RubyGems - tcell_agent - Versions diffs - 1.1.12 → 2.0.0 - Mend

tcell_agent 1.1.12 → 2.0.0

Files changed (163) hide show

checksums.yaml +5 -5
data/bin/tcell_agent +26 -14
data/lib/tcell_agent.rb +16 -10
data/lib/tcell_agent/agent.rb +78 -97
data/lib/tcell_agent/agent/route_manager.rb +0 -16
data/lib/tcell_agent/agent/static_agent.rb +9 -30
data/lib/tcell_agent/authlogic.rb +3 -6
data/lib/tcell_agent/config/unknown_options.rb +4 -8
data/lib/tcell_agent/configuration.rb +38 -119
data/lib/tcell_agent/devise.rb +25 -27
data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
data/lib/tcell_agent/instrument_servers.rb +25 -0
data/lib/tcell_agent/instrumentation.rb +12 -10
data/lib/tcell_agent/instrumentation/cmdi.rb +19 -15
data/lib/tcell_agent/instrumentation/lfi.rb +73 -0
data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +123 -0
data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +159 -0
data/lib/tcell_agent/logger.rb +50 -114
data/lib/tcell_agent/patches.rb +6 -7
data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
data/lib/tcell_agent/policies/headers_policy.rb +25 -0
data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
data/lib/tcell_agent/policies/local_file_access.rb +28 -0
data/lib/tcell_agent/policies/login_policy.rb +43 -0
data/lib/tcell_agent/policies/patches_policy.rb +27 -0
data/lib/tcell_agent/policies/policies_manager.rb +68 -0
data/lib/tcell_agent/policies/policy_polling.rb +58 -0
data/lib/tcell_agent/policies/policy_types.rb +14 -0
data/lib/tcell_agent/policies/system_enablements.rb +27 -0
data/lib/tcell_agent/rails/auth/authlogic.rb +43 -68
data/lib/tcell_agent/rails/auth/devise.rb +20 -23
data/lib/tcell_agent/rails/auth/doorkeeper.rb +63 -74
data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
data/lib/tcell_agent/rails/dlp.rb +25 -15
data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
data/lib/tcell_agent/rails/on_start.rb +32 -31
data/lib/tcell_agent/rails/routes.rb +7 -6
data/lib/tcell_agent/rails/routes/grape.rb +1 -3
data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
data/lib/tcell_agent/rails/start_agent_after_initializers.rb +12 -0
data/lib/tcell_agent/rails/tcell_body_proxy.rb +6 -4
data/lib/tcell_agent/rust/agent_config.rb +49 -0
data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-4.14.0.dylib} +0 -0
data/lib/tcell_agent/rust/libtcellagent-4.14.0.so +0 -0
data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-alpine-4.14.0.so} +0 -0
data/lib/tcell_agent/rust/models.rb +0 -55
data/lib/tcell_agent/rust/native_agent.rb +531 -0
data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
data/lib/tcell_agent/rust/native_library.rb +68 -0
data/lib/tcell_agent/rust/tcellagent-4.14.0.dll +0 -0
data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
data/lib/tcell_agent/servers/passenger.rb +1 -28
data/lib/tcell_agent/servers/puma.rb +3 -21
data/lib/tcell_agent/servers/rails_server.rb +1 -1
data/lib/tcell_agent/servers/thin.rb +2 -2
data/lib/tcell_agent/servers/unicorn.rb +19 -80
data/lib/tcell_agent/servers/webrick.rb +1 -1
data/lib/tcell_agent/settings_reporter.rb +24 -24
data/lib/tcell_agent/sinatra.rb +14 -16
data/lib/tcell_agent/tcell_context.rb +40 -14
data/lib/tcell_agent/utils/headers.rb +14 -0
data/lib/tcell_agent/version.rb +1 -1
data/spec/lib/tcell_agent/cmdi_spec.rb +0 -585
data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -18
data/spec/lib/tcell_agent/configuration_spec.rb +4 -140
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +556 -0
data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +249 -0
data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +105 -0
data/spec/lib/tcell_agent/patches_spec.rb +25 -43
data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
data/spec/lib/tcell_agent/settings_reporter_spec.rb +127 -153
data/spec/spec_helper.rb +1 -1
data/spec/support/builders.rb +104 -0
data/spec/support/force_logger_mocking.rb +38 -0
data/spec/support/resources/lfi_sample_file.txt +2 -0
data/spec/support/static_agent_overrides.rb +0 -15
metadata +63 -74
data/lib/tcell_agent/agent/event_processor.rb +0 -326
data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
data/lib/tcell_agent/agent/policy_manager.rb +0 -219
data/lib/tcell_agent/agent/policy_types.rb +0 -30
data/lib/tcell_agent/api.rb +0 -91
data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
data/lib/tcell_agent/config/child_process_events.rb +0 -8
data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
data/lib/tcell_agent/policies/rust_policies.rb +0 -110
data/lib/tcell_agent/rails.rb +0 -40
data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +0 -308
data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
data/lib/tcell_agent/sensor_events/patches.rb +0 -21
data/lib/tcell_agent/start_background_thread.rb +0 -55
data/lib/tcell_agent/system_info.rb +0 -11
data/lib/tcell_agent/utils/io.rb +0 -38
data/lib/tcell_agent/utils/passwords.rb +0 -28
data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143

data/lib/tcell_agent/utils/headers.rb ADDED

@@ -0,0 +1,14 @@
+module TCellAgent
+  module Utils
+    module Headers
+      def self.clean_keys(request_env_or_header_keys)
+        if request_env_or_header_keys.is_a?(Hash)
+          request_env_or_header_keys.select { |k, _v| k.start_with? 'HTTP_' }.collect { |k, _v| k.sub(/^HTTP_/, '') }
+        else
+          request_env_or_header_keys.map { |k| k.sub(/^HTTP_/, '') }
+        end
+      end
+    end
+  end
+end

data/lib/tcell_agent/version.rb CHANGED

@@ -1,5 +1,5 @@
 # See the file "LICENSE" for the full license governing this code.
 module TCellAgent
-  VERSION = '1.1.12'.freeze
+  VERSION = '2.0.0'.freeze
 end

data/spec/lib/tcell_agent/cmdi_spec.rb CHANGED

@@ -148,589 +148,4 @@ module TCellAgent
       end
     end
   end
-  describe IO do
-    describe '.popen' do
-      before(:each) do
-        configuration = double(
-          'configuration',
-          {
-            'app_id' => 'app_id',
-            'api_key' => 'api_key',
-            'allow_payloads' => true,
-            'js_agent_api_base_url' => 'http://api.tcell.com/',
-            'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-            'max_csp_header_bytes' => nil,
-            'event_time_limit_seconds' => 15,
-            'event_batch_size_limit' => 50,
-            'preload_policy_filename' => nil,
-            'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
-            'agent_home_owner' => nil
-          }
-        )
-        expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-        @rust_policies = TCellAgent::Policies::RustPolicies.new
-      end
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            IO.popen
-          end.to raise_error(ArgumentError)
-          expect do
-            IO.popen(nil)
-          end.to raise_error(TypeError)
-          expect do
-            IO.popen('')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'non existent command' do
-        it 'should return nil' do
-          expect do
-            IO.popen('foobar')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          expect(IO.popen('echo test').read.chomp).to eq('test')
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            IO.popen('echo test')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(@rust_policies.cmdi_enabled).to eq(false)
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_call_original
-            expect(@rust_policies).to_not receive(:block_command?)
-            IO.popen('echo test')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            IO.popen('echo test')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              IO.popen('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-      context 'with env' do
-        before(:each) do
-          @env = { 'TCELL_VAR' => 'enabled' }
-        end
-        context 'with string command' do
-          it 'should execute the command' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, 'echo', 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, 'echo', 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with string command and arguments' do
-          it 'should parse the command' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with array command' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([@env, 'echo', 'test', :unsetenv_others => true], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [@env, 'echo', 'test', :unsetenv_others => true], 'w+', :err => %i[child out])
-          end
-        end
-      end
-      context 'without env' do
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with(
-              "echo -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-            IO.popen(
-              [%w[echo argv0],
-               '-size',
-               '320x85',
-               'canvas:none',
-               '-font',
-               'Bookman-DemiItalic',
-               '-draw',
-               "\"text 25,60 \'Magick\'\""],
-              :unsetenv_others => true
-            )
-          end
-        end
-      end
-    end
-  end
-  describe Kernel do
-    before(:each) do
-      configuration = double(
-        'configuration',
-        {
-          'app_id' => 'app_id',
-          'api_key' => 'api_key',
-          'allow_payloads' => true,
-          'js_agent_api_base_url' => 'http://api.tcell.com/',
-          'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-          'max_csp_header_bytes' => nil,
-          'event_time_limit_seconds' => 15,
-          'event_batch_size_limit' => 50,
-          'preload_policy_filename' => nil,
-          'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
-          'agent_home_owner' => nil
-        }
-      )
-      expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-      @rust_policies = TCellAgent::Policies::RustPolicies.new
-    end
-    describe '.backtick' do
-      context 'empty command' do
-        it 'should raise Errno::ENOENT' do
-          expect do
-            ``
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            `echo test`
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              `echo test`
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '%x methods' do
-      context 'empty command' do
-        it 'should raise Errno::ENOENT' do
-          expect do
-            ``
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            `echo test`
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              `echo test`
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.system' do
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            system
-          end.to raise_error(ArgumentError)
-          expect do
-            system(nil)
-          end.to raise_error(TypeError)
-          expect(system('')).to be_nil
-        end
-      end
-      context 'non existent command' do
-        it 'should return nil' do
-          expect(system('foobar')).to be_nil
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          pid = system('echo test > /dev/null 2>&1')
-          expect(pid).to eq(true)
-          pid = system(RbConfig.ruby, "-e'Hello World!'", '>', '/dev/null', '2>&1')
-          expect(pid).to eq(true)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              system('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.spawn' do
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            spawn
-          end.to raise_error(ArgumentError)
-          expect do
-            spawn(nil)
-          end.to raise_error(TypeError)
-          expect do
-            spawn('')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'non existent command' do
-        it 'should raise error' do
-          expect do
-            spawn('foobar')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          pid = spawn('echo test > /dev/null 2>&1')
-          expect(pid).to_not be_nil
-          pid = spawn(RbConfig.ruby, "-e'Hello World!'", '>', '/dev/null', '2>&1')
-          expect(pid).to_not be_nil
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              spawn('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.exec' do
-      # can only test this case since exec replaces current process with new process
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              exec('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-  end
 end