sqreen 1.22.0 → 1.24.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 72fc8c4943ce7cb8cd45a80553ae02ae8c28086ca1895a89f2ec5840b2e6a883
-  data.tar.gz: ca46dc3483df4a16fca77e0226ca7c9a3d832c5a837155b86f0ee70c5fc12226
+  metadata.gz: b43caee6a7702bfde6a56f9a3d9ad735de10b5a214ce5d097c3c26c3527f5918
+  data.tar.gz: 803451b19b5277384c9e74b186e00e0a1d0d8a8a77cb5483cf486088a1705b0d
 SHA512:
-  metadata.gz: 112a455abff8baca0c586f1479351e8e900e73d7f89b31e83fcbdc07ae99dbfa86f7439541a2f1688d56b481ce9094e16cd6bf860cb9959c7edd7be80ed66f92
-  data.tar.gz: 3f867ee75cf103c8817007540151e189c10116e0da8fa0bdad324de3bfa611d2bb4f888fdccf1074248f7976f26eb68fc81f987fcae0db5208ee9c00569f9797
+  metadata.gz: 2d35106412544c74a99bcf5eb39b1bc33d95720efbce196e139c15f40c1259b1aaf4646cab127849b9235d3f1cf0ce421c01859eb1c4bc6076683d3f7beeef33
+  data.tar.gz: b0f5452dda0d2702397968e103313bf910bb996c09064354be78fcabb6492dbb15d898aa1caf5835307a5f21b878550fae59826fbc347382772cba1823cefea2

data/CHANGELOG.md

@@ -1,3 +1,28 @@
+## 1.24.0
+
+* Add Sqreen event correlation with Datadog traces
+
+## 1.23.2
+
+* Fix compatibility with NewRelic for attack events
+* Fix incorrect rule rejection despite all signature checks individually passing
+
+## 1.23.1
+
+* Improve compatibility with gems such as puma and graphql on Ruby 3.0
+
+## 1.23.0
+
+* Implement GraphQL support
+
+## 1.22.1
+
+* Fix excessive exception reporting, reducing CPU and network load
+* Fix sensitive information attachment on pure tracing payloads
+* Redact more sensitive fields by default
+* Ensure preliminary compatibility with Ruby 3.0 previews
+* Allow update to Sqreen MiniRacer 0.3.1
+
 ## 1.22.0
 
 * Update WAF via libsqreen

data/bin/sqreen

@@ -0,0 +1,43 @@
+#!/usr/bin/env ruby
+
+def logger
+  @logger ||= Logger.new(STDOUT, level: :debug)
+end
+
+def verify(rules)
+  verifier = Sqreen::SqreenSignedVerifier.new
+
+  invalid_rules = rules.reject do |rule|
+    valid = verifier.verify(rule)
+
+    if valid
+      logger.debug { "rule: #{rule['name']} signed: true result: ok" }
+    else
+      logger.error { "rule: #{rule['name']} singed: true result: fail" }
+    end
+
+    valid
+  end
+
+  if invalid_rules.any?
+    logger.error { "weave: instrument status: abort reason: signature result: fail" }
+    raise Sqreen::Exception, "Signature error: rules: #{invalid_rules.map { |r| r['name'] }.inspect}"
+  else
+    logger.info { "weave: instrument rules: signed result: ok" }
+  end
+end
+
+def check_signature(file)
+  require 'json'
+  require 'logger'
+  require 'sqreen/sqreen_signed_verifier'
+
+  content = File.open(file, 'rb', &:read)
+  json = JSON.parse(content)
+
+  p verify(json)
+end
+
+case ARGV[0]
+when 'check-signature' then check_signature(ARGV[1]) || exit(1)
+end

data/lib/sqreen/actions.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/actions_index.rb

@@ -1,4 +1,8 @@
-# typed: true
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 module Sqreen
   module Actions
     # documents the operations an actions index should implement

data/lib/sqreen/actions/base.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/block_ip.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/block_user.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/ip_range_indexed_action_class.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/ip_ranges_index.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/redirect_ip.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/redirect_user.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/repository.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/unknown_action_type.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/user_action_class.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/actions/users_index.rb

@@ -1,4 +1,8 @@
-# typed: true
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/actions/actions_index'
 
 module Sqreen

data/lib/sqreen/agent_message.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'digest'
 
 module Sqreen

data/lib/sqreen/aggregated_metric.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/rules/rule_cb'
 require 'sqreen/metrics/base'
 

data/lib/sqreen/attack_blocked.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/binding_accessor.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/binding_accessor/path_elem.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/binding_accessor/transforms.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/call_countable.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/capped_queue.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/cb.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/condition_evaluator.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/conditionable.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/configuration.rb

@@ -56,6 +56,8 @@ module Sqreen
       :default => nil },
     { :env => :SQREEN_RULES_SIGNATURE, :name => :rules_verify_signature,
       :default => true },
+    { :env => :SQREEN_RULES_DUMP, :name => :rules_dump,
+      :default => false },
     { :env => :SQREEN_LOG_LEVEL, :name => :log_level,
       :default => 'INFO', :choice => %w[UNKNOWN FATAL ERROR WARN INFO DEBUG] },
     { :env => :SQREEN_LOG_LOCATION, :name => :log_location,

data/lib/sqreen/context.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/default_cb.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/deferred_logger.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/deliveries.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/deliveries/batch.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/deliveries/simple.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/dependency.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/dependency/new_relic.rb

@@ -19,7 +19,7 @@ module Sqreen
       def ignore_sqreen_exceptions
         return unless required?
 
-        NewRelic::Agent::Agent.instance.error_collector.ignore(['Sqreen::AttackBlocked'])
+        ::NewRelic::Agent::Agent.instance.error_collector.ignore(['Sqreen::AttackBlocked'])
       rescue ::Exception => e # rubocop:disable Lint/RescueException
         Sqreen.log.warn "Failed ignoring AttackBlocked on NewRelic: #{e.inspect}"
       end

data/lib/sqreen/deprecation.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/ecosystem.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'securerandom'
 require 'sqreen/ecosystem/module_registry'
 require 'sqreen/ecosystem/tracing/sampling_configuration'

data/lib/sqreen/ecosystem/databases/database_connection_data.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/ecosystem/module_api/tracing/client_data'
 
 module Sqreen

data/lib/sqreen/ecosystem/databases/mongo.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/ecosystem/module_api'
 require 'sqreen/ecosystem/module_api/instrumentation'
 require 'sqreen/ecosystem/module_api/message_producer'

data/lib/sqreen/ecosystem/databases/mysql.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/ecosystem/module_api'
 require 'sqreen/ecosystem/module_api/instrumentation'
 require 'sqreen/ecosystem/module_api/message_producer'

data/lib/sqreen/ecosystem/databases/postgres.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/ecosystem/module_api'
 require 'sqreen/ecosystem/module_api/instrumentation'
 require 'sqreen/ecosystem/module_api/message_producer'

data/lib/sqreen/ecosystem/databases/redis.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/ecosystem/module_api'
 require 'sqreen/ecosystem/module_api/instrumentation'
 require 'sqreen/ecosystem/module_api/message_producer'

data/lib/sqreen/ecosystem/dispatch_table.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'logger'
 
 module Sqreen

data/lib/sqreen/ecosystem/exception_reporting.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/ecosystem/dispatch_table'
 require 'sqreen/ecosystem/loggable'
 require 'sqreen/kit/configuration'

data/lib/sqreen/ecosystem/http/net_http.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/ecosystem/module_api'
 require 'sqreen/ecosystem/module_api/instrumentation'
 require 'sqreen/ecosystem/module_api/message_producer'