tcell_agent 0.2.21 → 0.2.22

data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+module TCellAgent
+  module Patches
+
+    describe "SensorsMatcher" do
+      describe ".from_json" do
+        context "with all the fields provided" do
+          it "should create a sensor matcher properly" do
+            sensor_matcher_json = {
+              "xss" => {
+                "libinjection" => true,
+                "exclude_cookies" => false,
+                "exclude_forms" => false,
+                "exclusions" => {"generic" => ["form", "cookies"]},
+                "patterns" => ["1", "2"]
+              }
+            }
+
+            sensor_matcher = SensorsMatcher.from_json(sensor_matcher_json)
+
+            sorted_sensors = sensor_matcher.injections_matcher.sensors.sort
+
+            expect(sorted_sensors.size).to eq(1)
+            expect(sorted_sensors[0].libinjection).to eq(true)
+            expect(sorted_sensors[0].exclude_cookies).to eq(false)
+            expect(sorted_sensors[0].exclude_forms).to eq(false)
+            expect(sorted_sensors[0].exclusions).to eq({"generic" => Set.new(["form", "cookies"])})
+          end
+        end
+      end
+    end
+
+  end
+end

data/spec/lib/tcell_agent/patches_spec.rb

@@ -0,0 +1,156 @@
+require 'spec_helper'
+
+module TCellAgent
+  module Instrumentation
+
+    describe ".block?" do
+
+      context "with an unexpected error" do
+        it "should return nil" do
+          request = double("request")
+          expect(TCellAgent).to receive(:policy).and_raise(Exception.new("UNEXPECTED"))
+          expect(TCellAgent::Patches::MetaData).to_not receive(:build)
+
+          expect(Patches.block?(request)).to eq(nil)
+        end
+      end
+
+      context "with an empty patches policy" do
+        it "should return nil" do
+          request = double("request")
+          expect(TCellAgent).to receive(:policy).and_return(nil)
+          expect(TCellAgent::Patches::MetaData).to_not receive(:build)
+
+          expect(Patches.block?(request)).to eq(nil)
+        end
+      end
+
+      context "with a disabled patches policy" do
+        it "should return nil" do
+          request = double("request")
+          patches = TCellAgent::Policies::PatchesPolicy.from_json({
+            "policy_id" => "policy_id",
+            "version" => 1,
+            "data" => {}
+          })
+          expect(patches.enabled).to eq(false)
+
+          expect(TCellAgent).to receive(:policy).and_return(patches)
+          expect(TCellAgent::Patches::MetaData).to_not receive(:build)
+
+          expect(Patches.block?(request)).to eq(nil)
+        end
+      end
+
+      context "with a patches policy that does not apply" do
+        it "should return nil" do
+          request = double("request")
+          meta_data = double("meta_data")
+          patches = TCellAgent::Policies::PatchesPolicy.from_json({
+            "policy_id" => "policy_id",
+            "version" => 1,
+            "data" => {"blocked_ips" => [{"ip" => "1.1.1.1"}]}
+          })
+          expect(patches.enabled).to eq(true)
+
+          expect(TCellAgent).to receive(:policy).and_return(patches)
+          expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
+            meta_data
+          )
+          expect(meta_data).to receive(:remote_address).and_return("2.2.2.2")
+
+          expect(Patches.block?(request)).to eq(nil)
+        end
+      end
+
+
+      context "with a patches policy that applies" do
+        it "should return a response" do
+          request = double("request")
+          meta_data = double("meta_data")
+          tcell_context = TCellAgent::Instrumentation::TCellData.new
+          patches = TCellAgent::Policies::PatchesPolicy.from_json({
+            "policy_id" => "policy_id",
+            "version" => 1,
+            "data" => {"blocked_ips" => [{"ip" => "1.1.1.1"}]}
+          })
+          expect(patches.enabled).to eq(true)
+          expect(tcell_context.ip_blocking_triggered).to eq(false)
+
+          expect(TCellAgent).to receive(:policy).and_return(patches)
+          expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
+            meta_data
+          )
+          expect(meta_data).to receive(:remote_address).and_return("1.1.1.1")
+          expect(request).to receive(:env).and_return({TCellAgent::Instrumentation::TCELL_ID => tcell_context})
+
+          expect(Patches.block?(request)).to eq(403)
+
+          expect(tcell_context.ip_blocking_triggered).to eq(true)
+        end
+
+        context "and that's complex" do
+          it "should return a response" do
+            request = double("request")
+            meta_data = TCellAgent::SensorEvents::AppSensorMetaEvent.new
+            meta_data.remote_address = "2.3.4.5"
+            meta_data.get_dict = {"paramater" => "<script>"}
+            tcell_context = TCellAgent::Instrumentation::TCellData.new
+            patches = TCellAgent::Policies::PatchesPolicy.from_json({
+              "policy_id" => "policy_id",
+              "version" => 1,
+              "data" => {
+                "blocked_ips" => [{"ip" => "8.8.8.8"}],
+                "block_rules" => [
+                  {"ips" => ["8.8.8.8"]},
+                  {
+                    "ips" => ["2.3.4.5"],
+                    "sensor_matches" => {
+                      "xss" => {"patterns" => ["1", "2", "3", "4", "5", "6", "7", "8"]}
+                    }
+                  }
+                ]
+              }
+            })
+            expect(patches.enabled).to eq(true)
+            expect(tcell_context.ip_blocking_triggered).to eq(false)
+
+            expect(TCellAgent).to receive(:policy).and_return(patches)
+            expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
+              meta_data
+            )
+            expect(request).to receive(:env).and_return({TCellAgent::Instrumentation::TCELL_ID => tcell_context})
+
+            expect(Patches.block?(request)).to eq(403)
+
+            expect(tcell_context.ip_blocking_triggered).to eq(true)
+          end
+        end
+
+        context "with an unexpected error" do
+          it "should return nil" do
+            request = double("request")
+            meta_data = double("meta_data")
+            patches = TCellAgent::Policies::PatchesPolicy.from_json({
+              "policy_id" => "policy_id",
+              "version" => 1,
+              "data" => {"blocked_ips" => [{"ip" => "1.1.1.1"}]}
+            })
+            expect(patches.enabled).to eq(true)
+
+            expect(TCellAgent).to receive(:policy).and_return(patches)
+            expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
+              meta_data
+            )
+            expect(meta_data).to receive(:remote_address).and_raise(Exception.new("UNEXPECTED"))
+            expect(request).to_not receive(:env)
+
+            expect(Patches.block?(request)).to eq(nil)
+          end
+        end
+      end
+
+    end
+
+  end
+end

data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb

@@ -14,7 +14,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -28,7 +28,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -42,7 +42,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -56,7 +56,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(true)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -70,23 +70,23 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(true)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
 
         context "setting exclusions on sensor" do
           it "should have exclude_cookies" do
-            sensor = CmdiSensor.new({"exclusions" => {"word" => ["form", "header"]}})
+            sensor = CmdiSensor.new({"exclusions" => {"word" => Set.new(["form", "header"])}})
             expect(sensor.enabled).to eq(false)
             expect(sensor.detection_point).to eq("cmdi")
             expect(sensor.exclude_headers).to eq(false)
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq(
-              {"word"=>["form", "header"]}
+              {"word"=>Set.new(["form", "header"])}
             )
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -101,7 +101,7 @@ module TCellAgent
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
             expect(sensor.active_pattern_ids).to eq(
-              {"1" => true, "2" => true, "3" => true}
+              Set.new(["1", "2", "3"])
             )
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
@@ -116,12 +116,23 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(true)
           end
         end
 
       end
+
+      describe "#applicable_for_param_type?" do
+        it "should be applicable for all param types" do
+          sensor = CmdiSensor.new
+          expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(true)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(true)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(false)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
+        end
+      end
     end
 
   end

data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb

@@ -14,7 +14,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -28,7 +28,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -42,7 +42,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -56,7 +56,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(true)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -70,7 +70,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(true)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -84,9 +84,9 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq(
-              {"word"=>["form", "header"]}
+              {"word"=>Set.new(["form", "header"])}
             )
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -101,7 +101,7 @@ module TCellAgent
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
             expect(sensor.active_pattern_ids).to eq(
-              {"1" => true, "2" => true, "3" => true}
+              Set.new(["1", "2", "3"])
             )
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
@@ -116,12 +116,23 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(true)
           end
         end
 
       end
+
+      describe "#applicable_for_param_type?" do
+        it "should be applicable for all param types" do
+          sensor = FptSensor.new
+          expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(true)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(true)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(false)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
+        end
+      end
     end
 
   end

data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb

@@ -14,7 +14,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -28,7 +28,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -42,7 +42,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -56,7 +56,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(true)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -70,7 +70,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(true)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -84,9 +84,9 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq(
-              {"word"=>["form", "header"]}
+              {"word"=>Set.new(["form", "header"])}
             )
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
         end
@@ -101,7 +101,7 @@ module TCellAgent
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
             expect(sensor.active_pattern_ids).to eq(
-              {"1" => true, "2" => true, "3" => true}
+              Set.new(["1", "2", "3"])
             )
             expect(sensor.v1_compatability_enabled).to eq(false)
           end
@@ -116,7 +116,7 @@ module TCellAgent
             expect(sensor.exclude_forms).to eq(false)
             expect(sensor.exclude_cookies).to eq(false)
             expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq({})
+            expect(sensor.active_pattern_ids).to eq(Set.new)
             expect(sensor.v1_compatability_enabled).to eq(true)
           end
         end
@@ -124,7 +124,42 @@ module TCellAgent
       end
 
       context "#get_ruleset" do
+        it "should use a different key to obtain the ruleset" do
+          sensor = XssSensor.new
+          expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("xss")
+          sensor.get_ruleset
 
+          sensor = SqliSensor.new
+          expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("sqli")
+          sensor.get_ruleset
+
+          sensor = CmdiSensor.new
+          expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("cmdi")
+          sensor.get_ruleset
+
+          sensor = FptSensor.new
+          expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("fpt")
+          sensor.get_ruleset
+
+          sensor = RetrSensor.new
+          expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("retr")
+          sensor.get_ruleset
+
+          sensor = NullbyteSensor.new
+          expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("nullbyte")
+          sensor.get_ruleset
+        end
+      end
+
+      describe "#applicable_for_param_type?" do
+        it "should be applicable for all param types" do
+          sensor = NullbyteSensor.new
+          expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(true)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(true)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(false)
+          expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
+        end
       end
     end