sqreen 1.17.2.beta2-java → 1.17.2.beta3-java

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 01c3c821c21de60612d7bea58944b0d350e97c31bc2506200c712f366b866285
4
- data.tar.gz: be7c642d80bb226edb19e54d478ee3835eb1c1e61dd704b966d42bc7b12ae831
3
+ metadata.gz: 91a18a8bc48b07279910e5ad56ac12876450b700c4d051aa5f14e9d3e8a23c17
4
+ data.tar.gz: 80a83f307076cb929eb555788bb6427933b57ccca697e911e5f7f62a22bdd2cf
5
5
  SHA512:
6
- metadata.gz: 3c5f2ea96cf758cd23628213ffae12c0183eba93106e59f0fbc40ee2237c2801ee635db7bf8448459644d7a70a1e6d7f7bcebdf7401583c7b7b8e534e62f6a29
7
- data.tar.gz: 74c1989008d6b3053e15168c36e468e64af87ef088d91680538a47af3782ccf7925eb2da8d4aec96c4aaf72f2eadc21da26e4227993520d132f34c254d4b3be7
6
+ metadata.gz: 802cbeb428254e321641df1bb53474b0f7f77f0868a42a588ce275fc1d3b03f8404f080b7ff24a28d38f6594f6a3fbc4b36854c2f64ad6dbc49ef45b8eef814c
7
+ data.tar.gz: 39dbd0f66e2f642ebd80af3d2bd38b9df070fb0c34b35084128bb94d1977be74669331b5c12aa50fcfc8305b2ff8cf3e39a3043cee4c1fbc2fd53bf483d41fe8
data/CHANGELOG.md CHANGED
@@ -1,3 +1,9 @@
1
+ ## 1.17.2.beta3
2
+
3
+ * Improve performance of user tracking
4
+ * Improve reliability of user tracking against performance budget
5
+ * Restore compatibility with Ruby 1.9.3, 2.0, and 2.1 and JRuby 9.2
6
+
1
7
  ## 1.17.2.beta2
2
8
 
3
9
  * Important note: this beta release supports Ruby 2.2 or above only
@@ -0,0 +1,4 @@
1
+ module Sqreen
2
+ module Backport
3
+ end
4
+ end
@@ -0,0 +1,83 @@
1
+ module Sqreen
2
+ module Backport
3
+ module OriginalName
4
+ HAS_UNBOUND_METHOD_ORIGINAL_NAME = ::UnboundMethod.instance_methods(false).include?(:original_name)
5
+ HAS_METHOD_ORIGINAL_NAME = ::Method.instance_methods(false).include?(:original_name)
6
+
7
+ def original_name
8
+ self.class.get_original_name(owner, original_name_key) || self.original_name = name
9
+ end
10
+
11
+ private
12
+
13
+ def original_name=(name)
14
+ self.class.set_original_name(owner, original_name_key, name)
15
+ end
16
+
17
+ def original_name_key
18
+ return hash if is_a?(::UnboundMethod)
19
+
20
+ owner.instance_method(name).hash
21
+ end
22
+
23
+ class << self
24
+ def supported?
25
+ !::Kernel.const_defined?(:JRUBY_VERSION) && HAS_UNBOUND_METHOD_ORIGINAL_NAME && HAS_METHOD_ORIGINAL_NAME
26
+ end
27
+
28
+ def included(klass)
29
+ klass.extend(ClassMethods)
30
+ end
31
+
32
+ def prepended(klass)
33
+ klass.extend(ClassMethods)
34
+ end
35
+ end
36
+
37
+ class Store < ::Hash; end
38
+
39
+ module ClassMethods
40
+ def original_names(owner)
41
+ owner.instance_eval { @__sqreen_backport_original_names ||= Store.new }
42
+ end
43
+
44
+ def get_original_name(owner, key)
45
+ original_names(owner)[key]
46
+ end
47
+
48
+ def set_original_name(owner, key, name)
49
+ original_names(owner)[key] ||= name
50
+ end
51
+ end
52
+ end
53
+ end
54
+ end
55
+
56
+ class UnboundMethod
57
+ if Sqreen::Backport::OriginalName::HAS_UNBOUND_METHOD_ORIGINAL_NAME
58
+ prepend Sqreen::Backport::OriginalName
59
+ else
60
+ include Sqreen::Backport::OriginalName
61
+ end
62
+ end unless Sqreen::Backport::OriginalName.supported?
63
+
64
+ class Method
65
+ if Sqreen::Backport::OriginalName::HAS_METHOD_ORIGINAL_NAME
66
+ prepend Sqreen::Backport::OriginalName
67
+ else
68
+ include Sqreen::Backport::OriginalName
69
+ end
70
+ end unless Sqreen::Backport::OriginalName.supported?
71
+
72
+ class Module
73
+ alias_method(:alias_method_without_original_name, :alias_method)
74
+
75
+ def alias_method_with_original_name(newname, oldname)
76
+ alias_method_without_original_name(newname, oldname).tap do
77
+ instance_method(newname).send(:original_name=, :"#{oldname}")
78
+ end
79
+ end
80
+
81
+ alias_method_with_original_name(:alias_method_without_original_name, :alias_method)
82
+ alias_method_with_original_name(:alias_method, :alias_method_with_original_name)
83
+ end unless Sqreen::Backport::OriginalName.supported?
@@ -2,6 +2,7 @@
2
2
  # Please refer to our terms for more information: https://www.sqreen.io/terms.html
3
3
 
4
4
  require 'sqreen/dependency'
5
+ require 'sqreen/backport/original_name'
5
6
 
6
7
  module Sqreen
7
8
  module Dependency
@@ -25,5 +25,7 @@ require 'sqreen/rules_callbacks/binding_accessor_metrics'
25
25
  require 'sqreen/rules_callbacks/binding_accessor_matcher'
26
26
  require 'sqreen/rules_callbacks/count_http_codes'
27
27
  require 'sqreen/rules_callbacks/crawler_user_agent_matches_metrics'
28
+ require 'sqreen/rules_callbacks/sdk_auth_track'
29
+ require 'sqreen/rules_callbacks/devise_auth_track'
28
30
 
29
31
  require 'sqreen/rules_callbacks/custom_error'
@@ -0,0 +1,33 @@
1
+ require 'sqreen/rule_attributes'
2
+ require 'sqreen/rule_callback'
3
+ require 'sqreen/safe_json'
4
+
5
+ module Sqreen
6
+ module Rules
7
+ class DeviseAuthTrackCB < RuleCB
8
+ def initialize(*args)
9
+ super(*args)
10
+ @overtimeable = false
11
+ end
12
+
13
+ def post(_rv, instance, _args, _budget)
14
+ status = instance.instance_variable_get(:@result).to_s
15
+ data = instance.authentication_hash
16
+ keys = instance.send(:authentication_keys)
17
+ ip = framework.client_ip
18
+ category = status == 'failure' ? 'auto-login-fail' : 'auto-login-success'
19
+ data = data.select { |k, _| keys.include?(k) }
20
+
21
+ if data.empty?
22
+ Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
23
+ return
24
+ end
25
+
26
+ payload = { keys: data.to_a, ip: ip }
27
+
28
+ record_observation(category, JSON.dump(payload), 1)
29
+ advise_action(nil)
30
+ end
31
+ end
32
+ end
33
+ end
@@ -0,0 +1,32 @@
1
+ require 'sqreen/rule_attributes'
2
+ require 'sqreen/rule_callback'
3
+ require 'sqreen/safe_json'
4
+
5
+ module Sqreen
6
+ module Rules
7
+ class DeviseSignupTrackCB < RuleCB
8
+ def initialize(*args)
9
+ super(*args)
10
+ @overtimeable = false
11
+ end
12
+
13
+ def pre(_instance, args, _budget)
14
+ data = args[1].attributes
15
+ keys = args[1].class.authentication_keys
16
+ ip = framework.client_ip
17
+ category = 'auto-signup'
18
+ data = data.select { |k, _| keys.include?(k) }
19
+
20
+ if data.empty?
21
+ Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
22
+ return
23
+ end
24
+
25
+ payload = { keys: data.to_a, ip: ip }
26
+
27
+ record_observation(category, JSON.dump(payload), 1)
28
+ advise_action(nil)
29
+ end
30
+ end
31
+ end
32
+ end
@@ -0,0 +1,30 @@
1
+ require 'sqreen/rule_attributes'
2
+ require 'sqreen/rule_callback'
3
+ require 'sqreen/safe_json'
4
+
5
+ module Sqreen
6
+ module Rules
7
+ class AuthTrackCB < RuleCB
8
+ def initialize(*args)
9
+ super(*args)
10
+ @overtimeable = false
11
+ end
12
+
13
+ def pre(_instance, args, _budget)
14
+ success, authentication_keys = args
15
+ ip = framework.client_ip
16
+ category = success ? 'sdk-login-success' : 'sdk-login-fail'
17
+
18
+ if authentication_keys.empty?
19
+ Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
20
+ return
21
+ end
22
+
23
+ payload = { keys: authentication_keys.to_a, ip: ip }
24
+
25
+ record_observation(category, JSON.dump(payload), 1)
26
+ advise_action(nil)
27
+ end
28
+ end
29
+ end
30
+ end
@@ -0,0 +1,30 @@
1
+ require 'sqreen/rule_attributes'
2
+ require 'sqreen/rule_callback'
3
+ require 'sqreen/safe_json'
4
+
5
+ module Sqreen
6
+ module Rules
7
+ class SignupTrackCB < RuleCB
8
+ def initialize(*args)
9
+ super(*args)
10
+ @overtimeable = false
11
+ end
12
+
13
+ def pre(_instance, args, _budget)
14
+ authentication_keys = args.first
15
+ ip = framework.client_ip
16
+ category = 'sdk-signup'
17
+
18
+ if authentication_keys.empty?
19
+ Sqreen.log.debug { "#{category} from #{ip} but keys empty" }
20
+ return
21
+ end
22
+
23
+ payload = { keys: authentication_keys.to_a, ip: ip }
24
+
25
+ record_observation(category, JSON.dump(payload), 1)
26
+ advise_action(nil)
27
+ end
28
+ end
29
+ end
30
+ end
@@ -1,5 +1,5 @@
1
1
  # Copyright (c) 2015 Sqreen. All Rights Reserved.
2
2
  # Please refer to our terms for more information: https://www.sqreen.io/terms.html
3
3
  module Sqreen
4
- VERSION = '1.17.2.beta2'.freeze
4
+ VERSION = '1.17.2.beta3'.freeze
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.17.2.beta2
4
+ version: 1.17.2.beta3
5
5
  platform: java
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-07-23 00:00:00.000000000 Z
11
+ date: 2019-08-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -54,6 +54,8 @@ files:
54
54
  - lib/sqreen/actions.rb
55
55
  - lib/sqreen/agent.rb
56
56
  - lib/sqreen/attack_detected.html
57
+ - lib/sqreen/backport.rb
58
+ - lib/sqreen/backport/original_name.rb
57
59
  - lib/sqreen/binding_accessor.rb
58
60
  - lib/sqreen/ca.crt
59
61
  - lib/sqreen/call_countable.rb
@@ -121,6 +123,8 @@ files:
121
123
  - lib/sqreen/rules_callbacks/crawler_user_agent_matches.rb
122
124
  - lib/sqreen/rules_callbacks/crawler_user_agent_matches_metrics.rb
123
125
  - lib/sqreen/rules_callbacks/custom_error.rb
126
+ - lib/sqreen/rules_callbacks/devise_auth_track.rb
127
+ - lib/sqreen/rules_callbacks/devise_signup_track.rb
124
128
  - lib/sqreen/rules_callbacks/execjs.rb
125
129
  - lib/sqreen/rules_callbacks/headers_insert.rb
126
130
  - lib/sqreen/rules_callbacks/inspect_rule.rb
@@ -131,6 +135,8 @@ files:
131
135
  - lib/sqreen/rules_callbacks/regexp_rule.rb
132
136
  - lib/sqreen/rules_callbacks/run_req_start_actions.rb
133
137
  - lib/sqreen/rules_callbacks/run_user_actions.rb
138
+ - lib/sqreen/rules_callbacks/sdk_auth_track.rb
139
+ - lib/sqreen/rules_callbacks/sdk_signup_track.rb
134
140
  - lib/sqreen/rules_callbacks/shell_env.rb
135
141
  - lib/sqreen/rules_callbacks/url_matches.rb
136
142
  - lib/sqreen/rules_callbacks/user_agent_matches.rb
@@ -167,7 +173,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
167
173
  requirements:
168
174
  - - ">="
169
175
  - !ruby/object:Gem::Version
170
- version: '2.2'
176
+ version: 1.9.3
171
177
  required_rubygems_version: !ruby/object:Gem::Requirement
172
178
  requirements:
173
179
  - - ">"