Class: Sqreen::Rules::RuleCB

Inherits:
FrameworkCB show all
Includes:
CallCountable, Conditionable
Defined in:
lib/sqreen/rules/rule_cb.rb

Overview

Base class for callback that are initialized by rules from Sqreen

Constant Summary collapse

DEFAULT_PAYLOAD =

If nothing was asked by the rule we will ask for all sections available These information will be pruned later when exporting in #to_hash

(PayloadCreator::METHODS.keys - ['local'] + ['context']).freeze

Constants included from CallCountable

CallCountable::COUNT_CALLS, CallCountable::FAILING, CallCountable::POST, CallCountable::PRE

Constants inherited from CB

CB::DEFAULT_PRIORITY

Instance Attribute Summary collapse

Attributes included from CallCountable

#call_count_interval, #call_counts

Attributes inherited from FrameworkCB

#framework

Attributes inherited from CB

#klass, #method, #overtimeable

Instance Method Summary collapse

Methods included from CallCountable

#count_callback_calls, #failing_with_count, #post_with_count, #pre_with_count

Methods included from Conditionable

#condition_callbacks, #failing_with_conditions, #post_with_conditions, #pre_with_conditions

Methods inherited from FrameworkCB

#record_observation, #whitelisted?

Methods inherited from CB

#failing?, #framework, #post?, #pre?, #to_s, #whitelisted?

Constructor Details

#initialize(klass, method, rule_hash) ⇒ RuleCB

Returns a new instance of RuleCB.



33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/sqreen/rules/rule_cb.rb', line 33

def initialize(klass, method, rule_hash)
  super(klass, method)
  @block = rule_hash[Attrs::BLOCK] == true
  @test = rule_hash[Attrs::TEST] == true
  @data = rule_hash[Attrs::DATA]
  @rule = rule_hash
  @payload_tpl = @rule[Attrs::PAYLOAD] || DEFAULT_PAYLOAD
  @overtimeable = true
  condition_callbacks(@rule[Attrs::CONDITIONS])
  count_callback_calls(@rule[Attrs::CALL_COUNT_INTERVAL])
end

Instance Attribute Details

#blockObject (readonly)

Returns the value of attribute block.



28
29
30
 
# File 'lib/sqreen/rules/rule_cb.rb', line 28

def block
  @block
end

#payload_tplObject (readonly)

Returns the value of attribute payload_tpl.



27
28
29
 
# File 'lib/sqreen/rules/rule_cb.rb', line 27

def payload_tpl
  @payload_tpl
end

#testObject (readonly)

Returns the value of attribute test.



26
27
28
 
# File 'lib/sqreen/rules/rule_cb.rb', line 26

def test
  @test
end

Instance Method Details

#advise_action(action, additional_data = {}) ⇒ Object

Recommend taking an action (optionnally adding more data/context)

This will format the requested action and optionnally override it if it should not be taken (should not block for example)



110
111
112
113
 
# File 'lib/sqreen/rules/rule_cb.rb', line 110

def advise_action(action, additional_data = {})
  return if action.nil? && additional_data.empty?
  additional_data.merge(:status => action)
end

#overtime!Object 



115
116
117
118
119
120
121
122
123
124
125
 
# File 'lib/sqreen/rules/rule_cb.rb', line 115

def overtime!
  return false unless @overtimeable
  Sqreen.log.debug { "rulecb #{self} is overtime!" }
  return true if framework.nil? || !framework.mark_request_overtime!
  record_observation(
    'request_overtime',
    rule_name,
    1
  )
  true
end

#priorityObject 



53
54
55
 
# File 'lib/sqreen/rules/rule_cb.rb', line 53

def priority
  @rule[Attrs::PRIORITY] || super
end

#record_event(infos, at = Time.now.utc) ⇒ Object

Record an attack event into Sqreen system

Parameters:

  • infos (Hash)

    Additional information about request



59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'lib/sqreen/rules/rule_cb.rb', line 59

def record_event(infos, at = Time.now.utc)
  return unless framework
  payload = {
    :infos => infos,
    :rulespack_id => rulespack_id,
    :rule_name => rule_name,
    :attack_type => @rule['attack_type'], # for signal
    :test => test,
    :block => @rule['block'], # for signal
    :time => at,
  }
  if payload_tpl.include?('context')
    payload[:backtrace] = Sqreen::Context.new.bt
  end
  if framework.respond_to?(:datadog_span) && (datadog_span = framework.datadog_span)
    Sqreen::Weave.logger.debug { "attack datadog:true span_id:#{datadog_span.span_id} parent_id:#{datadog_span.parent_id} trace_id:#{datadog_span.trace_id}" }
    payload.merge!(
      :datadog_trace_id => datadog_span.trace_id,
      :datadog_span_id => datadog_span.span_id,
    )
    if (datadog_trace = framework.datadog_trace)
      datadog_trace.keep!
    else
      datadog_span.set_tag(Datadog::Ext::ManualTracing::TAG_KEEP, true)
    end
    datadog_span.set_tag('sqreen.event', true)
  end
  framework.observe(:attacks, payload, payload_tpl)
end

#record_exception(exception, infos = {}, at = Time.now.utc) ⇒ Object

Record an exception that just occurred

Parameters:

  • exception (Exception)

    Exception to send over

  • infos (Hash) (defaults to: {})

    Additional contextual information



92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/sqreen/rules/rule_cb.rb', line 92

def record_exception(exception, infos = {}, at = Time.now.utc)
  return unless framework
  payload = {
    :exception => exception,
    :infos => infos,
    :rulespack_id => rulespack_id,
    :rule_name => rule_name,
    :test => test,
    :time => at,
    :backtrace => exception.backtrace || Sqreen::Context.bt,
  }
  framework.observe(:sqreen_exceptions, payload)
end

#rule_nameObject 



45
46
47
 
# File 'lib/sqreen/rules/rule_cb.rb', line 45

def rule_name
  @rule[Attrs::NAME]
end

#rulespack_idObject 



49
50
51
 
# File 'lib/sqreen/rules/rule_cb.rb', line 49

def rulespack_id
  @rule[Attrs::RULESPACK_ID]
end