tcell_agent 1.0.0 → 1.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/Readme.txt +7 -0
  3. data/bin/tcell_agent +6 -2
  4. data/lib/tcell_agent.rb +0 -3
  5. data/lib/tcell_agent/agent/event_processor.rb +1 -4
  6. data/lib/tcell_agent/agent/policy_manager.rb +5 -8
  7. data/lib/tcell_agent/agent/policy_types.rb +1 -7
  8. data/lib/tcell_agent/agent/static_agent.rb +2 -2
  9. data/lib/tcell_agent/api.rb +7 -9
  10. data/lib/tcell_agent/configuration.rb +42 -6
  11. data/lib/tcell_agent/policies/rust_policies.rb +33 -8
  12. data/lib/tcell_agent/rails/js_agent_insert.rb +17 -18
  13. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +18 -59
  14. data/lib/tcell_agent/rails/tcell_body_proxy.rb +10 -6
  15. data/lib/tcell_agent/rust/libtcellagent-0.19.5.dylib +0 -0
  16. data/lib/tcell_agent/rust/{libtcellagent-0.11.1.so → libtcellagent-0.19.5.so} +0 -0
  17. data/lib/tcell_agent/rust/tcellagent-0.19.5.dll +0 -0
  18. data/lib/tcell_agent/rust/whisperer.rb +165 -39
  19. data/lib/tcell_agent/sensor_events/patches.rb +2 -0
  20. data/lib/tcell_agent/sinatra.rb +17 -14
  21. data/lib/tcell_agent/version.rb +1 -1
  22. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +17 -0
  23. data/spec/lib/tcell_agent/api/api_spec.rb +10 -7
  24. data/spec/lib/tcell_agent/cmdi_spec.rb +91 -80
  25. data/spec/lib/tcell_agent/instrumentation_spec.rb +20 -0
  26. data/spec/lib/tcell_agent/patches_spec.rb +33 -15
  27. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +150 -99
  28. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +13 -1
  29. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +12 -0
  30. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +2 -39
  31. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +6 -2
  32. data/spec/lib/tcell_agent/rails_spec.rb +0 -31
  33. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +234 -120
  34. data/tcell_agent.gemspec +1 -1
  35. metadata +21 -40
  36. data/lib/tcell_agent/policies/clickjacking_policy.rb +0 -114
  37. data/lib/tcell_agent/policies/content_security_policy.rb +0 -166
  38. data/lib/tcell_agent/policies/secure_headers_policy.rb +0 -67
  39. data/lib/tcell_agent/rust/libtcellagent-0.11.1.dylib +0 -0
  40. data/lib/tcell_agent/rust/tcellagent-0.11.1.dll +0 -0
  41. data/spec/apps/rails-3.2/config/tcell_agent.config +0 -15
  42. data/spec/apps/rails-3.2/log/development.log +0 -0
  43. data/spec/apps/rails-3.2/log/test.log +0 -12
  44. data/spec/apps/rails-4.1/log/test.log +0 -0
  45. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +0 -71
  46. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +0 -130
  47. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +0 -67
  48. data/spec/lib/tcell_agent_spec.rb +0 -22
data/spec/lib/tcell_agent/cmdi_spec.rb CHANGED
@@ -151,6 +151,27 @@ module TCellAgent
151
151
 
152
152
  describe IO do
153
153
  describe '.popen' do
154
+ before(:each) do
155
+ configuration = double(
156
+ 'configuration',
157
+ {
158
+ 'app_id' => 'app_id',
159
+ 'api_key' => 'api_key',
160
+ 'allow_payloads' => true,
161
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
162
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
163
+ 'max_csp_header_bytes' => nil,
164
+ 'event_time_limit_seconds' => 15,
165
+ 'event_batch_size_limit' => 50,
166
+ 'preload_policy_filename' => nil,
167
+ 'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
168
+ 'agent_home_owner' => nil
169
+ }
170
+ )
171
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
172
+ @rust_policies = TCellAgent::Policies::RustPolicies.new
173
+ end
174
+
154
175
  context 'empty command' do
155
176
  it 'should raise an error' do
156
177
  expect do
@@ -194,14 +215,13 @@ module TCellAgent
194
215
 
195
216
  context 'with command injection disabled' do
196
217
  it 'should execute the command' do
197
- rust_policies = TCellAgent::Policies::RustPolicies.new
198
- expect(rust_policies.cmdi_enabled).to eq(false)
218
+ expect(@rust_policies.cmdi_enabled).to eq(false)
199
219
 
200
220
  expect(TCellAgent).to receive(:policy).with(
201
221
  TCellAgent::PolicyTypes::Rust
202
- ).and_return(rust_policies)
203
- expect(rust_policies).to receive(:cmdi_enabled).and_call_original
204
- expect(rust_policies).to_not receive(:block_command?)
222
+ ).and_return(@rust_policies)
223
+ expect(@rust_policies).to receive(:cmdi_enabled).and_call_original
224
+ expect(@rust_policies).to_not receive(:block_command?)
205
225
 
206
226
  IO.popen('echo test')
207
227
  end
@@ -209,13 +229,11 @@ module TCellAgent
209
229
 
210
230
  context 'with command injection enabled' do
211
231
  it 'should execute the command' do
212
- rust_policies = TCellAgent::Policies::RustPolicies.new
213
-
214
232
  expect(TCellAgent).to receive(:policy).with(
215
233
  TCellAgent::PolicyTypes::Rust
216
- ).and_return(rust_policies)
217
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
218
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
234
+ ).and_return(@rust_policies)
235
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
236
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
219
237
 
220
238
  IO.popen('echo test')
221
239
  end
@@ -225,13 +243,11 @@ module TCellAgent
225
243
  context 'with a blocked command present' do
226
244
  context 'with command injection enabled' do
227
245
  it 'should raise a Errno::ENOENT' do
228
- rust_policies = TCellAgent::Policies::RustPolicies.new
229
-
230
246
  expect(TCellAgent).to receive(:policy).with(
231
247
  TCellAgent::PolicyTypes::Rust
232
- ).and_return(rust_policies)
233
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
234
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
248
+ ).and_return(@rust_policies)
249
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
250
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
235
251
 
236
252
  expect do
237
253
  IO.popen('echo test')
@@ -376,6 +392,27 @@ module TCellAgent
376
392
  end
377
393
 
378
394
  describe Kernel do
395
+ before(:each) do
396
+ configuration = double(
397
+ 'configuration',
398
+ {
399
+ 'app_id' => 'app_id',
400
+ 'api_key' => 'api_key',
401
+ 'allow_payloads' => true,
402
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
403
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
404
+ 'max_csp_header_bytes' => nil,
405
+ 'event_time_limit_seconds' => 15,
406
+ 'event_batch_size_limit' => 50,
407
+ 'preload_policy_filename' => nil,
408
+ 'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
409
+ 'agent_home_owner' => nil
410
+ }
411
+ )
412
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
413
+ @rust_policies = TCellAgent::Policies::RustPolicies.new
414
+ end
415
+
379
416
  describe '.backtick' do
380
417
  context 'empty command' do
381
418
  it 'should raise Errno::ENOENT' do
@@ -400,13 +437,11 @@ module TCellAgent
400
437
 
401
438
  context 'with command injection disabled' do
402
439
  it 'should execute the command' do
403
- rust_policies = TCellAgent::Policies::RustPolicies.new
404
-
405
440
  expect(TCellAgent).to receive(:policy).with(
406
441
  TCellAgent::PolicyTypes::Rust
407
- ).and_return(rust_policies)
408
- expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
409
- expect(rust_policies).to_not receive(:block_command?)
442
+ ).and_return(@rust_policies)
443
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
444
+ expect(@rust_policies).to_not receive(:block_command?)
410
445
 
411
446
  `echo test`
412
447
  end
@@ -414,13 +449,11 @@ module TCellAgent
414
449
 
415
450
  context 'with command injection enabled' do
416
451
  it 'should execute the command' do
417
- rust_policies = TCellAgent::Policies::RustPolicies.new
418
-
419
452
  expect(TCellAgent).to receive(:policy).with(
420
453
  TCellAgent::PolicyTypes::Rust
421
- ).and_return(rust_policies)
422
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
423
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
454
+ ).and_return(@rust_policies)
455
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
456
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
424
457
 
425
458
  `echo test`
426
459
  end
@@ -430,13 +463,11 @@ module TCellAgent
430
463
  context 'with a blocked command present' do
431
464
  context 'with command injection enabled' do
432
465
  it 'should raise a Errno::ENOENT' do
433
- rust_policies = TCellAgent::Policies::RustPolicies.new
434
-
435
466
  expect(TCellAgent).to receive(:policy).with(
436
467
  TCellAgent::PolicyTypes::Rust
437
- ).and_return(rust_policies)
438
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
439
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
468
+ ).and_return(@rust_policies)
469
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
470
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
440
471
 
441
472
  expect do
442
473
  `echo test`
@@ -470,13 +501,11 @@ module TCellAgent
470
501
 
471
502
  context 'with command injection disabled' do
472
503
  it 'should execute the command' do
473
- rust_policies = TCellAgent::Policies::RustPolicies.new
474
-
475
504
  expect(TCellAgent).to receive(:policy).with(
476
505
  TCellAgent::PolicyTypes::Rust
477
- ).and_return(rust_policies)
478
- expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
479
- expect(rust_policies).to_not receive(:block_command?)
506
+ ).and_return(@rust_policies)
507
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
508
+ expect(@rust_policies).to_not receive(:block_command?)
480
509
 
481
510
  `echo test`
482
511
  end
@@ -484,13 +513,11 @@ module TCellAgent
484
513
 
485
514
  context 'with command injection enabled' do
486
515
  it 'should execute the command' do
487
- rust_policies = TCellAgent::Policies::RustPolicies.new
488
-
489
516
  expect(TCellAgent).to receive(:policy).with(
490
517
  TCellAgent::PolicyTypes::Rust
491
- ).and_return(rust_policies)
492
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
493
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
518
+ ).and_return(@rust_policies)
519
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
520
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
494
521
 
495
522
  `echo test`
496
523
  end
@@ -500,13 +527,11 @@ module TCellAgent
500
527
  context 'with a blocked command present' do
501
528
  context 'with command injection enabled' do
502
529
  it 'should raise a Errno::ENOENT' do
503
- rust_policies = TCellAgent::Policies::RustPolicies.new
504
-
505
530
  expect(TCellAgent).to receive(:policy).with(
506
531
  TCellAgent::PolicyTypes::Rust
507
- ).and_return(rust_policies)
508
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
509
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
532
+ ).and_return(@rust_policies)
533
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
534
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
510
535
 
511
536
  expect do
512
537
  `echo test`
@@ -561,13 +586,11 @@ module TCellAgent
561
586
 
562
587
  context 'with command injection disabled' do
563
588
  it 'should execute the command' do
564
- rust_policies = TCellAgent::Policies::RustPolicies.new
565
-
566
589
  expect(TCellAgent).to receive(:policy).with(
567
590
  TCellAgent::PolicyTypes::Rust
568
- ).and_return(rust_policies)
569
- expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
570
- expect(rust_policies).to_not receive(:block_command?)
591
+ ).and_return(@rust_policies)
592
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
593
+ expect(@rust_policies).to_not receive(:block_command?)
571
594
 
572
595
  system('echo test > /dev/null 2>&1')
573
596
  end
@@ -575,13 +598,11 @@ module TCellAgent
575
598
 
576
599
  context 'with command injection enabled' do
577
600
  it 'should execute the command' do
578
- rust_policies = TCellAgent::Policies::RustPolicies.new
579
-
580
601
  expect(TCellAgent).to receive(:policy).with(
581
602
  TCellAgent::PolicyTypes::Rust
582
- ).and_return(rust_policies)
583
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
584
- expect(rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
603
+ ).and_return(@rust_policies)
604
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
605
+ expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
585
606
 
586
607
  system('echo test > /dev/null 2>&1')
587
608
  end
@@ -591,13 +612,11 @@ module TCellAgent
591
612
  context 'with a blocked command present' do
592
613
  context 'with command injection enabled' do
593
614
  it 'should raise a Errno::ENOENT' do
594
- rust_policies = TCellAgent::Policies::RustPolicies.new
595
-
596
615
  expect(TCellAgent).to receive(:policy).with(
597
616
  TCellAgent::PolicyTypes::Rust
598
- ).and_return(rust_policies)
599
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
600
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
617
+ ).and_return(@rust_policies)
618
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
619
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
601
620
 
602
621
  expect do
603
622
  system('echo test')
@@ -655,13 +674,11 @@ module TCellAgent
655
674
 
656
675
  context 'with command injection disabled' do
657
676
  it 'should execute the command' do
658
- rust_policies = TCellAgent::Policies::RustPolicies.new
659
-
660
677
  expect(TCellAgent).to receive(:policy).with(
661
678
  TCellAgent::PolicyTypes::Rust
662
- ).and_return(rust_policies)
663
- expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
664
- expect(rust_policies).to_not receive(:block_command?)
679
+ ).and_return(@rust_policies)
680
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
681
+ expect(@rust_policies).to_not receive(:block_command?)
665
682
 
666
683
  spawn('echo test > /dev/null 2>&1')
667
684
  end
@@ -669,13 +686,11 @@ module TCellAgent
669
686
 
670
687
  context 'with command injection enabled' do
671
688
  it 'should execute the command' do
672
- rust_policies = TCellAgent::Policies::RustPolicies.new
673
-
674
689
  expect(TCellAgent).to receive(:policy).with(
675
690
  TCellAgent::PolicyTypes::Rust
676
- ).and_return(rust_policies)
677
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
678
- expect(rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
691
+ ).and_return(@rust_policies)
692
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
693
+ expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
679
694
 
680
695
  spawn('echo test > /dev/null 2>&1')
681
696
  end
@@ -685,13 +700,11 @@ module TCellAgent
685
700
  context 'with a blocked command present' do
686
701
  context 'with command injection enabled' do
687
702
  it 'should raise a Errno::ENOENT' do
688
- rust_policies = TCellAgent::Policies::RustPolicies.new
689
-
690
703
  expect(TCellAgent).to receive(:policy).with(
691
704
  TCellAgent::PolicyTypes::Rust
692
- ).and_return(rust_policies)
693
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
694
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
705
+ ).and_return(@rust_policies)
706
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
707
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
695
708
 
696
709
  expect do
697
710
  spawn('echo test')
@@ -706,13 +719,11 @@ module TCellAgent
706
719
  context 'with a blocked command present' do
707
720
  context 'with command injection enabled' do
708
721
  it 'should raise a Errno::ENOENT' do
709
- rust_policies = TCellAgent::Policies::RustPolicies.new
710
-
711
722
  expect(TCellAgent).to receive(:policy).with(
712
723
  TCellAgent::PolicyTypes::Rust
713
- ).and_return(rust_policies)
714
- expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
715
- expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
724
+ ).and_return(@rust_policies)
725
+ expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
726
+ expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
716
727
 
717
728
  expect do
718
729
  exec('echo test')
data/spec/lib/tcell_agent/instrumentation_spec.rb CHANGED
@@ -8,6 +8,26 @@ end
8
8
  module TCellAgent
9
9
  module Instrumentation
10
10
  describe Instrumentation do
11
+ before(:each) do
12
+ configuration = double(
13
+ 'configuration',
14
+ {
15
+ 'app_id' => 'app_id',
16
+ 'api_key' => 'api_key',
17
+ 'allow_payloads' => true,
18
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
19
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
20
+ 'max_csp_header_bytes' => nil,
21
+ 'event_time_limit_seconds' => 15,
22
+ 'event_batch_size_limit' => 50,
23
+ 'preload_policy_filename' => nil,
24
+ 'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
25
+ 'agent_home_owner' => nil
26
+ }
27
+ )
28
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_most(10)
29
+ end
30
+
11
31
  context 'Body - SessionId Filters' do
12
32
  it 'Tests Redaction and Events in Body' do
13
33
  action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
data/spec/lib/tcell_agent/patches_spec.rb CHANGED
@@ -3,13 +3,35 @@ require 'spec_helper'
3
3
  module TCellAgent
4
4
  module Instrumentation
5
5
  describe '.block?' do
6
+ before(:each) do
7
+ configuration = double(
8
+ 'configuration',
9
+ {
10
+ 'app_id' => 'app_id',
11
+ 'api_key' => 'api_key',
12
+ 'allow_payloads' => true,
13
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
14
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
15
+ 'max_csp_header_bytes' => nil
16
+ }
17
+ )
18
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
19
+ @rust_policies = TCellAgent::Policies::RustPolicies.new
20
+ end
21
+
6
22
  context 'with an unexpected error' do
7
23
  it 'should return false' do
24
+ logger = double('logger')
8
25
  request = double('request')
9
26
  expect(TCellAgent).to receive(:policy).with(
10
27
  TCellAgent::PolicyTypes::Rust
11
28
  ).and_raise(StandardError.new('UNEXPECTED'))
12
29
  expect(TCellAgent::Patches::MetaData).to_not receive(:build)
30
+ expect(TCellAgent).to receive(:logger).and_return(logger).twice
31
+ expect(logger).to receive(:debug).with(
32
+ 'Exception in safe_block Checking patches blocking: StandardError happened, message is UNEXPECTED'
33
+ )
34
+ expect(logger).to receive(:debug) # exception stack trace
13
35
 
14
36
  expect(Patches.block?(request)).to eq(false)
15
37
  end
@@ -28,10 +50,9 @@ module TCellAgent
28
50
  context 'with a disabled patches policy' do
29
51
  it 'should return false' do
30
52
  request = double('request')
31
- rust_policies = TCellAgent::Policies::RustPolicies.new
32
- expect(rust_policies.patches_enabled).to eq(false)
53
+ expect(@rust_policies.patches_enabled).to eq(false)
33
54
 
34
- expect(TCellAgent).to receive(:policy).and_return(rust_policies)
55
+ expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
35
56
  expect(TCellAgent::Patches::MetaData).to_not receive(:build)
36
57
 
37
58
  expect(Patches.block?(request)).to eq(false)
@@ -42,12 +63,11 @@ module TCellAgent
42
63
  it 'should return false' do
43
64
  request = double('request')
44
65
  meta_data = double('meta_data')
45
- rust_policies = TCellAgent::Policies::RustPolicies.new
46
66
  tcell_context = TCellAgent::Instrumentation::TCellData.new
47
67
 
48
- expect(TCellAgent).to receive(:policy).and_return(rust_policies)
49
- expect(rust_policies).to receive(:patches_enabled).and_return(true)
50
- expect(rust_policies).to receive(:block_request?).and_return(false)
68
+ expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
69
+ expect(@rust_policies).to receive(:patches_enabled).and_return(true)
70
+ expect(@rust_policies).to receive(:block_request?).and_return(false)
51
71
  expect(request).to receive(:env).and_return(
52
72
  {
53
73
  TCellAgent::Instrumentation::TCELL_ID => tcell_context
@@ -67,12 +87,11 @@ module TCellAgent
67
87
  request = double('request')
68
88
  meta_data = double('meta_data')
69
89
  tcell_context = TCellAgent::Instrumentation::TCellData.new
70
- rust_policies = TCellAgent::Policies::RustPolicies.new
71
90
  expect(tcell_context.patches_blocking_triggered).to eq(false)
72
91
 
73
- expect(TCellAgent).to receive(:policy).and_return(rust_policies)
74
- expect(rust_policies).to receive(:patches_enabled).and_return(true)
75
- expect(rust_policies).to receive(:block_request?).and_return(true)
92
+ expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
93
+ expect(@rust_policies).to receive(:patches_enabled).and_return(true)
94
+ expect(@rust_policies).to receive(:block_request?).and_return(true)
76
95
  expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
77
96
  meta_data
78
97
  )
@@ -97,13 +116,12 @@ module TCellAgent
97
116
  )
98
117
  meta_data.get_dict = { 'paramater' => '<script>' }
99
118
  tcell_context = TCellAgent::Instrumentation::TCellData.new
100
- rust_policies = TCellAgent::Policies::RustPolicies.new
101
119
 
102
120
  expect(tcell_context.patches_blocking_triggered).to eq(false)
103
121
 
104
- expect(TCellAgent).to receive(:policy).and_return(rust_policies)
105
- expect(rust_policies).to receive(:patches_enabled).and_return(true)
106
- expect(rust_policies).to receive(:block_request?).and_return(true)
122
+ expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
123
+ expect(@rust_policies).to receive(:patches_enabled).and_return(true)
124
+ expect(@rust_policies).to receive(:block_request?).and_return(true)
107
125
  expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
108
126
  meta_data
109
127
  )
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb CHANGED
@@ -109,6 +109,18 @@ module TCellAgent
109
109
 
110
110
  describe '#update_policies' do
111
111
  before(:each) do
112
+ configuration = double(
113
+ 'configuration',
114
+ {
115
+ 'app_id' => 'app_id',
116
+ 'api_key' => 'api_key',
117
+ 'allow_payloads' => true,
118
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
119
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
120
+ 'max_csp_header_bytes' => nil
121
+ }
122
+ )
123
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
112
124
  @rust_policies = RustPolicies.new
113
125
  end
114
126
 
@@ -122,12 +134,14 @@ module TCellAgent
122
134
  'Error updating policies: Failed to decode appsensor policy: missing field `policy_id`'
123
135
  )
124
136
 
125
- @rust_policies.update_policies({
126
- 'appsensor' => {
127
- 'version' => 2,
128
- 'data' => {}
129
- }
130
- })
137
+ @rust_policies.update_policies(
138
+ {
139
+ 'appsensor' => {
140
+ 'version' => 2,
141
+ 'data' => {}
142
+ }
143
+ }
144
+ )
131
145
 
132
146
  expect(@rust_policies.appfirewall_enabled).to eq(false)
133
147
  end
@@ -142,12 +156,14 @@ module TCellAgent
142
156
  'Error updating policies: Failed to decode appsensor policy: missing field `version`'
143
157
  )
144
158
 
145
- @rust_policies.update_policies({
146
- 'appsensor' => {
147
- 'policy_id' => '01a1',
148
- 'data' => {}
149
- }
150
- })
159
+ @rust_policies.update_policies(
160
+ {
161
+ 'appsensor' => {
162
+ 'policy_id' => '01a1',
163
+ 'data' => {}
164
+ }
165
+ }
166
+ )
151
167
 
152
168
  expect(@rust_policies.appfirewall_enabled).to eq(false)
153
169
  end
@@ -235,6 +251,19 @@ module TCellAgent
235
251
  describe '#check_appfirewall_injections' do
236
252
  context 'with everything enabled policy' do
237
253
  before(:each) do
254
+ configuration = double(
255
+ 'configuration',
256
+ {
257
+ 'enabled' => true,
258
+ 'app_id' => 'app_id',
259
+ 'api_key' => 'api_key',
260
+ 'allow_payloads' => true,
261
+ 'js_agent_api_base_url' => 'http://api.tcell.com/',
262
+ 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
263
+ 'max_csp_header_bytes' => nil
264
+ }
265
+ )
266
+ expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
238
267
  @rust_policies = RustPolicies.new
239
268
  @rust_policies.update_policies(everything_enabled_policy_json)
240
269
  @appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new(
@@ -275,18 +304,20 @@ module TCellAgent
275
304
 
276
305
  context 'one csrf exception' do
277
306
  it 'should send a csrf exception event' do
278
- expect(TCellAgent).to receive(:send_event).with({
279
- 'event_type' => 'as',
280
- 'dp' => 'excsrf',
281
- 'param' => 'ActionController::InvalidAuthenticityToken',
282
- 'm' => 'GET',
283
- 'rid' => '12345',
284
- 'full_uri' => 'http://test.com/?some_param=present',
285
- 'uri' => 'http://test.com/?some_param=',
286
- 'uid' => 'user_id',
287
- 'sid' => 'session_id',
288
- 'remote_addr' => '192.168.1.1'
289
- })
307
+ expect(TCellAgent).to receive(:send_event).with(
308
+ {
309
+ 'event_type' => 'as',
310
+ 'dp' => 'excsrf',
311
+ 'param' => 'ActionController::InvalidAuthenticityToken',
312
+ 'm' => 'GET',
313
+ 'rid' => '12345',
314
+ 'full_uri' => 'http://test.com/?some_param=present',
315
+ 'uri' => 'http://test.com/?some_param=',
316
+ 'uid' => 'user_id',
317
+ 'sid' => 'session_id',
318
+ 'remote_addr' => '192.168.1.1'
319
+ }
320
+ )
290
321
 
291
322
  @appsensor_meta.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
292
323
  @rust_policies.check_appfirewall_injections(
@@ -310,19 +341,25 @@ module TCellAgent
310
341
 
311
342
  context 'one sql exception' do
312
343
  it 'should send one event' do
313
- expect(TCellAgent).to receive(:send_event).with({
314
- 'event_type' => 'as',
315
- 'dp' => 'exsql',
316
- 'param' => 'ActiveRecord::StatementInvalid',
317
- 'm' => 'GET',
318
- 'rid' => '12345',
319
- 'full_uri' => 'http://test.com/?some_param=present',
320
- 'uri' => 'http://test.com/?some_param=',
321
- 'uid' => 'user_id',
322
- 'sid' => 'session_id',
323
- 'remote_addr' => '192.168.1.1',
324
- 'payload' => 'exception message goes here'
325
- })
344
+ logger = double('logger')
345
+
346
+ expect(TCellAgent).to receive(:logger).and_return(logger)
347
+ expect(logger).to receive(:info)
348
+ expect(TCellAgent).to receive(:send_event).with(
349
+ {
350
+ 'event_type' => 'as',
351
+ 'dp' => 'exsql',
352
+ 'param' => 'ActiveRecord::StatementInvalid',
353
+ 'm' => 'GET',
354
+ 'rid' => '12345',
355
+ 'full_uri' => 'http://test.com/?some_param=present',
356
+ 'uri' => 'http://test.com/?some_param=',
357
+ 'uid' => 'user_id',
358
+ 'sid' => 'session_id',
359
+ 'remote_addr' => '192.168.1.1',
360
+ 'payload' => 'exception message goes here'
361
+ }
362
+ )
326
363
 
327
364
  @appsensor_meta.sql_exceptions = [{
328
365
  'exception_name' => 'ActiveRecord::StatementInvalid',
@@ -336,32 +373,40 @@ module TCellAgent
336
373
 
337
374
  context 'multiple sql exception' do
338
375
  it 'should send multiple event' do
339
- expect(TCellAgent).to receive(:send_event).with({
340
- 'event_type' => 'as',
341
- 'dp' => 'exsql',
342
- 'param' => 'ActiveRecord::StatementInvalid',
343
- 'm' => 'GET',
344
- 'rid' => '12345',
345
- 'full_uri' => 'http://test.com/?some_param=present',
346
- 'uri' => 'http://test.com/?some_param=',
347
- 'uid' => 'user_id',
348
- 'sid' => 'session_id',
349
- 'remote_addr' => '192.168.1.1',
350
- 'payload' => 'exception message goes here'
351
- })
352
- expect(TCellAgent).to receive(:send_event).with({
353
- 'event_type' => 'as',
354
- 'dp' => 'exsql',
355
- 'param' => 'ActiveRecord::StatementInvalid',
356
- 'm' => 'GET',
357
- 'rid' => '12345',
358
- 'full_uri' => 'http://test.com/?some_param=present',
359
- 'uri' => 'http://test.com/?some_param=',
360
- 'uid' => 'user_id',
361
- 'sid' => 'session_id',
362
- 'remote_addr' => '192.168.1.1',
363
- 'payload' => 'second exception message goes here'
364
- })
376
+ logger = double('logger')
377
+
378
+ expect(TCellAgent).to receive(:logger).and_return(logger).twice
379
+ expect(logger).to receive(:info).twice
380
+ expect(TCellAgent).to receive(:send_event).with(
381
+ {
382
+ 'event_type' => 'as',
383
+ 'dp' => 'exsql',
384
+ 'param' => 'ActiveRecord::StatementInvalid',
385
+ 'm' => 'GET',
386
+ 'rid' => '12345',
387
+ 'full_uri' => 'http://test.com/?some_param=present',
388
+ 'uri' => 'http://test.com/?some_param=',
389
+ 'uid' => 'user_id',
390
+ 'sid' => 'session_id',
391
+ 'remote_addr' => '192.168.1.1',
392
+ 'payload' => 'exception message goes here'
393
+ }
394
+ )
395
+ expect(TCellAgent).to receive(:send_event).with(
396
+ {
397
+ 'event_type' => 'as',
398
+ 'dp' => 'exsql',
399
+ 'param' => 'ActiveRecord::StatementInvalid',
400
+ 'm' => 'GET',
401
+ 'rid' => '12345',
402
+ 'full_uri' => 'http://test.com/?some_param=present',
403
+ 'uri' => 'http://test.com/?some_param=',
404
+ 'uid' => 'user_id',
405
+ 'sid' => 'session_id',
406
+ 'remote_addr' => '192.168.1.1',
407
+ 'payload' => 'second exception message goes here'
408
+ }
409
+ )
365
410
 
366
411
  @appsensor_meta.sql_exceptions = [
367
412
  {
@@ -405,18 +450,20 @@ module TCellAgent
405
450
 
406
451
  context 'one db max result' do
407
452
  it 'should send one event' do
408
- expect(TCellAgent).to receive(:send_event).with({
409
- 'event_type' => 'as',
410
- 'dp' => 'dbmaxrows',
411
- 'm' => 'GET',
412
- 'meta' => { 'rows' => 1001 },
413
- 'rid' => '12345',
414
- 'full_uri' => 'http://test.com/?some_param=present',
415
- 'uri' => 'http://test.com/?some_param=',
416
- 'uid' => 'user_id',
417
- 'sid' => 'session_id',
418
- 'remote_addr' => '192.168.1.1'
419
- })
453
+ expect(TCellAgent).to receive(:send_event).with(
454
+ {
455
+ 'event_type' => 'as',
456
+ 'dp' => 'dbmaxrows',
457
+ 'm' => 'GET',
458
+ 'meta' => { 'rows' => 1001 },
459
+ 'rid' => '12345',
460
+ 'full_uri' => 'http://test.com/?some_param=present',
461
+ 'uri' => 'http://test.com/?some_param=',
462
+ 'uid' => 'user_id',
463
+ 'sid' => 'session_id',
464
+ 'remote_addr' => '192.168.1.1'
465
+ }
466
+ )
420
467
 
421
468
  @appsensor_meta.database_result_sizes = [1001]
422
469
  @rust_policies.check_appfirewall_injections(
@@ -427,30 +474,34 @@ module TCellAgent
427
474
 
428
475
  context 'multiple db max results' do
429
476
  it 'should send multiple event' do
430
- expect(TCellAgent).to receive(:send_event).with({
431
- 'event_type' => 'as',
432
- 'dp' => 'dbmaxrows',
433
- 'm' => 'GET',
434
- 'meta' => { 'rows' => 1001 },
435
- 'rid' => '12345',
436
- 'full_uri' => 'http://test.com/?some_param=present',
437
- 'uri' => 'http://test.com/?some_param=',
438
- 'uid' => 'user_id',
439
- 'sid' => 'session_id',
440
- 'remote_addr' => '192.168.1.1'
441
- })
442
- expect(TCellAgent).to receive(:send_event).with({
443
- 'event_type' => 'as',
444
- 'dp' => 'dbmaxrows',
445
- 'm' => 'GET',
446
- 'meta' => { 'rows' => 1002 },
447
- 'rid' => '12345',
448
- 'full_uri' => 'http://test.com/?some_param=present',
449
- 'uri' => 'http://test.com/?some_param=',
450
- 'uid' => 'user_id',
451
- 'sid' => 'session_id',
452
- 'remote_addr' => '192.168.1.1'
453
- })
477
+ expect(TCellAgent).to receive(:send_event).with(
478
+ {
479
+ 'event_type' => 'as',
480
+ 'dp' => 'dbmaxrows',
481
+ 'm' => 'GET',
482
+ 'meta' => { 'rows' => 1001 },
483
+ 'rid' => '12345',
484
+ 'full_uri' => 'http://test.com/?some_param=present',
485
+ 'uri' => 'http://test.com/?some_param=',
486
+ 'uid' => 'user_id',
487
+ 'sid' => 'session_id',
488
+ 'remote_addr' => '192.168.1.1'
489
+ }
490
+ )
491
+ expect(TCellAgent).to receive(:send_event).with(
492
+ {
493
+ 'event_type' => 'as',
494
+ 'dp' => 'dbmaxrows',
495
+ 'm' => 'GET',
496
+ 'meta' => { 'rows' => 1002 },
497
+ 'rid' => '12345',
498
+ 'full_uri' => 'http://test.com/?some_param=present',
499
+ 'uri' => 'http://test.com/?some_param=',
500
+ 'uid' => 'user_id',
501
+ 'sid' => 'session_id',
502
+ 'remote_addr' => '192.168.1.1'
503
+ }
504
+ )
454
505
 
455
506
  @appsensor_meta.database_result_sizes = [1001, 1002]
456
507
  @rust_policies.check_appfirewall_injections(