console1984 0.1.4 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 39d8147e2b8b8fa0a20c6aec1422a28633afe80567bac0ac0c98a7d6096ae430
-  data.tar.gz: 760d761d4ced82752b89aa7bd1de44416d545a75bdb0f4266165718100d8a7a5
+  metadata.gz: 44d77add0193cc1bb27955cb70d0d3e58153a17524e6d3b93a15179700322c58
+  data.tar.gz: b36e25eb75d6b1d113ae3653118115da747122e10af23d38ea00ebd72f3427cc
 SHA512:
-  metadata.gz: 3eedbf3cc3436469edd615b397af1c5ad03195f7f1eebfcc1ed6da859a90e0fc213327f8d487841640ddec8c4d39ed1562239e9dda10360a622f59aa809b6f9a
-  data.tar.gz: bdd11a8580f29fd700c954c486e01dc1f8189e452565f37b281d9ee96b78bd375c2f02728df3c4ce405c047fc9fe52b5eac8b5b90a62519bfeaff4aa1465a5d9
+  metadata.gz: 07d029ed6dcd845cbc30c035ccdb2a9879983f1660c028530dfc8873673d212f9230ffc9ad8870b1806a981317dad06d48c95b53cdebe728a37bc585bd182e29
+  data.tar.gz: c9dfd6cd41b27c000b0f37a22ee9b1d4fbbdd32081b22735636d90c62175c2cb8f55b3ef94f90c9ac706a72838b67e8a8130e813943fe908f3860bf631365c8f

data/README.md

@@ -10,7 +10,7 @@ A Rails console extension that protects sensitive accesses and makes them audita
 
 If you are looking for the auditing tool, check [`audits1984`](https://github.com/basecamp/audits1984).
 
-![console-session-reason](docs/images/console-session-reason.png)
+![Terminal screenshot showing console1984 asking for a reason for the session](docs/images/console-session-reason.png)
 
 ## Installation
 
@@ -69,7 +69,7 @@ To decrypt data, enter the command `decrypt!`. It will ask for a justification,
 irb(main)> Topic.last.name
   Topic Load (1.4ms)  SELECT `topics`.* FROM `topics` ORDER BY `topics`.`id` DESC LIMIT 1
 => "{\"p\":\"iu6+LfnNlurC6sL++JyOIDvedjNSz/AvnZQ=\",\"h\":{\"iv\":\"BYa86+JNM/LdkC18\",\"at\":\"r4sQNoSyIlAjJdZEKHVMow==\",\"k\":{\"p\":\"7L1l/5UiYsFQqqo4jfMZtLwp90KqcrIgS7HqgteVjuM=\",\"h\":{\"iv\":\"ItwRYxZAerKIoSZ8\",\"at\":\"ZUSNVfvtm4wAYWLBKRAx/g==\",\"e\":\"QVNDSUktOEJJVA==\"}},\"i\":\"OTdiOQ==\"}}"
-irb(main):002:0> decrypt!
+irb(main)> decrypt!
 ```
 
 ```
@@ -128,6 +128,10 @@ This will work for systems that use Ruby sockets as the underlying communication
 
 By default, sessions will be incinerated with a job 30 days after they are created. You can configure this period by setting `config.console1984.incinerate_after = 1.year` and you can disable incineration completely by setting `config.console1984.incinerate = false`.
 
+### Eager loading
+
+When starting a console session, `console1984` will eager load all the application classes if necessary. In practice, production environments already load classes eagerly, so this won't represent any change for those.  
+
 ## Configuration
 
 These config options are namespaced in `config.console1984`:

data/lib/console1984/commands.rb

@@ -1,4 +1,6 @@
 module Console1984::Commands
+  include Console1984::Freezeable
+
   def decrypt!
     supervisor.enable_access_to_encrypted_content
   end
@@ -11,6 +13,4 @@ module Console1984::Commands
     def supervisor
       Console1984.supervisor
     end
-
-    include Console1984::FrozenMethods
 end

data/lib/console1984/config.rb

@@ -1,13 +1,13 @@
 # Container for config options.
 class Console1984::Config
-  include Console1984::Messages
+  include Console1984::Freezeable, Console1984::Messages
 
   PROPERTIES = %i[
     session_logger username_resolver
     protected_environments protected_urls
     production_data_warning enter_unprotected_encryption_mode_warning enter_protected_mode_warning
     incinerate incinerate_after incineration_queue
-    debug freeze_config
+    debug test_mode
   ]
 
   attr_accessor(*PROPERTIES)
@@ -23,7 +23,7 @@ class Console1984::Config
   end
 
   def freeze
-    super if freeze_config
+    super
     protected_urls.freeze
   end
 
@@ -44,6 +44,6 @@ class Console1984::Config
       self.incineration_queue = "console1984_incineration"
 
       self.debug = false
-      self.freeze_config = true
+      self.test_mode = false
     end
 end

data/lib/console1984/engine.rb

@@ -17,13 +17,9 @@ module Console1984
     console do
       Console1984.config.set_from(config.console1984)
 
-      Console1984.supervisor.start if Console1984.running_protected_environment?
-
-      class OpenSSL::SSL::SSLSocket
-        # Make it serve remote address as TCPSocket so that our extension works for it
-        def remote_address
-          Addrinfo.getaddrinfo(hostname, 443).first
-        end
+      if Console1984.running_protected_environment?
+        Console1984.supervisor.install
+        Console1984.supervisor.start
       end
     end
   end

data/lib/console1984/errors.rb

@@ -9,6 +9,6 @@ module Console1984
 
     class ForbiddenCommand < StandardError; end
     class ForbiddenIncineration < StandardError; end
-    class ForbiddenClassManipulation < StandardError; end
+    class ForbiddenCodeManipulation < StandardError; end
   end
 end

data/lib/console1984/freezeable.rb

@@ -0,0 +1,54 @@
+# Prevents adding new methods to classes.
+#
+# This prevents manipulating certain Console1984 classes
+# during a console session.
+module Console1984::Freezeable
+  extend ActiveSupport::Concern
+
+  mattr_reader :to_freeze, default: Set.new
+
+  included do
+    Console1984::Freezeable.to_freeze << self
+  end
+
+  class_methods do
+    SENSITIVE_INSTANCE_METHODS = %i[ instance_variable_set ]
+
+    def prevent_sensitive_overrides
+      SENSITIVE_INSTANCE_METHODS.each do |method|
+        prevent_sensitive_method method
+      end
+    end
+
+    private
+      def prevent_sensitive_method(method_name)
+        define_method method_name do |*arguments|
+          raise Console1984::Errors::ForbiddenCodeManipulation, "You can't invoke #{method_name} on #{self}"
+        end
+      end
+  end
+
+  class << self
+    def freeze_all
+      class_and_modules_to_freeze.each do |class_or_module|
+        freeze_class_or_module(class_or_module)
+      end
+    end
+
+    private
+      def class_and_modules_to_freeze
+        with_descendants(to_freeze)
+      end
+
+      def freeze_class_or_module(class_or_module)
+        class_or_module.prevent_sensitive_overrides
+        class_or_module.freeze
+      end
+
+      def with_descendants(classes_and_modules)
+        classes_and_modules + classes_and_modules.grep(Class).flat_map(&:descendants)
+      end
+  end
+
+  freeze
+end

data/lib/console1984/protected_auditable_tables.rb

@@ -1,29 +1,30 @@
-module Console1984
-  # Prevents accessing trail model tables when executing console commands.
-  module ProtectedAuditableTables
-    %i[ execute exec_query exec_insert exec_delete exec_update exec_insert_all ].each do |method|
-      define_method method do |*args|
-        sql = args.first
-        if Console1984.supervisor.executing_user_command? && sql =~ auditable_tables_regexp
-          raise Console1984::Errors::ForbiddenCommand, "#{sql}"
-        else
-          super(*args)
-        end
+# Prevents accessing trail model tables when executing console commands.
+module Console1984::ProtectedAuditableTables
+  include Console1984::Freezeable
+
+  %i[ execute exec_query exec_insert exec_delete exec_update exec_insert_all ].each do |method|
+    define_method method do |*args|
+      sql = args.first
+      if Console1984.supervisor.executing_user_command? && sql =~ auditable_tables_regexp
+        raise Console1984::Errors::ForbiddenCommand, "#{sql}"
+      else
+        super(*args)
       end
     end
+  end
 
-    private
-      AUDITABLE_MODELS = [ Console1984::User, Console1984::Session, Console1984::Command, Console1984::SensitiveAccess ]
+  private
+    def auditable_tables_regexp
+      @auditable_tables_regexp ||= Regexp.new("#{auditable_tables.join("|")}")
+    end
 
-      def auditable_tables_regexp
-        @auditable_tables_regexp ||= Regexp.new("#{auditable_tables.join("|")}")
-      end
+    def auditable_tables
+      @auditable_tables ||= auditable_models.collect(&:table_name)
+    end
 
-      def auditable_tables
-        # TODO: Not using Console1984::Base.descendants during development to make this work without eager loading
-        @auditable_tables ||= AUDITABLE_MODELS.collect(&:table_name)
-      end
-  end
+    def auditable_models
+      @auditable_models ||= Console1984::Base.descendants
+    end
 
-  include Console1984::FrozenMethods
+    include Console1984::Freezeable
 end

data/lib/console1984/protected_context.rb

@@ -1,4 +1,6 @@
 module Console1984::ProtectedContext
+  include Console1984::Freezeable
+
   # This method is invoked for showing returned objects in the console
   # Overridden to make sure their evaluation is supervised.
   def inspect_last_value
@@ -14,5 +16,5 @@ module Console1984::ProtectedContext
     end
   end
 
-  include Console1984::FrozenMethods
+  include Console1984::Freezeable
 end

data/lib/console1984/protected_object.rb

@@ -0,0 +1,15 @@
+module Console1984::ProtectedObject
+  extend ActiveSupport::Concern
+
+  include Console1984::Freezeable
+
+  class_methods do
+    def const_get(*arguments)
+      if Console1984.supervisor.executing_user_command? && arguments.first.to_s =~ /Console1984|ActiveRecord/
+        raise Console1984::Errors::ForbiddenCommand
+      else
+        super
+      end
+    end
+  end
+end

data/lib/console1984/protected_tcp_socket.rb

@@ -1,5 +1,7 @@
 # Wraps socket methods to execute supervised.
 module Console1984::ProtectedTcpSocket
+  include Console1984::Freezeable
+
   def write(*args)
     protecting do
       super
@@ -55,5 +57,5 @@ module Console1984::ProtectedTcpSocket
       end
     end
 
-    include Console1984::FrozenMethods
+    include Console1984::Freezeable
 end

data/lib/console1984/sessions_logger/database.rb

@@ -1,11 +1,13 @@
 # A session logger that saves audit trails in the database.
 class Console1984::SessionsLogger::Database
+  include Console1984::Freezeable
+
   attr_reader :current_session, :current_sensitive_access
 
   def start_session(username, reason)
     silence_logging do
       user = Console1984::User.find_or_create_by!(username: username)
-      @current_session = user.sessions.create! reason: reason
+      @current_session = user.sessions.create!(reason: reason)
     end
   end
 

data/lib/console1984/supervisor/accesses/protected.rb

@@ -1,4 +1,6 @@
 class Console1984::Supervisor::Accesses::Protected
+  include Console1984::Freezeable
+
   def execute(&block)
     Console1984.protecting(&block)
   end

data/lib/console1984/supervisor/accesses/unprotected.rb

@@ -1,4 +1,6 @@
 class Console1984::Supervisor::Accesses::Unprotected
+  include Console1984::Freezeable
+
   def execute(&block)
     block.call
   end

data/lib/console1984/supervisor/accesses.rb

@@ -1,5 +1,5 @@
 module Console1984::Supervisor::Accesses
-  include Console1984::Messages
+  include Console1984::Messages, Console1984::Freezeable
 
   PROTECTED_ACCESS = Protected.new
   UNPROTECTED_ACCESS = Unprotected.new

data/lib/console1984/supervisor/executor.rb

@@ -1,13 +1,16 @@
 module Console1984::Supervisor::Executor
   extend ActiveSupport::Concern
 
+  include Console1984::Freezeable
+
   def execute_supervised(commands, &block)
     run_system_command { session_logger.before_executing commands }
+    validate_commands(commands)
     execute(&block)
-  rescue Console1984::Errors::ForbiddenCommand, Console1984::Errors::ForbiddenClassManipulation
-    puts "Forbidden command attempted: #{commands.join("\n")}"
-    run_system_command { session_logger.suspicious_commands_attempted commands }
-    nil
+  rescue Console1984::Errors::ForbiddenCommand, Console1984::Errors::ForbiddenCodeManipulation, FrozenError
+    flag_forbidden(commands)
+  rescue FrozenError
+    flag_forbidden(commands)
   ensure
     run_system_command { session_logger.after_executing commands }
   end
@@ -23,6 +26,12 @@ module Console1984::Supervisor::Executor
   end
 
   private
+    def flag_forbidden(commands)
+      puts "Forbidden command attempted: #{commands.join("\n")}"
+      run_system_command { session_logger.suspicious_commands_attempted commands }
+      nil
+    end
+
     def run_user_command(&block)
       run_command true, &block
     end
@@ -31,6 +40,21 @@ module Console1984::Supervisor::Executor
       run_command false, &block
     end
 
+    def validate_commands(commands)
+      if Array(commands).find { |command| forbidden_command?(command) }
+        raise Console1984::Errors::ForbiddenCommand
+      end
+    end
+
+    def forbidden_command?(command)
+      # This is a first protection layer. Very simple for now. We'll likely make this
+      # more sophisticated and configurable in future versions.
+      #
+      # We can't use our +Freezable+ concern in ActiveRecord since it relies on code
+      # generation on the fly.
+      command =~ /Console1984|console_1984|(class|module)\s+ActiveRecord::/
+    end
+
     def run_command(run_by_user, &block)
       original_value = @executing_user_command
       @executing_user_command = run_by_user

data/lib/console1984/supervisor/input_output.rb

@@ -1,5 +1,5 @@
 module Console1984::Supervisor::InputOutput
-  include Console1984::Messages
+  include Console1984::Freezeable, Console1984::Messages
 
   private
     def show_welcome_message

data/lib/console1984/supervisor/protector.rb

@@ -1,13 +1,20 @@
 module Console1984::Supervisor::Protector
   extend ActiveSupport::Concern
 
+  include Console1984::Freezeable
+
   private
     def extend_protected_systems
+      extend_object
       extend_irb
       extend_active_record
       extend_socket_classes
     end
 
+    def extend_object
+      Object.prepend Console1984::ProtectedObject
+    end
+
     def extend_irb
       IRB::Context.prepend(Console1984::ProtectedContext)
       Rails::ConsoleMethods.include(Console1984::Commands)
@@ -20,18 +27,29 @@ module Console1984::Supervisor::Protector
         if Object.const_defined?(class_string)
           klass = class_string.constantize
           klass.prepend(Console1984::ProtectedAuditableTables)
+          klass.include(Console1984::Freezeable)
         end
       end
     end
 
     def extend_socket_classes
       socket_classes = [TCPSocket, OpenSSL::SSL::SSLSocket]
+      OpenSSL::SSL::SSLSocket.include(SSLSocketRemoteAddress)
+
       if defined?(Redis::Connection)
         socket_classes.push(*[Redis::Connection::TCPSocket, Redis::Connection::SSLSocket])
       end
 
       socket_classes.compact.each do |socket_klass|
         socket_klass.prepend Console1984::ProtectedTcpSocket
+        socket_klass.freeze
+      end
+    end
+
+    module SSLSocketRemoteAddress
+      # Make it serve remote address as TCPSocket so that our extension works for it
+      def remote_address
+        Addrinfo.getaddrinfo(hostname, 443).first
       end
     end
 end

data/lib/console1984/supervisor.rb

@@ -3,14 +3,17 @@ require 'rails/console/app'
 
 # Protects console sessions and executes code in supervised mode.
 class Console1984::Supervisor
-  include Accesses, InputOutput, Executor, Protector
+  include Accesses, Console1984::Freezeable, Executor, InputOutput, Protector
+
+  def install
+    extend_protected_systems
+    freeze_all
+  end
 
   # Starts a console session extending IRB and several systems to inject
   # the protection logic, and notifies the session logger to record the
   # session.
   def start
-    Console1984.config.freeze
-    extend_protected_systems
     disable_access_to_encrypted_content(silent: true)
 
     show_welcome_message
@@ -31,6 +34,17 @@ class Console1984::Supervisor
       session_logger.finish_session
     end
 
+    def freeze_all
+      eager_load_all_classes
+      Console1984.config.freeze unless Console1984.config.test_mode
+      Console1984::Freezeable.freeze_all
+    end
+
+    def eager_load_all_classes
+      Rails.application.eager_load! unless Rails.application.config.eager_load
+      Console1984.class_loader.eager_load
+    end
+
     def session_logger
       Console1984.session_logger
     end
@@ -43,5 +57,5 @@ class Console1984::Supervisor
       Console1984.username_resolver
     end
 
-    include Console1984::FrozenMethods
+    include Console1984::Freezeable
 end

data/lib/console1984/username/env_resolver.rb

@@ -1,6 +1,8 @@
 # A username resolver that returns the value of a given
 # environment variable.
 class Console1984::Username::EnvResolver
+  include Console1984::Freezeable
+
   def initialize(key)
     @key = key
   end

data/lib/console1984/version.rb

@@ -1,3 +1,3 @@
 module Console1984
-  VERSION = '0.1.4'
+  VERSION = '0.1.5'
 end

data/lib/console1984.rb

@@ -1,14 +1,15 @@
 require 'console1984/engine'
 
 require "zeitwerk"
-loader = Zeitwerk::Loader.for_gem
-loader.setup
+class_loader = Zeitwerk::Loader.for_gem
+class_loader.setup
 
 module Console1984
-  include Messages
+  include Messages, Freezeable
 
-  mattr_reader :supervisor, default: Supervisor.new
+  mattr_accessor :supervisor, default: Supervisor.new
   mattr_reader :config, default: Config.new
+  mattr_accessor :class_loader
 
   thread_mattr_accessor :currently_protected_urls, default: []
 
@@ -37,3 +38,5 @@ module Console1984
       end
   end
 end
+
+Console1984.class_loader = class_loader

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: console1984
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - Jorge Manrubia
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-19 00:00:00.000000000 Z
+date: 2021-08-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -160,10 +160,11 @@ files:
 - lib/console1984/config.rb
 - lib/console1984/engine.rb
 - lib/console1984/errors.rb
-- lib/console1984/frozen_methods.rb
+- lib/console1984/freezeable.rb
 - lib/console1984/messages.rb
 - lib/console1984/protected_auditable_tables.rb
 - lib/console1984/protected_context.rb
+- lib/console1984/protected_object.rb
 - lib/console1984/protected_tcp_socket.rb
 - lib/console1984/sessions_logger/database.rb
 - lib/console1984/supervisor.rb

data/lib/console1984/frozen_methods.rb

@@ -1,17 +0,0 @@
-# Prevents adding new methods to classes.
-#
-# This prevents manipulating certain Console1984 classes
-# during a console session.
-module Console1984::FrozenMethods
-  extend ActiveSupport::Concern
-
-  module ClassMethods
-    def method_added(method_name)
-      raise Console1984::Errors::ForbiddenClassManipulation, "Can't override #{name}##{method_name}"
-    end
-
-    def singleton_method_added(method_name)
-      raise Console1984::Errors::ForbiddenClassManipulation, "Can't override #{name}.#{method_name}"
-    end
-  end
-end