tcell_agent 0.2.18 → 0.2.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Rakefile +11 -0
- data/lib/tcell_agent/configuration.rb +8 -1
- data/lib/tcell_agent/instrumentation.rb +14 -10
- data/lib/tcell_agent/logger.rb +23 -23
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +61 -0
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +10 -2
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +66 -0
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +11 -3
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +6 -5
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +47 -0
- data/lib/tcell_agent/policies/appsensor_policy.rb +68 -5
- data/lib/tcell_agent/policies/patches_policy.rb +2 -2
- data/lib/tcell_agent/rails.rb +3 -0
- data/lib/tcell_agent/rails/auth/authlogic.rb +2 -2
- data/lib/tcell_agent/rails/auth/devise.rb +4 -4
- data/lib/tcell_agent/rails/better_ip.rb +36 -0
- data/lib/tcell_agent/rails/csrf_exception.rb +30 -0
- data/lib/tcell_agent/rails/dlp.rb +38 -76
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +5 -5
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +6 -4
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +7 -7
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +15 -15
- data/lib/tcell_agent/rails/path_parameters_setter.rb +43 -0
- data/lib/tcell_agent/rails/routes.rb +4 -4
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +11 -6
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +165 -0
- data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +432 -0
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +99 -24
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +156 -0
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +175 -0
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +79 -0
- data/spec/lib/tcell_agent/rails/better_ip_spec.rb +76 -0
- metadata +16 -2
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'tcell_agent/policies/appsensor/sensor'
|
2
|
+
|
3
|
+
module TCellAgent
|
4
|
+
module Policies
|
5
|
+
|
6
|
+
class UserAgentSensor < Sensor
|
7
|
+
DP_CODE = "uaempty"
|
8
|
+
|
9
|
+
attr_accessor :enabled, :empty_enabled, :excluded_route_ids
|
10
|
+
|
11
|
+
def initialize(policy_json=nil)
|
12
|
+
@enabled = false
|
13
|
+
@empty_enabled = false
|
14
|
+
@excluded_route_ids = {}
|
15
|
+
|
16
|
+
if policy_json
|
17
|
+
@enabled = policy_json.fetch("enabled", false)
|
18
|
+
@empty_enabled = policy_json.fetch("empty_enabled", false)
|
19
|
+
|
20
|
+
policy_json.fetch("exclude_routes", []).each do |excluded_route|
|
21
|
+
@excluded_route_ids[excluded_route] = true
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
def check(appsensor_meta)
|
27
|
+
return unless @enabled && @empty_enabled
|
28
|
+
|
29
|
+
return if @excluded_route_ids.fetch(appsensor_meta.route_id, false)
|
30
|
+
|
31
|
+
user_agent = appsensor_meta.user_agent
|
32
|
+
if !user_agent || user_agent.strip == ""
|
33
|
+
send_event(
|
34
|
+
appsensor_meta,
|
35
|
+
DP_CODE,
|
36
|
+
nil,
|
37
|
+
nil)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def to_s
|
42
|
+
"<#{self.class.name} enabled: #{@enabled} empty_enabled: #{@empty_enabled} dp_code: #{DP_CODE}>"
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
end
|
47
|
+
end
|
@@ -1,13 +1,16 @@
|
|
1
1
|
require 'tcell_agent/instrumentation'
|
2
|
+
require 'tcell_agent/policies/appsensor/cmdi_sensor'
|
3
|
+
require 'tcell_agent/policies/appsensor/database_sensor'
|
4
|
+
require 'tcell_agent/policies/appsensor/fpt_sensor'
|
2
5
|
require 'tcell_agent/policies/appsensor/login_sensor'
|
6
|
+
require 'tcell_agent/policies/appsensor/misc_sensor'
|
7
|
+
require 'tcell_agent/policies/appsensor/nullbyte_sensor'
|
3
8
|
require 'tcell_agent/policies/appsensor/request_size_sensor'
|
4
9
|
require 'tcell_agent/policies/appsensor/response_codes_sensor'
|
5
10
|
require 'tcell_agent/policies/appsensor/response_size_sensor'
|
6
|
-
require 'tcell_agent/policies/appsensor/cmdi_sensor'
|
7
|
-
require 'tcell_agent/policies/appsensor/fpt_sensor'
|
8
|
-
require 'tcell_agent/policies/appsensor/nullbyte_sensor'
|
9
11
|
require 'tcell_agent/policies/appsensor/retr_sensor'
|
10
12
|
require 'tcell_agent/policies/appsensor/sqli_sensor'
|
13
|
+
require 'tcell_agent/policies/appsensor/user_agent_sensor'
|
11
14
|
require 'tcell_agent/policies/appsensor/xss_sensor'
|
12
15
|
|
13
16
|
|
@@ -25,7 +28,10 @@ module TCellAgent
|
|
25
28
|
"fpt",
|
26
29
|
"null",
|
27
30
|
"retr",
|
28
|
-
"login_failure"
|
31
|
+
"login_failure",
|
32
|
+
"ua",
|
33
|
+
"errors",
|
34
|
+
"database"]
|
29
35
|
|
30
36
|
DETECTION_POINTS_V2 = {
|
31
37
|
"req_size" => RequestSizeSensor,
|
@@ -37,7 +43,11 @@ module TCellAgent
|
|
37
43
|
"fpt" => FptSensor,
|
38
44
|
"nullbyte" => NullbyteSensor,
|
39
45
|
"retr" => RetrSensor,
|
40
|
-
"login" => LoginSensor
|
46
|
+
"login" => LoginSensor,
|
47
|
+
"ua" => UserAgentSensor,
|
48
|
+
"errors" => MiscSensor,
|
49
|
+
"database" => DatabaseSensor
|
50
|
+
}
|
41
51
|
|
42
52
|
attr_accessor :policy_id, :options, :enabled
|
43
53
|
|
@@ -56,6 +66,16 @@ module TCellAgent
|
|
56
66
|
check_params_for_injections(appsensor_meta)
|
57
67
|
end
|
58
68
|
|
69
|
+
def process_db_rows(tcell_data, number_of_records)
|
70
|
+
return unless @enabled
|
71
|
+
|
72
|
+
TCellAgent::Instrumentation.safe_block("AppSensor Testing Number of DB Rows") do
|
73
|
+
if self.options.has_key?("database")
|
74
|
+
self.options["database"].check(tcell_data, number_of_records)
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
59
79
|
def check_request_size(appsensor_meta)
|
60
80
|
TCellAgent::Instrumentation.safe_block("AppSensor Testing Response Size") do
|
61
81
|
if self.options.has_key?("req_size")
|
@@ -98,6 +118,20 @@ module TCellAgent
|
|
98
118
|
end
|
99
119
|
|
100
120
|
def check_params_for_injections(appsensor_meta)
|
121
|
+
path_param_type =
|
122
|
+
if (appsensor_meta.method || "get").to_s.downcase == "get"
|
123
|
+
InjectionSensor::GET_PARAM
|
124
|
+
else
|
125
|
+
InjectionSensor::POST_PARAM
|
126
|
+
end
|
127
|
+
|
128
|
+
(appsensor_meta.path_parameters || {}).each do |param_name, param_value|
|
129
|
+
TCellAgent::Instrumentation.safe_block("AppSensor Check Path Params injections") do
|
130
|
+
next if param_name == :controller || param_name == :action
|
131
|
+
check_param_for_injections(path_param_type, appsensor_meta, param_name.to_s, param_value)
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
101
135
|
(appsensor_meta.get_dict || {}).each do |param_name, param_value|
|
102
136
|
TCellAgent::Instrumentation.safe_block("AppSensor Check GET var injections") do
|
103
137
|
check_param_for_injections(InjectionSensor::GET_PARAM, appsensor_meta, param_name, param_value)
|
@@ -123,8 +157,25 @@ module TCellAgent
|
|
123
157
|
end
|
124
158
|
end
|
125
159
|
|
160
|
+
def csrf_rejected(tcell_data)
|
161
|
+
TCellAgent::Instrumentation.safe_block("AppSensor CSRF Exception processing") do
|
162
|
+
if self.options.has_key?("errors")
|
163
|
+
self.options["errors"].csrf_rejected(tcell_data)
|
164
|
+
end
|
165
|
+
end
|
166
|
+
end
|
167
|
+
|
168
|
+
def sql_exception_detected(tcell_data, exception)
|
169
|
+
TCellAgent::Instrumentation.safe_block("AppSensor SQL Exception processing") do
|
170
|
+
if self.options.has_key?("errors")
|
171
|
+
self.options["errors"].sql_exception_detected(tcell_data, exception)
|
172
|
+
end
|
173
|
+
end
|
174
|
+
end
|
175
|
+
|
126
176
|
def self.from_json(policy_json)
|
127
177
|
return nil unless policy_json
|
178
|
+
policy_json = policy_json.deep_dup
|
128
179
|
|
129
180
|
sensor_policy = AppSensorPolicy.new
|
130
181
|
if policy_json.has_key?("policy_id")
|
@@ -193,6 +244,18 @@ module TCellAgent
|
|
193
244
|
enabled = options_json.fetch(sensor_name, false)
|
194
245
|
sensor_policy.options["login"] = LoginSensor.new({"enabled" => enabled})
|
195
246
|
|
247
|
+
elsif "ua" == sensor_name
|
248
|
+
sensor_policy.options[sensor_name] = UserAgentSensor.new({
|
249
|
+
"enabled" => false, "empty_enabled" => false
|
250
|
+
})
|
251
|
+
|
252
|
+
elsif "errors" == sensor_name
|
253
|
+
sensor_policy.options[sensor_name] = MiscSensor.new({
|
254
|
+
"enabled" => false,
|
255
|
+
"csrf_exception_enabled" => false,
|
256
|
+
"sql_exception_enabled" => false
|
257
|
+
})
|
258
|
+
|
196
259
|
else
|
197
260
|
enabled = options_json.fetch(sensor_name, false)
|
198
261
|
clazz = DETECTION_POINTS_V2[sensor_name]
|
data/lib/tcell_agent/rails.rb
CHANGED
@@ -9,6 +9,7 @@ require 'tcell_agent/sensor_events/server_agent'
|
|
9
9
|
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
10
10
|
require 'tcell_agent/sensor_events/util/redirect_utils'
|
11
11
|
|
12
|
+
require 'tcell_agent/rails/better_ip'
|
12
13
|
require 'tcell_agent/rails/middleware/global_middleware'
|
13
14
|
require 'tcell_agent/rails/middleware/body_filter_middleware'
|
14
15
|
require 'tcell_agent/rails/middleware/headers_middleware'
|
@@ -16,6 +17,7 @@ require 'tcell_agent/rails/middleware/context_middleware'
|
|
16
17
|
|
17
18
|
require 'tcell_agent/rails/settings_reporter'
|
18
19
|
require 'tcell_agent/rails/dlp'
|
20
|
+
require 'tcell_agent/rails/csrf_exception'
|
19
21
|
|
20
22
|
|
21
23
|
require 'tcell_agent/userinfo'
|
@@ -30,6 +32,7 @@ module TCellAgent
|
|
30
32
|
require 'tcell_agent/rails/auth/devise' if defined?(Devise)
|
31
33
|
require 'tcell_agent/authlogic' if defined?(Authlogic)
|
32
34
|
require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
|
35
|
+
require 'tcell_agent/rails/path_parameters_setter'
|
33
36
|
end
|
34
37
|
app.config.middleware.insert_before(0, "TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware")
|
35
38
|
app.config.middleware.insert_after(0, "TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware")
|
@@ -30,7 +30,7 @@ module TCellAgent
|
|
30
30
|
if (login_fraud_policy.login_failed_enabled)
|
31
31
|
request = Authlogic::Session::Base.controller.request
|
32
32
|
response = Authlogic::Session::Base.controller.response
|
33
|
-
hmac_session_id = request.env[
|
33
|
+
hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
34
34
|
event = TCellAgent::SensorEvents::LoginFailure.new(request, response, user_id, hmac_session_id)
|
35
35
|
TCellAgent.send_event(event)
|
36
36
|
end
|
@@ -38,7 +38,7 @@ module TCellAgent
|
|
38
38
|
if (login_fraud_policy.login_success_enabled)
|
39
39
|
request = Authlogic::Session::Base.controller.request
|
40
40
|
response = Authlogic::Session::Base.controller.response
|
41
|
-
hmac_session_id = request.env[
|
41
|
+
hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
42
42
|
event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
|
43
43
|
TCellAgent.send_event(event)
|
44
44
|
end
|
@@ -22,9 +22,9 @@ module TCellAgent
|
|
22
22
|
tcell_username = _get_tcell_username
|
23
23
|
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
24
24
|
if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_success_enabled)
|
25
|
-
hmac_session_id = request.env[
|
26
|
-
request.env[
|
27
|
-
user_id = tcell_username || request.env[
|
25
|
+
hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
26
|
+
request.env[TCellAgent::Instrumentation::TCELL_ID].user_id = TCellAgent::UserInformation.getUserFromRequest(request)
|
27
|
+
user_id = tcell_username || request.env[TCellAgent::Instrumentation::TCELL_ID].user_id
|
28
28
|
event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
|
29
29
|
TCellAgent.send_event(event)
|
30
30
|
end
|
@@ -58,7 +58,7 @@ module TCellAgent
|
|
58
58
|
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
59
59
|
if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_failed_enabled)
|
60
60
|
if failed_login?
|
61
|
-
hmac_session_id = request.env[
|
61
|
+
hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
62
62
|
event = TCellAgent::SensorEvents::LoginFailure.new(request, response, tcell_username, hmac_session_id)
|
63
63
|
TCellAgent.send_event(event)
|
64
64
|
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
require "tcell_agent/utils/strings"
|
2
|
+
require 'tcell_agent/instrumentation'
|
3
|
+
|
4
|
+
|
5
|
+
module TCellAgent
|
6
|
+
module Utils
|
7
|
+
module Rails
|
8
|
+
|
9
|
+
def self.better_ip(request)
|
10
|
+
if TCellAgent.configuration.reverse_proxy
|
11
|
+
TCellAgent::Instrumentation.safe_block("Extracting reverse proxy IP") do
|
12
|
+
reverse_proxy_header = TCellAgent.configuration.reverse_proxy_ip_address_header
|
13
|
+
if TCellAgent::Utils::Strings.present?(reverse_proxy_header)
|
14
|
+
reverse_proxy_header = "HTTP_" + reverse_proxy_header.upcase().gsub('-','_')
|
15
|
+
else
|
16
|
+
reverse_proxy_header = "HTTP_X_FORWARDED_FOR"
|
17
|
+
end
|
18
|
+
|
19
|
+
x_forwarded_for = request.env[reverse_proxy_header]
|
20
|
+
|
21
|
+
if TCellAgent::Utils::Strings.present?(x_forwarded_for)
|
22
|
+
ip = x_forwarded_for.split(',')[0].strip()
|
23
|
+
else
|
24
|
+
ip = request.ip
|
25
|
+
end
|
26
|
+
|
27
|
+
return ip
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
request.ip
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require 'tcell_agent/instrumentation'
|
2
|
+
|
3
|
+
module TCellAgent
|
4
|
+
class MyRailtie < Rails::Railtie
|
5
|
+
|
6
|
+
initializer "tcell.sensors" do |app|
|
7
|
+
ActiveSupport.on_load :action_controller do
|
8
|
+
|
9
|
+
ActionController::RequestForgeryProtection.module_eval do
|
10
|
+
alias_method :tcell_handle_unverified_request, :handle_unverified_request
|
11
|
+
def handle_unverified_request
|
12
|
+
TCellAgent::Instrumentation.safe_block("AppSensor CSRF Exception processing") do
|
13
|
+
appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
|
14
|
+
if appsensor_policy
|
15
|
+
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
16
|
+
if tcell_data
|
17
|
+
appsensor_policy.csrf_rejected(tcell_data)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
tcell_handle_unverified_request
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
end
|
30
|
+
end
|
@@ -22,31 +22,12 @@ require 'tcell_agent/rails/middleware/context_middleware'
|
|
22
22
|
require 'tcell_agent/rails/routes'
|
23
23
|
require 'tcell_agent/rails/settings_reporter'
|
24
24
|
|
25
|
+
require 'tcell_agent/instrumentation'
|
26
|
+
|
25
27
|
require 'tcell_agent/userinfo'
|
26
28
|
require 'cgi'
|
27
29
|
require 'thread'
|
28
30
|
|
29
|
-
# if defined?(SQLite3)
|
30
|
-
# require 'active_record/connection_adapters/sqlite3_adapter'
|
31
|
-
# ActiveRecord::ConnectionAdapters::SQLite3Adapter.class_eval do
|
32
|
-
# alias_method :original_exec, :exec_query
|
33
|
-
# def exec_query(sql, name = nil, binds = [])
|
34
|
-
# puts "----v----"
|
35
|
-
# puts sql
|
36
|
-
# puts name
|
37
|
-
# puts binds
|
38
|
-
# puts "----^----"
|
39
|
-
# result = original_exec(sql, name, binds)
|
40
|
-
# puts result.inspect
|
41
|
-
# puts ";-----------------------;"
|
42
|
-
# result
|
43
|
-
# end
|
44
|
-
# def postgresql_version
|
45
|
-
# 80200
|
46
|
-
# end
|
47
|
-
# end
|
48
|
-
# end
|
49
|
-
|
50
31
|
require 'tcell_agent/configuration'
|
51
32
|
|
52
33
|
|
@@ -55,50 +36,25 @@ module TCellAgent
|
|
55
36
|
initializer 'activeservice.autoload', :after => :set_autoload_paths do |app|
|
56
37
|
|
57
38
|
if defined?(ActiveRecord)
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
#end
|
78
|
-
|
79
|
-
#ActiveRecord::Scoping::Default::ClassMethods.module_eval do
|
80
|
-
#alias_method :tcell_build_default_scope, :build_default_scope
|
81
|
-
#def build_default_scope(base_rel = relation)
|
82
|
-
##puts base_rel.inspect
|
83
|
-
#tcell_build_default_scope
|
84
|
-
#end
|
85
|
-
#end
|
86
|
-
|
87
|
-
#ActiveRecord::Scoping::Named::ClassMethods.module_eval do
|
88
|
-
#alias_method :tcell_default_scoped, :default_scoped
|
89
|
-
#def default_scoped
|
90
|
-
#tcell_default_scoped
|
91
|
-
#end
|
92
|
-
#end
|
93
|
-
|
94
|
-
#ActiveRecord::ConnectionAdapters::PostgreSQL::DatabaseStatements.module_eval do
|
95
|
-
#alias_method :tcell_execute, :execute
|
96
|
-
#def execute(sql, name = nil)
|
97
|
-
#pus caller
|
98
|
-
|
99
|
-
#tcell_execute(sql, name)
|
100
|
-
#end
|
101
|
-
#end
|
39
|
+
ActiveRecord::ConnectionAdapters::AbstractAdapter.class_eval do
|
40
|
+
alias_method :tcell_translate_exception, :translate_exception
|
41
|
+
def translate_exception(e, message)
|
42
|
+
result = tcell_translate_exception(e, message)
|
43
|
+
|
44
|
+
TCellAgent::Instrumentation.safe_block("Call AppSensorPolicy.sql_exception_detected") do
|
45
|
+
appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
|
46
|
+
if appsensor_policy
|
47
|
+
request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
|
48
|
+
tcell_data = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
49
|
+
if tcell_data && e.is_a?(ActiveRecord::StatementInvalid)
|
50
|
+
appsensor_policy.sql_exception_detected(tcell_data, result)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
result
|
56
|
+
end
|
57
|
+
end
|
102
58
|
|
103
59
|
ActiveRecord::Querying.module_eval do
|
104
60
|
|
@@ -114,20 +70,29 @@ module TCellAgent
|
|
114
70
|
TCellAgent.configuration.should_intercept_requests?
|
115
71
|
|
116
72
|
dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
73
|
+
appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
|
117
74
|
|
118
|
-
if dlp_policy
|
119
|
-
request_env =
|
75
|
+
if dlp_policy || appsensor_policy
|
76
|
+
request_env =
|
77
|
+
TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
|
78
|
+
tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
120
79
|
|
121
|
-
if
|
122
|
-
|
80
|
+
if tcell_context
|
81
|
+
if appsensor_policy
|
82
|
+
appsensor_policy.process_db_rows(tcell_context, results.size)
|
83
|
+
end
|
123
84
|
|
124
|
-
if
|
85
|
+
if dlp_policy
|
125
86
|
first_record = results.first
|
126
87
|
database_name = first_record.class.connection_config().fetch(:database,"*").split('/').last
|
127
88
|
model = first_record.class
|
128
89
|
column_names = model.columns.map { |col| col.name }
|
129
90
|
table_name = model.table_name
|
130
91
|
|
92
|
+
if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
|
93
|
+
TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
|
94
|
+
end
|
95
|
+
|
131
96
|
if dlp_policy.database_discovery_enabled
|
132
97
|
TCellAgent.discover_database_fields(
|
133
98
|
tcell_context.route_id,
|
@@ -150,10 +115,6 @@ module TCellAgent
|
|
150
115
|
memo
|
151
116
|
end
|
152
117
|
|
153
|
-
if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
|
154
|
-
TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
|
155
|
-
end
|
156
|
-
|
157
118
|
results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |record|
|
158
119
|
column_name_to_rules.each do |column_name, rules|
|
159
120
|
if rules
|
@@ -171,6 +132,7 @@ module TCellAgent
|
|
171
132
|
end
|
172
133
|
end
|
173
134
|
end
|
135
|
+
|
174
136
|
end
|
175
137
|
end
|
176
138
|
end
|
@@ -294,7 +256,7 @@ module TCellAgent
|
|
294
256
|
TCellAgent.configuration.should_intercept_requests?
|
295
257
|
|
296
258
|
TCellAgent::Instrumentation.safe_block("Running DLP Logging Filters") {
|
297
|
-
tcell_context = request.env[TCellAgent::Instrumentation::
|
259
|
+
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
298
260
|
if tcell_context
|
299
261
|
response.body = tcell_context.filter_body(response.body)
|
300
262
|
end
|
@@ -330,7 +292,7 @@ class Logger
|
|
330
292
|
dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
331
293
|
request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
|
332
294
|
if message && dlp_policy && request_env
|
333
|
-
tcell_context = request_env[TCellAgent::Instrumentation::
|
295
|
+
tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
334
296
|
if tcell_context
|
335
297
|
tcell_context.filter_log(message)
|
336
298
|
end
|