RubyGems - tcell_agent - Versions diffs - 1.1.12 → 2.2.0 - Mend

tcell_agent 1.1.12 → 2.2.0

Files changed (169) hide show

checksums.yaml +5 -5
data/bin/tcell_agent +45 -137
data/lib/tcell_agent.rb +12 -14
data/lib/tcell_agent/agent.rb +108 -97
data/lib/tcell_agent/agent/route_manager.rb +0 -16
data/lib/tcell_agent/agent/static_agent.rb +9 -30
data/lib/tcell_agent/config_initializer.rb +66 -0
data/lib/tcell_agent/configuration.rb +69 -345
data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
data/lib/tcell_agent/instrument_servers.rb +23 -0
data/lib/tcell_agent/instrumentation.rb +12 -10
data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
data/lib/tcell_agent/logger.rb +49 -114
data/lib/tcell_agent/patches.rb +6 -7
data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
data/lib/tcell_agent/policies/headers_policy.rb +25 -0
data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
data/lib/tcell_agent/policies/local_file_access.rb +28 -0
data/lib/tcell_agent/policies/login_policy.rb +43 -0
data/lib/tcell_agent/policies/patches_policy.rb +27 -0
data/lib/tcell_agent/policies/policies_manager.rb +68 -0
data/lib/tcell_agent/policies/policy_polling.rb +58 -0
data/lib/tcell_agent/policies/policy_types.rb +14 -0
data/lib/tcell_agent/policies/system_enablements.rb +27 -0
data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
data/lib/tcell_agent/rails/auth/devise.rb +100 -105
data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
data/lib/tcell_agent/rails/dlp.rb +35 -23
data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
data/lib/tcell_agent/rails/routes.rb +10 -12
data/lib/tcell_agent/rails/routes/grape.rb +4 -14
data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
data/lib/tcell_agent/rust/agent_config.rb +60 -0
data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
data/lib/tcell_agent/rust/models.rb +6 -52
data/lib/tcell_agent/rust/native_agent.rb +549 -0
data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
data/lib/tcell_agent/rust/native_library.rb +69 -0
data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
data/lib/tcell_agent/servers/passenger.rb +1 -28
data/lib/tcell_agent/servers/puma.rb +3 -21
data/lib/tcell_agent/servers/rails_server.rb +1 -2
data/lib/tcell_agent/servers/thin.rb +2 -2
data/lib/tcell_agent/servers/unicorn.rb +19 -80
data/lib/tcell_agent/servers/webrick.rb +1 -2
data/lib/tcell_agent/settings_reporter.rb +11 -90
data/lib/tcell_agent/sinatra.rb +14 -16
data/lib/tcell_agent/tcell_context.rb +40 -14
data/lib/tcell_agent/utils/headers.rb +14 -0
data/lib/tcell_agent/version.rb +1 -1
data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
data/spec/lib/tcell_agent/patches_spec.rb +25 -43
data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
data/spec/spec_helper.rb +1 -1
data/spec/support/builders.rb +103 -0
data/spec/support/force_logger_mocking.rb +38 -0
data/spec/support/resources/lfi_sample_file.txt +2 -0
data/spec/support/static_agent_overrides.rb +0 -15
metadata +72 -83
data/lib/tcell_agent/agent/event_processor.rb +0 -326
data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
data/lib/tcell_agent/agent/policy_manager.rb +0 -219
data/lib/tcell_agent/agent/policy_types.rb +0 -30
data/lib/tcell_agent/api.rb +0 -91
data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
data/lib/tcell_agent/authlogic.rb +0 -26
data/lib/tcell_agent/config/child_process_events.rb +0 -8
data/lib/tcell_agent/config/unknown_options.rb +0 -123
data/lib/tcell_agent/devise.rb +0 -35
data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
data/lib/tcell_agent/policies/rust_policies.rb +0 -110
data/lib/tcell_agent/rails/on_start.rb +0 -41
data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +0 -308
data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
data/lib/tcell_agent/sensor_events/patches.rb +0 -21
data/lib/tcell_agent/start_background_thread.rb +0 -55
data/lib/tcell_agent/system_info.rb +0 -11
data/lib/tcell_agent/utils/io.rb +0 -38
data/lib/tcell_agent/utils/passwords.rb +0 -28
data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143

data/spec/lib/tcell_agent/agent/static_agent_spec.rb DELETED

@@ -1,133 +0,0 @@
-require 'spec_helper'
-module TCellAgent
-  module SensorEvents
-    describe Agent do
-      describe '.increment_session_info' do
-        context 'when running the parent process' do
-          it 'should increment the session info' do
-            expect(TCellAgent::Agent).to receive(:parent_process?).and_return(true)
-            expect(TCellAgent).to_not receive(:queue_metric)
-            expect_any_instance_of(SessionsMetric).to receive(:add_session_info).with(
-              'hmac_session_id', 'user_id', 'ip_address', 'user_agent'
-            )
-            expect_any_instance_of(SessionsMetric).to receive(:flush).and_return(false)
-            expect(TCellAgent).to_not receive(:send_event)
-            TCellAgent.increment_session_info('hmac_session_id', 'user_id', 'ip_address', 'user_agent')
-          end
-          context 'and the session becomes full' do
-            it 'should increment the session info and send the flush dummy event' do
-              expect(TCellAgent::Agent).to receive(:parent_process?).and_return(true)
-              expect(TCellAgent).to_not receive(:queue_metric)
-              expect_any_instance_of(SessionsMetric).to receive(:add_session_info).with(
-                'hmac_session_id', 'user_id', 'ip_address', 'user_agent'
-              )
-              expect_any_instance_of(SessionsMetric).to receive(:flush).and_return(true)
-              expect(TCellAgent).to receive(:send_event).with(
-                instance_of(TCellAgent::SensorEvents::FlushDummyEvent)
-              )
-              TCellAgent.increment_session_info('hmac_session_id', 'user_id', 'ip_address', 'user_agent')
-            end
-          end
-        end
-        context 'when NOT running the parent process' do
-          it 'should queue the metric' do
-            expect(TCellAgent::Agent).to receive(:parent_process?).and_return(false)
-            expect(TCellAgent).to receive(:queue_metric).with(
-              {
-                '_type' => 'increment_session_info',
-                'hmac_session_id' => 'hmac_session_id',
-                'user_id' => 'user_id',
-                'ip_address' => 'ip_address',
-                'user_agent' => 'user_agent'
-              }
-            )
-            expect_any_instance_of(SessionsMetric).to_not receive(:add_session_info)
-            expect_any_instance_of(SessionsMetric).to_not receive(:flush)
-            expect(TCellAgent).to_not receive(:send_event)
-            TCellAgent.increment_session_info('hmac_session_id', 'user_id', 'ip_address', 'user_agent')
-          end
-        end
-      end
-      describe '.increment_route' do
-        context 'when running the parent process' do
-          before(:each) do
-            TCellAgent.thread_agent.response_time_table = {}
-          end
-          after(:each) do
-            TCellAgent.thread_agent.response_time_table = {}
-          end
-          context 'with a route present' do
-            it 'should increment the route info' do
-              expect(TCellAgent::Agent).to receive(:parent_process?).and_return(true)
-              expect(TCellAgent).to_not receive(:queue_metric)
-              TCellAgent.increment_route('/ma_route', 20)
-              expect(TCellAgent.thread_agent.response_time_table).to eq(
-                { '/ma_route' => { 'c' => 1, 'mx' => 20, 'mn' => 20, 't' => 20 } }
-              )
-            end
-          end
-          context 'with an empty route' do
-            it 'should increment the route info' do
-              expect(TCellAgent::Agent).to receive(:parent_process?).and_return(true)
-              expect(TCellAgent).to_not receive(:queue_metric)
-              TCellAgent.increment_route('', 20)
-              expect(TCellAgent.thread_agent.response_time_table).to eq(
-                { '?' => { 'c' => 1, 'mx' => 20, 'mn' => 20, 't' => 20 } }
-              )
-            end
-          end
-          context 'with a nil route' do
-            it 'should increment the route info' do
-              expect(TCellAgent::Agent).to receive(:parent_process?).and_return(true)
-              expect(TCellAgent).to_not receive(:queue_metric)
-              TCellAgent.increment_route(nil, 20)
-              expect(TCellAgent.thread_agent.response_time_table).to eq(
-                { '?' => { 'c' => 1, 'mx' => 20, 'mn' => 20, 't' => 20 } }
-              )
-            end
-          end
-        end
-        context 'when NOT running the parent process' do
-          before(:each) do
-            TCellAgent.thread_agent.response_time_table = {}
-          end
-          after(:each) do
-            TCellAgent.thread_agent.response_time_table = {}
-          end
-          it 'should queue the metric' do
-            expect(TCellAgent::Agent).to receive(:parent_process?).and_return(false)
-            expect(TCellAgent).to receive(:queue_metric).with(
-              {
-                '_type' => 'increment_route',
-                'route_id' => '/ma_route',
-                'response_time' => 20
-              }
-            )
-            TCellAgent.increment_route('/ma_route', 20)
-            expect(TCellAgent.thread_agent.response_time_table).to eq({})
-          end
-        end
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/api/api_spec.rb DELETED

@@ -1,39 +0,0 @@
-require 'spec_helper'
-require 'addressable/template'
-module TCellAgent
-  class TCellApi
-    describe 'successful POST on /user/create' do
-      it 'should redirect to dashboard' do
-        tapi = TCellApi.new
-        TCellAgent.configuration.app_id = 'test-appid'
-        TCellAgent.configuration.api_key = 'test-apikey'
-        def checkreq(_req)
-          '{"result":{"csp-headers":{"app_id":"testapp-Becwu","policy_id":' \
-          '"acf60560-4e76-11e5-874c-7d71d425b275","headers":[{"name":"Content-Security-Policy-Report-Only",' \
-          '"value":"font-src \'none\'; script-src \'self\'; reflected-xss block; ' \
-          'style-src \'self\'; connect-src' \
-          ' \'none\'" ,"report-uri":"http://localhost:3000/csp/cab5e750e66d614bd46fd07a7078db1e74b4f427b2a135b2c96eca684a642707"}]}}}'
-        end
-        uri_template =
-          Addressable::Template.new 'https://api.tcell.io/agents/api/v1/apps/test-appid/policies/latest?type=patches:v1'
-        stub_request(:any, uri_template).to_return(
-          lambda { |request|
-            {
-              :body => checkreq(request),
-              :status => 200,
-              :headers => { 'Content-Type' => 'application/json' }
-            }
-          }
-        )
-        result = tapi.poll_api
-        TCellAgent.configuration.app_id = nil
-        TCellAgent.configuration.api_key = nil
-        expect(result['result']['csp-headers']['app_id']).to eq('testapp-Becwu')
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb DELETED

@@ -1,187 +0,0 @@
-require 'spec_helper'
-module TCellAgent
-  module AppSensor
-    describe InjectionsReporter do
-      describe '.report_and_log' do
-        context 'with nil events' do
-          it 'should do nothing' do
-            expect(TCellAgent).to_not receive(:send_event)
-            expect(TCellAgent).to_not receive(:logger)
-            InjectionsReporter.report_and_log(nil)
-          end
-        end
-        context 'with empty events' do
-          it 'should do nothing' do
-            expect(TCellAgent).to_not receive(:send_event)
-            expect(TCellAgent).to_not receive(:logger)
-            InjectionsReporter.report_and_log([])
-          end
-        end
-        context 'with one event' do
-          it 'should send the event' do
-            events = [
-              {
-                'pattern' => '1',
-                'method' => 'request_method',
-                'uri' => 'abosolute_uri',
-                'parameter' => 'avatar',
-                'meta' => { 'l' => 'body' },
-                'session_id' => 'session_id',
-                'route_id' => 'route_id',
-                'detection_point' => 'xss',
-                'user_id' => 'user_id'
-              }
-            ]
-            expect(TCellAgent).to_not receive(:logger)
-            expect(TCellAgent).to receive(:send_event).with(
-              {
-                'event_type' => 'as',
-                'dp' => 'xss',
-                'param' => 'avatar',
-                'm' => 'request_method',
-                'pattern' => '1',
-                'meta' => { 'l' => 'body' },
-                'rid' => 'route_id',
-                'uri' => 'abosolute_uri',
-                'uid' => 'user_id',
-                'sid' => 'session_id'
-              }
-            )
-            InjectionsReporter.report_and_log(events)
-          end
-        end
-        context 'with one event with full payload' do
-          it 'should send and log the event' do
-            events = [
-              {
-                'pattern' => '1',
-                'method' => 'request_method',
-                'uri' => 'abosolute_uri',
-                'parameter' => 'avatar',
-                'meta' => { 'l' => 'body' },
-                'session_id' => 'session_id',
-                'route_id' => 'route_id',
-                'detection_point' => 'xss',
-                'user_id' => 'user_id',
-                'full_payload' => 'full_payload'
-              }
-            ]
-            logger = double('logger')
-            expect(TCellAgent).to receive(:logger).and_return(logger)
-            expect(logger).to receive(:info).with(/"payload":"full_payload"/)
-            expect(TCellAgent).to receive(:send_event).with(
-              {
-                'event_type' => 'as',
-                'dp' => 'xss',
-                'param' => 'avatar',
-                'm' => 'request_method',
-                'pattern' => '1',
-                'meta' => { 'l' => 'body' },
-                'rid' => 'route_id',
-                'uri' => 'abosolute_uri',
-                'uid' => 'user_id',
-                'sid' => 'session_id'
-              }
-            )
-            InjectionsReporter.report_and_log(events)
-          end
-        end
-        context 'with one event with payload' do
-          it 'should send the event' do
-            events = [
-              {
-                'pattern' => '1',
-                'method' => 'request_method',
-                'uri' => 'abosolute_uri',
-                'parameter' => 'avatar',
-                'meta' => { 'l' => 'body' },
-                'session_id' => 'session_id',
-                'route_id' => 'route_id',
-                'detection_point' => 'xss',
-                'user_id' => 'user_id',
-                'payload' => 'payload'
-              }
-            ]
-            expect(TCellAgent).to_not receive(:logger)
-            expect(TCellAgent).to receive(:send_event).with(
-              {
-                'event_type' => 'as',
-                'dp' => 'xss',
-                'param' => 'avatar',
-                'm' => 'request_method',
-                'pattern' => '1',
-                'meta' => { 'l' => 'body' },
-                'rid' => 'route_id',
-                'uri' => 'abosolute_uri',
-                'uid' => 'user_id',
-                'sid' => 'session_id',
-                'payload' => 'payload'
-              }
-            )
-            InjectionsReporter.report_and_log(events)
-          end
-        end
-        context 'with one event with payload and full payload' do
-          it 'should send and log the event' do
-            events = [
-              {
-                'pattern' => '1',
-                'method' => 'request_method',
-                'uri' => 'abosolute_uri',
-                'parameter' => 'avatar',
-                'meta' => { 'l' => 'body' },
-                'session_id' => 'session_id',
-                'route_id' => 'route_id',
-                'detection_point' => 'xss',
-                'user_id' => 'user_id',
-                'payload' => 'payload',
-                'full_payload' => 'full_payload'
-              }
-            ]
-            logger = double('logger')
-            expect(TCellAgent).to receive(:logger).and_return(logger)
-            expect(logger).to receive(:info).with(/"payload":"full_payload"/)
-            expect(TCellAgent).to receive(:send_event).with(
-              {
-                'event_type' => 'as',
-                'dp' => 'xss',
-                'param' => 'avatar',
-                'm' => 'request_method',
-                'pattern' => '1',
-                'meta' => { 'l' => 'body' },
-                'rid' => 'route_id',
-                'uri' => 'abosolute_uri',
-                'uid' => 'user_id',
-                'sid' => 'session_id',
-                'payload' => 'payload'
-              }
-            )
-            InjectionsReporter.report_and_log(events)
-          end
-        end
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/cmdi_spec.rb DELETED

@@ -1,736 +0,0 @@
-require 'spec_helper'
-module TCellAgent
-  module Cmdi
-    describe '.parse_command' do
-      context 'with env' do
-        before(:each) do
-          @env = { 'TCELL_VAR' => 'enabled' }
-        end
-        context 'with string command' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command(@env, 'echo')
-            expect(cmd).to eq('echo')
-            cmd = TCellAgent::Cmdi.parse_command(@env, 'echo', :unsetenv_others => true)
-            expect(cmd).to eq('echo')
-          end
-        end
-        context 'with string command and arguments' do
-          it 'should parse the command' do
-            cmd = TCellAgent::Cmdi.parse_command(@env, 'echo', 'test', :unsetenv_others => true)
-            expect(cmd).to eq('echo test')
-            cmd = TCellAgent::Cmdi.parse_command(@env, 'echo', 'test', 'one', :unsetenv_others => true)
-            expect(cmd).to eq('echo test one')
-            cmd = TCellAgent::Cmdi.parse_command(
-              @env,
-              'magick',
-              '-size',
-              '320x85',
-              'canvas:none',
-              '-font',
-              'Bookman-DemiItalic',
-              '-draw',
-              "\"text 25,60 \'Magick\'\"",
-              :unsetenv_others => true
-            )
-            expect(cmd).to eq(
-              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-          end
-        end
-        context 'with array command' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command(@env, %w[echo argv0], :unsetenv_others => true)
-            expect(cmd).to eq('echo')
-          end
-        end
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command(@env, %w[echo argv0], 'test', :unsetenv_others => true)
-            expect(cmd).to eq('echo test')
-            cmd = TCellAgent::Cmdi.parse_command(@env, %w[echo argv0], 'test', 'one', :unsetenv_others => true)
-            expect(cmd).to eq('echo test one')
-            cmd = TCellAgent::Cmdi.parse_command(
-              @env,
-              %w[magick argv0],
-              '-size',
-              '320x85',
-              'canvas:none',
-              '-font',
-              'Bookman-DemiItalic',
-              '-draw',
-              "\"text 25,60 \'Magick\'\"",
-              :unsetenv_others => true
-            )
-            expect(cmd).to eq(
-              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-          end
-        end
-      end
-      context 'without env' do
-        context 'with string command' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command('echo')
-            expect(cmd).to eq('echo')
-            cmd = TCellAgent::Cmdi.parse_command('echo', :unsetenv_others => true)
-            expect(cmd).to eq('echo')
-          end
-        end
-        context 'with string command and arguments' do
-          it 'should parse the command' do
-            cmd = TCellAgent::Cmdi.parse_command('echo', 'test', :unsetenv_others => true)
-            expect(cmd).to eq('echo test')
-            cmd = TCellAgent::Cmdi.parse_command('echo', 'test', 'one', :unsetenv_others => true)
-            expect(cmd).to eq('echo test one')
-            cmd = TCellAgent::Cmdi.parse_command(
-              'magick',
-              '-size',
-              '320x85',
-              'canvas:none',
-              '-font',
-              'Bookman-DemiItalic',
-              '-draw',
-              "\"text 25,60 \'Magick\'\"",
-              :unsetenv_others => true
-            )
-            expect(cmd).to eq(
-              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-          end
-        end
-        context 'with array command' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command(%w[echo argv0], :unsetenv_others => true)
-            expect(cmd).to eq('echo')
-          end
-        end
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command(%w[echo argv0], 'test', :unsetenv_others => true)
-            expect(cmd).to eq('echo test')
-            cmd = TCellAgent::Cmdi.parse_command(%w[echo argv0], 'test', 'one', :unsetenv_others => true)
-            expect(cmd).to eq('echo test one')
-            cmd = TCellAgent::Cmdi.parse_command(
-              %w[magick argv0],
-              '-size',
-              '320x85',
-              'canvas:none',
-              '-font',
-              'Bookman-DemiItalic',
-              '-draw',
-              "\"text 25,60 \'Magick\'\"",
-              :unsetenv_others => true
-            )
-            expect(cmd).to eq(
-              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-          end
-        end
-      end
-    end
-  end
-  describe IO do
-    describe '.popen' do
-      before(:each) do
-        configuration = double(
-          'configuration',
-          {
-            'app_id' => 'app_id',
-            'api_key' => 'api_key',
-            'allow_payloads' => true,
-            'js_agent_api_base_url' => 'http://api.tcell.com/',
-            'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-            'max_csp_header_bytes' => nil,
-            'event_time_limit_seconds' => 15,
-            'event_batch_size_limit' => 50,
-            'preload_policy_filename' => nil,
-            'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
-            'agent_home_owner' => nil
-          }
-        )
-        expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-        @rust_policies = TCellAgent::Policies::RustPolicies.new
-      end
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            IO.popen
-          end.to raise_error(ArgumentError)
-          expect do
-            IO.popen(nil)
-          end.to raise_error(TypeError)
-          expect do
-            IO.popen('')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'non existent command' do
-        it 'should return nil' do
-          expect do
-            IO.popen('foobar')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          expect(IO.popen('echo test').read.chomp).to eq('test')
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            IO.popen('echo test')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(@rust_policies.cmdi_enabled).to eq(false)
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_call_original
-            expect(@rust_policies).to_not receive(:block_command?)
-            IO.popen('echo test')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            IO.popen('echo test')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              IO.popen('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-      context 'with env' do
-        before(:each) do
-          @env = { 'TCELL_VAR' => 'enabled' }
-        end
-        context 'with string command' do
-          it 'should execute the command' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, 'echo', 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, 'echo', 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with string command and arguments' do
-          it 'should parse the command' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with array command' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([@env, 'echo', 'test', :unsetenv_others => true], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [@env, 'echo', 'test', :unsetenv_others => true], 'w+', :err => %i[child out])
-          end
-        end
-      end
-      context 'without env' do
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with(
-              "echo -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-            IO.popen(
-              [%w[echo argv0],
-               '-size',
-               '320x85',
-               'canvas:none',
-               '-font',
-               'Bookman-DemiItalic',
-               '-draw',
-               "\"text 25,60 \'Magick\'\""],
-              :unsetenv_others => true
-            )
-          end
-        end
-      end
-    end
-  end
-  describe Kernel do
-    before(:each) do
-      configuration = double(
-        'configuration',
-        {
-          'app_id' => 'app_id',
-          'api_key' => 'api_key',
-          'allow_payloads' => true,
-          'js_agent_api_base_url' => 'http://api.tcell.com/',
-          'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-          'max_csp_header_bytes' => nil,
-          'event_time_limit_seconds' => 15,
-          'event_batch_size_limit' => 50,
-          'preload_policy_filename' => nil,
-          'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
-          'agent_home_owner' => nil
-        }
-      )
-      expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-      @rust_policies = TCellAgent::Policies::RustPolicies.new
-    end
-    describe '.backtick' do
-      context 'empty command' do
-        it 'should raise Errno::ENOENT' do
-          expect do
-            ``
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            `echo test`
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              `echo test`
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '%x methods' do
-      context 'empty command' do
-        it 'should raise Errno::ENOENT' do
-          expect do
-            ``
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            `echo test`
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              `echo test`
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.system' do
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            system
-          end.to raise_error(ArgumentError)
-          expect do
-            system(nil)
-          end.to raise_error(TypeError)
-          expect(system('')).to be_nil
-        end
-      end
-      context 'non existent command' do
-        it 'should return nil' do
-          expect(system('foobar')).to be_nil
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          pid = system('echo test > /dev/null 2>&1')
-          expect(pid).to eq(true)
-          pid = system(RbConfig.ruby, "-e'Hello World!'", '>', '/dev/null', '2>&1')
-          expect(pid).to eq(true)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              system('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.spawn' do
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            spawn
-          end.to raise_error(ArgumentError)
-          expect do
-            spawn(nil)
-          end.to raise_error(TypeError)
-          expect do
-            spawn('')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'non existent command' do
-        it 'should raise error' do
-          expect do
-            spawn('foobar')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          pid = spawn('echo test > /dev/null 2>&1')
-          expect(pid).to_not be_nil
-          pid = spawn(RbConfig.ruby, "-e'Hello World!'", '>', '/dev/null', '2>&1')
-          expect(pid).to_not be_nil
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              spawn('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.exec' do
-      # can only test this case since exec replaces current process with new process
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              exec('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-  end
-end