Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve protection mechanisms, design and documentation #26

Merged
merged 7 commits into from
Sep 4, 2021
Merged

Improve protection mechanisms, design and documentation #26

merged 7 commits into from
Sep 4, 2021

Conversation

jorgemanrubia
Copy link
Member

@jorgemanrubia jorgemanrubia commented Sep 4, 2021
edited
Loading

This PR:

  • Replaces the system to detect tampering attempts in commands to use a more sophisticated approach. Before, it was based on a simple regexp. It will now use the parser gem.
  • Major code reorganization. Supervisor had ended up having way too much responsibility. This distributes those responsibilities across new entities: CommandExecutor, CommandValidator and Shield. It also reviews domain terms aiming for more clarity and consistency (e.g: don't use "access" to reference what we are calling "protected modes" in other places).
  • Improves source documentation.

The new system is used to prevent using database drivers directly (fixes #22).

@jorgemanrubia
Replace naive command validation with a better system.
e633a6a 
This replaced the old system to validate commands based on regular
expressions with a system based on proper Ruby parsing.

The new system uses (https://github.com/whitequark/parser) internally.
@jorgemanrubia
Reorganize code and extract new entities.
91c741c 
`Supervisor` was doing too many things. This extracts `Shield` and
`CommandExecutor` as first level entities distributing part of the
original responsibilities.
@jorgemanrubia
Move connection-protection logic to the protected access entity
2828f35
@jorgemanrubia jorgemanrubia force-pushed the protect-db-drivers branch 2 times, most recently from 008715d to 5f0eead Compare September 4, 2021 15:30
@jorgemanrubia jorgemanrubia merged commit 8fcea30 into master Sep 4, 2021
@jorgemanrubia jorgemanrubia deleted the protect-db-drivers branch September 4, 2021 15:51
This was referenced Sep 4, 2021
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bypass audit table protections by opening a direct connection with the database
1 participant
@jorgemanrubia