Module: Immunio
- Extended by:
- Authentication
- Defined in:
- lib/immunio/plugins/active_record_relation.rb,
lib/immunio.rb,
lib/immunio/vm.rb,
lib/immunio/cli.rb,
lib/immunio/agent.rb,
lib/immunio/rails.rb,
lib/immunio/utils.rb,
lib/immunio/errors.rb,
lib/immunio/logger.rb,
lib/immunio/plugin.rb,
lib/immunio/channel.rb,
lib/immunio/context.rb,
lib/immunio/request.rb,
lib/immunio/version.rb,
lib/immunio/processor.rb,
lib/immunio/plugins/io.rb,
lib/immunio/blocked_app.rb,
lib/immunio/plugins/csrf.rb,
lib/immunio/plugins/eval.rb,
lib/immunio/plugins/metal.rb,
lib/immunio/authentication.rb,
lib/immunio/plugins/redirect.rb,
lib/immunio/plugins/action_view.rb,
lib/immunio/plugins/gems_tracker.rb,
lib/immunio/plugins/http_tracker.rb,
lib/immunio/plugins/active_record.rb,
lib/immunio/plugins/http_finisher.rb,
lib/immunio/plugins/action_dispatch.rb,
lib/immunio/plugins/exception_handler.rb,
lib/immunio/plugins/environment_reporter.rb
Overview
Wrap methods to keep track of ActiveRecord::Relation method calls and query executions.
Defined Under Namespace
Modules: ActiveSupportHooks, ArelToSqlHooks, Authentication, CacheStoreHooks, Context, CookieHooks, CsrfHook, ErubiHooks, ErubisHooks, FileClassHooks, FragmentCachingHooks, HamlHooks, HasManyThroughAssociationHooks, IOClassHooks, IOHooks, KernelEvalHook, KernelModuleHooks, MetalHook, ParamsHooks, QueryExecutionHooks, QueryingHooks, QuotingHooks, RedirectHook, RelationHooks, SanitizeHooks, SpawnHooks, StatementCacheHooks, TemplateHooks, TemplateRendererHooks, Utils
Classes: Agent, ArelNodeVisitor, BlockError, BodyWrapper, CLI, Channel, Engine, EnvironmentReporter, Error, ExceptionHandler, HTTPFinisher, HTTPTracker, InputWrapper, Logger, LuaVM, OverrideResponse, Plugin, Processor, QueryTracker, Request, RequestBlocked, Template, VM, VMError, VMFactory
Constant Summary
collapse
- DIR =
File.expand_path(File.dirname(__FILE__))
- CODE_PROTECTION_PLUGINS =
%w(xss file_io redirect sqli shell_command).freeze
- DEFAULT_PLUGINS =
Plugins that are enabled by default. Override using the ‘plugins_enabled` and `plugins_disabled` configuration settings.
CODE_PROTECTION_PLUGINS.dup.freeze
- CONFIG_FILENAME =
"immunio.yml"
- AGENT_INIT_MUTEX =
Mutex.new
- AGENT_TYPE =
"agent-ruby"
- VERSION =
"1.1.19"
- VM_VERSION =
"2.2.0"
- XSS_HOOKS =
%w[template_render_done template_render_var]
- GemsTracker =
EnvironmentReporter
Instance Attribute Summary collapse
Class Method Summary
collapse
failed_login, failed_password_reset, login, logout, password_reset, set_user
Instance Attribute Details
#logger ⇒ Object
Returns the value of attribute logger.
26
27
28
|
# File 'lib/immunio/logger.rb', line 26
def logger
@logger
end
|
Class Method Details
.activate! ⇒ Object
4
5
6
7
8
9
10
11
|
# File 'lib/immunio.rb', line 4
def self.activate!
require_relative "immunio/utils"
require_relative "immunio/agent"
require_relative "immunio/authentication"
require_relative "immunio/plugin"
agent end
|
.activate_plugins! ⇒ Object
Load plugins (after agent is loaded)
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# File 'lib/immunio.rb', line 14
def self.activate_plugins!
require_relative "immunio/plugins/action_view"
require_relative "immunio/plugins/action_dispatch"
require_relative "immunio/plugins/csrf"
require_relative "immunio/plugins/io"
require_relative "immunio/plugins/devise"
require_relative "immunio/plugins/warden"
require_relative "immunio/plugins/authlogic"
require_relative "immunio/plugins/redirect"
require_relative "immunio/plugins/eval"
require_relative "immunio/plugins/metal"
require_relative "immunio/rails"
end
|
.agent ⇒ Object
252
253
254
255
256
257
258
259
260
261
|
# File 'lib/immunio/agent.rb', line 252
def self.agent
return @agent if @agent
AGENT_INIT_MUTEX.synchronize do
@agent = Agent.new
activate_plugins! if @agent.agent_enabled
end
@agent
end
|
.create_startup_logger ⇒ Object
28
29
30
31
32
33
|
# File 'lib/immunio/logger.rb', line 28
def self.create_startup_logger
@startup_messages = StringIO.new
@logger = Logger.new @startup_messages
setup_logger_formatter
end
|
.finish_request(*args) ⇒ Object
267
268
269
|
# File 'lib/immunio/agent.rb', line 267
def self.finish_request(*args)
agent.finish_request(*args)
end
|
24
25
26
27
28
29
30
31
32
33
34
35
36
|
# File 'lib/immunio/blocked_app.rb', line 24
def self.(list)
= {}
list.each do |name, value|
if .has_key?(name)
[name] += ("\n" + value)
else
[name] = value
end
end
end
|
.logger ⇒ Object
83
84
85
|
# File 'lib/immunio/logger.rb', line 83
def self.logger
@logger
end
|
.new_request(*args) ⇒ Object
263
264
265
|
# File 'lib/immunio/agent.rb', line 263
def self.new_request(*args)
agent.new_request(*args)
end
|
.reset! ⇒ Object
31
32
33
|
# File 'lib/immunio.rb', line 31
def self.reset!
agent.reset if agent
end
|
.run_hook(*args) ⇒ Object
271
272
273
|
# File 'lib/immunio/agent.rb', line 271
def self.run_hook(*args)
agent.run_hook(*args)
end
|
.run_hook!(*args) ⇒ Object
275
276
277
278
|
# File 'lib/immunio/agent.rb', line 275
def self.run_hook!(*args)
agent.run_hook!(*args) unless !@agent && args[0] == "io" && args[1] == "open"
end
|
35
36
37
38
39
|
# File 'lib/immunio/logger.rb', line 35
def self.setup_logger_formatter
logger.formatter = proc do |severity, datetime, _progname, msg|
"[#{datetime}] [#{Process.pid} (#{Thread.current.object_id})]: #{severity}: #{msg}\n"
end
end
|
.switch_to_real_logger(log_file, log_level) ⇒ Object
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
# File 'lib/immunio/logger.rb', line 41
def self.switch_to_real_logger(log_file, log_level)
return if !defined?(@startup_messages)
if log_file == "STDOUT"
@logger = Logger.new $stdout
elsif log_file == "STDERR"
@logger = Logger.new $stderr
else
path = Pathname.new(log_file)
begin
FileUtils.mkdir_p path.dirname unless File.exist? path.dirname
file = File.open path, 'a'
file.binmode
file.sync = true
@logger = Logger.new file
log_file = path.realpath
rescue StandardError => e
logger.warn "Failed to open #{log_file} (#{path.realdirpath}) for logging (#{e.message})"
@logger = Logger.new $stderr
log_file = "STDERR"
end
end
logger << @startup_messages.string
remove_instance_variable(:@startup_messages)
setup_logger_formatter
begin
logger.level = Logger.const_get(log_level.to_s.upcase)
rescue
logger.level = Logger::DEBUG
logger.debug "Failed to interpret log level #{log_level}, falling back to debug"
end
logger.debug "Logging to #{log_file}"
end
|