console1984 0.1.4 → 0.1.8

data/config/routes.rb

@@ -1,9 +0,0 @@
-Console1984::Engine.routes.draw do
-  resources :sessions, only: %i[ index show ] do
-    resources :audits, only: %i[ create update ]
-  end
-
-  resource :filtered_sessions, only: %i[ update ]
-
-  root to: "sessions#index"
-end

data/lib/console1984/commands.rb

@@ -1,16 +0,0 @@
-module Console1984::Commands
-  def decrypt!
-    supervisor.enable_access_to_encrypted_content
-  end
-
-  def encrypt!
-    supervisor.disable_access_to_encrypted_content
-  end
-
-  private
-    def supervisor
-      Console1984.supervisor
-    end
-
-    include Console1984::FrozenMethods
-end

data/lib/console1984/frozen_methods.rb

@@ -1,17 +0,0 @@
-# Prevents adding new methods to classes.
-#
-# This prevents manipulating certain Console1984 classes
-# during a console session.
-module Console1984::FrozenMethods
-  extend ActiveSupport::Concern
-
-  module ClassMethods
-    def method_added(method_name)
-      raise Console1984::Errors::ForbiddenClassManipulation, "Can't override #{name}##{method_name}"
-    end
-
-    def singleton_method_added(method_name)
-      raise Console1984::Errors::ForbiddenClassManipulation, "Can't override #{name}.#{method_name}"
-    end
-  end
-end

data/lib/console1984/protected_auditable_tables.rb

@@ -1,29 +0,0 @@
-module Console1984
-  # Prevents accessing trail model tables when executing console commands.
-  module ProtectedAuditableTables
-    %i[ execute exec_query exec_insert exec_delete exec_update exec_insert_all ].each do |method|
-      define_method method do |*args|
-        sql = args.first
-        if Console1984.supervisor.executing_user_command? && sql =~ auditable_tables_regexp
-          raise Console1984::Errors::ForbiddenCommand, "#{sql}"
-        else
-          super(*args)
-        end
-      end
-    end
-
-    private
-      AUDITABLE_MODELS = [ Console1984::User, Console1984::Session, Console1984::Command, Console1984::SensitiveAccess ]
-
-      def auditable_tables_regexp
-        @auditable_tables_regexp ||= Regexp.new("#{auditable_tables.join("|")}")
-      end
-
-      def auditable_tables
-        # TODO: Not using Console1984::Base.descendants during development to make this work without eager loading
-        @auditable_tables ||= AUDITABLE_MODELS.collect(&:table_name)
-      end
-  end
-
-  include Console1984::FrozenMethods
-end

data/lib/console1984/protected_context.rb

@@ -1,18 +0,0 @@
-module Console1984::ProtectedContext
-  # This method is invoked for showing returned objects in the console
-  # Overridden to make sure their evaluation is supervised.
-  def inspect_last_value
-    Console1984.supervisor.execute do
-      super
-    end
-  end
-
-  #
-  def evaluate(line, line_no, exception: nil)
-    Console1984.supervisor.execute_supervised(Array(line)) do
-      super
-    end
-  end
-
-  include Console1984::FrozenMethods
-end

data/lib/console1984/supervisor/accesses/protected.rb

@@ -1,10 +0,0 @@
-class Console1984::Supervisor::Accesses::Protected
-  def execute(&block)
-    Console1984.protecting(&block)
-  end
-
-  private
-    def null_encryptor
-      @null_encryptor ||= ActiveRecord::Encryption::NullEncryptor.new
-    end
-end

data/lib/console1984/supervisor/accesses/unprotected.rb

@@ -1,5 +0,0 @@
-class Console1984::Supervisor::Accesses::Unprotected
-  def execute(&block)
-    block.call
-  end
-end

data/lib/console1984/supervisor/accesses.rb

@@ -1,41 +0,0 @@
-module Console1984::Supervisor::Accesses
-  include Console1984::Messages
-
-  PROTECTED_ACCESS = Protected.new
-  UNPROTECTED_ACCESS = Unprotected.new
-
-  def enable_access_to_encrypted_content(silent: false)
-    run_system_command do
-      show_warning Console1984.enter_unprotected_encryption_mode_warning if !silent && protected_mode?
-      justification = ask_for_value "\nBefore you can access personal information, you need to ask for and get explicit consent from the user(s). #{current_username}, where can we find this consent (a URL would be great)?"
-      session_logger.start_sensitive_access justification
-      nil
-    end
-  ensure
-    @access = UNPROTECTED_ACCESS
-    nil
-  end
-
-  def disable_access_to_encrypted_content(silent: false)
-    run_system_command do
-      show_warning Console1984.enter_protected_mode_warning if !silent && unprotected_mode?
-      session_logger.end_sensitive_access
-      nil
-    end
-  ensure
-    @access = PROTECTED_ACCESS
-    nil
-  end
-
-  def with_encryption_mode(&block)
-    @access.execute(&block)
-  end
-
-  def unprotected_mode?
-    @access.is_a?(Unprotected)
-  end
-
-  def protected_mode?
-    !unprotected_mode?
-  end
-end

data/lib/console1984/supervisor/executor.rb

@@ -1,41 +0,0 @@
-module Console1984::Supervisor::Executor
-  extend ActiveSupport::Concern
-
-  def execute_supervised(commands, &block)
-    run_system_command { session_logger.before_executing commands }
-    execute(&block)
-  rescue Console1984::Errors::ForbiddenCommand, Console1984::Errors::ForbiddenClassManipulation
-    puts "Forbidden command attempted: #{commands.join("\n")}"
-    run_system_command { session_logger.suspicious_commands_attempted commands }
-    nil
-  ensure
-    run_system_command { session_logger.after_executing commands }
-  end
-
-  def execute(&block)
-    run_user_command do
-      with_encryption_mode(&block)
-    end
-  end
-
-  def executing_user_command?
-    @executing_user_command
-  end
-
-  private
-    def run_user_command(&block)
-      run_command true, &block
-    end
-
-    def run_system_command(&block)
-      run_command false, &block
-    end
-
-    def run_command(run_by_user, &block)
-      original_value = @executing_user_command
-      @executing_user_command = run_by_user
-      block.call
-    ensure
-      @executing_user_command = original_value
-    end
-end

data/lib/console1984/supervisor/protector.rb

@@ -1,37 +0,0 @@
-module Console1984::Supervisor::Protector
-  extend ActiveSupport::Concern
-
-  private
-    def extend_protected_systems
-      extend_irb
-      extend_active_record
-      extend_socket_classes
-    end
-
-    def extend_irb
-      IRB::Context.prepend(Console1984::ProtectedContext)
-      Rails::ConsoleMethods.include(Console1984::Commands)
-    end
-
-    ACTIVE_RECORD_CONNECTION_ADAPTERS = %w[ActiveRecord::ConnectionAdapters::Mysql2Adapter ActiveRecord::ConnectionAdapters::PostgreSQLAdapter ActiveRecord::ConnectionAdapters::SQLite3Adapter]
-
-    def extend_active_record
-      ACTIVE_RECORD_CONNECTION_ADAPTERS.each do |class_string|
-        if Object.const_defined?(class_string)
-          klass = class_string.constantize
-          klass.prepend(Console1984::ProtectedAuditableTables)
-        end
-      end
-    end
-
-    def extend_socket_classes
-      socket_classes = [TCPSocket, OpenSSL::SSL::SSLSocket]
-      if defined?(Redis::Connection)
-        socket_classes.push(*[Redis::Connection::TCPSocket, Redis::Connection::SSLSocket])
-      end
-
-      socket_classes.compact.each do |socket_klass|
-        socket_klass.prepend Console1984::ProtectedTcpSocket
-      end
-    end
-end