sqreen 1.18.2 → 1.18.3.beta1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/sqreen/dependency/detector.rb +1 -1
  4. data/lib/sqreen/dependency/sinatra.rb +43 -14
  5. data/lib/sqreen/frameworks/generic.rb +15 -1
  6. data/lib/sqreen/middleware.rb +10 -0
  7. data/lib/sqreen/rules_callbacks/update_request_context.rb +20 -0
  8. data/lib/sqreen/rules_callbacks.rb +1 -0
  9. data/lib/sqreen/version.rb +1 -1
  10. metadata +9 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0fe030250caca205c3fed7e6e7c46d9961dfac1f7399fe2cb27b1d21749c928f
4
- data.tar.gz: a14b036980cb650fce6728141b8f52848770381cd22ffd3a5f63a95401a8a4db
3
+ metadata.gz: 0cb385fddb3e1bb873a5def8b85d4e0865650ba97268d8cd3f67d84640439010
4
+ data.tar.gz: 65d395b3926571d088603a7e604a3c377a6e57c334ab4c106354812e65d8f84d
5
5
  SHA512:
6
- metadata.gz: 843bd65c121e4c5e39528d70bbdc2748641f853f66bef216c78036fce72dde1c5d8b4f9d893bbb6e62243aaf9818a043bad3d19d065bc66b241c938b4b5fb3f7
7
- data.tar.gz: 432295babcb8c44adc72d720b6262a08b9a5f29c71fe774d6c5c04b7bdd0542e1a7b0cc108b048acaf28b5b20e761c12f6a01fe91ca7b7bf206daa733c9ac671
6
+ metadata.gz: b0ae2a6ebe375573a26372a63fb383e7176bda425e52d977b9e42172c6e95b13143f3be83f069985bdcbea5816f61a53a4b6fabc98ed004ffb8142a17f10400c
7
+ data.tar.gz: 8d233a01e2ef20ed7b1f1fd6d1ddbb384b482ca62d01ebec4100a1138430064e04368d9e078313364e8c99885bb0b137e2cc19a52b5e91e1ab5f50dbeaf67967
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## 1.18.3.beta1
2
+
3
+ * Improve middleware hookpoints on Sinatra
4
+ * Support application/json payloads on Sinatra
5
+
1
6
  ## 1.18.2
2
7
 
3
8
  * Improve internal WAF error reporting
data/lib/sqreen/dependency/detector.rb CHANGED
@@ -38,7 +38,7 @@ module Sqreen
38
38
  end
39
39
  end if Sqreen::Dependency::Rails.required?
40
40
 
41
- Sqreen::Dependency::Hook.add('Sinatra::Base.setup_default_middleware') do
41
+ Sqreen::Dependency::Hook.add('Sinatra::Base.setup_middleware') do
42
42
  after do |_, _, _, args|
43
43
  Sqreen::Dependency::Sinatra.insert_sqreen_middlewares(args.first)
44
44
  end
data/lib/sqreen/dependency/sinatra.rb CHANGED
@@ -12,25 +12,54 @@ module Sqreen
12
12
 
13
13
  def insert_sqreen_middlewares(builder, *args, &block)
14
14
  Sqreen.log.debug { 'Inserting Sqreen middlewares for Sinatra' }
15
- middleware = Sqreen::ErrorHandlingMiddleware
16
- use = builder.instance_variable_get('@use')
17
15
 
18
- p = proc { |app| middleware.new(app, *args, &block) }
16
+ insert_middleware(builder, Sqreen::ErrorHandlingMiddleware, args, block) do |p, u|
17
+ if middlewares(builder).include?(::Sinatra::ShowExceptions)
18
+ Sqreen.log.warn('Sinatra :show_exceptions detected: Sinatra exception handling may prevent the Sqreen error page to display on attacks.')
19
+ end
19
20
 
20
- return if middlewares(builder).include?(middleware)
21
+ if (i = middlewares(builder).index(::Rack::Head))
22
+ u.insert(i, p)
23
+ elsif (i = middlewares(builder).index(::Rack::MethodOverride))
24
+ u.insert(i + 1, p)
25
+ elsif (i = middlewares(builder).index(::Sinatra::ExtendedRack))
26
+ u.insert(i + 1, p)
27
+ else
28
+ u.insert(0, p)
29
+ end
30
+ end
31
+
32
+ insert_middleware(builder, Sqreen::Middleware, args, block) do |p, u|
33
+ if (i = middlewares(builder).index(::Sinatra::ExtendedRack))
34
+ u.insert(i, p)
35
+ else
36
+ u.insert(0, p)
37
+ end
38
+ end
21
39
 
22
- if middlewares(builder).include?(::Sinatra::ShowExceptions)
23
- Sqreen.log.warn('Sinatra :show_exceptions detected: Sinatra exception handling may prevent the Sqreen error page to display on attacks.')
40
+ insert_middleware(builder, Sqreen::SinatraMiddleware, args, block) do |p, u|
41
+ if ::Sqreen::Dependency.const_exist?('Rack::PostBodyContentTypeParser') && (i = middlewares(builder).index(::Rack::PostBodyContentTypeParser))
42
+ u.insert(i + 1, p)
43
+ elsif (i = middlewares(builder).index(::Rack::Protection))
44
+ u.insert(i + 1, p)
45
+ else
46
+ u.append(p)
47
+ end
24
48
  end
49
+ end
50
+
51
+ def wrap_middleware(middleware, *args, &block)
52
+ proc { |app| middleware.new(app, *args, &block) }
53
+ end
54
+
55
+ def insert_middleware(builder, middleware, args, block)
56
+ use = builder.instance_variable_get('@use')
57
+ wrapped = wrap_middleware(middleware, *args, &block)
58
+
59
+ catch(:skip) do
60
+ throw(:skip) if middlewares(builder).include?(middleware)
25
61
 
26
- if (i = middlewares(builder).index(::Rack::Head))
27
- use.insert(i, p)
28
- elsif (i = middlewares(builder).index(::Rack::MethodOverride))
29
- use.insert(i + 1, p)
30
- elsif (i = middlewares(builder).index(::Sinatra::ExtendedRack))
31
- use.insert(i + 1, p)
32
- else
33
- use.insert(0, p)
62
+ yield(wrapped, use)
34
63
  end
35
64
  end
36
65
 
data/lib/sqreen/frameworks/generic.rb CHANGED
@@ -295,13 +295,14 @@ module Sqreen
295
295
  params
296
296
  end
297
297
 
298
- %w(form query cookies).each do |section|
298
+ %w(form query cookies rack).each do |section|
299
299
  define_method("#{section}_params") do
300
300
  self.class.send("#{section}_params", request)
301
301
  end
302
302
  end
303
303
 
304
304
  P_FORM = 'form'.freeze
305
+ P_RACK = 'rack'.freeze
305
306
  P_QUERY = 'query'.freeze
306
307
  P_COOKIE = 'cookies'.freeze
307
308
  P_GRAPE = 'grape_params'.freeze
@@ -317,6 +318,16 @@ module Sqreen
317
318
  end
318
319
  end
319
320
 
321
+ def self.rack_params(request)
322
+ return nil unless request
323
+ begin
324
+ request.params
325
+ rescue => e
326
+ Sqreen.log.debug("Rack Parameters are invalid #{e.inspect}")
327
+ nil
328
+ end
329
+ end
330
+
320
331
  def self.cookies_params(request)
321
332
  return nil unless request
322
333
  begin
@@ -345,6 +356,9 @@ module Sqreen
345
356
  P_QUERY => query_params(request),
346
357
  P_COOKIE => cookies_params(request),
347
358
  }
359
+ if (p = rack_params(request))
360
+ r[P_RACK] = p
361
+ end
348
362
  # Add grape parameters if seen
349
363
  p = request.env['grape.request.params']
350
364
  r[P_GRAPE] = p if p
data/lib/sqreen/middleware.rb CHANGED
@@ -45,4 +45,14 @@ module Sqreen
45
45
  @app.call(env)
46
46
  end
47
47
  end
48
+
49
+ class SinatraMiddleware
50
+ def initialize(app)
51
+ @app = app
52
+ end
53
+
54
+ def call(env)
55
+ @app.call(env)
56
+ end
57
+ end
48
58
  end
data/lib/sqreen/rules_callbacks/update_request_context.rb ADDED
@@ -0,0 +1,20 @@
1
+ # Copyright (c) 2015 Sqreen. All Rights Reserved.
2
+ # Please refer to our terms for more information: https://www.sqreen.com/terms.html
3
+
4
+ require 'sqreen/rule_callback'
5
+
6
+ module Sqreen
7
+ module Rules
8
+ class UpdateRequestContext < RuleCB
9
+ def initialize(*args)
10
+ super(*args)
11
+ @overtimeable = false
12
+ end
13
+
14
+ def pre(_inst, args, _budget = nil, &_block)
15
+ framework.store_request(args[0])
16
+ advise_action(nil)
17
+ end
18
+ end
19
+ end
20
+ end
data/lib/sqreen/rules_callbacks.rb CHANGED
@@ -5,6 +5,7 @@ require 'sqreen/rules_callbacks/regexp_rule'
5
5
  require 'sqreen/rules_callbacks/matcher_rule'
6
6
 
7
7
  require 'sqreen/rules_callbacks/record_request_context'
8
+ require 'sqreen/rules_callbacks/update_request_context'
8
9
  require 'sqreen/rules_callbacks/rails_parameters'
9
10
 
10
11
  require 'sqreen/rules_callbacks/headers_insert'
data/lib/sqreen/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # Please refer to our terms for more information: https://www.sqreen.com/terms.html
3
3
 
4
4
  module Sqreen
5
- VERSION = '1.18.2'.freeze
5
+ VERSION = '1.18.3.beta1'.freeze
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.18.2
4
+ version: 1.18.3.beta1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-12 00:00:00.000000000 Z
11
+ date: 2019-11-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sq_mini_racer
@@ -140,6 +140,7 @@ files:
140
140
  - lib/sqreen/rules_callbacks/sdk_auth_track.rb
141
141
  - lib/sqreen/rules_callbacks/sdk_signup_track.rb
142
142
  - lib/sqreen/rules_callbacks/shell_env.rb
143
+ - lib/sqreen/rules_callbacks/update_request_context.rb
143
144
  - lib/sqreen/rules_callbacks/url_matches.rb
144
145
  - lib/sqreen/rules_callbacks/user_agent_matches.rb
145
146
  - lib/sqreen/rules_callbacks/waf.rb
@@ -167,7 +168,9 @@ homepage: https://www.sqreen.com/
167
168
  licenses:
168
169
  - Sqreen
169
170
  metadata: {}
170
- post_install_message:
171
+ post_install_message: |2
172
+ This is a Sqreen beta release and may not work in all situations.
173
+ Make sure to review CHANGELOG.md for important details.
171
174
  rdoc_options: []
172
175
  require_paths:
173
176
  - lib
@@ -178,12 +181,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
178
181
  version: 1.9.3
179
182
  required_rubygems_version: !ruby/object:Gem::Requirement
180
183
  requirements:
181
- - - ">="
184
+ - - ">"
182
185
  - !ruby/object:Gem::Version
183
- version: '0'
186
+ version: 1.3.1
184
187
  requirements: []
185
- rubyforge_project:
186
- rubygems_version: 2.7.7
188
+ rubygems_version: 3.0.3
187
189
  signing_key:
188
190
  specification_version: 4
189
191
  summary: Sqreen Ruby agent