sqreen 1.23.0 → 1.24.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -70,6 +70,15 @@ module Sqreen
70
70
  if payload_tpl.include?('context')
71
71
  payload[:backtrace] = Sqreen::Context.new.bt
72
72
  end
73
+ if framework.respond_to?(:datadog_span) && (datadog_span = framework.datadog_span)
74
+ Sqreen::Weave.logger.debug { "attack datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
75
+ payload.merge!(
76
+ :datadog_trace_id => datadog_span.trace_id,
77
+ :datadog_span_id => datadog_span.span_id,
78
+ )
79
+ datadog_span.set_tag(Datadog::Ext::ManualTracing::TAG_KEEP, true)
80
+ datadog_span.set_tag('sqreen.event', true)
81
+ end
73
82
  framework.observe(:attacks, payload, payload_tpl)
74
83
  end
75
84
 
data/lib/sqreen/runner.rb CHANGED
@@ -6,6 +6,7 @@
6
6
  require 'ipaddr'
7
7
  require 'timeout'
8
8
  require 'json'
9
+ require 'pathname'
9
10
 
10
11
  require 'sqreen/events/attack'
11
12
 
@@ -217,6 +218,16 @@ module Sqreen
217
218
  session_rules = session.rules
218
219
  rules_pack = session_rules['rules']
219
220
  rulespack_id = session_rules['pack_id']
221
+ elsif @configuration.get(:rules_dump)
222
+ rules_dir = (defined?(Rails) ? Rails.root : Pathname.pwd) + 'tmp/sqreen/rules'
223
+ FileUtils.mkdir_p(rules_dir.to_s)
224
+ File.open("#{rules_dir}/#{rulespack_id}.json", "wb") { |f| f.write(JSON.pretty_generate(rules_pack)) }
225
+ FileUtils.mkdir_p("#{rules_dir}/#{rulespack_id}")
226
+ rules_pack.each do |r|
227
+ r = r.dup
228
+ r['rulespack_id'] = rulespack_id
229
+ File.open("#{rules_dir}/#{rulespack_id}/#{r['name']}.json", "wb") { |f| f.write(JSON.pretty_generate(r)) }
230
+ end
220
231
  end
221
232
  rules = rules_pack.each { |r| r['rulespack_id'] = rulespack_id }
222
233
  Sqreen.log.info { format('retrieved rulespack id: %s', rulespack_id) }
@@ -44,11 +44,17 @@ module Sqreen
44
44
  # XXX: not used because we don't use Sqreen::Attack
45
45
  def convert_attack(attack)
46
46
  # no need to set actor/context as we only include them in request records/traces
47
+ location_h = {}
48
+ location_h.merge!(stack_trace: attack.backtrace) if attack.backtrace
49
+ location_h.merge!(datadog_trace_id: datadog_trace_id) if attack.datadog_trace_id
50
+ location_h.merge!(datadog_span_id: datadog_span_id) if attack.datadog_span_id
51
+ location = Kit::Signals::Location.new(location_h) unless location_h.empty?
52
+
47
53
  Kit::Signals::Specialized::Attack.new(
48
54
  signal_name: "sq.agent.attack.#{attack.attack_type}",
49
55
  source: "sqreen:rule:#{attack.rulespack_id}:#{attack.rule_name}",
50
56
  time: attack.time,
51
- location: Kit::Signals::Location.new(stack_trace: attack.backtrace),
57
+ location: location,
52
58
  payload: Kit::Signals::Specialized::Attack::Payload.new(
53
59
  test: attack.test?,
54
60
  block: attack.block?,
@@ -59,11 +65,17 @@ module Sqreen
59
65
 
60
66
  # see Sqreen::Rules::RuleCB.record_event
61
67
  def convert_unstructured_attack(payload)
68
+ location_h = {}
69
+ location_h.merge!(stack_trace: payload[:backtrace]) if payload[:backtrace]
70
+ location_h.merge!(datadog_trace_id: payload[:datadog_trace_id]) if payload[:datadog_span_id]
71
+ location_h.merge!(datadog_span_id: payload[:datadog_span_id]) if payload[:datadog_span_id]
72
+ location = Kit::Signals::Location.new(location_h) unless location_h.empty?
73
+
62
74
  Kit::Signals::Specialized::Attack.new(
63
75
  signal_name: "sq.agent.attack.#{payload[:attack_type]}",
64
76
  source: "sqreen:rule:#{payload[:rulespack_id]}:#{payload[:rule_name]}",
65
77
  time: payload[:time],
66
- location: (Kit::Signals::Location.new(stack_trace: payload[:backtrace]) if payload[:backtrace]),
78
+ location: location,
67
79
  payload: Kit::Signals::Specialized::Attack::Payload.new(
68
80
  test: payload[:test],
69
81
  block: payload[:block],
@@ -185,12 +197,13 @@ module Sqreen
185
197
  # see Sqreen::RequestRecord.processed_sdk_calls
186
198
  def convert_track(call_info)
187
199
  options = call_info[:args][1] || {}
200
+ args = options[:args] || {}
188
201
  Kit::Signals::Specialized::SdkTrackCall.new(
189
202
  signal_name: "sq.sdk.#{call_info[:args][0]}",
190
203
  time: call_info[:time],
191
204
  payload: Kit::Signals::Specialized::SdkTrackCall::Payload.new(
192
- properties: options[:properties],
193
- user_identifiers: options[:user_identifiers]
205
+ properties: args[:properties],
206
+ user_identifiers: args[:user_identifiers]
194
207
  )
195
208
  )
196
209
  end
@@ -234,6 +247,9 @@ module Sqreen
234
247
  status: resp_payload[:status],
235
248
  content_length: resp_payload[:content_length],
236
249
  content_type: resp_payload[:content_type],
250
+ # datadog
251
+ datadog_trace_id: req_payload[:datadog_trace_id],
252
+ datadog_span_id: req_payload[:datadog_span_id],
237
253
  }
238
254
  )
239
255
  end
@@ -4,5 +4,5 @@
4
4
  # Please refer to our terms for more information: https://www.sqreen.com/terms.html
5
5
 
6
6
  module Sqreen
7
- VERSION = '1.23.0'.freeze
7
+ VERSION = '1.24.2'.freeze
8
8
  end
@@ -180,6 +180,8 @@ class Sqreen::Weave::Legacy::Instrumentation
180
180
  else
181
181
  Sqreen::Weave.logger.error { "rule: #{rule['name']} singed: true result: fail" }
182
182
  end
183
+
184
+ valid
183
185
  end
184
186
  if invalid_rules.any?
185
187
  Sqreen::Weave.logger.error { "weave: instrument status: abort reason: signature result: fail" }
@@ -242,6 +244,9 @@ class Sqreen::Weave::Legacy::Instrumentation
242
244
 
243
245
  # shrinkwrap_timer = Sqreen::Graft::Timer.new('weave,shrinkwrap')
244
246
  # shrinkwrap_timer.start
247
+ if defined?(Datadog) && Datadog.tracer && (datadog_span = Datadog.tracer.active_root_span)
248
+ Sqreen::Weave.logger.debug { "request datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
249
+ end
245
250
 
246
251
  request_timer = Sqreen::Graft::Timer.new("request")
247
252
  request_timer.start
@@ -267,6 +272,7 @@ class Sqreen::Weave::Legacy::Instrumentation
267
272
  timed_level: timed_level,
268
273
  skipped_callbacks: [],
269
274
  # timed_shrinkwrap: shrinkwrap_timer,
275
+ datadog_span: datadog_span,
270
276
  }
271
277
 
272
278
  # shrinkwrap_timer.stop
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.23.0
4
+ version: 1.24.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-15 00:00:00.000000000 Z
11
+ date: 1980-01-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sqreen-backport
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 0.2.2
33
+ version: 0.2.4
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 0.2.2
40
+ version: 0.2.4
41
41
  - !ruby/object:Gem::Dependency
42
42
  name: sq_mini_racer
43
43
  requirement: !ruby/object:Gem::Requirement
@@ -47,7 +47,7 @@ dependencies:
47
47
  version: '0.2'
48
48
  - - "<"
49
49
  - !ruby/object:Gem::Version
50
- version: 0.4.a
50
+ version: 0.5.a
51
51
  type: :runtime
52
52
  prerelease: false
53
53
  version_requirements: !ruby/object:Gem::Requirement
@@ -57,7 +57,7 @@ dependencies:
57
57
  version: '0.2'
58
58
  - - "<"
59
59
  - !ruby/object:Gem::Version
60
- version: 0.4.a
60
+ version: 0.5.a
61
61
  - !ruby/object:Gem::Dependency
62
62
  name: libsqreen
63
63
  requirement: !ruby/object:Gem::Requirement
@@ -75,7 +75,8 @@ dependencies:
75
75
  description: Sqreen is a SaaS based Application protection and monitoring platform
76
76
  that integrates directly into your Ruby applications. Learn more at https://sqreen.com.
77
77
  email: contact@sqreen.com
78
- executables: []
78
+ executables:
79
+ - sqreen
79
80
  extensions: []
80
81
  extra_rdoc_files: []
81
82
  files:
@@ -84,6 +85,7 @@ files:
84
85
  - LICENSE
85
86
  - README.md
86
87
  - Rakefile
88
+ - bin/sqreen
87
89
  - lib/sqreen.rb
88
90
  - lib/sqreen/actions.rb
89
91
  - lib/sqreen/actions/actions_index.rb
@@ -198,7 +200,11 @@ files:
198
200
  - lib/sqreen/graft/call.rb
199
201
  - lib/sqreen/graft/callback.rb
200
202
  - lib/sqreen/graft/hook.rb
203
+ - lib/sqreen/graft/hook.ruby_2.rb
204
+ - lib/sqreen/graft/hook.ruby_3.rb
201
205
  - lib/sqreen/graft/hook_point.rb
206
+ - lib/sqreen/graft/hook_point.ruby_2.rb
207
+ - lib/sqreen/graft/hook_point.ruby_3.rb
202
208
  - lib/sqreen/graft/hook_point_error.rb
203
209
  - lib/sqreen/invalid_signature_exception.rb
204
210
  - lib/sqreen/js.rb
@@ -341,14 +347,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
341
347
  requirements:
342
348
  - - ">="
343
349
  - !ruby/object:Gem::Version
344
- version: 1.9.3
350
+ version: '2.0'
345
351
  required_rubygems_version: !ruby/object:Gem::Requirement
346
352
  requirements:
347
353
  - - ">="
348
354
  - !ruby/object:Gem::Version
349
355
  version: '0'
350
356
  requirements: []
351
- rubygems_version: 3.2.3
357
+ rubygems_version: 3.2.26
352
358
  signing_key:
353
359
  specification_version: 4
354
360
  summary: Sqreen Ruby agent