Class: StompBase::ConsoleController

Inherits:

ApplicationController

• Object
• ActionController::Base
• ApplicationController
• StompBase::ConsoleController

Defined in:

app/controllers/stomp_base/console_controller.rb

Defined Under Namespace

Classes: ConsoleBindingHelper

Constant Summary

DANGEROUS_PATTERNS =

[
  /system\s*\(/i,           # System calls
  /`/,                      # Backticks
  /%x\{/,                   # %x{} command execution
  /File\.(delete|unlink)/i, # File deletion
  /FileUtils\.(rm|remove)/i, # File removal
  /Dir\.(delete|rmdir)/i, # Directory removal
  /ActiveRecord.*delete_all/i, # Mass deletion
  /ActiveRecord.*destroy_all/i, # Mass destruction
  /drop_table/i,            # Table dropping
  /exit/i,                  # Exit commands
  /quit/i,                  # Quit commands
  /abort/i,                 # Abort commands
  /fork/i,                  # Process forking
  /spawn/i,                 # Process spawning
  /eval\s*\(/i,             # eval() calls (unless safe)
  /instance_eval/i,         # instance_eval calls
  /class_eval/i,            # class_eval calls
  /module_eval/i,           # module_eval calls
  /define_method/i,         # Dynamic method definition
  /remove_method/i,         # Method removal
  /undef_method/i,          # Method undefinition
  /const_missing/i,         # Constant manipulation
  /autoload/i,              # Autoload manipulation
  /load\s*\(/i,             # File loading
  /require\s*\(/i,          # File requiring (with some exceptions)
  /Rails\.application\.secrets/i, # Secret access
  /ENV\[.*SECRET/i # Environment secret access
].freeze

Instance Method Summary

• #execute ⇒ Object
• #handle_execution_error(error, command_counter = 1) ⇒ Object
• #index ⇒ Object
• #process_console_command(command, session_id, command_counter) ⇒ Object

Methods included from I18nHelper

#available_locales, #current_locale, #locale_name, #t

Instance Method Details

#execute ⇒ Object

# File 'app/controllers/stomp_base/console_controller.rb', line 44

def execute
  command = params[:command]&.strip
  session_id = params[:session_id]
  command_counter = params[:command_counter]&.to_i || 1

  return render_error(I18n.t("stomp_base.console.error")) if command.blank?

  # Handle session restart
  if command == "__restart_session__"
    clear_session_binding(session_id)
    return render json: { success: true, result: "Session restarted", command_counter: 1 }
  end

  process_console_command(command, session_id, command_counter)
rescue StandardError => e
  handle_execution_error(e, command_counter)
end

#handle_execution_error(error, command_counter = 1) ⇒ Object

# File 'app/controllers/stomp_base/console_controller.rb', line 70

def handle_execution_error(error, command_counter = 1)
  Rails.logger.error "StompBase Console Error: #{error.message}"
  render_error(error.message, command_counter)
end

#index ⇒ Object

# File 'app/controllers/stomp_base/console_controller.rb', line 40

def index
  @console_component = StompBase::Pages::ConsoleComponent.new
end

#process_console_command(command, session_id, command_counter) ⇒ Object

# File 'app/controllers/stomp_base/console_controller.rb', line 62

def process_console_command(command, session_id, command_counter)
  Rails.logger.info "StompBase Console Command: #{command}"
  return render_dangerous_command_error if dangerous_command?(command)

  result = execute_in_rails_console(command, session_id)
  render_success(result, command_counter)
end