tcell_agent 1.1.12 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (163) hide show
  1. checksums.yaml +5 -5
  2. data/bin/tcell_agent +26 -14
  3. data/lib/tcell_agent.rb +16 -10
  4. data/lib/tcell_agent/agent.rb +78 -97
  5. data/lib/tcell_agent/agent/route_manager.rb +0 -16
  6. data/lib/tcell_agent/agent/static_agent.rb +9 -30
  7. data/lib/tcell_agent/authlogic.rb +3 -6
  8. data/lib/tcell_agent/config/unknown_options.rb +4 -8
  9. data/lib/tcell_agent/configuration.rb +38 -119
  10. data/lib/tcell_agent/devise.rb +25 -27
  11. data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
  12. data/lib/tcell_agent/instrument_servers.rb +25 -0
  13. data/lib/tcell_agent/instrumentation.rb +12 -10
  14. data/lib/tcell_agent/instrumentation/cmdi.rb +19 -15
  15. data/lib/tcell_agent/instrumentation/lfi.rb +73 -0
  16. data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
  17. data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +123 -0
  18. data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +159 -0
  19. data/lib/tcell_agent/logger.rb +50 -114
  20. data/lib/tcell_agent/patches.rb +6 -7
  21. data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
  22. data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
  23. data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
  24. data/lib/tcell_agent/policies/headers_policy.rb +25 -0
  25. data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
  26. data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
  27. data/lib/tcell_agent/policies/local_file_access.rb +28 -0
  28. data/lib/tcell_agent/policies/login_policy.rb +43 -0
  29. data/lib/tcell_agent/policies/patches_policy.rb +27 -0
  30. data/lib/tcell_agent/policies/policies_manager.rb +68 -0
  31. data/lib/tcell_agent/policies/policy_polling.rb +58 -0
  32. data/lib/tcell_agent/policies/policy_types.rb +14 -0
  33. data/lib/tcell_agent/policies/system_enablements.rb +27 -0
  34. data/lib/tcell_agent/rails/auth/authlogic.rb +43 -68
  35. data/lib/tcell_agent/rails/auth/devise.rb +20 -23
  36. data/lib/tcell_agent/rails/auth/doorkeeper.rb +63 -74
  37. data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
  38. data/lib/tcell_agent/rails/dlp.rb +25 -15
  39. data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
  40. data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
  41. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
  42. data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
  43. data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
  44. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
  45. data/lib/tcell_agent/rails/on_start.rb +32 -31
  46. data/lib/tcell_agent/rails/routes.rb +7 -6
  47. data/lib/tcell_agent/rails/routes/grape.rb +1 -3
  48. data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
  49. data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
  50. data/lib/tcell_agent/rails/start_agent_after_initializers.rb +12 -0
  51. data/lib/tcell_agent/rails/tcell_body_proxy.rb +6 -4
  52. data/lib/tcell_agent/rust/agent_config.rb +49 -0
  53. data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-4.14.0.dylib} +0 -0
  54. data/lib/tcell_agent/rust/libtcellagent-4.14.0.so +0 -0
  55. data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-alpine-4.14.0.so} +0 -0
  56. data/lib/tcell_agent/rust/models.rb +0 -55
  57. data/lib/tcell_agent/rust/native_agent.rb +531 -0
  58. data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
  59. data/lib/tcell_agent/rust/native_library.rb +68 -0
  60. data/lib/tcell_agent/rust/tcellagent-4.14.0.dll +0 -0
  61. data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
  62. data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
  63. data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
  64. data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
  65. data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
  66. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
  67. data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
  68. data/lib/tcell_agent/servers/passenger.rb +1 -28
  69. data/lib/tcell_agent/servers/puma.rb +3 -21
  70. data/lib/tcell_agent/servers/rails_server.rb +1 -1
  71. data/lib/tcell_agent/servers/thin.rb +2 -2
  72. data/lib/tcell_agent/servers/unicorn.rb +19 -80
  73. data/lib/tcell_agent/servers/webrick.rb +1 -1
  74. data/lib/tcell_agent/settings_reporter.rb +24 -24
  75. data/lib/tcell_agent/sinatra.rb +14 -16
  76. data/lib/tcell_agent/tcell_context.rb +40 -14
  77. data/lib/tcell_agent/utils/headers.rb +14 -0
  78. data/lib/tcell_agent/version.rb +1 -1
  79. data/spec/lib/tcell_agent/cmdi_spec.rb +0 -585
  80. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -18
  81. data/spec/lib/tcell_agent/configuration_spec.rb +4 -140
  82. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
  83. data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
  84. data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
  85. data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
  86. data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +556 -0
  87. data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +249 -0
  88. data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +105 -0
  89. data/spec/lib/tcell_agent/patches_spec.rb +25 -43
  90. data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
  91. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
  92. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
  93. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
  94. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
  95. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
  96. data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
  97. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
  98. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
  99. data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
  100. data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
  101. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
  102. data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
  103. data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
  104. data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
  105. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
  106. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
  107. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
  108. data/spec/lib/tcell_agent/settings_reporter_spec.rb +127 -153
  109. data/spec/spec_helper.rb +1 -1
  110. data/spec/support/builders.rb +104 -0
  111. data/spec/support/force_logger_mocking.rb +38 -0
  112. data/spec/support/resources/lfi_sample_file.txt +2 -0
  113. data/spec/support/static_agent_overrides.rb +0 -15
  114. metadata +63 -74
  115. data/lib/tcell_agent/agent/event_processor.rb +0 -326
  116. data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
  117. data/lib/tcell_agent/agent/policy_manager.rb +0 -219
  118. data/lib/tcell_agent/agent/policy_types.rb +0 -30
  119. data/lib/tcell_agent/api.rb +0 -91
  120. data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
  121. data/lib/tcell_agent/config/child_process_events.rb +0 -8
  122. data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
  123. data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
  124. data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
  125. data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
  126. data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
  127. data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
  128. data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
  129. data/lib/tcell_agent/policies/rust_policies.rb +0 -110
  130. data/lib/tcell_agent/rails.rb +0 -40
  131. data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
  132. data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
  133. data/lib/tcell_agent/rust/whisperer.rb +0 -308
  134. data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
  135. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
  136. data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
  137. data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
  138. data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
  139. data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
  140. data/lib/tcell_agent/sensor_events/patches.rb +0 -21
  141. data/lib/tcell_agent/start_background_thread.rb +0 -55
  142. data/lib/tcell_agent/system_info.rb +0 -11
  143. data/lib/tcell_agent/utils/io.rb +0 -38
  144. data/lib/tcell_agent/utils/passwords.rb +0 -28
  145. data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
  146. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
  147. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
  148. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
  149. data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
  150. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
  151. data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
  152. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
  153. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
  154. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
  155. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
  156. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
  157. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
  158. data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
  159. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
  160. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
  161. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
  162. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
  163. data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb DELETED
@@ -1,517 +0,0 @@
1
- require 'spec_helper'
2
-
3
- module TCellAgent
4
- module Policies
5
- describe RustPolicies do
6
- everything_enabled_policy_json = {
7
- 'appsensor' => {
8
- 'policy_id' => '01a1',
9
- 'version' => 2,
10
- 'data' => {
11
- 'options' => {
12
- 'uri_options' => {
13
- 'collect_full_uri' => true
14
- },
15
- 'payloads' => {
16
- 'send_payloads' => true,
17
- 'send_blacklist' => {
18
- 'ssn' => ['*'],
19
- 'password' => ['*']
20
- },
21
- 'send_whitelist' => {},
22
- 'log_payloads' => true,
23
- 'log_blacklist' => {},
24
- 'log_whitelist' => {
25
- 'username' => ['*']
26
- }
27
- }
28
- },
29
- 'sensors' => {
30
- 'req_size' => {
31
- 'limit' => 1024,
32
- 'exclude_routes' => ['2300']
33
- },
34
- 'resp_size' => {
35
- 'limit' => 2048,
36
- 'exclude_routes' => ['2323']
37
- },
38
- 'resp_codes' => {
39
- 'series_400_enabled' => true,
40
- 'series_500_enabled' => true
41
- },
42
- 'xss' => {
43
- 'libinjection' => true,
44
- 'patterns' => %w[1 2 8],
45
- 'exclusions' => {
46
- 'bob' => ['*']
47
- }
48
- },
49
- 'sqli' => {
50
- 'libinjection' => true,
51
- 'exclude_headers' => true,
52
- 'patterns' => ['1']
53
- },
54
- 'fpt' => {
55
- 'patterns' => %w[1 2],
56
- 'exclude_forms' => true,
57
- 'exclude_cookies' => true,
58
- 'exclusions' => {
59
- 'somethingcommon' => ['form']
60
- }
61
- },
62
- 'cmdi' => {
63
- 'patterns' => %w[1 2]
64
- },
65
- 'nullbyte' => {
66
- 'patterns' => %w[1 2]
67
- },
68
- 'retr' => {
69
- 'patterns' => %w[1 2]
70
- },
71
- 'ua' => {
72
- 'empty_enabled' => true
73
- },
74
- 'errors' => {
75
- 'csrf_exception_enabled' => true,
76
- 'sql_exception_enabled' => true
77
- },
78
- 'database' => {
79
- 'large_result' => {
80
- 'limit' => 10
81
- }
82
- }
83
- }
84
- }
85
- },
86
- 'regex' => {
87
- 'data' => {
88
- 'patterns' => [
89
- {
90
- 'id' => 'tc-xss-1',
91
- 'pattern' => '(?:<(script))',
92
- 'sensor' => 'xss',
93
- 'title' => 'Basic Injection'
94
- },
95
- {
96
- 'safe_pattern' => '^[a-zA-Z0-9_\\s\\r\\n\\t]*$',
97
- 'pattern' => '(?:[\\s()]case\\s*\\()|(?:\\)\\s*like\\s*\\()|(?:having\\s*[^\\s]+\\s*[^\\w\\s])|(?:if\\s?\\([\\d\\w]\\s*[=<>~])',
98
- 'sensor' => 'sqli',
99
- 'id' => 'tc-sqli-1',
100
- 'title' => 'Conditional Attempts'
101
- }
102
- ],
103
- 'version' => 1_518_546_622_571
104
- },
105
- 'policy_id' => 'f3a313b0-10eb-11e8-8080-808080808080',
106
- 'version' => 1
107
- }
108
- }
109
-
110
- describe '#update_policies' do
111
- before(:each) do
112
- configuration = double(
113
- 'configuration',
114
- {
115
- 'app_id' => 'app_id',
116
- 'api_key' => 'api_key',
117
- 'allow_payloads' => true,
118
- 'js_agent_api_base_url' => 'http://api.tcell.com/',
119
- 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
120
- 'max_csp_header_bytes' => nil
121
- }
122
- )
123
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
124
- @rust_policies = RustPolicies.new
125
- end
126
-
127
- context 'with v2 policy' do
128
- context 'that is missing a policy id' do
129
- it 'should have appfirewall disabled' do
130
- logger = double('logger')
131
-
132
- expect(TCellAgent).to receive(:logger).and_return(logger)
133
- expect(logger).to receive(:error).with(
134
- 'Error updating policies: Failed to decode appsensor policy: missing field `policy_id`'
135
- )
136
-
137
- @rust_policies.update_policies(
138
- {
139
- 'appsensor' => {
140
- 'version' => 2,
141
- 'data' => {}
142
- }
143
- }
144
- )
145
-
146
- expect(@rust_policies.appfirewall_enabled).to eq(false)
147
- end
148
- end
149
-
150
- context 'that is missing a version id' do
151
- it 'should have appfirewall disabled' do
152
- logger = double('logger')
153
-
154
- expect(TCellAgent).to receive(:logger).and_return(logger)
155
- expect(logger).to receive(:error).with(
156
- 'Error updating policies: Failed to decode appsensor policy: missing field `version`'
157
- )
158
-
159
- @rust_policies.update_policies(
160
- {
161
- 'appsensor' => {
162
- 'policy_id' => '01a1',
163
- 'data' => {}
164
- }
165
- }
166
- )
167
-
168
- expect(@rust_policies.appfirewall_enabled).to eq(false)
169
- end
170
- end
171
-
172
- context 'that has no sensors' do
173
- it 'should have all sensors disabled' do
174
- expect(TCellAgent).to_not receive(:logger)
175
-
176
- policy_json_empty = {
177
- 'appsensor' => {
178
- 'policy_id' => '01a1',
179
- 'version' => 2,
180
- 'data' => {
181
- }
182
- }
183
- }
184
-
185
- @rust_policies.update_policies(policy_json_empty)
186
-
187
- expect(@rust_policies.appfirewall_enabled).to eq(false)
188
- end
189
- end
190
-
191
- context 'that has empty sensors' do
192
- it 'should have all sensors disabled' do
193
- expect(TCellAgent).to_not receive(:logger)
194
-
195
- policy_json_empty = {
196
- 'appsensor' => {
197
- 'policy_id' => '01a1',
198
- 'version' => 2,
199
- 'data' => {
200
- 'sensors' => {}
201
- }
202
- }
203
- }
204
-
205
- @rust_policies.update_policies(policy_json_empty)
206
-
207
- expect(@rust_policies.appfirewall_enabled).to eq(true)
208
- end
209
- end
210
-
211
- context 'that only has xss enabled' do
212
- it 'should be enabled' do
213
- expect(TCellAgent).to_not receive(:logger)
214
-
215
- policy_json = {
216
- 'appsensor' => {
217
- 'policy_id' => '01a1',
218
- 'version' => 2,
219
- 'data' => {
220
- 'sensors' => {
221
- 'xss' => {
222
- 'libinjection' => true,
223
- 'patterns' => %w[1 2 8],
224
- 'exclusions' => {
225
- 'bob' => ['*']
226
- }
227
- }
228
- }
229
- }
230
- }
231
- }
232
-
233
- @rust_policies.update_policies(policy_json)
234
-
235
- expect(@rust_policies.appfirewall_enabled).to eq(true)
236
- end
237
- end
238
-
239
- context 'that has everything enabled' do
240
- it 'should be enabled' do
241
- expect(TCellAgent).to_not receive(:logger)
242
-
243
- @rust_policies.update_policies(everything_enabled_policy_json)
244
-
245
- expect(@rust_policies.appfirewall_enabled).to eq(true)
246
- end
247
- end
248
- end
249
- end
250
-
251
- describe '#check_appfirewall_injections' do
252
- context 'with everything enabled policy' do
253
- before(:each) do
254
- configuration = double(
255
- 'configuration',
256
- {
257
- 'enabled' => true,
258
- 'app_id' => 'app_id',
259
- 'api_key' => 'api_key',
260
- 'allow_payloads' => true,
261
- 'js_agent_api_base_url' => 'http://api.tcell.com/',
262
- 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
263
- 'max_csp_header_bytes' => nil
264
- }
265
- )
266
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
267
- @rust_policies = RustPolicies.new
268
- @rust_policies.update_policies(everything_enabled_policy_json)
269
- @meta_data = TCellAgent::MetaData.new(
270
- 'GET',
271
- '192.168.1.1',
272
- '12345',
273
- 'session_id',
274
- 'user_id',
275
- 'transaction_id',
276
- 'http://test.com/?some_param=present'
277
- )
278
- @meta_data.user_agent = 'Mozilla'
279
- @meta_data.response_code = 200
280
- end
281
-
282
- context 'csrf exception' do
283
- context 'nil csrf exception' do
284
- it 'should not send an event' do
285
- expect(TCellAgent).to_not receive(:send_event)
286
-
287
- @meta_data.csrf_exception_name = nil
288
- @rust_policies.check_appfirewall_injections(
289
- @meta_data
290
- )
291
- end
292
- end
293
-
294
- context 'empty csrf exception' do
295
- it 'should not send an event' do
296
- expect(TCellAgent).to_not receive(:send_event)
297
-
298
- @meta_data.csrf_exception_name = ''
299
- @rust_policies.check_appfirewall_injections(
300
- @meta_data
301
- )
302
- end
303
- end
304
-
305
- context 'one csrf exception' do
306
- it 'should send a csrf exception event' do
307
- expect(TCellAgent).to receive(:send_event).with(
308
- {
309
- 'event_type' => 'as',
310
- 'dp' => 'excsrf',
311
- 'param' => 'ActionController::InvalidAuthenticityToken',
312
- 'm' => 'GET',
313
- 'rid' => '12345',
314
- 'full_uri' => 'http://test.com/?some_param=present',
315
- 'uri' => 'http://test.com/?some_param=',
316
- 'uid' => 'user_id',
317
- 'sid' => 'session_id',
318
- 'remote_addr' => '192.168.1.1'
319
- }
320
- )
321
-
322
- @meta_data.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
323
- @rust_policies.check_appfirewall_injections(
324
- @meta_data
325
- )
326
- end
327
- end
328
- end
329
-
330
- context 'sql exception' do
331
- context 'empty sql exceptions' do
332
- it 'should not send an event' do
333
- expect(TCellAgent).to_not receive(:send_event)
334
-
335
- @meta_data.sql_exceptions = []
336
- @rust_policies.check_appfirewall_injections(
337
- @meta_data
338
- )
339
- end
340
- end
341
-
342
- context 'one sql exception' do
343
- it 'should send one event' do
344
- logger = double('logger')
345
-
346
- expect(TCellAgent).to receive(:logger).and_return(logger)
347
- expect(logger).to receive(:info)
348
- expect(TCellAgent).to receive(:send_event).with(
349
- {
350
- 'event_type' => 'as',
351
- 'dp' => 'exsql',
352
- 'param' => 'ActiveRecord::StatementInvalid',
353
- 'm' => 'GET',
354
- 'rid' => '12345',
355
- 'full_uri' => 'http://test.com/?some_param=present',
356
- 'uri' => 'http://test.com/?some_param=',
357
- 'uid' => 'user_id',
358
- 'sid' => 'session_id',
359
- 'remote_addr' => '192.168.1.1',
360
- 'payload' => 'exception message goes here'
361
- }
362
- )
363
-
364
- @meta_data.sql_exceptions = [{
365
- 'exception_name' => 'ActiveRecord::StatementInvalid',
366
- 'exception_payload' => 'exception message goes here'
367
- }]
368
- @rust_policies.check_appfirewall_injections(
369
- @meta_data
370
- )
371
- end
372
- end
373
-
374
- context 'multiple sql exception' do
375
- it 'should send multiple event' do
376
- logger = double('logger')
377
-
378
- expect(TCellAgent).to receive(:logger).and_return(logger).twice
379
- expect(logger).to receive(:info).twice
380
- expect(TCellAgent).to receive(:send_event).with(
381
- {
382
- 'event_type' => 'as',
383
- 'dp' => 'exsql',
384
- 'param' => 'ActiveRecord::StatementInvalid',
385
- 'm' => 'GET',
386
- 'rid' => '12345',
387
- 'full_uri' => 'http://test.com/?some_param=present',
388
- 'uri' => 'http://test.com/?some_param=',
389
- 'uid' => 'user_id',
390
- 'sid' => 'session_id',
391
- 'remote_addr' => '192.168.1.1',
392
- 'payload' => 'exception message goes here'
393
- }
394
- )
395
- expect(TCellAgent).to receive(:send_event).with(
396
- {
397
- 'event_type' => 'as',
398
- 'dp' => 'exsql',
399
- 'param' => 'ActiveRecord::StatementInvalid',
400
- 'm' => 'GET',
401
- 'rid' => '12345',
402
- 'full_uri' => 'http://test.com/?some_param=present',
403
- 'uri' => 'http://test.com/?some_param=',
404
- 'uid' => 'user_id',
405
- 'sid' => 'session_id',
406
- 'remote_addr' => '192.168.1.1',
407
- 'payload' => 'second exception message goes here'
408
- }
409
- )
410
-
411
- @meta_data.sql_exceptions = [
412
- {
413
- 'exception_name' => 'ActiveRecord::StatementInvalid',
414
- 'exception_payload' => 'exception message goes here'
415
- },
416
- {
417
- 'exception_name' => 'ActiveRecord::StatementInvalid',
418
- 'exception_payload' => 'second exception message goes here'
419
- }
420
- ]
421
- @rust_policies.check_appfirewall_injections(
422
- @meta_data
423
- )
424
- end
425
- end
426
- end
427
-
428
- context 'db max result' do
429
- context 'nil db max result' do
430
- it 'should not send an event' do
431
- expect(TCellAgent).to_not receive(:send_event)
432
-
433
- @meta_data.database_result_sizes = nil
434
- @rust_policies.check_appfirewall_injections(
435
- @meta_data
436
- )
437
- end
438
- end
439
-
440
- context 'empty db max result' do
441
- it 'should not send an event' do
442
- expect(TCellAgent).to_not receive(:send_event)
443
-
444
- @meta_data.database_result_sizes = []
445
- @rust_policies.check_appfirewall_injections(
446
- @meta_data
447
- )
448
- end
449
- end
450
-
451
- context 'one db max result' do
452
- it 'should send one event' do
453
- expect(TCellAgent).to receive(:send_event).with(
454
- {
455
- 'event_type' => 'as',
456
- 'dp' => 'dbmaxrows',
457
- 'm' => 'GET',
458
- 'meta' => { 'rows' => 1001 },
459
- 'rid' => '12345',
460
- 'full_uri' => 'http://test.com/?some_param=present',
461
- 'uri' => 'http://test.com/?some_param=',
462
- 'uid' => 'user_id',
463
- 'sid' => 'session_id',
464
- 'remote_addr' => '192.168.1.1'
465
- }
466
- )
467
-
468
- @meta_data.database_result_sizes = [1001]
469
- @rust_policies.check_appfirewall_injections(
470
- @meta_data
471
- )
472
- end
473
- end
474
-
475
- context 'multiple db max results' do
476
- it 'should send multiple event' do
477
- expect(TCellAgent).to receive(:send_event).with(
478
- {
479
- 'event_type' => 'as',
480
- 'dp' => 'dbmaxrows',
481
- 'm' => 'GET',
482
- 'meta' => { 'rows' => 1001 },
483
- 'rid' => '12345',
484
- 'full_uri' => 'http://test.com/?some_param=present',
485
- 'uri' => 'http://test.com/?some_param=',
486
- 'uid' => 'user_id',
487
- 'sid' => 'session_id',
488
- 'remote_addr' => '192.168.1.1'
489
- }
490
- )
491
- expect(TCellAgent).to receive(:send_event).with(
492
- {
493
- 'event_type' => 'as',
494
- 'dp' => 'dbmaxrows',
495
- 'm' => 'GET',
496
- 'meta' => { 'rows' => 1002 },
497
- 'rid' => '12345',
498
- 'full_uri' => 'http://test.com/?some_param=present',
499
- 'uri' => 'http://test.com/?some_param=',
500
- 'uid' => 'user_id',
501
- 'sid' => 'session_id',
502
- 'remote_addr' => '192.168.1.1'
503
- }
504
- )
505
-
506
- @meta_data.database_result_sizes = [1001, 1002]
507
- @rust_policies.check_appfirewall_injections(
508
- @meta_data
509
- )
510
- end
511
- end
512
- end
513
- end
514
- end
515
- end
516
- end
517
- end