sqreen 1.17.2.beta2 → 1.17.2.beta3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b146b5b2fc5e830ab98c049eb17c576a943899035226300157eb88ab9db8fad5
-  data.tar.gz: 6a3ec0498bd1f1eac06caef917708a837fc06d83b6931e139f2da7890a2cc59a
+  metadata.gz: cabb0842af2e9904ceddafa66cfb55f82cf3cc175a7723bff0a5958bf64b2deb
+  data.tar.gz: 7c58a8fdc330df14a88d035d385fc628b84df73d4e1f469fad007d2f75c7dbb3
 SHA512:
-  metadata.gz: c357bbd375005220b136be93496689df76d883cce643dda9c8260024393b2fc82173aa3f7ebd76e12fbe7d62309df9d5f009e7d304e38c2db548f40cd1fee6d2
-  data.tar.gz: 2606d78d949c24784f04fc71fab61d964a323cbbbe04580750c5dda4f954b3e07d95f9f34b15efb0e7a09ed2b1ee008cbd22d2a470cc03f84c1f3963fe111189
+  metadata.gz: a5cc467d7326721c2a2decf309308d558ed18b3c286567466f9a6ac45e9e0f9bfe97e997d52474fbb00da20450ec3bc9c38c71cf1aae09da1a3cc1b00a0fa95f
+  data.tar.gz: 1cd615e2ad7084e7d86d51d81583ab5ba55ed6d84620b733960e9620742a792c03a4fb4960eda498ef2d62fb88e37a7f63af8a8c14fec18b063d9cc7dd9d1702

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 1.17.2.beta3
+
+* Improve performance of user tracking
+* Improve reliability of user tracking against performance budget
+* Restore compatibility with Ruby 1.9.3, 2.0, and 2.1 and JRuby 9.2
+
 ## 1.17.2.beta2
 
 * Important note: this beta release supports Ruby 2.2 or above only

data/lib/sqreen/backport.rb

@@ -0,0 +1,4 @@
+module Sqreen
+  module Backport
+  end
+end

data/lib/sqreen/backport/original_name.rb

@@ -0,0 +1,83 @@
+module Sqreen
+  module Backport
+    module OriginalName
+      HAS_UNBOUND_METHOD_ORIGINAL_NAME = ::UnboundMethod.instance_methods(false).include?(:original_name)
+      HAS_METHOD_ORIGINAL_NAME = ::Method.instance_methods(false).include?(:original_name)
+
+      def original_name
+        self.class.get_original_name(owner, original_name_key) || self.original_name = name
+      end
+
+      private
+
+      def original_name=(name)
+        self.class.set_original_name(owner, original_name_key, name)
+      end
+
+      def original_name_key
+        return hash if is_a?(::UnboundMethod)
+
+        owner.instance_method(name).hash
+      end
+
+      class << self
+        def supported?
+          !::Kernel.const_defined?(:JRUBY_VERSION) && HAS_UNBOUND_METHOD_ORIGINAL_NAME && HAS_METHOD_ORIGINAL_NAME
+        end
+
+        def included(klass)
+          klass.extend(ClassMethods)
+        end
+
+        def prepended(klass)
+          klass.extend(ClassMethods)
+        end
+      end
+
+      class Store < ::Hash; end
+
+      module ClassMethods
+        def original_names(owner)
+          owner.instance_eval { @__sqreen_backport_original_names ||= Store.new }
+        end
+
+        def get_original_name(owner, key)
+          original_names(owner)[key]
+        end
+
+        def set_original_name(owner, key, name)
+          original_names(owner)[key] ||= name
+        end
+      end
+    end
+  end
+end
+
+class UnboundMethod
+  if Sqreen::Backport::OriginalName::HAS_UNBOUND_METHOD_ORIGINAL_NAME
+    prepend Sqreen::Backport::OriginalName
+  else
+    include Sqreen::Backport::OriginalName
+  end
+end unless Sqreen::Backport::OriginalName.supported?
+
+class Method
+  if Sqreen::Backport::OriginalName::HAS_METHOD_ORIGINAL_NAME
+    prepend Sqreen::Backport::OriginalName
+  else
+    include Sqreen::Backport::OriginalName
+  end
+end unless Sqreen::Backport::OriginalName.supported?
+
+class Module
+  alias_method(:alias_method_without_original_name, :alias_method)
+
+  def alias_method_with_original_name(newname, oldname)
+    alias_method_without_original_name(newname, oldname).tap do
+      instance_method(newname).send(:original_name=, :"#{oldname}")
+    end
+  end
+
+  alias_method_with_original_name(:alias_method_without_original_name, :alias_method)
+  alias_method_with_original_name(:alias_method, :alias_method_with_original_name)
+end unless Sqreen::Backport::OriginalName.supported?

data/lib/sqreen/dependency/hook_point.rb

@@ -2,6 +2,7 @@
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 
 require 'sqreen/dependency'
+require 'sqreen/backport/original_name'
 
 module Sqreen
   module Dependency

data/lib/sqreen/rules_callbacks.rb

@@ -25,5 +25,7 @@ require 'sqreen/rules_callbacks/binding_accessor_metrics'
 require 'sqreen/rules_callbacks/binding_accessor_matcher'
 require 'sqreen/rules_callbacks/count_http_codes'
 require 'sqreen/rules_callbacks/crawler_user_agent_matches_metrics'
+require 'sqreen/rules_callbacks/sdk_auth_track'
+require 'sqreen/rules_callbacks/devise_auth_track'
 
 require 'sqreen/rules_callbacks/custom_error'

data/lib/sqreen/rules_callbacks/devise_auth_track.rb

@@ -0,0 +1,33 @@
+require 'sqreen/rule_attributes'
+require 'sqreen/rule_callback'
+require 'sqreen/safe_json'
+
+module Sqreen
+  module Rules
+    class DeviseAuthTrackCB < RuleCB
+      def initialize(*args)
+        super(*args)
+        @overtimeable = false
+      end
+
+      def post(_rv, instance, _args, _budget)
+        status = instance.instance_variable_get(:@result).to_s
+        data = instance.authentication_hash
+        keys = instance.send(:authentication_keys)
+        ip = framework.client_ip
+        category = status == 'failure' ? 'auto-login-fail' : 'auto-login-success'
+        data = data.select { |k, _| keys.include?(k) }
+
+        if data.empty?
+          Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
+          return
+        end
+
+        payload = { keys: data.to_a, ip: ip }
+
+        record_observation(category, JSON.dump(payload), 1)
+        advise_action(nil)
+      end
+    end
+  end
+end

data/lib/sqreen/rules_callbacks/devise_signup_track.rb

@@ -0,0 +1,32 @@
+require 'sqreen/rule_attributes'
+require 'sqreen/rule_callback'
+require 'sqreen/safe_json'
+
+module Sqreen
+  module Rules
+    class DeviseSignupTrackCB < RuleCB
+      def initialize(*args)
+        super(*args)
+        @overtimeable = false
+      end
+
+      def pre(_instance, args, _budget)
+        data = args[1].attributes
+        keys = args[1].class.authentication_keys
+        ip = framework.client_ip
+        category = 'auto-signup'
+        data = data.select { |k, _| keys.include?(k) }
+
+        if data.empty?
+          Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
+          return
+        end
+
+        payload = { keys: data.to_a, ip: ip }
+
+        record_observation(category, JSON.dump(payload), 1)
+        advise_action(nil)
+      end
+    end
+  end
+end

data/lib/sqreen/rules_callbacks/sdk_auth_track.rb

@@ -0,0 +1,30 @@
+require 'sqreen/rule_attributes'
+require 'sqreen/rule_callback'
+require 'sqreen/safe_json'
+
+module Sqreen
+  module Rules
+    class AuthTrackCB < RuleCB
+      def initialize(*args)
+        super(*args)
+        @overtimeable = false
+      end
+
+      def pre(_instance, args, _budget)
+        success, authentication_keys = args
+        ip = framework.client_ip
+        category = success ? 'sdk-login-success' : 'sdk-login-fail'
+
+        if authentication_keys.empty?
+          Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
+          return
+        end
+
+        payload = { keys: authentication_keys.to_a, ip: ip }
+
+        record_observation(category, JSON.dump(payload), 1)
+        advise_action(nil)
+      end
+    end
+  end
+end

data/lib/sqreen/rules_callbacks/sdk_signup_track.rb

@@ -0,0 +1,30 @@
+require 'sqreen/rule_attributes'
+require 'sqreen/rule_callback'
+require 'sqreen/safe_json'
+
+module Sqreen
+  module Rules
+    class SignupTrackCB < RuleCB
+      def initialize(*args)
+        super(*args)
+        @overtimeable = false
+      end
+
+      def pre(_instance, args, _budget)
+        authentication_keys = args.first
+        ip = framework.client_ip
+        category = 'sdk-signup'
+
+        if authentication_keys.empty?
+          Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
+          return
+        end
+
+        payload = { keys: authentication_keys.to_a, ip: ip }
+
+        record_observation(category, JSON.dump(payload), 1)
+        advise_action(nil)
+      end
+    end
+  end
+end

data/lib/sqreen/version.rb

@@ -1,5 +1,5 @@
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 module Sqreen
-  VERSION = '1.17.2.beta2'.freeze
+  VERSION = '1.17.2.beta3'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.17.2.beta2
+  version: 1.17.2.beta3
 platform: ruby
 authors:
 - Sqreen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-07-23 00:00:00.000000000 Z
+date: 2019-08-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sq_mini_racer
@@ -40,6 +40,8 @@ files:
 - lib/sqreen/actions.rb
 - lib/sqreen/agent.rb
 - lib/sqreen/attack_detected.html
+- lib/sqreen/backport.rb
+- lib/sqreen/backport/original_name.rb
 - lib/sqreen/binding_accessor.rb
 - lib/sqreen/ca.crt
 - lib/sqreen/call_countable.rb
@@ -107,6 +109,8 @@ files:
 - lib/sqreen/rules_callbacks/crawler_user_agent_matches.rb
 - lib/sqreen/rules_callbacks/crawler_user_agent_matches_metrics.rb
 - lib/sqreen/rules_callbacks/custom_error.rb
+- lib/sqreen/rules_callbacks/devise_auth_track.rb
+- lib/sqreen/rules_callbacks/devise_signup_track.rb
 - lib/sqreen/rules_callbacks/execjs.rb
 - lib/sqreen/rules_callbacks/headers_insert.rb
 - lib/sqreen/rules_callbacks/inspect_rule.rb
@@ -117,6 +121,8 @@ files:
 - lib/sqreen/rules_callbacks/regexp_rule.rb
 - lib/sqreen/rules_callbacks/run_req_start_actions.rb
 - lib/sqreen/rules_callbacks/run_user_actions.rb
+- lib/sqreen/rules_callbacks/sdk_auth_track.rb
+- lib/sqreen/rules_callbacks/sdk_signup_track.rb
 - lib/sqreen/rules_callbacks/shell_env.rb
 - lib/sqreen/rules_callbacks/url_matches.rb
 - lib/sqreen/rules_callbacks/user_agent_matches.rb
@@ -153,7 +159,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.2'
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">"