tcell_agent 0.4.0 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (199) hide show
  1. checksums.yaml +4 -4
  2. data/Rakefile +9 -22
  3. data/bin/tcell_agent +127 -132
  4. data/lib/tcell_agent/agent/event_processor.rb +23 -22
  5. data/lib/tcell_agent/agent/fork_pipe_manager.rb +7 -7
  6. data/lib/tcell_agent/agent/policy_manager.rb +20 -15
  7. data/lib/tcell_agent/agent/policy_types.rb +5 -11
  8. data/lib/tcell_agent/agent/static_agent.rb +5 -1
  9. data/lib/tcell_agent/agent.rb +6 -4
  10. data/lib/tcell_agent/api.rb +7 -9
  11. data/lib/tcell_agent/appsensor/meta_data.rb +11 -4
  12. data/lib/tcell_agent/authlogic.rb +3 -3
  13. data/lib/tcell_agent/cmdi.rb +6 -4
  14. data/lib/tcell_agent/config/unknown_options.rb +3 -1
  15. data/lib/tcell_agent/configuration.rb +47 -49
  16. data/lib/tcell_agent/devise.rb +2 -2
  17. data/lib/tcell_agent/hooks/login_fraud.rb +58 -29
  18. data/lib/tcell_agent/instrumentation.rb +11 -10
  19. data/lib/tcell_agent/logger.rb +2 -2
  20. data/lib/tcell_agent/patches/meta_data.rb +9 -13
  21. data/lib/tcell_agent/patches.rb +7 -10
  22. data/lib/tcell_agent/policies/clickjacking_policy.rb +4 -5
  23. data/lib/tcell_agent/policies/content_security_policy.rb +6 -12
  24. data/lib/tcell_agent/policies/dataloss_policy.rb +2 -2
  25. data/lib/tcell_agent/policies/http_redirect_policy.rb +2 -2
  26. data/lib/tcell_agent/policies/policy.rb +0 -2
  27. data/lib/tcell_agent/policies/rust_policies.rb +90 -0
  28. data/lib/tcell_agent/policies/secure_headers_policy.rb +2 -2
  29. data/lib/tcell_agent/rails/auth/authlogic.rb +42 -24
  30. data/lib/tcell_agent/rails/auth/devise.rb +44 -23
  31. data/lib/tcell_agent/rails/auth/doorkeeper.rb +33 -15
  32. data/lib/tcell_agent/rails/better_ip.rb +1 -1
  33. data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
  34. data/lib/tcell_agent/rails/dlp/process_request.rb +1 -1
  35. data/lib/tcell_agent/rails/dlp.rb +6 -6
  36. data/lib/tcell_agent/rails/dlp_handler.rb +1 -1
  37. data/lib/tcell_agent/rails/js_agent_insert.rb +1 -1
  38. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
  39. data/lib/tcell_agent/rails/middleware/context_middleware.rb +3 -2
  40. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +10 -9
  41. data/lib/tcell_agent/rails/routes/grape.rb +6 -6
  42. data/lib/tcell_agent/rails/routes.rb +8 -11
  43. data/lib/tcell_agent/rust/libtcellagent-0.11.1.dylib +0 -0
  44. data/lib/tcell_agent/rust/{libtcellagent-0.6.1.so → libtcellagent-0.11.1.so} +0 -0
  45. data/lib/tcell_agent/rust/models.rb +16 -0
  46. data/lib/tcell_agent/rust/tcellagent-0.11.1.dll +0 -0
  47. data/lib/tcell_agent/rust/whisperer.rb +119 -48
  48. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +17 -20
  49. data/lib/tcell_agent/sensor_events/command_injection.rb +50 -5
  50. data/lib/tcell_agent/sensor_events/login_fraud.rb +34 -18
  51. data/lib/tcell_agent/sensor_events/patches.rb +21 -0
  52. data/lib/tcell_agent/sensor_events/server_agent.rb +3 -3
  53. data/lib/tcell_agent/sensor_events/util/utils.rb +4 -3
  54. data/lib/tcell_agent/servers/puma.rb +2 -2
  55. data/lib/tcell_agent/servers/unicorn.rb +1 -1
  56. data/lib/tcell_agent/utils/passwords.rb +28 -0
  57. data/lib/tcell_agent/version.rb +1 -1
  58. data/lib/tcell_agent.rb +1 -5
  59. data/spec/apps/rails-3.2/config/tcell_agent.config +15 -0
  60. data/spec/apps/rails-3.2/log/development.log +0 -0
  61. data/spec/apps/rails-3.2/log/test.log +12 -0
  62. data/spec/apps/rails-4.1/log/test.log +0 -0
  63. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +46 -45
  64. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +276 -164
  65. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +44 -47
  66. data/spec/lib/tcell_agent/api/api_spec.rb +16 -16
  67. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +131 -116
  68. data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +55 -51
  69. data/spec/lib/tcell_agent/cmdi_spec.rb +413 -436
  70. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +145 -128
  71. data/spec/lib/tcell_agent/configuration_spec.rb +165 -169
  72. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +144 -153
  73. data/spec/lib/tcell_agent/instrumentation_spec.rb +84 -85
  74. data/spec/lib/tcell_agent/patches_spec.rb +70 -111
  75. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +313 -244
  76. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +28 -28
  77. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +643 -513
  78. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +55 -102
  79. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +111 -134
  80. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +141 -146
  81. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +8 -8
  82. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +15 -17
  83. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +231 -559
  84. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +27 -27
  85. data/spec/lib/tcell_agent/rails/better_ip_spec.rb +30 -34
  86. data/spec/lib/tcell_agent/rails/logger_spec.rb +50 -49
  87. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +182 -199
  88. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +110 -84
  89. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +107 -85
  90. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +68 -40
  91. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +81 -67
  92. data/spec/lib/tcell_agent/rails/responses_spec.rb +33 -37
  93. data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +116 -121
  94. data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +25 -28
  95. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +87 -85
  96. data/spec/lib/tcell_agent/rails_spec.rb +1 -6
  97. data/spec/lib/tcell_agent/rust/models_spec.rb +112 -0
  98. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +502 -179
  99. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +44 -33
  100. data/spec/lib/tcell_agent/sensor_events/dlp_spec.rb +4 -4
  101. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +183 -169
  102. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +25 -25
  103. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +17 -20
  104. data/spec/lib/tcell_agent/utils/params_spec.rb +28 -28
  105. data/spec/lib/tcell_agent/utils/passwords_spec.rb +143 -0
  106. data/spec/lib/tcell_agent/utils/strings_spec.rb +35 -35
  107. data/spec/lib/tcell_agent_spec.rb +8 -8
  108. data/spec/spec_helper.rb +4 -4
  109. data/spec/support/middleware_helper.rb +10 -10
  110. data/spec/support/static_agent_overrides.rb +16 -12
  111. data/tcell_agent.gemspec +17 -33
  112. metadata +43 -198
  113. data/LICENSE_libinjection +0 -32
  114. data/Readme.txt +0 -7
  115. data/ext/libinjection/extconf.rb +0 -3
  116. data/ext/libinjection/libinjection.h +0 -65
  117. data/ext/libinjection/libinjection_html5.c +0 -847
  118. data/ext/libinjection/libinjection_html5.h +0 -54
  119. data/ext/libinjection/libinjection_sqli.c +0 -2317
  120. data/ext/libinjection/libinjection_sqli.h +0 -295
  121. data/ext/libinjection/libinjection_sqli_data.h +0 -9004
  122. data/ext/libinjection/libinjection_wrap.c +0 -3525
  123. data/ext/libinjection/libinjection_xss.c +0 -531
  124. data/ext/libinjection/libinjection_xss.h +0 -21
  125. data/lib/tcell_agent/appsensor/injections_matcher.rb +0 -155
  126. data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +0 -49
  127. data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +0 -67
  128. data/lib/tcell_agent/appsensor/rules/baserules.json +0 -467
  129. data/lib/tcell_agent/patches/block_rule.rb +0 -93
  130. data/lib/tcell_agent/patches/sensors_matcher.rb +0 -31
  131. data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +0 -23
  132. data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +0 -23
  133. data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +0 -117
  134. data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +0 -26
  135. data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +0 -22
  136. data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +0 -34
  137. data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +0 -34
  138. data/lib/tcell_agent/policies/appsensor_policy.rb +0 -49
  139. data/lib/tcell_agent/policies/command_injection_policy.rb +0 -196
  140. data/lib/tcell_agent/policies/honeytokens_policy.rb +0 -69
  141. data/lib/tcell_agent/policies/patches_policy.rb +0 -84
  142. data/lib/tcell_agent/rust/libtcellagent-0.6.1.dylib +0 -0
  143. data/lib/tcell_agent/rust/tcellagent-0.6.1.dll +0 -0
  144. data/spec/apps/rails-3.2/Gemfile +0 -25
  145. data/spec/apps/rails-3.2/Gemfile.lock +0 -126
  146. data/spec/apps/rails-3.2/Rakefile +0 -7
  147. data/spec/apps/rails-3.2/app/assets/images/rails.png +0 -0
  148. data/spec/apps/rails-3.2/app/assets/javascripts/application.js +0 -15
  149. data/spec/apps/rails-3.2/app/assets/stylesheets/application.css +0 -13
  150. data/spec/apps/rails-3.2/app/controllers/application_controller.rb +0 -3
  151. data/spec/apps/rails-3.2/app/controllers/t_cell_app_controller.rb +0 -5
  152. data/spec/apps/rails-3.2/app/helpers/application_helper.rb +0 -2
  153. data/spec/apps/rails-3.2/app/views/layouts/application.html.erb +0 -14
  154. data/spec/apps/rails-3.2/app/views/t_cell_app/index.html.erb +0 -1
  155. data/spec/apps/rails-3.2/config/application.rb +0 -63
  156. data/spec/apps/rails-3.2/config/boot.rb +0 -6
  157. data/spec/apps/rails-3.2/config/environment.rb +0 -5
  158. data/spec/apps/rails-3.2/config/environments/test.rb +0 -37
  159. data/spec/apps/rails-3.2/config/routes.rb +0 -11
  160. data/spec/apps/rails-3.2/config.ru +0 -4
  161. data/spec/apps/rails-4.1/Gemfile +0 -7
  162. data/spec/apps/rails-4.1/Gemfile.lock +0 -114
  163. data/spec/apps/rails-4.1/Rakefile +0 -6
  164. data/spec/apps/rails-4.1/app/assets/javascripts/application.js +0 -16
  165. data/spec/apps/rails-4.1/app/assets/stylesheets/application.css +0 -15
  166. data/spec/apps/rails-4.1/app/controllers/application_controller.rb +0 -5
  167. data/spec/apps/rails-4.1/app/controllers/t_cell_app_controller.rb +0 -5
  168. data/spec/apps/rails-4.1/app/helpers/application_helper.rb +0 -2
  169. data/spec/apps/rails-4.1/app/views/layouts/application.html.erb +0 -14
  170. data/spec/apps/rails-4.1/app/views/t_cell_app/index.html.erb +0 -1
  171. data/spec/apps/rails-4.1/config/application.rb +0 -24
  172. data/spec/apps/rails-4.1/config/boot.rb +0 -4
  173. data/spec/apps/rails-4.1/config/environment.rb +0 -5
  174. data/spec/apps/rails-4.1/config/environments/test.rb +0 -41
  175. data/spec/apps/rails-4.1/config/initializers/assets.rb +0 -8
  176. data/spec/apps/rails-4.1/config/initializers/backtrace_silencers.rb +0 -7
  177. data/spec/apps/rails-4.1/config/initializers/cookies_serializer.rb +0 -3
  178. data/spec/apps/rails-4.1/config/initializers/filter_parameter_logging.rb +0 -4
  179. data/spec/apps/rails-4.1/config/initializers/inflections.rb +0 -16
  180. data/spec/apps/rails-4.1/config/initializers/mime_types.rb +0 -4
  181. data/spec/apps/rails-4.1/config/initializers/session_store.rb +0 -3
  182. data/spec/apps/rails-4.1/config/initializers/wrap_parameters.rb +0 -14
  183. data/spec/apps/rails-4.1/config/locales/en.yml +0 -23
  184. data/spec/apps/rails-4.1/config/routes.rb +0 -12
  185. data/spec/apps/rails-4.1/config/secrets.yml +0 -22
  186. data/spec/apps/rails-4.1/config.ru +0 -4
  187. data/spec/controllers/application_controller.rb +0 -12
  188. data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +0 -522
  189. data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +0 -23
  190. data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +0 -159
  191. data/spec/lib/tcell_agent/patches/block_rule_spec.rb +0 -458
  192. data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +0 -35
  193. data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +0 -139
  194. data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +0 -139
  195. data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +0 -167
  196. data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +0 -139
  197. data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +0 -246
  198. data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +0 -882
  199. data/spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb +0 -22
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb CHANGED
@@ -2,627 +2,299 @@ require 'spec_helper'
2
2
 
3
3
  module TCellAgent
4
4
  module Policies
5
+ describe RustPolicies do
6
+ before(:each) do
7
+ @rust_policies = RustPolicies.new
8
+ end
5
9
 
6
- describe PatchesPolicy do
10
+ describe '#update_policies' do
11
+ context 'with a nil policy' do
12
+ it 'should return nil' do
13
+ expect(TCellAgent).to_not receive(:logger)
7
14
 
8
- describe "#from_json" do
15
+ @rust_policies.update_policies(nil)
9
16
 
10
- context "with a nil policy" do
11
- it "should return nil" do
12
- expect(PatchesPolicy.from_json(nil)).to be_nil
17
+ expect(@rust_policies.patches_enabled).to eq(false)
13
18
  end
14
19
  end
15
20
 
16
- context "with an empty policy" do
17
- it "should raise a policy missing error" do
18
- expect {
19
- PatchesPolicy.from_json({})
20
- }.to raise_error(RuntimeError)
21
- end
22
- end
21
+ context 'with an empty policy' do
22
+ it 'should raise a policy missing error' do
23
+ expect(TCellAgent).to_not receive(:logger)
23
24
 
24
- context "with an empty version" do
25
- it "should have empty version" do
26
- patches = PatchesPolicy.from_json({ "policy_id" => "policy_id" })
27
- expect(patches.policy_id).to eq("policy_id")
28
- expect(patches.version).to be_nil
29
- expect(patches.enabled).to eq(false)
30
- expect(patches.block_rules).to eq([])
31
- end
32
- end
25
+ @rust_policies.update_policies({})
33
26
 
34
- context "with an empty data" do
35
- it "should have disabled ip blocking" do
36
- patches = PatchesPolicy.from_json({
37
- "policy_id" => "policy_id",
38
- "version" => 1
39
- })
40
- expect(patches.policy_id).to eq("policy_id")
41
- expect(patches.version).to eq(1)
42
- expect(patches.enabled).to eq(false)
43
- expect(patches.block_rules).to eq([])
27
+ expect(@rust_policies.patches_enabled).to eq(false)
44
28
  end
45
29
  end
46
30
 
47
- context "with an empty block_rules" do
48
- it "should have disabled ip blocking" do
49
- patches = PatchesPolicy.from_json({
50
- "policy_id" => "policy_id",
51
- "version" => 1,
52
- "data" => {}
53
- })
54
- expect(patches.policy_id).to eq("policy_id")
55
- expect(patches.version).to eq(1)
56
- expect(patches.enabled).to eq(false)
57
- expect(patches.block_rules).to eq([])
58
- end
59
- end
60
-
61
- context "with blocked_ips" do
62
- context "as an empty list" do
63
- it "should have ip blocking disabled" do
64
- patches = PatchesPolicy.from_json({
65
- "policy_id" => "policy_id",
66
- "version" => 1,
67
- "data" => {
68
- "blocked_ips" => []
31
+ context 'with an empty version' do
32
+ it 'should have empty version' do
33
+ logger = double('logger')
34
+
35
+ expect(TCellAgent).to receive(:logger).and_return(logger)
36
+ expect(logger).to receive(:error).with(
37
+ 'Error updating policies: Failed to decode patches policy: missing field `version`'
38
+ )
39
+ @rust_policies.update_policies(
40
+ {
41
+ 'patches' => {
42
+ 'policy_id' => 'policy_id'
69
43
  }
70
- })
71
- expect(patches.policy_id).to eq("policy_id")
72
- expect(patches.version).to eq(1)
73
- expect(patches.enabled).to eq(false)
74
- expect(patches.block_rules).to eq([])
75
- end
76
- end
44
+ }
45
+ )
77
46
 
78
- context "a non empty list" do
79
- it "should have ip blocking enabled" do
80
- patches = PatchesPolicy.from_json({
81
- "policy_id" => "policy_id",
82
- "version" => 1,
83
- "data" => {
84
- "blocked_ips" => [
85
- {"ip" => "0.0.0.0"},
86
- {"ip" => "1.1.1.1"}
87
- ]
88
- }
89
- })
90
-
91
- expect(patches.policy_id).to eq("policy_id")
92
- expect(patches.version).to eq(1)
93
- expect(patches.enabled).to eq(true)
94
- expect(patches.block_rules.size).to eq(1)
95
- expect(patches.block_rules[0].ips).to eq(Set.new(["0.0.0.0", "1.1.1.1"]))
96
- expect(patches.block_rules[0].rids).to eq(Set.new)
97
- expect(patches.block_rules[0].action).to eq("block_403s")
98
- end
47
+ expect(@rust_policies.patches_enabled).to eq(false)
99
48
  end
100
49
  end
101
50
 
102
- context "with block_rules" do
103
- context "as an empty list" do
104
- it "should have ip blocking disabled" do
105
- patches = PatchesPolicy.from_json({
106
- "policy_id" => "policy_id",
107
- "version" => 1,
108
- "data" => {
109
- "block_rules" => []
110
- }
111
- })
112
- expect(patches.policy_id).to eq("policy_id")
113
- expect(patches.version).to eq(1)
114
- expect(patches.enabled).to eq(false)
115
- expect(patches.block_rules).to eq([])
116
- end
117
- end
51
+ context 'with an empty data' do
52
+ it 'should have disabled ip blocking' do
53
+ expect(TCellAgent).to_not receive(:logger)
118
54
 
119
- context "a non empty list" do
120
- it "should have ip blocking enabled" do
121
- block_rule_one = double("block_rule_one")
122
- block_rule_dos = double("block_rule_dos")
123
-
124
- expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
125
- {"assume_this_is_well_formed" => "well_formed"}
126
- ).and_return(block_rule_one)
127
-
128
- expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
129
- {"assume_this_is_well_formed_dos" => "well_formed_dos"}
130
- ).and_return(block_rule_dos)
131
-
132
- patches = PatchesPolicy.from_json({
133
- "policy_id" => "policy_id",
134
- "version" => 1,
135
- "data" => {
136
- "block_rules" => [
137
- {"assume_this_is_well_formed" => "well_formed"},
138
- {"assume_this_is_well_formed_dos" => "well_formed_dos"}
139
- ]
55
+ @rust_policies.update_policies(
56
+ {
57
+ 'patches' => {
58
+ 'policy_id' => 'policy_id',
59
+ 'version' => 1
140
60
  }
141
- })
142
-
143
- expect(patches.policy_id).to eq("policy_id")
144
- expect(patches.version).to eq(1)
145
- expect(patches.enabled).to eq(true)
146
- expect(patches.block_rules).to eq([block_rule_one, block_rule_dos])
147
- end
61
+ }
62
+ )
148
63
 
149
- context "with a malformed block rule" do
150
- it "should ignore the block rule" do
151
- expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
152
- {"assume_this_is_ill_formed" => "ill_formed"}
153
- ).and_return(nil)
154
-
155
- patches = PatchesPolicy.from_json({
156
- "policy_id" => "policy_id",
157
- "version" => 1,
158
- "data" => {
159
- "block_rules" => [
160
- {"assume_this_is_ill_formed" => "ill_formed"}
161
- ]
162
- }
163
- })
164
-
165
- expect(patches.policy_id).to eq("policy_id")
166
- expect(patches.version).to eq(1)
167
- expect(patches.enabled).to eq(false)
168
- expect(patches.block_rules).to eq([])
169
- end
170
- end
171
-
172
- context "with a malformed block rule and a well formed block rule" do
173
- it "should ignore the block rule" do
174
- block_rule = double("block_rule")
175
-
176
- expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
177
- {"assume_this_is_ill_formed" => "ill_formed"}
178
- ).and_return(nil)
179
-
180
- expect(TCellAgent::Patches::BlockRule).to receive(:from_json).with(
181
- {"assume_this_is_well_formed" => "well_formed"}
182
- ).and_return(block_rule)
183
-
184
- patches = PatchesPolicy.from_json({
185
- "policy_id" => "policy_id",
186
- "version" => 1,
187
- "data" => {
188
- "block_rules" => [
189
- {"assume_this_is_ill_formed" => "ill_formed"},
190
- {"assume_this_is_well_formed" => "well_formed"}
191
- ]
192
- }
193
- })
64
+ expect(@rust_policies.patches_enabled).to eq(false)
65
+ end
66
+ end
194
67
 
68
+ context 'with an empty block_rules' do
69
+ it 'should have disabled ip blocking' do
70
+ expect(TCellAgent).to_not receive(:logger)
195
71
 
196
- expect(patches.policy_id).to eq("policy_id")
197
- expect(patches.version).to eq(1)
198
- expect(patches.enabled).to eq(true)
199
- expect(patches.block_rules).to eq([block_rule])
200
- end
201
- end
202
-
203
- context "with a wrong version number" do
204
- it "should have ip blocking disabled" do
205
- logger = double("logger")
206
- expect(TCellAgent).to receive(:logger).and_return(logger)
207
- expect(logger).to receive(:error).with("Patches Policy not supported: 2")
208
-
209
- expect(TCellAgent::Patches::BlockRule).to_not receive(:from_json)
210
-
211
- patches = PatchesPolicy.from_json({
212
- "policy_id" => "policy_id",
213
- "version" => 2,
214
- "data" => {
215
- "block_rules" => [
216
- {"assume_this_is_well_formed" => "well_formed"}
217
- ]
218
- }
219
- })
72
+ @rust_policies.update_policies(
73
+ {
74
+ 'patches' => {
75
+ 'policy_id' => 'policy_id',
76
+ 'version' => 1,
77
+ 'data' => {}
78
+ }
79
+ }
80
+ )
220
81
 
221
- expect(patches.policy_id).to eq("policy_id")
222
- expect(patches.version).to eq(2)
223
- expect(patches.enabled).to eq(false)
224
- expect(patches.block_rules).to eq([])
225
- end
226
- end
82
+ expect(@rust_policies.patches_enabled).to eq(true)
227
83
  end
228
84
  end
229
85
 
230
- context "with wiki examples" do
231
- context "with example one" do
232
- it "should be enabled" do
233
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
234
- "version" => 1,
235
- "policy_id" => "some uuid",
236
- "data" => {
237
- "block_rules" => [
238
- {
239
- "ips" => ["1.3.3.4"]
86
+ context 'with blocked_ips' do
87
+ context 'as an empty list' do
88
+ it 'should have ip blocking disabled' do
89
+ expect(TCellAgent).to_not receive(:logger)
90
+
91
+ @rust_policies.update_policies(
92
+ {
93
+ 'patches' => {
94
+ 'policy_id' => 'policy_id',
95
+ 'version' => 1,
96
+ 'data' => {
97
+ 'blocked_ips' => []
240
98
  }
241
- ]
99
+ }
242
100
  }
243
- })
244
-
245
- expect(patches.enabled).to eq(true)
246
- expect(patches.block_rules.size).to eq(1)
247
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
248
- expect(patches.block_rules[0].rids).to eq(Set.new)
249
-
250
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
251
- expect(injections_matcher.enabled).to eq(false)
252
- expect(injections_matcher.sensors.size).to eq(0)
253
-
254
- meta_data = TCellAgent::Patches::MetaData.new(
255
- "get",
256
- "1.3.3.4",
257
- "route_id",
258
- "session_id",
259
- "user_id",
260
- "transaction_id")
261
- expect(patches.apply(meta_data)).to eq(403)
101
+ )
102
+
103
+ expect(@rust_policies.patches_enabled).to eq(true)
262
104
  end
263
105
  end
264
106
 
265
- context "with example two" do
266
- it "should be enabled" do
267
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
268
- "version" => 1,
269
- "policy_id" => "some uuid",
270
- "data" => {
271
- "block_rules" => [
272
- {
273
- "rids" => ["123213","-3328888"]
107
+ context 'a non empty list' do
108
+ it 'should have ip blocking enabled' do
109
+ expect(TCellAgent).to_not receive(:logger)
110
+
111
+ @rust_policies.update_policies(
112
+ {
113
+ 'patches' => {
114
+ 'policy_id' => 'policy_id',
115
+ 'version' => 1,
116
+ 'data' => {
117
+ 'blocked_ips' => [
118
+ { 'ip' => '0.0.0.0' },
119
+ { 'ip' => '1.1.1.1' }
120
+ ]
274
121
  }
275
- ]
122
+ }
276
123
  }
277
- })
278
-
279
- expect(patches.enabled).to eq(true)
280
- expect(patches.block_rules.size).to eq(1)
281
- expect(patches.block_rules[0].ips).to eq(Set.new)
282
- expect(patches.block_rules[0].rids).to eq(Set.new(["123213", "-3328888"]))
283
-
284
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
285
- expect(injections_matcher.enabled).to eq(false)
286
- expect(injections_matcher.sensors.size).to eq(0)
287
-
288
- meta_data = TCellAgent::Patches::MetaData.new(
289
- "get",
290
- "1.3.3.4",
291
- "route_id",
292
- "session_id",
293
- "user_id",
294
- "transaction_id")
295
- meta_data.remote_address = "1.3.3.4"
296
- expect(patches.apply(meta_data)).to eq(false)
297
-
298
- meta_data.remote_address = "1.3.3.4"
299
- meta_data.route_id = "123213"
300
- expect(patches.apply(meta_data)).to eq(403)
301
-
302
- meta_data.remote_address = "1.3.3.4"
303
- meta_data.route_id = "-3328888"
304
- expect(patches.apply(meta_data)).to eq(403)
124
+ )
125
+
126
+ expect(@rust_policies.patches_enabled).to eq(true)
305
127
  end
306
128
  end
129
+ end
307
130
 
308
- context "with example three" do
309
- it "should be enabled" do
310
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
311
- "version" => 1,
312
- "policy_id" => "some uuid",
313
- "data" => {
314
- "block_rules" => [
315
- {
316
- "ips" => ["1.3.3.4"],
317
- "sensor_matches" => {
318
- "xss" => {
319
- "libinjection" => false,
320
- "patterns" => ["1","2","8"],
321
- "exclusions" => {
322
- "bob" => ["*"]
323
- }
324
- }
325
- }
131
+ context 'with block_rules' do
132
+ context 'as an empty list' do
133
+ it 'should have ip blocking disabled' do
134
+ expect(TCellAgent).to_not receive(:logger)
135
+
136
+ @rust_policies.update_policies(
137
+ {
138
+ 'patches' => {
139
+ 'policy_id' => 'policy_id',
140
+ 'version' => 1,
141
+ 'data' => {
142
+ 'block_rules' => []
326
143
  }
327
- ]
144
+ }
328
145
  }
329
- })
330
-
331
- expect(patches.enabled).to eq(true)
332
- expect(patches.block_rules.size).to eq(1)
333
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
334
- expect(patches.block_rules[0].rids).to eq(Set.new)
335
-
336
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
337
- expect(injections_matcher.enabled).to eq(true)
338
- expect(injections_matcher.sensors.size).to eq(1)
339
- expect(injections_matcher.sensors[0].enabled).to eq(true)
340
-
341
- meta_data = TCellAgent::Patches::MetaData.new(
342
- "get",
343
- "1.3.3.4",
344
- "route_id",
345
- "session_id",
346
- "user_id",
347
- "transaction_id")
348
- expect(patches.apply(meta_data)).to eq(false)
349
-
350
- meta_data.remote_address = "1.3.3.4"
351
- meta_data.get_dict = {"xss_param" => "<script>"}
352
- expect(patches.apply(meta_data)).to eq(403)
353
-
354
- meta_data.remote_address = "1.3.3.4"
355
- meta_data.get_dict = {"sqli_param" => "Erwin' OR '1'='1"}
356
- expect(patches.apply(meta_data)).to eq(false)
146
+ )
147
+
148
+ expect(@rust_policies.patches_enabled).to eq(true)
357
149
  end
358
150
  end
359
151
 
360
- context "with example four" do
361
- it "should be enabled" do
362
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
363
- "version" => 1,
364
- "policy_id" => "some uuid",
365
- "data" => {
366
- "block_rules" => [
367
- {
368
- "ips" => ["1.3.3.4"],
369
- "rids" => ["123213","-3328888"]
152
+ context 'a non empty list' do
153
+ it 'should have ip blocking enabled' do
154
+ expect(TCellAgent).to_not receive(:logger)
155
+
156
+ @rust_policies.update_policies(
157
+ {
158
+ 'patches' => {
159
+ 'policy_id' => 'policy_id',
160
+ 'version' => 1,
161
+ 'data' => {
162
+ 'block_rules' => [
163
+ { 'assume_this_is_well_formed' => 'well_formed' },
164
+ { 'assume_this_is_well_formed_dos' => 'well_formed_dos' }
165
+ ]
370
166
  }
371
- ]
167
+ }
372
168
  }
373
- })
374
-
375
- expect(patches.enabled).to eq(true)
376
- expect(patches.block_rules.size).to eq(1)
377
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
378
- expect(patches.block_rules[0].rids).to eq(Set.new(["123213", "-3328888"]))
379
-
380
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
381
- expect(injections_matcher.enabled).to eq(false)
382
- expect(injections_matcher.sensors.size).to eq(0)
383
-
384
- meta_data = TCellAgent::Patches::MetaData.new(
385
- "get",
386
- "1.3.3.4",
387
- "111111",
388
- "session_id",
389
- "user_id",
390
- "transaction_id")
391
- expect(patches.apply(meta_data)).to eq(false)
392
-
393
- meta_data.remote_address = "1.1.1.1"
394
- meta_data.route_id = "123213"
395
- expect(patches.apply(meta_data)).to eq(false)
396
-
397
- meta_data.remote_address = "1.3.3.4"
398
- meta_data.route_id = "123213"
399
- expect(patches.apply(meta_data)).to eq(403)
400
-
401
- meta_data.remote_address = "1.3.3.4"
402
- meta_data.route_id = "-3328888"
403
- expect(patches.apply(meta_data)).to eq(403)
169
+ )
170
+
171
+ expect(@rust_policies.patches_enabled).to eq(true)
404
172
  end
405
- end
406
173
 
407
- context "with example five" do
408
- it "should be enabled" do
409
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
410
- "version" => 1,
411
- "policy_id" => "some uuid",
412
- "data" => {
413
- "block_rules" => [
414
- {
415
- "ips" => ["1.3.3.4"],
416
- "sensor_matches" => {
417
- "xss" => {},
418
- "sqli" => {}
174
+ context 'with a malformed block rule' do
175
+ it 'should ignore the block rule' do
176
+ expect(TCellAgent).to_not receive(:logger)
177
+
178
+ @rust_policies.update_policies(
179
+ {
180
+ 'patches' => {
181
+ 'policy_id' => 'policy_id',
182
+ 'version' => 1,
183
+ 'data' => {
184
+ 'block_rules' => [
185
+ { 'assume_this_is_ill_formed' => 'ill_formed' }
186
+ ]
419
187
  }
420
188
  }
421
- ]
422
- }
423
- })
424
-
425
- expect(patches.enabled).to eq(true)
426
- expect(patches.block_rules.size).to eq(1)
427
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
428
- expect(patches.block_rules[0].rids).to eq(Set.new)
429
-
430
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
431
- expect(injections_matcher.enabled).to eq(true)
432
- expect(injections_matcher.sensors.size).to eq(2)
433
- expect(injections_matcher.sensors[0].enabled).to eq(true)
434
- expect(injections_matcher.sensors[1].enabled).to eq(true)
435
-
436
- meta_data = TCellAgent::Patches::MetaData.new(
437
- "get",
438
- "1.3.3.4",
439
- "route_id",
440
- "session_id",
441
- "user_id",
442
- "transaction_id")
443
- expect(patches.apply(meta_data)).to eq(false)
444
-
445
- meta_data.remote_address = "1.3.3.4"
446
- meta_data.get_dict = {"xss_param" => "<script>"}
447
- expect(patches.apply(meta_data)).to eq(false)
448
-
449
- meta_data.remote_address = "1.3.3.4"
450
- meta_data.get_dict = {"sqli_param" => "Erwin' OR '1'='1"}
451
- expect(patches.apply(meta_data)).to eq(false)
189
+ }
190
+ )
191
+
192
+ expect(@rust_policies.patches_enabled).to eq(true)
193
+ end
452
194
  end
453
- end
454
195
 
455
- context "with example six" do
456
- it "should be disabled" do
457
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
458
- "version" => 1,
459
- "policy_id" => "some uuid",
460
- "data" => {
461
- "block_rules" => [
462
- {
463
- "sensor_matches" => {
464
- "xss" => {},
465
- "sqli" => {}
196
+ context 'with a malformed block rule and a well formed block rule' do
197
+ it 'should ignore the block rule' do
198
+ expect(TCellAgent).to_not receive(:logger)
199
+
200
+ @rust_policies.update_policies(
201
+ {
202
+ 'patches' => {
203
+ 'policy_id' => 'policy_id',
204
+ 'version' => 1,
205
+ 'data' => {
206
+ 'block_rules' => [
207
+ { 'assume_this_is_ill_formed' => 'ill_formed' },
208
+ { 'assume_this_is_well_formed' => 'well_formed' }
209
+ ]
466
210
  }
467
211
  }
468
- ]
469
- }
470
- })
212
+ }
213
+ )
471
214
 
472
- expect(patches.enabled).to eq(false)
473
- expect(patches.block_rules.size).to eq(0)
215
+ expect(@rust_policies.patches_enabled).to eq(true)
216
+ end
474
217
  end
475
- end
476
218
 
477
- context "with example seven" do
478
- it "should be enabled" do
479
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
480
- "version" => 1,
481
- "policy_id" => "some uuid",
482
- "data" => {
483
- "blocked_ips" => [{"ip" => "1.1.1.1"}, {"ip" => "2.2.2.2"}],
484
- "block_rules" => [
485
- {
486
- "ips" => ["3.3.3.3"]
219
+ context 'with a wrong version number' do
220
+ xit 'should have ip blocking disabled' do
221
+ expect(TCellAgent).to_not receive(:logger)
222
+
223
+ @rust_policies.update_policies(
224
+ {
225
+ 'patches' => {
226
+ 'policy_id' => 'policy_id',
227
+ 'version' => 2,
228
+ 'data' => {
229
+ 'block_rules' => [
230
+ { 'assume_this_is_well_formed' => 'well_formed' }
231
+ ]
232
+ }
487
233
  }
488
- ]
489
- }
490
- })
491
-
492
- expect(patches.enabled).to eq(true)
493
- expect(patches.block_rules.size).to eq(2)
494
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
495
- expect(patches.block_rules[0].rids).to eq(Set.new)
496
- expect(patches.block_rules[1].ips).to eq(Set.new(["3.3.3.3"]))
497
- expect(patches.block_rules[1].rids).to eq(Set.new)
498
-
499
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
500
- expect(injections_matcher.enabled).to eq(false)
501
- expect(injections_matcher.sensors.size).to eq(0)
502
-
503
- injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
504
- expect(injections_matcher.enabled).to eq(false)
505
- expect(injections_matcher.sensors.size).to eq(0)
506
-
507
- meta_data = TCellAgent::Patches::MetaData.new(
508
- "get",
509
- "1.1.1.1",
510
- "route_id",
511
- "session_id",
512
- "user_id",
513
- "transaction_id")
514
- expect(patches.apply(meta_data)).to eq(403)
515
-
516
- meta_data.remote_address = "2.2.2.2"
517
- expect(patches.apply(meta_data)).to eq(403)
518
-
519
- meta_data.remote_address = "3.3.3.3"
520
- expect(patches.apply(meta_data)).to eq(403)
521
- end
522
- end
234
+ }
235
+ )
523
236
 
524
- context "with example eight" do
525
- it "should be enabled" do
526
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
527
- "version" => 1,
528
- "policy_id" => "some uuid",
529
- "data" => {
530
- "block_rules" => [
531
- {
532
- "ips" => ["1.3.3.4"]
533
- },
534
- {
535
- "rids" => ["123213","-3328888"]
536
- }
537
- ]
538
- }
539
- })
540
-
541
- expect(patches.enabled).to eq(true)
542
- expect(patches.block_rules.size).to eq(2)
543
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.3.3.4"]))
544
- expect(patches.block_rules[0].rids).to eq(Set.new)
545
- expect(patches.block_rules[1].ips).to eq(Set.new())
546
- expect(patches.block_rules[1].rids).to eq(Set.new(["123213", "-3328888"]))
547
-
548
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
549
- expect(injections_matcher.enabled).to eq(false)
550
- expect(injections_matcher.sensors.size).to eq(0)
551
-
552
- injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
553
- expect(injections_matcher.enabled).to eq(false)
554
- expect(injections_matcher.sensors.size).to eq(0)
555
-
556
- meta_data = TCellAgent::Patches::MetaData.new(
557
- "get",
558
- "1.3.3.4",
559
- "11111",
560
- "session_id",
561
- "user_id",
562
- "transaction_id")
563
- expect(patches.apply(meta_data)).to eq(403)
564
-
565
- meta_data.remote_address = "1.1.1.1"
566
- meta_data.route_id = "123213"
567
- expect(patches.apply(meta_data)).to eq(403)
568
-
569
- meta_data.remote_address = "1.1.1.1"
570
- meta_data.route_id = "-3328888"
571
- expect(patches.apply(meta_data)).to eq(403)
572
-
573
- meta_data.remote_address = "1.3.3.4"
574
- meta_data.route_id = "-3328888"
575
- expect(patches.apply(meta_data)).to eq(403)
237
+ expect(@rust_policies.patches_enabled).to eq(false)
238
+ end
576
239
  end
577
240
  end
241
+ end
242
+ end
578
243
 
579
- context "with example nine" do
580
- it "should be enabled" do
581
- patches = TCellAgent::Policies::PatchesPolicy.from_json({
582
- "version" => 1,
583
- "policy_id" => "some uuid",
584
- "data" => {
585
- "blocked_ips" => [{"ip" => "1.1.1.1"}, {"ip" => "2.2.2.2"}],
586
- "block_rules" => [
587
- {
588
- "ips" => ["1.1.1.1", "2.2.2.2"]
589
- }
590
- ]
244
+ describe '#block_request?' do
245
+ context 'supports ip blocking' do
246
+ it 'should block blacklisted ip' do
247
+ @rust_policies.update_policies(
248
+ {
249
+ 'patches' => {
250
+ 'version' => 1,
251
+ 'policy_id' => 'some uuid',
252
+ 'data' => {
253
+ 'rules' => [{
254
+ 'id' => 'blocked-ips-rule',
255
+ 'title' => 'Blocked ips rule',
256
+ 'action' => 'BlockIf',
257
+ 'destinations' => { 'check_equals' => [{ 'path' => '*' }] },
258
+ 'ignore' => [],
259
+ 'matches' => [{
260
+ 'all' => [],
261
+ 'any' => [{
262
+ 'ips' => [{
263
+ 'type' => 'IP',
264
+ 'values' => ['1.3.3.4']
265
+ }]
266
+ }]
267
+ }]
268
+ }]
269
+ }
591
270
  }
592
- })
593
-
594
- expect(patches.enabled).to eq(true)
595
- expect(patches.block_rules.size).to eq(2)
596
- expect(patches.block_rules[0].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
597
- expect(patches.block_rules[0].rids).to eq(Set.new)
598
- expect(patches.block_rules[1].ips).to eq(Set.new(["1.1.1.1", "2.2.2.2"]))
599
- expect(patches.block_rules[1].rids).to eq(Set.new)
600
-
601
- injections_matcher = patches.block_rules[0].sensors_matcher.injections_matcher
602
- expect(injections_matcher.enabled).to eq(false)
603
- expect(injections_matcher.sensors.size).to eq(0)
604
-
605
- injections_matcher = patches.block_rules[1].sensors_matcher.injections_matcher
606
- expect(injections_matcher.enabled).to eq(false)
607
- expect(injections_matcher.sensors.size).to eq(0)
608
-
609
- meta_data = TCellAgent::Patches::MetaData.new(
610
- "get",
611
- "1.1.1.1",
612
- "route_id",
613
- "session_id",
614
- "user_id",
615
- "transaction_id")
616
- expect(patches.apply(meta_data)).to eq(403)
617
-
618
- meta_data.remote_address = "2.2.2.2"
619
- expect(patches.apply(meta_data)).to eq(403)
620
- end
271
+ }
272
+ )
273
+
274
+ meta_data = TCellAgent::Patches::MetaData.new(
275
+ 'get',
276
+ '1.3.3.4',
277
+ 'route_id',
278
+ 'session_id',
279
+ 'user_id',
280
+ 'transaction_id',
281
+ 'http://test.com/?some_param=present'
282
+ )
283
+ expect(@rust_policies.block_request?(meta_data)).to eq(true)
284
+
285
+ meta_data = TCellAgent::Patches::MetaData.new(
286
+ 'get',
287
+ '1.1.1.1',
288
+ 'route_id',
289
+ 'session_id',
290
+ 'user_id',
291
+ 'transaction_id',
292
+ 'http://test.com/?some_param=present'
293
+ )
294
+ expect(@rust_policies.block_request?(meta_data)).to eq(false)
621
295
  end
622
296
  end
623
297
  end
624
-
625
298
  end
626
-
627
299
  end
628
300
  end