tcell_agent 1.0.0 → 1.1.0

data/lib/tcell_agent/policies/secure_headers_policy.rb

@@ -1,67 +0,0 @@
-# encoding: utf-8
-# See the file "LICENSE" for the full license governing this code.
-require 'tcell_agent/policies/policy'
-
-
-module TCellAgent
-    module Policies
-        class SecureHeadersPolicy < Policy
-            class SecurityHeader
-                @@approved_headers = [
-                    "strict-transport-security",
-                    "x-frame-options",
-                    "x-xss-protection",
-                    "x-content-type-options",
-                    "x-permitted-cross-domain-policies",
-                    "x-download-options"
-                ]
-                attr_accessor :name
-                attr_accessor :value
-                def initialize(name, value)
-                    if !(name && value)
-                        raise "Name and value were not set"
-                    end
-                    if !@@approved_headers.include?(name.downcase)
-                        raise "Name was not included in approved_headers"
-                    end
-                    if value != value.gsub(/[^\p{L}\w\d\-_\ :\/,;.'\*"%?@#=$]/,'')
-                        raise "Value is not valid"
-                    end
-                    self.name = name
-                    self.value = value
-                end
-            end
-
-            attr_accessor :headers
-            attr_accessor :policy_id
-
-            def self.from_json(policy_json)
-                if (!policy_json)
-                    return nil
-                end
-                security_headers_policy = SecureHeadersPolicy.new
-                if policy_json.has_key?("policy_id")
-                    security_headers_policy.policy_id = policy_json["policy_id"]
-                else
-                    raise "Policy ID missing"
-                end
-                security_headers = []
-                if policy_json.has_key?("headers")
-                    headers = policy_json["headers"]
-                    headers.each do |header|
-                        if header.has_key?("name") && header.has_key?("value")
-                            begin
-                                security_header = SecurityHeader.new(header["name"], header["value"])
-                                security_headers.push(security_header)
-                            rescue StandardError => secure_header_exception
-                                TCellAgent.logger.debug("Could not load secure header:" + secure_header_exception.message)
-                            end
-                        end
-                    end
-                end
-                security_headers_policy.headers = security_headers
-                return security_headers_policy
-            end
-        end
-    end
-end

data/spec/apps/rails-3.2/config/tcell_agent.config

@@ -1,15 +0,0 @@
-{
-    "version":1,
-    "applications": 
-    [
-    {
-        "name":"<name>",
-        "api_key":"<apikey>",
-        "fetch_policies_from_tcell":false,
-        "tcell_input_url":"https://localhost/",
-        "preload_policy_filename":"config/tcell_preload.json",
-        "logging_options":{"enabled":true, "level":"DEBUG"}
-    }
-    ]
-}
-

data/spec/apps/rails-3.2/log/test.log

@@ -1,12 +0,0 @@
-Connecting to database specified by DATABASE_URL
-Connecting to database specified by DATABASE_URL
-Connecting to database specified by DATABASE_URL
-Connecting to database specified by DATABASE_URL
-Connecting to database specified by DATABASE_URL
-Connecting to database specified by DATABASE_URL
-Connecting to database specified by DATABASE_URL
-Connecting to database specified by DATABASE_URL
-Connecting to database specified by DATABASE_URL
-Connecting to database specified by DATABASE_URL
-Connecting to database specified by DATABASE_URL
-Connecting to database specified by DATABASE_URL

data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb

@@ -1,71 +0,0 @@
-require 'spec_helper'
-
-module TCellAgent
-  module Policies
-    describe ClickjackingPolicy do
-      content_security_policy_json = {
-        'policy_id' => '00a1',
-        'headers' => [
-          { 'name' => 'csp', 'value' => 'csp header value' }
-        ]
-      }
-      csp_from_json = ClickjackingPolicy.from_json(content_security_policy_json)
-      context 'initialized with 3 items' do
-        it 'returns true' do
-          expect(csp_from_json.policy_id).to eq('00a1')
-          expect(csp_from_json.headers[0].type).to eq('csp')
-          expect(csp_from_json.headers[0].value).to eq('csp header value')
-        end
-      end
-      context 'headers match up appropriately' do
-        it 'returns content-security-policy headers' do
-          expect(ClickjackingPolicy.cspHeadersForType('csp')).to match_array(['Content-Security-Policy']) # ,"X-Content-Security-Policy","X-WebKit-CSP"])
-        end
-      end
-    end
-    describe ContentSecurityPolicy do
-      content_security_policy_json = {
-        'policy_id' => '01a1',
-        'headers' => [
-          { 'name' => 'csp-header-is-bad', 'value' => 'csp header value' }
-        ]
-      }
-      csp_policy = ClickjackingPolicy.from_json(content_security_policy_json)
-      context 'csp header example, invalid header' do
-        it 'returns false' do
-          expect(csp_policy.headers.length).to eq(0)
-        end
-      end
-    end
-    describe ClickjackingPolicy do
-      content_security_policy_json = {
-        'policy_id' => '01a1',
-        'headers' => [
-          { 'name' => 'csp', 'value' => 'value123\\nabc' }
-        ]
-      }
-      csp_policy = ClickjackingPolicy.from_json(content_security_policy_json)
-      context 'secure header, value is bad' do
-        it 'returns false' do
-          expect(csp_policy.headers.length).to eq(0)
-        end
-      end
-    end
-    describe ClickjackingPolicy do
-      content_security_policy_json = {
-        'policy_id' => '01a1',
-        'headers' => [
-          { 'name' => 'csp', 'value' => 'value normal', 'report-uri' => 'https://example.com/abcdde' }
-        ]
-      }
-      csp_policy = ClickjackingPolicy.from_json(content_security_policy_json)
-      context 'secure header, report-uri seperate' do
-        it 'returns false' do
-          expect(csp_policy.headers.length).to eq(1)
-          expect(csp_policy.headers[0].value).to eq('value normal; report-uri https://example.com/abcdde')
-          expect(csp_policy.headers[0].value('1', '2', '3')).to eq('value normal; report-uri https://example.com/abcdde?tid=1&sid=2&uid=3')
-        end
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb

@@ -1,130 +0,0 @@
-require 'spec_helper'
-
-module TCellAgent
-  module Policies
-    describe ContentSecurityPolicy do
-      context 'test empty agent' do
-        it 'enabled is false' do
-          policy_json_empty = {
-            'policy_id' => '01a1',
-            'data' => {
-              'options' => {
-
-              }
-            }
-          }
-
-          empty_policy = ContentSecurityPolicy.from_json(policy_json_empty)
-
-          expect(empty_policy.policy_id).to eq('01a1')
-          expect(empty_policy.js_agent_api_key).to eq(nil)
-        end
-      end
-
-      context 'tests xss is true and enabled true' do
-        it 'returns true' do
-          policy_json_one = {
-            'policy_id' => '01a1',
-            'data' => {
-              'options' => {
-                'js_agent_api_key' => '000-000-1'
-              }
-            }
-          }
-
-          from_json = ContentSecurityPolicy.from_json(policy_json_one)
-
-          expect(from_json.policy_id).to eq('01a1')
-          expect(from_json.js_agent_api_key).to eq('000-000-1')
-        end
-      end
-
-      context 'initialized with 3 items' do
-        it 'returns true' do
-          content_security_policy_json = {
-            'policy_id' => '00a1',
-            'headers' => [
-              { 'name' => 'csp', 'value' => 'csp header value' }
-            ]
-          }
-
-          csp_from_json = ContentSecurityPolicy.from_json(content_security_policy_json)
-
-          expect(csp_from_json.policy_id).to eq('00a1')
-          expect(csp_from_json.headers[0].type).to eq('csp')
-          expect(csp_from_json.headers[0].value).to eq('csp header value')
-        end
-      end
-
-      context 'headers match up appropriately' do
-        it 'returns content-security-policy headers' do
-          expect(ContentSecurityPolicy.cspHeadersForType('csp')).to match_array(['Content-Security-Policy'])
-        end
-      end
-
-      context 'csp header example, invalid header' do
-        it 'returns false' do
-          content_security_policy_json = {
-            'policy_id' => '01a1',
-            'headers' => [
-              { 'name' => 'csp-header-is-bad', 'value' => 'csp header value' }
-            ]
-          }
-
-          csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
-
-          expect(csp_policy.headers.length).to eq(0)
-        end
-      end
-
-      context 'secure header, value is bad' do
-        it 'returns false' do
-          content_security_policy_json = {
-            'policy_id' => '01a1',
-            'headers' => [
-              { 'name' => 'csp', 'value' => 'value123\\nabc' }
-            ]
-          }
-          csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
-          expect(csp_policy.headers.length).to eq(0)
-        end
-      end
-
-      context 'secure header, report-uri seperate' do
-        it 'returns false' do
-          content_security_policy_json = {
-            'policy_id' => '01a1',
-            'headers' => [
-              { 'name' => 'csp', 'value' => 'value normal', 'report-uri' => 'https://example.com/abcdde' }
-            ]
-          }
-
-          csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
-
-          expect(csp_policy.headers.length).to eq(1)
-          expect(csp_policy.headers[0].value).to eq('value normal; report-uri https://example.com/abcdde?c=-815891691')
-          expect(csp_policy.headers[0].value('1', '2', '3')).to eq('value normal; report-uri https://example.com/abcdde?tid=1&sid=3&rid=2&c=1777384531')
-        end
-      end
-
-      context 'default js_agent_url' do
-        it 'should have the configuration set to the default js_agent_url value' do
-          expect(TCellAgent.configuration.js_agent_url).to eq('https://jsagent.tcell.io/tcellagent.min.js')
-
-          content_security_policy_json = {
-            'policy_id' => '01a1',
-            'headers' => [
-              { 'name' => 'csp', 'value' => "script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/" }
-            ]
-          }
-
-          csp_policy = ContentSecurityPolicy.from_json(content_security_policy_json)
-
-          expect(csp_policy.headers.length).to eq(1)
-          expect(csp_policy.headers[0].value).to eq("script-src 'unsafe-inline' 'unsafe-eval' 'self' https://api.tcell.io/")
-          expect(TCellAgent.configuration.js_agent_url).to eq('https://jsagent.tcell.io/tcellagent.min.js')
-        end
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb

@@ -1,67 +0,0 @@
-require 'spec_helper'
-
-module TCellAgent
-  module Policies
-    describe SecureHeadersPolicy do
-      secure_headers_policy_json = {
-        'policy_id' => '01a1',
-        'headers' => [
-          { 'name' => 'x-permitted-cross-domain-policies', 'value' => 'value123' }
-        ]
-      }
-      secure_headers_policy = SecureHeadersPolicy.from_json(secure_headers_policy_json)
-      context 'secure header example' do
-        it 'returns true' do
-          expect(secure_headers_policy.headers[0].name).to eq('x-permitted-cross-domain-policies')
-          expect(secure_headers_policy.headers[0].value).to eq('value123')
-        end
-      end
-    end
-    describe SecureHeadersPolicy do
-      secure_headers_policy_json = {
-        'policy_id' => '01a1',
-        'headers' => [
-          { 'name' => 'x-frame-options', 'value' => 'DENY' },
-          { 'name' => 'x-xss-protection', 'value' => '1; mode=block' }
-        ]
-      }
-      secure_headers_policy = SecureHeadersPolicy.from_json(secure_headers_policy_json)
-      context 'secure headers (2) example' do
-        it 'returns true' do
-          expect(secure_headers_policy.headers[0].name).to eq('x-frame-options')
-          expect(secure_headers_policy.headers[0].value).to eq('DENY')
-          expect(secure_headers_policy.headers[1].name).to eq('x-xss-protection')
-          expect(secure_headers_policy.headers[1].value).to eq('1; mode=block')
-        end
-      end
-    end
-    describe SecureHeadersPolicy do
-      secure_headers_policy_json = {
-        'policy_id' => '01a1',
-        'headers' => [
-          { 'name' => 'bad-header', 'value' => 'value123' }
-        ]
-      }
-      secure_headers_policy = SecureHeadersPolicy.from_json(secure_headers_policy_json)
-      context 'secure header example, invalid header' do
-        it 'returns false' do
-          expect(secure_headers_policy.headers.length).to eq(0)
-        end
-      end
-    end
-    describe SecureHeadersPolicy do
-      secure_headers_policy_json = {
-        'policy_id' => '01a1',
-        'headers' => [
-          { 'name' => 'x-permitted-cross-domain-policies', 'value' => 'value123\\nabc' }
-        ]
-      }
-      secure_headers_policy = SecureHeadersPolicy.from_json(secure_headers_policy_json)
-      context 'secure header, value is bad' do
-        it 'returns false' do
-          expect(secure_headers_policy.headers.length).to eq(0)
-        end
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent_spec.rb

@@ -1,22 +0,0 @@
-require 'spec_helper'
-
-module TCellAgent
-  describe Agent do
-    context 'Agent Read File' do
-      agent_worker = Agent.new(0)
-      it 'Reads in a policy file' do
-        policy_file_json = {
-          'csp-headers' => {
-            'policy_id' => '00a1',
-            'headers' => [
-              { 'name' => 'csp', 'value' => 'csp loaded header' }
-            ]
-          }
-        }
-        agent_worker.processPolicyJson(policy_file_json)
-        expect(agent_worker.policies[TCellAgent::PolicyTypes::CSP].headers[0].type).to eq('csp')
-        expect(agent_worker.policies[TCellAgent::PolicyTypes::CSP].headers[0].value).to eq('csp loaded header')
-      end
-    end
-  end
-end