console1984 0.1.16 → 0.1.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 58a963520fed8a86952cee9b02443b61d42ac4bf0a80d1abaabfd3ff390f431b
|
|
4
|
+
data.tar.gz: a63a68db2a2e46a129f4f97f79a59b41a88fe98ecb9d6028d67ca0e8d4b1e6fa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2bb93f84dc7e078b4d357739b337b2277fce627408cb619c816a04fc94db7451faf7d2095d0861ca211726ce973481161ae47c4add5e185c8813904462d1c011
|
|
7
|
+
data.tar.gz: d1b623b30f72e49d744934e4623159bfabf5cd7b9a4fab94fc08c26c30fc8bf1115bd70bf4b92b12609874d6ab75dc0d978663079745df2b9b1e238cadaf11ed
|
|
@@ -10,6 +10,7 @@ class Console1984::CommandExecutor
|
|
|
10
10
|
include Console1984::Freezeable
|
|
11
11
|
|
|
12
12
|
delegate :username_resolver, :session_logger, :shield, to: Console1984
|
|
13
|
+
attr_reader :last_suspicious_command_error
|
|
13
14
|
|
|
14
15
|
# Logs and validates +commands+, and executes the passed block in a protected environment.
|
|
15
16
|
#
|
|
@@ -19,14 +20,14 @@ class Console1984::CommandExecutor
|
|
|
19
20
|
run_as_system { session_logger.before_executing commands }
|
|
20
21
|
validate_command commands
|
|
21
22
|
execute_in_protected_mode(&block)
|
|
22
|
-
rescue Console1984::Errors::ForbiddenCommandAttempted, FrozenError
|
|
23
|
-
flag_suspicious(commands)
|
|
24
|
-
rescue Console1984::Errors::SuspiciousCommandAttempted
|
|
25
|
-
flag_suspicious(commands)
|
|
23
|
+
rescue Console1984::Errors::ForbiddenCommandAttempted, FrozenError => error
|
|
24
|
+
flag_suspicious(commands, error: error)
|
|
25
|
+
rescue Console1984::Errors::SuspiciousCommandAttempted => error
|
|
26
|
+
flag_suspicious(commands, error: error)
|
|
26
27
|
execute_in_protected_mode(&block)
|
|
27
|
-
rescue Console1984::Errors::ForbiddenCommandExecuted
|
|
28
|
+
rescue Console1984::Errors::ForbiddenCommandExecuted => error
|
|
28
29
|
# We detected that a forbidden command was executed. We exit IRB right away.
|
|
29
|
-
flag_suspicious(commands)
|
|
30
|
+
flag_suspicious(commands, error: error)
|
|
30
31
|
Console1984.supervisor.exit_irb
|
|
31
32
|
ensure
|
|
32
33
|
run_as_system { session_logger.after_executing commands }
|
|
@@ -70,11 +71,7 @@ class Console1984::CommandExecutor
|
|
|
70
71
|
end
|
|
71
72
|
|
|
72
73
|
def from_irb?(backtrace)
|
|
73
|
-
executing_user_command? && backtrace.
|
|
74
|
-
line_from_irb = line =~ /^[^\/]/
|
|
75
|
-
break if !(line =~ /console1984\/lib/ || line_from_irb)
|
|
76
|
-
line_from_irb
|
|
77
|
-
end
|
|
74
|
+
executing_user_command? && backtrace.first.to_s =~ /^[^\/]/
|
|
78
75
|
end
|
|
79
76
|
|
|
80
77
|
private
|
|
@@ -86,9 +83,10 @@ class Console1984::CommandExecutor
|
|
|
86
83
|
Console1984::CommandValidator.from_config(Console1984.protections_config.validations)
|
|
87
84
|
end
|
|
88
85
|
|
|
89
|
-
def flag_suspicious(commands)
|
|
86
|
+
def flag_suspicious(commands, error: nil)
|
|
90
87
|
puts "Forbidden command attempted: #{commands.join("\n")}"
|
|
91
88
|
run_as_system { session_logger.suspicious_commands_attempted commands }
|
|
89
|
+
@last_suspicious_command_error = error
|
|
92
90
|
nil
|
|
93
91
|
end
|
|
94
92
|
|
|
@@ -16,7 +16,7 @@ module Console1984::Ext::Core::Object
|
|
|
16
16
|
|
|
17
17
|
class_methods do
|
|
18
18
|
def const_get(*arguments)
|
|
19
|
-
if Console1984.command_executor.
|
|
19
|
+
if Console1984.command_executor.from_irb?(caller)
|
|
20
20
|
begin
|
|
21
21
|
# To validate if it's an invalid constant, we try to declare a class with it.
|
|
22
22
|
# We essentially leverage Console1984::CommandValidator::ForbiddenReopeningValidation here:
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# Prevents loading forbidden classes dynamically.
|
|
2
|
+
#
|
|
3
|
+
# See extension to +Console1984::Ext::Core::Object#const_get+.
|
|
4
|
+
module Console1984::Ext::Core::String
|
|
5
|
+
extend ActiveSupport::Concern
|
|
6
|
+
|
|
7
|
+
include Console1984::Freezeable
|
|
8
|
+
self.prevent_instance_data_manipulation_after_freezing = false
|
|
9
|
+
|
|
10
|
+
def constantize
|
|
11
|
+
if Console1984.command_executor.from_irb?(caller)
|
|
12
|
+
begin
|
|
13
|
+
Console1984.command_executor.validate_command("class #{self}; end")
|
|
14
|
+
super
|
|
15
|
+
rescue Console1984::Errors::ForbiddenCommandAttempted
|
|
16
|
+
raise
|
|
17
|
+
rescue StandardError
|
|
18
|
+
super
|
|
19
|
+
end
|
|
20
|
+
else
|
|
21
|
+
super
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -13,4 +13,13 @@ module Console1984::Ext::Irb::Commands
|
|
|
13
13
|
def encrypt!
|
|
14
14
|
shield.enable_protected_mode
|
|
15
15
|
end
|
|
16
|
+
|
|
17
|
+
# This returns the last error that prevented a command execution in the console
|
|
18
|
+
# or nil if there isn't any.
|
|
19
|
+
#
|
|
20
|
+
# This is meant for internal usage when debugging legit commands that are wrongly
|
|
21
|
+
# prevented.
|
|
22
|
+
def _console_last_suspicious_command_error
|
|
23
|
+
Console1984.command_executor.last_suspicious_command_error
|
|
24
|
+
end
|
|
16
25
|
end
|
data/lib/console1984/shield.rb
CHANGED
data/lib/console1984/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: console1984
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.17
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jorge Manrubia
|
|
@@ -225,6 +225,7 @@ files:
|
|
|
225
225
|
- lib/console1984/ext/active_record/protected_auditable_tables.rb
|
|
226
226
|
- lib/console1984/ext/core/module.rb
|
|
227
227
|
- lib/console1984/ext/core/object.rb
|
|
228
|
+
- lib/console1984/ext/core/string.rb
|
|
228
229
|
- lib/console1984/ext/irb/commands.rb
|
|
229
230
|
- lib/console1984/ext/irb/context.rb
|
|
230
231
|
- lib/console1984/ext/socket/tcp_socket.rb
|