tcell_agent 0.2.29 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Readme.txt +7 -0
- data/bin/tcell_agent +9 -0
- data/lib/tcell_agent/agent/policy_manager.rb +3 -0
- data/lib/tcell_agent/agent/policy_types.rb +4 -1
- data/lib/tcell_agent/appsensor/injections_matcher.rb +20 -0
- data/lib/tcell_agent/appsensor/injections_reporter.rb +15 -56
- data/lib/tcell_agent/appsensor/meta_data.rb +56 -2
- data/lib/tcell_agent/appsensor/rules/baserules.json +371 -138
- data/lib/tcell_agent/cmdi.rb +113 -0
- data/lib/tcell_agent/config/unknown_options.rb +2 -0
- data/lib/tcell_agent/configuration.rb +30 -16
- data/lib/tcell_agent/hooks/login_fraud.rb +79 -0
- data/lib/tcell_agent/instrumentation.rb +6 -11
- data/lib/tcell_agent/patches/meta_data.rb +14 -11
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +5 -9
- data/lib/tcell_agent/policies/appsensor_policy.rb +22 -206
- data/lib/tcell_agent/policies/clickjacking_policy.rb +4 -2
- data/lib/tcell_agent/policies/command_injection_policy.rb +196 -0
- data/lib/tcell_agent/policies/content_security_policy.rb +3 -2
- data/lib/tcell_agent/policies/dataloss_policy.rb +3 -1
- data/lib/tcell_agent/policies/honeytokens_policy.rb +3 -1
- data/lib/tcell_agent/policies/http_redirect_policy.rb +51 -37
- data/lib/tcell_agent/policies/http_tx_policy.rb +5 -1
- data/lib/tcell_agent/policies/login_fraud_policy.rb +6 -1
- data/lib/tcell_agent/policies/patches_policy.rb +3 -1
- data/lib/tcell_agent/policies/policy.rb +10 -0
- data/lib/tcell_agent/policies/secure_headers_policy.rb +5 -2
- data/lib/tcell_agent/rails/auth/devise.rb +12 -23
- data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
- data/lib/tcell_agent/rails/dlp.rb +50 -54
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +0 -1
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +0 -1
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +7 -10
- data/lib/tcell_agent/rails/on_start.rb +0 -1
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +4 -4
- data/lib/tcell_agent/rails.rb +0 -2
- data/lib/tcell_agent/rust/libtcellagent-0.6.1.dylib +0 -0
- data/lib/tcell_agent/rust/libtcellagent-0.6.1.so +0 -0
- data/lib/tcell_agent/rust/models.rb +61 -0
- data/lib/tcell_agent/rust/tcellagent-0.6.1.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +112 -0
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +25 -21
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +31 -24
- data/lib/tcell_agent/sensor_events/command_injection.rb +58 -0
- data/lib/tcell_agent/sensor_events/discovery.rb +1 -1
- data/lib/tcell_agent/sensor_events/login_fraud.rb +3 -13
- data/lib/tcell_agent/sensor_events/sensor.rb +81 -77
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +8 -0
- data/lib/tcell_agent/start_background_thread.rb +12 -3
- data/lib/tcell_agent/utils/io.rb +4 -1
- data/lib/tcell_agent/utils/params.rb +1 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/lib/tcell_agent.rb +0 -1
- data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +27 -9
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +143 -193
- data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +67 -0
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +0 -10
- data/spec/lib/tcell_agent/cmdi_spec.rb +748 -0
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +8 -0
- data/spec/lib/tcell_agent/configuration_spec.rb +138 -6
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +357 -0
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +70 -87
- data/spec/lib/tcell_agent/patches_spec.rb +9 -4
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +186 -9
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +309 -484
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +736 -0
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +222 -41
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +56 -32
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +161 -85
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +40 -72
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +267 -0
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +20 -15
- data/spec/spec_helper.rb +0 -9
- data/tcell_agent.gemspec +8 -3
- metadata +40 -39
- data/lib/tcell_agent/appsensor/sensor.rb +0 -52
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +0 -56
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +0 -59
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +0 -150
- data/lib/tcell_agent/policies/appsensor/request_size_sensor.rb +0 -25
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +0 -73
- data/lib/tcell_agent/policies/appsensor/response_size_sensor.rb +0 -25
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +0 -71
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +0 -47
- data/lib/tcell_agent/rails/auth/hooks.rb +0 -79
- data/lib/tcell_agent/sensor_events/util/redirect_utils.rb +0 -22
- data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +0 -165
- data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +0 -429
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +0 -466
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +0 -890
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +0 -417
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +0 -236
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +0 -297
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +0 -241
- data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +0 -172
- data/spec/lib/tcell_agent/rails/auth/hooks_spec.rb +0 -246
- data/spec/lib/tcell_agent/sensor_events/util/redirect_utils_spec.rb +0 -25
- data/spec/support/resources/baserules.json +0 -155
|
@@ -71,14 +71,20 @@ module TCellAgent
|
|
|
71
71
|
|
|
72
72
|
context "with an rid" do
|
|
73
73
|
context "that matches the request" do
|
|
74
|
+
before(:each) do
|
|
75
|
+
@meta_data = TCellAgent::Patches::MetaData.new(
|
|
76
|
+
"get",
|
|
77
|
+
"1.1.1.1",
|
|
78
|
+
"route_id",
|
|
79
|
+
"session_id",
|
|
80
|
+
"user_id",
|
|
81
|
+
"transaction_id")
|
|
82
|
+
end
|
|
83
|
+
|
|
74
84
|
context "with empty sensors" do
|
|
75
85
|
it "should return true" do
|
|
76
86
|
injections_matcher = double("injections_matcher")
|
|
77
87
|
|
|
78
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
79
|
-
meta_data.remote_address = "1.1.1.1"
|
|
80
|
-
meta_data.route_id = "route_id"
|
|
81
|
-
|
|
82
88
|
block_rule = BlockRule.new(
|
|
83
89
|
Set.new,
|
|
84
90
|
Set.new(["route_id"]),
|
|
@@ -90,7 +96,7 @@ module TCellAgent
|
|
|
90
96
|
|
|
91
97
|
expect(injections_matcher).to receive(:enabled).and_return(false)
|
|
92
98
|
|
|
93
|
-
expect(block_rule.block?(meta_data)).to eq(true)
|
|
99
|
+
expect(block_rule.block?(@meta_data)).to eq(true)
|
|
94
100
|
end
|
|
95
101
|
end
|
|
96
102
|
|
|
@@ -99,10 +105,6 @@ module TCellAgent
|
|
|
99
105
|
it "should return false" do
|
|
100
106
|
injections_matcher = double("injections_matcher")
|
|
101
107
|
|
|
102
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
103
|
-
meta_data.remote_address = "1.1.1.1"
|
|
104
|
-
meta_data.route_id = "route_id"
|
|
105
|
-
|
|
106
108
|
block_rule = BlockRule.new(
|
|
107
109
|
Set.new,
|
|
108
110
|
Set.new(["route_id"]),
|
|
@@ -115,7 +117,7 @@ module TCellAgent
|
|
|
115
117
|
expect(injections_matcher).to receive(:enabled).and_return(true)
|
|
116
118
|
expect(injections_matcher).to receive(:each_injection)
|
|
117
119
|
|
|
118
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
120
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
119
121
|
end
|
|
120
122
|
end
|
|
121
123
|
|
|
@@ -123,10 +125,6 @@ module TCellAgent
|
|
|
123
125
|
it "should return true" do
|
|
124
126
|
injections_matcher = double("injections_matcher")
|
|
125
127
|
|
|
126
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
127
|
-
meta_data.remote_address = "1.1.1.1"
|
|
128
|
-
meta_data.route_id = "route_id"
|
|
129
|
-
|
|
130
128
|
block_rule = BlockRule.new(
|
|
131
129
|
Set.new,
|
|
132
130
|
Set.new(["route_id"]),
|
|
@@ -141,21 +139,27 @@ module TCellAgent
|
|
|
141
139
|
block.call(double("injection_attempt"))
|
|
142
140
|
end
|
|
143
141
|
|
|
144
|
-
expect(block_rule.block?(meta_data)).to eq(true)
|
|
142
|
+
expect(block_rule.block?(@meta_data)).to eq(true)
|
|
145
143
|
end
|
|
146
144
|
end
|
|
147
145
|
end
|
|
148
146
|
end
|
|
149
147
|
|
|
150
148
|
context "that does not match the request" do
|
|
149
|
+
before(:each) do
|
|
150
|
+
@meta_data = TCellAgent::Patches::MetaData.new(
|
|
151
|
+
"get",
|
|
152
|
+
"1.1.1.1",
|
|
153
|
+
"non_matching_route_id",
|
|
154
|
+
"session_id",
|
|
155
|
+
"user_id",
|
|
156
|
+
"transaction_id")
|
|
157
|
+
end
|
|
158
|
+
|
|
151
159
|
context "with empty sensors" do
|
|
152
160
|
it "should return false" do
|
|
153
161
|
injections_matcher = double("injections_matcher")
|
|
154
162
|
|
|
155
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
156
|
-
meta_data.remote_address = "1.1.1.1"
|
|
157
|
-
meta_data.route_id = "non_matching_route_id"
|
|
158
|
-
|
|
159
163
|
block_rule = BlockRule.new(
|
|
160
164
|
Set.new,
|
|
161
165
|
Set.new(["route_id"]),
|
|
@@ -167,7 +171,7 @@ module TCellAgent
|
|
|
167
171
|
|
|
168
172
|
expect(injections_matcher).to_not receive(:enabled)
|
|
169
173
|
|
|
170
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
174
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
171
175
|
end
|
|
172
176
|
end
|
|
173
177
|
|
|
@@ -176,10 +180,6 @@ module TCellAgent
|
|
|
176
180
|
it "should return false" do
|
|
177
181
|
injections_matcher = double("injections_matcher")
|
|
178
182
|
|
|
179
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
180
|
-
meta_data.remote_address = "1.1.1.1"
|
|
181
|
-
meta_data.route_id = "non_matching_route_id"
|
|
182
|
-
|
|
183
183
|
block_rule = BlockRule.new(
|
|
184
184
|
Set.new,
|
|
185
185
|
Set.new(["route_id"]),
|
|
@@ -191,7 +191,7 @@ module TCellAgent
|
|
|
191
191
|
|
|
192
192
|
expect(injections_matcher).to_not receive(:enabled)
|
|
193
193
|
|
|
194
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
194
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
195
195
|
end
|
|
196
196
|
end
|
|
197
197
|
|
|
@@ -199,10 +199,6 @@ module TCellAgent
|
|
|
199
199
|
it "should return false" do
|
|
200
200
|
injections_matcher = double("injections_matcher")
|
|
201
201
|
|
|
202
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
203
|
-
meta_data.remote_address = "1.1.1.1"
|
|
204
|
-
meta_data.route_id = "non_matching_route_id"
|
|
205
|
-
|
|
206
202
|
block_rule = BlockRule.new(
|
|
207
203
|
Set.new,
|
|
208
204
|
Set.new(["route_id"]),
|
|
@@ -214,7 +210,7 @@ module TCellAgent
|
|
|
214
210
|
|
|
215
211
|
expect(injections_matcher).to_not receive(:enabled)
|
|
216
212
|
|
|
217
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
213
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
218
214
|
end
|
|
219
215
|
end
|
|
220
216
|
end
|
|
@@ -223,14 +219,20 @@ module TCellAgent
|
|
|
223
219
|
end
|
|
224
220
|
|
|
225
221
|
context "with ips" do
|
|
222
|
+
before(:each) do
|
|
223
|
+
@meta_data = TCellAgent::Patches::MetaData.new(
|
|
224
|
+
"get",
|
|
225
|
+
"1.1.1.1",
|
|
226
|
+
"route_id",
|
|
227
|
+
"session_id",
|
|
228
|
+
"user_id",
|
|
229
|
+
"transaction_id")
|
|
230
|
+
end
|
|
231
|
+
|
|
226
232
|
context "that does not match the request" do
|
|
227
233
|
it "should return false" do
|
|
228
234
|
injections_matcher = double("injections_matcher")
|
|
229
235
|
|
|
230
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
231
|
-
meta_data.remote_address = "1.1.1.1"
|
|
232
|
-
meta_data.route_id = "route_id"
|
|
233
|
-
|
|
234
236
|
block_rule = BlockRule.new(
|
|
235
237
|
Set.new(["2.2.2.2"]),
|
|
236
238
|
Set.new(["route_id"]),
|
|
@@ -242,7 +244,7 @@ module TCellAgent
|
|
|
242
244
|
|
|
243
245
|
expect(injections_matcher).to_not receive(:enabled)
|
|
244
246
|
|
|
245
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
247
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
246
248
|
end
|
|
247
249
|
end
|
|
248
250
|
|
|
@@ -253,10 +255,6 @@ module TCellAgent
|
|
|
253
255
|
it "should return true" do
|
|
254
256
|
injections_matcher = double("injections_matcher")
|
|
255
257
|
|
|
256
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
257
|
-
meta_data.remote_address = "1.1.1.1"
|
|
258
|
-
meta_data.route_id = "route_id"
|
|
259
|
-
|
|
260
258
|
block_rule = BlockRule.new(
|
|
261
259
|
Set.new(["1.1.1.1"]),
|
|
262
260
|
Set.new(["route_id"]),
|
|
@@ -268,7 +266,7 @@ module TCellAgent
|
|
|
268
266
|
|
|
269
267
|
expect(injections_matcher).to receive(:enabled).and_return(false)
|
|
270
268
|
|
|
271
|
-
expect(block_rule.block?(meta_data)).to eq(true)
|
|
269
|
+
expect(block_rule.block?(@meta_data)).to eq(true)
|
|
272
270
|
end
|
|
273
271
|
end
|
|
274
272
|
|
|
@@ -277,10 +275,6 @@ module TCellAgent
|
|
|
277
275
|
it "should return false" do
|
|
278
276
|
injections_matcher = double("injections_matcher")
|
|
279
277
|
|
|
280
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
281
|
-
meta_data.remote_address = "1.1.1.1"
|
|
282
|
-
meta_data.route_id = "route_id"
|
|
283
|
-
|
|
284
278
|
block_rule = BlockRule.new(
|
|
285
279
|
Set.new(["1.1.1.1"]),
|
|
286
280
|
Set.new(["route_id"]),
|
|
@@ -293,7 +287,7 @@ module TCellAgent
|
|
|
293
287
|
expect(injections_matcher).to receive(:enabled).and_return(true)
|
|
294
288
|
expect(injections_matcher).to receive(:each_injection)
|
|
295
289
|
|
|
296
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
290
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
297
291
|
end
|
|
298
292
|
end
|
|
299
293
|
|
|
@@ -301,10 +295,6 @@ module TCellAgent
|
|
|
301
295
|
it "should return true" do
|
|
302
296
|
injections_matcher = double("injections_matcher")
|
|
303
297
|
|
|
304
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
305
|
-
meta_data.remote_address = "1.1.1.1"
|
|
306
|
-
meta_data.route_id = "route_id"
|
|
307
|
-
|
|
308
298
|
block_rule = BlockRule.new(
|
|
309
299
|
Set.new(["1.1.1.1"]),
|
|
310
300
|
Set.new(["route_id"]),
|
|
@@ -319,21 +309,20 @@ module TCellAgent
|
|
|
319
309
|
block.call(double("injection_attempt"))
|
|
320
310
|
end
|
|
321
311
|
|
|
322
|
-
expect(block_rule.block?(meta_data)).to eq(true)
|
|
312
|
+
expect(block_rule.block?(@meta_data)).to eq(true)
|
|
323
313
|
end
|
|
324
314
|
end
|
|
325
315
|
end
|
|
326
316
|
end
|
|
327
317
|
|
|
328
318
|
context "that does not match the request" do
|
|
319
|
+
before(:each) do
|
|
320
|
+
@meta_data.route_id = "non_matching_route_id"
|
|
321
|
+
end
|
|
329
322
|
context "with empty sensors" do
|
|
330
323
|
it "should return false" do
|
|
331
324
|
injections_matcher = double("injections_matcher")
|
|
332
325
|
|
|
333
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
334
|
-
meta_data.remote_address = "1.1.1.1"
|
|
335
|
-
meta_data.route_id = "non_matching_route_id"
|
|
336
|
-
|
|
337
326
|
block_rule = BlockRule.new(
|
|
338
327
|
Set.new(["1.1.1.1"]),
|
|
339
328
|
Set.new(["route_id"]),
|
|
@@ -345,7 +334,7 @@ module TCellAgent
|
|
|
345
334
|
|
|
346
335
|
expect(injections_matcher).to_not receive(:enabled)
|
|
347
336
|
|
|
348
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
337
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
349
338
|
end
|
|
350
339
|
end
|
|
351
340
|
|
|
@@ -354,10 +343,6 @@ module TCellAgent
|
|
|
354
343
|
it "should return false" do
|
|
355
344
|
injections_matcher = double("injections_matcher")
|
|
356
345
|
|
|
357
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
358
|
-
meta_data.remote_address = "1.1.1.1"
|
|
359
|
-
meta_data.route_id = "non_matching_route_id"
|
|
360
|
-
|
|
361
346
|
block_rule = BlockRule.new(
|
|
362
347
|
Set.new(["1.1.1.1"]),
|
|
363
348
|
Set.new(["route_id"]),
|
|
@@ -369,7 +354,7 @@ module TCellAgent
|
|
|
369
354
|
|
|
370
355
|
expect(injections_matcher).to_not receive(:enabled)
|
|
371
356
|
|
|
372
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
357
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
373
358
|
end
|
|
374
359
|
end
|
|
375
360
|
|
|
@@ -377,10 +362,6 @@ module TCellAgent
|
|
|
377
362
|
it "should return false" do
|
|
378
363
|
injections_matcher = double("injections_matcher")
|
|
379
364
|
|
|
380
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
381
|
-
meta_data.remote_address = "1.1.1.1"
|
|
382
|
-
meta_data.route_id = "non_matching_route_id"
|
|
383
|
-
|
|
384
365
|
block_rule = BlockRule.new(
|
|
385
366
|
Set.new(["1.1.1.1"]),
|
|
386
367
|
Set.new(["route_id"]),
|
|
@@ -392,7 +373,7 @@ module TCellAgent
|
|
|
392
373
|
|
|
393
374
|
expect(injections_matcher).to_not receive(:enabled)
|
|
394
375
|
|
|
395
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
376
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
396
377
|
end
|
|
397
378
|
end
|
|
398
379
|
end
|
|
@@ -402,15 +383,21 @@ module TCellAgent
|
|
|
402
383
|
end
|
|
403
384
|
|
|
404
385
|
context "with blocked paths" do
|
|
386
|
+
before(:each) do
|
|
387
|
+
@meta_data = TCellAgent::Patches::MetaData.new(
|
|
388
|
+
"get",
|
|
389
|
+
"1.1.1.1",
|
|
390
|
+
"route_id",
|
|
391
|
+
"session_id",
|
|
392
|
+
"user_id",
|
|
393
|
+
"transaction_id")
|
|
394
|
+
end
|
|
395
|
+
|
|
405
396
|
context "without ips" do
|
|
406
397
|
context "matching paths" do
|
|
407
398
|
it "should block" do
|
|
408
399
|
injections_matcher = double("injections_matcher")
|
|
409
400
|
|
|
410
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
411
|
-
meta_data.remote_address = "1.1.1.1"
|
|
412
|
-
meta_data.route_id = "route_id"
|
|
413
|
-
|
|
414
401
|
block_rule = BlockRule.new(
|
|
415
402
|
Set.new(["1.1.1.1"]),
|
|
416
403
|
Set.new(["route_id"]),
|
|
@@ -422,17 +409,17 @@ module TCellAgent
|
|
|
422
409
|
|
|
423
410
|
expect(injections_matcher).to_not receive(:enabled)
|
|
424
411
|
|
|
425
|
-
meta_data.path = "/index"
|
|
426
|
-
expect(block_rule.block?(meta_data)).to eq(true)
|
|
412
|
+
@meta_data.path = "/index"
|
|
413
|
+
expect(block_rule.block?(@meta_data)).to eq(true)
|
|
427
414
|
|
|
428
|
-
meta_data.path = "/index/"
|
|
429
|
-
expect(block_rule.block?(meta_data)).to eq(true)
|
|
415
|
+
@meta_data.path = "/index/"
|
|
416
|
+
expect(block_rule.block?(@meta_data)).to eq(true)
|
|
430
417
|
|
|
431
|
-
meta_data.path = "/admin"
|
|
432
|
-
expect(block_rule.block?(meta_data)).to eq(true)
|
|
418
|
+
@meta_data.path = "/admin"
|
|
419
|
+
expect(block_rule.block?(@meta_data)).to eq(true)
|
|
433
420
|
|
|
434
|
-
meta_data.path = "/admin/users"
|
|
435
|
-
expect(block_rule.block?(meta_data)).to eq(true)
|
|
421
|
+
@meta_data.path = "/admin/users"
|
|
422
|
+
expect(block_rule.block?(@meta_data)).to eq(true)
|
|
436
423
|
end
|
|
437
424
|
end
|
|
438
425
|
|
|
@@ -440,10 +427,6 @@ module TCellAgent
|
|
|
440
427
|
it "should not block" do
|
|
441
428
|
injections_matcher = double("injections_matcher")
|
|
442
429
|
|
|
443
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
|
444
|
-
meta_data.remote_address = "1.1.1.1"
|
|
445
|
-
meta_data.route_id = "route_id"
|
|
446
|
-
|
|
447
430
|
block_rule = BlockRule.new(
|
|
448
431
|
Set.new(["1.1.1.1"]),
|
|
449
432
|
Set.new(["route_id"]),
|
|
@@ -455,14 +438,14 @@ module TCellAgent
|
|
|
455
438
|
|
|
456
439
|
expect(injections_matcher).to_not receive(:enabled)
|
|
457
440
|
|
|
458
|
-
meta_data.path = "/index/subpath"
|
|
459
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
441
|
+
@meta_data.path = "/index/subpath"
|
|
442
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
460
443
|
|
|
461
|
-
meta_data.path = "/welcome"
|
|
462
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
444
|
+
@meta_data.path = "/welcome"
|
|
445
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
463
446
|
|
|
464
|
-
meta_data.path = "/welcome/"
|
|
465
|
-
expect(block_rule.block?(meta_data)).to eq(false)
|
|
447
|
+
@meta_data.path = "/welcome/"
|
|
448
|
+
expect(block_rule.block?(@meta_data)).to eq(false)
|
|
466
449
|
end
|
|
467
450
|
end
|
|
468
451
|
end
|
|
@@ -8,7 +8,7 @@ module TCellAgent
|
|
|
8
8
|
context "with an unexpected error" do
|
|
9
9
|
it "should return nil" do
|
|
10
10
|
request = double("request")
|
|
11
|
-
expect(TCellAgent).to receive(:policy).and_raise(Exception.new("UNEXPECTED"))
|
|
11
|
+
expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::Patches).and_raise(Exception.new("UNEXPECTED"))
|
|
12
12
|
expect(TCellAgent::Patches::MetaData).to_not receive(:build)
|
|
13
13
|
|
|
14
14
|
expect(Patches.block?(request)).to eq(nil)
|
|
@@ -92,8 +92,13 @@ module TCellAgent
|
|
|
92
92
|
context "and that's complex" do
|
|
93
93
|
it "should return a response" do
|
|
94
94
|
request = double("request")
|
|
95
|
-
meta_data = TCellAgent::
|
|
96
|
-
|
|
95
|
+
meta_data = TCellAgent::Patches::MetaData.new(
|
|
96
|
+
"get",
|
|
97
|
+
"2.3.4.5",
|
|
98
|
+
"route_id",
|
|
99
|
+
"session_id",
|
|
100
|
+
"user_id",
|
|
101
|
+
"transaction_id")
|
|
97
102
|
meta_data.get_dict = {"paramater" => "<script>"}
|
|
98
103
|
tcell_context = TCellAgent::Instrumentation::TCellData.new
|
|
99
104
|
patches = TCellAgent::Policies::PatchesPolicy.from_json({
|
|
@@ -138,7 +143,7 @@ module TCellAgent
|
|
|
138
143
|
})
|
|
139
144
|
expect(patches.enabled).to eq(true)
|
|
140
145
|
|
|
141
|
-
expect(TCellAgent).to receive(:policy).and_return(patches)
|
|
146
|
+
expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::Patches).and_return(patches)
|
|
142
147
|
expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
|
|
143
148
|
meta_data
|
|
144
149
|
)
|
|
@@ -247,14 +247,13 @@ module TCellAgent
|
|
|
247
247
|
|
|
248
248
|
describe "#get_injection_attempt" do
|
|
249
249
|
before(:each) do
|
|
250
|
-
@appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
@appsensor_meta.transaction_id = "transaction_id"
|
|
250
|
+
@appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new(
|
|
251
|
+
"get",
|
|
252
|
+
"remote_address",
|
|
253
|
+
"route_id",
|
|
254
|
+
"session_id",
|
|
255
|
+
"user_id",
|
|
256
|
+
"transaction_id")
|
|
258
257
|
end
|
|
259
258
|
|
|
260
259
|
context "enabled sensor" do
|
|
@@ -318,7 +317,7 @@ module TCellAgent
|
|
|
318
317
|
context "param has a vulnerability" do
|
|
319
318
|
context "param is a URI param" do
|
|
320
319
|
context "exclude forms sensor" do
|
|
321
|
-
|
|
320
|
+
it "should return false" do
|
|
322
321
|
sensor = XssSensor.new({"enabled" => true, "exclude_forms" => true})
|
|
323
322
|
|
|
324
323
|
expect(sensor).to_not receive(:find_vulnerability)
|
|
@@ -539,6 +538,32 @@ module TCellAgent
|
|
|
539
538
|
end
|
|
540
539
|
end
|
|
541
540
|
end
|
|
541
|
+
|
|
542
|
+
context "exclude headers sensor" do
|
|
543
|
+
it "should return true" do
|
|
544
|
+
sensor = XssSensor.new({
|
|
545
|
+
"enabled" => true,
|
|
546
|
+
"exclude_headers" => true,
|
|
547
|
+
})
|
|
548
|
+
|
|
549
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
550
|
+
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
551
|
+
)
|
|
552
|
+
|
|
553
|
+
result = sensor.get_injection_attempt(
|
|
554
|
+
XssSensor::GET_PARAM,
|
|
555
|
+
@appsensor_meta,
|
|
556
|
+
"param_name",
|
|
557
|
+
"param_value",
|
|
558
|
+
)
|
|
559
|
+
|
|
560
|
+
expect(result.type_of_param).to eq(XssSensor::GET_PARAM)
|
|
561
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
562
|
+
expect(result.param_name).to eq("vuln_param")
|
|
563
|
+
expect(result.param_value).to eq("vuln_value")
|
|
564
|
+
expect(result.pattern).to eq("1")
|
|
565
|
+
end
|
|
566
|
+
end
|
|
542
567
|
end
|
|
543
568
|
|
|
544
569
|
context "param is a POST param" do
|
|
@@ -587,6 +612,32 @@ module TCellAgent
|
|
|
587
612
|
expect(result.pattern).to eq("1")
|
|
588
613
|
end
|
|
589
614
|
end
|
|
615
|
+
|
|
616
|
+
context "exclude headers sensor" do
|
|
617
|
+
it "should return true" do
|
|
618
|
+
sensor = XssSensor.new({
|
|
619
|
+
"enabled" => true,
|
|
620
|
+
"exclude_headers" => true,
|
|
621
|
+
})
|
|
622
|
+
|
|
623
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
624
|
+
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
625
|
+
)
|
|
626
|
+
|
|
627
|
+
result = sensor.get_injection_attempt(
|
|
628
|
+
XssSensor::POST_PARAM,
|
|
629
|
+
@appsensor_meta,
|
|
630
|
+
"param_name",
|
|
631
|
+
"param_value",
|
|
632
|
+
)
|
|
633
|
+
|
|
634
|
+
expect(result.type_of_param).to eq(XssSensor::POST_PARAM)
|
|
635
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
636
|
+
expect(result.param_name).to eq("vuln_param")
|
|
637
|
+
expect(result.param_value).to eq("vuln_value")
|
|
638
|
+
expect(result.pattern).to eq("1")
|
|
639
|
+
end
|
|
640
|
+
end
|
|
590
641
|
end
|
|
591
642
|
|
|
592
643
|
context "param is a JSON param" do
|
|
@@ -635,6 +686,32 @@ module TCellAgent
|
|
|
635
686
|
expect(result.pattern).to eq("1")
|
|
636
687
|
end
|
|
637
688
|
end
|
|
689
|
+
|
|
690
|
+
context "exclude headers sensor" do
|
|
691
|
+
it "should return true" do
|
|
692
|
+
sensor = XssSensor.new({
|
|
693
|
+
"enabled" => true,
|
|
694
|
+
"exclude_headers" => true,
|
|
695
|
+
})
|
|
696
|
+
|
|
697
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
698
|
+
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
699
|
+
)
|
|
700
|
+
|
|
701
|
+
result = sensor.get_injection_attempt(
|
|
702
|
+
XssSensor::JSON_PARAM,
|
|
703
|
+
@appsensor_meta,
|
|
704
|
+
"param_name",
|
|
705
|
+
"param_value",
|
|
706
|
+
)
|
|
707
|
+
|
|
708
|
+
expect(result.type_of_param).to eq(XssSensor::JSON_PARAM)
|
|
709
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
710
|
+
expect(result.param_name).to eq("vuln_param")
|
|
711
|
+
expect(result.param_value).to eq("vuln_value")
|
|
712
|
+
expect(result.pattern).to eq("1")
|
|
713
|
+
end
|
|
714
|
+
end
|
|
638
715
|
end
|
|
639
716
|
|
|
640
717
|
context "param is a COOKIE param" do
|
|
@@ -683,6 +760,106 @@ module TCellAgent
|
|
|
683
760
|
expect(result).to eq(false)
|
|
684
761
|
end
|
|
685
762
|
end
|
|
763
|
+
|
|
764
|
+
context "exclude headers sensor" do
|
|
765
|
+
it "should return true" do
|
|
766
|
+
sensor = XssSensor.new({
|
|
767
|
+
"enabled" => true,
|
|
768
|
+
"exclude_headers" => true,
|
|
769
|
+
})
|
|
770
|
+
|
|
771
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
772
|
+
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
773
|
+
)
|
|
774
|
+
|
|
775
|
+
result = sensor.get_injection_attempt(
|
|
776
|
+
XssSensor::COOKIE_PARAM,
|
|
777
|
+
@appsensor_meta,
|
|
778
|
+
"param_name",
|
|
779
|
+
"param_value",
|
|
780
|
+
)
|
|
781
|
+
|
|
782
|
+
expect(result.type_of_param).to eq(XssSensor::COOKIE_PARAM)
|
|
783
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
784
|
+
expect(result.param_name).to eq("vuln_param")
|
|
785
|
+
expect(result.param_value).to eq("vuln_value")
|
|
786
|
+
expect(result.pattern).to eq("1")
|
|
787
|
+
end
|
|
788
|
+
end
|
|
789
|
+
end
|
|
790
|
+
|
|
791
|
+
context "param is a HEADER param" do
|
|
792
|
+
context "exclude forms sensor" do
|
|
793
|
+
it "should return true" do
|
|
794
|
+
sensor = XssSensor.new({
|
|
795
|
+
"enabled" => true,
|
|
796
|
+
"exclude_forms" => true
|
|
797
|
+
})
|
|
798
|
+
|
|
799
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
800
|
+
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
801
|
+
)
|
|
802
|
+
|
|
803
|
+
result = sensor.get_injection_attempt(
|
|
804
|
+
XssSensor::HEADER_PARAM,
|
|
805
|
+
@appsensor_meta,
|
|
806
|
+
"param_name",
|
|
807
|
+
"param_value",
|
|
808
|
+
)
|
|
809
|
+
|
|
810
|
+
expect(result.type_of_param).to eq(XssSensor::HEADER_PARAM)
|
|
811
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
812
|
+
expect(result.param_name).to eq("vuln_param")
|
|
813
|
+
expect(result.param_value).to eq("vuln_value")
|
|
814
|
+
expect(result.pattern).to eq("1")
|
|
815
|
+
end
|
|
816
|
+
end
|
|
817
|
+
|
|
818
|
+
context "exclude cookies sensor" do
|
|
819
|
+
it "should return true" do
|
|
820
|
+
sensor = XssSensor.new({
|
|
821
|
+
"enabled" => true,
|
|
822
|
+
"exclude_cookies" => true
|
|
823
|
+
})
|
|
824
|
+
|
|
825
|
+
expect(sensor).to receive(:find_vulnerability).and_return(
|
|
826
|
+
{"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
|
|
827
|
+
)
|
|
828
|
+
|
|
829
|
+
result = sensor.get_injection_attempt(
|
|
830
|
+
XssSensor::HEADER_PARAM,
|
|
831
|
+
@appsensor_meta,
|
|
832
|
+
"param_name",
|
|
833
|
+
"param_value",
|
|
834
|
+
)
|
|
835
|
+
|
|
836
|
+
expect(result.type_of_param).to eq(XssSensor::HEADER_PARAM)
|
|
837
|
+
expect(result.detection_point).to eq(sensor.detection_point)
|
|
838
|
+
expect(result.param_name).to eq("vuln_param")
|
|
839
|
+
expect(result.param_value).to eq("vuln_value")
|
|
840
|
+
expect(result.pattern).to eq("1")
|
|
841
|
+
end
|
|
842
|
+
end
|
|
843
|
+
|
|
844
|
+
context "exclude headers sensor" do
|
|
845
|
+
it "should return true" do
|
|
846
|
+
sensor = XssSensor.new({
|
|
847
|
+
"enabled" => true,
|
|
848
|
+
"exclude_headers" => true,
|
|
849
|
+
})
|
|
850
|
+
|
|
851
|
+
expect(sensor).to_not receive(:find_vulnerability)
|
|
852
|
+
|
|
853
|
+
result = sensor.get_injection_attempt(
|
|
854
|
+
XssSensor::HEADER_PARAM,
|
|
855
|
+
@appsensor_meta,
|
|
856
|
+
"param_name",
|
|
857
|
+
"param_value",
|
|
858
|
+
)
|
|
859
|
+
|
|
860
|
+
expect(result).to eq(false)
|
|
861
|
+
end
|
|
862
|
+
end
|
|
686
863
|
end
|
|
687
864
|
end
|
|
688
865
|
end
|