immunio 2.0.3 → 2.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/immunio/plugins/active_record.rb +49 -44
- data/lib/immunio/version.rb +1 -1
- data/lua-hooks/libluahooks.darwin.a +0 -0
- data/lua-hooks/libluahooks.linux.a +0 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3cbab63b96eedbb41328fdcffdfb7cfeb741c5da
|
|
4
|
+
data.tar.gz: d9fe8656a473a6622813984793e8f3c97cc4c85f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5c3c13e48ede7a6b5a805e2c1db06ed78d53d23a9a43e471d96e839700fbc8e6e505b5010e0f740ac10799aefc21f72b76496545a504fe830849139de2410830
|
|
7
|
+
data.tar.gz: 15a5c96a49d5a4324490d10fb95f981f6b559384761c455b7480e5922b433d00222d3afda3c9429084790305e1aa5f5f53c9bb7fc7370c151db0b4ee84f90363
|
|
@@ -18,35 +18,35 @@ module Immunio
|
|
|
18
18
|
if Rails::VERSION::MAJOR == 5 && Rails::VERSION::MINOR > 0
|
|
19
19
|
# Passing a column to `quote` has been deprecated in 5.0.
|
|
20
20
|
def quote_with_immunio(value)
|
|
21
|
-
Request.
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
|
|
28
|
-
quote_without_immunio(value)
|
|
21
|
+
if Request.current
|
|
22
|
+
Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
|
|
23
|
+
# Ignored empty strings and values that can't contain injections.
|
|
24
|
+
unless value.blank? || IGNORED_TYPES.include?(value.class)
|
|
25
|
+
QueryTracker.instance.add_param nil, value.to_s, object_id
|
|
26
|
+
end
|
|
29
27
|
end
|
|
30
28
|
end
|
|
29
|
+
|
|
30
|
+
quote_without_immunio(value)
|
|
31
31
|
end
|
|
32
32
|
else
|
|
33
33
|
def quote_with_immunio(value, column = nil)
|
|
34
|
-
Request.
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
# Ignored empty strings and values that can't contain injections.
|
|
42
|
-
unless value.blank? || IGNORED_TYPES.include?(value.class)
|
|
43
|
-
QueryTracker.instance.add_param column_name, value.to_s, object_id
|
|
44
|
-
end
|
|
34
|
+
if Request.current
|
|
35
|
+
Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
|
|
36
|
+
if column
|
|
37
|
+
column_name = column.name
|
|
38
|
+
else
|
|
39
|
+
column_name = nil
|
|
40
|
+
end
|
|
45
41
|
|
|
46
|
-
|
|
47
|
-
|
|
42
|
+
# Ignored empty strings and values that can't contain injections.
|
|
43
|
+
unless value.blank? || IGNORED_TYPES.include?(value.class)
|
|
44
|
+
QueryTracker.instance.add_param column_name, value.to_s, object_id
|
|
45
|
+
end
|
|
48
46
|
end
|
|
49
47
|
end
|
|
48
|
+
|
|
49
|
+
quote_without_immunio(value, column)
|
|
50
50
|
end
|
|
51
51
|
end
|
|
52
52
|
end
|
|
@@ -69,22 +69,23 @@ module Immunio
|
|
|
69
69
|
included do |base|
|
|
70
70
|
base.class_eval do
|
|
71
71
|
def sanitize_sql_array_with_immunio(ary)
|
|
72
|
-
Request.
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
|
|
84
|
-
sanitize_sql_array_without_immunio ary
|
|
72
|
+
if Request.current
|
|
73
|
+
Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
|
|
74
|
+
statement, *values = ary
|
|
75
|
+
|
|
76
|
+
# Check if rails will use some other mechanism for quoting
|
|
77
|
+
unless (values.first.is_a?(Hash) && statement =~ /:\w+/) ||
|
|
78
|
+
(statement.include?('?')) ||
|
|
79
|
+
(statement.blank?)
|
|
80
|
+
# Rails is going to use quote_string, so handle parameters
|
|
81
|
+
values.each { |value| QueryTracker.instance.add_param nil, value, connection.object_id }
|
|
82
|
+
end
|
|
85
83
|
end
|
|
86
84
|
end
|
|
85
|
+
|
|
86
|
+
sanitize_sql_array_without_immunio ary
|
|
87
87
|
end
|
|
88
|
+
|
|
88
89
|
Immunio::Utils.alias_method_chain self, :sanitize_sql_array, :immunio
|
|
89
90
|
end
|
|
90
91
|
end
|
|
@@ -98,9 +99,11 @@ module Immunio
|
|
|
98
99
|
end
|
|
99
100
|
|
|
100
101
|
def accept_with_immunio(object, *args)
|
|
101
|
-
Request.
|
|
102
|
-
|
|
103
|
-
|
|
102
|
+
if Request.current
|
|
103
|
+
Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
|
|
104
|
+
visitor = ArelNodeVisitor.new(@connection.object_id)
|
|
105
|
+
visitor.accept(object)
|
|
106
|
+
end
|
|
104
107
|
end
|
|
105
108
|
|
|
106
109
|
accept_without_immunio(object, *args)
|
|
@@ -718,13 +721,15 @@ module Immunio
|
|
|
718
721
|
|
|
719
722
|
def log_with_immunio(sql, name = "SQL", binds = [], *args)
|
|
720
723
|
# Some rails tests (in particular postresql) call :log with nil `sql`.
|
|
721
|
-
|
|
722
|
-
|
|
723
|
-
|
|
724
|
-
|
|
725
|
-
|
|
726
|
-
|
|
727
|
-
|
|
724
|
+
if sql && Request.current
|
|
725
|
+
QueryTracker.instance.call(
|
|
726
|
+
{
|
|
727
|
+
sql: sql,
|
|
728
|
+
connection_id: object_id,
|
|
729
|
+
binds: binds
|
|
730
|
+
},
|
|
731
|
+
adapter_name)
|
|
732
|
+
end
|
|
728
733
|
|
|
729
734
|
# Log and execute the query
|
|
730
735
|
log_without_immunio(sql, name, binds, *args) { yield }
|
data/lib/immunio/version.rb
CHANGED
|
Binary file
|
|
Binary file
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: immunio
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.0.
|
|
4
|
+
version: 2.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Immunio
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-02-
|
|
11
|
+
date: 2018-02-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|