tcell_agent 0.2.19 → 0.2.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE_libinjection +32 -0
  3. data/Rakefile +14 -1
  4. data/ext/libinjection/extconf.rb +3 -0
  5. data/ext/libinjection/libinjection.h +65 -0
  6. data/ext/libinjection/libinjection_html5.c +847 -0
  7. data/ext/libinjection/libinjection_html5.h +54 -0
  8. data/ext/libinjection/libinjection_sqli.c +2317 -0
  9. data/ext/libinjection/libinjection_sqli.h +295 -0
  10. data/ext/libinjection/libinjection_sqli_data.h +9004 -0
  11. data/ext/libinjection/libinjection_wrap.c +3525 -0
  12. data/ext/libinjection/libinjection_xss.c +531 -0
  13. data/ext/libinjection/libinjection_xss.h +21 -0
  14. data/lib/tcell_agent/configuration.rb +0 -48
  15. data/lib/tcell_agent/logger.rb +1 -0
  16. data/lib/tcell_agent/policies/appsensor/database_sensor.rb +8 -20
  17. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +30 -46
  18. data/lib/tcell_agent/policies/appsensor/login_sensor.rb +1 -4
  19. data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +8 -22
  20. data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +143 -0
  21. data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -1
  22. data/lib/tcell_agent/policies/appsensor/sensor.rb +21 -2
  23. data/lib/tcell_agent/policies/appsensor/size_sensor.rb +3 -1
  24. data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +9 -0
  25. data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +1 -5
  26. data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +9 -1
  27. data/lib/tcell_agent/policies/appsensor_policy.rb +40 -19
  28. data/lib/tcell_agent/policies/http_redirect_policy.rb +12 -2
  29. data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
  30. data/lib/tcell_agent/rails/dlp.rb +98 -76
  31. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  32. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +2 -2
  33. data/lib/tcell_agent/rails/on_start.rb +53 -20
  34. data/lib/tcell_agent/sensor_events/appsensor_event.rb +12 -19
  35. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -2
  36. data/lib/tcell_agent/sensor_events/sensor.rb +10 -11
  37. data/lib/tcell_agent/sensor_events/server_agent.rb +17 -12
  38. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +148 -139
  39. data/lib/tcell_agent/utils/params.rb +24 -21
  40. data/lib/tcell_agent/version.rb +1 -1
  41. data/spec/lib/tcell_agent/configuration_spec.rb +0 -179
  42. data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +6 -4
  43. data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +31 -22
  44. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +466 -0
  45. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +890 -0
  46. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +484 -0
  47. data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -3
  48. data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +4 -4
  49. data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +1 -1
  50. data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +85 -0
  51. data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +36 -16
  52. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +188 -312
  53. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +61 -0
  54. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +18 -11
  55. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +14 -15
  56. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +1 -1
  57. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +6 -5
  58. data/spec/lib/tcell_agent/utils/params_spec.rb +28 -108
  59. data/tcell_agent.gemspec +21 -1
  60. metadata +37 -4
@@ -4,6 +4,12 @@ require 'spec_helper'
4
4
  module TCellAgent
5
5
  module Policies
6
6
 
7
+ class FakeInvalidAuthenticityToken < StandardError
8
+ end
9
+
10
+ class FakeStatementInvalid < StandardError
11
+ end
12
+
7
13
  describe MiscSensor do
8
14
  context "#initialize" do
9
15
  context "default sensor" do
@@ -58,6 +64,9 @@ module TCellAgent
58
64
  end
59
65
 
60
66
  describe "#csrf_rejected" do
67
+ before(:each) do
68
+ @exception_class = FakeInvalidAuthenticityToken
69
+ end
61
70
 
62
71
  context "with disabled sensor" do
63
72
  context "with disabled csrf_exception_enabled sensor" do
@@ -67,7 +76,7 @@ module TCellAgent
67
76
 
68
77
  expect(TCellAgent).to_not receive(:send_event)
69
78
 
70
- sensor.csrf_rejected(tcell_data)
79
+ sensor.csrf_rejected(tcell_data, @exception_class)
71
80
  end
72
81
  end
73
82
 
@@ -78,7 +87,7 @@ module TCellAgent
78
87
 
79
88
  expect(TCellAgent).to_not receive(:send_event)
80
89
 
81
- sensor.csrf_rejected(tcell_data)
90
+ sensor.csrf_rejected(tcell_data, @exception_class)
82
91
  end
83
92
 
84
93
  context "with nil tcell-data" do
@@ -88,7 +97,7 @@ module TCellAgent
88
97
 
89
98
  expect(TCellAgent).to_not receive(:send_event)
90
99
 
91
- sensor.csrf_rejected(tcell_data)
100
+ sensor.csrf_rejected(tcell_data, @exception_class)
92
101
  end
93
102
  end
94
103
  end
@@ -102,7 +111,7 @@ module TCellAgent
102
111
 
103
112
  expect(TCellAgent).to_not receive(:send_event)
104
113
 
105
- sensor.csrf_rejected(tcell_data)
114
+ sensor.csrf_rejected(tcell_data, @exception_class)
106
115
  end
107
116
 
108
117
  context "no excluded routes" do
@@ -117,7 +126,7 @@ module TCellAgent
117
126
 
118
127
  expect(TCellAgent).to_not receive(:send_event)
119
128
 
120
- sensor.csrf_rejected(tcell_data)
129
+ sensor.csrf_rejected(tcell_data, @exception_class)
121
130
  end
122
131
  end
123
132
 
@@ -134,7 +143,7 @@ module TCellAgent
134
143
 
135
144
  expect(TCellAgent).to_not receive(:send_event)
136
145
 
137
- sensor.csrf_rejected(tcell_data)
146
+ sensor.csrf_rejected(tcell_data, @exception_class)
138
147
  end
139
148
  end
140
149
 
@@ -150,7 +159,7 @@ module TCellAgent
150
159
 
151
160
  expect(TCellAgent).to_not receive(:send_event)
152
161
 
153
- sensor.csrf_rejected(tcell_data)
162
+ sensor.csrf_rejected(tcell_data, @exception_class)
154
163
  end
155
164
  end
156
165
  end
@@ -164,12 +173,12 @@ module TCellAgent
164
173
  expect(TCellAgent).to receive(:send_event).with({
165
174
  "event_type"=>"as",
166
175
  "dp"=>"excsrf",
167
- "param"=>nil,
176
+ "param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken",
168
177
  "remote_addr"=>nil,
169
178
  "m"=>nil
170
179
  })
171
180
 
172
- sensor.csrf_rejected(tcell_data)
181
+ sensor.csrf_rejected(tcell_data, @exception_class)
173
182
  end
174
183
 
175
184
  context "no excluded routes" do
@@ -185,13 +194,13 @@ module TCellAgent
185
194
  expect(TCellAgent).to receive(:send_event).with({
186
195
  "event_type"=>"as",
187
196
  "dp"=>"excsrf",
188
- "param"=>nil,
197
+ "param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken",
189
198
  "remote_addr"=>nil,
190
- "rou"=>"route_id",
199
+ "rid"=>"route_id",
191
200
  "m"=>nil
192
201
  })
193
202
 
194
- sensor.csrf_rejected(tcell_data)
203
+ sensor.csrf_rejected(tcell_data, @exception_class)
195
204
  end
196
205
  end
197
206
 
@@ -208,7 +217,7 @@ module TCellAgent
208
217
 
209
218
  expect(TCellAgent).to_not receive(:send_event)
210
219
 
211
- sensor.csrf_rejected(tcell_data)
220
+ sensor.csrf_rejected(tcell_data, @exception_class)
212
221
  end
213
222
  end
214
223
 
@@ -225,13 +234,13 @@ module TCellAgent
225
234
  expect(TCellAgent).to receive(:send_event).with({
226
235
  "event_type"=>"as",
227
236
  "dp"=>"excsrf",
228
- "param"=>nil,
237
+ "param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken",
229
238
  "remote_addr"=>nil,
230
- "rou"=>"route_id",
239
+ "rid"=>"route_id",
231
240
  "m"=>nil
232
241
  })
233
242
 
234
- sensor.csrf_rejected(tcell_data)
243
+ sensor.csrf_rejected(tcell_data, @exception_class)
235
244
  end
236
245
  end
237
246
  end
@@ -242,7 +251,7 @@ module TCellAgent
242
251
 
243
252
  describe "#sql_exception_enabled" do
244
253
  before(:each) do
245
- @exception = Exception.new
254
+ @exception = FakeStatementInvalid.new
246
255
  end
247
256
 
248
257
  context "with disabled sensor" do
@@ -350,7 +359,7 @@ module TCellAgent
350
359
  expect(TCellAgent).to receive(:send_event).with({
351
360
  "event_type"=>"as",
352
361
  "dp"=>"exsql",
353
- "param"=>nil,
362
+ "param"=>"TCellAgent::Policies::FakeStatementInvalid",
354
363
  "remote_addr"=>nil,
355
364
  "m"=>nil
356
365
  })
@@ -371,9 +380,9 @@ module TCellAgent
371
380
  expect(TCellAgent).to receive(:send_event).with({
372
381
  "event_type"=>"as",
373
382
  "dp"=>"exsql",
374
- "param"=>nil,
383
+ "param"=>"TCellAgent::Policies::FakeStatementInvalid",
375
384
  "remote_addr"=>nil,
376
- "rou"=>"route_id",
385
+ "rid"=>"route_id",
377
386
  "m"=>nil
378
387
  })
379
388
 
@@ -411,9 +420,9 @@ module TCellAgent
411
420
  expect(TCellAgent).to receive(:send_event).with({
412
421
  "event_type"=>"as",
413
422
  "dp"=>"exsql",
414
- "param"=>nil,
423
+ "param"=>"TCellAgent::Policies::FakeStatementInvalid",
415
424
  "remote_addr"=>nil,
416
- "rou"=>"route_id",
425
+ "rid"=>"route_id",
417
426
  "m"=>nil
418
427
  })
419
428
 
@@ -0,0 +1,466 @@
1
+ require 'spec_helper'
2
+
3
+ module TCellAgent
4
+ module Policies
5
+
6
+ describe AppSensorPolicy do
7
+
8
+ describe "#apply" do
9
+
10
+ context "with send_payloads disabled" do
11
+ it "should return nil payload" do
12
+ policy = PayloadsPolicy.from_json({
13
+ "payloads" => {
14
+ "send_payloads" => false
15
+ }
16
+ })
17
+
18
+ expect(TCellAgent).to_not receive(:configuration)
19
+ expect(policy).to receive(:log).with(
20
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
21
+ )
22
+
23
+ payload = policy.apply(
24
+ "xss",
25
+ nil,
26
+ TCellAgent::Utils::Params::GET_PARAM,
27
+ "password",
28
+ "alert()",
29
+ {"l" => "query"},
30
+ "pattern"
31
+ )
32
+
33
+ expect(payload).to eq(
34
+ nil
35
+ )
36
+ end
37
+ end
38
+
39
+ context "with send_payloads enabled" do
40
+ context "with allow_unencrypted_appfirewall_payloads disabled" do
41
+ it "should return nil payload" do
42
+ policy = PayloadsPolicy.from_json({
43
+ "payloads" => {
44
+ "send_payloads" => true
45
+ }
46
+ })
47
+
48
+ configuration = double("configuration")
49
+
50
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
51
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
52
+ false
53
+ )
54
+ expect(policy).to receive(:log).with(
55
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
56
+ )
57
+
58
+ payload = policy.apply(
59
+ "xss",
60
+ nil,
61
+ TCellAgent::Utils::Params::GET_PARAM,
62
+ "password",
63
+ "alert()",
64
+ {"l" => "query"},
65
+ "pattern"
66
+ )
67
+
68
+ expect(payload).to eq(
69
+ nil
70
+ )
71
+ end
72
+ end
73
+
74
+ context "with allow_unencrypted_appfirewall_payloads enabled" do
75
+ context "with no blacklist" do
76
+ context "with no whitelist" do
77
+ it "return the vulnerable value" do
78
+ policy = PayloadsPolicy.from_json({
79
+ "payloads" => {
80
+ "send_payloads" => true
81
+ }
82
+ })
83
+ configuration = double("configuration")
84
+
85
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
86
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
87
+ true
88
+ )
89
+ expect(policy).to receive(:log).with(
90
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
91
+ )
92
+
93
+ payload = policy.apply(
94
+ "xss",
95
+ nil,
96
+ TCellAgent::Utils::Params::GET_PARAM,
97
+ "password",
98
+ "alert()",
99
+ {"l" => "query"},
100
+ "pattern"
101
+ )
102
+
103
+ expect(payload).to eq(
104
+ "alert()"
105
+ )
106
+ end
107
+ end
108
+
109
+ context "with a whitelist" do
110
+ context "that does not specify locations for the param" do
111
+ it "return return NOT_WHITELISTED" do
112
+ policy = PayloadsPolicy.from_json({
113
+ "payloads" => {
114
+ "send_payloads" => true,
115
+ "send_whitelist" => {
116
+ "username" => ["*"]
117
+ }
118
+ }
119
+ })
120
+ configuration = double("configuration")
121
+
122
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
123
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
124
+ true
125
+ )
126
+ expect(policy).to receive(:log).with(
127
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
128
+ )
129
+
130
+ payload = policy.apply(
131
+ "xss",
132
+ nil,
133
+ TCellAgent::Utils::Params::GET_PARAM,
134
+ "password",
135
+ "alert()",
136
+ {"l" => "query"},
137
+ "pattern"
138
+ )
139
+
140
+ expect(payload).to eq(
141
+ "NOT_WHITELISTED"
142
+ )
143
+ end
144
+ end
145
+
146
+ context "that specifies locations for the param" do
147
+ context "param location does not match specified location do" do
148
+ it "return should return NOT_WHITELISTED" do
149
+ policy = PayloadsPolicy.from_json({
150
+ "payloads" => {
151
+ "send_payloads" => true,
152
+ "send_whitelist" => {
153
+ "username" => ["*"],
154
+ "password" => ["cookie"]
155
+ }
156
+ }
157
+ })
158
+ configuration = double("configuration")
159
+
160
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
161
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
162
+ true
163
+ )
164
+ expect(policy).to receive(:log).with(
165
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
166
+ )
167
+
168
+ payload = policy.apply(
169
+ "xss",
170
+ nil,
171
+ TCellAgent::Utils::Params::GET_PARAM,
172
+ "password",
173
+ "alert()",
174
+ {"l" => "query"},
175
+ "pattern"
176
+ )
177
+
178
+ expect(payload).to eq(
179
+ "NOT_WHITELISTED"
180
+ )
181
+ end
182
+ end
183
+
184
+ context "param location matches the specified location in the whitelist" do
185
+ it "return the vulnerable value" do
186
+ policy = PayloadsPolicy.from_json({
187
+ "payloads" => {
188
+ "send_payloads" => true,
189
+ "send_whitelist" => {
190
+ "username" => ["*"],
191
+ "PASSWORD" => ["form"]
192
+ }
193
+ }
194
+ })
195
+ configuration = double("configuration")
196
+
197
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
198
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
199
+ true
200
+ )
201
+ expect(policy).to receive(:log).with(
202
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
203
+ )
204
+
205
+ payload = policy.apply(
206
+ "xss",
207
+ nil,
208
+ TCellAgent::Utils::Params::GET_PARAM,
209
+ "password",
210
+ "alert()",
211
+ {"l" => "query"},
212
+ "pattern"
213
+ )
214
+
215
+ expect(payload).to eq(
216
+ "alert()"
217
+ )
218
+ end
219
+ end
220
+ end
221
+ end
222
+ end
223
+
224
+ context "with a blacklist" do
225
+ context "that does not specify locations for the param" do
226
+ context "with no whitelist" do
227
+ it "should return the vulnerable value" do
228
+ policy = PayloadsPolicy.from_json({
229
+ "payloads" => {
230
+ "send_payloads" => true,
231
+ "send_blacklist" => {
232
+ "username" => ["*"]
233
+ }
234
+ }
235
+ })
236
+ configuration = double("configuration")
237
+
238
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
239
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
240
+ true
241
+ )
242
+ expect(policy).to receive(:log).with(
243
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
244
+ )
245
+
246
+ payload = policy.apply(
247
+ "xss",
248
+ nil,
249
+ TCellAgent::Utils::Params::GET_PARAM,
250
+ "password",
251
+ "alert()",
252
+ {"l" => "query"},
253
+ "pattern"
254
+ )
255
+
256
+ expect(payload).to eq(
257
+ "alert()"
258
+ )
259
+ end
260
+ end
261
+
262
+ context "with a whitelist" do
263
+ context "that does not specify locations for the param" do
264
+ it "should return NOT_WHITELISTED" do
265
+ policy = PayloadsPolicy.from_json({
266
+ "payloads" => {
267
+ "send_payloads" => true,
268
+ "send_blacklist" => {
269
+ "username" => ["*"]
270
+ },
271
+ "send_whitelist" => {
272
+ "username" => ["*"]
273
+ }
274
+ }
275
+ })
276
+ configuration = double("configuration")
277
+
278
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
279
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
280
+ true
281
+ )
282
+ expect(policy).to receive(:log).with(
283
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
284
+ )
285
+
286
+ payload = policy.apply(
287
+ "xss",
288
+ nil,
289
+ TCellAgent::Utils::Params::GET_PARAM,
290
+ "password",
291
+ "alert()",
292
+ {"l" => "query"},
293
+ "pattern"
294
+ )
295
+
296
+ expect(payload).to eq(
297
+ "NOT_WHITELISTED"
298
+ )
299
+ end
300
+ end
301
+
302
+ context "that specifies locations for the param" do
303
+ context "param location does not match specified location" do
304
+ it "should return NOT_WHITELISTED" do
305
+ policy = PayloadsPolicy.from_json({
306
+ "payloads" => {
307
+ "send_payloads" => true,
308
+ "send_blacklist" => {
309
+ "username" => ["*"],
310
+ },
311
+ "send_whitelist" => {
312
+ "password" => ["cookie"]
313
+ }
314
+ }
315
+ })
316
+ configuration = double("configuration")
317
+
318
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
319
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
320
+ true
321
+ )
322
+ expect(policy).to receive(:log).with(
323
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
324
+ )
325
+
326
+ payload = policy.apply(
327
+ "xss",
328
+ nil,
329
+ TCellAgent::Utils::Params::GET_PARAM,
330
+ "password",
331
+ "alert()",
332
+ {"l" => "query"},
333
+ "pattern"
334
+ )
335
+
336
+ expect(payload).to eq(
337
+ "NOT_WHITELISTED"
338
+ )
339
+ end
340
+ end
341
+
342
+ context "param location matches the specified location" do
343
+ it "should return the vulnerable value" do
344
+ policy = PayloadsPolicy.from_json({
345
+ "payloads" => {
346
+ "send_payloads" => true,
347
+ "send_blacklist" => {
348
+ "username" => ["*"],
349
+ },
350
+ "send_whitelist" => {
351
+ "PASSWORD" => ["form"]
352
+ }
353
+ }
354
+ })
355
+ configuration = double("configuration")
356
+
357
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
358
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
359
+ true
360
+ )
361
+ expect(policy).to receive(:log).with(
362
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
363
+ )
364
+
365
+ payload = policy.apply(
366
+ "xss",
367
+ nil,
368
+ TCellAgent::Utils::Params::GET_PARAM,
369
+ "password",
370
+ "alert()",
371
+ {"l" => "query"},
372
+ "pattern"
373
+ )
374
+
375
+ expect(payload).to eq(
376
+ "alert()"
377
+ )
378
+ end
379
+ end
380
+ end
381
+ end
382
+ end
383
+
384
+ context "that specifies locations for the param" do
385
+ context "param location does not match specified location" do
386
+ it "should return the vulnerable value" do
387
+ policy = PayloadsPolicy.from_json({
388
+ "payloads" => {
389
+ "send_payloads" => true,
390
+ "send_blacklist" => {
391
+ "password" => ["cookie"],
392
+ }
393
+ }
394
+ })
395
+ configuration = double("configuration")
396
+
397
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
398
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
399
+ true
400
+ )
401
+ expect(policy).to receive(:log).with(
402
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
403
+ )
404
+
405
+ payload = policy.apply(
406
+ "xss",
407
+ nil,
408
+ TCellAgent::Utils::Params::GET_PARAM,
409
+ "password",
410
+ "alert()",
411
+ {"l" => "query"},
412
+ "pattern"
413
+ )
414
+
415
+ expect(payload).to eq(
416
+ "alert()"
417
+ )
418
+ end
419
+ end
420
+
421
+ context "param location matches the specified location" do
422
+ it "should return BLACKLISTED" do
423
+ policy = PayloadsPolicy.from_json({
424
+ "payloads" => {
425
+ "send_payloads" => true,
426
+ "send_blacklist" => {
427
+ "password" => ["form"],
428
+ }
429
+ }
430
+ })
431
+ configuration = double("configuration")
432
+
433
+ expect(TCellAgent).to receive(:configuration).and_return(configuration)
434
+ expect(configuration).to receive(:allow_unencrypted_appfirewall_payloads).and_return(
435
+ true
436
+ )
437
+ expect(policy).to receive(:log).with(
438
+ "xss", nil, TCellAgent::Utils::Params::GET_PARAM, "password", "alert()", {"l" => "query"}, "pattern"
439
+ )
440
+
441
+ payload = policy.apply(
442
+ "xss",
443
+ nil,
444
+ TCellAgent::Utils::Params::GET_PARAM,
445
+ "password",
446
+ "alert()",
447
+ {"l" => "query"},
448
+ "pattern"
449
+ )
450
+
451
+ expect(payload).to eq(
452
+ "BLACKLISTED"
453
+ )
454
+ end
455
+ end
456
+ end
457
+ end
458
+ end
459
+ end
460
+
461
+ end
462
+
463
+ end
464
+
465
+ end
466
+ end