v0.1.9

• [NEW] Additional mechanisms to detect reopening forbidden classes. If a forbidden reopening materializes, it will log the command and force exiting from IRB [#28].

  Take this example:

  def my_constant
    ActiveRecord
  end
  
  class my_constant::Base
    def fake_save!(*args)
      puts "ActiveRecord::Base#save! overridden!"
    end
  end

  This code would skip existing static analysis. With the new system, code will run but will raise an error after new methods are added to the class. Because the code executes it exits immediately from IRB after flagging the command.

v0.1.8

This adds two new protections against tampering and some fixes and improvements [#27]:

• [NEW] Circumvent existing controls using constant aliases. For example:

MyAlias = ActiveRecord

class MyAlias::Base
  def save!(*args)
    puts "ActiveRecord::Base#save! overridden!"
  end
end

• [NEW] Invoke code dynamically with eval, instance_eval and class_eval. For example:

ActiveRecord::Base.class_eval do
  def save!(*args)
    puts "ActiveRecord::Base#save! overridden!"
  end
end

• [FIX] Fix a bug where many classes were not being freezed despite of being marked with Console1984::Freezable.
• [CHANGE] Some internal changes: add Refrigerator entity to deal with refrigeration logic; extracts ProtectionsConfig to deal with the protection options configurable via YAML.
• [CHANGE] Extends YML configuration to separate: static validations and forbidden method invocations. This is used to prevent dynamic code evaluation as explained above.

v0.1.7

This includes major improvements to protection controls against tampering [#26]:

• NEW: Replaces the system to detect tampering attempts in commands to use a more sophisticated approach. Before, it was based on a simple regexp. It will now use the parser gem.
• NEW: Protection mechanisms against using database drivers directly to tamper audit trails.
• CHANGED: Major revamp of internals to accommodate new features and make future changes easier.

v0.1.6

• FIX: Postgres not working due to kwargs error. [#21]

v0.1.5

This includes several improvements to prevent circumventing protection controls [ #20]:

• NEW: Replace the system to prevent overriding methods in classes. The new one is based on .freeze and it also prevents changing class-level state. A big flaw in the previous approach, based on the method_added hook, is that, while it raised an error, it wouldn't prevent the command from executing (it was evaluated after).
• NEW: Prevent using instance_variable set on core classes.
• NEW: Prevent opening ActiveRecord classes for monkey patching them.
• NEW: Prevent modifying config options once a console session has started.
• NEW: Prevent load sensitive constants dynamically (Console1984, ActiveRecord).
• NEW: Freeze Socket classes and database connection classes to prevent overrides. Also prevent instance-data manipulation for the later.

It also includes a new system for testing tampering cases that should be detected: just place the snippet test/tampering_cases. A test will run for each file and it will fail if it's not detected.