tcell_agent 1.1.12 → 2.2.0

data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb

@@ -0,0 +1,326 @@
+require 'spec_helper'
+require 'securerandom'
+
+describe 'File' do
+  before(:all) do
+    native_agent = double('native_agent')
+    @local_files_policy = TCellAgent::Policies::LocalFileInclusion.new(
+      native_agent, {}
+    )
+    @system_enablements_policy = TCellAgent::Policies::SystemEnablements.new(
+      native_agent, {}
+    )
+    @filename = get_test_resource_path('lfi_sample_file.txt')
+    @file_contents = "This is line one.\nThis is line two.\n"
+    @new_file_name = '/tmp/' + SecureRandom.uuid
+  end
+
+  describe '.new' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          File.new
+        end.to raise_error(ArgumentError)
+        expect do
+          File.new(nil)
+        end.to raise_error(TypeError)
+        expect do
+          File.new('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a non-existent file' do
+      context 'with a directory not blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+        end
+        context 'with a filename and mode r' do
+          it 'should raise an ERRNO::ENOENT error' do
+            expect do
+              File.new(@new_file_name, 'r')
+            end.to raise_error(Errno::ENOENT)
+          end
+        end
+        context 'with a filename and mode w' do
+          it 'should create the file' do
+            File.new(@new_file_name, 'w')
+
+            expect(File.exist?(@new_file_name)).to be_truthy
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 644' do
+          it 'should create the file with the correct permissions' do
+            File.new(@new_file_name, 'w', 0o644)
+
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 755' do
+          it 'should create the file with the correct permissions' do
+            File.new(@new_file_name, 'w', 0o755)
+
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 777' do
+          it 'should create the file with permissions 755' do
+            File.new(@new_file_name, 'w', 0o777)
+
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
+            File.delete(@new_file_name)
+          end
+        end
+      end
+      context 'with a filename blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+        end
+        context 'with a filename and write mode' do
+          it 'should raise an IOError' do
+            expect do
+              File.new(@new_file_name, 'w')
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and write mode and file permissions 644' do
+          it 'should raise an IOError' do
+            expect do
+              File.new(@new_file_name, 'w', 644)
+            end.to raise_error(IOError)
+          end
+        end
+      end
+    end
+    context 'with an existing file' do
+      context 'with a file not blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+        end
+        context 'with a filename' do
+          it 'should still be able to read the file' do
+            result = File.new(@filename).read
+            expect(result).to eq @file_contents
+          end
+        end
+        context 'with a filename and mode r' do
+          it 'should still be able to read the file' do
+            result = File.new(@filename, 'r').read
+            expect(result).to eq @file_contents
+          end
+        end
+        context 'with a filenname and mode w' do
+          it 'should still be able to write to a file' do
+            file = File.new('/dev/null', 'w')
+            expect(file.write('dummy message')).to eq 13
+          end
+        end
+        context 'with a filenname and mode a' do
+          it 'should still be able to write to a file' do
+            file = File.new('/dev/null', 'a')
+            expect(file.write('dummy message')).to eq 13
+          end
+        end
+      end
+      context 'with a file blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+        end
+        context 'with a filename' do
+          it 'should not be able to read the file' do
+            expect do
+              File.new(@filename)
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and mode r' do
+          it 'should not be able to read the file' do
+            expect do
+              File.new(@filename, 'r')
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and mode w' do
+          it 'should not be able to write to the file' do
+            expect do
+              File.new('/dev/null', 'w')
+            end.to raise_error(IOError)
+          end
+        end
+      end
+    end
+  end
+
+  describe '.open' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          File.open
+        end.to raise_error(ArgumentError)
+        expect do
+          File.open(nil)
+        end.to raise_error(TypeError)
+        expect do
+          File.open('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a non-existent file' do
+      before(:all) do
+        @new_file_name = '/tmp/' + SecureRandom.uuid
+      end
+      context 'with a directory not blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+        end
+        context 'with a filename and mode r' do
+          it 'should raise an ERRNO::ENOENT error' do
+            expect do
+              File.open(@new_file_name, 'r')
+            end.to raise_error(Errno::ENOENT)
+          end
+        end
+        context 'with a filename and mode w' do
+          it 'should create the file' do
+            File.open(@new_file_name, 'w')
+
+            expect(File.exist?(@new_file_name)).to be_truthy
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 644' do
+          it 'should create the file with the correct permissions' do
+            File.open(@new_file_name, 'w', 0o644)
+
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 755' do
+          it 'should create the file with the correct permissions' do
+            File.open(@new_file_name, 'w', 0o755)
+
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 777' do
+          it 'should create the file with permissions 755' do
+            File.open(@new_file_name, 'w', 0o777)
+
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
+            File.delete(@new_file_name)
+          end
+        end
+      end
+      context 'with a filename blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+        end
+        context 'with a filename and write mode' do
+          it 'should raise an IOError' do
+            expect do
+              File.open(@new_file_name, 'w')
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and write mode and file permissions 644' do
+          it 'should raise an IOError' do
+            expect do
+              File.open(@new_file_name, 'w', 644)
+            end.to raise_error(IOError)
+          end
+        end
+      end
+    end
+    context 'with an existing file' do
+      context 'with a file not blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+        end
+        context 'with a filename' do
+          it 'should still be able to read the file' do
+            result = File.open(@filename).read
+            expect(result).to eq @file_contents
+          end
+        end
+        context 'with a filename and mode r' do
+          it 'should still be able to read the file' do
+            result = File.open(@filename, 'r').read
+            expect(result).to eq @file_contents
+          end
+        end
+        context 'with a filenname and mode w' do
+          it 'should still be able to write to a file' do
+            file = File.open('/dev/null', 'w')
+            expect(file.write('dummy message')).to eq 13
+          end
+        end
+        context 'with a filenname and mode a' do
+          it 'should still be able to write to a file' do
+            file = File.open('/dev/null', 'a')
+            expect(file.write('dummy message')).to eq 13
+          end
+        end
+      end
+      context 'with a file blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+        end
+        context 'with a filename' do
+          it 'should not be able to read the file' do
+            expect do
+              File.open(@filename)
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and mode r' do
+          it 'should not be able to read the file' do
+            expect do
+              File.open(@filename, 'r')
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and mode w' do
+          it 'should not be able to write to the file' do
+            expect do
+              File.open('/dev/null', 'w')
+            end.to raise_error(IOError)
+          end
+        end
+      end
+    end
+  end
+end

data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb

@@ -0,0 +1,562 @@
+require 'spec_helper'
+require 'securerandom'
+
+describe 'IO' do
+  before do
+    native_agent = double('native_agent')
+    @local_files_policy = TCellAgent::Policies::LocalFileInclusion.new(
+      native_agent, {}
+    )
+    @cmdi_policy = TCellAgent::Policies::CommandInjectionPolicy.new(
+      native_agent, {}
+    )
+  end
+
+  before(:all) do
+    @filename = get_test_resource_path('lfi_sample_file.txt')
+    @file_contents = "This is line one.\nThis is line two.\n"
+    @file_length = @file_contents.length
+
+    @new_file_name = '/tmp/' + SecureRandom.uuid
+    @new_file_contents_offset = "This OFFSETe one.\nThis is line two.\n"
+  end
+
+  describe '.binread' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.binread
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.binread(nil)
+        end.to raise_error(TypeError)
+        expect do
+          IO.binread('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.binread('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should still be able to read file' do
+          result = IO.binread(@filename)
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and a length of 20' do
+        it 'should read 20 bytes of the file' do
+          result = IO.binread(@filename, 20)
+          expect(result).to eq @file_contents[0..19]
+        end
+      end
+      context 'with a filename and a length of 20 and an offset of 5' do
+        it 'should read 20 bytes starting from the 5th byte' do
+          result = IO.binread(@filename, 20, 5)
+          expect(result).to eq @file_contents[5..24]
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.binread('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.binread(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length of 20' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.binread(@filename, 20)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length of 20 and an offset of 5' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.binread(@filename, 20, 5)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+
+  describe '.binwrite' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.binwrite
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.binwrite(nil)
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.binwrite('')
+        end.to raise_error(ArgumentError)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+
+      context 'with a nonexistent filename and string' do
+        it 'should create the file' do
+          IO.binwrite(@new_file_name, '')
+          expect(File.exist?(@new_file_name)).to be_truthy
+          File.delete(@new_file_name)
+        end
+        it 'should write to the file' do
+          expect(IO.binwrite(@new_file_name, @file_contents)).to eq @file_length
+          File.delete(@new_file_name)
+        end
+      end
+      context 'with a nonexistent filename and string and offset' do
+        it 'should write to the file at the offset value 5' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy, @local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false, false)
+
+          IO.binwrite(@new_file_name, @file_contents)
+          IO.binwrite(@new_file_name, 'OFFSET', 5)
+          expect(IO.binread(@new_file_name)).to eq @new_file_contents_offset
+          File.delete(@new_file_name)
+        end
+      end
+    end
+    context 'with a file blocked for read or write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+
+      context 'with a nonexistent filename and a string' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.binwrite(@new_file_name, @file_contents)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a nonexistent filename and a string and an offset' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.binwrite(@new_file_name, @file_contents)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+
+  describe '.foreach' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.foreach('') { pass }
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+
+      context 'with a filename' do
+        it 'should be able to read the file' do
+          result = ''
+          IO.foreach(@filename) { |line| result << line }
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and a limit 16' do
+        it 'should split each line to a max length of 16' do
+          result = ''
+          IO.foreach(@filename, 16) { |line| result << line }
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and sep' do
+        # TODO: no documentation on how to use sep
+      end
+      context 'with a filename and sep and limit' do
+        # TODO: no documentation on how to use sep and limit
+      end
+    end
+    context 'with a file blocked for read or write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            result = ''
+            IO.foreach(@filename) { |line| result << line }
+            expect(result).to eq @file_contents
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+
+  describe '.read' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.read
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.read('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.read('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should read the file' do
+          result = IO.read(@filename)
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and a length of 20' do
+        it 'should read 20 bytes of the file' do
+          result = IO.read(@filename, 20)
+          expect(result).to eq @file_contents[0..19]
+        end
+      end
+      context 'with a filename and a length of 20 and an offset of 5' do
+        it 'should read 20 bytes starting from the 5th byte' do
+          result = IO.read(@filename, 20, 5)
+          expect(result).to eq @file_contents[5..24]
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.read('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.read(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length 20' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.read(@filename, 20)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length and an offset 5' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.read(@filename, 20, 5)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+
+  describe '.readlines' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.readlines
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.readlines('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+
+      context 'with a filename' do
+        it 'should read the file' do
+          result = IO.readlines(@filename)
+          expect(result[0] + result[1]).to eq @file_contents
+        end
+      end
+      context 'with a filename and a limit 20' do
+        it 'should read 20 bytes of the file' do
+          exp_result = ['This ', 'is li', 'ne on', "e.\n", 'This ', 'is li', 'ne tw', "o.\n"]
+          result = IO.readlines(@filename, 5)
+          expect(result).to eq exp_result
+        end
+      end
+      context 'with a filename and a limit of 20 and sep' do
+        # TODO
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.readlines('|echo test')[0]
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.readlines(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+
+  describe '.sysopen' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.sysopen
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.sysopen(nil)
+        end.to raise_error(TypeError)
+        expect do
+          IO.sysopen('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a nonexistent file' do
+      context 'with mode r' do
+        it 'should raise an error' do
+        end
+      end
+      context 'with mode w' do
+        it 'should return an integer' do
+        end
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+
+      context 'with a filename' do
+        it 'should return an integer' do
+          fd = IO.sysopen(@filename)
+          expect(fd).to be_a(Integer)
+        end
+        it 'should open the file for read' do
+          fd = IO.sysopen(@filename)
+          expect(IO.new(fd).read).to eq @file_contents
+        end
+      end
+      context 'with a filename and mode w' do
+        it 'should return an integer' do
+          fd = IO.sysopen(@new_file_name, 'w')
+          expect(fd).to be_a(Integer)
+        end
+        it 'should open the file for write' do
+          fd = IO.sysopen(@new_file_name, 'w')
+          file = IO.new(fd, 'w')
+          file.puts @file_contents
+          file.rewind
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+
+      context 'with a filename' do
+        it 'should not be able to open the file for read' do
+          expect do
+            IO.sysopen(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and mode' do
+        it 'should not be able to open the file for read' do
+          expect do
+            IO.sysopen(@filename, 'r')
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+
+  describe '.write' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.write
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.write(nil)
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.write('')
+        end.to raise_error(ArgumentError)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+
+      context 'with a filename that doe not exist' do
+        it 'should create the file' do
+          IO.write(@new_file_name, @file_contents)
+          expect(File.exist?(@new_file_name)).to be_truthy
+          File.delete(@new_file_name)
+        end
+        it 'should write to the file' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+
+          IO.write(@new_file_name, @file_contents)
+          expect(IO.read(@new_file_name)).to eq @file_contents
+          File.delete(@new_file_name)
+        end
+      end
+      context 'with a filename that does exist' do
+        it 'should overwrite the file' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+
+          IO.write(@new_file_name, @file_contents)
+          expect(IO.read(@new_file_name)).to eq @file_contents
+          File.delete(@new_file_name)
+        end
+      end
+      context 'with a filename that does exist and an offset 5' do
+        it 'should overwrite the file starting at the offset value' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy, @local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false, false)
+
+          exp_results = @file_contents.dup
+          exp_results[1..6] = 'OFFSET'
+          IO.write(@new_file_name, @file_contents)
+          IO.write(@new_file_name, 'OFFSET', 1)
+          expect(IO.read(@new_file_name)).to eq exp_results
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+
+      context 'with a filename that does not exist' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.write(@new_file_name, '')
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename that does exist' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.write(@filename, @file_contents)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+end