tcell_agent 0.2.18 → 0.2.19
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +11 -0
- data/lib/tcell_agent/configuration.rb +8 -1
- data/lib/tcell_agent/instrumentation.rb +14 -10
- data/lib/tcell_agent/logger.rb +23 -23
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +61 -0
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +10 -2
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +66 -0
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +11 -3
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +6 -5
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +47 -0
- data/lib/tcell_agent/policies/appsensor_policy.rb +68 -5
- data/lib/tcell_agent/policies/patches_policy.rb +2 -2
- data/lib/tcell_agent/rails.rb +3 -0
- data/lib/tcell_agent/rails/auth/authlogic.rb +2 -2
- data/lib/tcell_agent/rails/auth/devise.rb +4 -4
- data/lib/tcell_agent/rails/better_ip.rb +36 -0
- data/lib/tcell_agent/rails/csrf_exception.rb +30 -0
- data/lib/tcell_agent/rails/dlp.rb +38 -76
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +5 -5
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +6 -4
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +7 -7
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +15 -15
- data/lib/tcell_agent/rails/path_parameters_setter.rb +43 -0
- data/lib/tcell_agent/rails/routes.rb +4 -4
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +11 -6
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +165 -0
- data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +432 -0
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +99 -24
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +156 -0
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +175 -0
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +79 -0
- data/spec/lib/tcell_agent/rails/better_ip_spec.rb +76 -0
- metadata +16 -2
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'tcell_agent/policies/appsensor/sensor'
|
2
|
+
|
3
|
+
module TCellAgent
|
4
|
+
module Policies
|
5
|
+
|
6
|
+
class UserAgentSensor < Sensor
|
7
|
+
DP_CODE = "uaempty"
|
8
|
+
|
9
|
+
attr_accessor :enabled, :empty_enabled, :excluded_route_ids
|
10
|
+
|
11
|
+
def initialize(policy_json=nil)
|
12
|
+
@enabled = false
|
13
|
+
@empty_enabled = false
|
14
|
+
@excluded_route_ids = {}
|
15
|
+
|
16
|
+
if policy_json
|
17
|
+
@enabled = policy_json.fetch("enabled", false)
|
18
|
+
@empty_enabled = policy_json.fetch("empty_enabled", false)
|
19
|
+
|
20
|
+
policy_json.fetch("exclude_routes", []).each do |excluded_route|
|
21
|
+
@excluded_route_ids[excluded_route] = true
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def check(appsensor_meta)
|
27
|
+
return unless @enabled && @empty_enabled
|
28
|
+
|
29
|
+
return if @excluded_route_ids.fetch(appsensor_meta.route_id, false)
|
30
|
+
|
31
|
+
user_agent = appsensor_meta.user_agent
|
32
|
+
if !user_agent || user_agent.strip == ""
|
33
|
+
send_event(
|
34
|
+
appsensor_meta,
|
35
|
+
DP_CODE,
|
36
|
+
nil,
|
37
|
+
nil)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def to_s
|
42
|
+
"<#{self.class.name} enabled: #{@enabled} empty_enabled: #{@empty_enabled} dp_code: #{DP_CODE}>"
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
end
|
47
|
+
end
|
@@ -1,13 +1,16 @@
|
|
1
1
|
require 'tcell_agent/instrumentation'
|
2
|
+
require 'tcell_agent/policies/appsensor/cmdi_sensor'
|
3
|
+
require 'tcell_agent/policies/appsensor/database_sensor'
|
4
|
+
require 'tcell_agent/policies/appsensor/fpt_sensor'
|
2
5
|
require 'tcell_agent/policies/appsensor/login_sensor'
|
6
|
+
require 'tcell_agent/policies/appsensor/misc_sensor'
|
7
|
+
require 'tcell_agent/policies/appsensor/nullbyte_sensor'
|
3
8
|
require 'tcell_agent/policies/appsensor/request_size_sensor'
|
4
9
|
require 'tcell_agent/policies/appsensor/response_codes_sensor'
|
5
10
|
require 'tcell_agent/policies/appsensor/response_size_sensor'
|
6
|
-
require 'tcell_agent/policies/appsensor/cmdi_sensor'
|
7
|
-
require 'tcell_agent/policies/appsensor/fpt_sensor'
|
8
|
-
require 'tcell_agent/policies/appsensor/nullbyte_sensor'
|
9
11
|
require 'tcell_agent/policies/appsensor/retr_sensor'
|
10
12
|
require 'tcell_agent/policies/appsensor/sqli_sensor'
|
13
|
+
require 'tcell_agent/policies/appsensor/user_agent_sensor'
|
11
14
|
require 'tcell_agent/policies/appsensor/xss_sensor'
|
12
15
|
|
13
16
|
|
@@ -25,7 +28,10 @@ module TCellAgent
|
|
25
28
|
"fpt",
|
26
29
|
"null",
|
27
30
|
"retr",
|
28
|
-
"login_failure"
|
31
|
+
"login_failure",
|
32
|
+
"ua",
|
33
|
+
"errors",
|
34
|
+
"database"]
|
29
35
|
|
30
36
|
DETECTION_POINTS_V2 = {
|
31
37
|
"req_size" => RequestSizeSensor,
|
@@ -37,7 +43,11 @@ module TCellAgent
|
|
37
43
|
"fpt" => FptSensor,
|
38
44
|
"nullbyte" => NullbyteSensor,
|
39
45
|
"retr" => RetrSensor,
|
40
|
-
"login" => LoginSensor
|
46
|
+
"login" => LoginSensor,
|
47
|
+
"ua" => UserAgentSensor,
|
48
|
+
"errors" => MiscSensor,
|
49
|
+
"database" => DatabaseSensor
|
50
|
+
}
|
41
51
|
|
42
52
|
attr_accessor :policy_id, :options, :enabled
|
43
53
|
|
@@ -56,6 +66,16 @@ module TCellAgent
|
|
56
66
|
check_params_for_injections(appsensor_meta)
|
57
67
|
end
|
58
68
|
|
69
|
+
def process_db_rows(tcell_data, number_of_records)
|
70
|
+
return unless @enabled
|
71
|
+
|
72
|
+
TCellAgent::Instrumentation.safe_block("AppSensor Testing Number of DB Rows") do
|
73
|
+
if self.options.has_key?("database")
|
74
|
+
self.options["database"].check(tcell_data, number_of_records)
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
59
79
|
def check_request_size(appsensor_meta)
|
60
80
|
TCellAgent::Instrumentation.safe_block("AppSensor Testing Response Size") do
|
61
81
|
if self.options.has_key?("req_size")
|
@@ -98,6 +118,20 @@ module TCellAgent
|
|
98
118
|
end
|
99
119
|
|
100
120
|
def check_params_for_injections(appsensor_meta)
|
121
|
+
path_param_type =
|
122
|
+
if (appsensor_meta.method || "get").to_s.downcase == "get"
|
123
|
+
InjectionSensor::GET_PARAM
|
124
|
+
else
|
125
|
+
InjectionSensor::POST_PARAM
|
126
|
+
end
|
127
|
+
|
128
|
+
(appsensor_meta.path_parameters || {}).each do |param_name, param_value|
|
129
|
+
TCellAgent::Instrumentation.safe_block("AppSensor Check Path Params injections") do
|
130
|
+
next if param_name == :controller || param_name == :action
|
131
|
+
check_param_for_injections(path_param_type, appsensor_meta, param_name.to_s, param_value)
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
101
135
|
(appsensor_meta.get_dict || {}).each do |param_name, param_value|
|
102
136
|
TCellAgent::Instrumentation.safe_block("AppSensor Check GET var injections") do
|
103
137
|
check_param_for_injections(InjectionSensor::GET_PARAM, appsensor_meta, param_name, param_value)
|
@@ -123,8 +157,25 @@ module TCellAgent
|
|
123
157
|
end
|
124
158
|
end
|
125
159
|
|
160
|
+
def csrf_rejected(tcell_data)
|
161
|
+
TCellAgent::Instrumentation.safe_block("AppSensor CSRF Exception processing") do
|
162
|
+
if self.options.has_key?("errors")
|
163
|
+
self.options["errors"].csrf_rejected(tcell_data)
|
164
|
+
end
|
165
|
+
end
|
166
|
+
end
|
167
|
+
|
168
|
+
def sql_exception_detected(tcell_data, exception)
|
169
|
+
TCellAgent::Instrumentation.safe_block("AppSensor SQL Exception processing") do
|
170
|
+
if self.options.has_key?("errors")
|
171
|
+
self.options["errors"].sql_exception_detected(tcell_data, exception)
|
172
|
+
end
|
173
|
+
end
|
174
|
+
end
|
175
|
+
|
126
176
|
def self.from_json(policy_json)
|
127
177
|
return nil unless policy_json
|
178
|
+
policy_json = policy_json.deep_dup
|
128
179
|
|
129
180
|
sensor_policy = AppSensorPolicy.new
|
130
181
|
if policy_json.has_key?("policy_id")
|
@@ -193,6 +244,18 @@ module TCellAgent
|
|
193
244
|
enabled = options_json.fetch(sensor_name, false)
|
194
245
|
sensor_policy.options["login"] = LoginSensor.new({"enabled" => enabled})
|
195
246
|
|
247
|
+
elsif "ua" == sensor_name
|
248
|
+
sensor_policy.options[sensor_name] = UserAgentSensor.new({
|
249
|
+
"enabled" => false, "empty_enabled" => false
|
250
|
+
})
|
251
|
+
|
252
|
+
elsif "errors" == sensor_name
|
253
|
+
sensor_policy.options[sensor_name] = MiscSensor.new({
|
254
|
+
"enabled" => false,
|
255
|
+
"csrf_exception_enabled" => false,
|
256
|
+
"sql_exception_enabled" => false
|
257
|
+
})
|
258
|
+
|
196
259
|
else
|
197
260
|
enabled = options_json.fetch(sensor_name, false)
|
198
261
|
clazz = DETECTION_POINTS_V2[sensor_name]
|
data/lib/tcell_agent/rails.rb
CHANGED
@@ -9,6 +9,7 @@ require 'tcell_agent/sensor_events/server_agent'
|
|
9
9
|
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
10
10
|
require 'tcell_agent/sensor_events/util/redirect_utils'
|
11
11
|
|
12
|
+
require 'tcell_agent/rails/better_ip'
|
12
13
|
require 'tcell_agent/rails/middleware/global_middleware'
|
13
14
|
require 'tcell_agent/rails/middleware/body_filter_middleware'
|
14
15
|
require 'tcell_agent/rails/middleware/headers_middleware'
|
@@ -16,6 +17,7 @@ require 'tcell_agent/rails/middleware/context_middleware'
|
|
16
17
|
|
17
18
|
require 'tcell_agent/rails/settings_reporter'
|
18
19
|
require 'tcell_agent/rails/dlp'
|
20
|
+
require 'tcell_agent/rails/csrf_exception'
|
19
21
|
|
20
22
|
|
21
23
|
require 'tcell_agent/userinfo'
|
@@ -30,6 +32,7 @@ module TCellAgent
|
|
30
32
|
require 'tcell_agent/rails/auth/devise' if defined?(Devise)
|
31
33
|
require 'tcell_agent/authlogic' if defined?(Authlogic)
|
32
34
|
require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
|
35
|
+
require 'tcell_agent/rails/path_parameters_setter'
|
33
36
|
end
|
34
37
|
app.config.middleware.insert_before(0, "TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware")
|
35
38
|
app.config.middleware.insert_after(0, "TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware")
|
@@ -30,7 +30,7 @@ module TCellAgent
|
|
30
30
|
if (login_fraud_policy.login_failed_enabled)
|
31
31
|
request = Authlogic::Session::Base.controller.request
|
32
32
|
response = Authlogic::Session::Base.controller.response
|
33
|
-
hmac_session_id = request.env[
|
33
|
+
hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
34
34
|
event = TCellAgent::SensorEvents::LoginFailure.new(request, response, user_id, hmac_session_id)
|
35
35
|
TCellAgent.send_event(event)
|
36
36
|
end
|
@@ -38,7 +38,7 @@ module TCellAgent
|
|
38
38
|
if (login_fraud_policy.login_success_enabled)
|
39
39
|
request = Authlogic::Session::Base.controller.request
|
40
40
|
response = Authlogic::Session::Base.controller.response
|
41
|
-
hmac_session_id = request.env[
|
41
|
+
hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
42
42
|
event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
|
43
43
|
TCellAgent.send_event(event)
|
44
44
|
end
|
@@ -22,9 +22,9 @@ module TCellAgent
|
|
22
22
|
tcell_username = _get_tcell_username
|
23
23
|
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
24
24
|
if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_success_enabled)
|
25
|
-
hmac_session_id = request.env[
|
26
|
-
request.env[
|
27
|
-
user_id = tcell_username || request.env[
|
25
|
+
hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
26
|
+
request.env[TCellAgent::Instrumentation::TCELL_ID].user_id = TCellAgent::UserInformation.getUserFromRequest(request)
|
27
|
+
user_id = tcell_username || request.env[TCellAgent::Instrumentation::TCELL_ID].user_id
|
28
28
|
event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
|
29
29
|
TCellAgent.send_event(event)
|
30
30
|
end
|
@@ -58,7 +58,7 @@ module TCellAgent
|
|
58
58
|
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
59
59
|
if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_failed_enabled)
|
60
60
|
if failed_login?
|
61
|
-
hmac_session_id = request.env[
|
61
|
+
hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
62
62
|
event = TCellAgent::SensorEvents::LoginFailure.new(request, response, tcell_username, hmac_session_id)
|
63
63
|
TCellAgent.send_event(event)
|
64
64
|
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
require "tcell_agent/utils/strings"
|
2
|
+
require 'tcell_agent/instrumentation'
|
3
|
+
|
4
|
+
|
5
|
+
module TCellAgent
|
6
|
+
module Utils
|
7
|
+
module Rails
|
8
|
+
|
9
|
+
def self.better_ip(request)
|
10
|
+
if TCellAgent.configuration.reverse_proxy
|
11
|
+
TCellAgent::Instrumentation.safe_block("Extracting reverse proxy IP") do
|
12
|
+
reverse_proxy_header = TCellAgent.configuration.reverse_proxy_ip_address_header
|
13
|
+
if TCellAgent::Utils::Strings.present?(reverse_proxy_header)
|
14
|
+
reverse_proxy_header = "HTTP_" + reverse_proxy_header.upcase().gsub('-','_')
|
15
|
+
else
|
16
|
+
reverse_proxy_header = "HTTP_X_FORWARDED_FOR"
|
17
|
+
end
|
18
|
+
|
19
|
+
x_forwarded_for = request.env[reverse_proxy_header]
|
20
|
+
|
21
|
+
if TCellAgent::Utils::Strings.present?(x_forwarded_for)
|
22
|
+
ip = x_forwarded_for.split(',')[0].strip()
|
23
|
+
else
|
24
|
+
ip = request.ip
|
25
|
+
end
|
26
|
+
|
27
|
+
return ip
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
request.ip
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require 'tcell_agent/instrumentation'
|
2
|
+
|
3
|
+
module TCellAgent
|
4
|
+
class MyRailtie < Rails::Railtie
|
5
|
+
|
6
|
+
initializer "tcell.sensors" do |app|
|
7
|
+
ActiveSupport.on_load :action_controller do
|
8
|
+
|
9
|
+
ActionController::RequestForgeryProtection.module_eval do
|
10
|
+
alias_method :tcell_handle_unverified_request, :handle_unverified_request
|
11
|
+
def handle_unverified_request
|
12
|
+
TCellAgent::Instrumentation.safe_block("AppSensor CSRF Exception processing") do
|
13
|
+
appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
|
14
|
+
if appsensor_policy
|
15
|
+
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
16
|
+
if tcell_data
|
17
|
+
appsensor_policy.csrf_rejected(tcell_data)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
tcell_handle_unverified_request
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
30
|
+
end
|
@@ -22,31 +22,12 @@ require 'tcell_agent/rails/middleware/context_middleware'
|
|
22
22
|
require 'tcell_agent/rails/routes'
|
23
23
|
require 'tcell_agent/rails/settings_reporter'
|
24
24
|
|
25
|
+
require 'tcell_agent/instrumentation'
|
26
|
+
|
25
27
|
require 'tcell_agent/userinfo'
|
26
28
|
require 'cgi'
|
27
29
|
require 'thread'
|
28
30
|
|
29
|
-
# if defined?(SQLite3)
|
30
|
-
# require 'active_record/connection_adapters/sqlite3_adapter'
|
31
|
-
# ActiveRecord::ConnectionAdapters::SQLite3Adapter.class_eval do
|
32
|
-
# alias_method :original_exec, :exec_query
|
33
|
-
# def exec_query(sql, name = nil, binds = [])
|
34
|
-
# puts "----v----"
|
35
|
-
# puts sql
|
36
|
-
# puts name
|
37
|
-
# puts binds
|
38
|
-
# puts "----^----"
|
39
|
-
# result = original_exec(sql, name, binds)
|
40
|
-
# puts result.inspect
|
41
|
-
# puts ";-----------------------;"
|
42
|
-
# result
|
43
|
-
# end
|
44
|
-
# def postgresql_version
|
45
|
-
# 80200
|
46
|
-
# end
|
47
|
-
# end
|
48
|
-
# end
|
49
|
-
|
50
31
|
require 'tcell_agent/configuration'
|
51
32
|
|
52
33
|
|
@@ -55,50 +36,25 @@ module TCellAgent
|
|
55
36
|
initializer 'activeservice.autoload', :after => :set_autoload_paths do |app|
|
56
37
|
|
57
38
|
if defined?(ActiveRecord)
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
#end
|
78
|
-
|
79
|
-
#ActiveRecord::Scoping::Default::ClassMethods.module_eval do
|
80
|
-
#alias_method :tcell_build_default_scope, :build_default_scope
|
81
|
-
#def build_default_scope(base_rel = relation)
|
82
|
-
##puts base_rel.inspect
|
83
|
-
#tcell_build_default_scope
|
84
|
-
#end
|
85
|
-
#end
|
86
|
-
|
87
|
-
#ActiveRecord::Scoping::Named::ClassMethods.module_eval do
|
88
|
-
#alias_method :tcell_default_scoped, :default_scoped
|
89
|
-
#def default_scoped
|
90
|
-
#tcell_default_scoped
|
91
|
-
#end
|
92
|
-
#end
|
93
|
-
|
94
|
-
#ActiveRecord::ConnectionAdapters::PostgreSQL::DatabaseStatements.module_eval do
|
95
|
-
#alias_method :tcell_execute, :execute
|
96
|
-
#def execute(sql, name = nil)
|
97
|
-
#pus caller
|
98
|
-
|
99
|
-
#tcell_execute(sql, name)
|
100
|
-
#end
|
101
|
-
#end
|
39
|
+
ActiveRecord::ConnectionAdapters::AbstractAdapter.class_eval do
|
40
|
+
alias_method :tcell_translate_exception, :translate_exception
|
41
|
+
def translate_exception(e, message)
|
42
|
+
result = tcell_translate_exception(e, message)
|
43
|
+
|
44
|
+
TCellAgent::Instrumentation.safe_block("Call AppSensorPolicy.sql_exception_detected") do
|
45
|
+
appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
|
46
|
+
if appsensor_policy
|
47
|
+
request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
|
48
|
+
tcell_data = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
49
|
+
if tcell_data && e.is_a?(ActiveRecord::StatementInvalid)
|
50
|
+
appsensor_policy.sql_exception_detected(tcell_data, result)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
result
|
56
|
+
end
|
57
|
+
end
|
102
58
|
|
103
59
|
ActiveRecord::Querying.module_eval do
|
104
60
|
|
@@ -114,20 +70,29 @@ module TCellAgent
|
|
114
70
|
TCellAgent.configuration.should_intercept_requests?
|
115
71
|
|
116
72
|
dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
73
|
+
appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
|
117
74
|
|
118
|
-
if dlp_policy
|
119
|
-
request_env =
|
75
|
+
if dlp_policy || appsensor_policy
|
76
|
+
request_env =
|
77
|
+
TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
|
78
|
+
tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
120
79
|
|
121
|
-
if
|
122
|
-
|
80
|
+
if tcell_context
|
81
|
+
if appsensor_policy
|
82
|
+
appsensor_policy.process_db_rows(tcell_context, results.size)
|
83
|
+
end
|
123
84
|
|
124
|
-
if
|
85
|
+
if dlp_policy
|
125
86
|
first_record = results.first
|
126
87
|
database_name = first_record.class.connection_config().fetch(:database,"*").split('/').last
|
127
88
|
model = first_record.class
|
128
89
|
column_names = model.columns.map { |col| col.name }
|
129
90
|
table_name = model.table_name
|
130
91
|
|
92
|
+
if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
|
93
|
+
TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
|
94
|
+
end
|
95
|
+
|
131
96
|
if dlp_policy.database_discovery_enabled
|
132
97
|
TCellAgent.discover_database_fields(
|
133
98
|
tcell_context.route_id,
|
@@ -150,10 +115,6 @@ module TCellAgent
|
|
150
115
|
memo
|
151
116
|
end
|
152
117
|
|
153
|
-
if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
|
154
|
-
TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
|
155
|
-
end
|
156
|
-
|
157
118
|
results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |record|
|
158
119
|
column_name_to_rules.each do |column_name, rules|
|
159
120
|
if rules
|
@@ -171,6 +132,7 @@ module TCellAgent
|
|
171
132
|
end
|
172
133
|
end
|
173
134
|
end
|
135
|
+
|
174
136
|
end
|
175
137
|
end
|
176
138
|
end
|
@@ -294,7 +256,7 @@ module TCellAgent
|
|
294
256
|
TCellAgent.configuration.should_intercept_requests?
|
295
257
|
|
296
258
|
TCellAgent::Instrumentation.safe_block("Running DLP Logging Filters") {
|
297
|
-
tcell_context = request.env[TCellAgent::Instrumentation::
|
259
|
+
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
298
260
|
if tcell_context
|
299
261
|
response.body = tcell_context.filter_body(response.body)
|
300
262
|
end
|
@@ -330,7 +292,7 @@ class Logger
|
|
330
292
|
dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
331
293
|
request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
|
332
294
|
if message && dlp_policy && request_env
|
333
|
-
tcell_context = request_env[TCellAgent::Instrumentation::
|
295
|
+
tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
334
296
|
if tcell_context
|
335
297
|
tcell_context.filter_log(message)
|
336
298
|
end
|