RubyGems - aikido-zen - Versions diffs - 1.0.0.pre.beta.1 → 1.0.1.beta.2 - Mend

aikido-zen 1.0.0.pre.beta.1 → 1.0.1.beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

checksums.yaml +4 -4
data/.aikido +6 -0
data/README.md +67 -83
data/lib/aikido/zen/config.rb +11 -2
data/lib/aikido/zen/context.rb +4 -0
data/lib/aikido/zen/internals.rb +41 -7
data/lib/aikido/zen/middleware/request_tracker.rb +6 -4
data/lib/aikido/zen/rails_engine.rb +5 -9
data/lib/aikido/zen/request/heuristic_router.rb +6 -0
data/lib/aikido/zen/sink.rb +5 -0
data/lib/aikido/zen/sinks/async_http.rb +35 -16
data/lib/aikido/zen/sinks/curb.rb +52 -26
data/lib/aikido/zen/sinks/em_http.rb +39 -25
data/lib/aikido/zen/sinks/excon.rb +63 -45
data/lib/aikido/zen/sinks/file.rb +67 -71
data/lib/aikido/zen/sinks/http.rb +38 -19
data/lib/aikido/zen/sinks/httpclient.rb +51 -22
data/lib/aikido/zen/sinks/httpx.rb +37 -18
data/lib/aikido/zen/sinks/kernel.rb +18 -57
data/lib/aikido/zen/sinks/mysql2.rb +19 -7
data/lib/aikido/zen/sinks/net_http.rb +37 -19
data/lib/aikido/zen/sinks/patron.rb +41 -24
data/lib/aikido/zen/sinks/pg.rb +50 -27
data/lib/aikido/zen/sinks/resolv.rb +37 -16
data/lib/aikido/zen/sinks/socket.rb +33 -17
data/lib/aikido/zen/sinks/sqlite3.rb +31 -12
data/lib/aikido/zen/sinks/trilogy.rb +19 -7
data/lib/aikido/zen/sinks.rb +29 -20
data/lib/aikido/zen/sinks_dsl.rb +226 -0
data/lib/aikido/zen/version.rb +2 -2
data/lib/aikido/zen.rb +18 -1
data/placeholder/.gitignore +4 -0
data/placeholder/README.md +11 -0
data/placeholder/Rakefile +75 -0
data/placeholder/lib/placeholder.rb.template +3 -0
data/placeholder/placeholder.gemspec.template +20 -0
data/tasklib/libzen.rake +70 -66
metadata +16 -12
data/CHANGELOG.md +0 -25
data/lib/aikido.rb +0 -3

data/placeholder/Rakefile ADDED Viewed

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+require "rake"
+require "rake/clean"
+require "rubygems/package"
+require "fileutils"
+GEM_NAMES = %w[aikido]
+# Clean up created files
+CLEAN.include("LICENSE")
+CLEAN.include(*GEM_NAMES.map { |name| "#{name}.gemspec" })
+CLEAN.include(*GEM_NAMES.map { |name| "lib/#{name}.rb" })
+CLOBBER.include(*GEM_NAMES.map { |name| "#{name}-*.gem" })
+namespace :build do
+  GEM_NAMES.each do |gem_name|
+    file "LICENSE" => ["../LICENSE"] do
+      FileUtils.cp("../LICENSE", "LICENSE")
+      puts "Copied LICENSE"
+    end
+    entry_point_path = "lib/#{gem_name}.rb"
+    # Generate the entry point file from template if needed
+    file entry_point_path => ["lib/placeholder.rb.template"] do
+      template = File.read("lib/placeholder.rb.template")
+      content = template.gsub("@GEM_NAME", gem_name)
+      File.write(entry_point_path, content)
+      puts "Generated #{entry_point_path}"
+    end
+    gemspec_path = "#{gem_name}.gemspec"
+    # Generate gemspec file from template if needed
+    file gemspec_path => ["placeholder.gemspec.template"] do
+      template = File.read("placeholder.gemspec.template")
+      content = template.gsub("@GEM_NAME", gem_name)
+      File.write(gemspec_path, content)
+      puts "Generated #{gemspec_path}"
+    end
+    desc "Build the #{gem_name} gem"
+    task gem_name => [entry_point_path, gemspec_path, "LICENSE"] do
+      gemspec = Gem::Specification.load(gemspec_path)
+      raise "Failed to load gemspec: #{gemspec_path}" unless gemspec
+      gem_path = Gem::Package.build(gemspec)
+      puts "Built #{gem_path}"
+    end
+  end
+  desc "Build all gems"
+  task all: GEM_NAMES.map { |gem_name| "build:#{gem_name}" }
+end
+namespace :release do
+  GEM_NAMES.each do |gem_name|
+    gemspec_path = "#{gem_name}.gemspec"
+    desc "Build and publish the #{gem_name} to RubyGems"
+    task gem_name => ["build:#{gem_name}"] do
+      gemspec = Gem::Specification.load(gemspec_path)
+      raise "Failed to load gemspec: #{gemspec_path}" unless gemspec
+      gem_path = "#{gemspec.name}-#{gemspec.version}.gem"
+      puts "Publishing #{gem_path} to RubyGem..."
+      sh "gem push #{gem_path}"
+    end
+  end
+  desc "Build and publish all gems to RubyGems"
+  task all: GEM_NAMES.map { |gem_name| "release:#{gem_name}" }
+end

data/placeholder/lib/placeholder.rb.template ADDED Viewed

@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+raise LoadError, "This gem has been published by Aikido Security to help prevent supply chain attacks. It is not intended for direct use. Please use 'aikido-zen' instead."

data/placeholder/placeholder.gemspec.template ADDED Viewed

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+Gem::Specification.new do |spec|
+  spec.name = "@GEM_NAME"
+  spec.version = "0.0.2"
+  spec.authors = ["Aikido Security"]
+  spec.email = ["dev-admin@aikido.dev"]
+  spec.summary = "Security placeholder for 'aikido-zen'."
+  spec.description = "This gem has been published by Aikido Security to help prevent supply chain attacks. It is not intended for direct use. Please use 'aikido-zen' instead."
+  spec.homepage = "https://aikido.dev/zen"
+  spec.license = "AGPL-3.0-or-later"
+  spec.required_ruby_version = ">= 2.3"
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/aikidosec/firewall-ruby"
+  spec.files = ["lib/@GEM_NAME.rb", "README.md", "LICENSE"]
+  spec.require_paths = ["lib"]
+end

data/tasklib/libzen.rake CHANGED Viewed

@@ -1,23 +1,19 @@
 # frozen_string_literal: true
+require "ffi"
 require "open-uri"
 require "rubygems/package_task"
 require_relative "../lib/aikido/zen/version"
-LibZenDL = Struct.new(:os, :arch, :artifact) do
-  def download
-    puts "Downloading #{path}"
-    File.open(path, "wb") { |file| FileUtils.copy_stream(URI(url).open("rb"), file) }
-  end
-  def verify
-    expected = URI(url + ".sha256sum").read.split(/\s+/).first
-    actual = Digest::SHA256.file(path).to_s
+class LibZen
+  attr_reader :platform, :suffix, :artifact
-    if expected != actual
-      abort "Checksum mismatch on #{path}: Expected #{expected}, got #{actual}."
-    end
+  def initialize(platform_suffix, artifact = nil)
+    platform, suffix = platform_suffix.split(".", 2)
+    @platform = Gem::Platform.new(platform)
+    @suffix = suffix
+    @artifact = artifact
   end
   def version
@@ -25,79 +21,90 @@ LibZenDL = Struct.new(:os, :arch, :artifact) do
   end
   def path
-    [prefix, arch, ext].join(".")
+    "lib/aikido/zen/libzen-#{version}-#{platform}.#{suffix}"
   end
-  def gem_path
-    platform = "-#{gemspec.platform}" unless gemspec.platform.to_s == "ruby"
-    "pkg/#{gemspec.name}-#{gemspec.version}#{platform}.gem"
+  def url
+    File.join("https://github.com/AikidoSec/zen-internals/releases/download", version, artifact)
   end
-  def pkg_dir
-    File.dirname(gem_path)
+  def gemspec(source = Bundler.load_gemspec("aikido-zen.gemspec"))
+    return @spec if defined?(@spec)
+    @spec = source.dup
+    @spec.platform = platform
+    @spec.files << path
+    @spec
   end
-  def prefix
-    "lib/aikido/zen/libzen-#{version}"
+  def gem_path
+    "pkg/#{gemspec.name}-#{gemspec.version}-#{gemspec.platform}.gem"
   end
-  def ext
-    case os
-    when :darwin then "dylib"
-    when :linux then "so"
-    when :windows then "dll"
-    end
+  def resolvable?
+    downloadable? || File.exist?(path)
   end
-  def url
-    File.join("https://github.com/AikidoSec/zen-internals/releases/download", version, artifact)
+  def downloadable?
+    !artifact.nil?
   end
-  def gem_platform
-    gem_os = (os == :windows) ? "mingw64" : os
-    platform = (arch == "aarch64") ? "arm64" : arch
-    Gem::Platform.new("#{platform}-#{gem_os}")
+  def download
+    puts "Downloading #{path}"
+    File.open(path, "wb") { |file| FileUtils.copy_stream(URI(url).open("rb"), file) }
   end
-  def gemspec(source = Bundler.load_gemspec("aikido-zen.gemspec"))
-    return @spec if defined?(@spec)
+  def verify
+    expected = URI(url + ".sha256sum").read.split(/\s+/).first
+    actual = Digest::SHA256.file(path).to_s
-    @spec = source.dup
-    @spec.platform = gem_platform
-    @spec.files << path
-    @spec
+    if expected != actual
+      abort "Checksum verification failed for #{path}: expected #{expected}, but got #{actual}"
+    end
   end
   def namespace
-    "#{os}:#{arch}"
+    platform.to_s
+  end
+  def pkg_dir
+    File.dirname(gem_path)
   end
 end
-LIBZEN = [
-  LibZenDL.new(:darwin, "aarch64", "libzen_internals_aarch64-apple-darwin.dylib"),
-  LibZenDL.new(:darwin, "x86_64", "libzen_internals_x86_64-apple-darwin.dylib"),
-  LibZenDL.new(:linux, "aarch64", "libzen_internals_aarch64-unknown-linux-gnu.so"),
-  LibZenDL.new(:linux, "x86_64", "libzen_internals_x86_64-unknown-linux-gnu.so"),
-  LibZenDL.new(:windows, "x86_64", "libzen_internals_x86_64-pc-windows-gnu.dll")
-]
+LIBZENS = [
+  LibZen.new("arm64-darwin.dylib", "libzen_internals_aarch64-apple-darwin.dylib"),
+  LibZen.new("arm64-linux.so", "libzen_internals_aarch64-unknown-linux-gnu.so"),
+  LibZen.new("arm64-linux-musl.so", "libzen_internals_aarch64-unknown-linux-musl.so"),
+  LibZen.new("x86_64-darwin.dylib", "libzen_internals_x86_64-apple-darwin.dylib"),
+  LibZen.new("x86_64-linux.so", "libzen_internals_x86_64-unknown-linux-gnu.so"),
+  LibZen.new("x86_64-linux-musl.so", "libzen_internals_x86_64-unknown-linux-musl.so"),
+  LibZen.new("x86_64-mingw64.dll", "libzen_internals_x86_64-pc-windows-gnu.dll"),
+  # Not officially supported, but used during testing:
+  LibZen.new("x86_64-freebsd.so"),
+  LibZen.new("x86_64-solaris.so")
+].filter(&:resolvable?)
 namespace :libzen do
-  LIBZEN.each do |lib|
-    desc "Download libzen for #{lib.os}-#{lib.arch} if necessary"
+  LIBZENS.each do |lib|
+    desc "Download libzen for #{lib.platform} if necessary"
     task(lib.namespace => lib.path)
-    file(lib.path) {
-      lib.download
-      lib.verify
-    }
-    CLEAN.include(lib.path)
+    if lib.downloadable?
+      file(lib.path) do
+        lib.download
+        lib.verify
+      end
+      CLEAN.include(lib.path)
+    end
     directory lib.pkg_dir
     CLOBBER.include(lib.pkg_dir)
-    file(lib.gem_path => [lib.path, lib.pkg_dir]) {
+    file(lib.gem_path => [lib.path, lib.pkg_dir]) do
       path = Gem::Package.build(lib.gemspec)
       mv path, lib.pkg_dir
-    }
+    end
     CLOBBER.include(lib.pkg_dir)
     task "#{lib.namespace}:release" => [lib.gem_path, "release:guard_clean"] do
@@ -105,24 +112,21 @@ namespace :libzen do
     end
   end
-  desc "Build all the native gems for the different libzen versions"
-  task gems: LIBZEN.map(&:gem_path)
+  desc "Build all the native gems"
+  task gems: LIBZENS.map(&:gem_path)
   desc "Push all the native gems to RubyGems"
-  task release: LIBZEN.map { |lib| "#{lib.namespace}:release" }
+  task release: LIBZENS.map { |lib| "#{lib.namespace}:release" }
   desc "Download the libzen pre-built library for all platforms"
-  task "download:all" => LIBZEN.map(&:path)
+  task "download:all" => LIBZENS.map(&:path)
   desc "Downloads the libzen library for the current platform"
   task "download:current" do
-    require "rbconfig"
-    os = case RbConfig::CONFIG["host_os"]
-    when /darwin/ then :darwin
-    when /mingw|cygwin|mswin/ then :windows
-    else :linux
-    end
+    platform = Gem::Platform.local.dup
+    platform.version = nil unless Rake::Task.task_defined?("libzen:#{platform}")
-    Rake::Task["libzen:#{os}:#{RbConfig::CONFIG["build_cpu"]}"].invoke
+    # Invoke the most specific task
+    Rake::Task["libzen:#{platform}"].invoke
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aikido-zen
 version: !ruby/object:Gem::Version
-  version: 1.0.0.pre.beta.1
+  version: 1.0.1.beta.2
 platform: ruby
 authors:
-- Nicolas Sanguinetti
+- Aikido Security
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-06-04 00:00:00.000000000 Z
+date: 2025-07-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby
@@ -52,17 +52,18 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description:
+description: Zen by Aikido is an embedded Web Application Firewall that autonomously
+  protects Ruby apps against common and critical attacks.
 email:
-- foca@foca.io
+- dev-admin@aikido.dev
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".aikido"
 - ".ruby-version"
 - ".simplecov"
 - ".standard.yml"
-- CHANGELOG.md
 - LICENSE
 - README.md
 - Rakefile
@@ -72,7 +73,6 @@ files:
 - docs/config.md
 - docs/rails.md
 - lib/aikido-zen.rb
-- lib/aikido.rb
 - lib/aikido/zen.rb
 - lib/aikido/zen/actor.rb
 - lib/aikido/zen/agent.rb
@@ -159,20 +159,25 @@ files:
 - lib/aikido/zen/sinks/sqlite3.rb
 - lib/aikido/zen/sinks/trilogy.rb
 - lib/aikido/zen/sinks/typhoeus.rb
+- lib/aikido/zen/sinks_dsl.rb
 - lib/aikido/zen/synchronizable.rb
 - lib/aikido/zen/system_info.rb
 - lib/aikido/zen/version.rb
 - lib/aikido/zen/worker.rb
+- placeholder/.gitignore
+- placeholder/README.md
+- placeholder/Rakefile
+- placeholder/lib/placeholder.rb.template
+- placeholder/placeholder.gemspec.template
 - tasklib/bench.rake
 - tasklib/libzen.rake
 - tasklib/wrk.rb
-homepage: https://aikido.dev
+homepage: https://aikido.dev/zen
 licenses:
 - AGPL-3.0-or-later
 metadata:
-  homepage_uri: https://aikido.dev
+  homepage_uri: https://aikido.dev/zen
   source_code_uri: https://github.com/aikidosec/firewall-ruby
-  changelog_uri: https://github.com/aikidosec/firewall-ruby/blob/main/CHANGELOG.md
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -191,6 +196,5 @@ requirements: []
 rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
-summary: Embedded Web Application Firewall that autonomously protects Ruby apps against
-  common and critical attacks.
+summary: Embedded Web Application Firewall.
 test_files: []

data/CHANGELOG.md DELETED Viewed

@@ -1,25 +0,0 @@
-# Changelog
-## [Unreleased]
-### Fixed
-- Avoid an infinite loop when checking for SSRFs in a circular redirects loop.
-## 0.1.1
-### Fixed
-- Avoid an error when sending the initial heartbeat if the Aikido server hasn't
-  received stats yet.
-- Fix the SSRF scanner to ensure the port in the user-supplied payload matches
-  the port in the request.
-- Don't break the HTTP.rb sink when a Zen context isn't set.
-- Don't break the Typhoeus sink when a Zen context isn't set.
-- Don't break the PG sink outside of Rails.
-- Updated [libzen](https://github.com/AikidoSec/zen-internals) to v0.1.31 to
-  prevent flagging false positives in SQL queries with comments.
-## 0.1.0
-- Initial version

data/lib/aikido.rb DELETED Viewed

@@ -1,3 +0,0 @@
-# frozen_string_literal: true
-require_relative "aikido/zen"