tcell_agent 0.2.21 → 0.2.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/tcell_agent.rb +1 -0
- data/lib/tcell_agent/api.rb +3 -2
- data/lib/tcell_agent/appsensor/injections_matcher.rb +137 -0
- data/lib/tcell_agent/appsensor/injections_reporter.rb +67 -0
- data/lib/tcell_agent/appsensor/meta_data.rb +71 -0
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +5 -2
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +1 -1
- data/lib/tcell_agent/appsensor/sensor.rb +48 -0
- data/lib/tcell_agent/configuration.rb +15 -2
- data/lib/tcell_agent/instrumentation.rb +3 -2
- data/lib/tcell_agent/logger.rb +19 -3
- data/lib/tcell_agent/patches.rb +26 -0
- data/lib/tcell_agent/patches/block_rule.rb +58 -0
- data/lib/tcell_agent/patches/meta_data.rb +54 -0
- data/lib/tcell_agent/patches/sensors_matcher.rb +30 -0
- data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +7 -3
- data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +32 -38
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +4 -4
- data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +9 -3
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor_policy.rb +55 -131
- data/lib/tcell_agent/policies/content_security_policy.rb +148 -137
- data/lib/tcell_agent/policies/patches_policy.rb +41 -13
- data/lib/tcell_agent/rails.rb +11 -109
- data/lib/tcell_agent/rails/auth/devise.rb +5 -1
- data/lib/tcell_agent/rails/dlp.rb +5 -2
- data/lib/tcell_agent/rails/dlp/process_request.rb +88 -0
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +3 -13
- data/lib/tcell_agent/rails/on_start.rb +5 -101
- data/lib/tcell_agent/rails/routes.rb +240 -81
- data/lib/tcell_agent/rails/routes/grape.rb +113 -0
- data/lib/tcell_agent/rails/routes/route_id.rb +29 -0
- data/lib/tcell_agent/sensor_events/app_config.rb +21 -13
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -26
- data/lib/tcell_agent/servers/passenger.rb +10 -0
- data/lib/tcell_agent/start_background_thread.rb +82 -0
- data/lib/tcell_agent/utils/params.rb +1 -1
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +504 -0
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +222 -0
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +7 -13
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +18 -18
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +381 -0
- data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +35 -0
- data/spec/lib/tcell_agent/patches_spec.rb +156 -0
- data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +21 -10
- data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +44 -9
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +13 -13
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +5 -5
- data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +24 -14
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +243 -241
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +128 -200
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +126 -55
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +485 -24
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +5 -0
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -2
- data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +294 -0
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +80 -0
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +182 -0
- metadata +30 -7
- data/lib/tcell_agent/policies/appsensor/login_sensor.rb +0 -39
- data/lib/tcell_agent/policies/appsensor/sensor.rb +0 -46
- data/lib/tcell_agent/rails/path_parameters_setter.rb +0 -43
- data/spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb +0 -104
@@ -0,0 +1,35 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module TCellAgent
|
4
|
+
module Patches
|
5
|
+
|
6
|
+
describe "SensorsMatcher" do
|
7
|
+
describe ".from_json" do
|
8
|
+
context "with all the fields provided" do
|
9
|
+
it "should create a sensor matcher properly" do
|
10
|
+
sensor_matcher_json = {
|
11
|
+
"xss" => {
|
12
|
+
"libinjection" => true,
|
13
|
+
"exclude_cookies" => false,
|
14
|
+
"exclude_forms" => false,
|
15
|
+
"exclusions" => {"generic" => ["form", "cookies"]},
|
16
|
+
"patterns" => ["1", "2"]
|
17
|
+
}
|
18
|
+
}
|
19
|
+
|
20
|
+
sensor_matcher = SensorsMatcher.from_json(sensor_matcher_json)
|
21
|
+
|
22
|
+
sorted_sensors = sensor_matcher.injections_matcher.sensors.sort
|
23
|
+
|
24
|
+
expect(sorted_sensors.size).to eq(1)
|
25
|
+
expect(sorted_sensors[0].libinjection).to eq(true)
|
26
|
+
expect(sorted_sensors[0].exclude_cookies).to eq(false)
|
27
|
+
expect(sorted_sensors[0].exclude_forms).to eq(false)
|
28
|
+
expect(sorted_sensors[0].exclusions).to eq({"generic" => Set.new(["form", "cookies"])})
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,156 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module TCellAgent
|
4
|
+
module Instrumentation
|
5
|
+
|
6
|
+
describe ".block?" do
|
7
|
+
|
8
|
+
context "with an unexpected error" do
|
9
|
+
it "should return nil" do
|
10
|
+
request = double("request")
|
11
|
+
expect(TCellAgent).to receive(:policy).and_raise(Exception.new("UNEXPECTED"))
|
12
|
+
expect(TCellAgent::Patches::MetaData).to_not receive(:build)
|
13
|
+
|
14
|
+
expect(Patches.block?(request)).to eq(nil)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
context "with an empty patches policy" do
|
19
|
+
it "should return nil" do
|
20
|
+
request = double("request")
|
21
|
+
expect(TCellAgent).to receive(:policy).and_return(nil)
|
22
|
+
expect(TCellAgent::Patches::MetaData).to_not receive(:build)
|
23
|
+
|
24
|
+
expect(Patches.block?(request)).to eq(nil)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context "with a disabled patches policy" do
|
29
|
+
it "should return nil" do
|
30
|
+
request = double("request")
|
31
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
32
|
+
"policy_id" => "policy_id",
|
33
|
+
"version" => 1,
|
34
|
+
"data" => {}
|
35
|
+
})
|
36
|
+
expect(patches.enabled).to eq(false)
|
37
|
+
|
38
|
+
expect(TCellAgent).to receive(:policy).and_return(patches)
|
39
|
+
expect(TCellAgent::Patches::MetaData).to_not receive(:build)
|
40
|
+
|
41
|
+
expect(Patches.block?(request)).to eq(nil)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
context "with a patches policy that does not apply" do
|
46
|
+
it "should return nil" do
|
47
|
+
request = double("request")
|
48
|
+
meta_data = double("meta_data")
|
49
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
50
|
+
"policy_id" => "policy_id",
|
51
|
+
"version" => 1,
|
52
|
+
"data" => {"blocked_ips" => [{"ip" => "1.1.1.1"}]}
|
53
|
+
})
|
54
|
+
expect(patches.enabled).to eq(true)
|
55
|
+
|
56
|
+
expect(TCellAgent).to receive(:policy).and_return(patches)
|
57
|
+
expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
|
58
|
+
meta_data
|
59
|
+
)
|
60
|
+
expect(meta_data).to receive(:remote_address).and_return("2.2.2.2")
|
61
|
+
|
62
|
+
expect(Patches.block?(request)).to eq(nil)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
|
67
|
+
context "with a patches policy that applies" do
|
68
|
+
it "should return a response" do
|
69
|
+
request = double("request")
|
70
|
+
meta_data = double("meta_data")
|
71
|
+
tcell_context = TCellAgent::Instrumentation::TCellData.new
|
72
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
73
|
+
"policy_id" => "policy_id",
|
74
|
+
"version" => 1,
|
75
|
+
"data" => {"blocked_ips" => [{"ip" => "1.1.1.1"}]}
|
76
|
+
})
|
77
|
+
expect(patches.enabled).to eq(true)
|
78
|
+
expect(tcell_context.ip_blocking_triggered).to eq(false)
|
79
|
+
|
80
|
+
expect(TCellAgent).to receive(:policy).and_return(patches)
|
81
|
+
expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
|
82
|
+
meta_data
|
83
|
+
)
|
84
|
+
expect(meta_data).to receive(:remote_address).and_return("1.1.1.1")
|
85
|
+
expect(request).to receive(:env).and_return({TCellAgent::Instrumentation::TCELL_ID => tcell_context})
|
86
|
+
|
87
|
+
expect(Patches.block?(request)).to eq(403)
|
88
|
+
|
89
|
+
expect(tcell_context.ip_blocking_triggered).to eq(true)
|
90
|
+
end
|
91
|
+
|
92
|
+
context "and that's complex" do
|
93
|
+
it "should return a response" do
|
94
|
+
request = double("request")
|
95
|
+
meta_data = TCellAgent::SensorEvents::AppSensorMetaEvent.new
|
96
|
+
meta_data.remote_address = "2.3.4.5"
|
97
|
+
meta_data.get_dict = {"paramater" => "<script>"}
|
98
|
+
tcell_context = TCellAgent::Instrumentation::TCellData.new
|
99
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
100
|
+
"policy_id" => "policy_id",
|
101
|
+
"version" => 1,
|
102
|
+
"data" => {
|
103
|
+
"blocked_ips" => [{"ip" => "8.8.8.8"}],
|
104
|
+
"block_rules" => [
|
105
|
+
{"ips" => ["8.8.8.8"]},
|
106
|
+
{
|
107
|
+
"ips" => ["2.3.4.5"],
|
108
|
+
"sensor_matches" => {
|
109
|
+
"xss" => {"patterns" => ["1", "2", "3", "4", "5", "6", "7", "8"]}
|
110
|
+
}
|
111
|
+
}
|
112
|
+
]
|
113
|
+
}
|
114
|
+
})
|
115
|
+
expect(patches.enabled).to eq(true)
|
116
|
+
expect(tcell_context.ip_blocking_triggered).to eq(false)
|
117
|
+
|
118
|
+
expect(TCellAgent).to receive(:policy).and_return(patches)
|
119
|
+
expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
|
120
|
+
meta_data
|
121
|
+
)
|
122
|
+
expect(request).to receive(:env).and_return({TCellAgent::Instrumentation::TCELL_ID => tcell_context})
|
123
|
+
|
124
|
+
expect(Patches.block?(request)).to eq(403)
|
125
|
+
|
126
|
+
expect(tcell_context.ip_blocking_triggered).to eq(true)
|
127
|
+
end
|
128
|
+
end
|
129
|
+
|
130
|
+
context "with an unexpected error" do
|
131
|
+
it "should return nil" do
|
132
|
+
request = double("request")
|
133
|
+
meta_data = double("meta_data")
|
134
|
+
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
135
|
+
"policy_id" => "policy_id",
|
136
|
+
"version" => 1,
|
137
|
+
"data" => {"blocked_ips" => [{"ip" => "1.1.1.1"}]}
|
138
|
+
})
|
139
|
+
expect(patches.enabled).to eq(true)
|
140
|
+
|
141
|
+
expect(TCellAgent).to receive(:policy).and_return(patches)
|
142
|
+
expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
|
143
|
+
meta_data
|
144
|
+
)
|
145
|
+
expect(meta_data).to receive(:remote_address).and_raise(Exception.new("UNEXPECTED"))
|
146
|
+
expect(request).to_not receive(:env)
|
147
|
+
|
148
|
+
expect(Patches.block?(request)).to eq(nil)
|
149
|
+
end
|
150
|
+
end
|
151
|
+
end
|
152
|
+
|
153
|
+
end
|
154
|
+
|
155
|
+
end
|
156
|
+
end
|
@@ -14,7 +14,7 @@ module TCellAgent
|
|
14
14
|
expect(sensor.exclude_forms).to eq(false)
|
15
15
|
expect(sensor.exclude_cookies).to eq(false)
|
16
16
|
expect(sensor.exclusions).to eq({})
|
17
|
-
expect(sensor.active_pattern_ids).to eq(
|
17
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
18
18
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
19
19
|
end
|
20
20
|
end
|
@@ -28,7 +28,7 @@ module TCellAgent
|
|
28
28
|
expect(sensor.exclude_forms).to eq(false)
|
29
29
|
expect(sensor.exclude_cookies).to eq(false)
|
30
30
|
expect(sensor.exclusions).to eq({})
|
31
|
-
expect(sensor.active_pattern_ids).to eq(
|
31
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
32
32
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
33
33
|
end
|
34
34
|
end
|
@@ -42,7 +42,7 @@ module TCellAgent
|
|
42
42
|
expect(sensor.exclude_forms).to eq(false)
|
43
43
|
expect(sensor.exclude_cookies).to eq(false)
|
44
44
|
expect(sensor.exclusions).to eq({})
|
45
|
-
expect(sensor.active_pattern_ids).to eq(
|
45
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
46
46
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
47
47
|
end
|
48
48
|
end
|
@@ -56,7 +56,7 @@ module TCellAgent
|
|
56
56
|
expect(sensor.exclude_forms).to eq(true)
|
57
57
|
expect(sensor.exclude_cookies).to eq(false)
|
58
58
|
expect(sensor.exclusions).to eq({})
|
59
|
-
expect(sensor.active_pattern_ids).to eq(
|
59
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
60
60
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
61
61
|
end
|
62
62
|
end
|
@@ -70,23 +70,23 @@ module TCellAgent
|
|
70
70
|
expect(sensor.exclude_forms).to eq(false)
|
71
71
|
expect(sensor.exclude_cookies).to eq(true)
|
72
72
|
expect(sensor.exclusions).to eq({})
|
73
|
-
expect(sensor.active_pattern_ids).to eq(
|
73
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
74
74
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
75
75
|
end
|
76
76
|
end
|
77
77
|
|
78
78
|
context "setting exclusions on sensor" do
|
79
79
|
it "should have exclude_cookies" do
|
80
|
-
sensor = CmdiSensor.new({"exclusions" => {"word" => ["form", "header"]}})
|
80
|
+
sensor = CmdiSensor.new({"exclusions" => {"word" => Set.new(["form", "header"])}})
|
81
81
|
expect(sensor.enabled).to eq(false)
|
82
82
|
expect(sensor.detection_point).to eq("cmdi")
|
83
83
|
expect(sensor.exclude_headers).to eq(false)
|
84
84
|
expect(sensor.exclude_forms).to eq(false)
|
85
85
|
expect(sensor.exclude_cookies).to eq(false)
|
86
86
|
expect(sensor.exclusions).to eq(
|
87
|
-
{"word"=>["form", "header"]}
|
87
|
+
{"word"=>Set.new(["form", "header"])}
|
88
88
|
)
|
89
|
-
expect(sensor.active_pattern_ids).to eq(
|
89
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
90
90
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
91
91
|
end
|
92
92
|
end
|
@@ -101,7 +101,7 @@ module TCellAgent
|
|
101
101
|
expect(sensor.exclude_cookies).to eq(false)
|
102
102
|
expect(sensor.exclusions).to eq({})
|
103
103
|
expect(sensor.active_pattern_ids).to eq(
|
104
|
-
|
104
|
+
Set.new(["1", "2", "3"])
|
105
105
|
)
|
106
106
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
107
107
|
end
|
@@ -116,12 +116,23 @@ module TCellAgent
|
|
116
116
|
expect(sensor.exclude_forms).to eq(false)
|
117
117
|
expect(sensor.exclude_cookies).to eq(false)
|
118
118
|
expect(sensor.exclusions).to eq({})
|
119
|
-
expect(sensor.active_pattern_ids).to eq(
|
119
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
120
120
|
expect(sensor.v1_compatability_enabled).to eq(true)
|
121
121
|
end
|
122
122
|
end
|
123
123
|
|
124
124
|
end
|
125
|
+
|
126
|
+
describe "#applicable_for_param_type?" do
|
127
|
+
it "should be applicable for all param types" do
|
128
|
+
sensor = CmdiSensor.new
|
129
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
|
130
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(true)
|
131
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(true)
|
132
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(false)
|
133
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
|
134
|
+
end
|
135
|
+
end
|
125
136
|
end
|
126
137
|
|
127
138
|
end
|
@@ -14,7 +14,7 @@ module TCellAgent
|
|
14
14
|
expect(sensor.exclude_forms).to eq(false)
|
15
15
|
expect(sensor.exclude_cookies).to eq(false)
|
16
16
|
expect(sensor.exclusions).to eq({})
|
17
|
-
expect(sensor.active_pattern_ids).to eq(
|
17
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
18
18
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
19
19
|
end
|
20
20
|
end
|
@@ -28,7 +28,7 @@ module TCellAgent
|
|
28
28
|
expect(sensor.exclude_forms).to eq(false)
|
29
29
|
expect(sensor.exclude_cookies).to eq(false)
|
30
30
|
expect(sensor.exclusions).to eq({})
|
31
|
-
expect(sensor.active_pattern_ids).to eq(
|
31
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
32
32
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
33
33
|
end
|
34
34
|
end
|
@@ -42,7 +42,7 @@ module TCellAgent
|
|
42
42
|
expect(sensor.exclude_forms).to eq(false)
|
43
43
|
expect(sensor.exclude_cookies).to eq(false)
|
44
44
|
expect(sensor.exclusions).to eq({})
|
45
|
-
expect(sensor.active_pattern_ids).to eq(
|
45
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
46
46
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
47
47
|
end
|
48
48
|
end
|
@@ -56,7 +56,7 @@ module TCellAgent
|
|
56
56
|
expect(sensor.exclude_forms).to eq(true)
|
57
57
|
expect(sensor.exclude_cookies).to eq(false)
|
58
58
|
expect(sensor.exclusions).to eq({})
|
59
|
-
expect(sensor.active_pattern_ids).to eq(
|
59
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
60
60
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
61
61
|
end
|
62
62
|
end
|
@@ -70,7 +70,7 @@ module TCellAgent
|
|
70
70
|
expect(sensor.exclude_forms).to eq(false)
|
71
71
|
expect(sensor.exclude_cookies).to eq(true)
|
72
72
|
expect(sensor.exclusions).to eq({})
|
73
|
-
expect(sensor.active_pattern_ids).to eq(
|
73
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
74
74
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
75
75
|
end
|
76
76
|
end
|
@@ -84,9 +84,9 @@ module TCellAgent
|
|
84
84
|
expect(sensor.exclude_forms).to eq(false)
|
85
85
|
expect(sensor.exclude_cookies).to eq(false)
|
86
86
|
expect(sensor.exclusions).to eq(
|
87
|
-
{"word"=>["form", "header"]}
|
87
|
+
{"word"=>Set.new(["form", "header"])}
|
88
88
|
)
|
89
|
-
expect(sensor.active_pattern_ids).to eq(
|
89
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
90
90
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
91
91
|
end
|
92
92
|
end
|
@@ -101,7 +101,7 @@ module TCellAgent
|
|
101
101
|
expect(sensor.exclude_cookies).to eq(false)
|
102
102
|
expect(sensor.exclusions).to eq({})
|
103
103
|
expect(sensor.active_pattern_ids).to eq(
|
104
|
-
|
104
|
+
Set.new(["1", "2", "3"])
|
105
105
|
)
|
106
106
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
107
107
|
end
|
@@ -116,12 +116,23 @@ module TCellAgent
|
|
116
116
|
expect(sensor.exclude_forms).to eq(false)
|
117
117
|
expect(sensor.exclude_cookies).to eq(false)
|
118
118
|
expect(sensor.exclusions).to eq({})
|
119
|
-
expect(sensor.active_pattern_ids).to eq(
|
119
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
120
120
|
expect(sensor.v1_compatability_enabled).to eq(true)
|
121
121
|
end
|
122
122
|
end
|
123
123
|
|
124
124
|
end
|
125
|
+
|
126
|
+
describe "#applicable_for_param_type?" do
|
127
|
+
it "should be applicable for all param types" do
|
128
|
+
sensor = FptSensor.new
|
129
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
|
130
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(true)
|
131
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(true)
|
132
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(false)
|
133
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
|
134
|
+
end
|
135
|
+
end
|
125
136
|
end
|
126
137
|
|
127
138
|
end
|
@@ -14,7 +14,7 @@ module TCellAgent
|
|
14
14
|
expect(sensor.exclude_forms).to eq(false)
|
15
15
|
expect(sensor.exclude_cookies).to eq(false)
|
16
16
|
expect(sensor.exclusions).to eq({})
|
17
|
-
expect(sensor.active_pattern_ids).to eq(
|
17
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
18
18
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
19
19
|
end
|
20
20
|
end
|
@@ -28,7 +28,7 @@ module TCellAgent
|
|
28
28
|
expect(sensor.exclude_forms).to eq(false)
|
29
29
|
expect(sensor.exclude_cookies).to eq(false)
|
30
30
|
expect(sensor.exclusions).to eq({})
|
31
|
-
expect(sensor.active_pattern_ids).to eq(
|
31
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
32
32
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
33
33
|
end
|
34
34
|
end
|
@@ -42,7 +42,7 @@ module TCellAgent
|
|
42
42
|
expect(sensor.exclude_forms).to eq(false)
|
43
43
|
expect(sensor.exclude_cookies).to eq(false)
|
44
44
|
expect(sensor.exclusions).to eq({})
|
45
|
-
expect(sensor.active_pattern_ids).to eq(
|
45
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
46
46
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
47
47
|
end
|
48
48
|
end
|
@@ -56,7 +56,7 @@ module TCellAgent
|
|
56
56
|
expect(sensor.exclude_forms).to eq(true)
|
57
57
|
expect(sensor.exclude_cookies).to eq(false)
|
58
58
|
expect(sensor.exclusions).to eq({})
|
59
|
-
expect(sensor.active_pattern_ids).to eq(
|
59
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
60
60
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
61
61
|
end
|
62
62
|
end
|
@@ -70,7 +70,7 @@ module TCellAgent
|
|
70
70
|
expect(sensor.exclude_forms).to eq(false)
|
71
71
|
expect(sensor.exclude_cookies).to eq(true)
|
72
72
|
expect(sensor.exclusions).to eq({})
|
73
|
-
expect(sensor.active_pattern_ids).to eq(
|
73
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
74
74
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
75
75
|
end
|
76
76
|
end
|
@@ -84,9 +84,9 @@ module TCellAgent
|
|
84
84
|
expect(sensor.exclude_forms).to eq(false)
|
85
85
|
expect(sensor.exclude_cookies).to eq(false)
|
86
86
|
expect(sensor.exclusions).to eq(
|
87
|
-
{"word"=>["form", "header"]}
|
87
|
+
{"word"=>Set.new(["form", "header"])}
|
88
88
|
)
|
89
|
-
expect(sensor.active_pattern_ids).to eq(
|
89
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
90
90
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
91
91
|
end
|
92
92
|
end
|
@@ -101,7 +101,7 @@ module TCellAgent
|
|
101
101
|
expect(sensor.exclude_cookies).to eq(false)
|
102
102
|
expect(sensor.exclusions).to eq({})
|
103
103
|
expect(sensor.active_pattern_ids).to eq(
|
104
|
-
|
104
|
+
Set.new(["1", "2", "3"])
|
105
105
|
)
|
106
106
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
107
107
|
end
|
@@ -116,7 +116,7 @@ module TCellAgent
|
|
116
116
|
expect(sensor.exclude_forms).to eq(false)
|
117
117
|
expect(sensor.exclude_cookies).to eq(false)
|
118
118
|
expect(sensor.exclusions).to eq({})
|
119
|
-
expect(sensor.active_pattern_ids).to eq(
|
119
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
120
120
|
expect(sensor.v1_compatability_enabled).to eq(true)
|
121
121
|
end
|
122
122
|
end
|
@@ -124,7 +124,42 @@ module TCellAgent
|
|
124
124
|
end
|
125
125
|
|
126
126
|
context "#get_ruleset" do
|
127
|
+
it "should use a different key to obtain the ruleset" do
|
128
|
+
sensor = XssSensor.new
|
129
|
+
expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("xss")
|
130
|
+
sensor.get_ruleset
|
127
131
|
|
132
|
+
sensor = SqliSensor.new
|
133
|
+
expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("sqli")
|
134
|
+
sensor.get_ruleset
|
135
|
+
|
136
|
+
sensor = CmdiSensor.new
|
137
|
+
expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("cmdi")
|
138
|
+
sensor.get_ruleset
|
139
|
+
|
140
|
+
sensor = FptSensor.new
|
141
|
+
expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("fpt")
|
142
|
+
sensor.get_ruleset
|
143
|
+
|
144
|
+
sensor = RetrSensor.new
|
145
|
+
expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("retr")
|
146
|
+
sensor.get_ruleset
|
147
|
+
|
148
|
+
sensor = NullbyteSensor.new
|
149
|
+
expect_any_instance_of(AppSensorRuleManager).to receive(:get_ruleset_for).with("nullbyte")
|
150
|
+
sensor.get_ruleset
|
151
|
+
end
|
152
|
+
end
|
153
|
+
|
154
|
+
describe "#applicable_for_param_type?" do
|
155
|
+
it "should be applicable for all param types" do
|
156
|
+
sensor = NullbyteSensor.new
|
157
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
|
158
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(true)
|
159
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(true)
|
160
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(false)
|
161
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
|
162
|
+
end
|
128
163
|
end
|
129
164
|
end
|
130
165
|
|