tcell_agent 0.2.8 → 0.2.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/tcell_agent/agent/event_processor.rb +14 -0
- data/lib/tcell_agent/agent/policy_manager.rb +48 -17
- data/lib/tcell_agent/configuration.rb +20 -7
- data/lib/tcell_agent/policies/http_redirect_policy.rb +2 -2
- data/lib/tcell_agent/rails.rb +0 -3
- data/lib/tcell_agent/rails/auth/authlogic.rb +46 -41
- data/lib/tcell_agent/rails/auth/devise.rb +45 -39
- data/lib/tcell_agent/rails/dlp.rb +126 -84
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +26 -25
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +13 -9
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +24 -22
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +17 -12
- data/lib/tcell_agent/rails/on_start.rb +52 -48
- data/lib/tcell_agent/rails/routes.rb +74 -75
- data/lib/tcell_agent/sensor_events/sensor.rb +4 -1
- data/lib/tcell_agent/servers/thin.rb +1 -0
- data/lib/tcell_agent/servers/unicorn.rb +82 -6
- data/lib/tcell_agent/start_background_thread.rb +24 -19
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +218 -0
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +2 -2
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +89 -0
- data/spec/spec_helper.rb +9 -0
- metadata +30 -26
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
# See the file "LICENSE" for the full license governing this code.
|
|
2
2
|
|
|
3
3
|
require 'rails'
|
|
4
|
-
require 'rails/all'
|
|
5
4
|
require 'uri'
|
|
6
5
|
require 'tcell_agent/logger'
|
|
7
6
|
require 'tcell_agent/agent'
|
|
@@ -29,31 +28,33 @@ module TCellAgent
|
|
|
29
28
|
|
|
30
29
|
response = @app.call(env)
|
|
31
30
|
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
}
|
|
41
|
-
TCellAgent::Instrumentation.safe_block("Handling Sessions Info") {
|
|
42
|
-
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
|
43
|
-
if (login_fraud_policy && login_fraud_policy.session_hijacking_metrics)
|
|
44
|
-
hmac_session_id = env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].hmac_session_id
|
|
45
|
-
user_id = env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_id
|
|
46
|
-
if user_id && hmac_session_id
|
|
47
|
-
TCellAgent.increment_session_info(
|
|
48
|
-
hmac_session_id,
|
|
49
|
-
user_id,
|
|
50
|
-
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].ip_address,
|
|
51
|
-
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_agent,
|
|
52
|
-
)
|
|
31
|
+
if TCellAgent.configuration.should_intercept_requests?
|
|
32
|
+
response_time = (Time.now.to_f * 1000).to_i - orig
|
|
33
|
+
TCellAgent::Instrumentation.safe_block("Handling Route Time") {
|
|
34
|
+
route_id = env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].route_id
|
|
35
|
+
if route_id
|
|
36
|
+
TCellAgent.increment_route(route_id, response_time)
|
|
37
|
+
else
|
|
38
|
+
TCellAgent.increment_route("", response_time)
|
|
53
39
|
end
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
40
|
+
}
|
|
41
|
+
TCellAgent::Instrumentation.safe_block("Handling Sessions Info") {
|
|
42
|
+
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
|
43
|
+
if (login_fraud_policy && login_fraud_policy.session_hijacking_metrics)
|
|
44
|
+
hmac_session_id = env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].hmac_session_id
|
|
45
|
+
user_id = env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_id
|
|
46
|
+
if user_id && hmac_session_id
|
|
47
|
+
TCellAgent.increment_session_info(
|
|
48
|
+
hmac_session_id,
|
|
49
|
+
user_id,
|
|
50
|
+
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].ip_address,
|
|
51
|
+
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_agent,
|
|
52
|
+
)
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
}
|
|
56
|
+
response = self._handle_js_agent_add(request, response)
|
|
57
|
+
end
|
|
57
58
|
|
|
58
59
|
response
|
|
59
60
|
end
|
|
@@ -30,18 +30,22 @@ module TCellAgent
|
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
def call(env)
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
33
|
+
if TCellAgent.configuration.should_intercept_requests?
|
|
34
|
+
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID] = TCellAgent::Instrumentation::TCellData.new
|
|
35
|
+
TCellAgent::Instrumentation.safe_block("Setting transaction_id") {
|
|
36
|
+
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].transaction_id = SecureRandom.uuid
|
|
37
|
+
request = Rack::Request.new(env)
|
|
38
|
+
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].uri = request.fullpath
|
|
39
|
+
}
|
|
40
|
+
env["filter_body_set"] = Set.new
|
|
41
|
+
ContextMiddleware::THREADS[Thread.current.object_id] = env
|
|
42
|
+
end
|
|
41
43
|
|
|
42
44
|
response = @app.call(env)
|
|
43
45
|
|
|
44
|
-
|
|
46
|
+
if TCellAgent.configuration.should_intercept_requests?
|
|
47
|
+
ContextMiddleware::THREADS.delete(Thread.current.object_id)
|
|
48
|
+
end
|
|
45
49
|
|
|
46
50
|
response
|
|
47
51
|
end
|
|
@@ -27,28 +27,30 @@ module TCellAgent
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
def call(env)
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
TCellAgent::
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].
|
|
44
|
-
TCellAgent::
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
30
|
+
if TCellAgent.configuration.should_intercept_requests?
|
|
31
|
+
request = Rack::Request.new(env)
|
|
32
|
+
TCellAgent::Instrumentation.safe_block("Setting session_id & user_id") {
|
|
33
|
+
if request.session
|
|
34
|
+
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].session_id =
|
|
35
|
+
request.session["session_id"]
|
|
36
|
+
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_id =
|
|
37
|
+
TCellAgent::UserInformation.getUserFromRequest(request)
|
|
38
|
+
end
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
TCellAgent::Instrumentation.safe_block("Setting hmac_session_id") {
|
|
42
|
+
hmac_key = TCellAgent::SensorEvents::Util.getHmacKey()
|
|
43
|
+
if request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].session_id
|
|
44
|
+
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].hmac_session_id =
|
|
45
|
+
TCellAgent::SensorEvents::Util.hmac(request.env["tcell.request_data"].session_id, hmac_key)
|
|
46
|
+
end
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
TCellAgent::Instrumentation.safe_block("Setting and ip address user agent") {
|
|
50
|
+
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].ip_address = request.ip
|
|
51
|
+
env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID].user_agent = request.user_agent
|
|
52
|
+
}
|
|
53
|
+
end
|
|
52
54
|
|
|
53
55
|
response = @app.call(env)
|
|
54
56
|
|
|
@@ -31,16 +31,18 @@ module TCellAgent
|
|
|
31
31
|
|
|
32
32
|
response = @app.call(env)
|
|
33
33
|
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
34
|
+
if TCellAgent.configuration.should_intercept_requests?
|
|
35
|
+
status, headers, active_response = response
|
|
36
|
+
TCellAgent::Instrumentation.safe_block("Handling Request") {
|
|
37
|
+
tcell_response = response
|
|
38
|
+
tcell_response = self._handle_appsensor(request, tcell_response)
|
|
39
|
+
tcell_response = self._handle_redirect(request, tcell_response)
|
|
40
|
+
tcell_response = self._set_csp_header(request, tcell_response)
|
|
41
|
+
tcell_response = self._set_clickjacking_header(request, tcell_response)
|
|
42
|
+
tcell_response = self._set_secure_headers(request, tcell_response)
|
|
43
|
+
response = tcell_response
|
|
44
|
+
}
|
|
45
|
+
end
|
|
44
46
|
|
|
45
47
|
response
|
|
46
48
|
end
|
|
@@ -108,17 +110,20 @@ module TCellAgent
|
|
|
108
110
|
def _handle_redirect(request, response)
|
|
109
111
|
TCellAgent::Instrumentation.safe_block("Handling Redirect Headers") {
|
|
110
112
|
status, headers, active_response = response
|
|
111
|
-
|
|
112
113
|
http_redirect_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HttpRedirect)
|
|
113
114
|
if http_redirect_policy && headers.has_key?("Location")
|
|
114
115
|
local_uri = URI.parse(request.url)
|
|
116
|
+
route_id = request.env["tcell.request_data"].route_id
|
|
117
|
+
session_id = request.env["tcell.request_data"].session_id
|
|
115
118
|
new_location = http_redirect_policy.enforce(
|
|
116
119
|
headers["Location"],
|
|
117
120
|
local_uri.host,
|
|
118
121
|
request.fullpath,
|
|
119
122
|
request.request_method,
|
|
123
|
+
route_id,
|
|
120
124
|
status,
|
|
121
|
-
request.ip
|
|
125
|
+
request.ip,
|
|
126
|
+
session_id)
|
|
122
127
|
# Enforcement
|
|
123
128
|
if (new_location)
|
|
124
129
|
headers["Location"] = new_location
|
|
@@ -3,19 +3,19 @@
|
|
|
3
3
|
#require 'tcell_agent/authlogic' if defined?(Authlogic)
|
|
4
4
|
require 'tcell_agent/configuration'
|
|
5
5
|
|
|
6
|
-
require 'rails/all'
|
|
7
6
|
require 'rails'
|
|
8
7
|
|
|
9
8
|
TCellAgent::Instrumentation::Rails.send_language_info
|
|
10
|
-
TCellAgent::Instrumentation::Rails.send_framework_info
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
9
|
+
TCellAgent::Instrumentation::Rails.send_framework_info
|
|
10
|
+
|
|
11
|
+
module TCellAgent
|
|
12
|
+
module Instrumentation
|
|
13
|
+
module Rails
|
|
14
|
+
METHODS = ['GET','POST','PUT','DELETE','HEAD',
|
|
15
|
+
'PATCH','TRACE','CONNECT','OPTIONS']
|
|
17
16
|
|
|
18
|
-
|
|
17
|
+
def self.instrument_route(route)
|
|
18
|
+
if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
|
|
19
19
|
if (route.constraints.has_key? :request_method)
|
|
20
20
|
route_path = "#{route.path.spec}"
|
|
21
21
|
if (route_path.end_with?("(.:format)"))
|
|
@@ -35,65 +35,69 @@ if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrumen
|
|
|
35
35
|
}
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
|
+
end
|
|
38
39
|
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
end
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
if (::Rails::VERSION::MAJOR == 3)
|
|
48
|
-
ActionDispatch::Routing::RouteSet.class_eval do
|
|
49
|
-
alias_method :original_add_route, :add_route
|
|
50
|
-
def add_route(app, conditions = {}, requirements = {}, defaults = {}, name = nil, anchor = true)
|
|
51
|
-
route = original_add_route(app, conditions, requirements, defaults, name, anchor)
|
|
52
|
-
|
|
53
|
-
TCellAgent::Instrumentation::Rails.instrument_route(route)
|
|
54
|
-
|
|
55
|
-
route
|
|
56
|
-
end
|
|
40
|
+
def self.instrument_routes
|
|
41
|
+
if ::Rails.application
|
|
42
|
+
::Rails.application.routes.routes.each do |route|
|
|
43
|
+
self.instrument_route(route)
|
|
57
44
|
end
|
|
58
45
|
end
|
|
46
|
+
end
|
|
59
47
|
|
|
60
|
-
|
|
61
|
-
|
|
48
|
+
if (::Rails::VERSION::MAJOR == 3)
|
|
49
|
+
ActionDispatch::Routing::RouteSet.class_eval do
|
|
62
50
|
alias_method :original_add_route, :add_route
|
|
63
|
-
def add_route(app,
|
|
64
|
-
route = original_add_route(app,
|
|
51
|
+
def add_route(app, conditions = {}, requirements = {}, defaults = {}, name = nil, anchor = true)
|
|
52
|
+
route = original_add_route(app, conditions, requirements, defaults, name, anchor)
|
|
65
53
|
|
|
66
54
|
TCellAgent::Instrumentation::Rails.instrument_route(route)
|
|
67
55
|
|
|
68
56
|
route
|
|
69
57
|
end
|
|
70
|
-
end
|
|
71
58
|
end
|
|
59
|
+
end
|
|
72
60
|
|
|
61
|
+
if (::Rails::VERSION::MAJOR == 4)
|
|
62
|
+
ActionDispatch::Journey::Routes.class_eval do
|
|
63
|
+
alias_method :original_add_route, :add_route
|
|
64
|
+
def add_route(app, path, conditions, defaults, name = nil)
|
|
65
|
+
route = original_add_route(app, path, conditions, defaults, name)
|
|
66
|
+
|
|
67
|
+
TCellAgent::Instrumentation::Rails.instrument_route(route)
|
|
68
|
+
|
|
69
|
+
route
|
|
70
|
+
end
|
|
71
|
+
end
|
|
73
72
|
end
|
|
73
|
+
|
|
74
74
|
end
|
|
75
75
|
end
|
|
76
|
+
end
|
|
76
77
|
|
|
77
|
-
|
|
78
|
+
if (Rails.application)
|
|
79
|
+
if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
|
|
78
80
|
TCellAgent::Instrumentation::Rails.send_settings(Rails.application)
|
|
79
|
-
|
|
80
|
-
module TCellAgent
|
|
81
|
-
class MyRailtie < Rails::Railtie
|
|
82
|
-
initializer 'activeservice.autoload', :after => :set_autoload_paths do |app|
|
|
83
|
-
if (TCellAgent.configuration.enabled)
|
|
84
|
-
Rails.application.config.to_prepare do
|
|
85
|
-
require 'tcell_agent/devise' if defined?(Devise)
|
|
86
|
-
require 'tcell_agent/rails/auth/devise' if defined?(Devise)
|
|
87
|
-
require 'tcell_agent/authlogic' if defined?(Authlogic)
|
|
88
|
-
require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
|
|
89
|
-
end
|
|
81
|
+
end
|
|
90
82
|
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
83
|
+
else
|
|
84
|
+
module TCellAgent
|
|
85
|
+
class MyRailtie < Rails::Railtie
|
|
86
|
+
initializer 'activeservice.autoload', :after => :set_autoload_paths do |app|
|
|
87
|
+
Rails.application.config.to_prepare do
|
|
88
|
+
require 'tcell_agent/devise' if defined?(Devise)
|
|
89
|
+
require 'tcell_agent/rails/auth/devise' if defined?(Devise)
|
|
90
|
+
require 'tcell_agent/authlogic' if defined?(Authlogic)
|
|
91
|
+
require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
# TODO: will this get run ever?
|
|
95
|
+
if (TCellAgent.configuration.enabled)
|
|
96
|
+
Rails.application.config.after_initialize do
|
|
97
|
+
TCellAgent::Instrumentation::Rails.send_settings(Rails.application)
|
|
94
98
|
end
|
|
95
99
|
end
|
|
96
100
|
end
|
|
97
101
|
end
|
|
98
102
|
end
|
|
99
|
-
end
|
|
103
|
+
end
|
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
require 'tcell_agent/configuration'
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
module TCellAgent
|
|
4
|
+
ActiveSupport.on_load(:action_controller) do
|
|
5
|
+
ActionController::Base.class_eval do
|
|
4
6
|
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
7
|
+
prepend_around_filter :tell_around_filter_routes
|
|
8
|
+
def tell_around_filter_routes
|
|
9
|
+
begin
|
|
8
10
|
|
|
9
|
-
|
|
10
|
-
def tell_around_filter_routes
|
|
11
|
-
begin
|
|
11
|
+
if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument? && TCellAgent.configuration.should_intercept_requests?
|
|
12
12
|
TCellAgent::Instrumentation.safe_block("Determining Rails Route ID") {
|
|
13
13
|
route = Rails.application.routes.router.recognize(request) { |r, _| r }.first
|
|
14
14
|
if route
|
|
@@ -19,86 +19,85 @@ if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrumen
|
|
|
19
19
|
end
|
|
20
20
|
end
|
|
21
21
|
}
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
end
|
|
31
|
-
end
|
|
22
|
+
def loop_params_hash(method, param_hash, prefix, &block)
|
|
23
|
+
param_hash.each do |param_name, param_value|
|
|
24
|
+
if param_value && param_value.is_a?(Hash)
|
|
25
|
+
loop_params_hash(method, param_value, 'hash', &block)
|
|
26
|
+
elsif !param_value || !param_value.instance_of?(String) || param_value == ""
|
|
27
|
+
next
|
|
28
|
+
else
|
|
29
|
+
block.call(method, param_name, param_value)
|
|
32
30
|
end
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
def for_params(request, &block)
|
|
34
|
+
get_params = request.GET
|
|
35
|
+
if get_params
|
|
36
|
+
self.loop_params_hash('get', get_params, nil, &block)
|
|
37
|
+
end
|
|
38
|
+
post_params = request.POST
|
|
39
|
+
if post_params
|
|
40
|
+
self.loop_params_hash('post', post_params, nil, &block)
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
def _handle_dataexpsure_forms(request)
|
|
44
|
+
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
|
45
|
+
tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
|
|
46
|
+
if tcell_context && dataex_policy && dataex_policy.has_actions_for_form_parameter?
|
|
47
|
+
for_params(request) { |method, param_name, param_value|
|
|
48
|
+
actions = dataex_policy.get_actions_for_request("form",param_name)
|
|
49
|
+
if actions
|
|
50
|
+
actions.each { |action|
|
|
51
|
+
tcell_context.add_filter_for_request_parameter(param_value, action, param_name)
|
|
54
52
|
}
|
|
55
53
|
end
|
|
56
|
-
end
|
|
57
|
-
TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request forms)") {
|
|
58
|
-
_handle_dataexpsure_forms(request)
|
|
59
54
|
}
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request forms)") {
|
|
58
|
+
_handle_dataexpsure_forms(request)
|
|
59
|
+
}
|
|
60
|
+
def _handle_dataexpsure_headers(request)
|
|
61
|
+
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
|
62
|
+
tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
|
|
63
|
+
if tcell_context && dataex_policy && dataex_policy.has_actions_for_headers?
|
|
64
|
+
headers = request.env.select {|k,v| k.start_with? 'HTTP_'}
|
|
65
|
+
headers.each { |header_name, header_value|
|
|
66
|
+
header_name = header_name.sub(/^HTTP_/, '').gsub('_','-')
|
|
67
|
+
actions = dataex_policy.get_actions_for_header(header_name)
|
|
68
|
+
if actions
|
|
69
|
+
actions.each { |action|
|
|
70
|
+
tcell_context.add_filter_for_header_value(header_value, action, header_name)
|
|
74
71
|
}
|
|
75
72
|
end
|
|
76
|
-
end
|
|
77
|
-
TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request headers)") {
|
|
78
|
-
_handle_dataexpsure_headers(request)
|
|
79
73
|
}
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request headers)") {
|
|
77
|
+
_handle_dataexpsure_headers(request)
|
|
78
|
+
}
|
|
79
|
+
def _handler_dataexposure_cookies(request)
|
|
80
|
+
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
|
81
|
+
tcell_context = request.env[TCellAgent::Instrumentation::Rails::Middleware::TCELL_ID]
|
|
82
|
+
if tcell_context && dataex_policy && dataex_policy.has_actions_for_cookie?
|
|
83
|
+
request.cookies.each { |cookie_name, cookie_value|
|
|
84
|
+
actions = dataex_policy.get_actions_for_cookie(cookie_name)
|
|
85
|
+
if actions
|
|
86
|
+
actions.each { |action|
|
|
87
|
+
tcell_context.add_filter_for_cookie_value(cookie_value, action, cookie_name)
|
|
92
88
|
}
|
|
93
89
|
end
|
|
94
|
-
end
|
|
95
|
-
TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request cookies)") {
|
|
96
|
-
_handler_dataexposure_cookies(request)
|
|
97
90
|
}
|
|
98
|
-
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
TCellAgent::Instrumentation.safe_block("Handling Dataexposure (request cookies)") {
|
|
94
|
+
_handler_dataexposure_cookies(request)
|
|
95
|
+
}
|
|
99
96
|
end
|
|
97
|
+
|
|
98
|
+
yield
|
|
100
99
|
end
|
|
101
100
|
end
|
|
102
101
|
end
|
|
103
102
|
end
|
|
104
|
-
end
|
|
103
|
+
end
|