tcell_agent 0.2.8 → 0.2.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,7 +1,6 @@
1
1
  # See the file "LICENSE" for the full license governing this code.
2
2
 
3
3
  require 'rails'
4
- require 'rails/all'
5
4
  require 'uri'
6
5
  require 'tcell_agent/logger'
7
6
  require 'tcell_agent/agent'
@@ -29,31 +28,33 @@ module TCellAgent
29
28
 
30
29
  response = @app.call(env)
31
30
 
32
- response_time = (Time.now.to_f * 1000).to_i - orig
33
- TCellAgent::Instrumentation.safe_block("Handling Route Time") {
34
- route_id = env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].route_id
35
- if route_id
36
- TCellAgent.increment_route(route_id, response_time)
37
- else
38
- TCellAgent.increment_route("", response_time)
39
- end
40
- }
41
- TCellAgent::Instrumentation.safe_block("Handling Sessions Info") {
42
- login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
43
- if (login_fraud_policy && login_fraud_policy.session_hijacking_metrics)
44
- hmac_session_id = env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].hmac_session_id
45
- user_id = env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_id
46
- if user_id && hmac_session_id
47
- TCellAgent.increment_session_info(
48
- hmac_session_id,
49
- user_id,
50
- env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].ip_address,
51
- env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_agent,
52
- )
31
+ if TCellAgent.configuration.should_intercept_requests?
32
+ response_time = (Time.now.to_f * 1000).to_i - orig
33
+ TCellAgent::Instrumentation.safe_block("Handling Route Time") {
34
+ route_id = env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].route_id
35
+ if route_id
36
+ TCellAgent.increment_route(route_id, response_time)
37
+ else
38
+ TCellAgent.increment_route("", response_time)
53
39
  end
54
- end
55
- }
56
- response = self._handle_js_agent_add(request, response)
40
+ }
41
+ TCellAgent::Instrumentation.safe_block("Handling Sessions Info") {
42
+ login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
43
+ if (login_fraud_policy && login_fraud_policy.session_hijacking_metrics)
44
+ hmac_session_id = env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].hmac_session_id
45
+ user_id = env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_id
46
+ if user_id && hmac_session_id
47
+ TCellAgent.increment_session_info(
48
+ hmac_session_id,
49
+ user_id,
50
+ env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].ip_address,
51
+ env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_agent,
52
+ )
53
+ end
54
+ end
55
+ }
56
+ response = self._handle_js_agent_add(request, response)
57
+ end
57
58
 
58
59
  response
59
60
  end
@@ -30,18 +30,22 @@ module TCellAgent
30
30
  end
31
31
 
32
32
  def call(env)
33
- env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID] = TCellAgent::Instrumentation::TCellData.new
34
- TCellAgent::Instrumentation.safe_block("Setting transaction_id") {
35
- env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].transaction_id = SecureRandom.uuid
36
- request = Rack::Request.new(env)
37
- env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].uri = request.fullpath
38
- }
39
- env["filter_body_set"] = Set.new
40
- ContextMiddleware::THREADS[Thread.current.object_id] = env
33
+ if TCellAgent.configuration.should_intercept_requests?
34
+ env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID] = TCellAgent::Instrumentation::TCellData.new
35
+ TCellAgent::Instrumentation.safe_block("Setting transaction_id") {
36
+ env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].transaction_id = SecureRandom.uuid
37
+ request = Rack::Request.new(env)
38
+ env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].uri = request.fullpath
39
+ }
40
+ env["filter_body_set"] = Set.new
41
+ ContextMiddleware::THREADS[Thread.current.object_id] = env
42
+ end
41
43
 
42
44
  response = @app.call(env)
43
45
 
44
- ContextMiddleware::THREADS.delete(Thread.current.object_id)
46
+ if TCellAgent.configuration.should_intercept_requests?
47
+ ContextMiddleware::THREADS.delete(Thread.current.object_id)
48
+ end
45
49
 
46
50
  response
47
51
  end
@@ -27,28 +27,30 @@ module TCellAgent
27
27
  end
28
28
 
29
29
  def call(env)
30
- request = Rack::Request.new(env)
31
- TCellAgent::Instrumentation.safe_block("Setting session_id & user_id") {
32
- if request.session
33
- env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].session_id =
34
- request.session["session_id"]
35
- env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_id =
36
- TCellAgent::UserInformation.getUserFromRequest(request)
37
- end
38
- }
39
-
40
- TCellAgent::Instrumentation.safe_block("Setting hmac_session_id") {
41
- hmac_key = TCellAgent::SensorEvents::Util.getHmacKey()
42
- if request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].session_id
43
- env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].hmac_session_id =
44
- TCellAgent::SensorEvents::Util.hmac(request.env["tcell.request_data"].session_id, hmac_key)
45
- end
46
- }
47
-
48
- TCellAgent::Instrumentation.safe_block("Setting and ip address user agent") {
49
- env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].ip_address = request.ip
50
- env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_agent = request.user_agent
51
- }
30
+ if TCellAgent.configuration.should_intercept_requests?
31
+ request = Rack::Request.new(env)
32
+ TCellAgent::Instrumentation.safe_block("Setting session_id & user_id") {
33
+ if request.session
34
+ env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].session_id =
35
+ request.session["session_id"]
36
+ env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_id =
37
+ TCellAgent::UserInformation.getUserFromRequest(request)
38
+ end
39
+ }
40
+
41
+ TCellAgent::Instrumentation.safe_block("Setting hmac_session_id") {
42
+ hmac_key = TCellAgent::SensorEvents::Util.getHmacKey()
43
+ if request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].session_id
44
+ env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].hmac_session_id =
45
+ TCellAgent::SensorEvents::Util.hmac(request.env["tcell.request_data"].session_id, hmac_key)
46
+ end
47
+ }
48
+
49
+ TCellAgent::Instrumentation.safe_block("Setting and ip address user agent") {
50
+ env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].ip_address = request.ip
51
+ env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_agent = request.user_agent
52
+ }
53
+ end
52
54
 
53
55
  response = @app.call(env)
54
56
 
@@ -31,16 +31,18 @@ module TCellAgent
31
31
 
32
32
  response = @app.call(env)
33
33
 
34
- status, headers, active_response = response
35
- TCellAgent::Instrumentation.safe_block("Handling Request") {
36
- tcell_response = response
37
- tcell_response = self._handle_appsensor(request, tcell_response)
38
- tcell_response = self._handle_redirect(request, tcell_response)
39
- tcell_response = self._set_csp_header(request, tcell_response)
40
- tcell_response = self._set_clickjacking_header(request, tcell_response)
41
- tcell_response = self._set_secure_headers(request, tcell_response)
42
- response = tcell_response
43
- }
34
+ if TCellAgent.configuration.should_intercept_requests?
35
+ status, headers, active_response = response
36
+ TCellAgent::Instrumentation.safe_block("Handling Request") {
37
+ tcell_response = response
38
+ tcell_response = self._handle_appsensor(request, tcell_response)
39
+ tcell_response = self._handle_redirect(request, tcell_response)
40
+ tcell_response = self._set_csp_header(request, tcell_response)
41
+ tcell_response = self._set_clickjacking_header(request, tcell_response)
42
+ tcell_response = self._set_secure_headers(request, tcell_response)
43
+ response = tcell_response
44
+ }
45
+ end
44
46
 
45
47
  response
46
48
  end
@@ -108,17 +110,20 @@ module TCellAgent
108
110
  def _handle_redirect(request, response)
109
111
  TCellAgent::Instrumentation.safe_block("Handling Redirect Headers") {
110
112
  status, headers, active_response = response
111
-
112
113
  http_redirect_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HttpRedirect)
113
114
  if http_redirect_policy && headers.has_key?("Location")
114
115
  local_uri = URI.parse(request.url)
116
+ route_id = request.env["tcell.request_data"].route_id
117
+ session_id = request.env["tcell.request_data"].session_id
115
118
  new_location = http_redirect_policy.enforce(
116
119
  headers["Location"],
117
120
  local_uri.host,
118
121
  request.fullpath,
119
122
  request.request_method,
123
+ route_id,
120
124
  status,
121
- request.ip)
125
+ request.ip,
126
+ session_id)
122
127
  # Enforcement
123
128
  if (new_location)
124
129
  headers["Location"] = new_location
@@ -3,19 +3,19 @@
3
3
  #require 'tcell_agent/authlogic' if defined?(Authlogic)
4
4
  require 'tcell_agent/configuration'
5
5
 
6
- require 'rails/all'
7
6
  require 'rails'
8
7
 
9
8
  TCellAgent::Instrumentation::Rails.send_language_info
10
- TCellAgent::Instrumentation::Rails.send_framework_info
11
- if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
12
- module TCellAgent
13
- module Instrumentation
14
- module Rails
15
- METHODS = ['GET','POST','PUT','DELETE','HEAD',
16
- 'PATCH','TRACE','CONNECT','OPTIONS']
9
+ TCellAgent::Instrumentation::Rails.send_framework_info
10
+
11
+ module TCellAgent
12
+ module Instrumentation
13
+ module Rails
14
+ METHODS = ['GET','POST','PUT','DELETE','HEAD',
15
+ 'PATCH','TRACE','CONNECT','OPTIONS']
17
16
 
18
- def self.instrument_route(route)
17
+ def self.instrument_route(route)
18
+ if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
19
19
  if (route.constraints.has_key? :request_method)
20
20
  route_path = "#{route.path.spec}"
21
21
  if (route_path.end_with?("(.:format)"))
@@ -35,65 +35,69 @@ if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrumen
35
35
  }
36
36
  end
37
37
  end
38
+ end
38
39
 
39
- def self.instrument_routes
40
- if ::Rails.application
41
- ::Rails.application.routes.routes.each do |route|
42
- self.instrument_route(route)
43
- end
44
- end
45
- end
46
-
47
- if (::Rails::VERSION::MAJOR == 3)
48
- ActionDispatch::Routing::RouteSet.class_eval do
49
- alias_method :original_add_route, :add_route
50
- def add_route(app, conditions = {}, requirements = {}, defaults = {}, name = nil, anchor = true)
51
- route = original_add_route(app, conditions, requirements, defaults, name, anchor)
52
-
53
- TCellAgent::Instrumentation::Rails.instrument_route(route)
54
-
55
- route
56
- end
40
+ def self.instrument_routes
41
+ if ::Rails.application
42
+ ::Rails.application.routes.routes.each do |route|
43
+ self.instrument_route(route)
57
44
  end
58
45
  end
46
+ end
59
47
 
60
- if (::Rails::VERSION::MAJOR == 4)
61
- ActionDispatch::Journey::Routes.class_eval do
48
+ if (::Rails::VERSION::MAJOR == 3)
49
+ ActionDispatch::Routing::RouteSet.class_eval do
62
50
  alias_method :original_add_route, :add_route
63
- def add_route(app, path, conditions, defaults, name = nil)
64
- route = original_add_route(app, path, conditions, defaults, name)
51
+ def add_route(app, conditions = {}, requirements = {}, defaults = {}, name = nil, anchor = true)
52
+ route = original_add_route(app, conditions, requirements, defaults, name, anchor)
65
53
 
66
54
  TCellAgent::Instrumentation::Rails.instrument_route(route)
67
55
 
68
56
  route
69
57
  end
70
- end
71
58
  end
59
+ end
72
60
 
61
+ if (::Rails::VERSION::MAJOR == 4)
62
+ ActionDispatch::Journey::Routes.class_eval do
63
+ alias_method :original_add_route, :add_route
64
+ def add_route(app, path, conditions, defaults, name = nil)
65
+ route = original_add_route(app, path, conditions, defaults, name)
66
+
67
+ TCellAgent::Instrumentation::Rails.instrument_route(route)
68
+
69
+ route
70
+ end
71
+ end
73
72
  end
73
+
74
74
  end
75
75
  end
76
+ end
76
77
 
77
- if (Rails.application)
78
+ if (Rails.application)
79
+ if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
78
80
  TCellAgent::Instrumentation::Rails.send_settings(Rails.application)
79
- else
80
- module TCellAgent
81
- class MyRailtie < Rails::Railtie
82
- initializer 'activeservice.autoload', :after => :set_autoload_paths do |app|
83
- if (TCellAgent.configuration.enabled)
84
- Rails.application.config.to_prepare do
85
- require 'tcell_agent/devise' if defined?(Devise)
86
- require 'tcell_agent/rails/auth/devise' if defined?(Devise)
87
- require 'tcell_agent/authlogic' if defined?(Authlogic)
88
- require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
89
- end
81
+ end
90
82
 
91
- Rails.application.config.after_initialize do
92
- TCellAgent::Instrumentation::Rails.send_settings(Rails.application)
93
- end
83
+ else
84
+ module TCellAgent
85
+ class MyRailtie < Rails::Railtie
86
+ initializer 'activeservice.autoload', :after => :set_autoload_paths do |app|
87
+ Rails.application.config.to_prepare do
88
+ require 'tcell_agent/devise' if defined?(Devise)
89
+ require 'tcell_agent/rails/auth/devise' if defined?(Devise)
90
+ require 'tcell_agent/authlogic' if defined?(Authlogic)
91
+ require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
92
+ end
93
+
94
+ # TODO: will this get run ever?
95
+ if (TCellAgent.configuration.enabled)
96
+ Rails.application.config.after_initialize do
97
+ TCellAgent::Instrumentation::Rails.send_settings(Rails.application)
94
98
  end
95
99
  end
96
100
  end
97
101
  end
98
102
  end
99
- end
103
+ end
@@ -1,14 +1,14 @@
1
1
  require 'tcell_agent/configuration'
2
2
 
3
- if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument? && TCellAgent.configuration.should_intercept_requests?
3
+ module TCellAgent
4
+ ActiveSupport.on_load(:action_controller) do
5
+ ActionController::Base.class_eval do
4
6
 
5
- module TCellAgent
6
- ActiveSupport.on_load(:action_controller) do
7
- ActionController::Base.class_eval do
7
+ prepend_around_filter :tell_around_filter_routes
8
+ def tell_around_filter_routes
9
+ begin
8
10
 
9
- prepend_around_filter :tell_around_filter_routes
10
- def tell_around_filter_routes
11
- begin
11
+ if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument? && TCellAgent.configuration.should_intercept_requests?
12
12
  TCellAgent::Instrumentation.safe_block("Determining Rails Route ID") {
13
13
  route = Rails.application.routes.router.recognize(request) { |r, _| r }.first
14
14
  if route
@@ -19,86 +19,85 @@ if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrumen
19
19
  end
20
20
  end
21
21
  }
22
- def loop_params_hash(method, param_hash, prefix, &block)
23
- param_hash.each do |param_name, param_value|
24
- if param_value && param_value.is_a?(Hash)
25
- loop_params_hash(method, param_value, 'hash', &block)
26
- elsif !param_value || !param_value.instance_of?(String) || param_value == ""
27
- next
28
- else
29
- block.call(method, param_name, param_value)
30
- end
31
- end
22
+ def loop_params_hash(method, param_hash, prefix, &block)
23
+ param_hash.each do |param_name, param_value|
24
+ if param_value && param_value.is_a?(Hash)
25
+ loop_params_hash(method, param_value, 'hash', &block)
26
+ elsif !param_value || !param_value.instance_of?(String) || param_value == ""
27
+ next
28
+ else
29
+ block.call(method, param_name, param_value)
32
30
  end
33
- def for_params(request, &block)
34
- get_params = request.GET
35
- if get_params
36
- self.loop_params_hash('get', get_params, nil, &block)
37
- end
38
- post_params = request.POST
39
- if post_params
40
- self.loop_params_hash('post', post_params, nil, &block)
41
- end
42
- end
43
- def _handle_dataexpsure_forms(request)
44
- dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
45
- tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
46
- if tcell_context && dataex_policy && dataex_policy.has_actions_for_form_parameter?
47
- for_params(request) { |method, param_name, param_value|
48
- actions = dataex_policy.get_actions_for_request("form",param_name)
49
- if actions
50
- actions.each { |action|
51
- tcell_context.add_filter_for_request_parameter(param_value, action, param_name)
52
- }
53
- end
31
+ end
32
+ end
33
+ def for_params(request, &block)
34
+ get_params = request.GET
35
+ if get_params
36
+ self.loop_params_hash('get', get_params, nil, &block)
37
+ end
38
+ post_params = request.POST
39
+ if post_params
40
+ self.loop_params_hash('post', post_params, nil, &block)
41
+ end
42
+ end
43
+ def _handle_dataexpsure_forms(request)
44
+ dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
45
+ tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
46
+ if tcell_context && dataex_policy && dataex_policy.has_actions_for_form_parameter?
47
+ for_params(request) { |method, param_name, param_value|
48
+ actions = dataex_policy.get_actions_for_request("form",param_name)
49
+ if actions
50
+ actions.each { |action|
51
+ tcell_context.add_filter_for_request_parameter(param_value, action, param_name)
54
52
  }
55
53
  end
56
- end
57
- TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request forms)") {
58
- _handle_dataexpsure_forms(request)
59
54
  }
60
-
61
- def _handle_dataexpsure_headers(request)
62
- dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
63
- tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
64
- if tcell_context && dataex_policy && dataex_policy.has_actions_for_headers?
65
- headers = request.env.select {|k,v| k.start_with? 'HTTP_'}
66
- headers.each { |header_name, header_value|
67
- header_name = header_name.sub(/^HTTP_/, '').gsub('_','-')
68
- actions = dataex_policy.get_actions_for_header(header_name)
69
- if actions
70
- actions.each { |action|
71
- tcell_context.add_filter_for_header_value(header_value, action, header_name)
72
- }
73
- end
55
+ end
56
+ end
57
+ TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request forms)") {
58
+ _handle_dataexpsure_forms(request)
59
+ }
60
+ def _handle_dataexpsure_headers(request)
61
+ dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
62
+ tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
63
+ if tcell_context && dataex_policy && dataex_policy.has_actions_for_headers?
64
+ headers = request.env.select {|k,v| k.start_with? 'HTTP_'}
65
+ headers.each { |header_name, header_value|
66
+ header_name = header_name.sub(/^HTTP_/, '').gsub('_','-')
67
+ actions = dataex_policy.get_actions_for_header(header_name)
68
+ if actions
69
+ actions.each { |action|
70
+ tcell_context.add_filter_for_header_value(header_value, action, header_name)
74
71
  }
75
72
  end
76
- end
77
- TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request headers)") {
78
- _handle_dataexpsure_headers(request)
79
73
  }
80
-
81
- def _handler_dataexposure_cookies(request)
82
- dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
83
- tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
84
- if tcell_context && dataex_policy && dataex_policy.has_actions_for_cookie?
85
- request.cookies.each { |cookie_name, cookie_value|
86
- actions = dataex_policy.get_actions_for_cookie(cookie_name)
87
- if actions
88
- actions.each { |action|
89
- tcell_context.add_filter_for_cookie_value(cookie_value, action, cookie_name)
90
- }
91
- end
74
+ end
75
+ end
76
+ TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request headers)") {
77
+ _handle_dataexpsure_headers(request)
78
+ }
79
+ def _handler_dataexposure_cookies(request)
80
+ dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
81
+ tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
82
+ if tcell_context && dataex_policy && dataex_policy.has_actions_for_cookie?
83
+ request.cookies.each { |cookie_name, cookie_value|
84
+ actions = dataex_policy.get_actions_for_cookie(cookie_name)
85
+ if actions
86
+ actions.each { |action|
87
+ tcell_context.add_filter_for_cookie_value(cookie_value, action, cookie_name)
92
88
  }
93
89
  end
94
- end
95
- TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request cookies)") {
96
- _handler_dataexposure_cookies(request)
97
90
  }
98
- yield
91
+ end
92
+ end
93
+ TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request cookies)") {
94
+ _handler_dataexposure_cookies(request)
95
+ }
99
96
  end
97
+
98
+ yield
100
99
  end
101
100
  end
102
101
  end
103
102
  end
104
- end
103
+ end