console1984 0.1.12 → 0.1.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/config/protections.yml +1 -0
- data/lib/console1984/ext/core/module.rb +1 -1
- data/lib/console1984/refrigerator.rb +5 -5
- data/lib/console1984/supervisor.rb +6 -0
- data/lib/console1984/version.rb +1 -1
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 22d6415f6dbc30049954458c38027c5a33737429d93141bfdaeb3c9d654ff3a3
|
|
4
|
+
data.tar.gz: 151005da988be49ed8e46c6f73beeea4b2bc2a137d70d6d6296bd87ca4a54256
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3ae3c452e1cb58b863ee16f2e90a411419c8fbdb366c1c881801499846861e9a5e5d558eb08091c801b26907dbc92ffdc9f994e2a074e84e39ca98e6c6a7c0bf
|
|
7
|
+
data.tar.gz: 61fac61bac50294544c6035fa981d43fd4fc9818475d1c1132d38f09684c1e94a7bf6ac763e8295acfa12398e212508c8144a3f32ce158e4d3c606362d2cff83
|
data/README.md
CHANGED
|
@@ -155,9 +155,9 @@ These config options are namespaced in `config.console1984`:
|
|
|
155
155
|
|
|
156
156
|
## About built-in protection mechanisms
|
|
157
157
|
|
|
158
|
-
`console1984`
|
|
158
|
+
`console1984` adds many protection mechanisms to prevent tampering. This includes attempts to alter data in auditing tables or monkey patching certain classes to change how the system works. If you find a way to circumvent these tampering controls, please [report an issue](https://github.com/basecamp/console1984/issues).
|
|
159
159
|
|
|
160
|
-
|
|
160
|
+
We aim to make these defense mechanisms as robust as possible, but there might always be open doors because Ruby is highly dynamic. If your organization needs bullet-proof protection against malicious actors using the console, you should consider additional security measures. An example would be using a read-only database user for auditing data while in a console. The gem doesn't offer direct support for doing this, but it's on our radar for future improvement.
|
|
161
161
|
|
|
162
162
|
## Running the test suite
|
|
163
163
|
|
data/config/protections.yml
CHANGED
|
@@ -6,7 +6,7 @@ module Console1984::Ext::Core::Module
|
|
|
6
6
|
extend ActiveSupport::Concern
|
|
7
7
|
|
|
8
8
|
def instance_eval(*)
|
|
9
|
-
if Console1984.command_executor.
|
|
9
|
+
if Console1984.command_executor.from_irb?(caller)
|
|
10
10
|
raise Console1984::Errors::ForbiddenCommandAttempted
|
|
11
11
|
else
|
|
12
12
|
super
|
|
@@ -11,6 +11,11 @@ class Console1984::Refrigerator
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
private
|
|
14
|
+
def eager_load_all_classes
|
|
15
|
+
Rails.application.eager_load! unless Rails.application.config.eager_load
|
|
16
|
+
Console1984.class_loader.eager_load
|
|
17
|
+
end
|
|
18
|
+
|
|
14
19
|
def freeze_internal_instances
|
|
15
20
|
Console1984.config.freeze unless Console1984.config.test_mode
|
|
16
21
|
end
|
|
@@ -23,9 +28,4 @@ class Console1984::Refrigerator
|
|
|
23
28
|
# Not using a constant because we want this to run lazily (console-dependant dependencies might not be loaded).
|
|
24
29
|
[Parser::CurrentRuby]
|
|
25
30
|
end
|
|
26
|
-
|
|
27
|
-
def eager_load_all_classes
|
|
28
|
-
Rails.application.eager_load! unless Rails.application.config.eager_load
|
|
29
|
-
Console1984.class_loader.eager_load
|
|
30
|
-
end
|
|
31
31
|
end
|
|
@@ -45,6 +45,12 @@ class Console1984::Supervisor
|
|
|
45
45
|
# Explicit lazy loading because it depends on +parser+, which we want to only load
|
|
46
46
|
# in console sessions.
|
|
47
47
|
require_relative "./command_validator/.command_parser"
|
|
48
|
+
|
|
49
|
+
# This solves a weird class loading error where ActiveRecord dosn't resolve +Relation+ properly.
|
|
50
|
+
# See https://github.com/basecamp/console1984/issues/29
|
|
51
|
+
#
|
|
52
|
+
# TODO: This is a temporary fix. Need to figure out why/when this happens.
|
|
53
|
+
require "active_record/relation"
|
|
48
54
|
end
|
|
49
55
|
|
|
50
56
|
def start_session
|
data/lib/console1984/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: console1984
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.16
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jorge Manrubia
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-09-
|
|
11
|
+
date: 2021-09-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: colorize
|
|
@@ -38,6 +38,20 @@ dependencies:
|
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: activeresource
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - ">="
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: '0'
|
|
48
|
+
type: :development
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - ">="
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: '0'
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: benchmark-ips
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|