immunio 1.1.15 → 1.1.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/immunio/plugins/action_dispatch.rb +101 -5
- data/lib/immunio/plugins/active_record.rb +2 -3
- data/lib/immunio/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8a87728c00394abac56d459bdcc7ea86553a716f
|
4
|
+
data.tar.gz: fbd84915ed83ee4fa2e51ab71311c3ba10eb95d9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d148db1912d727214674e848b73cf696f524e54102e134ccd34967375da99e808c2ae3cbd15c166f9c08642c13678416d0ec260a891ba9684f76347d1554e8cc
|
7
|
+
data.tar.gz: 78d2e33446b767e2f1f21214268211ad212ee270cc0399a373ab04bf82161fbe0ef28e36a4608fec8a8a2ff9185b6a6d83c92a9da3fd63da2cdae74d6b633ee8
|
@@ -16,21 +16,108 @@ module Immunio
|
|
16
16
|
def lookup_with_immunio(name)
|
17
17
|
Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
|
18
18
|
raw_cookie_value = @parent_jar[name]
|
19
|
-
|
19
|
+
|
20
|
+
cookie_value = Request.pause(
|
21
|
+
'plugin',
|
22
|
+
"#{Module.nesting[0]}::#{__method__}") do
|
20
23
|
lookup_without_immunio(name)
|
21
24
|
end
|
25
|
+
|
22
26
|
if !raw_cookie_value.nil? and cookie_value.nil?
|
23
|
-
Immunio.run_hook!
|
24
|
-
|
27
|
+
Immunio.run_hook!(
|
28
|
+
'action_dispatch',
|
29
|
+
'bad_cookie',
|
30
|
+
key: name,
|
31
|
+
value: raw_cookie_value)
|
25
32
|
end
|
33
|
+
|
26
34
|
cookie_value
|
27
35
|
end
|
28
36
|
end
|
29
37
|
end
|
38
|
+
|
39
|
+
module ParamsHooks
|
40
|
+
extend ActiveSupport::Concern
|
41
|
+
|
42
|
+
included do
|
43
|
+
if method_defined? :request_parameters
|
44
|
+
Immunio::Utils.alias_method_chain self, :request_parameters, :immunio
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
protected
|
49
|
+
|
50
|
+
# Convert key/values for lua
|
51
|
+
#
|
52
|
+
# hi: 'ho'
|
53
|
+
# -> 'hi' => ['ho']
|
54
|
+
#
|
55
|
+
# array: ['c', 'd']
|
56
|
+
# -> 'array' => ['c', 'd']
|
57
|
+
#
|
58
|
+
# hash: { foo: ['bar', 'baz'] }
|
59
|
+
# -> 'hash[foo]' => ['bar', 'baz']
|
60
|
+
#
|
61
|
+
# user: {
|
62
|
+
# name: 'john',
|
63
|
+
# email: 'john@example.com',
|
64
|
+
# address_attributes: {
|
65
|
+
# city: 'Montreal',
|
66
|
+
# id: '1'
|
67
|
+
# }
|
68
|
+
# }
|
69
|
+
# }
|
70
|
+
#
|
71
|
+
# is transformed to key/value pairs:
|
72
|
+
#
|
73
|
+
# 'user[name]' => ['john'],
|
74
|
+
# 'user[email]' => ['john@example.com'],
|
75
|
+
# 'user[address_attributes][city]' => ['Montreal'],
|
76
|
+
# 'user[address_attributes][id]' => ['1']
|
77
|
+
#
|
78
|
+
def convert_value(hash, key, value, nested_keys = nil)
|
79
|
+
# Filter out UploadedFile.
|
80
|
+
unless value.respond_to?(:open)
|
81
|
+
if value.respond_to?(:keys)
|
82
|
+
nested = nested_keys ? nested_keys : "#{key}"
|
83
|
+
value.each do |k, val|
|
84
|
+
if val.respond_to?(:keys)
|
85
|
+
convert_value(hash, k, val, nested + "[#{k}]")
|
86
|
+
else
|
87
|
+
hash["#{nested}[#{k}]"] = [val].flatten
|
88
|
+
end
|
89
|
+
end
|
90
|
+
else
|
91
|
+
hash[key] = [value].flatten
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
96
|
+
def request_parameters_with_immunio
|
97
|
+
params = request_parameters_without_immunio
|
98
|
+
|
99
|
+
Request.time 'plugin', "#{Module.nesting[0]}::#{__method__}" do
|
100
|
+
if params.any?
|
101
|
+
filtered = {}.tap do |hash|
|
102
|
+
params.each do |key, value|
|
103
|
+
convert_value(hash, key, value)
|
104
|
+
end
|
105
|
+
end
|
106
|
+
Immunio.run_hook!(
|
107
|
+
'action_dispatch',
|
108
|
+
'framework_input_params',
|
109
|
+
params: filtered)
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
params
|
114
|
+
end
|
115
|
+
end
|
30
116
|
end
|
31
117
|
|
32
|
-
Immunio::Plugin.load
|
33
|
-
|
118
|
+
Immunio::Plugin.load(
|
119
|
+
'ActionDispatch (Cookie)',
|
120
|
+
hooks: %w(bad_cookie)) do |plugin|
|
34
121
|
|
35
122
|
class ActionDispatch::Cookies
|
36
123
|
if defined? SignedCookieJar
|
@@ -52,3 +139,12 @@ Immunio::Plugin.load 'ActionDispatch (Cookie)',
|
|
52
139
|
|
53
140
|
plugin.loaded! ActionPack::VERSION::STRING
|
54
141
|
end
|
142
|
+
|
143
|
+
Immunio::Plugin.load(
|
144
|
+
'ActionDispatch (Params)',
|
145
|
+
hooks: %w(framework_input_params)) do |plugin|
|
146
|
+
|
147
|
+
ActionDispatch::Request.send :include, Immunio::ParamsHooks
|
148
|
+
|
149
|
+
plugin.loaded! ActionPack::VERSION::STRING
|
150
|
+
end
|
@@ -608,19 +608,18 @@ module Immunio
|
|
608
608
|
# possible due to how we wrap things, but there's no explicit
|
609
609
|
# guarantee.
|
610
610
|
relation_data = @relation_data[relation_id]
|
611
|
-
params = relation_data[:params].clone
|
612
611
|
context_data = (relation_data[:relation_data] + relation_data[:ast_data]).join "\n"
|
613
612
|
|
614
613
|
# modifiers must be cloned because it will be cleared when the
|
615
614
|
# relation is reset.
|
616
615
|
modifiers = relation_data[:modifiers].clone
|
617
616
|
else
|
618
|
-
params = {}
|
619
617
|
context_data = nil
|
620
618
|
modifiers = {}
|
621
619
|
end
|
622
620
|
|
623
|
-
# Merge bound values
|
621
|
+
# Merge bound values into params
|
622
|
+
params = {}
|
624
623
|
question_marks = 0
|
625
624
|
payload[:binds].each do |(column, value)|
|
626
625
|
if column.nil?
|
data/lib/immunio/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: immunio
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.16
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Immunio
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-05-
|
11
|
+
date: 2017-05-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|