console1984 0.1.12 → 0.1.16

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a3bfdacf3954fbc30c23046c89f7951d061c419533685fb5ecc2db6a6cf41a1d
4
- data.tar.gz: 0b26c9effb7ffdd1df5ca51c344c53c3d9260bef1b02c4c2d9e6c8949dceb032
3
+ metadata.gz: 22d6415f6dbc30049954458c38027c5a33737429d93141bfdaeb3c9d654ff3a3
4
+ data.tar.gz: 151005da988be49ed8e46c6f73beeea4b2bc2a137d70d6d6296bd87ca4a54256
5
5
  SHA512:
6
- metadata.gz: b24bf1fbfc353fdd8b5ac2194f4f30588281269748ea192def291cdedc19697b1bd75bff71baec0761e45ff08ec78aca78ff41d0b78c8ca6ae1cea4bdb43512e
7
- data.tar.gz: 43628c0bd4f76662b65f1c343885618a4c54e2b8b40d536720f8c3eecd696ae51c03c78329810387598e68042622b6c6c15f6b015caf3b93d6fb3779bf349f95
6
+ metadata.gz: 3ae3c452e1cb58b863ee16f2e90a411419c8fbdb366c1c881801499846861e9a5e5d558eb08091c801b26907dbc92ffdc9f994e2a074e84e39ca98e6c6a7c0bf
7
+ data.tar.gz: 61fac61bac50294544c6035fa981d43fd4fc9818475d1c1132d38f09684c1e94a7bf6ac763e8295acfa12398e212508c8144a3f32ce158e4d3c606362d2cff83
data/README.md CHANGED
@@ -155,9 +155,9 @@ These config options are namespaced in `config.console1984`:
155
155
 
156
156
  ## About built-in protection mechanisms
157
157
 
158
- `console1984` uses Ruby to add several protection mechanisms. However, because Ruby is highly dynamic, it's technically possible to circumvent most of these controls if you know what you are doing. We have made an effort to prevent such attempts, but if your organization needs bullet-proof protection against malicious actors using the console, you should consider additional security measures.
158
+ `console1984` adds many protection mechanisms to prevent tampering. This includes attempts to alter data in auditing tables or monkey patching certain classes to change how the system works. If you find a way to circumvent these tampering controls, please [report an issue](https://github.com/basecamp/console1984/issues).
159
159
 
160
- The current version includes protection mechanisms to avoid tampering the tables that store console sessions. A bullet-proof mechanism would be using a read only connection when user commands are evaluated. Implementing such scheme is possible by writing a custom session logger and leveraging Rails' multi-database support. We would like that future versions of `console1984` supported this scheme directly as a configuration option.
160
+ We aim to make these defense mechanisms as robust as possible, but there might always be open doors because Ruby is highly dynamic. If your organization needs bullet-proof protection against malicious actors using the console, you should consider additional security measures. An example would be using a read-only database user for auditing data while in a console. The gem doesn't offer direct support for doing this, but it's on our radar for future improvement.
161
161
 
162
162
  ## Running the test suite
163
163
 
@@ -5,6 +5,7 @@ validations:
5
5
  - PG
6
6
  - Mysql2
7
7
  - IRB
8
+ - Parser
8
9
  forbidden_constant_reference:
9
10
  always:
10
11
  - Console1984
@@ -6,7 +6,7 @@ module Console1984::Ext::Core::Module
6
6
  extend ActiveSupport::Concern
7
7
 
8
8
  def instance_eval(*)
9
- if Console1984.command_executor.executing_user_command?
9
+ if Console1984.command_executor.from_irb?(caller)
10
10
  raise Console1984::Errors::ForbiddenCommandAttempted
11
11
  else
12
12
  super
@@ -11,6 +11,11 @@ class Console1984::Refrigerator
11
11
  end
12
12
 
13
13
  private
14
+ def eager_load_all_classes
15
+ Rails.application.eager_load! unless Rails.application.config.eager_load
16
+ Console1984.class_loader.eager_load
17
+ end
18
+
14
19
  def freeze_internal_instances
15
20
  Console1984.config.freeze unless Console1984.config.test_mode
16
21
  end
@@ -23,9 +28,4 @@ class Console1984::Refrigerator
23
28
  # Not using a constant because we want this to run lazily (console-dependant dependencies might not be loaded).
24
29
  [Parser::CurrentRuby]
25
30
  end
26
-
27
- def eager_load_all_classes
28
- Rails.application.eager_load! unless Rails.application.config.eager_load
29
- Console1984.class_loader.eager_load
30
- end
31
31
  end
@@ -45,6 +45,12 @@ class Console1984::Supervisor
45
45
  # Explicit lazy loading because it depends on +parser+, which we want to only load
46
46
  # in console sessions.
47
47
  require_relative "./command_validator/.command_parser"
48
+
49
+ # This solves a weird class loading error where ActiveRecord dosn't resolve +Relation+ properly.
50
+ # See https://github.com/basecamp/console1984/issues/29
51
+ #
52
+ # TODO: This is a temporary fix. Need to figure out why/when this happens.
53
+ require "active_record/relation"
48
54
  end
49
55
 
50
56
  def start_session
@@ -1,3 +1,3 @@
1
1
  module Console1984
2
- VERSION = '0.1.12'
2
+ VERSION = '0.1.16'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: console1984
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.12
4
+ version: 0.1.16
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jorge Manrubia
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-09-09 00:00:00.000000000 Z
11
+ date: 2021-09-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: colorize
@@ -38,6 +38,20 @@ dependencies:
38
38
  - - ">="
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: activeresource
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
41
55
  - !ruby/object:Gem::Dependency
42
56
  name: benchmark-ips
43
57
  requirement: !ruby/object:Gem::Requirement