tcell_agent 0.4.0 → 1.0.0

data/lib/tcell_agent/rust/whisperer.rb

@@ -1,3 +1,4 @@
+require 'tcell_agent/rust/models'
 require 'tcell_agent/logger'
 
 
@@ -8,23 +9,48 @@ module TCellAgent
     module Wrapper
       extend FFI::Library
 
-      begin
-        VERSION = "0.6.1"
-        prefix = "lib"
-        extension = ".so"
-        if /cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM
-          extension = ".dll"
-          prefix = ""
-        elsif /darwin/ =~ RUBY_PLATFORM
-          extension = ".dylib"
-        end
+      VERSION = "0.11.1"
+      prefix = "lib"
+      extension = ".so"
+      if /cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM
+        extension = ".dll"
+        prefix = ""
+      elsif /darwin/ =~ RUBY_PLATFORM
+        extension = ".dylib"
+      end
 
+      begin
         ffi_lib File.join(File.dirname(__FILE__), "#{prefix}tcellagent-#{VERSION}#{extension}")
-        attach_function :cmdi_parse_sh, [:pointer, :size_t, :pointer, :size_t], :int
 
-        attach_function :appfirewall_policy_init, [:pointer, :size_t, :pointer, :size_t, :pointer, :size_t], :int
-        attach_function :appfirewall_policy_apply, [:pointer, :pointer, :size_t, :pointer, :size_t], :int
-        attach_function :appfirewall_free, [:pointer], :void
+        # result [int]: 0+ length of buffer_out answer
+        #               -1 general error
+        #               -2 buffer_out is not big enough for response
+        #               -3 buffer_out is null
+        attach_function :create_agent, [:pointer, :size_t, :pointer, :size_t], :int
+
+        # result [int]: 0+ length of buffer_out answer
+        #               -1 general error
+        #               -2 buffer_out is not big enough for response
+        #               -3 buffer_out is null
+        attach_function :update_policies, [:pointer, :pointer, :size_t, :pointer, :size_t], :int
+
+        # result [int]: 0+ length of buffer_out answer
+        #               -1 general error
+        #               -2 buffer_out is not big enough for response
+        #               -3 buffer_out is null
+        attach_function :appfirewall_apply, [:pointer, :pointer, :size_t, :pointer, :size_t], :int
+
+        # result [int]: 0+ length of buffer_out answer
+        #               -1 general error
+        #               -2 buffer_out is not big enough for response
+        #               -3 buffer_out is null
+        attach_function :patches_apply, [:pointer, :pointer, :size_t, :pointer, :size_t], :int
+
+        # result [int]: 0+ length of buffer_out answer
+        #               -1 general error
+        #               -2 buffer_out is not big enough for response
+        #               -3 buffer_out is null
+        attach_function :cmdi_apply, [:pointer, :pointer, :size_t, :pointer, :size_t], :int
 
         def self.common_lib_available?
           true
@@ -41,71 +67,116 @@ module TCellAgent
     end
 
     module Whisperer
-      def self.convert_result(result_size, result)
-        begin
-          return JSON.parse(result.get_string(0, result_size)) if result_size >= 0
-        rescue JSON::ParserError
-          # don't log the actual error since it might contain payload information
-          TCellAgent.logger.error("JSON::ParserError ocurred when trying to parse native lib response")
+      def self.convert_result(function_called, result_size, result)
+        if result_size < 0
+          TCellAgent.logger.error(
+            "Error response from `#{function_called}` in native library: #{result_size}"
+          )
+        else
+          begin
+            return JSON.parse(result.get_string(0, result_size))
+          rescue JSON::ParserError
+            # don't log the actual error since it might contain payload information
+            TCellAgent.logger.error(
+              "Could not parse json response from `#{function_called}` in native library."
+            )
+          end
         end
 
         return {}
       end
 
-      def self.parse_cmd(cmd)
-        if TCellAgent::Rust::Wrapper.common_lib_available? &&
-            TCellAgent::Utils::Strings.present?(cmd)
-          cmd_pointer = FFI::MemoryPointer.from_string(cmd)
+      def self.create_agent()
+        if TCellAgent::Rust::Wrapper.common_lib_available?
+          agent_config = {
+            "appfirewall" => {
+              "enable_body_xxe_inspection" => false,
+              "enable_body_json_inspection" => false,
+              "allow_send_payloads" => TCellAgent.configuration.allow_payloads,
+              "allow_log_payloads" => true
+            }
+          }
+          config_pointer = FFI::MemoryPointer.from_string(JSON.dump(agent_config))
 
           buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
-
-          # cmd_pointer.size - 1: strips null terminator
-          result_size = TCellAgent::Rust::Wrapper.cmdi_parse_sh(cmd_pointer, cmd_pointer.size - 1, buf, buf.size)
-          return self.convert_result(result_size, buf)
+          # config_pointer.size - 1: strips null terminator
+          result_size = TCellAgent::Rust::Wrapper.create_agent(
+            config_pointer, config_pointer.size - 1, buf, buf.size
+          )
+          return self.convert_result("create_agent", result_size, buf)
         end
 
         return {}
       end
 
-      def self.init_appfirewall(policy, allow_payloads)
-        if TCellAgent::Rust::Wrapper.common_lib_available? && policy
-          policy_pointer = FFI::MemoryPointer.from_string(JSON.dump(policy))
-          config_pointer = FFI::MemoryPointer.from_string(JSON.dump({"allow_send_payloads" => allow_payloads}))
+      def self.update_policies(agent_ptr, policies)
+        if TCellAgent::Rust::Wrapper.common_lib_available? &&
+            agent_ptr &&
+            TCellAgent::Utils::Strings.present?(policies)
+          policies_pointer = FFI::MemoryPointer.from_string(JSON.dump(policies))
 
           buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
-          # policy_pointer.size - 1: strips null terminator
-          # config_pointer.size - 1: strips null terminator
-          result_size = TCellAgent::Rust::Wrapper.appfirewall_policy_init(
-            policy_pointer, policy_pointer.size - 1, config_pointer, config_pointer.size - 1, buf, buf.size
+          # policies_pointer.size - 1: strips null terminator
+          result_size = TCellAgent::Rust::Wrapper.update_policies(
+            FFI::Pointer.new(agent_ptr), policies_pointer, policies_pointer.size - 1, buf, buf.size
           )
-          return self.convert_result(result_size, buf)
+          return self.convert_result("update_policies", result_size, buf)
         end
 
         return {}
       end
 
-      def self.apply_appfirewall(appfirewall_ptr, request_response_json)
+      def self.apply_appfirewall(agent_ptr, appsensor_meta)
+         if TCellAgent::Rust::Wrapper.common_lib_available? &&
+             agent_ptr &&
+             appsensor_meta
+           request_response_json = TCellAgent::Rust::Models.create_request_response(appsensor_meta)
+           request_response_pointer = FFI::MemoryPointer.from_string(JSON.dump(request_response_json))
+
+           buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+           # request_response_pointer.size - 1: strips null terminator
+           result_size = TCellAgent::Rust::Wrapper.appfirewall_apply(
+             FFI::Pointer.new(agent_ptr), request_response_pointer, request_response_pointer.size - 1, buf, buf.size
+           )
+           return self.convert_result("apply_appfirewall", result_size, buf)
+         end
+
+        return {}
+      end
+
+      def self.apply_patches(agent_ptr, appsensor_meta)
         if TCellAgent::Rust::Wrapper.common_lib_available? &&
-            request_response_json &&
-            !appfirewall_ptr.nil?
-          request_response_pointer = FFI::MemoryPointer.from_string(JSON.dump(request_response_json))
+            agent_ptr &&
+            appsensor_meta
+          patches_request_json = TCellAgent::Rust::Models.create_patches_request(appsensor_meta)
+          patches_request_pointer = FFI::MemoryPointer.from_string(JSON.dump(patches_request_json))
 
           buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
-          # request_response_pointer.size - 1: strips null terminator
-          result_size = TCellAgent::Rust::Wrapper.appfirewall_policy_apply(
-            FFI::Pointer.new(appfirewall_ptr), request_response_pointer, request_response_pointer.size - 1, buf, buf.size
+          # patches_request_pointer.size - 1: strips null terminator
+          result_size = TCellAgent::Rust::Wrapper.patches_apply(
+            FFI::Pointer.new(agent_ptr), patches_request_pointer, patches_request_pointer.size - 1, buf, buf.size
           )
-          return self.convert_result(result_size, buf)
+          return self.convert_result("apply_patches", result_size, buf)
         end
 
         return {}
       end
 
+      def self.apply_cmdi(agent_ptr, command)
+        if TCellAgent::Rust::Wrapper.common_lib_available? &&
+            agent_ptr &&
+            TCellAgent::Utils::Strings.present?(command)
+          command_pointer = FFI::MemoryPointer.from_string(command)
 
-      def self.free_appfirewall(appfirewall_ptr)
-        if TCellAgent::Rust::Wrapper.common_lib_available? && !appfirewall_ptr.nil?
-          TCellAgent::Rust::Wrapper.appfirewall_free(FFI::Pointer.new(appfirewall_ptr))
+          buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+          # patches_request_pointer.size - 1: strips null terminator
+          result_size = TCellAgent::Rust::Wrapper.cmdi_apply(
+            FFI::Pointer.new(agent_ptr), command_pointer, command_pointer.size - 1, buf, buf.size
+          )
+          return self.convert_result("apply_cmdi", result_size, buf)
         end
+
+        return {}
       end
     end
   end

data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb

@@ -6,7 +6,6 @@ require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/agent'
 require 'tcell_agent/agent/policy_types'
 require 'tcell_agent/appsensor/meta_data'
-require 'tcell_agent/policies/appsensor_policy'
 require 'tcell_agent/utils/params'
 
 
@@ -23,21 +22,22 @@ module TCellAgent
         def build(request, response_content_length, response_code, response_headers)
           tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
           meta_event = AppSensorMetaEvent.new(
-            request.request_method,
-            TCellAgent::Utils::Rails.better_ip(request),
+            tcell_context.request_method,
+            tcell_context.ip_address,
             tcell_context.route_id,
             tcell_context.hmac_session_id,
             tcell_context.user_id,
-            tcell_context.transaction_id
+            tcell_context.transaction_id,
+            tcell_context.uri
           )
 
           meta_event.csrf_exception_name = tcell_context.csrf_exception_name
-          meta_event.user_agent = request.env['HTTP_USER_AGENT']
+          meta_event.user_agent = tcell_context.user_agent
           meta_event.request_content_bytes_len = (request.content_length || 0).to_i
           meta_event.response_content_bytes_len = response_content_length
 
-          meta_event.location = "#{request.base_url}#{request.fullpath}"
-          meta_event.path = request.path
+          meta_event.location = tcell_context.uri
+          meta_event.path = tcell_context.path
 
           meta_event.get_dict = request.GET
           meta_event.cookie_dict = request.cookies
@@ -46,7 +46,7 @@ module TCellAgent
           # don't enqueue parameter values of unknown type to avoid any serialization issues
           meta_event.post_dict = TCellAgent::Utils::Params.flatten(request.POST)
 
-          meta_event.path_parameters = request.env[TCellAgent::Instrumentation::TCELL_ID].path_parameters
+          meta_event.path_parameters = tcell_context.path_parameters
           meta_event.response_code = response_code
           meta_event.response_headers = response_headers
 
@@ -68,28 +68,25 @@ module TCellAgent
         end
 
         def build_basic(appsensor_meta)
-          meta_event = AppSensorMetaEvent.new(
+          AppSensorMetaEvent.new(
             appsensor_meta.method,
             appsensor_meta.remote_address,
             appsensor_meta.route_id,
             appsensor_meta.session_id,
             appsensor_meta.user_id,
-            appsensor_meta.transaction_id
+            appsensor_meta.transaction_id,
+            appsensor_meta.location
           )
-
-          meta_event.location = appsensor_meta.location
-
-          meta_event
         end
       end
 
 
-      attr_accessor :location, :request_content_bytes_len, :response_content_bytes_len,
+      attr_accessor :request_content_bytes_len, :response_content_bytes_len,
         :response_code, :user_agent, :response_headers, :csrf_exception_name, :path,
         :sql_exceptions, :database_result_sizes
 
-      def initialize(method, remote_address, route_id, session_id, user_id, transaction_id)
-        super(method, remote_address, route_id, session_id, user_id, transaction_id)
+      def initialize(method, remote_address, route_id, session_id, user_id, transaction_id, location)
+        super(method, remote_address, route_id, session_id, user_id, transaction_id, location)
 
         @request_content_bytes_len = 0
         @response_content_bytes_len = 0
@@ -97,10 +94,10 @@ module TCellAgent
       end
 
       def post_process
-        appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
-        return unless appsensor_policy
+        rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::Rust)
+        return unless rust_policies
 
-        appsensor_policy.process_meta_event(self)
+        rust_policies.check_appfirewall_injections(self)
       end
 
       def flattened_post_dict

data/lib/tcell_agent/sensor_events/command_injection.rb

@@ -13,6 +13,46 @@ module TCellAgent
     end
 
     class CommandInjectionEvent < TCellSensorEvent
+
+      def self.build_from_native_lib_response_and_tcell_context(apply_response,
+                                                                tcell_context)
+        matches = apply_response.fetch("matches", [])
+
+        if matches && matches.size > 0
+          method, remote_address, route_id, session_id, user_id, uri = nil
+          if tcell_context
+            method = tcell_context.request_method
+            remote_address = tcell_context.ip_address
+            route_id = tcell_context.route_id
+            session_id = tcell_context.hmac_session_id
+            user_id = tcell_context.user_id
+            uri = tcell_context.uri
+          end
+
+          matches_without_emtpy_values = matches.map do |match|
+            CommandInjectionMatchEvent.new(
+              match["rule_id"], match["command"]
+            )
+          end
+
+          CommandInjectionEvent.new(
+            apply_response["commands"],
+            blocked=apply_response.fetch("blocked", false),
+            matches=matches_without_emtpy_values,
+            method=method,
+            remote_address=remote_address,
+            route_id=route_id,
+            session_id=session_id,
+            user_id=user_id,
+            uri=uri,
+            full_commandline=apply_response["full_commandline"])
+
+        else
+          nil
+        end
+      end
+
+
       def initialize(commands,
                      blocked,
                      matches,
@@ -21,6 +61,7 @@ module TCellAgent
                      route_id=nil,
                      session_id=nil,
                      user_id=nil,
+                     uri=nil,
                      full_commandline=nil)
         super("cmdi")
 
@@ -29,28 +70,32 @@ module TCellAgent
         self["matches"] = matches
 
         if method
-          self["method"] = method
+          self["m"] = method
         end
 
         if remote_address
-          self["remote_address"] = remote_address
+          self["remote_addr"] = remote_address
         end
 
         if route_id
-          self["route_id"] = route_id
+          self["rid"] = route_id
         end
 
         if session_id
-          self["session_id"] = session_id
+          self["sid"] = session_id
         end
 
         if user_id
-          self["user_id"] = user_id
+          self["uid"] = user_id
         end
 
         if full_commandline
           self["full_commandline"] = full_commandline
         end
+
+        if uri
+          self["uri"] = TCellAgent::SensorEvents::Util.strip_uri_values(uri)
+        end
       end
     end
 

data/lib/tcell_agent/sensor_events/login_fraud.rb

@@ -5,39 +5,55 @@ require 'tcell_agent/sensor_events/sensor'
 
 module TCellAgent
   module SensorEvents
-
     class LoginEvent < TCellSensorEvent
-      def initialize(header_keys, tcell_data, user_id, user_valid)
-        super("login")
-
-        self["header_keys"] = header_keys
-
-        self["user_agent"] = tcell_data.user_agent.to_s if tcell_data.user_agent
-        self["referrer"] = TCellAgent::SensorEvents::Util.strip_uri_values(tcell_data.referrer) if tcell_data.referrer
-        self["remote_addr"] = tcell_data.ip_address.to_s if tcell_data.ip_address
-        self["user_id"] = user_id.to_s if user_id
-        self["document_uri"] = TCellAgent::SensorEvents::Util.strip_uri_values(tcell_data.path) if tcell_data.path
-        self["session"] = tcell_data.hmac_session_id if tcell_data.hmac_session_id
+      def initialize(header_keys,
+                     tcell_data,
+                     user_id,
+                     password,
+                     user_valid)
+        super('login')
+
+        self['header_keys'] = header_keys
+
+        self['user_agent'] = tcell_data.user_agent.to_s if tcell_data.user_agent
+        self['referrer'] = TCellAgent::SensorEvents::Util.strip_uri_values(tcell_data.referrer) if tcell_data.referrer
+        self['remote_addr'] = tcell_data.ip_address.to_s if tcell_data.ip_address
+        self['user_id'] = user_id.to_s if user_id
+        self['document_uri'] = TCellAgent::SensorEvents::Util.strip_uri_values(tcell_data.path) if tcell_data.path
+        self['session'] = tcell_data.hmac_session_id if tcell_data.hmac_session_id
+
+        digest = TCellAgent::Utils::Passwords.fingerprint_password(password,
+                                                                   user_id)
+        self['password_id'] = digest if digest
+        self['user_valid'] = user_valid if user_valid
       end
     end
 
     class LoginFailure < LoginEvent
-      def initialize(request_env_or_header_keys, tcell_data, user_id, user_valid=nil)
+      def initialize(request_env_or_header_keys,
+                     tcell_data,
+                     user_id,
+                     password,
+                     user_valid = nil)
         header_keys = Util.clean_header_keys(request_env_or_header_keys)
 
-        super(header_keys, tcell_data, user_id, user_valid)
+        super(header_keys, tcell_data, user_id, password, user_valid)
 
-        self["event_name"] = "login-failure"
+        self['event_name'] = 'login-failure'
       end
     end
 
     class LoginSuccess < LoginEvent
-      def initialize(request_env_or_header_keys, tcell_data, user_id, user_valid=nil)
+      def initialize(request_env_or_header_keys,
+                     tcell_data,
+                     user_id,
+                     password,
+                     user_valid = nil)
         header_keys = Util.clean_header_keys(request_env_or_header_keys)
 
-        super(header_keys, tcell_data, user_id, user_valid)
+        super(header_keys, tcell_data, user_id, password, user_valid)
 
-        self["event_name"] = "login-success"
+        self['event_name'] = 'login-success'
       end
     end
   end

data/lib/tcell_agent/sensor_events/patches.rb

@@ -0,0 +1,21 @@
+require 'tcell_agent/sensor_events/sensor'
+
+module TCellAgent
+  module SensorEvents
+
+    class PatchesEvent < TCellSensorEvent
+      def initialize(rust_response, appsensor_meta)
+        super("patches")
+
+        self["patches_pid"] = rust_response["patches_policy_id"]
+        self["rule_id"] = rust_response["rule_id"]
+        self["action"] = "blocked"
+        self["sz"] = appsensor_meta.request_content_bytes_len if appsensor_meta.request_content_bytes_len
+        self["m"] = appsensor_meta.method if appsensor_meta.method
+        self["remote_addr"] = appsensor_meta.remote_address if appsensor_meta.remote_address
+        self["uri"] = TCellAgent::SensorEvents::Util.strip_uri_values(appsensor_meta.location) if appsensor_meta.location
+      end
+    end
+
+  end
+end

data/lib/tcell_agent/sensor_events/server_agent.rb

@@ -31,13 +31,13 @@ module TCellAgent
                       begin
                           info = Etc.getpwnam(login)
                           self["group"] = info.gid.to_s
-                      rescue Exception => te
+                      rescue StandardError => te
                           TCellAgent.logger.warn("Exception finding group id: #{te.message}")
                           TCellAgent.logger.debug(te.backtrace)
                       end
                     end
 
-                rescue Exception => to
+                rescue StandardError => to
                     TCellAgent.logger.warn("Exception finding user & group: #{to.message}")
                     TCellAgent.logger.debug(te.backtrace)
                 end
@@ -78,7 +78,7 @@ module TCellAgent
                             packages.push(package)
                             TCellAgent.logger.debug("Adding packages #{x.name}")
                         end
-                    rescue Exception => te
+                    rescue StandardError => te
                         TCellAgent.logger.error("Exception adding package: #{te.message}")
                         TCellAgent.logger.debug(te.backtrace)
                     end

data/lib/tcell_agent/sensor_events/util/utils.rb

@@ -11,10 +11,11 @@ module TCellAgent
       def self.jhash(str)
         str.each_char.reduce(0) do |result, char|
           [((result << 5) - result) + char.ord].pack('L').unpack('l').first
-        end 
+        end
       end
+
       def self.calculateRouteId(method, path, params=nil)
-        route_id = jhash("#{method}|#{path}")
+        route_id = jhash("#{(method || "").downcase}|#{path}")
         if (route_id)
           route_id = route_id.to_s
         end
@@ -22,4 +23,4 @@ module TCellAgent
       end
     end
   end
-end
+end

data/lib/tcell_agent/servers/puma.rb

@@ -34,7 +34,7 @@ if defined?(Puma.cli_config)
     else
 
       # Runs initial instrumentation only once on the master process
-      puma_server_starting = Proc.new { TCellAgent.run_instrumentation("Puma Cluster Mode") }
+      puma_server_starting = proc { TCellAgent.run_instrumentation("Puma Cluster Mode") }
 
       # before_fork was added in Puma v2.13.0
       if Puma.cli_config.options[:before_fork]
@@ -52,7 +52,7 @@ if defined?(Puma.cli_config)
           begin
             TCellAgent.logger.debug("Instrumenting: Puma Cluster Mode (Worker)")
             TCellAgent.thread_agent.start
-          rescue Exception => e
+          rescue StandardError => e
             TCellAgent.logger.error("Could not start thread agent. #{e.message}")
           end
 

data/lib/tcell_agent/servers/unicorn.rb

@@ -104,7 +104,7 @@ Unicorn::HttpServer.class_eval do
         TCellAgent.thread_agent.policy_polling_thread = nil
         TCellAgent.thread_agent.start
 
-      rescue Exception => e
+      rescue StandardError => e
         TCellAgent.logger.error("Could not start thread agent. #{e.message}")
       end
     end

data/lib/tcell_agent/utils/passwords.rb

@@ -0,0 +1,28 @@
+module TCellAgent
+  module Utils
+    module Passwords
+      def self.fingerprint_password(password, user_id)
+        digest = nil
+
+        app_id = TCellAgent.configuration.app_id
+        password_hmac_key = TCellAgent.configuration.password_hmac_key
+        if app_id &&
+           TCellAgent::Utils::Strings.present?(password_hmac_key) &&
+           TCellAgent::Utils::Strings.present?(password)
+          string_builder = [app_id, ':', password, ':']
+          string_builder.push(user_id) if user_id
+
+          digest = OpenSSL::HMAC.hexdigest(
+            OpenSSL::Digest.new('sha256'),
+            password_hmac_key.to_s,
+            string_builder.join('')
+          )
+
+          digest = digest[0...8]
+        end
+
+        digest
+      end
+    end
+  end
+end

data/lib/tcell_agent/version.rb

@@ -1,5 +1,5 @@
 # See the file "LICENSE" for the full license governing this code.
 
 module TCellAgent
-  VERSION = "0.4.0"
+  VERSION = "1.0.0"
 end

data/lib/tcell_agent.rb

@@ -1,5 +1,6 @@
 # See the file "LICENSE" for the full license governing this code.
 
+require "tcell_agent/utils/passwords"
 require "tcell_agent/utils/strings"
 require "tcell_agent/utils/io"
 require 'tcell_agent/logger'
@@ -7,16 +8,11 @@ require 'tcell_agent/configuration'
 
 require 'tcell_agent/agent'
 
-require 'tcell_agent/appsensor/rules/appsensor_rule_manager'
-
 require 'tcell_agent/policies/content_security_policy'
 require 'tcell_agent/policies/http_tx_policy'
 require 'tcell_agent/policies/http_redirect_policy'
 require 'tcell_agent/policies/secure_headers_policy'
-require 'tcell_agent/policies/honeytokens_policy'
 require 'tcell_agent/policies/clickjacking_policy'
-require 'tcell_agent/policies/appsensor_policy'
-require 'tcell_agent/policies/patches_policy'
 require 'tcell_agent/policies/login_fraud_policy'
 require 'tcell_agent/policies/dataloss_policy'
 

data/spec/apps/rails-3.2/config/tcell_agent.config

@@ -0,0 +1,15 @@
+{
+    "version":1,
+    "applications": 
+    [
+    {
+        "name":"<name>",
+        "api_key":"<apikey>",
+        "fetch_policies_from_tcell":false,
+        "tcell_input_url":"https://localhost/",
+        "preload_policy_filename":"config/tcell_preload.json",
+        "logging_options":{"enabled":true, "level":"DEBUG"}
+    }
+    ]
+}
+