tcell_agent 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Readme.txt +7 -0
- data/bin/tcell_agent +6 -2
- data/lib/tcell_agent.rb +0 -3
- data/lib/tcell_agent/agent/event_processor.rb +1 -4
- data/lib/tcell_agent/agent/policy_manager.rb +5 -8
- data/lib/tcell_agent/agent/policy_types.rb +1 -7
- data/lib/tcell_agent/agent/static_agent.rb +2 -2
- data/lib/tcell_agent/api.rb +7 -9
- data/lib/tcell_agent/configuration.rb +42 -6
- data/lib/tcell_agent/policies/rust_policies.rb +33 -8
- data/lib/tcell_agent/rails/js_agent_insert.rb +17 -18
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +18 -59
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +10 -6
- data/lib/tcell_agent/rust/libtcellagent-0.19.5.dylib +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-0.11.1.so → libtcellagent-0.19.5.so} +0 -0
- data/lib/tcell_agent/rust/tcellagent-0.19.5.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +165 -39
- data/lib/tcell_agent/sensor_events/patches.rb +2 -0
- data/lib/tcell_agent/sinatra.rb +17 -14
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +17 -0
- data/spec/lib/tcell_agent/api/api_spec.rb +10 -7
- data/spec/lib/tcell_agent/cmdi_spec.rb +91 -80
- data/spec/lib/tcell_agent/instrumentation_spec.rb +20 -0
- data/spec/lib/tcell_agent/patches_spec.rb +33 -15
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +150 -99
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +13 -1
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +12 -0
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +2 -39
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +6 -2
- data/spec/lib/tcell_agent/rails_spec.rb +0 -31
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +234 -120
- data/tcell_agent.gemspec +1 -1
- metadata +21 -40
- data/lib/tcell_agent/policies/clickjacking_policy.rb +0 -114
- data/lib/tcell_agent/policies/content_security_policy.rb +0 -166
- data/lib/tcell_agent/policies/secure_headers_policy.rb +0 -67
- data/lib/tcell_agent/rust/libtcellagent-0.11.1.dylib +0 -0
- data/lib/tcell_agent/rust/tcellagent-0.11.1.dll +0 -0
- data/spec/apps/rails-3.2/config/tcell_agent.config +0 -15
- data/spec/apps/rails-3.2/log/development.log +0 -0
- data/spec/apps/rails-3.2/log/test.log +0 -12
- data/spec/apps/rails-4.1/log/test.log +0 -0
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +0 -71
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +0 -130
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +0 -67
- data/spec/lib/tcell_agent_spec.rb +0 -22
@@ -151,6 +151,27 @@ module TCellAgent
|
|
151
151
|
|
152
152
|
describe IO do
|
153
153
|
describe '.popen' do
|
154
|
+
before(:each) do
|
155
|
+
configuration = double(
|
156
|
+
'configuration',
|
157
|
+
{
|
158
|
+
'app_id' => 'app_id',
|
159
|
+
'api_key' => 'api_key',
|
160
|
+
'allow_payloads' => true,
|
161
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
162
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
163
|
+
'max_csp_header_bytes' => nil,
|
164
|
+
'event_time_limit_seconds' => 15,
|
165
|
+
'event_batch_size_limit' => 50,
|
166
|
+
'preload_policy_filename' => nil,
|
167
|
+
'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
|
168
|
+
'agent_home_owner' => nil
|
169
|
+
}
|
170
|
+
)
|
171
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
172
|
+
@rust_policies = TCellAgent::Policies::RustPolicies.new
|
173
|
+
end
|
174
|
+
|
154
175
|
context 'empty command' do
|
155
176
|
it 'should raise an error' do
|
156
177
|
expect do
|
@@ -194,14 +215,13 @@ module TCellAgent
|
|
194
215
|
|
195
216
|
context 'with command injection disabled' do
|
196
217
|
it 'should execute the command' do
|
197
|
-
rust_policies
|
198
|
-
expect(rust_policies.cmdi_enabled).to eq(false)
|
218
|
+
expect(@rust_policies.cmdi_enabled).to eq(false)
|
199
219
|
|
200
220
|
expect(TCellAgent).to receive(:policy).with(
|
201
221
|
TCellAgent::PolicyTypes::Rust
|
202
|
-
).and_return(rust_policies)
|
203
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_call_original
|
204
|
-
expect(rust_policies).to_not receive(:block_command?)
|
222
|
+
).and_return(@rust_policies)
|
223
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_call_original
|
224
|
+
expect(@rust_policies).to_not receive(:block_command?)
|
205
225
|
|
206
226
|
IO.popen('echo test')
|
207
227
|
end
|
@@ -209,13 +229,11 @@ module TCellAgent
|
|
209
229
|
|
210
230
|
context 'with command injection enabled' do
|
211
231
|
it 'should execute the command' do
|
212
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
213
|
-
|
214
232
|
expect(TCellAgent).to receive(:policy).with(
|
215
233
|
TCellAgent::PolicyTypes::Rust
|
216
|
-
).and_return(rust_policies)
|
217
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
218
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
234
|
+
).and_return(@rust_policies)
|
235
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
236
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
219
237
|
|
220
238
|
IO.popen('echo test')
|
221
239
|
end
|
@@ -225,13 +243,11 @@ module TCellAgent
|
|
225
243
|
context 'with a blocked command present' do
|
226
244
|
context 'with command injection enabled' do
|
227
245
|
it 'should raise a Errno::ENOENT' do
|
228
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
229
|
-
|
230
246
|
expect(TCellAgent).to receive(:policy).with(
|
231
247
|
TCellAgent::PolicyTypes::Rust
|
232
|
-
).and_return(rust_policies)
|
233
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
234
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
248
|
+
).and_return(@rust_policies)
|
249
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
250
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
235
251
|
|
236
252
|
expect do
|
237
253
|
IO.popen('echo test')
|
@@ -376,6 +392,27 @@ module TCellAgent
|
|
376
392
|
end
|
377
393
|
|
378
394
|
describe Kernel do
|
395
|
+
before(:each) do
|
396
|
+
configuration = double(
|
397
|
+
'configuration',
|
398
|
+
{
|
399
|
+
'app_id' => 'app_id',
|
400
|
+
'api_key' => 'api_key',
|
401
|
+
'allow_payloads' => true,
|
402
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
403
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
404
|
+
'max_csp_header_bytes' => nil,
|
405
|
+
'event_time_limit_seconds' => 15,
|
406
|
+
'event_batch_size_limit' => 50,
|
407
|
+
'preload_policy_filename' => nil,
|
408
|
+
'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
|
409
|
+
'agent_home_owner' => nil
|
410
|
+
}
|
411
|
+
)
|
412
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
413
|
+
@rust_policies = TCellAgent::Policies::RustPolicies.new
|
414
|
+
end
|
415
|
+
|
379
416
|
describe '.backtick' do
|
380
417
|
context 'empty command' do
|
381
418
|
it 'should raise Errno::ENOENT' do
|
@@ -400,13 +437,11 @@ module TCellAgent
|
|
400
437
|
|
401
438
|
context 'with command injection disabled' do
|
402
439
|
it 'should execute the command' do
|
403
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
404
|
-
|
405
440
|
expect(TCellAgent).to receive(:policy).with(
|
406
441
|
TCellAgent::PolicyTypes::Rust
|
407
|
-
).and_return(rust_policies)
|
408
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
|
409
|
-
expect(rust_policies).to_not receive(:block_command?)
|
442
|
+
).and_return(@rust_policies)
|
443
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
|
444
|
+
expect(@rust_policies).to_not receive(:block_command?)
|
410
445
|
|
411
446
|
`echo test`
|
412
447
|
end
|
@@ -414,13 +449,11 @@ module TCellAgent
|
|
414
449
|
|
415
450
|
context 'with command injection enabled' do
|
416
451
|
it 'should execute the command' do
|
417
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
418
|
-
|
419
452
|
expect(TCellAgent).to receive(:policy).with(
|
420
453
|
TCellAgent::PolicyTypes::Rust
|
421
|
-
).and_return(rust_policies)
|
422
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
423
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
454
|
+
).and_return(@rust_policies)
|
455
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
456
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
424
457
|
|
425
458
|
`echo test`
|
426
459
|
end
|
@@ -430,13 +463,11 @@ module TCellAgent
|
|
430
463
|
context 'with a blocked command present' do
|
431
464
|
context 'with command injection enabled' do
|
432
465
|
it 'should raise a Errno::ENOENT' do
|
433
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
434
|
-
|
435
466
|
expect(TCellAgent).to receive(:policy).with(
|
436
467
|
TCellAgent::PolicyTypes::Rust
|
437
|
-
).and_return(rust_policies)
|
438
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
439
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
468
|
+
).and_return(@rust_policies)
|
469
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
470
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
440
471
|
|
441
472
|
expect do
|
442
473
|
`echo test`
|
@@ -470,13 +501,11 @@ module TCellAgent
|
|
470
501
|
|
471
502
|
context 'with command injection disabled' do
|
472
503
|
it 'should execute the command' do
|
473
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
474
|
-
|
475
504
|
expect(TCellAgent).to receive(:policy).with(
|
476
505
|
TCellAgent::PolicyTypes::Rust
|
477
|
-
).and_return(rust_policies)
|
478
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
|
479
|
-
expect(rust_policies).to_not receive(:block_command?)
|
506
|
+
).and_return(@rust_policies)
|
507
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
|
508
|
+
expect(@rust_policies).to_not receive(:block_command?)
|
480
509
|
|
481
510
|
`echo test`
|
482
511
|
end
|
@@ -484,13 +513,11 @@ module TCellAgent
|
|
484
513
|
|
485
514
|
context 'with command injection enabled' do
|
486
515
|
it 'should execute the command' do
|
487
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
488
|
-
|
489
516
|
expect(TCellAgent).to receive(:policy).with(
|
490
517
|
TCellAgent::PolicyTypes::Rust
|
491
|
-
).and_return(rust_policies)
|
492
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
493
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
518
|
+
).and_return(@rust_policies)
|
519
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
520
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
494
521
|
|
495
522
|
`echo test`
|
496
523
|
end
|
@@ -500,13 +527,11 @@ module TCellAgent
|
|
500
527
|
context 'with a blocked command present' do
|
501
528
|
context 'with command injection enabled' do
|
502
529
|
it 'should raise a Errno::ENOENT' do
|
503
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
504
|
-
|
505
530
|
expect(TCellAgent).to receive(:policy).with(
|
506
531
|
TCellAgent::PolicyTypes::Rust
|
507
|
-
).and_return(rust_policies)
|
508
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
509
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
532
|
+
).and_return(@rust_policies)
|
533
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
534
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
510
535
|
|
511
536
|
expect do
|
512
537
|
`echo test`
|
@@ -561,13 +586,11 @@ module TCellAgent
|
|
561
586
|
|
562
587
|
context 'with command injection disabled' do
|
563
588
|
it 'should execute the command' do
|
564
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
565
|
-
|
566
589
|
expect(TCellAgent).to receive(:policy).with(
|
567
590
|
TCellAgent::PolicyTypes::Rust
|
568
|
-
).and_return(rust_policies)
|
569
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
|
570
|
-
expect(rust_policies).to_not receive(:block_command?)
|
591
|
+
).and_return(@rust_policies)
|
592
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
|
593
|
+
expect(@rust_policies).to_not receive(:block_command?)
|
571
594
|
|
572
595
|
system('echo test > /dev/null 2>&1')
|
573
596
|
end
|
@@ -575,13 +598,11 @@ module TCellAgent
|
|
575
598
|
|
576
599
|
context 'with command injection enabled' do
|
577
600
|
it 'should execute the command' do
|
578
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
579
|
-
|
580
601
|
expect(TCellAgent).to receive(:policy).with(
|
581
602
|
TCellAgent::PolicyTypes::Rust
|
582
|
-
).and_return(rust_policies)
|
583
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
584
|
-
expect(rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
|
603
|
+
).and_return(@rust_policies)
|
604
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
605
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
|
585
606
|
|
586
607
|
system('echo test > /dev/null 2>&1')
|
587
608
|
end
|
@@ -591,13 +612,11 @@ module TCellAgent
|
|
591
612
|
context 'with a blocked command present' do
|
592
613
|
context 'with command injection enabled' do
|
593
614
|
it 'should raise a Errno::ENOENT' do
|
594
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
595
|
-
|
596
615
|
expect(TCellAgent).to receive(:policy).with(
|
597
616
|
TCellAgent::PolicyTypes::Rust
|
598
|
-
).and_return(rust_policies)
|
599
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
600
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
617
|
+
).and_return(@rust_policies)
|
618
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
619
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
601
620
|
|
602
621
|
expect do
|
603
622
|
system('echo test')
|
@@ -655,13 +674,11 @@ module TCellAgent
|
|
655
674
|
|
656
675
|
context 'with command injection disabled' do
|
657
676
|
it 'should execute the command' do
|
658
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
659
|
-
|
660
677
|
expect(TCellAgent).to receive(:policy).with(
|
661
678
|
TCellAgent::PolicyTypes::Rust
|
662
|
-
).and_return(rust_policies)
|
663
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
|
664
|
-
expect(rust_policies).to_not receive(:block_command?)
|
679
|
+
).and_return(@rust_policies)
|
680
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
|
681
|
+
expect(@rust_policies).to_not receive(:block_command?)
|
665
682
|
|
666
683
|
spawn('echo test > /dev/null 2>&1')
|
667
684
|
end
|
@@ -669,13 +686,11 @@ module TCellAgent
|
|
669
686
|
|
670
687
|
context 'with command injection enabled' do
|
671
688
|
it 'should execute the command' do
|
672
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
673
|
-
|
674
689
|
expect(TCellAgent).to receive(:policy).with(
|
675
690
|
TCellAgent::PolicyTypes::Rust
|
676
|
-
).and_return(rust_policies)
|
677
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
678
|
-
expect(rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
|
691
|
+
).and_return(@rust_policies)
|
692
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
693
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
|
679
694
|
|
680
695
|
spawn('echo test > /dev/null 2>&1')
|
681
696
|
end
|
@@ -685,13 +700,11 @@ module TCellAgent
|
|
685
700
|
context 'with a blocked command present' do
|
686
701
|
context 'with command injection enabled' do
|
687
702
|
it 'should raise a Errno::ENOENT' do
|
688
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
689
|
-
|
690
703
|
expect(TCellAgent).to receive(:policy).with(
|
691
704
|
TCellAgent::PolicyTypes::Rust
|
692
|
-
).and_return(rust_policies)
|
693
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
694
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
705
|
+
).and_return(@rust_policies)
|
706
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
707
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
695
708
|
|
696
709
|
expect do
|
697
710
|
spawn('echo test')
|
@@ -706,13 +719,11 @@ module TCellAgent
|
|
706
719
|
context 'with a blocked command present' do
|
707
720
|
context 'with command injection enabled' do
|
708
721
|
it 'should raise a Errno::ENOENT' do
|
709
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
710
|
-
|
711
722
|
expect(TCellAgent).to receive(:policy).with(
|
712
723
|
TCellAgent::PolicyTypes::Rust
|
713
|
-
).and_return(rust_policies)
|
714
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
715
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
724
|
+
).and_return(@rust_policies)
|
725
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
726
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
716
727
|
|
717
728
|
expect do
|
718
729
|
exec('echo test')
|
@@ -8,6 +8,26 @@ end
|
|
8
8
|
module TCellAgent
|
9
9
|
module Instrumentation
|
10
10
|
describe Instrumentation do
|
11
|
+
before(:each) do
|
12
|
+
configuration = double(
|
13
|
+
'configuration',
|
14
|
+
{
|
15
|
+
'app_id' => 'app_id',
|
16
|
+
'api_key' => 'api_key',
|
17
|
+
'allow_payloads' => true,
|
18
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
19
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
20
|
+
'max_csp_header_bytes' => nil,
|
21
|
+
'event_time_limit_seconds' => 15,
|
22
|
+
'event_batch_size_limit' => 50,
|
23
|
+
'preload_policy_filename' => nil,
|
24
|
+
'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
|
25
|
+
'agent_home_owner' => nil
|
26
|
+
}
|
27
|
+
)
|
28
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_most(10)
|
29
|
+
end
|
30
|
+
|
11
31
|
context 'Body - SessionId Filters' do
|
12
32
|
it 'Tests Redaction and Events in Body' do
|
13
33
|
action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
|
@@ -3,13 +3,35 @@ require 'spec_helper'
|
|
3
3
|
module TCellAgent
|
4
4
|
module Instrumentation
|
5
5
|
describe '.block?' do
|
6
|
+
before(:each) do
|
7
|
+
configuration = double(
|
8
|
+
'configuration',
|
9
|
+
{
|
10
|
+
'app_id' => 'app_id',
|
11
|
+
'api_key' => 'api_key',
|
12
|
+
'allow_payloads' => true,
|
13
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
14
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
15
|
+
'max_csp_header_bytes' => nil
|
16
|
+
}
|
17
|
+
)
|
18
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
19
|
+
@rust_policies = TCellAgent::Policies::RustPolicies.new
|
20
|
+
end
|
21
|
+
|
6
22
|
context 'with an unexpected error' do
|
7
23
|
it 'should return false' do
|
24
|
+
logger = double('logger')
|
8
25
|
request = double('request')
|
9
26
|
expect(TCellAgent).to receive(:policy).with(
|
10
27
|
TCellAgent::PolicyTypes::Rust
|
11
28
|
).and_raise(StandardError.new('UNEXPECTED'))
|
12
29
|
expect(TCellAgent::Patches::MetaData).to_not receive(:build)
|
30
|
+
expect(TCellAgent).to receive(:logger).and_return(logger).twice
|
31
|
+
expect(logger).to receive(:debug).with(
|
32
|
+
'Exception in safe_block Checking patches blocking: StandardError happened, message is UNEXPECTED'
|
33
|
+
)
|
34
|
+
expect(logger).to receive(:debug) # exception stack trace
|
13
35
|
|
14
36
|
expect(Patches.block?(request)).to eq(false)
|
15
37
|
end
|
@@ -28,10 +50,9 @@ module TCellAgent
|
|
28
50
|
context 'with a disabled patches policy' do
|
29
51
|
it 'should return false' do
|
30
52
|
request = double('request')
|
31
|
-
rust_policies
|
32
|
-
expect(rust_policies.patches_enabled).to eq(false)
|
53
|
+
expect(@rust_policies.patches_enabled).to eq(false)
|
33
54
|
|
34
|
-
expect(TCellAgent).to receive(:policy).and_return(rust_policies)
|
55
|
+
expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
|
35
56
|
expect(TCellAgent::Patches::MetaData).to_not receive(:build)
|
36
57
|
|
37
58
|
expect(Patches.block?(request)).to eq(false)
|
@@ -42,12 +63,11 @@ module TCellAgent
|
|
42
63
|
it 'should return false' do
|
43
64
|
request = double('request')
|
44
65
|
meta_data = double('meta_data')
|
45
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
46
66
|
tcell_context = TCellAgent::Instrumentation::TCellData.new
|
47
67
|
|
48
|
-
expect(TCellAgent).to receive(:policy).and_return(rust_policies)
|
49
|
-
expect(rust_policies).to receive(:patches_enabled).and_return(true)
|
50
|
-
expect(rust_policies).to receive(:block_request?).and_return(false)
|
68
|
+
expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
|
69
|
+
expect(@rust_policies).to receive(:patches_enabled).and_return(true)
|
70
|
+
expect(@rust_policies).to receive(:block_request?).and_return(false)
|
51
71
|
expect(request).to receive(:env).and_return(
|
52
72
|
{
|
53
73
|
TCellAgent::Instrumentation::TCELL_ID => tcell_context
|
@@ -67,12 +87,11 @@ module TCellAgent
|
|
67
87
|
request = double('request')
|
68
88
|
meta_data = double('meta_data')
|
69
89
|
tcell_context = TCellAgent::Instrumentation::TCellData.new
|
70
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
71
90
|
expect(tcell_context.patches_blocking_triggered).to eq(false)
|
72
91
|
|
73
|
-
expect(TCellAgent).to receive(:policy).and_return(rust_policies)
|
74
|
-
expect(rust_policies).to receive(:patches_enabled).and_return(true)
|
75
|
-
expect(rust_policies).to receive(:block_request?).and_return(true)
|
92
|
+
expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
|
93
|
+
expect(@rust_policies).to receive(:patches_enabled).and_return(true)
|
94
|
+
expect(@rust_policies).to receive(:block_request?).and_return(true)
|
76
95
|
expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
|
77
96
|
meta_data
|
78
97
|
)
|
@@ -97,13 +116,12 @@ module TCellAgent
|
|
97
116
|
)
|
98
117
|
meta_data.get_dict = { 'paramater' => '<script>' }
|
99
118
|
tcell_context = TCellAgent::Instrumentation::TCellData.new
|
100
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
101
119
|
|
102
120
|
expect(tcell_context.patches_blocking_triggered).to eq(false)
|
103
121
|
|
104
|
-
expect(TCellAgent).to receive(:policy).and_return(rust_policies)
|
105
|
-
expect(rust_policies).to receive(:patches_enabled).and_return(true)
|
106
|
-
expect(rust_policies).to receive(:block_request?).and_return(true)
|
122
|
+
expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
|
123
|
+
expect(@rust_policies).to receive(:patches_enabled).and_return(true)
|
124
|
+
expect(@rust_policies).to receive(:block_request?).and_return(true)
|
107
125
|
expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
|
108
126
|
meta_data
|
109
127
|
)
|
@@ -109,6 +109,18 @@ module TCellAgent
|
|
109
109
|
|
110
110
|
describe '#update_policies' do
|
111
111
|
before(:each) do
|
112
|
+
configuration = double(
|
113
|
+
'configuration',
|
114
|
+
{
|
115
|
+
'app_id' => 'app_id',
|
116
|
+
'api_key' => 'api_key',
|
117
|
+
'allow_payloads' => true,
|
118
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
119
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
120
|
+
'max_csp_header_bytes' => nil
|
121
|
+
}
|
122
|
+
)
|
123
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
112
124
|
@rust_policies = RustPolicies.new
|
113
125
|
end
|
114
126
|
|
@@ -122,12 +134,14 @@ module TCellAgent
|
|
122
134
|
'Error updating policies: Failed to decode appsensor policy: missing field `policy_id`'
|
123
135
|
)
|
124
136
|
|
125
|
-
@rust_policies.update_policies(
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
137
|
+
@rust_policies.update_policies(
|
138
|
+
{
|
139
|
+
'appsensor' => {
|
140
|
+
'version' => 2,
|
141
|
+
'data' => {}
|
142
|
+
}
|
143
|
+
}
|
144
|
+
)
|
131
145
|
|
132
146
|
expect(@rust_policies.appfirewall_enabled).to eq(false)
|
133
147
|
end
|
@@ -142,12 +156,14 @@ module TCellAgent
|
|
142
156
|
'Error updating policies: Failed to decode appsensor policy: missing field `version`'
|
143
157
|
)
|
144
158
|
|
145
|
-
@rust_policies.update_policies(
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
159
|
+
@rust_policies.update_policies(
|
160
|
+
{
|
161
|
+
'appsensor' => {
|
162
|
+
'policy_id' => '01a1',
|
163
|
+
'data' => {}
|
164
|
+
}
|
165
|
+
}
|
166
|
+
)
|
151
167
|
|
152
168
|
expect(@rust_policies.appfirewall_enabled).to eq(false)
|
153
169
|
end
|
@@ -235,6 +251,19 @@ module TCellAgent
|
|
235
251
|
describe '#check_appfirewall_injections' do
|
236
252
|
context 'with everything enabled policy' do
|
237
253
|
before(:each) do
|
254
|
+
configuration = double(
|
255
|
+
'configuration',
|
256
|
+
{
|
257
|
+
'enabled' => true,
|
258
|
+
'app_id' => 'app_id',
|
259
|
+
'api_key' => 'api_key',
|
260
|
+
'allow_payloads' => true,
|
261
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
262
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
263
|
+
'max_csp_header_bytes' => nil
|
264
|
+
}
|
265
|
+
)
|
266
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
238
267
|
@rust_policies = RustPolicies.new
|
239
268
|
@rust_policies.update_policies(everything_enabled_policy_json)
|
240
269
|
@appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new(
|
@@ -275,18 +304,20 @@ module TCellAgent
|
|
275
304
|
|
276
305
|
context 'one csrf exception' do
|
277
306
|
it 'should send a csrf exception event' do
|
278
|
-
expect(TCellAgent).to receive(:send_event).with(
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
289
|
-
|
307
|
+
expect(TCellAgent).to receive(:send_event).with(
|
308
|
+
{
|
309
|
+
'event_type' => 'as',
|
310
|
+
'dp' => 'excsrf',
|
311
|
+
'param' => 'ActionController::InvalidAuthenticityToken',
|
312
|
+
'm' => 'GET',
|
313
|
+
'rid' => '12345',
|
314
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
315
|
+
'uri' => 'http://test.com/?some_param=',
|
316
|
+
'uid' => 'user_id',
|
317
|
+
'sid' => 'session_id',
|
318
|
+
'remote_addr' => '192.168.1.1'
|
319
|
+
}
|
320
|
+
)
|
290
321
|
|
291
322
|
@appsensor_meta.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
|
292
323
|
@rust_policies.check_appfirewall_injections(
|
@@ -310,19 +341,25 @@ module TCellAgent
|
|
310
341
|
|
311
342
|
context 'one sql exception' do
|
312
343
|
it 'should send one event' do
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
325
|
-
|
344
|
+
logger = double('logger')
|
345
|
+
|
346
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
347
|
+
expect(logger).to receive(:info)
|
348
|
+
expect(TCellAgent).to receive(:send_event).with(
|
349
|
+
{
|
350
|
+
'event_type' => 'as',
|
351
|
+
'dp' => 'exsql',
|
352
|
+
'param' => 'ActiveRecord::StatementInvalid',
|
353
|
+
'm' => 'GET',
|
354
|
+
'rid' => '12345',
|
355
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
356
|
+
'uri' => 'http://test.com/?some_param=',
|
357
|
+
'uid' => 'user_id',
|
358
|
+
'sid' => 'session_id',
|
359
|
+
'remote_addr' => '192.168.1.1',
|
360
|
+
'payload' => 'exception message goes here'
|
361
|
+
}
|
362
|
+
)
|
326
363
|
|
327
364
|
@appsensor_meta.sql_exceptions = [{
|
328
365
|
'exception_name' => 'ActiveRecord::StatementInvalid',
|
@@ -336,32 +373,40 @@ module TCellAgent
|
|
336
373
|
|
337
374
|
context 'multiple sql exception' do
|
338
375
|
it 'should send multiple event' do
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
|
344
|
-
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
353
|
-
|
354
|
-
|
355
|
-
|
356
|
-
|
357
|
-
|
358
|
-
|
359
|
-
|
360
|
-
|
361
|
-
|
362
|
-
|
363
|
-
|
364
|
-
|
376
|
+
logger = double('logger')
|
377
|
+
|
378
|
+
expect(TCellAgent).to receive(:logger).and_return(logger).twice
|
379
|
+
expect(logger).to receive(:info).twice
|
380
|
+
expect(TCellAgent).to receive(:send_event).with(
|
381
|
+
{
|
382
|
+
'event_type' => 'as',
|
383
|
+
'dp' => 'exsql',
|
384
|
+
'param' => 'ActiveRecord::StatementInvalid',
|
385
|
+
'm' => 'GET',
|
386
|
+
'rid' => '12345',
|
387
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
388
|
+
'uri' => 'http://test.com/?some_param=',
|
389
|
+
'uid' => 'user_id',
|
390
|
+
'sid' => 'session_id',
|
391
|
+
'remote_addr' => '192.168.1.1',
|
392
|
+
'payload' => 'exception message goes here'
|
393
|
+
}
|
394
|
+
)
|
395
|
+
expect(TCellAgent).to receive(:send_event).with(
|
396
|
+
{
|
397
|
+
'event_type' => 'as',
|
398
|
+
'dp' => 'exsql',
|
399
|
+
'param' => 'ActiveRecord::StatementInvalid',
|
400
|
+
'm' => 'GET',
|
401
|
+
'rid' => '12345',
|
402
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
403
|
+
'uri' => 'http://test.com/?some_param=',
|
404
|
+
'uid' => 'user_id',
|
405
|
+
'sid' => 'session_id',
|
406
|
+
'remote_addr' => '192.168.1.1',
|
407
|
+
'payload' => 'second exception message goes here'
|
408
|
+
}
|
409
|
+
)
|
365
410
|
|
366
411
|
@appsensor_meta.sql_exceptions = [
|
367
412
|
{
|
@@ -405,18 +450,20 @@ module TCellAgent
|
|
405
450
|
|
406
451
|
context 'one db max result' do
|
407
452
|
it 'should send one event' do
|
408
|
-
expect(TCellAgent).to receive(:send_event).with(
|
409
|
-
|
410
|
-
|
411
|
-
|
412
|
-
|
413
|
-
|
414
|
-
|
415
|
-
|
416
|
-
|
417
|
-
|
418
|
-
|
419
|
-
|
453
|
+
expect(TCellAgent).to receive(:send_event).with(
|
454
|
+
{
|
455
|
+
'event_type' => 'as',
|
456
|
+
'dp' => 'dbmaxrows',
|
457
|
+
'm' => 'GET',
|
458
|
+
'meta' => { 'rows' => 1001 },
|
459
|
+
'rid' => '12345',
|
460
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
461
|
+
'uri' => 'http://test.com/?some_param=',
|
462
|
+
'uid' => 'user_id',
|
463
|
+
'sid' => 'session_id',
|
464
|
+
'remote_addr' => '192.168.1.1'
|
465
|
+
}
|
466
|
+
)
|
420
467
|
|
421
468
|
@appsensor_meta.database_result_sizes = [1001]
|
422
469
|
@rust_policies.check_appfirewall_injections(
|
@@ -427,30 +474,34 @@ module TCellAgent
|
|
427
474
|
|
428
475
|
context 'multiple db max results' do
|
429
476
|
it 'should send multiple event' do
|
430
|
-
expect(TCellAgent).to receive(:send_event).with(
|
431
|
-
|
432
|
-
|
433
|
-
|
434
|
-
|
435
|
-
|
436
|
-
|
437
|
-
|
438
|
-
|
439
|
-
|
440
|
-
|
441
|
-
|
442
|
-
|
443
|
-
|
444
|
-
|
445
|
-
|
446
|
-
|
447
|
-
|
448
|
-
|
449
|
-
|
450
|
-
|
451
|
-
|
452
|
-
|
453
|
-
|
477
|
+
expect(TCellAgent).to receive(:send_event).with(
|
478
|
+
{
|
479
|
+
'event_type' => 'as',
|
480
|
+
'dp' => 'dbmaxrows',
|
481
|
+
'm' => 'GET',
|
482
|
+
'meta' => { 'rows' => 1001 },
|
483
|
+
'rid' => '12345',
|
484
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
485
|
+
'uri' => 'http://test.com/?some_param=',
|
486
|
+
'uid' => 'user_id',
|
487
|
+
'sid' => 'session_id',
|
488
|
+
'remote_addr' => '192.168.1.1'
|
489
|
+
}
|
490
|
+
)
|
491
|
+
expect(TCellAgent).to receive(:send_event).with(
|
492
|
+
{
|
493
|
+
'event_type' => 'as',
|
494
|
+
'dp' => 'dbmaxrows',
|
495
|
+
'm' => 'GET',
|
496
|
+
'meta' => { 'rows' => 1002 },
|
497
|
+
'rid' => '12345',
|
498
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
499
|
+
'uri' => 'http://test.com/?some_param=',
|
500
|
+
'uid' => 'user_id',
|
501
|
+
'sid' => 'session_id',
|
502
|
+
'remote_addr' => '192.168.1.1'
|
503
|
+
}
|
504
|
+
)
|
454
505
|
|
455
506
|
@appsensor_meta.database_result_sizes = [1001, 1002]
|
456
507
|
@rust_policies.check_appfirewall_injections(
|