sqreen 1.1.01481108064 → 1.1.11481117869

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 14f43047a82b107e83bb4f1dc4faeb6e18c5c26a
-  data.tar.gz: fced6caae53e2f2f386b3611c3b04062a22df365
+  metadata.gz: 91392d998d033e2ad340e87c9fc4d6da258c7bfb
+  data.tar.gz: a8fffe09a9eed7a0394abe65bbd7ab228fc33025
 SHA512:
-  metadata.gz: af1b8f425526b0d3b9f16f4721d2372db2a8da8e34459468d1c134486645fea133e2058f6c31348575abef79e35aa0b625f16c44e0c4adf6221306877e8f8d05
-  data.tar.gz: 63cdd3407aad616fba7260e85be92003adab9d25cb4f76b5e27bedf9ac17ea39c5b934011fb88b00cd95ed2a2b52d91cbbc11340bc219be5df3edb9a42dd28fa
+  metadata.gz: 039484cddbbc0081a71107265af61c7e1d809d34252eba7635316ce8e294d000686909f034f10d377307256705bf43f444b776e430b2349651a717f13c003fe5
+  data.tar.gz: a95939c4986594a0eee6403b6995df008446514f89f257113f1afc63fa69cea6c97c5360e3dfc5e61c97e5cc9bfc9aa2a932030a4151fa49c5dd92bc72eee380

data/lib/sqreen/events/attack.rb

@@ -54,6 +54,7 @@ module Sqreen
       res[:request]      = request_p              if request_p
       res[:params]       = payload['params']      if payload['params']
       res[:context]      = payload['context']     if payload['context']
+      res[:headers]      = payload['headers']     if payload['headers']
       res
     end
   end

data/lib/sqreen/events/remote_exception.rb

@@ -40,6 +40,7 @@ module Sqreen
           :client_ip => payload['client_ip'],
         },
         :request => payload['request_infos'],
+        :headers => payload['headers'],
         :rule_name => payload['rule_name'],
         :rulespack_id => payload['rulespack_id'],
       }

data/lib/sqreen/frameworks/generic.rb

@@ -2,6 +2,9 @@
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 
 require 'sqreen/events/remote_exception'
+require 'sqreen/callbacks'
+require 'sqreen/exception'
+require 'sqreen/log'
 
 module Sqreen
   module Frameworks
@@ -33,14 +36,49 @@ module Sqreen
         }
       end
 
+      def ip_headers
+        req = request
+        return [] unless req
+        ips = []
+        %w(HTTP_X_FORWARDED_FOR HTTP_CLIENT_IP HTTP_X_REAL_IP HTTP_X_FORWARDED
+           HTTP_X_CLUSTER_CLIENT_IP HTTP_FORWARDED_FOR HTTP_FORWARDED HTTP_VIA
+           REMOTE_ADDR).each do |header|
+          v = req.env[header]
+          ips << [header, v] unless v.nil?
+        end
+        ips << ['rack.ip', req.ip] if req.respond_to?(:ip)
+        ips
+      end
+
+      # What is the current client IP as seen by rack
+      def rack_client_ip
+        req = request
+        return nil unless req
+        return req.ip if req.respond_to?(:ip)
+        req.env['REMOTE_ADDR']
+      end
+
+      # Sourced from rack:Request#trusted_proxy?
+      TRUSTED_PROXIES = /\A127\.0\.0\.1\Z|\A(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|\A::1\Z|\Afd[0-9a-f]{2}:.+|\Alocalhost\Z|\Aunix\Z|\Aunix:/i
+
       # What is the current client IP
       def client_ip
         req = request
         return nil unless req
-        return req.ip if req.respond_to?(:ip)
+        forwarded = req.env['HTTP_X_FORWARDED_FOR']
+        ips = split_ip_addresses(forwarded)
+        last = ips.reject { |ip| ip =~ TRUSTED_PROXIES }.first
+        return last unless last.nil?
         req.env['REMOTE_ADDR']
       end
 
+      # Get a header by name
+      def header(name)
+        req = request
+        return nil unless req
+        req.env[name]
+      end
+
       def hostname
         req = request
         return nil unless req
@@ -277,6 +315,12 @@ module Sqreen
         @cannot_load_rack = true
         false
       end
+
+      private
+
+      def split_ip_addresses(ip_addresses)
+        ip_addresses ? ip_addresses.strip.split(/[,\s]+/) : []
+      end
     end
   end
 end

data/lib/sqreen/frameworks/rails.rb

@@ -38,19 +38,24 @@ module Sqreen
         [db_type, db_infos]
       end
 
-      def client_ip
-        request = SharedStorage.get :request
-        return unless request && request.env
-        remote_ip = request.env['action_dispatch.remote_ip']
-        return super unless remote_ip
+      def ip_headers
+        ret = super
+        remote_ip = rails_client_ip
+        ret << ['action_dispatch.remote_ip', remote_ip] unless remote_ip.nil?
+        ret
+      end
+
+      # What is the current client IP as seen by rails
+      def rails_client_ip
+        req = request
+        return unless req && req.env
+        remote_ip = req.env['action_dispatch.remote_ip']
+        return unless remote_ip
         # FIXME: - this exist only since Rails 3.2.1
         # http://apidock.com/rails/v3.2.1/ActionDispatch/RemoteIp/GetIp/calculate_ip
-        if remote_ip.respond_to?(:calculate_ip)
-          return remote_ip.calculate_ip
-        else
-          # This might not return the same value as calculate IP
-          return remote_ip.to_s
-        end
+        return remote_ip.calculate_ip if remote_ip.respond_to?(:calculate_ip)
+        # This might not return the same value as calculate IP
+        remote_ip.to_s
       end
 
       def request_id

data/lib/sqreen/payload_creator.rb

@@ -46,7 +46,7 @@ module Sqreen
       if subsection == true
         return base.merge!(key => full_section(key, framework, rule))
       end
-      return base if subsection.size == 0
+      return base if subsection.empty?
       base[key] = fields(key, framework, rule)
       base
     end
@@ -54,6 +54,7 @@ module Sqreen
     FULL_SECTIONS = {
       'request' => 'request_infos',
       'params' => 'filtered_request_params',
+      'headers' => 'ip_headers',
       'local' => 'local_infos',
     }.freeze
 
@@ -72,6 +73,7 @@ module Sqreen
         'rails' => 'rails_params',
       },
       'rule' => {},
+      'headers' => {},
       'context' => {
         'backtrace' => 'get_current_backtrace',
       },
@@ -81,12 +83,15 @@ module Sqreen
       return RuntimeInfos if section == 'local'
       return rule if section == 'rule'
       return Context.new if section == 'context'
+      return HeaderSection.new(framework) if section == 'headers'
       framework
     end
 
     def full_section(section, framework, rule)
       return section_rule(framework, rule) if section == 'rule'
       return section_context(framework, rule) if section == 'context'
+      # fast path prevent initializing a HeaderSection
+      return framework.ip_headers if section == 'headers'
       so = section_object(section, framework, rule)
       so.send(FULL_SECTIONS[section])
     end
@@ -128,5 +133,27 @@ module Sqreen
         'test' => rule['test'],
       }
     end
+
+    # object that default to call on framework header
+    class HeaderSection
+      def initialize(framework)
+        @framework = framework
+      end
+
+      def [](value)
+        if %w(rack_client_ip rails_client_ip ip_headers).include?(value)
+          return @framework.send(value)
+        end
+        @framework.header(value)
+      end
+
+      def ip_headers
+        @framework.ip_headers
+      end
+    end
+
+    def section_headers(framework)
+      HeaderSection.new(framework)
+    end
   end
 end

data/lib/sqreen/rule_callback.rb

@@ -90,6 +90,11 @@ module Sqreen
         rescue => e
           Sqreen.log.debug("No framework client_ip #{e}")
         end
+        begin
+          payload['headers'] = framework.ip_headers
+        rescue => e
+          Sqreen.log.debug("No framework ip_headers #{e}")
+        end
         RemoteException.record(payload)
       end
     end

data/lib/sqreen/version.rb

@@ -2,5 +2,5 @@
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 # Warning This file is auto generated! DO NOT edit.
 module Sqreen
-  VERSION = "1.1.01481108064".freeze
+  VERSION = "1.1.11481117869".freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.1.01481108064
+  version: 1.1.11481117869
 platform: ruby
 authors:
 - Sqreen