RubyGems - tcell_agent - Versions diffs - 0.4.0 → 1.0.0 - Mend

tcell_agent 0.4.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (199) hide show

checksums.yaml +4 -4
data/Rakefile +9 -22
data/bin/tcell_agent +127 -132
data/lib/tcell_agent/agent/event_processor.rb +23 -22
data/lib/tcell_agent/agent/fork_pipe_manager.rb +7 -7
data/lib/tcell_agent/agent/policy_manager.rb +20 -15
data/lib/tcell_agent/agent/policy_types.rb +5 -11
data/lib/tcell_agent/agent/static_agent.rb +5 -1
data/lib/tcell_agent/agent.rb +6 -4
data/lib/tcell_agent/api.rb +7 -9
data/lib/tcell_agent/appsensor/meta_data.rb +11 -4
data/lib/tcell_agent/authlogic.rb +3 -3
data/lib/tcell_agent/cmdi.rb +6 -4
data/lib/tcell_agent/config/unknown_options.rb +3 -1
data/lib/tcell_agent/configuration.rb +47 -49
data/lib/tcell_agent/devise.rb +2 -2
data/lib/tcell_agent/hooks/login_fraud.rb +58 -29
data/lib/tcell_agent/instrumentation.rb +11 -10
data/lib/tcell_agent/logger.rb +2 -2
data/lib/tcell_agent/patches/meta_data.rb +9 -13
data/lib/tcell_agent/patches.rb +7 -10
data/lib/tcell_agent/policies/clickjacking_policy.rb +4 -5
data/lib/tcell_agent/policies/content_security_policy.rb +6 -12
data/lib/tcell_agent/policies/dataloss_policy.rb +2 -2
data/lib/tcell_agent/policies/http_redirect_policy.rb +2 -2
data/lib/tcell_agent/policies/policy.rb +0 -2
data/lib/tcell_agent/policies/rust_policies.rb +90 -0
data/lib/tcell_agent/policies/secure_headers_policy.rb +2 -2
data/lib/tcell_agent/rails/auth/authlogic.rb +42 -24
data/lib/tcell_agent/rails/auth/devise.rb +44 -23
data/lib/tcell_agent/rails/auth/doorkeeper.rb +33 -15
data/lib/tcell_agent/rails/better_ip.rb +1 -1
data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
data/lib/tcell_agent/rails/dlp/process_request.rb +1 -1
data/lib/tcell_agent/rails/dlp.rb +6 -6
data/lib/tcell_agent/rails/dlp_handler.rb +1 -1
data/lib/tcell_agent/rails/js_agent_insert.rb +1 -1
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
data/lib/tcell_agent/rails/middleware/context_middleware.rb +3 -2
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +10 -9
data/lib/tcell_agent/rails/routes/grape.rb +6 -6
data/lib/tcell_agent/rails/routes.rb +8 -11
data/lib/tcell_agent/rust/libtcellagent-0.11.1.dylib +0 -0
data/lib/tcell_agent/rust/{libtcellagent-0.6.1.so → libtcellagent-0.11.1.so} +0 -0
data/lib/tcell_agent/rust/models.rb +16 -0
data/lib/tcell_agent/rust/tcellagent-0.11.1.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +119 -48
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +17 -20
data/lib/tcell_agent/sensor_events/command_injection.rb +50 -5
data/lib/tcell_agent/sensor_events/login_fraud.rb +34 -18
data/lib/tcell_agent/sensor_events/patches.rb +21 -0
data/lib/tcell_agent/sensor_events/server_agent.rb +3 -3
data/lib/tcell_agent/sensor_events/util/utils.rb +4 -3
data/lib/tcell_agent/servers/puma.rb +2 -2
data/lib/tcell_agent/servers/unicorn.rb +1 -1
data/lib/tcell_agent/utils/passwords.rb +28 -0
data/lib/tcell_agent/version.rb +1 -1
data/lib/tcell_agent.rb +1 -5
data/spec/apps/rails-3.2/config/tcell_agent.config +15 -0
data/spec/apps/rails-3.2/log/development.log +0 -0
data/spec/apps/rails-3.2/log/test.log +12 -0
data/spec/apps/rails-4.1/log/test.log +0 -0
data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +46 -45
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +276 -164
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +44 -47
data/spec/lib/tcell_agent/api/api_spec.rb +16 -16
data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +131 -116
data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +55 -51
data/spec/lib/tcell_agent/cmdi_spec.rb +413 -436
data/spec/lib/tcell_agent/config/unknown_options_spec.rb +145 -128
data/spec/lib/tcell_agent/configuration_spec.rb +165 -169
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +144 -153
data/spec/lib/tcell_agent/instrumentation_spec.rb +84 -85
data/spec/lib/tcell_agent/patches_spec.rb +70 -111
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +313 -244
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +28 -28
data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +643 -513
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +55 -102
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +111 -134
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +141 -146
data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +8 -8
data/spec/lib/tcell_agent/policies/login_policy_spec.rb +15 -17
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +231 -559
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +27 -27
data/spec/lib/tcell_agent/rails/better_ip_spec.rb +30 -34
data/spec/lib/tcell_agent/rails/logger_spec.rb +50 -49
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +182 -199
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +110 -84
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +107 -85
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +68 -40
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +81 -67
data/spec/lib/tcell_agent/rails/responses_spec.rb +33 -37
data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +116 -121
data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +25 -28
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +87 -85
data/spec/lib/tcell_agent/rails_spec.rb +1 -6
data/spec/lib/tcell_agent/rust/models_spec.rb +112 -0
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +502 -179
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +44 -33
data/spec/lib/tcell_agent/sensor_events/dlp_spec.rb +4 -4
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +183 -169
data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +25 -25
data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +17 -20
data/spec/lib/tcell_agent/utils/params_spec.rb +28 -28
data/spec/lib/tcell_agent/utils/passwords_spec.rb +143 -0
data/spec/lib/tcell_agent/utils/strings_spec.rb +35 -35
data/spec/lib/tcell_agent_spec.rb +8 -8
data/spec/spec_helper.rb +4 -4
data/spec/support/middleware_helper.rb +10 -10
data/spec/support/static_agent_overrides.rb +16 -12
data/tcell_agent.gemspec +17 -33
metadata +43 -198
data/LICENSE_libinjection +0 -32
data/Readme.txt +0 -7
data/ext/libinjection/extconf.rb +0 -3
data/ext/libinjection/libinjection.h +0 -65
data/ext/libinjection/libinjection_html5.c +0 -847
data/ext/libinjection/libinjection_html5.h +0 -54
data/ext/libinjection/libinjection_sqli.c +0 -2317
data/ext/libinjection/libinjection_sqli.h +0 -295
data/ext/libinjection/libinjection_sqli_data.h +0 -9004
data/ext/libinjection/libinjection_wrap.c +0 -3525
data/ext/libinjection/libinjection_xss.c +0 -531
data/ext/libinjection/libinjection_xss.h +0 -21
data/lib/tcell_agent/appsensor/injections_matcher.rb +0 -155
data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +0 -49
data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +0 -67
data/lib/tcell_agent/appsensor/rules/baserules.json +0 -467
data/lib/tcell_agent/patches/block_rule.rb +0 -93
data/lib/tcell_agent/patches/sensors_matcher.rb +0 -31
data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +0 -23
data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +0 -23
data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +0 -117
data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +0 -26
data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +0 -22
data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +0 -34
data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +0 -34
data/lib/tcell_agent/policies/appsensor_policy.rb +0 -49
data/lib/tcell_agent/policies/command_injection_policy.rb +0 -196
data/lib/tcell_agent/policies/honeytokens_policy.rb +0 -69
data/lib/tcell_agent/policies/patches_policy.rb +0 -84
data/lib/tcell_agent/rust/libtcellagent-0.6.1.dylib +0 -0
data/lib/tcell_agent/rust/tcellagent-0.6.1.dll +0 -0
data/spec/apps/rails-3.2/Gemfile +0 -25
data/spec/apps/rails-3.2/Gemfile.lock +0 -126
data/spec/apps/rails-3.2/Rakefile +0 -7
data/spec/apps/rails-3.2/app/assets/images/rails.png +0 -0
data/spec/apps/rails-3.2/app/assets/javascripts/application.js +0 -15
data/spec/apps/rails-3.2/app/assets/stylesheets/application.css +0 -13
data/spec/apps/rails-3.2/app/controllers/application_controller.rb +0 -3
data/spec/apps/rails-3.2/app/controllers/t_cell_app_controller.rb +0 -5
data/spec/apps/rails-3.2/app/helpers/application_helper.rb +0 -2
data/spec/apps/rails-3.2/app/views/layouts/application.html.erb +0 -14
data/spec/apps/rails-3.2/app/views/t_cell_app/index.html.erb +0 -1
data/spec/apps/rails-3.2/config/application.rb +0 -63
data/spec/apps/rails-3.2/config/boot.rb +0 -6
data/spec/apps/rails-3.2/config/environment.rb +0 -5
data/spec/apps/rails-3.2/config/environments/test.rb +0 -37
data/spec/apps/rails-3.2/config/routes.rb +0 -11
data/spec/apps/rails-3.2/config.ru +0 -4
data/spec/apps/rails-4.1/Gemfile +0 -7
data/spec/apps/rails-4.1/Gemfile.lock +0 -114
data/spec/apps/rails-4.1/Rakefile +0 -6
data/spec/apps/rails-4.1/app/assets/javascripts/application.js +0 -16
data/spec/apps/rails-4.1/app/assets/stylesheets/application.css +0 -15
data/spec/apps/rails-4.1/app/controllers/application_controller.rb +0 -5
data/spec/apps/rails-4.1/app/controllers/t_cell_app_controller.rb +0 -5
data/spec/apps/rails-4.1/app/helpers/application_helper.rb +0 -2
data/spec/apps/rails-4.1/app/views/layouts/application.html.erb +0 -14
data/spec/apps/rails-4.1/app/views/t_cell_app/index.html.erb +0 -1
data/spec/apps/rails-4.1/config/application.rb +0 -24
data/spec/apps/rails-4.1/config/boot.rb +0 -4
data/spec/apps/rails-4.1/config/environment.rb +0 -5
data/spec/apps/rails-4.1/config/environments/test.rb +0 -41
data/spec/apps/rails-4.1/config/initializers/assets.rb +0 -8
data/spec/apps/rails-4.1/config/initializers/backtrace_silencers.rb +0 -7
data/spec/apps/rails-4.1/config/initializers/cookies_serializer.rb +0 -3
data/spec/apps/rails-4.1/config/initializers/filter_parameter_logging.rb +0 -4
data/spec/apps/rails-4.1/config/initializers/inflections.rb +0 -16
data/spec/apps/rails-4.1/config/initializers/mime_types.rb +0 -4
data/spec/apps/rails-4.1/config/initializers/session_store.rb +0 -3
data/spec/apps/rails-4.1/config/initializers/wrap_parameters.rb +0 -14
data/spec/apps/rails-4.1/config/locales/en.yml +0 -23
data/spec/apps/rails-4.1/config/routes.rb +0 -12
data/spec/apps/rails-4.1/config/secrets.yml +0 -22
data/spec/apps/rails-4.1/config.ru +0 -4
data/spec/controllers/application_controller.rb +0 -12
data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +0 -522
data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +0 -23
data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +0 -159
data/spec/lib/tcell_agent/patches/block_rule_spec.rb +0 -458
data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +0 -35
data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +0 -139
data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +0 -139
data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +0 -167
data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +0 -139
data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +0 -246
data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +0 -882
data/spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb +0 -22

data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb CHANGED Viewed

@@ -2,14 +2,13 @@ require 'spec_helper'
 module TCellAgent
   module Policies
     describe ContentSecurityPolicy do
-      context "test empty agent" do
-        it "enabled is false" do
+      context 'test empty agent' do
+        it 'enabled is false' do
           policy_json_empty = {
-            "policy_id"=>"01a1",
-            "data"=>{
-              "options"=>{
+            'policy_id' => '01a1',
+            'data' => {
+              'options' => {
               }
             }
@@ -17,58 +16,58 @@ module TCellAgent
           empty_policy = ContentSecurityPolicy.from_json(policy_json_empty)
-          expect(empty_policy.policy_id).to eq("01a1")
+          expect(empty_policy.policy_id).to eq('01a1')
           expect(empty_policy.js_agent_api_key).to eq(nil)
         end
       end
-      context "tests xss is true and enabled true" do
-        it "returns true" do
+      context 'tests xss is true and enabled true' do
+        it 'returns true' do
           policy_json_one = {
-            "policy_id"=>"01a1",
-            "data"=>{
-              "options"=>{
-                "js_agent_api_key"=>"000-000-1"
+            'policy_id' => '01a1',
+            'data' => {
+              'options' => {
+                'js_agent_api_key' => '000-000-1'
               }
             }
           }
           from_json = ContentSecurityPolicy.from_json(policy_json_one)
-          expect(from_json.policy_id).to eq("01a1")
-          expect(from_json.js_agent_api_key).to eq("000-000-1")
+          expect(from_json.policy_id).to eq('01a1')
+          expect(from_json.js_agent_api_key).to eq('000-000-1')
         end
       end
-      context "initialized with 3 items" do
-        it "returns true" do
+      context 'initialized with 3 items' do
+        it 'returns true' do
           content_security_policy_json = {
-            "policy_id"=>"00a1",
-            "headers"=>[
-              {"name"=>"csp", "value"=>"csp header value"}
+            'policy_id' => '00a1',
+            'headers' => [
+              { 'name' => 'csp', 'value' => 'csp header value' }
             ]
           }
           csp_from_json = ContentSecurityPolicy.from_json(content_security_policy_json)
-          expect(csp_from_json.policy_id).to eq("00a1")
-          expect(csp_from_json.headers[0].type).to eq("csp")
-          expect(csp_from_json.headers[0].value).to eq("csp header value")
+          expect(csp_from_json.policy_id).to eq('00a1')
+          expect(csp_from_json.headers[0].type).to eq('csp')
+          expect(csp_from_json.headers[0].value).to eq('csp header value')
         end
       end
-      context "headers match up appropriately" do
-        it "returns content-security-policy headers" do
-          expect(ContentSecurityPolicy.cspHeadersForType("csp")).to match_array(["Content-Security-Policy"])
+      context 'headers match up appropriately' do
+        it 'returns content-security-policy headers' do
+          expect(ContentSecurityPolicy.cspHeadersForType('csp')).to match_array(['Content-Security-Policy'])
         end
       end
-      context "csp header example, invalid header" do
-        it "returns false" do
+      context 'csp header example, invalid header' do
+        it 'returns false' do
           content_security_policy_json = {
-            "policy_id"=>"01a1",
-            "headers"=>[
-              {"name"=>"csp-header-is-bad", "value"=>"csp header value"}
+            'policy_id' => '01a1',
+            'headers' => [
+              { 'name' => 'csp-header-is-bad', 'value' => 'csp header value' }
             ]
           }
@@ -78,12 +77,12 @@ module TCellAgent
         end
       end
-      context "secure header, value is bad" do
-        it "returns false" do
+      context 'secure header, value is bad' do
+        it 'returns false' do
           content_security_policy_json = {
-            "policy_id"=>"01a1",
-            "headers"=>[
-              {"name"=>"csp", "value"=>"value123\\nabc"}
+            'policy_id' => '01a1',
+            'headers' => [
+              { 'name' => 'csp', 'value' => 'value123\\nabc' }
             ]
           }
           csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
@@ -91,85 +90,39 @@ module TCellAgent
         end
       end
-      context "secure header, report-uri seperate" do
-        it "returns false" do
+      context 'secure header, report-uri seperate' do
+        it 'returns false' do
           content_security_policy_json = {
-            "policy_id"=>"01a1",
-            "headers"=>[
-              {"name"=>"csp", "value"=>"value normal", "report-uri"=>"https://example.com/abcdde"}
+            'policy_id' => '01a1',
+            'headers' => [
+              { 'name' => 'csp', 'value' => 'value normal', 'report-uri' => 'https://example.com/abcdde' }
             ]
           }
           csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
           expect(csp_policy.headers.length).to eq(1)
-          expect(csp_policy.headers[0].value).to eq("value normal; report-uri https://example.com/abcdde?c=-815891691")
-          expect(csp_policy.headers[0].value("1","2","3")).to eq("value normal; report-uri https://example.com/abcdde?tid=1&sid=3&rid=2&c=1777384531")
+          expect(csp_policy.headers[0].value).to eq('value normal; report-uri https://example.com/abcdde?c=-815891691')
+          expect(csp_policy.headers[0].value('1', '2', '3')).to eq('value normal; report-uri https://example.com/abcdde?tid=1&sid=3&rid=2&c=1777384531')
         end
       end
-      context "modifying js_agent_url" do
-        context "csp header value does not include new js agent url" do
-          it "should have the configuration set to the default js_agent_url value" do
-            expect(TCellAgent.configuration.js_agent_url).to eq("https://api.tcell.io/tcellagent.min.js")
-            content_security_policy_json = {
-              "policy_id"=>"01a1",
-              "headers"=>[
-                {"name"=>"csp", "value"=>"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/"}
-              ]
-            }
-            csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
-            expect(csp_policy.headers.length).to eq(1)
-            expect(csp_policy.headers[0].value).to eq("script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/")
-            expect(TCellAgent.configuration.js_agent_url).to eq("https://api.tcell.io/tcellagent.min.js")
-          end
-        end
-        context "csp header value includes new js agent url" do
-          it "should have the configuration set to the default js_agent_url value" do
-            expect(TCellAgent.configuration.js_agent_url).to eq("https://api.tcell.io/tcellagent.min.js")
-            content_security_policy_json = {
-              "policy_id"=>"01a1",
-              "headers"=>[
-                {"name"=>"csp", "value"=>"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/"}
-              ]
-            }
-            csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
-            expect(csp_policy.headers.length).to eq(1)
-            expect(csp_policy.headers[0].value).to eq("script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/")
-            expect(TCellAgent.configuration.js_agent_url).to eq("https://jsagent.tcell.io/tcellagent.min.js")
-          end
-          context "but js_agent_url was not default" do
-            it "should not modify js_agent_url" do
-              TCellAgent.configuration.startup_js_agent_url = "https://www.customer-website.com/tcellagent.min.js"
-              TCellAgent.configuration.js_agent_url = "https://www.customer-website.com/tcellagent.min.js"
-              expect(TCellAgent.configuration.js_agent_url).to eq("https://www.customer-website.com/tcellagent.min.js")
-              content_security_policy_json = {
-                "policy_id"=>"01a1",
-                "headers"=>[
-                  {"name"=>"csp", "value"=>"script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/"}
-                ]
-              }
+      context 'default js_agent_url' do
+        it 'should have the configuration set to the default js_agent_url value' do
+          expect(TCellAgent.configuration.js_agent_url).to eq('https://jsagent.tcell.io/tcellagent.min.js')
-              csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
+          content_security_policy_json = {
+            'policy_id' => '01a1',
+            'headers' => [
+              { 'name' => 'csp', 'value' => "script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/" }
+            ]
+          }
-              expect(csp_policy.headers.length).to eq(1)
-              expect(csp_policy.headers[0].value).to eq("script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/ https://jsagent.tcell.io/")
-              expect(TCellAgent.configuration.js_agent_url).to eq("https://www.customer-website.com/tcellagent.min.js")
+          csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
-              TCellAgent.configuration.startup_js_agent_url = "https://api.tcell.io/tcellagent.min.js"
-              TCellAgent.configuration.js_agent_url = "https://api.tcell.io/tcellagent.min.js"
-            end
-          end
+          expect(csp_policy.headers.length).to eq(1)
+          expect(csp_policy.headers[0].value).to eq("script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/")
+          expect(TCellAgent.configuration.js_agent_url).to eq('https://jsagent.tcell.io/tcellagent.min.js')
         end
       end
     end

data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb CHANGED Viewed

@@ -4,242 +4,219 @@ require 'set'
 module TCellAgent
   module Policies
     describe DataLossPolicy do
-      policy_json = {
-        "policy_id"=>"x1a1",
-        "data"=>{
-          "protections"=>[
-            {"table"=>"user",
-             "field"=>"ssn",
-             "actions"=>{
-               "body"=>["event","redact"],
-               "logs"=>["redact"]
-             }
-          }
-          ]
-        }
-      }
-      policy = DataLossPolicy.from_json(policy_json)
-      # context "initialized with 3 items" do
-      #   it "returns true" do
-      #     expect(policy.get_actions_for("user","ssn")).to eq(["body_redact"].to_set)
-      #   end
-      # end
       policy_json_two = {
-        "policy_id"=>"x1a1",
-        "data"=>{
-          "session_id_protections"=>{"body"=>["redact"], "log"=>["event"]}
+        'policy_id' => 'x1a1',
+        'data' => {
+          'session_id_protections' => { 'body' => ['redact'], 'log' => ['event'] }
         }
       }
       policy_two = DataLossPolicy.from_json(policy_json_two)
-      context "check session_id_protections" do
-        it "gives the right actions" do
+      context 'check session_id_protections' do
+        it 'gives the right actions' do
           expect(policy_two.get_actions_for_session_id.body_redact).to eq(true)
           expect(policy_two.get_actions_for_session_id.log_redact).to eq(nil)
           expect(policy_two.get_actions_for_session_id.log_event).to eq(true)
         end
       end
-      context "Database Options" do
-        it "Ignores bad table" do
+      context 'Database Options' do
+        it 'Ignores bad table' do
           policy_json_requests = {
-            "policy_id"=>"x1a1",
-            "data"=>{
-              "db_protections"=>[
+            'policy_id' => 'x1a1',
+            'data' => {
+              'db_protections' => [
                 {
-                  "databases"=>["dave"],
-                  "schemas"=>["sam"],
-                  "tables"=>["trevor"],
-                  "fields"=>["fred"],
-                  "actions"=>{
-                    "log"=>["redact"],
-                    "body"=>["event"]
+                  'databases' => ['dave'],
+                  'schemas' => ['sam'],
+                  'tables' => ['trevor'],
+                  'fields' => ['fred'],
+                  'actions' => {
+                    'log' => ['redact'],
+                    'body' => ['event']
                   }
                 }
               ]
             }
           }
           db_one_policy = DataLossPolicy.from_json(policy_json_requests)
-          expect(db_one_policy.get_actions_for_table("dave","sam","tommy","fred")).to eq(nil)
+          expect(db_one_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred')).to eq(nil)
         end
-        it "Partial Policy" do
+        it 'Partial Policy' do
           # Assume if databases, schemas that are missing are "*"
           policy_json_requests = {
-            "policy_id"=>"x1a1",
-            "data"=>{
-              "db_protections"=>[
+            'policy_id' => 'x1a1',
+            'data' => {
+              'db_protections' => [
                 {
-                  "fields"=>["fred"],
-                  "actions"=>{
-                    "log"=>["redact"],
-                    "body"=>["event"]
+                  'fields' => ['fred'],
+                  'actions' => {
+                    'log' => ['redact'],
+                    'body' => ['event']
                   }
                 }
               ]
             }
           }
           db_one_policy = DataLossPolicy.from_json(policy_json_requests)
-          expect((db_one_policy.get_actions_for_table("dave","sam","tommy","fred").to_a)[0].log_redact).to eq(true)
-          expect((db_one_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].log_redact).to eq(true)
+          expect(db_one_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred').to_a[0].log_redact).to eq(true)
+          expect(db_one_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred', 'abcd').to_a[0].log_redact).to eq(true)
         end
-        it "Scopes by reoute_id" do
+        it 'Scopes by reoute_id' do
           policy_json_request_ids = {
-            "policy_id"=>"x1a1",
-            "data"=>{
-              "db_protections"=>[
+            'policy_id' => 'x1a1',
+            'data' => {
+              'db_protections' => [
                 {
-                  "scope"=>"route",
-                  "route_ids"=>["abcd"],
-                  "databases"=>["dave"],
-                  "schemas"=>["sam"],
-                  "tables"=>["tommy"],
-                  "fields"=>["fred"],
-                  "actions"=>{
-                    "log"=>["redact"],
-                    "body"=>["event"]
+                  'scope' => 'route',
+                  'route_ids' => ['abcd'],
+                  'databases' => ['dave'],
+                  'schemas' => ['sam'],
+                  'tables' => ['tommy'],
+                  'fields' => ['fred'],
+                  'actions' => {
+                    'log' => ['redact'],
+                    'body' => ['event']
                   }
                 }
               ]
             }
           }
           db_two_policy = DataLossPolicy.from_json(policy_json_request_ids)
-          expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred").to_a).size).to eq(0)
-          expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","other_route").to_a).size).to eq(0)
-          expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a).size).to eq(1)
-          expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].log_redact).to eq(true)
-          expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].body_redact).to eq(nil)
-          expect((db_two_policy.get_actions_for_table("dave","sam","tommy","fred","abcd").to_a)[0].body_event).to eq(true)
+          expect(db_two_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred').to_a.size).to eq(0)
+          expect(db_two_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred', 'other_route').to_a.size).to eq(0)
+          expect(db_two_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred', 'abcd').to_a.size).to eq(1)
+          expect(db_two_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred', 'abcd').to_a[0].log_redact).to eq(true)
+          expect(db_two_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred', 'abcd').to_a[0].body_redact).to eq(nil)
+          expect(db_two_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred', 'abcd').to_a[0].body_event).to eq(true)
         end
       end
-      context "Request Options" do
-        it "Ignores non-global scoped policy" do
+      context 'Request Options' do
+        it 'Ignores non-global scoped policy' do
           policy_json_requests = {
-            "policy_id"=>"x1a1",
-            "data"=>{
-              "request_protections"=>[
+            'policy_id' => 'x1a1',
+            'data' => {
+              'request_protections' => [
                 {
-                  "variable_context"=>"form",
-                  "variables"=>["test123"],
-                  "actions"=>{
-                    "log"=>["redact"],
-                    "body"=>["event"]
+                  'variable_context' => 'form',
+                  'variables' => ['test123'],
+                  'actions' => {
+                    'log' => ['redact'],
+                    'body' => ['event']
                   }
                 }
               ]
             }
           }
           policy_three = DataLossPolicy.from_json(policy_json_requests)
-          expect(policy_three.get_actions_for_request("form","test123").to_a[0].body_event).to eq(true)
-          expect(policy_three.get_actions_for_request("form","test123").to_a[0].log_event).to eq(nil)
+          expect(policy_three.get_actions_for_request('form', 'test123').to_a[0].body_event).to eq(true)
+          expect(policy_three.get_actions_for_request('form', 'test123').to_a[0].log_event).to eq(nil)
         end
-        it "Reads in the policy" do
+        it 'Reads in the policy' do
           policy_json_requests = {
-            "policy_id"=>"x1a1",
-            "data"=>{
-              "request_protections"=>[
+            'policy_id' => 'x1a1',
+            'data' => {
+              'request_protections' => [
                 {
-                  "variable_context"=>"form",
-                  "scope"=>"route",
-                  "route_ids"=>["routex"],
-                  "variables"=>["test123"],
-                  "actions"=>{
-                    "log"=>["redact"],
-                    "body"=>["event"]
+                  'variable_context' => 'form',
+                  'scope' => 'route',
+                  'route_ids' => ['routex'],
+                  'variables' => ['test123'],
+                  'actions' => {
+                    'log' => ['redact'],
+                    'body' => ['event']
                   }
                 }
               ]
             }
           }
           policy_three = DataLossPolicy.from_json(policy_json_requests)
-          entry_wildcard_route = policy_three.get_actions_for_request("form","TeSt123")
-          entry_given_route = policy_three.get_actions_for_request("form","TeSt123","routex")
+          entry_wildcard_route = policy_three.get_actions_for_request('form', 'TeSt123')
+          entry_given_route = policy_three.get_actions_for_request('form', 'TeSt123', 'routex')
           expect(entry_wildcard_route).to eq(nil)
           expect(entry_given_route.size).to eq(1)
           expect(entry_given_route.to_a[0].body_redact).to eq(nil)
           expect(entry_given_route.to_a[0].log_redact).to eq(true)
         end
-        it "Reads in the policy with cookie (redact/event)" do
+        it 'Reads in the policy with cookie (redact/event)' do
           policy_json_requests = {
-            "policy_id"=>"x1a1",
-            "data"=>{
-              "request_protections"=>[
+            'policy_id' => 'x1a1',
+            'data' => {
+              'request_protections' => [
                 {
-                  "variable_context"=>"cookie",
-                  "scope"=>"route",
-                  "route_ids"=>["routex"],
-                  "variables"=>["test123"],
-                  "actions"=>{
-                    "log"=>["redact"],
-                    "body"=>["event"]
+                  'variable_context' => 'cookie',
+                  'scope' => 'route',
+                  'route_ids' => ['routex'],
+                  'variables' => ['test123'],
+                  'actions' => {
+                    'log' => ['redact'],
+                    'body' => ['event']
                   }
                 }
               ]
             }
           }
           policy_three = DataLossPolicy.from_json(policy_json_requests)
-          entry_wildcard_route = policy_three.get_actions_for_request("cookie","test123")
-          entry_given_route = policy_three.get_actions_for_request("cookie","test123","routex")
+          entry_wildcard_route = policy_three.get_actions_for_request('cookie', 'test123')
+          entry_given_route = policy_three.get_actions_for_request('cookie', 'test123', 'routex')
           expect(entry_wildcard_route).to eq(nil)
           expect(entry_given_route.size).to eq(1)
           expect(entry_given_route.to_a[0].body_redact).to eq(nil)
           expect(entry_given_route.to_a[0].log_redact).to eq(true)
         end
-        it "Reads in the policy with mixed-case cookie (redact/event)" do
+        it 'Reads in the policy with mixed-case cookie (redact/event)' do
           policy_json_requests = {
-            "policy_id"=>"x1a1",
-            "data"=>{
-              "request_protections"=>[
+            'policy_id' => 'x1a1',
+            'data' => {
+              'request_protections' => [
                 {
-                  "variable_context"=>"cookie",
-                  "scope"=>"route",
-                  "route_ids"=>["routex"],
-                  "variables"=>["teST123"],
-                  "actions"=>{
-                    "log"=>["redact"],
-                    "body"=>["event"]
+                  'variable_context' => 'cookie',
+                  'scope' => 'route',
+                  'route_ids' => ['routex'],
+                  'variables' => ['teST123'],
+                  'actions' => {
+                    'log' => ['redact'],
+                    'body' => ['event']
                   }
                 }
               ]
             }
           }
           policy_three = DataLossPolicy.from_json(policy_json_requests)
-          entry_wildcard_route = policy_three.get_actions_for_request("cookie","test123")
-          entry_given_route = policy_three.get_actions_for_request("cookie","test123","routex")
+          entry_wildcard_route = policy_three.get_actions_for_request('cookie', 'test123')
+          entry_given_route = policy_three.get_actions_for_request('cookie', 'test123', 'routex')
           expect(entry_wildcard_route).to eq(nil)
           expect(entry_given_route).to eq(nil)
         end
-        it "Reads in the policy with header (redact/event)" do
+        it 'Reads in the policy with header (redact/event)' do
           policy_json_requests = {
-            "policy_id"=>"x1a1",
-            "data"=>{
-              "request_protections"=>[
+            'policy_id' => 'x1a1',
+            'data' => {
+              'request_protections' => [
                 {
-                  "variable_context"=>"header",
-                  "scope"=>"route",
-                  "route_ids"=>["routex"],
-                  "variables"=>["test123"],
-                  "actions"=>{
-                    "log"=>["redact"],
-                    "body"=>["event"]
+                  'variable_context' => 'header',
+                  'scope' => 'route',
+                  'route_ids' => ['routex'],
+                  'variables' => ['test123'],
+                  'actions' => {
+                    'log' => ['redact'],
+                    'body' => ['event']
                   }
                 }
               ]
             }
           }
           policy_three = DataLossPolicy.from_json(policy_json_requests)
-          entry_wildcard_route = policy_three.get_actions_for_request("header","TeSt123")
-          entry_given_route = policy_three.get_actions_for_request("header","TeSt123","routex")
+          entry_wildcard_route = policy_three.get_actions_for_request('header', 'TeSt123')
+          entry_given_route = policy_three.get_actions_for_request('header', 'TeSt123', 'routex')
           expect(entry_wildcard_route).to eq(nil)
           expect(entry_given_route.size).to eq(1)
           expect(entry_given_route.to_a[0].body_redact).to eq(nil)
           expect(entry_given_route.to_a[0].log_redact).to eq(true)
         end
       end
     end
   end
 end