immunio 1.1.1 → 1.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 88d0c7506de87c39b6c0c7dc765cb55da4948b64
-  data.tar.gz: d38d7b83f8652eae78201c954215bf715fed31df
+  metadata.gz: 877a290ccd60b4a6e46fff24968cd223fae6ac56
+  data.tar.gz: 5e4c68c451a27e7de6590499dd427485d05ab577
 SHA512:
-  metadata.gz: 98a9fddf1a26d59bd4491350613a2e016f9b4cc0697b038f96144793f33e9d01e88cafd1cf4d8ed92874e651d7af730eab7b87e73b814488cc0c17281ddae9e0
-  data.tar.gz: 75a136f01c2ffe9bec4fda596502df66adbd2e858e25b7f8c04d5dda6653e57a2162f43601bc5e5bbe0c92d78904823443ecb9d7265a2ee9abcda74379894dc2
+  metadata.gz: 88c2d9d8c86bd24fa028e1c092524617f3bbc2e271f3fae53c50c8ae45f3ab6d5b1f5b8c1846be8fa7ede95441121426355b5960ed174269712a14f06883c9e6
+  data.tar.gz: 7a7bdc7a6cc3d85f5f226a8017061d22dda0bd9f9a6aeaae146f5f8df80b6f8d1e79b533bba2525e2ce8b245ebf52d9cb85e46d3221af0107b427114c1f421ea

data/lib/immunio.rb

@@ -5,6 +5,7 @@ module Immunio
     require_relative "immunio/utils"
     require_relative "immunio/agent"
     require_relative "immunio/authentication"
+    require_relative "immunio/plugin"
 
     agent # Force load agent
   end

data/lib/immunio/agent.rb

@@ -70,8 +70,6 @@ module Immunio
     # purposes.
     config_accessor :vm_data
 
-    attr_reader :plugins
-
     def initialize
       Immunio.logger.info { "Initializing agent version #{VERSION} for process #{Process.pid}" }
 
@@ -104,8 +102,6 @@ module Immunio
       # Be sure all config attributes have a type before this call:
       load_config
 
-      setup_plugin_registry
-
       Immunio::switch_to_real_logger(config.log_file, config.log_level)
 
       if !config.agent_enabled then
@@ -235,75 +231,6 @@ module Immunio
     def environment=(environment)
       @processor.environment = environment
     end
-
-    def register_plugin(name, version = nil)
-      @plugins[name] = {} unless @plugins.has_key?(name)
-      @plugins[name]['status'] = 'loaded'
-      @plugins[name]['version'] = version if version
-
-      Immunio.logger.info do
-        "Registering plugin '#{name}' => '#{@plugins[name]}'"
-      end
-    end
-
-    RECOGNIZED_PLUGINS = [
-      ## action_dispatch
-      'ActionDispatch::Cookies::SignedCookieJar',
-      'ActionDispatch::Cookies::UpgradeLegacySignedCookieJar',
-      'ActionDispatch::Cookies::EncryptedCookieJar',
-      'ActionDispatch::Cookies::UpgradeLegacyEncryptedCookieJar',
-
-      ## action_view
-      'ActionView::Template::Handlers::Erubis',
-      'Haml::Compiler',
-      'Hash',
-      'ActionView::TemplateRenderer',
-      'ActionView::Template',
-      'ActionController::Caching::Fragments',
-
-      ## active_record
-      'ActiveRecord',
-      'ActiveRecord::ConnectionAdapters::Mysql2Adapter',
-      'ActiveRecord::ConnectionAdapters::MysqlAdapter',
-      'ActiveRecord::ConnectionAdapters::PostgreSQLAdapter',
-      'ActiveRecord::ConnectionAdapters::SQLite3Adapter',
-      'ActiveRecord::ConnectionAdapters::SQLiteAdapter',
-      'ActiveRecord::Sanitization',
-      'Arel::Visitors::ToSql',
-      'ActiveRecord::ConnectionAdapters::AbstractAdapter',
-
-      ## active_record_relation
-      'ActiveRecord::Relation',
-      'ActiveRecord::SpawnMethods',
-      'ActiveRecord::Querying',
-      'ActiveRecord::StatementCache',
-      'ActiveRecord::Associations::HasManyThroughAssociation',
-
-      'Authlogic',
-      'ActionController (CSRF)',
-      'Devise',
-      'Kernel (Eval)',
-      'Immunio::HTTPFinisher',
-      'Immunio::HTTPTracker',
-
-      ## io
-      'IO',
-      'File',
-      'Kernel (Module)',
-
-      'ActionController (Redirect)',
-      'Warden'
-    ].freeze
-
-    private
-
-    def setup_plugin_registry
-      @plugins = {}
-
-      RECOGNIZED_PLUGINS.each do |name|
-        @plugins[name] = { 'status' => 'pending' }
-      end
-    end
   end
 
   AGENT_INIT_MUTEX = Mutex.new

data/lib/immunio/plugin.rb

@@ -0,0 +1,94 @@
+require "msgpack"
+
+module Immunio
+  # Holds the status of a plugin.
+  #
+  # A plugin can have one of four statuses:
+  #
+  # - pending: initial state, waiting to be loaded
+  # - loaded: successfully loaded
+  # - failed: error while loading
+  # - disabled: disabled in config, will never be loaded
+  #
+  # Each registered plugin is reported to the backend via the `EnvironmentReporter`.
+  class Plugin
+    attr_reader :status
+    attr_accessor :version
+
+    def initialize(name)
+      @name = name
+      @status = 'pending'
+      @version = nil
+    end
+
+    def loaded!(version)
+      @status = 'loaded'
+      @version = version
+      Immunio.logger.debug "Plugin #{@name} v#{version} loaded successfully"
+    end
+
+    def disabled!
+      @status = 'disabled'
+      Immunio.logger.debug "Plugin #{@name} is disabled"
+    end
+
+    def failed!(error)
+      @status = 'failed'
+      Immunio.logger.error "Plugin #{@name} failed to load: #{error}"
+    end
+
+    def inspect
+      "<#{self.class} name=#{@name.inspect} status=#{@status.inspect} version=#{@version.inspect}>"
+    end
+
+    def to_msgpack(packer)
+      packer.write_map_header 2
+      # `name` is provided as the key in `registered`
+      packer.write('status').write(@status)
+      packer.write('version').write(@version)
+    end
+
+    def self.registered
+      @registered ||= {}
+    end
+
+    # DSL to register a plugin, its status and version.
+    #
+    # A `feature` name can be passed to determine if the plugin should be enabled. If the
+    # plugin is disabled, the block will not run.
+    #
+    # You MUST explicitly call `plugin.loaded!` in the block to indicate that the plugin was
+    # loaded successfully, or else it will be kept as 'pending'.
+    #
+    # Eg.:
+    #
+    #   Immunio::Plugin.load 'SomePluginName', feature: 'xss' do |plugin|
+    #     if defined? SomePlugin
+    #       # Your loading code here ...
+    #       plugin.loaded! SomePluginName::VERSION
+    #     end
+    #   end
+    #
+    def self.load(name, options = {})
+      if options.key? :feature
+        enabled = Immunio.agent.plugin_enabled?(options[:feature])
+      else
+        enabled = true
+      end
+
+      plugin = registered[name] = new(name)
+
+      unless enabled # plugin is disabled
+        plugin.disabled!
+        return
+      end
+
+      Immunio.logger.debug "Loading plugin #{name} ..."
+      begin
+        yield plugin
+      rescue StandardError, LoadError => e
+        plugin.failed! e
+      end
+    end
+  end
+end

data/lib/immunio/plugins/action_dispatch.rb

@@ -29,36 +29,23 @@ module Immunio
   end
 end
 
-class ActionDispatch::Cookies
-  if defined? SignedCookieJar
-    SignedCookieJar.send :include, Immunio::CookieHooks
-
-    Immunio.agent.register_plugin(
-      'ActionDispatch::Cookies::SignedCookieJar',
-      ActionPack::VERSION::STRING)
-  end
-
-  if defined? UpgradeLegacySignedCookieJar
-    UpgradeLegacySignedCookieJar.send :include, Immunio::CookieHooks
-
-    Immunio.agent.register_plugin(
-      'ActionDispatch::Cookies::UpgradeLegacySignedCookieJar',
-      ActionPack::VERSION::STRING)
-  end
-
-  if defined? EncryptedCookieJar
-    EncryptedCookieJar.send :include, Immunio::CookieHooks
+Immunio::Plugin.load 'ActionDispatch (Cookie)' do |plugin|
+  class ActionDispatch::Cookies
+    if defined? SignedCookieJar
+      SignedCookieJar.send :include, Immunio::CookieHooks
+    end
 
-    Immunio.agent.register_plugin(
-      'ActionDispatch::Cookies::EncryptedCookieJar',
-      ActionPack::VERSION::STRING)
-  end
+    if defined? UpgradeLegacySignedCookieJar
+      UpgradeLegacySignedCookieJar.send :include, Immunio::CookieHooks
+    end
 
-  if defined? UpgradeLegacyEncryptedCookieJar
-    UpgradeLegacyEncryptedCookieJar.send :include, Immunio::CookieHooks
+    if defined? EncryptedCookieJar
+      EncryptedCookieJar.send :include, Immunio::CookieHooks
+    end
 
-    Immunio.agent.register_plugin(
-      'ActionDispatch::Cookies::UpgradeLegacyEncryptedCookieJar',
-      ActionPack::VERSION::STRING)
+    if defined? UpgradeLegacyEncryptedCookieJar
+      UpgradeLegacyEncryptedCookieJar.send :include, Immunio::CookieHooks
+    end
   end
+  plugin.loaded! ActionPack::VERSION::STRING
 end

data/lib/immunio/plugins/action_view.rb

@@ -531,51 +531,33 @@ module Immunio
   end
 end
 
-# Add XSS hooks if enabled
-if Immunio::agent.plugin_enabled?("xss") then
-  action_view_version =
-    if ActionView.respond_to?(:version)
-      ActionView.version.to_s
-    else
-      Rails.version
-    end
+# Load the plugins
 
-  # Hook into template engines.
+Immunio::Plugin.load 'Erubis', feature: 'xss' do |plugin|
   ActionView::Template::Handlers::Erubis.send :include, Immunio::ErubisHooks
+  plugin.loaded! Rails.version
+end
 
-  Immunio.agent.register_plugin(
-    'ActionView::Template::Handlers::Erubis',
-    action_view_version)
-
-  ActiveSupport.on_load(:after_initialize) do
-    # Wait after Rails initialization to patch custom template engines.
+ActiveSupport.on_load(:after_initialize) do
+  # Wait after Rails initialization to patch custom template engines.
+  Immunio::Plugin.load 'Haml', feature: 'xss' do |plugin|
     if defined? Haml::Compiler
       Haml::Compiler.send :include, Immunio::HamlHooks
-      Immunio.agent.register_plugin('Haml::Compiler', Haml::VERSION)
+      plugin.loaded! Haml::VERSION
     end
-
-    Hash.send :include, Immunio::ActiveSupportHooks
-    Immunio.agent.register_plugin('Hash', RUBY_VERSION)
   end
 
-  # Hook into rendering process of Rails.
-  ActionView::TemplateRenderer.send :include, Immunio::TemplateRendererHooks
-
-  Immunio.agent.register_plugin(
-    'ActionView::TemplateRenderer',
-    action_view_version)
+  # Wait for ActiveSupport core ext to load
+  Hash.send :include, Immunio::ActiveSupportHooks
+end
 
+# Hook into rendering process of Rails.
+Immunio::Plugin.load 'ActionView', feature: 'xss' do |plugin|
+  ActionView::TemplateRenderer.send :include, Immunio::TemplateRendererHooks
   ActionView::Template.send :include, Immunio::TemplateHooks
-
-  Immunio.agent.register_plugin(
-    'ActionView::Template',
-    action_view_version)
-
   ActionController::Caching::Fragments.send(
     :include,
     Immunio::FragmentCachingHooks)
 
-  Immunio.agent.register_plugin(
-    'ActionController::Caching::Fragments',
-    action_view_version)
+  plugin.loaded! Rails.version
 end

data/lib/immunio/plugins/active_record.rb

@@ -681,66 +681,35 @@ module Immunio
   end
 end
 
-Immunio.agent.register_plugin('ActiveRecord', ActiveRecord::VERSION::STRING)
-
 # Hook into quoting methods at the highest level possible in the ancestors chain.
 # In case the quote methods were overridden in a child class.
+#
+# NOTE: ActiveRecord plugin status is set in lib/immunio/rails.rb where this file is required.
+#
 module ActiveRecord::ConnectionAdapters
   if defined? Mysql2Adapter
     Mysql2Adapter.send :include, Immunio::QuotingHooks
-
-    Immunio.agent.register_plugin(
-      'ActiveRecord::ConnectionAdapters::Mysql2Adapter',
-      ActiveRecord::VERSION::STRING)
   elsif defined? MysqlAdapter
     MysqlAdapter.send :include, Immunio::QuotingHooks
-
-    Immunio.agent.register_plugin(
-      'ActiveRecord::ConnectionAdapters::MysqlAdapter',
-      ActiveRecord::VERSION::STRING)
   end
 
   if defined? PostgreSQLAdapter
     PostgreSQLAdapter.send :include, Immunio::QuotingHooks
-
-    Immunio.agent.register_plugin(
-      'ActiveRecord::ConnectionAdapters::PostgreSQLAdapter',
-      ActiveRecord::VERSION::STRING)
   end
 
   if defined? SQLite3Adapter
     SQLite3Adapter.send :include, Immunio::QuotingHooks
-
-    Immunio.agent.register_plugin(
-      'ActiveRecord::ConnectionAdapters::SQLite3Adapter',
-      ActiveRecord::VERSION::STRING)
   elsif defined? SQLiteAdapter
     SQLiteAdapter.send :include, Immunio::QuotingHooks
-
-    Immunio.agent.register_plugin(
-      'ActiveRecord::ConnectionAdapters::SQLiteAdapter',
-      ActiveRecord::VERSION::STRING)
   end
 end
 
 module ActiveRecord::Sanitization
   ClassMethods.send :include, Immunio::SanitizeHooks
-
-  Immunio.agent.register_plugin(
-    'ActiveRecord::Sanitization',
-    ActiveRecord::VERSION::STRING)
 end
 
 Arel::Visitors::ToSql.send :include, Immunio::ArelToSqlHooks
 
-Immunio.agent.register_plugin(
-  'Arel::Visitors::ToSql',
-  ActiveRecord::VERSION::STRING)
-
 ActiveRecord::ConnectionAdapters::AbstractAdapter.send(
   :include,
   Immunio::QueryExecutionHooks)
-
-Immunio.agent.register_plugin(
-  'ActiveRecord::ConnectionAdapters::AbstractAdapter',
-  ActiveRecord::VERSION::STRING)

data/lib/immunio/plugins/active_record_relation.rb

@@ -365,34 +365,24 @@ module Immunio
   end
 end
 
+# NOTE: ActiveRecord plugin status is set in lib/immunio/rails.rb
+
 module ActiveRecord
   if defined? Relation
     Relation.send(
       :include,
       Immunio::RelationHooks)
 
-    Immunio.agent.register_plugin(
-      'ActiveRecord::Relation',
-      ActiveRecord::VERSION::STRING)
-
     if defined? SpawnMethods
       Relation.send(
         :include,
         Immunio::SpawnHooks)
-
-      Immunio.agent.register_plugin(
-        'ActiveRecord::SpawnMethods',
-        ActiveRecord::VERSION::STRING)
     end
 
     if defined? Querying
       Relation.send(
         :include,
         Immunio::QueryingHooks)
-
-      Immunio.agent.register_plugin(
-        'ActiveRecord::Querying',
-        ActiveRecord::VERSION::STRING)
     end
   end
 
@@ -400,10 +390,6 @@ module ActiveRecord
     StatementCache.send(
       :include,
       Immunio::StatementCacheHooks)
-
-    Immunio.agent.register_plugin(
-      'ActiveRecord::StatementCache',
-      ActiveRecord::VERSION::STRING)
   end
 
   module Associations
@@ -411,10 +397,6 @@ module ActiveRecord
       HasManyThroughAssociation.send(
         :include,
         Immunio::HasManyThroughAssociationHooks)
-
-      Immunio.agent.register_plugin(
-        'ActiveRecord::Associations::HasManyThroughAssociation',
-        ActiveRecord::VERSION::STRING)
     end
   end
 end

data/lib/immunio/plugins/authlogic.rb

@@ -6,79 +6,79 @@ rescue LoadError # rubocop:disable Lint/HandleExceptions
   # Ignore
 end
 
-if defined? Authlogic
-  module Immunio
-    module Authlogic
-      module SessionHooks
-        def self.included(klass)
-          klass.class_eval do
-            include InstanceMethods
-            after_create :immunio_login
-            validate :immunio_check_failed_login
-            before_destroy :immunio_logout
-            after_persisting :immunio_set_user
+Immunio::Plugin.load 'Authlogic' do |plugin|
+  if defined? Authlogic
+    module Immunio
+      module Authlogic
+        module SessionHooks
+          def self.included(klass)
+            klass.class_eval do
+              include InstanceMethods
+              after_create :immunio_login
+              validate :immunio_check_failed_login
+              before_destroy :immunio_logout
+              after_persisting :immunio_set_user
+            end
           end
-        end
-
-        module InstanceMethods
-          private
-            def opts
-              info = {plugin: "authlogic"}
 
-              if defined?(:record) && record
-                # record is set when already logged in, e.g. you are now logging out
-                info[:user_record] = record
-              elsif defined?(:attempted_record) && attempted_record
-                # attempted_record is set when attempting to log in and the user record has been fetched
-                info[:user_record] = attempted_record
-              end
+          module InstanceMethods
+            private
+              def opts
+                info = {plugin: "authlogic"}
 
-              # credentials are set when the user attempts to log in
-              if defined?(:credentials) && defined?(:login_field)
-                login = credentials[login_field.to_sym]
-                info[:username] = login if login
-              end
+                if defined?(:record) && record
+                  # record is set when already logged in, e.g. you are now logging out
+                  info[:user_record] = record
+                elsif defined?(:attempted_record) && attempted_record
+                  # attempted_record is set when attempting to log in and the user record has been fetched
+                  info[:user_record] = attempted_record
+                end
 
-              info
-            end
+                # credentials are set when the user attempts to log in
+                if defined?(:credentials) && defined?(:login_field)
+                  login = credentials[login_field.to_sym]
+                  info[:username] = login if login
+                end
 
-            def immunio_login
-              Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-                Immunio.logger.debug {"Authlogic instrumentation fired for login with opts #{opts}"}
-                Immunio.login opts
+                info
               end
-            end
 
-            def immunio_check_failed_login
-              if errors.any?
+              def immunio_login
                 Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-                  Immunio.logger.debug { "Authlogic instrumentation fired for before_failure with opts #{opts}" }
-                  Immunio.failed_login opts
+                  Immunio.logger.debug {"Authlogic instrumentation fired for login with opts #{opts}"}
+                  Immunio.login opts
                 end
               end
-            end
 
-            def immunio_logout
-              Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-                Immunio.logger.debug { "Authlogic instrumentation fired for logout with opts #{opts}" }
-                Immunio.logout opts
+              def immunio_check_failed_login
+                if errors.any?
+                  Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+                    Immunio.logger.debug { "Authlogic instrumentation fired for before_failure with opts #{opts}" }
+                    Immunio.failed_login opts
+                  end
+                end
               end
-            end
 
-            def immunio_set_user
-              Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-                Immunio.logger.debug { "Authlogic instrumentation fired for after_set_user with opts #{opts}" }
-                Immunio.set_user opts
+              def immunio_logout
+                Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+                  Immunio.logger.debug { "Authlogic instrumentation fired for logout with opts #{opts}" }
+                  Immunio.logout opts
+                end
               end
-            end
+
+              def immunio_set_user
+                Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+                  Immunio.logger.debug { "Authlogic instrumentation fired for after_set_user with opts #{opts}" }
+                  Immunio.set_user opts
+                end
+              end
+          end
         end
       end
     end
-  end
 
-  Authlogic::Session::Base.send :include, Immunio::Authlogic::SessionHooks
+    Authlogic::Session::Base.send :include, Immunio::Authlogic::SessionHooks
 
-  Immunio.agent.register_plugin(
-    'Authlogic',
-    Gem.loaded_specs['authlogic'].version.to_s)
-end
+    plugin.loaded! Gem.loaded_specs['authlogic'].version.to_s
+  end
+end

data/lib/immunio/plugins/csrf.rb

@@ -23,8 +23,7 @@ module Immunio
   end
 end
 
-ActionController::Base.send :include, Immunio::CsrfHook
-
-Immunio.agent.register_plugin(
-  'ActionController (CSRF)',
-  ActionPack::VERSION::STRING)
+Immunio::Plugin.load 'ActionController (CSRF)' do |plugin|
+  ActionController::Base.send :include, Immunio::CsrfHook
+  plugin.loaded! ActionPack::VERSION::STRING
+end

data/lib/immunio/plugins/devise.rb

@@ -6,38 +6,40 @@ rescue LoadError # rubocop:disable Lint/HandleExceptions
   # Ignore
 end
 
-if defined? Devise
-  module Immunio
-    # Hook into password recovery feature to trigger the `framework_password_reset` hook.
-    module DeviseRecoverableHooks
-      extend ActiveSupport::Concern
-
-      included do
-        Immunio::Utils.alias_method_chain self, :send_reset_password_instructions, :immunio
-      end
+Immunio::Plugin.load 'Devise' do |plugin|
+  if defined? Devise
+    module Immunio
+      # Hook into password recovery feature to trigger the `framework_password_reset` hook.
+      module DeviseRecoverableHooks
+        extend ActiveSupport::Concern
+
+        included do
+          Immunio::Utils.alias_method_chain self, :send_reset_password_instructions, :immunio
+        end
 
-      def send_reset_password_instructions_with_immunio(attributes={})
-        Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-          Immunio.logger.debug { "Devise instrumentation fired for send_reset_password_instructions" }
+        def send_reset_password_instructions_with_immunio(attributes={})
+          Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+            Immunio.logger.debug { "Devise instrumentation fired for send_reset_password_instructions" }
 
-          recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
+            recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
 
-          if recoverable.persisted? # Found
-            Immunio.password_reset user_record: recoverable, plugin: 'devise'
-          else
-            Immunio.failed_password_reset email: recoverable.email, plugin: 'devise'
-          end
+            if recoverable.persisted? # Found
+              Immunio.password_reset user_record: recoverable, plugin: 'devise'
+            else
+              Immunio.failed_password_reset email: recoverable.email, plugin: 'devise'
+            end
 
-          Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
-            send_reset_password_instructions_without_immunio(attributes)
+            Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
+              send_reset_password_instructions_without_immunio(attributes)
+            end
           end
         end
       end
     end
-  end
 
-  Devise::Models::Recoverable::ClassMethods.send :include, Immunio::DeviseRecoverableHooks
+    Devise::Models::Recoverable::ClassMethods.send :include, Immunio::DeviseRecoverableHooks
 
-  require 'devise/version'
-  Immunio.agent.register_plugin('Devise', Devise::VERSION)
-end
+    require 'devise/version'
+    plugin.loaded! Devise::VERSION
+  end
+end

data/lib/immunio/plugins/environment_reporter.rb

@@ -56,6 +56,10 @@ module Immunio
       Addrinfo.getaddrinfo(hostname, nil).first.ip_address rescue SocketError
     end
 
+    def plugins
+      Immunio::Plugin.registered
+    end
+
     def report
       @reported = true
 
@@ -76,7 +80,7 @@ module Immunio
           hostname_ip: hostname_ip,
           ips: ips
         },
-        plugins: Immunio.agent.plugins
+        plugins: plugins
       }
 
       Immunio.agent.environment = info

data/lib/immunio/plugins/eval.rb

@@ -37,9 +37,8 @@ module Immunio
   end
 end
 
-if Immunio::agent.plugin_enabled?("eval") then
+Immunio::Plugin.load 'Kernel (Eval)', feature: 'eval' do |plugin|
   Kernel.send :include, Immunio::KernelEvalHook
   Kernel.extend Immunio::KernelEvalHook
-  Immunio.logger.debug { "Eval: All hooks installed." }
-  Immunio.agent.register_plugin('Kernel (Eval)', RUBY_VERSION)
+  plugin.loaded! RUBY_VERSION
 end

data/lib/immunio/plugins/http_finisher.rb

@@ -4,7 +4,6 @@ module Immunio
   # Rack middleware running at the very end of the stack to finish HTTP requests.
   class HTTPFinisher
     def initialize(app)
-      Immunio.agent.register_plugin(self.class.name)
       @app = app
     end
 

data/lib/immunio/plugins/http_tracker.rb

@@ -5,7 +5,6 @@ module Immunio
   # Rack middleware tracking HTTP requests and responses and triggers the proper hooks.
   class HTTPTracker
     def initialize(app)
-      Immunio.agent.register_plugin(self.class.name)
       @app = app
     end
 

data/lib/immunio/plugins/io.rb

@@ -100,19 +100,16 @@ module Immunio
 end
 
 # Add FileIO hooks if enabled
-if Immunio.agent.plugin_enabled?("file_io")
+Immunio::Plugin.load 'IO', feature: 'file_io' do |plugin|
   IO.extend Immunio::IOClassHooks
   File.extend Immunio::FileClassHooks
-  Immunio.logger.debug { "IO: All hooks installed." }
-  Immunio.agent.register_plugin('IO', RUBY_VERSION)
-  Immunio.agent.register_plugin('File', RUBY_VERSION)
+  plugin.loaded! RUBY_VERSION
 end
 
 # Add Kernel hooks if enabled
-if Immunio.agent.plugin_enabled?("shell_command")
+Immunio::Plugin.load 'Kernel (shell_command)', feature: 'shell_command' do |plugin|
   # Both are necessary to hook calling both Kernel.open() and open() etc.
   Kernel.send :include, Immunio::KernelModuleHooks
   Kernel.extend Immunio::KernelModuleHooks
-  Immunio.logger.debug { "Shell: All hooks installed." }
-  Immunio.agent.register_plugin('Kernel (Module)', RUBY_VERSION)
+  plugin.loaded! RUBY_VERSION
 end

data/lib/immunio/plugins/redirect.rb

@@ -36,11 +36,8 @@ module Immunio
   end
 end
 
-if Immunio::agent.plugin_enabled?("redirect") then
+Immunio::Plugin.load 'ActionController (Redirect)', feature: 'redirect' do |plugin|
   ActionController::Base.send :include, Immunio::RedirectHook
-  Immunio.logger.debug { "Redirect: All hooks installed." }
 
-  Immunio.agent.register_plugin(
-    'ActionController (Redirect)',
-    ActionPack::VERSION::STRING)
+  plugin.loaded! ActionPack::VERSION::STRING
 end

data/lib/immunio/plugins/warden.rb

@@ -6,67 +6,69 @@ rescue LoadError # rubocop:disable Lint/HandleExceptions
   # Ignore
 end
 
-if defined?(Warden::Manager)
-  class Warden::Manager
-    after_authentication do |user|
-      Immunio::Request.time "plugin", "Warden::Manager.after_authentication" do
-        Immunio.logger.debug { "Warden instrumentation fired for after_authentication" }
-        Immunio.login user_record: user, plugin: "warden"
+Immunio::Plugin.load 'Warden' do |plugin|
+  if defined?(Warden::Manager)
+    class Warden::Manager
+      after_authentication do |user|
+        Immunio::Request.time "plugin", "Warden::Manager.after_authentication" do
+          Immunio.logger.debug { "Warden instrumentation fired for after_authentication" }
+          Immunio.login user_record: user, plugin: "warden"
+        end
       end
-    end
 
-    before_failure do |env|
-      Immunio::Request.time "plugin", "Warden::Manager.before_failure" do
-        info = {plugin: "warden"}
+      before_failure do |env|
+        Immunio::Request.time "plugin", "Warden::Manager.before_failure" do
+          info = {plugin: "warden"}
 
-        # Devise uses these specific form fields for authentication by default
-        user_found = false
-        [:username, :email].each do |attr|
-          value = env.fetch("rack.request.form_hash", {}).fetch("user", {})[attr.to_s]
-          if value
-            info[attr] = value
-            user_found = true
+          # Devise uses these specific form fields for authentication by default
+          user_found = false
+          [:username, :email].each do |attr|
+            value = env.fetch("rack.request.form_hash", {}).fetch("user", {})[attr.to_s]
+            if value
+              info[attr] = value
+              user_found = true
+            end
           end
-        end
 
-        # before_failure is called under many circumstances, but unfortunately
-        # there's no easy way to tell why. If we can't figure out who the
-        # attempted user was, don't report it as a failed login.
-        if user_found
-          Immunio.logger.debug { "Warden instrumentation fired for before_failure" }
-          Immunio.failed_login info
-        else
-          Immunio.logger.debug { "Failed to find user info for Warden failure, ignoring instead of reporting as failed login" }
+          # before_failure is called under many circumstances, but unfortunately
+          # there's no easy way to tell why. If we can't figure out who the
+          # attempted user was, don't report it as a failed login.
+          if user_found
+            Immunio.logger.debug { "Warden instrumentation fired for before_failure" }
+            Immunio.failed_login info
+          else
+            Immunio.logger.debug { "Failed to find user info for Warden failure, ignoring instead of reporting as failed login" }
+          end
         end
       end
-    end
 
-    after_set_user do |user|
-      Immunio::Request.time "plugin", "Warden::Manager.after_set_user" do
-        Immunio.logger.debug { "Warden instrumentation fired for after_set_user" }
-        Immunio.set_user user_record: user, plugin: "warden"
+      after_set_user do |user|
+        Immunio::Request.time "plugin", "Warden::Manager.after_set_user" do
+          Immunio.logger.debug { "Warden instrumentation fired for after_set_user" }
+          Immunio.set_user user_record: user, plugin: "warden"
+        end
       end
-    end
 
-    before_logout do |user|
-      Immunio::Request.time "plugin", "Warden::Manager.before_logout" do
-        Immunio.logger.debug { "Warden instrumentation fired for before_logout" }
-        Immunio.logout user_record: user, plugin: "warden"
+      before_logout do |user|
+        Immunio::Request.time "plugin", "Warden::Manager.before_logout" do
+          Immunio.logger.debug { "Warden instrumentation fired for before_logout" }
+          Immunio.logout user_record: user, plugin: "warden"
+        end
       end
-    end
 
-    # Force lookup of user info for all requests.
-    def call_with_immunio(env)
-      call_without_immunio(env)
-    ensure
-      Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-        env['warden'].user if env['warden']
+      # Force lookup of user info for all requests.
+      def call_with_immunio(env)
+        call_without_immunio(env)
+      ensure
+        Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+          env['warden'].user if env['warden']
+        end
       end
+      alias :call_without_immunio :call
+      alias :call :call_with_immunio
     end
-    alias :call_without_immunio :call
-    alias :call :call_with_immunio
-  end
 
-  require 'warden/version'
-  Immunio.agent.register_plugin('Warden', Warden::VERSION)
-end
+    require 'warden/version'
+    plugin.loaded! Warden::VERSION
+  end
+end

data/lib/immunio/rails.rb

@@ -7,17 +7,21 @@ require_relative "plugins/warden"
 
 module Immunio
   class Engine < ::Rails::Engine
-    config.app_middleware.insert 0, HTTPFinisher
-    config.app_middleware.insert_before ActionDispatch::ShowExceptions, HTTPTracker
-    config.app_middleware.insert_after ActionDispatch::DebugExceptions, ExceptionHandler
-    config.app_middleware.use EnvironmentReporter
+    Immunio::Plugin.load 'Middlewares' do |plugin|
+      config.app_middleware.insert 0, HTTPFinisher
+      config.app_middleware.insert_before ActionDispatch::ShowExceptions, HTTPTracker
+      config.app_middleware.insert_after ActionDispatch::DebugExceptions, ExceptionHandler
+      config.app_middleware.use EnvironmentReporter
+      plugin.loaded! Rails.version
+    end
 
     config.action_dispatch.rescue_responses.merge!('Immunio::RequestBlocked' => :forbidden)
 
-    if Immunio::agent.plugin_enabled?("sqli") then
+    Immunio::Plugin.load 'ActionRecord', feature: 'sqli' do |plugin|
       initializer "immunio.active_record", after: "active_record.initialize_database" do
         ActiveSupport.on_load(:active_record) do
           require_relative "plugins/active_record"
+          plugin.loaded! ActiveRecord::VERSION::STRING
         end
       end
     end

data/lib/immunio/version.rb

@@ -1,5 +1,5 @@
 module Immunio
   AGENT_TYPE = "agent-ruby"
-  VERSION = "1.1.1"
+  VERSION = "1.1.2"
   VM_VERSION = "2.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: immunio
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.1.2
 platform: ruby
 authors:
 - Immunio
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-07 00:00:00.000000000 Z
+date: 2016-10-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -138,6 +138,7 @@ files:
 - lib/immunio/errors.rb
 - lib/immunio/immunio_ca.crt
 - lib/immunio/logger.rb
+- lib/immunio/plugin.rb
 - lib/immunio/plugins/action_dispatch.rb
 - lib/immunio/plugins/action_view.rb
 - lib/immunio/plugins/active_record.rb