tcell_agent 0.2.21 → 0.2.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/tcell_agent.rb +1 -0
- data/lib/tcell_agent/api.rb +3 -2
- data/lib/tcell_agent/appsensor/injections_matcher.rb +137 -0
- data/lib/tcell_agent/appsensor/injections_reporter.rb +67 -0
- data/lib/tcell_agent/appsensor/meta_data.rb +71 -0
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +5 -2
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +1 -1
- data/lib/tcell_agent/appsensor/sensor.rb +48 -0
- data/lib/tcell_agent/configuration.rb +15 -2
- data/lib/tcell_agent/instrumentation.rb +3 -2
- data/lib/tcell_agent/logger.rb +19 -3
- data/lib/tcell_agent/patches.rb +26 -0
- data/lib/tcell_agent/patches/block_rule.rb +58 -0
- data/lib/tcell_agent/patches/meta_data.rb +54 -0
- data/lib/tcell_agent/patches/sensors_matcher.rb +30 -0
- data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +7 -3
- data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +32 -38
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +4 -4
- data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +9 -3
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor_policy.rb +55 -131
- data/lib/tcell_agent/policies/content_security_policy.rb +148 -137
- data/lib/tcell_agent/policies/patches_policy.rb +41 -13
- data/lib/tcell_agent/rails.rb +11 -109
- data/lib/tcell_agent/rails/auth/devise.rb +5 -1
- data/lib/tcell_agent/rails/dlp.rb +5 -2
- data/lib/tcell_agent/rails/dlp/process_request.rb +88 -0
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +3 -13
- data/lib/tcell_agent/rails/on_start.rb +5 -101
- data/lib/tcell_agent/rails/routes.rb +240 -81
- data/lib/tcell_agent/rails/routes/grape.rb +113 -0
- data/lib/tcell_agent/rails/routes/route_id.rb +29 -0
- data/lib/tcell_agent/sensor_events/app_config.rb +21 -13
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -26
- data/lib/tcell_agent/servers/passenger.rb +10 -0
- data/lib/tcell_agent/start_background_thread.rb +82 -0
- data/lib/tcell_agent/utils/params.rb +1 -1
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +504 -0
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +222 -0
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +7 -13
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +18 -18
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +381 -0
- data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +35 -0
- data/spec/lib/tcell_agent/patches_spec.rb +156 -0
- data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +21 -10
- data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +44 -9
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +13 -13
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +5 -5
- data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +24 -14
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +243 -241
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +128 -200
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +126 -55
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +485 -24
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +5 -0
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -2
- data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +294 -0
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +80 -0
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +182 -0
- metadata +30 -7
- data/lib/tcell_agent/policies/appsensor/login_sensor.rb +0 -39
- data/lib/tcell_agent/policies/appsensor/sensor.rb +0 -46
- data/lib/tcell_agent/rails/path_parameters_setter.rb +0 -43
- data/spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb +0 -104
|
@@ -51,7 +51,7 @@ module TCellAgent
|
|
|
51
51
|
it "should not send event" do
|
|
52
52
|
sensor = RequestSizeSensor.new({"enabled" => false})
|
|
53
53
|
|
|
54
|
-
expect(
|
|
54
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
55
55
|
sensor.check({}, 10)
|
|
56
56
|
end
|
|
57
57
|
end
|
|
@@ -74,7 +74,7 @@ module TCellAgent
|
|
|
74
74
|
meta.user_id = "user_id"
|
|
75
75
|
meta.transaction_id = "transaction_id"
|
|
76
76
|
|
|
77
|
-
expect(
|
|
77
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
78
78
|
sensor.check(meta, nil)
|
|
79
79
|
end
|
|
80
80
|
end
|
|
@@ -96,7 +96,7 @@ module TCellAgent
|
|
|
96
96
|
meta.user_id = "user_id"
|
|
97
97
|
meta.transaction_id = "transaction_id"
|
|
98
98
|
|
|
99
|
-
expect(
|
|
99
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
100
100
|
sensor.check(meta, 1024)
|
|
101
101
|
end
|
|
102
102
|
end
|
|
@@ -119,7 +119,7 @@ module TCellAgent
|
|
|
119
119
|
meta.user_id = "user_id"
|
|
120
120
|
meta.transaction_id = "transaction_id"
|
|
121
121
|
|
|
122
|
-
expect(
|
|
122
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
123
123
|
sensor.check(meta, 2048)
|
|
124
124
|
end
|
|
125
125
|
end
|
|
@@ -65,7 +65,7 @@ module TCellAgent
|
|
|
65
65
|
meta.user_id = "user_id"
|
|
66
66
|
meta.transaction_id = "transaction_id"
|
|
67
67
|
|
|
68
|
-
expect(
|
|
68
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
69
69
|
sensor.check(meta, 200)
|
|
70
70
|
end
|
|
71
71
|
end
|
|
@@ -86,7 +86,7 @@ module TCellAgent
|
|
|
86
86
|
end
|
|
87
87
|
|
|
88
88
|
it "should not send an event" do
|
|
89
|
-
expect(
|
|
89
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
90
90
|
@sensor.check(@meta, 200)
|
|
91
91
|
end
|
|
92
92
|
|
|
@@ -94,7 +94,7 @@ module TCellAgent
|
|
|
94
94
|
it "should not send an event" do
|
|
95
95
|
@sensor.excluded_route_ids = {}
|
|
96
96
|
|
|
97
|
-
expect(
|
|
97
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
98
98
|
@sensor.check(@meta, 200)
|
|
99
99
|
end
|
|
100
100
|
end
|
|
@@ -104,7 +104,7 @@ module TCellAgent
|
|
|
104
104
|
it "should not send an event" do
|
|
105
105
|
@sensor.excluded_route_ids = {"route_id" => true}
|
|
106
106
|
|
|
107
|
-
expect(
|
|
107
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
108
108
|
@sensor.check(@meta, 200)
|
|
109
109
|
end
|
|
110
110
|
end
|
|
@@ -112,7 +112,7 @@ module TCellAgent
|
|
|
112
112
|
it "should not send an event" do
|
|
113
113
|
@sensor.excluded_route_ids = {"unmatching_route_id" => true}
|
|
114
114
|
|
|
115
|
-
expect(
|
|
115
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
116
116
|
@sensor.check(@meta, 200)
|
|
117
117
|
end
|
|
118
118
|
end
|
|
@@ -131,7 +131,7 @@ module TCellAgent
|
|
|
131
131
|
meta.user_id = "user_id"
|
|
132
132
|
meta.transaction_id = "transaction_id"
|
|
133
133
|
|
|
134
|
-
expect(
|
|
134
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
135
135
|
sensor.check(meta, 300)
|
|
136
136
|
end
|
|
137
137
|
end
|
|
@@ -152,7 +152,7 @@ module TCellAgent
|
|
|
152
152
|
meta.user_id = "user_id"
|
|
153
153
|
meta.transaction_id = "transaction_id"
|
|
154
154
|
|
|
155
|
-
expect(
|
|
155
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
156
156
|
sensor.check(meta, 400)
|
|
157
157
|
end
|
|
158
158
|
end
|
|
@@ -176,7 +176,7 @@ module TCellAgent
|
|
|
176
176
|
end
|
|
177
177
|
|
|
178
178
|
it "should send an event" do
|
|
179
|
-
expect(
|
|
179
|
+
expect(TCellAgent::AppSensor::Sensor).to receive(:send_event).with(
|
|
180
180
|
@meta, ResponseCodesSensor::RESPONSE_CODE_DP_DICT[4], nil, {code: 400} , nil, nil
|
|
181
181
|
)
|
|
182
182
|
@sensor.check(@meta, 400)
|
|
@@ -186,7 +186,7 @@ module TCellAgent
|
|
|
186
186
|
it "should send an event" do
|
|
187
187
|
@sensor.excluded_route_ids = {}
|
|
188
188
|
|
|
189
|
-
expect(
|
|
189
|
+
expect(TCellAgent::AppSensor::Sensor).to receive(:send_event).with(
|
|
190
190
|
@meta, ResponseCodesSensor::RESPONSE_CODE_DP_DICT[4], nil, {code: 400} , nil, nil
|
|
191
191
|
)
|
|
192
192
|
@sensor.check(@meta, 400)
|
|
@@ -198,7 +198,7 @@ module TCellAgent
|
|
|
198
198
|
it "should not send an event" do
|
|
199
199
|
@sensor.excluded_route_ids = {"route_id" => true}
|
|
200
200
|
|
|
201
|
-
expect(
|
|
201
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
202
202
|
@sensor.check(@meta, 400)
|
|
203
203
|
end
|
|
204
204
|
end
|
|
@@ -206,7 +206,7 @@ module TCellAgent
|
|
|
206
206
|
it "should send an event" do
|
|
207
207
|
@sensor.excluded_route_ids = {"unmatching_route_id" => true}
|
|
208
208
|
|
|
209
|
-
expect(
|
|
209
|
+
expect(TCellAgent::AppSensor::Sensor).to receive(:send_event).with(
|
|
210
210
|
@meta, ResponseCodesSensor::RESPONSE_CODE_DP_DICT[4], nil, {code: 400} , nil, nil
|
|
211
211
|
)
|
|
212
212
|
@sensor.check(@meta, 400)
|
|
@@ -232,7 +232,7 @@ module TCellAgent
|
|
|
232
232
|
meta.user_id = "user_id"
|
|
233
233
|
meta.transaction_id = "transaction_id"
|
|
234
234
|
|
|
235
|
-
expect(
|
|
235
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
236
236
|
sensor.check(meta, 500)
|
|
237
237
|
end
|
|
238
238
|
end
|
|
@@ -254,7 +254,7 @@ module TCellAgent
|
|
|
254
254
|
meta.user_id = "user_id"
|
|
255
255
|
meta.transaction_id = "transaction_id"
|
|
256
256
|
|
|
257
|
-
expect(
|
|
257
|
+
expect(TCellAgent::AppSensor::Sensor).to receive(:send_event).with(
|
|
258
258
|
meta, ResponseCodesSensor::RESPONSE_CODE_DP_DICT[500], nil, {code: 500} , nil, nil
|
|
259
259
|
)
|
|
260
260
|
sensor.check(meta, 500)
|
|
@@ -51,7 +51,7 @@ module TCellAgent
|
|
|
51
51
|
it "should not send event" do
|
|
52
52
|
sensor = ResponseSizeSensor.new({"enabled" => false})
|
|
53
53
|
|
|
54
|
-
expect(
|
|
54
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
55
55
|
sensor.check({}, 10)
|
|
56
56
|
end
|
|
57
57
|
end
|
|
@@ -74,7 +74,7 @@ module TCellAgent
|
|
|
74
74
|
meta.user_id = "user_id"
|
|
75
75
|
meta.transaction_id = "transaction_id"
|
|
76
76
|
|
|
77
|
-
expect(
|
|
77
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
78
78
|
sensor.check(meta, nil)
|
|
79
79
|
end
|
|
80
80
|
end
|
|
@@ -96,7 +96,7 @@ module TCellAgent
|
|
|
96
96
|
meta.user_id = "user_id"
|
|
97
97
|
meta.transaction_id = "transaction_id"
|
|
98
98
|
|
|
99
|
-
expect(
|
|
99
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
100
100
|
sensor.check(meta, 1024)
|
|
101
101
|
end
|
|
102
102
|
end
|
|
@@ -119,7 +119,7 @@ module TCellAgent
|
|
|
119
119
|
meta.user_id = "user_id"
|
|
120
120
|
meta.transaction_id = "transaction_id"
|
|
121
121
|
|
|
122
|
-
expect(
|
|
122
|
+
expect(TCellAgent::AppSensor::Sensor).to_not receive(:send_event)
|
|
123
123
|
sensor.check(meta, 2048)
|
|
124
124
|
end
|
|
125
125
|
end
|
|
@@ -141,7 +141,7 @@ module TCellAgent
|
|
|
141
141
|
meta.user_id = "user_id"
|
|
142
142
|
meta.transaction_id = "transaction_id"
|
|
143
143
|
|
|
144
|
-
expect(
|
|
144
|
+
expect(TCellAgent::AppSensor::Sensor).to receive(:send_event).with(
|
|
145
145
|
meta, ResponseSizeSensor::DP_UNUSUAL_RESPONSE_SIZE, nil, {"sz" => 2048}, nil, nil
|
|
146
146
|
)
|
|
147
147
|
sensor.check(meta, 2048)
|
|
@@ -14,7 +14,7 @@ module TCellAgent
|
|
|
14
14
|
expect(sensor.exclude_forms).to eq(false)
|
|
15
15
|
expect(sensor.exclude_cookies).to eq(false)
|
|
16
16
|
expect(sensor.exclusions).to eq({})
|
|
17
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
17
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
18
18
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
19
19
|
end
|
|
20
20
|
end
|
|
@@ -28,7 +28,7 @@ module TCellAgent
|
|
|
28
28
|
expect(sensor.exclude_forms).to eq(false)
|
|
29
29
|
expect(sensor.exclude_cookies).to eq(false)
|
|
30
30
|
expect(sensor.exclusions).to eq({})
|
|
31
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
31
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
32
32
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
33
33
|
end
|
|
34
34
|
end
|
|
@@ -42,7 +42,7 @@ module TCellAgent
|
|
|
42
42
|
expect(sensor.exclude_forms).to eq(false)
|
|
43
43
|
expect(sensor.exclude_cookies).to eq(false)
|
|
44
44
|
expect(sensor.exclusions).to eq({})
|
|
45
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
45
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
46
46
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
47
47
|
end
|
|
48
48
|
end
|
|
@@ -56,7 +56,7 @@ module TCellAgent
|
|
|
56
56
|
expect(sensor.exclude_forms).to eq(true)
|
|
57
57
|
expect(sensor.exclude_cookies).to eq(false)
|
|
58
58
|
expect(sensor.exclusions).to eq({})
|
|
59
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
59
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
60
60
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
61
61
|
end
|
|
62
62
|
end
|
|
@@ -70,7 +70,7 @@ module TCellAgent
|
|
|
70
70
|
expect(sensor.exclude_forms).to eq(false)
|
|
71
71
|
expect(sensor.exclude_cookies).to eq(true)
|
|
72
72
|
expect(sensor.exclusions).to eq({})
|
|
73
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
73
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
74
74
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
75
75
|
end
|
|
76
76
|
end
|
|
@@ -84,9 +84,9 @@ module TCellAgent
|
|
|
84
84
|
expect(sensor.exclude_forms).to eq(false)
|
|
85
85
|
expect(sensor.exclude_cookies).to eq(false)
|
|
86
86
|
expect(sensor.exclusions).to eq(
|
|
87
|
-
{"word"=>["form", "header"]}
|
|
87
|
+
{"word"=>Set.new(["form", "header"])}
|
|
88
88
|
)
|
|
89
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
89
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
90
90
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
91
91
|
end
|
|
92
92
|
end
|
|
@@ -101,7 +101,7 @@ module TCellAgent
|
|
|
101
101
|
expect(sensor.exclude_cookies).to eq(false)
|
|
102
102
|
expect(sensor.exclusions).to eq({})
|
|
103
103
|
expect(sensor.active_pattern_ids).to eq(
|
|
104
|
-
|
|
104
|
+
Set.new(["1", "2", "3"])
|
|
105
105
|
)
|
|
106
106
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
107
107
|
end
|
|
@@ -116,12 +116,23 @@ module TCellAgent
|
|
|
116
116
|
expect(sensor.exclude_forms).to eq(false)
|
|
117
117
|
expect(sensor.exclude_cookies).to eq(false)
|
|
118
118
|
expect(sensor.exclusions).to eq({})
|
|
119
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
119
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
120
120
|
expect(sensor.v1_compatability_enabled).to eq(true)
|
|
121
121
|
end
|
|
122
122
|
end
|
|
123
123
|
|
|
124
124
|
end
|
|
125
|
+
|
|
126
|
+
describe "#applicable_for_param_type?" do
|
|
127
|
+
it "should be applicable for all param types" do
|
|
128
|
+
sensor = RetrSensor.new
|
|
129
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
|
|
130
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(false)
|
|
131
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(false)
|
|
132
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(true)
|
|
133
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
|
|
134
|
+
end
|
|
135
|
+
end
|
|
125
136
|
end
|
|
126
137
|
|
|
127
138
|
end
|
|
@@ -17,7 +17,7 @@ module TCellAgent
|
|
|
17
17
|
expect(sensor.exclude_forms).to eq(false)
|
|
18
18
|
expect(sensor.exclude_cookies).to eq(false)
|
|
19
19
|
expect(sensor.exclusions).to eq({})
|
|
20
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
20
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
21
21
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
22
22
|
end
|
|
23
23
|
end
|
|
@@ -32,7 +32,7 @@ module TCellAgent
|
|
|
32
32
|
expect(sensor.exclude_forms).to eq(false)
|
|
33
33
|
expect(sensor.exclude_cookies).to eq(false)
|
|
34
34
|
expect(sensor.exclusions).to eq({})
|
|
35
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
35
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
36
36
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
37
37
|
end
|
|
38
38
|
end
|
|
@@ -47,7 +47,7 @@ module TCellAgent
|
|
|
47
47
|
expect(sensor.exclude_forms).to eq(false)
|
|
48
48
|
expect(sensor.exclude_cookies).to eq(false)
|
|
49
49
|
expect(sensor.exclusions).to eq({})
|
|
50
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
50
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
51
51
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
52
52
|
end
|
|
53
53
|
end
|
|
@@ -62,7 +62,7 @@ module TCellAgent
|
|
|
62
62
|
expect(sensor.exclude_forms).to eq(false)
|
|
63
63
|
expect(sensor.exclude_cookies).to eq(false)
|
|
64
64
|
expect(sensor.exclusions).to eq({})
|
|
65
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
65
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
66
66
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
67
67
|
end
|
|
68
68
|
end
|
|
@@ -77,7 +77,7 @@ module TCellAgent
|
|
|
77
77
|
expect(sensor.exclude_forms).to eq(true)
|
|
78
78
|
expect(sensor.exclude_cookies).to eq(false)
|
|
79
79
|
expect(sensor.exclusions).to eq({})
|
|
80
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
80
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
81
81
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
82
82
|
end
|
|
83
83
|
end
|
|
@@ -92,7 +92,7 @@ module TCellAgent
|
|
|
92
92
|
expect(sensor.exclude_forms).to eq(false)
|
|
93
93
|
expect(sensor.exclude_cookies).to eq(true)
|
|
94
94
|
expect(sensor.exclusions).to eq({})
|
|
95
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
95
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
96
96
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
97
97
|
end
|
|
98
98
|
end
|
|
@@ -107,9 +107,9 @@ module TCellAgent
|
|
|
107
107
|
expect(sensor.exclude_forms).to eq(false)
|
|
108
108
|
expect(sensor.exclude_cookies).to eq(false)
|
|
109
109
|
expect(sensor.exclusions).to eq(
|
|
110
|
-
{"word"=>["form", "header"]}
|
|
110
|
+
{"word"=>Set.new(["form", "header"])}
|
|
111
111
|
)
|
|
112
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
112
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
113
113
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
114
114
|
end
|
|
115
115
|
end
|
|
@@ -125,7 +125,7 @@ module TCellAgent
|
|
|
125
125
|
expect(sensor.exclude_cookies).to eq(false)
|
|
126
126
|
expect(sensor.exclusions).to eq({})
|
|
127
127
|
expect(sensor.active_pattern_ids).to eq(
|
|
128
|
-
|
|
128
|
+
Set.new(["1", "2", "3"])
|
|
129
129
|
)
|
|
130
130
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
131
131
|
end
|
|
@@ -141,7 +141,7 @@ module TCellAgent
|
|
|
141
141
|
expect(sensor.exclude_forms).to eq(false)
|
|
142
142
|
expect(sensor.exclude_cookies).to eq(false)
|
|
143
143
|
expect(sensor.exclusions).to eq({})
|
|
144
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
144
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
145
145
|
expect(sensor.v1_compatability_enabled).to eq(true)
|
|
146
146
|
end
|
|
147
147
|
end
|
|
@@ -161,7 +161,7 @@ module TCellAgent
|
|
|
161
161
|
ruleset = double("ruleset")
|
|
162
162
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
163
163
|
expect(ruleset).to receive(:check_violation).with(
|
|
164
|
-
"param", "value",
|
|
164
|
+
"param", "value", Set.new, false
|
|
165
165
|
).and_return(nil)
|
|
166
166
|
|
|
167
167
|
expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
|
|
@@ -174,7 +174,7 @@ module TCellAgent
|
|
|
174
174
|
ruleset = double("ruleset")
|
|
175
175
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
176
176
|
expect(ruleset).to receive(:check_violation).with(
|
|
177
|
-
"param", "Müller",
|
|
177
|
+
"param", "Müller", Set.new, false
|
|
178
178
|
).and_return(nil)
|
|
179
179
|
|
|
180
180
|
expect(@sensor.find_vulnerability("param", "Müller")).to eq(nil)
|
|
@@ -209,7 +209,7 @@ module TCellAgent
|
|
|
209
209
|
ruleset = double("ruleset")
|
|
210
210
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
211
211
|
expect(ruleset).to receive(:check_violation).with(
|
|
212
|
-
"param", "value",
|
|
212
|
+
"param", "value", Set.new, false
|
|
213
213
|
).and_return(nil)
|
|
214
214
|
|
|
215
215
|
expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
|
|
@@ -221,7 +221,7 @@ module TCellAgent
|
|
|
221
221
|
ruleset = double("ruleset")
|
|
222
222
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
223
223
|
expect(ruleset).to receive(:check_violation).with(
|
|
224
|
-
"param", "value",
|
|
224
|
+
"param", "value", Set.new, false
|
|
225
225
|
).and_return(true)
|
|
226
226
|
|
|
227
227
|
expect(@sensor.find_vulnerability("param", "value")).to eq(true)
|
|
@@ -230,6 +230,16 @@ module TCellAgent
|
|
|
230
230
|
end
|
|
231
231
|
end
|
|
232
232
|
|
|
233
|
+
describe "#applicable_for_param_type?" do
|
|
234
|
+
it "should be applicable for all param types" do
|
|
235
|
+
sensor = SqliSensor.new
|
|
236
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
|
|
237
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(true)
|
|
238
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(true)
|
|
239
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(true)
|
|
240
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
|
|
241
|
+
end
|
|
242
|
+
end
|
|
233
243
|
end
|
|
234
244
|
|
|
235
245
|
end
|
|
@@ -17,7 +17,7 @@ module TCellAgent
|
|
|
17
17
|
expect(sensor.exclude_forms).to eq(false)
|
|
18
18
|
expect(sensor.exclude_cookies).to eq(false)
|
|
19
19
|
expect(sensor.exclusions).to eq({})
|
|
20
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
20
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
21
21
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
22
22
|
end
|
|
23
23
|
end
|
|
@@ -32,7 +32,7 @@ module TCellAgent
|
|
|
32
32
|
expect(sensor.exclude_forms).to eq(false)
|
|
33
33
|
expect(sensor.exclude_cookies).to eq(false)
|
|
34
34
|
expect(sensor.exclusions).to eq({})
|
|
35
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
35
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
36
36
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
37
37
|
end
|
|
38
38
|
end
|
|
@@ -47,7 +47,7 @@ module TCellAgent
|
|
|
47
47
|
expect(sensor.exclude_forms).to eq(false)
|
|
48
48
|
expect(sensor.exclude_cookies).to eq(false)
|
|
49
49
|
expect(sensor.exclusions).to eq({})
|
|
50
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
50
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
51
51
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
52
52
|
end
|
|
53
53
|
end
|
|
@@ -62,7 +62,7 @@ module TCellAgent
|
|
|
62
62
|
expect(sensor.exclude_forms).to eq(false)
|
|
63
63
|
expect(sensor.exclude_cookies).to eq(false)
|
|
64
64
|
expect(sensor.exclusions).to eq({})
|
|
65
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
65
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
66
66
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
67
67
|
end
|
|
68
68
|
end
|
|
@@ -77,7 +77,7 @@ module TCellAgent
|
|
|
77
77
|
expect(sensor.exclude_forms).to eq(true)
|
|
78
78
|
expect(sensor.exclude_cookies).to eq(false)
|
|
79
79
|
expect(sensor.exclusions).to eq({})
|
|
80
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
80
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
81
81
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
82
82
|
end
|
|
83
83
|
end
|
|
@@ -92,7 +92,7 @@ module TCellAgent
|
|
|
92
92
|
expect(sensor.exclude_forms).to eq(false)
|
|
93
93
|
expect(sensor.exclude_cookies).to eq(true)
|
|
94
94
|
expect(sensor.exclusions).to eq({})
|
|
95
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
95
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
96
96
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
97
97
|
end
|
|
98
98
|
end
|
|
@@ -107,9 +107,9 @@ module TCellAgent
|
|
|
107
107
|
expect(sensor.exclude_forms).to eq(false)
|
|
108
108
|
expect(sensor.exclude_cookies).to eq(false)
|
|
109
109
|
expect(sensor.exclusions).to eq(
|
|
110
|
-
{"word"=>["form", "header"]}
|
|
110
|
+
{"word"=>Set.new(["form", "header"])}
|
|
111
111
|
)
|
|
112
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
112
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
113
113
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
114
114
|
end
|
|
115
115
|
end
|
|
@@ -125,7 +125,7 @@ module TCellAgent
|
|
|
125
125
|
expect(sensor.exclude_cookies).to eq(false)
|
|
126
126
|
expect(sensor.exclusions).to eq({})
|
|
127
127
|
expect(sensor.active_pattern_ids).to eq(
|
|
128
|
-
|
|
128
|
+
Set.new(["1", "2", "3"])
|
|
129
129
|
)
|
|
130
130
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
131
131
|
end
|
|
@@ -141,7 +141,7 @@ module TCellAgent
|
|
|
141
141
|
expect(sensor.exclude_forms).to eq(false)
|
|
142
142
|
expect(sensor.exclude_cookies).to eq(false)
|
|
143
143
|
expect(sensor.exclusions).to eq({})
|
|
144
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
144
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
145
145
|
expect(sensor.v1_compatability_enabled).to eq(true)
|
|
146
146
|
end
|
|
147
147
|
end
|
|
@@ -156,9 +156,9 @@ module TCellAgent
|
|
|
156
156
|
expect(sensor.exclude_forms).to eq(false)
|
|
157
157
|
expect(sensor.exclude_cookies).to eq(false)
|
|
158
158
|
expect(sensor.exclusions).to eq({})
|
|
159
|
-
expect(sensor.active_pattern_ids).to eq(
|
|
159
|
+
expect(sensor.active_pattern_ids).to eq(Set.new)
|
|
160
160
|
expect(sensor.v1_compatability_enabled).to eq(false)
|
|
161
|
-
expect(sensor.excluded_route_ids).to eq(
|
|
161
|
+
expect(sensor.excluded_route_ids).to eq(Set.new(["excluded_route_id"]))
|
|
162
162
|
end
|
|
163
163
|
end
|
|
164
164
|
end
|
|
@@ -176,7 +176,7 @@ module TCellAgent
|
|
|
176
176
|
ruleset = double("ruleset")
|
|
177
177
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
178
178
|
expect(ruleset).to receive(:check_violation).with(
|
|
179
|
-
"param", "value",
|
|
179
|
+
"param", "value", Set.new, false
|
|
180
180
|
).and_return(nil)
|
|
181
181
|
|
|
182
182
|
expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
|
|
@@ -189,7 +189,7 @@ module TCellAgent
|
|
|
189
189
|
ruleset = double("ruleset")
|
|
190
190
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
191
191
|
expect(ruleset).to receive(:check_violation).with(
|
|
192
|
-
"param", "Müller",
|
|
192
|
+
"param", "Müller", Set.new, false
|
|
193
193
|
).and_return(nil)
|
|
194
194
|
|
|
195
195
|
expect(@sensor.find_vulnerability("param", "Müller")).to eq(nil)
|
|
@@ -224,7 +224,7 @@ module TCellAgent
|
|
|
224
224
|
ruleset = double("ruleset")
|
|
225
225
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
226
226
|
expect(ruleset).to receive(:check_violation).with(
|
|
227
|
-
"param", "value",
|
|
227
|
+
"param", "value", Set.new, false
|
|
228
228
|
).and_return(nil)
|
|
229
229
|
|
|
230
230
|
expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
|
|
@@ -236,7 +236,7 @@ module TCellAgent
|
|
|
236
236
|
ruleset = double("ruleset")
|
|
237
237
|
expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
|
|
238
238
|
expect(ruleset).to receive(:check_violation).with(
|
|
239
|
-
"param", "value",
|
|
239
|
+
"param", "value", Set.new, false
|
|
240
240
|
).and_return(true)
|
|
241
241
|
|
|
242
242
|
expect(@sensor.find_vulnerability("param", "value")).to eq(true)
|
|
@@ -245,47 +245,27 @@ module TCellAgent
|
|
|
245
245
|
end
|
|
246
246
|
end
|
|
247
247
|
|
|
248
|
-
describe "#
|
|
248
|
+
describe "#get_injection_attempt" do
|
|
249
249
|
before(:each) do
|
|
250
|
-
@
|
|
251
|
-
|
|
252
|
-
@
|
|
253
|
-
@
|
|
254
|
-
@
|
|
255
|
-
@
|
|
256
|
-
@
|
|
257
|
-
@
|
|
258
|
-
@meta.user_id = "user_id"
|
|
259
|
-
@meta.transaction_id = "transaction_id"
|
|
260
|
-
end
|
|
261
|
-
|
|
262
|
-
context "disabled sensor" do
|
|
263
|
-
it "should return false" do
|
|
264
|
-
expect(@payloads_policy).to_not receive(:apply)
|
|
265
|
-
|
|
266
|
-
sensor = XssSensor.new({"enabled" => false})
|
|
267
|
-
result = sensor.check(XssSensor::GET_PARAM, @meta, "param_name", "param_value", @payloads_policy)
|
|
268
|
-
|
|
269
|
-
expect(result).to eq(false)
|
|
270
|
-
end
|
|
250
|
+
@appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new
|
|
251
|
+
@appsensor_meta.remote_address = "remote_address"
|
|
252
|
+
@appsensor_meta.method = "get"
|
|
253
|
+
@appsensor_meta.location = "location"
|
|
254
|
+
@appsensor_meta.route_id = "route_id"
|
|
255
|
+
@appsensor_meta.session_id = "session_id"
|
|
256
|
+
@appsensor_meta.user_id = "user_id"
|
|
257
|
+
@appsensor_meta.transaction_id = "transaction_id"
|
|
271
258
|
end
|
|
272
259
|
|
|
273
260
|
context "enabled sensor" do
|
|
274
|
-
before(:each) do
|
|
275
|
-
@sensor = XssSensor.new({"enabled" => true})
|
|
276
|
-
end
|
|
277
|
-
|
|
278
261
|
context "param has NO vulnerability" do
|
|
279
262
|
it "should return false" do
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
sensor = XssSensor.new({"enabled" => false})
|
|
283
|
-
result = sensor.check(
|
|
263
|
+
sensor = XssSensor.new({"enabled" => true})
|
|
264
|
+
result = sensor.get_injection_attempt(
|
|
284
265
|
XssSensor::GET_PARAM,
|
|
285
|
-
@
|
|
266
|
+
@appsensor_meta,
|
|
286
267
|
"param_name",
|
|
287
|
-
"param_value"
|
|
288
|
-
@payloads_policy
|
|
268
|
+
"param_value"
|
|
289
269
|
)
|
|
290
270
|
|
|
291
271
|
expect(result).to eq(false)
|
|
@@ -293,8 +273,13 @@ module TCellAgent
|
|
|
293
273
|
|
|
294
274
|
context "no excluded routes" do
|
|
295
275
|
it "should return false" do
|
|
296
|
-
sensor = XssSensor.new({"enabled" =>
|
|
297
|
-
result = sensor.
|
|
276
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_routes" => []})
|
|
277
|
+
result = sensor.get_injection_attempt(
|
|
278
|
+
XssSensor::GET_PARAM,
|
|
279
|
+
@appsensor_meta,
|
|
280
|
+
"param_name",
|
|
281
|
+
"param_value"
|
|
282
|
+
)
|
|
298
283
|
|
|
299
284
|
expect(result).to eq(false)
|
|
300
285
|
end
|
|
@@ -303,16 +288,26 @@ module TCellAgent
|
|
|
303
288
|
context "has excluded routes" do
|
|
304
289
|
context "route id matches" do
|
|
305
290
|
it "should return false" do
|
|
306
|
-
sensor = XssSensor.new({"enabled" =>
|
|
307
|
-
result = sensor.
|
|
291
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_routes" => ["route_id"]})
|
|
292
|
+
result = sensor.get_injection_attempt(
|
|
293
|
+
XssSensor::GET_PARAM,
|
|
294
|
+
@appsensor_meta,
|
|
295
|
+
"param_name",
|
|
296
|
+
"param_value"
|
|
297
|
+
)
|
|
308
298
|
|
|
309
299
|
expect(result).to eq(false)
|
|
310
300
|
end
|
|
311
301
|
end
|
|
312
302
|
context "route id does not match" do
|
|
313
303
|
it "should return false" do
|
|
314
|
-
sensor = XssSensor.new({"enabled" =>
|
|
315
|
-
result = sensor.
|
|
304
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_routes" => ["unmatching_route_id"]})
|
|
305
|
+
result = sensor.get_injection_attempt(
|
|
306
|
+
XssSensor::GET_PARAM,
|
|
307
|
+
@appsensor_meta,
|
|
308
|
+
"param_name",
|
|
309
|
+
"param_value"
|
|
310
|
+
)
|
|
316
311
|
|
|
317
312
|
expect(result).to eq(false)
|
|
318
313
|
end
|
|
@@ -324,40 +319,41 @@ module TCellAgent
|
|
|
324
319
|
context "param is a URI param" do
|
|
325
320
|
context "exclude forms sensor" do
|
|
326
321
|
it "should return false" do
|
|
327
|
-
|
|
328
|
-
@sensor.exclude_cookies = false
|
|
322
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_forms" => true})
|
|
329
323
|
|
|
330
|
-
expect(
|
|
331
|
-
expect(@sensor).to_not receive(:find_vulnerability)
|
|
332
|
-
expect(@sensor).to_not receive(:send_event)
|
|
324
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
333
325
|
|
|
334
|
-
result =
|
|
326
|
+
result = sensor.get_injection_attempt(
|
|
327
|
+
XssSensor::URI_PARAM,
|
|
328
|
+
@appsensor_meta,
|
|
329
|
+
"param_name",
|
|
330
|
+
"param_value"
|
|
331
|
+
)
|
|
335
332
|
|
|
336
333
|
expect(result).to eq(false)
|
|
337
334
|
end
|
|
338
335
|
end
|
|
339
336
|
|
|
340
337
|
context "exclude cookies sensor" do
|
|
341
|
-
it "should return
|
|
342
|
-
|
|
343
|
-
@sensor.exclude_cookies = true
|
|
338
|
+
it "should return the injection attempt" do
|
|
339
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_cookies" => true})
|
|
344
340
|
|
|
345
|
-
expect(
|
|
346
|
-
expect(@sensor).to receive(:find_vulnerability).and_return(
|
|
341
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
347
342
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
348
343
|
)
|
|
349
|
-
expect(@sensor).to receive(:send_event).with(
|
|
350
|
-
@meta,
|
|
351
|
-
"xss",
|
|
352
|
-
"vuln_param",
|
|
353
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::URI_PARAM]},
|
|
354
|
-
"vuln_value",
|
|
355
|
-
"1"
|
|
356
|
-
)
|
|
357
344
|
|
|
358
|
-
result =
|
|
345
|
+
result = sensor.get_injection_attempt(
|
|
346
|
+
XssSensor::URI_PARAM,
|
|
347
|
+
@appsensor_meta,
|
|
348
|
+
"param_name",
|
|
349
|
+
"param_value"
|
|
350
|
+
)
|
|
359
351
|
|
|
360
|
-
expect(result).to eq(
|
|
352
|
+
expect(result.type_of_param).to eq(XssSensor::URI_PARAM)
|
|
353
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
354
|
+
expect(result.param_name).to eq("vuln_param")
|
|
355
|
+
expect(result.param_value).to eq("vuln_value")
|
|
356
|
+
expect(result.pattern).to eq("1")
|
|
361
357
|
end
|
|
362
358
|
end
|
|
363
359
|
end
|
|
@@ -365,19 +361,15 @@ module TCellAgent
|
|
|
365
361
|
context "param is a GET param" do
|
|
366
362
|
context "exclude forms sensor" do
|
|
367
363
|
it "should return false" do
|
|
368
|
-
|
|
369
|
-
@sensor.exclude_cookies = false
|
|
364
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_forms" => true})
|
|
370
365
|
|
|
371
|
-
expect(
|
|
372
|
-
expect(@sensor).to_not receive(:find_vulnerability)
|
|
373
|
-
expect(@sensor).to_not receive(:send_event)
|
|
366
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
374
367
|
|
|
375
|
-
result =
|
|
368
|
+
result = sensor.get_injection_attempt(
|
|
376
369
|
XssSensor::GET_PARAM,
|
|
377
|
-
@
|
|
370
|
+
@appsensor_meta,
|
|
378
371
|
"param_name",
|
|
379
|
-
"param_value"
|
|
380
|
-
@payloads_policy
|
|
372
|
+
"param_value"
|
|
381
373
|
)
|
|
382
374
|
|
|
383
375
|
expect(result).to eq(false)
|
|
@@ -385,15 +377,16 @@ module TCellAgent
|
|
|
385
377
|
|
|
386
378
|
context "no excluded routes" do
|
|
387
379
|
it "should return false" do
|
|
388
|
-
|
|
389
|
-
@sensor.exclude_cookies = false
|
|
390
|
-
@sensor.excluded_route_ids = {}
|
|
380
|
+
sensor = XssSensor.new({"enabled" => true, "exclude_forms" => true, "exclude_routes" => []})
|
|
391
381
|
|
|
392
|
-
expect(
|
|
393
|
-
expect(@sensor).to_not receive(:find_vulnerability)
|
|
394
|
-
expect(@sensor).to_not receive(:send_event)
|
|
382
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
395
383
|
|
|
396
|
-
result =
|
|
384
|
+
result = sensor.get_injection_attempt(
|
|
385
|
+
XssSensor::GET_PARAM,
|
|
386
|
+
@appsensor_meta,
|
|
387
|
+
"param_name",
|
|
388
|
+
"param_value"
|
|
389
|
+
)
|
|
397
390
|
|
|
398
391
|
expect(result).to eq(false)
|
|
399
392
|
end
|
|
@@ -402,30 +395,41 @@ module TCellAgent
|
|
|
402
395
|
context "has excluded routes" do
|
|
403
396
|
context "route id matches" do
|
|
404
397
|
it "should return false" do
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
expect(
|
|
412
|
-
|
|
413
|
-
result =
|
|
398
|
+
sensor = XssSensor.new({
|
|
399
|
+
"enabled" => true,
|
|
400
|
+
"exclude_forms" => true,
|
|
401
|
+
"exclude_routes" => ["route_id"]
|
|
402
|
+
})
|
|
403
|
+
|
|
404
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
405
|
+
|
|
406
|
+
result = sensor.get_injection_attempt(
|
|
407
|
+
XssSensor::GET_PARAM,
|
|
408
|
+
@appsensor_meta,
|
|
409
|
+
"param_name",
|
|
410
|
+
"param_value"
|
|
411
|
+
)
|
|
414
412
|
|
|
415
413
|
expect(result).to eq(false)
|
|
416
414
|
end
|
|
417
415
|
end
|
|
416
|
+
|
|
418
417
|
context "route id does not match" do
|
|
419
418
|
it "should return false" do
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
expect(
|
|
427
|
-
|
|
428
|
-
result =
|
|
419
|
+
sensor = XssSensor.new({
|
|
420
|
+
"enabled" => true,
|
|
421
|
+
"exclude_forms" => true,
|
|
422
|
+
"exclude_routes" => ["unmatching_route_id"]
|
|
423
|
+
})
|
|
424
|
+
|
|
425
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
426
|
+
|
|
427
|
+
result = sensor.get_injection_attempt(
|
|
428
|
+
XssSensor::GET_PARAM,
|
|
429
|
+
@appsensor_meta,
|
|
430
|
+
"param_name",
|
|
431
|
+
"param_value"
|
|
432
|
+
)
|
|
429
433
|
|
|
430
434
|
expect(result).to eq(false)
|
|
431
435
|
end
|
|
@@ -435,72 +439,73 @@ module TCellAgent
|
|
|
435
439
|
|
|
436
440
|
context "exclude cookies sensor" do
|
|
437
441
|
it "should return true" do
|
|
438
|
-
|
|
439
|
-
|
|
442
|
+
sensor = XssSensor.new({
|
|
443
|
+
"enabled" => true,
|
|
444
|
+
"exclude_cookies" => true,
|
|
445
|
+
})
|
|
440
446
|
|
|
441
|
-
expect(
|
|
447
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
442
448
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
443
449
|
)
|
|
444
|
-
expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
|
|
445
|
-
expect(@sensor).to receive(:send_event).with(
|
|
446
|
-
@meta,
|
|
447
|
-
"xss",
|
|
448
|
-
"vuln_param",
|
|
449
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
|
|
450
|
-
"vuln_value",
|
|
451
|
-
"1"
|
|
452
|
-
)
|
|
453
450
|
|
|
454
|
-
result =
|
|
451
|
+
result = sensor.get_injection_attempt(
|
|
455
452
|
XssSensor::GET_PARAM,
|
|
456
|
-
@
|
|
453
|
+
@appsensor_meta,
|
|
457
454
|
"param_name",
|
|
458
455
|
"param_value",
|
|
459
|
-
@payloads_policy
|
|
460
456
|
)
|
|
461
457
|
|
|
462
|
-
expect(result).to eq(
|
|
458
|
+
expect(result.type_of_param).to eq(XssSensor::GET_PARAM)
|
|
459
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
460
|
+
expect(result.param_name).to eq("vuln_param")
|
|
461
|
+
expect(result.param_value).to eq("vuln_value")
|
|
462
|
+
expect(result.pattern).to eq("1")
|
|
463
463
|
end
|
|
464
464
|
|
|
465
465
|
context "no excluded routes" do
|
|
466
466
|
it "should return true" do
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
467
|
+
sensor = XssSensor.new({
|
|
468
|
+
"enabled" => true,
|
|
469
|
+
"exclude_cookies" => true,
|
|
470
|
+
"exclude_routes" => []
|
|
471
|
+
})
|
|
470
472
|
|
|
471
|
-
expect(
|
|
473
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
472
474
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
473
475
|
)
|
|
474
|
-
expect(@payloads_policy).to receive(:apply).with(
|
|
475
|
-
"xss", {}, "get", "vuln_param", "vuln_value", {"l"=>"query"}, "1"
|
|
476
|
-
).and_return("vuln_value")
|
|
477
|
-
expect(@sensor).to receive(:send_event).with(
|
|
478
|
-
@meta,
|
|
479
|
-
"xss",
|
|
480
|
-
"vuln_param",
|
|
481
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
|
|
482
|
-
"vuln_value",
|
|
483
|
-
"1"
|
|
484
|
-
)
|
|
485
476
|
|
|
486
|
-
result =
|
|
477
|
+
result = sensor.get_injection_attempt(
|
|
478
|
+
XssSensor::GET_PARAM,
|
|
479
|
+
@appsensor_meta,
|
|
480
|
+
"param_name",
|
|
481
|
+
"param_value"
|
|
482
|
+
)
|
|
487
483
|
|
|
488
|
-
expect(result).to eq(
|
|
484
|
+
expect(result.type_of_param).to eq(XssSensor::GET_PARAM)
|
|
485
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
486
|
+
expect(result.param_name).to eq("vuln_param")
|
|
487
|
+
expect(result.param_value).to eq("vuln_value")
|
|
488
|
+
expect(result.pattern).to eq("1")
|
|
489
489
|
end
|
|
490
490
|
end
|
|
491
491
|
|
|
492
492
|
context "has excluded routes" do
|
|
493
493
|
context "route id matches" do
|
|
494
494
|
it "should return false" do
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
expect(
|
|
502
|
-
|
|
503
|
-
result =
|
|
495
|
+
sensor = XssSensor.new({
|
|
496
|
+
"enabled" => true,
|
|
497
|
+
"exclude_cookies" => true,
|
|
498
|
+
"exclude_routes" => ["route_id"]
|
|
499
|
+
})
|
|
500
|
+
|
|
501
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
502
|
+
|
|
503
|
+
result = sensor.get_injection_attempt(
|
|
504
|
+
XssSensor::GET_PARAM,
|
|
505
|
+
@appsensor_meta,
|
|
506
|
+
"param_name",
|
|
507
|
+
"param_value"
|
|
508
|
+
)
|
|
504
509
|
|
|
505
510
|
expect(result).to eq(false)
|
|
506
511
|
end
|
|
@@ -508,28 +513,28 @@ module TCellAgent
|
|
|
508
513
|
|
|
509
514
|
context "route id does not match" do
|
|
510
515
|
it "should return true" do
|
|
511
|
-
|
|
512
|
-
|
|
513
|
-
|
|
516
|
+
sensor = XssSensor.new({
|
|
517
|
+
"enabled" => true,
|
|
518
|
+
"exclude_cookies" => true,
|
|
519
|
+
"exclude_routes" => ["unmatching_route_id"]
|
|
520
|
+
})
|
|
514
521
|
|
|
515
|
-
expect(
|
|
522
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
516
523
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
517
524
|
)
|
|
518
|
-
expect(@payloads_policy).to receive(:apply).with(
|
|
519
|
-
"xss", {}, "get", "vuln_param", "vuln_value", {"l"=>"query"}, "1"
|
|
520
|
-
).and_return("vuln_value")
|
|
521
|
-
expect(@sensor).to receive(:send_event).with(
|
|
522
|
-
@meta,
|
|
523
|
-
"xss",
|
|
524
|
-
"vuln_param",
|
|
525
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::GET_PARAM]},
|
|
526
|
-
"vuln_value",
|
|
527
|
-
"1"
|
|
528
|
-
)
|
|
529
525
|
|
|
530
|
-
result =
|
|
526
|
+
result = sensor.get_injection_attempt(
|
|
527
|
+
XssSensor::GET_PARAM,
|
|
528
|
+
@appsensor_meta,
|
|
529
|
+
"param_name",
|
|
530
|
+
"param_value"
|
|
531
|
+
)
|
|
531
532
|
|
|
532
|
-
expect(result).to eq(
|
|
533
|
+
expect(result.type_of_param).to eq(XssSensor::GET_PARAM)
|
|
534
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
535
|
+
expect(result.param_name).to eq("vuln_param")
|
|
536
|
+
expect(result.param_value).to eq("vuln_value")
|
|
537
|
+
expect(result.pattern).to eq("1")
|
|
533
538
|
end
|
|
534
539
|
end
|
|
535
540
|
end
|
|
@@ -539,19 +544,18 @@ module TCellAgent
|
|
|
539
544
|
context "param is a POST param" do
|
|
540
545
|
context "exclude forms sensor" do
|
|
541
546
|
it "should return false" do
|
|
542
|
-
|
|
543
|
-
|
|
547
|
+
sensor = XssSensor.new({
|
|
548
|
+
"enabled" => true,
|
|
549
|
+
"exclude_forms" => true
|
|
550
|
+
})
|
|
544
551
|
|
|
545
|
-
expect(
|
|
546
|
-
expect(@sensor).to_not receive(:find_vulnerability)
|
|
547
|
-
expect(@sensor).to_not receive(:send_event)
|
|
552
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
548
553
|
|
|
549
|
-
result =
|
|
554
|
+
result = sensor.get_injection_attempt(
|
|
550
555
|
XssSensor::POST_PARAM,
|
|
551
|
-
@
|
|
556
|
+
@appsensor_meta,
|
|
552
557
|
"param_name",
|
|
553
558
|
"param_value",
|
|
554
|
-
@payloads_policy
|
|
555
559
|
)
|
|
556
560
|
|
|
557
561
|
expect(result).to eq(false)
|
|
@@ -560,31 +564,27 @@ module TCellAgent
|
|
|
560
564
|
|
|
561
565
|
context "exclude cookies sensor" do
|
|
562
566
|
it "should return true" do
|
|
563
|
-
|
|
564
|
-
|
|
567
|
+
sensor = XssSensor.new({
|
|
568
|
+
"enabled" => true,
|
|
569
|
+
"exclude_cookies" => true
|
|
570
|
+
})
|
|
565
571
|
|
|
566
|
-
expect(
|
|
572
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
567
573
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
568
574
|
)
|
|
569
|
-
expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
|
|
570
|
-
expect(@sensor).to receive(:send_event).with(
|
|
571
|
-
@meta,
|
|
572
|
-
"xss",
|
|
573
|
-
"vuln_param",
|
|
574
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::POST_PARAM]},
|
|
575
|
-
"vuln_value",
|
|
576
|
-
"1"
|
|
577
|
-
)
|
|
578
575
|
|
|
579
|
-
result =
|
|
576
|
+
result = sensor.get_injection_attempt(
|
|
580
577
|
XssSensor::POST_PARAM,
|
|
581
|
-
@
|
|
578
|
+
@appsensor_meta,
|
|
582
579
|
"param_name",
|
|
583
580
|
"param_value",
|
|
584
|
-
@payloads_policy
|
|
585
581
|
)
|
|
586
582
|
|
|
587
|
-
expect(result).to eq(
|
|
583
|
+
expect(result.type_of_param).to eq(XssSensor::POST_PARAM)
|
|
584
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
585
|
+
expect(result.param_name).to eq("vuln_param")
|
|
586
|
+
expect(result.param_value).to eq("vuln_value")
|
|
587
|
+
expect(result.pattern).to eq("1")
|
|
588
588
|
end
|
|
589
589
|
end
|
|
590
590
|
end
|
|
@@ -592,19 +592,18 @@ module TCellAgent
|
|
|
592
592
|
context "param is a JSON param" do
|
|
593
593
|
context "exclude forms sensor" do
|
|
594
594
|
it "should return false" do
|
|
595
|
-
|
|
596
|
-
|
|
595
|
+
sensor = XssSensor.new({
|
|
596
|
+
"enabled" => true,
|
|
597
|
+
"exclude_forms" => true
|
|
598
|
+
})
|
|
597
599
|
|
|
598
|
-
expect(
|
|
599
|
-
expect(@sensor).to_not receive(:find_vulnerability)
|
|
600
|
-
expect(@sensor).to_not receive(:send_event)
|
|
600
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
601
601
|
|
|
602
|
-
result =
|
|
602
|
+
result = sensor.get_injection_attempt(
|
|
603
603
|
XssSensor::JSON_PARAM,
|
|
604
|
-
@
|
|
604
|
+
@appsensor_meta,
|
|
605
605
|
"param_name",
|
|
606
606
|
"param_value",
|
|
607
|
-
@payloads_policy
|
|
608
607
|
)
|
|
609
608
|
|
|
610
609
|
expect(result).to eq(false)
|
|
@@ -613,31 +612,27 @@ module TCellAgent
|
|
|
613
612
|
|
|
614
613
|
context "exclude cookies sensor" do
|
|
615
614
|
it "should return true" do
|
|
616
|
-
|
|
617
|
-
|
|
615
|
+
sensor = XssSensor.new({
|
|
616
|
+
"enabled" => true,
|
|
617
|
+
"exclude_cookies" => true
|
|
618
|
+
})
|
|
618
619
|
|
|
619
|
-
expect(
|
|
620
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
620
621
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
621
622
|
)
|
|
622
|
-
expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
|
|
623
|
-
expect(@sensor).to receive(:send_event).with(
|
|
624
|
-
@meta,
|
|
625
|
-
"xss",
|
|
626
|
-
"vuln_param",
|
|
627
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::JSON_PARAM]},
|
|
628
|
-
"vuln_value",
|
|
629
|
-
"1"
|
|
630
|
-
)
|
|
631
623
|
|
|
632
|
-
result =
|
|
624
|
+
result = sensor.get_injection_attempt(
|
|
633
625
|
XssSensor::JSON_PARAM,
|
|
634
|
-
@
|
|
626
|
+
@appsensor_meta,
|
|
635
627
|
"param_name",
|
|
636
628
|
"param_value",
|
|
637
|
-
@payloads_policy
|
|
638
629
|
)
|
|
639
630
|
|
|
640
|
-
expect(result).to eq(
|
|
631
|
+
expect(result.type_of_param).to eq(XssSensor::JSON_PARAM)
|
|
632
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
633
|
+
expect(result.param_name).to eq("vuln_param")
|
|
634
|
+
expect(result.param_value).to eq("vuln_value")
|
|
635
|
+
expect(result.pattern).to eq("1")
|
|
641
636
|
end
|
|
642
637
|
end
|
|
643
638
|
end
|
|
@@ -645,49 +640,44 @@ module TCellAgent
|
|
|
645
640
|
context "param is a COOKIE param" do
|
|
646
641
|
context "exclude forms sensor" do
|
|
647
642
|
it "should return true" do
|
|
648
|
-
|
|
649
|
-
|
|
643
|
+
sensor = XssSensor.new({
|
|
644
|
+
"enabled" => true,
|
|
645
|
+
"exclude_forms" => true
|
|
646
|
+
})
|
|
650
647
|
|
|
651
|
-
expect(
|
|
648
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
652
649
|
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
653
650
|
)
|
|
654
|
-
expect(@payloads_policy).to receive(:apply).and_return("vuln_value")
|
|
655
|
-
expect(@sensor).to receive(:send_event).with(
|
|
656
|
-
@meta,
|
|
657
|
-
"xss",
|
|
658
|
-
"vuln_param",
|
|
659
|
-
{"l" => XssSensor::PARAM_TYPE_TO_L[XssSensor::COOKIE_PARAM]},
|
|
660
|
-
"vuln_value",
|
|
661
|
-
"1"
|
|
662
|
-
)
|
|
663
651
|
|
|
664
|
-
result =
|
|
652
|
+
result = sensor.get_injection_attempt(
|
|
665
653
|
XssSensor::COOKIE_PARAM,
|
|
666
|
-
@
|
|
654
|
+
@appsensor_meta,
|
|
667
655
|
"param_name",
|
|
668
656
|
"param_value",
|
|
669
|
-
@payloads_policy
|
|
670
657
|
)
|
|
671
658
|
|
|
672
|
-
expect(result).to eq(
|
|
659
|
+
expect(result.type_of_param).to eq(XssSensor::COOKIE_PARAM)
|
|
660
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
661
|
+
expect(result.param_name).to eq("vuln_param")
|
|
662
|
+
expect(result.param_value).to eq("vuln_value")
|
|
663
|
+
expect(result.pattern).to eq("1")
|
|
673
664
|
end
|
|
674
665
|
end
|
|
675
666
|
|
|
676
667
|
context "exclude cookies sensor" do
|
|
677
668
|
it "should return false" do
|
|
678
|
-
|
|
679
|
-
|
|
669
|
+
sensor = XssSensor.new({
|
|
670
|
+
"enabled" => true,
|
|
671
|
+
"exclude_cookies" => true
|
|
672
|
+
})
|
|
680
673
|
|
|
681
|
-
expect(
|
|
682
|
-
expect(@payloads_policy).to_not receive(:apply)
|
|
683
|
-
expect(@sensor).to_not receive(:send_event)
|
|
674
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
684
675
|
|
|
685
|
-
result =
|
|
676
|
+
result = sensor.get_injection_attempt(
|
|
686
677
|
XssSensor::COOKIE_PARAM,
|
|
687
|
-
@
|
|
678
|
+
@appsensor_meta,
|
|
688
679
|
"param_name",
|
|
689
680
|
"param_value",
|
|
690
|
-
@payloads_policy
|
|
691
681
|
)
|
|
692
682
|
|
|
693
683
|
expect(result).to eq(false)
|
|
@@ -696,6 +686,18 @@ module TCellAgent
|
|
|
696
686
|
end
|
|
697
687
|
end
|
|
698
688
|
end
|
|
689
|
+
|
|
690
|
+
end
|
|
691
|
+
|
|
692
|
+
describe "#applicable_for_param_type?" do
|
|
693
|
+
it "should be applicable for all param types" do
|
|
694
|
+
sensor = XssSensor.new
|
|
695
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
|
|
696
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(true)
|
|
697
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(true)
|
|
698
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(true)
|
|
699
|
+
expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
|
|
700
|
+
end
|
|
699
701
|
end
|
|
700
702
|
end
|
|
701
703
|
|