Class: Console1984::CommandExecutor

Inherits:
Object
  • Object
show all
Includes:
Freezeable
Defined in:
lib/console1984/command_executor.rb

Overview

Supervise execution of console commands:

  • It will validate commands before running them.

  • It will execute the commands in protected mode if needed.

  • It will log the command execution, and flag suspicious attempts and forbidden commands appropriately.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Freezeable

freeze_all, included

Instance Attribute Details

#last_suspicious_command_errorObject (readonly)

Returns the value of attribute last_suspicious_command_error.



13
14
15
 
# File 'lib/console1984/command_executor.rb', line 13

def last_suspicious_command_error
  @last_suspicious_command_error
end

Instance Method Details

#execute(commands, &block) ⇒ Object

Logs and validates commands, and executes the passed block in a protected environment.

Suspicious commands will be executed but flagged as suspicious. Forbidden commands will be prevented and flagged too.



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/console1984/command_executor.rb', line 19

def execute(commands, &block)
  run_as_system { session_logger.before_executing commands }
  validate_command commands
  execute_in_protected_mode(&block)
rescue Console1984::Errors::ForbiddenCommandAttempted, FrozenError => error
  flag_suspicious(commands, error: error)
rescue Console1984::Errors::SuspiciousCommandAttempted => error
  flag_suspicious(commands, error: error)
  execute_in_protected_mode(&block)
rescue Console1984::Errors::ForbiddenCommandExecuted => error
  # We detected that a forbidden command was executed. We exit IRB right away.
  flag_suspicious(commands, error: error)
  Console1984.supervisor.exit_irb
rescue => error
  raise encrypting_error(error)
ensure
  run_as_system { session_logger.after_executing commands }
end

#execute_in_protected_mode(&block) ⇒ Object

Executes the passed block in protected mode.

See Console1984::Shield::Modes.



41
42
43
44
45
 
# File 'lib/console1984/command_executor.rb', line 41

def execute_in_protected_mode(&block)
  run_as_user do
    shield.with_protected_mode(&block)
  end
end

#executing_user_command?Boolean

Returns whether the system is currently executing a user command.

Returns:

  • (Boolean) 


64
65
66
 
# File 'lib/console1984/command_executor.rb', line 64

def executing_user_command?
  @executing_user_command
end

#from_irb?(backtrace) ⇒ Boolean

Returns:

  • (Boolean) 


75
76
77
 
# File 'lib/console1984/command_executor.rb', line 75

def from_irb?(backtrace)
  executing_user_command? && backtrace.first.to_s =~ /^[^\/]/
end

#run_as_system(&block) ⇒ Object

Executes the passed block as the system.

While the block is being executed, #executing_user_command? will return false.



59
60
61
 
# File 'lib/console1984/command_executor.rb', line 59

def run_as_system(&block)
  run_command false, &block
end

#run_as_user(&block) ⇒ Object

Executes the passed block as a user.

While the block is being executed, #executing_user_command? will return true. This method helps implementing certain protection mechanisms that should only act with user commands.



52
53
54
 
# File 'lib/console1984/command_executor.rb', line 52

def run_as_user(&block)
  run_command true, &block
end

#validate_command(command) ⇒ Object

Validates the command.

See Console1984::CommandValidator.



71
72
73
 
# File 'lib/console1984/command_executor.rb', line 71

def validate_command(command)
  command_validator.validate(command)
end