tcell_agent 0.2.18 → 0.2.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +11 -0
  3. data/lib/tcell_agent/configuration.rb +8 -1
  4. data/lib/tcell_agent/instrumentation.rb +14 -10
  5. data/lib/tcell_agent/logger.rb +23 -23
  6. data/lib/tcell_agent/policies/appsensor/database_sensor.rb +61 -0
  7. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +10 -2
  8. data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +66 -0
  9. data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +11 -3
  10. data/lib/tcell_agent/policies/appsensor/size_sensor.rb +6 -5
  11. data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +47 -0
  12. data/lib/tcell_agent/policies/appsensor_policy.rb +68 -5
  13. data/lib/tcell_agent/policies/patches_policy.rb +2 -2
  14. data/lib/tcell_agent/rails.rb +3 -0
  15. data/lib/tcell_agent/rails/auth/authlogic.rb +2 -2
  16. data/lib/tcell_agent/rails/auth/devise.rb +4 -4
  17. data/lib/tcell_agent/rails/better_ip.rb +36 -0
  18. data/lib/tcell_agent/rails/csrf_exception.rb +30 -0
  19. data/lib/tcell_agent/rails/dlp.rb +38 -76
  20. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +5 -5
  21. data/lib/tcell_agent/rails/middleware/context_middleware.rb +6 -4
  22. data/lib/tcell_agent/rails/middleware/global_middleware.rb +7 -7
  23. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +15 -15
  24. data/lib/tcell_agent/rails/path_parameters_setter.rb +43 -0
  25. data/lib/tcell_agent/rails/routes.rb +4 -4
  26. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +11 -6
  27. data/lib/tcell_agent/version.rb +1 -1
  28. data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +165 -0
  29. data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +432 -0
  30. data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
  31. data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +99 -24
  32. data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +4 -4
  33. data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +156 -0
  34. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +175 -0
  35. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +79 -0
  36. data/spec/lib/tcell_agent/rails/better_ip_spec.rb +76 -0
  37. metadata +16 -2
@@ -0,0 +1,432 @@
1
+ require 'spec_helper'
2
+
3
+
4
+ module TCellAgent
5
+ module Policies
6
+
7
+ describe MiscSensor do
8
+ context "#initialize" do
9
+ context "default sensor" do
10
+ it "should have properties set to defaults" do
11
+ sensor = MiscSensor.new
12
+ expect(sensor.enabled).to eq(false)
13
+ expect(sensor.csrf_exception_enabled).to eq(false)
14
+ expect(sensor.sql_exception_enabled).to eq(false)
15
+ expect(sensor.excluded_route_ids).to eq({})
16
+ end
17
+ end
18
+
19
+ context "setting enabled on sensor" do
20
+ it "should have enabled set" do
21
+ sensor = MiscSensor.new({"enabled" => true})
22
+ expect(sensor.enabled).to eq(true)
23
+ expect(sensor.csrf_exception_enabled).to eq(false)
24
+ expect(sensor.sql_exception_enabled).to eq(false)
25
+ expect(sensor.excluded_route_ids).to eq({})
26
+ end
27
+ end
28
+
29
+ context "setting csrf_exception_enabled on sensor" do
30
+ it "should csrf_exception_enabled set" do
31
+ sensor = MiscSensor.new({"csrf_exception_enabled" => true})
32
+ expect(sensor.enabled).to eq(false)
33
+ expect(sensor.csrf_exception_enabled).to eq(true)
34
+ expect(sensor.sql_exception_enabled).to eq(false)
35
+ expect(sensor.excluded_route_ids).to eq({})
36
+ end
37
+ end
38
+
39
+ context "setting sql_exception_enabled on sensor" do
40
+ it "should sql_exception_enabled set" do
41
+ sensor = MiscSensor.new({"sql_exception_enabled" => true})
42
+ expect(sensor.enabled).to eq(false)
43
+ expect(sensor.csrf_exception_enabled).to eq(false)
44
+ expect(sensor.sql_exception_enabled).to eq(true)
45
+ expect(sensor.excluded_route_ids).to eq({})
46
+ end
47
+ end
48
+
49
+ context "setting excluded_route_ids on sensor" do
50
+ it "should excluded_route_ids set" do
51
+ sensor = MiscSensor.new({"sql_exception_enabled" => true, "exclude_routes" => ["route_id"]})
52
+ expect(sensor.enabled).to eq(false)
53
+ expect(sensor.csrf_exception_enabled).to eq(false)
54
+ expect(sensor.sql_exception_enabled).to eq(true)
55
+ expect(sensor.excluded_route_ids).to eq({"route_id" => true})
56
+ end
57
+ end
58
+ end
59
+
60
+ describe "#csrf_rejected" do
61
+
62
+ context "with disabled sensor" do
63
+ context "with disabled csrf_exception_enabled sensor" do
64
+ it "should not send event" do
65
+ sensor = MiscSensor.new({"enabled" => false, "csrf_exception_enabled" => false})
66
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
67
+
68
+ expect(TCellAgent).to_not receive(:send_event)
69
+
70
+ sensor.csrf_rejected(tcell_data)
71
+ end
72
+ end
73
+
74
+ context "with enabled csrf_exception_enabled" do
75
+ it "should not send event" do
76
+ sensor = MiscSensor.new({"enabled" => false, "csrf_exception_enabled" => true})
77
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
78
+
79
+ expect(TCellAgent).to_not receive(:send_event)
80
+
81
+ sensor.csrf_rejected(tcell_data)
82
+ end
83
+
84
+ context "with nil tcell-data" do
85
+ it "should not send event" do
86
+ sensor = MiscSensor.new({"enabled" => false, "csrf_exception_enabled" => true})
87
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
88
+
89
+ expect(TCellAgent).to_not receive(:send_event)
90
+
91
+ sensor.csrf_rejected(tcell_data)
92
+ end
93
+ end
94
+ end
95
+ end
96
+
97
+ context "with enabled sensor" do
98
+ context "with disabled csrf_exception_enabled sensor" do
99
+ it "should not send event" do
100
+ sensor = MiscSensor.new({"enabled" => true, "csrf_exception_enabled" => false})
101
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
102
+
103
+ expect(TCellAgent).to_not receive(:send_event)
104
+
105
+ sensor.csrf_rejected(tcell_data)
106
+ end
107
+
108
+ context "no excluded routes" do
109
+ it "should not send an event" do
110
+ sensor = MiscSensor.new({
111
+ "enabled" => true,
112
+ "csrf_exception_enabled" => false,
113
+ "exclude_routes" => []
114
+ })
115
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
116
+ tcell_data.route_id = "route_id"
117
+
118
+ expect(TCellAgent).to_not receive(:send_event)
119
+
120
+ sensor.csrf_rejected(tcell_data)
121
+ end
122
+ end
123
+
124
+ context "has excluded routes" do
125
+ context "route id matches" do
126
+ it "should not send an event" do
127
+ sensor = MiscSensor.new({
128
+ "enabled" => true,
129
+ "csrf_exception_enabled" => false,
130
+ "exclude_routes" => []
131
+ })
132
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
133
+ tcell_data.route_id = "route_id"
134
+
135
+ expect(TCellAgent).to_not receive(:send_event)
136
+
137
+ sensor.csrf_rejected(tcell_data)
138
+ end
139
+ end
140
+
141
+ context "route id does not match" do
142
+ it "should not send an event" do
143
+ sensor = MiscSensor.new({
144
+ "enabled" => true,
145
+ "csrf_exception_enabled" => false,
146
+ "exclude_routes" => ["nonmatching"]
147
+ })
148
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
149
+ tcell_data.route_id = "route_id"
150
+
151
+ expect(TCellAgent).to_not receive(:send_event)
152
+
153
+ sensor.csrf_rejected(tcell_data)
154
+ end
155
+ end
156
+ end
157
+ end
158
+
159
+ context "with enabled csrf_exception_enabled" do
160
+ it "should send event" do
161
+ sensor = MiscSensor.new({"enabled" => true, "csrf_exception_enabled" => true})
162
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
163
+
164
+ expect(TCellAgent).to receive(:send_event).with({
165
+ "event_type"=>"as",
166
+ "dp"=>"excsrf",
167
+ "param"=>nil,
168
+ "remote_addr"=>nil,
169
+ "m"=>nil
170
+ })
171
+
172
+ sensor.csrf_rejected(tcell_data)
173
+ end
174
+
175
+ context "no excluded routes" do
176
+ it "should send an event" do
177
+ sensor = MiscSensor.new({
178
+ "enabled" => true,
179
+ "csrf_exception_enabled" => true,
180
+ "exclude_routes" => []
181
+ })
182
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
183
+ tcell_data.route_id = "route_id"
184
+
185
+ expect(TCellAgent).to receive(:send_event).with({
186
+ "event_type"=>"as",
187
+ "dp"=>"excsrf",
188
+ "param"=>nil,
189
+ "remote_addr"=>nil,
190
+ "rou"=>"route_id",
191
+ "m"=>nil
192
+ })
193
+
194
+ sensor.csrf_rejected(tcell_data)
195
+ end
196
+ end
197
+
198
+ context "has excluded routes" do
199
+ context "route id matches" do
200
+ it "should not send an event" do
201
+ sensor = MiscSensor.new({
202
+ "enabled" => true,
203
+ "csrf_exception_enabled" => true,
204
+ "exclude_routes" => ["route_id"]
205
+ })
206
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
207
+ tcell_data.route_id = "route_id"
208
+
209
+ expect(TCellAgent).to_not receive(:send_event)
210
+
211
+ sensor.csrf_rejected(tcell_data)
212
+ end
213
+ end
214
+
215
+ context "route id does not match" do
216
+ it "should send an event" do
217
+ sensor = MiscSensor.new({
218
+ "enabled" => true,
219
+ "csrf_exception_enabled" => true,
220
+ "exclude_routes" => ["nonmatching"]
221
+ })
222
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
223
+ tcell_data.route_id = "route_id"
224
+
225
+ expect(TCellAgent).to receive(:send_event).with({
226
+ "event_type"=>"as",
227
+ "dp"=>"excsrf",
228
+ "param"=>nil,
229
+ "remote_addr"=>nil,
230
+ "rou"=>"route_id",
231
+ "m"=>nil
232
+ })
233
+
234
+ sensor.csrf_rejected(tcell_data)
235
+ end
236
+ end
237
+ end
238
+ end
239
+ end
240
+
241
+ end
242
+
243
+ describe "#sql_exception_enabled" do
244
+ before(:each) do
245
+ @exception = Exception.new
246
+ end
247
+
248
+ context "with disabled sensor" do
249
+ context "with disabled sql_exception_enabled sensor" do
250
+ it "should not send event" do
251
+ sensor = MiscSensor.new({"enabled" => false, "sql_exception_enabled" => false})
252
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
253
+
254
+ expect(TCellAgent).to_not receive(:send_event)
255
+
256
+ sensor.sql_exception_detected(tcell_data, @exception)
257
+ end
258
+ end
259
+
260
+ context "with enabled sql_exception_enabled" do
261
+ it "should not send event" do
262
+ sensor = MiscSensor.new({"enabled" => false, "sql_exception_enabled" => true})
263
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
264
+
265
+ expect(TCellAgent).to_not receive(:send_event)
266
+
267
+ sensor.sql_exception_detected(tcell_data, @exception)
268
+ end
269
+
270
+ context "with nil tcell-data" do
271
+ it "should not send event" do
272
+ sensor = MiscSensor.new({"enabled" => false, "sql_exception_enabled" => true})
273
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
274
+
275
+ expect(TCellAgent).to_not receive(:send_event)
276
+
277
+ sensor.sql_exception_detected(tcell_data, @exception)
278
+ end
279
+ end
280
+ end
281
+ end
282
+
283
+ context "with enabled sensor" do
284
+ context "with disabled sql_exception_enabled sensor" do
285
+ it "should not send event" do
286
+ sensor = MiscSensor.new({"enabled" => true, "sql_exception_enabled" => false})
287
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
288
+
289
+ expect(TCellAgent).to_not receive(:send_event)
290
+
291
+ sensor.sql_exception_detected(tcell_data, @exception)
292
+ end
293
+
294
+ context "no excluded routes" do
295
+ it "should not send an event" do
296
+ sensor = MiscSensor.new({
297
+ "enabled" => true,
298
+ "sql_exception_enabled" => false,
299
+ "exclude_routes" => []
300
+ })
301
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
302
+ tcell_data.route_id = "route_id"
303
+
304
+ expect(TCellAgent).to_not receive(:send_event)
305
+
306
+ sensor.sql_exception_detected(tcell_data, @exception)
307
+ end
308
+ end
309
+
310
+ context "has excluded routes" do
311
+ context "route id matches" do
312
+ it "should not send an event" do
313
+ sensor = MiscSensor.new({
314
+ "enabled" => true,
315
+ "sql_exception_enabled" => false,
316
+ "exclude_routes" => []
317
+ })
318
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
319
+ tcell_data.route_id = "route_id"
320
+
321
+ expect(TCellAgent).to_not receive(:send_event)
322
+
323
+ sensor.sql_exception_detected(tcell_data, @exception)
324
+ end
325
+ end
326
+
327
+ context "route id does not match" do
328
+ it "should not send an event" do
329
+ sensor = MiscSensor.new({
330
+ "enabled" => true,
331
+ "sql_exception_enabled" => false,
332
+ "exclude_routes" => ["nonmatching"]
333
+ })
334
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
335
+ tcell_data.route_id = "route_id"
336
+
337
+ expect(TCellAgent).to_not receive(:send_event)
338
+
339
+ sensor.sql_exception_detected(tcell_data, @exception)
340
+ end
341
+ end
342
+ end
343
+ end
344
+
345
+ context "with enabled sql_exception_enabled" do
346
+ it "should send event" do
347
+ sensor = MiscSensor.new({"enabled" => true, "sql_exception_enabled" => true})
348
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
349
+
350
+ expect(TCellAgent).to receive(:send_event).with({
351
+ "event_type"=>"as",
352
+ "dp"=>"exsql",
353
+ "param"=>nil,
354
+ "remote_addr"=>nil,
355
+ "m"=>nil
356
+ })
357
+
358
+ sensor.sql_exception_detected(tcell_data, @exception)
359
+ end
360
+
361
+ context "no excluded routes" do
362
+ it "should send an event" do
363
+ sensor = MiscSensor.new({
364
+ "enabled" => true,
365
+ "sql_exception_enabled" => true,
366
+ "exclude_routes" => []
367
+ })
368
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
369
+ tcell_data.route_id = "route_id"
370
+
371
+ expect(TCellAgent).to receive(:send_event).with({
372
+ "event_type"=>"as",
373
+ "dp"=>"exsql",
374
+ "param"=>nil,
375
+ "remote_addr"=>nil,
376
+ "rou"=>"route_id",
377
+ "m"=>nil
378
+ })
379
+
380
+ sensor.sql_exception_detected(tcell_data, @exception)
381
+ end
382
+ end
383
+
384
+ context "has excluded routes" do
385
+ context "route id matches" do
386
+ it "should not send an event" do
387
+ sensor = MiscSensor.new({
388
+ "enabled" => true,
389
+ "sql_exception_enabled" => true,
390
+ "exclude_routes" => ["route_id"]
391
+ })
392
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
393
+ tcell_data.route_id = "route_id"
394
+
395
+ expect(TCellAgent).to_not receive(:send_event)
396
+
397
+ sensor.sql_exception_detected(tcell_data, @exception)
398
+ end
399
+ end
400
+
401
+ context "route id does not match" do
402
+ it "should send an event" do
403
+ sensor = MiscSensor.new({
404
+ "enabled" => true,
405
+ "sql_exception_enabled" => true,
406
+ "exclude_routes" => ["nonmatching"]
407
+ })
408
+ tcell_data = TCellAgent::Instrumentation::TCellData.new
409
+ tcell_data.route_id = "route_id"
410
+
411
+ expect(TCellAgent).to receive(:send_event).with({
412
+ "event_type"=>"as",
413
+ "dp"=>"exsql",
414
+ "param"=>nil,
415
+ "remote_addr"=>nil,
416
+ "rou"=>"route_id",
417
+ "m"=>nil
418
+ })
419
+
420
+ sensor.sql_exception_detected(tcell_data, @exception)
421
+ end
422
+ end
423
+ end
424
+ end
425
+ end
426
+
427
+ end
428
+
429
+ end
430
+
431
+ end
432
+ end
@@ -10,7 +10,7 @@ module TCellAgent
10
10
  sensor = RequestSizeSensor.new
11
11
  expect(sensor.enabled).to eq(false)
12
12
  expect(sensor.limit).to eq(524288)
13
- expect(sensor.exclude_routes).to eq({})
13
+ expect(sensor.excluded_route_ids).to eq({})
14
14
  expect(sensor.dp_code).to eq(RequestSizeSensor::DP_UNUSUAL_REQUEST_SIZE)
15
15
  end
16
16
  end
@@ -20,7 +20,7 @@ module TCellAgent
20
20
  sensor = RequestSizeSensor.new({"enabled" => true})
21
21
  expect(sensor.enabled).to eq(true)
22
22
  expect(sensor.limit).to eq(524288)
23
- expect(sensor.exclude_routes).to eq({})
23
+ expect(sensor.excluded_route_ids).to eq({})
24
24
  expect(sensor.dp_code).to eq(RequestSizeSensor::DP_UNUSUAL_REQUEST_SIZE)
25
25
  end
26
26
  end
@@ -30,7 +30,7 @@ module TCellAgent
30
30
  sensor = RequestSizeSensor.new({"limit" => 1})
31
31
  expect(sensor.enabled).to eq(false)
32
32
  expect(sensor.limit).to eq(1)
33
- expect(sensor.exclude_routes).to eq({})
33
+ expect(sensor.excluded_route_ids).to eq({})
34
34
  expect(sensor.dp_code).to eq(RequestSizeSensor::DP_UNUSUAL_REQUEST_SIZE)
35
35
  end
36
36
  end
@@ -40,7 +40,7 @@ module TCellAgent
40
40
  sensor = RequestSizeSensor.new({"exclude_routes" => ["1", "10", "20"]})
41
41
  expect(sensor.enabled).to eq(false)
42
42
  expect(sensor.limit).to eq(524288)
43
- expect(sensor.exclude_routes).to eq({"1"=>true, "10"=>true, "20"=>true})
43
+ expect(sensor.excluded_route_ids).to eq({"1"=>true, "10"=>true, "20"=>true})
44
44
  expect(sensor.dp_code).to eq(RequestSizeSensor::DP_UNUSUAL_REQUEST_SIZE)
45
45
  end
46
46
  end