hooks-ruby 0.3.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/hooks/core/plugin_loader.rb +24 -7
  3. data/lib/hooks/plugins/auth/shared_secret.rb +4 -6
  4. data/lib/hooks/version.rb +1 -1
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8cd5b56450a97783c263526f9a1a9e3003f1ed587a0da12bfb7a21b428091d2b
4
- data.tar.gz: 67954e277623e99daafc8b3d86c9bdfa62b871319f4bff759789cd32048e752f
3
+ metadata.gz: 1f6bca4c82b0d3c507e2f772257a0e6ed5a30a072bb51b61da45d1c2688d99ba
4
+ data.tar.gz: c0d8a9f0aea0b3c5f039b7cb3354d418b79fab87aa14a4738ffb7ee04b554a2d
5
5
  SHA512:
6
- metadata.gz: 41cbc5a653f452e9c6da4ffd526a1b7ea37532712ae820223ccbdb93809789e949d4370fe5ba18036a0a08b8446280ff44471088703c296f769d8c83b6003cfa
7
- data.tar.gz: 99619a010a1fca90a1bda4f78850c66f705390be9677a1006cfdf72904e9ae0443bd1c0fed02dbbe014515c4df707a84b305460e111eb086fca76af3dec1ad61
6
+ metadata.gz: 0afe8a3b475163b154d7016b939fcf4fcdd40312534ea732018cc8cfe407823b3266d7c31881d010725bfa670927dfe6e6fd84663ca68ccb54dc27179fb01293
7
+ data.tar.gz: '04844e2020cc32371f889986c1eadc5c4cbd83bcac06a566466784ff306525e02713eb7f75838a304aa283b230b08b61760dc80f1e4fef993b2d163aaf587fbd'
data/lib/hooks/core/plugin_loader.rb CHANGED
@@ -205,7 +205,11 @@ module Hooks
205
205
  require file_path
206
206
 
207
207
  # Get the class and validate it
208
- auth_plugin_class = Object.const_get("Hooks::Plugins::Auth::#{class_name}")
208
+ auth_plugin_class = begin
209
+ Hooks::Plugins::Auth.const_get(class_name, false) # false = don't inherit from ancestors
210
+ rescue NameError
211
+ raise StandardError, "Auth plugin class not found in Hooks::Plugins::Auth namespace: #{class_name}"
212
+ end
209
213
  unless auth_plugin_class < Hooks::Plugins::Auth::Base
210
214
  raise StandardError, "Auth plugin class must inherit from Hooks::Plugins::Auth::Base: #{class_name}"
211
215
  end
@@ -239,8 +243,13 @@ module Hooks
239
243
  # Load the file
240
244
  require file_path
241
245
 
242
- # Get the class and validate it
243
- handler_class = Object.const_get(class_name)
246
+ # Get the class and validate it - use safe constant lookup
247
+ handler_class = begin
248
+ # Check if the constant exists in the global namespace for handlers
249
+ Object.const_get(class_name, false) # false = don't inherit from ancestors
250
+ rescue NameError
251
+ raise StandardError, "Handler class not found: #{class_name}"
252
+ end
244
253
  unless handler_class < Hooks::Plugins::Handlers::Base
245
254
  raise StandardError, "Handler class must inherit from Hooks::Plugins::Handlers::Base: #{class_name}"
246
255
  end
@@ -274,8 +283,12 @@ module Hooks
274
283
  # Load the file
275
284
  require file_path
276
285
 
277
- # Get the class and validate it
278
- lifecycle_class = Object.const_get(class_name)
286
+ # Get the class and validate it - use safe constant lookup
287
+ lifecycle_class = begin
288
+ Object.const_get(class_name, false) # false = don't inherit from ancestors
289
+ rescue NameError
290
+ raise StandardError, "Lifecycle plugin class not found: #{class_name}"
291
+ end
279
292
  unless lifecycle_class < Hooks::Plugins::Lifecycle
280
293
  raise StandardError, "Lifecycle plugin class must inherit from Hooks::Plugins::Lifecycle: #{class_name}"
281
294
  end
@@ -309,8 +322,12 @@ module Hooks
309
322
  # Load the file
310
323
  require file_path
311
324
 
312
- # Get the class and validate it
313
- instrument_class = Object.const_get(class_name)
325
+ # Get the class and validate it - use safe constant lookup
326
+ instrument_class = begin
327
+ Object.const_get(class_name, false) # false = don't inherit from ancestors
328
+ rescue NameError
329
+ raise StandardError, "Instrument plugin class not found: #{class_name}"
330
+ end
314
331
 
315
332
  # Determine instrument type based on inheritance
316
333
  if instrument_class < Hooks::Plugins::Instruments::StatsBase
data/lib/hooks/plugins/auth/shared_secret.rb CHANGED
@@ -68,23 +68,21 @@ module Hooks
68
68
  secret_header = validator_config[:header]
69
69
 
70
70
  # Find the secret header with case-insensitive matching
71
- raw_secret = find_header_value(headers, secret_header)
71
+ provided_secret = find_header_value(headers, secret_header)
72
72
 
73
- if raw_secret.nil? || raw_secret.empty?
73
+ if provided_secret.nil? || provided_secret.empty?
74
74
  log.warn("Auth::SharedSecret validation failed: Missing or empty secret header '#{secret_header}'")
75
75
  return false
76
76
  end
77
77
 
78
78
  # Validate secret format using shared validation
79
- unless valid_header_value?(raw_secret, "Secret")
79
+ unless valid_header_value?(provided_secret, "Secret")
80
80
  log.warn("Auth::SharedSecret validation failed: Invalid secret format")
81
81
  return false
82
82
  end
83
83
 
84
- stripped_secret = raw_secret.strip
85
-
86
84
  # Use secure comparison to prevent timing attacks
87
- result = Rack::Utils.secure_compare(secret, stripped_secret)
85
+ result = Rack::Utils.secure_compare(secret, provided_secret)
88
86
  if result
89
87
  log.debug("Auth::SharedSecret validation successful for header '#{secret_header}'")
90
88
  else
data/lib/hooks/version.rb CHANGED
@@ -4,5 +4,5 @@
4
4
  module Hooks
5
5
  # Current version of the Hooks webhook framework
6
6
  # @return [String] The version string following semantic versioning
7
- VERSION = "0.3.1".freeze
7
+ VERSION = "0.3.2".freeze
8
8
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hooks-ruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.3.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - github