Module: Kaal::Config::DelayedJobSecurityPolicy

Defined in:: lib/kaal/config/delayed_job_security_policy.rb

Overview

Evaluates whether delayed-job class resolution is too open for the current deployment shape and returns the matching warning message.

Constant Summary collapse

NON_SHARED_BACKEND_CLASS_NAMES =

['NilClass', 'Kaal::Backend::MemoryAdapter', 'Kaal::Backend::NullAdapter'].freeze

WARNING_MESSAGE =

'Delayed jobs resolve stored job_class values at dispatch time. ' \
'delayed_job_allowed_class_prefixes is empty, so class resolution is unrestricted on this shared backend. ' \
'Configure a restrictive delayed_job_allowed_class_prefixes list for production deployments.'

Class Method Summary collapse

.current_rails ⇒ Object
.production_like_environment?(env: ENV, rails: current_rails) ⇒ Boolean
.rails_environment(rails) ⇒ Object
.shared_delayed_job_backend?(backend) ⇒ Boolean
.warning_for(configuration) ⇒ Object

Class Method Details

.current_rails ⇒ `Object`

# File 'lib/kaal/config/delayed_job_security_policy.rb', line 47

def current_rails
  return unless defined?(::Rails)

  ::Rails
end

.production_like_environment?(env: ENV, rails: current_rails) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/kaal/config/delayed_job_security_policy.rb', line 27

def production_like_environment?(env: ENV, rails: current_rails)
  rails_env = rails_environment(rails)
  return rails_env.production? if rails_env

  %w[RACK_ENV HANAMI_ENV APP_ENV RAILS_ENV RUBY_ENV].any? do |key|
    env.fetch(key, nil).to_s.strip == 'production'
  end
rescue StandardError
  false
end

.rails_environment(rails) ⇒ `Object`

# File 'lib/kaal/config/delayed_job_security_policy.rb', line 53

def rails_environment(rails)
  rails.env
rescue StandardError
  nil
end

.shared_delayed_job_backend?(backend) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/kaal/config/delayed_job_security_policy.rb', line 38

def shared_delayed_job_backend?(backend)
  backend_class = backend.class
  return false if NON_SHARED_BACKEND_CLASS_NAMES.include?(backend_class.name)

  backend_class.instance_method(:delayed_store).owner.name != 'Kaal::Backend::Adapter'
rescue StandardError
  false
end

.warning_for(configuration) ⇒ `Object`

# File 'lib/kaal/config/delayed_job_security_policy.rb', line 19

def warning_for(configuration)
  return unless production_like_environment?
  return unless shared_delayed_job_backend?(configuration.backend)
  return unless Array(configuration.delayed_job_allowed_class_prefixes).empty?

  WARNING_MESSAGE
end

Module: Kaal::Config::DelayedJobSecurityPolicy

Overview

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.current_rails ⇒ Object

.production_like_environment?(env: ENV, rails: current_rails) ⇒ Boolean

.rails_environment(rails) ⇒ Object

.shared_delayed_job_backend?(backend) ⇒ Boolean

.warning_for(configuration) ⇒ Object

.current_rails ⇒ `Object`

.production_like_environment?(env: ENV, rails: current_rails) ⇒ `Boolean`

.rails_environment(rails) ⇒ `Object`

.shared_delayed_job_backend?(backend) ⇒ `Boolean`

.warning_for(configuration) ⇒ `Object`