immunio 1.1.6 → 1.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 26f001c2c60f9b1529d0b5e98c0352b7171f0efc
-  data.tar.gz: b4ce5d424d95435e048057766fbff2f86862c2cc
+  metadata.gz: b00b1a9669f4e9f0ec6b571a88b2d1df883cbf94
+  data.tar.gz: 6fdf549ca4de7c8bf912a1fdcaf7bc00521c4e4b
 SHA512:
-  metadata.gz: 63ca57ac77abbd1488c5dd425a91c3faa95c7ae87ccd43798279246f013dac88c957fccc200876cdd8b7077748452819986ddb95ba0a534274808ee89ed9630d
-  data.tar.gz: 8fb5fc3f10c09fabe8cbbac5cb288e7563b37fbe6f60c51a3f68801f2a19fdcf592498c71cfda0d0d116ec13dfa5b9a82b4e77e47750c6221b9da00bb812b231
+  metadata.gz: d947098d70f20d0a073789d8742570bb64373fce01429f2207133ac603d612d25534dd362dad87ebfacb57ed0bde6c34038355e336238b28b42a0678bed42f7d
+  data.tar.gz: f4a9b98cce16ba098561bb64bafcadf5fe50f1f9becbbc87549c5df9234f1f55062715274a59c44eadcb37088dc60a19bfe61ce44d59214f5056e9d733579b62

data/lib/immunio/plugin.rb

@@ -14,11 +14,13 @@ module Immunio
   class Plugin
     attr_reader :status
     attr_accessor :version
+    attr_accessor :hooks
 
-    def initialize(name)
+    def initialize(name, hooks = [])
       @name = name
       @status = 'pending'
       @version = nil
+      @hooks = hooks
     end
 
     def loaded!(version)
@@ -38,14 +40,15 @@ module Immunio
     end
 
     def inspect
-      "<#{self.class} name=#{@name.inspect} status=#{@status.inspect} version=#{@version.inspect}>"
+      "<#{self.class} name=#{@name.inspect} status=#{@status.inspect} version=#{@version.inspect} hooks=#{@hooks.inspect}>"
     end
 
     def to_msgpack(packer)
-      packer.write_map_header 2
+      packer.write_map_header 3
       # `name` is provided as the key in `registered`
       packer.write('status').write(@status)
       packer.write('version').write(@version)
+      packer.write('hooks').write(@hooks)
     end
 
     def self.registered
@@ -76,7 +79,7 @@ module Immunio
         enabled = true
       end
 
-      plugin = registered[name] = new(name)
+      plugin = registered[name] = new(name, options.fetch(:hooks, []))
 
       unless enabled # plugin is disabled
         plugin.disabled!
@@ -91,4 +94,4 @@ module Immunio
       end
     end
   end
-end
+end

data/lib/immunio/plugins/action_dispatch.rb

@@ -29,7 +29,9 @@ module Immunio
   end
 end
 
-Immunio::Plugin.load 'ActionDispatch (Cookie)' do |plugin|
+Immunio::Plugin.load 'ActionDispatch (Cookie)',
+                     hooks: %w( bad_cookie ) do |plugin|
+
   class ActionDispatch::Cookies
     if defined? SignedCookieJar
       SignedCookieJar.send :include, Immunio::CookieHooks
@@ -47,5 +49,6 @@ Immunio::Plugin.load 'ActionDispatch (Cookie)' do |plugin|
       UpgradeLegacyEncryptedCookieJar.send :include, Immunio::CookieHooks
     end
   end
+
   plugin.loaded! ActionPack::VERSION::STRING
 end

data/lib/immunio/plugins/action_view.rb

@@ -533,14 +533,23 @@ end
 
 # Load the plugins
 
-Immunio::Plugin.load 'Erubis', feature: 'xss' do |plugin|
+Immunio::Plugin.load(
+  'Erubis',
+  feature: 'xss',
+  hooks: %w( template_render_done template_render_var )) do |plugin|
+
   ActionView::Template::Handlers::Erubis.send :include, Immunio::ErubisHooks
+
   plugin.loaded! Rails.version
 end
 
 ActiveSupport.on_load(:after_initialize) do
   # Wait after Rails initialization to patch custom template engines.
-  Immunio::Plugin.load 'Haml', feature: 'xss' do |plugin|
+  Immunio::Plugin.load(
+    'Haml',
+    feature: 'xss',
+    hooks: %w( template_render_done template_render_var )) do |plugin|
+
     if defined? Haml::Compiler
       Haml::Compiler.send :include, Immunio::HamlHooks
       plugin.loaded! Haml::VERSION
@@ -552,7 +561,11 @@ ActiveSupport.on_load(:after_initialize) do
 end
 
 # Hook into rendering process of Rails.
-Immunio::Plugin.load 'ActionView', feature: 'xss' do |plugin|
+Immunio::Plugin.load(
+  'ActionView',
+  feature: 'xss',
+  hooks: %w( template_render_done template_render_var )) do |plugin|
+
   ActionView::TemplateRenderer.send :include, Immunio::TemplateRendererHooks
   ActionView::Template.send :include, Immunio::TemplateHooks
   ActionController::Caching::Fragments.send(

data/lib/immunio/plugins/authlogic.rb

@@ -1,4 +1,5 @@
-# Register callbacks to Authlogic (https://github.com/binarylogic/authlogic). A popular authentication system.
+# Register callbacks to Authlogic (https://github.com/binarylogic/authlogic).
+# A popular authentication system.
 
 begin
   require "authlogic"
@@ -6,7 +7,10 @@ rescue LoadError # rubocop:disable Lint/HandleExceptions
   # Ignore
 end
 
-Immunio::Plugin.load 'Authlogic' do |plugin|
+Immunio::Plugin.load(
+  'Authlogic',
+  hooks: %w( authenticate framework_login framework_user )) do |plugin|
+
   if defined? Authlogic
     module Immunio
       module Authlogic
@@ -27,10 +31,12 @@ Immunio::Plugin.load 'Authlogic' do |plugin|
                 info = {plugin: "authlogic"}
 
                 if defined?(:record) && record
-                  # record is set when already logged in, e.g. you are now logging out
+                  # record is set when already logged in,
+                  # e.g. you are now logging out
                   info[:user_record] = record
                 elsif defined?(:attempted_record) && attempted_record
-                  # attempted_record is set when attempting to log in and the user record has been fetched
+                  # attempted_record is set when attempting to log in and the
+                  # user record has been fetched
                   info[:user_record] = attempted_record
                 end
 
@@ -45,7 +51,9 @@ Immunio::Plugin.load 'Authlogic' do |plugin|
 
               def immunio_login
                 Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-                  Immunio.logger.debug {"Authlogic instrumentation fired for login with opts #{opts}"}
+                  Immunio.logger.debug do
+                    "Authlogic instrumentation fired for login with opts #{opts}"
+                  end
                   Immunio.login opts
                 end
               end
@@ -53,7 +61,9 @@ Immunio::Plugin.load 'Authlogic' do |plugin|
               def immunio_check_failed_login
                 if errors.any?
                   Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-                    Immunio.logger.debug { "Authlogic instrumentation fired for before_failure with opts #{opts}" }
+                    Immunio.logger.debug do
+                      "Authlogic instrumentation fired for before_failure with opts #{opts}"
+                    end
                     Immunio.failed_login opts
                   end
                 end
@@ -61,14 +71,18 @@ Immunio::Plugin.load 'Authlogic' do |plugin|
 
               def immunio_logout
                 Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-                  Immunio.logger.debug { "Authlogic instrumentation fired for logout with opts #{opts}" }
+                  Immunio.logger.debug do
+                    "Authlogic instrumentation fired for logout with opts #{opts}"
+                  end
                   Immunio.logout opts
                 end
               end
 
               def immunio_set_user
                 Immunio::Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-                  Immunio.logger.debug { "Authlogic instrumentation fired for after_set_user with opts #{opts}" }
+                  Immunio.logger.debug do
+                    "Authlogic instrumentation fired for after_set_user with opts #{opts}"
+                  end
                   Immunio.set_user opts
                 end
               end
@@ -81,4 +95,4 @@ Immunio::Plugin.load 'Authlogic' do |plugin|
 
     plugin.loaded! Gem.loaded_specs['authlogic'].version.to_s
   end
-end
+end

data/lib/immunio/plugins/csrf.rb

@@ -23,7 +23,10 @@ module Immunio
   end
 end
 
-Immunio::Plugin.load 'ActionController (CSRF)' do |plugin|
+Immunio::Plugin.load 'ActionController (CSRF)',
+                     hooks: %w( framework_csrf_check ) do |plugin|
+
   ActionController::Base.send :include, Immunio::CsrfHook
+
   plugin.loaded! ActionPack::VERSION::STRING
 end

data/lib/immunio/plugins/devise.rb

@@ -6,7 +6,15 @@ rescue LoadError # rubocop:disable Lint/HandleExceptions
   # Ignore
 end
 
-Immunio::Plugin.load 'Devise' do |plugin|
+Immunio::Plugin.load 'Devise',
+                     hooks: [
+                       'authenticate',
+                       'framework_login',
+                       'framework_user',
+                       'framework_logout',
+                       'framework_password_reset'
+                     ] do |plugin|
+
   if defined? Devise
     module Immunio
       # Hook into password recovery feature to trigger the `framework_password_reset` hook.
@@ -19,7 +27,9 @@ Immunio::Plugin.load 'Devise' do |plugin|
 
         def send_reset_password_instructions_with_immunio(attributes={})
           Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-            Immunio.logger.debug { "Devise instrumentation fired for send_reset_password_instructions" }
+            Immunio.logger.debug do
+              "Devise instrumentation fired for send_reset_password_instructions"
+            end
 
             recoverable = find_or_initialize_with_errors(reset_password_keys, attributes, :not_found)
 
@@ -42,4 +52,4 @@ Immunio::Plugin.load 'Devise' do |plugin|
     require 'devise/version'
     plugin.loaded! Devise::VERSION
   end
-end
+end

data/lib/immunio/plugins/environment_reporter.rb

@@ -52,8 +52,9 @@ module Immunio
     end
 
     def hostname_ip
-      # SocketError is raised if we can't fetch the hostname with `Socket.gethostname`.
-      Addrinfo.getaddrinfo(hostname, nil).first.ip_address rescue SocketError
+      # Return nil if we can't fetch the hostname with `Socket.gethostname`,
+      # for example if there is no public IPV4 interface.
+      Addrinfo.getaddrinfo(hostname, nil).first.ip_address rescue nil
     end
 
     def plugins

data/lib/immunio/plugins/eval.rb

@@ -37,8 +37,12 @@ module Immunio
   end
 end
 
-Immunio::Plugin.load 'Kernel (Eval)', feature: 'eval' do |plugin|
+Immunio::Plugin.load 'Kernel (Eval)',
+                     feature: 'eval',
+                     hooks: %w( eval ) do |plugin|
+
   Kernel.send :include, Immunio::KernelEvalHook
   Kernel.extend Immunio::KernelEvalHook
+
   plugin.loaded! RUBY_VERSION
 end

data/lib/immunio/plugins/io.rb

@@ -100,14 +100,18 @@ module Immunio
 end
 
 # Add FileIO hooks if enabled
-Immunio::Plugin.load 'IO', feature: 'file_io' do |plugin|
+Immunio::Plugin.load 'IO', feature: 'file_io', hooks: %w( file_io ) do |plugin|
+
   IO.extend Immunio::IOClassHooks
   File.extend Immunio::FileClassHooks
   plugin.loaded! RUBY_VERSION
 end
 
 # Add Kernel hooks if enabled
-Immunio::Plugin.load 'Kernel (shell_command)', feature: 'shell_command' do |plugin|
+Immunio::Plugin.load 'Kernel (shell_command)',
+                     feature: 'shell_command',
+                     hooks: %w( shell_io ) do |plugin|
+
   # Both are necessary to hook calling both Kernel.open() and open() etc.
   Kernel.send :include, Immunio::KernelModuleHooks
   Kernel.extend Immunio::KernelModuleHooks

data/lib/immunio/plugins/redirect.rb

@@ -22,7 +22,7 @@ module Immunio
             loptions = loptions.call
           end
           if loptions.is_a? String then
-            strict_context, loose_context, stack = Immunio::Context.context() # rubocop:disable Lint/UselessAssignment
+            _strict_context, loose_context, stack = Immunio::Context.context()
             Immunio.run_hook! "redirect", "framework_redirect",
                               destination_url: loptions,
                               context_key: loose_context,
@@ -36,7 +36,10 @@ module Immunio
   end
 end
 
-Immunio::Plugin.load 'ActionController (Redirect)', feature: 'redirect' do |plugin|
+Immunio::Plugin.load 'ActionController (Redirect)',
+                     feature: 'redirect',
+                     hooks: %w( framework_redirect ) do |plugin|
+
   ActionController::Base.send :include, Immunio::RedirectHook
 
   plugin.loaded! ActionPack::VERSION::STRING

data/lib/immunio/plugins/warden.rb

@@ -6,12 +6,21 @@ rescue LoadError # rubocop:disable Lint/HandleExceptions
   # Ignore
 end
 
-Immunio::Plugin.load 'Warden' do |plugin|
+Immunio::Plugin.load 'Warden',
+                     hooks: [
+                       'authenticate',
+                       'framework_login',
+                       'framework_user',
+                       'framework_logout'
+                     ] do |plugin|
+
   if defined?(Warden::Manager)
     class Warden::Manager
       after_authentication do |user|
         Immunio::Request.time "plugin", "Warden::Manager.after_authentication" do
-          Immunio.logger.debug { "Warden instrumentation fired for after_authentication" }
+          Immunio.logger.debug do
+            "Warden instrumentation fired for after_authentication"
+          end
           Immunio.login user_record: user, plugin: "warden"
         end
       end
@@ -37,7 +46,9 @@ Immunio::Plugin.load 'Warden' do |plugin|
             Immunio.logger.debug { "Warden instrumentation fired for before_failure" }
             Immunio.failed_login info
           else
-            Immunio.logger.debug { "Failed to find user info for Warden failure, ignoring instead of reporting as failed login" }
+            Immunio.logger.debug do
+              "Failed to find user info for Warden failure, ignoring instead of reporting as failed login"
+            end
           end
         end
       end
@@ -71,4 +82,4 @@ Immunio::Plugin.load 'Warden' do |plugin|
     require 'warden/version'
     plugin.loaded! Warden::VERSION
   end
-end
+end

data/lib/immunio/rails.rb

@@ -7,7 +7,18 @@ require_relative "plugins/warden"
 
 module Immunio
   class Engine < ::Rails::Engine
-    Immunio::Plugin.load 'Middlewares' do |plugin|
+    Immunio::Plugin.load 'Middlewares',
+                         hooks: [
+                           'http_request_start',
+                           'http_request_finish',
+                           'http_response_start',
+                           'http_request_body_chunk',
+                           'http_response_body_chunk',
+                           'exception',
+                           'framework_route',
+                           'framework_session',
+                         ] do |plugin|
+
       config.app_middleware.insert 0, HTTPFinisher
       config.app_middleware.insert_before ActionDispatch::ShowExceptions, HTTPTracker
       config.app_middleware.insert_after ActionDispatch::DebugExceptions, ExceptionHandler
@@ -17,7 +28,10 @@ module Immunio
 
     config.action_dispatch.rescue_responses.merge!('Immunio::RequestBlocked' => :forbidden)
 
-    Immunio::Plugin.load 'ActionRecord', feature: 'sqli' do |plugin|
+    Immunio::Plugin.load 'ActionRecord',
+                         feature: 'sqli',
+                         hooks: %w( sql_execute ) do |plugin|
+
       initializer "immunio.active_record", after: "active_record.initialize_database" do
         ActiveSupport.on_load(:active_record) do
           require_relative "plugins/active_record"

data/lib/immunio/version.rb

@@ -1,5 +1,5 @@
 module Immunio
   AGENT_TYPE = "agent-ruby"
-  VERSION = "1.1.6"
+  VERSION = "1.1.7"
   VM_VERSION = "2.2.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: immunio
 version: !ruby/object:Gem::Version
-  version: 1.1.6
+  version: 1.1.7
 platform: ruby
 authors:
 - Immunio
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-11 00:00:00.000000000 Z
+date: 2017-01-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails