tcell_agent 0.2.19 → 0.2.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE_libinjection +32 -0
- data/Rakefile +14 -1
- data/ext/libinjection/extconf.rb +3 -0
- data/ext/libinjection/libinjection.h +65 -0
- data/ext/libinjection/libinjection_html5.c +847 -0
- data/ext/libinjection/libinjection_html5.h +54 -0
- data/ext/libinjection/libinjection_sqli.c +2317 -0
- data/ext/libinjection/libinjection_sqli.h +295 -0
- data/ext/libinjection/libinjection_sqli_data.h +9004 -0
- data/ext/libinjection/libinjection_wrap.c +3525 -0
- data/ext/libinjection/libinjection_xss.c +531 -0
- data/ext/libinjection/libinjection_xss.h +21 -0
- data/lib/tcell_agent/configuration.rb +0 -48
- data/lib/tcell_agent/logger.rb +1 -0
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +8 -20
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +30 -46
- data/lib/tcell_agent/policies/appsensor/login_sensor.rb +1 -4
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +8 -22
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +143 -0
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/sensor.rb +21 -2
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +9 -0
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +1 -5
- data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +9 -1
- data/lib/tcell_agent/policies/appsensor_policy.rb +40 -19
- data/lib/tcell_agent/policies/http_redirect_policy.rb +12 -2
- data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
- data/lib/tcell_agent/rails/dlp.rb +98 -76
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +2 -2
- data/lib/tcell_agent/rails/on_start.rb +53 -20
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +12 -19
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -2
- data/lib/tcell_agent/sensor_events/sensor.rb +10 -11
- data/lib/tcell_agent/sensor_events/server_agent.rb +17 -12
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +148 -139
- data/lib/tcell_agent/utils/params.rb +24 -21
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +0 -179
- data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +6 -4
- data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +31 -22
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +466 -0
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +890 -0
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +484 -0
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -3
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +1 -1
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +85 -0
- data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +36 -16
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +188 -312
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +61 -0
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +18 -11
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +14 -15
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +1 -1
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +6 -5
- data/spec/lib/tcell_agent/utils/params_spec.rb +28 -108
- data/tcell_agent.gemspec +21 -1
- metadata +37 -4
|
@@ -4,6 +4,12 @@ require 'spec_helper'
|
|
|
4
4
|
module TCellAgent
|
|
5
5
|
module Policies
|
|
6
6
|
|
|
7
|
+
class FakeInvalidAuthenticityToken < StandardError
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
class FakeStatementInvalid < StandardError
|
|
11
|
+
end
|
|
12
|
+
|
|
7
13
|
describe MiscSensor do
|
|
8
14
|
context "#initialize" do
|
|
9
15
|
context "default sensor" do
|
|
@@ -58,6 +64,9 @@ module TCellAgent
|
|
|
58
64
|
end
|
|
59
65
|
|
|
60
66
|
describe "#csrf_rejected" do
|
|
67
|
+
before(:each) do
|
|
68
|
+
@exception_class = FakeInvalidAuthenticityToken
|
|
69
|
+
end
|
|
61
70
|
|
|
62
71
|
context "with disabled sensor" do
|
|
63
72
|
context "with disabled csrf_exception_enabled sensor" do
|
|
@@ -67,7 +76,7 @@ module TCellAgent
|
|
|
67
76
|
|
|
68
77
|
expect(TCellAgent).to_not receive(:send_event)
|
|
69
78
|
|
|
70
|
-
sensor.csrf_rejected(tcell_data)
|
|
79
|
+
sensor.csrf_rejected(tcell_data, @exception_class)
|
|
71
80
|
end
|
|
72
81
|
end
|
|
73
82
|
|
|
@@ -78,7 +87,7 @@ module TCellAgent
|
|
|
78
87
|
|
|
79
88
|
expect(TCellAgent).to_not receive(:send_event)
|
|
80
89
|
|
|
81
|
-
sensor.csrf_rejected(tcell_data)
|
|
90
|
+
sensor.csrf_rejected(tcell_data, @exception_class)
|
|
82
91
|
end
|
|
83
92
|
|
|
84
93
|
context "with nil tcell-data" do
|
|
@@ -88,7 +97,7 @@ module TCellAgent
|
|
|
88
97
|
|
|
89
98
|
expect(TCellAgent).to_not receive(:send_event)
|
|
90
99
|
|
|
91
|
-
sensor.csrf_rejected(tcell_data)
|
|
100
|
+
sensor.csrf_rejected(tcell_data, @exception_class)
|
|
92
101
|
end
|
|
93
102
|
end
|
|
94
103
|
end
|
|
@@ -102,7 +111,7 @@ module TCellAgent
|
|
|
102
111
|
|
|
103
112
|
expect(TCellAgent).to_not receive(:send_event)
|
|
104
113
|
|
|
105
|
-
sensor.csrf_rejected(tcell_data)
|
|
114
|
+
sensor.csrf_rejected(tcell_data, @exception_class)
|
|
106
115
|
end
|
|
107
116
|
|
|
108
117
|
context "no excluded routes" do
|
|
@@ -117,7 +126,7 @@ module TCellAgent
|
|
|
117
126
|
|
|
118
127
|
expect(TCellAgent).to_not receive(:send_event)
|
|
119
128
|
|
|
120
|
-
sensor.csrf_rejected(tcell_data)
|
|
129
|
+
sensor.csrf_rejected(tcell_data, @exception_class)
|
|
121
130
|
end
|
|
122
131
|
end
|
|
123
132
|
|
|
@@ -134,7 +143,7 @@ module TCellAgent
|
|
|
134
143
|
|
|
135
144
|
expect(TCellAgent).to_not receive(:send_event)
|
|
136
145
|
|
|
137
|
-
sensor.csrf_rejected(tcell_data)
|
|
146
|
+
sensor.csrf_rejected(tcell_data, @exception_class)
|
|
138
147
|
end
|
|
139
148
|
end
|
|
140
149
|
|
|
@@ -150,7 +159,7 @@ module TCellAgent
|
|
|
150
159
|
|
|
151
160
|
expect(TCellAgent).to_not receive(:send_event)
|
|
152
161
|
|
|
153
|
-
sensor.csrf_rejected(tcell_data)
|
|
162
|
+
sensor.csrf_rejected(tcell_data, @exception_class)
|
|
154
163
|
end
|
|
155
164
|
end
|
|
156
165
|
end
|
|
@@ -164,12 +173,12 @@ module TCellAgent
|
|
|
164
173
|
expect(TCellAgent).to receive(:send_event).with({
|
|
165
174
|
"event_type"=>"as",
|
|
166
175
|
"dp"=>"excsrf",
|
|
167
|
-
"param"=>
|
|
176
|
+
"param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken",
|
|
168
177
|
"remote_addr"=>nil,
|
|
169
178
|
"m"=>nil
|
|
170
179
|
})
|
|
171
180
|
|
|
172
|
-
sensor.csrf_rejected(tcell_data)
|
|
181
|
+
sensor.csrf_rejected(tcell_data, @exception_class)
|
|
173
182
|
end
|
|
174
183
|
|
|
175
184
|
context "no excluded routes" do
|
|
@@ -185,13 +194,13 @@ module TCellAgent
|
|
|
185
194
|
expect(TCellAgent).to receive(:send_event).with({
|
|
186
195
|
"event_type"=>"as",
|
|
187
196
|
"dp"=>"excsrf",
|
|
188
|
-
"param"=>
|
|
197
|
+
"param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken",
|
|
189
198
|
"remote_addr"=>nil,
|
|
190
|
-
"
|
|
199
|
+
"rid"=>"route_id",
|
|
191
200
|
"m"=>nil
|
|
192
201
|
})
|
|
193
202
|
|
|
194
|
-
sensor.csrf_rejected(tcell_data)
|
|
203
|
+
sensor.csrf_rejected(tcell_data, @exception_class)
|
|
195
204
|
end
|
|
196
205
|
end
|
|
197
206
|
|
|
@@ -208,7 +217,7 @@ module TCellAgent
|
|
|
208
217
|
|
|
209
218
|
expect(TCellAgent).to_not receive(:send_event)
|
|
210
219
|
|
|
211
|
-
sensor.csrf_rejected(tcell_data)
|
|
220
|
+
sensor.csrf_rejected(tcell_data, @exception_class)
|
|
212
221
|
end
|
|
213
222
|
end
|
|
214
223
|
|
|
@@ -225,13 +234,13 @@ module TCellAgent
|
|
|
225
234
|
expect(TCellAgent).to receive(:send_event).with({
|
|
226
235
|
"event_type"=>"as",
|
|
227
236
|
"dp"=>"excsrf",
|
|
228
|
-
"param"=>
|
|
237
|
+
"param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken",
|
|
229
238
|
"remote_addr"=>nil,
|
|
230
|
-
"
|
|
239
|
+
"rid"=>"route_id",
|
|
231
240
|
"m"=>nil
|
|
232
241
|
})
|
|
233
242
|
|
|
234
|
-
sensor.csrf_rejected(tcell_data)
|
|
243
|
+
sensor.csrf_rejected(tcell_data, @exception_class)
|
|
235
244
|
end
|
|
236
245
|
end
|
|
237
246
|
end
|
|
@@ -242,7 +251,7 @@ module TCellAgent
|
|
|
242
251
|
|
|
243
252
|
describe "#sql_exception_enabled" do
|
|
244
253
|
before(:each) do
|
|
245
|
-
@exception =
|
|
254
|
+
@exception = FakeStatementInvalid.new
|
|
246
255
|
end
|
|
247
256
|
|
|
248
257
|
context "with disabled sensor" do
|
|
@@ -350,7 +359,7 @@ module TCellAgent
|
|
|
350
359
|
expect(TCellAgent).to receive(:send_event).with({
|
|
351
360
|
"event_type"=>"as",
|
|
352
361
|
"dp"=>"exsql",
|
|
353
|
-
"param"=>
|
|
362
|
+
"param"=>"TCellAgent::Policies::FakeStatementInvalid",
|
|
354
363
|
"remote_addr"=>nil,
|
|
355
364
|
"m"=>nil
|
|
356
365
|
})
|
|
@@ -371,9 +380,9 @@ module TCellAgent
|
|
|
371
380
|
expect(TCellAgent).to receive(:send_event).with({
|
|
372
381
|
"event_type"=>"as",
|
|
373
382
|
"dp"=>"exsql",
|
|
374
|
-
"param"=>
|
|
383
|
+
"param"=>"TCellAgent::Policies::FakeStatementInvalid",
|
|
375
384
|
"remote_addr"=>nil,
|
|
376
|
-
"
|
|
385
|
+
"rid"=>"route_id",
|
|
377
386
|
"m"=>nil
|
|
378
387
|
})
|
|
379
388
|
|
|
@@ -411,9 +420,9 @@ module TCellAgent
|
|
|
411
420
|
expect(TCellAgent).to receive(:send_event).with({
|
|
412
421
|
"event_type"=>"as",
|
|
413
422
|
"dp"=>"exsql",
|
|
414
|
-
"param"=>
|
|
423
|
+
"param"=>"TCellAgent::Policies::FakeStatementInvalid",
|
|
415
424
|
"remote_addr"=>nil,
|
|
416
|
-
"
|
|
425
|
+
"rid"=>"route_id",
|
|
417
426
|
"m"=>nil
|
|
418
427
|
})
|
|
419
428
|
|
|
@@ -0,0 +1,466 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
module TCellAgent
|
|
4
|
+
module Policies
|
|
5
|
+
|
|
6
|
+
describe AppSensorPolicy do
|
|
7
|
+
|
|
8
|
+
describe "#apply" do
|
|
9
|
+
|
|
10
|
+
context "with send_payloads disabled" do
|
|
11
|
+
it "should return nil payload" do
|
|
12
|
+
policy = PayloadsPolicy.from_json({
|
|
13
|
+
"payloads" => {
|
|
14
|
+
"send_payloads" => false
|
|
15
|
+
}
|
|
16
|
+
})
|
|
17
|
+
|
|
18
|
+
expect(TCellAgent).to_not receive(:configuration)
|
|
19
|
+
expect(policy).to receive(:log).with(
|
|
20
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
21
|
+
)
|
|
22
|
+
|
|
23
|
+
payload = policy.apply(
|
|
24
|
+
"xss",
|
|
25
|
+
nil,
|
|
26
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
27
|
+
"password",
|
|
28
|
+
"alert()",
|
|
29
|
+
{"l" => "query"},
|
|
30
|
+
"pattern"
|
|
31
|
+
)
|
|
32
|
+
|
|
33
|
+
expect(payload).to eq(
|
|
34
|
+
nil
|
|
35
|
+
)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
context "with send_payloads enabled" do
|
|
40
|
+
context "with allow_unencrypted_appfirewall_payloads disabled" do
|
|
41
|
+
it "should return nil payload" do
|
|
42
|
+
policy = PayloadsPolicy.from_json({
|
|
43
|
+
"payloads" => {
|
|
44
|
+
"send_payloads" => true
|
|
45
|
+
}
|
|
46
|
+
})
|
|
47
|
+
|
|
48
|
+
configuration = double("configuration")
|
|
49
|
+
|
|
50
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration)
|
|
51
|
+
expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
|
|
52
|
+
false
|
|
53
|
+
)
|
|
54
|
+
expect(policy).to receive(:log).with(
|
|
55
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
56
|
+
)
|
|
57
|
+
|
|
58
|
+
payload = policy.apply(
|
|
59
|
+
"xss",
|
|
60
|
+
nil,
|
|
61
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
62
|
+
"password",
|
|
63
|
+
"alert()",
|
|
64
|
+
{"l" => "query"},
|
|
65
|
+
"pattern"
|
|
66
|
+
)
|
|
67
|
+
|
|
68
|
+
expect(payload).to eq(
|
|
69
|
+
nil
|
|
70
|
+
)
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
context "with allow_unencrypted_appfirewall_payloads enabled" do
|
|
75
|
+
context "with no blacklist" do
|
|
76
|
+
context "with no whitelist" do
|
|
77
|
+
it "return the vulnerable value" do
|
|
78
|
+
policy = PayloadsPolicy.from_json({
|
|
79
|
+
"payloads" => {
|
|
80
|
+
"send_payloads" => true
|
|
81
|
+
}
|
|
82
|
+
})
|
|
83
|
+
configuration = double("configuration")
|
|
84
|
+
|
|
85
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration)
|
|
86
|
+
expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
|
|
87
|
+
true
|
|
88
|
+
)
|
|
89
|
+
expect(policy).to receive(:log).with(
|
|
90
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
91
|
+
)
|
|
92
|
+
|
|
93
|
+
payload = policy.apply(
|
|
94
|
+
"xss",
|
|
95
|
+
nil,
|
|
96
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
97
|
+
"password",
|
|
98
|
+
"alert()",
|
|
99
|
+
{"l" => "query"},
|
|
100
|
+
"pattern"
|
|
101
|
+
)
|
|
102
|
+
|
|
103
|
+
expect(payload).to eq(
|
|
104
|
+
"alert()"
|
|
105
|
+
)
|
|
106
|
+
end
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
context "with a whitelist" do
|
|
110
|
+
context "that does not specify locations for the param" do
|
|
111
|
+
it "return return NOT_WHITELISTED" do
|
|
112
|
+
policy = PayloadsPolicy.from_json({
|
|
113
|
+
"payloads" => {
|
|
114
|
+
"send_payloads" => true,
|
|
115
|
+
"send_whitelist" => {
|
|
116
|
+
"username" => ["*"]
|
|
117
|
+
}
|
|
118
|
+
}
|
|
119
|
+
})
|
|
120
|
+
configuration = double("configuration")
|
|
121
|
+
|
|
122
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration)
|
|
123
|
+
expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
|
|
124
|
+
true
|
|
125
|
+
)
|
|
126
|
+
expect(policy).to receive(:log).with(
|
|
127
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
128
|
+
)
|
|
129
|
+
|
|
130
|
+
payload = policy.apply(
|
|
131
|
+
"xss",
|
|
132
|
+
nil,
|
|
133
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
134
|
+
"password",
|
|
135
|
+
"alert()",
|
|
136
|
+
{"l" => "query"},
|
|
137
|
+
"pattern"
|
|
138
|
+
)
|
|
139
|
+
|
|
140
|
+
expect(payload).to eq(
|
|
141
|
+
"NOT_WHITELISTED"
|
|
142
|
+
)
|
|
143
|
+
end
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
context "that specifies locations for the param" do
|
|
147
|
+
context "param location does not match specified location do" do
|
|
148
|
+
it "return should return NOT_WHITELISTED" do
|
|
149
|
+
policy = PayloadsPolicy.from_json({
|
|
150
|
+
"payloads" => {
|
|
151
|
+
"send_payloads" => true,
|
|
152
|
+
"send_whitelist" => {
|
|
153
|
+
"username" => ["*"],
|
|
154
|
+
"password" => ["cookie"]
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
})
|
|
158
|
+
configuration = double("configuration")
|
|
159
|
+
|
|
160
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration)
|
|
161
|
+
expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
|
|
162
|
+
true
|
|
163
|
+
)
|
|
164
|
+
expect(policy).to receive(:log).with(
|
|
165
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
166
|
+
)
|
|
167
|
+
|
|
168
|
+
payload = policy.apply(
|
|
169
|
+
"xss",
|
|
170
|
+
nil,
|
|
171
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
172
|
+
"password",
|
|
173
|
+
"alert()",
|
|
174
|
+
{"l" => "query"},
|
|
175
|
+
"pattern"
|
|
176
|
+
)
|
|
177
|
+
|
|
178
|
+
expect(payload).to eq(
|
|
179
|
+
"NOT_WHITELISTED"
|
|
180
|
+
)
|
|
181
|
+
end
|
|
182
|
+
end
|
|
183
|
+
|
|
184
|
+
context "param location matches the specified location in the whitelist" do
|
|
185
|
+
it "return the vulnerable value" do
|
|
186
|
+
policy = PayloadsPolicy.from_json({
|
|
187
|
+
"payloads" => {
|
|
188
|
+
"send_payloads" => true,
|
|
189
|
+
"send_whitelist" => {
|
|
190
|
+
"username" => ["*"],
|
|
191
|
+
"PASSWORD" => ["form"]
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
})
|
|
195
|
+
configuration = double("configuration")
|
|
196
|
+
|
|
197
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration)
|
|
198
|
+
expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
|
|
199
|
+
true
|
|
200
|
+
)
|
|
201
|
+
expect(policy).to receive(:log).with(
|
|
202
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
203
|
+
)
|
|
204
|
+
|
|
205
|
+
payload = policy.apply(
|
|
206
|
+
"xss",
|
|
207
|
+
nil,
|
|
208
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
209
|
+
"password",
|
|
210
|
+
"alert()",
|
|
211
|
+
{"l" => "query"},
|
|
212
|
+
"pattern"
|
|
213
|
+
)
|
|
214
|
+
|
|
215
|
+
expect(payload).to eq(
|
|
216
|
+
"alert()"
|
|
217
|
+
)
|
|
218
|
+
end
|
|
219
|
+
end
|
|
220
|
+
end
|
|
221
|
+
end
|
|
222
|
+
end
|
|
223
|
+
|
|
224
|
+
context "with a blacklist" do
|
|
225
|
+
context "that does not specify locations for the param" do
|
|
226
|
+
context "with no whitelist" do
|
|
227
|
+
it "should return the vulnerable value" do
|
|
228
|
+
policy = PayloadsPolicy.from_json({
|
|
229
|
+
"payloads" => {
|
|
230
|
+
"send_payloads" => true,
|
|
231
|
+
"send_blacklist" => {
|
|
232
|
+
"username" => ["*"]
|
|
233
|
+
}
|
|
234
|
+
}
|
|
235
|
+
})
|
|
236
|
+
configuration = double("configuration")
|
|
237
|
+
|
|
238
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration)
|
|
239
|
+
expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
|
|
240
|
+
true
|
|
241
|
+
)
|
|
242
|
+
expect(policy).to receive(:log).with(
|
|
243
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
244
|
+
)
|
|
245
|
+
|
|
246
|
+
payload = policy.apply(
|
|
247
|
+
"xss",
|
|
248
|
+
nil,
|
|
249
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
250
|
+
"password",
|
|
251
|
+
"alert()",
|
|
252
|
+
{"l" => "query"},
|
|
253
|
+
"pattern"
|
|
254
|
+
)
|
|
255
|
+
|
|
256
|
+
expect(payload).to eq(
|
|
257
|
+
"alert()"
|
|
258
|
+
)
|
|
259
|
+
end
|
|
260
|
+
end
|
|
261
|
+
|
|
262
|
+
context "with a whitelist" do
|
|
263
|
+
context "that does not specify locations for the param" do
|
|
264
|
+
it "should return NOT_WHITELISTED" do
|
|
265
|
+
policy = PayloadsPolicy.from_json({
|
|
266
|
+
"payloads" => {
|
|
267
|
+
"send_payloads" => true,
|
|
268
|
+
"send_blacklist" => {
|
|
269
|
+
"username" => ["*"]
|
|
270
|
+
},
|
|
271
|
+
"send_whitelist" => {
|
|
272
|
+
"username" => ["*"]
|
|
273
|
+
}
|
|
274
|
+
}
|
|
275
|
+
})
|
|
276
|
+
configuration = double("configuration")
|
|
277
|
+
|
|
278
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration)
|
|
279
|
+
expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
|
|
280
|
+
true
|
|
281
|
+
)
|
|
282
|
+
expect(policy).to receive(:log).with(
|
|
283
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
284
|
+
)
|
|
285
|
+
|
|
286
|
+
payload = policy.apply(
|
|
287
|
+
"xss",
|
|
288
|
+
nil,
|
|
289
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
290
|
+
"password",
|
|
291
|
+
"alert()",
|
|
292
|
+
{"l" => "query"},
|
|
293
|
+
"pattern"
|
|
294
|
+
)
|
|
295
|
+
|
|
296
|
+
expect(payload).to eq(
|
|
297
|
+
"NOT_WHITELISTED"
|
|
298
|
+
)
|
|
299
|
+
end
|
|
300
|
+
end
|
|
301
|
+
|
|
302
|
+
context "that specifies locations for the param" do
|
|
303
|
+
context "param location does not match specified location" do
|
|
304
|
+
it "should return NOT_WHITELISTED" do
|
|
305
|
+
policy = PayloadsPolicy.from_json({
|
|
306
|
+
"payloads" => {
|
|
307
|
+
"send_payloads" => true,
|
|
308
|
+
"send_blacklist" => {
|
|
309
|
+
"username" => ["*"],
|
|
310
|
+
},
|
|
311
|
+
"send_whitelist" => {
|
|
312
|
+
"password" => ["cookie"]
|
|
313
|
+
}
|
|
314
|
+
}
|
|
315
|
+
})
|
|
316
|
+
configuration = double("configuration")
|
|
317
|
+
|
|
318
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration)
|
|
319
|
+
expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
|
|
320
|
+
true
|
|
321
|
+
)
|
|
322
|
+
expect(policy).to receive(:log).with(
|
|
323
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
324
|
+
)
|
|
325
|
+
|
|
326
|
+
payload = policy.apply(
|
|
327
|
+
"xss",
|
|
328
|
+
nil,
|
|
329
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
330
|
+
"password",
|
|
331
|
+
"alert()",
|
|
332
|
+
{"l" => "query"},
|
|
333
|
+
"pattern"
|
|
334
|
+
)
|
|
335
|
+
|
|
336
|
+
expect(payload).to eq(
|
|
337
|
+
"NOT_WHITELISTED"
|
|
338
|
+
)
|
|
339
|
+
end
|
|
340
|
+
end
|
|
341
|
+
|
|
342
|
+
context "param location matches the specified location" do
|
|
343
|
+
it "should return the vulnerable value" do
|
|
344
|
+
policy = PayloadsPolicy.from_json({
|
|
345
|
+
"payloads" => {
|
|
346
|
+
"send_payloads" => true,
|
|
347
|
+
"send_blacklist" => {
|
|
348
|
+
"username" => ["*"],
|
|
349
|
+
},
|
|
350
|
+
"send_whitelist" => {
|
|
351
|
+
"PASSWORD" => ["form"]
|
|
352
|
+
}
|
|
353
|
+
}
|
|
354
|
+
})
|
|
355
|
+
configuration = double("configuration")
|
|
356
|
+
|
|
357
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration)
|
|
358
|
+
expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
|
|
359
|
+
true
|
|
360
|
+
)
|
|
361
|
+
expect(policy).to receive(:log).with(
|
|
362
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
363
|
+
)
|
|
364
|
+
|
|
365
|
+
payload = policy.apply(
|
|
366
|
+
"xss",
|
|
367
|
+
nil,
|
|
368
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
369
|
+
"password",
|
|
370
|
+
"alert()",
|
|
371
|
+
{"l" => "query"},
|
|
372
|
+
"pattern"
|
|
373
|
+
)
|
|
374
|
+
|
|
375
|
+
expect(payload).to eq(
|
|
376
|
+
"alert()"
|
|
377
|
+
)
|
|
378
|
+
end
|
|
379
|
+
end
|
|
380
|
+
end
|
|
381
|
+
end
|
|
382
|
+
end
|
|
383
|
+
|
|
384
|
+
context "that specifies locations for the param" do
|
|
385
|
+
context "param location does not match specified location" do
|
|
386
|
+
it "should return the vulnerable value" do
|
|
387
|
+
policy = PayloadsPolicy.from_json({
|
|
388
|
+
"payloads" => {
|
|
389
|
+
"send_payloads" => true,
|
|
390
|
+
"send_blacklist" => {
|
|
391
|
+
"password" => ["cookie"],
|
|
392
|
+
}
|
|
393
|
+
}
|
|
394
|
+
})
|
|
395
|
+
configuration = double("configuration")
|
|
396
|
+
|
|
397
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration)
|
|
398
|
+
expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
|
|
399
|
+
true
|
|
400
|
+
)
|
|
401
|
+
expect(policy).to receive(:log).with(
|
|
402
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
403
|
+
)
|
|
404
|
+
|
|
405
|
+
payload = policy.apply(
|
|
406
|
+
"xss",
|
|
407
|
+
nil,
|
|
408
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
409
|
+
"password",
|
|
410
|
+
"alert()",
|
|
411
|
+
{"l" => "query"},
|
|
412
|
+
"pattern"
|
|
413
|
+
)
|
|
414
|
+
|
|
415
|
+
expect(payload).to eq(
|
|
416
|
+
"alert()"
|
|
417
|
+
)
|
|
418
|
+
end
|
|
419
|
+
end
|
|
420
|
+
|
|
421
|
+
context "param location matches the specified location" do
|
|
422
|
+
it "should return BLACKLISTED" do
|
|
423
|
+
policy = PayloadsPolicy.from_json({
|
|
424
|
+
"payloads" => {
|
|
425
|
+
"send_payloads" => true,
|
|
426
|
+
"send_blacklist" => {
|
|
427
|
+
"password" => ["form"],
|
|
428
|
+
}
|
|
429
|
+
}
|
|
430
|
+
})
|
|
431
|
+
configuration = double("configuration")
|
|
432
|
+
|
|
433
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration)
|
|
434
|
+
expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
|
|
435
|
+
true
|
|
436
|
+
)
|
|
437
|
+
expect(policy).to receive(:log).with(
|
|
438
|
+
"xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
|
|
439
|
+
)
|
|
440
|
+
|
|
441
|
+
payload = policy.apply(
|
|
442
|
+
"xss",
|
|
443
|
+
nil,
|
|
444
|
+
TCellAgent::Utils::Params::GET_PARAM,
|
|
445
|
+
"password",
|
|
446
|
+
"alert()",
|
|
447
|
+
{"l" => "query"},
|
|
448
|
+
"pattern"
|
|
449
|
+
)
|
|
450
|
+
|
|
451
|
+
expect(payload).to eq(
|
|
452
|
+
"BLACKLISTED"
|
|
453
|
+
)
|
|
454
|
+
end
|
|
455
|
+
end
|
|
456
|
+
end
|
|
457
|
+
end
|
|
458
|
+
end
|
|
459
|
+
end
|
|
460
|
+
|
|
461
|
+
end
|
|
462
|
+
|
|
463
|
+
end
|
|
464
|
+
|
|
465
|
+
end
|
|
466
|
+
end
|