aikido-zen 1.0.1.beta.4-arm64-linux-musl → 1.0.1.beta.5-arm64-linux-musl

data/lib/aikido/zen/sinks/sqlite3.rb

@@ -3,15 +3,6 @@
 module Aikido::Zen
   module Sinks
     module SQLite3
-      def self.load_sinks!
-        if Aikido::Zen.satisfy "sqlite3", ">= 1.0"
-          require "sqlite3"
-
-          ::SQLite3::Database.prepend(DatabaseExtensions)
-          ::SQLite3::Statement.prepend(StatementExtensions)
-        end
-      end
-
       SINK = Sinks.add("sqlite3", scanners: [Scanners::SQLInjectionScanner])
 
       module Helpers
@@ -24,22 +15,28 @@ module Aikido::Zen
         end
       end
 
-      module DatabaseExtensions
-        extend Sinks::DSL
+      def self.load_sinks!
+        if Aikido::Zen.satisfy "sqlite3", ">= 1.0"
+          require "sqlite3"
 
-        private
+          ::SQLite3::Database.class_eval do
+            extend Sinks::DSL
 
-        # SQLite3::Database#exec_batch is an internal native private method.
-        sink_before :exec_batch do |sql|
-          Helpers.scan(sql, "exec_batch")
-        end
-      end
+            private
+
+            # SQLite3::Database#exec_batch is an internal native private method.
+            sink_before :exec_batch do |sql|
+              Helpers.scan(sql, "exec_batch")
+            end
+          end
 
-      module StatementExtensions
-        extend Sinks::DSL
+          ::SQLite3::Statement.class_eval do
+            extend Sinks::DSL
 
-        sink_before :initialize do |_db, sql|
-          Helpers.scan(sql, "statement.execute")
+            sink_before :initialize do |_db, sql|
+              Helpers.scan(sql, "statement.execute")
+            end
+          end
         end
       end
     end

data/lib/aikido/zen/sinks/trilogy.rb

@@ -3,14 +3,6 @@
 module Aikido::Zen
   module Sinks
     module Trilogy
-      def self.load_sinks!
-        if Aikido::Zen.satisfy "trilogy", ">= 2.0"
-          require "trilogy"
-
-          ::Trilogy.prepend(TrilogyExtensions)
-        end
-      end
-
       SINK = Sinks.add("trilogy", scanners: [Scanners::SQLInjectionScanner])
 
       module Helpers
@@ -19,11 +11,17 @@ module Aikido::Zen
         end
       end
 
-      module TrilogyExtensions
-        extend Sinks::DSL
+      def self.load_sinks!
+        if Aikido::Zen.satisfy "trilogy", ">= 2.0"
+          require "trilogy"
+
+          ::Trilogy.class_eval do
+            extend Sinks::DSL
 
-        sink_before :query do |query|
-          Helpers.scan(query, "query")
+            sink_before :query do |query|
+              Helpers.scan(query, "query")
+            end
+          end
         end
       end
     end

data/lib/aikido/zen/sinks.rb

@@ -9,10 +9,7 @@ require_relative "sinks_dsl"
 
 require_relative "sinks/action_controller" if defined?(::ActionController)
 
-# Sadly, in ruby versions lower than 3.0, it's not possible to patch the
-# Kernel module because how the `prepend` method is applied
-# (https://stackoverflow.com/questions/78110397/prepend-kernel-module-function-globally#comment137713906_78112924)
-require_relative "sinks/kernel" if RUBY_VERSION >= "3.0"
+require_relative "sinks/kernel"
 
 require_relative "sinks/file"
 require_relative "sinks/socket"

data/lib/aikido/zen/sinks_dsl.rb

@@ -109,10 +109,14 @@ module Aikido::Zen
       #
       # @return [void]
       def presafe_sink_before(method_name, &block)
+        original = instance_method(method_name)
+
         define_method(method_name) do |*args, **kwargs, &blk|
           instance_exec(*args, **kwargs, &block)
-          super(*args, **kwargs, &blk)
+          original.bind_call(self, *args, **kwargs, &blk)
         end
+      rescue NameError
+        Aikido::Zen.config.logger.warn("cannot wrap method `#{method_name}' for class `#{self}'")
       end
 
       # Define a method `method_name` that safely executes the given block before
@@ -145,11 +149,15 @@ module Aikido::Zen
       #
       # @return [void]
       def presafe_sink_after(method_name, &block)
+        original = instance_method(method_name)
+
         define_method(method_name) do |*args, **kwargs, &blk|
-          result = super(*args, **kwargs, &blk)
+          result = original.bind_call(self, *args, **kwargs, &blk)
           instance_exec(result, *args, **kwargs, &block)
           result
         end
+      rescue NameError
+        Aikido::Zen.config.logger.warn("cannot wrap method `#{method_name}' for class `#{self}'")
       end
 
       # Define a method `method_name` that safely executes the given block after
@@ -177,20 +185,24 @@ module Aikido::Zen
       #
       # @param method_name [Symbol, String] the name of the method to define
       # @yield the block to execute around the original method
-      # @yieldparam super_call [Proc] the proc that calls the original method
+      # @yieldparam original_call [Proc] the proc that calls the original method
       # @yieldparam args [Array] the positional arguments passed to the original method
       # @yieldparam kwargs [Hash] the keyword arguments passed to the original method
       #
       # @return [void]
       def presafe_sink_around(method_name, &block)
+        original = instance_method(method_name)
+
         define_method(method_name) do |*args, **kwargs, &blk|
           result = nil
-          super_call = proc do
-            result = super(*args, **kwargs, &blk)
+          original_call = proc do
+            result = original.bind_call(self, *args, **kwargs, &blk)
           end
-          instance_exec(super_call, *args, **kwargs, &block)
+          instance_exec(original_call, *args, **kwargs, &block)
           result
         end
+      rescue NameError
+        Aikido::Zen.config.logger.warn("cannot wrap method `#{method_name}' for class `#{self}'")
       end
 
       # Define a method `method_name` that safely executes the given block around
@@ -198,27 +210,27 @@ module Aikido::Zen
       #
       # @param method_name [Symbol, String] the name of the method to define
       # @yield the block to execute around the original method
-      # @yieldparam super_call [Proc] the proc that calls the original method
+      # @yieldparam original_call [Proc] the proc that calls the original method
       # @yieldparam args [Array] the positional arguments passed to the original method
       # @yieldparam kwargs [Hash] the keyword arguments passed to the original method
       #
       # @return [void]
       #
       # @note the block is executed within `safe` to handle errors safely; the original method is executed within `presafe` to preserve the original behavior
-      # @note if the block does not call `super_call`, the original method is called automatically after the block is executed
+      # @note if the block does not call `original_call`, the original method is called automatically after the block is executed
       def sink_around(method_name, &block)
-        presafe_sink_around(method_name) do |presafe_super_call, *args, **kwargs|
-          super_called = false
-          super_call = proc do
-            super_called = true
+        presafe_sink_around(method_name) do |presafe_original_call, *args, **kwargs|
+          original_called = false
+          original_call = proc do
+            original_called = true
             DSL.presafe do
-              presafe_super_call.call
+              presafe_original_call.call
             end
           end
           DSL.safe do
-            instance_exec(super_call, *args, **kwargs, &block)
+            instance_exec(original_call, *args, **kwargs, &block)
           end
-          presafe_super_call.call unless super_called
+          presafe_original_call.call unless original_called
         end
       end
     end

data/lib/aikido/zen/version.rb

@@ -2,7 +2,7 @@
 
 module Aikido
   module Zen
-    VERSION = "1.0.1.beta.4"
+    VERSION = "1.0.1.beta.5"
 
     # The version of libzen_internals that we build against.
     LIBZEN_VERSION = "0.1.39"

data/lib/aikido/zen.rb

@@ -39,7 +39,7 @@ module Aikido
       return unless config.protect?
 
       unless load_sources! && load_sinks!
-        config.logger.warn "Zen could not find any supported libraries or frameworks. Visit https://github.com/AikidoSec/firewall-ruby for more information."
+        config.logger.warn("Zen could not find any supported libraries or frameworks. Visit https://github.com/AikidoSec/firewall-ruby for more information.")
         return
       end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aikido-zen
 version: !ruby/object:Gem::Version
-  version: 1.0.1.beta.4
+  version: 1.0.1.beta.5
 platform: arm64-linux-musl
 authors:
 - Aikido Security
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-08-11 00:00:00.000000000 Z
+date: 2025-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby