tcell_agent 0.2.18 → 0.2.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +11 -0
  3. data/lib/tcell_agent/configuration.rb +8 -1
  4. data/lib/tcell_agent/instrumentation.rb +14 -10
  5. data/lib/tcell_agent/logger.rb +23 -23
  6. data/lib/tcell_agent/policies/appsensor/database_sensor.rb +61 -0
  7. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +10 -2
  8. data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +66 -0
  9. data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +11 -3
  10. data/lib/tcell_agent/policies/appsensor/size_sensor.rb +6 -5
  11. data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +47 -0
  12. data/lib/tcell_agent/policies/appsensor_policy.rb +68 -5
  13. data/lib/tcell_agent/policies/patches_policy.rb +2 -2
  14. data/lib/tcell_agent/rails.rb +3 -0
  15. data/lib/tcell_agent/rails/auth/authlogic.rb +2 -2
  16. data/lib/tcell_agent/rails/auth/devise.rb +4 -4
  17. data/lib/tcell_agent/rails/better_ip.rb +36 -0
  18. data/lib/tcell_agent/rails/csrf_exception.rb +30 -0
  19. data/lib/tcell_agent/rails/dlp.rb +38 -76
  20. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +5 -5
  21. data/lib/tcell_agent/rails/middleware/context_middleware.rb +6 -4
  22. data/lib/tcell_agent/rails/middleware/global_middleware.rb +7 -7
  23. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +15 -15
  24. data/lib/tcell_agent/rails/path_parameters_setter.rb +43 -0
  25. data/lib/tcell_agent/rails/routes.rb +4 -4
  26. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +11 -6
  27. data/lib/tcell_agent/version.rb +1 -1
  28. data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +165 -0
  29. data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +432 -0
  30. data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
  31. data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +99 -24
  32. data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +4 -4
  33. data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +156 -0
  34. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +175 -0
  35. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +79 -0
  36. data/spec/lib/tcell_agent/rails/better_ip_spec.rb +76 -0
  37. metadata +16 -2
@@ -0,0 +1,47 @@
1
+ require 'tcell_agent/policies/appsensor/sensor'
2
+
3
+ module TCellAgent
4
+ module Policies
5
+
6
+ class UserAgentSensor < Sensor
7
+ DP_CODE = "uaempty"
8
+
9
+ attr_accessor :enabled, :empty_enabled, :excluded_route_ids
10
+
11
+ def initialize(policy_json=nil)
12
+ @enabled = false
13
+ @empty_enabled = false
14
+ @excluded_route_ids = {}
15
+
16
+ if policy_json
17
+ @enabled = policy_json.fetch("enabled", false)
18
+ @empty_enabled = policy_json.fetch("empty_enabled", false)
19
+
20
+ policy_json.fetch("exclude_routes", []).each do |excluded_route|
21
+ @excluded_route_ids[excluded_route] = true
22
+ end
23
+ end
24
+ end
25
+
26
+ def check(appsensor_meta)
27
+ return unless @enabled && @empty_enabled
28
+
29
+ return if @excluded_route_ids.fetch(appsensor_meta.route_id, false)
30
+
31
+ user_agent = appsensor_meta.user_agent
32
+ if !user_agent || user_agent.strip == ""
33
+ send_event(
34
+ appsensor_meta,
35
+ DP_CODE,
36
+ nil,
37
+ nil)
38
+ end
39
+ end
40
+
41
+ def to_s
42
+ "<#{self.class.name} enabled: #{@enabled} empty_enabled: #{@empty_enabled} dp_code: #{DP_CODE}>"
43
+ end
44
+ end
45
+
46
+ end
47
+ end
@@ -1,13 +1,16 @@
1
1
  require 'tcell_agent/instrumentation'
2
+ require 'tcell_agent/policies/appsensor/cmdi_sensor'
3
+ require 'tcell_agent/policies/appsensor/database_sensor'
4
+ require 'tcell_agent/policies/appsensor/fpt_sensor'
2
5
  require 'tcell_agent/policies/appsensor/login_sensor'
6
+ require 'tcell_agent/policies/appsensor/misc_sensor'
7
+ require 'tcell_agent/policies/appsensor/nullbyte_sensor'
3
8
  require 'tcell_agent/policies/appsensor/request_size_sensor'
4
9
  require 'tcell_agent/policies/appsensor/response_codes_sensor'
5
10
  require 'tcell_agent/policies/appsensor/response_size_sensor'
6
- require 'tcell_agent/policies/appsensor/cmdi_sensor'
7
- require 'tcell_agent/policies/appsensor/fpt_sensor'
8
- require 'tcell_agent/policies/appsensor/nullbyte_sensor'
9
11
  require 'tcell_agent/policies/appsensor/retr_sensor'
10
12
  require 'tcell_agent/policies/appsensor/sqli_sensor'
13
+ require 'tcell_agent/policies/appsensor/user_agent_sensor'
11
14
  require 'tcell_agent/policies/appsensor/xss_sensor'
12
15
 
13
16
 
@@ -25,7 +28,10 @@ module TCellAgent
25
28
  "fpt",
26
29
  "null",
27
30
  "retr",
28
- "login_failure"]
31
+ "login_failure",
32
+ "ua",
33
+ "errors",
34
+ "database"]
29
35
 
30
36
  DETECTION_POINTS_V2 = {
31
37
  "req_size" => RequestSizeSensor,
@@ -37,7 +43,11 @@ module TCellAgent
37
43
  "fpt" => FptSensor,
38
44
  "nullbyte" => NullbyteSensor,
39
45
  "retr" => RetrSensor,
40
- "login" => LoginSensor}
46
+ "login" => LoginSensor,
47
+ "ua" => UserAgentSensor,
48
+ "errors" => MiscSensor,
49
+ "database" => DatabaseSensor
50
+ }
41
51
 
42
52
  attr_accessor :policy_id, :options, :enabled
43
53
 
@@ -56,6 +66,16 @@ module TCellAgent
56
66
  check_params_for_injections(appsensor_meta)
57
67
  end
58
68
 
69
+ def process_db_rows(tcell_data, number_of_records)
70
+ return unless @enabled
71
+
72
+ TCellAgent::Instrumentation.safe_block("AppSensor Testing Number of DB Rows") do
73
+ if self.options.has_key?("database")
74
+ self.options["database"].check(tcell_data, number_of_records)
75
+ end
76
+ end
77
+ end
78
+
59
79
  def check_request_size(appsensor_meta)
60
80
  TCellAgent::Instrumentation.safe_block("AppSensor Testing Response Size") do
61
81
  if self.options.has_key?("req_size")
@@ -98,6 +118,20 @@ module TCellAgent
98
118
  end
99
119
 
100
120
  def check_params_for_injections(appsensor_meta)
121
+ path_param_type =
122
+ if (appsensor_meta.method || "get").to_s.downcase == "get"
123
+ InjectionSensor::GET_PARAM
124
+ else
125
+ InjectionSensor::POST_PARAM
126
+ end
127
+
128
+ (appsensor_meta.path_parameters || {}).each do |param_name, param_value|
129
+ TCellAgent::Instrumentation.safe_block("AppSensor Check Path Params injections") do
130
+ next if param_name == :controller || param_name == :action
131
+ check_param_for_injections(path_param_type, appsensor_meta, param_name.to_s, param_value)
132
+ end
133
+ end
134
+
101
135
  (appsensor_meta.get_dict || {}).each do |param_name, param_value|
102
136
  TCellAgent::Instrumentation.safe_block("AppSensor Check GET var injections") do
103
137
  check_param_for_injections(InjectionSensor::GET_PARAM, appsensor_meta, param_name, param_value)
@@ -123,8 +157,25 @@ module TCellAgent
123
157
  end
124
158
  end
125
159
 
160
+ def csrf_rejected(tcell_data)
161
+ TCellAgent::Instrumentation.safe_block("AppSensor CSRF Exception processing") do
162
+ if self.options.has_key?("errors")
163
+ self.options["errors"].csrf_rejected(tcell_data)
164
+ end
165
+ end
166
+ end
167
+
168
+ def sql_exception_detected(tcell_data, exception)
169
+ TCellAgent::Instrumentation.safe_block("AppSensor SQL Exception processing") do
170
+ if self.options.has_key?("errors")
171
+ self.options["errors"].sql_exception_detected(tcell_data, exception)
172
+ end
173
+ end
174
+ end
175
+
126
176
  def self.from_json(policy_json)
127
177
  return nil unless policy_json
178
+ policy_json = policy_json.deep_dup
128
179
 
129
180
  sensor_policy = AppSensorPolicy.new
130
181
  if policy_json.has_key?("policy_id")
@@ -193,6 +244,18 @@ module TCellAgent
193
244
  enabled = options_json.fetch(sensor_name, false)
194
245
  sensor_policy.options["login"] = LoginSensor.new({"enabled" => enabled})
195
246
 
247
+ elsif "ua" == sensor_name
248
+ sensor_policy.options[sensor_name] = UserAgentSensor.new({
249
+ "enabled" => false, "empty_enabled" => false
250
+ })
251
+
252
+ elsif "errors" == sensor_name
253
+ sensor_policy.options[sensor_name] = MiscSensor.new({
254
+ "enabled" => false,
255
+ "csrf_exception_enabled" => false,
256
+ "sql_exception_enabled" => false
257
+ })
258
+
196
259
  else
197
260
  enabled = options_json.fetch(sensor_name, false)
198
261
  clazz = DETECTION_POINTS_V2[sensor_name]
@@ -11,8 +11,8 @@ module TCellAgent
11
11
  @blocked_ips = {}
12
12
  end
13
13
 
14
- def block_ip?(request)
15
- @ip_blocking_enabled && @blocked_ips[request.ip]
14
+ def block_ip?(ip_address)
15
+ @ip_blocking_enabled && @blocked_ips[ip_address]
16
16
  end
17
17
 
18
18
  def self.from_json(policy_json)
@@ -9,6 +9,7 @@ require 'tcell_agent/sensor_events/server_agent'
9
9
  require 'tcell_agent/sensor_events/util/sanitizer_utilities'
10
10
  require 'tcell_agent/sensor_events/util/redirect_utils'
11
11
 
12
+ require 'tcell_agent/rails/better_ip'
12
13
  require 'tcell_agent/rails/middleware/global_middleware'
13
14
  require 'tcell_agent/rails/middleware/body_filter_middleware'
14
15
  require 'tcell_agent/rails/middleware/headers_middleware'
@@ -16,6 +17,7 @@ require 'tcell_agent/rails/middleware/context_middleware'
16
17
 
17
18
  require 'tcell_agent/rails/settings_reporter'
18
19
  require 'tcell_agent/rails/dlp'
20
+ require 'tcell_agent/rails/csrf_exception'
19
21
 
20
22
 
21
23
  require 'tcell_agent/userinfo'
@@ -30,6 +32,7 @@ module TCellAgent
30
32
  require 'tcell_agent/rails/auth/devise' if defined?(Devise)
31
33
  require 'tcell_agent/authlogic' if defined?(Authlogic)
32
34
  require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
35
+ require 'tcell_agent/rails/path_parameters_setter'
33
36
  end
34
37
  app.config.middleware.insert_before(0, "TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware")
35
38
  app.config.middleware.insert_after(0, "TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware")
@@ -30,7 +30,7 @@ module TCellAgent
30
30
  if (login_fraud_policy.login_failed_enabled)
31
31
  request = Authlogic::Session::Base.controller.request
32
32
  response = Authlogic::Session::Base.controller.response
33
- hmac_session_id = request.env["tcell.request_data"].hmac_session_id
33
+ hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
34
34
  event = TCellAgent::SensorEvents::LoginFailure.new(request, response, user_id, hmac_session_id)
35
35
  TCellAgent.send_event(event)
36
36
  end
@@ -38,7 +38,7 @@ module TCellAgent
38
38
  if (login_fraud_policy.login_success_enabled)
39
39
  request = Authlogic::Session::Base.controller.request
40
40
  response = Authlogic::Session::Base.controller.response
41
- hmac_session_id = request.env["tcell.request_data"].hmac_session_id
41
+ hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
42
42
  event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
43
43
  TCellAgent.send_event(event)
44
44
  end
@@ -22,9 +22,9 @@ module TCellAgent
22
22
  tcell_username = _get_tcell_username
23
23
  login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
24
24
  if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_success_enabled)
25
- hmac_session_id = request.env["tcell.request_data"].hmac_session_id
26
- request.env["tcell.request_data"].user_id = TCellAgent::UserInformation.getUserFromRequest(request)
27
- user_id = tcell_username || request.env["tcell.request_data"].user_id
25
+ hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
26
+ request.env[TCellAgent::Instrumentation::TCELL_ID].user_id = TCellAgent::UserInformation.getUserFromRequest(request)
27
+ user_id = tcell_username || request.env[TCellAgent::Instrumentation::TCELL_ID].user_id
28
28
  event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
29
29
  TCellAgent.send_event(event)
30
30
  end
@@ -58,7 +58,7 @@ module TCellAgent
58
58
  login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
59
59
  if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_failed_enabled)
60
60
  if failed_login?
61
- hmac_session_id = request.env["tcell.request_data"].hmac_session_id
61
+ hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
62
62
  event = TCellAgent::SensorEvents::LoginFailure.new(request, response, tcell_username, hmac_session_id)
63
63
  TCellAgent.send_event(event)
64
64
  end
@@ -0,0 +1,36 @@
1
+ require "tcell_agent/utils/strings"
2
+ require 'tcell_agent/instrumentation'
3
+
4
+
5
+ module TCellAgent
6
+ module Utils
7
+ module Rails
8
+
9
+ def self.better_ip(request)
10
+ if TCellAgent.configuration.reverse_proxy
11
+ TCellAgent::Instrumentation.safe_block("Extracting reverse proxy IP") do
12
+ reverse_proxy_header = TCellAgent.configuration.reverse_proxy_ip_address_header
13
+ if TCellAgent::Utils::Strings.present?(reverse_proxy_header)
14
+ reverse_proxy_header = "HTTP_" + reverse_proxy_header.upcase().gsub('-','_')
15
+ else
16
+ reverse_proxy_header = "HTTP_X_FORWARDED_FOR"
17
+ end
18
+
19
+ x_forwarded_for = request.env[reverse_proxy_header]
20
+
21
+ if TCellAgent::Utils::Strings.present?(x_forwarded_for)
22
+ ip = x_forwarded_for.split(',')[0].strip()
23
+ else
24
+ ip = request.ip
25
+ end
26
+
27
+ return ip
28
+ end
29
+ end
30
+
31
+ request.ip
32
+ end
33
+
34
+ end
35
+ end
36
+ end
@@ -0,0 +1,30 @@
1
+ require 'tcell_agent/instrumentation'
2
+
3
+ module TCellAgent
4
+ class MyRailtie < Rails::Railtie
5
+
6
+ initializer "tcell.sensors" do |app|
7
+ ActiveSupport.on_load :action_controller do
8
+
9
+ ActionController::RequestForgeryProtection.module_eval do
10
+ alias_method :tcell_handle_unverified_request, :handle_unverified_request
11
+ def handle_unverified_request
12
+ TCellAgent::Instrumentation.safe_block("AppSensor CSRF Exception processing") do
13
+ appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
14
+ if appsensor_policy
15
+ tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
16
+ if tcell_data
17
+ appsensor_policy.csrf_rejected(tcell_data)
18
+ end
19
+ end
20
+ end
21
+
22
+ tcell_handle_unverified_request
23
+ end
24
+ end
25
+
26
+ end
27
+ end
28
+
29
+ end
30
+ end
@@ -22,31 +22,12 @@ require 'tcell_agent/rails/middleware/context_middleware'
22
22
  require 'tcell_agent/rails/routes'
23
23
  require 'tcell_agent/rails/settings_reporter'
24
24
 
25
+ require 'tcell_agent/instrumentation'
26
+
25
27
  require 'tcell_agent/userinfo'
26
28
  require 'cgi'
27
29
  require 'thread'
28
30
 
29
- # if defined?(SQLite3)
30
- # require 'active_record/connection_adapters/sqlite3_adapter'
31
- # ActiveRecord::ConnectionAdapters::SQLite3Adapter.class_eval do
32
- # alias_method :original_exec, :exec_query
33
- # def exec_query(sql, name = nil, binds = [])
34
- # puts "----v----"
35
- # puts sql
36
- # puts name
37
- # puts binds
38
- # puts "----^----"
39
- # result = original_exec(sql, name, binds)
40
- # puts result.inspect
41
- # puts ";-----------------------;"
42
- # result
43
- # end
44
- # def postgresql_version
45
- # 80200
46
- # end
47
- # end
48
- # end
49
-
50
31
  require 'tcell_agent/configuration'
51
32
 
52
33
 
@@ -55,50 +36,25 @@ module TCellAgent
55
36
  initializer 'activeservice.autoload', :after => :set_autoload_paths do |app|
56
37
 
57
38
  if defined?(ActiveRecord)
58
- #ActiveRecord::Calculations.module_eval do
59
- #alias_method :tcell_pluck, :pluck
60
- #def pluck(*column_names)
61
- #puts "PLUCK"
62
- #puts table
63
- #puts model
64
- #puts column_names
65
- #tcell_pluck(*column_names)
66
- #end
67
- #end
68
-
69
- #ActiveRecord::Relation.class_eval do
70
- #alias_method :tcell_exec_queries, :exec_queries
71
- #def exec_queries
72
- #puts "RELATION"
73
- #results = tcell_exec_queries
74
-
75
- #results
76
- #end
77
- #end
78
-
79
- #ActiveRecord::Scoping::Default::ClassMethods.module_eval do
80
- #alias_method :tcell_build_default_scope, :build_default_scope
81
- #def build_default_scope(base_rel = relation)
82
- ##puts base_rel.inspect
83
- #tcell_build_default_scope
84
- #end
85
- #end
86
-
87
- #ActiveRecord::Scoping::Named::ClassMethods.module_eval do
88
- #alias_method :tcell_default_scoped, :default_scoped
89
- #def default_scoped
90
- #tcell_default_scoped
91
- #end
92
- #end
93
-
94
- #ActiveRecord::ConnectionAdapters::PostgreSQL::DatabaseStatements.module_eval do
95
- #alias_method :tcell_execute, :execute
96
- #def execute(sql, name = nil)
97
- #pus caller
98
-
99
- #tcell_execute(sql, name)
100
- #end
101
- #end
39
+ ActiveRecord::ConnectionAdapters::AbstractAdapter.class_eval do
40
+ alias_method :tcell_translate_exception, :translate_exception
41
+ def translate_exception(e, message)
42
+ result = tcell_translate_exception(e, message)
43
+
44
+ TCellAgent::Instrumentation.safe_block("Call AppSensorPolicy.sql_exception_detected") do
45
+ appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
46
+ if appsensor_policy
47
+ request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
48
+ tcell_data = request_env[TCellAgent::Instrumentation::TCELL_ID]
49
+ if tcell_data && e.is_a?(ActiveRecord::StatementInvalid)
50
+ appsensor_policy.sql_exception_detected(tcell_data, result)
51
+ end
52
+ end
53
+ end
54
+
55
+ result
56
+ end
57
+ end
102
58
 
103
59
  ActiveRecord::Querying.module_eval do
104
60
 
@@ -114,20 +70,29 @@ module TCellAgent
114
70
  TCellAgent.configuration.should_intercept_requests?
115
71
 
116
72
  dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
73
+ appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
117
74
 
118
- if dlp_policy
119
- request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
75
+ if dlp_policy || appsensor_policy
76
+ request_env =
77
+ TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
78
+ tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
120
79
 
121
- if request_env
122
- tcell_context = request_env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
80
+ if tcell_context
81
+ if appsensor_policy
82
+ appsensor_policy.process_db_rows(tcell_context, results.size)
83
+ end
123
84
 
124
- if tcell_context
85
+ if dlp_policy
125
86
  first_record = results.first
126
87
  database_name = first_record.class.connection_config().fetch(:database,"*").split('/').last
127
88
  model = first_record.class
128
89
  column_names = model.columns.map { |col| col.name }
129
90
  table_name = model.table_name
130
91
 
92
+ if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
93
+ TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
94
+ end
95
+
131
96
  if dlp_policy.database_discovery_enabled
132
97
  TCellAgent.discover_database_fields(
133
98
  tcell_context.route_id,
@@ -150,10 +115,6 @@ module TCellAgent
150
115
  memo
151
116
  end
152
117
 
153
- if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
154
- TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
155
- end
156
-
157
118
  results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |record|
158
119
  column_name_to_rules.each do |column_name, rules|
159
120
  if rules
@@ -171,6 +132,7 @@ module TCellAgent
171
132
  end
172
133
  end
173
134
  end
135
+
174
136
  end
175
137
  end
176
138
  end
@@ -294,7 +256,7 @@ module TCellAgent
294
256
  TCellAgent.configuration.should_intercept_requests?
295
257
 
296
258
  TCellAgent::Instrumentation.safe_block("Running DLP Logging Filters") {
297
- tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
259
+ tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
298
260
  if tcell_context
299
261
  response.body = tcell_context.filter_body(response.body)
300
262
  end
@@ -330,7 +292,7 @@ class Logger
330
292
  dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
331
293
  request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
332
294
  if message && dlp_policy && request_env
333
- tcell_context = request_env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
295
+ tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
334
296
  if tcell_context
335
297
  tcell_context.filter_log(message)
336
298
  end