tcell_agent 1.1.11 → 2.1.2

data/lib/tcell_agent/rust/models.rb

@@ -13,61 +13,6 @@ module TCellAgent
 
         flattened_params
       end
-
-      def self.create_request_response(appsensor_meta)
-        post_params = convert_params(appsensor_meta.flattened_post_dict)
-
-        request_response = {
-          'method' =>  appsensor_meta.method,
-          'status_code' =>  appsensor_meta.response_code.to_i,
-          'route_id' =>  appsensor_meta.route_id,
-          'path' =>  appsensor_meta.path,
-          'query_params' =>  convert_params(appsensor_meta.flattened_get_dict),
-          'post_params' =>  post_params,
-          'headers' =>  convert_params(appsensor_meta.flattened_headers_dict),
-          'cookies' =>  convert_params(appsensor_meta.flattened_cookie_dict),
-          'path_params' =>  convert_params(appsensor_meta.flattened_path_parameters),
-          'remote_address' =>  appsensor_meta.remote_address,
-          'full_uri' =>  appsensor_meta.location,
-          'session_id' =>  appsensor_meta.session_id,
-          'user_id' =>  appsensor_meta.user_id,
-          'user_agent' =>  appsensor_meta.user_agent,
-          :content_type => appsensor_meta.content_type,
-          :request_body => appsensor_meta.raw_request_body,
-          'request_bytes_length' =>  appsensor_meta.request_content_bytes_len,
-          'response_bytes_length' =>  appsensor_meta.response_content_bytes_len
-        }
-
-        if TCellAgent::Utils::Strings.present?(appsensor_meta.csrf_exception_name)
-          request_response['csrf_exception'] = { 'exception_name' => appsensor_meta.csrf_exception_name }
-        end
-
-        if appsensor_meta.sql_exceptions
-          request_response['sql_exceptions'] = appsensor_meta.sql_exceptions
-        end
-
-        if appsensor_meta.database_result_sizes
-          request_response['database_result_sizes'] = appsensor_meta.database_result_sizes
-        end
-
-        request_response
-      end
-
-      def self.create_patches_request(appsensor_meta)
-        post_params = convert_params(appsensor_meta.flattened_post_dict)
-
-        {
-          'method' =>  appsensor_meta.method,
-          'path' =>  appsensor_meta.path,
-          'remote_address' =>  appsensor_meta.remote_address,
-          'request_bytes_length' =>  appsensor_meta.request_content_bytes_len,
-          'query_params' =>  convert_params(appsensor_meta.flattened_get_dict),
-          'post_params' =>  post_params,
-          'headers' =>  convert_params(appsensor_meta.flattened_headers_dict),
-          'cookies' =>  convert_params(appsensor_meta.flattened_cookie_dict),
-          :content_type => appsensor_meta.content_type
-        }
-      end
     end
   end
 end

data/lib/tcell_agent/rust/native_agent.rb

@@ -0,0 +1,531 @@
+require 'json'
+require 'tcell_agent/rust/agent_config'
+require 'tcell_agent/rust/models'
+require 'tcell_agent/rust/native_library'
+require 'tcell_agent/rust/native_agent_response'
+require 'tcell_agent/version'
+
+require 'tcell_agent/utils/headers'
+module TCellAgent
+  module Rust
+    class NativeAgent # rubocop:disable Metrics/ClassLength
+      def self.test_event_sender(events)
+        config = TCellAgent.configuration
+        event_sender = {
+          :uuid =>            config.uuid,
+          :hostname =>        config.host_identifier,
+          :agent_type =>      'Ruby',
+          :agent_version =>   TCellAgent::VERSION,
+          :app_id =>          config.app_id,
+          :api_key =>         config.api_key,
+          :tcell_input_url => config.tcell_input_url,
+          :events =>          events
+        }
+        event_sender_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(event_sender)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # config_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.test_event_sender(
+          event_sender_pointer, event_sender_pointer.size - 1, buf, buf.size
+        )
+
+        response = NativeAgentResponse.new('test_event_sender', buf, result_size)
+
+        response.errors
+      end
+
+      def self.test_policies
+        config = TCellAgent.configuration
+        policies_info = {
+          :app_id =>        config.app_id,
+          :api_key =>       config.api_key,
+          :tcell_api_url => config.tcell_api_url
+        }
+        policies_info_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(policies_info)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # config_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.test_policies(
+          policies_info_pointer, policies_info_pointer.size - 1, buf, buf.size
+        )
+
+        response = NativeAgentResponse.new('test_event_sender', buf, result_size)
+
+        response.errors
+      end
+
+      def self.free_agent(agent_ptr)
+        if TCellAgent::Rust::NativeLibrary.common_lib_available? &&
+           agent_ptr
+          TCellAgent::Rust::NativeLibrary.free_agent(
+            FFI::Pointer.new(agent_ptr)
+          )
+        end
+      end
+
+      def self.create_agent(config)
+        return nil unless TCellAgent::Rust::NativeLibrary.common_lib_available?
+
+        agent_config = TCellAgent::Rust::AgentConfig.new(config)
+        config_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(agent_config)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # config_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.create_agent(
+          config_pointer, config_pointer.size - 1, buf, buf.size
+        )
+
+        response = JSON.parse(buf.get_string(0, result_size))
+        if response['error']
+          logger = TCellAgent::ModuleLogger.new(TCellAgent::RubyLogger.new, name)
+          logger.error("Error creating native agent: #{response['error']}")
+          return nil
+        end
+
+        NativeAgent.new(response['agent_ptr'])
+      end
+
+      attr_reader :agent_ptr
+
+      def initialize(agent_ptr)
+        @agent_ptr = agent_ptr
+      end
+
+      def apply_appfirewall(appsensor_meta)
+        return {} unless appsensor_meta
+
+        post_params = Models.convert_params(appsensor_meta.flattened_post_dict)
+        query_params = Models.convert_params(appsensor_meta.flattened_get_dict)
+        header_params = Models.convert_params(appsensor_meta.flattened_headers_dict)
+        cookie_params = Models.convert_params(appsensor_meta.flattened_cookie_dict)
+        path_params = Models.convert_params(appsensor_meta.flattened_path_parameters)
+
+        request_response_json = {
+          :method => appsensor_meta.method,
+          :status_code => appsensor_meta.response_code.to_i,
+          :route_id => appsensor_meta.route_id,
+          :path => appsensor_meta.path,
+          :query_params => query_params,
+          :post_params => post_params,
+          :headers => header_params,
+          :cookies => cookie_params,
+          :path_params => path_params,
+          :remote_address => appsensor_meta.remote_address,
+          :full_uri => appsensor_meta.location,
+          :session_id => appsensor_meta.session_id,
+          :user_id => appsensor_meta.user_id,
+          :user_agent => appsensor_meta.user_agent,
+          :request_bytes_length => appsensor_meta.request_content_bytes_len,
+          :response_bytes_length => appsensor_meta.response_content_bytes_len,
+          :content_type => appsensor_meta.content_type,
+          :request_body => appsensor_meta.raw_request_body
+        }
+
+        request_response_json[:sql_exceptions] = appsensor_meta.sql_exceptions if appsensor_meta.sql_exceptions
+        request_response_json[:database_result_sizes] = appsensor_meta.database_result_sizes if appsensor_meta.database_result_sizes
+
+        if TCellAgent::Utils::Strings.present?(appsensor_meta.csrf_exception_name)
+          request_response_json[:csrf_exception] = {
+            :exception_name => appsensor_meta.csrf_exception_name
+          }
+        end
+
+        request_response_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(request_response_json)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # request_response_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.appfirewall_apply(
+          FFI::Pointer.new(@agent_ptr),
+          request_response_pointer,
+          request_response_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('apply_appfirewall', buf, result_size)
+        log_response_errors(response.errors)
+        response.response
+      end
+
+      def apply_patches(appsensor_meta)
+        return {} unless appsensor_meta
+
+        post_params = Models.convert_params(appsensor_meta.flattened_post_dict)
+        query_params = Models.convert_params(appsensor_meta.flattened_get_dict)
+        header_params = Models.convert_params(appsensor_meta.flattened_headers_dict)
+        cookie_params = Models.convert_params(appsensor_meta.flattened_cookie_dict)
+
+        patches_request_json = {
+          :method => appsensor_meta.method,
+          :path => appsensor_meta.path,
+          :remote_address => appsensor_meta.remote_address,
+          :request_bytes_length => appsensor_meta.request_content_bytes_len,
+          :query_params => query_params,
+          :post_params =>  post_params,
+          :headers => header_params,
+          :cookies => cookie_params,
+          :content_type => appsensor_meta.content_type,
+          :full_uri => appsensor_meta.location
+        }
+
+        patches_request_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(patches_request_json)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # patches_request_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.patches_apply(
+          FFI::Pointer.new(@agent_ptr),
+          patches_request_pointer,
+          patches_request_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('apply_patches', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def apply_cmdi(command, tcell_context)
+        return unless TCellAgent::Utils::Strings.present?(command)
+
+        command_info = {
+          :command => command,
+          :method => tcell_context.request_method,
+          :path => tcell_context.path,
+          :remote_address => tcell_context.remote_address,
+          :route_id => tcell_context.route_id,
+          :session_id => tcell_context.session_id,
+          :user_id => tcell_context.user_id,
+          :full_uri => tcell_context.uri
+        }
+        command_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(command_info)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # command_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.cmdi_apply(
+          FFI::Pointer.new(@agent_ptr),
+          command_pointer,
+          command_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('apply_cmdi', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def get_headers(tcell_context)
+        return unless tcell_context
+
+        headers_request = {
+          :method => tcell_context.request_method,
+          :path => tcell_context.path,
+          :route_id => tcell_context.route_id.to_s,
+          :session_id => tcell_context.session_id.to_s
+        }
+        headers_request_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(headers_request)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 16)
+        # headers_request_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.get_headers(
+          FFI::Pointer.new(@agent_ptr),
+          headers_request_pointer,
+          headers_request_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('get_headers', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def check_http_redirect(location_header,
+                              from_domain,
+                              status_code,
+                              tcell_context)
+        return {} unless tcell_context
+
+        http_redirect_request = {
+          :location_header => location_header,
+          :local_server => from_domain,
+          :status_code => status_code,
+          :method => tcell_context.request_method,
+          :path => tcell_context.path,
+          :remote_addr => tcell_context.remote_address,
+          :full_uri => tcell_context.fullpath,
+          :route_id => tcell_context.route_id,
+          :session_id => tcell_context.session_id,
+          :user_id => tcell_context.user_id
+        }
+        http_redirect_request_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(http_redirect_request)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # http_redirect_request_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.check_http_redirect(
+          FFI::Pointer.new(@agent_ptr),
+          http_redirect_request_pointer,
+          http_redirect_request_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('check_http_redirect', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def get_js_agent_script_tag(tcell_context)
+        return {} unless tcell_context
+
+        jsagent_request = {
+          :method => tcell_context.request_method,
+          :path => tcell_context.path
+        }
+        jsagent_request_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(jsagent_request)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # jsagent_request_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.get_js_agent_script_tag(
+          FFI::Pointer.new(@agent_ptr),
+          jsagent_request_pointer,
+          jsagent_request_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('get_js_agent_script_tag', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def login_fraud_apply(success,
+                            user_id,
+                            password,
+                            headers,
+                            user_valid,
+                            tcell_context)
+        event_name =  success ? :Success : :Failure
+        header_keys = TCellAgent::Utils::Headers.clean_keys(headers)
+        login_info = {
+          :event_name => event_name,
+          :user_id => user_id,
+          :user_agent => tcell_context.user_agent,
+          :remote_address => tcell_context.remote_address,
+          :header_keys => header_keys,
+          :passsword => password,
+          :session_id => tcell_context.session_id,
+          :full_uri => tcell_context.fullpath,
+          :referrer => tcell_context.referrer,
+          :user_valid => user_valid
+        }
+
+        login_info_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(login_info)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # login_info_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.login_fraud_apply(
+          FFI::Pointer.new(@agent_ptr),
+          login_info_pointer,
+          login_info_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('login_fraud_apply', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def file_access_apply(file_path,
+                            mode,
+                            tcell_context)
+
+        file_access_info = {
+          :dir_classification => 'Unknown',
+          :file_path => file_path,
+          :mode => mode
+        }
+
+        if tcell_context
+          file_access_info = file_access_info.merge(
+            {
+              :full_uri => tcell_context.fullpath,
+              :remote_address => tcell_context.remote_address,
+              :route_id => tcell_context.route_id,
+              :session_id => tcell_context.session_id,
+              :user_id => tcell_context.user_id
+            }
+          )
+        end
+
+        file_access_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(file_access_info)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # login_info_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.file_access_apply(
+          FFI::Pointer.new(@agent_ptr),
+          file_access_pointer,
+          file_access_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('file_access_apply', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def poll_new_policies
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
+        result_size = TCellAgent::Rust::NativeLibrary.poll_new_policies(
+          FFI::Pointer.new(@agent_ptr),
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('poll_new_policies', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def send_sanitized_events(events)
+        return {} unless events
+
+        events = { :events => events }
+        events_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(events)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # events_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.send_sanitized_events(
+          FFI::Pointer.new(@agent_ptr),
+          events_pointer,
+          events_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('send_sanitized_events', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def report_metrics(request_time, tcell_context)
+        return {} unless request_time
+
+        message = {
+          :elapsed_time => request_time,
+          :route_id => tcell_context && tcell_context.route_id,
+          :session_id => tcell_context && tcell_context.session_id,
+          :user_id => tcell_context && tcell_context.user_id,
+          :user_agent => tcell_context && tcell_context.user_agent,
+          :remote_address => tcell_context && tcell_context.remote_address
+        }
+        message_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(message)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # message_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.report_metrics(
+          FFI::Pointer.new(@agent_ptr),
+          message_pointer,
+          message_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('report_metrics', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def log_message(level, message, thread)
+        return unless level && message
+
+        message_json = {
+          :level => level,
+          :message => message,
+          :thread => thread
+        }
+        message_json_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(message_json)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # message_json_pointer.size - 1: strips null terminator
+        TCellAgent::Rust::NativeLibrary.log_message(
+          FFI::Pointer.new(@agent_ptr),
+          message_json_pointer,
+          message_json_pointer.size - 1,
+          buf,
+          buf.size
+        )
+      end
+
+      def log_response_errors(errors)
+        errors.each do |error|
+          log_message('error', error, self.class.name)
+        end
+      end
+
+      # Note: for tests
+      def update_policies(policies)
+        return {} unless TCellAgent::Utils::Strings.present?(policies)
+
+        policies_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(policies)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # policies_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.update_policies(
+          FFI::Pointer.new(agent_ptr),
+          policies_pointer,
+          policies_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        NativeAgentResponse.new(
+          'update_policies', buf, result_size
+        ).response
+      end
+    end
+  end
+end