tcell_agent 1.1.11 → 2.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (164) hide show
  1. checksums.yaml +4 -4
  2. data/bin/tcell_agent +26 -14
  3. data/lib/tcell_agent.rb +16 -10
  4. data/lib/tcell_agent/agent.rb +78 -97
  5. data/lib/tcell_agent/agent/route_manager.rb +0 -16
  6. data/lib/tcell_agent/agent/static_agent.rb +9 -30
  7. data/lib/tcell_agent/authlogic.rb +3 -6
  8. data/lib/tcell_agent/config/unknown_options.rb +4 -7
  9. data/lib/tcell_agent/configuration.rb +39 -118
  10. data/lib/tcell_agent/devise.rb +25 -27
  11. data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
  12. data/lib/tcell_agent/instrument_servers.rb +25 -0
  13. data/lib/tcell_agent/instrumentation.rb +12 -10
  14. data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
  15. data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
  16. data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
  17. data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
  18. data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
  19. data/lib/tcell_agent/logger.rb +50 -114
  20. data/lib/tcell_agent/patches.rb +6 -7
  21. data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
  22. data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
  23. data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
  24. data/lib/tcell_agent/policies/headers_policy.rb +25 -0
  25. data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
  26. data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
  27. data/lib/tcell_agent/policies/local_file_access.rb +28 -0
  28. data/lib/tcell_agent/policies/login_policy.rb +43 -0
  29. data/lib/tcell_agent/policies/patches_policy.rb +27 -0
  30. data/lib/tcell_agent/policies/policies_manager.rb +68 -0
  31. data/lib/tcell_agent/policies/policy_polling.rb +58 -0
  32. data/lib/tcell_agent/policies/policy_types.rb +14 -0
  33. data/lib/tcell_agent/policies/system_enablements.rb +27 -0
  34. data/lib/tcell_agent/rails/auth/authlogic.rb +43 -68
  35. data/lib/tcell_agent/rails/auth/devise.rb +20 -23
  36. data/lib/tcell_agent/rails/auth/doorkeeper.rb +63 -74
  37. data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
  38. data/lib/tcell_agent/rails/dlp.rb +35 -19
  39. data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
  40. data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
  41. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
  42. data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
  43. data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
  44. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
  45. data/lib/tcell_agent/rails/on_start.rb +32 -31
  46. data/lib/tcell_agent/rails/routes.rb +10 -9
  47. data/lib/tcell_agent/rails/routes/grape.rb +4 -12
  48. data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
  49. data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
  50. data/lib/tcell_agent/rails/start_agent_after_initializers.rb +12 -0
  51. data/lib/tcell_agent/rails/tcell_body_proxy.rb +6 -4
  52. data/lib/tcell_agent/rust/agent_config.rb +49 -0
  53. data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-4.18.0.dylib} +0 -0
  54. data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-4.18.0.so} +0 -0
  55. data/lib/tcell_agent/rust/libtcellagent-alpine-4.18.0.so +0 -0
  56. data/lib/tcell_agent/rust/models.rb +0 -55
  57. data/lib/tcell_agent/rust/native_agent.rb +531 -0
  58. data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
  59. data/lib/tcell_agent/rust/native_library.rb +68 -0
  60. data/lib/tcell_agent/rust/tcellagent-4.18.0.dll +0 -0
  61. data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
  62. data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
  63. data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
  64. data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
  65. data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
  66. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
  67. data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
  68. data/lib/tcell_agent/servers/passenger.rb +1 -28
  69. data/lib/tcell_agent/servers/puma.rb +3 -21
  70. data/lib/tcell_agent/servers/rails_server.rb +1 -1
  71. data/lib/tcell_agent/servers/thin.rb +2 -2
  72. data/lib/tcell_agent/servers/unicorn.rb +19 -80
  73. data/lib/tcell_agent/servers/webrick.rb +1 -1
  74. data/lib/tcell_agent/settings_reporter.rb +24 -24
  75. data/lib/tcell_agent/sinatra.rb +14 -16
  76. data/lib/tcell_agent/tcell_context.rb +41 -15
  77. data/lib/tcell_agent/utils/headers.rb +14 -0
  78. data/lib/tcell_agent/version.rb +1 -1
  79. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -18
  80. data/spec/lib/tcell_agent/configuration_spec.rb +4 -140
  81. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
  82. data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
  83. data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
  84. data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
  85. data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
  86. data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
  87. data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
  88. data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
  89. data/spec/lib/tcell_agent/patches_spec.rb +25 -43
  90. data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
  91. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
  92. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
  93. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
  94. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
  95. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
  96. data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
  97. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
  98. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
  99. data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
  100. data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
  101. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
  102. data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
  103. data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
  104. data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
  105. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
  106. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
  107. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
  108. data/spec/lib/tcell_agent/settings_reporter_spec.rb +127 -153
  109. data/spec/spec_helper.rb +1 -1
  110. data/spec/support/builders.rb +104 -0
  111. data/spec/support/force_logger_mocking.rb +38 -0
  112. data/spec/support/resources/lfi_sample_file.txt +2 -0
  113. data/spec/support/static_agent_overrides.rb +0 -15
  114. metadata +64 -74
  115. data/lib/tcell_agent/agent/event_processor.rb +0 -326
  116. data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
  117. data/lib/tcell_agent/agent/policy_manager.rb +0 -219
  118. data/lib/tcell_agent/agent/policy_types.rb +0 -30
  119. data/lib/tcell_agent/api.rb +0 -91
  120. data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
  121. data/lib/tcell_agent/config/child_process_events.rb +0 -8
  122. data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
  123. data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
  124. data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
  125. data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
  126. data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
  127. data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
  128. data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
  129. data/lib/tcell_agent/policies/rust_policies.rb +0 -110
  130. data/lib/tcell_agent/rails.rb +0 -40
  131. data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
  132. data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
  133. data/lib/tcell_agent/rust/whisperer.rb +0 -308
  134. data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
  135. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
  136. data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
  137. data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
  138. data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
  139. data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
  140. data/lib/tcell_agent/sensor_events/patches.rb +0 -21
  141. data/lib/tcell_agent/start_background_thread.rb +0 -55
  142. data/lib/tcell_agent/system_info.rb +0 -11
  143. data/lib/tcell_agent/utils/io.rb +0 -38
  144. data/lib/tcell_agent/utils/passwords.rb +0 -28
  145. data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
  146. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
  147. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
  148. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
  149. data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
  150. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
  151. data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
  152. data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
  153. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
  154. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
  155. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
  156. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
  157. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
  158. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
  159. data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
  160. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
  161. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
  162. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
  163. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
  164. data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -1,113 +0,0 @@
1
- require 'thread'
2
- require 'tcell_agent/logger'
3
-
4
- module TCellAgent
5
- class Agent
6
- class ForkPipeManager
7
- attr_accessor :readp
8
- attr_accessor :writep
9
-
10
- @@parent_id = Process.pid
11
- def initialize(&block)
12
- @readp, @writep = IO.pipe('ASCII-8BIT', 'ASCII-8BIT', :binmode => true)
13
- if defined?(::Encoding::ASCII_8BIT)
14
- @writep.set_encoding(::Encoding::ASCII_8BIT)
15
- end
16
- start_listener(&block) if parent?
17
- rescue StandardError => init_exception
18
- TCellAgent.logger.error('Could not start listener for pipe to forks')
19
- TCellAgent.logger.error(init_exception.message)
20
- TCellAgent.logger.debug(init_exception.backtrace)
21
- end
22
-
23
- def parent?
24
- @@parent_id == Process.pid
25
- end
26
-
27
- def start_listener(&block)
28
- Thread.new do
29
- loop do
30
- begin
31
- packed_bytes = @readp.read(4)
32
- event_length = packed_bytes.unpack('L>').first
33
- packed_event = @readp.read(event_length)
34
- event = Marshal.load(packed_event) # rubocop:disable Security/MarshalLoad
35
- yield(event) if block
36
- rescue StandardError => block_exception
37
- TCellAgent.logger.error('Could not decode block')
38
- TCellAgent.logger.error(block_exception.message)
39
- TCellAgent.logger.debug(block_exception.backtrace)
40
- sleep 0.5
41
- end
42
- end
43
- end
44
- end
45
-
46
- def send_to_parent(event)
47
- return if parent?
48
-
49
- begin
50
- packed_event = Marshal.dump(event)
51
- packed_bytes = [packed_event.bytesize].pack('L>')
52
- @writep.write(packed_bytes + packed_event)
53
- rescue StandardError => block_exception
54
- TCellAgent.logger.error('Could not write to pipe')
55
- TCellAgent.logger.error(block_exception.message)
56
- TCellAgent.logger.debug(block_exception.backtrace)
57
- end
58
- end
59
- end
60
-
61
- @@event_pipe_manager = ForkPipeManager.new do |event|
62
- begin
63
- TCellAgent.send_event(event)
64
- rescue StandardError => block_exception
65
- TCellAgent.logger.error('Could handle send_event_block')
66
- TCellAgent.logger.error(block_exception.message)
67
- TCellAgent.logger.debug(block_exception.backtrace)
68
- end
69
- end
70
-
71
- @@metrics_pipe_manager = ForkPipeManager.new do |val|
72
- TCellAgent::Instrumentation.safe_block('Handling metrics_pipe_block') do
73
- switch_on = val.fetch('_type', '')
74
- case switch_on
75
- when 'increment_route'
76
- TCellAgent.increment_route(
77
- val.fetch('route_id', nil),
78
- val.fetch('response_time', nil)
79
- )
80
- when 'discover_database_fields'
81
- TCellAgent.discover_database_fields(
82
- val.fetch('route_id', nil),
83
- val.fetch('database', nil),
84
- val.fetch('schema', nil),
85
- val.fetch('table', nil),
86
- val.fetch('fields', nil)
87
- )
88
- when 'increment_session_info'
89
- TCellAgent.increment_session_info(
90
- val.fetch('hmac_session_id', nil),
91
- val.fetch('user_id', nil),
92
- val.fetch('ip_address', nil),
93
- val.fetch('user_agent', nil)
94
- )
95
- else
96
- raise StandardError, "Metrics Pipe Manager received unknown metric: #{val.fetch('_type', '')}"
97
- end
98
- end
99
- end
100
-
101
- def self.parent_process?
102
- @@event_pipe_manager.parent?
103
- end
104
-
105
- def self.send_to_metrics_pipe(hash_value)
106
- @@metrics_pipe_manager.send_to_parent(hash_value)
107
- end
108
-
109
- def self.send_to_event_pipe(event)
110
- @@event_pipe_manager.send_to_parent(event)
111
- end
112
- end
113
- end
@@ -1,219 +0,0 @@
1
- # See the file "LICENSE" for the full license governing this code.
2
-
3
- require 'tcell_agent/logger'
4
- require 'tcell_agent/version'
5
- require 'tcell_agent/api'
6
- require 'tcell_agent/configuration'
7
-
8
- require 'tcell_agent/agent/policy_types'
9
-
10
- require 'tcell_agent/policies/http_tx_policy'
11
- require 'tcell_agent/policies/http_redirect_policy'
12
-
13
- require 'tcell_agent/sensor_events/server_agent'
14
-
15
- require 'tcell_agent/utils/queue_with_timeout'
16
-
17
- require 'net/http'
18
- require 'thread'
19
- require 'logger'
20
- require 'json'
21
-
22
- module TCellAgent
23
- class Agent # rubocop:disable Metrics/ClassLength
24
- def ensure_policy_polling_running
25
- return if policy_polling_running?
26
- return if TCellAgent.configuration.should_start_policy_poll? == false
27
-
28
- @policy_polling_worker_mutex.synchronize do
29
- return if policy_polling_running?
30
- start_policy_polling_loop
31
- end
32
- end
33
-
34
- def policy_polling_running?
35
- @policy_polling_thread && @policy_polling_thread.alive?
36
- end
37
-
38
- def stop_policy_polling
39
- TCellAgent.logger.debug('Stopping policy polling thread')
40
- @policy_polling_thread.exit if @policy_polling_thread && @policy_polling_thread.alive?
41
- end
42
-
43
- def start_policy_polling_loop
44
- return unless TCellAgent.configuration.should_start_policy_poll?
45
-
46
- if TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.tcell_api_url)
47
- TCellAgent.logger.error('tCell.io tcell_api_url is missing. Disabling policy polling.')
48
- return
49
- end
50
-
51
- if TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.app_id)
52
- TCellAgent.logger.error('tCell.io app_id is missing. Disabling policy polling.')
53
- return
54
- end
55
-
56
- TCellAgent.logger.debug('Starting policy polling thread')
57
-
58
- @policy_polling_thread = Thread.new do
59
- failure_sleep_time = 30
60
- last_poll_time = 0
61
- last_run = Time.now
62
-
63
- loop do
64
- failure_sleep_time, last_poll_time = policy_polling_iteration(failure_sleep_time, last_poll_time)
65
-
66
- unless TCellAgent.configuration.demomode
67
- if (Time.now - last_run) < 2
68
- random = Random.new
69
- sleeptime = sleep(random.rand(5..20))
70
- TCellAgent.logger.debug("Rate limiting: sleeping #{sleeptime} seconds")
71
- sleep(sleeptime)
72
- end
73
- end
74
-
75
- last_run = Time.now
76
- end
77
- end
78
- end
79
-
80
- def policy_polling_iteration(failure_sleep_time, last_poll_time)
81
- begin
82
- policy_jsons = @@policy_tapi.poll_api(last_poll_time)
83
-
84
- if policy_jsons.nil?
85
- TCellAgent.logger.error("Policy was nil. Sleeping for #{failure_sleep_time}")
86
-
87
- sleep(failure_sleep_time)
88
-
89
- failure_sleep_time *= 2 if failure_sleep_time < 480
90
-
91
- return [failure_sleep_time, last_poll_time]
92
-
93
- elsif policy_jsons.key?('last_id')
94
- if policy_jsons['last_id'] != 0
95
- last_poll_time = policy_jsons['last_id']
96
- end
97
- end
98
-
99
- failure_sleep_time = 30
100
-
101
- process_policy_json(policy_jsons)
102
- rescue TCellAgent::ConfigurationException
103
- Thread.exit
104
- rescue StandardError => e
105
- TCellAgent.logger.error("exception while handling connection: #{e.message}")
106
- TCellAgent.logger.debug(e.backtrace)
107
- TCellAgent.logger.debug('Sleeping 30 seconds because the tCell.io request failed...')
108
- sleep(failure_sleep_time)
109
-
110
- failure_sleep_time *= 2 if failure_sleep_time < 480
111
- end
112
-
113
- [failure_sleep_time, last_poll_time]
114
- end
115
-
116
- def process_policy_json(policy_jsons, cache_the_policy = true)
117
- return if policy_jsons.nil?
118
-
119
- TCellAgent::PolicyTypes::CLASS_MAP.each do |policy_type, policy_class|
120
- next unless policy_jsons.key?(policy_type)
121
- new_policy = policy_class.from_json(policy_jsons[policy_type])
122
- next unless new_policy
123
- @lock.synchronize do
124
- @policies[policy_type] = new_policy
125
- end
126
- end
127
-
128
- @policies[TCellAgent::PolicyTypes::RUST].update_policies(policy_jsons)
129
-
130
- return unless cache_the_policy
131
-
132
- (TCellAgent::PolicyTypes::CLASS_MAP.keys +
133
- [TCellAgent::PolicyTypes::CSP,
134
- TCellAgent::PolicyTypes::CLICKJACKING,
135
- TCellAgent::PolicyTypes::SECUREHEADERS,
136
- TCellAgent::PolicyTypes::JSAGENTINJECTION,
137
- TCellAgent::PolicyTypes::APPSENSOR,
138
- TCellAgent::PolicyTypes::PATCHES,
139
- TCellAgent::PolicyTypes::COMMANDINJECTION,
140
- TCellAgent::PolicyTypes::REGEX]).each do |policy_type|
141
- @lock.synchronize do
142
- cache(policy_type, policy_jsons[policy_type]) if policy_jsons[policy_type]
143
- end
144
- end
145
- end
146
-
147
- def cache(policy_name, policy)
148
- cache_filename = TCellAgent.configuration.cache_filename_with_app_id
149
-
150
- begin
151
- TCellAgent::Utils::IO.create_directory(
152
- File.dirname(cache_filename),
153
- TCellAgent.configuration.agent_home_owner
154
- )
155
-
156
- f1 = File.open(cache_filename, File::RDWR | File::CREAT)
157
-
158
- Timeout.timeout(0.100) { f1.flock(File::LOCK_EX) }
159
-
160
- policy_cache = {}
161
- existing_policy = f1.read
162
-
163
- begin
164
- if !existing_policy.nil? && existing_policy != ''
165
- policy_jsons = JSON.parse(existing_policy)
166
- if policy_jsons
167
- policy_cache = if policy_jsons.key?('result')
168
- policy_jsons['result']
169
- else
170
- policy_jsons
171
- end
172
- end
173
- end
174
- policy_cache[policy_name] = policy
175
- @complete_policy_cache = policy_cache
176
- rescue StandardError => e
177
- TCellAgent.logger.warn(e.message)
178
- policy_cache = @complete_policy_cache if @complete_policy_cache
179
- end
180
-
181
- f1.rewind
182
- f1.write(JSON.dump(policy_cache))
183
- f1.flush
184
- f1.truncate(f1.pos)
185
-
186
- TCellAgent::Utils::IO.set_owner(
187
- cache_filename,
188
- TCellAgent.configuration.agent_home_owner
189
- )
190
- rescue StandardError => e
191
- TCellAgent.logger.warn(e.message)
192
- ensure
193
- f1.close unless f1.nil?
194
- end
195
- end
196
-
197
- def policies_from_cachefile
198
- cache_filename = TCellAgent.configuration.cache_filename_with_app_id
199
-
200
- return nil unless File.exist?(cache_filename)
201
-
202
- begin
203
- f1 = File.open(cache_filename, File::RDONLY)
204
- Timeout.timeout(1) { f1.flock(File::LOCK_SH) }
205
- policy_filedata = f1.read
206
- f1.close
207
-
208
- policy_jsons = JSON.parse(policy_filedata)
209
- return policy_jsons['result'] if policy_jsons.key?('result')
210
- @complete_policy_cache = policy_jsons
211
- return policy_jsons
212
- rescue StandardError => e
213
- TCellAgent.logger.warn(e.message)
214
- end
215
-
216
- nil
217
- end
218
- end
219
- end
@@ -1,30 +0,0 @@
1
- require 'tcell_agent/policies/http_tx_policy'
2
- require 'tcell_agent/policies/http_redirect_policy'
3
- require 'tcell_agent/policies/login_fraud_policy'
4
- require 'tcell_agent/policies/dataloss_policy'
5
- require 'tcell_agent/policies/rust_policies'
6
-
7
- module TCellAgent
8
- class PolicyTypes
9
- CSP = 'csp-headers'.freeze
10
- CLICKJACKING = 'clickjacking'.freeze
11
- SECUREHEADERS = 'secure-headers'.freeze
12
- HTTPTX = 'http-tx'.freeze
13
- HTTPREDIRECT = 'http-redirect'.freeze
14
- LOGINFRAUD = 'login'.freeze
15
- DATALOSS = 'dlp'.freeze
16
- APPSENSOR = 'appsensor'.freeze
17
- PATCHES = 'patches'.freeze
18
- COMMANDINJECTION = 'cmdi'.freeze
19
- REGEX = 'regex'.freeze
20
- RUST = 'rust'.freeze
21
- JSAGENTINJECTION = 'jsagentinjection'.freeze
22
-
23
- CLASS_MAP = {
24
- HTTPTX => TCellAgent::Policies::HttpTxPolicy,
25
- HTTPREDIRECT => TCellAgent::Policies::HttpRedirectPolicy,
26
- LOGINFRAUD => TCellAgent::Policies::LoginFraudPolicy,
27
- DATALOSS => TCellAgent::Policies::DataLossPolicy
28
- }.freeze
29
- end
30
- end
@@ -1,91 +0,0 @@
1
- # See the file "LICENSE" for the full license governing this code.
2
- require 'json'
3
- require 'tcell_agent/logger'
4
- require 'tcell_agent/configuration'
5
- require 'tcell_agent/version'
6
- require 'date'
7
-
8
- require 'net/http'
9
-
10
- module TCellAgent
11
- class TCellApi
12
- def initialize; end
13
-
14
- def poll_api(last_id = nil)
15
- if !TCellAgent.configuration || !TCellAgent.configuration.tcell_api_url || !TCellAgent.configuration.app_id
16
- raise TCellAgent::ConfigurationException, "Config Information Not Found, can't poll for policy updates"
17
- end
18
-
19
- full_url = TCellAgent.configuration.tcell_api_url.sub(
20
- '{app_id}',
21
- TCellAgent.configuration.app_id
22
- )
23
- full_url += "&last_id=#{last_id}" if last_id
24
-
25
- TCellAgent.logger.debug("tCell.io API Request: #{full_url}")
26
-
27
- uri = URI(full_url)
28
- req = Net::HTTP::Get.new(uri.request_uri)
29
- req['Authorization'] = 'Bearer ' + TCellAgent.configuration.api_key
30
- begin
31
- req['TCellAgent'] = 'RubyAgent ' + TCellAgent::VERSION
32
- rescue StandardError => e
33
- TCellAgent.logger.debug("tCell.io Could not add agent string: #{e.message}")
34
- end
35
-
36
- res = Net::HTTP.start(uri.hostname, uri.port, :use_ssl => (uri.scheme == 'https')) { |http| http.request(req) }
37
-
38
- if res.is_a?(Net::HTTPSuccess)
39
- TCellAgent.logger.debug("tCell.io API Response: #{res.body}".force_encoding('UTF-8'))
40
- return JSON.parse(res.body)
41
- else
42
- TCellAgent.logger.error("Received error response while contacting api: #{res.inspect}")
43
- end
44
-
45
- nil
46
- end
47
-
48
- def send_event_set(events)
49
- if !TCellAgent.configuration || !TCellAgent.configuration.tcell_input_url || !TCellAgent.configuration.app_id
50
- raise TCellAgent::ConfigurationException, "Config Information Not Found, can't send events"
51
- end
52
-
53
- return false if events.nil?
54
-
55
- eventset = { 'uuid' => TCellAgent.configuration.uuid,
56
- 'hostname' => TCellAgent.configuration.host_identifier,
57
- 'events' => events }
58
- TCellAgent.logger.debug("Sending #{JSON.dump(eventset)}")
59
- full_url = TCellAgent.configuration.tcell_input_url +
60
- '/app/' +
61
- TCellAgent.configuration.app_id +
62
- '/server_agent'
63
-
64
- TCellAgent.logger.debug("tCell.io SendEvents API Request: #{full_url}")
65
-
66
- uri = URI(full_url)
67
- req = Net::HTTP::Post.new(uri.request_uri, 'Content-Type' => 'application/json')
68
- req.body = JSON.dump(eventset)
69
- req['Authorization'] = 'Bearer ' + TCellAgent.configuration.api_key
70
- req['Content-Type'] = 'application/json'
71
- req['Accept'] = 'application/json'
72
-
73
- begin
74
- req['TCellAgent'] = 'RubyAgent ' + TCellAgent::VERSION
75
- rescue StandardError => e
76
- TCellAgent.logger.debug('tCell.io Could not add agent string: ' + e.message)
77
- end
78
-
79
- res = Net::HTTP.start(uri.hostname, uri.port, :use_ssl => (uri.scheme == 'https')) { |http| http.request(req) }
80
-
81
- TCellAgent.logger.debug("tCell.io SendEvents API Response: #{res.code}")
82
-
83
- res.is_a?(Net::HTTPSuccess)
84
- end
85
-
86
- def valid_header?(str)
87
- # TODO: test the unescaped backslash
88
- str =~ %r{^[\p{L}\w\d\-_ :/,;.'\"%?@#=$]*$}
89
- end
90
- end
91
- end