tcell_agent 0.2.19 → 0.2.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE_libinjection +32 -0
- data/Rakefile +14 -1
- data/ext/libinjection/extconf.rb +3 -0
- data/ext/libinjection/libinjection.h +65 -0
- data/ext/libinjection/libinjection_html5.c +847 -0
- data/ext/libinjection/libinjection_html5.h +54 -0
- data/ext/libinjection/libinjection_sqli.c +2317 -0
- data/ext/libinjection/libinjection_sqli.h +295 -0
- data/ext/libinjection/libinjection_sqli_data.h +9004 -0
- data/ext/libinjection/libinjection_wrap.c +3525 -0
- data/ext/libinjection/libinjection_xss.c +531 -0
- data/ext/libinjection/libinjection_xss.h +21 -0
- data/lib/tcell_agent/configuration.rb +0 -48
- data/lib/tcell_agent/logger.rb +1 -0
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +8 -20
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +30 -46
- data/lib/tcell_agent/policies/appsensor/login_sensor.rb +1 -4
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +8 -22
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +143 -0
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/sensor.rb +21 -2
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +9 -0
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +1 -5
- data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +9 -1
- data/lib/tcell_agent/policies/appsensor_policy.rb +40 -19
- data/lib/tcell_agent/policies/http_redirect_policy.rb +12 -2
- data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
- data/lib/tcell_agent/rails/dlp.rb +98 -76
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +2 -2
- data/lib/tcell_agent/rails/on_start.rb +53 -20
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +12 -19
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -2
- data/lib/tcell_agent/sensor_events/sensor.rb +10 -11
- data/lib/tcell_agent/sensor_events/server_agent.rb +17 -12
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +148 -139
- data/lib/tcell_agent/utils/params.rb +24 -21
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +0 -179
- data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +6 -4
- data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +31 -22
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +466 -0
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +890 -0
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +484 -0
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -3
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +1 -1
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +85 -0
- data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +36 -16
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +188 -312
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +61 -0
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +18 -11
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +14 -15
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +1 -1
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +6 -5
- data/spec/lib/tcell_agent/utils/params_spec.rb +28 -108
- data/tcell_agent.gemspec +21 -1
- metadata +37 -4
@@ -33,6 +33,9 @@ module TCellAgent
|
|
33
33
|
|
34
34
|
expect(empty_policy.policy_id).to eq("01a1")
|
35
35
|
expect(empty_policy.enabled).to eq(false)
|
36
|
+
expect(empty_policy.payloads_policy).to_not be_nil
|
37
|
+
expect(empty_policy.payloads_policy.send_payloads).to eq(false)
|
38
|
+
expect(empty_policy.payloads_policy.log_payloads).to eq(false)
|
36
39
|
expect(empty_policy.options["req_size"]).to be_nil
|
37
40
|
expect(empty_policy.options["resp_size"]).to be_nil
|
38
41
|
expect(empty_policy.options["resp_codes"]).to be_nil
|
@@ -63,6 +66,9 @@ module TCellAgent
|
|
63
66
|
|
64
67
|
expect(empty_policy.policy_id).to eq("01a1")
|
65
68
|
expect(empty_policy.enabled).to eq(false)
|
69
|
+
expect(empty_policy.payloads_policy).to_not be_nil
|
70
|
+
expect(empty_policy.payloads_policy.send_payloads).to eq(false)
|
71
|
+
expect(empty_policy.payloads_policy.log_payloads).to eq(false)
|
66
72
|
expect(empty_policy.options["req_size"]).to be_nil
|
67
73
|
expect(empty_policy.options["resp_size"]).to be_nil
|
68
74
|
expect(empty_policy.options["resp_codes"]).to be_nil
|
@@ -93,6 +99,10 @@ module TCellAgent
|
|
93
99
|
policy = AppSensorPolicy.from_json(policy_json)
|
94
100
|
|
95
101
|
expect(policy.policy_id).to eq("01a1")
|
102
|
+
expect(policy.enabled).to eq(true)
|
103
|
+
expect(policy.payloads_policy).to_not be_nil
|
104
|
+
expect(policy.payloads_policy.send_payloads).to eq(true)
|
105
|
+
expect(policy.payloads_policy.log_payloads).to eq(true)
|
96
106
|
expect(policy.options["req_size"]).to_not be_nil
|
97
107
|
expect(policy.options["resp_size"]).to_not be_nil
|
98
108
|
expect(policy.options["resp_codes"]).to_not be_nil
|
@@ -147,6 +157,9 @@ module TCellAgent
|
|
147
157
|
empty_policy = AppSensorPolicy.from_json(policy_json)
|
148
158
|
|
149
159
|
expect(empty_policy.policy_id).to eq("01a1")
|
160
|
+
expect(empty_policy.enabled).to eq(true)
|
161
|
+
expect(empty_policy.payloads_policy.send_payloads).to eq(true)
|
162
|
+
expect(empty_policy.payloads_policy.log_payloads).to eq(true)
|
150
163
|
expect(empty_policy.options["req_size"]).to_not be_nil
|
151
164
|
expect(empty_policy.options["resp_size"]).to_not be_nil
|
152
165
|
expect(empty_policy.options["resp_codes"]).to_not be_nil
|
@@ -211,6 +224,9 @@ module TCellAgent
|
|
211
224
|
policy = AppSensorPolicy.from_json(policy_json)
|
212
225
|
|
213
226
|
expect(policy.policy_id).to eq("01a1")
|
227
|
+
expect(policy.enabled).to eq(true)
|
228
|
+
expect(policy.payloads_policy.send_payloads).to eq(true)
|
229
|
+
expect(policy.payloads_policy.log_payloads).to eq(true)
|
214
230
|
expect(policy.options["req_size"]).to_not be_nil
|
215
231
|
expect(policy.options["resp_size"]).to_not be_nil
|
216
232
|
expect(policy.options["resp_codes"]).to_not be_nil
|
@@ -279,6 +295,9 @@ module TCellAgent
|
|
279
295
|
|
280
296
|
expect(empty_policy.policy_id).to eq("01a1")
|
281
297
|
expect(empty_policy.enabled).to eq(false)
|
298
|
+
expect(empty_policy.payloads_policy).to_not be_nil
|
299
|
+
expect(empty_policy.payloads_policy.send_payloads).to eq(false)
|
300
|
+
expect(empty_policy.payloads_policy.log_payloads).to eq(false)
|
282
301
|
expect(empty_policy.options["req_size"]).to be_nil
|
283
302
|
expect(empty_policy.options["resp_size"]).to be_nil
|
284
303
|
expect(empty_policy.options["resp_codes"]).to be_nil
|
@@ -311,6 +330,9 @@ module TCellAgent
|
|
311
330
|
|
312
331
|
expect(empty_policy.policy_id).to eq("01a1")
|
313
332
|
expect(empty_policy.enabled).to eq(false)
|
333
|
+
expect(empty_policy.payloads_policy).to_not be_nil
|
334
|
+
expect(empty_policy.payloads_policy.send_payloads).to eq(false)
|
335
|
+
expect(empty_policy.payloads_policy.log_payloads).to eq(false)
|
314
336
|
expect(empty_policy.options["req_size"]).to be_nil
|
315
337
|
expect(empty_policy.options["resp_size"]).to be_nil
|
316
338
|
expect(empty_policy.options["resp_codes"]).to be_nil
|
@@ -346,6 +368,9 @@ module TCellAgent
|
|
346
368
|
policy = AppSensorPolicy.from_json(policy_json)
|
347
369
|
|
348
370
|
expect(policy.policy_id).to eq("01a1")
|
371
|
+
expect(policy.payloads_policy).to_not be_nil
|
372
|
+
expect(policy.payloads_policy.send_payloads).to eq(false)
|
373
|
+
expect(policy.payloads_policy.log_payloads).to eq(false)
|
349
374
|
expect(policy.options["req_size"]).to_not be_nil
|
350
375
|
expect(policy.options["resp_size"]).to_not be_nil
|
351
376
|
expect(policy.options["resp_codes"]).to_not be_nil
|
@@ -409,6 +434,9 @@ module TCellAgent
|
|
409
434
|
policy = AppSensorPolicy.from_json(policy_json)
|
410
435
|
|
411
436
|
expect(policy.policy_id).to eq("01a1")
|
437
|
+
expect(policy.payloads_policy).to_not be_nil
|
438
|
+
expect(policy.payloads_policy.send_payloads).to eq(false)
|
439
|
+
expect(policy.payloads_policy.log_payloads).to eq(false)
|
412
440
|
expect(policy.options["req_size"]).to_not be_nil
|
413
441
|
expect(policy.options["resp_size"]).to_not be_nil
|
414
442
|
expect(policy.options["resp_codes"]).to_not be_nil
|
@@ -457,6 +485,22 @@ module TCellAgent
|
|
457
485
|
"policy_id" => "01a1",
|
458
486
|
"version" => 2,
|
459
487
|
"data" => {
|
488
|
+
"options" => {
|
489
|
+
"payloads" => {
|
490
|
+
"send_payloads" => true,
|
491
|
+
"send_blacklist" => {
|
492
|
+
"JSESSIONID" => ["cookie"],
|
493
|
+
"ssn" => ["*"],
|
494
|
+
"password" => ["*"]
|
495
|
+
},
|
496
|
+
"send_whitelist" => {},
|
497
|
+
"log_payloads" => true,
|
498
|
+
"log_blacklist" => {},
|
499
|
+
"log_whitelist" => {
|
500
|
+
"username" => ["*"]
|
501
|
+
}
|
502
|
+
}
|
503
|
+
},
|
460
504
|
"sensors" => {
|
461
505
|
"req_size" => {
|
462
506
|
"limit" => 1024,
|
@@ -525,6 +569,7 @@ module TCellAgent
|
|
525
569
|
policy = AppSensorPolicy.from_json(policy_json)
|
526
570
|
|
527
571
|
expect(policy.policy_id).to eq("01a1")
|
572
|
+
expect(policy.payloads_policy).to_not be_nil
|
528
573
|
expect(policy.options["req_size"]).to_not be_nil
|
529
574
|
expect(policy.options["resp_size"]).to_not be_nil
|
530
575
|
expect(policy.options["resp_codes"]).to_not be_nil
|
@@ -563,8 +608,24 @@ module TCellAgent
|
|
563
608
|
expect(policy.options["fpt"].v1_compatability_enabled).to eq(false)
|
564
609
|
expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(false)
|
565
610
|
expect(policy.options["retr"].v1_compatability_enabled).to eq(false)
|
611
|
+
|
612
|
+
expect(policy.payloads_policy.send_payloads).to eq(true)
|
613
|
+
expect(policy.payloads_policy.send_blacklist).to eq({
|
614
|
+
"jsessionid" => Set.new(["cookie"]),
|
615
|
+
"ssn" => Set.new(["*"]),
|
616
|
+
"password" => Set.new(["*"])
|
617
|
+
})
|
618
|
+
expect(policy.payloads_policy.use_send_whitelist).to eq(true)
|
619
|
+
expect(policy.payloads_policy.send_whitelist).to eq({})
|
620
|
+
expect(policy.payloads_policy.log_payloads).to eq(true)
|
621
|
+
expect(policy.payloads_policy.log_blacklist).to eq({})
|
622
|
+
expect(policy.payloads_policy.use_log_whitelist).to eq(true)
|
623
|
+
expect(policy.payloads_policy.log_whitelist).to eq({
|
624
|
+
"username" => Set.new(["*"]),
|
625
|
+
})
|
566
626
|
end
|
567
627
|
end
|
628
|
+
|
568
629
|
end
|
569
630
|
end
|
570
631
|
end
|
@@ -71,7 +71,8 @@ module TCellAgent
|
|
71
71
|
"remote_addr"=>"1.3.3.4",
|
72
72
|
"m"=>"GET",
|
73
73
|
"pattern"=>"1",
|
74
|
-
"
|
74
|
+
"uri"=>"http://example.org/foo?xyz=",
|
75
|
+
"meta"=>{"l" => "query"}}
|
75
76
|
expect(TCellAgent.event_queue).to include(expected_as)
|
76
77
|
end
|
77
78
|
it "alerts on post xss payload" do
|
@@ -83,7 +84,8 @@ module TCellAgent
|
|
83
84
|
"remote_addr"=>"1.2.3.4",
|
84
85
|
"m"=>"POST",
|
85
86
|
"pattern"=>"1",
|
86
|
-
"
|
87
|
+
"uri"=>"http://example.org/foo",
|
88
|
+
"meta"=>{"l" => "body"}}
|
87
89
|
expect(TCellAgent.event_queue).to include(expected_as)
|
88
90
|
end #/it
|
89
91
|
it "alerts on get xss payload with route_id" do
|
@@ -93,10 +95,11 @@ module TCellAgent
|
|
93
95
|
"dp"=>"xss",
|
94
96
|
"param"=>"xyz",
|
95
97
|
"remote_addr"=>nil,
|
96
|
-
"
|
98
|
+
"rid"=>"myrouteid",
|
97
99
|
"m"=>"GET",
|
98
100
|
"pattern"=>"1",
|
99
|
-
"
|
101
|
+
"uri"=>"http://example.org/foo?xyz=",
|
102
|
+
"meta"=>{"l" => "query"}}
|
100
103
|
expect(TCellAgent.event_queue).to include(expected_as)
|
101
104
|
end
|
102
105
|
it "checks that payload is sent in xss with route_id" do
|
@@ -108,11 +111,12 @@ module TCellAgent
|
|
108
111
|
"dp"=>"xss",
|
109
112
|
"param"=>"xyz",
|
110
113
|
"remote_addr"=>nil,
|
111
|
-
"
|
114
|
+
"rid"=>"myrouteid",
|
112
115
|
"m"=>"GET",
|
113
116
|
"pattern"=>"1",
|
114
|
-
"
|
115
|
-
"payload"=>"<script>alert(1)</script>"
|
117
|
+
"uri"=>"http://example.org/foo?xyz=",
|
118
|
+
"payload"=>"<script>alert(1)</script>",
|
119
|
+
"meta"=>{"l" => "query"}}
|
116
120
|
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads= old_uap
|
117
121
|
expect(TCellAgent.event_queue).to include(expected_as)
|
118
122
|
end
|
@@ -142,7 +146,8 @@ module TCellAgent
|
|
142
146
|
"remote_addr"=>"1.3.3.4",
|
143
147
|
"m"=>"GET",
|
144
148
|
"pattern"=>"1",
|
145
|
-
"
|
149
|
+
"uri"=>"http://example.org/foo?xyz=&def=",
|
150
|
+
"meta"=>{"l" => "query"}}
|
146
151
|
expect(TCellAgent.event_queue).to include(expected_as)
|
147
152
|
end
|
148
153
|
end #/conext
|
@@ -169,7 +174,8 @@ module TCellAgent
|
|
169
174
|
"remote_addr"=>"1.3.3.4",
|
170
175
|
"m"=>"GET",
|
171
176
|
"pattern"=>"2",
|
172
|
-
"
|
177
|
+
"uri"=>"http://example.org/foo?xyz=",
|
178
|
+
"meta"=>{"l" => "query"}}
|
173
179
|
expect(TCellAgent.event_queue).to include(expected_as)
|
174
180
|
end
|
175
181
|
it "checks that payload is sent" do
|
@@ -183,8 +189,9 @@ module TCellAgent
|
|
183
189
|
"remote_addr"=>"1.3.3.4",
|
184
190
|
"m"=>"GET",
|
185
191
|
"pattern"=>"2",
|
186
|
-
"
|
187
|
-
"payload"=>"/etc/passwd"
|
192
|
+
"uri"=>"http://example.org/foo?xyz=",
|
193
|
+
"payload"=>"/etc/passwd",
|
194
|
+
"meta"=>{"l" => "query"}}
|
188
195
|
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads = old_uap
|
189
196
|
expect(TCellAgent.event_queue).to include(expected_as)
|
190
197
|
end
|
@@ -12,9 +12,9 @@ module TCellAgent
|
|
12
12
|
|
13
13
|
attr_reader :request_body
|
14
14
|
|
15
|
-
def initialize(route_id=nil,
|
15
|
+
def initialize(route_id=nil, hmac_session_id=nil)
|
16
16
|
@route_id = route_id
|
17
|
-
@
|
17
|
+
@hmac_session_id = hmac_session_id
|
18
18
|
@request_headers = {}
|
19
19
|
end
|
20
20
|
|
@@ -23,7 +23,7 @@ module TCellAgent
|
|
23
23
|
rack_request = Rack::Request.new(env)
|
24
24
|
response_headers = {'Content-Type' => 'text/html'}
|
25
25
|
env["tcell.request_data"].transaction_id = "a-b-c-d-e-f"
|
26
|
-
env["tcell.request_data"].
|
26
|
+
env["tcell.request_data"].hmac_session_id = @hmac_session_id
|
27
27
|
env["tcell.request_data"].route_id = @route_id
|
28
28
|
if (rack_request.params['rv'])
|
29
29
|
response_headers["Location"] = rack_request.params['rv']
|
@@ -40,7 +40,7 @@ module TCellAgent
|
|
40
40
|
describe HeadersMiddleware do
|
41
41
|
|
42
42
|
let(:app) { MockAppsensorRackApp.new }
|
43
|
-
let(:app2) { MockAppsensorRackApp.new(
|
43
|
+
let(:app2) { MockAppsensorRackApp.new("myrouteid", "hmac_sessionid") }
|
44
44
|
|
45
45
|
subject { withTCellMiddleware( app ) }
|
46
46
|
|
@@ -57,11 +57,11 @@ module TCellAgent
|
|
57
57
|
TCellAgent.thread_agent.processPolicyJson({"http-redirect"=>{
|
58
58
|
"policy_id"=>"153ed270-7481-11e5-9194-95dad9b9dec3",
|
59
59
|
"data"=>{
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
60
|
+
"enabled"=>true,
|
61
|
+
"block"=>false,
|
62
|
+
"whitelist"=>[]
|
63
|
+
}
|
64
|
+
}}, cache=false)
|
65
65
|
TCellAgent.empty_event_queue
|
66
66
|
end
|
67
67
|
it "sends redirect" do
|
@@ -73,17 +73,16 @@ module TCellAgent
|
|
73
73
|
it "sends redirect event with extra info" do
|
74
74
|
response = request2.get("/some/path2?abcdef=adsfsadf&rv=https://www.google.com", 'CONTENT_TYPE' => 'text/html', 'REMOTE_ADDR' => '1.3.3.4,3.4.5.6')
|
75
75
|
expect(response['Location']).to eq("https://www.google.com")
|
76
|
-
expected_as = {"event_type"=>"redirect", "method"=>"GET", "from_domain"=>"example.org", "status_code"=>200, "remote_addr"=>"1.3.3.4", "rid"=>"myrouteid", "from"=>"/some/path2?abcdef=&rv=", "to"=>"www.google.com", "sid"=>"
|
76
|
+
expected_as = {"event_type"=>"redirect", "method"=>"GET", "from_domain"=>"example.org", "status_code"=>200, "remote_addr"=>"1.3.3.4", "rid"=>"myrouteid", "from"=>"/some/path2?abcdef=&rv=", "to"=>"www.google.com", "sid"=>"hmac_sessionid"}
|
77
77
|
expect(TCellAgent.event_queue).to include(expected_as)
|
78
78
|
end
|
79
79
|
|
80
|
-
|
81
|
-
|
82
|
-
end #/
|
83
|
-
end #/describe
|
80
|
+
end #/conext
|
81
|
+
end #/context
|
82
|
+
end #/describe
|
84
83
|
|
85
84
|
|
85
|
+
end
|
86
86
|
end
|
87
87
|
end
|
88
88
|
end
|
89
|
-
end
|
@@ -56,7 +56,7 @@ module TCellAgent
|
|
56
56
|
{username:"tester",password:"pass"}.to_json
|
57
57
|
)
|
58
58
|
|
59
|
-
expect(@app_sensor_event_process.body_dict).to eq({"username"=>"tester","password"=>"pass"})
|
59
|
+
expect(@app_sensor_event_process.body_dict).to eq({["username"]=>"tester",["password"]=>"pass"})
|
60
60
|
end
|
61
61
|
end
|
62
62
|
|
@@ -6,13 +6,14 @@ module TCellAgent
|
|
6
6
|
describe Util do
|
7
7
|
context "SHA256 Hash test" do
|
8
8
|
it "Create simple HMAC" do
|
9
|
-
expect(Util
|
9
|
+
expect(Util).to receive(:get_hmac_key).and_return("testkey")
|
10
|
+
expect(Util.hmac("testdata")).to eq("220afe7c01cca398fff2fc2c3687be94")
|
10
11
|
end
|
11
12
|
it "Check with config HMAC" do
|
12
13
|
old_hmac = TCellAgent.configuration.hmac_key
|
13
14
|
hmac_key = "HMAC KEY 123"
|
14
15
|
TCellAgent.configuration.hmac_key = hmac_key
|
15
|
-
expect(Util.
|
16
|
+
expect(Util.get_hmac_key).to eq(hmac_key)
|
16
17
|
TCellAgent.configuration.hmac_key = old_hmac
|
17
18
|
end
|
18
19
|
end
|
@@ -32,7 +33,7 @@ module TCellAgent
|
|
32
33
|
it "Parsing uri" do
|
33
34
|
TCellAgent.configuration.app_id = nil
|
34
35
|
original_uri = "http://foo.com/posts?id=30&limit=5#time=1305298413"
|
35
|
-
expect_santized_uri = "http://foo.com/posts?id=
|
36
|
+
expect_santized_uri = "http://foo.com/posts?id=61aa3630ced0e67b63a1c61e3b86f4d3&limit=89abb06a7bf0401b5911e61b68660c24#time=1305298413"
|
36
37
|
expect(Util.sanitize_uri(original_uri)).to eq(expect_santized_uri)
|
37
38
|
end
|
38
39
|
it "returns an empty set" do
|
@@ -42,13 +43,13 @@ module TCellAgent
|
|
42
43
|
end
|
43
44
|
it "parses a cookie" do
|
44
45
|
TCellAgent.configuration.app_id = nil
|
45
|
-
expect(Util.santize_request_cookie_string("x=y;z=a")).to eq("x=
|
46
|
+
expect(Util.santize_request_cookie_string("x=y;z=a")).to eq("x=97cb9e2aa3ec93888b356dbcf13b280e;z=566c1a1c12ad909d628d4537e10773bf")
|
46
47
|
end
|
47
48
|
end
|
48
49
|
context "Parsing a response set-cookie and replacing values" do
|
49
50
|
it "sanitize a typical response set-cookie value" do
|
50
51
|
santized_string = Util.santize_response_cookie_string("name=Nicholas; expires=Sat, 02 May 2009 23:38:25 GMT; httponly")
|
51
|
-
expect(santized_string).to eq("name=
|
52
|
+
expect(santized_string).to eq("name=beb56c04cdd764f6b7cbe6c078236aeb=; expires=Sat, 02 May 2009 23:38:25 GMT=; httponly=")
|
52
53
|
end
|
53
54
|
end
|
54
55
|
end
|
@@ -1,116 +1,36 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
1
3
|
require 'spec_helper'
|
2
4
|
|
3
5
|
module TCellAgent
|
4
6
|
module Utils
|
5
7
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
context "there is a match" do
|
33
|
-
it "should return the match" do
|
34
|
-
result = @p_test.param_deep_loop(
|
35
|
-
"hash_param",
|
36
|
-
{
|
37
|
-
key_one: "no match",
|
38
|
-
key_dos: "i'm a match"
|
39
|
-
}
|
40
|
-
) do |param_name, param_value|
|
41
|
-
if param_value =~ /i'm a match/
|
42
|
-
"#{param_name} - #{param_value}"
|
43
|
-
else
|
44
|
-
nil
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
expect(result).to eq("key_dos - i'm a match")
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
context "with a parameter array" do
|
54
|
-
context "there is no match" do
|
55
|
-
it "should return nil" do
|
56
|
-
result = @p_test.param_deep_loop(
|
57
|
-
"array_param",
|
58
|
-
[ "no match", "no match" ]
|
59
|
-
) do |param_name, param_value|
|
60
|
-
nil
|
61
|
-
end
|
62
|
-
|
63
|
-
expect(result).to be_nil
|
64
|
-
end
|
65
|
-
end
|
66
|
-
context "there is a match" do
|
67
|
-
it "should return the match" do
|
68
|
-
result = @p_test.param_deep_loop(
|
69
|
-
"array_param",
|
70
|
-
[ "no match", "i'm a match" ]
|
71
|
-
) do |param_name, param_value|
|
72
|
-
if param_value =~ /i'm a match/
|
73
|
-
"#{param_name} - #{param_value}"
|
74
|
-
else
|
75
|
-
nil
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|
79
|
-
expect(result).to eq("array_param - i'm a match")
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
context "with a paramater string" do
|
85
|
-
context "there is no match" do
|
86
|
-
it "should return nil" do
|
87
|
-
result = @p_test.param_deep_loop(
|
88
|
-
"string_param",
|
89
|
-
"no match",
|
90
|
-
) do |param_name, param_value|
|
91
|
-
nil
|
92
|
-
end
|
93
|
-
|
94
|
-
expect(result).to be_nil
|
95
|
-
end
|
96
|
-
end
|
97
|
-
|
98
|
-
context "there is a match" do
|
99
|
-
it "should return the match" do
|
100
|
-
result = @p_test.param_deep_loop(
|
101
|
-
"string_param",
|
102
|
-
"i'm a match"
|
103
|
-
) do |param_name, param_value|
|
104
|
-
if param_value =~ /i'm a match/
|
105
|
-
"#{param_name} - #{param_value}"
|
106
|
-
else
|
107
|
-
nil
|
108
|
-
end
|
109
|
-
end
|
110
|
-
|
111
|
-
expect(result).to eq("string_param - i'm a match")
|
112
|
-
end
|
113
|
-
end
|
8
|
+
describe Params do
|
9
|
+
context "flatten" do
|
10
|
+
it "should" do
|
11
|
+
expect(
|
12
|
+
Params.flatten( {
|
13
|
+
action: "index",
|
14
|
+
utf8char: "Müller",
|
15
|
+
waitlist_entries: {email: "emailone", preferences: {email: "emaildos"}},
|
16
|
+
email_preferences: [:daily_digest, :reminders, "Müller"],
|
17
|
+
users: [
|
18
|
+
{email: "one@email.com"},
|
19
|
+
{email: "dos@email.com"},
|
20
|
+
]
|
21
|
+
},
|
22
|
+
nil)
|
23
|
+
).to eq({
|
24
|
+
["action"]=>"index",
|
25
|
+
["utf8char"] => "Müller",
|
26
|
+
["waitlist_entries", "email"]=>"emailone",
|
27
|
+
["waitlist_entries", "preferences", "email"]=>"emaildos",
|
28
|
+
[0, "email_preferences"]=>"daily_digest",
|
29
|
+
[1, "email_preferences"]=>"reminders",
|
30
|
+
[2, "email_preferences"]=>"Müller",
|
31
|
+
[0, "users", "email"]=>"one@email.com",
|
32
|
+
[1, "users", "email"]=>"dos@email.com"
|
33
|
+
})
|
114
34
|
end
|
115
35
|
end
|
116
36
|
end
|
data/tcell_agent.gemspec
CHANGED
@@ -14,7 +14,24 @@ Gem::Specification.new do |spec|
|
|
14
14
|
spec.homepage = "https://www.tcell.io"
|
15
15
|
spec.license = "Copyright (c) 2015 tCell.io (see LICENSE file)"
|
16
16
|
|
17
|
-
spec.files = Dir[
|
17
|
+
spec.files = Dir[
|
18
|
+
'Rakefile',
|
19
|
+
'lib/tcell_agent.rb',
|
20
|
+
'{lib/tcell_agent,spec}/**/*',
|
21
|
+
'README*',
|
22
|
+
'LICENSE*',
|
23
|
+
'LICENSE_libinjection',
|
24
|
+
'tcell_agent.gemspec',
|
25
|
+
'ext/libinjection/libinjection.h',
|
26
|
+
'ext/libinjection/libinjection_html5.c',
|
27
|
+
'ext/libinjection/libinjection_html5.h',
|
28
|
+
'ext/libinjection/libinjection_sqli.c',
|
29
|
+
'ext/libinjection/libinjection_sqli.h',
|
30
|
+
'ext/libinjection/libinjection_sqli_data.h',
|
31
|
+
'ext/libinjection/libinjection_wrap.c',
|
32
|
+
'ext/libinjection/libinjection_xss.c',
|
33
|
+
'ext/libinjection/libinjection_xss.h'
|
34
|
+
]
|
18
35
|
spec.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
19
36
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
20
37
|
spec.require_paths = ["lib","config","spec"]
|
@@ -26,4 +43,7 @@ Gem::Specification.new do |spec|
|
|
26
43
|
spec.add_development_dependency "bundler", ">= 1.7"
|
27
44
|
spec.add_development_dependency "rake", "~> 10.0"
|
28
45
|
spec.add_development_dependency "rspec","~>0.9"
|
46
|
+
spec.add_development_dependency "rake-compiler"
|
47
|
+
|
48
|
+
spec.extensions = %w[ext/libinjection/extconf.rb]
|
29
49
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tcell_agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.21
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Garrett
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-10-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rest-client
|
@@ -108,16 +108,32 @@ dependencies:
|
|
108
108
|
- - ~>
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0.9'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: rake-compiler
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - '>='
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - '>='
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
111
125
|
description: This agent allows users to use the tCell.io service with their Rails
|
112
126
|
or Sinatra app.
|
113
127
|
email:
|
114
128
|
- garrett@tcell.io
|
115
129
|
executables:
|
116
130
|
- tcell_agent
|
117
|
-
extensions:
|
131
|
+
extensions:
|
132
|
+
- ext/libinjection/extconf.rb
|
118
133
|
extra_rdoc_files: []
|
119
134
|
files:
|
120
135
|
- Rakefile
|
136
|
+
- lib/tcell_agent.rb
|
121
137
|
- lib/tcell_agent/agent/event_processor.rb
|
122
138
|
- lib/tcell_agent/agent/fork_pipe_manager.rb
|
123
139
|
- lib/tcell_agent/agent/policy_manager.rb
|
@@ -141,6 +157,7 @@ files:
|
|
141
157
|
- lib/tcell_agent/policies/appsensor/login_sensor.rb
|
142
158
|
- lib/tcell_agent/policies/appsensor/misc_sensor.rb
|
143
159
|
- lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb
|
160
|
+
- lib/tcell_agent/policies/appsensor/payloads_policy.rb
|
144
161
|
- lib/tcell_agent/policies/appsensor/request_size_sensor.rb
|
145
162
|
- lib/tcell_agent/policies/appsensor/response_codes_sensor.rb
|
146
163
|
- lib/tcell_agent/policies/appsensor/response_size_sensor.rb
|
@@ -202,7 +219,6 @@ files:
|
|
202
219
|
- lib/tcell_agent/utils/queue_with_timeout.rb
|
203
220
|
- lib/tcell_agent/utils/strings.rb
|
204
221
|
- lib/tcell_agent/version.rb
|
205
|
-
- lib/tcell_agent.rb
|
206
222
|
- spec/apps/rails-3.2/app/assets/images/rails.png
|
207
223
|
- spec/apps/rails-3.2/app/assets/javascripts/application.js
|
208
224
|
- spec/apps/rails-3.2/app/assets/stylesheets/application.css
|
@@ -262,6 +278,9 @@ files:
|
|
262
278
|
- spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb
|
263
279
|
- spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb
|
264
280
|
- spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb
|
281
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb
|
282
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb
|
283
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb
|
265
284
|
- spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb
|
266
285
|
- spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb
|
267
286
|
- spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb
|
@@ -302,8 +321,19 @@ files:
|
|
302
321
|
- spec/support/static_agent_overrides.rb
|
303
322
|
- README.md
|
304
323
|
- LICENSE
|
324
|
+
- LICENSE_libinjection
|
305
325
|
- tcell_agent.gemspec
|
326
|
+
- ext/libinjection/libinjection.h
|
327
|
+
- ext/libinjection/libinjection_html5.c
|
328
|
+
- ext/libinjection/libinjection_html5.h
|
329
|
+
- ext/libinjection/libinjection_sqli.c
|
330
|
+
- ext/libinjection/libinjection_sqli.h
|
331
|
+
- ext/libinjection/libinjection_sqli_data.h
|
332
|
+
- ext/libinjection/libinjection_wrap.c
|
333
|
+
- ext/libinjection/libinjection_xss.c
|
334
|
+
- ext/libinjection/libinjection_xss.h
|
306
335
|
- bin/tcell_agent
|
336
|
+
- ext/libinjection/extconf.rb
|
307
337
|
homepage: https://www.tcell.io
|
308
338
|
licenses:
|
309
339
|
- Copyright (c) 2015 tCell.io (see LICENSE file)
|
@@ -390,6 +420,9 @@ test_files:
|
|
390
420
|
- spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb
|
391
421
|
- spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb
|
392
422
|
- spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb
|
423
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb
|
424
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb
|
425
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb
|
393
426
|
- spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb
|
394
427
|
- spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb
|
395
428
|
- spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb
|