tcell_agent 0.2.19 → 0.2.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE_libinjection +32 -0
  3. data/Rakefile +14 -1
  4. data/ext/libinjection/extconf.rb +3 -0
  5. data/ext/libinjection/libinjection.h +65 -0
  6. data/ext/libinjection/libinjection_html5.c +847 -0
  7. data/ext/libinjection/libinjection_html5.h +54 -0
  8. data/ext/libinjection/libinjection_sqli.c +2317 -0
  9. data/ext/libinjection/libinjection_sqli.h +295 -0
  10. data/ext/libinjection/libinjection_sqli_data.h +9004 -0
  11. data/ext/libinjection/libinjection_wrap.c +3525 -0
  12. data/ext/libinjection/libinjection_xss.c +531 -0
  13. data/ext/libinjection/libinjection_xss.h +21 -0
  14. data/lib/tcell_agent/configuration.rb +0 -48
  15. data/lib/tcell_agent/logger.rb +1 -0
  16. data/lib/tcell_agent/policies/appsensor/database_sensor.rb +8 -20
  17. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +30 -46
  18. data/lib/tcell_agent/policies/appsensor/login_sensor.rb +1 -4
  19. data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +8 -22
  20. data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +143 -0
  21. data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -1
  22. data/lib/tcell_agent/policies/appsensor/sensor.rb +21 -2
  23. data/lib/tcell_agent/policies/appsensor/size_sensor.rb +3 -1
  24. data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +9 -0
  25. data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +1 -5
  26. data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +9 -1
  27. data/lib/tcell_agent/policies/appsensor_policy.rb +40 -19
  28. data/lib/tcell_agent/policies/http_redirect_policy.rb +12 -2
  29. data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
  30. data/lib/tcell_agent/rails/dlp.rb +98 -76
  31. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  32. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +2 -2
  33. data/lib/tcell_agent/rails/on_start.rb +53 -20
  34. data/lib/tcell_agent/sensor_events/appsensor_event.rb +12 -19
  35. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -2
  36. data/lib/tcell_agent/sensor_events/sensor.rb +10 -11
  37. data/lib/tcell_agent/sensor_events/server_agent.rb +17 -12
  38. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +148 -139
  39. data/lib/tcell_agent/utils/params.rb +24 -21
  40. data/lib/tcell_agent/version.rb +1 -1
  41. data/spec/lib/tcell_agent/configuration_spec.rb +0 -179
  42. data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +6 -4
  43. data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +31 -22
  44. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +466 -0
  45. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +890 -0
  46. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +484 -0
  47. data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -3
  48. data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +4 -4
  49. data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +1 -1
  50. data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +85 -0
  51. data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +36 -16
  52. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +188 -312
  53. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +61 -0
  54. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +18 -11
  55. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +14 -15
  56. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +1 -1
  57. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +6 -5
  58. data/spec/lib/tcell_agent/utils/params_spec.rb +28 -108
  59. data/tcell_agent.gemspec +21 -1
  60. metadata +37 -4
data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb CHANGED
@@ -4,6 +4,12 @@ require 'spec_helper'
4
4
  module TCellAgent
5
5
  module Policies
6
6
 
7
+ class FakeInvalidAuthenticityToken < StandardError
8
+ end
9
+
10
+ class FakeStatementInvalid < StandardError
11
+ end
12
+
7
13
  describe MiscSensor do
8
14
  context "#initialize" do
9
15
  context "default sensor" do
@@ -58,6 +64,9 @@ module TCellAgent
58
64
  end
59
65
 
60
66
  describe "#csrf_rejected" do
67
+ before(:each) do
68
+ @exception_class = FakeInvalidAuthenticityToken
69
+ end
61
70
 
62
71
  context "with disabled sensor" do
63
72
  context "with disabled csrf_exception_enabled sensor" do
@@ -67,7 +76,7 @@ module TCellAgent
67
76
 
68
77
  expect(TCellAgent).to_not receive(:send_event)
69
78
 
70
- sensor.csrf_rejected(tcell_data)
79
+ sensor.csrf_rejected(tcell_data, @exception_class)
71
80
  end
72
81
  end
73
82
 
@@ -78,7 +87,7 @@ module TCellAgent
78
87
 
79
88
  expect(TCellAgent).to_not receive(:send_event)
80
89
 
81
- sensor.csrf_rejected(tcell_data)
90
+ sensor.csrf_rejected(tcell_data, @exception_class)
82
91
  end
83
92
 
84
93
  context "with nil tcell-data" do
@@ -88,7 +97,7 @@ module TCellAgent
88
97
 
89
98
  expect(TCellAgent).to_not receive(:send_event)
90
99
 
91
- sensor.csrf_rejected(tcell_data)
100
+ sensor.csrf_rejected(tcell_data, @exception_class)
92
101
  end
93
102
  end
94
103
  end
@@ -102,7 +111,7 @@ module TCellAgent
102
111
 
103
112
  expect(TCellAgent).to_not receive(:send_event)
104
113
 
105
- sensor.csrf_rejected(tcell_data)
114
+ sensor.csrf_rejected(tcell_data, @exception_class)
106
115
  end
107
116
 
108
117
  context "no excluded routes" do
@@ -117,7 +126,7 @@ module TCellAgent
117
126
 
118
127
  expect(TCellAgent).to_not receive(:send_event)
119
128
 
120
- sensor.csrf_rejected(tcell_data)
129
+ sensor.csrf_rejected(tcell_data, @exception_class)
121
130
  end
122
131
  end
123
132
 
@@ -134,7 +143,7 @@ module TCellAgent
134
143
 
135
144
  expect(TCellAgent).to_not receive(:send_event)
136
145
 
137
- sensor.csrf_rejected(tcell_data)
146
+ sensor.csrf_rejected(tcell_data, @exception_class)
138
147
  end
139
148
  end
140
149
 
@@ -150,7 +159,7 @@ module TCellAgent
150
159
 
151
160
  expect(TCellAgent).to_not receive(:send_event)
152
161
 
153
- sensor.csrf_rejected(tcell_data)
162
+ sensor.csrf_rejected(tcell_data, @exception_class)
154
163
  end
155
164
  end
156
165
  end
@@ -164,12 +173,12 @@ module TCellAgent
164
173
  expect(TCellAgent).to receive(:send_event).with({
165
174
  "event_type"=>"as",
166
175
  "dp"=>"excsrf",
167
- "param"=>nil,
176
+ "param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken",
168
177
  "remote_addr"=>nil,
169
178
  "m"=>nil
170
179
  })
171
180
 
172
- sensor.csrf_rejected(tcell_data)
181
+ sensor.csrf_rejected(tcell_data, @exception_class)
173
182
  end
174
183
 
175
184
  context "no excluded routes" do
@@ -185,13 +194,13 @@ module TCellAgent
185
194
  expect(TCellAgent).to receive(:send_event).with({
186
195
  "event_type"=>"as",
187
196
  "dp"=>"excsrf",
188
- "param"=>nil,
197
+ "param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken",
189
198
  "remote_addr"=>nil,
190
- "rou"=>"route_id",
199
+ "rid"=>"route_id",
191
200
  "m"=>nil
192
201
  })
193
202
 
194
- sensor.csrf_rejected(tcell_data)
203
+ sensor.csrf_rejected(tcell_data, @exception_class)
195
204
  end
196
205
  end
197
206
 
@@ -208,7 +217,7 @@ module TCellAgent
208
217
 
209
218
  expect(TCellAgent).to_not receive(:send_event)
210
219
 
211
- sensor.csrf_rejected(tcell_data)
220
+ sensor.csrf_rejected(tcell_data, @exception_class)
212
221
  end
213
222
  end
214
223
 
@@ -225,13 +234,13 @@ module TCellAgent
225
234
  expect(TCellAgent).to receive(:send_event).with({
226
235
  "event_type"=>"as",
227
236
  "dp"=>"excsrf",
228
- "param"=>nil,
237
+ "param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken",
229
238
  "remote_addr"=>nil,
230
- "rou"=>"route_id",
239
+ "rid"=>"route_id",
231
240
  "m"=>nil
232
241
  })
233
242
 
234
- sensor.csrf_rejected(tcell_data)
243
+ sensor.csrf_rejected(tcell_data, @exception_class)
235
244
  end
236
245
  end
237
246
  end
@@ -242,7 +251,7 @@ module TCellAgent
242
251
 
243
252
  describe "#sql_exception_enabled" do
244
253
  before(:each) do
245
- @exception = Exception.new
254
+ @exception = FakeStatementInvalid.new
246
255
  end
247
256
 
248
257
  context "with disabled sensor" do
@@ -350,7 +359,7 @@ module TCellAgent
350
359
  expect(TCellAgent).to receive(:send_event).with({
351
360
  "event_type"=>"as",
352
361
  "dp"=>"exsql",
353
- "param"=>nil,
362
+ "param"=>"TCellAgent::Policies::FakeStatementInvalid",
354
363
  "remote_addr"=>nil,
355
364
  "m"=>nil
356
365
  })
@@ -371,9 +380,9 @@ module TCellAgent
371
380
  expect(TCellAgent).to receive(:send_event).with({
372
381
  "event_type"=>"as",
373
382
  "dp"=>"exsql",
374
- "param"=>nil,
383
+ "param"=>"TCellAgent::Policies::FakeStatementInvalid",
375
384
  "remote_addr"=>nil,
376
- "rou"=>"route_id",
385
+ "rid"=>"route_id",
377
386
  "m"=>nil
378
387
  })
379
388
 
@@ -411,9 +420,9 @@ module TCellAgent
411
420
  expect(TCellAgent).to receive(:send_event).with({
412
421
  "event_type"=>"as",
413
422
  "dp"=>"exsql",
414
- "param"=>nil,
423
+ "param"=>"TCellAgent::Policies::FakeStatementInvalid",
415
424
  "remote_addr"=>nil,
416
- "rou"=>"route_id",
425
+ "rid"=>"route_id",
417
426
  "m"=>nil
418
427
  })
419
428
 
data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb ADDED
@@ -0,0 +1,466 @@
1
+ require 'spec_helper'
2
+
3
+ module TCellAgent
4
+ module Policies
5
+
6
+ describe AppSensorPolicy do
7
+
8
+ describe "#apply" do
9
+
10
+ context "with send_payloads disabled" do
11
+ it "should return nil payload" do
12
+ policy = PayloadsPolicy.from_json({
13
+ "payloads" => {
14
+ "send_payloads" => false
15
+ }
16
+ })
17
+
18
+ expect(TCellAgent).to_not receive(:configuration)
19
+ expect(policy).to receive(:log).with(
20
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
21
+ )
22
+
23
+ payload = policy.apply(
24
+ "xss",
25
+ nil,
26
+ TCellAgent::Utils::Params::GET_PARAM,
27
+ "password",
28
+ "alert()",
29
+ {"l" => "query"},
30
+ "pattern"
31
+ )
32
+
33
+ expect(payload).to eq(
34
+ nil
35
+ )
36
+ end
37
+ end
38
+
39
+ context "with send_payloads enabled" do
40
+ context "with allow_unencrypted_appfirewall_payloads disabled" do
41
+ it "should return nil payload" do
42
+ policy = PayloadsPolicy.from_json({
43
+ "payloads" => {
44
+ "send_payloads" => true
45
+ }
46
+ })
47
+
48
+ configuration = double("configuration")
49
+
50
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
51
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
52
+ false
53
+ )
54
+ expect(policy).to receive(:log).with(
55
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
56
+ )
57
+
58
+ payload = policy.apply(
59
+ "xss",
60
+ nil,
61
+ TCellAgent::Utils::Params::GET_PARAM,
62
+ "password",
63
+ "alert()",
64
+ {"l" => "query"},
65
+ "pattern"
66
+ )
67
+
68
+ expect(payload).to eq(
69
+ nil
70
+ )
71
+ end
72
+ end
73
+
74
+ context "with allow_unencrypted_appfirewall_payloads enabled" do
75
+ context "with no blacklist" do
76
+ context "with no whitelist" do
77
+ it "return the vulnerable value" do
78
+ policy = PayloadsPolicy.from_json({
79
+ "payloads" => {
80
+ "send_payloads" => true
81
+ }
82
+ })
83
+ configuration = double("configuration")
84
+
85
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
86
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
87
+ true
88
+ )
89
+ expect(policy).to receive(:log).with(
90
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
91
+ )
92
+
93
+ payload = policy.apply(
94
+ "xss",
95
+ nil,
96
+ TCellAgent::Utils::Params::GET_PARAM,
97
+ "password",
98
+ "alert()",
99
+ {"l" => "query"},
100
+ "pattern"
101
+ )
102
+
103
+ expect(payload).to eq(
104
+ "alert()"
105
+ )
106
+ end
107
+ end
108
+
109
+ context "with a whitelist" do
110
+ context "that does not specify locations for the param" do
111
+ it "return return NOT_WHITELISTED" do
112
+ policy = PayloadsPolicy.from_json({
113
+ "payloads" => {
114
+ "send_payloads" => true,
115
+ "send_whitelist" => {
116
+ "username" => ["*"]
117
+ }
118
+ }
119
+ })
120
+ configuration = double("configuration")
121
+
122
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
123
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
124
+ true
125
+ )
126
+ expect(policy).to receive(:log).with(
127
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
128
+ )
129
+
130
+ payload = policy.apply(
131
+ "xss",
132
+ nil,
133
+ TCellAgent::Utils::Params::GET_PARAM,
134
+ "password",
135
+ "alert()",
136
+ {"l" => "query"},
137
+ "pattern"
138
+ )
139
+
140
+ expect(payload).to eq(
141
+ "NOT_WHITELISTED"
142
+ )
143
+ end
144
+ end
145
+
146
+ context "that specifies locations for the param" do
147
+ context "param location does not match specified location do" do
148
+ it "return should return NOT_WHITELISTED" do
149
+ policy = PayloadsPolicy.from_json({
150
+ "payloads" => {
151
+ "send_payloads" => true,
152
+ "send_whitelist" => {
153
+ "username" => ["*"],
154
+ "password" => ["cookie"]
155
+ }
156
+ }
157
+ })
158
+ configuration = double("configuration")
159
+
160
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
161
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
162
+ true
163
+ )
164
+ expect(policy).to receive(:log).with(
165
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
166
+ )
167
+
168
+ payload = policy.apply(
169
+ "xss",
170
+ nil,
171
+ TCellAgent::Utils::Params::GET_PARAM,
172
+ "password",
173
+ "alert()",
174
+ {"l" => "query"},
175
+ "pattern"
176
+ )
177
+
178
+ expect(payload).to eq(
179
+ "NOT_WHITELISTED"
180
+ )
181
+ end
182
+ end
183
+
184
+ context "param location matches the specified location in the whitelist" do
185
+ it "return the vulnerable value" do
186
+ policy = PayloadsPolicy.from_json({
187
+ "payloads" => {
188
+ "send_payloads" => true,
189
+ "send_whitelist" => {
190
+ "username" => ["*"],
191
+ "PASSWORD" => ["form"]
192
+ }
193
+ }
194
+ })
195
+ configuration = double("configuration")
196
+
197
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
198
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
199
+ true
200
+ )
201
+ expect(policy).to receive(:log).with(
202
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
203
+ )
204
+
205
+ payload = policy.apply(
206
+ "xss",
207
+ nil,
208
+ TCellAgent::Utils::Params::GET_PARAM,
209
+ "password",
210
+ "alert()",
211
+ {"l" => "query"},
212
+ "pattern"
213
+ )
214
+
215
+ expect(payload).to eq(
216
+ "alert()"
217
+ )
218
+ end
219
+ end
220
+ end
221
+ end
222
+ end
223
+
224
+ context "with a blacklist" do
225
+ context "that does not specify locations for the param" do
226
+ context "with no whitelist" do
227
+ it "should return the vulnerable value" do
228
+ policy = PayloadsPolicy.from_json({
229
+ "payloads" => {
230
+ "send_payloads" => true,
231
+ "send_blacklist" => {
232
+ "username" => ["*"]
233
+ }
234
+ }
235
+ })
236
+ configuration = double("configuration")
237
+
238
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
239
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
240
+ true
241
+ )
242
+ expect(policy).to receive(:log).with(
243
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
244
+ )
245
+
246
+ payload = policy.apply(
247
+ "xss",
248
+ nil,
249
+ TCellAgent::Utils::Params::GET_PARAM,
250
+ "password",
251
+ "alert()",
252
+ {"l" => "query"},
253
+ "pattern"
254
+ )
255
+
256
+ expect(payload).to eq(
257
+ "alert()"
258
+ )
259
+ end
260
+ end
261
+
262
+ context "with a whitelist" do
263
+ context "that does not specify locations for the param" do
264
+ it "should return NOT_WHITELISTED" do
265
+ policy = PayloadsPolicy.from_json({
266
+ "payloads" => {
267
+ "send_payloads" => true,
268
+ "send_blacklist" => {
269
+ "username" => ["*"]
270
+ },
271
+ "send_whitelist" => {
272
+ "username" => ["*"]
273
+ }
274
+ }
275
+ })
276
+ configuration = double("configuration")
277
+
278
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
279
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
280
+ true
281
+ )
282
+ expect(policy).to receive(:log).with(
283
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
284
+ )
285
+
286
+ payload = policy.apply(
287
+ "xss",
288
+ nil,
289
+ TCellAgent::Utils::Params::GET_PARAM,
290
+ "password",
291
+ "alert()",
292
+ {"l" => "query"},
293
+ "pattern"
294
+ )
295
+
296
+ expect(payload).to eq(
297
+ "NOT_WHITELISTED"
298
+ )
299
+ end
300
+ end
301
+
302
+ context "that specifies locations for the param" do
303
+ context "param location does not match specified location" do
304
+ it "should return NOT_WHITELISTED" do
305
+ policy = PayloadsPolicy.from_json({
306
+ "payloads" => {
307
+ "send_payloads" => true,
308
+ "send_blacklist" => {
309
+ "username" => ["*"],
310
+ },
311
+ "send_whitelist" => {
312
+ "password" => ["cookie"]
313
+ }
314
+ }
315
+ })
316
+ configuration = double("configuration")
317
+
318
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
319
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
320
+ true
321
+ )
322
+ expect(policy).to receive(:log).with(
323
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
324
+ )
325
+
326
+ payload = policy.apply(
327
+ "xss",
328
+ nil,
329
+ TCellAgent::Utils::Params::GET_PARAM,
330
+ "password",
331
+ "alert()",
332
+ {"l" => "query"},
333
+ "pattern"
334
+ )
335
+
336
+ expect(payload).to eq(
337
+ "NOT_WHITELISTED"
338
+ )
339
+ end
340
+ end
341
+
342
+ context "param location matches the specified location" do
343
+ it "should return the vulnerable value" do
344
+ policy = PayloadsPolicy.from_json({
345
+ "payloads" => {
346
+ "send_payloads" => true,
347
+ "send_blacklist" => {
348
+ "username" => ["*"],
349
+ },
350
+ "send_whitelist" => {
351
+ "PASSWORD" => ["form"]
352
+ }
353
+ }
354
+ })
355
+ configuration = double("configuration")
356
+
357
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
358
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
359
+ true
360
+ )
361
+ expect(policy).to receive(:log).with(
362
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
363
+ )
364
+
365
+ payload = policy.apply(
366
+ "xss",
367
+ nil,
368
+ TCellAgent::Utils::Params::GET_PARAM,
369
+ "password",
370
+ "alert()",
371
+ {"l" => "query"},
372
+ "pattern"
373
+ )
374
+
375
+ expect(payload).to eq(
376
+ "alert()"
377
+ )
378
+ end
379
+ end
380
+ end
381
+ end
382
+ end
383
+
384
+ context "that specifies locations for the param" do
385
+ context "param location does not match specified location" do
386
+ it "should return the vulnerable value" do
387
+ policy = PayloadsPolicy.from_json({
388
+ "payloads" => {
389
+ "send_payloads" => true,
390
+ "send_blacklist" => {
391
+ "password" => ["cookie"],
392
+ }
393
+ }
394
+ })
395
+ configuration = double("configuration")
396
+
397
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
398
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
399
+ true
400
+ )
401
+ expect(policy).to receive(:log).with(
402
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
403
+ )
404
+
405
+ payload = policy.apply(
406
+ "xss",
407
+ nil,
408
+ TCellAgent::Utils::Params::GET_PARAM,
409
+ "password",
410
+ "alert()",
411
+ {"l" => "query"},
412
+ "pattern"
413
+ )
414
+
415
+ expect(payload).to eq(
416
+ "alert()"
417
+ )
418
+ end
419
+ end
420
+
421
+ context "param location matches the specified location" do
422
+ it "should return BLACKLISTED" do
423
+ policy = PayloadsPolicy.from_json({
424
+ "payloads" => {
425
+ "send_payloads" => true,
426
+ "send_blacklist" => {
427
+ "password" => ["form"],
428
+ }
429
+ }
430
+ })
431
+ configuration = double("configuration")
432
+
433
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
434
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
435
+ true
436
+ )
437
+ expect(policy).to receive(:log).with(
438
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
439
+ )
440
+
441
+ payload = policy.apply(
442
+ "xss",
443
+ nil,
444
+ TCellAgent::Utils::Params::GET_PARAM,
445
+ "password",
446
+ "alert()",
447
+ {"l" => "query"},
448
+ "pattern"
449
+ )
450
+
451
+ expect(payload).to eq(
452
+ "BLACKLISTED"
453
+ )
454
+ end
455
+ end
456
+ end
457
+ end
458
+ end
459
+ end
460
+
461
+ end
462
+
463
+ end
464
+
465
+ end
466
+ end