tcell_agent 0.2.29 → 0.4.0

data/spec/lib/tcell_agent/rust/whisperer_spec.rb

@@ -0,0 +1,267 @@
+# encoding: utf-8
+require 'spec_helper'
+
+module TCellAgent
+  module Rust
+
+    describe ".parse_cmd" do
+      require "tcell_agent/rust/whisperer"
+
+      context "empty command" do
+        it "should return empty json object" do
+          result = Whisperer.parse_cmd(nil)
+          expect(result).to eq({})
+          result = Whisperer.parse_cmd("")
+          expect(result).to eq({})
+          result = Whisperer.parse_cmd("   ")
+          expect(result).to eq({})
+        end
+      end
+
+      context "single command" do
+        it "should return single command parsed" do
+          result = Whisperer.parse_cmd("ifconfig -a")
+          expect(result).to eq({"error"=>nil, "commands"=>[{"command"=>"ifconfig", "arg_count"=>1}]})
+          result = Whisperer.parse_cmd("ifconfig")
+          expect(result).to eq({"error"=>nil, "commands"=>[{"command"=>"ifconfig", "arg_count"=>0}]})
+        end
+      end
+
+      context "with a compound command" do
+        it "should return parsed commands" do
+          commands = Whisperer.parse_cmd("cd /tcellagent_src && bundle --quiet && bundle exec rake compile && bundle exec rspec")
+          expect(commands).to eq({
+            "error"=>nil,
+            "commands"=>[
+              {"command"=>"cd", "arg_count"=>1},
+              {"command"=>"bundle", "arg_count"=>1},
+              {"command"=>"bundle", "arg_count"=>3},
+              {"command"=>"bundle", "arg_count"=>2}
+            ]
+          })
+
+          commands = Whisperer.parse_cmd("cd /tcellagent_src; bundle --quiet; bundle exec rake compile; bundle exec rspec")
+          expect(commands).to eq({
+            "error"=>nil,
+            "commands"=>[
+              {"command"=>"cd", "arg_count"=>1},
+              {"command"=>"bundle", "arg_count"=>1},
+              {"command"=>"bundle", "arg_count"=>3},
+              {"command"=>"bundle", "arg_count"=>2}
+            ]
+          })
+
+          commands = Whisperer.parse_cmd("cat /etc/passwd | grep root")
+          expect(commands).to eq({
+              "commands" => [
+                  {"arg_count" => 1, "command" => "cat"},
+                  {"arg_count" => 1, "command" => "grep"}
+              ], "error" => nil
+          })
+        end
+
+        context "spawning multiple lines" do
+          it "should parse the commands" do
+            commands = Whisperer.parse_cmd(<<-eos
+echo 'first-line'; \
+cat /etc/passwd | grep root
+              eos
+            )
+            expect(commands).to eq({
+              "error"=>nil,
+              "commands"=>[
+                {"command"=>"echo", "arg_count"=>1},
+                {"command"=>"cat", "arg_count"=>1},
+                {"command"=>"grep", "arg_count"=>1}
+              ]
+            })
+
+            commands = Whisperer.parse_cmd(<<-eos
+echo 'first-line' && \
+cat /etc/passwd | grep root
+              eos
+            )
+            expect(commands).to eq({
+              "error"=>nil,
+              "commands"=>[
+                {"command"=>"echo", "arg_count"=>1},
+                {"command"=>"cat", "arg_count"=>1},
+                {"command"=>"grep", "arg_count"=>1}
+              ]
+            })
+
+            commands = Whisperer.parse_cmd(<<-eos
+cd /tcellagent_src; bundle --quiet; \
+bundle exec rake compile; \
+bundle exec rspec
+              eos
+            )
+            expect(commands).to eq({
+              "error"=>nil,
+              "commands"=>[
+                {"command"=>"cd", "arg_count"=>1},
+                {"command"=>"bundle", "arg_count"=>1},
+                {"command"=>"bundle", "arg_count"=>3},
+                {"command"=>"bundle", "arg_count"=>2}
+              ]
+            })
+          end
+        end
+      end
+
+      context "with a complex command" do
+        it "should parse the commands" do
+          commands = Whisperer.parse_cmd(<<-eos
+magick -size 320x85 canvas:none -font Bookman-DemiItalic -pointsize 72 \\
+-draw "text 25,60 \'Magick\'" -channel RGBA -blur 0x6 -fill darkred -stroke magenta \\
+-draw "text 20,55 \'Magick\'" fuzzy-magick.png
+            eos
+          )
+          expect(commands).to eq({
+            "error"=>nil,
+            "commands"=>[
+              {"command"=>"magick", "arg_count"=>24}
+            ]
+          })
+
+          commands = Whisperer.parse_cmd("/usr/local/bin/ruby -eputs 'Hello World!' > /dev/null 2>&1")
+          expect(commands).to eq({
+              "commands" => [
+                  {"command" => "ruby", "arg_count" => 6 }
+              ], "error" => nil
+          })
+        end
+      end
+
+      context "with special characters in the command" do
+        it "should parse the commands" do
+          commands = Whisperer.parse_cmd("echo 'bréak' && cat /etc/passwd && grep root")
+          expect(commands).to eq({
+            "error"=>nil,
+            "commands"=>[
+              {"command"=>"echo", "arg_count"=>1},
+              {"command"=>"cat", "arg_count"=>1},
+              {"command"=>"grep", "arg_count"=>1}
+            ]
+          })
+        end
+      end
+
+      context "with null terminator character in the command" do
+        it "should parse the commands" do
+          commands = Whisperer.parse_cmd("echo 'br\0ak' && cat /etc/passwd && grep root")
+          expect(commands).to eq({
+            "error"=>nil,
+            "commands"=>[
+              {"command"=>"echo", "arg_count"=>1},
+              {"command"=>"cat", "arg_count"=>1},
+              {"command"=>"grep", "arg_count"=>1}
+            ]
+          })
+        end
+      end
+
+      context "with an sh command" do
+        it "should parse the commands" do
+          commands = Whisperer.parse_cmd("sh -c \"bundle install && rake db:setup db:migrate\"")
+          expect(commands).to eq({
+            "error"=>nil,
+            "commands"=>[
+              {"command"=>"sh", "arg_count"=>2},
+              {"command"=>"bundle", "arg_count"=>1},
+              {"command"=>"rake", "arg_count"=>2}
+            ]
+          })
+        end
+      end
+
+      context "with an /bin/sh command" do
+        it "should parse the commands" do
+          commands = Whisperer.parse_cmd("/bin/sh -c \"bundle install && rake db:setup db:migrate\"")
+          expect(commands).to eq({
+            "error"=>nil,
+            "commands"=>[
+              {"command"=>"sh", "arg_count"=>2},
+              {"command"=>"bundle", "arg_count"=>1},
+              {"command"=>"rake", "arg_count"=>2}
+            ]
+          })
+        end
+      end
+    end
+
+    describe ".convert_result" do
+      it "should catch and log json parse errors" do
+        logger = double("logger")
+        expect(TCellAgent).to receive(:logger).and_return(logger)
+        expect(logger).to receive(:error).with("JSON::ParserError ocurred when trying to parse native lib response")
+
+        result = FFI::MemoryPointer.from_string("{malformed_json}")
+        whisper = Whisperer.convert_result(result.size, result)
+        expect(whisper).to eq({})
+      end
+
+      it "should parse json properly" do
+        result = FFI::MemoryPointer.from_string({'valid' => 'json'}.to_json)
+        whisper = Whisperer.convert_result(result.size, result)
+        expect(whisper).to eq({"valid" => "json"})
+      end
+    end
+
+    describe ".appfirewall" do
+      it "returns an xss injection with an enabled xss sensor" do
+        policy = {
+          "policy_id" => "policy_id",
+          "version" => 1,
+          "data" => {
+            "sensors" => {
+              "xss" => {
+                "patterns" => ["1", "2", "4", "5", "6", "7", "8"]
+              }
+            }
+          }
+        }
+
+        whisper = Whisperer.init_appfirewall(policy, true)
+
+        expect(whisper["error"]).to be_nil
+        expect(whisper["enabled"]).to eq(true)
+        expect(whisper["policy_ptr"]).to_not be_nil
+
+        appfirewall_ptr = whisper["policy_ptr"]
+
+        whisper = Whisperer.apply_appfirewall(
+            appfirewall_ptr,
+            {
+              "method" => "GET",
+              "route_id" => "12345",
+              "path" => "/some/path",
+              "query_params" => [{"name" => "xss_param", "value" => "<script>"}],
+              "post_params" => [],
+              "headers" => [],
+              "cookies" => [],
+              "remote_address" => "192.1681.1.1",
+              "full_uri" => "http://192.168.1.1:8080/some/path?xss_param=<script>",
+              "session_id" => "session_id",
+              "status_code" => 200
+            })
+
+        expect(whisper).to eq({
+          "apply_response" => [{
+            "detection_point"=>"xss",
+            "method"=>"GET",
+            "parameter"=>"xss_param",
+            "uri"=>"http://192.168.1.1:8080/some/path?xss_param=",
+            "remote_address"=>"192.1681.1.1",
+            "route_id"=>"12345",
+            "session_id"=>"session_id",
+            "pattern"=>"1",
+            "meta"=>{"l"=>"query"}
+          }]
+        })
+
+        Whisperer.free_appfirewall(appfirewall_ptr)
+      end
+    end
+  end
+end

data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb

@@ -6,16 +6,25 @@ module TCellAgent
     describe AppSensorMetaEvent do
 
       describe "#body_params" do
+        before(:each) do
+          @appsensor_meta = AppSensorMetaEvent.new(
+            "get",
+            "remote_address",
+            "route_id",
+            "session_id",
+            "user_id",
+            "transaction_id")
+        end
+
         context "with text/html content type" do
           it "should set the body params to empty" do
-            app_sensor_event_process = AppSensorMetaEvent.new
-            app_sensor_event_process.set_body_dict(
+            @appsensor_meta.set_body_dict(
               67,
               "text/html",
               {username:"tester",password:"pass"}.to_json
             )
 
-            expect(app_sensor_event_process.body_dict).to eq({})
+            expect(@appsensor_meta.body_dict).to eq({})
           end
         end
 
@@ -23,52 +32,48 @@ module TCellAgent
 
           context "with empty request body" do
             it "should set the body params to empty" do
-              @app_sensor_event_process = AppSensorMetaEvent.new
-              @app_sensor_event_process.set_body_dict(
+              @appsensor_meta.set_body_dict(
                 67,
                 "application/json",
                 nil
               )
 
-              expect(@app_sensor_event_process.body_dict).to eq({})
+              expect(@appsensor_meta.body_dict).to eq({})
             end
           end
 
           context "with bad json in the body" do
             it "should set the body params to empty" do
-              @app_sensor_event_process = AppSensorMetaEvent.new
-              @app_sensor_event_process.set_body_dict(
+              @appsensor_meta.set_body_dict(
                 67,
                 "application/json",
                 '{"username":"tester""password":"pass"}'
               )
 
-              expect(@app_sensor_event_process.body_dict).to eq({})
+              expect(@appsensor_meta.body_dict).to eq({})
             end
           end
 
           context "with valid json in the body" do
             it "should set the body params" do
-              @app_sensor_event_process = AppSensorMetaEvent.new
-              @app_sensor_event_process.set_body_dict(
+              @appsensor_meta.set_body_dict(
                 67,
                 "application/json",
                 {username:"tester",password:"pass"}.to_json
               )
 
-              expect(@app_sensor_event_process.body_dict).to eq({["username"]=>"tester",["password"]=>"pass"})
+              expect(@appsensor_meta.body_dict).to eq({["username"]=>"tester",["password"]=>"pass"})
             end
           end
 
           context "with a json body that's too big" do
             it "should set the body params to empty" do
-              @app_sensor_event_process = AppSensorMetaEvent.new
-              @app_sensor_event_process.set_body_dict(
+              @appsensor_meta.set_body_dict(
                 20000000,
                 "application/json",
                 {username:"tester",password:"pass"}.to_json
               )
-              expect(@app_sensor_event_process.body_dict).to eq({})
+              expect(@appsensor_meta.body_dict).to eq({})
             end
           end
         end

data/spec/spec_helper.rb

@@ -15,12 +15,3 @@ end
 
 require 'tcell_agent/agent'
 require 'tcell_agent/rails/routes'
-
-if TCellAgent.configuration.raise_exceptions
-  puts "[tCell.io] ******WARNING*************WARNING**************WARNING****************"
-  puts "[tCell.io] Travis CI has TCELL_RAISE_EXCEPTIONS set to false."
-  puts "[tCell.io] Your environment TCELL_RAISE_EXCEPTIONS has it set to true"
-  puts "[tCell.io] because of this discrepancy you may observe different spec failures"
-  puts "[tCell.io] in your dev env than those observed on Travis CI"
-  puts "[tCell.io] **********************************************************************"
-end

data/tcell_agent.gemspec

@@ -1,23 +1,27 @@
 # coding: utf-8
+
 lib = File.expand_path('../lib', __FILE__)
-#bin  = File.expand_path('../bin', __FILE__)
 
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'tcell_agent/version'
+
 Gem::Specification.new do |spec|
   spec.name          = "tcell_agent"
   spec.version       = TCellAgent::VERSION
-  spec.authors       = ["Garrett"]
+  spec.authors       = ['Rafael','Garrett']
   spec.email         = ["rafael@tcell.io"]
   spec.summary       = "tCell.io Agent for Rails & Sinatra"
   spec.description   = "This agent allows users to use the tCell.io service with their Rails or Sinatra app."
   spec.homepage      = "https://www.tcell.io"
-  spec.license       = "Copyright (c) 2015 tCell.io (see LICENSE file)"
+  spec.license       = "Copyright (c) 2017 tCell.io (see LICENSE file)"
 
   spec.files = Dir[
     'Rakefile',
     'lib/tcell_agent.rb',
     '{lib/tcell_agent,spec}/**/*',
+    'lib/tcell_agent/rust/libtcellagent-*.so',
+    'lib/tcell_agent/rust/libtcellagent-*.dylib',
+    'lib/tcell_agent/rust/tcellagent-*.dll',
     'README*',
     'LICENSE*',
     'LICENSE_libinjection',
@@ -38,6 +42,7 @@ Gem::Specification.new do |spec|
 
   spec.add_runtime_dependency "json",">=1.8"
   spec.add_runtime_dependency "pbkdf2",">=0.1"
+  spec.add_runtime_dependency "ffi",">=1.3.0"
   spec.add_development_dependency "rspec-core"
   spec.add_development_dependency "bundler", ">= 1.7"
   spec.add_development_dependency "rake", "~> 10.0"

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: tcell_agent
 version: !ruby/object:Gem::Version
-  version: 0.2.29
+  version: 0.4.0
 platform: ruby
 authors:
+- Rafael
 - Garrett
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-06 00:00:00.000000000 Z
+date: 2017-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -38,6 +39,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0.1'
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: rspec-core
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +137,7 @@ files:
 - LICENSE_libinjection
 - README.md
 - Rakefile
+- Readme.txt
 - bin/tcell_agent
 - ext/libinjection/extconf.rb
 - ext/libinjection/libinjection.h
@@ -148,11 +164,12 @@ files:
 - lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb
 - lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb
 - lib/tcell_agent/appsensor/rules/baserules.json
-- lib/tcell_agent/appsensor/sensor.rb
 - lib/tcell_agent/authlogic.rb
+- lib/tcell_agent/cmdi.rb
 - lib/tcell_agent/config/unknown_options.rb
 - lib/tcell_agent/configuration.rb
 - lib/tcell_agent/devise.rb
+- lib/tcell_agent/hooks/login_fraud.rb
 - lib/tcell_agent/instrumentation.rb
 - lib/tcell_agent/logger.rb
 - lib/tcell_agent/patches.rb
@@ -160,22 +177,15 @@ files:
 - lib/tcell_agent/patches/meta_data.rb
 - lib/tcell_agent/patches/sensors_matcher.rb
 - lib/tcell_agent/policies/appsensor/cmdi_sensor.rb
-- lib/tcell_agent/policies/appsensor/database_sensor.rb
 - lib/tcell_agent/policies/appsensor/fpt_sensor.rb
 - lib/tcell_agent/policies/appsensor/injection_sensor.rb
-- lib/tcell_agent/policies/appsensor/misc_sensor.rb
 - lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb
-- lib/tcell_agent/policies/appsensor/payloads_policy.rb
-- lib/tcell_agent/policies/appsensor/request_size_sensor.rb
-- lib/tcell_agent/policies/appsensor/response_codes_sensor.rb
-- lib/tcell_agent/policies/appsensor/response_size_sensor.rb
 - lib/tcell_agent/policies/appsensor/retr_sensor.rb
-- lib/tcell_agent/policies/appsensor/size_sensor.rb
 - lib/tcell_agent/policies/appsensor/sqli_sensor.rb
-- lib/tcell_agent/policies/appsensor/user_agent_sensor.rb
 - lib/tcell_agent/policies/appsensor/xss_sensor.rb
 - lib/tcell_agent/policies/appsensor_policy.rb
 - lib/tcell_agent/policies/clickjacking_policy.rb
+- lib/tcell_agent/policies/command_injection_policy.rb
 - lib/tcell_agent/policies/content_security_policy.rb
 - lib/tcell_agent/policies/dataloss_policy.rb
 - lib/tcell_agent/policies/honeytokens_policy.rb
@@ -183,12 +193,12 @@ files:
 - lib/tcell_agent/policies/http_tx_policy.rb
 - lib/tcell_agent/policies/login_fraud_policy.rb
 - lib/tcell_agent/policies/patches_policy.rb
+- lib/tcell_agent/policies/policy.rb
 - lib/tcell_agent/policies/secure_headers_policy.rb
 - lib/tcell_agent/rails.rb
 - lib/tcell_agent/rails/auth/authlogic.rb
 - lib/tcell_agent/rails/auth/devise.rb
 - lib/tcell_agent/rails/auth/doorkeeper.rb
-- lib/tcell_agent/rails/auth/hooks.rb
 - lib/tcell_agent/rails/better_ip.rb
 - lib/tcell_agent/rails/csrf_exception.rb
 - lib/tcell_agent/rails/dlp.rb
@@ -207,9 +217,15 @@ files:
 - lib/tcell_agent/rails/settings_reporter.rb
 - lib/tcell_agent/rails/tcell_body_proxy.rb
 - lib/tcell_agent/routes/table.rb
+- lib/tcell_agent/rust/libtcellagent-0.6.1.dylib
+- lib/tcell_agent/rust/libtcellagent-0.6.1.so
+- lib/tcell_agent/rust/models.rb
+- lib/tcell_agent/rust/tcellagent-0.6.1.dll
+- lib/tcell_agent/rust/whisperer.rb
 - lib/tcell_agent/sensor_events/app_config.rb
 - lib/tcell_agent/sensor_events/appsensor_event.rb
 - lib/tcell_agent/sensor_events/appsensor_meta_event.rb
+- lib/tcell_agent/sensor_events/command_injection.rb
 - lib/tcell_agent/sensor_events/discovery.rb
 - lib/tcell_agent/sensor_events/dlp.rb
 - lib/tcell_agent/sensor_events/honeytokens.rb
@@ -217,7 +233,6 @@ files:
 - lib/tcell_agent/sensor_events/metrics.rb
 - lib/tcell_agent/sensor_events/sensor.rb
 - lib/tcell_agent/sensor_events/server_agent.rb
-- lib/tcell_agent/sensor_events/util/redirect_utils.rb
 - lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb
 - lib/tcell_agent/sensor_events/util/utils.rb
 - lib/tcell_agent/servers/passenger.rb
@@ -285,31 +300,26 @@ files:
 - spec/lib/tcell_agent/api/api_spec.rb
 - spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb
 - spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb
+- spec/lib/tcell_agent/appsensor/meta_data_spec.rb
 - spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb
 - spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb
+- spec/lib/tcell_agent/cmdi_spec.rb
 - spec/lib/tcell_agent/config/unknown_options_spec.rb
 - spec/lib/tcell_agent/configuration_spec.rb
+- spec/lib/tcell_agent/hooks/login_fraud_spec.rb
 - spec/lib/tcell_agent/instrumentation_spec.rb
 - spec/lib/tcell_agent/patches/block_rule_spec.rb
 - spec/lib/tcell_agent/patches/sensors_matcher_spec.rb
 - spec/lib/tcell_agent/patches_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor_policy_spec.rb
 - spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb
+- spec/lib/tcell_agent/policies/command_injection_policy_spec.rb
 - spec/lib/tcell_agent/policies/content_security_policy_spec.rb
 - spec/lib/tcell_agent/policies/dataloss_policy_spec.rb
 - spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb
@@ -318,7 +328,6 @@ files:
 - spec/lib/tcell_agent/policies/login_policy_spec.rb
 - spec/lib/tcell_agent/policies/patches_policy_spec.rb
 - spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb
-- spec/lib/tcell_agent/rails/auth/hooks_spec.rb
 - spec/lib/tcell_agent/rails/better_ip_spec.rb
 - spec/lib/tcell_agent/rails/logger_spec.rb
 - spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb
@@ -331,10 +340,10 @@ files:
 - spec/lib/tcell_agent/rails/routes/route_id_spec.rb
 - spec/lib/tcell_agent/rails/routes/routes_spec.rb
 - spec/lib/tcell_agent/rails_spec.rb
+- spec/lib/tcell_agent/rust/whisperer_spec.rb
 - spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb
 - spec/lib/tcell_agent/sensor_events/dlp_spec.rb
 - spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb
-- spec/lib/tcell_agent/sensor_events/util/redirect_utils_spec.rb
 - spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
 - spec/lib/tcell_agent/utils/bounded_queue_spec.rb
 - spec/lib/tcell_agent/utils/params_spec.rb
@@ -342,13 +351,12 @@ files:
 - spec/lib/tcell_agent_spec.rb
 - spec/spec_helper.rb
 - spec/support/middleware_helper.rb
-- spec/support/resources/baserules.json
 - spec/support/resources/normal_config.json
 - spec/support/static_agent_overrides.rb
 - tcell_agent.gemspec
 homepage: https://www.tcell.io
 licenses:
-- Copyright (c) 2015 tCell.io (see LICENSE file)
+- Copyright (c) 2017 tCell.io (see LICENSE file)
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -368,7 +376,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: tCell.io Agent for Rails & Sinatra
@@ -423,31 +431,26 @@ test_files:
 - spec/lib/tcell_agent/api/api_spec.rb
 - spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb
 - spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb
+- spec/lib/tcell_agent/appsensor/meta_data_spec.rb
 - spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb
 - spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb
+- spec/lib/tcell_agent/cmdi_spec.rb
 - spec/lib/tcell_agent/config/unknown_options_spec.rb
 - spec/lib/tcell_agent/configuration_spec.rb
+- spec/lib/tcell_agent/hooks/login_fraud_spec.rb
 - spec/lib/tcell_agent/instrumentation_spec.rb
 - spec/lib/tcell_agent/patches/block_rule_spec.rb
 - spec/lib/tcell_agent/patches/sensors_matcher_spec.rb
 - spec/lib/tcell_agent/patches_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb
-- spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb
 - spec/lib/tcell_agent/policies/appsensor_policy_spec.rb
 - spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb
+- spec/lib/tcell_agent/policies/command_injection_policy_spec.rb
 - spec/lib/tcell_agent/policies/content_security_policy_spec.rb
 - spec/lib/tcell_agent/policies/dataloss_policy_spec.rb
 - spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb
@@ -456,7 +459,6 @@ test_files:
 - spec/lib/tcell_agent/policies/login_policy_spec.rb
 - spec/lib/tcell_agent/policies/patches_policy_spec.rb
 - spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb
-- spec/lib/tcell_agent/rails/auth/hooks_spec.rb
 - spec/lib/tcell_agent/rails/better_ip_spec.rb
 - spec/lib/tcell_agent/rails/logger_spec.rb
 - spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb
@@ -469,10 +471,10 @@ test_files:
 - spec/lib/tcell_agent/rails/routes/route_id_spec.rb
 - spec/lib/tcell_agent/rails/routes/routes_spec.rb
 - spec/lib/tcell_agent/rails_spec.rb
+- spec/lib/tcell_agent/rust/whisperer_spec.rb
 - spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb
 - spec/lib/tcell_agent/sensor_events/dlp_spec.rb
 - spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb
-- spec/lib/tcell_agent/sensor_events/util/redirect_utils_spec.rb
 - spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
 - spec/lib/tcell_agent/utils/bounded_queue_spec.rb
 - spec/lib/tcell_agent/utils/params_spec.rb
@@ -480,6 +482,5 @@ test_files:
 - spec/lib/tcell_agent_spec.rb
 - spec/spec_helper.rb
 - spec/support/middleware_helper.rb
-- spec/support/resources/baserules.json
 - spec/support/resources/normal_config.json
 - spec/support/static_agent_overrides.rb