module Sqreen::Legacy::EventToHash

Public Class Methods

convert_agg_metric(agg_metric) click to toggle source

@param [Sqreen::AggregatedMetric] agg_metric

# File lib/sqreen/legacy/old_event_submission_strategy.rb, line 217
def convert_agg_metric(agg_metric)
  {
    name: agg_metric.name,
    observation: agg_metric.data,
    start: agg_metric.start,
    finish: agg_metric.finish,
  }
end
convert_attack(attack) click to toggle source

@param attack [Sqreen::Attack]

# File lib/sqreen/legacy/old_event_submission_strategy.rb, line 104
def convert_attack(attack)
  payload = attack.payload
  res = {}
  rule_p = payload['rule']
  request_p = payload['request']
  res[:rule_name]    = rule_p['name']         if rule_p && rule_p['name']
  res[:rulespack_id] = rule_p['rulespack_id'] if rule_p && rule_p['rulespack_id']
  res[:test]         = rule_p['test']         if rule_p && rule_p['test']
  res[:infos]        = payload['infos']       if payload['infos']
  res[:time]         = attack.time
  res[:client_ip]    = request_p[:addr]       if request_p && request_p[:addr]
  res[:request]      = request_p              if request_p
  res[:params]       = payload['params']      if payload['params']
  res[:context]      = payload['context']     if payload['context']
  res[:headers]      = payload['headers']     if payload['headers']
  res
end
convert_exception(exception_evt) click to toggle source

@param exception_evt [Sqreen::RemoteException]

# File lib/sqreen/legacy/old_event_submission_strategy.rb, line 193
def convert_exception(exception_evt)
  payload = exception_evt.payload
  exception = payload['exception']
  ev = {
    :klass => exception.class.name,
    :message => exception.message,
    :params => payload['request_params'],
    :time => payload['time'],
    :infos => {
      :client_ip => payload['client_ip'],
    },
    :request => payload['request_infos'],
    :headers => payload['headers'],
    :rule_name => payload['rule_name'],
    :rulespack_id => payload['rulespack_id'],
  }

  ev[:infos].merge!(payload['infos']) if payload['infos']
  return ev unless exception.backtrace
  ev[:context] = { :backtrace => exception.backtrace.map(&:to_s) }
  ev
end
convert_request_record(rr) click to toggle source

@param [Sqreen::RequestRecord] rr

# File lib/sqreen/legacy/old_event_submission_strategy.rb, line 123
def convert_request_record(rr)
  res = { :version => '20171208' }
  payload = rr.payload

  if payload[:observed]
    res[:observed] = payload[:observed].dup
    rulespack = nil
    if rr.observed[:attacks]
      res[:observed][:attacks] = rr.observed[:attacks].map do |att|
        natt = att.dup
        [:attack_type, :block].each { |k| natt.delete(k) } # signals stuff
        rulespack = natt.delete(:rulespack_id) || rulespack
        natt
      end
    end
    if rr.observed[:sqreen_exceptions]
      res[:observed][:sqreen_exceptions] = rr.observed[:sqreen_exceptions].map do |exc|
        nex = exc.dup
        excp = nex.delete(:exception)
        if excp
          nex[:message] = excp.message
          nex[:klass] = excp.class.name
        end
        rulespack = nex.delete(:rulespack_id) || rulespack
        nex
      end
    end
    res[:rulespack_id] = rulespack unless rulespack.nil?
    if rr.observed[:observations]
      res[:observed][:observations] = rr.observed[:observations].map do |cat, key, value, time|
        { :category => cat, :key => key, :value => value, :time => time }
      end
    end
    if rr.observed[:sdk] # rubocop:disable Style/IfUnlessModifier
      res[:observed][:sdk] = rr.processed_sdk_calls
    end
  end
  res[:local] = payload['local'] if payload['local']
  if payload['request']
    res[:request] = payload['request'].dup
    res[:client_ip] = res[:request].delete(:client_ip) if res[:request][:client_ip]
  else
    res[:request] = {}
  end
  if payload['response']
    res[:response] = payload['response'].dup
  else
    res[:response] = {}
  end

  res[:request][:parameters] = payload['params'] if payload['params']
  res[:request][:headers] = payload['headers'] if payload['headers']

  res = Sqreen::Kit::StringSanitizer.sanitize(res)

  if rr.redactor
    res[:request], redacted = rr.redactor.redact(res[:request])
    redacted = redacted.uniq
    if redacted.any? && res[:observed] && res[:observed][:attacks]
      res[:observed][:attacks] = WafRedactions.redact_attacks!(res[:observed][:attacks], redacted)
    end
    if redacted.any? && res[:observed] && res[:observed][:sqreen_exceptions]
      res[:observed][:sqreen_exceptions] = WafRedactions.redact_exceptions!(res[:observed][:sqreen_exceptions], redacted)
    end
  end

  res
end