Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
This concern adds a method called "state_machine_enum". Useful for defining an enum using string values along with valid state transitions. Validations will be added for the state transitions and a proper enum is going to be defined.
For example:
state_machine_enum :state do |states|
states.permit_transition(:created, :approved_pending_settlement)
states.permit_transition(:approved_pending_settlement, :rejected)
states.permit_transition(:created, :rejected)
states.permit_transition(:approved_pending_settlement, :settled)
end
Install the gem and add it to the application's Gemfile by executing:
$ bundle add state_machine_enum
If bundler is not being used to manage dependencies, install the gem by executing:
$ gem install state_machine_enum
StateMachineEnum needs to be included and then it could be used, for example, in an ActiveRecord model.
class User < ApplicationRecord
include StateMachineEnum
state_machine_enum :state, prefix: :state do |s|
s.permit_transition(:registered, :active)
s.permit_transition(:active, :banned)
s.permit_transition(:banned, :active)
s.permit_transition(:active, :deleted)
end
end
user = User.new(state: 'active')
# with the prefix: :state
user.state_active? # => true
# or without the prefix: :state
user.active? # => true
# The transition check happens when updating the state like this
user.update!(state: :registered)
# or when using the shortcut (add state_ because we have prefix: :state above)
user.state_registered!
The last command throws an InvalidState error: Invalid transition from active to registered
This is because the state was not permitted to transition back to "registered" from "active".
If you do want this, s.permit_transition(:active, :registered)
should be added.
Creation method that sets up the state_machine_enum in your ruby object.
Note the prefix here to prefix the method. This is optional of course.
This works the same as when you would add enum :state, {registered: "registered"}
in rails for example, except when using state_machine_enum
you don't need to add an enum
as well, we do this for you.
Runs the block inside after_inline_transition_to
as a before_save action.
For example the state updates to :registered, but before the model is saved
state_machine_enum :state, prefix: "state" do |s|
s.permit_transition(:registered, :active)
s.after_inline_transition_to(:active) do |model|
model.another_attr = Time.now.utc
end
end
another_attr
is automatically set to the current utc time.
Runs the block inside after_committed_transition_to
as an after_commit action.
For example if you want to do something after it has committed to the database when the state is
updated to :registered
state_machine_enum :state, prefix: "state" do |s|
s.permit_transition(:registered, :active)
s.after_committed_transition_to(:active) do |model|
model.send_notification!
end
end
Runs together with all the after_committed_transition_to
hooks.
For example if you want to do something after any state update has commited.
state_machine_enum :state, prefix: "state" do |s|
s.permit_transition(:registered, :active)
s.permit_transition(:active, :suspended)
s.after_any_committed_transition_to do |model|
log_changes!
end
end
With a couple of ensure methods we can check beforehand for valid state transitions without actually having to do the state transition. This allows you to bail out of calls where the model is not in a desired state or won't be able to perform a transition, by raising an InvalidState exception
E.g. seen from the previous examples, calling ensure_state_one_of!(:registered, :active, :fake)
will raise an InvalidState error because :fake is not present in state enum.
Calling ensure_state_may_transition_to!(:active)
when the state is currently in :suspended
will raise an InvalidState error because we did not permite the transition from :active to :suspended.
Predicate to check if a transition is possible with the rules we've set.
state_machine_enum :state, prefix: "state" do |s|
s.permit_transition(:registered, :active)
end
state_may_transition_to?(:active) # => true
After checking out the repo, run bin/setup
to install dependencies. Then, run rake test
to run the tests.
You can also run bin/console
for an interactive prompt that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
.
To release a new version, update the version number in version.rb
, and then run bundle exec rake release
,
which will create a git tag for the version, push git commits and the created tag, and push the .gem
file to rubygems.org.
Bug reports and pull requests are welcome on GitHub at https://github.com/cheddar-me/state_machine_enum.
The gem is available as open source under the terms of the MIT License.
FAQs
Unknown package
We found that state_machine_enum demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.