sqreen 1.9.2 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +5 -5
  2. data/lib/sqreen-alt.rb +1 -0
  3. data/lib/sqreen/rules_callbacks/execjs.rb +23 -4
  4. data/lib/sqreen/shared_storage.rb +5 -6
  5. data/lib/sqreen/version.rb +1 -1
  6. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: e18e5e4043a3cb2cfa23b0de7e196fb36b2cb180
4
- data.tar.gz: 62cc6f1b5b08aa6b01b9401085dea466e45bb2bc
2
+ SHA256:
3
+ metadata.gz: db75e03bbaf0ff955d869f7e5fea1dd06d911ef363fe85b875befbabc147c948
4
+ data.tar.gz: 118223689c18fa3627f901b857c67c0309d6f17a5b4eeffdf631da37d801bebf
5
5
  SHA512:
6
- metadata.gz: 0217afc0de67b065771e9cb102b94c12c6885ffd27031043f96fc14af7754b0f25a845c1a44a69b7dc5ef798f72300a4fc657aea583dab71398ebae01ad75c30
7
- data.tar.gz: 929ae4a93889afb4ec576932c7e92993c9e52385f247d2bab928796ae6cb07037ccfad1fe42d53d459918f1024460003f5c74b0aa30d46ad1900c0cfedee23b1
6
+ metadata.gz: cba1b32cb6753e60442e7f17a3b4e8267f978e37552303dec79cb92e429958b3815d9f7c18bda5dd72b4db7bca923ab6e6cafb062fb1194b952bfee977585c7a
7
+ data.tar.gz: 6c73b78873835a36ba2b69ef8ac01b06927b138622a9c082690fa45d65c06d5a65f5234da28d6b9928850d107d269428742406b1cd05534ee1bdcec742773d35
data/lib/sqreen-alt.rb ADDED
@@ -0,0 +1 @@
1
+ require "sqreen"
data/lib/sqreen/rules_callbacks/execjs.rb CHANGED
@@ -3,8 +3,15 @@
3
3
 
4
4
  if defined?(::JRUBY_VERSION)
5
5
  require 'rhino'
6
+ SQREEN_V8_THREAD = false
6
7
  else
7
- require 'therubyracer'
8
+ begin
9
+ require 'mini_racer'
10
+ SQREEN_V8_THREAD = true
11
+ rescue LoadError
12
+ require 'therubyracer'
13
+ SQREEN_V8_THREAD = false
14
+ end
8
15
  end
9
16
 
10
17
  require 'execjs'
@@ -32,7 +39,9 @@ module Sqreen
32
39
  end
33
40
 
34
41
  build_runnable(callbacks)
35
- @compiled = ExecJS.compile(@source)
42
+ if !SQREEN_V8_THREAD
43
+ @compiled = ExecJS.compile(@source)
44
+ end
36
45
  @restrict_max_depth = 20
37
46
  end
38
47
 
@@ -122,7 +131,10 @@ module Sqreen
122
131
  end)] = ret[k] end
123
132
  record_event(ret[:record]) unless ret[:record].nil?
124
133
  unless ret['observations'].nil?
125
- ret['observations'].each { |obs| record_observation(*obs) }
134
+ ret['observations'].each do |obs|
135
+ obs[3] = Time.parse(obs[3]) if obs.size >= 3 && obs[3].is_a?(String)
136
+ record_observation(*obs)
137
+ end
126
138
  end
127
139
  return !ret[:call].nil?
128
140
  else
@@ -131,6 +143,9 @@ module Sqreen
131
143
  end
132
144
 
133
145
  def call_callback(name, inst, args, rv = nil)
146
+ if SQREEN_V8_THREAD
147
+ Thread.current["SQREEN_EXECJS_SOURCE#{self.object_id}"] ||= ExecJS.compile(@source)
148
+ end
134
149
  ret = nil
135
150
  args_override = nil
136
151
  arguments = nil
@@ -140,7 +155,11 @@ module Sqreen
140
155
  end
141
156
  arguments = restrict(name, arguments) if @conditions.key?(name)
142
157
  Sqreen.log.debug { [name, arguments].inspect }
143
- ret = @compiled.call(name, *arguments)
158
+ if SQREEN_V8_THREAD
159
+ ret = Thread.current["SQREEN_EXECJS_SOURCE#{self.object_id}"].call(name, *arguments)
160
+ else
161
+ ret = @compiled.call(name, *arguments)
162
+ end
144
163
  unless record_and_continue?(ret)
145
164
  return nil if ret.nil?
146
165
  return advise_action(ret[:status], ret)
data/lib/sqreen/shared_storage.rb CHANGED
@@ -3,22 +3,21 @@
3
3
 
4
4
  module Sqreen
5
5
  module SharedStorage
6
- @@shared = {}
7
6
 
8
7
  def self::get(key, default = nil)
9
- h = @@shared[Thread.current]
8
+ h = Thread.current["SQREEN_SHARED_STORAGE_#{self.object_id}"]
10
9
  return h.fetch(key, default) if h
11
10
  default
12
11
  end
13
12
 
14
13
  def self::set(key, obj)
15
- main_key = Thread.current
16
- @@shared[main_key] = {} unless @@shared.key? main_key
17
- @@shared[main_key][key] = obj
14
+ Thread.current["SQREEN_SHARED_STORAGE_#{self.object_id}"] ||= {}
15
+ Thread.current["SQREEN_SHARED_STORAGE_#{self.object_id}"][key] = obj
18
16
  end
19
17
 
20
18
  def self.clear
21
- @@shared.delete(Thread.current)
19
+ return unless Thread.current["SQREEN_SHARED_STORAGE_#{self.object_id}"].is_a?(Hash)
20
+ Thread.current["SQREEN_SHARED_STORAGE_#{self.object_id}"].clear
22
21
  end
23
22
 
24
23
  def self.inc(value)
data/lib/sqreen/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # Copyright (c) 2015 Sqreen. All Rights Reserved.
2
2
  # Please refer to our terms for more information: https://www.sqreen.io/terms.html
3
3
  module Sqreen
4
- VERSION = '1.9.2'.freeze
4
+ VERSION = '1.10.0'.freeze
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.9.2
4
+ version: 1.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-02-06 00:00:00.000000000 Z
11
+ date: 2018-02-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: execjs
@@ -48,6 +48,7 @@ files:
48
48
  - CODE_OF_CONDUCT.md
49
49
  - README.md
50
50
  - Rakefile
51
+ - lib/sqreen-alt.rb
51
52
  - lib/sqreen.rb
52
53
  - lib/sqreen/attack_detected.html
53
54
  - lib/sqreen/binding_accessor.rb
@@ -140,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
140
141
  version: '0'
141
142
  requirements: []
142
143
  rubyforge_project:
143
- rubygems_version: 2.6.12
144
+ rubygems_version: 2.7.5
144
145
  signing_key:
145
146
  specification_version: 4
146
147
  summary: Sqreen Ruby agent