tcell_agent 1.0.0 → 1.1.0

data/tcell_agent.gemspec

@@ -6,7 +6,7 @@ require 'tcell_agent/version'
 Gem::Specification.new do |spec|
   spec.name          = 'tcell_agent'
   spec.version       = TCellAgent::VERSION
-  spec.authors       = %w[Rafael Garrett]
+  spec.authors       = %w[Rafael]
   spec.email         = ['rafael@tcell.io']
   spec.summary       = 'tCell.io Agent for Rails'
   spec.description   = 'This agent allows users to use the tCell.io service with their Rails app.'

metadata

@@ -1,98 +1,97 @@
 --- !ruby/object:Gem::Specification
 name: tcell_agent
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Rafael
-- Garrett
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-22 00:00:00.000000000 Z
+date: 2018-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.3.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.3.0
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.8'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.8'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.7'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.7'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '10.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
 - !ruby/object:Gem::Dependency
   name: rspec-core
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: This agent allows users to use the tCell.io service with their Rails
@@ -107,6 +106,7 @@ files:
 - LICENSE
 - README.md
 - Rakefile
+- Readme.txt
 - bin/tcell_agent
 - lib/tcell_agent.rb
 - lib/tcell_agent/agent.rb
@@ -129,15 +129,12 @@ files:
 - lib/tcell_agent/logger.rb
 - lib/tcell_agent/patches.rb
 - lib/tcell_agent/patches/meta_data.rb
-- lib/tcell_agent/policies/clickjacking_policy.rb
-- lib/tcell_agent/policies/content_security_policy.rb
 - lib/tcell_agent/policies/dataloss_policy.rb
 - lib/tcell_agent/policies/http_redirect_policy.rb
 - lib/tcell_agent/policies/http_tx_policy.rb
 - lib/tcell_agent/policies/login_fraud_policy.rb
 - lib/tcell_agent/policies/policy.rb
 - lib/tcell_agent/policies/rust_policies.rb
-- lib/tcell_agent/policies/secure_headers_policy.rb
 - lib/tcell_agent/rails.rb
 - lib/tcell_agent/rails/auth/authlogic.rb
 - lib/tcell_agent/rails/auth/devise.rb
@@ -160,10 +157,10 @@ files:
 - lib/tcell_agent/rails/settings_reporter.rb
 - lib/tcell_agent/rails/tcell_body_proxy.rb
 - lib/tcell_agent/routes/table.rb
-- lib/tcell_agent/rust/libtcellagent-0.11.1.dylib
-- lib/tcell_agent/rust/libtcellagent-0.11.1.so
+- lib/tcell_agent/rust/libtcellagent-0.19.5.dylib
+- lib/tcell_agent/rust/libtcellagent-0.19.5.so
 - lib/tcell_agent/rust/models.rb
-- lib/tcell_agent/rust/tcellagent-0.11.1.dll
+- lib/tcell_agent/rust/tcellagent-0.19.5.dll
 - lib/tcell_agent/rust/whisperer.rb
 - lib/tcell_agent/sensor_events/app_config.rb
 - lib/tcell_agent/sensor_events/appsensor_event.rb
@@ -195,10 +192,6 @@ files:
 - lib/tcell_agent/utils/queue_with_timeout.rb
 - lib/tcell_agent/utils/strings.rb
 - lib/tcell_agent/version.rb
-- spec/apps/rails-3.2/config/tcell_agent.config
-- spec/apps/rails-3.2/log/development.log
-- spec/apps/rails-3.2/log/test.log
-- spec/apps/rails-4.1/log/test.log
 - spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb
 - spec/lib/tcell_agent/agent/policy_manager_spec.rb
 - spec/lib/tcell_agent/agent/static_agent_spec.rb
@@ -212,15 +205,12 @@ files:
 - spec/lib/tcell_agent/instrumentation_spec.rb
 - spec/lib/tcell_agent/patches_spec.rb
 - spec/lib/tcell_agent/policies/appsensor_policy_spec.rb
-- spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb
 - spec/lib/tcell_agent/policies/command_injection_policy_spec.rb
-- spec/lib/tcell_agent/policies/content_security_policy_spec.rb
 - spec/lib/tcell_agent/policies/dataloss_policy_spec.rb
 - spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb
 - spec/lib/tcell_agent/policies/http_tx_policy_spec.rb
 - spec/lib/tcell_agent/policies/login_policy_spec.rb
 - spec/lib/tcell_agent/policies/patches_policy_spec.rb
-- spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb
 - spec/lib/tcell_agent/rails/better_ip_spec.rb
 - spec/lib/tcell_agent/rails/logger_spec.rb
 - spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb
@@ -243,7 +233,6 @@ files:
 - spec/lib/tcell_agent/utils/params_spec.rb
 - spec/lib/tcell_agent/utils/passwords_spec.rb
 - spec/lib/tcell_agent/utils/strings_spec.rb
-- spec/lib/tcell_agent_spec.rb
 - spec/spec_helper.rb
 - spec/support/middleware_helper.rb
 - spec/support/resources/normal_config.json
@@ -261,25 +250,21 @@ require_paths:
 - spec
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: tCell.io Agent for Rails
 test_files:
-- spec/apps/rails-3.2/config/tcell_agent.config
-- spec/apps/rails-3.2/log/development.log
-- spec/apps/rails-3.2/log/test.log
-- spec/apps/rails-4.1/log/test.log
 - spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb
 - spec/lib/tcell_agent/agent/policy_manager_spec.rb
 - spec/lib/tcell_agent/agent/static_agent_spec.rb
@@ -293,15 +278,12 @@ test_files:
 - spec/lib/tcell_agent/instrumentation_spec.rb
 - spec/lib/tcell_agent/patches_spec.rb
 - spec/lib/tcell_agent/policies/appsensor_policy_spec.rb
-- spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb
 - spec/lib/tcell_agent/policies/command_injection_policy_spec.rb
-- spec/lib/tcell_agent/policies/content_security_policy_spec.rb
 - spec/lib/tcell_agent/policies/dataloss_policy_spec.rb
 - spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb
 - spec/lib/tcell_agent/policies/http_tx_policy_spec.rb
 - spec/lib/tcell_agent/policies/login_policy_spec.rb
 - spec/lib/tcell_agent/policies/patches_policy_spec.rb
-- spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb
 - spec/lib/tcell_agent/rails/better_ip_spec.rb
 - spec/lib/tcell_agent/rails/logger_spec.rb
 - spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb
@@ -324,7 +306,6 @@ test_files:
 - spec/lib/tcell_agent/utils/params_spec.rb
 - spec/lib/tcell_agent/utils/passwords_spec.rb
 - spec/lib/tcell_agent/utils/strings_spec.rb
-- spec/lib/tcell_agent_spec.rb
 - spec/spec_helper.rb
 - spec/support/middleware_helper.rb
 - spec/support/resources/normal_config.json

data/lib/tcell_agent/policies/clickjacking_policy.rb

@@ -1,114 +0,0 @@
-# encoding: utf-8
-# See the file "LICENSE" for the full license governing this code.
-
-require 'uri'
-require 'tcell_agent/policies/policy'
-
-module TCellAgent
-    module Policies
-        class ClickjackingPolicy < Policy
-            class ContentSecurityPolicyHeader
-                @@approved_headers = [
-                    "csp"
-                ]
-                attr_accessor :type
-                attr_accessor :raw_value
-                attr_accessor :report_uri
-                def initialize(type, value, report_uri=nil)
-                    if !(type && value)
-                        raise "Type and value were not set"
-                    end
-                    if type.casecmp("content-security-policy") == 0
-                        type = "csp"
-                    end
-                    if !@@approved_headers.include?(type.downcase)
-                        raise "Type was not included in approved_headers"
-                    end
-                    if value != value.gsub(/[^\p{L}\w\d\-_\ :\/,;.'\*"%?@#=$]/,'')
-                        raise "Value is not valid"
-                    end
-                    self.type = type
-                    self.raw_value = value
-                    self.report_uri = report_uri
-                end
-                def value(transaction_id=nil, session_id=nil, user_id=nil)
-                    if !self.report_uri
-                        return self.raw_value
-                    end
-                    begin
-                        uri = URI.parse(self.report_uri)
-                        new_query_ar = URI.decode_www_form(uri.query || '')
-                        if transaction_id
-                            new_query_ar << ["tid", transaction_id]
-                        end
-                        if session_id
-                            new_query_ar << ["sid", session_id]
-                        end
-                        if user_id
-                            new_query_ar << ["uid", user_id.to_s]
-                        end
-                        if new_query_ar != []
-                            uri.query = URI.encode_www_form(new_query_ar)
-                        end
-                        report_uri = uri.to_s
-                        return "#{self.raw_value}; report-uri #{report_uri}"
-                    rescue StandardError => e
-                        return self.raw_value
-                    end
-                end
-            end
-
-            attr_accessor :headers
-            attr_accessor :policy_id
-
-            def each(transaction_id=nil, hmac_session_id=nil, user_id=nil, &block)
-                result = []
-                headers.each do | header |
-                  header_value = header.value(transaction_id, hmac_session_id, user_id)
-                  header_names = ClickjackingPolicy.cspHeadersForType(header.type)
-                  header_names.each do | header_name |
-                    result.push( {"name"=>header_name, "value"=>header_value} )
-                  end #doloop
-                end
-                result.each(&block)
-            end
-
-            def self.from_json(policy_json)
-                if (!policy_json)
-                    return nil
-                end
-                csp = ClickjackingPolicy.new
-                if policy_json.has_key?("policy_id")
-                    csp.policy_id = policy_json["policy_id"]
-                else
-                    raise "Policy ID missing"
-                end
-                if policy_json.has_key?("headers")
-                    headers = policy_json["headers"]
-                    csp_headers = []
-                    headers.each do |header|
-                        if header.has_key?("name") && header.has_key?("value")
-                            begin
-                                csp_header = ContentSecurityPolicyHeader.new(header["name"], header["value"], header["report-uri"])
-                                csp_headers.push(csp_header)
-                            rescue StandardError
-                            end
-                        end
-                    end
-                    csp.headers = csp_headers
-                end
-                return csp
-            end
-            def self.cspHeadersForType(csp_type)
-                if (!csp_type)
-                    return []
-                end
-                if csp_type == "csp"
-                    return ["Content-Security-Policy"]#,"X-Content-Security-Policy","X-WebKit-CSP"]
-                else
-                    return []
-                end
-            end
-        end
-    end
-end

data/lib/tcell_agent/policies/content_security_policy.rb

@@ -1,166 +0,0 @@
-# encoding: utf-8
-# See the file "LICENSE" for the full license governing this code.
-
-require 'uri'
-require 'tcell_agent/configuration'
-require 'tcell_agent/policies/policy'
-require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-
-module TCellAgent
-  module Policies
-
-    class ContentSecurityPolicy < Policy
-      class ContentSecurityPolicyHeader
-        @@approved_headers = [
-          "csp",
-          "csp-report"
-        ]
-        attr_accessor :type
-        attr_accessor :raw_value
-        attr_accessor :report_uri
-        attr_accessor :policy_id
-        def initialize(type, value, report_uri=nil, policy_id=nil)
-          if !(type && value)
-            raise "Type and value were not set"
-          end
-          if type.casecmp("content-security-policy") == 0
-            type = "csp"
-          elsif type.casecmp("content-security-policy-report-only") == 0
-            type = "csp-report"
-          end
-          if !@@approved_headers.include?(type.downcase)
-            raise "Type was not included in approved_headers"
-          end
-          if value != value.gsub(/[^\p{L}\w\d\-_\ :\/,;.'\*"%?@#=$]/,'')
-            raise "Value is not valid"
-          end
-          if policy_id
-            self.policy_id = policy_id
-          end
-          self.type = type
-          self.raw_value = value
-          self.report_uri = report_uri
-        end
-        def value(transaction_id=nil, route_id=nil, session_id=nil, user_id=nil)
-          if !self.report_uri
-            return self.raw_value
-          end
-          begin
-            uri = URI.parse(self.report_uri)
-            new_query_ar = URI.decode_www_form(uri.query || '')
-            if transaction_id
-              new_query_ar << ["tid", transaction_id]
-            end
-            if session_id && session_id.length > 0
-              new_query_ar << ["sid", session_id]
-            end
-            if route_id
-              new_query_ar << ["rid", route_id]
-            end
-            if new_query_ar != []
-              uri.query = URI.encode_www_form(new_query_ar)
-            end
-            report_uri = uri.to_s
-            if self.policy_id
-              checksum = TCellAgent::Utils::Strings.java_hashcode(self.policy_id + report_uri)
-              if new_query_ar != []
-                report_uri = report_uri + "&"
-              else
-                report_uri = report_uri + "?"
-              end
-              report_uri = report_uri + "c=" + checksum.to_s
-            end
-            return "#{self.raw_value}; report-uri #{report_uri}"
-          rescue StandardError
-            return self.raw_value
-          end
-        end
-      end
-
-      attr_accessor :headers
-      attr_accessor :policy_id
-      attr_accessor :js_agent_api_key
-
-      def each_header_pair(transaction_id=nil, route_id=nil, hmac_session_id=nil, user_id=nil, path=nil)
-        max_csp_header_bytes = TCellAgent.configuration.max_csp_header_bytes
-
-        headers.each do |header|
-          header_value = header.value(transaction_id, route_id, hmac_session_id)
-
-          if !max_csp_header_bytes || header_value.bytesize <= max_csp_header_bytes
-            header_names = ContentSecurityPolicy.cspHeadersForType(header.type)
-            header_names.each do | header_name |
-              yield(header_name, header_value)
-            end
-
-          else
-            TCellAgent.logger.warn(
-              "[RouteID=#{route_id},Path=#{path}] CSP header(#{header_value.bytesize}) " +
-              "is bigger than configured max_csp_header_bytes(#{max_csp_header_bytes})"
-            )
-          end
-        end
-      end
-
-      def self.from_json(policy_json)
-        if (!policy_json)
-          return nil
-        end
-        csp = ContentSecurityPolicy.new
-        if policy_json.has_key?("policy_id")
-          csp.policy_id = policy_json["policy_id"]
-        else
-          raise "Policy ID missing"
-        end
-
-        if policy_json.has_key?("data")
-          data_json = policy_json["data"]
-          if data_json.has_key?("options")
-            options_json = data_json["options"]
-            csp.js_agent_api_key = options_json.fetch("js_agent_api_key", nil)
-          end
-        end
-
-        if policy_json.has_key?("headers")
-          headers = policy_json["headers"]
-          csp_headers = []
-
-
-          headers.each do |header|
-            if header.has_key?("name") && header.has_key?("value")
-              begin
-                csp_header = ContentSecurityPolicyHeader.new(header["name"], header["value"], header["report-uri"], csp.policy_id)
-                csp_headers.push(csp_header)
-              rescue StandardError
-              end
-            end
-          end
-          csp.headers = csp_headers
-        end
-        return csp
-      end
-      def self.cspHeadersForType(csp_type)
-        if (!csp_type)
-          return []
-        end
-        if csp_type == "csp"
-          return ["Content-Security-Policy"]#,"X-Content-Security-Policy","X-WebKit-CSP"]
-        elsif csp_type == "csp-report"
-          return ["Content-Security-Policy-Report-Only"]#,"X-Content-Security-Policy-Report-Only","X-WebKit-CSP-Report-Only"]
-        else
-          return []
-        end
-      end
-      def js_agent_app_id
-        return TCellAgent.configuration.app_id
-      end
-      def js_agent_api_base_url
-        return TCellAgent.configuration.js_agent_api_base_url
-      end
-      def js_agent_url
-        return TCellAgent.configuration.js_agent_url
-      end
-    end
-
-  end
-end