tcell_agent 1.1.12 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (169) hide show
  1. checksums.yaml +5 -5
  2. data/bin/tcell_agent +45 -137
  3. data/lib/tcell_agent.rb +12 -14
  4. data/lib/tcell_agent/agent.rb +108 -97
  5. data/lib/tcell_agent/agent/route_manager.rb +0 -16
  6. data/lib/tcell_agent/agent/static_agent.rb +9 -30
  7. data/lib/tcell_agent/config_initializer.rb +66 -0
  8. data/lib/tcell_agent/configuration.rb +69 -345
  9. data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
  10. data/lib/tcell_agent/instrument_servers.rb +23 -0
  11. data/lib/tcell_agent/instrumentation.rb +12 -10
  12. data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
  13. data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
  14. data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
  15. data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
  16. data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
  17. data/lib/tcell_agent/logger.rb +49 -114
  18. data/lib/tcell_agent/patches.rb +6 -7
  19. data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
  20. data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
  21. data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
  22. data/lib/tcell_agent/policies/headers_policy.rb +25 -0
  23. data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
  24. data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
  25. data/lib/tcell_agent/policies/local_file_access.rb +28 -0
  26. data/lib/tcell_agent/policies/login_policy.rb +43 -0
  27. data/lib/tcell_agent/policies/patches_policy.rb +27 -0
  28. data/lib/tcell_agent/policies/policies_manager.rb +68 -0
  29. data/lib/tcell_agent/policies/policy_polling.rb +58 -0
  30. data/lib/tcell_agent/policies/policy_types.rb +14 -0
  31. data/lib/tcell_agent/policies/system_enablements.rb +27 -0
  32. data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
  33. data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
  34. data/lib/tcell_agent/rails/auth/devise.rb +100 -105
  35. data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
  36. data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
  37. data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
  38. data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
  39. data/lib/tcell_agent/rails/dlp.rb +35 -23
  40. data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
  41. data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
  42. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
  43. data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
  44. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  45. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
  46. data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
  47. data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
  48. data/lib/tcell_agent/rails/routes.rb +10 -12
  49. data/lib/tcell_agent/rails/routes/grape.rb +4 -14
  50. data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
  51. data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
  52. data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
  53. data/lib/tcell_agent/rust/agent_config.rb +60 -0
  54. data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
  55. data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
  56. data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
  57. data/lib/tcell_agent/rust/models.rb +6 -52
  58. data/lib/tcell_agent/rust/native_agent.rb +549 -0
  59. data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
  60. data/lib/tcell_agent/rust/native_library.rb +69 -0
  61. data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
  62. data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
  63. data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
  64. data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
  65. data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
  66. data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
  67. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
  68. data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
  69. data/lib/tcell_agent/servers/passenger.rb +1 -28
  70. data/lib/tcell_agent/servers/puma.rb +3 -21
  71. data/lib/tcell_agent/servers/rails_server.rb +1 -2
  72. data/lib/tcell_agent/servers/thin.rb +2 -2
  73. data/lib/tcell_agent/servers/unicorn.rb +19 -80
  74. data/lib/tcell_agent/servers/webrick.rb +1 -2
  75. data/lib/tcell_agent/settings_reporter.rb +11 -90
  76. data/lib/tcell_agent/sinatra.rb +14 -16
  77. data/lib/tcell_agent/tcell_context.rb +40 -14
  78. data/lib/tcell_agent/utils/headers.rb +14 -0
  79. data/lib/tcell_agent/version.rb +1 -1
  80. data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
  81. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
  82. data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
  83. data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
  84. data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
  85. data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
  86. data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
  87. data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
  88. data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
  89. data/spec/lib/tcell_agent/patches_spec.rb +25 -43
  90. data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
  91. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
  92. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
  93. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
  94. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
  95. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
  96. data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
  97. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
  98. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
  99. data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
  100. data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
  101. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
  102. data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
  103. data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
  104. data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
  105. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
  106. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
  107. data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
  108. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
  109. data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
  110. data/spec/spec_helper.rb +1 -1
  111. data/spec/support/builders.rb +103 -0
  112. data/spec/support/force_logger_mocking.rb +38 -0
  113. data/spec/support/resources/lfi_sample_file.txt +2 -0
  114. data/spec/support/static_agent_overrides.rb +0 -15
  115. metadata +72 -83
  116. data/lib/tcell_agent/agent/event_processor.rb +0 -326
  117. data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
  118. data/lib/tcell_agent/agent/policy_manager.rb +0 -219
  119. data/lib/tcell_agent/agent/policy_types.rb +0 -30
  120. data/lib/tcell_agent/api.rb +0 -91
  121. data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
  122. data/lib/tcell_agent/authlogic.rb +0 -26
  123. data/lib/tcell_agent/config/child_process_events.rb +0 -8
  124. data/lib/tcell_agent/config/unknown_options.rb +0 -123
  125. data/lib/tcell_agent/devise.rb +0 -35
  126. data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
  127. data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
  128. data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
  129. data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
  130. data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
  131. data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
  132. data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
  133. data/lib/tcell_agent/policies/rust_policies.rb +0 -110
  134. data/lib/tcell_agent/rails/on_start.rb +0 -41
  135. data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
  136. data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
  137. data/lib/tcell_agent/rust/whisperer.rb +0 -308
  138. data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
  139. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
  140. data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
  141. data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
  142. data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
  143. data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
  144. data/lib/tcell_agent/sensor_events/patches.rb +0 -21
  145. data/lib/tcell_agent/start_background_thread.rb +0 -55
  146. data/lib/tcell_agent/system_info.rb +0 -11
  147. data/lib/tcell_agent/utils/io.rb +0 -38
  148. data/lib/tcell_agent/utils/passwords.rb +0 -28
  149. data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
  150. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
  151. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
  152. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
  153. data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
  154. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
  155. data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
  156. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
  157. data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
  158. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
  159. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
  160. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
  161. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
  162. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
  163. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
  164. data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
  165. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
  166. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
  167. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
  168. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
  169. data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -1,41 +0,0 @@
1
- # See the file "LICENSE" for the full license governing this code.
2
-
3
- # require 'tcell_agent/authlogic' if defined?(Authlogic)
4
-
5
- require 'rails'
6
-
7
- require 'tcell_agent/configuration'
8
-
9
- require 'tcell_agent/rails/routes'
10
- require 'tcell_agent/rails/dlp/process_request'
11
-
12
- TCellAgent::Instrumentation::Rails.send_language_info
13
- TCellAgent::Instrumentation::Rails.send_framework_info
14
-
15
- if Rails.application
16
- if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
17
- TCellAgent::Instrumentation::Rails.send_settings(Rails.application)
18
- end
19
-
20
- else
21
- module TCellAgent
22
- class MyRailtie < Rails::Railtie
23
- initializer 'activeservice.autoload', :after => :set_autoload_paths do |_app|
24
- Rails.application.config.to_prepare do
25
- require 'tcell_agent/devise' if defined?(Devise)
26
- require 'tcell_agent/rails/auth/devise' if defined?(Devise)
27
- require 'tcell_agent/authlogic' if defined?(Authlogic)
28
- require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
29
- require 'tcell_agent/rails/auth/doorkeeper'
30
- end
31
-
32
- # TODO: will this get run ever?
33
- if TCellAgent.configuration.enabled
34
- Rails.application.config.after_initialize do
35
- TCellAgent::Instrumentation::Rails.send_settings(Rails.application)
36
- end
37
- end
38
- end
39
- end
40
- end
41
- end
@@ -1,308 +0,0 @@
1
- require 'tcell_agent/rust/models'
2
- require 'tcell_agent/logger'
3
-
4
- module TCellAgent
5
- module Rust
6
- require 'ffi'
7
-
8
- module Wrapper
9
- extend FFI::Library
10
-
11
- VERSION = '1.3.2'.freeze
12
- prefix = 'lib'
13
- extension = '.so'
14
- variant = ''
15
- if /cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM
16
- extension = '.dll'
17
- prefix = ''
18
- elsif /darwin/ =~ RUBY_PLATFORM
19
- extension = '.dylib'
20
- elsif /musl/ =~ RUBY_PLATFORM
21
- variant = 'alpine-'
22
- end
23
-
24
- begin
25
- ffi_lib File.join(File.dirname(__FILE__),
26
- "#{prefix}tcellagent-#{variant}#{VERSION}#{extension}")
27
-
28
- # All the rust library calls have the following response api:
29
- #
30
- # result [int]: 0+ length of buffer_out answer
31
- # -1 general error
32
- # -2 buffer_out is not big enough for response
33
- # -3 buffer_out is null
34
-
35
- attach_function :create_agent, %i[pointer size_t pointer size_t], :int
36
- attach_function :free_agent, [:pointer], :int
37
- attach_function :update_policies, %i[pointer pointer size_t pointer size_t], :int
38
- attach_function :appfirewall_apply, %i[pointer pointer size_t pointer size_t], :int
39
- attach_function :patches_apply, %i[pointer pointer size_t pointer size_t], :int
40
- attach_function :cmdi_apply, %i[pointer pointer size_t pointer size_t], :int
41
- attach_function :get_headers, %i[pointer pointer size_t pointer size_t], :int
42
- attach_function :get_js_agent_script_tag, %i[pointer pointer size_t pointer size_t], :int
43
-
44
- def self.common_lib_available?
45
- true
46
- end
47
- rescue LoadError => load_error
48
- puts "tCell.io Failed to load common agent library. #{load_error.message}"
49
- TCellAgent.logger.error("Failed to load common agent library. #{load_error.message}")
50
- TCellAgent.logger.debug(load_error.backtrace)
51
-
52
- def self.common_lib_available? # rubocop:disable Lint/DuplicateMethods
53
- false
54
- end
55
- end
56
- end
57
-
58
- module Whisperer
59
- def self.convert_result(function_called, result_size, result)
60
- if result_size < 0
61
- TCellAgent.logger.error(
62
- "Error response from `#{function_called}` in native library: #{result_size}"
63
- )
64
- else
65
- begin
66
- response = JSON.parse(result.get_string(0, result_size))
67
- if response['error']
68
- TCellAgent.logger.error("#{function_called} returned an error: #{response['error']}")
69
- response = {}
70
- end
71
-
72
- return response
73
- rescue JSON::ParserError
74
- # don't log the actual error since it might contain payload information
75
- TCellAgent.logger.error(
76
- "Could not parse json response from `#{function_called}` in native library."
77
- )
78
- end
79
- end
80
-
81
- {}
82
- end
83
-
84
- def self.create_agent
85
- if TCellAgent::Rust::Wrapper.common_lib_available?
86
- agent_config = {
87
- 'skip_logger' => true,
88
- 'application' => {
89
- 'app_id' => TCellAgent.configuration.app_id,
90
- 'api_key' => TCellAgent.configuration.api_key,
91
- 'allow_payloads' => !!TCellAgent.configuration.allow_payloads, # rubocop:disable Style/DoubleNegation
92
- 'js_agent_api_base_url' => TCellAgent.configuration.js_agent_api_base_url,
93
- 'js_agent_url' => TCellAgent.configuration.js_agent_url
94
- },
95
- 'appfirewall' => {
96
- 'enable_body_xxe_inspection' => true,
97
- 'enable_body_json_inspection' => true,
98
- 'allow_log_payloads' => true
99
- },
100
- 'policy_versions' => {
101
- 'patches' => 1,
102
- 'login' => 1,
103
- 'appsensor' => 2,
104
- 'regex' => 1,
105
- 'csp-headers' => 1,
106
- 'http-redirect' => 1,
107
- 'clickjacking' => 1,
108
- 'secure-headers' => 1,
109
- 'canaries' => 1,
110
- 'dlp' => 1,
111
- 'cmdi' => 1,
112
- 'jsagentinjection' => 1
113
- },
114
- 'max_header_size' => TCellAgent.configuration.max_csp_header_bytes || (1024 * 1024)
115
- }
116
- config_pointer = FFI::MemoryPointer.from_string(
117
- JSON.dump(agent_config)
118
- )
119
-
120
- buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
121
- # config_pointer.size - 1: strips null terminator
122
- result_size = TCellAgent::Rust::Wrapper.create_agent(
123
- config_pointer, config_pointer.size - 1, buf, buf.size
124
- )
125
- return convert_result('create_agent', result_size, buf)
126
- end
127
-
128
- {}
129
- end
130
-
131
- def self.free_agent(agent_ptr)
132
- if TCellAgent::Rust::Wrapper.common_lib_available? &&
133
- agent_ptr
134
- TCellAgent::Rust::Wrapper.free_agent(
135
- FFI::Pointer.new(agent_ptr)
136
- )
137
- end
138
- end
139
-
140
- def self.update_policies(agent_ptr, policies)
141
- if TCellAgent::Rust::Wrapper.common_lib_available? &&
142
- agent_ptr &&
143
- TCellAgent::Utils::Strings.present?(policies)
144
- policies_pointer = FFI::MemoryPointer.from_string(
145
- JSON.dump(policies)
146
- )
147
-
148
- buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
149
- # policies_pointer.size - 1: strips null terminator
150
- result_size = TCellAgent::Rust::Wrapper.update_policies(
151
- FFI::Pointer.new(agent_ptr),
152
- policies_pointer,
153
- policies_pointer.size - 1,
154
- buf,
155
- buf.size
156
- )
157
- return convert_result('update_policies', result_size, buf)
158
- end
159
-
160
- {}
161
- end
162
-
163
- def self.apply_appfirewall(agent_ptr, appsensor_meta)
164
- if TCellAgent::Rust::Wrapper.common_lib_available? &&
165
- agent_ptr &&
166
- appsensor_meta
167
- request_response_json = TCellAgent::Rust::Models.create_request_response(
168
- appsensor_meta
169
- )
170
- request_response_pointer = FFI::MemoryPointer.from_string(
171
- JSON.dump(request_response_json)
172
- )
173
-
174
- buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
175
- # request_response_pointer.size - 1: strips null terminator
176
- result_size = TCellAgent::Rust::Wrapper.appfirewall_apply(
177
- FFI::Pointer.new(agent_ptr),
178
- request_response_pointer,
179
- request_response_pointer.size - 1,
180
- buf,
181
- buf.size
182
- )
183
- return convert_result('apply_appfirewall', result_size, buf)
184
- end
185
-
186
- {}
187
- end
188
-
189
- def self.apply_patches(agent_ptr, appsensor_meta)
190
- if TCellAgent::Rust::Wrapper.common_lib_available? &&
191
- agent_ptr &&
192
- appsensor_meta
193
- patches_request_json = TCellAgent::Rust::Models.create_patches_request(
194
- appsensor_meta
195
- )
196
- patches_request_pointer = FFI::MemoryPointer.from_string(
197
- JSON.dump(patches_request_json)
198
- )
199
-
200
- buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
201
- # patches_request_pointer.size - 1: strips null terminator
202
- result_size = TCellAgent::Rust::Wrapper.patches_apply(
203
- FFI::Pointer.new(agent_ptr),
204
- patches_request_pointer,
205
- patches_request_pointer.size - 1,
206
- buf,
207
- buf.size
208
- )
209
- return convert_result('apply_patches', result_size, buf)
210
- end
211
-
212
- {}
213
- end
214
-
215
- def self.apply_cmdi(agent_ptr, command, tcell_context)
216
- if TCellAgent::Rust::Wrapper.common_lib_available? &&
217
- agent_ptr &&
218
- TCellAgent::Utils::Strings.present?(command)
219
- method = tcell_context && tcell_context.request_method
220
- path = tcell_context && tcell_context.path
221
- command_info = {
222
- 'command' => command,
223
- 'method' => method,
224
- 'path' => path
225
- }
226
- command_pointer = FFI::MemoryPointer.from_string(
227
- JSON.dump(command_info)
228
- )
229
-
230
- buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
231
- # patches_request_pointer.size - 1: strips null terminator
232
- result_size = TCellAgent::Rust::Wrapper.cmdi_apply(
233
- FFI::Pointer.new(agent_ptr),
234
- command_pointer,
235
- command_pointer.size - 1,
236
- buf,
237
- buf.size
238
- )
239
- return convert_result('apply_cmdi', result_size, buf)
240
- end
241
-
242
- {}
243
- end
244
-
245
- def self.get_headers(agent_ptr, tcell_context)
246
- if TCellAgent::Rust::Wrapper.common_lib_available? &&
247
- agent_ptr &&
248
- tcell_context
249
- method = tcell_context.request_method
250
- path = tcell_context.path
251
- route_id = tcell_context.route_id
252
- session_id = tcell_context.hmac_session_id
253
- headers_request = {
254
- :method => method,
255
- :path => path,
256
- :route_id => route_id && route_id.to_s,
257
- :session_id => session_id && session_id.to_s
258
- }
259
- headers_request_pointer = FFI::MemoryPointer.from_string(
260
- JSON.dump(headers_request)
261
- )
262
-
263
- buf = FFI::MemoryPointer.new(:uint8, 1024 * 16)
264
- # patches_request_pointer.size - 1: strips null terminator
265
- result_size = TCellAgent::Rust::Wrapper.get_headers(
266
- FFI::Pointer.new(agent_ptr),
267
- headers_request_pointer,
268
- headers_request_pointer.size - 1,
269
- buf,
270
- buf.size
271
- )
272
- return convert_result('get_headers', result_size, buf)
273
- end
274
-
275
- {}
276
- end
277
-
278
- def self.get_js_agent_script_tag(agent_ptr, tcell_context)
279
- if TCellAgent::Rust::Wrapper.common_lib_available? &&
280
- agent_ptr &&
281
- tcell_context
282
- method = tcell_context.request_method
283
- path = tcell_context.path
284
- jsagent_request = {
285
- :method => method,
286
- :path => path
287
- }
288
- jsagent_request_pointer = FFI::MemoryPointer.from_string(
289
- JSON.dump(jsagent_request)
290
- )
291
-
292
- buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
293
- # patches_request_pointer.size - 1: strips null terminator
294
- result_size = TCellAgent::Rust::Wrapper.get_js_agent_script_tag(
295
- FFI::Pointer.new(agent_ptr),
296
- jsagent_request_pointer,
297
- jsagent_request_pointer.size - 1,
298
- buf,
299
- buf.size
300
- )
301
- return convert_result('get_js_agent_script_tag', result_size, buf)
302
- end
303
-
304
- {}
305
- end
306
- end
307
- end
308
- end
@@ -1,52 +0,0 @@
1
- require 'tcell_agent/sensor_events/sensor'
2
-
3
- module TCellAgent
4
- module SensorEvents
5
- class TCellAppSensorEvent < TCellSensorEvent
6
- def initialize(location,
7
- detection_point,
8
- method,
9
- remote_address,
10
- param,
11
- route_id,
12
- meta,
13
- hmac_session_id,
14
- user_id,
15
- payload,
16
- pattern,
17
- full_uri)
18
- super('as')
19
- self['dp'] = detection_point
20
-
21
- self['param'] = param.to_s if param
22
- self['m'] = method.to_s if method
23
- self['pattern'] = pattern if pattern
24
- self['meta'] = meta if meta
25
- self['rid'] = route_id.to_s if route_id
26
- self['full_uri'] = full_uri if full_uri
27
- self['uri'] = location if location
28
- self['uid'] = user_id.to_s if user_id
29
- self['sid'] = hmac_session_id if hmac_session_id
30
- self['remote_addr'] = remote_address.to_s if remote_address
31
- self['payload'] = payload if payload
32
- end
33
-
34
- def self.build_from_native_lib_event(event)
35
- TCellAppSensorEvent.new(
36
- event['uri'],
37
- event['detection_point'],
38
- event['method'],
39
- event['remote_address'],
40
- event['parameter'],
41
- event['route_id'],
42
- event['meta'],
43
- event['session_id'],
44
- event['user_id'],
45
- event['payload'],
46
- event['pattern'],
47
- event['full_uri']
48
- )
49
- end
50
- end
51
- end
52
- end
@@ -1,45 +0,0 @@
1
- require 'tcell_agent/agent'
2
- require 'tcell_agent/agent/policy_types'
3
- require 'tcell_agent/tcell_context'
4
- require 'tcell_agent/sensor_events/sensor'
5
-
6
- module TCellAgent
7
- module SensorEvents
8
- class AppSensorMetaEvent < TCellAgent::SensorEvents::TCellSensorEvent
9
- class << self
10
- def build(request, response_content_length, response_code, response_headers)
11
- meta_data = TCellAgent::MetaData.from_request(request)
12
-
13
- tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
14
- meta_data.csrf_exception_name = tcell_context.csrf_exception_name
15
- meta_data.user_agent = tcell_context.user_agent
16
- meta_data.path_parameters = tcell_context.path_parameters
17
- meta_data.sql_exceptions = tcell_context.sql_exceptions
18
- meta_data.database_result_sizes = tcell_context.database_result_sizes
19
-
20
- meta_data.response_content_bytes_len = response_content_length
21
-
22
- meta_data.response_code = response_code
23
- meta_data.response_headers = response_headers
24
-
25
- AppSensorMetaEvent.new(meta_data)
26
- end
27
- end
28
-
29
- attr_accessor :meta_data
30
-
31
- def initialize(meta_data)
32
- @send = false
33
-
34
- @meta_data = meta_data
35
- end
36
-
37
- def post_process
38
- rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
39
- return unless rust_policies
40
-
41
- rust_policies.check_appfirewall_injections(@meta_data)
42
- end
43
- end
44
- end
45
- end