rails_console_shield 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 677ad7893e0d9732cdcc2783bec2e344d7bb163c1df45baadd8007c3068d3b9a
4
+ data.tar.gz: b5dd57b7f17b428800237a6ebad793b5dd25e5a37b2d217c923264f162233c37
5
+ SHA512:
6
+ metadata.gz: 6880f14cf393de510f34b3965f3392d0b26de92d38177f580520a7beb7638629f863eccdbb62bae903af506c7bf4e003a837d8fcff812028a49742dcdd56fa30
7
+ data.tar.gz: db0fc2dcf021dfc3397f23d368a9eb97b2a1d7542d6478167e6ce38ca1efedf948560229d52b465e069fb6d877186af5909feeb04f8c5cdb27475436449d8c27
@@ -0,0 +1,14 @@
1
+ /.bundle/
2
+ /.yardoc
3
+ /_yardoc/
4
+ /coverage/
5
+ /doc/
6
+ /pkg/
7
+ /spec/reports/
8
+ /tmp/
9
+
10
+ # rspec failure tracking
11
+ .rspec_status
12
+
13
+ /vendor/bundle
14
+ Gemfile.lock
data/.rspec ADDED
@@ -0,0 +1,3 @@
1
+ --format documentation
2
+ --color
3
+ --require spec_helper
@@ -0,0 +1,74 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ In the interest of fostering an open and welcoming environment, we as
6
+ contributors and maintainers pledge to making participation in our project and
7
+ our community a harassment-free experience for everyone, regardless of age, body
8
+ size, disability, ethnicity, gender identity and expression, level of experience,
9
+ nationality, personal appearance, race, religion, or sexual identity and
10
+ orientation.
11
+
12
+ ## Our Standards
13
+
14
+ Examples of behavior that contributes to creating a positive environment
15
+ include:
16
+
17
+ * Using welcoming and inclusive language
18
+ * Being respectful of differing viewpoints and experiences
19
+ * Gracefully accepting constructive criticism
20
+ * Focusing on what is best for the community
21
+ * Showing empathy towards other community members
22
+
23
+ Examples of unacceptable behavior by participants include:
24
+
25
+ * The use of sexualized language or imagery and unwelcome sexual attention or
26
+ advances
27
+ * Trolling, insulting/derogatory comments, and personal or political attacks
28
+ * Public or private harassment
29
+ * Publishing others' private information, such as a physical or electronic
30
+ address, without explicit permission
31
+ * Other conduct which could reasonably be considered inappropriate in a
32
+ professional setting
33
+
34
+ ## Our Responsibilities
35
+
36
+ Project maintainers are responsible for clarifying the standards of acceptable
37
+ behavior and are expected to take appropriate and fair corrective action in
38
+ response to any instances of unacceptable behavior.
39
+
40
+ Project maintainers have the right and responsibility to remove, edit, or
41
+ reject comments, commits, code, wiki edits, issues, and other contributions
42
+ that are not aligned to this Code of Conduct, or to ban temporarily or
43
+ permanently any contributor for other behaviors that they deem inappropriate,
44
+ threatening, offensive, or harmful.
45
+
46
+ ## Scope
47
+
48
+ This Code of Conduct applies both within project spaces and in public spaces
49
+ when an individual is representing the project or its community. Examples of
50
+ representing a project or community include using an official project e-mail
51
+ address, posting via an official social media account, or acting as an appointed
52
+ representative at an online or offline event. Representation of a project may be
53
+ further defined and clarified by project maintainers.
54
+
55
+ ## Enforcement
56
+
57
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
58
+ reported by contacting the project team at lala.akira@gmail.com. All
59
+ complaints will be reviewed and investigated and will result in a response that
60
+ is deemed necessary and appropriate to the circumstances. The project team is
61
+ obligated to maintain confidentiality with regard to the reporter of an incident.
62
+ Further details of specific enforcement policies may be posted separately.
63
+
64
+ Project maintainers who do not follow or enforce the Code of Conduct in good
65
+ faith may face temporary or permanent repercussions as determined by other
66
+ members of the project's leadership.
67
+
68
+ ## Attribution
69
+
70
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
71
+ available at [http://contributor-covenant.org/version/1/4][version]
72
+
73
+ [homepage]: http://contributor-covenant.org
74
+ [version]: http://contributor-covenant.org/version/1/4/
data/Gemfile ADDED
@@ -0,0 +1,6 @@
1
+ source "https://rubygems.org"
2
+
3
+ git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
4
+
5
+ # Specify your gem's dependencies in rails_console_shield.gemspec
6
+ gemspec
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2020 aki
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
@@ -0,0 +1,42 @@
1
+ # RailsConsoleShield
2
+
3
+ Make your production rails console more secure!
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ ```ruby
10
+ gem 'rails_console_shield'
11
+ ```
12
+
13
+ And then execute:
14
+
15
+ $ bundle
16
+
17
+ Or install it yourself as:
18
+
19
+ $ gem install rails_console_shield
20
+
21
+ ## Usage
22
+
23
+ Set the production console to sandbox mode by default.\
24
+ To disable it, run it with the --no-sandbox option.
25
+
26
+ ```
27
+ bin/rails console --no-sandbox
28
+ ```
29
+
30
+ ![Demo](https://i.gyazo.com/a92364252211e4a9bb6be08da6456f0e.png)
31
+
32
+ ## License
33
+
34
+ The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
35
+
36
+ ## Code of Conduct
37
+
38
+ Everyone interacting in the RailsConsoleShield project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/aki77/rails_console_shield/blob/master/CODE_OF_CONDUCT.md).
39
+
40
+ ## Acknowledgements
41
+
42
+ This is a lite and refactored version of [safer_rails_console](https://github.com/salsify/safer_rails_console)
@@ -0,0 +1,6 @@
1
+ require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
@@ -0,0 +1,14 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require "bundler/setup"
4
+ require "rails_console_shield"
5
+
6
+ # You can add fixtures and/or initialization code here to make experimenting
7
+ # with your gem easier. You can also use a different console, if you like.
8
+
9
+ # (If you use this, don't forget to add pry to your Gemfile!)
10
+ # require "pry"
11
+ # Pry.start
12
+
13
+ require "irb"
14
+ IRB.start(__FILE__)
@@ -0,0 +1,8 @@
1
+ #!/usr/bin/env bash
2
+ set -euo pipefail
3
+ IFS=$'\n\t'
4
+ set -vx
5
+
6
+ bundle install
7
+
8
+ # Do any other automated setup that you need to do here
@@ -0,0 +1,24 @@
1
+ require 'rails_console_shield/version'
2
+ require 'rails_console_shield/railtie'
3
+ require 'rails_console_shield/configuration'
4
+ require 'rails_console_shield/colors'
5
+
6
+ module RailsConsoleShield
7
+ class << self
8
+ def configure
9
+ yield(configuration)
10
+ end
11
+
12
+ def configuration
13
+ @configuration ||= Configuration.new
14
+ end
15
+
16
+ def shield_environment?
17
+ configuration.shield_environments.include?(::Rails.env)
18
+ end
19
+
20
+ def prompt_color
21
+ configuration.environment_prompt_colors.fetch(::Rails.env.to_sym) { :none }
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,22 @@
1
+ module RailsConsoleShield
2
+ module Colors
3
+ COLORS = {
4
+ none: 0,
5
+ black: 30,
6
+ red: 31,
7
+ green: 32,
8
+ yellow: 33,
9
+ blue: 34,
10
+ pink: 35,
11
+ cyan: 36,
12
+ white: 37,
13
+ }.freeze
14
+
15
+ module_function
16
+
17
+ def color_text(text, color)
18
+ color_code = COLORS.fetch(color.to_sym) { COLORS[:none] }
19
+ "\e[#{color_code}m#{text}\e[0m"
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,21 @@
1
+ module RailsConsoleShield
2
+ class Configuration
3
+ attr_accessor :environment_prompt_colors, :warn_text, :shield_environments
4
+
5
+ def initialize
6
+ self.environment_prompt_colors = {
7
+ development: :green,
8
+ staging: :yellow,
9
+ production: :red,
10
+ }
11
+
12
+ self.warn_text =<<~TEXT
13
+ WARNING: YOU ARE USING RAILS CONSOLE IN PRODUCTION!
14
+ Changing data can cause serious data loss.
15
+ Make sure you know what you're doing.
16
+ TEXT
17
+
18
+ self.shield_environments = %w[production]
19
+ end
20
+ end
21
+ end
@@ -0,0 +1,26 @@
1
+ require 'rails_console_shield/colors'
2
+
3
+ module RailsConsoleShield
4
+ module Console
5
+ class << self
6
+ include Colors
7
+
8
+ def print_warning
9
+ puts color_text(RailsConsoleShield.configuration.warn_text)
10
+ end
11
+
12
+ def print_sandbox
13
+ puts color_text(<<~TEXT)
14
+ Sets the console to sandbox mode by default.
15
+ To disable it, run it with the --no-sandbox option.
16
+ TEXT
17
+ end
18
+
19
+ private
20
+
21
+ def color_text(text)
22
+ Colors.color_text(text, RailsConsoleShield.prompt_color)
23
+ end
24
+ end
25
+ end
26
+ end
@@ -0,0 +1,18 @@
1
+ include RailsConsoleShield::Colors
2
+
3
+ app_name = Rails.application.class.module_parent.to_s.underscore.dasherize
4
+ env_name = Rails.env
5
+ sandbox = ::Rails.application.sandbox? ? '(sandbox)' : ''
6
+ color = RailsConsoleShield.prompt_color
7
+
8
+ prompt = "#{app_name}(#{env_name})#{sandbox}:%03n:%i"
9
+
10
+ IRB.conf[:PROMPT][:RAILS_ENV] = {
11
+ PROMPT_I: color_text("#{prompt}> ", color),
12
+ PROMPT_N: color_text("#{prompt}> ", color),
13
+ PROMPT_S: color_text("#{prompt}%l ", color),
14
+ PROMPT_C: color_text("#{prompt}* ", color),
15
+ RETURN: color_text('=> ', color).concat("%s\n")
16
+ }
17
+
18
+ IRB.conf[:PROMPT_MODE] = :RAILS_ENV
@@ -0,0 +1,12 @@
1
+ module RailsConsoleShield
2
+ module ConsoleCommandExtension
3
+ def initialize(args = [], local_options = {}, config = {})
4
+ super(args, local_options, config)
5
+
6
+ env = options[:environment] || Rails.env
7
+ if RailsConsoleShield.configuration.shield_environments.include?(env) && !local_options.include?('--no-sandbox')
8
+ self.options = options.merge(sandbox: true)
9
+ end
10
+ end
11
+ end
12
+ end
@@ -0,0 +1,26 @@
1
+ require 'rails/railtie'
2
+ require 'rails_console_shield/console'
3
+ require 'rails_console_shield/console_command_extension'
4
+
5
+ module RailsConsoleShield
6
+ class Railtie < Rails::Railtie
7
+ include RailsConsoleShield::Colors
8
+
9
+ console do |app|
10
+ if RailsConsoleShield.shield_environment?
11
+ Console.print_sandbox if app.sandbox?
12
+ Console.print_warning
13
+ end
14
+
15
+ unless ARGV.include?('-r')
16
+ ARGV.push '-r', File.expand_path('./console/irbrc.rb', __dir__)
17
+ end
18
+ end
19
+
20
+ config.after_initialize do
21
+ require 'rails/command'
22
+ require 'rails/commands/console/console_command'
23
+ Rails::Command::ConsoleCommand.prepend ConsoleCommandExtension
24
+ end
25
+ end
26
+ end
@@ -0,0 +1,3 @@
1
+ module RailsConsoleShield
2
+ VERSION = '0.1.0'
3
+ end
@@ -0,0 +1,29 @@
1
+ lib = File.expand_path("../lib", __FILE__)
2
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
3
+ require "rails_console_shield/version"
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = "rails_console_shield"
7
+ spec.version = RailsConsoleShield::VERSION
8
+ spec.authors = ["aki77"]
9
+ spec.email = ["aki77@users.noreply.github.com"]
10
+
11
+ spec.summary = %q{Make your production rails console more secure!}
12
+ spec.description = %q{Make your production rails console more secure!}
13
+ spec.homepage = "https://github.com/aki77/rails_console_shield"
14
+ spec.license = "MIT"
15
+
16
+ # Specify which files should be added to the gem when it is released.
17
+ # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
18
+ spec.files = Dir.chdir(File.expand_path('..', __FILE__)) do
19
+ `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
20
+ end
21
+ spec.bindir = "exe"
22
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
23
+ spec.require_paths = ["lib"]
24
+
25
+ spec.add_dependency "rails", ">= 6.0.0"
26
+ spec.add_development_dependency "bundler"
27
+ spec.add_development_dependency "rake"
28
+ spec.add_development_dependency "rspec"
29
+ end
metadata ADDED
@@ -0,0 +1,117 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: rails_console_shield
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - aki77
8
+ autorequire:
9
+ bindir: exe
10
+ cert_chain: []
11
+ date: 2020-05-17 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: rails
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 6.0.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: 6.0.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: bundler
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: '0'
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rake
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ">="
46
+ - !ruby/object:Gem::Version
47
+ version: '0'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: '0'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rspec
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - ">="
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: '0'
69
+ description: Make your production rails console more secure!
70
+ email:
71
+ - aki77@users.noreply.github.com
72
+ executables: []
73
+ extensions: []
74
+ extra_rdoc_files: []
75
+ files:
76
+ - ".gitignore"
77
+ - ".rspec"
78
+ - CODE_OF_CONDUCT.md
79
+ - Gemfile
80
+ - LICENSE.txt
81
+ - README.md
82
+ - Rakefile
83
+ - bin/console
84
+ - bin/setup
85
+ - lib/rails_console_shield.rb
86
+ - lib/rails_console_shield/colors.rb
87
+ - lib/rails_console_shield/configuration.rb
88
+ - lib/rails_console_shield/console.rb
89
+ - lib/rails_console_shield/console/irbrc.rb
90
+ - lib/rails_console_shield/console_command_extension.rb
91
+ - lib/rails_console_shield/railtie.rb
92
+ - lib/rails_console_shield/version.rb
93
+ - rails_console_shield.gemspec
94
+ homepage: https://github.com/aki77/rails_console_shield
95
+ licenses:
96
+ - MIT
97
+ metadata: {}
98
+ post_install_message:
99
+ rdoc_options: []
100
+ require_paths:
101
+ - lib
102
+ required_ruby_version: !ruby/object:Gem::Requirement
103
+ requirements:
104
+ - - ">="
105
+ - !ruby/object:Gem::Version
106
+ version: '0'
107
+ required_rubygems_version: !ruby/object:Gem::Requirement
108
+ requirements:
109
+ - - ">="
110
+ - !ruby/object:Gem::Version
111
+ version: '0'
112
+ requirements: []
113
+ rubygems_version: 3.1.2
114
+ signing_key:
115
+ specification_version: 4
116
+ summary: Make your production rails console more secure!
117
+ test_files: []