immunio 2.0.3 → 2.0.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 993e57dba4e7715f5c0dee11ed55f883810dd7d5
4
- data.tar.gz: 8f1f6f6cad127307bd6ea31c591d4f31fb836e76
3
+ metadata.gz: 3cbab63b96eedbb41328fdcffdfb7cfeb741c5da
4
+ data.tar.gz: d9fe8656a473a6622813984793e8f3c97cc4c85f
5
5
  SHA512:
6
- metadata.gz: 68256e36c7fc57d2358f69adb74a2cc1c112c9da4c1423401863bb7b2e533c543c1ac4007d708a13b10cc4a16253eaf0ddf02e4edec8b3dedba90d456fd46b0f
7
- data.tar.gz: 60507902a61f595c378ad8817b2b27c6ea546fb51378a5f934232ea4fef85dfb5b9a2e6b93e29104b7db07133873d75e8a625e70fb4070470c252d00894e5e75
6
+ metadata.gz: 5c3c13e48ede7a6b5a805e2c1db06ed78d53d23a9a43e471d96e839700fbc8e6e505b5010e0f740ac10799aefc21f72b76496545a504fe830849139de2410830
7
+ data.tar.gz: 15a5c96a49d5a4324490d10fb95f981f6b559384761c455b7480e5922b433d00222d3afda3c9429084790305e1aa5f5f53c9bb7fc7370c151db0b4ee84f90363
@@ -18,35 +18,35 @@ module Immunio
18
18
  if Rails::VERSION::MAJOR == 5 && Rails::VERSION::MINOR > 0
19
19
  # Passing a column to `quote` has been deprecated in 5.0.
20
20
  def quote_with_immunio(value)
21
- Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
22
- # Ignored empty strings and values that can't contain injections.
23
- unless value.blank? || IGNORED_TYPES.include?(value.class)
24
- QueryTracker.instance.add_param nil, value.to_s, object_id
25
- end
26
-
27
- Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
28
- quote_without_immunio(value)
21
+ if Request.current
22
+ Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
23
+ # Ignored empty strings and values that can't contain injections.
24
+ unless value.blank? || IGNORED_TYPES.include?(value.class)
25
+ QueryTracker.instance.add_param nil, value.to_s, object_id
26
+ end
29
27
  end
30
28
  end
29
+
30
+ quote_without_immunio(value)
31
31
  end
32
32
  else
33
33
  def quote_with_immunio(value, column = nil)
34
- Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
35
- if column
36
- column_name = column.name
37
- else
38
- column_name = nil
39
- end
40
-
41
- # Ignored empty strings and values that can't contain injections.
42
- unless value.blank? || IGNORED_TYPES.include?(value.class)
43
- QueryTracker.instance.add_param column_name, value.to_s, object_id
44
- end
34
+ if Request.current
35
+ Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
36
+ if column
37
+ column_name = column.name
38
+ else
39
+ column_name = nil
40
+ end
45
41
 
46
- Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
47
- quote_without_immunio(value, column)
42
+ # Ignored empty strings and values that can't contain injections.
43
+ unless value.blank? || IGNORED_TYPES.include?(value.class)
44
+ QueryTracker.instance.add_param column_name, value.to_s, object_id
45
+ end
48
46
  end
49
47
  end
48
+
49
+ quote_without_immunio(value, column)
50
50
  end
51
51
  end
52
52
  end
@@ -69,22 +69,23 @@ module Immunio
69
69
  included do |base|
70
70
  base.class_eval do
71
71
  def sanitize_sql_array_with_immunio(ary)
72
- Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
73
- statement, *values = ary
74
-
75
- # Check if rails will use some other mechanism for quoting
76
- unless (values.first.is_a?(Hash) && statement =~ /:\w+/) ||
77
- (statement.include?('?')) ||
78
- (statement.blank?)
79
- # Rails is going to use quote_string, so handle parameters
80
- values.each { |value| QueryTracker.instance.add_param nil, value, connection.object_id }
81
- end
82
-
83
- Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
84
- sanitize_sql_array_without_immunio ary
72
+ if Request.current
73
+ Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
74
+ statement, *values = ary
75
+
76
+ # Check if rails will use some other mechanism for quoting
77
+ unless (values.first.is_a?(Hash) && statement =~ /:\w+/) ||
78
+ (statement.include?('?')) ||
79
+ (statement.blank?)
80
+ # Rails is going to use quote_string, so handle parameters
81
+ values.each { |value| QueryTracker.instance.add_param nil, value, connection.object_id }
82
+ end
85
83
  end
86
84
  end
85
+
86
+ sanitize_sql_array_without_immunio ary
87
87
  end
88
+
88
89
  Immunio::Utils.alias_method_chain self, :sanitize_sql_array, :immunio
89
90
  end
90
91
  end
@@ -98,9 +99,11 @@ module Immunio
98
99
  end
99
100
 
100
101
  def accept_with_immunio(object, *args)
101
- Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
102
- visitor = ArelNodeVisitor.new(@connection.object_id)
103
- visitor.accept(object)
102
+ if Request.current
103
+ Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
104
+ visitor = ArelNodeVisitor.new(@connection.object_id)
105
+ visitor.accept(object)
106
+ end
104
107
  end
105
108
 
106
109
  accept_without_immunio(object, *args)
@@ -718,13 +721,15 @@ module Immunio
718
721
 
719
722
  def log_with_immunio(sql, name = "SQL", binds = [], *args)
720
723
  # Some rails tests (in particular postresql) call :log with nil `sql`.
721
- QueryTracker.instance.call(
722
- {
723
- sql: sql,
724
- connection_id: object_id,
725
- binds: binds
726
- },
727
- adapter_name) if sql
724
+ if sql && Request.current
725
+ QueryTracker.instance.call(
726
+ {
727
+ sql: sql,
728
+ connection_id: object_id,
729
+ binds: binds
730
+ },
731
+ adapter_name)
732
+ end
728
733
 
729
734
  # Log and execute the query
730
735
  log_without_immunio(sql, name, binds, *args) { yield }
@@ -1,5 +1,5 @@
1
1
  module Immunio
2
2
  AGENT_TYPE = "agent-ruby"
3
- VERSION = "2.0.3"
3
+ VERSION = "2.0.4"
4
4
  VM_VERSION = "2.2.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: immunio
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.3
4
+ version: 2.0.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Immunio
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-02-01 00:00:00.000000000 Z
11
+ date: 2018-02-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails