threatstack-agent-ruby 0.2.2 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/constants.rb +8 -1
- data/lib/control.rb +24 -20
- data/lib/instrumentation/common.rb +13 -0
- data/lib/instrumentation/instrumenter.rb +0 -1
- data/lib/jobs/event_submitter.rb +4 -1
- data/threatstack-agent-ruby.gemspec +5 -1
- metadata +5 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a6e908b193838dd48d02f2499d455e3a32c1717d560c7b98a8be906deed42035
|
4
|
+
data.tar.gz: 130ee1345687bb4e8c301fa99a5559e3db4c231778cc9c3b25210e4a29467f5d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 428ac8a8aae453502e55f9c6011f47afff7cc7ade425fedc0da24059afc8c557501c21fbdbec46d1647b103c5c8c3bef484b916343871cfa97fcfc26a161fb75
|
7
|
+
data.tar.gz: 14b3056242ee19715522aaf97e2386eeb54a5ce92c068d794c5bbd9460c496b7f64b4c22ce1af1e9bffb2d14c5f12fa304b0da1f25bfe2571c7b6402a5763836
|
data/lib/constants.rb
CHANGED
@@ -55,8 +55,12 @@ module Threatstack
|
|
55
55
|
DROP_FIELDS = self.env('DROP_FIELDS', false) ? self.env('DROP_FIELDS').split(',').each_with_object({}) do |val, h|
|
56
56
|
h[val] = true
|
57
57
|
end : nil
|
58
|
+
## specifies which user fields should be omitted from event payloads
|
59
|
+
FILTER_BY_PATH = self.env('FILTER_BY_PATH', false) ? self.env('FILTER_BY_PATH').split(',') : nil
|
58
60
|
## string to use when redacting fields
|
59
61
|
REDACTED = self.env('REDACTED', '#REDACTED#')
|
62
|
+
## send up attack events only to the platform
|
63
|
+
DETECT_ATTACKS_ONLY = self.is_truthy('DETECT_ATTACKS_ONLY')
|
60
64
|
|
61
65
|
# EVENT SUBMITTER
|
62
66
|
## event reporting frequency
|
@@ -101,7 +105,7 @@ module Threatstack
|
|
101
105
|
SERVER_SOFTWARE]).freeze
|
102
106
|
|
103
107
|
# Utils
|
104
|
-
ROOT_DIR = self.app_root_dir
|
108
|
+
ROOT_DIR = self.app_root_dir.nil? ? nil : self.app_root_dir.to_s
|
105
109
|
end
|
106
110
|
end
|
107
111
|
|
@@ -110,6 +114,8 @@ require_relative './utils/logger'
|
|
110
114
|
module Threatstack
|
111
115
|
module Constants
|
112
116
|
spec = Gem.loaded_specs['threatstack-agent-ruby']
|
117
|
+
AGENT_VERSION = spec.nil? || !spec.respond_to?(:version) ? 'N/A' : spec.version.to_s
|
118
|
+
|
113
119
|
logger = Threatstack::Utils::TSLogger.create 'Constants'
|
114
120
|
logger.info """ Threatstack Ruby Agent Config
|
115
121
|
VERSION: #{spec.nil? || !spec.respond_to?(:version) ? 'N/A' : spec.version}
|
@@ -129,6 +135,7 @@ module Threatstack
|
|
129
135
|
LOG COLORS: #{LOG_COLORS}
|
130
136
|
MANUAL INIT: #{MANUAL_INIT}
|
131
137
|
REDACTED TEXT: #{REDACTED}
|
138
|
+
DETECT_ATTACKS_ONLY: #{DETECT_ATTACKS_ONLY}
|
132
139
|
ROOT DIR: #{ROOT_DIR}"""
|
133
140
|
end
|
134
141
|
end
|
data/lib/control.rb
CHANGED
@@ -33,15 +33,17 @@ module Threatstack
|
|
33
33
|
Threatstack::Instrumentation::Frameworks::TSRails.patch_action_controller
|
34
34
|
logger.info 'Done instrumenting Rails'
|
35
35
|
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
36
|
+
if(!DETECT_ATTACKS_ONLY)
|
37
|
+
## patch Kernel methods
|
38
|
+
logger.info 'Instrumenting Kernel methods...'
|
39
|
+
Threatstack::Instrumentation::Frameworks::TSKernel.wrap_methods
|
40
|
+
logger.info 'Done instrumenting Kernel methods'
|
41
|
+
end
|
40
42
|
|
41
43
|
## patch Kernel methods
|
42
|
-
logger.info 'Instrumenting Random methods...'
|
43
|
-
Threatstack::Instrumentation::Frameworks::TSRandom.wrap_methods
|
44
|
-
logger.info 'Done instrumenting Random methods'
|
44
|
+
# logger.info 'Instrumenting Random methods...'
|
45
|
+
# Threatstack::Instrumentation::Frameworks::TSRandom.wrap_methods
|
46
|
+
# logger.info 'Done instrumenting Random methods'
|
45
47
|
|
46
48
|
############################## Event Submitter ##############################
|
47
49
|
# Start EventSubmitter asynchronously
|
@@ -49,18 +51,20 @@ module Threatstack
|
|
49
51
|
Threatstack::Jobs::EventSubmitter.instance.start
|
50
52
|
logger.info 'Started Event Submitter'
|
51
53
|
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
Threatstack::
|
54
|
+
if(!DETECT_ATTACKS_ONLY)
|
55
|
+
############################## Delayed Tasks ##############################
|
56
|
+
# Gather environment and dependency info asynchronously
|
57
|
+
Threatstack::Jobs::DelayedJob.new(logger, 5) do
|
58
|
+
dep_event = Threatstack::Events::DependencyEvent.new
|
59
|
+
# submit dependency event
|
60
|
+
Threatstack::Jobs::EventSubmitter.instance.queue_event dep_event
|
61
|
+
# submit environment event
|
62
|
+
Threatstack::Jobs::EventSubmitter.instance.queue_event Threatstack::Events::EnvironmentEvent.new
|
63
|
+
end
|
64
|
+
# Report Rails config once it's loaded
|
65
|
+
Threatstack::Jobs::DelayedJob.new('DelayedConfig', 20) do
|
66
|
+
Threatstack::Instrumentation::Frameworks::TSRails.report_application_config
|
67
|
+
end
|
64
68
|
end
|
65
69
|
|
66
70
|
logger.info 'Initialization done for agent'
|
@@ -71,4 +75,4 @@ module Threatstack
|
|
71
75
|
self.init unless DISABLED || MANUAL_INIT
|
72
76
|
end
|
73
77
|
end
|
74
|
-
end
|
78
|
+
end
|
@@ -14,7 +14,20 @@ module Threatstack
|
|
14
14
|
@@logger = Threatstack::Utils::TSLogger.create 'CommonInstrumentation'
|
15
15
|
@@submitter = Threatstack::Jobs::EventSubmitter.instance
|
16
16
|
|
17
|
+
def self.is_filtered_event(file_path)
|
18
|
+
return false if FILTER_BY_PATH.nil?
|
19
|
+
return false if file_path.nil?
|
20
|
+
|
21
|
+
# loop over filtered paths to check if there's a match
|
22
|
+
filtered = FILTER_BY_PATH.any? do |path|
|
23
|
+
file_path.include? path
|
24
|
+
end
|
25
|
+
filtered
|
26
|
+
end
|
27
|
+
|
17
28
|
def self.create_instrumentation_event(module_name, method_name, file_path, line_num, arguments)
|
29
|
+
return if is_filtered_event(file_path)
|
30
|
+
|
18
31
|
data = {
|
19
32
|
:module_name => module_name,
|
20
33
|
:method_name => method_name,
|
data/lib/jobs/event_submitter.rb
CHANGED
@@ -61,10 +61,13 @@ module Threatstack
|
|
61
61
|
headers = {
|
62
62
|
'Content-Type' => 'application/json',
|
63
63
|
'bluefyre-agent-id' => AGENT_ID,
|
64
|
-
'bluefyre-agent-instance-id' => AGENT_INSTANCE_ID
|
64
|
+
'bluefyre-agent-instance-id' => AGENT_INSTANCE_ID,
|
65
|
+
'bluefyre-agent-version' => AGENT_VERSION,
|
66
|
+
'bluefyre-agent-type' => RUBY
|
65
67
|
}
|
66
68
|
http = Net::HTTP.new(uri.host, uri.port)
|
67
69
|
http.use_ssl = true
|
70
|
+
http.max_retries=0 # don't attempt to retry if the request fails
|
68
71
|
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
69
72
|
req = Net::HTTP::Post.new(uri.request_uri, headers)
|
70
73
|
req.body = json_payload
|
@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = 'threatstack-agent-ruby'
|
8
|
-
spec.version = '0.2.
|
8
|
+
spec.version = '0.2.3'
|
9
9
|
spec.authors = ['Threat Stack Inc']
|
10
10
|
spec.email = ['support@threatstack.com']
|
11
11
|
spec.summary = 'Ruby version of the ThreatStack agent which helps identify security vulnerabilities at runtime'
|
@@ -15,6 +15,10 @@ Gem::Specification.new do |spec|
|
|
15
15
|
"LICENSE"
|
16
16
|
]
|
17
17
|
spec.required_ruby_version = '>= 1.8.7'
|
18
|
+
spec.description = <<-EOS
|
19
|
+
Ruby version of the [Threat Stack](https://www.threatstack.com) agent which helps identify security vulnerabilities at runtime. Refer detailed instructions on how to install the Threat Stack agent [here](https://threatstack.zendesk.com/hc/en-us/articles/360039993431). All components of this product are - Copyright (c) 2021 Threatstack, Inc. All rights reserved.Certain inventions disclosed in this file may be claimed within patents owned or patent applications filed by Threatstack, Inc. or third parties. The Threatstack Ruby agent also uses code from the following open source projects under the following licenses:
|
20
|
+
libinjection http://opensource.org/licenses/BSD-3-Clause
|
21
|
+
EOS
|
18
22
|
|
19
23
|
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
20
24
|
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^((test|spec|features|)/|Gemfile_release|Rakefile|README.md|.gitlab-ci.yml|.rubocop.yml|Gemfile.lock|.gitignore)}) }
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: threatstack-agent-ruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Threat Stack Inc
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-11-12 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: network_interface
|
@@ -150,7 +150,9 @@ dependencies:
|
|
150
150
|
- - ">="
|
151
151
|
- !ruby/object:Gem::Version
|
152
152
|
version: '0'
|
153
|
-
description:
|
153
|
+
description: |
|
154
|
+
Ruby version of the [Threat Stack](https://www.threatstack.com) agent which helps identify security vulnerabilities at runtime. Refer detailed instructions on how to install the Threat Stack agent [here](https://threatstack.zendesk.com/hc/en-us/articles/360039993431). All components of this product are - Copyright (c) 2021 Threatstack, Inc. All rights reserved.Certain inventions disclosed in this file may be claimed within patents owned or patent applications filed by Threatstack, Inc. or third parties. The Threatstack Ruby agent also uses code from the following open source projects under the following licenses:
|
155
|
+
libinjection http://opensource.org/licenses/BSD-3-Clause
|
154
156
|
email:
|
155
157
|
- support@threatstack.com
|
156
158
|
executables: []
|