sqreen 1.23.0 → 1.25.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -33,7 +33,7 @@ module Sqreen
33
33
  private
34
34
 
35
35
  def detect_adapter
36
- @online = try_sq_mini_racer || try_rhino
36
+ @online = try_sq_mini_racer || try_mini_racer || try_rhino
37
37
 
38
38
  Sqreen.log.info "JS engine online: #{variant}" if @online
39
39
  end
@@ -53,6 +53,21 @@ module Sqreen
53
53
  false
54
54
  end
55
55
 
56
+ def try_mini_racer
57
+ gem = Gem.loaded_specs['mini_racer']
58
+ unless gem
59
+ Sqreen.log.info "mini_racer gem not detected"
60
+ return false
61
+ end
62
+
63
+ require 'mini_racer'
64
+ require 'sqreen/js/mini_racer_adapter'
65
+ @adapter = MiniRacerAdapter.new(false)
66
+ rescue LoadError => e
67
+ Sqreen.log.warn "Failed loading mini_racer: #{e}"
68
+ false
69
+ end
70
+
56
71
  def try_rhino
57
72
  gem = Gem.loaded_specs['therubyrhino']
58
73
  unless gem
@@ -34,7 +34,7 @@ module Sqreen
34
34
 
35
35
  def self.static_init
36
36
  return if @done_static_init
37
- Sqreen::MiniRacer::Platform.set_flags! :noconcurrent_recompilation
37
+ Sqreen::MiniRacer::Platform.set_flags! :noconcurrent_recompilation if @vendored
38
38
  @done_static_init = true
39
39
  end
40
40
  end
@@ -118,7 +118,7 @@ module Sqreen
118
118
 
119
119
  # garbage collections max 1 in every 4 calls (avg)
120
120
  if heap_stats[:total_heap_size] > @gc_threshold_in_bytes
121
- low_memory_notification
121
+ low_memory_notification if respond_to?(:low_memory_notification)
122
122
  @gc_load += 4
123
123
  else
124
124
  @gc_load = [0, @gc_load - 1].max
@@ -20,7 +20,7 @@ module Sqreen
20
20
  keys = args[1].class.authentication_keys
21
21
  ip = framework.client_ip
22
22
  category = 'auto-signup'
23
- data = data.select { |k, _| keys.include?(k) }
23
+ data = data.select { |k, _| keys.map(&:to_s).include?(k.to_s) }
24
24
 
25
25
  if data.empty?
26
26
  Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
@@ -70,6 +70,15 @@ module Sqreen
70
70
  if payload_tpl.include?('context')
71
71
  payload[:backtrace] = Sqreen::Context.new.bt
72
72
  end
73
+ if framework.respond_to?(:datadog_span) && (datadog_span = framework.datadog_span)
74
+ Sqreen::Weave.logger.debug { "attack datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
75
+ payload.merge!(
76
+ :datadog_trace_id => datadog_span.trace_id,
77
+ :datadog_span_id => datadog_span.span_id,
78
+ )
79
+ datadog_span.set_tag(Datadog::Ext::ManualTracing::TAG_KEEP, true)
80
+ datadog_span.set_tag('sqreen.event', true)
81
+ end
73
82
  framework.observe(:attacks, payload, payload_tpl)
74
83
  end
75
84
 
@@ -146,7 +146,7 @@ module Sqreen
146
146
  error_code: ERROR_CODES[e.error],
147
147
  }.tap do |r|
148
148
  r[:error_data] = e.data if e.data
149
- r[:args] = e.args if e.arg
149
+ r[:args] = e.args if e.args
150
150
  end,
151
151
  }
152
152
  end
data/lib/sqreen/runner.rb CHANGED
@@ -6,6 +6,7 @@
6
6
  require 'ipaddr'
7
7
  require 'timeout'
8
8
  require 'json'
9
+ require 'pathname'
9
10
 
10
11
  require 'sqreen/events/attack'
11
12
 
@@ -217,6 +218,16 @@ module Sqreen
217
218
  session_rules = session.rules
218
219
  rules_pack = session_rules['rules']
219
220
  rulespack_id = session_rules['pack_id']
221
+ elsif @configuration.get(:rules_dump)
222
+ rules_dir = (defined?(Rails) ? Rails.root : Pathname.pwd) + 'tmp/sqreen/rules'
223
+ FileUtils.mkdir_p(rules_dir.to_s)
224
+ File.open("#{rules_dir}/#{rulespack_id}.json", "wb") { |f| f.write(JSON.pretty_generate(rules_pack)) }
225
+ FileUtils.mkdir_p("#{rules_dir}/#{rulespack_id}")
226
+ rules_pack.each do |r|
227
+ r = r.dup
228
+ r['rulespack_id'] = rulespack_id
229
+ File.open("#{rules_dir}/#{rulespack_id}/#{r['name']}.json", "wb") { |f| f.write(JSON.pretty_generate(r)) }
230
+ end
220
231
  end
221
232
  rules = rules_pack.each { |r| r['rulespack_id'] = rulespack_id }
222
233
  Sqreen.log.info { format('retrieved rulespack id: %s', rulespack_id) }
@@ -44,11 +44,17 @@ module Sqreen
44
44
  # XXX: not used because we don't use Sqreen::Attack
45
45
  def convert_attack(attack)
46
46
  # no need to set actor/context as we only include them in request records/traces
47
+ location_h = {}
48
+ location_h.merge!(stack_trace: attack.backtrace) if attack.backtrace
49
+ location_h.merge!(datadog_trace_id: datadog_trace_id) if attack.datadog_trace_id
50
+ location_h.merge!(datadog_span_id: datadog_span_id) if attack.datadog_span_id
51
+ location = Kit::Signals::Location.new(location_h) unless location_h.empty?
52
+
47
53
  Kit::Signals::Specialized::Attack.new(
48
54
  signal_name: "sq.agent.attack.#{attack.attack_type}",
49
55
  source: "sqreen:rule:#{attack.rulespack_id}:#{attack.rule_name}",
50
56
  time: attack.time,
51
- location: Kit::Signals::Location.new(stack_trace: attack.backtrace),
57
+ location: location,
52
58
  payload: Kit::Signals::Specialized::Attack::Payload.new(
53
59
  test: attack.test?,
54
60
  block: attack.block?,
@@ -59,11 +65,17 @@ module Sqreen
59
65
 
60
66
  # see Sqreen::Rules::RuleCB.record_event
61
67
  def convert_unstructured_attack(payload)
68
+ location_h = {}
69
+ location_h.merge!(stack_trace: payload[:backtrace]) if payload[:backtrace]
70
+ location_h.merge!(datadog_trace_id: payload[:datadog_trace_id]) if payload[:datadog_span_id]
71
+ location_h.merge!(datadog_span_id: payload[:datadog_span_id]) if payload[:datadog_span_id]
72
+ location = Kit::Signals::Location.new(location_h) unless location_h.empty?
73
+
62
74
  Kit::Signals::Specialized::Attack.new(
63
75
  signal_name: "sq.agent.attack.#{payload[:attack_type]}",
64
76
  source: "sqreen:rule:#{payload[:rulespack_id]}:#{payload[:rule_name]}",
65
77
  time: payload[:time],
66
- location: (Kit::Signals::Location.new(stack_trace: payload[:backtrace]) if payload[:backtrace]),
78
+ location: location,
67
79
  payload: Kit::Signals::Specialized::Attack::Payload.new(
68
80
  test: payload[:test],
69
81
  block: payload[:block],
@@ -185,12 +197,13 @@ module Sqreen
185
197
  # see Sqreen::RequestRecord.processed_sdk_calls
186
198
  def convert_track(call_info)
187
199
  options = call_info[:args][1] || {}
200
+ args = options[:args] || {}
188
201
  Kit::Signals::Specialized::SdkTrackCall.new(
189
202
  signal_name: "sq.sdk.#{call_info[:args][0]}",
190
203
  time: call_info[:time],
191
204
  payload: Kit::Signals::Specialized::SdkTrackCall::Payload.new(
192
- properties: options[:properties],
193
- user_identifiers: options[:user_identifiers]
205
+ properties: args[:properties],
206
+ user_identifiers: args[:user_identifiers]
194
207
  )
195
208
  )
196
209
  end
@@ -234,6 +247,9 @@ module Sqreen
234
247
  status: resp_payload[:status],
235
248
  content_length: resp_payload[:content_length],
236
249
  content_type: resp_payload[:content_type],
250
+ # datadog
251
+ datadog_trace_id: req_payload[:datadog_trace_id],
252
+ datadog_span_id: req_payload[:datadog_span_id],
237
253
  }
238
254
  )
239
255
  end
@@ -4,5 +4,5 @@
4
4
  # Please refer to our terms for more information: https://www.sqreen.com/terms.html
5
5
 
6
6
  module Sqreen
7
- VERSION = '1.23.0'.freeze
7
+ VERSION = '1.25.0'.freeze
8
8
  end
@@ -180,6 +180,8 @@ class Sqreen::Weave::Legacy::Instrumentation
180
180
  else
181
181
  Sqreen::Weave.logger.error { "rule: #{rule['name']} singed: true result: fail" }
182
182
  end
183
+
184
+ valid
183
185
  end
184
186
  if invalid_rules.any?
185
187
  Sqreen::Weave.logger.error { "weave: instrument status: abort reason: signature result: fail" }
@@ -242,6 +244,9 @@ class Sqreen::Weave::Legacy::Instrumentation
242
244
 
243
245
  # shrinkwrap_timer = Sqreen::Graft::Timer.new('weave,shrinkwrap')
244
246
  # shrinkwrap_timer.start
247
+ if defined?(Datadog) && Datadog.tracer && (datadog_span = Datadog.tracer.active_root_span)
248
+ Sqreen::Weave.logger.debug { "request datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
249
+ end
245
250
 
246
251
  request_timer = Sqreen::Graft::Timer.new("request")
247
252
  request_timer.start
@@ -267,6 +272,7 @@ class Sqreen::Weave::Legacy::Instrumentation
267
272
  timed_level: timed_level,
268
273
  skipped_callbacks: [],
269
274
  # timed_shrinkwrap: shrinkwrap_timer,
275
+ datadog_span: datadog_span,
270
276
  }
271
277
 
272
278
  # shrinkwrap_timer.stop
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.23.0
4
+ version: 1.25.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-15 00:00:00.000000000 Z
11
+ date: 1980-01-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sqreen-backport
@@ -30,34 +30,28 @@ dependencies:
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: 0.2.2
33
+ version: 0.2.4
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: 0.2.2
40
+ version: 0.2.4
41
41
  - !ruby/object:Gem::Dependency
42
- name: sq_mini_racer
42
+ name: mini_racer
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
46
- - !ruby/object:Gem::Version
47
- version: '0.2'
48
- - - "<"
45
+ - - ">="
49
46
  - !ruby/object:Gem::Version
50
- version: 0.4.a
47
+ version: 0.4.0
51
48
  type: :runtime
52
49
  prerelease: false
53
50
  version_requirements: !ruby/object:Gem::Requirement
54
51
  requirements:
55
- - - "~>"
56
- - !ruby/object:Gem::Version
57
- version: '0.2'
58
- - - "<"
52
+ - - ">="
59
53
  - !ruby/object:Gem::Version
60
- version: 0.4.a
54
+ version: 0.4.0
61
55
  - !ruby/object:Gem::Dependency
62
56
  name: libsqreen
63
57
  requirement: !ruby/object:Gem::Requirement
@@ -75,7 +69,8 @@ dependencies:
75
69
  description: Sqreen is a SaaS based Application protection and monitoring platform
76
70
  that integrates directly into your Ruby applications. Learn more at https://sqreen.com.
77
71
  email: contact@sqreen.com
78
- executables: []
72
+ executables:
73
+ - sqreen
79
74
  extensions: []
80
75
  extra_rdoc_files: []
81
76
  files:
@@ -84,6 +79,7 @@ files:
84
79
  - LICENSE
85
80
  - README.md
86
81
  - Rakefile
82
+ - bin/sqreen
87
83
  - lib/sqreen.rb
88
84
  - lib/sqreen/actions.rb
89
85
  - lib/sqreen/actions/actions_index.rb
@@ -198,7 +194,11 @@ files:
198
194
  - lib/sqreen/graft/call.rb
199
195
  - lib/sqreen/graft/callback.rb
200
196
  - lib/sqreen/graft/hook.rb
197
+ - lib/sqreen/graft/hook.ruby_2.rb
198
+ - lib/sqreen/graft/hook.ruby_3.rb
201
199
  - lib/sqreen/graft/hook_point.rb
200
+ - lib/sqreen/graft/hook_point.ruby_2.rb
201
+ - lib/sqreen/graft/hook_point.ruby_3.rb
202
202
  - lib/sqreen/graft/hook_point_error.rb
203
203
  - lib/sqreen/invalid_signature_exception.rb
204
204
  - lib/sqreen/js.rb
@@ -341,14 +341,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
341
341
  requirements:
342
342
  - - ">="
343
343
  - !ruby/object:Gem::Version
344
- version: 1.9.3
344
+ version: '2.6'
345
345
  required_rubygems_version: !ruby/object:Gem::Requirement
346
346
  requirements:
347
347
  - - ">="
348
348
  - !ruby/object:Gem::Version
349
349
  version: '0'
350
350
  requirements: []
351
- rubygems_version: 3.2.3
351
+ rubygems_version: 3.2.26
352
352
  signing_key:
353
353
  specification_version: 4
354
354
  summary: Sqreen Ruby agent