tcell_agent 0.2.21 → 0.2.22

data/lib/tcell_agent/rails/routes/route_id.rb

@@ -0,0 +1,29 @@
+module TCellAgent
+  module Instrumentation
+    module RouteId
+
+      def self.update_context(env, parameters, route)
+        tcell_context = env[TCellAgent::Instrumentation::TCELL_ID]
+
+        if route && tcell_context
+          tcell_context.path_parameters = parameters
+
+          route_path = route.path.spec.to_s
+
+          grape_mount_endpoint = nil
+          if TCellAgent::Instrumentation::grape_route?(route)
+            grape_mount_endpoint = route_path
+          end
+
+          if grape_mount_endpoint
+            tcell_context.grape_mount_endpoint = grape_mount_endpoint
+
+          else
+            tcell_context.route_id = TCellAgent::SensorEvents::Util.calculateRouteId(tcell_context.request_method, route_path)
+          end
+        end
+      end
+
+    end
+  end
+end

data/lib/tcell_agent/sensor_events/app_config.rb

@@ -1,16 +1,24 @@
-require 'tcell_agent/sensor_events/sensor'        
+require 'tcell_agent/sensor_events/sensor'
 
 module TCellAgent
-    module SensorEvents
-        class AppConfigSettingEvent < TCellSensorEvent
-            def initialize(package, section, prefix, name, value)
-                super("app_config_setting")
-                self["package"] = package
-                self["section"] = section
-                self["prefix"] = prefix
-                self["name"] = name
-                self["value"] = value.to_s
-            end
-        end
+  module SensorEvents
+    class AppConfigSettingEvent < TCellSensorEvent
+      def initialize(package, section, prefix, name, value)
+        super("app_config_setting")
+        self["package"] = package
+        self["section"] = section
+
+        self["name"] = name
+        self["value"] = value.to_s
+
+        self["prefix"] = prefix if prefix
+      end
+    end
+
+    class TCellAgentSettingEvent < AppConfigSettingEvent
+      def initialize(name, value)
+        super("tcell", "config", nil, name, value)
+      end
     end
-end
+  end
+end

data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb

@@ -5,6 +5,7 @@ require 'tcell_agent/sensor_events/sensor'
 
 require 'tcell_agent/agent'
 require 'tcell_agent/agent/policy_types'
+require 'tcell_agent/appsensor/meta_data'
 require 'tcell_agent/policies/appsensor_policy'
 require 'tcell_agent/utils/params'
 
@@ -16,7 +17,7 @@ require 'tcell_agent/utils/params'
 module TCellAgent
   module SensorEvents
 
-    class AppSensorMetaEvent < TCellSensorEvent
+    class AppSensorMetaEvent < TCellAgent::AppSensor::MetaData
 
       class << self
         def build(request, rack_response, response_code, response_headers)
@@ -62,34 +63,11 @@ module TCellAgent
       attr_accessor :request_headers, :response_headers
 
       def initialize
+        super
+
         @request_content_len = 0
         @response_content_len = 0
-        @send = false
-        @body_dict = {}
-        @get_dict = {}
-        @post_dict = {}
-        @cookie_dict = {}
         @user_agent = nil
-        @path_parameters = {}
-      end
-
-      def set_body_dict(request_content_len, request_content_type, request_body)
-        if request_content_len > 2000000
-          @body_dict = {}
-
-        else
-          if request_content_type =~ %r{application/json}i && request_body
-            begin
-              # don't enqueue parameter values of unknown type to avoid any serialization issues
-              @body_dict = TCellAgent::Utils::Params.flatten(JSON.parse(request_body))
-            rescue
-              TCellAgent.logger.debug("JSON body parameter parsing failed")
-              @body_dict = {}
-            end
-          else
-            @body_dict = {}
-          end
-        end
       end
 
       def post_process
@@ -99,6 +77,9 @@ module TCellAgent
         appsensor_policy.process_meta_event(self)
       end
 
+      def flattened_post_dict
+        @post_dict
+      end
     end
 
   end

data/lib/tcell_agent/servers/passenger.rb

@@ -0,0 +1,10 @@
+PhusionPassenger::LoaderSharedHelpers.class_eval do
+
+  alias_method :tcell_after_loading_app_code, :after_loading_app_code
+  def after_loading_app_code(options)
+    tcell_after_loading_app_code(options)
+
+    TCellAgent.run_instrumentation("Passenger")
+  end
+
+end

data/lib/tcell_agent/start_background_thread.rb

@@ -32,6 +32,85 @@ if (TCellAgent.configuration.disable_all == false)
             TCellAgent.send_event(event)
           end
 
+          TCellAgent::Instrumentation.safe_block("Instrumenting Initial Config") do
+            TCellAgent.send_event(
+              TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
+              "allow_unencrypted_appfirewall_payloads",
+              (!!TCellAgent.configuration.allow_unencrypted_appfirewall_payloads).to_s)
+            )
+
+            TCellAgent.send_event(
+              TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
+                "reverse_proxy",
+                (!!TCellAgent.configuration.reverse_proxy).to_s)
+            )
+
+            # Because of all the diff ways to initialize the agent
+            # some some of the following vars might not be set until
+            # we call this method, so call this method to set all
+            # the variables
+            TCellAgent.configuration.log_filename
+
+            TCellAgent.send_event(
+              TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
+                "config_filename",
+                TCellAgent.configuration.config_filename)
+            )
+            TCellAgent.send_event(
+              TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
+                "logging_directory",
+                TCellAgent.configuration.agent_log_dir)
+            )
+
+            TCellAgent.send_event(
+              TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
+                "agent_home_directory",
+                TCellAgent.configuration.agent_home_dir)
+            )
+
+            TCellAgent.send_event(
+              TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
+                "agent_home_owner",
+                TCellAgent.configuration.agent_home_owner)
+            )
+
+            logging_options = TCellAgent.configuration.logging_options || {}
+            use_default_setting = !logging_options.has_key?(:enabled) && !logging_options.has_key?("enabled")
+            if use_default_setting || logging_options[:enabled] || logging_options["enabled"]
+              TCellAgent.send_event(
+                TCellAgent::SensorEvents::TCellAgentSettingEvent.new("logging_enabled", "true")
+              )
+
+              TCellAgent.send_event(
+                TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
+                  "logging_level",
+                  logging_options[:level] || logging_options["level"] || "INFO"
+                )
+              )
+            else
+              TCellAgent.send_event(
+                TCellAgent::SensorEvents::TCellAgentSettingEvent.new("logging_enabled", "false")
+              )
+            end
+
+            if TCellAgent.configuration.hmac_key
+              TCellAgent.send_event(
+                TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
+                  "hmac_key_present",
+                  (!!TCellAgent.configuration.hmac_key).to_s
+                )
+              )
+            end
+
+            if TCellAgent.configuration.reverse_proxy
+              TCellAgent.send_event(
+                TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
+                  "reverse_proxy_ip_address_header",
+                  TCellAgent.configuration.reverse_proxy_ip_address_header)
+              )
+            end
+          end
+
           if defined?(Rails)
             TCellAgent::Instrumentation.safe_block("Instrumenting routes") do
               TCellAgent::Instrumentation::Rails.instrument_routes
@@ -62,6 +141,9 @@ if (TCellAgent.configuration.disable_all == false)
       elsif (tcell_server && tcell_server == "unicorn") || defined?(Unicorn)
         require("tcell_agent/servers/unicorn")
 
+      elsif (tcell_server && tcell_server == "passenger") || defined?(PhusionPassenger)
+        require("tcell_agent/servers/passenger")
+
       end
     end
 

data/lib/tcell_agent/utils/params.rb

@@ -10,7 +10,7 @@ module TCellAgent
       def self.flatten(param_dict, namespace=nil)
         flattened = {}
         namespace = [] unless namespace
-        param_dict.each do |param_name, param_value|
+        (param_dict || {}).each do |param_name, param_value|
           if param_value.is_a?(Hash)
             flattened = flattened.merge(flatten(param_value, namespace.dup << param_name.to_s))
 

data/lib/tcell_agent/version.rb

@@ -1,5 +1,5 @@
 # See the file "LICENSE" for the full license governing this code.
 
 module TCellAgent
-  VERSION = "0.2.21"
+  VERSION = "0.2.22"
 end

data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb

@@ -0,0 +1,504 @@
+require 'spec_helper'
+
+module TCellAgent
+  module AppSensor
+
+    describe "InjectionsMatcher" do
+
+      describe ".from_json" do
+        context "with nil json" do
+          it "should create a disabled injections matcher" do
+            injection_matcher = InjectionsMatcher.from_json(1, nil)
+
+            expect(injection_matcher.enabled).to eq(false)
+            expect(injection_matcher.sensors).to eq([])
+          end
+        end
+
+        context "with empty json" do
+          it "should create a disabled injections matcher" do
+            injection_matcher = InjectionsMatcher.from_json(1, {})
+
+            expect(injection_matcher.enabled).to eq(false)
+            expect(injection_matcher.sensors).to eq([])
+          end
+        end
+
+        context "with v1 sensors config" do
+          context "with nil options" do
+            it "should create a disabled injection matcher" do
+              injection_matcher = InjectionsMatcher.from_json(1, {"options" => nil})
+
+              expect(injection_matcher.enabled).to eq(false)
+              expect(injection_matcher.sensors).to eq([])
+            end
+          end
+
+          context "with empty options" do
+            it "should create a disabled injection matcher" do
+              injection_matcher = InjectionsMatcher.from_json(1, {"options" => []})
+
+              expect(injection_matcher.enabled).to eq(false)
+              expect(injection_matcher.sensors).to eq([])
+            end
+          end
+
+          context "with xss sensor disabled" do
+            it "should create no sensors" do
+              sensors_json = {
+                "options" => {
+                  "xss" => false
+                }
+              }
+
+              injection_matcher = InjectionsMatcher.from_json(1, sensors_json)
+
+              expect(injection_matcher.enabled).to eq(false)
+              expect(injection_matcher.sensors).to eq([])
+            end
+          end
+
+          context "with xss sensor enabled" do
+            it "should create an xss sensors" do
+              sensors_json = {
+                "options" => {
+                  "xss" => true
+                }
+              }
+
+              injection_matcher = InjectionsMatcher.from_json(1, sensors_json)
+
+              expect(injection_matcher.enabled).to eq(true)
+              expect(injection_matcher.sensors.size).to eq(1)
+              expect(injection_matcher.sensors[ 0 ].enabled).to eq(true)
+              expect(injection_matcher.sensors[ 0 ].libinjection).to eq(false)
+              expect(injection_matcher.sensors[ 0 ].detection_point).to eq("xss")
+              expect(injection_matcher.sensors[ 0 ].exclude_headers).to eq(false)
+              expect(injection_matcher.sensors[ 0 ].exclude_forms).to eq(false)
+              expect(injection_matcher.sensors[ 0 ].exclude_cookies).to eq(false)
+              expect(injection_matcher.sensors[ 0 ].exclusions).to eq({})
+              expect(injection_matcher.sensors[ 0 ].active_pattern_ids).to eq(Set.new)
+              expect(injection_matcher.sensors[ 0 ].v1_compatability_enabled).to eq(true)
+              expect(injection_matcher.sensors[ 0 ].excluded_route_ids).to eq(Set.new)
+            end
+          end
+
+          context "with two sensors" do
+            context "one is disabled and one is enabled" do
+              it "should create one sensor" do
+                sensors_json = {
+                  "options" => {
+                    "sqli" => false,
+                    "xss" => true
+                  }
+                }
+
+                injection_matcher = InjectionsMatcher.from_json(1, sensors_json)
+
+                expect(injection_matcher.enabled).to eq(true)
+                expect(injection_matcher.sensors.size).to eq(1)
+                expect(injection_matcher.sensors[ 0 ].enabled).to eq(true)
+                expect(injection_matcher.sensors[ 0 ].libinjection).to eq(false)
+                expect(injection_matcher.sensors[ 0 ].detection_point).to eq("xss")
+                expect(injection_matcher.sensors[ 0 ].exclude_headers).to eq(false)
+                expect(injection_matcher.sensors[ 0 ].exclude_forms).to eq(false)
+                expect(injection_matcher.sensors[ 0 ].exclude_cookies).to eq(false)
+                expect(injection_matcher.sensors[ 0 ].exclusions).to eq({})
+                expect(injection_matcher.sensors[ 0 ].active_pattern_ids).to eq(Set.new)
+                expect(injection_matcher.sensors[ 0 ].v1_compatability_enabled).to eq(true)
+                expect(injection_matcher.sensors[ 0 ].excluded_route_ids).to eq(Set.new)
+              end
+            end
+
+            context "both enabled" do
+              it "should create two sensors" do
+                sensors_json = {
+                  "options" => {
+                    "sqli" => true,
+                    "xss" => true
+                  }
+                }
+
+                injection_matcher = InjectionsMatcher.from_json(1, sensors_json)
+
+                sorted_sensors = injection_matcher.sensors.sort { |a,b| a.detection_point <=> b.detection_point }
+
+                expect(injection_matcher.enabled).to eq(true)
+                expect(injection_matcher.sensors.size).to eq(2)
+                expect(sorted_sensors[ 0 ].enabled).to eq(true)
+                expect(sorted_sensors[ 0 ].libinjection).to eq(false)
+                expect(sorted_sensors[ 0 ].detection_point).to eq("sqli")
+                expect(sorted_sensors[ 0 ].exclude_headers).to eq(false)
+                expect(sorted_sensors[ 0 ].exclude_forms).to eq(false)
+                expect(sorted_sensors[ 0 ].exclude_cookies).to eq(false)
+                expect(sorted_sensors[ 0 ].exclusions).to eq({})
+                expect(sorted_sensors[ 0 ].active_pattern_ids).to eq(Set.new)
+                expect(sorted_sensors[ 0 ].v1_compatability_enabled).to eq(true)
+                expect(sorted_sensors[ 0 ].excluded_route_ids).to eq(Set.new)
+                expect(sorted_sensors[ 1 ].enabled).to eq(true)
+                expect(sorted_sensors[ 1 ].libinjection).to eq(false)
+                expect(sorted_sensors[ 1 ].detection_point).to eq("xss")
+                expect(sorted_sensors[ 1 ].exclude_headers).to eq(false)
+                expect(sorted_sensors[ 1 ].exclude_forms).to eq(false)
+                expect(sorted_sensors[ 1 ].exclude_cookies).to eq(false)
+                expect(sorted_sensors[ 1 ].exclusions).to eq({})
+                expect(sorted_sensors[ 1 ].active_pattern_ids).to eq(Set.new)
+                expect(sorted_sensors[ 1 ].v1_compatability_enabled).to eq(true)
+                expect(sorted_sensors[ 1 ].excluded_route_ids).to eq(Set.new)
+              end
+            end
+
+            context "both disabled" do
+              it "should create no sensors and be disabled" do
+                sensors_json = {
+                  "options" => {
+                    "sqli" => false,
+                    "xss" => false
+                  }
+                }
+
+                injection_matcher = InjectionsMatcher.from_json(1, sensors_json)
+
+                expect(injection_matcher.enabled).to eq(false)
+                expect(injection_matcher.sensors.size).to eq(0)
+              end
+
+            end
+          end
+
+          context "with resp_codes sensor enabled" do
+            it "should create no sensors" do
+              sensors_json = {
+                "options" => {
+                  "resp_codes" => true
+                }
+              }
+
+              injection_matcher = InjectionsMatcher.from_json(1, sensors_json)
+
+              expect(injection_matcher.enabled).to eq(false)
+              expect(injection_matcher.sensors).to eq([])
+            end
+          end
+        end
+
+        context "with v2 sensors config" do
+          context "with a sensor config that's not an injection sensor" do
+            it "should ignore the sensor config" do
+              sensors_json = {
+                "req_size" => {
+                    "limit" => 1024,
+                    "exclude_routes" => ["2300"]
+                }
+              }
+
+              injection_matcher = InjectionsMatcher.from_json(2, sensors_json)
+
+              expect(injection_matcher.enabled).to eq(false)
+              expect(injection_matcher.sensors.size).to eq(0)
+            end
+          end
+
+          context "with a disabled sensor config" do
+            it "should create no sensors and be disabled" do
+              sensors_json = {
+                "xss" => {
+                  "enabled" => false,
+                  "libinjection" => true,
+                  "patterns" => ["1","2","8"],
+                  "exclusions" => {
+                      "bob" => ["*"]
+                  }
+                }
+              }
+
+              injection_matcher = InjectionsMatcher.from_json(2, sensors_json)
+
+              expect(injection_matcher.enabled).to eq(false)
+              expect(injection_matcher.sensors.size).to eq(0)
+            end
+          end
+
+          context "with one sensor config" do
+            it "should create one sensor" do
+              sensors_json = {
+                "xss" => {
+                  "libinjection" => true,
+                  "patterns" => ["1","2","8"],
+                  "exclusions" => {
+                      "bob" => ["*"]
+                  }
+                }
+              }
+
+              injection_matcher = InjectionsMatcher.from_json(2, sensors_json)
+
+              expect(injection_matcher.enabled).to eq(true)
+              expect(injection_matcher.sensors.size).to eq(1)
+              expect(injection_matcher.sensors[0].enabled).to eq(true)
+              expect(injection_matcher.sensors[0].detection_point).to eq("xss")
+              expect(injection_matcher.sensors[0].exclude_headers).to eq(false)
+              expect(injection_matcher.sensors[0].exclude_forms).to eq(false)
+              expect(injection_matcher.sensors[0].exclude_cookies).to eq(false)
+              expect(injection_matcher.sensors[0].exclusions).to eq({"bob" => Set.new(["*"])})
+              expect(injection_matcher.sensors[0].active_pattern_ids).to eq(Set.new(["1", "2", "8"]))
+              expect(injection_matcher.sensors[0].v1_compatability_enabled).to eq(false)
+              expect(injection_matcher.sensors[0].excluded_route_ids).to eq(Set.new)
+            end
+          end
+
+          context "with two sensor configs" do
+            context "one enabled and one disabled" do
+              it "should create one sensor" do
+                sensors_json = {
+                  "sqli" => {
+                    "enabled" => false,
+                    "libinjection" => true,
+                    "patterns" => ["1","2","8"],
+                    "exclusions" => {
+                        "bob" => ["*"]
+                    }
+                  },
+                  "xss" => {
+                    "libinjection" => true,
+                    "patterns" => ["1","2","8"],
+                    "exclusions" => {
+                        "bob" => ["*"]
+                    }
+                  }
+                }
+
+                injection_matcher = InjectionsMatcher.from_json(2, sensors_json)
+
+                expect(injection_matcher.enabled).to eq(true)
+                expect(injection_matcher.sensors.size).to eq(1)
+                expect(injection_matcher.sensors[0].enabled).to eq(true)
+                expect(injection_matcher.sensors[0].detection_point).to eq("xss")
+                expect(injection_matcher.sensors[0].exclude_headers).to eq(false)
+                expect(injection_matcher.sensors[0].exclude_forms).to eq(false)
+                expect(injection_matcher.sensors[0].exclude_cookies).to eq(false)
+                expect(injection_matcher.sensors[0].exclusions).to eq({"bob" => Set.new(["*"])})
+                expect(injection_matcher.sensors[0].active_pattern_ids).to eq(Set.new(["1", "2", "8"]))
+                expect(injection_matcher.sensors[0].v1_compatability_enabled).to eq(false)
+                expect(injection_matcher.sensors[0].excluded_route_ids).to eq(Set.new)
+              end
+            end
+
+            context "both disabled" do
+              it "should create no sensors and be disabled" do
+                sensors_json = {
+                  "sqli" => {
+                    "enabled" => false,
+                    "libinjection" => true,
+                    "patterns" => ["1","2","8"],
+                    "exclusions" => {
+                        "bob" => ["*"]
+                    }
+                  },
+                  "xss" => {
+                    "enabled" => false,
+                    "libinjection" => true,
+                    "patterns" => ["1","2","8"],
+                    "exclusions" => {
+                        "bob" => ["*"]
+                    }
+                  }
+                }
+
+                injection_matcher = InjectionsMatcher.from_json(2, sensors_json)
+
+                expect(injection_matcher.enabled).to eq(false)
+                expect(injection_matcher.sensors.size).to eq(0)
+              end
+            end
+
+            context "both enabled" do
+              it "should create two sensors" do
+                sensors_json = {
+                  "sqli" => {
+                    "libinjection" => true,
+                    "patterns" => ["1","2","8"],
+                    "exclusions" => {
+                        "bob" => ["*"]
+                    }
+                  },
+                  "xss" => {
+                    "libinjection" => true,
+                    "patterns" => ["3","4","5"],
+                    "exclusions" => {
+                        "bob" => ["*"]
+                    }
+                  }
+                }
+
+                injection_matcher = InjectionsMatcher.from_json(2, sensors_json)
+
+                sorted_sensors = injection_matcher.sensors.sort { |a,b| a.detection_point <=> b.detection_point }
+
+                expect(injection_matcher.enabled).to eq(true)
+                expect(injection_matcher.sensors.size).to eq(2)
+                expect(sorted_sensors[0].enabled).to eq(true)
+                expect(sorted_sensors[0].detection_point).to eq("sqli")
+                expect(sorted_sensors[0].exclude_headers).to eq(false)
+                expect(sorted_sensors[0].exclude_forms).to eq(false)
+                expect(sorted_sensors[0].exclude_cookies).to eq(false)
+                expect(sorted_sensors[0].exclusions).to eq({"bob" => Set.new(["*"])})
+                expect(sorted_sensors[0].active_pattern_ids).to eq(Set.new(["1", "2", "8"]))
+                expect(sorted_sensors[0].v1_compatability_enabled).to eq(false)
+                expect(sorted_sensors[0].excluded_route_ids).to eq(Set.new)
+                expect(sorted_sensors[1].enabled).to eq(true)
+                expect(sorted_sensors[1].detection_point).to eq("xss")
+                expect(sorted_sensors[1].exclude_headers).to eq(false)
+                expect(sorted_sensors[1].exclude_forms).to eq(false)
+                expect(sorted_sensors[1].exclude_cookies).to eq(false)
+                expect(sorted_sensors[1].exclusions).to eq({"bob" => Set.new(["*"])})
+                expect(sorted_sensors[1].active_pattern_ids).to eq(Set.new(["3", "4", "5"]))
+                expect(sorted_sensors[1].v1_compatability_enabled).to eq(false)
+                expect(sorted_sensors[1].excluded_route_ids).to eq(Set.new)
+              end
+            end
+          end
+
+        end
+      end
+
+      describe "#check_param_for_injections" do
+        context "with no sensors" do
+          it "should not find any injections" do
+            injection_matcher = InjectionsMatcher.new([])
+
+            meta_data = TCellAgent::AppSensor::MetaData.new
+
+            result = injection_matcher.check_param_for_injections(
+              InjectionsMatcher::URI_PARAM, meta_data, "dirty", "<script></script>"
+            )
+
+            expect(result).to eq(nil)
+          end
+        end
+
+        context "with one sensors that finds an injection" do
+          it "should return the injection attempt" do
+            fake_sensor = double("fake_sensor")
+
+            injection_matcher = InjectionsMatcher.new([fake_sensor])
+
+            meta_data = TCellAgent::AppSensor::MetaData.new
+
+            expect(fake_sensor).to receive(:applicable_for_param_type?).with(
+              InjectionsMatcher::URI_PARAM
+            ).and_return(true)
+            expect(fake_sensor).to receive(:get_injection_attempt).with(
+              InjectionsMatcher::URI_PARAM, meta_data, "dirty", "<script></script>"
+            ).and_return({"injection" => true})
+
+            result = injection_matcher.check_param_for_injections(
+              InjectionsMatcher::URI_PARAM, meta_data, "dirty", "<script></script>"
+            )
+
+            expect(result).to eq({"injection" => true})
+          end
+        end
+      end
+
+      describe "#each_injection" do
+        context "with appsensor meta data" do
+          context "with one param of each type" do
+            it "should call check_param_for_injections once for each param" do
+              meta_data = TCellAgent::SensorEvents::AppSensorMetaEvent.new
+              meta_data.get_dict = {"get_param" => "get_value"}
+              # post dict for appsensor meta data gets flatten before being enqueued
+              meta_data.post_dict = TCellAgent::Utils::Params.flatten({"post_param" => "post_value"})
+              meta_data.body_dict = TCellAgent::Utils::Params.flatten({"body_param" => "body_value"})
+              meta_data.cookie_dict = {"cookie_param" => "cookie_value"}
+              meta_data.path_parameters = {"path_param" => "path_value"}
+
+              uri_injection = double("uri_injection")
+              get_injection = double("get_injection")
+              post_injection = double("post_injection")
+              json_injection = double("json_injection")
+              cookie_injection = double("cookie_injection")
+
+              injections_matcher = InjectionsMatcher.new([double("fake_sensor")])
+
+              expect(injections_matcher).to receive(:check_param_for_injections).with(
+                InjectionsMatcher::URI_PARAM, meta_data, "path_param", "path_value"
+              ).and_return(uri_injection)
+              expect(injections_matcher).to receive(:check_param_for_injections).with(
+                InjectionsMatcher::GET_PARAM, meta_data, "get_param", "get_value"
+              ).and_return(get_injection)
+              expect(injections_matcher).to receive(:check_param_for_injections).with(
+                InjectionsMatcher::POST_PARAM, meta_data, "post_param", "post_value"
+              ).and_return(post_injection)
+              expect(injections_matcher).to receive(:check_param_for_injections).with(
+                InjectionsMatcher::JSON_PARAM, meta_data, "body_param", "body_value"
+              ).and_return(json_injection)
+              expect(injections_matcher).to receive(:check_param_for_injections).with(
+                InjectionsMatcher::COOKIE_PARAM, meta_data, "cookie_param", "cookie_value"
+              ).and_return(cookie_injection)
+
+              injection_attempts = []
+              injections_matcher.each_injection(meta_data) do |injection_attempt|
+                injection_attempts.push(injection_attempt)
+              end
+
+              expect(injection_attempts.size).to eq(5)
+              expect(injection_attempts).to eq(
+                [uri_injection, get_injection, post_injection, json_injection, cookie_injection]
+              )
+            end
+          end
+        end
+
+        context "with patches meta data" do
+          context "with one param of each type" do
+            it "should call check_param_for_injections once for each param" do
+              meta_data = TCellAgent::Patches::MetaData.new
+              meta_data.get_dict = {"get_param" => "get_value"}
+              meta_data.post_dict = {"post_param" => "post_value"}
+              meta_data.body_dict = TCellAgent::Utils::Params.flatten({"body_param" => "body_value"})
+              meta_data.cookie_dict = {"cookie_param" => "cookie_value"}
+              meta_data.path_parameters = {"path_param" => "path_value"}
+
+              uri_injection = double("uri_injection")
+              get_injection = double("get_injection")
+              post_injection = double("post_injection")
+              json_injection = double("json_injection")
+              cookie_injection = double("cookie_injection")
+
+              injections_matcher = InjectionsMatcher.new([double("fake_sensor")])
+
+              expect(injections_matcher).to receive(:check_param_for_injections).with(
+                InjectionsMatcher::URI_PARAM, meta_data, "path_param", "path_value"
+              ).and_return(uri_injection)
+              expect(injections_matcher).to receive(:check_param_for_injections).with(
+                InjectionsMatcher::GET_PARAM, meta_data, "get_param", "get_value"
+              ).and_return(get_injection)
+              expect(injections_matcher).to receive(:check_param_for_injections).with(
+                InjectionsMatcher::POST_PARAM, meta_data, "post_param", "post_value"
+              ).and_return(post_injection)
+              expect(injections_matcher).to receive(:check_param_for_injections).with(
+                InjectionsMatcher::JSON_PARAM, meta_data, "body_param", "body_value"
+              ).and_return(json_injection)
+              expect(injections_matcher).to receive(:check_param_for_injections).with(
+                InjectionsMatcher::COOKIE_PARAM, meta_data, "cookie_param", "cookie_value"
+              ).and_return(cookie_injection)
+
+              injection_attempts = []
+              injections_matcher.each_injection(meta_data) do |injection_attempt|
+                injection_attempts.push(injection_attempt)
+              end
+
+              expect(injection_attempts.size).to eq(5)
+              expect(injection_attempts).to eq(
+                [uri_injection, get_injection, post_injection, json_injection, cookie_injection]
+              )
+            end
+          end
+
+        end
+      end
+    end
+
+  end
+end