immunio 1.0.1 → 1.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 82b5c85531ac725190ae7c039e598236a8279631
-  data.tar.gz: 1cf2cf8df3d7d2395b01be335d1e6b735b20b730
+  metadata.gz: bfccbfc5c7719eb52d20d25f321e69a8237bea4a
+  data.tar.gz: de0e2240f7c958e8dc22f3bc859d53b758d54b8e
 SHA512:
-  metadata.gz: 359c0aab9d3c0057cc834c82b31286eeac03a0e6d8b47f4816b722b379d0ff3e4a5e2cb84d430411d2c1e9833da1b459e4d9e82a9c1b42dddc5f9e1f328ef846
-  data.tar.gz: 1812771888e04260f9bc31bdfc085c0072e29e1e52232567564653a9510385f015f3fd9f65ebde40661000fe312bdba9156a5b3899fc73321121d406f38840e3
+  metadata.gz: 9af162bbf91d49c20f126ce69d4fc4b8ef220880f3d2ac7dfc15e035b2e386c5ab290896161877eccef97edf460b3d2b3b4afc8fb5997d65da93061b6b88edf1
+  data.tar.gz: 21de7b2342ad41dbb9be6ef89fad8991eb0e04c4598c064806538a5d665936746ca40255eba4e40ef6543b1fad857dde79e7e11d43bd9e66507733fc5ae76cf3

data/LICENSE

@@ -166,6 +166,27 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 DEALINGS IN THE SOFTWARE.
 
+This product includes content covered by the following license:
+Copyright (c) 2014 Project Nayuki
+http://www.nayuki.io/page/fast-sha1-hash-implementation-in-x86-assembly
+
+(MIT License)
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+- The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+- The Software is provided "as is", without warranty of any kind, express or
+  implied, including but not limited to the warranties of merchantability,
+  fitness for a particular purpose and noninfringement. In no event shall the
+  authors or copyright holders be liable for any claim, damages or other
+  liability, whether in an action of contract, tort or otherwise, arising from,
+  out of or in connection with the Software or the use or other dealings in the
+  Software.
+
 
 All other components of this product are
 Copyright (c) 2015 Immunio, Inc.  All rights reserved.

data/README.md

@@ -2,10 +2,10 @@
 
 ## Installation
 
-Add the private Immunio Gemfury repo and the gem itself to your Gemfile:
+Add the private Immunio gem to your Gemfile:
 
 ```ruby
-gem 'immunio', source: 'https://6kxysjCKxsZz3uR6wgas@gem.fury.io/immunio/'
+gem 'immunio'
 ```
 
 Run Bundler to install the gem:
@@ -111,7 +111,7 @@ end
 
 ## Support
 
-- Ruby 2.0 and up
+- Ruby 1.9.3 and up
 - Rails 3.2 to 4.2
 
 ## Building the gem

data/lib/immunio/version.rb

@@ -1,5 +1,5 @@
 module Immunio
   AGENT_TYPE = "agent-ruby"
-  VERSION = "1.0.1"
+  VERSION = "1.0.2"
   VM_VERSION = "2.2.0"
 end

data/lua-hooks/Makefile

@@ -16,6 +16,8 @@ SRC = \
 
 OBJ = ${SRC:.c=.o}
 
+SHA1OBJ = ext/sha1/sha1.o
+
 # Library archive. Used for compiling along agent bindings.
 SO_OUT = libimmunio.so
 A_OUT = libimmunio.a
@@ -52,7 +54,12 @@ all: ${CLI} ${INIT_HOOK} ${HOOKS_TARBALL} ${HOOKS_SRCS_TARBALL}
 .c.o:
 	MACOSX_DEPLOYMENT_TARGET="10.9" ${CC} ${CFLAGS} -c ${INCS} -o $@ $<
 
-${SO_OUT}: ${OBJ} ${LUAJIT_OBJ}
+# There is a huge performance advantage compiling sha1.o with just -O
+# -O2 or -O3 *reduce* the speed of the algorithm 30%
+${SHA1OBJ}:
+	${CC} -O -c ${INCS} -o ${SHA1OBJ} ${SHA1OBJ:.o=.c}
+
+${SO_OUT}: ${OBJ} ${LUAJIT_OBJ} ${SHA1OBJ}
 	${CC} -shared ${CFLAGS} ${LIBS} -o $@ -lc $^
 
 ${A_OUT}: ${OBJ}
@@ -66,7 +73,7 @@ ${LUAJIT_OBJ}:
 
 # Build lua executable for testing and compilation
 # Seperate compilation as we need the LUA_UNSAFE_MODE flag set...
-${CLI}: ${CLI_SRC} ${LUAJIT_OBJ}
+${CLI}: ${CLI_SRC} ${LUAJIT_OBJ} ${SHA1OBJ}
 	${CC} ${CFLAGS} -DLUA_UNSAFE_MODE ${INCS} -o $@ $^ ${LIBS}
 
 # Concatenate init hooks into one __init__.lua hook with two newlines in between
@@ -88,14 +95,18 @@ ${HOOKS_TARBALL}: ${MIN_SRCS}
 ${HOOKS_SRCS_TARBALL}: ${HOOK_SRCS}
 	tar -czf $@ -C hooks . --exclude="init"
 
-clean:
-	rm -f ${CLI} ${OBJ} ${SO_OUT} ${A_OUT} ${LUAJIT_OUT}
-	cd ext/luajit && make clean
+cleanhooks:
 	rm -f ${INIT_HOOK}
+	rm -f build/*.lua
+
+clean: cleanhooks
+	rm -f ${CLI} ${OBJ} ${SO_OUT} ${A_OUT} ${LUAJIT_OUT} ${SHA1OBJ}
+	cd ext/luajit && make clean
 	rm -f test_failed
 	rm -rf build
 	find . -name \*.o -delete
 
+
 test: ${CLI} ${INIT_HOOK} lint ${MIN_SRCS}
 	@rm -f test_failed
 	@for file in test/*_test.lua; do printf "\nRunning $$file\n"; TEST_BUILT_HOOKS=1 ./${CLI} $$file || touch test_failed; done

data/lua-hooks/ext/all.c

@@ -15,6 +15,7 @@
 #include "lpeg/lptree.c"
 #include "lua-cmsgpack/lua_cmsgpack.c"
 #include "lua-snapshot/snapshot.c"
+#include "sha1/luasha1.c"
 
 static const luaL_Reg lj_lib_load[] = {
   // Default Lua modules
@@ -42,6 +43,7 @@ static const luaL_Reg lj_lib_load[] = {
   {"lpeg", luaopen_lpeg},
   {LUACMSGPACK_NAME, luaopen_cmsgpack},
   {"snapshot", luaopen_snapshot},
+  {"sha1", luaopen_sha1},
 
   { NULL,   NULL }
 };

data/lua-hooks/ext/sha1/luasha1.c

@@ -0,0 +1,72 @@
+#include <stdio.h>
+
+#define LUA_LIB
+#include "lua.h"
+#include "lauxlib.h"
+
+// Link this program with an external C or x86 compression function
+extern void sha1_compress(uint32_t state[5], const uint8_t block[64]);
+
+/* This function is implements the padding and blocking around the SHA1 compression function
+ *
+ * Copyright (c) 2014 Project Nayuki
+ * http://www.nayuki.io/page/fast-sha1-hash-implementation-in-x86-assembly
+ */
+static void
+sha1_hash(const uint8_t *message, uint32_t len, uint32_t hash[5]) {
+	hash[0] = UINT32_C(0x67452301);
+	hash[1] = UINT32_C(0xEFCDAB89);
+	hash[2] = UINT32_C(0x98BADCFE);
+	hash[3] = UINT32_C(0x10325476);
+	hash[4] = UINT32_C(0xC3D2E1F0);
+
+	uint32_t i;
+	for (i = 0; len - i >= 64; i += 64)
+		sha1_compress(hash, message + i);
+
+	uint8_t block[64];
+	uint32_t rem = len - i;
+	memcpy(block, message + i, rem);
+
+	block[rem] = 0x80;
+	rem++;
+	if (64 - rem >= 8)
+		memset(block + rem, 0, 56 - rem);
+	else {
+		memset(block + rem, 0, 64 - rem);
+		sha1_compress(hash, block);
+		memset(block, 0, 56);
+	}
+
+	uint64_t longLen = ((uint64_t)len) << 3;
+	for (i = 0; i < 8; i++)
+		block[64 - 1 - i] = (uint8_t)(longLen >> (i * 8));
+	sha1_compress(hash, block);
+}
+
+/* Immunio Lua bindings */
+
+static int
+lua_sha1(lua_State *L) {
+	uint32_t hash[5] = {};
+	char buf[41];
+	size_t slen = 0;
+
+	const char *input = luaL_checklstring(L, 1, &slen);
+	sha1_hash(input, slen, hash);
+	sprintf(buf, "%08x%08x%08x%08x%08x", hash[0], hash[1], hash[2], hash[3], hash[4]);
+	lua_pushstring(L, buf);
+	return 1;
+}
+
+static const luaL_Reg libsha1[] = {
+  {"sha1", lua_sha1},
+  {NULL, NULL}
+};
+
+int
+luaopen_sha1(lua_State *L) {
+  luaL_checkversion(L);
+  luaL_register(L, "sha1", libsha1);
+  return 1;
+}

data/lua-hooks/ext/sha1/sha1.c

@@ -0,0 +1,145 @@
+/* 
+ * SHA-1 hash in C
+ * 
+ * Copyright (c) 2014 Project Nayuki
+ * http://www.nayuki.io/page/fast-sha1-hash-implementation-in-x86-assembly
+ * 
+ * (MIT License)
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ * - The above copyright notice and this permission notice shall be included in
+ *   all copies or substantial portions of the Software.
+ * - The Software is provided "as is", without warranty of any kind, express or
+ *   implied, including but not limited to the warranties of merchantability,
+ *   fitness for a particular purpose and noninfringement. In no event shall the
+ *   authors or copyright holders be liable for any claim, damages or other
+ *   liability, whether in an action of contract, tort or otherwise, arising from,
+ *   out of or in connection with the Software or the use or other dealings in the
+ *   Software.
+ */
+
+#include <stdint.h>
+
+
+void sha1_compress(uint32_t state[5], const uint8_t block[64]) {
+	#define SCHEDULE(i)  \
+		temp = schedule[(i - 3) & 0xF] ^ schedule[(i - 8) & 0xF] ^ schedule[(i - 14) & 0xF] ^ schedule[(i - 16) & 0xF];  \
+		schedule[i & 0xF] = temp << 1 | temp >> 31;
+	
+	#define LOADSCHEDULE(i)  \
+		schedule[i] =                           \
+			  (uint32_t)block[i * 4 + 0] << 24  \
+			| (uint32_t)block[i * 4 + 1] << 16  \
+			| (uint32_t)block[i * 4 + 2] <<  8  \
+			| (uint32_t)block[i * 4 + 3];
+	
+	#define ROUND0a(a, b, c, d, e, i)  LOADSCHEDULE(i)  ROUNDTAIL(a, b, e, ((b & c) | (~b & d))         , i, 0x5A827999)
+	#define ROUND0b(a, b, c, d, e, i)  SCHEDULE(i)      ROUNDTAIL(a, b, e, ((b & c) | (~b & d))         , i, 0x5A827999)
+	#define ROUND1(a, b, c, d, e, i)   SCHEDULE(i)      ROUNDTAIL(a, b, e, (b ^ c ^ d)                  , i, 0x6ED9EBA1)
+	#define ROUND2(a, b, c, d, e, i)   SCHEDULE(i)      ROUNDTAIL(a, b, e, ((b & c) ^ (b & d) ^ (c & d)), i, 0x8F1BBCDC)
+	#define ROUND3(a, b, c, d, e, i)   SCHEDULE(i)      ROUNDTAIL(a, b, e, (b ^ c ^ d)                  , i, 0xCA62C1D6)
+	
+	#define ROUNDTAIL(a, b, e, f, i, k)  \
+		e += (a << 5 | a >> 27) + f + UINT32_C(k) + schedule[i & 0xF];  \
+		b = b << 30 | b >> 2;
+	
+	uint32_t a = state[0];
+	uint32_t b = state[1];
+	uint32_t c = state[2];
+	uint32_t d = state[3];
+	uint32_t e = state[4];
+	
+	uint32_t schedule[16];
+	uint32_t temp;
+	ROUND0a(a, b, c, d, e,  0)
+	ROUND0a(e, a, b, c, d,  1)
+	ROUND0a(d, e, a, b, c,  2)
+	ROUND0a(c, d, e, a, b,  3)
+	ROUND0a(b, c, d, e, a,  4)
+	ROUND0a(a, b, c, d, e,  5)
+	ROUND0a(e, a, b, c, d,  6)
+	ROUND0a(d, e, a, b, c,  7)
+	ROUND0a(c, d, e, a, b,  8)
+	ROUND0a(b, c, d, e, a,  9)
+	ROUND0a(a, b, c, d, e, 10)
+	ROUND0a(e, a, b, c, d, 11)
+	ROUND0a(d, e, a, b, c, 12)
+	ROUND0a(c, d, e, a, b, 13)
+	ROUND0a(b, c, d, e, a, 14)
+	ROUND0a(a, b, c, d, e, 15)
+	ROUND0b(e, a, b, c, d, 16)
+	ROUND0b(d, e, a, b, c, 17)
+	ROUND0b(c, d, e, a, b, 18)
+	ROUND0b(b, c, d, e, a, 19)
+	ROUND1(a, b, c, d, e, 20)
+	ROUND1(e, a, b, c, d, 21)
+	ROUND1(d, e, a, b, c, 22)
+	ROUND1(c, d, e, a, b, 23)
+	ROUND1(b, c, d, e, a, 24)
+	ROUND1(a, b, c, d, e, 25)
+	ROUND1(e, a, b, c, d, 26)
+	ROUND1(d, e, a, b, c, 27)
+	ROUND1(c, d, e, a, b, 28)
+	ROUND1(b, c, d, e, a, 29)
+	ROUND1(a, b, c, d, e, 30)
+	ROUND1(e, a, b, c, d, 31)
+	ROUND1(d, e, a, b, c, 32)
+	ROUND1(c, d, e, a, b, 33)
+	ROUND1(b, c, d, e, a, 34)
+	ROUND1(a, b, c, d, e, 35)
+	ROUND1(e, a, b, c, d, 36)
+	ROUND1(d, e, a, b, c, 37)
+	ROUND1(c, d, e, a, b, 38)
+	ROUND1(b, c, d, e, a, 39)
+	ROUND2(a, b, c, d, e, 40)
+	ROUND2(e, a, b, c, d, 41)
+	ROUND2(d, e, a, b, c, 42)
+	ROUND2(c, d, e, a, b, 43)
+	ROUND2(b, c, d, e, a, 44)
+	ROUND2(a, b, c, d, e, 45)
+	ROUND2(e, a, b, c, d, 46)
+	ROUND2(d, e, a, b, c, 47)
+	ROUND2(c, d, e, a, b, 48)
+	ROUND2(b, c, d, e, a, 49)
+	ROUND2(a, b, c, d, e, 50)
+	ROUND2(e, a, b, c, d, 51)
+	ROUND2(d, e, a, b, c, 52)
+	ROUND2(c, d, e, a, b, 53)
+	ROUND2(b, c, d, e, a, 54)
+	ROUND2(a, b, c, d, e, 55)
+	ROUND2(e, a, b, c, d, 56)
+	ROUND2(d, e, a, b, c, 57)
+	ROUND2(c, d, e, a, b, 58)
+	ROUND2(b, c, d, e, a, 59)
+	ROUND3(a, b, c, d, e, 60)
+	ROUND3(e, a, b, c, d, 61)
+	ROUND3(d, e, a, b, c, 62)
+	ROUND3(c, d, e, a, b, 63)
+	ROUND3(b, c, d, e, a, 64)
+	ROUND3(a, b, c, d, e, 65)
+	ROUND3(e, a, b, c, d, 66)
+	ROUND3(d, e, a, b, c, 67)
+	ROUND3(c, d, e, a, b, 68)
+	ROUND3(b, c, d, e, a, 69)
+	ROUND3(a, b, c, d, e, 70)
+	ROUND3(e, a, b, c, d, 71)
+	ROUND3(d, e, a, b, c, 72)
+	ROUND3(c, d, e, a, b, 73)
+	ROUND3(b, c, d, e, a, 74)
+	ROUND3(a, b, c, d, e, 75)
+	ROUND3(e, a, b, c, d, 76)
+	ROUND3(d, e, a, b, c, 77)
+	ROUND3(c, d, e, a, b, 78)
+	ROUND3(b, c, d, e, a, 79)
+	
+	state[0] += a;
+	state[1] += b;
+	state[2] += c;
+	state[3] += d;
+	state[4] += e;
+}
+

data/lua-hooks/lib/boot.lua

@@ -56,6 +56,7 @@ SANDBOX_ENV = {
     traceback = debug.traceback
   },
   select = select,
+  sha1 = sha1,
   utf8 = {
     byte = utf8.byte,
     char = utf8.char,
@@ -129,6 +130,7 @@ SANDBOX_ENV = {
     html = require('lexers/lexer').load('html'),
     javascript = require('lexers/lexer').load('javascript'),
     css = require('lexers/lexer').load('css'),
+    css_attr = require('lexers/lexer').load('css_attr'),
   },
   -- Immunio vars
   serverdata = {}, -- Default empty serverdata

data/lua-hooks/lib/lexers/bash_dqstr.lua

@@ -10,14 +10,11 @@
 -- and handle the recursion in higher level lua at a minute performance cost.
 
 local l = require('lexer')
-local token, word_match = l.token, bash_word_match
+local token = l.token
 local P, R, S = lpeg.P, lpeg.R, lpeg.S
 
 local M = {_NAME = 'bash_dqstr'}
 
--- Whitespace.
-local ws = token(l.WHITESPACE, l.space^1)
-
 -- Generic token.
 local bash_word = (l.alpha + '_') * (l.alnum + '_' + '\\ ')^0
 

data/lua-hooks/lib/lexers/css.lua

@@ -1,211 +1,96 @@
--- Copyright 2006-2015 Mitchell mitchell.att.foicica.com. See LICENSE.
--- CSS LPeg lexer.
+-- Copyright 2006-2010 Mitchell Foral mitchell<att>caladbolg.net. See LICENSE.
+-- CSS LPeg lexer
+local M = {_NAME = 'css'}
 
 local l = require('lexer')
-local token, word_match = l.token, l.word_match
-local P, R, S, V = lpeg.P, lpeg.R, lpeg.S, lpeg.V
+local token, parent_token, word_match, delimited_range =
+  l.token, l.parent_token, l.word_match, l.delimited_range
 
-local M = {_NAME = 'css'}
+local P, R, S, V = lpeg.P, lpeg.R, lpeg.S, lpeg.V
 
--- Whitespace.
-local ws = token(l.WHITESPACE, l.space^1)
-
--- Comments.
-local comment = token(l.COMMENT, '/*' * (l.any - '*/')^0 * P('*/')^-1)
-
--- Strings.
-local sq_str = l.delimited_range("'")
-local dq_str = l.delimited_range('"')
-local string = token(l.STRING, sq_str + dq_str)
-
--- Numbers.
-local number = token(l.NUMBER, l.digit^1)
-
--- Keywords.
-local css1_property = word_match({
-  'color', 'background-color', 'background-image', 'background-repeat',
-  'background-attachment', 'background-position', 'background', 'font-family',
-  'font-style', 'font-variant', 'font-weight', 'font-size', 'font',
-  'word-spacing', 'letter-spacing', 'text-decoration', 'vertical-align',
-  'text-transform', 'text-align', 'text-indent', 'line-height', 'margin-top',
-  'margin-right', 'margin-bottom', 'margin-left', 'margin', 'padding-top',
-  'padding-right', 'padding-bottom', 'padding-left', 'padding',
-  'border-top-width', 'border-right-width', 'border-bottom-width',
-  'border-left-width', 'border-width', 'border-top', 'border-right',
-  'border-bottom', 'border-left', 'border', 'border-color', 'border-style',
-  'width', 'height', 'float', 'clear', 'display', 'white-space',
-  'list-style-type', 'list-style-image', 'list-style-position', 'list-style'
-}, '-')
-local css1_value = word_match({
-  'auto', 'none', 'normal', 'italic', 'oblique', 'small-caps', 'bold', 'bolder',
-  'lighter', 'xx-small', 'x-small', 'small', 'medium', 'large', 'x-large',
-  'xx-large', 'larger', 'smaller', 'transparent', 'repeat', 'repeat-x',
-  'repeat-y', 'no-repeat', 'scroll', 'fixed', 'top', 'bottom', 'left', 'center',
-  'right', 'justify', 'both', 'underline', 'overline', 'line-through', 'blink',
-  'baseline', 'sub', 'super', 'text-top', 'middle', 'text-bottom', 'capitalize',
-  'uppercase', 'lowercase', 'thin', 'medium', 'thick', 'dotted', 'dashed',
-  'solid', 'double', 'groove', 'ridge', 'inset', 'outset', 'block', 'inline',
-  'list-item', 'pre', 'no-wrap', 'inside', 'outside', 'disc', 'circle',
-  'square', 'decimal', 'lower-roman', 'upper-roman', 'lower-alpha',
-  'upper-alpha', 'aqua', 'black', 'blue', 'fuchsia', 'gray', 'green', 'lime',
-  'maroon', 'navy', 'olive', 'purple', 'red', 'silver', 'teal', 'white',
-  'yellow'
-}, '-')
-local css2_property = word_match({
-  'border-top-color', 'border-right-color', 'border-bottom-color',
-  'border-left-color', 'border-color', 'border-top-style', 'border-right-style',
-  'border-bottom-style', 'border-left-style', 'border-style', 'top', 'right',
-  'bottom', 'left', 'position', 'z-index', 'direction', 'unicode-bidi',
-  'min-width', 'max-width', 'min-height', 'max-height', 'overflow', 'clip',
-  'visibility', 'content', 'quotes', 'counter-reset', 'counter-increment',
-  'marker-offset', 'size', 'marks', 'page-break-before', 'page-break-after',
-  'page-break-inside', 'page', 'orphans', 'widows', 'font-stretch',
-  'font-size-adjust', 'unicode-range', 'units-per-em', 'src', 'panose-1',
-  'stemv', 'stemh', 'slope', 'cap-height', 'x-height', 'ascent', 'descent',
-  'widths', 'bbox', 'definition-src', 'baseline', 'centerline', 'mathline',
-  'topline', 'text-shadow', 'caption-side', 'table-layout', 'border-collapse',
-  'border-spacing', 'empty-cells', 'speak-header', 'cursor', 'outline',
-  'outline-width', 'outline-style', 'outline-color', 'volume', 'speak',
-  'pause-before', 'pause-after', 'pause', 'cue-before', 'cue-after', 'cue',
-  'play-during', 'azimuth', 'elevation', 'speech-rate', 'voice-family', 'pitch',
-  'pitch-range', 'stress', 'richness', 'speak-punctuation', 'speak-numeral'
-}, '-')
-local css2_value = word_match({
-  'inherit', 'run-in', 'compact', 'marker', 'table', 'inline-table',
-  'table-row-group', 'table-header-group', 'table-footer-group', 'table-row',
-  'table-column-group', 'table-column', 'table-cell', 'table-caption', 'static',
-  'relative', 'absolute', 'fixed', 'ltr', 'rtl', 'embed', 'bidi-override',
-  'visible', 'hidden', 'scroll', 'collapse', 'open-quote', 'close-quote',
-  'no-open-quote', 'no-close-quote', 'decimal-leading-zero', 'lower-greek',
-  'lower-latin', 'upper-latin', 'hebrew', 'armenian', 'georgian',
-  'cjk-ideographic', 'hiragana', 'katakana', 'hiragana-iroha', 'katakana-iroha',
-  'landscape', 'portrait', 'crop', 'cross', 'always', 'avoid', 'wider',
-  'narrower', 'ultra-condensed', 'extra-condensed', 'condensed',
-  'semi-condensed', 'semi-expanded', 'expanded', 'extra-expanded',
-  'ultra-expanded', 'caption', 'icon', 'menu', 'message-box', 'small-caption',
-  'status-bar', 'separate', 'show', 'hide', 'once', 'crosshair', 'default',
-  'pointer', 'move', 'text', 'wait', 'help', 'e-resize', 'ne-resize',
-  'nw-resize', 'n-resize', 'se-resize', 'sw-resize', 's-resize', 'w-resize',
-  'ActiveBorder', 'ActiveCaption', 'AppWorkspace', 'Background', 'ButtonFace',
-  'ButtonHighlight', 'ButtonShadow', 'InactiveCaptionText', 'ButtonText',
-  'CaptionText', 'GrayText', 'Highlight', 'HighlightText', 'InactiveBorder',
-  'InactiveCaption', 'InfoBackground', 'InfoText', 'Menu', 'MenuText',
-  'Scrollbar', 'ThreeDDarkShadow', 'ThreeDFace', 'ThreeDHighlight',
-  'ThreeDLightShadow', 'ThreeDShadow', 'Window', 'WindowFrame', 'WindowText',
-  'silent', 'x-soft', 'soft', 'medium', 'loud', 'x-loud', 'spell-out', 'mix',
-  'left-side', 'far-left', 'center-left', 'center-right', 'far-right',
-  'right-side', 'behind', 'leftwards', 'rightwards', 'below', 'level', 'above',
-  'higher', 'lower', 'x-slow', 'slow', 'medium', 'fast', 'x-fast', 'faster',
-  'slower', 'male', 'female', 'child', 'x-low', 'low', 'high', 'x-high', 'code',
-  'digits', 'continous'
-}, '-')
-
-local css3_property = word_match({
-  'align-content', 'align-items', 'align-self', 'alignment-adjust',
-  'alignment-baseline', 'all', 'anchor-point', 'animation', 'animation-delay',
-  'animation-direction', 'animation-duration', 'animation-fill-mode',
-  'animation-iteration-count', 'animation-name', 'animation-play-state',
-  'animation-timing-function', 'backface-visibility', 'background-clip',
-  'background-origin', 'background-size', 'baseline-shift', 'binding', 'bleed',
-  'bookmark-label', 'bookmark-level', 'bookmark-state', 'border-bottom-left-radius',
-  'border-bottom-right-radius', 'border-image', 'border-image-outset',
-  'border-image-repeat', 'border-image-slice', 'border-image-source',
-  'border-image-width', 'border-radius', 'border-top-left-radius',
-  'border-top-right-radius', 'box-decoration-break', 'box-shadow', 'box-sizing',
-  'box-snap', 'box-suppress', 'break-after', 'break-before', 'break-inside',
-  'chains', 'clip-path', 'clip-rule', 'color-interpolation-filters', 'column-count',
-  'column-fill', 'column-gap', 'column-rule', 'column-rule-color', 'column-rule-style',
-  'column-rule-width', 'column-span', 'column-width', 'columns', 'contain',
-  'counter-set', 'crop', 'display-inside', 'display-list', 'display-outside',
-  'dominant-baseline', 'filter', 'flex', 'flex-basis', 'flex-direction', 'flex-flow',
-  'flex-grow', 'flex-shrink', 'flex-wrap', 'float-offset', 'flood-color',
-  'flood-opacity', 'flow-from', 'flow-into', 'font-feature-settings', 'font-kerning',
-  'font-language-override', 'font-synthesis', 'font-variant-alternates',
-  'font-variant-caps', 'font-variant-east-asian', 'font-variant-ligatures',
-  'font-variant-numeric', 'font-variant-position', 'grid', 'grid-area',
-  'grid-auto-columns', 'grid-auto-flow', 'grid-auto-rows', 'grid-column',
-  'grid-column-end', 'grid-column-start', 'grid-row', 'grid-row-end', 'grid-row-start',
-  'grid-template', 'grid-template-areas', 'grid-template-columns', 'grid-template-rows',
-  'hanging-punctuation', 'hyphens', 'icon', 'image-orientation', 'image-resolution',
-  'ime-mode', 'initial-letters', 'inline-box-align', 'justify-content', 'justify-items',
-  'justify-self', 'lighting-color', 'line-box-contain', 'line-break', 'line-grid',
-  'line-snap', 'line-stacking', 'line-stacking-ruby', 'line-stacking-shift',
-  'line-stacking-strategy', 'marker-side', 'mask', 'mask-box', 'mask-box-outset',
-  'mask-box-repeat', 'mask-box-slice', 'mask-box-source', 'mask-box-width',
-  'mask-clip', 'mask-image', 'mask-origin', 'mask-position', 'mask-repeat', 'mask-size',
-  'mask-source-type', 'mask-type', 'max-lines', 'move-to', 'nav-down', 'nav-index',
-  'nav-left', 'nav-right', 'nav-up', 'object-fit', 'object-position', 'opacity',
-  'order', 'outline-offset', 'overflow-wrap', 'overflow-x', 'overflow-y', 'page-policy',
-  'perspective', 'perspective-origin', 'presentation-level', 'region-fragment',
-  'resize', 'rest', 'rest-after', 'rest-before', 'rotation', 'rotation-point',
-  'ruby-align', 'ruby-merge', 'ruby-position', 'shape-image-threshold', 'shape-outside',
-  'shape-margin', 'speak-as', 'string-set', 'tab-size', 'text-align-last',
-  'text-combine-upright', 'text-decoration-color', 'text-decoration-line',
-  'text-decoration-skip', 'text-decoration-style', 'text-emphasis', 'text-emphasis-color',
-  'text-emphasis-color', 'text-emphasis-style', 'text-height', 'text-justify',
-  'text-orientation', 'text-overflow', 'text-space-collapse', 'text-underline-position',
-  'text-wrap', 'transform', 'transform-origin', 'transform-style', 'transition',
-  'transition-delay', 'transition-duration', 'transition-property',
-  'transition-timing-function', 'voice-balance', 'voice-duration', 'voice-pitch',
-  'voice-range', 'voice-rate', 'voice-stress', 'voice-volume', 'will-change',
-  'word-break', 'word-wrap', 'wrap-flow', 'wrap-through', 'writing-mode',
-  })
-
-
-local property = token('property', css1_property + css2_property + css3_property)
-local value = token('value', css1_value + css2_value)
-local keyword = property + value
-
--- Identifiers.
-local identifier = token(l.IDENTIFIER, l.alpha * (l.alnum + S('_-'))^0)
-
--- Operators.
-local operator = token(l.OPERATOR, S('~!#*>+=|.,:;()[]{}'))
-
--- At rule.
-local at_rule = token('at_rule', P('@') * word_match{
-  'charset', 'font-face', 'media', 'page', 'import'
-})
-
--- Colors.
-local xdigit = l.xdigit
-local hex_color = '#' * xdigit * xdigit * xdigit * (xdigit * xdigit * xdigit)^-1
-local color_name = word_match{
-  'aqua', 'black', 'blue', 'fuchsia', 'gray', 'green', 'lime', 'maroon', 'navy',
-  'olive', 'orange', 'purple', 'red', 'silver', 'teal', 'white', 'yellow'
-}
-local color = token('color', hex_color + color_name)
-
--- Pseudo.
-local pseudo = token(l.CONSTANT, word_match({
-  -- Pseudo elements.
-  'first-line', 'first-letter', 'before', 'after',
-  -- Pseudo classes.
-  'first-child', 'link', 'visited', 'hover', 'active', 'focus', 'lang',
-}, '-'))
-
--- Units.
-local unit = token('unit', word_match{
-  'em', 'ex', 'px', 'pt', 'pc', 'in', 'ft', 'mm', 'cm', 'kHz', 'Hz', 'deg',
-  'rad', 'grad', 'ms', 's'
-} + '%')
+local ws = token('whitespace', l.space^1)
+
+-- comments
+local comment = token('comment', '/*' * (l.any - '*/')^0 * P('*/')^-1)
+
+local word_char = l.alnum + S('_-')
+local identifier = (l.alpha + '-')^1 * word_char^0
+
+-- strings
+local sq_str = delimited_range("'", '\\', true)
+local dq_str = delimited_range('"', '\\', true)
+local string = token('string', sq_str + dq_str)
+
+local colon = token('operator', ':')
+local semicolon = token('operator', ';')
+local comma = token('operator', ',')
+local obrace = token('operator', '{')
+local cbrace = token('operator', '}')
+local bang = token('operator', '!')
+
+-- selectors
+local attribute = '[' * word_char^1 * (S('|~')^-1 * '=' * (identifier + sq_str + dq_str))^-1 * ']'
+local class_id_selector = identifier^-1 * S('.#') * identifier
+local pseudoclass = word_match({
+  'first-letter', 'first-line', 'link', 'active', 'visited',
+  'first-child', 'focus', 'hover', 'lang', 'before', 'after',
+  'left', 'right', 'first'
+}, '-', true)
+local selector = P('*') * ws + (class_id_selector + identifier + '*') * attribute^-1
+selector =  token('selector', selector * (ws * selector)^0) *
+  (token('selector', ':' * pseudoclass) + token('default_selector', ':' * word_char^1))^-1
+selector = selector * (ws^0 * (comma + token('selector', S('>+*'))) * ws^0 * selector)^0
+
+-- css properties and values
+local property_name = token('property_name', word_char^1)
+local value = token('value', bang^0 * word_char^1)
+
+-- colors, units, numbers, and urls
+local hexcolor = token('color', '#' * l.xdigit * l.xdigit * l.xdigit * (l.xdigit * l.xdigit * l.xdigit)^-1)
+local rgbunit = (l.digit^1 * P('%')^-1)
+local rgbcolor = token('color', word_match({'rgb'}, nil, true) * '(' * rgbunit * ',' * rgbunit * ',' * rgbunit * ')')
+local color = hexcolor + rgbcolor
+local unit = word_match({
+  'pt', 'mm', 'cm', 'pc', 'in', 'px', 'em', 'ex', 'deg',
+  'rad', 'grad', 'ms', 's', 'Hz', 'kHz'
+}, nil, true)
+unit = token('unit', unit + '%')
+local css_float = l.digit^0 * '.' * l.digit^1 + l.digit^1 * '.' * l.digit^0 + l.digit^1
+local number = token('number', S('+-')^-1 * css_float) * unit^-1
+local func = parent_token('function', token('function_name', identifier) * token('function_param', delimited_range('()', true, false, true)))
+-- declaration block
+local block_default_char = token('default_block_char', (l.any - '}')^1)
+local property_value = parent_token('property_value', string + number + color + func + value)
+local property_values = { property_value * (ws * property_value)^0 * (ws^0 * comma * ws^0 * V(1))^0 }
+local declaration_value = colon * ws^0 * property_values * ws^0 * semicolon^0
+local declaration_property = property_name * ws^0
+local declaration = parent_token('declaration', (declaration_property * (declaration_value + block_default_char)) + comment + block_default_char)
+local declaration_block = parent_token('declaration_block', obrace * ws^0 * declaration * (ws * declaration)^0 * ws^0 * cbrace^-1)
+
+local css_element = selector * ws^0 * declaration_block^-1
+
+-- at rules
+local at_rule_name = token('at_rule_name', '@' * word_match({
+  'import', 'media', 'page', 'font-face', 'charset'
+}, '-', true))
+local at_rule_arg = token('at_rule_arg', word_match({
+  'all', 'aural', 'braille', 'embossed', 'handheld', 'print',
+  'projection', 'screen', 'tty', 'tv'
+}, nil, true))
+local at_rule = parent_token('at_rule', at_rule_name * (ws * (at_rule_arg + func + string) )^-1)
 
 -- Immunio marker
 local marker = l.token('marker', P('{immunio-var:') * l.integer * ':' * l.xdigit^1 * '}')
 
 M._rules = {
   {'whitespace', ws},
-  {'marker', marker},
-  {'keyword', keyword},
-  {'pseudo', pseudo},
-  {'color', color},
-  {'identifier', identifier},
-  {'string', string},
   {'comment', comment},
-  {'number', number * unit^-1},
-  {'operator', operator},
+  {'marker', marker},
   {'at_rule', at_rule},
+  {'string', string},
+  {'css_element', css_element},
 }
+M.declaration = declaration -- so we can access it in sub-lexer for attrs
 
 M._tokenstyles = {
 }

data/lua-hooks/lib/lexers/css_attr.lua

@@ -0,0 +1,13 @@
+-- Lexer for CSS style attributes. These are slightly different as we need to
+-- start lexing inside a declaration rather than at the selector level...
+M = require('css')
+-- For attributes, remove the css_element rule which includes
+-- selector and delaration block tokens
+for k,v in ipairs(M._rules) do
+	if v[1] == 'css_element' then
+		M._rules[k] = nil
+	end
+end
+-- Instead insert a top level token for declarations.
+table.insert(M._rules, {'declaration', M.declaration})
+return M

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: immunio
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
 platform: ruby
 authors:
 - Immunio
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-02 00:00:00.000000000 Z
+date: 2015-10-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -414,12 +414,15 @@ files:
 - lua-hooks/ext/luautf8/README.md
 - lua-hooks/ext/luautf8/lutf8lib.c
 - lua-hooks/ext/luautf8/unidata.h
+- lua-hooks/ext/sha1/luasha1.c
+- lua-hooks/ext/sha1/sha1.c
 - lua-hooks/lib/boot.lua
 - lua-hooks/lib/encode.lua
 - lua-hooks/lib/lexers/LICENSE
 - lua-hooks/lib/lexers/bash.lua
 - lua-hooks/lib/lexers/bash_dqstr.lua
 - lua-hooks/lib/lexers/css.lua
+- lua-hooks/lib/lexers/css_attr.lua
 - lua-hooks/lib/lexers/html.lua
 - lua-hooks/lib/lexers/javascript.lua
 - lua-hooks/lib/lexers/lexer.lua