tcell_agent 0.2.29 → 0.4.0

data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb

@@ -2,61 +2,242 @@ require 'spec_helper'
 
 module TCellAgent
   module Policies
+
     describe HttpRedirectPolicy do
-      http_redirect_plain = HttpRedirectPolicy.new
-      context "defaults" do
+
+      context "with defaults" do
         it "returns true" do
+          http_redirect_plain = HttpRedirectPolicy.new
           expect(http_redirect_plain.policy_id).to eq(nil)
           expect(http_redirect_plain.enabled).to eq(false)
+          expect(http_redirect_plain.block).to eq(false)
+          expect(http_redirect_plain.whitelist).to eq([])
+          expect(http_redirect_plain.data_scheme_allowed).to eq(false)
         end
       end
-      http_redirect_policy_json = {
-        "policy_id"=>"x1a1",
-        "data"=>{
-          "enabled"=>true
-        }
-      }
-      http_redirect_from_json = HttpRedirectPolicy.from_json(http_redirect_policy_json)
-      context "initialized with 3 items" do
-        it "returns true" do
-          expect(http_redirect_from_json.policy_id).to eq("x1a1")
-          expect(http_redirect_from_json.enabled).to eq(true)
-        end
-      end
-      context "check url" do
+
+      describe "#suspicious_redirect?" do
         it "see's other domain" do
-          result = http_redirect_from_json.check("test.google.com", "www.test.com")
-          expect(result).to eq(true)
+          http_redirect_policy = HttpRedirectPolicy.from_json({
+            "policy_id"=>"x1a1",
+            "data"=>{
+              "enabled"=>true
+            }
+          })
+          expect(http_redirect_policy.policy_id).to eq("x1a1")
+          expect(http_redirect_policy.enabled).to eq(true)
+
+          expect(http_redirect_policy.suspicious_redirect?("test.google.com", "www.test.com")).to eq(true)
+        end
+
+        context "with wildcard domain" do
+          it "should be false" do
+            http_redirect_policy = HttpRedirectPolicy.from_json({
+              "policy_id"=>"x1a1",
+              "data"=>{
+                "enabled"=>true,
+                "whitelist"=>["*.google.com"]
+              }
+            })
+
+            expect(http_redirect_policy.suspicious_redirect?("test.google.com", "www.test.com")).to eq(false)
+
+            expect(http_redirect_policy.suspicious_redirect?("test.google.net", "www.test.com")).to eq(true)
+          end
         end
       end
-      context "check url" do
-        it "wildcard domain false" do
-          http_redirect_from_json.whitelist = ["*.google.com"]
-          result = http_redirect_from_json.check("test.google.com", "www.test.com")
-          expect(result).to eq(false)
+
+      describe "#enforce" do
+        context "with a disabled policy" do
+          it "should not enfore the policy" do
+            http_redirect_policy = HttpRedirectPolicy.from_json({
+              "policy_id"=>"x1a1",
+              "data"=>{
+                "enabled"=>false,
+                "block"=>true,
+                "whitelist"=>["*.google.com"]
+              }
+            })
+
+            expect(http_redirect_policy.enforce(
+              "https://test.google.com", "www.test.com", "/path/a", "GET", "routex", "1.1.1.1", 400)
+            ).to eq(nil)
+          end
         end
-        it "wildcard domain true" do
-          http_redirect_from_json.whitelist = ["*.google.com"]
-          result = http_redirect_from_json.check("test.google.net", "www.test.com")
-          expect(result).to eq(true)
+
+        context "with an enabled policy" do
+          context "redirecting to non whitelisted domain" do
+            it "should block the redirect" do
+              http_redirect_policy = HttpRedirectPolicy.from_json({
+                "policy_id"=>"x1a1",
+                "data"=>{
+                  "enabled"=>true,
+                  "block"=>true,
+                  "whitelist"=>["good.com"]
+                }
+              })
+
+              expect(http_redirect_policy.enforce(
+                "https://www.google.com/abc/def", "localhost", "/path/a", "GET", "routey", "1.1.1.1", 400
+              )).to eq("/")
+            end
+          end
+
+          context "with a wildcard whitelist" do
+            it "should not enfore allowed domains properly" do
+              http_redirect_policy = HttpRedirectPolicy.from_json({
+                "policy_id"=>"x1a1",
+                "data"=>{
+                  "enabled"=>true,
+                  "block"=>true,
+                  "whitelist"=>["*.allowed*.com"]
+                }
+              })
+
+              expect(http_redirect_policy.enforce(
+                "https://allowed.com", "localhost", "/path/a", "GET", "routey", "1.1.1.1", 400
+              )).to eq(nil)
+
+              expect(http_redirect_policy.enforce(
+                "https://www.alloweddomain.com", "localhost", "/path/a", "GET", "routey", "1.1.1.1", 400
+              )).to eq(nil)
+            end
+          end
         end
-      end
-      context "enforce url" do
-        it "domain enforce enabled false, block true" do
-          http_redirect_from_json.enabled = false
-          http_redirect_from_json.block = true
-          http_redirect_from_json.whitelist = ["*.google.com"]
-          result = http_redirect_from_json.enforce("https://test.google.com", "www.test.com", "/path/a", "GET", "routex", "1.1.1.1", 400)
-          expect(result).to eq(nil)
+
+        context "with ports" do
+          it "should remove ports in redirect event" do
+            http_redirect_policy = HttpRedirectPolicy.from_json({
+              "policy_id" => "x1a1",
+              "data" => {
+                "enabled" => true,
+                "block" => false
+              }
+            })
+
+            expect(TCellAgent).to receive(:send_event).with({
+              "event_type" => "redirect",
+              "method" => "GET",
+              "from_domain" => "www.test.com",
+              "status_code" => 400 ,
+              "remote_addr" => "1.1.1.1",
+              "to" => "www.google.com",
+              "from" => "/path/a",
+              "rid" => "routex"
+            })
+
+            result = http_redirect_policy.enforce(
+              "https://www.google.com:80", "http://www.test.com", "/path/a", "GET", "routex", 400, "1.1.1.1"
+            )
+            expect(result).to eq(nil)
+          end
         end
-        it "domain enforce enabled true, block true" do
-          http_redirect_from_json.enabled = true
-          http_redirect_from_json.block = true
-          http_redirect_from_json.whitelist = ["good.com"]
-          result = http_redirect_from_json.enforce("https://www.google.com/abc/def", "localhost", "/path/a", "GET", "routey", "1.1.1.1", 400)
-          expect(result).to eq("/")
+
+        context "dataSchemeAllowed" do
+          context "is not allowed" do
+            it "should send an event" do
+              @http_redirect_policy = HttpRedirectPolicy.from_json({
+                "policy_id" => "x1a1",
+                "data" => {
+                  "enabled" => true,
+                  "whitelist" => [],
+                  "block" => false,
+                  "dataSchemeAllowed" => false
+                }
+              })
+
+              expect(TCellAgent).to receive(:send_event).with({
+                "event_type" => "redirect",
+                "method" => "GET",
+                "from_domain" => "www.test.com",
+                "status_code" => 400 ,
+                "remote_addr" => "1.1.1.1",
+                "to" => "data:text/html base64",
+                "from" => "/path/a",
+                "rid" => "routex"
+              })
+
+              result = @http_redirect_policy.enforce(
+                "data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K",
+                "http://www.test.com",
+                "/path/a",
+                "GET",
+                "routex",
+                400,
+                "1.1.1.1"
+              )
+              expect(result).to eq(nil)
+            end
+
+            context "and blocking is enabled" do
+              it "should send an event and redirect to root" do
+                @http_redirect_policy = HttpRedirectPolicy.from_json({
+                  "policy_id" => "x1a1",
+                  "data" => {
+                    "enabled" => true,
+                    "whitelist" => [],
+                    "block" => true,
+                    "dataSchemeAllowed" => false
+                  }
+                })
+
+                expect(TCellAgent).to receive(:send_event).with({
+                  "event_type" => "redirect",
+                  "method" => "GET",
+                  "from_domain" => "www.test.com",
+                  "status_code" => 400 ,
+                  "remote_addr" => "1.1.1.1",
+                  "to" => "data:text/html base64",
+                  "from" => "/path/a",
+                  "rid" => "routex"
+                })
+
+                result = @http_redirect_policy.enforce(
+                  "data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K",
+                  "http://www.test.com",
+                  "/path/a",
+                  "GET",
+                  "routex",
+                  400,
+                  "1.1.1.1"
+                )
+                expect(result).to eq("/")
+
+              end
+            end
+          end
+
+          context "is allowed" do
+            it "should not send an event" do
+              @http_redirect_policy = HttpRedirectPolicy.from_json({
+                "policy_id" => "x1a1",
+                "data" => {
+                  "enabled" => true,
+                  "whitelist" => [],
+                  "block" => false,
+                  "dataSchemeAllowed" => true
+                }
+              })
+
+              expect(TCellAgent).to_not receive(:send_event)
+
+              result = @http_redirect_policy.enforce(
+                "data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K",
+                "http://www.test.com",
+                "/path/a",
+                "GET",
+                "routex",
+                400,
+                "1.1.1.1"
+              )
+
+              expect(result).to eq(nil)
+            end
+          end
         end
       end
+
     end
+
   end
 end

data/spec/lib/tcell_agent/policies/patches_policy_spec.rb

@@ -251,8 +251,13 @@ module TCellAgent
               expect(injections_matcher.enabled).to eq(false)
               expect(injections_matcher.sensors.size).to eq(0)
 
-              meta_data = TCellAgent::Patches::MetaData.new
-              meta_data.remote_address = "1.3.3.4"
+              meta_data = TCellAgent::Patches::MetaData.new(
+                "get",
+                "1.3.3.4",
+                "route_id",
+                "session_id",
+                "user_id",
+                "transaction_id")
               expect(patches.apply(meta_data)).to eq(403)
             end
           end
@@ -280,16 +285,20 @@ module TCellAgent
               expect(injections_matcher.enabled).to eq(false)
               expect(injections_matcher.sensors.size).to eq(0)
 
-              meta_data = TCellAgent::Patches::MetaData.new
+              meta_data = TCellAgent::Patches::MetaData.new(
+                "get",
+                "1.3.3.4",
+                "route_id",
+                "session_id",
+                "user_id",
+                "transaction_id")
               meta_data.remote_address = "1.3.3.4"
               expect(patches.apply(meta_data)).to eq(false)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.3.3.4"
               meta_data.route_id = "123213"
               expect(patches.apply(meta_data)).to eq(403)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.3.3.4"
               meta_data.route_id = "-3328888"
               expect(patches.apply(meta_data)).to eq(403)
@@ -329,16 +338,19 @@ module TCellAgent
               expect(injections_matcher.sensors.size).to eq(1)
               expect(injections_matcher.sensors[0].enabled).to eq(true)
 
-              meta_data = TCellAgent::Patches::MetaData.new
-              meta_data.remote_address = "1.3.3.4"
+              meta_data = TCellAgent::Patches::MetaData.new(
+                "get",
+                "1.3.3.4",
+                "route_id",
+                "session_id",
+                "user_id",
+                "transaction_id")
               expect(patches.apply(meta_data)).to eq(false)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.3.3.4"
               meta_data.get_dict = {"xss_param" => "<script>"}
               expect(patches.apply(meta_data)).to eq(403)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.3.3.4"
               meta_data.get_dict = {"sqli_param" => "Erwin' OR '1'='1"}
               expect(patches.apply(meta_data)).to eq(false)
@@ -369,22 +381,23 @@ module TCellAgent
               expect(injections_matcher.enabled).to eq(false)
               expect(injections_matcher.sensors.size).to eq(0)
 
-              meta_data = TCellAgent::Patches::MetaData.new
-              meta_data.remote_address = "1.3.3.4"
-              meta_data.route_id = "111111"
+              meta_data = TCellAgent::Patches::MetaData.new(
+                "get",
+                "1.3.3.4",
+                "111111",
+                "session_id",
+                "user_id",
+                "transaction_id")
               expect(patches.apply(meta_data)).to eq(false)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.1.1.1"
               meta_data.route_id = "123213"
               expect(patches.apply(meta_data)).to eq(false)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.3.3.4"
               meta_data.route_id = "123213"
               expect(patches.apply(meta_data)).to eq(403)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.3.3.4"
               meta_data.route_id = "-3328888"
               expect(patches.apply(meta_data)).to eq(403)
@@ -420,16 +433,19 @@ module TCellAgent
               expect(injections_matcher.sensors[0].enabled).to eq(true)
               expect(injections_matcher.sensors[1].enabled).to eq(true)
 
-              meta_data = TCellAgent::Patches::MetaData.new
-              meta_data.remote_address = "1.3.3.4"
+              meta_data = TCellAgent::Patches::MetaData.new(
+                "get",
+                "1.3.3.4",
+                "route_id",
+                "session_id",
+                "user_id",
+                "transaction_id")
               expect(patches.apply(meta_data)).to eq(false)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.3.3.4"
               meta_data.get_dict = {"xss_param" => "<script>"}
               expect(patches.apply(meta_data)).to eq(false)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.3.3.4"
               meta_data.get_dict = {"sqli_param" => "Erwin' OR '1'='1"}
               expect(patches.apply(meta_data)).to eq(false)
@@ -488,15 +504,18 @@ module TCellAgent
               expect(injections_matcher.enabled).to eq(false)
               expect(injections_matcher.sensors.size).to eq(0)
 
-              meta_data = TCellAgent::Patches::MetaData.new
-              meta_data.remote_address = "1.1.1.1"
+              meta_data = TCellAgent::Patches::MetaData.new(
+                "get",
+                "1.1.1.1",
+                "route_id",
+                "session_id",
+                "user_id",
+                "transaction_id")
               expect(patches.apply(meta_data)).to eq(403)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "2.2.2.2"
               expect(patches.apply(meta_data)).to eq(403)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "3.3.3.3"
               expect(patches.apply(meta_data)).to eq(403)
             end
@@ -534,22 +553,23 @@ module TCellAgent
               expect(injections_matcher.enabled).to eq(false)
               expect(injections_matcher.sensors.size).to eq(0)
 
-              meta_data = TCellAgent::Patches::MetaData.new
-              meta_data.remote_address = "1.3.3.4"
-              meta_data.route_id = "11111"
+              meta_data = TCellAgent::Patches::MetaData.new(
+                "get",
+                "1.3.3.4",
+                "11111",
+                "session_id",
+                "user_id",
+                "transaction_id")
               expect(patches.apply(meta_data)).to eq(403)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.1.1.1"
               meta_data.route_id = "123213"
               expect(patches.apply(meta_data)).to eq(403)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.1.1.1"
               meta_data.route_id = "-3328888"
               expect(patches.apply(meta_data)).to eq(403)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "1.3.3.4"
               meta_data.route_id = "-3328888"
               expect(patches.apply(meta_data)).to eq(403)
@@ -586,11 +606,15 @@ module TCellAgent
               expect(injections_matcher.enabled).to eq(false)
               expect(injections_matcher.sensors.size).to eq(0)
 
-              meta_data = TCellAgent::Patches::MetaData.new
-              meta_data.remote_address = "1.1.1.1"
+              meta_data = TCellAgent::Patches::MetaData.new(
+                "get",
+                "1.1.1.1",
+                "route_id",
+                "session_id",
+                "user_id",
+                "transaction_id")
               expect(patches.apply(meta_data)).to eq(403)
 
-              meta_data = TCellAgent::Patches::MetaData.new
               meta_data.remote_address = "2.2.2.2"
               expect(patches.apply(meta_data)).to eq(403)
             end