tcell_agent 0.2.19 → 0.2.21

data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb

@@ -33,6 +33,9 @@ module TCellAgent
 
               expect(empty_policy.policy_id).to eq("01a1")
               expect(empty_policy.enabled).to eq(false)
+              expect(empty_policy.payloads_policy).to_not be_nil
+              expect(empty_policy.payloads_policy.send_payloads).to eq(false)
+              expect(empty_policy.payloads_policy.log_payloads).to eq(false)
               expect(empty_policy.options["req_size"]).to be_nil
               expect(empty_policy.options["resp_size"]).to be_nil
               expect(empty_policy.options["resp_codes"]).to be_nil
@@ -63,6 +66,9 @@ module TCellAgent
 
               expect(empty_policy.policy_id).to eq("01a1")
               expect(empty_policy.enabled).to eq(false)
+              expect(empty_policy.payloads_policy).to_not be_nil
+              expect(empty_policy.payloads_policy.send_payloads).to eq(false)
+              expect(empty_policy.payloads_policy.log_payloads).to eq(false)
               expect(empty_policy.options["req_size"]).to be_nil
               expect(empty_policy.options["resp_size"]).to be_nil
               expect(empty_policy.options["resp_codes"]).to be_nil
@@ -93,6 +99,10 @@ module TCellAgent
               policy = AppSensorPolicy.from_json(policy_json)
 
               expect(policy.policy_id).to eq("01a1")
+              expect(policy.enabled).to eq(true)
+              expect(policy.payloads_policy).to_not be_nil
+              expect(policy.payloads_policy.send_payloads).to eq(true)
+              expect(policy.payloads_policy.log_payloads).to eq(true)
               expect(policy.options["req_size"]).to_not be_nil
               expect(policy.options["resp_size"]).to_not be_nil
               expect(policy.options["resp_codes"]).to_not be_nil
@@ -147,6 +157,9 @@ module TCellAgent
               empty_policy = AppSensorPolicy.from_json(policy_json)
 
               expect(empty_policy.policy_id).to eq("01a1")
+              expect(empty_policy.enabled).to eq(true)
+              expect(empty_policy.payloads_policy.send_payloads).to eq(true)
+              expect(empty_policy.payloads_policy.log_payloads).to eq(true)
               expect(empty_policy.options["req_size"]).to_not be_nil
               expect(empty_policy.options["resp_size"]).to_not be_nil
               expect(empty_policy.options["resp_codes"]).to_not be_nil
@@ -211,6 +224,9 @@ module TCellAgent
               policy = AppSensorPolicy.from_json(policy_json)
 
               expect(policy.policy_id).to eq("01a1")
+              expect(policy.enabled).to eq(true)
+              expect(policy.payloads_policy.send_payloads).to eq(true)
+              expect(policy.payloads_policy.log_payloads).to eq(true)
               expect(policy.options["req_size"]).to_not be_nil
               expect(policy.options["resp_size"]).to_not be_nil
               expect(policy.options["resp_codes"]).to_not be_nil
@@ -279,6 +295,9 @@ module TCellAgent
 
               expect(empty_policy.policy_id).to eq("01a1")
               expect(empty_policy.enabled).to eq(false)
+              expect(empty_policy.payloads_policy).to_not be_nil
+              expect(empty_policy.payloads_policy.send_payloads).to eq(false)
+              expect(empty_policy.payloads_policy.log_payloads).to eq(false)
               expect(empty_policy.options["req_size"]).to be_nil
               expect(empty_policy.options["resp_size"]).to be_nil
               expect(empty_policy.options["resp_codes"]).to be_nil
@@ -311,6 +330,9 @@ module TCellAgent
 
               expect(empty_policy.policy_id).to eq("01a1")
               expect(empty_policy.enabled).to eq(false)
+              expect(empty_policy.payloads_policy).to_not be_nil
+              expect(empty_policy.payloads_policy.send_payloads).to eq(false)
+              expect(empty_policy.payloads_policy.log_payloads).to eq(false)
               expect(empty_policy.options["req_size"]).to be_nil
               expect(empty_policy.options["resp_size"]).to be_nil
               expect(empty_policy.options["resp_codes"]).to be_nil
@@ -346,6 +368,9 @@ module TCellAgent
               policy = AppSensorPolicy.from_json(policy_json)
 
               expect(policy.policy_id).to eq("01a1")
+              expect(policy.payloads_policy).to_not be_nil
+              expect(policy.payloads_policy.send_payloads).to eq(false)
+              expect(policy.payloads_policy.log_payloads).to eq(false)
               expect(policy.options["req_size"]).to_not be_nil
               expect(policy.options["resp_size"]).to_not be_nil
               expect(policy.options["resp_codes"]).to_not be_nil
@@ -409,6 +434,9 @@ module TCellAgent
               policy = AppSensorPolicy.from_json(policy_json)
 
               expect(policy.policy_id).to eq("01a1")
+              expect(policy.payloads_policy).to_not be_nil
+              expect(policy.payloads_policy.send_payloads).to eq(false)
+              expect(policy.payloads_policy.log_payloads).to eq(false)
               expect(policy.options["req_size"]).to_not be_nil
               expect(policy.options["resp_size"]).to_not be_nil
               expect(policy.options["resp_codes"]).to_not be_nil
@@ -457,6 +485,22 @@ module TCellAgent
                 "policy_id" => "01a1",
                 "version" => 2,
                 "data" => {
+                  "options" => {
+                    "payloads" => {
+                      "send_payloads" => true,
+                      "send_blacklist" => {
+                          "JSESSIONID" => ["cookie"],
+                          "ssn" => ["*"],
+                          "password" => ["*"]
+                      },
+                      "send_whitelist" => {},
+                      "log_payloads" => true,
+                      "log_blacklist" => {},
+                      "log_whitelist" => {
+                          "username" => ["*"]
+                      }
+                    }
+                  },
                   "sensors" => {
                     "req_size" => {
                         "limit" => 1024,
@@ -525,6 +569,7 @@ module TCellAgent
               policy = AppSensorPolicy.from_json(policy_json)
 
               expect(policy.policy_id).to eq("01a1")
+              expect(policy.payloads_policy).to_not be_nil
               expect(policy.options["req_size"]).to_not be_nil
               expect(policy.options["resp_size"]).to_not be_nil
               expect(policy.options["resp_codes"]).to_not be_nil
@@ -563,8 +608,24 @@ module TCellAgent
               expect(policy.options["fpt"].v1_compatability_enabled).to eq(false)
               expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(false)
               expect(policy.options["retr"].v1_compatability_enabled).to eq(false)
+
+              expect(policy.payloads_policy.send_payloads).to eq(true)
+              expect(policy.payloads_policy.send_blacklist).to eq({
+                "jsessionid" => Set.new(["cookie"]),
+                "ssn" => Set.new(["*"]),
+                "password" => Set.new(["*"])
+              })
+              expect(policy.payloads_policy.use_send_whitelist).to eq(true)
+              expect(policy.payloads_policy.send_whitelist).to eq({})
+              expect(policy.payloads_policy.log_payloads).to eq(true)
+              expect(policy.payloads_policy.log_blacklist).to eq({})
+              expect(policy.payloads_policy.use_log_whitelist).to eq(true)
+              expect(policy.payloads_policy.log_whitelist).to eq({
+                "username" => Set.new(["*"]),
+              })
             end
           end
+
         end
       end
     end

data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb

@@ -71,7 +71,8 @@ module TCellAgent
                   "remote_addr"=>"1.3.3.4",
                   "m"=>"GET",
                   "pattern"=>"1",
-                  "loc"=>"http://example.org/foo?xyz="}
+                  "uri"=>"http://example.org/foo?xyz=",
+                  "meta"=>{"l" => "query"}}
                 expect(TCellAgent.event_queue).to include(expected_as)
               end
               it "alerts on post xss payload" do
@@ -83,7 +84,8 @@ module TCellAgent
                   "remote_addr"=>"1.2.3.4",
                   "m"=>"POST",
                   "pattern"=>"1",
-                  "loc"=>"http://example.org/foo"}
+                  "uri"=>"http://example.org/foo",
+                  "meta"=>{"l" => "body"}}
                 expect(TCellAgent.event_queue).to include(expected_as)
               end #/it
               it "alerts on get xss payload with route_id" do
@@ -93,10 +95,11 @@ module TCellAgent
                   "dp"=>"xss",
                   "param"=>"xyz",
                   "remote_addr"=>nil,
-                  "rou"=>"myrouteid",
+                  "rid"=>"myrouteid",
                   "m"=>"GET",
                   "pattern"=>"1",
-                  "loc"=>"http://example.org/foo?xyz="}
+                  "uri"=>"http://example.org/foo?xyz=",
+                  "meta"=>{"l" => "query"}}
                 expect(TCellAgent.event_queue).to include(expected_as)
               end
               it "checks that payload is sent in xss with route_id" do
@@ -108,11 +111,12 @@ module TCellAgent
                   "dp"=>"xss",
                   "param"=>"xyz",
                   "remote_addr"=>nil,
-                  "rou"=>"myrouteid",
+                  "rid"=>"myrouteid",
                   "m"=>"GET",
                   "pattern"=>"1",
-                  "loc"=>"http://example.org/foo?xyz=",
-                  "payload"=>"<script>alert(1)</script>"}
+                  "uri"=>"http://example.org/foo?xyz=",
+                  "payload"=>"<script>alert(1)</script>",
+                  "meta"=>{"l" => "query"}}
                 TCellAgent.configuration.allow_unencrypted_appfirewall_payloads= old_uap
                 expect(TCellAgent.event_queue).to include(expected_as)
               end
@@ -142,7 +146,8 @@ module TCellAgent
                   "remote_addr"=>"1.3.3.4",
                   "m"=>"GET",
                   "pattern"=>"1",
-                  "loc"=>"http://example.org/foo?xyz=&def="}
+                  "uri"=>"http://example.org/foo?xyz=&def=",
+                  "meta"=>{"l" => "query"}}
                 expect(TCellAgent.event_queue).to include(expected_as)
               end
             end #/conext
@@ -169,7 +174,8 @@ module TCellAgent
                   "remote_addr"=>"1.3.3.4",
                   "m"=>"GET",
                   "pattern"=>"2",
-                  "loc"=>"http://example.org/foo?xyz="}
+                  "uri"=>"http://example.org/foo?xyz=",
+                  "meta"=>{"l" => "query"}}
                 expect(TCellAgent.event_queue).to include(expected_as)
               end
               it "checks that payload is sent" do
@@ -183,8 +189,9 @@ module TCellAgent
                   "remote_addr"=>"1.3.3.4",
                   "m"=>"GET",
                   "pattern"=>"2",
-                  "loc"=>"http://example.org/foo?xyz=",
-                  "payload"=>"/etc/passwd"}
+                  "uri"=>"http://example.org/foo?xyz=",
+                  "payload"=>"/etc/passwd",
+                  "meta"=>{"l" => "query"}}
                 TCellAgent.configuration.allow_unencrypted_appfirewall_payloads = old_uap
                 expect(TCellAgent.event_queue).to include(expected_as)
               end

data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb

@@ -12,9 +12,9 @@ module TCellAgent
 
           attr_reader :request_body
 
-          def initialize(route_id=nil, session_id=nil)
+          def initialize(route_id=nil, hmac_session_id=nil)
             @route_id = route_id
-            @session_id = session_id
+            @hmac_session_id = hmac_session_id
             @request_headers = {}
           end
 
@@ -23,7 +23,7 @@ module TCellAgent
             rack_request = Rack::Request.new(env)
             response_headers = {'Content-Type' => 'text/html'}
             env["tcell.request_data"].transaction_id = "a-b-c-d-e-f"
-            env["tcell.request_data"].session_id = @session_id
+            env["tcell.request_data"].hmac_session_id = @hmac_session_id
             env["tcell.request_data"].route_id = @route_id
             if (rack_request.params['rv'])
               response_headers["Location"] = rack_request.params['rv']
@@ -40,7 +40,7 @@ module TCellAgent
         describe HeadersMiddleware do
 
           let(:app) { MockAppsensorRackApp.new }
-          let(:app2) { MockAppsensorRackApp.new(route_id="myrouteid", session_id="plainsessionid") }
+          let(:app2) { MockAppsensorRackApp.new("myrouteid", "hmac_sessionid") }
 
           subject { withTCellMiddleware( app ) }
 
@@ -57,11 +57,11 @@ module TCellAgent
                 TCellAgent.thread_agent.processPolicyJson({"http-redirect"=>{
                   "policy_id"=>"153ed270-7481-11e5-9194-95dad9b9dec3",
                   "data"=>{
-                    "enabled"=>true,
-                    "block"=>false,
-                    "whitelist"=>[]
-                  }
-                  }}, cache=false) 
+                  "enabled"=>true,
+                  "block"=>false,
+                  "whitelist"=>[]
+                }
+                }}, cache=false)
                 TCellAgent.empty_event_queue
               end
               it "sends redirect" do
@@ -73,17 +73,16 @@ module TCellAgent
               it "sends redirect event with extra info" do
                 response = request2.get("/some/path2?abcdef=adsfsadf&rv=https://www.google.com", 'CONTENT_TYPE' => 'text/html', 'REMOTE_ADDR' => '1.3.3.4,3.4.5.6')
                 expect(response['Location']).to eq("https://www.google.com")
-                expected_as = {"event_type"=>"redirect", "method"=>"GET", "from_domain"=>"example.org", "status_code"=>200, "remote_addr"=>"1.3.3.4", "rid"=>"myrouteid", "from"=>"/some/path2?abcdef=&rv=", "to"=>"www.google.com", "sid"=>"cb3fab8131c0e32cb80916d0d6954729eb66ea5782016625f278e7317e35259e"}
+                expected_as = {"event_type"=>"redirect", "method"=>"GET", "from_domain"=>"example.org", "status_code"=>200, "remote_addr"=>"1.3.3.4", "rid"=>"myrouteid", "from"=>"/some/path2?abcdef=&rv=", "to"=>"www.google.com", "sid"=>"hmac_sessionid"}
                 expect(TCellAgent.event_queue).to include(expected_as)
               end
 
-            end #/conext
-            
-          end #/context
-        end #/describe
+              end #/conext
+            end #/context
+          end #/describe
 
 
+        end
       end
     end
   end
-end

data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb

@@ -56,7 +56,7 @@ module TCellAgent
                 {username:"tester",password:"pass"}.to_json
               )
 
-              expect(@app_sensor_event_process.body_dict).to eq({"username"=>"tester","password"=>"pass"})
+              expect(@app_sensor_event_process.body_dict).to eq({["username"]=>"tester",["password"]=>"pass"})
             end
           end
 

data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb

@@ -6,13 +6,14 @@ module TCellAgent
       describe Util do
         context "SHA256 Hash test" do
           it "Create simple HMAC" do
-            expect(Util.hmac("testdata","testkey")).to eq("220afe7c01cca398fff2fc2c3687be94ded74f1b853db65707bf8440055217b0")
+            expect(Util).to receive(:get_hmac_key).and_return("testkey")
+            expect(Util.hmac("testdata")).to eq("220afe7c01cca398fff2fc2c3687be94")
           end
           it "Check with config HMAC" do
             old_hmac = TCellAgent.configuration.hmac_key
             hmac_key = "HMAC KEY 123"
             TCellAgent.configuration.hmac_key = hmac_key
-            expect(Util.getHmacKey).to eq(hmac_key)
+            expect(Util.get_hmac_key).to eq(hmac_key)
             TCellAgent.configuration.hmac_key = old_hmac
           end
         end
@@ -32,7 +33,7 @@ module TCellAgent
           it "Parsing uri" do
             TCellAgent.configuration.app_id = nil
             original_uri = "http://foo.com/posts?id=30&limit=5#time=1305298413"
-            expect_santized_uri = "http://foo.com/posts?id=61aa3630ced0e67b63a1c61e3b86f4d30d6ec2c5b6c37f8aac8d8a813e66df73&limit=89abb06a7bf0401b5911e61b68660c241d002ffb1685a6d2a5ba3853c73e9111#time=1305298413"
+            expect_santized_uri = "http://foo.com/posts?id=61aa3630ced0e67b63a1c61e3b86f4d3&limit=89abb06a7bf0401b5911e61b68660c24#time=1305298413"
             expect(Util.sanitize_uri(original_uri)).to eq(expect_santized_uri)
           end
           it "returns an empty set" do
@@ -42,13 +43,13 @@ module TCellAgent
           end
           it "parses a cookie" do
             TCellAgent.configuration.app_id = nil
-            expect(Util.santize_request_cookie_string("x=y;z=a")).to eq("x=97cb9e2aa3ec93888b356dbcf13b280e2a8c16fc1f594a783395503d42321707;z=566c1a1c12ad909d628d4537e10773bf085a07bc4199fdf776e162c96480c5ec")
+            expect(Util.santize_request_cookie_string("x=y;z=a")).to eq("x=97cb9e2aa3ec93888b356dbcf13b280e;z=566c1a1c12ad909d628d4537e10773bf")
           end
         end
         context "Parsing a response set-cookie and replacing values" do
           it "sanitize a typical response set-cookie value" do
             santized_string = Util.santize_response_cookie_string("name=Nicholas; expires=Sat, 02 May 2009 23:38:25 GMT; httponly")
-            expect(santized_string).to eq("name=beb56c04cdd764f6b7cbe6c078236aeb7246748abae29b530b93d3f5d4587eb0=; expires=Sat, 02 May 2009 23:38:25 GMT=; httponly=")
+            expect(santized_string).to eq("name=beb56c04cdd764f6b7cbe6c078236aeb=; expires=Sat, 02 May 2009 23:38:25 GMT=; httponly=")
           end
         end
       end

data/spec/lib/tcell_agent/utils/params_spec.rb

@@ -1,116 +1,36 @@
+# encoding: utf-8
+
 require 'spec_helper'
 
 module TCellAgent
   module Utils
 
-    class ParamsTest
-      include TCellAgent::Utils::Params
-    end
-
-    describe ParamsTest do
-      before(:each) do
-        @p_test = ParamsTest.new
-      end
-
-      context "#param_deep_loop" do
-        context "with a parameter hash" do
-          context "there is no match" do
-            it "should return nil" do
-              result = @p_test.param_deep_loop(
-                "hash_param",
-                {
-                  key_one: "no match",
-                  key_dos: "no match"
-                }
-              ) do |param_name, param_value|
-                nil
-              end
-
-              expect(result).to be_nil
-            end
-          end
-          context "there is a match" do
-            it "should return the match" do
-              result = @p_test.param_deep_loop(
-                "hash_param",
-                {
-                  key_one: "no match",
-                  key_dos: "i'm a match"
-                }
-              ) do |param_name, param_value|
-                if param_value =~ /i'm a match/
-                  "#{param_name} - #{param_value}"
-                else
-                  nil
-                end
-              end
-
-              expect(result).to eq("key_dos - i'm a match")
-            end
-          end
-        end
-
-        context "with a parameter array" do
-          context "there is no match" do
-            it "should return nil" do
-              result = @p_test.param_deep_loop(
-                "array_param",
-                [ "no match", "no match" ]
-              ) do |param_name, param_value|
-                nil
-              end
-
-              expect(result).to be_nil
-            end
-          end
-          context "there is a match" do
-            it "should return the match" do
-              result = @p_test.param_deep_loop(
-                "array_param",
-                [ "no match", "i'm a match" ]
-              ) do |param_name, param_value|
-                if param_value =~ /i'm a match/
-                  "#{param_name} - #{param_value}"
-                else
-                  nil
-                end
-              end
-
-              expect(result).to eq("array_param - i'm a match")
-            end
-          end
-        end
-
-        context "with a paramater string" do
-          context "there is no match" do
-            it "should return nil" do
-              result = @p_test.param_deep_loop(
-                "string_param",
-                "no match",
-              ) do |param_name, param_value|
-                nil
-              end
-
-              expect(result).to be_nil
-            end
-          end
-
-          context "there is a match" do
-            it "should return the match" do
-              result = @p_test.param_deep_loop(
-                "string_param",
-                "i'm a match"
-              ) do |param_name, param_value|
-                if param_value =~ /i'm a match/
-                  "#{param_name} - #{param_value}"
-                else
-                  nil
-                end
-              end
-
-              expect(result).to eq("string_param - i'm a match")
-            end
-          end
+    describe Params do
+      context "flatten" do
+        it "should" do
+          expect(
+            Params.flatten( {
+              action: "index",
+              utf8char: "Müller",
+              waitlist_entries: {email: "emailone", preferences: {email: "emaildos"}},
+              email_preferences: [:daily_digest, :reminders, "Müller"],
+              users: [
+                {email: "one@email.com"},
+                {email: "dos@email.com"},
+              ]
+            },
+            nil)
+          ).to eq({
+            ["action"]=>"index",
+            ["utf8char"] => "Müller",
+            ["waitlist_entries", "email"]=>"emailone",
+            ["waitlist_entries", "preferences", "email"]=>"emaildos",
+            [0, "email_preferences"]=>"daily_digest",
+            [1, "email_preferences"]=>"reminders",
+            [2, "email_preferences"]=>"Müller",
+            [0, "users", "email"]=>"one@email.com",
+            [1, "users", "email"]=>"dos@email.com"
+          })
         end
       end
     end

data/tcell_agent.gemspec

@@ -14,7 +14,24 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://www.tcell.io"
   spec.license       = "Copyright (c) 2015 tCell.io (see LICENSE file)"
 
-  spec.files = Dir['Rakefile', '{lib,config,spec}/**/*', 'README*', 'LICENSE*','tcell_agent.gemspec']
+  spec.files = Dir[
+    'Rakefile',
+    'lib/tcell_agent.rb',
+    '{lib/tcell_agent,spec}/**/*',
+    'README*',
+    'LICENSE*',
+    'LICENSE_libinjection',
+    'tcell_agent.gemspec',
+    'ext/libinjection/libinjection.h',
+    'ext/libinjection/libinjection_html5.c',
+    'ext/libinjection/libinjection_html5.h',
+    'ext/libinjection/libinjection_sqli.c',
+    'ext/libinjection/libinjection_sqli.h',
+    'ext/libinjection/libinjection_sqli_data.h',
+    'ext/libinjection/libinjection_wrap.c',
+    'ext/libinjection/libinjection_xss.c',
+    'ext/libinjection/libinjection_xss.h'
+  ]
   spec.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib","config","spec"]
@@ -26,4 +43,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "bundler", ">= 1.7"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec","~>0.9"
+  spec.add_development_dependency "rake-compiler"
+
+  spec.extensions = %w[ext/libinjection/extconf.rb]
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tcell_agent
 version: !ruby/object:Gem::Version
-  version: 0.2.19
+  version: 0.2.21
 platform: ruby
 authors:
 - Garrett
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-07-15 00:00:00.000000000 Z
+date: 2016-10-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -108,16 +108,32 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: rake-compiler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: This agent allows users to use the tCell.io service with their Rails
   or Sinatra app.
 email:
 - garrett@tcell.io
 executables:
 - tcell_agent
-extensions: []
+extensions:
+- ext/libinjection/extconf.rb
 extra_rdoc_files: []
 files:
 - Rakefile
+- lib/tcell_agent.rb
 - lib/tcell_agent/agent/event_processor.rb
 - lib/tcell_agent/agent/fork_pipe_manager.rb
 - lib/tcell_agent/agent/policy_manager.rb
@@ -141,6 +157,7 @@ files:
 - lib/tcell_agent/policies/appsensor/login_sensor.rb
 - lib/tcell_agent/policies/appsensor/misc_sensor.rb
 - lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb
+- lib/tcell_agent/policies/appsensor/payloads_policy.rb
 - lib/tcell_agent/policies/appsensor/request_size_sensor.rb
 - lib/tcell_agent/policies/appsensor/response_codes_sensor.rb
 - lib/tcell_agent/policies/appsensor/response_size_sensor.rb
@@ -202,7 +219,6 @@ files:
 - lib/tcell_agent/utils/queue_with_timeout.rb
 - lib/tcell_agent/utils/strings.rb
 - lib/tcell_agent/version.rb
-- lib/tcell_agent.rb
 - spec/apps/rails-3.2/app/assets/images/rails.png
 - spec/apps/rails-3.2/app/assets/javascripts/application.js
 - spec/apps/rails-3.2/app/assets/stylesheets/application.css
@@ -262,6 +278,9 @@ files:
 - spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb
+- spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb
+- spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb
+- spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb
@@ -302,8 +321,19 @@ files:
 - spec/support/static_agent_overrides.rb
 - README.md
 - LICENSE
+- LICENSE_libinjection
 - tcell_agent.gemspec
+- ext/libinjection/libinjection.h
+- ext/libinjection/libinjection_html5.c
+- ext/libinjection/libinjection_html5.h
+- ext/libinjection/libinjection_sqli.c
+- ext/libinjection/libinjection_sqli.h
+- ext/libinjection/libinjection_sqli_data.h
+- ext/libinjection/libinjection_wrap.c
+- ext/libinjection/libinjection_xss.c
+- ext/libinjection/libinjection_xss.h
 - bin/tcell_agent
+- ext/libinjection/extconf.rb
 homepage: https://www.tcell.io
 licenses:
 - Copyright (c) 2015 tCell.io (see LICENSE file)
@@ -390,6 +420,9 @@ test_files:
 - spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb
+- spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb
+- spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb
+- spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb