immunio 0.15.3 → 0.15.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d880d5388c94ed09e79a43988fed3d48e466d827
-  data.tar.gz: fe7b3fd9a7dcd19547e3f50f97935d98da72cb5a
+  metadata.gz: f7e8d810e6100c0e9264d9c8527a9afd7a8cf024
+  data.tar.gz: e72b700204840a28c6c226b788c8bc2be6c4ce98
 SHA512:
-  metadata.gz: 54d760cdd8b7a6aba0688d5150c88c2b2a282f04a1f2e8e811fa6ae00dded74f0620613fe4cf5777ec885662e3d2c902a44c2531286d837c96771c5e46d7f626
-  data.tar.gz: 5f213d23612d15c9a577bab502f1f283365f459a61ec809df24777426a4b3db907a1404bde340fc9884e8ed59b5742a5d707ce39291d733100129b5d20bb82b7
+  metadata.gz: a5d26c3a038a7d761733a78aed1f0930b4aee57c4ea5b2468f0bd1b2d629a474231778c8eeba761f6e4d236d0762d242ac106f059885c8a40095ad4f3edc9cf3
+  data.tar.gz: ae779440e8c573cc90004e8ac39f3d92d2f93f0a7db72e8c751b9c68731e5bf2a736b56f107558ba6f40a3f46e4a380fb30786378b4d3cb1f2de6d39eb32f55d

data/lib/immunio/plugins/action_view.rb

@@ -89,7 +89,7 @@ module Immunio
         template_sha: template_sha,
         template_id: template_id.to_s,
         nonce: nonce,
-        code: code,
+        code: wrap_code(code, escape: escape),
         file: file,
         line: line
       }
@@ -120,7 +120,7 @@ module Immunio
       else
         content = "" if content.nil?
         # See comment above
-        if content =~ /\{immunio-var:\\d+:#{nonce}\}/ then
+        if content =~ /\{immunio-var:\d+:#{nonce}\}/ then
           # don't add markers.
           Immunio.logger.debug {"WARNING: ActionView not marking interpolation which already contains markers: \"#{content}\""}
           rval = content.html_safe
@@ -238,6 +238,17 @@ module Immunio
         Thread.current["immunio.rendering_stack"] ||= []
       end
 
+      def wrap_code(code, options = {})
+        case
+        when @template.handler.is_a?(ActionView::Template::Handlers::ERB)
+          modifier = options[:escape] ? '=' : '=='
+          "<%#{modifier} #{code} %>"
+        when defined?(Haml::Plugin) && @template.handler == Haml::Plugin
+          modifier = options[:escape] ? '=' : '!='
+          "#{modifier} #{code}"
+        end
+      end
+
       def rendering_stack
         self.class.rendering_stack
       end

data/lib/immunio/plugins/exception_handler.rb

@@ -46,7 +46,7 @@ module Immunio
 
     # Unwrap the innermost original exception.
     def unwrap_exception(e)
-      while e.respond_to? :original_exception
+      while e.respond_to?(:original_exception) && e.original_exception.is_a?(Exception)
         e = e.original_exception
       end
       e

data/lib/immunio/plugins/warden.rb

@@ -19,13 +19,25 @@ if defined?(Warden)
       info = {plugin: "warden"}
 
       # Devise uses these specific form fields for authentication by default
+      user_found = false
       [:username, :email].each do |attr|
         value = env.fetch("rack.request.form_hash", {}).fetch("user", {})[attr.to_s]
-        info[attr] = value if value
+        if value
+          info[attr] = value
+          user_found = true
+        end
       end
 
-      Immunio.logger.debug "Warden instrumentation fired for before_failure"
-      Immunio.failed_login info
+      # before_failure is called under many circumstances, but unfortunately
+      # there's no easy way to tell why. If we can't figure out who the
+      # attempted user was, don't report it as a failed login.
+      if user_found
+        Immunio.logger.debug "Warden instrumentation fired for before_failure"
+        Immunio.failed_login info
+      else
+        Immunio.logger.debug "Failed to find user info for Warden failure, "\
+                             "ignoring instead of reporting as failed login"
+      end
     end
   end
 

data/lib/immunio/version.rb

@@ -1,5 +1,5 @@
 module Immunio
   AGENT_TYPE = "agent-ruby"
-  VERSION = "0.15.3"
+  VERSION = "0.15.4"
   VM_VERSION = "2.2.0"
 end

data/lua-hooks/lib/lexers/html.lua

@@ -17,9 +17,15 @@ local ws = l.space^1
 -- This is broad to both accept our placeholders and be very liberal about what may be
 -- interpreted as an attribute to ensure we escape attributes fairly aggressively.
 local element_chars = (l.any - '<' - '>' - '=' - '"' - "'" - ws)^1
+
 -- Comments.
-local comment = token(l.COMMENT, '<!--' * (l.any - '-->')^0 * P('-->')^-1)
--- XXX add h5 bogus comment 1 and bogus comment 2?
+local comment = token(l.COMMENT, '<!--' * (l.any - '-->')^0 * P('-->'))
+
+-- IE Conditional Comments.
+local ie_condcomment_hidden_open = token(l.COMMENT, P('<!--[') * (l.any - ']>')^0 * P(']>'))
+local ie_condcomment_hidden_close = token(l.COMMENT, P('<![') * (l.any - ']-->')^0 * P(']-->'))
+local ie_condcomment_revealed = token(l.COMMENT, P('<![') * (l.any - '>')^0 * P('>'))
+local condcomment = token('condcomment', ie_condcomment_hidden_open + ie_condcomment_hidden_close + ie_condcomment_revealed)
 
 -- Strings.
 local sq_str = l.delimited_range("'")
@@ -69,6 +75,7 @@ local doctype = token('doctype', '<!' *
 local data = token('data', (l.any - '<')^1)
 
 M._rules = {
+  {'condcomment', condcomment}, -- must preceed comment
   {'comment', comment},
   {'doctype', doctype},
   {'tag', tag},

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: immunio
 version: !ruby/object:Gem::Version
-  version: 0.15.3
+  version: 0.15.4
 platform: ruby
 authors:
 - Immunio
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-08-28 00:00:00.000000000 Z
+date: 2015-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -300,7 +300,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Immunio Ruby agent