tcell_agent 0.2.19 → 0.2.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE_libinjection +32 -0
- data/Rakefile +14 -1
- data/ext/libinjection/extconf.rb +3 -0
- data/ext/libinjection/libinjection.h +65 -0
- data/ext/libinjection/libinjection_html5.c +847 -0
- data/ext/libinjection/libinjection_html5.h +54 -0
- data/ext/libinjection/libinjection_sqli.c +2317 -0
- data/ext/libinjection/libinjection_sqli.h +295 -0
- data/ext/libinjection/libinjection_sqli_data.h +9004 -0
- data/ext/libinjection/libinjection_wrap.c +3525 -0
- data/ext/libinjection/libinjection_xss.c +531 -0
- data/ext/libinjection/libinjection_xss.h +21 -0
- data/lib/tcell_agent/configuration.rb +0 -48
- data/lib/tcell_agent/logger.rb +1 -0
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +8 -20
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +30 -46
- data/lib/tcell_agent/policies/appsensor/login_sensor.rb +1 -4
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +8 -22
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +143 -0
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/sensor.rb +21 -2
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +9 -0
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +1 -5
- data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +9 -1
- data/lib/tcell_agent/policies/appsensor_policy.rb +40 -19
- data/lib/tcell_agent/policies/http_redirect_policy.rb +12 -2
- data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
- data/lib/tcell_agent/rails/dlp.rb +98 -76
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +2 -2
- data/lib/tcell_agent/rails/on_start.rb +53 -20
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +12 -19
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -2
- data/lib/tcell_agent/sensor_events/sensor.rb +10 -11
- data/lib/tcell_agent/sensor_events/server_agent.rb +17 -12
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +148 -139
- data/lib/tcell_agent/utils/params.rb +24 -21
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +0 -179
- data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +6 -4
- data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +31 -22
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +466 -0
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +890 -0
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +484 -0
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -3
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +1 -1
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +85 -0
- data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +36 -16
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +188 -312
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +61 -0
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +18 -11
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +14 -15
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +1 -1
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +6 -5
- data/spec/lib/tcell_agent/utils/params_spec.rb +28 -108
- data/tcell_agent.gemspec +21 -1
- metadata +37 -4
|
@@ -32,6 +32,87 @@ require 'tcell_agent/configuration'
|
|
|
32
32
|
|
|
33
33
|
|
|
34
34
|
module TCellAgent
|
|
35
|
+
module DLP
|
|
36
|
+
def self.instrument_find_by_sql(results)
|
|
37
|
+
if results.size > 0
|
|
38
|
+
|
|
39
|
+
if TCellAgent.configuration.enabled &&
|
|
40
|
+
TCellAgent.configuration.should_instrument? &&
|
|
41
|
+
TCellAgent.configuration.should_intercept_requests?
|
|
42
|
+
|
|
43
|
+
dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
|
44
|
+
appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
|
|
45
|
+
|
|
46
|
+
if dlp_policy || appsensor_policy
|
|
47
|
+
request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
|
|
48
|
+
tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
|
49
|
+
|
|
50
|
+
if tcell_context
|
|
51
|
+
if appsensor_policy
|
|
52
|
+
appsensor_policy.process_db_rows(tcell_context, results.size)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
if dlp_policy
|
|
56
|
+
first_record = results.first
|
|
57
|
+
database_name = first_record.class.connection_config().fetch(:database,"*").split('/').last
|
|
58
|
+
model = first_record.class
|
|
59
|
+
column_names = model.columns.map { |col| col.name }
|
|
60
|
+
table_name = model.table_name
|
|
61
|
+
|
|
62
|
+
if dlp_policy.database_discovery_enabled
|
|
63
|
+
TCellAgent.discover_database_fields(
|
|
64
|
+
tcell_context.route_id,
|
|
65
|
+
database_name,
|
|
66
|
+
"*",
|
|
67
|
+
table_name,
|
|
68
|
+
column_names
|
|
69
|
+
)
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
|
|
73
|
+
TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
column_name_to_rules = column_names.inject({}) do |memo, column_name|
|
|
77
|
+
rules = dlp_policy.get_actions_for_table(
|
|
78
|
+
database_name,
|
|
79
|
+
"*",
|
|
80
|
+
table_name,
|
|
81
|
+
column_name,
|
|
82
|
+
tcell_context.route_id
|
|
83
|
+
)
|
|
84
|
+
|
|
85
|
+
memo[column_name] = rules if rules
|
|
86
|
+
|
|
87
|
+
memo
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
return if column_name_to_rules.empty?
|
|
91
|
+
|
|
92
|
+
results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |record|
|
|
93
|
+
column_name_to_rules.each do |column_name, rules|
|
|
94
|
+
if rules
|
|
95
|
+
rules.each do |rule|
|
|
96
|
+
tcell_context.add_response_db_filter(
|
|
97
|
+
record[column_name.to_sym],
|
|
98
|
+
rule,
|
|
99
|
+
database_name,
|
|
100
|
+
"*",
|
|
101
|
+
table_name,
|
|
102
|
+
column_name
|
|
103
|
+
)
|
|
104
|
+
end
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
end
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
|
|
35
116
|
class MyRailtie < Rails::Railtie
|
|
36
117
|
initializer 'activeservice.autoload', :after => :set_autoload_paths do |app|
|
|
37
118
|
|
|
@@ -58,88 +139,29 @@ module TCellAgent
|
|
|
58
139
|
|
|
59
140
|
ActiveRecord::Querying.module_eval do
|
|
60
141
|
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
TCellAgent::Instrumentation.safe_block("Running DLP on find_by_sql") do
|
|
66
|
-
if results.size > 0
|
|
67
|
-
|
|
68
|
-
if TCellAgent.configuration.enabled &&
|
|
69
|
-
TCellAgent.configuration.should_instrument? &&
|
|
70
|
-
TCellAgent.configuration.should_intercept_requests?
|
|
142
|
+
if (::Rails::VERSION::MAJOR == 5)
|
|
143
|
+
alias_method :tcell_find_by_sql, :find_by_sql
|
|
144
|
+
def find_by_sql(*args)
|
|
145
|
+
results = tcell_find_by_sql(*args)
|
|
71
146
|
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
if dlp_policy || appsensor_policy
|
|
76
|
-
request_env =
|
|
77
|
-
TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
|
|
78
|
-
tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
|
147
|
+
TCellAgent::Instrumentation.safe_block("Running DLP on find_by_sql") do
|
|
148
|
+
TCellAgent::DLP.instrument_find_by_sql(results)
|
|
149
|
+
end
|
|
79
150
|
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
appsensor_policy.process_db_rows(tcell_context, results.size)
|
|
83
|
-
end
|
|
151
|
+
results
|
|
152
|
+
end
|
|
84
153
|
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
column_names = model.columns.map { |col| col.name }
|
|
90
|
-
table_name = model.table_name
|
|
91
|
-
|
|
92
|
-
if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
|
|
93
|
-
TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
|
|
94
|
-
end
|
|
95
|
-
|
|
96
|
-
if dlp_policy.database_discovery_enabled
|
|
97
|
-
TCellAgent.discover_database_fields(
|
|
98
|
-
tcell_context.route_id,
|
|
99
|
-
database_name,
|
|
100
|
-
"*",
|
|
101
|
-
table_name,
|
|
102
|
-
column_names
|
|
103
|
-
)
|
|
104
|
-
end
|
|
105
|
-
|
|
106
|
-
column_name_to_rules = first_record.attributes.keys.inject({}) do |memo, column_name|
|
|
107
|
-
memo[column_name] = dlp_policy.get_actions_for_table(
|
|
108
|
-
database_name,
|
|
109
|
-
"*",
|
|
110
|
-
table_name,
|
|
111
|
-
column_name,
|
|
112
|
-
tcell_context.route_id
|
|
113
|
-
)
|
|
114
|
-
|
|
115
|
-
memo
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |record|
|
|
119
|
-
column_name_to_rules.each do |column_name, rules|
|
|
120
|
-
if rules
|
|
121
|
-
rules.each do |rule|
|
|
122
|
-
tcell_context.add_response_db_filter(
|
|
123
|
-
record[column_name.to_sym],
|
|
124
|
-
rule,
|
|
125
|
-
database_name,
|
|
126
|
-
"*",
|
|
127
|
-
table_name,
|
|
128
|
-
column_name
|
|
129
|
-
)
|
|
130
|
-
end
|
|
131
|
-
end
|
|
132
|
-
end
|
|
133
|
-
end
|
|
134
|
-
end
|
|
154
|
+
elsif (::Rails::VERSION::MAJOR < 5)
|
|
155
|
+
alias_method :tcell_find_by_sql, :find_by_sql
|
|
156
|
+
def find_by_sql(sql, binds = [])
|
|
157
|
+
results = tcell_find_by_sql(sql, binds)
|
|
135
158
|
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
end
|
|
159
|
+
TCellAgent::Instrumentation.safe_block("Running DLP on find_by_sql") do
|
|
160
|
+
TCellAgent::DLP.instrument_find_by_sql(results)
|
|
139
161
|
end
|
|
140
|
-
end
|
|
141
162
|
|
|
142
|
-
|
|
163
|
+
results
|
|
164
|
+
end
|
|
143
165
|
end
|
|
144
166
|
|
|
145
167
|
end
|
|
@@ -38,10 +38,9 @@ module TCellAgent
|
|
|
38
38
|
}
|
|
39
39
|
|
|
40
40
|
TCellAgent::Instrumentation.safe_block("Setting hmac_session_id") {
|
|
41
|
-
hmac_key = TCellAgent::SensorEvents::Util.getHmacKey()
|
|
42
41
|
if request.env[TCellAgent::Instrumentation::TCELL_ID].session_id
|
|
43
42
|
env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id =
|
|
44
|
-
TCellAgent::SensorEvents::Util.hmac(request.env[TCellAgent::Instrumentation::TCELL_ID].session_id
|
|
43
|
+
TCellAgent::SensorEvents::Util.hmac(request.env[TCellAgent::Instrumentation::TCELL_ID].session_id)
|
|
45
44
|
end
|
|
46
45
|
}
|
|
47
46
|
|
|
@@ -125,7 +125,7 @@ module TCellAgent
|
|
|
125
125
|
if http_redirect_policy && headers.has_key?("Location")
|
|
126
126
|
local_uri = URI.parse(request.url)
|
|
127
127
|
route_id = request.env[TCellAgent::Instrumentation::TCELL_ID].route_id
|
|
128
|
-
|
|
128
|
+
hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
|
129
129
|
new_location = http_redirect_policy.enforce(
|
|
130
130
|
headers["Location"],
|
|
131
131
|
local_uri.host,
|
|
@@ -134,7 +134,7 @@ module TCellAgent
|
|
|
134
134
|
route_id,
|
|
135
135
|
status,
|
|
136
136
|
TCellAgent::Utils::Rails.better_ip(request),
|
|
137
|
-
|
|
137
|
+
hmac_session_id)
|
|
138
138
|
# Enforcement
|
|
139
139
|
if (new_location)
|
|
140
140
|
headers["Location"] = new_location
|
|
@@ -16,23 +16,43 @@ module TCellAgent
|
|
|
16
16
|
|
|
17
17
|
def self.instrument_route(route)
|
|
18
18
|
if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
|
|
19
|
-
if (
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
19
|
+
if (::Rails::VERSION::MAJOR == 5)
|
|
20
|
+
route_path = "#{route.path.spec}"
|
|
21
|
+
if (route_path.end_with?("(.:format)"))
|
|
22
|
+
route_path = route_path.chomp("(.:format)")
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
route_destination = route.defaults.to_json.to_s
|
|
26
|
+
|
|
27
|
+
route_methods = (route.verb || "").split('|')
|
|
28
|
+
route_methods.each do |route_method|
|
|
29
|
+
route_id = TCellAgent::SensorEvents::Util.calculateRouteId(route_method.downcase, route.path.spec)
|
|
30
|
+
TCellAgent.send_event(
|
|
31
|
+
TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
|
|
32
|
+
route_path, route_method, route_id, nil, route_destination
|
|
33
|
+
)
|
|
34
|
+
)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
elsif (::Rails::VERSION::MAJOR < 5)
|
|
38
|
+
if (route.constraints.has_key? :request_method)
|
|
39
|
+
route_path = "#{route.path.spec}"
|
|
40
|
+
if (route_path.end_with?("(.:format)"))
|
|
41
|
+
route_path = route_path.chomp("(.:format)")
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
route_destination = route.defaults.to_json.to_s
|
|
45
|
+
|
|
46
|
+
route_methods = METHODS.select { |x| route.verb.match(x) }
|
|
47
|
+
route_methods.each do |route_method|
|
|
48
|
+
route_id = TCellAgent::SensorEvents::Util.calculateRouteId(route_method.downcase, route.path.spec)
|
|
49
|
+
TCellAgent.send_event(
|
|
50
|
+
TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
|
|
51
|
+
route_path, route_method, route_id, nil, route_destination
|
|
52
|
+
)
|
|
33
53
|
)
|
|
34
|
-
|
|
35
|
-
|
|
54
|
+
end
|
|
55
|
+
end
|
|
36
56
|
end
|
|
37
57
|
end
|
|
38
58
|
end
|
|
@@ -47,9 +67,9 @@ module TCellAgent
|
|
|
47
67
|
|
|
48
68
|
if (::Rails::VERSION::MAJOR == 3)
|
|
49
69
|
ActionDispatch::Routing::RouteSet.class_eval do
|
|
50
|
-
alias_method :
|
|
70
|
+
alias_method :tcell_add_route, :add_route
|
|
51
71
|
def add_route(app, conditions = {}, requirements = {}, defaults = {}, name = nil, anchor = true)
|
|
52
|
-
route =
|
|
72
|
+
route = tcell_add_route(app, conditions, requirements, defaults, name, anchor)
|
|
53
73
|
|
|
54
74
|
TCellAgent::Instrumentation::Rails.instrument_route(route)
|
|
55
75
|
|
|
@@ -60,9 +80,22 @@ module TCellAgent
|
|
|
60
80
|
|
|
61
81
|
if (::Rails::VERSION::MAJOR == 4)
|
|
62
82
|
ActionDispatch::Journey::Routes.class_eval do
|
|
63
|
-
alias_method :
|
|
83
|
+
alias_method :tcell_add_route, :add_route
|
|
64
84
|
def add_route(app, path, conditions, defaults, name = nil)
|
|
65
|
-
route =
|
|
85
|
+
route = tcell_add_route(app, path, conditions, defaults, name)
|
|
86
|
+
|
|
87
|
+
TCellAgent::Instrumentation::Rails.instrument_route(route)
|
|
88
|
+
|
|
89
|
+
route
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
if (::Rails::VERSION::MAJOR == 5)
|
|
95
|
+
ActionDispatch::Journey::Routes.class_eval do
|
|
96
|
+
alias_method :tcell_add_route, :add_route
|
|
97
|
+
def add_route(name, mapping)
|
|
98
|
+
route = tcell_add_route(name, mapping)
|
|
66
99
|
|
|
67
100
|
TCellAgent::Instrumentation::Rails.instrument_route(route)
|
|
68
101
|
|
|
@@ -12,8 +12,8 @@ module TCellAgent
|
|
|
12
12
|
remote_addr,
|
|
13
13
|
param,
|
|
14
14
|
route_id,
|
|
15
|
-
|
|
16
|
-
|
|
15
|
+
meta=nil,
|
|
16
|
+
hmac_session_id=nil,
|
|
17
17
|
user_id=nil,
|
|
18
18
|
payload=nil,
|
|
19
19
|
pattern=nil)
|
|
@@ -21,31 +21,24 @@ module TCellAgent
|
|
|
21
21
|
self["dp"] = detection_point
|
|
22
22
|
self["param"] = param
|
|
23
23
|
self["remote_addr"] = remote_addr
|
|
24
|
-
if (route_id)
|
|
25
|
-
self["rou"] = route_id
|
|
26
|
-
end
|
|
27
24
|
self["m"] = method
|
|
28
25
|
@raw_location = location
|
|
29
26
|
@user_id = user_id
|
|
30
|
-
@
|
|
27
|
+
@hmac_session_id = hmac_session_id
|
|
31
28
|
@payload = payload
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
29
|
+
|
|
30
|
+
self["pattern"] = pattern if pattern
|
|
31
|
+
self["meta"] = meta if meta
|
|
32
|
+
self["rid"] = route_id if route_id
|
|
35
33
|
end
|
|
36
34
|
|
|
37
35
|
def post_process
|
|
38
|
-
self["
|
|
39
|
-
if @user_id
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
if @raw_session_id
|
|
43
|
-
hmac_key = Util.getHmacKey()
|
|
44
|
-
self["sid"] = Util.hmac(@raw_session_id, hmac_key)
|
|
45
|
-
end
|
|
46
|
-
if @payload
|
|
47
|
-
self["payload"] = @payload[0..150]
|
|
36
|
+
self["uri"] = Util.strip_uri_values(@raw_location)
|
|
37
|
+
self["uid"] = @user_id.to_s if @user_id
|
|
38
|
+
if @hmac_session_id
|
|
39
|
+
self["sid"] = @hmac_session_id
|
|
48
40
|
end
|
|
41
|
+
self["payload"] = @payload[0..150] if @payload
|
|
49
42
|
end
|
|
50
43
|
|
|
51
44
|
end
|
|
@@ -6,6 +6,8 @@ require 'tcell_agent/sensor_events/sensor'
|
|
|
6
6
|
require 'tcell_agent/agent'
|
|
7
7
|
require 'tcell_agent/agent/policy_types'
|
|
8
8
|
require 'tcell_agent/policies/appsensor_policy'
|
|
9
|
+
require 'tcell_agent/utils/params'
|
|
10
|
+
|
|
9
11
|
|
|
10
12
|
# Some Rules Originate from ModSecurity
|
|
11
13
|
# ModSecurity for Apache 2.x, http://www.modsecurity.org/
|
|
@@ -28,9 +30,11 @@ module TCellAgent
|
|
|
28
30
|
meta_event.request_content_len = (request.content_length || "0").to_i
|
|
29
31
|
meta_event.response_content_len = (rack_response.length || "0").to_i
|
|
30
32
|
meta_event.get_dict = request.GET
|
|
31
|
-
meta_event.post_dict = request.POST
|
|
32
33
|
meta_event.cookie_dict = request.cookies
|
|
33
34
|
|
|
35
|
+
# don't enqueue parameter values of unknown type to avoid any serialization issues
|
|
36
|
+
meta_event.post_dict = TCellAgent::Utils::Params.flatten(request.POST)
|
|
37
|
+
|
|
34
38
|
meta_event.response_code = response_code
|
|
35
39
|
meta_event.response_headers = response_headers
|
|
36
40
|
|
|
@@ -76,7 +80,8 @@ module TCellAgent
|
|
|
76
80
|
else
|
|
77
81
|
if request_content_type =~ %r{application/json}i && request_body
|
|
78
82
|
begin
|
|
79
|
-
|
|
83
|
+
# don't enqueue parameter values of unknown type to avoid any serialization issues
|
|
84
|
+
@body_dict = TCellAgent::Utils::Params.flatten(JSON.parse(request_body))
|
|
80
85
|
rescue
|
|
81
86
|
TCellAgent.logger.debug("JSON body parameter parsing failed")
|
|
82
87
|
@body_dict = {}
|
|
@@ -44,7 +44,7 @@ module TCellAgent
|
|
|
44
44
|
end
|
|
45
45
|
end
|
|
46
46
|
class TCellRedirectSensorEvent < TCellSensorEvent
|
|
47
|
-
def initialize(redirect_domain, original_domain, original_url, method, route_id, status_code, remote_addr,
|
|
47
|
+
def initialize(redirect_domain, original_domain, original_url, method, route_id, status_code, remote_addr, hmac_session_id=nil, user_id=nil)
|
|
48
48
|
super("redirect")
|
|
49
49
|
@raw_original_url = original_url
|
|
50
50
|
self["method"] = method
|
|
@@ -56,36 +56,35 @@ module TCellAgent
|
|
|
56
56
|
end
|
|
57
57
|
@raw_redirect_domain = redirect_domain
|
|
58
58
|
@user_id = user_id
|
|
59
|
-
@
|
|
59
|
+
@hmac_session_id = hmac_session_id
|
|
60
60
|
end
|
|
61
61
|
def post_process
|
|
62
62
|
self["from"] = Util.strip_uri_values(@raw_original_url)
|
|
63
63
|
self["to"] = @raw_redirect_domain
|
|
64
|
-
if @
|
|
65
|
-
|
|
66
|
-
self["sid"] = Util.hmac(@raw_session_id, hmac_key)
|
|
64
|
+
if @hmac_session_id
|
|
65
|
+
self["sid"] = @hmac_session_id
|
|
67
66
|
end
|
|
68
67
|
end
|
|
69
68
|
end
|
|
69
|
+
|
|
70
70
|
class TCellFingerprintSensorEvent < TCellSensorEvent
|
|
71
|
-
def initialize(request,
|
|
71
|
+
def initialize(request, hmac_session_id, user_id=nil)
|
|
72
72
|
super("fingerprint")
|
|
73
73
|
@raw_request = request
|
|
74
|
-
@
|
|
74
|
+
@hmac_session_id = hmac_session_id
|
|
75
75
|
@user_id = user_id
|
|
76
76
|
end
|
|
77
77
|
def post_process
|
|
78
78
|
if !(@raw_request.headers.key?("HTTP_USER_AGENT"))
|
|
79
79
|
raise "User Agent not Found!"
|
|
80
|
-
end
|
|
80
|
+
end
|
|
81
81
|
self["ua"] = @raw_request.headers["HTTP_USER_AGENT"]
|
|
82
82
|
self["ip"] = @raw_request.remote_ip
|
|
83
|
-
|
|
84
|
-
self["sid"] = Util.hmac(@raw_session_id, hmac_key)
|
|
83
|
+
self["sid"] = @hmac_session_id
|
|
85
84
|
if @user_id
|
|
86
85
|
self["uid"] = @user_id
|
|
87
86
|
end
|
|
88
87
|
end
|
|
89
88
|
end
|
|
90
89
|
end
|
|
91
|
-
end
|
|
90
|
+
end
|
|
@@ -20,25 +20,30 @@ module TCellAgent
|
|
|
20
20
|
super("server_agent_details")
|
|
21
21
|
@flush = true
|
|
22
22
|
@ensure = true
|
|
23
|
+
|
|
24
|
+
self["user"] = "unknown"
|
|
25
|
+
self["group"] = "unknown"
|
|
26
|
+
|
|
23
27
|
begin
|
|
24
28
|
login = Etc.getlogin
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
self["group"] = "unknown"
|
|
29
|
+
if login
|
|
30
|
+
self["user"] = login
|
|
31
|
+
begin
|
|
32
|
+
info = Etc.getpwnam(login)
|
|
33
|
+
self["group"] = info.gid.to_s
|
|
34
|
+
rescue Exception => te
|
|
35
|
+
TCellAgent.logger.warn("Exception finding group id: #{te.message}")
|
|
36
|
+
TCellAgent.logger.debug(te.backtrace)
|
|
37
|
+
end
|
|
35
38
|
end
|
|
39
|
+
|
|
36
40
|
rescue Exception => to
|
|
37
|
-
self["user"] = "unknown"
|
|
38
|
-
self["group"] = "unknown"
|
|
39
41
|
TCellAgent.logger.warn("Exception finding user & group: #{to.message}")
|
|
40
42
|
TCellAgent.logger.debug(te.backtrace)
|
|
41
43
|
end
|
|
44
|
+
|
|
45
|
+
TCellAgent.logger.debug("User #{self["user"]}")
|
|
46
|
+
TCellAgent.logger.debug("Group #{self["group"]}")
|
|
42
47
|
end
|
|
43
48
|
end
|
|
44
49
|
class ServerAgentDetailsLanguageEvent < TCellSensorEvent
|