tcell_agent 0.2.21 → 0.2.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/tcell_agent.rb +1 -0
- data/lib/tcell_agent/api.rb +3 -2
- data/lib/tcell_agent/appsensor/injections_matcher.rb +137 -0
- data/lib/tcell_agent/appsensor/injections_reporter.rb +67 -0
- data/lib/tcell_agent/appsensor/meta_data.rb +71 -0
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +5 -2
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +1 -1
- data/lib/tcell_agent/appsensor/sensor.rb +48 -0
- data/lib/tcell_agent/configuration.rb +15 -2
- data/lib/tcell_agent/instrumentation.rb +3 -2
- data/lib/tcell_agent/logger.rb +19 -3
- data/lib/tcell_agent/patches.rb +26 -0
- data/lib/tcell_agent/patches/block_rule.rb +58 -0
- data/lib/tcell_agent/patches/meta_data.rb +54 -0
- data/lib/tcell_agent/patches/sensors_matcher.rb +30 -0
- data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +7 -3
- data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +32 -38
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +4 -4
- data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +9 -3
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor_policy.rb +55 -131
- data/lib/tcell_agent/policies/content_security_policy.rb +148 -137
- data/lib/tcell_agent/policies/patches_policy.rb +41 -13
- data/lib/tcell_agent/rails.rb +11 -109
- data/lib/tcell_agent/rails/auth/devise.rb +5 -1
- data/lib/tcell_agent/rails/dlp.rb +5 -2
- data/lib/tcell_agent/rails/dlp/process_request.rb +88 -0
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +3 -13
- data/lib/tcell_agent/rails/on_start.rb +5 -101
- data/lib/tcell_agent/rails/routes.rb +240 -81
- data/lib/tcell_agent/rails/routes/grape.rb +113 -0
- data/lib/tcell_agent/rails/routes/route_id.rb +29 -0
- data/lib/tcell_agent/sensor_events/app_config.rb +21 -13
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -26
- data/lib/tcell_agent/servers/passenger.rb +10 -0
- data/lib/tcell_agent/start_background_thread.rb +82 -0
- data/lib/tcell_agent/utils/params.rb +1 -1
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +504 -0
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +222 -0
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +7 -13
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +18 -18
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +381 -0
- data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +35 -0
- data/spec/lib/tcell_agent/patches_spec.rb +156 -0
- data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +21 -10
- data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +44 -9
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +13 -13
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +5 -5
- data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +24 -14
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +243 -241
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +128 -200
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +126 -55
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +485 -24
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +5 -0
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -2
- data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +294 -0
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +80 -0
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +182 -0
- metadata +30 -7
- data/lib/tcell_agent/policies/appsensor/login_sensor.rb +0 -39
- data/lib/tcell_agent/policies/appsensor/sensor.rb +0 -46
- data/lib/tcell_agent/rails/path_parameters_setter.rb +0 -43
- data/spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb +0 -104
@@ -1,22 +1,35 @@
|
|
1
|
+
require 'tcell_agent/appsensor/injections_matcher'
|
2
|
+
require 'tcell_agent/patches/block_rule'
|
3
|
+
require 'tcell_agent/patches/sensors_matcher'
|
4
|
+
|
1
5
|
module TCellAgent
|
2
6
|
module Policies
|
3
7
|
|
4
8
|
class PatchesPolicy
|
5
|
-
attr_accessor :policy_id, :version, :
|
9
|
+
attr_accessor :policy_id, :version, :enabled, :block_rules
|
6
10
|
|
7
11
|
def initialize
|
8
12
|
@policy_id = nil
|
9
13
|
@version = nil
|
10
|
-
@
|
11
|
-
@
|
14
|
+
@enabled = false
|
15
|
+
@block_rules = []
|
12
16
|
end
|
13
17
|
|
14
|
-
def
|
15
|
-
|
18
|
+
def apply(meta_data)
|
19
|
+
return false unless @enabled
|
20
|
+
|
21
|
+
@block_rules.each do |block_rule|
|
22
|
+
if block_rule.block?(meta_data)
|
23
|
+
return block_rule.resp
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
return false
|
16
28
|
end
|
17
29
|
|
18
30
|
def self.from_json(policy_json)
|
19
31
|
return nil unless policy_json
|
32
|
+
policy_json = policy_json.deep_dup
|
20
33
|
|
21
34
|
policy_id = policy_json["policy_id"]
|
22
35
|
|
@@ -27,23 +40,38 @@ module TCellAgent
|
|
27
40
|
patches_policy.version = policy_json["version"]
|
28
41
|
|
29
42
|
if 1 != patches_policy.version
|
30
|
-
TCellAgent.logger.
|
43
|
+
TCellAgent.logger.error("Patches Policy not supported: #{patches_policy.version}")
|
31
44
|
return patches_policy
|
32
45
|
end
|
33
46
|
|
34
47
|
data = policy_json["data"]
|
35
48
|
if data
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
49
|
+
if data.has_key?("blocked_ips")
|
50
|
+
blocked_ips = data.fetch("blocked_ips", []).map do |ip_info|
|
51
|
+
ip_info["ip"]
|
52
|
+
end
|
53
|
+
|
54
|
+
block_rule = TCellAgent::Patches::BlockRule.from_json( {
|
55
|
+
"ips" => blocked_ips
|
56
|
+
})
|
57
|
+
|
58
|
+
if block_rule
|
59
|
+
patches_policy.block_rules.push(block_rule)
|
43
60
|
end
|
44
61
|
end
|
62
|
+
|
63
|
+
if data.has_key?("block_rules")
|
64
|
+
block_rules_json = data.fetch("block_rules", [])
|
65
|
+
|
66
|
+
block_rules = block_rules_json.map do |block_rule_json|
|
67
|
+
TCellAgent::Patches::BlockRule.from_json(block_rule_json)
|
68
|
+
end.reject(&:nil?)
|
69
|
+
|
70
|
+
patches_policy.block_rules.concat(block_rules)
|
71
|
+
end
|
45
72
|
end
|
46
73
|
|
74
|
+
patches_policy.enabled = patches_policy.block_rules.size > 0
|
47
75
|
patches_policy
|
48
76
|
end
|
49
77
|
end
|
data/lib/tcell_agent/rails.rb
CHANGED
@@ -1,8 +1,7 @@
|
|
1
1
|
# See the file "LICENSE" for the full license governing this code.
|
2
|
-
|
2
|
+
|
3
3
|
require 'rails'
|
4
4
|
require 'uri'
|
5
|
-
require 'tcell_agent/logger'
|
6
5
|
require 'tcell_agent/agent'
|
7
6
|
require 'tcell_agent/sensor_events/sensor'
|
8
7
|
require 'tcell_agent/sensor_events/server_agent'
|
@@ -27,113 +26,16 @@ require 'thread'
|
|
27
26
|
module TCellAgent
|
28
27
|
class Railtie < Rails::Railtie
|
29
28
|
initializer "tcell_agent.insert_middleware" do |app|
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
app.config.middleware.use "TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware"
|
29
|
+
app.config.to_prepare do
|
30
|
+
require 'tcell_agent/devise' if defined?(Devise)
|
31
|
+
require 'tcell_agent/rails/auth/devise' if defined?(Devise)
|
32
|
+
require 'tcell_agent/authlogic' if defined?(Authlogic)
|
33
|
+
require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
|
34
|
+
end
|
35
|
+
app.config.middleware.insert_before(0, TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware)
|
36
|
+
app.config.middleware.insert_after(0, TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware)
|
37
|
+
app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::BodyFilterMiddleware
|
38
|
+
app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware
|
41
39
|
end
|
42
40
|
end
|
43
41
|
end
|
44
|
-
|
45
|
-
# # if (Rails::VERSION::MAJOR == 3)
|
46
|
-
# # config.after_initialize do
|
47
|
-
# # Rails.application.reload_routes!
|
48
|
-
# # Rails.application.routes.routes.each do |route|
|
49
|
-
# # methods = ['GET','POST','PUT','DELETE','HEAD',
|
50
|
-
# # 'PATCH','TRACE','CONNECT','OPTIONS']
|
51
|
-
# # if (route.constraints.has_key? :request_method)
|
52
|
-
# # route_path = "#{route.path.spec}"
|
53
|
-
# # if (route_path.end_with?("(.:format)"))
|
54
|
-
# # route_path = route_path.chomp("(.:format)")
|
55
|
-
# # end
|
56
|
-
# # route_destination = route.defaults.to_s
|
57
|
-
# # route_params = route.path.required_names
|
58
|
-
# # route_methods = methods.select {|x| route.verb.match(x) }
|
59
|
-
# # route_methods.each { |route_method|
|
60
|
-
# # #puts "#{route_path}, #{route_method.downcase}"
|
61
|
-
# # TCellAgent::AgentThread.sendEvent(
|
62
|
-
# # TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
|
63
|
-
# # route_path, route_method, nil, "#{route_destination}"
|
64
|
-
# # )
|
65
|
-
# # )
|
66
|
-
# # }
|
67
|
-
# # end
|
68
|
-
# # end
|
69
|
-
# # end
|
70
|
-
# # end
|
71
|
-
# ActionDispatch::Request.class_eval do
|
72
|
-
# attr_accessor :_tcell_transaction_id
|
73
|
-
# end
|
74
|
-
# config.after_initialize do
|
75
|
-
# puts "Framework"
|
76
|
-
# puts "Rails"
|
77
|
-
# puts Rails.version
|
78
|
-
# puts Rails.application.config.session_options
|
79
|
-
# if defined?(Devise)
|
80
|
-
# puts "Devise"
|
81
|
-
# puts "ominauth"
|
82
|
-
# puts Devise.password_length
|
83
|
-
# puts Devise.remember_for
|
84
|
-
# puts Devise.expire_all_remember_me_on_sign_out
|
85
|
-
# puts Devise.maximum_attempts
|
86
|
-
# puts Devise.unlock_in
|
87
|
-
# puts Devise.paranoid
|
88
|
-
# puts Devise.token_generator
|
89
|
-
# puts "warden"
|
90
|
-
# puts Devise.warden_config
|
91
|
-
# end
|
92
|
-
# end
|
93
|
-
# if (Rails::VERSION::MAJOR == 4)
|
94
|
-
# ActionDispatch::Journey::Routes.class_eval do
|
95
|
-
# alias_method :original_add_route, :add_route
|
96
|
-
# def add_route(app, path, conditions, defaults, name = nil)
|
97
|
-
# route = original_add_route(app, path, conditions, defaults, name)
|
98
|
-
# methods = ['GET','POST','PUT','DELETE','HEAD',
|
99
|
-
# 'PATCH','TRACE','CONNECT','OPTIONS']
|
100
|
-
# if (route.constraints.has_key? :request_method)
|
101
|
-
# route_path = "#{route.path.spec}"
|
102
|
-
# if (route_path.end_with?("(.:format)"))
|
103
|
-
# route_path = route_path.chomp("(.:format)")
|
104
|
-
# end
|
105
|
-
# route_destination = route.defaults.to_s
|
106
|
-
# route_params = route.path.required_names
|
107
|
-
# route_methods = methods.select {|x| route.verb.match(x) }
|
108
|
-
# route_methods.each { |route_method|
|
109
|
-
# #puts "#{route_path}, #{route_method.downcase}"
|
110
|
-
# TCellAgent.send_event(
|
111
|
-
# TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
|
112
|
-
# route_path, route_method, nil, "#{route_destination}"
|
113
|
-
# )
|
114
|
-
# )
|
115
|
-
# }
|
116
|
-
# end
|
117
|
-
# route
|
118
|
-
# end
|
119
|
-
# end
|
120
|
-
# end
|
121
|
-
# ActiveSupport.on_load(:action_controller) do
|
122
|
-
# ActionController::Base.class_eval do
|
123
|
-
# #around_filter :global_request_logging
|
124
|
-
# # def _tcell_route_name
|
125
|
-
# # begin
|
126
|
-
# # route = Rails.application.routes.router.recognize(request) { |route, _| route }.first
|
127
|
-
# # route_path = "#{route[2].path.spec}"
|
128
|
-
# # if (route_path.end_with?("(.:format)"))
|
129
|
-
# # route_path = route_path.chomp("(.:format)")
|
130
|
-
# # end
|
131
|
-
# # #puts "#{route_path}, #{request.method.downcase}"
|
132
|
-
# # TCellAgent::SensorEvents::Util.calculateRouteId(request.method.downcase, route_path)
|
133
|
-
# # rescue Exception => inner_excetion
|
134
|
-
# # TCellAgent.logger.debug("Could not figure out path #{inner_excetion.message}")
|
135
|
-
# # end
|
136
|
-
# # end #def global
|
137
|
-
# end #ac classeval
|
138
|
-
# end #as onload
|
139
|
-
# end #class
|
@@ -7,7 +7,11 @@ module TCellAgent
|
|
7
7
|
|
8
8
|
Devise::SessionsController.class_eval do
|
9
9
|
|
10
|
-
|
10
|
+
if (::Rails::VERSION::MAJOR == 5)
|
11
|
+
after_action :log_failed_login, :only => :new
|
12
|
+
elsif (::Rails::VERSION::MAJOR < 5)
|
13
|
+
after_filter :log_failed_login, :only => :new
|
14
|
+
end
|
11
15
|
alias_method :original_new, :new
|
12
16
|
def new
|
13
17
|
original_new
|
@@ -19,7 +19,6 @@ require 'tcell_agent/rails/middleware/body_filter_middleware'
|
|
19
19
|
require 'tcell_agent/rails/middleware/headers_middleware'
|
20
20
|
require 'tcell_agent/rails/middleware/context_middleware'
|
21
21
|
|
22
|
-
require 'tcell_agent/rails/routes'
|
23
22
|
require 'tcell_agent/rails/settings_reporter'
|
24
23
|
|
25
24
|
require 'tcell_agent/instrumentation'
|
@@ -268,7 +267,11 @@ end
|
|
268
267
|
module TCellAgent
|
269
268
|
ActiveSupport.on_load(:action_controller) do
|
270
269
|
ActionController::Base.class_eval do
|
271
|
-
|
270
|
+
if (::Rails::VERSION::MAJOR == 5)
|
271
|
+
around_action :global_request_logging
|
272
|
+
elsif (::Rails::VERSION::MAJOR < 5)
|
273
|
+
around_filter :global_request_logging
|
274
|
+
end
|
272
275
|
def global_request_logging
|
273
276
|
begin
|
274
277
|
yield
|
@@ -0,0 +1,88 @@
|
|
1
|
+
module TCellAgent
|
2
|
+
module DLP
|
3
|
+
|
4
|
+
def self.handle_request_dlp_parameters(request)
|
5
|
+
TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request forms)") {
|
6
|
+
_handle_dataexpsure_forms(request)
|
7
|
+
}
|
8
|
+
|
9
|
+
TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request headers)") {
|
10
|
+
_handle_dataexpsure_headers(request)
|
11
|
+
}
|
12
|
+
|
13
|
+
TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request cookies)") {
|
14
|
+
_handler_dataexposure_cookies(request)
|
15
|
+
}
|
16
|
+
end
|
17
|
+
|
18
|
+
def self.loop_params_hash(method, param_hash, prefix, &block)
|
19
|
+
param_hash.each do |param_name, param_value|
|
20
|
+
if param_value && param_value.is_a?(Hash)
|
21
|
+
loop_params_hash(method, param_value, 'hash', &block)
|
22
|
+
elsif !param_value || !param_value.instance_of?(String) || param_value == ""
|
23
|
+
next
|
24
|
+
else
|
25
|
+
block.call(method, param_name, param_value)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.for_params(request, &block)
|
31
|
+
get_params = request.GET
|
32
|
+
if get_params
|
33
|
+
self.loop_params_hash('get', get_params, nil, &block)
|
34
|
+
end
|
35
|
+
post_params = request.POST
|
36
|
+
if post_params
|
37
|
+
self.loop_params_hash('post', post_params, nil, &block)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def self._handle_dataexpsure_forms(request)
|
42
|
+
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
43
|
+
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
44
|
+
if tcell_context && dataex_policy && dataex_policy.has_actions_for_form_parameter?
|
45
|
+
for_params(request) { |method, param_name, param_value|
|
46
|
+
actions = dataex_policy.get_actions_for_form_parameter(param_name, tcell_context.route_id)
|
47
|
+
if actions
|
48
|
+
actions.each { |action|
|
49
|
+
tcell_context.add_filter_for_request_parameter(param_value, action, param_name)
|
50
|
+
}
|
51
|
+
end
|
52
|
+
}
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def self._handle_dataexpsure_headers(request)
|
57
|
+
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
58
|
+
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
59
|
+
if tcell_context && dataex_policy && dataex_policy.has_actions_for_headers?
|
60
|
+
headers = request.env.select {|k,v| k.start_with? 'HTTP_'}
|
61
|
+
headers.each { |header_name, header_value|
|
62
|
+
header_name = header_name.sub(/^HTTP_/, '').gsub('_','-')
|
63
|
+
actions = dataex_policy.get_actions_for_header(header_name)
|
64
|
+
if actions
|
65
|
+
actions.each { |action|
|
66
|
+
tcell_context.add_filter_for_header_value(header_value, action, header_name)
|
67
|
+
}
|
68
|
+
end
|
69
|
+
}
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def self._handler_dataexposure_cookies(request)
|
74
|
+
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
75
|
+
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
76
|
+
if tcell_context && dataex_policy && dataex_policy.has_actions_for_cookie?
|
77
|
+
request.cookies.each { |cookie_name, cookie_value|
|
78
|
+
actions = dataex_policy.get_actions_for_cookie(cookie_name)
|
79
|
+
if actions
|
80
|
+
actions.each { |action|
|
81
|
+
tcell_context.add_filter_for_cookie_value(cookie_value, action, cookie_name)
|
82
|
+
}
|
83
|
+
end
|
84
|
+
}
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
@@ -2,7 +2,6 @@
|
|
2
2
|
|
3
3
|
require 'rails'
|
4
4
|
require 'uri'
|
5
|
-
require 'tcell_agent/logger'
|
6
5
|
require 'tcell_agent/agent'
|
7
6
|
require 'tcell_agent/sensor_events/sensor'
|
8
7
|
require 'tcell_agent/sensor_events/appsensor_meta_event'
|
@@ -29,24 +28,15 @@ module TCellAgent
|
|
29
28
|
def call(env)
|
30
29
|
request = Rack::Request.new(env)
|
31
30
|
|
32
|
-
if TCellAgent.configuration.should_intercept_requests?
|
33
|
-
TCellAgent::Instrumentation.safe_block("Checking for blocked ips") do
|
34
|
-
patches_policy = TCellAgent.policy(TCellAgent::PolicyTypes::Patches)
|
35
|
-
if patches_policy
|
36
|
-
if patches_policy.block_ip?(TCellAgent::Utils::Rails.better_ip(request))
|
37
|
-
return [403, {"Content-Type" => "text/plain"}, ["Forbidden based on referer"]]
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
31
|
response = @app.call(env)
|
44
32
|
|
45
33
|
if TCellAgent.configuration.should_intercept_requests?
|
46
34
|
status, headers, active_response = response
|
47
35
|
TCellAgent::Instrumentation.safe_block("Handling Request") {
|
48
36
|
tcell_response = response
|
49
|
-
|
37
|
+
unless request.env[TCellAgent::Instrumentation::TCELL_ID].ip_blocking_triggered
|
38
|
+
tcell_response = self._handle_appsensor(request, tcell_response)
|
39
|
+
end
|
50
40
|
tcell_response = self._handle_redirect(request, tcell_response)
|
51
41
|
tcell_response = self._set_csp_header(request, tcell_response)
|
52
42
|
tcell_response = self._set_clickjacking_header(request, tcell_response)
|
@@ -1,112 +1,16 @@
|
|
1
1
|
# See the file "LICENSE" for the full license governing this code.
|
2
2
|
|
3
3
|
#require 'tcell_agent/authlogic' if defined?(Authlogic)
|
4
|
-
require 'tcell_agent/configuration'
|
5
4
|
|
6
5
|
require 'rails'
|
7
6
|
|
8
|
-
|
9
|
-
TCellAgent::Instrumentation::Rails.send_framework_info
|
10
|
-
|
11
|
-
module TCellAgent
|
12
|
-
module Instrumentation
|
13
|
-
module Rails
|
14
|
-
METHODS = ['GET','POST','PUT','DELETE','HEAD',
|
15
|
-
'PATCH','TRACE','CONNECT','OPTIONS']
|
16
|
-
|
17
|
-
def self.instrument_route(route)
|
18
|
-
if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
|
19
|
-
if (::Rails::VERSION::MAJOR == 5)
|
20
|
-
route_path = "#{route.path.spec}"
|
21
|
-
if (route_path.end_with?("(.:format)"))
|
22
|
-
route_path = route_path.chomp("(.:format)")
|
23
|
-
end
|
24
|
-
|
25
|
-
route_destination = route.defaults.to_json.to_s
|
26
|
-
|
27
|
-
route_methods = (route.verb || "").split('|')
|
28
|
-
route_methods.each do |route_method|
|
29
|
-
route_id = TCellAgent::SensorEvents::Util.calculateRouteId(route_method.downcase, route.path.spec)
|
30
|
-
TCellAgent.send_event(
|
31
|
-
TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
|
32
|
-
route_path, route_method, route_id, nil, route_destination
|
33
|
-
)
|
34
|
-
)
|
35
|
-
end
|
36
|
-
|
37
|
-
elsif (::Rails::VERSION::MAJOR < 5)
|
38
|
-
if (route.constraints.has_key? :request_method)
|
39
|
-
route_path = "#{route.path.spec}"
|
40
|
-
if (route_path.end_with?("(.:format)"))
|
41
|
-
route_path = route_path.chomp("(.:format)")
|
42
|
-
end
|
43
|
-
|
44
|
-
route_destination = route.defaults.to_json.to_s
|
45
|
-
|
46
|
-
route_methods = METHODS.select { |x| route.verb.match(x) }
|
47
|
-
route_methods.each do |route_method|
|
48
|
-
route_id = TCellAgent::SensorEvents::Util.calculateRouteId(route_method.downcase, route.path.spec)
|
49
|
-
TCellAgent.send_event(
|
50
|
-
TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
|
51
|
-
route_path, route_method, route_id, nil, route_destination
|
52
|
-
)
|
53
|
-
)
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
def self.instrument_routes
|
61
|
-
if ::Rails.application
|
62
|
-
::Rails.application.routes.routes.each do |route|
|
63
|
-
self.instrument_route(route)
|
64
|
-
end
|
65
|
-
end
|
66
|
-
end
|
67
|
-
|
68
|
-
if (::Rails::VERSION::MAJOR == 3)
|
69
|
-
ActionDispatch::Routing::RouteSet.class_eval do
|
70
|
-
alias_method :tcell_add_route, :add_route
|
71
|
-
def add_route(app, conditions = {}, requirements = {}, defaults = {}, name = nil, anchor = true)
|
72
|
-
route = tcell_add_route(app, conditions, requirements, defaults, name, anchor)
|
73
|
-
|
74
|
-
TCellAgent::Instrumentation::Rails.instrument_route(route)
|
75
|
-
|
76
|
-
route
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
|
-
if (::Rails::VERSION::MAJOR == 4)
|
82
|
-
ActionDispatch::Journey::Routes.class_eval do
|
83
|
-
alias_method :tcell_add_route, :add_route
|
84
|
-
def add_route(app, path, conditions, defaults, name = nil)
|
85
|
-
route = tcell_add_route(app, path, conditions, defaults, name)
|
86
|
-
|
87
|
-
TCellAgent::Instrumentation::Rails.instrument_route(route)
|
88
|
-
|
89
|
-
route
|
90
|
-
end
|
91
|
-
end
|
92
|
-
end
|
93
|
-
|
94
|
-
if (::Rails::VERSION::MAJOR == 5)
|
95
|
-
ActionDispatch::Journey::Routes.class_eval do
|
96
|
-
alias_method :tcell_add_route, :add_route
|
97
|
-
def add_route(name, mapping)
|
98
|
-
route = tcell_add_route(name, mapping)
|
99
|
-
|
100
|
-
TCellAgent::Instrumentation::Rails.instrument_route(route)
|
7
|
+
require 'tcell_agent/configuration'
|
101
8
|
|
102
|
-
|
103
|
-
|
104
|
-
end
|
105
|
-
end
|
9
|
+
require 'tcell_agent/rails/routes'
|
10
|
+
require 'tcell_agent/rails/dlp/process_request'
|
106
11
|
|
107
|
-
|
108
|
-
|
109
|
-
end
|
12
|
+
TCellAgent::Instrumentation::Rails.send_language_info
|
13
|
+
TCellAgent::Instrumentation::Rails.send_framework_info
|
110
14
|
|
111
15
|
if (Rails.application)
|
112
16
|
if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
|