tcell_agent 0.2.21 → 0.2.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (75) hide show
  1. checksums.yaml +4 -4
  2. data/lib/tcell_agent.rb +1 -0
  3. data/lib/tcell_agent/api.rb +3 -2
  4. data/lib/tcell_agent/appsensor/injections_matcher.rb +137 -0
  5. data/lib/tcell_agent/appsensor/injections_reporter.rb +67 -0
  6. data/lib/tcell_agent/appsensor/meta_data.rb +71 -0
  7. data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +5 -2
  8. data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +1 -1
  9. data/lib/tcell_agent/appsensor/sensor.rb +48 -0
  10. data/lib/tcell_agent/configuration.rb +15 -2
  11. data/lib/tcell_agent/instrumentation.rb +3 -2
  12. data/lib/tcell_agent/logger.rb +19 -3
  13. data/lib/tcell_agent/patches.rb +26 -0
  14. data/lib/tcell_agent/patches/block_rule.rb +58 -0
  15. data/lib/tcell_agent/patches/meta_data.rb +54 -0
  16. data/lib/tcell_agent/patches/sensors_matcher.rb +30 -0
  17. data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +4 -0
  18. data/lib/tcell_agent/policies/appsensor/database_sensor.rb +7 -3
  19. data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +4 -0
  20. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +32 -38
  21. data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +4 -4
  22. data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +4 -0
  23. data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +3 -1
  24. data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -3
  25. data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +4 -0
  26. data/lib/tcell_agent/policies/appsensor/size_sensor.rb +9 -3
  27. data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +3 -3
  28. data/lib/tcell_agent/policies/appsensor_policy.rb +55 -131
  29. data/lib/tcell_agent/policies/content_security_policy.rb +148 -137
  30. data/lib/tcell_agent/policies/patches_policy.rb +41 -13
  31. data/lib/tcell_agent/rails.rb +11 -109
  32. data/lib/tcell_agent/rails/auth/devise.rb +5 -1
  33. data/lib/tcell_agent/rails/dlp.rb +5 -2
  34. data/lib/tcell_agent/rails/dlp/process_request.rb +88 -0
  35. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
  36. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +3 -13
  37. data/lib/tcell_agent/rails/on_start.rb +5 -101
  38. data/lib/tcell_agent/rails/routes.rb +240 -81
  39. data/lib/tcell_agent/rails/routes/grape.rb +113 -0
  40. data/lib/tcell_agent/rails/routes/route_id.rb +29 -0
  41. data/lib/tcell_agent/sensor_events/app_config.rb +21 -13
  42. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -26
  43. data/lib/tcell_agent/servers/passenger.rb +10 -0
  44. data/lib/tcell_agent/start_background_thread.rb +82 -0
  45. data/lib/tcell_agent/utils/params.rb +1 -1
  46. data/lib/tcell_agent/version.rb +1 -1
  47. data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +504 -0
  48. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +222 -0
  49. data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +7 -13
  50. data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +18 -18
  51. data/spec/lib/tcell_agent/patches/block_rule_spec.rb +381 -0
  52. data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +35 -0
  53. data/spec/lib/tcell_agent/patches_spec.rb +156 -0
  54. data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +21 -10
  55. data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +20 -9
  56. data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +44 -9
  57. data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
  58. data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +13 -13
  59. data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +5 -5
  60. data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +20 -9
  61. data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +24 -14
  62. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +243 -241
  63. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +128 -200
  64. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +126 -55
  65. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +485 -24
  66. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +5 -0
  67. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -2
  68. data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +294 -0
  69. data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +80 -0
  70. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +182 -0
  71. metadata +30 -7
  72. data/lib/tcell_agent/policies/appsensor/login_sensor.rb +0 -39
  73. data/lib/tcell_agent/policies/appsensor/sensor.rb +0 -46
  74. data/lib/tcell_agent/rails/path_parameters_setter.rb +0 -43
  75. data/spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb +0 -104
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb CHANGED
@@ -20,7 +20,7 @@ module TCellAgent
20
20
 
21
21
  context "that has empty options" do
22
22
  it "should have all sensors disabled" do
23
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
23
+ expect_any_instance_of(AppSensorRuleManager).to_not receive(:instance)
24
24
 
25
25
  policy_json_empty = {
26
26
  "policy_id" => "01a1",
@@ -33,9 +33,9 @@ module TCellAgent
33
33
 
34
34
  expect(empty_policy.policy_id).to eq("01a1")
35
35
  expect(empty_policy.enabled).to eq(false)
36
- expect(empty_policy.payloads_policy).to_not be_nil
37
- expect(empty_policy.payloads_policy.send_payloads).to eq(false)
38
- expect(empty_policy.payloads_policy.log_payloads).to eq(false)
36
+ expect(empty_policy.injections_reporter.payloads_policy).to_not be_nil
37
+ expect(empty_policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
38
+ expect(empty_policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
39
39
  expect(empty_policy.options["req_size"]).to be_nil
40
40
  expect(empty_policy.options["resp_size"]).to be_nil
41
41
  expect(empty_policy.options["resp_codes"]).to be_nil
@@ -45,7 +45,6 @@ module TCellAgent
45
45
  expect(empty_policy.options["fpt"]).to be_nil
46
46
  expect(empty_policy.options["nullbyte"]).to be_nil
47
47
  expect(empty_policy.options["retr"]).to be_nil
48
- expect(empty_policy.options["login"]).to be_nil
49
48
  expect(empty_policy.options["ua"]).to be_nil
50
49
  expect(empty_policy.options["errors"]).to be_nil
51
50
  expect(empty_policy.options["database"]).to be_nil
@@ -54,7 +53,7 @@ module TCellAgent
54
53
 
55
54
  context "that has no options" do
56
55
  it "should have all sensors disabled" do
57
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
56
+ expect(AppSensorRuleManager).to_not receive(:instance)
58
57
 
59
58
  policy_json_empty = {
60
59
  "policy_id" => "01a1",
@@ -66,9 +65,9 @@ module TCellAgent
66
65
 
67
66
  expect(empty_policy.policy_id).to eq("01a1")
68
67
  expect(empty_policy.enabled).to eq(false)
69
- expect(empty_policy.payloads_policy).to_not be_nil
70
- expect(empty_policy.payloads_policy.send_payloads).to eq(false)
71
- expect(empty_policy.payloads_policy.log_payloads).to eq(false)
68
+ expect(empty_policy.injections_reporter.payloads_policy).to_not be_nil
69
+ expect(empty_policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
70
+ expect(empty_policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
72
71
  expect(empty_policy.options["req_size"]).to be_nil
73
72
  expect(empty_policy.options["resp_size"]).to be_nil
74
73
  expect(empty_policy.options["resp_codes"]).to be_nil
@@ -78,7 +77,6 @@ module TCellAgent
78
77
  expect(empty_policy.options["fpt"]).to be_nil
79
78
  expect(empty_policy.options["nullbyte"]).to be_nil
80
79
  expect(empty_policy.options["retr"]).to be_nil
81
- expect(empty_policy.options["login"]).to be_nil
82
80
  expect(empty_policy.options["ua"]).to be_nil
83
81
  expect(empty_policy.options["errors"]).to be_nil
84
82
  expect(empty_policy.options["database"]).to be_nil
@@ -87,7 +85,7 @@ module TCellAgent
87
85
 
88
86
  context "that only has null enabled" do
89
87
  it "should only have null enabled" do
90
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
88
+ expect(AppSensorRuleManager).to receive(:instance)
91
89
 
92
90
  policy_json = {
93
91
  "policy_id" => "01a1",
@@ -100,52 +98,28 @@ module TCellAgent
100
98
 
101
99
  expect(policy.policy_id).to eq("01a1")
102
100
  expect(policy.enabled).to eq(true)
103
- expect(policy.payloads_policy).to_not be_nil
104
- expect(policy.payloads_policy.send_payloads).to eq(true)
105
- expect(policy.payloads_policy.log_payloads).to eq(true)
101
+ expect(policy.injections_reporter.payloads_policy).to_not be_nil
102
+ expect(policy.injections_reporter.payloads_policy.send_payloads).to eq(true)
103
+ expect(policy.injections_reporter.payloads_policy.log_payloads).to eq(true)
106
104
  expect(policy.options["req_size"]).to_not be_nil
107
105
  expect(policy.options["resp_size"]).to_not be_nil
108
106
  expect(policy.options["resp_codes"]).to_not be_nil
109
- expect(policy.options["xss"]).to_not be_nil
110
- expect(policy.options["sqli"]).to_not be_nil
111
- expect(policy.options["cmdi"]).to_not be_nil
112
- expect(policy.options["fpt"]).to_not be_nil
113
- expect(policy.options["nullbyte"]).to_not be_nil
114
- expect(policy.options["retr"]).to_not be_nil
115
- expect(policy.options["login"]).to_not be_nil
116
107
  expect(policy.options["ua"]).to_not be_nil
117
108
  expect(policy.options["errors"]).to_not be_nil
118
109
  expect(policy.options["database"]).to_not be_nil
119
110
 
120
- expect(policy.options["req_size"].enabled).to eq(false)
121
- expect(policy.options["resp_size"].enabled).to eq(false)
122
- expect(policy.options["resp_codes"].enabled).to eq(false)
123
- expect(policy.options["xss"].enabled).to eq(false)
124
- expect(policy.options["sqli"].enabled).to eq(false)
125
- expect(policy.options["cmdi"].enabled).to eq(false)
126
- expect(policy.options["fpt"].enabled).to eq(false)
127
- expect(policy.options["nullbyte"].enabled).to eq(true)
128
- expect(policy.options["retr"].enabled).to eq(false)
129
- expect(policy.options["login"].enabled).to eq(false)
130
- expect(policy.options["ua"].enabled).to eq(false)
131
- expect(policy.options["ua"].empty_enabled).to eq(false)
132
- expect(policy.options["errors"].enabled).to eq(false)
133
- expect(policy.options["errors"].csrf_exception_enabled).to eq(false)
134
- expect(policy.options["errors"].sql_exception_enabled).to eq(false)
135
- expect(policy.options["database"].enabled).to eq(false)
136
-
137
- expect(policy.options["xss"].v1_compatability_enabled).to eq(true)
138
- expect(policy.options["sqli"].v1_compatability_enabled).to eq(true)
139
- expect(policy.options["cmdi"].v1_compatability_enabled).to eq(true)
140
- expect(policy.options["fpt"].v1_compatability_enabled).to eq(true)
141
- expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(true)
142
- expect(policy.options["retr"].v1_compatability_enabled).to eq(true)
111
+ injections_matcher = policy.injections_reporter.injections_matcher
112
+ expect(injections_matcher).to_not be_nil
113
+ expect(injections_matcher.sensors.size).to eq(1)
114
+ expect(injections_matcher.sensors[0].detection_point).to eq("null")
115
+ expect(injections_matcher.sensors[0].enabled).to eq(true)
116
+ expect(injections_matcher.sensors[0].v1_compatability_enabled).to eq(true)
143
117
  end
144
118
  end
145
119
 
146
120
  context "that only has xss enabled" do
147
121
  it "should only have xss enabled" do
148
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
122
+ expect(AppSensorRuleManager).to receive(:instance)
149
123
 
150
124
  policy_json = {
151
125
  "policy_id" => "01a1",
@@ -158,18 +132,11 @@ module TCellAgent
158
132
 
159
133
  expect(empty_policy.policy_id).to eq("01a1")
160
134
  expect(empty_policy.enabled).to eq(true)
161
- expect(empty_policy.payloads_policy.send_payloads).to eq(true)
162
- expect(empty_policy.payloads_policy.log_payloads).to eq(true)
135
+ expect(empty_policy.injections_reporter.payloads_policy.send_payloads).to eq(true)
136
+ expect(empty_policy.injections_reporter.payloads_policy.log_payloads).to eq(true)
163
137
  expect(empty_policy.options["req_size"]).to_not be_nil
164
138
  expect(empty_policy.options["resp_size"]).to_not be_nil
165
139
  expect(empty_policy.options["resp_codes"]).to_not be_nil
166
- expect(empty_policy.options["xss"]).to_not be_nil
167
- expect(empty_policy.options["sqli"]).to_not be_nil
168
- expect(empty_policy.options["cmdi"]).to_not be_nil
169
- expect(empty_policy.options["fpt"]).to_not be_nil
170
- expect(empty_policy.options["nullbyte"]).to_not be_nil
171
- expect(empty_policy.options["retr"]).to_not be_nil
172
- expect(empty_policy.options["login"]).to_not be_nil
173
140
  expect(empty_policy.options["ua"]).to_not be_nil
174
141
  expect(empty_policy.options["errors"]).to_not be_nil
175
142
  expect(empty_policy.options["database"]).to_not be_nil
@@ -177,13 +144,6 @@ module TCellAgent
177
144
  expect(empty_policy.options["req_size"].enabled).to eq(false)
178
145
  expect(empty_policy.options["resp_size"].enabled).to eq(false)
179
146
  expect(empty_policy.options["resp_codes"].enabled).to eq(false)
180
- expect(empty_policy.options["xss"].enabled).to eq(true)
181
- expect(empty_policy.options["sqli"].enabled).to eq(false)
182
- expect(empty_policy.options["cmdi"].enabled).to eq(false)
183
- expect(empty_policy.options["fpt"].enabled).to eq(false)
184
- expect(empty_policy.options["nullbyte"].enabled).to eq(false)
185
- expect(empty_policy.options["retr"].enabled).to eq(false)
186
- expect(empty_policy.options["login"].enabled).to eq(false)
187
147
  expect(empty_policy.options["ua"].enabled).to eq(false)
188
148
  expect(empty_policy.options["ua"].empty_enabled).to eq(false)
189
149
  expect(empty_policy.options["errors"].enabled).to eq(false)
@@ -191,18 +151,18 @@ module TCellAgent
191
151
  expect(empty_policy.options["errors"].sql_exception_enabled).to eq(false)
192
152
  expect(empty_policy.options["database"].enabled).to eq(false)
193
153
 
194
- expect(empty_policy.options["xss"].v1_compatability_enabled).to eq(true)
195
- expect(empty_policy.options["sqli"].v1_compatability_enabled).to eq(true)
196
- expect(empty_policy.options["cmdi"].v1_compatability_enabled).to eq(true)
197
- expect(empty_policy.options["fpt"].v1_compatability_enabled).to eq(true)
198
- expect(empty_policy.options["nullbyte"].v1_compatability_enabled).to eq(true)
199
- expect(empty_policy.options["retr"].v1_compatability_enabled).to eq(true)
154
+ injections_matcher = empty_policy.injections_reporter.injections_matcher
155
+ expect(injections_matcher).to_not be_nil
156
+ expect(injections_matcher.sensors.size).to eq(1)
157
+ expect(injections_matcher.sensors[0].detection_point).to eq("xss")
158
+ expect(injections_matcher.sensors[0].enabled).to eq(true)
159
+ expect(injections_matcher.sensors[0].v1_compatability_enabled).to eq(true)
200
160
  end
201
161
  end
202
162
 
203
163
  context "that has everything enabled" do
204
164
  it "should have all sensors enabled" do
205
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
165
+ expect(AppSensorRuleManager).to receive(:instance).exactly(6).times
206
166
 
207
167
  policy_json = {
208
168
  "policy_id" => "01a1",
@@ -215,8 +175,7 @@ module TCellAgent
215
175
  "cmdi"=>true,
216
176
  "fpt"=>true,
217
177
  "null"=>true,
218
- "retr"=>true,
219
- "login_failure"=>true
178
+ "retr"=>true
220
179
  }
221
180
  }
222
181
  }
@@ -225,18 +184,12 @@ module TCellAgent
225
184
 
226
185
  expect(policy.policy_id).to eq("01a1")
227
186
  expect(policy.enabled).to eq(true)
228
- expect(policy.payloads_policy.send_payloads).to eq(true)
229
- expect(policy.payloads_policy.log_payloads).to eq(true)
187
+ expect(policy.injections_reporter.payloads_policy.send_payloads).to eq(true)
188
+ expect(policy.injections_reporter.payloads_policy.log_payloads).to eq(true)
230
189
  expect(policy.options["req_size"]).to_not be_nil
231
190
  expect(policy.options["resp_size"]).to_not be_nil
232
191
  expect(policy.options["resp_codes"]).to_not be_nil
233
- expect(policy.options["xss"]).to_not be_nil
234
- expect(policy.options["sqli"]).to_not be_nil
235
- expect(policy.options["cmdi"]).to_not be_nil
236
- expect(policy.options["fpt"]).to_not be_nil
237
- expect(policy.options["nullbyte"]).to_not be_nil
238
- expect(policy.options["retr"]).to_not be_nil
239
- expect(policy.options["login"]).to_not be_nil
192
+
240
193
  expect(policy.options["ua"]).to_not be_nil
241
194
  expect(policy.options["errors"]).to_not be_nil
242
195
  expect(policy.options["database"]).to_not be_nil
@@ -244,13 +197,6 @@ module TCellAgent
244
197
  expect(policy.options["req_size"].enabled).to eq(true)
245
198
  expect(policy.options["resp_size"].enabled).to eq(true)
246
199
  expect(policy.options["resp_codes"].enabled).to eq(true)
247
- expect(policy.options["xss"].enabled).to eq(true)
248
- expect(policy.options["sqli"].enabled).to eq(true)
249
- expect(policy.options["cmdi"].enabled).to eq(true)
250
- expect(policy.options["fpt"].enabled).to eq(true)
251
- expect(policy.options["nullbyte"].enabled).to eq(true)
252
- expect(policy.options["retr"].enabled).to eq(true)
253
- expect(policy.options["login"].enabled).to eq(true)
254
200
  expect(policy.options["ua"].enabled).to eq(false)
255
201
  expect(policy.options["ua"].empty_enabled).to eq(false)
256
202
  expect(policy.options["errors"].enabled).to eq(false)
@@ -258,12 +204,31 @@ module TCellAgent
258
204
  expect(policy.options["errors"].sql_exception_enabled).to eq(false)
259
205
  expect(policy.options["database"].enabled).to eq(false)
260
206
 
261
- expect(policy.options["xss"].v1_compatability_enabled).to eq(true)
262
- expect(policy.options["sqli"].v1_compatability_enabled).to eq(true)
263
- expect(policy.options["cmdi"].v1_compatability_enabled).to eq(true)
264
- expect(policy.options["fpt"].v1_compatability_enabled).to eq(true)
265
- expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(true)
266
- expect(policy.options["retr"].v1_compatability_enabled).to eq(true)
207
+ injections_matcher = policy.injections_reporter.injections_matcher
208
+ expect(injections_matcher).to_not be_nil
209
+ expect(injections_matcher.sensors.size).to eq(6)
210
+
211
+ sorted_sensors = injections_matcher.sensors.sort do
212
+ |a,b| a.detection_point <=> b.detection_point
213
+ end
214
+ expect(sorted_sensors[0].detection_point).to eq("cmdi")
215
+ expect(sorted_sensors[0].enabled).to eq(true)
216
+ expect(sorted_sensors[0].v1_compatability_enabled).to eq(true)
217
+ expect(sorted_sensors[1].detection_point).to eq("fpt")
218
+ expect(sorted_sensors[1].enabled).to eq(true)
219
+ expect(sorted_sensors[1].v1_compatability_enabled).to eq(true)
220
+ expect(sorted_sensors[2].detection_point).to eq("null")
221
+ expect(sorted_sensors[2].enabled).to eq(true)
222
+ expect(sorted_sensors[2].v1_compatability_enabled).to eq(true)
223
+ expect(sorted_sensors[3].detection_point).to eq("retr")
224
+ expect(sorted_sensors[3].enabled).to eq(true)
225
+ expect(sorted_sensors[3].v1_compatability_enabled).to eq(true)
226
+ expect(sorted_sensors[4].detection_point).to eq("sqli")
227
+ expect(sorted_sensors[4].enabled).to eq(true)
228
+ expect(sorted_sensors[4].v1_compatability_enabled).to eq(true)
229
+ expect(sorted_sensors[5].detection_point).to eq("xss")
230
+ expect(sorted_sensors[5].enabled).to eq(true)
231
+ expect(sorted_sensors[5].v1_compatability_enabled).to eq(true)
267
232
  end
268
233
  end
269
234
  end
@@ -282,7 +247,7 @@ module TCellAgent
282
247
 
283
248
  context "that has no sensors" do
284
249
  it "should have all sensors disabled" do
285
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
250
+ expect(AppSensorRuleManager).to_not receive(:instance)
286
251
 
287
252
  policy_json_empty = {
288
253
  "policy_id" => "01a1",
@@ -295,28 +260,25 @@ module TCellAgent
295
260
 
296
261
  expect(empty_policy.policy_id).to eq("01a1")
297
262
  expect(empty_policy.enabled).to eq(false)
298
- expect(empty_policy.payloads_policy).to_not be_nil
299
- expect(empty_policy.payloads_policy.send_payloads).to eq(false)
300
- expect(empty_policy.payloads_policy.log_payloads).to eq(false)
263
+ expect(empty_policy.injections_reporter.payloads_policy).to_not be_nil
264
+ expect(empty_policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
265
+ expect(empty_policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
301
266
  expect(empty_policy.options["req_size"]).to be_nil
302
267
  expect(empty_policy.options["resp_size"]).to be_nil
303
268
  expect(empty_policy.options["resp_codes"]).to be_nil
304
- expect(empty_policy.options["xss"]).to be_nil
305
- expect(empty_policy.options["sqli"]).to be_nil
306
- expect(empty_policy.options["cmdi"]).to be_nil
307
- expect(empty_policy.options["fpt"]).to be_nil
308
- expect(empty_policy.options["nullbyte"]).to be_nil
309
- expect(empty_policy.options["retr"]).to be_nil
310
- expect(empty_policy.options["login"]).to be_nil
311
269
  expect(empty_policy.options["ua"]).to be_nil
312
270
  expect(empty_policy.options["errors"]).to be_nil
313
271
  expect(empty_policy.options["database"]).to be_nil
272
+
273
+ injections_matcher = empty_policy.injections_reporter.injections_matcher
274
+ expect(injections_matcher).to_not be_nil
275
+ expect(injections_matcher.sensors.size).to eq(0)
314
276
  end
315
277
  end
316
278
 
317
279
  context "that has empty sensors" do
318
280
  it "should have all sensors disabled" do
319
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
281
+ expect(AppSensorRuleManager).to_not receive(:instance)
320
282
 
321
283
  policy_json_empty = {
322
284
  "policy_id" => "01a1",
@@ -330,28 +292,25 @@ module TCellAgent
330
292
 
331
293
  expect(empty_policy.policy_id).to eq("01a1")
332
294
  expect(empty_policy.enabled).to eq(false)
333
- expect(empty_policy.payloads_policy).to_not be_nil
334
- expect(empty_policy.payloads_policy.send_payloads).to eq(false)
335
- expect(empty_policy.payloads_policy.log_payloads).to eq(false)
295
+ expect(empty_policy.injections_reporter.payloads_policy).to_not be_nil
296
+ expect(empty_policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
297
+ expect(empty_policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
336
298
  expect(empty_policy.options["req_size"]).to be_nil
337
299
  expect(empty_policy.options["resp_size"]).to be_nil
338
300
  expect(empty_policy.options["resp_codes"]).to be_nil
339
- expect(empty_policy.options["xss"]).to be_nil
340
- expect(empty_policy.options["sqli"]).to be_nil
341
- expect(empty_policy.options["cmdi"]).to be_nil
342
- expect(empty_policy.options["fpt"]).to be_nil
343
- expect(empty_policy.options["nullbyte"]).to be_nil
344
- expect(empty_policy.options["retr"]).to be_nil
345
- expect(empty_policy.options["login"]).to be_nil
346
301
  expect(empty_policy.options["ua"]).to be_nil
347
302
  expect(empty_policy.options["errors"]).to be_nil
348
303
  expect(empty_policy.options["database"]).to be_nil
304
+
305
+ injections_matcher = empty_policy.injections_reporter.injections_matcher
306
+ expect(injections_matcher).to_not be_nil
307
+ expect(injections_matcher.sensors.size).to eq(0)
349
308
  end
350
309
  end
351
310
 
352
311
  context "that only has null enabled" do
353
312
  it "should only have null enabled" do
354
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
313
+ expect(AppSensorRuleManager).to receive(:instance)
355
314
 
356
315
  policy_json = {
357
316
  "policy_id" => "01a1",
@@ -368,19 +327,13 @@ module TCellAgent
368
327
  policy = AppSensorPolicy.from_json(policy_json)
369
328
 
370
329
  expect(policy.policy_id).to eq("01a1")
371
- expect(policy.payloads_policy).to_not be_nil
372
- expect(policy.payloads_policy.send_payloads).to eq(false)
373
- expect(policy.payloads_policy.log_payloads).to eq(false)
330
+ expect(policy.injections_reporter.payloads_policy).to_not be_nil
331
+ expect(policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
332
+ expect(policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
374
333
  expect(policy.options["req_size"]).to_not be_nil
375
334
  expect(policy.options["resp_size"]).to_not be_nil
376
335
  expect(policy.options["resp_codes"]).to_not be_nil
377
- expect(policy.options["xss"]).to_not be_nil
378
- expect(policy.options["sqli"]).to_not be_nil
379
- expect(policy.options["cmdi"]).to_not be_nil
380
- expect(policy.options["fpt"]).to_not be_nil
381
- expect(policy.options["nullbyte"]).to_not be_nil
382
- expect(policy.options["retr"]).to_not be_nil
383
- expect(policy.options["login"]).to_not be_nil
336
+
384
337
  expect(policy.options["ua"]).to_not be_nil
385
338
  expect(policy.options["errors"]).to_not be_nil
386
339
  expect(policy.options["database"]).to_not be_nil
@@ -388,13 +341,6 @@ module TCellAgent
388
341
  expect(policy.options["req_size"].enabled).to eq(false)
389
342
  expect(policy.options["resp_size"].enabled).to eq(false)
390
343
  expect(policy.options["resp_codes"].enabled).to eq(false)
391
- expect(policy.options["xss"].enabled).to eq(false)
392
- expect(policy.options["sqli"].enabled).to eq(false)
393
- expect(policy.options["cmdi"].enabled).to eq(false)
394
- expect(policy.options["fpt"].enabled).to eq(false)
395
- expect(policy.options["nullbyte"].enabled).to eq(true)
396
- expect(policy.options["retr"].enabled).to eq(false)
397
- expect(policy.options["login"].enabled).to eq(false)
398
344
  expect(policy.options["ua"].enabled).to eq(false)
399
345
  expect(policy.options["ua"].empty_enabled).to eq(false)
400
346
  expect(policy.options["errors"].enabled).to eq(false)
@@ -402,18 +348,18 @@ module TCellAgent
402
348
  expect(policy.options["errors"].sql_exception_enabled).to eq(false)
403
349
  expect(policy.options["database"].enabled).to eq(false)
404
350
 
405
- expect(policy.options["xss"].v1_compatability_enabled).to eq(false)
406
- expect(policy.options["sqli"].v1_compatability_enabled).to eq(false)
407
- expect(policy.options["cmdi"].v1_compatability_enabled).to eq(false)
408
- expect(policy.options["fpt"].v1_compatability_enabled).to eq(false)
409
- expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(false)
410
- expect(policy.options["retr"].v1_compatability_enabled).to eq(false)
351
+ injections_matcher = policy.injections_reporter.injections_matcher
352
+ expect(injections_matcher).to_not be_nil
353
+ expect(injections_matcher.sensors.size).to eq(1)
354
+ expect(injections_matcher.sensors[0].detection_point).to eq("null")
355
+ expect(injections_matcher.sensors[0].enabled).to eq(true)
356
+ expect(injections_matcher.sensors[0].v1_compatability_enabled).to eq(false)
411
357
  end
412
358
  end
413
359
 
414
360
  context "that only has xss enabled" do
415
361
  it "should only have xss enabled" do
416
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
362
+ expect(AppSensorRuleManager).to receive(:instance)
417
363
 
418
364
  policy_json = {
419
365
  "policy_id" => "01a1",
@@ -434,19 +380,12 @@ module TCellAgent
434
380
  policy = AppSensorPolicy.from_json(policy_json)
435
381
 
436
382
  expect(policy.policy_id).to eq("01a1")
437
- expect(policy.payloads_policy).to_not be_nil
438
- expect(policy.payloads_policy.send_payloads).to eq(false)
439
- expect(policy.payloads_policy.log_payloads).to eq(false)
383
+ expect(policy.injections_reporter.payloads_policy).to_not be_nil
384
+ expect(policy.injections_reporter.payloads_policy.send_payloads).to eq(false)
385
+ expect(policy.injections_reporter.payloads_policy.log_payloads).to eq(false)
440
386
  expect(policy.options["req_size"]).to_not be_nil
441
387
  expect(policy.options["resp_size"]).to_not be_nil
442
388
  expect(policy.options["resp_codes"]).to_not be_nil
443
- expect(policy.options["xss"]).to_not be_nil
444
- expect(policy.options["sqli"]).to_not be_nil
445
- expect(policy.options["cmdi"]).to_not be_nil
446
- expect(policy.options["fpt"]).to_not be_nil
447
- expect(policy.options["nullbyte"]).to_not be_nil
448
- expect(policy.options["retr"]).to_not be_nil
449
- expect(policy.options["login"]).to_not be_nil
450
389
  expect(policy.options["ua"]).to_not be_nil
451
390
  expect(policy.options["errors"]).to_not be_nil
452
391
  expect(policy.options["database"]).to_not be_nil
@@ -454,13 +393,6 @@ module TCellAgent
454
393
  expect(policy.options["req_size"].enabled).to eq(false)
455
394
  expect(policy.options["resp_size"].enabled).to eq(false)
456
395
  expect(policy.options["resp_codes"].enabled).to eq(false)
457
- expect(policy.options["xss"].enabled).to eq(true)
458
- expect(policy.options["sqli"].enabled).to eq(false)
459
- expect(policy.options["cmdi"].enabled).to eq(false)
460
- expect(policy.options["fpt"].enabled).to eq(false)
461
- expect(policy.options["nullbyte"].enabled).to eq(false)
462
- expect(policy.options["retr"].enabled).to eq(false)
463
- expect(policy.options["login"].enabled).to eq(false)
464
396
  expect(policy.options["ua"].enabled).to eq(false)
465
397
  expect(policy.options["ua"].empty_enabled).to eq(false)
466
398
  expect(policy.options["errors"].enabled).to eq(false)
@@ -468,18 +400,18 @@ module TCellAgent
468
400
  expect(policy.options["errors"].sql_exception_enabled).to eq(false)
469
401
  expect(policy.options["database"].enabled).to eq(false)
470
402
 
471
- expect(policy.options["xss"].v1_compatability_enabled).to eq(false)
472
- expect(policy.options["sqli"].v1_compatability_enabled).to eq(false)
473
- expect(policy.options["cmdi"].v1_compatability_enabled).to eq(false)
474
- expect(policy.options["fpt"].v1_compatability_enabled).to eq(false)
475
- expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(false)
476
- expect(policy.options["retr"].v1_compatability_enabled).to eq(false)
403
+ injections_matcher = policy.injections_reporter.injections_matcher
404
+ expect(injections_matcher).to_not be_nil
405
+ expect(injections_matcher.sensors.size).to eq(1)
406
+ expect(injections_matcher.sensors[0].detection_point).to eq("xss")
407
+ expect(injections_matcher.sensors[0].enabled).to eq(true)
408
+ expect(injections_matcher.sensors[0].v1_compatability_enabled).to eq(false)
477
409
  end
478
410
  end
479
411
 
480
412
  context "that has everything enabled" do
481
413
  it "should have all sensors enabled" do
482
- expect_any_instance_of(AppSensorRuleManager).to receive(:load_default_rules_file)
414
+ expect(AppSensorRuleManager).to receive(:instance).exactly(6).times
483
415
 
484
416
  policy_json = {
485
417
  "policy_id" => "01a1",
@@ -546,13 +478,6 @@ module TCellAgent
546
478
  "ua" => {
547
479
  "empty_enabled" => true,
548
480
  },
549
- "login" => {
550
- "lgnSccss_enabled" => true,
551
- "lgnFlr_enabled" => true,
552
- "psswdRstReq" => true,
553
- "psswdRstAttmpt" => true,
554
- "psswdRst" => true
555
- },
556
481
  "errors" => {
557
482
  "csrf_exception_enabled" => true,
558
483
  "sql_exception_enabled" => true
@@ -569,17 +494,11 @@ module TCellAgent
569
494
  policy = AppSensorPolicy.from_json(policy_json)
570
495
 
571
496
  expect(policy.policy_id).to eq("01a1")
572
- expect(policy.payloads_policy).to_not be_nil
497
+ expect(policy.injections_reporter.payloads_policy).to_not be_nil
573
498
  expect(policy.options["req_size"]).to_not be_nil
574
499
  expect(policy.options["resp_size"]).to_not be_nil
575
500
  expect(policy.options["resp_codes"]).to_not be_nil
576
- expect(policy.options["xss"]).to_not be_nil
577
- expect(policy.options["sqli"]).to_not be_nil
578
- expect(policy.options["cmdi"]).to_not be_nil
579
- expect(policy.options["fpt"]).to_not be_nil
580
- expect(policy.options["nullbyte"]).to_not be_nil
581
- expect(policy.options["retr"]).to_not be_nil
582
- expect(policy.options["login"]).to_not be_nil
501
+
583
502
  expect(policy.options["ua"]).to_not be_nil
584
503
  expect(policy.options["errors"]).to_not be_nil
585
504
  expect(policy.options["database"]).to_not be_nil
@@ -587,13 +506,6 @@ module TCellAgent
587
506
  expect(policy.options["req_size"].enabled).to eq(true)
588
507
  expect(policy.options["resp_size"].enabled).to eq(true)
589
508
  expect(policy.options["resp_codes"].enabled).to eq(true)
590
- expect(policy.options["xss"].enabled).to eq(true)
591
- expect(policy.options["sqli"].enabled).to eq(true)
592
- expect(policy.options["cmdi"].enabled).to eq(true)
593
- expect(policy.options["fpt"].enabled).to eq(true)
594
- expect(policy.options["nullbyte"].enabled).to eq(true)
595
- expect(policy.options["retr"].enabled).to eq(true)
596
- expect(policy.options["login"].enabled).to eq(true)
597
509
  expect(policy.options["ua"].enabled).to eq(true)
598
510
  expect(policy.options["ua"].empty_enabled).to eq(true)
599
511
  expect(policy.options["errors"].enabled).to eq(true)
@@ -602,27 +514,43 @@ module TCellAgent
602
514
  expect(policy.options["database"].enabled).to eq(true)
603
515
  expect(policy.options["database"].max_rows).to eq(10)
604
516
 
605
- expect(policy.options["xss"].v1_compatability_enabled).to eq(false)
606
- expect(policy.options["sqli"].v1_compatability_enabled).to eq(false)
607
- expect(policy.options["cmdi"].v1_compatability_enabled).to eq(false)
608
- expect(policy.options["fpt"].v1_compatability_enabled).to eq(false)
609
- expect(policy.options["nullbyte"].v1_compatability_enabled).to eq(false)
610
- expect(policy.options["retr"].v1_compatability_enabled).to eq(false)
611
-
612
- expect(policy.payloads_policy.send_payloads).to eq(true)
613
- expect(policy.payloads_policy.send_blacklist).to eq({
517
+ expect(policy.injections_reporter.payloads_policy.send_payloads).to eq(true)
518
+ expect(policy.injections_reporter.payloads_policy.send_blacklist).to eq({
614
519
  "jsessionid" => Set.new(["cookie"]),
615
520
  "ssn" => Set.new(["*"]),
616
521
  "password" => Set.new(["*"])
617
522
  })
618
- expect(policy.payloads_policy.use_send_whitelist).to eq(true)
619
- expect(policy.payloads_policy.send_whitelist).to eq({})
620
- expect(policy.payloads_policy.log_payloads).to eq(true)
621
- expect(policy.payloads_policy.log_blacklist).to eq({})
622
- expect(policy.payloads_policy.use_log_whitelist).to eq(true)
623
- expect(policy.payloads_policy.log_whitelist).to eq({
523
+ expect(policy.injections_reporter.payloads_policy.use_send_whitelist).to eq(true)
524
+ expect(policy.injections_reporter.payloads_policy.send_whitelist).to eq({})
525
+ expect(policy.injections_reporter.payloads_policy.log_payloads).to eq(true)
526
+ expect(policy.injections_reporter.payloads_policy.log_blacklist).to eq({})
527
+ expect(policy.injections_reporter.payloads_policy.use_log_whitelist).to eq(true)
528
+ expect(policy.injections_reporter.payloads_policy.log_whitelist).to eq({
624
529
  "username" => Set.new(["*"]),
625
530
  })
531
+
532
+ injections_matcher = policy.injections_reporter.injections_matcher
533
+ sorted_sensors = injections_matcher.sensors.sort do
534
+ |a,b| a.detection_point <=> b.detection_point
535
+ end
536
+ expect(sorted_sensors[0].detection_point).to eq("cmdi")
537
+ expect(sorted_sensors[0].enabled).to eq(true)
538
+ expect(sorted_sensors[0].v1_compatability_enabled).to eq(false)
539
+ expect(sorted_sensors[1].detection_point).to eq("fpt")
540
+ expect(sorted_sensors[1].enabled).to eq(true)
541
+ expect(sorted_sensors[1].v1_compatability_enabled).to eq(false)
542
+ expect(sorted_sensors[2].detection_point).to eq("null")
543
+ expect(sorted_sensors[2].enabled).to eq(true)
544
+ expect(sorted_sensors[2].v1_compatability_enabled).to eq(false)
545
+ expect(sorted_sensors[3].detection_point).to eq("retr")
546
+ expect(sorted_sensors[3].enabled).to eq(true)
547
+ expect(sorted_sensors[3].v1_compatability_enabled).to eq(false)
548
+ expect(sorted_sensors[4].detection_point).to eq("sqli")
549
+ expect(sorted_sensors[4].enabled).to eq(true)
550
+ expect(sorted_sensors[4].v1_compatability_enabled).to eq(false)
551
+ expect(sorted_sensors[5].detection_point).to eq("xss")
552
+ expect(sorted_sensors[5].enabled).to eq(true)
553
+ expect(sorted_sensors[5].v1_compatability_enabled).to eq(false)
626
554
  end
627
555
  end
628
556