sqreen 1.15.3.beta2 → 1.15.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/sqreen/configuration.rb +4 -0
  3. data/lib/sqreen/events/request_record.rb +40 -7
  4. data/lib/sqreen/frameworks/request_recorder.rb +10 -1
  5. data/lib/sqreen/js/mini_racer_adapter.rb +20 -4
  6. data/lib/sqreen/remote_command.rb +26 -0
  7. data/lib/sqreen/version.rb +1 -1
  8. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 22bb2bb71ea7c1ab0a557a3cd2f8018a3da8531f3adb985eb95b23ba36a06bda
4
- data.tar.gz: 17a9ab6b561e96366fff1fe89aa3dc61bb3ee120a8ffcf36dad3c9f9e6cb2a9d
3
+ metadata.gz: 4d3aa083f1891ea59e35ad5eca5ee46a9aed99a535bb90e0b6e6a2255d8beffc
4
+ data.tar.gz: 7f9003dbc6f7078071757e4aac16a38f7d317ca92d0ba159374c5409e3cd0099
5
5
  SHA512:
6
- metadata.gz: ef504985ed22ae98abc51cf88d08e8ce0e99c4c3c990f8e4d2233deeabd009e6aa8564e260f15705716c8115db89e282e1582d84dd93070d0c0a82246c8e8a18
7
- data.tar.gz: ed7b28ca551034387bfb5373aad968d4e6432602fffa696f872b8a489f3e3186d3d5a8c239a4ed3a737079c91db1552818c254f8521f7e291be95dab37a0bf10
6
+ metadata.gz: 79020866e2549ea65bbbda91aa3370e83200d92ce14d00ab8e16166e0ceeba028def6125c6e2fd899678922c8290821723b3270c55c6d49e2c10d112943c2027
7
+ data.tar.gz: c2c65bb389fe944644161b3ed8e71bd895b594da33061ba493d5c40ae9e80e40dd934ccb7d1a5bc2d479df4cd877bff77233cc9a02846a5cf23574538fb188eb
data/lib/sqreen/configuration.rb CHANGED
@@ -53,6 +53,10 @@ module Sqreen
53
53
  :default => nil },
54
54
  { :env => :SQREEN_STRIP_SENSITIVE_DATA, :name => :strip_sensitive_data,
55
55
  :default => true, :convert => :to_bool },
56
+ { :env => :SQREEN_STRIP_SENSITIVE_KEYS, :name => :strip_sensitive_keys,
57
+ :default => nil },
58
+ { :env => :SQREEN_STRIP_SENSITIVE_REGEX, :name => :strip_sensitive_regex,
59
+ :default => nil },
56
60
 
57
61
  ].freeze
58
62
 
data/lib/sqreen/events/request_record.rb CHANGED
@@ -7,6 +7,11 @@ require 'sqreen/event'
7
7
  module Sqreen
8
8
  # When a request is deeemed worthy of being sent to the backend
9
9
  class RequestRecord < Sqreen::Event
10
+ def initialize(payload, redactor = nil)
11
+ @redactor = redactor
12
+ super(payload)
13
+ end
14
+
10
15
  def observed
11
16
  (payload && payload[:observed]) || {}
12
17
  end
@@ -56,8 +61,8 @@ module Sqreen
56
61
  res[:request][:parameters] = payload['params'] if payload['params']
57
62
  res[:request][:headers] = payload['headers'] if payload['headers']
58
63
 
59
- if Sqreen.config_get(:strip_sensitive_data)
60
- res[:request] = SensitiveDataRedactor.redact(res[:request])
64
+ if @redactor
65
+ res[:request] = @redactor.redact(res[:request])
61
66
  end
62
67
 
63
68
  res
@@ -105,14 +110,42 @@ module Sqreen
105
110
 
106
111
  # For redacting sensitive data and avoid having it sent to our servers
107
112
  class SensitiveDataRedactor
108
- SENSITIVE_KEYS = Set.new(%w[password secret passwd authorization api_key apikey access_token]).freeze
113
+ DEFAULT_SENSITIVE_KEYS = Set.new(%w[password secret passwd authorization api_key apikey access_token]).freeze
114
+ DEFAULT_REGEX = /\A(?:\d[ -]*?){13,16}\z/
109
115
  MASK = '<Redacted by Sqreen>'.freeze
110
- REGEX = /\A(?:\d[ -]*?){13,16}\z/
111
116
 
112
- def self.redact(obj)
117
+ def self.from_config
118
+ keys = Sqreen.config_get(:strip_sensitive_keys)
119
+ if keys && keys.is_a?(String)
120
+ keys = keys.split(',')
121
+ else
122
+ keys = nil
123
+ end
124
+
125
+ regex = Sqreen.config_get(:strip_sensitive_regex)
126
+ if regex && regex.is_a?(String)
127
+ begin
128
+ regex = Regexp.compile(regex)
129
+ rescue RegexpError
130
+ Sqreen.log.warn("Invalid regular expression given in strip_sensitive_keys: #{regex}")
131
+ regex = nil
132
+ end
133
+ else
134
+ regex = nil
135
+ end
136
+
137
+ new(keys: keys, regex: regex)
138
+ end
139
+
140
+ def initialize(params = {})
141
+ @regex = params[:regex] || DEFAULT_REGEX
142
+ @keys = params[:keys] || DEFAULT_SENSITIVE_KEYS
143
+ end
144
+
145
+ def redact(obj)
113
146
  case obj
114
147
  when String
115
- return MASK if obj =~ REGEX
148
+ return MASK if obj =~ @regex
116
149
 
117
150
  when Array
118
151
  return obj.map(&method(:redact))
@@ -121,7 +154,7 @@ module Sqreen
121
154
  return Hash[
122
155
  obj.map do |k, v|
123
156
  ck = k.is_a?(String) ? k.downcase : k
124
- [k, SENSITIVE_KEYS.include?(ck) ? MASK : redact(v)]
157
+ [k, @keys.include?(ck) ? MASK : redact(v)]
125
158
  end
126
159
  ]
127
160
  end
data/lib/sqreen/frameworks/request_recorder.rb CHANGED
@@ -56,12 +56,21 @@ module Sqreen
56
56
  end
57
57
  payload = payload_creator.payload(payload_requests)
58
58
  payload[:observed] = observed_items
59
- queue.push RequestRecord.new(payload)
59
+ queue.push create_request_record(payload)
60
60
  clean_request_record
61
61
  end
62
62
 
63
63
  protected
64
64
 
65
+ def create_request_record(payload)
66
+ RequestRecord.new(payload, redactor)
67
+ end
68
+
69
+ def redactor
70
+ return nil unless Sqreen.config_get(:strip_sensitive_data)
71
+ @redactor ||= SensitiveDataRedactor.from_config
72
+ end
73
+
65
74
  def push_metrics(observations_queue, event_queue)
66
75
  observed_items[:observations].each do |obs|
67
76
  observations_queue.push obs
data/lib/sqreen/js/mini_racer_adapter.rb CHANGED
@@ -82,6 +82,14 @@ module Sqreen
82
82
 
83
83
  def run_js_cb(cb_name, budget, arguments)
84
84
  @pool.with_context do |ctx|
85
+ if ctx.code_failed?(@code_id)
86
+ Sqreen.log.debug do
87
+ "Skipping execution of callback #{cb_name} (code md5 #{@code_id})" \
88
+ " due to prev failure of definition evaluation"
89
+ end
90
+ return nil
91
+ end
92
+
85
93
  ctx.add_code(@code_id, @code) unless ctx.has_code?(@code_id)
86
94
 
87
95
  begin
@@ -89,6 +97,7 @@ module Sqreen
89
97
  ctx.eval_unsafe(
90
98
  "sqreen_data['#{@code_id}']['#{cb_name}'].apply(this, #{json_args})", nil, budget)
91
99
  rescue @module::ScriptTerminatedError
100
+ Sqreen.log.debug "ScriptTerminatedError/#{cb_name}"
92
101
  nil
93
102
  end
94
103
  end
@@ -149,13 +158,20 @@ module Sqreen
149
158
  @code_ids.include?(code_id)
150
159
  end
151
160
 
152
- def add_code(code_id, code)
153
- @code_ids ||= Set.new
154
- # if it fails, we don't try again
155
- @code_ids << code_id
161
+ def code_failed?(code_id)
162
+ return false unless @failed_code_ids
163
+ @failed_code_ids.include?(code_id)
164
+ end
156
165
 
166
+ def add_code(code_id, code)
157
167
  eval_unsafe code
158
168
  transf_global_funcs code_id
169
+ @code_ids ||= Set.new
170
+ @code_ids << code_id
171
+ rescue
172
+ @failed_code_ids ||= Set.new
173
+ @failed_code_ids << code_id
174
+ raise
159
175
  end
160
176
 
161
177
  def eval_unsafe(str, filename = nil, timeoutv = nil)
data/lib/sqreen/remote_command.rb CHANGED
@@ -59,6 +59,7 @@ module Sqreen
59
59
  Sqreen.log.debug { commands.inspect }
60
60
  return res_list
61
61
  end
62
+ commands = coalesce_reloads(commands, res_list)
62
63
  commands.each do |cmd_json|
63
64
  Sqreen.log.debug { cmd_json }
64
65
  cmd = RemoteCommand.new(cmd_json)
@@ -69,6 +70,31 @@ module Sqreen
69
70
  res_list
70
71
  end
71
72
 
73
+ # will need changes if we ever distinguish forced/soft reloads
74
+ # ('force' parameter in the command)
75
+ def self.coalesce_reloads(commands, res_list)
76
+ new_commands = []
77
+ saw_rules_reload = false
78
+ commands.reverse_each do |cmd_json|
79
+ name = cmd_json['name']
80
+ unless name == 'rules_reload'
81
+ new_commands.unshift cmd_json
82
+ next
83
+ end
84
+
85
+ if saw_rules_reload
86
+ res_list[cmd_json['uuid']] =
87
+ { :status => false, :reason => "redundant rules_reload ignored" }
88
+ else
89
+ saw_rules_reload = true
90
+ new_commands.unshift cmd_json
91
+ next
92
+ end
93
+ end
94
+
95
+ new_commands
96
+ end
97
+
72
98
  def to_h
73
99
  {
74
100
  :name => @name,
data/lib/sqreen/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # Copyright (c) 2015 Sqreen. All Rights Reserved.
2
2
  # Please refer to our terms for more information: https://www.sqreen.io/terms.html
3
3
  module Sqreen
4
- VERSION = '1.15.3.beta2'.freeze
4
+ VERSION = '1.15.3'.freeze
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.15.3.beta2
4
+ version: 1.15.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-11-05 00:00:00.000000000 Z
11
+ date: 2018-11-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sq_mini_racer
@@ -133,9 +133,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
133
133
  version: '0'
134
134
  required_rubygems_version: !ruby/object:Gem::Requirement
135
135
  requirements:
136
- - - ">"
136
+ - - ">="
137
137
  - !ruby/object:Gem::Version
138
- version: 1.3.1
138
+ version: '0'
139
139
  requirements: []
140
140
  rubyforge_project:
141
141
  rubygems_version: 2.7.7