tcell_agent 0.2.29.rc2 → 0.2.29
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/tcell_agent +16 -4
- data/lib/tcell_agent/agent/event_processor.rb +2 -8
- data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -2
- data/lib/tcell_agent/agent/policy_manager.rb +12 -18
- data/lib/tcell_agent/api.rb +50 -27
- data/lib/tcell_agent/appsensor/injections_reporter.rb +7 -5
- data/lib/tcell_agent/appsensor/sensor.rb +8 -4
- data/lib/tcell_agent/config/unknown_options.rb +116 -0
- data/lib/tcell_agent/configuration.rb +17 -20
- data/lib/tcell_agent/instrumentation.rb +0 -1
- data/lib/tcell_agent/logger.rb +17 -21
- data/lib/tcell_agent/patches/block_rule.rb +43 -8
- data/lib/tcell_agent/patches/meta_data.rb +2 -1
- data/lib/tcell_agent/patches/sensors_matcher.rb +2 -1
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +5 -2
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +10 -3
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +8 -3
- data/lib/tcell_agent/policies/appsensor/request_size_sensor.rb +1 -1
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +7 -2
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +7 -3
- data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +3 -5
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +6 -2
- data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +3 -5
- data/lib/tcell_agent/policies/appsensor_policy.rb +11 -6
- data/lib/tcell_agent/policies/content_security_policy.rb +19 -14
- data/lib/tcell_agent/rails/dlp.rb +1 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +10 -7
- data/lib/tcell_agent/rails/on_start.rb +0 -1
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +7 -5
- data/lib/tcell_agent/sinatra.rb +3 -6
- data/lib/tcell_agent/start_background_thread.rb +0 -7
- data/lib/tcell_agent/utils/strings.rb +18 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/api/api_spec.rb +1 -1
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +1 -1
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +188 -0
- data/spec/lib/tcell_agent/configuration_spec.rb +56 -0
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +110 -16
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +226 -293
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +32 -4
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +11 -0
- data/spec/lib/tcell_agent/utils/strings_spec.rb +50 -0
- data/spec/support/static_agent_overrides.rb +1 -1
- data/tcell_agent.gemspec +1 -3
- metadata +9 -37
- data/lib/tcell_agent/rails/tracing.rb +0 -22
- data/spec/integration/puma.rb +0 -195
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ef449abceb02a45432746a68e50989438292c9c0
|
4
|
+
data.tar.gz: 1b8ce68123c46d3a12cbc2262e4125948973ecf5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ac50286364897b7743cfd3dcfa9ed539f425142311b2eb675167a3362a84ba23c581ddb72342923723c35eeb3fbef7f4d0bc3b10ef4ff4ad0490b44fcd68a2f9
|
7
|
+
data.tar.gz: a0b0b0e374279de26805a4710f13217c7682f58901621dd8b430f64d6a322aef4b6aa15f4441c2c26043249dca75b1b5cb4f41525faeac84c22264438c719475
|
data/bin/tcell_agent
CHANGED
@@ -54,7 +54,7 @@ global = OptionParser.new do |opts|
|
|
54
54
|
opts.separator subtext
|
55
55
|
end
|
56
56
|
|
57
|
-
subcommands = {
|
57
|
+
subcommands = {
|
58
58
|
'setup' => OptionParser.new do |opts|
|
59
59
|
opts.banner = "Usage: setup"
|
60
60
|
end,
|
@@ -150,7 +150,7 @@ elsif (command == 'loglevel')
|
|
150
150
|
end
|
151
151
|
loglevel = loglevel.upcase
|
152
152
|
if ["ERROR","WARN","INFO","DEBUG"].include?(loglevel)
|
153
|
-
logging_options["enabled"] = true
|
153
|
+
logging_options["enabled"] = true
|
154
154
|
logging_options["level"] = loglevel
|
155
155
|
else
|
156
156
|
puts subcommands[command]
|
@@ -239,6 +239,18 @@ elsif (command == 'test')
|
|
239
239
|
end
|
240
240
|
puts "passed"
|
241
241
|
|
242
|
+
printf "%-50s", "Check for unknown settings... "
|
243
|
+
require "tcell_agent/config/unknown_options"
|
244
|
+
messages = TCellAgent::Config::Validate.get_unknown_options(config_hash)
|
245
|
+
if messages.size > 0
|
246
|
+
puts "failed"
|
247
|
+
messages.each do |message|
|
248
|
+
puts message
|
249
|
+
end
|
250
|
+
Kernel.exit(1)
|
251
|
+
end
|
252
|
+
puts "passed"
|
253
|
+
|
242
254
|
printf "%-50s", "Requiring configuration library... "
|
243
255
|
require 'tcell_agent/configuration'
|
244
256
|
require 'tcell_agent/api'
|
@@ -246,11 +258,11 @@ elsif (command == 'test')
|
|
246
258
|
|
247
259
|
printf "%-50s", "Make test API call for policies... "
|
248
260
|
api = TCellAgent::TCellApi.new
|
249
|
-
api.
|
261
|
+
api.poll_api()
|
250
262
|
puts "passed"
|
251
263
|
|
252
264
|
printf "%-50s", "Sending a Test event... "
|
253
|
-
send_succeeded = api.
|
265
|
+
send_succeeded = api.send_event_set([])
|
254
266
|
if !send_succeeded
|
255
267
|
puts "failed"
|
256
268
|
Kernel.exit(1)
|
@@ -80,7 +80,7 @@ module TCellAgent
|
|
80
80
|
end
|
81
81
|
events_to_send.push( sessions_to_send )
|
82
82
|
end
|
83
|
-
success = tapi.
|
83
|
+
success = tapi.send_event_set(events_to_send)
|
84
84
|
if ( success == false )
|
85
85
|
ensured_events = events_to_send.find_all{|item| item.ensure == true }
|
86
86
|
@event_dispatch_monitor.synchronize {
|
@@ -129,16 +129,13 @@ module TCellAgent
|
|
129
129
|
self.send_dispatch_events(tapi)
|
130
130
|
end
|
131
131
|
end
|
132
|
-
rescue ThreadError
|
133
|
-
TCellAgent.logger.error("Thread error while processing events: #{thread_error.message}")
|
134
|
-
TCellAgent.logger.debug(thread_error.backtrace)
|
132
|
+
rescue ThreadError
|
135
133
|
last_run_time = Time.now
|
136
134
|
@event_dispatch_monitor.synchronize {
|
137
135
|
@dispatchEvents = []
|
138
136
|
}
|
139
137
|
end
|
140
138
|
rescue TCellAgent::ConfigurationException
|
141
|
-
TCellAgent.logger.error("Exiting event processor. App is not configured properly.")
|
142
139
|
Thread.exit
|
143
140
|
rescue Exception => e
|
144
141
|
last_run_time = Time.now
|
@@ -199,7 +196,6 @@ module TCellAgent
|
|
199
196
|
def queue_forked_event(event)
|
200
197
|
begin
|
201
198
|
self.ensure_fork_event_thread_running
|
202
|
-
TCellAgent.logger.debug("fork_event_queue length: #{@fork_event_queue.length}")
|
203
199
|
if (@fork_event_queue.length() > 100)
|
204
200
|
TCellAgent.logger.debug("Dropping (forked) event because queue full")
|
205
201
|
return
|
@@ -256,7 +252,6 @@ module TCellAgent
|
|
256
252
|
return if TCellAgent.configuration.should_consume_event? == false
|
257
253
|
begin
|
258
254
|
self.ensure_metrics_event_thread_running
|
259
|
-
TCellAgent.logger.debug("metrics_event_queue length: #{@metrics_event_queue.length}")
|
260
255
|
if (@metrics_event_queue.length() > 100)
|
261
256
|
TCellAgent.logger.debug("Dropping (forked) metric because queue full")
|
262
257
|
return
|
@@ -277,7 +272,6 @@ module TCellAgent
|
|
277
272
|
|
278
273
|
begin
|
279
274
|
self.ensure_event_processor_running
|
280
|
-
TCellAgent.logger.debug("eventQueue length: #{@eventQueue.size}")
|
281
275
|
@event_queue_monitor.synchronize {
|
282
276
|
@eventQueue.push(event, 10)
|
283
277
|
}
|
@@ -108,11 +108,9 @@ module TCellAgent
|
|
108
108
|
@@event_pipe_manager.is_parent?
|
109
109
|
end
|
110
110
|
def self.send_to_metrics_pipe(hash_value)
|
111
|
-
TCellAgent.logger.debug("Send metric to parent")
|
112
111
|
@@metrics_pipe_manager.send_to_parent(hash_value)
|
113
112
|
end
|
114
113
|
def self.send_to_event_pipe(event)
|
115
|
-
TCellAgent.logger.debug("Send event to parent")
|
116
114
|
@@event_pipe_manager.send_to_parent(event)
|
117
115
|
end
|
118
116
|
|
@@ -73,14 +73,16 @@ module TCellAgent
|
|
73
73
|
loop do
|
74
74
|
failure_sleep_time, last_poll_time = policy_polling_iteration(failure_sleep_time, last_poll_time)
|
75
75
|
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
76
|
+
unless TCellAgent.configuration.demomode
|
77
|
+
if (Time.now - last_run) < 2
|
78
|
+
random = Random.new
|
79
|
+
sleeptime = sleep(random.rand(5..20))
|
80
|
+
TCellAgent.logger.debug("Rate limiting: sleeping #{sleeptime} seconds")
|
81
|
+
sleep(sleeptime)
|
82
|
+
end
|
82
83
|
|
83
|
-
|
84
|
+
last_run = Time.now
|
85
|
+
end
|
84
86
|
end
|
85
87
|
end
|
86
88
|
end
|
@@ -88,7 +90,7 @@ module TCellAgent
|
|
88
90
|
|
89
91
|
def policy_polling_iteration(failure_sleep_time, last_poll_time)
|
90
92
|
begin
|
91
|
-
policy_jsons = @@policy_tapi.
|
93
|
+
policy_jsons = @@policy_tapi.poll_api(last_poll_time)
|
92
94
|
|
93
95
|
if policy_jsons == nil
|
94
96
|
TCellAgent.logger.error("Policy was nil. Sleeping for #{failure_sleep_time}")
|
@@ -115,16 +117,8 @@ module TCellAgent
|
|
115
117
|
|
116
118
|
processPolicyJson(policy_jsons)
|
117
119
|
|
118
|
-
rescue
|
119
|
-
|
120
|
-
TCellAgent.logger.debug(rce.backtrace)
|
121
|
-
TCellAgent.logger.debug("Sleeping #{failure_sleep_time} seconds because the request failed...")
|
122
|
-
sleep(failure_sleep_time)
|
123
|
-
|
124
|
-
if failure_sleep_time < 480
|
125
|
-
failure_sleep_time *= 2
|
126
|
-
end
|
127
|
-
|
120
|
+
rescue TCellAgent::ConfigurationException
|
121
|
+
Thread.exit
|
128
122
|
rescue Exception => e
|
129
123
|
TCellAgent.logger.error("exception while handling connection: #{e.message}")
|
130
124
|
TCellAgent.logger.debug(e.backtrace)
|
data/lib/tcell_agent/api.rb
CHANGED
@@ -1,72 +1,95 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
# See the file "LICENSE" for the full license governing this code.
|
3
3
|
require 'json'
|
4
|
-
require 'rest-client'
|
5
4
|
require 'tcell_agent/logger'
|
6
5
|
require 'tcell_agent/configuration'
|
7
6
|
require 'tcell_agent/version'
|
8
7
|
require 'date'
|
9
8
|
|
9
|
+
require 'net/http'
|
10
|
+
|
10
11
|
module TCellAgent
|
11
12
|
class TCellApi
|
12
13
|
|
13
14
|
def initialize
|
14
15
|
end
|
15
16
|
|
16
|
-
def
|
17
|
+
def poll_api(last_timestamp=nil)
|
18
|
+
if !TCellAgent.configuration || !TCellAgent.configuration.tcell_api_url || !TCellAgent.configuration.app_id
|
19
|
+
raise TCellAgent::ConfigurationException.new("Config Information Not Found, can't poll for policy updates")
|
20
|
+
end
|
21
|
+
|
17
22
|
full_url = TCellAgent.configuration.tcell_api_url + "/app/" + TCellAgent.configuration.app_id + "/update"
|
18
23
|
if (last_timestamp && last_timestamp != "")
|
19
24
|
full_url = full_url + "?last_timestamp=" + last_timestamp.to_s
|
20
25
|
end
|
21
26
|
|
22
27
|
TCellAgent.logger.debug "tCell.io API Request: " + full_url
|
23
|
-
request_headers = {
|
24
|
-
:Authorization => 'Bearer ' + TCellAgent.configuration.api_key
|
25
|
-
}
|
26
28
|
|
29
|
+
uri = URI(full_url)
|
30
|
+
req = Net::HTTP::Get.new(uri.request_uri)
|
31
|
+
req['Authorization'] = 'Bearer ' + TCellAgent.configuration.api_key
|
27
32
|
begin
|
28
|
-
|
33
|
+
req['TCellAgent'] = "RubyAgent " + TCellAgent::VERSION
|
29
34
|
rescue Exception => e
|
30
35
|
TCellAgent.logger.debug("tCell.io Could not add agent string: " + e.message)
|
31
36
|
end
|
32
37
|
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
+
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') { |http| http.request(req) }
|
39
|
+
|
40
|
+
if res.is_a?(Net::HTTPSuccess)
|
41
|
+
TCellAgent.logger.debug("tCell.io API Response: #{res.body}")
|
42
|
+
response_json = JSON.parse(res.body)
|
43
|
+
if (response_json && response_json.has_key?("result"))
|
44
|
+
return response_json["result"]
|
45
|
+
end
|
46
|
+
|
47
|
+
return nil
|
48
|
+
|
49
|
+
else
|
50
|
+
TCellAgent.logger.error("Received error response while contacting api: #{res.inspect}")
|
51
|
+
return nil
|
38
52
|
end
|
39
|
-
# else result was null and no new information exists...
|
40
|
-
return nil
|
41
53
|
end
|
42
54
|
|
43
|
-
def
|
55
|
+
def send_event_set(events)
|
44
56
|
if !TCellAgent.configuration || !TCellAgent.configuration.tcell_input_url || !TCellAgent.configuration.app_id
|
45
57
|
raise TCellAgent::ConfigurationException.new("Config Information Not Found, can't send events")
|
46
58
|
end
|
59
|
+
|
47
60
|
if (events == nil)
|
48
61
|
return false
|
49
62
|
end
|
50
|
-
|
51
|
-
|
52
|
-
|
63
|
+
|
64
|
+
eventset = {"uuid" => TCellAgent.configuration.uuid,
|
65
|
+
"hostname" => TCellAgent.configuration.host_identifier,
|
66
|
+
"events" => events }
|
53
67
|
TCellAgent.logger.debug("Sending #{JSON.dump(eventset)}")
|
54
|
-
full_url = TCellAgent.configuration.tcell_input_url +
|
68
|
+
full_url = TCellAgent.configuration.tcell_input_url +
|
69
|
+
"/app/" +
|
70
|
+
TCellAgent.configuration.app_id +
|
71
|
+
"/server_agent"
|
55
72
|
|
56
73
|
TCellAgent.logger.debug("tCell.io SendEvents API Request: " + full_url)
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
74
|
+
|
75
|
+
uri = URI(full_url)
|
76
|
+
req = Net::HTTP::Post.new(uri.request_uri, 'Content-Type' => 'application/json')
|
77
|
+
req.body = JSON.dump(eventset)
|
78
|
+
req['Authorization'] = 'Bearer ' + TCellAgent.configuration.api_key
|
79
|
+
req['Content-Type'] = 'application/json'
|
80
|
+
req['Accept'] = 'application/json'
|
81
|
+
|
62
82
|
begin
|
63
|
-
|
83
|
+
req['TCellAgent'] = "RubyAgent " + TCellAgent::VERSION
|
64
84
|
rescue Exception => e
|
65
85
|
TCellAgent.logger.debug("tCell.io Could not add agent string: " + e.message)
|
66
86
|
end
|
67
|
-
|
68
|
-
|
69
|
-
|
87
|
+
|
88
|
+
res = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') { |http| http.request(req) }
|
89
|
+
|
90
|
+
TCellAgent.logger.debug("tCell.io SendEvents API Response: #{res.code}")
|
91
|
+
|
92
|
+
return res.is_a?(Net::HTTPSuccess)
|
70
93
|
end
|
71
94
|
|
72
95
|
def valid_header?(str)
|
@@ -20,11 +20,12 @@ module TCellAgent
|
|
20
20
|
COOKIE_PARAM => 'cookie'
|
21
21
|
}
|
22
22
|
|
23
|
-
attr_accessor :injections_matcher, :payloads_policy
|
23
|
+
attr_accessor :injections_matcher, :payloads_policy, :collect_full_uri
|
24
24
|
|
25
|
-
def initialize(injections_matcher, payloads_policy)
|
25
|
+
def initialize(injections_matcher, payloads_policy, collect_full_uri)
|
26
26
|
@injections_matcher = injections_matcher
|
27
27
|
@payloads_policy = payloads_policy
|
28
|
+
@collect_full_uri = collect_full_uri
|
28
29
|
end
|
29
30
|
|
30
31
|
def check(appsensor_meta)
|
@@ -51,14 +52,15 @@ module TCellAgent
|
|
51
52
|
vuln_param,
|
52
53
|
meta,
|
53
54
|
payload,
|
54
|
-
pattern
|
55
|
+
pattern,
|
56
|
+
@collect_full_uri)
|
55
57
|
end
|
56
58
|
end
|
57
59
|
|
58
|
-
def self.from_json(version, data_json, payloads_policy)
|
60
|
+
def self.from_json(version, data_json, payloads_policy, collect_full_uri=false)
|
59
61
|
injections_matcher = InjectionsMatcher.from_json(version, data_json)
|
60
62
|
|
61
|
-
InjectionsReporter.new(injections_matcher, payloads_policy)
|
63
|
+
InjectionsReporter.new(injections_matcher, payloads_policy, collect_full_uri)
|
62
64
|
end
|
63
65
|
|
64
66
|
end
|
@@ -5,7 +5,8 @@ module TCellAgent
|
|
5
5
|
|
6
6
|
class Sensor
|
7
7
|
class << self
|
8
|
-
def send_event(appsensor_meta, detection_point, parameter, meta,
|
8
|
+
def send_event(appsensor_meta, detection_point, parameter, meta,
|
9
|
+
payload, pattern, collect_full_uri)
|
9
10
|
event = TCellAgent::SensorEvents::TCellAppSensorEvent.new(
|
10
11
|
appsensor_meta.location,
|
11
12
|
detection_point,
|
@@ -17,13 +18,15 @@ module TCellAgent
|
|
17
18
|
appsensor_meta.session_id,
|
18
19
|
appsensor_meta.user_id,
|
19
20
|
payload,
|
20
|
-
pattern
|
21
|
+
pattern,
|
22
|
+
collect_full_uri
|
21
23
|
)
|
22
24
|
|
23
25
|
TCellAgent.send_event(event)
|
24
26
|
end
|
25
27
|
|
26
|
-
def send_event_from_tcell_data(tcell_data, detection_point, parameter,
|
28
|
+
def send_event_from_tcell_data(tcell_data, detection_point, parameter,
|
29
|
+
meta, collect_full_uri)
|
27
30
|
payload = pattern = nil
|
28
31
|
event = TCellAgent::SensorEvents::TCellAppSensorEvent.new(
|
29
32
|
tcell_data.uri,
|
@@ -36,7 +39,8 @@ module TCellAgent
|
|
36
39
|
tcell_data.session_id,
|
37
40
|
tcell_data.user_id,
|
38
41
|
payload,
|
39
|
-
pattern
|
42
|
+
pattern,
|
43
|
+
collect_full_uri
|
40
44
|
)
|
41
45
|
|
42
46
|
TCellAgent.send_event(event)
|
@@ -0,0 +1,116 @@
|
|
1
|
+
require 'set'
|
2
|
+
|
3
|
+
module TCellAgent
|
4
|
+
module Config
|
5
|
+
module Validate
|
6
|
+
|
7
|
+
def self.get_unknown_options(config_json)
|
8
|
+
messages = []
|
9
|
+
|
10
|
+
known_tcell_env_vars = Set.new([
|
11
|
+
"TCELL_AGENT_SERVER", # this is only meant for specs
|
12
|
+
"TCELL_AGENT_APP_ID",
|
13
|
+
"TCELL_AGENT_API_KEY",
|
14
|
+
"TCELL_HMAC_KEY",
|
15
|
+
"TCELL_AGENT_HOST_IDENTIFIER",
|
16
|
+
"TCELL_API_URL",
|
17
|
+
"TCELL_INPUT_URL",
|
18
|
+
"TCELL_DEMOMODE",
|
19
|
+
"TCELL_AGENT_HOME",
|
20
|
+
"TCELL_AGENT_LOG_DIR",
|
21
|
+
"TCELL_AGENT_CONFIG",
|
22
|
+
"TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS",
|
23
|
+
"TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS",
|
24
|
+
"TCELL_AGENT_HOME_OWNER"])
|
25
|
+
|
26
|
+
ENV.keys.each do |environment_key|
|
27
|
+
if environment_key =~ /^TCELL_/ && !known_tcell_env_vars.include?(environment_key)
|
28
|
+
messages << "Unrecognized environment parameter (TCELL_*) found: #{environment_key}"
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
begin
|
33
|
+
key_differences = []
|
34
|
+
|
35
|
+
if config_json
|
36
|
+
first_level_keys = ["version", "applications"]
|
37
|
+
|
38
|
+
key_differences = config_json.keys - first_level_keys
|
39
|
+
|
40
|
+
applications = config_json.fetch("applications", nil)
|
41
|
+
if applications
|
42
|
+
|
43
|
+
if applications.size > 1
|
44
|
+
messages << "Multiple applications detected in config file"
|
45
|
+
|
46
|
+
elsif applications.size == 1
|
47
|
+
application = applications[0]
|
48
|
+
|
49
|
+
second_level_keys = [
|
50
|
+
"name",
|
51
|
+
"app_id",
|
52
|
+
"api_key",
|
53
|
+
"fetch_policies_from_tcell",
|
54
|
+
"preload_policy_filename",
|
55
|
+
"log_dir",
|
56
|
+
"tcell_api_url",
|
57
|
+
"tcell_input_url",
|
58
|
+
"host_identifier",
|
59
|
+
"hipaaSafeMode",
|
60
|
+
"hmac_key",
|
61
|
+
"js_agent_api_base_url",
|
62
|
+
"js_agent_url",
|
63
|
+
"max_csp_header_bytes",
|
64
|
+
"event_batch_size_limit",
|
65
|
+
"allow_unencrypted_appsensor_payloads",
|
66
|
+
"allow_unencrypted_appfirewall_payloads",
|
67
|
+
"reverse_proxy",
|
68
|
+
"reverse_proxy_ip_address_header",
|
69
|
+
"demomode",
|
70
|
+
"logging_options",
|
71
|
+
"data_exposure",
|
72
|
+
"disable_all",
|
73
|
+
"enabled",
|
74
|
+
"enable_event_manager",
|
75
|
+
"enable_event_consumer",
|
76
|
+
"enable_policy_polling",
|
77
|
+
"enable_instrumentation",
|
78
|
+
"enable_intercept_requests",
|
79
|
+
"instrument_for_events",
|
80
|
+
"agent_home_owner",
|
81
|
+
"enabled_instrumentations"]
|
82
|
+
|
83
|
+
key_differences = key_differences + (application.keys - second_level_keys)
|
84
|
+
|
85
|
+
if application.fetch("logging_options", nil)
|
86
|
+
logging_options = application["logging_options"]
|
87
|
+
key_differences = key_differences + (logging_options.keys - ["enabled", "level", "filename"])
|
88
|
+
end
|
89
|
+
|
90
|
+
if application.fetch("data_exposure", nil)
|
91
|
+
data_exposure = application["data_exposure"]
|
92
|
+
key_differences = key_differences + (data_exposure.keys - ["max_data_ex_db_records_per_request"])
|
93
|
+
end
|
94
|
+
|
95
|
+
if application.fetch("enabled_instrumentations", nil)
|
96
|
+
enabled_instrumentations = application["enabled_instrumentations"]
|
97
|
+
key_differences = key_differences + (enabled_instrumentations.keys - ["doorkeeper", "devise", "authlogic"])
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
key_differences.each do |key|
|
103
|
+
messages << "Unrecognized config setting key: #{key}"
|
104
|
+
end
|
105
|
+
|
106
|
+
end
|
107
|
+
rescue Exception => exception
|
108
|
+
messages << "Something went wrong verifying config file: #{exception}"
|
109
|
+
end
|
110
|
+
|
111
|
+
messages
|
112
|
+
end
|
113
|
+
|
114
|
+
end
|
115
|
+
end
|
116
|
+
end
|