sqreen 0.7.01462198090 → 0.7.01464629603

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 82879df472bd9f9073f22c8b184ff6130411dc3e
4
- data.tar.gz: 6facb510cddc20a50eb3344be33438426a80c538
3
+ metadata.gz: 192a7661d705323a2231c73cb7101a28e183c54e
4
+ data.tar.gz: 8ee71b4f23eecf8156755c3ce2e228f49a355d8c
5
5
  SHA512:
6
- metadata.gz: bda94f5b6a2f6b618f28726fe8fb0211f5788d72e12116c2e784d9bb63d89f61c96bd0d65a6c9d07c4cbfbe82a332811cbe166d8e6041fae90c5f74478ba68af
7
- data.tar.gz: 4d5fa4fc59e0a19b3cdcb127fd3583f75ed9fc8b0737c2ebe6238104b46b5d969e444ebd1b3fdbdd74e347c0d8b30aaffab28c90850f19595b7c918813aaafb3
6
+ metadata.gz: 9cc79b500fc8f2ad8e22f2e464982420677b32a70189f08c50a48341bd0bcc80e29f131eda961344875bc9df305263300ccd067cbd834ddce8fc288b7c4e9947
7
+ data.tar.gz: 8825f4ef858f66786b55f80ee7287f6274341a372a2ac6cf7707c354b0a3293953a20237c45ef00a832d587b7ddba8a507b388aa7de9583ec7f48d0f3f716f9d
@@ -41,11 +41,28 @@ class ConditionEvaluator
41
41
  return false if hval.respond_to?(:empty?) && hval.empty?
42
42
  v = hval.to_s
43
43
  return false if v.size < min_value_size
44
- value.to_s.include?(v)
44
+ ConditionEvaluator.str_include?(value.to_s, v)
45
45
  end
46
46
  end
47
47
  end
48
48
 
49
+ # Test is a str contains what. Rencode if necessary
50
+ def self.str_include?(str, what)
51
+ str1 = if str.encoding != Encoding::UTF_8
52
+ str.encode(Encoding::UTF_8, :invalid => :replace,
53
+ :undef => :replace)
54
+ else
55
+ str
56
+ end
57
+ str2 = if what.encoding != Encoding::UTF_8
58
+ what.encode(Encoding::UTF_8, :invalid => :replace,
59
+ :undef => :replace)
60
+ else
61
+ what
62
+ end
63
+ str1.include?(str2)
64
+ end
65
+
49
66
  # Initialize evaluator
50
67
  # @param cond [Hash] condition Hash
51
68
  def initialize(cond)
@@ -156,7 +173,11 @@ class ConditionEvaluator
156
173
  unless res[0].respond_to?(:include?)
157
174
  raise(Sqreen::Exception, "no include on res #{res[0].inspect}")
158
175
  end
159
- res[0].include?(res[1])
176
+ if res[0].is_a?(String)
177
+ ConditionEvaluator.str_include?(res[0], res[1])
178
+ else
179
+ res[0].include?(res[1])
180
+ end
160
181
  when HASH_INC_OPERATOR
161
182
  ConditionEvaluator.hash_val_include?(res[0], res[1], res[2])
162
183
  else
@@ -28,4 +28,7 @@ module Sqreen
28
28
 
29
29
  class NotImplementedYet < Exception
30
30
  end
31
+
32
+ class InvalidSignatureException < Exception
33
+ end
31
34
  end
@@ -483,7 +483,7 @@ module Sqreen
483
483
  if Sqreen.features['rules_signature'] &&
484
484
  Sqreen.config_get(:rules_verify_signature) &&
485
485
  !defined?(::JRUBY_VERSION)
486
- verifier = Sqreen::RulesSignature.new
486
+ verifier = Sqreen::SqreenSignedVerifier.new
487
487
  else
488
488
  Sqreen.log.debug('Rules signature is not enabled')
489
489
  end
data/lib/sqreen/rules.rb CHANGED
@@ -44,7 +44,9 @@ module Sqreen
44
44
  # @param verifier [SqreenSignedVerifier] Signed verifier
45
45
  def self::cb_from_rule(hash_rule, metrics_store = nil, verifier = nil)
46
46
  # Check rules signature
47
- verifier.verify(hash_rule) if verifier
47
+ if verifier
48
+ raise InvalidSignatureException unless verifier.verify(hash_rule)
49
+ end
48
50
 
49
51
  hook = hash_rule[Attrs::HOOKPOINT]
50
52
  klass = hook[Attrs::KLASS]
@@ -75,6 +75,9 @@ module Sqreen
75
75
  k
76
76
  end)] = ret[k] end
77
77
  record_event(ret[:record]) unless ret[:record].nil?
78
+ unless ret['observations'].nil?
79
+ ret['observations'].each { |obs| record_observation(*obs) }
80
+ end
78
81
  return !ret[:call].nil?
79
82
  else
80
83
  raise Sqreen::Exception, "Invalid return type #{ret.inspect}"
@@ -5,14 +5,16 @@ require 'sqreen/rule_callback'
5
5
 
6
6
  module Sqreen
7
7
  module Rules
8
- SQREEN_HEADER_NAME = 'X-Protected-By'.freeze
9
- SQREEN_HEADER_VALUE = 'Sqreen'.freeze
10
-
11
8
  # Display sqreen presence
12
9
  class HeadersInsertCB < RuleCB
13
10
  def post(rv, _inst, *_args, &_block)
14
11
  return unless rv && rv.respond_to?(:[]) && rv[1].is_a?(Hash)
15
- rv[1][SQREEN_HEADER_NAME] = SQREEN_HEADER_VALUE
12
+ return nil unless @data
13
+ headers = @data['values'] || []
14
+ return if headers.empty?
15
+ headers.each do |name, value|
16
+ rv[1][name] = value
17
+ end
16
18
  nil
17
19
  end
18
20
  end
@@ -8,12 +8,17 @@ module Sqreen
8
8
  class InspectRuleCB < RuleCB
9
9
  def pre(_inst, *args, &_block)
10
10
  Sqreen.log.debug { "<< #{@klass} #{@method} #{Thread.current}" }
11
- Sqreen.log.debug { args.join ' ' }
11
+ Sqreen.log.debug { args.map(&:inspect).join(' ') }
12
12
  end
13
13
 
14
- def post(_rv, _inst, *_args, &_block)
15
- Sqreen.log.debug { ">> #{@klass} #{@method} #{Thread.current}" }
16
- byebug if defined? byebug and @data.is_a?(Hash) and @data[:break] == 1
14
+ def post(rv, _inst, *_args, &_block)
15
+ Sqreen.log.debug { ">> #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
16
+ byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
17
+ end
18
+
19
+ def failing(rv, _inst, *_args, &_block)
20
+ Sqreen.log.debug { "># #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
21
+ byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
17
22
  end
18
23
  end
19
24
  end
@@ -29,7 +29,7 @@ module Sqreen
29
29
  REQUIRED_SIGNED_KEYS = %w(hookpoint name callbacks conditions).freeze
30
30
  SIGNATURE_KEY = 'signature'.freeze
31
31
  SIGNATURE_VALUE_KEY = 'value'.freeze
32
- SIGNED_KEYS_KEY = 'signed_keys'.freeze
32
+ SIGNED_KEYS_KEY = 'keys'.freeze
33
33
  SIGNATURE_VERSION = 'v0_9'.freeze
34
34
  PUBLIC_KEY = <<-END.gsub(/^ */, '').freeze
35
35
  -----BEGIN PUBLIC KEY-----
@@ -114,14 +114,14 @@ module Sqreen
114
114
  raise Sqreen::Exception, 'no signature found' unless sigs
115
115
 
116
116
  sig = sigs[SIGNATURE_VERSION]
117
- msg = "signature #{SIGNATURE_VERSION} not found"
117
+ msg = "signature #{SIGNATURE_VERSION} not found (#{sigs})"
118
118
  raise Sqreen::Exception, msg unless sig
119
119
 
120
120
  sig_value = sig[SIGNATURE_VALUE_KEY]
121
121
  raise Sqreen::Exception, 'no signature value found' unless sig_value
122
122
 
123
123
  signed_keys = sig[SIGNED_KEYS_KEY]
124
- raise Sqreen::Exception, 'no signed keys found' unless signed_keys
124
+ raise Sqreen::Exception, "no signed keys found (#{sig})" unless signed_keys
125
125
 
126
126
  inc = Set.new(signed_keys).superset?(Set.new(@required_signed_keys))
127
127
  raise Sqreen::Exception, 'signed keys miss equired keys' unless inc
@@ -130,6 +130,8 @@ module Sqreen
130
130
  end
131
131
 
132
132
  def verify(hash_rule)
133
+ # Return true if rule signature is correct, else false
134
+
133
135
  signed_keys, sig_value = get_sig_infos_or_fail(hash_rule)
134
136
 
135
137
  norm_str = normalize(hash_rule, signed_keys)
@@ -2,5 +2,5 @@
2
2
  # Please refer to our terms for more information: https://www.sqreen.io/terms.html
3
3
  # Warning This file is auto generated! DO NOT edit.
4
4
  module Sqreen
5
- VERSION = "0.7.01462198090".freeze
5
+ VERSION = "0.7.01464629603".freeze
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.01462198090
4
+ version: 0.7.01464629603
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-02 00:00:00.000000000 Z
11
+ date: 2016-05-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: execjs
@@ -137,7 +137,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
137
137
  version: '0'
138
138
  requirements: []
139
139
  rubyforge_project:
140
- rubygems_version: 2.6.2
140
+ rubygems_version: 2.6.4
141
141
  signing_key:
142
142
  specification_version: 4
143
143
  summary: Sqreen Ruby agent