tcell_agent 0.2.19 → 0.2.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE_libinjection +32 -0
  3. data/Rakefile +14 -1
  4. data/ext/libinjection/extconf.rb +3 -0
  5. data/ext/libinjection/libinjection.h +65 -0
  6. data/ext/libinjection/libinjection_html5.c +847 -0
  7. data/ext/libinjection/libinjection_html5.h +54 -0
  8. data/ext/libinjection/libinjection_sqli.c +2317 -0
  9. data/ext/libinjection/libinjection_sqli.h +295 -0
  10. data/ext/libinjection/libinjection_sqli_data.h +9004 -0
  11. data/ext/libinjection/libinjection_wrap.c +3525 -0
  12. data/ext/libinjection/libinjection_xss.c +531 -0
  13. data/ext/libinjection/libinjection_xss.h +21 -0
  14. data/lib/tcell_agent/configuration.rb +0 -48
  15. data/lib/tcell_agent/logger.rb +1 -0
  16. data/lib/tcell_agent/policies/appsensor/database_sensor.rb +8 -20
  17. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +30 -46
  18. data/lib/tcell_agent/policies/appsensor/login_sensor.rb +1 -4
  19. data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +8 -22
  20. data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +143 -0
  21. data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -1
  22. data/lib/tcell_agent/policies/appsensor/sensor.rb +21 -2
  23. data/lib/tcell_agent/policies/appsensor/size_sensor.rb +3 -1
  24. data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +9 -0
  25. data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +1 -5
  26. data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +9 -1
  27. data/lib/tcell_agent/policies/appsensor_policy.rb +40 -19
  28. data/lib/tcell_agent/policies/http_redirect_policy.rb +12 -2
  29. data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
  30. data/lib/tcell_agent/rails/dlp.rb +98 -76
  31. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  32. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +2 -2
  33. data/lib/tcell_agent/rails/on_start.rb +53 -20
  34. data/lib/tcell_agent/sensor_events/appsensor_event.rb +12 -19
  35. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -2
  36. data/lib/tcell_agent/sensor_events/sensor.rb +10 -11
  37. data/lib/tcell_agent/sensor_events/server_agent.rb +17 -12
  38. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +148 -139
  39. data/lib/tcell_agent/utils/params.rb +24 -21
  40. data/lib/tcell_agent/version.rb +1 -1
  41. data/spec/lib/tcell_agent/configuration_spec.rb +0 -179
  42. data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +6 -4
  43. data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +31 -22
  44. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +466 -0
  45. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +890 -0
  46. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +484 -0
  47. data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -3
  48. data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +4 -4
  49. data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +1 -1
  50. data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +85 -0
  51. data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +36 -16
  52. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +188 -312
  53. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +61 -0
  54. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +18 -11
  55. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +14 -15
  56. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +1 -1
  57. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +6 -5
  58. data/spec/lib/tcell_agent/utils/params_spec.rb +28 -108
  59. data/tcell_agent.gemspec +21 -1
  60. metadata +37 -4
@@ -1,3 +1,5 @@
1
+ # encoding: utf-8
2
+
1
3
  require 'spec_helper'
2
4
 
3
5
  module TCellAgent
@@ -166,6 +168,48 @@ module TCellAgent
166
168
  @sensor = XssSensor.new({"enabled" => true})
167
169
  end
168
170
 
171
+ context "with libinjection enabled" do
172
+ context "with param value that doesn't match any vulnerabilities" do
173
+ it "should return nil" do
174
+ @sensor.libinjection = true
175
+
176
+ ruleset = double("ruleset")
177
+ expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
178
+ expect(ruleset).to receive(:check_violation).with(
179
+ "param", "value", {}, false
180
+ ).and_return(nil)
181
+
182
+ expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
183
+ end
184
+
185
+ context "and it has utf-8 chars" do
186
+ it "should return nil but not fail miserably" do
187
+ @sensor.libinjection = true
188
+
189
+ ruleset = double("ruleset")
190
+ expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
191
+ expect(ruleset).to receive(:check_violation).with(
192
+ "param", "Müller", {}, false
193
+ ).and_return(nil)
194
+
195
+ expect(@sensor.find_vulnerability("param", "Müller")).to eq(nil)
196
+ end
197
+ end
198
+ end
199
+
200
+ context "with param value that matches a vulnerability" do
201
+ it "should return the param and it's value" do
202
+ @sensor.libinjection = true
203
+
204
+ expect(@sensor).to_not receive(:get_ruleset)
205
+
206
+ expect(@sensor.find_vulnerability("param_name", "<script>")).to eq(
207
+ {"param"=>"param_name", "value"=>"<script>", "pattern"=>"li"}
208
+ )
209
+ end
210
+ end
211
+ end
212
+
169
213
  context "with no ruleset" do
170
214
  it "should return nil" do
171
215
  expect(@sensor).to receive(:get_ruleset).and_return(nil)
@@ -203,6 +247,8 @@ module TCellAgent
203
247
 
204
248
  describe "#check" do
205
249
  before(:each) do
250
+ @payloads_policy = double("payloads_policy")
251
+
206
252
  @meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new
207
253
  @meta.remote_address = "remote_address"
208
254
  @meta.method = "get"
@@ -215,8 +261,10 @@ module TCellAgent
215
261
 
216
262
  context "disabled sensor" do
217
263
  it "should return false" do
264
+ expect(@payloads_policy).to_not receive(:apply)
265
+
218
266
  sensor = XssSensor.new({"enabled" => false})
219
- result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
267
+ result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
220
268
 
221
269
  expect(result).to eq(false)
222
270
  end
@@ -229,8 +277,16 @@ module TCellAgent
229
277
 
230
278
  context "param has NO vulnerability" do
231
279
  it "should return false" do
280
+ expect(@payloads_policy).to_not receive(:apply)
281
+
232
282
  sensor = XssSensor.new({"enabled" => false})
233
- result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
283
+ result = sensor.check(
284
+ XssSensor::GET_PARAM,
285
+ @meta,
286
+ "param_name",
287
+ "param_value",
288
+ @payloads_policy
289
+ )
234
290
 
235
291
  expect(result).to eq(false)
236
292
  end
@@ -238,7 +294,7 @@ module TCellAgent
238
294
  context "no excluded routes" do
239
295
  it "should return false" do
240
296
  sensor = XssSensor.new({"enabled" => false, "exclude_routes" => []})
241
- result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
297
+ result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
242
298
 
243
299
  expect(result).to eq(false)
244
300
  end
@@ -248,7 +304,7 @@ module TCellAgent
248
304
  context "route id matches" do
249
305
  it "should return false" do
250
306
  sensor = XssSensor.new({"enabled" => false, "exclude_routes" => ["route_id"]})
251
- result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
307
+ result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
252
308
 
253
309
  expect(result).to eq(false)
254
310
  end
@@ -256,7 +312,7 @@ module TCellAgent
256
312
  context "route id does not match" do
257
313
  it "should return false" do
258
314
  sensor = XssSensor.new({"enabled" => false, "exclude_routes" => ["unmatching_route_id"]})
259
- result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
315
+ result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
260
316
 
261
317
  expect(result).to eq(false)
262
318
  end
@@ -265,17 +321,64 @@ module TCellAgent
265
321
  end
266
322
 
267
323
  context "param has a vulnerability" do
324
+ context "param is a URI param" do
325
+ context "exclude forms sensor" do
326
+ it "should return false" do
327
+ @sensor.exclude_forms = true
328
+ @sensor.exclude_cookies = false
329
+
330
+ expect(@payloads_policy).to_not receive(:apply)
331
+ expect(@sensor).to_not receive(:find_vulnerability)
332
+ expect(@sensor).to_not receive(:send_event)
333
+
334
+ result = @sensor.check(XssSensor::URI_PARAM, @meta, "param_name", "param_value", @payloads_policy)
335
+
336
+ expect(result).to eq(false)
337
+ end
338
+ end
339
+
340
+ context "exclude cookies sensor" do
341
+ it "should return true" do
342
+ @sensor.exclude_forms = false
343
+ @sensor.exclude_cookies = true
344
+
345
+ expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
346
+ expect(@sensor).to receive(:find_vulnerability).and_return(
347
+ {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
348
+ )
349
+ expect(@sensor).to receive(:send_event).with(
350
+ @meta,
351
+ "xss",
352
+ "vuln_param",
353
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::URI_PARAM]},
354
+ "vuln_value",
355
+ "1"
356
+ )
357
+
358
+ result = @sensor.check(XssSensor::URI_PARAM, @meta, "param_name", "param_value", @payloads_policy)
359
+
360
+ expect(result).to eq(true)
361
+ end
362
+ end
363
+ end
364
+
268
365
  context "param is a GET param" do
269
366
  context "exclude forms sensor" do
270
367
  it "should return false" do
271
368
  @sensor.exclude_forms = true
272
369
  @sensor.exclude_cookies = false
273
370
 
274
- expect(TCellAgent).to_not receive(:configuration)
371
+ expect(@payloads_policy).to_not receive(:apply)
275
372
  expect(@sensor).to_not receive(:find_vulnerability)
276
373
  expect(@sensor).to_not receive(:send_event)
277
374
 
278
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
375
+ result = @sensor.check(
376
+ XssSensor::GET_PARAM,
377
+ @meta,
378
+ "param_name",
379
+ "param_value",
380
+ @payloads_policy
381
+ )
279
382
 
280
383
  expect(result).to eq(false)
281
384
  end
@@ -286,11 +389,11 @@ module TCellAgent
286
389
  @sensor.exclude_cookies = false
287
390
  @sensor.excluded_route_ids = {}
288
391
 
289
- expect(TCellAgent).to_not receive(:configuration)
392
+ expect(@payloads_policy).to_not receive(:apply)
290
393
  expect(@sensor).to_not receive(:find_vulnerability)
291
394
  expect(@sensor).to_not receive(:send_event)
292
395
 
293
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
396
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
294
397
 
295
398
  expect(result).to eq(false)
296
399
  end
@@ -303,11 +406,11 @@ module TCellAgent
303
406
  @sensor.exclude_cookies = false
304
407
  @sensor.excluded_route_ids = {"route_id" => true}
305
408
 
306
- expect(TCellAgent).to_not receive(:configuration)
409
+ expect(@payloads_policy).to_not receive(:apply)
307
410
  expect(@sensor).to_not receive(:find_vulnerability)
308
411
  expect(@sensor).to_not receive(:send_event)
309
412
 
310
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
413
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
311
414
 
312
415
  expect(result).to eq(false)
313
416
  end
@@ -318,11 +421,11 @@ module TCellAgent
318
421
  @sensor.exclude_cookies = false
319
422
  @sensor.excluded_route_ids = {"unmatching_route_id" => true}
320
423
 
321
- expect(TCellAgent).to_not receive(:configuration)
424
+ expect(@payloads_policy).to_not receive(:apply)
322
425
  expect(@sensor).to_not receive(:find_vulnerability)
323
426
  expect(@sensor).to_not receive(:send_event)
324
427
 
325
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
428
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
326
429
 
327
430
  expect(result).to eq(false)
328
431
  end
@@ -334,290 +437,53 @@ module TCellAgent
334
437
  it "should return true" do
335
438
  @sensor.exclude_forms = false
336
439
  @sensor.exclude_cookies = true
337
- configuration = double(
338
- "configuration",
339
- allow_unencrypted_appfirewall_payloads_logging: false,
340
- allow_unencrypted_appfirewall_payloads: true,
341
- blacklisted_params: {},
342
- whitelist_present: false
343
- )
344
440
 
345
441
  expect(@sensor).to receive(:find_vulnerability).and_return(
346
442
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
347
443
  )
348
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
444
+ expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
349
445
  expect(@sensor).to receive(:send_event).with(
350
446
  @meta,
351
447
  "xss",
352
448
  "vuln_param",
353
- {"t" => XssSensor::GET_PARAM}.to_json,
449
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
354
450
  "vuln_value",
355
451
  "1"
356
452
  )
357
453
 
358
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
454
+ result = @sensor.check(
455
+ XssSensor::GET_PARAM,
456
+ @meta,
457
+ "param_name",
458
+ "param_value",
459
+ @payloads_policy
460
+ )
359
461
 
360
462
  expect(result).to eq(true)
361
463
  end
362
464
 
363
- context "allow_unencrypted_appfirewall_payloads is false" do
364
- context "param is blacklisted" do
365
- it "should return true" do
366
- @sensor.exclude_forms = false
367
- @sensor.exclude_cookies = true
368
-
369
- configuration = double(
370
- "configuration",
371
- allow_unencrypted_appfirewall_payloads_logging: false,
372
- allow_unencrypted_appfirewall_payloads: false,
373
- blacklisted_params: {"vuln_param" => true},
374
- whitelist_present: false
375
- )
376
-
377
- expect(@sensor).to receive(:find_vulnerability).and_return(
378
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
379
- )
380
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
381
- expect(@sensor).to receive(:send_event).with(
382
- @meta,
383
- "xss",
384
- "vuln_param",
385
- {"t" => XssSensor::GET_PARAM}.to_json,
386
- nil,
387
- "1"
388
- )
389
-
390
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
391
-
392
- expect(result).to eq(true)
393
- end
394
- end
395
-
396
- context "param is whitelisted" do
397
- it "should return true" do
398
- @sensor.exclude_forms = false
399
- @sensor.exclude_cookies = true
400
-
401
- configuration = double(
402
- "configuration",
403
- allow_unencrypted_appfirewall_payloads_logging: false,
404
- allow_unencrypted_appfirewall_payloads: false,
405
- blacklisted_params: {},
406
- whitelist_present: true,
407
- whitelisted_params: {"vuln_param" => true}
408
- )
409
-
410
- expect(@sensor).to receive(:find_vulnerability).and_return(
411
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
412
- )
413
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
414
- expect(@sensor).to receive(:send_event).with(
415
- @meta,
416
- "xss",
417
- "vuln_param",
418
- {"t" => XssSensor::GET_PARAM}.to_json,
419
- nil,
420
- "1"
421
- )
422
-
423
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
424
-
425
- expect(result).to eq(true)
426
- end
427
- end
428
-
429
- context "params is not blacklisted and there is no whitelist" do
430
- it "should return true" do
431
- @sensor.exclude_forms = false
432
- @sensor.exclude_cookies = true
433
-
434
- configuration = double(
435
- "configuration",
436
- allow_unencrypted_appfirewall_payloads_logging: false,
437
- allow_unencrypted_appfirewall_payloads: false,
438
- blacklisted_params: {},
439
- whitelist_present: false
440
- )
441
-
442
- expect(@sensor).to receive(:find_vulnerability).and_return(
443
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
444
- )
445
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
446
- expect(@sensor).to receive(:send_event).with(
447
- @meta,
448
- "xss",
449
- "vuln_param",
450
- {"t" => XssSensor::GET_PARAM}.to_json,
451
- nil,
452
- "1"
453
- )
454
-
455
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
456
-
457
- expect(result).to eq(true)
458
- end
459
- end
460
- end
461
-
462
- context "allow_unencrypted_appfirewall_payloads is true" do
463
- context "params is blacklisted" do
464
- it "should return true" do
465
- @sensor.exclude_forms = false
466
- @sensor.exclude_cookies = true
467
-
468
- configuration = double(
469
- "configuration",
470
- allow_unencrypted_appfirewall_payloads_logging: false,
471
- allow_unencrypted_appfirewall_payloads: true,
472
- blacklisted_params: {"vuln_param" => true},
473
- whitelist_present: false
474
- )
475
-
476
- expect(@sensor).to receive(:find_vulnerability).and_return(
477
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
478
- )
479
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
480
- expect(@sensor).to receive(:send_event).with(
481
- @meta,
482
- "xss",
483
- "vuln_param",
484
- {"t" => XssSensor::GET_PARAM}.to_json,
485
- "BLACKLISTED",
486
- "1"
487
- )
488
-
489
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
490
-
491
- expect(result).to eq(true)
492
- end
493
- end
494
-
495
- context "param is whitelisted" do
496
- it "should return true" do
497
- @sensor.exclude_forms = false
498
- @sensor.exclude_cookies = true
499
-
500
- configuration = double(
501
- "configuration",
502
- allow_unencrypted_appfirewall_payloads_logging: false,
503
- allow_unencrypted_appfirewall_payloads: true,
504
- blacklisted_params: {},
505
- whitelist_present: true,
506
- whitelisted_params: {"vuln_param" => true}
507
- )
508
-
509
- expect(@sensor).to receive(:find_vulnerability).and_return(
510
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
511
- )
512
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
513
- expect(@sensor).to receive(:send_event).with(
514
- @meta,
515
- "xss",
516
- "vuln_param",
517
- {"t" => XssSensor::GET_PARAM}.to_json,
518
- "vuln_value",
519
- "1"
520
- )
521
-
522
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
523
-
524
- expect(result).to eq(true)
525
- end
526
- end
527
-
528
- context "param is blacklisted and whitelisted" do
529
- it "should return true" do
530
- @sensor.exclude_forms = false
531
- @sensor.exclude_cookies = true
532
-
533
- configuration = double(
534
- "configuration",
535
- allow_unencrypted_appfirewall_payloads_logging: false,
536
- allow_unencrypted_appfirewall_payloads: true,
537
- blacklisted_params: {"vuln_param" => true},
538
- whitelist_present: true,
539
- whitelisted_params: {"vuln_param" => true}
540
- )
541
-
542
- expect(@sensor).to receive(:find_vulnerability).and_return(
543
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
544
- )
545
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
546
- expect(@sensor).to receive(:send_event).with(
547
- @meta,
548
- "xss",
549
- "vuln_param",
550
- {"t" => XssSensor::GET_PARAM}.to_json,
551
- "BLACKLISTED",
552
- "1"
553
- )
554
-
555
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
556
-
557
- expect(result).to eq(true)
558
- end
559
- end
560
-
561
- context "params is not blacklisted and there is no whitelist" do
562
- it "should return true" do
563
- @sensor.exclude_forms = false
564
- @sensor.exclude_cookies = true
565
-
566
- configuration = double(
567
- "configuration",
568
- allow_unencrypted_appfirewall_payloads_logging: false,
569
- allow_unencrypted_appfirewall_payloads: true,
570
- blacklisted_params: {},
571
- whitelist_present: false
572
- )
573
-
574
- expect(@sensor).to receive(:find_vulnerability).and_return(
575
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
576
- )
577
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
578
- expect(@sensor).to receive(:send_event).with(
579
- @meta,
580
- "xss",
581
- "vuln_param",
582
- {"t" => XssSensor::GET_PARAM}.to_json,
583
- "vuln_value",
584
- "1"
585
- )
586
-
587
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
588
-
589
- expect(result).to eq(true)
590
- end
591
- end
592
- end
593
-
594
465
  context "no excluded routes" do
595
466
  it "should return true" do
596
467
  @sensor.exclude_forms = false
597
468
  @sensor.exclude_cookies = true
598
469
  @sensor.excluded_route_ids = {}
599
- configuration = double(
600
- "configuration",
601
- allow_unencrypted_appfirewall_payloads_logging: false,
602
- allow_unencrypted_appfirewall_payloads: true,
603
- blacklisted_params: {},
604
- whitelist_present: false
605
- )
606
470
 
607
471
  expect(@sensor).to receive(:find_vulnerability).and_return(
608
472
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
609
473
  )
610
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
474
+ expect(@payloads_policy).to receive(:apply).with(
475
+ "xss", {}, "get", "vuln_param", "vuln_value", {"l"=>"query"}, "1"
476
+ ).and_return("vuln_value")
611
477
  expect(@sensor).to receive(:send_event).with(
612
478
  @meta,
613
479
  "xss",
614
480
  "vuln_param",
615
- {"t" => XssSensor::GET_PARAM}.to_json,
481
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
616
482
  "vuln_value",
617
483
  "1"
618
484
  )
619
485
 
620
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
486
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
621
487
 
622
488
  expect(result).to eq(true)
623
489
  end
@@ -630,11 +496,11 @@ module TCellAgent
630
496
  @sensor.exclude_cookies = true
631
497
  @sensor.excluded_route_ids = {"route_id" => true}
632
498
 
633
- expect(TCellAgent).to_not receive(:configuration)
634
499
  expect(@sensor).to_not receive(:find_vulnerability)
500
+ expect(@payloads_policy).to_not receive(:apply)
635
501
  expect(@sensor).to_not receive(:send_event)
636
502
 
637
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
503
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
638
504
 
639
505
  expect(result).to eq(false)
640
506
  end
@@ -645,28 +511,23 @@ module TCellAgent
645
511
  @sensor.exclude_forms = false
646
512
  @sensor.exclude_cookies = true
647
513
  @sensor.excluded_route_ids = {"unmatching_route_id" => true}
648
- configuration = double(
649
- "configuration",
650
- allow_unencrypted_appfirewall_payloads_logging: false,
651
- allow_unencrypted_appfirewall_payloads: true,
652
- blacklisted_params: {},
653
- whitelist_present: false
654
- )
655
514
 
656
515
  expect(@sensor).to receive(:find_vulnerability).and_return(
657
516
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
658
517
  )
659
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
518
+ expect(@payloads_policy).to receive(:apply).with(
519
+ "xss", {}, "get", "vuln_param", "vuln_value", {"l"=>"query"}, "1"
520
+ ).and_return("vuln_value")
660
521
  expect(@sensor).to receive(:send_event).with(
661
522
  @meta,
662
523
  "xss",
663
524
  "vuln_param",
664
- {"t" => XssSensor::GET_PARAM}.to_json,
525
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
665
526
  "vuln_value",
666
527
  "1"
667
528
  )
668
529
 
669
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
530
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
670
531
 
671
532
  expect(result).to eq(true)
672
533
  end
@@ -681,11 +542,17 @@ module TCellAgent
681
542
  @sensor.exclude_forms = true
682
543
  @sensor.exclude_cookies = false
683
544
 
684
- expect(TCellAgent).to_not receive(:configuration)
545
+ expect(@payloads_policy).to_not receive(:apply)
685
546
  expect(@sensor).to_not receive(:find_vulnerability)
686
547
  expect(@sensor).to_not receive(:send_event)
687
548
 
688
- result = @sensor.check(XssSensor::POST_PARAM, @meta, "param_name", "param_value")
549
+ result = @sensor.check(
550
+ XssSensor::POST_PARAM,
551
+ @meta,
552
+ "param_name",
553
+ "param_value",
554
+ @payloads_policy
555
+ )
689
556
 
690
557
  expect(result).to eq(false)
691
558
  end
@@ -695,28 +562,27 @@ module TCellAgent
695
562
  it "should return true" do
696
563
  @sensor.exclude_forms = false
697
564
  @sensor.exclude_cookies = true
698
- configuration = double(
699
- "configuration",
700
- allow_unencrypted_appfirewall_payloads_logging: false,
701
- allow_unencrypted_appfirewall_payloads: true,
702
- blacklisted_params: {},
703
- whitelist_present: false
704
- )
705
565
 
706
566
  expect(@sensor).to receive(:find_vulnerability).and_return(
707
567
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
708
568
  )
709
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
569
+ expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
710
570
  expect(@sensor).to receive(:send_event).with(
711
571
  @meta,
712
572
  "xss",
713
573
  "vuln_param",
714
- {"t" => XssSensor::POST_PARAM}.to_json,
574
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::POST_PARAM]},
715
575
  "vuln_value",
716
576
  "1"
717
577
  )
718
578
 
719
- result = @sensor.check(XssSensor::POST_PARAM, @meta, "param_name", "param_value")
579
+ result = @sensor.check(
580
+ XssSensor::POST_PARAM,
581
+ @meta,
582
+ "param_name",
583
+ "param_value",
584
+ @payloads_policy
585
+ )
720
586
 
721
587
  expect(result).to eq(true)
722
588
  end
@@ -729,11 +595,17 @@ module TCellAgent
729
595
  @sensor.exclude_forms = true
730
596
  @sensor.exclude_cookies = false
731
597
 
732
- expect(TCellAgent).to_not receive(:configuration)
598
+ expect(@payloads_policy).to_not receive(:apply)
733
599
  expect(@sensor).to_not receive(:find_vulnerability)
734
600
  expect(@sensor).to_not receive(:send_event)
735
601
 
736
- result = @sensor.check(XssSensor::JSON_PARAM, @meta, "param_name", "param_value")
602
+ result = @sensor.check(
603
+ XssSensor::JSON_PARAM,
604
+ @meta,
605
+ "param_name",
606
+ "param_value",
607
+ @payloads_policy
608
+ )
737
609
 
738
610
  expect(result).to eq(false)
739
611
  end
@@ -743,28 +615,27 @@ module TCellAgent
743
615
  it "should return true" do
744
616
  @sensor.exclude_forms = false
745
617
  @sensor.exclude_cookies = true
746
- configuration = double(
747
- "configuration",
748
- allow_unencrypted_appfirewall_payloads_logging: false,
749
- allow_unencrypted_appfirewall_payloads: true,
750
- blacklisted_params: {},
751
- whitelist_present: false
752
- )
753
618
 
754
619
  expect(@sensor).to receive(:find_vulnerability).and_return(
755
620
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
756
621
  )
757
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
622
+ expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
758
623
  expect(@sensor).to receive(:send_event).with(
759
624
  @meta,
760
625
  "xss",
761
626
  "vuln_param",
762
- {"t" => XssSensor::JSON_PARAM}.to_json,
627
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::JSON_PARAM]},
763
628
  "vuln_value",
764
629
  "1"
765
630
  )
766
631
 
767
- result = @sensor.check(XssSensor::JSON_PARAM, @meta, "param_name", "param_value")
632
+ result = @sensor.check(
633
+ XssSensor::JSON_PARAM,
634
+ @meta,
635
+ "param_name",
636
+ "param_value",
637
+ @payloads_policy
638
+ )
768
639
 
769
640
  expect(result).to eq(true)
770
641
  end
@@ -776,28 +647,27 @@ module TCellAgent
776
647
  it "should return true" do
777
648
  @sensor.exclude_forms = true
778
649
  @sensor.exclude_cookies = false
779
- configuration = double(
780
- "configuration",
781
- allow_unencrypted_appfirewall_payloads_logging: false,
782
- allow_unencrypted_appfirewall_payloads: true,
783
- blacklisted_params: {},
784
- whitelist_present: false
785
- )
786
650
 
787
651
  expect(@sensor).to receive(:find_vulnerability).and_return(
788
652
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
789
653
  )
790
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
654
+ expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
791
655
  expect(@sensor).to receive(:send_event).with(
792
656
  @meta,
793
657
  "xss",
794
658
  "vuln_param",
795
- {"t" => XssSensor::COOKIE_PARAM}.to_json,
659
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::COOKIE_PARAM]},
796
660
  "vuln_value",
797
661
  "1"
798
662
  )
799
663
 
800
- result = @sensor.check(XssSensor::COOKIE_PARAM, @meta, "param_name", "param_value")
664
+ result = @sensor.check(
665
+ XssSensor::COOKIE_PARAM,
666
+ @meta,
667
+ "param_name",
668
+ "param_value",
669
+ @payloads_policy
670
+ )
801
671
 
802
672
  expect(result).to eq(true)
803
673
  end
@@ -808,11 +678,17 @@ module TCellAgent
808
678
  @sensor.exclude_forms = false
809
679
  @sensor.exclude_cookies = true
810
680
 
811
- expect(TCellAgent).to_not receive(:configuration)
812
681
  expect(@sensor).to_not receive(:find_vulnerability)
682
+ expect(@payloads_policy).to_not receive(:apply)
813
683
  expect(@sensor).to_not receive(:send_event)
814
684
 
815
- result = @sensor.check(XssSensor::COOKIE_PARAM, @meta, "param_name", "param_value")
685
+ result = @sensor.check(
686
+ XssSensor::COOKIE_PARAM,
687
+ @meta,
688
+ "param_name",
689
+ "param_value",
690
+ @payloads_policy
691
+ )
816
692
 
817
693
  expect(result).to eq(false)
818
694
  end