RubyGems - tcell_agent - Versions diffs - 0.4.0 → 1.0.0 - Mend

tcell_agent 0.4.0 → 1.0.0

Files changed (199) hide show

checksums.yaml +4 -4
data/Rakefile +9 -22
data/bin/tcell_agent +127 -132
data/lib/tcell_agent/agent/event_processor.rb +23 -22
data/lib/tcell_agent/agent/fork_pipe_manager.rb +7 -7
data/lib/tcell_agent/agent/policy_manager.rb +20 -15
data/lib/tcell_agent/agent/policy_types.rb +5 -11
data/lib/tcell_agent/agent/static_agent.rb +5 -1
data/lib/tcell_agent/agent.rb +6 -4
data/lib/tcell_agent/api.rb +7 -9
data/lib/tcell_agent/appsensor/meta_data.rb +11 -4
data/lib/tcell_agent/authlogic.rb +3 -3
data/lib/tcell_agent/cmdi.rb +6 -4
data/lib/tcell_agent/config/unknown_options.rb +3 -1
data/lib/tcell_agent/configuration.rb +47 -49
data/lib/tcell_agent/devise.rb +2 -2
data/lib/tcell_agent/hooks/login_fraud.rb +58 -29
data/lib/tcell_agent/instrumentation.rb +11 -10
data/lib/tcell_agent/logger.rb +2 -2
data/lib/tcell_agent/patches/meta_data.rb +9 -13
data/lib/tcell_agent/patches.rb +7 -10
data/lib/tcell_agent/policies/clickjacking_policy.rb +4 -5
data/lib/tcell_agent/policies/content_security_policy.rb +6 -12
data/lib/tcell_agent/policies/dataloss_policy.rb +2 -2
data/lib/tcell_agent/policies/http_redirect_policy.rb +2 -2
data/lib/tcell_agent/policies/policy.rb +0 -2
data/lib/tcell_agent/policies/rust_policies.rb +90 -0
data/lib/tcell_agent/policies/secure_headers_policy.rb +2 -2
data/lib/tcell_agent/rails/auth/authlogic.rb +42 -24
data/lib/tcell_agent/rails/auth/devise.rb +44 -23
data/lib/tcell_agent/rails/auth/doorkeeper.rb +33 -15
data/lib/tcell_agent/rails/better_ip.rb +1 -1
data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
data/lib/tcell_agent/rails/dlp/process_request.rb +1 -1
data/lib/tcell_agent/rails/dlp.rb +6 -6
data/lib/tcell_agent/rails/dlp_handler.rb +1 -1
data/lib/tcell_agent/rails/js_agent_insert.rb +1 -1
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
data/lib/tcell_agent/rails/middleware/context_middleware.rb +3 -2
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +10 -9
data/lib/tcell_agent/rails/routes/grape.rb +6 -6
data/lib/tcell_agent/rails/routes.rb +8 -11
data/lib/tcell_agent/rust/libtcellagent-0.11.1.dylib +0 -0
data/lib/tcell_agent/rust/{libtcellagent-0.6.1.so → libtcellagent-0.11.1.so} +0 -0
data/lib/tcell_agent/rust/models.rb +16 -0
data/lib/tcell_agent/rust/tcellagent-0.11.1.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +119 -48
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +17 -20
data/lib/tcell_agent/sensor_events/command_injection.rb +50 -5
data/lib/tcell_agent/sensor_events/login_fraud.rb +34 -18
data/lib/tcell_agent/sensor_events/patches.rb +21 -0
data/lib/tcell_agent/sensor_events/server_agent.rb +3 -3
data/lib/tcell_agent/sensor_events/util/utils.rb +4 -3
data/lib/tcell_agent/servers/puma.rb +2 -2
data/lib/tcell_agent/servers/unicorn.rb +1 -1
data/lib/tcell_agent/utils/passwords.rb +28 -0
data/lib/tcell_agent/version.rb +1 -1
data/lib/tcell_agent.rb +1 -5
data/spec/apps/rails-3.2/config/tcell_agent.config +15 -0
data/spec/apps/rails-3.2/log/development.log +0 -0
data/spec/apps/rails-3.2/log/test.log +12 -0
data/spec/apps/rails-4.1/log/test.log +0 -0
data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +46 -45
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +276 -164
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +44 -47
data/spec/lib/tcell_agent/api/api_spec.rb +16 -16
data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +131 -116
data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +55 -51
data/spec/lib/tcell_agent/cmdi_spec.rb +413 -436
data/spec/lib/tcell_agent/config/unknown_options_spec.rb +145 -128
data/spec/lib/tcell_agent/configuration_spec.rb +165 -169
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +144 -153
data/spec/lib/tcell_agent/instrumentation_spec.rb +84 -85
data/spec/lib/tcell_agent/patches_spec.rb +70 -111
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +313 -244
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +28 -28
data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +643 -513
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +55 -102
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +111 -134
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +141 -146
data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +8 -8
data/spec/lib/tcell_agent/policies/login_policy_spec.rb +15 -17
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +231 -559
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +27 -27
data/spec/lib/tcell_agent/rails/better_ip_spec.rb +30 -34
data/spec/lib/tcell_agent/rails/logger_spec.rb +50 -49
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +182 -199
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +110 -84
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +107 -85
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +68 -40
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +81 -67
data/spec/lib/tcell_agent/rails/responses_spec.rb +33 -37
data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +116 -121
data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +25 -28
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +87 -85
data/spec/lib/tcell_agent/rails_spec.rb +1 -6
data/spec/lib/tcell_agent/rust/models_spec.rb +112 -0
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +502 -179
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +44 -33
data/spec/lib/tcell_agent/sensor_events/dlp_spec.rb +4 -4
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +183 -169
data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +25 -25
data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +17 -20
data/spec/lib/tcell_agent/utils/params_spec.rb +28 -28
data/spec/lib/tcell_agent/utils/passwords_spec.rb +143 -0
data/spec/lib/tcell_agent/utils/strings_spec.rb +35 -35
data/spec/lib/tcell_agent_spec.rb +8 -8
data/spec/spec_helper.rb +4 -4
data/spec/support/middleware_helper.rb +10 -10
data/spec/support/static_agent_overrides.rb +16 -12
data/tcell_agent.gemspec +17 -33
metadata +43 -198
data/LICENSE_libinjection +0 -32
data/Readme.txt +0 -7
data/ext/libinjection/extconf.rb +0 -3
data/ext/libinjection/libinjection.h +0 -65
data/ext/libinjection/libinjection_html5.c +0 -847
data/ext/libinjection/libinjection_html5.h +0 -54
data/ext/libinjection/libinjection_sqli.c +0 -2317
data/ext/libinjection/libinjection_sqli.h +0 -295
data/ext/libinjection/libinjection_sqli_data.h +0 -9004
data/ext/libinjection/libinjection_wrap.c +0 -3525
data/ext/libinjection/libinjection_xss.c +0 -531
data/ext/libinjection/libinjection_xss.h +0 -21
data/lib/tcell_agent/appsensor/injections_matcher.rb +0 -155
data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +0 -49
data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +0 -67
data/lib/tcell_agent/appsensor/rules/baserules.json +0 -467
data/lib/tcell_agent/patches/block_rule.rb +0 -93
data/lib/tcell_agent/patches/sensors_matcher.rb +0 -31
data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +0 -23
data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +0 -23
data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +0 -117
data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +0 -26
data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +0 -22
data/lib/tcell_agent/policies/appsensor/sqli_sensor.rb +0 -34
data/lib/tcell_agent/policies/appsensor/xss_sensor.rb +0 -34
data/lib/tcell_agent/policies/appsensor_policy.rb +0 -49
data/lib/tcell_agent/policies/command_injection_policy.rb +0 -196
data/lib/tcell_agent/policies/honeytokens_policy.rb +0 -69
data/lib/tcell_agent/policies/patches_policy.rb +0 -84
data/lib/tcell_agent/rust/libtcellagent-0.6.1.dylib +0 -0
data/lib/tcell_agent/rust/tcellagent-0.6.1.dll +0 -0
data/spec/apps/rails-3.2/Gemfile +0 -25
data/spec/apps/rails-3.2/Gemfile.lock +0 -126
data/spec/apps/rails-3.2/Rakefile +0 -7
data/spec/apps/rails-3.2/app/assets/images/rails.png +0 -0
data/spec/apps/rails-3.2/app/assets/javascripts/application.js +0 -15
data/spec/apps/rails-3.2/app/assets/stylesheets/application.css +0 -13
data/spec/apps/rails-3.2/app/controllers/application_controller.rb +0 -3
data/spec/apps/rails-3.2/app/controllers/t_cell_app_controller.rb +0 -5
data/spec/apps/rails-3.2/app/helpers/application_helper.rb +0 -2
data/spec/apps/rails-3.2/app/views/layouts/application.html.erb +0 -14
data/spec/apps/rails-3.2/app/views/t_cell_app/index.html.erb +0 -1
data/spec/apps/rails-3.2/config/application.rb +0 -63
data/spec/apps/rails-3.2/config/boot.rb +0 -6
data/spec/apps/rails-3.2/config/environment.rb +0 -5
data/spec/apps/rails-3.2/config/environments/test.rb +0 -37
data/spec/apps/rails-3.2/config/routes.rb +0 -11
data/spec/apps/rails-3.2/config.ru +0 -4
data/spec/apps/rails-4.1/Gemfile +0 -7
data/spec/apps/rails-4.1/Gemfile.lock +0 -114
data/spec/apps/rails-4.1/Rakefile +0 -6
data/spec/apps/rails-4.1/app/assets/javascripts/application.js +0 -16
data/spec/apps/rails-4.1/app/assets/stylesheets/application.css +0 -15
data/spec/apps/rails-4.1/app/controllers/application_controller.rb +0 -5
data/spec/apps/rails-4.1/app/controllers/t_cell_app_controller.rb +0 -5
data/spec/apps/rails-4.1/app/helpers/application_helper.rb +0 -2
data/spec/apps/rails-4.1/app/views/layouts/application.html.erb +0 -14
data/spec/apps/rails-4.1/app/views/t_cell_app/index.html.erb +0 -1
data/spec/apps/rails-4.1/config/application.rb +0 -24
data/spec/apps/rails-4.1/config/boot.rb +0 -4
data/spec/apps/rails-4.1/config/environment.rb +0 -5
data/spec/apps/rails-4.1/config/environments/test.rb +0 -41
data/spec/apps/rails-4.1/config/initializers/assets.rb +0 -8
data/spec/apps/rails-4.1/config/initializers/backtrace_silencers.rb +0 -7
data/spec/apps/rails-4.1/config/initializers/cookies_serializer.rb +0 -3
data/spec/apps/rails-4.1/config/initializers/filter_parameter_logging.rb +0 -4
data/spec/apps/rails-4.1/config/initializers/inflections.rb +0 -16
data/spec/apps/rails-4.1/config/initializers/mime_types.rb +0 -4
data/spec/apps/rails-4.1/config/initializers/session_store.rb +0 -3
data/spec/apps/rails-4.1/config/initializers/wrap_parameters.rb +0 -14
data/spec/apps/rails-4.1/config/locales/en.yml +0 -23
data/spec/apps/rails-4.1/config/routes.rb +0 -12
data/spec/apps/rails-4.1/config/secrets.yml +0 -22
data/spec/apps/rails-4.1/config.ru +0 -4
data/spec/controllers/application_controller.rb +0 -12
data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +0 -522
data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +0 -23
data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +0 -159
data/spec/lib/tcell_agent/patches/block_rule_spec.rb +0 -458
data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +0 -35
data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +0 -139
data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +0 -139
data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +0 -167
data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +0 -139
data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +0 -246
data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +0 -882
data/spec/lib/tcell_agent/policies/honeytokens_policy_spec.rb +0 -22

data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb DELETED Viewed

@@ -1,882 +0,0 @@
-# encoding: utf-8
-require 'spec_helper'
-module TCellAgent
-  module Policies
-    describe XssSensor do
-      describe "#initialize" do
-        context "default sensor" do
-          it "should have properties set to defaults" do
-            sensor = XssSensor.new
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.libinjection).to eq(false)
-            expect(sensor.detection_point).to eq("xss")
-            expect(sensor.exclude_headers).to eq(false)
-            expect(sensor.exclude_forms).to eq(false)
-            expect(sensor.exclude_cookies).to eq(false)
-            expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq(Set.new)
-            expect(sensor.v1_compatability_enabled).to eq(false)
-          end
-        end
-        context "setting enabled on sensor" do
-          it "should be enabled" do
-            sensor = XssSensor.new({"enabled" => true})
-            expect(sensor.enabled).to eq(true)
-            expect(sensor.libinjection).to eq(false)
-            expect(sensor.detection_point).to eq("xss")
-            expect(sensor.exclude_headers).to eq(false)
-            expect(sensor.exclude_forms).to eq(false)
-            expect(sensor.exclude_cookies).to eq(false)
-            expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq(Set.new)
-            expect(sensor.v1_compatability_enabled).to eq(false)
-          end
-        end
-        context "setting libinjection on sensor" do
-          it "should have libinjection" do
-            sensor = XssSensor.new({"libinjection" => true})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.libinjection).to eq(true)
-            expect(sensor.detection_point).to eq("xss")
-            expect(sensor.exclude_headers).to eq(false)
-            expect(sensor.exclude_forms).to eq(false)
-            expect(sensor.exclude_cookies).to eq(false)
-            expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq(Set.new)
-            expect(sensor.v1_compatability_enabled).to eq(false)
-          end
-        end
-        context "setting exclude_headers on sensor" do
-          it "should have exclude_headers" do
-            sensor = XssSensor.new({"exclude_headers" => true})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.libinjection).to eq(false)
-            expect(sensor.detection_point).to eq("xss")
-            expect(sensor.exclude_headers).to eq(true)
-            expect(sensor.exclude_forms).to eq(false)
-            expect(sensor.exclude_cookies).to eq(false)
-            expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq(Set.new)
-            expect(sensor.v1_compatability_enabled).to eq(false)
-          end
-        end
-        context "setting exclude_forms on sensor" do
-          it "should have exclude_forms" do
-            sensor = XssSensor.new({"exclude_forms" => true})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.libinjection).to eq(false)
-            expect(sensor.detection_point).to eq("xss")
-            expect(sensor.exclude_headers).to eq(false)
-            expect(sensor.exclude_forms).to eq(true)
-            expect(sensor.exclude_cookies).to eq(false)
-            expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq(Set.new)
-            expect(sensor.v1_compatability_enabled).to eq(false)
-          end
-        end
-        context "setting exclude_cookies on sensor" do
-          it "should have exclude_cookies" do
-            sensor = XssSensor.new({"exclude_cookies" => true})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.libinjection).to eq(false)
-            expect(sensor.detection_point).to eq("xss")
-            expect(sensor.exclude_headers).to eq(false)
-            expect(sensor.exclude_forms).to eq(false)
-            expect(sensor.exclude_cookies).to eq(true)
-            expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq(Set.new)
-            expect(sensor.v1_compatability_enabled).to eq(false)
-          end
-        end
-        context "setting exclusions on sensor" do
-          it "should have exclude_cookies" do
-            sensor = XssSensor.new({"exclusions" => {"word" => ["form", "header"]}})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.libinjection).to eq(false)
-            expect(sensor.detection_point).to eq("xss")
-            expect(sensor.exclude_headers).to eq(false)
-            expect(sensor.exclude_forms).to eq(false)
-            expect(sensor.exclude_cookies).to eq(false)
-            expect(sensor.exclusions).to eq(
-              {"word"=>Set.new(["form", "header"])}
-            )
-            expect(sensor.active_pattern_ids).to eq(Set.new)
-            expect(sensor.v1_compatability_enabled).to eq(false)
-          end
-        end
-        context "setting active_pattern_ids on sensor" do
-          it "should have active_pattern_ids" do
-            sensor = XssSensor.new({"patterns" => ["1", "2", "3"]})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.libinjection).to eq(false)
-            expect(sensor.detection_point).to eq("xss")
-            expect(sensor.exclude_headers).to eq(false)
-            expect(sensor.exclude_forms).to eq(false)
-            expect(sensor.exclude_cookies).to eq(false)
-            expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq(
-              Set.new(["1", "2", "3"])
-            )
-            expect(sensor.v1_compatability_enabled).to eq(false)
-          end
-        end
-        context "setting v1_compatability_enabled on sensor" do
-          it "should have v1_compatability_enabled" do
-            sensor = XssSensor.new({"v1_compatability_enabled" => true})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.libinjection).to eq(false)
-            expect(sensor.detection_point).to eq("xss")
-            expect(sensor.exclude_headers).to eq(false)
-            expect(sensor.exclude_forms).to eq(false)
-            expect(sensor.exclude_cookies).to eq(false)
-            expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq(Set.new)
-            expect(sensor.v1_compatability_enabled).to eq(true)
-          end
-        end
-        context "setting excluded_route_ids on sensor" do
-          it "should have excluded_route_ids" do
-            sensor = XssSensor.new({"exclude_routes" => ["excluded_route_id"]})
-            expect(sensor.enabled).to eq(false)
-            expect(sensor.libinjection).to eq(false)
-            expect(sensor.detection_point).to eq("xss")
-            expect(sensor.exclude_headers).to eq(false)
-            expect(sensor.exclude_forms).to eq(false)
-            expect(sensor.exclude_cookies).to eq(false)
-            expect(sensor.exclusions).to eq({})
-            expect(sensor.active_pattern_ids).to eq(Set.new)
-            expect(sensor.v1_compatability_enabled).to eq(false)
-            expect(sensor.excluded_route_ids).to eq(Set.new(["excluded_route_id"]))
-          end
-        end
-      end
-      describe "#find_vulnerability" do
-        before(:each) do
-          @sensor = XssSensor.new({"enabled" => true})
-        end
-        context "with libinjection enabled" do
-          context "with param value that doesn't match any vulnerabilities" do
-            it "should return nil" do
-              @sensor.libinjection = true
-              ruleset = double("ruleset")
-              expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
-              expect(ruleset).to receive(:check_violation).with(
-                "param", "value", Set.new, false
-              ).and_return(nil)
-              expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
-            end
-            context "and it has utf-8 chars" do
-              it "should return nil but not fail miserably" do
-                @sensor.libinjection = true
-                ruleset = double("ruleset")
-                expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
-                expect(ruleset).to receive(:check_violation).with(
-                  "param", "Müller", Set.new, false
-                ).and_return(nil)
-                expect(@sensor.find_vulnerability("param", "Müller")).to eq(nil)
-              end
-            end
-          end
-          context "with param value that matches a vulnerability" do
-            it "should return the param and it's value" do
-              @sensor.libinjection = true
-              expect(@sensor).to_not receive(:get_ruleset)
-              expect(@sensor.find_vulnerability("param_name", "<script>")).to eq(
-                {"param"=>"param_name", "value"=>"<script>", "pattern"=>"li"}
-              )
-            end
-          end
-        end
-        context "with no ruleset" do
-          it "should return nil" do
-            expect(@sensor).to receive(:get_ruleset).and_return(nil)
-            expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
-          end
-        end
-        context "with ruletset" do
-          context "with param value that doesn't match any vulnerabilities" do
-            it "should return nil" do
-              ruleset = double("ruleset")
-              expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
-              expect(ruleset).to receive(:check_violation).with(
-                "param", "value", Set.new, false
-              ).and_return(nil)
-              expect(@sensor.find_vulnerability("param", "value")).to eq(nil)
-            end
-          end
-          context "with param value that matches a vulnerability" do
-            it "should return the param and it's value" do
-              ruleset = double("ruleset")
-              expect(@sensor).to receive(:get_ruleset).and_return(ruleset)
-              expect(ruleset).to receive(:check_violation).with(
-                "param", "value", Set.new, false
-              ).and_return(true)
-              expect(@sensor.find_vulnerability("param", "value")).to eq(true)
-            end
-          end
-        end
-      end
-      describe "#get_injection_attempt" do
-        before(:each) do
-          @appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new(
-            "get",
-            "remote_address",
-            "route_id",
-            "session_id",
-            "user_id",
-            "transaction_id")
-        end
-        context "enabled sensor" do
-          context "param has NO vulnerability" do
-            it "should return false" do
-              sensor = XssSensor.new({"enabled" => true})
-              result = sensor.get_injection_attempt(
-                XssSensor::GET_PARAM,
-                @appsensor_meta,
-                "param_name",
-                "param_value"
-              )
-              expect(result).to eq(false)
-            end
-            context "no excluded routes" do
-              it "should return false" do
-                sensor = XssSensor.new({"enabled" => true, "exclude_routes" => []})
-                result = sensor.get_injection_attempt(
-                  XssSensor::GET_PARAM,
-                  @appsensor_meta,
-                  "param_name",
-                  "param_value"
-                )
-                expect(result).to eq(false)
-              end
-            end
-            context "has excluded routes" do
-              context "route id matches" do
-                it "should return false" do
-                  sensor = XssSensor.new({"enabled" => true, "exclude_routes" => ["route_id"]})
-                  result = sensor.get_injection_attempt(
-                    XssSensor::GET_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value"
-                  )
-                  expect(result).to eq(false)
-                end
-              end
-              context "route id does not match" do
-                it "should return false" do
-                  sensor = XssSensor.new({"enabled" => true, "exclude_routes" => ["unmatching_route_id"]})
-                  result = sensor.get_injection_attempt(
-                    XssSensor::GET_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value"
-                  )
-                  expect(result).to eq(false)
-                end
-              end
-            end
-          end
-          context "param has a vulnerability" do
-            context "param is a URI param" do
-              context "exclude forms sensor" do
-               it "should return false" do
-                  sensor = XssSensor.new({"enabled" => true, "exclude_forms" => true})
-                  expect(sensor).to_not receive(:find_vulnerability)
-                  result = sensor.get_injection_attempt(
-                    XssSensor::URI_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value"
-                  )
-                  expect(result).to eq(false)
-                end
-              end
-              context "exclude cookies sensor" do
-                it "should return the injection attempt" do
-                  sensor = XssSensor.new({"enabled" => true, "exclude_cookies" => true})
-                  expect(sensor).to receive(:find_vulnerability).and_return(
-                    {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                  )
-                  result = sensor.get_injection_attempt(
-                    XssSensor::URI_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value"
-                  )
-                  expect(result.type_of_param).to eq(XssSensor::URI_PARAM)
-                  expect(result.detection_point).to eq(sensor.detection_point)
-                  expect(result.param_name).to eq("vuln_param")
-                  expect(result.param_value).to eq("vuln_value")
-                  expect(result.pattern).to eq("1")
-                end
-              end
-            end
-            context "param is a GET param" do
-              context "exclude forms sensor" do
-                it "should return false" do
-                  sensor = XssSensor.new({"enabled" => true, "exclude_forms" => true})
-                  expect(sensor).to_not receive(:find_vulnerability)
-                  result = sensor.get_injection_attempt(
-                    XssSensor::GET_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value"
-                  )
-                  expect(result).to eq(false)
-                end
-                context "no excluded routes" do
-                  it "should return false" do
-                    sensor = XssSensor.new({"enabled" => true, "exclude_forms" => true, "exclude_routes" => []})
-                    expect(sensor).to_not receive(:find_vulnerability)
-                    result = sensor.get_injection_attempt(
-                      XssSensor::GET_PARAM,
-                      @appsensor_meta,
-                      "param_name",
-                      "param_value"
-                    )
-                    expect(result).to eq(false)
-                  end
-                end
-                context "has excluded routes" do
-                  context "route id matches" do
-                    it "should return false" do
-                      sensor = XssSensor.new({
-                        "enabled" => true,
-                        "exclude_forms" => true,
-                        "exclude_routes" => ["route_id"]
-                      })
-                      expect(sensor).to_not receive(:find_vulnerability)
-                      result = sensor.get_injection_attempt(
-                        XssSensor::GET_PARAM,
-                        @appsensor_meta,
-                        "param_name",
-                        "param_value"
-                      )
-                      expect(result).to eq(false)
-                    end
-                  end
-                  context "route id does not match" do
-                    it "should return false" do
-                      sensor = XssSensor.new({
-                        "enabled" => true,
-                        "exclude_forms" => true,
-                        "exclude_routes" => ["unmatching_route_id"]
-                      })
-                      expect(sensor).to_not receive(:find_vulnerability)
-                      result = sensor.get_injection_attempt(
-                        XssSensor::GET_PARAM,
-                        @appsensor_meta,
-                        "param_name",
-                        "param_value"
-                      )
-                      expect(result).to eq(false)
-                    end
-                  end
-                end
-              end
-              context "exclude cookies sensor" do
-                it "should return true" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_cookies" => true,
-                  })
-                  expect(sensor).to receive(:find_vulnerability).and_return(
-                    {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                  )
-                  result = sensor.get_injection_attempt(
-                    XssSensor::GET_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result.type_of_param).to eq(XssSensor::GET_PARAM)
-                  expect(result.detection_point).to eq(sensor.detection_point)
-                  expect(result.param_name).to eq("vuln_param")
-                  expect(result.param_value).to eq("vuln_value")
-                  expect(result.pattern).to eq("1")
-                end
-                context "no excluded routes" do
-                  it "should return true" do
-                    sensor = XssSensor.new({
-                      "enabled" => true,
-                      "exclude_cookies" => true,
-                      "exclude_routes" => []
-                    })
-                    expect(sensor).to receive(:find_vulnerability).and_return(
-                      {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                    )
-                    result = sensor.get_injection_attempt(
-                      XssSensor::GET_PARAM,
-                      @appsensor_meta,
-                      "param_name",
-                      "param_value"
-                    )
-                    expect(result.type_of_param).to eq(XssSensor::GET_PARAM)
-                    expect(result.detection_point).to eq(sensor.detection_point)
-                    expect(result.param_name).to eq("vuln_param")
-                    expect(result.param_value).to eq("vuln_value")
-                    expect(result.pattern).to eq("1")
-                  end
-                end
-                context "has excluded routes" do
-                  context "route id matches" do
-                    it "should return false" do
-                      sensor = XssSensor.new({
-                        "enabled" => true,
-                        "exclude_cookies" => true,
-                        "exclude_routes" => ["route_id"]
-                      })
-                      expect(sensor).to_not receive(:find_vulnerability)
-                      result = sensor.get_injection_attempt(
-                        XssSensor::GET_PARAM,
-                        @appsensor_meta,
-                        "param_name",
-                        "param_value"
-                      )
-                      expect(result).to eq(false)
-                    end
-                  end
-                  context "route id does not match" do
-                    it "should return true" do
-                      sensor = XssSensor.new({
-                        "enabled" => true,
-                        "exclude_cookies" => true,
-                        "exclude_routes" => ["unmatching_route_id"]
-                      })
-                      expect(sensor).to receive(:find_vulnerability).and_return(
-                        {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                      )
-                      result = sensor.get_injection_attempt(
-                        XssSensor::GET_PARAM,
-                        @appsensor_meta,
-                        "param_name",
-                        "param_value"
-                      )
-                      expect(result.type_of_param).to eq(XssSensor::GET_PARAM)
-                      expect(result.detection_point).to eq(sensor.detection_point)
-                      expect(result.param_name).to eq("vuln_param")
-                      expect(result.param_value).to eq("vuln_value")
-                      expect(result.pattern).to eq("1")
-                    end
-                  end
-                end
-              end
-              context "exclude headers sensor" do
-                it "should return true" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_headers" => true,
-                  })
-                  expect(sensor).to receive(:find_vulnerability).and_return(
-                    {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                  )
-                  result = sensor.get_injection_attempt(
-                    XssSensor::GET_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result.type_of_param).to eq(XssSensor::GET_PARAM)
-                  expect(result.detection_point).to eq(sensor.detection_point)
-                  expect(result.param_name).to eq("vuln_param")
-                  expect(result.param_value).to eq("vuln_value")
-                  expect(result.pattern).to eq("1")
-                end
-              end
-            end
-            context "param is a POST param" do
-              context "exclude forms sensor" do
-                it "should return false" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_forms" => true
-                  })
-                  expect(sensor).to_not receive(:find_vulnerability)
-                  result = sensor.get_injection_attempt(
-                    XssSensor::POST_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result).to eq(false)
-                end
-              end
-              context "exclude cookies sensor" do
-                it "should return true" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_cookies" => true
-                  })
-                  expect(sensor).to receive(:find_vulnerability).and_return(
-                    {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                  )
-                  result = sensor.get_injection_attempt(
-                    XssSensor::POST_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result.type_of_param).to eq(XssSensor::POST_PARAM)
-                  expect(result.detection_point).to eq(sensor.detection_point)
-                  expect(result.param_name).to eq("vuln_param")
-                  expect(result.param_value).to eq("vuln_value")
-                  expect(result.pattern).to eq("1")
-                end
-              end
-              context "exclude headers sensor" do
-                it "should return true" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_headers" => true,
-                  })
-                  expect(sensor).to receive(:find_vulnerability).and_return(
-                    {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                  )
-                  result = sensor.get_injection_attempt(
-                    XssSensor::POST_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result.type_of_param).to eq(XssSensor::POST_PARAM)
-                  expect(result.detection_point).to eq(sensor.detection_point)
-                  expect(result.param_name).to eq("vuln_param")
-                  expect(result.param_value).to eq("vuln_value")
-                  expect(result.pattern).to eq("1")
-                end
-              end
-            end
-            context "param is a JSON param" do
-              context "exclude forms sensor" do
-                it "should return false" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_forms" => true
-                  })
-                  expect(sensor).to_not receive(:find_vulnerability)
-                  result = sensor.get_injection_attempt(
-                    XssSensor::JSON_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result).to eq(false)
-                end
-              end
-              context "exclude cookies sensor" do
-                it "should return true" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_cookies" => true
-                  })
-                  expect(sensor).to receive(:find_vulnerability).and_return(
-                    {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                  )
-                  result = sensor.get_injection_attempt(
-                    XssSensor::JSON_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result.type_of_param).to eq(XssSensor::JSON_PARAM)
-                  expect(result.detection_point).to eq(sensor.detection_point)
-                  expect(result.param_name).to eq("vuln_param")
-                  expect(result.param_value).to eq("vuln_value")
-                  expect(result.pattern).to eq("1")
-                end
-              end
-              context "exclude headers sensor" do
-                it "should return true" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_headers" => true,
-                  })
-                  expect(sensor).to receive(:find_vulnerability).and_return(
-                    {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                  )
-                  result = sensor.get_injection_attempt(
-                    XssSensor::JSON_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result.type_of_param).to eq(XssSensor::JSON_PARAM)
-                  expect(result.detection_point).to eq(sensor.detection_point)
-                  expect(result.param_name).to eq("vuln_param")
-                  expect(result.param_value).to eq("vuln_value")
-                  expect(result.pattern).to eq("1")
-                end
-              end
-            end
-            context "param is a COOKIE param" do
-              context "exclude forms sensor" do
-                it "should return true" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_forms" => true
-                  })
-                  expect(sensor).to receive(:find_vulnerability).and_return(
-                    {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                  )
-                  result = sensor.get_injection_attempt(
-                    XssSensor::COOKIE_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result.type_of_param).to eq(XssSensor::COOKIE_PARAM)
-                  expect(result.detection_point).to eq(sensor.detection_point)
-                  expect(result.param_name).to eq("vuln_param")
-                  expect(result.param_value).to eq("vuln_value")
-                  expect(result.pattern).to eq("1")
-                end
-              end
-              context "exclude cookies sensor" do
-                it "should return false" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_cookies" => true
-                  })
-                  expect(sensor).to_not receive(:find_vulnerability)
-                  result = sensor.get_injection_attempt(
-                    XssSensor::COOKIE_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result).to eq(false)
-                end
-              end
-              context "exclude headers sensor" do
-                it "should return true" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_headers" => true,
-                  })
-                  expect(sensor).to receive(:find_vulnerability).and_return(
-                    {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                  )
-                  result = sensor.get_injection_attempt(
-                    XssSensor::COOKIE_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result.type_of_param).to eq(XssSensor::COOKIE_PARAM)
-                  expect(result.detection_point).to eq(sensor.detection_point)
-                  expect(result.param_name).to eq("vuln_param")
-                  expect(result.param_value).to eq("vuln_value")
-                  expect(result.pattern).to eq("1")
-                end
-              end
-            end
-            context "param is a HEADER param" do
-              context "exclude forms sensor" do
-                it "should return true" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_forms" => true
-                  })
-                  expect(sensor).to receive(:find_vulnerability).and_return(
-                    {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                  )
-                  result = sensor.get_injection_attempt(
-                    XssSensor::HEADER_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result.type_of_param).to eq(XssSensor::HEADER_PARAM)
-                  expect(result.detection_point).to eq(sensor.detection_point)
-                  expect(result.param_name).to eq("vuln_param")
-                  expect(result.param_value).to eq("vuln_value")
-                  expect(result.pattern).to eq("1")
-                end
-              end
-              context "exclude cookies sensor" do
-                it "should return true" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_cookies" => true
-                  })
-                  expect(sensor).to receive(:find_vulnerability).and_return(
-                    {"param" => "vuln_param", "value" => "vuln_value", "pattern" => "1"}
-                  )
-                  result = sensor.get_injection_attempt(
-                    XssSensor::HEADER_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result.type_of_param).to eq(XssSensor::HEADER_PARAM)
-                  expect(result.detection_point).to eq(sensor.detection_point)
-                  expect(result.param_name).to eq("vuln_param")
-                  expect(result.param_value).to eq("vuln_value")
-                  expect(result.pattern).to eq("1")
-                end
-              end
-              context "exclude headers sensor" do
-                it "should return true" do
-                  sensor = XssSensor.new({
-                    "enabled" => true,
-                    "exclude_headers" => true,
-                  })
-                  expect(sensor).to_not receive(:find_vulnerability)
-                  result = sensor.get_injection_attempt(
-                    XssSensor::HEADER_PARAM,
-                    @appsensor_meta,
-                    "param_name",
-                    "param_value",
-                  )
-                  expect(result).to eq(false)
-                end
-              end
-            end
-          end
-        end
-      end
-      describe "#applicable_for_param_type?" do
-        it "should be applicable for all param types" do
-          sensor = XssSensor.new
-          expect(sensor.applicable_for_param_type?(InjectionSensor::GET_PARAM)).to eq(true)
-          expect(sensor.applicable_for_param_type?(InjectionSensor::POST_PARAM)).to eq(true)
-          expect(sensor.applicable_for_param_type?(InjectionSensor::JSON_PARAM)).to eq(true)
-          expect(sensor.applicable_for_param_type?(InjectionSensor::COOKIE_PARAM)).to eq(true)
-          expect(sensor.applicable_for_param_type?(InjectionSensor::URI_PARAM)).to eq(true)
-        end
-      end
-    end
-  end
-end