sqreen 1.22.0 → 1.24.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +25 -0
- data/bin/sqreen +43 -0
- data/lib/sqreen/actions.rb +1 -1
- data/lib/sqreen/actions/actions_index.rb +5 -1
- data/lib/sqreen/actions/base.rb +1 -1
- data/lib/sqreen/actions/block_ip.rb +1 -1
- data/lib/sqreen/actions/block_user.rb +1 -1
- data/lib/sqreen/actions/ip_range_indexed_action_class.rb +1 -1
- data/lib/sqreen/actions/ip_ranges_index.rb +1 -1
- data/lib/sqreen/actions/redirect_ip.rb +1 -1
- data/lib/sqreen/actions/redirect_user.rb +1 -1
- data/lib/sqreen/actions/repository.rb +1 -1
- data/lib/sqreen/actions/unknown_action_type.rb +1 -1
- data/lib/sqreen/actions/user_action_class.rb +1 -1
- data/lib/sqreen/actions/users_index.rb +5 -1
- data/lib/sqreen/agent_message.rb +5 -0
- data/lib/sqreen/aggregated_metric.rb +5 -0
- data/lib/sqreen/attack_blocked.rb +1 -1
- data/lib/sqreen/binding_accessor.rb +1 -1
- data/lib/sqreen/binding_accessor/path_elem.rb +1 -1
- data/lib/sqreen/binding_accessor/transforms.rb +1 -1
- data/lib/sqreen/call_countable.rb +1 -1
- data/lib/sqreen/capped_queue.rb +1 -1
- data/lib/sqreen/cb.rb +1 -1
- data/lib/sqreen/condition_evaluator.rb +1 -1
- data/lib/sqreen/conditionable.rb +1 -1
- data/lib/sqreen/configuration.rb +2 -0
- data/lib/sqreen/context.rb +1 -1
- data/lib/sqreen/default_cb.rb +1 -1
- data/lib/sqreen/deferred_logger.rb +1 -1
- data/lib/sqreen/deliveries.rb +1 -1
- data/lib/sqreen/deliveries/batch.rb +1 -1
- data/lib/sqreen/deliveries/simple.rb +1 -1
- data/lib/sqreen/dependency.rb +1 -1
- data/lib/sqreen/dependency/new_relic.rb +1 -1
- data/lib/sqreen/deprecation.rb +1 -1
- data/lib/sqreen/ecosystem.rb +5 -0
- data/lib/sqreen/ecosystem/databases/database_connection_data.rb +5 -0
- data/lib/sqreen/ecosystem/databases/mongo.rb +5 -0
- data/lib/sqreen/ecosystem/databases/mysql.rb +5 -0
- data/lib/sqreen/ecosystem/databases/postgres.rb +5 -0
- data/lib/sqreen/ecosystem/databases/redis.rb +5 -0
- data/lib/sqreen/ecosystem/dispatch_table.rb +5 -0
- data/lib/sqreen/ecosystem/exception_reporting.rb +5 -0
- data/lib/sqreen/ecosystem/http/net_http.rb +5 -0
- data/lib/sqreen/ecosystem/http/rack_request.rb +5 -0
- data/lib/sqreen/ecosystem/loggable.rb +5 -0
- data/lib/sqreen/ecosystem/messaging/bunny.rb +5 -0
- data/lib/sqreen/ecosystem/messaging/kafka.rb +5 -0
- data/lib/sqreen/ecosystem/messaging/kinesis.rb +5 -0
- data/lib/sqreen/ecosystem/messaging/sqs.rb +5 -0
- data/lib/sqreen/ecosystem/module_api.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/event_listener.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/instrumentation.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/message_producer.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/signal_producer.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing/client_data.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing/consumer_data.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing/messaging_data.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing/producer_data.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing/server_data.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/tracing_id_generation.rb +5 -0
- data/lib/sqreen/ecosystem/module_api/transaction_storage.rb +5 -0
- data/lib/sqreen/ecosystem/module_registry.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/modules/client.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/modules/consumer.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/modules/determine_ip.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/modules/producer.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/modules/server.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/sampler.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/sampling_configuration.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_client.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_consumer.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_producer.rb +5 -0
- data/lib/sqreen/ecosystem/tracing/signals/tracing_server.rb +5 -0
- data/lib/sqreen/ecosystem/tracing_broker.rb +5 -0
- data/lib/sqreen/ecosystem/tracing_id_setup.rb +5 -0
- data/lib/sqreen/ecosystem/transaction_storage.rb +5 -0
- data/lib/sqreen/ecosystem/util/call_writers_from_init.rb +5 -0
- data/lib/sqreen/ecosystem_integration.rb +5 -0
- data/lib/sqreen/ecosystem_integration/around_callbacks.rb +5 -0
- data/lib/sqreen/ecosystem_integration/instrumentation_service.rb +5 -0
- data/lib/sqreen/ecosystem_integration/request_lifecycle_tracking.rb +5 -0
- data/lib/sqreen/ecosystem_integration/signal_consumption.rb +6 -8
- data/lib/sqreen/endpoint_testing.rb +5 -0
- data/lib/sqreen/error_handling_middleware.rb +1 -1
- data/lib/sqreen/event.rb +1 -1
- data/lib/sqreen/events/attack.rb +9 -1
- data/lib/sqreen/events/remote_exception.rb +1 -1
- data/lib/sqreen/events/request_record.rb +1 -1
- data/lib/sqreen/exception.rb +1 -1
- data/lib/sqreen/formatter_with_tid.rb +1 -1
- data/lib/sqreen/framework_cb.rb +1 -1
- data/lib/sqreen/frameworks/generic.rb +18 -1
- data/lib/sqreen/frameworks/sqreen_test.rb +1 -1
- data/lib/sqreen/graft.rb +1 -1
- data/lib/sqreen/graft/call.rb +1 -1
- data/lib/sqreen/graft/callback.rb +1 -1
- data/lib/sqreen/graft/hook.rb +8 -294
- data/lib/sqreen/graft/hook.ruby_2.rb +305 -0
- data/lib/sqreen/graft/hook.ruby_3.rb +305 -0
- data/lib/sqreen/graft/hook_point.rb +7 -7
- data/lib/sqreen/graft/hook_point.ruby_2.rb +18 -0
- data/lib/sqreen/graft/hook_point.ruby_3.rb +19 -0
- data/lib/sqreen/graft/hook_point_error.rb +1 -1
- data/lib/sqreen/invalid_signature_exception.rb +1 -1
- data/lib/sqreen/js.rb +1 -1
- data/lib/sqreen/js/call_context.rb +1 -1
- data/lib/sqreen/js/context_pool.rb +8 -6
- data/lib/sqreen/js/exec_js_runnable.rb +1 -1
- data/lib/sqreen/js/execjs_adapter.rb +1 -1
- data/lib/sqreen/js/executable_js.rb +1 -1
- data/lib/sqreen/js/js_service_adapter.rb +1 -1
- data/lib/sqreen/js/mini_racer_adapter.rb +2 -1
- data/lib/sqreen/js/mini_racer_executable_js.rb +2 -0
- data/lib/sqreen/js/thread_local_exec_js_runnable.rb +1 -1
- data/lib/sqreen/legacy.rb +1 -1
- data/lib/sqreen/log/loggable.rb +1 -1
- data/lib/sqreen/logger.rb +1 -1
- data/lib/sqreen/metrics.rb +1 -1
- data/lib/sqreen/metrics/average.rb +1 -1
- data/lib/sqreen/metrics/base.rb +1 -1
- data/lib/sqreen/metrics/binning.rb +1 -1
- data/lib/sqreen/metrics/collect.rb +1 -1
- data/lib/sqreen/metrics/sum.rb +1 -1
- data/lib/sqreen/metrics_store.rb +1 -1
- data/lib/sqreen/metrics_store/already_registered_metric.rb +1 -1
- data/lib/sqreen/metrics_store/unknown_metric.rb +1 -1
- data/lib/sqreen/metrics_store/unregistered_metric.rb +1 -1
- data/lib/sqreen/middleware.rb +1 -1
- data/lib/sqreen/node.rb +1 -1
- data/lib/sqreen/not_implemented_yet.rb +1 -1
- data/lib/sqreen/null_logger.rb +1 -1
- data/lib/sqreen/payload_creator/header_section.rb +1 -1
- data/lib/sqreen/performance_notifications.rb +1 -1
- data/lib/sqreen/performance_notifications/binned_metrics.rb +1 -1
- data/lib/sqreen/performance_notifications/log.rb +1 -1
- data/lib/sqreen/performance_notifications/log_performance.rb +1 -1
- data/lib/sqreen/performance_notifications/metrics.rb +1 -1
- data/lib/sqreen/prefix.rb +1 -1
- data/lib/sqreen/rails_middleware.rb +1 -1
- data/lib/sqreen/remote_command.rb +1 -1
- data/lib/sqreen/remote_command/failure_output.rb +1 -1
- data/lib/sqreen/rules/attrs.rb +1 -1
- data/lib/sqreen/rules/execjs_cb.rb +1 -0
- data/lib/sqreen/rules/run_user_actions.rb +1 -1
- data/lib/sqreen/run_when_called_cb.rb +1 -1
- data/lib/sqreen/runner.rb +11 -0
- data/lib/sqreen/safe_json.rb +1 -1
- data/lib/sqreen/sensitive_data_redactor.rb +2 -2
- data/lib/sqreen/serializer.rb +1 -1
- data/lib/sqreen/shared_storage.rb +1 -1
- data/lib/sqreen/shrink_wrap.rb +1 -1
- data/lib/sqreen/signals/conversions.rb +22 -2
- data/lib/sqreen/signals/http_trace_redaction.rb +5 -0
- data/lib/sqreen/signals/signals_submission_strategy.rb +5 -0
- data/lib/sqreen/signature_verifier.rb +1 -1
- data/lib/sqreen/sinatra_middleware.rb +1 -1
- data/lib/sqreen/sqreen_signed_verifier.rb +1 -1
- data/lib/sqreen/token_invalid_exception.rb +1 -1
- data/lib/sqreen/token_not_found_exception.rb +1 -1
- data/lib/sqreen/trie.rb +1 -1
- data/lib/sqreen/unauthorized.rb +1 -1
- data/lib/sqreen/util.rb +1 -1
- data/lib/sqreen/util/capped_array.rb +1 -1
- data/lib/sqreen/util/capped_hash.rb +1 -1
- data/lib/sqreen/util/capped_string.rb +1 -1
- data/lib/sqreen/util/capper.rb +1 -1
- data/lib/sqreen/version.rb +2 -2
- data/lib/sqreen/waf_error.rb +1 -1
- data/lib/sqreen/weave.rb +1 -1
- data/lib/sqreen/weave/budget.rb +1 -1
- data/lib/sqreen/weave/hardcoded.rb +1 -1
- data/lib/sqreen/weave/instrumentor.rb +1 -1
- data/lib/sqreen/weave/legacy.rb +1 -1
- data/lib/sqreen/weave/legacy/instrumentation.rb +62 -7
- data/lib/sqreen/web_server/generic.rb +1 -1
- data/lib/sqreen/web_server/webrick.rb +1 -1
- data/lib/sqreen/worker.rb +1 -1
- metadata +24 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b43caee6a7702bfde6a56f9a3d9ad735de10b5a214ce5d097c3c26c3527f5918
|
4
|
+
data.tar.gz: 803451b19b5277384c9e74b186e00e0a1d0d8a8a77cb5483cf486088a1705b0d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2d35106412544c74a99bcf5eb39b1bc33d95720efbce196e139c15f40c1259b1aaf4646cab127849b9235d3f1cf0ce421c01859eb1c4bc6076683d3f7beeef33
|
7
|
+
data.tar.gz: b0f5452dda0d2702397968e103313bf910bb996c09064354be78fcabb6492dbb15d898aa1caf5835307a5f21b878550fae59826fbc347382772cba1823cefea2
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,28 @@
|
|
1
|
+
## 1.24.0
|
2
|
+
|
3
|
+
* Add Sqreen event correlation with Datadog traces
|
4
|
+
|
5
|
+
## 1.23.2
|
6
|
+
|
7
|
+
* Fix compatibility with NewRelic for attack events
|
8
|
+
* Fix incorrect rule rejection despite all signature checks individually passing
|
9
|
+
|
10
|
+
## 1.23.1
|
11
|
+
|
12
|
+
* Improve compatibility with gems such as puma and graphql on Ruby 3.0
|
13
|
+
|
14
|
+
## 1.23.0
|
15
|
+
|
16
|
+
* Implement GraphQL support
|
17
|
+
|
18
|
+
## 1.22.1
|
19
|
+
|
20
|
+
* Fix excessive exception reporting, reducing CPU and network load
|
21
|
+
* Fix sensitive information attachment on pure tracing payloads
|
22
|
+
* Redact more sensitive fields by default
|
23
|
+
* Ensure preliminary compatibility with Ruby 3.0 previews
|
24
|
+
* Allow update to Sqreen MiniRacer 0.3.1
|
25
|
+
|
1
26
|
## 1.22.0
|
2
27
|
|
3
28
|
* Update WAF via libsqreen
|
data/bin/sqreen
ADDED
@@ -0,0 +1,43 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
def logger
|
4
|
+
@logger ||= Logger.new(STDOUT, level: :debug)
|
5
|
+
end
|
6
|
+
|
7
|
+
def verify(rules)
|
8
|
+
verifier = Sqreen::SqreenSignedVerifier.new
|
9
|
+
|
10
|
+
invalid_rules = rules.reject do |rule|
|
11
|
+
valid = verifier.verify(rule)
|
12
|
+
|
13
|
+
if valid
|
14
|
+
logger.debug { "rule: #{rule['name']} signed: true result: ok" }
|
15
|
+
else
|
16
|
+
logger.error { "rule: #{rule['name']} singed: true result: fail" }
|
17
|
+
end
|
18
|
+
|
19
|
+
valid
|
20
|
+
end
|
21
|
+
|
22
|
+
if invalid_rules.any?
|
23
|
+
logger.error { "weave: instrument status: abort reason: signature result: fail" }
|
24
|
+
raise Sqreen::Exception, "Signature error: rules: #{invalid_rules.map { |r| r['name'] }.inspect}"
|
25
|
+
else
|
26
|
+
logger.info { "weave: instrument rules: signed result: ok" }
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def check_signature(file)
|
31
|
+
require 'json'
|
32
|
+
require 'logger'
|
33
|
+
require 'sqreen/sqreen_signed_verifier'
|
34
|
+
|
35
|
+
content = File.open(file, 'rb', &:read)
|
36
|
+
json = JSON.parse(content)
|
37
|
+
|
38
|
+
p verify(json)
|
39
|
+
end
|
40
|
+
|
41
|
+
case ARGV[0]
|
42
|
+
when 'check-signature' then check_signature(ARGV[1]) || exit(1)
|
43
|
+
end
|
data/lib/sqreen/actions.rb
CHANGED
@@ -1,4 +1,8 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: ignore
|
2
|
+
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
+
|
2
6
|
module Sqreen
|
3
7
|
module Actions
|
4
8
|
# documents the operations an actions index should implement
|
data/lib/sqreen/actions/base.rb
CHANGED
data/lib/sqreen/agent_message.rb
CHANGED
data/lib/sqreen/capped_queue.rb
CHANGED
data/lib/sqreen/cb.rb
CHANGED
data/lib/sqreen/conditionable.rb
CHANGED
data/lib/sqreen/configuration.rb
CHANGED
@@ -56,6 +56,8 @@ module Sqreen
|
|
56
56
|
:default => nil },
|
57
57
|
{ :env => :SQREEN_RULES_SIGNATURE, :name => :rules_verify_signature,
|
58
58
|
:default => true },
|
59
|
+
{ :env => :SQREEN_RULES_DUMP, :name => :rules_dump,
|
60
|
+
:default => false },
|
59
61
|
{ :env => :SQREEN_LOG_LEVEL, :name => :log_level,
|
60
62
|
:default => 'INFO', :choice => %w[UNKNOWN FATAL ERROR WARN INFO DEBUG] },
|
61
63
|
{ :env => :SQREEN_LOG_LOCATION, :name => :log_location,
|
data/lib/sqreen/context.rb
CHANGED
data/lib/sqreen/default_cb.rb
CHANGED
data/lib/sqreen/deliveries.rb
CHANGED
data/lib/sqreen/dependency.rb
CHANGED
@@ -19,7 +19,7 @@ module Sqreen
|
|
19
19
|
def ignore_sqreen_exceptions
|
20
20
|
return unless required?
|
21
21
|
|
22
|
-
NewRelic::Agent::Agent.instance.error_collector.ignore(['Sqreen::AttackBlocked'])
|
22
|
+
::NewRelic::Agent::Agent.instance.error_collector.ignore(['Sqreen::AttackBlocked'])
|
23
23
|
rescue ::Exception => e # rubocop:disable Lint/RescueException
|
24
24
|
Sqreen.log.warn "Failed ignoring AttackBlocked on NewRelic: #{e.inspect}"
|
25
25
|
end
|
data/lib/sqreen/deprecation.rb
CHANGED
data/lib/sqreen/ecosystem.rb
CHANGED
@@ -1,3 +1,8 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
+
|
1
6
|
require 'securerandom'
|
2
7
|
require 'sqreen/ecosystem/module_registry'
|
3
8
|
require 'sqreen/ecosystem/tracing/sampling_configuration'
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
+
|
1
6
|
require 'sqreen/ecosystem/module_api'
|
2
7
|
require 'sqreen/ecosystem/module_api/instrumentation'
|
3
8
|
require 'sqreen/ecosystem/module_api/message_producer'
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
+
|
1
6
|
require 'sqreen/ecosystem/module_api'
|
2
7
|
require 'sqreen/ecosystem/module_api/instrumentation'
|
3
8
|
require 'sqreen/ecosystem/module_api/message_producer'
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
+
|
1
6
|
require 'sqreen/ecosystem/module_api'
|
2
7
|
require 'sqreen/ecosystem/module_api/instrumentation'
|
3
8
|
require 'sqreen/ecosystem/module_api/message_producer'
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
+
|
1
6
|
require 'sqreen/ecosystem/module_api'
|
2
7
|
require 'sqreen/ecosystem/module_api/instrumentation'
|
3
8
|
require 'sqreen/ecosystem/module_api/message_producer'
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
+
|
1
6
|
require 'sqreen/ecosystem/dispatch_table'
|
2
7
|
require 'sqreen/ecosystem/loggable'
|
3
8
|
require 'sqreen/kit/configuration'
|
@@ -1,3 +1,8 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
+
|
1
6
|
require 'sqreen/ecosystem/module_api'
|
2
7
|
require 'sqreen/ecosystem/module_api/instrumentation'
|
3
8
|
require 'sqreen/ecosystem/module_api/message_producer'
|