immunio 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/immunio/agent.rb +73 -0
- data/lib/immunio/plugins/action_dispatch.rb +19 -0
- data/lib/immunio/plugins/action_view.rb +30 -1
- data/lib/immunio/plugins/active_record.rb +39 -1
- data/lib/immunio/plugins/active_record_relation.rb +53 -5
- data/lib/immunio/plugins/authlogic.rb +4 -0
- data/lib/immunio/plugins/csrf.rb +4 -0
- data/lib/immunio/plugins/devise.rb +3 -0
- data/lib/immunio/plugins/environment_reporter.rb +1 -5
- data/lib/immunio/plugins/eval.rb +1 -0
- data/lib/immunio/plugins/http_finisher.rb +1 -0
- data/lib/immunio/plugins/http_tracker.rb +1 -0
- data/lib/immunio/plugins/io.rb +3 -0
- data/lib/immunio/plugins/redirect.rb +4 -0
- data/lib/immunio/plugins/warden.rb +3 -0
- data/lib/immunio/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 88d0c7506de87c39b6c0c7dc765cb55da4948b64
|
4
|
+
data.tar.gz: d38d7b83f8652eae78201c954215bf715fed31df
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 98a9fddf1a26d59bd4491350613a2e016f9b4cc0697b038f96144793f33e9d01e88cafd1cf4d8ed92874e651d7af730eab7b87e73b814488cc0c17281ddae9e0
|
7
|
+
data.tar.gz: 75a136f01c2ffe9bec4fda596502df66adbd2e858e25b7f8c04d5dda6653e57a2162f43601bc5e5bbe0c92d78904823443ecb9d7265a2ee9abcda74379894dc2
|
data/lib/immunio/agent.rb
CHANGED
@@ -70,6 +70,8 @@ module Immunio
|
|
70
70
|
# purposes.
|
71
71
|
config_accessor :vm_data
|
72
72
|
|
73
|
+
attr_reader :plugins
|
74
|
+
|
73
75
|
def initialize
|
74
76
|
Immunio.logger.info { "Initializing agent version #{VERSION} for process #{Process.pid}" }
|
75
77
|
|
@@ -102,6 +104,8 @@ module Immunio
|
|
102
104
|
# Be sure all config attributes have a type before this call:
|
103
105
|
load_config
|
104
106
|
|
107
|
+
setup_plugin_registry
|
108
|
+
|
105
109
|
Immunio::switch_to_real_logger(config.log_file, config.log_level)
|
106
110
|
|
107
111
|
if !config.agent_enabled then
|
@@ -231,6 +235,75 @@ module Immunio
|
|
231
235
|
def environment=(environment)
|
232
236
|
@processor.environment = environment
|
233
237
|
end
|
238
|
+
|
239
|
+
def register_plugin(name, version = nil)
|
240
|
+
@plugins[name] = {} unless @plugins.has_key?(name)
|
241
|
+
@plugins[name]['status'] = 'loaded'
|
242
|
+
@plugins[name]['version'] = version if version
|
243
|
+
|
244
|
+
Immunio.logger.info do
|
245
|
+
"Registering plugin '#{name}' => '#{@plugins[name]}'"
|
246
|
+
end
|
247
|
+
end
|
248
|
+
|
249
|
+
RECOGNIZED_PLUGINS = [
|
250
|
+
## action_dispatch
|
251
|
+
'ActionDispatch::Cookies::SignedCookieJar',
|
252
|
+
'ActionDispatch::Cookies::UpgradeLegacySignedCookieJar',
|
253
|
+
'ActionDispatch::Cookies::EncryptedCookieJar',
|
254
|
+
'ActionDispatch::Cookies::UpgradeLegacyEncryptedCookieJar',
|
255
|
+
|
256
|
+
## action_view
|
257
|
+
'ActionView::Template::Handlers::Erubis',
|
258
|
+
'Haml::Compiler',
|
259
|
+
'Hash',
|
260
|
+
'ActionView::TemplateRenderer',
|
261
|
+
'ActionView::Template',
|
262
|
+
'ActionController::Caching::Fragments',
|
263
|
+
|
264
|
+
## active_record
|
265
|
+
'ActiveRecord',
|
266
|
+
'ActiveRecord::ConnectionAdapters::Mysql2Adapter',
|
267
|
+
'ActiveRecord::ConnectionAdapters::MysqlAdapter',
|
268
|
+
'ActiveRecord::ConnectionAdapters::PostgreSQLAdapter',
|
269
|
+
'ActiveRecord::ConnectionAdapters::SQLite3Adapter',
|
270
|
+
'ActiveRecord::ConnectionAdapters::SQLiteAdapter',
|
271
|
+
'ActiveRecord::Sanitization',
|
272
|
+
'Arel::Visitors::ToSql',
|
273
|
+
'ActiveRecord::ConnectionAdapters::AbstractAdapter',
|
274
|
+
|
275
|
+
## active_record_relation
|
276
|
+
'ActiveRecord::Relation',
|
277
|
+
'ActiveRecord::SpawnMethods',
|
278
|
+
'ActiveRecord::Querying',
|
279
|
+
'ActiveRecord::StatementCache',
|
280
|
+
'ActiveRecord::Associations::HasManyThroughAssociation',
|
281
|
+
|
282
|
+
'Authlogic',
|
283
|
+
'ActionController (CSRF)',
|
284
|
+
'Devise',
|
285
|
+
'Kernel (Eval)',
|
286
|
+
'Immunio::HTTPFinisher',
|
287
|
+
'Immunio::HTTPTracker',
|
288
|
+
|
289
|
+
## io
|
290
|
+
'IO',
|
291
|
+
'File',
|
292
|
+
'Kernel (Module)',
|
293
|
+
|
294
|
+
'ActionController (Redirect)',
|
295
|
+
'Warden'
|
296
|
+
].freeze
|
297
|
+
|
298
|
+
private
|
299
|
+
|
300
|
+
def setup_plugin_registry
|
301
|
+
@plugins = {}
|
302
|
+
|
303
|
+
RECOGNIZED_PLUGINS.each do |name|
|
304
|
+
@plugins[name] = { 'status' => 'pending' }
|
305
|
+
end
|
306
|
+
end
|
234
307
|
end
|
235
308
|
|
236
309
|
AGENT_INIT_MUTEX = Mutex.new
|
@@ -32,14 +32,33 @@ end
|
|
32
32
|
class ActionDispatch::Cookies
|
33
33
|
if defined? SignedCookieJar
|
34
34
|
SignedCookieJar.send :include, Immunio::CookieHooks
|
35
|
+
|
36
|
+
Immunio.agent.register_plugin(
|
37
|
+
'ActionDispatch::Cookies::SignedCookieJar',
|
38
|
+
ActionPack::VERSION::STRING)
|
35
39
|
end
|
40
|
+
|
36
41
|
if defined? UpgradeLegacySignedCookieJar
|
37
42
|
UpgradeLegacySignedCookieJar.send :include, Immunio::CookieHooks
|
43
|
+
|
44
|
+
Immunio.agent.register_plugin(
|
45
|
+
'ActionDispatch::Cookies::UpgradeLegacySignedCookieJar',
|
46
|
+
ActionPack::VERSION::STRING)
|
38
47
|
end
|
48
|
+
|
39
49
|
if defined? EncryptedCookieJar
|
40
50
|
EncryptedCookieJar.send :include, Immunio::CookieHooks
|
51
|
+
|
52
|
+
Immunio.agent.register_plugin(
|
53
|
+
'ActionDispatch::Cookies::EncryptedCookieJar',
|
54
|
+
ActionPack::VERSION::STRING)
|
41
55
|
end
|
56
|
+
|
42
57
|
if defined? UpgradeLegacyEncryptedCookieJar
|
43
58
|
UpgradeLegacyEncryptedCookieJar.send :include, Immunio::CookieHooks
|
59
|
+
|
60
|
+
Immunio.agent.register_plugin(
|
61
|
+
'ActionDispatch::Cookies::UpgradeLegacyEncryptedCookieJar',
|
62
|
+
ActionPack::VERSION::STRING)
|
44
63
|
end
|
45
64
|
end
|
@@ -533,20 +533,49 @@ end
|
|
533
533
|
|
534
534
|
# Add XSS hooks if enabled
|
535
535
|
if Immunio::agent.plugin_enabled?("xss") then
|
536
|
+
action_view_version =
|
537
|
+
if ActionView.respond_to?(:version)
|
538
|
+
ActionView.version.to_s
|
539
|
+
else
|
540
|
+
Rails.version
|
541
|
+
end
|
542
|
+
|
536
543
|
# Hook into template engines.
|
537
544
|
ActionView::Template::Handlers::Erubis.send :include, Immunio::ErubisHooks
|
538
545
|
|
546
|
+
Immunio.agent.register_plugin(
|
547
|
+
'ActionView::Template::Handlers::Erubis',
|
548
|
+
action_view_version)
|
549
|
+
|
539
550
|
ActiveSupport.on_load(:after_initialize) do
|
540
551
|
# Wait after Rails initialization to patch custom template engines.
|
541
552
|
if defined? Haml::Compiler
|
542
553
|
Haml::Compiler.send :include, Immunio::HamlHooks
|
554
|
+
Immunio.agent.register_plugin('Haml::Compiler', Haml::VERSION)
|
543
555
|
end
|
544
556
|
|
545
557
|
Hash.send :include, Immunio::ActiveSupportHooks
|
558
|
+
Immunio.agent.register_plugin('Hash', RUBY_VERSION)
|
546
559
|
end
|
547
560
|
|
548
561
|
# Hook into rendering process of Rails.
|
549
562
|
ActionView::TemplateRenderer.send :include, Immunio::TemplateRendererHooks
|
563
|
+
|
564
|
+
Immunio.agent.register_plugin(
|
565
|
+
'ActionView::TemplateRenderer',
|
566
|
+
action_view_version)
|
567
|
+
|
550
568
|
ActionView::Template.send :include, Immunio::TemplateHooks
|
551
|
-
|
569
|
+
|
570
|
+
Immunio.agent.register_plugin(
|
571
|
+
'ActionView::Template',
|
572
|
+
action_view_version)
|
573
|
+
|
574
|
+
ActionController::Caching::Fragments.send(
|
575
|
+
:include,
|
576
|
+
Immunio::FragmentCachingHooks)
|
577
|
+
|
578
|
+
Immunio.agent.register_plugin(
|
579
|
+
'ActionController::Caching::Fragments',
|
580
|
+
action_view_version)
|
552
581
|
end
|
@@ -681,28 +681,66 @@ module Immunio
|
|
681
681
|
end
|
682
682
|
end
|
683
683
|
|
684
|
+
Immunio.agent.register_plugin('ActiveRecord', ActiveRecord::VERSION::STRING)
|
685
|
+
|
684
686
|
# Hook into quoting methods at the highest level possible in the ancestors chain.
|
685
687
|
# In case the quote methods were overridden in a child class.
|
686
688
|
module ActiveRecord::ConnectionAdapters
|
687
689
|
if defined? Mysql2Adapter
|
688
690
|
Mysql2Adapter.send :include, Immunio::QuotingHooks
|
691
|
+
|
692
|
+
Immunio.agent.register_plugin(
|
693
|
+
'ActiveRecord::ConnectionAdapters::Mysql2Adapter',
|
694
|
+
ActiveRecord::VERSION::STRING)
|
689
695
|
elsif defined? MysqlAdapter
|
690
696
|
MysqlAdapter.send :include, Immunio::QuotingHooks
|
697
|
+
|
698
|
+
Immunio.agent.register_plugin(
|
699
|
+
'ActiveRecord::ConnectionAdapters::MysqlAdapter',
|
700
|
+
ActiveRecord::VERSION::STRING)
|
691
701
|
end
|
702
|
+
|
692
703
|
if defined? PostgreSQLAdapter
|
693
704
|
PostgreSQLAdapter.send :include, Immunio::QuotingHooks
|
705
|
+
|
706
|
+
Immunio.agent.register_plugin(
|
707
|
+
'ActiveRecord::ConnectionAdapters::PostgreSQLAdapter',
|
708
|
+
ActiveRecord::VERSION::STRING)
|
694
709
|
end
|
710
|
+
|
695
711
|
if defined? SQLite3Adapter
|
696
712
|
SQLite3Adapter.send :include, Immunio::QuotingHooks
|
713
|
+
|
714
|
+
Immunio.agent.register_plugin(
|
715
|
+
'ActiveRecord::ConnectionAdapters::SQLite3Adapter',
|
716
|
+
ActiveRecord::VERSION::STRING)
|
697
717
|
elsif defined? SQLiteAdapter
|
698
718
|
SQLiteAdapter.send :include, Immunio::QuotingHooks
|
719
|
+
|
720
|
+
Immunio.agent.register_plugin(
|
721
|
+
'ActiveRecord::ConnectionAdapters::SQLiteAdapter',
|
722
|
+
ActiveRecord::VERSION::STRING)
|
699
723
|
end
|
700
724
|
end
|
701
725
|
|
702
726
|
module ActiveRecord::Sanitization
|
703
727
|
ClassMethods.send :include, Immunio::SanitizeHooks
|
728
|
+
|
729
|
+
Immunio.agent.register_plugin(
|
730
|
+
'ActiveRecord::Sanitization',
|
731
|
+
ActiveRecord::VERSION::STRING)
|
704
732
|
end
|
705
733
|
|
706
734
|
Arel::Visitors::ToSql.send :include, Immunio::ArelToSqlHooks
|
707
735
|
|
708
|
-
|
736
|
+
Immunio.agent.register_plugin(
|
737
|
+
'Arel::Visitors::ToSql',
|
738
|
+
ActiveRecord::VERSION::STRING)
|
739
|
+
|
740
|
+
ActiveRecord::ConnectionAdapters::AbstractAdapter.send(
|
741
|
+
:include,
|
742
|
+
Immunio::QueryExecutionHooks)
|
743
|
+
|
744
|
+
Immunio.agent.register_plugin(
|
745
|
+
'ActiveRecord::ConnectionAdapters::AbstractAdapter',
|
746
|
+
ActiveRecord::VERSION::STRING)
|
@@ -365,8 +365,56 @@ module Immunio
|
|
365
365
|
end
|
366
366
|
end
|
367
367
|
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
372
|
-
|
368
|
+
module ActiveRecord
|
369
|
+
if defined? Relation
|
370
|
+
Relation.send(
|
371
|
+
:include,
|
372
|
+
Immunio::RelationHooks)
|
373
|
+
|
374
|
+
Immunio.agent.register_plugin(
|
375
|
+
'ActiveRecord::Relation',
|
376
|
+
ActiveRecord::VERSION::STRING)
|
377
|
+
|
378
|
+
if defined? SpawnMethods
|
379
|
+
Relation.send(
|
380
|
+
:include,
|
381
|
+
Immunio::SpawnHooks)
|
382
|
+
|
383
|
+
Immunio.agent.register_plugin(
|
384
|
+
'ActiveRecord::SpawnMethods',
|
385
|
+
ActiveRecord::VERSION::STRING)
|
386
|
+
end
|
387
|
+
|
388
|
+
if defined? Querying
|
389
|
+
Relation.send(
|
390
|
+
:include,
|
391
|
+
Immunio::QueryingHooks)
|
392
|
+
|
393
|
+
Immunio.agent.register_plugin(
|
394
|
+
'ActiveRecord::Querying',
|
395
|
+
ActiveRecord::VERSION::STRING)
|
396
|
+
end
|
397
|
+
end
|
398
|
+
|
399
|
+
if defined? StatementCache
|
400
|
+
StatementCache.send(
|
401
|
+
:include,
|
402
|
+
Immunio::StatementCacheHooks)
|
403
|
+
|
404
|
+
Immunio.agent.register_plugin(
|
405
|
+
'ActiveRecord::StatementCache',
|
406
|
+
ActiveRecord::VERSION::STRING)
|
407
|
+
end
|
408
|
+
|
409
|
+
module Associations
|
410
|
+
if defined? HasManyThroughAssociation
|
411
|
+
HasManyThroughAssociation.send(
|
412
|
+
:include,
|
413
|
+
Immunio::HasManyThroughAssociationHooks)
|
414
|
+
|
415
|
+
Immunio.agent.register_plugin(
|
416
|
+
'ActiveRecord::Associations::HasManyThroughAssociation',
|
417
|
+
ActiveRecord::VERSION::STRING)
|
418
|
+
end
|
419
|
+
end
|
420
|
+
end
|
data/lib/immunio/plugins/csrf.rb
CHANGED
@@ -76,13 +76,9 @@ module Immunio
|
|
76
76
|
hostname_ip: hostname_ip,
|
77
77
|
ips: ips
|
78
78
|
},
|
79
|
-
|
79
|
+
plugins: Immunio.agent.plugins
|
80
80
|
}
|
81
81
|
|
82
|
-
Gem.loaded_specs.each_pair do |name, spec|
|
83
|
-
info[:dependencies][name] = spec.version.to_s
|
84
|
-
end
|
85
|
-
|
86
82
|
Immunio.agent.environment = info
|
87
83
|
end
|
88
84
|
end
|
data/lib/immunio/plugins/eval.rb
CHANGED
data/lib/immunio/plugins/io.rb
CHANGED
@@ -104,6 +104,8 @@ if Immunio.agent.plugin_enabled?("file_io")
|
|
104
104
|
IO.extend Immunio::IOClassHooks
|
105
105
|
File.extend Immunio::FileClassHooks
|
106
106
|
Immunio.logger.debug { "IO: All hooks installed." }
|
107
|
+
Immunio.agent.register_plugin('IO', RUBY_VERSION)
|
108
|
+
Immunio.agent.register_plugin('File', RUBY_VERSION)
|
107
109
|
end
|
108
110
|
|
109
111
|
# Add Kernel hooks if enabled
|
@@ -112,4 +114,5 @@ if Immunio.agent.plugin_enabled?("shell_command")
|
|
112
114
|
Kernel.send :include, Immunio::KernelModuleHooks
|
113
115
|
Kernel.extend Immunio::KernelModuleHooks
|
114
116
|
Immunio.logger.debug { "Shell: All hooks installed." }
|
117
|
+
Immunio.agent.register_plugin('Kernel (Module)', RUBY_VERSION)
|
115
118
|
end
|
@@ -39,4 +39,8 @@ end
|
|
39
39
|
if Immunio::agent.plugin_enabled?("redirect") then
|
40
40
|
ActionController::Base.send :include, Immunio::RedirectHook
|
41
41
|
Immunio.logger.debug { "Redirect: All hooks installed." }
|
42
|
+
|
43
|
+
Immunio.agent.register_plugin(
|
44
|
+
'ActionController (Redirect)',
|
45
|
+
ActionPack::VERSION::STRING)
|
42
46
|
end
|
data/lib/immunio/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: immunio
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Immunio
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-10-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|