periscope_rails 0.0.4 → 0.0.5

data/Gemfile.lock

@@ -1,94 +1,92 @@
-PATH
-  remote: .
-  specs:
-    periscope_rails (0.0.1)
-      activesupport (~> 3.1.3)
-      rails (~> 3.1.3)
-
-GEM
-  remote: http://rubygems.org/
-  specs:
-    actionmailer (3.1.3)
-      actionpack (= 3.1.3)
-      mail (~> 2.3.0)
-    actionpack (3.1.3)
-      activemodel (= 3.1.3)
-      activesupport (= 3.1.3)
-      builder (~> 3.0.0)
-      erubis (~> 2.7.0)
-      i18n (~> 0.6)
-      rack (~> 1.3.5)
-      rack-cache (~> 1.1)
-      rack-mount (~> 0.8.2)
-      rack-test (~> 0.6.1)
-      sprockets (~> 2.0.3)
-    activemodel (3.1.3)
-      activesupport (= 3.1.3)
-      builder (~> 3.0.0)
-      i18n (~> 0.6)
-    activerecord (3.1.3)
-      activemodel (= 3.1.3)
-      activesupport (= 3.1.3)
-      arel (~> 2.2.1)
-      tzinfo (~> 0.3.29)
-    activeresource (3.1.3)
-      activemodel (= 3.1.3)
-      activesupport (= 3.1.3)
-    activesupport (3.1.3)
-      multi_json (~> 1.0)
-    arel (2.2.1)
-    builder (3.0.0)
-    erubis (2.7.0)
-    hike (1.2.1)
-    i18n (0.6.0)
-    json (1.6.5)
-    mail (2.3.0)
-      i18n (>= 0.4.0)
-      mime-types (~> 1.16)
-      treetop (~> 1.4.8)
-    mime-types (1.17.2)
-    multi_json (1.1.0)
-    polyglot (0.3.3)
-    rack (1.3.6)
-    rack-cache (1.1)
-      rack (>= 0.4)
-    rack-mount (0.8.3)
-      rack (>= 1.0.0)
-    rack-ssl (1.3.2)
-      rack
-    rack-test (0.6.1)
-      rack (>= 1.0)
-    rails (3.1.3)
-      actionmailer (= 3.1.3)
-      actionpack (= 3.1.3)
-      activerecord (= 3.1.3)
-      activeresource (= 3.1.3)
-      activesupport (= 3.1.3)
-      bundler (~> 1.0)
-      railties (= 3.1.3)
-    railties (3.1.3)
-      actionpack (= 3.1.3)
-      activesupport (= 3.1.3)
-      rack-ssl (~> 1.3.2)
-      rake (>= 0.8.7)
-      rdoc (~> 3.4)
-      thor (~> 0.14.6)
-    rake (0.9.2.2)
-    rdoc (3.12)
-      json (~> 1.4)
-    sprockets (2.0.3)
-      hike (~> 1.2)
-      rack (~> 1.0)
-      tilt (~> 1.1, != 1.3.0)
-    thor (0.14.6)
-    tilt (1.3.3)
-    treetop (1.4.10)
-      polyglot
-      polyglot (>= 0.3.1)
-    tzinfo (0.3.31)
-
-PLATFORMS
-  x86-mingw32
-
-DEPENDENCIES
-  periscope_rails!
+PATH
+  remote: .
+  specs:
+    periscope_rails (0.0.5)
+      activesupport (~> 3.0)
+      rails (~> 3.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionmailer (3.2.3)
+      actionpack (= 3.2.3)
+      mail (~> 2.4.4)
+    actionpack (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.1)
+      rack (~> 1.4.0)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.1.2)
+    activemodel (3.2.3)
+      activesupport (= 3.2.3)
+      builder (~> 3.0.0)
+    activerecord (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.3)
+      activemodel (= 3.2.3)
+      activesupport (= 3.2.3)
+    activesupport (3.2.3)
+      i18n (~> 0.6)
+      multi_json (~> 1.0)
+    arel (3.0.2)
+    builder (3.0.0)
+    erubis (2.7.0)
+    hike (1.2.1)
+    i18n (0.6.0)
+    journey (1.0.3)
+    json (1.6.6)
+    mail (2.4.4)
+      i18n (>= 0.4.0)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.18)
+    multi_json (1.3.2)
+    polyglot (0.3.3)
+    rack (1.4.1)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.2)
+      rack
+    rack-test (0.6.1)
+      rack (>= 1.0)
+    rails (3.2.3)
+      actionmailer (= 3.2.3)
+      actionpack (= 3.2.3)
+      activerecord (= 3.2.3)
+      activeresource (= 3.2.3)
+      activesupport (= 3.2.3)
+      bundler (~> 1.0)
+      railties (= 3.2.3)
+    railties (3.2.3)
+      actionpack (= 3.2.3)
+      activesupport (= 3.2.3)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (~> 0.14.6)
+    rake (0.9.2.2)
+    rdoc (3.12)
+      json (~> 1.4)
+    sprockets (2.1.2)
+      hike (~> 1.2)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    thor (0.14.6)
+    tilt (1.3.3)
+    treetop (1.4.10)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.33)
+
+PLATFORMS
+  x86-mingw32
+
+DEPENDENCIES
+  periscope_rails!

data/app/periscope/periscope_controller.rb

@@ -1,76 +1,83 @@
-class PeriscopeController < ApplicationController
-  before_filter :authenticate
-  protect_from_forgery :except => [:look, :login]
-
-  def look
-    if !params[:sql].nil?
-      render :json => run_sql(params[:sql])
-    else
-      render :json => {:error => "Command not understood"}
-    end
-  end
-
-  def login
-    render :json => get_info()
-  end
-
-  private
-
-  def authenticate
-    unless PeriscopeRails::Config.check_password(params[:password].to_s)
-      render :json => {:error => "Password invalid."}
-    end
-  end
-
-  def run_sql(sql_command)
-    #TODO: protect based on CFG, not blacklist
-    bad_words = %W{drop delete update into insert index add remove grant revoke create createdb}
-    bad_words += %W{createuser createrole destroy disconnect exec execute dropdb primary key rollback ; --}
-
-    rows = nil
-    error_message = nil
-    command = sql_command.to_s.strip
-    command_words = command.downcase.gsub(/[^a-zA-Z0-9]/, " ").gsub(/\s+/, " ").split(" ")
-    if command == ""
-      #nothing
-    elsif (command_words & bad_words).size > 0
-      error_message = "Potentially harmful keyword found, blocking script."
-    else
-      begin
-        #custom_db_creds = PeriscopeRails::Config.get_db_creds()
-        #if custom_db_creds.nil?
-        #  active_record = ActiveRecord::Base
-        #else
-        #  # TODO: Establish this connection once rather than every time a query is issued
-        #  active_record = Class.new(ActiveRecord::Base)
-        #  custom_db_config = ActiveRecord::Base.connection_config.merge(custom_db_creds)
-        #  active_record.establish_connection(custom_db_config)
-        #end
-        active_record = PeriscopeRails::Config.get_active_record()
-        active_record.transaction do
-          rows = active_record.connection.select_all(command)
-          rows.each do |row|
-            row.each_key do |column|
-              if PeriscopeRails::Config.matches_filter(column)
-                row[column] = '[FILTERED]'
-              end
-            end
-          end
-          raise "OK" #abort all transactions for extra protection
-        end
-      rescue Exception => e
-        error_message = e.message unless e.message == "OK"
-      end
-    end
-    return {:error => error_message, :data => rows}
-  end
-
-  def get_info
-    tables = []
-    table_names = ActiveRecord::Base.connection.tables.sort
-    table_names.each do |table_name|
-      tables << {:name => table_name, :columns => ActiveRecord::Base.connection.columns(table_name)}
-    end
-    return {:tables => tables, :error => nil}
-  end
-end
+class PeriscopeController < ActionController::Base
+  before_filter :authenticate
+  protect_from_forgery :except => [:look, :login]
+
+  def look
+    if !params[:sql].nil?
+      render :json => run_sql(params[:sql])
+    else
+      render :json => {:error => "Command not understood"}
+    end
+  end
+
+  def login
+    render :json => get_info()
+  end
+
+  private
+
+  def authenticate
+    unless PeriscopeRails::Config.check_password(params[:password].to_s)
+      render :json => {:error => "Password invalid."}
+    end
+  end
+
+  def run_sql(sql_command)
+    #TODO: protect based on CFG, not blacklist
+    bad_words = %W{drop delete update into insert index add remove grant revoke create createdb}
+    bad_words += %W{createuser createrole destroy disconnect exec execute dropdb primary key rollback ; --}
+
+    rows = nil
+    error_message = nil
+    command = sql_command.to_s.strip
+    command_words = command.downcase.gsub(/[^a-zA-Z0-9]/, " ").gsub(/\s+/, " ").split(" ")
+    if command == ""
+      #nothing
+    elsif (command_words & bad_words).size > 0
+      error_message = "Potentially harmful keyword found, blocking script."
+    else
+      begin
+        active_record = PeriscopeRails::Config.get_active_record()
+        active_record.transaction do
+          if PeriscopeRails::Config.block_expensive_queries?
+            cost_row = ""
+            begin
+              cost_row = active_record.connection.select_all("explain #{command}")[0]["QUERY PLAN"]
+            rescue
+              puts "Warning: Periscope was unable to cost this query (1): #{command}"
+            end
+            cost_row =~ /rows=(\d+) width=(\d+)\)$/
+            row_count, width = $1.to_i, $2.to_i
+            if row_count > 0 and width > 0
+              raise "Command blocked, it may be too slow. Estimated at #{row_count} rows, commands must return fewer than #{PeriscopeRails::Config.max_rows} rows." if row_count > PeriscopeRails::Config.max_rows
+              raise "Command blocked, it may be too slow. Estimated at #{row_count * width} bytes, commands use less than #{PeriscopeRails::Config.max_size} bytes." if row_count * width > PeriscopeRails::Config.max_size
+            else
+              puts "Warning: Periscope was unable to cost this query (2): #{command}"
+            end
+          end
+          rows = active_record.connection.select_all(command)
+          rows.each do |row|
+            row.each_key do |column|
+              if PeriscopeRails::Config.matches_filter(column)
+                row[column] = '[FILTERED]'
+              end
+            end
+          end
+          raise "OK" #abort all transactions for extra protection
+        end
+      rescue Exception => e
+        error_message = e.message unless e.message == "OK"
+      end
+    end
+    return {:error => error_message, :data => rows}
+  end
+
+  def get_info
+    tables = []
+    table_names = ActiveRecord::Base.connection.tables.sort
+    table_names.each do |table_name|
+      tables << {:name => table_name, :columns => ActiveRecord::Base.connection.columns(table_name)}
+    end
+    return {:tables => tables, :error => nil}
+  end
+end

data/config/routes.rb

@@ -1,4 +1,4 @@
-Rails.application.routes.draw do
-  post "periscope/login" => "periscope#login"
-  post "periscope/look" => "periscope#look"
+Rails.application.routes.draw do
+  post "periscope/login" => "periscope#login"
+  post "periscope/look" => "periscope#look"
 end

data/lib/periscope_rails/config.rb

@@ -1,51 +1,58 @@
-module PeriscopeRails
-  class Config
-    VALID_MATCHTYPES = ['fuzzy', 'exact']
-    
-    @@password = nil
-    @@filter = nil
-    @@filter_matchtype = 'fuzzy'
-    @@active_record = nil 
-    @@db_username = nil
-    @@db_password = nil
-
-    def self.set_password(password)
-      @@password = password
-    end
-    
-    def self.set_filter(options)
-      @@filter = options[:filter] if options[:filter] and options[:filter].class == Array
-      @@filter_matchtype = options[:matchtype] if options.has_key?(:matchtype) and VALID_MATCHTYPES.include?(options[:matchtype])
-    end
-
-    def self.use_db_credentials(options)
-      @@db_username = options[:username] if options[:username] and options[:username].class == String
-      @@db_password = options[:password] if options[:password] and options[:password].class == String
-    end
-    
-    def self.check_password(password)
-      return @@password == password
-    end
-    
-    def self.matches_filter(text)
-      filter = @@filter || Rails.application.config.filter_parameters
-      filter.each do |filtered_word|
-        if (@@filter_matchtype == 'fuzzy' and text.include?(filtered_word.to_s)) or
-           (@@filter_matchtype == 'exact' and text == filtered_word.to_s)
-          return true
-        end
-      end
-      return false
-    end
-  
-    def self.get_active_record
-      return ActiveRecord::Base if @@db_username.nil?
-      return @@active_record unless @@active_record.nil?
-      @@active_record = Class.new(ActiveRecord::Base)
-      config = ActiveRecord::Base.connection_config.merge({:username => @@db_username, :password => @@db_password})
-      @@active_record.establish_connection(config)
-      return @@active_record
-    end
-
-  end
-end
+module PeriscopeRails
+  class Config
+    VALID_MATCHTYPES = ['fuzzy', 'exact']
+    
+    @@password = nil
+    @@filter = nil
+    @@filter_matchtype = 'fuzzy'
+    @@active_record = nil 
+    @@db_username = nil
+    @@db_password = nil
+
+    @@block_expensive_queries = true
+    @@max_rows = 1000
+    @@max_size = @@max_rows * 500
+
+    def self.set_password(password)
+      @@password = password
+    end
+    
+    def self.set_filter(options)
+      @@filter = options[:filter] if options[:filter] and options[:filter].class == Array
+      @@filter_matchtype = options[:matchtype] if options.has_key?(:matchtype) and VALID_MATCHTYPES.include?(options[:matchtype])
+    end
+
+    def self.use_db_credentials(options)
+      @@db_username = options[:username] if options[:username] and options[:username].class == String
+      @@db_password = options[:password] if options[:password] and options[:password].class == String
+    end
+    
+    def self.check_password(password)
+      return @@password == password
+    end
+    
+    def self.matches_filter(text)
+      filter = @@filter || Rails.application.config.filter_parameters
+      filter.each do |filtered_word|
+        if (@@filter_matchtype == 'fuzzy' and text.include?(filtered_word.to_s)) or
+           (@@filter_matchtype == 'exact' and text == filtered_word.to_s)
+          return true
+        end
+      end
+      return false
+    end
+  
+    def self.get_active_record
+      return ActiveRecord::Base if @@db_username.nil?
+      return @@active_record unless @@active_record.nil?
+      @@active_record = Class.new(ActiveRecord::Base)
+      config = ActiveRecord::Base.connection_config.merge({:username => @@db_username, :password => @@db_password})
+      @@active_record.establish_connection(config)
+      return @@active_record
+    end
+
+    def self.block_expensive_queries?; return @@block_expensive_queries; end
+    def self.max_rows; return @@max_rows; end
+    def self.max_size; return @@max_size; end
+  end
+end

data/lib/periscope_rails/engine.rb

@@ -1,4 +1,4 @@
-module PeriscopeRails
-  class Engine < Rails::Engine
-  end
+module PeriscopeRails
+  class Engine < Rails::Engine
+  end
 end

data/lib/periscope_rails/version.rb

@@ -1,3 +1,3 @@
-module PeriscopeRails
-  VERSION = "0.0.4"
-end
+module PeriscopeRails
+  VERSION = "0.0.5"
+end

data/periscope_rails.gemspec

@@ -1,22 +1,22 @@
-require File.expand_path("../lib/periscope_rails/version", __FILE__)
-
-# Provide a simple gemspec so you can easily use your enginex
-# project in your rails apps through git.
-Gem::Specification.new do |s|
-  s.name = "periscope_rails"
-  s.homepage = "http://periscopeapp.herokuapp.com/"
-  s.authors = [ "Tom O'Neill", "Harry Glaser" ]
-  s.email = [ "tom.oneill@live.com", "harry.glaser@gmail.com" ]
-
-  s.summary = "Rails API for Periscope Database Viewer"
-  s.description = "Periscope allows you to query your production database. The gem provides the API for Periscope to communicate with your Rails app."
-  s.files = Dir["{app,lib,config}/**/*"] + ["MIT-LICENSE", "Rakefile", "Gemfile", "README.rdoc"]
-  s.version = "0.0.4"
-
-  s.add_dependency "activesupport" , "~> 3.0"
-  s.add_dependency "rails"         , "~> 3.0"
-
-  s.files = `git ls-files`.split("\n")
-  s.executables = `git ls-files`.split("\n").map{|f| f =~ /^bin\/(.*)/ ? $1 : nil}.compact
-  s.require_path = 'lib'
-end
+require File.expand_path("../lib/periscope_rails/version", __FILE__)
+
+# Provide a simple gemspec so you can easily use your enginex
+# project in your rails apps through git.
+Gem::Specification.new do |s|
+  s.name = "periscope_rails"
+  s.homepage = "http://periscopeapp.herokuapp.com/"
+  s.authors = [ "Tom O'Neill", "Harry Glaser" ]
+  s.email = [ "tom.oneill@live.com", "harry.glaser@gmail.com" ]
+
+  s.summary = "Rails API for Periscope Database Viewer"
+  s.description = "Periscope allows you to query your production database. The gem provides the API for Periscope to communicate with your Rails app."
+  s.files = Dir["{app,lib,config}/**/*"] + ["MIT-LICENSE", "Rakefile", "Gemfile", "README.rdoc"]
+  s.version = "0.0.5"
+
+  s.add_dependency "activesupport" , "~> 3.0"
+  s.add_dependency "rails"         , "~> 3.0"
+
+  s.files = `git ls-files`.split("\n")
+  s.executables = `git ls-files`.split("\n").map{|f| f =~ /^bin\/(.*)/ ? $1 : nil}.compact
+  s.require_path = 'lib'
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: periscope_rails
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.5
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-29 00:00:00.000000000 Z
+date: 2012-05-10 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &26545716 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -22,15 +22,10 @@ dependencies:
         version: '3.0'
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '3.0'
+  version_requirements: *26545716
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &26545428 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -38,12 +33,7 @@ dependencies:
         version: '3.0'
   type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ~>
-      - !ruby/object:Gem::Version
-        version: '3.0'
+  version_requirements: *26545428
 description: Periscope allows you to query your production database. The gem provides
   the API for Periscope to communicate with your Rails app.
 email:
@@ -121,7 +111,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.21
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: Rails API for Periscope Database Viewer