tcell_agent 0.2.29.rc2 → 0.2.29
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/tcell_agent +16 -4
- data/lib/tcell_agent/agent/event_processor.rb +2 -8
- data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -2
- data/lib/tcell_agent/agent/policy_manager.rb +12 -18
- data/lib/tcell_agent/api.rb +50 -27
- data/lib/tcell_agent/appsensor/injections_reporter.rb +7 -5
- data/lib/tcell_agent/appsensor/sensor.rb +8 -4
- data/lib/tcell_agent/config/unknown_options.rb +116 -0
- data/lib/tcell_agent/configuration.rb +17 -20
- data/lib/tcell_agent/instrumentation.rb +0 -1
- data/lib/tcell_agent/logger.rb +17 -21
- data/lib/tcell_agent/patches/block_rule.rb +43 -8
- data/lib/tcell_agent/patches/meta_data.rb +2 -1
- data/lib/tcell_agent/patches/sensors_matcher.rb +2 -1
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +5 -2
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +10 -3
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +8 -3
- data/lib/tcell_agent/policies/appsensor/request_size_sensor.rb +1 -1
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +7 -2
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +7 -3
- data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +3 -5
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +6 -2
- data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +3 -5
- data/lib/tcell_agent/policies/appsensor_policy.rb +11 -6
- data/lib/tcell_agent/policies/content_security_policy.rb +19 -14
- data/lib/tcell_agent/rails/dlp.rb +1 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +10 -7
- data/lib/tcell_agent/rails/on_start.rb +0 -1
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +7 -5
- data/lib/tcell_agent/sinatra.rb +3 -6
- data/lib/tcell_agent/start_background_thread.rb +0 -7
- data/lib/tcell_agent/utils/strings.rb +18 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/api/api_spec.rb +1 -1
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +1 -1
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +188 -0
- data/spec/lib/tcell_agent/configuration_spec.rb +56 -0
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +110 -16
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +226 -293
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +32 -4
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +11 -0
- data/spec/lib/tcell_agent/utils/strings_spec.rb +50 -0
- data/spec/support/static_agent_overrides.rb +1 -1
- data/tcell_agent.gemspec +1 -3
- metadata +9 -37
- data/lib/tcell_agent/rails/tracing.rb +0 -22
- data/spec/integration/puma.rb +0 -195
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'libinjection/libinjection'
|
1
2
|
require 'tcell_agent/policies/appsensor/injection_sensor'
|
2
3
|
|
3
4
|
module TCellAgent
|
@@ -21,11 +22,8 @@ module TCellAgent
|
|
21
22
|
end
|
22
23
|
|
23
24
|
def find_vulnerability(param_name, param_value)
|
24
|
-
if @libinjection
|
25
|
-
|
26
|
-
if Libinjection.is_sqli(param_value) == 1
|
27
|
-
return {"param" => param_name, "value" => param_value, "pattern" => "li"}
|
28
|
-
end
|
25
|
+
if @libinjection && Libinjection.is_sqli(param_value) == 1
|
26
|
+
return {"param" => param_name, "value" => param_value, "pattern" => "li"}
|
29
27
|
end
|
30
28
|
|
31
29
|
super(param_name, param_value)
|
@@ -6,16 +6,18 @@ module TCellAgent
|
|
6
6
|
class UserAgentSensor
|
7
7
|
DP_CODE = "uaempty"
|
8
8
|
|
9
|
-
attr_accessor :enabled, :empty_enabled, :excluded_route_ids
|
9
|
+
attr_accessor :enabled, :empty_enabled, :excluded_route_ids, :collect_full_uri
|
10
10
|
|
11
11
|
def initialize(policy_json=nil)
|
12
12
|
@enabled = false
|
13
13
|
@empty_enabled = false
|
14
14
|
@excluded_route_ids = {}
|
15
|
+
@collect_full_uri = false
|
15
16
|
|
16
17
|
if policy_json
|
17
18
|
@enabled = policy_json.fetch("enabled", false)
|
18
19
|
@empty_enabled = policy_json.fetch("empty_enabled", false)
|
20
|
+
@collect_full_uri = policy_json.fetch("collect_full_uri", @collect_full_uri)
|
19
21
|
|
20
22
|
policy_json.fetch("exclude_routes", []).each do |excluded_route|
|
21
23
|
@excluded_route_ids[excluded_route] = true
|
@@ -30,7 +32,9 @@ module TCellAgent
|
|
30
32
|
|
31
33
|
user_agent = appsensor_meta.user_agent
|
32
34
|
if !user_agent || user_agent.strip == ""
|
33
|
-
TCellAgent::AppSensor::Sensor.send_event(
|
35
|
+
TCellAgent::AppSensor::Sensor.send_event(
|
36
|
+
appsensor_meta, DP_CODE, nil, nil, nil, nil, @collect_full_uri
|
37
|
+
)
|
34
38
|
end
|
35
39
|
end
|
36
40
|
|
@@ -1,3 +1,4 @@
|
|
1
|
+
require 'libinjection/libinjection'
|
1
2
|
require 'tcell_agent/policies/appsensor/injection_sensor'
|
2
3
|
|
3
4
|
module TCellAgent
|
@@ -21,11 +22,8 @@ module TCellAgent
|
|
21
22
|
end
|
22
23
|
|
23
24
|
def find_vulnerability(param_name, param_value)
|
24
|
-
if @libinjection
|
25
|
-
|
26
|
-
if Libinjection.is_xss(param_value) == 1
|
27
|
-
return {"param" => param_name, "value" => param_value, "pattern" => "li"}
|
28
|
-
end
|
25
|
+
if @libinjection && Libinjection.is_xss(param_value) == 1
|
26
|
+
return {"param" => param_name, "value" => param_value, "pattern" => "li"}
|
29
27
|
end
|
30
28
|
|
31
29
|
super(param_name, param_value)
|
@@ -149,26 +149,31 @@ module TCellAgent
|
|
149
149
|
if policy_json["version"] && policy_json["version"] == 2
|
150
150
|
if data_json
|
151
151
|
sensors_json = data_json.fetch("sensors", {})
|
152
|
+
|
152
153
|
if sensors_json.empty?
|
153
154
|
sensor_policy.enabled = false
|
154
155
|
|
155
156
|
else
|
156
157
|
sensor_policy.enabled = true
|
157
158
|
|
159
|
+
options_hash = data_json.fetch("options", {})
|
160
|
+
collect_full_uri = options_hash.fetch("uri_options", {}).fetch("collect_full_uri", false)
|
161
|
+
|
158
162
|
DETECTION_POINTS_V2_NON_INJECTION.each do |sensor_name, sensor_class|
|
159
163
|
settings = sensors_json.fetch(sensor_name, {})
|
160
164
|
updated_settings = {
|
161
|
-
"enabled" => sensors_json.has_key?(sensor_name)
|
165
|
+
"enabled" => sensors_json.has_key?(sensor_name),
|
166
|
+
"collect_full_uri" => collect_full_uri
|
162
167
|
}.merge(settings)
|
163
168
|
|
164
|
-
sensor_policy.options[sensor_name] =
|
169
|
+
sensor_policy.options[sensor_name] =
|
170
|
+
sensor_class.new(updated_settings)
|
165
171
|
end
|
166
172
|
|
167
|
-
payloads_policy = PayloadsPolicy.from_json(
|
168
|
-
data_json.fetch("options", {})
|
169
|
-
)
|
173
|
+
payloads_policy = PayloadsPolicy.from_json(options_hash)
|
170
174
|
sensor_policy.injections_reporter =
|
171
|
-
TCellAgent::AppSensor::InjectionsReporter.from_json(
|
175
|
+
TCellAgent::AppSensor::InjectionsReporter.from_json(
|
176
|
+
2, sensors_json, payloads_policy, collect_full_uri)
|
172
177
|
end
|
173
178
|
end
|
174
179
|
|
@@ -40,11 +40,6 @@ module TCellAgent
|
|
40
40
|
self.raw_value = value
|
41
41
|
self.report_uri = report_uri
|
42
42
|
end
|
43
|
-
def self.jhash(str)
|
44
|
-
str.each_char.reduce(0) do |result, char|
|
45
|
-
[((result << 5) - result) + char.ord].pack('L').unpack('l').first
|
46
|
-
end
|
47
|
-
end
|
48
43
|
def value(transaction_id=nil, route_id=nil, session_id=nil, user_id=nil)
|
49
44
|
if !self.report_uri
|
50
45
|
return self.raw_value
|
@@ -66,7 +61,7 @@ module TCellAgent
|
|
66
61
|
end
|
67
62
|
report_uri = uri.to_s
|
68
63
|
if self.policy_id
|
69
|
-
checksum =
|
64
|
+
checksum = TCellAgent::Utils::Strings.java_hashcode(self.policy_id + report_uri)
|
70
65
|
if new_query_ar != []
|
71
66
|
report_uri = report_uri + "&"
|
72
67
|
else
|
@@ -85,17 +80,27 @@ module TCellAgent
|
|
85
80
|
attr_accessor :policy_id
|
86
81
|
attr_accessor :js_agent_api_key
|
87
82
|
|
88
|
-
def
|
89
|
-
|
90
|
-
|
83
|
+
def each_header_pair(transaction_id=nil, route_id=nil, hmac_session_id=nil, user_id=nil, path=nil)
|
84
|
+
max_csp_header_bytes = TCellAgent.configuration.max_csp_header_bytes
|
85
|
+
|
86
|
+
headers.each do |header|
|
91
87
|
header_value = header.value(transaction_id, route_id, hmac_session_id)
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
88
|
+
|
89
|
+
if !max_csp_header_bytes || header_value.bytesize <= max_csp_header_bytes
|
90
|
+
header_names = ContentSecurityPolicy.cspHeadersForType(header.type)
|
91
|
+
header_names.each do | header_name |
|
92
|
+
yield(header_name, header_value)
|
93
|
+
end
|
94
|
+
|
95
|
+
else
|
96
|
+
TCellAgent.logger.warn(
|
97
|
+
"[RouteID=#{route_id},Path=#{path}] CSP header(#{header_value.bytesize}) " +
|
98
|
+
"is bigger than configured max_csp_header_bytes(#{max_csp_header_bytes})"
|
99
|
+
)
|
100
|
+
end
|
96
101
|
end
|
97
|
-
result.each(&block)
|
98
102
|
end
|
103
|
+
|
99
104
|
def self.from_json(policy_json)
|
100
105
|
if (!policy_json)
|
101
106
|
return nil
|
@@ -127,7 +127,7 @@ module TCellAgent
|
|
127
127
|
if appsensor_policy
|
128
128
|
request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
|
129
129
|
tcell_data = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
130
|
-
if tcell_data &&
|
130
|
+
if tcell_data && result.is_a?(ActiveRecord::StatementInvalid)
|
131
131
|
appsensor_policy.sql_exception_detected(tcell_data, result)
|
132
132
|
end
|
133
133
|
end
|
@@ -57,12 +57,15 @@ module TCellAgent
|
|
57
57
|
content_security_policy = TCellAgent.policy(TCellAgent::PolicyTypes::CSP)
|
58
58
|
|
59
59
|
if content_security_policy
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
60
|
+
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
61
|
+
content_security_policy.each_header_pair(
|
62
|
+
tcell_context.transaction_id,
|
63
|
+
tcell_context.route_id,
|
64
|
+
tcell_context.hmac_session_id,
|
65
|
+
tcell_context.user_id,
|
66
|
+
tcell_context.path
|
67
|
+
) do |header_name, header_value|
|
68
|
+
headers[header_name] = header_value
|
66
69
|
end
|
67
70
|
end
|
68
71
|
response = [status, headers, active_response]
|
@@ -187,7 +190,7 @@ module TCellAgent
|
|
187
190
|
appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
|
188
191
|
if appsensor_policy
|
189
192
|
event = TCellAgent::SensorEvents::AppSensorMetaEvent.build(
|
190
|
-
request, content_length, status_code
|
193
|
+
request, content_length, status_code, response_headers
|
191
194
|
)
|
192
195
|
TCellAgent.send_event(event)
|
193
196
|
|
@@ -8,7 +8,6 @@ require 'tcell_agent/configuration'
|
|
8
8
|
|
9
9
|
require 'tcell_agent/rails/routes'
|
10
10
|
require 'tcell_agent/rails/dlp/process_request'
|
11
|
-
require 'tcell_agent/rails/tracing'
|
12
11
|
|
13
12
|
TCellAgent::Instrumentation::Rails.send_language_info
|
14
13
|
TCellAgent::Instrumentation::Rails.send_framework_info
|
@@ -12,11 +12,12 @@ module TCellAgent
|
|
12
12
|
remote_addr,
|
13
13
|
param,
|
14
14
|
route_id,
|
15
|
-
meta
|
16
|
-
hmac_session_id
|
17
|
-
user_id
|
18
|
-
payload
|
19
|
-
pattern
|
15
|
+
meta,
|
16
|
+
hmac_session_id,
|
17
|
+
user_id,
|
18
|
+
payload,
|
19
|
+
pattern,
|
20
|
+
collect_full_uri)
|
20
21
|
super("as")
|
21
22
|
self["dp"] = detection_point
|
22
23
|
self["param"] = param.to_s if param
|
@@ -30,6 +31,7 @@ module TCellAgent
|
|
30
31
|
self["pattern"] = pattern if pattern
|
31
32
|
self["meta"] = meta if meta
|
32
33
|
self["rid"] = route_id if route_id
|
34
|
+
self["full_uri"] = location if collect_full_uri && location
|
33
35
|
end
|
34
36
|
|
35
37
|
def post_process
|
data/lib/tcell_agent/sinatra.rb
CHANGED
@@ -8,18 +8,15 @@ require 'tcell_agent/instrumentation'
|
|
8
8
|
module TCellAgent
|
9
9
|
class Sinatra::Response
|
10
10
|
include Sinatra
|
11
|
+
|
11
12
|
alias_method :original_finish, :finish
|
12
13
|
def finish
|
13
14
|
status, headers, response = original_finish
|
14
|
-
|
15
15
|
TCellAgent::Instrumentation.safe_block("Setting CSP Headers") {
|
16
16
|
content_security_policy = TCellAgent.policy(TCellAgent::PolicyTypes::CSP)
|
17
17
|
if content_security_policy
|
18
|
-
content_security_policy.
|
19
|
-
|
20
|
-
nil,
|
21
|
-
nil) do | header_pair |
|
22
|
-
headers[header_pair["name"]] = header_pair["value"]
|
18
|
+
content_security_policy.each_header_pair do |header_name, header_value|
|
19
|
+
headers[header_name] = header_value
|
23
20
|
end
|
24
21
|
end
|
25
22
|
}
|
@@ -2,12 +2,6 @@
|
|
2
2
|
require 'tcell_agent/configuration'
|
3
3
|
|
4
4
|
if (TCellAgent.configuration.disable_all == false)
|
5
|
-
require 'objspace'
|
6
|
-
|
7
|
-
if ObjectSpace.respond_to?(:trace_object_allocations_start)
|
8
|
-
ObjectSpace.trace_object_allocations_start
|
9
|
-
end
|
10
|
-
|
11
5
|
require 'tcell_agent/logger'
|
12
6
|
require 'tcell_agent/agent'
|
13
7
|
require 'thread'
|
@@ -18,7 +12,6 @@ if (TCellAgent.configuration.disable_all == false)
|
|
18
12
|
def self.run_instrumentation(server_name, send_startup_events=true)
|
19
13
|
|
20
14
|
require 'tcell_agent/rails/on_start' if defined?(Rails)
|
21
|
-
require 'rbtrace'
|
22
15
|
|
23
16
|
TCellAgent::Instrumentation.safe_block("Starting thread agent") do
|
24
17
|
TCellAgent.logger.debug("Instrumenting: #{server_name}")
|
@@ -10,6 +10,24 @@ module TCellAgent
|
|
10
10
|
def self.present?(str)
|
11
11
|
!self.blank?(str)
|
12
12
|
end
|
13
|
+
|
14
|
+
def self.remove_trailing_slash(path)
|
15
|
+
if path && path != "/"
|
16
|
+
return path.chomp("/")
|
17
|
+
end
|
18
|
+
|
19
|
+
return path
|
20
|
+
end
|
21
|
+
|
22
|
+
# emulate the java String.hashcode() without upcasting to BigInt
|
23
|
+
def self.java_hashcode(str)
|
24
|
+
result = 0
|
25
|
+
str.each_codepoint do |cp|
|
26
|
+
# prevent overflow into BigInt which would cause heap allocs + emulate c-style int32 signed add overflow
|
27
|
+
result = ((((((result & 0x07FFFFFF) << 5) - result) + cp) + 0x80000000) & 0xFFFFFFFF) - 0x80000000
|
28
|
+
end
|
29
|
+
result
|
30
|
+
end
|
13
31
|
end
|
14
32
|
end
|
15
33
|
end
|
data/lib/tcell_agent/version.rb
CHANGED
@@ -26,7 +26,7 @@ module TCellAgent
|
|
26
26
|
} })
|
27
27
|
|
28
28
|
# to_return(:body => resbody,
|
29
|
-
result = tapi.
|
29
|
+
result = tapi.poll_api()
|
30
30
|
TCellAgent.configuration.app_id = nil
|
31
31
|
TCellAgent.configuration.api_key = nil
|
32
32
|
expect(result["csp-headers"]["app_id"]).to eq("testapp-Becwu")
|
@@ -9,7 +9,7 @@ module TCellAgent
|
|
9
9
|
before(:each) do
|
10
10
|
@payloads_policy = double("payloads_policy")
|
11
11
|
@injections_matcher = double("injections_matcher")
|
12
|
-
@injections_reporter = InjectionsReporter.new(@injections_matcher, @payloads_policy)
|
12
|
+
@injections_reporter = InjectionsReporter.new(@injections_matcher, @payloads_policy, false)
|
13
13
|
|
14
14
|
@appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new
|
15
15
|
@appsensor_meta.remote_address = "remote_address"
|
@@ -0,0 +1,188 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module TCellAgent
|
4
|
+
module Config
|
5
|
+
|
6
|
+
describe Validate do
|
7
|
+
describe ".get_unknown_options" do
|
8
|
+
context "with an unknown tcell environment variable set" do
|
9
|
+
it "should return a message about the unknown variable" do
|
10
|
+
|
11
|
+
orig_allow_uap = ENV.fetch("TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS", nil)
|
12
|
+
orig_allow_uafp = ENV.fetch("TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS", nil)
|
13
|
+
orig_demomode = ENV.fetch("TCELL_DEMOMODE", nil)
|
14
|
+
orig_agent_home = ENV.fetch("TCELL_AGENT_HOME", nil)
|
15
|
+
orig_agent_log_dir = ENV.fetch("TCELL_AGENT_LOG_DIR", nil)
|
16
|
+
orig_agent_config = ENV.fetch("TCELL_AGENT_CONFIG", nil)
|
17
|
+
orig_agent_app_id = ENV.fetch("TCELL_AGENT_APP_ID", nil)
|
18
|
+
orig_agent_api_key = ENV.fetch("TCELL_AGENT_API_KEY", nil)
|
19
|
+
orig_agent_host_identifier = ENV.fetch("TCELL_AGENT_HOST_IDENTIFIER", nil)
|
20
|
+
orig_input_url = ENV.fetch("TCELL_INPUT_URL", nil)
|
21
|
+
orig_hmac_key = ENV.fetch("TCELL_HMAC_KEY", nil)
|
22
|
+
orig_api_url = ENV.fetch("TCELL_API_URL", nil)
|
23
|
+
|
24
|
+
ENV["TCELL_HACK"] = "hack the system"
|
25
|
+
ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"] = "valid"
|
26
|
+
ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"] = "valid"
|
27
|
+
ENV["TCELL_DEMOMODE"] = "valid"
|
28
|
+
ENV["TCELL_AGENT_HOME"] = "valid"
|
29
|
+
ENV["TCELL_AGENT_LOG_DIR"] = "valid"
|
30
|
+
ENV["TCELL_AGENT_CONFIG"] = "valid"
|
31
|
+
ENV["TCELL_AGENT_APP_ID"] = "valid"
|
32
|
+
ENV["TCELL_AGENT_API_KEY"] = "valid"
|
33
|
+
ENV["TCELL_AGENT_HOST_IDENTIFIER"] = "valid"
|
34
|
+
ENV["TCELL_INPUT_URL"] = "valid"
|
35
|
+
ENV["TCELL_HMAC_KEY"] = "valid"
|
36
|
+
ENV["TCELL_API_URL"] = "valid"
|
37
|
+
|
38
|
+
messages = Validate.get_unknown_options(nil)
|
39
|
+
|
40
|
+
ENV.delete "TCELL_HACK"
|
41
|
+
if orig_allow_uap
|
42
|
+
ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"] = orig_allow_uap
|
43
|
+
else
|
44
|
+
ENV.delete "TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"
|
45
|
+
end
|
46
|
+
|
47
|
+
if orig_allow_uafp
|
48
|
+
ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"] = orig_allow_uafp
|
49
|
+
else
|
50
|
+
ENV.delete "TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"
|
51
|
+
end
|
52
|
+
if orig_demomode
|
53
|
+
ENV["TCELL_DEMOMODE"] = orig_demomode
|
54
|
+
else
|
55
|
+
ENV.delete "TCELL_DEMOMODE"
|
56
|
+
end
|
57
|
+
if orig_agent_home
|
58
|
+
ENV["TCELL_AGENT_HOME"] = orig_agent_home
|
59
|
+
else
|
60
|
+
ENV.delete "TCELL_AGENT_HOME"
|
61
|
+
end
|
62
|
+
if orig_agent_log_dir
|
63
|
+
ENV["TCELL_AGENT_LOG_DIR"] = orig_agent_log_dir
|
64
|
+
else
|
65
|
+
ENV.delete "TCELL_AGENT_LOG_DIR"
|
66
|
+
end
|
67
|
+
if orig_agent_config
|
68
|
+
ENV["TCELL_AGENT_CONFIG"] = orig_agent_config
|
69
|
+
else
|
70
|
+
ENV.delete "TCELL_AGENT_CONFIG"
|
71
|
+
end
|
72
|
+
if orig_agent_app_id
|
73
|
+
ENV["TCELL_AGENT_APP_ID"] = orig_agent_app_id
|
74
|
+
else
|
75
|
+
ENV.delete "TCELL_AGENT_APP_ID"
|
76
|
+
end
|
77
|
+
if orig_agent_api_key
|
78
|
+
ENV["TCELL_AGENT_API_KEY"] = orig_agent_api_key
|
79
|
+
else
|
80
|
+
ENV.delete "TCELL_AGENT_API_KEY"
|
81
|
+
end
|
82
|
+
if orig_agent_host_identifier
|
83
|
+
ENV["TCELL_AGENT_HOST_IDENTIFIER"] = orig_agent_host_identifier
|
84
|
+
else
|
85
|
+
ENV.delete "TCELL_AGENT_HOST_IDENTIFIER"
|
86
|
+
end
|
87
|
+
if orig_input_url
|
88
|
+
ENV["TCELL_INPUT_URL"] = orig_input_url
|
89
|
+
else
|
90
|
+
ENV.delete "TCELL_INPUT_URL"
|
91
|
+
end
|
92
|
+
if orig_hmac_key
|
93
|
+
ENV["TCELL_HMAC_KEY"] = orig_hmac_key
|
94
|
+
else
|
95
|
+
ENV.delete "TCELL_HMAC_KEY"
|
96
|
+
end
|
97
|
+
if orig_api_url
|
98
|
+
ENV["TCELL_API_URL"] = orig_api_url
|
99
|
+
else
|
100
|
+
ENV.delete "TCELL_API_URL"
|
101
|
+
end
|
102
|
+
|
103
|
+
expect(messages.sort).to eq([
|
104
|
+
"Unrecognized environment parameter (TCELL_*) found: TCELL_HACK"
|
105
|
+
])
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
context "with a config json with all options including some extra ones" do
|
110
|
+
it "should report the extra options in messages" do
|
111
|
+
config_json = {
|
112
|
+
"first_level" => "boo",
|
113
|
+
"version" => 1,
|
114
|
+
"applications" => [{
|
115
|
+
"second_level" => "boo",
|
116
|
+
"name" => "name",
|
117
|
+
"app_id" => "app id",
|
118
|
+
"api_key" => "api key",
|
119
|
+
"fetch_policies_from_tcell" => true,
|
120
|
+
"preload_policy_filename" => "preload policy filename",
|
121
|
+
"log_dir" => "custom log dir",
|
122
|
+
"logging_options" => {
|
123
|
+
"logging_level" => "boo",
|
124
|
+
"enabled" => true,
|
125
|
+
"level" => "DEBUG",
|
126
|
+
"filename" => "filename"},
|
127
|
+
"tcell_api_url" => "tcell api url",
|
128
|
+
"tcell_input_url" => "tcell input url",
|
129
|
+
"host_identifier" => "host identifier",
|
130
|
+
"hipaaSafeMode" => "hipaa safe mode",
|
131
|
+
"hmac_key" => "hmac key",
|
132
|
+
"js_agent_api_base_url" => "js agent api base url",
|
133
|
+
"js_agent_url" => "js agent url",
|
134
|
+
"max_csp_header_bytes" => 512,
|
135
|
+
"event_batch_size_limit" => 50,
|
136
|
+
"allow_unencrypted_appsensor_payloads" => true,
|
137
|
+
"allow_unencrypted_appfirewall_payloads" => true,
|
138
|
+
"data_exposure" => {
|
139
|
+
"data_ex_level" => "boo",
|
140
|
+
"max_data_ex_db_records_per_request" => 10000},
|
141
|
+
"reverse_proxy" => true,
|
142
|
+
"reverse_proxy_ip_address_header" => "reverse proxy ip address header",
|
143
|
+
"demomode" => true,
|
144
|
+
# Ruby only
|
145
|
+
"disable_all" => false,
|
146
|
+
"enabled" => true,
|
147
|
+
"enable_event_manager" => true,
|
148
|
+
"enable_event_consumer" => true,
|
149
|
+
"enable_policy_polling" => true,
|
150
|
+
"enable_instrumentation" => true,
|
151
|
+
"enable_intercept_requests" => true,
|
152
|
+
"instrument_for_events" => true,
|
153
|
+
"agent_home_owner" => true,
|
154
|
+
"enabled_instrumentations" => {
|
155
|
+
"enabled_instrumentations_level" => "blah",
|
156
|
+
"doorkeeper" => true,
|
157
|
+
"devise" => true,
|
158
|
+
"authlogic" => true}}]}
|
159
|
+
|
160
|
+
messages = Validate.get_unknown_options(config_json)
|
161
|
+
|
162
|
+
expect(messages.sort).to eq([
|
163
|
+
"Unrecognized config setting key: data_ex_level",
|
164
|
+
"Unrecognized config setting key: enabled_instrumentations_level",
|
165
|
+
"Unrecognized config setting key: first_level",
|
166
|
+
"Unrecognized config setting key: logging_level",
|
167
|
+
"Unrecognized config setting key: second_level"
|
168
|
+
])
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
172
|
+
context "with a config json that has more than one application" do
|
173
|
+
it "should report the misconfiguration" do
|
174
|
+
config_json = {"version" => 1, "applications" => [{}, {}]}
|
175
|
+
|
176
|
+
messages = Validate.get_unknown_options(config_json)
|
177
|
+
|
178
|
+
expect(messages.sort).to eq([
|
179
|
+
"Multiple applications detected in config file"
|
180
|
+
])
|
181
|
+
end
|
182
|
+
end
|
183
|
+
end
|
184
|
+
end
|
185
|
+
|
186
|
+
end
|
187
|
+
end
|
188
|
+
|