tcell_agent 1.1.12 → 2.0.0

data/spec/lib/tcell_agent/policies/policies_manager_spec.rb

@@ -0,0 +1,104 @@
+require 'spec_helper'
+
+module TCellAgent
+  describe PoliciesManager do
+    before(:all) do
+      assert_policy_state = proc do |policies, state|
+        expect(policies.keys.size).to eq(10)
+
+        policies.values.each do |policy|
+          next if policy.instance_of?(TCellAgent::Policies::LoginPolicy)
+          next if policy.instance_of?(TCellAgent::Policies::SystemEnablements)
+
+          expect(policy.enabled).to eq(state)
+        end
+
+        expect(
+          policies[
+            TCellAgent::Policies::LoginPolicy.api_identifier
+          ].login_success_enabled
+        ).to eq(state)
+        expect(
+          policies[
+            TCellAgent::Policies::LoginPolicy.api_identifier
+          ].login_failed_enabled
+        ).to eq(state)
+      end
+
+      @assert_all_policies_enabled = proc do |policies|
+        assert_policy_state.call(policies, true)
+      end
+      @assert_all_policies_disabled = proc do |policies|
+        assert_policy_state.call(policies, false)
+      end
+    end
+
+    describe '#initialize' do
+      context 'default PoliciesManager' do
+        it 'should have all policies disabled' do
+          native_agent = double('native_agent')
+          policies_manager = PoliciesManager.new(native_agent)
+
+          @assert_all_policies_disabled.call(policies_manager.policies)
+        end
+      end
+
+      describe '#process_policy_json' do
+        before(:each) do
+          @native_agent = double('native_agent')
+          @policies_manager = PoliciesManager.new(@native_agent)
+        end
+
+        context 'nil enablements' do
+          it 'all policies should remain disabled' do
+            @policies_manager.process_policy_json(nil, {})
+            @assert_all_policies_disabled.call(@policies_manager.policies)
+          end
+        end
+
+        context 'empty enablements' do
+          it 'all policies should remain disabled' do
+            @policies_manager.process_policy_json({}, {})
+            @assert_all_policies_disabled.call(@policies_manager.policies)
+          end
+        end
+
+        context 'empty enablements' do
+          it 'all policies should remain disabled' do
+            @policies_manager.process_policy_json({}, {})
+            @assert_all_policies_disabled.call(@policies_manager.policies)
+          end
+        end
+
+        context 'with enablements and policies_json' do
+          it 'all policies should be enabled' do
+            enablements = {
+              'appfirewall' => true,
+              'cmdi' => true,
+              'headers' => true,
+              'http_redirect' => true,
+              'jsagentinjection' => true,
+              'patches' => true,
+              'local_file_access' => true,
+              'login_success_enabled' => true,
+              'login_failed_enabled' => true
+            }
+            policies_json = {
+              'dlp' => {
+                'policy_id' => 'policy-id',
+                'version' => 1,
+                'data' => {
+                  'data_discovery' => {
+                    'database_enabled' => true
+                  }
+                }
+              }
+            }
+            @policies_manager.process_policy_json(enablements, policies_json)
+            @assert_all_policies_enabled.call(@policies_manager.policies)
+          end
+        end
+      end
+    end
+  end
+end

data/spec/lib/tcell_agent/policies/policy_polling_spec.rb

@@ -0,0 +1,6 @@
+require 'spec_helper'
+
+module TCellAgent
+  class PolicyPolling
+  end
+end

data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb

@@ -0,0 +1,56 @@
+
+require 'spec_helper'
+
+module TCellAgent
+  module Policies
+    describe HeadersPolicy do
+      describe '#get_headers' do
+        context 'with enabled policy' do
+          before(:each) do
+            configuration = TCellAgent::Tests::ConfigurationBuilder.new.build
+            @native_agent = TCellAgent::Rust::NativeAgent.create_agent(
+              configuration
+            )
+            @tcell_context = TCellAgent::Tests::TCellContextBuilder.new.update_attribute(
+              'session_id', 'session-id'
+            ).update_attribute(
+              'route_id', 'route-id'
+            ).build
+          end
+
+          after(:each) do
+            TCellAgent::Rust::NativeAgent.free_agent(@native_agent.agent_ptr)
+          end
+
+          it 'should return csp header' do
+            enablements = @native_agent.update_policies(
+              {
+                'secure-headers' => {
+                  'version' => 1,
+                  'policy_id' => 'xyzd',
+                  'headers' => [
+                    {
+                      'name' => 'X-Content-Type-Options',
+                      'value' => 'nosniff'
+                    }
+                  ]
+                }
+              }
+            )['enablements']
+            expect(enablements['headers']).to eq(true)
+
+            @policy = HeadersPolicy.new(@native_agent, enablements)
+            expect(@policy.enabled).to eq(true)
+
+            expect(
+              @policy.get_headers(@tcell_context)
+            ).to eq(
+              [{ 'name' => 'X-Content-Type-Options',
+                 'value' => 'nosniff' }]
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb

@@ -12,21 +12,12 @@ module TCellAgent
       @csrf_class = WrapperClass.new
     end
 
-    context 'nil rust policies' do
-      it 'should not set csrf_exception_name' do
-        expect(TCellAgent).to receive(:policy).and_return(nil)
-        expect(@csrf_class).to_not receive(:request)
-
-        @csrf_class.handle_unverified_request
-      end
-    end
-
     context 'appfirewall_enabled=false' do
       it 'should not set csrf_exception_name' do
-        rust_policies = double('rust_policies',
-                               :appfirewall_enabled => false)
+        appfirewall_policy = double('appfirewall_policy',
+                                    :enabled => false)
 
-        expect(TCellAgent).to receive(:policy).and_return(rust_policies)
+        expect(TCellAgent).to receive(:policy).and_return(appfirewall_policy)
         expect(@csrf_class).to_not receive(:request)
 
         @csrf_class.handle_unverified_request
@@ -35,12 +26,12 @@ module TCellAgent
 
     context 'appfirewall_enabled=true and nil tcell_data' do
       it 'should not set csrf_exception_name' do
-        rust_policies = double('rust_policies',
-                               :appfirewall_enabled => true)
+        appfirewall_policy = double('appfirewall_policy',
+                                    :enabled => true)
         request = double('request',
                          :env => {})
 
-        expect(TCellAgent).to receive(:policy).and_return(rust_policies)
+        expect(TCellAgent).to receive(:policy).and_return(appfirewall_policy)
         expect(@csrf_class).to receive(:request).and_return(request)
 
         @csrf_class.handle_unverified_request
@@ -52,12 +43,12 @@ module TCellAgent
         tcell_data = TCellAgent::Instrumentation::TCellData.new
         expect(tcell_data.csrf_exception_name).to be(nil)
 
-        rust_policies = double('rust_policies',
-                               :appfirewall_enabled => true)
+        appfirewall_policy = double('appfirewall_policy',
+                                    :enabled => true)
         request = double('request',
                          :env => { TCellAgent::Instrumentation::TCELL_ID => tcell_data })
 
-        expect(TCellAgent).to receive(:policy).and_return(rust_policies)
+        expect(TCellAgent).to receive(:policy).and_return(appfirewall_policy)
         expect(@csrf_class).to receive(:request).and_return(request)
 
         @csrf_class.handle_unverified_request

data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb

@@ -146,12 +146,11 @@ module TCellAgent
           context 'with nil response' do
             it 'should return the unmodified response' do
               logger = double('logger')
-              expect(TCellAgent).to receive(:logger).and_return(logger)
-              expect(TCellAgent).to receive(:logger).and_return(logger)
-              expect(logger).to receive(:debug).with(
-                /Exception in safe_block Handling JSAgent insert: NoMethodError happened, message is undefined method `sub'/
+              expect(TCellAgent::Instrumentation).to receive(:get_safe_block_logger).and_return(logger)
+              expect(logger).to receive(:error).with(
+                /Error Handling JSAgent insert \(NoMethodError\): undefined method `sub'/
               )
-              expect(logger).to receive(:debug).with(kind_of(Array))
+              expect(logger).to receive(:exception) # exception stack trace
 
               response = JSAgent.handle_js_agent_insert('SCRIPT', nil)
 
@@ -197,23 +196,7 @@ module TCellAgent
           end
         end
 
-        context 'with html response but no rust_policies' do
-          it 'should not set js_agent_handler or script_insert' do
-            request = double('request')
-
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            result = JSAgent.get_handler_and_script_insert(
-              request,
-              { 'Content-Type' => 'text/html' }
-            )
-
-            expect(result).to eq([nil, nil])
-          end
-        end
-
-        context 'with html response and rust_policies' do
+        context 'with html response and js agent policy' do
           context 'with nil script_insert' do
             it 'should not set js_agent_handler or script_insert' do
               tcell_data = TCellAgent::Instrumentation::TCellData.new
@@ -221,12 +204,12 @@ module TCellAgent
                                :env => {
                                  TCellAgent::Instrumentation::TCELL_ID => tcell_data
                                })
-              rust_policies = double('rust_policies')
+              js_agent_policy = double('js_agent_policy')
 
               expect(TCellAgent).to receive(:policy).with(
-                TCellAgent::PolicyTypes::RUST
-              ).and_return(rust_policies)
-              expect(rust_policies).to receive(:get_js_agent_script_tag).with(
+                TCellAgent::PolicyTypes::JSAGENTINJECTION
+              ).and_return(js_agent_policy)
+              expect(js_agent_policy).to receive(:get_js_agent_script_tag).with(
                 tcell_data
               ).and_return(nil)
 
@@ -246,12 +229,12 @@ module TCellAgent
                                :env => {
                                  TCellAgent::Instrumentation::TCELL_ID => tcell_data
                                })
-              rust_policies = double('rust_policies')
+              js_agent_policy = double('js_agent_policy')
 
               expect(TCellAgent).to receive(:policy).with(
-                TCellAgent::PolicyTypes::RUST
-              ).and_return(rust_policies)
-              expect(rust_policies).to receive(:get_js_agent_script_tag).with(
+                TCellAgent::PolicyTypes::JSAGENTINJECTION
+              ).and_return(js_agent_policy)
+              expect(js_agent_policy).to receive(:get_js_agent_script_tag).with(
                 tcell_data
               ).and_return('SCRIPT')
 

data/spec/lib/tcell_agent/rails/logger_spec.rb

@@ -3,6 +3,22 @@ require 'spec_helper'
 describe Logger do
   describe '#add' do
     context 'with a warn logger' do
+      before(:each) do
+        req_env = double('request_env')
+        lfi_policy = double('lfi_policy')
+        native_agent = double('native_agent')
+        @local_files_policy = TCellAgent::Policies::LocalFileInclusion.new(
+          native_agent, {}
+        )
+        allow(req_env).to receive(:[])
+        allow(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LFI).and_return(
+          lfi_policy
+        )
+        allow(TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS).to receive(
+          :fetch
+        ).with(anything, {}).and_return(req_env)
+        allow(lfi_policy).to receive(:block_file_access?).and_return(false)
+      end
       context 'writing a debug message' do
         it 'should skip the tcell logic' do
           expect(TCellAgent::Instrumentation).to_not receive(:safe_block_no_log)
@@ -41,11 +57,12 @@ describe Logger do
 
         context 'with an empty message' do
           it 'should not run the context filter' do
+            dlp_policy = double('dlp_policy', :enabled => true)
             expect(TCellAgent::Instrumentation).to receive(:safe_block_no_log).with(
               'Handling DLP log message filtering'
             ).and_call_original
             expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::DATALOSS).and_return(
-              double('dlp_policy')
+              dlp_policy
             )
             expect(TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS).to receive(
               :fetch
@@ -66,9 +83,9 @@ describe Logger do
             expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::DATALOSS).and_return(
               nil
             )
-            expect(TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS).to receive(
+            expect(TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS).to_not receive(
               :fetch
-            ).with(anything, nil).and_return(double('request_env'))
+            ).with(anything, nil)
 
             logger = Logger.new('/dev/null')
 
@@ -79,11 +96,12 @@ describe Logger do
 
         context 'with no request env' do
           it 'should not run the context filter' do
+            dlp_policy = double('dlp_policy', :enabled => true)
             expect(TCellAgent::Instrumentation).to receive(:safe_block_no_log).with(
               'Handling DLP log message filtering'
             ).and_call_original
             expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::DATALOSS).and_return(
-              double('dlp_policy')
+              dlp_policy
             )
             expect(TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS).to receive(
               :fetch
@@ -100,12 +118,13 @@ describe Logger do
           context 'with no tcell_context' do
             it 'should not run the context filter' do
               request_env = double('request_env')
+              dlp_policy = double('dlp_policy', :enabled => true)
 
               expect(TCellAgent::Instrumentation).to receive(:safe_block_no_log).with(
                 'Handling DLP log message filtering'
               ).and_call_original
               expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::DATALOSS).and_return(
-                double('dlp_policy')
+                dlp_policy
               )
               expect(TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS).to receive(
                 :fetch
@@ -120,15 +139,16 @@ describe Logger do
           end
 
           context 'with tcell_context' do
-            it 'should not run the context filter' do
+            it 'should run the context filter' do
               request_env = double('request_env')
               tcell_context = double('tcell_context')
+              dlp_policy = double('dlp_policy', :enabled => true)
 
               expect(TCellAgent::Instrumentation).to receive(:safe_block_no_log).with(
                 'Handling DLP log message filtering'
               ).and_call_original
               expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::DATALOSS).and_return(
-                double('dlp_policy')
+                dlp_policy
               )
               expect(TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS).to receive(
                 :fetch

data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb

@@ -15,27 +15,28 @@ module TCellAgent
               'transaction_id',
               'http://test.com/'
             )
-            @appsensor_meta_event = TCellAgent::SensorEvents::AppSensorMetaEvent.new(
-              @meta_data
-            )
           end
 
           context 'zero content length' do
-            it 'appsensor_meta_event should be enqueued for processing' do
+            it 'appfirewall injections should be checked' do
               tcell_body_proxy = TCellBodyProxy.new(
                 Rack::BodyProxy.new(['body']) {},
                 true,
                 nil, nil, nil, nil
               )
-              tcell_body_proxy.appsensor_meta_event = @appsensor_meta_event
+              tcell_body_proxy.meta_data = @meta_data
 
               tcell_body_proxy.content_length = 0
 
+              appfirewall_policy = double('appfirewall_policy')
               expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
                 'Running AppSensor deferred due to streaming'
               ).and_call_original
-              expect(TCellAgent).to receive(:send_event).with(
-                @appsensor_meta_event
+              expect(TCellAgent).to receive(:policy).with(
+                TCellAgent::PolicyTypes::APPSENSOR
+              ).and_return(appfirewall_policy)
+              expect(appfirewall_policy).to receive(:check_appfirewall_injections).with(
+                @meta_data
               )
 
               tcell_body_proxy.close
@@ -43,26 +44,30 @@ module TCellAgent
           end
 
           context 'non zero content length' do
-            it 'appsensor_meta_event should be enqueued for processing' do
+            it 'should check for appfirewall injections' do
               tcell_body_proxy = TCellBodyProxy.new(
                 Rack::BodyProxy.new(['body']) {},
                 true,
                 nil, nil, nil, nil
               )
-              tcell_body_proxy.appsensor_meta_event = @appsensor_meta_event
+              tcell_body_proxy.meta_data = @meta_data
 
               tcell_body_proxy.content_length = 512
 
+              appfirewall_policy = double('appfirewall_policy')
               expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
                 'Running AppSensor deferred due to streaming'
               ).and_call_original
-              expect(TCellAgent).to receive(:send_event).with(
-                @appsensor_meta_event
+              expect(TCellAgent).to receive(:policy).with(
+                TCellAgent::PolicyTypes::APPSENSOR
+              ).and_return(appfirewall_policy)
+              expect(appfirewall_policy).to receive(:check_appfirewall_injections).with(
+                @meta_data
               )
 
               tcell_body_proxy.close
 
-              expect(@appsensor_meta_event.meta_data.response_content_bytes_len).to eq(512)
+              expect(@meta_data.response_content_bytes_len).to eq(512)
             end
           end
         end