sqreen 0.7.01462198090 → 0.7.01464629603

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 82879df472bd9f9073f22c8b184ff6130411dc3e
-  data.tar.gz: 6facb510cddc20a50eb3344be33438426a80c538
+  metadata.gz: 192a7661d705323a2231c73cb7101a28e183c54e
+  data.tar.gz: 8ee71b4f23eecf8156755c3ce2e228f49a355d8c
 SHA512:
-  metadata.gz: bda94f5b6a2f6b618f28726fe8fb0211f5788d72e12116c2e784d9bb63d89f61c96bd0d65a6c9d07c4cbfbe82a332811cbe166d8e6041fae90c5f74478ba68af
-  data.tar.gz: 4d5fa4fc59e0a19b3cdcb127fd3583f75ed9fc8b0737c2ebe6238104b46b5d969e444ebd1b3fdbdd74e347c0d8b30aaffab28c90850f19595b7c918813aaafb3
+  metadata.gz: 9cc79b500fc8f2ad8e22f2e464982420677b32a70189f08c50a48341bd0bcc80e29f131eda961344875bc9df305263300ccd067cbd834ddce8fc288b7c4e9947
+  data.tar.gz: 8825f4ef858f66786b55f80ee7287f6274341a372a2ac6cf7707c354b0a3293953a20237c45ef00a832d587b7ddba8a507b388aa7de9583ec7f48d0f3f716f9d

data/lib/sqreen/condition_evaluator.rb

@@ -41,11 +41,28 @@ class ConditionEvaluator
         return false if hval.respond_to?(:empty?) && hval.empty?
         v = hval.to_s
         return false if v.size < min_value_size
-        value.to_s.include?(v)
+        ConditionEvaluator.str_include?(value.to_s, v)
       end
     end
   end
 
+  # Test is a str contains what. Rencode if necessary
+  def self.str_include?(str, what)
+    str1 = if str.encoding != Encoding::UTF_8
+             str.encode(Encoding::UTF_8, :invalid => :replace,
+                                         :undef => :replace)
+           else
+             str
+           end
+    str2 = if what.encoding != Encoding::UTF_8
+             what.encode(Encoding::UTF_8, :invalid => :replace,
+                                          :undef => :replace)
+           else
+             what
+           end
+    str1.include?(str2)
+  end
+
   # Initialize evaluator
   # @param cond [Hash] condition Hash
   def initialize(cond)
@@ -156,7 +173,11 @@ class ConditionEvaluator
                unless res[0].respond_to?(:include?)
                  raise(Sqreen::Exception, "no include on res #{res[0].inspect}")
                end
-               res[0].include?(res[1])
+               if res[0].is_a?(String)
+                 ConditionEvaluator.str_include?(res[0], res[1])
+               else
+                 res[0].include?(res[1])
+               end
              when HASH_INC_OPERATOR
                ConditionEvaluator.hash_val_include?(res[0], res[1], res[2])
              else

data/lib/sqreen/exception.rb

@@ -28,4 +28,7 @@ module Sqreen
 
   class NotImplementedYet < Exception
   end
+
+  class InvalidSignatureException < Exception
+  end
 end

data/lib/sqreen/instrumentation.rb

@@ -483,7 +483,7 @@ module Sqreen
       if Sqreen.features['rules_signature']         &&
          Sqreen.config_get(:rules_verify_signature) &&
          !defined?(::JRUBY_VERSION)
-        verifier = Sqreen::RulesSignature.new
+        verifier = Sqreen::SqreenSignedVerifier.new
       else
         Sqreen.log.debug('Rules signature is not enabled')
       end

data/lib/sqreen/rules.rb

@@ -44,7 +44,9 @@ module Sqreen
     # @param verifier      [SqreenSignedVerifier] Signed verifier
     def self::cb_from_rule(hash_rule, metrics_store = nil, verifier = nil)
       # Check rules signature
-      verifier.verify(hash_rule) if verifier
+      if verifier
+        raise InvalidSignatureException unless verifier.verify(hash_rule)
+      end
 
       hook = hash_rule[Attrs::HOOKPOINT]
       klass = hook[Attrs::KLASS]

data/lib/sqreen/rules_callbacks/execjs.rb

@@ -75,6 +75,9 @@ module Sqreen
                                      k
                                    end)] = ret[k] end
           record_event(ret[:record]) unless ret[:record].nil?
+          unless ret['observations'].nil?
+            ret['observations'].each { |obs| record_observation(*obs) }
+          end
           return !ret[:call].nil?
         else
           raise Sqreen::Exception, "Invalid return type #{ret.inspect}"

data/lib/sqreen/rules_callbacks/headers_insert.rb

@@ -5,14 +5,16 @@ require 'sqreen/rule_callback'
 
 module Sqreen
   module Rules
-    SQREEN_HEADER_NAME = 'X-Protected-By'.freeze
-    SQREEN_HEADER_VALUE = 'Sqreen'.freeze
-
     # Display sqreen presence
     class HeadersInsertCB < RuleCB
       def post(rv, _inst, *_args, &_block)
         return unless rv && rv.respond_to?(:[]) && rv[1].is_a?(Hash)
-        rv[1][SQREEN_HEADER_NAME] = SQREEN_HEADER_VALUE
+        return nil unless @data
+        headers = @data['values'] || []
+        return if headers.empty?
+        headers.each do |name, value|
+          rv[1][name] = value
+        end
         nil
       end
     end

data/lib/sqreen/rules_callbacks/inspect_rule.rb

@@ -8,12 +8,17 @@ module Sqreen
     class InspectRuleCB < RuleCB
       def pre(_inst, *args, &_block)
         Sqreen.log.debug { "<< #{@klass} #{@method} #{Thread.current}" }
-        Sqreen.log.debug { args.join ' ' }
+        Sqreen.log.debug { args.map(&:inspect).join(' ') }
       end
 
-      def post(_rv, _inst, *_args, &_block)
-        Sqreen.log.debug { ">> #{@klass} #{@method} #{Thread.current}" }
-        byebug if defined? byebug and @data.is_a?(Hash) and @data[:break] == 1
+      def post(rv, _inst, *_args, &_block)
+        Sqreen.log.debug { ">> #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
+        byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
+      end
+
+      def failing(rv, _inst, *_args, &_block)
+        Sqreen.log.debug { "># #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
+        byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
       end
     end
   end

data/lib/sqreen/rules_signature.rb

@@ -29,7 +29,7 @@ module Sqreen
     REQUIRED_SIGNED_KEYS = %w(hookpoint name callbacks conditions).freeze
     SIGNATURE_KEY        = 'signature'.freeze
     SIGNATURE_VALUE_KEY  = 'value'.freeze
-    SIGNED_KEYS_KEY      = 'signed_keys'.freeze
+    SIGNED_KEYS_KEY      = 'keys'.freeze
     SIGNATURE_VERSION    = 'v0_9'.freeze
     PUBLIC_KEY           = <<-END.gsub(/^ */, '').freeze
     -----BEGIN PUBLIC KEY-----
@@ -114,14 +114,14 @@ module Sqreen
       raise Sqreen::Exception, 'no signature found' unless sigs
 
       sig = sigs[SIGNATURE_VERSION]
-      msg = "signature #{SIGNATURE_VERSION} not found"
+      msg = "signature #{SIGNATURE_VERSION} not found (#{sigs})"
       raise Sqreen::Exception, msg unless sig
 
       sig_value = sig[SIGNATURE_VALUE_KEY]
       raise Sqreen::Exception, 'no signature value found' unless sig_value
 
       signed_keys = sig[SIGNED_KEYS_KEY]
-      raise Sqreen::Exception, 'no signed keys found' unless signed_keys
+      raise Sqreen::Exception, "no signed keys found (#{sig})" unless signed_keys
 
       inc = Set.new(signed_keys).superset?(Set.new(@required_signed_keys))
       raise Sqreen::Exception, 'signed keys miss equired keys' unless inc
@@ -130,6 +130,8 @@ module Sqreen
     end
 
     def verify(hash_rule)
+      # Return true if rule signature is correct, else false
+
       signed_keys, sig_value = get_sig_infos_or_fail(hash_rule)
 
       norm_str = normalize(hash_rule, signed_keys)

data/lib/sqreen/version.rb

@@ -2,5 +2,5 @@
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 # Warning This file is auto generated! DO NOT edit.
 module Sqreen
-  VERSION = "0.7.01462198090".freeze
+  VERSION = "0.7.01464629603".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 0.7.01462198090
+  version: 0.7.01464629603
 platform: ruby
 authors:
 - Sqreen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-05-02 00:00:00.000000000 Z
+date: 2016-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: execjs
@@ -137,7 +137,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.2
+rubygems_version: 2.6.4
 signing_key: 
 specification_version: 4
 summary: Sqreen Ruby agent