tcell_agent 0.2.21 → 0.2.22

data/lib/tcell_agent/policies/patches_policy.rb

@@ -1,22 +1,35 @@
+require 'tcell_agent/appsensor/injections_matcher'
+require 'tcell_agent/patches/block_rule'
+require 'tcell_agent/patches/sensors_matcher'
+
 module TCellAgent
   module Policies
 
     class PatchesPolicy
-      attr_accessor :policy_id, :version, :ip_blocking_enabled, :blocked_ips
+      attr_accessor :policy_id, :version, :enabled, :block_rules
 
       def initialize
         @policy_id = nil
         @version = nil
-        @ip_blocking_enabled = false
-        @blocked_ips = {}
+        @enabled = false
+        @block_rules = []
       end
 
-      def block_ip?(ip_address)
-        @ip_blocking_enabled && @blocked_ips[ip_address]
+      def apply(meta_data)
+        return false unless @enabled
+
+        @block_rules.each do |block_rule|
+          if block_rule.block?(meta_data)
+            return block_rule.resp
+          end
+        end
+
+        return false
       end
 
       def self.from_json(policy_json)
         return nil unless policy_json
+        policy_json = policy_json.deep_dup
 
         policy_id = policy_json["policy_id"]
 
@@ -27,23 +40,38 @@ module TCellAgent
         patches_policy.version = policy_json["version"]
 
         if 1 != patches_policy.version
-          TCellAgent.logger.warn("Patches Policy not supported: #{patches_policy.version}")
+          TCellAgent.logger.error("Patches Policy not supported: #{patches_policy.version}")
           return patches_policy
         end
 
         data = policy_json["data"]
         if data
-          blocked_ips = data["blocked_ips"]
-          if blocked_ips
-            blocked_ips.each do |ip_info|
-              if ip_info["ip"]
-                patches_policy.ip_blocking_enabled = true
-                patches_policy.blocked_ips[ip_info["ip"]] = true
-              end
+          if data.has_key?("blocked_ips")
+            blocked_ips = data.fetch("blocked_ips", []).map do |ip_info|
+              ip_info["ip"]
+            end
+
+            block_rule = TCellAgent::Patches::BlockRule.from_json( {
+              "ips" => blocked_ips
+            })
+
+            if block_rule
+              patches_policy.block_rules.push(block_rule)
             end
           end
+
+          if data.has_key?("block_rules")
+            block_rules_json = data.fetch("block_rules", [])
+
+            block_rules = block_rules_json.map do |block_rule_json|
+              TCellAgent::Patches::BlockRule.from_json(block_rule_json)
+            end.reject(&:nil?)
+
+            patches_policy.block_rules.concat(block_rules)
+          end
         end
 
+        patches_policy.enabled = patches_policy.block_rules.size > 0
         patches_policy
       end
     end

data/lib/tcell_agent/rails.rb

@@ -1,8 +1,7 @@
 # See the file "LICENSE" for the full license governing this code.
-      
+
 require 'rails'
 require 'uri'
-require 'tcell_agent/logger'
 require 'tcell_agent/agent'
 require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/server_agent'
@@ -27,113 +26,16 @@ require 'thread'
 module TCellAgent
   class Railtie < Rails::Railtie
     initializer "tcell_agent.insert_middleware" do |app|
-          app.config.to_prepare do
-            require 'tcell_agent/devise' if defined?(Devise)
-            require 'tcell_agent/rails/auth/devise' if defined?(Devise)
-            require 'tcell_agent/authlogic' if defined?(Authlogic)
-            require 'tcell_agent/rails/auth/authlogic'  if defined?(Authlogic)
-            require 'tcell_agent/rails/path_parameters_setter'
-          end
-          app.config.middleware.insert_before(0, "TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware")
-          app.config.middleware.insert_after(0, "TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware")
-          app.config.middleware.use "TCellAgent::Instrumentation::Rails::Middleware::BodyFilterMiddleware"
-          app.config.middleware.use "TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware"
+      app.config.to_prepare do
+        require 'tcell_agent/devise' if defined?(Devise)
+        require 'tcell_agent/rails/auth/devise' if defined?(Devise)
+        require 'tcell_agent/authlogic' if defined?(Authlogic)
+        require 'tcell_agent/rails/auth/authlogic'  if defined?(Authlogic)
+      end
+      app.config.middleware.insert_before(0, TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware)
+      app.config.middleware.insert_after(0, TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware)
+      app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::BodyFilterMiddleware
+      app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware
     end
   end
 end
-
-  #   # if (Rails::VERSION::MAJOR == 3)
-  #   #   config.after_initialize do
-  #   #     Rails.application.reload_routes!
-  #   #     Rails.application.routes.routes.each do |route|
-  #   #        methods = ['GET','POST','PUT','DELETE','HEAD',
-  #   #         'PATCH','TRACE','CONNECT','OPTIONS']
-  #   #         if (route.constraints.has_key? :request_method)
-  #   #          route_path = "#{route.path.spec}"
-  #   #          if (route_path.end_with?("(.:format)"))
-  #   #            route_path = route_path.chomp("(.:format)")
-  #   #          end
-  #   #          route_destination = route.defaults.to_s
-  #   #          route_params =  route.path.required_names
-  #   #          route_methods = methods.select {|x| route.verb.match(x) }
-  #   #          route_methods.each { |route_method|
-  #   #            #puts "#{route_path}, #{route_method.downcase}"
-  #   #            TCellAgent::AgentThread.sendEvent(
-  #   #              TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
-  #   #                route_path, route_method, nil, "#{route_destination}"
-  #   #                )
-  #   #              )
-  #   #          }
-  #   #         end
-  #   #     end
-  #   #   end
-  #   # end
-  #   ActionDispatch::Request.class_eval do
-  #     attr_accessor :_tcell_transaction_id
-  #   end
-  #   config.after_initialize do
-  #       puts "Framework"
-  #       puts "Rails"
-  #       puts Rails.version
-  #       puts Rails.application.config.session_options
-  #       if defined?(Devise)
-  #         puts "Devise"
-  #         puts "ominauth"
-  #         puts Devise.password_length
-  #         puts Devise.remember_for
-  #         puts Devise.expire_all_remember_me_on_sign_out
-  #         puts Devise.maximum_attempts
-  #         puts Devise.unlock_in
-  #         puts Devise.paranoid
-  #         puts Devise.token_generator
-  #         puts "warden"
-  #         puts Devise.warden_config
-  #       end
-  #   end
-  #   if (Rails::VERSION::MAJOR == 4)
-  #     ActionDispatch::Journey::Routes.class_eval do
-  #       alias_method :original_add_route, :add_route
-  #       def add_route(app, path, conditions, defaults, name = nil)
-  #         route = original_add_route(app, path, conditions, defaults, name)
-  #         methods = ['GET','POST','PUT','DELETE','HEAD',
-  #          'PATCH','TRACE','CONNECT','OPTIONS']
-  #          if (route.constraints.has_key? :request_method)
-  #           route_path = "#{route.path.spec}"
-  #           if (route_path.end_with?("(.:format)"))
-  #             route_path = route_path.chomp("(.:format)")
-  #           end
-  #           route_destination = route.defaults.to_s
-  #           route_params =  route.path.required_names
-  #           route_methods = methods.select {|x| route.verb.match(x) }
-  #           route_methods.each { |route_method|
-  #             #puts "#{route_path}, #{route_method.downcase}"
-  #             TCellAgent.send_event(
-  #               TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
-  #                 route_path, route_method, nil, "#{route_destination}"
-  #               )
-  #             )
-  #           }
-  #         end
-  #         route
-  #       end
-  #     end
-  #   end
-  #   ActiveSupport.on_load(:action_controller) do
-  #     ActionController::Base.class_eval do
-  #       #around_filter :global_request_logging
-  #       # def _tcell_route_name
-  #       #   begin
-  #       #     route = Rails.application.routes.router.recognize(request) { |route, _| route }.first
-  #       #     route_path = "#{route[2].path.spec}"
-  #       #     if (route_path.end_with?("(.:format)"))
-  #       #       route_path = route_path.chomp("(.:format)")
-  #       #     end
-  #       #     #puts "#{route_path}, #{request.method.downcase}"
-  #       #     TCellAgent::SensorEvents::Util.calculateRouteId(request.method.downcase, route_path)
-  #       #   rescue Exception => inner_excetion
-  #       #     TCellAgent.logger.debug("Could not figure out path #{inner_excetion.message}")
-  #       #   end
-  #       # end #def global
-  #     end #ac classeval
-  #   end #as onload
-  # end #class

data/lib/tcell_agent/rails/auth/devise.rb

@@ -7,7 +7,11 @@ module TCellAgent
 
     Devise::SessionsController.class_eval do
 
-      after_filter :log_failed_login, :only => :new
+      if (::Rails::VERSION::MAJOR == 5)
+        after_action :log_failed_login, :only => :new
+      elsif (::Rails::VERSION::MAJOR < 5)
+        after_filter :log_failed_login, :only => :new
+      end
       alias_method :original_new, :new
       def new
         original_new

data/lib/tcell_agent/rails/dlp.rb

@@ -19,7 +19,6 @@ require 'tcell_agent/rails/middleware/body_filter_middleware'
 require 'tcell_agent/rails/middleware/headers_middleware'
 require 'tcell_agent/rails/middleware/context_middleware'
 
-require 'tcell_agent/rails/routes'
 require 'tcell_agent/rails/settings_reporter'
 
 require 'tcell_agent/instrumentation'
@@ -268,7 +267,11 @@ end
 module TCellAgent
   ActiveSupport.on_load(:action_controller) do
     ActionController::Base.class_eval do
-      around_filter :global_request_logging
+      if (::Rails::VERSION::MAJOR == 5)
+        around_action :global_request_logging
+      elsif (::Rails::VERSION::MAJOR < 5)
+        around_filter :global_request_logging
+      end
       def global_request_logging
         begin
           yield

data/lib/tcell_agent/rails/dlp/process_request.rb

@@ -0,0 +1,88 @@
+module TCellAgent
+  module DLP
+
+    def self.handle_request_dlp_parameters(request)
+      TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request forms)") {
+        _handle_dataexpsure_forms(request)
+      }
+
+      TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request headers)") {
+        _handle_dataexpsure_headers(request)
+      }
+
+      TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request cookies)") {
+        _handler_dataexposure_cookies(request)
+      }
+    end
+
+    def self.loop_params_hash(method, param_hash, prefix, &block)
+      param_hash.each do |param_name, param_value|
+        if param_value && param_value.is_a?(Hash)
+          loop_params_hash(method, param_value, 'hash', &block)
+        elsif !param_value || !param_value.instance_of?(String) || param_value == ""
+          next
+        else
+          block.call(method, param_name, param_value)
+        end
+      end
+    end
+
+    def self.for_params(request, &block)
+      get_params = request.GET
+      if get_params
+        self.loop_params_hash('get', get_params, nil, &block)
+      end
+      post_params = request.POST
+      if post_params
+        self.loop_params_hash('post', post_params, nil, &block)
+      end
+    end
+
+    def self._handle_dataexpsure_forms(request)
+      dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
+      tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
+      if tcell_context && dataex_policy && dataex_policy.has_actions_for_form_parameter?
+        for_params(request) { |method, param_name, param_value|
+          actions = dataex_policy.get_actions_for_form_parameter(param_name, tcell_context.route_id)
+          if actions
+            actions.each { |action|
+              tcell_context.add_filter_for_request_parameter(param_value, action, param_name)
+            }
+          end
+        }
+      end
+    end
+
+    def self._handle_dataexpsure_headers(request)
+      dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
+      tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
+      if tcell_context && dataex_policy && dataex_policy.has_actions_for_headers?
+        headers = request.env.select {|k,v| k.start_with? 'HTTP_'}
+        headers.each { |header_name, header_value|
+          header_name = header_name.sub(/^HTTP_/, '').gsub('_','-')
+          actions = dataex_policy.get_actions_for_header(header_name)
+          if actions
+            actions.each { |action|
+              tcell_context.add_filter_for_header_value(header_value, action, header_name)
+            }
+          end
+        }
+      end
+    end
+
+    def self._handler_dataexposure_cookies(request)
+      dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
+      tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
+      if tcell_context && dataex_policy && dataex_policy.has_actions_for_cookie?
+        request.cookies.each { |cookie_name, cookie_value|
+          actions = dataex_policy.get_actions_for_cookie(cookie_name)
+          if actions
+            actions.each { |action|
+              tcell_context.add_filter_for_cookie_value(cookie_value, action, cookie_name)
+            }
+          end
+        }
+      end
+    end
+  end
+end

data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb

@@ -73,7 +73,7 @@ module TCellAgent
                   if (script_tag_policy &&
                       script_tag_policy.js_agent_api_key)
                     newbody = []
-                    rack_body.each { |str| 
+                    rack_body.each { |str|
                       newbody_part = self.replace_in_body(script_tag_policy, str) || str
                       newbody << newbody_part
                     }

data/lib/tcell_agent/rails/middleware/headers_middleware.rb

@@ -2,7 +2,6 @@
 
 require 'rails'
 require 'uri'
-require 'tcell_agent/logger'
 require 'tcell_agent/agent'
 require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/appsensor_meta_event'
@@ -29,24 +28,15 @@ module TCellAgent
           def call(env)
             request = Rack::Request.new(env)
 
-            if TCellAgent.configuration.should_intercept_requests?
-              TCellAgent::Instrumentation.safe_block("Checking for blocked ips") do
-                patches_policy = TCellAgent.policy(TCellAgent::PolicyTypes::Patches)
-                if patches_policy
-                  if patches_policy.block_ip?(TCellAgent::Utils::Rails.better_ip(request))
-                    return [403, {"Content-Type" => "text/plain"}, ["Forbidden based on referer"]]
-                  end
-                end
-              end
-            end
-
             response = @app.call(env)
 
             if TCellAgent.configuration.should_intercept_requests?
               status, headers, active_response = response
               TCellAgent::Instrumentation.safe_block("Handling Request") {
                 tcell_response = response
-                tcell_response = self._handle_appsensor(request, tcell_response)
+                unless request.env[TCellAgent::Instrumentation::TCELL_ID].ip_blocking_triggered
+                  tcell_response = self._handle_appsensor(request, tcell_response)
+                end
                 tcell_response = self._handle_redirect(request, tcell_response)
                 tcell_response = self._set_csp_header(request, tcell_response)
                 tcell_response = self._set_clickjacking_header(request, tcell_response)

data/lib/tcell_agent/rails/on_start.rb

@@ -1,112 +1,16 @@
 # See the file "LICENSE" for the full license governing this code.
 
 #require 'tcell_agent/authlogic' if defined?(Authlogic)
-require 'tcell_agent/configuration'
 
 require 'rails'
 
-TCellAgent::Instrumentation::Rails.send_language_info
-TCellAgent::Instrumentation::Rails.send_framework_info
-
-module TCellAgent
-  module Instrumentation
-    module Rails
-      METHODS = ['GET','POST','PUT','DELETE','HEAD',
-                 'PATCH','TRACE','CONNECT','OPTIONS']
-
-      def self.instrument_route(route)
-        if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
-          if (::Rails::VERSION::MAJOR == 5)
-              route_path = "#{route.path.spec}"
-              if (route_path.end_with?("(.:format)"))
-                route_path = route_path.chomp("(.:format)")
-              end
-
-              route_destination = route.defaults.to_json.to_s
-
-              route_methods = (route.verb || "").split('|')
-              route_methods.each do |route_method|
-                route_id = TCellAgent::SensorEvents::Util.calculateRouteId(route_method.downcase, route.path.spec)
-                TCellAgent.send_event(
-                  TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
-                    route_path, route_method, route_id, nil, route_destination
-                  )
-                )
-              end
-
-          elsif (::Rails::VERSION::MAJOR < 5)
-            if (route.constraints.has_key? :request_method)
-              route_path = "#{route.path.spec}"
-              if (route_path.end_with?("(.:format)"))
-                route_path = route_path.chomp("(.:format)")
-              end
-
-              route_destination = route.defaults.to_json.to_s
-
-              route_methods = METHODS.select { |x| route.verb.match(x) }
-              route_methods.each do |route_method|
-                route_id = TCellAgent::SensorEvents::Util.calculateRouteId(route_method.downcase, route.path.spec)
-                TCellAgent.send_event(
-                  TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
-                    route_path, route_method, route_id, nil, route_destination
-                  )
-                )
-              end
-            end
-          end
-        end
-      end
-
-      def self.instrument_routes
-        if ::Rails.application
-          ::Rails.application.routes.routes.each do |route|
-            self.instrument_route(route)
-          end
-        end
-      end
-
-      if (::Rails::VERSION::MAJOR == 3)
-        ActionDispatch::Routing::RouteSet.class_eval do
-            alias_method :tcell_add_route, :add_route
-            def add_route(app, conditions = {}, requirements = {}, defaults = {}, name = nil, anchor = true)
-              route = tcell_add_route(app, conditions, requirements, defaults, name, anchor)
-
-              TCellAgent::Instrumentation::Rails.instrument_route(route)
-
-              route
-            end
-        end
-      end
-
-      if (::Rails::VERSION::MAJOR == 4)
-        ActionDispatch::Journey::Routes.class_eval do
-          alias_method :tcell_add_route, :add_route
-          def add_route(app, path, conditions, defaults, name = nil)
-            route = tcell_add_route(app, path, conditions, defaults, name)
-
-            TCellAgent::Instrumentation::Rails.instrument_route(route)
-
-            route
-          end
-        end
-      end
-
-      if (::Rails::VERSION::MAJOR == 5)
-        ActionDispatch::Journey::Routes.class_eval do
-          alias_method :tcell_add_route, :add_route
-          def add_route(name, mapping)
-            route = tcell_add_route(name, mapping)
-
-            TCellAgent::Instrumentation::Rails.instrument_route(route)
+require 'tcell_agent/configuration'
 
-            route
-          end
-        end
-      end
+require 'tcell_agent/rails/routes'
+require 'tcell_agent/rails/dlp/process_request'
 
-    end
-  end
-end
+TCellAgent::Instrumentation::Rails.send_language_info
+TCellAgent::Instrumentation::Rails.send_framework_info
 
 if (Rails.application)
   if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?