sqreen 1.23.2 → 1.24.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/lib/sqreen/dependency/sinatra.rb +20 -0
- data/lib/sqreen/events/attack.rb +8 -0
- data/lib/sqreen/frameworks/generic.rb +12 -1
- data/lib/sqreen/graft/hook.ruby_3.rb +1 -1
- data/lib/sqreen/rules/devise_signup_track_cb.rb +1 -1
- data/lib/sqreen/rules/rule_cb.rb +9 -0
- data/lib/sqreen/rules/waf_cb.rb +1 -1
- data/lib/sqreen/signals/conversions.rb +20 -4
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/legacy/instrumentation.rb +4 -0
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 63ea0b26ac35ae810d92bb1f7dee78283af5104c05ea064c20105178e915b109
|
|
4
|
+
data.tar.gz: ebba0fd2eaffc1c6af1a53949e40e9f06ac58129c5d40b2041db3be0463c8e19
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0d4cd02caf498bb7c25b4882b4f095586bd177058a6f4251945914ea236152d0484f326a07bcf2404bd0524678a136ab240908c4039fd9ee5f6e81a2d0b2d277
|
|
7
|
+
data.tar.gz: 186e6a5585a8db09bd03cdf85f9a2b6fdaee67a83cf29f06ecc48552d9a10ce37a2f663126c076676ef8f9cbaa6848bb8d893c50a1650f1621eb9629c0742f85
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,23 @@
|
|
|
1
|
+
## 1.24.3
|
|
2
|
+
|
|
3
|
+
* Fix WAF exception reporting corner case
|
|
4
|
+
|
|
5
|
+
## 1.24.2
|
|
6
|
+
|
|
7
|
+
* Fix kwargs for rule callbacks on Ruby 3+
|
|
8
|
+
* Fix properties propagation for custom events
|
|
9
|
+
* Fix Devise key type mismatch for signup
|
|
10
|
+
|
|
11
|
+
## 1.24.1
|
|
12
|
+
|
|
13
|
+
* Add Datadog trace keeping through sampling
|
|
14
|
+
* Improve Datadog correlation compatibility with Sinatra
|
|
15
|
+
* Improve attack event correlation with Datadog spans
|
|
16
|
+
|
|
17
|
+
## 1.24.0
|
|
18
|
+
|
|
19
|
+
* Add Sqreen event correlation with Datadog traces
|
|
20
|
+
|
|
1
21
|
## 1.23.2
|
|
2
22
|
|
|
3
23
|
* Fix compatibility with NewRelic for attack events
|
|
@@ -61,6 +61,26 @@ module Sqreen
|
|
|
61
61
|
u.append(p)
|
|
62
62
|
end
|
|
63
63
|
end
|
|
64
|
+
|
|
65
|
+
insert_datadog_middleware(builder, *args, &block)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def insert_datadog_middleware(builder, *args, &block)
|
|
69
|
+
return unless defined?(Datadog) && Datadog.respond_to?(:configuration) && Datadog.configuration.instrumented_integrations.key?(:sinatra)
|
|
70
|
+
|
|
71
|
+
Datadog.configure do |c|
|
|
72
|
+
sinatra_config = Datadog.configuration[:sinatra]
|
|
73
|
+
|
|
74
|
+
c.use(
|
|
75
|
+
:rack,
|
|
76
|
+
service_name: sinatra_config[:service_name],
|
|
77
|
+
distributed_tracing: sinatra_config[:distributed_tracing],
|
|
78
|
+
) unless Datadog.configuration.instrumented_integrations.key?(:rack)
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
insert_middleware(builder, Datadog::Contrib::Rack::TraceMiddleware, args, block) do |p, u|
|
|
82
|
+
u.insert(0, p)
|
|
83
|
+
end
|
|
64
84
|
end
|
|
65
85
|
|
|
66
86
|
def wrap_middleware(middleware, *args, &block)
|
data/lib/sqreen/events/attack.rb
CHANGED
|
@@ -63,6 +63,14 @@ module Sqreen
|
|
|
63
63
|
payload['context']['backtrace']
|
|
64
64
|
end
|
|
65
65
|
|
|
66
|
+
def datadog_trace_id
|
|
67
|
+
payload['context']['datadog_trace_id']
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
def datadog_span_id
|
|
71
|
+
payload['context']['datadog_span_id']
|
|
72
|
+
end
|
|
73
|
+
|
|
66
74
|
def enqueue
|
|
67
75
|
Sqreen.queue.push(self)
|
|
68
76
|
end
|
|
@@ -173,7 +173,18 @@ module Sqreen
|
|
|
173
173
|
:remote_port => req.env['REMOTE_PORT'],
|
|
174
174
|
:remote_ip => remote_addr,
|
|
175
175
|
:client_ip => client_ip,
|
|
176
|
-
}
|
|
176
|
+
}.tap do |h|
|
|
177
|
+
h.merge!(
|
|
178
|
+
:datadog_trace_id => datadog_span.trace_id,
|
|
179
|
+
:datadog_span_id => datadog_span.span_id,
|
|
180
|
+
) if datadog_span
|
|
181
|
+
end
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
def datadog_span
|
|
185
|
+
return unless defined?(Datadog) && (tracer = Datadog.tracer)
|
|
186
|
+
|
|
187
|
+
tracer.active_span
|
|
177
188
|
end
|
|
178
189
|
|
|
179
190
|
def response_infos
|
|
@@ -112,7 +112,7 @@ module Sqreen
|
|
|
112
112
|
|
|
113
113
|
flow = catch(Ball.new) do |ball|
|
|
114
114
|
Timer.new(c.name, &timed_callbacks_proc).measure(ignore: chrono) do
|
|
115
|
-
c.call(CallbackCall.new(c, remaining, hooked_call.instance, hooked_call.args_passed), ball)
|
|
115
|
+
c.call(CallbackCall.new(c, remaining, hooked_call.instance, kwargs.empty? ? hooked_call.args_passed : hooked_call.args_passed + [kwargs]), ball)
|
|
116
116
|
end
|
|
117
117
|
end
|
|
118
118
|
|
|
@@ -20,7 +20,7 @@ module Sqreen
|
|
|
20
20
|
keys = args[1].class.authentication_keys
|
|
21
21
|
ip = framework.client_ip
|
|
22
22
|
category = 'auto-signup'
|
|
23
|
-
data = data.select { |k, _| keys.include?(k) }
|
|
23
|
+
data = data.select { |k, _| keys.map(&:to_s).include?(k.to_s) }
|
|
24
24
|
|
|
25
25
|
if data.empty?
|
|
26
26
|
Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
|
data/lib/sqreen/rules/rule_cb.rb
CHANGED
|
@@ -70,6 +70,15 @@ module Sqreen
|
|
|
70
70
|
if payload_tpl.include?('context')
|
|
71
71
|
payload[:backtrace] = Sqreen::Context.new.bt
|
|
72
72
|
end
|
|
73
|
+
if framework.respond_to?(:datadog_span) && (datadog_span = framework.datadog_span)
|
|
74
|
+
Sqreen::Weave.logger.debug { "attack datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
|
|
75
|
+
payload.merge!(
|
|
76
|
+
:datadog_trace_id => datadog_span.trace_id,
|
|
77
|
+
:datadog_span_id => datadog_span.span_id,
|
|
78
|
+
)
|
|
79
|
+
datadog_span.set_tag(Datadog::Ext::ManualTracing::TAG_KEEP, true)
|
|
80
|
+
datadog_span.set_tag('sqreen.event', true)
|
|
81
|
+
end
|
|
73
82
|
framework.observe(:attacks, payload, payload_tpl)
|
|
74
83
|
end
|
|
75
84
|
|
data/lib/sqreen/rules/waf_cb.rb
CHANGED
|
@@ -44,11 +44,17 @@ module Sqreen
|
|
|
44
44
|
# XXX: not used because we don't use Sqreen::Attack
|
|
45
45
|
def convert_attack(attack)
|
|
46
46
|
# no need to set actor/context as we only include them in request records/traces
|
|
47
|
+
location_h = {}
|
|
48
|
+
location_h.merge!(stack_trace: attack.backtrace) if attack.backtrace
|
|
49
|
+
location_h.merge!(datadog_trace_id: datadog_trace_id) if attack.datadog_trace_id
|
|
50
|
+
location_h.merge!(datadog_span_id: datadog_span_id) if attack.datadog_span_id
|
|
51
|
+
location = Kit::Signals::Location.new(location_h) unless location_h.empty?
|
|
52
|
+
|
|
47
53
|
Kit::Signals::Specialized::Attack.new(
|
|
48
54
|
signal_name: "sq.agent.attack.#{attack.attack_type}",
|
|
49
55
|
source: "sqreen:rule:#{attack.rulespack_id}:#{attack.rule_name}",
|
|
50
56
|
time: attack.time,
|
|
51
|
-
location:
|
|
57
|
+
location: location,
|
|
52
58
|
payload: Kit::Signals::Specialized::Attack::Payload.new(
|
|
53
59
|
test: attack.test?,
|
|
54
60
|
block: attack.block?,
|
|
@@ -59,11 +65,17 @@ module Sqreen
|
|
|
59
65
|
|
|
60
66
|
# see Sqreen::Rules::RuleCB.record_event
|
|
61
67
|
def convert_unstructured_attack(payload)
|
|
68
|
+
location_h = {}
|
|
69
|
+
location_h.merge!(stack_trace: payload[:backtrace]) if payload[:backtrace]
|
|
70
|
+
location_h.merge!(datadog_trace_id: payload[:datadog_trace_id]) if payload[:datadog_span_id]
|
|
71
|
+
location_h.merge!(datadog_span_id: payload[:datadog_span_id]) if payload[:datadog_span_id]
|
|
72
|
+
location = Kit::Signals::Location.new(location_h) unless location_h.empty?
|
|
73
|
+
|
|
62
74
|
Kit::Signals::Specialized::Attack.new(
|
|
63
75
|
signal_name: "sq.agent.attack.#{payload[:attack_type]}",
|
|
64
76
|
source: "sqreen:rule:#{payload[:rulespack_id]}:#{payload[:rule_name]}",
|
|
65
77
|
time: payload[:time],
|
|
66
|
-
location:
|
|
78
|
+
location: location,
|
|
67
79
|
payload: Kit::Signals::Specialized::Attack::Payload.new(
|
|
68
80
|
test: payload[:test],
|
|
69
81
|
block: payload[:block],
|
|
@@ -185,12 +197,13 @@ module Sqreen
|
|
|
185
197
|
# see Sqreen::RequestRecord.processed_sdk_calls
|
|
186
198
|
def convert_track(call_info)
|
|
187
199
|
options = call_info[:args][1] || {}
|
|
200
|
+
args = options[:args] || {}
|
|
188
201
|
Kit::Signals::Specialized::SdkTrackCall.new(
|
|
189
202
|
signal_name: "sq.sdk.#{call_info[:args][0]}",
|
|
190
203
|
time: call_info[:time],
|
|
191
204
|
payload: Kit::Signals::Specialized::SdkTrackCall::Payload.new(
|
|
192
|
-
properties:
|
|
193
|
-
user_identifiers:
|
|
205
|
+
properties: args[:properties],
|
|
206
|
+
user_identifiers: args[:user_identifiers]
|
|
194
207
|
)
|
|
195
208
|
)
|
|
196
209
|
end
|
|
@@ -234,6 +247,9 @@ module Sqreen
|
|
|
234
247
|
status: resp_payload[:status],
|
|
235
248
|
content_length: resp_payload[:content_length],
|
|
236
249
|
content_type: resp_payload[:content_type],
|
|
250
|
+
# datadog
|
|
251
|
+
datadog_trace_id: req_payload[:datadog_trace_id],
|
|
252
|
+
datadog_span_id: req_payload[:datadog_span_id],
|
|
237
253
|
}
|
|
238
254
|
)
|
|
239
255
|
end
|
data/lib/sqreen/version.rb
CHANGED
|
@@ -244,6 +244,9 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
|
244
244
|
|
|
245
245
|
# shrinkwrap_timer = Sqreen::Graft::Timer.new('weave,shrinkwrap')
|
|
246
246
|
# shrinkwrap_timer.start
|
|
247
|
+
if defined?(Datadog) && Datadog.tracer && (datadog_span = Datadog.tracer.active_root_span)
|
|
248
|
+
Sqreen::Weave.logger.debug { "request datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
|
|
249
|
+
end
|
|
247
250
|
|
|
248
251
|
request_timer = Sqreen::Graft::Timer.new("request")
|
|
249
252
|
request_timer.start
|
|
@@ -269,6 +272,7 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
|
269
272
|
timed_level: timed_level,
|
|
270
273
|
skipped_callbacks: [],
|
|
271
274
|
# timed_shrinkwrap: shrinkwrap_timer,
|
|
275
|
+
datadog_span: datadog_span,
|
|
272
276
|
}
|
|
273
277
|
|
|
274
278
|
# shrinkwrap_timer.stop
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sqreen
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.24.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sqreen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 1980-01-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: sqreen-backport
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: 0.2.
|
|
33
|
+
version: 0.2.4
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.2.
|
|
40
|
+
version: 0.2.4
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: sq_mini_racer
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -47,7 +47,7 @@ dependencies:
|
|
|
47
47
|
version: '0.2'
|
|
48
48
|
- - "<"
|
|
49
49
|
- !ruby/object:Gem::Version
|
|
50
|
-
version: 0.
|
|
50
|
+
version: 0.5.a
|
|
51
51
|
type: :runtime
|
|
52
52
|
prerelease: false
|
|
53
53
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -57,7 +57,7 @@ dependencies:
|
|
|
57
57
|
version: '0.2'
|
|
58
58
|
- - "<"
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
|
-
version: 0.
|
|
60
|
+
version: 0.5.a
|
|
61
61
|
- !ruby/object:Gem::Dependency
|
|
62
62
|
name: libsqreen
|
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -354,7 +354,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
354
354
|
- !ruby/object:Gem::Version
|
|
355
355
|
version: '0'
|
|
356
356
|
requirements: []
|
|
357
|
-
rubygems_version: 3.2.
|
|
357
|
+
rubygems_version: 3.2.26
|
|
358
358
|
signing_key:
|
|
359
359
|
specification_version: 4
|
|
360
360
|
summary: Sqreen Ruby agent
|