Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protect forbidden reopenings of classes/modules #28

Merged
merged 2 commits into from
Sep 6, 2021
Merged

Protect forbidden reopenings of classes/modules #28

merged 2 commits into from
Sep 6, 2021

Conversation

jorgemanrubia
Copy link
Member

#26 and #27 introduced several mechanisms based on detecting tampering attempts statically before commands were executed. This PR adds a new check against reopening forbidden classes. If a forbidden reopening materializes, it will log the command and force exiting from IRB.

Take this example:

def my_constant
  ActiveRecord
end

class my_constant::Base
  def fake_save!(*args)
    puts "ActiveRecord::Base#save! overridden!"
  end
end

This code would skip our static analysis. We can detect it now because we let the code run and we validate that no new methods were added to the class. Because the code executes, the damage is done, so we log the attempt (which could be prevented by the command) and, in any case, we exit from IRB.

@jorgemanrubia
Rename errors to accomodate the new one that will make the system exit
b4d1a09
@jorgemanrubia
Detect reopening forbidden classes/modules and exit IRB right away
dbec605 
There are cases that we can't detect via static analysis. If a forbidden
reopening materializes, we will just exit IRB.
@jorgemanrubia jorgemanrubia merged commit 18e96a9 into master Sep 6, 2021
@jorgemanrubia jorgemanrubia deleted the protect-dynamic-extensions branch September 6, 2021 22:14
@jorgemanrubia jorgemanrubia changed the title Protect dynamic extensions Protect forbidden reopening of classes/modules Sep 6, 2021
@jorgemanrubia jorgemanrubia changed the title Protect forbidden reopening of classes/modules Protect forbidden reopenings of classes/modules Sep 6, 2021
@jorgemanrubia jorgemanrubia mentioned this pull request Sep 6, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jorgemanrubia