immunio 1.0.2 → 1.0.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: bfccbfc5c7719eb52d20d25f321e69a8237bea4a
4
- data.tar.gz: de0e2240f7c958e8dc22f3bc859d53b758d54b8e
3
+ metadata.gz: 32e3badd0b140fd2fe05d77ecc5c64ab1f5ca5e0
4
+ data.tar.gz: 8b66b7f499e9106c8b94fe9e0dbdab2433fe9a7c
5
5
  SHA512:
6
- metadata.gz: 9af162bbf91d49c20f126ce69d4fc4b8ef220880f3d2ac7dfc15e035b2e386c5ab290896161877eccef97edf460b3d2b3b4afc8fb5997d65da93061b6b88edf1
7
- data.tar.gz: 21de7b2342ad41dbb9be6ef89fad8991eb0e04c4598c064806538a5d665936746ca40255eba4e40ef6543b1fad857dde79e7e11d43bd9e66507733fc5ae76cf3
6
+ metadata.gz: ed9e737272bbe584ab6435958543a2fff0f854a3c635857eab74d8cf3e9800a4250dba38773fa16e76835451607b20717332b8c92d6fed9ef376ab62bbf147ed
7
+ data.tar.gz: 73e02e430bc5047e830807887ec4959ac030ace837e8af3ed31ea482fae5709703801dc37c6a784766051649a7a32f2ec3b609be9e4d31b777cce7a1a788c191
@@ -4,6 +4,20 @@ require 'securerandom'
4
4
  module Immunio
5
5
  # Renders templates by filtering them through Immunio's hook handlers.
6
6
  class Template
7
+ CHECKSUM_CACHE = Hash.new do |cache, template_id|
8
+ template = ObjectSpace._id2ref(template_id)
9
+
10
+ if template.respond_to?(:source) && !template.source.nil?
11
+ finalizer = Immunio::Template.finalize_template(template_id)
12
+ ObjectSpace.define_finalizer(template, finalizer)
13
+ cache[template_id] = Digest::SHA1.hexdigest(template.source).freeze
14
+ end
15
+ end
16
+
17
+ def self.finalize_template(id)
18
+ proc { CHECKSUM_CACHE.delete(id) if CHECKSUM_CACHE.has_key?(id) }
19
+ end
20
+
7
21
  attr_accessor :vars
8
22
 
9
23
  def initialize(template)
@@ -52,10 +66,7 @@ module Immunio
52
66
  end
53
67
 
54
68
  def template_sha
55
- # A template might have a source but it might be nil.
56
- @template_sha ||= begin
57
- Digest::SHA1.hexdigest(@template.source) if has_source?
58
- end
69
+ CHECKSUM_CACHE[@template.object_id]
59
70
  end
60
71
 
61
72
  def compiled?
@@ -82,7 +93,7 @@ module Immunio
82
93
  @nonce ||= SecureRandom.hex(2)
83
94
  end
84
95
 
85
- def mark_var(content, code, template_id, file, line, escape)
96
+ def self.mark_var(content, code, template_id, template_sha, file, line, escape, is_text, handler)
86
97
  id = Template.next_var_id
87
98
  nonce = Template.get_nonce
88
99
 
@@ -91,7 +102,7 @@ module Immunio
91
102
  # escaping if content is not itself a SafeBuffer.
92
103
  # Otherwise we explicitly convert to a string, and convert that to a SafeBuffer to ensure that
93
104
  # for instance no escaping is performed on the contents of a <%== %> Erubis interpolation.
94
- rendering = if escape && !is_text?
105
+ rendering = if escape && !is_text
95
106
 
96
107
  # explicitly convert (w/ escapes) and mark safe things that aren't String (SafeBuffer is_a String also)
97
108
  # `to_s` is used to render any object passed to a template.
@@ -129,7 +140,7 @@ module Immunio
129
140
  template_sha: template_sha,
130
141
  template_id: template_id.to_s,
131
142
  nonce: nonce,
132
- code: wrap_code(code, escape: escape),
143
+ code: wrap_code(code, handler, escape: escape),
133
144
  file: file,
134
145
  line: line
135
146
  }
@@ -196,13 +207,21 @@ module Immunio
196
207
  template = Template.current
197
208
  if template
198
209
  template_id = template.next_template_id
199
- "(__immunio_result = (#{code}); Immunio::Template.render_var(#{code.strip.inspect}, __immunio_result, #{template_id}, __FILE__, __LINE__, #{escape}))"
210
+
211
+ handler = template.instance_variable_get(:@template).handler
212
+ handler_name = if handler.is_a? Class
213
+ handler.name
214
+ else
215
+ handler.class.name
216
+ end
217
+
218
+ "(__immunio_result = (#{code}); Immunio::Template.render_var(#{code.strip.inspect}, __immunio_result, #{template_id}, '#{template.template_sha}', __FILE__, __LINE__, #{escape}, #{template.is_text?}, '#{handler_name}'))"
200
219
  else
201
220
  code
202
221
  end
203
222
  end
204
223
 
205
- def self.render_var(code, rendered, template_id, file, line, escape)
224
+ def self.render_var(code, rendered, template_id, template_sha, file, line, escape, is_text, handler)
206
225
  if rendered.instance_variable_get("@__immunio_processed") then
207
226
  # Ignore buffers marked as __immunio_processed in render as these are full templates or partials
208
227
  return rendered
@@ -210,10 +229,7 @@ module Immunio
210
229
  # Ignore yielded blocks inside layouts
211
230
  return rendered
212
231
  end
213
- template = Template.current
214
- if template
215
- rendered = template.mark_var rendered, code, template_id, file, line, escape
216
- end
232
+ rendered = mark_var rendered, code, template_id, template_sha, file, line, escape, is_text, handler
217
233
  rendered.html_safe
218
234
  end
219
235
 
@@ -244,12 +260,12 @@ module Immunio
244
260
  Thread.current["immunio.rendering_stack"] ||= []
245
261
  end
246
262
 
247
- def wrap_code(code, options = {})
263
+ def self.wrap_code(code, handler, options = {})
248
264
  case
249
- when @template.handler.is_a?(ActionView::Template::Handlers::ERB)
265
+ when handler == 'ActionView::Template::Handlers::ERB'
250
266
  modifier = options[:escape] ? '=' : '=='
251
267
  "<%#{modifier} #{code} %>"
252
- when defined?(Haml::Plugin) && @template.handler == Haml::Plugin
268
+ when handler == 'Haml::Plugin'
253
269
  modifier = options[:escape] ? '=' : '!='
254
270
  "#{modifier} #{code}"
255
271
  end
@@ -1,5 +1,5 @@
1
1
  module Immunio
2
2
  AGENT_TYPE = "agent-ruby"
3
- VERSION = "1.0.2"
3
+ VERSION = "1.0.3"
4
4
  VM_VERSION = "2.2.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: immunio
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.2
4
+ version: 1.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Immunio
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-10-16 00:00:00.000000000 Z
11
+ date: 2015-10-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails