RubyGems - tcell_agent - Versions diffs - 1.1.12 → 2.0.0 - Mend

tcell_agent 1.1.12 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (163) hide show

checksums.yaml +5 -5
data/bin/tcell_agent +26 -14
data/lib/tcell_agent.rb +16 -10
data/lib/tcell_agent/agent.rb +78 -97
data/lib/tcell_agent/agent/route_manager.rb +0 -16
data/lib/tcell_agent/agent/static_agent.rb +9 -30
data/lib/tcell_agent/authlogic.rb +3 -6
data/lib/tcell_agent/config/unknown_options.rb +4 -8
data/lib/tcell_agent/configuration.rb +38 -119
data/lib/tcell_agent/devise.rb +25 -27
data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
data/lib/tcell_agent/instrument_servers.rb +25 -0
data/lib/tcell_agent/instrumentation.rb +12 -10
data/lib/tcell_agent/instrumentation/cmdi.rb +19 -15
data/lib/tcell_agent/instrumentation/lfi.rb +73 -0
data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +123 -0
data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +159 -0
data/lib/tcell_agent/logger.rb +50 -114
data/lib/tcell_agent/patches.rb +6 -7
data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
data/lib/tcell_agent/policies/headers_policy.rb +25 -0
data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
data/lib/tcell_agent/policies/local_file_access.rb +28 -0
data/lib/tcell_agent/policies/login_policy.rb +43 -0
data/lib/tcell_agent/policies/patches_policy.rb +27 -0
data/lib/tcell_agent/policies/policies_manager.rb +68 -0
data/lib/tcell_agent/policies/policy_polling.rb +58 -0
data/lib/tcell_agent/policies/policy_types.rb +14 -0
data/lib/tcell_agent/policies/system_enablements.rb +27 -0
data/lib/tcell_agent/rails/auth/authlogic.rb +43 -68
data/lib/tcell_agent/rails/auth/devise.rb +20 -23
data/lib/tcell_agent/rails/auth/doorkeeper.rb +63 -74
data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
data/lib/tcell_agent/rails/dlp.rb +25 -15
data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
data/lib/tcell_agent/rails/on_start.rb +32 -31
data/lib/tcell_agent/rails/routes.rb +7 -6
data/lib/tcell_agent/rails/routes/grape.rb +1 -3
data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
data/lib/tcell_agent/rails/start_agent_after_initializers.rb +12 -0
data/lib/tcell_agent/rails/tcell_body_proxy.rb +6 -4
data/lib/tcell_agent/rust/agent_config.rb +49 -0
data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-4.14.0.dylib} +0 -0
data/lib/tcell_agent/rust/libtcellagent-4.14.0.so +0 -0
data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-alpine-4.14.0.so} +0 -0
data/lib/tcell_agent/rust/models.rb +0 -55
data/lib/tcell_agent/rust/native_agent.rb +531 -0
data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
data/lib/tcell_agent/rust/native_library.rb +68 -0
data/lib/tcell_agent/rust/tcellagent-4.14.0.dll +0 -0
data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
data/lib/tcell_agent/servers/passenger.rb +1 -28
data/lib/tcell_agent/servers/puma.rb +3 -21
data/lib/tcell_agent/servers/rails_server.rb +1 -1
data/lib/tcell_agent/servers/thin.rb +2 -2
data/lib/tcell_agent/servers/unicorn.rb +19 -80
data/lib/tcell_agent/servers/webrick.rb +1 -1
data/lib/tcell_agent/settings_reporter.rb +24 -24
data/lib/tcell_agent/sinatra.rb +14 -16
data/lib/tcell_agent/tcell_context.rb +40 -14
data/lib/tcell_agent/utils/headers.rb +14 -0
data/lib/tcell_agent/version.rb +1 -1
data/spec/lib/tcell_agent/cmdi_spec.rb +0 -585
data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -18
data/spec/lib/tcell_agent/configuration_spec.rb +4 -140
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +556 -0
data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +249 -0
data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +105 -0
data/spec/lib/tcell_agent/patches_spec.rb +25 -43
data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
data/spec/lib/tcell_agent/settings_reporter_spec.rb +127 -153
data/spec/spec_helper.rb +1 -1
data/spec/support/builders.rb +104 -0
data/spec/support/force_logger_mocking.rb +38 -0
data/spec/support/resources/lfi_sample_file.txt +2 -0
data/spec/support/static_agent_overrides.rb +0 -15
metadata +63 -74
data/lib/tcell_agent/agent/event_processor.rb +0 -326
data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
data/lib/tcell_agent/agent/policy_manager.rb +0 -219
data/lib/tcell_agent/agent/policy_types.rb +0 -30
data/lib/tcell_agent/api.rb +0 -91
data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
data/lib/tcell_agent/config/child_process_events.rb +0 -8
data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
data/lib/tcell_agent/policies/rust_policies.rb +0 -110
data/lib/tcell_agent/rails.rb +0 -40
data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +0 -308
data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
data/lib/tcell_agent/sensor_events/patches.rb +0 -21
data/lib/tcell_agent/start_background_thread.rb +0 -55
data/lib/tcell_agent/system_info.rb +0 -11
data/lib/tcell_agent/utils/io.rb +0 -38
data/lib/tcell_agent/utils/passwords.rb +0 -28
data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143

data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb ADDED

@@ -0,0 +1,504 @@
+require 'spec_helper'
+describe IO do
+  describe '.binread' do
+    before(:each) do
+      native_agent = double('native_agent')
+      @command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new(
+        native_agent, {}
+      )
+    end
+    context 'empty name' do
+      it 'should raise an error' do
+        expect do
+          IO.binread
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.binread(nil)
+        end.to raise_error(TypeError)
+        expect do
+          IO.binread('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'name starts with a | operator' do
+      context 'with an empty or invalid command' do
+        it 'should raise an error' do
+          expect do
+            IO.binread('|')
+          end.to raise_error(Errno::ENOENT)
+          expect do
+            IO.binread('|invalid command')
+          end.to raise_error(Errno::ENOENT)
+          expect do
+            IO.binread('|invalid command', 10)
+          end.to raise_error(Errno::ENOENT)
+          expect do
+            IO.binread('|invalid command', 10, 20)
+          end.to raise_error(Errno::ENOENT)
+        end
+      end
+      context 'with a valid command' do
+        it 'should execute the command' do
+          expect(IO.binread('|echo test')).to eq("test\n")
+        end
+      end
+      context 'with a non blocked command present' do
+        before(:each) do
+          allow_any_instance_of(TCellAgent::Agent).to receive(:safe_to_check_cmdi).and_return(true)
+        end
+        context 'with command injection disabled' do
+          it 'should execute the command' do
+            expect(@command_injection_policy.enabled).to eq(false)
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::COMMANDINJECTION
+            ).and_return(@command_injection_policy)
+            expect(@command_injection_policy).to receive(:enabled).and_call_original
+            expect(@command_injection_policy).to_not receive(:block_command?)
+            expect(IO.binread('|echo test')).to eq("test\n")
+          end
+        end
+        context 'with command injection enabled' do
+          it 'should execute the command' do
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::COMMANDINJECTION
+            ).and_return(@command_injection_policy)
+            expect(@command_injection_policy).to receive(:enabled).and_return(true)
+            expect(@command_injection_policy).to receive(:block_command?).with('echo test', nil).and_return(false)
+            expect(IO.binread('|echo test')).to eq("test\n")
+          end
+        end
+      end
+      context 'with a blocked command present' do
+        context 'with command injection enabled' do
+          it 'should raise a RuntimeError' do
+            allow_any_instance_of(TCellAgent::Agent).to receive(:safe_to_check_cmdi).and_return(true)
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::COMMANDINJECTION
+            ).and_return(@command_injection_policy)
+            expect(@command_injection_policy).to receive(:enabled).and_return(true)
+            expect(@command_injection_policy).to receive(:block_command?).with('echo test', nil).and_return(true)
+            expect do
+              IO.binread('|echo test')
+            end.to raise_error(RuntimeError)
+          end
+        end
+      end
+    end
+  end
+  describe '.popen' do
+    before(:each) do
+      native_agent = double('native_agent')
+      @command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new(
+        native_agent, {}
+      )
+    end
+    context 'empty command' do
+      it 'should raise an error' do
+        expect do
+          IO.popen
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.popen(nil)
+        end.to raise_error(TypeError)
+        expect do
+          IO.popen('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'non existent command' do
+      it 'should return nil' do
+        expect do
+          IO.popen('foobar')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a valid command' do
+      it 'should execute command' do
+        expect(IO.popen('echo test').read).to eq("test\n")
+      end
+    end
+    context 'with a non blocked command present' do
+      before(:each) do
+        allow_any_instance_of(TCellAgent::Agent).to receive(:safe_to_check_cmdi).and_return(true)
+      end
+      context 'with command injection disabled' do
+        it 'should execute the command' do
+          expect(@command_injection_policy.enabled).to eq(false)
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::COMMANDINJECTION
+          ).and_return(@command_injection_policy)
+          expect(@command_injection_policy).to receive(:enabled).and_call_original
+          expect(@command_injection_policy).to_not receive(:block_command?)
+          IO.popen('echo test')
+        end
+      end
+      context 'with command injection enabled' do
+        it 'should execute the command' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::COMMANDINJECTION
+          ).and_return(@command_injection_policy)
+          expect(@command_injection_policy).to receive(:enabled).and_return(true)
+          expect(@command_injection_policy).to receive(:block_command?).with('echo test', nil).and_return(false)
+          IO.popen('echo test')
+        end
+      end
+    end
+    context 'with a blocked command present' do
+      context 'with command injection enabled' do
+        it 'should raise a RuntimeError' do
+          allow_any_instance_of(TCellAgent::Agent).to receive(:safe_to_check_cmdi).and_return(true)
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::COMMANDINJECTION
+          ).and_return(@command_injection_policy)
+          expect(@command_injection_policy).to receive(:enabled).and_return(true)
+          expect(@command_injection_policy).to receive(:block_command?).with('echo test', nil).and_return(true)
+          expect do
+            IO.popen('echo test')
+          end.to raise_error(RuntimeError)
+        end
+      end
+    end
+    context 'with env' do
+      before(:each) do
+        @env = { 'TCELL_VAR' => 'enabled' }
+      end
+      context 'with string command' do
+        it 'should execute the command' do
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
+          IO.popen(@env, 'echo', 'w+')
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
+          IO.popen(@env, 'echo', 'w+', :unsetenv_others => true)
+        end
+      end
+      context 'with string command and arguments' do
+        it 'should parse the command' do
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, 'echo test')
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, 'echo test', 'w+')
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, 'echo test', :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, 'echo test', 'w+', :unsetenv_others => true)
+        end
+      end
+      context 'with array command' do
+        it 'should parse the command properly' do
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
+          IO.popen(@env, [%w[echo argv0]], 'w+')
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
+          IO.popen(@env, [%w[echo argv0]], :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
+          IO.popen(@env, [%w[echo argv0]], 'w+', :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
+          IO.popen(@env, ['echo'], 'w+')
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
+          IO.popen(@env, ['echo'], :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
+          IO.popen(@env, ['echo'], 'w+', :unsetenv_others => true)
+        end
+      end
+      context 'with array command and arguments' do
+        it 'should parse the command properly' do
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, [%w[echo argv0], 'test'])
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, [%w[echo argv0], 'test'], 'w+')
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, [%w[echo argv0], 'test'], :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, [%w[echo argv0], 'test'], 'w+', :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, %w[echo test])
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, %w[echo test], 'w+')
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, %w[echo test], :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, %w[echo test], 'w+', :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen([@env, 'echo', 'test', :unsetenv_others => true], 'w+')
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(@env, [@env, 'echo', 'test', :unsetenv_others => true], 'w+', :err => %i[child out])
+        end
+      end
+    end
+    context 'without env' do
+      context 'with array command and arguments' do
+        it 'should parse the command properly' do
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen([%w[echo argv0], 'test'])
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen([%w[echo argv0], 'test'], 'w+')
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen([%w[echo argv0], 'test'], :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen([%w[echo argv0], 'test'], 'w+', :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(%w[echo test])
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(%w[echo test], 'w+')
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(%w[echo test], :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
+          IO.popen(%w[echo test], 'w+', :unsetenv_others => true)
+          expect(TCellAgent::Cmdi).to receive(:block_command?).with(
+            "echo -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
+          )
+          IO.popen(
+            [%w[echo argv0],
+             '-size',
+             '320x85',
+             'canvas:none',
+             '-font',
+             'Bookman-DemiItalic',
+             '-draw',
+             "\"text 25,60 \'Magick\'\""],
+            :unsetenv_others => true
+          )
+        end
+      end
+    end
+  end
+  describe '.read' do
+    before(:each) do
+      native_agent = double('native_agent')
+      @command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new(
+        native_agent, {}
+      )
+    end
+    context 'empty name' do
+      it 'should raise an error' do
+        expect do
+          IO.read
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.read(nil)
+        end.to raise_error(TypeError)
+        expect do
+          IO.read('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'name starts with a | operator' do
+      context 'with an empty or invalid command' do
+        it 'should raise an error' do
+          expect do
+            IO.read('|')
+          end.to raise_error(Errno::ENOENT)
+          expect do
+            IO.read('|invalid command')
+          end.to raise_error(Errno::ENOENT)
+          expect do
+            IO.read('|invalid command', 10)
+          end.to raise_error(Errno::ENOENT)
+          expect do
+            IO.read('|invalid command', 10, 20)
+          end.to raise_error(Errno::ENOENT)
+        end
+      end
+      context 'with a valid command' do
+        it 'should execute the command' do
+          expect(IO.read('|echo test')).to eq("test\n")
+        end
+      end
+      context 'with a non blocked command present' do
+        before(:each) do
+          allow_any_instance_of(TCellAgent::Agent).to receive(:safe_to_check_cmdi).and_return(true)
+        end
+        context 'with command injection disabled' do
+          it 'should execute the command' do
+            expect(@command_injection_policy.enabled).to eq(false)
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::COMMANDINJECTION
+            ).and_return(@command_injection_policy)
+            expect(@command_injection_policy).to receive(:enabled).and_call_original
+            expect(@command_injection_policy).to_not receive(:block_command?)
+            expect(IO.read('|echo test')).to eq("test\n")
+          end
+        end
+        context 'with command injection enabled' do
+          it 'should execute the command' do
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::COMMANDINJECTION
+            ).and_return(@command_injection_policy)
+            expect(@command_injection_policy).to receive(:enabled).and_return(true)
+            expect(@command_injection_policy).to receive(:block_command?).and_return(false)
+            expect(IO.read('|echo test')).to eq("test\n")
+          end
+        end
+      end
+      context 'with a blocked command present' do
+        context 'with command injection enabled' do
+          it 'should raise a RuntimeError' do
+            allow_any_instance_of(TCellAgent::Agent).to receive(:safe_to_check_cmdi).and_return(true)
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::COMMANDINJECTION
+            ).and_return(@command_injection_policy)
+            expect(@command_injection_policy).to receive(:enabled).and_return(true)
+            expect(@command_injection_policy).to receive(:block_command?).and_return(true)
+            expect do
+              IO.read('|echo test')
+            end.to raise_error(RuntimeError)
+          end
+        end
+      end
+    end
+  end
+  describe '.readlines' do
+    before(:each) do
+      native_agent = double('native_agent')
+      @command_injection_policy = TCellAgent::Policies::CommandInjectionPolicy.new(
+        native_agent, {}
+      )
+    end
+    context 'empty name' do
+      it 'should raise an error' do
+        expect do
+          IO.readlines
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.readlines(nil)
+        end.to raise_error(TypeError)
+        expect do
+          IO.readlines('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'name starts with a | operator' do
+      context 'with an empty or invalid command' do
+        it 'should raise an error' do
+          expect do
+            IO.readlines('|')
+          end.to raise_error(Errno::ENOENT)
+          expect do
+            IO.readlines('|invalid command')
+          end.to raise_error(Errno::ENOENT)
+          expect do
+            IO.readlines('|invalid command', 10)
+          end.to raise_error(Errno::ENOENT)
+        end
+      end
+      context 'with a valid command' do
+        it 'should execute the command' do
+          expect(IO.readlines('|echo test')[0]).to eq("test\n")
+        end
+      end
+      context 'with a non blocked command present' do
+        before(:each) do
+          allow_any_instance_of(TCellAgent::Agent).to receive(:safe_to_check_cmdi).and_return(true)
+        end
+        context 'with command injection disabled' do
+          it 'should execute the command' do
+            expect(@command_injection_policy.enabled).to eq(false)
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::COMMANDINJECTION
+            ).and_return(@command_injection_policy)
+            expect(@command_injection_policy).to receive(:enabled).and_call_original
+            expect(@command_injection_policy).to_not receive(:block_command?)
+            expect(IO.readlines('|echo test')[0]).to eq("test\n")
+          end
+        end
+        context 'with command injection enabled' do
+          it 'should execute the command' do
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::COMMANDINJECTION
+            ).and_return(@command_injection_policy)
+            expect(@command_injection_policy).to receive(:enabled).and_return(true)
+            expect(@command_injection_policy).to receive(:block_command?).and_return(false)
+            expect(IO.readlines('|echo test')[0]).to eq("test\n")
+          end
+        end
+      end
+      context 'with a blocked command present' do
+        context 'with command injection enabled' do
+          it 'should raise a RuntimeError' do
+            allow_any_instance_of(TCellAgent::Agent).to receive(:safe_to_check_cmdi).and_return(true)
+            expect(TCellAgent).to receive(:policy).with(
+              TCellAgent::PolicyTypes::COMMANDINJECTION
+            ).and_return(@command_injection_policy)
+            expect(@command_injection_policy).to receive(:enabled).and_return(true)
+            expect(@command_injection_policy).to receive(:block_command?).with('echo test', nil).and_return(true)
+            expect do
+              IO.readlines('|echo test')
+            end.to raise_error(RuntimeError)
+          end
+        end
+      end
+    end
+  end
+end