sqreen 1.11.3 → 1.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3e8eff78019936af7f34aba50cc99778250b703abf40045b13d3656dcb905804
-  data.tar.gz: 39ad12dfbe8dc9429ed66b2015e2e8aaa6383ecd5eb90dbe9221a35c38fcf0b5
+  metadata.gz: 867b430d86c473c22fcad2e5531c5ee70078ffa45201e8e4e906127e854eaf84
+  data.tar.gz: e8ba868e3b21824963da46dde7abbf171f17cb83732af65599fb84eaa4181245
 SHA512:
-  metadata.gz: 9737911ca8cfa2fb17bc88454c47d28134e7f923a5490abab57be7d63d852842f5ca457b83a90d28a38b34baac09a099d42dd66d8cbd116fe1127511d3b7b6d6
-  data.tar.gz: 95e83d374c1e68d8085ae09538669b6a6a42ab84e461faf7620090154127bd1dd69bf80ed7a25a45d1b9aa338816b8e9e7425752346b7e25771c06de099c71e1
+  metadata.gz: 98d5d2879397613f82ead509e0dc352ab7c139c8e045f0e64d4f2f8938b3c992264e4053e6b1d001af7f2131593bf319d45882235388b417d48c9cf88a337093
+  data.tar.gz: c0ee0912af909dd7fa94db71a5480215dc36e4e2c3cd6471dae61b0ee888763c63e10fa385027957d0d7c17e34c47aa96968225be3a4ebe8f04fbe044b2ad0ab

data/lib/sqreen/actions.rb

@@ -0,0 +1,203 @@
+# Copyright (c) 2018 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'ipaddr'
+require 'sqreen/log'
+require 'sqreen/exception'
+require 'sqreen/sdk'
+require 'sqreen/frameworks'
+
+module Sqreen
+  # Implements actions (behavior taken in response to agent signals)
+  module Actions
+    # Exception for when an unknown action type is gotten from the server
+    class UnknownActionType < ::Sqreen::Exception
+      attr_reader :action_type
+      def initialize(action_type)
+        super("no such action type: #{action_type}. Must be one of #{Base.known_types}")
+        @action_type = action_type
+      end
+    end
+
+    # Where the currently loaded actions are stored. Singleton
+    class Repository
+      include Singleton
+
+      def initialize
+        @actions = {} # indexed by subclass
+        @actions.default_proc = proc { |h, k| h[k] = [] }
+      end
+
+      def <<(action)
+        @actions[action.class] << action
+      end
+
+      def [](action_class)
+        @actions[action_class]
+      end
+
+      def clear
+        @actions.clear
+      end
+    end
+
+    # @return [Sqreen::Actions::Base]
+    def self.deserialize_action(hash)
+      action_type = hash['action']
+      raise 'no action type available' unless action_type
+
+      subclass = Base.get_type_class(action_type)
+      raise UnknownActionType, action_type unless subclass
+
+      id = hash['action_id']
+      raise 'no action id available' unless id
+
+      duration = hash['duration']
+      if !duration.nil? && duration <= 0
+        Sqreen.log.debug "Action #{id} is already expired"
+        return nil
+      end
+
+      subclass.new(id, duration, hash['parameters'] || {})
+    end
+
+    class Base
+      attr_reader :id, :expiry
+
+      def initialize(id, duration)
+        @id = id
+        @expiry = Time.new + duration unless duration.nil?
+      end
+
+      # See Sqreen::CB for return values
+      def run(*args)
+        return if expiry && Time.new > expiry
+        ret = do_run *args
+        unless ret.nil?
+          Sqreen.internal_track(event_name,
+                                'properties' => event_properties(*args).
+                                  merge('action_id' => id))
+        end
+        ret
+      end
+
+      protected
+
+      def do_run(*_args)
+        raise ::Sqreen::NotImplementedYet, "do_run not implemented in #{self.class}"
+        # implement in subclasses
+      end
+
+      def event_properties(*_run_args)
+        raise ::Sqreen::NotImplementedYet, "event_properties not implemented in #{self.class}"
+        # implement in subclasses
+      end
+
+      private
+
+      def event_name
+        "sq.action.#{self.class.type_name}"
+      end
+
+      @@subclasses = {}
+      class << self
+        private :new
+
+        attr_reader :type_name
+
+        def get_type_class(name)
+          @@subclasses[name]
+        end
+
+        def known_types
+          @@subclasses.keys
+        end
+
+        def inherited(subclass)
+          class << subclass
+            public :new
+          end
+        end
+
+        protected
+
+        def type_name=(name)
+          @type_name = name
+          @@subclasses[name] = self
+        end
+      end
+    end
+
+    module IpRanges
+      attr_reader :ranges
+
+      def parse_ip_ranges(params)
+        ranges = params['ip_cidr']
+        unless ranges && ranges.is_a?(Array) && !ranges.empty?
+          raise 'no non-empty ip_cidr array present'
+        end
+
+        @ranges = ranges.map &IPAddr.method(:new)
+      end
+
+      def matches_ip?(client_ip)
+        parsed_ip = IPAddr.new client_ip
+        found = ranges.find { |r| r.include? parsed_ip }
+        return false unless found
+
+        Sqreen.log.debug("Client ip #{client_ip} matches #{found.inspect}")
+        true
+      end
+    end
+
+    # Block a list of IP address ranges. Standard "raise" behavior.
+    class BlockIp < Base
+      include IpRanges
+      self.type_name = 'block_ip'
+
+      def initialize(id, duration, params = {})
+        super(id, duration)
+        parse_ip_ranges params
+      end
+
+      def do_run(client_ip)
+        return nil unless matches_ip? client_ip
+        e = Sqreen::AttackBlocked.new("Blocked client's IP (action: #{id}). No action is required")
+        { :status => :raise, :exception => e }
+      end
+
+      def event_properties(client_ip)
+        { 'ip_address' => client_ip }
+      end
+    end
+
+    # Block a list of IP address ranges by forcefully redirecting the user
+    # to a specific URL.
+    class RedirectIp < Base
+      include IpRanges
+      self.type_name = 'redirect_ip'
+
+      attr_reader :redirect_url
+
+      def initialize(id, duration, params = {})
+        super(id, duration)
+        @redirect_url = params['url']
+        raise "no url provided for action #{id}" unless @redirect_url
+        parse_ip_ranges params
+      end
+
+      def do_run(client_ip)
+        return nil unless matches_ip? client_ip
+        Sqreen.log.info "Will request redirect for client with IP #{client_ip} (action: #{id}). "
+        {
+          :status => :skip,
+          :new_return_value => [303, { 'Location' => @redirect_url }, ['']],
+        }
+      end
+
+      def event_properties(client_ip)
+        { 'ip_address' => client_ip, 'url' => @redirect_url }
+      end
+    end
+  end
+end

data/lib/sqreen/binding_accessor.rb

@@ -9,13 +9,14 @@ module Sqreen
   # the value located at the given binding
   class BindingAccessor
     PathElem = Struct.new(:kind, :value)
-    attr_reader :path, :expression, :final_transform
+    attr_reader :path, :expression, :final_transform, :transform_args
 
     # Expression to be accessed
     # @param expression [String] expression to read
     # @param convert [Boolean] wheter to convert objects to
     #                          simpler types (Array, Hash, String...)
     def initialize(expression, convert = false)
+      @transform_args = []
       @final_transform = nil
       @expression = expression
       @path = []
@@ -41,6 +42,19 @@ module Sqreen
       value
     end
 
+    # implement eql? and hash for uniq
+    def hash
+      expression.hash ^ @convert.hash
+    end
+
+    def eql?(other)
+      self.class == other.class &&
+        expression == other.expression &&
+        @convert == other.instance_variable_get('@convert')
+    end
+
+    alias == eql?
+
     protected
 
     STRING_KIND = 'string'.freeze
@@ -138,8 +152,17 @@ module Sqreen
       parts.join('|').rstrip
     end
 
+    TRANSFORM_ARGS_REGEXP = /\(([^)]*)\)\z/
     def final_transform=(transform)
       transform.strip!
+
+      transform.sub!(TRANSFORM_ARGS_REGEXP, '')
+      @transform_args = if Regexp.last_match
+                          Regexp.last_match(1).split(/,\s*/)
+                        else
+                          []
+                        end
+
       unless KNOWN_TRANSFORMS.include?(transform)
         raise Sqreen::Exception, "Invalid transform #{transform}"
       end
@@ -277,12 +300,58 @@ module Sqreen
         end
         values
       end
-    end
+
+      def concat_keys_and_values(value, max_size = nil)
+        return nil if value.nil?
+        values = Set.new
+        max_size = max_size.to_i if max_size
+        res = ''
+        descend(value) do |x|
+          next unless values.add?(x)
+          x = x.to_s
+          return res if max_size && res.size + x.size + 1 > max_size
+          res << "\n" unless res.empty?
+          res << x
+        end
+        res
+      end
+
+      private
+
+      def descend(value, max_iter = 1000)
+        seen = Set.new
+        look_into = [value]
+        idx = 0
+        until look_into.empty? || max_iter <= idx
+          idx += 1
+          val = look_into.pop
+
+          case val
+          when Hash
+            next unless seen.add?(val.object_id)
+            look_into.concat(val.keys)
+            look_into.concat(val.values)
+          when Array
+            next unless seen.add?(val.object_id)
+            look_into.concat(val)
+          else
+            next if val.respond_to?(:seek)
+            if val.respond_to?(:each)
+              next unless seen.add?(val.object_id)
+              val.each { |v| look_into << v }
+            else
+              yield val
+            end
+          end
+        end
+      end
+    end # end module Transforms
+
     include Transforms
     KNOWN_TRANSFORMS = Transforms.public_instance_methods.map(&:to_s)
 
     def transform(value)
-      send(@final_transform, value) if @final_transform
+      send(@final_transform, value, *@transform_args) if @final_transform
     end
-  end
+  end # end class BindingAccessor
 end

data/lib/sqreen/callbacks.rb

@@ -109,4 +109,59 @@ module Sqreen
       @block.call
     end
   end
+
+  # Framework-aware callback
+  class FrameworkCB < CB
+    attr_accessor :framework
+
+    def whitelisted?
+      whitelisted = SharedStorage.get(:whitelisted)
+      return whitelisted unless whitelisted.nil?
+      framework && !framework.whitelisted_match.nil?
+    end
+
+    # Record an attack event into Sqreen system
+    # @param infos [Hash] Additional information about request
+    def record_event(infos, at = Time.now.utc)
+      return unless framework
+      payload = {
+        :infos => infos,
+        :rulespack_id => rulespack_id,
+        :rule_name => rule_name,
+        :test => test,
+        :time => at,
+      }
+      if payload_tpl.include?('context')
+        payload[:backtrace] = Sqreen::Context.new.bt
+      end
+      framework.observe(:attacks, payload, payload_tpl)
+    end
+
+    # Record a metric observation
+    # @param category [String] Name of the metric observed
+    # @param key [String] aggregation key
+    # @param observation [Object] data observed
+    # @param at [Time] time when observation was made
+    def record_observation(category, key, observation, at = Time.now.utc)
+      return unless framework
+      framework.observe(:observations, [category, key, observation, at], [], false)
+    end
+
+    # Record an exception that just occurred
+    # @param exception [Exception] Exception to send over
+    # @param infos [Hash] Additional contextual information
+    def record_exception(exception, infos = {}, at = Time.now.utc)
+      return unless framework
+      payload = {
+        :exception => exception,
+        :infos => infos,
+        :rulespack_id => rulespack_id,
+        :rule_name => rule_name,
+        :test => test,
+        :time => at,
+        :backtrace => exception.backtrace || Sqreen::Context.bt,
+      }
+      framework.observe(:sqreen_exceptions, payload)
+    end
+  end
 end

data/lib/sqreen/deliveries/batch.rb

@@ -68,7 +68,13 @@ module Sqreen
 
       def event_keys(event)
         return [event_key(event)] unless event.is_a?(Sqreen::RequestRecord)
-        event.observed.fetch(:attacks, []).map { |e| "att-#{e[:rule_name]}" } + event.observed.fetch(:sqreen_exceptions, []).map { |e| "rex-#{e[:exception].class}" }
+        res = []
+        res += event.observed.fetch(:attacks, []).map { |e| "att-#{e[:rule_name]}" }
+        res += event.observed.fetch(:sqreen_exceptions, []).map { |e| "rex-#{e[:exception].class}" }
+        res += event.observed.fetch(:sdk, []).select { |e|
+            e[0] == :track
+        }.map { |e| "sdk-track".freeze }
+        return res
       end
 
       def event_key(event)

data/lib/sqreen/instrumentation.rb

@@ -10,6 +10,7 @@ require 'sqreen/events/remote_exception'
 require 'sqreen/rules_signature'
 require 'sqreen/shared_storage'
 require 'sqreen/rules_callbacks/record_request_context'
+require 'sqreen/rules_callbacks/run_req_start_actions'
 require 'set'
 
 # How to override a class method:
@@ -310,6 +311,7 @@ module Sqreen
                 args = ret[:args]
               when :raise, 'raise'
                 Thread.current[:sqreen_in_use] = false
+                raise ret[:exception] if ret.key?(:exception)
                 raise Sqreen::AttackBlocked, "Sqreen blocked a security threat (type: #{ret[:rule_name]}). No action is required."
               end
             end
@@ -659,9 +661,16 @@ module Sqreen
 
     attr_accessor :metrics_engine
 
+    # @return [Array<Sqreen::CB>]
+    def hardcoded_callbacks(framework)
+      [
+        Sqreen::Rules::RunReqStartActions.new(framework)
+      ]
+    end
+
     # Instrument the application code using the rules
     # @param rules [Array<Hash>] Rules to instrument
-    # @param metrics_engine [MetricsStore] Metric storage facility
+    # @param framework [Sqreen::Frameworks::GenericFramework]
     def instrument!(rules, framework)
       verifier = nil
       if Sqreen.features['rules_signature'] &&
@@ -671,13 +680,18 @@ module Sqreen
       else
         Sqreen.log.debug('Rules signature is not enabled')
       end
+
       remove_all_callbacks # Force cb tree to be empty before instrumenting
+
       rules.each do |rule|
         rcb = Sqreen::Rules.cb_from_rule(rule, self, metrics_engine, verifier)
         next unless rcb
         rcb.framework = framework
         add_callback(rcb)
       end
+
+      hardcoded_callbacks(framework).each { |cb| add_callback(cb) }
+
       Sqreen.instrumentation_ready = true
     end
 

data/lib/sqreen/remote_command.rb

@@ -10,6 +10,7 @@ module Sqreen
       :instrumentation_enable => :setup_instrumentation,
       :instrumentation_remove => :remove_instrumentation,
       :rules_reload => :reload_rules,
+      :actions_reload => :reload_actions,
       :features_get => :features,
       :features_change => :change_features,
       :force_logout => :shutdown,
@@ -19,6 +20,14 @@ module Sqreen
       :performance_budget => :change_performance_budget,
     }.freeze
 
+    # wraps output returned by a command that should also result in status: false
+    class FailureOutput
+      attr_reader :wrapped_output
+      def initialize(output)
+        @wrapped_output = output
+      end
+    end
+
     attr_reader :uuid
 
     def initialize(json_desc)
@@ -83,11 +92,13 @@ module Sqreen
     def format_output(output)
       case output
       when NilClass
-        return { :status => false, :reason => 'nil returned' }
+        { :status => false, :reason => 'nil returned' }
       when TrueClass
-        return { :status => true }
+        { :status => true }
+      when FailureOutput
+        { :status => false, :output => output.wrapped_output }
       else
-        return { :status => true, :output => output }
+        { :status => true, :output => output }
       end
     end
   end

data/lib/sqreen/rule_callback.rb

@@ -14,7 +14,7 @@ require 'sqreen/payload_creator'
 module Sqreen
   module Rules
     # Base class for callback that are initialized by rules from Sqreen
-    class RuleCB < CB
+    class RuleCB < FrameworkCB
       include Conditionable
       include CallCountable
       # If nothing was asked by the rule we will ask for all sections available
@@ -23,7 +23,6 @@ module Sqreen
       attr_reader :test
       attr_reader :payload_tpl
       attr_reader :block
-      attr_accessor :framework
 
       # @params klass [String] class instrumented
       # @params method [String] method that was instrumented
@@ -48,12 +47,6 @@ module Sqreen
         @rule[Attrs::RULESPACK_ID]
       end
 
-      def whitelisted?
-        whitelisted = SharedStorage.get(:whitelisted)
-        return whitelisted unless whitelisted.nil?
-        framework && !framework.whitelisted_match.nil?
-      end
-
       # Recommend taking an action (optionnally adding more data/context)
       #
       # This will format the requested action and optionnally
@@ -63,50 +56,6 @@ module Sqreen
         additional_data.merge(:status => action)
       end
 
-      # Record an attack event into Sqreen system
-      # @param infos [Hash] Additional information about request
-      def record_event(infos, at = Time.now.utc)
-        return unless framework
-        payload = {
-          :infos => infos,
-          :rulespack_id => rulespack_id,
-          :rule_name => rule_name,
-          :test => test,
-          :time => at,
-        }
-        if payload_tpl.include?('context')
-          payload[:backtrace] = Sqreen::Context.new.bt
-        end
-        framework.observe(:attacks, payload, payload_tpl)
-      end
-
-      # Record a metric observation
-      # @param category [String] Name of the metric observed
-      # @param key [String] aggregation key
-      # @param observation [Object] data observed
-      # @param at [Time] time when observation was made
-      def record_observation(category, key, observation, at = Time.now.utc)
-        return unless framework
-        framework.observe(:observations, [category, key, observation, at], [], false)
-      end
-
-      # Record an exception that just occurred
-      # @param exception [Exception] Exception to send over
-      # @param infos [Hash] Additional contextual information
-      def record_exception(exception, infos = {}, at = Time.now.utc)
-        return unless framework
-        payload = {
-          :exception => exception,
-          :infos => infos,
-          :rulespack_id => rulespack_id,
-          :rule_name => rule_name,
-          :test => test,
-          :time => at,
-          :backtrace => exception.backtrace || Sqreen::Context.bt,
-        }
-        framework.observe(:sqreen_exceptions, payload)
-      end
-
       def overtime!
         return false unless @overtimeable
         Sqreen.log.debug { "rulecb #{self} is overtime!" }

data/lib/sqreen/rules_callbacks/run_req_start_actions.rb

@@ -0,0 +1,61 @@
+# Copyright (c) 2018 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'sqreen/rule_callback'
+require 'sqreen/actions'
+require 'sqreen/middleware'
+
+module Sqreen
+  module Rules
+    # Runs actions concerned with whether the request ought to be served
+    class RunReqStartActions < FrameworkCB
+      def initialize(framework)
+        if defined?(Sqreen::Frameworks::SinatraFramework) &&
+           framework.is_a?(Sqreen::Frameworks::SinatraFramework)
+          super(Sinatra::ExtendedRack, :call)
+        elsif defined?(Sqreen::Frameworks::RailsFramework) &&
+              framework.is_a?(Sqreen::Frameworks::RailsFramework)
+          super(Sqreen::RailsMiddleware, :call)
+        else
+          # last resort; we won't get nice errors
+          super(Sqreen::Middleware, :call)
+        end
+
+        self.framework = framework
+      end
+
+      def whitelisted?
+        whitelisted = SharedStorage.get(:whitelisted)
+        return whitelisted unless whitelisted.nil?
+        framework && !framework.whitelisted_match.nil?
+      end
+
+      def pre(_inst, _args, _budget = nil, &_block)
+        return unless framework
+        ip = framework.client_ip
+        return unless ip
+
+        actions = actions_repo[Sqreen::Actions::BlockIp] +
+                  actions_repo[Sqreen::Actions::RedirectIp]
+
+        actions.each do |act|
+          res = run_client_ip_action(act, ip)
+          return res unless res.nil?
+        end
+        nil
+      end
+
+      private
+
+      # @param action [Sqreen::Actions::Base]
+      def run_client_ip_action(action, client_ip)
+        action.run client_ip
+      end
+
+      # @return [Sqreen::Actions::Repository]
+      def actions_repo
+        Sqreen::Actions::Repository.instance
+      end
+    end
+  end
+end

data/lib/sqreen/runner.rb

@@ -214,6 +214,7 @@ module Sqreen
     def remove_instrumentation(_context_infos = {})
       Sqreen.log.debug 'removing instrumentation'
       instrumenter.remove_all_callbacks
+      Sqreen::Actions::Repository.instance.clear
       true
     end
 
@@ -221,12 +222,43 @@ module Sqreen
       Sqreen.log.debug 'Reloading rules'
       rulespack_id, rules = load_rules
       instrumenter.remove_all_callbacks
+      Sqreen::Actions::Repository.instance.clear
 
       @framework.instrument_when_ready!(instrumenter, rules)
       Sqreen.log.debug 'Rules reloaded'
       rulespack_id.to_s
     end
 
+    def reload_actions(_context_infos = {})
+      Sqreen.log.debug 'Reloading actions'
+
+      data = session.get_actionspack
+
+      unless data.respond_to?(:[]) && data['status']
+        Sqreen.log.warn('Could not load actions')
+        return RemoteCommand::FailureOutput.new(
+          :error => 'Could not load actions from /actionspack'
+        )
+      end
+
+      action_hashes = data['actions']
+      unless action_hashes.respond_to? :each
+        Sqreen.log.warn('No action definitions in response')
+        return RemoteCommand::FailureOutput.new(
+          :error => 'No action definitions in response'
+        )
+      end
+      Sqreen.log.debug("Loading actions from hashes #{action_hashes}")
+
+      unsupported = load_actions(action_hashes)
+
+      if unsupported.empty?
+        true
+      else
+        RemoteCommand::FailureOutput.new(:unsupported_actions => unsupported.to_a)
+      end
+    end
+
     def process_commands(commands, context_infos = {})
       return if commands.nil? || commands.empty?
       res = RemoteCommand.process_list(self, commands, context_infos)
@@ -380,5 +412,32 @@ module Sqreen
         end
       end
     end
+
+    private
+
+    def load_actions(hashes)
+      unsupported = Set.new
+
+      actions = hashes.map do |h|
+        begin
+          Sqreen::Actions.deserialize_action(h)
+        rescue Sqreen::Actions::UnknownActionType => e
+          Sqreen.log.warn("Unsupported action type: #{e.action_type}")
+          unsupported << e.action_type
+          nil
+        rescue => e
+          raise Sqreen::Exception, "Invalid action hash: #{h}: #{e.message}"
+        end
+      end
+
+      actions = actions.reject(&:nil?)
+      Sqreen.log.debug("Will add #{actions.size} valid actions")
+
+      repos = Sqreen::Actions::Repository.instance
+      repos.clear
+      actions.each { |action| repos << action }
+
+      unsupported
+    end
   end
 end

data/lib/sqreen/sdk.rb

@@ -3,6 +3,10 @@
 
 # Sqreen Namespace
 module Sqreen
+
+  SDK_RESERVED_PREFIX = 'sq.'.freeze
+  TRACK_PAYLOAD_DATA = ['request'.freeze, 'params'.freeze, 'headers'.freeze].freeze
+
   # Sqreen SDK
   class << self
     # Authentication tracking method
@@ -18,5 +22,35 @@ module Sqreen
         [], false
       )
     end
+
+    def track(event_name, options = {})
+      return unless Sqreen.framework
+      if event_name.start_with? SDK_RESERVED_PREFIX
+        Sqreen.log.warn("Event names starting with '#{SDK_RESERVED_PREFIX}' " \
+                        'are reserved. Event ignored.')
+        return false
+      end
+      internal_track(event_name, options)
+    end
+
+    # For internal usage. Users are to call track() instead.
+    def internal_track(event_name, options = {})
+      properties = options[:properties]
+      authentication_keys = options[:user_identifiers]
+      timestamp = options[:timestamp] || Time.now.utc
+      # Not in SDK v0
+      # request = options[:request]
+
+      args = {}
+      args[:authentication_keys] = authentication_keys if authentication_keys
+      args[:properties] = properties if properties
+
+      Sqreen.framework.observe(
+        :sdk,
+        [:track, timestamp, event_name, :args => args],
+        TRACK_PAYLOAD_DATA, true
+      )
+      true
+    end
   end
 end

data/lib/sqreen/session.rb

@@ -159,8 +159,9 @@ module Sqreen
 
     def do_http_request(method, path, data, headers = {}, max_retry = 2)
       connect unless connected?
+      now = Time.now.utc
       headers['X-Session-Key'] = @session_id if @session_id
-      headers['X-Sqreen-Time'] = Time.now.utc.to_f.to_s
+      headers['X-Sqreen-Time'] = now.to_f.to_s
       headers['User-Agent'] = "sqreen-ruby/#{Sqreen::VERSION}"
       headers['X-Sqreen-Beta'] = format('pid=%d;tid=%s;nb=%d;t=%f',
                                         Process.pid,
@@ -206,7 +207,7 @@ module Sqreen
           Sqreen.log.debug 'warning: empty return value'
         end
       end
-      Sqreen.log.debug format('%s %s (DONE)', method, path)
+      Sqreen.log.debug format('%s %s (DONE in %f ms)', method, path, (Time.now.utc - now) * 1000)
       res
     end
 
@@ -264,6 +265,10 @@ module Sqreen
                                'dependencies' => dependencies)
     end
 
+    def get_actionspack
+      resilient_get('actionspack')
+    end
+
     def post_request_record(request_record)
       resilient_post('request_record', request_record.to_hash)
     end

data/lib/sqreen/version.rb

@@ -1,5 +1,5 @@
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 module Sqreen
-  VERSION = '1.11.3'.freeze
+  VERSION = '1.12.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.11.3
+  version: 1.12.0
 platform: ruby
 authors:
 - Sqreen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-26 00:00:00.000000000 Z
+date: 2018-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: execjs
@@ -50,6 +50,7 @@ files:
 - Rakefile
 - lib/sqreen-alt.rb
 - lib/sqreen.rb
+- lib/sqreen/actions.rb
 - lib/sqreen/attack_detected.html
 - lib/sqreen/binding_accessor.rb
 - lib/sqreen/ca.crt
@@ -110,6 +111,7 @@ files:
 - lib/sqreen/rules_callbacks/record_request_context.rb
 - lib/sqreen/rules_callbacks/reflected_xss.rb
 - lib/sqreen/rules_callbacks/regexp_rule.rb
+- lib/sqreen/rules_callbacks/run_req_start_actions.rb
 - lib/sqreen/rules_callbacks/shell_env.rb
 - lib/sqreen/rules_callbacks/url_matches.rb
 - lib/sqreen/rules_callbacks/user_agent_matches.rb