sqreen 1.24.0 → 1.25.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -0
- data/lib/sqreen/dependency/sinatra.rb +20 -0
- data/lib/sqreen/graft/hook.ruby_3.rb +1 -1
- data/lib/sqreen/js/js_service.rb +16 -1
- data/lib/sqreen/js/mini_racer_adapter.rb +1 -1
- data/lib/sqreen/js/mini_racer_executable_js.rb +1 -1
- data/lib/sqreen/rules/devise_signup_track_cb.rb +1 -1
- data/lib/sqreen/rules/rule_cb.rb +9 -0
- data/lib/sqreen/rules/waf_cb.rb +1 -1
- data/lib/sqreen/signals/conversions.rb +3 -2
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/legacy/instrumentation.rb +1 -2
- metadata +11 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 91d799812d8133a1915b8174bc71b1986028bbea556ed445cc8bd8c240176d96
|
4
|
+
data.tar.gz: d7f9e221109affd64736c772f030ba618dba20cdbaac1b5369772e2d151b12ff
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 996a203e716bb890c32c00d75b89e534e78e7fad75dc1ec05acf1089cfc2865ab1d907ea5f364dacd377cbf3e102f3a1ca14ac246a1960a3986334cb5f3de698
|
7
|
+
data.tar.gz: 8af17107b023e921b9a660126cc368eb43893724b35c7af76afb6461c623e8d80c9d35f5537af9078b51df8d8f84d6a44b361595249e6db514e64c5e24594bd7
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,25 @@
|
|
1
|
+
## 1.25.0
|
2
|
+
|
3
|
+
* Switch from old sq_mini_racer to upstream mini_racer
|
4
|
+
* Support Ruby 3.1
|
5
|
+
* Restrict compatiblity to Ruby 2.6 and up
|
6
|
+
|
7
|
+
## 1.24.3
|
8
|
+
|
9
|
+
* Fix WAF exception reporting corner case
|
10
|
+
|
11
|
+
## 1.24.2
|
12
|
+
|
13
|
+
* Fix kwargs for rule callbacks on Ruby 3+
|
14
|
+
* Fix properties propagation for custom events
|
15
|
+
* Fix Devise key type mismatch for signup
|
16
|
+
|
17
|
+
## 1.24.1
|
18
|
+
|
19
|
+
* Add Datadog trace keeping through sampling
|
20
|
+
* Improve Datadog correlation compatibility with Sinatra
|
21
|
+
* Improve attack event correlation with Datadog spans
|
22
|
+
|
1
23
|
## 1.24.0
|
2
24
|
|
3
25
|
* Add Sqreen event correlation with Datadog traces
|
@@ -61,6 +61,26 @@ module Sqreen
|
|
61
61
|
u.append(p)
|
62
62
|
end
|
63
63
|
end
|
64
|
+
|
65
|
+
insert_datadog_middleware(builder, *args, &block)
|
66
|
+
end
|
67
|
+
|
68
|
+
def insert_datadog_middleware(builder, *args, &block)
|
69
|
+
return unless defined?(Datadog) && Datadog.respond_to?(:configuration) && Datadog.configuration.instrumented_integrations.key?(:sinatra)
|
70
|
+
|
71
|
+
Datadog.configure do |c|
|
72
|
+
sinatra_config = Datadog.configuration[:sinatra]
|
73
|
+
|
74
|
+
c.use(
|
75
|
+
:rack,
|
76
|
+
service_name: sinatra_config[:service_name],
|
77
|
+
distributed_tracing: sinatra_config[:distributed_tracing],
|
78
|
+
) unless Datadog.configuration.instrumented_integrations.key?(:rack)
|
79
|
+
end
|
80
|
+
|
81
|
+
insert_middleware(builder, Datadog::Contrib::Rack::TraceMiddleware, args, block) do |p, u|
|
82
|
+
u.insert(0, p)
|
83
|
+
end
|
64
84
|
end
|
65
85
|
|
66
86
|
def wrap_middleware(middleware, *args, &block)
|
@@ -112,7 +112,7 @@ module Sqreen
|
|
112
112
|
|
113
113
|
flow = catch(Ball.new) do |ball|
|
114
114
|
Timer.new(c.name, &timed_callbacks_proc).measure(ignore: chrono) do
|
115
|
-
c.call(CallbackCall.new(c, remaining, hooked_call.instance, hooked_call.args_passed), ball)
|
115
|
+
c.call(CallbackCall.new(c, remaining, hooked_call.instance, kwargs.empty? ? hooked_call.args_passed : hooked_call.args_passed + [kwargs]), ball)
|
116
116
|
end
|
117
117
|
end
|
118
118
|
|
data/lib/sqreen/js/js_service.rb
CHANGED
@@ -33,7 +33,7 @@ module Sqreen
|
|
33
33
|
private
|
34
34
|
|
35
35
|
def detect_adapter
|
36
|
-
@online = try_sq_mini_racer || try_rhino
|
36
|
+
@online = try_sq_mini_racer || try_mini_racer || try_rhino
|
37
37
|
|
38
38
|
Sqreen.log.info "JS engine online: #{variant}" if @online
|
39
39
|
end
|
@@ -53,6 +53,21 @@ module Sqreen
|
|
53
53
|
false
|
54
54
|
end
|
55
55
|
|
56
|
+
def try_mini_racer
|
57
|
+
gem = Gem.loaded_specs['mini_racer']
|
58
|
+
unless gem
|
59
|
+
Sqreen.log.info "mini_racer gem not detected"
|
60
|
+
return false
|
61
|
+
end
|
62
|
+
|
63
|
+
require 'mini_racer'
|
64
|
+
require 'sqreen/js/mini_racer_adapter'
|
65
|
+
@adapter = MiniRacerAdapter.new(false)
|
66
|
+
rescue LoadError => e
|
67
|
+
Sqreen.log.warn "Failed loading mini_racer: #{e}"
|
68
|
+
false
|
69
|
+
end
|
70
|
+
|
56
71
|
def try_rhino
|
57
72
|
gem = Gem.loaded_specs['therubyrhino']
|
58
73
|
unless gem
|
@@ -34,7 +34,7 @@ module Sqreen
|
|
34
34
|
|
35
35
|
def self.static_init
|
36
36
|
return if @done_static_init
|
37
|
-
Sqreen::MiniRacer::Platform.set_flags! :noconcurrent_recompilation
|
37
|
+
Sqreen::MiniRacer::Platform.set_flags! :noconcurrent_recompilation if @vendored
|
38
38
|
@done_static_init = true
|
39
39
|
end
|
40
40
|
end
|
@@ -118,7 +118,7 @@ module Sqreen
|
|
118
118
|
|
119
119
|
# garbage collections max 1 in every 4 calls (avg)
|
120
120
|
if heap_stats[:total_heap_size] > @gc_threshold_in_bytes
|
121
|
-
low_memory_notification
|
121
|
+
low_memory_notification if respond_to?(:low_memory_notification)
|
122
122
|
@gc_load += 4
|
123
123
|
else
|
124
124
|
@gc_load = [0, @gc_load - 1].max
|
@@ -20,7 +20,7 @@ module Sqreen
|
|
20
20
|
keys = args[1].class.authentication_keys
|
21
21
|
ip = framework.client_ip
|
22
22
|
category = 'auto-signup'
|
23
|
-
data = data.select { |k, _| keys.include?(k) }
|
23
|
+
data = data.select { |k, _| keys.map(&:to_s).include?(k.to_s) }
|
24
24
|
|
25
25
|
if data.empty?
|
26
26
|
Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
|
data/lib/sqreen/rules/rule_cb.rb
CHANGED
@@ -70,6 +70,15 @@ module Sqreen
|
|
70
70
|
if payload_tpl.include?('context')
|
71
71
|
payload[:backtrace] = Sqreen::Context.new.bt
|
72
72
|
end
|
73
|
+
if framework.respond_to?(:datadog_span) && (datadog_span = framework.datadog_span)
|
74
|
+
Sqreen::Weave.logger.debug { "attack datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
|
75
|
+
payload.merge!(
|
76
|
+
:datadog_trace_id => datadog_span.trace_id,
|
77
|
+
:datadog_span_id => datadog_span.span_id,
|
78
|
+
)
|
79
|
+
datadog_span.set_tag(Datadog::Ext::ManualTracing::TAG_KEEP, true)
|
80
|
+
datadog_span.set_tag('sqreen.event', true)
|
81
|
+
end
|
73
82
|
framework.observe(:attacks, payload, payload_tpl)
|
74
83
|
end
|
75
84
|
|
data/lib/sqreen/rules/waf_cb.rb
CHANGED
@@ -197,12 +197,13 @@ module Sqreen
|
|
197
197
|
# see Sqreen::RequestRecord.processed_sdk_calls
|
198
198
|
def convert_track(call_info)
|
199
199
|
options = call_info[:args][1] || {}
|
200
|
+
args = options[:args] || {}
|
200
201
|
Kit::Signals::Specialized::SdkTrackCall.new(
|
201
202
|
signal_name: "sq.sdk.#{call_info[:args][0]}",
|
202
203
|
time: call_info[:time],
|
203
204
|
payload: Kit::Signals::Specialized::SdkTrackCall::Payload.new(
|
204
|
-
properties:
|
205
|
-
user_identifiers:
|
205
|
+
properties: args[:properties],
|
206
|
+
user_identifiers: args[:user_identifiers]
|
206
207
|
)
|
207
208
|
)
|
208
209
|
end
|
data/lib/sqreen/version.rb
CHANGED
@@ -244,8 +244,7 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
244
244
|
|
245
245
|
# shrinkwrap_timer = Sqreen::Graft::Timer.new('weave,shrinkwrap')
|
246
246
|
# shrinkwrap_timer.start
|
247
|
-
if defined?(Datadog)
|
248
|
-
datadog_span = Datadog.tracer.active_root_span
|
247
|
+
if defined?(Datadog) && Datadog.tracer && (datadog_span = Datadog.tracer.active_root_span)
|
249
248
|
Sqreen::Weave.logger.debug { "request datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
|
250
249
|
end
|
251
250
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sqreen
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.25.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sqreen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 1980-01-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sqreen-backport
|
@@ -30,34 +30,28 @@ dependencies:
|
|
30
30
|
requirements:
|
31
31
|
- - "~>"
|
32
32
|
- !ruby/object:Gem::Version
|
33
|
-
version: 0.2.
|
33
|
+
version: 0.2.4
|
34
34
|
type: :runtime
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 0.2.
|
40
|
+
version: 0.2.4
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
|
-
name:
|
42
|
+
name: mini_racer
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
|
-
- - "
|
46
|
-
- !ruby/object:Gem::Version
|
47
|
-
version: '0.2'
|
48
|
-
- - "<"
|
45
|
+
- - ">="
|
49
46
|
- !ruby/object:Gem::Version
|
50
|
-
version: 0.
|
47
|
+
version: 0.4.0
|
51
48
|
type: :runtime
|
52
49
|
prerelease: false
|
53
50
|
version_requirements: !ruby/object:Gem::Requirement
|
54
51
|
requirements:
|
55
|
-
- - "
|
56
|
-
- !ruby/object:Gem::Version
|
57
|
-
version: '0.2'
|
58
|
-
- - "<"
|
52
|
+
- - ">="
|
59
53
|
- !ruby/object:Gem::Version
|
60
|
-
version: 0.
|
54
|
+
version: 0.4.0
|
61
55
|
- !ruby/object:Gem::Dependency
|
62
56
|
name: libsqreen
|
63
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -347,14 +341,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
347
341
|
requirements:
|
348
342
|
- - ">="
|
349
343
|
- !ruby/object:Gem::Version
|
350
|
-
version: '2.
|
344
|
+
version: '2.6'
|
351
345
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
352
346
|
requirements:
|
353
347
|
- - ">="
|
354
348
|
- !ruby/object:Gem::Version
|
355
349
|
version: '0'
|
356
350
|
requirements: []
|
357
|
-
rubygems_version: 3.2.
|
351
|
+
rubygems_version: 3.2.26
|
358
352
|
signing_key:
|
359
353
|
specification_version: 4
|
360
354
|
summary: Sqreen Ruby agent
|