tcell_agent 1.1.12 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (169) hide show
  1. checksums.yaml +5 -5
  2. data/bin/tcell_agent +45 -137
  3. data/lib/tcell_agent.rb +12 -14
  4. data/lib/tcell_agent/agent.rb +108 -97
  5. data/lib/tcell_agent/agent/route_manager.rb +0 -16
  6. data/lib/tcell_agent/agent/static_agent.rb +9 -30
  7. data/lib/tcell_agent/config_initializer.rb +66 -0
  8. data/lib/tcell_agent/configuration.rb +69 -345
  9. data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
  10. data/lib/tcell_agent/instrument_servers.rb +23 -0
  11. data/lib/tcell_agent/instrumentation.rb +12 -10
  12. data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
  13. data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
  14. data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
  15. data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
  16. data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
  17. data/lib/tcell_agent/logger.rb +49 -114
  18. data/lib/tcell_agent/patches.rb +6 -7
  19. data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
  20. data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
  21. data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
  22. data/lib/tcell_agent/policies/headers_policy.rb +25 -0
  23. data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
  24. data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
  25. data/lib/tcell_agent/policies/local_file_access.rb +28 -0
  26. data/lib/tcell_agent/policies/login_policy.rb +43 -0
  27. data/lib/tcell_agent/policies/patches_policy.rb +27 -0
  28. data/lib/tcell_agent/policies/policies_manager.rb +68 -0
  29. data/lib/tcell_agent/policies/policy_polling.rb +58 -0
  30. data/lib/tcell_agent/policies/policy_types.rb +14 -0
  31. data/lib/tcell_agent/policies/system_enablements.rb +27 -0
  32. data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
  33. data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
  34. data/lib/tcell_agent/rails/auth/devise.rb +100 -105
  35. data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
  36. data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
  37. data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
  38. data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
  39. data/lib/tcell_agent/rails/dlp.rb +35 -23
  40. data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
  41. data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
  42. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
  43. data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
  44. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  45. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
  46. data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
  47. data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
  48. data/lib/tcell_agent/rails/routes.rb +10 -12
  49. data/lib/tcell_agent/rails/routes/grape.rb +4 -14
  50. data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
  51. data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
  52. data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
  53. data/lib/tcell_agent/rust/agent_config.rb +60 -0
  54. data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
  55. data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
  56. data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
  57. data/lib/tcell_agent/rust/models.rb +6 -52
  58. data/lib/tcell_agent/rust/native_agent.rb +549 -0
  59. data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
  60. data/lib/tcell_agent/rust/native_library.rb +69 -0
  61. data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
  62. data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
  63. data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
  64. data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
  65. data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
  66. data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
  67. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
  68. data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
  69. data/lib/tcell_agent/servers/passenger.rb +1 -28
  70. data/lib/tcell_agent/servers/puma.rb +3 -21
  71. data/lib/tcell_agent/servers/rails_server.rb +1 -2
  72. data/lib/tcell_agent/servers/thin.rb +2 -2
  73. data/lib/tcell_agent/servers/unicorn.rb +19 -80
  74. data/lib/tcell_agent/servers/webrick.rb +1 -2
  75. data/lib/tcell_agent/settings_reporter.rb +11 -90
  76. data/lib/tcell_agent/sinatra.rb +14 -16
  77. data/lib/tcell_agent/tcell_context.rb +40 -14
  78. data/lib/tcell_agent/utils/headers.rb +14 -0
  79. data/lib/tcell_agent/version.rb +1 -1
  80. data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
  81. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
  82. data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
  83. data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
  84. data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
  85. data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
  86. data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
  87. data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
  88. data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
  89. data/spec/lib/tcell_agent/patches_spec.rb +25 -43
  90. data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
  91. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
  92. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
  93. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
  94. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
  95. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
  96. data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
  97. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
  98. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
  99. data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
  100. data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
  101. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
  102. data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
  103. data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
  104. data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
  105. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
  106. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
  107. data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
  108. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
  109. data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
  110. data/spec/spec_helper.rb +1 -1
  111. data/spec/support/builders.rb +103 -0
  112. data/spec/support/force_logger_mocking.rb +38 -0
  113. data/spec/support/resources/lfi_sample_file.txt +2 -0
  114. data/spec/support/static_agent_overrides.rb +0 -15
  115. metadata +72 -83
  116. data/lib/tcell_agent/agent/event_processor.rb +0 -326
  117. data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
  118. data/lib/tcell_agent/agent/policy_manager.rb +0 -219
  119. data/lib/tcell_agent/agent/policy_types.rb +0 -30
  120. data/lib/tcell_agent/api.rb +0 -91
  121. data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
  122. data/lib/tcell_agent/authlogic.rb +0 -26
  123. data/lib/tcell_agent/config/child_process_events.rb +0 -8
  124. data/lib/tcell_agent/config/unknown_options.rb +0 -123
  125. data/lib/tcell_agent/devise.rb +0 -35
  126. data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
  127. data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
  128. data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
  129. data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
  130. data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
  131. data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
  132. data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
  133. data/lib/tcell_agent/policies/rust_policies.rb +0 -110
  134. data/lib/tcell_agent/rails/on_start.rb +0 -41
  135. data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
  136. data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
  137. data/lib/tcell_agent/rust/whisperer.rb +0 -308
  138. data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
  139. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
  140. data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
  141. data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
  142. data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
  143. data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
  144. data/lib/tcell_agent/sensor_events/patches.rb +0 -21
  145. data/lib/tcell_agent/start_background_thread.rb +0 -55
  146. data/lib/tcell_agent/system_info.rb +0 -11
  147. data/lib/tcell_agent/utils/io.rb +0 -38
  148. data/lib/tcell_agent/utils/passwords.rb +0 -28
  149. data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
  150. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
  151. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
  152. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
  153. data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
  154. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
  155. data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
  156. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
  157. data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
  158. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
  159. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
  160. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
  161. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
  162. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
  163. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
  164. data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
  165. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
  166. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
  167. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
  168. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
  169. data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -0,0 +1,264 @@
1
+ # rubocop:disable Security/Open
2
+ # rubocop:disable Lint/UselessAssignment
3
+ require 'spec_helper'
4
+ require 'securerandom'
5
+ require 'pathname'
6
+
7
+ describe 'Kernel' do
8
+ before do
9
+ native_agent = double('native_agent')
10
+ @local_files_policy = TCellAgent::Policies::LocalFileInclusion.new(
11
+ native_agent, {}
12
+ )
13
+ @filename = get_test_resource_path('lfi_sample_file.txt')
14
+ @file_contents = "This is line one.\nThis is line two.\n"
15
+ end
16
+
17
+ before(:all) do
18
+ @new_file_name = '/tmp/' + SecureRandom.uuid
19
+ @new_pathname = Pathname.new(@new_file_name)
20
+ end
21
+ describe '#open and ::open' do
22
+ context 'empty path' do
23
+ it 'should raise an error' do
24
+ expect do
25
+ Kernel.open
26
+ end.to raise_error(ArgumentError)
27
+ expect do
28
+ Kernel.open(nil)
29
+ end.to raise_error(TypeError)
30
+ expect do
31
+ Kernel.open('')
32
+ end.to raise_error(Errno::ENOENT)
33
+ expect do
34
+ open
35
+ end.to raise_error(ArgumentError)
36
+ expect do
37
+ open(nil)
38
+ end.to raise_error(TypeError)
39
+ expect do
40
+ open('')
41
+ end.to raise_error(Errno::ENOENT)
42
+ end
43
+ end
44
+ context 'with a non-existent file, with filename not blocked for read/write' do
45
+ before do |test|
46
+ unless test.metadata[:skip_before]
47
+ expect(TCellAgent).to receive(:policy).with(
48
+ TCellAgent::PolicyTypes::LFI
49
+ ).and_return(@local_files_policy, @local_files_policy)
50
+ expect(@local_files_policy).to receive(:block_file_access?).and_return(false, false)
51
+ expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
52
+ end
53
+ end
54
+
55
+ it 'should still be able to execute OS commands', :skip_before do
56
+ result = Kernel.open('|echo test').read
57
+ expect(result).to eq "test\n"
58
+
59
+ result = open('|echo test').read
60
+ expect(result).to eq "test\n"
61
+ end
62
+ context 'with a pathname filename with mode w' do
63
+ it 'should create the file' do
64
+ Kernel.open(@new_pathname, 'w')
65
+ expect(File.exist?(@new_pathname)).to be_truthy
66
+ File.delete(@new_pathname)
67
+
68
+ open(@new_pathname, 'w')
69
+ expect(File.exist?(@new_pathname)).to be_truthy
70
+ File.delete(@new_pathname)
71
+ end
72
+ end
73
+ context 'with a filename with mode w' do
74
+ it 'should create the file' do
75
+ Kernel.open(@new_file_name, 'w')
76
+ expect(File.exist?(@new_file_name)).to be_truthy
77
+ File.delete(@new_file_name)
78
+
79
+ open(@new_file_name, 'w')
80
+ expect(File.exist?(@new_file_name)).to be_truthy
81
+ File.delete(@new_file_name)
82
+ end
83
+ end
84
+ context 'with a filename and mode w and file permissions 644' do
85
+ it 'should create the file with the correct permissions' do
86
+ Kernel.open(@new_file_name, 'w', 0o644)
87
+ expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
88
+ File.delete(@new_file_name)
89
+
90
+ open(@new_file_name, 'w', 0o644)
91
+ expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
92
+ File.delete(@new_file_name)
93
+ end
94
+ end
95
+ context 'with a filename and mode w and file permissions 777' do
96
+ it 'should create the file with the correct permissions 755' do
97
+ Kernel.open(@new_file_name, 'w', 0o777)
98
+ expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
99
+ File.delete(@new_file_name)
100
+
101
+ open(@new_file_name, 'w', 0o777)
102
+ expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
103
+ File.delete(@new_file_name)
104
+ end
105
+ end
106
+ end
107
+ context 'with a non-existent file, with filename blocked for read/write' do
108
+ before do |test|
109
+ unless test.metadata[:skip_before]
110
+ expect(TCellAgent).to receive(:policy).with(
111
+ TCellAgent::PolicyTypes::LFI
112
+ ).and_return(@local_files_policy, @local_files_policy)
113
+ expect(@local_files_policy).to receive(:block_file_access?).and_return(true, true)
114
+ expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
115
+ end
116
+ end
117
+
118
+ it 'should still be able to execute OS commands', :skip_before do
119
+ result = Kernel.open('|echo test').read
120
+ expect(result).to eq "test\n"
121
+
122
+ result = open('|echo test').read
123
+ expect(result).to eq "test\n"
124
+ end
125
+ context 'with a filename with mode w' do
126
+ it 'should raise an error' do
127
+ expect do
128
+ Kernel.open(@new_file_name, 'w')
129
+ end.to raise_error(IOError)
130
+
131
+ expect do
132
+ open(@new_file_name, 'w')
133
+ end.to raise_error(IOError)
134
+ end
135
+ end
136
+ context 'with a filename and mode w' do
137
+ it 'should raise an error' do
138
+ expect do
139
+ Kernel.open(@new_file_name, 'w')
140
+ end.to raise_error(IOError)
141
+
142
+ expect do
143
+ open(@new_file_name, 'w')
144
+ end.to raise_error(IOError)
145
+ end
146
+ end
147
+ context 'with a filename and mode a' do
148
+ it 'should raise an error' do
149
+ expect do
150
+ Kernel.open(@new_file_name, 'a')
151
+ end.to raise_error(IOError)
152
+
153
+ expect do
154
+ open(@new_file_name, 'a')
155
+ end.to raise_error(IOError)
156
+ end
157
+ end
158
+ end
159
+ end
160
+
161
+ describe '::gets and #gets' do
162
+ context 'with a filename not blocked for read/write' do
163
+ it 'should still be able to read the file' do
164
+ expect(TCellAgent).to receive(:policy).with(
165
+ TCellAgent::PolicyTypes::LFI
166
+ ).and_return(@local_files_policy, @local_files_policy, @local_files_policy, @local_files_policy)
167
+ expect(@local_files_policy).to receive(:block_file_access?).and_return(false, false, false, false)
168
+
169
+ copy = Array.new(ARGV)
170
+ ARGV.clear
171
+ ARGV << @filename
172
+ result = gets
173
+ result << gets
174
+ ARGV.replace(copy)
175
+ expect(result).to eq @file_contents
176
+
177
+ copy = Array.new(ARGV)
178
+ ARGV.clear
179
+ ARGV << @filename
180
+ result = Kernel.gets
181
+ result << Kernel.gets
182
+ ARGV.replace(copy)
183
+ expect(result).to eq @file_contents
184
+ end
185
+ end
186
+ context 'with a filename blocked for read/write' do
187
+ it 'should not be able to read the file' do
188
+ expect(TCellAgent).to receive(:policy).with(
189
+ TCellAgent::PolicyTypes::LFI
190
+ ).and_return(@local_files_policy, @local_files_policy)
191
+ expect(@local_files_policy).to receive(:block_file_access?).and_return(true, true)
192
+
193
+ copy = Array.new(ARGV)
194
+ ARGV.clear
195
+ ARGV << @filename
196
+ expect do
197
+ result = gets
198
+ end.to raise_error(IOError)
199
+ ARGV.replace(copy)
200
+
201
+ copy = Array.new(ARGV)
202
+ ARGV.clear
203
+ ARGV << @filename
204
+ expect do
205
+ result = Kernel.gets
206
+ end.to raise_error(IOError)
207
+ ARGV.replace(copy)
208
+ end
209
+ end
210
+ end
211
+
212
+ describe '::readline and #readline' do
213
+ context 'with a filename not blocked for read/write' do
214
+ it 'should be able to read the file' do
215
+ expect(TCellAgent).to receive(:policy).with(
216
+ TCellAgent::PolicyTypes::LFI
217
+ ).and_return(@local_files_policy, @local_files_policy, @local_files_policy, @local_files_policy)
218
+ expect(@local_files_policy).to receive(:block_file_access?).and_return(false, false, false, false)
219
+
220
+ copy = Array.new(ARGV)
221
+ ARGV.clear
222
+ ARGV << @filename
223
+ result = readline
224
+ result << readline
225
+ ARGV.replace(copy)
226
+ expect(result).to eq @file_contents
227
+
228
+ result = ''
229
+ copy = Array.new(ARGV)
230
+ ARGV.clear
231
+ ARGV << @filename
232
+ result = Kernel.readline
233
+ result << Kernel.readline
234
+ ARGV.replace(copy)
235
+ expect(result).to eq @file_contents
236
+ end
237
+ end
238
+ context 'with a filename blocked for read' do
239
+ it 'should not be able to read the file' do
240
+ expect(TCellAgent).to receive(:policy).with(
241
+ TCellAgent::PolicyTypes::LFI
242
+ ).and_return(@local_files_policy, @local_files_policy)
243
+ expect(@local_files_policy).to receive(:block_file_access?).and_return(true, true)
244
+
245
+ expect do
246
+ copy = Array.new(ARGV)
247
+ ARGV.clear
248
+ ARGV << @filename
249
+ Kernel.readline
250
+ ARGV.replace(copy)
251
+ end.to raise_error(IOError)
252
+ expect do
253
+ copy = Array.new(ARGV)
254
+ ARGV.clear
255
+ ARGV << @filename
256
+ Kernel.readline
257
+ ARGV.replace(copy)
258
+ end.to raise_error(IOError)
259
+ end
260
+ end
261
+ end
262
+ end
263
+ # rubocop:enable Security/Open
264
+ # rubocop:enable Lint/UselessAssignment
@@ -0,0 +1,150 @@
1
+ require 'spec_helper'
2
+
3
+ module TCellAgent
4
+ module Instrumentation
5
+ module Lfi
6
+ describe '.extract_path_mode' do
7
+ context 'with path' do
8
+ it 'should extract the path correctly' do
9
+ args = '/path-to-file'
10
+ path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(args)
11
+ expect(path).to eq(File.expand_path('/path-to-file'))
12
+ end
13
+ it 'should default to read mode' do
14
+ args = '/path-to-file'
15
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(args)
16
+ expect(mode).to eq('Read')
17
+ end
18
+ it 'should not expand paths starting with |' do
19
+ args = '|cat /etc/passwd'
20
+ path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(args)
21
+ expect(path).to eq('')
22
+ expect(mode).to eq('')
23
+ end
24
+ it 'should not expand paths starting with |-' do
25
+ args = '|-'
26
+ path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(args)
27
+ expect(path).to eq('')
28
+ expect(mode).to eq('')
29
+ end
30
+ end
31
+ context 'with path and mode' do
32
+ context 'with a valid mode' do
33
+ it 'should return Read for mode r' do
34
+ args = '/path-to-file', 'r'
35
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
36
+ expect(mode).to eq('Read')
37
+
38
+ args = '/path-to-file', { :mode => 'r' }
39
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
40
+ expect(mode).to eq('Read')
41
+ end
42
+ it 'should return Write for mode w' do
43
+ args = '/path-to-file', 'w'
44
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
45
+ expect(mode).to eq('Write')
46
+
47
+ args = '/path-to-file', { :mode => 'w' }
48
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
49
+ expect(mode).to eq('Write')
50
+ end
51
+ it 'should return Write for mode a' do
52
+ args = '/path-to-file', 'a'
53
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
54
+ expect(mode).to eq('Write')
55
+
56
+ args = '/path-to-file', { :mode => 'a' }
57
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
58
+ expect(mode).to eq('Write')
59
+ end
60
+ it 'should return ReadWrite for mode r+' do
61
+ args = '/path-to-file', 'r+'
62
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
63
+ expect(mode).to eq('ReadWrite')
64
+
65
+ args = '/path-to-file', { :mode => 'r+' }
66
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
67
+ expect(mode).to eq('ReadWrite')
68
+ end
69
+ it 'should return ReadWrite for mode w+' do
70
+ args = '/path-to-file', 'w+'
71
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
72
+ expect(mode).to eq('ReadWrite')
73
+
74
+ args = '/path-to-file', { :mode => 'w+' }
75
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
76
+ expect(mode).to eq('ReadWrite')
77
+ end
78
+ it 'should return ReadWrite for mode a+' do
79
+ args = '/path-to-file', 'a+'
80
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
81
+ expect(mode).to eq('ReadWrite')
82
+
83
+ args = '/path-to-file', { :mode => 'a+' }
84
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
85
+ expect(mode).to eq('ReadWrite')
86
+ end
87
+ it 'should return Read for mode ::File::RDONLY (0)' do
88
+ args = '/path-to-file', ::File::RDONLY
89
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
90
+ expect(mode).to eq('Read')
91
+
92
+ args = '/path-to-file', { :mode => ::File::RDONLY }
93
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
94
+ expect(mode).to eq('Read')
95
+ end
96
+ it 'should return Write for mode ::File::WRONLY (1)' do
97
+ args = '/path-to-file', ::File::WRONLY
98
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
99
+ expect(mode).to eq('Write')
100
+
101
+ args = '/path-to-file', { :mode => ::File::WRONLY }
102
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
103
+ expect(mode).to eq('Write')
104
+ end
105
+ it 'should return ReadWrite for mode ::File::RDWR (2)' do
106
+ args = '/path-to-file', ::File::RDWR
107
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
108
+ expect(mode).to eq('ReadWrite')
109
+
110
+ args = '/path-to-file', { :mode => ::File::RDWR }
111
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
112
+ expect(mode).to eq('ReadWrite')
113
+ end
114
+ it 'should return Write for mode ::File::CREAT | ::File::EXCL | ::File::WRONLY (2561)' do
115
+ args = '/path-to-file', ::File::CREAT | ::File::EXCL | ::File::WRONLY
116
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
117
+ expect(mode).to eq('Write')
118
+
119
+ args = '/path-to-file', { :mode => ::File::CREAT | ::File::EXCL | ::File::WRONLY }
120
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
121
+ expect(mode).to eq('Write')
122
+ end
123
+ end
124
+ context 'with an invalid mode' do
125
+ it 'should return Read when mode is a random string' do
126
+ args = '/path-to-file', 'mode'
127
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
128
+ expect(mode).to eq('Read')
129
+ end
130
+ it 'should return Read when mode is an empty hash' do
131
+ args = '/path-to-file', {}
132
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
133
+ expect(mode).to eq('Read')
134
+ end
135
+ it 'should return Read when mode is a hash without a :mode key' do
136
+ args = '/path-to-file', { :placeholder => 'testing' }
137
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
138
+ expect(mode).to eq('Read')
139
+ end
140
+ it 'should return Read when mode is an array' do
141
+ args = '/path-to-file', []
142
+ _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
143
+ expect(mode).to eq('Read')
144
+ end
145
+ end
146
+ end
147
+ end
148
+ end
149
+ end
150
+ end
@@ -4,19 +4,11 @@ module TCellAgent
4
4
  module Instrumentation
5
5
  describe '.block?' do
6
6
  before(:each) do
7
- configuration = double(
8
- 'configuration',
9
- {
10
- 'app_id' => 'app_id',
11
- 'api_key' => 'api_key',
12
- 'allow_payloads' => true,
13
- 'js_agent_api_base_url' => 'http://api.tcell.com/',
14
- 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
15
- 'max_csp_header_bytes' => nil
16
- }
7
+ native_agent = double('native_agent')
8
+ @patches_policy = TCellAgent::Policies::PatchesPolicy.new(
9
+ native_agent,
10
+ {}
17
11
  )
18
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
19
- @rust_policies = TCellAgent::Policies::RustPolicies.new
20
12
  end
21
13
 
22
14
  context 'with an unexpected error' do
@@ -24,24 +16,14 @@ module TCellAgent
24
16
  logger = double('logger')
25
17
  request = double('request')
26
18
  expect(TCellAgent).to receive(:policy).with(
27
- TCellAgent::PolicyTypes::RUST
19
+ TCellAgent::PolicyTypes::PATCHES
28
20
  ).and_raise(StandardError.new('UNEXPECTED'))
29
- expect(TCellAgent::MetaData).to_not receive(:from_request)
30
- expect(TCellAgent).to receive(:logger).and_return(logger).twice
31
- expect(logger).to receive(:debug).with(
32
- 'Exception in safe_block Checking patches blocking: StandardError happened, message is UNEXPECTED'
21
+ expect(TCellAgent::MetaData).to_not receive(:for_patches)
22
+ expect(TCellAgent::Instrumentation).to receive(:get_safe_block_logger).and_return(logger)
23
+ expect(logger).to receive(:error).with(
24
+ 'Error Checking patches blocking (StandardError): UNEXPECTED'
33
25
  )
34
- expect(logger).to receive(:debug) # exception stack trace
35
-
36
- expect(Patches.block?(request)).to eq(false)
37
- end
38
- end
39
-
40
- context 'with an empty patches policy' do
41
- it 'should return false' do
42
- request = double('request')
43
- expect(TCellAgent).to receive(:policy).and_return(nil)
44
- expect(TCellAgent::MetaData).to_not receive(:from_request)
26
+ expect(logger).to receive(:exception) # exception stack trace
45
27
 
46
28
  expect(Patches.block?(request)).to eq(false)
47
29
  end
@@ -50,10 +32,10 @@ module TCellAgent
50
32
  context 'with a disabled patches policy' do
51
33
  it 'should return false' do
52
34
  request = double('request')
53
- expect(@rust_policies.patches_enabled).to eq(false)
35
+ expect(@patches_policy.enabled).to eq(false)
54
36
 
55
- expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
56
- expect(TCellAgent::MetaData).to_not receive(:from_request)
37
+ expect(TCellAgent).to receive(:policy).and_return(@patches_policy)
38
+ expect(TCellAgent::MetaData).to_not receive(:for_patches)
57
39
 
58
40
  expect(Patches.block?(request)).to eq(false)
59
41
  end
@@ -65,15 +47,15 @@ module TCellAgent
65
47
  meta_data = double('meta_data')
66
48
  tcell_context = TCellAgent::Instrumentation::TCellData.new
67
49
 
68
- expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
69
- expect(@rust_policies).to receive(:patches_enabled).and_return(true)
70
- expect(@rust_policies).to receive(:block_request?).and_return(false)
50
+ expect(TCellAgent).to receive(:policy).and_return(@patches_policy)
51
+ expect(@patches_policy).to receive(:enabled).and_return(true)
52
+ expect(@patches_policy).to receive(:block_request?).and_return(false)
71
53
  expect(request).to receive(:env).and_return(
72
54
  {
73
55
  TCellAgent::Instrumentation::TCELL_ID => tcell_context
74
56
  }
75
57
  )
76
- expect(TCellAgent::MetaData).to receive(:from_request).and_return(
58
+ expect(TCellAgent::MetaData).to receive(:for_patches).and_return(
77
59
  meta_data
78
60
  )
79
61
 
@@ -89,10 +71,10 @@ module TCellAgent
89
71
  tcell_context = TCellAgent::Instrumentation::TCellData.new
90
72
  expect(tcell_context.patches_blocking_triggered).to eq(false)
91
73
 
92
- expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
93
- expect(@rust_policies).to receive(:patches_enabled).and_return(true)
94
- expect(@rust_policies).to receive(:block_request?).and_return(true)
95
- expect(TCellAgent::MetaData).to receive(:from_request).and_return(
74
+ expect(TCellAgent).to receive(:policy).and_return(@patches_policy)
75
+ expect(@patches_policy).to receive(:enabled).and_return(true)
76
+ expect(@patches_policy).to receive(:block_request?).and_return(true)
77
+ expect(TCellAgent::MetaData).to receive(:for_patches).and_return(
96
78
  meta_data
97
79
  )
98
80
  expect(request).to receive(:env).and_return({ TCellAgent::Instrumentation::TCELL_ID => tcell_context })
@@ -119,10 +101,10 @@ module TCellAgent
119
101
 
120
102
  expect(tcell_context.patches_blocking_triggered).to eq(false)
121
103
 
122
- expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
123
- expect(@rust_policies).to receive(:patches_enabled).and_return(true)
124
- expect(@rust_policies).to receive(:block_request?).and_return(true)
125
- expect(TCellAgent::MetaData).to receive(:from_request).and_return(
104
+ expect(TCellAgent).to receive(:policy).and_return(@patches_policy)
105
+ expect(@patches_policy).to receive(:enabled).and_return(true)
106
+ expect(@patches_policy).to receive(:block_request?).and_return(true)
107
+ expect(TCellAgent::MetaData).to receive(:for_patches).and_return(
126
108
  meta_data
127
109
  )
128
110
  expect(request).to receive(:env).and_return({ TCellAgent::Instrumentation::TCELL_ID => tcell_context })