sqreen 1.21.1 → 1.23.2

data/lib/sqreen/util/capped_string.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/util/capper.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/version.rb

@@ -1,8 +1,8 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 
 module Sqreen
-  VERSION = '1.21.1'.freeze
+  VERSION = '1.23.2'.freeze
 end

data/lib/sqreen/waf_error.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave/budget.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave/hardcoded.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave/instrumentor.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave/legacy.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave/legacy/instrumentation.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
@@ -96,25 +96,99 @@ class Sqreen::Weave::Legacy::Instrumentation
   def instrument!(rules, framework)
     Sqreen::Weave.logger.debug { "#{rules.count} rules, #{framework}" }
 
+    # TODO: make config able to see if value was user-set or default
     strategy = Sqreen.config_get(:weave_strategy)
+    # TODO: factor generic hint system out
+    # TODO: factor those hint definitions to dependency
+    strategy_hints = []
     if strategy == :prepend && !Module.respond_to?(:prepend)
-      Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} unavailable, falling back to :chain" }
-      strategy = :chain
-    elsif strategy == :chain && Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('>= 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
-      Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} unavailable with scout_apm >= 2.5.2, switching to :prepend" }
-      strategy = :prepend
+      Sqreen::Weave.logger.debug { "strategy: #{strategy.inspect} unavailable, falling back to :chain" }
+      strategy_hints << [:chain, 'Module.respond_to?(:prepend)', 'false']
+    end
+    if Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('< 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with scout_apm < 2.5.2, hinting at :chain" }
+      strategy_hints << [:chain, 'scout_apm', '< 2.5.2']
+    end
+    if Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('>= 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with scout_apm >= 2.5.2, hinting at :prepend" }
+      strategy_hints << [:prepend, 'scout_apm', '>= 2.5.2']
+    end
+    if Gem::Specification.select { |s| s.name == 'ddtrace' && Gem::Requirement.new('< 0.27').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with ddtrace < 0.27, hinting at :chain" }
+      strategy_hints << [:chain, 'ddtrace', '< 0.27']
+    end
+    if Gem::Specification.select { |s| s.name == 'ddtrace' && Gem::Requirement.new('>= 0.27').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with ddtrace >= 0.27, hinting at :prepend" }
+      strategy_hints << [:prepend, 'ddtrace', '>= 0.27']
+    end
+    if Gem::Specification.select { |s| s.name == 'skylight' && Gem::Requirement.new('< 5.0.0.beta').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with skylight < 5.0.0.beta, hinting at :chain" }
+      strategy_hints << [:chain, 'skylight', '< 5.0.0.beta']
+    end
+    if Gem::Specification.select { |s| s.name == 'skylight' && Gem::Requirement.new('>= 5.0.0.beta').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with skylight >= 5.0.0.beta, hinting at :prepend" }
+      strategy_hints << [:prepend, 'skylight', '>= 5.0.0.beta']
+    end
+    if Gem::Specification.select { |s| s.name == 'elastic-apm' && Gem::Requirement.new('< 4.0.a').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with elastic-apm < 4.0, hinting at :chain" }
+      strategy_hints << [:chain, 'elastic-apm', '< 4.0.a']
+    end
+    if Gem::Specification.select { |s| s.name == 'elastic-apm' && Gem::Requirement.new('>= 4.0').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with elastic-apm >= 4.0, hinting at :prepend" }
+      strategy_hints << [:prepend, 'elastic-apm', '>= 4.0.a']
+    end
+    if Gem::Specification.select { |s| s.name == 'airbrake' && Gem::Requirement.new('>= 11.0.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with airbrake >= 11.0.2, hinting at :prepend" }
+      strategy_hints << [:prepend, 'airbrake', '>= 11.0.2']
+    end
+    if Gem::Specification.select { |s| s.name == 'newrelic_rpm' && Gem::Requirement.new('>= 6.14').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with newrelic_rpm >= 6.14, hinting at :prepend" }
+      strategy_hints << [:prepend, 'newrelic_rpm', '>= 6.14']
+    end
+    if Gem::Specification.select { |s| s.name =~ /^opentelemetry/ }.any?
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with opentelemetry, hinting at :prepend" }
+      strategy_hints << [:prepend, 'opentelemetry']
+    end
+    if strategy_hints.map(&:first).uniq.count > 1
+      raise Sqreen::Exception, "conflicting instrumentation strategies: #{strategy_hints.inspect}"
+    end
+    if strategy_hints.map(&:first).uniq.count == 1 && strategy != strategy_hints.first.first
+      was = strategy
+      strategy = strategy_hints.first.first
+      Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} was: #{was.inspect} hints: #{strategy_hints.inspect}" }
+    else
+      Sqreen::Weave.logger.info { "strategy: #{strategy.inspect}" }
     end
-    Sqreen::Weave.logger.debug { "strategy: #{strategy.inspect}" }
 
     ### set up rule signature verifier
     verifier = nil
-    if Sqreen.features['rules_signature'] &&
-       Sqreen.config_get(:rules_verify_signature) == true &&
-       !defined?(::JRUBY_VERSION)
+    # TODO: check for JRuby via dependency
+    # TODO: reinstate signatures for JRuby
+    if Sqreen.config_get(:rules_verify_signature) == true && !defined?(::JRUBY_VERSION)
       verifier = Sqreen::SqreenSignedVerifier.new
-      Sqreen::Weave.logger.debug('Rules signature enabled')
+      Sqreen::Weave.logger.debug('rules: signature status: enabled')
     else
-      Sqreen::Weave.logger.debug('Rules signature disabled')
+      Sqreen::Weave.logger.debug('rules: signature status: disabled')
+    end
+
+    if verifier
+      invalid_rules = rules.reject do |rule|
+        valid = verifier.verify(rule)
+
+        if valid
+          Sqreen::Weave.logger.debug { "rule: #{rule['name']} signed: true result: ok" }
+        else
+          Sqreen::Weave.logger.error { "rule: #{rule['name']} singed: true result: fail" }
+        end
+
+        valid
+      end
+      if invalid_rules.any?
+        Sqreen::Weave.logger.error { "weave: instrument status: abort reason: signature result: fail" }
+        raise Sqreen::Exception, "Signature error: rules: #{invalid_rules.map { |r| r['name'] }.inspect}"
+      else
+        Sqreen::Weave.logger.info { "weave: instrument rules: signed result: ok" }
+      end
     end
 
     ### force clean instrumentation callback list
@@ -158,6 +232,8 @@ class Sqreen::Weave::Legacy::Instrumentation
       @hooks << add_callback('weave,hardcoded', hard_callback, strategy)
     end
 
+    @hooks << install_graphql_hook
+
     metrics_engine = self.metrics_engine
 
     request_hook = Sqreen::Graft::Hook['Sqreen::ShrinkWrap#call', strategy]
@@ -494,4 +570,30 @@ class Sqreen::Weave::Legacy::Instrumentation
       Sqreen::Rules::RunUserActions.new(Sqreen, :auth_track, 1),
     ]
   end
+
+  def install_graphql_hook
+    hook = Sqreen::Graft::Hook['GraphQL::Execution::Multiplex.run_queries']
+
+    hook.add do
+      before('weave,test,graphql', mandatory: true) do |call|
+        find_args = proc do |*items|
+          args = []
+          items.each do |e|
+            args << e if e.is_a?(GraphQL::Language::Nodes::Argument)
+            args += find_args.call(*e.children)
+          end
+          args
+        end
+        queries = call.args[1]
+        qdocs = queries.map { |q| [q.query_string, q.document] }
+        qargs = qdocs.map do |q, doc|
+          next if doc.nil?
+          [q, find_args.call(*doc.children).map { |arg| { arg.name => arg.value } }.reduce(&:merge)]
+        end
+        Sqreen.framework.graphql_args = Hash[*qargs.flatten(1)]
+      end
+    end.install
+
+    hook
+  end
 end

data/lib/sqreen/web_server/generic.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/web_server/webrick.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/worker.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.21.1
+  version: 1.23.2
 platform: ruby
 authors:
 - Sqreen
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-10-06 00:00:00.000000000 Z
+date: 2021-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sqreen-backport
@@ -44,32 +44,39 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.4.sqreen2
+        version: '0.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 0.4.a
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.4.sqreen2
+        version: '0.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 0.4.a
 - !ruby/object:Gem::Dependency
   name: libsqreen
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.1.0.0
+        version: '1.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.1.0.0
+        version: '1.0'
 description: Sqreen is a SaaS based Application protection and monitoring platform
   that integrates directly into your Ruby applications. Learn more at https://sqreen.com.
 email: contact@sqreen.com
-executables: []
+executables:
+- sqreen
 extensions: []
 extra_rdoc_files: []
 files:
@@ -78,6 +85,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- bin/sqreen
 - lib/sqreen.rb
 - lib/sqreen/actions.rb
 - lib/sqreen/actions/actions_index.rb
@@ -192,7 +200,11 @@ files:
 - lib/sqreen/graft/call.rb
 - lib/sqreen/graft/callback.rb
 - lib/sqreen/graft/hook.rb
+- lib/sqreen/graft/hook.ruby_2.rb
+- lib/sqreen/graft/hook.ruby_3.rb
 - lib/sqreen/graft/hook_point.rb
+- lib/sqreen/graft/hook_point.ruby_2.rb
+- lib/sqreen/graft/hook_point.ruby_3.rb
 - lib/sqreen/graft/hook_point_error.rb
 - lib/sqreen/invalid_signature_exception.rb
 - lib/sqreen/js.rb
@@ -327,7 +339,7 @@ metadata:
   changelog_uri: https://docs.sqreen.com/ruby/release-notes/
   source_code_uri: https://github.com/sqreen/ruby-agent
   bug_tracker_uri: https://github.com/sqreen/ruby-agent/issues
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -335,15 +347,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 1.9.3
+      version: '2.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Sqreen Ruby agent
 test_files: []