sqreen 0.7.01462198090-java → 0.7.01464629603-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c894685dce5beefefaf5c48a1eb62a45f16ce2a0
-  data.tar.gz: 034caa13665675561c4880d67b2073d5d843e042
+  metadata.gz: 80d1d023f3b57ae372f03c67e2c916663a500a8c
+  data.tar.gz: 7006f4103e6e1e99677dbb21d13c2f3dbe540bd0
 SHA512:
-  metadata.gz: 9b6aba627699858a45b971466f4d84521c021e92d51bf80de24facacd0e5d2a25425a9de147cd83fa07ff23709af3b56d7efc53b0931361eedf8faf1afc91492
-  data.tar.gz: 0b326706836e3bd162064ab8d3aca7d0085b79a893c90d8f35ffff6bc367bf718454ab5f705bd2bee012a6b3634ad5012dd519ad0d3082ccd1546a61b95d7b8b
+  metadata.gz: db99bc6d2b7c52f0f684cf18bbea98ec51c51c026cfdaea40a44260eec7921d25ef75772f6b2046259116d1f18fcdc57ce45731664058fd4b000a42b791eb061
+  data.tar.gz: 57c54f89c94d734227840c3392035550bb83910c698f551c749e90dc3214c7d01e55865cdfa4e6ea9ee60127fd22e0860dfd26c44187413b726e31d4fe93f1f3

data/lib/sqreen/condition_evaluator.rb

@@ -41,11 +41,28 @@ class ConditionEvaluator
         return false if hval.respond_to?(:empty?) && hval.empty?
         v = hval.to_s
         return false if v.size < min_value_size
-        value.to_s.include?(v)
+        ConditionEvaluator.str_include?(value.to_s, v)
       end
     end
   end
 
+  # Test is a str contains what. Rencode if necessary
+  def self.str_include?(str, what)
+    str1 = if str.encoding != Encoding::UTF_8
+             str.encode(Encoding::UTF_8, :invalid => :replace,
+                                         :undef => :replace)
+           else
+             str
+           end
+    str2 = if what.encoding != Encoding::UTF_8
+             what.encode(Encoding::UTF_8, :invalid => :replace,
+                                          :undef => :replace)
+           else
+             what
+           end
+    str1.include?(str2)
+  end
+
   # Initialize evaluator
   # @param cond [Hash] condition Hash
   def initialize(cond)
@@ -156,7 +173,11 @@ class ConditionEvaluator
                unless res[0].respond_to?(:include?)
                  raise(Sqreen::Exception, "no include on res #{res[0].inspect}")
                end
-               res[0].include?(res[1])
+               if res[0].is_a?(String)
+                 ConditionEvaluator.str_include?(res[0], res[1])
+               else
+                 res[0].include?(res[1])
+               end
              when HASH_INC_OPERATOR
                ConditionEvaluator.hash_val_include?(res[0], res[1], res[2])
              else

data/lib/sqreen/exception.rb

@@ -28,4 +28,7 @@ module Sqreen
 
   class NotImplementedYet < Exception
   end
+
+  class InvalidSignatureException < Exception
+  end
 end

data/lib/sqreen/instrumentation.rb

@@ -483,7 +483,7 @@ module Sqreen
       if Sqreen.features['rules_signature']         &&
          Sqreen.config_get(:rules_verify_signature) &&
          !defined?(::JRUBY_VERSION)
-        verifier = Sqreen::RulesSignature.new
+        verifier = Sqreen::SqreenSignedVerifier.new
       else
         Sqreen.log.debug('Rules signature is not enabled')
       end

data/lib/sqreen/rules.rb

@@ -44,7 +44,9 @@ module Sqreen
     # @param verifier      [SqreenSignedVerifier] Signed verifier
     def self::cb_from_rule(hash_rule, metrics_store = nil, verifier = nil)
       # Check rules signature
-      verifier.verify(hash_rule) if verifier
+      if verifier
+        raise InvalidSignatureException unless verifier.verify(hash_rule)
+      end
 
       hook = hash_rule[Attrs::HOOKPOINT]
       klass = hook[Attrs::KLASS]

data/lib/sqreen/rules_callbacks/execjs.rb

@@ -75,6 +75,9 @@ module Sqreen
                                      k
                                    end)] = ret[k] end
           record_event(ret[:record]) unless ret[:record].nil?
+          unless ret['observations'].nil?
+            ret['observations'].each { |obs| record_observation(*obs) }
+          end
           return !ret[:call].nil?
         else
           raise Sqreen::Exception, "Invalid return type #{ret.inspect}"

data/lib/sqreen/rules_callbacks/headers_insert.rb

@@ -5,14 +5,16 @@ require 'sqreen/rule_callback'
 
 module Sqreen
   module Rules
-    SQREEN_HEADER_NAME = 'X-Protected-By'.freeze
-    SQREEN_HEADER_VALUE = 'Sqreen'.freeze
-
     # Display sqreen presence
     class HeadersInsertCB < RuleCB
       def post(rv, _inst, *_args, &_block)
         return unless rv && rv.respond_to?(:[]) && rv[1].is_a?(Hash)
-        rv[1][SQREEN_HEADER_NAME] = SQREEN_HEADER_VALUE
+        return nil unless @data
+        headers = @data['values'] || []
+        return if headers.empty?
+        headers.each do |name, value|
+          rv[1][name] = value
+        end
         nil
       end
     end

data/lib/sqreen/rules_callbacks/inspect_rule.rb

@@ -8,12 +8,17 @@ module Sqreen
     class InspectRuleCB < RuleCB
       def pre(_inst, *args, &_block)
         Sqreen.log.debug { "<< #{@klass} #{@method} #{Thread.current}" }
-        Sqreen.log.debug { args.join ' ' }
+        Sqreen.log.debug { args.map(&:inspect).join(' ') }
       end
 
-      def post(_rv, _inst, *_args, &_block)
-        Sqreen.log.debug { ">> #{@klass} #{@method} #{Thread.current}" }
-        byebug if defined? byebug and @data.is_a?(Hash) and @data[:break] == 1
+      def post(rv, _inst, *_args, &_block)
+        Sqreen.log.debug { ">> #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
+        byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
+      end
+
+      def failing(rv, _inst, *_args, &_block)
+        Sqreen.log.debug { "># #{rv.inspect} #{@klass} #{@method} #{Thread.current}" }
+        byebug if defined? byebug && @data.is_a?(Hash) && @data[:break] == 1
       end
     end
   end

data/lib/sqreen/rules_signature.rb

@@ -29,7 +29,7 @@ module Sqreen
     REQUIRED_SIGNED_KEYS = %w(hookpoint name callbacks conditions).freeze
     SIGNATURE_KEY        = 'signature'.freeze
     SIGNATURE_VALUE_KEY  = 'value'.freeze
-    SIGNED_KEYS_KEY      = 'signed_keys'.freeze
+    SIGNED_KEYS_KEY      = 'keys'.freeze
     SIGNATURE_VERSION    = 'v0_9'.freeze
     PUBLIC_KEY           = <<-END.gsub(/^ */, '').freeze
     -----BEGIN PUBLIC KEY-----
@@ -114,14 +114,14 @@ module Sqreen
       raise Sqreen::Exception, 'no signature found' unless sigs
 
       sig = sigs[SIGNATURE_VERSION]
-      msg = "signature #{SIGNATURE_VERSION} not found"
+      msg = "signature #{SIGNATURE_VERSION} not found (#{sigs})"
       raise Sqreen::Exception, msg unless sig
 
       sig_value = sig[SIGNATURE_VALUE_KEY]
       raise Sqreen::Exception, 'no signature value found' unless sig_value
 
       signed_keys = sig[SIGNED_KEYS_KEY]
-      raise Sqreen::Exception, 'no signed keys found' unless signed_keys
+      raise Sqreen::Exception, "no signed keys found (#{sig})" unless signed_keys
 
       inc = Set.new(signed_keys).superset?(Set.new(@required_signed_keys))
       raise Sqreen::Exception, 'signed keys miss equired keys' unless inc
@@ -130,6 +130,8 @@ module Sqreen
     end
 
     def verify(hash_rule)
+      # Return true if rule signature is correct, else false
+
       signed_keys, sig_value = get_sig_infos_or_fail(hash_rule)
 
       norm_str = normalize(hash_rule, signed_keys)

data/lib/sqreen/version.rb

@@ -2,5 +2,5 @@
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 # Warning This file is auto generated! DO NOT edit.
 module Sqreen
-  VERSION = "0.7.01462198090".freeze
+  VERSION = "0.7.01464629603".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 0.7.01462198090
+  version: 0.7.01464629603
 platform: java
 authors:
 - Sqreen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-05-02 00:00:00.000000000 Z
+date: 2016-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: execjs
@@ -136,7 +136,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.2
+rubygems_version: 2.6.4
 signing_key:
 specification_version: 4
 summary: Sqreen Ruby agent