sqreen 1.7.2-java → 1.8.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/sqreen.rb +1 -1
- data/lib/sqreen/configuration.rb +26 -14
- data/lib/sqreen/frameworks/generic.rb +2 -1
- data/lib/sqreen/remote_command.rb +1 -0
- data/lib/sqreen/runner.rb +8 -2
- data/lib/sqreen/runtime_infos.rb +17 -7
- data/lib/sqreen/session.rb +8 -3
- data/lib/sqreen/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1e59d77a29753752ac91abddc5d18901a57c9eea
|
|
4
|
+
data.tar.gz: 9f607afbfdfb20bc318c228ef42c9cafed074593
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 171ea6e636f1050b616bb8b5940c71263dacf43fee573692dbd54b7ced961764ed63bf15a93d0fd0d967a7a6b1d37f5d5f908fb51bb262fb6792392b85d90bb6
|
|
7
|
+
data.tar.gz: f942511279775f4e9c3b4b49bf1d58ffab91c8b956e8a2dec0745b47e9e206e65bfa9f1a7253c17bcee1ff32eff9e689d5f15fdff3b33d711e3d610747518e06
|
data/lib/sqreen.rb
CHANGED
data/lib/sqreen/configuration.rb
CHANGED
|
@@ -8,7 +8,7 @@ require 'sqreen/performance_notifications/newrelic'
|
|
|
8
8
|
module Sqreen
|
|
9
9
|
@config = nil
|
|
10
10
|
|
|
11
|
-
def self
|
|
11
|
+
def self.config_init(framework = nil)
|
|
12
12
|
@config = Configuration.new(framework)
|
|
13
13
|
@config.load!
|
|
14
14
|
if @config && config_get(:report_perf_newrelic)
|
|
@@ -17,7 +17,7 @@ module Sqreen
|
|
|
17
17
|
@config
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
def self
|
|
20
|
+
def self.config_get(name)
|
|
21
21
|
raise 'No configuration defined' if @config.nil?
|
|
22
22
|
@config.get(name)
|
|
23
23
|
end
|
|
@@ -26,7 +26,7 @@ module Sqreen
|
|
|
26
26
|
|
|
27
27
|
CONFIG_DESCRIPTION = [
|
|
28
28
|
{ :env => :SQREEN_DISABLE, :name => :disable,
|
|
29
|
-
:default => false },
|
|
29
|
+
:default => false, :convert => :to_bool },
|
|
30
30
|
{ :env => :SQREEN_URL, :name => :url,
|
|
31
31
|
:default => 'https://back.sqreen.io' },
|
|
32
32
|
{ :env => :SQREEN_TOKEN, :name => :token,
|
|
@@ -36,15 +36,15 @@ module Sqreen
|
|
|
36
36
|
{ :env => :SQREEN_RULES_SIGNATURE, :name => :rules_verify_signature,
|
|
37
37
|
:default => true },
|
|
38
38
|
{ :env => :SQREEN_LOG_LEVEL, :name => :log_level,
|
|
39
|
-
:default => 'WARN', :choice => %w
|
|
39
|
+
:default => 'WARN', :choice => %w[UNKNOWN FATAL ERROR WARN INFO DEBUG] },
|
|
40
40
|
{ :env => :SQREEN_LOG_LOCATION, :name => :log_location,
|
|
41
41
|
:default => 'log/sqreen.log' },
|
|
42
42
|
{ :env => :SQREEN_RUN_IN_TEST, :name => :run_in_test,
|
|
43
|
-
:default => false },
|
|
43
|
+
:default => false, :convert => :to_bool },
|
|
44
44
|
{ :env => :SQREEN_BLOCK_ALL_RULES, :name => :block_all_rules,
|
|
45
45
|
:default => nil },
|
|
46
46
|
{ :env => :SQREEN_REPORT_PERF_NR, :name => :report_perf_newrelic,
|
|
47
|
-
:default => false },
|
|
47
|
+
:default => false, :convert => :to_bool },
|
|
48
48
|
{ :env => :SQREEN_INITIAL_FEATURES, :name => :initial_features,
|
|
49
49
|
:default => nil },
|
|
50
50
|
|
|
@@ -52,6 +52,10 @@ module Sqreen
|
|
|
52
52
|
|
|
53
53
|
CONFIG_FILE_NAME = 'sqreen.yml'.freeze
|
|
54
54
|
|
|
55
|
+
def self.to_bool(value)
|
|
56
|
+
%w[1 true].include?(value.to_s.downcase.strip)
|
|
57
|
+
end
|
|
58
|
+
|
|
55
59
|
# Class to access configurations variables
|
|
56
60
|
# This try to load environment by different ways.
|
|
57
61
|
# 1. By file:
|
|
@@ -90,7 +94,7 @@ module Sqreen
|
|
|
90
94
|
msg = format("Invalid value '%s' for env '%s' (allowed: %s)", value, name, choices)
|
|
91
95
|
raise Sqreen::Exception, msg
|
|
92
96
|
end
|
|
93
|
-
res[name] = value
|
|
97
|
+
res[name] = param[:convert] ? send(param[:convert], value) : value
|
|
94
98
|
end
|
|
95
99
|
res
|
|
96
100
|
end
|
|
@@ -101,27 +105,31 @@ module Sqreen
|
|
|
101
105
|
name = param[:name]
|
|
102
106
|
value = ENV[param[:env].to_s]
|
|
103
107
|
next unless value
|
|
104
|
-
res[name] = value
|
|
108
|
+
res[name] = param[:convert] ? send(param[:convert], value) : value
|
|
105
109
|
end
|
|
106
110
|
res
|
|
107
111
|
end
|
|
108
112
|
|
|
109
113
|
def parse_configuration_file(path)
|
|
110
|
-
|
|
111
|
-
return {} unless
|
|
114
|
+
yaml = YAML.load(ERB.new(File.read(path)).result)
|
|
115
|
+
return {} unless yaml.is_a?(Hash)
|
|
112
116
|
if @framework
|
|
113
117
|
env = @framework.framework_infos[:environment]
|
|
114
|
-
|
|
118
|
+
yaml = yaml[env] if env && yaml[env].is_a?(Hash)
|
|
115
119
|
end
|
|
120
|
+
res = {}
|
|
116
121
|
# hash keys loaded by YAML are strings instead of symbols
|
|
117
|
-
|
|
118
|
-
|
|
122
|
+
Sqreen::CONFIG_DESCRIPTION.each do |param|
|
|
123
|
+
name = param[:name]
|
|
124
|
+
value = yaml[name.to_s]
|
|
125
|
+
next unless value
|
|
126
|
+
res[name] = param[:convert] ? send(param[:convert], value) : value
|
|
119
127
|
end
|
|
120
128
|
res
|
|
121
129
|
end
|
|
122
130
|
|
|
123
131
|
def find_user_home
|
|
124
|
-
homes = %w
|
|
132
|
+
homes = %w[HOME HOMEPATH]
|
|
125
133
|
homes.detect { |h| !ENV[h].nil? }
|
|
126
134
|
end
|
|
127
135
|
|
|
@@ -152,5 +160,9 @@ module Sqreen
|
|
|
152
160
|
path = File.join(ENV[home], '.' + CONFIG_FILE_NAME)
|
|
153
161
|
return path if File.exist?(path)
|
|
154
162
|
end
|
|
163
|
+
|
|
164
|
+
def to_bool(value)
|
|
165
|
+
Sqreen::to_bool(value)
|
|
166
|
+
end
|
|
155
167
|
end
|
|
156
168
|
end
|
|
@@ -151,7 +151,8 @@ module Sqreen
|
|
|
151
151
|
def prevent_startup
|
|
152
152
|
return :irb if $0 == 'irb'
|
|
153
153
|
return if sqreen_configuration.nil?
|
|
154
|
-
|
|
154
|
+
disable = sqreen_configuration.get(:disable)
|
|
155
|
+
return :config_disable if disable == true || disable.to_s.to_i == 1
|
|
155
156
|
end
|
|
156
157
|
|
|
157
158
|
# Instrument with our rules when the framework as finished loading
|
data/lib/sqreen/runner.rb
CHANGED
|
@@ -125,7 +125,7 @@ module Sqreen
|
|
|
125
125
|
# Ensure a deliverer is there unless features have set it first
|
|
126
126
|
self.deliverer ||= Deliveries::Simple.new(session)
|
|
127
127
|
context_infos = {}
|
|
128
|
-
%w
|
|
128
|
+
%w[rules pack_id].each do |p|
|
|
129
129
|
context_infos[p] = response[p] unless response[p].nil?
|
|
130
130
|
end
|
|
131
131
|
process_commands(response.fetch('commands', []), context_infos)
|
|
@@ -251,6 +251,12 @@ module Sqreen
|
|
|
251
251
|
true
|
|
252
252
|
end
|
|
253
253
|
|
|
254
|
+
def upload_bundle(_context_infos = {})
|
|
255
|
+
t = Time.now
|
|
256
|
+
session.post_bundle(RuntimeInfos.dependencies_signature, RuntimeInfos.dependencies)
|
|
257
|
+
Time.now - t
|
|
258
|
+
end
|
|
259
|
+
|
|
254
260
|
def change_whitelisted_ips(ips, _context_infos = {})
|
|
255
261
|
return false unless ips.respond_to?(:each)
|
|
256
262
|
Sqreen.update_whitelisted_ips(ips)
|
|
@@ -323,7 +329,7 @@ module Sqreen
|
|
|
323
329
|
!Sinatra::Application.run?
|
|
324
330
|
end
|
|
325
331
|
|
|
326
|
-
def shutdown(_context_infos={})
|
|
332
|
+
def shutdown(_context_infos = {})
|
|
327
333
|
remove_instrumentation
|
|
328
334
|
logout
|
|
329
335
|
end
|
data/lib/sqreen/runtime_infos.rb
CHANGED
|
@@ -5,6 +5,7 @@ require 'sqreen/version'
|
|
|
5
5
|
require 'sqreen/frameworks'
|
|
6
6
|
|
|
7
7
|
require 'socket'
|
|
8
|
+
require 'digest/sha1'
|
|
8
9
|
|
|
9
10
|
module Sqreen
|
|
10
11
|
module RuntimeInfos
|
|
@@ -16,8 +17,8 @@ module Sqreen
|
|
|
16
17
|
res.merge! os
|
|
17
18
|
res.merge! runtime
|
|
18
19
|
res.merge! framework.framework_infos
|
|
20
|
+
res[:bundle_signature] = dependencies_signature
|
|
19
21
|
res[:various_infos].merge! time
|
|
20
|
-
res[:various_infos].merge! dependencies
|
|
21
22
|
res[:various_infos].merge! process
|
|
22
23
|
res
|
|
23
24
|
end
|
|
@@ -31,7 +32,7 @@ module Sqreen
|
|
|
31
32
|
|
|
32
33
|
def dependencies
|
|
33
34
|
gem_info = Gem.loaded_specs
|
|
34
|
-
gem_info
|
|
35
|
+
gem_info.map do |name, spec|
|
|
35
36
|
{
|
|
36
37
|
:name => name,
|
|
37
38
|
:version => spec.version.to_s,
|
|
@@ -39,9 +40,6 @@ module Sqreen
|
|
|
39
40
|
:source => (extract_source(spec.source) if spec.respond_to?(:source)),
|
|
40
41
|
}
|
|
41
42
|
end
|
|
42
|
-
{
|
|
43
|
-
:dependencies => gem_info,
|
|
44
|
-
}
|
|
45
43
|
end
|
|
46
44
|
|
|
47
45
|
def time
|
|
@@ -60,8 +58,7 @@ module Sqreen
|
|
|
60
58
|
{
|
|
61
59
|
:type => type,
|
|
62
60
|
:version => version,
|
|
63
|
-
}
|
|
64
|
-
}
|
|
61
|
+
} }
|
|
65
62
|
end
|
|
66
63
|
|
|
67
64
|
def agent
|
|
@@ -113,6 +110,19 @@ module Sqreen
|
|
|
113
110
|
}
|
|
114
111
|
end
|
|
115
112
|
|
|
113
|
+
def dependencies_signature
|
|
114
|
+
calculate_dependencies_signature(dependencies)
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
def calculate_dependencies_signature(pkgs)
|
|
118
|
+
return nil if pkgs.nil? || pkgs.empty?
|
|
119
|
+
sha1 = Digest::SHA1.new
|
|
120
|
+
pkgs.map { |pkg| [pkg[:name], pkg[:version]] }.sort.each_with_index do |p, i|
|
|
121
|
+
sha1 << format(i.zero? ? '%s-%s' : '|%s-%s', *p)
|
|
122
|
+
end
|
|
123
|
+
sha1.hexdigest
|
|
124
|
+
end
|
|
125
|
+
|
|
116
126
|
def extract_source(source)
|
|
117
127
|
return nil unless source
|
|
118
128
|
ret = { 'name' => source.class.name.split(':')[-1] }
|
data/lib/sqreen/session.rb
CHANGED
|
@@ -132,7 +132,6 @@ module Sqreen
|
|
|
132
132
|
def resiliently(retry_request_seconds, max_retry, current_retry = 0)
|
|
133
133
|
return yield
|
|
134
134
|
rescue => e
|
|
135
|
-
|
|
136
135
|
Sqreen.log.debug(e.inspect)
|
|
137
136
|
|
|
138
137
|
current_retry += 1
|
|
@@ -161,6 +160,7 @@ module Sqreen
|
|
|
161
160
|
headers['X-Session-Key'] = @session_id if @session_id
|
|
162
161
|
headers['X-Sqreen-Time'] = Time.now.utc.to_f.to_s
|
|
163
162
|
headers['X-Sqreen-Agent'] = "Ruby/#{Sqreen::VERSION}"
|
|
163
|
+
headers['User-Agent'] = "Ruby/#{Sqreen::VERSION}"
|
|
164
164
|
headers['X-Sqreen-Beta'] = format('pid=%d;tid=%s;nb=%d;t=%f',
|
|
165
165
|
Process.pid,
|
|
166
166
|
thread_id,
|
|
@@ -258,14 +258,19 @@ module Sqreen
|
|
|
258
258
|
resilient_post('attack', attack.to_hash)
|
|
259
259
|
end
|
|
260
260
|
|
|
261
|
+
def post_bundle(bundle_sig, dependencies)
|
|
262
|
+
resilient_post('bundle', 'bundle_signature' => bundle_sig,
|
|
263
|
+
'dependencies' => dependencies)
|
|
264
|
+
end
|
|
265
|
+
|
|
261
266
|
# Post an exception to Sqreen for analysis
|
|
262
267
|
# @param exception [RemoteException] Exception and context to be sent over
|
|
263
268
|
def post_sqreen_exception(exception)
|
|
264
269
|
post('sqreen_exception', exception.to_hash, {}, 5)
|
|
265
270
|
rescue *NET_ERRORS => e
|
|
266
271
|
Sqreen.log.warn(format('Could not post exception (network down? %s) %s',
|
|
267
|
-
|
|
268
|
-
|
|
272
|
+
e.inspect,
|
|
273
|
+
exception.to_hash.inspect))
|
|
269
274
|
nil
|
|
270
275
|
end
|
|
271
276
|
|
data/lib/sqreen/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sqreen
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.8.0
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Sqreen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-07
|
|
11
|
+
date: 2017-08-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: execjs
|