sqreen 1.21.1-java → 1.22.0-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +7 -0
  3. data/lib/sqreen/frameworks/generic.rb +12 -0
  4. data/lib/sqreen/version.rb +1 -1
  5. data/lib/sqreen/weave/legacy/instrumentation.rb +63 -11
  6. metadata +7 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 7da0143942d8b7ab1904204694ff425b28063c4a
4
- data.tar.gz: 9c18ce7181ba9e6d059f7265108fa1abbc8d9c99
2
+ SHA256:
3
+ metadata.gz: bcd3c75be7987ecc85661f689c667541848198edeab5261e255bc02d2423c4b4
4
+ data.tar.gz: '05923eb03e291f3e81701829b74ce77f3eea258c6b6dedf9c6c702a8112bdcab'
5
5
  SHA512:
6
- metadata.gz: 54eba17e83cb41dd546c16caa7543da24b72b7c2768e782a667278a0ce7d07c18cbd6477fa72f71530e0fe34cf64e1a691ed179a6c07c9d883030560791f7659
7
- data.tar.gz: 3e716230761babffbe1abe97d18062887ea371800d98c5a6a85a92970c61b59cf7d2ca2d99f3947be54b1e6ef99ed19e557b8c39a662bdaeefaebec8e148f937
6
+ metadata.gz: 67047add0d2b639f78d4af087a628fd4d922f7e3b3dacac29654787a40e5122bdcc0269535187f80cb10afb122c098db8eed288faa24f2a615e743f1b0174bb4
7
+ data.tar.gz: '088347e94c0e70376871a1fa8fc3c01b0e7324f750418b361055b3db3c78fd2ab2a11100ff9bcc4a404c8f19216cb13e9ef41bbd26ad41d6221bc87391870105'
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ## 1.22.0
2
+
3
+ * Update WAF via libsqreen
4
+ * Add support for raw body
5
+ * Improve signature check
6
+ * Improve APM detection
7
+
1
8
  ## 1.21.1
2
9
 
3
10
  * Work around NewRelic initialisation (see https://github.com/newrelic/newrelic-ruby-agent/issues/461)
data/lib/sqreen/frameworks/generic.rb CHANGED
@@ -400,6 +400,18 @@ module Sqreen
400
400
  r
401
401
  end
402
402
 
403
+ def body
404
+ return nil unless request.respond_to?(:body)
405
+ return nil unless request.body.respond_to?(:read)
406
+ return nil unless request.body.respond_to?(:rewind)
407
+
408
+ body_io = request.body
409
+ body = body_io.read(4096)
410
+ body_io.rewind
411
+
412
+ body
413
+ end
414
+
403
415
  # Expose current working directory
404
416
  def cwd
405
417
  Dir.getwd
data/lib/sqreen/version.rb CHANGED
@@ -4,5 +4,5 @@
4
4
  # Please refer to our terms for more information: https://www.sqreen.com/terms.html
5
5
 
6
6
  module Sqreen
7
- VERSION = '1.21.1'.freeze
7
+ VERSION = '1.22.0'.freeze
8
8
  end
data/lib/sqreen/weave/legacy/instrumentation.rb CHANGED
@@ -96,25 +96,77 @@ class Sqreen::Weave::Legacy::Instrumentation
96
96
  def instrument!(rules, framework)
97
97
  Sqreen::Weave.logger.debug { "#{rules.count} rules, #{framework}" }
98
98
 
99
+ # TODO: make config able to see if value was user-set or default
99
100
  strategy = Sqreen.config_get(:weave_strategy)
101
+ # TODO: factor generic hint system out
102
+ # TODO: factor those hint definitions to dependency
103
+ strategy_hints = []
100
104
  if strategy == :prepend && !Module.respond_to?(:prepend)
101
- Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} unavailable, falling back to :chain" }
102
- strategy = :chain
103
- elsif strategy == :chain && Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('>= 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
104
- Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} unavailable with scout_apm >= 2.5.2, switching to :prepend" }
105
- strategy = :prepend
105
+ Sqreen::Weave.logger.debug { "strategy: #{strategy.inspect} unavailable, falling back to :chain" }
106
+ strategy_hints << [:chain, 'Module.respond_to?(:prepend)', 'false']
107
+ end
108
+ if Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('< 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
109
+ Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with scout_apm < 2.5.2, switching to :chain" }
110
+ strategy_hints << [:chain, 'scout_apm', '< 2.5.2']
111
+ end
112
+ if Gem::Specification.select { |s| s.name == 'scout_apm' && Gem::Requirement.new('>= 2.5.2').satisfied_by?(Gem::Version.new(s.version)) }.any?
113
+ Sqreen::Weave.logger.debug { "strategy: :chain unavailable with scout_apm >= 2.5.2, switching to :prepend" }
114
+ strategy_hints << [:prepend, 'scout_apm', '>= 2.5.2']
115
+ end
116
+ if Gem::Specification.select { |s| s.name == 'ddtrace' && Gem::Requirement.new('< 0.27').satisfied_by?(Gem::Version.new(s.version)) }.any?
117
+ Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with ddtrace < 0.27, switching to :chain" }
118
+ strategy_hints << [:chain, 'ddtrace', '< 0.27']
119
+ end
120
+ if Gem::Specification.select { |s| s.name == 'ddtrace' && Gem::Requirement.new('>= 0.27').satisfied_by?(Gem::Version.new(s.version)) }.any?
121
+ Sqreen::Weave.logger.debug { "strategy: :chain unavailable with ddtrace >= 0.27, switching to :prepend" }
122
+ strategy_hints << [:prepend, 'ddtrace', '>= 0.27']
123
+ end
124
+ if Gem::Specification.select { |s| s.name == 'skylight' && Gem::Requirement.new('< 5.0.0.beta').satisfied_by?(Gem::Version.new(s.version)) }.any?
125
+ Sqreen::Weave.logger.debug { "strategy: :prepend unavailable with skylight < 5.0.0.beta, switching to :chain" }
126
+ strategy_hints << [:chain, 'skylight', '< 5.0.0.beta']
127
+ end
128
+ if Gem::Specification.select { |s| s.name == 'skylight' && Gem::Requirement.new('>= 5.0.0.beta').satisfied_by?(Gem::Version.new(s.version)) }.any?
129
+ Sqreen::Weave.logger.debug { "strategy: :chain unavailable with skylight >= 5.0.0.beta, switching to :prepend" }
130
+ strategy_hints << [:prepend, 'skylight', '>= 5.0.0.beta']
131
+ end
132
+ if strategy_hints.map(&:first).uniq.count > 1
133
+ raise Sqreen::Exception, "conflicting instrumentation strategies: #{strategy_hints.inspect}"
134
+ end
135
+ if strategy_hints.map(&:first).uniq.count == 1 && strategy != strategy_hints.first.first
136
+ was = strategy
137
+ strategy = strategy_hints.first.first
138
+ Sqreen::Weave.logger.warn { "strategy: #{strategy.inspect} was: #{was.inspect} hints: #{strategy_hints.inspect}" }
139
+ else
140
+ Sqreen::Weave.logger.info { "strategy: #{strategy.inspect}" }
106
141
  end
107
- Sqreen::Weave.logger.debug { "strategy: #{strategy.inspect}" }
108
142
 
109
143
  ### set up rule signature verifier
110
144
  verifier = nil
111
- if Sqreen.features['rules_signature'] &&
112
- Sqreen.config_get(:rules_verify_signature) == true &&
113
- !defined?(::JRUBY_VERSION)
145
+ # TODO: check for JRuby via dependency
146
+ # TODO: reinstate signatures for JRuby
147
+ if Sqreen.config_get(:rules_verify_signature) == true && !defined?(::JRUBY_VERSION)
114
148
  verifier = Sqreen::SqreenSignedVerifier.new
115
- Sqreen::Weave.logger.debug('Rules signature enabled')
149
+ Sqreen::Weave.logger.debug('rules: signature status: enabled')
116
150
  else
117
- Sqreen::Weave.logger.debug('Rules signature disabled')
151
+ Sqreen::Weave.logger.debug('rules: signature status: disabled')
152
+ end
153
+
154
+ if verifier
155
+ invalid_rules = rules.reject do |rule|
156
+ valid = verifier.verify(rule)
157
+
158
+ if valid
159
+ Sqreen::Weave.logger.debug { "rule: #{rule['name']} signed: true result: ok" }
160
+ else
161
+ Sqreen::Weave.logger.error { "rule: #{rule['name']} singed: true result: fail" }
162
+ end
163
+ end
164
+ if invalid_rules.any?
165
+ Sqreen::Weave.logger.error { "weave: instrument status: abort reason: signature result: fail" }
166
+ raise Sqreen::Exception, "Signature error: rules: #{invalid_rules.map { |r| r['name'] }.inspect}"
167
+ else
168
+ Sqreen::Weave.logger.info { "weave: instrument rules: signed result: ok" }
169
+ end
118
170
  end
119
171
 
120
172
  ### force clean instrumentation callback list
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sqreen
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.21.1
4
+ version: 1.22.0
5
5
  platform: java
6
6
  authors:
7
7
  - Sqreen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-06 00:00:00.000000000 Z
11
+ date: 2020-11-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -17,8 +17,8 @@ dependencies:
17
17
  - !ruby/object:Gem::Version
18
18
  version: 0.1.0
19
19
  name: sqreen-backport
20
- prerelease: false
21
20
  type: :runtime
21
+ prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
@@ -31,8 +31,8 @@ dependencies:
31
31
  - !ruby/object:Gem::Version
32
32
  version: 0.2.2
33
33
  name: sqreen-kit
34
- prerelease: false
35
34
  type: :runtime
35
+ prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
@@ -45,8 +45,8 @@ dependencies:
45
45
  - !ruby/object:Gem::Version
46
46
  version: '0'
47
47
  name: therubyrhino
48
- prerelease: false
49
48
  type: :runtime
49
+ prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - ">="
@@ -59,8 +59,8 @@ dependencies:
59
59
  - !ruby/object:Gem::Version
60
60
  version: 0.3.0
61
61
  name: execjs
62
- prerelease: false
63
62
  type: :runtime
63
+ prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - ">="
@@ -342,8 +342,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
342
342
  - !ruby/object:Gem::Version
343
343
  version: '0'
344
344
  requirements: []
345
- rubyforge_project:
346
- rubygems_version: 2.6.14.1
345
+ rubygems_version: 3.0.6
347
346
  signing_key:
348
347
  specification_version: 4
349
348
  summary: Sqreen Ruby agent