RubyGems - tcell_agent - Versions diffs - 1.1.12 → 2.0.0 - Mend

tcell_agent 1.1.12 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (163) hide show

checksums.yaml +5 -5
data/bin/tcell_agent +26 -14
data/lib/tcell_agent.rb +16 -10
data/lib/tcell_agent/agent.rb +78 -97
data/lib/tcell_agent/agent/route_manager.rb +0 -16
data/lib/tcell_agent/agent/static_agent.rb +9 -30
data/lib/tcell_agent/authlogic.rb +3 -6
data/lib/tcell_agent/config/unknown_options.rb +4 -8
data/lib/tcell_agent/configuration.rb +38 -119
data/lib/tcell_agent/devise.rb +25 -27
data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
data/lib/tcell_agent/instrument_servers.rb +25 -0
data/lib/tcell_agent/instrumentation.rb +12 -10
data/lib/tcell_agent/instrumentation/cmdi.rb +19 -15
data/lib/tcell_agent/instrumentation/lfi.rb +73 -0
data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +123 -0
data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +159 -0
data/lib/tcell_agent/logger.rb +50 -114
data/lib/tcell_agent/patches.rb +6 -7
data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
data/lib/tcell_agent/policies/headers_policy.rb +25 -0
data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
data/lib/tcell_agent/policies/local_file_access.rb +28 -0
data/lib/tcell_agent/policies/login_policy.rb +43 -0
data/lib/tcell_agent/policies/patches_policy.rb +27 -0
data/lib/tcell_agent/policies/policies_manager.rb +68 -0
data/lib/tcell_agent/policies/policy_polling.rb +58 -0
data/lib/tcell_agent/policies/policy_types.rb +14 -0
data/lib/tcell_agent/policies/system_enablements.rb +27 -0
data/lib/tcell_agent/rails/auth/authlogic.rb +43 -68
data/lib/tcell_agent/rails/auth/devise.rb +20 -23
data/lib/tcell_agent/rails/auth/doorkeeper.rb +63 -74
data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
data/lib/tcell_agent/rails/dlp.rb +25 -15
data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
data/lib/tcell_agent/rails/on_start.rb +32 -31
data/lib/tcell_agent/rails/routes.rb +7 -6
data/lib/tcell_agent/rails/routes/grape.rb +1 -3
data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
data/lib/tcell_agent/rails/start_agent_after_initializers.rb +12 -0
data/lib/tcell_agent/rails/tcell_body_proxy.rb +6 -4
data/lib/tcell_agent/rust/agent_config.rb +49 -0
data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-4.14.0.dylib} +0 -0
data/lib/tcell_agent/rust/libtcellagent-4.14.0.so +0 -0
data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-alpine-4.14.0.so} +0 -0
data/lib/tcell_agent/rust/models.rb +0 -55
data/lib/tcell_agent/rust/native_agent.rb +531 -0
data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
data/lib/tcell_agent/rust/native_library.rb +68 -0
data/lib/tcell_agent/rust/tcellagent-4.14.0.dll +0 -0
data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
data/lib/tcell_agent/servers/passenger.rb +1 -28
data/lib/tcell_agent/servers/puma.rb +3 -21
data/lib/tcell_agent/servers/rails_server.rb +1 -1
data/lib/tcell_agent/servers/thin.rb +2 -2
data/lib/tcell_agent/servers/unicorn.rb +19 -80
data/lib/tcell_agent/servers/webrick.rb +1 -1
data/lib/tcell_agent/settings_reporter.rb +24 -24
data/lib/tcell_agent/sinatra.rb +14 -16
data/lib/tcell_agent/tcell_context.rb +40 -14
data/lib/tcell_agent/utils/headers.rb +14 -0
data/lib/tcell_agent/version.rb +1 -1
data/spec/lib/tcell_agent/cmdi_spec.rb +0 -585
data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -18
data/spec/lib/tcell_agent/configuration_spec.rb +4 -140
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +556 -0
data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +249 -0
data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +105 -0
data/spec/lib/tcell_agent/patches_spec.rb +25 -43
data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
data/spec/lib/tcell_agent/settings_reporter_spec.rb +127 -153
data/spec/spec_helper.rb +1 -1
data/spec/support/builders.rb +104 -0
data/spec/support/force_logger_mocking.rb +38 -0
data/spec/support/resources/lfi_sample_file.txt +2 -0
data/spec/support/static_agent_overrides.rb +0 -15
metadata +63 -74
data/lib/tcell_agent/agent/event_processor.rb +0 -326
data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
data/lib/tcell_agent/agent/policy_manager.rb +0 -219
data/lib/tcell_agent/agent/policy_types.rb +0 -30
data/lib/tcell_agent/api.rb +0 -91
data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
data/lib/tcell_agent/config/child_process_events.rb +0 -8
data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
data/lib/tcell_agent/policies/rust_policies.rb +0 -110
data/lib/tcell_agent/rails.rb +0 -40
data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +0 -308
data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
data/lib/tcell_agent/sensor_events/patches.rb +0 -21
data/lib/tcell_agent/start_background_thread.rb +0 -55
data/lib/tcell_agent/system_info.rb +0 -11
data/lib/tcell_agent/utils/io.rb +0 -38
data/lib/tcell_agent/utils/passwords.rb +0 -28
data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143

data/lib/tcell_agent/utils/headers.rb ADDED

@@ -0,0 +1,14 @@
+module TCellAgent
+  module Utils
+    module Headers
+      def self.clean_keys(request_env_or_header_keys)
+        if request_env_or_header_keys.is_a?(Hash)
+          request_env_or_header_keys.select { |k, _v| k.start_with? 'HTTP_' }.collect { |k, _v| k.sub(/^HTTP_/, '') }
+        else
+          request_env_or_header_keys.map { |k| k.sub(/^HTTP_/, '') }
+        end
+      end
+    end
+  end
+end

data/lib/tcell_agent/version.rb CHANGED

@@ -1,5 +1,5 @@
 # See the file "LICENSE" for the full license governing this code.
 module TCellAgent
-  VERSION = '1.1.12'.freeze
+  VERSION = '2.0.0'.freeze
 end

data/spec/lib/tcell_agent/cmdi_spec.rb CHANGED

@@ -148,589 +148,4 @@ module TCellAgent
       end
     end
   end
-  describe IO do
-    describe '.popen' do
-      before(:each) do
-        configuration = double(
-          'configuration',
-          {
-            'app_id' => 'app_id',
-            'api_key' => 'api_key',
-            'allow_payloads' => true,
-            'js_agent_api_base_url' => 'http://api.tcell.com/',
-            'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-            'max_csp_header_bytes' => nil,
-            'event_time_limit_seconds' => 15,
-            'event_batch_size_limit' => 50,
-            'preload_policy_filename' => nil,
-            'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
-            'agent_home_owner' => nil
-          }
-        )
-        expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-        @rust_policies = TCellAgent::Policies::RustPolicies.new
-      end
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            IO.popen
-          end.to raise_error(ArgumentError)
-          expect do
-            IO.popen(nil)
-          end.to raise_error(TypeError)
-          expect do
-            IO.popen('')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'non existent command' do
-        it 'should return nil' do
-          expect do
-            IO.popen('foobar')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          expect(IO.popen('echo test').read.chomp).to eq('test')
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            IO.popen('echo test')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(@rust_policies.cmdi_enabled).to eq(false)
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_call_original
-            expect(@rust_policies).to_not receive(:block_command?)
-            IO.popen('echo test')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            IO.popen('echo test')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              IO.popen('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-      context 'with env' do
-        before(:each) do
-          @env = { 'TCELL_VAR' => 'enabled' }
-        end
-        context 'with string command' do
-          it 'should execute the command' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, 'echo', 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, 'echo', 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with string command and arguments' do
-          it 'should parse the command' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with array command' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([@env, 'echo', 'test', :unsetenv_others => true], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [@env, 'echo', 'test', :unsetenv_others => true], 'w+', :err => %i[child out])
-          end
-        end
-      end
-      context 'without env' do
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with(
-              "echo -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-            IO.popen(
-              [%w[echo argv0],
-               '-size',
-               '320x85',
-               'canvas:none',
-               '-font',
-               'Bookman-DemiItalic',
-               '-draw',
-               "\"text 25,60 \'Magick\'\""],
-              :unsetenv_others => true
-            )
-          end
-        end
-      end
-    end
-  end
-  describe Kernel do
-    before(:each) do
-      configuration = double(
-        'configuration',
-        {
-          'app_id' => 'app_id',
-          'api_key' => 'api_key',
-          'allow_payloads' => true,
-          'js_agent_api_base_url' => 'http://api.tcell.com/',
-          'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-          'max_csp_header_bytes' => nil,
-          'event_time_limit_seconds' => 15,
-          'event_batch_size_limit' => 50,
-          'preload_policy_filename' => nil,
-          'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
-          'agent_home_owner' => nil
-        }
-      )
-      expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-      @rust_policies = TCellAgent::Policies::RustPolicies.new
-    end
-    describe '.backtick' do
-      context 'empty command' do
-        it 'should raise Errno::ENOENT' do
-          expect do
-            ``
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            `echo test`
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              `echo test`
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '%x methods' do
-      context 'empty command' do
-        it 'should raise Errno::ENOENT' do
-          expect do
-            ``
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            `echo test`
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              `echo test`
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.system' do
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            system
-          end.to raise_error(ArgumentError)
-          expect do
-            system(nil)
-          end.to raise_error(TypeError)
-          expect(system('')).to be_nil
-        end
-      end
-      context 'non existent command' do
-        it 'should return nil' do
-          expect(system('foobar')).to be_nil
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          pid = system('echo test > /dev/null 2>&1')
-          expect(pid).to eq(true)
-          pid = system(RbConfig.ruby, "-e'Hello World!'", '>', '/dev/null', '2>&1')
-          expect(pid).to eq(true)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              system('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.spawn' do
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            spawn
-          end.to raise_error(ArgumentError)
-          expect do
-            spawn(nil)
-          end.to raise_error(TypeError)
-          expect do
-            spawn('')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'non existent command' do
-        it 'should raise error' do
-          expect do
-            spawn('foobar')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          pid = spawn('echo test > /dev/null 2>&1')
-          expect(pid).to_not be_nil
-          pid = spawn(RbConfig.ruby, "-e'Hello World!'", '>', '/dev/null', '2>&1')
-          expect(pid).to_not be_nil
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              spawn('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.exec' do
-      # can only test this case since exec replaces current process with new process
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              exec('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-  end
 end