tcell_agent 0.2.21 → 0.2.22

Sign up to get free protection for your applications and to get access to all the features.
Files changed (75) hide show
  1. checksums.yaml +4 -4
  2. data/lib/tcell_agent.rb +1 -0
  3. data/lib/tcell_agent/api.rb +3 -2
  4. data/lib/tcell_agent/appsensor/injections_matcher.rb +137 -0
  5. data/lib/tcell_agent/appsensor/injections_reporter.rb +67 -0
  6. data/lib/tcell_agent/appsensor/meta_data.rb +71 -0
  7. data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +5 -2
  8. data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +1 -1
  9. data/lib/tcell_agent/appsensor/sensor.rb +48 -0
  10. data/lib/tcell_agent/configuration.rb +15 -2
  11. data/lib/tcell_agent/instrumentation.rb +3 -2
  12. data/lib/tcell_agent/logger.rb +19 -3
  13. data/lib/tcell_agent/patches.rb +26 -0
  14. data/lib/tcell_agent/patches/block_rule.rb +58 -0
  15. data/lib/tcell_agent/patches/meta_data.rb +54 -0
  16. data/lib/tcell_agent/patches/sensors_matcher.rb +30 -0
  17. data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +4 -0
  18. data/lib/tcell_agent/policies/appsensor/database_sensor.rb +7 -3
  19. data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +4 -0
  20. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +32 -38
  21. data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +4 -4
  22. data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +4 -0
  23. data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +3 -1
  24. data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -3
  25. data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +4 -0
  26. data/lib/tcell_agent/policies/appsensor/size_sensor.rb +9 -3
  27. data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +3 -3
  28. data/lib/tcell_agent/policies/appsensor_policy.rb +55 -131
  29. data/lib/tcell_agent/policies/content_security_policy.rb +148 -137
  30. data/lib/tcell_agent/policies/patches_policy.rb +41 -13
  31. data/lib/tcell_agent/rails.rb +11 -109
  32. data/lib/tcell_agent/rails/auth/devise.rb +5 -1
  33. data/lib/tcell_agent/rails/dlp.rb +5 -2
  34. data/lib/tcell_agent/rails/dlp/process_request.rb +88 -0
  35. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
  36. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +3 -13
  37. data/lib/tcell_agent/rails/on_start.rb +5 -101
  38. data/lib/tcell_agent/rails/routes.rb +240 -81
  39. data/lib/tcell_agent/rails/routes/grape.rb +113 -0
  40. data/lib/tcell_agent/rails/routes/route_id.rb +29 -0
  41. data/lib/tcell_agent/sensor_events/app_config.rb +21 -13
  42. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -26
  43. data/lib/tcell_agent/servers/passenger.rb +10 -0
  44. data/lib/tcell_agent/start_background_thread.rb +82 -0
  45. data/lib/tcell_agent/utils/params.rb +1 -1
  46. data/lib/tcell_agent/version.rb +1 -1
  47. data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +504 -0
  48. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +222 -0
  49. data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +7 -13
  50. data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +18 -18
  51. data/spec/lib/tcell_agent/patches/block_rule_spec.rb +381 -0
  52. data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +35 -0
  53. data/spec/lib/tcell_agent/patches_spec.rb +156 -0
  54. data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +21 -10
  55. data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +20 -9
  56. data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +44 -9
  57. data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
  58. data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +13 -13
  59. data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +5 -5
  60. data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +20 -9
  61. data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +24 -14
  62. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +243 -241
  63. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +128 -200
  64. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +126 -55
  65. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +485 -24
  66. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +5 -0
  67. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -2
  68. data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +294 -0
  69. data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +80 -0
  70. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +182 -0
  71. metadata +30 -7
  72. data/lib/tcell_agent/policies/appsensor/login_sensor.rb +0 -39
  73. data/lib/tcell_agent/policies/appsensor/sensor.rb +0 -46
  74. data/lib/tcell_agent/rails/path_parameters_setter.rb +0 -43
  75. data/spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb +0 -104
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb CHANGED
@@ -2,105 +2,176 @@ require 'spec_helper'
2
2
 
3
3
  module TCellAgent
4
4
  module Policies
5
+
5
6
  describe ContentSecurityPolicy do
6
- policy_json_empty = {
7
- "policy_id"=>"01a1",
8
- "data"=>{
9
- "options"=>{
7
+ context "test empty agent" do
8
+ it "enabled is false" do
9
+ policy_json_empty = {
10
+ "policy_id"=>"01a1",
11
+ "data"=>{
12
+ "options"=>{
10
13
 
14
+ }
15
+ }
11
16
  }
12
- }
13
- }
14
-
15
- policy_json_one = {
16
- "policy_id"=>"01a1",
17
- "data"=>{
18
- "options"=>{
19
- "js_agent_api_key"=>"000-000-1"
20
- }
21
- }
22
- }
23
17
 
24
- empty_policy = ContentSecurityPolicy.from_json(policy_json_empty)
25
- context "test empty agent" do
26
- it "enabled is false" do
18
+ empty_policy = ContentSecurityPolicy.from_json(policy_json_empty)
19
+
27
20
  expect(empty_policy.policy_id).to eq("01a1")
28
21
  expect(empty_policy.js_agent_api_key).to eq(nil)
29
22
  end
30
23
  end
31
24
 
32
- from_json = ContentSecurityPolicy.from_json(policy_json_one)
33
25
  context "tests xss is true and enabled true" do
34
26
  it "returns true" do
27
+ policy_json_one = {
28
+ "policy_id"=>"01a1",
29
+ "data"=>{
30
+ "options"=>{
31
+ "js_agent_api_key"=>"000-000-1"
32
+ }
33
+ }
34
+ }
35
+
36
+ from_json = ContentSecurityPolicy.from_json(policy_json_one)
37
+
35
38
  expect(from_json.policy_id).to eq("01a1")
36
39
  expect(from_json.js_agent_api_key).to eq("000-000-1")
37
40
  end
38
41
  end
39
- end
40
- describe ContentSecurityPolicy do
41
- content_security_policy_json = {
42
- "policy_id"=>"00a1",
43
- "headers"=>[
44
- {"name"=>"csp", "value"=>"csp header value"}
45
- ]
46
- }
47
- csp_from_json = ContentSecurityPolicy.from_json(content_security_policy_json)
42
+
48
43
  context "initialized with 3 items" do
49
44
  it "returns true" do
45
+ content_security_policy_json = {
46
+ "policy_id"=>"00a1",
47
+ "headers"=>[
48
+ {"name"=>"csp", "value"=>"csp header value"}
49
+ ]
50
+ }
51
+
52
+ csp_from_json = ContentSecurityPolicy.from_json(content_security_policy_json)
53
+
50
54
  expect(csp_from_json.policy_id).to eq("00a1")
51
55
  expect(csp_from_json.headers[0].type).to eq("csp")
52
56
  expect(csp_from_json.headers[0].value).to eq("csp header value")
53
57
  end
54
58
  end
59
+
55
60
  context "headers match up appropriately" do
56
61
  it "returns content-security-policy headers" do
57
62
  expect(ContentSecurityPolicy.cspHeadersForType("csp")).to match_array(["Content-Security-Policy"])
58
63
  end
59
64
  end
60
- end
61
- describe ContentSecurityPolicy do
62
- content_security_policy_json = {
63
- "policy_id"=>"01a1",
64
- "headers"=>[
65
- {"name"=>"csp-header-is-bad", "value"=>"csp header value"}
66
- ]
67
- }
68
- csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
65
+
69
66
  context "csp header example, invalid header" do
70
67
  it "returns false" do
68
+ content_security_policy_json = {
69
+ "policy_id"=>"01a1",
70
+ "headers"=>[
71
+ {"name"=>"csp-header-is-bad", "value"=>"csp header value"}
72
+ ]
73
+ }
74
+
75
+ csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
76
+
71
77
  expect(csp_policy.headers.length).to eq(0)
72
78
  end
73
79
  end
74
- end
75
- describe ContentSecurityPolicy do
76
- content_security_policy_json = {
77
- "policy_id"=>"01a1",
78
- "headers"=>[
79
- {"name"=>"csp", "value"=>"value123\\nabc"}
80
- ]
81
- }
82
- csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
80
+
83
81
  context "secure header, value is bad" do
84
82
  it "returns false" do
83
+ content_security_policy_json = {
84
+ "policy_id"=>"01a1",
85
+ "headers"=>[
86
+ {"name"=>"csp", "value"=>"value123\\nabc"}
87
+ ]
88
+ }
89
+ csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
85
90
  expect(csp_policy.headers.length).to eq(0)
86
91
  end
87
92
  end
88
- end
89
- describe ContentSecurityPolicy do
90
- content_security_policy_json = {
91
- "policy_id"=>"01a1",
92
- "headers"=>[
93
- {"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
94
- ]
95
- }
96
- csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
93
+
97
94
  context "secure header, report-uri seperate" do
98
95
  it "returns false" do
96
+ content_security_policy_json = {
97
+ "policy_id"=>"01a1",
98
+ "headers"=>[
99
+ {"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
100
+ ]
101
+ }
102
+
103
+ csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
104
+
99
105
  expect(csp_policy.headers.length).to eq(1)
100
106
  expect(csp_policy.headers[0].value).to eq("value normal; report-uri https://example.com/abcdde?c=-815891691")
101
107
  expect(csp_policy.headers[0].value("1","2","3")).to eq("value normal; report-uri https://example.com/abcdde?tid=1&sid=3&rid=2&c=1777384531")
102
108
  end
103
109
  end
110
+
111
+ context "modifying js_agent_url" do
112
+
113
+ context "csp header value does not include new js agent url" do
114
+ it "should have the configuration set to the default js_agent_url value" do
115
+ expect(TCellAgent.configuration.js_agent_url).to eq("https://api.tcell.io/tcellagent.min.js")
116
+
117
+ content_security_policy_json = {
118
+ "policy_id"=>"01a1",
119
+ "headers"=>[
120
+ {"name"=>"csp", "value"=>"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/"}
121
+ ]
122
+ }
123
+
124
+ csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
125
+
126
+ expect(csp_policy.headers.length).to eq(1)
127
+ expect(csp_policy.headers[0].value).to eq("script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/")
128
+ expect(TCellAgent.configuration.js_agent_url).to eq("https://api.tcell.io/tcellagent.min.js")
129
+ end
130
+ end
131
+
132
+ context "csp header value includes new js agent url" do
133
+ it "should have the configuration set to the default js_agent_url value" do
134
+ expect(TCellAgent.configuration.js_agent_url).to eq("https://api.tcell.io/tcellagent.min.js")
135
+
136
+ content_security_policy_json = {
137
+ "policy_id"=>"01a1",
138
+ "headers"=>[
139
+ {"name"=>"csp", "value"=>"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/"}
140
+ ]
141
+ }
142
+
143
+ csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
144
+
145
+ expect(csp_policy.headers.length).to eq(1)
146
+ expect(csp_policy.headers[0].value).to eq("script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/")
147
+ expect(TCellAgent.configuration.js_agent_url).to eq("https://jsagent.tcell.io/tcellagent.min.js")
148
+ end
149
+
150
+ context "but js_agent_url was not default" do
151
+ it "should not modify js_agent_url" do
152
+ TCellAgent.configuration.startup_js_agent_url = "https://www.customer-website.com/tcellagent.min.js"
153
+ TCellAgent.configuration.js_agent_url = "https://www.customer-website.com/tcellagent.min.js"
154
+ expect(TCellAgent.configuration.js_agent_url).to eq("https://www.customer-website.com/tcellagent.min.js")
155
+
156
+ content_security_policy_json = {
157
+ "policy_id"=>"01a1",
158
+ "headers"=>[
159
+ {"name"=>"csp", "value"=>"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/"}
160
+ ]
161
+ }
162
+
163
+ csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
164
+
165
+ expect(csp_policy.headers.length).to eq(1)
166
+ expect(csp_policy.headers[0].value).to eq("script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/")
167
+ expect(TCellAgent.configuration.js_agent_url).to eq("https://www.customer-website.com/tcellagent.min.js")
168
+
169
+ TCellAgent.configuration.startup_js_agent_url = "https://api.tcell.io/tcellagent.min.js"
170
+ TCellAgent.configuration.js_agent_url = "https://api.tcell.io/tcellagent.min.js"
171
+ end
172
+ end
173
+ end
174
+ end
104
175
  end
105
176
  end
106
177
  end
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb CHANGED
@@ -26,8 +26,8 @@ module TCellAgent
26
26
  patches = PatchesPolicy.from_json({ "policy_id" => "policy_id" })
27
27
  expect(patches.policy_id).to eq("policy_id")
28
28
  expect(patches.version).to be_nil
29
- expect(patches.ip_blocking_enabled).to eq(false)
30
- expect(patches.blocked_ips).to eq({})
29
+ expect(patches.enabled).to eq(false)
30
+ expect(patches.block_rules).to eq([])
31
31
  end
32
32
  end
33
33
 
@@ -39,12 +39,12 @@ module TCellAgent
39
39
  })
40
40
  expect(patches.policy_id).to eq("policy_id")
41
41
  expect(patches.version).to eq(1)
42
- expect(patches.ip_blocking_enabled).to eq(false)
43
- expect(patches.blocked_ips).to eq({})
42
+ expect(patches.enabled).to eq(false)
43
+ expect(patches.block_rules).to eq([])
44
44
  end
45
45
  end
46
46
 
47
- context "with an empty blocked_ips" do
47
+ context "with an empty block_rules" do
48
48
  it "should have disabled ip blocking" do
49
49
  patches = PatchesPolicy.from_json({
50
50
  "policy_id" => "policy_id",
@@ -53,8 +53,8 @@ module TCellAgent
53
53
  })
54
54
  expect(patches.policy_id).to eq("policy_id")
55
55
  expect(patches.version).to eq(1)
56
- expect(patches.ip_blocking_enabled).to eq(false)
57
- expect(patches.blocked_ips).to eq({})
56
+ expect(patches.enabled).to eq(false)
57
+ expect(patches.block_rules).to eq([])
58
58
  end
59
59
  end
60
60
 
@@ -70,8 +70,8 @@ module TCellAgent
70
70
  })
71
71
  expect(patches.policy_id).to eq("policy_id")
72
72
  expect(patches.version).to eq(1)
73
- expect(patches.ip_blocking_enabled).to eq(false)
74
- expect(patches.blocked_ips).to eq({})
73
+ expect(patches.enabled).to eq(false)
74
+ expect(patches.block_rules).to eq([])
75
75
  end
76
76
  end
77
77
 
@@ -87,28 +87,116 @@ module TCellAgent
87
87
  ]
88
88
  }
89
89
  })
90
+
91
+ expect(patches.policy_id).to eq("policy_id")
92
+ expect(patches.version).to eq(1)
93
+ expect(patches.enabled).to eq(true)
94
+ expect(patches.block_rules.size).to eq(1)
95
+ expect(patches.block_rules[0].ips).to eq(Set.new(["0.0.0.0", "1.1.1.1"]))
96
+ expect(patches.block_rules[0].rids).to eq(Set.new)
97
+ expect(patches.block_rules[0].action).to eq("block_403s")
98
+ end
99
+ end
100
+ end
101
+
102
+ context "with block_rules" do
103
+ context "as an empty list" do
104
+ it "should have ip blocking disabled" do
105
+ patches = PatchesPolicy.from_json({
106
+ "policy_id" => "policy_id",
107
+ "version" => 1,
108
+ "data" => {
109
+ "block_rules" => []
110
+ }
111
+ })
90
112
  expect(patches.policy_id).to eq("policy_id")
91
113
  expect(patches.version).to eq(1)
92
- expect(patches.ip_blocking_enabled).to eq(true)
93
- expect(patches.blocked_ips).to eq({"0.0.0.0"=>true, "1.1.1.1"=>true})
114
+ expect(patches.enabled).to eq(false)
115
+ expect(patches.block_rules).to eq([])
116
+ end
117
+ end
118
+
119
+ context "a non empty list" do
120
+ it "should have ip blocking enabled" do
121
+ block_rule_one = double("block_rule_one")
122
+ block_rule_dos = double("block_rule_dos")
123
+
124
+ expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
125
+ {"assume_this_is_well_formed" => "well_formed"}
126
+ ).and_return(block_rule_one)
127
+
128
+ expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
129
+ {"assume_this_is_well_formed_dos" => "well_formed_dos"}
130
+ ).and_return(block_rule_dos)
131
+
132
+ patches = PatchesPolicy.from_json({
133
+ "policy_id" => "policy_id",
134
+ "version" => 1,
135
+ "data" => {
136
+ "block_rules" => [
137
+ {"assume_this_is_well_formed" => "well_formed"},
138
+ {"assume_this_is_well_formed_dos" => "well_formed_dos"}
139
+ ]
140
+ }
141
+ })
142
+
143
+ expect(patches.policy_id).to eq("policy_id")
144
+ expect(patches.version).to eq(1)
145
+ expect(patches.enabled).to eq(true)
146
+ expect(patches.block_rules).to eq([block_rule_one, block_rule_dos])
147
+ end
148
+
149
+ context "with a malformed block rule" do
150
+ it "should ignore the block rule" do
151
+ expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
152
+ {"assume_this_is_ill_formed" => "ill_formed"}
153
+ ).and_return(nil)
154
+
155
+ patches = PatchesPolicy.from_json({
156
+ "policy_id" => "policy_id",
157
+ "version" => 1,
158
+ "data" => {
159
+ "block_rules" => [
160
+ {"assume_this_is_ill_formed" => "ill_formed"}
161
+ ]
162
+ }
163
+ })
164
+
165
+ expect(patches.policy_id).to eq("policy_id")
166
+ expect(patches.version).to eq(1)
167
+ expect(patches.enabled).to eq(false)
168
+ expect(patches.block_rules).to eq([])
169
+ end
94
170
  end
95
171
 
96
- context "with incorrect key names" do
97
- it "should skip bad keys" do
172
+ context "with a malformed block rule and a well formed block rule" do
173
+ it "should ignore the block rule" do
174
+ block_rule = double("block_rule")
175
+
176
+ expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
177
+ {"assume_this_is_ill_formed" => "ill_formed"}
178
+ ).and_return(nil)
179
+
180
+ expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
181
+ {"assume_this_is_well_formed" => "well_formed"}
182
+ ).and_return(block_rule)
183
+
98
184
  patches = PatchesPolicy.from_json({
99
185
  "policy_id" => "policy_id",
100
186
  "version" => 1,
101
187
  "data" => {
102
- "blocked_ips" => [
103
- {"ip_wrong" => "0.0.0.0"},
104
- {"ip" => "1.1.1.1"}
188
+ "block_rules" => [
189
+ {"assume_this_is_ill_formed" => "ill_formed"},
190
+ {"assume_this_is_well_formed" => "well_formed"}
105
191
  ]
106
192
  }
107
193
  })
194
+
195
+
108
196
  expect(patches.policy_id).to eq("policy_id")
109
197
  expect(patches.version).to eq(1)
110
- expect(patches.ip_blocking_enabled).to eq(true)
111
- expect(patches.blocked_ips).to eq({"1.1.1.1"=>true})
198
+ expect(patches.enabled).to eq(true)
199
+ expect(patches.block_rules).to eq([block_rule])
112
200
  end
113
201
  end
114
202
 
@@ -116,27 +204,400 @@ module TCellAgent
116
204
  it "should have ip blocking disabled" do
117
205
  logger = double("logger")
118
206
  expect(TCellAgent).to receive(:logger).and_return(logger)
119
- expect(logger).to receive(:warn).with("Patches Policy not supported: 2")
207
+ expect(logger).to receive(:error).with("Patches Policy not supported: 2")
208
+
209
+ expect(TCellAgent::Patches::BlockRule).to_not receive(:from_json)
120
210
 
121
211
  patches = PatchesPolicy.from_json({
122
212
  "policy_id" => "policy_id",
123
213
  "version" => 2,
124
214
  "data" => {
125
- "blocked_ips" => [
126
- {"ip" => "0.0.0.0"},
127
- {"ip" => "1.1.1.1"}
215
+ "block_rules" => [
216
+ {"assume_this_is_well_formed" => "well_formed"}
128
217
  ]
129
218
  }
130
219
  })
220
+
131
221
  expect(patches.policy_id).to eq("policy_id")
132
222
  expect(patches.version).to eq(2)
133
- expect(patches.ip_blocking_enabled).to eq(false)
134
- expect(patches.blocked_ips).to eq({})
223
+ expect(patches.enabled).to eq(false)
224
+ expect(patches.block_rules).to eq([])
135
225
  end
136
226
  end
137
227
  end
138
228
  end
229
+
230
+ context "with wiki examples" do
231
+ context "with example one" do
232
+ it "should be enabled" do
233
+ patches = TCellAgent::Policies::PatchesPolicy.from_json({
234
+ "version" => 1,
235
+ "policy_id" => "some uuid",
236
+ "data" => {
237
+ "block_rules" => [
238
+ {
239
+ "ips" => ["1.3.3.4"]
240
+ }
241
+ ]
242
+ }
243
+ })
244
+
245
+ expect(patches.enabled).to eq(true)
246
+ expect(patches.block_rules.size).to eq(1)
247
+ expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
248
+ expect(patches.block_rules[0].rids).to eq(Set.new)
249
+
250
+ injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
251
+ expect(injections_matcher.enabled).to eq(false)
252
+ expect(injections_matcher.sensors.size).to eq(0)
253
+
254
+ meta_data = TCellAgent::Patches::MetaData.new
255
+ meta_data.remote_address = "1.3.3.4"
256
+ expect(patches.apply(meta_data)).to eq(403)
257
+ end
258
+ end
259
+
260
+ context "with example two" do
261
+ it "should be enabled" do
262
+ patches = TCellAgent::Policies::PatchesPolicy.from_json({
263
+ "version" => 1,
264
+ "policy_id" => "some uuid",
265
+ "data" => {
266
+ "block_rules" => [
267
+ {
268
+ "rids" => ["123213","-3328888"]
269
+ }
270
+ ]
271
+ }
272
+ })
273
+
274
+ expect(patches.enabled).to eq(true)
275
+ expect(patches.block_rules.size).to eq(1)
276
+ expect(patches.block_rules[0].ips).to eq(Set.new)
277
+ expect(patches.block_rules[0].rids).to eq(Set.new(["123213", "-3328888"]))
278
+
279
+ injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
280
+ expect(injections_matcher.enabled).to eq(false)
281
+ expect(injections_matcher.sensors.size).to eq(0)
282
+
283
+ meta_data = TCellAgent::Patches::MetaData.new
284
+ meta_data.remote_address = "1.3.3.4"
285
+ expect(patches.apply(meta_data)).to eq(false)
286
+
287
+ meta_data = TCellAgent::Patches::MetaData.new
288
+ meta_data.remote_address = "1.3.3.4"
289
+ meta_data.route_id = "123213"
290
+ expect(patches.apply(meta_data)).to eq(403)
291
+
292
+ meta_data = TCellAgent::Patches::MetaData.new
293
+ meta_data.remote_address = "1.3.3.4"
294
+ meta_data.route_id = "-3328888"
295
+ expect(patches.apply(meta_data)).to eq(403)
296
+ end
297
+ end
298
+
299
+ context "with example three" do
300
+ it "should be enabled" do
301
+ patches = TCellAgent::Policies::PatchesPolicy.from_json({
302
+ "version" => 1,
303
+ "policy_id" => "some uuid",
304
+ "data" => {
305
+ "block_rules" => [
306
+ {
307
+ "ips" => ["1.3.3.4"],
308
+ "sensor_matches" => {
309
+ "xss" => {
310
+ "libinjection" => false,
311
+ "patterns" => ["1","2","8"],
312
+ "exclusions" => {
313
+ "bob" => ["*"]
314
+ }
315
+ }
316
+ }
317
+ }
318
+ ]
319
+ }
320
+ })
321
+
322
+ expect(patches.enabled).to eq(true)
323
+ expect(patches.block_rules.size).to eq(1)
324
+ expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
325
+ expect(patches.block_rules[0].rids).to eq(Set.new)
326
+
327
+ injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
328
+ expect(injections_matcher.enabled).to eq(true)
329
+ expect(injections_matcher.sensors.size).to eq(1)
330
+ expect(injections_matcher.sensors[0].enabled).to eq(true)
331
+
332
+ meta_data = TCellAgent::Patches::MetaData.new
333
+ meta_data.remote_address = "1.3.3.4"
334
+ expect(patches.apply(meta_data)).to eq(false)
335
+
336
+ meta_data = TCellAgent::Patches::MetaData.new
337
+ meta_data.remote_address = "1.3.3.4"
338
+ meta_data.get_dict = {"xss_param" => "<script>"}
339
+ expect(patches.apply(meta_data)).to eq(403)
340
+
341
+ meta_data = TCellAgent::Patches::MetaData.new
342
+ meta_data.remote_address = "1.3.3.4"
343
+ meta_data.get_dict = {"sqli_param" => "Erwin' OR '1'='1"}
344
+ expect(patches.apply(meta_data)).to eq(false)
345
+ end
346
+ end
347
+
348
+ context "with example four" do
349
+ it "should be enabled" do
350
+ patches = TCellAgent::Policies::PatchesPolicy.from_json({
351
+ "version" => 1,
352
+ "policy_id" => "some uuid",
353
+ "data" => {
354
+ "block_rules" => [
355
+ {
356
+ "ips" => ["1.3.3.4"],
357
+ "rids" => ["123213","-3328888"]
358
+ }
359
+ ]
360
+ }
361
+ })
362
+
363
+ expect(patches.enabled).to eq(true)
364
+ expect(patches.block_rules.size).to eq(1)
365
+ expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
366
+ expect(patches.block_rules[0].rids).to eq(Set.new(["123213", "-3328888"]))
367
+
368
+ injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
369
+ expect(injections_matcher.enabled).to eq(false)
370
+ expect(injections_matcher.sensors.size).to eq(0)
371
+
372
+ meta_data = TCellAgent::Patches::MetaData.new
373
+ meta_data.remote_address = "1.3.3.4"
374
+ meta_data.route_id = "111111"
375
+ expect(patches.apply(meta_data)).to eq(false)
376
+
377
+ meta_data = TCellAgent::Patches::MetaData.new
378
+ meta_data.remote_address = "1.1.1.1"
379
+ meta_data.route_id = "123213"
380
+ expect(patches.apply(meta_data)).to eq(false)
381
+
382
+ meta_data = TCellAgent::Patches::MetaData.new
383
+ meta_data.remote_address = "1.3.3.4"
384
+ meta_data.route_id = "123213"
385
+ expect(patches.apply(meta_data)).to eq(403)
386
+
387
+ meta_data = TCellAgent::Patches::MetaData.new
388
+ meta_data.remote_address = "1.3.3.4"
389
+ meta_data.route_id = "-3328888"
390
+ expect(patches.apply(meta_data)).to eq(403)
391
+ end
392
+ end
393
+
394
+ context "with example five" do
395
+ it "should be enabled" do
396
+ patches = TCellAgent::Policies::PatchesPolicy.from_json({
397
+ "version" => 1,
398
+ "policy_id" => "some uuid",
399
+ "data" => {
400
+ "block_rules" => [
401
+ {
402
+ "ips" => ["1.3.3.4"],
403
+ "sensor_matches" => {
404
+ "xss" => {},
405
+ "sqli" => {}
406
+ }
407
+ }
408
+ ]
409
+ }
410
+ })
411
+
412
+ expect(patches.enabled).to eq(true)
413
+ expect(patches.block_rules.size).to eq(1)
414
+ expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
415
+ expect(patches.block_rules[0].rids).to eq(Set.new)
416
+
417
+ injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
418
+ expect(injections_matcher.enabled).to eq(true)
419
+ expect(injections_matcher.sensors.size).to eq(2)
420
+ expect(injections_matcher.sensors[0].enabled).to eq(true)
421
+ expect(injections_matcher.sensors[1].enabled).to eq(true)
422
+
423
+ meta_data = TCellAgent::Patches::MetaData.new
424
+ meta_data.remote_address = "1.3.3.4"
425
+ expect(patches.apply(meta_data)).to eq(false)
426
+
427
+ meta_data = TCellAgent::Patches::MetaData.new
428
+ meta_data.remote_address = "1.3.3.4"
429
+ meta_data.get_dict = {"xss_param" => "<script>"}
430
+ expect(patches.apply(meta_data)).to eq(false)
431
+
432
+ meta_data = TCellAgent::Patches::MetaData.new
433
+ meta_data.remote_address = "1.3.3.4"
434
+ meta_data.get_dict = {"sqli_param" => "Erwin' OR '1'='1"}
435
+ expect(patches.apply(meta_data)).to eq(false)
436
+ end
437
+ end
438
+
439
+ context "with example six" do
440
+ it "should be disabled" do
441
+ patches = TCellAgent::Policies::PatchesPolicy.from_json({
442
+ "version" => 1,
443
+ "policy_id" => "some uuid",
444
+ "data" => {
445
+ "block_rules" => [
446
+ {
447
+ "sensor_matches" => {
448
+ "xss" => {},
449
+ "sqli" => {}
450
+ }
451
+ }
452
+ ]
453
+ }
454
+ })
455
+
456
+ expect(patches.enabled).to eq(false)
457
+ expect(patches.block_rules.size).to eq(0)
458
+ end
459
+ end
460
+
461
+ context "with example seven" do
462
+ it "should be enabled" do
463
+ patches = TCellAgent::Policies::PatchesPolicy.from_json({
464
+ "version" => 1,
465
+ "policy_id" => "some uuid",
466
+ "data" => {
467
+ "blocked_ips" => [{"ip" => "1.1.1.1"}, {"ip" => "2.2.2.2"}],
468
+ "block_rules" => [
469
+ {
470
+ "ips" => ["3.3.3.3"]
471
+ }
472
+ ]
473
+ }
474
+ })
475
+
476
+ expect(patches.enabled).to eq(true)
477
+ expect(patches.block_rules.size).to eq(2)
478
+ expect(patches.block_rules[0].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
479
+ expect(patches.block_rules[0].rids).to eq(Set.new)
480
+ expect(patches.block_rules[1].ips).to eq(Set.new(["3.3.3.3"]))
481
+ expect(patches.block_rules[1].rids).to eq(Set.new)
482
+
483
+ injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
484
+ expect(injections_matcher.enabled).to eq(false)
485
+ expect(injections_matcher.sensors.size).to eq(0)
486
+
487
+ injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
488
+ expect(injections_matcher.enabled).to eq(false)
489
+ expect(injections_matcher.sensors.size).to eq(0)
490
+
491
+ meta_data = TCellAgent::Patches::MetaData.new
492
+ meta_data.remote_address = "1.1.1.1"
493
+ expect(patches.apply(meta_data)).to eq(403)
494
+
495
+ meta_data = TCellAgent::Patches::MetaData.new
496
+ meta_data.remote_address = "2.2.2.2"
497
+ expect(patches.apply(meta_data)).to eq(403)
498
+
499
+ meta_data = TCellAgent::Patches::MetaData.new
500
+ meta_data.remote_address = "3.3.3.3"
501
+ expect(patches.apply(meta_data)).to eq(403)
502
+ end
503
+ end
504
+
505
+ context "with example eight" do
506
+ it "should be enabled" do
507
+ patches = TCellAgent::Policies::PatchesPolicy.from_json({
508
+ "version" => 1,
509
+ "policy_id" => "some uuid",
510
+ "data" => {
511
+ "block_rules" => [
512
+ {
513
+ "ips" => ["1.3.3.4"]
514
+ },
515
+ {
516
+ "rids" => ["123213","-3328888"]
517
+ }
518
+ ]
519
+ }
520
+ })
521
+
522
+ expect(patches.enabled).to eq(true)
523
+ expect(patches.block_rules.size).to eq(2)
524
+ expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
525
+ expect(patches.block_rules[0].rids).to eq(Set.new)
526
+ expect(patches.block_rules[1].ips).to eq(Set.new())
527
+ expect(patches.block_rules[1].rids).to eq(Set.new(["123213", "-3328888"]))
528
+
529
+ injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
530
+ expect(injections_matcher.enabled).to eq(false)
531
+ expect(injections_matcher.sensors.size).to eq(0)
532
+
533
+ injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
534
+ expect(injections_matcher.enabled).to eq(false)
535
+ expect(injections_matcher.sensors.size).to eq(0)
536
+
537
+ meta_data = TCellAgent::Patches::MetaData.new
538
+ meta_data.remote_address = "1.3.3.4"
539
+ meta_data.route_id = "11111"
540
+ expect(patches.apply(meta_data)).to eq(403)
541
+
542
+ meta_data = TCellAgent::Patches::MetaData.new
543
+ meta_data.remote_address = "1.1.1.1"
544
+ meta_data.route_id = "123213"
545
+ expect(patches.apply(meta_data)).to eq(403)
546
+
547
+ meta_data = TCellAgent::Patches::MetaData.new
548
+ meta_data.remote_address = "1.1.1.1"
549
+ meta_data.route_id = "-3328888"
550
+ expect(patches.apply(meta_data)).to eq(403)
551
+
552
+ meta_data = TCellAgent::Patches::MetaData.new
553
+ meta_data.remote_address = "1.3.3.4"
554
+ meta_data.route_id = "-3328888"
555
+ expect(patches.apply(meta_data)).to eq(403)
556
+ end
557
+ end
558
+
559
+ context "with example nine" do
560
+ it "should be enabled" do
561
+ patches = TCellAgent::Policies::PatchesPolicy.from_json({
562
+ "version" => 1,
563
+ "policy_id" => "some uuid",
564
+ "data" => {
565
+ "blocked_ips" => [{"ip" => "1.1.1.1"}, {"ip" => "2.2.2.2"}],
566
+ "block_rules" => [
567
+ {
568
+ "ips" => ["1.1.1.1", "2.2.2.2"]
569
+ }
570
+ ]
571
+ }
572
+ })
573
+
574
+ expect(patches.enabled).to eq(true)
575
+ expect(patches.block_rules.size).to eq(2)
576
+ expect(patches.block_rules[0].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
577
+ expect(patches.block_rules[0].rids).to eq(Set.new)
578
+ expect(patches.block_rules[1].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
579
+ expect(patches.block_rules[1].rids).to eq(Set.new)
580
+
581
+ injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
582
+ expect(injections_matcher.enabled).to eq(false)
583
+ expect(injections_matcher.sensors.size).to eq(0)
584
+
585
+ injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
586
+ expect(injections_matcher.enabled).to eq(false)
587
+ expect(injections_matcher.sensors.size).to eq(0)
588
+
589
+ meta_data = TCellAgent::Patches::MetaData.new
590
+ meta_data.remote_address = "1.1.1.1"
591
+ expect(patches.apply(meta_data)).to eq(403)
592
+
593
+ meta_data = TCellAgent::Patches::MetaData.new
594
+ meta_data.remote_address = "2.2.2.2"
595
+ expect(patches.apply(meta_data)).to eq(403)
596
+ end
597
+ end
598
+ end
139
599
  end
600
+
140
601
  end
141
602
 
142
603
  end