tcell_agent 0.2.19 → 0.2.21
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE_libinjection +32 -0
- data/Rakefile +14 -1
- data/ext/libinjection/extconf.rb +3 -0
- data/ext/libinjection/libinjection.h +65 -0
- data/ext/libinjection/libinjection_html5.c +847 -0
- data/ext/libinjection/libinjection_html5.h +54 -0
- data/ext/libinjection/libinjection_sqli.c +2317 -0
- data/ext/libinjection/libinjection_sqli.h +295 -0
- data/ext/libinjection/libinjection_sqli_data.h +9004 -0
- data/ext/libinjection/libinjection_wrap.c +3525 -0
- data/ext/libinjection/libinjection_xss.c +531 -0
- data/ext/libinjection/libinjection_xss.h +21 -0
- data/lib/tcell_agent/configuration.rb +0 -48
- data/lib/tcell_agent/logger.rb +1 -0
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +8 -20
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +30 -46
- data/lib/tcell_agent/policies/appsensor/login_sensor.rb +1 -4
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +8 -22
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +143 -0
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/sensor.rb +21 -2
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +9 -0
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +1 -5
- data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +9 -1
- data/lib/tcell_agent/policies/appsensor_policy.rb +40 -19
- data/lib/tcell_agent/policies/http_redirect_policy.rb +12 -2
- data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
- data/lib/tcell_agent/rails/dlp.rb +98 -76
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +2 -2
- data/lib/tcell_agent/rails/on_start.rb +53 -20
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +12 -19
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -2
- data/lib/tcell_agent/sensor_events/sensor.rb +10 -11
- data/lib/tcell_agent/sensor_events/server_agent.rb +17 -12
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +148 -139
- data/lib/tcell_agent/utils/params.rb +24 -21
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +0 -179
- data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +6 -4
- data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +31 -22
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +466 -0
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +890 -0
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +484 -0
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -3
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +1 -1
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +85 -0
- data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +36 -16
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +188 -312
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +61 -0
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +18 -11
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +14 -15
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +1 -1
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +6 -5
- data/spec/lib/tcell_agent/utils/params_spec.rb +28 -108
- data/tcell_agent.gemspec +21 -1
- metadata +37 -4
@@ -33,6 +33,9 @@ module TCellAgent
|
|
33
33
|
|
34
34
|
expect(empty_policy.policy_id).to eq("01a1")
|
35
35
|
expect(empty_policy.enabled).to eq(false)
|
36
|
+
expect(empty_policy.payloads_policy).to_not be_nil
|
37
|
+
expect(empty_policy.payloads_policy.send_payloads).to eq(false)
|
38
|
+
expect(empty_policy.payloads_policy.log_payloads).to eq(false)
|
36
39
|
expect(empty_policy.options["req_size"]).to be_nil
|
37
40
|
expect(empty_policy.options["resp_size"]).to be_nil
|
38
41
|
expect(empty_policy.options["resp_codes"]).to be_nil
|
@@ -63,6 +66,9 @@ module TCellAgent
|
|
63
66
|
|
64
67
|
expect(empty_policy.policy_id).to eq("01a1")
|
65
68
|
expect(empty_policy.enabled).to eq(false)
|
69
|
+
expect(empty_policy.payloads_policy).to_not be_nil
|
70
|
+
expect(empty_policy.payloads_policy.send_payloads).to eq(false)
|
71
|
+
expect(empty_policy.payloads_policy.log_payloads).to eq(false)
|
66
72
|
expect(empty_policy.options["req_size"]).to be_nil
|
67
73
|
expect(empty_policy.options["resp_size"]).to be_nil
|
68
74
|
expect(empty_policy.options["resp_codes"]).to be_nil
|
@@ -93,6 +99,10 @@ module TCellAgent
|
|
93
99
|
policy = AppSensorPolicy.from_json(policy_json)
|
94
100
|
|
95
101
|
expect(policy.policy_id).to eq("01a1")
|
102
|
+
expect(policy.enabled).to eq(true)
|
103
|
+
expect(policy.payloads_policy).to_not be_nil
|
104
|
+
expect(policy.payloads_policy.send_payloads).to eq(true)
|
105
|
+
expect(policy.payloads_policy.log_payloads).to eq(true)
|
96
106
|
expect(policy.options["req_size"]).to_not be_nil
|
97
107
|
expect(policy.options["resp_size"]).to_not be_nil
|
98
108
|
expect(policy.options["resp_codes"]).to_not be_nil
|
@@ -147,6 +157,9 @@ module TCellAgent
|
|
147
157
|
empty_policy = AppSensorPolicy.from_json(policy_json)
|
148
158
|
|
149
159
|
expect(empty_policy.policy_id).to eq("01a1")
|
160
|
+
expect(empty_policy.enabled).to eq(true)
|
161
|
+
expect(empty_policy.payloads_policy.send_payloads).to eq(true)
|
162
|
+
expect(empty_policy.payloads_policy.log_payloads).to eq(true)
|
150
163
|
expect(empty_policy.options["req_size"]).to_not be_nil
|
151
164
|
expect(empty_policy.options["resp_size"]).to_not be_nil
|
152
165
|
expect(empty_policy.options["resp_codes"]).to_not be_nil
|
@@ -211,6 +224,9 @@ module TCellAgent
|
|
211
224
|
policy = AppSensorPolicy.from_json(policy_json)
|
212
225
|
|
213
226
|
expect(policy.policy_id).to eq("01a1")
|
227
|
+
expect(policy.enabled).to eq(true)
|
228
|
+
expect(policy.payloads_policy.send_payloads).to eq(true)
|
229
|
+
expect(policy.payloads_policy.log_payloads).to eq(true)
|
214
230
|
expect(policy.options["req_size"]).to_not be_nil
|
215
231
|
expect(policy.options["resp_size"]).to_not be_nil
|
216
232
|
expect(policy.options["resp_codes"]).to_not be_nil
|
@@ -279,6 +295,9 @@ module TCellAgent
|
|
279
295
|
|
280
296
|
expect(empty_policy.policy_id).to eq("01a1")
|
281
297
|
expect(empty_policy.enabled).to eq(false)
|
298
|
+
expect(empty_policy.payloads_policy).to_not be_nil
|
299
|
+
expect(empty_policy.payloads_policy.send_payloads).to eq(false)
|
300
|
+
expect(empty_policy.payloads_policy.log_payloads).to eq(false)
|
282
301
|
expect(empty_policy.options["req_size"]).to be_nil
|
283
302
|
expect(empty_policy.options["resp_size"]).to be_nil
|
284
303
|
expect(empty_policy.options["resp_codes"]).to be_nil
|
@@ -311,6 +330,9 @@ module TCellAgent
|
|
311
330
|
|
312
331
|
expect(empty_policy.policy_id).to eq("01a1")
|
313
332
|
expect(empty_policy.enabled).to eq(false)
|
333
|
+
expect(empty_policy.payloads_policy).to_not be_nil
|
334
|
+
expect(empty_policy.payloads_policy.send_payloads).to eq(false)
|
335
|
+
expect(empty_policy.payloads_policy.log_payloads).to eq(false)
|
314
336
|
expect(empty_policy.options["req_size"]).to be_nil
|
315
337
|
expect(empty_policy.options["resp_size"]).to be_nil
|
316
338
|
expect(empty_policy.options["resp_codes"]).to be_nil
|
@@ -346,6 +368,9 @@ module TCellAgent
|
|
346
368
|
policy = AppSensorPolicy.from_json(policy_json)
|
347
369
|
|
348
370
|
expect(policy.policy_id).to eq("01a1")
|
371
|
+
expect(policy.payloads_policy).to_not be_nil
|
372
|
+
expect(policy.payloads_policy.send_payloads).to eq(false)
|
373
|
+
expect(policy.payloads_policy.log_payloads).to eq(false)
|
349
374
|
expect(policy.options["req_size"]).to_not be_nil
|
350
375
|
expect(policy.options["resp_size"]).to_not be_nil
|
351
376
|
expect(policy.options["resp_codes"]).to_not be_nil
|
@@ -409,6 +434,9 @@ module TCellAgent
|
|
409
434
|
policy = AppSensorPolicy.from_json(policy_json)
|
410
435
|
|
411
436
|
expect(policy.policy_id).to eq("01a1")
|
437
|
+
expect(policy.payloads_policy).to_not be_nil
|
438
|
+
expect(policy.payloads_policy.send_payloads).to eq(false)
|
439
|
+
expect(policy.payloads_policy.log_payloads).to eq(false)
|
412
440
|
expect(policy.options["req_size"]).to_not be_nil
|
413
441
|
expect(policy.options["resp_size"]).to_not be_nil
|
414
442
|
expect(policy.options["resp_codes"]).to_not be_nil
|
@@ -457,6 +485,22 @@ module TCellAgent
|
|
457
485
|
"policy_id" => "01a1",
|
458
486
|
"version" => 2,
|
459
487
|
"data" => {
|
488
|
+
"options" => {
|
489
|
+
"payloads" => {
|
490
|
+
"send_payloads" => true,
|
491
|
+
"send_blacklist" => {
|
492
|
+
"JSESSIONID" => ["cookie"],
|
493
|
+
"ssn" => ["*"],
|
494
|
+
"password" => ["*"]
|
495
|
+
},
|
496
|
+
"send_whitelist" => {},
|
497
|
+
"log_payloads" => true,
|
498
|
+
"log_blacklist" => {},
|
499
|
+
"log_whitelist" => {
|
500
|
+
"username" => ["*"]
|
501
|
+
}
|
502
|
+
}
|
503
|
+
},
|
460
504
|
"sensors" => {
|
461
505
|
"req_size" => {
|
462
506
|
"limit" => 1024,
|
@@ -525,6 +569,7 @@ module TCellAgent
|
|
525
569
|
policy = AppSensorPolicy.from_json(policy_json)
|
526
570
|
|
527
571
|
expect(policy.policy_id).to eq("01a1")
|
572
|
+
expect(policy.payloads_policy).to_not be_nil
|
528
573
|
expect(policy.options["req_size"]).to_not be_nil
|
529
574
|
expect(policy.options["resp_size"]).to_not be_nil
|
530
575
|
expect(policy.options["resp_codes"]).to_not be_nil
|
@@ -563,8 +608,24 @@ module TCellAgent
|
|
563
608
|
expect(policy.options["fpt"].v1_compatability_enabled).to eq(false)
|
564
609
|
expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(false)
|
565
610
|
expect(policy.options["retr"].v1_compatability_enabled).to eq(false)
|
611
|
+
|
612
|
+
expect(policy.payloads_policy.send_payloads).to eq(true)
|
613
|
+
expect(policy.payloads_policy.send_blacklist).to eq({
|
614
|
+
"jsessionid" => Set.new(["cookie"]),
|
615
|
+
"ssn" => Set.new(["*"]),
|
616
|
+
"password" => Set.new(["*"])
|
617
|
+
})
|
618
|
+
expect(policy.payloads_policy.use_send_whitelist).to eq(true)
|
619
|
+
expect(policy.payloads_policy.send_whitelist).to eq({})
|
620
|
+
expect(policy.payloads_policy.log_payloads).to eq(true)
|
621
|
+
expect(policy.payloads_policy.log_blacklist).to eq({})
|
622
|
+
expect(policy.payloads_policy.use_log_whitelist).to eq(true)
|
623
|
+
expect(policy.payloads_policy.log_whitelist).to eq({
|
624
|
+
"username" => Set.new(["*"]),
|
625
|
+
})
|
566
626
|
end
|
567
627
|
end
|
628
|
+
|
568
629
|
end
|
569
630
|
end
|
570
631
|
end
|
@@ -71,7 +71,8 @@ module TCellAgent
|
|
71
71
|
"remote_addr"=>"1.3.3.4",
|
72
72
|
"m"=>"GET",
|
73
73
|
"pattern"=>"1",
|
74
|
-
"
|
74
|
+
"uri"=>"http://example.org/foo?xyz=",
|
75
|
+
"meta"=>{"l" => "query"}}
|
75
76
|
expect(TCellAgent.event_queue).to include(expected_as)
|
76
77
|
end
|
77
78
|
it "alerts on post xss payload" do
|
@@ -83,7 +84,8 @@ module TCellAgent
|
|
83
84
|
"remote_addr"=>"1.2.3.4",
|
84
85
|
"m"=>"POST",
|
85
86
|
"pattern"=>"1",
|
86
|
-
"
|
87
|
+
"uri"=>"http://example.org/foo",
|
88
|
+
"meta"=>{"l" => "body"}}
|
87
89
|
expect(TCellAgent.event_queue).to include(expected_as)
|
88
90
|
end #/it
|
89
91
|
it "alerts on get xss payload with route_id" do
|
@@ -93,10 +95,11 @@ module TCellAgent
|
|
93
95
|
"dp"=>"xss",
|
94
96
|
"param"=>"xyz",
|
95
97
|
"remote_addr"=>nil,
|
96
|
-
"
|
98
|
+
"rid"=>"myrouteid",
|
97
99
|
"m"=>"GET",
|
98
100
|
"pattern"=>"1",
|
99
|
-
"
|
101
|
+
"uri"=>"http://example.org/foo?xyz=",
|
102
|
+
"meta"=>{"l" => "query"}}
|
100
103
|
expect(TCellAgent.event_queue).to include(expected_as)
|
101
104
|
end
|
102
105
|
it "checks that payload is sent in xss with route_id" do
|
@@ -108,11 +111,12 @@ module TCellAgent
|
|
108
111
|
"dp"=>"xss",
|
109
112
|
"param"=>"xyz",
|
110
113
|
"remote_addr"=>nil,
|
111
|
-
"
|
114
|
+
"rid"=>"myrouteid",
|
112
115
|
"m"=>"GET",
|
113
116
|
"pattern"=>"1",
|
114
|
-
"
|
115
|
-
"payload"=>"<script>alert(1)</script>"
|
117
|
+
"uri"=>"http://example.org/foo?xyz=",
|
118
|
+
"payload"=>"<script>alert(1)</script>",
|
119
|
+
"meta"=>{"l" => "query"}}
|
116
120
|
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads= old_uap
|
117
121
|
expect(TCellAgent.event_queue).to include(expected_as)
|
118
122
|
end
|
@@ -142,7 +146,8 @@ module TCellAgent
|
|
142
146
|
"remote_addr"=>"1.3.3.4",
|
143
147
|
"m"=>"GET",
|
144
148
|
"pattern"=>"1",
|
145
|
-
"
|
149
|
+
"uri"=>"http://example.org/foo?xyz=&def=",
|
150
|
+
"meta"=>{"l" => "query"}}
|
146
151
|
expect(TCellAgent.event_queue).to include(expected_as)
|
147
152
|
end
|
148
153
|
end #/conext
|
@@ -169,7 +174,8 @@ module TCellAgent
|
|
169
174
|
"remote_addr"=>"1.3.3.4",
|
170
175
|
"m"=>"GET",
|
171
176
|
"pattern"=>"2",
|
172
|
-
"
|
177
|
+
"uri"=>"http://example.org/foo?xyz=",
|
178
|
+
"meta"=>{"l" => "query"}}
|
173
179
|
expect(TCellAgent.event_queue).to include(expected_as)
|
174
180
|
end
|
175
181
|
it "checks that payload is sent" do
|
@@ -183,8 +189,9 @@ module TCellAgent
|
|
183
189
|
"remote_addr"=>"1.3.3.4",
|
184
190
|
"m"=>"GET",
|
185
191
|
"pattern"=>"2",
|
186
|
-
"
|
187
|
-
"payload"=>"/etc/passwd"
|
192
|
+
"uri"=>"http://example.org/foo?xyz=",
|
193
|
+
"payload"=>"/etc/passwd",
|
194
|
+
"meta"=>{"l" => "query"}}
|
188
195
|
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads = old_uap
|
189
196
|
expect(TCellAgent.event_queue).to include(expected_as)
|
190
197
|
end
|
@@ -12,9 +12,9 @@ module TCellAgent
|
|
12
12
|
|
13
13
|
attr_reader :request_body
|
14
14
|
|
15
|
-
def initialize(route_id=nil,
|
15
|
+
def initialize(route_id=nil, hmac_session_id=nil)
|
16
16
|
@route_id = route_id
|
17
|
-
@
|
17
|
+
@hmac_session_id = hmac_session_id
|
18
18
|
@request_headers = {}
|
19
19
|
end
|
20
20
|
|
@@ -23,7 +23,7 @@ module TCellAgent
|
|
23
23
|
rack_request = Rack::Request.new(env)
|
24
24
|
response_headers = {'Content-Type' => 'text/html'}
|
25
25
|
env["tcell.request_data"].transaction_id = "a-b-c-d-e-f"
|
26
|
-
env["tcell.request_data"].
|
26
|
+
env["tcell.request_data"].hmac_session_id = @hmac_session_id
|
27
27
|
env["tcell.request_data"].route_id = @route_id
|
28
28
|
if (rack_request.params['rv'])
|
29
29
|
response_headers["Location"] = rack_request.params['rv']
|
@@ -40,7 +40,7 @@ module TCellAgent
|
|
40
40
|
describe HeadersMiddleware do
|
41
41
|
|
42
42
|
let(:app) { MockAppsensorRackApp.new }
|
43
|
-
let(:app2) { MockAppsensorRackApp.new(
|
43
|
+
let(:app2) { MockAppsensorRackApp.new("myrouteid", "hmac_sessionid") }
|
44
44
|
|
45
45
|
subject { withTCellMiddleware( app ) }
|
46
46
|
|
@@ -57,11 +57,11 @@ module TCellAgent
|
|
57
57
|
TCellAgent.thread_agent.processPolicyJson({"http-redirect"=>{
|
58
58
|
"policy_id"=>"153ed270-7481-11e5-9194-95dad9b9dec3",
|
59
59
|
"data"=>{
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
60
|
+
"enabled"=>true,
|
61
|
+
"block"=>false,
|
62
|
+
"whitelist"=>[]
|
63
|
+
}
|
64
|
+
}}, cache=false)
|
65
65
|
TCellAgent.empty_event_queue
|
66
66
|
end
|
67
67
|
it "sends redirect" do
|
@@ -73,17 +73,16 @@ module TCellAgent
|
|
73
73
|
it "sends redirect event with extra info" do
|
74
74
|
response = request2.get("/some/path2?abcdef=adsfsadf&rv=https://www.google.com", 'CONTENT_TYPE' => 'text/html', 'REMOTE_ADDR' => '1.3.3.4,3.4.5.6')
|
75
75
|
expect(response['Location']).to eq("https://www.google.com")
|
76
|
-
expected_as = {"event_type"=>"redirect", "method"=>"GET", "from_domain"=>"example.org", "status_code"=>200, "remote_addr"=>"1.3.3.4", "rid"=>"myrouteid", "from"=>"/some/path2?abcdef=&rv=", "to"=>"www.google.com", "sid"=>"
|
76
|
+
expected_as = {"event_type"=>"redirect", "method"=>"GET", "from_domain"=>"example.org", "status_code"=>200, "remote_addr"=>"1.3.3.4", "rid"=>"myrouteid", "from"=>"/some/path2?abcdef=&rv=", "to"=>"www.google.com", "sid"=>"hmac_sessionid"}
|
77
77
|
expect(TCellAgent.event_queue).to include(expected_as)
|
78
78
|
end
|
79
79
|
|
80
|
-
|
81
|
-
|
82
|
-
end #/
|
83
|
-
end #/describe
|
80
|
+
end #/conext
|
81
|
+
end #/context
|
82
|
+
end #/describe
|
84
83
|
|
85
84
|
|
85
|
+
end
|
86
86
|
end
|
87
87
|
end
|
88
88
|
end
|
89
|
-
end
|
@@ -56,7 +56,7 @@ module TCellAgent
|
|
56
56
|
{username:"tester",password:"pass"}.to_json
|
57
57
|
)
|
58
58
|
|
59
|
-
expect(@app_sensor_event_process.body_dict).to eq({"username"=>"tester","password"=>"pass"})
|
59
|
+
expect(@app_sensor_event_process.body_dict).to eq({["username"]=>"tester",["password"]=>"pass"})
|
60
60
|
end
|
61
61
|
end
|
62
62
|
|
@@ -6,13 +6,14 @@ module TCellAgent
|
|
6
6
|
describe Util do
|
7
7
|
context "SHA256 Hash test" do
|
8
8
|
it "Create simple HMAC" do
|
9
|
-
expect(Util
|
9
|
+
expect(Util).to receive(:get_hmac_key).and_return("testkey")
|
10
|
+
expect(Util.hmac("testdata")).to eq("220afe7c01cca398fff2fc2c3687be94")
|
10
11
|
end
|
11
12
|
it "Check with config HMAC" do
|
12
13
|
old_hmac = TCellAgent.configuration.hmac_key
|
13
14
|
hmac_key = "HMAC KEY 123"
|
14
15
|
TCellAgent.configuration.hmac_key = hmac_key
|
15
|
-
expect(Util.
|
16
|
+
expect(Util.get_hmac_key).to eq(hmac_key)
|
16
17
|
TCellAgent.configuration.hmac_key = old_hmac
|
17
18
|
end
|
18
19
|
end
|
@@ -32,7 +33,7 @@ module TCellAgent
|
|
32
33
|
it "Parsing uri" do
|
33
34
|
TCellAgent.configuration.app_id = nil
|
34
35
|
original_uri = "http://foo.com/posts?id=30&limit=5#time=1305298413"
|
35
|
-
expect_santized_uri = "http://foo.com/posts?id=
|
36
|
+
expect_santized_uri = "http://foo.com/posts?id=61aa3630ced0e67b63a1c61e3b86f4d3&limit=89abb06a7bf0401b5911e61b68660c24#time=1305298413"
|
36
37
|
expect(Util.sanitize_uri(original_uri)).to eq(expect_santized_uri)
|
37
38
|
end
|
38
39
|
it "returns an empty set" do
|
@@ -42,13 +43,13 @@ module TCellAgent
|
|
42
43
|
end
|
43
44
|
it "parses a cookie" do
|
44
45
|
TCellAgent.configuration.app_id = nil
|
45
|
-
expect(Util.santize_request_cookie_string("x=y;z=a")).to eq("x=
|
46
|
+
expect(Util.santize_request_cookie_string("x=y;z=a")).to eq("x=97cb9e2aa3ec93888b356dbcf13b280e;z=566c1a1c12ad909d628d4537e10773bf")
|
46
47
|
end
|
47
48
|
end
|
48
49
|
context "Parsing a response set-cookie and replacing values" do
|
49
50
|
it "sanitize a typical response set-cookie value" do
|
50
51
|
santized_string = Util.santize_response_cookie_string("name=Nicholas; expires=Sat, 02 May 2009 23:38:25 GMT; httponly")
|
51
|
-
expect(santized_string).to eq("name=
|
52
|
+
expect(santized_string).to eq("name=beb56c04cdd764f6b7cbe6c078236aeb=; expires=Sat, 02 May 2009 23:38:25 GMT=; httponly=")
|
52
53
|
end
|
53
54
|
end
|
54
55
|
end
|
@@ -1,116 +1,36 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
1
3
|
require 'spec_helper'
|
2
4
|
|
3
5
|
module TCellAgent
|
4
6
|
module Utils
|
5
7
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
context "there is a match" do
|
33
|
-
it "should return the match" do
|
34
|
-
result = @p_test.param_deep_loop(
|
35
|
-
"hash_param",
|
36
|
-
{
|
37
|
-
key_one: "no match",
|
38
|
-
key_dos: "i'm a match"
|
39
|
-
}
|
40
|
-
) do |param_name, param_value|
|
41
|
-
if param_value =~ /i'm a match/
|
42
|
-
"#{param_name} - #{param_value}"
|
43
|
-
else
|
44
|
-
nil
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
expect(result).to eq("key_dos - i'm a match")
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
context "with a parameter array" do
|
54
|
-
context "there is no match" do
|
55
|
-
it "should return nil" do
|
56
|
-
result = @p_test.param_deep_loop(
|
57
|
-
"array_param",
|
58
|
-
[ "no match", "no match" ]
|
59
|
-
) do |param_name, param_value|
|
60
|
-
nil
|
61
|
-
end
|
62
|
-
|
63
|
-
expect(result).to be_nil
|
64
|
-
end
|
65
|
-
end
|
66
|
-
context "there is a match" do
|
67
|
-
it "should return the match" do
|
68
|
-
result = @p_test.param_deep_loop(
|
69
|
-
"array_param",
|
70
|
-
[ "no match", "i'm a match" ]
|
71
|
-
) do |param_name, param_value|
|
72
|
-
if param_value =~ /i'm a match/
|
73
|
-
"#{param_name} - #{param_value}"
|
74
|
-
else
|
75
|
-
nil
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|
79
|
-
expect(result).to eq("array_param - i'm a match")
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
context "with a paramater string" do
|
85
|
-
context "there is no match" do
|
86
|
-
it "should return nil" do
|
87
|
-
result = @p_test.param_deep_loop(
|
88
|
-
"string_param",
|
89
|
-
"no match",
|
90
|
-
) do |param_name, param_value|
|
91
|
-
nil
|
92
|
-
end
|
93
|
-
|
94
|
-
expect(result).to be_nil
|
95
|
-
end
|
96
|
-
end
|
97
|
-
|
98
|
-
context "there is a match" do
|
99
|
-
it "should return the match" do
|
100
|
-
result = @p_test.param_deep_loop(
|
101
|
-
"string_param",
|
102
|
-
"i'm a match"
|
103
|
-
) do |param_name, param_value|
|
104
|
-
if param_value =~ /i'm a match/
|
105
|
-
"#{param_name} - #{param_value}"
|
106
|
-
else
|
107
|
-
nil
|
108
|
-
end
|
109
|
-
end
|
110
|
-
|
111
|
-
expect(result).to eq("string_param - i'm a match")
|
112
|
-
end
|
113
|
-
end
|
8
|
+
describe Params do
|
9
|
+
context "flatten" do
|
10
|
+
it "should" do
|
11
|
+
expect(
|
12
|
+
Params.flatten( {
|
13
|
+
action: "index",
|
14
|
+
utf8char: "Müller",
|
15
|
+
waitlist_entries: {email: "emailone", preferences: {email: "emaildos"}},
|
16
|
+
email_preferences: [:daily_digest, :reminders, "Müller"],
|
17
|
+
users: [
|
18
|
+
{email: "one@email.com"},
|
19
|
+
{email: "dos@email.com"},
|
20
|
+
]
|
21
|
+
},
|
22
|
+
nil)
|
23
|
+
).to eq({
|
24
|
+
["action"]=>"index",
|
25
|
+
["utf8char"] => "Müller",
|
26
|
+
["waitlist_entries", "email"]=>"emailone",
|
27
|
+
["waitlist_entries", "preferences", "email"]=>"emaildos",
|
28
|
+
[0, "email_preferences"]=>"daily_digest",
|
29
|
+
[1, "email_preferences"]=>"reminders",
|
30
|
+
[2, "email_preferences"]=>"Müller",
|
31
|
+
[0, "users", "email"]=>"one@email.com",
|
32
|
+
[1, "users", "email"]=>"dos@email.com"
|
33
|
+
})
|
114
34
|
end
|
115
35
|
end
|
116
36
|
end
|
data/tcell_agent.gemspec
CHANGED
@@ -14,7 +14,24 @@ Gem::Specification.new do |spec|
|
|
14
14
|
spec.homepage = "https://www.tcell.io"
|
15
15
|
spec.license = "Copyright (c) 2015 tCell.io (see LICENSE file)"
|
16
16
|
|
17
|
-
spec.files = Dir[
|
17
|
+
spec.files = Dir[
|
18
|
+
'Rakefile',
|
19
|
+
'lib/tcell_agent.rb',
|
20
|
+
'{lib/tcell_agent,spec}/**/*',
|
21
|
+
'README*',
|
22
|
+
'LICENSE*',
|
23
|
+
'LICENSE_libinjection',
|
24
|
+
'tcell_agent.gemspec',
|
25
|
+
'ext/libinjection/libinjection.h',
|
26
|
+
'ext/libinjection/libinjection_html5.c',
|
27
|
+
'ext/libinjection/libinjection_html5.h',
|
28
|
+
'ext/libinjection/libinjection_sqli.c',
|
29
|
+
'ext/libinjection/libinjection_sqli.h',
|
30
|
+
'ext/libinjection/libinjection_sqli_data.h',
|
31
|
+
'ext/libinjection/libinjection_wrap.c',
|
32
|
+
'ext/libinjection/libinjection_xss.c',
|
33
|
+
'ext/libinjection/libinjection_xss.h'
|
34
|
+
]
|
18
35
|
spec.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
|
19
36
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
20
37
|
spec.require_paths = ["lib","config","spec"]
|
@@ -26,4 +43,7 @@ Gem::Specification.new do |spec|
|
|
26
43
|
spec.add_development_dependency "bundler", ">= 1.7"
|
27
44
|
spec.add_development_dependency "rake", "~> 10.0"
|
28
45
|
spec.add_development_dependency "rspec","~>0.9"
|
46
|
+
spec.add_development_dependency "rake-compiler"
|
47
|
+
|
48
|
+
spec.extensions = %w[ext/libinjection/extconf.rb]
|
29
49
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tcell_agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.21
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Garrett
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-10-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rest-client
|
@@ -108,16 +108,32 @@ dependencies:
|
|
108
108
|
- - ~>
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0.9'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: rake-compiler
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - '>='
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - '>='
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
111
125
|
description: This agent allows users to use the tCell.io service with their Rails
|
112
126
|
or Sinatra app.
|
113
127
|
email:
|
114
128
|
- garrett@tcell.io
|
115
129
|
executables:
|
116
130
|
- tcell_agent
|
117
|
-
extensions:
|
131
|
+
extensions:
|
132
|
+
- ext/libinjection/extconf.rb
|
118
133
|
extra_rdoc_files: []
|
119
134
|
files:
|
120
135
|
- Rakefile
|
136
|
+
- lib/tcell_agent.rb
|
121
137
|
- lib/tcell_agent/agent/event_processor.rb
|
122
138
|
- lib/tcell_agent/agent/fork_pipe_manager.rb
|
123
139
|
- lib/tcell_agent/agent/policy_manager.rb
|
@@ -141,6 +157,7 @@ files:
|
|
141
157
|
- lib/tcell_agent/policies/appsensor/login_sensor.rb
|
142
158
|
- lib/tcell_agent/policies/appsensor/misc_sensor.rb
|
143
159
|
- lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb
|
160
|
+
- lib/tcell_agent/policies/appsensor/payloads_policy.rb
|
144
161
|
- lib/tcell_agent/policies/appsensor/request_size_sensor.rb
|
145
162
|
- lib/tcell_agent/policies/appsensor/response_codes_sensor.rb
|
146
163
|
- lib/tcell_agent/policies/appsensor/response_size_sensor.rb
|
@@ -202,7 +219,6 @@ files:
|
|
202
219
|
- lib/tcell_agent/utils/queue_with_timeout.rb
|
203
220
|
- lib/tcell_agent/utils/strings.rb
|
204
221
|
- lib/tcell_agent/version.rb
|
205
|
-
- lib/tcell_agent.rb
|
206
222
|
- spec/apps/rails-3.2/app/assets/images/rails.png
|
207
223
|
- spec/apps/rails-3.2/app/assets/javascripts/application.js
|
208
224
|
- spec/apps/rails-3.2/app/assets/stylesheets/application.css
|
@@ -262,6 +278,9 @@ files:
|
|
262
278
|
- spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb
|
263
279
|
- spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb
|
264
280
|
- spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb
|
281
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb
|
282
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb
|
283
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb
|
265
284
|
- spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb
|
266
285
|
- spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb
|
267
286
|
- spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb
|
@@ -302,8 +321,19 @@ files:
|
|
302
321
|
- spec/support/static_agent_overrides.rb
|
303
322
|
- README.md
|
304
323
|
- LICENSE
|
324
|
+
- LICENSE_libinjection
|
305
325
|
- tcell_agent.gemspec
|
326
|
+
- ext/libinjection/libinjection.h
|
327
|
+
- ext/libinjection/libinjection_html5.c
|
328
|
+
- ext/libinjection/libinjection_html5.h
|
329
|
+
- ext/libinjection/libinjection_sqli.c
|
330
|
+
- ext/libinjection/libinjection_sqli.h
|
331
|
+
- ext/libinjection/libinjection_sqli_data.h
|
332
|
+
- ext/libinjection/libinjection_wrap.c
|
333
|
+
- ext/libinjection/libinjection_xss.c
|
334
|
+
- ext/libinjection/libinjection_xss.h
|
306
335
|
- bin/tcell_agent
|
336
|
+
- ext/libinjection/extconf.rb
|
307
337
|
homepage: https://www.tcell.io
|
308
338
|
licenses:
|
309
339
|
- Copyright (c) 2015 tCell.io (see LICENSE file)
|
@@ -390,6 +420,9 @@ test_files:
|
|
390
420
|
- spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb
|
391
421
|
- spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb
|
392
422
|
- spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb
|
423
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb
|
424
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb
|
425
|
+
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb
|
393
426
|
- spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb
|
394
427
|
- spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb
|
395
428
|
- spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb
|