reason: signature result: fail" }
166
+ raise Sqreen::Exception, "Signature error: rules: #{invalid_rules.map { |r| r['name'] }.inspect}"
167
+ else
168
+ Sqreen::Weave.logger.info { "weave: instrument rules: signed result: ok" }
169
+ end
118
170
  end
119
171
 
120
172
  ### force clean instrumentation callback list
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.21.1
4
+ version: 1.22.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-06 00:00:00.000000000 Z
11
+ date: 2020-11-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sqreen-backport
@@ -58,14 +58,14 @@ dependencies:
58
58
  requirements:
59
59
  - - "~>"
60
60
  - !ruby/object:Gem::Version
61
- version: 0.6.1.0.0
61
+ version: '1.0'
62
62
  type: :runtime
63
63
  prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - "~>"
67
67
  - !ruby/object:Gem::Version
68
- version: 0.6.1.0.0
68
+ version: '1.0'
69
69
  description: Sqreen is a SaaS based Application protection and monitoring platform
70
70
  that integrates directly into your Ruby applications. Learn more at https://sqreen.com.
71
71
  email: contact@sqreen.com
@@ -342,7 +342,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
342
342
  - !ruby/object:Gem::Version
343
343
  version: '0'
344
344
  requirements: []
345
- rubygems_version: 3.1.4
345
+ rubygems_version: 3.1.2
346
346
  signing_key:
347
347
  specification_version: 4
348
348
  summary: Sqreen Ruby agent