sqreen 0.7.01462198090 → 0.7.01464629603
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/sqreen/condition_evaluator.rb +23 -2
- data/lib/sqreen/exception.rb +3 -0
- data/lib/sqreen/instrumentation.rb +1 -1
- data/lib/sqreen/rules.rb +3 -1
- data/lib/sqreen/rules_callbacks/execjs.rb +3 -0
- data/lib/sqreen/rules_callbacks/headers_insert.rb +6 -4
- data/lib/sqreen/rules_callbacks/inspect_rule.rb +9 -4
- data/lib/sqreen/rules_signature.rb +5 -3
- data/lib/sqreen/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 192a7661d705323a2231c73cb7101a28e183c54e
|
4
|
+
data.tar.gz: 8ee71b4f23eecf8156755c3ce2e228f49a355d8c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9cc79b500fc8f2ad8e22f2e464982420677b32a70189f08c50a48341bd0bcc80e29f131eda961344875bc9df305263300ccd067cbd834ddce8fc288b7c4e9947
|
7
|
+
data.tar.gz: 8825f4ef858f66786b55f80ee7287f6274341a372a2ac6cf7707c354b0a3293953a20237c45ef00a832d587b7ddba8a507b388aa7de9583ec7f48d0f3f716f9d
|
@@ -41,11 +41,28 @@ class ConditionEvaluator
|
|
41
41
|
return false if hval.respond_to?(:empty?) && hval.empty?
|
42
42
|
v = hval.to_s
|
43
43
|
return false if v.size < min_value_size
|
44
|
-
value.to_s
|
44
|
+
ConditionEvaluator.str_include?(value.to_s, v)
|
45
45
|
end
|
46
46
|
end
|
47
47
|
end
|
48
48
|
|
49
|
+
# Test is a str contains what. Rencode if necessary
|
50
|
+
def self.str_include?(str, what)
|
51
|
+
str1 = if str.encoding != Encoding::UTF_8
|
52
|
+
str.encode(Encoding::UTF_8, :invalid => :replace,
|
53
|
+
:undef => :replace)
|
54
|
+
else
|
55
|
+
str
|
56
|
+
end
|
57
|
+
str2 = if what.encoding != Encoding::UTF_8
|
58
|
+
what.encode(Encoding::UTF_8, :invalid => :replace,
|
59
|
+
:undef => :replace)
|
60
|
+
else
|
61
|
+
what
|
62
|
+
end
|
63
|
+
str1.include?(str2)
|
64
|
+
end
|
65
|
+
|
49
66
|
# Initialize evaluator
|
50
67
|
# @param cond [Hash] condition Hash
|
51
68
|
def initialize(cond)
|
@@ -156,7 +173,11 @@ class ConditionEvaluator
|
|
156
173
|
unless res[0].respond_to?(:include?)
|
157
174
|
raise(Sqreen::Exception, "no include on res #{res[0].inspect}")
|
158
175
|
end
|
159
|
-
res[0].
|
176
|
+
if res[0].is_a?(String)
|
177
|
+
ConditionEvaluator.str_include?(res[0], res[1])
|
178
|
+
else
|
179
|
+
res[0].include?(res[1])
|
180
|
+
end
|
160
181
|
when HASH_INC_OPERATOR
|
161
182
|
ConditionEvaluator.hash_val_include?(res[0], res[1], res[2])
|
162
183
|
else
|
data/lib/sqreen/exception.rb
CHANGED
@@ -483,7 +483,7 @@ module Sqreen
|
|
483
483
|
if Sqreen.features['rules_signature'] &&
|
484
484
|
Sqreen.config_get(:rules_verify_signature) &&
|
485
485
|
!defined?(::JRUBY_VERSION)
|
486
|
-
verifier = Sqreen::
|
486
|
+
verifier = Sqreen::SqreenSignedVerifier.new
|
487
487
|
else
|
488
488
|
Sqreen.log.debug('Rules signature is not enabled')
|
489
489
|
end
|
data/lib/sqreen/rules.rb
CHANGED
@@ -44,7 +44,9 @@ module Sqreen
|
|
44
44
|
# @param verifier [SqreenSignedVerifier] Signed verifier
|
45
45
|
def self::cb_from_rule(hash_rule, metrics_store = nil, verifier = nil)
|
46
46
|
# Check rules signature
|
47
|
-
|
47
|
+
if verifier
|
48
|
+
raise InvalidSignatureException unless verifier.verify(hash_rule)
|
49
|
+
end
|
48
50
|
|
49
51
|
hook = hash_rule[Attrs::HOOKPOINT]
|
50
52
|
klass = hook[Attrs::KLASS]
|
@@ -75,6 +75,9 @@ module Sqreen
|
|
75
75
|
k
|
76
76
|
end)] = ret[k] end
|
77
77
|
record_event(ret[:record]) unless ret[:record].nil?
|
78
|
+
unless ret['observations'].nil?
|
79
|
+
ret['observations'].each { |obs| record_observation(*obs) }
|
80
|
+
end
|
78
81
|
return !ret[:call].nil?
|
79
82
|
else
|
80
83
|
raise Sqreen::Exception, "Invalid return type #{ret.inspect}"
|
@@ -5,14 +5,16 @@ require 'sqreen/rule_callback'
|
|
5
5
|
|
6
6
|
module Sqreen
|
7
7
|
module Rules
|
8
|
-
SQREEN_HEADER_NAME = 'X-Protected-By'.freeze
|
9
|
-
SQREEN_HEADER_VALUE = 'Sqreen'.freeze
|
10
|
-
|
11
8
|
# Display sqreen presence
|
12
9
|
class HeadersInsertCB < RuleCB
|
13
10
|
def post(rv, _inst, *_args, &_block)
|
14
11
|
return unless rv && rv.respond_to?(:[]) && rv[1].is_a?(Hash)
|
15
|
-
|
12
|
+
return nil unless @data
|
13
|
+
headers = @data['values'] || []
|
14
|
+
return if headers.empty?
|
15
|
+
headers.each do |name, value|
|
16
|
+
rv[1][name] = value
|
17
|
+
end
|
16
18
|
nil
|
17
19
|
end
|
18
20
|
end
|
@@ -8,12 +8,17 @@ module Sqreen
|
|
8
8
|
class InspectRuleCB < RuleCB
|
9
9
|
def pre(_inst, *args, &_block)
|
10
10
|
Sqreen.log.debug { "<< #{@klass} #{@method} #{Thread.current}" }
|
11
|
-
Sqreen.log.debug { args.join
|
11
|
+
Sqreen.log.debug { args.map(&:inspect).join(' ') }
|
12
12
|
end
|
13
13
|
|
14
|
-
def post(
|
15
|
-
Sqreen.log.debug { ">> #{@klass} #{@method} #{Thread.current}" }
|
16
|
-
byebug if defined? byebug
|
14
|
+
def post(rv, _inst, *_args, &_block)
|
15
|
+
Sqreen.log.debug { ">> #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
|
16
|
+
byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
|
17
|
+
end
|
18
|
+
|
19
|
+
def failing(rv, _inst, *_args, &_block)
|
20
|
+
Sqreen.log.debug { "># #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
|
21
|
+
byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
|
17
22
|
end
|
18
23
|
end
|
19
24
|
end
|
@@ -29,7 +29,7 @@ module Sqreen
|
|
29
29
|
REQUIRED_SIGNED_KEYS = %w(hookpoint name callbacks conditions).freeze
|
30
30
|
SIGNATURE_KEY = 'signature'.freeze
|
31
31
|
SIGNATURE_VALUE_KEY = 'value'.freeze
|
32
|
-
SIGNED_KEYS_KEY = '
|
32
|
+
SIGNED_KEYS_KEY = 'keys'.freeze
|
33
33
|
SIGNATURE_VERSION = 'v0_9'.freeze
|
34
34
|
PUBLIC_KEY = <<-END.gsub(/^ */, '').freeze
|
35
35
|
-----BEGIN PUBLIC KEY-----
|
@@ -114,14 +114,14 @@ module Sqreen
|
|
114
114
|
raise Sqreen::Exception, 'no signature found' unless sigs
|
115
115
|
|
116
116
|
sig = sigs[SIGNATURE_VERSION]
|
117
|
-
msg = "signature #{SIGNATURE_VERSION} not found"
|
117
|
+
msg = "signature #{SIGNATURE_VERSION} not found (#{sigs})"
|
118
118
|
raise Sqreen::Exception, msg unless sig
|
119
119
|
|
120
120
|
sig_value = sig[SIGNATURE_VALUE_KEY]
|
121
121
|
raise Sqreen::Exception, 'no signature value found' unless sig_value
|
122
122
|
|
123
123
|
signed_keys = sig[SIGNED_KEYS_KEY]
|
124
|
-
raise Sqreen::Exception,
|
124
|
+
raise Sqreen::Exception, "no signed keys found (#{sig})" unless signed_keys
|
125
125
|
|
126
126
|
inc = Set.new(signed_keys).superset?(Set.new(@required_signed_keys))
|
127
127
|
raise Sqreen::Exception, 'signed keys miss equired keys' unless inc
|
@@ -130,6 +130,8 @@ module Sqreen
|
|
130
130
|
end
|
131
131
|
|
132
132
|
def verify(hash_rule)
|
133
|
+
# Return true if rule signature is correct, else false
|
134
|
+
|
133
135
|
signed_keys, sig_value = get_sig_infos_or_fail(hash_rule)
|
134
136
|
|
135
137
|
norm_str = normalize(hash_rule, signed_keys)
|
data/lib/sqreen/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sqreen
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.7.
|
4
|
+
version: 0.7.01464629603
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sqreen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-05-
|
11
|
+
date: 2016-05-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: execjs
|
@@ -137,7 +137,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
137
137
|
version: '0'
|
138
138
|
requirements: []
|
139
139
|
rubyforge_project:
|
140
|
-
rubygems_version: 2.6.
|
140
|
+
rubygems_version: 2.6.4
|
141
141
|
signing_key:
|
142
142
|
specification_version: 4
|
143
143
|
summary: Sqreen Ruby agent
|