tcell_agent 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Readme.txt +7 -0
- data/bin/tcell_agent +6 -2
- data/lib/tcell_agent.rb +0 -3
- data/lib/tcell_agent/agent/event_processor.rb +1 -4
- data/lib/tcell_agent/agent/policy_manager.rb +5 -8
- data/lib/tcell_agent/agent/policy_types.rb +1 -7
- data/lib/tcell_agent/agent/static_agent.rb +2 -2
- data/lib/tcell_agent/api.rb +7 -9
- data/lib/tcell_agent/configuration.rb +42 -6
- data/lib/tcell_agent/policies/rust_policies.rb +33 -8
- data/lib/tcell_agent/rails/js_agent_insert.rb +17 -18
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +18 -59
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +10 -6
- data/lib/tcell_agent/rust/libtcellagent-0.19.5.dylib +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-0.11.1.so → libtcellagent-0.19.5.so} +0 -0
- data/lib/tcell_agent/rust/tcellagent-0.19.5.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +165 -39
- data/lib/tcell_agent/sensor_events/patches.rb +2 -0
- data/lib/tcell_agent/sinatra.rb +17 -14
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +17 -0
- data/spec/lib/tcell_agent/api/api_spec.rb +10 -7
- data/spec/lib/tcell_agent/cmdi_spec.rb +91 -80
- data/spec/lib/tcell_agent/instrumentation_spec.rb +20 -0
- data/spec/lib/tcell_agent/patches_spec.rb +33 -15
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +150 -99
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +13 -1
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +12 -0
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +2 -39
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +6 -2
- data/spec/lib/tcell_agent/rails_spec.rb +0 -31
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +234 -120
- data/tcell_agent.gemspec +1 -1
- metadata +21 -40
- data/lib/tcell_agent/policies/clickjacking_policy.rb +0 -114
- data/lib/tcell_agent/policies/content_security_policy.rb +0 -166
- data/lib/tcell_agent/policies/secure_headers_policy.rb +0 -67
- data/lib/tcell_agent/rust/libtcellagent-0.11.1.dylib +0 -0
- data/lib/tcell_agent/rust/tcellagent-0.11.1.dll +0 -0
- data/spec/apps/rails-3.2/config/tcell_agent.config +0 -15
- data/spec/apps/rails-3.2/log/development.log +0 -0
- data/spec/apps/rails-3.2/log/test.log +0 -12
- data/spec/apps/rails-4.1/log/test.log +0 -0
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +0 -71
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +0 -130
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +0 -67
- data/spec/lib/tcell_agent_spec.rb +0 -22
data/tcell_agent.gemspec
CHANGED
@@ -6,7 +6,7 @@ require 'tcell_agent/version'
|
|
6
6
|
Gem::Specification.new do |spec|
|
7
7
|
spec.name = 'tcell_agent'
|
8
8
|
spec.version = TCellAgent::VERSION
|
9
|
-
spec.authors = %w[Rafael
|
9
|
+
spec.authors = %w[Rafael]
|
10
10
|
spec.email = ['rafael@tcell.io']
|
11
11
|
spec.summary = 'tCell.io Agent for Rails'
|
12
12
|
spec.description = 'This agent allows users to use the tCell.io service with their Rails app.'
|
metadata
CHANGED
@@ -1,98 +1,97 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tcell_agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rafael
|
8
|
-
- Garrett
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date: 2018-
|
11
|
+
date: 2018-06-05 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: ffi
|
16
15
|
requirement: !ruby/object:Gem::Requirement
|
17
16
|
requirements:
|
18
|
-
- -
|
17
|
+
- - ">="
|
19
18
|
- !ruby/object:Gem::Version
|
20
19
|
version: 1.3.0
|
21
20
|
type: :runtime
|
22
21
|
prerelease: false
|
23
22
|
version_requirements: !ruby/object:Gem::Requirement
|
24
23
|
requirements:
|
25
|
-
- -
|
24
|
+
- - ">="
|
26
25
|
- !ruby/object:Gem::Version
|
27
26
|
version: 1.3.0
|
28
27
|
- !ruby/object:Gem::Dependency
|
29
28
|
name: json
|
30
29
|
requirement: !ruby/object:Gem::Requirement
|
31
30
|
requirements:
|
32
|
-
- -
|
31
|
+
- - ">="
|
33
32
|
- !ruby/object:Gem::Version
|
34
33
|
version: '1.8'
|
35
34
|
type: :runtime
|
36
35
|
prerelease: false
|
37
36
|
version_requirements: !ruby/object:Gem::Requirement
|
38
37
|
requirements:
|
39
|
-
- -
|
38
|
+
- - ">="
|
40
39
|
- !ruby/object:Gem::Version
|
41
40
|
version: '1.8'
|
42
41
|
- !ruby/object:Gem::Dependency
|
43
42
|
name: bundler
|
44
43
|
requirement: !ruby/object:Gem::Requirement
|
45
44
|
requirements:
|
46
|
-
- -
|
45
|
+
- - ">="
|
47
46
|
- !ruby/object:Gem::Version
|
48
47
|
version: '1.7'
|
49
48
|
type: :development
|
50
49
|
prerelease: false
|
51
50
|
version_requirements: !ruby/object:Gem::Requirement
|
52
51
|
requirements:
|
53
|
-
- -
|
52
|
+
- - ">="
|
54
53
|
- !ruby/object:Gem::Version
|
55
54
|
version: '1.7'
|
56
55
|
- !ruby/object:Gem::Dependency
|
57
56
|
name: rake
|
58
57
|
requirement: !ruby/object:Gem::Requirement
|
59
58
|
requirements:
|
60
|
-
- - ~>
|
59
|
+
- - "~>"
|
61
60
|
- !ruby/object:Gem::Version
|
62
61
|
version: '10.0'
|
63
62
|
type: :development
|
64
63
|
prerelease: false
|
65
64
|
version_requirements: !ruby/object:Gem::Requirement
|
66
65
|
requirements:
|
67
|
-
- - ~>
|
66
|
+
- - "~>"
|
68
67
|
- !ruby/object:Gem::Version
|
69
68
|
version: '10.0'
|
70
69
|
- !ruby/object:Gem::Dependency
|
71
70
|
name: rspec
|
72
71
|
requirement: !ruby/object:Gem::Requirement
|
73
72
|
requirements:
|
74
|
-
- - ~>
|
73
|
+
- - "~>"
|
75
74
|
- !ruby/object:Gem::Version
|
76
75
|
version: '0.9'
|
77
76
|
type: :development
|
78
77
|
prerelease: false
|
79
78
|
version_requirements: !ruby/object:Gem::Requirement
|
80
79
|
requirements:
|
81
|
-
- - ~>
|
80
|
+
- - "~>"
|
82
81
|
- !ruby/object:Gem::Version
|
83
82
|
version: '0.9'
|
84
83
|
- !ruby/object:Gem::Dependency
|
85
84
|
name: rspec-core
|
86
85
|
requirement: !ruby/object:Gem::Requirement
|
87
86
|
requirements:
|
88
|
-
- -
|
87
|
+
- - ">="
|
89
88
|
- !ruby/object:Gem::Version
|
90
89
|
version: '0'
|
91
90
|
type: :development
|
92
91
|
prerelease: false
|
93
92
|
version_requirements: !ruby/object:Gem::Requirement
|
94
93
|
requirements:
|
95
|
-
- -
|
94
|
+
- - ">="
|
96
95
|
- !ruby/object:Gem::Version
|
97
96
|
version: '0'
|
98
97
|
description: This agent allows users to use the tCell.io service with their Rails
|
@@ -107,6 +106,7 @@ files:
|
|
107
106
|
- LICENSE
|
108
107
|
- README.md
|
109
108
|
- Rakefile
|
109
|
+
- Readme.txt
|
110
110
|
- bin/tcell_agent
|
111
111
|
- lib/tcell_agent.rb
|
112
112
|
- lib/tcell_agent/agent.rb
|
@@ -129,15 +129,12 @@ files:
|
|
129
129
|
- lib/tcell_agent/logger.rb
|
130
130
|
- lib/tcell_agent/patches.rb
|
131
131
|
- lib/tcell_agent/patches/meta_data.rb
|
132
|
-
- lib/tcell_agent/policies/clickjacking_policy.rb
|
133
|
-
- lib/tcell_agent/policies/content_security_policy.rb
|
134
132
|
- lib/tcell_agent/policies/dataloss_policy.rb
|
135
133
|
- lib/tcell_agent/policies/http_redirect_policy.rb
|
136
134
|
- lib/tcell_agent/policies/http_tx_policy.rb
|
137
135
|
- lib/tcell_agent/policies/login_fraud_policy.rb
|
138
136
|
- lib/tcell_agent/policies/policy.rb
|
139
137
|
- lib/tcell_agent/policies/rust_policies.rb
|
140
|
-
- lib/tcell_agent/policies/secure_headers_policy.rb
|
141
138
|
- lib/tcell_agent/rails.rb
|
142
139
|
- lib/tcell_agent/rails/auth/authlogic.rb
|
143
140
|
- lib/tcell_agent/rails/auth/devise.rb
|
@@ -160,10 +157,10 @@ files:
|
|
160
157
|
- lib/tcell_agent/rails/settings_reporter.rb
|
161
158
|
- lib/tcell_agent/rails/tcell_body_proxy.rb
|
162
159
|
- lib/tcell_agent/routes/table.rb
|
163
|
-
- lib/tcell_agent/rust/libtcellagent-0.
|
164
|
-
- lib/tcell_agent/rust/libtcellagent-0.
|
160
|
+
- lib/tcell_agent/rust/libtcellagent-0.19.5.dylib
|
161
|
+
- lib/tcell_agent/rust/libtcellagent-0.19.5.so
|
165
162
|
- lib/tcell_agent/rust/models.rb
|
166
|
-
- lib/tcell_agent/rust/tcellagent-0.
|
163
|
+
- lib/tcell_agent/rust/tcellagent-0.19.5.dll
|
167
164
|
- lib/tcell_agent/rust/whisperer.rb
|
168
165
|
- lib/tcell_agent/sensor_events/app_config.rb
|
169
166
|
- lib/tcell_agent/sensor_events/appsensor_event.rb
|
@@ -195,10 +192,6 @@ files:
|
|
195
192
|
- lib/tcell_agent/utils/queue_with_timeout.rb
|
196
193
|
- lib/tcell_agent/utils/strings.rb
|
197
194
|
- lib/tcell_agent/version.rb
|
198
|
-
- spec/apps/rails-3.2/config/tcell_agent.config
|
199
|
-
- spec/apps/rails-3.2/log/development.log
|
200
|
-
- spec/apps/rails-3.2/log/test.log
|
201
|
-
- spec/apps/rails-4.1/log/test.log
|
202
195
|
- spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb
|
203
196
|
- spec/lib/tcell_agent/agent/policy_manager_spec.rb
|
204
197
|
- spec/lib/tcell_agent/agent/static_agent_spec.rb
|
@@ -212,15 +205,12 @@ files:
|
|
212
205
|
- spec/lib/tcell_agent/instrumentation_spec.rb
|
213
206
|
- spec/lib/tcell_agent/patches_spec.rb
|
214
207
|
- spec/lib/tcell_agent/policies/appsensor_policy_spec.rb
|
215
|
-
- spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb
|
216
208
|
- spec/lib/tcell_agent/policies/command_injection_policy_spec.rb
|
217
|
-
- spec/lib/tcell_agent/policies/content_security_policy_spec.rb
|
218
209
|
- spec/lib/tcell_agent/policies/dataloss_policy_spec.rb
|
219
210
|
- spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb
|
220
211
|
- spec/lib/tcell_agent/policies/http_tx_policy_spec.rb
|
221
212
|
- spec/lib/tcell_agent/policies/login_policy_spec.rb
|
222
213
|
- spec/lib/tcell_agent/policies/patches_policy_spec.rb
|
223
|
-
- spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb
|
224
214
|
- spec/lib/tcell_agent/rails/better_ip_spec.rb
|
225
215
|
- spec/lib/tcell_agent/rails/logger_spec.rb
|
226
216
|
- spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb
|
@@ -243,7 +233,6 @@ files:
|
|
243
233
|
- spec/lib/tcell_agent/utils/params_spec.rb
|
244
234
|
- spec/lib/tcell_agent/utils/passwords_spec.rb
|
245
235
|
- spec/lib/tcell_agent/utils/strings_spec.rb
|
246
|
-
- spec/lib/tcell_agent_spec.rb
|
247
236
|
- spec/spec_helper.rb
|
248
237
|
- spec/support/middleware_helper.rb
|
249
238
|
- spec/support/resources/normal_config.json
|
@@ -261,25 +250,21 @@ require_paths:
|
|
261
250
|
- spec
|
262
251
|
required_ruby_version: !ruby/object:Gem::Requirement
|
263
252
|
requirements:
|
264
|
-
- -
|
253
|
+
- - ">="
|
265
254
|
- !ruby/object:Gem::Version
|
266
255
|
version: '0'
|
267
256
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
268
257
|
requirements:
|
269
|
-
- -
|
258
|
+
- - ">="
|
270
259
|
- !ruby/object:Gem::Version
|
271
260
|
version: '0'
|
272
261
|
requirements: []
|
273
262
|
rubyforge_project:
|
274
|
-
rubygems_version: 2.
|
263
|
+
rubygems_version: 2.4.8
|
275
264
|
signing_key:
|
276
265
|
specification_version: 4
|
277
266
|
summary: tCell.io Agent for Rails
|
278
267
|
test_files:
|
279
|
-
- spec/apps/rails-3.2/config/tcell_agent.config
|
280
|
-
- spec/apps/rails-3.2/log/development.log
|
281
|
-
- spec/apps/rails-3.2/log/test.log
|
282
|
-
- spec/apps/rails-4.1/log/test.log
|
283
268
|
- spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb
|
284
269
|
- spec/lib/tcell_agent/agent/policy_manager_spec.rb
|
285
270
|
- spec/lib/tcell_agent/agent/static_agent_spec.rb
|
@@ -293,15 +278,12 @@ test_files:
|
|
293
278
|
- spec/lib/tcell_agent/instrumentation_spec.rb
|
294
279
|
- spec/lib/tcell_agent/patches_spec.rb
|
295
280
|
- spec/lib/tcell_agent/policies/appsensor_policy_spec.rb
|
296
|
-
- spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb
|
297
281
|
- spec/lib/tcell_agent/policies/command_injection_policy_spec.rb
|
298
|
-
- spec/lib/tcell_agent/policies/content_security_policy_spec.rb
|
299
282
|
- spec/lib/tcell_agent/policies/dataloss_policy_spec.rb
|
300
283
|
- spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb
|
301
284
|
- spec/lib/tcell_agent/policies/http_tx_policy_spec.rb
|
302
285
|
- spec/lib/tcell_agent/policies/login_policy_spec.rb
|
303
286
|
- spec/lib/tcell_agent/policies/patches_policy_spec.rb
|
304
|
-
- spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb
|
305
287
|
- spec/lib/tcell_agent/rails/better_ip_spec.rb
|
306
288
|
- spec/lib/tcell_agent/rails/logger_spec.rb
|
307
289
|
- spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb
|
@@ -324,7 +306,6 @@ test_files:
|
|
324
306
|
- spec/lib/tcell_agent/utils/params_spec.rb
|
325
307
|
- spec/lib/tcell_agent/utils/passwords_spec.rb
|
326
308
|
- spec/lib/tcell_agent/utils/strings_spec.rb
|
327
|
-
- spec/lib/tcell_agent_spec.rb
|
328
309
|
- spec/spec_helper.rb
|
329
310
|
- spec/support/middleware_helper.rb
|
330
311
|
- spec/support/resources/normal_config.json
|
@@ -1,114 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
# See the file "LICENSE" for the full license governing this code.
|
3
|
-
|
4
|
-
require 'uri'
|
5
|
-
require 'tcell_agent/policies/policy'
|
6
|
-
|
7
|
-
module TCellAgent
|
8
|
-
module Policies
|
9
|
-
class ClickjackingPolicy < Policy
|
10
|
-
class ContentSecurityPolicyHeader
|
11
|
-
@@approved_headers = [
|
12
|
-
"csp"
|
13
|
-
]
|
14
|
-
attr_accessor :type
|
15
|
-
attr_accessor :raw_value
|
16
|
-
attr_accessor :report_uri
|
17
|
-
def initialize(type, value, report_uri=nil)
|
18
|
-
if !(type && value)
|
19
|
-
raise "Type and value were not set"
|
20
|
-
end
|
21
|
-
if type.casecmp("content-security-policy") == 0
|
22
|
-
type = "csp"
|
23
|
-
end
|
24
|
-
if !@@approved_headers.include?(type.downcase)
|
25
|
-
raise "Type was not included in approved_headers"
|
26
|
-
end
|
27
|
-
if value != value.gsub(/[^\p{L}\w\d\-_\ :\/,;.'\*"%?@#=$]/,'')
|
28
|
-
raise "Value is not valid"
|
29
|
-
end
|
30
|
-
self.type = type
|
31
|
-
self.raw_value = value
|
32
|
-
self.report_uri = report_uri
|
33
|
-
end
|
34
|
-
def value(transaction_id=nil, session_id=nil, user_id=nil)
|
35
|
-
if !self.report_uri
|
36
|
-
return self.raw_value
|
37
|
-
end
|
38
|
-
begin
|
39
|
-
uri = URI.parse(self.report_uri)
|
40
|
-
new_query_ar = URI.decode_www_form(uri.query || '')
|
41
|
-
if transaction_id
|
42
|
-
new_query_ar << ["tid", transaction_id]
|
43
|
-
end
|
44
|
-
if session_id
|
45
|
-
new_query_ar << ["sid", session_id]
|
46
|
-
end
|
47
|
-
if user_id
|
48
|
-
new_query_ar << ["uid", user_id.to_s]
|
49
|
-
end
|
50
|
-
if new_query_ar != []
|
51
|
-
uri.query = URI.encode_www_form(new_query_ar)
|
52
|
-
end
|
53
|
-
report_uri = uri.to_s
|
54
|
-
return "#{self.raw_value}; report-uri #{report_uri}"
|
55
|
-
rescue StandardError => e
|
56
|
-
return self.raw_value
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
attr_accessor :headers
|
62
|
-
attr_accessor :policy_id
|
63
|
-
|
64
|
-
def each(transaction_id=nil, hmac_session_id=nil, user_id=nil, &block)
|
65
|
-
result = []
|
66
|
-
headers.each do | header |
|
67
|
-
header_value = header.value(transaction_id, hmac_session_id, user_id)
|
68
|
-
header_names = ClickjackingPolicy.cspHeadersForType(header.type)
|
69
|
-
header_names.each do | header_name |
|
70
|
-
result.push( {"name"=>header_name, "value"=>header_value} )
|
71
|
-
end #doloop
|
72
|
-
end
|
73
|
-
result.each(&block)
|
74
|
-
end
|
75
|
-
|
76
|
-
def self.from_json(policy_json)
|
77
|
-
if (!policy_json)
|
78
|
-
return nil
|
79
|
-
end
|
80
|
-
csp = ClickjackingPolicy.new
|
81
|
-
if policy_json.has_key?("policy_id")
|
82
|
-
csp.policy_id = policy_json["policy_id"]
|
83
|
-
else
|
84
|
-
raise "Policy ID missing"
|
85
|
-
end
|
86
|
-
if policy_json.has_key?("headers")
|
87
|
-
headers = policy_json["headers"]
|
88
|
-
csp_headers = []
|
89
|
-
headers.each do |header|
|
90
|
-
if header.has_key?("name") && header.has_key?("value")
|
91
|
-
begin
|
92
|
-
csp_header = ContentSecurityPolicyHeader.new(header["name"], header["value"], header["report-uri"])
|
93
|
-
csp_headers.push(csp_header)
|
94
|
-
rescue StandardError
|
95
|
-
end
|
96
|
-
end
|
97
|
-
end
|
98
|
-
csp.headers = csp_headers
|
99
|
-
end
|
100
|
-
return csp
|
101
|
-
end
|
102
|
-
def self.cspHeadersForType(csp_type)
|
103
|
-
if (!csp_type)
|
104
|
-
return []
|
105
|
-
end
|
106
|
-
if csp_type == "csp"
|
107
|
-
return ["Content-Security-Policy"]#,"X-Content-Security-Policy","X-WebKit-CSP"]
|
108
|
-
else
|
109
|
-
return []
|
110
|
-
end
|
111
|
-
end
|
112
|
-
end
|
113
|
-
end
|
114
|
-
end
|
@@ -1,166 +0,0 @@
|
|
1
|
-
# encoding: utf-8
|
2
|
-
# See the file "LICENSE" for the full license governing this code.
|
3
|
-
|
4
|
-
require 'uri'
|
5
|
-
require 'tcell_agent/configuration'
|
6
|
-
require 'tcell_agent/policies/policy'
|
7
|
-
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
8
|
-
|
9
|
-
module TCellAgent
|
10
|
-
module Policies
|
11
|
-
|
12
|
-
class ContentSecurityPolicy < Policy
|
13
|
-
class ContentSecurityPolicyHeader
|
14
|
-
@@approved_headers = [
|
15
|
-
"csp",
|
16
|
-
"csp-report"
|
17
|
-
]
|
18
|
-
attr_accessor :type
|
19
|
-
attr_accessor :raw_value
|
20
|
-
attr_accessor :report_uri
|
21
|
-
attr_accessor :policy_id
|
22
|
-
def initialize(type, value, report_uri=nil, policy_id=nil)
|
23
|
-
if !(type && value)
|
24
|
-
raise "Type and value were not set"
|
25
|
-
end
|
26
|
-
if type.casecmp("content-security-policy") == 0
|
27
|
-
type = "csp"
|
28
|
-
elsif type.casecmp("content-security-policy-report-only") == 0
|
29
|
-
type = "csp-report"
|
30
|
-
end
|
31
|
-
if !@@approved_headers.include?(type.downcase)
|
32
|
-
raise "Type was not included in approved_headers"
|
33
|
-
end
|
34
|
-
if value != value.gsub(/[^\p{L}\w\d\-_\ :\/,;.'\*"%?@#=$]/,'')
|
35
|
-
raise "Value is not valid"
|
36
|
-
end
|
37
|
-
if policy_id
|
38
|
-
self.policy_id = policy_id
|
39
|
-
end
|
40
|
-
self.type = type
|
41
|
-
self.raw_value = value
|
42
|
-
self.report_uri = report_uri
|
43
|
-
end
|
44
|
-
def value(transaction_id=nil, route_id=nil, session_id=nil, user_id=nil)
|
45
|
-
if !self.report_uri
|
46
|
-
return self.raw_value
|
47
|
-
end
|
48
|
-
begin
|
49
|
-
uri = URI.parse(self.report_uri)
|
50
|
-
new_query_ar = URI.decode_www_form(uri.query || '')
|
51
|
-
if transaction_id
|
52
|
-
new_query_ar << ["tid", transaction_id]
|
53
|
-
end
|
54
|
-
if session_id && session_id.length > 0
|
55
|
-
new_query_ar << ["sid", session_id]
|
56
|
-
end
|
57
|
-
if route_id
|
58
|
-
new_query_ar << ["rid", route_id]
|
59
|
-
end
|
60
|
-
if new_query_ar != []
|
61
|
-
uri.query = URI.encode_www_form(new_query_ar)
|
62
|
-
end
|
63
|
-
report_uri = uri.to_s
|
64
|
-
if self.policy_id
|
65
|
-
checksum = TCellAgent::Utils::Strings.java_hashcode(self.policy_id + report_uri)
|
66
|
-
if new_query_ar != []
|
67
|
-
report_uri = report_uri + "&"
|
68
|
-
else
|
69
|
-
report_uri = report_uri + "?"
|
70
|
-
end
|
71
|
-
report_uri = report_uri + "c=" + checksum.to_s
|
72
|
-
end
|
73
|
-
return "#{self.raw_value}; report-uri #{report_uri}"
|
74
|
-
rescue StandardError
|
75
|
-
return self.raw_value
|
76
|
-
end
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
|
-
attr_accessor :headers
|
81
|
-
attr_accessor :policy_id
|
82
|
-
attr_accessor :js_agent_api_key
|
83
|
-
|
84
|
-
def each_header_pair(transaction_id=nil, route_id=nil, hmac_session_id=nil, user_id=nil, path=nil)
|
85
|
-
max_csp_header_bytes = TCellAgent.configuration.max_csp_header_bytes
|
86
|
-
|
87
|
-
headers.each do |header|
|
88
|
-
header_value = header.value(transaction_id, route_id, hmac_session_id)
|
89
|
-
|
90
|
-
if !max_csp_header_bytes || header_value.bytesize <= max_csp_header_bytes
|
91
|
-
header_names = ContentSecurityPolicy.cspHeadersForType(header.type)
|
92
|
-
header_names.each do | header_name |
|
93
|
-
yield(header_name, header_value)
|
94
|
-
end
|
95
|
-
|
96
|
-
else
|
97
|
-
TCellAgent.logger.warn(
|
98
|
-
"[RouteID=#{route_id},Path=#{path}] CSP header(#{header_value.bytesize}) " +
|
99
|
-
"is bigger than configured max_csp_header_bytes(#{max_csp_header_bytes})"
|
100
|
-
)
|
101
|
-
end
|
102
|
-
end
|
103
|
-
end
|
104
|
-
|
105
|
-
def self.from_json(policy_json)
|
106
|
-
if (!policy_json)
|
107
|
-
return nil
|
108
|
-
end
|
109
|
-
csp = ContentSecurityPolicy.new
|
110
|
-
if policy_json.has_key?("policy_id")
|
111
|
-
csp.policy_id = policy_json["policy_id"]
|
112
|
-
else
|
113
|
-
raise "Policy ID missing"
|
114
|
-
end
|
115
|
-
|
116
|
-
if policy_json.has_key?("data")
|
117
|
-
data_json = policy_json["data"]
|
118
|
-
if data_json.has_key?("options")
|
119
|
-
options_json = data_json["options"]
|
120
|
-
csp.js_agent_api_key = options_json.fetch("js_agent_api_key", nil)
|
121
|
-
end
|
122
|
-
end
|
123
|
-
|
124
|
-
if policy_json.has_key?("headers")
|
125
|
-
headers = policy_json["headers"]
|
126
|
-
csp_headers = []
|
127
|
-
|
128
|
-
|
129
|
-
headers.each do |header|
|
130
|
-
if header.has_key?("name") && header.has_key?("value")
|
131
|
-
begin
|
132
|
-
csp_header = ContentSecurityPolicyHeader.new(header["name"], header["value"], header["report-uri"], csp.policy_id)
|
133
|
-
csp_headers.push(csp_header)
|
134
|
-
rescue StandardError
|
135
|
-
end
|
136
|
-
end
|
137
|
-
end
|
138
|
-
csp.headers = csp_headers
|
139
|
-
end
|
140
|
-
return csp
|
141
|
-
end
|
142
|
-
def self.cspHeadersForType(csp_type)
|
143
|
-
if (!csp_type)
|
144
|
-
return []
|
145
|
-
end
|
146
|
-
if csp_type == "csp"
|
147
|
-
return ["Content-Security-Policy"]#,"X-Content-Security-Policy","X-WebKit-CSP"]
|
148
|
-
elsif csp_type == "csp-report"
|
149
|
-
return ["Content-Security-Policy-Report-Only"]#,"X-Content-Security-Policy-Report-Only","X-WebKit-CSP-Report-Only"]
|
150
|
-
else
|
151
|
-
return []
|
152
|
-
end
|
153
|
-
end
|
154
|
-
def js_agent_app_id
|
155
|
-
return TCellAgent.configuration.app_id
|
156
|
-
end
|
157
|
-
def js_agent_api_base_url
|
158
|
-
return TCellAgent.configuration.js_agent_api_base_url
|
159
|
-
end
|
160
|
-
def js_agent_url
|
161
|
-
return TCellAgent.configuration.js_agent_url
|
162
|
-
end
|
163
|
-
end
|
164
|
-
|
165
|
-
end
|
166
|
-
end
|