aikido-zen 1.0.1.beta.2-x86_64-linux → 1.0.1.beta.4-x86_64-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ca6248278bdeadfe41309e32cc275d6d160f5a5016d6ac601150e9a352ea527f
-  data.tar.gz: 3becdb310c7afdbbc5e4fdc9cc4bbb025a3c86226ff528dfce1d45790516f830
+  metadata.gz: f37e26f454db353f40a384e2e315a8b43a079cf9d2cf168890539d0eb83e7e14
+  data.tar.gz: 6143a0fbca3e33965425308aa4b4f50460ba62024af8a7e79c9d8216c6a797dc
 SHA512:
-  metadata.gz: f27904ccf00767000b205c18ad6ba8547a895827569fd8f623d861f0f4837121a287f1cba8f102eaf5966b5a10816f430542a07ec29a8ff52300a310e6928d07
-  data.tar.gz: 013b02a57ed0e5d9e4546e03d857eebf36aee66a53e436f2f679b16fc7cbe84544f8d22ee80cf8586e30190c1bde3b6d4d298d3e45078ad4b1138d3bb7aed4b5
+  metadata.gz: e4a14957b72a8491244dbbe6b4cf53e912b504ceb92a5966479c99427fd1be89308735289bf8d05dff4063b55d31cfea82cf916c956bd9de42ff1a5c3417a202
+  data.tar.gz: 84d78fa05f982d240df8b4d0fefc63dc6bf413945cbeeb07a10d3914d9a955f092eee01e0a2f7e8de3ce51b550ed33b8d81cb2e5912abea0f0d43b5eb7cb81d7

data/README.md

@@ -61,7 +61,7 @@ See list above for supported database drivers.
 * ✅ [`curb`](https://github.com/taf2/curb) 0.x (0.2.3+), 1.x
 * ✅ [`patron`](https://github.com/toland/patron) 0.x (0.6.4+)
 * ✅ [`typhoeus`](https://github.com/typhoeus/typhoeus) 0.x (0.5.0+), 1.x
-* ✅ [`async-http`](https://github.com/igrigorik/em-http-request) 0.x (0.70.0+)
+* ✅ [`async-http`](https://github.com/socketry/async-http) 0.x (0.70.0+)
 * ✅ [`em-http-request`](https://github.com/igrigorik/em-http-request) 1.x
 
 ## Installation

data/lib/aikido/zen/api_client.rb

@@ -111,7 +111,7 @@ module Aikido::Zen
     # @raise [Aikido::Zen::NetworkError] if an error occurs trying to make the
     #   request.
     private def request(request, base_url: @config.api_endpoint)
-      Net::HTTP.start(base_url.host, base_url.port, http_settings) do |http|
+      Net::HTTP.start(base_url.host, base_url.port, http_settings(base_url)) do |http|
         response = http.request(request)
 
         case response
@@ -127,8 +127,11 @@ module Aikido::Zen
       raise NetworkError.new(request, err)
     end
 
-    private def http_settings
-      @http_settings ||= {use_ssl: true, max_retries: 2}.merge(@config.api_timeouts)
+    private def http_settings(base_url)
+      @http_settings ||= {
+        use_ssl: base_url.scheme == "https",
+        max_retries: 2
+      }.merge(@config.api_timeouts)
     end
 
     private def default_headers

data/lib/aikido/zen/context/rails_request.rb

@@ -12,7 +12,9 @@ module Aikido::Zen
 
   # @!visibility private
   Context::RAILS_REQUEST_BUILDER = ->(env) do
-    delegate = ActionDispatch::Request.new(env)
+    # Duplicate the Rack environment to prevent unexpected modifications from
+    # breaking Rails routing.
+    delegate = ActionDispatch::Request.new(env.dup)
     request = Aikido::Zen::Request.new(
       delegate, framework: "rails", router: Rails.router
     )

data/lib/aikido/zen/internals.rb

@@ -7,12 +7,6 @@ module Aikido::Zen
   module Internals
     extend FFI::Library
 
-    class << self
-      # @return [String] the name of the extension we're loading, which we can
-      #   use in error messages to identify the architecture.
-      attr_accessor :libzen_name
-    end
-
     def self.libzen_names
       lib_name = "libzen-v#{LIBZEN_VERSION}"
       lib_ext = FFI::Platform::LIBSUFFIX
@@ -40,17 +34,24 @@ module Aikido::Zen
       names
     end
 
+    # @return [String] the name of the extension we're loading, which we can
+    # use in error messages.
+    def self.libzen_name
+      # The most generic platform library name.
+      libzen_names.last
+    end
+
     # Load the most specific library
     def self.load_libzen
-      libzen_names.each do |libzen_name|
-        libzen_path = File.expand_path(libzen_name, __dir__)
+      libzen_names.each do |name|
+        path = File.expand_path(name, __dir__)
         begin
-          return ffi_lib(libzen_path)
+          return ffi_lib(path)
         rescue LoadError
           # empty
         end
       end
-      raise LoadError, "Could not load libzen"
+      raise LoadError, "Zen could not load its native extension #{libzen_name}"
     end
 
     begin
@@ -68,11 +69,11 @@ module Aikido::Zen
       # :nocov:
 
       # Emit an $stderr warning at startup.
-      warn "Zen could not load its binary extension #{libzen_name}: #{err}"
+      warn "Zen could not load its native extension #{libzen_name}: #{err}"
 
       def self.detect_sql_injection(query, *)
         attempt = format("%p for SQL injection", query)
-        raise InternalsError.new(attempt, "loading", Internals.libzen_name)
+        raise InternalsError.new(attempt, "loading", libzen_name)
       end
 
       # :nocov:

data/lib/aikido/zen/rails_engine.rb

@@ -10,8 +10,6 @@ module Aikido::Zen
     end
 
     initializer "aikido.add_middleware" do |app|
-      next unless config.zen.protect?
-
       app.middleware.use Aikido::Zen::Middleware::SetContext
       app.middleware.use Aikido::Zen::Middleware::CheckAllowedAddresses
       # Request Tracker stats do not consider failed request or 40x, so the middleware
@@ -34,8 +32,8 @@ module Aikido::Zen
       # Allow the logger to be configured before checking if disabled? so we can
       # let the user know that the agent is disabled.
       logger = ::Rails.logger
-      logger = ActiveSupport::TaggedLogging.new(logger) unless logger.respond_to?(:tagged)
-      app.config.zen.logger = logger.tagged("aikido")
+      logger = logger.tagged("aikido") if logger.respond_to?(:tagged)
+      app.config.zen.logger = logger
 
       app.config.zen.request_builder = Aikido::Zen::Context::RAILS_REQUEST_BUILDER
 
@@ -51,20 +49,8 @@ module Aikido::Zen
     end
 
     config.after_initialize do
-      next unless config.zen.protect?
-
-      # Make sure this is run at the end of the initialization process, so
-      # that any gems required after aikido-zen are detected and patched
-      # accordingly.
-      Aikido::Zen.load_sinks!
-
-      # It's important we start after loading sinks, so we can report the installed packages
+      # Start the Aikido Agent only once the application starts.
       Aikido::Zen.start!
-
-      # Agent's bootstrap process has finished —Controllers are patched to block
-      # unwanted requests, sinks are loaded, scanners are running—, so we mark
-      # the agent as installed.
-      Aikido::Zen.middleware_installed!
     end
   end
 end

data/lib/aikido/zen/request/rails_router.rb

@@ -29,6 +29,11 @@ module Aikido::Zen
     end
 
     private def recognize_in_route_set(request, route_set, prefix: nil)
+      # ActionDispatch::Journey::Router#recognize modifies the Rack environment.
+      # This is correct for Rails routing, but it is not expected to be used in
+      # Rack middleware, and using it here can break Rails routing.
+      #
+      # To avoid this, the Rack environment is duplicated when building request.
       route_set.router.recognize(request) do |route, _|
         app = route.app
         next unless app.matches?(request)

data/lib/aikido/zen/sinks/async_http.rb

@@ -8,7 +8,7 @@ module Aikido::Zen
     module Async
       module HTTP
         def self.load_sinks!
-          if Gem.loaded_specs["async-http"]
+          if Aikido::Zen.satisfy "async-http", ">= 0.70.0"
             require "async/http"
 
             ::Async::HTTP::Client.prepend(Async::HTTP::ClientExtensions)

data/lib/aikido/zen/sinks/curb.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module Curl
       def self.load_sinks!
-        if Gem.loaded_specs["curb"]
+        if Aikido::Zen.satisfy "curb", ">= 0.2.3"
           require "curb"
 
           ::Curl::Easy.prepend(Curl::EasyExtensions)

data/lib/aikido/zen/sinks/em_http.rb

@@ -8,7 +8,7 @@ module Aikido::Zen
     module EventMachine
       module HttpRequest
         def self.load_sinks!
-          if Gem.loaded_specs["em-http-request"]
+          if Aikido::Zen.satisfy "em-http-request", ">= 1.0"
             require "em-http-request"
 
             ::EventMachine::HttpRequest.use(EventMachine::HttpRequest::Middleware)

data/lib/aikido/zen/sinks/excon.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module Excon
       def self.load_sinks!
-        if Gem.loaded_specs["excon"]
+        if Aikido::Zen.satisfy "excon", ">= 0.50.0"
           require "excon"
 
           ::Excon::Connection.prepend(ConnectionExtensions)

data/lib/aikido/zen/sinks/http.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module HTTP
       def self.load_sinks!
-        if Gem.loaded_specs["http"]
+        if Aikido::Zen.satisfy "http", ">= 1.0"
           require "http"
 
           ::HTTP::Client.prepend(ClientExtensions)

data/lib/aikido/zen/sinks/httpclient.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module HTTPClient
       def self.load_sinks!
-        if Gem.loaded_specs["httpclient"]
+        if Aikido::Zen.satisfy "httpclient", ">= 2.0"
           require "httpclient"
 
           ::HTTPClient.prepend(HTTPClient::HTTPClientExtensions)

data/lib/aikido/zen/sinks/httpx.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module HTTPX
       def self.load_sinks!
-        if Gem.loaded_specs["httpx"]
+        if Aikido::Zen.satisfy "httpx", ">= 1.1.3"
           require "httpx"
 
           ::HTTPX::Session.prepend(HTTPX::SessionExtensions)

data/lib/aikido/zen/sinks/mysql2.rb

@@ -4,7 +4,7 @@ module Aikido::Zen
   module Sinks
     module Mysql2
       def self.load_sinks!
-        if Gem.loaded_specs["mysql2"]
+        if Aikido::Zen.satisfy "mysql2"
           require "mysql2"
 
           ::Mysql2::Client.prepend(ClientExtensions)

data/lib/aikido/zen/sinks/patron.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module Patron
       def self.load_sinks!
-        if Gem.loaded_specs["patron"]
+        if Aikido::Zen.satisfy "patron", ">= 0.6.4"
           require "patron"
 
           ::Patron::Session.prepend(SessionExtensions)

data/lib/aikido/zen/sinks/pg.rb

@@ -4,7 +4,7 @@ module Aikido::Zen
   module Sinks
     module PG
       def self.load_sinks!
-        if Gem.loaded_specs["pg"]
+        if Aikido::Zen.satisfy "pg", ">= 1.0"
           require "pg"
 
           ::PG::Connection.prepend(PG::ConnectionExtensions)

data/lib/aikido/zen/sinks/sqlite3.rb

@@ -4,7 +4,7 @@ module Aikido::Zen
   module Sinks
     module SQLite3
       def self.load_sinks!
-        if Gem.loaded_specs["sqlite3"]
+        if Aikido::Zen.satisfy "sqlite3", ">= 1.0"
           require "sqlite3"
 
           ::SQLite3::Database.prepend(DatabaseExtensions)

data/lib/aikido/zen/sinks/trilogy.rb

@@ -4,7 +4,7 @@ module Aikido::Zen
   module Sinks
     module Trilogy
       def self.load_sinks!
-        if Gem.loaded_specs["trilogy"]
+        if Aikido::Zen.satisfy "trilogy", ">= 2.0"
           require "trilogy"
 
           ::Trilogy.prepend(TrilogyExtensions)

data/lib/aikido/zen/version.rb

@@ -2,7 +2,7 @@
 
 module Aikido
   module Zen
-    VERSION = "1.0.1.beta.2"
+    VERSION = "1.0.1.beta.4"
 
     # The version of libzen_internals that we build against.
     LIBZEN_VERSION = "0.1.39"

data/lib/aikido/zen.rb

@@ -1,8 +1,5 @@
 # frozen_string_literal: true
 
-# IMPORTANT: Any files that load sinks or start the Aikido Agent should
-# be required in `Aikido::Zen.protect!`.
-
 require_relative "zen/version"
 require_relative "zen/errors"
 require_relative "zen/actor"
@@ -29,6 +26,9 @@ module Aikido
     # Enable protection. Until this method is called no sinks are loaded
     # and the Aikido Agent does not start.
     #
+    # This method should be called only once, in the application after the
+    # initialization process is complete.
+    #
     # @return [void]
     def self.protect!
       if config.disabled?
@@ -36,9 +36,31 @@ module Aikido
         return
       end
 
-      # IMPORTANT: Any files that load sinks or start the Aikido Agent
-      # should be required here only.
-      require_relative "zen/rails_engine" if defined?(::Rails)
+      return unless config.protect?
+
+      unless load_sources! && load_sinks!
+        config.logger.warn "Zen could not find any supported libraries or frameworks. Visit https://github.com/AikidoSec/firewall-ruby for more information."
+        return
+      end
+
+      middleware_installed!
+    end
+
+    # @!visibility private
+    # Returns whether the loaded gem specification satisfies the listed requirements.
+    #
+    # Returns false if the gem specification is not loaded.
+    #
+    # @param name [String] the gem name
+    # @param requirements [Array<String>] a variable number of gem requirement strings
+    #
+    # @return [Boolean] true if the gem specification is loaded and all gem requirements are satisfied
+    def self.satisfy(name, *requirements)
+      spec = Gem.loaded_specs[name]
+
+      return false if spec.nil?
+
+      Gem::Requirement.new(*requirements).satisfied_by?(spec.version)
     end
 
     # @return [Aikido::Zen::Config] the agent configuration.
@@ -149,15 +171,28 @@ module Aikido
       collector.middleware_installed!
     end
 
-    # Load all sinks matching libraries loaded into memory. This method should
-    # be called after all other dependencies have been loaded into memory (i.e.
-    # at the end of the initialization process).
+    # @!visibility private
+    # Load all sources.
     #
-    # If a new gem is required, this method can be called again safely.
+    # @return [Boolean] true if any sources were loaded
+    def self.load_sources!
+      if Aikido::Zen.satisfy("rails", ">= 7.0")
+        require_relative "zen/rails_engine"
+
+        return true
+      end
+
+      false
+    end
+
+    # @!visibility private
+    # Load all sinks.
     #
-    # @return [void]
+    # @return [Boolean] true if any sinks were loaded
     def self.load_sinks!
       require_relative "zen/sinks"
+
+      !Aikido::Zen::Sinks.registry.empty?
     end
 
     # @!visibility private

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aikido-zen
 version: !ruby/object:Gem::Version
-  version: 1.0.1.beta.2
+  version: 1.0.1.beta.4
 platform: x86_64-linux
 authors:
 - Aikido Security
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-07-30 00:00:00.000000000 Z
+date: 2025-08-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby