class Sqreen::Rules::RuleCB

Base class for callback that are initialized by rules from Sqreen

Constants

DEFAULT_PAYLOAD

If nothing was asked by the rule we will ask for all sections available These information will be pruned later when exporting in to_hash

Attributes

block[R]
payload_tpl[R]
test[R]

Public Class Methods

new(klass, method, rule_hash) click to toggle source

@params klass [String] class instrumented @params method [String] method that was instrumented @params rule_hash [Hash] Rule data that govern the current behavior

Calls superclass method Sqreen::CB::new
# File lib/sqreen/rules/rule_cb.rb, line 33
def initialize(klass, method, rule_hash)
  super(klass, method)
  @block = rule_hash[Attrs::BLOCK] == true
  @test = rule_hash[Attrs::TEST] == true
  @data = rule_hash[Attrs::DATA]
  @rule = rule_hash
  @payload_tpl = @rule[Attrs::PAYLOAD] || DEFAULT_PAYLOAD
  @overtimeable = true
  condition_callbacks(@rule[Attrs::CONDITIONS])
  count_callback_calls(@rule[Attrs::CALL_COUNT_INTERVAL])
end

Public Instance Methods

advise_action(action, additional_data = {}) click to toggle source

Recommend taking an action (optionnally adding more data/context)

This will format the requested action and optionnally override it if it should not be taken (should not block for example)

# File lib/sqreen/rules/rule_cb.rb, line 106
def advise_action(action, additional_data = {})
  return if action.nil? && additional_data.empty?
  additional_data.merge(:status => action)
end
overtime!() click to toggle source
# File lib/sqreen/rules/rule_cb.rb, line 111
def overtime!
  return false unless @overtimeable
  Sqreen.log.debug { "rulecb #{self} is overtime!" }
  return true if framework.nil? || !framework.mark_request_overtime!
  record_observation(
    'request_overtime',
    rule_name,
    1
  )
  true
end
priority() click to toggle source
Calls superclass method Sqreen::CB#priority
# File lib/sqreen/rules/rule_cb.rb, line 53
def priority
  @rule[Attrs::PRIORITY] || super
end
record_event(infos, at = Time.now.utc) click to toggle source

Record an attack event into Sqreen system @param infos [Hash] Additional information about request

# File lib/sqreen/rules/rule_cb.rb, line 59
def record_event(infos, at = Time.now.utc)
  return unless framework
  payload = {
    :infos => infos,
    :rulespack_id => rulespack_id,
    :rule_name => rule_name,
    :attack_type => @rule['attack_type'], # for signal
    :test => test,
    :block => @rule['block'], # for signal
    :time => at,
  }
  if payload_tpl.include?('context')
    payload[:backtrace] = Sqreen::Context.new.bt
  end
  if framework.respond_to?(:datadog_span) && (datadog_span = framework.datadog_span)
    Sqreen::Weave.logger.debug { "attack datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
    payload.merge!(
      :datadog_trace_id => datadog_span.trace_id,
      :datadog_span_id => datadog_span.span_id,
    )
    datadog_span.set_tag(Datadog::Ext::ManualTracing::TAG_KEEP, true)
    datadog_span.set_tag('sqreen.event', true)
  end
  framework.observe(:attacks, payload, payload_tpl)
end
record_exception(exception, infos = {}, at = Time.now.utc) click to toggle source

Record an exception that just occurred @param exception [Exception] Exception to send over @param infos [Hash] Additional contextual information

# File lib/sqreen/rules/rule_cb.rb, line 88
def record_exception(exception, infos = {}, at = Time.now.utc)
  return unless framework
  payload = {
    :exception => exception,
    :infos => infos,
    :rulespack_id => rulespack_id,
    :rule_name => rule_name,
    :test => test,
    :time => at,
    :backtrace => exception.backtrace || Sqreen::Context.bt,
  }
  framework.observe(:sqreen_exceptions, payload)
end
rule_name() click to toggle source
# File lib/sqreen/rules/rule_cb.rb, line 45
def rule_name
  @rule[Attrs::NAME]
end
rulespack_id() click to toggle source
# File lib/sqreen/rules/rule_cb.rb, line 49
def rulespack_id
  @rule[Attrs::RULESPACK_ID]
end