console1984 0.1.7 → 0.1.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 498f37bd3803f7f76e073d91f51e2dc69fc8a00fc575392c3869b2ae4d65d9bf
-  data.tar.gz: 1675df589a603042a54e6de8b835e4434f5a112158521379553e9875b25c9eeb
+  metadata.gz: bc64d037f2de5570292e0b09710b4543a68ba1af12759150cc68e7b7f4dd6e16
+  data.tar.gz: c5929af5061393a32c4df38022535d53c62aaaabe951727798e340322fb0d950
 SHA512:
-  metadata.gz: aa0edb371ac31cd2b87e1b8ddb833482516bed91ff3a5c85c12c10c2206ce7dbe8aba514a6a3aecc2e5d594eee527db78b270cd0789484960c7c98e55ca504aa
-  data.tar.gz: bc595388d7ca433c22a1ccc17a5bb28759cc0b0dd8b5267a061456ad0e17de58be0f95a129689e7fbe88915c709af82d0efd70a3f410f4b40cb0f7e767fa7cb6
+  metadata.gz: b64f422bcdd421e7a874af965c9ee615f6d873e0d2a685d68667216fd1ee91d4e8e4815d4dd9e78ef7838a75763fb898be1f328c8466a137f1782a4121531da6
+  data.tar.gz: ce7e1f60bfdb666abe3c85a02ddaa1ac25344c994a1471ec64d07cd15f8aac5735bcd0608497e71d9813cf111cdb76f414a2373eb8dbef14b983757ba3876812

data/README.md

@@ -106,11 +106,7 @@ irb(main)> Topic.last.name
 => "{\"p\":\"iu6+LfnNlurC6sL++JyOIDvedjNSz/AvnZQ=\",\"h\":{\"iv\":\"BYa86+JNM/LdkC18\",\"at\":\"r4sQNoSyIlAjJdZEKHVMow==\",\"k\":{\"p\":\"7L1l/5UiYsFQqqo4jfMZtLwp90KqcrIgS7HqgteVjuM=\",\"h\":{\"iv\":\"ItwRYxZAerKIoSZ8\",\"at\":\"ZUSNVfvtm4wAYWLBKRAx/g==\",\"e\":\"QVNDSUktOEJJVA==\"}},\"i\":\"OTdiOQ==\"}}"
 ```
 
-While in protected mode, you can't modify encrypted data, but can save unencrypted attributes normally. If you try to modify an encrypted column it will raise an error:
-
-```ruby
-irb(main)> Rails.cache.read("some key") # raises Console1984::Errors::ProtectedConnection
-```
+While in protected mode, you can't modify encrypted data, but can save unencrypted attributes normally. If you try to modify an encrypted column it will raise an error.
 
 ### Access to external systems
 
@@ -122,7 +118,13 @@ To protect the access to such systems, you can add their URLs to `config.console
 config.console1984.protected_urls = [ "https://my-app-us-east-1-whatever.us-east-1.es.amazonaws.com", "redis://my-app-cache-1.whatever.cache.amazonaws.com:6379" ]
 ```
 
-As with encryption data, running `decrypt!` will let you access these systems normally. The system will ask for a justfication and will flag those accesses as sensitive.
+In the default protected mode, trying to read data from a protected system will be aborted with an error:
+
+```ruby
+irb(main)> Rails.cache.read("some key") # raises Console1984::Errors::ProtectedConnection
+```
+
+Running `decrypt!` will switch you to unprotected mode and let you access these systems normally. The system will ask for a justfication and will flag those accesses as sensitive.
 
 This will work for systems that use Ruby sockets as the underlying communication mechanism.
 

data/config/protections.yml

@@ -0,0 +1,30 @@
+static_validations:
+  forbidden_reopening:
+    - ActiveRecord
+    - Console1984
+    - PG
+    - Mysql2
+  forbidden_constant_reference:
+    always:
+      - Console1984
+    protected:
+      - PG
+      - Mysql2
+      - ActiveRecord::ActiveRecordEncryption
+  suspicious_terms:
+    - console_1984
+    - Console1984
+    - secret
+    - credentials
+forbidden_methods:
+  always:
+  user:
+    Kernel:
+      - eval
+    Object:
+      - eval
+    BasicObject:
+      - eval
+      - instance_eval
+    Module:
+      - class_eval

data/lib/console1984/command_executor.rb

@@ -19,13 +19,11 @@ class Console1984::CommandExecutor
     run_as_system { session_logger.before_executing commands }
     validate_command commands
     execute_in_protected_mode(&block)
-  rescue Console1984::Errors::ForbiddenCommand, FrozenError
+  rescue Console1984::Errors::ForbiddenCommand, FrozenError => e
     flag_suspicious(commands)
   rescue Console1984::Errors::SuspiciousCommand
     flag_suspicious(commands)
     execute_in_protected_mode(&block)
-  rescue FrozenError
-    flag_suspicious(commands)
   ensure
     run_as_system { session_logger.after_executing commands }
   end
@@ -68,14 +66,12 @@ class Console1984::CommandExecutor
   end
 
   private
-    COMMAND_VALIDATOR_CONFIG_FILE_PATH = Console1984::Engine.root.join("config/command_protections.yml")
-
     def command_validator
       @command_validator ||= build_command_validator
     end
 
     def build_command_validator
-      Console1984::CommandValidator.from_config(YAML.safe_load(File.read(COMMAND_VALIDATOR_CONFIG_FILE_PATH)).symbolize_keys)
+      Console1984::CommandValidator.from_config(Console1984.protections_config.static_validations)
     end
 
     def flag_suspicious(commands)

data/lib/console1984/command_validator/forbidden_constant_reference_validation.rb

@@ -24,7 +24,7 @@ class Console1984::CommandValidator::ForbiddenConstantReferenceValidation
 
   private
     def contains_invalid_const_reference?(parsed_command, banned_constants)
-      parsed_command.constants.find do |constant_name|
+      (parsed_command.constants + parsed_command.constant_assignments).find do |constant_name|
         banned_constants.find { |banned_constant| "#{constant_name}::".start_with?("#{banned_constant}::") }
       end
     end

data/lib/console1984/command_validator/forbidden_reopening_validation.rb

@@ -18,7 +18,7 @@ class Console1984::CommandValidator::ForbiddenReopeningValidation
 
   private
     def contains_invalid_class_or_module_declaration?(parsed_command)
-      parsed_command.declared_classes_or_modules.find { |class_or_module_name| banned?(class_or_module_name) }
+      (parsed_command.declared_classes_or_modules + parsed_command.constant_assignments).find { |class_or_module_name| banned?(class_or_module_name) }
     end
 
     def banned?(class_or_module_name)

data/lib/console1984/command_validator/parsed_command.rb

@@ -6,7 +6,7 @@ class Console1984::CommandValidator::ParsedCommand
 
   attr_reader :raw_command
 
-  delegate :declared_classes_or_modules, :constants, to: :processed_ast
+  delegate :declared_classes_or_modules, :constants, :constant_assignments, to: :processed_ast
 
   def initialize(raw_command)
     @raw_command = Array(raw_command).join("\n")
@@ -26,20 +26,33 @@ class Console1984::CommandValidator::ParsedCommand
       include AST::Processor::Mixin
       include Console1984::Freezeable
 
-      attr_reader :constants, :declared_classes_or_modules
-
       def initialize
         @constants = []
         @declared_classes_or_modules = []
+        @constant_assignments = []
+      end
+
+      # We define accessors to define lists without duplicates. We are not using a +SortedSet+ because we want
+      # to mutate strings in the list while the processing is happening. And we don't use metapgroamming to define the
+      # accessors to prevent having problems with freezable and its instance_variable* protection.
+
+      def constants
+        @constants.uniq
+      end
+
+      def declared_classes_or_modules
+        @declared_classes_or_modules.uniq
+      end
+
+      def constant_assignments
+        @constant_assignments.uniq
       end
 
       def on_class(node)
         super
         const_declaration, _, _ = *node
-
-        processor = self.class.new
-        processor.process(const_declaration)
-        @declared_classes_or_modules << processor.constants.first if processor.constants.present?
+        constant = extract_constants(const_declaration).first
+        @declared_classes_or_modules << constant if constant.present?
       end
 
       alias_method :on_module, :on_class
@@ -60,5 +73,18 @@ class Console1984::CommandValidator::ParsedCommand
           last_constant << "::#{const_name}"
         end
       end
+
+      def on_casgn(node)
+        super
+        scope_node, name, value_node = *node
+        @constant_assignments.push(*extract_constants(value_node))
+      end
+
+      private
+        def extract_constants(node)
+          self.class.new.tap do |processor|
+            processor.process(node)
+          end.constants
+        end
     end
 end

data/lib/console1984/config.rb

@@ -4,11 +4,14 @@
 class Console1984::Config
   include Console1984::Freezeable, Console1984::Messages
 
+  PROTECTIONS_CONFIG_FILE_PATH = Console1984::Engine.root.join("config/protections.yml")
+
   PROPERTIES = %i[
     session_logger username_resolver shield command_executor
     protected_environments protected_urls
     production_data_warning enter_unprotected_encryption_mode_warning enter_protected_mode_warning
     incinerate incinerate_after incineration_queue
+    protections_config
     debug test_mode
   ]
 
@@ -24,9 +27,14 @@ class Console1984::Config
     end
   end
 
+  # Initialize lazily so that it only gets instantiated during console sessions
+  def protections_config
+    @protections_config ||= Console1984::ProtectionsConfig.new(YAML.safe_load(File.read(PROTECTIONS_CONFIG_FILE_PATH)).symbolize_keys)
+  end
+
   def freeze
     super
-    [ protected_urls ].each(&:freeze)
+    [ protected_urls, protections_config ].each(&:freeze)
   end
 
   private

data/lib/console1984/engine.rb

@@ -10,7 +10,7 @@ module Console1984
 
     initializer "console1984.config" do
       config.console1984.each do |key, value|
-        Console1984.config.send("#{key}=", value) unless %i[ protected_urls protected_environments ].include?(key.to_sym)
+        Console1984.config.send("#{key}=", value)
       end
     end
 

data/lib/console1984/ext/active_record/protected_auditable_tables.rb

@@ -19,7 +19,7 @@ module Console1984::Ext::ActiveRecord::ProtectedAuditableTables
     end
 
     def auditable_tables
-      @auditable_tables ||= auditable_models.collect(&:table_name)
+      @auditable_tables ||= Console1984.command_executor.run_as_system { auditable_models.collect(&:table_name) }
     end
 
     def auditable_models

data/lib/console1984/ext/core/module.rb

@@ -0,0 +1,15 @@
+# Extends +Module+ to prevent invoking class_eval in user commands.
+#
+# We don't use the built-in configurable system from protections.yml because we use
+# class_eval ourselves to implement it!
+module Console1984::Ext::Core::Module
+  extend ActiveSupport::Concern
+
+  def instance_eval(*)
+    if Console1984.command_executor.executing_user_command?
+      raise Console1984::Errors::ForbiddenCommand
+    else
+      super
+    end
+  end
+end

data/lib/console1984/ext/core/object.rb

@@ -12,6 +12,7 @@ module Console1984::Ext::Core::Object
   extend ActiveSupport::Concern
 
   include Console1984::Freezeable
+  self.prevent_instance_data_manipulation_after_freezing = false
 
   class_methods do
     def const_get(*arguments)

data/lib/console1984/ext/socket/tcp_socket.rb

@@ -28,12 +28,16 @@ module Console1984::Ext::Socket::TcpSocket
     end
 
     def protected_addresses
-      @protected_addresses ||= Console1984::Shield::Modes::PROTECTED_MODE.currently_protected_urls.collect do |url|
+      @protected_addresses ||= protected_urls.collect do |url|
         host, port = host_and_port_from(url)
         Array(Addrinfo.getaddrinfo(host, port)).collect { |addrinfo| ComparableAddress.new(addrinfo) if addrinfo.ip_address }
       end.flatten.compact.uniq
     end
 
+    def protected_urls
+      Console1984::Shield::Modes::PROTECTED_MODE.currently_protected_urls || []
+    end
+
     def host_and_port_from(url)
       URI(url).then do |parsed_uri|
         if parsed_uri.host

data/lib/console1984/freezeable.rb

@@ -13,18 +13,24 @@
 # will look through all the modules/classes freezing them. This way, we can control
 # the moment where we stop classes from being modifiable at setup time.
 module Console1984::Freezeable
-  extend ActiveSupport::Concern
-
   mattr_reader :to_freeze, default: Set.new
 
-  included do
-    Console1984::Freezeable.to_freeze << self
+  # Not using ActiveSupport::Concern because a bunch of classes skip its +.invoked+ hook which
+  # is terrible for our purposes. This happened because it was being included in parent classes
+  # (such as Object), so it was skipping the include block.
+  def self.included(base)
+    Console1984::Freezeable.to_freeze << base
+    base.extend ClassMethods
+
+    # Flag to control manipulating instance data via instance_variable_get and instance_variable_set.
+    # true by default.
+    base.thread_mattr_accessor :prevent_instance_data_manipulation_after_freezing, default: true
   end
 
-  class_methods do
+  module ClassMethods
     SENSITIVE_INSTANCE_METHODS = %i[ instance_variable_get instance_variable_set ]
 
-    def prevent_sensitive_overrides
+    def prevent_instance_data_manipulation
       SENSITIVE_INSTANCE_METHODS.each do |method|
         prevent_sensitive_method method
       end
@@ -51,7 +57,7 @@ module Console1984::Freezeable
       end
 
       def freeze_class_or_module(class_or_module)
-        class_or_module.prevent_sensitive_overrides
+        class_or_module.prevent_instance_data_manipulation if class_or_module.prevent_instance_data_manipulation_after_freezing
         class_or_module.freeze
       end
 

data/lib/console1984/protections_config.rb

@@ -0,0 +1,17 @@
+class Console1984::ProtectionsConfig
+  include Console1984::Freezeable
+
+  delegate :static_validations, to: :instance
+
+  attr_reader :config
+
+  def initialize(config)
+    @config = config
+  end
+
+  %i[ static_validations forbidden_methods ].each do |method_name|
+    define_method method_name do
+      config[method_name].symbolize_keys
+    end
+  end
+end

data/lib/console1984/refrigerator.rb

@@ -0,0 +1,32 @@
+# Freezes classes to prevent tampering them
+class Console1984::Refrigerator
+  include Console1984::Freezeable
+
+  def freeze_all
+    eager_load_all_classes
+    freeze_internal_instances # internal modules and classes are frozen by including Console1984::Freezable
+    freeze_external_modules_and_classes
+
+    Console1984::Freezeable.freeze_all
+  end
+
+  private
+    EXTERNAL_MODULES_AND_CLASSES_TO_FREEZE = [Parser::CurrentRuby]
+
+    def freeze_internal_instances
+      Console1984.config.freeze unless Console1984.config.test_mode
+    end
+
+    def freeze_external_modules_and_classes
+      EXTERNAL_MODULES_AND_CLASSES_TO_FREEZE.each { |klass| klass.include(Console1984::Freezeable) }
+    end
+
+    def eager_load_all_classes
+      Rails.application.eager_load! unless Rails.application.config.eager_load
+      Console1984.class_loader.eager_load
+    end
+end
+
+class Parser::Ruby27
+  include Console1984::Freezeable
+end

data/lib/console1984/shield/method_invocation_shell.rb

@@ -0,0 +1,52 @@
+# Prevents invoking a configurable set of methods
+class Console1984::Shield::MethodInvocationShell
+  include Console1984::Freezeable
+
+  class << self
+    def install_for(config)
+      Array(config[:user]).each { |invocation| self.new(invocation, only_for_user_commands: true).prevent_methods_invocation }
+      Array(config[:system]).each { |invocation| self.new(invocation, only_for_user_commands: false).prevent_methods_invocation }
+    end
+  end
+
+  attr_reader :class_name, :methods, :only_for_user_commands
+
+  def initialize(invocation, only_for_user_commands:)
+    @class_name, methods = invocation.to_a
+    @methods = Array(methods)
+    @only_for_user_commands = only_for_user_commands
+  end
+
+  def prevent_methods_invocation
+    class_name.constantize.prepend build_protection_module
+  end
+
+  def build_protection_module
+    source = protected_method_invocations_source
+    Module.new do
+      class_eval <<~RUBY, __FILE__, __LINE__ + 1
+        #{source}
+      RUBY
+    end
+  end
+
+  def protected_method_invocations_source
+    methods.collect { |method| protected_method_invocation_source_for(method) }.join("\n")
+  end
+
+  def protected_method_invocation_source_for(method)
+    <<~RUBY
+      def #{method}(*args)
+        if (!#{only_for_user_commands} || Console1984.command_executor.executing_user_command?) && caller.find do |line|
+            line_from_irb = line =~ /^[^\\/]/
+            break if !(line =~ /console1984\\/lib/ || line_from_irb)
+            line_from_irb
+          end
+          raise Console1984::Errors::ForbiddenCommand
+        else
+          super
+        end
+      end
+    RUBY
+  end
+end

data/lib/console1984/shield.rb

@@ -19,7 +19,9 @@ class Console1984::Shield
   # that aren't mean to be modified once the console is running.
   def install
     extend_protected_systems
-    freeze_all
+    prevent_invoking_protected_methods
+
+    refrigerator.freeze_all
   end
 
   private
@@ -37,6 +39,7 @@ class Console1984::Shield
 
     def extend_core_ruby
       Object.prepend Console1984::Ext::Core::Object
+      Module.prepend Console1984::Ext::Core::Module
     end
 
     def extend_sockets
@@ -65,16 +68,12 @@ class Console1984::Shield
       end
     end
 
-    def freeze_all
-      eager_load_all_classes
-      Console1984.config.freeze unless Console1984.config.test_mode
-      Console1984::Freezeable.freeze_all
-      Parser::CurrentRuby.freeze
+    def prevent_invoking_protected_methods
+      MethodInvocationShell.install_for(Console1984.protections_config.forbidden_methods)
     end
 
-    def eager_load_all_classes
-      Rails.application.eager_load! unless Rails.application.config.eager_load
-      Console1984.class_loader.eager_load
+    def refrigerator
+      @refrigerator ||= Console1984::Refrigerator.new
     end
 
     module SSLSocketRemoteAddress

data/lib/console1984/version.rb

@@ -1,3 +1,3 @@
 module Console1984
-  VERSION = '0.1.7'
+  VERSION = '0.1.8'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: console1984
 version: !ruby/object:Gem::Version
-  version: 0.1.7
+  version: 0.1.8
 platform: ruby
 authors:
 - Jorge Manrubia
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-09-04 00:00:00.000000000 Z
+date: 2021-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: colorize
@@ -195,7 +195,7 @@ files:
 - app/models/console1984/session.rb
 - app/models/console1984/session/incineratable.rb
 - app/models/console1984/user.rb
-- config/command_protections.yml
+- config/protections.yml
 - db/migrate/20210517203931_create_console1984_tables.rb
 - lib/console1984.rb
 - lib/console1984/command_executor.rb
@@ -208,6 +208,7 @@ files:
 - lib/console1984/engine.rb
 - lib/console1984/errors.rb
 - lib/console1984/ext/active_record/protected_auditable_tables.rb
+- lib/console1984/ext/core/module.rb
 - lib/console1984/ext/core/object.rb
 - lib/console1984/ext/irb/commands.rb
 - lib/console1984/ext/irb/context.rb
@@ -215,8 +216,11 @@ files:
 - lib/console1984/freezeable.rb
 - lib/console1984/input_output.rb
 - lib/console1984/messages.rb
+- lib/console1984/protections_config.rb
+- lib/console1984/refrigerator.rb
 - lib/console1984/sessions_logger/database.rb
 - lib/console1984/shield.rb
+- lib/console1984/shield/method_invocation_shell.rb
 - lib/console1984/shield/modes.rb
 - lib/console1984/shield/modes/protected.rb
 - lib/console1984/shield/modes/unprotected.rb

data/config/command_protections.yml

@@ -1,17 +0,0 @@
-forbidden_reopening:
-  - ActiveRecord
-  - Console1984
-  - PG
-  - Mysql2
-forbidden_constant_reference:
-  always:
-    - Console1984
-  protected:
-    - PG
-    - Mysql2
-    - ActiveRecord::ActiveRecordEncryption
-suspicious_terms:
-  - console_1984
-  - Console1984
-  - secret
-  - credentials