tcell_agent 1.1.12 → 2.0.0

data/lib/tcell_agent/rust/native_agent_response.rb

@@ -0,0 +1,42 @@
+module TCellAgent
+  module Rust
+    class NativeAgentResponse
+      attr_reader :errors, :response
+
+      def initialize(native_method_name, response, response_len)
+        @response = {}
+        @errors = []
+
+        if response_len < 0
+          @errors.push(
+            "Error response from `#{native_method_name}` in native library method: #{response_len}"
+          )
+          return
+        end
+
+        begin
+          @response = JSON.parse(response.get_string(0, response_len))
+          if @response['error']
+            @errors.push(
+              "#{native_method_name} returned an error: #{@response['error']}"
+            )
+            @response = {}
+          end
+          if @response['errors']
+            @response['errors'].each do |error|
+              @errors.push(
+                "#{native_method_name} returned an error: #{error}"
+              )
+              @response = {}
+            end
+          end
+        rescue JSON::ParserError
+          @errors.push(
+            "Could not parse json response from `#{native_method_name}` in native library."
+          )
+          @response = {}
+        end
+      end
+    end
+  end
+end

data/lib/tcell_agent/rust/native_library.rb

@@ -0,0 +1,68 @@
+require 'tcell_agent/rust/models'
+
+module TCellAgent
+  module Rust
+    module NativeLibrary
+      require 'ffi'
+      extend FFI::Library
+
+      VERSION = '4.14.0'.freeze
+      prefix = 'lib'
+      extension = '.so'
+      variant = ''
+      if /cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM
+        extension = '.dll'
+        prefix = ''
+      elsif /darwin/ =~ RUBY_PLATFORM
+        extension = '.dylib'
+      elsif /musl/ =~ RUBY_PLATFORM
+        variant = 'alpine-'
+      end
+
+      begin
+        ffi_lib File.join(File.dirname(__FILE__),
+                          "#{prefix}tcellagent-#{variant}#{VERSION}#{extension}")
+
+        # All the rust library calls have the following response api:
+        #
+        # result [int]: 0+ length of buffer_out answer
+        #               -1 general error
+        #               -2 buffer_out is not big enough for response
+        #               -3 buffer_out is null
+
+        attach_function :create_agent, %i[pointer size_t pointer size_t], :int
+        attach_function :free_agent, [:pointer], :int
+        attach_function :request_policies, %i[pointer pointer size_t], :int
+        attach_function :poll_new_policies, %i[pointer pointer size_t], :int
+        attach_function :appfirewall_apply, %i[pointer pointer size_t pointer size_t], :int
+        attach_function :patches_apply, %i[pointer pointer size_t pointer size_t], :int
+        attach_function :cmdi_apply, %i[pointer pointer size_t pointer size_t], :int
+        attach_function :get_headers, %i[pointer pointer size_t pointer size_t], :int
+        attach_function :get_js_agent_script_tag, %i[pointer pointer size_t pointer size_t], :int
+        attach_function :check_http_redirect, %i[pointer pointer size_t pointer size_t], :int
+        attach_function :report_metrics, %i[pointer pointer size_t pointer size_t], :int
+        attach_function :login_fraud_apply, %i[pointer pointer size_t pointer size_t], :int
+        attach_function :file_access_apply, %i[pointer pointer size_t pointer size_t], :int
+
+        attach_function :send_sanitized_events, %i[pointer pointer size_t pointer size_t], :int
+        attach_function :log_message, %i[pointer pointer size_t pointer size_t], :int
+
+        attach_function :update_policies, %i[pointer pointer size_t pointer size_t], :int
+        attach_function :test_event_sender, %i[pointer size_t pointer size_t], :int
+        attach_function :test_policies, %i[pointer size_t pointer size_t], :int
+
+        def self.common_lib_available?
+          true
+        end
+      rescue LoadError => load_error
+        logger = TCellAgent::ModuleLogger.new(TCellAgent::RubyLogger.new, name)
+        logger.error("Failed loading agent library. #{load_error.message}")
+        logger.exception(load_error)
+
+        def self.common_lib_available? # rubocop:disable Lint/DuplicateMethods
+          false
+        end
+      end
+    end
+  end
+end

data/lib/tcell_agent/sensor_events/agent_setting_event.rb

@@ -0,0 +1,12 @@
+require 'tcell_agent/sensor_events/app_config_setting_event'
+require 'tcell_agent/sensor_events/sensor'
+
+module TCellAgent
+  module SensorEvents
+    class AgentSettingEvent < AppConfigSettingEvent
+      def initialize(name, value)
+        super('tcell', 'config', nil, name, value)
+      end
+    end
+  end
+end

data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb}

@@ -14,11 +14,5 @@ module TCellAgent
         self['prefix'] = prefix if prefix
       end
     end
-
-    class TCellAgentSettingEvent < AppConfigSettingEvent
-      def initialize(name, value)
-        super('tcell', 'config', nil, name, value)
-      end
-    end
   end
 end

data/lib/tcell_agent/sensor_events/dlp.rb

@@ -2,7 +2,7 @@
 
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
 require 'tcell_agent/sensor_events/sensor'
-require 'tcell_agent/sensor_events/util/sanitizer_utilities'
+
 module TCellAgent
   module SensorEvents
     class DlpEvent < TCellSensorEvent
@@ -20,7 +20,7 @@ module TCellAgent
         super('dlp')
         self['rid'] = route_id if route_id
         self['found_in'] = found_in
-        @raw_uri = raw_uri
+        self['uri'] = Util.strip_uri_values(raw_uri) if raw_uri
         self['sid'] = hmac_session_id if hmac_session_id
         self['uid'] = user_id if user_id
         self['rule'] = id if id
@@ -48,10 +48,6 @@ module TCellAgent
         self['variable'] = variable
         self
       end
-
-      def post_process
-        self['uri'] = Util.strip_uri_values(@raw_uri) if @raw_uri
-      end
     end
   end
 end

data/lib/tcell_agent/sensor_events/sensor.rb

@@ -1,7 +1,6 @@
 # See the file "LICENSE" for the full license governing this code.
 
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-require 'tcell_agent/logger'
 require 'uri'
 
 module TCellAgent
@@ -21,70 +20,9 @@ module TCellAgent
         self['offset'] = from_timestamp - @timestamp
       end
 
-      def post_process
-        # This is called in the background thread, so any
-        # santization, analysis, etc doesn't get in the way
-      end
-
       def bucket_key
         nil
       end
     end
-
-    class TCellHttpTxSensorEvent < TCellSensorEvent
-      def initialize(request, response)
-        super('http_tx')
-        @raw_request = request
-        @raw_response = response
-      end
-
-      def post_process
-        self['request'] = Util.request_sanitized_json(@raw_request) if defined? @raw_request
-
-        self['response'] = Util.response_sanitized_json(@raw_response) if defined? @raw_response
-      end
-    end
-
-    class TCellRedirectSensorEvent < TCellSensorEvent
-      def initialize(redirect_domain,
-                     original_domain,
-                     original_url,
-                     method,
-                     route_id,
-                     status_code,
-                     remote_addr,
-                     hmac_session_id = nil,
-                     user_id = nil)
-        super('redirect')
-        self['method'] = method
-        self['from_domain'] = original_domain
-        self['status_code'] = status_code
-        self['remote_addr'] = remote_addr
-        self['to'] = redirect_domain
-        self['uid'] = user_id.to_s if user_id
-        self['from'] = Util.strip_uri_values(original_url)
-        self['rid'] = route_id if route_id
-        self['sid'] = hmac_session_id if hmac_session_id
-      end
-    end
-
-    class TCellFingerprintSensorEvent < TCellSensorEvent
-      def initialize(request, hmac_session_id, user_id = nil)
-        super('fingerprint')
-        @raw_request = request
-        @hmac_session_id = hmac_session_id
-        @user_id = user_id
-      end
-
-      def post_process
-        unless @raw_request.headers.key?('HTTP_USER_AGENT')
-          raise 'User Agent not Found!'
-        end
-        self['ua'] = @raw_request.headers['HTTP_USER_AGENT']
-        self['ip'] = @raw_request.remote_ip
-        self['sid'] = @hmac_session_id
-        self['uid'] = @user_id if @user_id
-      end
-    end
   end
 end

data/lib/tcell_agent/sensor_events/server_agent.rb

@@ -1,6 +1,5 @@
 # See the file "LICENSE" for the full license governing this code.
 
-require 'tcell_agent/logger'
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
 require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/util/utils'
@@ -8,15 +7,9 @@ require 'etc'
 
 module TCellAgent
   module SensorEvents
-    class FlushDummyEvent < TCellSensorEvent
-      def initialize
-        super('dummy')
-        @send = false
-        @flush = true
-      end
-    end
-
     class ServerAgentDetailsSensorEvent < TCellSensorEvent
+      include TCellAgent::ModuleLoggerAccess
+
       def initialize
         super('server_agent_details')
         @flush = true
@@ -33,17 +26,17 @@ module TCellAgent
               info = Etc.getpwnam(login)
               self['group'] = info.gid.to_s
             rescue StandardError => te
-              TCellAgent.logger.warn("Exception finding group id: #{te.message}")
-              TCellAgent.logger.debug(te.backtrace)
+              module_logger.debug("Could not get group id: #{te.message}")
+              module_logger.exception(te)
             end
           end
         rescue StandardError => to
-          TCellAgent.logger.warn("Exception finding user & group: #{to.message}")
-          TCellAgent.logger.debug(te.backtrace)
+          module_logger.debug("Could not get user & group: #{to.message}")
+          module_logger.exception(te)
         end
 
-        TCellAgent.logger.debug("User #{self['user']}")
-        TCellAgent.logger.debug("Group #{self['group']}")
+        module_logger.debug("User #{self['user']}")
+        module_logger.debug("Group #{self['group']}")
       end
     end
 
@@ -68,6 +61,8 @@ module TCellAgent
     end
 
     class ServerAgentPackagesSensorEvent < TCellSensorEvent
+      include TCellAgent::ModuleLoggerAccess
+
       def initialize
         super('server_agent_packages')
         @flush = true
@@ -78,11 +73,11 @@ module TCellAgent
             if x.name
               package = { 'n' => x.name, 'v' => x.version.version }
               packages.push(package)
-              TCellAgent.logger.debug("Adding packages #{x.name}")
+              module_logger.debug("Adding packages #{x.name}")
             end
           rescue StandardError => te
-            TCellAgent.logger.error("Exception adding package: #{te.message}")
-            TCellAgent.logger.debug(te.backtrace)
+            module_logger.error("Exception adding package: #{te.message}")
+            module_logger.exception(te)
           end
         end
         self['packages'] = packages

data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb

@@ -1,6 +1,5 @@
 # See the file "LICENSE" for the full license governing this code.
 
-require 'logger'
 require 'cgi'
 require 'uri'
 require 'openssl'
@@ -16,98 +15,6 @@ module TCellAgent
         h[0...h.length / 2]
       end
 
-      def self.request_sanitized_json(request)
-        sanitized_headers = {}
-        headers = request.headers.select { |k, _v| k.start_with? 'HTTP_' }
-                         .collect { |pair| [pair[0].sub(/^HTTP_/, ''), pair[1]] }
-                         .sort
-        headers.each do |header_name, header_value|
-          lower_header_name = header_name.downcase
-          sanitized_headers[header_name] = if lower_header_name == 'cookie'
-                                             [santize_request_cookie_string(header_value)]
-                                           elsif %w[content_type content_length user_agent csp].include?(lower_header_name)
-                                             [header_value]
-                                           else
-                                             []
-                                           end
-        end
-        new_request = { 'method' => request.request_method,
-                        'uri' => sanitize_uri(request.fullpath),
-                        'headers' => sanitized_headers }
-        request_body = request.body.read
-        if request_body
-          new_request['post_data'] = sanitize_query_string(request_body)
-        end
-        new_request
-      end
-
-      def self.response_sanitized_json(response)
-        status, headers, _body = *response
-        sanitized_headers = {}
-        content_type = 'unknown'
-        headers.each do |header_name, header_value|
-          lower_header_name = header_name.downcase
-          if lower_header_name == 'set-cookie'
-            sanitized_headers[header_name] = [santize_response_cookie_string(header_value)]
-          else
-            content_type = header_value if lower_header_name == 'content-type'
-            sanitized_headers[header_name] = if ['content-type', 'content-length'].include?(lower_header_name)
-                                               [header_value]
-                                             else
-                                               []
-                                             end
-          end
-        end
-
-        { 'status' => status,
-          'headers' => sanitized_headers }
-      end
-
-      def self.santize_request_cookie_string(request_cookie_string)
-        sanitized_cookies = {}
-        cookies = CGI::Cookie.parse(request_cookie_string)
-        cookies.each do |cookie_name, cookie_value|
-          next if cookie_value.length != 1
-          sanitized_cookies[cookie_name] = Util.hmac(cookie_value[0])
-        end
-        sanitized_cookies.map { |k, v| "#{k}=#{v}" }.join(';')
-      end
-
-      def self.santize_response_cookie_string(response_cookie_string_value)
-        cookie_parts = response_cookie_string_value.split('; ')
-        cookie_string = cookie_parts[0]
-        cookies = CGI::Cookie.parse(cookie_string)
-        return '[COOKIEMALFORMED]' if cookies.length != 1
-        cookie_name = cookies.keys.first
-        cookie_values = cookies.values.first
-        return '[COOKIEHADTOOMANYVALUES]' if cookie_values.length != 1
-        h = Util.hmac(cookie_values[0])
-        new_cookie_string = "#{cookie_name}=#{h}"
-        cookie_parts[0] = new_cookie_string
-        cookie_parts.map { |k, v| "#{k}=#{v}" }.join('; ')
-      end
-
-      def self.sanitize_query_string(query)
-        params = CGI.parse(query)
-        params.each do |param_name, param_values|
-          next if param_values.nil? || param_values.empty?
-          if param_name.match(/password/i) ||
-             param_name.match(/passwd/i) ||
-             param_name.match(/token/i) ||
-             param_name.match(/sessionid/i)
-            params[param_name] = ['?']
-            next
-          end
-          new_param_values = []
-          param_values.each do |param_value|
-            h = Util.hmac(param_value)
-            new_param_values.push << h
-          end
-          params[param_name] = new_param_values
-        end
-        params.map { |k, v| "#{k}=#{v.join(',')}" }.join('&')
-      end
-
       def self.strip_values_query_string(query)
         params = CGI.parse(query)
         params.each do |param_name, param_values|
@@ -117,13 +24,6 @@ module TCellAgent
         params.map { |k, v| "#{k}=#{v.join(',')}" }.join('&')
       end
 
-      def self.sanitize_uri(uri_string)
-        uri = URI(uri_string)
-        query = uri.query
-        uri.query = sanitize_query_string(query) if query
-        uri.to_s
-      end
-
       def self.strip_uri_values(uri_string)
         uri = URI(uri_string)
         query = uri.query
@@ -137,14 +37,6 @@ module TCellAgent
 
         'tcell_hmac_key'
       end
-
-      def self.clean_header_keys(request_env_or_header_keys)
-        if request_env_or_header_keys.is_a?(Hash)
-          request_env_or_header_keys.select { |k, _v| k.start_with? 'HTTP_' }.collect { |k, _v| k.sub(/^HTTP_/, '') }
-        else
-          request_env_or_header_keys.map { |k| k.sub(/^HTTP_/, '') }
-        end
-      end
     end
   end
 end