RubyGems - tcell_agent - Versions diffs - 1.1.12 → 2.2.0 - Mend

tcell_agent 1.1.12 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (169) hide show

checksums.yaml +5 -5
data/bin/tcell_agent +45 -137
data/lib/tcell_agent.rb +12 -14
data/lib/tcell_agent/agent.rb +108 -97
data/lib/tcell_agent/agent/route_manager.rb +0 -16
data/lib/tcell_agent/agent/static_agent.rb +9 -30
data/lib/tcell_agent/config_initializer.rb +66 -0
data/lib/tcell_agent/configuration.rb +69 -345
data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
data/lib/tcell_agent/instrument_servers.rb +23 -0
data/lib/tcell_agent/instrumentation.rb +12 -10
data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
data/lib/tcell_agent/logger.rb +49 -114
data/lib/tcell_agent/patches.rb +6 -7
data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
data/lib/tcell_agent/policies/headers_policy.rb +25 -0
data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
data/lib/tcell_agent/policies/local_file_access.rb +28 -0
data/lib/tcell_agent/policies/login_policy.rb +43 -0
data/lib/tcell_agent/policies/patches_policy.rb +27 -0
data/lib/tcell_agent/policies/policies_manager.rb +68 -0
data/lib/tcell_agent/policies/policy_polling.rb +58 -0
data/lib/tcell_agent/policies/policy_types.rb +14 -0
data/lib/tcell_agent/policies/system_enablements.rb +27 -0
data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
data/lib/tcell_agent/rails/auth/devise.rb +100 -105
data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
data/lib/tcell_agent/rails/dlp.rb +35 -23
data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
data/lib/tcell_agent/rails/routes.rb +10 -12
data/lib/tcell_agent/rails/routes/grape.rb +4 -14
data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
data/lib/tcell_agent/rust/agent_config.rb +60 -0
data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
data/lib/tcell_agent/rust/models.rb +6 -52
data/lib/tcell_agent/rust/native_agent.rb +549 -0
data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
data/lib/tcell_agent/rust/native_library.rb +69 -0
data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
data/lib/tcell_agent/servers/passenger.rb +1 -28
data/lib/tcell_agent/servers/puma.rb +3 -21
data/lib/tcell_agent/servers/rails_server.rb +1 -2
data/lib/tcell_agent/servers/thin.rb +2 -2
data/lib/tcell_agent/servers/unicorn.rb +19 -80
data/lib/tcell_agent/servers/webrick.rb +1 -2
data/lib/tcell_agent/settings_reporter.rb +11 -90
data/lib/tcell_agent/sinatra.rb +14 -16
data/lib/tcell_agent/tcell_context.rb +40 -14
data/lib/tcell_agent/utils/headers.rb +14 -0
data/lib/tcell_agent/version.rb +1 -1
data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
data/spec/lib/tcell_agent/patches_spec.rb +25 -43
data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
data/spec/spec_helper.rb +1 -1
data/spec/support/builders.rb +103 -0
data/spec/support/force_logger_mocking.rb +38 -0
data/spec/support/resources/lfi_sample_file.txt +2 -0
data/spec/support/static_agent_overrides.rb +0 -15
metadata +72 -83
data/lib/tcell_agent/agent/event_processor.rb +0 -326
data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
data/lib/tcell_agent/agent/policy_manager.rb +0 -219
data/lib/tcell_agent/agent/policy_types.rb +0 -30
data/lib/tcell_agent/api.rb +0 -91
data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
data/lib/tcell_agent/authlogic.rb +0 -26
data/lib/tcell_agent/config/child_process_events.rb +0 -8
data/lib/tcell_agent/config/unknown_options.rb +0 -123
data/lib/tcell_agent/devise.rb +0 -35
data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
data/lib/tcell_agent/policies/rust_policies.rb +0 -110
data/lib/tcell_agent/rails/on_start.rb +0 -41
data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +0 -308
data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
data/lib/tcell_agent/sensor_events/patches.rb +0 -21
data/lib/tcell_agent/start_background_thread.rb +0 -55
data/lib/tcell_agent/system_info.rb +0 -11
data/lib/tcell_agent/utils/io.rb +0 -38
data/lib/tcell_agent/utils/passwords.rb +0 -28
data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143

data/spec/lib/tcell_agent/agent/static_agent_spec.rb DELETED

@@ -1,133 +0,0 @@
-require 'spec_helper'
-module TCellAgent
-  module SensorEvents
-    describe Agent do
-      describe '.increment_session_info' do
-        context 'when running the parent process' do
-          it 'should increment the session info' do
-            expect(TCellAgent::Agent).to receive(:parent_process?).and_return(true)
-            expect(TCellAgent).to_not receive(:queue_metric)
-            expect_any_instance_of(SessionsMetric).to receive(:add_session_info).with(
-              'hmac_session_id', 'user_id', 'ip_address', 'user_agent'
-            )
-            expect_any_instance_of(SessionsMetric).to receive(:flush).and_return(false)
-            expect(TCellAgent).to_not receive(:send_event)
-            TCellAgent.increment_session_info('hmac_session_id', 'user_id', 'ip_address', 'user_agent')
-          end
-          context 'and the session becomes full' do
-            it 'should increment the session info and send the flush dummy event' do
-              expect(TCellAgent::Agent).to receive(:parent_process?).and_return(true)
-              expect(TCellAgent).to_not receive(:queue_metric)
-              expect_any_instance_of(SessionsMetric).to receive(:add_session_info).with(
-                'hmac_session_id', 'user_id', 'ip_address', 'user_agent'
-              )
-              expect_any_instance_of(SessionsMetric).to receive(:flush).and_return(true)
-              expect(TCellAgent).to receive(:send_event).with(
-                instance_of(TCellAgent::SensorEvents::FlushDummyEvent)
-              )
-              TCellAgent.increment_session_info('hmac_session_id', 'user_id', 'ip_address', 'user_agent')
-            end
-          end
-        end
-        context 'when NOT running the parent process' do
-          it 'should queue the metric' do
-            expect(TCellAgent::Agent).to receive(:parent_process?).and_return(false)
-            expect(TCellAgent).to receive(:queue_metric).with(
-              {
-                '_type' => 'increment_session_info',
-                'hmac_session_id' => 'hmac_session_id',
-                'user_id' => 'user_id',
-                'ip_address' => 'ip_address',
-                'user_agent' => 'user_agent'
-              }
-            )
-            expect_any_instance_of(SessionsMetric).to_not receive(:add_session_info)
-            expect_any_instance_of(SessionsMetric).to_not receive(:flush)
-            expect(TCellAgent).to_not receive(:send_event)
-            TCellAgent.increment_session_info('hmac_session_id', 'user_id', 'ip_address', 'user_agent')
-          end
-        end
-      end
-      describe '.increment_route' do
-        context 'when running the parent process' do
-          before(:each) do
-            TCellAgent.thread_agent.response_time_table = {}
-          end
-          after(:each) do
-            TCellAgent.thread_agent.response_time_table = {}
-          end
-          context 'with a route present' do
-            it 'should increment the route info' do
-              expect(TCellAgent::Agent).to receive(:parent_process?).and_return(true)
-              expect(TCellAgent).to_not receive(:queue_metric)
-              TCellAgent.increment_route('/ma_route', 20)
-              expect(TCellAgent.thread_agent.response_time_table).to eq(
-                { '/ma_route' => { 'c' => 1, 'mx' => 20, 'mn' => 20, 't' => 20 } }
-              )
-            end
-          end
-          context 'with an empty route' do
-            it 'should increment the route info' do
-              expect(TCellAgent::Agent).to receive(:parent_process?).and_return(true)
-              expect(TCellAgent).to_not receive(:queue_metric)
-              TCellAgent.increment_route('', 20)
-              expect(TCellAgent.thread_agent.response_time_table).to eq(
-                { '?' => { 'c' => 1, 'mx' => 20, 'mn' => 20, 't' => 20 } }
-              )
-            end
-          end
-          context 'with a nil route' do
-            it 'should increment the route info' do
-              expect(TCellAgent::Agent).to receive(:parent_process?).and_return(true)
-              expect(TCellAgent).to_not receive(:queue_metric)
-              TCellAgent.increment_route(nil, 20)
-              expect(TCellAgent.thread_agent.response_time_table).to eq(
-                { '?' => { 'c' => 1, 'mx' => 20, 'mn' => 20, 't' => 20 } }
-              )
-            end
-          end
-        end
-        context 'when NOT running the parent process' do
-          before(:each) do
-            TCellAgent.thread_agent.response_time_table = {}
-          end
-          after(:each) do
-            TCellAgent.thread_agent.response_time_table = {}
-          end
-          it 'should queue the metric' do
-            expect(TCellAgent::Agent).to receive(:parent_process?).and_return(false)
-            expect(TCellAgent).to receive(:queue_metric).with(
-              {
-                '_type' => 'increment_route',
-                'route_id' => '/ma_route',
-                'response_time' => 20
-              }
-            )
-            TCellAgent.increment_route('/ma_route', 20)
-            expect(TCellAgent.thread_agent.response_time_table).to eq({})
-          end
-        end
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/api/api_spec.rb DELETED

@@ -1,39 +0,0 @@
-require 'spec_helper'
-require 'addressable/template'
-module TCellAgent
-  class TCellApi
-    describe 'successful POST on /user/create' do
-      it 'should redirect to dashboard' do
-        tapi = TCellApi.new
-        TCellAgent.configuration.app_id = 'test-appid'
-        TCellAgent.configuration.api_key = 'test-apikey'
-        def checkreq(_req)
-          '{"result":{"csp-headers":{"app_id":"testapp-Becwu","policy_id":' \
-          '"acf60560-4e76-11e5-874c-7d71d425b275","headers":[{"name":"Content-Security-Policy-Report-Only",' \
-          '"value":"font-src \'none\'; script-src \'self\'; reflected-xss block; ' \
-          'style-src \'self\'; connect-src' \
-          ' \'none\'" ,"report-uri":"http://localhost:3000/csp/cab5e750e66d614bd46fd07a7078db1e74b4f427b2a135b2c96eca684a642707"}]}}}'
-        end
-        uri_template =
-          Addressable::Template.new 'https://api.tcell.io/agents/api/v1/apps/test-appid/policies/latest?type=patches:v1'
-        stub_request(:any, uri_template).to_return(
-          lambda { |request|
-            {
-              :body => checkreq(request),
-              :status => 200,
-              :headers => { 'Content-Type' => 'application/json' }
-            }
-          }
-        )
-        result = tapi.poll_api
-        TCellAgent.configuration.app_id = nil
-        TCellAgent.configuration.api_key = nil
-        expect(result['result']['csp-headers']['app_id']).to eq('testapp-Becwu')
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb DELETED

@@ -1,187 +0,0 @@
-require 'spec_helper'
-module TCellAgent
-  module AppSensor
-    describe InjectionsReporter do
-      describe '.report_and_log' do
-        context 'with nil events' do
-          it 'should do nothing' do
-            expect(TCellAgent).to_not receive(:send_event)
-            expect(TCellAgent).to_not receive(:logger)
-            InjectionsReporter.report_and_log(nil)
-          end
-        end
-        context 'with empty events' do
-          it 'should do nothing' do
-            expect(TCellAgent).to_not receive(:send_event)
-            expect(TCellAgent).to_not receive(:logger)
-            InjectionsReporter.report_and_log([])
-          end
-        end
-        context 'with one event' do
-          it 'should send the event' do
-            events = [
-              {
-                'pattern' => '1',
-                'method' => 'request_method',
-                'uri' => 'abosolute_uri',
-                'parameter' => 'avatar',
-                'meta' => { 'l' => 'body' },
-                'session_id' => 'session_id',
-                'route_id' => 'route_id',
-                'detection_point' => 'xss',
-                'user_id' => 'user_id'
-              }
-            ]
-            expect(TCellAgent).to_not receive(:logger)
-            expect(TCellAgent).to receive(:send_event).with(
-              {
-                'event_type' => 'as',
-                'dp' => 'xss',
-                'param' => 'avatar',
-                'm' => 'request_method',
-                'pattern' => '1',
-                'meta' => { 'l' => 'body' },
-                'rid' => 'route_id',
-                'uri' => 'abosolute_uri',
-                'uid' => 'user_id',
-                'sid' => 'session_id'
-              }
-            )
-            InjectionsReporter.report_and_log(events)
-          end
-        end
-        context 'with one event with full payload' do
-          it 'should send and log the event' do
-            events = [
-              {
-                'pattern' => '1',
-                'method' => 'request_method',
-                'uri' => 'abosolute_uri',
-                'parameter' => 'avatar',
-                'meta' => { 'l' => 'body' },
-                'session_id' => 'session_id',
-                'route_id' => 'route_id',
-                'detection_point' => 'xss',
-                'user_id' => 'user_id',
-                'full_payload' => 'full_payload'
-              }
-            ]
-            logger = double('logger')
-            expect(TCellAgent).to receive(:logger).and_return(logger)
-            expect(logger).to receive(:info).with(/"payload":"full_payload"/)
-            expect(TCellAgent).to receive(:send_event).with(
-              {
-                'event_type' => 'as',
-                'dp' => 'xss',
-                'param' => 'avatar',
-                'm' => 'request_method',
-                'pattern' => '1',
-                'meta' => { 'l' => 'body' },
-                'rid' => 'route_id',
-                'uri' => 'abosolute_uri',
-                'uid' => 'user_id',
-                'sid' => 'session_id'
-              }
-            )
-            InjectionsReporter.report_and_log(events)
-          end
-        end
-        context 'with one event with payload' do
-          it 'should send the event' do
-            events = [
-              {
-                'pattern' => '1',
-                'method' => 'request_method',
-                'uri' => 'abosolute_uri',
-                'parameter' => 'avatar',
-                'meta' => { 'l' => 'body' },
-                'session_id' => 'session_id',
-                'route_id' => 'route_id',
-                'detection_point' => 'xss',
-                'user_id' => 'user_id',
-                'payload' => 'payload'
-              }
-            ]
-            expect(TCellAgent).to_not receive(:logger)
-            expect(TCellAgent).to receive(:send_event).with(
-              {
-                'event_type' => 'as',
-                'dp' => 'xss',
-                'param' => 'avatar',
-                'm' => 'request_method',
-                'pattern' => '1',
-                'meta' => { 'l' => 'body' },
-                'rid' => 'route_id',
-                'uri' => 'abosolute_uri',
-                'uid' => 'user_id',
-                'sid' => 'session_id',
-                'payload' => 'payload'
-              }
-            )
-            InjectionsReporter.report_and_log(events)
-          end
-        end
-        context 'with one event with payload and full payload' do
-          it 'should send and log the event' do
-            events = [
-              {
-                'pattern' => '1',
-                'method' => 'request_method',
-                'uri' => 'abosolute_uri',
-                'parameter' => 'avatar',
-                'meta' => { 'l' => 'body' },
-                'session_id' => 'session_id',
-                'route_id' => 'route_id',
-                'detection_point' => 'xss',
-                'user_id' => 'user_id',
-                'payload' => 'payload',
-                'full_payload' => 'full_payload'
-              }
-            ]
-            logger = double('logger')
-            expect(TCellAgent).to receive(:logger).and_return(logger)
-            expect(logger).to receive(:info).with(/"payload":"full_payload"/)
-            expect(TCellAgent).to receive(:send_event).with(
-              {
-                'event_type' => 'as',
-                'dp' => 'xss',
-                'param' => 'avatar',
-                'm' => 'request_method',
-                'pattern' => '1',
-                'meta' => { 'l' => 'body' },
-                'rid' => 'route_id',
-                'uri' => 'abosolute_uri',
-                'uid' => 'user_id',
-                'sid' => 'session_id',
-                'payload' => 'payload'
-              }
-            )
-            InjectionsReporter.report_and_log(events)
-          end
-        end
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/cmdi_spec.rb DELETED

@@ -1,736 +0,0 @@
-require 'spec_helper'
-module TCellAgent
-  module Cmdi
-    describe '.parse_command' do
-      context 'with env' do
-        before(:each) do
-          @env = { 'TCELL_VAR' => 'enabled' }
-        end
-        context 'with string command' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command(@env, 'echo')
-            expect(cmd).to eq('echo')
-            cmd = TCellAgent::Cmdi.parse_command(@env, 'echo', :unsetenv_others => true)
-            expect(cmd).to eq('echo')
-          end
-        end
-        context 'with string command and arguments' do
-          it 'should parse the command' do
-            cmd = TCellAgent::Cmdi.parse_command(@env, 'echo', 'test', :unsetenv_others => true)
-            expect(cmd).to eq('echo test')
-            cmd = TCellAgent::Cmdi.parse_command(@env, 'echo', 'test', 'one', :unsetenv_others => true)
-            expect(cmd).to eq('echo test one')
-            cmd = TCellAgent::Cmdi.parse_command(
-              @env,
-              'magick',
-              '-size',
-              '320x85',
-              'canvas:none',
-              '-font',
-              'Bookman-DemiItalic',
-              '-draw',
-              "\"text 25,60 \'Magick\'\"",
-              :unsetenv_others => true
-            )
-            expect(cmd).to eq(
-              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-          end
-        end
-        context 'with array command' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command(@env, %w[echo argv0], :unsetenv_others => true)
-            expect(cmd).to eq('echo')
-          end
-        end
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command(@env, %w[echo argv0], 'test', :unsetenv_others => true)
-            expect(cmd).to eq('echo test')
-            cmd = TCellAgent::Cmdi.parse_command(@env, %w[echo argv0], 'test', 'one', :unsetenv_others => true)
-            expect(cmd).to eq('echo test one')
-            cmd = TCellAgent::Cmdi.parse_command(
-              @env,
-              %w[magick argv0],
-              '-size',
-              '320x85',
-              'canvas:none',
-              '-font',
-              'Bookman-DemiItalic',
-              '-draw',
-              "\"text 25,60 \'Magick\'\"",
-              :unsetenv_others => true
-            )
-            expect(cmd).to eq(
-              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-          end
-        end
-      end
-      context 'without env' do
-        context 'with string command' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command('echo')
-            expect(cmd).to eq('echo')
-            cmd = TCellAgent::Cmdi.parse_command('echo', :unsetenv_others => true)
-            expect(cmd).to eq('echo')
-          end
-        end
-        context 'with string command and arguments' do
-          it 'should parse the command' do
-            cmd = TCellAgent::Cmdi.parse_command('echo', 'test', :unsetenv_others => true)
-            expect(cmd).to eq('echo test')
-            cmd = TCellAgent::Cmdi.parse_command('echo', 'test', 'one', :unsetenv_others => true)
-            expect(cmd).to eq('echo test one')
-            cmd = TCellAgent::Cmdi.parse_command(
-              'magick',
-              '-size',
-              '320x85',
-              'canvas:none',
-              '-font',
-              'Bookman-DemiItalic',
-              '-draw',
-              "\"text 25,60 \'Magick\'\"",
-              :unsetenv_others => true
-            )
-            expect(cmd).to eq(
-              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-          end
-        end
-        context 'with array command' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command(%w[echo argv0], :unsetenv_others => true)
-            expect(cmd).to eq('echo')
-          end
-        end
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            cmd = TCellAgent::Cmdi.parse_command(%w[echo argv0], 'test', :unsetenv_others => true)
-            expect(cmd).to eq('echo test')
-            cmd = TCellAgent::Cmdi.parse_command(%w[echo argv0], 'test', 'one', :unsetenv_others => true)
-            expect(cmd).to eq('echo test one')
-            cmd = TCellAgent::Cmdi.parse_command(
-              %w[magick argv0],
-              '-size',
-              '320x85',
-              'canvas:none',
-              '-font',
-              'Bookman-DemiItalic',
-              '-draw',
-              "\"text 25,60 \'Magick\'\"",
-              :unsetenv_others => true
-            )
-            expect(cmd).to eq(
-              "magick -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-          end
-        end
-      end
-    end
-  end
-  describe IO do
-    describe '.popen' do
-      before(:each) do
-        configuration = double(
-          'configuration',
-          {
-            'app_id' => 'app_id',
-            'api_key' => 'api_key',
-            'allow_payloads' => true,
-            'js_agent_api_base_url' => 'http://api.tcell.com/',
-            'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-            'max_csp_header_bytes' => nil,
-            'event_time_limit_seconds' => 15,
-            'event_batch_size_limit' => 50,
-            'preload_policy_filename' => nil,
-            'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
-            'agent_home_owner' => nil
-          }
-        )
-        expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-        @rust_policies = TCellAgent::Policies::RustPolicies.new
-      end
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            IO.popen
-          end.to raise_error(ArgumentError)
-          expect do
-            IO.popen(nil)
-          end.to raise_error(TypeError)
-          expect do
-            IO.popen('')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'non existent command' do
-        it 'should return nil' do
-          expect do
-            IO.popen('foobar')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          expect(IO.popen('echo test').read.chomp).to eq('test')
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            IO.popen('echo test')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(@rust_policies.cmdi_enabled).to eq(false)
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_call_original
-            expect(@rust_policies).to_not receive(:block_command?)
-            IO.popen('echo test')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            IO.popen('echo test')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              IO.popen('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-      context 'with env' do
-        before(:each) do
-          @env = { 'TCELL_VAR' => 'enabled' }
-        end
-        context 'with string command' do
-          it 'should execute the command' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, 'echo', 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, 'echo', 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with string command and arguments' do
-          it 'should parse the command' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, 'echo test', 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with array command' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, [%w[echo argv0]], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo')
-            IO.popen(@env, ['echo'], 'w+', :unsetenv_others => true)
-          end
-        end
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [%w[echo argv0], 'test'], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, %w[echo test], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([@env, 'echo', 'test', :unsetenv_others => true], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(@env, [@env, 'echo', 'test', :unsetenv_others => true], 'w+', :err => %i[child out])
-          end
-        end
-      end
-      context 'without env' do
-        context 'with array command and arguments' do
-          it 'should parse the command properly' do
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen([%w[echo argv0], 'test'], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test])
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], 'w+')
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
-            IO.popen(%w[echo test], 'w+', :unsetenv_others => true)
-            expect(TCellAgent::Cmdi).to receive(:block_command?).with(
-              "echo -size 320x85 canvas:none -font Bookman-DemiItalic -draw \"text 25,60 'Magick'\""
-            )
-            IO.popen(
-              [%w[echo argv0],
-               '-size',
-               '320x85',
-               'canvas:none',
-               '-font',
-               'Bookman-DemiItalic',
-               '-draw',
-               "\"text 25,60 \'Magick\'\""],
-              :unsetenv_others => true
-            )
-          end
-        end
-      end
-    end
-  end
-  describe Kernel do
-    before(:each) do
-      configuration = double(
-        'configuration',
-        {
-          'app_id' => 'app_id',
-          'api_key' => 'api_key',
-          'allow_payloads' => true,
-          'js_agent_api_base_url' => 'http://api.tcell.com/',
-          'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-          'max_csp_header_bytes' => nil,
-          'event_time_limit_seconds' => 15,
-          'event_batch_size_limit' => 50,
-          'preload_policy_filename' => nil,
-          'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
-          'agent_home_owner' => nil
-        }
-      )
-      expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-      @rust_policies = TCellAgent::Policies::RustPolicies.new
-    end
-    describe '.backtick' do
-      context 'empty command' do
-        it 'should raise Errno::ENOENT' do
-          expect do
-            ``
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            `echo test`
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              `echo test`
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '%x methods' do
-      context 'empty command' do
-        it 'should raise Errno::ENOENT' do
-          expect do
-            ``
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            `echo test`
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(false)
-            `echo test`
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              `echo test`
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.system' do
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            system
-          end.to raise_error(ArgumentError)
-          expect do
-            system(nil)
-          end.to raise_error(TypeError)
-          expect(system('')).to be_nil
-        end
-      end
-      context 'non existent command' do
-        it 'should return nil' do
-          expect(system('foobar')).to be_nil
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          pid = system('echo test > /dev/null 2>&1')
-          expect(pid).to eq(true)
-          pid = system(RbConfig.ruby, "-e'Hello World!'", '>', '/dev/null', '2>&1')
-          expect(pid).to eq(true)
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
-            system('echo test > /dev/null 2>&1')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              system('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.spawn' do
-      context 'empty command' do
-        it 'should raise an error' do
-          expect do
-            spawn
-          end.to raise_error(ArgumentError)
-          expect do
-            spawn(nil)
-          end.to raise_error(TypeError)
-          expect do
-            spawn('')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'non existent command' do
-        it 'should raise error' do
-          expect do
-            spawn('foobar')
-          end.to raise_error(Errno::ENOENT)
-        end
-      end
-      context 'with a valid command' do
-        it 'should execute command' do
-          pid = spawn('echo test > /dev/null 2>&1')
-          expect(pid).to_not be_nil
-          pid = spawn(RbConfig.ruby, "-e'Hello World!'", '>', '/dev/null', '2>&1')
-          expect(pid).to_not be_nil
-        end
-      end
-      context 'with a non blocked command present' do
-        context 'with no command injection' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(nil)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:cmdi_enabled)
-            expect_any_instance_of(TCellAgent::Policies::RustPolicies).to_not receive(:block_command?)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection disabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(false)
-            expect(@rust_policies).to_not receive(:block_command?)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-        context 'with command injection enabled' do
-          it 'should execute the command' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test > /dev/null 2>&1', nil).and_return(false)
-            spawn('echo test > /dev/null 2>&1')
-          end
-        end
-      end
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              spawn('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-    describe '.exec' do
-      # can only test this case since exec replaces current process with new process
-      context 'with a blocked command present' do
-        context 'with command injection enabled' do
-          it 'should raise a Errno::ENOENT' do
-            expect(TCellAgent).to receive(:policy).with(
-              TCellAgent::PolicyTypes::RUST
-            ).and_return(@rust_policies)
-            expect(@rust_policies).to receive(:cmdi_enabled).and_return(true)
-            expect(@rust_policies).to receive(:block_command?).with('echo test', nil).and_return(true)
-            expect do
-              exec('echo test')
-            end.to raise_error(Errno::ENOENT)
-          end
-        end
-      end
-    end
-  end
-end