tcell_agent 0.2.7 → 0.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. checksums.yaml +4 -4
  2. data/bin/tcell_agent +22 -0
  3. data/lib/tcell_agent/agent/event_processor.rb +7 -0
  4. data/lib/tcell_agent/agent/fork_pipe_manager.rb +29 -29
  5. data/lib/tcell_agent/agent/policy_manager.rb +2 -1
  6. data/lib/tcell_agent/agent/route_manager.rb +35 -15
  7. data/lib/tcell_agent/configuration.rb +42 -2
  8. data/lib/tcell_agent/instrumentation.rb +4 -1
  9. data/lib/tcell_agent/logger.rb +1 -1
  10. data/lib/tcell_agent/rails.rb +12 -18
  11. data/lib/tcell_agent/rails/auth/authlogic.rb +2 -2
  12. data/lib/tcell_agent/rails/auth/devise.rb +1 -1
  13. data/lib/tcell_agent/rails/dlp.rb +133 -123
  14. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +2 -1
  15. data/lib/tcell_agent/rails/on_start.rb +67 -69
  16. data/lib/tcell_agent/rails/routes.rb +91 -86
  17. data/lib/tcell_agent/rails/settings_reporter.rb +10 -0
  18. data/lib/tcell_agent/routes/table.rb +2 -0
  19. data/lib/tcell_agent/sensor_events/server_agent.rb +10 -0
  20. data/lib/tcell_agent/servers/thin.rb +1 -0
  21. data/lib/tcell_agent/servers/webrick.rb +0 -1
  22. data/lib/tcell_agent/start_background_thread.rb +44 -45
  23. data/lib/tcell_agent/system_info.rb +10 -0
  24. data/lib/tcell_agent/version.rb +1 -1
  25. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +99 -0
  26. data/spec/lib/tcell_agent/api/api_spec.rb +2 -2
  27. data/spec/lib/tcell_agent/instrumentation_spec.rb +176 -176
  28. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +32 -32
  29. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +63 -63
  30. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +93 -93
  31. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +222 -222
  32. data/spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb +17 -17
  33. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +57 -57
  34. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +17 -17
  35. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +3 -3
  36. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +59 -59
  37. data/spec/lib/tcell_agent/rails/logger_spec.rb +148 -0
  38. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +7 -7
  39. data/spec/lib/tcell_agent/rails_spec.rb +2 -2
  40. data/spec/lib/tcell_agent/sensor_events/dlp_spec.rb +9 -9
  41. data/spec/lib/tcell_agent/sensor_events/util/redirect_utils_spec.rb +20 -20
  42. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +52 -52
  43. data/spec/lib/tcell_agent_spec.rb +17 -17
  44. data/spec/spec_helper.rb +1 -0
  45. data/spec/support/resources/normal_config.json +5 -5
  46. data/tcell_agent.gemspec +4 -4
  47. metadata +31 -26
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb CHANGED
@@ -1,39 +1,39 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  module TCellAgent
4
- module Policies
5
- describe AppSensorPolicy do
6
- policy_json_empty = {
7
- "policy_id"=>"01a1",
8
- "data"=>{
9
- "options"=>{}
10
- }
11
- }
4
+ module Policies
5
+ describe AppSensorPolicy do
6
+ policy_json_empty = {
7
+ "policy_id"=>"01a1",
8
+ "data"=>{
9
+ "options"=>{}
10
+ }
11
+ }
12
12
 
13
- policy_json_one = {
14
- "policy_id"=>"01a1",
15
- "data"=>{
16
- "options"=>{
17
- "xss"=>true
18
- }
19
- }
20
- }
13
+ policy_json_one = {
14
+ "policy_id"=>"01a1",
15
+ "data"=>{
16
+ "options"=>{
17
+ "xss"=>true
18
+ }
19
+ }
20
+ }
21
21
 
22
- empty_policy = AppSensorPolicy.fromJson(policy_json_empty)
23
- context "test empty agent" do
24
- it "enabled is false" do
25
- expect(empty_policy.policy_id).to eq("01a1")
26
- expect(empty_policy.enabled).to eq(false)
27
- end
28
- end
29
- from_json = AppSensorPolicy.fromJson(policy_json_one)
30
- context "tests xss is true and enabled true" do
31
- it "returns true" do
32
- expect(from_json.policy_id).to eq("01a1")
33
- expect(from_json.enabled).to eq(true)
34
- expect(from_json.option_enabled?("xss")).to eq(true)
35
- end
36
- end
22
+ empty_policy = AppSensorPolicy.fromJson(policy_json_empty)
23
+ context "test empty agent" do
24
+ it "enabled is false" do
25
+ expect(empty_policy.policy_id).to eq("01a1")
26
+ expect(empty_policy.enabled).to eq(false)
37
27
  end
28
+ end
29
+ from_json = AppSensorPolicy.fromJson(policy_json_one)
30
+ context "tests xss is true and enabled true" do
31
+ it "returns true" do
32
+ expect(from_json.policy_id).to eq("01a1")
33
+ expect(from_json.enabled).to eq(true)
34
+ expect(from_json.option_enabled?("xss")).to eq(true)
35
+ end
36
+ end
38
37
  end
39
- end
38
+ end
39
+ end
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb CHANGED
@@ -1,71 +1,71 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  module TCellAgent
4
- module Policies
5
- describe ClickjackingPolicy do
6
- content_security_policy_json = {
7
- "policy_id"=>"00a1",
8
- "headers"=>[
9
- {"name"=>"csp", "value"=>"csp header value"}
10
- ]
11
- }
12
- csp_from_json = ClickjackingPolicy.fromJson(content_security_policy_json)
13
- context "initialized with 3 items" do
14
- it "returns true" do
15
- expect(csp_from_json.policy_id).to eq("00a1")
16
- expect(csp_from_json.headers[0].type).to eq("csp")
17
- expect(csp_from_json.headers[0].value).to eq("csp header value")
18
- end
19
- end
20
- context "headers match up appropriately" do
21
- it "returns content-security-policy headers" do
22
- expect(ClickjackingPolicy.cspHeadersForType("csp")).to match_array(["Content-Security-Policy"])#,"X-Content-Security-Policy","X-WebKit-CSP"])
23
- end
24
- end
4
+ module Policies
5
+ describe ClickjackingPolicy do
6
+ content_security_policy_json = {
7
+ "policy_id"=>"00a1",
8
+ "headers"=>[
9
+ {"name"=>"csp", "value"=>"csp header value"}
10
+ ]
11
+ }
12
+ csp_from_json = ClickjackingPolicy.fromJson(content_security_policy_json)
13
+ context "initialized with 3 items" do
14
+ it "returns true" do
15
+ expect(csp_from_json.policy_id).to eq("00a1")
16
+ expect(csp_from_json.headers[0].type).to eq("csp")
17
+ expect(csp_from_json.headers[0].value).to eq("csp header value")
25
18
  end
26
- describe ContentSecurityPolicy do
27
- content_security_policy_json = {
28
- "policy_id"=>"01a1",
29
- "headers"=>[
30
- {"name"=>"csp-header-is-bad", "value"=>"csp header value"}
31
- ]
32
- }
33
- csp_policy = ClickjackingPolicy.fromJson(content_security_policy_json)
34
- context "csp header example, invalid header" do
35
- it "returns false" do
36
- expect(csp_policy.headers.length).to eq(0)
37
- end
38
- end
19
+ end
20
+ context "headers match up appropriately" do
21
+ it "returns content-security-policy headers" do
22
+ expect(ClickjackingPolicy.cspHeadersForType("csp")).to match_array(["Content-Security-Policy"])#,"X-Content-Security-Policy","X-WebKit-CSP"])
39
23
  end
40
- describe ClickjackingPolicy do
41
- content_security_policy_json = {
42
- "policy_id"=>"01a1",
43
- "headers"=>[
44
- {"name"=>"csp", "value"=>"value123\\nabc"}
45
- ]
46
- }
47
- csp_policy = ClickjackingPolicy.fromJson(content_security_policy_json)
48
- context "secure header, value is bad" do
49
- it "returns false" do
50
- expect(csp_policy.headers.length).to eq(0)
51
- end
52
- end
24
+ end
25
+ end
26
+ describe ContentSecurityPolicy do
27
+ content_security_policy_json = {
28
+ "policy_id"=>"01a1",
29
+ "headers"=>[
30
+ {"name"=>"csp-header-is-bad", "value"=>"csp header value"}
31
+ ]
32
+ }
33
+ csp_policy = ClickjackingPolicy.fromJson(content_security_policy_json)
34
+ context "csp header example, invalid header" do
35
+ it "returns false" do
36
+ expect(csp_policy.headers.length).to eq(0)
37
+ end
38
+ end
39
+ end
40
+ describe ClickjackingPolicy do
41
+ content_security_policy_json = {
42
+ "policy_id"=>"01a1",
43
+ "headers"=>[
44
+ {"name"=>"csp", "value"=>"value123\\nabc"}
45
+ ]
46
+ }
47
+ csp_policy = ClickjackingPolicy.fromJson(content_security_policy_json)
48
+ context "secure header, value is bad" do
49
+ it "returns false" do
50
+ expect(csp_policy.headers.length).to eq(0)
53
51
  end
54
- describe ClickjackingPolicy do
55
- content_security_policy_json = {
56
- "policy_id"=>"01a1",
57
- "headers"=>[
58
- {"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
59
- ]
60
- }
61
- csp_policy = ClickjackingPolicy.fromJson(content_security_policy_json)
62
- context "secure header, report-uri seperate" do
63
- it "returns false" do
64
- expect(csp_policy.headers.length).to eq(1)
65
- expect(csp_policy.headers[0].value).to eq("value normal; report-uri https://example.com/abcdde")
66
- expect(csp_policy.headers[0].value("1","2","3")).to eq("value normal; report-uri https://example.com/abcdde?tid=1&sid=2&uid=3")
67
- end
68
- end
52
+ end
53
+ end
54
+ describe ClickjackingPolicy do
55
+ content_security_policy_json = {
56
+ "policy_id"=>"01a1",
57
+ "headers"=>[
58
+ {"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
59
+ ]
60
+ }
61
+ csp_policy = ClickjackingPolicy.fromJson(content_security_policy_json)
62
+ context "secure header, report-uri seperate" do
63
+ it "returns false" do
64
+ expect(csp_policy.headers.length).to eq(1)
65
+ expect(csp_policy.headers[0].value).to eq("value normal; report-uri https://example.com/abcdde")
66
+ expect(csp_policy.headers[0].value("1","2","3")).to eq("value normal; report-uri https://example.com/abcdde?tid=1&sid=2&uid=3")
69
67
  end
68
+ end
70
69
  end
71
- end
70
+ end
71
+ end
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb CHANGED
@@ -1,106 +1,106 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  module TCellAgent
4
- module Policies
5
- describe ContentSecurityPolicy do
6
- policy_json_empty = {
7
- "policy_id"=>"01a1",
8
- "data"=>{
9
- "options"=>{
4
+ module Policies
5
+ describe ContentSecurityPolicy do
6
+ policy_json_empty = {
7
+ "policy_id"=>"01a1",
8
+ "data"=>{
9
+ "options"=>{
10
10
 
11
- }
12
- }
13
- }
11
+ }
12
+ }
13
+ }
14
14
 
15
- policy_json_one = {
16
- "policy_id"=>"01a1",
17
- "data"=>{
18
- "options"=>{
19
- "js_agent_api_key"=>"000-000-1"
20
- }
21
- }
22
- }
15
+ policy_json_one = {
16
+ "policy_id"=>"01a1",
17
+ "data"=>{
18
+ "options"=>{
19
+ "js_agent_api_key"=>"000-000-1"
20
+ }
21
+ }
22
+ }
23
23
 
24
- empty_policy = ContentSecurityPolicy.fromJson(policy_json_empty)
25
- context "test empty agent" do
26
- it "enabled is false" do
27
- expect(empty_policy.policy_id).to eq("01a1")
28
- expect(empty_policy.js_agent_api_key).to eq(nil)
29
- end
30
- end
24
+ empty_policy = ContentSecurityPolicy.fromJson(policy_json_empty)
25
+ context "test empty agent" do
26
+ it "enabled is false" do
27
+ expect(empty_policy.policy_id).to eq("01a1")
28
+ expect(empty_policy.js_agent_api_key).to eq(nil)
29
+ end
30
+ end
31
31
 
32
- from_json = ContentSecurityPolicy.fromJson(policy_json_one)
33
- context "tests xss is true and enabled true" do
34
- it "returns true" do
35
- expect(from_json.policy_id).to eq("01a1")
36
- expect(from_json.js_agent_api_key).to eq("000-000-1")
37
- end
38
- end
32
+ from_json = ContentSecurityPolicy.fromJson(policy_json_one)
33
+ context "tests xss is true and enabled true" do
34
+ it "returns true" do
35
+ expect(from_json.policy_id).to eq("01a1")
36
+ expect(from_json.js_agent_api_key).to eq("000-000-1")
37
+ end
38
+ end
39
+ end
40
+ describe ContentSecurityPolicy do
41
+ content_security_policy_json = {
42
+ "policy_id"=>"00a1",
43
+ "headers"=>[
44
+ {"name"=>"csp", "value"=>"csp header value"}
45
+ ]
46
+ }
47
+ csp_from_json = ContentSecurityPolicy.fromJson(content_security_policy_json)
48
+ context "initialized with 3 items" do
49
+ it "returns true" do
50
+ expect(csp_from_json.policy_id).to eq("00a1")
51
+ expect(csp_from_json.headers[0].type).to eq("csp")
52
+ expect(csp_from_json.headers[0].value).to eq("csp header value")
39
53
  end
40
- describe ContentSecurityPolicy do
41
- content_security_policy_json = {
42
- "policy_id"=>"00a1",
43
- "headers"=>[
44
- {"name"=>"csp", "value"=>"csp header value"}
45
- ]
46
- }
47
- csp_from_json = ContentSecurityPolicy.fromJson(content_security_policy_json)
48
- context "initialized with 3 items" do
49
- it "returns true" do
50
- expect(csp_from_json.policy_id).to eq("00a1")
51
- expect(csp_from_json.headers[0].type).to eq("csp")
52
- expect(csp_from_json.headers[0].value).to eq("csp header value")
53
- end
54
- end
55
- context "headers match up appropriately" do
56
- it "returns content-security-policy headers" do
57
- expect(ContentSecurityPolicy.cspHeadersForType("csp")).to match_array(["Content-Security-Policy"])
58
- end
59
- end
54
+ end
55
+ context "headers match up appropriately" do
56
+ it "returns content-security-policy headers" do
57
+ expect(ContentSecurityPolicy.cspHeadersForType("csp")).to match_array(["Content-Security-Policy"])
60
58
  end
61
- describe ContentSecurityPolicy do
62
- content_security_policy_json = {
63
- "policy_id"=>"01a1",
64
- "headers"=>[
65
- {"name"=>"csp-header-is-bad", "value"=>"csp header value"}
66
- ]
67
- }
68
- csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
69
- context "csp header example, invalid header" do
70
- it "returns false" do
71
- expect(csp_policy.headers.length).to eq(0)
72
- end
73
- end
59
+ end
60
+ end
61
+ describe ContentSecurityPolicy do
62
+ content_security_policy_json = {
63
+ "policy_id"=>"01a1",
64
+ "headers"=>[
65
+ {"name"=>"csp-header-is-bad", "value"=>"csp header value"}
66
+ ]
67
+ }
68
+ csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
69
+ context "csp header example, invalid header" do
70
+ it "returns false" do
71
+ expect(csp_policy.headers.length).to eq(0)
74
72
  end
75
- describe ContentSecurityPolicy do
76
- content_security_policy_json = {
77
- "policy_id"=>"01a1",
78
- "headers"=>[
79
- {"name"=>"csp", "value"=>"value123\\nabc"}
80
- ]
81
- }
82
- csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
83
- context "secure header, value is bad" do
84
- it "returns false" do
85
- expect(csp_policy.headers.length).to eq(0)
86
- end
87
- end
73
+ end
74
+ end
75
+ describe ContentSecurityPolicy do
76
+ content_security_policy_json = {
77
+ "policy_id"=>"01a1",
78
+ "headers"=>[
79
+ {"name"=>"csp", "value"=>"value123\\nabc"}
80
+ ]
81
+ }
82
+ csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
83
+ context "secure header, value is bad" do
84
+ it "returns false" do
85
+ expect(csp_policy.headers.length).to eq(0)
88
86
  end
89
- describe ContentSecurityPolicy do
90
- content_security_policy_json = {
91
- "policy_id"=>"01a1",
92
- "headers"=>[
93
- {"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
94
- ]
95
- }
96
- csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
97
- context "secure header, report-uri seperate" do
98
- it "returns false" do
99
- expect(csp_policy.headers.length).to eq(1)
100
- expect(csp_policy.headers[0].value).to eq("value normal; report-uri https://example.com/abcdde?c=-815891691")
101
- expect(csp_policy.headers[0].value("1","2","3")).to eq("value normal; report-uri https://example.com/abcdde?tid=1&sid=3&rid=2&c=1777384531")
102
- end
103
- end
87
+ end
88
+ end
89
+ describe ContentSecurityPolicy do
90
+ content_security_policy_json = {
91
+ "policy_id"=>"01a1",
92
+ "headers"=>[
93
+ {"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
94
+ ]
95
+ }
96
+ csp_policy = ContentSecurityPolicy.fromJson(content_security_policy_json)
97
+ context "secure header, report-uri seperate" do
98
+ it "returns false" do
99
+ expect(csp_policy.headers.length).to eq(1)
100
+ expect(csp_policy.headers[0].value).to eq("value normal; report-uri https://example.com/abcdde?c=-815891691")
101
+ expect(csp_policy.headers[0].value("1","2","3")).to eq("value normal; report-uri https://example.com/abcdde?tid=1&sid=3&rid=2&c=1777384531")
104
102
  end
103
+ end
105
104
  end
106
- end
105
+ end
106
+ end
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb CHANGED
@@ -2,244 +2,244 @@ require 'spec_helper'
2
2
  require 'set'
3
3
 
4
4
  module TCellAgent
5
- module Policies
6
- describe DataLossPolicy do
7
- policy_json = {
8
- "policy_id"=>"x1a1",
9
- "data"=>{
10
- "protections"=>[
11
- {"table"=>"user",
12
- "field"=>"ssn",
13
- "actions"=>{
14
- "body"=>["event","redact"],
15
- "logs"=>["redact"]
16
- }
17
- }
18
- ]
5
+ module Policies
6
+ describe DataLossPolicy do
7
+ policy_json = {
8
+ "policy_id"=>"x1a1",
9
+ "data"=>{
10
+ "protections"=>[
11
+ {"table"=>"user",
12
+ "field"=>"ssn",
13
+ "actions"=>{
14
+ "body"=>["event","redact"],
15
+ "logs"=>["redact"]
16
+ }
17
+ }
18
+ ]
19
+ }
20
+ }
21
+ policy = DataLossPolicy.fromJson(policy_json)
22
+ # context "initialized with 3 items" do
23
+ # it "returns true" do
24
+ # expect(policy.get_actions_for("user","ssn")).to eq(["body_redact"].to_set)
25
+ # end
26
+ # end
27
+ policy_json_two = {
28
+ "policy_id"=>"x1a1",
29
+ "data"=>{
30
+ "session_id_protection"=>{"body"=>["redact"], "log"=>["event"]}
31
+ }
32
+ }
33
+ policy_two = DataLossPolicy.fromJson(policy_json_two)
34
+ context "check session_id_protections" do
35
+ it "gives the right actions" do
36
+ expect(policy_two.get_actions_for_session_id.body_redact).to eq(true)
37
+ expect(policy_two.get_actions_for_session_id.log_redact).to eq(nil)
38
+ expect(policy_two.get_actions_for_session_id.log_event).to eq(true)
39
+ end
40
+ end
41
+ context "Database Options" do
42
+ it "Ignores bad table" do
43
+ policy_json_requests = {
44
+ "policy_id"=>"x1a1",
45
+ "data"=>{
46
+ "db_protections"=>[
47
+ {
48
+ "databases"=>["dave"],
49
+ "schemas"=>["sam"],
50
+ "tables"=>["trevor"],
51
+ "fields"=>["fred"],
52
+ "actions"=>{
53
+ "log"=>["redact"],
54
+ "body"=>["event"]
55
+ }
19
56
  }
57
+ ]
20
58
  }
21
- policy = DataLossPolicy.fromJson(policy_json)
22
- # context "initialized with 3 items" do
23
- # it "returns true" do
24
- # expect(policy.get_actions_for("user","ssn")).to eq(["body_redact"].to_set)
25
- # end
26
- # end
27
- policy_json_two = {
28
- "policy_id"=>"x1a1",
29
- "data"=>{
30
- "session_id_protection"=>{"body"=>["redact"], "log"=>["event"]}
59
+ }
60
+ db_one_policy = DataLossPolicy.fromJson(policy_json_requests)
61
+ expect(db_one_policy.get_actions_for_table("dave","sam","tommy","fred")).to eq(nil)
62
+ end
63
+ it "Partial Policy" do
64
+ # Assume if databases, schemas that are missing are "*"
65
+ policy_json_requests = {
66
+ "policy_id"=>"x1a1",
67
+ "data"=>{
68
+ "db_protections"=>[
69
+ {
70
+ "fields"=>["fred"],
71
+ "actions"=>{
72
+ "log"=>["redact"],
73
+ "body"=>["event"]
74
+ }
31
75
  }
76
+ ]
32
77
  }
33
- policy_two = DataLossPolicy.fromJson(policy_json_two)
34
- context "check session_id_protections" do
35
- it "gives the right actions" do
36
- expect(policy_two.get_actions_for_session_id.body_redact).to eq(true)
37
- expect(policy_two.get_actions_for_session_id.log_redact).to eq(nil)
38
- expect(policy_two.get_actions_for_session_id.log_event).to eq(true)
39
- end
40
- end
41
- context "Database Options" do
42
- it "Ignores bad table" do
43
- policy_json_requests = {
44
- "policy_id"=>"x1a1",
45
- "data"=>{
46
- "db_protections"=>[
47
- {
48
- "databases"=>["dave"],
49
- "schemas"=>["sam"],
50
- "tables"=>["trevor"],
51
- "fields"=>["fred"],
52
- "actions"=>{
53
- "log"=>["redact"],
54
- "body"=>["event"]
55
- }
56
- }
57
- ]
58
- }
59
- }
60
- db_one_policy = DataLossPolicy.fromJson(policy_json_requests)
61
- expect(db_one_policy.get_actions_for_table("dave","sam","tommy","fred")).to eq(nil)
62
- end
63
- it "Partial Policy" do
64
- # Assume if databases, schemas that are missing are "*"
65
- policy_json_requests = {
66
- "policy_id"=>"x1a1",
67
- "data"=>{
68
- "db_protections"=>[
69
- {
70
- "fields"=>["fred"],
71
- "actions"=>{
72
- "log"=>["redact"],
73
- "body"=>["event"]
74
- }
75
- }
76
- ]
77
- }
78
- }
79
- db_one_policy = DataLossPolicy.fromJson(policy_json_requests)
80
- expect((db_one_policy.get_actions_for_table("dave","sam","tommy","fred").to_a)[0].log_redact).to eq(true)
81
- expect((db_one_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].log_redact).to eq(true)
82
- end
83
- it "Scopes by reoute_id" do
84
- policy_json_request_ids = {
85
- "policy_id"=>"x1a1",
86
- "data"=>{
87
- "db_protections"=>[
88
- {
89
- "scope"=>"route",
90
- "route_ids"=>["abcd"],
91
- "databases"=>["dave"],
92
- "schemas"=>["sam"],
93
- "tables"=>["tommy"],
94
- "fields"=>["fred"],
95
- "actions"=>{
96
- "log"=>["redact"],
97
- "body"=>["event"]
98
- }
99
- }
100
- ]
101
- }
78
+ }
79
+ db_one_policy = DataLossPolicy.fromJson(policy_json_requests)
80
+ expect((db_one_policy.get_actions_for_table("dave","sam","tommy","fred").to_a)[0].log_redact).to eq(true)
81
+ expect((db_one_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].log_redact).to eq(true)
82
+ end
83
+ it "Scopes by reoute_id" do
84
+ policy_json_request_ids = {
85
+ "policy_id"=>"x1a1",
86
+ "data"=>{
87
+ "db_protections"=>[
88
+ {
89
+ "scope"=>"route",
90
+ "route_ids"=>["abcd"],
91
+ "databases"=>["dave"],
92
+ "schemas"=>["sam"],
93
+ "tables"=>["tommy"],
94
+ "fields"=>["fred"],
95
+ "actions"=>{
96
+ "log"=>["redact"],
97
+ "body"=>["event"]
98
+ }
102
99
  }
103
- db_two_policy = DataLossPolicy.fromJson(policy_json_request_ids)
104
- expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred").to_a).size).to eq(0)
105
- expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","other_route").to_a).size).to eq(0)
106
- expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a).size).to eq(1)
100
+ ]
101
+ }
102
+ }
103
+ db_two_policy = DataLossPolicy.fromJson(policy_json_request_ids)
104
+ expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred").to_a).size).to eq(0)
105
+ expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","other_route").to_a).size).to eq(0)
106
+ expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a).size).to eq(1)
107
107
 
108
108
 
109
- expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].log_redact).to eq(true)
110
- expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].body_redact).to eq(nil)
111
- expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].body_event).to eq(true)
109
+ expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].log_redact).to eq(true)
110
+ expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].body_redact).to eq(nil)
111
+ expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].body_event).to eq(true)
112
112
 
113
- end
114
- end
115
- context "Request Options" do
116
- it "Ignores non-global scoped policy" do
117
- policy_json_requests = {
118
- "policy_id"=>"x1a1",
119
- "data"=>{
120
- "request_protections"=>[
121
- {
122
- "variable_context"=>"form",
123
- "variables"=>["test123"],
124
- "actions"=>{
125
- "log"=>["redact"],
126
- "body"=>["event"]
127
- }
128
- }
129
- ]
130
- }
113
+ end
114
+ end
115
+ context "Request Options" do
116
+ it "Ignores non-global scoped policy" do
117
+ policy_json_requests = {
118
+ "policy_id"=>"x1a1",
119
+ "data"=>{
120
+ "request_protections"=>[
121
+ {
122
+ "variable_context"=>"form",
123
+ "variables"=>["test123"],
124
+ "actions"=>{
125
+ "log"=>["redact"],
126
+ "body"=>["event"]
127
+ }
131
128
  }
132
- policy_three = DataLossPolicy.fromJson(policy_json_requests)
133
- expect(policy_three.get_actions_for_request("form","test123").to_a[0].body_event).to eq(true)
134
- expect(policy_three.get_actions_for_request("form","test123").to_a[0].log_event).to eq(nil)
135
- end
136
- it "Reads in the policy" do
137
- policy_json_requests = {
138
- "policy_id"=>"x1a1",
139
- "data"=>{
140
- "request_protections"=>[
141
- {
142
- "variable_context"=>"form",
143
- "scope"=>"route",
144
- "route_ids"=>["routex"],
145
- "variables"=>["test123"],
146
- "actions"=>{
147
- "log"=>["redact"],
148
- "body"=>["event"]
149
- }
150
- }
151
- ]
152
- }
129
+ ]
130
+ }
131
+ }
132
+ policy_three = DataLossPolicy.fromJson(policy_json_requests)
133
+ expect(policy_three.get_actions_for_request("form","test123").to_a[0].body_event).to eq(true)
134
+ expect(policy_three.get_actions_for_request("form","test123").to_a[0].log_event).to eq(nil)
135
+ end
136
+ it "Reads in the policy" do
137
+ policy_json_requests = {
138
+ "policy_id"=>"x1a1",
139
+ "data"=>{
140
+ "request_protections"=>[
141
+ {
142
+ "variable_context"=>"form",
143
+ "scope"=>"route",
144
+ "route_ids"=>["routex"],
145
+ "variables"=>["test123"],
146
+ "actions"=>{
147
+ "log"=>["redact"],
148
+ "body"=>["event"]
149
+ }
153
150
  }
154
- policy_three = DataLossPolicy.fromJson(policy_json_requests)
155
- entry_wildcard_route = policy_three.get_actions_for_request("form","TeSt123")
156
- entry_given_route = policy_three.get_actions_for_request("form","TeSt123","routex")
157
- expect(entry_wildcard_route).to eq(nil)
158
- expect(entry_given_route.size).to eq(1)
159
- expect(entry_given_route.to_a[0].body_redact).to eq(nil)
160
- expect(entry_given_route.to_a[0].log_redact).to eq(true)
161
- end
151
+ ]
152
+ }
153
+ }
154
+ policy_three = DataLossPolicy.fromJson(policy_json_requests)
155
+ entry_wildcard_route = policy_three.get_actions_for_request("form","TeSt123")
156
+ entry_given_route = policy_three.get_actions_for_request("form","TeSt123","routex")
157
+ expect(entry_wildcard_route).to eq(nil)
158
+ expect(entry_given_route.size).to eq(1)
159
+ expect(entry_given_route.to_a[0].body_redact).to eq(nil)
160
+ expect(entry_given_route.to_a[0].log_redact).to eq(true)
161
+ end
162
162
 
163
- it "Reads in the policy with cookie (redact/event)" do
164
- policy_json_requests = {
165
- "policy_id"=>"x1a1",
166
- "data"=>{
167
- "request_protections"=>[
168
- {
169
- "variable_context"=>"cookie",
170
- "scope"=>"route",
171
- "route_ids"=>["routex"],
172
- "variables"=>["test123"],
173
- "actions"=>{
174
- "log"=>["redact"],
175
- "body"=>["event"]
176
- }
177
- }
178
- ]
179
- }
163
+ it "Reads in the policy with cookie (redact/event)" do
164
+ policy_json_requests = {
165
+ "policy_id"=>"x1a1",
166
+ "data"=>{
167
+ "request_protections"=>[
168
+ {
169
+ "variable_context"=>"cookie",
170
+ "scope"=>"route",
171
+ "route_ids"=>["routex"],
172
+ "variables"=>["test123"],
173
+ "actions"=>{
174
+ "log"=>["redact"],
175
+ "body"=>["event"]
176
+ }
180
177
  }
181
- policy_three = DataLossPolicy.fromJson(policy_json_requests)
182
- entry_wildcard_route = policy_three.get_actions_for_request("cookie","test123")
183
- entry_given_route = policy_three.get_actions_for_request("cookie","test123","routex")
184
- expect(entry_wildcard_route).to eq(nil)
185
- expect(entry_given_route.size).to eq(1)
186
- expect(entry_given_route.to_a[0].body_redact).to eq(nil)
187
- expect(entry_given_route.to_a[0].log_redact).to eq(true)
188
- end
178
+ ]
179
+ }
180
+ }
181
+ policy_three = DataLossPolicy.fromJson(policy_json_requests)
182
+ entry_wildcard_route = policy_three.get_actions_for_request("cookie","test123")
183
+ entry_given_route = policy_three.get_actions_for_request("cookie","test123","routex")
184
+ expect(entry_wildcard_route).to eq(nil)
185
+ expect(entry_given_route.size).to eq(1)
186
+ expect(entry_given_route.to_a[0].body_redact).to eq(nil)
187
+ expect(entry_given_route.to_a[0].log_redact).to eq(true)
188
+ end
189
189
 
190
- it "Reads in the policy with mixed-case cookie (redact/event)" do
191
- policy_json_requests = {
192
- "policy_id"=>"x1a1",
193
- "data"=>{
194
- "request_protections"=>[
195
- {
196
- "variable_context"=>"cookie",
197
- "scope"=>"route",
198
- "route_ids"=>["routex"],
199
- "variables"=>["teST123"],
200
- "actions"=>{
201
- "log"=>["redact"],
202
- "body"=>["event"]
203
- }
204
- }
205
- ]
206
- }
190
+ it "Reads in the policy with mixed-case cookie (redact/event)" do
191
+ policy_json_requests = {
192
+ "policy_id"=>"x1a1",
193
+ "data"=>{
194
+ "request_protections"=>[
195
+ {
196
+ "variable_context"=>"cookie",
197
+ "scope"=>"route",
198
+ "route_ids"=>["routex"],
199
+ "variables"=>["teST123"],
200
+ "actions"=>{
201
+ "log"=>["redact"],
202
+ "body"=>["event"]
203
+ }
207
204
  }
208
- policy_three = DataLossPolicy.fromJson(policy_json_requests)
209
- entry_wildcard_route = policy_three.get_actions_for_request("cookie","test123")
210
- entry_given_route = policy_three.get_actions_for_request("cookie","test123","routex")
211
- expect(entry_wildcard_route).to eq(nil)
212
- expect(entry_given_route).to eq(nil)
213
- end
205
+ ]
206
+ }
207
+ }
208
+ policy_three = DataLossPolicy.fromJson(policy_json_requests)
209
+ entry_wildcard_route = policy_three.get_actions_for_request("cookie","test123")
210
+ entry_given_route = policy_three.get_actions_for_request("cookie","test123","routex")
211
+ expect(entry_wildcard_route).to eq(nil)
212
+ expect(entry_given_route).to eq(nil)
213
+ end
214
214
 
215
- it "Reads in the policy with header (redact/event)" do
216
- policy_json_requests = {
217
- "policy_id"=>"x1a1",
218
- "data"=>{
219
- "request_protections"=>[
220
- {
221
- "variable_context"=>"header",
222
- "scope"=>"route",
223
- "route_ids"=>["routex"],
224
- "variables"=>["test123"],
225
- "actions"=>{
226
- "log"=>["redact"],
227
- "body"=>["event"]
228
- }
229
- }
230
- ]
231
- }
215
+ it "Reads in the policy with header (redact/event)" do
216
+ policy_json_requests = {
217
+ "policy_id"=>"x1a1",
218
+ "data"=>{
219
+ "request_protections"=>[
220
+ {
221
+ "variable_context"=>"header",
222
+ "scope"=>"route",
223
+ "route_ids"=>["routex"],
224
+ "variables"=>["test123"],
225
+ "actions"=>{
226
+ "log"=>["redact"],
227
+ "body"=>["event"]
228
+ }
232
229
  }
233
- policy_three = DataLossPolicy.fromJson(policy_json_requests)
234
- entry_wildcard_route = policy_three.get_actions_for_request("header","TeSt123")
235
- entry_given_route = policy_three.get_actions_for_request("header","TeSt123","routex")
236
- expect(entry_wildcard_route).to eq(nil)
237
- expect(entry_given_route.size).to eq(1)
238
- expect(entry_given_route.to_a[0].body_redact).to eq(nil)
239
- expect(entry_given_route.to_a[0].log_redact).to eq(true)
240
- end
241
- end
242
-
230
+ ]
231
+ }
232
+ }
233
+ policy_three = DataLossPolicy.fromJson(policy_json_requests)
234
+ entry_wildcard_route = policy_three.get_actions_for_request("header","TeSt123")
235
+ entry_given_route = policy_three.get_actions_for_request("header","TeSt123","routex")
236
+ expect(entry_wildcard_route).to eq(nil)
237
+ expect(entry_given_route.size).to eq(1)
238
+ expect(entry_given_route.to_a[0].body_redact).to eq(nil)
239
+ expect(entry_given_route.to_a[0].log_redact).to eq(true)
243
240
  end
241
+ end
242
+
244
243
  end
244
+ end
245
245
  end