tcell_agent 0.2.29 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Readme.txt +7 -0
- data/bin/tcell_agent +9 -0
- data/lib/tcell_agent/agent/policy_manager.rb +3 -0
- data/lib/tcell_agent/agent/policy_types.rb +4 -1
- data/lib/tcell_agent/appsensor/injections_matcher.rb +20 -0
- data/lib/tcell_agent/appsensor/injections_reporter.rb +15 -56
- data/lib/tcell_agent/appsensor/meta_data.rb +56 -2
- data/lib/tcell_agent/appsensor/rules/baserules.json +371 -138
- data/lib/tcell_agent/cmdi.rb +113 -0
- data/lib/tcell_agent/config/unknown_options.rb +2 -0
- data/lib/tcell_agent/configuration.rb +30 -16
- data/lib/tcell_agent/hooks/login_fraud.rb +79 -0
- data/lib/tcell_agent/instrumentation.rb +6 -11
- data/lib/tcell_agent/patches/meta_data.rb +14 -11
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +5 -9
- data/lib/tcell_agent/policies/appsensor_policy.rb +22 -206
- data/lib/tcell_agent/policies/clickjacking_policy.rb +4 -2
- data/lib/tcell_agent/policies/command_injection_policy.rb +196 -0
- data/lib/tcell_agent/policies/content_security_policy.rb +3 -2
- data/lib/tcell_agent/policies/dataloss_policy.rb +3 -1
- data/lib/tcell_agent/policies/honeytokens_policy.rb +3 -1
- data/lib/tcell_agent/policies/http_redirect_policy.rb +51 -37
- data/lib/tcell_agent/policies/http_tx_policy.rb +5 -1
- data/lib/tcell_agent/policies/login_fraud_policy.rb +6 -1
- data/lib/tcell_agent/policies/patches_policy.rb +3 -1
- data/lib/tcell_agent/policies/policy.rb +10 -0
- data/lib/tcell_agent/policies/secure_headers_policy.rb +5 -2
- data/lib/tcell_agent/rails/auth/devise.rb +12 -23
- data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
- data/lib/tcell_agent/rails/dlp.rb +50 -54
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +0 -1
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +0 -1
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +7 -10
- data/lib/tcell_agent/rails/on_start.rb +0 -1
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +4 -4
- data/lib/tcell_agent/rails.rb +0 -2
- data/lib/tcell_agent/rust/libtcellagent-0.6.1.dylib +0 -0
- data/lib/tcell_agent/rust/libtcellagent-0.6.1.so +0 -0
- data/lib/tcell_agent/rust/models.rb +61 -0
- data/lib/tcell_agent/rust/tcellagent-0.6.1.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +112 -0
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +25 -21
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +31 -24
- data/lib/tcell_agent/sensor_events/command_injection.rb +58 -0
- data/lib/tcell_agent/sensor_events/discovery.rb +1 -1
- data/lib/tcell_agent/sensor_events/login_fraud.rb +3 -13
- data/lib/tcell_agent/sensor_events/sensor.rb +81 -77
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +8 -0
- data/lib/tcell_agent/start_background_thread.rb +12 -3
- data/lib/tcell_agent/utils/io.rb +4 -1
- data/lib/tcell_agent/utils/params.rb +1 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/lib/tcell_agent.rb +0 -1
- data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +27 -9
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +143 -193
- data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +67 -0
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +0 -10
- data/spec/lib/tcell_agent/cmdi_spec.rb +748 -0
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +8 -0
- data/spec/lib/tcell_agent/configuration_spec.rb +138 -6
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +357 -0
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +70 -87
- data/spec/lib/tcell_agent/patches_spec.rb +9 -4
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +186 -9
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +309 -484
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +736 -0
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +222 -41
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +56 -32
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +161 -85
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +40 -72
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +267 -0
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +20 -15
- data/spec/spec_helper.rb +0 -9
- data/tcell_agent.gemspec +8 -3
- metadata +40 -39
- data/lib/tcell_agent/appsensor/sensor.rb +0 -52
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +0 -56
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +0 -59
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +0 -150
- data/lib/tcell_agent/policies/appsensor/request_size_sensor.rb +0 -25
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +0 -73
- data/lib/tcell_agent/policies/appsensor/response_size_sensor.rb +0 -25
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +0 -71
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +0 -47
- data/lib/tcell_agent/rails/auth/hooks.rb +0 -79
- data/lib/tcell_agent/sensor_events/util/redirect_utils.rb +0 -22
- data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +0 -165
- data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +0 -429
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +0 -466
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +0 -890
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +0 -417
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +0 -236
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +0 -297
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +0 -241
- data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +0 -172
- data/spec/lib/tcell_agent/rails/auth/hooks_spec.rb +0 -246
- data/spec/lib/tcell_agent/sensor_events/util/redirect_utils_spec.rb +0 -25
- data/spec/support/resources/baserules.json +0 -155
@@ -0,0 +1,267 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require 'spec_helper'
|
3
|
+
|
4
|
+
module TCellAgent
|
5
|
+
module Rust
|
6
|
+
|
7
|
+
describe ".parse_cmd" do
|
8
|
+
require "tcell_agent/rust/whisperer"
|
9
|
+
|
10
|
+
context "empty command" do
|
11
|
+
it "should return empty json object" do
|
12
|
+
result = Whisperer.parse_cmd(nil)
|
13
|
+
expect(result).to eq({})
|
14
|
+
result = Whisperer.parse_cmd("")
|
15
|
+
expect(result).to eq({})
|
16
|
+
result = Whisperer.parse_cmd(" ")
|
17
|
+
expect(result).to eq({})
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
context "single command" do
|
22
|
+
it "should return single command parsed" do
|
23
|
+
result = Whisperer.parse_cmd("ifconfig -a")
|
24
|
+
expect(result).to eq({"error"=>nil, "commands"=>[{"command"=>"ifconfig", "arg_count"=>1}]})
|
25
|
+
result = Whisperer.parse_cmd("ifconfig")
|
26
|
+
expect(result).to eq({"error"=>nil, "commands"=>[{"command"=>"ifconfig", "arg_count"=>0}]})
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
context "with a compound command" do
|
31
|
+
it "should return parsed commands" do
|
32
|
+
commands = Whisperer.parse_cmd("cd /tcellagent_src && bundle --quiet && bundle exec rake compile && bundle exec rspec")
|
33
|
+
expect(commands).to eq({
|
34
|
+
"error"=>nil,
|
35
|
+
"commands"=>[
|
36
|
+
{"command"=>"cd", "arg_count"=>1},
|
37
|
+
{"command"=>"bundle", "arg_count"=>1},
|
38
|
+
{"command"=>"bundle", "arg_count"=>3},
|
39
|
+
{"command"=>"bundle", "arg_count"=>2}
|
40
|
+
]
|
41
|
+
})
|
42
|
+
|
43
|
+
commands = Whisperer.parse_cmd("cd /tcellagent_src; bundle --quiet; bundle exec rake compile; bundle exec rspec")
|
44
|
+
expect(commands).to eq({
|
45
|
+
"error"=>nil,
|
46
|
+
"commands"=>[
|
47
|
+
{"command"=>"cd", "arg_count"=>1},
|
48
|
+
{"command"=>"bundle", "arg_count"=>1},
|
49
|
+
{"command"=>"bundle", "arg_count"=>3},
|
50
|
+
{"command"=>"bundle", "arg_count"=>2}
|
51
|
+
]
|
52
|
+
})
|
53
|
+
|
54
|
+
commands = Whisperer.parse_cmd("cat /etc/passwd | grep root")
|
55
|
+
expect(commands).to eq({
|
56
|
+
"commands" => [
|
57
|
+
{"arg_count" => 1, "command" => "cat"},
|
58
|
+
{"arg_count" => 1, "command" => "grep"}
|
59
|
+
], "error" => nil
|
60
|
+
})
|
61
|
+
end
|
62
|
+
|
63
|
+
context "spawning multiple lines" do
|
64
|
+
it "should parse the commands" do
|
65
|
+
commands = Whisperer.parse_cmd(<<-eos
|
66
|
+
echo 'first-line'; \
|
67
|
+
cat /etc/passwd | grep root
|
68
|
+
eos
|
69
|
+
)
|
70
|
+
expect(commands).to eq({
|
71
|
+
"error"=>nil,
|
72
|
+
"commands"=>[
|
73
|
+
{"command"=>"echo", "arg_count"=>1},
|
74
|
+
{"command"=>"cat", "arg_count"=>1},
|
75
|
+
{"command"=>"grep", "arg_count"=>1}
|
76
|
+
]
|
77
|
+
})
|
78
|
+
|
79
|
+
commands = Whisperer.parse_cmd(<<-eos
|
80
|
+
echo 'first-line' && \
|
81
|
+
cat /etc/passwd | grep root
|
82
|
+
eos
|
83
|
+
)
|
84
|
+
expect(commands).to eq({
|
85
|
+
"error"=>nil,
|
86
|
+
"commands"=>[
|
87
|
+
{"command"=>"echo", "arg_count"=>1},
|
88
|
+
{"command"=>"cat", "arg_count"=>1},
|
89
|
+
{"command"=>"grep", "arg_count"=>1}
|
90
|
+
]
|
91
|
+
})
|
92
|
+
|
93
|
+
commands = Whisperer.parse_cmd(<<-eos
|
94
|
+
cd /tcellagent_src; bundle --quiet; \
|
95
|
+
bundle exec rake compile; \
|
96
|
+
bundle exec rspec
|
97
|
+
eos
|
98
|
+
)
|
99
|
+
expect(commands).to eq({
|
100
|
+
"error"=>nil,
|
101
|
+
"commands"=>[
|
102
|
+
{"command"=>"cd", "arg_count"=>1},
|
103
|
+
{"command"=>"bundle", "arg_count"=>1},
|
104
|
+
{"command"=>"bundle", "arg_count"=>3},
|
105
|
+
{"command"=>"bundle", "arg_count"=>2}
|
106
|
+
]
|
107
|
+
})
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
112
|
+
context "with a complex command" do
|
113
|
+
it "should parse the commands" do
|
114
|
+
commands = Whisperer.parse_cmd(<<-eos
|
115
|
+
magick -size 320x85 canvas:none -font Bookman-DemiItalic -pointsize 72 \\
|
116
|
+
-draw "text 25,60 \'Magick\'" -channel RGBA -blur 0x6 -fill darkred -stroke magenta \\
|
117
|
+
-draw "text 20,55 \'Magick\'" fuzzy-magick.png
|
118
|
+
eos
|
119
|
+
)
|
120
|
+
expect(commands).to eq({
|
121
|
+
"error"=>nil,
|
122
|
+
"commands"=>[
|
123
|
+
{"command"=>"magick", "arg_count"=>24}
|
124
|
+
]
|
125
|
+
})
|
126
|
+
|
127
|
+
commands = Whisperer.parse_cmd("/usr/local/bin/ruby -eputs 'Hello World!' > /dev/null 2>&1")
|
128
|
+
expect(commands).to eq({
|
129
|
+
"commands" => [
|
130
|
+
{"command" => "ruby", "arg_count" => 6 }
|
131
|
+
], "error" => nil
|
132
|
+
})
|
133
|
+
end
|
134
|
+
end
|
135
|
+
|
136
|
+
context "with special characters in the command" do
|
137
|
+
it "should parse the commands" do
|
138
|
+
commands = Whisperer.parse_cmd("echo 'bréak' && cat /etc/passwd && grep root")
|
139
|
+
expect(commands).to eq({
|
140
|
+
"error"=>nil,
|
141
|
+
"commands"=>[
|
142
|
+
{"command"=>"echo", "arg_count"=>1},
|
143
|
+
{"command"=>"cat", "arg_count"=>1},
|
144
|
+
{"command"=>"grep", "arg_count"=>1}
|
145
|
+
]
|
146
|
+
})
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
150
|
+
context "with null terminator character in the command" do
|
151
|
+
it "should parse the commands" do
|
152
|
+
commands = Whisperer.parse_cmd("echo 'br\0ak' && cat /etc/passwd && grep root")
|
153
|
+
expect(commands).to eq({
|
154
|
+
"error"=>nil,
|
155
|
+
"commands"=>[
|
156
|
+
{"command"=>"echo", "arg_count"=>1},
|
157
|
+
{"command"=>"cat", "arg_count"=>1},
|
158
|
+
{"command"=>"grep", "arg_count"=>1}
|
159
|
+
]
|
160
|
+
})
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
context "with an sh command" do
|
165
|
+
it "should parse the commands" do
|
166
|
+
commands = Whisperer.parse_cmd("sh -c \"bundle install && rake db:setup db:migrate\"")
|
167
|
+
expect(commands).to eq({
|
168
|
+
"error"=>nil,
|
169
|
+
"commands"=>[
|
170
|
+
{"command"=>"sh", "arg_count"=>2},
|
171
|
+
{"command"=>"bundle", "arg_count"=>1},
|
172
|
+
{"command"=>"rake", "arg_count"=>2}
|
173
|
+
]
|
174
|
+
})
|
175
|
+
end
|
176
|
+
end
|
177
|
+
|
178
|
+
context "with an /bin/sh command" do
|
179
|
+
it "should parse the commands" do
|
180
|
+
commands = Whisperer.parse_cmd("/bin/sh -c \"bundle install && rake db:setup db:migrate\"")
|
181
|
+
expect(commands).to eq({
|
182
|
+
"error"=>nil,
|
183
|
+
"commands"=>[
|
184
|
+
{"command"=>"sh", "arg_count"=>2},
|
185
|
+
{"command"=>"bundle", "arg_count"=>1},
|
186
|
+
{"command"=>"rake", "arg_count"=>2}
|
187
|
+
]
|
188
|
+
})
|
189
|
+
end
|
190
|
+
end
|
191
|
+
end
|
192
|
+
|
193
|
+
describe ".convert_result" do
|
194
|
+
it "should catch and log json parse errors" do
|
195
|
+
logger = double("logger")
|
196
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
197
|
+
expect(logger).to receive(:error).with("JSON::ParserError ocurred when trying to parse native lib response")
|
198
|
+
|
199
|
+
result = FFI::MemoryPointer.from_string("{malformed_json}")
|
200
|
+
whisper = Whisperer.convert_result(result.size, result)
|
201
|
+
expect(whisper).to eq({})
|
202
|
+
end
|
203
|
+
|
204
|
+
it "should parse json properly" do
|
205
|
+
result = FFI::MemoryPointer.from_string({'valid' => 'json'}.to_json)
|
206
|
+
whisper = Whisperer.convert_result(result.size, result)
|
207
|
+
expect(whisper).to eq({"valid" => "json"})
|
208
|
+
end
|
209
|
+
end
|
210
|
+
|
211
|
+
describe ".appfirewall" do
|
212
|
+
it "returns an xss injection with an enabled xss sensor" do
|
213
|
+
policy = {
|
214
|
+
"policy_id" => "policy_id",
|
215
|
+
"version" => 1,
|
216
|
+
"data" => {
|
217
|
+
"sensors" => {
|
218
|
+
"xss" => {
|
219
|
+
"patterns" => ["1", "2", "4", "5", "6", "7", "8"]
|
220
|
+
}
|
221
|
+
}
|
222
|
+
}
|
223
|
+
}
|
224
|
+
|
225
|
+
whisper = Whisperer.init_appfirewall(policy, true)
|
226
|
+
|
227
|
+
expect(whisper["error"]).to be_nil
|
228
|
+
expect(whisper["enabled"]).to eq(true)
|
229
|
+
expect(whisper["policy_ptr"]).to_not be_nil
|
230
|
+
|
231
|
+
appfirewall_ptr = whisper["policy_ptr"]
|
232
|
+
|
233
|
+
whisper = Whisperer.apply_appfirewall(
|
234
|
+
appfirewall_ptr,
|
235
|
+
{
|
236
|
+
"method" => "GET",
|
237
|
+
"route_id" => "12345",
|
238
|
+
"path" => "/some/path",
|
239
|
+
"query_params" => [{"name" => "xss_param", "value" => "<script>"}],
|
240
|
+
"post_params" => [],
|
241
|
+
"headers" => [],
|
242
|
+
"cookies" => [],
|
243
|
+
"remote_address" => "192.1681.1.1",
|
244
|
+
"full_uri" => "http://192.168.1.1:8080/some/path?xss_param=<script>",
|
245
|
+
"session_id" => "session_id",
|
246
|
+
"status_code" => 200
|
247
|
+
})
|
248
|
+
|
249
|
+
expect(whisper).to eq({
|
250
|
+
"apply_response" => [{
|
251
|
+
"detection_point"=>"xss",
|
252
|
+
"method"=>"GET",
|
253
|
+
"parameter"=>"xss_param",
|
254
|
+
"uri"=>"http://192.168.1.1:8080/some/path?xss_param=",
|
255
|
+
"remote_address"=>"192.1681.1.1",
|
256
|
+
"route_id"=>"12345",
|
257
|
+
"session_id"=>"session_id",
|
258
|
+
"pattern"=>"1",
|
259
|
+
"meta"=>{"l"=>"query"}
|
260
|
+
}]
|
261
|
+
})
|
262
|
+
|
263
|
+
Whisperer.free_appfirewall(appfirewall_ptr)
|
264
|
+
end
|
265
|
+
end
|
266
|
+
end
|
267
|
+
end
|
@@ -6,16 +6,25 @@ module TCellAgent
|
|
6
6
|
describe AppSensorMetaEvent do
|
7
7
|
|
8
8
|
describe "#body_params" do
|
9
|
+
before(:each) do
|
10
|
+
@appsensor_meta = AppSensorMetaEvent.new(
|
11
|
+
"get",
|
12
|
+
"remote_address",
|
13
|
+
"route_id",
|
14
|
+
"session_id",
|
15
|
+
"user_id",
|
16
|
+
"transaction_id")
|
17
|
+
end
|
18
|
+
|
9
19
|
context "with text/html content type" do
|
10
20
|
it "should set the body params to empty" do
|
11
|
-
|
12
|
-
app_sensor_event_process.set_body_dict(
|
21
|
+
@appsensor_meta.set_body_dict(
|
13
22
|
67,
|
14
23
|
"text/html",
|
15
24
|
{username:"tester",password:"pass"}.to_json
|
16
25
|
)
|
17
26
|
|
18
|
-
expect(
|
27
|
+
expect(@appsensor_meta.body_dict).to eq({})
|
19
28
|
end
|
20
29
|
end
|
21
30
|
|
@@ -23,52 +32,48 @@ module TCellAgent
|
|
23
32
|
|
24
33
|
context "with empty request body" do
|
25
34
|
it "should set the body params to empty" do
|
26
|
-
@
|
27
|
-
@app_sensor_event_process.set_body_dict(
|
35
|
+
@appsensor_meta.set_body_dict(
|
28
36
|
67,
|
29
37
|
"application/json",
|
30
38
|
nil
|
31
39
|
)
|
32
40
|
|
33
|
-
expect(@
|
41
|
+
expect(@appsensor_meta.body_dict).to eq({})
|
34
42
|
end
|
35
43
|
end
|
36
44
|
|
37
45
|
context "with bad json in the body" do
|
38
46
|
it "should set the body params to empty" do
|
39
|
-
@
|
40
|
-
@app_sensor_event_process.set_body_dict(
|
47
|
+
@appsensor_meta.set_body_dict(
|
41
48
|
67,
|
42
49
|
"application/json",
|
43
50
|
'{"username":"tester""password":"pass"}'
|
44
51
|
)
|
45
52
|
|
46
|
-
expect(@
|
53
|
+
expect(@appsensor_meta.body_dict).to eq({})
|
47
54
|
end
|
48
55
|
end
|
49
56
|
|
50
57
|
context "with valid json in the body" do
|
51
58
|
it "should set the body params" do
|
52
|
-
@
|
53
|
-
@app_sensor_event_process.set_body_dict(
|
59
|
+
@appsensor_meta.set_body_dict(
|
54
60
|
67,
|
55
61
|
"application/json",
|
56
62
|
{username:"tester",password:"pass"}.to_json
|
57
63
|
)
|
58
64
|
|
59
|
-
expect(@
|
65
|
+
expect(@appsensor_meta.body_dict).to eq({["username"]=>"tester",["password"]=>"pass"})
|
60
66
|
end
|
61
67
|
end
|
62
68
|
|
63
69
|
context "with a json body that's too big" do
|
64
70
|
it "should set the body params to empty" do
|
65
|
-
@
|
66
|
-
@app_sensor_event_process.set_body_dict(
|
71
|
+
@appsensor_meta.set_body_dict(
|
67
72
|
20000000,
|
68
73
|
"application/json",
|
69
74
|
{username:"tester",password:"pass"}.to_json
|
70
75
|
)
|
71
|
-
expect(@
|
76
|
+
expect(@appsensor_meta.body_dict).to eq({})
|
72
77
|
end
|
73
78
|
end
|
74
79
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -15,12 +15,3 @@ end
|
|
15
15
|
|
16
16
|
require 'tcell_agent/agent'
|
17
17
|
require 'tcell_agent/rails/routes'
|
18
|
-
|
19
|
-
if TCellAgent.configuration.raise_exceptions
|
20
|
-
puts "[tCell.io] ******WARNING*************WARNING**************WARNING****************"
|
21
|
-
puts "[tCell.io] Travis CI has TCELL_RAISE_EXCEPTIONS set to false."
|
22
|
-
puts "[tCell.io] Your environment TCELL_RAISE_EXCEPTIONS has it set to true"
|
23
|
-
puts "[tCell.io] because of this discrepancy you may observe different spec failures"
|
24
|
-
puts "[tCell.io] in your dev env than those observed on Travis CI"
|
25
|
-
puts "[tCell.io] **********************************************************************"
|
26
|
-
end
|
data/tcell_agent.gemspec
CHANGED
@@ -1,23 +1,27 @@
|
|
1
1
|
# coding: utf-8
|
2
|
+
|
2
3
|
lib = File.expand_path('../lib', __FILE__)
|
3
|
-
#bin = File.expand_path('../bin', __FILE__)
|
4
4
|
|
5
5
|
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
6
6
|
require 'tcell_agent/version'
|
7
|
+
|
7
8
|
Gem::Specification.new do |spec|
|
8
9
|
spec.name = "tcell_agent"
|
9
10
|
spec.version = TCellAgent::VERSION
|
10
|
-
spec.authors = [
|
11
|
+
spec.authors = ['Rafael','Garrett']
|
11
12
|
spec.email = ["rafael@tcell.io"]
|
12
13
|
spec.summary = "tCell.io Agent for Rails & Sinatra"
|
13
14
|
spec.description = "This agent allows users to use the tCell.io service with their Rails or Sinatra app."
|
14
15
|
spec.homepage = "https://www.tcell.io"
|
15
|
-
spec.license = "Copyright (c)
|
16
|
+
spec.license = "Copyright (c) 2017 tCell.io (see LICENSE file)"
|
16
17
|
|
17
18
|
spec.files = Dir[
|
18
19
|
'Rakefile',
|
19
20
|
'lib/tcell_agent.rb',
|
20
21
|
'{lib/tcell_agent,spec}/**/*',
|
22
|
+
'lib/tcell_agent/rust/libtcellagent-*.so',
|
23
|
+
'lib/tcell_agent/rust/libtcellagent-*.dylib',
|
24
|
+
'lib/tcell_agent/rust/tcellagent-*.dll',
|
21
25
|
'README*',
|
22
26
|
'LICENSE*',
|
23
27
|
'LICENSE_libinjection',
|
@@ -38,6 +42,7 @@ Gem::Specification.new do |spec|
|
|
38
42
|
|
39
43
|
spec.add_runtime_dependency "json",">=1.8"
|
40
44
|
spec.add_runtime_dependency "pbkdf2",">=0.1"
|
45
|
+
spec.add_runtime_dependency "ffi",">=1.3.0"
|
41
46
|
spec.add_development_dependency "rspec-core"
|
42
47
|
spec.add_development_dependency "bundler", ">= 1.7"
|
43
48
|
spec.add_development_dependency "rake", "~> 10.0"
|
metadata
CHANGED
@@ -1,14 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tcell_agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
|
+
- Rafael
|
7
8
|
- Garrett
|
8
9
|
autorequire:
|
9
10
|
bindir: bin
|
10
11
|
cert_chain: []
|
11
|
-
date: 2017-
|
12
|
+
date: 2017-12-19 00:00:00.000000000 Z
|
12
13
|
dependencies:
|
13
14
|
- !ruby/object:Gem::Dependency
|
14
15
|
name: json
|
@@ -38,6 +39,20 @@ dependencies:
|
|
38
39
|
- - ">="
|
39
40
|
- !ruby/object:Gem::Version
|
40
41
|
version: '0.1'
|
42
|
+
- !ruby/object:Gem::Dependency
|
43
|
+
name: ffi
|
44
|
+
requirement: !ruby/object:Gem::Requirement
|
45
|
+
requirements:
|
46
|
+
- - ">="
|
47
|
+
- !ruby/object:Gem::Version
|
48
|
+
version: 1.3.0
|
49
|
+
type: :runtime
|
50
|
+
prerelease: false
|
51
|
+
version_requirements: !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - ">="
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
version: 1.3.0
|
41
56
|
- !ruby/object:Gem::Dependency
|
42
57
|
name: rspec-core
|
43
58
|
requirement: !ruby/object:Gem::Requirement
|
@@ -122,6 +137,7 @@ files:
|
|
122
137
|
- LICENSE_libinjection
|
123
138
|
- README.md
|
124
139
|
- Rakefile
|
140
|
+
- Readme.txt
|
125
141
|
- bin/tcell_agent
|
126
142
|
- ext/libinjection/extconf.rb
|
127
143
|
- ext/libinjection/libinjection.h
|
@@ -148,11 +164,12 @@ files:
|
|
148
164
|
- lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb
|
149
165
|
- lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb
|
150
166
|
- lib/tcell_agent/appsensor/rules/baserules.json
|
151
|
-
- lib/tcell_agent/appsensor/sensor.rb
|
152
167
|
- lib/tcell_agent/authlogic.rb
|
168
|
+
- lib/tcell_agent/cmdi.rb
|
153
169
|
- lib/tcell_agent/config/unknown_options.rb
|
154
170
|
- lib/tcell_agent/configuration.rb
|
155
171
|
- lib/tcell_agent/devise.rb
|
172
|
+
- lib/tcell_agent/hooks/login_fraud.rb
|
156
173
|
- lib/tcell_agent/instrumentation.rb
|
157
174
|
- lib/tcell_agent/logger.rb
|
158
175
|
- lib/tcell_agent/patches.rb
|
@@ -160,22 +177,15 @@ files:
|
|
160
177
|
- lib/tcell_agent/patches/meta_data.rb
|
161
178
|
- lib/tcell_agent/patches/sensors_matcher.rb
|
162
179
|
- lib/tcell_agent/policies/appsensor/cmdi_sensor.rb
|
163
|
-
- lib/tcell_agent/policies/appsensor/database_sensor.rb
|
164
180
|
- lib/tcell_agent/policies/appsensor/fpt_sensor.rb
|
165
181
|
- lib/tcell_agent/policies/appsensor/injection_sensor.rb
|
166
|
-
- lib/tcell_agent/policies/appsensor/misc_sensor.rb
|
167
182
|
- lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb
|
168
|
-
- lib/tcell_agent/policies/appsensor/payloads_policy.rb
|
169
|
-
- lib/tcell_agent/policies/appsensor/request_size_sensor.rb
|
170
|
-
- lib/tcell_agent/policies/appsensor/response_codes_sensor.rb
|
171
|
-
- lib/tcell_agent/policies/appsensor/response_size_sensor.rb
|
172
183
|
- lib/tcell_agent/policies/appsensor/retr_sensor.rb
|
173
|
-
- lib/tcell_agent/policies/appsensor/size_sensor.rb
|
174
184
|
- lib/tcell_agent/policies/appsensor/sqli_sensor.rb
|
175
|
-
- lib/tcell_agent/policies/appsensor/user_agent_sensor.rb
|
176
185
|
- lib/tcell_agent/policies/appsensor/xss_sensor.rb
|
177
186
|
- lib/tcell_agent/policies/appsensor_policy.rb
|
178
187
|
- lib/tcell_agent/policies/clickjacking_policy.rb
|
188
|
+
- lib/tcell_agent/policies/command_injection_policy.rb
|
179
189
|
- lib/tcell_agent/policies/content_security_policy.rb
|
180
190
|
- lib/tcell_agent/policies/dataloss_policy.rb
|
181
191
|
- lib/tcell_agent/policies/honeytokens_policy.rb
|
@@ -183,12 +193,12 @@ files:
|
|
183
193
|
- lib/tcell_agent/policies/http_tx_policy.rb
|
184
194
|
- lib/tcell_agent/policies/login_fraud_policy.rb
|
185
195
|
- lib/tcell_agent/policies/patches_policy.rb
|
196
|
+
- lib/tcell_agent/policies/policy.rb
|
186
197
|
- lib/tcell_agent/policies/secure_headers_policy.rb
|
187
198
|
- lib/tcell_agent/rails.rb
|
188
199
|
- lib/tcell_agent/rails/auth/authlogic.rb
|
189
200
|
- lib/tcell_agent/rails/auth/devise.rb
|
190
201
|
- lib/tcell_agent/rails/auth/doorkeeper.rb
|
191
|
-
- lib/tcell_agent/rails/auth/hooks.rb
|
192
202
|
- lib/tcell_agent/rails/better_ip.rb
|
193
203
|
- lib/tcell_agent/rails/csrf_exception.rb
|
194
204
|
- lib/tcell_agent/rails/dlp.rb
|
@@ -207,9 +217,15 @@ files:
|
|
207
217
|
- lib/tcell_agent/rails/settings_reporter.rb
|
208
218
|
- lib/tcell_agent/rails/tcell_body_proxy.rb
|
209
219
|
- lib/tcell_agent/routes/table.rb
|
220
|
+
- lib/tcell_agent/rust/libtcellagent-0.6.1.dylib
|
221
|
+
- lib/tcell_agent/rust/libtcellagent-0.6.1.so
|
222
|
+
- lib/tcell_agent/rust/models.rb
|
223
|
+
- lib/tcell_agent/rust/tcellagent-0.6.1.dll
|
224
|
+
- lib/tcell_agent/rust/whisperer.rb
|
210
225
|
- lib/tcell_agent/sensor_events/app_config.rb
|
211
226
|
- lib/tcell_agent/sensor_events/appsensor_event.rb
|
212
227
|
- lib/tcell_agent/sensor_events/appsensor_meta_event.rb
|
228
|
+
- lib/tcell_agent/sensor_events/command_injection.rb
|
213
229
|
- lib/tcell_agent/sensor_events/discovery.rb
|
214
230
|
- lib/tcell_agent/sensor_events/dlp.rb
|
215
231
|
- lib/tcell_agent/sensor_events/honeytokens.rb
|
@@ -217,7 +233,6 @@ files:
|
|
217
233
|
- lib/tcell_agent/sensor_events/metrics.rb
|
218
234
|
- lib/tcell_agent/sensor_events/sensor.rb
|
219
235
|
- lib/tcell_agent/sensor_events/server_agent.rb
|
220
|
-
- lib/tcell_agent/sensor_events/util/redirect_utils.rb
|
221
236
|
- lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb
|
222
237
|
- lib/tcell_agent/sensor_events/util/utils.rb
|
223
238
|
- lib/tcell_agent/servers/passenger.rb
|
@@ -285,31 +300,26 @@ files:
|
|
285
300
|
- spec/lib/tcell_agent/api/api_spec.rb
|
286
301
|
- spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb
|
287
302
|
- spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb
|
303
|
+
- spec/lib/tcell_agent/appsensor/meta_data_spec.rb
|
288
304
|
- spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb
|
289
305
|
- spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb
|
306
|
+
- spec/lib/tcell_agent/cmdi_spec.rb
|
290
307
|
- spec/lib/tcell_agent/config/unknown_options_spec.rb
|
291
308
|
- spec/lib/tcell_agent/configuration_spec.rb
|
309
|
+
- spec/lib/tcell_agent/hooks/login_fraud_spec.rb
|
292
310
|
- spec/lib/tcell_agent/instrumentation_spec.rb
|
293
311
|
- spec/lib/tcell_agent/patches/block_rule_spec.rb
|
294
312
|
- spec/lib/tcell_agent/patches/sensors_matcher_spec.rb
|
295
313
|
- spec/lib/tcell_agent/patches_spec.rb
|
296
314
|
- spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb
|
297
|
-
- spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb
|
298
315
|
- spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb
|
299
|
-
- spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb
|
300
316
|
- spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb
|
301
|
-
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb
|
302
|
-
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb
|
303
|
-
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb
|
304
|
-
- spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb
|
305
|
-
- spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb
|
306
|
-
- spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb
|
307
317
|
- spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb
|
308
318
|
- spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb
|
309
|
-
- spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb
|
310
319
|
- spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb
|
311
320
|
- spec/lib/tcell_agent/policies/appsensor_policy_spec.rb
|
312
321
|
- spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb
|
322
|
+
- spec/lib/tcell_agent/policies/command_injection_policy_spec.rb
|
313
323
|
- spec/lib/tcell_agent/policies/content_security_policy_spec.rb
|
314
324
|
- spec/lib/tcell_agent/policies/dataloss_policy_spec.rb
|
315
325
|
- spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb
|
@@ -318,7 +328,6 @@ files:
|
|
318
328
|
- spec/lib/tcell_agent/policies/login_policy_spec.rb
|
319
329
|
- spec/lib/tcell_agent/policies/patches_policy_spec.rb
|
320
330
|
- spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb
|
321
|
-
- spec/lib/tcell_agent/rails/auth/hooks_spec.rb
|
322
331
|
- spec/lib/tcell_agent/rails/better_ip_spec.rb
|
323
332
|
- spec/lib/tcell_agent/rails/logger_spec.rb
|
324
333
|
- spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb
|
@@ -331,10 +340,10 @@ files:
|
|
331
340
|
- spec/lib/tcell_agent/rails/routes/route_id_spec.rb
|
332
341
|
- spec/lib/tcell_agent/rails/routes/routes_spec.rb
|
333
342
|
- spec/lib/tcell_agent/rails_spec.rb
|
343
|
+
- spec/lib/tcell_agent/rust/whisperer_spec.rb
|
334
344
|
- spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb
|
335
345
|
- spec/lib/tcell_agent/sensor_events/dlp_spec.rb
|
336
346
|
- spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb
|
337
|
-
- spec/lib/tcell_agent/sensor_events/util/redirect_utils_spec.rb
|
338
347
|
- spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
|
339
348
|
- spec/lib/tcell_agent/utils/bounded_queue_spec.rb
|
340
349
|
- spec/lib/tcell_agent/utils/params_spec.rb
|
@@ -342,13 +351,12 @@ files:
|
|
342
351
|
- spec/lib/tcell_agent_spec.rb
|
343
352
|
- spec/spec_helper.rb
|
344
353
|
- spec/support/middleware_helper.rb
|
345
|
-
- spec/support/resources/baserules.json
|
346
354
|
- spec/support/resources/normal_config.json
|
347
355
|
- spec/support/static_agent_overrides.rb
|
348
356
|
- tcell_agent.gemspec
|
349
357
|
homepage: https://www.tcell.io
|
350
358
|
licenses:
|
351
|
-
- Copyright (c)
|
359
|
+
- Copyright (c) 2017 tCell.io (see LICENSE file)
|
352
360
|
metadata: {}
|
353
361
|
post_install_message:
|
354
362
|
rdoc_options: []
|
@@ -368,7 +376,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
368
376
|
version: '0'
|
369
377
|
requirements: []
|
370
378
|
rubyforge_project:
|
371
|
-
rubygems_version: 2.
|
379
|
+
rubygems_version: 2.4.8
|
372
380
|
signing_key:
|
373
381
|
specification_version: 4
|
374
382
|
summary: tCell.io Agent for Rails & Sinatra
|
@@ -423,31 +431,26 @@ test_files:
|
|
423
431
|
- spec/lib/tcell_agent/api/api_spec.rb
|
424
432
|
- spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb
|
425
433
|
- spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb
|
434
|
+
- spec/lib/tcell_agent/appsensor/meta_data_spec.rb
|
426
435
|
- spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb
|
427
436
|
- spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb
|
437
|
+
- spec/lib/tcell_agent/cmdi_spec.rb
|
428
438
|
- spec/lib/tcell_agent/config/unknown_options_spec.rb
|
429
439
|
- spec/lib/tcell_agent/configuration_spec.rb
|
440
|
+
- spec/lib/tcell_agent/hooks/login_fraud_spec.rb
|
430
441
|
- spec/lib/tcell_agent/instrumentation_spec.rb
|
431
442
|
- spec/lib/tcell_agent/patches/block_rule_spec.rb
|
432
443
|
- spec/lib/tcell_agent/patches/sensors_matcher_spec.rb
|
433
444
|
- spec/lib/tcell_agent/patches_spec.rb
|
434
445
|
- spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb
|
435
|
-
- spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb
|
436
446
|
- spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb
|
437
|
-
- spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb
|
438
447
|
- spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb
|
439
|
-
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb
|
440
|
-
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb
|
441
|
-
- spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb
|
442
|
-
- spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb
|
443
|
-
- spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb
|
444
|
-
- spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb
|
445
448
|
- spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb
|
446
449
|
- spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb
|
447
|
-
- spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb
|
448
450
|
- spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb
|
449
451
|
- spec/lib/tcell_agent/policies/appsensor_policy_spec.rb
|
450
452
|
- spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb
|
453
|
+
- spec/lib/tcell_agent/policies/command_injection_policy_spec.rb
|
451
454
|
- spec/lib/tcell_agent/policies/content_security_policy_spec.rb
|
452
455
|
- spec/lib/tcell_agent/policies/dataloss_policy_spec.rb
|
453
456
|
- spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb
|
@@ -456,7 +459,6 @@ test_files:
|
|
456
459
|
- spec/lib/tcell_agent/policies/login_policy_spec.rb
|
457
460
|
- spec/lib/tcell_agent/policies/patches_policy_spec.rb
|
458
461
|
- spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb
|
459
|
-
- spec/lib/tcell_agent/rails/auth/hooks_spec.rb
|
460
462
|
- spec/lib/tcell_agent/rails/better_ip_spec.rb
|
461
463
|
- spec/lib/tcell_agent/rails/logger_spec.rb
|
462
464
|
- spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb
|
@@ -469,10 +471,10 @@ test_files:
|
|
469
471
|
- spec/lib/tcell_agent/rails/routes/route_id_spec.rb
|
470
472
|
- spec/lib/tcell_agent/rails/routes/routes_spec.rb
|
471
473
|
- spec/lib/tcell_agent/rails_spec.rb
|
474
|
+
- spec/lib/tcell_agent/rust/whisperer_spec.rb
|
472
475
|
- spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb
|
473
476
|
- spec/lib/tcell_agent/sensor_events/dlp_spec.rb
|
474
477
|
- spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb
|
475
|
-
- spec/lib/tcell_agent/sensor_events/util/redirect_utils_spec.rb
|
476
478
|
- spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
|
477
479
|
- spec/lib/tcell_agent/utils/bounded_queue_spec.rb
|
478
480
|
- spec/lib/tcell_agent/utils/params_spec.rb
|
@@ -480,6 +482,5 @@ test_files:
|
|
480
482
|
- spec/lib/tcell_agent_spec.rb
|
481
483
|
- spec/spec_helper.rb
|
482
484
|
- spec/support/middleware_helper.rb
|
483
|
-
- spec/support/resources/baserules.json
|
484
485
|
- spec/support/resources/normal_config.json
|
485
486
|
- spec/support/static_agent_overrides.rb
|