immunio 0.15.3 → 0.15.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f7e8d810e6100c0e9264d9c8527a9afd7a8cf024
|
|
4
|
+
data.tar.gz: e72b700204840a28c6c226b788c8bc2be6c4ce98
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a5d26c3a038a7d761733a78aed1f0930b4aee57c4ea5b2468f0bd1b2d629a474231778c8eeba761f6e4d236d0762d242ac106f059885c8a40095ad4f3edc9cf3
|
|
7
|
+
data.tar.gz: ae779440e8c573cc90004e8ac39f3d92d2f93f0a7db72e8c751b9c68731e5bf2a736b56f107558ba6f40a3f46e4a380fb30786378b4d3cb1f2de6d39eb32f55d
|
|
@@ -89,7 +89,7 @@ module Immunio
|
|
|
89
89
|
template_sha: template_sha,
|
|
90
90
|
template_id: template_id.to_s,
|
|
91
91
|
nonce: nonce,
|
|
92
|
-
code: code,
|
|
92
|
+
code: wrap_code(code, escape: escape),
|
|
93
93
|
file: file,
|
|
94
94
|
line: line
|
|
95
95
|
}
|
|
@@ -120,7 +120,7 @@ module Immunio
|
|
|
120
120
|
else
|
|
121
121
|
content = "" if content.nil?
|
|
122
122
|
# See comment above
|
|
123
|
-
if content =~ /\{immunio-var
|
|
123
|
+
if content =~ /\{immunio-var:\d+:#{nonce}\}/ then
|
|
124
124
|
# don't add markers.
|
|
125
125
|
Immunio.logger.debug {"WARNING: ActionView not marking interpolation which already contains markers: \"#{content}\""}
|
|
126
126
|
rval = content.html_safe
|
|
@@ -238,6 +238,17 @@ module Immunio
|
|
|
238
238
|
Thread.current["immunio.rendering_stack"] ||= []
|
|
239
239
|
end
|
|
240
240
|
|
|
241
|
+
def wrap_code(code, options = {})
|
|
242
|
+
case
|
|
243
|
+
when @template.handler.is_a?(ActionView::Template::Handlers::ERB)
|
|
244
|
+
modifier = options[:escape] ? '=' : '=='
|
|
245
|
+
"<%#{modifier} #{code} %>"
|
|
246
|
+
when defined?(Haml::Plugin) && @template.handler == Haml::Plugin
|
|
247
|
+
modifier = options[:escape] ? '=' : '!='
|
|
248
|
+
"#{modifier} #{code}"
|
|
249
|
+
end
|
|
250
|
+
end
|
|
251
|
+
|
|
241
252
|
def rendering_stack
|
|
242
253
|
self.class.rendering_stack
|
|
243
254
|
end
|
|
@@ -19,13 +19,25 @@ if defined?(Warden)
|
|
|
19
19
|
info = {plugin: "warden"}
|
|
20
20
|
|
|
21
21
|
# Devise uses these specific form fields for authentication by default
|
|
22
|
+
user_found = false
|
|
22
23
|
[:username, :email].each do |attr|
|
|
23
24
|
value = env.fetch("rack.request.form_hash", {}).fetch("user", {})[attr.to_s]
|
|
24
|
-
|
|
25
|
+
if value
|
|
26
|
+
info[attr] = value
|
|
27
|
+
user_found = true
|
|
28
|
+
end
|
|
25
29
|
end
|
|
26
30
|
|
|
27
|
-
|
|
28
|
-
|
|
31
|
+
# before_failure is called under many circumstances, but unfortunately
|
|
32
|
+
# there's no easy way to tell why. If we can't figure out who the
|
|
33
|
+
# attempted user was, don't report it as a failed login.
|
|
34
|
+
if user_found
|
|
35
|
+
Immunio.logger.debug "Warden instrumentation fired for before_failure"
|
|
36
|
+
Immunio.failed_login info
|
|
37
|
+
else
|
|
38
|
+
Immunio.logger.debug "Failed to find user info for Warden failure, "\
|
|
39
|
+
"ignoring instead of reporting as failed login"
|
|
40
|
+
end
|
|
29
41
|
end
|
|
30
42
|
end
|
|
31
43
|
|
data/lib/immunio/version.rb
CHANGED
|
@@ -17,9 +17,15 @@ local ws = l.space^1
|
|
|
17
17
|
-- This is broad to both accept our placeholders and be very liberal about what may be
|
|
18
18
|
-- interpreted as an attribute to ensure we escape attributes fairly aggressively.
|
|
19
19
|
local element_chars = (l.any - '<' - '>' - '=' - '"' - "'" - ws)^1
|
|
20
|
+
|
|
20
21
|
-- Comments.
|
|
21
|
-
local comment = token(l.COMMENT, '<!--' * (l.any - '-->')^0 * P('-->')
|
|
22
|
-
|
|
22
|
+
local comment = token(l.COMMENT, '<!--' * (l.any - '-->')^0 * P('-->'))
|
|
23
|
+
|
|
24
|
+
-- IE Conditional Comments.
|
|
25
|
+
local ie_condcomment_hidden_open = token(l.COMMENT, P('<!--[') * (l.any - ']>')^0 * P(']>'))
|
|
26
|
+
local ie_condcomment_hidden_close = token(l.COMMENT, P('<![') * (l.any - ']-->')^0 * P(']-->'))
|
|
27
|
+
local ie_condcomment_revealed = token(l.COMMENT, P('<![') * (l.any - '>')^0 * P('>'))
|
|
28
|
+
local condcomment = token('condcomment', ie_condcomment_hidden_open + ie_condcomment_hidden_close + ie_condcomment_revealed)
|
|
23
29
|
|
|
24
30
|
-- Strings.
|
|
25
31
|
local sq_str = l.delimited_range("'")
|
|
@@ -69,6 +75,7 @@ local doctype = token('doctype', '<!' *
|
|
|
69
75
|
local data = token('data', (l.any - '<')^1)
|
|
70
76
|
|
|
71
77
|
M._rules = {
|
|
78
|
+
{'condcomment', condcomment}, -- must preceed comment
|
|
72
79
|
{'comment', comment},
|
|
73
80
|
{'doctype', doctype},
|
|
74
81
|
{'tag', tag},
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: immunio
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.15.
|
|
4
|
+
version: 0.15.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Immunio
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-09-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -300,7 +300,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
300
300
|
version: '0'
|
|
301
301
|
requirements: []
|
|
302
302
|
rubyforge_project:
|
|
303
|
-
rubygems_version: 2.4.5
|
|
303
|
+
rubygems_version: 2.4.5
|
|
304
304
|
signing_key:
|
|
305
305
|
specification_version: 4
|
|
306
306
|
summary: Immunio Ruby agent
|