RubyGems - sqreen - Versions diffs - 1.19.1 → 1.19.2 - Mend

sqreen 1.19.1 → 1.19.2

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/lib/sqreen/rules/not_found_cb.rb +2 -0
data/lib/sqreen/version.rb +1 -1
data/lib/sqreen/weave/legacy/instrumentation.rb +4 -4
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 13c863dd8c0e49e9164815c3ecd89d59a9d108cf5aa4490dcb7e7e863510101b
-  data.tar.gz: 4f64b7137761f06e1d5a31c0d28beac05b8812c21f35be867437e8483ffaa693
+  metadata.gz: 315d183f0c86adad0c106a7f3a9b31ae5049c387233b78e1df3d3ec5e93db21d
+  data.tar.gz: 75b7d65ba2dd9ac049f7a81f6d60c5c96b67d2a7fb453f8e3a181b07035542ab
 SHA512:
-  metadata.gz: 79705ca9287463239a563875803d6317afba6a5fa70e90f5762a41112f474967a8d50ca03f34f9b48d190e3a8bc3d2e8b87c081974378238b39207258d7f0028
-  data.tar.gz: a8bea1ecce97617bd4d54c49a493b9268a0971099abadd70220d235914803aab9b2d6a8ede28493eae4578f13d2777b41d31e770c98c27dc1c4f3eaed6f30286
+  metadata.gz: e2358bca4465a486e04b5454f44a03244e980f1b59e5118bc8aaa6ddb57030cdcf73507949a796cdbbd9d8bc91ca1cf6028e9a12a7a61faceb1250ffca062a73
+  data.tar.gz: d126dbefe095bd988e378dbacdee915e0e0de6c5cce4c0865b988816df20f71b2552b52087779792537071ff7c2757f868899c2aa93671813caf02e7795ed7cc

data/CHANGELOG.md CHANGED

@@ -1,3 +1,8 @@
+## 1.19.2
+* Handle unexpected rule callback return values more gracefully
+* Fix incorrect return value for 404 native callback
 ## 1.19.1
 * Fix LocalJumpError when reaching a Rack app nested in a Rails app

data/lib/sqreen/rules/not_found_cb.rb CHANGED

@@ -24,6 +24,8 @@ module Sqreen
         exception   = env['action_dispatch.exception']
         record_from_env(ua, script_name, path_info, verb, override, host, exception)
+        nil
       end
       def record_from_env(ua, script_name, path_info, verb, override, host, exception)

data/lib/sqreen/version.rb CHANGED

@@ -4,5 +4,5 @@
 # Please refer to our terms for more information: https://www.sqreen.com/terms.html
 module Sqreen
-  VERSION = '1.19.1'.freeze
+  VERSION = '1.19.2'.freeze
 end

data/lib/sqreen/weave/legacy/instrumentation.rb CHANGED

@@ -296,7 +296,7 @@ class Sqreen::Weave::Legacy::Instrumentation
           when :raise, 'raise'
             throw(b, b.raise(ret[:exception])) if ret.key?(:exception)
             throw(b, b.raise(Sqreen::AttackBlocked.new("Sqreen blocked a security threat (type: #{callback.rule_name}). No action is required.")))
-          end unless ret.nil?
+          end unless ret.nil? || !ret.is_a?(Hash)
         end
       end
@@ -328,7 +328,7 @@ class Sqreen::Weave::Legacy::Instrumentation
           when :raise, 'raise'
             throw(b, b.raise(ret[:exception])) if ret.key?(:exception)
             throw(b, b.raise(Sqreen::AttackBlocked.new("Sqreen blocked a security threat (type: #{callback.rule_name}). No action is required.")))
-          end unless ret.nil?
+          end unless ret.nil? || !ret.is_a?(Hash)
         end
       end
@@ -354,7 +354,7 @@ class Sqreen::Weave::Legacy::Instrumentation
           end
           Sqreen::Weave.logger.debug { "#{rule} klass=#{callback.klass} method=#{callback.method} when=#failing instance=#{i} => return=#{ret.inspect}" }
-          raise e if ret.nil?
+          throw(b, b.raise(e)) if ret.nil? || !ret.is_a?(Hash)
           case ret[:status]
           when :override, 'override'
@@ -368,7 +368,7 @@ class Sqreen::Weave::Legacy::Instrumentation
             throw(b, b.raise(e))
           else
             throw(b, b.raise(e))
-          end unless ret.nil?
+          end unless ret.nil? || !ret.is_a?(Hash)
         end
       end
     end.install

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.19.1
+  version: 1.19.2
 platform: ruby
 authors:
 - Sqreen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-06-01 00:00:00.000000000 Z
+date: 2020-06-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sq_mini_racer