tcell_agent 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/Readme.txt +7 -0
  3. data/bin/tcell_agent +6 -2
  4. data/lib/tcell_agent.rb +0 -3
  5. data/lib/tcell_agent/agent/event_processor.rb +1 -4
  6. data/lib/tcell_agent/agent/policy_manager.rb +5 -8
  7. data/lib/tcell_agent/agent/policy_types.rb +1 -7
  8. data/lib/tcell_agent/agent/static_agent.rb +2 -2
  9. data/lib/tcell_agent/api.rb +7 -9
  10. data/lib/tcell_agent/configuration.rb +42 -6
  11. data/lib/tcell_agent/policies/rust_policies.rb +33 -8
  12. data/lib/tcell_agent/rails/js_agent_insert.rb +17 -18
  13. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +18 -59
  14. data/lib/tcell_agent/rails/tcell_body_proxy.rb +10 -6
  15. data/lib/tcell_agent/rust/libtcellagent-0.19.5.dylib +0 -0
  16. data/lib/tcell_agent/rust/{libtcellagent-0.11.1.so → libtcellagent-0.19.5.so} +0 -0
  17. data/lib/tcell_agent/rust/tcellagent-0.19.5.dll +0 -0
  18. data/lib/tcell_agent/rust/whisperer.rb +165 -39
  19. data/lib/tcell_agent/sensor_events/patches.rb +2 -0
  20. data/lib/tcell_agent/sinatra.rb +17 -14
  21. data/lib/tcell_agent/version.rb +1 -1
  22. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +17 -0
  23. data/spec/lib/tcell_agent/api/api_spec.rb +10 -7
  24. data/spec/lib/tcell_agent/cmdi_spec.rb +91 -80
  25. data/spec/lib/tcell_agent/instrumentation_spec.rb +20 -0
  26. data/spec/lib/tcell_agent/patches_spec.rb +33 -15
  27. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +150 -99
  28. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +13 -1
  29. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +12 -0
  30. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +2 -39
  31. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +6 -2
  32. data/spec/lib/tcell_agent/rails_spec.rb +0 -31
  33. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +234 -120
  34. data/tcell_agent.gemspec +1 -1
  35. metadata +21 -40
  36. data/lib/tcell_agent/policies/clickjacking_policy.rb +0 -114
  37. data/lib/tcell_agent/policies/content_security_policy.rb +0 -166
  38. data/lib/tcell_agent/policies/secure_headers_policy.rb +0 -67
  39. data/lib/tcell_agent/rust/libtcellagent-0.11.1.dylib +0 -0
  40. data/lib/tcell_agent/rust/tcellagent-0.11.1.dll +0 -0
  41. data/spec/apps/rails-3.2/config/tcell_agent.config +0 -15
  42. data/spec/apps/rails-3.2/log/development.log +0 -0
  43. data/spec/apps/rails-3.2/log/test.log +0 -12
  44. data/spec/apps/rails-4.1/log/test.log +0 -0
  45. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +0 -71
  46. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +0 -130
  47. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +0 -67
  48. data/spec/lib/tcell_agent_spec.rb +0 -22
@@ -151,6 +151,27 @@ module TCellAgent
151
151
 
152
152
  describe IO do
153
153
  describe '.popen' do
154
+ before(:each) do
155
+ configuration = double(
156
+ 'configuration',
157
+ {
158
+ 'app_id' => 'app_id',
159
+ 'api_key' => 'api_key',
160
+ 'allow_payloads' => true,
161
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
162
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
163
+ 'max_csp_header_bytes' => nil,
164
+ 'event_time_limit_seconds' => 15,
165
+ 'event_batch_size_limit' => 50,
166
+ 'preload_policy_filename' => nil,
167
+ 'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
168
+ 'agent_home_owner' => nil
169
+ }
170
+ )
171
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
172
+ @rust_policies = TCellAgent::Policies::RustPolicies.new
173
+ end
174
+
154
175
  context 'empty command' do
155
176
  it 'should raise an error' do
156
177
  expect do
@@ -194,14 +215,13 @@ module TCellAgent
194
215
 
195
216
  context 'with command injection disabled' do
196
217
  it 'should execute the command' do
197
- rust_policies = TCellAgent::Policies::RustPolicies.new
198
- expect(rust_policies.cmdi_enabled).to eq(false)
218
+ expect(@rust_policies.cmdi_enabled).to eq(false)
199
219
 
200
220
  expect(TCellAgent).to receive(:policy).with(
201
221
  TCellAgent::PolicyTypes::Rust
202
- ).and_return(rust_policies)
203
- expect(rust_policies).to receive(:cmdi_enabled).and_call_original
204
- expect(rust_policies).to_not receive(:block_command?)
222
+ ).and_return(@rust_policies)
223
+ expect(@rust_policies).to receive(:cmdi_enabled).and_call_original
224
+ expect(@rust_policies).to_not receive(:block_command?)
205
225
 
206
226
  IO.popen('echo test')
207
227
  end
@@ -209,13 +229,11 @@ module TCellAgent
209
229
 
210
230
  context 'with command injection enabled' do
211
231
  it 'should execute the command' do
212
- rust_policies = TCellAgent::Policies::RustPolicies.new
213
-
214
232
  expect(TCellAgent).to receive(:policy).with(
215
233
  TCellAgent::PolicyTypes::Rust
216
- ).and_return(rust_policies)
217
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
218
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
234
+ ).and_return(@rust_policies)
235
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
236
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
219
237
 
220
238
  IO.popen('echo test')
221
239
  end
@@ -225,13 +243,11 @@ module TCellAgent
225
243
  context 'with a blocked command present' do
226
244
  context 'with command injection enabled' do
227
245
  it 'should raise a Errno::ENOENT' do
228
- rust_policies = TCellAgent::Policies::RustPolicies.new
229
-
230
246
  expect(TCellAgent).to receive(:policy).with(
231
247
  TCellAgent::PolicyTypes::Rust
232
- ).and_return(rust_policies)
233
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
234
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
248
+ ).and_return(@rust_policies)
249
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
250
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
235
251
 
236
252
  expect do
237
253
  IO.popen('echo test')
@@ -376,6 +392,27 @@ module TCellAgent
376
392
  end
377
393
 
378
394
  describe Kernel do
395
+ before(:each) do
396
+ configuration = double(
397
+ 'configuration',
398
+ {
399
+ 'app_id' => 'app_id',
400
+ 'api_key' => 'api_key',
401
+ 'allow_payloads' => true,
402
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
403
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
404
+ 'max_csp_header_bytes' => nil,
405
+ 'event_time_limit_seconds' => 15,
406
+ 'event_batch_size_limit' => 50,
407
+ 'preload_policy_filename' => nil,
408
+ 'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
409
+ 'agent_home_owner' => nil
410
+ }
411
+ )
412
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
413
+ @rust_policies = TCellAgent::Policies::RustPolicies.new
414
+ end
415
+
379
416
  describe '.backtick' do
380
417
  context 'empty command' do
381
418
  it 'should raise Errno::ENOENT' do
@@ -400,13 +437,11 @@ module TCellAgent
400
437
 
401
438
  context 'with command injection disabled' do
402
439
  it 'should execute the command' do
403
- rust_policies = TCellAgent::Policies::RustPolicies.new
404
-
405
440
  expect(TCellAgent).to receive(:policy).with(
406
441
  TCellAgent::PolicyTypes::Rust
407
- ).and_return(rust_policies)
408
- expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
409
- expect(rust_policies).to_not receive(:block_command?)
442
+ ).and_return(@rust_policies)
443
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
444
+ expect(@rust_policies).to_not receive(:block_command?)
410
445
 
411
446
  `echo test`
412
447
  end
@@ -414,13 +449,11 @@ module TCellAgent
414
449
 
415
450
  context 'with command injection enabled' do
416
451
  it 'should execute the command' do
417
- rust_policies = TCellAgent::Policies::RustPolicies.new
418
-
419
452
  expect(TCellAgent).to receive(:policy).with(
420
453
  TCellAgent::PolicyTypes::Rust
421
- ).and_return(rust_policies)
422
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
423
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
454
+ ).and_return(@rust_policies)
455
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
456
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
424
457
 
425
458
  `echo test`
426
459
  end
@@ -430,13 +463,11 @@ module TCellAgent
430
463
  context 'with a blocked command present' do
431
464
  context 'with command injection enabled' do
432
465
  it 'should raise a Errno::ENOENT' do
433
- rust_policies = TCellAgent::Policies::RustPolicies.new
434
-
435
466
  expect(TCellAgent).to receive(:policy).with(
436
467
  TCellAgent::PolicyTypes::Rust
437
- ).and_return(rust_policies)
438
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
439
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
468
+ ).and_return(@rust_policies)
469
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
470
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
440
471
 
441
472
  expect do
442
473
  `echo test`
@@ -470,13 +501,11 @@ module TCellAgent
470
501
 
471
502
  context 'with command injection disabled' do
472
503
  it 'should execute the command' do
473
- rust_policies = TCellAgent::Policies::RustPolicies.new
474
-
475
504
  expect(TCellAgent).to receive(:policy).with(
476
505
  TCellAgent::PolicyTypes::Rust
477
- ).and_return(rust_policies)
478
- expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
479
- expect(rust_policies).to_not receive(:block_command?)
506
+ ).and_return(@rust_policies)
507
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
508
+ expect(@rust_policies).to_not receive(:block_command?)
480
509
 
481
510
  `echo test`
482
511
  end
@@ -484,13 +513,11 @@ module TCellAgent
484
513
 
485
514
  context 'with command injection enabled' do
486
515
  it 'should execute the command' do
487
- rust_policies = TCellAgent::Policies::RustPolicies.new
488
-
489
516
  expect(TCellAgent).to receive(:policy).with(
490
517
  TCellAgent::PolicyTypes::Rust
491
- ).and_return(rust_policies)
492
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
493
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
518
+ ).and_return(@rust_policies)
519
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
520
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
494
521
 
495
522
  `echo test`
496
523
  end
@@ -500,13 +527,11 @@ module TCellAgent
500
527
  context 'with a blocked command present' do
501
528
  context 'with command injection enabled' do
502
529
  it 'should raise a Errno::ENOENT' do
503
- rust_policies = TCellAgent::Policies::RustPolicies.new
504
-
505
530
  expect(TCellAgent).to receive(:policy).with(
506
531
  TCellAgent::PolicyTypes::Rust
507
- ).and_return(rust_policies)
508
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
509
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
532
+ ).and_return(@rust_policies)
533
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
534
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
510
535
 
511
536
  expect do
512
537
  `echo test`
@@ -561,13 +586,11 @@ module TCellAgent
561
586
 
562
587
  context 'with command injection disabled' do
563
588
  it 'should execute the command' do
564
- rust_policies = TCellAgent::Policies::RustPolicies.new
565
-
566
589
  expect(TCellAgent).to receive(:policy).with(
567
590
  TCellAgent::PolicyTypes::Rust
568
- ).and_return(rust_policies)
569
- expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
570
- expect(rust_policies).to_not receive(:block_command?)
591
+ ).and_return(@rust_policies)
592
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
593
+ expect(@rust_policies).to_not receive(:block_command?)
571
594
 
572
595
  system('echo test > /dev/null 2>&1')
573
596
  end
@@ -575,13 +598,11 @@ module TCellAgent
575
598
 
576
599
  context 'with command injection enabled' do
577
600
  it 'should execute the command' do
578
- rust_policies = TCellAgent::Policies::RustPolicies.new
579
-
580
601
  expect(TCellAgent).to receive(:policy).with(
581
602
  TCellAgent::PolicyTypes::Rust
582
- ).and_return(rust_policies)
583
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
584
- expect(rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
603
+ ).and_return(@rust_policies)
604
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
605
+ expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
585
606
 
586
607
  system('echo test > /dev/null 2>&1')
587
608
  end
@@ -591,13 +612,11 @@ module TCellAgent
591
612
  context 'with a blocked command present' do
592
613
  context 'with command injection enabled' do
593
614
  it 'should raise a Errno::ENOENT' do
594
- rust_policies = TCellAgent::Policies::RustPolicies.new
595
-
596
615
  expect(TCellAgent).to receive(:policy).with(
597
616
  TCellAgent::PolicyTypes::Rust
598
- ).and_return(rust_policies)
599
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
600
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
617
+ ).and_return(@rust_policies)
618
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
619
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
601
620
 
602
621
  expect do
603
622
  system('echo test')
@@ -655,13 +674,11 @@ module TCellAgent
655
674
 
656
675
  context 'with command injection disabled' do
657
676
  it 'should execute the command' do
658
- rust_policies = TCellAgent::Policies::RustPolicies.new
659
-
660
677
  expect(TCellAgent).to receive(:policy).with(
661
678
  TCellAgent::PolicyTypes::Rust
662
- ).and_return(rust_policies)
663
- expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
664
- expect(rust_policies).to_not receive(:block_command?)
679
+ ).and_return(@rust_policies)
680
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
681
+ expect(@rust_policies).to_not receive(:block_command?)
665
682
 
666
683
  spawn('echo test > /dev/null 2>&1')
667
684
  end
@@ -669,13 +686,11 @@ module TCellAgent
669
686
 
670
687
  context 'with command injection enabled' do
671
688
  it 'should execute the command' do
672
- rust_policies = TCellAgent::Policies::RustPolicies.new
673
-
674
689
  expect(TCellAgent).to receive(:policy).with(
675
690
  TCellAgent::PolicyTypes::Rust
676
- ).and_return(rust_policies)
677
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
678
- expect(rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
691
+ ).and_return(@rust_policies)
692
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
693
+ expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
679
694
 
680
695
  spawn('echo test > /dev/null 2>&1')
681
696
  end
@@ -685,13 +700,11 @@ module TCellAgent
685
700
  context 'with a blocked command present' do
686
701
  context 'with command injection enabled' do
687
702
  it 'should raise a Errno::ENOENT' do
688
- rust_policies = TCellAgent::Policies::RustPolicies.new
689
-
690
703
  expect(TCellAgent).to receive(:policy).with(
691
704
  TCellAgent::PolicyTypes::Rust
692
- ).and_return(rust_policies)
693
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
694
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
705
+ ).and_return(@rust_policies)
706
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
707
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
695
708
 
696
709
  expect do
697
710
  spawn('echo test')
@@ -706,13 +719,11 @@ module TCellAgent
706
719
  context 'with a blocked command present' do
707
720
  context 'with command injection enabled' do
708
721
  it 'should raise a Errno::ENOENT' do
709
- rust_policies = TCellAgent::Policies::RustPolicies.new
710
-
711
722
  expect(TCellAgent).to receive(:policy).with(
712
723
  TCellAgent::PolicyTypes::Rust
713
- ).and_return(rust_policies)
714
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
715
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
724
+ ).and_return(@rust_policies)
725
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
726
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
716
727
 
717
728
  expect do
718
729
  exec('echo test')
@@ -8,6 +8,26 @@ end
8
8
  module TCellAgent
9
9
  module Instrumentation
10
10
  describe Instrumentation do
11
+ before(:each) do
12
+ configuration = double(
13
+ 'configuration',
14
+ {
15
+ 'app_id' => 'app_id',
16
+ 'api_key' => 'api_key',
17
+ 'allow_payloads' => true,
18
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
19
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
20
+ 'max_csp_header_bytes' => nil,
21
+ 'event_time_limit_seconds' => 15,
22
+ 'event_batch_size_limit' => 50,
23
+ 'preload_policy_filename' => nil,
24
+ 'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
25
+ 'agent_home_owner' => nil
26
+ }
27
+ )
28
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_most(10)
29
+ end
30
+
11
31
  context 'Body - SessionId Filters' do
12
32
  it 'Tests Redaction and Events in Body' do
13
33
  action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
@@ -3,13 +3,35 @@ require 'spec_helper'
3
3
  module TCellAgent
4
4
  module Instrumentation
5
5
  describe '.block?' do
6
+ before(:each) do
7
+ configuration = double(
8
+ 'configuration',
9
+ {
10
+ 'app_id' => 'app_id',
11
+ 'api_key' => 'api_key',
12
+ 'allow_payloads' => true,
13
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
14
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
15
+ 'max_csp_header_bytes' => nil
16
+ }
17
+ )
18
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
19
+ @rust_policies = TCellAgent::Policies::RustPolicies.new
20
+ end
21
+
6
22
  context 'with an unexpected error' do
7
23
  it 'should return false' do
24
+ logger = double('logger')
8
25
  request = double('request')
9
26
  expect(TCellAgent).to receive(:policy).with(
10
27
  TCellAgent::PolicyTypes::Rust
11
28
  ).and_raise(StandardError.new('UNEXPECTED'))
12
29
  expect(TCellAgent::Patches::MetaData).to_not receive(:build)
30
+ expect(TCellAgent).to receive(:logger).and_return(logger).twice
31
+ expect(logger).to receive(:debug).with(
32
+ 'Exception in safe_block Checking patches blocking: StandardError happened, message is UNEXPECTED'
33
+ )
34
+ expect(logger).to receive(:debug) # exception stack trace
13
35
 
14
36
  expect(Patches.block?(request)).to eq(false)
15
37
  end
@@ -28,10 +50,9 @@ module TCellAgent
28
50
  context 'with a disabled patches policy' do
29
51
  it 'should return false' do
30
52
  request = double('request')
31
- rust_policies = TCellAgent::Policies::RustPolicies.new
32
- expect(rust_policies.patches_enabled).to eq(false)
53
+ expect(@rust_policies.patches_enabled).to eq(false)
33
54
 
34
- expect(TCellAgent).to receive(:policy).and_return(rust_policies)
55
+ expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
35
56
  expect(TCellAgent::Patches::MetaData).to_not receive(:build)
36
57
 
37
58
  expect(Patches.block?(request)).to eq(false)
@@ -42,12 +63,11 @@ module TCellAgent
42
63
  it 'should return false' do
43
64
  request = double('request')
44
65
  meta_data = double('meta_data')
45
- rust_policies = TCellAgent::Policies::RustPolicies.new
46
66
  tcell_context = TCellAgent::Instrumentation::TCellData.new
47
67
 
48
- expect(TCellAgent).to receive(:policy).and_return(rust_policies)
49
- expect(rust_policies).to receive(:patches_enabled).and_return(true)
50
- expect(rust_policies).to receive(:block_request?).and_return(false)
68
+ expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
69
+ expect(@rust_policies).to receive(:patches_enabled).and_return(true)
70
+ expect(@rust_policies).to receive(:block_request?).and_return(false)
51
71
  expect(request).to receive(:env).and_return(
52
72
  {
53
73
  TCellAgent::Instrumentation::TCELL_ID => tcell_context
@@ -67,12 +87,11 @@ module TCellAgent
67
87
  request = double('request')
68
88
  meta_data = double('meta_data')
69
89
  tcell_context = TCellAgent::Instrumentation::TCellData.new
70
- rust_policies = TCellAgent::Policies::RustPolicies.new
71
90
  expect(tcell_context.patches_blocking_triggered).to eq(false)
72
91
 
73
- expect(TCellAgent).to receive(:policy).and_return(rust_policies)
74
- expect(rust_policies).to receive(:patches_enabled).and_return(true)
75
- expect(rust_policies).to receive(:block_request?).and_return(true)
92
+ expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
93
+ expect(@rust_policies).to receive(:patches_enabled).and_return(true)
94
+ expect(@rust_policies).to receive(:block_request?).and_return(true)
76
95
  expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
77
96
  meta_data
78
97
  )
@@ -97,13 +116,12 @@ module TCellAgent
97
116
  )
98
117
  meta_data.get_dict = { 'paramater' => '<script>' }
99
118
  tcell_context = TCellAgent::Instrumentation::TCellData.new
100
- rust_policies = TCellAgent::Policies::RustPolicies.new
101
119
 
102
120
  expect(tcell_context.patches_blocking_triggered).to eq(false)
103
121
 
104
- expect(TCellAgent).to receive(:policy).and_return(rust_policies)
105
- expect(rust_policies).to receive(:patches_enabled).and_return(true)
106
- expect(rust_policies).to receive(:block_request?).and_return(true)
122
+ expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
123
+ expect(@rust_policies).to receive(:patches_enabled).and_return(true)
124
+ expect(@rust_policies).to receive(:block_request?).and_return(true)
107
125
  expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
108
126
  meta_data
109
127
  )
@@ -109,6 +109,18 @@ module TCellAgent
109
109
 
110
110
  describe '#update_policies' do
111
111
  before(:each) do
112
+ configuration = double(
113
+ 'configuration',
114
+ {
115
+ 'app_id' => 'app_id',
116
+ 'api_key' => 'api_key',
117
+ 'allow_payloads' => true,
118
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
119
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
120
+ 'max_csp_header_bytes' => nil
121
+ }
122
+ )
123
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
112
124
  @rust_policies = RustPolicies.new
113
125
  end
114
126
 
@@ -122,12 +134,14 @@ module TCellAgent
122
134
  'Error updating policies: Failed to decode appsensor policy: missing field `policy_id`'
123
135
  )
124
136
 
125
- @rust_policies.update_policies({
126
- 'appsensor' => {
127
- 'version' => 2,
128
- 'data' => {}
129
- }
130
- })
137
+ @rust_policies.update_policies(
138
+ {
139
+ 'appsensor' => {
140
+ 'version' => 2,
141
+ 'data' => {}
142
+ }
143
+ }
144
+ )
131
145
 
132
146
  expect(@rust_policies.appfirewall_enabled).to eq(false)
133
147
  end
@@ -142,12 +156,14 @@ module TCellAgent
142
156
  'Error updating policies: Failed to decode appsensor policy: missing field `version`'
143
157
  )
144
158
 
145
- @rust_policies.update_policies({
146
- 'appsensor' => {
147
- 'policy_id' => '01a1',
148
- 'data' => {}
149
- }
150
- })
159
+ @rust_policies.update_policies(
160
+ {
161
+ 'appsensor' => {
162
+ 'policy_id' => '01a1',
163
+ 'data' => {}
164
+ }
165
+ }
166
+ )
151
167
 
152
168
  expect(@rust_policies.appfirewall_enabled).to eq(false)
153
169
  end
@@ -235,6 +251,19 @@ module TCellAgent
235
251
  describe '#check_appfirewall_injections' do
236
252
  context 'with everything enabled policy' do
237
253
  before(:each) do
254
+ configuration = double(
255
+ 'configuration',
256
+ {
257
+ 'enabled' => true,
258
+ 'app_id' => 'app_id',
259
+ 'api_key' => 'api_key',
260
+ 'allow_payloads' => true,
261
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
262
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
263
+ 'max_csp_header_bytes' => nil
264
+ }
265
+ )
266
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
238
267
  @rust_policies = RustPolicies.new
239
268
  @rust_policies.update_policies(everything_enabled_policy_json)
240
269
  @appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new(
@@ -275,18 +304,20 @@ module TCellAgent
275
304
 
276
305
  context 'one csrf exception' do
277
306
  it 'should send a csrf exception event' do
278
- expect(TCellAgent).to receive(:send_event).with({
279
- 'event_type' => 'as',
280
- 'dp' => 'excsrf',
281
- 'param' => 'ActionController::InvalidAuthenticityToken',
282
- 'm' => 'GET',
283
- 'rid' => '12345',
284
- 'full_uri' => 'http://test.com/?some_param=present',
285
- 'uri' => 'http://test.com/?some_param=',
286
- 'uid' => 'user_id',
287
- 'sid' => 'session_id',
288
- 'remote_addr' => '192.168.1.1'
289
- })
307
+ expect(TCellAgent).to receive(:send_event).with(
308
+ {
309
+ 'event_type' => 'as',
310
+ 'dp' => 'excsrf',
311
+ 'param' => 'ActionController::InvalidAuthenticityToken',
312
+ 'm' => 'GET',
313
+ 'rid' => '12345',
314
+ 'full_uri' => 'http://test.com/?some_param=present',
315
+ 'uri' => 'http://test.com/?some_param=',
316
+ 'uid' => 'user_id',
317
+ 'sid' => 'session_id',
318
+ 'remote_addr' => '192.168.1.1'
319
+ }
320
+ )
290
321
 
291
322
  @appsensor_meta.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
292
323
  @rust_policies.check_appfirewall_injections(
@@ -310,19 +341,25 @@ module TCellAgent
310
341
 
311
342
  context 'one sql exception' do
312
343
  it 'should send one event' do
313
- expect(TCellAgent).to receive(:send_event).with({
314
- 'event_type' => 'as',
315
- 'dp' => 'exsql',
316
- 'param' => 'ActiveRecord::StatementInvalid',
317
- 'm' => 'GET',
318
- 'rid' => '12345',
319
- 'full_uri' => 'http://test.com/?some_param=present',
320
- 'uri' => 'http://test.com/?some_param=',
321
- 'uid' => 'user_id',
322
- 'sid' => 'session_id',
323
- 'remote_addr' => '192.168.1.1',
324
- 'payload' => 'exception message goes here'
325
- })
344
+ logger = double('logger')
345
+
346
+ expect(TCellAgent).to receive(:logger).and_return(logger)
347
+ expect(logger).to receive(:info)
348
+ expect(TCellAgent).to receive(:send_event).with(
349
+ {
350
+ 'event_type' => 'as',
351
+ 'dp' => 'exsql',
352
+ 'param' => 'ActiveRecord::StatementInvalid',
353
+ 'm' => 'GET',
354
+ 'rid' => '12345',
355
+ 'full_uri' => 'http://test.com/?some_param=present',
356
+ 'uri' => 'http://test.com/?some_param=',
357
+ 'uid' => 'user_id',
358
+ 'sid' => 'session_id',
359
+ 'remote_addr' => '192.168.1.1',
360
+ 'payload' => 'exception message goes here'
361
+ }
362
+ )
326
363
 
327
364
  @appsensor_meta.sql_exceptions = [{
328
365
  'exception_name' => 'ActiveRecord::StatementInvalid',
@@ -336,32 +373,40 @@ module TCellAgent
336
373
 
337
374
  context 'multiple sql exception' do
338
375
  it 'should send multiple event' do
339
- expect(TCellAgent).to receive(:send_event).with({
340
- 'event_type' => 'as',
341
- 'dp' => 'exsql',
342
- 'param' => 'ActiveRecord::StatementInvalid',
343
- 'm' => 'GET',
344
- 'rid' => '12345',
345
- 'full_uri' => 'http://test.com/?some_param=present',
346
- 'uri' => 'http://test.com/?some_param=',
347
- 'uid' => 'user_id',
348
- 'sid' => 'session_id',
349
- 'remote_addr' => '192.168.1.1',
350
- 'payload' => 'exception message goes here'
351
- })
352
- expect(TCellAgent).to receive(:send_event).with({
353
- 'event_type' => 'as',
354
- 'dp' => 'exsql',
355
- 'param' => 'ActiveRecord::StatementInvalid',
356
- 'm' => 'GET',
357
- 'rid' => '12345',
358
- 'full_uri' => 'http://test.com/?some_param=present',
359
- 'uri' => 'http://test.com/?some_param=',
360
- 'uid' => 'user_id',
361
- 'sid' => 'session_id',
362
- 'remote_addr' => '192.168.1.1',
363
- 'payload' => 'second exception message goes here'
364
- })
376
+ logger = double('logger')
377
+
378
+ expect(TCellAgent).to receive(:logger).and_return(logger).twice
379
+ expect(logger).to receive(:info).twice
380
+ expect(TCellAgent).to receive(:send_event).with(
381
+ {
382
+ 'event_type' => 'as',
383
+ 'dp' => 'exsql',
384
+ 'param' => 'ActiveRecord::StatementInvalid',
385
+ 'm' => 'GET',
386
+ 'rid' => '12345',
387
+ 'full_uri' => 'http://test.com/?some_param=present',
388
+ 'uri' => 'http://test.com/?some_param=',
389
+ 'uid' => 'user_id',
390
+ 'sid' => 'session_id',
391
+ 'remote_addr' => '192.168.1.1',
392
+ 'payload' => 'exception message goes here'
393
+ }
394
+ )
395
+ expect(TCellAgent).to receive(:send_event).with(
396
+ {
397
+ 'event_type' => 'as',
398
+ 'dp' => 'exsql',
399
+ 'param' => 'ActiveRecord::StatementInvalid',
400
+ 'm' => 'GET',
401
+ 'rid' => '12345',
402
+ 'full_uri' => 'http://test.com/?some_param=present',
403
+ 'uri' => 'http://test.com/?some_param=',
404
+ 'uid' => 'user_id',
405
+ 'sid' => 'session_id',
406
+ 'remote_addr' => '192.168.1.1',
407
+ 'payload' => 'second exception message goes here'
408
+ }
409
+ )
365
410
 
366
411
  @appsensor_meta.sql_exceptions = [
367
412
  {
@@ -405,18 +450,20 @@ module TCellAgent
405
450
 
406
451
  context 'one db max result' do
407
452
  it 'should send one event' do
408
- expect(TCellAgent).to receive(:send_event).with({
409
- 'event_type' => 'as',
410
- 'dp' => 'dbmaxrows',
411
- 'm' => 'GET',
412
- 'meta' => { 'rows' => 1001 },
413
- 'rid' => '12345',
414
- 'full_uri' => 'http://test.com/?some_param=present',
415
- 'uri' => 'http://test.com/?some_param=',
416
- 'uid' => 'user_id',
417
- 'sid' => 'session_id',
418
- 'remote_addr' => '192.168.1.1'
419
- })
453
+ expect(TCellAgent).to receive(:send_event).with(
454
+ {
455
+ 'event_type' => 'as',
456
+ 'dp' => 'dbmaxrows',
457
+ 'm' => 'GET',
458
+ 'meta' => { 'rows' => 1001 },
459
+ 'rid' => '12345',
460
+ 'full_uri' => 'http://test.com/?some_param=present',
461
+ 'uri' => 'http://test.com/?some_param=',
462
+ 'uid' => 'user_id',
463
+ 'sid' => 'session_id',
464
+ 'remote_addr' => '192.168.1.1'
465
+ }
466
+ )
420
467
 
421
468
  @appsensor_meta.database_result_sizes = [1001]
422
469
  @rust_policies.check_appfirewall_injections(
@@ -427,30 +474,34 @@ module TCellAgent
427
474
 
428
475
  context 'multiple db max results' do
429
476
  it 'should send multiple event' do
430
- expect(TCellAgent).to receive(:send_event).with({
431
- 'event_type' => 'as',
432
- 'dp' => 'dbmaxrows',
433
- 'm' => 'GET',
434
- 'meta' => { 'rows' => 1001 },
435
- 'rid' => '12345',
436
- 'full_uri' => 'http://test.com/?some_param=present',
437
- 'uri' => 'http://test.com/?some_param=',
438
- 'uid' => 'user_id',
439
- 'sid' => 'session_id',
440
- 'remote_addr' => '192.168.1.1'
441
- })
442
- expect(TCellAgent).to receive(:send_event).with({
443
- 'event_type' => 'as',
444
- 'dp' => 'dbmaxrows',
445
- 'm' => 'GET',
446
- 'meta' => { 'rows' => 1002 },
447
- 'rid' => '12345',
448
- 'full_uri' => 'http://test.com/?some_param=present',
449
- 'uri' => 'http://test.com/?some_param=',
450
- 'uid' => 'user_id',
451
- 'sid' => 'session_id',
452
- 'remote_addr' => '192.168.1.1'
453
- })
477
+ expect(TCellAgent).to receive(:send_event).with(
478
+ {
479
+ 'event_type' => 'as',
480
+ 'dp' => 'dbmaxrows',
481
+ 'm' => 'GET',
482
+ 'meta' => { 'rows' => 1001 },
483
+ 'rid' => '12345',
484
+ 'full_uri' => 'http://test.com/?some_param=present',
485
+ 'uri' => 'http://test.com/?some_param=',
486
+ 'uid' => 'user_id',
487
+ 'sid' => 'session_id',
488
+ 'remote_addr' => '192.168.1.1'
489
+ }
490
+ )
491
+ expect(TCellAgent).to receive(:send_event).with(
492
+ {
493
+ 'event_type' => 'as',
494
+ 'dp' => 'dbmaxrows',
495
+ 'm' => 'GET',
496
+ 'meta' => { 'rows' => 1002 },
497
+ 'rid' => '12345',
498
+ 'full_uri' => 'http://test.com/?some_param=present',
499
+ 'uri' => 'http://test.com/?some_param=',
500
+ 'uid' => 'user_id',
501
+ 'sid' => 'session_id',
502
+ 'remote_addr' => '192.168.1.1'
503
+ }
504
+ )
454
505
 
455
506
  @appsensor_meta.database_result_sizes = [1001, 1002]
456
507
  @rust_policies.check_appfirewall_injections(