tcell_agent 0.2.19 → 0.2.21

Sign up to get free protection for your applications and to get access to all the features.
Files changed (60) hide show
  1. checksums.yaml +4 -4
  2. data/LICENSE_libinjection +32 -0
  3. data/Rakefile +14 -1
  4. data/ext/libinjection/extconf.rb +3 -0
  5. data/ext/libinjection/libinjection.h +65 -0
  6. data/ext/libinjection/libinjection_html5.c +847 -0
  7. data/ext/libinjection/libinjection_html5.h +54 -0
  8. data/ext/libinjection/libinjection_sqli.c +2317 -0
  9. data/ext/libinjection/libinjection_sqli.h +295 -0
  10. data/ext/libinjection/libinjection_sqli_data.h +9004 -0
  11. data/ext/libinjection/libinjection_wrap.c +3525 -0
  12. data/ext/libinjection/libinjection_xss.c +531 -0
  13. data/ext/libinjection/libinjection_xss.h +21 -0
  14. data/lib/tcell_agent/configuration.rb +0 -48
  15. data/lib/tcell_agent/logger.rb +1 -0
  16. data/lib/tcell_agent/policies/appsensor/database_sensor.rb +8 -20
  17. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +30 -46
  18. data/lib/tcell_agent/policies/appsensor/login_sensor.rb +1 -4
  19. data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +8 -22
  20. data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +143 -0
  21. data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -1
  22. data/lib/tcell_agent/policies/appsensor/sensor.rb +21 -2
  23. data/lib/tcell_agent/policies/appsensor/size_sensor.rb +3 -1
  24. data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +9 -0
  25. data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +1 -5
  26. data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +9 -1
  27. data/lib/tcell_agent/policies/appsensor_policy.rb +40 -19
  28. data/lib/tcell_agent/policies/http_redirect_policy.rb +12 -2
  29. data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
  30. data/lib/tcell_agent/rails/dlp.rb +98 -76
  31. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  32. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +2 -2
  33. data/lib/tcell_agent/rails/on_start.rb +53 -20
  34. data/lib/tcell_agent/sensor_events/appsensor_event.rb +12 -19
  35. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -2
  36. data/lib/tcell_agent/sensor_events/sensor.rb +10 -11
  37. data/lib/tcell_agent/sensor_events/server_agent.rb +17 -12
  38. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +148 -139
  39. data/lib/tcell_agent/utils/params.rb +24 -21
  40. data/lib/tcell_agent/version.rb +1 -1
  41. data/spec/lib/tcell_agent/configuration_spec.rb +0 -179
  42. data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +6 -4
  43. data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +31 -22
  44. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +466 -0
  45. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +890 -0
  46. data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +484 -0
  47. data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -3
  48. data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +4 -4
  49. data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +1 -1
  50. data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +85 -0
  51. data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +36 -16
  52. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +188 -312
  53. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +61 -0
  54. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +18 -11
  55. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +14 -15
  56. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +1 -1
  57. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +6 -5
  58. data/spec/lib/tcell_agent/utils/params_spec.rb +28 -108
  59. data/tcell_agent.gemspec +21 -1
  60. metadata +37 -4
data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # encoding: utf-8
2
+
1
3
  require 'spec_helper'
2
4
 
3
5
  module TCellAgent
@@ -166,6 +168,48 @@ module TCellAgent
166
168
  @sensor = XssSensor.new({"enabled" => true})
167
169
  end
168
170
 
171
+ context "with libinjection enabled" do
172
+ context "with param value that doesn't match any vulnerabilities" do
173
+ it "should return nil" do
174
+ @sensor.libinjection = true
175
+
176
+ ruleset = double("ruleset")
177
+ expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
178
+ expect(ruleset).to receive(:check_violation).with(
179
+ "param", "value", {}, false
180
+ ).and_return(nil)
181
+
182
+ expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
183
+ end
184
+
185
+ context "and it has utf-8 chars" do
186
+ it "should return nil but not fail miserably" do
187
+ @sensor.libinjection = true
188
+
189
+ ruleset = double("ruleset")
190
+ expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
191
+ expect(ruleset).to receive(:check_violation).with(
192
+ "param", "Müller", {}, false
193
+ ).and_return(nil)
194
+
195
+ expect(@sensor.find_vulnerability("param", "Müller")).to eq(nil)
196
+ end
197
+ end
198
+ end
199
+
200
+ context "with param value that matches a vulnerability" do
201
+ it "should return the param and it's value" do
202
+ @sensor.libinjection = true
203
+
204
+ expect(@sensor).to_not receive(:get_ruleset)
205
+
206
+ expect(@sensor.find_vulnerability("param_name", "<script>")).to eq(
207
+ {"param"=>"param_name", "value"=>"<script>", "pattern"=>"li"}
208
+ )
209
+ end
210
+ end
211
+ end
212
+
169
213
  context "with no ruleset" do
170
214
  it "should return nil" do
171
215
  expect(@sensor).to receive(:get_ruleset).and_return(nil)
@@ -203,6 +247,8 @@ module TCellAgent
203
247
 
204
248
  describe "#check" do
205
249
  before(:each) do
250
+ @payloads_policy = double("payloads_policy")
251
+
206
252
  @meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new
207
253
  @meta.remote_address = "remote_address"
208
254
  @meta.method = "get"
@@ -215,8 +261,10 @@ module TCellAgent
215
261
 
216
262
  context "disabled sensor" do
217
263
  it "should return false" do
264
+ expect(@payloads_policy).to_not receive(:apply)
265
+
218
266
  sensor = XssSensor.new({"enabled" => false})
219
- result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
267
+ result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
220
268
 
221
269
  expect(result).to eq(false)
222
270
  end
@@ -229,8 +277,16 @@ module TCellAgent
229
277
 
230
278
  context "param has NO vulnerability" do
231
279
  it "should return false" do
280
+ expect(@payloads_policy).to_not receive(:apply)
281
+
232
282
  sensor = XssSensor.new({"enabled" => false})
233
- result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
283
+ result = sensor.check(
284
+ XssSensor::GET_PARAM,
285
+ @meta,
286
+ "param_name",
287
+ "param_value",
288
+ @payloads_policy
289
+ )
234
290
 
235
291
  expect(result).to eq(false)
236
292
  end
@@ -238,7 +294,7 @@ module TCellAgent
238
294
  context "no excluded routes" do
239
295
  it "should return false" do
240
296
  sensor = XssSensor.new({"enabled" => false, "exclude_routes" => []})
241
- result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
297
+ result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
242
298
 
243
299
  expect(result).to eq(false)
244
300
  end
@@ -248,7 +304,7 @@ module TCellAgent
248
304
  context "route id matches" do
249
305
  it "should return false" do
250
306
  sensor = XssSensor.new({"enabled" => false, "exclude_routes" => ["route_id"]})
251
- result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
307
+ result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
252
308
 
253
309
  expect(result).to eq(false)
254
310
  end
@@ -256,7 +312,7 @@ module TCellAgent
256
312
  context "route id does not match" do
257
313
  it "should return false" do
258
314
  sensor = XssSensor.new({"enabled" => false, "exclude_routes" => ["unmatching_route_id"]})
259
- result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
315
+ result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
260
316
 
261
317
  expect(result).to eq(false)
262
318
  end
@@ -265,17 +321,64 @@ module TCellAgent
265
321
  end
266
322
 
267
323
  context "param has a vulnerability" do
324
+ context "param is a URI param" do
325
+ context "exclude forms sensor" do
326
+ it "should return false" do
327
+ @sensor.exclude_forms = true
328
+ @sensor.exclude_cookies = false
329
+
330
+ expect(@payloads_policy).to_not receive(:apply)
331
+ expect(@sensor).to_not receive(:find_vulnerability)
332
+ expect(@sensor).to_not receive(:send_event)
333
+
334
+ result = @sensor.check(XssSensor::URI_PARAM, @meta, "param_name", "param_value", @payloads_policy)
335
+
336
+ expect(result).to eq(false)
337
+ end
338
+ end
339
+
340
+ context "exclude cookies sensor" do
341
+ it "should return true" do
342
+ @sensor.exclude_forms = false
343
+ @sensor.exclude_cookies = true
344
+
345
+ expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
346
+ expect(@sensor).to receive(:find_vulnerability).and_return(
347
+ {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
348
+ )
349
+ expect(@sensor).to receive(:send_event).with(
350
+ @meta,
351
+ "xss",
352
+ "vuln_param",
353
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::URI_PARAM]},
354
+ "vuln_value",
355
+ "1"
356
+ )
357
+
358
+ result = @sensor.check(XssSensor::URI_PARAM, @meta, "param_name", "param_value", @payloads_policy)
359
+
360
+ expect(result).to eq(true)
361
+ end
362
+ end
363
+ end
364
+
268
365
  context "param is a GET param" do
269
366
  context "exclude forms sensor" do
270
367
  it "should return false" do
271
368
  @sensor.exclude_forms = true
272
369
  @sensor.exclude_cookies = false
273
370
 
274
- expect(TCellAgent).to_not receive(:configuration)
371
+ expect(@payloads_policy).to_not receive(:apply)
275
372
  expect(@sensor).to_not receive(:find_vulnerability)
276
373
  expect(@sensor).to_not receive(:send_event)
277
374
 
278
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
375
+ result = @sensor.check(
376
+ XssSensor::GET_PARAM,
377
+ @meta,
378
+ "param_name",
379
+ "param_value",
380
+ @payloads_policy
381
+ )
279
382
 
280
383
  expect(result).to eq(false)
281
384
  end
@@ -286,11 +389,11 @@ module TCellAgent
286
389
  @sensor.exclude_cookies = false
287
390
  @sensor.excluded_route_ids = {}
288
391
 
289
- expect(TCellAgent).to_not receive(:configuration)
392
+ expect(@payloads_policy).to_not receive(:apply)
290
393
  expect(@sensor).to_not receive(:find_vulnerability)
291
394
  expect(@sensor).to_not receive(:send_event)
292
395
 
293
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
396
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
294
397
 
295
398
  expect(result).to eq(false)
296
399
  end
@@ -303,11 +406,11 @@ module TCellAgent
303
406
  @sensor.exclude_cookies = false
304
407
  @sensor.excluded_route_ids = {"route_id" => true}
305
408
 
306
- expect(TCellAgent).to_not receive(:configuration)
409
+ expect(@payloads_policy).to_not receive(:apply)
307
410
  expect(@sensor).to_not receive(:find_vulnerability)
308
411
  expect(@sensor).to_not receive(:send_event)
309
412
 
310
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
413
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
311
414
 
312
415
  expect(result).to eq(false)
313
416
  end
@@ -318,11 +421,11 @@ module TCellAgent
318
421
  @sensor.exclude_cookies = false
319
422
  @sensor.excluded_route_ids = {"unmatching_route_id" => true}
320
423
 
321
- expect(TCellAgent).to_not receive(:configuration)
424
+ expect(@payloads_policy).to_not receive(:apply)
322
425
  expect(@sensor).to_not receive(:find_vulnerability)
323
426
  expect(@sensor).to_not receive(:send_event)
324
427
 
325
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
428
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
326
429
 
327
430
  expect(result).to eq(false)
328
431
  end
@@ -334,290 +437,53 @@ module TCellAgent
334
437
  it "should return true" do
335
438
  @sensor.exclude_forms = false
336
439
  @sensor.exclude_cookies = true
337
- configuration = double(
338
- "configuration",
339
- allow_unencrypted_appfirewall_payloads_logging: false,
340
- allow_unencrypted_appfirewall_payloads: true,
341
- blacklisted_params: {},
342
- whitelist_present: false
343
- )
344
440
 
345
441
  expect(@sensor).to receive(:find_vulnerability).and_return(
346
442
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
347
443
  )
348
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
444
+ expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
349
445
  expect(@sensor).to receive(:send_event).with(
350
446
  @meta,
351
447
  "xss",
352
448
  "vuln_param",
353
- {"t" => XssSensor::GET_PARAM}.to_json,
449
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
354
450
  "vuln_value",
355
451
  "1"
356
452
  )
357
453
 
358
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
454
+ result = @sensor.check(
455
+ XssSensor::GET_PARAM,
456
+ @meta,
457
+ "param_name",
458
+ "param_value",
459
+ @payloads_policy
460
+ )
359
461
 
360
462
  expect(result).to eq(true)
361
463
  end
362
464
 
363
- context "allow_unencrypted_appfirewall_payloads is false" do
364
- context "param is blacklisted" do
365
- it "should return true" do
366
- @sensor.exclude_forms = false
367
- @sensor.exclude_cookies = true
368
-
369
- configuration = double(
370
- "configuration",
371
- allow_unencrypted_appfirewall_payloads_logging: false,
372
- allow_unencrypted_appfirewall_payloads: false,
373
- blacklisted_params: {"vuln_param" => true},
374
- whitelist_present: false
375
- )
376
-
377
- expect(@sensor).to receive(:find_vulnerability).and_return(
378
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
379
- )
380
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
381
- expect(@sensor).to receive(:send_event).with(
382
- @meta,
383
- "xss",
384
- "vuln_param",
385
- {"t" => XssSensor::GET_PARAM}.to_json,
386
- nil,
387
- "1"
388
- )
389
-
390
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
391
-
392
- expect(result).to eq(true)
393
- end
394
- end
395
-
396
- context "param is whitelisted" do
397
- it "should return true" do
398
- @sensor.exclude_forms = false
399
- @sensor.exclude_cookies = true
400
-
401
- configuration = double(
402
- "configuration",
403
- allow_unencrypted_appfirewall_payloads_logging: false,
404
- allow_unencrypted_appfirewall_payloads: false,
405
- blacklisted_params: {},
406
- whitelist_present: true,
407
- whitelisted_params: {"vuln_param" => true}
408
- )
409
-
410
- expect(@sensor).to receive(:find_vulnerability).and_return(
411
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
412
- )
413
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
414
- expect(@sensor).to receive(:send_event).with(
415
- @meta,
416
- "xss",
417
- "vuln_param",
418
- {"t" => XssSensor::GET_PARAM}.to_json,
419
- nil,
420
- "1"
421
- )
422
-
423
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
424
-
425
- expect(result).to eq(true)
426
- end
427
- end
428
-
429
- context "params is not blacklisted and there is no whitelist" do
430
- it "should return true" do
431
- @sensor.exclude_forms = false
432
- @sensor.exclude_cookies = true
433
-
434
- configuration = double(
435
- "configuration",
436
- allow_unencrypted_appfirewall_payloads_logging: false,
437
- allow_unencrypted_appfirewall_payloads: false,
438
- blacklisted_params: {},
439
- whitelist_present: false
440
- )
441
-
442
- expect(@sensor).to receive(:find_vulnerability).and_return(
443
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
444
- )
445
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
446
- expect(@sensor).to receive(:send_event).with(
447
- @meta,
448
- "xss",
449
- "vuln_param",
450
- {"t" => XssSensor::GET_PARAM}.to_json,
451
- nil,
452
- "1"
453
- )
454
-
455
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
456
-
457
- expect(result).to eq(true)
458
- end
459
- end
460
- end
461
-
462
- context "allow_unencrypted_appfirewall_payloads is true" do
463
- context "params is blacklisted" do
464
- it "should return true" do
465
- @sensor.exclude_forms = false
466
- @sensor.exclude_cookies = true
467
-
468
- configuration = double(
469
- "configuration",
470
- allow_unencrypted_appfirewall_payloads_logging: false,
471
- allow_unencrypted_appfirewall_payloads: true,
472
- blacklisted_params: {"vuln_param" => true},
473
- whitelist_present: false
474
- )
475
-
476
- expect(@sensor).to receive(:find_vulnerability).and_return(
477
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
478
- )
479
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
480
- expect(@sensor).to receive(:send_event).with(
481
- @meta,
482
- "xss",
483
- "vuln_param",
484
- {"t" => XssSensor::GET_PARAM}.to_json,
485
- "BLACKLISTED",
486
- "1"
487
- )
488
-
489
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
490
-
491
- expect(result).to eq(true)
492
- end
493
- end
494
-
495
- context "param is whitelisted" do
496
- it "should return true" do
497
- @sensor.exclude_forms = false
498
- @sensor.exclude_cookies = true
499
-
500
- configuration = double(
501
- "configuration",
502
- allow_unencrypted_appfirewall_payloads_logging: false,
503
- allow_unencrypted_appfirewall_payloads: true,
504
- blacklisted_params: {},
505
- whitelist_present: true,
506
- whitelisted_params: {"vuln_param" => true}
507
- )
508
-
509
- expect(@sensor).to receive(:find_vulnerability).and_return(
510
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
511
- )
512
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
513
- expect(@sensor).to receive(:send_event).with(
514
- @meta,
515
- "xss",
516
- "vuln_param",
517
- {"t" => XssSensor::GET_PARAM}.to_json,
518
- "vuln_value",
519
- "1"
520
- )
521
-
522
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
523
-
524
- expect(result).to eq(true)
525
- end
526
- end
527
-
528
- context "param is blacklisted and whitelisted" do
529
- it "should return true" do
530
- @sensor.exclude_forms = false
531
- @sensor.exclude_cookies = true
532
-
533
- configuration = double(
534
- "configuration",
535
- allow_unencrypted_appfirewall_payloads_logging: false,
536
- allow_unencrypted_appfirewall_payloads: true,
537
- blacklisted_params: {"vuln_param" => true},
538
- whitelist_present: true,
539
- whitelisted_params: {"vuln_param" => true}
540
- )
541
-
542
- expect(@sensor).to receive(:find_vulnerability).and_return(
543
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
544
- )
545
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
546
- expect(@sensor).to receive(:send_event).with(
547
- @meta,
548
- "xss",
549
- "vuln_param",
550
- {"t" => XssSensor::GET_PARAM}.to_json,
551
- "BLACKLISTED",
552
- "1"
553
- )
554
-
555
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
556
-
557
- expect(result).to eq(true)
558
- end
559
- end
560
-
561
- context "params is not blacklisted and there is no whitelist" do
562
- it "should return true" do
563
- @sensor.exclude_forms = false
564
- @sensor.exclude_cookies = true
565
-
566
- configuration = double(
567
- "configuration",
568
- allow_unencrypted_appfirewall_payloads_logging: false,
569
- allow_unencrypted_appfirewall_payloads: true,
570
- blacklisted_params: {},
571
- whitelist_present: false
572
- )
573
-
574
- expect(@sensor).to receive(:find_vulnerability).and_return(
575
- {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
576
- )
577
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
578
- expect(@sensor).to receive(:send_event).with(
579
- @meta,
580
- "xss",
581
- "vuln_param",
582
- {"t" => XssSensor::GET_PARAM}.to_json,
583
- "vuln_value",
584
- "1"
585
- )
586
-
587
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
588
-
589
- expect(result).to eq(true)
590
- end
591
- end
592
- end
593
-
594
465
  context "no excluded routes" do
595
466
  it "should return true" do
596
467
  @sensor.exclude_forms = false
597
468
  @sensor.exclude_cookies = true
598
469
  @sensor.excluded_route_ids = {}
599
- configuration = double(
600
- "configuration",
601
- allow_unencrypted_appfirewall_payloads_logging: false,
602
- allow_unencrypted_appfirewall_payloads: true,
603
- blacklisted_params: {},
604
- whitelist_present: false
605
- )
606
470
 
607
471
  expect(@sensor).to receive(:find_vulnerability).and_return(
608
472
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
609
473
  )
610
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
474
+ expect(@payloads_policy).to receive(:apply).with(
475
+ "xss", {}, "get", "vuln_param", "vuln_value", {"l"=>"query"}, "1"
476
+ ).and_return("vuln_value")
611
477
  expect(@sensor).to receive(:send_event).with(
612
478
  @meta,
613
479
  "xss",
614
480
  "vuln_param",
615
- {"t" => XssSensor::GET_PARAM}.to_json,
481
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
616
482
  "vuln_value",
617
483
  "1"
618
484
  )
619
485
 
620
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
486
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
621
487
 
622
488
  expect(result).to eq(true)
623
489
  end
@@ -630,11 +496,11 @@ module TCellAgent
630
496
  @sensor.exclude_cookies = true
631
497
  @sensor.excluded_route_ids = {"route_id" => true}
632
498
 
633
- expect(TCellAgent).to_not receive(:configuration)
634
499
  expect(@sensor).to_not receive(:find_vulnerability)
500
+ expect(@payloads_policy).to_not receive(:apply)
635
501
  expect(@sensor).to_not receive(:send_event)
636
502
 
637
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
503
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
638
504
 
639
505
  expect(result).to eq(false)
640
506
  end
@@ -645,28 +511,23 @@ module TCellAgent
645
511
  @sensor.exclude_forms = false
646
512
  @sensor.exclude_cookies = true
647
513
  @sensor.excluded_route_ids = {"unmatching_route_id" => true}
648
- configuration = double(
649
- "configuration",
650
- allow_unencrypted_appfirewall_payloads_logging: false,
651
- allow_unencrypted_appfirewall_payloads: true,
652
- blacklisted_params: {},
653
- whitelist_present: false
654
- )
655
514
 
656
515
  expect(@sensor).to receive(:find_vulnerability).and_return(
657
516
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
658
517
  )
659
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
518
+ expect(@payloads_policy).to receive(:apply).with(
519
+ "xss", {}, "get", "vuln_param", "vuln_value", {"l"=>"query"}, "1"
520
+ ).and_return("vuln_value")
660
521
  expect(@sensor).to receive(:send_event).with(
661
522
  @meta,
662
523
  "xss",
663
524
  "vuln_param",
664
- {"t" => XssSensor::GET_PARAM}.to_json,
525
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
665
526
  "vuln_value",
666
527
  "1"
667
528
  )
668
529
 
669
- result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value")
530
+ result = @sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
670
531
 
671
532
  expect(result).to eq(true)
672
533
  end
@@ -681,11 +542,17 @@ module TCellAgent
681
542
  @sensor.exclude_forms = true
682
543
  @sensor.exclude_cookies = false
683
544
 
684
- expect(TCellAgent).to_not receive(:configuration)
545
+ expect(@payloads_policy).to_not receive(:apply)
685
546
  expect(@sensor).to_not receive(:find_vulnerability)
686
547
  expect(@sensor).to_not receive(:send_event)
687
548
 
688
- result = @sensor.check(XssSensor::POST_PARAM, @meta, "param_name", "param_value")
549
+ result = @sensor.check(
550
+ XssSensor::POST_PARAM,
551
+ @meta,
552
+ "param_name",
553
+ "param_value",
554
+ @payloads_policy
555
+ )
689
556
 
690
557
  expect(result).to eq(false)
691
558
  end
@@ -695,28 +562,27 @@ module TCellAgent
695
562
  it "should return true" do
696
563
  @sensor.exclude_forms = false
697
564
  @sensor.exclude_cookies = true
698
- configuration = double(
699
- "configuration",
700
- allow_unencrypted_appfirewall_payloads_logging: false,
701
- allow_unencrypted_appfirewall_payloads: true,
702
- blacklisted_params: {},
703
- whitelist_present: false
704
- )
705
565
 
706
566
  expect(@sensor).to receive(:find_vulnerability).and_return(
707
567
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
708
568
  )
709
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
569
+ expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
710
570
  expect(@sensor).to receive(:send_event).with(
711
571
  @meta,
712
572
  "xss",
713
573
  "vuln_param",
714
- {"t" => XssSensor::POST_PARAM}.to_json,
574
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::POST_PARAM]},
715
575
  "vuln_value",
716
576
  "1"
717
577
  )
718
578
 
719
- result = @sensor.check(XssSensor::POST_PARAM, @meta, "param_name", "param_value")
579
+ result = @sensor.check(
580
+ XssSensor::POST_PARAM,
581
+ @meta,
582
+ "param_name",
583
+ "param_value",
584
+ @payloads_policy
585
+ )
720
586
 
721
587
  expect(result).to eq(true)
722
588
  end
@@ -729,11 +595,17 @@ module TCellAgent
729
595
  @sensor.exclude_forms = true
730
596
  @sensor.exclude_cookies = false
731
597
 
732
- expect(TCellAgent).to_not receive(:configuration)
598
+ expect(@payloads_policy).to_not receive(:apply)
733
599
  expect(@sensor).to_not receive(:find_vulnerability)
734
600
  expect(@sensor).to_not receive(:send_event)
735
601
 
736
- result = @sensor.check(XssSensor::JSON_PARAM, @meta, "param_name", "param_value")
602
+ result = @sensor.check(
603
+ XssSensor::JSON_PARAM,
604
+ @meta,
605
+ "param_name",
606
+ "param_value",
607
+ @payloads_policy
608
+ )
737
609
 
738
610
  expect(result).to eq(false)
739
611
  end
@@ -743,28 +615,27 @@ module TCellAgent
743
615
  it "should return true" do
744
616
  @sensor.exclude_forms = false
745
617
  @sensor.exclude_cookies = true
746
- configuration = double(
747
- "configuration",
748
- allow_unencrypted_appfirewall_payloads_logging: false,
749
- allow_unencrypted_appfirewall_payloads: true,
750
- blacklisted_params: {},
751
- whitelist_present: false
752
- )
753
618
 
754
619
  expect(@sensor).to receive(:find_vulnerability).and_return(
755
620
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
756
621
  )
757
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
622
+ expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
758
623
  expect(@sensor).to receive(:send_event).with(
759
624
  @meta,
760
625
  "xss",
761
626
  "vuln_param",
762
- {"t" => XssSensor::JSON_PARAM}.to_json,
627
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::JSON_PARAM]},
763
628
  "vuln_value",
764
629
  "1"
765
630
  )
766
631
 
767
- result = @sensor.check(XssSensor::JSON_PARAM, @meta, "param_name", "param_value")
632
+ result = @sensor.check(
633
+ XssSensor::JSON_PARAM,
634
+ @meta,
635
+ "param_name",
636
+ "param_value",
637
+ @payloads_policy
638
+ )
768
639
 
769
640
  expect(result).to eq(true)
770
641
  end
@@ -776,28 +647,27 @@ module TCellAgent
776
647
  it "should return true" do
777
648
  @sensor.exclude_forms = true
778
649
  @sensor.exclude_cookies = false
779
- configuration = double(
780
- "configuration",
781
- allow_unencrypted_appfirewall_payloads_logging: false,
782
- allow_unencrypted_appfirewall_payloads: true,
783
- blacklisted_params: {},
784
- whitelist_present: false
785
- )
786
650
 
787
651
  expect(@sensor).to receive(:find_vulnerability).and_return(
788
652
  {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
789
653
  )
790
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
654
+ expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
791
655
  expect(@sensor).to receive(:send_event).with(
792
656
  @meta,
793
657
  "xss",
794
658
  "vuln_param",
795
- {"t" => XssSensor::COOKIE_PARAM}.to_json,
659
+ {"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::COOKIE_PARAM]},
796
660
  "vuln_value",
797
661
  "1"
798
662
  )
799
663
 
800
- result = @sensor.check(XssSensor::COOKIE_PARAM, @meta, "param_name", "param_value")
664
+ result = @sensor.check(
665
+ XssSensor::COOKIE_PARAM,
666
+ @meta,
667
+ "param_name",
668
+ "param_value",
669
+ @payloads_policy
670
+ )
801
671
 
802
672
  expect(result).to eq(true)
803
673
  end
@@ -808,11 +678,17 @@ module TCellAgent
808
678
  @sensor.exclude_forms = false
809
679
  @sensor.exclude_cookies = true
810
680
 
811
- expect(TCellAgent).to_not receive(:configuration)
812
681
  expect(@sensor).to_not receive(:find_vulnerability)
682
+ expect(@payloads_policy).to_not receive(:apply)
813
683
  expect(@sensor).to_not receive(:send_event)
814
684
 
815
- result = @sensor.check(XssSensor::COOKIE_PARAM, @meta, "param_name", "param_value")
685
+ result = @sensor.check(
686
+ XssSensor::COOKIE_PARAM,
687
+ @meta,
688
+ "param_name",
689
+ "param_value",
690
+ @payloads_policy
691
+ )
816
692
 
817
693
  expect(result).to eq(false)
818
694
  end