console1984 0.1.1 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6c81de72722b12e6a998fafaeba1d39b85532998751ef112b683413d6f0936cd
-  data.tar.gz: 734a353f1bf41d8dd2a6e55cf1e5c4f9163d5d0fc12f5ba77727c4ad221cc709
+  metadata.gz: 44d77add0193cc1bb27955cb70d0d3e58153a17524e6d3b93a15179700322c58
+  data.tar.gz: b36e25eb75d6b1d113ae3653118115da747122e10af23d38ea00ebd72f3427cc
 SHA512:
-  metadata.gz: 48fdc3a58ac26fafd4ee5137cddfb1f878a3abdcc8a6c230fdc8e6c6629eb936401c8f4dda7f7974983eba961c6249ebf68ce1abda00c702b3d874f760ffbac7
-  data.tar.gz: 3e13e25fe6af1380d39f566b345fcce7b25b73a7afa74368de2c49d8f329d55721a5f90e13740bdddc22079aba650d8429ecdba95fdde7287e3ed95d05d0fb73
+  metadata.gz: 07d029ed6dcd845cbc30c035ccdb2a9879983f1660c028530dfc8873673d212f9230ffc9ad8870b1806a981317dad06d48c95b53cdebe728a37bc585bd182e29
+  data.tar.gz: c9dfd6cd41b27c000b0f37a22ee9b1d4fbbdd32081b22735636d90c62175c2cb8f55b3ef94f90c9ac706a72838b67e8a8130e813943fe908f3860bf631365c8f

data/README.md

@@ -1,95 +1,155 @@
+![example workflow](https://github.com/basecamp/console1984/actions/workflows/build.yml/badge.svg)
+
 # Console1984
 
-A Rails Console that audits commands and protects users privacy.
+A Rails console extension that protects sensitive accesses and makes them auditable.
 
 > “If you want to keep a secret, you must also hide it from yourself.”
-> 
+>
 > ― George Orwell, 1984
 
-## Usage
+If you are looking for the auditing tool, check [`audits1984`](https://github.com/basecamp/audits1984).
+
+![Terminal screenshot showing console1984 asking for a reason for the session](docs/images/console-session-reason.png)
 
-Add this line to your application's Gemfile:
+## Installation
+
+Add it to your `Gemfile`:
 
 ```ruby
 gem 'console1984'
 ```
 
-By default, `console1984` will only work in `production`. [You can configure other environments](#protected-environments). 
-
-## Features
-
-### Auditing
-
-The console will ask for a reason for the console session, identifying the user via the environment
-variable `CONSOLE_USER`.
-
-After that, every command the user types will be captured and logged. `console1984` uses
-[`rails-structured-logggin`](https://github.com/basecamp/rails-structured-logging) to form
-a JSON entry that looks like this:
-
-```json
-{
-  "@timestamp": "2020-05-15T15:05:45.845642+02:00",
-  "ecs": {
-    "version": "1.2.0"
-  },
-  "event": {
-    "action": "console.audit_trail",
-    "duration": {
-      "ms": 0.01
-    }
-  },
-  "console": {
-    "user": "Jorge",
-    "reason": "fix something",
-    "commands": "Account.first\n"
-  },
-  "rails": {
-    "application": "haystack",
-    "env": "beta"
-  },
-  "ruby": {
-    "allocations": {
-      "count": 0
-    }
-  },
-  "process": {
-    "pid": 8539,
-    "name": "rails_console",
-    "working_directory": "/Users/jorge/Work/basecamp/haystack"
-  },
-  "performance": {
-    "time": {
-      "cpu": {
-        "ms": 0.01
-      },
-      "idle": {
-        "ms": 0.0
-      }
-    }
-  },
-  "original": "  Account Load (1.0ms)  SELECT `accounts`.* FROM `accounts` ORDER BY `accounts`.`id` ASC LIMIT 1\n"
-}
+Create tables to store console activity in the database:
+
+```ruby
+rails console1984:install:migrations
+rails db:migrate
 ```
 
-## Configuration
+By default, console1984 is only enabled in `production`. You can configure the target environments in your `application.rb`:
+
+```ruby
+config.console1984.protected_environments = %i[ production staging ]
+```
+
+## How it works
+
+### Session activity logging
+
+When starting a console session, it will ask for a reason. Internally, it will use this reason to document the console session and record all the commands executed in it.
+
+```
+$ rails c
+
+You have access to production data here. That's a big deal. As part of our promise to keep customer data safe and private, we audit the commands you type here. Let's get started!
+
 
-### Protected environments
 
-<a name="protected-environments"></a>
+Commands:
 
-By default, `console1984` will only be enabled in `production`. You can configure the target environments with
-`config.console1984.protected_environments`:
+* decrypt!: enter unprotected mode with access to encrypted information
+
+Unnamed, why are you using this console today?
+
+> ...
+```
+
+### Auditing sessions
+
+Check out [`audits1984`](https://github.com/basecamp/audits1984), a companion auditing tool prepared to work with `console1984` database session trails.
+
+### Access to encrypted data
+
+By default, `console1984` won't decrypt data encrypted with [Active Record encryption](https://edgeguides.rubyonrails.org/active_record_encryption.html). Users will just see the ciphertexts.
+
+To decrypt data, enter the command `decrypt!`. It will ask for a justification, and these accesses will be flagged internally as sensitive.
 
 ```ruby
-config.console1984.protected_environments = %i[ staging production ]
+irb(main)> Topic.last.name
+  Topic Load (1.4ms)  SELECT `topics`.* FROM `topics` ORDER BY `topics`.`id` DESC LIMIT 1
+=> "{\"p\":\"iu6+LfnNlurC6sL++JyOIDvedjNSz/AvnZQ=\",\"h\":{\"iv\":\"BYa86+JNM/LdkC18\",\"at\":\"r4sQNoSyIlAjJdZEKHVMow==\",\"k\":{\"p\":\"7L1l/5UiYsFQqqo4jfMZtLwp90KqcrIgS7HqgteVjuM=\",\"h\":{\"iv\":\"ItwRYxZAerKIoSZ8\",\"at\":\"ZUSNVfvtm4wAYWLBKRAx/g==\",\"e\":\"QVNDSUktOEJJVA==\"}},\"i\":\"OTdiOQ==\"}}"
+irb(main)> decrypt!
 ```
 
-### Audit logger
+```
+Before you can access personal information, you need to ask for and get explicit consent from the user(s). Unnamed, where can we find this consent (a URL would be great)?
+
+> ...
 
-By default, the console will output JSON entries for audit trails to STDOUT. You can configure the
-used logger with `config.console1984.audit_logger`: 
+Ok! You have access to encrypted information now. We pay extra close attention to any commands entered while you have this access. You can go back to protected mode with 'encrypt!'
+
+WARNING: Make sure you don`t save objects that were loaded while in protected mode, as this can result in saving the encrypted texts.
+```
 
 ```ruby
-config.console1984.audit_logger = ActiveSupport::Logger.new("log/console.txt")
+irb(main)> Topic.last.name
+  Topic Load (1.2ms)  SELECT `topics`.* FROM `topics` ORDER BY `topics`.`id` DESC LIMIT 1
+=> "Thanks for the inspiration"
 ```
+
+You can type `encrypt!` to go back to protected mode again.
+
+```ruby
+irb(main):004:0> encrypt!
+```
+
+```
+Great! You are back in protected mode. When we audit, we may reach out for a conversation about the commands you entered. What went well? Did you solve the problem without accessing personal data?
+```
+
+```ruby
+irb(main)> Topic.last.name
+  Topic Load (1.4ms)  SELECT `topics`.* FROM `topics` ORDER BY `topics`.`id` DESC LIMIT 1
+=> "{\"p\":\"iu6+LfnNlurC6sL++JyOIDvedjNSz/AvnZQ=\",\"h\":{\"iv\":\"BYa86+JNM/LdkC18\",\"at\":\"r4sQNoSyIlAjJdZEKHVMow==\",\"k\":{\"p\":\"7L1l/5UiYsFQqqo4jfMZtLwp90KqcrIgS7HqgteVjuM=\",\"h\":{\"iv\":\"ItwRYxZAerKIoSZ8\",\"at\":\"ZUSNVfvtm4wAYWLBKRAx/g==\",\"e\":\"QVNDSUktOEJJVA==\"}},\"i\":\"OTdiOQ==\"}}"
+```
+
+While in protected mode, you can't modify encrypted data, but can save unencrypted attributes normally. If you try to modify an encrypted column it will raise an error:
+
+```ruby
+irb(main)> Rails.cache.read("some key") # raises Console1984::Errors::ProtectedConnection
+```
+
+### Access to external systems
+
+While Active Record encryption can protect personal information in the database, are other systems can contain very sensitive information. For example: Elasticsearch indexing user information or Redis caching template fragments.
+
+To protect the access to such systems, you can add their URLs to `config.console1984.protected_urls` in the corresponding environment config file (e.g: `production.rb`):
+
+```ruby
+config.console1984.protected_urls = [ "https://my-app-us-east-1-whatever.us-east-1.es.amazonaws.com", "redis://my-app-cache-1.whatever.cache.amazonaws.com:6379" ]
+```
+
+As with encryption data, running `decrypt!` will let you access these systems normally. The system will ask for a justfication and will flag those accesses as sensitive.
+
+This will work for systems that use Ruby sockets as the underlying communication mechanism.
+
+### Automatic scheduled incineration for sessions
+
+By default, sessions will be incinerated with a job 30 days after they are created. You can configure this period by setting `config.console1984.incinerate_after = 1.year` and you can disable incineration completely by setting `config.console1984.incinerate = false`.
+
+### Eager loading
+
+When starting a console session, `console1984` will eager load all the application classes if necessary. In practice, production environments already load classes eagerly, so this won't represent any change for those.  
+
+## Configuration
+
+These config options are namespaced in `config.console1984`:
+
+| Name                                        | Description                                                  |
+| ------------------------------------------- | ------------------------------------------------------------ |
+| `protected_environments`                    | The list of environments where `console1984` will act on. Defaults to `%i[ production ]`. |
+| `protected_urls`                            | The list of URLs corresponding with external systems to protect. |
+| `session_logger`                            | The system used to record session data. The default logger is `Console1984::SessionsLogger::Database`. |
+| `username_resolver`                         | Configure an object responsible of resolving the current database username. The default is `Console1984::Username::EnvResolver.new("CONSOLE_USER")`, which returns the value of the environment variable `CONSOLE_USER`. |
+| `production_data_warning`                   | The text to show when a console session starts.              |
+| `enter_unprotected_encryption_mode_warning` | The text to show when user enters into unprotected mode.     |
+| `enter_protected_mode_warning`              | The text to show when user go backs to protected mode.       |
+| `incinerate`                                | Whether incinerate sessions automatically after a period of time or not. Default to `true`. |
+| `incinerate_after`                          | The period to keep sessions around before incinerate them. Default `30.days`. |
+| `incineration_queue`                        | The name of the queue for session incineration jobs. Default `console1984_incineration`. |
+
+## About built-in protection mechanisms
+
+`console1984` uses Ruby to add several protection mechanisms. However, because Ruby is highly dynamic, it's technically possible to circumvent most of these controls if you know what you are doing. We have made an effort to prevent such attempts, but if your organization needs bullet-proof protection against malicious actors using the console, you should consider additional security measures.
+

data/lib/console1984/commands.rb

@@ -1,4 +1,6 @@
 module Console1984::Commands
+  include Console1984::Freezeable
+
   def decrypt!
     supervisor.enable_access_to_encrypted_content
   end

data/lib/console1984/config.rb

@@ -0,0 +1,49 @@
+# Container for config options.
+class Console1984::Config
+  include Console1984::Freezeable, Console1984::Messages
+
+  PROPERTIES = %i[
+    session_logger username_resolver
+    protected_environments protected_urls
+    production_data_warning enter_unprotected_encryption_mode_warning enter_protected_mode_warning
+    incinerate incinerate_after incineration_queue
+    debug test_mode
+  ]
+
+  attr_accessor(*PROPERTIES)
+
+  def initialize
+    set_defaults
+  end
+
+  def set_from(properties)
+    properties.each do |key, value|
+      public_send("#{key}=", value) if value.present?
+    end
+  end
+
+  def freeze
+    super
+    protected_urls.freeze
+  end
+
+  private
+    def set_defaults
+      self.protected_environments = []
+      self.protected_urls = []
+
+      self.session_logger = Console1984::SessionsLogger::Database.new
+      self.username_resolver = Console1984::Username::EnvResolver.new("CONSOLE_USER")
+
+      self.production_data_warning = DEFAULT_PRODUCTION_DATA_WARNING
+      self.enter_unprotected_encryption_mode_warning = DEFAULT_ENTER_UNPROTECTED_ENCRYPTION_MODE_WARNING
+      self.enter_protected_mode_warning = DEFAULT_ENTER_PROTECTED_MODE_WARNING
+
+      self.incinerate = true
+      self.incinerate_after = 30.days
+      self.incineration_queue = "console1984_incineration"
+
+      self.debug = false
+      self.test_mode = false
+    end
+end

data/lib/console1984/engine.rb

@@ -10,19 +10,16 @@ module Console1984
 
     initializer "console1984.config" do
       config.console1984.each do |key, value|
-        Console1984.send("#{key}=", value) unless %i[ protected_urls protected_environments ].include?(key.to_sym)
+        Console1984.config.send("#{key}=", value) unless %i[ protected_urls protected_environments ].include?(key.to_sym)
       end
     end
 
     console do
-      Console1984.install_support(config.console1984)
-      Console1984.supervisor.start if Console1984.running_protected_environment?
+      Console1984.config.set_from(config.console1984)
 
-      class OpenSSL::SSL::SSLSocket
-        # Make it serve remote address as TCPSocket so that our extension works for it
-        def remote_address
-          Addrinfo.getaddrinfo(hostname, 443).first
-        end
+      if Console1984.running_protected_environment?
+        Console1984.supervisor.install
+        Console1984.supervisor.start
       end
     end
   end

data/lib/console1984/errors.rb

@@ -9,5 +9,6 @@ module Console1984
 
     class ForbiddenCommand < StandardError; end
     class ForbiddenIncineration < StandardError; end
+    class ForbiddenCodeManipulation < StandardError; end
   end
 end

data/lib/console1984/freezeable.rb

@@ -0,0 +1,54 @@
+# Prevents adding new methods to classes.
+#
+# This prevents manipulating certain Console1984 classes
+# during a console session.
+module Console1984::Freezeable
+  extend ActiveSupport::Concern
+
+  mattr_reader :to_freeze, default: Set.new
+
+  included do
+    Console1984::Freezeable.to_freeze << self
+  end
+
+  class_methods do
+    SENSITIVE_INSTANCE_METHODS = %i[ instance_variable_set ]
+
+    def prevent_sensitive_overrides
+      SENSITIVE_INSTANCE_METHODS.each do |method|
+        prevent_sensitive_method method
+      end
+    end
+
+    private
+      def prevent_sensitive_method(method_name)
+        define_method method_name do |*arguments|
+          raise Console1984::Errors::ForbiddenCodeManipulation, "You can't invoke #{method_name} on #{self}"
+        end
+      end
+  end
+
+  class << self
+    def freeze_all
+      class_and_modules_to_freeze.each do |class_or_module|
+        freeze_class_or_module(class_or_module)
+      end
+    end
+
+    private
+      def class_and_modules_to_freeze
+        with_descendants(to_freeze)
+      end
+
+      def freeze_class_or_module(class_or_module)
+        class_or_module.prevent_sensitive_overrides
+        class_or_module.freeze
+      end
+
+      def with_descendants(classes_and_modules)
+        classes_and_modules + classes_and_modules.grep(Class).flat_map(&:descendants)
+      end
+  end
+
+  freeze
+end

data/lib/console1984/messages.rb

@@ -17,8 +17,7 @@ module Console1984::Messages
   TXT
 
   COMMANDS = {
-      "decrypt!": "enter unprotected mode with access to encrypted information",
-      "log '<reason>'": "provide further information about what you are going to do in the middle of a console session"
+      "decrypt!": "enter unprotected mode with access to encrypted information"
   }
 
   COMMANDS_HELP = <<~TXT

data/lib/console1984/protected_auditable_tables.rb

@@ -1,26 +1,30 @@
-module Console1984
-  module ProtectedAuditableTables
-    %i[ execute exec_query exec_insert exec_delete exec_update exec_insert_all ].each do |method|
-      define_method method do |*args|
-        sql = args.first
-        if Console1984.supervisor.executing_user_command? && sql =~ auditable_tables_regexp
-          raise Console1984::Errors::ForbiddenCommand, "#{sql}"
-        else
-          super(*args)
-        end
+# Prevents accessing trail model tables when executing console commands.
+module Console1984::ProtectedAuditableTables
+  include Console1984::Freezeable
+
+  %i[ execute exec_query exec_insert exec_delete exec_update exec_insert_all ].each do |method|
+    define_method method do |*args|
+      sql = args.first
+      if Console1984.supervisor.executing_user_command? && sql =~ auditable_tables_regexp
+        raise Console1984::Errors::ForbiddenCommand, "#{sql}"
+      else
+        super(*args)
       end
     end
+  end
 
-    private
-      AUDITABLE_MODELS = [ Console1984::User, Console1984::Session, Console1984::Command, Console1984::SensitiveAccess ]
+  private
+    def auditable_tables_regexp
+      @auditable_tables_regexp ||= Regexp.new("#{auditable_tables.join("|")}")
+    end
 
-      def auditable_tables_regexp
-        @auditable_tables_regexp ||= Regexp.new("#{auditable_tables.join("|")}")
-      end
+    def auditable_tables
+      @auditable_tables ||= auditable_models.collect(&:table_name)
+    end
 
-      def auditable_tables
-        # TODO: Not using Console1984::Base.descendants during development to make this work without eager loading
-        @auditable_tables ||= AUDITABLE_MODELS.collect(&:table_name)
-      end
-  end
+    def auditable_models
+      @auditable_models ||= Console1984::Base.descendants
+    end
+
+    include Console1984::Freezeable
 end

data/lib/console1984/protected_context.rb

@@ -1,15 +1,20 @@
 module Console1984::ProtectedContext
-  # Protect the code to show inspected objects too. This method is invoked
-  # for showing returned objects in the console
+  include Console1984::Freezeable
+
+  # This method is invoked for showing returned objects in the console
+  # Overridden to make sure their evaluation is supervised.
   def inspect_last_value
     Console1984.supervisor.execute do
       super
     end
   end
 
+  #
   def evaluate(line, line_no, exception: nil)
     Console1984.supervisor.execute_supervised(Array(line)) do
       super
     end
   end
+
+  include Console1984::Freezeable
 end

data/lib/console1984/protected_object.rb

@@ -0,0 +1,15 @@
+module Console1984::ProtectedObject
+  extend ActiveSupport::Concern
+
+  include Console1984::Freezeable
+
+  class_methods do
+    def const_get(*arguments)
+      if Console1984.supervisor.executing_user_command? && arguments.first.to_s =~ /Console1984|ActiveRecord/
+        raise Console1984::Errors::ForbiddenCommand
+      else
+        super
+      end
+    end
+  end
+end

data/lib/console1984/protected_tcp_socket.rb

@@ -1,4 +1,7 @@
+# Wraps socket methods to execute supervised.
 module Console1984::ProtectedTcpSocket
+  include Console1984::Freezeable
+
   def write(*args)
     protecting do
       super
@@ -53,4 +56,6 @@ module Console1984::ProtectedTcpSocket
         super(addrinfo.ip_address, addrinfo.ip_port)
       end
     end
+
+    include Console1984::Freezeable
 end

data/lib/console1984/sessions_logger/database.rb

@@ -1,10 +1,13 @@
+# A session logger that saves audit trails in the database.
 class Console1984::SessionsLogger::Database
+  include Console1984::Freezeable
+
   attr_reader :current_session, :current_sensitive_access
 
   def start_session(username, reason)
     silence_logging do
-      user = Console1984::User.create_or_find_by!(username: username)
-      @current_session = user.sessions.create! reason: reason
+      user = Console1984::User.find_or_create_by!(username: username)
+      @current_session = user.sessions.create!(reason: reason)
     end
   end
 

data/lib/console1984/supervisor/accesses/protected.rb

@@ -1,4 +1,6 @@
 class Console1984::Supervisor::Accesses::Protected
+  include Console1984::Freezeable
+
   def execute(&block)
     Console1984.protecting(&block)
   end

data/lib/console1984/supervisor/accesses/unprotected.rb

@@ -1,4 +1,6 @@
 class Console1984::Supervisor::Accesses::Unprotected
+  include Console1984::Freezeable
+
   def execute(&block)
     block.call
   end

data/lib/console1984/supervisor/accesses.rb

@@ -1,5 +1,5 @@
 module Console1984::Supervisor::Accesses
-  include Console1984::Messages
+  include Console1984::Messages, Console1984::Freezeable
 
   PROTECTED_ACCESS = Protected.new
   UNPROTECTED_ACCESS = Unprotected.new

data/lib/console1984/supervisor/executor.rb

@@ -1,13 +1,16 @@
 module Console1984::Supervisor::Executor
   extend ActiveSupport::Concern
 
+  include Console1984::Freezeable
+
   def execute_supervised(commands, &block)
     run_system_command { session_logger.before_executing commands }
+    validate_commands(commands)
     execute(&block)
-  rescue Console1984::Errors::ForbiddenCommand
-    puts "Forbidden command attempted: #{commands.join("\n")}"
-    run_system_command { session_logger.suspicious_commands_attempted commands }
-    nil
+  rescue Console1984::Errors::ForbiddenCommand, Console1984::Errors::ForbiddenCodeManipulation, FrozenError
+    flag_forbidden(commands)
+  rescue FrozenError
+    flag_forbidden(commands)
   ensure
     run_system_command { session_logger.after_executing commands }
   end
@@ -23,6 +26,12 @@ module Console1984::Supervisor::Executor
   end
 
   private
+    def flag_forbidden(commands)
+      puts "Forbidden command attempted: #{commands.join("\n")}"
+      run_system_command { session_logger.suspicious_commands_attempted commands }
+      nil
+    end
+
     def run_user_command(&block)
       run_command true, &block
     end
@@ -31,6 +40,21 @@ module Console1984::Supervisor::Executor
       run_command false, &block
     end
 
+    def validate_commands(commands)
+      if Array(commands).find { |command| forbidden_command?(command) }
+        raise Console1984::Errors::ForbiddenCommand
+      end
+    end
+
+    def forbidden_command?(command)
+      # This is a first protection layer. Very simple for now. We'll likely make this
+      # more sophisticated and configurable in future versions.
+      #
+      # We can't use our +Freezable+ concern in ActiveRecord since it relies on code
+      # generation on the fly.
+      command =~ /Console1984|console_1984|(class|module)\s+ActiveRecord::/
+    end
+
     def run_command(run_by_user, &block)
       original_value = @executing_user_command
       @executing_user_command = run_by_user

data/lib/console1984/supervisor/input_output.rb

@@ -1,11 +1,31 @@
 module Console1984::Supervisor::InputOutput
-  def show_warning(message)
-    puts ColorizedString.new("\n#{message}\n").yellow
-  end
-
-  def ask_for_value(message)
-    puts ColorizedString.new("#{message}").green
-    reason = $stdin.gets.strip until reason.present?
-    reason
-  end
+  include Console1984::Freezeable, Console1984::Messages
+
+  private
+    def show_welcome_message
+      show_production_data_warning
+      show_commands
+    end
+
+    def show_production_data_warning
+      show_warning Console1984.production_data_warning
+    end
+
+    def ask_for_session_reason
+      ask_for_value("#{current_username}, why are you using this console today?")
+    end
+
+    def show_commands
+      puts COMMANDS_HELP
+    end
+
+    def show_warning(message)
+      puts ColorizedString.new("\n#{message}\n").yellow
+    end
+
+    def ask_for_value(message)
+      puts ColorizedString.new("#{message}").green
+      reason = $stdin.gets.strip until reason.present?
+      reason
+    end
 end

data/lib/console1984/supervisor/protector.rb

@@ -0,0 +1,55 @@
+module Console1984::Supervisor::Protector
+  extend ActiveSupport::Concern
+
+  include Console1984::Freezeable
+
+  private
+    def extend_protected_systems
+      extend_object
+      extend_irb
+      extend_active_record
+      extend_socket_classes
+    end
+
+    def extend_object
+      Object.prepend Console1984::ProtectedObject
+    end
+
+    def extend_irb
+      IRB::Context.prepend(Console1984::ProtectedContext)
+      Rails::ConsoleMethods.include(Console1984::Commands)
+    end
+
+    ACTIVE_RECORD_CONNECTION_ADAPTERS = %w[ActiveRecord::ConnectionAdapters::Mysql2Adapter ActiveRecord::ConnectionAdapters::PostgreSQLAdapter ActiveRecord::ConnectionAdapters::SQLite3Adapter]
+
+    def extend_active_record
+      ACTIVE_RECORD_CONNECTION_ADAPTERS.each do |class_string|
+        if Object.const_defined?(class_string)
+          klass = class_string.constantize
+          klass.prepend(Console1984::ProtectedAuditableTables)
+          klass.include(Console1984::Freezeable)
+        end
+      end
+    end
+
+    def extend_socket_classes
+      socket_classes = [TCPSocket, OpenSSL::SSL::SSLSocket]
+      OpenSSL::SSL::SSLSocket.include(SSLSocketRemoteAddress)
+
+      if defined?(Redis::Connection)
+        socket_classes.push(*[Redis::Connection::TCPSocket, Redis::Connection::SSLSocket])
+      end
+
+      socket_classes.compact.each do |socket_klass|
+        socket_klass.prepend Console1984::ProtectedTcpSocket
+        socket_klass.freeze
+      end
+    end
+
+    module SSLSocketRemoteAddress
+      # Make it serve remote address as TCPSocket so that our extension works for it
+      def remote_address
+        Addrinfo.getaddrinfo(hostname, 443).first
+      end
+    end
+end

data/lib/console1984/supervisor.rb

@@ -1,48 +1,61 @@
 require 'colorized_string'
 require 'rails/console/app'
 
+# Protects console sessions and executes code in supervised mode.
 class Console1984::Supervisor
-  include Accesses, InputOutput, Executor
+  include Accesses, Console1984::Freezeable, Executor, InputOutput, Protector
 
-  attr_reader :session_id
-  delegate :session_logger, :username_resolver, to: Console1984
-
-  def initialize
-    disable_access_to_encrypted_content(silent: true)
+  def install
+    extend_protected_systems
+    freeze_all
   end
 
+  # Starts a console session extending IRB and several systems to inject
+  # the protection logic, and notifies the session logger to record the
+  # session.
   def start
-    show_production_data_warning
-    show_commands
+    disable_access_to_encrypted_content(silent: true)
 
-    extend_irb
+    show_welcome_message
 
-    session_logger.start_session current_username, ask_for_session_reason
+    start_session
   end
 
   def stop
-    session_logger.finish_session
+    stop_session
   end
 
   private
-    def current_username
-      username_resolver.current
+    def start_session
+      session_logger.start_session current_username, ask_for_session_reason
+    end
+
+    def stop_session
+      session_logger.finish_session
     end
 
-    def show_production_data_warning
-      show_warning Console1984.production_data_warning
+    def freeze_all
+      eager_load_all_classes
+      Console1984.config.freeze unless Console1984.config.test_mode
+      Console1984::Freezeable.freeze_all
     end
 
-    def extend_irb
-      IRB::Context.prepend(Console1984::ProtectedContext)
-      Rails::ConsoleMethods.include(Console1984::Commands)
+    def eager_load_all_classes
+      Rails.application.eager_load! unless Rails.application.config.eager_load
+      Console1984.class_loader.eager_load
     end
 
-    def ask_for_session_reason
-      ask_for_value("#{current_username}, why are you using this console today?")
+    def session_logger
+      Console1984.session_logger
     end
 
-    def show_commands
-      puts COMMANDS_HELP
+    def current_username
+      Console1984.username_resolver.current
     end
+
+    def username_resolver
+      Console1984.username_resolver
+    end
+
+    include Console1984::Freezeable
 end

data/lib/console1984/username/env_resolver.rb

@@ -1,4 +1,8 @@
+# A username resolver that returns the value of a given
+# environment variable.
 class Console1984::Username::EnvResolver
+  include Console1984::Freezeable
+
   def initialize(key)
     @key = key
   end

data/lib/console1984/version.rb

@@ -1,3 +1,3 @@
 module Console1984
-  VERSION = '0.1.1'
+  VERSION = '0.1.5'
 end

data/lib/console1984.rb

@@ -1,42 +1,21 @@
 require 'console1984/engine'
 
 require "zeitwerk"
-loader = Zeitwerk::Loader.for_gem
-loader.setup
+class_loader = Zeitwerk::Loader.for_gem
+class_loader.setup
 
 module Console1984
-  include Messages
+  include Messages, Freezeable
 
-  mattr_accessor :supervisor
-  mattr_accessor :session_logger
-  mattr_accessor :username_resolver
-
-  mattr_accessor :protected_environments
-  mattr_reader :protected_urls, default: []
-
-  mattr_reader :production_data_warning, default: DEFAULT_PRODUCTION_DATA_WARNING
-  mattr_reader :enter_unprotected_encryption_mode_warning, default: DEFAULT_ENTER_UNPROTECTED_ENCRYPTION_MODE_WARNING
-  mattr_reader :enter_protected_mode_warning, default: DEFAULT_ENTER_PROTECTED_MODE_WARNING
-
-  mattr_accessor :incinerate, default: true
-  mattr_accessor :incinerate_after, default: 30.days
-  mattr_accessor :incineration_queue, default: "console1984_incineration"
-
-  mattr_accessor :debug, default: false
+  mattr_accessor :supervisor, default: Supervisor.new
+  mattr_reader :config, default: Config.new
+  mattr_accessor :class_loader
 
   thread_mattr_accessor :currently_protected_urls, default: []
 
   class << self
-    def install_support(config)
-      self.protected_environments ||= config.protected_environments
-      self.protected_urls.push(*config.protected_urls)
-      self.session_logger = config.session_logger || Console1984::SessionsLogger::Database.new
-      self.username_resolver = config.username_resolver || Console1984::Username::EnvResolver.new("CONSOLE_USER")
-
-      self.supervisor = Supervisor.new
-      self.protected_urls.freeze
-
-      extend_protected_systems
+    Config::PROPERTIES.each do |property|
+      delegate property, to: :config
     end
 
     def running_protected_environment?
@@ -50,31 +29,6 @@ module Console1984
     end
 
     private
-      def extend_protected_systems
-        extend_active_record
-        extend_socket_classes
-      end
-
-      def extend_active_record
-        %w[ActiveRecord::ConnectionAdapters::Mysql2Adapter ActiveRecord::ConnectionAdapters::PostgreSQLAdapter ActiveRecord::ConnectionAdapters::SQLite3Adapter].each do |class_string|
-          if Object.const_defined?(class_string)
-            klass = class_string.constantize
-            klass.prepend(Console1984::ProtectedAuditableTables)
-          end
-        end
-      end
-
-      def extend_socket_classes
-        socket_classes = [TCPSocket, OpenSSL::SSL::SSLSocket]
-        if defined?(Redis::Connection)
-          socket_classes.push(*[Redis::Connection::TCPSocket, Redis::Connection::SSLSocket])
-        end
-
-        socket_classes.compact.each do |socket_klass|
-          socket_klass.prepend Console1984::ProtectedTcpSocket
-        end
-      end
-
       def protecting_connections
         old_currently_protected_urls = self.currently_protected_urls
         self.currently_protected_urls = protected_urls
@@ -84,3 +38,5 @@ module Console1984
       end
   end
 end
+
+Console1984.class_loader = class_loader

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: console1984
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.5
 platform: ruby
 authors:
 - Jorge Manrubia
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-18 00:00:00.000000000 Z
+date: 2021-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -94,6 +94,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rubocop-rails
   requirement: !ruby/object:Gem::Requirement
@@ -143,12 +157,14 @@ files:
 - db/migrate/20210517203931_create_console1984_tables.rb
 - lib/console1984.rb
 - lib/console1984/commands.rb
+- lib/console1984/config.rb
 - lib/console1984/engine.rb
-- lib/console1984/env_variable_username.rb
 - lib/console1984/errors.rb
+- lib/console1984/freezeable.rb
 - lib/console1984/messages.rb
 - lib/console1984/protected_auditable_tables.rb
 - lib/console1984/protected_context.rb
+- lib/console1984/protected_object.rb
 - lib/console1984/protected_tcp_socket.rb
 - lib/console1984/sessions_logger/database.rb
 - lib/console1984/supervisor.rb
@@ -157,6 +173,7 @@ files:
 - lib/console1984/supervisor/accesses/unprotected.rb
 - lib/console1984/supervisor/executor.rb
 - lib/console1984/supervisor/input_output.rb
+- lib/console1984/supervisor/protector.rb
 - lib/console1984/username/env_resolver.rb
 - lib/console1984/version.rb
 - test/fixtures/console1984/commands.yml

data/lib/console1984/env_variable_username.rb

@@ -1,9 +0,0 @@
-class Console1984::EnvVariableUsername
-  def initialize(key)
-    @username = ENV[key]
-  end
-
-  def current_user_name
-    @username
-  end
-end