tcell_agent 0.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (84) hide show
  1. checksums.yaml +7 -0
  2. data/LICENSE +4 -0
  3. data/README.md +43 -0
  4. data/Rakefile +7 -0
  5. data/bin/tcell_agent +171 -0
  6. data/config/initializers/authlogic_auth.rb +51 -0
  7. data/config/initializers/devise_auth.rb +167 -0
  8. data/config/initializers/init.rb +8 -0
  9. data/lib/tcell_agent.rb +33 -0
  10. data/lib/tcell_agent/agent.rb +79 -0
  11. data/lib/tcell_agent/agent/event_processor.rb +133 -0
  12. data/lib/tcell_agent/agent/policy_manager.rb +138 -0
  13. data/lib/tcell_agent/agent/policy_types.rb +42 -0
  14. data/lib/tcell_agent/agent/static_agent.rb +22 -0
  15. data/lib/tcell_agent/api.rb +101 -0
  16. data/lib/tcell_agent/appsensor.rb +42 -0
  17. data/lib/tcell_agent/appsensor/cmdi.rb +32 -0
  18. data/lib/tcell_agent/appsensor/path_traversal.rb +33 -0
  19. data/lib/tcell_agent/appsensor/sqli.rb +55 -0
  20. data/lib/tcell_agent/appsensor/xss.rb +40 -0
  21. data/lib/tcell_agent/authlogic.rb +26 -0
  22. data/lib/tcell_agent/configuration.rb +148 -0
  23. data/lib/tcell_agent/dataloss.rb +0 -0
  24. data/lib/tcell_agent/devise.rb +83 -0
  25. data/lib/tcell_agent/instrumentation.rb +44 -0
  26. data/lib/tcell_agent/logger.rb +46 -0
  27. data/lib/tcell_agent/policies/add_script_tag_policy.rb +47 -0
  28. data/lib/tcell_agent/policies/appsensor_policy.rb +76 -0
  29. data/lib/tcell_agent/policies/clickjacking_policy.rb +113 -0
  30. data/lib/tcell_agent/policies/content_security_policy.rb +119 -0
  31. data/lib/tcell_agent/policies/dataloss_policy.rb +175 -0
  32. data/lib/tcell_agent/policies/honeytokens_policy.rb +67 -0
  33. data/lib/tcell_agent/policies/http_redirect_policy.rb +84 -0
  34. data/lib/tcell_agent/policies/http_tx_policy.rb +60 -0
  35. data/lib/tcell_agent/policies/login_fraud_policy.rb +42 -0
  36. data/lib/tcell_agent/policies/secure_headers_policy.rb +64 -0
  37. data/lib/tcell_agent/rails.rb +146 -0
  38. data/lib/tcell_agent/rails/devise.rb +0 -0
  39. data/lib/tcell_agent/rails/dlp.rb +204 -0
  40. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +69 -0
  41. data/lib/tcell_agent/rails/middleware/context_middleware.rb +50 -0
  42. data/lib/tcell_agent/rails/middleware/global_middleware.rb +53 -0
  43. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +176 -0
  44. data/lib/tcell_agent/rails/routes.rb +130 -0
  45. data/lib/tcell_agent/rails/settings_reporter.rb +40 -0
  46. data/lib/tcell_agent/sensor_events/app_config.rb +16 -0
  47. data/lib/tcell_agent/sensor_events/app_sensor.rb +240 -0
  48. data/lib/tcell_agent/sensor_events/dlp.rb +58 -0
  49. data/lib/tcell_agent/sensor_events/honeytokens.rb +16 -0
  50. data/lib/tcell_agent/sensor_events/login_fraud.rb +43 -0
  51. data/lib/tcell_agent/sensor_events/metrics.rb +24 -0
  52. data/lib/tcell_agent/sensor_events/sensor.rb +85 -0
  53. data/lib/tcell_agent/sensor_events/server_agent.rb +101 -0
  54. data/lib/tcell_agent/sensor_events/util/redirect_utils.rb +22 -0
  55. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +153 -0
  56. data/lib/tcell_agent/sensor_events/util/utils.rb +21 -0
  57. data/lib/tcell_agent/sinatra.rb +41 -0
  58. data/lib/tcell_agent/start_background_thread.rb +63 -0
  59. data/lib/tcell_agent/userinfo.rb +8 -0
  60. data/lib/tcell_agent/utils/queue_with_timeout.rb +60 -0
  61. data/lib/tcell_agent/version.rb +5 -0
  62. data/spec/controllers/application_controller.rb +12 -0
  63. data/spec/lib/tcell_agent/api/api_spec.rb +36 -0
  64. data/spec/lib/tcell_agent/appsensor_spec.rb +66 -0
  65. data/spec/lib/tcell_agent/policies/add_script_tag_policy_spec.rb +37 -0
  66. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +40 -0
  67. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +71 -0
  68. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +71 -0
  69. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +88 -0
  70. data/spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb +22 -0
  71. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +62 -0
  72. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +22 -0
  73. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +42 -0
  74. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +67 -0
  75. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +187 -0
  76. data/spec/lib/tcell_agent/rails_spec.rb +57 -0
  77. data/spec/lib/tcell_agent/sensor_events/dlp_spec.rb +14 -0
  78. data/spec/lib/tcell_agent/sensor_events/util/redirect_utils_spec.rb +25 -0
  79. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +57 -0
  80. data/spec/lib/tcell_agent_spec.rb +22 -0
  81. data/spec/resources/normal_config.json +13 -0
  82. data/spec/spec_helper.rb +4 -0
  83. data/tcell_agent.gemspec +29 -0
  84. metadata +249 -0
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb ADDED
@@ -0,0 +1,71 @@
1
+ require 'spec_helper'
2
+
3
+ module TCellAgent
4
+ module Policies
5
+ describe ContentSecurityPolicy do
6
+ content_security_policy_json = {
7
+ "policy_id"=>"00a1",
8
+ "headers"=>[
9
+ {"name"=>"csp", "value"=>"csp header value"}
10
+ ]
11
+ }
12
+ csp_from_json = ContentSecurityPolicy.fromJson(content_security_policy_json)
13
+ context "initialized with 3 items" do
14
+ it "returns true" do
15
+ expect(csp_from_json.policy_id).to eq("00a1")
16
+ expect(csp_from_json.headers[0].type).to eq("csp")
17
+ expect(csp_from_json.headers[0].value).to eq("csp header value")
18
+ end
19
+ end
20
+ context "headers match up appropriately" do
21
+ it "returns content-security-policy headers" do
22
+ expect(ContentSecurityPolicy.cspHeadersForType("csp")).to match_array(["Content-Security-Policy"])
23
+ end
24
+ end
25
+ end
26
+ describe ContentSecurityPolicy do
27
+ content_security_policy_json = {
28
+ "policy_id"=>"01a1",
29
+ "headers"=>[
30
+ {"name"=>"csp-header-is-bad", "value"=>"csp header value"}
31
+ ]
32
+ }
33
+ csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
34
+ context "csp header example, invalid header" do
35
+ it "returns false" do
36
+ expect(csp_policy.headers.length).to eq(0)
37
+ end
38
+ end
39
+ end
40
+ describe ContentSecurityPolicy do
41
+ content_security_policy_json = {
42
+ "policy_id"=>"01a1",
43
+ "headers"=>[
44
+ {"name"=>"csp", "value"=>"value123\\nabc"}
45
+ ]
46
+ }
47
+ csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
48
+ context "secure header, value is bad" do
49
+ it "returns false" do
50
+ expect(csp_policy.headers.length).to eq(0)
51
+ end
52
+ end
53
+ end
54
+ describe ContentSecurityPolicy do
55
+ content_security_policy_json = {
56
+ "policy_id"=>"01a1",
57
+ "headers"=>[
58
+ {"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
59
+ ]
60
+ }
61
+ csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
62
+ context "secure header, report-uri seperate" do
63
+ it "returns false" do
64
+ expect(csp_policy.headers.length).to eq(1)
65
+ expect(csp_policy.headers[0].value).to eq("value normal; report-uri https://example.com/abcdde")
66
+ expect(csp_policy.headers[0].value("1","2","3")).to eq("value normal; report-uri https://example.com/abcdde?tid=1&sid=2&uid=3")
67
+ end
68
+ end
69
+ end
70
+ end
71
+ end
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb ADDED
@@ -0,0 +1,88 @@
1
+ require 'spec_helper'
2
+ require 'set'
3
+
4
+ module TCellAgent
5
+ module Policies
6
+ describe DataLossPolicy do
7
+ policy_json = {
8
+ "policy_id"=>"x1a1",
9
+ "data"=>{
10
+ "protections"=>[
11
+ {"table"=>"user",
12
+ "field"=>"ssn",
13
+ "actions"=>{
14
+ "body"=>["event","redact"],
15
+ "logs"=>["redact"]
16
+ }
17
+ }
18
+ ]
19
+ }
20
+ }
21
+ policy = DataLossPolicy.fromJson(policy_json)
22
+ context "initialized with 3 items" do
23
+ it "returns true" do
24
+ expect(policy.get_actions_for("user","ssn")).to eq(["body_redact"].to_set)
25
+ end
26
+ end
27
+ policy_json_two = {
28
+ "policy_id"=>"x1a1",
29
+ "data"=>{
30
+ "session_id_protection"=>{"body"=>["redact"], "log"=>["event"]}
31
+ }
32
+ }
33
+ policy_two = DataLossPolicy.fromJson(policy_json_two)
34
+ context "check session_id_protections" do
35
+ it "gives the right actions" do
36
+ expect(policy_two.get_actions_for_session_id.body_redact).to eq(true)
37
+ expect(policy_two.get_actions_for_session_id.log_redact).to eq(nil)
38
+ expect(policy_two.get_actions_for_session_id.log_event).to eq(true)
39
+ end
40
+ end
41
+ context "Request Options" do
42
+ it "Ignores non-global scoped policy" do
43
+ policy_json_requests = {
44
+ "policy_id"=>"x1a1",
45
+ "data"=>{
46
+ "request_protections"=>[
47
+ {
48
+ "context"=>"form",
49
+ "scope"=>"route",
50
+ "variable"=>"test123",
51
+ "options"=>{
52
+ "log"=>["redact"],
53
+ "body"=>["event"]
54
+ }
55
+ }
56
+ ]
57
+ }
58
+ }
59
+ policy_three = DataLossPolicy.fromJson(policy_json_requests)
60
+ expect(policy_three.get_actions_for_request("form").keys).to eq([])
61
+ end
62
+ it "Reads in the policy" do
63
+ policy_json_requests = {
64
+ "policy_id"=>"x1a1",
65
+ "data"=>{
66
+ "request_protections"=>[
67
+ {
68
+ "context"=>"form",
69
+ "variable"=>"test123",
70
+ "options"=>{
71
+ "log"=>["redact"],
72
+ "body"=>["event"]
73
+ }
74
+ }
75
+ ]
76
+ }
77
+ }
78
+ policy_three = DataLossPolicy.fromJson(policy_json_requests)
79
+ puts policy_three.request_filter_actions
80
+ expect(policy_three.get_actions_for_request("form").keys).to eq(["test123"])
81
+ expect(policy_three.get_actions_for_request("form")["test123"].log_redact).to eq(true)
82
+ expect(policy_three.get_actions_for_request("form")["test123"].body_redact).to eq(nil)
83
+ expect(policy_three.get_actions_for_request("form")["test123"].body_event).to eq(true)
84
+ end
85
+ end
86
+ end
87
+ end
88
+ end
data/spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb ADDED
@@ -0,0 +1,22 @@
1
+ require 'spec_helper'
2
+
3
+ module TCellAgent
4
+ module Policies
5
+ describe HoneytokensPolicy do
6
+ policy_json = {
7
+ "policy_id"=>"x1a1",
8
+ "token_salt"=>"saltsaltsalt",
9
+ "tokens"=>[
10
+ {"type"=>"cred", "token"=>"TOKEN", "id"=>"ID001"}
11
+ ]
12
+ }
13
+ policy = HoneytokensPolicy.fromJson(policy_json)
14
+ context "initialized with 3 items" do
15
+ it "returns true" do
16
+ expect(policy.policy_id).to eq("x1a1")
17
+ expect(policy.cred_tokens["TOKEN"]).to eq("ID001")
18
+ end
19
+ end
20
+ end
21
+ end
22
+ end
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb ADDED
@@ -0,0 +1,62 @@
1
+ require 'spec_helper'
2
+
3
+ module TCellAgent
4
+ module Policies
5
+ describe HttpRedirectPolicy do
6
+ http_redirect_plain = HttpRedirectPolicy.new
7
+ context "defaults" do
8
+ it "returns true" do
9
+ expect(http_redirect_plain.policy_id).to eq(nil)
10
+ expect(http_redirect_plain.enabled).to eq(false)
11
+ end
12
+ end
13
+ http_redirect_policy_json = {
14
+ "policy_id"=>"x1a1",
15
+ "data"=>{
16
+ "enabled"=>true
17
+ }
18
+ }
19
+ http_redirect_from_json = HttpRedirectPolicy.fromJson(http_redirect_policy_json)
20
+ context "initialized with 3 items" do
21
+ it "returns true" do
22
+ expect(http_redirect_from_json.policy_id).to eq("x1a1")
23
+ expect(http_redirect_from_json.enabled).to eq(true)
24
+ end
25
+ end
26
+ context "check url" do
27
+ it "see's other domain" do
28
+ result = http_redirect_from_json.check("test.google.com", "www.test.com")
29
+ expect(result).to eq(true)
30
+ end
31
+ end
32
+ context "check url" do
33
+ it "wildcard domain false" do
34
+ http_redirect_from_json.whitelist = ["*.google.com"]
35
+ result = http_redirect_from_json.check("test.google.com", "www.test.com")
36
+ expect(result).to eq(false)
37
+ end
38
+ it "wildcard domain true" do
39
+ http_redirect_from_json.whitelist = ["*.google.com"]
40
+ result = http_redirect_from_json.check("test.google.net", "www.test.com")
41
+ expect(result).to eq(true)
42
+ end
43
+ end
44
+ context "enforce url" do
45
+ it "domain enforce enabled false, block true" do
46
+ http_redirect_from_json.enabled = false
47
+ http_redirect_from_json.block = true
48
+ http_redirect_from_json.whitelist = ["*.google.com"]
49
+ result = http_redirect_from_json.enforce("https://test.google.com", "www.test.com", "/path/a", "GET", "1.1.1.1", 400)
50
+ expect(result).to eq(nil)
51
+ end
52
+ it "domain enforce enabled true, block true" do
53
+ http_redirect_from_json.enabled = true
54
+ http_redirect_from_json.block = true
55
+ http_redirect_from_json.whitelist = ["good.com"]
56
+ result = http_redirect_from_json.enforce("https://www.google.com/abc/def", "localhost", "/path/a", "GET", "1.1.1.1", 400)
57
+ expect(result).to eq("/")
58
+ end
59
+ end
60
+ end
61
+ end
62
+ end
data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb ADDED
@@ -0,0 +1,22 @@
1
+ require 'spec_helper'
2
+
3
+ module TCellAgent
4
+ module Policies
5
+ describe HttpTxPolicy do
6
+ http_tx_policy_json = {
7
+ "policy_id"=>"01a1",
8
+ "types"=>{
9
+ "firehose"=>{"enabled"=>true}
10
+ }
11
+ }
12
+ http_tx_from_json = HttpTxPolicy.fromJson(http_tx_policy_json)
13
+ context "initialized with 3 items" do
14
+ it "returns true" do
15
+ expect(http_tx_from_json.policy_id).to eq("01a1")
16
+ expect(http_tx_from_json.firehose["enabled"]).to eq(true)
17
+ expect(http_tx_from_json.firehose["lite"]).to eq(false)
18
+ end
19
+ end
20
+ end
21
+ end
22
+ end
data/spec/lib/tcell_agent/policies/login_policy_spec.rb ADDED
@@ -0,0 +1,42 @@
1
+ require 'spec_helper'
2
+
3
+ module TCellAgent
4
+ module Policies
5
+ describe LoginFraudPolicy do
6
+ policy_json_empty = {
7
+ "policy_id"=>"01a1",
8
+ "data"=>{
9
+ "options"=>{}
10
+ }
11
+ }
12
+
13
+ policy_json_one = {
14
+ "policy_id"=>"01a1",
15
+ "data"=>{
16
+ "options"=>{
17
+ "login_failed_enabled"=>true,
18
+ "login_success_enabled"=>true
19
+ }
20
+ }
21
+ }
22
+
23
+ empty_policy = LoginFraudPolicy.fromJson(policy_json_empty)
24
+ context "test empty agent" do
25
+ it "enabled is false" do
26
+ expect(empty_policy.policy_id).to eq("01a1")
27
+ expect(empty_policy.login_failed_enabled).to eq(false)
28
+ expect(empty_policy.login_success_enabled).to eq(false)
29
+ end
30
+ end
31
+
32
+ policy_one = LoginFraudPolicy.fromJson(policy_json_one)
33
+ context "enabled agent" do
34
+ it "enabled is true" do
35
+ expect(empty_policy.policy_id).to eq("01a1")
36
+ expect(policy_one.login_failed_enabled).to eq(true)
37
+ expect(policy_one.login_success_enabled).to eq(true)
38
+ end
39
+ end
40
+ end
41
+ end
42
+ end
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb ADDED
@@ -0,0 +1,67 @@
1
+ require 'spec_helper'
2
+
3
+ module TCellAgent
4
+ module Policies
5
+ describe SecureHeadersPolicy do
6
+ secure_headers_policy_json = {
7
+ "policy_id"=>"01a1",
8
+ "headers"=>[
9
+ {"name"=>"x-permitted-cross-domain-policies", "value"=>"value123"}
10
+ ]
11
+ }
12
+ secure_headers_policy = SecureHeadersPolicy.fromJson(secure_headers_policy_json)
13
+ context "secure header example" do
14
+ it "returns true" do
15
+ expect(secure_headers_policy.headers[0].name).to eq("x-permitted-cross-domain-policies")
16
+ expect(secure_headers_policy.headers[0].value).to eq("value123")
17
+ end
18
+ end
19
+ end
20
+ describe SecureHeadersPolicy do
21
+ secure_headers_policy_json = {
22
+ "policy_id"=>"01a1",
23
+ "headers"=>[
24
+ {"name"=>"x-frame-options", "value"=>"DENY"},
25
+ {"name"=>"x-xss-protection", "value"=>"1; mode=block"}
26
+ ]
27
+ }
28
+ secure_headers_policy = SecureHeadersPolicy.fromJson(secure_headers_policy_json)
29
+ context "secure headers (2) example" do
30
+ it "returns true" do
31
+ expect(secure_headers_policy.headers[0].name).to eq("x-frame-options")
32
+ expect(secure_headers_policy.headers[0].value).to eq("DENY")
33
+ expect(secure_headers_policy.headers[1].name).to eq("x-xss-protection")
34
+ expect(secure_headers_policy.headers[1].value).to eq("1; mode=block")
35
+ end
36
+ end
37
+ end
38
+ describe SecureHeadersPolicy do
39
+ secure_headers_policy_json = {
40
+ "policy_id"=>"01a1",
41
+ "headers"=>[
42
+ {"name"=>"bad-header", "value"=>"value123"}
43
+ ]
44
+ }
45
+ secure_headers_policy = SecureHeadersPolicy.fromJson(secure_headers_policy_json)
46
+ context "secure header example, invalid header" do
47
+ it "returns false" do
48
+ expect(secure_headers_policy.headers.length).to eq(0)
49
+ end
50
+ end
51
+ end
52
+ describe SecureHeadersPolicy do
53
+ secure_headers_policy_json = {
54
+ "policy_id"=>"01a1",
55
+ "headers"=>[
56
+ {"name"=>"x-permitted-cross-domain-policies", "value"=>"value123\\nabc"}
57
+ ]
58
+ }
59
+ secure_headers_policy = SecureHeadersPolicy.fromJson(secure_headers_policy_json)
60
+ context "secure header, value is bad" do
61
+ it "returns false" do
62
+ expect(secure_headers_policy.headers.length).to eq(0)
63
+ end
64
+ end
65
+ end
66
+ end
67
+ end
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb ADDED
@@ -0,0 +1,187 @@
1
+ require 'spec_helper'
2
+ require 'rack/test'
3
+ require 'rack'
4
+
5
+ module TCellAgent
6
+ module Instrumentation
7
+ module Rails
8
+ module Middleware
9
+
10
+ class MockRackApp
11
+
12
+ attr_reader :request_body
13
+
14
+ def initialize
15
+ @request_headers = {}
16
+ end
17
+
18
+ def call(env)
19
+ @env = env
20
+ @request_body = env['rack.input'].read
21
+ rack_request = Rack::Request.new(env)
22
+ response_headers = {'Content-Type' => 'text/html'}
23
+ if (rack_request.params['rv'])
24
+ response_headers["Location"] = rack_request.params['rv']
25
+ end
26
+ [200, response_headers, ['OK']]
27
+ end
28
+
29
+ def [](key)
30
+ @env[key]
31
+ end
32
+
33
+ end
34
+
35
+ describe HeadersMiddleware do
36
+
37
+ let(:app) { GlobalMiddleware.new(MockRackApp.new) }
38
+ subject { ContextMiddleware.new(described_class.new(app)) }
39
+
40
+ context "Redirect Middleware" do
41
+ let(:request) { Rack::MockRequest.new(subject) }
42
+ let(:agent) { ::TCellAgent::Agent.new(Process.pid) }
43
+ before(:each) do
44
+ TCellAgent.configuration = TCellAgent::Configuration.new
45
+ TCellAgent.configuration.read_config_from_file("spec/resources/normal_config.json")
46
+ agent.start
47
+ TCellAgent.thread_agent = agent
48
+ end
49
+
50
+ context "not enabled" do
51
+ it "passes through unchanged" do
52
+ agent.processPolicyJson({"http-redirect"=>{
53
+ "policy_id"=>"153ed270-7481-11e5-9194-95dad9b9dec3",
54
+ "data"=>{
55
+ "enabled"=>false,
56
+ "block"=>true,
57
+ "whitelist"=>[]
58
+ }
59
+ }}, cache=false)
60
+ tid_len = "78e596b7-e772-4caf-92eb-645fdbdec473".length + 1
61
+ response = request.get("/some/path?rv=https://www.google.com", 'CONTENT_TYPE' => 'text/html')
62
+ expect(response['Location']).to eq("https://www.google.com")
63
+ end
64
+ end
65
+
66
+ context "doesn't block simple whitelist" do
67
+ it "passes through unchanged" do
68
+ agent.processPolicyJson({"http-redirect"=>{
69
+ "policy_id"=>"153ed270-7481-11e5-9194-95dad9b9dec3",
70
+ "data"=>{
71
+ "enabled"=>true,
72
+ "block"=>true,
73
+ "whitelist"=>["www.google.com"]
74
+ }
75
+ }}, cache=false)
76
+
77
+ tid_len = "78e596b7-e772-4caf-92eb-645fdbdec473".length + 1
78
+ response = request.get("/some/path?rv=https://www.google.com", 'CONTENT_TYPE' => 'text/html')
79
+ expect(response['Location']).to eq("https://www.google.com")
80
+ end
81
+ end
82
+
83
+ context "doesn't block wildcard whitelist" do
84
+ it "passes through unchanged" do
85
+ agent.processPolicyJson({"http-redirect"=>{
86
+ "policy_id"=>"153ed270-7481-11e5-9194-95dad9b9dec3",
87
+ "data"=>{
88
+ "enabled"=>true,
89
+ "block"=>true,
90
+ "whitelist"=>["*.google.com"]
91
+ }
92
+ }}, cache=false)
93
+
94
+ tid_len = "78e596b7-e772-4caf-92eb-645fdbdec473".length + 1
95
+ response = request.get("/some/path?rv=https://www.google.com", 'CONTENT_TYPE' => 'text/html')
96
+ expect(response['Location']).to eq("https://www.google.com")
97
+ end
98
+ end
99
+
100
+ context "DOES block wildcard whitelist" do
101
+ it "replaces the value with /" do
102
+ agent.processPolicyJson({"http-redirect"=>{
103
+ "policy_id"=>"153ed270-7481-11e5-9194-95dad9b9dec3",
104
+ "data"=>{
105
+ "enabled"=>true,
106
+ "block"=>true,
107
+ "whitelist"=>["*.google-test.com"]
108
+ }
109
+ }}, cache=false)
110
+
111
+ tid_len = "78e596b7-e772-4caf-92eb-645fdbdec473".length + 1
112
+ response = request.get("/some/path?rv=https://www.google.com", 'CONTENT_TYPE' => 'text/html')
113
+ expect(response['Location']).to eq("/")
114
+ end
115
+ end
116
+
117
+ end
118
+
119
+ context "CSP Middleware" do
120
+ let(:request) { Rack::MockRequest.new(subject) }
121
+ let(:agent) { ::TCellAgent::Agent.new(Process.pid) }
122
+
123
+ before(:each) do
124
+ TCellAgent.configuration = TCellAgent::Configuration.new
125
+ TCellAgent.configuration.read_config_from_file("spec/resources/normal_config.json")
126
+ agent.start
127
+ TCellAgent.thread_agent = agent
128
+ end
129
+
130
+ context "Standard CSP Header" do
131
+ it "CSP Header is Added" do
132
+ agent.processPolicyJson({"csp-headers"=>{
133
+ "policy_id"=>"153ed270-7481-11e5-9194-95dad9b9dec3",
134
+ "headers"=>[{
135
+ "name"=>"Content-Security-Policy-Report-Only",
136
+ "value"=>"script-src 'unsafe-inline'",
137
+ "report-uri"=>"http://test.tcell.io/report"
138
+ }]
139
+ }}, cache=false)
140
+ tid_len = "78e596b7-e772-4caf-92eb-645fdbdec473".length + 1
141
+ response = request.get("/some/path", 'CONTENT_TYPE' => 'text/plain', 'action_dispatch.request_id'=>'35281717-247e-44e6-bd42-0fb1417e80d')
142
+ expect(response['Content-Security-Policy-Report-Only'][0..-tid_len]).to eq("script-src 'unsafe-inline'; report-uri http://test.tcell.io/report?tid=")
143
+ end
144
+ end
145
+
146
+ end
147
+
148
+ # context "when called with a POST request" do
149
+ # context "with some particular data" do
150
+ # let(:request) { Rack::MockRequest.new(app) }
151
+
152
+ # it "passes the request through unchanged" do
153
+
154
+ # TCellAgent.configuration = TCellAgent::Configuration.new
155
+ # TCellAgent.configuration.read_config_from_file("spec/resources/normal_config.json")
156
+
157
+ # agent = ::TCellAgent::Agent.new(Process.pid)
158
+ # ::TCellAgent::AgentThread.setThread(agent)
159
+ # agent.start
160
+ # agent.processPolicyJson({"csp"=>{
161
+ # "policy_id"=>"153ed270-7481-11e5-9194-95dad9b9dec3",
162
+ # "headers"=>{
163
+ # "name"=>"Content-Security-Policy-Report-Only",
164
+ # "value"=>"script-src 'unsafe-inline'",
165
+ # "report-uri"=>"http://test.tcell.io/report"
166
+ # }
167
+ # }})
168
+
169
+ # #noop = Proc.new {[200, {}, ["hello"]]}
170
+ # #middleware = ActionDispatch::Static.new(noop, "/my_rails_app/public")
171
+ # #request = Rack::MockRequest.new(middleware)
172
+ # #puts request.get("/path_i_want_to_hit")
173
+
174
+ # puts request.get("/some/path", 'CONTENT_TYPE' => 'text/plain')
175
+
176
+ # # expect(app['CONTENT_TYPE']).to eq('text/plain')
177
+ # # expect(app.request_body).to eq(post_data)
178
+
179
+ # end
180
+ # end
181
+ # end
182
+ end
183
+
184
+ end
185
+ end
186
+ end
187
+ end