RubyGems - tcell_agent - Versions diffs - 1.1.12 → 2.0.0 - Mend

tcell_agent 1.1.12 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (163) hide show

checksums.yaml +5 -5
data/bin/tcell_agent +26 -14
data/lib/tcell_agent.rb +16 -10
data/lib/tcell_agent/agent.rb +78 -97
data/lib/tcell_agent/agent/route_manager.rb +0 -16
data/lib/tcell_agent/agent/static_agent.rb +9 -30
data/lib/tcell_agent/authlogic.rb +3 -6
data/lib/tcell_agent/config/unknown_options.rb +4 -8
data/lib/tcell_agent/configuration.rb +38 -119
data/lib/tcell_agent/devise.rb +25 -27
data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
data/lib/tcell_agent/instrument_servers.rb +25 -0
data/lib/tcell_agent/instrumentation.rb +12 -10
data/lib/tcell_agent/instrumentation/cmdi.rb +19 -15
data/lib/tcell_agent/instrumentation/lfi.rb +73 -0
data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +123 -0
data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +159 -0
data/lib/tcell_agent/logger.rb +50 -114
data/lib/tcell_agent/patches.rb +6 -7
data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
data/lib/tcell_agent/policies/headers_policy.rb +25 -0
data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
data/lib/tcell_agent/policies/local_file_access.rb +28 -0
data/lib/tcell_agent/policies/login_policy.rb +43 -0
data/lib/tcell_agent/policies/patches_policy.rb +27 -0
data/lib/tcell_agent/policies/policies_manager.rb +68 -0
data/lib/tcell_agent/policies/policy_polling.rb +58 -0
data/lib/tcell_agent/policies/policy_types.rb +14 -0
data/lib/tcell_agent/policies/system_enablements.rb +27 -0
data/lib/tcell_agent/rails/auth/authlogic.rb +43 -68
data/lib/tcell_agent/rails/auth/devise.rb +20 -23
data/lib/tcell_agent/rails/auth/doorkeeper.rb +63 -74
data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
data/lib/tcell_agent/rails/dlp.rb +25 -15
data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
data/lib/tcell_agent/rails/on_start.rb +32 -31
data/lib/tcell_agent/rails/routes.rb +7 -6
data/lib/tcell_agent/rails/routes/grape.rb +1 -3
data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
data/lib/tcell_agent/rails/start_agent_after_initializers.rb +12 -0
data/lib/tcell_agent/rails/tcell_body_proxy.rb +6 -4
data/lib/tcell_agent/rust/agent_config.rb +49 -0
data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-4.14.0.dylib} +0 -0
data/lib/tcell_agent/rust/libtcellagent-4.14.0.so +0 -0
data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-alpine-4.14.0.so} +0 -0
data/lib/tcell_agent/rust/models.rb +0 -55
data/lib/tcell_agent/rust/native_agent.rb +531 -0
data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
data/lib/tcell_agent/rust/native_library.rb +68 -0
data/lib/tcell_agent/rust/tcellagent-4.14.0.dll +0 -0
data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
data/lib/tcell_agent/servers/passenger.rb +1 -28
data/lib/tcell_agent/servers/puma.rb +3 -21
data/lib/tcell_agent/servers/rails_server.rb +1 -1
data/lib/tcell_agent/servers/thin.rb +2 -2
data/lib/tcell_agent/servers/unicorn.rb +19 -80
data/lib/tcell_agent/servers/webrick.rb +1 -1
data/lib/tcell_agent/settings_reporter.rb +24 -24
data/lib/tcell_agent/sinatra.rb +14 -16
data/lib/tcell_agent/tcell_context.rb +40 -14
data/lib/tcell_agent/utils/headers.rb +14 -0
data/lib/tcell_agent/version.rb +1 -1
data/spec/lib/tcell_agent/cmdi_spec.rb +0 -585
data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -18
data/spec/lib/tcell_agent/configuration_spec.rb +4 -140
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +556 -0
data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +249 -0
data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +105 -0
data/spec/lib/tcell_agent/patches_spec.rb +25 -43
data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
data/spec/lib/tcell_agent/settings_reporter_spec.rb +127 -153
data/spec/spec_helper.rb +1 -1
data/spec/support/builders.rb +104 -0
data/spec/support/force_logger_mocking.rb +38 -0
data/spec/support/resources/lfi_sample_file.txt +2 -0
data/spec/support/static_agent_overrides.rb +0 -15
metadata +63 -74
data/lib/tcell_agent/agent/event_processor.rb +0 -326
data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
data/lib/tcell_agent/agent/policy_manager.rb +0 -219
data/lib/tcell_agent/agent/policy_types.rb +0 -30
data/lib/tcell_agent/api.rb +0 -91
data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
data/lib/tcell_agent/config/child_process_events.rb +0 -8
data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
data/lib/tcell_agent/policies/rust_policies.rb +0 -110
data/lib/tcell_agent/rails.rb +0 -40
data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +0 -308
data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
data/lib/tcell_agent/sensor_events/patches.rb +0 -21
data/lib/tcell_agent/start_background_thread.rb +0 -55
data/lib/tcell_agent/system_info.rb +0 -11
data/lib/tcell_agent/utils/io.rb +0 -38
data/lib/tcell_agent/utils/passwords.rb +0 -28
data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143

data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb ADDED

@@ -0,0 +1,556 @@
+require 'spec_helper'
+require 'securerandom'
+describe 'IO' do
+  before do
+    native_agent = double('native_agent')
+    @local_files_policy = TCellAgent::Policies::LocalFileInclusion.new(
+      native_agent, {}
+    )
+    @cmdi_policy = TCellAgent::Policies::CommandInjectionPolicy.new(
+      native_agent, {}
+    )
+  end
+  before(:all) do
+    @filename = get_test_resource_path('lfi_sample_file.txt')
+    @file_contents = "This is line one.\nThis is line two.\n"
+    @file_length = @file_contents.length
+    @new_file_name = '/tmp/' + SecureRandom.uuid
+    @new_file_contents_offset = "This OFFSETe one.\nThis is line two.\n"
+  end
+  describe '.binread' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.binread
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.binread(nil)
+        end.to raise_error(TypeError)
+        expect do
+          IO.binread('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+        end
+      end
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.binread('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should still be able to read file' do
+          result = IO.binread(@filename)
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and a length of 20' do
+        it 'should read 20 bytes of the file' do
+          result = IO.binread(@filename, 20)
+          expect(result).to eq @file_contents[0..19]
+        end
+      end
+      context 'with a filename and a length of 20 and an offset of 5' do
+        it 'should read 20 bytes starting from the 5th byte' do
+          result = IO.binread(@filename, 20, 5)
+          expect(result).to eq @file_contents[5..24]
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+        end
+      end
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.binread('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.binread(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length of 20' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.binread(@filename, 20)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length of 20 and an offset of 5' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.binread(@filename, 20, 5)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.binwrite' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.binwrite
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.binwrite(nil)
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.binwrite('')
+        end.to raise_error(ArgumentError)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+      context 'with a nonexistent filename and string' do
+        it 'should create the file' do
+          IO.binwrite(@new_file_name, '')
+          expect(File.exist?(@new_file_name)).to be_truthy
+          File.delete(@new_file_name)
+        end
+        it 'should write to the file' do
+          expect(IO.binwrite(@new_file_name, @file_contents)).to eq @file_length
+          File.delete(@new_file_name)
+        end
+      end
+      context 'with a nonexistent filename and string and offset' do
+        it 'should write to the file at the offset value 5' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy, @local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false, false)
+          IO.binwrite(@new_file_name, @file_contents)
+          IO.binwrite(@new_file_name, 'OFFSET', 5)
+          expect(IO.binread(@new_file_name)).to eq @new_file_contents_offset
+          File.delete(@new_file_name)
+        end
+      end
+    end
+    context 'with a file blocked for read or write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+      context 'with a nonexistent filename and a string' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.binwrite(@new_file_name, @file_contents)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a nonexistent filename and a string and an offset' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.binwrite(@new_file_name, @file_contents)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.foreach' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.foreach('') { pass }
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+      context 'with a filename' do
+        it 'should be able to read the file' do
+          result = ''
+          IO.foreach(@filename) { |line| result << line }
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and a limit 16' do
+        it 'should split each line to a max length of 16' do
+          result = ''
+          IO.foreach(@filename, 16) { |line| result << line }
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and sep' do
+        # TODO: no documentation on how to use sep
+      end
+      context 'with a filename and sep and limit' do
+        # TODO: no documentation on how to use sep and limit
+      end
+    end
+    context 'with a file blocked for read or write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            result = ''
+            IO.foreach(@filename) { |line| result << line }
+            expect(result).to eq @file_contents
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.read' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.read
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.read('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+        end
+      end
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.read('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should read the file' do
+          result = IO.read(@filename)
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and a length of 20' do
+        it 'should read 20 bytes of the file' do
+          result = IO.read(@filename, 20)
+          expect(result).to eq @file_contents[0..19]
+        end
+      end
+      context 'with a filename and a length of 20 and an offset of 5' do
+        it 'should read 20 bytes starting from the 5th byte' do
+          result = IO.read(@filename, 20, 5)
+          expect(result).to eq @file_contents[5..24]
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+        end
+      end
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.read('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.read(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length 20' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.read(@filename, 20)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length and an offset 5' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.read(@filename, 20, 5)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.readlines' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.readlines
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.readlines('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+        end
+      end
+      context 'with a filename' do
+        it 'should read the file' do
+          result = IO.readlines(@filename)
+          expect(result[0] + result[1]).to eq @file_contents
+        end
+      end
+      context 'with a filename and a limit 20' do
+        it 'should read 20 bytes of the file' do
+          exp_result = ['This ', 'is li', 'ne on', "e.\n", 'This ', 'is li', 'ne tw', "o.\n"]
+          result = IO.readlines(@filename, 5)
+          expect(result).to eq exp_result
+        end
+      end
+      context 'with a filename and a limit of 20 and sep' do
+        # TODO
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+        end
+      end
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.readlines('|echo test')[0]
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.readlines(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.sysopen' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.sysopen
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.sysopen(nil)
+        end.to raise_error(TypeError)
+        expect do
+          IO.sysopen('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a nonexistent file' do
+      context 'with mode r' do
+        it 'should raise an error' do
+        end
+      end
+      context 'with mode w' do
+        it 'should return an integer' do
+        end
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+      context 'with a filename' do
+        it 'should return an integer' do
+          fd = IO.sysopen(@filename)
+          expect(fd).to be_a(Integer)
+        end
+        it 'should open the file for read' do
+          fd = IO.sysopen(@filename)
+          expect(IO.new(fd).read).to eq @file_contents
+        end
+      end
+      context 'with a filename and mode w' do
+        it 'should return an integer' do
+          fd = IO.sysopen(@new_file_name, 'w')
+          expect(fd).to be_a(Integer)
+        end
+        it 'should open the file for write' do
+          fd = IO.sysopen(@new_file_name, 'w')
+          file = IO.new(fd, 'w')
+          file.puts @file_contents
+          file.rewind
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+      context 'with a filename' do
+        it 'should not be able to open the file for read' do
+          expect do
+            IO.sysopen(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and mode' do
+        it 'should not be able to open the file for read' do
+          expect do
+            IO.sysopen(@filename, 'r')
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.write' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.write
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.write(nil)
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.write('')
+        end.to raise_error(ArgumentError)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+      context 'with a filename that doe not exist' do
+        it 'should create the file' do
+          IO.write(@new_file_name, @file_contents)
+          expect(File.exist?(@new_file_name)).to be_truthy
+          File.delete(@new_file_name)
+        end
+        it 'should write to the file' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          IO.write(@new_file_name, @file_contents)
+          expect(IO.read(@new_file_name)).to eq @file_contents
+          File.delete(@new_file_name)
+        end
+      end
+      context 'with a filename that does exist' do
+        it 'should overwrite the file' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          IO.write(@new_file_name, @file_contents)
+          expect(IO.read(@new_file_name)).to eq @file_contents
+          File.delete(@new_file_name)
+        end
+      end
+      context 'with a filename that does exist and an offset 5' do
+        it 'should overwrite the file starting at the offset value' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy, @local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false, false)
+          exp_results = @file_contents.dup
+          exp_results[1..6] = 'OFFSET'
+          IO.write(@new_file_name, @file_contents)
+          IO.write(@new_file_name, 'OFFSET', 1)
+          expect(IO.read(@new_file_name)).to eq exp_results
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+      context 'with a filename that does not exist' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.write(@new_file_name, '')
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename that does exist' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.write(@filename, @file_contents)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+end