Skip to content

v0.1.5
Compare
Choose a tag to compare
@jorgemanrubia jorgemanrubia released this 28 Aug 19:15
· 166 commits to master since this release
v0.1.5
ef6171f

This includes several improvements to prevent circumventing protection controls [ #20]:

  • NEW: Replace the system to prevent overriding methods in classes. The new one is based on .freeze and it also prevents changing class-level state. A big flaw in the previous approach, based on the method_added hook, is that, while it raised an error, it wouldn't prevent the command from executing (it was evaluated after).
  • NEW: Prevent using instance_variable set on core classes.
  • NEW: Prevent opening ActiveRecord classes for monkey patching them.
  • NEW: Prevent modifying config options once a console session has started.
  • NEW: Prevent load sensitive constants dynamically (Console1984, ActiveRecord).
  • NEW: Freeze Socket classes and database connection classes to prevent overrides. Also prevent instance-data manipulation for the later.

It also includes a new system for testing tampering cases that should be detected: just place the snippet test/tampering_cases. A test will run for each file and it will fail if it's not detected.

Assets 2
Loading