Module: Immunio

Extended by:

Authentication

Defined in:

lib/immunio/plugins/active_record_relation.rb,
lib/immunio.rb,
lib/immunio/vm.rb,
lib/immunio/cli.rb,
lib/immunio/agent.rb,
lib/immunio/rails.rb,
lib/immunio/utils.rb,
lib/immunio/errors.rb,
lib/immunio/logger.rb,
lib/immunio/plugin.rb,
lib/immunio/channel.rb,
lib/immunio/context.rb,
lib/immunio/request.rb,
lib/immunio/version.rb,
lib/immunio/processor.rb,
lib/immunio/plugins/io.rb,
lib/immunio/blocked_app.rb,
lib/immunio/plugins/csrf.rb,
lib/immunio/plugins/eval.rb,
lib/immunio/plugins/metal.rb,
lib/immunio/authentication.rb,
lib/immunio/plugins/redirect.rb,
lib/immunio/plugins/action_view.rb,
lib/immunio/plugins/gems_tracker.rb,
lib/immunio/plugins/http_tracker.rb,
lib/immunio/plugins/active_record.rb,
lib/immunio/plugins/http_finisher.rb,
lib/immunio/plugins/action_dispatch.rb,
lib/immunio/plugins/exception_handler.rb,
lib/immunio/plugins/environment_reporter.rb

Overview

Wrap methods to keep track of ActiveRecord::Relation method calls and query executions.

Defined Under Namespace

Modules: ActiveSupportHooks, ArelToSqlHooks, Authentication, CacheStoreHooks, Context, CookieHooks, CsrfHook, ErubiHooks, ErubisHooks, FileClassHooks, FragmentCachingHooks, HamlHooks, HasManyThroughAssociationHooks, IOClassHooks, IOHooks, KernelEvalHook, KernelModuleHooks, MetalHook, ParamsHooks, QueryExecutionHooks, QueryingHooks, QuotingHooks, RedirectHook, RelationHooks, SanitizeHooks, SpawnHooks, StatementCacheHooks, TemplateHooks, TemplateRendererHooks, Utils Classes: Agent, ArelNodeVisitor, BlockError, BodyWrapper, CLI, Channel, Engine, EnvironmentReporter, Error, ExceptionHandler, HTTPFinisher, HTTPTracker, InputWrapper, Logger, LuaVM, OverrideResponse, Plugin, Processor, QueryTracker, Request, RequestBlocked, Template, VM, VMError, VMFactory

Constant Summary

DIR =

File.expand_path(File.dirname(__FILE__))

CODE_PROTECTION_PLUGINS =

%w(xss file_io redirect sqli shell_command).freeze

DEFAULT_PLUGINS =

Plugins that are enabled by default. Override using the ‘plugins_enabled` and `plugins_disabled` configuration settings.

CODE_PROTECTION_PLUGINS.dup.freeze

CONFIG_FILENAME =

"immunio.yml"

AGENT_INIT_MUTEX =

Mutex.new

AGENT_TYPE =

"agent-ruby"

VERSION =

"1.1.19"

VM_VERSION =

"2.2.0"

XSS_HOOKS =

%w[template_render_done template_render_var]

GemsTracker =

EnvironmentReporter

Instance Attribute Summary

• #logger ⇒ Object readonly

  Returns the value of attribute logger.

Class Method Summary

• .activate! ⇒ Object
• .activate_plugins! ⇒ Object

  Load plugins (after agent is loaded).

• .agent ⇒ Object
• .create_startup_logger ⇒ Object
• .finish_request(*args) ⇒ Object
• .list_to_headers(list) ⇒ Object
• .logger ⇒ Object
• .new_request(*args) ⇒ Object
• .reset! ⇒ Object
• .run_hook(*args) ⇒ Object
• .run_hook!(*args) ⇒ Object
• .setup_logger_formatter ⇒ Object
• .switch_to_real_logger(log_file, log_level) ⇒ Object

Methods included from Authentication

failed_login, failed_password_reset, login, logout, password_reset, set_user

Instance Attribute Details

#logger ⇒ Object (readonly)

Returns the value of attribute logger.

# File 'lib/immunio/logger.rb', line 26

def logger
  @logger
end

Class Method Details

.activate! ⇒ Object

# File 'lib/immunio.rb', line 4

def self.activate!
  require_relative "immunio/utils"
  require_relative "immunio/agent"
  require_relative "immunio/authentication"
  require_relative "immunio/plugin"

  agent # Force load agent
end

.activate_plugins! ⇒ Object

Load plugins (after agent is loaded)

# File 'lib/immunio.rb', line 14

def self.activate_plugins!
  require_relative "immunio/plugins/action_view"
  # NOTE immunio/plugins/active_record is loaded after ActiveRecord is configured in rails.rb
  require_relative "immunio/plugins/action_dispatch"
  require_relative "immunio/plugins/csrf"
  require_relative "immunio/plugins/io"
  require_relative "immunio/plugins/devise"
  require_relative "immunio/plugins/warden"
  require_relative "immunio/plugins/authlogic"
  require_relative "immunio/plugins/redirect"
  require_relative "immunio/plugins/eval"
  require_relative "immunio/plugins/metal"

  # Load and activate Rails engine
  require_relative "immunio/rails"
end

.agent ⇒ Object

# File 'lib/immunio/agent.rb', line 252

def self.agent
  return @agent if @agent

  AGENT_INIT_MUTEX.synchronize do
    @agent = Agent.new
    activate_plugins! if @agent.agent_enabled
  end

  @agent
end

.create_startup_logger ⇒ Object

# File 'lib/immunio/logger.rb', line 28

def self.create_startup_logger
  @startup_messages = StringIO.new
  @logger = Logger.new @startup_messages

  setup_logger_formatter
end

.finish_request(*args) ⇒ Object

# File 'lib/immunio/agent.rb', line 267

def self.finish_request(*args)
  agent.finish_request(*args)
end

.list_to_headers(list) ⇒ Object

# File 'lib/immunio/blocked_app.rb', line 24

def self.list_to_headers(list)
  new_headers = {}
  list.each do |name, value|
    # If this header is already in `new_headers`, append to the
    # existing value with a linefeed separator.
    if new_headers.has_key?(name)
      new_headers[name] += ("\n" + value)
    else
      new_headers[name] = value
    end
  end
  new_headers
end

.logger ⇒ Object

# File 'lib/immunio/logger.rb', line 83

def self.logger
  @logger
end

.new_request(*args) ⇒ Object

# File 'lib/immunio/agent.rb', line 263

def self.new_request(*args)
  agent.new_request(*args)
end

.reset! ⇒ Object

# File 'lib/immunio.rb', line 31

def self.reset!
  agent.reset if agent
end

.run_hook(*args) ⇒ Object

# File 'lib/immunio/agent.rb', line 271

def self.run_hook(*args)
  agent.run_hook(*args)
end

.run_hook!(*args) ⇒ Object

# File 'lib/immunio/agent.rb', line 275

def self.run_hook!(*args)
  # Don't run hooks if we're starting up the agent and opening a log
  agent.run_hook!(*args) unless !@agent && args[0] == "io" && args[1] == "open"
end

.setup_logger_formatter ⇒ Object

# File 'lib/immunio/logger.rb', line 35

def self.setup_logger_formatter
  logger.formatter = proc do |severity, datetime, _progname, msg|
    "[#{datetime}] [#{Process.pid} (#{Thread.current.object_id})]: #{severity}: #{msg}\n"
  end
end

.switch_to_real_logger(log_file, log_level) ⇒ Object

# File 'lib/immunio/logger.rb', line 41

def self.switch_to_real_logger(log_file, log_level)
  # Have we already switched to real logger?
  return if !defined?(@startup_messages)

  if log_file == "STDOUT"
    @logger = Logger.new $stdout
  elsif log_file == "STDERR"
    @logger = Logger.new $stderr
  else
    path = Pathname.new(log_file)
    begin
      FileUtils.mkdir_p path.dirname unless File.exist? path.dirname

      file = File.open path, 'a'
      file.binmode
      file.sync = true

      @logger = Logger.new file
      log_file = path.realpath
    rescue StandardError => e
      logger.warn "Failed to open #{log_file} (#{path.realdirpath}) for logging (#{e.message})"
      @logger = Logger.new $stderr
      log_file = "STDERR"
    end
  end

  # Dump saved log messages during startup to real log
  logger << @startup_messages.string
  remove_instance_variable(:@startup_messages)

  setup_logger_formatter

  begin
    logger.level = Logger.const_get(log_level.to_s.upcase)
  rescue
    logger.level = Logger::DEBUG
    logger.debug "Failed to interpret log level #{log_level}, falling back to debug"
  end

  logger.debug "Logging to #{log_file}"
end