sqreen 1.22.0 → 1.22.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/lib/sqreen/actions.rb +1 -1
- data/lib/sqreen/actions/actions_index.rb +5 -1
- data/lib/sqreen/actions/base.rb +1 -1
- data/lib/sqreen/actions/block_ip.rb +1 -1
- data/lib/sqreen/actions/block_user.rb +1 -1
- data/lib/sqreen/actions/ip_range_indexed_action_class.rb +1 -1
- data/lib/sqreen/actions/ip_ranges_index.rb +1 -1
- data/lib/sqreen/actions/redirect_ip.rb +1 -1
- data/lib/sqreen/actions/redirect_user.rb +1 -1
- data/lib/sqreen/actions/repository.rb +1 -1
- data/lib/sqreen/actions/unknown_action_type.rb +1 -1
- data/lib/sqreen/actions/user_action_class.rb +1 -1
- data/lib/sqreen/actions/users_index.rb +5 -1
- data/lib/sqreen/agent_message.rb +5 -0
- data/lib/sqreen/aggregated_metric.rb +5 -0
- data/lib/sqreen/attack_blocked.rb +1 -1
- data/lib/sqreen/binding_accessor.rb +1 -1
- data/lib/sqreen/binding_accessor/path_elem.rb +1 -1
- data/lib/sqreen/binding_accessor/transforms.rb +1 -1
- data/lib/sqreen/call_countable.rb +1 -1
- data/lib/sqreen/capped_queue.rb +1 -1
- data/lib/sqreen/cb.rb +1 -1
- data/lib/sqreen/condition_evaluator.rb +1 -1
- data/lib/sqreen/conditionable.rb +1 -1
- data/lib/sqreen/context.rb +1 -1
- data/lib/sqreen/default_cb.rb +1 -1
- data/lib/sqreen/deferred_logger.rb +1 -1
- data/lib/sqreen/deliveries.rb +1 -1
- data/lib/sqreen/deliveries/batch.rb +1 -1
- data/lib/sqreen/deliveries/simple.rb +1 -1
- data/lib/sqreen/dependency.rb +1 -1
- data/lib/sqreen/deprecation.rb +1 -1
- data/lib/sqreen/ecosystem.rb +5 -0
- data/lib/sqreen/ecosystem/databases/database_connection_data.rb +5 -0
- data/lib/sqreen/ecosystem/databases/mongo.rb +5 -0
- data/lib/sqreen/ecosystem/databases/mysql.rb +5 -0
- data/lib/sqreen/ecosystem/databases/postgres.rb +5 -0
- data/lib/sqreen/ecosystem/databases/redis.rb +5 -0
- data/lib/sqreen/ecosystem/dispatch_table.rb +5 -0
- data/lib/sqreen/ecosystem/exception_reporting.rb +5 -0
- data/lib/sqreen/ecosystem/http/net_http.rb +5 -0
- data/lib/sqreen/ecosystem/http/rack_request.rb +5 -0
- data/lib/sqreen/ecosystem/loggable.rb +5 -0
- data/lib/sqreen/ecosystem/messaging/bunny.rb +5 -0
- data/lib/sqreen/ecosystem/messaging/kafka.rb +5 -0
- data/lib/sqreen/ecosystem/messaging/kinesis.rb +5 -0
- data/lib/sqreen/ecosystem/messaging/sqs.rb +5 -0
- data/lib/sqreen/ecosystem/module_api.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/event_listener.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/instrumentation.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/message_producer.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/signal_producer.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing/client_data.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing/consumer_data.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing/messaging_data.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing/producer_data.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing/server_data.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing_id_generation.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/transaction_storage.rb +5 -0
- data/lib/sqreen/ecosystem/module_registry.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/modules/client.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/modules/consumer.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/modules/determine_ip.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/modules/producer.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/modules/server.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/sampler.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/sampling_configuration.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_client.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_consumer.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_producer.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_server.rb +5 -0
- data/lib/sqreen/ecosystem/tracing_broker.rb +5 -0
- data/lib/sqreen/ecosystem/tracing_id_setup.rb +5 -0
- data/lib/sqreen/ecosystem/transaction_storage.rb +5 -0
- data/lib/sqreen/ecosystem/util/call_writers_from_init.rb +5 -0
- data/lib/sqreen/ecosystem_integration.rb +5 -0
- data/lib/sqreen/ecosystem_integration/around_callbacks.rb +5 -0
- data/lib/sqreen/ecosystem_integration/instrumentation_service.rb +5 -0
- data/lib/sqreen/ecosystem_integration/request_lifecycle_tracking.rb +5 -0
- data/lib/sqreen/ecosystem_integration/signal_consumption.rb +6 -8
- data/lib/sqreen/endpoint_testing.rb +5 -0
- data/lib/sqreen/error_handling_middleware.rb +1 -1
- data/lib/sqreen/event.rb +1 -1
- data/lib/sqreen/events/attack.rb +1 -1
- data/lib/sqreen/events/remote_exception.rb +1 -1
- data/lib/sqreen/events/request_record.rb +1 -1
- data/lib/sqreen/exception.rb +1 -1
- data/lib/sqreen/formatter_with_tid.rb +1 -1
- data/lib/sqreen/framework_cb.rb +1 -1
- data/lib/sqreen/frameworks/sqreen_test.rb +1 -1
- data/lib/sqreen/graft.rb +1 -1
- data/lib/sqreen/graft/call.rb +1 -1
- data/lib/sqreen/graft/callback.rb +1 -1
- data/lib/sqreen/graft/hook.rb +8 -6
- data/lib/sqreen/graft/hook_point.rb +1 -1
- data/lib/sqreen/graft/hook_point_error.rb +1 -1
- data/lib/sqreen/invalid_signature_exception.rb +1 -1
- data/lib/sqreen/js.rb +1 -1
- data/lib/sqreen/js/call_context.rb +1 -1
- data/lib/sqreen/js/context_pool.rb +8 -6
- data/lib/sqreen/js/exec_js_runnable.rb +1 -1
- data/lib/sqreen/js/execjs_adapter.rb +1 -1
- data/lib/sqreen/js/executable_js.rb +1 -1
- data/lib/sqreen/js/js_service_adapter.rb +1 -1
- data/lib/sqreen/js/mini_racer_adapter.rb +2 -1
- data/lib/sqreen/js/mini_racer_executable_js.rb +2 -0
- data/lib/sqreen/js/thread_local_exec_js_runnable.rb +1 -1
- data/lib/sqreen/legacy.rb +1 -1
- data/lib/sqreen/log/loggable.rb +1 -1
- data/lib/sqreen/logger.rb +1 -1
- data/lib/sqreen/metrics.rb +1 -1
- data/lib/sqreen/metrics/average.rb +1 -1
- data/lib/sqreen/metrics/base.rb +1 -1
- data/lib/sqreen/metrics/binning.rb +1 -1
- data/lib/sqreen/metrics/collect.rb +1 -1
- data/lib/sqreen/metrics/sum.rb +1 -1
- data/lib/sqreen/metrics_store.rb +1 -1
- data/lib/sqreen/metrics_store/already_registered_metric.rb +1 -1
- data/lib/sqreen/metrics_store/unknown_metric.rb +1 -1
- data/lib/sqreen/metrics_store/unregistered_metric.rb +1 -1
- data/lib/sqreen/middleware.rb +1 -1
- data/lib/sqreen/node.rb +1 -1
- data/lib/sqreen/not_implemented_yet.rb +1 -1
- data/lib/sqreen/null_logger.rb +1 -1
- data/lib/sqreen/payload_creator/header_section.rb +1 -1
- data/lib/sqreen/performance_notifications.rb +1 -1
- data/lib/sqreen/performance_notifications/binned_metrics.rb +1 -1
- data/lib/sqreen/performance_notifications/log.rb +1 -1
- data/lib/sqreen/performance_notifications/log_performance.rb +1 -1
- data/lib/sqreen/performance_notifications/metrics.rb +1 -1
- data/lib/sqreen/prefix.rb +1 -1
- data/lib/sqreen/rails_middleware.rb +1 -1
- data/lib/sqreen/remote_command.rb +1 -1
- data/lib/sqreen/remote_command/failure_output.rb +1 -1
- data/lib/sqreen/rules/attrs.rb +1 -1
- data/lib/sqreen/rules/execjs_cb.rb +1 -0
- data/lib/sqreen/rules/run_user_actions.rb +1 -1
- data/lib/sqreen/run_when_called_cb.rb +1 -1
- data/lib/sqreen/safe_json.rb +1 -1
- data/lib/sqreen/sensitive_data_redactor.rb +2 -2
- data/lib/sqreen/serializer.rb +1 -1
- data/lib/sqreen/shared_storage.rb +1 -1
- data/lib/sqreen/shrink_wrap.rb +1 -1
- data/lib/sqreen/signals/conversions.rb +5 -0
- data/lib/sqreen/signals/http_trace_redaction.rb +5 -0
- data/lib/sqreen/signals/signals_submission_strategy.rb +5 -0
- data/lib/sqreen/signature_verifier.rb +1 -1
- data/lib/sqreen/sinatra_middleware.rb +1 -1
- data/lib/sqreen/sqreen_signed_verifier.rb +1 -1
- data/lib/sqreen/token_invalid_exception.rb +1 -1
- data/lib/sqreen/token_not_found_exception.rb +1 -1
- data/lib/sqreen/trie.rb +1 -1
- data/lib/sqreen/unauthorized.rb +1 -1
- data/lib/sqreen/util.rb +1 -1
- data/lib/sqreen/util/capped_array.rb +1 -1
- data/lib/sqreen/util/capped_hash.rb +1 -1
- data/lib/sqreen/util/capped_string.rb +1 -1
- data/lib/sqreen/util/capper.rb +1 -1
- data/lib/sqreen/version.rb +2 -2
- data/lib/sqreen/waf_error.rb +1 -1
- data/lib/sqreen/weave.rb +1 -1
- data/lib/sqreen/weave/budget.rb +1 -1
- data/lib/sqreen/weave/hardcoded.rb +1 -1
- data/lib/sqreen/weave/instrumentor.rb +1 -1
- data/lib/sqreen/weave/legacy.rb +1 -1
- data/lib/sqreen/weave/legacy/instrumentation.rb +27 -7
- data/lib/sqreen/web_server/generic.rb +1 -1
- data/lib/sqreen/web_server/webrick.rb +1 -1
- data/lib/sqreen/worker.rb +1 -1
- metadata +14 -8
data/lib/sqreen/js.rb
CHANGED
|
@@ -29,9 +29,10 @@ module Sqreen
|
|
|
29
29
|
@mutex.synchronize do
|
|
30
30
|
if @contexts.empty?
|
|
31
31
|
@total_ctxs += 1
|
|
32
|
-
Sqreen.log.debug "
|
|
32
|
+
Sqreen.log.debug { "js:context_pool action:spawn count:#{@total_ctxs}" }
|
|
33
33
|
SqreenContext.new
|
|
34
34
|
else
|
|
35
|
+
Sqreen.log.debug { "js:context_pool action:pop count:#{@total_ctxs}" }
|
|
35
36
|
@contexts.pop
|
|
36
37
|
end
|
|
37
38
|
end
|
|
@@ -43,18 +44,19 @@ module Sqreen
|
|
|
43
44
|
if context.gc_load > 30
|
|
44
45
|
if context.gc_threshold_in_bytes == DEFAULT_GC_THRESHOLD
|
|
45
46
|
context.gc_threshold_in_bytes *= 2
|
|
46
|
-
Sqreen.log.warn
|
|
47
|
-
'collections; doubling the threshold to ' \
|
|
48
|
-
"#{context.gc_threshold_in_bytes} bytes")
|
|
47
|
+
Sqreen.log.warn { "js:context action:increase reason:gc threshold:#{context.gc_threshold_in_bytes}" }
|
|
49
48
|
context.gc_load = 0
|
|
50
49
|
else
|
|
51
|
-
Sqreen.log.warn
|
|
52
|
-
|
|
50
|
+
Sqreen.log.warn { "js:context action:discard reason:gc threshold:#{context.gc_threshold_in_bytes}" }
|
|
51
|
+
|
|
52
|
+
Sqreen.log.debug { "js:context_pool action:drop reason:gc count:#{@total_ctxs}" }
|
|
53
53
|
context.dispose
|
|
54
54
|
return
|
|
55
55
|
end
|
|
56
56
|
end
|
|
57
57
|
|
|
58
|
+
Sqreen.log.debug { "js:context_pool action:push count:#{@total_ctxs}" }
|
|
59
|
+
|
|
58
60
|
@mutex.synchronize { @contexts.push(context); }
|
|
59
61
|
end
|
|
60
62
|
end
|
|
@@ -23,7 +23,8 @@ module Sqreen
|
|
|
23
23
|
self.class.static_init
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
def preprocess(
|
|
26
|
+
def preprocess(rule_name, code)
|
|
27
|
+
Sqreen.log.debug("js:#{self.class.name} variant:#{variant_name} preprocess:#{rule_name}")
|
|
27
28
|
MiniRacerExecutableJs.new(@pool, code, @vendored)
|
|
28
29
|
end
|
|
29
30
|
|
|
@@ -37,7 +37,9 @@ module Sqreen
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def run_js_cb(cb_name, budget, arguments)
|
|
40
|
+
Sqreen.log.debug { "js:#{self.class} callback:#{cb_name} pool:#{@pool.inspect}" }
|
|
40
41
|
@pool.with_context do |ctx|
|
|
42
|
+
Sqreen.log.debug { "js:#{self.class} callback:#{cb_name} context:#{ctx.inspect}" }
|
|
41
43
|
if ctx.code_failed?(@code_id)
|
|
42
44
|
Sqreen.log.debug do
|
|
43
45
|
"Skipping execution of callback #{cb_name} (code md5 #{@code_id})" \
|
data/lib/sqreen/legacy.rb
CHANGED
data/lib/sqreen/log/loggable.rb
CHANGED
data/lib/sqreen/logger.rb
CHANGED
data/lib/sqreen/metrics.rb
CHANGED
data/lib/sqreen/metrics/base.rb
CHANGED
data/lib/sqreen/metrics/sum.rb
CHANGED
data/lib/sqreen/metrics_store.rb
CHANGED
data/lib/sqreen/middleware.rb
CHANGED
data/lib/sqreen/node.rb
CHANGED
data/lib/sqreen/null_logger.rb
CHANGED
data/lib/sqreen/prefix.rb
CHANGED
data/lib/sqreen/rules/attrs.rb
CHANGED
|
@@ -102,6 +102,7 @@ module Sqreen
|
|
|
102
102
|
end
|
|
103
103
|
arguments = @argument_filter.filter(cb_name, arguments)
|
|
104
104
|
|
|
105
|
+
Sqreen.log.debug { "js:#{@executable.class} callback:#{cb_name}" }
|
|
105
106
|
ret = @executable.run_js_cb(cb_name, budget, arguments)
|
|
106
107
|
|
|
107
108
|
unless record_and_continue?(ret)
|
data/lib/sqreen/safe_json.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: ignore
|
|
2
2
|
|
|
3
3
|
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
|
4
4
|
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
|
@@ -11,7 +11,7 @@ require 'sqreen/log'
|
|
|
11
11
|
module Sqreen
|
|
12
12
|
# For redacting sensitive data and avoid having it sent to our servers
|
|
13
13
|
class SensitiveDataRedactor
|
|
14
|
-
DEFAULT_SENSITIVE_KEYS = Set.new(%w[password secret passwd authorization api_key apikey access_token]).freeze
|
|
14
|
+
DEFAULT_SENSITIVE_KEYS = Set.new(%w[password password2 password_confirmation secret passwd authorization api_key apikey token access_token jwt_token cvv cvv2]).freeze
|
|
15
15
|
DEFAULT_REGEX = /\A(?:\d[ -]*?){13,16}\z/
|
|
16
16
|
MASK = '<Redacted by Sqreen>'.freeze
|
|
17
17
|
|
data/lib/sqreen/serializer.rb
CHANGED
data/lib/sqreen/shrink_wrap.rb
CHANGED