sqreen 1.8.5 → 1.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3f399192916d62e32ac7dc431d7f9567451b3b4c
-  data.tar.gz: c50f2371cedb78ea513b13773da2fcab80786994
+  metadata.gz: bd6678aaddb8e5e15e00d1d91bd9acc54ad5b501
+  data.tar.gz: 1611328a970e0d555cf1c27318dd10578b244946
 SHA512:
-  metadata.gz: 98569486b7c5344745d4542f0a856673db74431f703ee96c192c0b28efda36ddefc6ee88978ef93f4bea7a7a92264c9eba55c52a3b03de16ed461bec4d88b3a0
-  data.tar.gz: 16bc37bfdbf917d013f66559cf34431e1ac39c62678cd3ad9aab2c66d2f6b8ac084dc15fea24b2f00e8da2b9aeff81938f2f6418c5e325e98d5c9a8b2be2c16f
+  metadata.gz: 10ef0a5054578df596b1c62b0aae786d81ba52715366c08797d772ee66312502e9e63b6afce333dcda5822f27524a147c3023faf9791d78219098d610fb1617d
+  data.tar.gz: 914169b9db37992430b91b92ac1778bf9209176e4d03a4263c1deabac4d0ca36efbe59ea10f688a5419fb7fde170cb87ef33ccc6eb5de3eaa693834299c0b76c

data/lib/sqreen/attack_detected.html

@@ -1,2 +1,2 @@
-<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <title>Sqreen has detected an attack.</title> <style>html,body,div,span,h1,a{margin:0;padding:0;border:0;font-size:100%;font:inherit;vertical-align:baseline}body{background:-webkit-radial-gradient(26% 19%,circle,#fff,#f4f7f9);background:radial-gradient(circle at 26% 19%,#fff,#f4f7f9);display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-ms-flex-line-pack:center;align-content:center;width:100%;min-height:100vh;line-height:1}svg,h1,p{display:block}svg{margin:0 auto 4vh}h1{font-family:sans-serif;font-weight:300;font-size:34px;color:#384886;line-height:normal}p{font-size:18px;line-height:normal;color:#b8bccc;font-family:sans-serif;font-weight:300}a{color:#b8bccc}.flex{text-align:center}</style></head><body> <div class="flex"> <svg xmlns="http://www.w3.org/2000/svg" width="230" height="250" xmlns:xlink="http://www.w3.org/1999/xlink"> <defs> <path id="b" d="M176.55 22.93v-.03c-.17-1.13-.8-2.1-1.9-2.77C170.93 18.07 136.8.03 88.98 0 40.25 0 4.8 19.28 3.28 20.14c-.98.6-1.63 1.6-1.77 2.72-14.8 123.1 84.7 176.2 85.7 176.7.6.3 1.2.44 1.8.44.6 0 1.2-.15 1.7-.42 1-.52 100.4-55.03 85.9-176.65z"/> <filter id="a" width="151.7%" height="146%" x="-25.8%" y="-16%" filterUnits="objectBoundingBox"> <feOffset dy="14" in="SourceAlpha" result="shadowOffsetOuter1"/> <feGaussianBlur stdDeviation="13" in="shadowOffsetOuter1" result="shadowBlurOuter1"/> <feColorMatrix values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.05 0" in="shadowBlurOuter1"/> </filter> </defs> <g fill="none" fill-rule="evenodd"> <g fill-rule="nonzero" transform="translate(26 12)"> <use fill="#000" filter="url(#a)" xlink:href="#b"/> <use fill="#FFF" fill-rule="evenodd" xlink:href="#b"/> </g> <path fill="#374886" d="M153.85 75.8s0 .68-.35 1.13c-.46.57-8.52 10.74-12.32 15.6-3.8 4.98-11.52 2.26-11.52 2.26s2.54-1.5 4.15-3.4c4.3-5.3 12.5-15.7 12.5-15.7s-8.2-10.2-12.4-15.6c-1.5-2-4.1-3.4-4.1-3.4s7.7-2.6 11.5 2.2c3.8 4.9 11.9 15.1 12.2 15.7.5.4.5 1.1.5 1.1m-78 .1s0 .6.4 1.1c.4.4 8.5 10.7 12.2 15.6 3.7 4.8 11.5 2.2 11.5 2.2s-2.5-1.5-4.1-3.4c-4.3-5.2-12.5-15.5-12.5-15.5l12.4-15.7c1.5-2 4.2-3.4 4.2-3.4s-7.7-2.6-11.5 2.2C84.8 63.7 76.9 74 76.5 74.6c-.32.55-.44 1.12-.44 1.12M115 62.82c-7.03 0-12.9 5.78-12.9 12.9s5.75 12.9 12.9 12.9c7.13 0 12.9-5.8 12.9-12.9s-5.9-12.9-12.9-12.9m-33.38 58.6c3.46 0 5.4-1.77 5.4-4.1 0-5.15-7.4-3.56-7.4-5.47 0-.8.78-1.3 1.97-1.3 1.5 0 2.9.6 3.7 1.5l1.3-2.3c-1.3-1-2.9-1.8-5.1-1.8-3.3 0-5.1 1.9-5.1 4 0 5 7.5 3.3 7.5 5.4 0 .8-.6 1.4-2.1 1.4s-3.4-.9-4.3-1.8l-1.4 2.4c1.4 1.2 3.4 2 5.6 2zm13.53-3c-1.8 0-3.1-1.5-3.1-3.7s1.3-3.7 3.2-3.7c1.1 0 2.3.6 2.8 1.44v4.5c-.5.8-1.7 1.46-2.8 1.46zm-1 3c1.5 0 2.9-.64 3.9-1.96v6.5h3.3v-17.63H98v1.6c-.96-1.23-2.33-1.92-3.86-1.92-3.2 0-5.52 2.5-5.52 6.7 0 4.3 2.33 6.7 5.53 6.7zm13.7-.32v-8.42c.6-.8 2-1.4 3.1-1.4.4 0 .7.1.9.1v-3.3c-1.5 0-3.1 1-3.9 2.1v-1.7h-3.3v12.8h3.3zm11.9.33c2 0 3.9-.6 5.2-1.77l-1.4-2.2c-.8.8-2.26 1.2-3.32 1.2-2.1 0-3.4-1.4-3.6-3h9.3v-.7c0-4.2-2.53-7.1-6.25-7.1-3.8 0-6.45 3-6.45 6.7 0 4.05 2.8 6.7 6.6 6.7zm2.9-7.9h-6.1c.2-1.27 1.07-2.83 3.1-2.83 2.18 0 3 1.6 3.08 2.87zm11.4 7.9c2 0 3.9-.6 5.2-1.77l-1.42-2.2c-.8.8-2.3 1.2-3.34 1.2-2.2 0-3.4-1.4-3.6-3h9.2v-.7c0-4.2-2.6-7.1-6.3-7.1-3.8 0-6.4 3-6.4 6.7 0 4.05 2.82 6.7 6.62 6.7zm2.9-7.9h-6.1c.17-1.27 1.05-2.83 3.1-2.83 2.2 0 3 1.6 3.1 2.87zm17.3 7.58v-9c0-2.5-1.3-4-4.03-4-2.08 0-3.6 1-4.4 2v-1.64h-3.3v12.76h3.3v-8.6c.53-.74 1.53-1.5 2.82-1.5 1.4 0 2.3.63 2.3 2.4v7.7h3.2z"/> </g> </svg> <h1>Uh Oh! Sqreen has detected an attack.</h1> <p>If you are the application owner, check the Sqreen <a href="https://my.sqreen.io/">dashboard</a> for more information.</p></div></body></html>
+<!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <title>Sqreen has detected an attack.</title> <style>html, body, div, span, h1, a{margin: 0; padding: 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline}body{background: -webkit-radial-gradient(26% 19%, circle, #fff, #f4f7f9); background: radial-gradient(circle at 26% 19%, #fff, #f4f7f9); display: -webkit-box; display: -ms-flexbox; display: flex; -webkit-box-pack: center; -ms-flex-pack: center; justify-content: center; -webkit-box-align: center; -ms-flex-align: center; align-items: center; -ms-flex-line-pack: center; align-content: center; width: 100%; min-height: 100vh; line-height: 1}svg, h1, p{display: block}svg{margin: 0 auto 4vh}h1{font-family: sans-serif; font-weight: 300; font-size: 34px; color: #384886; line-height: normal}p{font-size: 18px; line-height: normal; color: #b8bccc; font-family: sans-serif; font-weight: 300}a{color: #b8bccc}.flex{text-align: center}</style></head><body> <div class="flex"> <svg xmlns="http://www.w3.org/2000/svg" width="230" height="250" viewBox="0 0 230 250" enable-background="new 0 0 230 250"> <style>.st0{opacity: 0.4; filter: url(#a);}.st1{fill: #FFFFFF;}.st2{fill: #B0ACFF;}.st3{fill: #4842B7;}.st4{fill: #1E0936;}</style> <filter id="a" width="151.7%" height="146%" x="-25.8%" y="-16%" filterUnits="objectBoundingBox"> <feOffset dy="14" in="SourceAlpha" result="shadowOffsetOuter1"/> <feGaussianBlur in="shadowOffsetOuter1" result="shadowBlurOuter1" stdDeviation="13"/> <feColorMatrix in="shadowBlurOuter1" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.05 0"/> </filter> <g class="st0"> <path id="b_2_" d="M202.6 34.9c-.2-1.2-.8-2.1-1.9-2.8-3.8-2-37.9-20.1-85.7-20.1-48.8 0-84.2 19.3-85.7 20.1-1 .6-1.6 1.6-1.8 2.7-14.8 123.2 84.7 176.3 85.7 176.8.6.3 1.2.4 1.8.4.6 0 1.2-.1 1.7-.4 1-.5 100.4-55 85.9-176.7z"/> </g> <path id="b_1_" d="M202.6 34.9c-.2-1.2-.8-2.1-1.9-2.8-3.8-2-37.9-20.1-85.7-20.1-48.8 0-84.2 19.3-85.7 20.1-1 .6-1.6 1.6-1.8 2.7-14.8 123.2 84.7 176.3 85.7 176.8.6.3 1.2.4 1.8.4.6 0 1.2-.1 1.7-.4 1-.5 100.4-55 85.9-176.7z" class="st1"/> <g id="nest-cmyk-indigo"> <ellipse id="sqreen" cx="115.5" cy="69.9" class="st2" rx="12.7" ry="12.7"/> <path id="app" d="M113.6 91.9V71.5L95.5 61.1v18l6.4-3.7c.5 1.1 1 2.2 1.7 3.2L97 82.3l16.6 9.6zm3.7 0l16.6-9.6-6.7-3.9c.7-1 1.3-2 1.7-3.2l6.4 3.7v-18l-18.1 10.5v20.5zM96.9 57.6l18.6 10.7L134 57.6 117.3 48v7.6c-.6-.1-1.2-.1-1.8-.1-.6 0-1.2 0-1.8.1V48l-16.8 9.6zm20.2-13.9l20.3 11.7c1 .6 1.6 1.7 1.6 2.8v23.5c0 1.2-.6 2.2-1.6 2.8l-20.3 11.7c-1 .6-2.3.6-3.3 0L93.5 84.5c-1-.6-1.6-1.7-1.6-2.8V58.2c0-1.2.6-2.2 1.6-2.8l20.3-11.7c1-.6 2.3-.6 3.3 0z" class="st3"/> </g> <path id="s" d="M74.6 113c-1.8-1-3.5-1.5-5.2-1.5-1.4 0-2.3.6-2.3 1.5 0 2.7 10.1.4 10.1 7.7 0 3.3-2.9 6-7.6 6-2.1 0-4.7-.5-6.4-1.4l-.1-.1c-.3-.2-.3-.5-.2-.8l1.2-2.7c.1-.3.5-.5.9-.3.1 0 .1.1.2.1 1.5.6 3.1 1 4.6 1 2.2 0 2.9-.6 2.9-1.7 0-3-10.1-.8-10.1-7.7 0-3.1 2.7-5.8 7-5.8 2.1 0 5 .7 6.9 1.8.1 0 .1.1.2.1.3.2.4.5.3.8l-1.2 2.7c-.1.3-.5.5-.9.3h-.3z" class="st4"/> <path id="q" d="M93.6 107.8h3.2c.4 0 .7.3.7.7v25.9c0 .4-.3.7-.7.7h-3.2c-.4 0-.7-.3-.7-.7v-9.1c-1.2.8-2.9 1.4-4.7 1.4-5.4 0-9.6-4.3-9.6-9.7 0-5.4 4.1-9.7 9.6-9.7 1.8 0 3.5.6 4.7 1.4v-.1c0-.5.3-.8.7-.8zm-.7 12.4v-6.5c-1.3-1.3-2.8-2.1-4.5-2.1-2.9 0-5.1 2.3-5.1 5.4s2.2 5.4 5.1 5.4c1.7-.1 3.2-.7 4.5-2.2z" class="st4"/> <path id="r" d="M112.5 107.8c-1-.4-2-.6-3-.6-1.8 0-3.5.6-4.9 1.4v-.2c0-.3-.2-.5-.5-.5h-3.4c-.3 0-.5.2-.5.5v17.8c0 .3.2.5.5.5h3.4c.3 0 .5-.2.5-.5v-12.6c1.1-1.2 2.8-1.9 4.6-1.9.4 0 .9 0 1.5.2.3.1.6-.1.7-.4l1.3-2.9c.1-.4 0-.7-.2-.8z" class="st4"/> <path id="e" d="M129 124.7c-1.7 1-4.2 2-6.7 2-6 0-10.3-4.4-10.3-9.9 0-5.3 3.7-9.6 9.4-9.6 5.2 0 8.4 4.4 8.4 9 0 .4 0 .9-.1 1.2 0 .3-.3.6-.7.6h-12.5c.5 2.8 2.8 4.5 5.8 4.5 1.7 0 3.4-.5 5.1-1.4.3-.2.6-.1.8.2l1.2 2.6c.1.2 0 .4-.2.6-.2.1-.2.2-.2.2zm-12.4-10h8.5c-.2-1.8-1.9-3.3-3.9-3.3-2.5-.1-4 1.4-4.6 3.3z" class="st4"/> <path id="e_1_" d="M148.7 124.7c-1.7 1-4.2 2-6.7 2-6 0-10.3-4.4-10.3-9.9 0-5.3 3.7-9.6 9.4-9.6 5.2 0 8.4 4.4 8.4 9 0 .4 0 .9-.1 1.2 0 .3-.3.6-.7.6h-12.5c.5 2.8 2.8 4.5 5.8 4.5 1.7 0 3.4-.5 5.1-1.4.3-.2.6-.1.8.2l1.2 2.6c.1.2 0 .4-.2.6-.2.1-.2.2-.2.2zm-12.4-10h8.5c-.2-1.8-1.9-3.3-3.9-3.3-2.5-.1-4 1.4-4.6 3.3z" class="st4"/> <path id="n" d="M151.5 108.5V126c0 .4.3.7.7.7h3.2c.4 0 .7-.3.7-.7v-12.5c1.1-1.2 2.8-1.9 4.6-1.9 2.9 0 4.5 1.6 4.5 4.7v9.7c0 .4.3.7.7.7h3.2c.4 0 .7-.3.7-.7v-10.2c0-5.2-2.9-8.5-8.8-8.5-1.8 0-3.5.6-4.9 1.4v-.1c0-.4-.3-.7-.7-.7h-3.2c-.4-.1-.7.2-.7.6z" class="st4"/> </svg> <h1>Uh Oh! Sqreen has detected an attack.</h1> <p>If you are the application owner, check the Sqreen <a href="https://my.sqreen.io/">dashboard</a> for more information.</p></div></body></html>
 

data/lib/sqreen/callbacks.rb

@@ -2,35 +2,9 @@
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 
 require 'set'
+require 'sqreen/shared_storage'
 
 module Sqreen
-  module SharedStorage
-    @@shared = {}
-
-    def self::get(key, default = nil)
-      h = @@shared[Thread.current]
-      return h.fetch(key, default) if h
-      default
-    end
-
-    def self::set(key, obj)
-      main_key = Thread.current
-      @@shared[main_key] = {} unless @@shared.key? main_key
-      @@shared[main_key][key] = obj
-    end
-
-    def self.clear
-      @@shared.delete(Thread.current)
-    end
-
-    def self.inc(value)
-      set(value, get(value, 0) + 1)
-    end
-
-    def self.dec(value)
-      set(value, get(value, 0) - 1)
-    end
-  end
 
   class CB
     # Callback class.

data/lib/sqreen/context.rb

@@ -6,6 +6,10 @@ module Sqreen
   class Context
     attr_accessor :bt
 
+    def self.bt
+      Context.new.bt
+    end
+
     def initialize
       @bt = get_current_backtrace
     end

data/lib/sqreen/deliveries/batch.rb

@@ -8,7 +8,7 @@ module Sqreen
     # Simple delivery method that batch event already seen in a batch
     class Batch < Simple
       attr_accessor :max_batch, :max_staleness
-      attr_accessor :current_batch
+      attr_accessor :current_batch, :first_seen
 
       def initialize(session,
                      max_batch,
@@ -40,18 +40,17 @@ module Sqreen
 
       def stale?
         min = @first_seen.values.min
+        return false if min.nil?
         (min + max_staleness) < Time.now
       end
 
       def post_batch_needed?(event)
-        key = event_key(event)
-        was = @first_seen[key]
         now = Time.now
-        @first_seen[key] ||= now
-        return true if was.nil?
-        return true if current_batch.size > max_batch
-        return true if (was + max_staleness) < now
-        false
+        event_keys(event).map do |key|
+          was = @first_seen[key]
+          @first_seen[key] ||= now
+          was.nil? || current_batch.size > max_batch || (was + max_staleness) < now
+        end.any?
       end
 
       def post_batch
@@ -67,12 +66,17 @@ module Sqreen
         self.max_staleness += rand(@original_max_staleness / 10)
       end
 
+      def event_keys(event)
+        return [event_key(event)] unless event.is_a?(Sqreen::RequestRecord)
+        event.observed.fetch(:attacks, []).map { |e| "att-#{e[:rule_name]}" } + event.observed.fetch(:sqreen_exceptions, []).map { |e| "rex-#{e[:exception].class}" }
+      end
+
       def event_key(event)
         case event
         when Sqreen::Attack
-          return "att-#{event.type}"
+          "att-#{event.type}"
         when Sqreen::RemoteException
-          return "rex-#{event.klass}"
+          "rex-#{event.klass}"
         end
       end
     end

data/lib/sqreen/deliveries/simple.rb

@@ -2,6 +2,7 @@
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 
 require 'sqreen/events/remote_exception'
+require 'sqreen/events/request_record'
 
 module Sqreen
   module Deliveries
@@ -19,6 +20,8 @@ module Sqreen
           session.post_attack(event)
         when Sqreen::RemoteException
           session.post_sqreen_exception(event)
+        when Sqreen::RequestRecord
+          session.post_request_record(event)
         else
           session.post_event(event)
         end

data/lib/sqreen/events/request_record.rb

@@ -0,0 +1,54 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+require 'json'
+require 'sqreen/event'
+
+module Sqreen
+  # When a request is deeemed worthy of being sent to the backend
+  class RequestRecord < Sqreen::Event
+    def observed
+      (payload && payload[:observed]) || {}
+    end
+
+    def to_hash
+      res = { :version => '20171208' }
+      if payload[:observed]
+        res[:observed] = payload[:observed]
+        rulespack = nil
+        observed.fetch(:attacks, []).each do |att|
+          rulespack = att.delete(:rulespack_id) || rulespack
+        end
+        observed.fetch(:sqreen_exceptions, []).each do |exc|
+          excp = exc.delete(:exception)
+          if excp
+            exc[:message] = excp.message
+            exc[:klass] = excp.class.name
+          end
+          rulespack = exc.delete(:rulespack_id) || rulespack
+        end
+        res[:rulespack_id] = rulespack unless rulespack.nil?
+        if observed[:observations]
+          res[:observed][:observations] = observed[:observations].map do |cat, key, value, time|
+            { :category => cat, :key => key, :value => value, :time => time }
+          end
+        end
+        if observed[:sdk]
+          payload[:observed][:sdk] = observed[:sdk].map do |meth, time, *args|
+            { :name => meth, :time => time, :args => args }
+          end
+        end
+      end
+      res[:local] = payload['local'] if payload['local']
+      if payload['request']
+        res[:request] = payload['request']
+        res[:client_ip] = res[:request].delete(:client_ip) if res[:request][:client_ip]
+      else
+        res[:request] = {}
+      end
+      res[:request][:parameters] = payload['params'] if payload['params']
+      res[:request][:headers] = payload['headers'] if payload['headers']
+      res
+    end
+  end
+end

data/lib/sqreen/frameworks.rb

@@ -11,7 +11,7 @@ module Sqreen
   def self::framework
     return @@framework if @@framework
     klass = case
-            when defined?(::Rails)
+            when defined?(::Rails) && defined?(::Rails::VERSION)
               case Rails::VERSION::MAJOR.to_i
               when 4, 5
                 require 'sqreen/frameworks/rails'

data/lib/sqreen/frameworks/generic.rb

@@ -6,11 +6,13 @@ require 'sqreen/events/remote_exception'
 require 'sqreen/callbacks'
 require 'sqreen/exception'
 require 'sqreen/log'
+require 'sqreen/frameworks/request_recorder'
 
 module Sqreen
   module Frameworks
     # This is the base class for framework specific code
     class GenericFramework
+      include RequestRecorder
       attr_accessor :sqreen_configuration
 
       def initialize
@@ -19,6 +21,7 @@ module Sqreen
         else
           to_app_done(Process.pid)
         end
+        clean_request_record
       end
 
       # What kind of database is this
@@ -40,13 +43,16 @@ module Sqreen
         ENV['RACK_ENV'] == 'development'
       end
 
+      PREFFERED_IP_HEADERS = %w(HTTP_X_FORWARDED_FOR HTTP_X_REAL_IP
+                                HTTP_CLIENT_IP HTTP_X_FORWARDED
+                                HTTP_X_CLUSTER_CLIENT_IP HTTP_FORWARDED_FOR
+                                HTTP_FORWARDED HTTP_VIA).freeze
+
       def ip_headers
         req = request
         return [] unless req
         ips = []
-        %w(HTTP_X_FORWARDED_FOR HTTP_CLIENT_IP HTTP_X_REAL_IP HTTP_X_FORWARDED
-           HTTP_X_CLUSTER_CLIENT_IP HTTP_FORWARDED_FOR HTTP_FORWARDED HTTP_VIA
-           REMOTE_ADDR).each do |header|
+        (PREFFERED_IP_HEADERS + ['REMOTE_ADDR']).each do |header|
           v = req.env[header]
           ips << [header, v] unless v.nil?
         end
@@ -71,16 +77,22 @@ module Sqreen
         req = request
         return nil unless req
         # Look for an external address being forwarded
-        forwarded = req.env['HTTP_X_FORWARDED_FOR']
-        ips = split_ip_addresses(forwarded)
-        last = ips.find { |ip| (ip !~ TRUSTED_PROXIES) && valid_ip?(ip) }
-        return last unless last.nil?
+        split_ips = []
+        PREFFERED_IP_HEADERS.each do |header_name|
+          forwarded = req.env[header_name]
+          ips = split_ip_addresses(forwarded)
+          lip = ips.find { |ip| (ip !~ TRUSTED_PROXIES) && valid_ip?(ip) }
+          split_ips << ips unless ips.empty?
+          return lip unless lip.nil?
+        end
         # Else fall back to declared remote addr
         r = req.env['REMOTE_ADDR']
         # If this is localhost get the last hop before
-        if !ips.empty? && r =~ LOCALHOST
-          last = ips.find { |ip| (ip !~ LOCALHOST) && valid_ip?(ip) }
-          return last unless last.nil?
+        if r.nil? || r =~ LOCALHOST
+          split_ips.each do |ips|
+            lip = ips.find { |ip| (ip !~ LOCALHOST) && valid_ip?(ip) }
+            return lip unless lip.nil?
+          end
         end
         r
       end
@@ -124,10 +136,11 @@ module Sqreen
           :verb => req.env['REQUEST_METHOD'],
           :host => hostname,
           :port => req.env['SERVER_PORT'],
-          :rport => req.env['REMOTE_PORT'],
           :referer => req.env['HTTP_REFERER'],
           :path => request_path,
-          :addr => client_ip,
+          :remote_port => req.env['REMOTE_PORT'],
+          :remote_ip => remote_addr,
+          :client_ip => client_ip,
         }
       end
 
@@ -221,6 +234,8 @@ module Sqreen
       # Cleanup request context
       def clean_request
         return unless SharedStorage.dec(:stored_requests) <= 0
+        payload_creator = Sqreen::PayloadCreator.new(self)
+        close_request_record(Sqreen.queue, Sqreen.observations_queue, payload_creator)
         SharedStorage.set(:request, nil)
       end
 
@@ -327,6 +342,11 @@ module Sqreen
         nil
       end
 
+      def remote_addr
+        return nil unless request
+        request.env['REMOTE_ADDR']
+      end
+
       protected
 
       # Is this a whitelisted path?

data/lib/sqreen/frameworks/request_recorder.rb

@@ -0,0 +1,68 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+require 'set'
+require 'sqreen/shared_storage'
+require 'sqreen/events/request_record'
+
+module Sqreen
+  # Store event/observations that happened in this request
+  module RequestRecorder
+    def observed_items
+      SharedStorage.get(:observed_items)
+    end
+
+    def observed_items=(value)
+      SharedStorage.set(:observed_items, value)
+    end
+
+    def payload_requests
+      SharedStorage.get(:payload_requests)
+    end
+
+    def payload_requests=(value)
+      SharedStorage.set(:payload_requests, value)
+    end
+
+    def only_metric_observation
+      SharedStorage.get(:only_metric_observation)
+    end
+
+    def only_metric_observation=(value)
+      SharedStorage.set(:only_metric_observation, value)
+    end
+
+    def clean_request_record
+      self.only_metric_observation = true
+      self.payload_requests = Set.new
+      self.observed_items = Hash.new { |hash, key| hash[key] = [] }
+    end
+
+    def observe(what, data, accessors = [], report = true)
+      clean_request_record if observed_items.nil?
+      self.only_metric_observation = false if report
+      observed_items[what] << data
+      payload_requests.merge(accessors)
+    end
+
+    def close_request_record(queue, observations_queue, payload_creator)
+      if only_metric_observation
+        push_metrics(observations_queue, queue)
+        return clean_request_record
+      end
+      payload = payload_creator.payload(payload_requests)
+      payload[:observed] = observed_items
+      queue.push RequestRecord.new(payload)
+      clean_request_record
+    end
+
+    protected
+
+    def push_metrics(observations_queue, event_queue)
+      observed_items[:observations].each do |obs|
+        observations_queue.push obs
+      end
+      return unless observations_queue.size > MAX_OBS_QUEUE_LENGTH / 2
+      event_queue.push Sqreen::METRICS_EVENT
+    end
+  end
+end

data/lib/sqreen/payload_creator.rb

@@ -1,7 +1,6 @@
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 
-require 'sqreen/context'
 require 'sqreen/runtime_infos'
 require 'sqreen/events/remote_exception'
 
@@ -15,8 +14,9 @@ module Sqreen
   # The payload will always be outputed as a
   # Hash of section => subsection.
   class PayloadCreator
-    def initialize(query)
-      self.query = query
+    attr_reader :framework
+    def initialize(framework)
+      @framework = framework
     end
 
     def query=(keys)
@@ -30,24 +30,25 @@ module Sqreen
       end
     end
 
-    def payload(framework, rule = {})
+    def payload(query)
+      self.query = query
       ret = {}
       METHODS.each_key do |section|
-        ret = fill(section, ret, framework, rule)
+        ret = fill(section, ret, @framework)
       end
       ret
     end
 
     protected
 
-    def fill(key, base, framework, rule)
+    def fill(key, base, framework)
       subsection = @sections[key]
       return base if subsection.nil?
       if subsection == true
-        return base.merge!(key => full_section(key, framework, rule))
+        return base.merge!(key => full_section(key, framework))
       end
       return base if subsection.empty?
-      base[key] = fields(key, framework, rule)
+      base[key] = fields(key, framework)
       base
     end
 
@@ -72,33 +73,25 @@ module Sqreen
         'cookies' => 'cookies_params',
         'rails' => 'rails_params',
       },
-      'rule' => {},
       'headers' => {},
-      'context' => {
-        'backtrace' => 'get_current_backtrace',
-      },
     }.freeze
 
-    def section_object(section, framework, rule)
+    def section_object(section, framework)
       return RuntimeInfos if section == 'local'
-      return rule if section == 'rule'
-      return Context.new if section == 'context'
       return HeaderSection.new(framework) if section == 'headers'
       framework
     end
 
-    def full_section(section, framework, rule)
-      return section_rule(framework, rule) if section == 'rule'
-      return section_context(framework, rule) if section == 'context'
+    def full_section(section, framework)
       # fast path prevent initializing a HeaderSection
       return framework.ip_headers if section == 'headers'
-      so = section_object(section, framework, rule)
+      so = section_object(section, framework)
       so.send(FULL_SECTIONS[section])
     end
 
-    def fields(section, framework, rule)
+    def fields(section, framework)
       out = {}
-      object = section_object(section, framework, rule)
+      object = section_object(section, framework)
       remove = []
       @sections[section].each do |key|
         meth = METHODS[section][key]
@@ -119,21 +112,6 @@ module Sqreen
       Sqreen::RemoteException.record(e)
     end
 
-    def section_context(framework, rule)
-      obj = section_object('context', framework, rule)
-      {
-        'backtrace' => obj.get_current_backtrace,
-      }
-    end
-
-    def section_rule(_framework, rule)
-      {
-        'name' => rule['name'],
-        'rulespack_id' => rule['rulespack_id'],
-        'test' => rule['test'],
-      }
-    end
-
     # object that default to call on framework header
     class HeaderSection
       def initialize(framework)
@@ -141,7 +119,7 @@ module Sqreen
       end
 
       def [](value)
-        if %w(rack_client_ip rails_client_ip ip_headers).include?(value)
+        if %w[rack_client_ip rails_client_ip ip_headers].include?(value)
           return @framework.send(value)
         end
         @framework.header(value)

data/lib/sqreen/rule_callback.rb

@@ -2,6 +2,7 @@
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 
 require 'sqreen/callbacks'
+require 'sqreen/context'
 require 'sqreen/conditionable'
 require 'sqreen/call_countable'
 require 'sqreen/rule_attributes'
@@ -18,8 +19,9 @@ module Sqreen
       include CallCountable
       # If nothing was asked by the rule we will ask for all sections available
       # These information will be pruned later when exporting in #to_hash
-      DEFAULT_PAYLOAD = PayloadCreator::METHODS.keys.freeze
+      DEFAULT_PAYLOAD = (PayloadCreator::METHODS.keys - ['local'] + ['context']).freeze
       attr_reader :test
+      attr_reader :payload_tpl
       attr_reader :block
       attr_accessor :framework
 
@@ -32,8 +34,7 @@ module Sqreen
         @test = rule_hash[Attrs::TEST] == true
         @data = rule_hash[Attrs::DATA]
         @rule = rule_hash
-        payload_tpl = @rule[Attrs::PAYLOAD] || DEFAULT_PAYLOAD
-        @payload_generator = PayloadCreator.new(payload_tpl)
+        @payload_tpl = @rule[Attrs::PAYLOAD] || DEFAULT_PAYLOAD
         condition_callbacks(@rule[Attrs::CONDITIONS])
         count_callback_calls(@rule[Attrs::CALL_COUNT_INTERVAL])
       end
@@ -61,10 +62,19 @@ module Sqreen
 
       # Record an attack event into Sqreen system
       # @param infos [Hash] Additional information about request
-      def record_event(infos)
-        payload = @payload_generator.payload(framework, @rule)
-        payload['infos'] = infos
-        Attack.record(payload)
+      def record_event(infos, at = Time.now.utc)
+        return unless framework
+        payload = {
+          :infos => infos,
+          :rulespack_id => rulespack_id,
+          :rule_name => rule_name,
+          :test => test,
+          :time => at,
+        }
+        if payload_tpl.include?('context')
+          payload[:backtrace] = Sqreen::Context.new.bt
+        end
+        framework.observe(:attacks, payload, payload_tpl)
       end
 
       # Record a metric observation
@@ -73,44 +83,25 @@ module Sqreen
       # @param observation [Object] data observed
       # @param at [Time] time when observation was made
       def record_observation(category, key, observation, at = Time.now.utc)
-        Sqreen.observations_queue.push [category, key, observation, at]
-        if Sqreen.observations_queue.size > MAX_OBS_QUEUE_LENGTH / 2
-          Sqreen.queue.push Sqreen::METRICS_EVENT
-        end
+        return unless framework
+        framework.observe(:observations, [category, key, observation, at], [], false)
       end
 
       # Record an exception that just occurred
       # @param exception [Exception] Exception to send over
       # @param infos [Hash] Additional contextual information
-      def record_exception(exception, infos = {})
-        payload = {}
-        payload['exception']      = exception
-        payload['rulespack_id']   = rulespack_id
-        payload['rule_name']      = rule_name
-        begin
-          payload['request_infos'] = framework.request_infos
-        rescue => e
-          Sqreen.log.debug("No framework request infos #{e}")
-        end
-        begin
-          payload['request_params'] = framework.request_params
-        rescue => e
-          Sqreen.log.debug("No framework request params #{e}")
-        end
-        payload['time']           = Time.now.utc
-        payload['infos']          = infos
-        payload['backtrace']      = Sqreen::Context.new.bt
-        begin
-          payload['client_ip'] = framework.client_ip.to_s
-        rescue => e
-          Sqreen.log.debug("No framework client_ip #{e}")
-        end
-        begin
-          payload['headers'] = framework.ip_headers
-        rescue => e
-          Sqreen.log.debug("No framework ip_headers #{e}")
-        end
-        RemoteException.record(payload)
+      def record_exception(exception, infos = {}, at = Time.now.utc)
+        return unless framework
+        payload = {
+          :exception => exception,
+          :infos => infos,
+          :rulespack_id => rulespack_id,
+          :rule_name => rule_name,
+          :test => test,
+          :time => at,
+          :backtrace => exception.backtrace || Sqreen::Context.bt,
+        }
+        framework.observe(:sqreen_exceptions, payload)
       end
     end
   end

data/lib/sqreen/rules.rb

@@ -1,6 +1,7 @@
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 
+require 'sqreen/log'
 require 'sqreen/rule_attributes'
 require 'sqreen/rules_callbacks'
 

data/lib/sqreen/rules_callbacks/execjs.rb

@@ -19,6 +19,7 @@ module Sqreen
   module Rules
     # Exec js callbacks
     class ExecJSCB < RuleCB
+      attr_accessor :restrict_max_depth
       def initialize(klass, method, rule_hash)
         super(klass, method, rule_hash)
         callbacks = @rule[Attrs::CALLBACKS]
@@ -32,6 +33,7 @@ module Sqreen
 
         build_runnable(callbacks)
         @compiled = ExecJS.compile(@source)
+        @restrict_max_depth = 20
       end
 
       def pre?
@@ -97,12 +99,11 @@ module Sqreen
         insert.reverse.each do |wh, ikey, ival|
           case wh
           when Array
-            wh << ival unless ival.empty?
+            wh << ival unless ival.respond_to?(:empty?) && ival.empty?
           else
-            wh[ikey] = ival unless ival.empty?
+            wh[ikey] = ival unless ival.respond_to?(:empty?) && ival.empty?
           end
         end
-
         new_obj
       end
 
@@ -184,7 +185,8 @@ module Sqreen
           arguments[haystack_idx] = ExecJSCB.hash_val_included(
             arguments[needed_idx],
             arguments[haystack_idx],
-            min_length.to_i
+            min_length.to_i,
+            @restrict_max_depth
           )
         end
 

data/lib/sqreen/sdk.rb

@@ -1,14 +1,22 @@
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 
+# Sqreen Namespace
 module Sqreen
   # Sqreen SDK
   class << self
     # Authentication tracking method
-    def auth_track(is_logged_in, authentication_keys)
-    end
+    def auth_track(is_logged_in, authentication_keys); end
+
+    def signup_track(authentication_keys); end
 
-    def signup_track(authentication_keys)
+    def identify(authentication_keys, traits = {})
+      return unless Sqreen.framework
+      Sqreen.framework.observe(
+        :sdk,
+        [:identify, Time.now, authentication_keys, traits],
+        [], false
+      )
     end
   end
 end

data/lib/sqreen/session.rb

@@ -5,6 +5,8 @@ require 'sqreen/log'
 require 'sqreen/serializer'
 require 'sqreen/runtime_infos'
 require 'sqreen/events/remote_exception'
+require 'sqreen/events/attack'
+require 'sqreen/events/request_record'
 require 'sqreen/exception'
 require 'sqreen/safe_json'
 
@@ -159,8 +161,7 @@ module Sqreen
       connect unless connected?
       headers['X-Session-Key'] = @session_id if @session_id
       headers['X-Sqreen-Time'] = Time.now.utc.to_f.to_s
-      headers['X-Sqreen-Agent'] = "Ruby/#{Sqreen::VERSION}"
-      headers['User-Agent'] = "Ruby/#{Sqreen::VERSION}"
+      headers['User-Agent'] = "sqreen-ruby/#{Sqreen::VERSION}"
       headers['X-Sqreen-Beta'] = format('pid=%d;tid=%s;nb=%d;t=%f',
                                         Process.pid,
                                         thread_id,
@@ -263,6 +264,10 @@ module Sqreen
                                'dependencies' => dependencies)
     end
 
+    def post_request_record(request_record)
+      resilient_post('request_record', request_record.to_hash)
+    end
+
     # Post an exception to Sqreen for analysis
     # @param exception [RemoteException] Exception and context to be sent over
     def post_sqreen_exception(exception)
@@ -305,6 +310,7 @@ module Sqreen
       case event
       when Sqreen::RemoteException then 'sqreen_exception'
       when Sqreen::Attack then 'attack'
+      when Sqreen::RequestRecord then 'request_record'
       end
     end
   end

data/lib/sqreen/shared_storage.rb

@@ -0,0 +1,32 @@
+# Copyright (c) 2015 Sqreen. All Rights Reserved.
+# Please refer to our terms for more information: https://www.sqreen.io/terms.html
+
+module Sqreen
+  module SharedStorage
+    @@shared = {}
+
+    def self::get(key, default = nil)
+      h = @@shared[Thread.current]
+      return h.fetch(key, default) if h
+      default
+    end
+
+    def self::set(key, obj)
+      main_key = Thread.current
+      @@shared[main_key] = {} unless @@shared.key? main_key
+      @@shared[main_key][key] = obj
+    end
+
+    def self.clear
+      @@shared.delete(Thread.current)
+    end
+
+    def self.inc(value)
+      set(value, get(value, 0) + 1)
+    end
+
+    def self.dec(value)
+      set(value, get(value, 0) - 1)
+    end
+  end
+end

data/lib/sqreen/version.rb

@@ -1,5 +1,5 @@
 # Copyright (c) 2015 Sqreen. All Rights Reserved.
 # Please refer to our terms for more information: https://www.sqreen.io/terms.html
 module Sqreen
-  VERSION = '1.8.5'.freeze
+  VERSION = '1.9.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sqreen
 version: !ruby/object:Gem::Version
-  version: 1.8.5
+  version: 1.9.0
 platform: ruby
 authors:
 - Sqreen
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-10-18 00:00:00.000000000 Z
+date: 2018-01-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: execjs
@@ -65,11 +65,13 @@ files:
 - lib/sqreen/event.rb
 - lib/sqreen/events/attack.rb
 - lib/sqreen/events/remote_exception.rb
+- lib/sqreen/events/request_record.rb
 - lib/sqreen/exception.rb
 - lib/sqreen/frameworks.rb
 - lib/sqreen/frameworks/generic.rb
 - lib/sqreen/frameworks/rails.rb
 - lib/sqreen/frameworks/rails3.rb
+- lib/sqreen/frameworks/request_recorder.rb
 - lib/sqreen/frameworks/sinatra.rb
 - lib/sqreen/frameworks/sqreen_test.rb
 - lib/sqreen/instrumentation.rb
@@ -116,6 +118,7 @@ files:
 - lib/sqreen/sdk.rb
 - lib/sqreen/serializer.rb
 - lib/sqreen/session.rb
+- lib/sqreen/shared_storage.rb
 - lib/sqreen/stats.rb
 - lib/sqreen/version.rb
 homepage: https://www.sqreen.io/