safer_rails_console 0.7.0 → 0.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +20 -18
- data/.github/CODEOWNERS +1 -1
- data/.gitignore +2 -0
- data/.rubocop.yml +1 -1
- data/Appraisals +3 -7
- data/CHANGELOG.md +8 -0
- data/README.md +1 -1
- data/gemfiles/6.1.gemfile +1 -1
- data/gemfiles/7.0.gemfile +1 -1
- data/gemfiles/7.1.gemfile +1 -1
- data/lib/safer_rails_console/patches/sandbox/auto_rollback.rb +17 -3
- data/lib/safer_rails_console/patches/sandbox/transaction_read_only.rb +14 -0
- data/lib/safer_rails_console/version.rb +1 -1
- data/safer_rails_console.gemspec +3 -2
- metadata +19 -6
- data/gemfiles/6.0.gemfile +0 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6caeae2629c2967125e660f9982a42cdcb8be7bfeda001ef4d749c48163327fe
|
|
4
|
+
data.tar.gz: 479df9dd872a07f3af1e743e787acc6689587ff686badcd8de9da40592b545d4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 689bfbb1b371f75543b4d724fc211c3da712f5c624df301446c83b327863ab9b24edfe50f824fbf4d287b645db334714c098c0643b62a5c8ae171992afc4da65
|
|
7
|
+
data.tar.gz: f24a500572bb7fec95dca9c875566da11eb77d3e4ba11070ff561eb8b6dedcbeff4254fef29f97a2f9d9637d1bf16b6e04f2558cda04213332a9d223afd52ee2
|
data/.circleci/config.yml
CHANGED
|
@@ -2,14 +2,14 @@ version: 2.1
|
|
|
2
2
|
jobs:
|
|
3
3
|
lint:
|
|
4
4
|
docker:
|
|
5
|
-
- image: cimg/ruby:
|
|
5
|
+
- image: cimg/ruby:3.0.6
|
|
6
6
|
working_directory: ~/safer_rails_console
|
|
7
7
|
steps:
|
|
8
8
|
- checkout
|
|
9
9
|
- restore_cache:
|
|
10
10
|
keys:
|
|
11
|
-
- v2-gems-ruby-
|
|
12
|
-
- v2-gems-ruby-
|
|
11
|
+
- v2-gems-ruby-3.0.6-{{ checksum "safer_rails_console.gemspec" }}-{{ checksum "Gemfile" }}
|
|
12
|
+
- v2-gems-ruby-3.0.6-
|
|
13
13
|
- run:
|
|
14
14
|
name: Install Gems
|
|
15
15
|
command: |
|
|
@@ -18,7 +18,7 @@ jobs:
|
|
|
18
18
|
bundle clean
|
|
19
19
|
fi
|
|
20
20
|
- save_cache:
|
|
21
|
-
key: v2-gems-ruby-
|
|
21
|
+
key: v2-gems-ruby-3.0.6-{{ checksum "safer_rails_console.gemspec" }}-{{ checksum "Gemfile" }}
|
|
22
22
|
paths:
|
|
23
23
|
- "vendor/bundle"
|
|
24
24
|
- "gemfiles/vendor/bundle"
|
|
@@ -36,11 +36,16 @@ jobs:
|
|
|
36
36
|
environment:
|
|
37
37
|
CIRCLE_TEST_REPORTS: "test-results"
|
|
38
38
|
BUNDLE_GEMFILE: "/home/circleci/safer_rails_console/<< parameters.gemfile >>"
|
|
39
|
-
- image: cimg/postgres:
|
|
39
|
+
- image: cimg/postgres:14.7
|
|
40
40
|
environment:
|
|
41
41
|
POSTGRES_USER: "circleci"
|
|
42
42
|
POSTGRES_DB: "safer_rails_console_test"
|
|
43
43
|
POSTGRES_HOST_AUTH_METHOD: "trust"
|
|
44
|
+
- image: cimg/mysql:8.0
|
|
45
|
+
environment:
|
|
46
|
+
MYSQL_DATABASE: "safer_rails_console_test"
|
|
47
|
+
MYSQL_ROOT_HOST: "%"
|
|
48
|
+
MYSQL_ALLOW_EMPTY_PASSWORD: "yes"
|
|
44
49
|
working_directory: ~/safer_rails_console
|
|
45
50
|
steps:
|
|
46
51
|
- checkout
|
|
@@ -60,6 +65,9 @@ jobs:
|
|
|
60
65
|
paths:
|
|
61
66
|
- "vendor/bundle"
|
|
62
67
|
- "gemfiles/vendor/bundle"
|
|
68
|
+
- run:
|
|
69
|
+
name: Wait for Mysql
|
|
70
|
+
command: dockerize -wait tcp://localhost:3306 -timeout 1m
|
|
63
71
|
- run:
|
|
64
72
|
name: Run Tests
|
|
65
73
|
command: |
|
|
@@ -74,17 +82,11 @@ workflows:
|
|
|
74
82
|
matrix:
|
|
75
83
|
parameters:
|
|
76
84
|
ruby_version:
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
85
|
+
- 3.0.6
|
|
86
|
+
- 3.1.4
|
|
87
|
+
- 3.2.2
|
|
88
|
+
- 3.3.0
|
|
81
89
|
gemfile:
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
- "gemfiles/7.1.gemfile"
|
|
86
|
-
exclude:
|
|
87
|
-
- ruby_version: "3.1.4"
|
|
88
|
-
gemfile: "gemfiles/6.0.gemfile"
|
|
89
|
-
- ruby_version: "3.2.2"
|
|
90
|
-
gemfile: "gemfiles/6.0.gemfile"
|
|
90
|
+
- gemfiles/6.1.gemfile
|
|
91
|
+
- gemfiles/7.0.gemfile
|
|
92
|
+
- gemfiles/7.1.gemfile
|
data/.github/CODEOWNERS
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
* @
|
|
1
|
+
* @salsify/pim-core-backend
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
data/Appraisals
CHANGED
|
@@ -1,17 +1,13 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
appraise '6.0' do
|
|
4
|
-
gem 'rails', '~> 6.0.0'
|
|
5
|
-
end
|
|
6
|
-
|
|
7
3
|
appraise '6.1' do
|
|
8
|
-
gem 'rails', '~> 6.1.
|
|
4
|
+
gem 'rails', '~> 6.1.7.6'
|
|
9
5
|
end
|
|
10
6
|
|
|
11
7
|
appraise '7.0' do
|
|
12
|
-
gem 'rails', '~> 7.0.
|
|
8
|
+
gem 'rails', '~> 7.0.8'
|
|
13
9
|
end
|
|
14
10
|
|
|
15
11
|
appraise '7.1' do
|
|
16
|
-
gem 'rails', '~> 7.1.
|
|
12
|
+
gem 'rails', '~> 7.1.2'
|
|
17
13
|
end
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
[](https://circleci.com/gh/salsify/safer_rails_console)
|
|
4
4
|
[](https://badge.fury.io/rb/safer_rails_console)
|
|
5
5
|
|
|
6
|
-
This gem makes Rails console sessions less dangerous in specified environments by warning, color-coding, and auto-sandboxing PostgreSQL connections. In the future we'd like to extend this to make other external connections read-only too (e.g. disable job queueing, non-GET HTTP requests, etc.)
|
|
6
|
+
This gem makes Rails console sessions less dangerous in specified environments by warning, color-coding, and auto-sandboxing PostgreSQL and MySQL connections. In the future we'd like to extend this to make other external connections read-only too (e.g. disable job queueing, non-GET HTTP requests, etc.)
|
|
7
7
|
|
|
8
8
|
## Installation
|
|
9
9
|
|
data/gemfiles/6.1.gemfile
CHANGED
data/gemfiles/7.0.gemfile
CHANGED
data/gemfiles/7.1.gemfile
CHANGED
|
@@ -11,8 +11,8 @@ module SaferRailsConsole
|
|
|
11
11
|
connection.begin_db_transaction
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def self.handle_and_reraise_exception(error)
|
|
15
|
-
if error.message.include?(
|
|
14
|
+
def self.handle_and_reraise_exception(error, message = 'PG::ReadOnlySqlTransaction')
|
|
15
|
+
if error.message.include?(message)
|
|
16
16
|
puts SaferRailsConsole::Colors.color_text( # rubocop:disable Rails/Output
|
|
17
17
|
'An operation could not be completed due to read-only mode.',
|
|
18
18
|
SaferRailsConsole::Colors::RED
|
|
@@ -28,13 +28,27 @@ module SaferRailsConsole
|
|
|
28
28
|
def execute_and_clear(...)
|
|
29
29
|
super
|
|
30
30
|
rescue StandardError => e
|
|
31
|
-
|
|
31
|
+
# rubocop:disable Layout/LineLength
|
|
32
|
+
SaferRailsConsole::Patches::Sandbox::AutoRollback.handle_and_reraise_exception(e, 'PG::ReadOnlySqlTransaction')
|
|
33
|
+
# rubocop:enable Layout/LineLength
|
|
32
34
|
end
|
|
33
35
|
end
|
|
34
36
|
|
|
35
37
|
if defined?(::ActiveRecord::ConnectionAdapters::PostgreSQLAdapter)
|
|
36
38
|
::ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.prepend(PostgreSQLAdapterPatch)
|
|
37
39
|
end
|
|
40
|
+
|
|
41
|
+
module MySQLPatch
|
|
42
|
+
def execute_and_free(...)
|
|
43
|
+
super
|
|
44
|
+
rescue StandardError => e
|
|
45
|
+
SaferRailsConsole::Patches::Sandbox::AutoRollback.handle_and_reraise_exception(e, 'READ ONLY transaction')
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
if defined?(::ActiveRecord::ConnectionAdapters::AbstractMysqlAdapter)
|
|
50
|
+
::ActiveRecord::ConnectionAdapters::AbstractMysqlAdapter.prepend(MySQLPatch)
|
|
51
|
+
end
|
|
38
52
|
end
|
|
39
53
|
end
|
|
40
54
|
end
|
|
@@ -11,6 +11,13 @@ module SaferRailsConsole
|
|
|
11
11
|
end
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
+
module MySQLPatch
|
|
15
|
+
def begin_db_transaction
|
|
16
|
+
execute 'SET TRANSACTION READ ONLY'
|
|
17
|
+
super
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
14
21
|
if defined?(::ActiveRecord::ConnectionAdapters::PostgreSQLAdapter)
|
|
15
22
|
::ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.prepend(PostgreSQLAdapterPatch)
|
|
16
23
|
|
|
@@ -18,6 +25,13 @@ module SaferRailsConsole
|
|
|
18
25
|
connection = ::ActiveRecord::Base.connection
|
|
19
26
|
connection.execute 'SET TRANSACTION READ ONLY' if connection.open_transactions > 0
|
|
20
27
|
end
|
|
28
|
+
|
|
29
|
+
if defined?(::ActiveRecord::ConnectionAdapters::AbstractMysqlAdapter)
|
|
30
|
+
::ActiveRecord::ConnectionAdapters::AbstractMysqlAdapter.prepend(MySQLPatch)
|
|
31
|
+
|
|
32
|
+
# Not possible to change a running transaction to read-only in MySQL
|
|
33
|
+
# https://dev.mysql.com/doc/refman/8.4/en/set-transaction.html
|
|
34
|
+
end
|
|
21
35
|
end
|
|
22
36
|
end
|
|
23
37
|
end
|
data/safer_rails_console.gemspec
CHANGED
|
@@ -33,12 +33,13 @@ Gem::Specification.new do |spec|
|
|
|
33
33
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
|
34
34
|
spec.require_paths = ['lib']
|
|
35
35
|
|
|
36
|
-
spec.required_ruby_version = '>=
|
|
36
|
+
spec.required_ruby_version = '>= 3.0'
|
|
37
37
|
|
|
38
38
|
spec.add_development_dependency 'appraisal', '~> 2.2'
|
|
39
39
|
spec.add_development_dependency 'bundler', '~> 2.0'
|
|
40
40
|
spec.add_development_dependency 'climate_control', '~> 0.2.0'
|
|
41
41
|
spec.add_development_dependency 'mixlib-shellout', '~> 2.2'
|
|
42
|
+
spec.add_development_dependency 'mysql2', '~> 0.5'
|
|
42
43
|
spec.add_development_dependency 'overcommit', '~> 0.39.0'
|
|
43
44
|
spec.add_development_dependency 'pg', '~> 1.1'
|
|
44
45
|
spec.add_development_dependency 'rake', '~> 12.0'
|
|
@@ -46,5 +47,5 @@ Gem::Specification.new do |spec|
|
|
|
46
47
|
spec.add_development_dependency 'rspec_junit_formatter'
|
|
47
48
|
spec.add_development_dependency 'salsify_rubocop', '~> 1.27.0'
|
|
48
49
|
|
|
49
|
-
spec.add_runtime_dependency 'rails', '>= 6.
|
|
50
|
+
spec.add_runtime_dependency 'rails', '>= 6.1', '< 7.2'
|
|
50
51
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: safer_rails_console
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Salsify, Inc
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-07-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: appraisal
|
|
@@ -66,6 +66,20 @@ dependencies:
|
|
|
66
66
|
- - "~>"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '2.2'
|
|
69
|
+
- !ruby/object:Gem::Dependency
|
|
70
|
+
name: mysql2
|
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
|
72
|
+
requirements:
|
|
73
|
+
- - "~>"
|
|
74
|
+
- !ruby/object:Gem::Version
|
|
75
|
+
version: '0.5'
|
|
76
|
+
type: :development
|
|
77
|
+
prerelease: false
|
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
79
|
+
requirements:
|
|
80
|
+
- - "~>"
|
|
81
|
+
- !ruby/object:Gem::Version
|
|
82
|
+
version: '0.5'
|
|
69
83
|
- !ruby/object:Gem::Dependency
|
|
70
84
|
name: overcommit
|
|
71
85
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -156,7 +170,7 @@ dependencies:
|
|
|
156
170
|
requirements:
|
|
157
171
|
- - ">="
|
|
158
172
|
- !ruby/object:Gem::Version
|
|
159
|
-
version: '6.
|
|
173
|
+
version: '6.1'
|
|
160
174
|
- - "<"
|
|
161
175
|
- !ruby/object:Gem::Version
|
|
162
176
|
version: '7.2'
|
|
@@ -166,7 +180,7 @@ dependencies:
|
|
|
166
180
|
requirements:
|
|
167
181
|
- - ">="
|
|
168
182
|
- !ruby/object:Gem::Version
|
|
169
|
-
version: '6.
|
|
183
|
+
version: '6.1'
|
|
170
184
|
- - "<"
|
|
171
185
|
- !ruby/object:Gem::Version
|
|
172
186
|
version: '7.2'
|
|
@@ -193,7 +207,6 @@ files:
|
|
|
193
207
|
- Rakefile
|
|
194
208
|
- bin/console
|
|
195
209
|
- bin/setup
|
|
196
|
-
- gemfiles/6.0.gemfile
|
|
197
210
|
- gemfiles/6.1.gemfile
|
|
198
211
|
- gemfiles/7.0.gemfile
|
|
199
212
|
- gemfiles/7.1.gemfile
|
|
@@ -226,7 +239,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
226
239
|
requirements:
|
|
227
240
|
- - ">="
|
|
228
241
|
- !ruby/object:Gem::Version
|
|
229
|
-
version: '
|
|
242
|
+
version: '3.0'
|
|
230
243
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
231
244
|
requirements:
|
|
232
245
|
- - ">="
|