sqreen 1.15.3.beta2 → 1.15.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/sqreen/configuration.rb +4 -0
  3. data/lib/sqreen/events/request_record.rb +40 -7
  4. data/lib/sqreen/frameworks/request_recorder.rb +10 -1
  5. data/lib/sqreen/js/mini_racer_adapter.rb +20 -4
  6. data/lib/sqreen/remote_command.rb +26 -0
  7. data/lib/sqreen/version.rb +1 -1
  8. metadata +4 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 22bb2bb71ea7c1ab0a557a3cd2f8018a3da8531f3adb985eb95b23ba36a06bda
4
- data.tar.gz: 17a9ab6b561e96366fff1fe89aa3dc61bb3ee120a8ffcf36dad3c9f9e6cb2a9d
3
+ metadata.gz: 4d3aa083f1891ea59e35ad5eca5ee46a9aed99a535bb90e0b6e6a2255d8beffc
4
+ data.tar.gz: 7f9003dbc6f7078071757e4aac16a38f7d317ca92d0ba159374c5409e3cd0099
5
5
  SHA512:
6
- metadata.gz: ef504985ed22ae98abc51cf88d08e8ce0e99c4c3c990f8e4d2233deeabd009e6aa8564e260f15705716c8115db89e282e1582d84dd93070d0c0a82246c8e8a18
7
- data.tar.gz: ed7b28ca551034387bfb5373aad968d4e6432602fffa696f872b8a489f3e3186d3d5a8c239a4ed3a737079c91db1552818c254f8521f7e291be95dab37a0bf10
6
+ metadata.gz: 79020866e2549ea65bbbda91aa3370e83200d92ce14d00ab8e16166e0ceeba028def6125c6e2fd899678922c8290821723b3270c55c6d49e2c10d112943c2027
7
+ data.tar.gz: c2c65bb389fe944644161b3ed8e71bd895b594da33061ba493d5c40ae9e80e40dd934ccb7d1a5bc2d479df4cd877bff77233cc9a02846a5cf23574538fb188eb
data/lib/sqreen/configuration.rb CHANGED
@@ -53,6 +53,10 @@ module Sqreen
53
53
  :default => nil },
54
54
  { :env => :SQREEN_STRIP_SENSITIVE_DATA, :name => :strip_sensitive_data,
55
55
  :default => true, :convert => :to_bool },
56
+ { :env => :SQREEN_STRIP_SENSITIVE_KEYS, :name => :strip_sensitive_keys,
57
+ :default => nil },
58
+ { :env => :SQREEN_STRIP_SENSITIVE_REGEX, :name => :strip_sensitive_regex,
59
+ :default => nil },
56
60
 
57
61
  ].freeze
58
62
 
data/lib/sqreen/events/request_record.rb CHANGED
@@ -7,6 +7,11 @@ require 'sqreen/event'
7
7
  module Sqreen
8
8
  # When a request is deeemed worthy of being sent to the backend
9
9
  class RequestRecord < Sqreen::Event
10
+ def initialize(payload, redactor = nil)
11
+ @redactor = redactor
12
+ super(payload)
13
+ end
14
+
10
15
  def observed
11
16
  (payload && payload[:observed]) || {}
12
17
  end
@@ -56,8 +61,8 @@ module Sqreen
56
61
  res[:request][:parameters] = payload['params'] if payload['params']
57
62
  res[:request][:headers] = payload['headers'] if payload['headers']
58
63
 
59
- if Sqreen.config_get(:strip_sensitive_data)
60
- res[:request] = SensitiveDataRedactor.redact(res[:request])
64
+ if @redactor
65
+ res[:request] = @redactor.redact(res[:request])
61
66
  end
62
67
 
63
68
  res
@@ -105,14 +110,42 @@ module Sqreen
105
110
 
106
111
  # For redacting sensitive data and avoid having it sent to our servers
107
112
  class SensitiveDataRedactor
108
- SENSITIVE_KEYS = Set.new(%w[password secret passwd authorization api_key apikey access_token]).freeze
113
+ DEFAULT_SENSITIVE_KEYS = Set.new(%w[password secret passwd authorization api_key apikey access_token]).freeze
114
+ DEFAULT_REGEX = /\A(?:\d[ -]*?){13,16}\z/
109
115
  MASK = '<Redacted by Sqreen>'.freeze
110
- REGEX = /\A(?:\d[ -]*?){13,16}\z/
111
116
 
112
- def self.redact(obj)
117
+ def self.from_config
118
+ keys = Sqreen.config_get(:strip_sensitive_keys)
119
+ if keys && keys.is_a?(String)
120
+ keys = keys.split(',')
121
+ else
122
+ keys = nil
123
+ end
124
+
125
+ regex = Sqreen.config_get(:strip_sensitive_regex)
126
+ if regex && regex.is_a?(String)
127
+ begin
128
+ regex = Regexp.compile(regex)
129
+ rescue RegexpError
130
+ Sqreen.log.warn("Invalid regular expression given in strip_sensitive_keys: #{regex}")
131
+ regex = nil
132
+ end
133
+ else
134
+ regex = nil
135
+ end
136
+
137
+ new(keys: keys, regex: regex)
138
+ end
139
+
140
+ def initialize(params = {})
141
+ @regex = params[:regex] || DEFAULT_REGEX
142
+ @keys = params[:keys] || DEFAULT_SENSITIVE_KEYS
143
+ end
144
+
145
+ def redact(obj)
113
146
  case obj
114
147
  when String
115
- return MASK if obj =~ REGEX
148
+ return MASK if obj =~ @regex
116
149
 
117
150
  when Array
118
151
  return obj.map(&method(:redact))
@@ -121,7 +154,7 @@ module Sqreen
121
154
  return Hash[
122
155
  obj.map do |k, v|
123
156
  ck = k.is_a?(String) ? k.downcase : k
124
- [k, SENSITIVE_KEYS.include?(ck) ? MASK : redact(v)]
157
+ [k, @keys.include?(ck) ? MASK : redact(v)]
125
158
  end
126
159
  ]
127
160
  end
data/lib/sqreen/frameworks/request_recorder.rb CHANGED
@@ -56,12 +56,21 @@ module Sqreen
56
56
  end
57
57
  payload = payload_creator.payload(payload_requests)
58
58
  payload[:observed] = observed_items
59
- queue.push RequestRecord.new(payload)
59
+ queue.push create_request_record(payload)
60
60
  clean_request_record
61
61
  end
62
62
 
63
63
  protected
64
64
 
65
+ def create_request_record(payload)
66
+ RequestRecord.new(payload, redactor)
67
+ end
68
+
69
+ def redactor
70
+ return nil unless Sqreen.config_get(:strip_sensitive_data)
71
+ @redactor ||= SensitiveDataRedactor.from_config
72
+ end
73
+
65
74
  def push_metrics(observations_queue, event_queue)
66
75
  observed_items[:observations].each do |obs|
67
76
  observations_queue.push obs
data/lib/sqreen/js/mini_racer_adapter.rb CHANGED
@@ -82,6 +82,14 @@ module Sqreen
82
82
 
83
83
  def run_js_cb(cb_name, budget, arguments)
84
84
  @pool.with_context do |ctx|
85
+ if ctx.code_failed?(@code_id)
86
+ Sqreen.log.debug do
87
+ "Skipping execution of callback #{cb_name} (code md5 #{@code_id})" \
88
+ " due to prev failure of definition evaluation"
89
+ end
90
+ return nil
91
+ end
92
+
85
93
  ctx.add_code(@code_id, @code) unless ctx.has_code?(@code_id)
86
94
 
87
95
  begin
@@ -89,6 +97,7 @@ module Sqreen
89
97
  ctx.eval_unsafe(
90
98
  "sqreen_data['#{@code_id}']['#{cb_name}'].apply(this, #{json_args})", nil, budget)
91
99
  rescue @module::ScriptTerminatedError
100
+ Sqreen.log.debug "ScriptTerminatedError/#{cb_name}"
92
101
  nil
93
102
  end
94
103
  end
@@ -149,13 +158,20 @@ module Sqreen
149
158
  @code_ids.include?(code_id)
150
159
  end
151
160
 
152
- def add_code(code_id, code)
153
- @code_ids ||= Set.new
154
- # if it fails, we don't try again
155
- @code_ids << code_id
161
+ def code_failed?(code_id)
162
+ return false unless @failed_code_ids
163
+ @failed_code_ids.include?(code_id)
164
+ end
156
165
 
166
+ def add_code(code_id, code)
157
167
  eval_unsafe code
158
168
  transf_global_funcs code_id
169
+ @code_ids ||= Set.new
170
+ @code_ids << code_id
171
+ rescue
172
+ @failed_code_ids ||= Set.new
173
+ @failed_code_ids << code_id
174
+ raise
159
175
  end
160
176
 
161
177
  def eval_unsafe(str, filename = nil, timeoutv = nil)
data/lib/sqreen/remote_command.rb CHANGED
@@ -59,6 +59,7 @@ module Sqreen
59
59
  Sqreen.log.debug { commands.inspect }
60
60
  return res_list
61
61
  end
62
+ commands = coalesce_reloads(commands, res_list)
62
63
  commands.each do |cmd_json|
63
64
  Sqreen.log.debug { cmd_json }
64
65
  cmd = RemoteCommand.new(cmd_json)
@@ -69,6 +70,31 @@ module Sqreen
69
70
  res_list
70
71
  end
71
72
 
73
+ # will need changes if we ever distinguish forced/soft reloads
74
+ # ('force' parameter in the command)
75
+ def self.coalesce_reloads(commands, res_list)
76
+ new_commands = []
77
+ saw_rules_reload = false
78
+ commands.reverse_each do |cmd_json|
79
+ name = cmd_json['name']
80
+ unless name == 'rules_reload'
81
+ new_commands.unshift cmd_json
82
+ next
83
+ end
84
+
85
+ if saw_rules_reload
86
+ res_list[cmd_json['uuid']] =
87
+ { :status => false, :reason => "redundant rules_reload ignored" }
88
+ else
89
+ saw_rules_reload = true
90
+ new_commands.unshift cmd_json
91
+ next
92
+ end
93
+ end
94
+
95
+ new_commands
96
+ end
97
+
72
98
  def to_h
73
99
  {
74
100
  :name => @name,
data/lib/sqreen/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # Copyright (c) 2015 Sqreen. All Rights Reserved.
2
2
  # Please refer to our terms for more information: https://www.sqreen.io/terms.html
3
3
  module Sqreen
4
- VERSION = '1.15.3.beta2'.freeze
4
+ VERSION = '1.15.3'.freeze
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.15.3.beta2
4
+ version: 1.15.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-11-05 00:00:00.000000000 Z
11
+ date: 2018-11-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sq_mini_racer
@@ -133,9 +133,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
133
133
  version: '0'
134
134
  required_rubygems_version: !ruby/object:Gem::Requirement
135
135
  requirements:
136
- - - ">"
136
+ - - ">="
137
137
  - !ruby/object:Gem::Version
138
- version: 1.3.1
138
+ version: '0'
139
139
  requirements: []
140
140
  rubyforge_project:
141
141
  rubygems_version: 2.7.7