RubyGems - tcell_agent - Versions diffs - 1.1.11 → 2.1.2 - Mend

tcell_agent 1.1.11 → 2.1.2

Files changed (164) hide show

checksums.yaml +4 -4
data/bin/tcell_agent +26 -14
data/lib/tcell_agent.rb +16 -10
data/lib/tcell_agent/agent.rb +78 -97
data/lib/tcell_agent/agent/route_manager.rb +0 -16
data/lib/tcell_agent/agent/static_agent.rb +9 -30
data/lib/tcell_agent/authlogic.rb +3 -6
data/lib/tcell_agent/config/unknown_options.rb +4 -7
data/lib/tcell_agent/configuration.rb +39 -118
data/lib/tcell_agent/devise.rb +25 -27
data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
data/lib/tcell_agent/instrument_servers.rb +25 -0
data/lib/tcell_agent/instrumentation.rb +12 -10
data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
data/lib/tcell_agent/logger.rb +50 -114
data/lib/tcell_agent/patches.rb +6 -7
data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
data/lib/tcell_agent/policies/headers_policy.rb +25 -0
data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
data/lib/tcell_agent/policies/local_file_access.rb +28 -0
data/lib/tcell_agent/policies/login_policy.rb +43 -0
data/lib/tcell_agent/policies/patches_policy.rb +27 -0
data/lib/tcell_agent/policies/policies_manager.rb +68 -0
data/lib/tcell_agent/policies/policy_polling.rb +58 -0
data/lib/tcell_agent/policies/policy_types.rb +14 -0
data/lib/tcell_agent/policies/system_enablements.rb +27 -0
data/lib/tcell_agent/rails/auth/authlogic.rb +43 -68
data/lib/tcell_agent/rails/auth/devise.rb +20 -23
data/lib/tcell_agent/rails/auth/doorkeeper.rb +63 -74
data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
data/lib/tcell_agent/rails/dlp.rb +35 -19
data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
data/lib/tcell_agent/rails/on_start.rb +32 -31
data/lib/tcell_agent/rails/routes.rb +10 -9
data/lib/tcell_agent/rails/routes/grape.rb +4 -12
data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
data/lib/tcell_agent/rails/start_agent_after_initializers.rb +12 -0
data/lib/tcell_agent/rails/tcell_body_proxy.rb +6 -4
data/lib/tcell_agent/rust/agent_config.rb +49 -0
data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-4.18.0.dylib} +0 -0
data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-4.18.0.so} +0 -0
data/lib/tcell_agent/rust/libtcellagent-alpine-4.18.0.so +0 -0
data/lib/tcell_agent/rust/models.rb +0 -55
data/lib/tcell_agent/rust/native_agent.rb +531 -0
data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
data/lib/tcell_agent/rust/native_library.rb +68 -0
data/lib/tcell_agent/rust/tcellagent-4.18.0.dll +0 -0
data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
data/lib/tcell_agent/servers/passenger.rb +1 -28
data/lib/tcell_agent/servers/puma.rb +3 -21
data/lib/tcell_agent/servers/rails_server.rb +1 -1
data/lib/tcell_agent/servers/thin.rb +2 -2
data/lib/tcell_agent/servers/unicorn.rb +19 -80
data/lib/tcell_agent/servers/webrick.rb +1 -1
data/lib/tcell_agent/settings_reporter.rb +24 -24
data/lib/tcell_agent/sinatra.rb +14 -16
data/lib/tcell_agent/tcell_context.rb +41 -15
data/lib/tcell_agent/utils/headers.rb +14 -0
data/lib/tcell_agent/version.rb +1 -1
data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -18
data/spec/lib/tcell_agent/configuration_spec.rb +4 -140
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
data/spec/lib/tcell_agent/patches_spec.rb +25 -43
data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
data/spec/lib/tcell_agent/settings_reporter_spec.rb +127 -153
data/spec/spec_helper.rb +1 -1
data/spec/support/builders.rb +104 -0
data/spec/support/force_logger_mocking.rb +38 -0
data/spec/support/resources/lfi_sample_file.txt +2 -0
data/spec/support/static_agent_overrides.rb +0 -15
metadata +64 -74
data/lib/tcell_agent/agent/event_processor.rb +0 -326
data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
data/lib/tcell_agent/agent/policy_manager.rb +0 -219
data/lib/tcell_agent/agent/policy_types.rb +0 -30
data/lib/tcell_agent/api.rb +0 -91
data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
data/lib/tcell_agent/config/child_process_events.rb +0 -8
data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
data/lib/tcell_agent/policies/rust_policies.rb +0 -110
data/lib/tcell_agent/rails.rb +0 -40
data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +0 -308
data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
data/lib/tcell_agent/sensor_events/patches.rb +0 -21
data/lib/tcell_agent/start_background_thread.rb +0 -55
data/lib/tcell_agent/system_info.rb +0 -11
data/lib/tcell_agent/utils/io.rb +0 -38
data/lib/tcell_agent/utils/passwords.rb +0 -28
data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143

data/spec/lib/tcell_agent/instrumentation_spec.rb DELETED

@@ -1,225 +0,0 @@
-require 'spec_helper'
-module TCellAgent
-  class MockAgent < Agent
-  end
-end
-module TCellAgent
-  module Instrumentation
-    describe Instrumentation do
-      before(:each) do
-        configuration = double(
-          'configuration',
-          {
-            'app_id' => 'app_id',
-            'api_key' => 'api_key',
-            'allow_payloads' => true,
-            'js_agent_api_base_url' => 'http://api.tcell.com/',
-            'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-            'max_csp_header_bytes' => nil,
-            'event_time_limit_seconds' => 15,
-            'event_batch_size_limit' => 50,
-            'preload_policy_filename' => nil,
-            'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
-            'agent_home_owner' => nil
-          }
-        )
-        expect(TCellAgent).to receive(:configuration).and_return(configuration).at_most(10)
-      end
-      context 'Body - SessionId Filters' do
-        it 'Tests Redaction and Events in Body' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_redact = true
-          action.action_id = 5
-          policy_json_two = {
-            'policy_id' => 'x1a1',
-            'data' => {
-              'session_id_protections' => { 'body' => ['redact'], 'log' => ['event'] }
-            }
-          }
-          session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
-          mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
-          TCellAgent.set_thread_agent(mock_agent)
-          context = TCellData.new
-          context.session_id = 'tim123123my'
-          body = 'this is about tim123123my 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_body!(body)
-          expect(body).to eq('this is about [redacted] 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(1)
-          TCellAgent.set_thread_agent(nil)
-        end
-        it 'Tests Events in Body' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_redact = true
-          action.action_id = 5
-          policy_json_two = {
-            'policy_id' => 'x1a1',
-            'data' => {
-              'session_id_protections' => { 'body' => ['event'], 'log' => ['redact'] }
-            }
-          }
-          session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
-          mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
-          TCellAgent.set_thread_agent(mock_agent)
-          context = TCellData.new
-          context.session_id = 'tim123123my'
-          body = 'this is about tim123123my 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_body!(body)
-          expect(body).to eq('this is about tim123123my 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(1)
-          TCellAgent.set_thread_agent(nil)
-        end
-      end
-      context 'Log - SessionId Filters' do
-        it 'Tests Redaction and Events in Body' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_redact = true
-          action.action_id = 5
-          policy_json_two = {
-            'policy_id' => 'x1a1',
-            'data' => {
-              'session_id_protections' => { 'body' => ['redact'], 'log' => ['redact'] }
-            }
-          }
-          session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
-          mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
-          TCellAgent.set_thread_agent(mock_agent)
-          context = TCellData.new
-          context.session_id = 'tim123123my'
-          body = 'this is about tim123123my 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_log(body)
-          expect(body).to eq('this is about [redacted] 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(1)
-          TCellAgent.set_thread_agent(nil)
-        end
-        it 'Tests Events Only' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_redact = true
-          action.action_id = 5
-          policy_json_two = {
-            'policy_id' => 'x1a1',
-            'data' => {
-              'session_id_protections' => { 'body' => ['redact'], 'log' => ['event'] }
-            }
-          }
-          session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
-          mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
-          TCellAgent.set_thread_agent(mock_agent)
-          context = TCellData.new
-          context.session_id = 'tim123123my'
-          body = 'this is about tim123123my 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_log(body)
-          expect(body).to eq('this is about tim123123my 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(1)
-          TCellAgent.set_thread_agent(nil)
-        end
-      end
-      context 'Body - Database Filters' do
-        it 'Tests Redaction and Events in Body' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_redact = true
-          action.action_id = 5
-          context = TCellData.new
-          context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
-          body = 'this is about timmy1 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_body!(body)
-          expect(body).to eq('this is about [redacted] [redacted].')
-          expect(TCellAgent.event_queue.length).to eq(2)
-        end
-        it 'Tests Event Only Match in Body' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_event = true
-          action.action_id = 5
-          context = TCellData.new
-          context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
-          body = 'this is about timmy1 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_body!(body)
-          expect(body).to eq('this is about timmy1 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(3) # timmy, timmy1, 3123123
-        end
-      end
-      context 'Log - Database Filters' do
-        it 'Tests Redaction and Events' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.log_redact = true
-          action.action_id = 5
-          context = TCellData.new
-          context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
-          body = 'this is about timmy1 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_log(body)
-          expect(body).to eq('this is about [redacted] [redacted].')
-          expect(TCellAgent.event_queue.length).to eq(2)
-        end
-        it 'Tests Report-Only and Events' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.log_event = true
-          action.action_id = 5
-          context = TCellData.new
-          context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
-          body = 'this is about timmy1 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_log(body)
-          expect(body).to eq('this is about timmy1 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(3) # timmy, timmy1, 3123123
-        end
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb DELETED

@@ -1,517 +0,0 @@
-require 'spec_helper'
-module TCellAgent
-  module Policies
-    describe RustPolicies do
-      everything_enabled_policy_json = {
-        'appsensor' => {
-          'policy_id' => '01a1',
-          'version' => 2,
-          'data' => {
-            'options' => {
-              'uri_options' => {
-                'collect_full_uri' => true
-              },
-              'payloads' => {
-                'send_payloads' => true,
-                'send_blacklist' => {
-                  'ssn' => ['*'],
-                  'password' => ['*']
-                },
-                'send_whitelist' => {},
-                'log_payloads' => true,
-                'log_blacklist' => {},
-                'log_whitelist' => {
-                  'username' => ['*']
-                }
-              }
-            },
-            'sensors' => {
-              'req_size' => {
-                'limit' => 1024,
-                'exclude_routes' => ['2300']
-              },
-              'resp_size' => {
-                'limit' => 2048,
-                'exclude_routes' => ['2323']
-              },
-              'resp_codes' => {
-                'series_400_enabled' => true,
-                'series_500_enabled' => true
-              },
-              'xss' => {
-                'libinjection' => true,
-                'patterns' => %w[1 2 8],
-                'exclusions' => {
-                  'bob' => ['*']
-                }
-              },
-              'sqli' => {
-                'libinjection' => true,
-                'exclude_headers' => true,
-                'patterns' => ['1']
-              },
-              'fpt' => {
-                'patterns' => %w[1 2],
-                'exclude_forms' => true,
-                'exclude_cookies' => true,
-                'exclusions' => {
-                  'somethingcommon' => ['form']
-                }
-              },
-              'cmdi' => {
-                'patterns' => %w[1 2]
-              },
-              'nullbyte' => {
-                'patterns' => %w[1 2]
-              },
-              'retr' => {
-                'patterns' => %w[1 2]
-              },
-              'ua' => {
-                'empty_enabled' => true
-              },
-              'errors' => {
-                'csrf_exception_enabled' => true,
-                'sql_exception_enabled' => true
-              },
-              'database' => {
-                'large_result' => {
-                  'limit' => 10
-                }
-              }
-            }
-          }
-        },
-        'regex' => {
-          'data' => {
-            'patterns' => [
-              {
-                'id' => 'tc-xss-1',
-                'pattern' => '(?:<(script))',
-                'sensor' => 'xss',
-                'title' => 'Basic Injection'
-              },
-              {
-                'safe_pattern' => '^[a-zA-Z0-9_\\s\\r\\n\\t]*$',
-                'pattern' => '(?:[\\s()]case\\s*\\()|(?:\\)\\s*like\\s*\\()|(?:having\\s*[^\\s]+\\s*[^\\w\\s])|(?:if\\s?\\([\\d\\w]\\s*[=<>~])',
-                'sensor' => 'sqli',
-                'id' => 'tc-sqli-1',
-                'title' => 'Conditional Attempts'
-              }
-            ],
-            'version' => 1_518_546_622_571
-          },
-          'policy_id' => 'f3a313b0-10eb-11e8-8080-808080808080',
-          'version' => 1
-        }
-      }
-      describe '#update_policies' do
-        before(:each) do
-          configuration = double(
-            'configuration',
-            {
-              'app_id' => 'app_id',
-              'api_key' => 'api_key',
-              'allow_payloads' => true,
-              'js_agent_api_base_url' => 'http://api.tcell.com/',
-              'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-              'max_csp_header_bytes' => nil
-            }
-          )
-          expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-          @rust_policies = RustPolicies.new
-        end
-        context 'with v2 policy' do
-          context 'that is missing a policy id' do
-            it 'should have appfirewall disabled' do
-              logger = double('logger')
-              expect(TCellAgent).to receive(:logger).and_return(logger)
-              expect(logger).to receive(:error).with(
-                'Error updating policies: Failed to decode appsensor policy: missing field `policy_id`'
-              )
-              @rust_policies.update_policies(
-                {
-                  'appsensor' => {
-                    'version' => 2,
-                    'data' => {}
-                  }
-                }
-              )
-              expect(@rust_policies.appfirewall_enabled).to eq(false)
-            end
-          end
-          context 'that is missing a version id' do
-            it 'should have appfirewall disabled' do
-              logger = double('logger')
-              expect(TCellAgent).to receive(:logger).and_return(logger)
-              expect(logger).to receive(:error).with(
-                'Error updating policies: Failed to decode appsensor policy: missing field `version`'
-              )
-              @rust_policies.update_policies(
-                {
-                  'appsensor' => {
-                    'policy_id' => '01a1',
-                    'data' => {}
-                  }
-                }
-              )
-              expect(@rust_policies.appfirewall_enabled).to eq(false)
-            end
-          end
-          context 'that has no sensors' do
-            it 'should have all sensors disabled' do
-              expect(TCellAgent).to_not receive(:logger)
-              policy_json_empty = {
-                'appsensor' => {
-                  'policy_id' => '01a1',
-                  'version' => 2,
-                  'data' => {
-                  }
-                }
-              }
-              @rust_policies.update_policies(policy_json_empty)
-              expect(@rust_policies.appfirewall_enabled).to eq(false)
-            end
-          end
-          context 'that has empty sensors' do
-            it 'should have all sensors disabled' do
-              expect(TCellAgent).to_not receive(:logger)
-              policy_json_empty = {
-                'appsensor' => {
-                  'policy_id' => '01a1',
-                  'version' => 2,
-                  'data' => {
-                    'sensors' => {}
-                  }
-                }
-              }
-              @rust_policies.update_policies(policy_json_empty)
-              expect(@rust_policies.appfirewall_enabled).to eq(true)
-            end
-          end
-          context 'that only has xss enabled' do
-            it 'should be enabled' do
-              expect(TCellAgent).to_not receive(:logger)
-              policy_json = {
-                'appsensor' => {
-                  'policy_id' => '01a1',
-                  'version' => 2,
-                  'data' => {
-                    'sensors' => {
-                      'xss' => {
-                        'libinjection' => true,
-                        'patterns' => %w[1 2 8],
-                        'exclusions' => {
-                          'bob' => ['*']
-                        }
-                      }
-                    }
-                  }
-                }
-              }
-              @rust_policies.update_policies(policy_json)
-              expect(@rust_policies.appfirewall_enabled).to eq(true)
-            end
-          end
-          context 'that has everything enabled' do
-            it 'should be enabled' do
-              expect(TCellAgent).to_not receive(:logger)
-              @rust_policies.update_policies(everything_enabled_policy_json)
-              expect(@rust_policies.appfirewall_enabled).to eq(true)
-            end
-          end
-        end
-      end
-      describe '#check_appfirewall_injections' do
-        context 'with everything enabled policy' do
-          before(:each) do
-            configuration = double(
-              'configuration',
-              {
-                'enabled' => true,
-                'app_id' => 'app_id',
-                'api_key' => 'api_key',
-                'allow_payloads' => true,
-                'js_agent_api_base_url' => 'http://api.tcell.com/',
-                'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-                'max_csp_header_bytes' => nil
-              }
-            )
-            expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-            @rust_policies = RustPolicies.new
-            @rust_policies.update_policies(everything_enabled_policy_json)
-            @meta_data = TCellAgent::MetaData.new(
-              'GET',
-              '192.168.1.1',
-              '12345',
-              'session_id',
-              'user_id',
-              'transaction_id',
-              'http://test.com/?some_param=present'
-            )
-            @meta_data.user_agent = 'Mozilla'
-            @meta_data.response_code = 200
-          end
-          context 'csrf exception' do
-            context 'nil csrf exception' do
-              it 'should not send an event' do
-                expect(TCellAgent).to_not receive(:send_event)
-                @meta_data.csrf_exception_name = nil
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-            context 'empty csrf exception' do
-              it 'should not send an event' do
-                expect(TCellAgent).to_not receive(:send_event)
-                @meta_data.csrf_exception_name = ''
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-            context 'one csrf exception' do
-              it 'should send a csrf exception event' do
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'excsrf',
-                    'param' => 'ActionController::InvalidAuthenticityToken',
-                    'm' => 'GET',
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1'
-                  }
-                )
-                @meta_data.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-          end
-          context 'sql exception' do
-            context 'empty sql exceptions' do
-              it 'should not send an event' do
-                expect(TCellAgent).to_not receive(:send_event)
-                @meta_data.sql_exceptions = []
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-            context 'one sql exception' do
-              it 'should send one event' do
-                logger = double('logger')
-                expect(TCellAgent).to receive(:logger).and_return(logger)
-                expect(logger).to receive(:info)
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'exsql',
-                    'param' => 'ActiveRecord::StatementInvalid',
-                    'm' => 'GET',
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1',
-                    'payload' => 'exception message goes here'
-                  }
-                )
-                @meta_data.sql_exceptions = [{
-                  'exception_name' => 'ActiveRecord::StatementInvalid',
-                  'exception_payload' => 'exception message goes here'
-                }]
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-            context 'multiple sql exception' do
-              it 'should send multiple event' do
-                logger = double('logger')
-                expect(TCellAgent).to receive(:logger).and_return(logger).twice
-                expect(logger).to receive(:info).twice
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'exsql',
-                    'param' => 'ActiveRecord::StatementInvalid',
-                    'm' => 'GET',
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1',
-                    'payload' => 'exception message goes here'
-                  }
-                )
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'exsql',
-                    'param' => 'ActiveRecord::StatementInvalid',
-                    'm' => 'GET',
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1',
-                    'payload' => 'second exception message goes here'
-                  }
-                )
-                @meta_data.sql_exceptions = [
-                  {
-                    'exception_name' => 'ActiveRecord::StatementInvalid',
-                    'exception_payload' => 'exception message goes here'
-                  },
-                  {
-                    'exception_name' => 'ActiveRecord::StatementInvalid',
-                    'exception_payload' => 'second exception message goes here'
-                  }
-                ]
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-          end
-          context 'db max result' do
-            context 'nil db max result' do
-              it 'should not send an event' do
-                expect(TCellAgent).to_not receive(:send_event)
-                @meta_data.database_result_sizes = nil
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-            context 'empty db max result' do
-              it 'should not send an event' do
-                expect(TCellAgent).to_not receive(:send_event)
-                @meta_data.database_result_sizes = []
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-            context 'one db max result' do
-              it 'should send one event' do
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'dbmaxrows',
-                    'm' => 'GET',
-                    'meta' => { 'rows' => 1001 },
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1'
-                  }
-                )
-                @meta_data.database_result_sizes = [1001]
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-            context 'multiple db max results' do
-              it 'should send multiple event' do
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'dbmaxrows',
-                    'm' => 'GET',
-                    'meta' => { 'rows' => 1001 },
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1'
-                  }
-                )
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'dbmaxrows',
-                    'm' => 'GET',
-                    'meta' => { 'rows' => 1002 },
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1'
-                  }
-                )
-                @meta_data.database_result_sizes = [1001, 1002]
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end