sqreen 1.23.1 → 1.23.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/bin/sqreen +43 -0
- data/lib/sqreen/configuration.rb +2 -0
- data/lib/sqreen/dependency/new_relic.rb +1 -1
- data/lib/sqreen/runner.rb +11 -0
- data/lib/sqreen/version.rb +1 -1
- data/lib/sqreen/weave/legacy/instrumentation.rb +2 -0
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8e1881ab1def0e4a82ccfe791c150b0213517084619d71f5c942a0d14a0189e1
|
4
|
+
data.tar.gz: beeef4f164a84efbc00824a5c63926da6a4e3fcc5952577442061e1c509e8fda
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b1d1ea43737baa0db830e556fc835f93104dc70465fc5695372c5a922e8108cb9e657e915cc7ffe06f655dc632b0d5e56daf659e0c6ef499b66484fcd6d33076
|
7
|
+
data.tar.gz: 98b0e405e39de271a9d8988692ea037b5f462b2af9314d384b7ca7dfec9dce43229b1aa317fbb8fccde84f1cd743d90637dabde392a2c7bfe88d6a6353e25235
|
data/CHANGELOG.md
CHANGED
data/bin/sqreen
ADDED
@@ -0,0 +1,43 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
def logger
|
4
|
+
@logger ||= Logger.new(STDOUT, level: :debug)
|
5
|
+
end
|
6
|
+
|
7
|
+
def verify(rules)
|
8
|
+
verifier = Sqreen::SqreenSignedVerifier.new
|
9
|
+
|
10
|
+
invalid_rules = rules.reject do |rule|
|
11
|
+
valid = verifier.verify(rule)
|
12
|
+
|
13
|
+
if valid
|
14
|
+
logger.debug { "rule: #{rule['name']} signed: true result: ok" }
|
15
|
+
else
|
16
|
+
logger.error { "rule: #{rule['name']} singed: true result: fail" }
|
17
|
+
end
|
18
|
+
|
19
|
+
valid
|
20
|
+
end
|
21
|
+
|
22
|
+
if invalid_rules.any?
|
23
|
+
logger.error { "weave: instrument status: abort reason: signature result: fail" }
|
24
|
+
raise Sqreen::Exception, "Signature error: rules: #{invalid_rules.map { |r| r['name'] }.inspect}"
|
25
|
+
else
|
26
|
+
logger.info { "weave: instrument rules: signed result: ok" }
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def check_signature(file)
|
31
|
+
require 'json'
|
32
|
+
require 'logger'
|
33
|
+
require 'sqreen/sqreen_signed_verifier'
|
34
|
+
|
35
|
+
content = File.open(file, 'rb', &:read)
|
36
|
+
json = JSON.parse(content)
|
37
|
+
|
38
|
+
p verify(json)
|
39
|
+
end
|
40
|
+
|
41
|
+
case ARGV[0]
|
42
|
+
when 'check-signature' then check_signature(ARGV[1]) || exit(1)
|
43
|
+
end
|
data/lib/sqreen/configuration.rb
CHANGED
@@ -56,6 +56,8 @@ module Sqreen
|
|
56
56
|
:default => nil },
|
57
57
|
{ :env => :SQREEN_RULES_SIGNATURE, :name => :rules_verify_signature,
|
58
58
|
:default => true },
|
59
|
+
{ :env => :SQREEN_RULES_DUMP, :name => :rules_dump,
|
60
|
+
:default => false },
|
59
61
|
{ :env => :SQREEN_LOG_LEVEL, :name => :log_level,
|
60
62
|
:default => 'INFO', :choice => %w[UNKNOWN FATAL ERROR WARN INFO DEBUG] },
|
61
63
|
{ :env => :SQREEN_LOG_LOCATION, :name => :log_location,
|
@@ -19,7 +19,7 @@ module Sqreen
|
|
19
19
|
def ignore_sqreen_exceptions
|
20
20
|
return unless required?
|
21
21
|
|
22
|
-
NewRelic::Agent::Agent.instance.error_collector.ignore(['Sqreen::AttackBlocked'])
|
22
|
+
::NewRelic::Agent::Agent.instance.error_collector.ignore(['Sqreen::AttackBlocked'])
|
23
23
|
rescue ::Exception => e # rubocop:disable Lint/RescueException
|
24
24
|
Sqreen.log.warn "Failed ignoring AttackBlocked on NewRelic: #{e.inspect}"
|
25
25
|
end
|
data/lib/sqreen/runner.rb
CHANGED
@@ -6,6 +6,7 @@
|
|
6
6
|
require 'ipaddr'
|
7
7
|
require 'timeout'
|
8
8
|
require 'json'
|
9
|
+
require 'pathname'
|
9
10
|
|
10
11
|
require 'sqreen/events/attack'
|
11
12
|
|
@@ -217,6 +218,16 @@ module Sqreen
|
|
217
218
|
session_rules = session.rules
|
218
219
|
rules_pack = session_rules['rules']
|
219
220
|
rulespack_id = session_rules['pack_id']
|
221
|
+
elsif @configuration.get(:rules_dump)
|
222
|
+
rules_dir = (defined?(Rails) ? Rails.root : Pathname.pwd) + 'tmp/sqreen/rules'
|
223
|
+
FileUtils.mkdir_p(rules_dir.to_s)
|
224
|
+
File.open("#{rules_dir}/#{rulespack_id}.json", "wb") { |f| f.write(JSON.pretty_generate(rules_pack)) }
|
225
|
+
FileUtils.mkdir_p("#{rules_dir}/#{rulespack_id}")
|
226
|
+
rules_pack.each do |r|
|
227
|
+
r = r.dup
|
228
|
+
r['rulespack_id'] = rulespack_id
|
229
|
+
File.open("#{rules_dir}/#{rulespack_id}/#{r['name']}.json", "wb") { |f| f.write(JSON.pretty_generate(r)) }
|
230
|
+
end
|
220
231
|
end
|
221
232
|
rules = rules_pack.each { |r| r['rulespack_id'] = rulespack_id }
|
222
233
|
Sqreen.log.info { format('retrieved rulespack id: %s', rulespack_id) }
|
data/lib/sqreen/version.rb
CHANGED
@@ -180,6 +180,8 @@ class Sqreen::Weave::Legacy::Instrumentation
|
|
180
180
|
else
|
181
181
|
Sqreen::Weave.logger.error { "rule: #{rule['name']} singed: true result: fail" }
|
182
182
|
end
|
183
|
+
|
184
|
+
valid
|
183
185
|
end
|
184
186
|
if invalid_rules.any?
|
185
187
|
Sqreen::Weave.logger.error { "weave: instrument status: abort reason: signature result: fail" }
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sqreen
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.23.
|
4
|
+
version: 1.23.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sqreen
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-04-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: sqreen-backport
|
@@ -75,7 +75,8 @@ dependencies:
|
|
75
75
|
description: Sqreen is a SaaS based Application protection and monitoring platform
|
76
76
|
that integrates directly into your Ruby applications. Learn more at https://sqreen.com.
|
77
77
|
email: contact@sqreen.com
|
78
|
-
executables:
|
78
|
+
executables:
|
79
|
+
- sqreen
|
79
80
|
extensions: []
|
80
81
|
extra_rdoc_files: []
|
81
82
|
files:
|
@@ -84,6 +85,7 @@ files:
|
|
84
85
|
- LICENSE
|
85
86
|
- README.md
|
86
87
|
- Rakefile
|
88
|
+
- bin/sqreen
|
87
89
|
- lib/sqreen.rb
|
88
90
|
- lib/sqreen/actions.rb
|
89
91
|
- lib/sqreen/actions/actions_index.rb
|