console1984 0.1.12 → 0.1.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/config/protections.yml +1 -0
- data/lib/console1984/ext/core/module.rb +1 -1
- data/lib/console1984/refrigerator.rb +5 -5
- data/lib/console1984/supervisor.rb +6 -0
- data/lib/console1984/version.rb +1 -1
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 22d6415f6dbc30049954458c38027c5a33737429d93141bfdaeb3c9d654ff3a3
|
|
4
|
+
data.tar.gz: 151005da988be49ed8e46c6f73beeea4b2bc2a137d70d6d6296bd87ca4a54256
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3ae3c452e1cb58b863ee16f2e90a411419c8fbdb366c1c881801499846861e9a5e5d558eb08091c801b26907dbc92ffdc9f994e2a074e84e39ca98e6c6a7c0bf
|
|
7
|
+
data.tar.gz: 61fac61bac50294544c6035fa981d43fd4fc9818475d1c1132d38f09684c1e94a7bf6ac763e8295acfa12398e212508c8144a3f32ce158e4d3c606362d2cff83
|
data/README.md
CHANGED
|
@@ -155,9 +155,9 @@ These config options are namespaced in `config.console1984`:
|
|
|
155
155
|
|
|
156
156
|
## About built-in protection mechanisms
|
|
157
157
|
|
|
158
|
-
`console1984`
|
|
158
|
+
`console1984` adds many protection mechanisms to prevent tampering. This includes attempts to alter data in auditing tables or monkey patching certain classes to change how the system works. If you find a way to circumvent these tampering controls, please [report an issue](https://github.com/basecamp/console1984/issues).
|
|
159
159
|
|
|
160
|
-
|
|
160
|
+
We aim to make these defense mechanisms as robust as possible, but there might always be open doors because Ruby is highly dynamic. If your organization needs bullet-proof protection against malicious actors using the console, you should consider additional security measures. An example would be using a read-only database user for auditing data while in a console. The gem doesn't offer direct support for doing this, but it's on our radar for future improvement.
|
|
161
161
|
|
|
162
162
|
## Running the test suite
|
|
163
163
|
|
data/config/protections.yml
CHANGED
|
@@ -6,7 +6,7 @@ module Console1984::Ext::Core::Module
|
|
|
6
6
|
extend ActiveSupport::Concern
|
|
7
7
|
|
|
8
8
|
def instance_eval(*)
|
|
9
|
-
if Console1984.command_executor.
|
|
9
|
+
if Console1984.command_executor.from_irb?(caller)
|
|
10
10
|
raise Console1984::Errors::ForbiddenCommandAttempted
|
|
11
11
|
else
|
|
12
12
|
super
|
|
@@ -11,6 +11,11 @@ class Console1984::Refrigerator
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
private
|
|
14
|
+
def eager_load_all_classes
|
|
15
|
+
Rails.application.eager_load! unless Rails.application.config.eager_load
|
|
16
|
+
Console1984.class_loader.eager_load
|
|
17
|
+
end
|
|
18
|
+
|
|
14
19
|
def freeze_internal_instances
|
|
15
20
|
Console1984.config.freeze unless Console1984.config.test_mode
|
|
16
21
|
end
|
|
@@ -23,9 +28,4 @@ class Console1984::Refrigerator
|
|
|
23
28
|
# Not using a constant because we want this to run lazily (console-dependant dependencies might not be loaded).
|
|
24
29
|
[Parser::CurrentRuby]
|
|
25
30
|
end
|
|
26
|
-
|
|
27
|
-
def eager_load_all_classes
|
|
28
|
-
Rails.application.eager_load! unless Rails.application.config.eager_load
|
|
29
|
-
Console1984.class_loader.eager_load
|
|
30
|
-
end
|
|
31
31
|
end
|
|
@@ -45,6 +45,12 @@ class Console1984::Supervisor
|
|
|
45
45
|
# Explicit lazy loading because it depends on +parser+, which we want to only load
|
|
46
46
|
# in console sessions.
|
|
47
47
|
require_relative "./command_validator/.command_parser"
|
|
48
|
+
|
|
49
|
+
# This solves a weird class loading error where ActiveRecord dosn't resolve +Relation+ properly.
|
|
50
|
+
# See https://github.com/basecamp/console1984/issues/29
|
|
51
|
+
#
|
|
52
|
+
# TODO: This is a temporary fix. Need to figure out why/when this happens.
|
|
53
|
+
require "active_record/relation"
|
|
48
54
|
end
|
|
49
55
|
|
|
50
56
|
def start_session
|
data/lib/console1984/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: console1984
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.16
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jorge Manrubia
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-09-
|
|
11
|
+
date: 2021-09-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: colorize
|
|
@@ -38,6 +38,20 @@ dependencies:
|
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: activeresource
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '0'
|
|
48
|
+
type: :development
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0'
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: benchmark-ips
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|