sqreen 1.10.3-java → 1.10.4-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/sqreen/instrumentation.rb +61 -4
- data/lib/sqreen/rules_signature.rb +16 -2
- data/lib/sqreen/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c301ecad1e0f0566670a74f1bacc71970d1b0e0e82d7063fb44f28387220e45a
|
|
4
|
+
data.tar.gz: 17ca88d0b156a29acb03356a7d88181cdfa462b371d457778e9afe2b169a68a8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7ec990100f7eccbe5c222a1861b34ba8b90205614a549dbed3bb0d47c0548b3209cae89ceb8b68ef0bd422ed01294db94b270fd2e29abe0e300082a8669b8a37
|
|
7
|
+
data.tar.gz: cc5196a0dc30538f78cfce9eac0937ebf68ebc2f83f957aacb43983a14b4ac7ecbbbc1f9bd21a69113fe48a294ba7c2ad1ef7eab16b6ec992d109a10a59d8a43
|
|
@@ -176,10 +176,29 @@ module Sqreen
|
|
|
176
176
|
end
|
|
177
177
|
end
|
|
178
178
|
|
|
179
|
+
def self.guard_multi_call(instance, method, original_method, args, block)
|
|
180
|
+
@sqreen_multi_instr ||= nil
|
|
181
|
+
key = [method]
|
|
182
|
+
Instrumentation.guard_call(nil, :guard_multi_call) do
|
|
183
|
+
args.each{|e| key.push(e.object_id)}
|
|
184
|
+
end
|
|
185
|
+
if key && @sqreen_multi_instr && @sqreen_multi_instr[instance.object_id].member?(key)
|
|
186
|
+
return instance.send(original_method, *args, &block)
|
|
187
|
+
end
|
|
188
|
+
@sqreen_multi_instr ||= Hash.new {|h, k| h[k]=Set.new } # TODO this should probably be a thread local
|
|
189
|
+
@sqreen_multi_instr[instance.object_id].add(key)
|
|
190
|
+
r = yield
|
|
191
|
+
return r
|
|
192
|
+
ensure
|
|
193
|
+
if @sqreen_multi_instr && @sqreen_multi_instr[instance.object_id] && @sqreen_multi_instr[instance.object_id].delete(key).empty?
|
|
194
|
+
@sqreen_multi_instr.delete(instance.object_id)
|
|
195
|
+
end
|
|
196
|
+
end
|
|
197
|
+
|
|
179
198
|
def self.guard_call(method, retval)
|
|
180
199
|
@sqreen_in_instr ||= nil
|
|
181
200
|
return retval if @sqreen_in_instr && @sqreen_in_instr.member?(method)
|
|
182
|
-
@sqreen_in_instr ||= Set.new
|
|
201
|
+
@sqreen_in_instr ||= Set.new # TODO this should probably be a thread local
|
|
183
202
|
@sqreen_in_instr.add(method)
|
|
184
203
|
r = yield
|
|
185
204
|
@sqreen_in_instr.delete(method)
|
|
@@ -197,6 +216,7 @@ module Sqreen
|
|
|
197
216
|
end
|
|
198
217
|
return send(original_meth, *args, &block)
|
|
199
218
|
end
|
|
219
|
+
Instrumentation.guard_multi_call(self, meth, original_meth, args, block) do
|
|
200
220
|
Sqreen.stats.callbacks_calls += 1
|
|
201
221
|
|
|
202
222
|
skip = false
|
|
@@ -271,6 +291,7 @@ module Sqreen
|
|
|
271
291
|
result
|
|
272
292
|
end
|
|
273
293
|
end
|
|
294
|
+
end
|
|
274
295
|
end
|
|
275
296
|
|
|
276
297
|
def override_class_method(klass, meth)
|
|
@@ -325,8 +346,8 @@ module Sqreen
|
|
|
325
346
|
end
|
|
326
347
|
end
|
|
327
348
|
|
|
328
|
-
def get_saved_method_name(meth)
|
|
329
|
-
"#{meth}_not_modified".to_sym
|
|
349
|
+
def get_saved_method_name(meth, suffix=nil)
|
|
350
|
+
"#{meth}_sq#{suffix}_not_modified".to_sym
|
|
330
351
|
end
|
|
331
352
|
|
|
332
353
|
def override_instance_method(klass_name, meth)
|
|
@@ -403,6 +424,30 @@ module Sqreen
|
|
|
403
424
|
is_instance_method?(obj, method)
|
|
404
425
|
end
|
|
405
426
|
|
|
427
|
+
# Override a singleton method on an instance
|
|
428
|
+
def override_singleton_method(instance, klass_name, meth)
|
|
429
|
+
saved_meth_name = get_saved_method_name(meth, 'singleton')
|
|
430
|
+
if instance.respond_to?(saved_meth_name, true)
|
|
431
|
+
Sqreen.log.debug { "#{saved_meth_name} found #{instance.class}##{instance.object_id} already instrumented" }
|
|
432
|
+
return nil
|
|
433
|
+
elsif instance.frozen?
|
|
434
|
+
Sqreen.log.debug { "#{instance.class}##{instance.object_id} is frozen, not reinstrumenting" }
|
|
435
|
+
return nil
|
|
436
|
+
end
|
|
437
|
+
raise Sqreen::NotImplementedYet, "#{instance.inspect} doesn't respond to define_singleton_method" unless instance.respond_to?(:define_singleton_method)
|
|
438
|
+
p = Instrumentation.define_callback_method(meth, saved_meth_name,
|
|
439
|
+
klass_name)
|
|
440
|
+
instance.define_singleton_method(saved_meth_name, instance.method(meth))
|
|
441
|
+
instance.define_singleton_method(meth, p)
|
|
442
|
+
# Hide saved method (its only available in this syntax)
|
|
443
|
+
eval <<-RUBY, binding, __FILE__, __LINE__ + 1
|
|
444
|
+
class << instance
|
|
445
|
+
private :#{saved_meth_name}
|
|
446
|
+
end
|
|
447
|
+
saved_meth_name
|
|
448
|
+
RUBY
|
|
449
|
+
end
|
|
450
|
+
|
|
406
451
|
def add_callback(cb)
|
|
407
452
|
@@override_semaphore.synchronize do
|
|
408
453
|
klass = cb.klass
|
|
@@ -427,7 +472,7 @@ module Sqreen
|
|
|
427
472
|
# - method_missing
|
|
428
473
|
# ...
|
|
429
474
|
#
|
|
430
|
-
msg = "#{cb} is neither
|
|
475
|
+
msg = "#{cb} is neither class or instance"
|
|
431
476
|
raise Sqreen::NotImplementedYet, msg
|
|
432
477
|
end
|
|
433
478
|
|
|
@@ -436,6 +481,18 @@ module Sqreen
|
|
|
436
481
|
Sqreen.log.debug "#{key} was already overriden"
|
|
437
482
|
end
|
|
438
483
|
|
|
484
|
+
if klass != Object && klass != Kernel && !Sqreen.features['instrument_all_instances'] && !defined?(::JRUBY_VERSION)
|
|
485
|
+
insts = 0
|
|
486
|
+
ObjectSpace.each_object(klass) do |e|
|
|
487
|
+
next if e.is_a?(Class) || e.is_a?(Module)
|
|
488
|
+
next unless e.singleton_methods.include?(method.to_sym)
|
|
489
|
+
insts += 1 if override_singleton_method(e, klass, method)
|
|
490
|
+
end
|
|
491
|
+
if insts > 0
|
|
492
|
+
Sqreen.log.debug { "Reinstrumented #{insts} instances of #{klass}" }
|
|
493
|
+
end
|
|
494
|
+
end
|
|
495
|
+
|
|
439
496
|
@@registered_callbacks.add(cb)
|
|
440
497
|
@@instrumented_pid = Process.pid
|
|
441
498
|
end
|
|
@@ -7,6 +7,16 @@ require 'set'
|
|
|
7
7
|
require 'openssl'
|
|
8
8
|
require 'base64'
|
|
9
9
|
require 'json'
|
|
10
|
+
if defined?(::JRUBY_VERSION)
|
|
11
|
+
OJ_LOADED = false
|
|
12
|
+
else
|
|
13
|
+
begin
|
|
14
|
+
require "oj"
|
|
15
|
+
OJ_LOADED = true
|
|
16
|
+
rescue LoadError
|
|
17
|
+
OJ_LOADED = false
|
|
18
|
+
end
|
|
19
|
+
end
|
|
10
20
|
|
|
11
21
|
## Rules signature
|
|
12
22
|
module Sqreen
|
|
@@ -25,7 +35,7 @@ module Sqreen
|
|
|
25
35
|
|
|
26
36
|
# Normalize and verify a rule
|
|
27
37
|
class SqreenSignedVerifier
|
|
28
|
-
REQUIRED_SIGNED_KEYS = %w
|
|
38
|
+
REQUIRED_SIGNED_KEYS = %w[hookpoint name callbacks conditions].freeze
|
|
29
39
|
SIGNATURE_KEY = 'signature'.freeze
|
|
30
40
|
SIGNATURE_VALUE_KEY = 'value'.freeze
|
|
31
41
|
SIGNED_KEYS_KEY = 'keys'.freeze
|
|
@@ -42,12 +52,14 @@ module Sqreen
|
|
|
42
52
|
attr_accessor :pub_key
|
|
43
53
|
attr_accessor :required_signed_keys
|
|
44
54
|
attr_accessor :digest
|
|
55
|
+
attr_accessor :use_oj
|
|
45
56
|
|
|
46
57
|
def initialize(required_keys = REQUIRED_SIGNED_KEYS,
|
|
47
58
|
public_key = PUBLIC_KEY,
|
|
48
|
-
digest = OpenSSL::Digest::SHA512.new)
|
|
59
|
+
digest = OpenSSL::Digest::SHA512.new, use_oj_gem = nil)
|
|
49
60
|
@required_signed_keys = required_keys
|
|
50
61
|
@signature_verifier = SignatureVerifier.new(public_key, digest)
|
|
62
|
+
@use_oj = use_oj_gem.nil? ? OJ_LOADED : use_oj_gem
|
|
51
63
|
end
|
|
52
64
|
|
|
53
65
|
def normalize_val(val, level)
|
|
@@ -62,6 +74,7 @@ module Sqreen
|
|
|
62
74
|
end
|
|
63
75
|
"[#{ary.join(',')}]"
|
|
64
76
|
when String, Integer
|
|
77
|
+
return Oj.dump(val, :mode => :compat, :escape_mode => :json) if use_oj
|
|
65
78
|
begin
|
|
66
79
|
JSON.dump(val)
|
|
67
80
|
rescue JSON::GeneratorError
|
|
@@ -76,6 +89,7 @@ module Sqreen
|
|
|
76
89
|
def normalize_key(key)
|
|
77
90
|
case key
|
|
78
91
|
when String, Integer
|
|
92
|
+
return Oj.dump(key, :mode => :compat, :escape_mode => :json) if use_oj
|
|
79
93
|
begin
|
|
80
94
|
JSON.dump(key)
|
|
81
95
|
rescue JSON::GeneratorError
|
data/lib/sqreen/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sqreen
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.10.
|
|
4
|
+
version: 1.10.4
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Sqreen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-02-
|
|
11
|
+
date: 2018-02-20 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: execjs
|