sqreen 1.18.2 → 1.18.3.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/lib/sqreen/dependency/detector.rb +1 -1
  4. data/lib/sqreen/dependency/sinatra.rb +43 -14
  5. data/lib/sqreen/frameworks/generic.rb +15 -1
  6. data/lib/sqreen/middleware.rb +10 -0
  7. data/lib/sqreen/rules_callbacks/update_request_context.rb +20 -0
  8. data/lib/sqreen/rules_callbacks.rb +1 -0
  9. data/lib/sqreen/version.rb +1 -1
  10. metadata +9 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0fe030250caca205c3fed7e6e7c46d9961dfac1f7399fe2cb27b1d21749c928f
4
- data.tar.gz: a14b036980cb650fce6728141b8f52848770381cd22ffd3a5f63a95401a8a4db
3
+ metadata.gz: 0cb385fddb3e1bb873a5def8b85d4e0865650ba97268d8cd3f67d84640439010
4
+ data.tar.gz: 65d395b3926571d088603a7e604a3c377a6e57c334ab4c106354812e65d8f84d
5
5
  SHA512:
6
- metadata.gz: 843bd65c121e4c5e39528d70bbdc2748641f853f66bef216c78036fce72dde1c5d8b4f9d893bbb6e62243aaf9818a043bad3d19d065bc66b241c938b4b5fb3f7
7
- data.tar.gz: 432295babcb8c44adc72d720b6262a08b9a5f29c71fe774d6c5c04b7bdd0542e1a7b0cc108b048acaf28b5b20e761c12f6a01fe91ca7b7bf206daa733c9ac671
6
+ metadata.gz: b0ae2a6ebe375573a26372a63fb383e7176bda425e52d977b9e42172c6e95b13143f3be83f069985bdcbea5816f61a53a4b6fabc98ed004ffb8142a17f10400c
7
+ data.tar.gz: 8d233a01e2ef20ed7b1f1fd6d1ddbb384b482ca62d01ebec4100a1138430064e04368d9e078313364e8c99885bb0b137e2cc19a52b5e91e1ab5f50dbeaf67967
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## 1.18.3.beta1
2
+
3
+ * Improve middleware hookpoints on Sinatra
4
+ * Support application/json payloads on Sinatra
5
+
1
6
  ## 1.18.2
2
7
 
3
8
  * Improve internal WAF error reporting
data/lib/sqreen/dependency/detector.rb CHANGED
@@ -38,7 +38,7 @@ module Sqreen
38
38
  end
39
39
  end if Sqreen::Dependency::Rails.required?
40
40
 
41
- Sqreen::Dependency::Hook.add('Sinatra::Base.setup_default_middleware') do
41
+ Sqreen::Dependency::Hook.add('Sinatra::Base.setup_middleware') do
42
42
  after do |_, _, _, args|
43
43
  Sqreen::Dependency::Sinatra.insert_sqreen_middlewares(args.first)
44
44
  end
data/lib/sqreen/dependency/sinatra.rb CHANGED
@@ -12,25 +12,54 @@ module Sqreen
12
12
 
13
13
  def insert_sqreen_middlewares(builder, *args, &block)
14
14
  Sqreen.log.debug { 'Inserting Sqreen middlewares for Sinatra' }
15
- middleware = Sqreen::ErrorHandlingMiddleware
16
- use = builder.instance_variable_get('@use')
17
15
 
18
- p = proc { |app| middleware.new(app, *args, &block) }
16
+ insert_middleware(builder, Sqreen::ErrorHandlingMiddleware, args, block) do |p, u|
17
+ if middlewares(builder).include?(::Sinatra::ShowExceptions)
18
+ Sqreen.log.warn('Sinatra :show_exceptions detected: Sinatra exception handling may prevent the Sqreen error page to display on attacks.')
19
+ end
19
20
 
20
- return if middlewares(builder).include?(middleware)
21
+ if (i = middlewares(builder).index(::Rack::Head))
22
+ u.insert(i, p)
23
+ elsif (i = middlewares(builder).index(::Rack::MethodOverride))
24
+ u.insert(i + 1, p)
25
+ elsif (i = middlewares(builder).index(::Sinatra::ExtendedRack))
26
+ u.insert(i + 1, p)
27
+ else
28
+ u.insert(0, p)
29
+ end
30
+ end
31
+
32
+ insert_middleware(builder, Sqreen::Middleware, args, block) do |p, u|
33
+ if (i = middlewares(builder).index(::Sinatra::ExtendedRack))
34
+ u.insert(i, p)
35
+ else
36
+ u.insert(0, p)
37
+ end
38
+ end
21
39
 
22
- if middlewares(builder).include?(::Sinatra::ShowExceptions)
23
- Sqreen.log.warn('Sinatra :show_exceptions detected: Sinatra exception handling may prevent the Sqreen error page to display on attacks.')
40
+ insert_middleware(builder, Sqreen::SinatraMiddleware, args, block) do |p, u|
41
+ if ::Sqreen::Dependency.const_exist?('Rack::PostBodyContentTypeParser') && (i = middlewares(builder).index(::Rack::PostBodyContentTypeParser))
42
+ u.insert(i + 1, p)
43
+ elsif (i = middlewares(builder).index(::Rack::Protection))
44
+ u.insert(i + 1, p)
45
+ else
46
+ u.append(p)
47
+ end
24
48
  end
49
+ end
50
+
51
+ def wrap_middleware(middleware, *args, &block)
52
+ proc { |app| middleware.new(app, *args, &block) }
53
+ end
54
+
55
+ def insert_middleware(builder, middleware, args, block)
56
+ use = builder.instance_variable_get('@use')
57
+ wrapped = wrap_middleware(middleware, *args, &block)
58
+
59
+ catch(:skip) do
60
+ throw(:skip) if middlewares(builder).include?(middleware)
25
61
 
26
- if (i = middlewares(builder).index(::Rack::Head))
27
- use.insert(i, p)
28
- elsif (i = middlewares(builder).index(::Rack::MethodOverride))
29
- use.insert(i + 1, p)
30
- elsif (i = middlewares(builder).index(::Sinatra::ExtendedRack))
31
- use.insert(i + 1, p)
32
- else
33
- use.insert(0, p)
62
+ yield(wrapped, use)
34
63
  end
35
64
  end
36
65
 
data/lib/sqreen/frameworks/generic.rb CHANGED
@@ -295,13 +295,14 @@ module Sqreen
295
295
  params
296
296
  end
297
297
 
298
- %w(form query cookies).each do |section|
298
+ %w(form query cookies rack).each do |section|
299
299
  define_method("#{section}_params") do
300
300
  self.class.send("#{section}_params", request)
301
301
  end
302
302
  end
303
303
 
304
304
  P_FORM = 'form'.freeze
305
+ P_RACK = 'rack'.freeze
305
306
  P_QUERY = 'query'.freeze
306
307
  P_COOKIE = 'cookies'.freeze
307
308
  P_GRAPE = 'grape_params'.freeze
@@ -317,6 +318,16 @@ module Sqreen
317
318
  end
318
319
  end
319
320
 
321
+ def self.rack_params(request)
322
+ return nil unless request
323
+ begin
324
+ request.params
325
+ rescue => e
326
+ Sqreen.log.debug("Rack Parameters are invalid #{e.inspect}")
327
+ nil
328
+ end
329
+ end
330
+
320
331
  def self.cookies_params(request)
321
332
  return nil unless request
322
333
  begin
@@ -345,6 +356,9 @@ module Sqreen
345
356
  P_QUERY => query_params(request),
346
357
  P_COOKIE => cookies_params(request),
347
358
  }
359
+ if (p = rack_params(request))
360
+ r[P_RACK] = p
361
+ end
348
362
  # Add grape parameters if seen
349
363
  p = request.env['grape.request.params']
350
364
  r[P_GRAPE] = p if p
data/lib/sqreen/middleware.rb CHANGED
@@ -45,4 +45,14 @@ module Sqreen
45
45
  @app.call(env)
46
46
  end
47
47
  end
48
+
49
+ class SinatraMiddleware
50
+ def initialize(app)
51
+ @app = app
52
+ end
53
+
54
+ def call(env)
55
+ @app.call(env)
56
+ end
57
+ end
48
58
  end
data/lib/sqreen/rules_callbacks/update_request_context.rb ADDED
@@ -0,0 +1,20 @@
1
+ # Copyright (c) 2015 Sqreen. All Rights Reserved.
2
+ # Please refer to our terms for more information: https://www.sqreen.com/terms.html
3
+
4
+ require 'sqreen/rule_callback'
5
+
6
+ module Sqreen
7
+ module Rules
8
+ class UpdateRequestContext < RuleCB
9
+ def initialize(*args)
10
+ super(*args)
11
+ @overtimeable = false
12
+ end
13
+
14
+ def pre(_inst, args, _budget = nil, &_block)
15
+ framework.store_request(args[0])
16
+ advise_action(nil)
17
+ end
18
+ end
19
+ end
20
+ end
data/lib/sqreen/rules_callbacks.rb CHANGED
@@ -5,6 +5,7 @@ require 'sqreen/rules_callbacks/regexp_rule'
5
5
  require 'sqreen/rules_callbacks/matcher_rule'
6
6
 
7
7
  require 'sqreen/rules_callbacks/record_request_context'
8
+ require 'sqreen/rules_callbacks/update_request_context'
8
9
  require 'sqreen/rules_callbacks/rails_parameters'
9
10
 
10
11
  require 'sqreen/rules_callbacks/headers_insert'
data/lib/sqreen/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # Please refer to our terms for more information: https://www.sqreen.com/terms.html
3
3
 
4
4
  module Sqreen
5
- VERSION = '1.18.2'.freeze
5
+ VERSION = '1.18.3.beta1'.freeze
6
6
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.18.2
4
+ version: 1.18.3.beta1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-11-12 00:00:00.000000000 Z
11
+ date: 2019-11-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: sq_mini_racer
@@ -140,6 +140,7 @@ files:
140
140
  - lib/sqreen/rules_callbacks/sdk_auth_track.rb
141
141
  - lib/sqreen/rules_callbacks/sdk_signup_track.rb
142
142
  - lib/sqreen/rules_callbacks/shell_env.rb
143
+ - lib/sqreen/rules_callbacks/update_request_context.rb
143
144
  - lib/sqreen/rules_callbacks/url_matches.rb
144
145
  - lib/sqreen/rules_callbacks/user_agent_matches.rb
145
146
  - lib/sqreen/rules_callbacks/waf.rb
@@ -167,7 +168,9 @@ homepage: https://www.sqreen.com/
167
168
  licenses:
168
169
  - Sqreen
169
170
  metadata: {}
170
- post_install_message:
171
+ post_install_message: |2
172
+ This is a Sqreen beta release and may not work in all situations.
173
+ Make sure to review CHANGELOG.md for important details.
171
174
  rdoc_options: []
172
175
  require_paths:
173
176
  - lib
@@ -178,12 +181,11 @@ required_ruby_version: !ruby/object:Gem::Requirement
178
181
  version: 1.9.3
179
182
  required_rubygems_version: !ruby/object:Gem::Requirement
180
183
  requirements:
181
- - - ">="
184
+ - - ">"
182
185
  - !ruby/object:Gem::Version
183
- version: '0'
186
+ version: 1.3.1
184
187
  requirements: []
185
- rubyforge_project:
186
- rubygems_version: 2.7.7
188
+ rubygems_version: 3.0.3
187
189
  signing_key:
188
190
  specification_version: 4
189
191
  summary: Sqreen Ruby agent