tcell_agent 0.2.21 → 0.2.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. checksums.yaml +4 -4
  2. data/lib/tcell_agent.rb +1 -0
  3. data/lib/tcell_agent/api.rb +3 -2
  4. data/lib/tcell_agent/appsensor/injections_matcher.rb +137 -0
  5. data/lib/tcell_agent/appsensor/injections_reporter.rb +67 -0
  6. data/lib/tcell_agent/appsensor/meta_data.rb +71 -0
  7. data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +5 -2
  8. data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +1 -1
  9. data/lib/tcell_agent/appsensor/sensor.rb +48 -0
  10. data/lib/tcell_agent/configuration.rb +15 -2
  11. data/lib/tcell_agent/instrumentation.rb +3 -2
  12. data/lib/tcell_agent/logger.rb +19 -3
  13. data/lib/tcell_agent/patches.rb +26 -0
  14. data/lib/tcell_agent/patches/block_rule.rb +58 -0
  15. data/lib/tcell_agent/patches/meta_data.rb +54 -0
  16. data/lib/tcell_agent/patches/sensors_matcher.rb +30 -0
  17. data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +4 -0
  18. data/lib/tcell_agent/policies/appsensor/database_sensor.rb +7 -3
  19. data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +4 -0
  20. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +32 -38
  21. data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +4 -4
  22. data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +4 -0
  23. data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +3 -1
  24. data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -3
  25. data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +4 -0
  26. data/lib/tcell_agent/policies/appsensor/size_sensor.rb +9 -3
  27. data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +3 -3
  28. data/lib/tcell_agent/policies/appsensor_policy.rb +55 -131
  29. data/lib/tcell_agent/policies/content_security_policy.rb +148 -137
  30. data/lib/tcell_agent/policies/patches_policy.rb +41 -13
  31. data/lib/tcell_agent/rails.rb +11 -109
  32. data/lib/tcell_agent/rails/auth/devise.rb +5 -1
  33. data/lib/tcell_agent/rails/dlp.rb +5 -2
  34. data/lib/tcell_agent/rails/dlp/process_request.rb +88 -0
  35. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
  36. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +3 -13
  37. data/lib/tcell_agent/rails/on_start.rb +5 -101
  38. data/lib/tcell_agent/rails/routes.rb +240 -81
  39. data/lib/tcell_agent/rails/routes/grape.rb +113 -0
  40. data/lib/tcell_agent/rails/routes/route_id.rb +29 -0
  41. data/lib/tcell_agent/sensor_events/app_config.rb +21 -13
  42. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -26
  43. data/lib/tcell_agent/servers/passenger.rb +10 -0
  44. data/lib/tcell_agent/start_background_thread.rb +82 -0
  45. data/lib/tcell_agent/utils/params.rb +1 -1
  46. data/lib/tcell_agent/version.rb +1 -1
  47. data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +504 -0
  48. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +222 -0
  49. data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +7 -13
  50. data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +18 -18
  51. data/spec/lib/tcell_agent/patches/block_rule_spec.rb +381 -0
  52. data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +35 -0
  53. data/spec/lib/tcell_agent/patches_spec.rb +156 -0
  54. data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +21 -10
  55. data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +20 -9
  56. data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +44 -9
  57. data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
  58. data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +13 -13
  59. data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +5 -5
  60. data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +20 -9
  61. data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +24 -14
  62. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +243 -241
  63. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +128 -200
  64. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +126 -55
  65. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +485 -24
  66. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +5 -0
  67. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -2
  68. data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +294 -0
  69. data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +80 -0
  70. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +182 -0
  71. metadata +30 -7
  72. data/lib/tcell_agent/policies/appsensor/login_sensor.rb +0 -39
  73. data/lib/tcell_agent/policies/appsensor/sensor.rb +0 -46
  74. data/lib/tcell_agent/rails/path_parameters_setter.rb +0 -43
  75. data/spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb +0 -104
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb CHANGED
@@ -20,7 +20,7 @@ module TCellAgent
20
20
 
21
21
  context "that has empty options" do
22
22
  it "should have all sensors disabled" do
23
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
23
+ expect_any_instance_of(AppSensorRuleManager).to_not receive(:instance)
24
24
 
25
25
  policy_json_empty = {
26
26
  "policy_id" => "01a1",
@@ -33,9 +33,9 @@ module TCellAgent
33
33
 
34
34
  expect(empty_policy.policy_id).to eq("01a1")
35
35
  expect(empty_policy.enabled).to eq(false)
36
- expect(empty_policy.payloads_policy).to_not be_nil
37
- expect(empty_policy.payloads_policy.send_payloads).to eq(false)
38
- expect(empty_policy.payloads_policy.log_payloads).to eq(false)
36
+ expect(empty_policy.injections_reporter.payloads_policy).to_not be_nil
37
+ expect(empty_policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
38
+ expect(empty_policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
39
39
  expect(empty_policy.options["req_size"]).to be_nil
40
40
  expect(empty_policy.options["resp_size"]).to be_nil
41
41
  expect(empty_policy.options["resp_codes"]).to be_nil
@@ -45,7 +45,6 @@ module TCellAgent
45
45
  expect(empty_policy.options["fpt"]).to be_nil
46
46
  expect(empty_policy.options["nullbyte"]).to be_nil
47
47
  expect(empty_policy.options["retr"]).to be_nil
48
- expect(empty_policy.options["login"]).to be_nil
49
48
  expect(empty_policy.options["ua"]).to be_nil
50
49
  expect(empty_policy.options["errors"]).to be_nil
51
50
  expect(empty_policy.options["database"]).to be_nil
@@ -54,7 +53,7 @@ module TCellAgent
54
53
 
55
54
  context "that has no options" do
56
55
  it "should have all sensors disabled" do
57
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
56
+ expect(AppSensorRuleManager).to_not receive(:instance)
58
57
 
59
58
  policy_json_empty = {
60
59
  "policy_id" => "01a1",
@@ -66,9 +65,9 @@ module TCellAgent
66
65
 
67
66
  expect(empty_policy.policy_id).to eq("01a1")
68
67
  expect(empty_policy.enabled).to eq(false)
69
- expect(empty_policy.payloads_policy).to_not be_nil
70
- expect(empty_policy.payloads_policy.send_payloads).to eq(false)
71
- expect(empty_policy.payloads_policy.log_payloads).to eq(false)
68
+ expect(empty_policy.injections_reporter.payloads_policy).to_not be_nil
69
+ expect(empty_policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
70
+ expect(empty_policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
72
71
  expect(empty_policy.options["req_size"]).to be_nil
73
72
  expect(empty_policy.options["resp_size"]).to be_nil
74
73
  expect(empty_policy.options["resp_codes"]).to be_nil
@@ -78,7 +77,6 @@ module TCellAgent
78
77
  expect(empty_policy.options["fpt"]).to be_nil
79
78
  expect(empty_policy.options["nullbyte"]).to be_nil
80
79
  expect(empty_policy.options["retr"]).to be_nil
81
- expect(empty_policy.options["login"]).to be_nil
82
80
  expect(empty_policy.options["ua"]).to be_nil
83
81
  expect(empty_policy.options["errors"]).to be_nil
84
82
  expect(empty_policy.options["database"]).to be_nil
@@ -87,7 +85,7 @@ module TCellAgent
87
85
 
88
86
  context "that only has null enabled" do
89
87
  it "should only have null enabled" do
90
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
88
+ expect(AppSensorRuleManager).to receive(:instance)
91
89
 
92
90
  policy_json = {
93
91
  "policy_id" => "01a1",
@@ -100,52 +98,28 @@ module TCellAgent
100
98
 
101
99
  expect(policy.policy_id).to eq("01a1")
102
100
  expect(policy.enabled).to eq(true)
103
- expect(policy.payloads_policy).to_not be_nil
104
- expect(policy.payloads_policy.send_payloads).to eq(true)
105
- expect(policy.payloads_policy.log_payloads).to eq(true)
101
+ expect(policy.injections_reporter.payloads_policy).to_not be_nil
102
+ expect(policy.injections_reporter.payloads_policy.send_payloads).to eq(true)
103
+ expect(policy.injections_reporter.payloads_policy.log_payloads).to eq(true)
106
104
  expect(policy.options["req_size"]).to_not be_nil
107
105
  expect(policy.options["resp_size"]).to_not be_nil
108
106
  expect(policy.options["resp_codes"]).to_not be_nil
109
- expect(policy.options["xss"]).to_not be_nil
110
- expect(policy.options["sqli"]).to_not be_nil
111
- expect(policy.options["cmdi"]).to_not be_nil
112
- expect(policy.options["fpt"]).to_not be_nil
113
- expect(policy.options["nullbyte"]).to_not be_nil
114
- expect(policy.options["retr"]).to_not be_nil
115
- expect(policy.options["login"]).to_not be_nil
116
107
  expect(policy.options["ua"]).to_not be_nil
117
108
  expect(policy.options["errors"]).to_not be_nil
118
109
  expect(policy.options["database"]).to_not be_nil
119
110
 
120
- expect(policy.options["req_size"].enabled).to eq(false)
121
- expect(policy.options["resp_size"].enabled).to eq(false)
122
- expect(policy.options["resp_codes"].enabled).to eq(false)
123
- expect(policy.options["xss"].enabled).to eq(false)
124
- expect(policy.options["sqli"].enabled).to eq(false)
125
- expect(policy.options["cmdi"].enabled).to eq(false)
126
- expect(policy.options["fpt"].enabled).to eq(false)
127
- expect(policy.options["nullbyte"].enabled).to eq(true)
128
- expect(policy.options["retr"].enabled).to eq(false)
129
- expect(policy.options["login"].enabled).to eq(false)
130
- expect(policy.options["ua"].enabled).to eq(false)
131
- expect(policy.options["ua"].empty_enabled).to eq(false)
132
- expect(policy.options["errors"].enabled).to eq(false)
133
- expect(policy.options["errors"].csrf_exception_enabled).to eq(false)
134
- expect(policy.options["errors"].sql_exception_enabled).to eq(false)
135
- expect(policy.options["database"].enabled).to eq(false)
136
-
137
- expect(policy.options["xss"].v1_compatability_enabled).to eq(true)
138
- expect(policy.options["sqli"].v1_compatability_enabled).to eq(true)
139
- expect(policy.options["cmdi"].v1_compatability_enabled).to eq(true)
140
- expect(policy.options["fpt"].v1_compatability_enabled).to eq(true)
141
- expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(true)
142
- expect(policy.options["retr"].v1_compatability_enabled).to eq(true)
111
+ injections_matcher = policy.injections_reporter.injections_matcher
112
+ expect(injections_matcher).to_not be_nil
113
+ expect(injections_matcher.sensors.size).to eq(1)
114
+ expect(injections_matcher.sensors[0].detection_point).to eq("null")
115
+ expect(injections_matcher.sensors[0].enabled).to eq(true)
116
+ expect(injections_matcher.sensors[0].v1_compatability_enabled).to eq(true)
143
117
  end
144
118
  end
145
119
 
146
120
  context "that only has xss enabled" do
147
121
  it "should only have xss enabled" do
148
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
122
+ expect(AppSensorRuleManager).to receive(:instance)
149
123
 
150
124
  policy_json = {
151
125
  "policy_id" => "01a1",
@@ -158,18 +132,11 @@ module TCellAgent
158
132
 
159
133
  expect(empty_policy.policy_id).to eq("01a1")
160
134
  expect(empty_policy.enabled).to eq(true)
161
- expect(empty_policy.payloads_policy.send_payloads).to eq(true)
162
- expect(empty_policy.payloads_policy.log_payloads).to eq(true)
135
+ expect(empty_policy.injections_reporter.payloads_policy.send_payloads).to eq(true)
136
+ expect(empty_policy.injections_reporter.payloads_policy.log_payloads).to eq(true)
163
137
  expect(empty_policy.options["req_size"]).to_not be_nil
164
138
  expect(empty_policy.options["resp_size"]).to_not be_nil
165
139
  expect(empty_policy.options["resp_codes"]).to_not be_nil
166
- expect(empty_policy.options["xss"]).to_not be_nil
167
- expect(empty_policy.options["sqli"]).to_not be_nil
168
- expect(empty_policy.options["cmdi"]).to_not be_nil
169
- expect(empty_policy.options["fpt"]).to_not be_nil
170
- expect(empty_policy.options["nullbyte"]).to_not be_nil
171
- expect(empty_policy.options["retr"]).to_not be_nil
172
- expect(empty_policy.options["login"]).to_not be_nil
173
140
  expect(empty_policy.options["ua"]).to_not be_nil
174
141
  expect(empty_policy.options["errors"]).to_not be_nil
175
142
  expect(empty_policy.options["database"]).to_not be_nil
@@ -177,13 +144,6 @@ module TCellAgent
177
144
  expect(empty_policy.options["req_size"].enabled).to eq(false)
178
145
  expect(empty_policy.options["resp_size"].enabled).to eq(false)
179
146
  expect(empty_policy.options["resp_codes"].enabled).to eq(false)
180
- expect(empty_policy.options["xss"].enabled).to eq(true)
181
- expect(empty_policy.options["sqli"].enabled).to eq(false)
182
- expect(empty_policy.options["cmdi"].enabled).to eq(false)
183
- expect(empty_policy.options["fpt"].enabled).to eq(false)
184
- expect(empty_policy.options["nullbyte"].enabled).to eq(false)
185
- expect(empty_policy.options["retr"].enabled).to eq(false)
186
- expect(empty_policy.options["login"].enabled).to eq(false)
187
147
  expect(empty_policy.options["ua"].enabled).to eq(false)
188
148
  expect(empty_policy.options["ua"].empty_enabled).to eq(false)
189
149
  expect(empty_policy.options["errors"].enabled).to eq(false)
@@ -191,18 +151,18 @@ module TCellAgent
191
151
  expect(empty_policy.options["errors"].sql_exception_enabled).to eq(false)
192
152
  expect(empty_policy.options["database"].enabled).to eq(false)
193
153
 
194
- expect(empty_policy.options["xss"].v1_compatability_enabled).to eq(true)
195
- expect(empty_policy.options["sqli"].v1_compatability_enabled).to eq(true)
196
- expect(empty_policy.options["cmdi"].v1_compatability_enabled).to eq(true)
197
- expect(empty_policy.options["fpt"].v1_compatability_enabled).to eq(true)
198
- expect(empty_policy.options["nullbyte"].v1_compatability_enabled).to eq(true)
199
- expect(empty_policy.options["retr"].v1_compatability_enabled).to eq(true)
154
+ injections_matcher = empty_policy.injections_reporter.injections_matcher
155
+ expect(injections_matcher).to_not be_nil
156
+ expect(injections_matcher.sensors.size).to eq(1)
157
+ expect(injections_matcher.sensors[0].detection_point).to eq("xss")
158
+ expect(injections_matcher.sensors[0].enabled).to eq(true)
159
+ expect(injections_matcher.sensors[0].v1_compatability_enabled).to eq(true)
200
160
  end
201
161
  end
202
162
 
203
163
  context "that has everything enabled" do
204
164
  it "should have all sensors enabled" do
205
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
165
+ expect(AppSensorRuleManager).to receive(:instance).exactly(6).times
206
166
 
207
167
  policy_json = {
208
168
  "policy_id" => "01a1",
@@ -215,8 +175,7 @@ module TCellAgent
215
175
  "cmdi"=>true,
216
176
  "fpt"=>true,
217
177
  "null"=>true,
218
- "retr"=>true,
219
- "login_failure"=>true
178
+ "retr"=>true
220
179
  }
221
180
  }
222
181
  }
@@ -225,18 +184,12 @@ module TCellAgent
225
184
 
226
185
  expect(policy.policy_id).to eq("01a1")
227
186
  expect(policy.enabled).to eq(true)
228
- expect(policy.payloads_policy.send_payloads).to eq(true)
229
- expect(policy.payloads_policy.log_payloads).to eq(true)
187
+ expect(policy.injections_reporter.payloads_policy.send_payloads).to eq(true)
188
+ expect(policy.injections_reporter.payloads_policy.log_payloads).to eq(true)
230
189
  expect(policy.options["req_size"]).to_not be_nil
231
190
  expect(policy.options["resp_size"]).to_not be_nil
232
191
  expect(policy.options["resp_codes"]).to_not be_nil
233
- expect(policy.options["xss"]).to_not be_nil
234
- expect(policy.options["sqli"]).to_not be_nil
235
- expect(policy.options["cmdi"]).to_not be_nil
236
- expect(policy.options["fpt"]).to_not be_nil
237
- expect(policy.options["nullbyte"]).to_not be_nil
238
- expect(policy.options["retr"]).to_not be_nil
239
- expect(policy.options["login"]).to_not be_nil
192
+
240
193
  expect(policy.options["ua"]).to_not be_nil
241
194
  expect(policy.options["errors"]).to_not be_nil
242
195
  expect(policy.options["database"]).to_not be_nil
@@ -244,13 +197,6 @@ module TCellAgent
244
197
  expect(policy.options["req_size"].enabled).to eq(true)
245
198
  expect(policy.options["resp_size"].enabled).to eq(true)
246
199
  expect(policy.options["resp_codes"].enabled).to eq(true)
247
- expect(policy.options["xss"].enabled).to eq(true)
248
- expect(policy.options["sqli"].enabled).to eq(true)
249
- expect(policy.options["cmdi"].enabled).to eq(true)
250
- expect(policy.options["fpt"].enabled).to eq(true)
251
- expect(policy.options["nullbyte"].enabled).to eq(true)
252
- expect(policy.options["retr"].enabled).to eq(true)
253
- expect(policy.options["login"].enabled).to eq(true)
254
200
  expect(policy.options["ua"].enabled).to eq(false)
255
201
  expect(policy.options["ua"].empty_enabled).to eq(false)
256
202
  expect(policy.options["errors"].enabled).to eq(false)
@@ -258,12 +204,31 @@ module TCellAgent
258
204
  expect(policy.options["errors"].sql_exception_enabled).to eq(false)
259
205
  expect(policy.options["database"].enabled).to eq(false)
260
206
 
261
- expect(policy.options["xss"].v1_compatability_enabled).to eq(true)
262
- expect(policy.options["sqli"].v1_compatability_enabled).to eq(true)
263
- expect(policy.options["cmdi"].v1_compatability_enabled).to eq(true)
264
- expect(policy.options["fpt"].v1_compatability_enabled).to eq(true)
265
- expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(true)
266
- expect(policy.options["retr"].v1_compatability_enabled).to eq(true)
207
+ injections_matcher = policy.injections_reporter.injections_matcher
208
+ expect(injections_matcher).to_not be_nil
209
+ expect(injections_matcher.sensors.size).to eq(6)
210
+
211
+ sorted_sensors = injections_matcher.sensors.sort do
212
+ |a,b| a.detection_point <=> b.detection_point
213
+ end
214
+ expect(sorted_sensors[0].detection_point).to eq("cmdi")
215
+ expect(sorted_sensors[0].enabled).to eq(true)
216
+ expect(sorted_sensors[0].v1_compatability_enabled).to eq(true)
217
+ expect(sorted_sensors[1].detection_point).to eq("fpt")
218
+ expect(sorted_sensors[1].enabled).to eq(true)
219
+ expect(sorted_sensors[1].v1_compatability_enabled).to eq(true)
220
+ expect(sorted_sensors[2].detection_point).to eq("null")
221
+ expect(sorted_sensors[2].enabled).to eq(true)
222
+ expect(sorted_sensors[2].v1_compatability_enabled).to eq(true)
223
+ expect(sorted_sensors[3].detection_point).to eq("retr")
224
+ expect(sorted_sensors[3].enabled).to eq(true)
225
+ expect(sorted_sensors[3].v1_compatability_enabled).to eq(true)
226
+ expect(sorted_sensors[4].detection_point).to eq("sqli")
227
+ expect(sorted_sensors[4].enabled).to eq(true)
228
+ expect(sorted_sensors[4].v1_compatability_enabled).to eq(true)
229
+ expect(sorted_sensors[5].detection_point).to eq("xss")
230
+ expect(sorted_sensors[5].enabled).to eq(true)
231
+ expect(sorted_sensors[5].v1_compatability_enabled).to eq(true)
267
232
  end
268
233
  end
269
234
  end
@@ -282,7 +247,7 @@ module TCellAgent
282
247
 
283
248
  context "that has no sensors" do
284
249
  it "should have all sensors disabled" do
285
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
250
+ expect(AppSensorRuleManager).to_not receive(:instance)
286
251
 
287
252
  policy_json_empty = {
288
253
  "policy_id" => "01a1",
@@ -295,28 +260,25 @@ module TCellAgent
295
260
 
296
261
  expect(empty_policy.policy_id).to eq("01a1")
297
262
  expect(empty_policy.enabled).to eq(false)
298
- expect(empty_policy.payloads_policy).to_not be_nil
299
- expect(empty_policy.payloads_policy.send_payloads).to eq(false)
300
- expect(empty_policy.payloads_policy.log_payloads).to eq(false)
263
+ expect(empty_policy.injections_reporter.payloads_policy).to_not be_nil
264
+ expect(empty_policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
265
+ expect(empty_policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
301
266
  expect(empty_policy.options["req_size"]).to be_nil
302
267
  expect(empty_policy.options["resp_size"]).to be_nil
303
268
  expect(empty_policy.options["resp_codes"]).to be_nil
304
- expect(empty_policy.options["xss"]).to be_nil
305
- expect(empty_policy.options["sqli"]).to be_nil
306
- expect(empty_policy.options["cmdi"]).to be_nil
307
- expect(empty_policy.options["fpt"]).to be_nil
308
- expect(empty_policy.options["nullbyte"]).to be_nil
309
- expect(empty_policy.options["retr"]).to be_nil
310
- expect(empty_policy.options["login"]).to be_nil
311
269
  expect(empty_policy.options["ua"]).to be_nil
312
270
  expect(empty_policy.options["errors"]).to be_nil
313
271
  expect(empty_policy.options["database"]).to be_nil
272
+
273
+ injections_matcher = empty_policy.injections_reporter.injections_matcher
274
+ expect(injections_matcher).to_not be_nil
275
+ expect(injections_matcher.sensors.size).to eq(0)
314
276
  end
315
277
  end
316
278
 
317
279
  context "that has empty sensors" do
318
280
  it "should have all sensors disabled" do
319
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
281
+ expect(AppSensorRuleManager).to_not receive(:instance)
320
282
 
321
283
  policy_json_empty = {
322
284
  "policy_id" => "01a1",
@@ -330,28 +292,25 @@ module TCellAgent
330
292
 
331
293
  expect(empty_policy.policy_id).to eq("01a1")
332
294
  expect(empty_policy.enabled).to eq(false)
333
- expect(empty_policy.payloads_policy).to_not be_nil
334
- expect(empty_policy.payloads_policy.send_payloads).to eq(false)
335
- expect(empty_policy.payloads_policy.log_payloads).to eq(false)
295
+ expect(empty_policy.injections_reporter.payloads_policy).to_not be_nil
296
+ expect(empty_policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
297
+ expect(empty_policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
336
298
  expect(empty_policy.options["req_size"]).to be_nil
337
299
  expect(empty_policy.options["resp_size"]).to be_nil
338
300
  expect(empty_policy.options["resp_codes"]).to be_nil
339
- expect(empty_policy.options["xss"]).to be_nil
340
- expect(empty_policy.options["sqli"]).to be_nil
341
- expect(empty_policy.options["cmdi"]).to be_nil
342
- expect(empty_policy.options["fpt"]).to be_nil
343
- expect(empty_policy.options["nullbyte"]).to be_nil
344
- expect(empty_policy.options["retr"]).to be_nil
345
- expect(empty_policy.options["login"]).to be_nil
346
301
  expect(empty_policy.options["ua"]).to be_nil
347
302
  expect(empty_policy.options["errors"]).to be_nil
348
303
  expect(empty_policy.options["database"]).to be_nil
304
+
305
+ injections_matcher = empty_policy.injections_reporter.injections_matcher
306
+ expect(injections_matcher).to_not be_nil
307
+ expect(injections_matcher.sensors.size).to eq(0)
349
308
  end
350
309
  end
351
310
 
352
311
  context "that only has null enabled" do
353
312
  it "should only have null enabled" do
354
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
313
+ expect(AppSensorRuleManager).to receive(:instance)
355
314
 
356
315
  policy_json = {
357
316
  "policy_id" => "01a1",
@@ -368,19 +327,13 @@ module TCellAgent
368
327
  policy = AppSensorPolicy.from_json(policy_json)
369
328
 
370
329
  expect(policy.policy_id).to eq("01a1")
371
- expect(policy.payloads_policy).to_not be_nil
372
- expect(policy.payloads_policy.send_payloads).to eq(false)
373
- expect(policy.payloads_policy.log_payloads).to eq(false)
330
+ expect(policy.injections_reporter.payloads_policy).to_not be_nil
331
+ expect(policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
332
+ expect(policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
374
333
  expect(policy.options["req_size"]).to_not be_nil
375
334
  expect(policy.options["resp_size"]).to_not be_nil
376
335
  expect(policy.options["resp_codes"]).to_not be_nil
377
- expect(policy.options["xss"]).to_not be_nil
378
- expect(policy.options["sqli"]).to_not be_nil
379
- expect(policy.options["cmdi"]).to_not be_nil
380
- expect(policy.options["fpt"]).to_not be_nil
381
- expect(policy.options["nullbyte"]).to_not be_nil
382
- expect(policy.options["retr"]).to_not be_nil
383
- expect(policy.options["login"]).to_not be_nil
336
+
384
337
  expect(policy.options["ua"]).to_not be_nil
385
338
  expect(policy.options["errors"]).to_not be_nil
386
339
  expect(policy.options["database"]).to_not be_nil
@@ -388,13 +341,6 @@ module TCellAgent
388
341
  expect(policy.options["req_size"].enabled).to eq(false)
389
342
  expect(policy.options["resp_size"].enabled).to eq(false)
390
343
  expect(policy.options["resp_codes"].enabled).to eq(false)
391
- expect(policy.options["xss"].enabled).to eq(false)
392
- expect(policy.options["sqli"].enabled).to eq(false)
393
- expect(policy.options["cmdi"].enabled).to eq(false)
394
- expect(policy.options["fpt"].enabled).to eq(false)
395
- expect(policy.options["nullbyte"].enabled).to eq(true)
396
- expect(policy.options["retr"].enabled).to eq(false)
397
- expect(policy.options["login"].enabled).to eq(false)
398
344
  expect(policy.options["ua"].enabled).to eq(false)
399
345
  expect(policy.options["ua"].empty_enabled).to eq(false)
400
346
  expect(policy.options["errors"].enabled).to eq(false)
@@ -402,18 +348,18 @@ module TCellAgent
402
348
  expect(policy.options["errors"].sql_exception_enabled).to eq(false)
403
349
  expect(policy.options["database"].enabled).to eq(false)
404
350
 
405
- expect(policy.options["xss"].v1_compatability_enabled).to eq(false)
406
- expect(policy.options["sqli"].v1_compatability_enabled).to eq(false)
407
- expect(policy.options["cmdi"].v1_compatability_enabled).to eq(false)
408
- expect(policy.options["fpt"].v1_compatability_enabled).to eq(false)
409
- expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(false)
410
- expect(policy.options["retr"].v1_compatability_enabled).to eq(false)
351
+ injections_matcher = policy.injections_reporter.injections_matcher
352
+ expect(injections_matcher).to_not be_nil
353
+ expect(injections_matcher.sensors.size).to eq(1)
354
+ expect(injections_matcher.sensors[0].detection_point).to eq("null")
355
+ expect(injections_matcher.sensors[0].enabled).to eq(true)
356
+ expect(injections_matcher.sensors[0].v1_compatability_enabled).to eq(false)
411
357
  end
412
358
  end
413
359
 
414
360
  context "that only has xss enabled" do
415
361
  it "should only have xss enabled" do
416
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
362
+ expect(AppSensorRuleManager).to receive(:instance)
417
363
 
418
364
  policy_json = {
419
365
  "policy_id" => "01a1",
@@ -434,19 +380,12 @@ module TCellAgent
434
380
  policy = AppSensorPolicy.from_json(policy_json)
435
381
 
436
382
  expect(policy.policy_id).to eq("01a1")
437
- expect(policy.payloads_policy).to_not be_nil
438
- expect(policy.payloads_policy.send_payloads).to eq(false)
439
- expect(policy.payloads_policy.log_payloads).to eq(false)
383
+ expect(policy.injections_reporter.payloads_policy).to_not be_nil
384
+ expect(policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
385
+ expect(policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
440
386
  expect(policy.options["req_size"]).to_not be_nil
441
387
  expect(policy.options["resp_size"]).to_not be_nil
442
388
  expect(policy.options["resp_codes"]).to_not be_nil
443
- expect(policy.options["xss"]).to_not be_nil
444
- expect(policy.options["sqli"]).to_not be_nil
445
- expect(policy.options["cmdi"]).to_not be_nil
446
- expect(policy.options["fpt"]).to_not be_nil
447
- expect(policy.options["nullbyte"]).to_not be_nil
448
- expect(policy.options["retr"]).to_not be_nil
449
- expect(policy.options["login"]).to_not be_nil
450
389
  expect(policy.options["ua"]).to_not be_nil
451
390
  expect(policy.options["errors"]).to_not be_nil
452
391
  expect(policy.options["database"]).to_not be_nil
@@ -454,13 +393,6 @@ module TCellAgent
454
393
  expect(policy.options["req_size"].enabled).to eq(false)
455
394
  expect(policy.options["resp_size"].enabled).to eq(false)
456
395
  expect(policy.options["resp_codes"].enabled).to eq(false)
457
- expect(policy.options["xss"].enabled).to eq(true)
458
- expect(policy.options["sqli"].enabled).to eq(false)
459
- expect(policy.options["cmdi"].enabled).to eq(false)
460
- expect(policy.options["fpt"].enabled).to eq(false)
461
- expect(policy.options["nullbyte"].enabled).to eq(false)
462
- expect(policy.options["retr"].enabled).to eq(false)
463
- expect(policy.options["login"].enabled).to eq(false)
464
396
  expect(policy.options["ua"].enabled).to eq(false)
465
397
  expect(policy.options["ua"].empty_enabled).to eq(false)
466
398
  expect(policy.options["errors"].enabled).to eq(false)
@@ -468,18 +400,18 @@ module TCellAgent
468
400
  expect(policy.options["errors"].sql_exception_enabled).to eq(false)
469
401
  expect(policy.options["database"].enabled).to eq(false)
470
402
 
471
- expect(policy.options["xss"].v1_compatability_enabled).to eq(false)
472
- expect(policy.options["sqli"].v1_compatability_enabled).to eq(false)
473
- expect(policy.options["cmdi"].v1_compatability_enabled).to eq(false)
474
- expect(policy.options["fpt"].v1_compatability_enabled).to eq(false)
475
- expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(false)
476
- expect(policy.options["retr"].v1_compatability_enabled).to eq(false)
403
+ injections_matcher = policy.injections_reporter.injections_matcher
404
+ expect(injections_matcher).to_not be_nil
405
+ expect(injections_matcher.sensors.size).to eq(1)
406
+ expect(injections_matcher.sensors[0].detection_point).to eq("xss")
407
+ expect(injections_matcher.sensors[0].enabled).to eq(true)
408
+ expect(injections_matcher.sensors[0].v1_compatability_enabled).to eq(false)
477
409
  end
478
410
  end
479
411
 
480
412
  context "that has everything enabled" do
481
413
  it "should have all sensors enabled" do
482
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
414
+ expect(AppSensorRuleManager).to receive(:instance).exactly(6).times
483
415
 
484
416
  policy_json = {
485
417
  "policy_id" => "01a1",
@@ -546,13 +478,6 @@ module TCellAgent
546
478
  "ua" => {
547
479
  "empty_enabled" => true,
548
480
  },
549
- "login" => {
550
- "lgnSccss_enabled" => true,
551
- "lgnFlr_enabled" => true,
552
- "psswdRstReq" => true,
553
- "psswdRstAttmpt" => true,
554
- "psswdRst" => true
555
- },
556
481
  "errors" => {
557
482
  "csrf_exception_enabled" => true,
558
483
  "sql_exception_enabled" => true
@@ -569,17 +494,11 @@ module TCellAgent
569
494
  policy = AppSensorPolicy.from_json(policy_json)
570
495
 
571
496
  expect(policy.policy_id).to eq("01a1")
572
- expect(policy.payloads_policy).to_not be_nil
497
+ expect(policy.injections_reporter.payloads_policy).to_not be_nil
573
498
  expect(policy.options["req_size"]).to_not be_nil
574
499
  expect(policy.options["resp_size"]).to_not be_nil
575
500
  expect(policy.options["resp_codes"]).to_not be_nil
576
- expect(policy.options["xss"]).to_not be_nil
577
- expect(policy.options["sqli"]).to_not be_nil
578
- expect(policy.options["cmdi"]).to_not be_nil
579
- expect(policy.options["fpt"]).to_not be_nil
580
- expect(policy.options["nullbyte"]).to_not be_nil
581
- expect(policy.options["retr"]).to_not be_nil
582
- expect(policy.options["login"]).to_not be_nil
501
+
583
502
  expect(policy.options["ua"]).to_not be_nil
584
503
  expect(policy.options["errors"]).to_not be_nil
585
504
  expect(policy.options["database"]).to_not be_nil
@@ -587,13 +506,6 @@ module TCellAgent
587
506
  expect(policy.options["req_size"].enabled).to eq(true)
588
507
  expect(policy.options["resp_size"].enabled).to eq(true)
589
508
  expect(policy.options["resp_codes"].enabled).to eq(true)
590
- expect(policy.options["xss"].enabled).to eq(true)
591
- expect(policy.options["sqli"].enabled).to eq(true)
592
- expect(policy.options["cmdi"].enabled).to eq(true)
593
- expect(policy.options["fpt"].enabled).to eq(true)
594
- expect(policy.options["nullbyte"].enabled).to eq(true)
595
- expect(policy.options["retr"].enabled).to eq(true)
596
- expect(policy.options["login"].enabled).to eq(true)
597
509
  expect(policy.options["ua"].enabled).to eq(true)
598
510
  expect(policy.options["ua"].empty_enabled).to eq(true)
599
511
  expect(policy.options["errors"].enabled).to eq(true)
@@ -602,27 +514,43 @@ module TCellAgent
602
514
  expect(policy.options["database"].enabled).to eq(true)
603
515
  expect(policy.options["database"].max_rows).to eq(10)
604
516
 
605
- expect(policy.options["xss"].v1_compatability_enabled).to eq(false)
606
- expect(policy.options["sqli"].v1_compatability_enabled).to eq(false)
607
- expect(policy.options["cmdi"].v1_compatability_enabled).to eq(false)
608
- expect(policy.options["fpt"].v1_compatability_enabled).to eq(false)
609
- expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(false)
610
- expect(policy.options["retr"].v1_compatability_enabled).to eq(false)
611
-
612
- expect(policy.payloads_policy.send_payloads).to eq(true)
613
- expect(policy.payloads_policy.send_blacklist).to eq({
517
+ expect(policy.injections_reporter.payloads_policy.send_payloads).to eq(true)
518
+ expect(policy.injections_reporter.payloads_policy.send_blacklist).to eq({
614
519
  "jsessionid" => Set.new(["cookie"]),
615
520
  "ssn" => Set.new(["*"]),
616
521
  "password" => Set.new(["*"])
617
522
  })
618
- expect(policy.payloads_policy.use_send_whitelist).to eq(true)
619
- expect(policy.payloads_policy.send_whitelist).to eq({})
620
- expect(policy.payloads_policy.log_payloads).to eq(true)
621
- expect(policy.payloads_policy.log_blacklist).to eq({})
622
- expect(policy.payloads_policy.use_log_whitelist).to eq(true)
623
- expect(policy.payloads_policy.log_whitelist).to eq({
523
+ expect(policy.injections_reporter.payloads_policy.use_send_whitelist).to eq(true)
524
+ expect(policy.injections_reporter.payloads_policy.send_whitelist).to eq({})
525
+ expect(policy.injections_reporter.payloads_policy.log_payloads).to eq(true)
526
+ expect(policy.injections_reporter.payloads_policy.log_blacklist).to eq({})
527
+ expect(policy.injections_reporter.payloads_policy.use_log_whitelist).to eq(true)
528
+ expect(policy.injections_reporter.payloads_policy.log_whitelist).to eq({
624
529
  "username" => Set.new(["*"]),
625
530
  })
531
+
532
+ injections_matcher = policy.injections_reporter.injections_matcher
533
+ sorted_sensors = injections_matcher.sensors.sort do
534
+ |a,b| a.detection_point <=> b.detection_point
535
+ end
536
+ expect(sorted_sensors[0].detection_point).to eq("cmdi")
537
+ expect(sorted_sensors[0].enabled).to eq(true)
538
+ expect(sorted_sensors[0].v1_compatability_enabled).to eq(false)
539
+ expect(sorted_sensors[1].detection_point).to eq("fpt")
540
+ expect(sorted_sensors[1].enabled).to eq(true)
541
+ expect(sorted_sensors[1].v1_compatability_enabled).to eq(false)
542
+ expect(sorted_sensors[2].detection_point).to eq("null")
543
+ expect(sorted_sensors[2].enabled).to eq(true)
544
+ expect(sorted_sensors[2].v1_compatability_enabled).to eq(false)
545
+ expect(sorted_sensors[3].detection_point).to eq("retr")
546
+ expect(sorted_sensors[3].enabled).to eq(true)
547
+ expect(sorted_sensors[3].v1_compatability_enabled).to eq(false)
548
+ expect(sorted_sensors[4].detection_point).to eq("sqli")
549
+ expect(sorted_sensors[4].enabled).to eq(true)
550
+ expect(sorted_sensors[4].v1_compatability_enabled).to eq(false)
551
+ expect(sorted_sensors[5].detection_point).to eq("xss")
552
+ expect(sorted_sensors[5].enabled).to eq(true)
553
+ expect(sorted_sensors[5].v1_compatability_enabled).to eq(false)
626
554
  end
627
555
  end
628
556