24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
# File 'lib/rack/content_middleware.rb', line 24
def call(env)
req = Rack::Request.new(env)
Thread.current[:request_storage] = {}
begin
if rand(100) > @traffic_percentage
Thread.current[:request_storage][:skip_processing] = true
return @app.call(env)
end
return @app.call(env) if @paths.detect {|p| req.path.start_with?(p)}.nil?
return @app.call(env) unless @blacklist.detect {|p| req.path.start_with?(p)}.nil?
return @app.call(env) if req.media_type === 'multipart/form-data'
unless env['QUERY_STRING'].empty?
querystring = env['QUERY_STRING']
if @mode === 'protect'
begin
Timeout::timeout(@timeout) do
resp = nil
if defined? ActiveSupport::Notifications
ActiveSupport::Notifications.instrument('prevoty:content:protect') do |payload|
resp = payload[:response] = @client.bulk_filter(querystring, @policy_key)
end
end
env['QUERY_STRING'] = resp.output
result = self.class.build_result(@mode, req, querystring, resp)
if resp.statistics.is_significant? || @log_verbosity === 'all'
::Prevoty::LOGGER << result.to_json + "\n"
end
end
rescue Exception => e
env['QUERY_STRING'] = escape_query(CGI::parse(env['QUERY_STRING']))
Rails.logger.warn e.message
end
else
@monitor.process({mode: @mode, input: env['QUERY_STRING'], request: req})
end
end
if ['POST', 'PUT', 'PATCH'].member?(req.request_method)
body = URI.unescape(req.body.read.encode('utf-8'))
unless body.empty?
if @mode === 'protect'
begin
resp = nil
Timeout::timeout(@timeout) do
if defined? ActiveSupport::Notifications
ActiveSupport::Notifications.instrument('prevoty:content:protect') do |payload|
resp = payload[:response] = @client.bulk_filter(body, @policy_key)
end
end
env['rack.input'] = StringIO.new(resp.output)
result = self.class.build_result(@mode, req, body, resp)
if resp.statistics.is_significant? || @log_verbosity === 'all'
::Prevoty::LOGGER << result.to_json + "\n"
end
end
rescue Exception => e
env['rack.input'] = StringIO.new(escape_query(CGI::parse(body)))
Rails.logger.warn e.message
end
else
@monitor.process({mode: @mode, input: body, request: req})
end
end
end
@app.call(env)
ensure
Thread.current[:request_storage] = {}
end
end
|