Class: Threatstack::Jobs::EventSubmitter

Inherits:

Object

• Object
• Threatstack::Jobs::EventSubmitter

Includes:

Singleton, Constants

Defined in:

lib/jobs/event_submitter.rb

Overview

Singleton class that creates a job to submit events asynchronously

Constant Summary

SUBMITTER_NAME =

'EventSubmitter'

Constants included from Constants

Constants::AGENT_ID, Constants::AGENT_INSTANCE_ID, Constants::AGENT_NAME, Constants::AGENT_VERSION, Constants::APPSEC_BASE_URL, Constants::APPSEC_EVENTS_URL, Constants::ATTACK, Constants::AWS_METADATA_URL, Constants::BLOCK_PATH_TRAVERSAL, Constants::BLOCK_SQLI, Constants::BLOCK_XSS, Constants::CGI_VARIABLES, Constants::DEPENDENCIES, Constants::DETECTED_NOT_BLOCKED, Constants::DETECT_ATTACKS_ONLY, Constants::DETECT_PATH_TRAVERSAL, Constants::DISABLED, Constants::DROP_FIELDS, Constants::ENVIRONMENT, Constants::EVENTS_PER_REQ, Constants::FILTER_BY_PATH, Constants::INSTRUMENTATION, Constants::IPV4, Constants::IPV6, Constants::JOB_INTERVAL, Constants::LOG_COLORS, Constants::LOG_LEVEL, Constants::MANUAL_INIT, Constants::MAX_QUEUED_EVENTS, Constants::PATH_TRAVERSAL, Constants::REDACTED, Constants::REQUEST_BLOCKED, Constants::ROOT_DIR, Constants::RUBY, Constants::SQLI, Constants::TRUTHY, Constants::XSS

Instance Attribute Summary

• #job ⇒ Object readonly

  Returns the value of attribute job.

Instance Method Summary

• #initialize ⇒ EventSubmitter constructor

  A new instance of EventSubmitter.

• #queue_event(event) ⇒ Object
• #start ⇒ Object

  start recurrent job.

• #submit ⇒ Object

Methods included from Constants

app_root_dir, env, is_truthy

Constructor Details

#initialize ⇒ EventSubmitter

Returns a new instance of EventSubmitter.

# File 'lib/jobs/event_submitter.rb', line 24

def initialize
  @pid = nil
  @mutex = Mutex.new
  @accumulator = Threatstack::Events::EventAccumulator.instance
end

Instance Attribute Details

#job ⇒ Object (readonly)

Returns the value of attribute job.

# File 'lib/jobs/event_submitter.rb', line 22

def job
  @job
end

Instance Method Details

#queue_event(event) ⇒ Object

# File 'lib/jobs/event_submitter.rb', line 83

def queue_event(event)
  start
  @accumulator.add_event event
end

#start ⇒ Object

start recurrent job

# File 'lib/jobs/event_submitter.rb', line 31

def start
  pid = Process.pid
  if @pid != pid
    @mutex.synchronize do
      if @pid != pid
        @logger = Threatstack::Utils::TSLogger.create SUBMITTER_NAME
        @logger.debug 'Launching an EventSubmitter instance'
        # clear events in case the accumulator was forked and already had queued events
        @accumulator.clear_events
        # submit every JOB_INTERVAL seconds
        @job = RecurrentJob.new(@logger, JOB_INTERVAL, 5) { submit }
        @pid = pid
      end
    end
  end
end

#submit ⇒ Object

# File 'lib/jobs/event_submitter.rb', line 48

def submit
  # fetch events from the accumulator
  events = @accumulator.remove_events EVENTS_PER_REQ
  if events.empty?
    @logger.debug 'No events to report'
    return
  end
  @logger.debug "Found a total of #{events.length} events"

  # convert payload to JSON
  json_payload = "[#{events.collect(&:to_json_string).join(', ')}]"
  # submit http request
  uri = URI.parse(APPSEC_BASE_URL + APPSEC_EVENTS_URL)
  headers = {
    'Content-Type' => 'application/json',
    'bluefyre-agent-id' => AGENT_ID,
    'bluefyre-agent-instance-id' => AGENT_INSTANCE_ID,
    'bluefyre-agent-version' => AGENT_VERSION,
    'bluefyre-agent-type' => RUBY
  }
  http = Net::HTTP.new(uri.host, uri.port)
  http.use_ssl = true
  http.max_retries=0 # don't attempt to retry if the request fails
  http.verify_mode = OpenSSL::SSL::VERIFY_NONE
  req = Net::HTTP::Post.new(uri.request_uri, headers)
  req.body = json_payload
  @logger.debug "Sending #{events.length} events with payload: #{json_payload}"
  begin
    resp = http.request(req)
    @logger.debug "Sent #{events.length} events, HTTP code: #{resp.code}"
  rescue StandardError => e
    @logger.error "StandardError: #{e.inspect}"
  end
end