console1984 0.2.2 → 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +27 -4
- data/Rakefile +0 -2
- data/app/jobs/console1984/incineration_job.rb +2 -0
- data/lib/console1984/command_validator/.command_parser.rb +2 -2
- data/lib/console1984/engine.rb +4 -0
- data/lib/console1984/ext/active_record/protected_auditable_tables.rb +9 -1
- data/lib/console1984/input_output.rb +8 -2
- data/lib/console1984/query_auditor.rb +40 -0
- data/lib/console1984/version.rb +1 -1
- metadata +18 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 62a1a63354e44bfc19ab3ca033e14a44505c55832aa150ae1fc11b77b8d01919
|
|
4
|
+
data.tar.gz: beef047a7ec407f4fac7d08601a7522689d2cb0365d186447a4f4bbf0f06ebfe
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 925ef9d2ec34d823fe1ed7714164ca6ef7842e91f952c8746fdc60d53d8e5e7a9870a0b0883c702f5d5f7f26f653251f09325814bac8b504a8d40de2eab2b67a
|
|
7
|
+
data.tar.gz: a362cb02f0499406b7aea4e9e415265ceabefe9aaeb4661fe6097789252c746a4fd52d8faad4aaed56b7c5b48abefc1045cc539cf605077327300ec9d1b94483
|
data/README.md
CHANGED
|
@@ -192,8 +192,31 @@ The test suite runs against SQLite by default, but can be run against Postgres a
|
|
|
192
192
|
To run the suite in your computer, first, run `bin/setup` to create the docker containers for MySQL/PostgreSQL and create the databases. Then run:
|
|
193
193
|
|
|
194
194
|
```bash
|
|
195
|
-
bin/rails test # against SQLite (default)
|
|
196
|
-
bin/rails test TARGET_DB=mysql
|
|
197
|
-
bin/rails test TARGET_DB=postgres
|
|
198
|
-
bin/rails test TARGET_DB=sqlite
|
|
195
|
+
bin/rails test # against SQLite (default)
|
|
196
|
+
bin/rails test TARGET_DB=mysql
|
|
197
|
+
bin/rails test TARGET_DB=postgres
|
|
198
|
+
bin/rails test TARGET_DB=sqlite
|
|
199
|
+
```
|
|
200
|
+
|
|
201
|
+
### Testing against different Rails versions
|
|
202
|
+
|
|
203
|
+
This project uses [Appraisal](https://github.com/thoughtbot/appraisal) to test against multiple Rails versions. The `Appraisals` file defines the matrix and the generated gemfiles live in `gemfiles/`.
|
|
204
|
+
|
|
205
|
+
To run tests against a specific Rails version:
|
|
206
|
+
|
|
207
|
+
```bash
|
|
208
|
+
bundle exec appraisal rails-8-0 bin/rails test
|
|
209
|
+
bundle exec appraisal rails-8-1 bin/rails test
|
|
210
|
+
```
|
|
211
|
+
|
|
212
|
+
To run tests against all Rails versions:
|
|
213
|
+
|
|
214
|
+
```bash
|
|
215
|
+
bundle exec appraisal bin/rails test
|
|
216
|
+
```
|
|
217
|
+
|
|
218
|
+
To regenerate the appraisal gemfiles after changing the `Appraisals` file:
|
|
219
|
+
|
|
220
|
+
```bash
|
|
221
|
+
bundle exec appraisal install
|
|
199
222
|
```
|
data/Rakefile
CHANGED
|
@@ -40,7 +40,7 @@ class Console1984::CommandValidator::CommandParser < ::Parser::AST::Processor
|
|
|
40
40
|
def on_const(node)
|
|
41
41
|
super
|
|
42
42
|
name, const_name = *node
|
|
43
|
-
const_name = const_name.to_s
|
|
43
|
+
const_name = const_name.to_s.dup
|
|
44
44
|
last_constant = @constants.last
|
|
45
45
|
|
|
46
46
|
if name.nil? || (name && name.type == :cbase) # cbase = leading ::
|
|
@@ -56,7 +56,7 @@ class Console1984::CommandValidator::CommandParser < ::Parser::AST::Processor
|
|
|
56
56
|
|
|
57
57
|
def on_casgn(node)
|
|
58
58
|
super
|
|
59
|
-
|
|
59
|
+
_, _, value_node = *node
|
|
60
60
|
@constant_assignments.push(*extract_constants(value_node))
|
|
61
61
|
end
|
|
62
62
|
|
data/lib/console1984/engine.rb
CHANGED
|
@@ -5,7 +5,7 @@ module Console1984::Ext::ActiveRecord::ProtectedAuditableTables
|
|
|
5
5
|
%i[ execute exec_query exec_insert exec_delete exec_update exec_insert_all ].each do |method|
|
|
6
6
|
define_method method do |*args, **kwargs|
|
|
7
7
|
sql = args.first
|
|
8
|
-
if Console1984.command_executor.executing_user_command? && sql
|
|
8
|
+
if Console1984.command_executor.executing_user_command? && auditable_sql(sql) =~ auditable_tables_regexp
|
|
9
9
|
raise Console1984::Errors::ForbiddenCommandAttempted, "#{sql}"
|
|
10
10
|
else
|
|
11
11
|
super(*args, **kwargs)
|
|
@@ -14,6 +14,14 @@ module Console1984::Ext::ActiveRecord::ProtectedAuditableTables
|
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
private
|
|
17
|
+
# exec_insert_all receives an ActiveRecord::InsertAll, not a SQL string, so
|
|
18
|
+
# #b is undefined on it. Check its target table name instead, so insert_all
|
|
19
|
+
# and upsert_all don't blow up when run from the console.
|
|
20
|
+
def auditable_sql(sql)
|
|
21
|
+
string = sql.is_a?(String) ? sql : (sql.try(:model)&.table_name || sql.to_s)
|
|
22
|
+
string.b
|
|
23
|
+
end
|
|
24
|
+
|
|
17
25
|
def auditable_tables_regexp
|
|
18
26
|
@auditable_tables_regexp ||= Regexp.new("#{auditable_tables.join("|")}")
|
|
19
27
|
end
|
|
@@ -31,7 +31,13 @@ module Console1984::InputOutput
|
|
|
31
31
|
|
|
32
32
|
def ask_for_value(message)
|
|
33
33
|
puts Rainbow("#{message}").green
|
|
34
|
-
|
|
35
|
-
|
|
34
|
+
original_output_modifier_proc = Reline.output_modifier_proc
|
|
35
|
+
begin
|
|
36
|
+
Reline.output_modifier_proc = nil
|
|
37
|
+
reason = Reline.readline.strip until reason.present?
|
|
38
|
+
reason
|
|
39
|
+
ensure
|
|
40
|
+
Reline.output_modifier_proc = original_output_modifier_proc
|
|
41
|
+
end
|
|
36
42
|
end
|
|
37
43
|
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
class Console1984::QueryAuditor
|
|
2
|
+
mattr_accessor :known_agents, default: {
|
|
3
|
+
"CLAUDECODE" => "Claude Code",
|
|
4
|
+
"CODEX_THREAD_ID" => "Codex"
|
|
5
|
+
}
|
|
6
|
+
|
|
7
|
+
def self.install
|
|
8
|
+
ActiveSupport::Notifications.subscribe("query.rails", new)
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def start(name, id, payload)
|
|
12
|
+
return unless Console1984.running_protected_environment?
|
|
13
|
+
|
|
14
|
+
Console1984.session_logger.start_session(resolved_username, session_reason)
|
|
15
|
+
Console1984.session_logger.before_executing([ payload[:expression].to_s ])
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def finish(name, id, payload)
|
|
19
|
+
return unless Console1984.running_protected_environment?
|
|
20
|
+
|
|
21
|
+
Console1984.session_logger.finish_session
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
private
|
|
25
|
+
def resolved_username
|
|
26
|
+
Console1984.username_resolver.current.presence || "unknown"
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def session_reason
|
|
30
|
+
if agent = detected_agent
|
|
31
|
+
"rails query (via #{agent})"
|
|
32
|
+
else
|
|
33
|
+
"rails query"
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
def detected_agent
|
|
38
|
+
known_agents.find { |var, _| ENV[var].present? }&.last
|
|
39
|
+
end
|
|
40
|
+
end
|
data/lib/console1984/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: console1984
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jorge Manrubia
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: rainbow
|
|
@@ -220,7 +219,20 @@ dependencies:
|
|
|
220
219
|
- - ">="
|
|
221
220
|
- !ruby/object:Gem::Version
|
|
222
221
|
version: '0'
|
|
223
|
-
|
|
222
|
+
- !ruby/object:Gem::Dependency
|
|
223
|
+
name: ostruct
|
|
224
|
+
requirement: !ruby/object:Gem::Requirement
|
|
225
|
+
requirements:
|
|
226
|
+
- - ">="
|
|
227
|
+
- !ruby/object:Gem::Version
|
|
228
|
+
version: '0'
|
|
229
|
+
type: :development
|
|
230
|
+
prerelease: false
|
|
231
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
232
|
+
requirements:
|
|
233
|
+
- - ">="
|
|
234
|
+
- !ruby/object:Gem::Version
|
|
235
|
+
version: '0'
|
|
224
236
|
email:
|
|
225
237
|
- jorge@basecamp.com
|
|
226
238
|
executables: []
|
|
@@ -263,6 +275,7 @@ files:
|
|
|
263
275
|
- lib/console1984/input_output.rb
|
|
264
276
|
- lib/console1984/messages.rb
|
|
265
277
|
- lib/console1984/protections_config.rb
|
|
278
|
+
- lib/console1984/query_auditor.rb
|
|
266
279
|
- lib/console1984/refrigerator.rb
|
|
267
280
|
- lib/console1984/sessions_logger/database.rb
|
|
268
281
|
- lib/console1984/shield.rb
|
|
@@ -283,7 +296,6 @@ licenses:
|
|
|
283
296
|
- MIT
|
|
284
297
|
metadata:
|
|
285
298
|
allowed_push_host: https://rubygems.org
|
|
286
|
-
post_install_message:
|
|
287
299
|
rdoc_options: []
|
|
288
300
|
require_paths:
|
|
289
301
|
- lib
|
|
@@ -298,8 +310,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
298
310
|
- !ruby/object:Gem::Version
|
|
299
311
|
version: '0'
|
|
300
312
|
requirements: []
|
|
301
|
-
rubygems_version:
|
|
302
|
-
signing_key:
|
|
313
|
+
rubygems_version: 4.0.3
|
|
303
314
|
specification_version: 4
|
|
304
315
|
summary: Your Rails console, 1984 style
|
|
305
316
|
test_files: []
|