aikido-zen 1.0.4-x86_64-darwin → 1.0.6-x86_64-darwin
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/docs/config.md +16 -4
- data/lib/aikido/zen/config.rb +7 -0
- data/lib/aikido/zen/rails_engine.rb +14 -6
- data/lib/aikido/zen/version.rb +1 -1
- data/lib/aikido/zen/worker.rb +2 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 165b83a0e7676d361b152becf0a158970360b0ca67df6954ef48f6b026d63c39
|
|
4
|
+
data.tar.gz: 0b8c71d3b57ffc78b51ccc2a2d272d161daa3ec67ffe0d88fddbbe37b7b7f431
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 58cf73113a883a21a0efa418f76cdd1c42a111dba68c594a8baaf0f89fafb154142174f98839718dd067ef795ab7b62c503dc275bf6e41038c2b9a28960b22d9
|
|
7
|
+
data.tar.gz: 124e175c3bf52e164a8a7c3daede6211b7cd5d645cfa99f859bd4703fb60accf33cb9bcba7816cbd73c2eb5cb7129b652f06af0e6b0d98c78374bc8112cb84dc
|
data/docs/config.md
CHANGED
|
@@ -36,11 +36,23 @@ set it via `Aikido::Zen.config.token = <token>`.
|
|
|
36
36
|
|
|
37
37
|
## Hardened mode
|
|
38
38
|
|
|
39
|
-
Zen hardens methods
|
|
40
|
-
security and performance.
|
|
39
|
+
Zen hardens certain methods by blocking dangerous, undocumented behavior.
|
|
40
|
+
This helps improve security and performance.
|
|
41
41
|
|
|
42
|
-
To disable
|
|
43
|
-
or set `Aikido::Zen.config.harden = false`.
|
|
42
|
+
Hardened mode is enabled by default. To disable it, set `AIKIDO_HARDEN=false`
|
|
43
|
+
in your environment, or set `Aikido::Zen.config.harden = false`.
|
|
44
|
+
|
|
45
|
+
When Zen detects dangerous undocumented behavior, it prevents the operation
|
|
46
|
+
and raises an error, including a backtrace. For example, if code relies on
|
|
47
|
+
undocumented behavior in `File.join`, Zen will raise a descriptive error:
|
|
48
|
+
|
|
49
|
+
```
|
|
50
|
+
TypeError: Zen prevented implicit conversion of Array to String in hardened method. Visit https://github.com/AikidoSec/firewall-ruby for more information.
|
|
51
|
+
...
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
Only disable hardened mode if you are using code that relies on dangerous
|
|
55
|
+
undocumented behavior and that code cannot be changed.
|
|
44
56
|
|
|
45
57
|
## Logger
|
|
46
58
|
|
data/lib/aikido/zen/config.rb
CHANGED
|
@@ -8,6 +8,12 @@ require_relative "context"
|
|
|
8
8
|
|
|
9
9
|
module Aikido::Zen
|
|
10
10
|
class Config
|
|
11
|
+
# @return [Class, Integer, nil] The Rack middleware class or index after which
|
|
12
|
+
# the Zen middleware should be inserted. When set to nil, the middleware is
|
|
13
|
+
# inserted before the first middleware in the then-current middleware stack.
|
|
14
|
+
# Defaults to ::ActionDispatch::Executor.
|
|
15
|
+
attr_accessor :insert_middleware_after
|
|
16
|
+
|
|
11
17
|
# @return [Boolean] whether Aikido should be turned completely off (no
|
|
12
18
|
# intercepting calls to protect the app, no agent process running, no
|
|
13
19
|
# middleware installed). Defaults to false (so, enabled). Can be set
|
|
@@ -178,6 +184,7 @@ module Aikido::Zen
|
|
|
178
184
|
attr_accessor :attack_wave_max_cache_entries
|
|
179
185
|
|
|
180
186
|
def initialize
|
|
187
|
+
self.insert_middleware_after = ::ActionDispatch::Executor
|
|
181
188
|
self.disabled = read_boolean_from_env(ENV.fetch("AIKIDO_DISABLE", false)) || read_boolean_from_env(ENV.fetch("AIKIDO_DISABLED", false))
|
|
182
189
|
self.blocking_mode = read_boolean_from_env(ENV.fetch("AIKIDO_BLOCK", false))
|
|
183
190
|
self.api_timeouts = 10
|
|
@@ -10,10 +10,10 @@ module Aikido::Zen
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
initializer "aikido.add_middleware", after: :load_config_initializers do |app|
|
|
13
|
-
# The
|
|
14
|
-
# middleware
|
|
15
|
-
|
|
16
|
-
|
|
13
|
+
# The Zen middleware is inserted in order as a block after the configured
|
|
14
|
+
# middleware anchor point.
|
|
15
|
+
|
|
16
|
+
middleware_block = [
|
|
17
17
|
Aikido::Zen::Middleware::ForkDetector,
|
|
18
18
|
Aikido::Zen::Middleware::ContextSetter,
|
|
19
19
|
Aikido::Zen::Middleware::AllowedAddressChecker,
|
|
@@ -24,8 +24,16 @@ module Aikido::Zen
|
|
|
24
24
|
Aikido::Zen::Middleware::RequestTracker
|
|
25
25
|
]
|
|
26
26
|
|
|
27
|
-
|
|
28
|
-
|
|
27
|
+
middleware_anchor = Aikido::Zen.config.insert_middleware_after
|
|
28
|
+
|
|
29
|
+
if middleware_anchor.nil?
|
|
30
|
+
app.middleware.insert_before 0, middleware_block.first
|
|
31
|
+
else
|
|
32
|
+
app.middleware.insert_after middleware_anchor, middleware_block.first
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
middleware_block.each_cons(2) do |existing_middleware, middleware|
|
|
36
|
+
app.middleware.insert_after(existing_middleware, middleware)
|
|
29
37
|
end
|
|
30
38
|
|
|
31
39
|
ActiveSupport.on_load(:action_controller) do
|
data/lib/aikido/zen/version.rb
CHANGED
data/lib/aikido/zen/worker.rb
CHANGED
|
@@ -28,7 +28,8 @@ module Aikido::Zen
|
|
|
28
28
|
executor.post do
|
|
29
29
|
yield
|
|
30
30
|
rescue Exception => err # rubocop:disable Lint/RescueException
|
|
31
|
-
@config.logger.error
|
|
31
|
+
@config.logger.error("Error in background worker: #{err.class}: #{err.message}")
|
|
32
|
+
@config.logger.debug(err.backtrace.join("\n"))
|
|
32
33
|
end
|
|
33
34
|
end
|
|
34
35
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aikido-zen
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.6
|
|
5
5
|
platform: x86_64-darwin
|
|
6
6
|
authors:
|
|
7
7
|
- Aikido Security
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-12-
|
|
11
|
+
date: 2025-12-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: concurrent-ruby
|