immunio 0.15.2

data/lib/immunio/plugins/devise.rb

@@ -0,0 +1,40 @@
+# Register callbacks using Devise internals.
+
+begin
+  require "devise"
+rescue LoadError # rubocop:disable Lint/HandleExceptions
+  # Ignore
+end
+
+if defined? Devise
+  module Immunio
+    # Hook into password recovery feature to trigger the `framework_password_reset` hook.
+    module DeviseRecoverableHooks
+      extend ActiveSupport::Concern
+
+      included do
+        alias_method_chain :send_reset_password_instructions, :immunio
+      end
+
+      def send_reset_password_instructions_with_immunio(attributes={})
+        Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+          Immunio.logger.debug "Devise instrumentation fired for send_reset_password_instructions"
+
+          recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
+
+          if recoverable.persisted? # Found
+            Immunio.password_reset user_record: recoverable, plugin: 'devise'
+          else
+            Immunio.failed_password_reset email: recoverable.email, plugin: 'devise'
+          end
+
+          Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
+            send_reset_password_instructions_without_immunio(attributes)
+          end
+        end
+      end
+    end
+  end
+
+  Devise::Models::Recoverable::ClassMethods.send :include, Immunio::DeviseRecoverableHooks
+end

data/lib/immunio/plugins/environment_reporter.rb

@@ -0,0 +1,69 @@
+# Report environment data on the first request.
+#
+# XXX: Completely untested outside of MRI (official Ruby runtime) 1.9.3 and up!
+
+module Immunio
+  class EnvironmentReporter
+    def initialize(app)
+      @app = app
+
+      # No need for mutex, reporting environment is idempotent
+      @reported = false
+    end
+
+    def call(env)
+      response = @app.call(env)
+
+      # Report gem usage at the end so that everything as been loaded.
+      Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+        report if !@reported
+      end
+
+      response
+    end
+
+    def runtime_name
+      if Object.const_defined?(:RUBY_DESCRIPTION) && RUBY_DESCRIPTION =~ /Enterprise/
+        'ree'
+      elsif Object.const_defined? :RUBY_ENGINE
+        RUBY_ENGINE.to_s
+      else
+        'unknown'
+      end
+    end
+
+    def runtime_version
+      case runtime_name
+        when 'ruby' then RUBY_VERSION
+        when 'jruby' then JRUBY_VERSION
+        when 'rbx' then Rubinius::VERSION
+        else 'unknown'
+      end
+    end
+
+    def report
+      @reported = true
+
+      info = {
+        runtime: {
+          name: runtime_name,
+          version: runtime_version
+        },
+        language: {
+          name: 'ruby',
+          version: RUBY_VERSION
+        },
+        platform: {
+          description: RUBY_PLATFORM
+        },
+        dependencies: {}
+      }
+
+      Gem.loaded_specs.each_pair do |name, spec|
+        info[:dependencies][name] = spec.version.to_s
+      end
+
+      Immunio.agent.environment = info
+    end
+  end
+end

data/lib/immunio/plugins/eval.rb

@@ -0,0 +1,51 @@
+require_relative '../context'
+# We use DebugInspector to execute eval() in the callers frame.
+
+require 'binding_of_caller'
+module Immunio
+  module KernelEvalHook
+    extend ActiveSupport::Concern
+
+    def self.extended(base)
+      base.singleton_class.alias_method_chain :eval, :immunio
+    end
+
+    def self.included(base)
+      base.alias_method_chain :eval, :immunio
+    end
+
+    protected
+    def eval_with_immunio(*args)
+      Immunio.logger.debug {"Eval_with_immunio with args: #{args}"}
+      Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+        strict_context, loose_context, stack, loose_stack = Immunio::Context.context()
+        Immunio.run_hook! "eval", "eval",
+                          parameters: args,
+                          context_key: loose_context,
+                          stack: loose_stack
+        Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
+          if args.length == 1 then
+            # eval call did not include a binding, so we eval it in the caller's binding
+            # NOTE: the 7 here is the number of frames above us the caller was. Changing
+            # the call stack will break this...
+            rval = eval_without_immunio(args[0], binding.of_caller(7))
+            # XXX We can and should log here, but it breaks a ruby test (atom_feed_helper)
+            #Immunio.logger.debug {"Eval_without_immunio (binding 7) returned: #{rval.inspect}\nEval stack was: #{stack}"}
+          else
+            # eval call included a binding, so we still eval in the binding
+            rval = eval_without_immunio(*args)
+            # XXX We can and should log here, but it breaks a ruby test (atom_feed_helper)
+            #Immunio.logger.debug {"Eval_without_immunio returned: #{rval.inspect}"}
+          end
+          rval
+        end
+      end
+    end
+  end
+end
+
+if Immunio::agent.plugin_enabled?("eval") then
+  Kernel.send :include, Immunio::KernelEvalHook
+  Kernel.extend Immunio::KernelEvalHook
+  Immunio.logger.debug "Eval: All hooks installed."
+end

data/lib/immunio/plugins/exception_handler.rb

@@ -0,0 +1,55 @@
+require_relative "../blocked_app"
+require_relative "../errors"
+
+module Immunio
+  # Rack middleware trigger proper hook whenever an exception is raised in the app.
+  class ExceptionHandler
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      @app.call(env)
+    rescue RequestBlocked
+      Request.time "plugin", "#{Module.nesting[0]}::#{__method__}[RequestBlocked]" do
+        # Avoid bubbling exception to logging middlewares.
+        Immunio.blocked_app.call(env)
+      end
+    rescue OverrideResponse => override
+      status, headers, body = Immunio.override_response.call(env, override)
+
+      Immunio.run_hook "http_tracker", "http_response_start",
+        status: status, headers: headers
+      [status, headers, body]
+    rescue StandardError => e
+      Request.time "plugin", "#{Module.nesting[0]}::#{__method__}[#{e.class}]" do
+        # Check for template, DB errors and such generated by the agent.
+        original_exception = unwrap_exception(e)
+        if RequestBlocked === original_exception || original_exception.message =~ /^Immunio::RequestBlocked:/
+          return Immunio.blocked_app.call(env)
+        end
+        if OverrideResponse === original_exception  # We can't do anything with just the message:
+          status, headers, body = Immunio.override_response.call(env, original_exception)
+
+          Immunio.run_hook "http_tracker", "http_response_start",
+            status: status, headers: headers
+          return [status, headers, body]
+        end
+
+        # A real app exception, not generated by the agent.
+        Immunio.run_hook! "exception_handler", "exception", exception: "#{e.class.name}: #{e}"
+
+        # Re-raise
+        raise
+      end
+    end
+
+    # Unwrap the innermost original exception.
+    def unwrap_exception(e)
+      while e.respond_to? :original_exception
+        e = e.original_exception
+      end
+      e
+    end
+  end
+end

data/lib/immunio/plugins/gems_tracker.rb

@@ -0,0 +1,5 @@
+require_relative 'environment_reporter'
+
+module Immunio
+  GemsTracker = EnvironmentReporter
+end

data/lib/immunio/plugins/haml.rb

@@ -0,0 +1,36 @@
+# Haml compiles templates to something like:
+#
+#begin;extend Haml::Helpers;_hamlout = @haml_buffer = Haml::Buffer.new(haml_buffer, {:autoclose=>["area", "base", "basefont", "br", "col", "command", "embed", "frame", "hr", "img", "input", "isindex", "keygen", "link", "menuitem", "meta", "param", "source", "track", "wbr"], :preserve=>["textarea", "pre", "code"], :attr_wrapper=>"'", :ugly=>true, :format=>:html5, :encoding=>"UTF-8", :escape_html=>true, :escape_attrs=>true, :hyphenate_data_attrs=>true, :cdata=>false});_erbout = _hamlout.buffer;@output_buffer = output_buffer ||= ActionView::OutputBuffer.new rescue nil;;_hamlout.buffer << "<script>console.log('test')</script>\n";::Haml::Util.html_safe(_erbout);ensure;@haml_buffer = @haml_buffer.upper if @haml_buffer;end;
+#
+# In there is a call to ::Haml::Util.html_safe, which calls the real html_safe.
+# But lots of haml code paths call ::Haml::Util.html_safe, so we can't mark it
+# as safe. Instead, we need to modify the compiled template code to call the
+# method in a marked-safe context.
+#
+# But haml doesn't make it easy, as it alias-method-chains its own methods. This
+# module continues the chain to subvert the
+# precompiled_method_return_value_with_haml_xss method and instead call our own
+# method, which calls html_safe while in a safe context.
+
+module Immunio
+  module Haml
+    module Compiler
+      extend ActiveSupport::Concern
+
+      included do
+        alias_method :precompiled_method_return_value_without_haml_xss_without_immunio, :precompiled_method_return_value_without_haml_xss
+        alias_method :precompiled_method_return_value, :precompiled_method_return_value_with_haml_xss_with_immunio
+      end
+
+      def self.immunio_html_safe(string)
+        Immunio::UnsafeBufferDetection.in_safe_context { ::Haml::Util.html_safe(string) }
+      end
+
+      def precompiled_method_return_value_with_haml_xss_with_immunio
+        "Immunio::Haml::Compiler.immunio_html_safe(#{precompiled_method_return_value_without_haml_xss_without_immunio})"
+      end
+    end
+  end
+end
+
+::Haml::Compiler.send :include, Immunio::Haml::Compiler if defined? ::Haml::Compiler

data/lib/immunio/plugins/http_finisher.rb

@@ -0,0 +1,50 @@
+require "delegate"
+
+module Immunio
+  # Rack middleware running at the very end of the stack to finish HTTP requests.
+  class HTTPFinisher
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      status, headers, body = @app.call(env)
+      if Request.current
+        Immunio.logger.debug "Finishing request in HTTPFinisher"
+        [status, headers, BodyWrapper.new(body)]
+      else
+        [status, headers, body]
+      end
+    end
+  end
+
+  class BodyWrapper < SimpleDelegator
+    def initialize(body)
+      super body
+      @body = body
+    end
+
+    def each
+      begin
+        @body.each do |chunk|
+          Immunio.run_hook "http_finisher", "http_response_body_chunk",
+                            chunk: chunk
+          yield chunk
+        end
+      rescue RequestBlocked
+        # We need to catch this exception here as access to static files is
+        # deferred. If one of our hooks, such as file_io throws when the Rake
+        # stack has unwound this far it will kill the request with a 500
+        yield "Request Blocked"
+      end
+      Immunio.run_hook "http_finisher", "http_request_finish"
+
+      # Reset current request
+      Immunio.finish_request
+    end
+
+    def respond_to?(*args)
+      @body.respond_to?(*args)
+    end
+  end
+end

data/lib/immunio/plugins/http_tracker.rb

@@ -0,0 +1,203 @@
+require_relative "../blocked_app"
+require_relative "../errors"
+
+module Immunio
+  # Rack middleware tracking HTTP requests and responses and triggers the proper hooks.
+  class HTTPTracker
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      request = Request.new(env)
+      request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+        Immunio.logger.debug "Creating new request in HTTPTracker"
+        Immunio.new_request(request)
+
+        Immunio.run_hook! "http_tracker", "http_request_start", meta_from_env(env)
+
+        env['rack.input'] = InputWrapper.new(env['rack.input'])
+
+        status, headers, body = Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
+          @app.call(env)
+        end
+
+        # Run hook for the session only if it was loaded
+        session = env["rack.session"]
+        if session_was_loaded?(session)
+          Immunio.run_hook! "http_tracker", "framework_session",
+            session_id: extract_session_id(session)
+        end
+
+        # Immunio expects response headers as a list of tuples.
+        list_headers = headers_to_list(headers)
+
+        result = Immunio.run_hook! "http_tracker", "http_response_start",
+          status: status, headers: list_headers
+
+        # If new headers are specified, convert them back to the Ruby hash format.
+        if result["headers"] != nil
+          # The new_headers completely replace the originals.
+          headers = list_to_headers(result["headers"].to_a)
+        end
+
+        # Send the response
+        [status, headers, body]
+      end
+
+    rescue RequestBlocked
+      Request.time "plugin", "#{Module.nesting[0]}::#{__method__}[RequestBlocked]" do
+        status, headers, body = Immunio.blocked_app.call(env)
+        # Do not allow blocking the request here
+        Immunio.run_hook "http_tracker", "http_response_start",
+          status: status, headers: headers
+
+        [status, headers, body]
+      end
+    rescue OverrideResponse => override
+       status, headers, body = Immunio.override_response.call(env, override)
+
+       Immunio.run_hook "http_tracker", "http_response_start",
+         status: status, headers: headers
+       [status, headers, body]
+    end
+
+    private
+      def headers_to_list(headers)
+        list_headers = []
+        headers.each do |name, value|
+          # Ruby treats the `Set-Cookie` header specially. If there are multiple
+          # Set-Cookie headers to send, they are joined into a single field,
+          # separated by line-feeds.
+          if name == "Set-Cookie"
+            value.split("\n").each do |cookie_val|
+              list_headers.push(["Set-Cookie", cookie_val])
+            end
+          else
+            list_headers.push([name, value])
+          end
+        end
+        list_headers
+      end
+
+      def list_to_headers(list)
+        new_headers = {}
+        list.each do |name, value|
+          # If this header is already in `new_headers`, append to the
+          # existing value with a linefeed separator.
+          if new_headers.has_key?(name)
+            new_headers[name] += ("\n" + value)
+          else
+            new_headers[name] = value
+          end
+        end
+        new_headers
+      end
+
+      def meta_from_env(env)
+        request = Rack::Request.new(env)
+
+        # Extract request headers from `env`.
+        headers = env.select { |k| k.starts_with? "HTTP_" }.
+                      each_with_object({}) { |(k, v), h| h.store k[5..-1].downcase.tr('_', '-'), v }
+
+        # Determine scheme (http://www.rubydoc.info/github/rack/rack/master/file/SPEC)
+        # There are also some HTTP headers from proxies that may affect the
+        # scheme seen by the end user. We process those in the hooks.
+        scheme = env["rack.url_scheme"]
+        if env["HTTPS"] == "on"
+          # Some servers will set the HTTPS var explicity. If set, use it
+          scheme = "https"
+        end
+
+        # Determine the route name in controller#action format:
+        route_name = nil
+
+        if defined?(Rails.application)
+          begin
+            path = request.env['PATH_INFO']
+            method = request.env['REQUEST_METHOD'].downcase.to_sym
+            url = Rails.application.routes.recognize_path(path, method: method)
+            route_name = "#{url[:controller]}##{url[:action]}"
+          rescue ActionController::RoutingError
+            route_name = nil
+          end
+        end
+
+        {
+          protocol: env["SERVER_PROTOCOL"],
+          scheme: scheme,
+          uri: env["REQUEST_URI"],
+          server_name: env["SERVER_NAME"],
+          # SERVER_ADDR is non-standard, but rack uses it as a fallback, so
+          # include it here as well so we can access it from Lua.
+          server_addr: env["SERVER_ADDR"],
+          server_port: env["SERVER_PORT"],
+          route_name: route_name,
+          querystring: request.query_string,
+          method: request.request_method,
+          path: request.path_info,
+          socket_ip: request.ip,
+          socket_port: request.port,
+          headers: headers
+        }
+      end
+
+      def session_was_loaded?(session)
+        session && (session.respond_to?(:loaded?) ? session.loaded? : true)
+      end
+
+      def extract_session_id(session)
+        case
+        when session.respond_to?(:id)
+          session.id
+        when session[:id]
+          session[:id]
+        when session[:session_id]
+          session[:session_id]
+        else
+          nil
+        end
+      end
+  end
+
+  class InputWrapper < SimpleDelegator
+    def initialize(input)
+      super input
+      @input = input
+    end
+
+    def gets(*)
+      v = super
+      Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+        report_chunk v
+      end
+      v
+    end
+
+    def read(*)
+      v = super
+      Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+        report_chunk v
+      end
+      v
+    end
+
+    def each
+      Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+        @input.each do |chunk|
+          report_chunk chunk
+          Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
+            yield chunk
+          end
+        end
+      end
+    end
+
+    private
+      def report_chunk(chunk)
+        Immunio.run_hook! "http_tracker", "http_request_body_chunk",
+          chunk: chunk
+      end
+  end
+end