sqreen 1.1.01481108064-java → 1.1.11481117869-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/sqreen/events/attack.rb +1 -0
- data/lib/sqreen/events/remote_exception.rb +1 -0
- data/lib/sqreen/frameworks/generic.rb +45 -1
- data/lib/sqreen/frameworks/rails.rb +16 -11
- data/lib/sqreen/payload_creator.rb +28 -1
- data/lib/sqreen/rule_callback.rb +5 -0
- data/lib/sqreen/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0380f38a3af0fbb87e91fb92c71261300ac8e705
|
4
|
+
data.tar.gz: e26603f5e01edd06550f54bb66ae4b202b24e5fc
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b274e896a689f03dbc034ee62ffb06761dfa7361665606bd7d31261a8fdfcc978361e832ad221ab2ceaf767a99eeb7b2bd49b6727b6c578b0c0d545795b48e1e
|
7
|
+
data.tar.gz: 5de74d338c25967869f36a2f6a6da4700d342ea544b0c3db30d7738bc0d0f0cfd490322e12e4f1a35964712f2e6338a817266243888848156fe8946807aaebaa
|
data/lib/sqreen/events/attack.rb
CHANGED
@@ -2,6 +2,9 @@
|
|
2
2
|
# Please refer to our terms for more information: https://www.sqreen.io/terms.html
|
3
3
|
|
4
4
|
require 'sqreen/events/remote_exception'
|
5
|
+
require 'sqreen/callbacks'
|
6
|
+
require 'sqreen/exception'
|
7
|
+
require 'sqreen/log'
|
5
8
|
|
6
9
|
module Sqreen
|
7
10
|
module Frameworks
|
@@ -33,14 +36,49 @@ module Sqreen
|
|
33
36
|
}
|
34
37
|
end
|
35
38
|
|
39
|
+
def ip_headers
|
40
|
+
req = request
|
41
|
+
return [] unless req
|
42
|
+
ips = []
|
43
|
+
%w(HTTP_X_FORWARDED_FOR HTTP_CLIENT_IP HTTP_X_REAL_IP HTTP_X_FORWARDED
|
44
|
+
HTTP_X_CLUSTER_CLIENT_IP HTTP_FORWARDED_FOR HTTP_FORWARDED HTTP_VIA
|
45
|
+
REMOTE_ADDR).each do |header|
|
46
|
+
v = req.env[header]
|
47
|
+
ips << [header, v] unless v.nil?
|
48
|
+
end
|
49
|
+
ips << ['rack.ip', req.ip] if req.respond_to?(:ip)
|
50
|
+
ips
|
51
|
+
end
|
52
|
+
|
53
|
+
# What is the current client IP as seen by rack
|
54
|
+
def rack_client_ip
|
55
|
+
req = request
|
56
|
+
return nil unless req
|
57
|
+
return req.ip if req.respond_to?(:ip)
|
58
|
+
req.env['REMOTE_ADDR']
|
59
|
+
end
|
60
|
+
|
61
|
+
# Sourced from rack:Request#trusted_proxy?
|
62
|
+
TRUSTED_PROXIES = /\A127\.0\.0\.1\Z|\A(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|\A::1\Z|\Afd[0-9a-f]{2}:.+|\Alocalhost\Z|\Aunix\Z|\Aunix:/i
|
63
|
+
|
36
64
|
# What is the current client IP
|
37
65
|
def client_ip
|
38
66
|
req = request
|
39
67
|
return nil unless req
|
40
|
-
|
68
|
+
forwarded = req.env['HTTP_X_FORWARDED_FOR']
|
69
|
+
ips = split_ip_addresses(forwarded)
|
70
|
+
last = ips.reject { |ip| ip =~ TRUSTED_PROXIES }.first
|
71
|
+
return last unless last.nil?
|
41
72
|
req.env['REMOTE_ADDR']
|
42
73
|
end
|
43
74
|
|
75
|
+
# Get a header by name
|
76
|
+
def header(name)
|
77
|
+
req = request
|
78
|
+
return nil unless req
|
79
|
+
req.env[name]
|
80
|
+
end
|
81
|
+
|
44
82
|
def hostname
|
45
83
|
req = request
|
46
84
|
return nil unless req
|
@@ -277,6 +315,12 @@ module Sqreen
|
|
277
315
|
@cannot_load_rack = true
|
278
316
|
false
|
279
317
|
end
|
318
|
+
|
319
|
+
private
|
320
|
+
|
321
|
+
def split_ip_addresses(ip_addresses)
|
322
|
+
ip_addresses ? ip_addresses.strip.split(/[,\s]+/) : []
|
323
|
+
end
|
280
324
|
end
|
281
325
|
end
|
282
326
|
end
|
@@ -38,19 +38,24 @@ module Sqreen
|
|
38
38
|
[db_type, db_infos]
|
39
39
|
end
|
40
40
|
|
41
|
-
def
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
41
|
+
def ip_headers
|
42
|
+
ret = super
|
43
|
+
remote_ip = rails_client_ip
|
44
|
+
ret << ['action_dispatch.remote_ip', remote_ip] unless remote_ip.nil?
|
45
|
+
ret
|
46
|
+
end
|
47
|
+
|
48
|
+
# What is the current client IP as seen by rails
|
49
|
+
def rails_client_ip
|
50
|
+
req = request
|
51
|
+
return unless req && req.env
|
52
|
+
remote_ip = req.env['action_dispatch.remote_ip']
|
53
|
+
return unless remote_ip
|
46
54
|
# FIXME: - this exist only since Rails 3.2.1
|
47
55
|
# http://apidock.com/rails/v3.2.1/ActionDispatch/RemoteIp/GetIp/calculate_ip
|
48
|
-
if remote_ip.respond_to?(:calculate_ip)
|
49
|
-
|
50
|
-
|
51
|
-
# This might not return the same value as calculate IP
|
52
|
-
return remote_ip.to_s
|
53
|
-
end
|
56
|
+
return remote_ip.calculate_ip if remote_ip.respond_to?(:calculate_ip)
|
57
|
+
# This might not return the same value as calculate IP
|
58
|
+
remote_ip.to_s
|
54
59
|
end
|
55
60
|
|
56
61
|
def request_id
|
@@ -46,7 +46,7 @@ module Sqreen
|
|
46
46
|
if subsection == true
|
47
47
|
return base.merge!(key => full_section(key, framework, rule))
|
48
48
|
end
|
49
|
-
return base if subsection.
|
49
|
+
return base if subsection.empty?
|
50
50
|
base[key] = fields(key, framework, rule)
|
51
51
|
base
|
52
52
|
end
|
@@ -54,6 +54,7 @@ module Sqreen
|
|
54
54
|
FULL_SECTIONS = {
|
55
55
|
'request' => 'request_infos',
|
56
56
|
'params' => 'filtered_request_params',
|
57
|
+
'headers' => 'ip_headers',
|
57
58
|
'local' => 'local_infos',
|
58
59
|
}.freeze
|
59
60
|
|
@@ -72,6 +73,7 @@ module Sqreen
|
|
72
73
|
'rails' => 'rails_params',
|
73
74
|
},
|
74
75
|
'rule' => {},
|
76
|
+
'headers' => {},
|
75
77
|
'context' => {
|
76
78
|
'backtrace' => 'get_current_backtrace',
|
77
79
|
},
|
@@ -81,12 +83,15 @@ module Sqreen
|
|
81
83
|
return RuntimeInfos if section == 'local'
|
82
84
|
return rule if section == 'rule'
|
83
85
|
return Context.new if section == 'context'
|
86
|
+
return HeaderSection.new(framework) if section == 'headers'
|
84
87
|
framework
|
85
88
|
end
|
86
89
|
|
87
90
|
def full_section(section, framework, rule)
|
88
91
|
return section_rule(framework, rule) if section == 'rule'
|
89
92
|
return section_context(framework, rule) if section == 'context'
|
93
|
+
# fast path prevent initializing a HeaderSection
|
94
|
+
return framework.ip_headers if section == 'headers'
|
90
95
|
so = section_object(section, framework, rule)
|
91
96
|
so.send(FULL_SECTIONS[section])
|
92
97
|
end
|
@@ -128,5 +133,27 @@ module Sqreen
|
|
128
133
|
'test' => rule['test'],
|
129
134
|
}
|
130
135
|
end
|
136
|
+
|
137
|
+
# object that default to call on framework header
|
138
|
+
class HeaderSection
|
139
|
+
def initialize(framework)
|
140
|
+
@framework = framework
|
141
|
+
end
|
142
|
+
|
143
|
+
def [](value)
|
144
|
+
if %w(rack_client_ip rails_client_ip ip_headers).include?(value)
|
145
|
+
return @framework.send(value)
|
146
|
+
end
|
147
|
+
@framework.header(value)
|
148
|
+
end
|
149
|
+
|
150
|
+
def ip_headers
|
151
|
+
@framework.ip_headers
|
152
|
+
end
|
153
|
+
end
|
154
|
+
|
155
|
+
def section_headers(framework)
|
156
|
+
HeaderSection.new(framework)
|
157
|
+
end
|
131
158
|
end
|
132
159
|
end
|
data/lib/sqreen/rule_callback.rb
CHANGED
@@ -90,6 +90,11 @@ module Sqreen
|
|
90
90
|
rescue => e
|
91
91
|
Sqreen.log.debug("No framework client_ip #{e}")
|
92
92
|
end
|
93
|
+
begin
|
94
|
+
payload['headers'] = framework.ip_headers
|
95
|
+
rescue => e
|
96
|
+
Sqreen.log.debug("No framework ip_headers #{e}")
|
97
|
+
end
|
93
98
|
RemoteException.record(payload)
|
94
99
|
end
|
95
100
|
end
|
data/lib/sqreen/version.rb
CHANGED