tcell_agent 1.1.12 → 2.2.0

data/lib/tcell_agent/sensor_events/command_injection.rb

@@ -1,75 +0,0 @@
-require 'tcell_agent/sensor_events/sensor'
-
-module TCellAgent
-  module SensorEvents
-    class CommandInjectionMatchEvent < Hash
-      def initialize(rule_id, command)
-        self['rule_id'] = rule_id
-        self['command'] = command if command
-      end
-    end
-
-    class CommandInjectionEvent < TCellSensorEvent
-      def self.build_from_native_lib_response_and_tcell_context(apply_response,
-                                                                tcell_context)
-        matches = apply_response.fetch('matches', [])
-
-        return nil if !matches || matches.empty?
-
-        method, remote_address, route_id, session_id, user_id, uri = nil
-        if tcell_context
-          method = tcell_context.request_method
-          remote_address = tcell_context.ip_address
-          route_id = tcell_context.route_id
-          session_id = tcell_context.hmac_session_id
-          user_id = tcell_context.user_id
-          uri = tcell_context.uri
-        end
-
-        matches_without_emtpy_values = matches.map do |match|
-          CommandInjectionMatchEvent.new(
-            match['rule_id'], match['command']
-          )
-        end
-
-        CommandInjectionEvent.new(
-          apply_response['commands'],
-          apply_response.fetch('blocked', false),
-          matches_without_emtpy_values,
-          method,
-          remote_address,
-          route_id,
-          session_id,
-          user_id,
-          uri,
-          apply_response['full_commandline']
-        )
-      end
-
-      def initialize(commands,
-                     blocked,
-                     matches,
-                     method = nil,
-                     remote_address = nil,
-                     route_id = nil,
-                     session_id = nil,
-                     user_id = nil,
-                     uri = nil,
-                     full_commandline = nil)
-        super('cmdi')
-
-        self['commands'] = commands
-        self['blocked'] = blocked
-        self['matches'] = matches
-        self['m'] = method if method
-
-        self['remote_addr'] = remote_address if remote_address
-        self['rid'] = route_id if route_id
-        self['sid'] = session_id if session_id
-        self['uid'] = user_id if user_id
-        self['full_commandline'] = full_commandline if full_commandline
-        self['uri'] = TCellAgent::SensorEvents::Util.strip_uri_values(uri) if uri
-      end
-    end
-  end
-end

data/lib/tcell_agent/sensor_events/honeytokens.rb

@@ -1,16 +0,0 @@
-# See the file "LICENSE" for the full license governing this code.
-
-require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-require 'tcell_agent/sensor_events/sensor'
-
-module TCellAgent
-  module SensorEvents
-    class HoneytokensSensorEvent < TCellSensorEvent
-      def initialize(request, token_id)
-        super('honeytoken')
-        self['id'] = token_id
-        self['ip'] = request.remote_ip
-      end
-    end
-  end
-end

data/lib/tcell_agent/sensor_events/login_fraud.rb

@@ -1,60 +0,0 @@
-# See the file "LICENSE" for the full license governing this code.
-
-require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-require 'tcell_agent/sensor_events/sensor'
-
-module TCellAgent
-  module SensorEvents
-    class LoginEvent < TCellSensorEvent
-      def initialize(header_keys,
-                     tcell_data,
-                     user_id,
-                     password,
-                     user_valid)
-        super('login')
-
-        self['header_keys'] = header_keys
-
-        self['user_agent'] = tcell_data.user_agent.to_s if tcell_data.user_agent
-        self['referrer'] = TCellAgent::SensorEvents::Util.strip_uri_values(tcell_data.referrer) if tcell_data.referrer
-        self['remote_addr'] = tcell_data.ip_address.to_s if tcell_data.ip_address
-        self['user_id'] = user_id.to_s if user_id
-        self['document_uri'] = TCellAgent::SensorEvents::Util.strip_uri_values(tcell_data.path) if tcell_data.path
-        self['session'] = tcell_data.hmac_session_id if tcell_data.hmac_session_id
-
-        digest = TCellAgent::Utils::Passwords.fingerprint_password(password,
-                                                                   user_id)
-        self['password_id'] = digest if digest
-        self['user_valid'] = user_valid if user_valid
-      end
-    end
-
-    class LoginFailure < LoginEvent
-      def initialize(request_env_or_header_keys,
-                     tcell_data,
-                     user_id,
-                     password,
-                     user_valid = nil)
-        header_keys = Util.clean_header_keys(request_env_or_header_keys)
-
-        super(header_keys, tcell_data, user_id, password, user_valid)
-
-        self['event_name'] = 'login-failure'
-      end
-    end
-
-    class LoginSuccess < LoginEvent
-      def initialize(request_env_or_header_keys,
-                     tcell_data,
-                     user_id,
-                     password,
-                     user_valid = nil)
-        header_keys = Util.clean_header_keys(request_env_or_header_keys)
-
-        super(header_keys, tcell_data, user_id, password, user_valid)
-
-        self['event_name'] = 'login-success'
-      end
-    end
-  end
-end

data/lib/tcell_agent/sensor_events/metrics.rb

@@ -1,123 +0,0 @@
-# See the file "LICENSE" for the full license governing this code.
-
-module TCellAgent
-  module SensorEvents
-    class Counter
-      attr_reader :counter
-      def initialize
-        @counter = 0
-      end
-
-      def add_object
-        @counter += 1
-      end
-
-      def reset
-        @counter = 0
-      end
-    end
-
-    class RequestRouteTimer < TCellSensorEvent
-      attr_accessor :route_id
-      attr_accessor :response_time
-      def initialize(route_id, response_time)
-        super('RequestRouteTimer')
-        self.route_id = route_id
-        self.response_time = response_time
-        @send = false
-      end
-    end
-
-    class MetricsEvent < TCellSensorEvent
-      def initialize
-        super('metrics')
-      end
-
-      def set_route_count_table(route_count_table)
-        self['rct'] = route_count_table
-      end
-    end
-
-    class SessionsMetric < TCellSensorEvent
-      class UserSessionTrackMetric < Hash
-        def initialize(object_counter, user_id)
-          @object_counter = object_counter
-          @user_agents = {}
-          self['uid'] = user_id
-          self['track'] = []
-        end
-
-        def add_user_agent_ip(truncated_agent, ip_address)
-          if @user_agents.key?(truncated_agent)
-            tracked_agents = @user_agents[truncated_agent]
-            ips = tracked_agents[1]
-            unless ips.include?(ip_address)
-              @object_counter.add_object
-              ips.push(ip_address)
-            end
-          else
-            @object_counter.add_object
-            @user_agents[truncated_agent] = [truncated_agent, [ip_address]]
-            self['track'].push(@user_agents[truncated_agent])
-          end
-        end
-      end
-
-      class UserSessionMetric < Array
-        def initialize(object_counter)
-          @user_ids = {}
-          @object_counter = object_counter
-        end
-
-        def add_user_id_user_agent_ip(user_id, truncated_agent, ip_address)
-          if @user_ids.key?(user_id)
-            user_id_info = @user_ids[user_id]
-            user_id_info.add_user_agent_ip(truncated_agent, ip_address)
-          else
-            @object_counter.add_object
-
-            @user_ids[user_id] = user_id_info = UserSessionTrackMetric.new(@object_counter, user_id)
-            user_id_info.add_user_agent_ip(truncated_agent, ip_address)
-
-            push(user_id_info)
-          end
-        end
-      end
-
-      def initialize
-        super('metrics')
-        @send = false
-        @flush = false
-
-        self['sessions'] = {}
-        @has_sessions = false
-        @object_counter = Counter.new
-      end
-
-      def sessions?
-        @has_sessions
-      end
-
-      def add_session_info(hmac_session_id, user_id, ip_address, user_agent)
-        if @object_counter.counter >= 250
-          TCellAgent.logger.warn('Sessions Metric is full. Information dropped')
-
-        else
-          self['sessions'][hmac_session_id] =
-            self['sessions'].fetch(hmac_session_id, UserSessionMetric.new(@object_counter))
-
-          @has_sessions = true
-
-          truncated_agent = truncated_user_agent(user_agent)
-          self['sessions'][hmac_session_id].add_user_id_user_agent_ip(user_id, truncated_agent, ip_address)
-
-          @flush = true if @object_counter.counter >= 200
-        end
-      end
-
-      def truncated_user_agent(user_agent)
-        user_agent[0...256]
-      end
-    end
-  end
-end

data/lib/tcell_agent/sensor_events/patches.rb

@@ -1,21 +0,0 @@
-require 'tcell_agent/sensor_events/sensor'
-
-module TCellAgent
-  module SensorEvents
-    class PatchesEvent < TCellSensorEvent
-      def initialize(rust_response, appsensor_meta)
-        super('patches')
-
-        self['patches_pid'] = rust_response['patches_policy_id']
-        self['rule_id'] = rust_response['rule_id']
-        self['action'] = 'blocked'
-        self['sz'] = appsensor_meta.request_content_bytes_len if appsensor_meta.request_content_bytes_len
-        self['m'] = appsensor_meta.method if appsensor_meta.method
-        self['remote_addr'] = appsensor_meta.remote_address if appsensor_meta.remote_address
-        self['uri'] = TCellAgent::SensorEvents::Util.strip_uri_values(appsensor_meta.location) if appsensor_meta.location
-        self['regex_pid'] = rust_response['regex_pid'] if rust_response['regex_pid']
-        self['payload'] = rust_response['payload'] if rust_response['payload']
-      end
-    end
-  end
-end

data/lib/tcell_agent/start_background_thread.rb

@@ -1,55 +0,0 @@
-# See the file "LICENSE" for the full license governing this code.
-require 'tcell_agent/configuration'
-
-unless TCellAgent.configuration.disable_all
-  require 'tcell_agent/logger'
-  require 'tcell_agent/agent'
-  require 'thread'
-
-  module TCellAgent
-    # require 'tcell_agent/sinatra' if defined?(Sinatra)
-    require 'tcell_agent/rails' if defined?(Rails)
-    require 'tcell_agent/instrumentation/cmdi'
-
-    def self.run_instrumentation(server_name, send_startup_events = true)
-      require 'tcell_agent/hooks/login_fraud'
-      require 'tcell_agent/rails/on_start' if defined?(Rails)
-      require 'tcell_agent/settings_reporter'
-
-      TCellAgent::Instrumentation.safe_block('Starting thread agent') do
-        TCellAgent.logger.debug("Instrumenting: #{server_name}")
-        TCellAgent.thread_agent.start
-      end
-
-      report_settings(send_startup_events)
-    end
-  end
-
-  tcell_server = ENV['TCELL_AGENT_SERVER']
-
-  if TCellAgent.configuration.should_instrument?
-    unless tcell_server && tcell_server == 'mock'
-
-      if (tcell_server && tcell_server == 'webrick') || defined?(Rails::Server)
-        require('tcell_agent/servers/rails_server')
-
-      elsif (tcell_server && tcell_server == 'thin') || defined?(Thin)
-        require('tcell_agent/servers/thin')
-
-      elsif (tcell_server && tcell_server == 'puma') || defined?(Puma)
-        require('tcell_agent/servers/puma')
-
-      elsif (tcell_server && tcell_server == 'unicorn') || defined?(Unicorn)
-        require('tcell_agent/servers/unicorn')
-
-      elsif (tcell_server && tcell_server == 'passenger') || defined?(PhusionPassenger)
-        require('tcell_agent/servers/passenger')
-
-      end
-    end
-
-  elsif (tcell_server && tcell_server == 'unicorn') || defined?(Unicorn)
-    # unicorn is always instrumented to support rolling restarts
-    require('tcell_agent/servers/unicorn')
-  end
-end

data/lib/tcell_agent/system_info.rb

@@ -1,11 +0,0 @@
-module TCellAgent
-  module SystemInfo
-    def self.get_language_version
-      RUBY_VERSION
-    end
-
-    def self.get_language
-      'Ruby'
-    end
-  end
-end

data/lib/tcell_agent/utils/io.rb

@@ -1,38 +0,0 @@
-require 'pathname'
-require 'tcell_agent/instrumentation'
-require 'tcell_agent/utils/strings'
-
-module TCellAgent
-  module Utils
-    module IO
-      def self.create_directory(dir, owner = nil)
-        return if File.directory?(dir)
-
-        directories = Pathname(dir).each_filename.to_a
-
-        return if directories.empty?
-
-        memoized_path = File::SEPARATOR
-
-        directories.each do |directory|
-          memoized_path = File.join(memoized_path, directory)
-          next if File.directory?(memoized_path)
-          FileUtils.mkdir(memoized_path)
-
-          next unless TCellAgent::Utils::Strings.present?(owner)
-          TCellAgent::Instrumentation.safe_block('Ignoring agent_home_owner value, insufficient privileges') do
-            FileUtils.chown(owner, nil, memoized_path)
-          end
-        end
-      end
-
-      def self.set_owner(filename, owner = nil)
-        TCellAgent::Instrumentation.safe_block('Ignoring agent_home_owner value, insufficient privileges') do
-          if TCellAgent::Utils::Strings.present?(owner) && File.exist?(filename)
-            FileUtils.chown(owner, nil, filename)
-          end
-        end
-      end
-    end
-  end
-end

data/lib/tcell_agent/utils/passwords.rb

@@ -1,28 +0,0 @@
-module TCellAgent
-  module Utils
-    module Passwords
-      def self.fingerprint_password(password, user_id)
-        digest = nil
-
-        app_id = TCellAgent.configuration.app_id
-        password_hmac_key = TCellAgent.configuration.password_hmac_key
-        if app_id &&
-           TCellAgent::Utils::Strings.present?(password_hmac_key) &&
-           TCellAgent::Utils::Strings.present?(password)
-          string_builder = [app_id, ':', password, ':']
-          string_builder.push(user_id) if user_id
-
-          digest = OpenSSL::HMAC.hexdigest(
-            OpenSSL::Digest.new('sha256'),
-            password_hmac_key.to_s,
-            string_builder.join('')
-          )
-
-          digest = digest[0...8]
-        end
-
-        digest
-      end
-    end
-  end
-end

data/lib/tcell_agent/utils/queue_with_timeout.rb

@@ -1,142 +0,0 @@
-# See the file "LICENSE" for the full license governing this code.
-
-require 'tcell_agent/logger'
-require 'thread'
-require 'logger'
-
-module TCellAgent
-  class BoundedQueue
-    def initialize(max_size = :infinite)
-      @lock  = Mutex.new
-      @items = []
-      @item_available = ConditionVariable.new
-      @max_size = max_size
-      @space_available = ConditionVariable.new
-    end
-
-    def push(obj, timeout = :never, &timeout_policy)
-      timeout_policy ||= lambda do
-        raise 'Push timed out'
-      end
-
-      wait_for_condition(
-        @space_available,
-        -> { !full? },
-        timeout,
-        timeout_policy
-      ) do
-
-        @items.push(obj)
-        @item_available.signal
-      end
-    end
-
-    def pop(timeout = :never, &timeout_policy)
-      timeout_policy ||= -> { nil }
-      wait_for_condition(
-        @item_available,
-        -> { @items.any? },
-        timeout,
-        timeout_policy
-      ) do
-
-        item = @items.shift
-        @space_available.signal
-
-        item
-      end
-    end
-
-    def full?
-      return false if @max_size == :infinite
-      @max_size <= @items.size
-    end
-
-    def size
-      @items.size
-    end
-
-    private
-
-    def wait_for_condition(condition_variable, condition_predicate, timeout = :never, timeout_policy = -> { nil })
-      deadline = timeout == :never ? :never : Time.now + timeout
-
-      @lock.synchronize do
-        loop do
-          cv_timeout = timeout == :never ? nil : deadline - Time.now
-
-          if !condition_predicate.call && cv_timeout.to_f >= 0
-            condition_variable.wait(@lock, cv_timeout)
-          end
-
-          if condition_predicate.call # rubocop:disable Style/GuardClause
-            return yield
-
-          elsif :never == deadline || deadline > Time.now # rubocop:disable Style/YodaCondition
-            next
-
-          else
-            return timeout_policy.call
-          end
-        end
-      end
-    end
-  end
-
-  class QueueWithTimeout
-    def initialize
-      @mutex = Mutex.new
-      @queue = []
-      @response_time_table = {}
-      @recieved = ConditionVariable.new
-    end
-
-    def <<(x) # rubocop:disable Naming/UncommunicativeMethodParamName
-      @mutex.synchronize do
-        @queue << x
-        @recieved.signal
-      end
-    end
-
-    def add_response_time(route_id, response_time)
-      @mutex.synchronize do
-        route_id = '?' if route_id.nil? || route_id == ''
-        @response_time_table[route_id] = @response_time_table.fetch(route_id, {})
-        @response_time_table[route_id]['c'] = @response_time_table[route_id].fetch('c', 0) + 1
-        @response_time_table[route_id]['mx'] = [@response_time_table[route_id].fetch('mx', 0), response_time].max
-        @response_time_table[route_id]['mn'] = [@response_time_table[route_id].fetch('mn', response_time), response_time].min
-        @response_time_table[route_id]['t'] = ((@response_time_table[route_id].fetch('t', 0) * (@response_time_table[route_id]['c'] - 1)) + response_time) / @response_time_table[route_id]['c']
-      end
-    end
-
-    def length
-      @queue.length
-    end
-
-    def get_response_time_table
-      @response_time_table
-    end
-
-    def reset_response_time_table
-      @mutex.synchronize do
-        @response_time_table = {}
-      end
-    end
-
-    def pop(non_block = false)
-      pop_with_timeout(non_block ? 0 : nil)
-    end
-
-    def pop_with_timeout(timeout = nil)
-      @mutex.synchronize do
-        if @queue.empty?
-          @recieved.wait(@mutex, timeout) if timeout != 0
-          # if we're still empty after the timeout, raise exception
-          return nil if @queue.empty?
-          # raise ThreadError, "queue empty" if @queue.empty?
-        end
-        @queue.shift
-      end
-    end
-  end
-end