aikido-zen 1.0.1.beta.2-x86_64-mingw-64 → 1.0.1.beta.4-x86_64-mingw-64

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6870d1d0a0a5f98ddaa519ea4d4629d5f188651767d14e7d73e7f8f5f768dce5
-  data.tar.gz: 8fe0c47688f64f8a735b192159339ff19499f4da99451045ad0e3fad95bccdde
+  metadata.gz: 6bc8f7df841d4cf2f47ce070838dfb1745ffa14b30b815e56ae4a7a86840cd5d
+  data.tar.gz: d76417c56275f7ae782cf3589b15102917c1f34f5009063fe4910671cf09ea77
 SHA512:
-  metadata.gz: 516d0a01b52bc249bb5ed730322442c6885e76beb561b49e2dfac7dae399952ba55d7a9485c2f14ff17cdeea2e71ffdd4df94d25d106039aa4114f4327287d45
-  data.tar.gz: 3eb82a1a977b37c4cfba905a22ab071fd1f3ca68529c282b7ddb70659f6b52acefeba80d25d95d72db48bff6ce0dc43dc45e03cb04d691ec09781d4c237da64b
+  metadata.gz: 5be18109dec6f530a320e690748ec2d7648e361381555288863f5ae19bbd5156b0b0a5fe6fd132ee95d40d8e21bb7196f17840690c3fb0ea11fa03bb07530ea8
+  data.tar.gz: 855edd55388644b09be065b37788f48bb01c31c2ad2f7907fa60ee538dcfbbe27d6ae8de7d0cac6af6ceb273927c6faebc2f76ef9dc9f6a4bafc901bccc4a3aa

data/README.md

@@ -61,7 +61,7 @@ See list above for supported database drivers.
 * ✅ [`curb`](https://github.com/taf2/curb) 0.x (0.2.3+), 1.x
 * ✅ [`patron`](https://github.com/toland/patron) 0.x (0.6.4+)
 * ✅ [`typhoeus`](https://github.com/typhoeus/typhoeus) 0.x (0.5.0+), 1.x
-* ✅ [`async-http`](https://github.com/igrigorik/em-http-request) 0.x (0.70.0+)
+* ✅ [`async-http`](https://github.com/socketry/async-http) 0.x (0.70.0+)
 * ✅ [`em-http-request`](https://github.com/igrigorik/em-http-request) 1.x
 
 ## Installation

data/lib/aikido/zen/api_client.rb

@@ -111,7 +111,7 @@ module Aikido::Zen
     # @raise [Aikido::Zen::NetworkError] if an error occurs trying to make the
     #   request.
     private def request(request, base_url: @config.api_endpoint)
-      Net::HTTP.start(base_url.host, base_url.port, http_settings) do |http|
+      Net::HTTP.start(base_url.host, base_url.port, http_settings(base_url)) do |http|
         response = http.request(request)
 
         case response
@@ -127,8 +127,11 @@ module Aikido::Zen
       raise NetworkError.new(request, err)
     end
 
-    private def http_settings
-      @http_settings ||= {use_ssl: true, max_retries: 2}.merge(@config.api_timeouts)
+    private def http_settings(base_url)
+      @http_settings ||= {
+        use_ssl: base_url.scheme == "https",
+        max_retries: 2
+      }.merge(@config.api_timeouts)
     end
 
     private def default_headers

data/lib/aikido/zen/context/rails_request.rb

@@ -12,7 +12,9 @@ module Aikido::Zen
 
   # @!visibility private
   Context::RAILS_REQUEST_BUILDER = ->(env) do
-    delegate = ActionDispatch::Request.new(env)
+    # Duplicate the Rack environment to prevent unexpected modifications from
+    # breaking Rails routing.
+    delegate = ActionDispatch::Request.new(env.dup)
     request = Aikido::Zen::Request.new(
       delegate, framework: "rails", router: Rails.router
     )

data/lib/aikido/zen/internals.rb

@@ -7,12 +7,6 @@ module Aikido::Zen
   module Internals
     extend FFI::Library
 
-    class << self
-      # @return [String] the name of the extension we're loading, which we can
-      #   use in error messages to identify the architecture.
-      attr_accessor :libzen_name
-    end
-
     def self.libzen_names
       lib_name = "libzen-v#{LIBZEN_VERSION}"
       lib_ext = FFI::Platform::LIBSUFFIX
@@ -40,17 +34,24 @@ module Aikido::Zen
       names
     end
 
+    # @return [String] the name of the extension we're loading, which we can
+    # use in error messages.
+    def self.libzen_name
+      # The most generic platform library name.
+      libzen_names.last
+    end
+
     # Load the most specific library
     def self.load_libzen
-      libzen_names.each do |libzen_name|
-        libzen_path = File.expand_path(libzen_name, __dir__)
+      libzen_names.each do |name|
+        path = File.expand_path(name, __dir__)
         begin
-          return ffi_lib(libzen_path)
+          return ffi_lib(path)
         rescue LoadError
           # empty
         end
       end
-      raise LoadError, "Could not load libzen"
+      raise LoadError, "Zen could not load its native extension #{libzen_name}"
     end
 
     begin
@@ -68,11 +69,11 @@ module Aikido::Zen
       # :nocov:
 
       # Emit an $stderr warning at startup.
-      warn "Zen could not load its binary extension #{libzen_name}: #{err}"
+      warn "Zen could not load its native extension #{libzen_name}: #{err}"
 
       def self.detect_sql_injection(query, *)
         attempt = format("%p for SQL injection", query)
-        raise InternalsError.new(attempt, "loading", Internals.libzen_name)
+        raise InternalsError.new(attempt, "loading", libzen_name)
       end
 
       # :nocov:

data/lib/aikido/zen/rails_engine.rb

@@ -10,8 +10,6 @@ module Aikido::Zen
     end
 
     initializer "aikido.add_middleware" do |app|
-      next unless config.zen.protect?
-
       app.middleware.use Aikido::Zen::Middleware::SetContext
       app.middleware.use Aikido::Zen::Middleware::CheckAllowedAddresses
       # Request Tracker stats do not consider failed request or 40x, so the middleware
@@ -34,8 +32,8 @@ module Aikido::Zen
       # Allow the logger to be configured before checking if disabled? so we can
       # let the user know that the agent is disabled.
       logger = ::Rails.logger
-      logger = ActiveSupport::TaggedLogging.new(logger) unless logger.respond_to?(:tagged)
-      app.config.zen.logger = logger.tagged("aikido")
+      logger = logger.tagged("aikido") if logger.respond_to?(:tagged)
+      app.config.zen.logger = logger
 
       app.config.zen.request_builder = Aikido::Zen::Context::RAILS_REQUEST_BUILDER
 
@@ -51,20 +49,8 @@ module Aikido::Zen
     end
 
     config.after_initialize do
-      next unless config.zen.protect?
-
-      # Make sure this is run at the end of the initialization process, so
-      # that any gems required after aikido-zen are detected and patched
-      # accordingly.
-      Aikido::Zen.load_sinks!
-
-      # It's important we start after loading sinks, so we can report the installed packages
+      # Start the Aikido Agent only once the application starts.
       Aikido::Zen.start!
-
-      # Agent's bootstrap process has finished —Controllers are patched to block
-      # unwanted requests, sinks are loaded, scanners are running—, so we mark
-      # the agent as installed.
-      Aikido::Zen.middleware_installed!
     end
   end
 end

data/lib/aikido/zen/request/rails_router.rb

@@ -29,6 +29,11 @@ module Aikido::Zen
     end
 
     private def recognize_in_route_set(request, route_set, prefix: nil)
+      # ActionDispatch::Journey::Router#recognize modifies the Rack environment.
+      # This is correct for Rails routing, but it is not expected to be used in
+      # Rack middleware, and using it here can break Rails routing.
+      #
+      # To avoid this, the Rack environment is duplicated when building request.
       route_set.router.recognize(request) do |route, _|
         app = route.app
         next unless app.matches?(request)

data/lib/aikido/zen/sinks/async_http.rb

@@ -8,7 +8,7 @@ module Aikido::Zen
     module Async
       module HTTP
         def self.load_sinks!
-          if Gem.loaded_specs["async-http"]
+          if Aikido::Zen.satisfy "async-http", ">= 0.70.0"
             require "async/http"
 
             ::Async::HTTP::Client.prepend(Async::HTTP::ClientExtensions)

data/lib/aikido/zen/sinks/curb.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module Curl
       def self.load_sinks!
-        if Gem.loaded_specs["curb"]
+        if Aikido::Zen.satisfy "curb", ">= 0.2.3"
           require "curb"
 
           ::Curl::Easy.prepend(Curl::EasyExtensions)

data/lib/aikido/zen/sinks/em_http.rb

@@ -8,7 +8,7 @@ module Aikido::Zen
     module EventMachine
       module HttpRequest
         def self.load_sinks!
-          if Gem.loaded_specs["em-http-request"]
+          if Aikido::Zen.satisfy "em-http-request", ">= 1.0"
             require "em-http-request"
 
             ::EventMachine::HttpRequest.use(EventMachine::HttpRequest::Middleware)

data/lib/aikido/zen/sinks/excon.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module Excon
       def self.load_sinks!
-        if Gem.loaded_specs["excon"]
+        if Aikido::Zen.satisfy "excon", ">= 0.50.0"
           require "excon"
 
           ::Excon::Connection.prepend(ConnectionExtensions)

data/lib/aikido/zen/sinks/http.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module HTTP
       def self.load_sinks!
-        if Gem.loaded_specs["http"]
+        if Aikido::Zen.satisfy "http", ">= 1.0"
           require "http"
 
           ::HTTP::Client.prepend(ClientExtensions)

data/lib/aikido/zen/sinks/httpclient.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module HTTPClient
       def self.load_sinks!
-        if Gem.loaded_specs["httpclient"]
+        if Aikido::Zen.satisfy "httpclient", ">= 2.0"
           require "httpclient"
 
           ::HTTPClient.prepend(HTTPClient::HTTPClientExtensions)

data/lib/aikido/zen/sinks/httpx.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module HTTPX
       def self.load_sinks!
-        if Gem.loaded_specs["httpx"]
+        if Aikido::Zen.satisfy "httpx", ">= 1.1.3"
           require "httpx"
 
           ::HTTPX::Session.prepend(HTTPX::SessionExtensions)

data/lib/aikido/zen/sinks/mysql2.rb

@@ -4,7 +4,7 @@ module Aikido::Zen
   module Sinks
     module Mysql2
       def self.load_sinks!
-        if Gem.loaded_specs["mysql2"]
+        if Aikido::Zen.satisfy "mysql2"
           require "mysql2"
 
           ::Mysql2::Client.prepend(ClientExtensions)

data/lib/aikido/zen/sinks/patron.rb

@@ -7,7 +7,7 @@ module Aikido::Zen
   module Sinks
     module Patron
       def self.load_sinks!
-        if Gem.loaded_specs["patron"]
+        if Aikido::Zen.satisfy "patron", ">= 0.6.4"
           require "patron"
 
           ::Patron::Session.prepend(SessionExtensions)

data/lib/aikido/zen/sinks/pg.rb

@@ -4,7 +4,7 @@ module Aikido::Zen
   module Sinks
     module PG
       def self.load_sinks!
-        if Gem.loaded_specs["pg"]
+        if Aikido::Zen.satisfy "pg", ">= 1.0"
           require "pg"
 
           ::PG::Connection.prepend(PG::ConnectionExtensions)

data/lib/aikido/zen/sinks/sqlite3.rb

@@ -4,7 +4,7 @@ module Aikido::Zen
   module Sinks
     module SQLite3
       def self.load_sinks!
-        if Gem.loaded_specs["sqlite3"]
+        if Aikido::Zen.satisfy "sqlite3", ">= 1.0"
           require "sqlite3"
 
           ::SQLite3::Database.prepend(DatabaseExtensions)

data/lib/aikido/zen/sinks/trilogy.rb

@@ -4,7 +4,7 @@ module Aikido::Zen
   module Sinks
     module Trilogy
       def self.load_sinks!
-        if Gem.loaded_specs["trilogy"]
+        if Aikido::Zen.satisfy "trilogy", ">= 2.0"
           require "trilogy"
 
           ::Trilogy.prepend(TrilogyExtensions)

data/lib/aikido/zen/version.rb

@@ -2,7 +2,7 @@
 
 module Aikido
   module Zen
-    VERSION = "1.0.1.beta.2"
+    VERSION = "1.0.1.beta.4"
 
     # The version of libzen_internals that we build against.
     LIBZEN_VERSION = "0.1.39"

data/lib/aikido/zen.rb

@@ -1,8 +1,5 @@
 # frozen_string_literal: true
 
-# IMPORTANT: Any files that load sinks or start the Aikido Agent should
-# be required in `Aikido::Zen.protect!`.
-
 require_relative "zen/version"
 require_relative "zen/errors"
 require_relative "zen/actor"
@@ -29,6 +26,9 @@ module Aikido
     # Enable protection. Until this method is called no sinks are loaded
     # and the Aikido Agent does not start.
     #
+    # This method should be called only once, in the application after the
+    # initialization process is complete.
+    #
     # @return [void]
     def self.protect!
       if config.disabled?
@@ -36,9 +36,31 @@ module Aikido
         return
       end
 
-      # IMPORTANT: Any files that load sinks or start the Aikido Agent
-      # should be required here only.
-      require_relative "zen/rails_engine" if defined?(::Rails)
+      return unless config.protect?
+
+      unless load_sources! && load_sinks!
+        config.logger.warn "Zen could not find any supported libraries or frameworks. Visit https://github.com/AikidoSec/firewall-ruby for more information."
+        return
+      end
+
+      middleware_installed!
+    end
+
+    # @!visibility private
+    # Returns whether the loaded gem specification satisfies the listed requirements.
+    #
+    # Returns false if the gem specification is not loaded.
+    #
+    # @param name [String] the gem name
+    # @param requirements [Array<String>] a variable number of gem requirement strings
+    #
+    # @return [Boolean] true if the gem specification is loaded and all gem requirements are satisfied
+    def self.satisfy(name, *requirements)
+      spec = Gem.loaded_specs[name]
+
+      return false if spec.nil?
+
+      Gem::Requirement.new(*requirements).satisfied_by?(spec.version)
     end
 
     # @return [Aikido::Zen::Config] the agent configuration.
@@ -149,15 +171,28 @@ module Aikido
       collector.middleware_installed!
     end
 
-    # Load all sinks matching libraries loaded into memory. This method should
-    # be called after all other dependencies have been loaded into memory (i.e.
-    # at the end of the initialization process).
+    # @!visibility private
+    # Load all sources.
     #
-    # If a new gem is required, this method can be called again safely.
+    # @return [Boolean] true if any sources were loaded
+    def self.load_sources!
+      if Aikido::Zen.satisfy("rails", ">= 7.0")
+        require_relative "zen/rails_engine"
+
+        return true
+      end
+
+      false
+    end
+
+    # @!visibility private
+    # Load all sinks.
     #
-    # @return [void]
+    # @return [Boolean] true if any sinks were loaded
     def self.load_sinks!
       require_relative "zen/sinks"
+
+      !Aikido::Zen::Sinks.registry.empty?
     end
 
     # @!visibility private

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aikido-zen
 version: !ruby/object:Gem::Version
-  version: 1.0.1.beta.2
+  version: 1.0.1.beta.4
 platform: x86_64-mingw-64
 authors:
 - Aikido Security
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-07-30 00:00:00.000000000 Z
+date: 2025-08-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby