tcell_agent 1.1.12 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (169) hide show
  1. checksums.yaml +5 -5
  2. data/bin/tcell_agent +45 -137
  3. data/lib/tcell_agent.rb +12 -14
  4. data/lib/tcell_agent/agent.rb +108 -97
  5. data/lib/tcell_agent/agent/route_manager.rb +0 -16
  6. data/lib/tcell_agent/agent/static_agent.rb +9 -30
  7. data/lib/tcell_agent/config_initializer.rb +66 -0
  8. data/lib/tcell_agent/configuration.rb +69 -345
  9. data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
  10. data/lib/tcell_agent/instrument_servers.rb +23 -0
  11. data/lib/tcell_agent/instrumentation.rb +12 -10
  12. data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
  13. data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
  14. data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
  15. data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
  16. data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
  17. data/lib/tcell_agent/logger.rb +49 -114
  18. data/lib/tcell_agent/patches.rb +6 -7
  19. data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
  20. data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
  21. data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
  22. data/lib/tcell_agent/policies/headers_policy.rb +25 -0
  23. data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
  24. data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
  25. data/lib/tcell_agent/policies/local_file_access.rb +28 -0
  26. data/lib/tcell_agent/policies/login_policy.rb +43 -0
  27. data/lib/tcell_agent/policies/patches_policy.rb +27 -0
  28. data/lib/tcell_agent/policies/policies_manager.rb +68 -0
  29. data/lib/tcell_agent/policies/policy_polling.rb +58 -0
  30. data/lib/tcell_agent/policies/policy_types.rb +14 -0
  31. data/lib/tcell_agent/policies/system_enablements.rb +27 -0
  32. data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
  33. data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
  34. data/lib/tcell_agent/rails/auth/devise.rb +100 -105
  35. data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
  36. data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
  37. data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
  38. data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
  39. data/lib/tcell_agent/rails/dlp.rb +35 -23
  40. data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
  41. data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
  42. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
  43. data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
  44. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  45. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
  46. data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
  47. data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
  48. data/lib/tcell_agent/rails/routes.rb +10 -12
  49. data/lib/tcell_agent/rails/routes/grape.rb +4 -14
  50. data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
  51. data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
  52. data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
  53. data/lib/tcell_agent/rust/agent_config.rb +60 -0
  54. data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
  55. data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
  56. data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
  57. data/lib/tcell_agent/rust/models.rb +6 -52
  58. data/lib/tcell_agent/rust/native_agent.rb +549 -0
  59. data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
  60. data/lib/tcell_agent/rust/native_library.rb +69 -0
  61. data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
  62. data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
  63. data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
  64. data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
  65. data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
  66. data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
  67. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
  68. data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
  69. data/lib/tcell_agent/servers/passenger.rb +1 -28
  70. data/lib/tcell_agent/servers/puma.rb +3 -21
  71. data/lib/tcell_agent/servers/rails_server.rb +1 -2
  72. data/lib/tcell_agent/servers/thin.rb +2 -2
  73. data/lib/tcell_agent/servers/unicorn.rb +19 -80
  74. data/lib/tcell_agent/servers/webrick.rb +1 -2
  75. data/lib/tcell_agent/settings_reporter.rb +11 -90
  76. data/lib/tcell_agent/sinatra.rb +14 -16
  77. data/lib/tcell_agent/tcell_context.rb +40 -14
  78. data/lib/tcell_agent/utils/headers.rb +14 -0
  79. data/lib/tcell_agent/version.rb +1 -1
  80. data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
  81. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
  82. data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
  83. data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
  84. data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
  85. data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
  86. data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
  87. data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
  88. data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
  89. data/spec/lib/tcell_agent/patches_spec.rb +25 -43
  90. data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
  91. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
  92. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
  93. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
  94. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
  95. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
  96. data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
  97. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
  98. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
  99. data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
  100. data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
  101. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
  102. data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
  103. data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
  104. data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
  105. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
  106. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
  107. data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
  108. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
  109. data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
  110. data/spec/spec_helper.rb +1 -1
  111. data/spec/support/builders.rb +103 -0
  112. data/spec/support/force_logger_mocking.rb +38 -0
  113. data/spec/support/resources/lfi_sample_file.txt +2 -0
  114. data/spec/support/static_agent_overrides.rb +0 -15
  115. metadata +72 -83
  116. data/lib/tcell_agent/agent/event_processor.rb +0 -326
  117. data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
  118. data/lib/tcell_agent/agent/policy_manager.rb +0 -219
  119. data/lib/tcell_agent/agent/policy_types.rb +0 -30
  120. data/lib/tcell_agent/api.rb +0 -91
  121. data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
  122. data/lib/tcell_agent/authlogic.rb +0 -26
  123. data/lib/tcell_agent/config/child_process_events.rb +0 -8
  124. data/lib/tcell_agent/config/unknown_options.rb +0 -123
  125. data/lib/tcell_agent/devise.rb +0 -35
  126. data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
  127. data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
  128. data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
  129. data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
  130. data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
  131. data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
  132. data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
  133. data/lib/tcell_agent/policies/rust_policies.rb +0 -110
  134. data/lib/tcell_agent/rails/on_start.rb +0 -41
  135. data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
  136. data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
  137. data/lib/tcell_agent/rust/whisperer.rb +0 -308
  138. data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
  139. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
  140. data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
  141. data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
  142. data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
  143. data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
  144. data/lib/tcell_agent/sensor_events/patches.rb +0 -21
  145. data/lib/tcell_agent/start_background_thread.rb +0 -55
  146. data/lib/tcell_agent/system_info.rb +0 -11
  147. data/lib/tcell_agent/utils/io.rb +0 -38
  148. data/lib/tcell_agent/utils/passwords.rb +0 -28
  149. data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
  150. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
  151. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
  152. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
  153. data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
  154. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
  155. data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
  156. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
  157. data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
  158. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
  159. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
  160. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
  161. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
  162. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
  163. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
  164. data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
  165. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
  166. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
  167. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
  168. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
  169. data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb ADDED
@@ -0,0 +1,161 @@
1
+
2
+ require 'spec_helper'
3
+
4
+ module TCellAgent
5
+ module Policies
6
+ describe HeadersPolicy do
7
+ describe '#initialize' do
8
+ context 'empty enablements' do
9
+ it 'should disable the policy' do
10
+ native_agent = double('native_agent')
11
+ policy = HeadersPolicy.new(native_agent, {})
12
+ expect(policy.enabled).to eq(false)
13
+ end
14
+ end
15
+ end
16
+
17
+ describe '#get_headers' do
18
+ context 'with disabled policy' do
19
+ it 'should not call the native library' do
20
+ native_agent = double('native_agent')
21
+ policy = HeadersPolicy.new(native_agent, {})
22
+
23
+ expect(native_agent).to_not receive(:get_headers)
24
+
25
+ tcell_context = double('tcell_context')
26
+ policy.get_headers(tcell_context)
27
+ end
28
+ end
29
+
30
+ context 'with enabled policy' do
31
+ before(:each) do
32
+ configuration = TCellAgent::Tests::ConfigurationBuilder.new.update_attribute(
33
+ 'max_csp_header_bytes', 105
34
+ ).build
35
+ @native_agent = TCellAgent::Rust::NativeAgent.create_agent(
36
+ configuration
37
+ )
38
+ @tcell_context = TCellAgent::Tests::TCellContextBuilder.new.update_attribute(
39
+ 'session_id', 'session-id'
40
+ ).update_attribute(
41
+ 'route_id', 'route-id'
42
+ ).build
43
+ end
44
+
45
+ after(:each) do
46
+ TCellAgent::Rust::NativeAgent.free_agent(@native_agent.agent_ptr)
47
+ end
48
+
49
+ it 'should return csp header' do
50
+ enablements = @native_agent.update_policies(
51
+ {
52
+ 'csp-headers' => {
53
+ 'version' => 1,
54
+ 'policy_id' => 'xyzd',
55
+ 'headers' => [
56
+ { 'name' => 'Content-Security-Policy',
57
+ 'value' => 'test321' }
58
+ ]
59
+ }
60
+ }
61
+ )['enablements']
62
+ expect(enablements['headers']).to eq(true)
63
+
64
+ @policy = HeadersPolicy.new(@native_agent, enablements)
65
+ expect(@policy.enabled).to eq(true)
66
+
67
+ expect(
68
+ @policy.get_headers(@tcell_context)
69
+ ).to eq(
70
+ [{ 'name' => 'Content-Security-Policy', 'value' => 'test321' }]
71
+ )
72
+ end
73
+
74
+ context 'header with report uri' do
75
+ it 'should return csp header' do
76
+ enablements = @native_agent.update_policies(
77
+ {
78
+ 'csp-headers' => {
79
+ 'version' => 1,
80
+ 'policy_id' => 'xyzd',
81
+ 'headers' => [
82
+ { 'name' => 'Content-Security-Policy',
83
+ 'value' => 'normalvalue',
84
+ 'report_uri' => 'https://www.example.com/xys' }
85
+ ]
86
+ }
87
+ }
88
+ )['enablements']
89
+ expect(enablements['headers']).to eq(true)
90
+
91
+ @policy = HeadersPolicy.new(@native_agent, enablements)
92
+ expect(@policy.enabled).to eq(true)
93
+
94
+ expect(
95
+ @policy.get_headers(@tcell_context)
96
+ ).to eq(
97
+ [{ 'name' => 'Content-Security-Policy',
98
+ 'value' => 'normalvalue; report-uri https://www.example.com/xys?sid=ab7074d0bf86c2884766d88b6ad9de4a&rid=route-id' }]
99
+ )
100
+ end
101
+ end
102
+
103
+ context 'header equal to max csp header bytes' do
104
+ it 'should return csp header' do
105
+ enablements = @native_agent.update_policies(
106
+ {
107
+ 'csp-headers' => {
108
+ 'version' => 1,
109
+ 'policy_id' => 'xyzd',
110
+ 'headers' => [
111
+ { 'name' => 'Content-Security-Policy',
112
+ 'value' => 'normalvalue',
113
+ 'report_uri' => 'https://www.example.com/1234567' }
114
+ ]
115
+ }
116
+ }
117
+ )['enablements']
118
+ expect(enablements['headers']).to eq(true)
119
+
120
+ @policy = HeadersPolicy.new(@native_agent, enablements)
121
+ expect(@policy.enabled).to eq(true)
122
+
123
+ expect(
124
+ @policy.get_headers(@tcell_context)
125
+ ).to eq(
126
+ [{ 'name' => 'Content-Security-Policy',
127
+ 'value' => 'normalvalue; report-uri https://www.example.com/1234567?sid=ab7074d0bf86c2884766d88b6ad9de4a&rid=route-id' }]
128
+ )
129
+ end
130
+ end
131
+
132
+ context 'header exceeding to max csp header bytes' do
133
+ it 'should not return csp header' do
134
+ enablements = @native_agent.update_policies(
135
+ {
136
+ 'csp-headers' => {
137
+ 'version' => 1,
138
+ 'policy_id' => 'xyzd',
139
+ 'headers' => [
140
+ { 'name' => 'Content-Security-Policy',
141
+ 'value' => 'normalvalue',
142
+ 'report_uri' => 'https://www.example.com/12345678' }
143
+ ]
144
+ }
145
+ }
146
+ )['enablements']
147
+ expect(enablements['headers']).to eq(true)
148
+
149
+ @policy = HeadersPolicy.new(@native_agent, enablements)
150
+ expect(@policy.enabled).to eq(true)
151
+
152
+ expect(
153
+ @policy.get_headers(@tcell_context)
154
+ ).to eq([])
155
+ end
156
+ end
157
+ end
158
+ end
159
+ end
160
+ end
161
+ end
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb CHANGED
@@ -10,7 +10,7 @@ module TCellAgent
10
10
  'session_id_protections' => { 'body' => ['redact'], 'log' => ['event'] }
11
11
  }
12
12
  }
13
- policy_two = DataLossPolicy.from_json(policy_json_two)
13
+ policy_two = DataLossPolicy.new(policy_json_two)
14
14
  context 'check session_id_protections' do
15
15
  it 'gives the right actions' do
16
16
  expect(policy_two.get_actions_for_session_id.body_redact).to eq(true)
@@ -37,7 +37,7 @@ module TCellAgent
37
37
  ]
38
38
  }
39
39
  }
40
- db_one_policy = DataLossPolicy.from_json(policy_json_requests)
40
+ db_one_policy = DataLossPolicy.new(policy_json_requests)
41
41
  expect(db_one_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred')).to eq(nil)
42
42
  end
43
43
  it 'Partial Policy' do
@@ -56,7 +56,7 @@ module TCellAgent
56
56
  ]
57
57
  }
58
58
  }
59
- db_one_policy = DataLossPolicy.from_json(policy_json_requests)
59
+ db_one_policy = DataLossPolicy.new(policy_json_requests)
60
60
  expect(db_one_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred').to_a[0].log_redact).to eq(true)
61
61
  expect(db_one_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred', 'abcd').to_a[0].log_redact).to eq(true)
62
62
  end
@@ -80,7 +80,7 @@ module TCellAgent
80
80
  ]
81
81
  }
82
82
  }
83
- db_two_policy = DataLossPolicy.from_json(policy_json_request_ids)
83
+ db_two_policy = DataLossPolicy.new(policy_json_request_ids)
84
84
  expect(db_two_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred').to_a.size).to eq(0)
85
85
  expect(db_two_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred', 'other_route').to_a.size).to eq(0)
86
86
  expect(db_two_policy.get_actions_for_table('dave', 'sam', 'tommy', 'fred', 'abcd').to_a.size).to eq(1)
@@ -107,7 +107,7 @@ module TCellAgent
107
107
  ]
108
108
  }
109
109
  }
110
- policy_three = DataLossPolicy.from_json(policy_json_requests)
110
+ policy_three = DataLossPolicy.new(policy_json_requests)
111
111
  expect(policy_three.get_actions_for_request('form', 'test123').to_a[0].body_event).to eq(true)
112
112
  expect(policy_three.get_actions_for_request('form', 'test123').to_a[0].log_event).to eq(nil)
113
113
  end
@@ -129,7 +129,7 @@ module TCellAgent
129
129
  ]
130
130
  }
131
131
  }
132
- policy_three = DataLossPolicy.from_json(policy_json_requests)
132
+ policy_three = DataLossPolicy.new(policy_json_requests)
133
133
  entry_wildcard_route = policy_three.get_actions_for_request('form', 'TeSt123')
134
134
  entry_given_route = policy_three.get_actions_for_request('form', 'TeSt123', 'routex')
135
135
  expect(entry_wildcard_route).to eq(nil)
@@ -156,7 +156,7 @@ module TCellAgent
156
156
  ]
157
157
  }
158
158
  }
159
- policy_three = DataLossPolicy.from_json(policy_json_requests)
159
+ policy_three = DataLossPolicy.new(policy_json_requests)
160
160
  entry_wildcard_route = policy_three.get_actions_for_request('cookie', 'test123')
161
161
  entry_given_route = policy_three.get_actions_for_request('cookie', 'test123', 'routex')
162
162
  expect(entry_wildcard_route).to eq(nil)
@@ -183,7 +183,7 @@ module TCellAgent
183
183
  ]
184
184
  }
185
185
  }
186
- policy_three = DataLossPolicy.from_json(policy_json_requests)
186
+ policy_three = DataLossPolicy.new(policy_json_requests)
187
187
  entry_wildcard_route = policy_three.get_actions_for_request('cookie', 'test123')
188
188
  entry_given_route = policy_three.get_actions_for_request('cookie', 'test123', 'routex')
189
189
  expect(entry_wildcard_route).to eq(nil)
@@ -208,7 +208,7 @@ module TCellAgent
208
208
  ]
209
209
  }
210
210
  }
211
- policy_three = DataLossPolicy.from_json(policy_json_requests)
211
+ policy_three = DataLossPolicy.new(policy_json_requests)
212
212
  entry_wildcard_route = policy_three.get_actions_for_request('header', 'TeSt123')
213
213
  entry_given_route = policy_three.get_actions_for_request('header', 'TeSt123', 'routex')
214
214
  expect(entry_wildcard_route).to eq(nil)
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb CHANGED
@@ -3,232 +3,277 @@ require 'spec_helper'
3
3
  module TCellAgent
4
4
  module Policies
5
5
  describe HttpRedirectPolicy do
6
- context 'with defaults' do
7
- it 'returns true' do
8
- http_redirect_plain = HttpRedirectPolicy.new
9
- expect(http_redirect_plain.policy_id).to eq(nil)
10
- expect(http_redirect_plain.enabled).to eq(false)
11
- expect(http_redirect_plain.block).to eq(false)
12
- expect(http_redirect_plain.whitelist).to eq([])
13
- expect(http_redirect_plain.data_scheme_allowed).to eq(false)
6
+ describe '#initialize' do
7
+ context 'empty enablements' do
8
+ it 'should disable the policy' do
9
+ native_agent = double('native_agent')
10
+ policy = HttpRedirectPolicy.new(native_agent, {})
11
+ expect(policy.enabled).to eq(false)
12
+ end
14
13
  end
15
14
  end
16
15
 
17
- describe '#suspicious_redirect?' do
18
- it "see's other domain" do
19
- http_redirect_policy = HttpRedirectPolicy.from_json({
20
- 'policy_id' => 'x1a1',
21
- 'data' => {
22
- 'enabled' => true
23
- }
24
- })
25
- expect(http_redirect_policy.policy_id).to eq('x1a1')
26
- expect(http_redirect_policy.enabled).to eq(true)
27
-
28
- expect(http_redirect_policy.suspicious_redirect?('test.google.com', 'www.test.com')).to eq(true)
29
- end
30
-
31
- context 'with wildcard domain' do
32
- it 'should be false' do
33
- http_redirect_policy = HttpRedirectPolicy.from_json({
34
- 'policy_id' => 'x1a1',
35
- 'data' => {
36
- 'enabled' => true,
37
- 'whitelist' => ['*.google.com']
38
- }
39
- })
16
+ describe '#check_redirect' do
17
+ context 'with disabled policy' do
18
+ it 'should not call the native library' do
19
+ native_agent = double('native_agent')
20
+ policy = HttpRedirectPolicy.new(native_agent, {})
40
21
 
41
- expect(http_redirect_policy.suspicious_redirect?('test.google.com', 'www.test.com')).to eq(false)
22
+ expect(native_agent).to_not receive(:check_http_redirect)
42
23
 
43
- expect(http_redirect_policy.suspicious_redirect?('test.google.net', 'www.test.com')).to eq(true)
24
+ tcell_context = double('tcell_context')
25
+ expect(
26
+ policy.check_redirect(
27
+ 'http://localhost:8011/abc/def',
28
+ 'localhost:8011',
29
+ 200,
30
+ tcell_context
31
+ )
32
+ ).to eq('http://localhost:8011/abc/def')
44
33
  end
45
34
  end
46
- end
47
35
 
48
- describe '#enforce' do
49
- context 'with a disabled policy' do
50
- it 'should not enfore the policy' do
51
- http_redirect_policy = HttpRedirectPolicy.from_json({
52
- 'policy_id' => 'x1a1',
53
- 'data' => {
54
- 'enabled' => false,
55
- 'block' => true,
56
- 'whitelist' => ['*.google.com']
57
- }
58
- })
59
-
60
- expect(http_redirect_policy.enforce(
61
- 'https://test.google.com', 'www.test.com', '/path/a', 'GET', 'routex', '1.1.1.1', 400
62
- )).to eq(nil)
36
+ context 'with native agent' do
37
+ before(:each) do
38
+ configuration = TCellAgent::Tests::ConfigurationBuilder.new.build
39
+ @native_agent = TCellAgent::Rust::NativeAgent.create_agent(
40
+ configuration
41
+ )
63
42
  end
64
- end
65
43
 
66
- context 'with an enabled policy' do
67
- context 'redirecting to non whitelisted domain' do
68
- it 'should block the redirect' do
69
- http_redirect_policy = HttpRedirectPolicy.from_json({
70
- 'policy_id' => 'x1a1',
71
- 'data' => {
72
- 'enabled' => true,
73
- 'block' => true,
74
- 'whitelist' => ['good.com']
75
- }
76
- })
77
-
78
- expect(http_redirect_policy.enforce(
79
- 'https://www.google.com/abc/def', 'localhost', '/path/a', 'GET', 'routey', '1.1.1.1', 400
80
- )).to eq('/')
81
- end
44
+ after(:each) do
45
+ TCellAgent::Rust::NativeAgent.free_agent(@native_agent.agent_ptr)
82
46
  end
83
47
 
84
- context 'with a wildcard whitelist' do
85
- it 'should not enfore allowed domains properly' do
86
- http_redirect_policy = HttpRedirectPolicy.from_json({
87
- 'policy_id' => 'x1a1',
88
- 'data' => {
89
- 'enabled' => true,
90
- 'block' => true,
91
- 'whitelist' => ['*.allowed*.com']
92
- }
93
- })
94
-
95
- expect(http_redirect_policy.enforce(
96
- 'https://allowed.com', 'localhost', '/path/a', 'GET', 'routey', '1.1.1.1', 400
97
- )).to eq(nil)
98
-
99
- expect(http_redirect_policy.enforce(
100
- 'https://www.alloweddomain.com', 'localhost', '/path/a', 'GET', 'routey', '1.1.1.1', 400
101
- )).to eq(nil)
48
+ context 'redirect to the same' do
49
+ it 'should not block the redirect' do
50
+ enablements = @native_agent.update_policies(
51
+ {
52
+ 'http-redirect' => {
53
+ 'version' => 1,
54
+ 'policy_id' => 'nyzd',
55
+ 'data' => {
56
+ 'enabled' => true,
57
+ 'whitelist' => ['whitelisted'],
58
+ 'block' => true
59
+ }
60
+ }
61
+ }
62
+ )['enablements']
63
+ expect(enablements['http_redirect']).to eq(true)
64
+
65
+ @policy = HttpRedirectPolicy.new(@native_agent, enablements)
66
+ expect(@policy.enabled).to eq(true)
67
+
68
+ tcell_context = TCellAgent::Tests::TCellContextBuilder.new.update_attribute(
69
+ 'path', '/etc/123'
70
+ ).update_attribute(
71
+ 'remote_address', '0.1.1.0'
72
+ ).update_attribute(
73
+ 'fullpath', '/etc/123'
74
+ ).build
75
+ check = @policy.check_redirect(
76
+ 'http://localhost:8011/abc/def',
77
+ 'localhost:8011',
78
+ 200,
79
+ tcell_context
80
+ )
81
+
82
+ expect(check).to eq('http://localhost:8011/abc/def')
102
83
  end
103
84
  end
104
- end
105
85
 
106
- context 'with ports' do
107
- it 'should remove ports in redirect event' do
108
- http_redirect_policy = HttpRedirectPolicy.from_json({
109
- 'policy_id' => 'x1a1',
110
- 'data' => {
111
- 'enabled' => true,
112
- 'block' => false
113
- }
114
- })
115
-
116
- expect(TCellAgent).to receive(:send_event).with({
117
- 'event_type' => 'redirect',
118
- 'method' => 'GET',
119
- 'from_domain' => 'www.test.com',
120
- 'status_code' => 400,
121
- 'remote_addr' => '1.1.1.1',
122
- 'to' => 'www.google.com',
123
- 'from' => '/path/a',
124
- 'rid' => 'routex'
125
- })
126
-
127
- result = http_redirect_policy.enforce(
128
- 'https://www.google.com:80', 'http://www.test.com', '/path/a', 'GET', 'routex', 400, '1.1.1.1'
129
- )
130
- expect(result).to eq(nil)
86
+ context 'asterisk in whitelisted domain' do
87
+ it 'should allow the redirect' do
88
+ enablements = @native_agent.update_policies(
89
+ {
90
+ 'http-redirect' => {
91
+ 'version' => 1,
92
+ 'policy_id' => 'nyzd',
93
+ 'data' => {
94
+ 'enabled' => true,
95
+ 'whitelist' => ['*.allowed*.com'],
96
+ 'block' => true
97
+ }
98
+ }
99
+ }
100
+ )['enablements']
101
+ expect(enablements['http_redirect']).to eq(true)
102
+
103
+ @policy = HttpRedirectPolicy.new(@native_agent, enablements)
104
+ expect(@policy.enabled).to eq(true)
105
+
106
+ tcell_context = TCellAgent::Tests::TCellContextBuilder.new.update_attribute(
107
+ 'path', '/etc/123'
108
+ ).update_attribute(
109
+ 'remote_address', '0.1.1.0'
110
+ ).update_attribute(
111
+ 'fullpath', '/etc/123'
112
+ ).build
113
+ check = @policy.check_redirect(
114
+ 'http://allowed.com',
115
+ 'localhost:8011',
116
+ 200,
117
+ tcell_context
118
+ )
119
+
120
+ expect(check).to eq('http://allowed.com')
121
+ end
131
122
  end
132
- end
133
123
 
134
- context 'data_scheme_allowed' do
135
- context 'is not allowed' do
136
- it 'should send an event' do
137
- @http_redirect_policy = HttpRedirectPolicy.from_json({
138
- 'policy_id' => 'x1a1',
139
- 'data' => {
140
- 'enabled' => true,
141
- 'whitelist' => [],
142
- 'block' => false,
143
- 'data_scheme_allowed' => false
144
- }
145
- })
146
-
147
- expect(TCellAgent).to receive(:send_event).with({
148
- 'event_type' => 'redirect',
149
- 'method' => 'GET',
150
- 'from_domain' => 'www.test.com',
151
- 'status_code' => 400,
152
- 'remote_addr' => '1.1.1.1',
153
- 'to' => 'data:text/html base64',
154
- 'from' => '/path/a',
155
- 'rid' => 'routex'
156
- })
157
-
158
- result = @http_redirect_policy.enforce(
159
- 'data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K',
160
- 'http://www.test.com',
161
- '/path/a',
162
- 'GET',
163
- 'routex',
164
- 400,
165
- '1.1.1.1'
124
+ context 'domain with a port' do
125
+ it 'should block the redirect' do
126
+ enablements = @native_agent.update_policies(
127
+ {
128
+ 'http-redirect' => {
129
+ 'version' => 1,
130
+ 'policy_id' => 'nyzd',
131
+ 'data' => {
132
+ 'enabled' => true,
133
+ 'whitelist' => [],
134
+ 'block' => true
135
+ }
136
+ }
137
+ }
138
+ )['enablements']
139
+ expect(enablements['http_redirect']).to eq(true)
140
+
141
+ @policy = HttpRedirectPolicy.new(@native_agent, enablements)
142
+ expect(@policy.enabled).to eq(true)
143
+
144
+ tcell_context = TCellAgent::Tests::TCellContextBuilder.new.update_attribute(
145
+ 'path', '/some/path'
146
+ ).update_attribute(
147
+ 'remote_address', '0.1.1.0'
148
+ ).update_attribute(
149
+ 'fullpath', '/some/path'
150
+ ).build
151
+ check = @policy.check_redirect(
152
+ 'http://user:pass@192.168.99.100:3000',
153
+ 'localhost:8011',
154
+ 200,
155
+ tcell_context
166
156
  )
167
- expect(result).to eq(nil)
157
+
158
+ expect(check).to eq('/')
168
159
  end
160
+ end
161
+
162
+ context 'data scheme redirect' do
163
+ context 'not allowed' do
164
+ it 'should block the redirect' do
165
+ enablements = @native_agent.update_policies(
166
+ {
167
+ 'http-redirect' => {
168
+ 'version' => 1,
169
+ 'policy_id' => 'nyzd',
170
+ 'data' => {
171
+ 'enabled' => true,
172
+ 'whitelist' => ['whitelisted'],
173
+ 'block' => true,
174
+ 'data_scheme_allowed' => false
175
+ }
176
+ }
177
+ }
178
+ )['enablements']
179
+ expect(enablements['http_redirect']).to eq(true)
180
+
181
+ @policy = HttpRedirectPolicy.new(@native_agent, enablements)
182
+ expect(@policy.enabled).to eq(true)
169
183
 
170
- context 'and blocking is enabled' do
171
- it 'should send an event and redirect to root' do
172
- @http_redirect_policy = HttpRedirectPolicy.from_json({
173
- 'policy_id' => 'x1a1',
174
- 'data' => {
175
- 'enabled' => true,
176
- 'whitelist' => [],
177
- 'block' => true,
178
- 'data_scheme_allowed' => false
179
- }
180
- })
181
-
182
- expect(TCellAgent).to receive(:send_event).with({
183
- 'event_type' => 'redirect',
184
- 'method' => 'GET',
185
- 'from_domain' => 'www.test.com',
186
- 'status_code' => 400,
187
- 'remote_addr' => '1.1.1.1',
188
- 'to' => 'data:text/html base64',
189
- 'from' => '/path/a',
190
- 'rid' => 'routex'
191
- })
192
-
193
- result = @http_redirect_policy.enforce(
184
+ tcell_context = TCellAgent::Tests::TCellContextBuilder.new.update_attribute(
185
+ 'path', '/some/path'
186
+ ).update_attribute(
187
+ 'remote_address', '0.1.1.0'
188
+ ).update_attribute(
189
+ 'fullpath', '/some/path'
190
+ ).build
191
+ check = @policy.check_redirect(
194
192
  'data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K',
195
- 'http://www.test.com',
196
- '/path/a',
197
- 'GET',
198
- 'routex',
199
- 400,
200
- '1.1.1.1'
193
+ 'localhost:8011',
194
+ 200,
195
+ tcell_context
201
196
  )
202
- expect(result).to eq('/')
197
+
198
+ expect(check).to eq('/')
199
+ end
200
+ end
201
+
202
+ context 'is allowed' do
203
+ it 'should allow the redirect' do
204
+ enablements = @native_agent.update_policies(
205
+ {
206
+ 'http-redirect' => {
207
+ 'version' => 1,
208
+ 'policy_id' => 'nyzd',
209
+ 'data' => {
210
+ 'enabled' => true,
211
+ 'whitelist' => ['whitelisted'],
212
+ 'block' => true,
213
+ 'data_scheme_allowed' => true
214
+ }
215
+ }
216
+ }
217
+ )['enablements']
218
+ expect(enablements['http_redirect']).to eq(true)
219
+
220
+ @policy = HttpRedirectPolicy.new(@native_agent, enablements)
221
+ expect(@policy.enabled).to eq(true)
222
+
223
+ tcell_context = TCellAgent::Tests::TCellContextBuilder.new.update_attribute(
224
+ 'path', '/some/path'
225
+ ).update_attribute(
226
+ 'remote_address', '0.1.1.0'
227
+ ).update_attribute(
228
+ 'fullpath', '/some/path'
229
+ ).build
230
+ check = @policy.check_redirect(
231
+ 'data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K',
232
+ 'localhost:8011',
233
+ 200,
234
+ tcell_context
235
+ )
236
+
237
+ expect(check).to eq('data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K')
203
238
  end
204
239
  end
205
240
  end
206
241
 
207
- context 'is allowed' do
208
- it 'should not send an event' do
209
- @http_redirect_policy = HttpRedirectPolicy.from_json({
210
- 'policy_id' => 'x1a1',
211
- 'data' => {
212
- 'enabled' => true,
213
- 'whitelist' => [],
214
- 'block' => false,
215
- 'data_scheme_allowed' => true
216
- }
217
- })
218
-
219
- expect(TCellAgent).to_not receive(:send_event)
220
-
221
- result = @http_redirect_policy.enforce(
222
- 'data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K',
223
- 'http://www.test.com',
224
- '/path/a',
225
- 'GET',
226
- 'routex',
227
- 400,
228
- '1.1.1.1'
242
+ context 'relative redirect' do
243
+ it 'should allow the redirect' do
244
+ enablements = @native_agent.update_policies(
245
+ {
246
+ 'http-redirect' => {
247
+ 'version' => 1,
248
+ 'policy_id' => 'nyzd',
249
+ 'data' => {
250
+ 'enabled' => true,
251
+ 'whitelist' => [],
252
+ 'block' => true
253
+ }
254
+ }
255
+ }
256
+ )['enablements']
257
+ expect(enablements['http_redirect']).to eq(true)
258
+
259
+ @policy = HttpRedirectPolicy.new(@native_agent, enablements)
260
+ expect(@policy.enabled).to eq(true)
261
+
262
+ tcell_context = TCellAgent::Tests::TCellContextBuilder.new.update_attribute(
263
+ 'path', '/some/path'
264
+ ).update_attribute(
265
+ 'remote_address', '0.1.1.0'
266
+ ).update_attribute(
267
+ 'fullpath', '/some/path'
268
+ ).build
269
+ check = @policy.check_redirect(
270
+ '/admin/login/?next=/admin/',
271
+ 'localhost:8011',
272
+ 200,
273
+ tcell_context
229
274
  )
230
275
 
231
- expect(result).to eq(nil)
276
+ expect(check).to eq('/admin/login/?next=/admin/')
232
277
  end
233
278
  end
234
279
  end