tcell_agent 1.1.12 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/bin/tcell_agent +45 -137
- data/lib/tcell_agent.rb +12 -14
- data/lib/tcell_agent/agent.rb +108 -97
- data/lib/tcell_agent/agent/route_manager.rb +0 -16
- data/lib/tcell_agent/agent/static_agent.rb +9 -30
- data/lib/tcell_agent/config_initializer.rb +66 -0
- data/lib/tcell_agent/configuration.rb +69 -345
- data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
- data/lib/tcell_agent/instrument_servers.rb +23 -0
- data/lib/tcell_agent/instrumentation.rb +12 -10
- data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
- data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
- data/lib/tcell_agent/logger.rb +49 -114
- data/lib/tcell_agent/patches.rb +6 -7
- data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
- data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
- data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
- data/lib/tcell_agent/policies/headers_policy.rb +25 -0
- data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
- data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
- data/lib/tcell_agent/policies/local_file_access.rb +28 -0
- data/lib/tcell_agent/policies/login_policy.rb +43 -0
- data/lib/tcell_agent/policies/patches_policy.rb +27 -0
- data/lib/tcell_agent/policies/policies_manager.rb +68 -0
- data/lib/tcell_agent/policies/policy_polling.rb +58 -0
- data/lib/tcell_agent/policies/policy_types.rb +14 -0
- data/lib/tcell_agent/policies/system_enablements.rb +27 -0
- data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
- data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
- data/lib/tcell_agent/rails/auth/devise.rb +100 -105
- data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
- data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
- data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
- data/lib/tcell_agent/rails/dlp.rb +35 -23
- data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
- data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
- data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
- data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
- data/lib/tcell_agent/rails/routes.rb +10 -12
- data/lib/tcell_agent/rails/routes/grape.rb +4 -14
- data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
- data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
- data/lib/tcell_agent/rust/agent_config.rb +60 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
- data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
- data/lib/tcell_agent/rust/models.rb +6 -52
- data/lib/tcell_agent/rust/native_agent.rb +549 -0
- data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
- data/lib/tcell_agent/rust/native_library.rb +69 -0
- data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
- data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
- data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
- data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
- data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
- data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
- data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
- data/lib/tcell_agent/servers/passenger.rb +1 -28
- data/lib/tcell_agent/servers/puma.rb +3 -21
- data/lib/tcell_agent/servers/rails_server.rb +1 -2
- data/lib/tcell_agent/servers/thin.rb +2 -2
- data/lib/tcell_agent/servers/unicorn.rb +19 -80
- data/lib/tcell_agent/servers/webrick.rb +1 -2
- data/lib/tcell_agent/settings_reporter.rb +11 -90
- data/lib/tcell_agent/sinatra.rb +14 -16
- data/lib/tcell_agent/tcell_context.rb +40 -14
- data/lib/tcell_agent/utils/headers.rb +14 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
- data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
- data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
- data/spec/lib/tcell_agent/patches_spec.rb +25 -43
- data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
- data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
- data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
- data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
- data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
- data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
- data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
- data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
- data/spec/spec_helper.rb +1 -1
- data/spec/support/builders.rb +103 -0
- data/spec/support/force_logger_mocking.rb +38 -0
- data/spec/support/resources/lfi_sample_file.txt +2 -0
- data/spec/support/static_agent_overrides.rb +0 -15
- metadata +72 -83
- data/lib/tcell_agent/agent/event_processor.rb +0 -326
- data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
- data/lib/tcell_agent/agent/policy_manager.rb +0 -219
- data/lib/tcell_agent/agent/policy_types.rb +0 -30
- data/lib/tcell_agent/api.rb +0 -91
- data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
- data/lib/tcell_agent/authlogic.rb +0 -26
- data/lib/tcell_agent/config/child_process_events.rb +0 -8
- data/lib/tcell_agent/config/unknown_options.rb +0 -123
- data/lib/tcell_agent/devise.rb +0 -35
- data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
- data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
- data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
- data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
- data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
- data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
- data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
- data/lib/tcell_agent/policies/rust_policies.rb +0 -110
- data/lib/tcell_agent/rails/on_start.rb +0 -41
- data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
- data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +0 -308
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
- data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
- data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
- data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
- data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
- data/lib/tcell_agent/sensor_events/patches.rb +0 -21
- data/lib/tcell_agent/start_background_thread.rb +0 -55
- data/lib/tcell_agent/system_info.rb +0 -11
- data/lib/tcell_agent/utils/io.rb +0 -38
- data/lib/tcell_agent/utils/passwords.rb +0 -28
- data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
- data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
- data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
- data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
- data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
- data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
- data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
- data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
- data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
- data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
- data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -1,41 +0,0 @@
|
|
1
|
-
# See the file "LICENSE" for the full license governing this code.
|
2
|
-
|
3
|
-
# require 'tcell_agent/authlogic' if defined?(Authlogic)
|
4
|
-
|
5
|
-
require 'rails'
|
6
|
-
|
7
|
-
require 'tcell_agent/configuration'
|
8
|
-
|
9
|
-
require 'tcell_agent/rails/routes'
|
10
|
-
require 'tcell_agent/rails/dlp/process_request'
|
11
|
-
|
12
|
-
TCellAgent::Instrumentation::Rails.send_language_info
|
13
|
-
TCellAgent::Instrumentation::Rails.send_framework_info
|
14
|
-
|
15
|
-
if Rails.application
|
16
|
-
if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
|
17
|
-
TCellAgent::Instrumentation::Rails.send_settings(Rails.application)
|
18
|
-
end
|
19
|
-
|
20
|
-
else
|
21
|
-
module TCellAgent
|
22
|
-
class MyRailtie < Rails::Railtie
|
23
|
-
initializer 'activeservice.autoload', :after => :set_autoload_paths do |_app|
|
24
|
-
Rails.application.config.to_prepare do
|
25
|
-
require 'tcell_agent/devise' if defined?(Devise)
|
26
|
-
require 'tcell_agent/rails/auth/devise' if defined?(Devise)
|
27
|
-
require 'tcell_agent/authlogic' if defined?(Authlogic)
|
28
|
-
require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
|
29
|
-
require 'tcell_agent/rails/auth/doorkeeper'
|
30
|
-
end
|
31
|
-
|
32
|
-
# TODO: will this get run ever?
|
33
|
-
if TCellAgent.configuration.enabled
|
34
|
-
Rails.application.config.after_initialize do
|
35
|
-
TCellAgent::Instrumentation::Rails.send_settings(Rails.application)
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
Binary file
|
Binary file
|
@@ -1,308 +0,0 @@
|
|
1
|
-
require 'tcell_agent/rust/models'
|
2
|
-
require 'tcell_agent/logger'
|
3
|
-
|
4
|
-
module TCellAgent
|
5
|
-
module Rust
|
6
|
-
require 'ffi'
|
7
|
-
|
8
|
-
module Wrapper
|
9
|
-
extend FFI::Library
|
10
|
-
|
11
|
-
VERSION = '1.3.2'.freeze
|
12
|
-
prefix = 'lib'
|
13
|
-
extension = '.so'
|
14
|
-
variant = ''
|
15
|
-
if /cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM
|
16
|
-
extension = '.dll'
|
17
|
-
prefix = ''
|
18
|
-
elsif /darwin/ =~ RUBY_PLATFORM
|
19
|
-
extension = '.dylib'
|
20
|
-
elsif /musl/ =~ RUBY_PLATFORM
|
21
|
-
variant = 'alpine-'
|
22
|
-
end
|
23
|
-
|
24
|
-
begin
|
25
|
-
ffi_lib File.join(File.dirname(__FILE__),
|
26
|
-
"#{prefix}tcellagent-#{variant}#{VERSION}#{extension}")
|
27
|
-
|
28
|
-
# All the rust library calls have the following response api:
|
29
|
-
#
|
30
|
-
# result [int]: 0+ length of buffer_out answer
|
31
|
-
# -1 general error
|
32
|
-
# -2 buffer_out is not big enough for response
|
33
|
-
# -3 buffer_out is null
|
34
|
-
|
35
|
-
attach_function :create_agent, %i[pointer size_t pointer size_t], :int
|
36
|
-
attach_function :free_agent, [:pointer], :int
|
37
|
-
attach_function :update_policies, %i[pointer pointer size_t pointer size_t], :int
|
38
|
-
attach_function :appfirewall_apply, %i[pointer pointer size_t pointer size_t], :int
|
39
|
-
attach_function :patches_apply, %i[pointer pointer size_t pointer size_t], :int
|
40
|
-
attach_function :cmdi_apply, %i[pointer pointer size_t pointer size_t], :int
|
41
|
-
attach_function :get_headers, %i[pointer pointer size_t pointer size_t], :int
|
42
|
-
attach_function :get_js_agent_script_tag, %i[pointer pointer size_t pointer size_t], :int
|
43
|
-
|
44
|
-
def self.common_lib_available?
|
45
|
-
true
|
46
|
-
end
|
47
|
-
rescue LoadError => load_error
|
48
|
-
puts "tCell.io Failed to load common agent library. #{load_error.message}"
|
49
|
-
TCellAgent.logger.error("Failed to load common agent library. #{load_error.message}")
|
50
|
-
TCellAgent.logger.debug(load_error.backtrace)
|
51
|
-
|
52
|
-
def self.common_lib_available? # rubocop:disable Lint/DuplicateMethods
|
53
|
-
false
|
54
|
-
end
|
55
|
-
end
|
56
|
-
end
|
57
|
-
|
58
|
-
module Whisperer
|
59
|
-
def self.convert_result(function_called, result_size, result)
|
60
|
-
if result_size < 0
|
61
|
-
TCellAgent.logger.error(
|
62
|
-
"Error response from `#{function_called}` in native library: #{result_size}"
|
63
|
-
)
|
64
|
-
else
|
65
|
-
begin
|
66
|
-
response = JSON.parse(result.get_string(0, result_size))
|
67
|
-
if response['error']
|
68
|
-
TCellAgent.logger.error("#{function_called} returned an error: #{response['error']}")
|
69
|
-
response = {}
|
70
|
-
end
|
71
|
-
|
72
|
-
return response
|
73
|
-
rescue JSON::ParserError
|
74
|
-
# don't log the actual error since it might contain payload information
|
75
|
-
TCellAgent.logger.error(
|
76
|
-
"Could not parse json response from `#{function_called}` in native library."
|
77
|
-
)
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
|
-
{}
|
82
|
-
end
|
83
|
-
|
84
|
-
def self.create_agent
|
85
|
-
if TCellAgent::Rust::Wrapper.common_lib_available?
|
86
|
-
agent_config = {
|
87
|
-
'skip_logger' => true,
|
88
|
-
'application' => {
|
89
|
-
'app_id' => TCellAgent.configuration.app_id,
|
90
|
-
'api_key' => TCellAgent.configuration.api_key,
|
91
|
-
'allow_payloads' => !!TCellAgent.configuration.allow_payloads, # rubocop:disable Style/DoubleNegation
|
92
|
-
'js_agent_api_base_url' => TCellAgent.configuration.js_agent_api_base_url,
|
93
|
-
'js_agent_url' => TCellAgent.configuration.js_agent_url
|
94
|
-
},
|
95
|
-
'appfirewall' => {
|
96
|
-
'enable_body_xxe_inspection' => true,
|
97
|
-
'enable_body_json_inspection' => true,
|
98
|
-
'allow_log_payloads' => true
|
99
|
-
},
|
100
|
-
'policy_versions' => {
|
101
|
-
'patches' => 1,
|
102
|
-
'login' => 1,
|
103
|
-
'appsensor' => 2,
|
104
|
-
'regex' => 1,
|
105
|
-
'csp-headers' => 1,
|
106
|
-
'http-redirect' => 1,
|
107
|
-
'clickjacking' => 1,
|
108
|
-
'secure-headers' => 1,
|
109
|
-
'canaries' => 1,
|
110
|
-
'dlp' => 1,
|
111
|
-
'cmdi' => 1,
|
112
|
-
'jsagentinjection' => 1
|
113
|
-
},
|
114
|
-
'max_header_size' => TCellAgent.configuration.max_csp_header_bytes || (1024 * 1024)
|
115
|
-
}
|
116
|
-
config_pointer = FFI::MemoryPointer.from_string(
|
117
|
-
JSON.dump(agent_config)
|
118
|
-
)
|
119
|
-
|
120
|
-
buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
|
121
|
-
# config_pointer.size - 1: strips null terminator
|
122
|
-
result_size = TCellAgent::Rust::Wrapper.create_agent(
|
123
|
-
config_pointer, config_pointer.size - 1, buf, buf.size
|
124
|
-
)
|
125
|
-
return convert_result('create_agent', result_size, buf)
|
126
|
-
end
|
127
|
-
|
128
|
-
{}
|
129
|
-
end
|
130
|
-
|
131
|
-
def self.free_agent(agent_ptr)
|
132
|
-
if TCellAgent::Rust::Wrapper.common_lib_available? &&
|
133
|
-
agent_ptr
|
134
|
-
TCellAgent::Rust::Wrapper.free_agent(
|
135
|
-
FFI::Pointer.new(agent_ptr)
|
136
|
-
)
|
137
|
-
end
|
138
|
-
end
|
139
|
-
|
140
|
-
def self.update_policies(agent_ptr, policies)
|
141
|
-
if TCellAgent::Rust::Wrapper.common_lib_available? &&
|
142
|
-
agent_ptr &&
|
143
|
-
TCellAgent::Utils::Strings.present?(policies)
|
144
|
-
policies_pointer = FFI::MemoryPointer.from_string(
|
145
|
-
JSON.dump(policies)
|
146
|
-
)
|
147
|
-
|
148
|
-
buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
|
149
|
-
# policies_pointer.size - 1: strips null terminator
|
150
|
-
result_size = TCellAgent::Rust::Wrapper.update_policies(
|
151
|
-
FFI::Pointer.new(agent_ptr),
|
152
|
-
policies_pointer,
|
153
|
-
policies_pointer.size - 1,
|
154
|
-
buf,
|
155
|
-
buf.size
|
156
|
-
)
|
157
|
-
return convert_result('update_policies', result_size, buf)
|
158
|
-
end
|
159
|
-
|
160
|
-
{}
|
161
|
-
end
|
162
|
-
|
163
|
-
def self.apply_appfirewall(agent_ptr, appsensor_meta)
|
164
|
-
if TCellAgent::Rust::Wrapper.common_lib_available? &&
|
165
|
-
agent_ptr &&
|
166
|
-
appsensor_meta
|
167
|
-
request_response_json = TCellAgent::Rust::Models.create_request_response(
|
168
|
-
appsensor_meta
|
169
|
-
)
|
170
|
-
request_response_pointer = FFI::MemoryPointer.from_string(
|
171
|
-
JSON.dump(request_response_json)
|
172
|
-
)
|
173
|
-
|
174
|
-
buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
|
175
|
-
# request_response_pointer.size - 1: strips null terminator
|
176
|
-
result_size = TCellAgent::Rust::Wrapper.appfirewall_apply(
|
177
|
-
FFI::Pointer.new(agent_ptr),
|
178
|
-
request_response_pointer,
|
179
|
-
request_response_pointer.size - 1,
|
180
|
-
buf,
|
181
|
-
buf.size
|
182
|
-
)
|
183
|
-
return convert_result('apply_appfirewall', result_size, buf)
|
184
|
-
end
|
185
|
-
|
186
|
-
{}
|
187
|
-
end
|
188
|
-
|
189
|
-
def self.apply_patches(agent_ptr, appsensor_meta)
|
190
|
-
if TCellAgent::Rust::Wrapper.common_lib_available? &&
|
191
|
-
agent_ptr &&
|
192
|
-
appsensor_meta
|
193
|
-
patches_request_json = TCellAgent::Rust::Models.create_patches_request(
|
194
|
-
appsensor_meta
|
195
|
-
)
|
196
|
-
patches_request_pointer = FFI::MemoryPointer.from_string(
|
197
|
-
JSON.dump(patches_request_json)
|
198
|
-
)
|
199
|
-
|
200
|
-
buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
|
201
|
-
# patches_request_pointer.size - 1: strips null terminator
|
202
|
-
result_size = TCellAgent::Rust::Wrapper.patches_apply(
|
203
|
-
FFI::Pointer.new(agent_ptr),
|
204
|
-
patches_request_pointer,
|
205
|
-
patches_request_pointer.size - 1,
|
206
|
-
buf,
|
207
|
-
buf.size
|
208
|
-
)
|
209
|
-
return convert_result('apply_patches', result_size, buf)
|
210
|
-
end
|
211
|
-
|
212
|
-
{}
|
213
|
-
end
|
214
|
-
|
215
|
-
def self.apply_cmdi(agent_ptr, command, tcell_context)
|
216
|
-
if TCellAgent::Rust::Wrapper.common_lib_available? &&
|
217
|
-
agent_ptr &&
|
218
|
-
TCellAgent::Utils::Strings.present?(command)
|
219
|
-
method = tcell_context && tcell_context.request_method
|
220
|
-
path = tcell_context && tcell_context.path
|
221
|
-
command_info = {
|
222
|
-
'command' => command,
|
223
|
-
'method' => method,
|
224
|
-
'path' => path
|
225
|
-
}
|
226
|
-
command_pointer = FFI::MemoryPointer.from_string(
|
227
|
-
JSON.dump(command_info)
|
228
|
-
)
|
229
|
-
|
230
|
-
buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
|
231
|
-
# patches_request_pointer.size - 1: strips null terminator
|
232
|
-
result_size = TCellAgent::Rust::Wrapper.cmdi_apply(
|
233
|
-
FFI::Pointer.new(agent_ptr),
|
234
|
-
command_pointer,
|
235
|
-
command_pointer.size - 1,
|
236
|
-
buf,
|
237
|
-
buf.size
|
238
|
-
)
|
239
|
-
return convert_result('apply_cmdi', result_size, buf)
|
240
|
-
end
|
241
|
-
|
242
|
-
{}
|
243
|
-
end
|
244
|
-
|
245
|
-
def self.get_headers(agent_ptr, tcell_context)
|
246
|
-
if TCellAgent::Rust::Wrapper.common_lib_available? &&
|
247
|
-
agent_ptr &&
|
248
|
-
tcell_context
|
249
|
-
method = tcell_context.request_method
|
250
|
-
path = tcell_context.path
|
251
|
-
route_id = tcell_context.route_id
|
252
|
-
session_id = tcell_context.hmac_session_id
|
253
|
-
headers_request = {
|
254
|
-
:method => method,
|
255
|
-
:path => path,
|
256
|
-
:route_id => route_id && route_id.to_s,
|
257
|
-
:session_id => session_id && session_id.to_s
|
258
|
-
}
|
259
|
-
headers_request_pointer = FFI::MemoryPointer.from_string(
|
260
|
-
JSON.dump(headers_request)
|
261
|
-
)
|
262
|
-
|
263
|
-
buf = FFI::MemoryPointer.new(:uint8, 1024 * 16)
|
264
|
-
# patches_request_pointer.size - 1: strips null terminator
|
265
|
-
result_size = TCellAgent::Rust::Wrapper.get_headers(
|
266
|
-
FFI::Pointer.new(agent_ptr),
|
267
|
-
headers_request_pointer,
|
268
|
-
headers_request_pointer.size - 1,
|
269
|
-
buf,
|
270
|
-
buf.size
|
271
|
-
)
|
272
|
-
return convert_result('get_headers', result_size, buf)
|
273
|
-
end
|
274
|
-
|
275
|
-
{}
|
276
|
-
end
|
277
|
-
|
278
|
-
def self.get_js_agent_script_tag(agent_ptr, tcell_context)
|
279
|
-
if TCellAgent::Rust::Wrapper.common_lib_available? &&
|
280
|
-
agent_ptr &&
|
281
|
-
tcell_context
|
282
|
-
method = tcell_context.request_method
|
283
|
-
path = tcell_context.path
|
284
|
-
jsagent_request = {
|
285
|
-
:method => method,
|
286
|
-
:path => path
|
287
|
-
}
|
288
|
-
jsagent_request_pointer = FFI::MemoryPointer.from_string(
|
289
|
-
JSON.dump(jsagent_request)
|
290
|
-
)
|
291
|
-
|
292
|
-
buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
|
293
|
-
# patches_request_pointer.size - 1: strips null terminator
|
294
|
-
result_size = TCellAgent::Rust::Wrapper.get_js_agent_script_tag(
|
295
|
-
FFI::Pointer.new(agent_ptr),
|
296
|
-
jsagent_request_pointer,
|
297
|
-
jsagent_request_pointer.size - 1,
|
298
|
-
buf,
|
299
|
-
buf.size
|
300
|
-
)
|
301
|
-
return convert_result('get_js_agent_script_tag', result_size, buf)
|
302
|
-
end
|
303
|
-
|
304
|
-
{}
|
305
|
-
end
|
306
|
-
end
|
307
|
-
end
|
308
|
-
end
|
@@ -1,52 +0,0 @@
|
|
1
|
-
require 'tcell_agent/sensor_events/sensor'
|
2
|
-
|
3
|
-
module TCellAgent
|
4
|
-
module SensorEvents
|
5
|
-
class TCellAppSensorEvent < TCellSensorEvent
|
6
|
-
def initialize(location,
|
7
|
-
detection_point,
|
8
|
-
method,
|
9
|
-
remote_address,
|
10
|
-
param,
|
11
|
-
route_id,
|
12
|
-
meta,
|
13
|
-
hmac_session_id,
|
14
|
-
user_id,
|
15
|
-
payload,
|
16
|
-
pattern,
|
17
|
-
full_uri)
|
18
|
-
super('as')
|
19
|
-
self['dp'] = detection_point
|
20
|
-
|
21
|
-
self['param'] = param.to_s if param
|
22
|
-
self['m'] = method.to_s if method
|
23
|
-
self['pattern'] = pattern if pattern
|
24
|
-
self['meta'] = meta if meta
|
25
|
-
self['rid'] = route_id.to_s if route_id
|
26
|
-
self['full_uri'] = full_uri if full_uri
|
27
|
-
self['uri'] = location if location
|
28
|
-
self['uid'] = user_id.to_s if user_id
|
29
|
-
self['sid'] = hmac_session_id if hmac_session_id
|
30
|
-
self['remote_addr'] = remote_address.to_s if remote_address
|
31
|
-
self['payload'] = payload if payload
|
32
|
-
end
|
33
|
-
|
34
|
-
def self.build_from_native_lib_event(event)
|
35
|
-
TCellAppSensorEvent.new(
|
36
|
-
event['uri'],
|
37
|
-
event['detection_point'],
|
38
|
-
event['method'],
|
39
|
-
event['remote_address'],
|
40
|
-
event['parameter'],
|
41
|
-
event['route_id'],
|
42
|
-
event['meta'],
|
43
|
-
event['session_id'],
|
44
|
-
event['user_id'],
|
45
|
-
event['payload'],
|
46
|
-
event['pattern'],
|
47
|
-
event['full_uri']
|
48
|
-
)
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|
@@ -1,45 +0,0 @@
|
|
1
|
-
require 'tcell_agent/agent'
|
2
|
-
require 'tcell_agent/agent/policy_types'
|
3
|
-
require 'tcell_agent/tcell_context'
|
4
|
-
require 'tcell_agent/sensor_events/sensor'
|
5
|
-
|
6
|
-
module TCellAgent
|
7
|
-
module SensorEvents
|
8
|
-
class AppSensorMetaEvent < TCellAgent::SensorEvents::TCellSensorEvent
|
9
|
-
class << self
|
10
|
-
def build(request, response_content_length, response_code, response_headers)
|
11
|
-
meta_data = TCellAgent::MetaData.from_request(request)
|
12
|
-
|
13
|
-
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
14
|
-
meta_data.csrf_exception_name = tcell_context.csrf_exception_name
|
15
|
-
meta_data.user_agent = tcell_context.user_agent
|
16
|
-
meta_data.path_parameters = tcell_context.path_parameters
|
17
|
-
meta_data.sql_exceptions = tcell_context.sql_exceptions
|
18
|
-
meta_data.database_result_sizes = tcell_context.database_result_sizes
|
19
|
-
|
20
|
-
meta_data.response_content_bytes_len = response_content_length
|
21
|
-
|
22
|
-
meta_data.response_code = response_code
|
23
|
-
meta_data.response_headers = response_headers
|
24
|
-
|
25
|
-
AppSensorMetaEvent.new(meta_data)
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
attr_accessor :meta_data
|
30
|
-
|
31
|
-
def initialize(meta_data)
|
32
|
-
@send = false
|
33
|
-
|
34
|
-
@meta_data = meta_data
|
35
|
-
end
|
36
|
-
|
37
|
-
def post_process
|
38
|
-
rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
|
39
|
-
return unless rust_policies
|
40
|
-
|
41
|
-
rust_policies.check_appfirewall_injections(@meta_data)
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|