tcell_agent 1.1.11 → 2.1.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (164) hide show
  1. checksums.yaml +4 -4
  2. data/bin/tcell_agent +26 -14
  3. data/lib/tcell_agent.rb +16 -10
  4. data/lib/tcell_agent/agent.rb +78 -97
  5. data/lib/tcell_agent/agent/route_manager.rb +0 -16
  6. data/lib/tcell_agent/agent/static_agent.rb +9 -30
  7. data/lib/tcell_agent/authlogic.rb +3 -6
  8. data/lib/tcell_agent/config/unknown_options.rb +4 -7
  9. data/lib/tcell_agent/configuration.rb +39 -118
  10. data/lib/tcell_agent/devise.rb +25 -27
  11. data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
  12. data/lib/tcell_agent/instrument_servers.rb +25 -0
  13. data/lib/tcell_agent/instrumentation.rb +12 -10
  14. data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
  15. data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
  16. data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
  17. data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
  18. data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
  19. data/lib/tcell_agent/logger.rb +50 -114
  20. data/lib/tcell_agent/patches.rb +6 -7
  21. data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
  22. data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
  23. data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
  24. data/lib/tcell_agent/policies/headers_policy.rb +25 -0
  25. data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
  26. data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
  27. data/lib/tcell_agent/policies/local_file_access.rb +28 -0
  28. data/lib/tcell_agent/policies/login_policy.rb +43 -0
  29. data/lib/tcell_agent/policies/patches_policy.rb +27 -0
  30. data/lib/tcell_agent/policies/policies_manager.rb +68 -0
  31. data/lib/tcell_agent/policies/policy_polling.rb +58 -0
  32. data/lib/tcell_agent/policies/policy_types.rb +14 -0
  33. data/lib/tcell_agent/policies/system_enablements.rb +27 -0
  34. data/lib/tcell_agent/rails/auth/authlogic.rb +43 -68
  35. data/lib/tcell_agent/rails/auth/devise.rb +20 -23
  36. data/lib/tcell_agent/rails/auth/doorkeeper.rb +63 -74
  37. data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
  38. data/lib/tcell_agent/rails/dlp.rb +35 -19
  39. data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
  40. data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
  41. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
  42. data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
  43. data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
  44. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
  45. data/lib/tcell_agent/rails/on_start.rb +32 -31
  46. data/lib/tcell_agent/rails/routes.rb +10 -9
  47. data/lib/tcell_agent/rails/routes/grape.rb +4 -12
  48. data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
  49. data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
  50. data/lib/tcell_agent/rails/start_agent_after_initializers.rb +12 -0
  51. data/lib/tcell_agent/rails/tcell_body_proxy.rb +6 -4
  52. data/lib/tcell_agent/rust/agent_config.rb +49 -0
  53. data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-4.18.0.dylib} +0 -0
  54. data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-4.18.0.so} +0 -0
  55. data/lib/tcell_agent/rust/libtcellagent-alpine-4.18.0.so +0 -0
  56. data/lib/tcell_agent/rust/models.rb +0 -55
  57. data/lib/tcell_agent/rust/native_agent.rb +531 -0
  58. data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
  59. data/lib/tcell_agent/rust/native_library.rb +68 -0
  60. data/lib/tcell_agent/rust/tcellagent-4.18.0.dll +0 -0
  61. data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
  62. data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
  63. data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
  64. data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
  65. data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
  66. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
  67. data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
  68. data/lib/tcell_agent/servers/passenger.rb +1 -28
  69. data/lib/tcell_agent/servers/puma.rb +3 -21
  70. data/lib/tcell_agent/servers/rails_server.rb +1 -1
  71. data/lib/tcell_agent/servers/thin.rb +2 -2
  72. data/lib/tcell_agent/servers/unicorn.rb +19 -80
  73. data/lib/tcell_agent/servers/webrick.rb +1 -1
  74. data/lib/tcell_agent/settings_reporter.rb +24 -24
  75. data/lib/tcell_agent/sinatra.rb +14 -16
  76. data/lib/tcell_agent/tcell_context.rb +41 -15
  77. data/lib/tcell_agent/utils/headers.rb +14 -0
  78. data/lib/tcell_agent/version.rb +1 -1
  79. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -18
  80. data/spec/lib/tcell_agent/configuration_spec.rb +4 -140
  81. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
  82. data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
  83. data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
  84. data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
  85. data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
  86. data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
  87. data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
  88. data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
  89. data/spec/lib/tcell_agent/patches_spec.rb +25 -43
  90. data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
  91. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
  92. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
  93. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
  94. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
  95. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
  96. data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
  97. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
  98. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
  99. data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
  100. data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
  101. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
  102. data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
  103. data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
  104. data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
  105. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
  106. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
  107. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
  108. data/spec/lib/tcell_agent/settings_reporter_spec.rb +127 -153
  109. data/spec/spec_helper.rb +1 -1
  110. data/spec/support/builders.rb +104 -0
  111. data/spec/support/force_logger_mocking.rb +38 -0
  112. data/spec/support/resources/lfi_sample_file.txt +2 -0
  113. data/spec/support/static_agent_overrides.rb +0 -15
  114. metadata +64 -74
  115. data/lib/tcell_agent/agent/event_processor.rb +0 -326
  116. data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
  117. data/lib/tcell_agent/agent/policy_manager.rb +0 -219
  118. data/lib/tcell_agent/agent/policy_types.rb +0 -30
  119. data/lib/tcell_agent/api.rb +0 -91
  120. data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
  121. data/lib/tcell_agent/config/child_process_events.rb +0 -8
  122. data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
  123. data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
  124. data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
  125. data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
  126. data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
  127. data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
  128. data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
  129. data/lib/tcell_agent/policies/rust_policies.rb +0 -110
  130. data/lib/tcell_agent/rails.rb +0 -40
  131. data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
  132. data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
  133. data/lib/tcell_agent/rust/whisperer.rb +0 -308
  134. data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
  135. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
  136. data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
  137. data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
  138. data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
  139. data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
  140. data/lib/tcell_agent/sensor_events/patches.rb +0 -21
  141. data/lib/tcell_agent/start_background_thread.rb +0 -55
  142. data/lib/tcell_agent/system_info.rb +0 -11
  143. data/lib/tcell_agent/utils/io.rb +0 -38
  144. data/lib/tcell_agent/utils/passwords.rb +0 -28
  145. data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
  146. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
  147. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
  148. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
  149. data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
  150. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
  151. data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
  152. data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
  153. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
  154. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
  155. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
  156. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
  157. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
  158. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
  159. data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
  160. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
  161. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
  162. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
  163. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
  164. data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -13,61 +13,6 @@ module TCellAgent
13
13
 
14
14
  flattened_params
15
15
  end
16
-
17
- def self.create_request_response(appsensor_meta)
18
- post_params = convert_params(appsensor_meta.flattened_post_dict)
19
-
20
- request_response = {
21
- 'method' => appsensor_meta.method,
22
- 'status_code' => appsensor_meta.response_code.to_i,
23
- 'route_id' => appsensor_meta.route_id,
24
- 'path' => appsensor_meta.path,
25
- 'query_params' => convert_params(appsensor_meta.flattened_get_dict),
26
- 'post_params' => post_params,
27
- 'headers' => convert_params(appsensor_meta.flattened_headers_dict),
28
- 'cookies' => convert_params(appsensor_meta.flattened_cookie_dict),
29
- 'path_params' => convert_params(appsensor_meta.flattened_path_parameters),
30
- 'remote_address' => appsensor_meta.remote_address,
31
- 'full_uri' => appsensor_meta.location,
32
- 'session_id' => appsensor_meta.session_id,
33
- 'user_id' => appsensor_meta.user_id,
34
- 'user_agent' => appsensor_meta.user_agent,
35
- :content_type => appsensor_meta.content_type,
36
- :request_body => appsensor_meta.raw_request_body,
37
- 'request_bytes_length' => appsensor_meta.request_content_bytes_len,
38
- 'response_bytes_length' => appsensor_meta.response_content_bytes_len
39
- }
40
-
41
- if TCellAgent::Utils::Strings.present?(appsensor_meta.csrf_exception_name)
42
- request_response['csrf_exception'] = { 'exception_name' => appsensor_meta.csrf_exception_name }
43
- end
44
-
45
- if appsensor_meta.sql_exceptions
46
- request_response['sql_exceptions'] = appsensor_meta.sql_exceptions
47
- end
48
-
49
- if appsensor_meta.database_result_sizes
50
- request_response['database_result_sizes'] = appsensor_meta.database_result_sizes
51
- end
52
-
53
- request_response
54
- end
55
-
56
- def self.create_patches_request(appsensor_meta)
57
- post_params = convert_params(appsensor_meta.flattened_post_dict)
58
-
59
- {
60
- 'method' => appsensor_meta.method,
61
- 'path' => appsensor_meta.path,
62
- 'remote_address' => appsensor_meta.remote_address,
63
- 'request_bytes_length' => appsensor_meta.request_content_bytes_len,
64
- 'query_params' => convert_params(appsensor_meta.flattened_get_dict),
65
- 'post_params' => post_params,
66
- 'headers' => convert_params(appsensor_meta.flattened_headers_dict),
67
- 'cookies' => convert_params(appsensor_meta.flattened_cookie_dict),
68
- :content_type => appsensor_meta.content_type
69
- }
70
- end
71
16
  end
72
17
  end
73
18
  end
@@ -0,0 +1,531 @@
1
+ require 'json'
2
+ require 'tcell_agent/rust/agent_config'
3
+ require 'tcell_agent/rust/models'
4
+ require 'tcell_agent/rust/native_library'
5
+ require 'tcell_agent/rust/native_agent_response'
6
+ require 'tcell_agent/version'
7
+
8
+ require 'tcell_agent/utils/headers'
9
+ module TCellAgent
10
+ module Rust
11
+ class NativeAgent # rubocop:disable Metrics/ClassLength
12
+ def self.test_event_sender(events)
13
+ config = TCellAgent.configuration
14
+ event_sender = {
15
+ :uuid => config.uuid,
16
+ :hostname => config.host_identifier,
17
+ :agent_type => 'Ruby',
18
+ :agent_version => TCellAgent::VERSION,
19
+ :app_id => config.app_id,
20
+ :api_key => config.api_key,
21
+ :tcell_input_url => config.tcell_input_url,
22
+ :events => events
23
+ }
24
+ event_sender_pointer = FFI::MemoryPointer.from_string(
25
+ JSON.dump(event_sender)
26
+ )
27
+
28
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
29
+ # config_pointer.size - 1: strips null terminator
30
+ result_size = TCellAgent::Rust::NativeLibrary.test_event_sender(
31
+ event_sender_pointer, event_sender_pointer.size - 1, buf, buf.size
32
+ )
33
+
34
+ response = NativeAgentResponse.new('test_event_sender', buf, result_size)
35
+
36
+ response.errors
37
+ end
38
+
39
+ def self.test_policies
40
+ config = TCellAgent.configuration
41
+ policies_info = {
42
+ :app_id => config.app_id,
43
+ :api_key => config.api_key,
44
+ :tcell_api_url => config.tcell_api_url
45
+ }
46
+ policies_info_pointer = FFI::MemoryPointer.from_string(
47
+ JSON.dump(policies_info)
48
+ )
49
+
50
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
51
+ # config_pointer.size - 1: strips null terminator
52
+ result_size = TCellAgent::Rust::NativeLibrary.test_policies(
53
+ policies_info_pointer, policies_info_pointer.size - 1, buf, buf.size
54
+ )
55
+
56
+ response = NativeAgentResponse.new('test_event_sender', buf, result_size)
57
+
58
+ response.errors
59
+ end
60
+
61
+ def self.free_agent(agent_ptr)
62
+ if TCellAgent::Rust::NativeLibrary.common_lib_available? &&
63
+ agent_ptr
64
+ TCellAgent::Rust::NativeLibrary.free_agent(
65
+ FFI::Pointer.new(agent_ptr)
66
+ )
67
+ end
68
+ end
69
+
70
+ def self.create_agent(config)
71
+ return nil unless TCellAgent::Rust::NativeLibrary.common_lib_available?
72
+
73
+ agent_config = TCellAgent::Rust::AgentConfig.new(config)
74
+ config_pointer = FFI::MemoryPointer.from_string(
75
+ JSON.dump(agent_config)
76
+ )
77
+
78
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
79
+ # config_pointer.size - 1: strips null terminator
80
+ result_size = TCellAgent::Rust::NativeLibrary.create_agent(
81
+ config_pointer, config_pointer.size - 1, buf, buf.size
82
+ )
83
+
84
+ response = JSON.parse(buf.get_string(0, result_size))
85
+ if response['error']
86
+ logger = TCellAgent::ModuleLogger.new(TCellAgent::RubyLogger.new, name)
87
+ logger.error("Error creating native agent: #{response['error']}")
88
+ return nil
89
+ end
90
+
91
+ NativeAgent.new(response['agent_ptr'])
92
+ end
93
+
94
+ attr_reader :agent_ptr
95
+
96
+ def initialize(agent_ptr)
97
+ @agent_ptr = agent_ptr
98
+ end
99
+
100
+ def apply_appfirewall(appsensor_meta)
101
+ return {} unless appsensor_meta
102
+
103
+ post_params = Models.convert_params(appsensor_meta.flattened_post_dict)
104
+ query_params = Models.convert_params(appsensor_meta.flattened_get_dict)
105
+ header_params = Models.convert_params(appsensor_meta.flattened_headers_dict)
106
+ cookie_params = Models.convert_params(appsensor_meta.flattened_cookie_dict)
107
+ path_params = Models.convert_params(appsensor_meta.flattened_path_parameters)
108
+
109
+ request_response_json = {
110
+ :method => appsensor_meta.method,
111
+ :status_code => appsensor_meta.response_code.to_i,
112
+ :route_id => appsensor_meta.route_id,
113
+ :path => appsensor_meta.path,
114
+ :query_params => query_params,
115
+ :post_params => post_params,
116
+ :headers => header_params,
117
+ :cookies => cookie_params,
118
+ :path_params => path_params,
119
+ :remote_address => appsensor_meta.remote_address,
120
+ :full_uri => appsensor_meta.location,
121
+ :session_id => appsensor_meta.session_id,
122
+ :user_id => appsensor_meta.user_id,
123
+ :user_agent => appsensor_meta.user_agent,
124
+ :request_bytes_length => appsensor_meta.request_content_bytes_len,
125
+ :response_bytes_length => appsensor_meta.response_content_bytes_len,
126
+ :content_type => appsensor_meta.content_type,
127
+ :request_body => appsensor_meta.raw_request_body
128
+ }
129
+
130
+ request_response_json[:sql_exceptions] = appsensor_meta.sql_exceptions if appsensor_meta.sql_exceptions
131
+ request_response_json[:database_result_sizes] = appsensor_meta.database_result_sizes if appsensor_meta.database_result_sizes
132
+
133
+ if TCellAgent::Utils::Strings.present?(appsensor_meta.csrf_exception_name)
134
+ request_response_json[:csrf_exception] = {
135
+ :exception_name => appsensor_meta.csrf_exception_name
136
+ }
137
+ end
138
+
139
+ request_response_pointer = FFI::MemoryPointer.from_string(
140
+ JSON.dump(request_response_json)
141
+ )
142
+
143
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
144
+ # request_response_pointer.size - 1: strips null terminator
145
+ result_size = TCellAgent::Rust::NativeLibrary.appfirewall_apply(
146
+ FFI::Pointer.new(@agent_ptr),
147
+ request_response_pointer,
148
+ request_response_pointer.size - 1,
149
+ buf,
150
+ buf.size
151
+ )
152
+
153
+ response = NativeAgentResponse.new('apply_appfirewall', buf, result_size)
154
+ log_response_errors(response.errors)
155
+ response.response
156
+ end
157
+
158
+ def apply_patches(appsensor_meta)
159
+ return {} unless appsensor_meta
160
+
161
+ post_params = Models.convert_params(appsensor_meta.flattened_post_dict)
162
+ query_params = Models.convert_params(appsensor_meta.flattened_get_dict)
163
+ header_params = Models.convert_params(appsensor_meta.flattened_headers_dict)
164
+ cookie_params = Models.convert_params(appsensor_meta.flattened_cookie_dict)
165
+
166
+ patches_request_json = {
167
+ :method => appsensor_meta.method,
168
+ :path => appsensor_meta.path,
169
+ :remote_address => appsensor_meta.remote_address,
170
+ :request_bytes_length => appsensor_meta.request_content_bytes_len,
171
+ :query_params => query_params,
172
+ :post_params => post_params,
173
+ :headers => header_params,
174
+ :cookies => cookie_params,
175
+ :content_type => appsensor_meta.content_type,
176
+ :full_uri => appsensor_meta.location
177
+ }
178
+
179
+ patches_request_pointer = FFI::MemoryPointer.from_string(
180
+ JSON.dump(patches_request_json)
181
+ )
182
+
183
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
184
+ # patches_request_pointer.size - 1: strips null terminator
185
+ result_size = TCellAgent::Rust::NativeLibrary.patches_apply(
186
+ FFI::Pointer.new(@agent_ptr),
187
+ patches_request_pointer,
188
+ patches_request_pointer.size - 1,
189
+ buf,
190
+ buf.size
191
+ )
192
+
193
+ response = NativeAgentResponse.new('apply_patches', buf, result_size)
194
+ log_response_errors(response.errors)
195
+
196
+ response.response
197
+ end
198
+
199
+ def apply_cmdi(command, tcell_context)
200
+ return unless TCellAgent::Utils::Strings.present?(command)
201
+
202
+ command_info = {
203
+ :command => command,
204
+ :method => tcell_context.request_method,
205
+ :path => tcell_context.path,
206
+ :remote_address => tcell_context.remote_address,
207
+ :route_id => tcell_context.route_id,
208
+ :session_id => tcell_context.session_id,
209
+ :user_id => tcell_context.user_id,
210
+ :full_uri => tcell_context.uri
211
+ }
212
+ command_pointer = FFI::MemoryPointer.from_string(
213
+ JSON.dump(command_info)
214
+ )
215
+
216
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
217
+ # command_pointer.size - 1: strips null terminator
218
+ result_size = TCellAgent::Rust::NativeLibrary.cmdi_apply(
219
+ FFI::Pointer.new(@agent_ptr),
220
+ command_pointer,
221
+ command_pointer.size - 1,
222
+ buf,
223
+ buf.size
224
+ )
225
+
226
+ response = NativeAgentResponse.new('apply_cmdi', buf, result_size)
227
+ log_response_errors(response.errors)
228
+
229
+ response.response
230
+ end
231
+
232
+ def get_headers(tcell_context)
233
+ return unless tcell_context
234
+
235
+ headers_request = {
236
+ :method => tcell_context.request_method,
237
+ :path => tcell_context.path,
238
+ :route_id => tcell_context.route_id.to_s,
239
+ :session_id => tcell_context.session_id.to_s
240
+ }
241
+ headers_request_pointer = FFI::MemoryPointer.from_string(
242
+ JSON.dump(headers_request)
243
+ )
244
+
245
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 16)
246
+ # headers_request_pointer.size - 1: strips null terminator
247
+ result_size = TCellAgent::Rust::NativeLibrary.get_headers(
248
+ FFI::Pointer.new(@agent_ptr),
249
+ headers_request_pointer,
250
+ headers_request_pointer.size - 1,
251
+ buf,
252
+ buf.size
253
+ )
254
+
255
+ response = NativeAgentResponse.new('get_headers', buf, result_size)
256
+ log_response_errors(response.errors)
257
+
258
+ response.response
259
+ end
260
+
261
+ def check_http_redirect(location_header,
262
+ from_domain,
263
+ status_code,
264
+ tcell_context)
265
+ return {} unless tcell_context
266
+
267
+ http_redirect_request = {
268
+ :location_header => location_header,
269
+ :local_server => from_domain,
270
+ :status_code => status_code,
271
+ :method => tcell_context.request_method,
272
+ :path => tcell_context.path,
273
+ :remote_addr => tcell_context.remote_address,
274
+ :full_uri => tcell_context.fullpath,
275
+ :route_id => tcell_context.route_id,
276
+ :session_id => tcell_context.session_id,
277
+ :user_id => tcell_context.user_id
278
+ }
279
+ http_redirect_request_pointer = FFI::MemoryPointer.from_string(
280
+ JSON.dump(http_redirect_request)
281
+ )
282
+
283
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
284
+ # http_redirect_request_pointer.size - 1: strips null terminator
285
+ result_size = TCellAgent::Rust::NativeLibrary.check_http_redirect(
286
+ FFI::Pointer.new(@agent_ptr),
287
+ http_redirect_request_pointer,
288
+ http_redirect_request_pointer.size - 1,
289
+ buf,
290
+ buf.size
291
+ )
292
+
293
+ response = NativeAgentResponse.new('check_http_redirect', buf, result_size)
294
+ log_response_errors(response.errors)
295
+
296
+ response.response
297
+ end
298
+
299
+ def get_js_agent_script_tag(tcell_context)
300
+ return {} unless tcell_context
301
+
302
+ jsagent_request = {
303
+ :method => tcell_context.request_method,
304
+ :path => tcell_context.path
305
+ }
306
+ jsagent_request_pointer = FFI::MemoryPointer.from_string(
307
+ JSON.dump(jsagent_request)
308
+ )
309
+
310
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
311
+ # jsagent_request_pointer.size - 1: strips null terminator
312
+ result_size = TCellAgent::Rust::NativeLibrary.get_js_agent_script_tag(
313
+ FFI::Pointer.new(@agent_ptr),
314
+ jsagent_request_pointer,
315
+ jsagent_request_pointer.size - 1,
316
+ buf,
317
+ buf.size
318
+ )
319
+
320
+ response = NativeAgentResponse.new('get_js_agent_script_tag', buf, result_size)
321
+ log_response_errors(response.errors)
322
+
323
+ response.response
324
+ end
325
+
326
+ def login_fraud_apply(success,
327
+ user_id,
328
+ password,
329
+ headers,
330
+ user_valid,
331
+ tcell_context)
332
+ event_name = success ? :Success : :Failure
333
+ header_keys = TCellAgent::Utils::Headers.clean_keys(headers)
334
+ login_info = {
335
+ :event_name => event_name,
336
+ :user_id => user_id,
337
+ :user_agent => tcell_context.user_agent,
338
+ :remote_address => tcell_context.remote_address,
339
+ :header_keys => header_keys,
340
+ :passsword => password,
341
+ :session_id => tcell_context.session_id,
342
+ :full_uri => tcell_context.fullpath,
343
+ :referrer => tcell_context.referrer,
344
+ :user_valid => user_valid
345
+ }
346
+
347
+ login_info_pointer = FFI::MemoryPointer.from_string(
348
+ JSON.dump(login_info)
349
+ )
350
+
351
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
352
+ # login_info_pointer.size - 1: strips null terminator
353
+ result_size = TCellAgent::Rust::NativeLibrary.login_fraud_apply(
354
+ FFI::Pointer.new(@agent_ptr),
355
+ login_info_pointer,
356
+ login_info_pointer.size - 1,
357
+ buf,
358
+ buf.size
359
+ )
360
+
361
+ response = NativeAgentResponse.new('login_fraud_apply', buf, result_size)
362
+ log_response_errors(response.errors)
363
+
364
+ response.response
365
+ end
366
+
367
+ def file_access_apply(file_path,
368
+ mode,
369
+ tcell_context)
370
+
371
+ file_access_info = {
372
+ :dir_classification => 'Unknown',
373
+ :file_path => file_path,
374
+ :mode => mode
375
+ }
376
+
377
+ if tcell_context
378
+ file_access_info = file_access_info.merge(
379
+ {
380
+ :full_uri => tcell_context.fullpath,
381
+ :remote_address => tcell_context.remote_address,
382
+ :route_id => tcell_context.route_id,
383
+ :session_id => tcell_context.session_id,
384
+ :user_id => tcell_context.user_id
385
+ }
386
+ )
387
+ end
388
+
389
+ file_access_pointer = FFI::MemoryPointer.from_string(
390
+ JSON.dump(file_access_info)
391
+ )
392
+
393
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
394
+ # login_info_pointer.size - 1: strips null terminator
395
+ result_size = TCellAgent::Rust::NativeLibrary.file_access_apply(
396
+ FFI::Pointer.new(@agent_ptr),
397
+ file_access_pointer,
398
+ file_access_pointer.size - 1,
399
+ buf,
400
+ buf.size
401
+ )
402
+
403
+ response = NativeAgentResponse.new('file_access_apply', buf, result_size)
404
+ log_response_errors(response.errors)
405
+
406
+ response.response
407
+ end
408
+
409
+ def poll_new_policies
410
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
411
+ result_size = TCellAgent::Rust::NativeLibrary.poll_new_policies(
412
+ FFI::Pointer.new(@agent_ptr),
413
+ buf,
414
+ buf.size
415
+ )
416
+
417
+ response = NativeAgentResponse.new('poll_new_policies', buf, result_size)
418
+ log_response_errors(response.errors)
419
+
420
+ response.response
421
+ end
422
+
423
+ def send_sanitized_events(events)
424
+ return {} unless events
425
+
426
+ events = { :events => events }
427
+ events_pointer = FFI::MemoryPointer.from_string(
428
+ JSON.dump(events)
429
+ )
430
+
431
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
432
+ # events_pointer.size - 1: strips null terminator
433
+ result_size = TCellAgent::Rust::NativeLibrary.send_sanitized_events(
434
+ FFI::Pointer.new(@agent_ptr),
435
+ events_pointer,
436
+ events_pointer.size - 1,
437
+ buf,
438
+ buf.size
439
+ )
440
+
441
+ response = NativeAgentResponse.new('send_sanitized_events', buf, result_size)
442
+ log_response_errors(response.errors)
443
+
444
+ response.response
445
+ end
446
+
447
+ def report_metrics(request_time, tcell_context)
448
+ return {} unless request_time
449
+
450
+ message = {
451
+ :elapsed_time => request_time,
452
+ :route_id => tcell_context && tcell_context.route_id,
453
+ :session_id => tcell_context && tcell_context.session_id,
454
+ :user_id => tcell_context && tcell_context.user_id,
455
+ :user_agent => tcell_context && tcell_context.user_agent,
456
+ :remote_address => tcell_context && tcell_context.remote_address
457
+ }
458
+ message_pointer = FFI::MemoryPointer.from_string(
459
+ JSON.dump(message)
460
+ )
461
+
462
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
463
+ # message_pointer.size - 1: strips null terminator
464
+ result_size = TCellAgent::Rust::NativeLibrary.report_metrics(
465
+ FFI::Pointer.new(@agent_ptr),
466
+ message_pointer,
467
+ message_pointer.size - 1,
468
+ buf,
469
+ buf.size
470
+ )
471
+
472
+ response = NativeAgentResponse.new('report_metrics', buf, result_size)
473
+ log_response_errors(response.errors)
474
+
475
+ response.response
476
+ end
477
+
478
+ def log_message(level, message, thread)
479
+ return unless level && message
480
+
481
+ message_json = {
482
+ :level => level,
483
+ :message => message,
484
+ :thread => thread
485
+ }
486
+ message_json_pointer = FFI::MemoryPointer.from_string(
487
+ JSON.dump(message_json)
488
+ )
489
+
490
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
491
+ # message_json_pointer.size - 1: strips null terminator
492
+ TCellAgent::Rust::NativeLibrary.log_message(
493
+ FFI::Pointer.new(@agent_ptr),
494
+ message_json_pointer,
495
+ message_json_pointer.size - 1,
496
+ buf,
497
+ buf.size
498
+ )
499
+ end
500
+
501
+ def log_response_errors(errors)
502
+ errors.each do |error|
503
+ log_message('error', error, self.class.name)
504
+ end
505
+ end
506
+
507
+ # Note: for tests
508
+ def update_policies(policies)
509
+ return {} unless TCellAgent::Utils::Strings.present?(policies)
510
+
511
+ policies_pointer = FFI::MemoryPointer.from_string(
512
+ JSON.dump(policies)
513
+ )
514
+
515
+ buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
516
+ # policies_pointer.size - 1: strips null terminator
517
+ result_size = TCellAgent::Rust::NativeLibrary.update_policies(
518
+ FFI::Pointer.new(agent_ptr),
519
+ policies_pointer,
520
+ policies_pointer.size - 1,
521
+ buf,
522
+ buf.size
523
+ )
524
+
525
+ NativeAgentResponse.new(
526
+ 'update_policies', buf, result_size
527
+ ).response
528
+ end
529
+ end
530
+ end
531
+ end