immunio 1.0.10 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/immunio/plugins/action_view.rb +11 -0
  3. data/lib/immunio/version.rb +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: fe54e75e874948ac23bb4981980420811c7c97a3
4
- data.tar.gz: e43529302f807d4035281978c1a4b90bfa2c326c
3
+ metadata.gz: 8332f83c5bbb9111229ef4d70654b5d2d0999638
4
+ data.tar.gz: c56b6f5d45976c5025009d59e1f5c96e3215171e
5
5
  SHA512:
6
- metadata.gz: 3ee656e08aaf902244d38a03653ae3db83d68a23528b981040f2ac6c888b264bc8435db61ded6ffd463b6507199ec99fce765f2e5ec0f883ad68082163e67649
7
- data.tar.gz: 6ec875e6850070c952880d48ef282f4a0961fdd91ccba4929cc19fa9d1a4379d9fe714f3a57e3a6036c248fa714dfd5c330168077619263252d3249be4dba4fa
6
+ metadata.gz: 8116e6f37e1fa87c477f7aeec119de026bc7a4d8c6339e7892f4ad28e106d107c3eb97b6983438794fc5db356a0a39e6ac0cdb72e054957d777b5f9b7c1d8c47
7
+ data.tar.gz: 1435dd96e75d04aa24d71e54fcc6300b31608891126af5b63c29aeedb6fbb63e1dacb731b481fc1428d6d147eeadbbc5acc6fcea1ec0ed21e87213a7e2932794
data/lib/immunio/plugins/action_view.rb CHANGED
@@ -197,6 +197,17 @@ module Immunio
197
197
  if root
198
198
  # This is the root template. Let ActionView render it, and then look
199
199
  # for XSS.
200
+
201
+ # If the rendered result isn't a string, or a string-like, then let's
202
+ # skip it for safety sake.
203
+ unless rendered.respond_to? :to_str
204
+ unless $__immunio_av_rendered_non_string
205
+ Immunio.logger.warn { "ActionView rendered #{@template.inspect} to a non-string-like value: #{rendered.inspect}. This rendering will not be analyzed for XSS. Further warnings will be suppressed." }
206
+ $__immunio_av_rendered_non_string = true
207
+ end
208
+ return rendered
209
+ end
210
+
200
211
  rendered = rendered.to_str
201
212
 
202
213
  result = run_hook!("template_render_done", {
data/lib/immunio/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Immunio
2
2
  AGENT_TYPE = "agent-ruby"
3
- VERSION = "1.0.10"
3
+ VERSION = "1.0.11"
4
4
  VM_VERSION = "2.2.0"
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: immunio
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.10
4
+ version: 1.0.11
5
5
  platform: ruby
6
6
  authors:
7
7
  - Immunio
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-01-22 00:00:00.000000000 Z
11
+ date: 2016-02-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails