threatstack-agent-ruby 0.2.2 → 0.2.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fa1398b7851406159b1b63a72d7c7f2b14b40e5929eee4328fb0177f50c623fe
4
- data.tar.gz: 625e1357834a009d1584337854da8bc03b3af29d6f0d8acaa50d3863309faf9b
3
+ metadata.gz: a6e908b193838dd48d02f2499d455e3a32c1717d560c7b98a8be906deed42035
4
+ data.tar.gz: 130ee1345687bb4e8c301fa99a5559e3db4c231778cc9c3b25210e4a29467f5d
5
5
  SHA512:
6
- metadata.gz: f8695fbc63b6e46234cdebd7374f0d4260a72921a370f1fab383c143257bf1a63ae38a601e5c77b53c13f26e72ed4ed61bbc4287ea4fab783242994e489baf83
7
- data.tar.gz: aa23290287624820d3412bf543d1a118a9b5e298abc8259a88c1f24699da09b687eccb410ce16caf5fa3fccb84208bae01f61b084660c75c03cecea53079dc0a
6
+ metadata.gz: 428ac8a8aae453502e55f9c6011f47afff7cc7ade425fedc0da24059afc8c557501c21fbdbec46d1647b103c5c8c3bef484b916343871cfa97fcfc26a161fb75
7
+ data.tar.gz: 14b3056242ee19715522aaf97e2386eeb54a5ce92c068d794c5bbd9460c496b7f64b4c22ce1af1e9bffb2d14c5f12fa304b0da1f25bfe2571c7b6402a5763836
data/lib/constants.rb CHANGED
@@ -55,8 +55,12 @@ module Threatstack
55
55
  DROP_FIELDS = self.env('DROP_FIELDS', false) ? self.env('DROP_FIELDS').split(',').each_with_object({}) do |val, h|
56
56
  h[val] = true
57
57
  end : nil
58
+ ## specifies which user fields should be omitted from event payloads
59
+ FILTER_BY_PATH = self.env('FILTER_BY_PATH', false) ? self.env('FILTER_BY_PATH').split(',') : nil
58
60
  ## string to use when redacting fields
59
61
  REDACTED = self.env('REDACTED', '#REDACTED#')
62
+ ## send up attack events only to the platform
63
+ DETECT_ATTACKS_ONLY = self.is_truthy('DETECT_ATTACKS_ONLY')
60
64
 
61
65
  # EVENT SUBMITTER
62
66
  ## event reporting frequency
@@ -101,7 +105,7 @@ module Threatstack
101
105
  SERVER_SOFTWARE]).freeze
102
106
 
103
107
  # Utils
104
- ROOT_DIR = self.app_root_dir
108
+ ROOT_DIR = self.app_root_dir.nil? ? nil : self.app_root_dir.to_s
105
109
  end
106
110
  end
107
111
 
@@ -110,6 +114,8 @@ require_relative './utils/logger'
110
114
  module Threatstack
111
115
  module Constants
112
116
  spec = Gem.loaded_specs['threatstack-agent-ruby']
117
+ AGENT_VERSION = spec.nil? || !spec.respond_to?(:version) ? 'N/A' : spec.version.to_s
118
+
113
119
  logger = Threatstack::Utils::TSLogger.create 'Constants'
114
120
  logger.info """ Threatstack Ruby Agent Config
115
121
  VERSION: #{spec.nil? || !spec.respond_to?(:version) ? 'N/A' : spec.version}
@@ -129,6 +135,7 @@ module Threatstack
129
135
  LOG COLORS: #{LOG_COLORS}
130
136
  MANUAL INIT: #{MANUAL_INIT}
131
137
  REDACTED TEXT: #{REDACTED}
138
+ DETECT_ATTACKS_ONLY: #{DETECT_ATTACKS_ONLY}
132
139
  ROOT DIR: #{ROOT_DIR}"""
133
140
  end
134
141
  end
data/lib/control.rb CHANGED
@@ -33,15 +33,17 @@ module Threatstack
33
33
  Threatstack::Instrumentation::Frameworks::TSRails.patch_action_controller
34
34
  logger.info 'Done instrumenting Rails'
35
35
 
36
- ## patch Kernel methods
37
- logger.info 'Instrumenting Kernel methods...'
38
- Threatstack::Instrumentation::Frameworks::TSKernel.wrap_methods
39
- logger.info 'Done instrumenting Kernel methods'
36
+ if(!DETECT_ATTACKS_ONLY)
37
+ ## patch Kernel methods
38
+ logger.info 'Instrumenting Kernel methods...'
39
+ Threatstack::Instrumentation::Frameworks::TSKernel.wrap_methods
40
+ logger.info 'Done instrumenting Kernel methods'
41
+ end
40
42
 
41
43
  ## patch Kernel methods
42
- logger.info 'Instrumenting Random methods...'
43
- Threatstack::Instrumentation::Frameworks::TSRandom.wrap_methods
44
- logger.info 'Done instrumenting Random methods'
44
+ # logger.info 'Instrumenting Random methods...'
45
+ # Threatstack::Instrumentation::Frameworks::TSRandom.wrap_methods
46
+ # logger.info 'Done instrumenting Random methods'
45
47
 
46
48
  ############################## Event Submitter ##############################
47
49
  # Start EventSubmitter asynchronously
@@ -49,18 +51,20 @@ module Threatstack
49
51
  Threatstack::Jobs::EventSubmitter.instance.start
50
52
  logger.info 'Started Event Submitter'
51
53
 
52
- ############################## Delayed Tasks ##############################
53
- # Gather environment and dependency info asynchronously
54
- Threatstack::Jobs::DelayedJob.new(logger, 5) do
55
- dep_event = Threatstack::Events::DependencyEvent.new
56
- # submit dependency event
57
- Threatstack::Jobs::EventSubmitter.instance.queue_event dep_event
58
- # submit environment event
59
- Threatstack::Jobs::EventSubmitter.instance.queue_event Threatstack::Events::EnvironmentEvent.new
60
- end
61
- # Report Rails config once it's loaded
62
- Threatstack::Jobs::DelayedJob.new('DelayedConfig', 20) do
63
- Threatstack::Instrumentation::Frameworks::TSRails.report_application_config
54
+ if(!DETECT_ATTACKS_ONLY)
55
+ ############################## Delayed Tasks ##############################
56
+ # Gather environment and dependency info asynchronously
57
+ Threatstack::Jobs::DelayedJob.new(logger, 5) do
58
+ dep_event = Threatstack::Events::DependencyEvent.new
59
+ # submit dependency event
60
+ Threatstack::Jobs::EventSubmitter.instance.queue_event dep_event
61
+ # submit environment event
62
+ Threatstack::Jobs::EventSubmitter.instance.queue_event Threatstack::Events::EnvironmentEvent.new
63
+ end
64
+ # Report Rails config once it's loaded
65
+ Threatstack::Jobs::DelayedJob.new('DelayedConfig', 20) do
66
+ Threatstack::Instrumentation::Frameworks::TSRails.report_application_config
67
+ end
64
68
  end
65
69
 
66
70
  logger.info 'Initialization done for agent'
@@ -71,4 +75,4 @@ module Threatstack
71
75
  self.init unless DISABLED || MANUAL_INIT
72
76
  end
73
77
  end
74
- end
78
+ end
@@ -14,7 +14,20 @@ module Threatstack
14
14
  @@logger = Threatstack::Utils::TSLogger.create 'CommonInstrumentation'
15
15
  @@submitter = Threatstack::Jobs::EventSubmitter.instance
16
16
 
17
+ def self.is_filtered_event(file_path)
18
+ return false if FILTER_BY_PATH.nil?
19
+ return false if file_path.nil?
20
+
21
+ # loop over filtered paths to check if there's a match
22
+ filtered = FILTER_BY_PATH.any? do |path|
23
+ file_path.include? path
24
+ end
25
+ filtered
26
+ end
27
+
17
28
  def self.create_instrumentation_event(module_name, method_name, file_path, line_num, arguments)
29
+ return if is_filtered_event(file_path)
30
+
18
31
  data = {
19
32
  :module_name => module_name,
20
33
  :method_name => method_name,
@@ -25,7 +25,6 @@ module Threatstack
25
25
  backup_name = get_backup_name(method, suffix)
26
26
  outer_block = block
27
27
  Proc.new do |*args, &block|
28
- @@logger.debug "Wrapped method called: #{klass}.#{method}"
29
28
  caller_loc = caller_locations(1, 10)
30
29
  if outer_block
31
30
  # exec callback
@@ -61,10 +61,13 @@ module Threatstack
61
61
  headers = {
62
62
  'Content-Type' => 'application/json',
63
63
  'bluefyre-agent-id' => AGENT_ID,
64
- 'bluefyre-agent-instance-id' => AGENT_INSTANCE_ID
64
+ 'bluefyre-agent-instance-id' => AGENT_INSTANCE_ID,
65
+ 'bluefyre-agent-version' => AGENT_VERSION,
66
+ 'bluefyre-agent-type' => RUBY
65
67
  }
66
68
  http = Net::HTTP.new(uri.host, uri.port)
67
69
  http.use_ssl = true
70
+ http.max_retries=0 # don't attempt to retry if the request fails
68
71
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
69
72
  req = Net::HTTP::Post.new(uri.request_uri, headers)
70
73
  req.body = json_payload
@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
5
5
 
6
6
  Gem::Specification.new do |spec|
7
7
  spec.name = 'threatstack-agent-ruby'
8
- spec.version = '0.2.2'
8
+ spec.version = '0.2.3'
9
9
  spec.authors = ['Threat Stack Inc']
10
10
  spec.email = ['support@threatstack.com']
11
11
  spec.summary = 'Ruby version of the ThreatStack agent which helps identify security vulnerabilities at runtime'
@@ -15,6 +15,10 @@ Gem::Specification.new do |spec|
15
15
  "LICENSE"
16
16
  ]
17
17
  spec.required_ruby_version = '>= 1.8.7'
18
+ spec.description = <<-EOS
19
+ Ruby version of the [Threat Stack](https://www.threatstack.com) agent which helps identify security vulnerabilities at runtime. Refer detailed instructions on how to install the Threat Stack agent [here](https://threatstack.zendesk.com/hc/en-us/articles/360039993431). All components of this product are - Copyright (c) 2021 Threatstack, Inc. All rights reserved.Certain inventions disclosed in this file may be claimed within patents owned or patent applications filed by Threatstack, Inc. or third parties. The Threatstack Ruby agent also uses code from the following open source projects under the following licenses:
20
+ libinjection http://opensource.org/licenses/BSD-3-Clause
21
+ EOS
18
22
 
19
23
  spec.files = Dir.chdir(File.expand_path(__dir__)) do
20
24
  `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^((test|spec|features|)/|Gemfile_release|Rakefile|README.md|.gitlab-ci.yml|.rubocop.yml|Gemfile.lock|.gitignore)}) }
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: threatstack-agent-ruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.2.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Threat Stack Inc
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-12 00:00:00.000000000 Z
11
+ date: 2021-11-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: network_interface
@@ -150,7 +150,9 @@ dependencies:
150
150
  - - ">="
151
151
  - !ruby/object:Gem::Version
152
152
  version: '0'
153
- description:
153
+ description: |
154
+ Ruby version of the [Threat Stack](https://www.threatstack.com) agent which helps identify security vulnerabilities at runtime. Refer detailed instructions on how to install the Threat Stack agent [here](https://threatstack.zendesk.com/hc/en-us/articles/360039993431). All components of this product are - Copyright (c) 2021 Threatstack, Inc. All rights reserved.Certain inventions disclosed in this file may be claimed within patents owned or patent applications filed by Threatstack, Inc. or third parties. The Threatstack Ruby agent also uses code from the following open source projects under the following licenses:
155
+ libinjection http://opensource.org/licenses/BSD-3-Clause
154
156
  email:
155
157
  - support@threatstack.com
156
158
  executables: []