RubyGems - tcell_agent - Versions diffs - 0.2.12 → 0.2.13 - Mend

tcell_agent 0.2.12 → 0.2.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module TCellAgent
           {"name"=>"csp", "value"=>"csp header value"}
         ]
       }
-      csp_from_json = ClickjackingPolicy.fromJson(content_security_policy_json)
+      csp_from_json = ClickjackingPolicy.from_json(content_security_policy_json)
       context "initialized with 3 items" do
         it "returns true" do
           expect(csp_from_json.policy_id).to eq("00a1")
@@ -30,7 +30,7 @@ module TCellAgent
           {"name"=>"csp-header-is-bad", "value"=>"csp header value"}
         ]
       }
-      csp_policy = ClickjackingPolicy.fromJson(content_security_policy_json)
+      csp_policy = ClickjackingPolicy.from_json(content_security_policy_json)
       context "csp header example, invalid header" do
         it "returns false" do
           expect(csp_policy.headers.length).to eq(0)
@@ -44,7 +44,7 @@ module TCellAgent
           {"name"=>"csp", "value"=>"value123\\nabc"}
         ]
       }
-      csp_policy = ClickjackingPolicy.fromJson(content_security_policy_json)
+      csp_policy = ClickjackingPolicy.from_json(content_security_policy_json)
       context "secure header, value is bad" do
         it "returns false" do
           expect(csp_policy.headers.length).to eq(0)
@@ -58,7 +58,7 @@ module TCellAgent
           {"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
         ]
       }
-      csp_policy = ClickjackingPolicy.fromJson(content_security_policy_json)
+      csp_policy = ClickjackingPolicy.from_json(content_security_policy_json)
       context "secure header, report-uri seperate" do
         it "returns false" do
           expect(csp_policy.headers.length).to eq(1)

data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module TCellAgent
         }
       }
-      empty_policy = ContentSecurityPolicy.fromJson(policy_json_empty)
+      empty_policy = ContentSecurityPolicy.from_json(policy_json_empty)
       context "test empty agent" do
         it "enabled is false" do
           expect(empty_policy.policy_id).to eq("01a1")
@@ -29,7 +29,7 @@ module TCellAgent
         end
       end
-      from_json = ContentSecurityPolicy.fromJson(policy_json_one)
+      from_json = ContentSecurityPolicy.from_json(policy_json_one)
       context "tests xss is true and enabled true" do
         it "returns true" do
           expect(from_json.policy_id).to eq("01a1")
@@ -44,7 +44,7 @@ module TCellAgent
           {"name"=>"csp", "value"=>"csp header value"}
         ]
       }
-      csp_from_json = ContentSecurityPolicy.fromJson(content_security_policy_json)
+      csp_from_json = ContentSecurityPolicy.from_json(content_security_policy_json)
       context "initialized with 3 items" do
         it "returns true" do
           expect(csp_from_json.policy_id).to eq("00a1")
@@ -65,7 +65,7 @@ module TCellAgent
           {"name"=>"csp-header-is-bad", "value"=>"csp header value"}
         ]
       }
-      csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
+      csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
       context "csp header example, invalid header" do
         it "returns false" do
           expect(csp_policy.headers.length).to eq(0)
@@ -79,7 +79,7 @@ module TCellAgent
           {"name"=>"csp", "value"=>"value123\\nabc"}
         ]
       }
-      csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
+      csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
       context "secure header, value is bad" do
         it "returns false" do
           expect(csp_policy.headers.length).to eq(0)
@@ -93,7 +93,7 @@ module TCellAgent
           {"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
         ]
       }
-      csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
+      csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
       context "secure header, report-uri seperate" do
         it "returns false" do
           expect(csp_policy.headers.length).to eq(1)

data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb CHANGED Viewed

@@ -18,7 +18,7 @@ module TCellAgent
           ]
         }
       }
-      policy = DataLossPolicy.fromJson(policy_json)
+      policy = DataLossPolicy.from_json(policy_json)
       # context "initialized with 3 items" do
       #   it "returns true" do
       #     expect(policy.get_actions_for("user","ssn")).to eq(["body_redact"].to_set)
@@ -30,7 +30,7 @@ module TCellAgent
           "session_id_protections"=>{"body"=>["redact"], "log"=>["event"]}
         }
       }
-      policy_two = DataLossPolicy.fromJson(policy_json_two)
+      policy_two = DataLossPolicy.from_json(policy_json_two)
       context "check session_id_protections" do
         it "gives the right actions" do
           expect(policy_two.get_actions_for_session_id.body_redact).to eq(true)
@@ -57,7 +57,7 @@ module TCellAgent
               ]
             }
           }
-          db_one_policy = DataLossPolicy.fromJson(policy_json_requests)
+          db_one_policy = DataLossPolicy.from_json(policy_json_requests)
           expect(db_one_policy.get_actions_for_table("dave","sam","tommy","fred")).to eq(nil)
         end
         it "Partial Policy" do
@@ -76,7 +76,7 @@ module TCellAgent
               ]
             }
           }
-          db_one_policy = DataLossPolicy.fromJson(policy_json_requests)
+          db_one_policy = DataLossPolicy.from_json(policy_json_requests)
           expect((db_one_policy.get_actions_for_table("dave","sam","tommy","fred").to_a)[0].log_redact).to eq(true)
           expect((db_one_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].log_redact).to eq(true)
         end
@@ -100,7 +100,7 @@ module TCellAgent
               ]
             }
           }
-          db_two_policy = DataLossPolicy.fromJson(policy_json_request_ids)
+          db_two_policy = DataLossPolicy.from_json(policy_json_request_ids)
           expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred").to_a).size).to eq(0)
           expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","other_route").to_a).size).to eq(0)
           expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a).size).to eq(1)
@@ -129,7 +129,7 @@ module TCellAgent
               ]
             }
           }
-          policy_three = DataLossPolicy.fromJson(policy_json_requests)
+          policy_three = DataLossPolicy.from_json(policy_json_requests)
           expect(policy_three.get_actions_for_request("form","test123").to_a[0].body_event).to eq(true)
           expect(policy_three.get_actions_for_request("form","test123").to_a[0].log_event).to eq(nil)
         end
@@ -151,7 +151,7 @@ module TCellAgent
               ]
             }
           }
-          policy_three = DataLossPolicy.fromJson(policy_json_requests)
+          policy_three = DataLossPolicy.from_json(policy_json_requests)
           entry_wildcard_route = policy_three.get_actions_for_request("form","TeSt123")
           entry_given_route = policy_three.get_actions_for_request("form","TeSt123","routex")
           expect(entry_wildcard_route).to eq(nil)
@@ -178,7 +178,7 @@ module TCellAgent
               ]
             }
           }
-          policy_three = DataLossPolicy.fromJson(policy_json_requests)
+          policy_three = DataLossPolicy.from_json(policy_json_requests)
           entry_wildcard_route = policy_three.get_actions_for_request("cookie","test123")
           entry_given_route = policy_three.get_actions_for_request("cookie","test123","routex")
           expect(entry_wildcard_route).to eq(nil)
@@ -205,7 +205,7 @@ module TCellAgent
               ]
             }
           }
-          policy_three = DataLossPolicy.fromJson(policy_json_requests)
+          policy_three = DataLossPolicy.from_json(policy_json_requests)
           entry_wildcard_route = policy_three.get_actions_for_request("cookie","test123")
           entry_given_route = policy_three.get_actions_for_request("cookie","test123","routex")
           expect(entry_wildcard_route).to eq(nil)
@@ -230,7 +230,7 @@ module TCellAgent
               ]
             }
           }
-          policy_three = DataLossPolicy.fromJson(policy_json_requests)
+          policy_three = DataLossPolicy.from_json(policy_json_requests)
           entry_wildcard_route = policy_three.get_actions_for_request("header","TeSt123")
           entry_given_route = policy_three.get_actions_for_request("header","TeSt123","routex")
           expect(entry_wildcard_route).to eq(nil)

data/spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module TCellAgent
           {"type"=>"cred", "token"=>"TOKEN", "id"=>"ID001"}
         ]
       }
-      policy = HoneytokensPolicy.fromJson(policy_json)
+      policy = HoneytokensPolicy.from_json(policy_json)
       context "initialized with 3 items" do
         it "returns true" do
           expect(policy.policy_id).to eq("x1a1")

data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb CHANGED Viewed

@@ -16,7 +16,7 @@ module TCellAgent
           "enabled"=>true
         }
       }
-      http_redirect_from_json = HttpRedirectPolicy.fromJson(http_redirect_policy_json)
+      http_redirect_from_json = HttpRedirectPolicy.from_json(http_redirect_policy_json)
       context "initialized with 3 items" do
         it "returns true" do
           expect(http_redirect_from_json.policy_id).to eq("x1a1")

data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module TCellAgent
           "firehose"=>{"enabled"=>true}
         }
       }
-      http_tx_from_json = HttpTxPolicy.fromJson(http_tx_policy_json)
+      http_tx_from_json = HttpTxPolicy.from_json(http_tx_policy_json)
       context "initialized with 3 items" do
         it "returns true" do
           expect(http_tx_from_json.policy_id).to eq("01a1")

data/spec/lib/tcell_agent/policies/login_policy_spec.rb CHANGED Viewed

@@ -22,7 +22,7 @@ module TCellAgent
         }
       }
-      empty_policy = LoginFraudPolicy.fromJson(policy_json_empty)
+      empty_policy = LoginFraudPolicy.from_json(policy_json_empty)
       context "test empty agent" do
         it "enabled is false" do
           expect(empty_policy.policy_id).to eq("01a1")
@@ -32,7 +32,7 @@ module TCellAgent
         end
       end
-      policy_one = LoginFraudPolicy.fromJson(policy_json_one)
+      policy_one = LoginFraudPolicy.from_json(policy_json_one)
       context "enabled agent" do
         it "enabled is true" do
           expect(empty_policy.policy_id).to eq("01a1")

data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb CHANGED Viewed

@@ -9,7 +9,7 @@ module TCellAgent
           {"name"=>"x-permitted-cross-domain-policies", "value"=>"value123"}
         ]
       }
-      secure_headers_policy = SecureHeadersPolicy.fromJson(secure_headers_policy_json)
+      secure_headers_policy = SecureHeadersPolicy.from_json(secure_headers_policy_json)
       context "secure header example" do
         it "returns true" do
           expect(secure_headers_policy.headers[0].name).to eq("x-permitted-cross-domain-policies")
@@ -25,7 +25,7 @@ module TCellAgent
           {"name"=>"x-xss-protection", "value"=>"1; mode=block"}
         ]
       }
-      secure_headers_policy = SecureHeadersPolicy.fromJson(secure_headers_policy_json)
+      secure_headers_policy = SecureHeadersPolicy.from_json(secure_headers_policy_json)
       context "secure headers (2) example" do
         it "returns true" do
           expect(secure_headers_policy.headers[0].name).to eq("x-frame-options")
@@ -42,7 +42,7 @@ module TCellAgent
           {"name"=>"bad-header", "value"=>"value123"}
         ]
       }
-      secure_headers_policy = SecureHeadersPolicy.fromJson(secure_headers_policy_json)
+      secure_headers_policy = SecureHeadersPolicy.from_json(secure_headers_policy_json)
       context "secure header example, invalid header" do
         it "returns false" do
           expect(secure_headers_policy.headers.length).to eq(0)
@@ -56,7 +56,7 @@ module TCellAgent
           {"name"=>"x-permitted-cross-domain-policies", "value"=>"value123\\nabc"}
         ]
       }
-      secure_headers_policy = SecureHeadersPolicy.fromJson(secure_headers_policy_json)
+      secure_headers_policy = SecureHeadersPolicy.from_json(secure_headers_policy_json)
       context "secure header, value is bad" do
         it "returns false" do
           expect(secure_headers_policy.headers.length).to eq(0)

data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb CHANGED Viewed

@@ -64,24 +64,59 @@ module TCellAgent
               end
               it "alerts on get xss payload" do
                 response = request.get("/foo?xyz=%3Cscript%3Ealert(1)%3C%2Fscript%3E", 'REMOTE_ADDR' => '1.3.3.4,3.4.5.6')
-                expected_as = {"event_type"=>"as", "dp"=>"xss", "param"=>"xyz", "remote_addr"=>"1.3.3.4", "m"=>"GET", "loc"=>"http://example.org/foo?xyz=", "tid"=>"a-b-c-d-e-f"}
+                expected_as = {
+                  "event_type"=>"as",
+                  "dp"=>"xss",
+                  "param"=>"xyz",
+                  "remote_addr"=>"1.3.3.4",
+                  "m"=>"GET",
+                  "pattern"=>"1",
+                  "loc"=>"http://example.org/foo?xyz=",
+                  "tid"=>"a-b-c-d-e-f"}
                 expect(TCellAgent.event_queue).to include(expected_as)
               end
               it "alerts on post xss payload" do
                 response = request.post("/foo", :input => "x=<script>alert(1)</script>", 'REMOTE_ADDR' => '1.2.3.4,3.4.5.6')
-                expected_as = {"event_type"=>"as", "dp"=>"xss", "param"=>"x", "remote_addr"=>"1.2.3.4", "m"=>"POST", "loc"=>"http://example.org/foo", "tid"=>"a-b-c-d-e-f"}
+                expected_as = {
+                  "event_type"=>"as",
+                  "dp"=>"xss",
+                  "param"=>"x",
+                  "remote_addr"=>"1.2.3.4",
+                  "m"=>"POST",
+                  "pattern"=>"1",
+                  "loc"=>"http://example.org/foo",
+                  "tid"=>"a-b-c-d-e-f"}
                 expect(TCellAgent.event_queue).to include(expected_as)
               end #/it
               it "alerts on get xss payload with route_id" do
                 response = request2.get("/foo?xyz=%3Cscript%3Ealert(1)%3C%2Fscript%3E")
-                expected_as = {"event_type"=>"as", "dp"=>"xss", "param"=>"xyz", "remote_addr"=>nil, "rou"=>"myrouteid", "m"=>"GET", "loc"=>"http://example.org/foo?xyz=", "tid"=>"a-b-c-d-e-f"}
+                expected_as = {
+                  "event_type"=>"as",
+                  "dp"=>"xss",
+                  "param"=>"xyz",
+                  "remote_addr"=>nil,
+                  "rou"=>"myrouteid",
+                  "m"=>"GET",
+                  "pattern"=>"1",
+                  "loc"=>"http://example.org/foo?xyz=",
+                  "tid"=>"a-b-c-d-e-f"}
                 expect(TCellAgent.event_queue).to include(expected_as)
               end
               it "checks that payload is sent in xss with route_id" do
                 old_uap = TCellAgent.configuration.allow_unencrypted_appsensor_payloads
                 TCellAgent.configuration.allow_unencrypted_appsensor_payloads = true
                 response = request2.get("/foo?xyz=%3Cscript%3Ealert(1)%3C%2Fscript%3E")
-                expected_as = {"event_type"=>"as", "dp"=>"xss", "param"=>"xyz", "remote_addr"=>nil, "rou"=>"myrouteid", "m"=>"GET", "loc"=>"http://example.org/foo?xyz=", "tid"=>"a-b-c-d-e-f", "payload"=>"<script>alert(1)</script>"}
+                expected_as = {
+                  "event_type"=>"as",
+                  "dp"=>"xss",
+                  "param"=>"xyz",
+                  "remote_addr"=>nil,
+                  "rou"=>"myrouteid",
+                  "m"=>"GET",
+                  "pattern"=>"1",
+                  "loc"=>"http://example.org/foo?xyz=",
+                  "tid"=>"a-b-c-d-e-f",
+                  "payload"=>"<script>alert(1)</script>"}
                 TCellAgent.configuration.allow_unencrypted_appsensor_payloads = old_uap
                 expect(TCellAgent.event_queue).to include(expected_as)
               end
@@ -104,7 +139,15 @@ module TCellAgent
               it "alerts on get sqli payload" do
                 # ' OR '3'='3
                 response = request.get("/foo?xyz=abds&def=%27%20OR%20%273%27%3D%273", 'REMOTE_ADDR' => '1.3.3.4,3.4.5.6')
-                expected_as = {"event_type"=>"as", "dp"=>"sqli", "param"=>"def", "remote_addr"=>"1.3.3.4", "m"=>"GET", "loc"=>"http://example.org/foo?xyz=&def=", "tid"=>"a-b-c-d-e-f"}
+                expected_as = {
+                  "event_type"=>"as",
+                  "dp"=>"sqli",
+                  "param"=>"def",
+                  "remote_addr"=>"1.3.3.4",
+                  "m"=>"GET",
+                  "pattern"=>"1",
+                  "loc"=>"http://example.org/foo?xyz=&def=",
+                  "tid"=>"a-b-c-d-e-f"}
                 expect(TCellAgent.event_queue).to include(expected_as)
               end
             end #/conext
@@ -124,14 +167,31 @@ module TCellAgent
               end
               it "alerts on most obvious payload" do
                 response = request.get("/foo?xyz=/etc/passwd", 'REMOTE_ADDR' => '1.3.3.4,3.4.5.6')
-                expected_as = {"event_type"=>"as", "dp"=>"fpt", "param"=>"xyz", "remote_addr"=>"1.3.3.4", "m"=>"GET", "loc"=>"http://example.org/foo?xyz=", "tid"=>"a-b-c-d-e-f"}
+                expected_as = {
+                  "event_type"=>"as",
+                  "dp"=>"fpt",
+                  "param"=>"xyz",
+                  "remote_addr"=>"1.3.3.4",
+                  "m"=>"GET",
+                  "pattern"=>"2",
+                  "loc"=>"http://example.org/foo?xyz=",
+                  "tid"=>"a-b-c-d-e-f"}
                 expect(TCellAgent.event_queue).to include(expected_as)
               end
               it "checks that payload is sent" do
                 old_uap = TCellAgent.configuration.allow_unencrypted_appsensor_payloads
                 TCellAgent.configuration.allow_unencrypted_appsensor_payloads = true
                 response = request.get("/foo?xyz=/etc/passwd", 'REMOTE_ADDR' => '1.3.3.4,3.4.5.6')
-                expected_as = {"event_type"=>"as", "dp"=>"fpt", "param"=>"xyz", "remote_addr"=>"1.3.3.4", "m"=>"GET", "loc"=>"http://example.org/foo?xyz=", "tid"=>"a-b-c-d-e-f", "payload"=>"/etc/passwd"}
+                expected_as = {
+                  "event_type"=>"as",
+                  "dp"=>"fpt",
+                  "param"=>"xyz",
+                  "remote_addr"=>"1.3.3.4",
+                  "m"=>"GET",
+                  "pattern"=>"2",
+                  "loc"=>"http://example.org/foo?xyz=",
+                  "tid"=>"a-b-c-d-e-f",
+                  "payload"=>"/etc/passwd"}
                 TCellAgent.configuration.allow_unencrypted_appsensor_payloads = old_uap
                 expect(TCellAgent.event_queue).to include(expected_as)
               end

data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb ADDED Viewed

@@ -0,0 +1,80 @@
+require 'spec_helper'
+module TCellAgent
+  module SensorEvents
+    describe AppSensorMetaEvent do
+      describe "#body_params" do
+        context "with text/html content type" do
+          it "should set the body params to empty" do
+            app_sensor_event_process = AppSensorMetaEvent.new
+            app_sensor_event_process.set_body_dict(
+              67,
+              "text/html",
+              {username:"tester",password:"pass"}.to_json
+            )
+            expect(app_sensor_event_process.body_dict).to eq({})
+          end
+        end
+        context "with application/json content type" do
+          context "with empty request body" do
+            it "should set the body params to empty" do
+              @app_sensor_event_process = AppSensorMetaEvent.new
+              @app_sensor_event_process.set_body_dict(
+                67,
+                "application/json",
+                nil
+              )
+              expect(@app_sensor_event_process.body_dict).to eq({})
+            end
+          end
+          context "with bad json in the body" do
+            it "should set the body params to empty" do
+              @app_sensor_event_process = AppSensorMetaEvent.new
+              @app_sensor_event_process.set_body_dict(
+                67,
+                "application/json",
+                '{"username":"tester""password":"pass"}'
+              )
+              expect(@app_sensor_event_process.body_dict).to eq({})
+            end
+          end
+          context "with valid json in the body" do
+            it "should set the body params" do
+              @app_sensor_event_process = AppSensorMetaEvent.new
+              @app_sensor_event_process.set_body_dict(
+                67,
+                "application/json",
+                {username:"tester",password:"pass"}.to_json
+              )
+              expect(@app_sensor_event_process.body_dict).to eq({"username"=>"tester","password"=>"pass"})
+            end
+          end
+          context "with a json body that's too big" do
+            it "should set the body params to empty" do
+              @app_sensor_event_process = AppSensorMetaEvent.new
+              @app_sensor_event_process.set_body_dict(
+                20000000,
+                "application/json",
+                {username:"tester",password:"pass"}.to_json
+              )
+              expect(@app_sensor_event_process.body_dict).to eq({})
+            end
+          end
+        end
+      end
+    end
+  end
+end