immunio 1.0.10 → 1.0.11

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/immunio/plugins/action_view.rb +11 -0
  3. data/lib/immunio/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fe54e75e874948ac23bb4981980420811c7c97a3
4
- data.tar.gz: e43529302f807d4035281978c1a4b90bfa2c326c
3
+ metadata.gz: 8332f83c5bbb9111229ef4d70654b5d2d0999638
4
+ data.tar.gz: c56b6f5d45976c5025009d59e1f5c96e3215171e
5
5
  SHA512:
6
- metadata.gz: 3ee656e08aaf902244d38a03653ae3db83d68a23528b981040f2ac6c888b264bc8435db61ded6ffd463b6507199ec99fce765f2e5ec0f883ad68082163e67649
7
- data.tar.gz: 6ec875e6850070c952880d48ef282f4a0961fdd91ccba4929cc19fa9d1a4379d9fe714f3a57e3a6036c248fa714dfd5c330168077619263252d3249be4dba4fa
6
+ metadata.gz: 8116e6f37e1fa87c477f7aeec119de026bc7a4d8c6339e7892f4ad28e106d107c3eb97b6983438794fc5db356a0a39e6ac0cdb72e054957d777b5f9b7c1d8c47
7
+ data.tar.gz: 1435dd96e75d04aa24d71e54fcc6300b31608891126af5b63c29aeedb6fbb63e1dacb731b481fc1428d6d147eeadbbc5acc6fcea1ec0ed21e87213a7e2932794
data/lib/immunio/plugins/action_view.rb CHANGED
@@ -197,6 +197,17 @@ module Immunio
197
197
  if root
198
198
  # This is the root template. Let ActionView render it, and then look
199
199
  # for XSS.
200
+
201
+ # If the rendered result isn't a string, or a string-like, then let's
202
+ # skip it for safety sake.
203
+ unless rendered.respond_to? :to_str
204
+ unless $__immunio_av_rendered_non_string
205
+ Immunio.logger.warn { "ActionView rendered #{@template.inspect} to a non-string-like value: #{rendered.inspect}. This rendering will not be analyzed for XSS. Further warnings will be suppressed." }
206
+ $__immunio_av_rendered_non_string = true
207
+ end
208
+ return rendered
209
+ end
210
+
200
211
  rendered = rendered.to_str
201
212
 
202
213
  result = run_hook!("template_render_done", {
data/lib/immunio/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Immunio
2
2
  AGENT_TYPE = "agent-ruby"
3
- VERSION = "1.0.10"
3
+ VERSION = "1.0.11"
4
4
  VM_VERSION = "2.2.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: immunio
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.10
4
+ version: 1.0.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Immunio
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-01-22 00:00:00.000000000 Z
11
+ date: 2016-02-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails