sqreen 1.13.2 → 1.13.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/sqreen/configuration.rb +2 -0
  3. data/lib/sqreen/events/request_record.rb +33 -0
  4. data/lib/sqreen/frameworks/generic.rb +2 -0
  5. data/lib/sqreen/rules_callbacks/reflected_xss.rb +2 -1
  6. data/lib/sqreen/version.rb +1 -1
  7. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9cc15db540d04e2f69f67dc7d0f8b94ef4ab5815177c9fd198690c2d5e1238c8
4
- data.tar.gz: 6e525c6bc24a2663fcef4d18995cf773d1e82af006d00d5c6953151c4f374216
3
+ metadata.gz: 67667de7c101298b439e12b54ab0a2572dce27cec1e60237e9baa54b2f3791fb
4
+ data.tar.gz: b689401bd7b0bc4731d93a511e458f1aec7bd0257c7f318090278962597be245
5
5
  SHA512:
6
- metadata.gz: 5a12c3aec3897301e0b16d1505d1580ceb5fe24b0111b2047026fd83ce7a330bae2655b7eb333545cb6ed9c262593415e48146a5820c772efa2fe59189e5eee5
7
- data.tar.gz: e04823e167597aa34782c8c5b29843f8d642b72d9d9e66a2d56bc3cd598d2bea432b4fa438fb05694316fb543f4ce8c2a1425baff6466eafcdab9248038231b2
6
+ metadata.gz: c2b627b8d752c78eb16a9a0a9ea050b0bf6c59b2a99dd86568c30d8926bf10d60f9ebc62ee241267c187c47f2621bae275f5bcce7ffb15779ae42570df61de51
7
+ data.tar.gz: c272f746230f351ce74f3fd6d7b7118cf4dcebf0f6f0fc5a38a64cedbfbfee07f21c9d5f577d1c36a9b8264b4bbb92d06ea99cd9776ff47a35415f6f5791e2f0
data/lib/sqreen/configuration.rb CHANGED
@@ -51,6 +51,8 @@ module Sqreen
51
51
  :default => nil },
52
52
  { :env => :SQREEN_IP_HEADER, :name => :ip_header,
53
53
  :default => nil },
54
+ { :env => :SQREEN_STRIP_SENSITIVE_DATA, :name => :strip_sensitive_data,
55
+ :default => true, :convert => :to_bool },
54
56
 
55
57
  ].freeze
56
58
 
data/lib/sqreen/events/request_record.rb CHANGED
@@ -52,8 +52,14 @@ module Sqreen
52
52
  else
53
53
  res[:request] = {}
54
54
  end
55
+
55
56
  res[:request][:parameters] = payload['params'] if payload['params']
56
57
  res[:request][:headers] = payload['headers'] if payload['headers']
58
+
59
+ if Sqreen.config_get(:strip_sensitive_data)
60
+ res[:request] = SensitiveDataRedactor.redact(res[:request])
61
+ end
62
+
57
63
  res
58
64
  end
59
65
 
@@ -96,4 +102,31 @@ module Sqreen
96
102
  nil
97
103
  end
98
104
  end
105
+
106
+ # For redacting sensitive data and avoid having it sent to our servers
107
+ class SensitiveDataRedactor
108
+ SENSITIVE_KEYS = Set.new(%w[password secret passwd authorization api_key apikey access_token]).freeze
109
+ MASK = '<Redacted by Sqreen>'.freeze
110
+ REGEX = /\A(?:\d[ -]*?){13,16}\z/
111
+
112
+ def self.redact(obj)
113
+ case obj
114
+ when String
115
+ return MASK if obj =~ REGEX
116
+
117
+ when Array
118
+ return obj.map(&method(:redact))
119
+
120
+ when Hash
121
+ return Hash[
122
+ obj.map do |k, v|
123
+ ck = k.is_a?(String) ? k.downcase : k
124
+ [k, SENSITIVE_KEYS.include?(ck) ? MASK : redact(v)]
125
+ end
126
+ ]
127
+ end
128
+
129
+ obj
130
+ end
131
+ end
99
132
  end
data/lib/sqreen/frameworks/generic.rb CHANGED
@@ -393,6 +393,7 @@ module Sqreen
393
393
  each_key_value_for_hash(p) do |value|
394
394
  next unless value.is_a?(String)
395
395
  next if value.size < 5
396
+ value = value.force_encoding(Encoding::ISO_8859_1).encode(Encoding::UTF_8) unless value.valid_encoding?
396
397
  next if regexp && !regexp.match?(value)
397
398
  parm << value
398
399
  end
@@ -410,6 +411,7 @@ module Sqreen
410
411
  each_key_value_for_hash(p) do |value|
411
412
  next unless value.is_a?(String)
412
413
  next if value.size < 5
414
+ value = value.force_encoding(Encoding::ISO_8859_1).encode(Encoding::UTF_8) unless value.valid_encoding?
413
415
  next if regexp && !regexp.match(value)
414
416
  parm << value
415
417
  end
data/lib/sqreen/rules_callbacks/reflected_xss.rb CHANGED
@@ -140,7 +140,8 @@ module Sqreen
140
140
  tag = ret
141
141
  if tag.value[:escape_html] == false &&
142
142
  tag.value[:value].respond_to?(:include?) &&
143
- !tag.value[:value].include?('html_escape')
143
+ !tag.value[:value].include?('html_escape') &&
144
+ tag.value[:parse] == true
144
145
  tag.value[:value] = "Sqreen.escape_haml((#{tag.value[:value]}))"
145
146
  return { :status => :override, :new_return_value => tag }
146
147
  end
data/lib/sqreen/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # Copyright (c) 2015 Sqreen. All Rights Reserved.
2
2
  # Please refer to our terms for more information: https://www.sqreen.io/terms.html
3
3
  module Sqreen
4
- VERSION = '1.13.2'.freeze
4
+ VERSION = '1.13.4'.freeze
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.13.2
4
+ version: 1.13.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-07-23 00:00:00.000000000 Z
11
+ date: 2018-08-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: execjs
@@ -30,14 +30,14 @@ dependencies:
30
30
  requirements:
31
31
  - - ">="
32
32
  - !ruby/object:Gem::Version
33
- version: '0'
33
+ version: 0.12.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
- version: '0'
40
+ version: 0.12.1
41
41
  description: Sqreen is a SaaS based Application protection and monitoring platform
42
42
  that integrates directly into your Ruby applications. Learn more at https://sqreen.io.
43
43
  email: contact@sqreen.io