RubyGems - tcell_agent - Versions diffs - 1.1.12 → 2.2.0 - Mend

tcell_agent 1.1.12 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

checksums.yaml +5 -5
data/bin/tcell_agent +45 -137
data/lib/tcell_agent.rb +12 -14
data/lib/tcell_agent/agent.rb +108 -97
data/lib/tcell_agent/agent/route_manager.rb +0 -16
data/lib/tcell_agent/agent/static_agent.rb +9 -30
data/lib/tcell_agent/config_initializer.rb +66 -0
data/lib/tcell_agent/configuration.rb +69 -345
data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
data/lib/tcell_agent/instrument_servers.rb +23 -0
data/lib/tcell_agent/instrumentation.rb +12 -10
data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
data/lib/tcell_agent/logger.rb +49 -114
data/lib/tcell_agent/patches.rb +6 -7
data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
data/lib/tcell_agent/policies/headers_policy.rb +25 -0
data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
data/lib/tcell_agent/policies/local_file_access.rb +28 -0
data/lib/tcell_agent/policies/login_policy.rb +43 -0
data/lib/tcell_agent/policies/patches_policy.rb +27 -0
data/lib/tcell_agent/policies/policies_manager.rb +68 -0
data/lib/tcell_agent/policies/policy_polling.rb +58 -0
data/lib/tcell_agent/policies/policy_types.rb +14 -0
data/lib/tcell_agent/policies/system_enablements.rb +27 -0
data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
data/lib/tcell_agent/rails/auth/devise.rb +100 -105
data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
data/lib/tcell_agent/rails/dlp.rb +35 -23
data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
data/lib/tcell_agent/rails/routes.rb +10 -12
data/lib/tcell_agent/rails/routes/grape.rb +4 -14
data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
data/lib/tcell_agent/rust/agent_config.rb +60 -0
data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
data/lib/tcell_agent/rust/models.rb +6 -52
data/lib/tcell_agent/rust/native_agent.rb +549 -0
data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
data/lib/tcell_agent/rust/native_library.rb +69 -0
data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
data/lib/tcell_agent/servers/passenger.rb +1 -28
data/lib/tcell_agent/servers/puma.rb +3 -21
data/lib/tcell_agent/servers/rails_server.rb +1 -2
data/lib/tcell_agent/servers/thin.rb +2 -2
data/lib/tcell_agent/servers/unicorn.rb +19 -80
data/lib/tcell_agent/servers/webrick.rb +1 -2
data/lib/tcell_agent/settings_reporter.rb +11 -90
data/lib/tcell_agent/sinatra.rb +14 -16
data/lib/tcell_agent/tcell_context.rb +40 -14
data/lib/tcell_agent/utils/headers.rb +14 -0
data/lib/tcell_agent/version.rb +1 -1
data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
data/spec/lib/tcell_agent/patches_spec.rb +25 -43
data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
data/spec/spec_helper.rb +1 -1
data/spec/support/builders.rb +103 -0
data/spec/support/force_logger_mocking.rb +38 -0
data/spec/support/resources/lfi_sample_file.txt +2 -0
data/spec/support/static_agent_overrides.rb +0 -15
metadata +72 -83
data/lib/tcell_agent/agent/event_processor.rb +0 -326
data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
data/lib/tcell_agent/agent/policy_manager.rb +0 -219
data/lib/tcell_agent/agent/policy_types.rb +0 -30
data/lib/tcell_agent/api.rb +0 -91
data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
data/lib/tcell_agent/authlogic.rb +0 -26
data/lib/tcell_agent/config/child_process_events.rb +0 -8
data/lib/tcell_agent/config/unknown_options.rb +0 -123
data/lib/tcell_agent/devise.rb +0 -35
data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
data/lib/tcell_agent/policies/rust_policies.rb +0 -110
data/lib/tcell_agent/rails/on_start.rb +0 -41
data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +0 -308
data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
data/lib/tcell_agent/sensor_events/patches.rb +0 -21
data/lib/tcell_agent/start_background_thread.rb +0 -55
data/lib/tcell_agent/system_info.rb +0 -11
data/lib/tcell_agent/utils/io.rb +0 -38
data/lib/tcell_agent/utils/passwords.rb +0 -28
data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143

data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb ADDED

@@ -0,0 +1,326 @@
+require 'spec_helper'
+require 'securerandom'
+describe 'File' do
+  before(:all) do
+    native_agent = double('native_agent')
+    @local_files_policy = TCellAgent::Policies::LocalFileInclusion.new(
+      native_agent, {}
+    )
+    @system_enablements_policy = TCellAgent::Policies::SystemEnablements.new(
+      native_agent, {}
+    )
+    @filename = get_test_resource_path('lfi_sample_file.txt')
+    @file_contents = "This is line one.\nThis is line two.\n"
+    @new_file_name = '/tmp/' + SecureRandom.uuid
+  end
+  describe '.new' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          File.new
+        end.to raise_error(ArgumentError)
+        expect do
+          File.new(nil)
+        end.to raise_error(TypeError)
+        expect do
+          File.new('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a non-existent file' do
+      context 'with a directory not blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+        end
+        context 'with a filename and mode r' do
+          it 'should raise an ERRNO::ENOENT error' do
+            expect do
+              File.new(@new_file_name, 'r')
+            end.to raise_error(Errno::ENOENT)
+          end
+        end
+        context 'with a filename and mode w' do
+          it 'should create the file' do
+            File.new(@new_file_name, 'w')
+            expect(File.exist?(@new_file_name)).to be_truthy
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 644' do
+          it 'should create the file with the correct permissions' do
+            File.new(@new_file_name, 'w', 0o644)
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 755' do
+          it 'should create the file with the correct permissions' do
+            File.new(@new_file_name, 'w', 0o755)
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 777' do
+          it 'should create the file with permissions 755' do
+            File.new(@new_file_name, 'w', 0o777)
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
+            File.delete(@new_file_name)
+          end
+        end
+      end
+      context 'with a filename blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+        end
+        context 'with a filename and write mode' do
+          it 'should raise an IOError' do
+            expect do
+              File.new(@new_file_name, 'w')
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and write mode and file permissions 644' do
+          it 'should raise an IOError' do
+            expect do
+              File.new(@new_file_name, 'w', 644)
+            end.to raise_error(IOError)
+          end
+        end
+      end
+    end
+    context 'with an existing file' do
+      context 'with a file not blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+        end
+        context 'with a filename' do
+          it 'should still be able to read the file' do
+            result = File.new(@filename).read
+            expect(result).to eq @file_contents
+          end
+        end
+        context 'with a filename and mode r' do
+          it 'should still be able to read the file' do
+            result = File.new(@filename, 'r').read
+            expect(result).to eq @file_contents
+          end
+        end
+        context 'with a filenname and mode w' do
+          it 'should still be able to write to a file' do
+            file = File.new('/dev/null', 'w')
+            expect(file.write('dummy message')).to eq 13
+          end
+        end
+        context 'with a filenname and mode a' do
+          it 'should still be able to write to a file' do
+            file = File.new('/dev/null', 'a')
+            expect(file.write('dummy message')).to eq 13
+          end
+        end
+      end
+      context 'with a file blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+        end
+        context 'with a filename' do
+          it 'should not be able to read the file' do
+            expect do
+              File.new(@filename)
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and mode r' do
+          it 'should not be able to read the file' do
+            expect do
+              File.new(@filename, 'r')
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and mode w' do
+          it 'should not be able to write to the file' do
+            expect do
+              File.new('/dev/null', 'w')
+            end.to raise_error(IOError)
+          end
+        end
+      end
+    end
+  end
+  describe '.open' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          File.open
+        end.to raise_error(ArgumentError)
+        expect do
+          File.open(nil)
+        end.to raise_error(TypeError)
+        expect do
+          File.open('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a non-existent file' do
+      before(:all) do
+        @new_file_name = '/tmp/' + SecureRandom.uuid
+      end
+      context 'with a directory not blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+        end
+        context 'with a filename and mode r' do
+          it 'should raise an ERRNO::ENOENT error' do
+            expect do
+              File.open(@new_file_name, 'r')
+            end.to raise_error(Errno::ENOENT)
+          end
+        end
+        context 'with a filename and mode w' do
+          it 'should create the file' do
+            File.open(@new_file_name, 'w')
+            expect(File.exist?(@new_file_name)).to be_truthy
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 644' do
+          it 'should create the file with the correct permissions' do
+            File.open(@new_file_name, 'w', 0o644)
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 755' do
+          it 'should create the file with the correct permissions' do
+            File.open(@new_file_name, 'w', 0o755)
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
+            File.delete(@new_file_name)
+          end
+        end
+        context 'with a filename and write mode and file permissions 777' do
+          it 'should create the file with permissions 755' do
+            File.open(@new_file_name, 'w', 0o777)
+            expect(File.exist?(@new_file_name)).to be_truthy
+            expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
+            File.delete(@new_file_name)
+          end
+        end
+      end
+      context 'with a filename blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+        end
+        context 'with a filename and write mode' do
+          it 'should raise an IOError' do
+            expect do
+              File.open(@new_file_name, 'w')
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and write mode and file permissions 644' do
+          it 'should raise an IOError' do
+            expect do
+              File.open(@new_file_name, 'w', 644)
+            end.to raise_error(IOError)
+          end
+        end
+      end
+    end
+    context 'with an existing file' do
+      context 'with a file not blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+        end
+        context 'with a filename' do
+          it 'should still be able to read the file' do
+            result = File.open(@filename).read
+            expect(result).to eq @file_contents
+          end
+        end
+        context 'with a filename and mode r' do
+          it 'should still be able to read the file' do
+            result = File.open(@filename, 'r').read
+            expect(result).to eq @file_contents
+          end
+        end
+        context 'with a filenname and mode w' do
+          it 'should still be able to write to a file' do
+            file = File.open('/dev/null', 'w')
+            expect(file.write('dummy message')).to eq 13
+          end
+        end
+        context 'with a filenname and mode a' do
+          it 'should still be able to write to a file' do
+            file = File.open('/dev/null', 'a')
+            expect(file.write('dummy message')).to eq 13
+          end
+        end
+      end
+      context 'with a file blocked for read/write' do
+        before(:each) do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+        end
+        context 'with a filename' do
+          it 'should not be able to read the file' do
+            expect do
+              File.open(@filename)
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and mode r' do
+          it 'should not be able to read the file' do
+            expect do
+              File.open(@filename, 'r')
+            end.to raise_error(IOError)
+          end
+        end
+        context 'with a filename and mode w' do
+          it 'should not be able to write to the file' do
+            expect do
+              File.open('/dev/null', 'w')
+            end.to raise_error(IOError)
+          end
+        end
+      end
+    end
+  end
+end

data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb ADDED

@@ -0,0 +1,562 @@
+require 'spec_helper'
+require 'securerandom'
+describe 'IO' do
+  before do
+    native_agent = double('native_agent')
+    @local_files_policy = TCellAgent::Policies::LocalFileInclusion.new(
+      native_agent, {}
+    )
+    @cmdi_policy = TCellAgent::Policies::CommandInjectionPolicy.new(
+      native_agent, {}
+    )
+  end
+  before(:all) do
+    @filename = get_test_resource_path('lfi_sample_file.txt')
+    @file_contents = "This is line one.\nThis is line two.\n"
+    @file_length = @file_contents.length
+    @new_file_name = '/tmp/' + SecureRandom.uuid
+    @new_file_contents_offset = "This OFFSETe one.\nThis is line two.\n"
+  end
+  describe '.binread' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.binread
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.binread(nil)
+        end.to raise_error(TypeError)
+        expect do
+          IO.binread('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.binread('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should still be able to read file' do
+          result = IO.binread(@filename)
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and a length of 20' do
+        it 'should read 20 bytes of the file' do
+          result = IO.binread(@filename, 20)
+          expect(result).to eq @file_contents[0..19]
+        end
+      end
+      context 'with a filename and a length of 20 and an offset of 5' do
+        it 'should read 20 bytes starting from the 5th byte' do
+          result = IO.binread(@filename, 20, 5)
+          expect(result).to eq @file_contents[5..24]
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.binread('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.binread(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length of 20' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.binread(@filename, 20)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length of 20 and an offset of 5' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.binread(@filename, 20, 5)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.binwrite' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.binwrite
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.binwrite(nil)
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.binwrite('')
+        end.to raise_error(ArgumentError)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+      context 'with a nonexistent filename and string' do
+        it 'should create the file' do
+          IO.binwrite(@new_file_name, '')
+          expect(File.exist?(@new_file_name)).to be_truthy
+          File.delete(@new_file_name)
+        end
+        it 'should write to the file' do
+          expect(IO.binwrite(@new_file_name, @file_contents)).to eq @file_length
+          File.delete(@new_file_name)
+        end
+      end
+      context 'with a nonexistent filename and string and offset' do
+        it 'should write to the file at the offset value 5' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy, @local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false, false)
+          IO.binwrite(@new_file_name, @file_contents)
+          IO.binwrite(@new_file_name, 'OFFSET', 5)
+          expect(IO.binread(@new_file_name)).to eq @new_file_contents_offset
+          File.delete(@new_file_name)
+        end
+      end
+    end
+    context 'with a file blocked for read or write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+      context 'with a nonexistent filename and a string' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.binwrite(@new_file_name, @file_contents)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a nonexistent filename and a string and an offset' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.binwrite(@new_file_name, @file_contents)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.foreach' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.foreach('') { pass }
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+      context 'with a filename' do
+        it 'should be able to read the file' do
+          result = ''
+          IO.foreach(@filename) { |line| result << line }
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and a limit 16' do
+        it 'should split each line to a max length of 16' do
+          result = ''
+          IO.foreach(@filename, 16) { |line| result << line }
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and sep' do
+        # TODO: no documentation on how to use sep
+      end
+      context 'with a filename and sep and limit' do
+        # TODO: no documentation on how to use sep and limit
+      end
+    end
+    context 'with a file blocked for read or write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            result = ''
+            IO.foreach(@filename) { |line| result << line }
+            expect(result).to eq @file_contents
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.read' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.read
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.read('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.read('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should read the file' do
+          result = IO.read(@filename)
+          expect(result).to eq @file_contents
+        end
+      end
+      context 'with a filename and a length of 20' do
+        it 'should read 20 bytes of the file' do
+          result = IO.read(@filename, 20)
+          expect(result).to eq @file_contents[0..19]
+        end
+      end
+      context 'with a filename and a length of 20 and an offset of 5' do
+        it 'should read 20 bytes starting from the 5th byte' do
+          result = IO.read(@filename, 20, 5)
+          expect(result).to eq @file_contents[5..24]
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.read('|echo test')
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.read(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length 20' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.read(@filename, 20)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and a length and an offset 5' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.read(@filename, 20, 5)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.readlines' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.readlines
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.readlines('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+      context 'with a filename' do
+        it 'should read the file' do
+          result = IO.readlines(@filename)
+          expect(result[0] + result[1]).to eq @file_contents
+        end
+      end
+      context 'with a filename and a limit 20' do
+        it 'should read 20 bytes of the file' do
+          exp_result = ['This ', 'is li', 'ne on', "e.\n", 'This ', 'is li', 'ne tw', "o.\n"]
+          result = IO.readlines(@filename, 5)
+          expect(result).to eq exp_result
+        end
+      end
+      context 'with a filename and a limit of 20 and sep' do
+        # TODO
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do |test|
+        unless test.metadata[:skip_before]
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+          expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
+        end
+      end
+      it 'should still be able to execute OS commands', :skip_before do
+        result = IO.readlines('|echo test')[0]
+        expect(result).to eq "test\n"
+      end
+      context 'with a filename' do
+        it 'should not be able to read the file' do
+          expect do
+            IO.readlines(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.sysopen' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.sysopen
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.sysopen(nil)
+        end.to raise_error(TypeError)
+        expect do
+          IO.sysopen('')
+        end.to raise_error(Errno::ENOENT)
+      end
+    end
+    context 'with a nonexistent file' do
+      context 'with mode r' do
+        it 'should raise an error' do
+        end
+      end
+      context 'with mode w' do
+        it 'should return an integer' do
+        end
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+      context 'with a filename' do
+        it 'should return an integer' do
+          fd = IO.sysopen(@filename)
+          expect(fd).to be_a(Integer)
+        end
+        it 'should open the file for read' do
+          fd = IO.sysopen(@filename)
+          expect(IO.new(fd).read).to eq @file_contents
+        end
+      end
+      context 'with a filename and mode w' do
+        it 'should return an integer' do
+          fd = IO.sysopen(@new_file_name, 'w')
+          expect(fd).to be_a(Integer)
+        end
+        it 'should open the file for write' do
+          fd = IO.sysopen(@new_file_name, 'w')
+          file = IO.new(fd, 'w')
+          file.puts @file_contents
+          file.rewind
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+      context 'with a filename' do
+        it 'should not be able to open the file for read' do
+          expect do
+            IO.sysopen(@filename)
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename and mode' do
+        it 'should not be able to open the file for read' do
+          expect do
+            IO.sysopen(@filename, 'r')
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+  describe '.write' do
+    context 'empty path' do
+      it 'should raise an error' do
+        expect do
+          IO.write
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.write(nil)
+        end.to raise_error(ArgumentError)
+        expect do
+          IO.write('')
+        end.to raise_error(ArgumentError)
+      end
+    end
+    context 'with a file not blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+      end
+      context 'with a filename that doe not exist' do
+        it 'should create the file' do
+          IO.write(@new_file_name, @file_contents)
+          expect(File.exist?(@new_file_name)).to be_truthy
+          File.delete(@new_file_name)
+        end
+        it 'should write to the file' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          IO.write(@new_file_name, @file_contents)
+          expect(IO.read(@new_file_name)).to eq @file_contents
+          File.delete(@new_file_name)
+        end
+      end
+      context 'with a filename that does exist' do
+        it 'should overwrite the file' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
+          IO.write(@new_file_name, @file_contents)
+          expect(IO.read(@new_file_name)).to eq @file_contents
+          File.delete(@new_file_name)
+        end
+      end
+      context 'with a filename that does exist and an offset 5' do
+        it 'should overwrite the file starting at the offset value' do
+          expect(TCellAgent).to receive(:policy).with(
+            TCellAgent::PolicyTypes::LFI
+          ).and_return(@local_files_policy, @local_files_policy)
+          expect(@local_files_policy).to receive(:block_file_access?).and_return(false, false)
+          exp_results = @file_contents.dup
+          exp_results[1..6] = 'OFFSET'
+          IO.write(@new_file_name, @file_contents)
+          IO.write(@new_file_name, 'OFFSET', 1)
+          expect(IO.read(@new_file_name)).to eq exp_results
+        end
+      end
+    end
+    context 'with a file blocked for read/write' do
+      before do
+        expect(TCellAgent).to receive(:policy).with(
+          TCellAgent::PolicyTypes::LFI
+        ).and_return(@local_files_policy)
+        expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
+      end
+      context 'with a filename that does not exist' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.write(@new_file_name, '')
+          end.to raise_error(IOError)
+        end
+      end
+      context 'with a filename that does exist' do
+        it 'should not be able to write to the file' do
+          expect do
+            IO.write(@filename, @file_contents)
+          end.to raise_error(IOError)
+        end
+      end
+    end
+  end
+end