RubyGems - tcell_agent - Versions diffs - 0.2.29 → 0.4.0 - Mend

tcell_agent 0.2.29 → 0.4.0

Files changed (100) hide show

checksums.yaml +4 -4
data/Readme.txt +7 -0
data/bin/tcell_agent +9 -0
data/lib/tcell_agent/agent/policy_manager.rb +3 -0
data/lib/tcell_agent/agent/policy_types.rb +4 -1
data/lib/tcell_agent/appsensor/injections_matcher.rb +20 -0
data/lib/tcell_agent/appsensor/injections_reporter.rb +15 -56
data/lib/tcell_agent/appsensor/meta_data.rb +56 -2
data/lib/tcell_agent/appsensor/rules/baserules.json +371 -138
data/lib/tcell_agent/cmdi.rb +113 -0
data/lib/tcell_agent/config/unknown_options.rb +2 -0
data/lib/tcell_agent/configuration.rb +30 -16
data/lib/tcell_agent/hooks/login_fraud.rb +79 -0
data/lib/tcell_agent/instrumentation.rb +6 -11
data/lib/tcell_agent/patches/meta_data.rb +14 -11
data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +5 -9
data/lib/tcell_agent/policies/appsensor_policy.rb +22 -206
data/lib/tcell_agent/policies/clickjacking_policy.rb +4 -2
data/lib/tcell_agent/policies/command_injection_policy.rb +196 -0
data/lib/tcell_agent/policies/content_security_policy.rb +3 -2
data/lib/tcell_agent/policies/dataloss_policy.rb +3 -1
data/lib/tcell_agent/policies/honeytokens_policy.rb +3 -1
data/lib/tcell_agent/policies/http_redirect_policy.rb +51 -37
data/lib/tcell_agent/policies/http_tx_policy.rb +5 -1
data/lib/tcell_agent/policies/login_fraud_policy.rb +6 -1
data/lib/tcell_agent/policies/patches_policy.rb +3 -1
data/lib/tcell_agent/policies/policy.rb +10 -0
data/lib/tcell_agent/policies/secure_headers_policy.rb +5 -2
data/lib/tcell_agent/rails/auth/devise.rb +12 -23
data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
data/lib/tcell_agent/rails/dlp.rb +50 -54
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +0 -1
data/lib/tcell_agent/rails/middleware/context_middleware.rb +0 -1
data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +7 -10
data/lib/tcell_agent/rails/on_start.rb +0 -1
data/lib/tcell_agent/rails/tcell_body_proxy.rb +4 -4
data/lib/tcell_agent/rails.rb +0 -2
data/lib/tcell_agent/rust/libtcellagent-0.6.1.dylib +0 -0
data/lib/tcell_agent/rust/libtcellagent-0.6.1.so +0 -0
data/lib/tcell_agent/rust/models.rb +61 -0
data/lib/tcell_agent/rust/tcellagent-0.6.1.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +112 -0
data/lib/tcell_agent/sensor_events/appsensor_event.rb +25 -21
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +31 -24
data/lib/tcell_agent/sensor_events/command_injection.rb +58 -0
data/lib/tcell_agent/sensor_events/discovery.rb +1 -1
data/lib/tcell_agent/sensor_events/login_fraud.rb +3 -13
data/lib/tcell_agent/sensor_events/sensor.rb +81 -77
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +8 -0
data/lib/tcell_agent/start_background_thread.rb +12 -3
data/lib/tcell_agent/utils/io.rb +4 -1
data/lib/tcell_agent/utils/params.rb +1 -0
data/lib/tcell_agent/version.rb +1 -1
data/lib/tcell_agent.rb +0 -1
data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +27 -9
data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +143 -193
data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +67 -0
data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +0 -10
data/spec/lib/tcell_agent/cmdi_spec.rb +748 -0
data/spec/lib/tcell_agent/config/unknown_options_spec.rb +8 -0
data/spec/lib/tcell_agent/configuration_spec.rb +138 -6
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +357 -0
data/spec/lib/tcell_agent/patches/block_rule_spec.rb +70 -87
data/spec/lib/tcell_agent/patches_spec.rb +9 -4
data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +186 -9
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +309 -484
data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +736 -0
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +222 -41
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +56 -32
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +161 -85
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +40 -72
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +267 -0
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +20 -15
data/spec/spec_helper.rb +0 -9
data/tcell_agent.gemspec +8 -3
metadata +40 -39
data/lib/tcell_agent/appsensor/sensor.rb +0 -52
data/lib/tcell_agent/policies/appsensor/database_sensor.rb +0 -56
data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +0 -59
data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +0 -150
data/lib/tcell_agent/policies/appsensor/request_size_sensor.rb +0 -25
data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +0 -73
data/lib/tcell_agent/policies/appsensor/response_size_sensor.rb +0 -25
data/lib/tcell_agent/policies/appsensor/size_sensor.rb +0 -71
data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +0 -47
data/lib/tcell_agent/rails/auth/hooks.rb +0 -79
data/lib/tcell_agent/sensor_events/util/redirect_utils.rb +0 -22
data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +0 -165
data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +0 -429
data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +0 -466
data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +0 -890
data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +0 -417
data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +0 -236
data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +0 -297
data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +0 -241
data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +0 -172
data/spec/lib/tcell_agent/rails/auth/hooks_spec.rb +0 -246
data/spec/lib/tcell_agent/sensor_events/util/redirect_utils_spec.rb +0 -25
data/spec/support/resources/baserules.json +0 -155

data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb DELETED Viewed

@@ -1,165 +0,0 @@
-require 'spec_helper'
-module TCellAgent
-  module Policies
-    describe DatabaseSensor do
-      context "#initialize" do
-        context "default sensor" do
-          it "should have properties set to defaults" do
-            sensor = DatabaseSensor.new
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.max_rows).to eq(1001)
-            expect(sensor.excluded_route_ids).to eq({})
-          end
-        end
-        context "setting enabled on sensor" do
-          it "should have properties set to defaults" do
-            sensor = DatabaseSensor.new({"enabled" => true})
-            expect(sensor.enabled).to eq(true)
-            expect(sensor.max_rows).to eq(1001)
-            expect(sensor.excluded_route_ids).to eq({})
-          end
-        end
-        context "setting max_rows on sensor" do
-          it "should have properties set to defaults" do
-            sensor = DatabaseSensor.new({"large_result" => {"limit" => 1}})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.max_rows).to eq(1)
-            expect(sensor.excluded_route_ids).to eq({})
-          end
-        end
-        context "setting excluded routes on sensor" do
-          it "should have properties set to defaults" do
-            sensor = DatabaseSensor.new({"exclude_routes" => ["1", "10", "20"]})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.max_rows).to eq(1001)
-            expect(sensor.excluded_route_ids).to eq({"1"=>true, "10"=>true, "20"=>true})
-          end
-        end
-      end
-      context "#check" do
-        context "with disabled sensor" do
-          it "should not send event" do
-            sensor = DatabaseSensor.new({"enabled" => false})
-            expect(TCellAgent).to_not receive(:send_event)
-            sensor.check({}, 10)
-          end
-        end
-        context "with enabled sensor" do
-          context "records is less than limit" do
-            it "should not send event" do
-              sensor = DatabaseSensor.new({
-                "enabled" => true,
-                "large_result" => { "limit" => 10},
-                "exclude_routes" => []
-              })
-              tcell_data = TCellAgent::Instrumentation::TCellData.new
-              expect(TCellAgent).to_not receive(:send_event)
-              sensor.check(tcell_data, 1)
-            end
-          end
-          context "records are more than limit" do
-            it "should send event" do
-              sensor = DatabaseSensor.new({
-                "enabled" => true,
-                "large_result" => { "limit" => 10},
-                "exclude_routes" => []
-              })
-              tcell_data = TCellAgent::Instrumentation::TCellData.new
-              tcell_data.ip_address = "ip_address"
-              tcell_data.request_method = "get"
-              tcell_data.uri = "location"
-              tcell_data.route_id = "route_id"
-              tcell_data.session_id = "session_id"
-              tcell_data.user_id = "user_id"
-              tcell_data.transaction_id = "transaction_id"
-              expect(TCellAgent).to receive(:send_event).with(
-                {
-                  "event_type" => "as",
-                  "dp" => DatabaseSensor::DP_CODE,
-                  "remote_addr" => "ip_address",
-                  "rid" => "route_id",
-                  "m" => "get",
-                  "meta" => {"rows" => 11}
-                }
-              )
-              sensor.check(tcell_data, 11)
-            end
-          end
-          context "records are more than limit" do
-            context "route_id is excluded" do
-              it "should not send event" do
-                sensor = DatabaseSensor.new({
-                  "enabled" => true,
-                  "large_result" => { "limit" => 10},
-                  "exclude_routes" => ["route_id"]
-                })
-                tcell_data = TCellAgent::Instrumentation::TCellData.new
-                tcell_data.ip_address = "ip_address"
-                tcell_data.request_method = "get"
-                tcell_data.uri = "location"
-                tcell_data.route_id = "route_id"
-                tcell_data.session_id = "session_id"
-                tcell_data.user_id = "user_id"
-                tcell_data.transaction_id = "transaction_id"
-                expect(TCellAgent).to_not receive(:send_event)
-                sensor.check(tcell_data, 11)
-              end
-            end
-            context "route is not excluded" do
-              it "should send event" do
-                sensor = DatabaseSensor.new({
-                  "enabled" => true,
-                  "large_result" => { "limit" => 10},
-                  "exclude_routes" => ["nonmatching_route_id"]
-                })
-                tcell_data = TCellAgent::Instrumentation::TCellData.new
-                tcell_data.ip_address = "ip_address"
-                tcell_data.request_method = "get"
-                tcell_data.uri = "location"
-                tcell_data.route_id = "route_id"
-                tcell_data.session_id = "session_id"
-                tcell_data.user_id = "user_id"
-                tcell_data.transaction_id = "transaction_id"
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    "event_type" => "as",
-                    "dp" => DatabaseSensor::DP_CODE,
-                    "remote_addr" => "ip_address",
-                    "rid" => "route_id",
-                    "m" => "get",
-                    "meta" => {"rows" => 11}
-                  }
-                )
-                sensor.check(tcell_data, 11)
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb DELETED Viewed

@@ -1,429 +0,0 @@
-require 'spec_helper'
-module TCellAgent
-  module Policies
-    class FakeInvalidAuthenticityToken < StandardError
-    end
-    class FakeStatementInvalid < StandardError
-    end
-    describe MiscSensor do
-      context "#initialize" do
-        context "default sensor" do
-          it "should have properties set to defaults" do
-            sensor = MiscSensor.new
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.csrf_exception_enabled).to eq(false)
-            expect(sensor.sql_exception_enabled).to eq(false)
-            expect(sensor.excluded_route_ids).to eq({})
-          end
-        end
-        context "setting enabled on sensor" do
-          it "should have enabled set" do
-            sensor = MiscSensor.new({"enabled" => true})
-            expect(sensor.enabled).to eq(true)
-            expect(sensor.csrf_exception_enabled).to eq(false)
-            expect(sensor.sql_exception_enabled).to eq(false)
-            expect(sensor.excluded_route_ids).to eq({})
-          end
-        end
-        context "setting csrf_exception_enabled on sensor" do
-          it "should csrf_exception_enabled set" do
-            sensor = MiscSensor.new({"csrf_exception_enabled" => true})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.csrf_exception_enabled).to eq(true)
-            expect(sensor.sql_exception_enabled).to eq(false)
-            expect(sensor.excluded_route_ids).to eq({})
-          end
-        end
-        context "setting sql_exception_enabled on sensor" do
-          it "should sql_exception_enabled set" do
-            sensor = MiscSensor.new({"sql_exception_enabled" => true})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.csrf_exception_enabled).to eq(false)
-            expect(sensor.sql_exception_enabled).to eq(true)
-            expect(sensor.excluded_route_ids).to eq({})
-          end
-        end
-        context "setting excluded_route_ids on sensor" do
-          it "should excluded_route_ids set" do
-            sensor = MiscSensor.new({"sql_exception_enabled" => true, "exclude_routes" => ["route_id"]})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.csrf_exception_enabled).to eq(false)
-            expect(sensor.sql_exception_enabled).to eq(true)
-            expect(sensor.excluded_route_ids).to eq({"route_id" => true})
-          end
-        end
-      end
-      describe "#csrf_rejected" do
-        before(:each) do
-          @exception_class = FakeInvalidAuthenticityToken
-        end
-        context "with disabled sensor" do
-          context "with disabled csrf_exception_enabled sensor" do
-            it "should not send event" do
-              sensor = MiscSensor.new({"enabled" => false, "csrf_exception_enabled" => false})
-              tcell_data = TCellAgent::Instrumentation::TCellData.new
-              expect(TCellAgent).to_not receive(:send_event)
-              sensor.csrf_rejected(tcell_data, @exception_class)
-            end
-          end
-          context "with enabled csrf_exception_enabled" do
-            it "should not send event" do
-              sensor = MiscSensor.new({"enabled" => false, "csrf_exception_enabled" => true})
-              tcell_data = TCellAgent::Instrumentation::TCellData.new
-              expect(TCellAgent).to_not receive(:send_event)
-              sensor.csrf_rejected(tcell_data, @exception_class)
-            end
-            context "with nil tcell-data" do
-              it "should not send event" do
-                sensor = MiscSensor.new({"enabled" => false, "csrf_exception_enabled" => true})
-                tcell_data = TCellAgent::Instrumentation::TCellData.new
-                expect(TCellAgent).to_not receive(:send_event)
-                sensor.csrf_rejected(tcell_data, @exception_class)
-              end
-            end
-          end
-        end
-        context "with enabled sensor" do
-          context "with disabled csrf_exception_enabled sensor" do
-            it "should not send event" do
-              sensor = MiscSensor.new({"enabled" => true, "csrf_exception_enabled" => false})
-              tcell_data = TCellAgent::Instrumentation::TCellData.new
-              expect(TCellAgent).to_not receive(:send_event)
-              sensor.csrf_rejected(tcell_data, @exception_class)
-            end
-            context "no excluded routes" do
-              it "should not send an event" do
-                sensor = MiscSensor.new({
-                  "enabled" => true,
-                  "csrf_exception_enabled" => false,
-                  "exclude_routes" => []
-                })
-                tcell_data = TCellAgent::Instrumentation::TCellData.new
-                tcell_data.route_id = "route_id"
-                expect(TCellAgent).to_not receive(:send_event)
-                sensor.csrf_rejected(tcell_data, @exception_class)
-              end
-            end
-            context "has excluded routes" do
-              context "route id matches" do
-                it "should not send an event" do
-                  sensor = MiscSensor.new({
-                    "enabled" => true,
-                    "csrf_exception_enabled" => false,
-                    "exclude_routes" => []
-                  })
-                  tcell_data = TCellAgent::Instrumentation::TCellData.new
-                  tcell_data.route_id = "route_id"
-                  expect(TCellAgent).to_not receive(:send_event)
-                  sensor.csrf_rejected(tcell_data, @exception_class)
-                end
-              end
-              context "route id does not match" do
-                it "should not send an event" do
-                  sensor = MiscSensor.new({
-                    "enabled" => true,
-                    "csrf_exception_enabled" => false,
-                    "exclude_routes" => ["nonmatching"]
-                  })
-                  tcell_data = TCellAgent::Instrumentation::TCellData.new
-                  tcell_data.route_id = "route_id"
-                  expect(TCellAgent).to_not receive(:send_event)
-                  sensor.csrf_rejected(tcell_data, @exception_class)
-                end
-              end
-            end
-          end
-          context "with enabled csrf_exception_enabled" do
-            it "should send event" do
-              sensor = MiscSensor.new({"enabled" => true, "csrf_exception_enabled" => true})
-              tcell_data = TCellAgent::Instrumentation::TCellData.new
-              expect(TCellAgent).to receive(:send_event).with({
-                "event_type"=>"as",
-                "dp"=>"excsrf",
-                "param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken"
-              })
-              sensor.csrf_rejected(tcell_data, @exception_class)
-            end
-            context "no excluded routes" do
-              it "should send an event" do
-                sensor = MiscSensor.new({
-                  "enabled" => true,
-                  "csrf_exception_enabled" => true,
-                  "exclude_routes" => []
-                })
-                tcell_data = TCellAgent::Instrumentation::TCellData.new
-                tcell_data.route_id = "route_id"
-                expect(TCellAgent).to receive(:send_event).with({
-                  "event_type"=>"as",
-                  "dp"=>"excsrf",
-                  "param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken",
-                  "rid"=>"route_id"
-                })
-                sensor.csrf_rejected(tcell_data, @exception_class)
-              end
-            end
-            context "has excluded routes" do
-              context "route id matches" do
-                it "should not send an event" do
-                  sensor = MiscSensor.new({
-                    "enabled" => true,
-                    "csrf_exception_enabled" => true,
-                    "exclude_routes" => ["route_id"]
-                  })
-                  tcell_data = TCellAgent::Instrumentation::TCellData.new
-                  tcell_data.route_id = "route_id"
-                  expect(TCellAgent).to_not receive(:send_event)
-                  sensor.csrf_rejected(tcell_data, @exception_class)
-                end
-              end
-              context "route id does not match" do
-                it "should send an event" do
-                  sensor = MiscSensor.new({
-                    "enabled" => true,
-                    "csrf_exception_enabled" => true,
-                    "exclude_routes" => ["nonmatching"]
-                  })
-                  tcell_data = TCellAgent::Instrumentation::TCellData.new
-                  tcell_data.route_id = "route_id"
-                  expect(TCellAgent).to receive(:send_event).with({
-                    "event_type"=>"as",
-                    "dp"=>"excsrf",
-                    "param"=>"TCellAgent::Policies::FakeInvalidAuthenticityToken",
-                    "rid"=>"route_id"
-                  })
-                  sensor.csrf_rejected(tcell_data, @exception_class)
-                end
-              end
-            end
-          end
-        end
-      end
-      describe "#sql_exception_enabled" do
-        before(:each) do
-          @exception = FakeStatementInvalid.new
-        end
-        context "with disabled sensor" do
-          context "with disabled sql_exception_enabled sensor" do
-            it "should not send event" do
-              sensor = MiscSensor.new({"enabled" => false, "sql_exception_enabled" => false})
-              tcell_data = TCellAgent::Instrumentation::TCellData.new
-              expect(TCellAgent).to_not receive(:send_event)
-              sensor.sql_exception_detected(tcell_data, @exception)
-            end
-          end
-          context "with enabled sql_exception_enabled" do
-            it "should not send event" do
-              sensor = MiscSensor.new({"enabled" => false, "sql_exception_enabled" => true})
-              tcell_data = TCellAgent::Instrumentation::TCellData.new
-              expect(TCellAgent).to_not receive(:send_event)
-              sensor.sql_exception_detected(tcell_data, @exception)
-            end
-            context "with nil tcell-data" do
-              it "should not send event" do
-                sensor = MiscSensor.new({"enabled" => false, "sql_exception_enabled" => true})
-                tcell_data = TCellAgent::Instrumentation::TCellData.new
-                expect(TCellAgent).to_not receive(:send_event)
-                sensor.sql_exception_detected(tcell_data, @exception)
-              end
-            end
-          end
-        end
-        context "with enabled sensor" do
-          context "with disabled sql_exception_enabled sensor" do
-            it "should not send event" do
-              sensor = MiscSensor.new({"enabled" => true, "sql_exception_enabled" => false})
-              tcell_data = TCellAgent::Instrumentation::TCellData.new
-              expect(TCellAgent).to_not receive(:send_event)
-              sensor.sql_exception_detected(tcell_data, @exception)
-            end
-            context "no excluded routes" do
-              it "should not send an event" do
-                sensor = MiscSensor.new({
-                  "enabled" => true,
-                  "sql_exception_enabled" => false,
-                  "exclude_routes" => []
-                })
-                tcell_data = TCellAgent::Instrumentation::TCellData.new
-                tcell_data.route_id = "route_id"
-                expect(TCellAgent).to_not receive(:send_event)
-                sensor.sql_exception_detected(tcell_data, @exception)
-              end
-            end
-            context "has excluded routes" do
-              context "route id matches" do
-                it "should not send an event" do
-                  sensor = MiscSensor.new({
-                    "enabled" => true,
-                    "sql_exception_enabled" => false,
-                    "exclude_routes" => []
-                  })
-                  tcell_data = TCellAgent::Instrumentation::TCellData.new
-                  tcell_data.route_id = "route_id"
-                  expect(TCellAgent).to_not receive(:send_event)
-                  sensor.sql_exception_detected(tcell_data, @exception)
-                end
-              end
-              context "route id does not match" do
-                it "should not send an event" do
-                  sensor = MiscSensor.new({
-                    "enabled" => true,
-                    "sql_exception_enabled" => false,
-                    "exclude_routes" => ["nonmatching"]
-                  })
-                  tcell_data = TCellAgent::Instrumentation::TCellData.new
-                  tcell_data.route_id = "route_id"
-                  expect(TCellAgent).to_not receive(:send_event)
-                  sensor.sql_exception_detected(tcell_data, @exception)
-                end
-              end
-            end
-          end
-          context "with enabled sql_exception_enabled" do
-            it "should send event" do
-              sensor = MiscSensor.new({"enabled" => true, "sql_exception_enabled" => true})
-              tcell_data = TCellAgent::Instrumentation::TCellData.new
-              expect(TCellAgent).to receive(:send_event).with({
-                "event_type"=>"as",
-                "dp"=>"exsql",
-                "param"=>"TCellAgent::Policies::FakeStatementInvalid"
-              })
-              sensor.sql_exception_detected(tcell_data, @exception)
-            end
-            context "no excluded routes" do
-              it "should send an event" do
-                sensor = MiscSensor.new({
-                  "enabled" => true,
-                  "sql_exception_enabled" => true,
-                  "exclude_routes" => []
-                })
-                tcell_data = TCellAgent::Instrumentation::TCellData.new
-                tcell_data.route_id = "route_id"
-                expect(TCellAgent).to receive(:send_event).with({
-                  "event_type"=>"as",
-                  "dp"=>"exsql",
-                  "param"=>"TCellAgent::Policies::FakeStatementInvalid",
-                  "rid"=>"route_id"
-                })
-                sensor.sql_exception_detected(tcell_data, @exception)
-              end
-            end
-            context "has excluded routes" do
-              context "route id matches" do
-                it "should not send an event" do
-                  sensor = MiscSensor.new({
-                    "enabled" => true,
-                    "sql_exception_enabled" => true,
-                    "exclude_routes" => ["route_id"]
-                  })
-                  tcell_data = TCellAgent::Instrumentation::TCellData.new
-                  tcell_data.route_id = "route_id"
-                  expect(TCellAgent).to_not receive(:send_event)
-                  sensor.sql_exception_detected(tcell_data, @exception)
-                end
-              end
-              context "route id does not match" do
-                it "should send an event" do
-                  sensor = MiscSensor.new({
-                    "enabled" => true,
-                    "sql_exception_enabled" => true,
-                    "exclude_routes" => ["nonmatching"]
-                  })
-                  tcell_data = TCellAgent::Instrumentation::TCellData.new
-                  tcell_data.route_id = "route_id"
-                  expect(TCellAgent).to receive(:send_event).with({
-                    "event_type"=>"as",
-                    "dp"=>"exsql",
-                    "param"=>"TCellAgent::Policies::FakeStatementInvalid",
-                    "rid"=>"route_id"
-                  })
-                  sensor.sql_exception_detected(tcell_data, @exception)
-                end
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end