tcell_agent 1.1.12 → 2.0.0

data/lib/tcell_agent/appsensor/injections_reporter.rb

@@ -1,24 +0,0 @@
-require 'tcell_agent/sensor_events/appsensor_event'
-
-module TCellAgent
-  module AppSensor
-    module InjectionsReporter
-      def self.report_and_log(events)
-        (events || []).each do |event|
-          TCellAgent.send_event(
-            TCellAgent::SensorEvents::TCellAppSensorEvent.build_from_native_lib_event(event)
-          )
-
-          next unless event.key?('full_payload')
-          event_to_log = {}.merge(event)
-          event_to_log['payload'] = event_to_log.delete('full_payload')
-
-          cleaned_event = TCellAgent::SensorEvents::TCellAppSensorEvent.build_from_native_lib_event(
-            event_to_log
-          )
-          TCellAgent.logger.info(JSON.dump(cleaned_event))
-        end
-      end
-    end
-  end
-end

data/lib/tcell_agent/config/child_process_events.rb

@@ -1,8 +0,0 @@
-# Forces event manager to start in child processes
-# Conditionally loaded based on config
-class << TCellAgent::Agent
-  alias_method :tcell_parent_process?, :parent_process?
-  def parent_process?
-    true
-  end
-end

data/lib/tcell_agent/instrumentation/cmdi/backtick.rb

@@ -1,10 +0,0 @@
-module Kernel
-  alias_method :tcell_original_backtick, :`
-  def `(cmd)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-
-    tcell_original_backtick(cmd)
-  end
-end

data/lib/tcell_agent/instrumentation/cmdi/exec.rb

@@ -1,14 +0,0 @@
-module Kernel
-  alias_method :tcell_original_exec, :exec
-
-  private
-
-  def exec(*args)
-    cmd = TCellAgent::Cmdi.parse_command(*args)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-
-    tcell_original_exec(*args)
-  end
-end

data/lib/tcell_agent/instrumentation/cmdi/popen.rb

@@ -1,28 +0,0 @@
-class IO
-  class << self
-    alias_method :tcell_original_popen, :popen
-    def popen(*args, &block)
-      unless args.empty?
-        cmd = ''
-
-        TCellAgent::Instrumentation.safe_block('CMDI Parsing popen *args') do
-          args_copy = Array.new(args)
-          args_copy.shift if args_copy.first.is_a?(Hash)
-          args_copy.pop if args_copy.last.is_a?(Hash)
-
-          cmd = if args_copy.first.is_a?(String)
-                  args_copy.shift
-                else
-                  TCellAgent::Cmdi.parse_command(*args_copy.shift)
-                end
-        end
-
-        if TCellAgent::Cmdi.block_command?(cmd)
-          raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-
-      tcell_original_popen(*args, &block)
-    end
-  end
-end

data/lib/tcell_agent/instrumentation/cmdi/spawn.rb

@@ -1,11 +0,0 @@
-module Kernel
-  alias_method :tcell_original_spawn, :spawn
-  def spawn(*args)
-    cmd = TCellAgent::Cmdi.parse_command(*args)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-
-    tcell_original_spawn(*args)
-  end
-end

data/lib/tcell_agent/instrumentation/cmdi/system.rb

@@ -1,11 +0,0 @@
-module Kernel
-  alias_method :tcell_original_system, :system
-  def system(*args)
-    cmd = TCellAgent::Cmdi.parse_command(*args)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-
-    tcell_original_system(*args)
-  end
-end

data/lib/tcell_agent/policies/http_tx_policy.rb

@@ -1,60 +0,0 @@
-# {}"http-tx": {
-#        "policy_id":"afh023",
-#        "types": {
-#               "firehose": { enabled: true },
-# {}"auth_framework_only": {enabled: true},
-# {}"{}structure": {enabled: true },
-# {}"fingerprint": {enabled: true }
-# }
-# },
-
-require 'tcell_agent/policies/policy'
-
-module TCellAgent
-  module Policies
-    class HttpTxPolicy < Policy
-      attr_accessor :policy_id, :firehose, :auth_framework, :profile, :fingerprint
-
-      def initialize
-        @firehose = { 'enabled' => false, 'lite' => false }
-        @auth_framework = { 'enabled' => false, 'lite' => false }
-        @profile = { 'enabled' => false }
-        @fingerprint = { 'enabled' => false, 'hmacUserAgent' => false, 'hmacUserId' => false, 'sampling' => nil }
-      end
-
-      def self.from_json(policy_json)
-        return nil unless policy_json
-        http_tx_policy = HttpTxPolicy.new
-
-        http_tx_policy.policy_id = policy_json['policy_id']
-        raise 'Policy ID missing' unless http_tx_policy.policy_id
-
-        types = policy_json['types']
-        return http_tx_policy unless types
-
-        if types.key?('firehose')
-          http_tx_policy.firehose['enabled'] = types['firehose'].fetch('enabled', false)
-          http_tx_policy.firehose['lite'] = types['firehose'].fetch('lite', false)
-        end
-
-        if types.key?('auth_framework')
-          http_tx_policy.auth_framework['enabled'] = types['auth_framework'].fetch('enabled', false)
-          http_tx_policy.auth_framework['lite'] = types['auth_framework'].fetch('lite', false)
-        end
-
-        if types.key?('profile')
-          http_tx_policy.profile['enabled'] = types['profile'].fetch('enabled', false)
-        end
-
-        if types.key?('fingerprint')
-          http_tx_policy.fingerprint['enabled'] = types['fingerprint'].fetch('enabled', false)
-          http_tx_policy.fingerprint['hmacUserAgent'] = types['fingerprint'].fetch('hmacUserAgent', false)
-          http_tx_policy.fingerprint['hmacUserId'] = types['fingerprint'].fetch('hmacUserId', false)
-          http_tx_policy.fingerprint['sampling'] = types['fingerprint'].fetch('sampling', 0)
-        end
-
-        http_tx_policy
-      end
-    end
-  end
-end

data/lib/tcell_agent/policies/login_fraud_policy.rb

@@ -1,45 +0,0 @@
-require 'tcell_agent/policies/policy'
-
-module TCellAgent
-  module Policies
-    class LoginFraudPolicy < Policy
-      attr_accessor :policy_id
-
-      attr_accessor :login_success_enabled
-      attr_accessor :login_failed_enabled
-      attr_accessor :session_hijacking_metrics
-
-      def initialize
-        init_options
-      end
-
-      def init_options
-        @policy_id = nil
-        @login_success_enabled = false
-        @login_failed_enabled = false
-        @session_hijacking_metrics = false
-      end
-
-      def enabled
-        @login_success_enabled || @login_failed_enabled
-      end
-
-      def self.from_json(policy_json)
-        return nil unless policy_json
-        sensor_policy = LoginFraudPolicy.new
-
-        sensor_policy.policy_id = policy_json['policy_id']
-        raise 'Policy ID missing' unless sensor_policy.policy_id
-
-        options_json = (policy_json['data'] || {})['options']
-        return sensor_policy unless options_json
-
-        sensor_policy.login_failed_enabled = options_json.fetch('login_failed_enabled', false)
-        sensor_policy.login_success_enabled = options_json.fetch('login_success_enabled', false)
-        sensor_policy.session_hijacking_metrics = options_json.fetch('session_hijacking_enabled', false)
-
-        sensor_policy
-      end
-    end
-  end
-end

data/lib/tcell_agent/policies/rust_policies.rb

@@ -1,110 +0,0 @@
-require 'tcell_agent/appsensor/injections_reporter'
-require 'tcell_agent/instrumentation'
-require 'tcell_agent/policies/policy'
-require 'tcell_agent/rust/models'
-require 'tcell_agent/rust/whisperer'
-require 'tcell_agent/sensor_events/command_injection'
-require 'tcell_agent/sensor_events/patches'
-
-module TCellAgent
-  module Policies
-    class RustPolicies < Policy
-      attr_reader :appfirewall_enabled, :patches_enabled, :cmdi_enabled
-
-      def initialize
-        @appfirewall_enabled = false
-        @patches_enabled = false
-        @cmdi_enabled = false
-        @headers_enabled = false
-        @jsagent_enabled = false
-        @agent_ptr = nil
-
-        whisper = TCellAgent::Rust::Whisperer.create_agent
-        if whisper['error']
-          TCellAgent.logger.error("Error initializing policies: #{whisper['error']}")
-        else
-          @agent_ptr = whisper['agent_ptr']
-        end
-      end
-
-      def update_policies(policies_json)
-        return if @agent_ptr.nil? || policies_json.nil? || policies_json.empty?
-
-        whisper = TCellAgent::Rust::Whisperer.update_policies(@agent_ptr, policies_json)
-        if whisper['errors']
-          whisper['errors'].each do |error|
-            TCellAgent.logger.error("Error updating policies: #{error}")
-          end
-        else
-          enablements = whisper['enablements']
-          @appfirewall_enabled = enablements['appfirewall']
-          @patches_enabled = enablements['patches']
-          @cmdi_enabled = enablements['cmdi']
-          @headers_enabled = enablements['headers']
-          @jsagent_enabled = enablements['jsagentinjection']
-        end
-      end
-
-      def block_request?(appsensor_meta)
-        return false unless @agent_ptr && @patches_enabled
-
-        whisper = TCellAgent::Rust::Whisperer.apply_patches(@agent_ptr, appsensor_meta)
-        if whisper['error']
-          TCellAgent.logger.error("Error processing patches: #{whisper['error']}")
-        else
-          response = whisper['apply_response']
-          if response && response['status'] == 'Blocked'
-            patches_event = TCellAgent::SensorEvents::PatchesEvent.new(response, appsensor_meta)
-            TCellAgent.send_event(patches_event)
-            return true
-          end
-        end
-
-        false
-      end
-
-      def check_appfirewall_injections(appsensor_meta)
-        return unless @agent_ptr && @appfirewall_enabled
-
-        TCellAgent::Instrumentation.safe_block('AppSensor inspection') do
-          whisper = TCellAgent::Rust::Whisperer.apply_appfirewall(@agent_ptr, appsensor_meta)
-          TCellAgent::AppSensor::InjectionsReporter.report_and_log(whisper['apply_response'])
-        end
-      end
-
-      def block_command?(command, tcell_context)
-        return false unless @agent_ptr &&
-                            @cmdi_enabled &&
-                            TCellAgent.safe_to_send_cmdi_events?
-        whisper = TCellAgent::Rust::Whisperer.apply_cmdi(
-          @agent_ptr, command, tcell_context
-        )
-        apply_response = whisper.fetch('apply_response', {})
-        cmdi_event =
-          TCellAgent::SensorEvents::CommandInjectionEvent.build_from_native_lib_response_and_tcell_context(apply_response,
-                                                                                                           tcell_context)
-        TCellAgent.send_event(cmdi_event) if cmdi_event
-
-        apply_response.fetch('blocked', false)
-      end
-
-      def get_headers(tcell_context)
-        return [] unless @agent_ptr &&
-                         @headers_enabled
-        whisper = TCellAgent::Rust::Whisperer.get_headers(
-          @agent_ptr, tcell_context
-        )
-        whisper['headers'] || []
-      end
-
-      def get_js_agent_script_tag(tcell_context)
-        return nil unless @agent_ptr &&
-                          @jsagent_enabled
-        whisper = TCellAgent::Rust::Whisperer.get_js_agent_script_tag(
-          @agent_ptr, tcell_context
-        )
-        whisper['script_tag']
-      end
-    end
-  end
-end

data/lib/tcell_agent/rails.rb

@@ -1,40 +0,0 @@
-# See the file "LICENSE" for the full license governing this code.
-
-require 'rails'
-require 'uri'
-require 'tcell_agent/agent'
-require 'tcell_agent/sensor_events/sensor'
-require 'tcell_agent/sensor_events/server_agent'
-require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-
-require 'tcell_agent/rails/better_ip'
-require 'tcell_agent/rails/middleware/global_middleware'
-require 'tcell_agent/rails/middleware/body_filter_middleware'
-require 'tcell_agent/rails/middleware/headers_middleware'
-require 'tcell_agent/rails/middleware/context_middleware'
-
-require 'tcell_agent/rails/settings_reporter'
-require 'tcell_agent/rails/dlp'
-require 'tcell_agent/rails/csrf_exception'
-
-require 'tcell_agent/userinfo'
-require 'cgi'
-require 'thread'
-
-module TCellAgent
-  class Railtie < Rails::Railtie
-    initializer 'tcell_agent.insert_middleware' do |app|
-      app.config.to_prepare do
-        require 'tcell_agent/devise' if defined?(Devise)
-        require 'tcell_agent/rails/auth/devise' if defined?(Devise)
-        require 'tcell_agent/authlogic' if defined?(Authlogic)
-        require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
-        require 'tcell_agent/rails/auth/doorkeeper'
-      end
-      app.config.middleware.insert_before(0, TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware)
-      app.config.middleware.insert_after(0, TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware)
-      app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::BodyFilterMiddleware
-      app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware
-    end
-  end
-end

data/lib/tcell_agent/rust/whisperer.rb

@@ -1,308 +0,0 @@
-require 'tcell_agent/rust/models'
-require 'tcell_agent/logger'
-
-module TCellAgent
-  module Rust
-    require 'ffi'
-
-    module Wrapper
-      extend FFI::Library
-
-      VERSION = '1.3.2'.freeze
-      prefix = 'lib'
-      extension = '.so'
-      variant = ''
-      if /cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM
-        extension = '.dll'
-        prefix = ''
-      elsif /darwin/ =~ RUBY_PLATFORM
-        extension = '.dylib'
-      elsif /musl/ =~ RUBY_PLATFORM
-        variant = 'alpine-'
-      end
-
-      begin
-        ffi_lib File.join(File.dirname(__FILE__),
-                          "#{prefix}tcellagent-#{variant}#{VERSION}#{extension}")
-
-        # All the rust library calls have the following response api:
-        #
-        # result [int]: 0+ length of buffer_out answer
-        #               -1 general error
-        #               -2 buffer_out is not big enough for response
-        #               -3 buffer_out is null
-
-        attach_function :create_agent, %i[pointer size_t pointer size_t], :int
-        attach_function :free_agent, [:pointer], :int
-        attach_function :update_policies, %i[pointer pointer size_t pointer size_t], :int
-        attach_function :appfirewall_apply, %i[pointer pointer size_t pointer size_t], :int
-        attach_function :patches_apply, %i[pointer pointer size_t pointer size_t], :int
-        attach_function :cmdi_apply, %i[pointer pointer size_t pointer size_t], :int
-        attach_function :get_headers, %i[pointer pointer size_t pointer size_t], :int
-        attach_function :get_js_agent_script_tag, %i[pointer pointer size_t pointer size_t], :int
-
-        def self.common_lib_available?
-          true
-        end
-      rescue LoadError => load_error
-        puts "tCell.io Failed to load common agent library. #{load_error.message}"
-        TCellAgent.logger.error("Failed to load common agent library. #{load_error.message}")
-        TCellAgent.logger.debug(load_error.backtrace)
-
-        def self.common_lib_available? # rubocop:disable Lint/DuplicateMethods
-          false
-        end
-      end
-    end
-
-    module Whisperer
-      def self.convert_result(function_called, result_size, result)
-        if result_size < 0
-          TCellAgent.logger.error(
-            "Error response from `#{function_called}` in native library: #{result_size}"
-          )
-        else
-          begin
-            response = JSON.parse(result.get_string(0, result_size))
-            if response['error']
-              TCellAgent.logger.error("#{function_called} returned an error: #{response['error']}")
-              response = {}
-            end
-
-            return response
-          rescue JSON::ParserError
-            # don't log the actual error since it might contain payload information
-            TCellAgent.logger.error(
-              "Could not parse json response from `#{function_called}` in native library."
-            )
-          end
-        end
-
-        {}
-      end
-
-      def self.create_agent
-        if TCellAgent::Rust::Wrapper.common_lib_available?
-          agent_config = {
-            'skip_logger' => true,
-            'application' => {
-              'app_id' => TCellAgent.configuration.app_id,
-              'api_key' =>  TCellAgent.configuration.api_key,
-              'allow_payloads' => !!TCellAgent.configuration.allow_payloads, # rubocop:disable Style/DoubleNegation
-              'js_agent_api_base_url' => TCellAgent.configuration.js_agent_api_base_url,
-              'js_agent_url' => TCellAgent.configuration.js_agent_url
-            },
-            'appfirewall' => {
-              'enable_body_xxe_inspection' => true,
-              'enable_body_json_inspection' => true,
-              'allow_log_payloads' => true
-            },
-            'policy_versions' => {
-              'patches' => 1,
-              'login' => 1,
-              'appsensor' => 2,
-              'regex' => 1,
-              'csp-headers' => 1,
-              'http-redirect' => 1,
-              'clickjacking' => 1,
-              'secure-headers' => 1,
-              'canaries' => 1,
-              'dlp' => 1,
-              'cmdi' => 1,
-              'jsagentinjection' => 1
-            },
-            'max_header_size' => TCellAgent.configuration.max_csp_header_bytes || (1024 * 1024)
-          }
-          config_pointer = FFI::MemoryPointer.from_string(
-            JSON.dump(agent_config)
-          )
-
-          buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
-          # config_pointer.size - 1: strips null terminator
-          result_size = TCellAgent::Rust::Wrapper.create_agent(
-            config_pointer, config_pointer.size - 1, buf, buf.size
-          )
-          return convert_result('create_agent', result_size, buf)
-        end
-
-        {}
-      end
-
-      def self.free_agent(agent_ptr)
-        if TCellAgent::Rust::Wrapper.common_lib_available? &&
-           agent_ptr
-          TCellAgent::Rust::Wrapper.free_agent(
-            FFI::Pointer.new(agent_ptr)
-          )
-        end
-      end
-
-      def self.update_policies(agent_ptr, policies)
-        if TCellAgent::Rust::Wrapper.common_lib_available? &&
-           agent_ptr &&
-           TCellAgent::Utils::Strings.present?(policies)
-          policies_pointer = FFI::MemoryPointer.from_string(
-            JSON.dump(policies)
-          )
-
-          buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
-          # policies_pointer.size - 1: strips null terminator
-          result_size = TCellAgent::Rust::Wrapper.update_policies(
-            FFI::Pointer.new(agent_ptr),
-            policies_pointer,
-            policies_pointer.size - 1,
-            buf,
-            buf.size
-          )
-          return convert_result('update_policies', result_size, buf)
-        end
-
-        {}
-      end
-
-      def self.apply_appfirewall(agent_ptr, appsensor_meta)
-        if TCellAgent::Rust::Wrapper.common_lib_available? &&
-           agent_ptr &&
-           appsensor_meta
-          request_response_json = TCellAgent::Rust::Models.create_request_response(
-            appsensor_meta
-          )
-          request_response_pointer = FFI::MemoryPointer.from_string(
-            JSON.dump(request_response_json)
-          )
-
-          buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
-          # request_response_pointer.size - 1: strips null terminator
-          result_size = TCellAgent::Rust::Wrapper.appfirewall_apply(
-            FFI::Pointer.new(agent_ptr),
-            request_response_pointer,
-            request_response_pointer.size - 1,
-            buf,
-            buf.size
-          )
-          return convert_result('apply_appfirewall', result_size, buf)
-        end
-
-        {}
-      end
-
-      def self.apply_patches(agent_ptr, appsensor_meta)
-        if TCellAgent::Rust::Wrapper.common_lib_available? &&
-           agent_ptr &&
-           appsensor_meta
-          patches_request_json = TCellAgent::Rust::Models.create_patches_request(
-            appsensor_meta
-          )
-          patches_request_pointer = FFI::MemoryPointer.from_string(
-            JSON.dump(patches_request_json)
-          )
-
-          buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
-          # patches_request_pointer.size - 1: strips null terminator
-          result_size = TCellAgent::Rust::Wrapper.patches_apply(
-            FFI::Pointer.new(agent_ptr),
-            patches_request_pointer,
-            patches_request_pointer.size - 1,
-            buf,
-            buf.size
-          )
-          return convert_result('apply_patches', result_size, buf)
-        end
-
-        {}
-      end
-
-      def self.apply_cmdi(agent_ptr, command, tcell_context)
-        if TCellAgent::Rust::Wrapper.common_lib_available? &&
-           agent_ptr &&
-           TCellAgent::Utils::Strings.present?(command)
-          method = tcell_context && tcell_context.request_method
-          path = tcell_context && tcell_context.path
-          command_info = {
-            'command' => command,
-            'method' => method,
-            'path' => path
-          }
-          command_pointer = FFI::MemoryPointer.from_string(
-            JSON.dump(command_info)
-          )
-
-          buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
-          # patches_request_pointer.size - 1: strips null terminator
-          result_size = TCellAgent::Rust::Wrapper.cmdi_apply(
-            FFI::Pointer.new(agent_ptr),
-            command_pointer,
-            command_pointer.size - 1,
-            buf,
-            buf.size
-          )
-          return convert_result('apply_cmdi', result_size, buf)
-        end
-
-        {}
-      end
-
-      def self.get_headers(agent_ptr, tcell_context)
-        if TCellAgent::Rust::Wrapper.common_lib_available? &&
-           agent_ptr &&
-           tcell_context
-          method = tcell_context.request_method
-          path = tcell_context.path
-          route_id = tcell_context.route_id
-          session_id = tcell_context.hmac_session_id
-          headers_request = {
-            :method => method,
-            :path => path,
-            :route_id => route_id && route_id.to_s,
-            :session_id => session_id && session_id.to_s
-          }
-          headers_request_pointer = FFI::MemoryPointer.from_string(
-            JSON.dump(headers_request)
-          )
-
-          buf = FFI::MemoryPointer.new(:uint8, 1024 * 16)
-          # patches_request_pointer.size - 1: strips null terminator
-          result_size = TCellAgent::Rust::Wrapper.get_headers(
-            FFI::Pointer.new(agent_ptr),
-            headers_request_pointer,
-            headers_request_pointer.size - 1,
-            buf,
-            buf.size
-          )
-          return convert_result('get_headers', result_size, buf)
-        end
-
-        {}
-      end
-
-      def self.get_js_agent_script_tag(agent_ptr, tcell_context)
-        if TCellAgent::Rust::Wrapper.common_lib_available? &&
-           agent_ptr &&
-           tcell_context
-          method = tcell_context.request_method
-          path = tcell_context.path
-          jsagent_request = {
-            :method => method,
-            :path => path
-          }
-          jsagent_request_pointer = FFI::MemoryPointer.from_string(
-            JSON.dump(jsagent_request)
-          )
-
-          buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
-          # patches_request_pointer.size - 1: strips null terminator
-          result_size = TCellAgent::Rust::Wrapper.get_js_agent_script_tag(
-            FFI::Pointer.new(agent_ptr),
-            jsagent_request_pointer,
-            jsagent_request_pointer.size - 1,
-            buf,
-            buf.size
-          )
-          return convert_result('get_js_agent_script_tag', result_size, buf)
-        end
-
-        {}
-      end
-    end
-  end
-end