RubyGems - console1984 - Versions diffs - 0.1.17 → 0.1.21 - Mend

console1984 0.1.17 → 0.1.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/README.md +24 -0
data/app/models/console1984/session/incineratable.rb +1 -1
data/lib/console1984/ext/active_record/protected_auditable_tables.rb +1 -1
data/lib/console1984/ext/socket/tcp_socket.rb +2 -2
data/lib/console1984/refrigerator.rb +1 -0
data/lib/console1984/shield/modes/protected.rb +5 -0
data/lib/console1984/shield.rb +0 -1
data/lib/console1984/version.rb +1 -1
data/lib/console1984.rb +1 -1
metadata +7 -7

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 58a963520fed8a86952cee9b02443b61d42ac4bf0a80d1abaabfd3ff390f431b
-  data.tar.gz: a63a68db2a2e46a129f4f97f79a59b41a88fe98ecb9d6028d67ca0e8d4b1e6fa
+  metadata.gz: d83291f898d099af3d70445ee2f7a9946fab213fcf2932629118926cb17529e9
+  data.tar.gz: 12cc2e2fffcef01d10139744015ec59857e4f1bbaa5a5a6d0c9bcbd052b82180
 SHA512:
-  metadata.gz: 2bb93f84dc7e078b4d357739b337b2277fce627408cb619c816a04fc94db7451faf7d2095d0861ca211726ce973481161ae47c4add5e185c8813904462d1c011
-  data.tar.gz: d1b623b30f72e49d744934e4623159bfabf5cd7b9a4fab94fc08c26c30fc8bf1115bd70bf4b92b12609874d6ab75dc0d978663079745df2b9b1e238cadaf11ed
+  metadata.gz: 7ea7adb1db1f616e53be2222be1afbf8830c097c50d7c21506dda2bef0fc99e5434e9c02702725068465f3b6d3d441089525b6b976b257c8cfd5d1996307ffba
+  data.tar.gz: 42d0b445e453c657c5100538cd29a7822c4aa43cfb87f94c3be6a01e3d059dfa0e4e7b060ab02e9e0fc8da939db445cad2148320b5bdd4e0fc8bf889833ca8bc

data/README.md CHANGED Viewed

@@ -35,6 +35,9 @@ By default, console1984 is only enabled in `production`. You can configure the t
 config.console1984.protected_environments = %i[ production staging ]
 ```
+Finally, you need to [configure Active Record Encryption](https://edgeguides.rubyonrails.org/active_record_encryption.html#setup) in your
+project. This is because the library stores the tracked console commands encrypted.
 ## How it works
 ### Session activity logging
@@ -153,6 +156,27 @@ These config options are namespaced in `config.console1984`:
 | `incinerate_after`                          | The period to keep sessions around before incinerate them. Default `30.days`. |
 | `incineration_queue`                        | The name of the queue for session incineration jobs. Default `console1984_incineration`. |
+### SSH Config
+To automatically set the `CONSOLE_USER` env var for sessions, you'll need to configure SSH on the server to accept the environment variable.
+On the server, edit `/etc/ssh/sshd_config` to accept the environment variable:
+```
+AcceptEnv LANG LC_* CONSOLE_USER
+```
+Restart the SSH server to use the new config:
+```bash
+service sshd restart
+```
+On the client side, you can provide this env var from your clients by adding the variable to the ssh config:
+```
+Host *
+  SetEnv CONSOLE_USER=david
+```
 ## About built-in protection mechanisms
 `console1984` adds many protection mechanisms to prevent tampering. This includes attempts to alter data in auditing tables or monkey patching certain classes to change how the system works. If you find a way to circumvent these tampering controls, please [report an issue](https://github.com/basecamp/console1984/issues).

data/app/models/console1984/session/incineratable.rb CHANGED Viewed

@@ -25,6 +25,6 @@ module Console1984::Session::Incineratable
     end
     def earliest_possible_incineration_date
-      created_at + Console1984.incinerate_after
+      created_at + Console1984.incinerate_after - 1.second
     end
 end

data/lib/console1984/ext/active_record/protected_auditable_tables.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module Console1984::Ext::ActiveRecord::ProtectedAuditableTables
   %i[ execute exec_query exec_insert exec_delete exec_update exec_insert_all ].each do |method|
     define_method method do |*args, **kwargs|
       sql = args.first
-      if Console1984.command_executor.executing_user_command? && sql =~ auditable_tables_regexp
+      if Console1984.command_executor.executing_user_command? && sql.b =~ auditable_tables_regexp
         raise Console1984::Errors::ForbiddenCommandAttempted, "#{sql}"
       else
         super(*args, **kwargs)

data/lib/console1984/ext/socket/tcp_socket.rb CHANGED Viewed

@@ -2,13 +2,13 @@
 module Console1984::Ext::Socket::TcpSocket
   include Console1984::Freezeable
-  def write(*args)
+  def write(...)
     protecting do
       super
     end
   end
-  def write_nonblock(*args)
+  def write_nonblock(...)
     protecting do
       super
     end

data/lib/console1984/refrigerator.rb CHANGED Viewed

@@ -17,6 +17,7 @@ class Console1984::Refrigerator
     end
     def freeze_internal_instances
+      Console1984.freeze # Because it's the root engine module it can't mix Freezable.
       Console1984.config.freeze unless Console1984.config.test_mode
     end

data/lib/console1984/shield/modes/protected.rb CHANGED Viewed

@@ -6,6 +6,11 @@ class Console1984::Shield::Modes::Protected
   thread_mattr_accessor :currently_protected_urls, default: []
+  # Materialize the thread attribute before freezing the class. +thread_mattr_accessor+ attributes rely on
+  # setting a class variable the first time they are referenced, and that will fail in frozen classes
+  # like this one.
+  currently_protected_urls
   def execute(&block)
     protecting(&block)
   end

data/lib/console1984/shield.rb CHANGED Viewed

@@ -64,7 +64,6 @@ class Console1984::Shield
         if Object.const_defined?(class_string)
           klass = class_string.constantize
           klass.prepend(Console1984::Ext::ActiveRecord::ProtectedAuditableTables)
-          klass.include(Console1984::Freezeable)
         end
       end
     end

data/lib/console1984/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Console1984
-  VERSION = '0.1.17'
+  VERSION = '0.1.21'
 end

data/lib/console1984.rb CHANGED Viewed

@@ -38,7 +38,7 @@ class_loader.setup
 # the console. For example, to prevent the user from deleting audit trails. See
 # Console1984::Shield and Console1984::CommandValidator to learn more.
 module Console1984
-  include Messages, Freezeable
+  include Messages
   mattr_accessor :supervisor, default: Supervisor.new

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: console1984
 version: !ruby/object:Gem::Version
-  version: 0.1.17
+  version: 0.1.21
 platform: ruby
 authors:
 - Jorge Manrubia
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-09-24 00:00:00.000000000 Z
+date: 2021-12-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -39,19 +39,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: activeresource
+  name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '7.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '7.0'
 - !ruby/object:Gem::Dependency
   name: benchmark-ips
   requirement: !ruby/object:Gem::Requirement
@@ -261,14 +261,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.32
 signing_key:
 specification_version: 4
 summary: Your Rails console, 1984 style