console1984 0.1.6 → 0.1.7

data/lib/console1984/version.rb

@@ -1,3 +1,3 @@
 module Console1984
-  VERSION = '0.1.6'
+  VERSION = '0.1.7'
 end

data/lib/console1984.rb

@@ -4,38 +4,57 @@ require "zeitwerk"
 class_loader = Zeitwerk::Loader.for_gem
 class_loader.setup
 
+# = Console 1984
+#
+# Console1984 is an IRB-based Rails console extension that does
+# three things:
+#
+# * Record console sessions with their user, reason and commands.
+# * Protect encrypted data by showing the ciphertexts when you visualize it.
+# * Protect access to external systems that contain sensitive information (such as Redis
+#   or Elasticsearch).
+#
+# == Session logging
+#
+# The console will record the session, its user and the commands entered. The logic to
+# persist sessions is handled by the configured session logger, which is
+# Console1984::SessionsLogger::Database by default.
+#
+# == Execution of commands
+#
+# The console will work in two modes:
+#
+# * Protected: It won't show encrypted information (it will show the ciphertexts instead)
+#   and it won't allow connections to protected urls.
+# * Unprotected: it allows access to encrypted information and protected urls. The commands
+#   executed in this mode as flagged as sensitive.
+#
+# Console1984::CommandExecutor handles the execution of commands applying the corresponding
+# protection mechanisms.´
+#
+# == Internal tampering prevention
+#
+# Finally, console1984 includes protection mechanisms against internal tampering while using
+# the console. For example, to prevent the user from deleting audit trails. See
+# Console1984::Shield and Console1984::CommandValidator to learn more.
 module Console1984
   include Messages, Freezeable
 
   mattr_accessor :supervisor, default: Supervisor.new
+
   mattr_reader :config, default: Config.new
-  mattr_accessor :class_loader
 
-  thread_mattr_accessor :currently_protected_urls, default: []
+  mattr_accessor :class_loader
 
   class << self
     Config::PROPERTIES.each do |property|
       delegate property, to: :config
     end
 
+    # Returns whether the console is currently running in protected mode or not.
     def running_protected_environment?
       protected_environments.collect(&:to_sym).include?(Rails.env.to_sym)
     end
-
-    def protecting(&block)
-      protecting_connections do
-        ActiveRecord::Encryption.protecting_encrypted_data(&block)
-      end
-    end
-
-    private
-      def protecting_connections
-        old_currently_protected_urls = self.currently_protected_urls
-        self.currently_protected_urls = protected_urls
-        yield
-      ensure
-        self.currently_protected_urls = old_currently_protected_urls
-      end
   end
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: console1984
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.1.7
 platform: ruby
 authors:
 - Jorge Manrubia
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-29 00:00:00.000000000 Z
+date: 2021-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -24,6 +24,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: benchmark-ips
   requirement: !ruby/object:Gem::Requirement
@@ -136,6 +150,34 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mysql2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description:
 email:
 - jorge@basecamp.com
@@ -153,27 +195,32 @@ files:
 - app/models/console1984/session.rb
 - app/models/console1984/session/incineratable.rb
 - app/models/console1984/user.rb
-- config/routes.rb
+- config/command_protections.yml
 - db/migrate/20210517203931_create_console1984_tables.rb
 - lib/console1984.rb
-- lib/console1984/commands.rb
+- lib/console1984/command_executor.rb
+- lib/console1984/command_validator.rb
+- lib/console1984/command_validator/forbidden_constant_reference_validation.rb
+- lib/console1984/command_validator/forbidden_reopening_validation.rb
+- lib/console1984/command_validator/parsed_command.rb
+- lib/console1984/command_validator/suspicious_terms_validation.rb
 - lib/console1984/config.rb
 - lib/console1984/engine.rb
 - lib/console1984/errors.rb
+- lib/console1984/ext/active_record/protected_auditable_tables.rb
+- lib/console1984/ext/core/object.rb
+- lib/console1984/ext/irb/commands.rb
+- lib/console1984/ext/irb/context.rb
+- lib/console1984/ext/socket/tcp_socket.rb
 - lib/console1984/freezeable.rb
+- lib/console1984/input_output.rb
 - lib/console1984/messages.rb
-- lib/console1984/protected_auditable_tables.rb
-- lib/console1984/protected_context.rb
-- lib/console1984/protected_object.rb
-- lib/console1984/protected_tcp_socket.rb
 - lib/console1984/sessions_logger/database.rb
+- lib/console1984/shield.rb
+- lib/console1984/shield/modes.rb
+- lib/console1984/shield/modes/protected.rb
+- lib/console1984/shield/modes/unprotected.rb
 - lib/console1984/supervisor.rb
-- lib/console1984/supervisor/accesses.rb
-- lib/console1984/supervisor/accesses/protected.rb
-- lib/console1984/supervisor/accesses/unprotected.rb
-- lib/console1984/supervisor/executor.rb
-- lib/console1984/supervisor/input_output.rb
-- lib/console1984/supervisor/protector.rb
 - lib/console1984/username/env_resolver.rb
 - lib/console1984/version.rb
 - test/fixtures/console1984/commands.yml

data/config/routes.rb

@@ -1,9 +0,0 @@
-Console1984::Engine.routes.draw do
-  resources :sessions, only: %i[ index show ] do
-    resources :audits, only: %i[ create update ]
-  end
-
-  resource :filtered_sessions, only: %i[ update ]
-
-  root to: "sessions#index"
-end

data/lib/console1984/commands.rb

@@ -1,16 +0,0 @@
-module Console1984::Commands
-  include Console1984::Freezeable
-
-  def decrypt!
-    supervisor.enable_access_to_encrypted_content
-  end
-
-  def encrypt!
-    supervisor.disable_access_to_encrypted_content
-  end
-
-  private
-    def supervisor
-      Console1984.supervisor
-    end
-end

data/lib/console1984/protected_object.rb

@@ -1,15 +0,0 @@
-module Console1984::ProtectedObject
-  extend ActiveSupport::Concern
-
-  include Console1984::Freezeable
-
-  class_methods do
-    def const_get(*arguments)
-      if Console1984.supervisor.executing_user_command? && arguments.first.to_s =~ /Console1984|ActiveRecord/
-        raise Console1984::Errors::ForbiddenCommand
-      else
-        super
-      end
-    end
-  end
-end

data/lib/console1984/supervisor/accesses/protected.rb

@@ -1,12 +0,0 @@
-class Console1984::Supervisor::Accesses::Protected
-  include Console1984::Freezeable
-
-  def execute(&block)
-    Console1984.protecting(&block)
-  end
-
-  private
-    def null_encryptor
-      @null_encryptor ||= ActiveRecord::Encryption::NullEncryptor.new
-    end
-end

data/lib/console1984/supervisor/accesses/unprotected.rb

@@ -1,7 +0,0 @@
-class Console1984::Supervisor::Accesses::Unprotected
-  include Console1984::Freezeable
-
-  def execute(&block)
-    block.call
-  end
-end

data/lib/console1984/supervisor/accesses.rb

@@ -1,41 +0,0 @@
-module Console1984::Supervisor::Accesses
-  include Console1984::Messages, Console1984::Freezeable
-
-  PROTECTED_ACCESS = Protected.new
-  UNPROTECTED_ACCESS = Unprotected.new
-
-  def enable_access_to_encrypted_content(silent: false)
-    run_system_command do
-      show_warning Console1984.enter_unprotected_encryption_mode_warning if !silent && protected_mode?
-      justification = ask_for_value "\nBefore you can access personal information, you need to ask for and get explicit consent from the user(s). #{current_username}, where can we find this consent (a URL would be great)?"
-      session_logger.start_sensitive_access justification
-      nil
-    end
-  ensure
-    @access = UNPROTECTED_ACCESS
-    nil
-  end
-
-  def disable_access_to_encrypted_content(silent: false)
-    run_system_command do
-      show_warning Console1984.enter_protected_mode_warning if !silent && unprotected_mode?
-      session_logger.end_sensitive_access
-      nil
-    end
-  ensure
-    @access = PROTECTED_ACCESS
-    nil
-  end
-
-  def with_encryption_mode(&block)
-    @access.execute(&block)
-  end
-
-  def unprotected_mode?
-    @access.is_a?(Unprotected)
-  end
-
-  def protected_mode?
-    !unprotected_mode?
-  end
-end

data/lib/console1984/supervisor/executor.rb

@@ -1,65 +0,0 @@
-module Console1984::Supervisor::Executor
-  extend ActiveSupport::Concern
-
-  include Console1984::Freezeable
-
-  def execute_supervised(commands, &block)
-    run_system_command { session_logger.before_executing commands }
-    validate_commands(commands)
-    execute(&block)
-  rescue Console1984::Errors::ForbiddenCommand, Console1984::Errors::ForbiddenCodeManipulation, FrozenError
-    flag_forbidden(commands)
-  rescue FrozenError
-    flag_forbidden(commands)
-  ensure
-    run_system_command { session_logger.after_executing commands }
-  end
-
-  def execute(&block)
-    run_user_command do
-      with_encryption_mode(&block)
-    end
-  end
-
-  def executing_user_command?
-    @executing_user_command
-  end
-
-  private
-    def flag_forbidden(commands)
-      puts "Forbidden command attempted: #{commands.join("\n")}"
-      run_system_command { session_logger.suspicious_commands_attempted commands }
-      nil
-    end
-
-    def run_user_command(&block)
-      run_command true, &block
-    end
-
-    def run_system_command(&block)
-      run_command false, &block
-    end
-
-    def validate_commands(commands)
-      if Array(commands).find { |command| forbidden_command?(command) }
-        raise Console1984::Errors::ForbiddenCommand
-      end
-    end
-
-    def forbidden_command?(command)
-      # This is a first protection layer. Very simple for now. We'll likely make this
-      # more sophisticated and configurable in future versions.
-      #
-      # We can't use our +Freezable+ concern in ActiveRecord since it relies on code
-      # generation on the fly.
-      command =~ /Console1984|console_1984|(class|module)\s+ActiveRecord::/
-    end
-
-    def run_command(run_by_user, &block)
-      original_value = @executing_user_command
-      @executing_user_command = run_by_user
-      block.call
-    ensure
-      @executing_user_command = original_value
-    end
-end

data/lib/console1984/supervisor/protector.rb

@@ -1,55 +0,0 @@
-module Console1984::Supervisor::Protector
-  extend ActiveSupport::Concern
-
-  include Console1984::Freezeable
-
-  private
-    def extend_protected_systems
-      extend_object
-      extend_irb
-      extend_active_record
-      extend_socket_classes
-    end
-
-    def extend_object
-      Object.prepend Console1984::ProtectedObject
-    end
-
-    def extend_irb
-      IRB::Context.prepend(Console1984::ProtectedContext)
-      Rails::ConsoleMethods.include(Console1984::Commands)
-    end
-
-    ACTIVE_RECORD_CONNECTION_ADAPTERS = %w[ActiveRecord::ConnectionAdapters::Mysql2Adapter ActiveRecord::ConnectionAdapters::PostgreSQLAdapter ActiveRecord::ConnectionAdapters::SQLite3Adapter]
-
-    def extend_active_record
-      ACTIVE_RECORD_CONNECTION_ADAPTERS.each do |class_string|
-        if Object.const_defined?(class_string)
-          klass = class_string.constantize
-          klass.prepend(Console1984::ProtectedAuditableTables)
-          klass.include(Console1984::Freezeable)
-        end
-      end
-    end
-
-    def extend_socket_classes
-      socket_classes = [TCPSocket, OpenSSL::SSL::SSLSocket]
-      OpenSSL::SSL::SSLSocket.include(SSLSocketRemoteAddress)
-
-      if defined?(Redis::Connection)
-        socket_classes.push(*[Redis::Connection::TCPSocket, Redis::Connection::SSLSocket])
-      end
-
-      socket_classes.compact.each do |socket_klass|
-        socket_klass.prepend Console1984::ProtectedTcpSocket
-        socket_klass.freeze
-      end
-    end
-
-    module SSLSocketRemoteAddress
-      # Make it serve remote address as TCPSocket so that our extension works for it
-      def remote_address
-        Addrinfo.getaddrinfo(hostname, 443).first
-      end
-    end
-end