RubyGems - periscope_rails - Versions diffs - 0.0.3 → 0.0.4 - Mend

periscope_rails 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

data/Gemfile.lock +94 -94
data/app/periscope/periscope_controller.rb +76 -60
data/config/routes.rb +3 -3
data/lib/periscope_rails/config.rb +51 -11
data/lib/periscope_rails/engine.rb +3 -3
data/lib/periscope_rails/version.rb +3 -3
data/periscope_rails.gemspec +22 -22
metadata +17 -7

data/Gemfile.lock CHANGED Viewed

@@ -1,94 +1,94 @@
-PATH
-  remote: .
-  specs:
-    periscope_rails (0.0.1)
-      activesupport (~> 3.1.3)
-      rails (~> 3.1.3)
-GEM
-  remote: http://rubygems.org/
-  specs:
-    actionmailer (3.1.3)
-      actionpack (= 3.1.3)
-      mail (~> 2.3.0)
-    actionpack (3.1.3)
-      activemodel (= 3.1.3)
-      activesupport (= 3.1.3)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      i18n (~> 0.6)
-      rack (~> 1.3.5)
-      rack-cache (~> 1.1)
-      rack-mount (~> 0.8.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.0.3)
-    activemodel (3.1.3)
-      activesupport (= 3.1.3)
-      builder (~> 3.0.0)
-      i18n (~> 0.6)
-    activerecord (3.1.3)
-      activemodel (= 3.1.3)
-      activesupport (= 3.1.3)
-      arel (~> 2.2.1)
-      tzinfo (~> 0.3.29)
-    activeresource (3.1.3)
-      activemodel (= 3.1.3)
-      activesupport (= 3.1.3)
-    activesupport (3.1.3)
-      multi_json (~> 1.0)
-    arel (2.2.1)
-    builder (3.0.0)
-    erubis (2.7.0)
-    hike (1.2.1)
-    i18n (0.6.0)
-    json (1.6.5)
-    mail (2.3.0)
-      i18n (>= 0.4.0)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.17.2)
-    multi_json (1.1.0)
-    polyglot (0.3.3)
-    rack (1.3.6)
-    rack-cache (1.1)
-      rack (>= 0.4)
-    rack-mount (0.8.3)
-      rack (>= 1.0.0)
-    rack-ssl (1.3.2)
-      rack
-    rack-test (0.6.1)
-      rack (>= 1.0)
-    rails (3.1.3)
-      actionmailer (= 3.1.3)
-      actionpack (= 3.1.3)
-      activerecord (= 3.1.3)
-      activeresource (= 3.1.3)
-      activesupport (= 3.1.3)
-      bundler (~> 1.0)
-      railties (= 3.1.3)
-    railties (3.1.3)
-      actionpack (= 3.1.3)
-      activesupport (= 3.1.3)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (~> 0.14.6)
-    rake (0.9.2.2)
-    rdoc (3.12)
-      json (~> 1.4)
-    sprockets (2.0.3)
-      hike (~> 1.2)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    thor (0.14.6)
-    tilt (1.3.3)
-    treetop (1.4.10)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.31)
-PLATFORMS
-  x86-mingw32
-DEPENDENCIES
-  periscope_rails!
+PATH
+  remote: .
+  specs:
+    periscope_rails (0.0.1)
+      activesupport (~> 3.1.3)
+      rails (~> 3.1.3)
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionmailer (3.1.3)
+      actionpack (= 3.1.3)
+      mail (~> 2.3.0)
+    actionpack (3.1.3)
+      activemodel (= 3.1.3)
+      activesupport (= 3.1.3)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      i18n (~> 0.6)
+      rack (~> 1.3.5)
+      rack-cache (~> 1.1)
+      rack-mount (~> 0.8.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.0.3)
+    activemodel (3.1.3)
+      activesupport (= 3.1.3)
+      builder (~> 3.0.0)
+      i18n (~> 0.6)
+    activerecord (3.1.3)
+      activemodel (= 3.1.3)
+      activesupport (= 3.1.3)
+      arel (~> 2.2.1)
+      tzinfo (~> 0.3.29)
+    activeresource (3.1.3)
+      activemodel (= 3.1.3)
+      activesupport (= 3.1.3)
+    activesupport (3.1.3)
+      multi_json (~> 1.0)
+    arel (2.2.1)
+    builder (3.0.0)
+    erubis (2.7.0)
+    hike (1.2.1)
+    i18n (0.6.0)
+    json (1.6.5)
+    mail (2.3.0)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.17.2)
+    multi_json (1.1.0)
+    polyglot (0.3.3)
+    rack (1.3.6)
+    rack-cache (1.1)
+      rack (>= 0.4)
+    rack-mount (0.8.3)
+      rack (>= 1.0.0)
+    rack-ssl (1.3.2)
+      rack
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    rails (3.1.3)
+      actionmailer (= 3.1.3)
+      actionpack (= 3.1.3)
+      activerecord (= 3.1.3)
+      activeresource (= 3.1.3)
+      activesupport (= 3.1.3)
+      bundler (~> 1.0)
+      railties (= 3.1.3)
+    railties (3.1.3)
+      actionpack (= 3.1.3)
+      activesupport (= 3.1.3)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (~> 0.14.6)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
+    sprockets (2.0.3)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    thor (0.14.6)
+    tilt (1.3.3)
+    treetop (1.4.10)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.31)
+PLATFORMS
+  x86-mingw32
+DEPENDENCIES
+  periscope_rails!

data/app/periscope/periscope_controller.rb CHANGED Viewed

@@ -1,60 +1,76 @@
-class PeriscopeController < ActionController::Base
-  before_filter :authenticate
-  protect_from_forgery :except => [:look, :login]
-  def look
-    if !params[:sql].nil?
-      render :json => run_sql(params[:sql])
-    else
-      render :json => {:error => "Command not understood"}
-    end
-  end
-  def login
-    render :json => get_info()
-  end
-  private
-  def authenticate
-    unless PeriscopeRails::Config.check_password(params[:password].to_s)
-      render :json => {:error => "Password invalid."}
-    end
-  end
-  def run_sql(sql_command)
-    #TODO: protect based on CFG, not blacklist
-    bad_words = %W{drop delete update into insert index add remove grant revoke create createdb}
-    bad_words += %W{createuser createrole destroy disconnect exec execute dropdb primary key rollback ; --}
-    rows = nil
-    error_message = nil
-    command = sql_command.to_s.strip
-    command_words = command.downcase.gsub(/[^a-zA-Z0-9]/, " ").gsub(/\s+/, " ").split(" ")
-    if command == ""
-      #nothing
-    elsif (command_words & bad_words).size > 0
-      error_message = "Potentially harmful keyword found, blocking script."
-    else
-      begin
-        ActiveRecord::Base.transaction do
-          rows = ActiveRecord::Base.connection.select_all(command)
-          p rows
-          raise "OK" #abort all transactions for extra protection
-        end
-      rescue Exception => e
-        error_message = e.message unless e.message == "OK"
-      end
-    end
-    return {:error => error_message, :data => rows}
-  end
-  def get_info
-    tables = []
-    table_names = ActiveRecord::Base.connection.tables.sort
-    table_names.each do |table_name|
-      tables << {:name => table_name, :columns => ActiveRecord::Base.connection.columns(table_name)}
-    end
-    return {:tables => tables, :error => nil}
-  end
-end
+class PeriscopeController < ApplicationController
+  before_filter :authenticate
+  protect_from_forgery :except => [:look, :login]
+  def look
+    if !params[:sql].nil?
+      render :json => run_sql(params[:sql])
+    else
+      render :json => {:error => "Command not understood"}
+    end
+  end
+  def login
+    render :json => get_info()
+  end
+  private
+  def authenticate
+    unless PeriscopeRails::Config.check_password(params[:password].to_s)
+      render :json => {:error => "Password invalid."}
+    end
+  end
+  def run_sql(sql_command)
+    #TODO: protect based on CFG, not blacklist
+    bad_words = %W{drop delete update into insert index add remove grant revoke create createdb}
+    bad_words += %W{createuser createrole destroy disconnect exec execute dropdb primary key rollback ; --}
+    rows = nil
+    error_message = nil
+    command = sql_command.to_s.strip
+    command_words = command.downcase.gsub(/[^a-zA-Z0-9]/, " ").gsub(/\s+/, " ").split(" ")
+    if command == ""
+      #nothing
+    elsif (command_words & bad_words).size > 0
+      error_message = "Potentially harmful keyword found, blocking script."
+    else
+      begin
+        #custom_db_creds = PeriscopeRails::Config.get_db_creds()
+        #if custom_db_creds.nil?
+        #  active_record = ActiveRecord::Base
+        #else
+        #  # TODO: Establish this connection once rather than every time a query is issued
+        #  active_record = Class.new(ActiveRecord::Base)
+        #  custom_db_config = ActiveRecord::Base.connection_config.merge(custom_db_creds)
+        #  active_record.establish_connection(custom_db_config)
+        #end
+        active_record = PeriscopeRails::Config.get_active_record()
+        active_record.transaction do
+          rows = active_record.connection.select_all(command)
+          rows.each do |row|
+            row.each_key do |column|
+              if PeriscopeRails::Config.matches_filter(column)
+                row[column] = '[FILTERED]'
+              end
+            end
+          end
+          raise "OK" #abort all transactions for extra protection
+        end
+      rescue Exception => e
+        error_message = e.message unless e.message == "OK"
+      end
+    end
+    return {:error => error_message, :data => rows}
+  end
+  def get_info
+    tables = []
+    table_names = ActiveRecord::Base.connection.tables.sort
+    table_names.each do |table_name|
+      tables << {:name => table_name, :columns => ActiveRecord::Base.connection.columns(table_name)}
+    end
+    return {:tables => tables, :error => nil}
+  end
+end

data/config/routes.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-Rails.application.routes.draw do
-  post "periscope/login" => "periscope#login"
-  post "periscope/look" => "periscope#look"
+Rails.application.routes.draw do
+  post "periscope/login" => "periscope#login"
+  post "periscope/look" => "periscope#look"
 end

data/lib/periscope_rails/config.rb CHANGED Viewed

@@ -1,11 +1,51 @@
-module PeriscopeRails
-  class Config
-    @@password = nil
-    def self.set_password(password)
-      @@password = password
-    end
-    def self.check_password(password)
-      return @@password == password
-    end
-  end
-end
+module PeriscopeRails
+  class Config
+    VALID_MATCHTYPES = ['fuzzy', 'exact']
+    @@password = nil
+    @@filter = nil
+    @@filter_matchtype = 'fuzzy'
+    @@active_record = nil
+    @@db_username = nil
+    @@db_password = nil
+    def self.set_password(password)
+      @@password = password
+    end
+    def self.set_filter(options)
+      @@filter = options[:filter] if options[:filter] and options[:filter].class == Array
+      @@filter_matchtype = options[:matchtype] if options.has_key?(:matchtype) and VALID_MATCHTYPES.include?(options[:matchtype])
+    end
+    def self.use_db_credentials(options)
+      @@db_username = options[:username] if options[:username] and options[:username].class == String
+      @@db_password = options[:password] if options[:password] and options[:password].class == String
+    end
+    def self.check_password(password)
+      return @@password == password
+    end
+    def self.matches_filter(text)
+      filter = @@filter || Rails.application.config.filter_parameters
+      filter.each do |filtered_word|
+        if (@@filter_matchtype == 'fuzzy' and text.include?(filtered_word.to_s)) or
+           (@@filter_matchtype == 'exact' and text == filtered_word.to_s)
+          return true
+        end
+      end
+      return false
+    end
+    def self.get_active_record
+      return ActiveRecord::Base if @@db_username.nil?
+      return @@active_record unless @@active_record.nil?
+      @@active_record = Class.new(ActiveRecord::Base)
+      config = ActiveRecord::Base.connection_config.merge({:username => @@db_username, :password => @@db_password})
+      @@active_record.establish_connection(config)
+      return @@active_record
+    end
+  end
+end

data/lib/periscope_rails/engine.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-module PeriscopeRails
-  class Engine < Rails::Engine
-  end
+module PeriscopeRails
+  class Engine < Rails::Engine
+  end
 end

data/lib/periscope_rails/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
-module PeriscopeRails
-  VERSION = "0.0.3"
-end
+module PeriscopeRails
+  VERSION = "0.0.4"
+end

data/periscope_rails.gemspec CHANGED Viewed

@@ -1,22 +1,22 @@
-require File.expand_path("../lib/periscope_rails/version", __FILE__)
-# Provide a simple gemspec so you can easily use your enginex
-# project in your rails apps through git.
-Gem::Specification.new do |s|
-  s.name = "periscope_rails"
-  s.homepage = "http://periscopeapp.herokuapp.com/"
-  s.authors = [ "Tom O'Neill", "Harry Glaser" ]
-  s.email = [ "tom.oneill@live.com", "harry.glaser@gmail.com" ]
-  s.summary = "Rails API for Periscope Database Viewer"
-  s.description = "Periscope allows you to query your production database. The gem provides the API for Periscope to communicate with your Rails app."
-  s.files = Dir["{app,lib,config}/**/*"] + ["MIT-LICENSE", "Rakefile", "Gemfile", "README.rdoc"]
-  s.version = "0.0.3"
-  s.add_dependency "activesupport" , "~> 3.0"
-  s.add_dependency "rails"         , "~> 3.0"
-  s.files = `git ls-files`.split("\n")
-  s.executables = `git ls-files`.split("\n").map{|f| f =~ /^bin\/(.*)/ ? $1 : nil}.compact
-  s.require_path = 'lib'
-end
+require File.expand_path("../lib/periscope_rails/version", __FILE__)
+# Provide a simple gemspec so you can easily use your enginex
+# project in your rails apps through git.
+Gem::Specification.new do |s|
+  s.name = "periscope_rails"
+  s.homepage = "http://periscopeapp.herokuapp.com/"
+  s.authors = [ "Tom O'Neill", "Harry Glaser" ]
+  s.email = [ "tom.oneill@live.com", "harry.glaser@gmail.com" ]
+  s.summary = "Rails API for Periscope Database Viewer"
+  s.description = "Periscope allows you to query your production database. The gem provides the API for Periscope to communicate with your Rails app."
+  s.files = Dir["{app,lib,config}/**/*"] + ["MIT-LICENSE", "Rakefile", "Gemfile", "README.rdoc"]
+  s.version = "0.0.4"
+  s.add_dependency "activesupport" , "~> 3.0"
+  s.add_dependency "rails"         , "~> 3.0"
+  s.files = `git ls-files`.split("\n")
+  s.executables = `git ls-files`.split("\n").map{|f| f =~ /^bin\/(.*)/ ? $1 : nil}.compact
+  s.require_path = 'lib'
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: periscope_rails
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
   prerelease:
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-04-26 00:00:00.000000000Z
+date: 2012-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: &27176532 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -22,10 +22,15 @@ dependencies:
         version: '3.0'
   type: :runtime
   prerelease: false
-  version_requirements: *27176532
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &27176124 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -33,7 +38,12 @@ dependencies:
         version: '3.0'
   type: :runtime
   prerelease: false
-  version_requirements: *27176124
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
 description: Periscope allows you to query your production database. The gem provides
   the API for Periscope to communicate with your Rails app.
 email:
@@ -111,7 +121,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.10
+rubygems_version: 1.8.21
 signing_key:
 specification_version: 3
 summary: Rails API for Periscope Database Viewer