sqreen 1.23.0 → 1.25.0

data/lib/sqreen/js/js_service.rb

@@ -33,7 +33,7 @@ module Sqreen
       private
 
       def detect_adapter
-        @online = try_sq_mini_racer || try_rhino
+        @online = try_sq_mini_racer || try_mini_racer || try_rhino
 
         Sqreen.log.info "JS engine online: #{variant}" if @online
       end
@@ -53,6 +53,21 @@ module Sqreen
         false
       end
 
+      def try_mini_racer
+        gem = Gem.loaded_specs['mini_racer']
+        unless gem
+          Sqreen.log.info "mini_racer gem not detected"
+          return false
+        end
+
+        require 'mini_racer'
+        require 'sqreen/js/mini_racer_adapter'
+        @adapter = MiniRacerAdapter.new(false)
+      rescue LoadError => e
+        Sqreen.log.warn "Failed loading mini_racer: #{e}"
+        false
+      end
+
       def try_rhino
         gem = Gem.loaded_specs['therubyrhino']
         unless gem

data/lib/sqreen/js/mini_racer_adapter.rb

@@ -34,7 +34,7 @@ module Sqreen
 
       def self.static_init
         return if @done_static_init
-        Sqreen::MiniRacer::Platform.set_flags! :noconcurrent_recompilation
+        Sqreen::MiniRacer::Platform.set_flags! :noconcurrent_recompilation if @vendored
         @done_static_init = true
       end
     end

data/lib/sqreen/js/mini_racer_executable_js.rb

@@ -118,7 +118,7 @@ module Sqreen
 
               # garbage collections max 1 in every 4 calls (avg)
               if heap_stats[:total_heap_size] > @gc_threshold_in_bytes
-                low_memory_notification
+                low_memory_notification if respond_to?(:low_memory_notification)
                 @gc_load += 4
               else
                 @gc_load = [0, @gc_load - 1].max

data/lib/sqreen/rules/devise_signup_track_cb.rb

@@ -20,7 +20,7 @@ module Sqreen
         keys = args[1].class.authentication_keys
         ip = framework.client_ip
         category = 'auto-signup'
-        data = data.select { |k, _| keys.include?(k) }
+        data = data.select { |k, _| keys.map(&:to_s).include?(k.to_s) }
 
         if data.empty?
           Sqreen.log.debug { "#{category} from #{ip} but keys empty" }

data/lib/sqreen/rules/rule_cb.rb

@@ -70,6 +70,15 @@ module Sqreen
         if payload_tpl.include?('context')
           payload[:backtrace] = Sqreen::Context.new.bt
         end
+        if framework.respond_to?(:datadog_span) && (datadog_span = framework.datadog_span)
+          Sqreen::Weave.logger.debug { "attack datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
+          payload.merge!(
+            :datadog_trace_id => datadog_span.trace_id,
+            :datadog_span_id => datadog_span.span_id,
+          )
+          datadog_span.set_tag(Datadog::Ext::ManualTracing::TAG_KEEP, true)
+          datadog_span.set_tag('sqreen.event', true)
+        end
         framework.observe(:attacks, payload, payload_tpl)
       end
 

data/lib/sqreen/rules/waf_cb.rb

@@ -146,7 +146,7 @@ module Sqreen
             error_code: ERROR_CODES[e.error],
           }.tap do |r|
             r[:error_data] = e.data if e.data
-            r[:args] = e.args if e.arg
+            r[:args] = e.args if e.args
           end,
         }
       end

data/lib/sqreen/runner.rb

@@ -6,6 +6,7 @@
 require 'ipaddr'
 require 'timeout'
 require 'json'
+require 'pathname'
 
 require 'sqreen/events/attack'
 
@@ -217,6 +218,16 @@ module Sqreen
         session_rules = session.rules
         rules_pack = session_rules['rules']
         rulespack_id = session_rules['pack_id']
+      elsif @configuration.get(:rules_dump)
+        rules_dir = (defined?(Rails) ? Rails.root : Pathname.pwd) + 'tmp/sqreen/rules'
+        FileUtils.mkdir_p(rules_dir.to_s)
+        File.open("#{rules_dir}/#{rulespack_id}.json", "wb") { |f| f.write(JSON.pretty_generate(rules_pack)) }
+        FileUtils.mkdir_p("#{rules_dir}/#{rulespack_id}")
+        rules_pack.each do |r|
+          r = r.dup
+          r['rulespack_id'] = rulespack_id
+          File.open("#{rules_dir}/#{rulespack_id}/#{r['name']}.json", "wb") { |f| f.write(JSON.pretty_generate(r)) }
+        end
       end
       rules = rules_pack.each { |r| r['rulespack_id'] = rulespack_id }
       Sqreen.log.info { format('retrieved rulespack id: %s', rulespack_id) }

data/lib/sqreen/signals/conversions.rb

@@ -44,11 +44,17 @@ module Sqreen
         # XXX: not used because we don't use Sqreen::Attack
         def convert_attack(attack)
           # no need to set actor/context as we only include them in request records/traces
+          location_h = {}
+          location_h.merge!(stack_trace: attack.backtrace) if attack.backtrace
+          location_h.merge!(datadog_trace_id: datadog_trace_id) if attack.datadog_trace_id
+          location_h.merge!(datadog_span_id: datadog_span_id) if attack.datadog_span_id
+          location = Kit::Signals::Location.new(location_h) unless location_h.empty?
+
           Kit::Signals::Specialized::Attack.new(
             signal_name: "sq.agent.attack.#{attack.attack_type}",
             source: "sqreen:rule:#{attack.rulespack_id}:#{attack.rule_name}",
             time: attack.time,
-            location: Kit::Signals::Location.new(stack_trace: attack.backtrace),
+            location: location,
             payload: Kit::Signals::Specialized::Attack::Payload.new(
               test: attack.test?,
               block: attack.block?,
@@ -59,11 +65,17 @@ module Sqreen
 
         # see Sqreen::Rules::RuleCB.record_event
         def convert_unstructured_attack(payload)
+          location_h = {}
+          location_h.merge!(stack_trace: payload[:backtrace]) if payload[:backtrace]
+          location_h.merge!(datadog_trace_id: payload[:datadog_trace_id]) if payload[:datadog_span_id]
+          location_h.merge!(datadog_span_id: payload[:datadog_span_id]) if payload[:datadog_span_id]
+          location = Kit::Signals::Location.new(location_h) unless location_h.empty?
+
           Kit::Signals::Specialized::Attack.new(
             signal_name: "sq.agent.attack.#{payload[:attack_type]}",
             source: "sqreen:rule:#{payload[:rulespack_id]}:#{payload[:rule_name]}",
             time: payload[:time],
-            location: (Kit::Signals::Location.new(stack_trace: payload[:backtrace]) if payload[:backtrace]),
+            location: location,
             payload: Kit::Signals::Specialized::Attack::Payload.new(
               test: payload[:test],
               block: payload[:block],
@@ -185,12 +197,13 @@ module Sqreen
         # see Sqreen::RequestRecord.processed_sdk_calls
         def convert_track(call_info)
           options = call_info[:args][1] || {}
+          args = options[:args] || {}
           Kit::Signals::Specialized::SdkTrackCall.new(
             signal_name: "sq.sdk.#{call_info[:args][0]}",
             time: call_info[:time],
             payload: Kit::Signals::Specialized::SdkTrackCall::Payload.new(
-              properties: options[:properties],
-              user_identifiers: options[:user_identifiers]
+              properties: args[:properties],
+              user_identifiers: args[:user_identifiers]
             )
           )
         end
@@ -234,6 +247,9 @@ module Sqreen
               status: resp_payload[:status],
               content_length: resp_payload[:content_length],
               content_type: resp_payload[:content_type],
+              # datadog
+              datadog_trace_id: req_payload[:datadog_trace_id],
+              datadog_span_id: req_payload[:datadog_span_id],
             }
           )
         end

data/lib/sqreen/version.rb

@@ -4,5 +4,5 @@
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 
 module Sqreen
-  VERSION = '1.23.0'.freeze
+  VERSION = '1.25.0'.freeze
 end

data/lib/sqreen/weave/legacy/instrumentation.rb

@@ -180,6 +180,8 @@ class Sqreen::Weave::Legacy::Instrumentation
         else
           Sqreen::Weave.logger.error { "rule: #{rule['name']} singed: true result: fail" }
         end
+
+        valid
       end
       if invalid_rules.any?
         Sqreen::Weave.logger.error { "weave: instrument status: abort reason: signature result: fail" }
@@ -242,6 +244,9 @@ class Sqreen::Weave::Legacy::Instrumentation
 
         # shrinkwrap_timer = Sqreen::Graft::Timer.new('weave,shrinkwrap')
         # shrinkwrap_timer.start
+        if defined?(Datadog) && Datadog.tracer && (datadog_span = Datadog.tracer.active_root_span)
+          Sqreen::Weave.logger.debug { "request datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
+        end
 
         request_timer = Sqreen::Graft::Timer.new("request")
         request_timer.start
@@ -267,6 +272,7 @@ class Sqreen::Weave::Legacy::Instrumentation
           timed_level: timed_level,
           skipped_callbacks: [],
           # timed_shrinkwrap: shrinkwrap_timer,
+          datadog_span: datadog_span,
         }
 
         # shrinkwrap_timer.stop

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.23.0
+  version: 1.25.0
 platform: ruby
 authors:
 - Sqreen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-15 00:00:00.000000000 Z
+date: 1980-01-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sqreen-backport
@@ -30,34 +30,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: 0.2.4
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.2.2
+        version: 0.2.4
 - !ruby/object:Gem::Dependency
-  name: sq_mini_racer
+  name: mini_racer
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.2'
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.a
+        version: 0.4.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.2'
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.4.a
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: libsqreen
   requirement: !ruby/object:Gem::Requirement
@@ -75,7 +69,8 @@ dependencies:
 description: Sqreen is a SaaS based Application protection and monitoring platform
   that integrates directly into your Ruby applications. Learn more at https://sqreen.com.
 email: contact@sqreen.com
-executables: []
+executables:
+- sqreen
 extensions: []
 extra_rdoc_files: []
 files:
@@ -84,6 +79,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- bin/sqreen
 - lib/sqreen.rb
 - lib/sqreen/actions.rb
 - lib/sqreen/actions/actions_index.rb
@@ -198,7 +194,11 @@ files:
 - lib/sqreen/graft/call.rb
 - lib/sqreen/graft/callback.rb
 - lib/sqreen/graft/hook.rb
+- lib/sqreen/graft/hook.ruby_2.rb
+- lib/sqreen/graft/hook.ruby_3.rb
 - lib/sqreen/graft/hook_point.rb
+- lib/sqreen/graft/hook_point.ruby_2.rb
+- lib/sqreen/graft/hook_point.ruby_3.rb
 - lib/sqreen/graft/hook_point_error.rb
 - lib/sqreen/invalid_signature_exception.rb
 - lib/sqreen/js.rb
@@ -341,14 +341,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 1.9.3
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.2.26
 signing_key:
 specification_version: 4
 summary: Sqreen Ruby agent