tcell_agent 0.2.13 → 0.2.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/tcell_agent.rb +2 -0
- data/lib/tcell_agent/agent.rb +2 -2
- data/lib/tcell_agent/agent/policy_manager.rb +90 -42
- data/lib/tcell_agent/api.rb +4 -24
- data/lib/tcell_agent/configuration.rb +31 -27
- data/lib/tcell_agent/logger.rb +29 -8
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +2 -2
- data/lib/tcell_agent/rails/auth/devise.rb +0 -2
- data/lib/tcell_agent/servers/rails_server.rb +3 -3
- data/lib/tcell_agent/servers/unicorn.rb +3 -4
- data/lib/tcell_agent/start_background_thread.rb +1 -3
- data/lib/tcell_agent/utils/io.rb +27 -0
- data/lib/tcell_agent/utils/strings.rb +15 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +188 -0
- data/spec/lib/tcell_agent/configuration_spec.rb +14 -23
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +24 -24
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +6 -6
- data/spec/lib/tcell_agent/utils/strings_spec.rb +31 -0
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91eb80e7d8e32d4eb83b3db2724492c1bcfa6151
|
|
4
|
+
data.tar.gz: e89d78bc66aa69410ca00dfac6217982a9e36ebf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d1ef60b09773240dec59b976c283867ae5a7d5789ac3e109016916b23a9bb208de9e2c220dafd81a805da5be86e70ac4bc77683b55cd3316da909a3229eee9f4
|
|
7
|
+
data.tar.gz: 019839aec44771e5b8702024c9acbf2a33ab668200681315161105e7d66340bab25d187e1ce12eef45b67bd257064c81b7ed76dc75117c26be37bbd131b15036
|
data/lib/tcell_agent.rb
CHANGED
data/lib/tcell_agent/agent.rb
CHANGED
|
@@ -121,8 +121,8 @@ module TCellAgent
|
|
|
121
121
|
end
|
|
122
122
|
|
|
123
123
|
def start
|
|
124
|
-
if (TCellAgent.configuration.api_key
|
|
125
|
-
TCellAgent.configuration.app_id
|
|
124
|
+
if (TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.api_key) ||
|
|
125
|
+
TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.app_id))
|
|
126
126
|
puts " ********* ********* ********* *********"
|
|
127
127
|
puts "* tCell.io *"
|
|
128
128
|
puts "* Configuration info is missing, you may *"
|
|
@@ -34,7 +34,7 @@ module TCellAgent
|
|
|
34
34
|
return if TCellAgent.configuration.should_start_policy_poll? == false
|
|
35
35
|
@policy_polling_worker_mutex.synchronize do
|
|
36
36
|
return if policy_polling_running?
|
|
37
|
-
|
|
37
|
+
start_policy_polling_loop
|
|
38
38
|
end
|
|
39
39
|
end
|
|
40
40
|
|
|
@@ -49,55 +49,98 @@ module TCellAgent
|
|
|
49
49
|
end
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
-
def
|
|
53
|
-
if TCellAgent.configuration.should_start_policy_poll?
|
|
52
|
+
def start_policy_polling_loop
|
|
53
|
+
if TCellAgent.configuration.should_start_policy_poll?
|
|
54
|
+
|
|
55
|
+
if TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.tcell_api_url)
|
|
56
|
+
TCellAgent.logger.error("tCell.io tcell_api_url is missing. Disabling policy polling.")
|
|
57
|
+
return
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
if TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.app_id)
|
|
61
|
+
TCellAgent.logger.error("tCell.io app_id is missing. Disabling policy polling.")
|
|
62
|
+
return
|
|
63
|
+
end
|
|
64
|
+
|
|
54
65
|
TCellAgent.logger.debug("Starting policy polling thread")
|
|
66
|
+
|
|
55
67
|
@policy_polling_thread = Thread.new do
|
|
68
|
+
failure_sleep_time = 30
|
|
56
69
|
last_poll_time = 0
|
|
57
70
|
last_run = Time.now
|
|
71
|
+
|
|
58
72
|
loop do
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
if policy_jsons["last_timestamp"] != 0
|
|
67
|
-
last_poll_time = policy_jsons["last_timestamp"]
|
|
68
|
-
end
|
|
69
|
-
elsif policy_jsons.key?("last_id")
|
|
70
|
-
if policy_jsons["last_id"] != 0
|
|
71
|
-
last_poll_time = policy_jsons["last_id"]
|
|
72
|
-
end
|
|
73
|
-
end
|
|
74
|
-
processPolicyJson(policy_jsons)
|
|
75
|
-
rescue Exception => e
|
|
76
|
-
TCellAgent.logger.error("exception while handling connection: #{e.message}")
|
|
77
|
-
TCellAgent.logger.debug(e.backtrace)
|
|
78
|
-
TCellAgent.logger.debug("Sleeping 30 seconds because the tCell.io request failed...")
|
|
79
|
-
sleep(30) #wait a minute before trying again
|
|
80
|
-
end
|
|
81
|
-
if (Time.now - last_run) < 1
|
|
82
|
-
TCellAgent.logger.debug("Rate limiting: sleeping 10 seconds")
|
|
83
|
-
sleep(10)
|
|
73
|
+
failure_sleep_time, last_poll_time = policy_polling_iteration(failure_sleep_time, last_poll_time)
|
|
74
|
+
|
|
75
|
+
if (Time.now - last_run) < 5
|
|
76
|
+
random = Random.new
|
|
77
|
+
sleeptime = sleep(random.rand(5..20))
|
|
78
|
+
TCellAgent.logger.debug("Rate limiting: sleeping #{sleeptime} seconds")
|
|
79
|
+
sleep(sleeptime)
|
|
84
80
|
end
|
|
81
|
+
|
|
85
82
|
last_run = Time.now
|
|
86
83
|
end
|
|
87
84
|
end
|
|
88
|
-
end
|
|
85
|
+
end
|
|
89
86
|
end
|
|
90
87
|
|
|
91
|
-
def
|
|
88
|
+
def policy_polling_iteration(failure_sleep_time, last_poll_time)
|
|
89
|
+
begin
|
|
90
|
+
policy_jsons = @@policy_tapi.pollAPI(last_poll_time)
|
|
92
91
|
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
92
|
+
if policy_jsons == nil
|
|
93
|
+
TCellAgent.logger.error("Policy was nil. Sleeping for #{failure_sleep_time}")
|
|
94
|
+
|
|
95
|
+
sleep(failure_sleep_time)
|
|
96
|
+
|
|
97
|
+
if failure_sleep_time < 480
|
|
98
|
+
failure_sleep_time *= 2
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
return
|
|
102
|
+
|
|
103
|
+
elsif policy_jsons.key?("last_timestamp")
|
|
104
|
+
if policy_jsons["last_timestamp"] != 0
|
|
105
|
+
last_poll_time = policy_jsons["last_timestamp"]
|
|
106
|
+
end
|
|
107
|
+
elsif policy_jsons.key?("last_id")
|
|
108
|
+
if policy_jsons["last_id"] != 0
|
|
109
|
+
last_poll_time = policy_jsons["last_id"]
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
failure_sleep_time = 30
|
|
114
|
+
|
|
115
|
+
processPolicyJson(policy_jsons)
|
|
116
|
+
|
|
117
|
+
rescue RestClient::Exception => rce
|
|
118
|
+
TCellAgent.logger.error("Received error response while contacting api [#{rce.http_code}]: #{rce.message}")
|
|
119
|
+
TCellAgent.logger.debug(rce.backtrace)
|
|
120
|
+
TCellAgent.logger.debug("Sleeping #{failure_sleep_time} seconds because the request failed...")
|
|
121
|
+
sleep(failure_sleep_time)
|
|
122
|
+
|
|
123
|
+
if failure_sleep_time < 480
|
|
124
|
+
failure_sleep_time *= 2
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
rescue Exception => e
|
|
128
|
+
TCellAgent.logger.error("exception while handling connection: #{e.message}")
|
|
129
|
+
TCellAgent.logger.debug(e.backtrace)
|
|
130
|
+
TCellAgent.logger.debug("Sleeping 30 seconds because the tCell.io request failed...")
|
|
131
|
+
sleep(failure_sleep_time)
|
|
96
132
|
|
|
97
|
-
|
|
98
|
-
|
|
133
|
+
if failure_sleep_time < 480
|
|
134
|
+
failure_sleep_time *= 2
|
|
135
|
+
end
|
|
99
136
|
end
|
|
100
137
|
|
|
138
|
+
[failure_sleep_time, last_poll_time]
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
def processPolicyJson(policy_jsons, cache_the_policy=true)
|
|
142
|
+
return if policy_jsons.nil?
|
|
143
|
+
|
|
101
144
|
TCellAgent::PolicyTypes::ClassMap.each do | policy_type, policy_class |
|
|
102
145
|
if (policy_jsons.key?(policy_type))
|
|
103
146
|
new_policy = policy_class.from_json(policy_jsons[policy_type])
|
|
@@ -111,15 +154,18 @@ module TCellAgent
|
|
|
111
154
|
end
|
|
112
155
|
end
|
|
113
156
|
end
|
|
114
|
-
|
|
115
|
-
end # end of processPolicyJson
|
|
157
|
+
end
|
|
116
158
|
|
|
117
159
|
def cache(policy_name, policy)
|
|
118
160
|
cache_filename = TCellAgent.configuration.cache_filename_with_app_id
|
|
119
161
|
|
|
120
162
|
begin
|
|
121
163
|
|
|
122
|
-
|
|
164
|
+
TCellAgent::Utils::IO.create_directory(
|
|
165
|
+
File.dirname(cache_filename),
|
|
166
|
+
TCellAgent.configuration.agent_home_owner
|
|
167
|
+
)
|
|
168
|
+
|
|
123
169
|
f1 = open(cache_filename, File::RDWR|File::CREAT)
|
|
124
170
|
|
|
125
171
|
Timeout::timeout(0.100) { f1.flock(File::LOCK_EX) }
|
|
@@ -151,6 +197,11 @@ module TCellAgent
|
|
|
151
197
|
f1.write( JSON.dump(policy_cache) )
|
|
152
198
|
f1.flush
|
|
153
199
|
f1.truncate(f1.pos)
|
|
200
|
+
|
|
201
|
+
TCellAgent::Utils::IO.set_owner(
|
|
202
|
+
cache_filename,
|
|
203
|
+
TCellAgent.configuration.agent_home_owner
|
|
204
|
+
)
|
|
154
205
|
rescue Exception => e
|
|
155
206
|
TCellAgent.logger.warn(e.message)
|
|
156
207
|
|
|
@@ -162,11 +213,8 @@ module TCellAgent
|
|
|
162
213
|
|
|
163
214
|
def policies_from_cachefile
|
|
164
215
|
cache_filename = TCellAgent.configuration.cache_filename_with_app_id
|
|
165
|
-
cache_exists = File.exist?(cache_filename)
|
|
166
216
|
|
|
167
|
-
|
|
168
|
-
return nil
|
|
169
|
-
end
|
|
217
|
+
return nil unless File.exist?(cache_filename)
|
|
170
218
|
|
|
171
219
|
begin
|
|
172
220
|
f1 = File.open(cache_filename, File::RDONLY)
|
data/lib/tcell_agent/api.rb
CHANGED
|
@@ -13,43 +13,23 @@ module TCellAgent
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def pollAPI(last_timestamp=nil)
|
|
16
|
-
if !TCellAgent.configuration || !TCellAgent.configuration.tcell_api_url || !TCellAgent.configuration.app_id
|
|
17
|
-
raise "Config Information Not Found, can't poll tCell service"
|
|
18
|
-
end
|
|
19
16
|
full_url = TCellAgent.configuration.tcell_api_url + "/app/" + TCellAgent.configuration.app_id + "/update"
|
|
20
17
|
if (last_timestamp && last_timestamp != "")
|
|
21
18
|
full_url = full_url + "?last_timestamp=" + last_timestamp.to_s
|
|
22
19
|
end
|
|
20
|
+
|
|
23
21
|
TCellAgent.logger.debug "tCell.io API Request: " + full_url
|
|
24
22
|
request_headers = {
|
|
25
23
|
:Authorization => 'Bearer ' + TCellAgent.configuration.api_key
|
|
26
24
|
}
|
|
25
|
+
|
|
27
26
|
begin
|
|
28
27
|
request_headers[:TCellAgent] = "RubyAgent " + TCellAgent::VERSION
|
|
29
28
|
rescue Exception => e
|
|
30
29
|
TCellAgent.logger.debug("tCell.io Could not add agent string: " + e.message)
|
|
31
30
|
end
|
|
32
|
-
response = RestClient.get full_url,request_headers
|
|
33
|
-
TCellAgent.logger.debug "tCell.io API Response: " + response
|
|
34
|
-
response_json = JSON.parse(response)
|
|
35
|
-
if (response_json && response_json.has_key?("result"))
|
|
36
|
-
return response_json["result"]
|
|
37
|
-
end
|
|
38
|
-
# else result was null and no new information exists...
|
|
39
|
-
return nil
|
|
40
|
-
end
|
|
41
31
|
|
|
42
|
-
|
|
43
|
-
if !TCellAgent.configuration || !TCellAgent.configuration.tcell_api_url || !TCellAgent.configuration.app_id
|
|
44
|
-
raise "Config Information Not Found, can't poll tCell service"
|
|
45
|
-
end
|
|
46
|
-
full_url = TCellAgent.configuration.tcell_api_url + "/api/" + TCellAgent.configuration.app_id + "/csp/poll"
|
|
47
|
-
TCellAgent.logger.debug "tCell.io API Request: " + full_url
|
|
48
|
-
full_url = full_url + "/" + TCellAgent.configuration.api_key
|
|
49
|
-
if (last_timestamp && last_timestamp != "")
|
|
50
|
-
full_url = full_url + "?last_timestamp=" + last_timestamp.to_s
|
|
51
|
-
end
|
|
52
|
-
response = RestClient.get full_url
|
|
32
|
+
response = RestClient.get full_url,request_headers
|
|
53
33
|
TCellAgent.logger.debug "tCell.io API Response: " + response
|
|
54
34
|
response_json = JSON.parse(response)
|
|
55
35
|
if (response_json && response_json.has_key?("result"))
|
|
@@ -99,4 +79,4 @@ module TCellAgent
|
|
|
99
79
|
return false
|
|
100
80
|
end
|
|
101
81
|
end
|
|
102
|
-
end
|
|
82
|
+
end
|
|
@@ -26,21 +26,21 @@ module TCellAgent
|
|
|
26
26
|
:uuid,
|
|
27
27
|
:company,
|
|
28
28
|
:event_batch_size_limit, :event_time_limit_seconds,
|
|
29
|
-
:log_filename,
|
|
30
29
|
:base_dir,
|
|
31
30
|
:cache_filename,
|
|
32
31
|
:js_agent_api_base_url,
|
|
33
32
|
:js_agent_url,
|
|
34
33
|
:raise_exceptions,
|
|
35
|
-
:
|
|
34
|
+
:allow_unencrypted_appfirewall_payloads,
|
|
36
35
|
:blacklisted_params,
|
|
37
36
|
:whitelisted_params,
|
|
38
37
|
:whitelist_present,
|
|
39
38
|
:config_filename,
|
|
40
39
|
:agent_log_dir,
|
|
41
40
|
:max_data_ex_db_records_per_request,
|
|
42
|
-
:
|
|
43
|
-
:
|
|
41
|
+
:allow_unencrypted_appfirewall_payloads_logging,
|
|
42
|
+
:agent_home_dir,
|
|
43
|
+
:agent_home_owner
|
|
44
44
|
|
|
45
45
|
attr_accessor :disable_all,
|
|
46
46
|
:enabled,
|
|
@@ -73,6 +73,11 @@ module TCellAgent
|
|
|
73
73
|
end
|
|
74
74
|
|
|
75
75
|
def initialize(filename="config/tcell_agent.config", useapp=nil)
|
|
76
|
+
# These will be set when the agent starts up, to give rails initializers
|
|
77
|
+
# a chance to run
|
|
78
|
+
@cache_filename = nil
|
|
79
|
+
@agent_log_dir = nil
|
|
80
|
+
|
|
76
81
|
@version = 0
|
|
77
82
|
@exp_config_settings = true
|
|
78
83
|
@demomode = false
|
|
@@ -90,9 +95,9 @@ module TCellAgent
|
|
|
90
95
|
|
|
91
96
|
|
|
92
97
|
@agent_home_dir = File.join(Dir.getwd, "tcell")
|
|
93
|
-
@agent_log_dir = File.join(@agent_home_dir, "logs")
|
|
94
98
|
@config_filename = File.join(Dir.getwd, filename)
|
|
95
99
|
|
|
100
|
+
|
|
96
101
|
@event_batch_size_limit = 50
|
|
97
102
|
@event_time_limit_seconds = 15
|
|
98
103
|
|
|
@@ -103,21 +108,16 @@ module TCellAgent
|
|
|
103
108
|
read_config_using_env
|
|
104
109
|
read_config_from_file(@config_filename)
|
|
105
110
|
|
|
106
|
-
@cache_filename = File.join(@agent_home_dir, "cache", "tcell_agent.cache")
|
|
107
|
-
@log_filename = File.join(@agent_log_dir, "tcell_agent.log")
|
|
108
|
-
|
|
109
|
-
|
|
110
111
|
# Because ENV can override this one
|
|
111
112
|
env_unencrypted_firewall =
|
|
112
113
|
if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"] != nil)
|
|
113
|
-
@
|
|
114
|
+
@allow_unencrypted_appfirewall_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"])
|
|
114
115
|
end
|
|
115
116
|
if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"] != nil)
|
|
116
|
-
@
|
|
117
|
+
@allow_unencrypted_appfirewall_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"])
|
|
117
118
|
end
|
|
118
119
|
|
|
119
|
-
@
|
|
120
|
-
@appfirewall_payloads_log_filename = File.join(@agent_log_dir, "tcell_agent_payloads.log")
|
|
120
|
+
@allow_unencrypted_appfirewall_payloads_logging = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS_LOGGING"])
|
|
121
121
|
|
|
122
122
|
@tcell_api_url ||= "https://api.tcell.io/api/v1"
|
|
123
123
|
@tcell_input_url ||= "https://input.tcell.io/api/v1"
|
|
@@ -134,17 +134,12 @@ module TCellAgent
|
|
|
134
134
|
|
|
135
135
|
@uuid = SecureRandom.uuid
|
|
136
136
|
|
|
137
|
-
FileUtils::mkdir_p File.dirname(@cache_filename)
|
|
138
|
-
if @logging_options && @logging_options["filename"]
|
|
139
|
-
FileUtils::mkdir_p File.dirname(@logging_options["filename"])
|
|
140
|
-
else
|
|
141
|
-
FileUtils::mkdir_p File.dirname(@log_filename)
|
|
142
|
-
end
|
|
143
|
-
|
|
144
137
|
load_app_sensor_restrictions
|
|
145
138
|
end
|
|
146
139
|
|
|
147
140
|
def cache_filename_with_app_id
|
|
141
|
+
@cache_filename ||= File.join(@agent_home_dir, "cache", "tcell_agent.cache")
|
|
142
|
+
|
|
148
143
|
if @app_id
|
|
149
144
|
"#{@cache_filename}.#{@app_id}"
|
|
150
145
|
else
|
|
@@ -162,7 +157,8 @@ module TCellAgent
|
|
|
162
157
|
@demomode = ENV["TCELL_DEMOMODE"] || @demomode
|
|
163
158
|
|
|
164
159
|
@agent_home_dir = ENV["TCELL_AGENT_HOME"] || @agent_home_dir
|
|
165
|
-
@
|
|
160
|
+
@agent_home_owner = ENV["TCELL_AGENT_HOME_OWNER"]
|
|
161
|
+
@agent_log_dir = ENV["TCELL_AGENT_LOG_DIR"]
|
|
166
162
|
@config_filename = ENV["TCELL_AGENT_CONFIG"] || @config_filename
|
|
167
163
|
|
|
168
164
|
if @demomode
|
|
@@ -212,16 +208,15 @@ module TCellAgent
|
|
|
212
208
|
|
|
213
209
|
@use_websockets = app_data["use_websockets"]
|
|
214
210
|
|
|
215
|
-
@
|
|
216
|
-
|
|
211
|
+
@allow_unencrypted_appfirewall_payloads =
|
|
212
|
+
app_data.fetch('allow_unencrypted_appsensor_payloads', @allow_unencrypted_appfirewall_payloads)
|
|
213
|
+
@allow_unencrypted_appfirewall_payloads =
|
|
214
|
+
app_data.fetch('allow_unencrypted_appfirewall_payloads', @allow_unencrypted_appfirewall_payloads)
|
|
217
215
|
|
|
218
216
|
data_exposure = app_data.fetch('data_exposure', {})
|
|
219
217
|
@max_data_ex_db_records_per_request = data_exposure.fetch('max_data_ex_db_records_per_request', @max_data_ex_db_records_per_request)
|
|
220
218
|
|
|
221
219
|
@host_identifier = @host_identifier || app_data.fetch("host_identifier", @host_identifier)
|
|
222
|
-
if (@host_identifier == nil)
|
|
223
|
-
@host_identifier = (Socket.gethostname() || "localhost")
|
|
224
|
-
end
|
|
225
220
|
@hmac_key ||= app_data["hmac_key"] # if not already set
|
|
226
221
|
@session_cookie_names = app_data["session_cookie_names"]
|
|
227
222
|
@uuid = SecureRandom.uuid
|
|
@@ -294,7 +289,7 @@ module TCellAgent
|
|
|
294
289
|
end
|
|
295
290
|
|
|
296
291
|
rescue Exception => e
|
|
297
|
-
@
|
|
292
|
+
@allow_unencrypted_appfirewall_payloads = false
|
|
298
293
|
|
|
299
294
|
puts " ********* ********* ********* **********"
|
|
300
295
|
puts "* tCell.io *"
|
|
@@ -305,6 +300,15 @@ module TCellAgent
|
|
|
305
300
|
end
|
|
306
301
|
end
|
|
307
302
|
|
|
303
|
+
def log_filename
|
|
304
|
+
@agent_log_dir ||= File.join(@agent_home_dir, "logs")
|
|
305
|
+
File.join(@agent_log_dir, "tcell_agent.log")
|
|
306
|
+
end
|
|
307
|
+
|
|
308
|
+
def appfirewall_payloads_log_filename
|
|
309
|
+
@agent_log_dir ||= File.join(@agent_home_dir, "logs")
|
|
310
|
+
File.join(@agent_log_dir, "tcell_agent_payloads.log")
|
|
311
|
+
end
|
|
308
312
|
end # class
|
|
309
313
|
|
|
310
314
|
TCellAgent.configuration ||= TCellAgent::Configuration.new
|
data/lib/tcell_agent/logger.rb
CHANGED
|
@@ -5,6 +5,16 @@ require 'tcell_agent/configuration'
|
|
|
5
5
|
|
|
6
6
|
module TCellAgent
|
|
7
7
|
|
|
8
|
+
class TCellLogDevice < Logger::LogDevice
|
|
9
|
+
def create_logfile(filename)
|
|
10
|
+
logdev = super
|
|
11
|
+
|
|
12
|
+
TCellAgent::Utils::IO.set_owner(filename, TCellAgent.configuration.agent_home_owner)
|
|
13
|
+
|
|
14
|
+
logdev
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
8
18
|
@@logger_pid = Process.pid
|
|
9
19
|
|
|
10
20
|
def self.loggingLevelFromString(levelString)
|
|
@@ -28,9 +38,17 @@ module TCellAgent
|
|
|
28
38
|
return @payloads_logger
|
|
29
39
|
end
|
|
30
40
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
41
|
+
TCellAgent::Utils::IO.create_directory(
|
|
42
|
+
File.dirname(TCellAgent.configuration.appfirewall_payloads_log_filename),
|
|
43
|
+
TCellAgent.configuration.agent_home_owner
|
|
44
|
+
)
|
|
45
|
+
|
|
46
|
+
log_device = TCellLogDevice.new(
|
|
47
|
+
TCellAgent.configuration.appfirewall_payloads_log_filename,
|
|
48
|
+
shift_age: 9, shift_size: 5242880
|
|
49
|
+
)
|
|
50
|
+
if TCellAgent.configuration.allow_unencrypted_appfirewall_payloads_logging
|
|
51
|
+
@payloads_logger = Logger.new(log_device)
|
|
34
52
|
@payloads_logger.level = Logger::INFO
|
|
35
53
|
@payloads_logger.formatter = proc do |severity, datetime, progname, msg|
|
|
36
54
|
date_format = datetime.strftime("%Y-%m-%dT%H:%M:%S.%L%:z")
|
|
@@ -40,7 +58,7 @@ module TCellAgent
|
|
|
40
58
|
return @payloads_logger
|
|
41
59
|
end
|
|
42
60
|
|
|
43
|
-
logger = Logger.new(
|
|
61
|
+
logger = Logger.new(log_device)
|
|
44
62
|
logger.level = Logger::ERROR
|
|
45
63
|
return logger
|
|
46
64
|
end
|
|
@@ -53,12 +71,15 @@ module TCellAgent
|
|
|
53
71
|
@logger_pid = Process.pid
|
|
54
72
|
logging_options = TCellAgent.configuration.logging_options
|
|
55
73
|
|
|
74
|
+
logging_file = TCellAgent.configuration.log_filename
|
|
75
|
+
logging_directory = File.dirname(logging_file)
|
|
76
|
+
TCellAgent::Utils::IO.create_directory(logging_directory, TCellAgent.configuration.agent_home_owner)
|
|
77
|
+
|
|
78
|
+
log_device = TCellLogDevice.new(logging_file, shift_age: 9, shift_size: 5242880)
|
|
56
79
|
if logging_options && logging_options["enabled"]
|
|
57
|
-
FileUtils.mkdir_p TCellAgent.configuration.agent_log_dir
|
|
58
80
|
level = loggingLevelFromString(logging_options["level"])
|
|
59
|
-
logging_file = logging_options["filename"] || TCellAgent.configuration.log_filename
|
|
60
81
|
# limit the total log file to about 9 * 5 = 45 mb
|
|
61
|
-
@logger = Logger.new(
|
|
82
|
+
@logger = Logger.new(log_device)
|
|
62
83
|
@logger.level = level
|
|
63
84
|
@logger.formatter = proc do |severity, datetime, progname, msg|
|
|
64
85
|
# ISO 8601 format
|
|
@@ -69,7 +90,7 @@ module TCellAgent
|
|
|
69
90
|
return @logger
|
|
70
91
|
end
|
|
71
92
|
|
|
72
|
-
logger = Logger.new(
|
|
93
|
+
logger = Logger.new(log_device)
|
|
73
94
|
logger.level = Logger::ERROR
|
|
74
95
|
return logger
|
|
75
96
|
end
|
|
@@ -71,7 +71,7 @@ module TCellAgent
|
|
|
71
71
|
vuln_param = vuln_results["param"]
|
|
72
72
|
payload = nil
|
|
73
73
|
|
|
74
|
-
if TCellAgent.configuration.
|
|
74
|
+
if TCellAgent.configuration.allow_unencrypted_appfirewall_payloads
|
|
75
75
|
payload = vuln_results["value"]
|
|
76
76
|
end
|
|
77
77
|
|
|
@@ -105,7 +105,7 @@ module TCellAgent
|
|
|
105
105
|
end
|
|
106
106
|
|
|
107
107
|
def log_appsensor_events(type_of_param, appsensor_meta, vuln_param, vuln_value)
|
|
108
|
-
if TCellAgent.configuration.
|
|
108
|
+
if TCellAgent.configuration.allow_unencrypted_appfirewall_payloads_logging
|
|
109
109
|
event = TCellAgent::SensorEvents::TCellAppSensorEvent.new(
|
|
110
110
|
appsensor_meta.location,
|
|
111
111
|
@detection_point,
|
|
@@ -4,8 +4,8 @@
|
|
|
4
4
|
|
|
5
5
|
Rails::Server.class_eval do
|
|
6
6
|
|
|
7
|
-
alias_method :
|
|
8
|
-
def
|
|
7
|
+
alias_method :tcell_build_app, :build_app
|
|
8
|
+
def build_app(app)
|
|
9
9
|
require("tcell_agent/servers/unicorn") if defined?(Unicorn::HttpServer)
|
|
10
10
|
require("tcell_agent/servers/webrick") if defined?(Rack::Handler::WEBrick)
|
|
11
11
|
require("tcell_agent/servers/thin") if defined?(Thin::Server)
|
|
@@ -23,7 +23,7 @@ Rails::Server.class_eval do
|
|
|
23
23
|
end
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
|
|
26
|
+
tcell_build_app(app)
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
end
|
|
@@ -1,10 +1,9 @@
|
|
|
1
1
|
Unicorn::HttpServer.class_eval do
|
|
2
2
|
|
|
3
|
-
# This will be
|
|
4
|
-
#
|
|
5
|
-
# also ensures that a server is running as opposed to a different command such
|
|
3
|
+
# - This will be false when preload_app is false (even when unicorn is sent USR2 SIGNAL)
|
|
4
|
+
# - This check also ensures that a server is running as opposed to a different command such
|
|
6
5
|
# as `bundle exec rails runner User.count`.
|
|
7
|
-
|
|
6
|
+
unless Unicorn::HttpServer::START_CTX && Unicorn::HttpServer::START_CTX[0]
|
|
8
7
|
TCellAgent.run_instrumentation("Unicorn")
|
|
9
8
|
end
|
|
10
9
|
|
|
@@ -13,11 +13,9 @@ if (TCellAgent.configuration.disable_all == false)
|
|
|
13
13
|
|
|
14
14
|
require 'tcell_agent/rails/on_start' if defined?(Rails)
|
|
15
15
|
|
|
16
|
-
|
|
16
|
+
TCellAgent::Instrumentation.safe_block("Starting thread agent") do
|
|
17
17
|
TCellAgent.logger.debug("Instrumenting: #{server_name}")
|
|
18
18
|
TCellAgent.thread_agent.start
|
|
19
|
-
rescue Exception => e
|
|
20
|
-
TCellAgent.logger.error("Could not start thread agent. #{e.message}")
|
|
21
19
|
end
|
|
22
20
|
|
|
23
21
|
if TCellAgent.configuration.should_instrument?
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module TCellAgent
|
|
2
|
+
module Utils
|
|
3
|
+
module IO
|
|
4
|
+
|
|
5
|
+
def self.create_directory(dir, owner=nil)
|
|
6
|
+
unless File.directory?(dir)
|
|
7
|
+
FileUtils.mkdir_p(dir)
|
|
8
|
+
|
|
9
|
+
if TCellAgent::Utils::Strings.present?(owner)
|
|
10
|
+
TCellAgent::Instrumentation.safe_block("Ignoring agent_home_owner value, insufficient privileges") do
|
|
11
|
+
FileUtils.chown( owner, nil, dir )
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def self.set_owner(filename, owner=nil)
|
|
18
|
+
TCellAgent::Instrumentation.safe_block("Ignoring agent_home_owner value, insufficient privileges") do
|
|
19
|
+
if TCellAgent::Utils::Strings.present?(owner) && File.exists?(filename)
|
|
20
|
+
FileUtils.chown( owner, nil, filename )
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
data/lib/tcell_agent/version.rb
CHANGED
|
@@ -5,6 +5,194 @@ module TCellAgent
|
|
|
5
5
|
|
|
6
6
|
describe Agent do
|
|
7
7
|
|
|
8
|
+
describe "#start_policy_polling_loop" do
|
|
9
|
+
context "should_start_policy_poll disabled" do
|
|
10
|
+
it "should not start the policy polling loop" do
|
|
11
|
+
configuration = double(
|
|
12
|
+
"configuration",
|
|
13
|
+
{
|
|
14
|
+
should_start_policy_poll?: false,
|
|
15
|
+
event_time_limit_seconds: nil,
|
|
16
|
+
event_batch_size_limit: nil,
|
|
17
|
+
preload_policy_filename: nil,
|
|
18
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
19
|
+
}
|
|
20
|
+
)
|
|
21
|
+
|
|
22
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
23
|
+
agent = TCellAgent::Agent.new
|
|
24
|
+
|
|
25
|
+
expect(Thread).to_not receive(:new)
|
|
26
|
+
agent.start_policy_polling_loop
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
context "should_start_policy_poll enabled" do
|
|
31
|
+
context "tcell_api_url" do
|
|
32
|
+
context "is nil " do
|
|
33
|
+
it "should not start the policy polling loop" do
|
|
34
|
+
configuration = double(
|
|
35
|
+
"configuration",
|
|
36
|
+
{
|
|
37
|
+
tcell_api_url: nil,
|
|
38
|
+
should_start_policy_poll?: true,
|
|
39
|
+
event_time_limit_seconds: nil,
|
|
40
|
+
event_batch_size_limit: nil,
|
|
41
|
+
preload_policy_filename: nil,
|
|
42
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
43
|
+
}
|
|
44
|
+
)
|
|
45
|
+
|
|
46
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
47
|
+
agent = TCellAgent::Agent.new
|
|
48
|
+
|
|
49
|
+
logger = double("logger")
|
|
50
|
+
|
|
51
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
52
|
+
expect(logger).to receive(:error).with("tCell.io tcell_api_url is missing. Disabling policy polling.")
|
|
53
|
+
expect(Thread).to_not receive(:new)
|
|
54
|
+
agent.start_policy_polling_loop
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
context "is empty" do
|
|
59
|
+
it "should not start the policy polling loop" do
|
|
60
|
+
configuration = double(
|
|
61
|
+
"configuration",
|
|
62
|
+
{
|
|
63
|
+
tcell_api_url: "",
|
|
64
|
+
should_start_policy_poll?: true,
|
|
65
|
+
event_time_limit_seconds: nil,
|
|
66
|
+
event_batch_size_limit: nil,
|
|
67
|
+
preload_policy_filename: nil,
|
|
68
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
69
|
+
}
|
|
70
|
+
)
|
|
71
|
+
|
|
72
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
73
|
+
agent = TCellAgent::Agent.new
|
|
74
|
+
|
|
75
|
+
logger = double("logger")
|
|
76
|
+
|
|
77
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
78
|
+
expect(logger).to receive(:error).with("tCell.io tcell_api_url is missing. Disabling policy polling.")
|
|
79
|
+
expect(Thread).to_not receive(:new)
|
|
80
|
+
agent.start_policy_polling_loop
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
context "is blank space" do
|
|
85
|
+
it "should not start the policy polling loop" do
|
|
86
|
+
configuration = double(
|
|
87
|
+
"configuration",
|
|
88
|
+
{
|
|
89
|
+
tcell_api_url: " ",
|
|
90
|
+
should_start_policy_poll?: true,
|
|
91
|
+
event_time_limit_seconds: nil,
|
|
92
|
+
event_batch_size_limit: nil,
|
|
93
|
+
preload_policy_filename: nil,
|
|
94
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
95
|
+
}
|
|
96
|
+
)
|
|
97
|
+
|
|
98
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
99
|
+
agent = TCellAgent::Agent.new
|
|
100
|
+
|
|
101
|
+
logger = double("logger")
|
|
102
|
+
|
|
103
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
104
|
+
expect(logger).to receive(:error).with("tCell.io tcell_api_url is missing. Disabling policy polling.")
|
|
105
|
+
expect(Thread).to_not receive(:new)
|
|
106
|
+
agent.start_policy_polling_loop
|
|
107
|
+
end
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
context "app_id" do
|
|
112
|
+
context "is nil " do
|
|
113
|
+
it "should not start the policy polling loop" do
|
|
114
|
+
configuration = double(
|
|
115
|
+
"configuration",
|
|
116
|
+
{
|
|
117
|
+
tcell_api_url: "present",
|
|
118
|
+
app_id: nil,
|
|
119
|
+
should_start_policy_poll?: true,
|
|
120
|
+
event_time_limit_seconds: nil,
|
|
121
|
+
event_batch_size_limit: nil,
|
|
122
|
+
preload_policy_filename: nil,
|
|
123
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
124
|
+
}
|
|
125
|
+
)
|
|
126
|
+
|
|
127
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
128
|
+
agent = TCellAgent::Agent.new
|
|
129
|
+
|
|
130
|
+
logger = double("logger")
|
|
131
|
+
|
|
132
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
133
|
+
expect(logger).to receive(:error).with("tCell.io app_id is missing. Disabling policy polling.")
|
|
134
|
+
expect(Thread).to_not receive(:new)
|
|
135
|
+
agent.start_policy_polling_loop
|
|
136
|
+
end
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
context "is empty" do
|
|
140
|
+
it "should not start the policy polling loop" do
|
|
141
|
+
configuration = double(
|
|
142
|
+
"configuration",
|
|
143
|
+
{
|
|
144
|
+
tcell_api_url: "present",
|
|
145
|
+
app_id: "",
|
|
146
|
+
should_start_policy_poll?: true,
|
|
147
|
+
event_time_limit_seconds: nil,
|
|
148
|
+
event_batch_size_limit: nil,
|
|
149
|
+
preload_policy_filename: nil,
|
|
150
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
151
|
+
}
|
|
152
|
+
)
|
|
153
|
+
|
|
154
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
155
|
+
agent = TCellAgent::Agent.new
|
|
156
|
+
|
|
157
|
+
logger = double("logger")
|
|
158
|
+
|
|
159
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
160
|
+
expect(logger).to receive(:error).with("tCell.io app_id is missing. Disabling policy polling.")
|
|
161
|
+
expect(Thread).to_not receive(:new)
|
|
162
|
+
agent.start_policy_polling_loop
|
|
163
|
+
end
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
context "is blank space" do
|
|
167
|
+
it "should not start the policy polling loop" do
|
|
168
|
+
configuration = double(
|
|
169
|
+
"configuration",
|
|
170
|
+
{
|
|
171
|
+
tcell_api_url: "present",
|
|
172
|
+
app_id: " ",
|
|
173
|
+
should_start_policy_poll?: true,
|
|
174
|
+
event_time_limit_seconds: nil,
|
|
175
|
+
event_batch_size_limit: nil,
|
|
176
|
+
preload_policy_filename: nil,
|
|
177
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
178
|
+
}
|
|
179
|
+
)
|
|
180
|
+
|
|
181
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
182
|
+
agent = TCellAgent::Agent.new
|
|
183
|
+
|
|
184
|
+
logger = double("logger")
|
|
185
|
+
|
|
186
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
187
|
+
expect(logger).to receive(:error).with("tCell.io app_id is missing. Disabling policy polling.")
|
|
188
|
+
expect(Thread).to_not receive(:new)
|
|
189
|
+
agent.start_policy_polling_loop
|
|
190
|
+
end
|
|
191
|
+
end
|
|
192
|
+
end
|
|
193
|
+
end
|
|
194
|
+
end
|
|
195
|
+
|
|
8
196
|
describe "#cache" do
|
|
9
197
|
context "with an existing cached file" do
|
|
10
198
|
|
|
@@ -29,7 +29,7 @@ module TCellAgent
|
|
|
29
29
|
expect(File).to_not receive(:open)
|
|
30
30
|
configuration = TCellAgent::Configuration.new
|
|
31
31
|
|
|
32
|
-
expect(configuration.
|
|
32
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
|
33
33
|
expect(configuration.blacklisted_params).to eq({
|
|
34
34
|
"token" => true,
|
|
35
35
|
"client_secret" => true,
|
|
@@ -58,7 +58,7 @@ module TCellAgent
|
|
|
58
58
|
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
|
59
59
|
configuration = TCellAgent::Configuration.new
|
|
60
60
|
|
|
61
|
-
expect(configuration.
|
|
61
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(false)
|
|
62
62
|
expect(configuration.blacklisted_params).to eq({
|
|
63
63
|
"token" => true,
|
|
64
64
|
"client_secret" => true,
|
|
@@ -87,7 +87,7 @@ module TCellAgent
|
|
|
87
87
|
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
|
88
88
|
configuration = TCellAgent::Configuration.new
|
|
89
89
|
|
|
90
|
-
expect(configuration.
|
|
90
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
|
91
91
|
expect(configuration.blacklisted_params).to eq({
|
|
92
92
|
"token" => true,
|
|
93
93
|
"client_secret" => true,
|
|
@@ -115,7 +115,7 @@ module TCellAgent
|
|
|
115
115
|
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
|
116
116
|
configuration = TCellAgent::Configuration.new
|
|
117
117
|
|
|
118
|
-
expect(configuration.
|
|
118
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
|
119
119
|
expect(configuration.blacklisted_params).to eq({"passwd" => true})
|
|
120
120
|
expect(configuration.whitelisted_params).to eq({})
|
|
121
121
|
expect(configuration.whitelist_present).to eq(false)
|
|
@@ -135,7 +135,7 @@ module TCellAgent
|
|
|
135
135
|
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
|
136
136
|
configuration = TCellAgent::Configuration.new
|
|
137
137
|
|
|
138
|
-
expect(configuration.
|
|
138
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
|
139
139
|
expect(configuration.blacklisted_params).to eq({
|
|
140
140
|
"token" => true,
|
|
141
141
|
"client_secret" => true,
|
|
@@ -163,7 +163,7 @@ module TCellAgent
|
|
|
163
163
|
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
|
164
164
|
configuration = TCellAgent::Configuration.new
|
|
165
165
|
|
|
166
|
-
expect(configuration.
|
|
166
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
|
167
167
|
expect(configuration.blacklisted_params).to eq({"ssn" => true})
|
|
168
168
|
expect(configuration.whitelisted_params).to eq({"passwd" => true})
|
|
169
169
|
expect(configuration.whitelist_present).to eq(true)
|
|
@@ -179,8 +179,8 @@ module TCellAgent
|
|
|
179
179
|
it "should set cache file, config, and log file to defaults" do
|
|
180
180
|
configuration = Configuration.new
|
|
181
181
|
|
|
182
|
-
expect(configuration.
|
|
183
|
-
|
|
182
|
+
expect(configuration.cache_filename_with_app_id).to match(
|
|
183
|
+
/tcell\/cache\/tcell_agent.cache/
|
|
184
184
|
)
|
|
185
185
|
expect(configuration.log_filename).to eq(
|
|
186
186
|
File.join(Dir.getwd, "tcell/logs/tcell_agent.log")
|
|
@@ -197,13 +197,10 @@ module TCellAgent
|
|
|
197
197
|
|
|
198
198
|
ENV["TCELL_AGENT_HOME"] = "spec_tcell_home"
|
|
199
199
|
|
|
200
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_home/cache")
|
|
201
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_home/logs")
|
|
202
|
-
|
|
203
200
|
configuration = Configuration.new
|
|
204
201
|
|
|
205
|
-
expect(configuration.
|
|
206
|
-
|
|
202
|
+
expect(configuration.cache_filename_with_app_id).to match(
|
|
203
|
+
/spec_tcell_home\/cache\/tcell_agent.cache/
|
|
207
204
|
)
|
|
208
205
|
expect(configuration.log_filename).to eq(
|
|
209
206
|
"spec_tcell_home/logs/tcell_agent.log"
|
|
@@ -224,13 +221,10 @@ module TCellAgent
|
|
|
224
221
|
ENV["TCELL_AGENT_HOME"] = "spec_tcell_home"
|
|
225
222
|
ENV["TCELL_AGENT_LOG_DIR"] = "spec_tcell_log_dir"
|
|
226
223
|
|
|
227
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_home/cache")
|
|
228
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_log_dir")
|
|
229
|
-
|
|
230
224
|
configuration = Configuration.new
|
|
231
225
|
|
|
232
|
-
expect(configuration.
|
|
233
|
-
|
|
226
|
+
expect(configuration.cache_filename_with_app_id).to match(
|
|
227
|
+
/spec_tcell_home\/cache\/tcell_agent.cache/
|
|
234
228
|
)
|
|
235
229
|
expect(configuration.log_filename).to eq(
|
|
236
230
|
"spec_tcell_log_dir/tcell_agent.log"
|
|
@@ -254,13 +248,10 @@ module TCellAgent
|
|
|
254
248
|
ENV["TCELL_AGENT_LOG_DIR"] = "spec_tcell_log_dir"
|
|
255
249
|
ENV["TCELL_AGENT_CONFIG"] = "spec_config/tcell_agent.config"
|
|
256
250
|
|
|
257
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_log_dir")
|
|
258
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_home/cache")
|
|
259
|
-
|
|
260
251
|
configuration = Configuration.new
|
|
261
252
|
|
|
262
|
-
expect(configuration.
|
|
263
|
-
|
|
253
|
+
expect(configuration.cache_filename_with_app_id).to match(
|
|
254
|
+
/spec_tcell_home\/cache\/tcell_agent.cache/
|
|
264
255
|
)
|
|
265
256
|
expect(configuration.log_filename).to eq(
|
|
266
257
|
"spec_tcell_log_dir/tcell_agent.log"
|
|
@@ -243,8 +243,8 @@ module TCellAgent
|
|
|
243
243
|
@sensor.exclude_cookies = true
|
|
244
244
|
configuration = double(
|
|
245
245
|
"configuration",
|
|
246
|
-
|
|
247
|
-
|
|
246
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
247
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
248
248
|
blacklisted_params: {},
|
|
249
249
|
whitelist_present: false
|
|
250
250
|
)
|
|
@@ -267,7 +267,7 @@ module TCellAgent
|
|
|
267
267
|
expect(result).to eq(true)
|
|
268
268
|
end
|
|
269
269
|
|
|
270
|
-
context "
|
|
270
|
+
context "allow_unencrypted_appfirewall_payloads is false" do
|
|
271
271
|
context "param is blacklisted" do
|
|
272
272
|
it "should return true" do
|
|
273
273
|
@sensor.exclude_forms = false
|
|
@@ -275,8 +275,8 @@ module TCellAgent
|
|
|
275
275
|
|
|
276
276
|
configuration = double(
|
|
277
277
|
"configuration",
|
|
278
|
-
|
|
279
|
-
|
|
278
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
279
|
+
allow_unencrypted_appfirewall_payloads: false,
|
|
280
280
|
blacklisted_params: {"vuln_param" => true},
|
|
281
281
|
whitelist_present: false
|
|
282
282
|
)
|
|
@@ -307,8 +307,8 @@ module TCellAgent
|
|
|
307
307
|
|
|
308
308
|
configuration = double(
|
|
309
309
|
"configuration",
|
|
310
|
-
|
|
311
|
-
|
|
310
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
311
|
+
allow_unencrypted_appfirewall_payloads: false,
|
|
312
312
|
blacklisted_params: {},
|
|
313
313
|
whitelist_present: true,
|
|
314
314
|
whitelisted_params: {"vuln_param" => true}
|
|
@@ -340,8 +340,8 @@ module TCellAgent
|
|
|
340
340
|
|
|
341
341
|
configuration = double(
|
|
342
342
|
"configuration",
|
|
343
|
-
|
|
344
|
-
|
|
343
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
344
|
+
allow_unencrypted_appfirewall_payloads: false,
|
|
345
345
|
blacklisted_params: {},
|
|
346
346
|
whitelist_present: false
|
|
347
347
|
)
|
|
@@ -366,7 +366,7 @@ module TCellAgent
|
|
|
366
366
|
end
|
|
367
367
|
end
|
|
368
368
|
|
|
369
|
-
context "
|
|
369
|
+
context "allow_unencrypted_appfirewall_payloads is true" do
|
|
370
370
|
context "params is blacklisted" do
|
|
371
371
|
it "should return true" do
|
|
372
372
|
@sensor.exclude_forms = false
|
|
@@ -374,8 +374,8 @@ module TCellAgent
|
|
|
374
374
|
|
|
375
375
|
configuration = double(
|
|
376
376
|
"configuration",
|
|
377
|
-
|
|
378
|
-
|
|
377
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
378
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
379
379
|
blacklisted_params: {"vuln_param" => true},
|
|
380
380
|
whitelist_present: false
|
|
381
381
|
)
|
|
@@ -406,8 +406,8 @@ module TCellAgent
|
|
|
406
406
|
|
|
407
407
|
configuration = double(
|
|
408
408
|
"configuration",
|
|
409
|
-
|
|
410
|
-
|
|
409
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
410
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
411
411
|
blacklisted_params: {},
|
|
412
412
|
whitelist_present: true,
|
|
413
413
|
whitelisted_params: {"vuln_param" => true}
|
|
@@ -439,8 +439,8 @@ module TCellAgent
|
|
|
439
439
|
|
|
440
440
|
configuration = double(
|
|
441
441
|
"configuration",
|
|
442
|
-
|
|
443
|
-
|
|
442
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
443
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
444
444
|
blacklisted_params: {"vuln_param" => true},
|
|
445
445
|
whitelist_present: true,
|
|
446
446
|
whitelisted_params: {"vuln_param" => true}
|
|
@@ -472,8 +472,8 @@ module TCellAgent
|
|
|
472
472
|
|
|
473
473
|
configuration = double(
|
|
474
474
|
"configuration",
|
|
475
|
-
|
|
476
|
-
|
|
475
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
476
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
477
477
|
blacklisted_params: {},
|
|
478
478
|
whitelist_present: false
|
|
479
479
|
)
|
|
@@ -522,8 +522,8 @@ module TCellAgent
|
|
|
522
522
|
@sensor.exclude_cookies = true
|
|
523
523
|
configuration = double(
|
|
524
524
|
"configuration",
|
|
525
|
-
|
|
526
|
-
|
|
525
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
526
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
527
527
|
blacklisted_params: {},
|
|
528
528
|
whitelist_present: false
|
|
529
529
|
)
|
|
@@ -570,8 +570,8 @@ module TCellAgent
|
|
|
570
570
|
@sensor.exclude_cookies = true
|
|
571
571
|
configuration = double(
|
|
572
572
|
"configuration",
|
|
573
|
-
|
|
574
|
-
|
|
573
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
574
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
575
575
|
blacklisted_params: {},
|
|
576
576
|
whitelist_present: false
|
|
577
577
|
)
|
|
@@ -603,8 +603,8 @@ module TCellAgent
|
|
|
603
603
|
@sensor.exclude_cookies = false
|
|
604
604
|
configuration = double(
|
|
605
605
|
"configuration",
|
|
606
|
-
|
|
607
|
-
|
|
606
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
607
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
608
608
|
blacklisted_params: {},
|
|
609
609
|
whitelist_present: false
|
|
610
610
|
)
|
|
@@ -103,8 +103,8 @@ module TCellAgent
|
|
|
103
103
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
104
104
|
end
|
|
105
105
|
it "checks that payload is sent in xss with route_id" do
|
|
106
|
-
old_uap = TCellAgent.configuration.
|
|
107
|
-
TCellAgent.configuration.
|
|
106
|
+
old_uap = TCellAgent.configuration.allow_unencrypted_appfirewall_payloads
|
|
107
|
+
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads = true
|
|
108
108
|
response = request2.get("/foo?xyz=%3Cscript%3Ealert(1)%3C%2Fscript%3E")
|
|
109
109
|
expected_as = {
|
|
110
110
|
"event_type"=>"as",
|
|
@@ -117,7 +117,7 @@ module TCellAgent
|
|
|
117
117
|
"loc"=>"http://example.org/foo?xyz=",
|
|
118
118
|
"tid"=>"a-b-c-d-e-f",
|
|
119
119
|
"payload"=>"<script>alert(1)</script>"}
|
|
120
|
-
TCellAgent.configuration.
|
|
120
|
+
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads= old_uap
|
|
121
121
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
122
122
|
end
|
|
123
123
|
|
|
@@ -179,8 +179,8 @@ module TCellAgent
|
|
|
179
179
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
180
180
|
end
|
|
181
181
|
it "checks that payload is sent" do
|
|
182
|
-
old_uap = TCellAgent.configuration.
|
|
183
|
-
TCellAgent.configuration.
|
|
182
|
+
old_uap = TCellAgent.configuration.allow_unencrypted_appfirewall_payloads
|
|
183
|
+
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads = true
|
|
184
184
|
response = request.get("/foo?xyz=/etc/passwd", 'REMOTE_ADDR' => '1.3.3.4,3.4.5.6')
|
|
185
185
|
expected_as = {
|
|
186
186
|
"event_type"=>"as",
|
|
@@ -192,7 +192,7 @@ module TCellAgent
|
|
|
192
192
|
"loc"=>"http://example.org/foo?xyz=",
|
|
193
193
|
"tid"=>"a-b-c-d-e-f",
|
|
194
194
|
"payload"=>"/etc/passwd"}
|
|
195
|
-
TCellAgent.configuration.
|
|
195
|
+
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads = old_uap
|
|
196
196
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
197
197
|
end
|
|
198
198
|
end #/conext
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
module TCellAgent
|
|
4
|
+
module Utils
|
|
5
|
+
describe ".blank?" do
|
|
6
|
+
context "with nil" do
|
|
7
|
+
it "should return true" do
|
|
8
|
+
expect(Strings.blank?(nil)).to be(true)
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
context "with empty string" do
|
|
13
|
+
it "should return true" do
|
|
14
|
+
expect(Strings.blank?("")).to be(true)
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
context "with white space string" do
|
|
19
|
+
it "should return true" do
|
|
20
|
+
expect(Strings.blank?("\t \r\n \s\s")).to be(true)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
context "with a string containing non whitespace chars" do
|
|
25
|
+
it "should return false" do
|
|
26
|
+
expect(Strings.blank?("A\t \r\n \s\s")).to be(false)
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tcell_agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.14
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Garrett
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-05-
|
|
11
|
+
date: 2016-05-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rest-client
|
|
@@ -190,8 +190,10 @@ files:
|
|
|
190
190
|
- lib/tcell_agent/start_background_thread.rb
|
|
191
191
|
- lib/tcell_agent/system_info.rb
|
|
192
192
|
- lib/tcell_agent/userinfo.rb
|
|
193
|
+
- lib/tcell_agent/utils/io.rb
|
|
193
194
|
- lib/tcell_agent/utils/params.rb
|
|
194
195
|
- lib/tcell_agent/utils/queue_with_timeout.rb
|
|
196
|
+
- lib/tcell_agent/utils/strings.rb
|
|
195
197
|
- lib/tcell_agent/version.rb
|
|
196
198
|
- lib/tcell_agent.rb
|
|
197
199
|
- spec/apps/rails-3.2/app/assets/images/rails.png
|
|
@@ -279,6 +281,7 @@ files:
|
|
|
279
281
|
- spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
|
|
280
282
|
- spec/lib/tcell_agent/utils/bounded_queue_spec.rb
|
|
281
283
|
- spec/lib/tcell_agent/utils/params_spec.rb
|
|
284
|
+
- spec/lib/tcell_agent/utils/strings_spec.rb
|
|
282
285
|
- spec/lib/tcell_agent_spec.rb
|
|
283
286
|
- spec/spec_helper.rb
|
|
284
287
|
- spec/support/middleware_helper.rb
|
|
@@ -401,6 +404,7 @@ test_files:
|
|
|
401
404
|
- spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
|
|
402
405
|
- spec/lib/tcell_agent/utils/bounded_queue_spec.rb
|
|
403
406
|
- spec/lib/tcell_agent/utils/params_spec.rb
|
|
407
|
+
- spec/lib/tcell_agent/utils/strings_spec.rb
|
|
404
408
|
- spec/lib/tcell_agent_spec.rb
|
|
405
409
|
- spec/spec_helper.rb
|
|
406
410
|
- spec/support/middleware_helper.rb
|