immunio 1.0.19 → 1.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fa6484d2fd07102fbdc20e1e0efb80e896fe7fd3
4
- data.tar.gz: 1f3f3b0b1489dc425ac437f349b53b581719b4cc
3
+ metadata.gz: 5dd373f29d340641801017f1a196715854a6468f
4
+ data.tar.gz: 2de3aa70ccdafcd66b9ea033acc7435558099d0e
5
5
  SHA512:
6
- metadata.gz: 12ec429dfc0384009851ae4cc9f27db31678e13a45b39974c0e72fdea2f6dbeb832aa8847bb277f5adbd2918ec385a6a4c5eef8d594d6de79e11dfbbc61ba3cc
7
- data.tar.gz: 818548e67dfa6d9e954903aa2da1d2e54745541164eb3de70bbc32bac74dc58adca741fd109c346c86dc96513fa85f1877c5f07a480cd66189fb9d9eaa7b2997
6
+ metadata.gz: a82c3d9390e98de817cd372c2b141d375c630bba443a8966619229e1ada1856dc9d18938100e89dd61a286f0e6ea5c7158c393e5a4907b361ae4cdb8e1169ec0
7
+ data.tar.gz: 586de295f66cb96b02d521bf3ef09baf5f307303acedfafb91c527fea48725bfef1382eaa73035d3fabd874e83997c6db9539487da4cce1a0af21ae33bf317fc
data/LICENSE CHANGED
@@ -212,6 +212,33 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
212
212
  SOFTWARE.
213
213
 
214
214
 
215
+ This product includes content covered by the following license:
216
+ Under the MIT license.
217
+ copyright(c) 2006~2007 hanzhao (abrash_han@hotmail.com)
218
+
219
+
220
+ This product includes content covered by the following license:
221
+ Copyright (C) 2012 by Paul Moore
222
+
223
+ Permission is hereby granted, free of charge, to any person obtaining a copy
224
+ of this software and associated documentation files (the "Software"), to deal
225
+ in the Software without restriction, including without limitation the rights
226
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
227
+ copies of the Software, and to permit persons to whom the Software is
228
+ furnished to do so, subject to the following conditions:
229
+
230
+ The above copyright notice and this permission notice shall be included in
231
+ all copies or substantial portions of the Software.
232
+
233
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
234
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
235
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
236
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
237
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
238
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
239
+ THE SOFTWARE.
240
+
241
+
215
242
  All other components of this product are
216
243
  Copyright (c) 2015 Immunio, Inc. All rights reserved.
217
244
 
@@ -15,6 +15,7 @@ module Immunio
15
15
  Immunio.new_request(request)
16
16
 
17
17
  Immunio.run_hook! "http_tracker", "http_request_start", meta_from_env(env)
18
+ Immunio.run_hook! "http_tracker", "framework_route", route_name: route_name(env)
18
19
 
19
20
  env['rack.input'] = InputWrapper.new(env['rack.input'])
20
21
 
@@ -26,14 +27,14 @@ module Immunio
26
27
  session = env["rack.session"]
27
28
  if session_was_loaded?(session)
28
29
  Immunio.run_hook! "http_tracker", "framework_session",
29
- session_id: extract_session_id(session)
30
+ session_id: extract_session_id(session)
30
31
  end
31
32
 
32
33
  # Immunio expects response headers as a list of tuples.
33
34
  list_headers = headers_to_list(headers)
34
35
 
35
36
  result = Immunio.run_hook! "http_tracker", "http_response_start",
36
- status: status, headers: list_headers
37
+ status: status, headers: list_headers
37
38
 
38
39
  # If new headers are specified, convert them back to the Ruby hash format.
39
40
  if result["headers"] != nil
@@ -50,112 +51,121 @@ module Immunio
50
51
  status, headers, body = Immunio.blocked_app.call(env)
51
52
  # Do not allow blocking the request here
52
53
  Immunio.run_hook "http_tracker", "http_response_start",
53
- status: status, headers: headers
54
+ status: status, headers: headers
54
55
 
55
56
  [status, headers, body]
56
57
  end
57
58
  rescue OverrideResponse => override
58
- status, headers, body = Immunio.override_response.call(env, override)
59
+ status, headers, body = Immunio.override_response.call(env, override)
59
60
 
60
- Immunio.run_hook "http_tracker", "http_response_start",
61
- status: status, headers: headers
62
- [status, headers, body]
61
+ Immunio.run_hook "http_tracker", "http_response_start",
62
+ status: status, headers: headers
63
+ [status, headers, body]
63
64
  end
64
65
 
65
66
  private
66
- def headers_to_list(headers)
67
- list_headers = []
68
- headers.each do |name, value|
69
- # Ruby treats the `Set-Cookie` header specially. If there are multiple
70
- # Set-Cookie headers to send, they are joined into a single field,
71
- # separated by line-feeds.
72
- if name == "Set-Cookie"
73
- value.split("\n").each do |cookie_val|
74
- list_headers.push(["Set-Cookie", cookie_val])
75
- end
76
- else
77
- list_headers.push([name, value])
67
+
68
+ def headers_to_list(headers)
69
+ list_headers = []
70
+ headers.each do |name, value|
71
+ # Ruby treats the `Set-Cookie` header specially. If there are multiple
72
+ # Set-Cookie headers to send, they are joined into a single field,
73
+ # separated by line-feeds.
74
+ if name == "Set-Cookie"
75
+ value.split("\n").each do |cookie_val|
76
+ list_headers.push(["Set-Cookie", cookie_val])
78
77
  end
78
+ else
79
+ list_headers.push([name, value])
79
80
  end
80
- list_headers
81
81
  end
82
+ list_headers
83
+ end
82
84
 
83
- def list_to_headers(list)
84
- new_headers = {}
85
- list.each do |name, value|
86
- # If this header is already in `new_headers`, append to the
87
- # existing value with a linefeed separator.
88
- if new_headers.has_key?(name)
89
- new_headers[name] += ("\n" + value)
90
- else
91
- new_headers[name] = value
92
- end
85
+ def list_to_headers(list)
86
+ new_headers = {}
87
+ list.each do |name, value|
88
+ # If this header is already in `new_headers`, append to the
89
+ # existing value with a linefeed separator.
90
+ if new_headers.has_key?(name)
91
+ new_headers[name] += ("\n" + value)
92
+ else
93
+ new_headers[name] = value
93
94
  end
94
- new_headers
95
95
  end
96
+ new_headers
97
+ end
96
98
 
97
- def meta_from_env(env)
98
- request = Rack::Request.new(env)
99
-
100
- # Extract request headers from `env`.
101
- headers = env.select { |k| k.starts_with? "HTTP_" }.
102
- each_with_object({}) { |(k, v), h| h.store k[5..-1].downcase.tr('_', '-'), v }
99
+ def rack_request(env)
100
+ Rack::Request.new(env)
101
+ end
103
102
 
104
- # Determine scheme (http://www.rubydoc.info/github/rack/rack/master/file/SPEC)
105
- # There are also some HTTP headers from proxies that may affect the
106
- # scheme seen by the end user. We process those in the hooks.
107
- scheme = env["rack.url_scheme"]
108
- if env["HTTPS"] == "on"
109
- # Some servers will set the HTTPS var explicity. If set, use it
110
- scheme = "https"
111
- end
103
+ def meta_from_env(env)
104
+ request = rack_request(env)
112
105
 
113
- # Determine the route name in controller#action format:
114
- route_name = nil
115
-
116
- if defined?(Rails.application) && Rails.application.present?
117
- begin
118
- path = request.env['PATH_INFO']
119
- method = request.env['REQUEST_METHOD'].downcase.to_sym
120
- url = Rails.application.routes.recognize_path(path, method: method)
121
- route_name = "#{url[:controller]}##{url[:action]}"
122
- rescue StandardError
123
- route_name = nil
124
- end
125
- end
106
+ # Extract request headers from `env`.
107
+ headers = env.select { |k| k.starts_with? "HTTP_" }.
108
+ each_with_object({}) { |(k, v), h| h.store k[5..-1].downcase.tr('_', '-'), v }
126
109
 
127
- {
128
- protocol: env["SERVER_PROTOCOL"],
129
- scheme: scheme,
130
- uri: env["REQUEST_URI"],
131
- server_name: env["SERVER_NAME"],
132
- # SERVER_ADDR is non-standard, but rack uses it as a fallback, so
133
- # include it here as well so we can access it from Lua.
134
- server_addr: env["SERVER_ADDR"],
135
- server_port: env["SERVER_PORT"],
136
- route_name: route_name,
137
- querystring: request.query_string,
138
- method: request.request_method,
139
- path: request.path_info,
140
- socket_ip: request.ip,
141
- socket_port: request.port,
142
- headers: headers
143
- }
110
+ # Determine scheme (http://www.rubydoc.info/github/rack/rack/master/file/SPEC)
111
+ # There are also some HTTP headers from proxies that may affect the
112
+ # scheme seen by the end user. We process those in the hooks.
113
+ scheme = env["rack.url_scheme"]
114
+ if env["HTTPS"] == "on"
115
+ # Some servers will set the HTTPS var explicity. If set, use it
116
+ scheme = "https"
144
117
  end
145
118
 
146
- def session_was_loaded?(session)
147
- session && (session.respond_to?(:loaded?) ? session.loaded? : true)
148
- end
119
+ {
120
+ protocol: env["SERVER_PROTOCOL"],
121
+ scheme: scheme,
122
+ uri: env["REQUEST_URI"],
123
+ server_name: env["SERVER_NAME"],
124
+ # SERVER_ADDR is non-standard, but rack uses it as a fallback, so
125
+ # include it here as well so we can access it from Lua.
126
+ server_addr: env["SERVER_ADDR"],
127
+ server_port: env["SERVER_PORT"],
128
+ querystring: request.query_string,
129
+ method: request.request_method,
130
+ path: request.path_info,
131
+ socket_ip: request.ip,
132
+ socket_port: request.port,
133
+ headers: headers
134
+ }
135
+ end
149
136
 
150
- def extract_session_id(session)
151
- session_id = if session.respond_to?(:id)
152
- session.id
153
- else
154
- session[:id] || session[:session_id]
137
+ def route_name(env)
138
+ # Determine the route name in controller#action format:
139
+ route_name = nil
140
+
141
+ if defined?(Rails.application) && Rails.application.present?
142
+ begin
143
+ request = rack_request(env)
144
+ path = request.env['PATH_INFO']
145
+ method = request.env['REQUEST_METHOD'].downcase.to_sym
146
+ url = Rails.application.routes.recognize_path(path, method: method)
147
+ route_name = "#{url[:controller]}##{url[:action]}"
148
+ rescue StandardError
149
+ route_name = nil
155
150
  end
156
-
157
- Digest::SHA1.hexdigest(session_id) if session_id
158
151
  end
152
+
153
+ route_name
154
+ end
155
+
156
+ def session_was_loaded?(session)
157
+ session && (session.respond_to?(:loaded?) ? session.loaded? : true)
158
+ end
159
+
160
+ def extract_session_id(session)
161
+ session_id = if session.respond_to?(:id)
162
+ session.id
163
+ else
164
+ session[:id] || session[:session_id]
165
+ end
166
+
167
+ Digest::SHA1.hexdigest(session_id) if session_id
168
+ end
159
169
  end
160
170
 
161
171
  class InputWrapper < SimpleDelegator
@@ -192,9 +202,10 @@ module Immunio
192
202
  end
193
203
 
194
204
  private
195
- def report_chunk(chunk)
196
- Immunio.run_hook! "http_tracker", "http_request_body_chunk",
197
- chunk: chunk
198
- end
205
+
206
+ def report_chunk(chunk)
207
+ Immunio.run_hook! "http_tracker", "http_request_body_chunk",
208
+ chunk: chunk
209
+ end
199
210
  end
200
211
  end
@@ -1,5 +1,5 @@
1
1
  module Immunio
2
2
  AGENT_TYPE = "agent-ruby"
3
- VERSION = "1.0.19"
3
+ VERSION = "1.0.22"
4
4
  VM_VERSION = "2.2.0"
5
5
  end
@@ -193,6 +193,11 @@ module Immunio
193
193
  @error_handler = @state["debug.traceback"]
194
194
  @call_function = @state['sandboxed_call']
195
195
 
196
+ # The pass function acts as a Ruby => Lua converter.
197
+ # It simply passes back it's first argument.
198
+ # Arguments are converted from Ruby to Lua by rufus-lua.
199
+ @pass_function = @state.eval "return function(obj) return obj end"
200
+
196
201
  self.class.check_rufus_stack @state, "Stack not empty after bootstrap"
197
202
  end
198
203
 
@@ -207,7 +212,7 @@ module Immunio
207
212
  return object if object.is_a?(Rufus::Lua::Ref)
208
213
 
209
214
  lua_call do
210
- @state.eval "return #{Rufus::Lua.to_lua_s(object)}"
215
+ @pass_function.call(object)
211
216
  end
212
217
  end
213
218
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: immunio
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.19
4
+ version: 1.0.22
5
5
  platform: ruby
6
6
  authors:
7
7
  - Immunio
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-19 00:00:00.000000000 Z
11
+ date: 2016-07-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -164,8 +164,6 @@ files:
164
164
  - lib/immunio/utils.rb
165
165
  - lib/immunio/version.rb
166
166
  - lib/immunio/vm.rb
167
- - lib/immunio_tasks/version_bump.rake
168
- - lib/immunio_tasks/version_bumper.rb
169
167
  - lua-hooks/Makefile
170
168
  - lua-hooks/ext/all.c
171
169
  - lua-hooks/ext/libinjection/COPYING
@@ -447,7 +445,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
447
445
  version: '0'
448
446
  requirements: []
449
447
  rubyforge_project:
450
- rubygems_version: 2.4.5.1
448
+ rubygems_version: 2.6.4
451
449
  signing_key:
452
450
  specification_version: 4
453
451
  summary: Immunio Ruby agent
@@ -1,44 +0,0 @@
1
- require_relative 'version_bumper'
2
-
3
- namespace 'version' do
4
- YES_TRUE_REGEX = /yes|y|true|t/
5
-
6
- def test_mode?
7
- !!(ENV.fetch('TEST', 'no').downcase =~ YES_TRUE_REGEX)
8
- end
9
-
10
- def quiet_mode?
11
- !!(ENV.fetch('QUIET', 'yes').downcase =~ YES_TRUE_REGEX)
12
- end
13
-
14
- task :setup do
15
- @bumper = VersionBumper.new(test_mode?, quiet_mode?)
16
- @bumper.status
17
- abort "You must be on a clean master branch!" unless VersionBumper.on_clean_master?
18
- end
19
-
20
- desc "Show status"
21
- task :status => [ :setup ] do
22
- end
23
-
24
- namespace 'release' do
25
- desc "Prepare a new release"
26
- task :prepare => [ :setup ] do
27
- @bumper.prepare
28
- end
29
- end
30
-
31
- desc "Bump version"
32
- task :bump => [ :setup ] do
33
- new_version = @bumper.prompt_for_new_version
34
- @bumper.ask_and_bump_version(new_version)
35
- end
36
-
37
- namespace :bump do
38
- desc "Bump version to development"
39
- task :development => [ :setup ] do
40
- abort "Version already set for development" if VersionBumper.development?
41
- @bumper.bump_development_version
42
- end
43
- end
44
- end
@@ -1,128 +0,0 @@
1
- require_relative '../immunio/version'
2
- require 'highline'
3
-
4
- class VersionBumper
5
- def self.current_version
6
- Immunio::VERSION
7
- end
8
-
9
- def self.version_file
10
- @version_file ||= File.join Dir.pwd, 'lib/', 'immunio', 'version.rb'
11
- end
12
-
13
- def self.current_branch
14
- %x[git symbolic-ref HEAD 2>/dev/null | cut -d"/" -f 3].strip
15
- end
16
-
17
- def self.on_master?
18
- current_branch == 'master'
19
- end
20
-
21
- def self.clean_branch?
22
- %x[git status --porcelain --ignore-submodules].split.count == 0
23
- end
24
-
25
- def self.on_clean_master?
26
- on_master? && clean_branch?
27
- end
28
-
29
- def self.development?
30
- current_version =~ /master/
31
- end
32
-
33
-
34
- def initialize(test_mode, quiet_mode)
35
- @test_mode = test_mode
36
- @quiet_mode = quiet_mode
37
- end
38
-
39
- attr_reader :test_mode, :quiet_mode
40
-
41
- def status
42
- cli.say "<%= color('You are not on the master branch!', BOLD) %>" unless self.class.on_master?
43
- cli.say "<%= color('There are uncommitted changes OR untracked files!', BOLD) %>" unless self.class.clean_branch?
44
- cli.say "Current version is: #{self.class.current_version}"
45
- end
46
-
47
- def prepare
48
- if cli.agree("Are you sure? (yes/no)")
49
- exec 'git submodule init' # When we have a fresh clone
50
- exec 'git fetch origin'
51
- exec 'git clean -fxd'
52
- exec 'git submodule foreach --recursive git clean -fxd'
53
- exec 'git submodule update'
54
- cli.say 'Now run `bundle exec rake version:bump`'
55
- else
56
- cli.say 'Nothing done.'
57
- end
58
- end
59
-
60
- def prompt_for_new_version
61
- @new_version ||= cli.ask('New version? ') do |v|
62
- v.default = self.class.current_version.sub('.master', '')
63
- end
64
- end
65
-
66
- def ask_and_bump_version(version)
67
- unless version_valid?
68
- cli.say 'Version is unchanged'
69
- return
70
- end
71
-
72
- if cli.agree("Bump version to #{version}? (yes/no)")
73
- bump_version(version)
74
- else
75
- cli.say 'Nothing done.'
76
- end
77
- end
78
-
79
- def bump_development_version
80
- return if self.class.development?
81
-
82
- arr = self.class.current_version.split('.')
83
- new_patch_level = (arr.last.to_i + 1).to_s
84
- version = (arr[0...2] << new_patch_level).join('.') << '.master'
85
-
86
- ask_and_bump_version(version)
87
- end
88
-
89
- private
90
-
91
- def exec(cmd)
92
- echo = test_mode ? 'echo' : ''
93
- puts "=> #{echo} #{cmd}" unless quiet_mode
94
- %x[#{echo} #{cmd}]
95
- end
96
-
97
- def cli
98
- @cli ||= HighLine.new
99
- end
100
-
101
- def version_valid?
102
- @new_version != self.class.current_version
103
- end
104
-
105
- def bump_version(new_version)
106
- return unless self.class.on_clean_master?
107
-
108
- cli.say "Bumping version to v#{new_version}"
109
- update_version_file(new_version)
110
- commit_changes(new_version)
111
- end
112
-
113
- def update_version_file(new_version)
114
- cli.say "Updating #{self.class.version_file}"
115
- cli.say exec(%Q[sed -i '' 's/#{self.class.current_version}/#{new_version}/' #{self.class.version_file}])
116
- end
117
-
118
- def commit_changes(new_version)
119
- cli.say "Committing changes"
120
- if new_version =~ /master/
121
- cli.say exec(%Q[git commit -a -m \"Open v#{new_version} for development\"])
122
- else
123
- cli.say exec(%Q[git commit -a -m \"Bump agent version to v#{new_version}\"])
124
- cli.say "Next, run `gem_push=no bundle exec rake release`"
125
- cli.say "Then, run `bundle exec rake version:bump:development`"
126
- end
127
- end
128
- end