tcell_agent 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Readme.txt +7 -0
- data/bin/tcell_agent +6 -2
- data/lib/tcell_agent.rb +0 -3
- data/lib/tcell_agent/agent/event_processor.rb +1 -4
- data/lib/tcell_agent/agent/policy_manager.rb +5 -8
- data/lib/tcell_agent/agent/policy_types.rb +1 -7
- data/lib/tcell_agent/agent/static_agent.rb +2 -2
- data/lib/tcell_agent/api.rb +7 -9
- data/lib/tcell_agent/configuration.rb +42 -6
- data/lib/tcell_agent/policies/rust_policies.rb +33 -8
- data/lib/tcell_agent/rails/js_agent_insert.rb +17 -18
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +18 -59
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +10 -6
- data/lib/tcell_agent/rust/libtcellagent-0.19.5.dylib +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-0.11.1.so → libtcellagent-0.19.5.so} +0 -0
- data/lib/tcell_agent/rust/tcellagent-0.19.5.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +165 -39
- data/lib/tcell_agent/sensor_events/patches.rb +2 -0
- data/lib/tcell_agent/sinatra.rb +17 -14
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +17 -0
- data/spec/lib/tcell_agent/api/api_spec.rb +10 -7
- data/spec/lib/tcell_agent/cmdi_spec.rb +91 -80
- data/spec/lib/tcell_agent/instrumentation_spec.rb +20 -0
- data/spec/lib/tcell_agent/patches_spec.rb +33 -15
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +150 -99
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +13 -1
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +12 -0
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +2 -39
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +6 -2
- data/spec/lib/tcell_agent/rails_spec.rb +0 -31
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +234 -120
- data/tcell_agent.gemspec +1 -1
- metadata +21 -40
- data/lib/tcell_agent/policies/clickjacking_policy.rb +0 -114
- data/lib/tcell_agent/policies/content_security_policy.rb +0 -166
- data/lib/tcell_agent/policies/secure_headers_policy.rb +0 -67
- data/lib/tcell_agent/rust/libtcellagent-0.11.1.dylib +0 -0
- data/lib/tcell_agent/rust/tcellagent-0.11.1.dll +0 -0
- data/spec/apps/rails-3.2/config/tcell_agent.config +0 -15
- data/spec/apps/rails-3.2/log/development.log +0 -0
- data/spec/apps/rails-3.2/log/test.log +0 -12
- data/spec/apps/rails-4.1/log/test.log +0 -0
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +0 -71
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +0 -130
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +0 -67
- data/spec/lib/tcell_agent_spec.rb +0 -22
@@ -151,6 +151,27 @@ module TCellAgent
|
|
151
151
|
|
152
152
|
describe IO do
|
153
153
|
describe '.popen' do
|
154
|
+
before(:each) do
|
155
|
+
configuration = double(
|
156
|
+
'configuration',
|
157
|
+
{
|
158
|
+
'app_id' => 'app_id',
|
159
|
+
'api_key' => 'api_key',
|
160
|
+
'allow_payloads' => true,
|
161
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
162
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
163
|
+
'max_csp_header_bytes' => nil,
|
164
|
+
'event_time_limit_seconds' => 15,
|
165
|
+
'event_batch_size_limit' => 50,
|
166
|
+
'preload_policy_filename' => nil,
|
167
|
+
'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
|
168
|
+
'agent_home_owner' => nil
|
169
|
+
}
|
170
|
+
)
|
171
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
172
|
+
@rust_policies = TCellAgent::Policies::RustPolicies.new
|
173
|
+
end
|
174
|
+
|
154
175
|
context 'empty command' do
|
155
176
|
it 'should raise an error' do
|
156
177
|
expect do
|
@@ -194,14 +215,13 @@ module TCellAgent
|
|
194
215
|
|
195
216
|
context 'with command injection disabled' do
|
196
217
|
it 'should execute the command' do
|
197
|
-
rust_policies
|
198
|
-
expect(rust_policies.cmdi_enabled).to eq(false)
|
218
|
+
expect(@rust_policies.cmdi_enabled).to eq(false)
|
199
219
|
|
200
220
|
expect(TCellAgent).to receive(:policy).with(
|
201
221
|
TCellAgent::PolicyTypes::Rust
|
202
|
-
).and_return(rust_policies)
|
203
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_call_original
|
204
|
-
expect(rust_policies).to_not receive(:block_command?)
|
222
|
+
).and_return(@rust_policies)
|
223
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_call_original
|
224
|
+
expect(@rust_policies).to_not receive(:block_command?)
|
205
225
|
|
206
226
|
IO.popen('echo test')
|
207
227
|
end
|
@@ -209,13 +229,11 @@ module TCellAgent
|
|
209
229
|
|
210
230
|
context 'with command injection enabled' do
|
211
231
|
it 'should execute the command' do
|
212
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
213
|
-
|
214
232
|
expect(TCellAgent).to receive(:policy).with(
|
215
233
|
TCellAgent::PolicyTypes::Rust
|
216
|
-
).and_return(rust_policies)
|
217
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
218
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
234
|
+
).and_return(@rust_policies)
|
235
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
236
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
219
237
|
|
220
238
|
IO.popen('echo test')
|
221
239
|
end
|
@@ -225,13 +243,11 @@ module TCellAgent
|
|
225
243
|
context 'with a blocked command present' do
|
226
244
|
context 'with command injection enabled' do
|
227
245
|
it 'should raise a Errno::ENOENT' do
|
228
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
229
|
-
|
230
246
|
expect(TCellAgent).to receive(:policy).with(
|
231
247
|
TCellAgent::PolicyTypes::Rust
|
232
|
-
).and_return(rust_policies)
|
233
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
234
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
248
|
+
).and_return(@rust_policies)
|
249
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
250
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
235
251
|
|
236
252
|
expect do
|
237
253
|
IO.popen('echo test')
|
@@ -376,6 +392,27 @@ module TCellAgent
|
|
376
392
|
end
|
377
393
|
|
378
394
|
describe Kernel do
|
395
|
+
before(:each) do
|
396
|
+
configuration = double(
|
397
|
+
'configuration',
|
398
|
+
{
|
399
|
+
'app_id' => 'app_id',
|
400
|
+
'api_key' => 'api_key',
|
401
|
+
'allow_payloads' => true,
|
402
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
403
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
404
|
+
'max_csp_header_bytes' => nil,
|
405
|
+
'event_time_limit_seconds' => 15,
|
406
|
+
'event_batch_size_limit' => 50,
|
407
|
+
'preload_policy_filename' => nil,
|
408
|
+
'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
|
409
|
+
'agent_home_owner' => nil
|
410
|
+
}
|
411
|
+
)
|
412
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
413
|
+
@rust_policies = TCellAgent::Policies::RustPolicies.new
|
414
|
+
end
|
415
|
+
|
379
416
|
describe '.backtick' do
|
380
417
|
context 'empty command' do
|
381
418
|
it 'should raise Errno::ENOENT' do
|
@@ -400,13 +437,11 @@ module TCellAgent
|
|
400
437
|
|
401
438
|
context 'with command injection disabled' do
|
402
439
|
it 'should execute the command' do
|
403
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
404
|
-
|
405
440
|
expect(TCellAgent).to receive(:policy).with(
|
406
441
|
TCellAgent::PolicyTypes::Rust
|
407
|
-
).and_return(rust_policies)
|
408
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
|
409
|
-
expect(rust_policies).to_not receive(:block_command?)
|
442
|
+
).and_return(@rust_policies)
|
443
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
|
444
|
+
expect(@rust_policies).to_not receive(:block_command?)
|
410
445
|
|
411
446
|
`echo test`
|
412
447
|
end
|
@@ -414,13 +449,11 @@ module TCellAgent
|
|
414
449
|
|
415
450
|
context 'with command injection enabled' do
|
416
451
|
it 'should execute the command' do
|
417
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
418
|
-
|
419
452
|
expect(TCellAgent).to receive(:policy).with(
|
420
453
|
TCellAgent::PolicyTypes::Rust
|
421
|
-
).and_return(rust_policies)
|
422
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
423
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
454
|
+
).and_return(@rust_policies)
|
455
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
456
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
424
457
|
|
425
458
|
`echo test`
|
426
459
|
end
|
@@ -430,13 +463,11 @@ module TCellAgent
|
|
430
463
|
context 'with a blocked command present' do
|
431
464
|
context 'with command injection enabled' do
|
432
465
|
it 'should raise a Errno::ENOENT' do
|
433
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
434
|
-
|
435
466
|
expect(TCellAgent).to receive(:policy).with(
|
436
467
|
TCellAgent::PolicyTypes::Rust
|
437
|
-
).and_return(rust_policies)
|
438
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
439
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
468
|
+
).and_return(@rust_policies)
|
469
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
470
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
440
471
|
|
441
472
|
expect do
|
442
473
|
`echo test`
|
@@ -470,13 +501,11 @@ module TCellAgent
|
|
470
501
|
|
471
502
|
context 'with command injection disabled' do
|
472
503
|
it 'should execute the command' do
|
473
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
474
|
-
|
475
504
|
expect(TCellAgent).to receive(:policy).with(
|
476
505
|
TCellAgent::PolicyTypes::Rust
|
477
|
-
).and_return(rust_policies)
|
478
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
|
479
|
-
expect(rust_policies).to_not receive(:block_command?)
|
506
|
+
).and_return(@rust_policies)
|
507
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
|
508
|
+
expect(@rust_policies).to_not receive(:block_command?)
|
480
509
|
|
481
510
|
`echo test`
|
482
511
|
end
|
@@ -484,13 +513,11 @@ module TCellAgent
|
|
484
513
|
|
485
514
|
context 'with command injection enabled' do
|
486
515
|
it 'should execute the command' do
|
487
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
488
|
-
|
489
516
|
expect(TCellAgent).to receive(:policy).with(
|
490
517
|
TCellAgent::PolicyTypes::Rust
|
491
|
-
).and_return(rust_policies)
|
492
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
493
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
518
|
+
).and_return(@rust_policies)
|
519
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
520
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
|
494
521
|
|
495
522
|
`echo test`
|
496
523
|
end
|
@@ -500,13 +527,11 @@ module TCellAgent
|
|
500
527
|
context 'with a blocked command present' do
|
501
528
|
context 'with command injection enabled' do
|
502
529
|
it 'should raise a Errno::ENOENT' do
|
503
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
504
|
-
|
505
530
|
expect(TCellAgent).to receive(:policy).with(
|
506
531
|
TCellAgent::PolicyTypes::Rust
|
507
|
-
).and_return(rust_policies)
|
508
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
509
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
532
|
+
).and_return(@rust_policies)
|
533
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
534
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
510
535
|
|
511
536
|
expect do
|
512
537
|
`echo test`
|
@@ -561,13 +586,11 @@ module TCellAgent
|
|
561
586
|
|
562
587
|
context 'with command injection disabled' do
|
563
588
|
it 'should execute the command' do
|
564
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
565
|
-
|
566
589
|
expect(TCellAgent).to receive(:policy).with(
|
567
590
|
TCellAgent::PolicyTypes::Rust
|
568
|
-
).and_return(rust_policies)
|
569
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
|
570
|
-
expect(rust_policies).to_not receive(:block_command?)
|
591
|
+
).and_return(@rust_policies)
|
592
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
|
593
|
+
expect(@rust_policies).to_not receive(:block_command?)
|
571
594
|
|
572
595
|
system('echo test > /dev/null 2>&1')
|
573
596
|
end
|
@@ -575,13 +598,11 @@ module TCellAgent
|
|
575
598
|
|
576
599
|
context 'with command injection enabled' do
|
577
600
|
it 'should execute the command' do
|
578
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
579
|
-
|
580
601
|
expect(TCellAgent).to receive(:policy).with(
|
581
602
|
TCellAgent::PolicyTypes::Rust
|
582
|
-
).and_return(rust_policies)
|
583
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
584
|
-
expect(rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
|
603
|
+
).and_return(@rust_policies)
|
604
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
605
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
|
585
606
|
|
586
607
|
system('echo test > /dev/null 2>&1')
|
587
608
|
end
|
@@ -591,13 +612,11 @@ module TCellAgent
|
|
591
612
|
context 'with a blocked command present' do
|
592
613
|
context 'with command injection enabled' do
|
593
614
|
it 'should raise a Errno::ENOENT' do
|
594
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
595
|
-
|
596
615
|
expect(TCellAgent).to receive(:policy).with(
|
597
616
|
TCellAgent::PolicyTypes::Rust
|
598
|
-
).and_return(rust_policies)
|
599
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
600
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
617
|
+
).and_return(@rust_policies)
|
618
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
619
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
601
620
|
|
602
621
|
expect do
|
603
622
|
system('echo test')
|
@@ -655,13 +674,11 @@ module TCellAgent
|
|
655
674
|
|
656
675
|
context 'with command injection disabled' do
|
657
676
|
it 'should execute the command' do
|
658
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
659
|
-
|
660
677
|
expect(TCellAgent).to receive(:policy).with(
|
661
678
|
TCellAgent::PolicyTypes::Rust
|
662
|
-
).and_return(rust_policies)
|
663
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(false)
|
664
|
-
expect(rust_policies).to_not receive(:block_command?)
|
679
|
+
).and_return(@rust_policies)
|
680
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
|
681
|
+
expect(@rust_policies).to_not receive(:block_command?)
|
665
682
|
|
666
683
|
spawn('echo test > /dev/null 2>&1')
|
667
684
|
end
|
@@ -669,13 +686,11 @@ module TCellAgent
|
|
669
686
|
|
670
687
|
context 'with command injection enabled' do
|
671
688
|
it 'should execute the command' do
|
672
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
673
|
-
|
674
689
|
expect(TCellAgent).to receive(:policy).with(
|
675
690
|
TCellAgent::PolicyTypes::Rust
|
676
|
-
).and_return(rust_policies)
|
677
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
678
|
-
expect(rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
|
691
|
+
).and_return(@rust_policies)
|
692
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
693
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
|
679
694
|
|
680
695
|
spawn('echo test > /dev/null 2>&1')
|
681
696
|
end
|
@@ -685,13 +700,11 @@ module TCellAgent
|
|
685
700
|
context 'with a blocked command present' do
|
686
701
|
context 'with command injection enabled' do
|
687
702
|
it 'should raise a Errno::ENOENT' do
|
688
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
689
|
-
|
690
703
|
expect(TCellAgent).to receive(:policy).with(
|
691
704
|
TCellAgent::PolicyTypes::Rust
|
692
|
-
).and_return(rust_policies)
|
693
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
694
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
705
|
+
).and_return(@rust_policies)
|
706
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
707
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
695
708
|
|
696
709
|
expect do
|
697
710
|
spawn('echo test')
|
@@ -706,13 +719,11 @@ module TCellAgent
|
|
706
719
|
context 'with a blocked command present' do
|
707
720
|
context 'with command injection enabled' do
|
708
721
|
it 'should raise a Errno::ENOENT' do
|
709
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
710
|
-
|
711
722
|
expect(TCellAgent).to receive(:policy).with(
|
712
723
|
TCellAgent::PolicyTypes::Rust
|
713
|
-
).and_return(rust_policies)
|
714
|
-
expect(rust_policies).to receive(:cmdi_enabled).and_return(true)
|
715
|
-
expect(rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
724
|
+
).and_return(@rust_policies)
|
725
|
+
expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
|
726
|
+
expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
|
716
727
|
|
717
728
|
expect do
|
718
729
|
exec('echo test')
|
@@ -8,6 +8,26 @@ end
|
|
8
8
|
module TCellAgent
|
9
9
|
module Instrumentation
|
10
10
|
describe Instrumentation do
|
11
|
+
before(:each) do
|
12
|
+
configuration = double(
|
13
|
+
'configuration',
|
14
|
+
{
|
15
|
+
'app_id' => 'app_id',
|
16
|
+
'api_key' => 'api_key',
|
17
|
+
'allow_payloads' => true,
|
18
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
19
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
20
|
+
'max_csp_header_bytes' => nil,
|
21
|
+
'event_time_limit_seconds' => 15,
|
22
|
+
'event_batch_size_limit' => 50,
|
23
|
+
'preload_policy_filename' => nil,
|
24
|
+
'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
|
25
|
+
'agent_home_owner' => nil
|
26
|
+
}
|
27
|
+
)
|
28
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_most(10)
|
29
|
+
end
|
30
|
+
|
11
31
|
context 'Body - SessionId Filters' do
|
12
32
|
it 'Tests Redaction and Events in Body' do
|
13
33
|
action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
|
@@ -3,13 +3,35 @@ require 'spec_helper'
|
|
3
3
|
module TCellAgent
|
4
4
|
module Instrumentation
|
5
5
|
describe '.block?' do
|
6
|
+
before(:each) do
|
7
|
+
configuration = double(
|
8
|
+
'configuration',
|
9
|
+
{
|
10
|
+
'app_id' => 'app_id',
|
11
|
+
'api_key' => 'api_key',
|
12
|
+
'allow_payloads' => true,
|
13
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
14
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
15
|
+
'max_csp_header_bytes' => nil
|
16
|
+
}
|
17
|
+
)
|
18
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
19
|
+
@rust_policies = TCellAgent::Policies::RustPolicies.new
|
20
|
+
end
|
21
|
+
|
6
22
|
context 'with an unexpected error' do
|
7
23
|
it 'should return false' do
|
24
|
+
logger = double('logger')
|
8
25
|
request = double('request')
|
9
26
|
expect(TCellAgent).to receive(:policy).with(
|
10
27
|
TCellAgent::PolicyTypes::Rust
|
11
28
|
).and_raise(StandardError.new('UNEXPECTED'))
|
12
29
|
expect(TCellAgent::Patches::MetaData).to_not receive(:build)
|
30
|
+
expect(TCellAgent).to receive(:logger).and_return(logger).twice
|
31
|
+
expect(logger).to receive(:debug).with(
|
32
|
+
'Exception in safe_block Checking patches blocking: StandardError happened, message is UNEXPECTED'
|
33
|
+
)
|
34
|
+
expect(logger).to receive(:debug) # exception stack trace
|
13
35
|
|
14
36
|
expect(Patches.block?(request)).to eq(false)
|
15
37
|
end
|
@@ -28,10 +50,9 @@ module TCellAgent
|
|
28
50
|
context 'with a disabled patches policy' do
|
29
51
|
it 'should return false' do
|
30
52
|
request = double('request')
|
31
|
-
rust_policies
|
32
|
-
expect(rust_policies.patches_enabled).to eq(false)
|
53
|
+
expect(@rust_policies.patches_enabled).to eq(false)
|
33
54
|
|
34
|
-
expect(TCellAgent).to receive(:policy).and_return(rust_policies)
|
55
|
+
expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
|
35
56
|
expect(TCellAgent::Patches::MetaData).to_not receive(:build)
|
36
57
|
|
37
58
|
expect(Patches.block?(request)).to eq(false)
|
@@ -42,12 +63,11 @@ module TCellAgent
|
|
42
63
|
it 'should return false' do
|
43
64
|
request = double('request')
|
44
65
|
meta_data = double('meta_data')
|
45
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
46
66
|
tcell_context = TCellAgent::Instrumentation::TCellData.new
|
47
67
|
|
48
|
-
expect(TCellAgent).to receive(:policy).and_return(rust_policies)
|
49
|
-
expect(rust_policies).to receive(:patches_enabled).and_return(true)
|
50
|
-
expect(rust_policies).to receive(:block_request?).and_return(false)
|
68
|
+
expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
|
69
|
+
expect(@rust_policies).to receive(:patches_enabled).and_return(true)
|
70
|
+
expect(@rust_policies).to receive(:block_request?).and_return(false)
|
51
71
|
expect(request).to receive(:env).and_return(
|
52
72
|
{
|
53
73
|
TCellAgent::Instrumentation::TCELL_ID => tcell_context
|
@@ -67,12 +87,11 @@ module TCellAgent
|
|
67
87
|
request = double('request')
|
68
88
|
meta_data = double('meta_data')
|
69
89
|
tcell_context = TCellAgent::Instrumentation::TCellData.new
|
70
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
71
90
|
expect(tcell_context.patches_blocking_triggered).to eq(false)
|
72
91
|
|
73
|
-
expect(TCellAgent).to receive(:policy).and_return(rust_policies)
|
74
|
-
expect(rust_policies).to receive(:patches_enabled).and_return(true)
|
75
|
-
expect(rust_policies).to receive(:block_request?).and_return(true)
|
92
|
+
expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
|
93
|
+
expect(@rust_policies).to receive(:patches_enabled).and_return(true)
|
94
|
+
expect(@rust_policies).to receive(:block_request?).and_return(true)
|
76
95
|
expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
|
77
96
|
meta_data
|
78
97
|
)
|
@@ -97,13 +116,12 @@ module TCellAgent
|
|
97
116
|
)
|
98
117
|
meta_data.get_dict = { 'paramater' => '<script>' }
|
99
118
|
tcell_context = TCellAgent::Instrumentation::TCellData.new
|
100
|
-
rust_policies = TCellAgent::Policies::RustPolicies.new
|
101
119
|
|
102
120
|
expect(tcell_context.patches_blocking_triggered).to eq(false)
|
103
121
|
|
104
|
-
expect(TCellAgent).to receive(:policy).and_return(rust_policies)
|
105
|
-
expect(rust_policies).to receive(:patches_enabled).and_return(true)
|
106
|
-
expect(rust_policies).to receive(:block_request?).and_return(true)
|
122
|
+
expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
|
123
|
+
expect(@rust_policies).to receive(:patches_enabled).and_return(true)
|
124
|
+
expect(@rust_policies).to receive(:block_request?).and_return(true)
|
107
125
|
expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
|
108
126
|
meta_data
|
109
127
|
)
|
@@ -109,6 +109,18 @@ module TCellAgent
|
|
109
109
|
|
110
110
|
describe '#update_policies' do
|
111
111
|
before(:each) do
|
112
|
+
configuration = double(
|
113
|
+
'configuration',
|
114
|
+
{
|
115
|
+
'app_id' => 'app_id',
|
116
|
+
'api_key' => 'api_key',
|
117
|
+
'allow_payloads' => true,
|
118
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
119
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
120
|
+
'max_csp_header_bytes' => nil
|
121
|
+
}
|
122
|
+
)
|
123
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
112
124
|
@rust_policies = RustPolicies.new
|
113
125
|
end
|
114
126
|
|
@@ -122,12 +134,14 @@ module TCellAgent
|
|
122
134
|
'Error updating policies: Failed to decode appsensor policy: missing field `policy_id`'
|
123
135
|
)
|
124
136
|
|
125
|
-
@rust_policies.update_policies(
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
130
|
-
|
137
|
+
@rust_policies.update_policies(
|
138
|
+
{
|
139
|
+
'appsensor' => {
|
140
|
+
'version' => 2,
|
141
|
+
'data' => {}
|
142
|
+
}
|
143
|
+
}
|
144
|
+
)
|
131
145
|
|
132
146
|
expect(@rust_policies.appfirewall_enabled).to eq(false)
|
133
147
|
end
|
@@ -142,12 +156,14 @@ module TCellAgent
|
|
142
156
|
'Error updating policies: Failed to decode appsensor policy: missing field `version`'
|
143
157
|
)
|
144
158
|
|
145
|
-
@rust_policies.update_policies(
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
159
|
+
@rust_policies.update_policies(
|
160
|
+
{
|
161
|
+
'appsensor' => {
|
162
|
+
'policy_id' => '01a1',
|
163
|
+
'data' => {}
|
164
|
+
}
|
165
|
+
}
|
166
|
+
)
|
151
167
|
|
152
168
|
expect(@rust_policies.appfirewall_enabled).to eq(false)
|
153
169
|
end
|
@@ -235,6 +251,19 @@ module TCellAgent
|
|
235
251
|
describe '#check_appfirewall_injections' do
|
236
252
|
context 'with everything enabled policy' do
|
237
253
|
before(:each) do
|
254
|
+
configuration = double(
|
255
|
+
'configuration',
|
256
|
+
{
|
257
|
+
'enabled' => true,
|
258
|
+
'app_id' => 'app_id',
|
259
|
+
'api_key' => 'api_key',
|
260
|
+
'allow_payloads' => true,
|
261
|
+
'js_agent_api_base_url' => 'http://api.tcell.com/',
|
262
|
+
'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
|
263
|
+
'max_csp_header_bytes' => nil
|
264
|
+
}
|
265
|
+
)
|
266
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
238
267
|
@rust_policies = RustPolicies.new
|
239
268
|
@rust_policies.update_policies(everything_enabled_policy_json)
|
240
269
|
@appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new(
|
@@ -275,18 +304,20 @@ module TCellAgent
|
|
275
304
|
|
276
305
|
context 'one csrf exception' do
|
277
306
|
it 'should send a csrf exception event' do
|
278
|
-
expect(TCellAgent).to receive(:send_event).with(
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
287
|
-
|
288
|
-
|
289
|
-
|
307
|
+
expect(TCellAgent).to receive(:send_event).with(
|
308
|
+
{
|
309
|
+
'event_type' => 'as',
|
310
|
+
'dp' => 'excsrf',
|
311
|
+
'param' => 'ActionController::InvalidAuthenticityToken',
|
312
|
+
'm' => 'GET',
|
313
|
+
'rid' => '12345',
|
314
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
315
|
+
'uri' => 'http://test.com/?some_param=',
|
316
|
+
'uid' => 'user_id',
|
317
|
+
'sid' => 'session_id',
|
318
|
+
'remote_addr' => '192.168.1.1'
|
319
|
+
}
|
320
|
+
)
|
290
321
|
|
291
322
|
@appsensor_meta.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
|
292
323
|
@rust_policies.check_appfirewall_injections(
|
@@ -310,19 +341,25 @@ module TCellAgent
|
|
310
341
|
|
311
342
|
context 'one sql exception' do
|
312
343
|
it 'should send one event' do
|
313
|
-
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
|
320
|
-
|
321
|
-
|
322
|
-
|
323
|
-
|
324
|
-
|
325
|
-
|
344
|
+
logger = double('logger')
|
345
|
+
|
346
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
347
|
+
expect(logger).to receive(:info)
|
348
|
+
expect(TCellAgent).to receive(:send_event).with(
|
349
|
+
{
|
350
|
+
'event_type' => 'as',
|
351
|
+
'dp' => 'exsql',
|
352
|
+
'param' => 'ActiveRecord::StatementInvalid',
|
353
|
+
'm' => 'GET',
|
354
|
+
'rid' => '12345',
|
355
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
356
|
+
'uri' => 'http://test.com/?some_param=',
|
357
|
+
'uid' => 'user_id',
|
358
|
+
'sid' => 'session_id',
|
359
|
+
'remote_addr' => '192.168.1.1',
|
360
|
+
'payload' => 'exception message goes here'
|
361
|
+
}
|
362
|
+
)
|
326
363
|
|
327
364
|
@appsensor_meta.sql_exceptions = [{
|
328
365
|
'exception_name' => 'ActiveRecord::StatementInvalid',
|
@@ -336,32 +373,40 @@ module TCellAgent
|
|
336
373
|
|
337
374
|
context 'multiple sql exception' do
|
338
375
|
it 'should send multiple event' do
|
339
|
-
|
340
|
-
|
341
|
-
|
342
|
-
|
343
|
-
|
344
|
-
|
345
|
-
|
346
|
-
|
347
|
-
|
348
|
-
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
353
|
-
|
354
|
-
|
355
|
-
|
356
|
-
|
357
|
-
|
358
|
-
|
359
|
-
|
360
|
-
|
361
|
-
|
362
|
-
|
363
|
-
|
364
|
-
|
376
|
+
logger = double('logger')
|
377
|
+
|
378
|
+
expect(TCellAgent).to receive(:logger).and_return(logger).twice
|
379
|
+
expect(logger).to receive(:info).twice
|
380
|
+
expect(TCellAgent).to receive(:send_event).with(
|
381
|
+
{
|
382
|
+
'event_type' => 'as',
|
383
|
+
'dp' => 'exsql',
|
384
|
+
'param' => 'ActiveRecord::StatementInvalid',
|
385
|
+
'm' => 'GET',
|
386
|
+
'rid' => '12345',
|
387
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
388
|
+
'uri' => 'http://test.com/?some_param=',
|
389
|
+
'uid' => 'user_id',
|
390
|
+
'sid' => 'session_id',
|
391
|
+
'remote_addr' => '192.168.1.1',
|
392
|
+
'payload' => 'exception message goes here'
|
393
|
+
}
|
394
|
+
)
|
395
|
+
expect(TCellAgent).to receive(:send_event).with(
|
396
|
+
{
|
397
|
+
'event_type' => 'as',
|
398
|
+
'dp' => 'exsql',
|
399
|
+
'param' => 'ActiveRecord::StatementInvalid',
|
400
|
+
'm' => 'GET',
|
401
|
+
'rid' => '12345',
|
402
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
403
|
+
'uri' => 'http://test.com/?some_param=',
|
404
|
+
'uid' => 'user_id',
|
405
|
+
'sid' => 'session_id',
|
406
|
+
'remote_addr' => '192.168.1.1',
|
407
|
+
'payload' => 'second exception message goes here'
|
408
|
+
}
|
409
|
+
)
|
365
410
|
|
366
411
|
@appsensor_meta.sql_exceptions = [
|
367
412
|
{
|
@@ -405,18 +450,20 @@ module TCellAgent
|
|
405
450
|
|
406
451
|
context 'one db max result' do
|
407
452
|
it 'should send one event' do
|
408
|
-
expect(TCellAgent).to receive(:send_event).with(
|
409
|
-
|
410
|
-
|
411
|
-
|
412
|
-
|
413
|
-
|
414
|
-
|
415
|
-
|
416
|
-
|
417
|
-
|
418
|
-
|
419
|
-
|
453
|
+
expect(TCellAgent).to receive(:send_event).with(
|
454
|
+
{
|
455
|
+
'event_type' => 'as',
|
456
|
+
'dp' => 'dbmaxrows',
|
457
|
+
'm' => 'GET',
|
458
|
+
'meta' => { 'rows' => 1001 },
|
459
|
+
'rid' => '12345',
|
460
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
461
|
+
'uri' => 'http://test.com/?some_param=',
|
462
|
+
'uid' => 'user_id',
|
463
|
+
'sid' => 'session_id',
|
464
|
+
'remote_addr' => '192.168.1.1'
|
465
|
+
}
|
466
|
+
)
|
420
467
|
|
421
468
|
@appsensor_meta.database_result_sizes = [1001]
|
422
469
|
@rust_policies.check_appfirewall_injections(
|
@@ -427,30 +474,34 @@ module TCellAgent
|
|
427
474
|
|
428
475
|
context 'multiple db max results' do
|
429
476
|
it 'should send multiple event' do
|
430
|
-
expect(TCellAgent).to receive(:send_event).with(
|
431
|
-
|
432
|
-
|
433
|
-
|
434
|
-
|
435
|
-
|
436
|
-
|
437
|
-
|
438
|
-
|
439
|
-
|
440
|
-
|
441
|
-
|
442
|
-
|
443
|
-
|
444
|
-
|
445
|
-
|
446
|
-
|
447
|
-
|
448
|
-
|
449
|
-
|
450
|
-
|
451
|
-
|
452
|
-
|
453
|
-
|
477
|
+
expect(TCellAgent).to receive(:send_event).with(
|
478
|
+
{
|
479
|
+
'event_type' => 'as',
|
480
|
+
'dp' => 'dbmaxrows',
|
481
|
+
'm' => 'GET',
|
482
|
+
'meta' => { 'rows' => 1001 },
|
483
|
+
'rid' => '12345',
|
484
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
485
|
+
'uri' => 'http://test.com/?some_param=',
|
486
|
+
'uid' => 'user_id',
|
487
|
+
'sid' => 'session_id',
|
488
|
+
'remote_addr' => '192.168.1.1'
|
489
|
+
}
|
490
|
+
)
|
491
|
+
expect(TCellAgent).to receive(:send_event).with(
|
492
|
+
{
|
493
|
+
'event_type' => 'as',
|
494
|
+
'dp' => 'dbmaxrows',
|
495
|
+
'm' => 'GET',
|
496
|
+
'meta' => { 'rows' => 1002 },
|
497
|
+
'rid' => '12345',
|
498
|
+
'full_uri' => 'http://test.com/?some_param=present',
|
499
|
+
'uri' => 'http://test.com/?some_param=',
|
500
|
+
'uid' => 'user_id',
|
501
|
+
'sid' => 'session_id',
|
502
|
+
'remote_addr' => '192.168.1.1'
|
503
|
+
}
|
504
|
+
)
|
454
505
|
|
455
506
|
@appsensor_meta.database_result_sizes = [1001, 1002]
|
456
507
|
@rust_policies.check_appfirewall_injections(
|