tcell_agent 0.2.18 → 0.2.19

Sign up to get free protection for your applications and to get access to all the features.
Files changed (37) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +11 -0
  3. data/lib/tcell_agent/configuration.rb +8 -1
  4. data/lib/tcell_agent/instrumentation.rb +14 -10
  5. data/lib/tcell_agent/logger.rb +23 -23
  6. data/lib/tcell_agent/policies/appsensor/database_sensor.rb +61 -0
  7. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +10 -2
  8. data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +66 -0
  9. data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +11 -3
  10. data/lib/tcell_agent/policies/appsensor/size_sensor.rb +6 -5
  11. data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +47 -0
  12. data/lib/tcell_agent/policies/appsensor_policy.rb +68 -5
  13. data/lib/tcell_agent/policies/patches_policy.rb +2 -2
  14. data/lib/tcell_agent/rails.rb +3 -0
  15. data/lib/tcell_agent/rails/auth/authlogic.rb +2 -2
  16. data/lib/tcell_agent/rails/auth/devise.rb +4 -4
  17. data/lib/tcell_agent/rails/better_ip.rb +36 -0
  18. data/lib/tcell_agent/rails/csrf_exception.rb +30 -0
  19. data/lib/tcell_agent/rails/dlp.rb +38 -76
  20. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +5 -5
  21. data/lib/tcell_agent/rails/middleware/context_middleware.rb +6 -4
  22. data/lib/tcell_agent/rails/middleware/global_middleware.rb +7 -7
  23. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +15 -15
  24. data/lib/tcell_agent/rails/path_parameters_setter.rb +43 -0
  25. data/lib/tcell_agent/rails/routes.rb +4 -4
  26. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +11 -6
  27. data/lib/tcell_agent/version.rb +1 -1
  28. data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +165 -0
  29. data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +432 -0
  30. data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
  31. data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +99 -24
  32. data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +4 -4
  33. data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +156 -0
  34. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +175 -0
  35. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +79 -0
  36. data/spec/lib/tcell_agent/rails/better_ip_spec.rb +76 -0
  37. metadata +16 -2
@@ -0,0 +1,432 @@
1
+ require 'spec_helper'
2
+
3
+
4
+ module TCellAgent
5
+ module Policies
6
+
7
+ describe MiscSensor do
8
+ context "#initialize" do
9
+ context "default sensor" do
10
+ it "should have properties set to defaults" do
11
+ sensor = MiscSensor.new
12
+ expect(sensor.enabled).to eq(false)
13
+ expect(sensor.csrf_exception_enabled).to eq(false)
14
+ expect(sensor.sql_exception_enabled).to eq(false)
15
+ expect(sensor.excluded_route_ids).to eq({})
16
+ end
17
+ end
18
+
19
+ context "setting enabled on sensor" do
20
+ it "should have enabled set" do
21
+ sensor = MiscSensor.new({"enabled" => true})
22
+ expect(sensor.enabled).to eq(true)
23
+ expect(sensor.csrf_exception_enabled).to eq(false)
24
+ expect(sensor.sql_exception_enabled).to eq(false)
25
+ expect(sensor.excluded_route_ids).to eq({})
26
+ end
27
+ end
28
+
29
+ context "setting csrf_exception_enabled on sensor" do
30
+ it "should csrf_exception_enabled set" do
31
+ sensor = MiscSensor.new({"csrf_exception_enabled" => true})
32
+ expect(sensor.enabled).to eq(false)
33
+ expect(sensor.csrf_exception_enabled).to eq(true)
34
+ expect(sensor.sql_exception_enabled).to eq(false)
35
+ expect(sensor.excluded_route_ids).to eq({})
36
+ end
37
+ end
38
+
39
+ context "setting sql_exception_enabled on sensor" do
40
+ it "should sql_exception_enabled set" do
41
+ sensor = MiscSensor.new({"sql_exception_enabled" => true})
42
+ expect(sensor.enabled).to eq(false)
43
+ expect(sensor.csrf_exception_enabled).to eq(false)
44
+ expect(sensor.sql_exception_enabled).to eq(true)
45
+ expect(sensor.excluded_route_ids).to eq({})
46
+ end
47
+ end
48
+
49
+ context "setting excluded_route_ids on sensor" do
50
+ it "should excluded_route_ids set" do
51
+ sensor = MiscSensor.new({"sql_exception_enabled" => true, "exclude_routes" => ["route_id"]})
52
+ expect(sensor.enabled).to eq(false)
53
+ expect(sensor.csrf_exception_enabled).to eq(false)
54
+ expect(sensor.sql_exception_enabled).to eq(true)
55
+ expect(sensor.excluded_route_ids).to eq({"route_id" => true})
56
+ end
57
+ end
58
+ end
59
+
60
+ describe "#csrf_rejected" do
61
+
62
+ context "with disabled sensor" do
63
+ context "with disabled csrf_exception_enabled sensor" do
64
+ it "should not send event" do
65
+ sensor = MiscSensor.new({"enabled" => false, "csrf_exception_enabled" => false})
66
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
67
+
68
+ expect(TCellAgent).to_not receive(:send_event)
69
+
70
+ sensor.csrf_rejected(tcell_data)
71
+ end
72
+ end
73
+
74
+ context "with enabled csrf_exception_enabled" do
75
+ it "should not send event" do
76
+ sensor = MiscSensor.new({"enabled" => false, "csrf_exception_enabled" => true})
77
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
78
+
79
+ expect(TCellAgent).to_not receive(:send_event)
80
+
81
+ sensor.csrf_rejected(tcell_data)
82
+ end
83
+
84
+ context "with nil tcell-data" do
85
+ it "should not send event" do
86
+ sensor = MiscSensor.new({"enabled" => false, "csrf_exception_enabled" => true})
87
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
88
+
89
+ expect(TCellAgent).to_not receive(:send_event)
90
+
91
+ sensor.csrf_rejected(tcell_data)
92
+ end
93
+ end
94
+ end
95
+ end
96
+
97
+ context "with enabled sensor" do
98
+ context "with disabled csrf_exception_enabled sensor" do
99
+ it "should not send event" do
100
+ sensor = MiscSensor.new({"enabled" => true, "csrf_exception_enabled" => false})
101
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
102
+
103
+ expect(TCellAgent).to_not receive(:send_event)
104
+
105
+ sensor.csrf_rejected(tcell_data)
106
+ end
107
+
108
+ context "no excluded routes" do
109
+ it "should not send an event" do
110
+ sensor = MiscSensor.new({
111
+ "enabled" => true,
112
+ "csrf_exception_enabled" => false,
113
+ "exclude_routes" => []
114
+ })
115
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
116
+ tcell_data.route_id = "route_id"
117
+
118
+ expect(TCellAgent).to_not receive(:send_event)
119
+
120
+ sensor.csrf_rejected(tcell_data)
121
+ end
122
+ end
123
+
124
+ context "has excluded routes" do
125
+ context "route id matches" do
126
+ it "should not send an event" do
127
+ sensor = MiscSensor.new({
128
+ "enabled" => true,
129
+ "csrf_exception_enabled" => false,
130
+ "exclude_routes" => []
131
+ })
132
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
133
+ tcell_data.route_id = "route_id"
134
+
135
+ expect(TCellAgent).to_not receive(:send_event)
136
+
137
+ sensor.csrf_rejected(tcell_data)
138
+ end
139
+ end
140
+
141
+ context "route id does not match" do
142
+ it "should not send an event" do
143
+ sensor = MiscSensor.new({
144
+ "enabled" => true,
145
+ "csrf_exception_enabled" => false,
146
+ "exclude_routes" => ["nonmatching"]
147
+ })
148
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
149
+ tcell_data.route_id = "route_id"
150
+
151
+ expect(TCellAgent).to_not receive(:send_event)
152
+
153
+ sensor.csrf_rejected(tcell_data)
154
+ end
155
+ end
156
+ end
157
+ end
158
+
159
+ context "with enabled csrf_exception_enabled" do
160
+ it "should send event" do
161
+ sensor = MiscSensor.new({"enabled" => true, "csrf_exception_enabled" => true})
162
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
163
+
164
+ expect(TCellAgent).to receive(:send_event).with({
165
+ "event_type"=>"as",
166
+ "dp"=>"excsrf",
167
+ "param"=>nil,
168
+ "remote_addr"=>nil,
169
+ "m"=>nil
170
+ })
171
+
172
+ sensor.csrf_rejected(tcell_data)
173
+ end
174
+
175
+ context "no excluded routes" do
176
+ it "should send an event" do
177
+ sensor = MiscSensor.new({
178
+ "enabled" => true,
179
+ "csrf_exception_enabled" => true,
180
+ "exclude_routes" => []
181
+ })
182
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
183
+ tcell_data.route_id = "route_id"
184
+
185
+ expect(TCellAgent).to receive(:send_event).with({
186
+ "event_type"=>"as",
187
+ "dp"=>"excsrf",
188
+ "param"=>nil,
189
+ "remote_addr"=>nil,
190
+ "rou"=>"route_id",
191
+ "m"=>nil
192
+ })
193
+
194
+ sensor.csrf_rejected(tcell_data)
195
+ end
196
+ end
197
+
198
+ context "has excluded routes" do
199
+ context "route id matches" do
200
+ it "should not send an event" do
201
+ sensor = MiscSensor.new({
202
+ "enabled" => true,
203
+ "csrf_exception_enabled" => true,
204
+ "exclude_routes" => ["route_id"]
205
+ })
206
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
207
+ tcell_data.route_id = "route_id"
208
+
209
+ expect(TCellAgent).to_not receive(:send_event)
210
+
211
+ sensor.csrf_rejected(tcell_data)
212
+ end
213
+ end
214
+
215
+ context "route id does not match" do
216
+ it "should send an event" do
217
+ sensor = MiscSensor.new({
218
+ "enabled" => true,
219
+ "csrf_exception_enabled" => true,
220
+ "exclude_routes" => ["nonmatching"]
221
+ })
222
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
223
+ tcell_data.route_id = "route_id"
224
+
225
+ expect(TCellAgent).to receive(:send_event).with({
226
+ "event_type"=>"as",
227
+ "dp"=>"excsrf",
228
+ "param"=>nil,
229
+ "remote_addr"=>nil,
230
+ "rou"=>"route_id",
231
+ "m"=>nil
232
+ })
233
+
234
+ sensor.csrf_rejected(tcell_data)
235
+ end
236
+ end
237
+ end
238
+ end
239
+ end
240
+
241
+ end
242
+
243
+ describe "#sql_exception_enabled" do
244
+ before(:each) do
245
+ @exception = Exception.new
246
+ end
247
+
248
+ context "with disabled sensor" do
249
+ context "with disabled sql_exception_enabled sensor" do
250
+ it "should not send event" do
251
+ sensor = MiscSensor.new({"enabled" => false, "sql_exception_enabled" => false})
252
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
253
+
254
+ expect(TCellAgent).to_not receive(:send_event)
255
+
256
+ sensor.sql_exception_detected(tcell_data, @exception)
257
+ end
258
+ end
259
+
260
+ context "with enabled sql_exception_enabled" do
261
+ it "should not send event" do
262
+ sensor = MiscSensor.new({"enabled" => false, "sql_exception_enabled" => true})
263
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
264
+
265
+ expect(TCellAgent).to_not receive(:send_event)
266
+
267
+ sensor.sql_exception_detected(tcell_data, @exception)
268
+ end
269
+
270
+ context "with nil tcell-data" do
271
+ it "should not send event" do
272
+ sensor = MiscSensor.new({"enabled" => false, "sql_exception_enabled" => true})
273
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
274
+
275
+ expect(TCellAgent).to_not receive(:send_event)
276
+
277
+ sensor.sql_exception_detected(tcell_data, @exception)
278
+ end
279
+ end
280
+ end
281
+ end
282
+
283
+ context "with enabled sensor" do
284
+ context "with disabled sql_exception_enabled sensor" do
285
+ it "should not send event" do
286
+ sensor = MiscSensor.new({"enabled" => true, "sql_exception_enabled" => false})
287
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
288
+
289
+ expect(TCellAgent).to_not receive(:send_event)
290
+
291
+ sensor.sql_exception_detected(tcell_data, @exception)
292
+ end
293
+
294
+ context "no excluded routes" do
295
+ it "should not send an event" do
296
+ sensor = MiscSensor.new({
297
+ "enabled" => true,
298
+ "sql_exception_enabled" => false,
299
+ "exclude_routes" => []
300
+ })
301
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
302
+ tcell_data.route_id = "route_id"
303
+
304
+ expect(TCellAgent).to_not receive(:send_event)
305
+
306
+ sensor.sql_exception_detected(tcell_data, @exception)
307
+ end
308
+ end
309
+
310
+ context "has excluded routes" do
311
+ context "route id matches" do
312
+ it "should not send an event" do
313
+ sensor = MiscSensor.new({
314
+ "enabled" => true,
315
+ "sql_exception_enabled" => false,
316
+ "exclude_routes" => []
317
+ })
318
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
319
+ tcell_data.route_id = "route_id"
320
+
321
+ expect(TCellAgent).to_not receive(:send_event)
322
+
323
+ sensor.sql_exception_detected(tcell_data, @exception)
324
+ end
325
+ end
326
+
327
+ context "route id does not match" do
328
+ it "should not send an event" do
329
+ sensor = MiscSensor.new({
330
+ "enabled" => true,
331
+ "sql_exception_enabled" => false,
332
+ "exclude_routes" => ["nonmatching"]
333
+ })
334
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
335
+ tcell_data.route_id = "route_id"
336
+
337
+ expect(TCellAgent).to_not receive(:send_event)
338
+
339
+ sensor.sql_exception_detected(tcell_data, @exception)
340
+ end
341
+ end
342
+ end
343
+ end
344
+
345
+ context "with enabled sql_exception_enabled" do
346
+ it "should send event" do
347
+ sensor = MiscSensor.new({"enabled" => true, "sql_exception_enabled" => true})
348
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
349
+
350
+ expect(TCellAgent).to receive(:send_event).with({
351
+ "event_type"=>"as",
352
+ "dp"=>"exsql",
353
+ "param"=>nil,
354
+ "remote_addr"=>nil,
355
+ "m"=>nil
356
+ })
357
+
358
+ sensor.sql_exception_detected(tcell_data, @exception)
359
+ end
360
+
361
+ context "no excluded routes" do
362
+ it "should send an event" do
363
+ sensor = MiscSensor.new({
364
+ "enabled" => true,
365
+ "sql_exception_enabled" => true,
366
+ "exclude_routes" => []
367
+ })
368
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
369
+ tcell_data.route_id = "route_id"
370
+
371
+ expect(TCellAgent).to receive(:send_event).with({
372
+ "event_type"=>"as",
373
+ "dp"=>"exsql",
374
+ "param"=>nil,
375
+ "remote_addr"=>nil,
376
+ "rou"=>"route_id",
377
+ "m"=>nil
378
+ })
379
+
380
+ sensor.sql_exception_detected(tcell_data, @exception)
381
+ end
382
+ end
383
+
384
+ context "has excluded routes" do
385
+ context "route id matches" do
386
+ it "should not send an event" do
387
+ sensor = MiscSensor.new({
388
+ "enabled" => true,
389
+ "sql_exception_enabled" => true,
390
+ "exclude_routes" => ["route_id"]
391
+ })
392
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
393
+ tcell_data.route_id = "route_id"
394
+
395
+ expect(TCellAgent).to_not receive(:send_event)
396
+
397
+ sensor.sql_exception_detected(tcell_data, @exception)
398
+ end
399
+ end
400
+
401
+ context "route id does not match" do
402
+ it "should send an event" do
403
+ sensor = MiscSensor.new({
404
+ "enabled" => true,
405
+ "sql_exception_enabled" => true,
406
+ "exclude_routes" => ["nonmatching"]
407
+ })
408
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
409
+ tcell_data.route_id = "route_id"
410
+
411
+ expect(TCellAgent).to receive(:send_event).with({
412
+ "event_type"=>"as",
413
+ "dp"=>"exsql",
414
+ "param"=>nil,
415
+ "remote_addr"=>nil,
416
+ "rou"=>"route_id",
417
+ "m"=>nil
418
+ })
419
+
420
+ sensor.sql_exception_detected(tcell_data, @exception)
421
+ end
422
+ end
423
+ end
424
+ end
425
+ end
426
+
427
+ end
428
+
429
+ end
430
+
431
+ end
432
+ end
@@ -10,7 +10,7 @@ module TCellAgent
10
10
  sensor = RequestSizeSensor.new
11
11
  expect(sensor.enabled).to eq(false)
12
12
  expect(sensor.limit).to eq(524288)
13
- expect(sensor.exclude_routes).to eq({})
13
+ expect(sensor.excluded_route_ids).to eq({})
14
14
  expect(sensor.dp_code).to eq(RequestSizeSensor::DP_UNUSUAL_REQUEST_SIZE)
15
15
  end
16
16
  end
@@ -20,7 +20,7 @@ module TCellAgent
20
20
  sensor = RequestSizeSensor.new({"enabled" => true})
21
21
  expect(sensor.enabled).to eq(true)
22
22
  expect(sensor.limit).to eq(524288)
23
- expect(sensor.exclude_routes).to eq({})
23
+ expect(sensor.excluded_route_ids).to eq({})
24
24
  expect(sensor.dp_code).to eq(RequestSizeSensor::DP_UNUSUAL_REQUEST_SIZE)
25
25
  end
26
26
  end
@@ -30,7 +30,7 @@ module TCellAgent
30
30
  sensor = RequestSizeSensor.new({"limit" => 1})
31
31
  expect(sensor.enabled).to eq(false)
32
32
  expect(sensor.limit).to eq(1)
33
- expect(sensor.exclude_routes).to eq({})
33
+ expect(sensor.excluded_route_ids).to eq({})
34
34
  expect(sensor.dp_code).to eq(RequestSizeSensor::DP_UNUSUAL_REQUEST_SIZE)
35
35
  end
36
36
  end
@@ -40,7 +40,7 @@ module TCellAgent
40
40
  sensor = RequestSizeSensor.new({"exclude_routes" => ["1", "10", "20"]})
41
41
  expect(sensor.enabled).to eq(false)
42
42
  expect(sensor.limit).to eq(524288)
43
- expect(sensor.exclude_routes).to eq({"1"=>true, "10"=>true, "20"=>true})
43
+ expect(sensor.excluded_route_ids).to eq({"1"=>true, "10"=>true, "20"=>true})
44
44
  expect(sensor.dp_code).to eq(RequestSizeSensor::DP_UNUSUAL_REQUEST_SIZE)
45
45
  end
46
46
  end