immunio 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 982b269267bce6fae3ade7b7360a47f37be59b36
4
- data.tar.gz: 1b12d9624040de50dfd193e94de7e6ffbc9555fa
3
+ metadata.gz: 9f09a35175c2a6fb7e3a53ac0897709631a1a49e
4
+ data.tar.gz: 6963085e60f7f14329e96e559da6924fbd8f2ab7
5
5
  SHA512:
6
- metadata.gz: 8199f0f3e899ff436b292da85dfe73abcf7e9c63a73cd04337c9b5d2de2ec6b4b861901e5c756c6ec7bef3098645b9da19b3c474a28b381250e1092830b7bc7a
7
- data.tar.gz: 93ac58a9a2f48ae71d52e5c9fa6dbb921d500dad1a751a5e23c0c6bc661bc41c5f37cdefc69d8128677e19d150ac6a45486c62f05165a87697474690cf821435
6
+ metadata.gz: 2ba1db8defbc5b5ae08e33119c468f205ea0d5f75e10e5a4c4ed316da4bd9526696c0676782635c4705c90abc1c4e37a83b96f74230d0a7c3f4c5740f8acf823
7
+ data.tar.gz: 7901d9dd4ba9008a017abe2690e6cbfcd16daa591d21d23dd8c5f91f070089420661499069274b48ac1121f20d02f6d94b27ce6532a6e6209594ef7dd9fabd85
@@ -73,7 +73,7 @@ module Immunio
73
73
  config_accessor :vm_data
74
74
 
75
75
  def initialize
76
- Immunio.logger.info "Initializing agent version #{VERSION} for process #{Process.pid}"
76
+ Immunio.logger.info { "Initializing agent version #{VERSION} for process #{Process.pid}" }
77
77
 
78
78
  config.key = config.secret = "-default-"
79
79
  config.hello_url = "https://agent.immun.io/"
@@ -107,7 +107,7 @@ module Immunio
107
107
  Immunio::switch_to_real_logger(config.log_file, config.log_level)
108
108
 
109
109
  if !config.agent_enabled then
110
- Immunio.logger.info "Agent disabled in config"
110
+ Immunio.logger.info { "Agent disabled in config" }
111
111
  return
112
112
  end
113
113
 
@@ -148,7 +148,7 @@ module Immunio
148
148
  end
149
149
 
150
150
  def load_config
151
- Immunio.logger.debug "Default configuration: #{config}"
151
+ Immunio.logger.debug { "Default configuration: #{config}" }
152
152
 
153
153
  # Try loading file from some standard locations. First match is used.
154
154
  locations = []
@@ -156,16 +156,16 @@ module Immunio
156
156
  locations << File.join("config", CONFIG_FILENAME)
157
157
 
158
158
  locations.each do |location|
159
- Immunio.logger.debug "Trying to find config file at #{location}"
159
+ Immunio.logger.debug { "Trying to find config file at #{location}" }
160
160
  begin
161
161
  realpath = File.realpath(location) # Raises exception if file doesn't exist
162
- Immunio.logger.debug "Found config file at #{realpath}"
162
+ Immunio.logger.debug { "Found config file at #{realpath}" }
163
163
  options = YAML.load_file(realpath).symbolize_keys
164
164
  config.update options
165
- Immunio.logger.debug "Configuration after loading from file: #{config}"
165
+ Immunio.logger.debug { "Configuration after loading from file: #{config}" }
166
166
  break
167
167
  rescue SystemCallError => e
168
- Immunio.logger.debug "Failed to load config: #{e}"
168
+ Immunio.logger.debug { "Failed to load config: #{e}" }
169
169
  end
170
170
  end
171
171
 
@@ -191,12 +191,12 @@ module Immunio
191
191
  end
192
192
  end
193
193
 
194
- Immunio.logger.debug "Configuration after evaluating env vars: #{config}"
194
+ Immunio.logger.debug { "Configuration after evaluating env vars: #{config}" }
195
195
 
196
196
  # Remove any requested plugins, then add any requested plugins.
197
197
  config.plugins_active.subtract(config.plugins_disabled)
198
198
  config.plugins_active.merge(config.plugins_enabled)
199
- Immunio.logger.info "Active plugins: #{config.plugins_active.to_a}"
199
+ Immunio.logger.info { "Active plugins: #{config.plugins_active.to_a}" }
200
200
 
201
201
  end
202
202
 
@@ -58,7 +58,7 @@ module Immunio
58
58
  private
59
59
  def parse_opts(options_ro)
60
60
  unless options_ro.is_a? Hash
61
- Immunio.logger.warn "Passed a non-hash options object into an authentication method: #{options_ro.inspect}"
61
+ Immunio.logger.warn { "Passed a non-hash options object into an authentication method: #{options_ro.inspect}" }
62
62
  return
63
63
  end
64
64
 
@@ -75,7 +75,7 @@ module Immunio
75
75
  def stop
76
76
  return unless @started
77
77
 
78
- Immunio.logger.debug "Stopping channel"
78
+ Immunio.logger.debug { "Stopping channel" }
79
79
 
80
80
  @started = false
81
81
  @ready = false
@@ -92,8 +92,8 @@ module Immunio
92
92
 
93
93
  def send_encoded_message(message)
94
94
  if @message_queue.size > @config.max_send_queue_size
95
- Immunio.logger.warn "Dropping message for agent manager due to queue overflow (#{@message_queue.size} > #{@config.max_send_queue_size})"
96
- Immunio.logger.debug "Dropped message: (#{message})"
95
+ Immunio.logger.warn { "Dropping message for agent manager due to queue overflow (#{@message_queue.size} > #{@config.max_send_queue_size})" }
96
+ Immunio.logger.debug { "Dropped message: (#{message})" }
97
97
  # No room for this message on the queue. Discard.
98
98
  @dropped_message_count += 1
99
99
  return
@@ -122,11 +122,11 @@ module Immunio
122
122
  return
123
123
  end
124
124
 
125
- Immunio.logger.debug "Channel waiting #{@config.ready_timeout.to_i} seconds until ready..."
125
+ Immunio.logger.debug { "Channel waiting #{@config.ready_timeout.to_i} seconds until ready..." }
126
126
  Timeout.timeout @config.ready_timeout.to_i do
127
127
  # Wait until we get a response from the agentmanager
128
128
  sleep 0.1 until ready?
129
- Immunio.logger.debug "Channel ready!"
129
+ Immunio.logger.debug { "Channel ready!" }
130
130
  end
131
131
  end
132
132
 
@@ -139,7 +139,7 @@ module Immunio
139
139
  private
140
140
  # Core method running in a thread
141
141
  def run
142
- Immunio.logger.debug "Starting channel on thread #{Thread.current.object_id}"
142
+ Immunio.logger.debug { "Starting channel on thread #{Thread.current.object_id}" }
143
143
  # Create an empty cert_store to prevent Faraday from using the system default OpenSSL store.
144
144
  cert_store = OpenSSL::X509::Store.new
145
145
  # Setup the connection for making requests to the server.
@@ -177,11 +177,11 @@ module Immunio
177
177
 
178
178
  def log_error(e)
179
179
  if @error_count == 1
180
- Immunio.logger.warn "Connection failed after #{@success_count} successes: #{e} (#{e.class})"
180
+ Immunio.logger.warn { "Connection failed after #{@success_count} successes: #{e} (#{e.class})" }
181
181
  else
182
- Immunio.logger.warn "Connection failure [#{@error_count}]: #{e} (#{e.class})"
182
+ Immunio.logger.warn { "Connection failure [#{@error_count}]: #{e} (#{e.class})" }
183
183
  end
184
- Immunio.logger.debug e.backtrace.join("\n")
184
+ Immunio.logger.debug { e.backtrace.join("\n") }
185
185
  end
186
186
 
187
187
  def exponential_backoff()
@@ -195,7 +195,7 @@ module Immunio
195
195
  delay_ms *= rand
196
196
  delay_ms = delay_ms.round
197
197
 
198
- Immunio.logger.info "Delaying #{delay_ms} ms before next request"
198
+ Immunio.logger.info { "Delaying #{delay_ms} ms before next request" }
199
199
  sleep delay_ms / 1000.0
200
200
  end
201
201
 
@@ -236,7 +236,7 @@ module Immunio
236
236
  raise Error, "No URL in HELLO response: #{response.body}"
237
237
  end
238
238
 
239
- Immunio.logger.info "Agent connected to #{@config.hello_url}"
239
+ Immunio.logger.info { "Agent connected to #{@config.hello_url}" }
240
240
  end
241
241
 
242
242
  # Execute a block for at max a given time to match `@config.max_report_interval`.
@@ -275,8 +275,8 @@ module Immunio
275
275
  if send_buffer_has_room used_bytes
276
276
  add_to_send_buffer @next_message
277
277
  else
278
- Immunio.logger.warn "Dropped message over max byte send size, next message size #{@next_message.bytesize}"
279
- Immunio.logger.debug "Dropped next message used: #{used_bytes} over max byte: #{@next_message}"
278
+ Immunio.logger.warn { "Dropped message over max byte send size, next message size #{@next_message.bytesize}" }
279
+ Immunio.logger.debug { "Dropped next message used: #{used_bytes} over max byte: #{@next_message}" }
280
280
  @dropped_message_count += 1
281
281
  end
282
282
  @next_message = nil
@@ -388,7 +388,7 @@ module Immunio
388
388
  if response.status >= 400 and response.status < 500 then
389
389
  # 4XX response codes should NOT be retried. Discard the report.
390
390
  @rejected_message_count += @send_buffer.size
391
- Immunio.logger.trace "Rejecting #{@send_buffer.size} messages"
391
+ Immunio.logger.trace { "Rejecting #{@send_buffer.size} messages" }
392
392
  @send_buffer = []
393
393
  @send_buffer_bytes = 0
394
394
 
@@ -409,7 +409,7 @@ module Immunio
409
409
  # Update local data from response
410
410
  new_agent_uuid = body["agent_uuid"]
411
411
  if new_agent_uuid
412
- Immunio.logger.info "Agent UUID: #{new_agent_uuid}" if new_agent_uuid != @agent_uuid
412
+ Immunio.logger.info { "Agent UUID: #{new_agent_uuid}" } if new_agent_uuid != @agent_uuid
413
413
  @agent_uuid = new_agent_uuid
414
414
  end
415
415
  @send_seq += @send_buffer.size
@@ -544,7 +544,7 @@ module Immunio
544
544
  name = params.size.to_s
545
545
  end
546
546
 
547
- Immunio.logger.debug "Adding ActiveRecord SQL param to relation #{relation_id} (name: #{name}, value: #{value})"
547
+ Immunio.logger.debug { "Adding ActiveRecord SQL param to relation #{relation_id} (name: #{name}, value: #{value})" }
548
548
 
549
549
  params[name] = value
550
550
  end
@@ -582,14 +582,14 @@ module Immunio
582
582
  # to a statement.
583
583
  def call(payload)
584
584
  Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
585
- Immunio.logger.debug "New ActiveRecord SQL query: #{payload}"
585
+ Immunio.logger.debug { "New ActiveRecord SQL query: #{payload}" }
586
586
 
587
587
  connection_id = payload[:connection_id]
588
588
 
589
589
  relation_id = @relations[connection_id].last
590
590
 
591
591
  if should_ignore? payload[:sql]
592
- Immunio.logger.debug "Ignoring query as it was generated by ActiveRecord itself (#{payload[:sql]})"
592
+ Immunio.logger.debug { "Ignoring query as it was generated by ActiveRecord itself (#{payload[:sql]})" }
593
593
  return
594
594
  end
595
595
 
@@ -52,7 +52,7 @@ if defined? Authlogic
52
52
  def immunio_check_failed_login
53
53
  if errors.any?
54
54
  Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
55
- Immunio.logger.debug "Authlogic instrumentation fired for before_failure with opts #{opts}"
55
+ Immunio.logger.debug { "Authlogic instrumentation fired for before_failure with opts #{opts}" }
56
56
  Immunio.failed_login opts
57
57
  end
58
58
  end
@@ -60,14 +60,14 @@ if defined? Authlogic
60
60
 
61
61
  def immunio_logout
62
62
  Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
63
- Immunio.logger.debug "Authlogic instrumentation fired for logout with opts #{opts}"
63
+ Immunio.logger.debug { "Authlogic instrumentation fired for logout with opts #{opts}" }
64
64
  Immunio.logout opts
65
65
  end
66
66
  end
67
67
 
68
68
  def immunio_set_user
69
69
  Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
70
- Immunio.logger.debug "Authlogic instrumentation fired for after_set_user with opts #{opts}"
70
+ Immunio.logger.debug { "Authlogic instrumentation fired for after_set_user with opts #{opts}" }
71
71
  Immunio.set_user opts
72
72
  end
73
73
  end
@@ -9,7 +9,7 @@ module Immunio
9
9
  protected
10
10
  def verify_authenticity_token_with_immunio
11
11
  Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
12
- Immunio.logger.debug "ActiveSupport checking CSRF token"
12
+ Immunio.logger.debug { "ActiveSupport checking CSRF token" }
13
13
 
14
14
  Immunio.run_hook! "csrf", "framework_csrf_check", valid: verified_request?
15
15
 
@@ -18,7 +18,7 @@ if defined? Devise
18
18
 
19
19
  def send_reset_password_instructions_with_immunio(attributes={})
20
20
  Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
21
- Immunio.logger.debug "Devise instrumentation fired for send_reset_password_instructions"
21
+ Immunio.logger.debug { "Devise instrumentation fired for send_reset_password_instructions" }
22
22
 
23
23
  recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
24
24
 
@@ -40,5 +40,5 @@ end
40
40
  if Immunio::agent.plugin_enabled?("eval") then
41
41
  Kernel.send :include, Immunio::KernelEvalHook
42
42
  Kernel.extend Immunio::KernelEvalHook
43
- Immunio.logger.debug "Eval: All hooks installed."
43
+ Immunio.logger.debug { "Eval: All hooks installed." }
44
44
  end
@@ -10,7 +10,7 @@ module Immunio
10
10
  def call(env)
11
11
  status, headers, body = @app.call(env)
12
12
  if Request.current
13
- Immunio.logger.debug "Finishing request in HTTPFinisher"
13
+ Immunio.logger.debug { "Finishing request in HTTPFinisher" }
14
14
  [status, headers, BodyWrapper.new(body)]
15
15
  else
16
16
  [status, headers, body]
@@ -47,4 +47,4 @@ module Immunio
47
47
  @body.respond_to?(*args)
48
48
  end
49
49
  end
50
- end
50
+ end
@@ -11,7 +11,7 @@ module Immunio
11
11
  def call(env)
12
12
  request = Request.new(env)
13
13
  request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
14
- Immunio.logger.debug "Creating new request in HTTPTracker"
14
+ Immunio.logger.debug { "Creating new request in HTTPTracker" }
15
15
  Immunio.new_request(request)
16
16
 
17
17
  Immunio.run_hook! "http_tracker", "http_request_start", meta_from_env(env)
@@ -17,7 +17,7 @@ module Immunio
17
17
  end # end
18
18
  end # end
19
19
  EOF
20
- Immunio.logger.debug "IO: successfully chained #{name} #{methods}"
20
+ Immunio.logger.debug { "IO: successfully chained #{name} #{methods}" }
21
21
  methods.each do |method|
22
22
  mod.class_eval <<-EOF
23
23
  def #{method}_with_immunio(*args, &block) # def read_with_immunio(*args, &block)
@@ -35,7 +35,7 @@ module Immunio
35
35
  end
36
36
  end # end
37
37
  EOF
38
- Immunio.logger.debug "IO: successfully created hook for #{name} #{method}"
38
+ Immunio.logger.debug { "IO: successfully created hook for #{name} #{method}" }
39
39
  end
40
40
  end
41
41
  end
@@ -43,7 +43,7 @@ module Immunio
43
43
  module IOClassHooks
44
44
  IOHooks.inject self, "IO.", %w( read write binread binwrite readlines sysopen copy_stream popen )
45
45
  end
46
- Immunio.logger.debug "IO: IOClassHooks created: #{IOClassHooks}"
46
+ Immunio.logger.debug { "IO: IOClassHooks created: #{IOClassHooks}" }
47
47
 
48
48
  module KernelModuleHooks
49
49
  # exec() is not included currently as it replaces the running process
@@ -72,19 +72,19 @@ module Immunio
72
72
  Kernel.send :alias_method, :backtick_without_immunio, :`
73
73
  Kernel.send :alias_method, :`, :backtick_with_immunio
74
74
  end
75
- Immunio.logger.debug "Shell: KernelModuleHooks created: #{KernelModuleHooks}"
75
+ Immunio.logger.debug { "Shell: KernelModuleHooks created: #{KernelModuleHooks}" }
76
76
 
77
77
  module FileClassHooks
78
78
  IOHooks.inject self, "File.", %w( new open )
79
79
  end
80
- Immunio.logger.debug "IO: FileClassHooks created: #{FileClassHooks}"
80
+ Immunio.logger.debug { "IO: FileClassHooks created: #{FileClassHooks}" }
81
81
  end
82
82
 
83
83
  # Add FileIO hooks if enabled
84
84
  if Immunio.agent.plugin_enabled?("file_io")
85
85
  IO.extend Immunio::IOClassHooks
86
86
  File.extend Immunio::FileClassHooks
87
- Immunio.logger.debug "IO: All hooks installed."
87
+ Immunio.logger.debug { "IO: All hooks installed." }
88
88
  end
89
89
 
90
90
  # Add Kernel hooks if enabled
@@ -92,5 +92,5 @@ if Immunio.agent.plugin_enabled?("shell_command")
92
92
  # Both are necessary to hook calling both Kernel.open() and open() etc.
93
93
  Kernel.send :include, Immunio::KernelModuleHooks
94
94
  Kernel.extend Immunio::KernelModuleHooks
95
- Immunio.logger.debug "Shell: All hooks installed."
95
+ Immunio.logger.debug { "Shell: All hooks installed." }
96
96
  end
@@ -10,7 +10,7 @@ module Immunio
10
10
 
11
11
  protected
12
12
  def redirect_to_with_immunio(options = {}, response_status = {})
13
- Immunio.logger.debug "ActiveSupport checking redirect."
13
+ Immunio.logger.debug { "ActiveSupport checking redirect." }
14
14
  Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
15
15
  # redirect_to excepts a variety of argument types
16
16
  # but the only one that creates a absolute URL redirect
@@ -38,5 +38,5 @@ end
38
38
 
39
39
  if Immunio::agent.plugin_enabled?("redirect") then
40
40
  ActionController::Base.send :include, Immunio::RedirectHook
41
- Immunio.logger.debug "Redirect: All hooks installed."
41
+ Immunio.logger.debug { "Redirect: All hooks installed." }
42
42
  end
@@ -9,7 +9,7 @@ end
9
9
  if defined?(Warden)
10
10
  Warden::Manager.after_authentication do |user|
11
11
  Immunio::Request.time "plugin", "Warden::Manager.after_authentication" do
12
- Immunio.logger.debug "Warden instrumentation fired for after_authentication"
12
+ Immunio.logger.debug { "Warden instrumentation fired for after_authentication" }
13
13
  Immunio.login user_record: user, plugin: "warden"
14
14
  end
15
15
  end
@@ -32,25 +32,24 @@ if defined?(Warden)
32
32
  # there's no easy way to tell why. If we can't figure out who the
33
33
  # attempted user was, don't report it as a failed login.
34
34
  if user_found
35
- Immunio.logger.debug "Warden instrumentation fired for before_failure"
35
+ Immunio.logger.debug { "Warden instrumentation fired for before_failure" }
36
36
  Immunio.failed_login info
37
37
  else
38
- Immunio.logger.debug "Failed to find user info for Warden failure, "\
39
- "ignoring instead of reporting as failed login"
38
+ Immunio.logger.debug { "Failed to find user info for Warden failure, ignoring instead of reporting as failed login" }
40
39
  end
41
40
  end
42
41
  end
43
42
 
44
43
  Warden::Manager.after_set_user do |user|
45
44
  Immunio::Request.time "plugin", "Warden::Manager.after_set_user" do
46
- Immunio.logger.debug "Warden instrumentation fired for after_set_user"
45
+ Immunio.logger.debug { "Warden instrumentation fired for after_set_user" }
47
46
  Immunio.set_user user_record: user, plugin: "warden"
48
47
  end
49
48
  end
50
49
 
51
50
  Warden::Manager.before_logout do |user|
52
51
  Immunio::Request.time "plugin", "Warden::Manager.before_logout" do
53
- Immunio.logger.debug "Warden instrumentation fired for before_logout"
52
+ Immunio.logger.debug { "Warden instrumentation fired for before_logout" }
54
53
  Immunio.logout user_record: user, plugin: "warden"
55
54
  end
56
55
  end
@@ -99,7 +99,7 @@ module Immunio
99
99
  def finish_request
100
100
  request = Request.current
101
101
  if request
102
- Immunio.logger.debug "Finishing request #{request.id}"
102
+ Immunio.logger.debug { "Finishing request #{request.id}" }
103
103
  aggregate_timings(request.timings)
104
104
  ActiveSupport::Notifications.publish "immunio.finish_request", request
105
105
  @channel.send_encoded_message request.encode if request.should_report?
@@ -129,7 +129,7 @@ module Immunio
129
129
 
130
130
  # If there is no registered handler, just log the hook and return.
131
131
  unless request.vm.has_function? hook
132
- Immunio.logger.debug "No hook code for '#{hook}' to run for request #{request.id}"
132
+ Immunio.logger.debug { "No hook code for '#{hook}' to run for request #{request.id}" }
133
133
  return {}
134
134
  end
135
135
 
@@ -147,9 +147,9 @@ module Immunio
147
147
  }
148
148
 
149
149
  begin
150
- Immunio.logger.debug "Running #{hook} hook for request #{request.id} with global values: #{globals}"
150
+ Immunio.logger.debug { "Running #{hook} hook for request #{request.id} with global values: #{globals}" }
151
151
  rescue Encoding::CompatibilityError
152
- Immunio.logger.debug "Running #{hook} hook for request #{request.id} (can't log global values due to encoding incompatibility)"
152
+ Immunio.logger.debug { "Running #{hook} hook for request #{request.id} (can't log global values due to encoding incompatibility)" }
153
153
  end
154
154
 
155
155
  # Run the hook code in the VM and time the execution.
@@ -199,7 +199,7 @@ module Immunio
199
199
 
200
200
  # Raise if not allowed (default to allow)
201
201
  if !result.fetch("allow", true)
202
- Immunio.logger.debug "Blocking request due to hook response"
202
+ Immunio.logger.debug { "Blocking request due to hook response" }
203
203
  raise RequestBlocked, "The request was blocked by the Immunio agent"
204
204
  end
205
205
 
@@ -212,8 +212,8 @@ module Immunio
212
212
  end
213
213
 
214
214
  def log_and_send_error(e, message="Error", info={})
215
- Immunio.logger.warn "#{message}: #{e.message}"
216
- Immunio.logger.warn "Stack: #{e.backtrace}"
215
+ Immunio.logger.warn { "#{message}: #{e.message}" }
216
+ Immunio.logger.warn { "Stack: #{e.backtrace}" }
217
217
 
218
218
  # Re-raise in dev mode before we send it to the backend.
219
219
  raise e if @dev_mode