tcell_agent 1.1.12 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (169) hide show
  1. checksums.yaml +5 -5
  2. data/bin/tcell_agent +45 -137
  3. data/lib/tcell_agent.rb +12 -14
  4. data/lib/tcell_agent/agent.rb +108 -97
  5. data/lib/tcell_agent/agent/route_manager.rb +0 -16
  6. data/lib/tcell_agent/agent/static_agent.rb +9 -30
  7. data/lib/tcell_agent/config_initializer.rb +66 -0
  8. data/lib/tcell_agent/configuration.rb +69 -345
  9. data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
  10. data/lib/tcell_agent/instrument_servers.rb +23 -0
  11. data/lib/tcell_agent/instrumentation.rb +12 -10
  12. data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
  13. data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
  14. data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
  15. data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
  16. data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
  17. data/lib/tcell_agent/logger.rb +49 -114
  18. data/lib/tcell_agent/patches.rb +6 -7
  19. data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
  20. data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
  21. data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
  22. data/lib/tcell_agent/policies/headers_policy.rb +25 -0
  23. data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
  24. data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
  25. data/lib/tcell_agent/policies/local_file_access.rb +28 -0
  26. data/lib/tcell_agent/policies/login_policy.rb +43 -0
  27. data/lib/tcell_agent/policies/patches_policy.rb +27 -0
  28. data/lib/tcell_agent/policies/policies_manager.rb +68 -0
  29. data/lib/tcell_agent/policies/policy_polling.rb +58 -0
  30. data/lib/tcell_agent/policies/policy_types.rb +14 -0
  31. data/lib/tcell_agent/policies/system_enablements.rb +27 -0
  32. data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
  33. data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
  34. data/lib/tcell_agent/rails/auth/devise.rb +100 -105
  35. data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
  36. data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
  37. data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
  38. data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
  39. data/lib/tcell_agent/rails/dlp.rb +35 -23
  40. data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
  41. data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
  42. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
  43. data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
  44. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  45. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
  46. data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
  47. data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
  48. data/lib/tcell_agent/rails/routes.rb +10 -12
  49. data/lib/tcell_agent/rails/routes/grape.rb +4 -14
  50. data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
  51. data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
  52. data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
  53. data/lib/tcell_agent/rust/agent_config.rb +60 -0
  54. data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
  55. data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
  56. data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
  57. data/lib/tcell_agent/rust/models.rb +6 -52
  58. data/lib/tcell_agent/rust/native_agent.rb +549 -0
  59. data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
  60. data/lib/tcell_agent/rust/native_library.rb +69 -0
  61. data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
  62. data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
  63. data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
  64. data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
  65. data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
  66. data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
  67. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
  68. data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
  69. data/lib/tcell_agent/servers/passenger.rb +1 -28
  70. data/lib/tcell_agent/servers/puma.rb +3 -21
  71. data/lib/tcell_agent/servers/rails_server.rb +1 -2
  72. data/lib/tcell_agent/servers/thin.rb +2 -2
  73. data/lib/tcell_agent/servers/unicorn.rb +19 -80
  74. data/lib/tcell_agent/servers/webrick.rb +1 -2
  75. data/lib/tcell_agent/settings_reporter.rb +11 -90
  76. data/lib/tcell_agent/sinatra.rb +14 -16
  77. data/lib/tcell_agent/tcell_context.rb +40 -14
  78. data/lib/tcell_agent/utils/headers.rb +14 -0
  79. data/lib/tcell_agent/version.rb +1 -1
  80. data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
  81. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
  82. data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
  83. data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
  84. data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
  85. data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
  86. data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
  87. data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
  88. data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
  89. data/spec/lib/tcell_agent/patches_spec.rb +25 -43
  90. data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
  91. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
  92. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
  93. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
  94. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
  95. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
  96. data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
  97. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
  98. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
  99. data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
  100. data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
  101. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
  102. data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
  103. data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
  104. data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
  105. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
  106. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
  107. data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
  108. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
  109. data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
  110. data/spec/spec_helper.rb +1 -1
  111. data/spec/support/builders.rb +103 -0
  112. data/spec/support/force_logger_mocking.rb +38 -0
  113. data/spec/support/resources/lfi_sample_file.txt +2 -0
  114. data/spec/support/static_agent_overrides.rb +0 -15
  115. metadata +72 -83
  116. data/lib/tcell_agent/agent/event_processor.rb +0 -326
  117. data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
  118. data/lib/tcell_agent/agent/policy_manager.rb +0 -219
  119. data/lib/tcell_agent/agent/policy_types.rb +0 -30
  120. data/lib/tcell_agent/api.rb +0 -91
  121. data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
  122. data/lib/tcell_agent/authlogic.rb +0 -26
  123. data/lib/tcell_agent/config/child_process_events.rb +0 -8
  124. data/lib/tcell_agent/config/unknown_options.rb +0 -123
  125. data/lib/tcell_agent/devise.rb +0 -35
  126. data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
  127. data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
  128. data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
  129. data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
  130. data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
  131. data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
  132. data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
  133. data/lib/tcell_agent/policies/rust_policies.rb +0 -110
  134. data/lib/tcell_agent/rails/on_start.rb +0 -41
  135. data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
  136. data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
  137. data/lib/tcell_agent/rust/whisperer.rb +0 -308
  138. data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
  139. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
  140. data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
  141. data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
  142. data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
  143. data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
  144. data/lib/tcell_agent/sensor_events/patches.rb +0 -21
  145. data/lib/tcell_agent/start_background_thread.rb +0 -55
  146. data/lib/tcell_agent/system_info.rb +0 -11
  147. data/lib/tcell_agent/utils/io.rb +0 -38
  148. data/lib/tcell_agent/utils/passwords.rb +0 -28
  149. data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
  150. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
  151. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
  152. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
  153. data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
  154. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
  155. data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
  156. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
  157. data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
  158. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
  159. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
  160. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
  161. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
  162. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
  163. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
  164. data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
  165. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
  166. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
  167. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
  168. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
  169. data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -0,0 +1,75 @@
1
+ require 'spec_helper'
2
+
3
+ module TCellAgent
4
+ module Policies
5
+ describe JsAgentPolicy do
6
+ describe '#initialize' do
7
+ context 'empty enablements' do
8
+ it 'should disable the policy' do
9
+ native_agent = double('native_agent')
10
+ policy = JsAgentPolicy.new(native_agent, {})
11
+ expect(policy.enabled).to eq(false)
12
+ end
13
+ end
14
+ end
15
+
16
+ describe '#check_redirect' do
17
+ context 'with disabled policy' do
18
+ it 'should not call the native library' do
19
+ native_agent = double('native_agent')
20
+ policy = JsAgentPolicy.new(native_agent, {})
21
+
22
+ expect(native_agent).to_not receive(:get_js_agent_script_tag)
23
+
24
+ tcell_context = double('tcell_context')
25
+ expect(
26
+ policy.get_js_agent_script_tag(tcell_context)
27
+ ).to eq(nil)
28
+ end
29
+ end
30
+
31
+ context 'with native agent' do
32
+ before(:each) do
33
+ configuration = TCellAgent::Tests::ConfigurationBuilder.new.build
34
+ @native_agent = TCellAgent::Rust::NativeAgent.create_agent(
35
+ configuration
36
+ )
37
+ end
38
+
39
+ after(:each) do
40
+ TCellAgent::Rust::NativeAgent.free_agent(@native_agent.agent_ptr)
41
+ end
42
+
43
+ context 'enabled js agent policy' do
44
+ it 'should return js agent script tag' do
45
+ enablements = @native_agent.update_policies(
46
+ {
47
+ 'jsagentinjection' => {
48
+ 'enabled' => true,
49
+ 'api_key' => 'AQABBA',
50
+ 'excludes' => [],
51
+ 'policy_id' => 'jsagentinjection-v1-1',
52
+ 'version' => 1
53
+ }
54
+ }
55
+ )['enablements']
56
+ expect(enablements['jsagentinjection']).to eq(true)
57
+
58
+ @policy = JsAgentPolicy.new(@native_agent, enablements)
59
+ expect(@policy.enabled).to eq(true)
60
+
61
+ tcell_context = TCellAgent::Tests::TCellContextBuilder.new.build
62
+ expect(
63
+ @policy.get_js_agent_script_tag(tcell_context)
64
+ ).to eq(
65
+ '<script src="https://jsagent.tcell.io/tcellagent.min.js" ' \
66
+ 'tcellappid="TestAppId-AppId" tcellapikey="AQABBA" ' \
67
+ 'tcellbaseurl="https://api.tcell-preview.io/agents/api/v1"></script>'
68
+ )
69
+ end
70
+ end
71
+ end
72
+ end
73
+ end
74
+ end
75
+ end
@@ -2,44 +2,176 @@ require 'spec_helper'
2
2
 
3
3
  module TCellAgent
4
4
  module Policies
5
- describe LoginFraudPolicy do
6
- policy_json_empty = {
7
- 'policy_id' => '01a1',
8
- 'data' => {
9
- 'options' => {}
10
- }
11
- }
12
-
13
- policy_json_one = {
14
- 'policy_id' => '01a1',
15
- 'data' => {
16
- 'options' => {
17
- 'login_failed_enabled' => true,
18
- 'login_success_enabled' => true,
19
- 'session_hijacking_enabled' => true
20
- }
21
- }
22
- }
23
-
24
- empty_policy = LoginFraudPolicy.from_json(policy_json_empty)
25
- context 'test empty agent' do
26
- it 'enabled is false' do
27
- expect(empty_policy.policy_id).to eq('01a1')
28
- expect(empty_policy.login_failed_enabled).to eq(false)
29
- expect(empty_policy.login_success_enabled).to eq(false)
30
- expect(empty_policy.session_hijacking_metrics).to eq(false)
5
+ describe LoginPolicy do
6
+ describe '#initialize' do
7
+ context 'empty enablements' do
8
+ it 'should disable the policy' do
9
+ native_agent = double('native_agent')
10
+ policy = LoginPolicy.new(native_agent, {})
11
+ expect(policy.login_success_enabled).to eq(false)
12
+ expect(policy.login_failed_enabled).to eq(false)
13
+ end
31
14
  end
32
15
  end
33
16
 
34
- policy_one = LoginFraudPolicy.from_json(policy_json_one)
35
- context 'enabled agent' do
36
- it 'enabled is true' do
37
- expect(empty_policy.policy_id).to eq('01a1')
38
- expect(policy_one.login_failed_enabled).to eq(true)
39
- expect(policy_one.login_success_enabled).to eq(true)
40
- expect(policy_one.session_hijacking_metrics).to eq(true)
17
+ context 'with native agent' do
18
+ before(:each) do
19
+ configuration = TCellAgent::Tests::ConfigurationBuilder.new.build
20
+ @native_agent = TCellAgent::Rust::NativeAgent.create_agent(
21
+ configuration
22
+ )
23
+ end
24
+
25
+ after(:each) do
26
+ TCellAgent::Rust::NativeAgent.free_agent(@native_agent.agent_ptr)
27
+ end
28
+
29
+ describe '#report_login_success' do
30
+ context 'with disabled policy' do
31
+ it 'should not call the native library' do
32
+ native_agent = double('native_agent')
33
+ policy = LoginPolicy.new(native_agent, {})
34
+
35
+ expect(native_agent).to_not receive(:login_fraud_apply)
36
+
37
+ user_id = double('user_id')
38
+ headers = double('headers')
39
+ tcell_context = double('tcell_context')
40
+ expect(
41
+ policy.report_login_success(user_id, headers, tcell_context)
42
+ ).to eq({})
43
+ end
44
+ end
45
+
46
+ context 'with enabled policy' do
47
+ it 'should report login success' do
48
+ enablements = @native_agent.update_policies(
49
+ {
50
+ 'login' => {
51
+ 'policy_id' => '00a1',
52
+ 'version' => 1,
53
+ 'data' => {
54
+ 'options' => {
55
+ 'login_failed_enabled' => true,
56
+ 'login_success_enabled' => true
57
+ }
58
+ }
59
+ }
60
+ }
61
+ )['enablements']
62
+ expect(enablements['login_success_enabled']).to eq(true)
63
+
64
+ @policy = LoginPolicy.new(@native_agent, enablements)
65
+ expect(@policy.login_success_enabled).to eq(true)
66
+
67
+ user_id = 'user-id'
68
+ headers = ['user-agent']
69
+ tcell_context = TCellAgent::Tests::TCellContextBuilder.new.update_attribute(
70
+ 'user_id', 'user-id'
71
+ ).build
72
+ expect(
73
+ @policy.report_login_success(user_id, headers, tcell_context)
74
+ ).to eq(
75
+ { 'events_created' => 1 }
76
+ )
77
+ end
78
+ end
79
+ end
80
+
81
+ describe '#report_login_failure' do
82
+ context 'with disabled policy' do
83
+ it 'should not call the native library' do
84
+ native_agent = double('native_agent')
85
+ policy = LoginPolicy.new(native_agent, {})
86
+
87
+ expect(native_agent).to_not receive(:login_fraud_apply)
88
+
89
+ user_id = double('user_id')
90
+ password = nil
91
+ headers = double('headers')
92
+ user_valid = false
93
+ tcell_context = double('tcell_context')
94
+ expect(
95
+ policy.report_login_failure(
96
+ user_id,
97
+ password,
98
+ headers,
99
+ user_valid,
100
+ tcell_context
101
+ )
102
+ ).to eq({})
103
+ end
104
+ end
105
+
106
+ context 'with enabled policy' do
107
+ it 'should report login failure' do
108
+ enablements = @native_agent.update_policies(
109
+ {
110
+ 'login' => {
111
+ 'policy_id' => '00a1',
112
+ 'version' => 1,
113
+ 'data' => {
114
+ 'options' => {
115
+ 'login_failed_enabled' => true,
116
+ 'login_success_enabled' => true
117
+ }
118
+ }
119
+ }
120
+ }
121
+ )['enablements']
122
+ expect(enablements['login_failed_enabled']).to eq(true)
123
+
124
+ @policy = LoginPolicy.new(@native_agent, enablements)
125
+ expect(@policy.login_failed_enabled).to eq(true)
126
+
127
+ user_id = 'user-id'
128
+ password = nil
129
+ headers = ['user-agent']
130
+ user_valid = nil
131
+ tcell_context = TCellAgent::Tests::TCellContextBuilder.new.update_attribute(
132
+ 'user_id', 'user-id'
133
+ ).build
134
+ expect(
135
+ @policy.report_login_failure(
136
+ user_id,
137
+ password,
138
+ headers,
139
+ user_valid,
140
+ tcell_context
141
+ )
142
+ ).to eq(
143
+ { 'events_created' => 1 }
144
+ )
145
+ end
146
+ end
41
147
  end
42
148
  end
43
149
  end
44
150
  end
45
151
  end
152
+
153
+ # def login_failed_test(self):
154
+ # policies_rsp = self.native_agent.update_policies({
155
+ # "login": {
156
+ # "policy_id": "00a1",
157
+ # "version": 1,
158
+ # "data": {
159
+ # "options": {
160
+ # "login_failed_enabled": True,
161
+ # "login_success_enabled": True
162
+ # }
163
+ # }
164
+ # }
165
+ # })
166
+
167
+ # login_policy = LoginPolicy(self.native_agent, policies_rsp["enablements"], None)
168
+ # context = ContextBuilder().update_attribute("user_id", "user-id").build()
169
+ # response = login_policy.report_login_failure(
170
+ # user_id="user-id",
171
+ # password="password",
172
+ # header_keys=["user-agent", "content-length"],
173
+ # user_valid=False,
174
+ # tcell_context=context
175
+ # )
176
+ #
177
+ # self.assertEqual(response, {"events_created": 1})
@@ -2,308 +2,115 @@ require 'spec_helper'
2
2
 
3
3
  module TCellAgent
4
4
  module Policies
5
- describe RustPolicies do
6
- before(:each) do
7
- configuration = double(
8
- 'configuration',
9
- {
10
- 'app_id' => 'app_id',
11
- 'api_key' => 'api_key',
12
- 'allow_payloads' => true,
13
- 'js_agent_api_base_url' => 'http://api.tcell.com/',
14
- 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
15
- 'max_csp_header_bytes' => nil
16
- }
17
- )
18
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
19
- @rust_policies = RustPolicies.new
20
- end
21
-
22
- describe '#update_policies' do
23
- context 'with a nil policy' do
24
- it 'should return nil' do
25
- expect(TCellAgent).to_not receive(:logger)
26
-
27
- @rust_policies.update_policies(nil)
28
-
29
- expect(@rust_policies.patches_enabled).to eq(false)
30
- end
31
- end
32
-
33
- context 'with an empty policy' do
34
- it 'should raise a policy missing error' do
35
- expect(TCellAgent).to_not receive(:logger)
36
-
37
- @rust_policies.update_policies({})
38
-
39
- expect(@rust_policies.patches_enabled).to eq(false)
40
- end
41
- end
42
-
43
- context 'with an empty version' do
44
- it 'should have empty version' do
45
- logger = double('logger')
46
-
47
- expect(TCellAgent).to receive(:logger).and_return(logger)
48
- expect(logger).to receive(:error).with(
49
- 'Error updating policies: Failed to decode patches policy: missing field `version`'
50
- )
51
- @rust_policies.update_policies(
5
+ describe PatchesPolicy do
6
+ blocked_ip_policy = {
7
+ 'patches' => {
8
+ 'policy_id' => 'policy_id',
9
+ 'version' => 2,
10
+ 'data' => {
11
+ 'rules' => [
52
12
  {
53
- 'patches' => {
54
- 'policy_id' => 'policy_id'
55
- }
13
+ 'id' => 'blocked-ips-rule',
14
+ 'title' => 'Blocked ips rule',
15
+ 'action' => 'BlockIf',
16
+ 'destinations' => { 'check_equals' => [{ 'path' => '*' }] },
17
+ 'ignore' => [],
18
+ 'matches' => [
19
+ {
20
+ 'all' => [],
21
+ 'any' => [
22
+ {
23
+ 'ips' => [{ 'type' => 'IP', 'values' => ['1.1.1.1'] }]
24
+ }
25
+ ]
26
+ }
27
+ ]
56
28
  }
57
- )
58
-
59
- expect(@rust_policies.patches_enabled).to eq(false)
29
+ ]
30
+ }
31
+ }
32
+ }
33
+
34
+ describe '#initialize' do
35
+ context 'empty enablements' do
36
+ it 'should disable the policy' do
37
+ native_agent = double('native_agent')
38
+ policy = PatchesPolicy.new(native_agent, {})
39
+ expect(policy.enabled).to eq(false)
60
40
  end
61
41
  end
42
+ end
62
43
 
63
- context 'with an empty data' do
64
- it 'should have disabled ip blocking' do
65
- expect(TCellAgent).to_not receive(:logger)
44
+ describe '#block_request?' do
45
+ context 'with disabled policy' do
46
+ it 'should not call the native library' do
47
+ native_agent = double('native_agent')
48
+ policy = PatchesPolicy.new(native_agent, {})
66
49
 
67
- @rust_policies.update_policies(
68
- {
69
- 'patches' => {
70
- 'policy_id' => 'policy_id',
71
- 'version' => 1
72
- }
73
- }
74
- )
50
+ expect(native_agent).to_not receive(:apply_patches)
75
51
 
76
- expect(@rust_policies.patches_enabled).to eq(false)
52
+ appsensor_meta = double('appsensor_meta')
53
+ policy.block_request?(appsensor_meta)
77
54
  end
78
55
  end
79
56
 
80
- context 'with an empty block_rules' do
81
- it 'should have disabled ip blocking' do
82
- expect(TCellAgent).to_not receive(:logger)
83
-
84
- @rust_policies.update_policies(
85
- {
86
- 'patches' => {
87
- 'policy_id' => 'policy_id',
88
- 'version' => 1,
89
- 'data' => {}
90
- }
91
- }
57
+ context 'with blocked ip policy' do
58
+ before(:each) do
59
+ configuration = TCellAgent::Tests::ConfigurationBuilder.new.build
60
+ @native_agent = TCellAgent::Rust::NativeAgent.create_agent(
61
+ configuration
92
62
  )
63
+ enablements = @native_agent.update_policies(
64
+ blocked_ip_policy
65
+ )['enablements']
66
+ expect(enablements['patches']).to eq(true)
93
67
 
94
- expect(@rust_policies.patches_enabled).to eq(true)
68
+ @policy = PatchesPolicy.new(@native_agent, enablements)
69
+ expect(@policy.enabled).to eq(true)
95
70
  end
96
- end
97
71
 
98
- context 'with blocked_ips' do
99
- context 'as an empty list' do
100
- it 'should have ip blocking disabled' do
101
- expect(TCellAgent).to_not receive(:logger)
102
-
103
- @rust_policies.update_policies(
104
- {
105
- 'patches' => {
106
- 'policy_id' => 'policy_id',
107
- 'version' => 1,
108
- 'data' => {
109
- 'blocked_ips' => []
110
- }
111
- }
112
- }
113
- )
114
-
115
- expect(@rust_policies.patches_enabled).to eq(true)
116
- end
72
+ after(:each) do
73
+ TCellAgent::Rust::NativeAgent.free_agent(@native_agent.agent_ptr)
117
74
  end
118
75
 
119
- context 'a non empty list' do
120
- it 'should have ip blocking enabled' do
121
- expect(TCellAgent).to_not receive(:logger)
122
-
123
- @rust_policies.update_policies(
124
- {
125
- 'patches' => {
126
- 'policy_id' => 'policy_id',
127
- 'version' => 1,
128
- 'data' => {
129
- 'blocked_ips' => [
130
- { 'ip' => '0.0.0.0' },
131
- { 'ip' => '1.1.1.1' }
132
- ]
133
- }
134
- }
135
- }
136
- )
137
-
138
- expect(@rust_policies.patches_enabled).to eq(true)
76
+ context 'request has nil ip', :skip => true do
77
+ it 'should not block request' do
78
+ meta_data = TCellAgent::Tests::MetaDataBuilder.new.update_attribute(
79
+ 'remote_address', nil
80
+ ).build
81
+ resp = @policy.block_request?(meta_data)
82
+ expect(resp).to eq(false)
139
83
  end
140
84
  end
141
- end
142
-
143
- context 'with block_rules' do
144
- context 'as an empty list' do
145
- it 'should have ip blocking disabled' do
146
- expect(TCellAgent).to_not receive(:logger)
147
85
 
148
- @rust_policies.update_policies(
149
- {
150
- 'patches' => {
151
- 'policy_id' => 'policy_id',
152
- 'version' => 1,
153
- 'data' => {
154
- 'block_rules' => []
155
- }
156
- }
157
- }
158
- )
159
-
160
- expect(@rust_policies.patches_enabled).to eq(true)
86
+ context 'request has empty ip', :skip => true do
87
+ it 'should not block request' do
88
+ meta_data = TCellAgent::Tests::MetaDataBuilder.new.update_attribute(
89
+ 'remote_address', ''
90
+ ).build
91
+ resp = @policy.block_request?(meta_data)
92
+ expect(resp).to eq(false)
161
93
  end
162
94
  end
163
95
 
164
- context 'a non empty list' do
165
- it 'should have ip blocking enabled' do
166
- expect(TCellAgent).to_not receive(:logger)
167
-
168
- @rust_policies.update_policies(
169
- {
170
- 'patches' => {
171
- 'policy_id' => 'policy_id',
172
- 'version' => 1,
173
- 'data' => {
174
- 'block_rules' => [
175
- { 'assume_this_is_well_formed' => 'well_formed' },
176
- { 'assume_this_is_well_formed_dos' => 'well_formed_dos' }
177
- ]
178
- }
179
- }
180
- }
181
- )
182
-
183
- expect(@rust_policies.patches_enabled).to eq(true)
184
- end
185
-
186
- context 'with a malformed block rule' do
187
- it 'should ignore the block rule' do
188
- expect(TCellAgent).to_not receive(:logger)
189
-
190
- @rust_policies.update_policies(
191
- {
192
- 'patches' => {
193
- 'policy_id' => 'policy_id',
194
- 'version' => 1,
195
- 'data' => {
196
- 'block_rules' => [
197
- { 'assume_this_is_ill_formed' => 'ill_formed' }
198
- ]
199
- }
200
- }
201
- }
202
- )
203
-
204
- expect(@rust_policies.patches_enabled).to eq(true)
205
- end
206
- end
207
-
208
- context 'with a malformed block rule and a well formed block rule' do
209
- it 'should ignore the block rule' do
210
- expect(TCellAgent).to_not receive(:logger)
211
-
212
- @rust_policies.update_policies(
213
- {
214
- 'patches' => {
215
- 'policy_id' => 'policy_id',
216
- 'version' => 1,
217
- 'data' => {
218
- 'block_rules' => [
219
- { 'assume_this_is_ill_formed' => 'ill_formed' },
220
- { 'assume_this_is_well_formed' => 'well_formed' }
221
- ]
222
- }
223
- }
224
- }
225
- )
226
-
227
- expect(@rust_policies.patches_enabled).to eq(true)
228
- end
229
- end
230
-
231
- context 'with a wrong version number' do
232
- xit 'should have ip blocking disabled' do
233
- expect(TCellAgent).to_not receive(:logger)
234
-
235
- @rust_policies.update_policies(
236
- {
237
- 'patches' => {
238
- 'policy_id' => 'policy_id',
239
- 'version' => 2,
240
- 'data' => {
241
- 'block_rules' => [
242
- { 'assume_this_is_well_formed' => 'well_formed' }
243
- ]
244
- }
245
- }
246
- }
247
- )
248
-
249
- expect(@rust_policies.patches_enabled).to eq(false)
250
- end
96
+ context 'request comes from non-blocked ip' do
97
+ it 'should not block request' do
98
+ meta_data = TCellAgent::Tests::MetaDataBuilder.new.update_attribute(
99
+ 'remote_address', '2.2.2.2'
100
+ ).build
101
+ resp = @policy.block_request?(meta_data)
102
+ expect(resp).to eq(false)
251
103
  end
252
104
  end
253
- end
254
- end
255
105
 
256
- describe '#block_request?' do
257
- context 'supports ip blocking' do
258
- it 'should block blacklisted ip' do
259
- @rust_policies.update_policies(
260
- {
261
- 'patches' => {
262
- 'version' => 1,
263
- 'policy_id' => 'some uuid',
264
- 'data' => {
265
- 'rules' => [{
266
- 'id' => 'blocked-ips-rule',
267
- 'title' => 'Blocked ips rule',
268
- 'action' => 'BlockIf',
269
- 'destinations' => { 'check_equals' => [{ 'path' => '*' }] },
270
- 'ignore' => [],
271
- 'matches' => [{
272
- 'all' => [],
273
- 'any' => [{
274
- 'ips' => [{
275
- 'type' => 'IP',
276
- 'values' => ['1.3.3.4']
277
- }]
278
- }]
279
- }]
280
- }]
281
- }
282
- }
283
- }
284
- )
285
-
286
- meta_data = TCellAgent::MetaData.new(
287
- 'get',
288
- '1.3.3.4',
289
- 'route_id',
290
- 'session_id',
291
- 'user_id',
292
- 'transaction_id',
293
- 'http://test.com/?some_param=present'
294
- )
295
- expect(@rust_policies.block_request?(meta_data)).to eq(true)
296
-
297
- meta_data = TCellAgent::MetaData.new(
298
- 'get',
299
- '1.1.1.1',
300
- 'route_id',
301
- 'session_id',
302
- 'user_id',
303
- 'transaction_id',
304
- 'http://test.com/?some_param=present'
305
- )
306
- expect(@rust_policies.block_request?(meta_data)).to eq(false)
106
+ context 'request comes from non-blocked ip' do
107
+ it 'should not block request' do
108
+ meta_data = TCellAgent::Tests::MetaDataBuilder.new.update_attribute(
109
+ 'remote_address', '1.1.1.1'
110
+ ).build
111
+ resp = @policy.block_request?(meta_data)
112
+ expect(resp).to eq(true)
113
+ end
307
114
  end
308
115
  end
309
116
  end