immunio 1.0.4 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 982b269267bce6fae3ade7b7360a47f37be59b36
-  data.tar.gz: 1b12d9624040de50dfd193e94de7e6ffbc9555fa
+  metadata.gz: 9f09a35175c2a6fb7e3a53ac0897709631a1a49e
+  data.tar.gz: 6963085e60f7f14329e96e559da6924fbd8f2ab7
 SHA512:
-  metadata.gz: 8199f0f3e899ff436b292da85dfe73abcf7e9c63a73cd04337c9b5d2de2ec6b4b861901e5c756c6ec7bef3098645b9da19b3c474a28b381250e1092830b7bc7a
-  data.tar.gz: 93ac58a9a2f48ae71d52e5c9fa6dbb921d500dad1a751a5e23c0c6bc661bc41c5f37cdefc69d8128677e19d150ac6a45486c62f05165a87697474690cf821435
+  metadata.gz: 2ba1db8defbc5b5ae08e33119c468f205ea0d5f75e10e5a4c4ed316da4bd9526696c0676782635c4705c90abc1c4e37a83b96f74230d0a7c3f4c5740f8acf823
+  data.tar.gz: 7901d9dd4ba9008a017abe2690e6cbfcd16daa591d21d23dd8c5f91f070089420661499069274b48ac1121f20d02f6d94b27ce6532a6e6209594ef7dd9fabd85

data/lib/immunio/agent.rb

@@ -73,7 +73,7 @@ module Immunio
     config_accessor :vm_data
 
     def initialize
-      Immunio.logger.info "Initializing agent version #{VERSION} for process #{Process.pid}"
+      Immunio.logger.info { "Initializing agent version #{VERSION} for process #{Process.pid}" }
 
       config.key = config.secret = "-default-"
       config.hello_url = "https://agent.immun.io/"
@@ -107,7 +107,7 @@ module Immunio
       Immunio::switch_to_real_logger(config.log_file, config.log_level)
 
       if !config.agent_enabled then
-        Immunio.logger.info "Agent disabled in config"
+        Immunio.logger.info { "Agent disabled in config" }
         return
       end
 
@@ -148,7 +148,7 @@ module Immunio
     end
 
     def load_config
-      Immunio.logger.debug "Default configuration: #{config}"
+      Immunio.logger.debug { "Default configuration: #{config}" }
 
       # Try loading file from some standard locations. First match is used.
       locations = []
@@ -156,16 +156,16 @@ module Immunio
       locations << File.join("config", CONFIG_FILENAME)
 
       locations.each do |location|
-        Immunio.logger.debug "Trying to find config file at #{location}"
+        Immunio.logger.debug { "Trying to find config file at #{location}" }
         begin
           realpath = File.realpath(location) # Raises exception if file doesn't exist
-          Immunio.logger.debug "Found config file at #{realpath}"
+          Immunio.logger.debug { "Found config file at #{realpath}" }
           options = YAML.load_file(realpath).symbolize_keys
           config.update options
-          Immunio.logger.debug "Configuration after loading from file: #{config}"
+          Immunio.logger.debug { "Configuration after loading from file: #{config}" }
           break
         rescue SystemCallError => e
-          Immunio.logger.debug "Failed to load config: #{e}"
+          Immunio.logger.debug { "Failed to load config: #{e}" }
         end
       end
 
@@ -191,12 +191,12 @@ module Immunio
         end
       end
 
-      Immunio.logger.debug "Configuration after evaluating env vars: #{config}"
+      Immunio.logger.debug { "Configuration after evaluating env vars: #{config}" }
 
       # Remove any requested plugins, then add any requested plugins.
       config.plugins_active.subtract(config.plugins_disabled)
       config.plugins_active.merge(config.plugins_enabled)
-      Immunio.logger.info "Active plugins: #{config.plugins_active.to_a}"
+      Immunio.logger.info { "Active plugins: #{config.plugins_active.to_a}" }
 
     end
 

data/lib/immunio/authentication.rb

@@ -58,7 +58,7 @@ module Immunio
   private
     def parse_opts(options_ro)
       unless options_ro.is_a? Hash
-        Immunio.logger.warn "Passed a non-hash options object into an authentication method: #{options_ro.inspect}"
+        Immunio.logger.warn { "Passed a non-hash options object into an authentication method: #{options_ro.inspect}" }
         return
       end
 

data/lib/immunio/channel.rb

@@ -75,7 +75,7 @@ module Immunio
     def stop
       return unless @started
 
-      Immunio.logger.debug "Stopping channel"
+      Immunio.logger.debug { "Stopping channel" }
 
       @started = false
       @ready = false
@@ -92,8 +92,8 @@ module Immunio
 
     def send_encoded_message(message)
       if @message_queue.size > @config.max_send_queue_size
-        Immunio.logger.warn "Dropping message for agent manager due to queue overflow (#{@message_queue.size} > #{@config.max_send_queue_size})"
-        Immunio.logger.debug "Dropped message: (#{message})"
+        Immunio.logger.warn { "Dropping message for agent manager due to queue overflow (#{@message_queue.size} > #{@config.max_send_queue_size})" }
+        Immunio.logger.debug { "Dropped message: (#{message})" }
         # No room for this message on the queue. Discard.
         @dropped_message_count += 1
         return
@@ -122,11 +122,11 @@ module Immunio
         return
       end
 
-      Immunio.logger.debug "Channel waiting #{@config.ready_timeout.to_i} seconds until ready..."
+      Immunio.logger.debug { "Channel waiting #{@config.ready_timeout.to_i} seconds until ready..." }
       Timeout.timeout @config.ready_timeout.to_i do
         # Wait until we get a response from the agentmanager
         sleep 0.1 until ready?
-        Immunio.logger.debug "Channel ready!"
+        Immunio.logger.debug { "Channel ready!" }
       end
     end
 
@@ -139,7 +139,7 @@ module Immunio
     private
       # Core method running in a thread
       def run
-        Immunio.logger.debug "Starting channel on thread #{Thread.current.object_id}"
+        Immunio.logger.debug { "Starting channel on thread #{Thread.current.object_id}" }
         # Create an empty cert_store to prevent Faraday from using the system default OpenSSL store.
         cert_store = OpenSSL::X509::Store.new
         # Setup the connection for making requests to the server.
@@ -177,11 +177,11 @@ module Immunio
 
       def log_error(e)
         if @error_count == 1
-          Immunio.logger.warn "Connection failed after #{@success_count} successes: #{e} (#{e.class})"
+          Immunio.logger.warn { "Connection failed after #{@success_count} successes: #{e} (#{e.class})" }
         else
-          Immunio.logger.warn "Connection failure [#{@error_count}]: #{e} (#{e.class})"
+          Immunio.logger.warn { "Connection failure [#{@error_count}]: #{e} (#{e.class})" }
         end
-        Immunio.logger.debug e.backtrace.join("\n")
+        Immunio.logger.debug { e.backtrace.join("\n") }
       end
 
       def exponential_backoff()
@@ -195,7 +195,7 @@ module Immunio
         delay_ms *= rand
         delay_ms = delay_ms.round
 
-        Immunio.logger.info "Delaying #{delay_ms} ms before next request"
+        Immunio.logger.info { "Delaying #{delay_ms} ms before next request" }
         sleep delay_ms / 1000.0
       end
 
@@ -236,7 +236,7 @@ module Immunio
           raise Error, "No URL in HELLO response: #{response.body}"
         end
 
-        Immunio.logger.info "Agent connected to #{@config.hello_url}"
+        Immunio.logger.info { "Agent connected to #{@config.hello_url}" }
       end
 
       # Execute a block for at max a given time to match `@config.max_report_interval`.
@@ -275,8 +275,8 @@ module Immunio
           if send_buffer_has_room used_bytes
             add_to_send_buffer @next_message
           else
-            Immunio.logger.warn "Dropped message over max byte send size, next message size #{@next_message.bytesize}"
-            Immunio.logger.debug "Dropped next message used: #{used_bytes} over max byte: #{@next_message}"
+            Immunio.logger.warn { "Dropped message over max byte send size, next message size #{@next_message.bytesize}" }
+            Immunio.logger.debug { "Dropped next message used: #{used_bytes} over max byte: #{@next_message}" }
             @dropped_message_count += 1
           end
           @next_message = nil
@@ -388,7 +388,7 @@ module Immunio
         if response.status >= 400 and response.status < 500 then
           # 4XX response codes should NOT be retried. Discard the report.
           @rejected_message_count += @send_buffer.size
-          Immunio.logger.trace "Rejecting #{@send_buffer.size} messages"
+          Immunio.logger.trace { "Rejecting #{@send_buffer.size} messages" }
           @send_buffer = []
           @send_buffer_bytes = 0
 
@@ -409,7 +409,7 @@ module Immunio
         # Update local data from response
         new_agent_uuid = body["agent_uuid"]
         if new_agent_uuid
-          Immunio.logger.info "Agent UUID: #{new_agent_uuid}" if new_agent_uuid != @agent_uuid
+          Immunio.logger.info { "Agent UUID: #{new_agent_uuid}" } if new_agent_uuid != @agent_uuid
           @agent_uuid = new_agent_uuid
         end
         @send_seq += @send_buffer.size

data/lib/immunio/plugins/active_record.rb

@@ -544,7 +544,7 @@ module Immunio
         name = params.size.to_s
       end
 
-      Immunio.logger.debug "Adding ActiveRecord SQL param to relation #{relation_id} (name: #{name}, value: #{value})"
+      Immunio.logger.debug { "Adding ActiveRecord SQL param to relation #{relation_id} (name: #{name}, value: #{value})" }
 
       params[name] = value
     end
@@ -582,14 +582,14 @@ module Immunio
     # to a statement.
     def call(payload)
       Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-        Immunio.logger.debug "New ActiveRecord SQL query: #{payload}"
+        Immunio.logger.debug { "New ActiveRecord SQL query: #{payload}" }
 
         connection_id = payload[:connection_id]
 
         relation_id = @relations[connection_id].last
 
         if should_ignore? payload[:sql]
-          Immunio.logger.debug "Ignoring query as it was generated by ActiveRecord itself (#{payload[:sql]})"
+          Immunio.logger.debug { "Ignoring query as it was generated by ActiveRecord itself (#{payload[:sql]})" }
           return
         end
 

data/lib/immunio/plugins/authlogic.rb

@@ -52,7 +52,7 @@ if defined? Authlogic
             def immunio_check_failed_login
               if errors.any?
                 Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-                  Immunio.logger.debug "Authlogic instrumentation fired for before_failure with opts #{opts}"
+                  Immunio.logger.debug { "Authlogic instrumentation fired for before_failure with opts #{opts}" }
                   Immunio.failed_login opts
                 end
               end
@@ -60,14 +60,14 @@ if defined? Authlogic
 
             def immunio_logout
               Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-                Immunio.logger.debug "Authlogic instrumentation fired for logout with opts #{opts}"
+                Immunio.logger.debug { "Authlogic instrumentation fired for logout with opts #{opts}" }
                 Immunio.logout opts
               end
             end
 
             def immunio_set_user
               Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-                Immunio.logger.debug "Authlogic instrumentation fired for after_set_user with opts #{opts}"
+                Immunio.logger.debug { "Authlogic instrumentation fired for after_set_user with opts #{opts}" }
                 Immunio.set_user opts
               end
             end

data/lib/immunio/plugins/csrf.rb

@@ -9,7 +9,7 @@ module Immunio
     protected
       def verify_authenticity_token_with_immunio
         Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-          Immunio.logger.debug "ActiveSupport checking CSRF token"
+          Immunio.logger.debug { "ActiveSupport checking CSRF token" }
 
           Immunio.run_hook! "csrf", "framework_csrf_check", valid: verified_request?
 

data/lib/immunio/plugins/devise.rb

@@ -18,7 +18,7 @@ if defined? Devise
 
       def send_reset_password_instructions_with_immunio(attributes={})
         Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-          Immunio.logger.debug "Devise instrumentation fired for send_reset_password_instructions"
+          Immunio.logger.debug { "Devise instrumentation fired for send_reset_password_instructions" }
 
           recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
 

data/lib/immunio/plugins/eval.rb

@@ -40,5 +40,5 @@ end
 if Immunio::agent.plugin_enabled?("eval") then
   Kernel.send :include, Immunio::KernelEvalHook
   Kernel.extend Immunio::KernelEvalHook
-  Immunio.logger.debug "Eval: All hooks installed."
+  Immunio.logger.debug { "Eval: All hooks installed." }
 end

data/lib/immunio/plugins/http_finisher.rb

@@ -10,7 +10,7 @@ module Immunio
     def call(env)
       status, headers, body = @app.call(env)
       if Request.current
-        Immunio.logger.debug "Finishing request in HTTPFinisher"
+        Immunio.logger.debug { "Finishing request in HTTPFinisher" }
         [status, headers, BodyWrapper.new(body)]
       else
         [status, headers, body]
@@ -47,4 +47,4 @@ module Immunio
       @body.respond_to?(*args)
     end
   end
-end
+end

data/lib/immunio/plugins/http_tracker.rb

@@ -11,7 +11,7 @@ module Immunio
     def call(env)
       request = Request.new(env)
       request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-        Immunio.logger.debug "Creating new request in HTTPTracker"
+        Immunio.logger.debug { "Creating new request in HTTPTracker" }
         Immunio.new_request(request)
 
         Immunio.run_hook! "http_tracker", "http_request_start", meta_from_env(env)

data/lib/immunio/plugins/io.rb

@@ -17,7 +17,7 @@ module Immunio
           end                                                          #   end
         end                                                            # end
       EOF
-      Immunio.logger.debug "IO: successfully chained #{name} #{methods}"
+      Immunio.logger.debug { "IO: successfully chained #{name} #{methods}" }
       methods.each do |method|
         mod.class_eval <<-EOF
           def #{method}_with_immunio(*args, &block)                    # def read_with_immunio(*args, &block)
@@ -35,7 +35,7 @@ module Immunio
             end
           end                                                          # end
         EOF
-        Immunio.logger.debug "IO: successfully created hook for #{name} #{method}"
+        Immunio.logger.debug { "IO: successfully created hook for #{name} #{method}" }
       end
     end
   end
@@ -43,7 +43,7 @@ module Immunio
   module IOClassHooks
     IOHooks.inject self, "IO.", %w( read write binread binwrite readlines sysopen copy_stream popen )
   end
-  Immunio.logger.debug "IO: IOClassHooks created: #{IOClassHooks}"
+  Immunio.logger.debug { "IO: IOClassHooks created: #{IOClassHooks}" }
 
   module KernelModuleHooks
     # exec() is not included currently as it replaces the running process
@@ -72,19 +72,19 @@ module Immunio
     Kernel.send :alias_method, :backtick_without_immunio, :`
     Kernel.send :alias_method, :`, :backtick_with_immunio
   end
-  Immunio.logger.debug "Shell: KernelModuleHooks created: #{KernelModuleHooks}"
+  Immunio.logger.debug { "Shell: KernelModuleHooks created: #{KernelModuleHooks}" }
 
   module FileClassHooks
     IOHooks.inject self, "File.", %w( new open )
   end
-  Immunio.logger.debug "IO: FileClassHooks created: #{FileClassHooks}"
+  Immunio.logger.debug { "IO: FileClassHooks created: #{FileClassHooks}" }
 end
 
 # Add FileIO hooks if enabled
 if Immunio.agent.plugin_enabled?("file_io")
   IO.extend Immunio::IOClassHooks
   File.extend Immunio::FileClassHooks
-  Immunio.logger.debug "IO: All hooks installed."
+  Immunio.logger.debug { "IO: All hooks installed." }
 end
 
 # Add Kernel hooks if enabled
@@ -92,5 +92,5 @@ if Immunio.agent.plugin_enabled?("shell_command")
   # Both are necessary to hook calling both Kernel.open() and open() etc.
   Kernel.send :include, Immunio::KernelModuleHooks
   Kernel.extend Immunio::KernelModuleHooks
-  Immunio.logger.debug "Shell: All hooks installed."
+  Immunio.logger.debug { "Shell: All hooks installed." }
 end

data/lib/immunio/plugins/redirect.rb

@@ -10,7 +10,7 @@ module Immunio
 
     protected
       def redirect_to_with_immunio(options = {}, response_status = {})
-        Immunio.logger.debug "ActiveSupport checking redirect."
+        Immunio.logger.debug { "ActiveSupport checking redirect." }
         Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
           # redirect_to excepts a variety of argument types
           # but the only one that creates a absolute URL redirect
@@ -38,5 +38,5 @@ end
 
 if Immunio::agent.plugin_enabled?("redirect") then
   ActionController::Base.send :include, Immunio::RedirectHook
-  Immunio.logger.debug "Redirect: All hooks installed."
+  Immunio.logger.debug { "Redirect: All hooks installed." }
 end

data/lib/immunio/plugins/warden.rb

@@ -9,7 +9,7 @@ end
 if defined?(Warden)
   Warden::Manager.after_authentication do |user|
     Immunio::Request.time "plugin", "Warden::Manager.after_authentication" do
-      Immunio.logger.debug "Warden instrumentation fired for after_authentication"
+      Immunio.logger.debug { "Warden instrumentation fired for after_authentication" }
       Immunio.login user_record: user, plugin: "warden"
     end
   end
@@ -32,25 +32,24 @@ if defined?(Warden)
       # there's no easy way to tell why. If we can't figure out who the
       # attempted user was, don't report it as a failed login.
       if user_found
-        Immunio.logger.debug "Warden instrumentation fired for before_failure"
+        Immunio.logger.debug { "Warden instrumentation fired for before_failure" }
         Immunio.failed_login info
       else
-        Immunio.logger.debug "Failed to find user info for Warden failure, "\
-                             "ignoring instead of reporting as failed login"
+        Immunio.logger.debug { "Failed to find user info for Warden failure, ignoring instead of reporting as failed login" }
       end
     end
   end
 
   Warden::Manager.after_set_user do |user|
     Immunio::Request.time "plugin", "Warden::Manager.after_set_user" do
-      Immunio.logger.debug "Warden instrumentation fired for after_set_user"
+      Immunio.logger.debug { "Warden instrumentation fired for after_set_user" }
       Immunio.set_user user_record: user, plugin: "warden"
     end
   end
 
   Warden::Manager.before_logout do |user|
     Immunio::Request.time "plugin", "Warden::Manager.before_logout" do
-      Immunio.logger.debug "Warden instrumentation fired for before_logout"
+      Immunio.logger.debug { "Warden instrumentation fired for before_logout" }
       Immunio.logout user_record: user, plugin: "warden"
     end
   end

data/lib/immunio/processor.rb

@@ -99,7 +99,7 @@ module Immunio
     def finish_request
       request = Request.current
       if request
-        Immunio.logger.debug "Finishing request #{request.id}"
+        Immunio.logger.debug { "Finishing request #{request.id}" }
         aggregate_timings(request.timings)
         ActiveSupport::Notifications.publish "immunio.finish_request", request
         @channel.send_encoded_message request.encode if request.should_report?
@@ -129,7 +129,7 @@ module Immunio
 
       # If there is no registered handler, just log the hook and return.
       unless request.vm.has_function? hook
-        Immunio.logger.debug "No hook code for '#{hook}' to run for request #{request.id}"
+        Immunio.logger.debug { "No hook code for '#{hook}' to run for request #{request.id}" }
         return {}
       end
 
@@ -147,9 +147,9 @@ module Immunio
       }
 
       begin
-        Immunio.logger.debug "Running #{hook} hook for request #{request.id} with global values: #{globals}"
+        Immunio.logger.debug { "Running #{hook} hook for request #{request.id} with global values: #{globals}" }
       rescue Encoding::CompatibilityError
-        Immunio.logger.debug "Running #{hook} hook for request #{request.id} (can't log global values due to encoding incompatibility)"
+        Immunio.logger.debug { "Running #{hook} hook for request #{request.id} (can't log global values due to encoding incompatibility)" }
       end
 
       # Run the hook code in the VM and time the execution.
@@ -199,7 +199,7 @@ module Immunio
 
       # Raise if not allowed (default to allow)
       if !result.fetch("allow", true)
-        Immunio.logger.debug "Blocking request due to hook response"
+        Immunio.logger.debug { "Blocking request due to hook response" }
         raise RequestBlocked, "The request was blocked by the Immunio agent"
       end
 
@@ -212,8 +212,8 @@ module Immunio
     end
 
     def log_and_send_error(e, message="Error", info={})
-      Immunio.logger.warn "#{message}: #{e.message}"
-      Immunio.logger.warn "Stack: #{e.backtrace}"
+      Immunio.logger.warn { "#{message}: #{e.message}" }
+      Immunio.logger.warn { "Stack: #{e.backtrace}" }
 
       # Re-raise in dev mode before we send it to the backend.
       raise e if @dev_mode