sqreen 1.23.0 → 1.24.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +19 -0
- data/bin/sqreen +43 -0
- data/lib/sqreen/configuration.rb +2 -0
- data/lib/sqreen/dependency/new_relic.rb +1 -1
- data/lib/sqreen/dependency/sinatra.rb +20 -0
- data/lib/sqreen/events/attack.rb +8 -0
- data/lib/sqreen/frameworks/generic.rb +12 -1
- data/lib/sqreen/graft/hook.rb +7 -295
- data/lib/sqreen/graft/hook.ruby_2.rb +305 -0
- data/lib/sqreen/graft/hook.ruby_3.rb +305 -0
- data/lib/sqreen/graft/hook_point.rb +6 -6
- data/lib/sqreen/graft/hook_point.ruby_2.rb +18 -0
- data/lib/sqreen/graft/hook_point.ruby_3.rb +19 -0
- data/lib/sqreen/rules/rule_cb.rb +9 -0
- data/lib/sqreen/runner.rb +11 -0
- data/lib/sqreen/signals/conversions.rb +17 -2
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/legacy/instrumentation.rb +6 -0
- metadata +15 -9
@@ -105,12 +105,6 @@ module Sqreen
|
|
105
105
|
@strategy == :prepend
|
106
106
|
end
|
107
107
|
|
108
|
-
def apply(obj, suffix, *args, &block)
|
109
|
-
raise 'use super' if super?
|
110
|
-
|
111
|
-
obj.send("#{method_name}_without_#{suffix}", *args, &block)
|
112
|
-
end
|
113
|
-
|
114
108
|
def install(key, &block)
|
115
109
|
if installed?(key)
|
116
110
|
Sqreen::Graft.logger.debug { "[#{Process.pid}] #{self} already installed" }
|
@@ -344,3 +338,9 @@ module Sqreen
|
|
344
338
|
end
|
345
339
|
end
|
346
340
|
end
|
341
|
+
|
342
|
+
if RUBY_VERSION =~ /^2\./
|
343
|
+
load File.join(__dir__, 'hook_point.ruby_2.rb')
|
344
|
+
else
|
345
|
+
load File.join(__dir__, 'hook_point.ruby_3.rb')
|
346
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
+
|
6
|
+
require 'sqreen/graft'
|
7
|
+
|
8
|
+
module Sqreen
|
9
|
+
module Graft
|
10
|
+
class HookPoint
|
11
|
+
def apply(obj, suffix, *args, &block)
|
12
|
+
raise 'use super' if super?
|
13
|
+
|
14
|
+
obj.send("#{method_name}_without_#{suffix}", *args, &block)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# typed: ignore
|
2
|
+
|
3
|
+
# Copyright (c) 2015 Sqreen. All Rights Reserved.
|
4
|
+
# Please refer to our terms for more information: https://www.sqreen.com/terms.html
|
5
|
+
|
6
|
+
require 'sqreen/graft'
|
7
|
+
|
8
|
+
module Sqreen
|
9
|
+
module Graft
|
10
|
+
class HookPoint
|
11
|
+
def apply(obj, suffix, *args, **kwargs, &block)
|
12
|
+
raise 'use super' if super?
|
13
|
+
|
14
|
+
obj.send("#{method_name}_without_#{suffix}", *args, **kwargs, &block)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
data/lib/sqreen/rules/rule_cb.rb
CHANGED
@@ -70,6 +70,15 @@ module Sqreen
|
|
70
70
|
if payload_tpl.include?('context')
|
71
71
|
payload[:backtrace] = Sqreen::Context.new.bt
|
72
72
|
end
|
73
|
+
if framework.respond_to?(:datadog_span) && (datadog_span = framework.datadog_span)
|
74
|
+
Sqreen::Weave.logger.debug { "attack datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
|
75
|
+
payload.merge!(
|
76
|
+
:datadog_trace_id => datadog_span.trace_id,
|
77
|
+
:datadog_span_id => datadog_span.span_id,
|
78
|
+
)
|
79
|
+
datadog_span.set_tag(Datadog::Ext::ManualTracing::TAG_KEEP, true)
|
80
|
+
datadog_span.set_tag('sqreen.event', true)
|
81
|
+
end
|
73
82
|
framework.observe(:attacks, payload, payload_tpl)
|
74
83
|
end
|
75
84
|
|
data/lib/sqreen/runner.rb
CHANGED
@@ -6,6 +6,7 @@
|
|
6
6
|
require 'ipaddr'
|
7
7
|
require 'timeout'
|
8
8
|
require 'json'
|
9
|
+
require 'pathname'
|
9
10
|
|
10
11
|
require 'sqreen/events/attack'
|
11
12
|
|
@@ -217,6 +218,16 @@ module Sqreen
|
|
217
218
|
session_rules = session.rules
|
218
219
|
rules_pack = session_rules['rules']
|
219
220
|
rulespack_id = session_rules['pack_id']
|
221
|
+
elsif @configuration.get(:rules_dump)
|
222
|
+
rules_dir = (defined?(Rails) ? Rails.root : Pathname.pwd) + 'tmp/sqreen/rules'
|
223
|
+
FileUtils.mkdir_p(rules_dir.to_s)
|
224
|
+
File.open("#{rules_dir}/#{rulespack_id}.json", "wb") { |f| f.write(JSON.pretty_generate(rules_pack)) }
|
225
|
+
FileUtils.mkdir_p("#{rules_dir}/#{rulespack_id}")
|
226
|
+
rules_pack.each do |r|
|
227
|
+
r = r.dup
|
228
|
+
r['rulespack_id'] = rulespack_id
|
229
|
+
File.open("#{rules_dir}/#{rulespack_id}/#{r['name']}.json", "wb") { |f| f.write(JSON.pretty_generate(r)) }
|
230
|
+
end
|
220
231
|
end
|
221
232
|
rules = rules_pack.each { |r| r['rulespack_id'] = rulespack_id }
|
222
233
|
Sqreen.log.info { format('retrieved rulespack id: %s', rulespack_id) }
|
@@ -44,11 +44,17 @@ module Sqreen
|
|
44
44
|
# XXX: not used because we don't use Sqreen::Attack
|
45
45
|
def convert_attack(attack)
|
46
46
|
# no need to set actor/context as we only include them in request records/traces
|
47
|
+
location_h = {}
|
48
|
+
location_h.merge!(stack_trace: attack.backtrace) if attack.backtrace
|
49
|
+
location_h.merge!(datadog_trace_id: datadog_trace_id) if attack.datadog_trace_id
|
50
|
+
location_h.merge!(datadog_span_id: datadog_span_id) if attack.datadog_span_id
|
51
|
+
location = Kit::Signals::Location.new(location_h) unless location_h.empty?
|
52
|
+
|
47
53
|
Kit::Signals::Specialized::Attack.new(
|
48
54
|
signal_name: "sq.agent.attack.#{attack.attack_type}",
|
49
55
|
source: "sqreen:rule:#{attack.rulespack_id}:#{attack.rule_name}",
|
50
56
|
time: attack.time,
|
51
|
-
location:
|
57
|
+
location: location,
|
52
58
|
payload: Kit::Signals::Specialized::Attack::Payload.new(
|
53
59
|
test: attack.test?,
|
54
60
|
block: attack.block?,
|
@@ -59,11 +65,17 @@ module Sqreen
|
|
59
65
|
|
60
66
|
# see Sqreen::Rules::RuleCB.record_event
|
61
67
|
def convert_unstructured_attack(payload)
|
68
|
+
location_h = {}
|
69
|
+
location_h.merge!(stack_trace: payload[:backtrace]) if payload[:backtrace]
|
70
|
+
location_h.merge!(datadog_trace_id: payload[:datadog_trace_id]) if payload[:datadog_span_id]
|
71
|
+
location_h.merge!(datadog_span_id: payload[:datadog_span_id]) if payload[:datadog_span_id]
|
72
|
+
location = Kit::Signals::Location.new(location_h) unless location_h.empty?
|
73
|
+
|
62
74
|
Kit::Signals::Specialized::Attack.new(
|
63
75
|
signal_name: "sq.agent.attack.#{payload[:attack_type]}",
|
64
76
|
source: "sqreen:rule:#{payload[:rulespack_id]}:#{payload[:rule_name]}",
|
65
77
|
time: payload[:time],
|
66
|
-
location:
|
78
|
+
location: location,
|
67
79
|
payload: Kit::Signals::Specialized::Attack::Payload.new(
|
68
80
|
test: payload[:test],
|
69
81
|
block: payload[:block],
|
@@ -234,6 +246,9 @@ module Sqreen
|
|
234
246
|
status: resp_payload[:status],
|
235
247
|
content_length: resp_payload[:content_length],
|
236
248
|
content_type: resp_payload[:content_type],
|
249
|
+
# datadog
|
250
|
+
datadog_trace_id: req_payload[:datadog_trace_id],
|
251
|
+
datadog_span_id: req_payload[:datadog_span_id],
|
237
252
|
}
|
238
253
|
)
|
239
254
|
end
|
data/lib/sqreen/version.rb
CHANGED
@@ -180,6 +180,8 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
180
180
|
else
|
181
181
|
Sqreen::Weave.logger.error { "rule: #{rule['name']} singed: true result: fail" }
|
182
182
|
end
|
183
|
+
|
184
|
+
valid
|
183
185
|
end
|
184
186
|
if invalid_rules.any?
|
185
187
|
Sqreen::Weave.logger.error { "weave: instrument status: abort reason: signature result: fail" }
|
@@ -242,6 +244,9 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
242
244
|
|
243
245
|
# shrinkwrap_timer = Sqreen::Graft::Timer.new('weave,shrinkwrap')
|
244
246
|
# shrinkwrap_timer.start
|
247
|
+
if defined?(Datadog) && Datadog.tracer && (datadog_span = Datadog.tracer.active_root_span)
|
248
|
+
Sqreen::Weave.logger.debug { "request datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
|
249
|
+
end
|
245
250
|
|
246
251
|
request_timer = Sqreen::Graft::Timer.new("request")
|
247
252
|
request_timer.start
|
@@ -267,6 +272,7 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
267
272
|
timed_level: timed_level,
|
268
273
|
skipped_callbacks: [],
|
269
274
|
# timed_shrinkwrap: shrinkwrap_timer,
|
275
|
+
datadog_span: datadog_span,
|
270
276
|
}
|
271
277
|
|
272
278
|
# shrinkwrap_timer.stop
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sqreen
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.24.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sqreen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 1980-01-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sqreen-backport
|
@@ -30,14 +30,14 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 0.2.
|
33
|
+
version: 0.2.4
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 0.2.
|
40
|
+
version: 0.2.4
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
42
|
name: sq_mini_racer
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
@@ -47,7 +47,7 @@ dependencies:
|
|
47
47
|
version: '0.2'
|
48
48
|
- - "<"
|
49
49
|
- !ruby/object:Gem::Version
|
50
|
-
version: 0.
|
50
|
+
version: 0.5.a
|
51
51
|
type: :runtime
|
52
52
|
prerelease: false
|
53
53
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -57,7 +57,7 @@ dependencies:
|
|
57
57
|
version: '0.2'
|
58
58
|
- - "<"
|
59
59
|
- !ruby/object:Gem::Version
|
60
|
-
version: 0.
|
60
|
+
version: 0.5.a
|
61
61
|
- !ruby/object:Gem::Dependency
|
62
62
|
name: libsqreen
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
@@ -75,7 +75,8 @@ dependencies:
|
|
75
75
|
description: Sqreen is a SaaS based Application protection and monitoring platform
|
76
76
|
that integrates directly into your Ruby applications. Learn more at https://sqreen.com.
|
77
77
|
email: contact@sqreen.com
|
78
|
-
executables:
|
78
|
+
executables:
|
79
|
+
- sqreen
|
79
80
|
extensions: []
|
80
81
|
extra_rdoc_files: []
|
81
82
|
files:
|
@@ -84,6 +85,7 @@ files:
|
|
84
85
|
- LICENSE
|
85
86
|
- README.md
|
86
87
|
- Rakefile
|
88
|
+
- bin/sqreen
|
87
89
|
- lib/sqreen.rb
|
88
90
|
- lib/sqreen/actions.rb
|
89
91
|
- lib/sqreen/actions/actions_index.rb
|
@@ -198,7 +200,11 @@ files:
|
|
198
200
|
- lib/sqreen/graft/call.rb
|
199
201
|
- lib/sqreen/graft/callback.rb
|
200
202
|
- lib/sqreen/graft/hook.rb
|
203
|
+
- lib/sqreen/graft/hook.ruby_2.rb
|
204
|
+
- lib/sqreen/graft/hook.ruby_3.rb
|
201
205
|
- lib/sqreen/graft/hook_point.rb
|
206
|
+
- lib/sqreen/graft/hook_point.ruby_2.rb
|
207
|
+
- lib/sqreen/graft/hook_point.ruby_3.rb
|
202
208
|
- lib/sqreen/graft/hook_point_error.rb
|
203
209
|
- lib/sqreen/invalid_signature_exception.rb
|
204
210
|
- lib/sqreen/js.rb
|
@@ -341,14 +347,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
341
347
|
requirements:
|
342
348
|
- - ">="
|
343
349
|
- !ruby/object:Gem::Version
|
344
|
-
version:
|
350
|
+
version: '2.0'
|
345
351
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
346
352
|
requirements:
|
347
353
|
- - ">="
|
348
354
|
- !ruby/object:Gem::Version
|
349
355
|
version: '0'
|
350
356
|
requirements: []
|
351
|
-
rubygems_version: 3.2.
|
357
|
+
rubygems_version: 3.2.16
|
352
358
|
signing_key:
|
353
359
|
specification_version: 4
|
354
360
|
summary: Sqreen Ruby agent
|