tcell_agent 0.2.19 → 0.2.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE_libinjection +32 -0
  3. data/Rakefile +14 -1
  4. data/ext/libinjection/extconf.rb +3 -0
  5. data/ext/libinjection/libinjection.h +65 -0
  6. data/ext/libinjection/libinjection_html5.c +847 -0
  7. data/ext/libinjection/libinjection_html5.h +54 -0
  8. data/ext/libinjection/libinjection_sqli.c +2317 -0
  9. data/ext/libinjection/libinjection_sqli.h +295 -0
  10. data/ext/libinjection/libinjection_sqli_data.h +9004 -0
  11. data/ext/libinjection/libinjection_wrap.c +3525 -0
  12. data/ext/libinjection/libinjection_xss.c +531 -0
  13. data/ext/libinjection/libinjection_xss.h +21 -0
  14. data/lib/tcell_agent/configuration.rb +0 -48
  15. data/lib/tcell_agent/logger.rb +1 -0
  16. data/lib/tcell_agent/policies/appsensor/database_sensor.rb +8 -20
  17. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +30 -46
  18. data/lib/tcell_agent/policies/appsensor/login_sensor.rb +1 -4
  19. data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +8 -22
  20. data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +143 -0
  21. data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -1
  22. data/lib/tcell_agent/policies/appsensor/sensor.rb +21 -2
  23. data/lib/tcell_agent/policies/appsensor/size_sensor.rb +3 -1
  24. data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +9 -0
  25. data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +1 -5
  26. data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +9 -1
  27. data/lib/tcell_agent/policies/appsensor_policy.rb +40 -19
  28. data/lib/tcell_agent/policies/http_redirect_policy.rb +12 -2
  29. data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
  30. data/lib/tcell_agent/rails/dlp.rb +98 -76
  31. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  32. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +2 -2
  33. data/lib/tcell_agent/rails/on_start.rb +53 -20
  34. data/lib/tcell_agent/sensor_events/appsensor_event.rb +12 -19
  35. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -2
  36. data/lib/tcell_agent/sensor_events/sensor.rb +10 -11
  37. data/lib/tcell_agent/sensor_events/server_agent.rb +17 -12
  38. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +148 -139
  39. data/lib/tcell_agent/utils/params.rb +24 -21
  40. data/lib/tcell_agent/version.rb +1 -1
  41. data/spec/lib/tcell_agent/configuration_spec.rb +0 -179
  42. data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +6 -4
  43. data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +31 -22
  44. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +466 -0
  45. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +890 -0
  46. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +484 -0
  47. data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -3
  48. data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +4 -4
  49. data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +1 -1
  50. data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +85 -0
  51. data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +36 -16
  52. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +188 -312
  53. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +61 -0
  54. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +18 -11
  55. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +14 -15
  56. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +1 -1
  57. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +6 -5
  58. data/spec/lib/tcell_agent/utils/params_spec.rb +28 -108
  59. data/tcell_agent.gemspec +21 -1
  60. metadata +37 -4
@@ -8,146 +8,155 @@ require 'uri'
8
8
  require 'openssl'
9
9
 
10
10
  module TCellAgent
11
- module SensorEvents
12
- module Util
13
- def self.getHmacKey
14
- if (TCellAgent.configuration.hmac_key)
15
- return TCellAgent.configuration.hmac_key
16
- elsif (TCellAgent.configuration.app_id)
17
- return TCellAgent.configuration.app_id
18
- end
19
- return "tcell_hmac_key"
20
- end
21
- def self.hmac(data, hmacKey)
22
- hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), hmacKey.to_s, data)
23
- return hmac
24
- end
25
- def self.request_sanitized_json(request)
26
- sanitized_headers = Hash.new
27
- headers = request.headers.select {|k,v| k.start_with? 'HTTP_'}
28
- .collect {|pair| [pair[0].sub(/^HTTP_/, ''), pair[1]]}
29
- .sort
30
- headers.each do |header_name, header_value|
31
- lower_header_name = header_name.downcase
32
- if lower_header_name == "cookie"
33
- sanitized_headers[header_name] = [self.santize_request_cookie_string(header_value)]
34
- elsif ["content_type", "content_length","user_agent","csp"].include?(lower_header_name)
35
- sanitized_headers[header_name] = [header_value]
36
- else
37
- sanitized_headers[header_name] = []
38
- end
39
- end
40
- new_request = {"method"=>request.request_method,
41
- "uri"=>self.sanitize_uri(request.fullpath),
42
- "headers"=>sanitized_headers}
43
- request_body = request.body.read
44
- if request_body
45
- new_request["post_data"] = sanitize_query_string(request_body)
46
- end
47
- new_request
48
- end
49
- def self.response_sanitized_json(response)
50
- status, headers, body = *response
51
- sanitized_headers = Hash.new
52
- content_type = "unknown"
53
- headers.each do |header_name, header_value|
54
- lower_header_name = header_name.downcase
55
- if lower_header_name == "set-cookie"
56
- sanitized_headers[header_name] = [self.santize_response_cookie_string(header_value)]
57
- else
58
- if lower_header_name == "content-type"
59
- content_type = header_value
60
- end
61
- if ["content-type", "content-length"].include?(lower_header_name)
62
- sanitized_headers[header_name] = [header_value]
63
- else
64
- sanitized_headers[header_name] = []
65
- end
66
- end
67
- end
68
- new_response = {"status"=> status,
69
- "headers"=>sanitized_headers}
70
- new_response
71
- end
72
- def self.santize_request_cookie_string(request_cookie_string)
73
- hmacKey = Util.getHmacKey()
74
- sanitized_cookies = Hash.new
75
- cookies = CGI::Cookie::parse(request_cookie_string)
76
- cookies.each do |cookie_name, cookie_value|
77
- if cookie_value.length != 1
78
- next
79
- end
80
- sanitized_cookies[cookie_name] = Util.hmac(cookie_value[0], hmacKey)
81
- end
82
- sanitized_cookies.map{|k,v| "#{k}=#{v}"}.join(';')
83
- end
84
- def self.santize_response_cookie_string(response_cookie_string_value)
85
- hmacKey = Util.getHmacKey()
86
- cookie_parts = response_cookie_string_value.split('; ')
87
- cookie_string = cookie_parts[0]
88
- cookies = CGI::Cookie::parse(cookie_string)
89
- if cookies.length != 1
90
- return "[COOKIEMALFORMED]"
91
- end
92
- cookie_name = cookies.keys.first
93
- cookie_values = cookies.values.first
94
- if (cookie_values.length != 1)
95
- return "[COOKIEHADTOOMANYVALUES]"
96
- end
97
- h = Util.hmac(cookie_values[0], hmacKey)
98
- new_cookie_string = "#{cookie_name}=#{h}"
99
- cookie_parts[0] = new_cookie_string
100
- cookie_parts.map{|k,v| "#{k}=#{v}"}.join('; ')
101
- end
102
- def self.sanitize_query_string(query)
103
- hmacKey = Util.getHmacKey()
104
- params = CGI::parse(query)
105
- params.each do |param_name, param_values|
106
- if param_values == nil || param_values.length == 0
107
- next
108
- end
109
- if (param_name.match(/password/i) ||
110
- param_name.match(/passwd/i) ||
111
- param_name.match(/token/i) ||
112
- param_name.match(/sessionid/i))
113
- params[param_name] = ["?"]
114
- next
115
- end
116
- new_param_values = []
117
- param_values.each do |param_value|
118
- h = Util.hmac(param_value, hmacKey)
119
- new_param_values.push << h
120
- end
121
- params[param_name] = new_param_values
122
- end
123
- params.map{|k,v| "#{k}=#{v.join(',')}"}.join('&')
124
- end
125
- def self.strip_values_query_string(query)
126
- params = CGI::parse(query)
127
- params.each do |param_name, param_values|
128
- if param_values == nil || param_values.length == 0
129
- next
130
- end
131
- params[param_name] = [""]
132
- end
133
- params.map{|k,v| "#{k}=#{v.join(',')}"}.join('&')
134
- end
135
- def self.sanitize_uri(uri_string)
136
- uri = URI(uri_string)
137
- query = uri.query
138
- if (query)
139
- uri.query = sanitize_query_string(query)
140
- end
141
- return uri.to_s
11
+ module SensorEvents
12
+ module Util
13
+ def self.hmac(data)
14
+ hmac_key = Util.get_hmac_key()
15
+
16
+ h = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), hmac_key.to_s, data)
17
+
18
+ return h[0...h.length/2]
19
+ end
20
+
21
+ def self.request_sanitized_json(request)
22
+ sanitized_headers = Hash.new
23
+ headers = request.headers.select {|k,v| k.start_with? 'HTTP_'}
24
+ .collect {|pair| [pair[0].sub(/^HTTP_/, ''), pair[1]]}
25
+ .sort
26
+ headers.each do |header_name, header_value|
27
+ lower_header_name = header_name.downcase
28
+ if lower_header_name == "cookie"
29
+ sanitized_headers[header_name] = [self.santize_request_cookie_string(header_value)]
30
+ elsif ["content_type", "content_length","user_agent","csp"].include?(lower_header_name)
31
+ sanitized_headers[header_name] = [header_value]
32
+ else
33
+ sanitized_headers[header_name] = []
34
+ end
35
+ end
36
+ new_request = {"method"=>request.request_method,
37
+ "uri"=>self.sanitize_uri(request.fullpath),
38
+ "headers"=>sanitized_headers}
39
+ request_body = request.body.read
40
+ if request_body
41
+ new_request["post_data"] = sanitize_query_string(request_body)
42
+ end
43
+ new_request
44
+ end
45
+
46
+ def self.response_sanitized_json(response)
47
+ status, headers, body = *response
48
+ sanitized_headers = Hash.new
49
+ content_type = "unknown"
50
+ headers.each do |header_name, header_value|
51
+ lower_header_name = header_name.downcase
52
+ if lower_header_name == "set-cookie"
53
+ sanitized_headers[header_name] = [self.santize_response_cookie_string(header_value)]
54
+ else
55
+ if lower_header_name == "content-type"
56
+ content_type = header_value
142
57
  end
143
- def self.strip_uri_values(uri_string)
144
- uri = URI(uri_string)
145
- query = uri.query
146
- if (query)
147
- uri.query = strip_values_query_string(query)
148
- end
149
- return uri.to_s
58
+ if ["content-type", "content-length"].include?(lower_header_name)
59
+ sanitized_headers[header_name] = [header_value]
60
+ else
61
+ sanitized_headers[header_name] = []
150
62
  end
63
+ end
64
+ end
65
+ new_response = {"status"=> status,
66
+ "headers"=>sanitized_headers}
67
+ new_response
68
+ end
69
+
70
+ def self.santize_request_cookie_string(request_cookie_string)
71
+ sanitized_cookies = Hash.new
72
+ cookies = CGI::Cookie::parse(request_cookie_string)
73
+ cookies.each do |cookie_name, cookie_value|
74
+ if cookie_value.length != 1
75
+ next
76
+ end
77
+ sanitized_cookies[cookie_name] = Util.hmac(cookie_value[0])
78
+ end
79
+ sanitized_cookies.map{|k,v| "#{k}=#{v}"}.join(';')
80
+ end
81
+
82
+ def self.santize_response_cookie_string(response_cookie_string_value)
83
+ cookie_parts = response_cookie_string_value.split('; ')
84
+ cookie_string = cookie_parts[0]
85
+ cookies = CGI::Cookie::parse(cookie_string)
86
+ if cookies.length != 1
87
+ return "[COOKIEMALFORMED]"
88
+ end
89
+ cookie_name = cookies.keys.first
90
+ cookie_values = cookies.values.first
91
+ if (cookie_values.length != 1)
92
+ return "[COOKIEHADTOOMANYVALUES]"
93
+ end
94
+ h = Util.hmac(cookie_values[0])
95
+ new_cookie_string = "#{cookie_name}=#{h}"
96
+ cookie_parts[0] = new_cookie_string
97
+ cookie_parts.map{|k,v| "#{k}=#{v}"}.join('; ')
98
+ end
99
+
100
+ def self.sanitize_query_string(query)
101
+ params = CGI::parse(query)
102
+ params.each do |param_name, param_values|
103
+ if param_values == nil || param_values.length == 0
104
+ next
105
+ end
106
+ if (param_name.match(/password/i) ||
107
+ param_name.match(/passwd/i) ||
108
+ param_name.match(/token/i) ||
109
+ param_name.match(/sessionid/i))
110
+ params[param_name] = ["?"]
111
+ next
112
+ end
113
+ new_param_values = []
114
+ param_values.each do |param_value|
115
+ h = Util.hmac(param_value)
116
+ new_param_values.push << h
117
+ end
118
+ params[param_name] = new_param_values
119
+ end
120
+ params.map{|k,v| "#{k}=#{v.join(',')}"}.join('&')
121
+ end
122
+
123
+ def self.strip_values_query_string(query)
124
+ params = CGI::parse(query)
125
+ params.each do |param_name, param_values|
126
+ if param_values == nil || param_values.length == 0
127
+ next
128
+ end
129
+ params[param_name] = [""]
130
+ end
131
+ params.map{|k,v| "#{k}=#{v.join(',')}"}.join('&')
132
+ end
133
+
134
+ def self.sanitize_uri(uri_string)
135
+ uri = URI(uri_string)
136
+ query = uri.query
137
+ if (query)
138
+ uri.query = sanitize_query_string(query)
139
+ end
140
+ return uri.to_s
141
+ end
142
+
143
+ def self.strip_uri_values(uri_string)
144
+ uri = URI(uri_string)
145
+ query = uri.query
146
+ if (query)
147
+ uri.query = strip_values_query_string(query)
148
+ end
149
+ return uri.to_s
150
+ end
151
+
152
+ def self.get_hmac_key
153
+ if (TCellAgent.configuration.hmac_key)
154
+ return TCellAgent.configuration.hmac_key
155
+ elsif (TCellAgent.configuration.app_id)
156
+ return TCellAgent.configuration.app_id
151
157
  end
158
+ return "tcell_hmac_key"
159
+ end
152
160
  end
153
- end
161
+ end
162
+ end
@@ -4,35 +4,38 @@ module TCellAgent
4
4
  GET_PARAM = "get"
5
5
  POST_PARAM = "post"
6
6
  JSON_PARAM = "json"
7
+ URI_PARAM = "uri"
7
8
  COOKIE_PARAM = "cookies"
8
9
 
9
- def param_deep_loop(param_name, param_value, &block)
10
- return nil unless param_name and param_value
10
+ def self.flatten(param_dict, namespace=nil)
11
+ flattened = {}
12
+ namespace = [] unless namespace
13
+ param_dict.each do |param_name, param_value|
14
+ if param_value.is_a?(Hash)
15
+ flattened = flattened.merge(flatten(param_value, namespace.dup << param_name.to_s))
11
16
 
12
- if param_value.is_a?(Hash)
13
- param_value.each do |k, v|
14
- result = param_deep_loop(k, v, &block)
15
- if result
16
- return result
17
+ elsif param_value.is_a?(Array)
18
+ param_value.each_with_index do |val, index|
19
+ new_namespace = namespace.dup + [index, param_name.to_s]
20
+ if val.is_a?(Hash)
21
+ flattened = flattened.merge(flatten(val, new_namespace))
22
+ elsif val.is_a?(String) || val.is_a?(Symbol)
23
+ flattened[new_namespace.freeze] = val.to_s
24
+ else
25
+ # DROP any unrecognized types (like Tempfiles and other such possible things)
26
+ end
17
27
  end
18
- end
19
-
20
- elsif param_value.is_a?(Array)
21
- param_value.each do |v|
22
- result = param_deep_loop(param_name, v, &block)
23
- return result if result
24
- end
25
28
 
26
- elsif param_value.is_a?(String)
27
- #if isinstance(param_value, bytes):
28
- #param_value = param_value.decode('utf-8')
29
- #param_type = str(type(param_value))
29
+ elsif param_value.is_a?(String) || param_value.is_a?(Symbol)
30
+ new_key = namespace.dup << param_name.to_s
31
+ flattened[new_key.freeze] = param_value.to_s
30
32
 
31
- match = block.call(param_name, param_value)
32
- return match if match
33
+ else
34
+ # DROP any unrecognized types (like Tempfiles and other such possible things)
35
+ end
33
36
  end
34
37
 
35
- return nil
38
+ return flattened
36
39
  end
37
40
 
38
41
  end
@@ -1,5 +1,5 @@
1
1
  # See the file "LICENSE" for the full license governing this code.
2
2
 
3
3
  module TCellAgent
4
- VERSION = "0.2.19"
4
+ VERSION = "0.2.21"
5
5
  end
@@ -3,176 +3,6 @@ require 'spec_helper'
3
3
  module TCellAgent
4
4
 
5
5
  describe Configuration do
6
- describe "#load_app_sensor_restrictions" do
7
- before(:each) do
8
- @config_file = double("config", read: {
9
- version: 1,
10
- applications: [
11
- {
12
- allow_unencrypted_appsensor_payloads: true
13
- }
14
- ]
15
- }.to_json)
16
- end
17
-
18
- context "with no payloads file present" do
19
- it "should set blacklist to default params and whitelist to empty" do
20
- expect(File).to receive(:file?).with(
21
- File.join(Dir.getwd, "config/tcell_agent.config")
22
- ).and_return(true)
23
- expect(File).to receive(:open).with(
24
- File.join(Dir.getwd, "config/tcell_agent.config")
25
- ).and_return(@config_file)
26
- expect(File).to receive(:file?).with(
27
- "config/tcell_agent_payloads.config"
28
- ).and_return(false)
29
- expect(File).to_not receive(:open)
30
- configuration = TCellAgent::Configuration.new
31
-
32
- expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
33
- expect(configuration.blacklisted_params).to eq({
34
- "token" => true,
35
- "client_secret" => true,
36
- "password" => true,
37
- "passwd" => true,
38
- "refresh_token" => true,
39
- "pf.pass" => true,
40
- "user.password" => true
41
- })
42
- expect(configuration.whitelisted_params).to eq({})
43
- expect(configuration.whitelist_present).to eq(false)
44
- end
45
- end
46
-
47
- context "with a payloads file present" do
48
- context "with a malformed payloads file" do
49
- it "should set blacklist to default params and whitelist to empty" do
50
- payloads_file = double("payloads", read: "{ whitelist: { test } ")
51
- expect(File).to receive(:file?).with(
52
- File.join(Dir.getwd, "config/tcell_agent.config")
53
- ).and_return(true)
54
- expect(File).to receive(:open).with(
55
- File.join(Dir.getwd, "config/tcell_agent.config")
56
- ).and_return(@config_file)
57
- expect(File).to receive(:file?).with("config/tcell_agent_payloads.config").and_return(true)
58
- expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
59
- configuration = TCellAgent::Configuration.new
60
-
61
- expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(false)
62
- expect(configuration.blacklisted_params).to eq({
63
- "token" => true,
64
- "client_secret" => true,
65
- "password" => true,
66
- "passwd" => true,
67
- "refresh_token" => true,
68
- "pf.pass" => true,
69
- "user.password" => true
70
- })
71
- expect(configuration.whitelisted_params).to eq({})
72
- expect(configuration.whitelist_present).to eq(false)
73
- end
74
- end
75
-
76
- context "with a payloads file" do
77
- context "with empty json" do
78
- it "should set blacklist to default params and whitelist to empty" do
79
- payloads_file = double("payloads", read: "{}")
80
- expect(File).to receive(:file?).with(
81
- File.join(Dir.getwd, "config/tcell_agent.config")
82
- ).and_return(true)
83
- expect(File).to receive(:open).with(
84
- File.join(Dir.getwd, "config/tcell_agent.config")
85
- ).and_return(@config_file)
86
- expect(File).to receive(:file?).with("config/tcell_agent_payloads.config").and_return(true)
87
- expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
88
- configuration = TCellAgent::Configuration.new
89
-
90
- expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
91
- expect(configuration.blacklisted_params).to eq({
92
- "token" => true,
93
- "client_secret" => true,
94
- "password" => true,
95
- "passwd" => true,
96
- "refresh_token" => true,
97
- "pf.pass" => true,
98
- "user.password" => true
99
- })
100
- expect(configuration.whitelisted_params).to eq({})
101
- expect(configuration.whitelist_present).to eq(false)
102
- end
103
- end
104
-
105
- context "with blacklisted present" do
106
- it "should set blacklist but whitelist is empty" do
107
- payloads_file = double("payloads", read:{blacklisted:["passwd"]}.to_json)
108
- expect(File).to receive(:file?).with(
109
- File.join(Dir.getwd, "config/tcell_agent.config")
110
- ).and_return(true)
111
- expect(File).to receive(:open).with(
112
- File.join(Dir.getwd, "config/tcell_agent.config")
113
- ).and_return(@config_file)
114
- expect(File).to receive(:file?).with("config/tcell_agent_payloads.config").and_return(true)
115
- expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
116
- configuration = TCellAgent::Configuration.new
117
-
118
- expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
119
- expect(configuration.blacklisted_params).to eq({"passwd" => true})
120
- expect(configuration.whitelisted_params).to eq({})
121
- expect(configuration.whitelist_present).to eq(false)
122
- end
123
- end
124
-
125
- context "with whitelist present" do
126
- it "should set whitelist and blacklist to default params" do
127
- payloads_file = double("payloads", read: {whitelisted: ["passwd"]}.to_json)
128
- expect(File).to receive(:file?).with(
129
- File.join(Dir.getwd, "config/tcell_agent.config")
130
- ).and_return(true)
131
- expect(File).to receive(:open).with(
132
- File.join(Dir.getwd, "config/tcell_agent.config")
133
- ).and_return(@config_file)
134
- expect(File).to receive(:file?).with("config/tcell_agent_payloads.config").and_return(true)
135
- expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
136
- configuration = TCellAgent::Configuration.new
137
-
138
- expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
139
- expect(configuration.blacklisted_params).to eq({
140
- "token" => true,
141
- "client_secret" => true,
142
- "password" => true,
143
- "passwd" => true,
144
- "refresh_token" => true,
145
- "pf.pass" => true,
146
- "user.password" => true
147
- })
148
- expect(configuration.whitelisted_params).to eq({"passwd" => true})
149
- expect(configuration.whitelist_present).to eq(true)
150
- end
151
- end
152
-
153
- context "with blacklist and whitelist present" do
154
- it "should set whitelist and blacklist" do
155
- payloads_file = double("payloads", read: {blacklisted: ["ssn"], whitelisted: ["passwd"]}.to_json)
156
- expect(File).to receive(:file?).with(
157
- File.join(Dir.getwd, "config/tcell_agent.config")
158
- ).and_return(true)
159
- expect(File).to receive(:open).with(
160
- File.join(Dir.getwd, "config/tcell_agent.config")
161
- ).and_return(@config_file)
162
- expect(File).to receive(:file?).with("config/tcell_agent_payloads.config").and_return(true)
163
- expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
164
- configuration = TCellAgent::Configuration.new
165
-
166
- expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
167
- expect(configuration.blacklisted_params).to eq({"ssn" => true})
168
- expect(configuration.whitelisted_params).to eq({"passwd" => true})
169
- expect(configuration.whitelist_present).to eq(true)
170
- end
171
- end
172
- end
173
- end
174
-
175
- end
176
6
 
177
7
  describe "#agent_home_dir" do
178
8
  context "no TCELL_AGENT_HOME defined" do
@@ -287,9 +117,6 @@ module TCellAgent
287
117
  expect(File).to receive(:open).with(
288
118
  File.join(Dir.getwd, "no_data_ex.config")
289
119
  ).and_return(no_data_ex)
290
- expect(File).to receive(:file?).with(
291
- "config/tcell_agent_payloads.config"
292
- ).and_return(false)
293
120
  configuration = Configuration.new("no_data_ex.config")
294
121
 
295
122
  expect(configuration.max_data_ex_db_records_per_request).to eq(1000)
@@ -316,9 +143,6 @@ module TCellAgent
316
143
  expect(File).to receive(:open).with(
317
144
  File.join(Dir.getwd, "no_data_ex.config")
318
145
  ).and_return(no_data_ex)
319
- expect(File).to receive(:file?).with(
320
- "config/tcell_agent_payloads.config"
321
- ).and_return(false)
322
146
  configuration = Configuration.new("no_data_ex.config")
323
147
 
324
148
  expect(configuration.max_data_ex_db_records_per_request).to eq(1000)
@@ -347,9 +171,6 @@ module TCellAgent
347
171
  expect(File).to receive(:open).with(
348
172
  File.join(Dir.getwd, "no_data_ex.config")
349
173
  ).and_return(no_data_ex)
350
- expect(File).to receive(:file?).with(
351
- "config/tcell_agent_payloads.config"
352
- ).and_return(false)
353
174
  configuration = Configuration.new("no_data_ex.config")
354
175
 
355
176
  expect(configuration.max_data_ex_db_records_per_request).to eq(5000)
@@ -92,8 +92,9 @@ module TCellAgent
92
92
  "dp" => DatabaseSensor::DP_CODE,
93
93
  "param" => nil,
94
94
  "remote_addr" => "ip_address",
95
- "rou" => "route_id",
96
- "m" => "get"
95
+ "rid" => "route_id",
96
+ "m" => "get",
97
+ "meta" => {"rows" => 11}
97
98
  }
98
99
  )
99
100
  sensor.check(tcell_data, 11)
@@ -147,8 +148,9 @@ module TCellAgent
147
148
  "dp" => DatabaseSensor::DP_CODE,
148
149
  "param" => nil,
149
150
  "remote_addr" => "ip_address",
150
- "rou" => "route_id",
151
- "m" => "get"
151
+ "rid" => "route_id",
152
+ "m" => "get",
153
+ "meta" => {"rows" => 11}
152
154
  }
153
155
  )
154
156
  sensor.check(tcell_data, 11)