sqreen 1.22.0 → 1.24.0

data/lib/sqreen/safe_json.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/sensitive_data_redactor.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
@@ -11,7 +11,7 @@ require 'sqreen/log'
 module Sqreen
   # For redacting sensitive data and avoid having it sent to our servers
   class SensitiveDataRedactor
-    DEFAULT_SENSITIVE_KEYS = Set.new(%w[password secret passwd authorization api_key apikey access_token]).freeze
+    DEFAULT_SENSITIVE_KEYS = Set.new(%w[password password2 password_confirmation secret passwd authorization api_key apikey token access_token jwt_token cvv cvv2]).freeze
     DEFAULT_REGEX = /\A(?:\d[ -]*?){13,16}\z/
     MASK = '<Redacted by Sqreen>'.freeze
 

data/lib/sqreen/serializer.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/shared_storage.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/shrink_wrap.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/signals/conversions.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/version'
 require 'sqreen/rules/rule_cb'
 require 'sqreen/metrics/base'
@@ -39,11 +44,17 @@ module Sqreen
         # XXX: not used because we don't use Sqreen::Attack
         def convert_attack(attack)
           # no need to set actor/context as we only include them in request records/traces
+          location_h = {}
+          location_h.merge!(stack_trace: attack.backtrace) if attack.backtrace
+          location_h.merge!(datadog_trace_id: datadog_trace_id) if attack.datadog_trace_id
+          location_h.merge!(datadog_span_id: datadog_span_id) if attack.datadog_span_id
+          location = Kit::Signals::Location.new(location_h) unless location_h.empty?
+
           Kit::Signals::Specialized::Attack.new(
             signal_name: "sq.agent.attack.#{attack.attack_type}",
             source: "sqreen:rule:#{attack.rulespack_id}:#{attack.rule_name}",
             time: attack.time,
-            location: Kit::Signals::Location.new(stack_trace: attack.backtrace),
+            location: location,
             payload: Kit::Signals::Specialized::Attack::Payload.new(
               test: attack.test?,
               block: attack.block?,
@@ -54,11 +65,17 @@ module Sqreen
 
         # see Sqreen::Rules::RuleCB.record_event
         def convert_unstructured_attack(payload)
+          location_h = {}
+          location_h.merge!(stack_trace: payload[:backtrace]) if payload[:backtrace]
+          location_h.merge!(datadog_trace_id: payload[:datadog_trace_id]) if payload[:datadog_span_id]
+          location_h.merge!(datadog_span_id: payload[:datadog_span_id]) if payload[:datadog_span_id]
+          location = Kit::Signals::Location.new(location_h) unless location_h.empty?
+
           Kit::Signals::Specialized::Attack.new(
             signal_name: "sq.agent.attack.#{payload[:attack_type]}",
             source: "sqreen:rule:#{payload[:rulespack_id]}:#{payload[:rule_name]}",
             time: payload[:time],
-            location: (Kit::Signals::Location.new(stack_trace: payload[:backtrace]) if payload[:backtrace]),
+            location: location,
             payload: Kit::Signals::Specialized::Attack::Payload.new(
               test: payload[:test],
               block: payload[:block],
@@ -229,6 +246,9 @@ module Sqreen
               status: resp_payload[:status],
               content_length: resp_payload[:content_length],
               content_type: resp_payload[:content_type],
+              # datadog
+              datadog_trace_id: req_payload[:datadog_trace_id],
+              datadog_span_id: req_payload[:datadog_span_id],
             }
           )
         end

data/lib/sqreen/signals/http_trace_redaction.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'json'
 require 'sqreen/kit/loggable'
 require 'sqreen/kit/signals/specialized/http_trace'

data/lib/sqreen/signals/signals_submission_strategy.rb

@@ -1,3 +1,8 @@
+# typed: ignore
+
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.com/terms.html
+
 require 'sqreen/aggregated_metric'
 require 'sqreen/kit'
 require 'sqreen/kit/string_sanitizer'

data/lib/sqreen/signature_verifier.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/sinatra_middleware.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/sqreen_signed_verifier.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/token_invalid_exception.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/token_not_found_exception.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/trie.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/unauthorized.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/util.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/util/capped_array.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/util/capped_hash.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/util/capped_string.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/util/capper.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/version.rb

@@ -1,8 +1,8 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 
 module Sqreen
-  VERSION = '1.22.0'.freeze
+  VERSION = '1.24.0'.freeze
 end

data/lib/sqreen/waf_error.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave/budget.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave/hardcoded.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave/instrumentor.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave/legacy.rb

@@ -1,4 +1,4 @@
-# typed: strong
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/weave/legacy/instrumentation.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
@@ -106,29 +106,49 @@ class Sqreen::Weave::Legacy::Instrumentation
       strategy_hints << [:chain, 'Module.respond_to?(:prepend)', 'false']
     end
     if Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('< 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
-      Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with scout_apm < 2.5.2, switching to :chain" }
+      Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with scout_apm < 2.5.2, hinting at :chain" }
       strategy_hints << [:chain, 'scout_apm', '< 2.5.2']
     end
     if Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('>= 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
-      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with scout_apm >= 2.5.2, switching to :prepend" }
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with scout_apm >= 2.5.2, hinting at :prepend" }
       strategy_hints << [:prepend, 'scout_apm', '>= 2.5.2']
     end
     if Gem::Specification.select { |s| s.name == 'ddtrace' && Gem::Requirement.new('< 0.27').satisfied_by?(Gem::Version.new(s.version)) }.any?
-      Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with ddtrace < 0.27, switching to :chain" }
+      Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with ddtrace < 0.27, hinting at :chain" }
       strategy_hints << [:chain, 'ddtrace', '< 0.27']
     end
     if Gem::Specification.select { |s| s.name == 'ddtrace' && Gem::Requirement.new('>= 0.27').satisfied_by?(Gem::Version.new(s.version)) }.any?
-      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with ddtrace >= 0.27, switching to :prepend" }
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with ddtrace >= 0.27, hinting at :prepend" }
       strategy_hints << [:prepend, 'ddtrace', '>= 0.27']
     end
     if Gem::Specification.select { |s| s.name == 'skylight' && Gem::Requirement.new('< 5.0.0.beta').satisfied_by?(Gem::Version.new(s.version)) }.any?
-      Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with skylight < 5.0.0.beta, switching to :chain" }
+      Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with skylight < 5.0.0.beta, hinting at :chain" }
       strategy_hints << [:chain, 'skylight', '< 5.0.0.beta']
     end
     if Gem::Specification.select { |s| s.name == 'skylight' && Gem::Requirement.new('>= 5.0.0.beta').satisfied_by?(Gem::Version.new(s.version)) }.any?
-      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with skylight >= 5.0.0.beta, switching to :prepend" }
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with skylight >= 5.0.0.beta, hinting at :prepend" }
       strategy_hints << [:prepend, 'skylight', '>= 5.0.0.beta']
     end
+    if Gem::Specification.select { |s| s.name == 'elastic-apm' && Gem::Requirement.new('< 4.0.a').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with elastic-apm < 4.0, hinting at :chain" }
+      strategy_hints << [:chain, 'elastic-apm', '< 4.0.a']
+    end
+    if Gem::Specification.select { |s| s.name == 'elastic-apm' && Gem::Requirement.new('>= 4.0').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with elastic-apm >= 4.0, hinting at :prepend" }
+      strategy_hints << [:prepend, 'elastic-apm', '>= 4.0.a']
+    end
+    if Gem::Specification.select { |s| s.name == 'airbrake' && Gem::Requirement.new('>= 11.0.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with airbrake >= 11.0.2, hinting at :prepend" }
+      strategy_hints << [:prepend, 'airbrake', '>= 11.0.2']
+    end
+    if Gem::Specification.select { |s| s.name == 'newrelic_rpm' && Gem::Requirement.new('>= 6.14').satisfied_by?(Gem::Version.new(s.version)) }.any?
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with newrelic_rpm >= 6.14, hinting at :prepend" }
+      strategy_hints << [:prepend, 'newrelic_rpm', '>= 6.14']
+    end
+    if Gem::Specification.select { |s| s.name =~ /^opentelemetry/ }.any?
+      Sqreen::Weave.logger.debug { "strategy: :chain unavailable with opentelemetry, hinting at :prepend" }
+      strategy_hints << [:prepend, 'opentelemetry']
+    end
     if strategy_hints.map(&:first).uniq.count > 1
       raise Sqreen::Exception, "conflicting instrumentation strategies: #{strategy_hints.inspect}"
     end
@@ -160,6 +180,8 @@ class Sqreen::Weave::Legacy::Instrumentation
         else
           Sqreen::Weave.logger.error { "rule: #{rule['name']} singed: true result: fail" }
         end
+
+        valid
       end
       if invalid_rules.any?
         Sqreen::Weave.logger.error { "weave: instrument status: abort reason: signature result: fail" }
@@ -210,6 +232,8 @@ class Sqreen::Weave::Legacy::Instrumentation
       @hooks << add_callback('weave,hardcoded', hard_callback, strategy)
     end
 
+    @hooks << install_graphql_hook
+
     metrics_engine = self.metrics_engine
 
     request_hook = Sqreen::Graft::Hook['Sqreen::ShrinkWrap#call', strategy]
@@ -220,6 +244,10 @@ class Sqreen::Weave::Legacy::Instrumentation
 
         # shrinkwrap_timer = Sqreen::Graft::Timer.new('weave,shrinkwrap')
         # shrinkwrap_timer.start
+        if defined?(Datadog)
+          datadog_span = Datadog.tracer.active_root_span
+          Sqreen::Weave.logger.debug { "request datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
+        end
 
         request_timer = Sqreen::Graft::Timer.new("request")
         request_timer.start
@@ -245,6 +273,7 @@ class Sqreen::Weave::Legacy::Instrumentation
           timed_level: timed_level,
           skipped_callbacks: [],
           # timed_shrinkwrap: shrinkwrap_timer,
+          datadog_span: datadog_span,
         }
 
         # shrinkwrap_timer.stop
@@ -546,4 +575,30 @@ class Sqreen::Weave::Legacy::Instrumentation
       Sqreen::Rules::RunUserActions.new(Sqreen, :auth_track, 1),
     ]
   end
+
+  def install_graphql_hook
+    hook = Sqreen::Graft::Hook['GraphQL::Execution::Multiplex.run_queries']
+
+    hook.add do
+      before('weave,test,graphql', mandatory: true) do |call|
+        find_args = proc do |*items|
+          args = []
+          items.each do |e|
+            args << e if e.is_a?(GraphQL::Language::Nodes::Argument)
+            args += find_args.call(*e.children)
+          end
+          args
+        end
+        queries = call.args[1]
+        qdocs = queries.map { |q| [q.query_string, q.document] }
+        qargs = qdocs.map do |q, doc|
+          next if doc.nil?
+          [q, find_args.call(*doc.children).map { |arg| { arg.name => arg.value } }.reduce(&:merge)]
+        end
+        Sqreen.framework.graphql_args = Hash[*qargs.flatten(1)]
+      end
+    end.install
+
+    hook
+  end
 end

data/lib/sqreen/web_server/generic.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/web_server/webrick.rb

@@ -1,4 +1,4 @@
-# typed: true
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

data/lib/sqreen/worker.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: ignore
 
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.22.0
+  version: 1.24.0
 platform: ruby
 authors:
 - Sqreen
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-11-02 00:00:00.000000000 Z
+date: 2021-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sqreen-backport
@@ -30,28 +30,34 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: 0.2.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: 0.2.3
 - !ruby/object:Gem::Dependency
   name: sq_mini_racer
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.4.sqreen2
+        version: '0.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 0.5.a
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.4.sqreen2
+        version: '0.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 0.5.a
 - !ruby/object:Gem::Dependency
   name: libsqreen
   requirement: !ruby/object:Gem::Requirement
@@ -69,7 +75,8 @@ dependencies:
 description: Sqreen is a SaaS based Application protection and monitoring platform
   that integrates directly into your Ruby applications. Learn more at https://sqreen.com.
 email: contact@sqreen.com
-executables: []
+executables:
+- sqreen
 extensions: []
 extra_rdoc_files: []
 files:
@@ -78,6 +85,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- bin/sqreen
 - lib/sqreen.rb
 - lib/sqreen/actions.rb
 - lib/sqreen/actions/actions_index.rb
@@ -192,7 +200,11 @@ files:
 - lib/sqreen/graft/call.rb
 - lib/sqreen/graft/callback.rb
 - lib/sqreen/graft/hook.rb
+- lib/sqreen/graft/hook.ruby_2.rb
+- lib/sqreen/graft/hook.ruby_3.rb
 - lib/sqreen/graft/hook_point.rb
+- lib/sqreen/graft/hook_point.ruby_2.rb
+- lib/sqreen/graft/hook_point.ruby_3.rb
 - lib/sqreen/graft/hook_point_error.rb
 - lib/sqreen/invalid_signature_exception.rb
 - lib/sqreen/js.rb
@@ -327,7 +339,7 @@ metadata:
   changelog_uri: https://docs.sqreen.com/ruby/release-notes/
   source_code_uri: https://github.com/sqreen/ruby-agent
   bug_tracker_uri: https://github.com/sqreen/ruby-agent/issues
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -335,15 +347,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 1.9.3
+      version: '2.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
-signing_key: 
+rubygems_version: 3.2.3
+signing_key:
 specification_version: 4
 summary: Sqreen Ruby agent
 test_files: []