sqreen 1.16.1 → 1.16.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f14c1978c48e3db55da6c20eb782a5313066c357038b215821652be20bec7a90
-  data.tar.gz: 91eee47349717f3d760ede2086586a3ab009449acadcdbb4b4120586afe7601c
+  metadata.gz: 424c794c9315a7e1a0544fd6be427194ec7d7155e665ba86c1c3413306078941
+  data.tar.gz: 815fa9b893dd2577360a0408cc44194879c9fb1bbe5074cdce6c8c8629e82704
 SHA512:
-  metadata.gz: 2c92239048effb55846ac2777d59f92b73295d13548cc881ccd6686a4191d7691a4238a59f94820d99eb01f5435d8874d7afdb60518cafb0c4337b317969a18b
-  data.tar.gz: 3c2f2413eb44ede4c346f07d9956cd49b511cad33e6f8c0962c41cb34ef146bf973eb02861ce0984b486ea43a6dcd80f4848450d74c990447926b5c93bbf3684
+  metadata.gz: 9bc336364648476b1e6a0b6a3955215646c008a418b35f39abacc1cee9fccd5bab9374e8e90b444bc2a1482eebc25ddf463526154479acca14acc7605e438bdf
+  data.tar.gz: 53433d834097073f8ec98dd4396243029fb55e60c675bb6da379d12090000cbb31be0a23e736a9cc70615dd5fe7991559cc4a3c3c884d02cbbe6e5c787e5b415

data/lib/sqreen.rb

@@ -18,7 +18,6 @@ require 'thread'
 
 Sqreen.framework.on_start do |framework|
   if Sqreen.framework.on_pre_fork_preload?
-    STDERR.puts("Avoiding launching sqreen thread pre-fork") # sqreen log unavailable
     next
   end
   Thread.new do

data/lib/sqreen/events/request_record.rb

@@ -127,7 +127,7 @@ module Sqreen
         begin
           regex = Regexp.compile(regex)
         rescue RegexpError
-          Sqreen.log.warn("Invalid regular expression given in strip_sensitive_keys: #{regex}")
+          Sqreen.log.warn("Invalid regular expression given in strip_sensitive_regex: #{regex}")
           regex = nil
         end
       else
@@ -139,7 +139,7 @@ module Sqreen
 
     def initialize(params = {})
       @regex = params[:regex] || DEFAULT_REGEX
-      @keys = params[:keys] || DEFAULT_SENSITIVE_KEYS
+      @keys = (params[:keys] || DEFAULT_SENSITIVE_KEYS).map(&:downcase)
     end
 
     def redact(obj)

data/lib/sqreen/frameworks/generic.rb

@@ -122,7 +122,9 @@ module Sqreen
       def http_headers
         req = request
         return nil unless req
-        req.env.select { |k, _| k.to_s.start_with?('HTTP_') }
+        # dup to avoid potential error because of change (in another thread)
+        # during iteration
+        req.env.dup.select { |k, _| k.to_s.start_with?('HTTP_') }
       end
 
       def hostname

data/lib/sqreen/js/mini_racer_adapter.rb

@@ -111,6 +111,8 @@ module Sqreen
 
           ctx.add_code(@code_id, @code) unless ctx.has_code?(@code_id)
 
+          # mini_racer expects timeout to be in ms
+          ctx.timeout = budget ? budget * 1000.0 : nil
           begin
             ctx.call("sqreen_#{@code_id}_#{cb_name}", *arguments)
           rescue @module::ScriptTerminatedError
@@ -133,6 +135,7 @@ module Sqreen
           SqreenContext.class_eval do
             attr_accessor :gc_threshold_in_bytes
             attr_accessor :gc_load
+            attr_writer   :timeout
 
             def has_code?(code_id)
               return false unless @code_ids

data/lib/sqreen/rules_callbacks/execjs.rb

@@ -95,7 +95,7 @@ module Sqreen
 
       def call_callback(cb_name, budget, inst, cb_ba_args, args, rv = nil)
         arguments = cb_ba_args.map do |ba|
-           ba.resolve(binding, framework, inst, args, @data, rv)
+          ba.resolve(binding, framework, inst, args, @data, rv)
         end
         arguments = @argument_filter.filter(cb_name, arguments)
 

data/lib/sqreen/version.rb

@@ -1,5 +1,5 @@
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 module Sqreen
-  VERSION = '1.16.1'.freeze
+  VERSION = '1.16.2'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.16.1
+  version: 1.16.2
 platform: ruby
 authors:
 - Sqreen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-18 00:00:00.000000000 Z
+date: 2019-02-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sq_mini_racer
@@ -96,7 +96,6 @@ files:
 - lib/sqreen/rules_callbacks/crawler_user_agent_matches_metrics.rb
 - lib/sqreen/rules_callbacks/custom_error.rb
 - lib/sqreen/rules_callbacks/execjs.rb
-- lib/sqreen/rules_callbacks/execjs_old.rb
 - lib/sqreen/rules_callbacks/headers_insert.rb
 - lib/sqreen/rules_callbacks/inspect_rule.rb
 - lib/sqreen/rules_callbacks/matcher_rule.rb

data/lib/sqreen/rules_callbacks/execjs_old.rb

@@ -1,315 +0,0 @@
-# Copyright (c) 2015 Sqreen. All Rights Reserved.
-# Please refer to our terms for more information: https://www.sqreen.io/terms.html
-
-if defined?(::JRUBY_VERSION)
-  require 'rhino'
-  SQREEN_MINI_RACER = false
-else
-  begin
-    require 'mini_racer'
-    SQREEN_MINI_RACER = true
-    GC_MINI_RACER = 10_000
-  rescue LoadError
-    require 'therubyracer'
-    SQREEN_MINI_RACER = false
-  end
-end
-
-require 'weakref'
-require 'execjs'
-
-require 'sqreen/rule_attributes'
-require 'sqreen/rule_callback'
-require 'sqreen/condition_evaluator'
-require 'sqreen/binding_accessor'
-require 'sqreen/events/remote_exception'
-
-module Sqreen
-  if SQREEN_MINI_RACER
-    # Context specialized for Sqreen usage
-    class SqreenContext < MiniRacer::Context
-      def eval_unsafe(str, filename = nil, timeoutv = nil)
-        # Beware, timeout could be kept in the context
-        # if perf cap is removed after having been activated
-        # As it's unused by execjscb we are not cleaning it
-        return super(str, filename) if timeoutv.nil?
-        return if timeoutv <= 0.0
-        timeoutv *= 1000 # Timeout are currently expressed in seconds
-        @timeout = timeoutv
-        @eval_thread = Thread.current
-        timeout do
-          super(str, filename)
-        end
-      end
-    end
-
-    # Weak ref to a context
-    # enables us to skip a method missing call
-    class WeakCtx < WeakRef
-      def initialize(*args)
-        super(*args)
-      end
-
-      def eval_unsafe(str, filename, timeoutv)
-        __getobj__.eval_unsafe(str, filename, timeoutv)
-      end
-    end
-  end
-  module Rules
-    # Exec js callbacks
-    class ExecJSCBOld < RuleCB
-      attr_accessor :restrict_max_depth
-      attr_reader :runtimes
-      attr_accessor :recycle_runtime_every
-
-      def initialize(klass, method, rule_hash)
-        super(klass, method, rule_hash)
-        callbacks = @rule[Attrs::CALLBACKS]
-        @conditions = @rule.fetch(Attrs::CONDITIONS, {})
-
-        if callbacks['pre'].nil? &&
-           callbacks['post'].nil? &&
-           callbacks['failing'].nil?
-          raise(Sqreen::Exception, 'no JS CB provided')
-        end
-
-        build_runnable(callbacks)
-        @restrict_max_depth = 20
-        unless SQREEN_MINI_RACER
-          @compiled = ExecJS.compile(@source)
-          return
-        end
-        @recycle_runtime_every = GC_MINI_RACER
-        @snapshot = MiniRacer::Snapshot.new(@source)
-        @runtimes = []
-        @key = "SQREEN_MINI_RACER_CONTEXT_#{object_id}".freeze
-      end
-
-      def pre?
-        @js_pre
-      end
-
-      def post?
-        @js_post
-      end
-
-      def failing?
-        @js_failing
-      end
-
-      def pre(inst, args, budget = nil, &_block)
-        return unless pre?
-
-        call_callback('pre', inst, budget, args)
-      end
-
-      def post(rv, inst, args, budget = nil, &_block)
-        return unless post?
-
-        call_callback('post', inst, budget, args, rv)
-      end
-
-      def failing(rv, inst, args, budget = nil, &_block)
-        return unless failing?
-
-        call_callback('failing', inst, budget, args, rv)
-      end
-
-      def self.hash_val_included(needed, haystack, min_length = 8, max_depth = 20)
-        new_obj = {}
-        insert = []
-        to_do = haystack.map { |k, v| [new_obj, k, v, 0] }
-        until to_do.empty?
-          where, key, value, deepness = to_do.pop
-          safe_key = key.is_a?(Integer) ? key : key.to_s
-          if value.is_a?(Hash) && deepness < max_depth
-            val = {}
-            insert << [where, safe_key, val]
-            to_do += value.map { |k, v| [val, k, v, deepness + 1] }
-          elsif value.is_a?(Array) && deepness < max_depth
-            val = []
-            insert << [where, safe_key, val]
-            i = -1
-            to_do += value.map { |v| [val, i += 1, v, deepness + 1] }
-          elsif deepness >= max_depth # if we are after max_depth don't try to filter
-            insert << [where, safe_key, value]
-          else
-            v = value.to_s
-            if v.size >= min_length && ConditionEvaluator.str_include?(needed.to_s, v)
-              case where
-              when Array
-                where << value
-              else
-                where[safe_key] = value
-              end
-            end
-          end
-        end
-        insert.reverse.each do |wh, ikey, ival|
-          case wh
-          when Array
-            wh << ival unless ival.respond_to?(:empty?) && ival.empty?
-          else
-            wh[ikey] = ival unless ival.respond_to?(:empty?) && ival.empty?
-          end
-        end
-        new_obj
-      end
-
-      protected
-
-      def record_and_continue?(ret)
-        case ret
-        when NilClass
-          false
-        when Hash
-          ret.keys.each do |k|
-            ret[(begin
-                                     k.to_sym
-                                   rescue StandardError
-                                     k
-                                   end)] = ret[k] end
-          record_event(ret[:record]) unless ret[:record].nil?
-          unless ret['observations'].nil?
-            ret['observations'].each do |obs|
-              obs[3] = Time.parse(obs[3]) if obs.size >= 3 && obs[3].is_a?(String)
-              record_observation(*obs)
-            end
-          end
-          !ret[:call].nil?
-        else
-          raise Sqreen::Exception, "Invalid return type #{ret.inspect}"
-        end
-      end
-
-      def push_runtime(runtime)
-        @runtimes.delete_if do |th, runt, _thid|
-          del = th.nil? || !th.weakref_alive? || !th.alive?
-          runt.dispose if del
-          del
-        end
-        @runtimes.push [WeakRef.new(Thread.current), runtime, Thread.current.object_id]
-      end
-
-      def dispose_runtime(runtime)
-        @runtimes.delete_if { |_th, _runt, thid| thid == Thread.current.object_id }
-        runtime.dispose
-      end
-
-      def call_callback(name, inst, budget, args, rv = nil)
-        mini_racer_context = nil
-        if SQREEN_MINI_RACER
-          mini_racer_context = Thread.current[@key]
-          dead_runtime = !mini_racer_context || !mini_racer_context[:r] || !mini_racer_context[:r].weakref_alive?
-          if !dead_runtime && mini_racer_context[:c] >= @recycle_runtime_every
-            dispose_runtime(mini_racer_context[:r])
-            dead_runtime = true
-          end
-          if dead_runtime
-            new_runtime = SqreenContext.new(:snapshot => @snapshot)
-            push_runtime new_runtime
-            mini_racer_context = {
-              :c => 0,
-              :r => WeakCtx.new(new_runtime),
-            }
-            Thread.current[@key] = mini_racer_context
-          end
-        end
-        ret = nil
-        args_override = nil
-        arguments = nil
-        while true
-          arguments = (args_override || @argument_requirements[name]).map do |accessor|
-            accessor.resolve(binding, framework, inst, args, @data, rv)
-          end
-          arguments = restrict(name, arguments) if @conditions.key?(name)
-          Sqreen.log.debug { [name, arguments].inspect }
-          if SQREEN_MINI_RACER
-            mini_racer_context[:c] += 1
-            begin
-              ret = mini_racer_context[:r].eval_unsafe("#{name}.apply(this, #{::JSON.generate(arguments)})", nil, budget)
-            rescue MiniRacer::ScriptTerminatedError
-              ret = nil
-            end
-          else
-            ret = @compiled.call(name, *arguments)
-          end
-          unless record_and_continue?(ret)
-            return nil if ret.nil?
-            return advise_action(ret[:status], ret)
-          end
-          name = ret[:call]
-          rv = ret[:data]
-          args_override = ret[:args]
-          args_override = build_accessor(args_override) if args_override
-        end
-      rescue StandardError => e
-        Sqreen.log.warn { "we catch a JScb exception: #{e.inspect}" }
-        Sqreen.log.debug e.backtrace
-        record_exception(e, :cb => name, :args => arguments)
-        nil
-      end
-
-      def each_hash_val_include(condition, depth = 10)
-        return if depth <= 0
-        condition.each do |key, values|
-          if key == ConditionEvaluator::HASH_INC_OPERATOR
-            yield values
-          else
-            values.map do |v|
-              each_hash_val_include(v, depth - 1) { |vals| yield vals } if v.is_a?(Hash)
-            end
-          end
-        end
-      end
-
-      def restrict(cbname, arguments)
-        condition = @conditions[cbname]
-        return arguments if condition.nil? || @argument_requirements[cbname].nil?
-
-        each_hash_val_include(condition) do |needle, haystack, min_length|
-          # We could actually run the binding accessor expression here.
-          needed_idx = @argument_requirements[cbname].map(&:expression).index(needle)
-          next unless needed_idx
-
-          haystack_idx = @argument_requirements[cbname].map(&:expression).index(haystack)
-          next unless haystack_idx
-
-          arguments[haystack_idx] = ExecJSCB.hash_val_included(
-            arguments[needed_idx],
-            arguments[haystack_idx],
-            min_length.to_i,
-            @restrict_max_depth
-          )
-        end
-
-        arguments
-      end
-
-      def build_accessor(reqs)
-        reqs.map do |req|
-          BindingAccessor.new(req, true)
-        end
-      end
-
-      def build_runnable(callbacks)
-        @argument_requirements = {}
-        @source = ''
-        @js_pre = !callbacks['pre'].nil?
-        @js_post = !callbacks['post'].nil?
-        @js_failing = !callbacks['failing'].nil?
-        callbacks.each do |name, args_or_func|
-          @source << "var #{name} = "
-          if args_or_func.is_a?(Array)
-            @source << args_or_func.pop
-            @argument_requirements[name] = build_accessor(args_or_func)
-          else
-            @source << args_or_func
-            @argument_requirements[name] = []
-          end
-          @source << ";\n"
-        end
-      end
-    end
-  end
-end