tcell_agent 1.1.12 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/bin/tcell_agent +45 -137
- data/lib/tcell_agent.rb +12 -14
- data/lib/tcell_agent/agent.rb +108 -97
- data/lib/tcell_agent/agent/route_manager.rb +0 -16
- data/lib/tcell_agent/agent/static_agent.rb +9 -30
- data/lib/tcell_agent/config_initializer.rb +66 -0
- data/lib/tcell_agent/configuration.rb +69 -345
- data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
- data/lib/tcell_agent/instrument_servers.rb +23 -0
- data/lib/tcell_agent/instrumentation.rb +12 -10
- data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
- data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
- data/lib/tcell_agent/logger.rb +49 -114
- data/lib/tcell_agent/patches.rb +6 -7
- data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
- data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
- data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
- data/lib/tcell_agent/policies/headers_policy.rb +25 -0
- data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
- data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
- data/lib/tcell_agent/policies/local_file_access.rb +28 -0
- data/lib/tcell_agent/policies/login_policy.rb +43 -0
- data/lib/tcell_agent/policies/patches_policy.rb +27 -0
- data/lib/tcell_agent/policies/policies_manager.rb +68 -0
- data/lib/tcell_agent/policies/policy_polling.rb +58 -0
- data/lib/tcell_agent/policies/policy_types.rb +14 -0
- data/lib/tcell_agent/policies/system_enablements.rb +27 -0
- data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
- data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
- data/lib/tcell_agent/rails/auth/devise.rb +100 -105
- data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
- data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
- data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
- data/lib/tcell_agent/rails/dlp.rb +35 -23
- data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
- data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
- data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
- data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
- data/lib/tcell_agent/rails/routes.rb +10 -12
- data/lib/tcell_agent/rails/routes/grape.rb +4 -14
- data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
- data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
- data/lib/tcell_agent/rust/agent_config.rb +60 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
- data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
- data/lib/tcell_agent/rust/models.rb +6 -52
- data/lib/tcell_agent/rust/native_agent.rb +549 -0
- data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
- data/lib/tcell_agent/rust/native_library.rb +69 -0
- data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
- data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
- data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
- data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
- data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
- data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
- data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
- data/lib/tcell_agent/servers/passenger.rb +1 -28
- data/lib/tcell_agent/servers/puma.rb +3 -21
- data/lib/tcell_agent/servers/rails_server.rb +1 -2
- data/lib/tcell_agent/servers/thin.rb +2 -2
- data/lib/tcell_agent/servers/unicorn.rb +19 -80
- data/lib/tcell_agent/servers/webrick.rb +1 -2
- data/lib/tcell_agent/settings_reporter.rb +11 -90
- data/lib/tcell_agent/sinatra.rb +14 -16
- data/lib/tcell_agent/tcell_context.rb +40 -14
- data/lib/tcell_agent/utils/headers.rb +14 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
- data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
- data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
- data/spec/lib/tcell_agent/patches_spec.rb +25 -43
- data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
- data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
- data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
- data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
- data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
- data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
- data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
- data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
- data/spec/spec_helper.rb +1 -1
- data/spec/support/builders.rb +103 -0
- data/spec/support/force_logger_mocking.rb +38 -0
- data/spec/support/resources/lfi_sample_file.txt +2 -0
- data/spec/support/static_agent_overrides.rb +0 -15
- metadata +72 -83
- data/lib/tcell_agent/agent/event_processor.rb +0 -326
- data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
- data/lib/tcell_agent/agent/policy_manager.rb +0 -219
- data/lib/tcell_agent/agent/policy_types.rb +0 -30
- data/lib/tcell_agent/api.rb +0 -91
- data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
- data/lib/tcell_agent/authlogic.rb +0 -26
- data/lib/tcell_agent/config/child_process_events.rb +0 -8
- data/lib/tcell_agent/config/unknown_options.rb +0 -123
- data/lib/tcell_agent/devise.rb +0 -35
- data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
- data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
- data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
- data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
- data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
- data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
- data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
- data/lib/tcell_agent/policies/rust_policies.rb +0 -110
- data/lib/tcell_agent/rails/on_start.rb +0 -41
- data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
- data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +0 -308
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
- data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
- data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
- data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
- data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
- data/lib/tcell_agent/sensor_events/patches.rb +0 -21
- data/lib/tcell_agent/start_background_thread.rb +0 -55
- data/lib/tcell_agent/system_info.rb +0 -11
- data/lib/tcell_agent/utils/io.rb +0 -38
- data/lib/tcell_agent/utils/passwords.rb +0 -28
- data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
- data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
- data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
- data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
- data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
- data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
- data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
- data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
- data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
- data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
- data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -1,75 +0,0 @@
|
|
1
|
-
require 'tcell_agent/sensor_events/sensor'
|
2
|
-
|
3
|
-
module TCellAgent
|
4
|
-
module SensorEvents
|
5
|
-
class CommandInjectionMatchEvent < Hash
|
6
|
-
def initialize(rule_id, command)
|
7
|
-
self['rule_id'] = rule_id
|
8
|
-
self['command'] = command if command
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
class CommandInjectionEvent < TCellSensorEvent
|
13
|
-
def self.build_from_native_lib_response_and_tcell_context(apply_response,
|
14
|
-
tcell_context)
|
15
|
-
matches = apply_response.fetch('matches', [])
|
16
|
-
|
17
|
-
return nil if !matches || matches.empty?
|
18
|
-
|
19
|
-
method, remote_address, route_id, session_id, user_id, uri = nil
|
20
|
-
if tcell_context
|
21
|
-
method = tcell_context.request_method
|
22
|
-
remote_address = tcell_context.ip_address
|
23
|
-
route_id = tcell_context.route_id
|
24
|
-
session_id = tcell_context.hmac_session_id
|
25
|
-
user_id = tcell_context.user_id
|
26
|
-
uri = tcell_context.uri
|
27
|
-
end
|
28
|
-
|
29
|
-
matches_without_emtpy_values = matches.map do |match|
|
30
|
-
CommandInjectionMatchEvent.new(
|
31
|
-
match['rule_id'], match['command']
|
32
|
-
)
|
33
|
-
end
|
34
|
-
|
35
|
-
CommandInjectionEvent.new(
|
36
|
-
apply_response['commands'],
|
37
|
-
apply_response.fetch('blocked', false),
|
38
|
-
matches_without_emtpy_values,
|
39
|
-
method,
|
40
|
-
remote_address,
|
41
|
-
route_id,
|
42
|
-
session_id,
|
43
|
-
user_id,
|
44
|
-
uri,
|
45
|
-
apply_response['full_commandline']
|
46
|
-
)
|
47
|
-
end
|
48
|
-
|
49
|
-
def initialize(commands,
|
50
|
-
blocked,
|
51
|
-
matches,
|
52
|
-
method = nil,
|
53
|
-
remote_address = nil,
|
54
|
-
route_id = nil,
|
55
|
-
session_id = nil,
|
56
|
-
user_id = nil,
|
57
|
-
uri = nil,
|
58
|
-
full_commandline = nil)
|
59
|
-
super('cmdi')
|
60
|
-
|
61
|
-
self['commands'] = commands
|
62
|
-
self['blocked'] = blocked
|
63
|
-
self['matches'] = matches
|
64
|
-
self['m'] = method if method
|
65
|
-
|
66
|
-
self['remote_addr'] = remote_address if remote_address
|
67
|
-
self['rid'] = route_id if route_id
|
68
|
-
self['sid'] = session_id if session_id
|
69
|
-
self['uid'] = user_id if user_id
|
70
|
-
self['full_commandline'] = full_commandline if full_commandline
|
71
|
-
self['uri'] = TCellAgent::SensorEvents::Util.strip_uri_values(uri) if uri
|
72
|
-
end
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
@@ -1,16 +0,0 @@
|
|
1
|
-
# See the file "LICENSE" for the full license governing this code.
|
2
|
-
|
3
|
-
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
4
|
-
require 'tcell_agent/sensor_events/sensor'
|
5
|
-
|
6
|
-
module TCellAgent
|
7
|
-
module SensorEvents
|
8
|
-
class HoneytokensSensorEvent < TCellSensorEvent
|
9
|
-
def initialize(request, token_id)
|
10
|
-
super('honeytoken')
|
11
|
-
self['id'] = token_id
|
12
|
-
self['ip'] = request.remote_ip
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
16
|
-
end
|
@@ -1,60 +0,0 @@
|
|
1
|
-
# See the file "LICENSE" for the full license governing this code.
|
2
|
-
|
3
|
-
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
4
|
-
require 'tcell_agent/sensor_events/sensor'
|
5
|
-
|
6
|
-
module TCellAgent
|
7
|
-
module SensorEvents
|
8
|
-
class LoginEvent < TCellSensorEvent
|
9
|
-
def initialize(header_keys,
|
10
|
-
tcell_data,
|
11
|
-
user_id,
|
12
|
-
password,
|
13
|
-
user_valid)
|
14
|
-
super('login')
|
15
|
-
|
16
|
-
self['header_keys'] = header_keys
|
17
|
-
|
18
|
-
self['user_agent'] = tcell_data.user_agent.to_s if tcell_data.user_agent
|
19
|
-
self['referrer'] = TCellAgent::SensorEvents::Util.strip_uri_values(tcell_data.referrer) if tcell_data.referrer
|
20
|
-
self['remote_addr'] = tcell_data.ip_address.to_s if tcell_data.ip_address
|
21
|
-
self['user_id'] = user_id.to_s if user_id
|
22
|
-
self['document_uri'] = TCellAgent::SensorEvents::Util.strip_uri_values(tcell_data.path) if tcell_data.path
|
23
|
-
self['session'] = tcell_data.hmac_session_id if tcell_data.hmac_session_id
|
24
|
-
|
25
|
-
digest = TCellAgent::Utils::Passwords.fingerprint_password(password,
|
26
|
-
user_id)
|
27
|
-
self['password_id'] = digest if digest
|
28
|
-
self['user_valid'] = user_valid if user_valid
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
class LoginFailure < LoginEvent
|
33
|
-
def initialize(request_env_or_header_keys,
|
34
|
-
tcell_data,
|
35
|
-
user_id,
|
36
|
-
password,
|
37
|
-
user_valid = nil)
|
38
|
-
header_keys = Util.clean_header_keys(request_env_or_header_keys)
|
39
|
-
|
40
|
-
super(header_keys, tcell_data, user_id, password, user_valid)
|
41
|
-
|
42
|
-
self['event_name'] = 'login-failure'
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
class LoginSuccess < LoginEvent
|
47
|
-
def initialize(request_env_or_header_keys,
|
48
|
-
tcell_data,
|
49
|
-
user_id,
|
50
|
-
password,
|
51
|
-
user_valid = nil)
|
52
|
-
header_keys = Util.clean_header_keys(request_env_or_header_keys)
|
53
|
-
|
54
|
-
super(header_keys, tcell_data, user_id, password, user_valid)
|
55
|
-
|
56
|
-
self['event_name'] = 'login-success'
|
57
|
-
end
|
58
|
-
end
|
59
|
-
end
|
60
|
-
end
|
@@ -1,123 +0,0 @@
|
|
1
|
-
# See the file "LICENSE" for the full license governing this code.
|
2
|
-
|
3
|
-
module TCellAgent
|
4
|
-
module SensorEvents
|
5
|
-
class Counter
|
6
|
-
attr_reader :counter
|
7
|
-
def initialize
|
8
|
-
@counter = 0
|
9
|
-
end
|
10
|
-
|
11
|
-
def add_object
|
12
|
-
@counter += 1
|
13
|
-
end
|
14
|
-
|
15
|
-
def reset
|
16
|
-
@counter = 0
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
class RequestRouteTimer < TCellSensorEvent
|
21
|
-
attr_accessor :route_id
|
22
|
-
attr_accessor :response_time
|
23
|
-
def initialize(route_id, response_time)
|
24
|
-
super('RequestRouteTimer')
|
25
|
-
self.route_id = route_id
|
26
|
-
self.response_time = response_time
|
27
|
-
@send = false
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
class MetricsEvent < TCellSensorEvent
|
32
|
-
def initialize
|
33
|
-
super('metrics')
|
34
|
-
end
|
35
|
-
|
36
|
-
def set_route_count_table(route_count_table)
|
37
|
-
self['rct'] = route_count_table
|
38
|
-
end
|
39
|
-
end
|
40
|
-
|
41
|
-
class SessionsMetric < TCellSensorEvent
|
42
|
-
class UserSessionTrackMetric < Hash
|
43
|
-
def initialize(object_counter, user_id)
|
44
|
-
@object_counter = object_counter
|
45
|
-
@user_agents = {}
|
46
|
-
self['uid'] = user_id
|
47
|
-
self['track'] = []
|
48
|
-
end
|
49
|
-
|
50
|
-
def add_user_agent_ip(truncated_agent, ip_address)
|
51
|
-
if @user_agents.key?(truncated_agent)
|
52
|
-
tracked_agents = @user_agents[truncated_agent]
|
53
|
-
ips = tracked_agents[1]
|
54
|
-
unless ips.include?(ip_address)
|
55
|
-
@object_counter.add_object
|
56
|
-
ips.push(ip_address)
|
57
|
-
end
|
58
|
-
else
|
59
|
-
@object_counter.add_object
|
60
|
-
@user_agents[truncated_agent] = [truncated_agent, [ip_address]]
|
61
|
-
self['track'].push(@user_agents[truncated_agent])
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
class UserSessionMetric < Array
|
67
|
-
def initialize(object_counter)
|
68
|
-
@user_ids = {}
|
69
|
-
@object_counter = object_counter
|
70
|
-
end
|
71
|
-
|
72
|
-
def add_user_id_user_agent_ip(user_id, truncated_agent, ip_address)
|
73
|
-
if @user_ids.key?(user_id)
|
74
|
-
user_id_info = @user_ids[user_id]
|
75
|
-
user_id_info.add_user_agent_ip(truncated_agent, ip_address)
|
76
|
-
else
|
77
|
-
@object_counter.add_object
|
78
|
-
|
79
|
-
@user_ids[user_id] = user_id_info = UserSessionTrackMetric.new(@object_counter, user_id)
|
80
|
-
user_id_info.add_user_agent_ip(truncated_agent, ip_address)
|
81
|
-
|
82
|
-
push(user_id_info)
|
83
|
-
end
|
84
|
-
end
|
85
|
-
end
|
86
|
-
|
87
|
-
def initialize
|
88
|
-
super('metrics')
|
89
|
-
@send = false
|
90
|
-
@flush = false
|
91
|
-
|
92
|
-
self['sessions'] = {}
|
93
|
-
@has_sessions = false
|
94
|
-
@object_counter = Counter.new
|
95
|
-
end
|
96
|
-
|
97
|
-
def sessions?
|
98
|
-
@has_sessions
|
99
|
-
end
|
100
|
-
|
101
|
-
def add_session_info(hmac_session_id, user_id, ip_address, user_agent)
|
102
|
-
if @object_counter.counter >= 250
|
103
|
-
TCellAgent.logger.warn('Sessions Metric is full. Information dropped')
|
104
|
-
|
105
|
-
else
|
106
|
-
self['sessions'][hmac_session_id] =
|
107
|
-
self['sessions'].fetch(hmac_session_id, UserSessionMetric.new(@object_counter))
|
108
|
-
|
109
|
-
@has_sessions = true
|
110
|
-
|
111
|
-
truncated_agent = truncated_user_agent(user_agent)
|
112
|
-
self['sessions'][hmac_session_id].add_user_id_user_agent_ip(user_id, truncated_agent, ip_address)
|
113
|
-
|
114
|
-
@flush = true if @object_counter.counter >= 200
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
|
-
def truncated_user_agent(user_agent)
|
119
|
-
user_agent[0...256]
|
120
|
-
end
|
121
|
-
end
|
122
|
-
end
|
123
|
-
end
|
@@ -1,21 +0,0 @@
|
|
1
|
-
require 'tcell_agent/sensor_events/sensor'
|
2
|
-
|
3
|
-
module TCellAgent
|
4
|
-
module SensorEvents
|
5
|
-
class PatchesEvent < TCellSensorEvent
|
6
|
-
def initialize(rust_response, appsensor_meta)
|
7
|
-
super('patches')
|
8
|
-
|
9
|
-
self['patches_pid'] = rust_response['patches_policy_id']
|
10
|
-
self['rule_id'] = rust_response['rule_id']
|
11
|
-
self['action'] = 'blocked'
|
12
|
-
self['sz'] = appsensor_meta.request_content_bytes_len if appsensor_meta.request_content_bytes_len
|
13
|
-
self['m'] = appsensor_meta.method if appsensor_meta.method
|
14
|
-
self['remote_addr'] = appsensor_meta.remote_address if appsensor_meta.remote_address
|
15
|
-
self['uri'] = TCellAgent::SensorEvents::Util.strip_uri_values(appsensor_meta.location) if appsensor_meta.location
|
16
|
-
self['regex_pid'] = rust_response['regex_pid'] if rust_response['regex_pid']
|
17
|
-
self['payload'] = rust_response['payload'] if rust_response['payload']
|
18
|
-
end
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
@@ -1,55 +0,0 @@
|
|
1
|
-
# See the file "LICENSE" for the full license governing this code.
|
2
|
-
require 'tcell_agent/configuration'
|
3
|
-
|
4
|
-
unless TCellAgent.configuration.disable_all
|
5
|
-
require 'tcell_agent/logger'
|
6
|
-
require 'tcell_agent/agent'
|
7
|
-
require 'thread'
|
8
|
-
|
9
|
-
module TCellAgent
|
10
|
-
# require 'tcell_agent/sinatra' if defined?(Sinatra)
|
11
|
-
require 'tcell_agent/rails' if defined?(Rails)
|
12
|
-
require 'tcell_agent/instrumentation/cmdi'
|
13
|
-
|
14
|
-
def self.run_instrumentation(server_name, send_startup_events = true)
|
15
|
-
require 'tcell_agent/hooks/login_fraud'
|
16
|
-
require 'tcell_agent/rails/on_start' if defined?(Rails)
|
17
|
-
require 'tcell_agent/settings_reporter'
|
18
|
-
|
19
|
-
TCellAgent::Instrumentation.safe_block('Starting thread agent') do
|
20
|
-
TCellAgent.logger.debug("Instrumenting: #{server_name}")
|
21
|
-
TCellAgent.thread_agent.start
|
22
|
-
end
|
23
|
-
|
24
|
-
report_settings(send_startup_events)
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
28
|
-
tcell_server = ENV['TCELL_AGENT_SERVER']
|
29
|
-
|
30
|
-
if TCellAgent.configuration.should_instrument?
|
31
|
-
unless tcell_server && tcell_server == 'mock'
|
32
|
-
|
33
|
-
if (tcell_server && tcell_server == 'webrick') || defined?(Rails::Server)
|
34
|
-
require('tcell_agent/servers/rails_server')
|
35
|
-
|
36
|
-
elsif (tcell_server && tcell_server == 'thin') || defined?(Thin)
|
37
|
-
require('tcell_agent/servers/thin')
|
38
|
-
|
39
|
-
elsif (tcell_server && tcell_server == 'puma') || defined?(Puma)
|
40
|
-
require('tcell_agent/servers/puma')
|
41
|
-
|
42
|
-
elsif (tcell_server && tcell_server == 'unicorn') || defined?(Unicorn)
|
43
|
-
require('tcell_agent/servers/unicorn')
|
44
|
-
|
45
|
-
elsif (tcell_server && tcell_server == 'passenger') || defined?(PhusionPassenger)
|
46
|
-
require('tcell_agent/servers/passenger')
|
47
|
-
|
48
|
-
end
|
49
|
-
end
|
50
|
-
|
51
|
-
elsif (tcell_server && tcell_server == 'unicorn') || defined?(Unicorn)
|
52
|
-
# unicorn is always instrumented to support rolling restarts
|
53
|
-
require('tcell_agent/servers/unicorn')
|
54
|
-
end
|
55
|
-
end
|
data/lib/tcell_agent/utils/io.rb
DELETED
@@ -1,38 +0,0 @@
|
|
1
|
-
require 'pathname'
|
2
|
-
require 'tcell_agent/instrumentation'
|
3
|
-
require 'tcell_agent/utils/strings'
|
4
|
-
|
5
|
-
module TCellAgent
|
6
|
-
module Utils
|
7
|
-
module IO
|
8
|
-
def self.create_directory(dir, owner = nil)
|
9
|
-
return if File.directory?(dir)
|
10
|
-
|
11
|
-
directories = Pathname(dir).each_filename.to_a
|
12
|
-
|
13
|
-
return if directories.empty?
|
14
|
-
|
15
|
-
memoized_path = File::SEPARATOR
|
16
|
-
|
17
|
-
directories.each do |directory|
|
18
|
-
memoized_path = File.join(memoized_path, directory)
|
19
|
-
next if File.directory?(memoized_path)
|
20
|
-
FileUtils.mkdir(memoized_path)
|
21
|
-
|
22
|
-
next unless TCellAgent::Utils::Strings.present?(owner)
|
23
|
-
TCellAgent::Instrumentation.safe_block('Ignoring agent_home_owner value, insufficient privileges') do
|
24
|
-
FileUtils.chown(owner, nil, memoized_path)
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
def self.set_owner(filename, owner = nil)
|
30
|
-
TCellAgent::Instrumentation.safe_block('Ignoring agent_home_owner value, insufficient privileges') do
|
31
|
-
if TCellAgent::Utils::Strings.present?(owner) && File.exist?(filename)
|
32
|
-
FileUtils.chown(owner, nil, filename)
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
@@ -1,28 +0,0 @@
|
|
1
|
-
module TCellAgent
|
2
|
-
module Utils
|
3
|
-
module Passwords
|
4
|
-
def self.fingerprint_password(password, user_id)
|
5
|
-
digest = nil
|
6
|
-
|
7
|
-
app_id = TCellAgent.configuration.app_id
|
8
|
-
password_hmac_key = TCellAgent.configuration.password_hmac_key
|
9
|
-
if app_id &&
|
10
|
-
TCellAgent::Utils::Strings.present?(password_hmac_key) &&
|
11
|
-
TCellAgent::Utils::Strings.present?(password)
|
12
|
-
string_builder = [app_id, ':', password, ':']
|
13
|
-
string_builder.push(user_id) if user_id
|
14
|
-
|
15
|
-
digest = OpenSSL::HMAC.hexdigest(
|
16
|
-
OpenSSL::Digest.new('sha256'),
|
17
|
-
password_hmac_key.to_s,
|
18
|
-
string_builder.join('')
|
19
|
-
)
|
20
|
-
|
21
|
-
digest = digest[0...8]
|
22
|
-
end
|
23
|
-
|
24
|
-
digest
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
28
|
-
end
|
@@ -1,142 +0,0 @@
|
|
1
|
-
# See the file "LICENSE" for the full license governing this code.
|
2
|
-
|
3
|
-
require 'tcell_agent/logger'
|
4
|
-
require 'thread'
|
5
|
-
require 'logger'
|
6
|
-
|
7
|
-
module TCellAgent
|
8
|
-
class BoundedQueue
|
9
|
-
def initialize(max_size = :infinite)
|
10
|
-
@lock = Mutex.new
|
11
|
-
@items = []
|
12
|
-
@item_available = ConditionVariable.new
|
13
|
-
@max_size = max_size
|
14
|
-
@space_available = ConditionVariable.new
|
15
|
-
end
|
16
|
-
|
17
|
-
def push(obj, timeout = :never, &timeout_policy)
|
18
|
-
timeout_policy ||= lambda do
|
19
|
-
raise 'Push timed out'
|
20
|
-
end
|
21
|
-
|
22
|
-
wait_for_condition(
|
23
|
-
@space_available,
|
24
|
-
-> { !full? },
|
25
|
-
timeout,
|
26
|
-
timeout_policy
|
27
|
-
) do
|
28
|
-
|
29
|
-
@items.push(obj)
|
30
|
-
@item_available.signal
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
def pop(timeout = :never, &timeout_policy)
|
35
|
-
timeout_policy ||= -> { nil }
|
36
|
-
wait_for_condition(
|
37
|
-
@item_available,
|
38
|
-
-> { @items.any? },
|
39
|
-
timeout,
|
40
|
-
timeout_policy
|
41
|
-
) do
|
42
|
-
|
43
|
-
item = @items.shift
|
44
|
-
@space_available.signal
|
45
|
-
|
46
|
-
item
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
def full?
|
51
|
-
return false if @max_size == :infinite
|
52
|
-
@max_size <= @items.size
|
53
|
-
end
|
54
|
-
|
55
|
-
def size
|
56
|
-
@items.size
|
57
|
-
end
|
58
|
-
|
59
|
-
private
|
60
|
-
|
61
|
-
def wait_for_condition(condition_variable, condition_predicate, timeout = :never, timeout_policy = -> { nil })
|
62
|
-
deadline = timeout == :never ? :never : Time.now + timeout
|
63
|
-
|
64
|
-
@lock.synchronize do
|
65
|
-
loop do
|
66
|
-
cv_timeout = timeout == :never ? nil : deadline - Time.now
|
67
|
-
|
68
|
-
if !condition_predicate.call && cv_timeout.to_f >= 0
|
69
|
-
condition_variable.wait(@lock, cv_timeout)
|
70
|
-
end
|
71
|
-
|
72
|
-
if condition_predicate.call # rubocop:disable Style/GuardClause
|
73
|
-
return yield
|
74
|
-
|
75
|
-
elsif :never == deadline || deadline > Time.now # rubocop:disable Style/YodaCondition
|
76
|
-
next
|
77
|
-
|
78
|
-
else
|
79
|
-
return timeout_policy.call
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
class QueueWithTimeout
|
87
|
-
def initialize
|
88
|
-
@mutex = Mutex.new
|
89
|
-
@queue = []
|
90
|
-
@response_time_table = {}
|
91
|
-
@recieved = ConditionVariable.new
|
92
|
-
end
|
93
|
-
|
94
|
-
def <<(x) # rubocop:disable Naming/UncommunicativeMethodParamName
|
95
|
-
@mutex.synchronize do
|
96
|
-
@queue << x
|
97
|
-
@recieved.signal
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
def add_response_time(route_id, response_time)
|
102
|
-
@mutex.synchronize do
|
103
|
-
route_id = '?' if route_id.nil? || route_id == ''
|
104
|
-
@response_time_table[route_id] = @response_time_table.fetch(route_id, {})
|
105
|
-
@response_time_table[route_id]['c'] = @response_time_table[route_id].fetch('c', 0) + 1
|
106
|
-
@response_time_table[route_id]['mx'] = [@response_time_table[route_id].fetch('mx', 0), response_time].max
|
107
|
-
@response_time_table[route_id]['mn'] = [@response_time_table[route_id].fetch('mn', response_time), response_time].min
|
108
|
-
@response_time_table[route_id]['t'] = ((@response_time_table[route_id].fetch('t', 0) * (@response_time_table[route_id]['c'] - 1)) + response_time) / @response_time_table[route_id]['c']
|
109
|
-
end
|
110
|
-
end
|
111
|
-
|
112
|
-
def length
|
113
|
-
@queue.length
|
114
|
-
end
|
115
|
-
|
116
|
-
def get_response_time_table
|
117
|
-
@response_time_table
|
118
|
-
end
|
119
|
-
|
120
|
-
def reset_response_time_table
|
121
|
-
@mutex.synchronize do
|
122
|
-
@response_time_table = {}
|
123
|
-
end
|
124
|
-
end
|
125
|
-
|
126
|
-
def pop(non_block = false)
|
127
|
-
pop_with_timeout(non_block ? 0 : nil)
|
128
|
-
end
|
129
|
-
|
130
|
-
def pop_with_timeout(timeout = nil)
|
131
|
-
@mutex.synchronize do
|
132
|
-
if @queue.empty?
|
133
|
-
@recieved.wait(@mutex, timeout) if timeout != 0
|
134
|
-
# if we're still empty after the timeout, raise exception
|
135
|
-
return nil if @queue.empty?
|
136
|
-
# raise ThreadError, "queue empty" if @queue.empty?
|
137
|
-
end
|
138
|
-
@queue.shift
|
139
|
-
end
|
140
|
-
end
|
141
|
-
end
|
142
|
-
end
|