tcell_agent 0.2.21 → 0.2.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/tcell_agent.rb +1 -0
- data/lib/tcell_agent/api.rb +3 -2
- data/lib/tcell_agent/appsensor/injections_matcher.rb +137 -0
- data/lib/tcell_agent/appsensor/injections_reporter.rb +67 -0
- data/lib/tcell_agent/appsensor/meta_data.rb +71 -0
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +5 -2
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +1 -1
- data/lib/tcell_agent/appsensor/sensor.rb +48 -0
- data/lib/tcell_agent/configuration.rb +15 -2
- data/lib/tcell_agent/instrumentation.rb +3 -2
- data/lib/tcell_agent/logger.rb +19 -3
- data/lib/tcell_agent/patches.rb +26 -0
- data/lib/tcell_agent/patches/block_rule.rb +58 -0
- data/lib/tcell_agent/patches/meta_data.rb +54 -0
- data/lib/tcell_agent/patches/sensors_matcher.rb +30 -0
- data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +7 -3
- data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +32 -38
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +4 -4
- data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +9 -3
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor_policy.rb +55 -131
- data/lib/tcell_agent/policies/content_security_policy.rb +148 -137
- data/lib/tcell_agent/policies/patches_policy.rb +41 -13
- data/lib/tcell_agent/rails.rb +11 -109
- data/lib/tcell_agent/rails/auth/devise.rb +5 -1
- data/lib/tcell_agent/rails/dlp.rb +5 -2
- data/lib/tcell_agent/rails/dlp/process_request.rb +88 -0
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +3 -13
- data/lib/tcell_agent/rails/on_start.rb +5 -101
- data/lib/tcell_agent/rails/routes.rb +240 -81
- data/lib/tcell_agent/rails/routes/grape.rb +113 -0
- data/lib/tcell_agent/rails/routes/route_id.rb +29 -0
- data/lib/tcell_agent/sensor_events/app_config.rb +21 -13
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -26
- data/lib/tcell_agent/servers/passenger.rb +10 -0
- data/lib/tcell_agent/start_background_thread.rb +82 -0
- data/lib/tcell_agent/utils/params.rb +1 -1
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +504 -0
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +222 -0
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +7 -13
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +18 -18
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +381 -0
- data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +35 -0
- data/spec/lib/tcell_agent/patches_spec.rb +156 -0
- data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +21 -10
- data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +44 -9
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +13 -13
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +5 -5
- data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +24 -14
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +243 -241
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +128 -200
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +126 -55
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +485 -24
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +5 -0
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -2
- data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +294 -0
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +80 -0
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +182 -0
- metadata +30 -7
- data/lib/tcell_agent/policies/appsensor/login_sensor.rb +0 -39
- data/lib/tcell_agent/policies/appsensor/sensor.rb +0 -46
- data/lib/tcell_agent/rails/path_parameters_setter.rb +0 -43
- data/spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb +0 -104
@@ -2,105 +2,176 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
module TCellAgent
|
4
4
|
module Policies
|
5
|
+
|
5
6
|
describe ContentSecurityPolicy do
|
6
|
-
|
7
|
-
"
|
8
|
-
|
9
|
-
|
7
|
+
context "test empty agent" do
|
8
|
+
it "enabled is false" do
|
9
|
+
policy_json_empty = {
|
10
|
+
"policy_id"=>"01a1",
|
11
|
+
"data"=>{
|
12
|
+
"options"=>{
|
10
13
|
|
14
|
+
}
|
15
|
+
}
|
11
16
|
}
|
12
|
-
}
|
13
|
-
}
|
14
|
-
|
15
|
-
policy_json_one = {
|
16
|
-
"policy_id"=>"01a1",
|
17
|
-
"data"=>{
|
18
|
-
"options"=>{
|
19
|
-
"js_agent_api_key"=>"000-000-1"
|
20
|
-
}
|
21
|
-
}
|
22
|
-
}
|
23
17
|
|
24
|
-
|
25
|
-
|
26
|
-
it "enabled is false" do
|
18
|
+
empty_policy = ContentSecurityPolicy.from_json(policy_json_empty)
|
19
|
+
|
27
20
|
expect(empty_policy.policy_id).to eq("01a1")
|
28
21
|
expect(empty_policy.js_agent_api_key).to eq(nil)
|
29
22
|
end
|
30
23
|
end
|
31
24
|
|
32
|
-
from_json = ContentSecurityPolicy.from_json(policy_json_one)
|
33
25
|
context "tests xss is true and enabled true" do
|
34
26
|
it "returns true" do
|
27
|
+
policy_json_one = {
|
28
|
+
"policy_id"=>"01a1",
|
29
|
+
"data"=>{
|
30
|
+
"options"=>{
|
31
|
+
"js_agent_api_key"=>"000-000-1"
|
32
|
+
}
|
33
|
+
}
|
34
|
+
}
|
35
|
+
|
36
|
+
from_json = ContentSecurityPolicy.from_json(policy_json_one)
|
37
|
+
|
35
38
|
expect(from_json.policy_id).to eq("01a1")
|
36
39
|
expect(from_json.js_agent_api_key).to eq("000-000-1")
|
37
40
|
end
|
38
41
|
end
|
39
|
-
|
40
|
-
describe ContentSecurityPolicy do
|
41
|
-
content_security_policy_json = {
|
42
|
-
"policy_id"=>"00a1",
|
43
|
-
"headers"=>[
|
44
|
-
{"name"=>"csp", "value"=>"csp header value"}
|
45
|
-
]
|
46
|
-
}
|
47
|
-
csp_from_json = ContentSecurityPolicy.from_json(content_security_policy_json)
|
42
|
+
|
48
43
|
context "initialized with 3 items" do
|
49
44
|
it "returns true" do
|
45
|
+
content_security_policy_json = {
|
46
|
+
"policy_id"=>"00a1",
|
47
|
+
"headers"=>[
|
48
|
+
{"name"=>"csp", "value"=>"csp header value"}
|
49
|
+
]
|
50
|
+
}
|
51
|
+
|
52
|
+
csp_from_json = ContentSecurityPolicy.from_json(content_security_policy_json)
|
53
|
+
|
50
54
|
expect(csp_from_json.policy_id).to eq("00a1")
|
51
55
|
expect(csp_from_json.headers[0].type).to eq("csp")
|
52
56
|
expect(csp_from_json.headers[0].value).to eq("csp header value")
|
53
57
|
end
|
54
58
|
end
|
59
|
+
|
55
60
|
context "headers match up appropriately" do
|
56
61
|
it "returns content-security-policy headers" do
|
57
62
|
expect(ContentSecurityPolicy.cspHeadersForType("csp")).to match_array(["Content-Security-Policy"])
|
58
63
|
end
|
59
64
|
end
|
60
|
-
|
61
|
-
describe ContentSecurityPolicy do
|
62
|
-
content_security_policy_json = {
|
63
|
-
"policy_id"=>"01a1",
|
64
|
-
"headers"=>[
|
65
|
-
{"name"=>"csp-header-is-bad", "value"=>"csp header value"}
|
66
|
-
]
|
67
|
-
}
|
68
|
-
csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
|
65
|
+
|
69
66
|
context "csp header example, invalid header" do
|
70
67
|
it "returns false" do
|
68
|
+
content_security_policy_json = {
|
69
|
+
"policy_id"=>"01a1",
|
70
|
+
"headers"=>[
|
71
|
+
{"name"=>"csp-header-is-bad", "value"=>"csp header value"}
|
72
|
+
]
|
73
|
+
}
|
74
|
+
|
75
|
+
csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
|
76
|
+
|
71
77
|
expect(csp_policy.headers.length).to eq(0)
|
72
78
|
end
|
73
79
|
end
|
74
|
-
|
75
|
-
describe ContentSecurityPolicy do
|
76
|
-
content_security_policy_json = {
|
77
|
-
"policy_id"=>"01a1",
|
78
|
-
"headers"=>[
|
79
|
-
{"name"=>"csp", "value"=>"value123\\nabc"}
|
80
|
-
]
|
81
|
-
}
|
82
|
-
csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
|
80
|
+
|
83
81
|
context "secure header, value is bad" do
|
84
82
|
it "returns false" do
|
83
|
+
content_security_policy_json = {
|
84
|
+
"policy_id"=>"01a1",
|
85
|
+
"headers"=>[
|
86
|
+
{"name"=>"csp", "value"=>"value123\\nabc"}
|
87
|
+
]
|
88
|
+
}
|
89
|
+
csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
|
85
90
|
expect(csp_policy.headers.length).to eq(0)
|
86
91
|
end
|
87
92
|
end
|
88
|
-
|
89
|
-
describe ContentSecurityPolicy do
|
90
|
-
content_security_policy_json = {
|
91
|
-
"policy_id"=>"01a1",
|
92
|
-
"headers"=>[
|
93
|
-
{"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
|
94
|
-
]
|
95
|
-
}
|
96
|
-
csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
|
93
|
+
|
97
94
|
context "secure header, report-uri seperate" do
|
98
95
|
it "returns false" do
|
96
|
+
content_security_policy_json = {
|
97
|
+
"policy_id"=>"01a1",
|
98
|
+
"headers"=>[
|
99
|
+
{"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
|
100
|
+
]
|
101
|
+
}
|
102
|
+
|
103
|
+
csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
|
104
|
+
|
99
105
|
expect(csp_policy.headers.length).to eq(1)
|
100
106
|
expect(csp_policy.headers[0].value).to eq("value normal; report-uri https://example.com/abcdde?c=-815891691")
|
101
107
|
expect(csp_policy.headers[0].value("1","2","3")).to eq("value normal; report-uri https://example.com/abcdde?tid=1&sid=3&rid=2&c=1777384531")
|
102
108
|
end
|
103
109
|
end
|
110
|
+
|
111
|
+
context "modifying js_agent_url" do
|
112
|
+
|
113
|
+
context "csp header value does not include new js agent url" do
|
114
|
+
it "should have the configuration set to the default js_agent_url value" do
|
115
|
+
expect(TCellAgent.configuration.js_agent_url).to eq("https://api.tcell.io/tcellagent.min.js")
|
116
|
+
|
117
|
+
content_security_policy_json = {
|
118
|
+
"policy_id"=>"01a1",
|
119
|
+
"headers"=>[
|
120
|
+
{"name"=>"csp", "value"=>"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/"}
|
121
|
+
]
|
122
|
+
}
|
123
|
+
|
124
|
+
csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
|
125
|
+
|
126
|
+
expect(csp_policy.headers.length).to eq(1)
|
127
|
+
expect(csp_policy.headers[0].value).to eq("script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/")
|
128
|
+
expect(TCellAgent.configuration.js_agent_url).to eq("https://api.tcell.io/tcellagent.min.js")
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
context "csp header value includes new js agent url" do
|
133
|
+
it "should have the configuration set to the default js_agent_url value" do
|
134
|
+
expect(TCellAgent.configuration.js_agent_url).to eq("https://api.tcell.io/tcellagent.min.js")
|
135
|
+
|
136
|
+
content_security_policy_json = {
|
137
|
+
"policy_id"=>"01a1",
|
138
|
+
"headers"=>[
|
139
|
+
{"name"=>"csp", "value"=>"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/"}
|
140
|
+
]
|
141
|
+
}
|
142
|
+
|
143
|
+
csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
|
144
|
+
|
145
|
+
expect(csp_policy.headers.length).to eq(1)
|
146
|
+
expect(csp_policy.headers[0].value).to eq("script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/")
|
147
|
+
expect(TCellAgent.configuration.js_agent_url).to eq("https://jsagent.tcell.io/tcellagent.min.js")
|
148
|
+
end
|
149
|
+
|
150
|
+
context "but js_agent_url was not default" do
|
151
|
+
it "should not modify js_agent_url" do
|
152
|
+
TCellAgent.configuration.startup_js_agent_url = "https://www.customer-website.com/tcellagent.min.js"
|
153
|
+
TCellAgent.configuration.js_agent_url = "https://www.customer-website.com/tcellagent.min.js"
|
154
|
+
expect(TCellAgent.configuration.js_agent_url).to eq("https://www.customer-website.com/tcellagent.min.js")
|
155
|
+
|
156
|
+
content_security_policy_json = {
|
157
|
+
"policy_id"=>"01a1",
|
158
|
+
"headers"=>[
|
159
|
+
{"name"=>"csp", "value"=>"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/"}
|
160
|
+
]
|
161
|
+
}
|
162
|
+
|
163
|
+
csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
|
164
|
+
|
165
|
+
expect(csp_policy.headers.length).to eq(1)
|
166
|
+
expect(csp_policy.headers[0].value).to eq("script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/")
|
167
|
+
expect(TCellAgent.configuration.js_agent_url).to eq("https://www.customer-website.com/tcellagent.min.js")
|
168
|
+
|
169
|
+
TCellAgent.configuration.startup_js_agent_url = "https://api.tcell.io/tcellagent.min.js"
|
170
|
+
TCellAgent.configuration.js_agent_url = "https://api.tcell.io/tcellagent.min.js"
|
171
|
+
end
|
172
|
+
end
|
173
|
+
end
|
174
|
+
end
|
104
175
|
end
|
105
176
|
end
|
106
177
|
end
|
@@ -26,8 +26,8 @@ module TCellAgent
|
|
26
26
|
patches = PatchesPolicy.from_json({ "policy_id" => "policy_id" })
|
27
27
|
expect(patches.policy_id).to eq("policy_id")
|
28
28
|
expect(patches.version).to be_nil
|
29
|
-
expect(patches.
|
30
|
-
expect(patches.
|
29
|
+
expect(patches.enabled).to eq(false)
|
30
|
+
expect(patches.block_rules).to eq([])
|
31
31
|
end
|
32
32
|
end
|
33
33
|
|
@@ -39,12 +39,12 @@ module TCellAgent
|
|
39
39
|
})
|
40
40
|
expect(patches.policy_id).to eq("policy_id")
|
41
41
|
expect(patches.version).to eq(1)
|
42
|
-
expect(patches.
|
43
|
-
expect(patches.
|
42
|
+
expect(patches.enabled).to eq(false)
|
43
|
+
expect(patches.block_rules).to eq([])
|
44
44
|
end
|
45
45
|
end
|
46
46
|
|
47
|
-
context "with an empty
|
47
|
+
context "with an empty block_rules" do
|
48
48
|
it "should have disabled ip blocking" do
|
49
49
|
patches = PatchesPolicy.from_json({
|
50
50
|
"policy_id" => "policy_id",
|
@@ -53,8 +53,8 @@ module TCellAgent
|
|
53
53
|
})
|
54
54
|
expect(patches.policy_id).to eq("policy_id")
|
55
55
|
expect(patches.version).to eq(1)
|
56
|
-
expect(patches.
|
57
|
-
expect(patches.
|
56
|
+
expect(patches.enabled).to eq(false)
|
57
|
+
expect(patches.block_rules).to eq([])
|
58
58
|
end
|
59
59
|
end
|
60
60
|
|
@@ -70,8 +70,8 @@ module TCellAgent
|
|
70
70
|
})
|
71
71
|
expect(patches.policy_id).to eq("policy_id")
|
72
72
|
expect(patches.version).to eq(1)
|
73
|
-
expect(patches.
|
74
|
-
expect(patches.
|
73
|
+
expect(patches.enabled).to eq(false)
|
74
|
+
expect(patches.block_rules).to eq([])
|
75
75
|
end
|
76
76
|
end
|
77
77
|
|
@@ -87,28 +87,116 @@ module TCellAgent
|
|
87
87
|
]
|
88
88
|
}
|
89
89
|
})
|
90
|
+
|
91
|
+
expect(patches.policy_id).to eq("policy_id")
|
92
|
+
expect(patches.version).to eq(1)
|
93
|
+
expect(patches.enabled).to eq(true)
|
94
|
+
expect(patches.block_rules.size).to eq(1)
|
95
|
+
expect(patches.block_rules[0].ips).to eq(Set.new(["0.0.0.0", "1.1.1.1"]))
|
96
|
+
expect(patches.block_rules[0].rids).to eq(Set.new)
|
97
|
+
expect(patches.block_rules[0].action).to eq("block_403s")
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
context "with block_rules" do
|
103
|
+
context "as an empty list" do
|
104
|
+
it "should have ip blocking disabled" do
|
105
|
+
patches = PatchesPolicy.from_json({
|
106
|
+
"policy_id" => "policy_id",
|
107
|
+
"version" => 1,
|
108
|
+
"data" => {
|
109
|
+
"block_rules" => []
|
110
|
+
}
|
111
|
+
})
|
90
112
|
expect(patches.policy_id).to eq("policy_id")
|
91
113
|
expect(patches.version).to eq(1)
|
92
|
-
expect(patches.
|
93
|
-
expect(patches.
|
114
|
+
expect(patches.enabled).to eq(false)
|
115
|
+
expect(patches.block_rules).to eq([])
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
context "a non empty list" do
|
120
|
+
it "should have ip blocking enabled" do
|
121
|
+
block_rule_one = double("block_rule_one")
|
122
|
+
block_rule_dos = double("block_rule_dos")
|
123
|
+
|
124
|
+
expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
|
125
|
+
{"assume_this_is_well_formed" => "well_formed"}
|
126
|
+
).and_return(block_rule_one)
|
127
|
+
|
128
|
+
expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
|
129
|
+
{"assume_this_is_well_formed_dos" => "well_formed_dos"}
|
130
|
+
).and_return(block_rule_dos)
|
131
|
+
|
132
|
+
patches = PatchesPolicy.from_json({
|
133
|
+
"policy_id" => "policy_id",
|
134
|
+
"version" => 1,
|
135
|
+
"data" => {
|
136
|
+
"block_rules" => [
|
137
|
+
{"assume_this_is_well_formed" => "well_formed"},
|
138
|
+
{"assume_this_is_well_formed_dos" => "well_formed_dos"}
|
139
|
+
]
|
140
|
+
}
|
141
|
+
})
|
142
|
+
|
143
|
+
expect(patches.policy_id).to eq("policy_id")
|
144
|
+
expect(patches.version).to eq(1)
|
145
|
+
expect(patches.enabled).to eq(true)
|
146
|
+
expect(patches.block_rules).to eq([block_rule_one, block_rule_dos])
|
147
|
+
end
|
148
|
+
|
149
|
+
context "with a malformed block rule" do
|
150
|
+
it "should ignore the block rule" do
|
151
|
+
expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
|
152
|
+
{"assume_this_is_ill_formed" => "ill_formed"}
|
153
|
+
).and_return(nil)
|
154
|
+
|
155
|
+
patches = PatchesPolicy.from_json({
|
156
|
+
"policy_id" => "policy_id",
|
157
|
+
"version" => 1,
|
158
|
+
"data" => {
|
159
|
+
"block_rules" => [
|
160
|
+
{"assume_this_is_ill_formed" => "ill_formed"}
|
161
|
+
]
|
162
|
+
}
|
163
|
+
})
|
164
|
+
|
165
|
+
expect(patches.policy_id).to eq("policy_id")
|
166
|
+
expect(patches.version).to eq(1)
|
167
|
+
expect(patches.enabled).to eq(false)
|
168
|
+
expect(patches.block_rules).to eq([])
|
169
|
+
end
|
94
170
|
end
|
95
171
|
|
96
|
-
context "with
|
97
|
-
it "should
|
172
|
+
context "with a malformed block rule and a well formed block rule" do
|
173
|
+
it "should ignore the block rule" do
|
174
|
+
block_rule = double("block_rule")
|
175
|
+
|
176
|
+
expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
|
177
|
+
{"assume_this_is_ill_formed" => "ill_formed"}
|
178
|
+
).and_return(nil)
|
179
|
+
|
180
|
+
expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
|
181
|
+
{"assume_this_is_well_formed" => "well_formed"}
|
182
|
+
).and_return(block_rule)
|
183
|
+
|
98
184
|
patches = PatchesPolicy.from_json({
|
99
185
|
"policy_id" => "policy_id",
|
100
186
|
"version" => 1,
|
101
187
|
"data" => {
|
102
|
-
"
|
103
|
-
{"
|
104
|
-
{"
|
188
|
+
"block_rules" => [
|
189
|
+
{"assume_this_is_ill_formed" => "ill_formed"},
|
190
|
+
{"assume_this_is_well_formed" => "well_formed"}
|
105
191
|
]
|
106
192
|
}
|
107
193
|
})
|
194
|
+
|
195
|
+
|
108
196
|
expect(patches.policy_id).to eq("policy_id")
|
109
197
|
expect(patches.version).to eq(1)
|
110
|
-
expect(patches.
|
111
|
-
expect(patches.
|
198
|
+
expect(patches.enabled).to eq(true)
|
199
|
+
expect(patches.block_rules).to eq([block_rule])
|
112
200
|
end
|
113
201
|
end
|
114
202
|
|
@@ -116,27 +204,400 @@ module TCellAgent
|
|
116
204
|
it "should have ip blocking disabled" do
|
117
205
|
logger = double("logger")
|
118
206
|
expect(TCellAgent).to receive(:logger).and_return(logger)
|
119
|
-
expect(logger).to receive(:
|
207
|
+
expect(logger).to receive(:error).with("Patches Policy not supported: 2")
|
208
|
+
|
209
|
+
expect(TCellAgent::Patches::BlockRule).to_not receive(:from_json)
|
120
210
|
|
121
211
|
patches = PatchesPolicy.from_json({
|
122
212
|
"policy_id" => "policy_id",
|
123
213
|
"version" => 2,
|
124
214
|
"data" => {
|
125
|
-
"
|
126
|
-
{"
|
127
|
-
{"ip" => "1.1.1.1"}
|
215
|
+
"block_rules" => [
|
216
|
+
{"assume_this_is_well_formed" => "well_formed"}
|
128
217
|
]
|
129
218
|
}
|
130
219
|
})
|
220
|
+
|
131
221
|
expect(patches.policy_id).to eq("policy_id")
|
132
222
|
expect(patches.version).to eq(2)
|
133
|
-
expect(patches.
|
134
|
-
expect(patches.
|
223
|
+
expect(patches.enabled).to eq(false)
|
224
|
+
expect(patches.block_rules).to eq([])
|
135
225
|
end
|
136
226
|
end
|
137
227
|
end
|
138
228
|
end
|
229
|
+
|
230
|
+
context "with wiki examples" do
|
231
|
+
context "with example one" do
|
232
|
+
it "should be enabled" do
|
233
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
234
|
+
"version" => 1,
|
235
|
+
"policy_id" => "some uuid",
|
236
|
+
"data" => {
|
237
|
+
"block_rules" => [
|
238
|
+
{
|
239
|
+
"ips" => ["1.3.3.4"]
|
240
|
+
}
|
241
|
+
]
|
242
|
+
}
|
243
|
+
})
|
244
|
+
|
245
|
+
expect(patches.enabled).to eq(true)
|
246
|
+
expect(patches.block_rules.size).to eq(1)
|
247
|
+
expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
|
248
|
+
expect(patches.block_rules[0].rids).to eq(Set.new)
|
249
|
+
|
250
|
+
injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
|
251
|
+
expect(injections_matcher.enabled).to eq(false)
|
252
|
+
expect(injections_matcher.sensors.size).to eq(0)
|
253
|
+
|
254
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
255
|
+
meta_data.remote_address = "1.3.3.4"
|
256
|
+
expect(patches.apply(meta_data)).to eq(403)
|
257
|
+
end
|
258
|
+
end
|
259
|
+
|
260
|
+
context "with example two" do
|
261
|
+
it "should be enabled" do
|
262
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
263
|
+
"version" => 1,
|
264
|
+
"policy_id" => "some uuid",
|
265
|
+
"data" => {
|
266
|
+
"block_rules" => [
|
267
|
+
{
|
268
|
+
"rids" => ["123213","-3328888"]
|
269
|
+
}
|
270
|
+
]
|
271
|
+
}
|
272
|
+
})
|
273
|
+
|
274
|
+
expect(patches.enabled).to eq(true)
|
275
|
+
expect(patches.block_rules.size).to eq(1)
|
276
|
+
expect(patches.block_rules[0].ips).to eq(Set.new)
|
277
|
+
expect(patches.block_rules[0].rids).to eq(Set.new(["123213", "-3328888"]))
|
278
|
+
|
279
|
+
injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
|
280
|
+
expect(injections_matcher.enabled).to eq(false)
|
281
|
+
expect(injections_matcher.sensors.size).to eq(0)
|
282
|
+
|
283
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
284
|
+
meta_data.remote_address = "1.3.3.4"
|
285
|
+
expect(patches.apply(meta_data)).to eq(false)
|
286
|
+
|
287
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
288
|
+
meta_data.remote_address = "1.3.3.4"
|
289
|
+
meta_data.route_id = "123213"
|
290
|
+
expect(patches.apply(meta_data)).to eq(403)
|
291
|
+
|
292
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
293
|
+
meta_data.remote_address = "1.3.3.4"
|
294
|
+
meta_data.route_id = "-3328888"
|
295
|
+
expect(patches.apply(meta_data)).to eq(403)
|
296
|
+
end
|
297
|
+
end
|
298
|
+
|
299
|
+
context "with example three" do
|
300
|
+
it "should be enabled" do
|
301
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
302
|
+
"version" => 1,
|
303
|
+
"policy_id" => "some uuid",
|
304
|
+
"data" => {
|
305
|
+
"block_rules" => [
|
306
|
+
{
|
307
|
+
"ips" => ["1.3.3.4"],
|
308
|
+
"sensor_matches" => {
|
309
|
+
"xss" => {
|
310
|
+
"libinjection" => false,
|
311
|
+
"patterns" => ["1","2","8"],
|
312
|
+
"exclusions" => {
|
313
|
+
"bob" => ["*"]
|
314
|
+
}
|
315
|
+
}
|
316
|
+
}
|
317
|
+
}
|
318
|
+
]
|
319
|
+
}
|
320
|
+
})
|
321
|
+
|
322
|
+
expect(patches.enabled).to eq(true)
|
323
|
+
expect(patches.block_rules.size).to eq(1)
|
324
|
+
expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
|
325
|
+
expect(patches.block_rules[0].rids).to eq(Set.new)
|
326
|
+
|
327
|
+
injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
|
328
|
+
expect(injections_matcher.enabled).to eq(true)
|
329
|
+
expect(injections_matcher.sensors.size).to eq(1)
|
330
|
+
expect(injections_matcher.sensors[0].enabled).to eq(true)
|
331
|
+
|
332
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
333
|
+
meta_data.remote_address = "1.3.3.4"
|
334
|
+
expect(patches.apply(meta_data)).to eq(false)
|
335
|
+
|
336
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
337
|
+
meta_data.remote_address = "1.3.3.4"
|
338
|
+
meta_data.get_dict = {"xss_param" => "<script>"}
|
339
|
+
expect(patches.apply(meta_data)).to eq(403)
|
340
|
+
|
341
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
342
|
+
meta_data.remote_address = "1.3.3.4"
|
343
|
+
meta_data.get_dict = {"sqli_param" => "Erwin' OR '1'='1"}
|
344
|
+
expect(patches.apply(meta_data)).to eq(false)
|
345
|
+
end
|
346
|
+
end
|
347
|
+
|
348
|
+
context "with example four" do
|
349
|
+
it "should be enabled" do
|
350
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
351
|
+
"version" => 1,
|
352
|
+
"policy_id" => "some uuid",
|
353
|
+
"data" => {
|
354
|
+
"block_rules" => [
|
355
|
+
{
|
356
|
+
"ips" => ["1.3.3.4"],
|
357
|
+
"rids" => ["123213","-3328888"]
|
358
|
+
}
|
359
|
+
]
|
360
|
+
}
|
361
|
+
})
|
362
|
+
|
363
|
+
expect(patches.enabled).to eq(true)
|
364
|
+
expect(patches.block_rules.size).to eq(1)
|
365
|
+
expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
|
366
|
+
expect(patches.block_rules[0].rids).to eq(Set.new(["123213", "-3328888"]))
|
367
|
+
|
368
|
+
injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
|
369
|
+
expect(injections_matcher.enabled).to eq(false)
|
370
|
+
expect(injections_matcher.sensors.size).to eq(0)
|
371
|
+
|
372
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
373
|
+
meta_data.remote_address = "1.3.3.4"
|
374
|
+
meta_data.route_id = "111111"
|
375
|
+
expect(patches.apply(meta_data)).to eq(false)
|
376
|
+
|
377
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
378
|
+
meta_data.remote_address = "1.1.1.1"
|
379
|
+
meta_data.route_id = "123213"
|
380
|
+
expect(patches.apply(meta_data)).to eq(false)
|
381
|
+
|
382
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
383
|
+
meta_data.remote_address = "1.3.3.4"
|
384
|
+
meta_data.route_id = "123213"
|
385
|
+
expect(patches.apply(meta_data)).to eq(403)
|
386
|
+
|
387
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
388
|
+
meta_data.remote_address = "1.3.3.4"
|
389
|
+
meta_data.route_id = "-3328888"
|
390
|
+
expect(patches.apply(meta_data)).to eq(403)
|
391
|
+
end
|
392
|
+
end
|
393
|
+
|
394
|
+
context "with example five" do
|
395
|
+
it "should be enabled" do
|
396
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
397
|
+
"version" => 1,
|
398
|
+
"policy_id" => "some uuid",
|
399
|
+
"data" => {
|
400
|
+
"block_rules" => [
|
401
|
+
{
|
402
|
+
"ips" => ["1.3.3.4"],
|
403
|
+
"sensor_matches" => {
|
404
|
+
"xss" => {},
|
405
|
+
"sqli" => {}
|
406
|
+
}
|
407
|
+
}
|
408
|
+
]
|
409
|
+
}
|
410
|
+
})
|
411
|
+
|
412
|
+
expect(patches.enabled).to eq(true)
|
413
|
+
expect(patches.block_rules.size).to eq(1)
|
414
|
+
expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
|
415
|
+
expect(patches.block_rules[0].rids).to eq(Set.new)
|
416
|
+
|
417
|
+
injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
|
418
|
+
expect(injections_matcher.enabled).to eq(true)
|
419
|
+
expect(injections_matcher.sensors.size).to eq(2)
|
420
|
+
expect(injections_matcher.sensors[0].enabled).to eq(true)
|
421
|
+
expect(injections_matcher.sensors[1].enabled).to eq(true)
|
422
|
+
|
423
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
424
|
+
meta_data.remote_address = "1.3.3.4"
|
425
|
+
expect(patches.apply(meta_data)).to eq(false)
|
426
|
+
|
427
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
428
|
+
meta_data.remote_address = "1.3.3.4"
|
429
|
+
meta_data.get_dict = {"xss_param" => "<script>"}
|
430
|
+
expect(patches.apply(meta_data)).to eq(false)
|
431
|
+
|
432
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
433
|
+
meta_data.remote_address = "1.3.3.4"
|
434
|
+
meta_data.get_dict = {"sqli_param" => "Erwin' OR '1'='1"}
|
435
|
+
expect(patches.apply(meta_data)).to eq(false)
|
436
|
+
end
|
437
|
+
end
|
438
|
+
|
439
|
+
context "with example six" do
|
440
|
+
it "should be disabled" do
|
441
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
442
|
+
"version" => 1,
|
443
|
+
"policy_id" => "some uuid",
|
444
|
+
"data" => {
|
445
|
+
"block_rules" => [
|
446
|
+
{
|
447
|
+
"sensor_matches" => {
|
448
|
+
"xss" => {},
|
449
|
+
"sqli" => {}
|
450
|
+
}
|
451
|
+
}
|
452
|
+
]
|
453
|
+
}
|
454
|
+
})
|
455
|
+
|
456
|
+
expect(patches.enabled).to eq(false)
|
457
|
+
expect(patches.block_rules.size).to eq(0)
|
458
|
+
end
|
459
|
+
end
|
460
|
+
|
461
|
+
context "with example seven" do
|
462
|
+
it "should be enabled" do
|
463
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
464
|
+
"version" => 1,
|
465
|
+
"policy_id" => "some uuid",
|
466
|
+
"data" => {
|
467
|
+
"blocked_ips" => [{"ip" => "1.1.1.1"}, {"ip" => "2.2.2.2"}],
|
468
|
+
"block_rules" => [
|
469
|
+
{
|
470
|
+
"ips" => ["3.3.3.3"]
|
471
|
+
}
|
472
|
+
]
|
473
|
+
}
|
474
|
+
})
|
475
|
+
|
476
|
+
expect(patches.enabled).to eq(true)
|
477
|
+
expect(patches.block_rules.size).to eq(2)
|
478
|
+
expect(patches.block_rules[0].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
|
479
|
+
expect(patches.block_rules[0].rids).to eq(Set.new)
|
480
|
+
expect(patches.block_rules[1].ips).to eq(Set.new(["3.3.3.3"]))
|
481
|
+
expect(patches.block_rules[1].rids).to eq(Set.new)
|
482
|
+
|
483
|
+
injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
|
484
|
+
expect(injections_matcher.enabled).to eq(false)
|
485
|
+
expect(injections_matcher.sensors.size).to eq(0)
|
486
|
+
|
487
|
+
injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
|
488
|
+
expect(injections_matcher.enabled).to eq(false)
|
489
|
+
expect(injections_matcher.sensors.size).to eq(0)
|
490
|
+
|
491
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
492
|
+
meta_data.remote_address = "1.1.1.1"
|
493
|
+
expect(patches.apply(meta_data)).to eq(403)
|
494
|
+
|
495
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
496
|
+
meta_data.remote_address = "2.2.2.2"
|
497
|
+
expect(patches.apply(meta_data)).to eq(403)
|
498
|
+
|
499
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
500
|
+
meta_data.remote_address = "3.3.3.3"
|
501
|
+
expect(patches.apply(meta_data)).to eq(403)
|
502
|
+
end
|
503
|
+
end
|
504
|
+
|
505
|
+
context "with example eight" do
|
506
|
+
it "should be enabled" do
|
507
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
508
|
+
"version" => 1,
|
509
|
+
"policy_id" => "some uuid",
|
510
|
+
"data" => {
|
511
|
+
"block_rules" => [
|
512
|
+
{
|
513
|
+
"ips" => ["1.3.3.4"]
|
514
|
+
},
|
515
|
+
{
|
516
|
+
"rids" => ["123213","-3328888"]
|
517
|
+
}
|
518
|
+
]
|
519
|
+
}
|
520
|
+
})
|
521
|
+
|
522
|
+
expect(patches.enabled).to eq(true)
|
523
|
+
expect(patches.block_rules.size).to eq(2)
|
524
|
+
expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
|
525
|
+
expect(patches.block_rules[0].rids).to eq(Set.new)
|
526
|
+
expect(patches.block_rules[1].ips).to eq(Set.new())
|
527
|
+
expect(patches.block_rules[1].rids).to eq(Set.new(["123213", "-3328888"]))
|
528
|
+
|
529
|
+
injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
|
530
|
+
expect(injections_matcher.enabled).to eq(false)
|
531
|
+
expect(injections_matcher.sensors.size).to eq(0)
|
532
|
+
|
533
|
+
injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
|
534
|
+
expect(injections_matcher.enabled).to eq(false)
|
535
|
+
expect(injections_matcher.sensors.size).to eq(0)
|
536
|
+
|
537
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
538
|
+
meta_data.remote_address = "1.3.3.4"
|
539
|
+
meta_data.route_id = "11111"
|
540
|
+
expect(patches.apply(meta_data)).to eq(403)
|
541
|
+
|
542
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
543
|
+
meta_data.remote_address = "1.1.1.1"
|
544
|
+
meta_data.route_id = "123213"
|
545
|
+
expect(patches.apply(meta_data)).to eq(403)
|
546
|
+
|
547
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
548
|
+
meta_data.remote_address = "1.1.1.1"
|
549
|
+
meta_data.route_id = "-3328888"
|
550
|
+
expect(patches.apply(meta_data)).to eq(403)
|
551
|
+
|
552
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
553
|
+
meta_data.remote_address = "1.3.3.4"
|
554
|
+
meta_data.route_id = "-3328888"
|
555
|
+
expect(patches.apply(meta_data)).to eq(403)
|
556
|
+
end
|
557
|
+
end
|
558
|
+
|
559
|
+
context "with example nine" do
|
560
|
+
it "should be enabled" do
|
561
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
562
|
+
"version" => 1,
|
563
|
+
"policy_id" => "some uuid",
|
564
|
+
"data" => {
|
565
|
+
"blocked_ips" => [{"ip" => "1.1.1.1"}, {"ip" => "2.2.2.2"}],
|
566
|
+
"block_rules" => [
|
567
|
+
{
|
568
|
+
"ips" => ["1.1.1.1", "2.2.2.2"]
|
569
|
+
}
|
570
|
+
]
|
571
|
+
}
|
572
|
+
})
|
573
|
+
|
574
|
+
expect(patches.enabled).to eq(true)
|
575
|
+
expect(patches.block_rules.size).to eq(2)
|
576
|
+
expect(patches.block_rules[0].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
|
577
|
+
expect(patches.block_rules[0].rids).to eq(Set.new)
|
578
|
+
expect(patches.block_rules[1].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
|
579
|
+
expect(patches.block_rules[1].rids).to eq(Set.new)
|
580
|
+
|
581
|
+
injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
|
582
|
+
expect(injections_matcher.enabled).to eq(false)
|
583
|
+
expect(injections_matcher.sensors.size).to eq(0)
|
584
|
+
|
585
|
+
injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
|
586
|
+
expect(injections_matcher.enabled).to eq(false)
|
587
|
+
expect(injections_matcher.sensors.size).to eq(0)
|
588
|
+
|
589
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
590
|
+
meta_data.remote_address = "1.1.1.1"
|
591
|
+
expect(patches.apply(meta_data)).to eq(403)
|
592
|
+
|
593
|
+
meta_data = TCellAgent::Patches::MetaData.new
|
594
|
+
meta_data.remote_address = "2.2.2.2"
|
595
|
+
expect(patches.apply(meta_data)).to eq(403)
|
596
|
+
end
|
597
|
+
end
|
598
|
+
end
|
139
599
|
end
|
600
|
+
|
140
601
|
end
|
141
602
|
|
142
603
|
end
|