RubyGems - immunio - Versions diffs - 2.0.3 → 2.0.4 - Mend

immunio 2.0.3 → 2.0.4

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/immunio/plugins/active_record.rb +49 -44
data/lib/immunio/version.rb +1 -1
data/lua-hooks/libluahooks.darwin.a +0 -0
data/lua-hooks/libluahooks.linux.a +0 -0
metadata +2 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 993e57dba4e7715f5c0dee11ed55f883810dd7d5
-  data.tar.gz: 8f1f6f6cad127307bd6ea31c591d4f31fb836e76
+  metadata.gz: 3cbab63b96eedbb41328fdcffdfb7cfeb741c5da
+  data.tar.gz: d9fe8656a473a6622813984793e8f3c97cc4c85f
 SHA512:
-  metadata.gz: 68256e36c7fc57d2358f69adb74a2cc1c112c9da4c1423401863bb7b2e533c543c1ac4007d708a13b10cc4a16253eaf0ddf02e4edec8b3dedba90d456fd46b0f
-  data.tar.gz: 60507902a61f595c378ad8817b2b27c6ea546fb51378a5f934232ea4fef85dfb5b9a2e6b93e29104b7db07133873d75e8a625e70fb4070470c252d00894e5e75
+  metadata.gz: 5c3c13e48ede7a6b5a805e2c1db06ed78d53d23a9a43e471d96e839700fbc8e6e505b5010e0f740ac10799aefc21f72b76496545a504fe830849139de2410830
+  data.tar.gz: 15a5c96a49d5a4324490d10fb95f981f6b559384761c455b7480e5922b433d00222d3afda3c9429084790305e1aa5f5f53c9bb7fc7370c151db0b4ee84f90363

data/lib/immunio/plugins/active_record.rb CHANGED

@@ -18,35 +18,35 @@ module Immunio
     if Rails::VERSION::MAJOR == 5 && Rails::VERSION::MINOR > 0
       # Passing a column to `quote` has been deprecated in 5.0.
       def quote_with_immunio(value)
-        Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-          # Ignored empty strings and values that can't contain injections.
-          unless value.blank? || IGNORED_TYPES.include?(value.class)
-            QueryTracker.instance.add_param nil, value.to_s, object_id
-          end
-          Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
-            quote_without_immunio(value)
+        if Request.current
+          Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+            # Ignored empty strings and values that can't contain injections.
+            unless value.blank? || IGNORED_TYPES.include?(value.class)
+              QueryTracker.instance.add_param nil, value.to_s, object_id
+            end
           end
         end
+        quote_without_immunio(value)
       end
     else
       def quote_with_immunio(value, column = nil)
-        Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-          if column
-            column_name = column.name
-          else
-            column_name = nil
-          end
-          # Ignored empty strings and values that can't contain injections.
-          unless value.blank? || IGNORED_TYPES.include?(value.class)
-            QueryTracker.instance.add_param column_name, value.to_s, object_id
-          end
+        if Request.current
+          Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+            if column
+              column_name = column.name
+            else
+              column_name = nil
+            end
-          Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
-            quote_without_immunio(value, column)
+            # Ignored empty strings and values that can't contain injections.
+            unless value.blank? || IGNORED_TYPES.include?(value.class)
+              QueryTracker.instance.add_param column_name, value.to_s, object_id
+            end
           end
         end
+        quote_without_immunio(value, column)
       end
     end
   end
@@ -69,22 +69,23 @@ module Immunio
     included do |base|
       base.class_eval do
         def sanitize_sql_array_with_immunio(ary)
-          Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-            statement, *values = ary
-            # Check if rails will use some other mechanism for quoting
-            unless (values.first.is_a?(Hash) && statement =~ /:\w+/) ||
-                   (statement.include?('?')) ||
-                   (statement.blank?)
-              # Rails is going to use quote_string, so handle parameters
-              values.each { |value| QueryTracker.instance.add_param nil, value, connection.object_id }
-            end
-            Request.pause "plugin", "#{Module.nesting[0]}::#{__method__}" do
-              sanitize_sql_array_without_immunio ary
+          if Request.current
+            Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+              statement, *values = ary
+              # Check if rails will use some other mechanism for quoting
+              unless (values.first.is_a?(Hash) && statement =~ /:\w+/) ||
+                     (statement.include?('?')) ||
+                     (statement.blank?)
+                # Rails is going to use quote_string, so handle parameters
+                values.each { |value| QueryTracker.instance.add_param nil, value, connection.object_id }
+              end
             end
           end
+          sanitize_sql_array_without_immunio ary
         end
         Immunio::Utils.alias_method_chain self, :sanitize_sql_array, :immunio
       end
     end
@@ -98,9 +99,11 @@ module Immunio
     end
     def accept_with_immunio(object, *args)
-      Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
-        visitor = ArelNodeVisitor.new(@connection.object_id)
-        visitor.accept(object)
+      if Request.current
+        Request.time "plugin", "#{Module.nesting[0]}::#{__method__}" do
+          visitor = ArelNodeVisitor.new(@connection.object_id)
+          visitor.accept(object)
+        end
       end
       accept_without_immunio(object, *args)
@@ -718,13 +721,15 @@ module Immunio
     def log_with_immunio(sql, name = "SQL", binds = [], *args)
       # Some rails tests (in particular postresql) call :log with nil `sql`.
-      QueryTracker.instance.call(
-        {
-          sql: sql,
-          connection_id: object_id,
-          binds: binds
-        },
-        adapter_name) if sql
+      if sql && Request.current
+        QueryTracker.instance.call(
+          {
+            sql: sql,
+            connection_id: object_id,
+            binds: binds
+          },
+          adapter_name)
+      end
       # Log and execute the query
       log_without_immunio(sql, name, binds, *args) { yield }

data/lib/immunio/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Immunio
   AGENT_TYPE = "agent-ruby"
-  VERSION = "2.0.3"
+  VERSION = "2.0.4"
   VM_VERSION = "2.2.0"
 end

data/lua-hooks/libluahooks.darwin.a CHANGED

Binary file

data/lua-hooks/libluahooks.linux.a CHANGED

Binary file

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: immunio
 version: !ruby/object:Gem::Version
-  version: 2.0.3
+  version: 2.0.4
 platform: ruby
 authors:
 - Immunio
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-02-01 00:00:00.000000000 Z
+date: 2018-02-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails