tcell_agent 0.2.29 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Readme.txt +7 -0
- data/bin/tcell_agent +9 -0
- data/lib/tcell_agent/agent/policy_manager.rb +3 -0
- data/lib/tcell_agent/agent/policy_types.rb +4 -1
- data/lib/tcell_agent/appsensor/injections_matcher.rb +20 -0
- data/lib/tcell_agent/appsensor/injections_reporter.rb +15 -56
- data/lib/tcell_agent/appsensor/meta_data.rb +56 -2
- data/lib/tcell_agent/appsensor/rules/baserules.json +371 -138
- data/lib/tcell_agent/cmdi.rb +113 -0
- data/lib/tcell_agent/config/unknown_options.rb +2 -0
- data/lib/tcell_agent/configuration.rb +30 -16
- data/lib/tcell_agent/hooks/login_fraud.rb +79 -0
- data/lib/tcell_agent/instrumentation.rb +6 -11
- data/lib/tcell_agent/patches/meta_data.rb +14 -11
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +5 -9
- data/lib/tcell_agent/policies/appsensor_policy.rb +22 -206
- data/lib/tcell_agent/policies/clickjacking_policy.rb +4 -2
- data/lib/tcell_agent/policies/command_injection_policy.rb +196 -0
- data/lib/tcell_agent/policies/content_security_policy.rb +3 -2
- data/lib/tcell_agent/policies/dataloss_policy.rb +3 -1
- data/lib/tcell_agent/policies/honeytokens_policy.rb +3 -1
- data/lib/tcell_agent/policies/http_redirect_policy.rb +51 -37
- data/lib/tcell_agent/policies/http_tx_policy.rb +5 -1
- data/lib/tcell_agent/policies/login_fraud_policy.rb +6 -1
- data/lib/tcell_agent/policies/patches_policy.rb +3 -1
- data/lib/tcell_agent/policies/policy.rb +10 -0
- data/lib/tcell_agent/policies/secure_headers_policy.rb +5 -2
- data/lib/tcell_agent/rails/auth/devise.rb +12 -23
- data/lib/tcell_agent/rails/csrf_exception.rb +1 -1
- data/lib/tcell_agent/rails/dlp.rb +50 -54
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +0 -1
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +0 -1
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +7 -10
- data/lib/tcell_agent/rails/on_start.rb +0 -1
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +4 -4
- data/lib/tcell_agent/rails.rb +0 -2
- data/lib/tcell_agent/rust/libtcellagent-0.6.1.dylib +0 -0
- data/lib/tcell_agent/rust/libtcellagent-0.6.1.so +0 -0
- data/lib/tcell_agent/rust/models.rb +61 -0
- data/lib/tcell_agent/rust/tcellagent-0.6.1.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +112 -0
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +25 -21
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +31 -24
- data/lib/tcell_agent/sensor_events/command_injection.rb +58 -0
- data/lib/tcell_agent/sensor_events/discovery.rb +1 -1
- data/lib/tcell_agent/sensor_events/login_fraud.rb +3 -13
- data/lib/tcell_agent/sensor_events/sensor.rb +81 -77
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +8 -0
- data/lib/tcell_agent/start_background_thread.rb +12 -3
- data/lib/tcell_agent/utils/io.rb +4 -1
- data/lib/tcell_agent/utils/params.rb +1 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/lib/tcell_agent.rb +0 -1
- data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +27 -9
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +143 -193
- data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +67 -0
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +0 -10
- data/spec/lib/tcell_agent/cmdi_spec.rb +748 -0
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +8 -0
- data/spec/lib/tcell_agent/configuration_spec.rb +138 -6
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +357 -0
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +70 -87
- data/spec/lib/tcell_agent/patches_spec.rb +9 -4
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +186 -9
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +309 -484
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +736 -0
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +222 -41
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +56 -32
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +161 -85
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +40 -72
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +267 -0
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +20 -15
- data/spec/spec_helper.rb +0 -9
- data/tcell_agent.gemspec +8 -3
- metadata +40 -39
- data/lib/tcell_agent/appsensor/sensor.rb +0 -52
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +0 -56
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +0 -59
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +0 -150
- data/lib/tcell_agent/policies/appsensor/request_size_sensor.rb +0 -25
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +0 -73
- data/lib/tcell_agent/policies/appsensor/response_size_sensor.rb +0 -25
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +0 -71
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +0 -47
- data/lib/tcell_agent/rails/auth/hooks.rb +0 -79
- data/lib/tcell_agent/sensor_events/util/redirect_utils.rb +0 -22
- data/spec/lib/tcell_agent/policies/appsensor/database_sensor_spec.rb +0 -165
- data/spec/lib/tcell_agent/policies/appsensor/misc_sensor_spec.rb +0 -429
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_apply_spec.rb +0 -466
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_from_json_spec.rb +0 -890
- data/spec/lib/tcell_agent/policies/appsensor/payloads_policy_log_spec.rb +0 -417
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +0 -236
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +0 -297
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +0 -241
- data/spec/lib/tcell_agent/policies/appsensor/user_agent_sensor_spec.rb +0 -172
- data/spec/lib/tcell_agent/rails/auth/hooks_spec.rb +0 -246
- data/spec/lib/tcell_agent/sensor_events/util/redirect_utils_spec.rb +0 -25
- data/spec/support/resources/baserules.json +0 -155
@@ -21,30 +21,37 @@ module TCellAgent
|
|
21
21
|
|
22
22
|
class << self
|
23
23
|
def build(request, response_content_length, response_code, response_headers)
|
24
|
-
|
24
|
+
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
25
|
+
meta_event = AppSensorMetaEvent.new(
|
26
|
+
request.request_method,
|
27
|
+
TCellAgent::Utils::Rails.better_ip(request),
|
28
|
+
tcell_context.route_id,
|
29
|
+
tcell_context.hmac_session_id,
|
30
|
+
tcell_context.user_id,
|
31
|
+
tcell_context.transaction_id
|
32
|
+
)
|
25
33
|
|
26
|
-
meta_event.
|
27
|
-
meta_event.method = request.request_method
|
28
|
-
meta_event.location = "#{request.base_url}#{request.fullpath}"
|
29
|
-
meta_event.request_headers = request.env
|
34
|
+
meta_event.csrf_exception_name = tcell_context.csrf_exception_name
|
30
35
|
meta_event.user_agent = request.env['HTTP_USER_AGENT']
|
31
36
|
meta_event.request_content_bytes_len = (request.content_length || 0).to_i
|
32
37
|
meta_event.response_content_bytes_len = response_content_length
|
33
38
|
|
39
|
+
meta_event.location = "#{request.base_url}#{request.fullpath}"
|
40
|
+
meta_event.path = request.path
|
41
|
+
|
34
42
|
meta_event.get_dict = request.GET
|
35
43
|
meta_event.cookie_dict = request.cookies
|
44
|
+
meta_event.set_headers_dict(request.env)
|
36
45
|
|
37
46
|
# don't enqueue parameter values of unknown type to avoid any serialization issues
|
38
47
|
meta_event.post_dict = TCellAgent::Utils::Params.flatten(request.POST)
|
39
48
|
|
49
|
+
meta_event.path_parameters = request.env[TCellAgent::Instrumentation::TCELL_ID].path_parameters
|
40
50
|
meta_event.response_code = response_code
|
41
51
|
meta_event.response_headers = response_headers
|
42
52
|
|
43
|
-
meta_event.
|
44
|
-
meta_event.
|
45
|
-
meta_event.transaction_id = request.env[TCellAgent::Instrumentation::TCELL_ID].transaction_id
|
46
|
-
meta_event.session_id = request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
47
|
-
meta_event.user_id = request.env[TCellAgent::Instrumentation::TCELL_ID].user_id
|
53
|
+
meta_event.sql_exceptions = tcell_context.sql_exceptions
|
54
|
+
meta_event.database_result_sizes = tcell_context.database_result_sizes
|
48
55
|
|
49
56
|
# Positions strio to the beginning of input, resetting lineno to zero.
|
50
57
|
# rails 4.1 seems to read the stringIO directly and so body.gets is empty
|
@@ -61,28 +68,28 @@ module TCellAgent
|
|
61
68
|
end
|
62
69
|
|
63
70
|
def build_basic(appsensor_meta)
|
64
|
-
meta_event = AppSensorMetaEvent.new
|
71
|
+
meta_event = AppSensorMetaEvent.new(
|
72
|
+
appsensor_meta.method,
|
73
|
+
appsensor_meta.remote_address,
|
74
|
+
appsensor_meta.route_id,
|
75
|
+
appsensor_meta.session_id,
|
76
|
+
appsensor_meta.user_id,
|
77
|
+
appsensor_meta.transaction_id
|
78
|
+
)
|
79
|
+
|
65
80
|
meta_event.location = appsensor_meta.location
|
66
|
-
meta_event.method =appsensor_meta.method
|
67
|
-
meta_event.remote_address = appsensor_meta.remote_address
|
68
|
-
meta_event.route_id = appsensor_meta.route_id
|
69
|
-
meta_event.session_id = appsensor_meta.session_id
|
70
|
-
meta_event.user_id = appsensor_meta.user_id
|
71
|
-
meta_event.route_id = appsensor_meta.route_id
|
72
81
|
|
73
82
|
meta_event
|
74
83
|
end
|
75
84
|
end
|
76
85
|
|
77
86
|
|
78
|
-
attr_accessor :
|
79
|
-
:
|
80
|
-
:
|
81
|
-
|
82
|
-
attr_accessor :request_headers, :response_headers
|
87
|
+
attr_accessor :location, :request_content_bytes_len, :response_content_bytes_len,
|
88
|
+
:response_code, :user_agent, :response_headers, :csrf_exception_name, :path,
|
89
|
+
:sql_exceptions, :database_result_sizes
|
83
90
|
|
84
|
-
def initialize
|
85
|
-
super
|
91
|
+
def initialize(method, remote_address, route_id, session_id, user_id, transaction_id)
|
92
|
+
super(method, remote_address, route_id, session_id, user_id, transaction_id)
|
86
93
|
|
87
94
|
@request_content_bytes_len = 0
|
88
95
|
@response_content_bytes_len = 0
|
@@ -0,0 +1,58 @@
|
|
1
|
+
require 'tcell_agent/sensor_events/sensor'
|
2
|
+
|
3
|
+
module TCellAgent
|
4
|
+
module SensorEvents
|
5
|
+
|
6
|
+
class CommandInjectionMatchEvent < Hash
|
7
|
+
def initialize(rule_id, command)
|
8
|
+
self["rule_id"] = rule_id
|
9
|
+
if command
|
10
|
+
self["command"] = command
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
class CommandInjectionEvent < TCellSensorEvent
|
16
|
+
def initialize(commands,
|
17
|
+
blocked,
|
18
|
+
matches,
|
19
|
+
method=nil,
|
20
|
+
remote_address=nil,
|
21
|
+
route_id=nil,
|
22
|
+
session_id=nil,
|
23
|
+
user_id=nil,
|
24
|
+
full_commandline=nil)
|
25
|
+
super("cmdi")
|
26
|
+
|
27
|
+
self["commands"] = commands
|
28
|
+
self["blocked"] = blocked
|
29
|
+
self["matches"] = matches
|
30
|
+
|
31
|
+
if method
|
32
|
+
self["method"] = method
|
33
|
+
end
|
34
|
+
|
35
|
+
if remote_address
|
36
|
+
self["remote_address"] = remote_address
|
37
|
+
end
|
38
|
+
|
39
|
+
if route_id
|
40
|
+
self["route_id"] = route_id
|
41
|
+
end
|
42
|
+
|
43
|
+
if session_id
|
44
|
+
self["session_id"] = session_id
|
45
|
+
end
|
46
|
+
|
47
|
+
if user_id
|
48
|
+
self["user_id"] = user_id
|
49
|
+
end
|
50
|
+
|
51
|
+
if full_commandline
|
52
|
+
self["full_commandline"] = full_commandline
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
58
|
+
end
|
@@ -2,7 +2,6 @@
|
|
2
2
|
|
3
3
|
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
4
4
|
require 'tcell_agent/sensor_events/sensor'
|
5
|
-
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
6
5
|
|
7
6
|
module TCellAgent
|
8
7
|
module SensorEvents
|
@@ -14,26 +13,17 @@ module TCellAgent
|
|
14
13
|
self["header_keys"] = header_keys
|
15
14
|
|
16
15
|
self["user_agent"] = tcell_data.user_agent.to_s if tcell_data.user_agent
|
17
|
-
self["referrer"] = tcell_data.referrer
|
16
|
+
self["referrer"] = TCellAgent::SensorEvents::Util.strip_uri_values(tcell_data.referrer) if tcell_data.referrer
|
18
17
|
self["remote_addr"] = tcell_data.ip_address.to_s if tcell_data.ip_address
|
19
18
|
self["user_id"] = user_id.to_s if user_id
|
20
19
|
self["document_uri"] = TCellAgent::SensorEvents::Util.strip_uri_values(tcell_data.path) if tcell_data.path
|
21
20
|
self["session"] = tcell_data.hmac_session_id if tcell_data.hmac_session_id
|
22
21
|
end
|
23
|
-
|
24
|
-
protected
|
25
|
-
def clean_header_keys(request_env_or_header_keys)
|
26
|
-
if request_env_or_header_keys.is_a?(Hash)
|
27
|
-
request_env_or_header_keys.select {|k,v| k.start_with? 'HTTP_'}.collect {|k,v| k.sub(/^HTTP_/, '') }
|
28
|
-
else
|
29
|
-
request_env_or_header_keys.map { |k| k.sub(/^HTTP_/, '') }
|
30
|
-
end
|
31
|
-
end
|
32
22
|
end
|
33
23
|
|
34
24
|
class LoginFailure < LoginEvent
|
35
25
|
def initialize(request_env_or_header_keys, tcell_data, user_id, user_valid=nil)
|
36
|
-
header_keys = clean_header_keys(request_env_or_header_keys)
|
26
|
+
header_keys = Util.clean_header_keys(request_env_or_header_keys)
|
37
27
|
|
38
28
|
super(header_keys, tcell_data, user_id, user_valid)
|
39
29
|
|
@@ -43,7 +33,7 @@ module TCellAgent
|
|
43
33
|
|
44
34
|
class LoginSuccess < LoginEvent
|
45
35
|
def initialize(request_env_or_header_keys, tcell_data, user_id, user_valid=nil)
|
46
|
-
header_keys = clean_header_keys(request_env_or_header_keys)
|
36
|
+
header_keys = Util.clean_header_keys(request_env_or_header_keys)
|
47
37
|
|
48
38
|
super(header_keys, tcell_data, user_id, user_valid)
|
49
39
|
|
@@ -5,86 +5,90 @@ require 'tcell_agent/logger'
|
|
5
5
|
require 'uri'
|
6
6
|
|
7
7
|
module TCellAgent
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
end
|
8
|
+
module SensorEvents
|
9
|
+
|
10
|
+
class TCellSensorEvent < Hash
|
11
|
+
attr_accessor :send, :flush, :ensure
|
12
|
+
|
13
|
+
def initialize(event_type)
|
14
|
+
@send = true
|
15
|
+
@flush = false
|
16
|
+
@ensure = false
|
17
|
+
@timestamp = DateTime.now.to_time.to_i
|
18
|
+
self["event_type"] = event_type
|
19
|
+
end
|
20
|
+
|
21
|
+
def calculateOffset(from_timestamp)
|
22
|
+
self["offset"] = from_timestamp - @timestamp
|
23
|
+
end
|
24
|
+
|
25
|
+
def post_process
|
26
|
+
# This is called in the background thread, so any
|
27
|
+
# santization, analysis, etc doesn't get in the way
|
28
|
+
end
|
29
|
+
|
30
|
+
def bucket_key
|
31
|
+
return nil
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
class TCellHttpTxSensorEvent < TCellSensorEvent
|
36
|
+
def initialize(request, response)
|
37
|
+
super("http_tx")
|
38
|
+
@raw_request = request
|
39
|
+
@raw_response = response
|
40
|
+
end
|
41
|
+
def post_process
|
42
|
+
if defined?@raw_request
|
43
|
+
self["request"] = Util.request_sanitized_json(@raw_request)
|
45
44
|
end
|
46
|
-
|
47
|
-
|
48
|
-
super("redirect")
|
49
|
-
@raw_original_url = original_url
|
50
|
-
self["method"] = method
|
51
|
-
self["from_domain"] = original_domain
|
52
|
-
self["status_code"] = status_code
|
53
|
-
self["remote_addr"] = remote_addr
|
54
|
-
if route_id
|
55
|
-
self["rid"] = route_id
|
56
|
-
end
|
57
|
-
@raw_redirect_domain = redirect_domain
|
58
|
-
@user_id = user_id
|
59
|
-
@hmac_session_id = hmac_session_id
|
60
|
-
end
|
61
|
-
def post_process
|
62
|
-
self["from"] = Util.strip_uri_values(@raw_original_url)
|
63
|
-
self["to"] = @raw_redirect_domain
|
64
|
-
if @hmac_session_id
|
65
|
-
self["sid"] = @hmac_session_id
|
66
|
-
end
|
67
|
-
end
|
45
|
+
if defined?@raw_response
|
46
|
+
self["response"] = Util.response_sanitized_json(@raw_response)
|
68
47
|
end
|
48
|
+
end
|
49
|
+
end
|
69
50
|
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
51
|
+
class TCellRedirectSensorEvent < TCellSensorEvent
|
52
|
+
def initialize(redirect_domain,
|
53
|
+
original_domain,
|
54
|
+
original_url,
|
55
|
+
method,
|
56
|
+
route_id,
|
57
|
+
status_code,
|
58
|
+
remote_addr,
|
59
|
+
hmac_session_id=nil,
|
60
|
+
user_id=nil)
|
61
|
+
super("redirect")
|
62
|
+
self["method"] = method
|
63
|
+
self["from_domain"] = original_domain
|
64
|
+
self["status_code"] = status_code
|
65
|
+
self["remote_addr"] = remote_addr
|
66
|
+
self["to"] = redirect_domain
|
67
|
+
self["uid"] = user_id.to_s if user_id
|
68
|
+
self["from"] = Util.strip_uri_values(original_url)
|
69
|
+
self["rid"] = route_id if route_id
|
70
|
+
self["sid"] = hmac_session_id if hmac_session_id
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
class TCellFingerprintSensorEvent < TCellSensorEvent
|
75
|
+
def initialize(request, hmac_session_id, user_id=nil)
|
76
|
+
super("fingerprint")
|
77
|
+
@raw_request = request
|
78
|
+
@hmac_session_id = hmac_session_id
|
79
|
+
@user_id = user_id
|
80
|
+
end
|
81
|
+
def post_process
|
82
|
+
if !(@raw_request.headers.key?("HTTP_USER_AGENT"))
|
83
|
+
raise "User Agent not Found!"
|
84
|
+
end
|
85
|
+
self["ua"] = @raw_request.headers["HTTP_USER_AGENT"]
|
86
|
+
self["ip"] = @raw_request.remote_ip
|
87
|
+
self["sid"] = @hmac_session_id
|
88
|
+
if @user_id
|
89
|
+
self["uid"] = @user_id
|
88
90
|
end
|
91
|
+
end
|
89
92
|
end
|
93
|
+
end
|
90
94
|
end
|
@@ -157,6 +157,14 @@ module TCellAgent
|
|
157
157
|
end
|
158
158
|
return "tcell_hmac_key"
|
159
159
|
end
|
160
|
+
|
161
|
+
def self.clean_header_keys(request_env_or_header_keys)
|
162
|
+
if request_env_or_header_keys.is_a?(Hash)
|
163
|
+
request_env_or_header_keys.select {|k,v| k.start_with? 'HTTP_'}.collect {|k,v| k.sub(/^HTTP_/, '') }
|
164
|
+
else
|
165
|
+
request_env_or_header_keys.map { |k| k.sub(/^HTTP_/, '') }
|
166
|
+
end
|
167
|
+
end
|
160
168
|
end
|
161
169
|
end
|
162
170
|
end
|
@@ -8,9 +8,11 @@ if (TCellAgent.configuration.disable_all == false)
|
|
8
8
|
module TCellAgent
|
9
9
|
#require 'tcell_agent/sinatra' if defined?(Sinatra)
|
10
10
|
require 'tcell_agent/rails' if defined?(Rails)
|
11
|
+
require 'tcell_agent/cmdi'
|
11
12
|
|
12
13
|
def self.run_instrumentation(server_name, send_startup_events=true)
|
13
14
|
|
15
|
+
require 'tcell_agent/hooks/login_fraud'
|
14
16
|
require 'tcell_agent/rails/on_start' if defined?(Rails)
|
15
17
|
|
16
18
|
TCellAgent::Instrumentation.safe_block("Starting thread agent") do
|
@@ -19,7 +21,6 @@ if (TCellAgent.configuration.disable_all == false)
|
|
19
21
|
end
|
20
22
|
|
21
23
|
if send_startup_events && TCellAgent.configuration.should_instrument?
|
22
|
-
Thread.abort_on_exception = TCellAgent.configuration.raise_exceptions
|
23
24
|
Thread.new do
|
24
25
|
|
25
26
|
TCellAgent::Instrumentation.safe_block("Instrumenting Agent Details") do
|
@@ -33,10 +34,18 @@ if (TCellAgent.configuration.disable_all == false)
|
|
33
34
|
end
|
34
35
|
|
35
36
|
TCellAgent::Instrumentation.safe_block("Instrumenting Initial Config") do
|
37
|
+
require 'tcell_agent/rust/whisperer'
|
38
|
+
|
39
|
+
TCellAgent.send_event(
|
40
|
+
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
|
41
|
+
"native_lib_loaded",
|
42
|
+
TCellAgent::Rust::Wrapper.common_lib_available?.to_s)
|
43
|
+
)
|
44
|
+
|
36
45
|
TCellAgent.send_event(
|
37
46
|
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
|
38
|
-
"
|
39
|
-
(!!TCellAgent.configuration.
|
47
|
+
"allow_payloads",
|
48
|
+
(!!TCellAgent.configuration.allow_payloads).to_s)
|
40
49
|
)
|
41
50
|
|
42
51
|
TCellAgent.send_event(
|
data/lib/tcell_agent/utils/io.rb
CHANGED
data/lib/tcell_agent/version.rb
CHANGED
data/lib/tcell_agent.rb
CHANGED
@@ -22,7 +22,6 @@ require 'tcell_agent/policies/dataloss_policy'
|
|
22
22
|
|
23
23
|
require 'tcell_agent/sensor_events/dlp'
|
24
24
|
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
25
|
-
require 'tcell_agent/sensor_events/util/redirect_utils'
|
26
25
|
|
27
26
|
require 'tcell_agent/instrumentation'
|
28
27
|
require 'tcell_agent/start_background_thread'
|
@@ -363,14 +363,22 @@ module TCellAgent
|
|
363
363
|
end
|
364
364
|
|
365
365
|
describe "#check_param_for_injections" do
|
366
|
+
before(:each) do
|
367
|
+
@meta_data = TCellAgent::AppSensor::MetaData.new(
|
368
|
+
"get",
|
369
|
+
"remote_address",
|
370
|
+
"route_id",
|
371
|
+
"session_id",
|
372
|
+
"user_id",
|
373
|
+
"transaction_id")
|
374
|
+
end
|
375
|
+
|
366
376
|
context "with no sensors" do
|
367
377
|
it "should not find any injections" do
|
368
378
|
injection_matcher = InjectionsMatcher.new([])
|
369
379
|
|
370
|
-
meta_data = TCellAgent::AppSensor::MetaData.new
|
371
|
-
|
372
380
|
result = injection_matcher.check_param_for_injections(
|
373
|
-
InjectionsMatcher::URI_PARAM, meta_data, "dirty", "<script></script>"
|
381
|
+
InjectionsMatcher::URI_PARAM, @meta_data, "dirty", "<script></script>"
|
374
382
|
)
|
375
383
|
|
376
384
|
expect(result).to eq(nil)
|
@@ -383,17 +391,15 @@ module TCellAgent
|
|
383
391
|
|
384
392
|
injection_matcher = InjectionsMatcher.new([fake_sensor])
|
385
393
|
|
386
|
-
meta_data = TCellAgent::AppSensor::MetaData.new
|
387
|
-
|
388
394
|
expect(fake_sensor).to receive(:applicable_for_param_type?).with(
|
389
395
|
InjectionsMatcher::URI_PARAM
|
390
396
|
).and_return(true)
|
391
397
|
expect(fake_sensor).to receive(:get_injection_attempt).with(
|
392
|
-
InjectionsMatcher::URI_PARAM, meta_data, "dirty", "<script></script>"
|
398
|
+
InjectionsMatcher::URI_PARAM, @meta_data, "dirty", "<script></script>"
|
393
399
|
).and_return({"injection" => true})
|
394
400
|
|
395
401
|
result = injection_matcher.check_param_for_injections(
|
396
|
-
InjectionsMatcher::URI_PARAM, meta_data, "dirty", "<script></script>"
|
402
|
+
InjectionsMatcher::URI_PARAM, @meta_data, "dirty", "<script></script>"
|
397
403
|
)
|
398
404
|
|
399
405
|
expect(result).to eq({"injection" => true})
|
@@ -405,7 +411,13 @@ module TCellAgent
|
|
405
411
|
context "with appsensor meta data" do
|
406
412
|
context "with one param of each type" do
|
407
413
|
it "should call check_param_for_injections once for each param" do
|
408
|
-
meta_data = TCellAgent::SensorEvents::AppSensorMetaEvent.new
|
414
|
+
meta_data = TCellAgent::SensorEvents::AppSensorMetaEvent.new(
|
415
|
+
"get",
|
416
|
+
"remote_address",
|
417
|
+
"route_id",
|
418
|
+
"session_id",
|
419
|
+
"user_id",
|
420
|
+
"transaction_id")
|
409
421
|
meta_data.get_dict = {"get_param" => "get_value"}
|
410
422
|
# post dict for appsensor meta data gets flatten before being enqueued
|
411
423
|
meta_data.post_dict = TCellAgent::Utils::Params.flatten({"post_param" => "post_value"})
|
@@ -453,7 +465,13 @@ module TCellAgent
|
|
453
465
|
context "with patches meta data" do
|
454
466
|
context "with one param of each type" do
|
455
467
|
it "should call check_param_for_injections once for each param" do
|
456
|
-
meta_data = TCellAgent::Patches::MetaData.new
|
468
|
+
meta_data = TCellAgent::Patches::MetaData.new(
|
469
|
+
"get",
|
470
|
+
"remote_address",
|
471
|
+
"route_id",
|
472
|
+
"session_id",
|
473
|
+
"user_id",
|
474
|
+
"transaction_id")
|
457
475
|
meta_data.get_dict = {"get_param" => "get_value"}
|
458
476
|
meta_data.post_dict = {"post_param" => "post_value"}
|
459
477
|
meta_data.body_dict = TCellAgent::Utils::Params.flatten({"body_param" => "body_value"})
|