aikido-zen 1.0.5-arm64-linux → 1.0.7-arm64-linux
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/docs/config.md +16 -13
- data/lib/aikido/zen/sinks/action_controller.rb +5 -0
- data/lib/aikido/zen/version.rb +1 -1
- data/lib/aikido/zen/worker.rb +2 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e47f76914e4629e5fd789d5a8d9c50839fc49f901d418098600690e13d2971e0
|
|
4
|
+
data.tar.gz: 51163c332eedde7ab23bb65a091b5171dc54c676508ce3955e267cadbf5bead6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ec40b829bdc3a3ba40f37e1de2b4daa7342765cdc9a4497006f143411ee43a1656925e84e80095553436c77b36270caf18f009a2e98d67b1ad00b47532a8c09e
|
|
7
|
+
data.tar.gz: 43481deab3aaad1c9c5324b469ca76bdd74bc97c335d9f55fa1a7a4fdbdac06fca1f64aca9373d6161587cf60197f3a11036b1c5ab2d9552b67ee7e83f6bf4b4
|
data/docs/config.md
CHANGED
|
@@ -5,15 +5,6 @@ changing values on the `Aikido::Zen.config` object, which you can do from
|
|
|
5
5
|
your app's startup file (like an initializer in Rails, or `config.ru` in
|
|
6
6
|
other Rack-based apps).
|
|
7
7
|
|
|
8
|
-
## Middleware insertion
|
|
9
|
-
|
|
10
|
-
By default, the Zen middleware is inserted after `ActionDispatch::Executor`.
|
|
11
|
-
You can change this by setting `Aikido::Zen.config.insert_middleware_after`
|
|
12
|
-
to a Rack middleware class or index.
|
|
13
|
-
|
|
14
|
-
When set to `nil`, the middleware is inserted before the first middleware in
|
|
15
|
-
the then-current middleware stack.
|
|
16
|
-
|
|
17
8
|
## Disable Zen
|
|
18
9
|
|
|
19
10
|
In order to fully turn off Zen and prevent it from intercepting any requests or
|
|
@@ -45,11 +36,23 @@ set it via `Aikido::Zen.config.token = <token>`.
|
|
|
45
36
|
|
|
46
37
|
## Hardened mode
|
|
47
38
|
|
|
48
|
-
Zen hardens methods
|
|
49
|
-
security and performance.
|
|
39
|
+
Zen hardens certain methods by blocking dangerous, undocumented behavior.
|
|
40
|
+
This helps improve security and performance.
|
|
41
|
+
|
|
42
|
+
Hardened mode is enabled by default. To disable it, set `AIKIDO_HARDEN=false`
|
|
43
|
+
in your environment, or set `Aikido::Zen.config.harden = false`.
|
|
44
|
+
|
|
45
|
+
When Zen detects dangerous undocumented behavior, it prevents the operation
|
|
46
|
+
and raises an error, including a backtrace. For example, if code relies on
|
|
47
|
+
undocumented behavior in `File.join`, Zen will raise a descriptive error:
|
|
48
|
+
|
|
49
|
+
```
|
|
50
|
+
TypeError: Zen prevented implicit conversion of Array to String in hardened method. Visit https://github.com/AikidoSec/firewall-ruby for more information.
|
|
51
|
+
...
|
|
52
|
+
```
|
|
50
53
|
|
|
51
|
-
|
|
52
|
-
|
|
54
|
+
Only disable hardened mode if you are using code that relies on dangerous
|
|
55
|
+
undocumented behavior and that code cannot be changed.
|
|
53
56
|
|
|
54
57
|
## Logger
|
|
55
58
|
|
|
@@ -20,6 +20,11 @@ module Aikido::Zen
|
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def block?(controller)
|
|
23
|
+
# The abstract controller running the callback is typically an ActionController
|
|
24
|
+
# but it may also be an ActionMailer. ActionMailer does not respond to request.
|
|
25
|
+
# This feature requires a request object to perform checks and enforce blocking.
|
|
26
|
+
return false unless controller.respond_to?(:request)
|
|
27
|
+
|
|
23
28
|
context = controller.request.env[Aikido::Zen::ENV_KEY]
|
|
24
29
|
request = context.request
|
|
25
30
|
|
data/lib/aikido/zen/version.rb
CHANGED
data/lib/aikido/zen/worker.rb
CHANGED
|
@@ -28,7 +28,8 @@ module Aikido::Zen
|
|
|
28
28
|
executor.post do
|
|
29
29
|
yield
|
|
30
30
|
rescue Exception => err # rubocop:disable Lint/RescueException
|
|
31
|
-
@config.logger.error
|
|
31
|
+
@config.logger.error("Error in background worker: #{err.class}: #{err.message}")
|
|
32
|
+
@config.logger.debug(err.backtrace.join("\n"))
|
|
32
33
|
end
|
|
33
34
|
end
|
|
34
35
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aikido-zen
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.7
|
|
5
5
|
platform: arm64-linux
|
|
6
6
|
authors:
|
|
7
7
|
- Aikido Security
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2026-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: concurrent-ruby
|