tcell_agent 0.2.29 → 0.4.0

data/lib/tcell_agent/policies/login_fraud_policy.rb

@@ -1,6 +1,9 @@
+require 'tcell_agent/policies/policy'
+
+
 module TCellAgent
   module Policies
-    class LoginFraudPolicy
+    class LoginFraudPolicy < Policy
       attr_accessor :policy_id
 
       attr_accessor :login_success_enabled
@@ -16,9 +19,11 @@ module TCellAgent
         @login_failed_enabled = false
         @session_hijacking_metrics = false
       end
+
       def enabled
         @login_success_enabled || @login_failed_enabled
       end
+
       def self.from_json(policy_json)
         if (!policy_json)
           return nil

data/lib/tcell_agent/policies/patches_policy.rb

@@ -1,11 +1,13 @@
 require 'tcell_agent/appsensor/injections_matcher'
 require 'tcell_agent/patches/block_rule'
 require 'tcell_agent/patches/sensors_matcher'
+require 'tcell_agent/policies/policy'
+
 
 module TCellAgent
   module Policies
 
-    class PatchesPolicy
+    class PatchesPolicy < Policy
       attr_accessor :policy_id, :version, :enabled, :block_rules
 
       def initialize

data/lib/tcell_agent/policies/policy.rb

@@ -0,0 +1,10 @@
+module TCellAgent
+  module Policies
+
+    class Policy
+      def free_native_memory
+      end
+    end
+
+  end
+end

data/lib/tcell_agent/policies/secure_headers_policy.rb

@@ -1,8 +1,11 @@
 # encoding: utf-8
 # See the file "LICENSE" for the full license governing this code.
+require 'tcell_agent/policies/policy'
+
+
 module TCellAgent
     module Policies
-        class SecureHeadersPolicy
+        class SecureHeadersPolicy < Policy
             class SecurityHeader
                 @@approved_headers = [
                     "strict-transport-security",
@@ -33,7 +36,7 @@ module TCellAgent
             attr_accessor :policy_id
 
             def self.from_json(policy_json)
-                if (!policy_json) 
+                if (!policy_json)
                     return nil
                 end
                 security_headers_policy = SecureHeadersPolicy.new

data/lib/tcell_agent/rails/auth/devise.rb

@@ -7,19 +7,6 @@ if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
     require 'tcell_agent/policies/appsensor_policy'
 
     module DeviseInstrumentation
-      def self.report_login_event(clazz, request_env, user_id)
-        if (TCellAgent.configuration.enabled && TCellAgent.configuration.should_intercept_requests?)
-
-          login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
-          if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_failed_enabled)
-            tcell_data = request_env[TCellAgent::Instrumentation::TCELL_ID]
-            if tcell_data
-              TCellAgent.send_event(clazz.new(request_env, tcell_data, user_id))
-            end
-          end
-        end
-      end
-
       module TCellFailureAppRespond
         def respond
           TCellAgent::Instrumentation.safe_block("Devise Failure App Respond") do
@@ -30,11 +17,11 @@ if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
                 # Devise::Strategies::Authenticatable.valid_for_http_auth?
                 user_id = tcell_data.user_id
                 user_id = _get_tcell_username unless user_id
-                TCellAgent::DeviseInstrumentation.report_login_event(
-                  TCellAgent::SensorEvents::LoginFailure,
-                  request.env,
-                  user_id
-                )
+
+                login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+                if (login_fraud_policy && login_fraud_policy.login_failed_enabled)
+                  TCellAgent.send_event(TCellAgent::SensorEvents::LoginFailure.new(request.env, tcell_data, user_id))
+                end
               end
 
             end
@@ -95,11 +82,13 @@ if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
               end
             end
 
-            TCellAgent::DeviseInstrumentation.report_login_event(
-              TCellAgent::SensorEvents::LoginSuccess,
-              request.env,
-              username
-            )
+            login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+            if (login_fraud_policy && login_fraud_policy.login_success_enabled)
+              tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+              if tcell_data
+                TCellAgent.send_event(TCellAgent::SensorEvents::LoginSuccess.new(request.env, tcell_data, username))
+              end
+            end
           end
         end
 

data/lib/tcell_agent/rails/csrf_exception.rb

@@ -9,7 +9,7 @@ module TCellAgent
         if appsensor_policy
           tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
           if tcell_data
-            appsensor_policy.csrf_rejected(tcell_data, ActionController::InvalidAuthenticityToken)
+            tcell_data.csrf_exception_name = ActionController::InvalidAuthenticityToken.name
           end
         end
       end

data/lib/tcell_agent/rails/dlp.rb

@@ -10,7 +10,6 @@ require 'tcell_agent/agent'
 require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/server_agent'
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-require 'tcell_agent/sensor_events/util/redirect_utils'
 
 require 'tcell_agent/sensor_events/dlp'
 
@@ -41,67 +40,62 @@ module TCellAgent
             TCellAgent.configuration.should_intercept_requests?
 
           dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
-          appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
 
-          if dlp_policy || appsensor_policy
-            request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
-            tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
+          request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
+          tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
 
-            if tcell_context
-              if appsensor_policy
-                appsensor_policy.process_db_rows(tcell_context, results.size)
-              end
+          if tcell_context
+            tcell_context.database_result_sizes.push(results.size)
 
-              if dlp_policy
-                first_record = results.first
-                database_name = first_record.class.connection_config().fetch(:database,"*").split('/').last
-                model = first_record.class
-                column_names = model.columns.map { |col| col.name }
-                table_name = model.table_name
+            if dlp_policy
+              first_record = results.first
+              database_name = first_record.class.connection_config().fetch(:database,"*").split('/').last
+              model = first_record.class
+              column_names = model.columns.map { |col| col.name }
+              table_name = model.table_name
 
-                if dlp_policy.database_discovery_enabled
-                  TCellAgent.discover_database_fields(
-                    tcell_context.route_id,
-                    database_name,
-                    "*",
-                    table_name,
-                    column_names
-                  )
-                end
+              if dlp_policy.database_discovery_enabled
+                TCellAgent.discover_database_fields(
+                  tcell_context.route_id,
+                  database_name,
+                  "*",
+                  table_name,
+                  column_names
+                )
+              end
 
-                if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
-                  TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
-                end
+              if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
+                TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
+              end
 
-                column_name_to_rules = column_names.inject({}) do |memo, column_name|
-                  rules = dlp_policy.get_actions_for_table(
-                    database_name,
-                    "*",
-                    table_name,
-                    column_name,
-                    tcell_context.route_id
-                  )
+              column_name_to_rules = column_names.inject({}) do |memo, column_name|
+                rules = dlp_policy.get_actions_for_table(
+                  database_name,
+                  "*",
+                  table_name,
+                  column_name,
+                  tcell_context.route_id
+                )
 
-                  memo[column_name] = rules if rules
+                memo[column_name] = rules if rules
 
-                  memo
-                end
+                memo
+              end
 
-                return if column_name_to_rules.empty?
-
-                results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |record|
-                  column_name_to_rules.each do |column_name, rules|
-                    if rules
-                      rules.each do |rule|
-                        tcell_context.add_response_db_filter(
-                          record[column_name.to_sym],
-                          rule,
-                          database_name,
-                          "*",
-                          table_name,
-                          column_name
-                        )
-                      end
+              return if column_name_to_rules.empty?
+
+              results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |record|
+                column_name_to_rules.each do |column_name, rules|
+                  if rules
+                    rules.each do |rule|
+                      tcell_context.add_response_db_filter(
+                        record[column_name.to_sym],
+                        rule,
+                        database_name,
+                        "*",
+                        table_name,
+                        column_name
+                      )
                     end
                   end
                 end
@@ -128,7 +122,9 @@ module TCellAgent
                 request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
                 tcell_data = request_env[TCellAgent::Instrumentation::TCELL_ID]
                 if tcell_data && result.is_a?(ActiveRecord::StatementInvalid)
-                  appsensor_policy.sql_exception_detected(tcell_data, result)
+                  tcell_data.sql_exceptions.push({
+                    "exception_name" => result.class.name, "exception_payload" => message
+                  })
                 end
               end
             end

data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb

@@ -7,7 +7,6 @@ require 'tcell_agent/agent'
 require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/server_agent'
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-require 'tcell_agent/sensor_events/util/redirect_utils'
 
 require 'tcell_agent/configuration'
 require 'tcell_agent/instrumentation'

data/lib/tcell_agent/rails/middleware/context_middleware.rb

@@ -7,7 +7,6 @@ require 'tcell_agent/agent'
 require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/server_agent'
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-require 'tcell_agent/sensor_events/util/redirect_utils'
 
 require 'tcell_agent/userinfo'
 require 'cgi'

data/lib/tcell_agent/rails/middleware/global_middleware.rb

@@ -7,7 +7,6 @@ require 'tcell_agent/agent'
 require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/server_agent'
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-require 'tcell_agent/sensor_events/util/redirect_utils'
 
 require 'tcell_agent/userinfo'
 require 'cgi'

data/lib/tcell_agent/rails/middleware/headers_middleware.rb

@@ -7,7 +7,6 @@ require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/appsensor_meta_event'
 require 'tcell_agent/sensor_events/server_agent'
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-require 'tcell_agent/sensor_events/util/redirect_utils'
 
 require 'tcell_agent/userinfo'
 require 'cgi'
@@ -118,12 +117,11 @@ module TCellAgent
               status, headers, active_response = response
               http_redirect_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HttpRedirect)
               if http_redirect_policy && headers.has_key?("Location")
-                local_uri = URI.parse(request.url)
                 route_id = request.env[TCellAgent::Instrumentation::TCELL_ID].route_id
                 hmac_session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
                 new_location = http_redirect_policy.enforce(
                   headers["Location"],
-                  local_uri.host,
+                  request.url,
                   request.fullpath,
                   request.request_method,
                   route_id,
@@ -150,7 +148,7 @@ module TCellAgent
                 TCellAgent::Instrumentation::Rails::DLPHandler.get_handler_and_context(request, response_headers)
 
               content_length = 0
-              set_basic_appsensor_meta = false
+              defer_appfw_due_to_streaming = false
 
               if TCellAgent::Utils::Rails.empty_content?(status_code, response_headers)
                 content_length = 0
@@ -184,7 +182,7 @@ module TCellAgent
                   script_insert,
                   dlp_handler,
                   tcell_context)
-                set_basic_appsensor_meta = true
+                defer_appfw_due_to_streaming = true
               end
 
               appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
@@ -192,11 +190,10 @@ module TCellAgent
                 event = TCellAgent::SensorEvents::AppSensorMetaEvent.build(
                   request, content_length, status_code, response_headers
                 )
-                TCellAgent.send_event(event)
-
-                if set_basic_appsensor_meta
-                  response_body.appsensor_policy = appsensor_policy
-                  response_body.appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.build_basic(event)
+                if defer_appfw_due_to_streaming
+                  response_body.appsensor_meta = event
+                else
+                  TCellAgent.send_event(event)
                 end
               end
 

data/lib/tcell_agent/rails/on_start.rb

@@ -27,7 +27,6 @@ else
           require 'tcell_agent/authlogic' if defined?(Authlogic)
           require 'tcell_agent/rails/auth/authlogic'  if defined?(Authlogic)
           require 'tcell_agent/rails/auth/doorkeeper'
-          require 'tcell_agent/rails/auth/hooks'
         end
 
         # TODO: will this get run ever?

data/lib/tcell_agent/rails/tcell_body_proxy.rb

@@ -6,7 +6,7 @@ module TCellAgent
 
       class TCellBodyProxy
 
-        attr_accessor :appsensor_policy, :appsensor_meta
+        attr_accessor :appsensor_meta
 
         # for specs
         attr_accessor :content_length
@@ -30,10 +30,10 @@ module TCellAgent
         end
 
         def close
-          TCellAgent::Instrumentation.safe_block("Handling Response Size Length") do
-            if @content_length > 0 && @appsensor_meta && @appsensor_policy
+          TCellAgent::Instrumentation.safe_block("Running AppSensor deferred due to streaming") do
+            if @appsensor_meta
               @appsensor_meta.response_content_bytes_len = @content_length
-              @appsensor_policy.check_response_size(@appsensor_meta)
+              TCellAgent.send_event(@appsensor_meta)
             end
           end
 

data/lib/tcell_agent/rails.rb

@@ -6,7 +6,6 @@ require 'tcell_agent/agent'
 require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/server_agent'
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-require 'tcell_agent/sensor_events/util/redirect_utils'
 
 require 'tcell_agent/rails/better_ip'
 require 'tcell_agent/rails/middleware/global_middleware'
@@ -32,7 +31,6 @@ module TCellAgent
         require 'tcell_agent/authlogic' if defined?(Authlogic)
         require 'tcell_agent/rails/auth/authlogic'  if defined?(Authlogic)
         require 'tcell_agent/rails/auth/doorkeeper'
-        require 'tcell_agent/rails/auth/hooks'
       end
       app.config.middleware.insert_before(0, TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware)
       app.config.middleware.insert_after(0, TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware)

data/lib/tcell_agent/rust/models.rb

@@ -0,0 +1,61 @@
+require 'tcell_agent/utils/strings'
+
+
+module TCellAgent
+  module Rust
+    module Models
+
+      def self.convert_params(params_dict)
+        unless params_dict
+          return []
+        end
+
+        flattened_params = []
+        params_dict.each do |param_name, param_value|
+          flattened_params.push({"name" => param_name[-1], "value" => param_value})
+        end
+
+        flattened_params
+      end
+
+      def self.create_request_response(appsensor_meta)
+        post_params = convert_params(appsensor_meta.flattened_post_dict) +
+          convert_params(appsensor_meta.flattened_body_dict)
+
+        request_response = {
+          "method" =>  appsensor_meta.method,
+          "status_code" =>  appsensor_meta.response_code,
+          "route_id" =>  appsensor_meta.route_id,
+          "path" =>  appsensor_meta.path,
+          "query_params" =>  convert_params(appsensor_meta.flattened_get_dict),
+          "post_params" =>  post_params,
+          "headers" =>  convert_params(appsensor_meta.flattened_headers_dict),
+          "cookies" =>  convert_params(appsensor_meta.flattened_cookie_dict),
+          "path_params" =>  convert_params(appsensor_meta.flattened_path_parameters),
+          "remote_address" =>  appsensor_meta.remote_address,
+          "full_uri" =>  appsensor_meta.location,
+          "session_id" =>  appsensor_meta.session_id,
+          "user_id" =>  appsensor_meta.user_id,
+          "user_agent" =>  appsensor_meta.user_agent,
+          "request_bytes_length" =>  appsensor_meta.request_content_bytes_len,
+          "response_bytes_length" =>  appsensor_meta.response_content_bytes_len
+        }
+
+        if TCellAgent::Utils::Strings.present?(appsensor_meta.csrf_exception_name)
+          request_response["csrf_exception"] = {"exception_name" => appsensor_meta.csrf_exception_name}
+        end
+
+        if appsensor_meta.sql_exceptions
+          request_response["sql_exceptions"] = appsensor_meta.sql_exceptions
+        end
+
+        if appsensor_meta.database_result_sizes
+          request_response["database_result_sizes"] = appsensor_meta.database_result_sizes
+        end
+
+        return request_response
+      end
+
+    end
+  end
+end

data/lib/tcell_agent/rust/whisperer.rb

@@ -0,0 +1,112 @@
+require 'tcell_agent/logger'
+
+
+module TCellAgent
+  module Rust
+    require "ffi"
+
+    module Wrapper
+      extend FFI::Library
+
+      begin
+        VERSION = "0.6.1"
+        prefix = "lib"
+        extension = ".so"
+        if /cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM
+          extension = ".dll"
+          prefix = ""
+        elsif /darwin/ =~ RUBY_PLATFORM
+          extension = ".dylib"
+        end
+
+        ffi_lib File.join(File.dirname(__FILE__), "#{prefix}tcellagent-#{VERSION}#{extension}")
+        attach_function :cmdi_parse_sh, [:pointer, :size_t, :pointer, :size_t], :int
+
+        attach_function :appfirewall_policy_init, [:pointer, :size_t, :pointer, :size_t, :pointer, :size_t], :int
+        attach_function :appfirewall_policy_apply, [:pointer, :pointer, :size_t, :pointer, :size_t], :int
+        attach_function :appfirewall_free, [:pointer], :void
+
+        def self.common_lib_available?
+          true
+        end
+
+      rescue LoadError => load_error
+        puts "tCell.io Failed to load common agent library. #{load_error.message}"
+        TCellAgent.logger.error("Failed to load common agent library. #{load_error.message}")
+        TCellAgent.logger.debug(load_error.backtrace)
+        def self.common_lib_available?
+          false
+        end
+      end
+    end
+
+    module Whisperer
+      def self.convert_result(result_size, result)
+        begin
+          return JSON.parse(result.get_string(0, result_size)) if result_size >= 0
+        rescue JSON::ParserError
+          # don't log the actual error since it might contain payload information
+          TCellAgent.logger.error("JSON::ParserError ocurred when trying to parse native lib response")
+        end
+
+        return {}
+      end
+
+      def self.parse_cmd(cmd)
+        if TCellAgent::Rust::Wrapper.common_lib_available? &&
+            TCellAgent::Utils::Strings.present?(cmd)
+          cmd_pointer = FFI::MemoryPointer.from_string(cmd)
+
+          buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+
+          # cmd_pointer.size - 1: strips null terminator
+          result_size = TCellAgent::Rust::Wrapper.cmdi_parse_sh(cmd_pointer, cmd_pointer.size - 1, buf, buf.size)
+          return self.convert_result(result_size, buf)
+        end
+
+        return {}
+      end
+
+      def self.init_appfirewall(policy, allow_payloads)
+        if TCellAgent::Rust::Wrapper.common_lib_available? && policy
+          policy_pointer = FFI::MemoryPointer.from_string(JSON.dump(policy))
+          config_pointer = FFI::MemoryPointer.from_string(JSON.dump({"allow_send_payloads" => allow_payloads}))
+
+          buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+          # policy_pointer.size - 1: strips null terminator
+          # config_pointer.size - 1: strips null terminator
+          result_size = TCellAgent::Rust::Wrapper.appfirewall_policy_init(
+            policy_pointer, policy_pointer.size - 1, config_pointer, config_pointer.size - 1, buf, buf.size
+          )
+          return self.convert_result(result_size, buf)
+        end
+
+        return {}
+      end
+
+      def self.apply_appfirewall(appfirewall_ptr, request_response_json)
+        if TCellAgent::Rust::Wrapper.common_lib_available? &&
+            request_response_json &&
+            !appfirewall_ptr.nil?
+          request_response_pointer = FFI::MemoryPointer.from_string(JSON.dump(request_response_json))
+
+          buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+          # request_response_pointer.size - 1: strips null terminator
+          result_size = TCellAgent::Rust::Wrapper.appfirewall_policy_apply(
+            FFI::Pointer.new(appfirewall_ptr), request_response_pointer, request_response_pointer.size - 1, buf, buf.size
+          )
+          return self.convert_result(result_size, buf)
+        end
+
+        return {}
+      end
+
+
+      def self.free_appfirewall(appfirewall_ptr)
+        if TCellAgent::Rust::Wrapper.common_lib_available? && !appfirewall_ptr.nil?
+          TCellAgent::Rust::Wrapper.appfirewall_free(FFI::Pointer.new(appfirewall_ptr))
+        end
+      end
+    end
+  end
+end

data/lib/tcell_agent/sensor_events/appsensor_event.rb

@@ -3,13 +3,11 @@ require 'tcell_agent/sensor_events/sensor'
 
 module TCellAgent
   module SensorEvents
-
     class TCellAppSensorEvent < TCellSensorEvent
-
       def initialize(location,
                      detection_point,
                      method,
-                     remote_addr,
+                     remote_address,
                      param,
                      route_id,
                      meta,
@@ -17,33 +15,39 @@ module TCellAgent
                      user_id,
                      payload,
                      pattern,
-                     collect_full_uri)
+                     full_uri)
         super("as")
         self["dp"] = detection_point
+
         self["param"] = param.to_s if param
-        self["remote_addr"] = remote_addr.to_s if remote_addr
         self["m"] = method.to_s if method
-        @raw_location = location
-        @user_id = user_id
-        @hmac_session_id = hmac_session_id
-        @payload = payload
-
         self["pattern"] = pattern if pattern
         self["meta"] = meta if meta
-        self["rid"] = route_id if route_id
-        self["full_uri"] = location if collect_full_uri && location
+        self["rid"] = route_id.to_s if route_id
+        self["full_uri"] = full_uri if full_uri
+        self["uri"] = location if location
+        self["uid"] = user_id.to_s if user_id
+        self["sid"] = hmac_session_id if hmac_session_id
+        self["remote_addr"] = remote_address.to_s if remote_address
+        self["payload"] = payload if payload
       end
 
-      def post_process
-        self["uri"] = Util.strip_uri_values(@raw_location)
-        self["uid"] = @user_id.to_s if @user_id
-        if @hmac_session_id
-          self["sid"] = @hmac_session_id
-        end
-        self["payload"] = @payload[0..150] if @payload
+      def self.build_from_native_lib_event(event)
+        return TCellAppSensorEvent.new(
+          event["uri"],
+          event["detection_point"],
+          event["method"],
+          event["remote_address"],
+          event["parameter"],
+          event["route_id"],
+          event["meta"],
+          event["session_id"],
+          event["user_id"],
+          event["payload"],
+          event["pattern"],
+          event["full_uri"]
+        )
       end
-
     end
-
   end
 end