tcell_agent 0.2.21 → 0.2.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/tcell_agent.rb +1 -0
- data/lib/tcell_agent/api.rb +3 -2
- data/lib/tcell_agent/appsensor/injections_matcher.rb +137 -0
- data/lib/tcell_agent/appsensor/injections_reporter.rb +67 -0
- data/lib/tcell_agent/appsensor/meta_data.rb +71 -0
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +5 -2
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +1 -1
- data/lib/tcell_agent/appsensor/sensor.rb +48 -0
- data/lib/tcell_agent/configuration.rb +15 -2
- data/lib/tcell_agent/instrumentation.rb +3 -2
- data/lib/tcell_agent/logger.rb +19 -3
- data/lib/tcell_agent/patches.rb +26 -0
- data/lib/tcell_agent/patches/block_rule.rb +58 -0
- data/lib/tcell_agent/patches/meta_data.rb +54 -0
- data/lib/tcell_agent/patches/sensors_matcher.rb +30 -0
- data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +7 -3
- data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +32 -38
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +4 -4
- data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +9 -3
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor_policy.rb +55 -131
- data/lib/tcell_agent/policies/content_security_policy.rb +148 -137
- data/lib/tcell_agent/policies/patches_policy.rb +41 -13
- data/lib/tcell_agent/rails.rb +11 -109
- data/lib/tcell_agent/rails/auth/devise.rb +5 -1
- data/lib/tcell_agent/rails/dlp.rb +5 -2
- data/lib/tcell_agent/rails/dlp/process_request.rb +88 -0
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +3 -13
- data/lib/tcell_agent/rails/on_start.rb +5 -101
- data/lib/tcell_agent/rails/routes.rb +240 -81
- data/lib/tcell_agent/rails/routes/grape.rb +113 -0
- data/lib/tcell_agent/rails/routes/route_id.rb +29 -0
- data/lib/tcell_agent/sensor_events/app_config.rb +21 -13
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -26
- data/lib/tcell_agent/servers/passenger.rb +10 -0
- data/lib/tcell_agent/start_background_thread.rb +82 -0
- data/lib/tcell_agent/utils/params.rb +1 -1
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +504 -0
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +222 -0
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +7 -13
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +18 -18
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +381 -0
- data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +35 -0
- data/spec/lib/tcell_agent/patches_spec.rb +156 -0
- data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +21 -10
- data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +44 -9
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +13 -13
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +5 -5
- data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +24 -14
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +243 -241
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +128 -200
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +126 -55
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +485 -24
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +5 -0
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -2
- data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +294 -0
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +80 -0
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +182 -0
- metadata +30 -7
- data/lib/tcell_agent/policies/appsensor/login_sensor.rb +0 -39
- data/lib/tcell_agent/policies/appsensor/sensor.rb +0 -46
- data/lib/tcell_agent/rails/path_parameters_setter.rb +0 -43
- data/spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb +0 -104
|
@@ -51,7 +51,7 @@ module TCellAgent
|
|
|
51
51
|
it "should not send event" do
|
|
52
52
|
sensor = RequestSizeSensor.new({"enabled" => false})
|
|
53
53
|
|
|
54
|
-
expect(
|
|
54
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
55
55
|
sensor.check({}, 10)
|
|
56
56
|
end
|
|
57
57
|
end
|
|
@@ -74,7 +74,7 @@ module TCellAgent
|
|
|
74
74
|
meta.user_id = "user_id"
|
|
75
75
|
meta.transaction_id = "transaction_id"
|
|
76
76
|
|
|
77
|
-
expect(
|
|
77
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
78
78
|
sensor.check(meta, nil)
|
|
79
79
|
end
|
|
80
80
|
end
|
|
@@ -96,7 +96,7 @@ module TCellAgent
|
|
|
96
96
|
meta.user_id = "user_id"
|
|
97
97
|
meta.transaction_id = "transaction_id"
|
|
98
98
|
|
|
99
|
-
expect(
|
|
99
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
100
100
|
sensor.check(meta, 1024)
|
|
101
101
|
end
|
|
102
102
|
end
|
|
@@ -119,7 +119,7 @@ module TCellAgent
|
|
|
119
119
|
meta.user_id = "user_id"
|
|
120
120
|
meta.transaction_id = "transaction_id"
|
|
121
121
|
|
|
122
|
-
expect(
|
|
122
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
123
123
|
sensor.check(meta, 2048)
|
|
124
124
|
end
|
|
125
125
|
end
|
|
@@ -65,7 +65,7 @@ module TCellAgent
|
|
|
65
65
|
meta.user_id = "user_id"
|
|
66
66
|
meta.transaction_id = "transaction_id"
|
|
67
67
|
|
|
68
|
-
expect(
|
|
68
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
69
69
|
sensor.check(meta, 200)
|
|
70
70
|
end
|
|
71
71
|
end
|
|
@@ -86,7 +86,7 @@ module TCellAgent
|
|
|
86
86
|
end
|
|
87
87
|
|
|
88
88
|
it "should not send an event" do
|
|
89
|
-
expect(
|
|
89
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
90
90
|
@sensor.check(@meta, 200)
|
|
91
91
|
end
|
|
92
92
|
|
|
@@ -94,7 +94,7 @@ module TCellAgent
|
|
|
94
94
|
it "should not send an event" do
|
|
95
95
|
@sensor.excluded_route_ids = {}
|
|
96
96
|
|
|
97
|
-
expect(
|
|
97
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
98
98
|
@sensor.check(@meta, 200)
|
|
99
99
|
end
|
|
100
100
|
end
|
|
@@ -104,7 +104,7 @@ module TCellAgent
|
|
|
104
104
|
it "should not send an event" do
|
|
105
105
|
@sensor.excluded_route_ids = {"route_id" => true}
|
|
106
106
|
|
|
107
|
-
expect(
|
|
107
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
108
108
|
@sensor.check(@meta, 200)
|
|
109
109
|
end
|
|
110
110
|
end
|
|
@@ -112,7 +112,7 @@ module TCellAgent
|
|
|
112
112
|
it "should not send an event" do
|
|
113
113
|
@sensor.excluded_route_ids = {"unmatching_route_id" => true}
|
|
114
114
|
|
|
115
|
-
expect(
|
|
115
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
116
116
|
@sensor.check(@meta, 200)
|
|
117
117
|
end
|
|
118
118
|
end
|
|
@@ -131,7 +131,7 @@ module TCellAgent
|
|
|
131
131
|
meta.user_id = "user_id"
|
|
132
132
|
meta.transaction_id = "transaction_id"
|
|
133
133
|
|
|
134
|
-
expect(
|
|
134
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
135
135
|
sensor.check(meta, 300)
|
|
136
136
|
end
|
|
137
137
|
end
|
|
@@ -152,7 +152,7 @@ module TCellAgent
|
|
|
152
152
|
meta.user_id = "user_id"
|
|
153
153
|
meta.transaction_id = "transaction_id"
|
|
154
154
|
|
|
155
|
-
expect(
|
|
155
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
156
156
|
sensor.check(meta, 400)
|
|
157
157
|
end
|
|
158
158
|
end
|
|
@@ -176,7 +176,7 @@ module TCellAgent
|
|
|
176
176
|
end
|
|
177
177
|
|
|
178
178
|
it "should send an event" do
|
|
179
|
-
expect(
|
|
179
|
+
expect(TCellAgent::AppSensor::Sensor).to receive(:send_event).with(
|
|
180
180
|
@meta, ResponseCodesSensor::RESPONSE_CODE_DP_DICT[4], nil, {code: 400} , nil, nil
|
|
181
181
|
)
|
|
182
182
|
@sensor.check(@meta, 400)
|
|
@@ -186,7 +186,7 @@ module TCellAgent
|
|
|
186
186
|
it "should send an event" do
|
|
187
187
|
@sensor.excluded_route_ids = {}
|
|
188
188
|
|
|
189
|
-
expect(
|
|
189
|
+
expect(TCellAgent::AppSensor::Sensor).to receive(:send_event).with(
|
|
190
190
|
@meta, ResponseCodesSensor::RESPONSE_CODE_DP_DICT[4], nil, {code: 400} , nil, nil
|
|
191
191
|
)
|
|
192
192
|
@sensor.check(@meta, 400)
|
|
@@ -198,7 +198,7 @@ module TCellAgent
|
|
|
198
198
|
it "should not send an event" do
|
|
199
199
|
@sensor.excluded_route_ids = {"route_id" => true}
|
|
200
200
|
|
|
201
|
-
expect(
|
|
201
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
202
202
|
@sensor.check(@meta, 400)
|
|
203
203
|
end
|
|
204
204
|
end
|
|
@@ -206,7 +206,7 @@ module TCellAgent
|
|
|
206
206
|
it "should send an event" do
|
|
207
207
|
@sensor.excluded_route_ids = {"unmatching_route_id" => true}
|
|
208
208
|
|
|
209
|
-
expect(
|
|
209
|
+
expect(TCellAgent::AppSensor::Sensor).to receive(:send_event).with(
|
|
210
210
|
@meta, ResponseCodesSensor::RESPONSE_CODE_DP_DICT[4], nil, {code: 400} , nil, nil
|
|
211
211
|
)
|
|
212
212
|
@sensor.check(@meta, 400)
|
|
@@ -232,7 +232,7 @@ module TCellAgent
|
|
|
232
232
|
meta.user_id = "user_id"
|
|
233
233
|
meta.transaction_id = "transaction_id"
|
|
234
234
|
|
|
235
|
-
expect(
|
|
235
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
236
236
|
sensor.check(meta, 500)
|
|
237
237
|
end
|
|
238
238
|
end
|
|
@@ -254,7 +254,7 @@ module TCellAgent
|
|
|
254
254
|
meta.user_id = "user_id"
|
|
255
255
|
meta.transaction_id = "transaction_id"
|
|
256
256
|
|
|
257
|
-
expect(
|
|
257
|
+
expect(TCellAgent::AppSensor::Sensor).to receive(:send_event).with(
|
|
258
258
|
meta, ResponseCodesSensor::RESPONSE_CODE_DP_DICT[500], nil, {code: 500} , nil, nil
|
|
259
259
|
)
|
|
260
260
|
sensor.check(meta, 500)
|
|
@@ -51,7 +51,7 @@ module TCellAgent
|
|
|
51
51
|
it "should not send event" do
|
|
52
52
|
sensor = ResponseSizeSensor.new({"enabled" => false})
|
|
53
53
|
|
|
54
|
-
expect(
|
|
54
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
55
55
|
sensor.check({}, 10)
|
|
56
56
|
end
|
|
57
57
|
end
|
|
@@ -74,7 +74,7 @@ module TCellAgent
|
|
|
74
74
|
meta.user_id = "user_id"
|
|
75
75
|
meta.transaction_id = "transaction_id"
|
|
76
76
|
|
|
77
|
-
expect(
|
|
77
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
78
78
|
sensor.check(meta, nil)
|
|
79
79
|
end
|
|
80
80
|
end
|
|
@@ -96,7 +96,7 @@ module TCellAgent
|
|
|
96
96
|
meta.user_id = "user_id"
|
|
97
97
|
meta.transaction_id = "transaction_id"
|
|
98
98
|
|
|
99
|
-
expect(
|
|
99
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
100
100
|
sensor.check(meta, 1024)
|
|
101
101
|
end
|
|
102
102
|
end
|
|
@@ -119,7 +119,7 @@ module TCellAgent
|
|
|
119
119
|
meta.user_id = "user_id"
|
|
120
120
|
meta.transaction_id = "transaction_id"
|
|
121
121
|
|
|
122
|
-
expect(
|
|
122
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
123
123
|
sensor.check(meta, 2048)
|
|
124
124
|
end
|
|
125
125
|
end
|
|
@@ -141,7 +141,7 @@ module TCellAgent
|
|
|
141
141
|
meta.user_id = "user_id"
|
|
142
142
|
meta.transaction_id = "transaction_id"
|
|
143
143
|
|
|
144
|
-
expect(
|
|
144
|
+
expect(TCellAgent::AppSensor::Sensor).to receive(:send_event).with(
|
|
145
145
|
meta, ResponseSizeSensor::DP_UNUSUAL_RESPONSE_SIZE, nil, {"sz" => 2048}, nil, nil
|
|
146
146
|
)
|
|
147
147
|
sensor.check(meta, 2048)
|
|
@@ -14,7 +14,7 @@ module TCellAgent
|
|
|
14
14
|
expect(sensor.exclude_forms).to eq(false)
|
|
15
15
|
expect(sensor.exclude_cookies).to eq(false)
|
|
16
16
|
expect(sensor.exclusions).to eq({})
|
|
17
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
17
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
18
18
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
19
19
|
end
|
|
20
20
|
end
|
|
@@ -28,7 +28,7 @@ module TCellAgent
|
|
|
28
28
|
expect(sensor.exclude_forms).to eq(false)
|
|
29
29
|
expect(sensor.exclude_cookies).to eq(false)
|
|
30
30
|
expect(sensor.exclusions).to eq({})
|
|
31
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
31
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
32
32
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
33
33
|
end
|
|
34
34
|
end
|
|
@@ -42,7 +42,7 @@ module TCellAgent
|
|
|
42
42
|
expect(sensor.exclude_forms).to eq(false)
|
|
43
43
|
expect(sensor.exclude_cookies).to eq(false)
|
|
44
44
|
expect(sensor.exclusions).to eq({})
|
|
45
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
45
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
46
46
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
47
47
|
end
|
|
48
48
|
end
|
|
@@ -56,7 +56,7 @@ module TCellAgent
|
|
|
56
56
|
expect(sensor.exclude_forms).to eq(true)
|
|
57
57
|
expect(sensor.exclude_cookies).to eq(false)
|
|
58
58
|
expect(sensor.exclusions).to eq({})
|
|
59
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
59
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
60
60
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
61
61
|
end
|
|
62
62
|
end
|
|
@@ -70,7 +70,7 @@ module TCellAgent
|
|
|
70
70
|
expect(sensor.exclude_forms).to eq(false)
|
|
71
71
|
expect(sensor.exclude_cookies).to eq(true)
|
|
72
72
|
expect(sensor.exclusions).to eq({})
|
|
73
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
73
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
74
74
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
75
75
|
end
|
|
76
76
|
end
|
|
@@ -84,9 +84,9 @@ module TCellAgent
|
|
|
84
84
|
expect(sensor.exclude_forms).to eq(false)
|
|
85
85
|
expect(sensor.exclude_cookies).to eq(false)
|
|
86
86
|
expect(sensor.exclusions).to eq(
|
|
87
|
-
{"word"=>["form", "header"]}
|
|
87
|
+
{"word"=>Set.new(["form", "header"])}
|
|
88
88
|
)
|
|
89
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
89
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
90
90
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
91
91
|
end
|
|
92
92
|
end
|
|
@@ -101,7 +101,7 @@ module TCellAgent
|
|
|
101
101
|
expect(sensor.exclude_cookies).to eq(false)
|
|
102
102
|
expect(sensor.exclusions).to eq({})
|
|
103
103
|
expect(sensor.active_pattern_ids).to eq(
|
|
104
|
-
|
|
104
|
+
Set.new(["1", "2", "3"])
|
|
105
105
|
)
|
|
106
106
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
107
107
|
end
|
|
@@ -116,12 +116,23 @@ module TCellAgent
|
|
|
116
116
|
expect(sensor.exclude_forms).to eq(false)
|
|
117
117
|
expect(sensor.exclude_cookies).to eq(false)
|
|
118
118
|
expect(sensor.exclusions).to eq({})
|
|
119
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
119
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
120
120
|
expect(sensor.v1_compatability_enabled).to eq(true)
|
|
121
121
|
end
|
|
122
122
|
end
|
|
123
123
|
|
|
124
124
|
end
|
|
125
|
+
|
|
126
|
+
describe "#applicable_for_param_type?" do
|
|
127
|
+
it "should be applicable for all param types" do
|
|
128
|
+
sensor = RetrSensor.new
|
|
129
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
|
|
130
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(false)
|
|
131
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(false)
|
|
132
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(true)
|
|
133
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
|
|
134
|
+
end
|
|
135
|
+
end
|
|
125
136
|
end
|
|
126
137
|
|
|
127
138
|
end
|
|
@@ -17,7 +17,7 @@ module TCellAgent
|
|
|
17
17
|
expect(sensor.exclude_forms).to eq(false)
|
|
18
18
|
expect(sensor.exclude_cookies).to eq(false)
|
|
19
19
|
expect(sensor.exclusions).to eq({})
|
|
20
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
20
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
21
21
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
22
22
|
end
|
|
23
23
|
end
|
|
@@ -32,7 +32,7 @@ module TCellAgent
|
|
|
32
32
|
expect(sensor.exclude_forms).to eq(false)
|
|
33
33
|
expect(sensor.exclude_cookies).to eq(false)
|
|
34
34
|
expect(sensor.exclusions).to eq({})
|
|
35
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
35
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
36
36
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
37
37
|
end
|
|
38
38
|
end
|
|
@@ -47,7 +47,7 @@ module TCellAgent
|
|
|
47
47
|
expect(sensor.exclude_forms).to eq(false)
|
|
48
48
|
expect(sensor.exclude_cookies).to eq(false)
|
|
49
49
|
expect(sensor.exclusions).to eq({})
|
|
50
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
50
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
51
51
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
52
52
|
end
|
|
53
53
|
end
|
|
@@ -62,7 +62,7 @@ module TCellAgent
|
|
|
62
62
|
expect(sensor.exclude_forms).to eq(false)
|
|
63
63
|
expect(sensor.exclude_cookies).to eq(false)
|
|
64
64
|
expect(sensor.exclusions).to eq({})
|
|
65
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
65
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
66
66
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
67
67
|
end
|
|
68
68
|
end
|
|
@@ -77,7 +77,7 @@ module TCellAgent
|
|
|
77
77
|
expect(sensor.exclude_forms).to eq(true)
|
|
78
78
|
expect(sensor.exclude_cookies).to eq(false)
|
|
79
79
|
expect(sensor.exclusions).to eq({})
|
|
80
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
80
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
81
81
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
82
82
|
end
|
|
83
83
|
end
|
|
@@ -92,7 +92,7 @@ module TCellAgent
|
|
|
92
92
|
expect(sensor.exclude_forms).to eq(false)
|
|
93
93
|
expect(sensor.exclude_cookies).to eq(true)
|
|
94
94
|
expect(sensor.exclusions).to eq({})
|
|
95
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
95
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
96
96
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
97
97
|
end
|
|
98
98
|
end
|
|
@@ -107,9 +107,9 @@ module TCellAgent
|
|
|
107
107
|
expect(sensor.exclude_forms).to eq(false)
|
|
108
108
|
expect(sensor.exclude_cookies).to eq(false)
|
|
109
109
|
expect(sensor.exclusions).to eq(
|
|
110
|
-
{"word"=>["form", "header"]}
|
|
110
|
+
{"word"=>Set.new(["form", "header"])}
|
|
111
111
|
)
|
|
112
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
112
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
113
113
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
114
114
|
end
|
|
115
115
|
end
|
|
@@ -125,7 +125,7 @@ module TCellAgent
|
|
|
125
125
|
expect(sensor.exclude_cookies).to eq(false)
|
|
126
126
|
expect(sensor.exclusions).to eq({})
|
|
127
127
|
expect(sensor.active_pattern_ids).to eq(
|
|
128
|
-
|
|
128
|
+
Set.new(["1", "2", "3"])
|
|
129
129
|
)
|
|
130
130
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
131
131
|
end
|
|
@@ -141,7 +141,7 @@ module TCellAgent
|
|
|
141
141
|
expect(sensor.exclude_forms).to eq(false)
|
|
142
142
|
expect(sensor.exclude_cookies).to eq(false)
|
|
143
143
|
expect(sensor.exclusions).to eq({})
|
|
144
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
144
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
145
145
|
expect(sensor.v1_compatability_enabled).to eq(true)
|
|
146
146
|
end
|
|
147
147
|
end
|
|
@@ -161,7 +161,7 @@ module TCellAgent
|
|
|
161
161
|
ruleset = double("ruleset")
|
|
162
162
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
163
163
|
expect(ruleset).to receive(:check_violation).with(
|
|
164
|
-
"param", "value",
|
|
164
|
+
"param", "value", Set.new, false
|
|
165
165
|
).and_return(nil)
|
|
166
166
|
|
|
167
167
|
expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
|
|
@@ -174,7 +174,7 @@ module TCellAgent
|
|
|
174
174
|
ruleset = double("ruleset")
|
|
175
175
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
176
176
|
expect(ruleset).to receive(:check_violation).with(
|
|
177
|
-
"param", "Müller",
|
|
177
|
+
"param", "Müller", Set.new, false
|
|
178
178
|
).and_return(nil)
|
|
179
179
|
|
|
180
180
|
expect(@sensor.find_vulnerability("param", "Müller")).to eq(nil)
|
|
@@ -209,7 +209,7 @@ module TCellAgent
|
|
|
209
209
|
ruleset = double("ruleset")
|
|
210
210
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
211
211
|
expect(ruleset).to receive(:check_violation).with(
|
|
212
|
-
"param", "value",
|
|
212
|
+
"param", "value", Set.new, false
|
|
213
213
|
).and_return(nil)
|
|
214
214
|
|
|
215
215
|
expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
|
|
@@ -221,7 +221,7 @@ module TCellAgent
|
|
|
221
221
|
ruleset = double("ruleset")
|
|
222
222
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
223
223
|
expect(ruleset).to receive(:check_violation).with(
|
|
224
|
-
"param", "value",
|
|
224
|
+
"param", "value", Set.new, false
|
|
225
225
|
).and_return(true)
|
|
226
226
|
|
|
227
227
|
expect(@sensor.find_vulnerability("param", "value")).to eq(true)
|
|
@@ -230,6 +230,16 @@ module TCellAgent
|
|
|
230
230
|
end
|
|
231
231
|
end
|
|
232
232
|
|
|
233
|
+
describe "#applicable_for_param_type?" do
|
|
234
|
+
it "should be applicable for all param types" do
|
|
235
|
+
sensor = SqliSensor.new
|
|
236
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
|
|
237
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(true)
|
|
238
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(true)
|
|
239
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(true)
|
|
240
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
|
|
241
|
+
end
|
|
242
|
+
end
|
|
233
243
|
end
|
|
234
244
|
|
|
235
245
|
end
|
|
@@ -17,7 +17,7 @@ module TCellAgent
|
|
|
17
17
|
expect(sensor.exclude_forms).to eq(false)
|
|
18
18
|
expect(sensor.exclude_cookies).to eq(false)
|
|
19
19
|
expect(sensor.exclusions).to eq({})
|
|
20
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
20
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
21
21
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
22
22
|
end
|
|
23
23
|
end
|
|
@@ -32,7 +32,7 @@ module TCellAgent
|
|
|
32
32
|
expect(sensor.exclude_forms).to eq(false)
|
|
33
33
|
expect(sensor.exclude_cookies).to eq(false)
|
|
34
34
|
expect(sensor.exclusions).to eq({})
|
|
35
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
35
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
36
36
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
37
37
|
end
|
|
38
38
|
end
|
|
@@ -47,7 +47,7 @@ module TCellAgent
|
|
|
47
47
|
expect(sensor.exclude_forms).to eq(false)
|
|
48
48
|
expect(sensor.exclude_cookies).to eq(false)
|
|
49
49
|
expect(sensor.exclusions).to eq({})
|
|
50
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
50
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
51
51
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
52
52
|
end
|
|
53
53
|
end
|
|
@@ -62,7 +62,7 @@ module TCellAgent
|
|
|
62
62
|
expect(sensor.exclude_forms).to eq(false)
|
|
63
63
|
expect(sensor.exclude_cookies).to eq(false)
|
|
64
64
|
expect(sensor.exclusions).to eq({})
|
|
65
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
65
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
66
66
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
67
67
|
end
|
|
68
68
|
end
|
|
@@ -77,7 +77,7 @@ module TCellAgent
|
|
|
77
77
|
expect(sensor.exclude_forms).to eq(true)
|
|
78
78
|
expect(sensor.exclude_cookies).to eq(false)
|
|
79
79
|
expect(sensor.exclusions).to eq({})
|
|
80
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
80
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
81
81
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
82
82
|
end
|
|
83
83
|
end
|
|
@@ -92,7 +92,7 @@ module TCellAgent
|
|
|
92
92
|
expect(sensor.exclude_forms).to eq(false)
|
|
93
93
|
expect(sensor.exclude_cookies).to eq(true)
|
|
94
94
|
expect(sensor.exclusions).to eq({})
|
|
95
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
95
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
96
96
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
97
97
|
end
|
|
98
98
|
end
|
|
@@ -107,9 +107,9 @@ module TCellAgent
|
|
|
107
107
|
expect(sensor.exclude_forms).to eq(false)
|
|
108
108
|
expect(sensor.exclude_cookies).to eq(false)
|
|
109
109
|
expect(sensor.exclusions).to eq(
|
|
110
|
-
{"word"=>["form", "header"]}
|
|
110
|
+
{"word"=>Set.new(["form", "header"])}
|
|
111
111
|
)
|
|
112
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
112
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
113
113
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
114
114
|
end
|
|
115
115
|
end
|
|
@@ -125,7 +125,7 @@ module TCellAgent
|
|
|
125
125
|
expect(sensor.exclude_cookies).to eq(false)
|
|
126
126
|
expect(sensor.exclusions).to eq({})
|
|
127
127
|
expect(sensor.active_pattern_ids).to eq(
|
|
128
|
-
|
|
128
|
+
Set.new(["1", "2", "3"])
|
|
129
129
|
)
|
|
130
130
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
131
131
|
end
|
|
@@ -141,7 +141,7 @@ module TCellAgent
|
|
|
141
141
|
expect(sensor.exclude_forms).to eq(false)
|
|
142
142
|
expect(sensor.exclude_cookies).to eq(false)
|
|
143
143
|
expect(sensor.exclusions).to eq({})
|
|
144
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
144
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
145
145
|
expect(sensor.v1_compatability_enabled).to eq(true)
|
|
146
146
|
end
|
|
147
147
|
end
|
|
@@ -156,9 +156,9 @@ module TCellAgent
|
|
|
156
156
|
expect(sensor.exclude_forms).to eq(false)
|
|
157
157
|
expect(sensor.exclude_cookies).to eq(false)
|
|
158
158
|
expect(sensor.exclusions).to eq({})
|
|
159
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
159
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
160
160
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
161
|
-
expect(sensor.excluded_route_ids).to eq(
|
|
161
|
+
expect(sensor.excluded_route_ids).to eq(Set.new(["excluded_route_id"]))
|
|
162
162
|
end
|
|
163
163
|
end
|
|
164
164
|
end
|
|
@@ -176,7 +176,7 @@ module TCellAgent
|
|
|
176
176
|
ruleset = double("ruleset")
|
|
177
177
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
178
178
|
expect(ruleset).to receive(:check_violation).with(
|
|
179
|
-
"param", "value",
|
|
179
|
+
"param", "value", Set.new, false
|
|
180
180
|
).and_return(nil)
|
|
181
181
|
|
|
182
182
|
expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
|
|
@@ -189,7 +189,7 @@ module TCellAgent
|
|
|
189
189
|
ruleset = double("ruleset")
|
|
190
190
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
191
191
|
expect(ruleset).to receive(:check_violation).with(
|
|
192
|
-
"param", "Müller",
|
|
192
|
+
"param", "Müller", Set.new, false
|
|
193
193
|
).and_return(nil)
|
|
194
194
|
|
|
195
195
|
expect(@sensor.find_vulnerability("param", "Müller")).to eq(nil)
|
|
@@ -224,7 +224,7 @@ module TCellAgent
|
|
|
224
224
|
ruleset = double("ruleset")
|
|
225
225
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
226
226
|
expect(ruleset).to receive(:check_violation).with(
|
|
227
|
-
"param", "value",
|
|
227
|
+
"param", "value", Set.new, false
|
|
228
228
|
).and_return(nil)
|
|
229
229
|
|
|
230
230
|
expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
|
|
@@ -236,7 +236,7 @@ module TCellAgent
|
|
|
236
236
|
ruleset = double("ruleset")
|
|
237
237
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
238
238
|
expect(ruleset).to receive(:check_violation).with(
|
|
239
|
-
"param", "value",
|
|
239
|
+
"param", "value", Set.new, false
|
|
240
240
|
).and_return(true)
|
|
241
241
|
|
|
242
242
|
expect(@sensor.find_vulnerability("param", "value")).to eq(true)
|
|
@@ -245,47 +245,27 @@ module TCellAgent
|
|
|
245
245
|
end
|
|
246
246
|
end
|
|
247
247
|
|
|
248
|
-
describe "#
|
|
248
|
+
describe "#get_injection_attempt" do
|
|
249
249
|
before(:each) do
|
|
250
|
-
@
|
|
251
|
-
|
|
252
|
-
@
|
|
253
|
-
@
|
|
254
|
-
@
|
|
255
|
-
@
|
|
256
|
-
@
|
|
257
|
-
@
|
|
258
|
-
@meta.user_id = "user_id"
|
|
259
|
-
@meta.transaction_id = "transaction_id"
|
|
260
|
-
end
|
|
261
|
-
|
|
262
|
-
context "disabled sensor" do
|
|
263
|
-
it "should return false" do
|
|
264
|
-
expect(@payloads_policy).to_not receive(:apply)
|
|
265
|
-
|
|
266
|
-
sensor = XssSensor.new({"enabled" => false})
|
|
267
|
-
result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
|
|
268
|
-
|
|
269
|
-
expect(result).to eq(false)
|
|
270
|
-
end
|
|
250
|
+
@appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new
|
|
251
|
+
@appsensor_meta.remote_address = "remote_address"
|
|
252
|
+
@appsensor_meta.method = "get"
|
|
253
|
+
@appsensor_meta.location = "location"
|
|
254
|
+
@appsensor_meta.route_id = "route_id"
|
|
255
|
+
@appsensor_meta.session_id = "session_id"
|
|
256
|
+
@appsensor_meta.user_id = "user_id"
|
|
257
|
+
@appsensor_meta.transaction_id = "transaction_id"
|
|
271
258
|
end
|
|
272
259
|
|
|
273
260
|
context "enabled sensor" do
|
|
274
|
-
before(:each) do
|
|
275
|
-
@sensor = XssSensor.new({"enabled" => true})
|
|
276
|
-
end
|
|
277
|
-
|
|
278
261
|
context "param has NO vulnerability" do
|
|
279
262
|
it "should return false" do
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
sensor = XssSensor.new({"enabled" => false})
|
|
283
|
-
result = sensor.check(
|
|
263
|
+
sensor = XssSensor.new({"enabled" => true})
|
|
264
|
+
result = sensor.get_injection_attempt(
|
|
284
265
|
XssSensor::GET_PARAM,
|
|
285
|
-
@
|
|
266
|
+
@appsensor_meta,
|
|
286
267
|
"param_name",
|
|
287
|
-
"param_value"
|
|
288
|
-
@payloads_policy
|
|
268
|
+
"param_value"
|
|
289
269
|
)
|
|
290
270
|
|
|
291
271
|
expect(result).to eq(false)
|
|
@@ -293,8 +273,13 @@ module TCellAgent
|
|
|
293
273
|
|
|
294
274
|
context "no excluded routes" do
|
|
295
275
|
it "should return false" do
|
|
296
|
-
sensor = XssSensor.new({"enabled" =>
|
|
297
|
-
result = sensor.
|
|
276
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_routes" => []})
|
|
277
|
+
result = sensor.get_injection_attempt(
|
|
278
|
+
XssSensor::GET_PARAM,
|
|
279
|
+
@appsensor_meta,
|
|
280
|
+
"param_name",
|
|
281
|
+
"param_value"
|
|
282
|
+
)
|
|
298
283
|
|
|
299
284
|
expect(result).to eq(false)
|
|
300
285
|
end
|
|
@@ -303,16 +288,26 @@ module TCellAgent
|
|
|
303
288
|
context "has excluded routes" do
|
|
304
289
|
context "route id matches" do
|
|
305
290
|
it "should return false" do
|
|
306
|
-
sensor = XssSensor.new({"enabled" =>
|
|
307
|
-
result = sensor.
|
|
291
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_routes" => ["route_id"]})
|
|
292
|
+
result = sensor.get_injection_attempt(
|
|
293
|
+
XssSensor::GET_PARAM,
|
|
294
|
+
@appsensor_meta,
|
|
295
|
+
"param_name",
|
|
296
|
+
"param_value"
|
|
297
|
+
)
|
|
308
298
|
|
|
309
299
|
expect(result).to eq(false)
|
|
310
300
|
end
|
|
311
301
|
end
|
|
312
302
|
context "route id does not match" do
|
|
313
303
|
it "should return false" do
|
|
314
|
-
sensor = XssSensor.new({"enabled" =>
|
|
315
|
-
result = sensor.
|
|
304
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_routes" => ["unmatching_route_id"]})
|
|
305
|
+
result = sensor.get_injection_attempt(
|
|
306
|
+
XssSensor::GET_PARAM,
|
|
307
|
+
@appsensor_meta,
|
|
308
|
+
"param_name",
|
|
309
|
+
"param_value"
|
|
310
|
+
)
|
|
316
311
|
|
|
317
312
|
expect(result).to eq(false)
|
|
318
313
|
end
|
|
@@ -324,40 +319,41 @@ module TCellAgent
|
|
|
324
319
|
context "param is a URI param" do
|
|
325
320
|
context "exclude forms sensor" do
|
|
326
321
|
it "should return false" do
|
|
327
|
-
|
|
328
|
-
@sensor.exclude_cookies = false
|
|
322
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_forms" => true})
|
|
329
323
|
|
|
330
|
-
expect(
|
|
331
|
-
expect(@sensor).to_not receive(:find_vulnerability)
|
|
332
|
-
expect(@sensor).to_not receive(:send_event)
|
|
324
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
333
325
|
|
|
334
|
-
result =
|
|
326
|
+
result = sensor.get_injection_attempt(
|
|
327
|
+
XssSensor::URI_PARAM,
|
|
328
|
+
@appsensor_meta,
|
|
329
|
+
"param_name",
|
|
330
|
+
"param_value"
|
|
331
|
+
)
|
|
335
332
|
|
|
336
333
|
expect(result).to eq(false)
|
|
337
334
|
end
|
|
338
335
|
end
|
|
339
336
|
|
|
340
337
|
context "exclude cookies sensor" do
|
|
341
|
-
it "should return
|
|
342
|
-
|
|
343
|
-
@sensor.exclude_cookies = true
|
|
338
|
+
it "should return the injection attempt" do
|
|
339
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_cookies" => true})
|
|
344
340
|
|
|
345
|
-
expect(
|
|
346
|
-
expect(@sensor).to receive(:find_vulnerability).and_return(
|
|
341
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
347
342
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
348
343
|
)
|
|
349
|
-
expect(@sensor).to receive(:send_event).with(
|
|
350
|
-
@meta,
|
|
351
|
-
"xss",
|
|
352
|
-
"vuln_param",
|
|
353
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::URI_PARAM]},
|
|
354
|
-
"vuln_value",
|
|
355
|
-
"1"
|
|
356
|
-
)
|
|
357
344
|
|
|
358
|
-
result =
|
|
345
|
+
result = sensor.get_injection_attempt(
|
|
346
|
+
XssSensor::URI_PARAM,
|
|
347
|
+
@appsensor_meta,
|
|
348
|
+
"param_name",
|
|
349
|
+
"param_value"
|
|
350
|
+
)
|
|
359
351
|
|
|
360
|
-
expect(result).to eq(
|
|
352
|
+
expect(result.type_of_param).to eq(XssSensor::URI_PARAM)
|
|
353
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
354
|
+
expect(result.param_name).to eq("vuln_param")
|
|
355
|
+
expect(result.param_value).to eq("vuln_value")
|
|
356
|
+
expect(result.pattern).to eq("1")
|
|
361
357
|
end
|
|
362
358
|
end
|
|
363
359
|
end
|
|
@@ -365,19 +361,15 @@ module TCellAgent
|
|
|
365
361
|
context "param is a GET param" do
|
|
366
362
|
context "exclude forms sensor" do
|
|
367
363
|
it "should return false" do
|
|
368
|
-
|
|
369
|
-
@sensor.exclude_cookies = false
|
|
364
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_forms" => true})
|
|
370
365
|
|
|
371
|
-
expect(
|
|
372
|
-
expect(@sensor).to_not receive(:find_vulnerability)
|
|
373
|
-
expect(@sensor).to_not receive(:send_event)
|
|
366
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
374
367
|
|
|
375
|
-
result =
|
|
368
|
+
result = sensor.get_injection_attempt(
|
|
376
369
|
XssSensor::GET_PARAM,
|
|
377
|
-
@
|
|
370
|
+
@appsensor_meta,
|
|
378
371
|
"param_name",
|
|
379
|
-
"param_value"
|
|
380
|
-
@payloads_policy
|
|
372
|
+
"param_value"
|
|
381
373
|
)
|
|
382
374
|
|
|
383
375
|
expect(result).to eq(false)
|
|
@@ -385,15 +377,16 @@ module TCellAgent
|
|
|
385
377
|
|
|
386
378
|
context "no excluded routes" do
|
|
387
379
|
it "should return false" do
|
|
388
|
-
|
|
389
|
-
@sensor.exclude_cookies = false
|
|
390
|
-
@sensor.excluded_route_ids = {}
|
|
380
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_forms" => true, "exclude_routes" => []})
|
|
391
381
|
|
|
392
|
-
expect(
|
|
393
|
-
expect(@sensor).to_not receive(:find_vulnerability)
|
|
394
|
-
expect(@sensor).to_not receive(:send_event)
|
|
382
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
395
383
|
|
|
396
|
-
result =
|
|
384
|
+
result = sensor.get_injection_attempt(
|
|
385
|
+
XssSensor::GET_PARAM,
|
|
386
|
+
@appsensor_meta,
|
|
387
|
+
"param_name",
|
|
388
|
+
"param_value"
|
|
389
|
+
)
|
|
397
390
|
|
|
398
391
|
expect(result).to eq(false)
|
|
399
392
|
end
|
|
@@ -402,30 +395,41 @@ module TCellAgent
|
|
|
402
395
|
context "has excluded routes" do
|
|
403
396
|
context "route id matches" do
|
|
404
397
|
it "should return false" do
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
expect(
|
|
412
|
-
|
|
413
|
-
result =
|
|
398
|
+
sensor = XssSensor.new({
|
|
399
|
+
"enabled" => true,
|
|
400
|
+
"exclude_forms" => true,
|
|
401
|
+
"exclude_routes" => ["route_id"]
|
|
402
|
+
})
|
|
403
|
+
|
|
404
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
405
|
+
|
|
406
|
+
result = sensor.get_injection_attempt(
|
|
407
|
+
XssSensor::GET_PARAM,
|
|
408
|
+
@appsensor_meta,
|
|
409
|
+
"param_name",
|
|
410
|
+
"param_value"
|
|
411
|
+
)
|
|
414
412
|
|
|
415
413
|
expect(result).to eq(false)
|
|
416
414
|
end
|
|
417
415
|
end
|
|
416
|
+
|
|
418
417
|
context "route id does not match" do
|
|
419
418
|
it "should return false" do
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
expect(
|
|
427
|
-
|
|
428
|
-
result =
|
|
419
|
+
sensor = XssSensor.new({
|
|
420
|
+
"enabled" => true,
|
|
421
|
+
"exclude_forms" => true,
|
|
422
|
+
"exclude_routes" => ["unmatching_route_id"]
|
|
423
|
+
})
|
|
424
|
+
|
|
425
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
426
|
+
|
|
427
|
+
result = sensor.get_injection_attempt(
|
|
428
|
+
XssSensor::GET_PARAM,
|
|
429
|
+
@appsensor_meta,
|
|
430
|
+
"param_name",
|
|
431
|
+
"param_value"
|
|
432
|
+
)
|
|
429
433
|
|
|
430
434
|
expect(result).to eq(false)
|
|
431
435
|
end
|
|
@@ -435,72 +439,73 @@ module TCellAgent
|
|
|
435
439
|
|
|
436
440
|
context "exclude cookies sensor" do
|
|
437
441
|
it "should return true" do
|
|
438
|
-
|
|
439
|
-
|
|
442
|
+
sensor = XssSensor.new({
|
|
443
|
+
"enabled" => true,
|
|
444
|
+
"exclude_cookies" => true,
|
|
445
|
+
})
|
|
440
446
|
|
|
441
|
-
expect(
|
|
447
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
442
448
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
443
449
|
)
|
|
444
|
-
expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
|
|
445
|
-
expect(@sensor).to receive(:send_event).with(
|
|
446
|
-
@meta,
|
|
447
|
-
"xss",
|
|
448
|
-
"vuln_param",
|
|
449
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
|
|
450
|
-
"vuln_value",
|
|
451
|
-
"1"
|
|
452
|
-
)
|
|
453
450
|
|
|
454
|
-
result =
|
|
451
|
+
result = sensor.get_injection_attempt(
|
|
455
452
|
XssSensor::GET_PARAM,
|
|
456
|
-
@
|
|
453
|
+
@appsensor_meta,
|
|
457
454
|
"param_name",
|
|
458
455
|
"param_value",
|
|
459
|
-
@payloads_policy
|
|
460
456
|
)
|
|
461
457
|
|
|
462
|
-
expect(result).to eq(
|
|
458
|
+
expect(result.type_of_param).to eq(XssSensor::GET_PARAM)
|
|
459
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
460
|
+
expect(result.param_name).to eq("vuln_param")
|
|
461
|
+
expect(result.param_value).to eq("vuln_value")
|
|
462
|
+
expect(result.pattern).to eq("1")
|
|
463
463
|
end
|
|
464
464
|
|
|
465
465
|
context "no excluded routes" do
|
|
466
466
|
it "should return true" do
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
467
|
+
sensor = XssSensor.new({
|
|
468
|
+
"enabled" => true,
|
|
469
|
+
"exclude_cookies" => true,
|
|
470
|
+
"exclude_routes" => []
|
|
471
|
+
})
|
|
470
472
|
|
|
471
|
-
expect(
|
|
473
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
472
474
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
473
475
|
)
|
|
474
|
-
expect(@payloads_policy).to receive(:apply).with(
|
|
475
|
-
"xss", {}, "get", "vuln_param", "vuln_value", {"l"=>"query"}, "1"
|
|
476
|
-
).and_return("vuln_value")
|
|
477
|
-
expect(@sensor).to receive(:send_event).with(
|
|
478
|
-
@meta,
|
|
479
|
-
"xss",
|
|
480
|
-
"vuln_param",
|
|
481
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
|
|
482
|
-
"vuln_value",
|
|
483
|
-
"1"
|
|
484
|
-
)
|
|
485
476
|
|
|
486
|
-
result =
|
|
477
|
+
result = sensor.get_injection_attempt(
|
|
478
|
+
XssSensor::GET_PARAM,
|
|
479
|
+
@appsensor_meta,
|
|
480
|
+
"param_name",
|
|
481
|
+
"param_value"
|
|
482
|
+
)
|
|
487
483
|
|
|
488
|
-
expect(result).to eq(
|
|
484
|
+
expect(result.type_of_param).to eq(XssSensor::GET_PARAM)
|
|
485
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
486
|
+
expect(result.param_name).to eq("vuln_param")
|
|
487
|
+
expect(result.param_value).to eq("vuln_value")
|
|
488
|
+
expect(result.pattern).to eq("1")
|
|
489
489
|
end
|
|
490
490
|
end
|
|
491
491
|
|
|
492
492
|
context "has excluded routes" do
|
|
493
493
|
context "route id matches" do
|
|
494
494
|
it "should return false" do
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
expect(
|
|
502
|
-
|
|
503
|
-
result =
|
|
495
|
+
sensor = XssSensor.new({
|
|
496
|
+
"enabled" => true,
|
|
497
|
+
"exclude_cookies" => true,
|
|
498
|
+
"exclude_routes" => ["route_id"]
|
|
499
|
+
})
|
|
500
|
+
|
|
501
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
502
|
+
|
|
503
|
+
result = sensor.get_injection_attempt(
|
|
504
|
+
XssSensor::GET_PARAM,
|
|
505
|
+
@appsensor_meta,
|
|
506
|
+
"param_name",
|
|
507
|
+
"param_value"
|
|
508
|
+
)
|
|
504
509
|
|
|
505
510
|
expect(result).to eq(false)
|
|
506
511
|
end
|
|
@@ -508,28 +513,28 @@ module TCellAgent
|
|
|
508
513
|
|
|
509
514
|
context "route id does not match" do
|
|
510
515
|
it "should return true" do
|
|
511
|
-
|
|
512
|
-
|
|
513
|
-
|
|
516
|
+
sensor = XssSensor.new({
|
|
517
|
+
"enabled" => true,
|
|
518
|
+
"exclude_cookies" => true,
|
|
519
|
+
"exclude_routes" => ["unmatching_route_id"]
|
|
520
|
+
})
|
|
514
521
|
|
|
515
|
-
expect(
|
|
522
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
516
523
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
517
524
|
)
|
|
518
|
-
expect(@payloads_policy).to receive(:apply).with(
|
|
519
|
-
"xss", {}, "get", "vuln_param", "vuln_value", {"l"=>"query"}, "1"
|
|
520
|
-
).and_return("vuln_value")
|
|
521
|
-
expect(@sensor).to receive(:send_event).with(
|
|
522
|
-
@meta,
|
|
523
|
-
"xss",
|
|
524
|
-
"vuln_param",
|
|
525
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
|
|
526
|
-
"vuln_value",
|
|
527
|
-
"1"
|
|
528
|
-
)
|
|
529
525
|
|
|
530
|
-
result =
|
|
526
|
+
result = sensor.get_injection_attempt(
|
|
527
|
+
XssSensor::GET_PARAM,
|
|
528
|
+
@appsensor_meta,
|
|
529
|
+
"param_name",
|
|
530
|
+
"param_value"
|
|
531
|
+
)
|
|
531
532
|
|
|
532
|
-
expect(result).to eq(
|
|
533
|
+
expect(result.type_of_param).to eq(XssSensor::GET_PARAM)
|
|
534
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
535
|
+
expect(result.param_name).to eq("vuln_param")
|
|
536
|
+
expect(result.param_value).to eq("vuln_value")
|
|
537
|
+
expect(result.pattern).to eq("1")
|
|
533
538
|
end
|
|
534
539
|
end
|
|
535
540
|
end
|
|
@@ -539,19 +544,18 @@ module TCellAgent
|
|
|
539
544
|
context "param is a POST param" do
|
|
540
545
|
context "exclude forms sensor" do
|
|
541
546
|
it "should return false" do
|
|
542
|
-
|
|
543
|
-
|
|
547
|
+
sensor = XssSensor.new({
|
|
548
|
+
"enabled" => true,
|
|
549
|
+
"exclude_forms" => true
|
|
550
|
+
})
|
|
544
551
|
|
|
545
|
-
expect(
|
|
546
|
-
expect(@sensor).to_not receive(:find_vulnerability)
|
|
547
|
-
expect(@sensor).to_not receive(:send_event)
|
|
552
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
548
553
|
|
|
549
|
-
result =
|
|
554
|
+
result = sensor.get_injection_attempt(
|
|
550
555
|
XssSensor::POST_PARAM,
|
|
551
|
-
@
|
|
556
|
+
@appsensor_meta,
|
|
552
557
|
"param_name",
|
|
553
558
|
"param_value",
|
|
554
|
-
@payloads_policy
|
|
555
559
|
)
|
|
556
560
|
|
|
557
561
|
expect(result).to eq(false)
|
|
@@ -560,31 +564,27 @@ module TCellAgent
|
|
|
560
564
|
|
|
561
565
|
context "exclude cookies sensor" do
|
|
562
566
|
it "should return true" do
|
|
563
|
-
|
|
564
|
-
|
|
567
|
+
sensor = XssSensor.new({
|
|
568
|
+
"enabled" => true,
|
|
569
|
+
"exclude_cookies" => true
|
|
570
|
+
})
|
|
565
571
|
|
|
566
|
-
expect(
|
|
572
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
567
573
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
568
574
|
)
|
|
569
|
-
expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
|
|
570
|
-
expect(@sensor).to receive(:send_event).with(
|
|
571
|
-
@meta,
|
|
572
|
-
"xss",
|
|
573
|
-
"vuln_param",
|
|
574
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::POST_PARAM]},
|
|
575
|
-
"vuln_value",
|
|
576
|
-
"1"
|
|
577
|
-
)
|
|
578
575
|
|
|
579
|
-
result =
|
|
576
|
+
result = sensor.get_injection_attempt(
|
|
580
577
|
XssSensor::POST_PARAM,
|
|
581
|
-
@
|
|
578
|
+
@appsensor_meta,
|
|
582
579
|
"param_name",
|
|
583
580
|
"param_value",
|
|
584
|
-
@payloads_policy
|
|
585
581
|
)
|
|
586
582
|
|
|
587
|
-
expect(result).to eq(
|
|
583
|
+
expect(result.type_of_param).to eq(XssSensor::POST_PARAM)
|
|
584
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
585
|
+
expect(result.param_name).to eq("vuln_param")
|
|
586
|
+
expect(result.param_value).to eq("vuln_value")
|
|
587
|
+
expect(result.pattern).to eq("1")
|
|
588
588
|
end
|
|
589
589
|
end
|
|
590
590
|
end
|
|
@@ -592,19 +592,18 @@ module TCellAgent
|
|
|
592
592
|
context "param is a JSON param" do
|
|
593
593
|
context "exclude forms sensor" do
|
|
594
594
|
it "should return false" do
|
|
595
|
-
|
|
596
|
-
|
|
595
|
+
sensor = XssSensor.new({
|
|
596
|
+
"enabled" => true,
|
|
597
|
+
"exclude_forms" => true
|
|
598
|
+
})
|
|
597
599
|
|
|
598
|
-
expect(
|
|
599
|
-
expect(@sensor).to_not receive(:find_vulnerability)
|
|
600
|
-
expect(@sensor).to_not receive(:send_event)
|
|
600
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
601
601
|
|
|
602
|
-
result =
|
|
602
|
+
result = sensor.get_injection_attempt(
|
|
603
603
|
XssSensor::JSON_PARAM,
|
|
604
|
-
@
|
|
604
|
+
@appsensor_meta,
|
|
605
605
|
"param_name",
|
|
606
606
|
"param_value",
|
|
607
|
-
@payloads_policy
|
|
608
607
|
)
|
|
609
608
|
|
|
610
609
|
expect(result).to eq(false)
|
|
@@ -613,31 +612,27 @@ module TCellAgent
|
|
|
613
612
|
|
|
614
613
|
context "exclude cookies sensor" do
|
|
615
614
|
it "should return true" do
|
|
616
|
-
|
|
617
|
-
|
|
615
|
+
sensor = XssSensor.new({
|
|
616
|
+
"enabled" => true,
|
|
617
|
+
"exclude_cookies" => true
|
|
618
|
+
})
|
|
618
619
|
|
|
619
|
-
expect(
|
|
620
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
620
621
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
621
622
|
)
|
|
622
|
-
expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
|
|
623
|
-
expect(@sensor).to receive(:send_event).with(
|
|
624
|
-
@meta,
|
|
625
|
-
"xss",
|
|
626
|
-
"vuln_param",
|
|
627
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::JSON_PARAM]},
|
|
628
|
-
"vuln_value",
|
|
629
|
-
"1"
|
|
630
|
-
)
|
|
631
623
|
|
|
632
|
-
result =
|
|
624
|
+
result = sensor.get_injection_attempt(
|
|
633
625
|
XssSensor::JSON_PARAM,
|
|
634
|
-
@
|
|
626
|
+
@appsensor_meta,
|
|
635
627
|
"param_name",
|
|
636
628
|
"param_value",
|
|
637
|
-
@payloads_policy
|
|
638
629
|
)
|
|
639
630
|
|
|
640
|
-
expect(result).to eq(
|
|
631
|
+
expect(result.type_of_param).to eq(XssSensor::JSON_PARAM)
|
|
632
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
633
|
+
expect(result.param_name).to eq("vuln_param")
|
|
634
|
+
expect(result.param_value).to eq("vuln_value")
|
|
635
|
+
expect(result.pattern).to eq("1")
|
|
641
636
|
end
|
|
642
637
|
end
|
|
643
638
|
end
|
|
@@ -645,49 +640,44 @@ module TCellAgent
|
|
|
645
640
|
context "param is a COOKIE param" do
|
|
646
641
|
context "exclude forms sensor" do
|
|
647
642
|
it "should return true" do
|
|
648
|
-
|
|
649
|
-
|
|
643
|
+
sensor = XssSensor.new({
|
|
644
|
+
"enabled" => true,
|
|
645
|
+
"exclude_forms" => true
|
|
646
|
+
})
|
|
650
647
|
|
|
651
|
-
expect(
|
|
648
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
652
649
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
653
650
|
)
|
|
654
|
-
expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
|
|
655
|
-
expect(@sensor).to receive(:send_event).with(
|
|
656
|
-
@meta,
|
|
657
|
-
"xss",
|
|
658
|
-
"vuln_param",
|
|
659
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::COOKIE_PARAM]},
|
|
660
|
-
"vuln_value",
|
|
661
|
-
"1"
|
|
662
|
-
)
|
|
663
651
|
|
|
664
|
-
result =
|
|
652
|
+
result = sensor.get_injection_attempt(
|
|
665
653
|
XssSensor::COOKIE_PARAM,
|
|
666
|
-
@
|
|
654
|
+
@appsensor_meta,
|
|
667
655
|
"param_name",
|
|
668
656
|
"param_value",
|
|
669
|
-
@payloads_policy
|
|
670
657
|
)
|
|
671
658
|
|
|
672
|
-
expect(result).to eq(
|
|
659
|
+
expect(result.type_of_param).to eq(XssSensor::COOKIE_PARAM)
|
|
660
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
661
|
+
expect(result.param_name).to eq("vuln_param")
|
|
662
|
+
expect(result.param_value).to eq("vuln_value")
|
|
663
|
+
expect(result.pattern).to eq("1")
|
|
673
664
|
end
|
|
674
665
|
end
|
|
675
666
|
|
|
676
667
|
context "exclude cookies sensor" do
|
|
677
668
|
it "should return false" do
|
|
678
|
-
|
|
679
|
-
|
|
669
|
+
sensor = XssSensor.new({
|
|
670
|
+
"enabled" => true,
|
|
671
|
+
"exclude_cookies" => true
|
|
672
|
+
})
|
|
680
673
|
|
|
681
|
-
expect(
|
|
682
|
-
expect(@payloads_policy).to_not receive(:apply)
|
|
683
|
-
expect(@sensor).to_not receive(:send_event)
|
|
674
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
684
675
|
|
|
685
|
-
result =
|
|
676
|
+
result = sensor.get_injection_attempt(
|
|
686
677
|
XssSensor::COOKIE_PARAM,
|
|
687
|
-
@
|
|
678
|
+
@appsensor_meta,
|
|
688
679
|
"param_name",
|
|
689
680
|
"param_value",
|
|
690
|
-
@payloads_policy
|
|
691
681
|
)
|
|
692
682
|
|
|
693
683
|
expect(result).to eq(false)
|
|
@@ -696,6 +686,18 @@ module TCellAgent
|
|
|
696
686
|
end
|
|
697
687
|
end
|
|
698
688
|
end
|
|
689
|
+
|
|
690
|
+
end
|
|
691
|
+
|
|
692
|
+
describe "#applicable_for_param_type?" do
|
|
693
|
+
it "should be applicable for all param types" do
|
|
694
|
+
sensor = XssSensor.new
|
|
695
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
|
|
696
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(true)
|
|
697
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(true)
|
|
698
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(true)
|
|
699
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
|
|
700
|
+
end
|
|
699
701
|
end
|
|
700
702
|
end
|
|
701
703
|
|