immunio 1.0.17 → 1.0.19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fc7a5efbb9c263035f34f492e8fe583c0cf52934
-  data.tar.gz: 20b47f8f7bfeb94639ac4a3a038375e4f57240f6
+  metadata.gz: fa6484d2fd07102fbdc20e1e0efb80e896fe7fd3
+  data.tar.gz: 1f3f3b0b1489dc425ac437f349b53b581719b4cc
 SHA512:
-  metadata.gz: 7a30dc9806867c4bddec346cd8d9273ff13ea6303a100516b373a4ca0e40cc0e6717853404d3c9dd3977ac1d9ea034d9da09689936f1e3ea9abf75573ba5b141
-  data.tar.gz: 4fefd4745286845e1c406c55228a9384c78dbe31d9f39a94d893ef922bb6d80d16fcd53a7f43d8b6732bd4f3eb9dcbc6cc5b623bed9c463f5418ede77c450030
+  metadata.gz: 12ec429dfc0384009851ae4cc9f27db31678e13a45b39974c0e72fdea2f6dbeb832aa8847bb277f5adbd2918ec385a6a4c5eef8d594d6de79e11dfbbc61ba3cc
+  data.tar.gz: 818548e67dfa6d9e954903aa2da1d2e54745541164eb3de70bbc32bac74dc58adca741fd109c346c86dc96513fa85f1877c5f07a480cd66189fb9d9eaa7b2997

data/LICENSE

@@ -187,6 +187,30 @@ subject to the following conditions:
   out of or in connection with the Software or the use or other dealings in the
   Software.
 
+This product includes content covered by the following license:
+
+The MIT License (MIT)
+
+Copyright (c) 2015 Boris Nagaev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
 
 All other components of this product are
 Copyright (c) 2015 Immunio, Inc.  All rights reserved.

data/README.md

@@ -22,9 +22,9 @@ require 'immunio'
 
 ## Configuration
 
-The agent key and secret can be configured via the `IMMUNIO_KEY` and `IMMUNIO_SECRET` environment variables.
+The agent key and secret can be configured in a configuration file at *config/immunio.yml*.
 
-Optionally, a configuration file can be provided in *config/immunio.yml* which will take precedence over the environment variables:
+Optionally, the agent key and secret can be set using the `IMMUNIO_KEY` and `IMMUNIO_SECRET` environment variables, which will take precedence.
 
 ```yaml
 key: "my-key"

data/lib/immunio/logger.rb

@@ -19,7 +19,6 @@ module Immunio
       SEV_LABEL[severity] || 'ANY'
     end
 
-  private
     SEV_LABEL = Array.new(::Logger::SEV_LABEL)
     SEV_LABEL[-1] = 'TRACE'
   end

data/lib/immunio/plugins/warden.rb

@@ -57,11 +57,11 @@ if defined?(Warden::Manager)
 
     # Force lookup of user info for all requests.
     def call_with_immunio(env)
-       call_without_immunio(env)
-     ensure
-       Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-         env['warden'].user
-       end
+      call_without_immunio(env)
+    ensure
+      Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+        env['warden'].user if env['warden']
+      end
     end
     alias :call_without_immunio :call
     alias :call :call_with_immunio

data/lib/immunio/version.rb

@@ -1,5 +1,5 @@
 module Immunio
   AGENT_TYPE = "agent-ruby"
-  VERSION = "1.0.17"
+  VERSION = "1.0.19"
   VM_VERSION = "2.2.0"
 end

data/lib/immunio_tasks/version_bump.rake

@@ -0,0 +1,44 @@
+require_relative 'version_bumper'
+
+namespace 'version' do
+  YES_TRUE_REGEX = /yes|y|true|t/
+
+  def test_mode?
+    !!(ENV.fetch('TEST', 'no').downcase =~ YES_TRUE_REGEX)
+  end
+
+  def quiet_mode?
+    !!(ENV.fetch('QUIET', 'yes').downcase =~ YES_TRUE_REGEX)
+  end
+
+  task :setup do
+    @bumper = VersionBumper.new(test_mode?, quiet_mode?)
+    @bumper.status
+    abort "You must be on a clean master branch!" unless VersionBumper.on_clean_master?
+  end
+
+  desc "Show status"
+  task :status => [ :setup ] do
+  end
+
+  namespace 'release' do
+    desc "Prepare a new release"
+    task :prepare => [ :setup ] do
+      @bumper.prepare
+    end
+  end
+
+  desc "Bump version"
+  task :bump => [ :setup ] do
+    new_version = @bumper.prompt_for_new_version
+    @bumper.ask_and_bump_version(new_version)
+  end
+
+  namespace :bump do
+    desc "Bump version to development"
+    task :development => [ :setup ] do
+      abort "Version already set for development" if VersionBumper.development?
+      @bumper.bump_development_version
+    end
+  end
+end

data/lib/immunio_tasks/version_bumper.rb

@@ -0,0 +1,128 @@
+require_relative '../immunio/version'
+require 'highline'
+
+class VersionBumper
+  def self.current_version
+    Immunio::VERSION
+  end
+
+  def self.version_file
+    @version_file ||= File.join Dir.pwd, 'lib/', 'immunio', 'version.rb'
+  end
+
+  def self.current_branch
+    %x[git symbolic-ref HEAD 2>/dev/null | cut -d"/" -f 3].strip
+  end
+
+  def self.on_master?
+    current_branch == 'master'
+  end
+
+  def self.clean_branch?
+    %x[git status --porcelain --ignore-submodules].split.count == 0
+  end
+
+  def self.on_clean_master?
+    on_master? && clean_branch?
+  end
+
+  def self.development?
+    current_version =~ /master/
+  end
+
+
+  def initialize(test_mode, quiet_mode)
+    @test_mode = test_mode
+    @quiet_mode = quiet_mode
+  end
+
+  attr_reader :test_mode, :quiet_mode
+  
+  def status
+    cli.say "<%= color('You are not on the master branch!', BOLD) %>" unless self.class.on_master?
+    cli.say "<%= color('There are uncommitted changes OR untracked files!', BOLD) %>" unless self.class.clean_branch?
+    cli.say "Current version is: #{self.class.current_version}"
+  end
+
+  def prepare
+    if cli.agree("Are you sure? (yes/no)")
+      exec 'git submodule init' # When we have a fresh clone
+      exec 'git fetch origin'
+      exec 'git clean -fxd'
+      exec 'git submodule foreach --recursive git clean -fxd'
+      exec 'git submodule update'
+      cli.say 'Now run `bundle exec rake version:bump`'
+    else
+      cli.say 'Nothing done.'
+    end
+  end
+
+  def prompt_for_new_version
+    @new_version ||= cli.ask('New version? ') do |v|
+      v.default = self.class.current_version.sub('.master', '')
+    end
+  end
+
+  def ask_and_bump_version(version)
+    unless version_valid?
+      cli.say 'Version is unchanged'
+      return
+    end
+
+    if cli.agree("Bump version to #{version}? (yes/no)")
+      bump_version(version)
+    else
+      cli.say 'Nothing done.'
+    end
+  end
+
+  def bump_development_version
+    return if self.class.development?
+
+    arr = self.class.current_version.split('.')
+    new_patch_level = (arr.last.to_i + 1).to_s
+    version = (arr[0...2] << new_patch_level).join('.') << '.master'
+
+    ask_and_bump_version(version)
+  end
+
+  private
+
+  def exec(cmd)
+    echo = test_mode ? 'echo' : ''
+    puts "=> #{echo} #{cmd}" unless quiet_mode
+    %x[#{echo} #{cmd}]
+  end
+
+  def cli
+    @cli ||= HighLine.new
+  end
+
+  def version_valid?
+    @new_version != self.class.current_version
+  end
+
+  def bump_version(new_version)
+    return unless self.class.on_clean_master?
+
+    cli.say "Bumping version to v#{new_version}"
+    update_version_file(new_version)
+    commit_changes(new_version)
+  end
+
+  def update_version_file(new_version)
+    cli.say "Updating #{self.class.version_file}"
+    cli.say exec(%Q[sed -i '' 's/#{self.class.current_version}/#{new_version}/' #{self.class.version_file}])
+  end
+
+  def commit_changes(new_version)
+    cli.say "Committing changes"
+    if new_version =~ /master/
+      cli.say exec(%Q[git commit -a -m \"Open v#{new_version} for development\"])
+    else
+      cli.say exec(%Q[git commit -a -m \"Bump agent version to v#{new_version}\"])
+      cli.say "Next, run `gem_push=no bundle exec rake release`"
+      cli.say "Then, run `bundle exec rake version:bump:development`"
+    end
+  end
+end

data/lua-hooks/Makefile

@@ -25,6 +25,7 @@ LUA_SRC = \
 	lib/hooks.lua \
 	lib/idn.lua \
 	lib/lexgraph.lua \
+	lib/lru.lua \
 	lib/neturl.lua \
 	lib/paths.lua \
 	lib/perf.lua \
@@ -35,6 +36,7 @@ LUA_SRC = \
 	lib/semver.lua \
 	lib/sha1.lua \
 	lib/snap.lua \
+	lib/term.lua \
 	lib/utils.lua \
 	lib/lexers/bash_dqstr.lua \
 	lib/lexers/bash.lua \
@@ -42,6 +44,7 @@ LUA_SRC = \
 	lib/lexers/css.lua \
 	lib/lexers/html.lua \
 	lib/lexers/javascript.lua \
+	lib/lexers/markers.lua \
 	lib/lexer.lua \
 	lib/hooks/authenticate.lua \
 	lib/hooks/bad_cookie.lua \
@@ -53,9 +56,11 @@ LUA_SRC = \
 	lib/hooks/framework_csrf_check.lua \
 	lib/hooks/framework_login.lua \
 	lib/hooks/framework_password_reset.lua \
+	lib/hooks/framework_account_created.lua \
 	lib/hooks/framework_redirect.lua \
 	lib/hooks/framework_session.lua \
 	lib/hooks/framework_user.lua \
+	lib/hooks/framework_route.lua \
 	lib/hooks/http_request_finish.lua \
 	lib/hooks/http_request_start.lua \
 	lib/hooks/http_response_start.lua \
@@ -160,12 +165,16 @@ clean: cleanhooks
 	rm -rf build
 	find . -name \*.o -delete
 
-
 test: ${CLI} ${INIT_HOOK} lint ${MIN_SRCS}
 	@rm -f test_failed
 	@for file in test/*_test.lua; do printf "\nRunning $$file\n"; TEST_BUILT_HOOKS=1 ./${CLI} $$file || touch test_failed; done
 	@test ! -f test_failed
 
+enable-console: cleanhooks
+	git update-index --assume-unchanged lib/term.lua
+	cp lib/term.lua.dev lib/term.lua
+	make
+
 lint: ${INIT_HOOK}
 	@# Scan all lua files for lines with trailing spaces
 	@# The leading `!` negates the logic, so this target fails if trailing

data/lua-hooks/ext/perf/luacpu.c

@@ -5,32 +5,32 @@
 #include "lua.h"
 #include "lauxlib.h"
 
-/* Show overall CPU utilization of the system 
+/* Show overall CPU utilization of the system
  * This is a part of the post http://phoxis.org/2013/09/05/finding-overall-and-per-core-cpu-utilization
  */
 
 #define BUF_MAX 1024
 
-int 
+int
 read_fields (FILE *fp, unsigned long long int *fields) {
   int retval;
   char buffer[BUF_MAX];
   if (!fgets (buffer, BUF_MAX, fp)) {
-    perror ("Error");
+    return 0;
   }
-  retval = sscanf (buffer, "cpu %Lu %Lu %Lu %Lu %Lu %Lu %Lu %Lu %Lu %Lu", 
-  &fields[0], 
-  &fields[1], 
-  &fields[2], 
-  &fields[3], 
-  &fields[4], 
-  &fields[5], 
-  &fields[6], 
-  &fields[7], 
-  &fields[8], 
-  &fields[9]); 
+  retval = sscanf (buffer, "cpu %Lu %Lu %Lu %Lu %Lu %Lu %Lu %Lu %Lu %Lu",
+  &fields[0],
+  &fields[1],
+  &fields[2],
+  &fields[3],
+  &fields[4],
+  &fields[5],
+  &fields[6],
+  &fields[7],
+  &fields[8],
+  &fields[9]);
   if (retval < 4) {
-    fprintf (stderr, "Error reading /proc/stat cpu field\n");
+    //fprintf (stderr, "Error reading /proc/stat cpu field\n");
     return 0;
   }
   return 1;
@@ -48,7 +48,7 @@ lua_cpuload(lua_State *L) {
 
   fp = fopen ("/proc/stat", "r");
   if (fp == NULL) {
-    perror ("Error");
+    return 0;
   }
 
   if (!read_fields (fp, fields)) {
@@ -70,7 +70,7 @@ lua_cpuload(lua_State *L) {
 
   for (i=0, total_tick = 0; i<10; i++) {
     total_tick += fields[i];
-  } 
+  }
   idle = fields[3];
 
   del_total_tick = total_tick - total_tick_old;
@@ -88,7 +88,7 @@ lua_stat(lua_State *L) {
   FILE *fp;
   char buf[3000];
   if ((fp=fopen("/proc/stat","r"))==NULL) {
-    printf("Error! opening file");
+    return 0;
   }
   else {
     fread(buf, 1, 3000, fp);

data/lua-hooks/ext/perf/lualoadavg.c

@@ -8,7 +8,7 @@
 
 /*https://www.centos.org/docs/5/html/5.1/Deployment_Guide/s2-proc-loadavg.html
 Gives load average in regard to both the CPU and IO over time, as well as additional
-data used by uptime and other commands. 
+data used by uptime and other commands.
 */
 
 /* Immunio Lua bindings */
@@ -18,7 +18,7 @@ lua_loadavg(lua_State *L) {
   char c[100];
   FILE *fp;
   if ((fp=fopen("/proc/loadavg","r"))==NULL) {
-    printf("Error! opening file");
+    return 0;
   }
   if (fgets(c, 100, fp) != NULL) {
     lua_pushstring(L, c);

data/lua-hooks/ext/perf/luameminfo.c

@@ -13,7 +13,7 @@ lua_meminfo(lua_State *L) {
   FILE *fp;
   char buf[2000];
   if ((fp=fopen("/proc/meminfo","r"))==NULL) {
-    printf("Error! opening file");
+    return 0;
   }
   else {
     fread(buf, 1, 2000, fp);

data/lua-hooks/ext/perf/luaoslib.c

@@ -8,7 +8,8 @@
 #include "lj_err.h"
 
 static int os_clock(lua_State *L) {
-  setnumV(L->top++, ((lua_Number)clock())*(1.0/(lua_Number)CLOCKS_PER_SEC));
+  lua_Number clk = ((lua_Number)clock())*(1.0/(lua_Number)CLOCKS_PER_SEC);
+  lua_pushnumber(L, clk);
   return 1;
 }
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: immunio
 version: !ruby/object:Gem::Version
-  version: 1.0.17
+  version: 1.0.19
 platform: ruby
 authors:
 - Immunio
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-05-05 00:00:00.000000000 Z
+date: 2016-05-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -164,6 +164,8 @@ files:
 - lib/immunio/utils.rb
 - lib/immunio/version.rb
 - lib/immunio/vm.rb
+- lib/immunio_tasks/version_bump.rake
+- lib/immunio_tasks/version_bumper.rb
 - lua-hooks/Makefile
 - lua-hooks/ext/all.c
 - lua-hooks/ext/libinjection/COPYING
@@ -445,9 +447,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: Immunio Ruby agent
 test_files: []
-has_rdoc: