tcell_agent 0.4.0 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +9 -22
- data/bin/tcell_agent +127 -132
- data/lib/tcell_agent/agent/event_processor.rb +23 -22
- data/lib/tcell_agent/agent/fork_pipe_manager.rb +7 -7
- data/lib/tcell_agent/agent/policy_manager.rb +20 -15
- data/lib/tcell_agent/agent/policy_types.rb +5 -11
- data/lib/tcell_agent/agent/static_agent.rb +5 -1
- data/lib/tcell_agent/agent.rb +6 -4
- data/lib/tcell_agent/api.rb +7 -9
- data/lib/tcell_agent/appsensor/meta_data.rb +11 -4
- data/lib/tcell_agent/authlogic.rb +3 -3
- data/lib/tcell_agent/cmdi.rb +6 -4
- data/lib/tcell_agent/config/unknown_options.rb +3 -1
- data/lib/tcell_agent/configuration.rb +47 -49
- data/lib/tcell_agent/devise.rb +2 -2
- data/lib/tcell_agent/hooks/login_fraud.rb +58 -29
- data/lib/tcell_agent/instrumentation.rb +11 -10
- data/lib/tcell_agent/logger.rb +2 -2
- data/lib/tcell_agent/patches/meta_data.rb +9 -13
- data/lib/tcell_agent/patches.rb +7 -10
- data/lib/tcell_agent/policies/clickjacking_policy.rb +4 -5
- data/lib/tcell_agent/policies/content_security_policy.rb +6 -12
- data/lib/tcell_agent/policies/dataloss_policy.rb +2 -2
- data/lib/tcell_agent/policies/http_redirect_policy.rb +2 -2
- data/lib/tcell_agent/policies/policy.rb +0 -2
- data/lib/tcell_agent/policies/rust_policies.rb +90 -0
- data/lib/tcell_agent/policies/secure_headers_policy.rb +2 -2
- data/lib/tcell_agent/rails/auth/authlogic.rb +42 -24
- data/lib/tcell_agent/rails/auth/devise.rb +44 -23
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +33 -15
- data/lib/tcell_agent/rails/better_ip.rb +1 -1
- data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
- data/lib/tcell_agent/rails/dlp/process_request.rb +1 -1
- data/lib/tcell_agent/rails/dlp.rb +6 -6
- data/lib/tcell_agent/rails/dlp_handler.rb +1 -1
- data/lib/tcell_agent/rails/js_agent_insert.rb +1 -1
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +3 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +10 -9
- data/lib/tcell_agent/rails/routes/grape.rb +6 -6
- data/lib/tcell_agent/rails/routes.rb +8 -11
- data/lib/tcell_agent/rust/libtcellagent-0.11.1.dylib +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-0.6.1.so → libtcellagent-0.11.1.so} +0 -0
- data/lib/tcell_agent/rust/models.rb +16 -0
- data/lib/tcell_agent/rust/tcellagent-0.11.1.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +119 -48
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +17 -20
- data/lib/tcell_agent/sensor_events/command_injection.rb +50 -5
- data/lib/tcell_agent/sensor_events/login_fraud.rb +34 -18
- data/lib/tcell_agent/sensor_events/patches.rb +21 -0
- data/lib/tcell_agent/sensor_events/server_agent.rb +3 -3
- data/lib/tcell_agent/sensor_events/util/utils.rb +4 -3
- data/lib/tcell_agent/servers/puma.rb +2 -2
- data/lib/tcell_agent/servers/unicorn.rb +1 -1
- data/lib/tcell_agent/utils/passwords.rb +28 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/lib/tcell_agent.rb +1 -5
- data/spec/apps/rails-3.2/config/tcell_agent.config +15 -0
- data/spec/apps/rails-3.2/log/development.log +0 -0
- data/spec/apps/rails-3.2/log/test.log +12 -0
- data/spec/apps/rails-4.1/log/test.log +0 -0
- data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +46 -45
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +276 -164
- data/spec/lib/tcell_agent/agent/static_agent_spec.rb +44 -47
- data/spec/lib/tcell_agent/api/api_spec.rb +16 -16
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +131 -116
- data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +55 -51
- data/spec/lib/tcell_agent/cmdi_spec.rb +413 -436
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +145 -128
- data/spec/lib/tcell_agent/configuration_spec.rb +165 -169
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +144 -153
- data/spec/lib/tcell_agent/instrumentation_spec.rb +84 -85
- data/spec/lib/tcell_agent/patches_spec.rb +70 -111
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +313 -244
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +28 -28
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +643 -513
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +55 -102
- data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +111 -134
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +141 -146
- data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +8 -8
- data/spec/lib/tcell_agent/policies/login_policy_spec.rb +15 -17
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +231 -559
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +27 -27
- data/spec/lib/tcell_agent/rails/better_ip_spec.rb +30 -34
- data/spec/lib/tcell_agent/rails/logger_spec.rb +50 -49
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +182 -199
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +110 -84
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +107 -85
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +68 -40
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +81 -67
- data/spec/lib/tcell_agent/rails/responses_spec.rb +33 -37
- data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +116 -121
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +25 -28
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +87 -85
- data/spec/lib/tcell_agent/rails_spec.rb +1 -6
- data/spec/lib/tcell_agent/rust/models_spec.rb +112 -0
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +502 -179
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +44 -33
- data/spec/lib/tcell_agent/sensor_events/dlp_spec.rb +4 -4
- data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +183 -169
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +25 -25
- data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +17 -20
- data/spec/lib/tcell_agent/utils/params_spec.rb +28 -28
- data/spec/lib/tcell_agent/utils/passwords_spec.rb +143 -0
- data/spec/lib/tcell_agent/utils/strings_spec.rb +35 -35
- data/spec/lib/tcell_agent_spec.rb +8 -8
- data/spec/spec_helper.rb +4 -4
- data/spec/support/middleware_helper.rb +10 -10
- data/spec/support/static_agent_overrides.rb +16 -12
- data/tcell_agent.gemspec +17 -33
- metadata +43 -198
- data/LICENSE_libinjection +0 -32
- data/Readme.txt +0 -7
- data/ext/libinjection/extconf.rb +0 -3
- data/ext/libinjection/libinjection.h +0 -65
- data/ext/libinjection/libinjection_html5.c +0 -847
- data/ext/libinjection/libinjection_html5.h +0 -54
- data/ext/libinjection/libinjection_sqli.c +0 -2317
- data/ext/libinjection/libinjection_sqli.h +0 -295
- data/ext/libinjection/libinjection_sqli_data.h +0 -9004
- data/ext/libinjection/libinjection_wrap.c +0 -3525
- data/ext/libinjection/libinjection_xss.c +0 -531
- data/ext/libinjection/libinjection_xss.h +0 -21
- data/lib/tcell_agent/appsensor/injections_matcher.rb +0 -155
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +0 -49
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +0 -67
- data/lib/tcell_agent/appsensor/rules/baserules.json +0 -467
- data/lib/tcell_agent/patches/block_rule.rb +0 -93
- data/lib/tcell_agent/patches/sensors_matcher.rb +0 -31
- data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +0 -23
- data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +0 -23
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +0 -117
- data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +0 -26
- data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +0 -22
- data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +0 -34
- data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +0 -34
- data/lib/tcell_agent/policies/appsensor_policy.rb +0 -49
- data/lib/tcell_agent/policies/command_injection_policy.rb +0 -196
- data/lib/tcell_agent/policies/honeytokens_policy.rb +0 -69
- data/lib/tcell_agent/policies/patches_policy.rb +0 -84
- data/lib/tcell_agent/rust/libtcellagent-0.6.1.dylib +0 -0
- data/lib/tcell_agent/rust/tcellagent-0.6.1.dll +0 -0
- data/spec/apps/rails-3.2/Gemfile +0 -25
- data/spec/apps/rails-3.2/Gemfile.lock +0 -126
- data/spec/apps/rails-3.2/Rakefile +0 -7
- data/spec/apps/rails-3.2/app/assets/images/rails.png +0 -0
- data/spec/apps/rails-3.2/app/assets/javascripts/application.js +0 -15
- data/spec/apps/rails-3.2/app/assets/stylesheets/application.css +0 -13
- data/spec/apps/rails-3.2/app/controllers/application_controller.rb +0 -3
- data/spec/apps/rails-3.2/app/controllers/t_cell_app_controller.rb +0 -5
- data/spec/apps/rails-3.2/app/helpers/application_helper.rb +0 -2
- data/spec/apps/rails-3.2/app/views/layouts/application.html.erb +0 -14
- data/spec/apps/rails-3.2/app/views/t_cell_app/index.html.erb +0 -1
- data/spec/apps/rails-3.2/config/application.rb +0 -63
- data/spec/apps/rails-3.2/config/boot.rb +0 -6
- data/spec/apps/rails-3.2/config/environment.rb +0 -5
- data/spec/apps/rails-3.2/config/environments/test.rb +0 -37
- data/spec/apps/rails-3.2/config/routes.rb +0 -11
- data/spec/apps/rails-3.2/config.ru +0 -4
- data/spec/apps/rails-4.1/Gemfile +0 -7
- data/spec/apps/rails-4.1/Gemfile.lock +0 -114
- data/spec/apps/rails-4.1/Rakefile +0 -6
- data/spec/apps/rails-4.1/app/assets/javascripts/application.js +0 -16
- data/spec/apps/rails-4.1/app/assets/stylesheets/application.css +0 -15
- data/spec/apps/rails-4.1/app/controllers/application_controller.rb +0 -5
- data/spec/apps/rails-4.1/app/controllers/t_cell_app_controller.rb +0 -5
- data/spec/apps/rails-4.1/app/helpers/application_helper.rb +0 -2
- data/spec/apps/rails-4.1/app/views/layouts/application.html.erb +0 -14
- data/spec/apps/rails-4.1/app/views/t_cell_app/index.html.erb +0 -1
- data/spec/apps/rails-4.1/config/application.rb +0 -24
- data/spec/apps/rails-4.1/config/boot.rb +0 -4
- data/spec/apps/rails-4.1/config/environment.rb +0 -5
- data/spec/apps/rails-4.1/config/environments/test.rb +0 -41
- data/spec/apps/rails-4.1/config/initializers/assets.rb +0 -8
- data/spec/apps/rails-4.1/config/initializers/backtrace_silencers.rb +0 -7
- data/spec/apps/rails-4.1/config/initializers/cookies_serializer.rb +0 -3
- data/spec/apps/rails-4.1/config/initializers/filter_parameter_logging.rb +0 -4
- data/spec/apps/rails-4.1/config/initializers/inflections.rb +0 -16
- data/spec/apps/rails-4.1/config/initializers/mime_types.rb +0 -4
- data/spec/apps/rails-4.1/config/initializers/session_store.rb +0 -3
- data/spec/apps/rails-4.1/config/initializers/wrap_parameters.rb +0 -14
- data/spec/apps/rails-4.1/config/locales/en.yml +0 -23
- data/spec/apps/rails-4.1/config/routes.rb +0 -12
- data/spec/apps/rails-4.1/config/secrets.yml +0 -22
- data/spec/apps/rails-4.1/config.ru +0 -4
- data/spec/controllers/application_controller.rb +0 -12
- data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +0 -522
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +0 -23
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +0 -159
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +0 -458
- data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +0 -35
- data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +0 -139
- data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +0 -139
- data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +0 -167
- data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +0 -139
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +0 -246
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +0 -882
- data/spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb +0 -22
@@ -1,26 +1,37 @@
|
|
1
1
|
if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
|
2
2
|
module TCellAgent
|
3
|
-
|
4
3
|
require 'base64'
|
5
4
|
require 'tcell_agent/agent'
|
6
5
|
require 'tcell_agent/sensor_events/login_fraud'
|
7
|
-
require 'tcell_agent/policies/appsensor_policy'
|
8
6
|
|
9
7
|
module DeviseInstrumentation
|
10
8
|
module TCellFailureAppRespond
|
11
9
|
def respond
|
12
|
-
TCellAgent::Instrumentation.safe_block(
|
13
|
-
if
|
10
|
+
TCellAgent::Instrumentation.safe_block('Devise Failure App Respond') do
|
11
|
+
if TCellAgent.configuration.enabled &&
|
12
|
+
TCellAgent.configuration.should_intercept_requests?
|
14
13
|
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
15
14
|
if tcell_data
|
16
|
-
# in the case of http auth,
|
15
|
+
# in the case of http auth, user_id is set in
|
17
16
|
# Devise::Strategies::Authenticatable.valid_for_http_auth?
|
18
17
|
user_id = tcell_data.user_id
|
19
|
-
user_id
|
18
|
+
user_id ||= _get_tcell_username
|
19
|
+
|
20
|
+
# in the case of http auth, password is set in
|
21
|
+
# Devise::Strategies::Authenticatable.valid_for_http_auth?
|
22
|
+
password = tcell_data.password
|
23
|
+
password ||= _get_tcell_password
|
20
24
|
|
21
25
|
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
22
|
-
if
|
23
|
-
TCellAgent.send_event(
|
26
|
+
if login_fraud_policy && login_fraud_policy.login_failed_enabled
|
27
|
+
TCellAgent.send_event(
|
28
|
+
TCellAgent::SensorEvents::LoginFailure.new(
|
29
|
+
request.env,
|
30
|
+
tcell_data,
|
31
|
+
user_id,
|
32
|
+
password
|
33
|
+
)
|
34
|
+
)
|
24
35
|
end
|
25
36
|
end
|
26
37
|
|
@@ -31,19 +42,28 @@ if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
|
|
31
42
|
end
|
32
43
|
|
33
44
|
def _get_tcell_username
|
34
|
-
|
35
|
-
TCellAgent::Instrumentation.safe_block(
|
45
|
+
tcell_username = nil
|
46
|
+
TCellAgent::Instrumentation.safe_block('Devise Get TCell Username') do
|
36
47
|
keys = scope_class.authentication_keys.dup
|
37
|
-
user_params = request.POST.fetch(
|
48
|
+
user_params = request.POST.fetch('user', {})
|
38
49
|
keys.each do |key|
|
39
50
|
next_usename = user_params.fetch(key, nil)
|
40
51
|
if next_usename
|
41
|
-
|
42
|
-
|
52
|
+
tcell_username ||= ''
|
53
|
+
tcell_username += next_usename
|
43
54
|
end
|
44
55
|
end
|
45
|
-
|
46
|
-
|
56
|
+
end
|
57
|
+
tcell_username
|
58
|
+
end
|
59
|
+
|
60
|
+
def _get_tcell_password
|
61
|
+
tcell_password = nil
|
62
|
+
TCellAgent::Instrumentation.safe_block('Devise Get TCell Password') do
|
63
|
+
user_params = request.POST.fetch('user', {})
|
64
|
+
tcell_password = user_params['password']
|
65
|
+
end
|
66
|
+
tcell_password
|
47
67
|
end
|
48
68
|
end
|
49
69
|
end
|
@@ -56,11 +76,13 @@ if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
|
|
56
76
|
def valid_for_http_auth?
|
57
77
|
is_valid = tcell_valid_for_http_auth?
|
58
78
|
|
59
|
-
TCellAgent::Instrumentation.safe_block(
|
79
|
+
TCellAgent::Instrumentation.safe_block('Devise set username for http basic auth') do
|
60
80
|
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
61
81
|
if http_auth_hash && tcell_data
|
62
82
|
username = http_auth_hash[http_authentication_key]
|
83
|
+
password = http_auth_hash[:password]
|
63
84
|
tcell_data.user_id = username if username && !tcell_data.user_id
|
85
|
+
tcell_data.password = password if password && !tcell_data.password
|
64
86
|
end
|
65
87
|
end
|
66
88
|
|
@@ -71,22 +93,23 @@ if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
|
|
71
93
|
def validate(resource, &block)
|
72
94
|
is_valid = tcell_validate(resource, &block)
|
73
95
|
|
74
|
-
TCellAgent::Instrumentation.safe_block(
|
75
|
-
if
|
96
|
+
TCellAgent::Instrumentation.safe_block('Devise Authenticatable Validate') do
|
97
|
+
if is_valid && TCellAgent.configuration.enabled &&
|
98
|
+
TCellAgent.configuration.should_intercept_requests?
|
76
99
|
username = nil
|
77
100
|
(authentication_keys || []).each do |auth_key|
|
78
101
|
attr = authentication_hash[auth_key]
|
79
102
|
if attr
|
80
|
-
username ||=
|
103
|
+
username ||= ''
|
81
104
|
username += attr
|
82
105
|
end
|
83
106
|
end
|
84
107
|
|
85
108
|
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
86
|
-
if
|
109
|
+
if login_fraud_policy && login_fraud_policy.login_success_enabled
|
87
110
|
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
88
111
|
if tcell_data
|
89
|
-
TCellAgent.send_event(TCellAgent::SensorEvents::LoginSuccess.new(request.env, tcell_data, username))
|
112
|
+
TCellAgent.send_event(TCellAgent::SensorEvents::LoginSuccess.new(request.env, tcell_data, username, nil))
|
90
113
|
end
|
91
114
|
end
|
92
115
|
end
|
@@ -94,8 +117,6 @@ if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
|
|
94
117
|
|
95
118
|
is_valid
|
96
119
|
end
|
97
|
-
|
98
120
|
end
|
99
|
-
|
100
121
|
end
|
101
122
|
end
|
@@ -3,30 +3,42 @@ if TCellAgent.configuration.should_instrument_doorkeeper?
|
|
3
3
|
if defined?(Doorkeeper)
|
4
4
|
require 'tcell_agent/agent'
|
5
5
|
require 'tcell_agent/sensor_events/login_fraud'
|
6
|
-
require 'tcell_agent/policies/appsensor_policy'
|
7
|
-
require 'tcell_agent/sensor_events/login_fraud'
|
8
6
|
|
9
7
|
module TCellAgent
|
10
8
|
module DoorkeeperInstrumentation
|
11
|
-
|
12
9
|
Doorkeeper::TokensController.class_eval do
|
13
10
|
alias_method :tcell_authorize_response, :authorize_response
|
14
11
|
def authorize_response
|
15
12
|
result = tcell_authorize_response
|
16
13
|
|
17
|
-
TCellAgent::Instrumentation.safe_block(
|
18
|
-
if
|
14
|
+
TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
|
15
|
+
if TCellAgent.configuration.enabled &&
|
16
|
+
TCellAgent.configuration.should_intercept_requests?
|
19
17
|
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
20
|
-
if
|
18
|
+
if login_fraud_policy &&
|
19
|
+
login_fraud_policy.enabled &&
|
20
|
+
login_fraud_policy.login_failed_enabled
|
21
21
|
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
22
|
+
|
22
23
|
if tcell_data
|
24
|
+
password = nil
|
23
25
|
if result.is_a?(Doorkeeper::OAuth::TokenResponse)
|
24
26
|
TCellAgent.send_event(
|
25
|
-
TCellAgent::SensorEvents::LoginSuccess.new(
|
27
|
+
TCellAgent::SensorEvents::LoginSuccess.new(
|
28
|
+
request.env,
|
29
|
+
tcell_data,
|
30
|
+
result.token.resource_owner_id,
|
31
|
+
password
|
32
|
+
)
|
26
33
|
)
|
27
34
|
elsif result.is_a?(Doorkeeper::OAuth::ErrorResponse)
|
28
35
|
TCellAgent.send_event(
|
29
|
-
TCellAgent::SensorEvents::LoginFailure.new(
|
36
|
+
TCellAgent::SensorEvents::LoginFailure.new(
|
37
|
+
request.env,
|
38
|
+
tcell_data,
|
39
|
+
request.POST['client_id'],
|
40
|
+
password
|
41
|
+
)
|
30
42
|
)
|
31
43
|
end
|
32
44
|
|
@@ -43,15 +55,24 @@ if TCellAgent.configuration.should_instrument_doorkeeper?
|
|
43
55
|
def new
|
44
56
|
super if defined?(super)
|
45
57
|
|
46
|
-
TCellAgent::Instrumentation.safe_block(
|
47
|
-
if
|
58
|
+
TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
|
59
|
+
if TCellAgent.configuration.enabled &&
|
60
|
+
TCellAgent.configuration.should_intercept_requests?
|
48
61
|
if pre_auth.error
|
49
62
|
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
|
50
|
-
if
|
63
|
+
if login_fraud_policy &&
|
64
|
+
login_fraud_policy.enabled &&
|
65
|
+
login_fraud_policy.login_failed_enabled
|
51
66
|
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
52
67
|
if tcell_data && pre_auth.error
|
68
|
+
password = nil
|
53
69
|
TCellAgent.send_event(
|
54
|
-
TCellAgent::SensorEvents::LoginFailure.new(
|
70
|
+
TCellAgent::SensorEvents::LoginFailure.new(
|
71
|
+
request.env,
|
72
|
+
tcell_data,
|
73
|
+
current_resource_owner.id,
|
74
|
+
password
|
75
|
+
)
|
55
76
|
)
|
56
77
|
end
|
57
78
|
end
|
@@ -64,9 +85,6 @@ if TCellAgent.configuration.should_instrument_doorkeeper?
|
|
64
85
|
# prepend is ruby 2+ feature
|
65
86
|
Doorkeeper::AuthorizationsController.send(:prepend, TCellAuthorizationsNew)
|
66
87
|
end
|
67
|
-
|
68
88
|
end
|
69
|
-
|
70
89
|
end
|
71
|
-
|
72
90
|
end
|
@@ -11,7 +11,7 @@ module TCellAgent
|
|
11
11
|
TCellAgent::Instrumentation.safe_block("Extracting reverse proxy IP") do
|
12
12
|
reverse_proxy_header = TCellAgent.configuration.reverse_proxy_ip_address_header
|
13
13
|
if TCellAgent::Utils::Strings.present?(reverse_proxy_header)
|
14
|
-
reverse_proxy_header = "HTTP_" + reverse_proxy_header.upcase().
|
14
|
+
reverse_proxy_header = "HTTP_" + reverse_proxy_header.upcase().tr('-','_')
|
15
15
|
else
|
16
16
|
reverse_proxy_header = "HTTP_X_FORWARDED_FOR"
|
17
17
|
end
|
@@ -5,8 +5,8 @@ module TCellAgent
|
|
5
5
|
module CsrfExceptionReporter
|
6
6
|
def handle_unverified_request
|
7
7
|
TCellAgent::Instrumentation.safe_block("AppSensor CSRF Exception processing") do
|
8
|
-
|
9
|
-
if
|
8
|
+
rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::Rust)
|
9
|
+
if rust_policies && rust_policies.appfirewall_enabled
|
10
10
|
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
11
11
|
if tcell_data
|
12
12
|
tcell_data.csrf_exception_name = ActionController::InvalidAuthenticityToken.name
|
@@ -59,7 +59,7 @@ module TCellAgent
|
|
59
59
|
if tcell_context && dataex_policy && dataex_policy.has_actions_for_headers?
|
60
60
|
headers = request.env.select {|k,v| k.start_with? 'HTTP_'}
|
61
61
|
headers.each { |header_name, header_value|
|
62
|
-
header_name = header_name.sub(/^HTTP_/, '').
|
62
|
+
header_name = header_name.sub(/^HTTP_/, '').tr('_','-')
|
63
63
|
actions = dataex_policy.get_actions_for_header(header_name)
|
64
64
|
if actions
|
65
65
|
actions.each { |action|
|
@@ -116,9 +116,9 @@ module TCellAgent
|
|
116
116
|
def translate_exception(e, message)
|
117
117
|
result = tcell_translate_exception(e, message)
|
118
118
|
|
119
|
-
TCellAgent::Instrumentation.safe_block("
|
120
|
-
|
121
|
-
if
|
119
|
+
TCellAgent::Instrumentation.safe_block("Set sql_exception_detected in meta") do
|
120
|
+
rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::Rust)
|
121
|
+
if rust_policies && rust_policies.appfirewall_enabled
|
122
122
|
request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
|
123
123
|
tcell_data = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
124
124
|
if tcell_data && result.is_a?(ActiveRecord::StatementInvalid)
|
@@ -189,7 +189,7 @@ module TCellAgent
|
|
189
189
|
def log_enforce(tcell_context, sanitize_string)
|
190
190
|
if TCellAgent.configuration.enabled &&
|
191
191
|
TCellAgent.configuration.should_instrument? &&
|
192
|
-
TCellAgent.configuration.should_intercept_requests?
|
192
|
+
TCellAgent.configuration.should_intercept_requests?
|
193
193
|
if (tcell_context && tcell_context.session_id)
|
194
194
|
session_id_actions = self.get_actions_for_session_id
|
195
195
|
if session_id_actions
|
@@ -225,7 +225,7 @@ module TCellAgent
|
|
225
225
|
def response_body_enforce(tcell_context, sanitize_string)
|
226
226
|
if TCellAgent.configuration.enabled &&
|
227
227
|
TCellAgent.configuration.should_instrument? &&
|
228
|
-
TCellAgent.configuration.should_intercept_requests?
|
228
|
+
TCellAgent.configuration.should_intercept_requests?
|
229
229
|
if (tcell_context && tcell_context.session_id)
|
230
230
|
session_id_actions = self.get_actions_for_session_id
|
231
231
|
if session_id_actions
|
@@ -279,7 +279,7 @@ class Logger
|
|
279
279
|
end
|
280
280
|
end
|
281
281
|
|
282
|
-
TCellAgent::Instrumentation.safe_block_no_log("Handling
|
282
|
+
TCellAgent::Instrumentation.safe_block_no_log("Handling DLP log message filtering") {
|
283
283
|
dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
|
284
284
|
request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
|
285
285
|
if message && dlp_policy && request_env
|
@@ -50,7 +50,7 @@ module TCellAgent
|
|
50
50
|
if dlp_policy && dlp_policy.get_actions_for_session_id
|
51
51
|
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
52
52
|
if tcell_context && tcell_context.session_id
|
53
|
-
dlp_handler =
|
53
|
+
dlp_handler = proc { |tc, resp|
|
54
54
|
self.handle_dlp!(tc, resp)
|
55
55
|
}
|
56
56
|
end
|
@@ -55,7 +55,7 @@ module TCellAgent
|
|
55
55
|
script_insert = "<script src=\"#{script_tag_policy.js_agent_url}\" "
|
56
56
|
script_insert += "tcellapikey=\"#{script_tag_policy.js_agent_api_key}\" "
|
57
57
|
script_insert += "tcellappid=\"#{script_tag_policy.js_agent_app_id}\"#{base_url_vars}></script>\n"
|
58
|
-
js_agent_handler =
|
58
|
+
js_agent_handler = proc { |si, resp|
|
59
59
|
self.handle_js_agent_insert(si, resp)
|
60
60
|
}
|
61
61
|
end
|
@@ -32,9 +32,10 @@ module TCellAgent
|
|
32
32
|
TCellAgent::Instrumentation.safe_block("Setting transaction_id") {
|
33
33
|
env[TCellAgent::Instrumentation::TCELL_ID].transaction_id = SecureRandom.uuid
|
34
34
|
request = Rack::Request.new(env)
|
35
|
-
env[TCellAgent::Instrumentation::TCELL_ID].uri = request.
|
35
|
+
env[TCellAgent::Instrumentation::TCELL_ID].uri = request.url
|
36
|
+
env[TCellAgent::Instrumentation::TCELL_ID].fullpath = request.fullpath
|
36
37
|
if request.request_method
|
37
|
-
env[TCellAgent::Instrumentation::TCELL_ID].request_method = request.request_method
|
38
|
+
env[TCellAgent::Instrumentation::TCELL_ID].request_method = request.request_method
|
38
39
|
end
|
39
40
|
}
|
40
41
|
env["filter_body_set"] = Set.new
|
@@ -35,7 +35,7 @@ module TCellAgent
|
|
35
35
|
if TCellAgent.configuration.should_intercept_requests?
|
36
36
|
TCellAgent::Instrumentation.safe_block("Handling Request") {
|
37
37
|
tcell_response = response
|
38
|
-
unless request.env[TCellAgent::Instrumentation::TCELL_ID].
|
38
|
+
unless request.env[TCellAgent::Instrumentation::TCELL_ID].patches_blocking_triggered
|
39
39
|
tcell_response = self._handle_appsensor_js_agent_and_dlp(request, tcell_response)
|
40
40
|
end
|
41
41
|
tcell_response = self._handle_redirect(request, tcell_response)
|
@@ -117,16 +117,17 @@ module TCellAgent
|
|
117
117
|
status, headers, active_response = response
|
118
118
|
http_redirect_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HttpRedirect)
|
119
119
|
if http_redirect_policy && headers.has_key?("Location")
|
120
|
-
|
121
|
-
|
120
|
+
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
121
|
+
route_id = tcell_context.route_id
|
122
|
+
hmac_session_id = tcell_context.hmac_session_id
|
122
123
|
new_location = http_redirect_policy.enforce(
|
123
124
|
headers["Location"],
|
124
|
-
|
125
|
-
|
126
|
-
|
125
|
+
tcell_context.uri,
|
126
|
+
tcell_context.fullpath,
|
127
|
+
tcell_context.request_method,
|
127
128
|
route_id,
|
128
129
|
status,
|
129
|
-
|
130
|
+
tcell_context.ip_address,
|
130
131
|
hmac_session_id)
|
131
132
|
# Enforcement
|
132
133
|
if (new_location)
|
@@ -185,8 +186,8 @@ module TCellAgent
|
|
185
186
|
defer_appfw_due_to_streaming = true
|
186
187
|
end
|
187
188
|
|
188
|
-
|
189
|
-
if
|
189
|
+
rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::Rust)
|
190
|
+
if rust_policies && rust_policies.appfirewall_enabled
|
190
191
|
event = TCellAgent::SensorEvents::AppSensorMetaEvent.build(
|
191
192
|
request, content_length, status_code, response_headers
|
192
193
|
)
|
@@ -15,7 +15,7 @@ module TCellAgent
|
|
15
15
|
end
|
16
16
|
|
17
17
|
return true
|
18
|
-
rescue
|
18
|
+
rescue StandardError
|
19
19
|
end
|
20
20
|
end
|
21
21
|
|
@@ -30,7 +30,7 @@ module TCellAgent
|
|
30
30
|
route_path = "#{grape_mount_endpoint}#{route_info[:path]}"
|
31
31
|
route_method = route_info[:method]
|
32
32
|
|
33
|
-
route_id = TCellAgent::SensorEvents::Util.calculateRouteId(route_method
|
33
|
+
route_id = TCellAgent::SensorEvents::Util.calculateRouteId(route_method, route_path)
|
34
34
|
TCellAgent.send_event(
|
35
35
|
TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
|
36
36
|
route_path, route_method, route_id, nil, nil
|
@@ -44,13 +44,13 @@ module TCellAgent
|
|
44
44
|
major, minor, tiny = Gem.loaded_specs['grape'].version.to_s.split('.')
|
45
45
|
if major.to_i == 0 && minor.to_i < 16
|
46
46
|
{
|
47
|
-
method
|
48
|
-
path
|
47
|
+
:method => route.route_method,
|
48
|
+
:path => route.route_path
|
49
49
|
}
|
50
50
|
else
|
51
51
|
{
|
52
|
-
method
|
53
|
-
path
|
52
|
+
:method => route.request_method,
|
53
|
+
:path => route.path
|
54
54
|
}
|
55
55
|
end
|
56
56
|
end
|
@@ -65,7 +65,7 @@ module TCellAgent
|
|
65
65
|
end
|
66
66
|
|
67
67
|
class TCellRoute4 < TCellRoute
|
68
|
-
METHODS = %w
|
68
|
+
METHODS = %w[DELETE GET HEAD OPTIONS PATCH POST PUT TRACE CONNECT]
|
69
69
|
|
70
70
|
def report?
|
71
71
|
@route.constraints.has_key?(:request_method) || grape_route?
|
@@ -115,7 +115,7 @@ module TCellAgent
|
|
115
115
|
else
|
116
116
|
tcell_route.route_methods.each do |route_method|
|
117
117
|
route_id =
|
118
|
-
TCellAgent::SensorEvents::Util.calculateRouteId(route_method
|
118
|
+
TCellAgent::SensorEvents::Util.calculateRouteId(route_method, tcell_route.route_path_raw)
|
119
119
|
TCellAgent.send_event(
|
120
120
|
TCellAgent::SensorEvents::AppRoutesSensorEvent.new(
|
121
121
|
tcell_route.route_path, route_method, route_id, nil, tcell_route.route_destination
|
@@ -159,9 +159,8 @@ module TCellAgent
|
|
159
159
|
TCellAgent::Instrumentation::RouteId.update_context(env, parameters, route)
|
160
160
|
end
|
161
161
|
|
162
|
-
|
163
|
-
|
164
|
-
return head(patches_response)
|
162
|
+
if TCellAgent::Instrumentation::Patches.block?(request)
|
163
|
+
return head(403)
|
165
164
|
end
|
166
165
|
|
167
166
|
TCellAgent::DLP.handle_request_dlp_parameters(request)
|
@@ -217,9 +216,8 @@ module TCellAgent
|
|
217
216
|
TCellAgent::Instrumentation::RouteId.update_context(req.env, parameters, route)
|
218
217
|
end
|
219
218
|
|
220
|
-
|
221
|
-
|
222
|
-
return [patches_response, {}, []]
|
219
|
+
if TCellAgent::Instrumentation::Patches.block?(req)
|
220
|
+
return [403, {}, []]
|
223
221
|
end
|
224
222
|
|
225
223
|
TCellAgent::DLP.handle_request_dlp_parameters(req)
|
@@ -249,9 +247,8 @@ module TCellAgent
|
|
249
247
|
|
250
248
|
tcell_request = Rack::Request.new(env)
|
251
249
|
|
252
|
-
|
253
|
-
|
254
|
-
return [patches_response, {}, []]
|
250
|
+
if TCellAgent::Instrumentation::Patches.block?(tcell_request)
|
251
|
+
return [403, {}, []]
|
255
252
|
end
|
256
253
|
|
257
254
|
TCellAgent::DLP.handle_request_dlp_parameters(tcell_request)
|
Binary file
|
Binary file
|
@@ -56,6 +56,22 @@ module TCellAgent
|
|
56
56
|
return request_response
|
57
57
|
end
|
58
58
|
|
59
|
+
def self.create_patches_request(appsensor_meta)
|
60
|
+
post_params = convert_params(appsensor_meta.flattened_post_dict) +
|
61
|
+
convert_params(appsensor_meta.flattened_body_dict)
|
62
|
+
|
63
|
+
{
|
64
|
+
"method" => appsensor_meta.method,
|
65
|
+
"path" => appsensor_meta.path,
|
66
|
+
"remote_address" => appsensor_meta.remote_address,
|
67
|
+
"request_bytes_length" => appsensor_meta.request_content_bytes_len,
|
68
|
+
"query_params" => convert_params(appsensor_meta.flattened_get_dict),
|
69
|
+
"post_params" => post_params,
|
70
|
+
"headers" => convert_params(appsensor_meta.flattened_headers_dict),
|
71
|
+
"cookies" => convert_params(appsensor_meta.flattened_cookie_dict)
|
72
|
+
}
|
73
|
+
end
|
74
|
+
|
59
75
|
end
|
60
76
|
end
|
61
77
|
end
|
Binary file
|