immunio 1.1.15 → 1.1.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7ae2946181dda203daf7cce9652ac99d78f0c822
-  data.tar.gz: c5c3ef8b2ab329ac11e5f3823601df36db381853
+  metadata.gz: 8a87728c00394abac56d459bdcc7ea86553a716f
+  data.tar.gz: fbd84915ed83ee4fa2e51ab71311c3ba10eb95d9
 SHA512:
-  metadata.gz: ce62844b8ece04eaef147d59391ede1299b46734078ab3e5c1f4bf2965fa57544ed1a7439797a9cc1bda6dffe3473af2411f04d8a513ef199b8e3e2658761c54
-  data.tar.gz: 266a2912f823c888e4c61ed20c84b2a780592f60ad1f6b581d1bbe5587b386b99347d2bb70f21815ce357b65221c9895135751d2e72a9e11519e6575925df8fd
+  metadata.gz: d148db1912d727214674e848b73cf696f524e54102e134ccd34967375da99e808c2ae3cbd15c166f9c08642c13678416d0ec260a891ba9684f76347d1554e8cc
+  data.tar.gz: 78d2e33446b767e2f1f21214268211ad212ee270cc0399a373ab04bf82161fbe0ef28e36a4608fec8a8a2ff9185b6a6d83c92a9da3fd63da2cdae74d6b633ee8

data/lib/immunio/plugins/action_dispatch.rb

@@ -16,21 +16,108 @@ module Immunio
     def lookup_with_immunio(name)
       Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
         raw_cookie_value = @parent_jar[name]
-        cookie_value = Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
+
+        cookie_value = Request.pause(
+          'plugin',
+          "#{Module.nesting[0]}::#{__method__}") do
           lookup_without_immunio(name)
         end
+
         if !raw_cookie_value.nil? and cookie_value.nil?
-          Immunio.run_hook! "action_dispatch", "bad_cookie", key: name,
-                                                             value: raw_cookie_value
+          Immunio.run_hook!(
+            'action_dispatch',
+            'bad_cookie',
+            key: name,
+            value: raw_cookie_value)
         end
+
         cookie_value
       end
     end
   end
+
+  module ParamsHooks
+    extend ActiveSupport::Concern
+
+    included do
+      if method_defined? :request_parameters
+        Immunio::Utils.alias_method_chain self, :request_parameters, :immunio
+      end
+    end
+
+    protected
+
+    # Convert key/values for lua
+    #
+    #   hi: 'ho'
+    #     -> 'hi' => ['ho']
+    #
+    #   array: ['c', 'd']
+    #     -> 'array' => ['c', 'd']
+    #
+    #   hash: { foo: ['bar', 'baz'] }
+    #     -> 'hash[foo]' => ['bar', 'baz']
+    #
+    #   user: {
+    #     name: 'john',
+    #     email: 'john@example.com',
+    #     address_attributes: {
+    #       city: 'Montreal',
+    #       id: '1'
+    #     }
+    #   }
+    # }
+    #
+    # is transformed to key/value pairs:
+    #
+    #   'user[name]' => ['john'],
+    #   'user[email]' => ['john@example.com'],
+    #   'user[address_attributes][city]' => ['Montreal'],
+    #   'user[address_attributes][id]' => ['1']
+    #
+    def convert_value(hash, key, value, nested_keys = nil)
+      # Filter out UploadedFile.
+      unless value.respond_to?(:open)
+        if value.respond_to?(:keys)
+          nested = nested_keys ? nested_keys : "#{key}"
+          value.each do |k, val|
+            if val.respond_to?(:keys)
+              convert_value(hash, k, val, nested + "[#{k}]")
+            else
+              hash["#{nested}[#{k}]"] = [val].flatten
+            end
+          end
+        else
+          hash[key] = [value].flatten
+        end
+      end
+    end
+
+    def request_parameters_with_immunio
+      params = request_parameters_without_immunio
+
+      Request.time 'plugin', "#{Module.nesting[0]}::#{__method__}" do
+        if params.any?
+          filtered = {}.tap do |hash|
+            params.each do |key, value|
+              convert_value(hash, key, value)
+            end
+          end
+          Immunio.run_hook!(
+            'action_dispatch',
+            'framework_input_params',
+            params: filtered)
+        end
+      end
+
+      params
+    end
+  end
 end
 
-Immunio::Plugin.load 'ActionDispatch (Cookie)',
-                     hooks: %w( bad_cookie ) do |plugin|
+Immunio::Plugin.load(
+  'ActionDispatch (Cookie)',
+  hooks: %w(bad_cookie)) do |plugin|
 
   class ActionDispatch::Cookies
     if defined? SignedCookieJar
@@ -52,3 +139,12 @@ Immunio::Plugin.load 'ActionDispatch (Cookie)',
 
   plugin.loaded! ActionPack::VERSION::STRING
 end
+
+Immunio::Plugin.load(
+  'ActionDispatch (Params)',
+  hooks: %w(framework_input_params)) do |plugin|
+
+  ActionDispatch::Request.send :include, Immunio::ParamsHooks
+
+  plugin.loaded! ActionPack::VERSION::STRING
+end

data/lib/immunio/plugins/active_record.rb

@@ -608,19 +608,18 @@ module Immunio
           # possible due to how we wrap things, but there's no explicit
           # guarantee.
           relation_data = @relation_data[relation_id]
-          params = relation_data[:params].clone
           context_data = (relation_data[:relation_data] + relation_data[:ast_data]).join "\n"
 
           # modifiers must be cloned because it will be cleared when the
           # relation is reset.
           modifiers = relation_data[:modifiers].clone
         else
-          params = {}
           context_data = nil
           modifiers = {}
         end
 
-        # Merge bound values
+        # Merge bound values into params
+        params = {}
         question_marks = 0
         payload[:binds].each do |(column, value)|
           if column.nil?

data/lib/immunio/version.rb

@@ -1,5 +1,5 @@
 module Immunio
   AGENT_TYPE = "agent-ruby"
-  VERSION = "1.1.15"
+  VERSION = "1.1.16"
   VM_VERSION = "2.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: immunio
 version: !ruby/object:Gem::Version
-  version: 1.1.15
+  version: 1.1.16
 platform: ruby
 authors:
 - Immunio
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-05-24 00:00:00.000000000 Z
+date: 2017-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails