immunio 1.0.4 → 1.0.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 982b269267bce6fae3ade7b7360a47f37be59b36
4
- data.tar.gz: 1b12d9624040de50dfd193e94de7e6ffbc9555fa
3
+ metadata.gz: 9f09a35175c2a6fb7e3a53ac0897709631a1a49e
4
+ data.tar.gz: 6963085e60f7f14329e96e559da6924fbd8f2ab7
5
5
  SHA512:
6
- metadata.gz: 8199f0f3e899ff436b292da85dfe73abcf7e9c63a73cd04337c9b5d2de2ec6b4b861901e5c756c6ec7bef3098645b9da19b3c474a28b381250e1092830b7bc7a
7
- data.tar.gz: 93ac58a9a2f48ae71d52e5c9fa6dbb921d500dad1a751a5e23c0c6bc661bc41c5f37cdefc69d8128677e19d150ac6a45486c62f05165a87697474690cf821435
6
+ metadata.gz: 2ba1db8defbc5b5ae08e33119c468f205ea0d5f75e10e5a4c4ed316da4bd9526696c0676782635c4705c90abc1c4e37a83b96f74230d0a7c3f4c5740f8acf823
7
+ data.tar.gz: 7901d9dd4ba9008a017abe2690e6cbfcd16daa591d21d23dd8c5f91f070089420661499069274b48ac1121f20d02f6d94b27ce6532a6e6209594ef7dd9fabd85
@@ -73,7 +73,7 @@ module Immunio
73
73
  config_accessor :vm_data
74
74
 
75
75
  def initialize
76
- Immunio.logger.info "Initializing agent version #{VERSION} for process #{Process.pid}"
76
+ Immunio.logger.info { "Initializing agent version #{VERSION} for process #{Process.pid}" }
77
77
 
78
78
  config.key = config.secret = "-default-"
79
79
  config.hello_url = "https://agent.immun.io/"
@@ -107,7 +107,7 @@ module Immunio
107
107
  Immunio::switch_to_real_logger(config.log_file, config.log_level)
108
108
 
109
109
  if !config.agent_enabled then
110
- Immunio.logger.info "Agent disabled in config"
110
+ Immunio.logger.info { "Agent disabled in config" }
111
111
  return
112
112
  end
113
113
 
@@ -148,7 +148,7 @@ module Immunio
148
148
  end
149
149
 
150
150
  def load_config
151
- Immunio.logger.debug "Default configuration: #{config}"
151
+ Immunio.logger.debug { "Default configuration: #{config}" }
152
152
 
153
153
  # Try loading file from some standard locations. First match is used.
154
154
  locations = []
@@ -156,16 +156,16 @@ module Immunio
156
156
  locations << File.join("config", CONFIG_FILENAME)
157
157
 
158
158
  locations.each do |location|
159
- Immunio.logger.debug "Trying to find config file at #{location}"
159
+ Immunio.logger.debug { "Trying to find config file at #{location}" }
160
160
  begin
161
161
  realpath = File.realpath(location) # Raises exception if file doesn't exist
162
- Immunio.logger.debug "Found config file at #{realpath}"
162
+ Immunio.logger.debug { "Found config file at #{realpath}" }
163
163
  options = YAML.load_file(realpath).symbolize_keys
164
164
  config.update options
165
- Immunio.logger.debug "Configuration after loading from file: #{config}"
165
+ Immunio.logger.debug { "Configuration after loading from file: #{config}" }
166
166
  break
167
167
  rescue SystemCallError => e
168
- Immunio.logger.debug "Failed to load config: #{e}"
168
+ Immunio.logger.debug { "Failed to load config: #{e}" }
169
169
  end
170
170
  end
171
171
 
@@ -191,12 +191,12 @@ module Immunio
191
191
  end
192
192
  end
193
193
 
194
- Immunio.logger.debug "Configuration after evaluating env vars: #{config}"
194
+ Immunio.logger.debug { "Configuration after evaluating env vars: #{config}" }
195
195
 
196
196
  # Remove any requested plugins, then add any requested plugins.
197
197
  config.plugins_active.subtract(config.plugins_disabled)
198
198
  config.plugins_active.merge(config.plugins_enabled)
199
- Immunio.logger.info "Active plugins: #{config.plugins_active.to_a}"
199
+ Immunio.logger.info { "Active plugins: #{config.plugins_active.to_a}" }
200
200
 
201
201
  end
202
202
 
@@ -58,7 +58,7 @@ module Immunio
58
58
  private
59
59
  def parse_opts(options_ro)
60
60
  unless options_ro.is_a? Hash
61
- Immunio.logger.warn "Passed a non-hash options object into an authentication method: #{options_ro.inspect}"
61
+ Immunio.logger.warn { "Passed a non-hash options object into an authentication method: #{options_ro.inspect}" }
62
62
  return
63
63
  end
64
64
 
@@ -75,7 +75,7 @@ module Immunio
75
75
  def stop
76
76
  return unless @started
77
77
 
78
- Immunio.logger.debug "Stopping channel"
78
+ Immunio.logger.debug { "Stopping channel" }
79
79
 
80
80
  @started = false
81
81
  @ready = false
@@ -92,8 +92,8 @@ module Immunio
92
92
 
93
93
  def send_encoded_message(message)
94
94
  if @message_queue.size > @config.max_send_queue_size
95
- Immunio.logger.warn "Dropping message for agent manager due to queue overflow (#{@message_queue.size} > #{@config.max_send_queue_size})"
96
- Immunio.logger.debug "Dropped message: (#{message})"
95
+ Immunio.logger.warn { "Dropping message for agent manager due to queue overflow (#{@message_queue.size} > #{@config.max_send_queue_size})" }
96
+ Immunio.logger.debug { "Dropped message: (#{message})" }
97
97
  # No room for this message on the queue. Discard.
98
98
  @dropped_message_count += 1
99
99
  return
@@ -122,11 +122,11 @@ module Immunio
122
122
  return
123
123
  end
124
124
 
125
- Immunio.logger.debug "Channel waiting #{@config.ready_timeout.to_i} seconds until ready..."
125
+ Immunio.logger.debug { "Channel waiting #{@config.ready_timeout.to_i} seconds until ready..." }
126
126
  Timeout.timeout @config.ready_timeout.to_i do
127
127
  # Wait until we get a response from the agentmanager
128
128
  sleep 0.1 until ready?
129
- Immunio.logger.debug "Channel ready!"
129
+ Immunio.logger.debug { "Channel ready!" }
130
130
  end
131
131
  end
132
132
 
@@ -139,7 +139,7 @@ module Immunio
139
139
  private
140
140
  # Core method running in a thread
141
141
  def run
142
- Immunio.logger.debug "Starting channel on thread #{Thread.current.object_id}"
142
+ Immunio.logger.debug { "Starting channel on thread #{Thread.current.object_id}" }
143
143
  # Create an empty cert_store to prevent Faraday from using the system default OpenSSL store.
144
144
  cert_store = OpenSSL::X509::Store.new
145
145
  # Setup the connection for making requests to the server.
@@ -177,11 +177,11 @@ module Immunio
177
177
 
178
178
  def log_error(e)
179
179
  if @error_count == 1
180
- Immunio.logger.warn "Connection failed after #{@success_count} successes: #{e} (#{e.class})"
180
+ Immunio.logger.warn { "Connection failed after #{@success_count} successes: #{e} (#{e.class})" }
181
181
  else
182
- Immunio.logger.warn "Connection failure [#{@error_count}]: #{e} (#{e.class})"
182
+ Immunio.logger.warn { "Connection failure [#{@error_count}]: #{e} (#{e.class})" }
183
183
  end
184
- Immunio.logger.debug e.backtrace.join("\n")
184
+ Immunio.logger.debug { e.backtrace.join("\n") }
185
185
  end
186
186
 
187
187
  def exponential_backoff()
@@ -195,7 +195,7 @@ module Immunio
195
195
  delay_ms *= rand
196
196
  delay_ms = delay_ms.round
197
197
 
198
- Immunio.logger.info "Delaying #{delay_ms} ms before next request"
198
+ Immunio.logger.info { "Delaying #{delay_ms} ms before next request" }
199
199
  sleep delay_ms / 1000.0
200
200
  end
201
201
 
@@ -236,7 +236,7 @@ module Immunio
236
236
  raise Error, "No URL in HELLO response: #{response.body}"
237
237
  end
238
238
 
239
- Immunio.logger.info "Agent connected to #{@config.hello_url}"
239
+ Immunio.logger.info { "Agent connected to #{@config.hello_url}" }
240
240
  end
241
241
 
242
242
  # Execute a block for at max a given time to match `@config.max_report_interval`.
@@ -275,8 +275,8 @@ module Immunio
275
275
  if send_buffer_has_room used_bytes
276
276
  add_to_send_buffer @next_message
277
277
  else
278
- Immunio.logger.warn "Dropped message over max byte send size, next message size #{@next_message.bytesize}"
279
- Immunio.logger.debug "Dropped next message used: #{used_bytes} over max byte: #{@next_message}"
278
+ Immunio.logger.warn { "Dropped message over max byte send size, next message size #{@next_message.bytesize}" }
279
+ Immunio.logger.debug { "Dropped next message used: #{used_bytes} over max byte: #{@next_message}" }
280
280
  @dropped_message_count += 1
281
281
  end
282
282
  @next_message = nil
@@ -388,7 +388,7 @@ module Immunio
388
388
  if response.status >= 400 and response.status < 500 then
389
389
  # 4XX response codes should NOT be retried. Discard the report.
390
390
  @rejected_message_count += @send_buffer.size
391
- Immunio.logger.trace "Rejecting #{@send_buffer.size} messages"
391
+ Immunio.logger.trace { "Rejecting #{@send_buffer.size} messages" }
392
392
  @send_buffer = []
393
393
  @send_buffer_bytes = 0
394
394
 
@@ -409,7 +409,7 @@ module Immunio
409
409
  # Update local data from response
410
410
  new_agent_uuid = body["agent_uuid"]
411
411
  if new_agent_uuid
412
- Immunio.logger.info "Agent UUID: #{new_agent_uuid}" if new_agent_uuid != @agent_uuid
412
+ Immunio.logger.info { "Agent UUID: #{new_agent_uuid}" } if new_agent_uuid != @agent_uuid
413
413
  @agent_uuid = new_agent_uuid
414
414
  end
415
415
  @send_seq += @send_buffer.size
@@ -544,7 +544,7 @@ module Immunio
544
544
  name = params.size.to_s
545
545
  end
546
546
 
547
- Immunio.logger.debug "Adding ActiveRecord SQL param to relation #{relation_id} (name: #{name}, value: #{value})"
547
+ Immunio.logger.debug { "Adding ActiveRecord SQL param to relation #{relation_id} (name: #{name}, value: #{value})" }
548
548
 
549
549
  params[name] = value
550
550
  end
@@ -582,14 +582,14 @@ module Immunio
582
582
  # to a statement.
583
583
  def call(payload)
584
584
  Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
585
- Immunio.logger.debug "New ActiveRecord SQL query: #{payload}"
585
+ Immunio.logger.debug { "New ActiveRecord SQL query: #{payload}" }
586
586
 
587
587
  connection_id = payload[:connection_id]
588
588
 
589
589
  relation_id = @relations[connection_id].last
590
590
 
591
591
  if should_ignore? payload[:sql]
592
- Immunio.logger.debug "Ignoring query as it was generated by ActiveRecord itself (#{payload[:sql]})"
592
+ Immunio.logger.debug { "Ignoring query as it was generated by ActiveRecord itself (#{payload[:sql]})" }
593
593
  return
594
594
  end
595
595
 
@@ -52,7 +52,7 @@ if defined? Authlogic
52
52
  def immunio_check_failed_login
53
53
  if errors.any?
54
54
  Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
55
- Immunio.logger.debug "Authlogic instrumentation fired for before_failure with opts #{opts}"
55
+ Immunio.logger.debug { "Authlogic instrumentation fired for before_failure with opts #{opts}" }
56
56
  Immunio.failed_login opts
57
57
  end
58
58
  end
@@ -60,14 +60,14 @@ if defined? Authlogic
60
60
 
61
61
  def immunio_logout
62
62
  Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
63
- Immunio.logger.debug "Authlogic instrumentation fired for logout with opts #{opts}"
63
+ Immunio.logger.debug { "Authlogic instrumentation fired for logout with opts #{opts}" }
64
64
  Immunio.logout opts
65
65
  end
66
66
  end
67
67
 
68
68
  def immunio_set_user
69
69
  Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
70
- Immunio.logger.debug "Authlogic instrumentation fired for after_set_user with opts #{opts}"
70
+ Immunio.logger.debug { "Authlogic instrumentation fired for after_set_user with opts #{opts}" }
71
71
  Immunio.set_user opts
72
72
  end
73
73
  end
@@ -9,7 +9,7 @@ module Immunio
9
9
  protected
10
10
  def verify_authenticity_token_with_immunio
11
11
  Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
12
- Immunio.logger.debug "ActiveSupport checking CSRF token"
12
+ Immunio.logger.debug { "ActiveSupport checking CSRF token" }
13
13
 
14
14
  Immunio.run_hook! "csrf", "framework_csrf_check", valid: verified_request?
15
15
 
@@ -18,7 +18,7 @@ if defined? Devise
18
18
 
19
19
  def send_reset_password_instructions_with_immunio(attributes={})
20
20
  Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
21
- Immunio.logger.debug "Devise instrumentation fired for send_reset_password_instructions"
21
+ Immunio.logger.debug { "Devise instrumentation fired for send_reset_password_instructions" }
22
22
 
23
23
  recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
24
24
 
@@ -40,5 +40,5 @@ end
40
40
  if Immunio::agent.plugin_enabled?("eval") then
41
41
  Kernel.send :include, Immunio::KernelEvalHook
42
42
  Kernel.extend Immunio::KernelEvalHook
43
- Immunio.logger.debug "Eval: All hooks installed."
43
+ Immunio.logger.debug { "Eval: All hooks installed." }
44
44
  end
@@ -10,7 +10,7 @@ module Immunio
10
10
  def call(env)
11
11
  status, headers, body = @app.call(env)
12
12
  if Request.current
13
- Immunio.logger.debug "Finishing request in HTTPFinisher"
13
+ Immunio.logger.debug { "Finishing request in HTTPFinisher" }
14
14
  [status, headers, BodyWrapper.new(body)]
15
15
  else
16
16
  [status, headers, body]
@@ -47,4 +47,4 @@ module Immunio
47
47
  @body.respond_to?(*args)
48
48
  end
49
49
  end
50
- end
50
+ end
@@ -11,7 +11,7 @@ module Immunio
11
11
  def call(env)
12
12
  request = Request.new(env)
13
13
  request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
14
- Immunio.logger.debug "Creating new request in HTTPTracker"
14
+ Immunio.logger.debug { "Creating new request in HTTPTracker" }
15
15
  Immunio.new_request(request)
16
16
 
17
17
  Immunio.run_hook! "http_tracker", "http_request_start", meta_from_env(env)
@@ -17,7 +17,7 @@ module Immunio
17
17
  end # end
18
18
  end # end
19
19
  EOF
20
- Immunio.logger.debug "IO: successfully chained #{name} #{methods}"
20
+ Immunio.logger.debug { "IO: successfully chained #{name} #{methods}" }
21
21
  methods.each do |method|
22
22
  mod.class_eval <<-EOF
23
23
  def #{method}_with_immunio(*args, &block) # def read_with_immunio(*args, &block)
@@ -35,7 +35,7 @@ module Immunio
35
35
  end
36
36
  end # end
37
37
  EOF
38
- Immunio.logger.debug "IO: successfully created hook for #{name} #{method}"
38
+ Immunio.logger.debug { "IO: successfully created hook for #{name} #{method}" }
39
39
  end
40
40
  end
41
41
  end
@@ -43,7 +43,7 @@ module Immunio
43
43
  module IOClassHooks
44
44
  IOHooks.inject self, "IO.", %w( read write binread binwrite readlines sysopen copy_stream popen )
45
45
  end
46
- Immunio.logger.debug "IO: IOClassHooks created: #{IOClassHooks}"
46
+ Immunio.logger.debug { "IO: IOClassHooks created: #{IOClassHooks}" }
47
47
 
48
48
  module KernelModuleHooks
49
49
  # exec() is not included currently as it replaces the running process
@@ -72,19 +72,19 @@ module Immunio
72
72
  Kernel.send :alias_method, :backtick_without_immunio, :`
73
73
  Kernel.send :alias_method, :`, :backtick_with_immunio
74
74
  end
75
- Immunio.logger.debug "Shell: KernelModuleHooks created: #{KernelModuleHooks}"
75
+ Immunio.logger.debug { "Shell: KernelModuleHooks created: #{KernelModuleHooks}" }
76
76
 
77
77
  module FileClassHooks
78
78
  IOHooks.inject self, "File.", %w( new open )
79
79
  end
80
- Immunio.logger.debug "IO: FileClassHooks created: #{FileClassHooks}"
80
+ Immunio.logger.debug { "IO: FileClassHooks created: #{FileClassHooks}" }
81
81
  end
82
82
 
83
83
  # Add FileIO hooks if enabled
84
84
  if Immunio.agent.plugin_enabled?("file_io")
85
85
  IO.extend Immunio::IOClassHooks
86
86
  File.extend Immunio::FileClassHooks
87
- Immunio.logger.debug "IO: All hooks installed."
87
+ Immunio.logger.debug { "IO: All hooks installed." }
88
88
  end
89
89
 
90
90
  # Add Kernel hooks if enabled
@@ -92,5 +92,5 @@ if Immunio.agent.plugin_enabled?("shell_command")
92
92
  # Both are necessary to hook calling both Kernel.open() and open() etc.
93
93
  Kernel.send :include, Immunio::KernelModuleHooks
94
94
  Kernel.extend Immunio::KernelModuleHooks
95
- Immunio.logger.debug "Shell: All hooks installed."
95
+ Immunio.logger.debug { "Shell: All hooks installed." }
96
96
  end
@@ -10,7 +10,7 @@ module Immunio
10
10
 
11
11
  protected
12
12
  def redirect_to_with_immunio(options = {}, response_status = {})
13
- Immunio.logger.debug "ActiveSupport checking redirect."
13
+ Immunio.logger.debug { "ActiveSupport checking redirect." }
14
14
  Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
15
15
  # redirect_to excepts a variety of argument types
16
16
  # but the only one that creates a absolute URL redirect
@@ -38,5 +38,5 @@ end
38
38
 
39
39
  if Immunio::agent.plugin_enabled?("redirect") then
40
40
  ActionController::Base.send :include, Immunio::RedirectHook
41
- Immunio.logger.debug "Redirect: All hooks installed."
41
+ Immunio.logger.debug { "Redirect: All hooks installed." }
42
42
  end
@@ -9,7 +9,7 @@ end
9
9
  if defined?(Warden)
10
10
  Warden::Manager.after_authentication do |user|
11
11
  Immunio::Request.time "plugin", "Warden::Manager.after_authentication" do
12
- Immunio.logger.debug "Warden instrumentation fired for after_authentication"
12
+ Immunio.logger.debug { "Warden instrumentation fired for after_authentication" }
13
13
  Immunio.login user_record: user, plugin: "warden"
14
14
  end
15
15
  end
@@ -32,25 +32,24 @@ if defined?(Warden)
32
32
  # there's no easy way to tell why. If we can't figure out who the
33
33
  # attempted user was, don't report it as a failed login.
34
34
  if user_found
35
- Immunio.logger.debug "Warden instrumentation fired for before_failure"
35
+ Immunio.logger.debug { "Warden instrumentation fired for before_failure" }
36
36
  Immunio.failed_login info
37
37
  else
38
- Immunio.logger.debug "Failed to find user info for Warden failure, "\
39
- "ignoring instead of reporting as failed login"
38
+ Immunio.logger.debug { "Failed to find user info for Warden failure, ignoring instead of reporting as failed login" }
40
39
  end
41
40
  end
42
41
  end
43
42
 
44
43
  Warden::Manager.after_set_user do |user|
45
44
  Immunio::Request.time "plugin", "Warden::Manager.after_set_user" do
46
- Immunio.logger.debug "Warden instrumentation fired for after_set_user"
45
+ Immunio.logger.debug { "Warden instrumentation fired for after_set_user" }
47
46
  Immunio.set_user user_record: user, plugin: "warden"
48
47
  end
49
48
  end
50
49
 
51
50
  Warden::Manager.before_logout do |user|
52
51
  Immunio::Request.time "plugin", "Warden::Manager.before_logout" do
53
- Immunio.logger.debug "Warden instrumentation fired for before_logout"
52
+ Immunio.logger.debug { "Warden instrumentation fired for before_logout" }
54
53
  Immunio.logout user_record: user, plugin: "warden"
55
54
  end
56
55
  end
@@ -99,7 +99,7 @@ module Immunio
99
99
  def finish_request
100
100
  request = Request.current
101
101
  if request
102
- Immunio.logger.debug "Finishing request #{request.id}"
102
+ Immunio.logger.debug { "Finishing request #{request.id}" }
103
103
  aggregate_timings(request.timings)
104
104
  ActiveSupport::Notifications.publish "immunio.finish_request", request
105
105
  @channel.send_encoded_message request.encode if request.should_report?
@@ -129,7 +129,7 @@ module Immunio
129
129
 
130
130
  # If there is no registered handler, just log the hook and return.
131
131
  unless request.vm.has_function? hook
132
- Immunio.logger.debug "No hook code for '#{hook}' to run for request #{request.id}"
132
+ Immunio.logger.debug { "No hook code for '#{hook}' to run for request #{request.id}" }
133
133
  return {}
134
134
  end
135
135
 
@@ -147,9 +147,9 @@ module Immunio
147
147
  }
148
148
 
149
149
  begin
150
- Immunio.logger.debug "Running #{hook} hook for request #{request.id} with global values: #{globals}"
150
+ Immunio.logger.debug { "Running #{hook} hook for request #{request.id} with global values: #{globals}" }
151
151
  rescue Encoding::CompatibilityError
152
- Immunio.logger.debug "Running #{hook} hook for request #{request.id} (can't log global values due to encoding incompatibility)"
152
+ Immunio.logger.debug { "Running #{hook} hook for request #{request.id} (can't log global values due to encoding incompatibility)" }
153
153
  end
154
154
 
155
155
  # Run the hook code in the VM and time the execution.
@@ -199,7 +199,7 @@ module Immunio
199
199
 
200
200
  # Raise if not allowed (default to allow)
201
201
  if !result.fetch("allow", true)
202
- Immunio.logger.debug "Blocking request due to hook response"
202
+ Immunio.logger.debug { "Blocking request due to hook response" }
203
203
  raise RequestBlocked, "The request was blocked by the Immunio agent"
204
204
  end
205
205
 
@@ -212,8 +212,8 @@ module Immunio
212
212
  end
213
213
 
214
214
  def log_and_send_error(e, message="Error", info={})
215
- Immunio.logger.warn "#{message}: #{e.message}"
216
- Immunio.logger.warn "Stack: #{e.backtrace}"
215
+ Immunio.logger.warn { "#{message}: #{e.message}" }
216
+ Immunio.logger.warn { "Stack: #{e.backtrace}" }
217
217
 
218
218
  # Re-raise in dev mode before we send it to the backend.
219
219
  raise e if @dev_mode