lib/sqreen/instrumentation.rb in sqreen-alt-1.11.3 vs lib/sqreen/instrumentation.rb in sqreen-alt-1.12.0
- old
+ new
@@ -8,10 +8,11 @@
require 'sqreen/call_countable'
require 'sqreen/events/remote_exception'
require 'sqreen/rules_signature'
require 'sqreen/shared_storage'
require 'sqreen/rules_callbacks/record_request_context'
+require 'sqreen/rules_callbacks/run_req_start_actions'
require 'set'
# How to override a class method:
#
# class Cache
@@ -308,10 +309,11 @@
next
when :modify_args, 'modify_args'
args = ret[:args]
when :raise, 'raise'
Thread.current[:sqreen_in_use] = false
+ raise ret[:exception] if ret.key?(:exception)
raise Sqreen::AttackBlocked, "Sqreen blocked a security threat (type: #{ret[:rule_name]}). No action is required."
end
end
end
Thread.current[:sqreen_in_use] = false
@@ -657,28 +659,40 @@
end
end
attr_accessor :metrics_engine
+ # @return [Array<Sqreen::CB>]
+ def hardcoded_callbacks(framework)
+ [
+ Sqreen::Rules::RunReqStartActions.new(framework)
+ ]
+ end
+
# Instrument the application code using the rules
# @param rules [Array<Hash>] Rules to instrument
- # @param metrics_engine [MetricsStore] Metric storage facility
+ # @param framework [Sqreen::Frameworks::GenericFramework]
def instrument!(rules, framework)
verifier = nil
if Sqreen.features['rules_signature'] &&
Sqreen.config_get(:rules_verify_signature) == true &&
!defined?(::JRUBY_VERSION)
verifier = Sqreen::SqreenSignedVerifier.new
else
Sqreen.log.debug('Rules signature is not enabled')
end
+
remove_all_callbacks # Force cb tree to be empty before instrumenting
+
rules.each do |rule|
rcb = Sqreen::Rules.cb_from_rule(rule, self, metrics_engine, verifier)
next unless rcb
rcb.framework = framework
add_callback(rcb)
end
+
+ hardcoded_callbacks(framework).each { |cb| add_callback(cb) }
+
Sqreen.instrumentation_ready = true
end
def initialize(metrics_engine = nil)
self.metrics_engine = metrics_engine