tcell_agent 1.1.12 → 2.2.0

data/spec/lib/tcell_agent/config/unknown_options_spec.rb

@@ -1,213 +0,0 @@
-require 'spec_helper'
-
-module TCellAgent
-  module Config
-    describe Validate do
-      describe '.get_unknown_options' do
-        context 'with an unknown tcell environment variable set' do
-          it 'should return a message about the unknown variable' do
-            orig_allow_uap = ENV.fetch('TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS', nil)
-            orig_allow_uafp = ENV.fetch('TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS', nil)
-            orig_allow_ap = ENV.fetch('TCELL_AGENT_ALLOW_PAYLOADS', nil)
-            orig_demomode = ENV.fetch('TCELL_DEMOMODE', nil)
-            orig_agent_home = ENV.fetch('TCELL_AGENT_HOME', nil)
-            orig_agent_log_dir = ENV.fetch('TCELL_AGENT_LOG_DIR', nil)
-            orig_agent_config = ENV.fetch('TCELL_AGENT_CONFIG', nil)
-            orig_agent_app_id = ENV.fetch('TCELL_AGENT_APP_ID', nil)
-            orig_agent_api_key = ENV.fetch('TCELL_AGENT_API_KEY', nil)
-            orig_agent_host_identifier = ENV.fetch('TCELL_AGENT_HOST_IDENTIFIER', nil)
-            orig_input_url = ENV.fetch('TCELL_INPUT_URL', nil)
-            orig_hmac_key = ENV.fetch('TCELL_HMAC_KEY', nil)
-            orig_api_url = ENV.fetch('TCELL_API_URL', nil)
-            orig_password_hmac_key = ENV.fetch('TCELL_PASSWORD_HMAC_KEY', nil)
-
-            ENV['TCELL_HACK'] = 'hack the system'
-            ENV['TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS'] = 'valid'
-            ENV['TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS'] = 'valid'
-            ENV['TCELL_AGENT_ALLOW_PAYLOADS'] = 'valid'
-            ENV['TCELL_DEMOMODE'] = 'valid'
-            ENV['TCELL_AGENT_HOME'] = 'valid'
-            ENV['TCELL_AGENT_LOG_DIR'] = 'valid'
-            ENV['TCELL_AGENT_CONFIG'] = 'valid'
-            ENV['TCELL_AGENT_APP_ID'] = 'valid'
-            ENV['TCELL_AGENT_API_KEY'] = 'valid'
-            ENV['TCELL_AGENT_HOST_IDENTIFIER'] = 'valid'
-            ENV['TCELL_INPUT_URL'] = 'valid'
-            ENV['TCELL_HMAC_KEY'] = 'valid'
-            ENV['TCELL_API_URL'] = 'valid'
-            ENV['TCELL_PASSWORD_HMAC_KEY'] = 'valid'
-
-            messages = Validate.get_unknown_options(nil)
-
-            ENV.delete 'TCELL_HACK'
-            if orig_allow_uap
-              ENV['TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS'] = orig_allow_uap
-            else
-              ENV.delete 'TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS'
-            end
-
-            if orig_allow_uafp
-              ENV['TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS'] = orig_allow_uafp
-            else
-              ENV.delete 'TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS'
-            end
-            if orig_allow_ap
-              ENV['TCELL_AGENT_ALLOW_PAYLOADS'] = orig_allow_ap
-            else
-              ENV.delete 'TCELL_AGENT_ALLOW_PAYLOADS'
-            end
-            if orig_demomode
-              ENV['TCELL_DEMOMODE'] = orig_demomode
-            else
-              ENV.delete 'TCELL_DEMOMODE'
-            end
-            if orig_agent_home
-              ENV['TCELL_AGENT_HOME'] = orig_agent_home
-            else
-              ENV.delete 'TCELL_AGENT_HOME'
-            end
-            if orig_agent_log_dir
-              ENV['TCELL_AGENT_LOG_DIR'] = orig_agent_log_dir
-            else
-              ENV.delete 'TCELL_AGENT_LOG_DIR'
-            end
-            if orig_agent_config
-              ENV['TCELL_AGENT_CONFIG'] = orig_agent_config
-            else
-              ENV.delete 'TCELL_AGENT_CONFIG'
-            end
-            if orig_agent_app_id
-              ENV['TCELL_AGENT_APP_ID'] = orig_agent_app_id
-            else
-              ENV.delete 'TCELL_AGENT_APP_ID'
-            end
-            if orig_agent_api_key
-              ENV['TCELL_AGENT_API_KEY'] = orig_agent_api_key
-            else
-              ENV.delete 'TCELL_AGENT_API_KEY'
-            end
-            if orig_agent_host_identifier
-              ENV['TCELL_AGENT_HOST_IDENTIFIER'] = orig_agent_host_identifier
-            else
-              ENV.delete 'TCELL_AGENT_HOST_IDENTIFIER'
-            end
-            if orig_input_url
-              ENV['TCELL_INPUT_URL'] = orig_input_url
-            else
-              ENV.delete 'TCELL_INPUT_URL'
-            end
-            if orig_hmac_key
-              ENV['TCELL_HMAC_KEY'] = orig_hmac_key
-            else
-              ENV.delete 'TCELL_HMAC_KEY'
-            end
-            if orig_password_hmac_key
-              ENV['TCELL_PASSWORD_HMAC_KEY'] = orig_password_hmac_key
-            else
-              ENV.delete 'TCELL_PASSWORD_HMAC_KEY'
-            end
-            if orig_api_url
-              ENV['TCELL_API_URL'] = orig_api_url
-            else
-              ENV.delete 'TCELL_API_URL'
-            end
-
-            expect(messages.sort).to eq(
-              [
-                'Unrecognized environment parameter (TCELL_*) found: TCELL_HACK'
-              ]
-            )
-          end
-        end
-
-        context 'with a config json with all options including some extra ones' do
-          it 'should report the extra options in messages' do
-            config_json = {
-              'first_level' => 'boo',
-              'version' => 1,
-              'applications' => [
-                {
-                  'second_level' => 'boo',
-                  'name' => 'name',
-                  'app_id' => 'app id',
-                  'api_key' => 'api key',
-                  'fetch_policies_from_tcell' => true,
-                  'preload_policy_filename' => 'preload policy filename',
-                  'log_dir' => 'custom log dir',
-                  'logging_options' => {
-                    'logging_level' => 'boo',
-                    'enabled' => true,
-                    'level' => 'DEBUG',
-                    'filename' => 'filename'
-                  },
-                  'tcell_api_url' => 'tcell api url',
-                  'tcell_input_url' => 'tcell input url',
-                  'host_identifier' => 'host identifier',
-                  'hipaaSafeMode' => 'hipaa safe mode',
-                  'hmac_key' => 'hmac key',
-                  'password_hmac_key' => 'password_hmac_key',
-                  'js_agent_api_base_url' => 'js agent api base url',
-                  'js_agent_url' => 'js agent url',
-                  'max_csp_header_bytes' => 512,
-                  'event_batch_size_limit' => 50,
-                  'allow_unencrypted_appsensor_payloads' => true,
-                  'allow_unencrypted_appfirewall_payloads' => true,
-                  'allow_payloads' => true,
-                  'data_exposure' => {
-                    'data_ex_level' => 'boo',
-                    'max_data_ex_db_records_per_request' => 10_000
-                  },
-                  'reverse_proxy' => true,
-                  'reverse_proxy_ip_address_header' => 'reverse proxy ip address header',
-                  'demomode' => true,
-                  # Ruby only
-                  'disable_all' => false,
-                  'enabled' => true,
-                  'enable_event_manager' => true,
-                  'enable_event_consumer' => true,
-                  'enable_policy_polling' => true,
-                  'enable_instrumentation' => true,
-                  'enable_intercept_requests' => true,
-                  'instrument_for_events' => true,
-                  'agent_home_owner' => true,
-                  'enabled_instrumentations' => {
-                    'enabled_instrumentations_level' => 'blah',
-                    'doorkeeper' => true,
-                    'devise' => true,
-                    'authlogic' => true
-                  }
-                }
-              ]
-            }
-
-            messages = Validate.get_unknown_options(config_json)
-
-            expect(messages.sort).to eq(
-              [
-                'Unrecognized config setting key: data_ex_level',
-                'Unrecognized config setting key: enabled_instrumentations_level',
-                'Unrecognized config setting key: first_level',
-                'Unrecognized config setting key: logging_level',
-                'Unrecognized config setting key: second_level'
-              ]
-            )
-          end
-        end
-
-        context 'with a config json that has more than one application' do
-          it 'should report the misconfiguration' do
-            config_json = { 'version' => 1, 'applications' => [{}, {}] }
-
-            messages = Validate.get_unknown_options(config_json)
-
-            expect(messages.sort).to eq(
-              [
-                'Multiple applications detected in config file'
-              ]
-            )
-          end
-        end
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/instrumentation_spec.rb

@@ -1,225 +0,0 @@
-require 'spec_helper'
-
-module TCellAgent
-  class MockAgent < Agent
-  end
-end
-
-module TCellAgent
-  module Instrumentation
-    describe Instrumentation do
-      before(:each) do
-        configuration = double(
-          'configuration',
-          {
-            'app_id' => 'app_id',
-            'api_key' => 'api_key',
-            'allow_payloads' => true,
-            'js_agent_api_base_url' => 'http://api.tcell.com/',
-            'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-            'max_csp_header_bytes' => nil,
-            'event_time_limit_seconds' => 15,
-            'event_batch_size_limit' => 50,
-            'preload_policy_filename' => nil,
-            'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
-            'agent_home_owner' => nil
-          }
-        )
-        expect(TCellAgent).to receive(:configuration).and_return(configuration).at_most(10)
-      end
-
-      context 'Body - SessionId Filters' do
-        it 'Tests Redaction and Events in Body' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_redact = true
-          action.action_id = 5
-          policy_json_two = {
-            'policy_id' => 'x1a1',
-            'data' => {
-              'session_id_protections' => { 'body' => ['redact'], 'log' => ['event'] }
-            }
-          }
-          session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
-          mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
-          TCellAgent.set_thread_agent(mock_agent)
-
-          context = TCellData.new
-          context.session_id = 'tim123123my'
-
-          body = 'this is about tim123123my 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_body!(body)
-          expect(body).to eq('this is about [redacted] 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(1)
-          TCellAgent.set_thread_agent(nil)
-        end
-        it 'Tests Events in Body' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_redact = true
-          action.action_id = 5
-          policy_json_two = {
-            'policy_id' => 'x1a1',
-            'data' => {
-              'session_id_protections' => { 'body' => ['event'], 'log' => ['redact'] }
-            }
-          }
-          session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
-          mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
-          TCellAgent.set_thread_agent(mock_agent)
-
-          context = TCellData.new
-          context.session_id = 'tim123123my'
-
-          body = 'this is about tim123123my 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_body!(body)
-          expect(body).to eq('this is about tim123123my 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(1)
-          TCellAgent.set_thread_agent(nil)
-        end
-      end
-      context 'Log - SessionId Filters' do
-        it 'Tests Redaction and Events in Body' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_redact = true
-          action.action_id = 5
-          policy_json_two = {
-            'policy_id' => 'x1a1',
-            'data' => {
-              'session_id_protections' => { 'body' => ['redact'], 'log' => ['redact'] }
-            }
-          }
-          session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
-          mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
-          TCellAgent.set_thread_agent(mock_agent)
-
-          context = TCellData.new
-          context.session_id = 'tim123123my'
-
-          body = 'this is about tim123123my 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_log(body)
-          expect(body).to eq('this is about [redacted] 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(1)
-          TCellAgent.set_thread_agent(nil)
-        end
-        it 'Tests Events Only' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_redact = true
-          action.action_id = 5
-          policy_json_two = {
-            'policy_id' => 'x1a1',
-            'data' => {
-              'session_id_protections' => { 'body' => ['redact'], 'log' => ['event'] }
-            }
-          }
-          session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
-          mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
-          TCellAgent.set_thread_agent(mock_agent)
-
-          context = TCellData.new
-          context.session_id = 'tim123123my'
-
-          body = 'this is about tim123123my 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_log(body)
-          expect(body).to eq('this is about tim123123my 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(1)
-          TCellAgent.set_thread_agent(nil)
-        end
-      end
-      context 'Body - Database Filters' do
-        it 'Tests Redaction and Events in Body' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_redact = true
-          action.action_id = 5
-          context = TCellData.new
-          context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
-          body = 'this is about timmy1 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_body!(body)
-          expect(body).to eq('this is about [redacted] [redacted].')
-          expect(TCellAgent.event_queue.length).to eq(2)
-        end
-        it 'Tests Event Only Match in Body' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.body_event = true
-          action.action_id = 5
-          context = TCellData.new
-          context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
-          body = 'this is about timmy1 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_body!(body)
-          expect(body).to eq('this is about timmy1 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(3) # timmy, timmy1, 3123123
-        end
-      end
-      context 'Log - Database Filters' do
-        it 'Tests Redaction and Events' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.log_redact = true
-          action.action_id = 5
-          context = TCellData.new
-          context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
-          body = 'this is about timmy1 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_log(body)
-          expect(body).to eq('this is about [redacted] [redacted].')
-          expect(TCellAgent.event_queue.length).to eq(2)
-        end
-        it 'Tests Report-Only and Events' do
-          action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
-          action.log_event = true
-          action.action_id = 5
-          context = TCellData.new
-          context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
-          context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
-          body = 'this is about timmy1 3123123.'
-          TCellAgent.empty_event_queue
-          context.filter_log(body)
-          expect(body).to eq('this is about timmy1 3123123.')
-          expect(TCellAgent.event_queue.length).to eq(3) # timmy, timmy1, 3123123
-        end
-      end
-    end
-  end
-end

data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb

@@ -1,517 +0,0 @@
-require 'spec_helper'
-
-module TCellAgent
-  module Policies
-    describe RustPolicies do
-      everything_enabled_policy_json = {
-        'appsensor' => {
-          'policy_id' => '01a1',
-          'version' => 2,
-          'data' => {
-            'options' => {
-              'uri_options' => {
-                'collect_full_uri' => true
-              },
-              'payloads' => {
-                'send_payloads' => true,
-                'send_blacklist' => {
-                  'ssn' => ['*'],
-                  'password' => ['*']
-                },
-                'send_whitelist' => {},
-                'log_payloads' => true,
-                'log_blacklist' => {},
-                'log_whitelist' => {
-                  'username' => ['*']
-                }
-              }
-            },
-            'sensors' => {
-              'req_size' => {
-                'limit' => 1024,
-                'exclude_routes' => ['2300']
-              },
-              'resp_size' => {
-                'limit' => 2048,
-                'exclude_routes' => ['2323']
-              },
-              'resp_codes' => {
-                'series_400_enabled' => true,
-                'series_500_enabled' => true
-              },
-              'xss' => {
-                'libinjection' => true,
-                'patterns' => %w[1 2 8],
-                'exclusions' => {
-                  'bob' => ['*']
-                }
-              },
-              'sqli' => {
-                'libinjection' => true,
-                'exclude_headers' => true,
-                'patterns' => ['1']
-              },
-              'fpt' => {
-                'patterns' => %w[1 2],
-                'exclude_forms' => true,
-                'exclude_cookies' => true,
-                'exclusions' => {
-                  'somethingcommon' => ['form']
-                }
-              },
-              'cmdi' => {
-                'patterns' => %w[1 2]
-              },
-              'nullbyte' => {
-                'patterns' => %w[1 2]
-              },
-              'retr' => {
-                'patterns' => %w[1 2]
-              },
-              'ua' => {
-                'empty_enabled' => true
-              },
-              'errors' => {
-                'csrf_exception_enabled' => true,
-                'sql_exception_enabled' => true
-              },
-              'database' => {
-                'large_result' => {
-                  'limit' => 10
-                }
-              }
-            }
-          }
-        },
-        'regex' => {
-          'data' => {
-            'patterns' => [
-              {
-                'id' => 'tc-xss-1',
-                'pattern' => '(?:<(script))',
-                'sensor' => 'xss',
-                'title' => 'Basic Injection'
-              },
-              {
-                'safe_pattern' => '^[a-zA-Z0-9_\\s\\r\\n\\t]*$',
-                'pattern' => '(?:[\\s()]case\\s*\\()|(?:\\)\\s*like\\s*\\()|(?:having\\s*[^\\s]+\\s*[^\\w\\s])|(?:if\\s?\\([\\d\\w]\\s*[=<>~])',
-                'sensor' => 'sqli',
-                'id' => 'tc-sqli-1',
-                'title' => 'Conditional Attempts'
-              }
-            ],
-            'version' => 1_518_546_622_571
-          },
-          'policy_id' => 'f3a313b0-10eb-11e8-8080-808080808080',
-          'version' => 1
-        }
-      }
-
-      describe '#update_policies' do
-        before(:each) do
-          configuration = double(
-            'configuration',
-            {
-              'app_id' => 'app_id',
-              'api_key' => 'api_key',
-              'allow_payloads' => true,
-              'js_agent_api_base_url' => 'http://api.tcell.com/',
-              'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-              'max_csp_header_bytes' => nil
-            }
-          )
-          expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-          @rust_policies = RustPolicies.new
-        end
-
-        context 'with v2 policy' do
-          context 'that is missing a policy id' do
-            it 'should have appfirewall disabled' do
-              logger = double('logger')
-
-              expect(TCellAgent).to receive(:logger).and_return(logger)
-              expect(logger).to receive(:error).with(
-                'Error updating policies: Failed to decode appsensor policy: missing field `policy_id`'
-              )
-
-              @rust_policies.update_policies(
-                {
-                  'appsensor' => {
-                    'version' => 2,
-                    'data' => {}
-                  }
-                }
-              )
-
-              expect(@rust_policies.appfirewall_enabled).to eq(false)
-            end
-          end
-
-          context 'that is missing a version id' do
-            it 'should have appfirewall disabled' do
-              logger = double('logger')
-
-              expect(TCellAgent).to receive(:logger).and_return(logger)
-              expect(logger).to receive(:error).with(
-                'Error updating policies: Failed to decode appsensor policy: missing field `version`'
-              )
-
-              @rust_policies.update_policies(
-                {
-                  'appsensor' => {
-                    'policy_id' => '01a1',
-                    'data' => {}
-                  }
-                }
-              )
-
-              expect(@rust_policies.appfirewall_enabled).to eq(false)
-            end
-          end
-
-          context 'that has no sensors' do
-            it 'should have all sensors disabled' do
-              expect(TCellAgent).to_not receive(:logger)
-
-              policy_json_empty = {
-                'appsensor' => {
-                  'policy_id' => '01a1',
-                  'version' => 2,
-                  'data' => {
-                  }
-                }
-              }
-
-              @rust_policies.update_policies(policy_json_empty)
-
-              expect(@rust_policies.appfirewall_enabled).to eq(false)
-            end
-          end
-
-          context 'that has empty sensors' do
-            it 'should have all sensors disabled' do
-              expect(TCellAgent).to_not receive(:logger)
-
-              policy_json_empty = {
-                'appsensor' => {
-                  'policy_id' => '01a1',
-                  'version' => 2,
-                  'data' => {
-                    'sensors' => {}
-                  }
-                }
-              }
-
-              @rust_policies.update_policies(policy_json_empty)
-
-              expect(@rust_policies.appfirewall_enabled).to eq(true)
-            end
-          end
-
-          context 'that only has xss enabled' do
-            it 'should be enabled' do
-              expect(TCellAgent).to_not receive(:logger)
-
-              policy_json = {
-                'appsensor' => {
-                  'policy_id' => '01a1',
-                  'version' => 2,
-                  'data' => {
-                    'sensors' => {
-                      'xss' => {
-                        'libinjection' => true,
-                        'patterns' => %w[1 2 8],
-                        'exclusions' => {
-                          'bob' => ['*']
-                        }
-                      }
-                    }
-                  }
-                }
-              }
-
-              @rust_policies.update_policies(policy_json)
-
-              expect(@rust_policies.appfirewall_enabled).to eq(true)
-            end
-          end
-
-          context 'that has everything enabled' do
-            it 'should be enabled' do
-              expect(TCellAgent).to_not receive(:logger)
-
-              @rust_policies.update_policies(everything_enabled_policy_json)
-
-              expect(@rust_policies.appfirewall_enabled).to eq(true)
-            end
-          end
-        end
-      end
-
-      describe '#check_appfirewall_injections' do
-        context 'with everything enabled policy' do
-          before(:each) do
-            configuration = double(
-              'configuration',
-              {
-                'enabled' => true,
-                'app_id' => 'app_id',
-                'api_key' => 'api_key',
-                'allow_payloads' => true,
-                'js_agent_api_base_url' => 'http://api.tcell.com/',
-                'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
-                'max_csp_header_bytes' => nil
-              }
-            )
-            expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
-            @rust_policies = RustPolicies.new
-            @rust_policies.update_policies(everything_enabled_policy_json)
-            @meta_data = TCellAgent::MetaData.new(
-              'GET',
-              '192.168.1.1',
-              '12345',
-              'session_id',
-              'user_id',
-              'transaction_id',
-              'http://test.com/?some_param=present'
-            )
-            @meta_data.user_agent = 'Mozilla'
-            @meta_data.response_code = 200
-          end
-
-          context 'csrf exception' do
-            context 'nil csrf exception' do
-              it 'should not send an event' do
-                expect(TCellAgent).to_not receive(:send_event)
-
-                @meta_data.csrf_exception_name = nil
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-
-            context 'empty csrf exception' do
-              it 'should not send an event' do
-                expect(TCellAgent).to_not receive(:send_event)
-
-                @meta_data.csrf_exception_name = ''
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-
-            context 'one csrf exception' do
-              it 'should send a csrf exception event' do
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'excsrf',
-                    'param' => 'ActionController::InvalidAuthenticityToken',
-                    'm' => 'GET',
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1'
-                  }
-                )
-
-                @meta_data.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-          end
-
-          context 'sql exception' do
-            context 'empty sql exceptions' do
-              it 'should not send an event' do
-                expect(TCellAgent).to_not receive(:send_event)
-
-                @meta_data.sql_exceptions = []
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-
-            context 'one sql exception' do
-              it 'should send one event' do
-                logger = double('logger')
-
-                expect(TCellAgent).to receive(:logger).and_return(logger)
-                expect(logger).to receive(:info)
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'exsql',
-                    'param' => 'ActiveRecord::StatementInvalid',
-                    'm' => 'GET',
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1',
-                    'payload' => 'exception message goes here'
-                  }
-                )
-
-                @meta_data.sql_exceptions = [{
-                  'exception_name' => 'ActiveRecord::StatementInvalid',
-                  'exception_payload' => 'exception message goes here'
-                }]
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-
-            context 'multiple sql exception' do
-              it 'should send multiple event' do
-                logger = double('logger')
-
-                expect(TCellAgent).to receive(:logger).and_return(logger).twice
-                expect(logger).to receive(:info).twice
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'exsql',
-                    'param' => 'ActiveRecord::StatementInvalid',
-                    'm' => 'GET',
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1',
-                    'payload' => 'exception message goes here'
-                  }
-                )
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'exsql',
-                    'param' => 'ActiveRecord::StatementInvalid',
-                    'm' => 'GET',
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1',
-                    'payload' => 'second exception message goes here'
-                  }
-                )
-
-                @meta_data.sql_exceptions = [
-                  {
-                    'exception_name' => 'ActiveRecord::StatementInvalid',
-                    'exception_payload' => 'exception message goes here'
-                  },
-                  {
-                    'exception_name' => 'ActiveRecord::StatementInvalid',
-                    'exception_payload' => 'second exception message goes here'
-                  }
-                ]
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-          end
-
-          context 'db max result' do
-            context 'nil db max result' do
-              it 'should not send an event' do
-                expect(TCellAgent).to_not receive(:send_event)
-
-                @meta_data.database_result_sizes = nil
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-
-            context 'empty db max result' do
-              it 'should not send an event' do
-                expect(TCellAgent).to_not receive(:send_event)
-
-                @meta_data.database_result_sizes = []
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-
-            context 'one db max result' do
-              it 'should send one event' do
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'dbmaxrows',
-                    'm' => 'GET',
-                    'meta' => { 'rows' => 1001 },
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1'
-                  }
-                )
-
-                @meta_data.database_result_sizes = [1001]
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-
-            context 'multiple db max results' do
-              it 'should send multiple event' do
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'dbmaxrows',
-                    'm' => 'GET',
-                    'meta' => { 'rows' => 1001 },
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1'
-                  }
-                )
-                expect(TCellAgent).to receive(:send_event).with(
-                  {
-                    'event_type' => 'as',
-                    'dp' => 'dbmaxrows',
-                    'm' => 'GET',
-                    'meta' => { 'rows' => 1002 },
-                    'rid' => '12345',
-                    'full_uri' => 'http://test.com/?some_param=present',
-                    'uri' => 'http://test.com/?some_param=',
-                    'uid' => 'user_id',
-                    'sid' => 'session_id',
-                    'remote_addr' => '192.168.1.1'
-                  }
-                )
-
-                @meta_data.database_result_sizes = [1001, 1002]
-                @rust_policies.check_appfirewall_injections(
-                  @meta_data
-                )
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end