class Console1984::CommandExecutor
Supervise execution of console commands:
-
It will validate commands before running them.
-
It will execute the commands in protected mode if needed.
-
It will log the command execution, and flag suspicious attempts and forbidden commands appropriately.
Public Instance Methods
Logs and validates commands
, and executes the passed block in a protected environment.
Suspicious commands will be executed but flagged as suspicious. Forbidden commands will be prevented and flagged too.
# File lib/console1984/command_executor.rb, line 18 def execute(commands, &block) run_as_system { session_logger.before_executing commands } validate_command commands execute_in_protected_mode(&block) rescue Console1984::Errors::ForbiddenCommandAttempted, FrozenError flag_suspicious(commands) rescue Console1984::Errors::SuspiciousCommandAttempted flag_suspicious(commands) execute_in_protected_mode(&block) rescue Console1984::Errors::ForbiddenCommandExecuted # We detected that a forbidden command was executed. We exit IRB right away. flag_suspicious(commands) Console1984.supervisor.exit_irb ensure run_as_system { session_logger.after_executing commands } end
Executes the passed block in protected mode.
See Console1984::Shield::Modes
.
# File lib/console1984/command_executor.rb, line 38 def execute_in_protected_mode(&block) run_as_user do shield.with_protected_mode(&block) end end
Returns whether the system is currently executing a user command.
# File lib/console1984/command_executor.rb, line 61 def executing_user_command? @executing_user_command end
# File lib/console1984/command_executor.rb, line 72 def from_irb?(backtrace) executing_user_command? && backtrace.find do |line| line_from_irb = line =~ /^[^\/]/ break if !(line =~ /console1984\/lib/ || line_from_irb) line_from_irb end end
Executes the passed block as the system.
While the block is being executed, executing_user_command?
will return false.
# File lib/console1984/command_executor.rb, line 56 def run_as_system(&block) run_command false, &block end
Executes the passed block as a user.
While the block is being executed, executing_user_command?
will return true. This method helps implementing certain protection mechanisms that should only act with user commands.
# File lib/console1984/command_executor.rb, line 49 def run_as_user(&block) run_command true, &block end
Validates the command.
See Console1984::CommandValidator
.
# File lib/console1984/command_executor.rb, line 68 def validate_command(command) command_validator.validate(command) end
Private Instance Methods
# File lib/console1984/command_executor.rb, line 85 def build_command_validator Console1984::CommandValidator.from_config(Console1984.protections_config.validations) end
# File lib/console1984/command_executor.rb, line 81 def command_validator @command_validator ||= build_command_validator end
# File lib/console1984/command_executor.rb, line 89 def flag_suspicious(commands) puts "Forbidden command attempted: #{commands.join("\n")}" run_as_system { session_logger.suspicious_commands_attempted commands } nil end
# File lib/console1984/command_executor.rb, line 95 def run_command(run_by_user, &block) original_value = @executing_user_command @executing_user_command = run_by_user block.call ensure @executing_user_command = original_value end