tenant_check 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2c3352a7575b13cc9278df4276eb0fe4d0f12e33c458d957ce1e01408c2fd99f
+  data.tar.gz: e86621dc02c63d64d7a4ddf71fe6fe621623d6936c0d210956a51690ab64085b
+SHA512:
+  metadata.gz: eebdbf0719d645fdb208a00d0e46be2a56ba9bfc72f3175431df68bc765865a628d241f81c48b7b1bb973901af3ad32673a54bed6a73f2124ee77ab9e6dd829b
+  data.tar.gz: 168e790052c2d4e0479b94c51c8ab870ee577aa46c7b0dc0c246bf8a827baea0881fc9b52e9a27016bb84da8d19dbacb775a101494b5846252db3fccd25eaf69

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/.vscode
+Gemfile.lock
+.solargraph.yml
+
+# rspec failure tracking
+.rspec_status

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,48 @@
+# inherit_from: .rubocop_todo.yml
+
+AllCops:
+  TargetRubyVersion: 2.4
+  Exclude:
+    - 'bin/*'
+    - '*.gemspec'
+
+Lint/AmbiguousBlockAssociation:
+  Exclude:
+    - spec/**/*.rb
+
+Style/BlockDelimiters:
+  EnforcedStyle: braces_for_chaining
+
+Style/TrailingCommaInArrayLiteral:
+  EnforcedStyleForMultiline: comma
+
+Style/NonNilCheck:
+  Enabled: false
+
+Naming/VariableNumber:
+  Enabled: false
+
+Naming/HeredocDelimiterNaming:
+  Enabled: false
+
+Style/Documentation:
+  Enabled: false
+  
+Metrics/LineLength:
+  Max: 120
+
+Metrics/MethodLength:
+  Max: 25
+
+Metrics/BlockLength:
+  Enabled: false
+
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/CyclomaticComplexity:
+  Enabled: false
+
+Metrics/PerceivedComplexity:
+  Enabled: false
+

data/.travis.yml

@@ -0,0 +1,5 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.5.0
+before_install: gem install bundler -v 1.16.1

data/Gemfile

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
+
+# Specify your gem's dependencies in tenant_check.gemspec
+gemspec
+
+gem 'rails', '~> 5.1.0'
+gem 'sqlite3'

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2018 Shunichi Ikegami
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,86 @@
+# TenantCheck
+
+Detect tenant unsafe queries in Rails app.
+
+## CAVEAT
+
+This gem is in an early stage of development.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'tenant_check', group: :development
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install tenant_check
+
+## Usage
+
+```ruby
+# in config/initializers/tenant_check.rb
+if Rails.env.development?
+  TenantCheck.tenant_class = Tenant # your tenant class
+  TenantCheck.enable = true
+end
+```
+
+```ruby
+class Tenant < ApplicationRecord
+  has_many :users
+  has_many :tasks
+end
+
+class Task < ApplicationRecord
+  belongs_to :tenant
+  belongs_to :user, optional: true
+end
+
+class User < ApplicationRecord
+  belongs_to :tenant
+  has_many :tasks
+end
+```
+
+```ruby
+# unsafe queries. (output warnings to log)
+user = User.first # the query without tenant is unsafe.
+user.tasks.to_a # the query based on unsafe record is unsafe.
+
+# safe queries. (no warnings)
+tenant = Tenant.first # tenant query is safe.
+tenant_user = tenant.users.first # the query based on tenant is safe.
+tenant_user.tasks.to_a # the query based on safe record is safe.
+current_user.tasks.to_a # devise current_user is safe and the query based on it is safe.
+```
+
+### temporarlly disable tenant check
+
+```ruby
+users = TenantCheck.ignored { User.all }
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## TODO
+- test for various rails versions
+- support calculation methods
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/shunichi/tenant_check.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "tenant_check"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/rake

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rake' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 150) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rake", "rake")

data/bin/rspec

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'rspec' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+bundle_binstub = File.expand_path("../bundle", __FILE__)
+
+if File.file?(bundle_binstub)
+  if File.read(bundle_binstub, 150) =~ /This file was generated by Bundler/
+    load(bundle_binstub)
+  else
+    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
+Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
+  end
+end
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("rspec-core", "rspec")

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/tenant_check/active_record/extensions.rb

@@ -0,0 +1,166 @@
+# frozen_string_literal: true
+
+require 'active_support/concern'
+
+module TenantCheck
+  module ActiveRecord
+    module TenantMethodExtension
+      extend ActiveSupport::Concern
+
+      included do
+        attr_accessor :_tenant_check_safe
+      end
+    end
+
+    module TenantSafetyCheck
+      class << self
+        def safe_preloading
+          Thread.current[:tenant_check_safe_preloading]
+        end
+
+        def safe_preloading=(value)
+          Thread.current[:tenant_check_safe_preloading] = value
+        end
+
+        def safe_preload(safe)
+          prev, self.safe_preloading = safe_preloading, true if safe # rubocop:disable Style/ParallelAssignment
+          yield
+        ensure
+          self.safe_preloading = prev if safe
+        end
+      end
+
+      private
+
+      def check_tenant_safety(sql_descpription = nil)
+        return true if TenantSafetyCheck.safe_preloading || klass.name == ::TenantCheck.tenant_class_name
+        return true if respond_to?(:proxy_association) && proxy_association.owner._tenant_check_safe
+        unless tenant_safe_where_clause?(where_clause)
+          c = caller
+          lines = c.join("\n")
+          unless ::TenantCheck.safe_caller_patterns.any? { |reg| reg.match?(lines) }
+            ::TenantCheck.add_notification ::TenantCheck::Notification.new(c, klass, sql_descpription || to_sql)
+            return false
+          end
+        end
+        true
+      end
+
+      def tenant_safe_where_clause?(clause)
+        predicates = clause.send(:predicates)
+        equalities = predicates.grep(Arel::Nodes::Equality)
+        equalities.any? do |node|
+          attribute = node.left
+          return true if ::TenantCheck.tenant_associations[attribute.relation.name]&.member?(attribute.name)
+        end
+      end
+    end
+
+    module CollectionProxyExtension
+      include TenantSafetyCheck
+
+      def load_target
+        return super unless ::TenantCheck.enable_and_started?
+        return super if loaded?
+
+        safe = check_tenant_safety
+        result = TenantSafetyCheck.safe_preload(safe) do
+          super
+        end
+        if safe
+          Array(target).each do |record|
+            record._tenant_check_safe = true
+          end
+        end
+        result
+      end
+    end
+
+    module RelationExtension
+      include TenantSafetyCheck
+
+      def pluck(*column_names)
+        return super unless ::TenantCheck.enable_and_started?
+        return super if has_include?(column_names.first)
+        check_tenant_safety('pluck')
+        super
+      end
+
+      private
+
+      def exec_queries(&block)
+        return super unless ::TenantCheck.enable_and_started?
+
+        safe = check_tenant_safety
+
+        result = TenantSafetyCheck.safe_preload(safe) do
+          super
+        end
+
+        if safe
+          @records.each do |record|
+            record._tenant_check_safe = true
+          end
+        end
+
+        result
+      end
+    end
+
+    module ActiveRecordExtension
+      def find_by_sql(sql, binds = [], preparable: nil, &block)
+        puts '************************* find_by_sql'
+        puts caller
+        puts '************************* sql'
+        pp sql
+        puts '************************* binds'
+        pp binds
+        puts '************************* to_sql'
+        puts connection.to_sql(sql, binds)
+        puts '************************* dump_arel'
+        dump_arel(sql)
+        super
+      end
+
+      def dump_arel(arel, depth = 0)
+        case arel
+        when Array
+          arel.each do |node|
+            dump_arel(node, depth + 1)
+          end
+        when ::Arel::SelectManager
+          indent_puts(depth, '[SelectManager]')
+          dump_arel(arel.ast, depth + 1)
+          pp arel
+        when ::Arel::Nodes::SelectStatement
+          indent_puts(depth, '[SelectStatement]')
+          dump_arel(arel.cores, depth + 1)
+        when ::Arel::Nodes::SelectCore
+          indent_puts(depth, '[SelectCore]')
+          indent_puts(depth + 1, 'projections=')
+          dump_arel(arel.projections, depth + 1)
+          indent_puts(depth + 1, 'join_source=')
+          dump_arel(arel.source, depth + 2)
+          indent_puts(depth + 1, 'wheres=')
+          dump_arel(arel.wheres, depth + 1)
+        when ::Arel::Nodes::Node
+          indent_puts(depth, "[#{arel.class}]")
+        when ::Arel::Attributes::Attribute
+          indent_puts(depth, "[#{arel.class}]")
+        end
+      end
+
+      def indent_puts(depth, str)
+        puts '  ' * depth + str
+      end
+    end
+
+    class << self
+      def apply_patch
+        ::ActiveRecord::Base.include TenantMethodExtension
+        ::ActiveRecord::Relation.prepend RelationExtension
+        ::ActiveRecord::Associations::CollectionProxy.prepend CollectionProxyExtension
+      end
+    end
+  end
+end

data/lib/tenant_check/notification.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'tenant_check/stack_trace_fliter'
+
+module TenantCheck
+  class Notification
+    attr_reader :callers, :filtered_callers, :base_class, :sql
+
+    def initialize(callers, base_class, sql)
+      @callers = callers
+      @filtered_callers = StackTraceFilter.filter_in_project(callers)
+      @base_class = base_class
+      @sql = sql
+    end
+
+    def filtered_callers_or_callers
+      filtered_callers.empty? ? callers : filtered_callers
+    end
+
+    def eql?(other)
+      base_class == other.base_class && callers == other.callers
+    end
+
+    def hash
+      [base_class, callers].hash
+    end
+
+    def message
+      <<~EOS
+        >>> Query without tenant condition detected!
+        class: #{base_class}
+        sql: #{sql}
+        stacktrace:
+        #{filtered_callers_or_callers.join("\n")}
+
+      EOS
+    end
+  end
+end

data/lib/tenant_check/rack.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module TenantCheck
+  class Rack
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      TenantCheck.start
+      result = @app.call(env)
+      TenantCheck.output_notifications
+      result
+    ensure
+      TenantCheck.end
+    end
+  end
+end

data/lib/tenant_check/stack_trace_fliter.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module TenantCheck
+  module StackTraceFilter
+    class << self
+      def filter_in_project(paths)
+        app_root = defined?(Rails) ? Rails.root.to_s : Dir.pwd
+        bundler_path = Bundler.bundle_path.to_s
+        paths.select do |path|
+          path.include?(app_root) && !path.include?(bundler_path)
+        end
+      end
+    end
+  end
+end

data/lib/tenant_check/version.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+module TenantCheck
+  VERSION = '0.1.0'
+end

data/lib/tenant_check.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+require 'tenant_check/version'
+require 'active_support/lazy_load_hooks'
+require 'set'
+require 'logger'
+
+module TenantCheck
+  autoload :Notification, 'tenant_check/notification'
+  autoload :Rack, 'tenant_check/rack'
+
+  class << self
+    attr_reader :enable
+
+    def enable=(value)
+      @enable = value
+
+      return if @patched || !value
+      @patched = true
+      ActiveSupport.on_load(:active_record) do
+        require 'tenant_check/active_record/extensions'
+        ::TenantCheck::ActiveRecord.apply_patch
+        ::Rails.configuration.middleware.use TenantCheck::Rack if defined? Rails
+      end
+    end
+
+    def tenant_class=(klass)
+      if ::TenantCheck.tenant_class_name != nil && ::TenantCheck.tenant_class_name != klass.name
+        raise 'TenantCheck.tenant_class= must be called only once'
+      end
+      ::TenantCheck.tenant_class_name = klass.name
+
+      klass.reflections.each do |_, reflection|
+        case reflection
+        when ::ActiveRecord::Reflection::HasManyReflection, ::ActiveRecord::Reflection::HasOneReflection
+          ::TenantCheck.add_association(reflection.klass.arel_table.name, reflection.foreign_key)
+        end
+      end
+    end
+
+    attr_accessor :tenant_class_name
+    attr_writer :tenant_associations, :safe_caller_patterns
+
+    def tenant_associations
+      @tenant_associations ||= {}
+    end
+
+    def add_association(table, foreign_key)
+      tenant_associations[table] ||= Set.new
+      tenant_associations[table].add(foreign_key)
+    end
+
+    def default_safe_caller_patterns
+      [
+        /^.*devise.*`serialize_from_session'.*$/,
+      ]
+    end
+
+    def safe_caller_patterns
+      @safe_caller_patterns ||= default_safe_caller_patterns
+    end
+
+    def start
+      Thread.current[:tenant_check_start] = true
+      Thread.current[:tenant_check_notifications] = Set.new
+    end
+
+    def end
+      Thread.current[:tenant_check_start] = nil
+      Thread.current[:tenant_check_notifications] = nil
+    end
+
+    def started?
+      Thread.current[:tenant_check_start]
+    end
+
+    def enable_and_started?
+      enable && started? && !temporally_disabled?
+    end
+
+    def temporally_disabled?
+      Thread.current[:tenant_check_temporally_disabled]
+    end
+
+    def temporally_disabled=(value)
+      Thread.current[:tenant_check_temporally_disabled] = value
+    end
+
+    def ignored
+      prev, self.temporally_disabled = temporally_disabled?, true # rubocop:disable Style/ParallelAssignment
+      yield
+    ensure
+      self.temporally_disabled = prev
+    end
+
+    def notifications
+      Thread.current[:tenant_check_notifications]
+    end
+
+    def add_notification(notification)
+      notifications.add(notification) if started?
+    end
+
+    def output_notifications
+      notifications.each do |notification|
+        logger.warn(notification.message)
+      end
+    end
+
+    def logger
+      @logger ||= defined?(Rails) ? Rails.logger : Logger.new(STDOUT)
+    end
+  end
+end

data/tenant_check.gemspec

@@ -0,0 +1,26 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "tenant_check/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "tenant_check"
+  spec.version       = TenantCheck::VERSION
+  spec.authors       = ["Shunichi Ikegami"]
+  spec.email         = ["sike.tm@gmail.com"]
+
+  spec.summary       = %q{detect queries without tenant.}
+  spec.description   = %q{detect queries without tenant.}
+  spec.homepage      = "https://github.com/shunichi/tenant_check"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec", "~> 3.0"
+end

metadata

@@ -0,0 +1,105 @@
+--- !ruby/object:Gem::Specification
+name: tenant_check
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Shunichi Ikegami
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2018-05-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.16'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+description: detect queries without tenant.
+email:
+- sike.tm@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".rubocop.yml"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/rake
+- bin/rspec
+- bin/setup
+- lib/tenant_check.rb
+- lib/tenant_check/active_record/extensions.rb
+- lib/tenant_check/notification.rb
+- lib/tenant_check/rack.rb
+- lib/tenant_check/stack_trace_fliter.rb
+- lib/tenant_check/version.rb
+- tenant_check.gemspec
+homepage: https://github.com/shunichi/tenant_check
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: detect queries without tenant.
+test_files: []