immunio 1.0.7 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/immunio/plugins/action_view.rb +9 -5
  3. data/lib/immunio/plugins/warden.rb +46 -54
  4. data/lib/immunio/rails.rb +0 -1
  5. data/lib/immunio/version.rb +1 -1
  6. data/lua-hooks/Makefile +1 -0
  7. data/lua-hooks/lib/boot.lua +1 -0
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 80267dd0327d92f9af47b91f658a46a3e38cd000
4
- data.tar.gz: be17e29bba57536a8d8cdb5a35134cfe64977510
3
+ metadata.gz: 99a30833d9388d3c2cf12a21d209c81983f69958
4
+ data.tar.gz: be529e5b823a1f0db90a4d058ba2af2f5327d2fb
5
5
  SHA512:
6
- metadata.gz: 26355aaa28340307c3a6766ddda207e67484d6e9b0f33601d229660338d1e7becffc3e6140092fd0a10ed7d0bc2d0b3c5f494aaf29fd8e61f66759ac1eb62463
7
- data.tar.gz: 218fbac35d91313ebf8dec8ca81cb1be22b05b8b388b79294db8e1750a1ce6f193da04a305b304dcf99544d27e4b503d28af074d98c05f3fed8ee4feafad0b35
6
+ metadata.gz: 581d82074c288618bec64dd899fde256d601d2703d3da32f86436cc92e1e53545cd209935bcc3989f2d895171b2401f5705795149c4680972daa91a0b353b660
7
+ data.tar.gz: 8b226690a97a6984025d96c57d3322d5c6790fe9fde2723ba690946be942dab9349ab3595f4c25ad0984df4790bc3c177b8a8681985c4ae149c67a6d43598d55
data/lib/immunio/plugins/action_view.rb CHANGED
@@ -131,7 +131,7 @@ module Immunio
131
131
  return content.html_safe
132
132
  end
133
133
 
134
- "{immunio-var:#{id}:#{nonce}}".html_safe + content.html_safe + "{/immunio-var:#{id}:#{nonce}}".html_safe
134
+ "{immunio-var:#{id}:#{nonce}}".html_safe + content.to_s.html_safe + "{/immunio-var:#{id}:#{nonce}}".html_safe
135
135
  end
136
136
 
137
137
  # If we got here, the interpolation has been wrapped in our markers and we
@@ -160,7 +160,7 @@ module Immunio
160
160
  # Don't handle templates with no source (inline text templates).
161
161
  unless has_source?
162
162
  rendered = yield
163
- rendered.instance_variable_set("@__immunio_processed", true)
163
+ rendered.instance_variable_set("@__immunio_processed", true) unless rendered.frozen?
164
164
  return rendered
165
165
  end
166
166
 
@@ -172,14 +172,18 @@ module Immunio
172
172
  template_sha
173
173
  Immunio.logger.debug {"ActionView rendering template with sha #{@template_sha}, root: #{root}"}
174
174
  rendered = yield
175
- rendered.instance_variable_set("@__immunio_processed", true)
175
+ rendered.instance_variable_set("@__immunio_processed", true) unless rendered.frozen?
176
176
 
177
177
  if root
178
178
  # This is the root template. Let ActionView render it, and then look
179
179
  # for XSS.
180
180
  rendered = rendered.to_str
181
- # Rendering done!
182
- result = run_hook! "template_render_done", rendered: rendered, vars: @vars
181
+
182
+ result = run_hook!("template_render_done", {
183
+ content_type: Mime::Type.lookup_by_extension(@template.formats.first).to_s,
184
+ rendered: rendered,
185
+ vars: @vars
186
+ })
183
187
 
184
188
  # We use the return value from the hook handler if present.
185
189
  rendered = result.fetch("rendered") { rendered.dup }
data/lib/immunio/plugins/warden.rb CHANGED
@@ -6,72 +6,64 @@ rescue LoadError # rubocop:disable Lint/HandleExceptions
6
6
  # Ignore
7
7
  end
8
8
 
9
- if defined?(Warden)
10
- Warden::Manager.after_authentication do |user|
11
- Immunio::Request.time "plugin", "Warden::Manager.after_authentication" do
12
- Immunio.logger.debug { "Warden instrumentation fired for after_authentication" }
13
- Immunio.login user_record: user, plugin: "warden"
9
+ if defined?(Warden::Manager)
10
+ class Warden::Manager
11
+ after_authentication do |user|
12
+ Immunio::Request.time "plugin", "Warden::Manager.after_authentication" do
13
+ Immunio.logger.debug { "Warden instrumentation fired for after_authentication" }
14
+ Immunio.login user_record: user, plugin: "warden"
15
+ end
14
16
  end
15
- end
16
17
 
17
- Warden::Manager.before_failure do |env|
18
- Immunio::Request.time "plugin", "Warden::Manager.before_failure" do
19
- info = {plugin: "warden"}
18
+ before_failure do |env|
19
+ Immunio::Request.time "plugin", "Warden::Manager.before_failure" do
20
+ info = {plugin: "warden"}
20
21
 
21
- # Devise uses these specific form fields for authentication by default
22
- user_found = false
23
- [:username, :email].each do |attr|
24
- value = env.fetch("rack.request.form_hash", {}).fetch("user", {})[attr.to_s]
25
- if value
26
- info[attr] = value
27
- user_found = true
22
+ # Devise uses these specific form fields for authentication by default
23
+ user_found = false
24
+ [:username, :email].each do |attr|
25
+ value = env.fetch("rack.request.form_hash", {}).fetch("user", {})[attr.to_s]
26
+ if value
27
+ info[attr] = value
28
+ user_found = true
29
+ end
28
30
  end
29
- end
30
31
 
31
- # before_failure is called under many circumstances, but unfortunately
32
- # there's no easy way to tell why. If we can't figure out who the
33
- # attempted user was, don't report it as a failed login.
34
- if user_found
35
- Immunio.logger.debug { "Warden instrumentation fired for before_failure" }
36
- Immunio.failed_login info
37
- else
38
- Immunio.logger.debug { "Failed to find user info for Warden failure, ignoring instead of reporting as failed login" }
32
+ # before_failure is called under many circumstances, but unfortunately
33
+ # there's no easy way to tell why. If we can't figure out who the
34
+ # attempted user was, don't report it as a failed login.
35
+ if user_found
36
+ Immunio.logger.debug { "Warden instrumentation fired for before_failure" }
37
+ Immunio.failed_login info
38
+ else
39
+ Immunio.logger.debug { "Failed to find user info for Warden failure, ignoring instead of reporting as failed login" }
40
+ end
39
41
  end
40
42
  end
41
- end
42
-
43
- Warden::Manager.after_set_user do |user|
44
- Immunio::Request.time "plugin", "Warden::Manager.after_set_user" do
45
- Immunio.logger.debug { "Warden instrumentation fired for after_set_user" }
46
- Immunio.set_user user_record: user, plugin: "warden"
47
- end
48
- end
49
43
 
50
- Warden::Manager.before_logout do |user|
51
- Immunio::Request.time "plugin", "Warden::Manager.before_logout" do
52
- Immunio.logger.debug { "Warden instrumentation fired for before_logout" }
53
- Immunio.logout user_record: user, plugin: "warden"
44
+ after_set_user do |user|
45
+ Immunio::Request.time "plugin", "Warden::Manager.after_set_user" do
46
+ Immunio.logger.debug { "Warden instrumentation fired for after_set_user" }
47
+ Immunio.set_user user_record: user, plugin: "warden"
48
+ end
54
49
  end
55
- end
56
50
 
57
- # Force lookup of user info for all requests.
58
- module Immunio
59
- class WardenUserCaller
60
- def initialize(app)
61
- @app = app
51
+ before_logout do |user|
52
+ Immunio::Request.time "plugin", "Warden::Manager.before_logout" do
53
+ Immunio.logger.debug { "Warden instrumentation fired for before_logout" }
54
+ Immunio.logout user_record: user, plugin: "warden"
62
55
  end
56
+ end
63
57
 
64
- def call(env)
65
- Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
66
- # This will end up calling Warden::Manager.after_set_user above if
67
- # a valid session associated with a user is seen.
68
- env['warden'].user
69
-
70
- Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
71
- @app.call(env)
72
- end
73
- end
74
- end
58
+ # Force lookup of user info for all requests.
59
+ def call_with_immunio(env)
60
+ call_without_immunio(env)
61
+ ensure
62
+ Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
63
+ env['warden'].user
64
+ end
75
65
  end
66
+ alias :call_without_immunio :call
67
+ alias :call :call_with_immunio
76
68
  end
77
69
  end
data/lib/immunio/rails.rb CHANGED
@@ -10,7 +10,6 @@ module Immunio
10
10
  config.app_middleware.insert 0, HTTPFinisher
11
11
  config.app_middleware.insert_before ActionDispatch::ShowExceptions, HTTPTracker
12
12
  config.app_middleware.insert_after ActionDispatch::DebugExceptions, ExceptionHandler
13
- config.app_middleware.insert_after Warden::Manager, WardenUserCaller if defined? Warden::Manager
14
13
  config.app_middleware.use EnvironmentReporter
15
14
 
16
15
  config.action_dispatch.rescue_responses.merge!('Immunio::RequestBlocked' => :forbidden)
data/lib/immunio/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Immunio
2
2
  AGENT_TYPE = "agent-ruby"
3
- VERSION = "1.0.7"
3
+ VERSION = "1.0.8"
4
4
  VM_VERSION = "2.2.0"
5
5
  end
data/lua-hooks/Makefile CHANGED
@@ -43,6 +43,7 @@ LUA_SRC = \
43
43
  lib/hooks/authenticate.lua \
44
44
  lib/hooks/bad_cookie.lua \
45
45
  lib/hooks/custom_threat.lua \
46
+ lib/hooks/encode.lua \
46
47
  lib/hooks/eval.lua \
47
48
  lib/hooks/exception.lua \
48
49
  lib/hooks/file_io.lua \
data/lua-hooks/lib/boot.lua CHANGED
@@ -9,6 +9,7 @@ serverdata = serverdata or {}
9
9
  -- XXX Java agent has built in assumption that this function exists before VM
10
10
  -- initialisation.
11
11
  -- Encode a Lua object to be sent to the server.
12
+ -- This can be removed when Java agent has moved to new VM API
12
13
  function encode(object)
13
14
  return cmsgpack.pack(object)
14
15
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: immunio
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.7
4
+ version: 1.0.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - Immunio
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-14 00:00:00.000000000 Z
11
+ date: 2015-12-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails