tcell_agent 1.1.12 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (169) hide show
  1. checksums.yaml +5 -5
  2. data/bin/tcell_agent +45 -137
  3. data/lib/tcell_agent.rb +12 -14
  4. data/lib/tcell_agent/agent.rb +108 -97
  5. data/lib/tcell_agent/agent/route_manager.rb +0 -16
  6. data/lib/tcell_agent/agent/static_agent.rb +9 -30
  7. data/lib/tcell_agent/config_initializer.rb +66 -0
  8. data/lib/tcell_agent/configuration.rb +69 -345
  9. data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
  10. data/lib/tcell_agent/instrument_servers.rb +23 -0
  11. data/lib/tcell_agent/instrumentation.rb +12 -10
  12. data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
  13. data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
  14. data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
  15. data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
  16. data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
  17. data/lib/tcell_agent/logger.rb +49 -114
  18. data/lib/tcell_agent/patches.rb +6 -7
  19. data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
  20. data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
  21. data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
  22. data/lib/tcell_agent/policies/headers_policy.rb +25 -0
  23. data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
  24. data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
  25. data/lib/tcell_agent/policies/local_file_access.rb +28 -0
  26. data/lib/tcell_agent/policies/login_policy.rb +43 -0
  27. data/lib/tcell_agent/policies/patches_policy.rb +27 -0
  28. data/lib/tcell_agent/policies/policies_manager.rb +68 -0
  29. data/lib/tcell_agent/policies/policy_polling.rb +58 -0
  30. data/lib/tcell_agent/policies/policy_types.rb +14 -0
  31. data/lib/tcell_agent/policies/system_enablements.rb +27 -0
  32. data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
  33. data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
  34. data/lib/tcell_agent/rails/auth/devise.rb +100 -105
  35. data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
  36. data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
  37. data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
  38. data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
  39. data/lib/tcell_agent/rails/dlp.rb +35 -23
  40. data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
  41. data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
  42. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
  43. data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
  44. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  45. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
  46. data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
  47. data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
  48. data/lib/tcell_agent/rails/routes.rb +10 -12
  49. data/lib/tcell_agent/rails/routes/grape.rb +4 -14
  50. data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
  51. data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
  52. data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
  53. data/lib/tcell_agent/rust/agent_config.rb +60 -0
  54. data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
  55. data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
  56. data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
  57. data/lib/tcell_agent/rust/models.rb +6 -52
  58. data/lib/tcell_agent/rust/native_agent.rb +549 -0
  59. data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
  60. data/lib/tcell_agent/rust/native_library.rb +69 -0
  61. data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
  62. data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
  63. data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
  64. data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
  65. data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
  66. data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
  67. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
  68. data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
  69. data/lib/tcell_agent/servers/passenger.rb +1 -28
  70. data/lib/tcell_agent/servers/puma.rb +3 -21
  71. data/lib/tcell_agent/servers/rails_server.rb +1 -2
  72. data/lib/tcell_agent/servers/thin.rb +2 -2
  73. data/lib/tcell_agent/servers/unicorn.rb +19 -80
  74. data/lib/tcell_agent/servers/webrick.rb +1 -2
  75. data/lib/tcell_agent/settings_reporter.rb +11 -90
  76. data/lib/tcell_agent/sinatra.rb +14 -16
  77. data/lib/tcell_agent/tcell_context.rb +40 -14
  78. data/lib/tcell_agent/utils/headers.rb +14 -0
  79. data/lib/tcell_agent/version.rb +1 -1
  80. data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
  81. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
  82. data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
  83. data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
  84. data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
  85. data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
  86. data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
  87. data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
  88. data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
  89. data/spec/lib/tcell_agent/patches_spec.rb +25 -43
  90. data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
  91. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
  92. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
  93. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
  94. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
  95. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
  96. data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
  97. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
  98. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
  99. data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
  100. data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
  101. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
  102. data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
  103. data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
  104. data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
  105. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
  106. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
  107. data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
  108. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
  109. data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
  110. data/spec/spec_helper.rb +1 -1
  111. data/spec/support/builders.rb +103 -0
  112. data/spec/support/force_logger_mocking.rb +38 -0
  113. data/spec/support/resources/lfi_sample_file.txt +2 -0
  114. data/spec/support/static_agent_overrides.rb +0 -15
  115. metadata +72 -83
  116. data/lib/tcell_agent/agent/event_processor.rb +0 -326
  117. data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
  118. data/lib/tcell_agent/agent/policy_manager.rb +0 -219
  119. data/lib/tcell_agent/agent/policy_types.rb +0 -30
  120. data/lib/tcell_agent/api.rb +0 -91
  121. data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
  122. data/lib/tcell_agent/authlogic.rb +0 -26
  123. data/lib/tcell_agent/config/child_process_events.rb +0 -8
  124. data/lib/tcell_agent/config/unknown_options.rb +0 -123
  125. data/lib/tcell_agent/devise.rb +0 -35
  126. data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
  127. data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
  128. data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
  129. data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
  130. data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
  131. data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
  132. data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
  133. data/lib/tcell_agent/policies/rust_policies.rb +0 -110
  134. data/lib/tcell_agent/rails/on_start.rb +0 -41
  135. data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
  136. data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
  137. data/lib/tcell_agent/rust/whisperer.rb +0 -308
  138. data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
  139. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
  140. data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
  141. data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
  142. data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
  143. data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
  144. data/lib/tcell_agent/sensor_events/patches.rb +0 -21
  145. data/lib/tcell_agent/start_background_thread.rb +0 -55
  146. data/lib/tcell_agent/system_info.rb +0 -11
  147. data/lib/tcell_agent/utils/io.rb +0 -38
  148. data/lib/tcell_agent/utils/passwords.rb +0 -28
  149. data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
  150. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
  151. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
  152. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
  153. data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
  154. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
  155. data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
  156. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
  157. data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
  158. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
  159. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
  160. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
  161. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
  162. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
  163. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
  164. data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
  165. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
  166. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
  167. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
  168. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
  169. data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -1,24 +0,0 @@
1
- require 'tcell_agent/sensor_events/appsensor_event'
2
-
3
- module TCellAgent
4
- module AppSensor
5
- module InjectionsReporter
6
- def self.report_and_log(events)
7
- (events || []).each do |event|
8
- TCellAgent.send_event(
9
- TCellAgent::SensorEvents::TCellAppSensorEvent.build_from_native_lib_event(event)
10
- )
11
-
12
- next unless event.key?('full_payload')
13
- event_to_log = {}.merge(event)
14
- event_to_log['payload'] = event_to_log.delete('full_payload')
15
-
16
- cleaned_event = TCellAgent::SensorEvents::TCellAppSensorEvent.build_from_native_lib_event(
17
- event_to_log
18
- )
19
- TCellAgent.logger.info(JSON.dump(cleaned_event))
20
- end
21
- end
22
- end
23
- end
24
- end
@@ -1,26 +0,0 @@
1
- # See the file "LICENSE" for the full license governing this code.
2
-
3
- require 'tcell_agent/userinfo'
4
- require 'tcell_agent/logger'
5
- require 'tcell_agent/sensor_events/honeytokens'
6
-
7
- module TCellAgent
8
- if defined?(Authlogic)
9
- TCellAgent::UserInformation.class_eval do
10
- class << self
11
- alias_method :original_get_user_from_request, :get_user_from_request
12
- def get_user_from_request(request)
13
- orig_user_id = original_get_user_from_request(request)
14
- begin
15
- if request.session && request.session.key?('user_credentials_id')
16
- return request.session['user_credentials_id'].to_s
17
- end
18
- rescue StandardError
19
- return orig_user_id
20
- end
21
- orig_user_id
22
- end
23
- end
24
- end
25
- end
26
- end
@@ -1,8 +0,0 @@
1
- # Forces event manager to start in child processes
2
- # Conditionally loaded based on config
3
- class << TCellAgent::Agent
4
- alias_method :tcell_parent_process?, :parent_process?
5
- def parent_process?
6
- true
7
- end
8
- end
@@ -1,123 +0,0 @@
1
- require 'set'
2
-
3
- module TCellAgent
4
- module Config
5
- module Validate
6
- def self.get_unknown_options(config_json)
7
- messages = []
8
-
9
- known_tcell_env_vars = Set.new(
10
- [
11
- 'TCELL_AGENT_SERVER', # this is only meant for specs
12
- 'TCELL_AGENT_APP_ID',
13
- 'TCELL_AGENT_API_KEY',
14
- 'TCELL_HMAC_KEY',
15
- 'TCELL_PASSWORD_HMAC_KEY',
16
- 'TCELL_AGENT_HOST_IDENTIFIER',
17
- 'TCELL_API_URL',
18
- 'TCELL_INPUT_URL',
19
- 'TCELL_DEMOMODE',
20
- 'TCELL_AGENT_HOME',
21
- 'TCELL_AGENT_LOG_DIR',
22
- 'TCELL_AGENT_CONFIG',
23
- 'TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS',
24
- 'TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS',
25
- 'TCELL_AGENT_ALLOW_PAYLOADS',
26
- 'TCELL_AGENT_HOME_OWNER',
27
- 'TCELL_AGENT_ENABLED'
28
- ]
29
- )
30
-
31
- ENV.keys.each do |environment_key|
32
- if environment_key =~ /^TCELL_/ && !known_tcell_env_vars.include?(environment_key)
33
- messages << "Unrecognized environment parameter (TCELL_*) found: #{environment_key}"
34
- end
35
- end
36
-
37
- begin
38
- key_differences = []
39
-
40
- if config_json
41
- first_level_keys = %w[version applications]
42
-
43
- key_differences = config_json.keys - first_level_keys
44
-
45
- applications = config_json.fetch('applications', nil)
46
- if applications
47
-
48
- if applications.size > 1
49
- messages << 'Multiple applications detected in config file'
50
-
51
- elsif applications.size == 1
52
- application = applications[0]
53
-
54
- second_level_keys = %w[
55
- name
56
- app_id
57
- api_key
58
- fetch_policies_from_tcell
59
- preload_policy_filename
60
- log_dir
61
- tcell_api_url
62
- tcell_input_url
63
- host_identifier
64
- hipaaSafeMode
65
- hmac_key
66
- password_hmac_key
67
- js_agent_api_base_url
68
- js_agent_url
69
- max_csp_header_bytes
70
- event_batch_size_limit
71
- allow_unencrypted_appsensor_payloads
72
- allow_unencrypted_appfirewall_payloads
73
- allow_payloads
74
- reverse_proxy
75
- reverse_proxy_ip_address_header
76
- demomode
77
- logging_options
78
- data_exposure
79
- disable_all
80
- enabled
81
- enable_event_manager
82
- enable_event_consumer
83
- enable_policy_polling
84
- enable_instrumentation
85
- enable_intercept_requests
86
- instrument_for_events
87
- agent_home_owner
88
- enabled_instrumentations
89
- ]
90
-
91
- key_differences += (application.keys - second_level_keys)
92
-
93
- if application.fetch('logging_options', nil)
94
- logging_options = application['logging_options']
95
- key_differences += (logging_options.keys - %w[enabled level filename])
96
- end
97
-
98
- if application.fetch('data_exposure', nil)
99
- data_exposure = application['data_exposure']
100
- key_differences += (data_exposure.keys - ['max_data_ex_db_records_per_request'])
101
- end
102
-
103
- if application.fetch('enabled_instrumentations', nil)
104
- enabled_instrumentations = application['enabled_instrumentations']
105
- key_differences += (enabled_instrumentations.keys - %w[doorkeeper devise authlogic])
106
- end
107
- end
108
- end
109
-
110
- key_differences.each do |key|
111
- messages << "Unrecognized config setting key: #{key}"
112
- end
113
-
114
- end
115
- rescue StandardError => exception
116
- messages << "Something went wrong verifying config file: #{exception}"
117
- end
118
-
119
- messages
120
- end
121
- end
122
- end
123
- end
@@ -1,35 +0,0 @@
1
- # See the file "LICENSE" for the full license governing this code.
2
-
3
- require 'devise'
4
- require 'devise/rails'
5
- require 'devise/strategies/database_authenticatable'
6
- require 'tcell_agent/userinfo'
7
- require 'tcell_agent/logger'
8
- require 'tcell_agent/sensor_events/honeytokens'
9
-
10
- module TCellAgent
11
- if defined?(Devise)
12
- TCellAgent::UserInformation.class_eval do
13
- class << self
14
- alias_method :original_get_user_from_request, :get_user_from_request
15
- def get_user_from_request(request)
16
- orig_user_id = original_get_user_from_request(request)
17
- begin
18
- if request.session && request.session.key?('warden.user.user.key')
19
- userkey = request.session['warden.user.user.key']
20
- user_id = if userkey.length == 2
21
- userkey[0][0]
22
- else
23
- userkey[1][0]
24
- end
25
- return user_id.to_s if user_id.is_a? Integer
26
- end
27
- rescue StandardError
28
- return orig_user_id
29
- end
30
- orig_user_id
31
- end
32
- end
33
- end
34
- end
35
- end
@@ -1,10 +0,0 @@
1
- module Kernel
2
- alias_method :tcell_original_backtick, :`
3
- def `(cmd)
4
- if TCellAgent::Cmdi.block_command?(cmd)
5
- raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
6
- end
7
-
8
- tcell_original_backtick(cmd)
9
- end
10
- end
@@ -1,14 +0,0 @@
1
- module Kernel
2
- alias_method :tcell_original_exec, :exec
3
-
4
- private
5
-
6
- def exec(*args)
7
- cmd = TCellAgent::Cmdi.parse_command(*args)
8
- if TCellAgent::Cmdi.block_command?(cmd)
9
- raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
10
- end
11
-
12
- tcell_original_exec(*args)
13
- end
14
- end
@@ -1,28 +0,0 @@
1
- class IO
2
- class << self
3
- alias_method :tcell_original_popen, :popen
4
- def popen(*args, &block)
5
- unless args.empty?
6
- cmd = ''
7
-
8
- TCellAgent::Instrumentation.safe_block('CMDI Parsing popen *args') do
9
- args_copy = Array.new(args)
10
- args_copy.shift if args_copy.first.is_a?(Hash)
11
- args_copy.pop if args_copy.last.is_a?(Hash)
12
-
13
- cmd = if args_copy.first.is_a?(String)
14
- args_copy.shift
15
- else
16
- TCellAgent::Cmdi.parse_command(*args_copy.shift)
17
- end
18
- end
19
-
20
- if TCellAgent::Cmdi.block_command?(cmd)
21
- raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
22
- end
23
- end
24
-
25
- tcell_original_popen(*args, &block)
26
- end
27
- end
28
- end
@@ -1,11 +0,0 @@
1
- module Kernel
2
- alias_method :tcell_original_spawn, :spawn
3
- def spawn(*args)
4
- cmd = TCellAgent::Cmdi.parse_command(*args)
5
- if TCellAgent::Cmdi.block_command?(cmd)
6
- raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
7
- end
8
-
9
- tcell_original_spawn(*args)
10
- end
11
- end
@@ -1,11 +0,0 @@
1
- module Kernel
2
- alias_method :tcell_original_system, :system
3
- def system(*args)
4
- cmd = TCellAgent::Cmdi.parse_command(*args)
5
- if TCellAgent::Cmdi.block_command?(cmd)
6
- raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
7
- end
8
-
9
- tcell_original_system(*args)
10
- end
11
- end
@@ -1,60 +0,0 @@
1
- # {}"http-tx": {
2
- # "policy_id":"afh023",
3
- # "types": {
4
- # "firehose": { enabled: true },
5
- # {}"auth_framework_only": {enabled: true},
6
- # {}"{}structure": {enabled: true },
7
- # {}"fingerprint": {enabled: true }
8
- # }
9
- # },
10
-
11
- require 'tcell_agent/policies/policy'
12
-
13
- module TCellAgent
14
- module Policies
15
- class HttpTxPolicy < Policy
16
- attr_accessor :policy_id, :firehose, :auth_framework, :profile, :fingerprint
17
-
18
- def initialize
19
- @firehose = { 'enabled' => false, 'lite' => false }
20
- @auth_framework = { 'enabled' => false, 'lite' => false }
21
- @profile = { 'enabled' => false }
22
- @fingerprint = { 'enabled' => false, 'hmacUserAgent' => false, 'hmacUserId' => false, 'sampling' => nil }
23
- end
24
-
25
- def self.from_json(policy_json)
26
- return nil unless policy_json
27
- http_tx_policy = HttpTxPolicy.new
28
-
29
- http_tx_policy.policy_id = policy_json['policy_id']
30
- raise 'Policy ID missing' unless http_tx_policy.policy_id
31
-
32
- types = policy_json['types']
33
- return http_tx_policy unless types
34
-
35
- if types.key?('firehose')
36
- http_tx_policy.firehose['enabled'] = types['firehose'].fetch('enabled', false)
37
- http_tx_policy.firehose['lite'] = types['firehose'].fetch('lite', false)
38
- end
39
-
40
- if types.key?('auth_framework')
41
- http_tx_policy.auth_framework['enabled'] = types['auth_framework'].fetch('enabled', false)
42
- http_tx_policy.auth_framework['lite'] = types['auth_framework'].fetch('lite', false)
43
- end
44
-
45
- if types.key?('profile')
46
- http_tx_policy.profile['enabled'] = types['profile'].fetch('enabled', false)
47
- end
48
-
49
- if types.key?('fingerprint')
50
- http_tx_policy.fingerprint['enabled'] = types['fingerprint'].fetch('enabled', false)
51
- http_tx_policy.fingerprint['hmacUserAgent'] = types['fingerprint'].fetch('hmacUserAgent', false)
52
- http_tx_policy.fingerprint['hmacUserId'] = types['fingerprint'].fetch('hmacUserId', false)
53
- http_tx_policy.fingerprint['sampling'] = types['fingerprint'].fetch('sampling', 0)
54
- end
55
-
56
- http_tx_policy
57
- end
58
- end
59
- end
60
- end
@@ -1,45 +0,0 @@
1
- require 'tcell_agent/policies/policy'
2
-
3
- module TCellAgent
4
- module Policies
5
- class LoginFraudPolicy < Policy
6
- attr_accessor :policy_id
7
-
8
- attr_accessor :login_success_enabled
9
- attr_accessor :login_failed_enabled
10
- attr_accessor :session_hijacking_metrics
11
-
12
- def initialize
13
- init_options
14
- end
15
-
16
- def init_options
17
- @policy_id = nil
18
- @login_success_enabled = false
19
- @login_failed_enabled = false
20
- @session_hijacking_metrics = false
21
- end
22
-
23
- def enabled
24
- @login_success_enabled || @login_failed_enabled
25
- end
26
-
27
- def self.from_json(policy_json)
28
- return nil unless policy_json
29
- sensor_policy = LoginFraudPolicy.new
30
-
31
- sensor_policy.policy_id = policy_json['policy_id']
32
- raise 'Policy ID missing' unless sensor_policy.policy_id
33
-
34
- options_json = (policy_json['data'] || {})['options']
35
- return sensor_policy unless options_json
36
-
37
- sensor_policy.login_failed_enabled = options_json.fetch('login_failed_enabled', false)
38
- sensor_policy.login_success_enabled = options_json.fetch('login_success_enabled', false)
39
- sensor_policy.session_hijacking_metrics = options_json.fetch('session_hijacking_enabled', false)
40
-
41
- sensor_policy
42
- end
43
- end
44
- end
45
- end
@@ -1,110 +0,0 @@
1
- require 'tcell_agent/appsensor/injections_reporter'
2
- require 'tcell_agent/instrumentation'
3
- require 'tcell_agent/policies/policy'
4
- require 'tcell_agent/rust/models'
5
- require 'tcell_agent/rust/whisperer'
6
- require 'tcell_agent/sensor_events/command_injection'
7
- require 'tcell_agent/sensor_events/patches'
8
-
9
- module TCellAgent
10
- module Policies
11
- class RustPolicies < Policy
12
- attr_reader :appfirewall_enabled, :patches_enabled, :cmdi_enabled
13
-
14
- def initialize
15
- @appfirewall_enabled = false
16
- @patches_enabled = false
17
- @cmdi_enabled = false
18
- @headers_enabled = false
19
- @jsagent_enabled = false
20
- @agent_ptr = nil
21
-
22
- whisper = TCellAgent::Rust::Whisperer.create_agent
23
- if whisper['error']
24
- TCellAgent.logger.error("Error initializing policies: #{whisper['error']}")
25
- else
26
- @agent_ptr = whisper['agent_ptr']
27
- end
28
- end
29
-
30
- def update_policies(policies_json)
31
- return if @agent_ptr.nil? || policies_json.nil? || policies_json.empty?
32
-
33
- whisper = TCellAgent::Rust::Whisperer.update_policies(@agent_ptr, policies_json)
34
- if whisper['errors']
35
- whisper['errors'].each do |error|
36
- TCellAgent.logger.error("Error updating policies: #{error}")
37
- end
38
- else
39
- enablements = whisper['enablements']
40
- @appfirewall_enabled = enablements['appfirewall']
41
- @patches_enabled = enablements['patches']
42
- @cmdi_enabled = enablements['cmdi']
43
- @headers_enabled = enablements['headers']
44
- @jsagent_enabled = enablements['jsagentinjection']
45
- end
46
- end
47
-
48
- def block_request?(appsensor_meta)
49
- return false unless @agent_ptr && @patches_enabled
50
-
51
- whisper = TCellAgent::Rust::Whisperer.apply_patches(@agent_ptr, appsensor_meta)
52
- if whisper['error']
53
- TCellAgent.logger.error("Error processing patches: #{whisper['error']}")
54
- else
55
- response = whisper['apply_response']
56
- if response && response['status'] == 'Blocked'
57
- patches_event = TCellAgent::SensorEvents::PatchesEvent.new(response, appsensor_meta)
58
- TCellAgent.send_event(patches_event)
59
- return true
60
- end
61
- end
62
-
63
- false
64
- end
65
-
66
- def check_appfirewall_injections(appsensor_meta)
67
- return unless @agent_ptr && @appfirewall_enabled
68
-
69
- TCellAgent::Instrumentation.safe_block('AppSensor inspection') do
70
- whisper = TCellAgent::Rust::Whisperer.apply_appfirewall(@agent_ptr, appsensor_meta)
71
- TCellAgent::AppSensor::InjectionsReporter.report_and_log(whisper['apply_response'])
72
- end
73
- end
74
-
75
- def block_command?(command, tcell_context)
76
- return false unless @agent_ptr &&
77
- @cmdi_enabled &&
78
- TCellAgent.safe_to_send_cmdi_events?
79
- whisper = TCellAgent::Rust::Whisperer.apply_cmdi(
80
- @agent_ptr, command, tcell_context
81
- )
82
- apply_response = whisper.fetch('apply_response', {})
83
- cmdi_event =
84
- TCellAgent::SensorEvents::CommandInjectionEvent.build_from_native_lib_response_and_tcell_context(apply_response,
85
- tcell_context)
86
- TCellAgent.send_event(cmdi_event) if cmdi_event
87
-
88
- apply_response.fetch('blocked', false)
89
- end
90
-
91
- def get_headers(tcell_context)
92
- return [] unless @agent_ptr &&
93
- @headers_enabled
94
- whisper = TCellAgent::Rust::Whisperer.get_headers(
95
- @agent_ptr, tcell_context
96
- )
97
- whisper['headers'] || []
98
- end
99
-
100
- def get_js_agent_script_tag(tcell_context)
101
- return nil unless @agent_ptr &&
102
- @jsagent_enabled
103
- whisper = TCellAgent::Rust::Whisperer.get_js_agent_script_tag(
104
- @agent_ptr, tcell_context
105
- )
106
- whisper['script_tag']
107
- end
108
- end
109
- end
110
- end