tcell_agent 0.2.26 → 0.2.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/tcell_agent/configuration.rb +3 -2
- data/lib/tcell_agent/rails/dlp.rb +6 -0
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +9 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +5 -5
- data/lib/tcell_agent/rails/responses.rb +19 -0
- data/lib/tcell_agent/start_background_thread.rb +11 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/rails/responses_spec.rb +120 -0
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6e93674e3ce539710e90605fc2655eff1d988017
|
|
4
|
+
data.tar.gz: 482dd34778a453b1a63c6e0bc7976b1c893bb9af
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6432e1455a95c5c28c62c7ff85f367316f4ad78d58fc5ffdb03b83b9fb9ffbb21137fd9c9d34423a01ffd00ad10f18d9a19cd9dc93f5ab20b7cfdc4806eb65fd
|
|
7
|
+
data.tar.gz: ecac85ac908c46e83a5f850005bef88565955af581512c31ee63e45c1ef3147771780e90fb6db166dbd30fab8c928de0c3086cb8829fd701312c4dbf25f9b064
|
|
@@ -159,8 +159,6 @@ module TCellAgent
|
|
|
159
159
|
|
|
160
160
|
@allow_unencrypted_appfirewall_payloads = false
|
|
161
161
|
|
|
162
|
-
# Because ENV can override this one
|
|
163
|
-
env_unencrypted_firewall =
|
|
164
162
|
if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"] != nil)
|
|
165
163
|
@allow_unencrypted_appfirewall_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"])
|
|
166
164
|
end
|
|
@@ -250,7 +248,10 @@ module TCellAgent
|
|
|
250
248
|
@agent_home_owner = app_data.fetch("agent_home_owner",@agent_home_owner)
|
|
251
249
|
|
|
252
250
|
@logging_options = app_data.fetch("logging_options", {})
|
|
251
|
+
# DEPRECATED: this was incorrectly placed here. Keep it here until we can
|
|
252
|
+
# be sure that no customers are relying on this
|
|
253
253
|
@agent_log_dir = @logging_options.fetch("log_dir", @agent_log_dir)
|
|
254
|
+
@agent_log_dir = app_data.fetch("log_dir", @agent_log_dir)
|
|
254
255
|
@log_file_name = @logging_options.fetch("filename", @log_file_name)
|
|
255
256
|
|
|
256
257
|
@tcell_api_url = app_data.fetch("tcell_api_url", @tcell_api_url)
|
|
@@ -28,6 +28,7 @@ require 'cgi'
|
|
|
28
28
|
require 'thread'
|
|
29
29
|
|
|
30
30
|
require 'tcell_agent/configuration'
|
|
31
|
+
require 'tcell_agent/rails/responses'
|
|
31
32
|
|
|
32
33
|
|
|
33
34
|
module TCellAgent
|
|
@@ -281,6 +282,11 @@ module TCellAgent
|
|
|
281
282
|
TCellAgent.configuration.should_intercept_requests?
|
|
282
283
|
|
|
283
284
|
TCellAgent::Instrumentation.safe_block("Running DLP Logging Filters") {
|
|
285
|
+
if TCellAgent::Utils::Rails.empty_content?(response.status, response.headers) ||
|
|
286
|
+
TCellAgent::Utils::Rails.streaming_response?(response.headers)
|
|
287
|
+
return
|
|
288
|
+
end
|
|
289
|
+
|
|
284
290
|
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
285
291
|
if tcell_context
|
|
286
292
|
response.body = tcell_context.filter_body(response.body)
|
|
@@ -11,6 +11,7 @@ require 'tcell_agent/sensor_events/util/redirect_utils'
|
|
|
11
11
|
|
|
12
12
|
require 'tcell_agent/configuration'
|
|
13
13
|
require 'tcell_agent/instrumentation'
|
|
14
|
+
require 'tcell_agent/rails/responses'
|
|
14
15
|
|
|
15
16
|
module TCellAgent
|
|
16
17
|
module Instrumentation
|
|
@@ -66,8 +67,13 @@ module TCellAgent
|
|
|
66
67
|
body.sub!(BodyFilterMiddleware::HEAD_SEARCH_REGEX,"<head>#{script_insert}")
|
|
67
68
|
end
|
|
68
69
|
def _handle_js_agent_add(request, response)
|
|
69
|
-
TCellAgent::Instrumentation.safe_block("Handling JSAgent add")
|
|
70
|
+
TCellAgent::Instrumentation.safe_block("Handling JSAgent add") do
|
|
70
71
|
status, headers, rack_body = response
|
|
72
|
+
if TCellAgent::Utils::Rails.empty_content?(status, headers) ||
|
|
73
|
+
TCellAgent::Utils::Rails.streaming_response?(headers)
|
|
74
|
+
return response
|
|
75
|
+
end
|
|
76
|
+
|
|
71
77
|
if (headers.fetch("Content-Type","").start_with?'text/html')
|
|
72
78
|
script_tag_policy = TCellAgent.policy(TCellAgent::PolicyTypes::CSP)
|
|
73
79
|
if (script_tag_policy &&
|
|
@@ -80,7 +86,8 @@ module TCellAgent
|
|
|
80
86
|
response = [status, headers, newbody]
|
|
81
87
|
end
|
|
82
88
|
end
|
|
83
|
-
|
|
89
|
+
end
|
|
90
|
+
|
|
84
91
|
response
|
|
85
92
|
end
|
|
86
93
|
end
|
|
@@ -13,6 +13,7 @@ require 'tcell_agent/userinfo'
|
|
|
13
13
|
require 'cgi'
|
|
14
14
|
|
|
15
15
|
require 'tcell_agent/instrumentation'
|
|
16
|
+
require 'tcell_agent/rails/responses'
|
|
16
17
|
|
|
17
18
|
module TCellAgent
|
|
18
19
|
module Instrumentation
|
|
@@ -33,7 +34,6 @@ module TCellAgent
|
|
|
33
34
|
response = @app.call(env)
|
|
34
35
|
|
|
35
36
|
if TCellAgent.configuration.should_intercept_requests?
|
|
36
|
-
status, headers, active_response = response
|
|
37
37
|
TCellAgent::Instrumentation.safe_block("Handling Request") {
|
|
38
38
|
tcell_response = response
|
|
39
39
|
unless request.env[TCellAgent::Instrumentation::TCELL_ID].ip_blocking_triggered
|
|
@@ -138,15 +138,15 @@ module TCellAgent
|
|
|
138
138
|
end
|
|
139
139
|
|
|
140
140
|
def _handle_appsensor(request, response)
|
|
141
|
-
TCellAgent::Instrumentation.safe_block("Handling AppSensor")
|
|
141
|
+
TCellAgent::Instrumentation.safe_block("Handling AppSensor") do
|
|
142
142
|
status_code, response_headers, response_body = response
|
|
143
143
|
|
|
144
144
|
content_length = 0
|
|
145
145
|
if response_headers['Content-Length']
|
|
146
146
|
content_length = response_headers['Content-Length'].to_i
|
|
147
147
|
|
|
148
|
-
elsif
|
|
149
|
-
TCellAgent::Utils::
|
|
148
|
+
elsif TCellAgent::Utils::Rails.empty_content?(status_code, response_headers) ||
|
|
149
|
+
TCellAgent::Utils::Rails.streaming_response?(response_headers)
|
|
150
150
|
content_length = 0
|
|
151
151
|
|
|
152
152
|
elsif response_body.respond_to?(:to_ary) || response_body.is_a?(Rack::BodyProxy)
|
|
@@ -169,7 +169,7 @@ module TCellAgent
|
|
|
169
169
|
)
|
|
170
170
|
TCellAgent.send_event(event)
|
|
171
171
|
return [status_code, response_headers, response_body]
|
|
172
|
-
|
|
172
|
+
end
|
|
173
173
|
|
|
174
174
|
response
|
|
175
175
|
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
module TCellAgent
|
|
2
|
+
module Utils
|
|
3
|
+
module Rails
|
|
4
|
+
|
|
5
|
+
STATUSES_MISSING_CONTENT_LENGTH = Set.new((100..199).to_a + [204, 205, 304])
|
|
6
|
+
|
|
7
|
+
def self.empty_content?(status_code, headers)
|
|
8
|
+
return STATUSES_MISSING_CONTENT_LENGTH.include?(status_code.to_i) ||
|
|
9
|
+
(!!headers['Content-Length'] && headers['Content-Length'].to_i == 0)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def self.streaming_response?(headers)
|
|
13
|
+
return TCellAgent::Utils::Strings.present?(headers['Transfer-Encoding']) ||
|
|
14
|
+
TCellAgent::Utils::Strings.present?(headers['Content-Transfer-Encoding'])
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
end
|
|
18
|
+
end
|
|
19
|
+
end
|
|
@@ -87,6 +87,17 @@ if (TCellAgent.configuration.disable_all == false)
|
|
|
87
87
|
logging_options[:level] || logging_options["level"] || "INFO"
|
|
88
88
|
)
|
|
89
89
|
)
|
|
90
|
+
|
|
91
|
+
# Deprecated: this is so we can ensure no one is using this setting so we can remove
|
|
92
|
+
# the code altogether in the future
|
|
93
|
+
if logging_options.has_key?(:log_dir) || logging_options.has_key?("log_dir")
|
|
94
|
+
TCellAgent.send_event(
|
|
95
|
+
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
|
|
96
|
+
"deprecated_log_dir",
|
|
97
|
+
logging_options[:log_dir] || logging_options["log_dir"]
|
|
98
|
+
)
|
|
99
|
+
)
|
|
100
|
+
end
|
|
90
101
|
else
|
|
91
102
|
TCellAgent.send_event(
|
|
92
103
|
TCellAgent::SensorEvents::TCellAgentSettingEvent.new("logging_enabled", "false")
|
data/lib/tcell_agent/version.rb
CHANGED
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
module TCellAgent
|
|
4
|
+
module Utils
|
|
5
|
+
|
|
6
|
+
describe ".responses" do
|
|
7
|
+
|
|
8
|
+
context ".empty_content?" do
|
|
9
|
+
context "with nil status code" do
|
|
10
|
+
context "with empty headers" do
|
|
11
|
+
it "should return false" do
|
|
12
|
+
expect(Rails.empty_content?(nil, {})).to eq(false)
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
context "with Content-Length header" do
|
|
17
|
+
context "that is zero" do
|
|
18
|
+
it "should return true" do
|
|
19
|
+
expect(Rails.empty_content?(nil, {'Content-Length' => 0})).to eq(true)
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
context "that is non zero" do
|
|
24
|
+
it "should return false" do
|
|
25
|
+
expect(Rails.empty_content?(nil, {'Content-Length' => 1})).to eq(false)
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
context "with a status code" do
|
|
32
|
+
context "that contains no content" do
|
|
33
|
+
context "with empty headers" do
|
|
34
|
+
it "should return true" do
|
|
35
|
+
expect(Rails.empty_content?(204, {})).to eq(true)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
context "with Content-Length header" do
|
|
40
|
+
context "that is zero" do
|
|
41
|
+
it "should return true" do
|
|
42
|
+
expect(Rails.empty_content?(204, {'Content-Length' => 0})).to eq(true)
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
context "that is non zero" do
|
|
47
|
+
it "should return true" do
|
|
48
|
+
expect(Rails.empty_content?(204, {'Content-Length' => 1})).to eq(true)
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
context "that contains content" do
|
|
55
|
+
context "with empty headers" do
|
|
56
|
+
it "should return false" do
|
|
57
|
+
expect(Rails.empty_content?(200, {})).to eq(false)
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
context "with Content-Length header" do
|
|
62
|
+
context "that is zero" do
|
|
63
|
+
it "should return true" do
|
|
64
|
+
expect(Rails.empty_content?(200, {'Content-Length' => 0})).to eq(true)
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
context "that is non zero" do
|
|
69
|
+
it "should return false" do
|
|
70
|
+
expect(Rails.empty_content?(200, {'Content-Length' => 1})).to eq(false)
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
context ".streaming_response?" do
|
|
79
|
+
context "with empty headers" do
|
|
80
|
+
it "should return false" do
|
|
81
|
+
expect(Rails.streaming_response?({})).to eq(false)
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
context "with headers" do
|
|
86
|
+
context "that are missing Transfer-Encoding" do
|
|
87
|
+
context "that are missing Content-Transfer-Encoding" do
|
|
88
|
+
it "should return false" do
|
|
89
|
+
expect(Rails.streaming_response?({})).to eq(false)
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
context "that have Content-Transfer-Encoding" do
|
|
94
|
+
it "should return true" do
|
|
95
|
+
expect(Rails.streaming_response?({"Content-Transfer-Encoding" => "chunked"})).to eq(true)
|
|
96
|
+
end
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
context "that have Transfer-Encoding" do
|
|
102
|
+
context "that are missing Content-Transfer-Encoding" do
|
|
103
|
+
it "should return true" do
|
|
104
|
+
expect(Rails.streaming_response?({"Transfer-Encoding" => "chunked"})).to eq(true)
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
context "that have Content-Transfer-Encoding" do
|
|
109
|
+
it "should return true" do
|
|
110
|
+
expect(Rails.streaming_response?({
|
|
111
|
+
"Transfer-Encoding" => "chunked",
|
|
112
|
+
"Content-Transfer-Encoding" => "chunked"})).to eq(true)
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
end
|
|
120
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tcell_agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.27
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Garrett
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-02-13 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rest-client
|
|
@@ -196,6 +196,7 @@ files:
|
|
|
196
196
|
- lib/tcell_agent/rails/middleware/global_middleware.rb
|
|
197
197
|
- lib/tcell_agent/rails/middleware/headers_middleware.rb
|
|
198
198
|
- lib/tcell_agent/rails/on_start.rb
|
|
199
|
+
- lib/tcell_agent/rails/responses.rb
|
|
199
200
|
- lib/tcell_agent/rails/routes/grape.rb
|
|
200
201
|
- lib/tcell_agent/rails/routes/route_id.rb
|
|
201
202
|
- lib/tcell_agent/rails/routes.rb
|
|
@@ -320,6 +321,7 @@ files:
|
|
|
320
321
|
- spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb
|
|
321
322
|
- spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb
|
|
322
323
|
- spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb
|
|
324
|
+
- spec/lib/tcell_agent/rails/responses_spec.rb
|
|
323
325
|
- spec/lib/tcell_agent/rails/routes/grape_spec.rb
|
|
324
326
|
- spec/lib/tcell_agent/rails/routes/route_id_spec.rb
|
|
325
327
|
- spec/lib/tcell_agent/rails/routes/routes_spec.rb
|
|
@@ -470,6 +472,7 @@ test_files:
|
|
|
470
472
|
- spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb
|
|
471
473
|
- spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb
|
|
472
474
|
- spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb
|
|
475
|
+
- spec/lib/tcell_agent/rails/responses_spec.rb
|
|
473
476
|
- spec/lib/tcell_agent/rails/routes/grape_spec.rb
|
|
474
477
|
- spec/lib/tcell_agent/rails/routes/route_id_spec.rb
|
|
475
478
|
- spec/lib/tcell_agent/rails/routes/routes_spec.rb
|