tcell_agent 0.2.19 → 0.2.21
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE_libinjection +32 -0
- data/Rakefile +14 -1
- data/ext/libinjection/extconf.rb +3 -0
- data/ext/libinjection/libinjection.h +65 -0
- data/ext/libinjection/libinjection_html5.c +847 -0
- data/ext/libinjection/libinjection_html5.h +54 -0
- data/ext/libinjection/libinjection_sqli.c +2317 -0
- data/ext/libinjection/libinjection_sqli.h +295 -0
- data/ext/libinjection/libinjection_sqli_data.h +9004 -0
- data/ext/libinjection/libinjection_wrap.c +3525 -0
- data/ext/libinjection/libinjection_xss.c +531 -0
- data/ext/libinjection/libinjection_xss.h +21 -0
- data/lib/tcell_agent/configuration.rb +0 -48
- data/lib/tcell_agent/logger.rb +1 -0
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +8 -20
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +30 -46
- data/lib/tcell_agent/policies/appsensor/login_sensor.rb +1 -4
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +8 -22
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +143 -0
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/sensor.rb +21 -2
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +9 -0
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +1 -5
- data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +9 -1
- data/lib/tcell_agent/policies/appsensor_policy.rb +40 -19
- data/lib/tcell_agent/policies/http_redirect_policy.rb +12 -2
- data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
- data/lib/tcell_agent/rails/dlp.rb +98 -76
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +2 -2
- data/lib/tcell_agent/rails/on_start.rb +53 -20
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +12 -19
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -2
- data/lib/tcell_agent/sensor_events/sensor.rb +10 -11
- data/lib/tcell_agent/sensor_events/server_agent.rb +17 -12
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +148 -139
- data/lib/tcell_agent/utils/params.rb +24 -21
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +0 -179
- data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +6 -4
- data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +31 -22
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +466 -0
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +890 -0
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +484 -0
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -3
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +1 -1
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +85 -0
- data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +36 -16
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +188 -312
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +61 -0
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +18 -11
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +14 -15
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +1 -1
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +6 -5
- data/spec/lib/tcell_agent/utils/params_spec.rb +28 -108
- data/tcell_agent.gemspec +21 -1
- metadata +37 -4
@@ -8,146 +8,155 @@ require 'uri'
|
|
8
8
|
require 'openssl'
|
9
9
|
|
10
10
|
module TCellAgent
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
else
|
58
|
-
if lower_header_name == "content-type"
|
59
|
-
content_type = header_value
|
60
|
-
end
|
61
|
-
if ["content-type", "content-length"].include?(lower_header_name)
|
62
|
-
sanitized_headers[header_name] = [header_value]
|
63
|
-
else
|
64
|
-
sanitized_headers[header_name] = []
|
65
|
-
end
|
66
|
-
end
|
67
|
-
end
|
68
|
-
new_response = {"status"=> status,
|
69
|
-
"headers"=>sanitized_headers}
|
70
|
-
new_response
|
71
|
-
end
|
72
|
-
def self.santize_request_cookie_string(request_cookie_string)
|
73
|
-
hmacKey = Util.getHmacKey()
|
74
|
-
sanitized_cookies = Hash.new
|
75
|
-
cookies = CGI::Cookie::parse(request_cookie_string)
|
76
|
-
cookies.each do |cookie_name, cookie_value|
|
77
|
-
if cookie_value.length != 1
|
78
|
-
next
|
79
|
-
end
|
80
|
-
sanitized_cookies[cookie_name] = Util.hmac(cookie_value[0], hmacKey)
|
81
|
-
end
|
82
|
-
sanitized_cookies.map{|k,v| "#{k}=#{v}"}.join(';')
|
83
|
-
end
|
84
|
-
def self.santize_response_cookie_string(response_cookie_string_value)
|
85
|
-
hmacKey = Util.getHmacKey()
|
86
|
-
cookie_parts = response_cookie_string_value.split('; ')
|
87
|
-
cookie_string = cookie_parts[0]
|
88
|
-
cookies = CGI::Cookie::parse(cookie_string)
|
89
|
-
if cookies.length != 1
|
90
|
-
return "[COOKIEMALFORMED]"
|
91
|
-
end
|
92
|
-
cookie_name = cookies.keys.first
|
93
|
-
cookie_values = cookies.values.first
|
94
|
-
if (cookie_values.length != 1)
|
95
|
-
return "[COOKIEHADTOOMANYVALUES]"
|
96
|
-
end
|
97
|
-
h = Util.hmac(cookie_values[0], hmacKey)
|
98
|
-
new_cookie_string = "#{cookie_name}=#{h}"
|
99
|
-
cookie_parts[0] = new_cookie_string
|
100
|
-
cookie_parts.map{|k,v| "#{k}=#{v}"}.join('; ')
|
101
|
-
end
|
102
|
-
def self.sanitize_query_string(query)
|
103
|
-
hmacKey = Util.getHmacKey()
|
104
|
-
params = CGI::parse(query)
|
105
|
-
params.each do |param_name, param_values|
|
106
|
-
if param_values == nil || param_values.length == 0
|
107
|
-
next
|
108
|
-
end
|
109
|
-
if (param_name.match(/password/i) ||
|
110
|
-
param_name.match(/passwd/i) ||
|
111
|
-
param_name.match(/token/i) ||
|
112
|
-
param_name.match(/sessionid/i))
|
113
|
-
params[param_name] = ["?"]
|
114
|
-
next
|
115
|
-
end
|
116
|
-
new_param_values = []
|
117
|
-
param_values.each do |param_value|
|
118
|
-
h = Util.hmac(param_value, hmacKey)
|
119
|
-
new_param_values.push << h
|
120
|
-
end
|
121
|
-
params[param_name] = new_param_values
|
122
|
-
end
|
123
|
-
params.map{|k,v| "#{k}=#{v.join(',')}"}.join('&')
|
124
|
-
end
|
125
|
-
def self.strip_values_query_string(query)
|
126
|
-
params = CGI::parse(query)
|
127
|
-
params.each do |param_name, param_values|
|
128
|
-
if param_values == nil || param_values.length == 0
|
129
|
-
next
|
130
|
-
end
|
131
|
-
params[param_name] = [""]
|
132
|
-
end
|
133
|
-
params.map{|k,v| "#{k}=#{v.join(',')}"}.join('&')
|
134
|
-
end
|
135
|
-
def self.sanitize_uri(uri_string)
|
136
|
-
uri = URI(uri_string)
|
137
|
-
query = uri.query
|
138
|
-
if (query)
|
139
|
-
uri.query = sanitize_query_string(query)
|
140
|
-
end
|
141
|
-
return uri.to_s
|
11
|
+
module SensorEvents
|
12
|
+
module Util
|
13
|
+
def self.hmac(data)
|
14
|
+
hmac_key = Util.get_hmac_key()
|
15
|
+
|
16
|
+
h = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), hmac_key.to_s, data)
|
17
|
+
|
18
|
+
return h[0...h.length/2]
|
19
|
+
end
|
20
|
+
|
21
|
+
def self.request_sanitized_json(request)
|
22
|
+
sanitized_headers = Hash.new
|
23
|
+
headers = request.headers.select {|k,v| k.start_with? 'HTTP_'}
|
24
|
+
.collect {|pair| [pair[0].sub(/^HTTP_/, ''), pair[1]]}
|
25
|
+
.sort
|
26
|
+
headers.each do |header_name, header_value|
|
27
|
+
lower_header_name = header_name.downcase
|
28
|
+
if lower_header_name == "cookie"
|
29
|
+
sanitized_headers[header_name] = [self.santize_request_cookie_string(header_value)]
|
30
|
+
elsif ["content_type", "content_length","user_agent","csp"].include?(lower_header_name)
|
31
|
+
sanitized_headers[header_name] = [header_value]
|
32
|
+
else
|
33
|
+
sanitized_headers[header_name] = []
|
34
|
+
end
|
35
|
+
end
|
36
|
+
new_request = {"method"=>request.request_method,
|
37
|
+
"uri"=>self.sanitize_uri(request.fullpath),
|
38
|
+
"headers"=>sanitized_headers}
|
39
|
+
request_body = request.body.read
|
40
|
+
if request_body
|
41
|
+
new_request["post_data"] = sanitize_query_string(request_body)
|
42
|
+
end
|
43
|
+
new_request
|
44
|
+
end
|
45
|
+
|
46
|
+
def self.response_sanitized_json(response)
|
47
|
+
status, headers, body = *response
|
48
|
+
sanitized_headers = Hash.new
|
49
|
+
content_type = "unknown"
|
50
|
+
headers.each do |header_name, header_value|
|
51
|
+
lower_header_name = header_name.downcase
|
52
|
+
if lower_header_name == "set-cookie"
|
53
|
+
sanitized_headers[header_name] = [self.santize_response_cookie_string(header_value)]
|
54
|
+
else
|
55
|
+
if lower_header_name == "content-type"
|
56
|
+
content_type = header_value
|
142
57
|
end
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
uri.query = strip_values_query_string(query)
|
148
|
-
end
|
149
|
-
return uri.to_s
|
58
|
+
if ["content-type", "content-length"].include?(lower_header_name)
|
59
|
+
sanitized_headers[header_name] = [header_value]
|
60
|
+
else
|
61
|
+
sanitized_headers[header_name] = []
|
150
62
|
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
new_response = {"status"=> status,
|
66
|
+
"headers"=>sanitized_headers}
|
67
|
+
new_response
|
68
|
+
end
|
69
|
+
|
70
|
+
def self.santize_request_cookie_string(request_cookie_string)
|
71
|
+
sanitized_cookies = Hash.new
|
72
|
+
cookies = CGI::Cookie::parse(request_cookie_string)
|
73
|
+
cookies.each do |cookie_name, cookie_value|
|
74
|
+
if cookie_value.length != 1
|
75
|
+
next
|
76
|
+
end
|
77
|
+
sanitized_cookies[cookie_name] = Util.hmac(cookie_value[0])
|
78
|
+
end
|
79
|
+
sanitized_cookies.map{|k,v| "#{k}=#{v}"}.join(';')
|
80
|
+
end
|
81
|
+
|
82
|
+
def self.santize_response_cookie_string(response_cookie_string_value)
|
83
|
+
cookie_parts = response_cookie_string_value.split('; ')
|
84
|
+
cookie_string = cookie_parts[0]
|
85
|
+
cookies = CGI::Cookie::parse(cookie_string)
|
86
|
+
if cookies.length != 1
|
87
|
+
return "[COOKIEMALFORMED]"
|
88
|
+
end
|
89
|
+
cookie_name = cookies.keys.first
|
90
|
+
cookie_values = cookies.values.first
|
91
|
+
if (cookie_values.length != 1)
|
92
|
+
return "[COOKIEHADTOOMANYVALUES]"
|
93
|
+
end
|
94
|
+
h = Util.hmac(cookie_values[0])
|
95
|
+
new_cookie_string = "#{cookie_name}=#{h}"
|
96
|
+
cookie_parts[0] = new_cookie_string
|
97
|
+
cookie_parts.map{|k,v| "#{k}=#{v}"}.join('; ')
|
98
|
+
end
|
99
|
+
|
100
|
+
def self.sanitize_query_string(query)
|
101
|
+
params = CGI::parse(query)
|
102
|
+
params.each do |param_name, param_values|
|
103
|
+
if param_values == nil || param_values.length == 0
|
104
|
+
next
|
105
|
+
end
|
106
|
+
if (param_name.match(/password/i) ||
|
107
|
+
param_name.match(/passwd/i) ||
|
108
|
+
param_name.match(/token/i) ||
|
109
|
+
param_name.match(/sessionid/i))
|
110
|
+
params[param_name] = ["?"]
|
111
|
+
next
|
112
|
+
end
|
113
|
+
new_param_values = []
|
114
|
+
param_values.each do |param_value|
|
115
|
+
h = Util.hmac(param_value)
|
116
|
+
new_param_values.push << h
|
117
|
+
end
|
118
|
+
params[param_name] = new_param_values
|
119
|
+
end
|
120
|
+
params.map{|k,v| "#{k}=#{v.join(',')}"}.join('&')
|
121
|
+
end
|
122
|
+
|
123
|
+
def self.strip_values_query_string(query)
|
124
|
+
params = CGI::parse(query)
|
125
|
+
params.each do |param_name, param_values|
|
126
|
+
if param_values == nil || param_values.length == 0
|
127
|
+
next
|
128
|
+
end
|
129
|
+
params[param_name] = [""]
|
130
|
+
end
|
131
|
+
params.map{|k,v| "#{k}=#{v.join(',')}"}.join('&')
|
132
|
+
end
|
133
|
+
|
134
|
+
def self.sanitize_uri(uri_string)
|
135
|
+
uri = URI(uri_string)
|
136
|
+
query = uri.query
|
137
|
+
if (query)
|
138
|
+
uri.query = sanitize_query_string(query)
|
139
|
+
end
|
140
|
+
return uri.to_s
|
141
|
+
end
|
142
|
+
|
143
|
+
def self.strip_uri_values(uri_string)
|
144
|
+
uri = URI(uri_string)
|
145
|
+
query = uri.query
|
146
|
+
if (query)
|
147
|
+
uri.query = strip_values_query_string(query)
|
148
|
+
end
|
149
|
+
return uri.to_s
|
150
|
+
end
|
151
|
+
|
152
|
+
def self.get_hmac_key
|
153
|
+
if (TCellAgent.configuration.hmac_key)
|
154
|
+
return TCellAgent.configuration.hmac_key
|
155
|
+
elsif (TCellAgent.configuration.app_id)
|
156
|
+
return TCellAgent.configuration.app_id
|
151
157
|
end
|
158
|
+
return "tcell_hmac_key"
|
159
|
+
end
|
152
160
|
end
|
153
|
-
end
|
161
|
+
end
|
162
|
+
end
|
@@ -4,35 +4,38 @@ module TCellAgent
|
|
4
4
|
GET_PARAM = "get"
|
5
5
|
POST_PARAM = "post"
|
6
6
|
JSON_PARAM = "json"
|
7
|
+
URI_PARAM = "uri"
|
7
8
|
COOKIE_PARAM = "cookies"
|
8
9
|
|
9
|
-
def
|
10
|
-
|
10
|
+
def self.flatten(param_dict, namespace=nil)
|
11
|
+
flattened = {}
|
12
|
+
namespace = [] unless namespace
|
13
|
+
param_dict.each do |param_name, param_value|
|
14
|
+
if param_value.is_a?(Hash)
|
15
|
+
flattened = flattened.merge(flatten(param_value, namespace.dup << param_name.to_s))
|
11
16
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
+
elsif param_value.is_a?(Array)
|
18
|
+
param_value.each_with_index do |val, index|
|
19
|
+
new_namespace = namespace.dup + [index, param_name.to_s]
|
20
|
+
if val.is_a?(Hash)
|
21
|
+
flattened = flattened.merge(flatten(val, new_namespace))
|
22
|
+
elsif val.is_a?(String) || val.is_a?(Symbol)
|
23
|
+
flattened[new_namespace.freeze] = val.to_s
|
24
|
+
else
|
25
|
+
# DROP any unrecognized types (like Tempfiles and other such possible things)
|
26
|
+
end
|
17
27
|
end
|
18
|
-
end
|
19
|
-
|
20
|
-
elsif param_value.is_a?(Array)
|
21
|
-
param_value.each do |v|
|
22
|
-
result = param_deep_loop(param_name, v, &block)
|
23
|
-
return result if result
|
24
|
-
end
|
25
28
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
#param_type = str(type(param_value))
|
29
|
+
elsif param_value.is_a?(String) || param_value.is_a?(Symbol)
|
30
|
+
new_key = namespace.dup << param_name.to_s
|
31
|
+
flattened[new_key.freeze] = param_value.to_s
|
30
32
|
|
31
|
-
|
32
|
-
|
33
|
+
else
|
34
|
+
# DROP any unrecognized types (like Tempfiles and other such possible things)
|
35
|
+
end
|
33
36
|
end
|
34
37
|
|
35
|
-
return
|
38
|
+
return flattened
|
36
39
|
end
|
37
40
|
|
38
41
|
end
|
data/lib/tcell_agent/version.rb
CHANGED
@@ -3,176 +3,6 @@ require 'spec_helper'
|
|
3
3
|
module TCellAgent
|
4
4
|
|
5
5
|
describe Configuration do
|
6
|
-
describe "#load_app_sensor_restrictions" do
|
7
|
-
before(:each) do
|
8
|
-
@config_file = double("config", read: {
|
9
|
-
version: 1,
|
10
|
-
applications: [
|
11
|
-
{
|
12
|
-
allow_unencrypted_appsensor_payloads: true
|
13
|
-
}
|
14
|
-
]
|
15
|
-
}.to_json)
|
16
|
-
end
|
17
|
-
|
18
|
-
context "with no payloads file present" do
|
19
|
-
it "should set blacklist to default params and whitelist to empty" do
|
20
|
-
expect(File).to receive(:file?).with(
|
21
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
22
|
-
).and_return(true)
|
23
|
-
expect(File).to receive(:open).with(
|
24
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
25
|
-
).and_return(@config_file)
|
26
|
-
expect(File).to receive(:file?).with(
|
27
|
-
"config/tcell_agent_payloads.config"
|
28
|
-
).and_return(false)
|
29
|
-
expect(File).to_not receive(:open)
|
30
|
-
configuration = TCellAgent::Configuration.new
|
31
|
-
|
32
|
-
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
33
|
-
expect(configuration.blacklisted_params).to eq({
|
34
|
-
"token" => true,
|
35
|
-
"client_secret" => true,
|
36
|
-
"password" => true,
|
37
|
-
"passwd" => true,
|
38
|
-
"refresh_token" => true,
|
39
|
-
"pf.pass" => true,
|
40
|
-
"user.password" => true
|
41
|
-
})
|
42
|
-
expect(configuration.whitelisted_params).to eq({})
|
43
|
-
expect(configuration.whitelist_present).to eq(false)
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
context "with a payloads file present" do
|
48
|
-
context "with a malformed payloads file" do
|
49
|
-
it "should set blacklist to default params and whitelist to empty" do
|
50
|
-
payloads_file = double("payloads", read: "{ whitelist: { test } ")
|
51
|
-
expect(File).to receive(:file?).with(
|
52
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
53
|
-
).and_return(true)
|
54
|
-
expect(File).to receive(:open).with(
|
55
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
56
|
-
).and_return(@config_file)
|
57
|
-
expect(File).to receive(:file?).with("config/tcell_agent_payloads.config").and_return(true)
|
58
|
-
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
59
|
-
configuration = TCellAgent::Configuration.new
|
60
|
-
|
61
|
-
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(false)
|
62
|
-
expect(configuration.blacklisted_params).to eq({
|
63
|
-
"token" => true,
|
64
|
-
"client_secret" => true,
|
65
|
-
"password" => true,
|
66
|
-
"passwd" => true,
|
67
|
-
"refresh_token" => true,
|
68
|
-
"pf.pass" => true,
|
69
|
-
"user.password" => true
|
70
|
-
})
|
71
|
-
expect(configuration.whitelisted_params).to eq({})
|
72
|
-
expect(configuration.whitelist_present).to eq(false)
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
context "with a payloads file" do
|
77
|
-
context "with empty json" do
|
78
|
-
it "should set blacklist to default params and whitelist to empty" do
|
79
|
-
payloads_file = double("payloads", read: "{}")
|
80
|
-
expect(File).to receive(:file?).with(
|
81
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
82
|
-
).and_return(true)
|
83
|
-
expect(File).to receive(:open).with(
|
84
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
85
|
-
).and_return(@config_file)
|
86
|
-
expect(File).to receive(:file?).with("config/tcell_agent_payloads.config").and_return(true)
|
87
|
-
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
88
|
-
configuration = TCellAgent::Configuration.new
|
89
|
-
|
90
|
-
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
91
|
-
expect(configuration.blacklisted_params).to eq({
|
92
|
-
"token" => true,
|
93
|
-
"client_secret" => true,
|
94
|
-
"password" => true,
|
95
|
-
"passwd" => true,
|
96
|
-
"refresh_token" => true,
|
97
|
-
"pf.pass" => true,
|
98
|
-
"user.password" => true
|
99
|
-
})
|
100
|
-
expect(configuration.whitelisted_params).to eq({})
|
101
|
-
expect(configuration.whitelist_present).to eq(false)
|
102
|
-
end
|
103
|
-
end
|
104
|
-
|
105
|
-
context "with blacklisted present" do
|
106
|
-
it "should set blacklist but whitelist is empty" do
|
107
|
-
payloads_file = double("payloads", read:{blacklisted:["passwd"]}.to_json)
|
108
|
-
expect(File).to receive(:file?).with(
|
109
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
110
|
-
).and_return(true)
|
111
|
-
expect(File).to receive(:open).with(
|
112
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
113
|
-
).and_return(@config_file)
|
114
|
-
expect(File).to receive(:file?).with("config/tcell_agent_payloads.config").and_return(true)
|
115
|
-
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
116
|
-
configuration = TCellAgent::Configuration.new
|
117
|
-
|
118
|
-
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
119
|
-
expect(configuration.blacklisted_params).to eq({"passwd" => true})
|
120
|
-
expect(configuration.whitelisted_params).to eq({})
|
121
|
-
expect(configuration.whitelist_present).to eq(false)
|
122
|
-
end
|
123
|
-
end
|
124
|
-
|
125
|
-
context "with whitelist present" do
|
126
|
-
it "should set whitelist and blacklist to default params" do
|
127
|
-
payloads_file = double("payloads", read: {whitelisted: ["passwd"]}.to_json)
|
128
|
-
expect(File).to receive(:file?).with(
|
129
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
130
|
-
).and_return(true)
|
131
|
-
expect(File).to receive(:open).with(
|
132
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
133
|
-
).and_return(@config_file)
|
134
|
-
expect(File).to receive(:file?).with("config/tcell_agent_payloads.config").and_return(true)
|
135
|
-
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
136
|
-
configuration = TCellAgent::Configuration.new
|
137
|
-
|
138
|
-
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
139
|
-
expect(configuration.blacklisted_params).to eq({
|
140
|
-
"token" => true,
|
141
|
-
"client_secret" => true,
|
142
|
-
"password" => true,
|
143
|
-
"passwd" => true,
|
144
|
-
"refresh_token" => true,
|
145
|
-
"pf.pass" => true,
|
146
|
-
"user.password" => true
|
147
|
-
})
|
148
|
-
expect(configuration.whitelisted_params).to eq({"passwd" => true})
|
149
|
-
expect(configuration.whitelist_present).to eq(true)
|
150
|
-
end
|
151
|
-
end
|
152
|
-
|
153
|
-
context "with blacklist and whitelist present" do
|
154
|
-
it "should set whitelist and blacklist" do
|
155
|
-
payloads_file = double("payloads", read: {blacklisted: ["ssn"], whitelisted: ["passwd"]}.to_json)
|
156
|
-
expect(File).to receive(:file?).with(
|
157
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
158
|
-
).and_return(true)
|
159
|
-
expect(File).to receive(:open).with(
|
160
|
-
File.join(Dir.getwd, "config/tcell_agent.config")
|
161
|
-
).and_return(@config_file)
|
162
|
-
expect(File).to receive(:file?).with("config/tcell_agent_payloads.config").and_return(true)
|
163
|
-
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
164
|
-
configuration = TCellAgent::Configuration.new
|
165
|
-
|
166
|
-
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
167
|
-
expect(configuration.blacklisted_params).to eq({"ssn" => true})
|
168
|
-
expect(configuration.whitelisted_params).to eq({"passwd" => true})
|
169
|
-
expect(configuration.whitelist_present).to eq(true)
|
170
|
-
end
|
171
|
-
end
|
172
|
-
end
|
173
|
-
end
|
174
|
-
|
175
|
-
end
|
176
6
|
|
177
7
|
describe "#agent_home_dir" do
|
178
8
|
context "no TCELL_AGENT_HOME defined" do
|
@@ -287,9 +117,6 @@ module TCellAgent
|
|
287
117
|
expect(File).to receive(:open).with(
|
288
118
|
File.join(Dir.getwd, "no_data_ex.config")
|
289
119
|
).and_return(no_data_ex)
|
290
|
-
expect(File).to receive(:file?).with(
|
291
|
-
"config/tcell_agent_payloads.config"
|
292
|
-
).and_return(false)
|
293
120
|
configuration = Configuration.new("no_data_ex.config")
|
294
121
|
|
295
122
|
expect(configuration.max_data_ex_db_records_per_request).to eq(1000)
|
@@ -316,9 +143,6 @@ module TCellAgent
|
|
316
143
|
expect(File).to receive(:open).with(
|
317
144
|
File.join(Dir.getwd, "no_data_ex.config")
|
318
145
|
).and_return(no_data_ex)
|
319
|
-
expect(File).to receive(:file?).with(
|
320
|
-
"config/tcell_agent_payloads.config"
|
321
|
-
).and_return(false)
|
322
146
|
configuration = Configuration.new("no_data_ex.config")
|
323
147
|
|
324
148
|
expect(configuration.max_data_ex_db_records_per_request).to eq(1000)
|
@@ -347,9 +171,6 @@ module TCellAgent
|
|
347
171
|
expect(File).to receive(:open).with(
|
348
172
|
File.join(Dir.getwd, "no_data_ex.config")
|
349
173
|
).and_return(no_data_ex)
|
350
|
-
expect(File).to receive(:file?).with(
|
351
|
-
"config/tcell_agent_payloads.config"
|
352
|
-
).and_return(false)
|
353
174
|
configuration = Configuration.new("no_data_ex.config")
|
354
175
|
|
355
176
|
expect(configuration.max_data_ex_db_records_per_request).to eq(5000)
|
@@ -92,8 +92,9 @@ module TCellAgent
|
|
92
92
|
"dp" => DatabaseSensor::DP_CODE,
|
93
93
|
"param" => nil,
|
94
94
|
"remote_addr" => "ip_address",
|
95
|
-
"
|
96
|
-
"m" => "get"
|
95
|
+
"rid" => "route_id",
|
96
|
+
"m" => "get",
|
97
|
+
"meta" => {"rows" => 11}
|
97
98
|
}
|
98
99
|
)
|
99
100
|
sensor.check(tcell_data, 11)
|
@@ -147,8 +148,9 @@ module TCellAgent
|
|
147
148
|
"dp" => DatabaseSensor::DP_CODE,
|
148
149
|
"param" => nil,
|
149
150
|
"remote_addr" => "ip_address",
|
150
|
-
"
|
151
|
-
"m" => "get"
|
151
|
+
"rid" => "route_id",
|
152
|
+
"m" => "get",
|
153
|
+
"meta" => {"rows" => 11}
|
152
154
|
}
|
153
155
|
)
|
154
156
|
sensor.check(tcell_data, 11)
|