console1984 0.1.16 → 0.1.17

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 22d6415f6dbc30049954458c38027c5a33737429d93141bfdaeb3c9d654ff3a3
-  data.tar.gz: 151005da988be49ed8e46c6f73beeea4b2bc2a137d70d6d6296bd87ca4a54256
+  metadata.gz: 58a963520fed8a86952cee9b02443b61d42ac4bf0a80d1abaabfd3ff390f431b
+  data.tar.gz: a63a68db2a2e46a129f4f97f79a59b41a88fe98ecb9d6028d67ca0e8d4b1e6fa
 SHA512:
-  metadata.gz: 3ae3c452e1cb58b863ee16f2e90a411419c8fbdb366c1c881801499846861e9a5e5d558eb08091c801b26907dbc92ffdc9f994e2a074e84e39ca98e6c6a7c0bf
-  data.tar.gz: 61fac61bac50294544c6035fa981d43fd4fc9818475d1c1132d38f09684c1e94a7bf6ac763e8295acfa12398e212508c8144a3f32ce158e4d3c606362d2cff83
+  metadata.gz: 2bb93f84dc7e078b4d357739b337b2277fce627408cb619c816a04fc94db7451faf7d2095d0861ca211726ce973481161ae47c4add5e185c8813904462d1c011
+  data.tar.gz: d1b623b30f72e49d744934e4623159bfabf5cd7b9a4fab94fc08c26c30fc8bf1115bd70bf4b92b12609874d6ab75dc0d978663079745df2b9b1e238cadaf11ed

data/lib/console1984/command_executor.rb

@@ -10,6 +10,7 @@ class Console1984::CommandExecutor
   include Console1984::Freezeable
 
   delegate :username_resolver, :session_logger, :shield, to: Console1984
+  attr_reader :last_suspicious_command_error
 
   # Logs and validates +commands+, and executes the passed block in a protected environment.
   #
@@ -19,14 +20,14 @@ class Console1984::CommandExecutor
     run_as_system { session_logger.before_executing commands }
     validate_command commands
     execute_in_protected_mode(&block)
-  rescue Console1984::Errors::ForbiddenCommandAttempted, FrozenError
-    flag_suspicious(commands)
-  rescue Console1984::Errors::SuspiciousCommandAttempted
-    flag_suspicious(commands)
+  rescue Console1984::Errors::ForbiddenCommandAttempted, FrozenError => error
+    flag_suspicious(commands, error: error)
+  rescue Console1984::Errors::SuspiciousCommandAttempted => error
+    flag_suspicious(commands, error: error)
     execute_in_protected_mode(&block)
-  rescue Console1984::Errors::ForbiddenCommandExecuted
+  rescue Console1984::Errors::ForbiddenCommandExecuted => error
     # We detected that a forbidden command was executed. We exit IRB right away.
-    flag_suspicious(commands)
+    flag_suspicious(commands, error: error)
     Console1984.supervisor.exit_irb
   ensure
     run_as_system { session_logger.after_executing commands }
@@ -70,11 +71,7 @@ class Console1984::CommandExecutor
   end
 
   def from_irb?(backtrace)
-    executing_user_command? && backtrace.find do |line|
-      line_from_irb = line =~ /^[^\/]/
-      break if !(line =~ /console1984\/lib/ || line_from_irb)
-      line_from_irb
-    end
+    executing_user_command? && backtrace.first.to_s =~ /^[^\/]/
   end
 
   private
@@ -86,9 +83,10 @@ class Console1984::CommandExecutor
       Console1984::CommandValidator.from_config(Console1984.protections_config.validations)
     end
 
-    def flag_suspicious(commands)
+    def flag_suspicious(commands, error: nil)
       puts "Forbidden command attempted: #{commands.join("\n")}"
       run_as_system { session_logger.suspicious_commands_attempted commands }
+      @last_suspicious_command_error = error
       nil
     end
 

data/lib/console1984/ext/core/object.rb

@@ -16,7 +16,7 @@ module Console1984::Ext::Core::Object
 
   class_methods do
     def const_get(*arguments)
-      if Console1984.command_executor.executing_user_command?
+      if Console1984.command_executor.from_irb?(caller)
         begin
           # To validate if it's an invalid constant, we try to declare a class with it.
           # We essentially leverage Console1984::CommandValidator::ForbiddenReopeningValidation here:

data/lib/console1984/ext/core/string.rb

@@ -0,0 +1,24 @@
+# Prevents loading forbidden classes dynamically.
+#
+# See extension to +Console1984::Ext::Core::Object#const_get+.
+module Console1984::Ext::Core::String
+  extend ActiveSupport::Concern
+
+  include Console1984::Freezeable
+  self.prevent_instance_data_manipulation_after_freezing = false
+
+  def constantize
+    if Console1984.command_executor.from_irb?(caller)
+      begin
+        Console1984.command_executor.validate_command("class #{self}; end")
+        super
+      rescue Console1984::Errors::ForbiddenCommandAttempted
+        raise
+      rescue StandardError
+        super
+      end
+    else
+      super
+    end
+  end
+end

data/lib/console1984/ext/irb/commands.rb

@@ -13,4 +13,13 @@ module Console1984::Ext::Irb::Commands
   def encrypt!
     shield.enable_protected_mode
   end
+
+  # This returns the last error that prevented a command execution in the console
+  # or nil if there isn't any.
+  #
+  # This is meant for internal usage when debugging legit commands that are wrongly
+  # prevented.
+  def _console_last_suspicious_command_error
+    Console1984.command_executor.last_suspicious_command_error
+  end
 end

data/lib/console1984/shield.rb

@@ -40,6 +40,7 @@ class Console1984::Shield
     def extend_core_ruby
       Object.prepend Console1984::Ext::Core::Object
       Module.prepend Console1984::Ext::Core::Module
+      String.prepend Console1984::Ext::Core::String
     end
 
     def extend_sockets

data/lib/console1984/version.rb

@@ -1,3 +1,3 @@
 module Console1984
-  VERSION = '0.1.16'
+  VERSION = '0.1.17'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: console1984
 version: !ruby/object:Gem::Version
-  version: 0.1.16
+  version: 0.1.17
 platform: ruby
 authors:
 - Jorge Manrubia
@@ -225,6 +225,7 @@ files:
 - lib/console1984/ext/active_record/protected_auditable_tables.rb
 - lib/console1984/ext/core/module.rb
 - lib/console1984/ext/core/object.rb
+- lib/console1984/ext/core/string.rb
 - lib/console1984/ext/irb/commands.rb
 - lib/console1984/ext/irb/context.rb
 - lib/console1984/ext/socket/tcp_socket.rb