tcell_agent 0.4.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (199) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +9 -22
  3. data/bin/tcell_agent +127 -132
  4. data/lib/tcell_agent/agent/event_processor.rb +23 -22
  5. data/lib/tcell_agent/agent/fork_pipe_manager.rb +7 -7
  6. data/lib/tcell_agent/agent/policy_manager.rb +20 -15
  7. data/lib/tcell_agent/agent/policy_types.rb +5 -11
  8. data/lib/tcell_agent/agent/static_agent.rb +5 -1
  9. data/lib/tcell_agent/agent.rb +6 -4
  10. data/lib/tcell_agent/api.rb +7 -9
  11. data/lib/tcell_agent/appsensor/meta_data.rb +11 -4
  12. data/lib/tcell_agent/authlogic.rb +3 -3
  13. data/lib/tcell_agent/cmdi.rb +6 -4
  14. data/lib/tcell_agent/config/unknown_options.rb +3 -1
  15. data/lib/tcell_agent/configuration.rb +47 -49
  16. data/lib/tcell_agent/devise.rb +2 -2
  17. data/lib/tcell_agent/hooks/login_fraud.rb +58 -29
  18. data/lib/tcell_agent/instrumentation.rb +11 -10
  19. data/lib/tcell_agent/logger.rb +2 -2
  20. data/lib/tcell_agent/patches/meta_data.rb +9 -13
  21. data/lib/tcell_agent/patches.rb +7 -10
  22. data/lib/tcell_agent/policies/clickjacking_policy.rb +4 -5
  23. data/lib/tcell_agent/policies/content_security_policy.rb +6 -12
  24. data/lib/tcell_agent/policies/dataloss_policy.rb +2 -2
  25. data/lib/tcell_agent/policies/http_redirect_policy.rb +2 -2
  26. data/lib/tcell_agent/policies/policy.rb +0 -2
  27. data/lib/tcell_agent/policies/rust_policies.rb +90 -0
  28. data/lib/tcell_agent/policies/secure_headers_policy.rb +2 -2
  29. data/lib/tcell_agent/rails/auth/authlogic.rb +42 -24
  30. data/lib/tcell_agent/rails/auth/devise.rb +44 -23
  31. data/lib/tcell_agent/rails/auth/doorkeeper.rb +33 -15
  32. data/lib/tcell_agent/rails/better_ip.rb +1 -1
  33. data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
  34. data/lib/tcell_agent/rails/dlp/process_request.rb +1 -1
  35. data/lib/tcell_agent/rails/dlp.rb +6 -6
  36. data/lib/tcell_agent/rails/dlp_handler.rb +1 -1
  37. data/lib/tcell_agent/rails/js_agent_insert.rb +1 -1
  38. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
  39. data/lib/tcell_agent/rails/middleware/context_middleware.rb +3 -2
  40. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +10 -9
  41. data/lib/tcell_agent/rails/routes/grape.rb +6 -6
  42. data/lib/tcell_agent/rails/routes.rb +8 -11
  43. data/lib/tcell_agent/rust/libtcellagent-0.11.1.dylib +0 -0
  44. data/lib/tcell_agent/rust/{libtcellagent-0.6.1.so → libtcellagent-0.11.1.so} +0 -0
  45. data/lib/tcell_agent/rust/models.rb +16 -0
  46. data/lib/tcell_agent/rust/tcellagent-0.11.1.dll +0 -0
  47. data/lib/tcell_agent/rust/whisperer.rb +119 -48
  48. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +17 -20
  49. data/lib/tcell_agent/sensor_events/command_injection.rb +50 -5
  50. data/lib/tcell_agent/sensor_events/login_fraud.rb +34 -18
  51. data/lib/tcell_agent/sensor_events/patches.rb +21 -0
  52. data/lib/tcell_agent/sensor_events/server_agent.rb +3 -3
  53. data/lib/tcell_agent/sensor_events/util/utils.rb +4 -3
  54. data/lib/tcell_agent/servers/puma.rb +2 -2
  55. data/lib/tcell_agent/servers/unicorn.rb +1 -1
  56. data/lib/tcell_agent/utils/passwords.rb +28 -0
  57. data/lib/tcell_agent/version.rb +1 -1
  58. data/lib/tcell_agent.rb +1 -5
  59. data/spec/apps/rails-3.2/config/tcell_agent.config +15 -0
  60. data/spec/apps/rails-3.2/log/development.log +0 -0
  61. data/spec/apps/rails-3.2/log/test.log +12 -0
  62. data/spec/apps/rails-4.1/log/test.log +0 -0
  63. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +46 -45
  64. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +276 -164
  65. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +44 -47
  66. data/spec/lib/tcell_agent/api/api_spec.rb +16 -16
  67. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +131 -116
  68. data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +55 -51
  69. data/spec/lib/tcell_agent/cmdi_spec.rb +413 -436
  70. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +145 -128
  71. data/spec/lib/tcell_agent/configuration_spec.rb +165 -169
  72. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +144 -153
  73. data/spec/lib/tcell_agent/instrumentation_spec.rb +84 -85
  74. data/spec/lib/tcell_agent/patches_spec.rb +70 -111
  75. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +313 -244
  76. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +28 -28
  77. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +643 -513
  78. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +55 -102
  79. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +111 -134
  80. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +141 -146
  81. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +8 -8
  82. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +15 -17
  83. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +231 -559
  84. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +27 -27
  85. data/spec/lib/tcell_agent/rails/better_ip_spec.rb +30 -34
  86. data/spec/lib/tcell_agent/rails/logger_spec.rb +50 -49
  87. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +182 -199
  88. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +110 -84
  89. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +107 -85
  90. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +68 -40
  91. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +81 -67
  92. data/spec/lib/tcell_agent/rails/responses_spec.rb +33 -37
  93. data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +116 -121
  94. data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +25 -28
  95. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +87 -85
  96. data/spec/lib/tcell_agent/rails_spec.rb +1 -6
  97. data/spec/lib/tcell_agent/rust/models_spec.rb +112 -0
  98. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +502 -179
  99. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +44 -33
  100. data/spec/lib/tcell_agent/sensor_events/dlp_spec.rb +4 -4
  101. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +183 -169
  102. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +25 -25
  103. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +17 -20
  104. data/spec/lib/tcell_agent/utils/params_spec.rb +28 -28
  105. data/spec/lib/tcell_agent/utils/passwords_spec.rb +143 -0
  106. data/spec/lib/tcell_agent/utils/strings_spec.rb +35 -35
  107. data/spec/lib/tcell_agent_spec.rb +8 -8
  108. data/spec/spec_helper.rb +4 -4
  109. data/spec/support/middleware_helper.rb +10 -10
  110. data/spec/support/static_agent_overrides.rb +16 -12
  111. data/tcell_agent.gemspec +17 -33
  112. metadata +43 -198
  113. data/LICENSE_libinjection +0 -32
  114. data/Readme.txt +0 -7
  115. data/ext/libinjection/extconf.rb +0 -3
  116. data/ext/libinjection/libinjection.h +0 -65
  117. data/ext/libinjection/libinjection_html5.c +0 -847
  118. data/ext/libinjection/libinjection_html5.h +0 -54
  119. data/ext/libinjection/libinjection_sqli.c +0 -2317
  120. data/ext/libinjection/libinjection_sqli.h +0 -295
  121. data/ext/libinjection/libinjection_sqli_data.h +0 -9004
  122. data/ext/libinjection/libinjection_wrap.c +0 -3525
  123. data/ext/libinjection/libinjection_xss.c +0 -531
  124. data/ext/libinjection/libinjection_xss.h +0 -21
  125. data/lib/tcell_agent/appsensor/injections_matcher.rb +0 -155
  126. data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +0 -49
  127. data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +0 -67
  128. data/lib/tcell_agent/appsensor/rules/baserules.json +0 -467
  129. data/lib/tcell_agent/patches/block_rule.rb +0 -93
  130. data/lib/tcell_agent/patches/sensors_matcher.rb +0 -31
  131. data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +0 -23
  132. data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +0 -23
  133. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +0 -117
  134. data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +0 -26
  135. data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +0 -22
  136. data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +0 -34
  137. data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +0 -34
  138. data/lib/tcell_agent/policies/appsensor_policy.rb +0 -49
  139. data/lib/tcell_agent/policies/command_injection_policy.rb +0 -196
  140. data/lib/tcell_agent/policies/honeytokens_policy.rb +0 -69
  141. data/lib/tcell_agent/policies/patches_policy.rb +0 -84
  142. data/lib/tcell_agent/rust/libtcellagent-0.6.1.dylib +0 -0
  143. data/lib/tcell_agent/rust/tcellagent-0.6.1.dll +0 -0
  144. data/spec/apps/rails-3.2/Gemfile +0 -25
  145. data/spec/apps/rails-3.2/Gemfile.lock +0 -126
  146. data/spec/apps/rails-3.2/Rakefile +0 -7
  147. data/spec/apps/rails-3.2/app/assets/images/rails.png +0 -0
  148. data/spec/apps/rails-3.2/app/assets/javascripts/application.js +0 -15
  149. data/spec/apps/rails-3.2/app/assets/stylesheets/application.css +0 -13
  150. data/spec/apps/rails-3.2/app/controllers/application_controller.rb +0 -3
  151. data/spec/apps/rails-3.2/app/controllers/t_cell_app_controller.rb +0 -5
  152. data/spec/apps/rails-3.2/app/helpers/application_helper.rb +0 -2
  153. data/spec/apps/rails-3.2/app/views/layouts/application.html.erb +0 -14
  154. data/spec/apps/rails-3.2/app/views/t_cell_app/index.html.erb +0 -1
  155. data/spec/apps/rails-3.2/config/application.rb +0 -63
  156. data/spec/apps/rails-3.2/config/boot.rb +0 -6
  157. data/spec/apps/rails-3.2/config/environment.rb +0 -5
  158. data/spec/apps/rails-3.2/config/environments/test.rb +0 -37
  159. data/spec/apps/rails-3.2/config/routes.rb +0 -11
  160. data/spec/apps/rails-3.2/config.ru +0 -4
  161. data/spec/apps/rails-4.1/Gemfile +0 -7
  162. data/spec/apps/rails-4.1/Gemfile.lock +0 -114
  163. data/spec/apps/rails-4.1/Rakefile +0 -6
  164. data/spec/apps/rails-4.1/app/assets/javascripts/application.js +0 -16
  165. data/spec/apps/rails-4.1/app/assets/stylesheets/application.css +0 -15
  166. data/spec/apps/rails-4.1/app/controllers/application_controller.rb +0 -5
  167. data/spec/apps/rails-4.1/app/controllers/t_cell_app_controller.rb +0 -5
  168. data/spec/apps/rails-4.1/app/helpers/application_helper.rb +0 -2
  169. data/spec/apps/rails-4.1/app/views/layouts/application.html.erb +0 -14
  170. data/spec/apps/rails-4.1/app/views/t_cell_app/index.html.erb +0 -1
  171. data/spec/apps/rails-4.1/config/application.rb +0 -24
  172. data/spec/apps/rails-4.1/config/boot.rb +0 -4
  173. data/spec/apps/rails-4.1/config/environment.rb +0 -5
  174. data/spec/apps/rails-4.1/config/environments/test.rb +0 -41
  175. data/spec/apps/rails-4.1/config/initializers/assets.rb +0 -8
  176. data/spec/apps/rails-4.1/config/initializers/backtrace_silencers.rb +0 -7
  177. data/spec/apps/rails-4.1/config/initializers/cookies_serializer.rb +0 -3
  178. data/spec/apps/rails-4.1/config/initializers/filter_parameter_logging.rb +0 -4
  179. data/spec/apps/rails-4.1/config/initializers/inflections.rb +0 -16
  180. data/spec/apps/rails-4.1/config/initializers/mime_types.rb +0 -4
  181. data/spec/apps/rails-4.1/config/initializers/session_store.rb +0 -3
  182. data/spec/apps/rails-4.1/config/initializers/wrap_parameters.rb +0 -14
  183. data/spec/apps/rails-4.1/config/locales/en.yml +0 -23
  184. data/spec/apps/rails-4.1/config/routes.rb +0 -12
  185. data/spec/apps/rails-4.1/config/secrets.yml +0 -22
  186. data/spec/apps/rails-4.1/config.ru +0 -4
  187. data/spec/controllers/application_controller.rb +0 -12
  188. data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +0 -522
  189. data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +0 -23
  190. data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +0 -159
  191. data/spec/lib/tcell_agent/patches/block_rule_spec.rb +0 -458
  192. data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +0 -35
  193. data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +0 -139
  194. data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +0 -139
  195. data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +0 -167
  196. data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +0 -139
  197. data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +0 -246
  198. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +0 -882
  199. data/spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb +0 -22
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb CHANGED
@@ -2,627 +2,299 @@ require 'spec_helper'
2
2
 
3
3
  module TCellAgent
4
4
  module Policies
5
+ describe RustPolicies do
6
+ before(:each) do
7
+ @rust_policies = RustPolicies.new
8
+ end
5
9
 
6
- describe PatchesPolicy do
10
+ describe '#update_policies' do
11
+ context 'with a nil policy' do
12
+ it 'should return nil' do
13
+ expect(TCellAgent).to_not receive(:logger)
7
14
 
8
- describe "#from_json" do
15
+ @rust_policies.update_policies(nil)
9
16
 
10
- context "with a nil policy" do
11
- it "should return nil" do
12
- expect(PatchesPolicy.from_json(nil)).to be_nil
17
+ expect(@rust_policies.patches_enabled).to eq(false)
13
18
  end
14
19
  end
15
20
 
16
- context "with an empty policy" do
17
- it "should raise a policy missing error" do
18
- expect {
19
- PatchesPolicy.from_json({})
20
- }.to raise_error(RuntimeError)
21
- end
22
- end
21
+ context 'with an empty policy' do
22
+ it 'should raise a policy missing error' do
23
+ expect(TCellAgent).to_not receive(:logger)
23
24
 
24
- context "with an empty version" do
25
- it "should have empty version" do
26
- patches = PatchesPolicy.from_json({ "policy_id" => "policy_id" })
27
- expect(patches.policy_id).to eq("policy_id")
28
- expect(patches.version).to be_nil
29
- expect(patches.enabled).to eq(false)
30
- expect(patches.block_rules).to eq([])
31
- end
32
- end
25
+ @rust_policies.update_policies({})
33
26
 
34
- context "with an empty data" do
35
- it "should have disabled ip blocking" do
36
- patches = PatchesPolicy.from_json({
37
- "policy_id" => "policy_id",
38
- "version" => 1
39
- })
40
- expect(patches.policy_id).to eq("policy_id")
41
- expect(patches.version).to eq(1)
42
- expect(patches.enabled).to eq(false)
43
- expect(patches.block_rules).to eq([])
27
+ expect(@rust_policies.patches_enabled).to eq(false)
44
28
  end
45
29
  end
46
30
 
47
- context "with an empty block_rules" do
48
- it "should have disabled ip blocking" do
49
- patches = PatchesPolicy.from_json({
50
- "policy_id" => "policy_id",
51
- "version" => 1,
52
- "data" => {}
53
- })
54
- expect(patches.policy_id).to eq("policy_id")
55
- expect(patches.version).to eq(1)
56
- expect(patches.enabled).to eq(false)
57
- expect(patches.block_rules).to eq([])
58
- end
59
- end
60
-
61
- context "with blocked_ips" do
62
- context "as an empty list" do
63
- it "should have ip blocking disabled" do
64
- patches = PatchesPolicy.from_json({
65
- "policy_id" => "policy_id",
66
- "version" => 1,
67
- "data" => {
68
- "blocked_ips" => []
31
+ context 'with an empty version' do
32
+ it 'should have empty version' do
33
+ logger = double('logger')
34
+
35
+ expect(TCellAgent).to receive(:logger).and_return(logger)
36
+ expect(logger).to receive(:error).with(
37
+ 'Error updating policies: Failed to decode patches policy: missing field `version`'
38
+ )
39
+ @rust_policies.update_policies(
40
+ {
41
+ 'patches' => {
42
+ 'policy_id' => 'policy_id'
69
43
  }
70
- })
71
- expect(patches.policy_id).to eq("policy_id")
72
- expect(patches.version).to eq(1)
73
- expect(patches.enabled).to eq(false)
74
- expect(patches.block_rules).to eq([])
75
- end
76
- end
44
+ }
45
+ )
77
46
 
78
- context "a non empty list" do
79
- it "should have ip blocking enabled" do
80
- patches = PatchesPolicy.from_json({
81
- "policy_id" => "policy_id",
82
- "version" => 1,
83
- "data" => {
84
- "blocked_ips" => [
85
- {"ip" => "0.0.0.0"},
86
- {"ip" => "1.1.1.1"}
87
- ]
88
- }
89
- })
90
-
91
- expect(patches.policy_id).to eq("policy_id")
92
- expect(patches.version).to eq(1)
93
- expect(patches.enabled).to eq(true)
94
- expect(patches.block_rules.size).to eq(1)
95
- expect(patches.block_rules[0].ips).to eq(Set.new(["0.0.0.0", "1.1.1.1"]))
96
- expect(patches.block_rules[0].rids).to eq(Set.new)
97
- expect(patches.block_rules[0].action).to eq("block_403s")
98
- end
47
+ expect(@rust_policies.patches_enabled).to eq(false)
99
48
  end
100
49
  end
101
50
 
102
- context "with block_rules" do
103
- context "as an empty list" do
104
- it "should have ip blocking disabled" do
105
- patches = PatchesPolicy.from_json({
106
- "policy_id" => "policy_id",
107
- "version" => 1,
108
- "data" => {
109
- "block_rules" => []
110
- }
111
- })
112
- expect(patches.policy_id).to eq("policy_id")
113
- expect(patches.version).to eq(1)
114
- expect(patches.enabled).to eq(false)
115
- expect(patches.block_rules).to eq([])
116
- end
117
- end
51
+ context 'with an empty data' do
52
+ it 'should have disabled ip blocking' do
53
+ expect(TCellAgent).to_not receive(:logger)
118
54
 
119
- context "a non empty list" do
120
- it "should have ip blocking enabled" do
121
- block_rule_one = double("block_rule_one")
122
- block_rule_dos = double("block_rule_dos")
123
-
124
- expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
125
- {"assume_this_is_well_formed" => "well_formed"}
126
- ).and_return(block_rule_one)
127
-
128
- expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
129
- {"assume_this_is_well_formed_dos" => "well_formed_dos"}
130
- ).and_return(block_rule_dos)
131
-
132
- patches = PatchesPolicy.from_json({
133
- "policy_id" => "policy_id",
134
- "version" => 1,
135
- "data" => {
136
- "block_rules" => [
137
- {"assume_this_is_well_formed" => "well_formed"},
138
- {"assume_this_is_well_formed_dos" => "well_formed_dos"}
139
- ]
55
+ @rust_policies.update_policies(
56
+ {
57
+ 'patches' => {
58
+ 'policy_id' => 'policy_id',
59
+ 'version' => 1
140
60
  }
141
- })
142
-
143
- expect(patches.policy_id).to eq("policy_id")
144
- expect(patches.version).to eq(1)
145
- expect(patches.enabled).to eq(true)
146
- expect(patches.block_rules).to eq([block_rule_one, block_rule_dos])
147
- end
61
+ }
62
+ )
148
63
 
149
- context "with a malformed block rule" do
150
- it "should ignore the block rule" do
151
- expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
152
- {"assume_this_is_ill_formed" => "ill_formed"}
153
- ).and_return(nil)
154
-
155
- patches = PatchesPolicy.from_json({
156
- "policy_id" => "policy_id",
157
- "version" => 1,
158
- "data" => {
159
- "block_rules" => [
160
- {"assume_this_is_ill_formed" => "ill_formed"}
161
- ]
162
- }
163
- })
164
-
165
- expect(patches.policy_id).to eq("policy_id")
166
- expect(patches.version).to eq(1)
167
- expect(patches.enabled).to eq(false)
168
- expect(patches.block_rules).to eq([])
169
- end
170
- end
171
-
172
- context "with a malformed block rule and a well formed block rule" do
173
- it "should ignore the block rule" do
174
- block_rule = double("block_rule")
175
-
176
- expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
177
- {"assume_this_is_ill_formed" => "ill_formed"}
178
- ).and_return(nil)
179
-
180
- expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
181
- {"assume_this_is_well_formed" => "well_formed"}
182
- ).and_return(block_rule)
183
-
184
- patches = PatchesPolicy.from_json({
185
- "policy_id" => "policy_id",
186
- "version" => 1,
187
- "data" => {
188
- "block_rules" => [
189
- {"assume_this_is_ill_formed" => "ill_formed"},
190
- {"assume_this_is_well_formed" => "well_formed"}
191
- ]
192
- }
193
- })
64
+ expect(@rust_policies.patches_enabled).to eq(false)
65
+ end
66
+ end
194
67
 
68
+ context 'with an empty block_rules' do
69
+ it 'should have disabled ip blocking' do
70
+ expect(TCellAgent).to_not receive(:logger)
195
71
 
196
- expect(patches.policy_id).to eq("policy_id")
197
- expect(patches.version).to eq(1)
198
- expect(patches.enabled).to eq(true)
199
- expect(patches.block_rules).to eq([block_rule])
200
- end
201
- end
202
-
203
- context "with a wrong version number" do
204
- it "should have ip blocking disabled" do
205
- logger = double("logger")
206
- expect(TCellAgent).to receive(:logger).and_return(logger)
207
- expect(logger).to receive(:error).with("Patches Policy not supported: 2")
208
-
209
- expect(TCellAgent::Patches::BlockRule).to_not receive(:from_json)
210
-
211
- patches = PatchesPolicy.from_json({
212
- "policy_id" => "policy_id",
213
- "version" => 2,
214
- "data" => {
215
- "block_rules" => [
216
- {"assume_this_is_well_formed" => "well_formed"}
217
- ]
218
- }
219
- })
72
+ @rust_policies.update_policies(
73
+ {
74
+ 'patches' => {
75
+ 'policy_id' => 'policy_id',
76
+ 'version' => 1,
77
+ 'data' => {}
78
+ }
79
+ }
80
+ )
220
81
 
221
- expect(patches.policy_id).to eq("policy_id")
222
- expect(patches.version).to eq(2)
223
- expect(patches.enabled).to eq(false)
224
- expect(patches.block_rules).to eq([])
225
- end
226
- end
82
+ expect(@rust_policies.patches_enabled).to eq(true)
227
83
  end
228
84
  end
229
85
 
230
- context "with wiki examples" do
231
- context "with example one" do
232
- it "should be enabled" do
233
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
234
- "version" => 1,
235
- "policy_id" => "some uuid",
236
- "data" => {
237
- "block_rules" => [
238
- {
239
- "ips" => ["1.3.3.4"]
86
+ context 'with blocked_ips' do
87
+ context 'as an empty list' do
88
+ it 'should have ip blocking disabled' do
89
+ expect(TCellAgent).to_not receive(:logger)
90
+
91
+ @rust_policies.update_policies(
92
+ {
93
+ 'patches' => {
94
+ 'policy_id' => 'policy_id',
95
+ 'version' => 1,
96
+ 'data' => {
97
+ 'blocked_ips' => []
240
98
  }
241
- ]
99
+ }
242
100
  }
243
- })
244
-
245
- expect(patches.enabled).to eq(true)
246
- expect(patches.block_rules.size).to eq(1)
247
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
248
- expect(patches.block_rules[0].rids).to eq(Set.new)
249
-
250
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
251
- expect(injections_matcher.enabled).to eq(false)
252
- expect(injections_matcher.sensors.size).to eq(0)
253
-
254
- meta_data = TCellAgent::Patches::MetaData.new(
255
- "get",
256
- "1.3.3.4",
257
- "route_id",
258
- "session_id",
259
- "user_id",
260
- "transaction_id")
261
- expect(patches.apply(meta_data)).to eq(403)
101
+ )
102
+
103
+ expect(@rust_policies.patches_enabled).to eq(true)
262
104
  end
263
105
  end
264
106
 
265
- context "with example two" do
266
- it "should be enabled" do
267
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
268
- "version" => 1,
269
- "policy_id" => "some uuid",
270
- "data" => {
271
- "block_rules" => [
272
- {
273
- "rids" => ["123213","-3328888"]
107
+ context 'a non empty list' do
108
+ it 'should have ip blocking enabled' do
109
+ expect(TCellAgent).to_not receive(:logger)
110
+
111
+ @rust_policies.update_policies(
112
+ {
113
+ 'patches' => {
114
+ 'policy_id' => 'policy_id',
115
+ 'version' => 1,
116
+ 'data' => {
117
+ 'blocked_ips' => [
118
+ { 'ip' => '0.0.0.0' },
119
+ { 'ip' => '1.1.1.1' }
120
+ ]
274
121
  }
275
- ]
122
+ }
276
123
  }
277
- })
278
-
279
- expect(patches.enabled).to eq(true)
280
- expect(patches.block_rules.size).to eq(1)
281
- expect(patches.block_rules[0].ips).to eq(Set.new)
282
- expect(patches.block_rules[0].rids).to eq(Set.new(["123213", "-3328888"]))
283
-
284
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
285
- expect(injections_matcher.enabled).to eq(false)
286
- expect(injections_matcher.sensors.size).to eq(0)
287
-
288
- meta_data = TCellAgent::Patches::MetaData.new(
289
- "get",
290
- "1.3.3.4",
291
- "route_id",
292
- "session_id",
293
- "user_id",
294
- "transaction_id")
295
- meta_data.remote_address = "1.3.3.4"
296
- expect(patches.apply(meta_data)).to eq(false)
297
-
298
- meta_data.remote_address = "1.3.3.4"
299
- meta_data.route_id = "123213"
300
- expect(patches.apply(meta_data)).to eq(403)
301
-
302
- meta_data.remote_address = "1.3.3.4"
303
- meta_data.route_id = "-3328888"
304
- expect(patches.apply(meta_data)).to eq(403)
124
+ )
125
+
126
+ expect(@rust_policies.patches_enabled).to eq(true)
305
127
  end
306
128
  end
129
+ end
307
130
 
308
- context "with example three" do
309
- it "should be enabled" do
310
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
311
- "version" => 1,
312
- "policy_id" => "some uuid",
313
- "data" => {
314
- "block_rules" => [
315
- {
316
- "ips" => ["1.3.3.4"],
317
- "sensor_matches" => {
318
- "xss" => {
319
- "libinjection" => false,
320
- "patterns" => ["1","2","8"],
321
- "exclusions" => {
322
- "bob" => ["*"]
323
- }
324
- }
325
- }
131
+ context 'with block_rules' do
132
+ context 'as an empty list' do
133
+ it 'should have ip blocking disabled' do
134
+ expect(TCellAgent).to_not receive(:logger)
135
+
136
+ @rust_policies.update_policies(
137
+ {
138
+ 'patches' => {
139
+ 'policy_id' => 'policy_id',
140
+ 'version' => 1,
141
+ 'data' => {
142
+ 'block_rules' => []
326
143
  }
327
- ]
144
+ }
328
145
  }
329
- })
330
-
331
- expect(patches.enabled).to eq(true)
332
- expect(patches.block_rules.size).to eq(1)
333
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
334
- expect(patches.block_rules[0].rids).to eq(Set.new)
335
-
336
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
337
- expect(injections_matcher.enabled).to eq(true)
338
- expect(injections_matcher.sensors.size).to eq(1)
339
- expect(injections_matcher.sensors[0].enabled).to eq(true)
340
-
341
- meta_data = TCellAgent::Patches::MetaData.new(
342
- "get",
343
- "1.3.3.4",
344
- "route_id",
345
- "session_id",
346
- "user_id",
347
- "transaction_id")
348
- expect(patches.apply(meta_data)).to eq(false)
349
-
350
- meta_data.remote_address = "1.3.3.4"
351
- meta_data.get_dict = {"xss_param" => "<script>"}
352
- expect(patches.apply(meta_data)).to eq(403)
353
-
354
- meta_data.remote_address = "1.3.3.4"
355
- meta_data.get_dict = {"sqli_param" => "Erwin' OR '1'='1"}
356
- expect(patches.apply(meta_data)).to eq(false)
146
+ )
147
+
148
+ expect(@rust_policies.patches_enabled).to eq(true)
357
149
  end
358
150
  end
359
151
 
360
- context "with example four" do
361
- it "should be enabled" do
362
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
363
- "version" => 1,
364
- "policy_id" => "some uuid",
365
- "data" => {
366
- "block_rules" => [
367
- {
368
- "ips" => ["1.3.3.4"],
369
- "rids" => ["123213","-3328888"]
152
+ context 'a non empty list' do
153
+ it 'should have ip blocking enabled' do
154
+ expect(TCellAgent).to_not receive(:logger)
155
+
156
+ @rust_policies.update_policies(
157
+ {
158
+ 'patches' => {
159
+ 'policy_id' => 'policy_id',
160
+ 'version' => 1,
161
+ 'data' => {
162
+ 'block_rules' => [
163
+ { 'assume_this_is_well_formed' => 'well_formed' },
164
+ { 'assume_this_is_well_formed_dos' => 'well_formed_dos' }
165
+ ]
370
166
  }
371
- ]
167
+ }
372
168
  }
373
- })
374
-
375
- expect(patches.enabled).to eq(true)
376
- expect(patches.block_rules.size).to eq(1)
377
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
378
- expect(patches.block_rules[0].rids).to eq(Set.new(["123213", "-3328888"]))
379
-
380
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
381
- expect(injections_matcher.enabled).to eq(false)
382
- expect(injections_matcher.sensors.size).to eq(0)
383
-
384
- meta_data = TCellAgent::Patches::MetaData.new(
385
- "get",
386
- "1.3.3.4",
387
- "111111",
388
- "session_id",
389
- "user_id",
390
- "transaction_id")
391
- expect(patches.apply(meta_data)).to eq(false)
392
-
393
- meta_data.remote_address = "1.1.1.1"
394
- meta_data.route_id = "123213"
395
- expect(patches.apply(meta_data)).to eq(false)
396
-
397
- meta_data.remote_address = "1.3.3.4"
398
- meta_data.route_id = "123213"
399
- expect(patches.apply(meta_data)).to eq(403)
400
-
401
- meta_data.remote_address = "1.3.3.4"
402
- meta_data.route_id = "-3328888"
403
- expect(patches.apply(meta_data)).to eq(403)
169
+ )
170
+
171
+ expect(@rust_policies.patches_enabled).to eq(true)
404
172
  end
405
- end
406
173
 
407
- context "with example five" do
408
- it "should be enabled" do
409
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
410
- "version" => 1,
411
- "policy_id" => "some uuid",
412
- "data" => {
413
- "block_rules" => [
414
- {
415
- "ips" => ["1.3.3.4"],
416
- "sensor_matches" => {
417
- "xss" => {},
418
- "sqli" => {}
174
+ context 'with a malformed block rule' do
175
+ it 'should ignore the block rule' do
176
+ expect(TCellAgent).to_not receive(:logger)
177
+
178
+ @rust_policies.update_policies(
179
+ {
180
+ 'patches' => {
181
+ 'policy_id' => 'policy_id',
182
+ 'version' => 1,
183
+ 'data' => {
184
+ 'block_rules' => [
185
+ { 'assume_this_is_ill_formed' => 'ill_formed' }
186
+ ]
419
187
  }
420
188
  }
421
- ]
422
- }
423
- })
424
-
425
- expect(patches.enabled).to eq(true)
426
- expect(patches.block_rules.size).to eq(1)
427
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
428
- expect(patches.block_rules[0].rids).to eq(Set.new)
429
-
430
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
431
- expect(injections_matcher.enabled).to eq(true)
432
- expect(injections_matcher.sensors.size).to eq(2)
433
- expect(injections_matcher.sensors[0].enabled).to eq(true)
434
- expect(injections_matcher.sensors[1].enabled).to eq(true)
435
-
436
- meta_data = TCellAgent::Patches::MetaData.new(
437
- "get",
438
- "1.3.3.4",
439
- "route_id",
440
- "session_id",
441
- "user_id",
442
- "transaction_id")
443
- expect(patches.apply(meta_data)).to eq(false)
444
-
445
- meta_data.remote_address = "1.3.3.4"
446
- meta_data.get_dict = {"xss_param" => "<script>"}
447
- expect(patches.apply(meta_data)).to eq(false)
448
-
449
- meta_data.remote_address = "1.3.3.4"
450
- meta_data.get_dict = {"sqli_param" => "Erwin' OR '1'='1"}
451
- expect(patches.apply(meta_data)).to eq(false)
189
+ }
190
+ )
191
+
192
+ expect(@rust_policies.patches_enabled).to eq(true)
193
+ end
452
194
  end
453
- end
454
195
 
455
- context "with example six" do
456
- it "should be disabled" do
457
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
458
- "version" => 1,
459
- "policy_id" => "some uuid",
460
- "data" => {
461
- "block_rules" => [
462
- {
463
- "sensor_matches" => {
464
- "xss" => {},
465
- "sqli" => {}
196
+ context 'with a malformed block rule and a well formed block rule' do
197
+ it 'should ignore the block rule' do
198
+ expect(TCellAgent).to_not receive(:logger)
199
+
200
+ @rust_policies.update_policies(
201
+ {
202
+ 'patches' => {
203
+ 'policy_id' => 'policy_id',
204
+ 'version' => 1,
205
+ 'data' => {
206
+ 'block_rules' => [
207
+ { 'assume_this_is_ill_formed' => 'ill_formed' },
208
+ { 'assume_this_is_well_formed' => 'well_formed' }
209
+ ]
466
210
  }
467
211
  }
468
- ]
469
- }
470
- })
212
+ }
213
+ )
471
214
 
472
- expect(patches.enabled).to eq(false)
473
- expect(patches.block_rules.size).to eq(0)
215
+ expect(@rust_policies.patches_enabled).to eq(true)
216
+ end
474
217
  end
475
- end
476
218
 
477
- context "with example seven" do
478
- it "should be enabled" do
479
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
480
- "version" => 1,
481
- "policy_id" => "some uuid",
482
- "data" => {
483
- "blocked_ips" => [{"ip" => "1.1.1.1"}, {"ip" => "2.2.2.2"}],
484
- "block_rules" => [
485
- {
486
- "ips" => ["3.3.3.3"]
219
+ context 'with a wrong version number' do
220
+ xit 'should have ip blocking disabled' do
221
+ expect(TCellAgent).to_not receive(:logger)
222
+
223
+ @rust_policies.update_policies(
224
+ {
225
+ 'patches' => {
226
+ 'policy_id' => 'policy_id',
227
+ 'version' => 2,
228
+ 'data' => {
229
+ 'block_rules' => [
230
+ { 'assume_this_is_well_formed' => 'well_formed' }
231
+ ]
232
+ }
487
233
  }
488
- ]
489
- }
490
- })
491
-
492
- expect(patches.enabled).to eq(true)
493
- expect(patches.block_rules.size).to eq(2)
494
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
495
- expect(patches.block_rules[0].rids).to eq(Set.new)
496
- expect(patches.block_rules[1].ips).to eq(Set.new(["3.3.3.3"]))
497
- expect(patches.block_rules[1].rids).to eq(Set.new)
498
-
499
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
500
- expect(injections_matcher.enabled).to eq(false)
501
- expect(injections_matcher.sensors.size).to eq(0)
502
-
503
- injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
504
- expect(injections_matcher.enabled).to eq(false)
505
- expect(injections_matcher.sensors.size).to eq(0)
506
-
507
- meta_data = TCellAgent::Patches::MetaData.new(
508
- "get",
509
- "1.1.1.1",
510
- "route_id",
511
- "session_id",
512
- "user_id",
513
- "transaction_id")
514
- expect(patches.apply(meta_data)).to eq(403)
515
-
516
- meta_data.remote_address = "2.2.2.2"
517
- expect(patches.apply(meta_data)).to eq(403)
518
-
519
- meta_data.remote_address = "3.3.3.3"
520
- expect(patches.apply(meta_data)).to eq(403)
521
- end
522
- end
234
+ }
235
+ )
523
236
 
524
- context "with example eight" do
525
- it "should be enabled" do
526
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
527
- "version" => 1,
528
- "policy_id" => "some uuid",
529
- "data" => {
530
- "block_rules" => [
531
- {
532
- "ips" => ["1.3.3.4"]
533
- },
534
- {
535
- "rids" => ["123213","-3328888"]
536
- }
537
- ]
538
- }
539
- })
540
-
541
- expect(patches.enabled).to eq(true)
542
- expect(patches.block_rules.size).to eq(2)
543
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
544
- expect(patches.block_rules[0].rids).to eq(Set.new)
545
- expect(patches.block_rules[1].ips).to eq(Set.new())
546
- expect(patches.block_rules[1].rids).to eq(Set.new(["123213", "-3328888"]))
547
-
548
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
549
- expect(injections_matcher.enabled).to eq(false)
550
- expect(injections_matcher.sensors.size).to eq(0)
551
-
552
- injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
553
- expect(injections_matcher.enabled).to eq(false)
554
- expect(injections_matcher.sensors.size).to eq(0)
555
-
556
- meta_data = TCellAgent::Patches::MetaData.new(
557
- "get",
558
- "1.3.3.4",
559
- "11111",
560
- "session_id",
561
- "user_id",
562
- "transaction_id")
563
- expect(patches.apply(meta_data)).to eq(403)
564
-
565
- meta_data.remote_address = "1.1.1.1"
566
- meta_data.route_id = "123213"
567
- expect(patches.apply(meta_data)).to eq(403)
568
-
569
- meta_data.remote_address = "1.1.1.1"
570
- meta_data.route_id = "-3328888"
571
- expect(patches.apply(meta_data)).to eq(403)
572
-
573
- meta_data.remote_address = "1.3.3.4"
574
- meta_data.route_id = "-3328888"
575
- expect(patches.apply(meta_data)).to eq(403)
237
+ expect(@rust_policies.patches_enabled).to eq(false)
238
+ end
576
239
  end
577
240
  end
241
+ end
242
+ end
578
243
 
579
- context "with example nine" do
580
- it "should be enabled" do
581
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
582
- "version" => 1,
583
- "policy_id" => "some uuid",
584
- "data" => {
585
- "blocked_ips" => [{"ip" => "1.1.1.1"}, {"ip" => "2.2.2.2"}],
586
- "block_rules" => [
587
- {
588
- "ips" => ["1.1.1.1", "2.2.2.2"]
589
- }
590
- ]
244
+ describe '#block_request?' do
245
+ context 'supports ip blocking' do
246
+ it 'should block blacklisted ip' do
247
+ @rust_policies.update_policies(
248
+ {
249
+ 'patches' => {
250
+ 'version' => 1,
251
+ 'policy_id' => 'some uuid',
252
+ 'data' => {
253
+ 'rules' => [{
254
+ 'id' => 'blocked-ips-rule',
255
+ 'title' => 'Blocked ips rule',
256
+ 'action' => 'BlockIf',
257
+ 'destinations' => { 'check_equals' => [{ 'path' => '*' }] },
258
+ 'ignore' => [],
259
+ 'matches' => [{
260
+ 'all' => [],
261
+ 'any' => [{
262
+ 'ips' => [{
263
+ 'type' => 'IP',
264
+ 'values' => ['1.3.3.4']
265
+ }]
266
+ }]
267
+ }]
268
+ }]
269
+ }
591
270
  }
592
- })
593
-
594
- expect(patches.enabled).to eq(true)
595
- expect(patches.block_rules.size).to eq(2)
596
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
597
- expect(patches.block_rules[0].rids).to eq(Set.new)
598
- expect(patches.block_rules[1].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
599
- expect(patches.block_rules[1].rids).to eq(Set.new)
600
-
601
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
602
- expect(injections_matcher.enabled).to eq(false)
603
- expect(injections_matcher.sensors.size).to eq(0)
604
-
605
- injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
606
- expect(injections_matcher.enabled).to eq(false)
607
- expect(injections_matcher.sensors.size).to eq(0)
608
-
609
- meta_data = TCellAgent::Patches::MetaData.new(
610
- "get",
611
- "1.1.1.1",
612
- "route_id",
613
- "session_id",
614
- "user_id",
615
- "transaction_id")
616
- expect(patches.apply(meta_data)).to eq(403)
617
-
618
- meta_data.remote_address = "2.2.2.2"
619
- expect(patches.apply(meta_data)).to eq(403)
620
- end
271
+ }
272
+ )
273
+
274
+ meta_data = TCellAgent::Patches::MetaData.new(
275
+ 'get',
276
+ '1.3.3.4',
277
+ 'route_id',
278
+ 'session_id',
279
+ 'user_id',
280
+ 'transaction_id',
281
+ 'http://test.com/?some_param=present'
282
+ )
283
+ expect(@rust_policies.block_request?(meta_data)).to eq(true)
284
+
285
+ meta_data = TCellAgent::Patches::MetaData.new(
286
+ 'get',
287
+ '1.1.1.1',
288
+ 'route_id',
289
+ 'session_id',
290
+ 'user_id',
291
+ 'transaction_id',
292
+ 'http://test.com/?some_param=present'
293
+ )
294
+ expect(@rust_policies.block_request?(meta_data)).to eq(false)
621
295
  end
622
296
  end
623
297
  end
624
-
625
298
  end
626
-
627
299
  end
628
300
  end