tcell_agent 1.1.12 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (169) hide show
  1. checksums.yaml +5 -5
  2. data/bin/tcell_agent +45 -137
  3. data/lib/tcell_agent.rb +12 -14
  4. data/lib/tcell_agent/agent.rb +108 -97
  5. data/lib/tcell_agent/agent/route_manager.rb +0 -16
  6. data/lib/tcell_agent/agent/static_agent.rb +9 -30
  7. data/lib/tcell_agent/config_initializer.rb +66 -0
  8. data/lib/tcell_agent/configuration.rb +69 -345
  9. data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
  10. data/lib/tcell_agent/instrument_servers.rb +23 -0
  11. data/lib/tcell_agent/instrumentation.rb +12 -10
  12. data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
  13. data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
  14. data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
  15. data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
  16. data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
  17. data/lib/tcell_agent/logger.rb +49 -114
  18. data/lib/tcell_agent/patches.rb +6 -7
  19. data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
  20. data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
  21. data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
  22. data/lib/tcell_agent/policies/headers_policy.rb +25 -0
  23. data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
  24. data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
  25. data/lib/tcell_agent/policies/local_file_access.rb +28 -0
  26. data/lib/tcell_agent/policies/login_policy.rb +43 -0
  27. data/lib/tcell_agent/policies/patches_policy.rb +27 -0
  28. data/lib/tcell_agent/policies/policies_manager.rb +68 -0
  29. data/lib/tcell_agent/policies/policy_polling.rb +58 -0
  30. data/lib/tcell_agent/policies/policy_types.rb +14 -0
  31. data/lib/tcell_agent/policies/system_enablements.rb +27 -0
  32. data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
  33. data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
  34. data/lib/tcell_agent/rails/auth/devise.rb +100 -105
  35. data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
  36. data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
  37. data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
  38. data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
  39. data/lib/tcell_agent/rails/dlp.rb +35 -23
  40. data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
  41. data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
  42. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
  43. data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
  44. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  45. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
  46. data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
  47. data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
  48. data/lib/tcell_agent/rails/routes.rb +10 -12
  49. data/lib/tcell_agent/rails/routes/grape.rb +4 -14
  50. data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
  51. data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
  52. data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
  53. data/lib/tcell_agent/rust/agent_config.rb +60 -0
  54. data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
  55. data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
  56. data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
  57. data/lib/tcell_agent/rust/models.rb +6 -52
  58. data/lib/tcell_agent/rust/native_agent.rb +549 -0
  59. data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
  60. data/lib/tcell_agent/rust/native_library.rb +69 -0
  61. data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
  62. data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
  63. data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
  64. data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
  65. data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
  66. data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
  67. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
  68. data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
  69. data/lib/tcell_agent/servers/passenger.rb +1 -28
  70. data/lib/tcell_agent/servers/puma.rb +3 -21
  71. data/lib/tcell_agent/servers/rails_server.rb +1 -2
  72. data/lib/tcell_agent/servers/thin.rb +2 -2
  73. data/lib/tcell_agent/servers/unicorn.rb +19 -80
  74. data/lib/tcell_agent/servers/webrick.rb +1 -2
  75. data/lib/tcell_agent/settings_reporter.rb +11 -90
  76. data/lib/tcell_agent/sinatra.rb +14 -16
  77. data/lib/tcell_agent/tcell_context.rb +40 -14
  78. data/lib/tcell_agent/utils/headers.rb +14 -0
  79. data/lib/tcell_agent/version.rb +1 -1
  80. data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
  81. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
  82. data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
  83. data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
  84. data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
  85. data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
  86. data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
  87. data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
  88. data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
  89. data/spec/lib/tcell_agent/patches_spec.rb +25 -43
  90. data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
  91. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
  92. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
  93. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
  94. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
  95. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
  96. data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
  97. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
  98. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
  99. data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
  100. data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
  101. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
  102. data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
  103. data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
  104. data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
  105. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
  106. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
  107. data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
  108. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
  109. data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
  110. data/spec/spec_helper.rb +1 -1
  111. data/spec/support/builders.rb +103 -0
  112. data/spec/support/force_logger_mocking.rb +38 -0
  113. data/spec/support/resources/lfi_sample_file.txt +2 -0
  114. data/spec/support/static_agent_overrides.rb +0 -15
  115. metadata +72 -83
  116. data/lib/tcell_agent/agent/event_processor.rb +0 -326
  117. data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
  118. data/lib/tcell_agent/agent/policy_manager.rb +0 -219
  119. data/lib/tcell_agent/agent/policy_types.rb +0 -30
  120. data/lib/tcell_agent/api.rb +0 -91
  121. data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
  122. data/lib/tcell_agent/authlogic.rb +0 -26
  123. data/lib/tcell_agent/config/child_process_events.rb +0 -8
  124. data/lib/tcell_agent/config/unknown_options.rb +0 -123
  125. data/lib/tcell_agent/devise.rb +0 -35
  126. data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
  127. data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
  128. data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
  129. data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
  130. data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
  131. data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
  132. data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
  133. data/lib/tcell_agent/policies/rust_policies.rb +0 -110
  134. data/lib/tcell_agent/rails/on_start.rb +0 -41
  135. data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
  136. data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
  137. data/lib/tcell_agent/rust/whisperer.rb +0 -308
  138. data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
  139. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
  140. data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
  141. data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
  142. data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
  143. data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
  144. data/lib/tcell_agent/sensor_events/patches.rb +0 -21
  145. data/lib/tcell_agent/start_background_thread.rb +0 -55
  146. data/lib/tcell_agent/system_info.rb +0 -11
  147. data/lib/tcell_agent/utils/io.rb +0 -38
  148. data/lib/tcell_agent/utils/passwords.rb +0 -28
  149. data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
  150. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
  151. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
  152. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
  153. data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
  154. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
  155. data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
  156. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
  157. data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
  158. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
  159. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
  160. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
  161. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
  162. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
  163. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
  164. data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
  165. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
  166. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
  167. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
  168. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
  169. data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -1,213 +0,0 @@
1
- require 'spec_helper'
2
-
3
- module TCellAgent
4
- module Config
5
- describe Validate do
6
- describe '.get_unknown_options' do
7
- context 'with an unknown tcell environment variable set' do
8
- it 'should return a message about the unknown variable' do
9
- orig_allow_uap = ENV.fetch('TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS', nil)
10
- orig_allow_uafp = ENV.fetch('TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS', nil)
11
- orig_allow_ap = ENV.fetch('TCELL_AGENT_ALLOW_PAYLOADS', nil)
12
- orig_demomode = ENV.fetch('TCELL_DEMOMODE', nil)
13
- orig_agent_home = ENV.fetch('TCELL_AGENT_HOME', nil)
14
- orig_agent_log_dir = ENV.fetch('TCELL_AGENT_LOG_DIR', nil)
15
- orig_agent_config = ENV.fetch('TCELL_AGENT_CONFIG', nil)
16
- orig_agent_app_id = ENV.fetch('TCELL_AGENT_APP_ID', nil)
17
- orig_agent_api_key = ENV.fetch('TCELL_AGENT_API_KEY', nil)
18
- orig_agent_host_identifier = ENV.fetch('TCELL_AGENT_HOST_IDENTIFIER', nil)
19
- orig_input_url = ENV.fetch('TCELL_INPUT_URL', nil)
20
- orig_hmac_key = ENV.fetch('TCELL_HMAC_KEY', nil)
21
- orig_api_url = ENV.fetch('TCELL_API_URL', nil)
22
- orig_password_hmac_key = ENV.fetch('TCELL_PASSWORD_HMAC_KEY', nil)
23
-
24
- ENV['TCELL_HACK'] = 'hack the system'
25
- ENV['TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS'] = 'valid'
26
- ENV['TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS'] = 'valid'
27
- ENV['TCELL_AGENT_ALLOW_PAYLOADS'] = 'valid'
28
- ENV['TCELL_DEMOMODE'] = 'valid'
29
- ENV['TCELL_AGENT_HOME'] = 'valid'
30
- ENV['TCELL_AGENT_LOG_DIR'] = 'valid'
31
- ENV['TCELL_AGENT_CONFIG'] = 'valid'
32
- ENV['TCELL_AGENT_APP_ID'] = 'valid'
33
- ENV['TCELL_AGENT_API_KEY'] = 'valid'
34
- ENV['TCELL_AGENT_HOST_IDENTIFIER'] = 'valid'
35
- ENV['TCELL_INPUT_URL'] = 'valid'
36
- ENV['TCELL_HMAC_KEY'] = 'valid'
37
- ENV['TCELL_API_URL'] = 'valid'
38
- ENV['TCELL_PASSWORD_HMAC_KEY'] = 'valid'
39
-
40
- messages = Validate.get_unknown_options(nil)
41
-
42
- ENV.delete 'TCELL_HACK'
43
- if orig_allow_uap
44
- ENV['TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS'] = orig_allow_uap
45
- else
46
- ENV.delete 'TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS'
47
- end
48
-
49
- if orig_allow_uafp
50
- ENV['TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS'] = orig_allow_uafp
51
- else
52
- ENV.delete 'TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS'
53
- end
54
- if orig_allow_ap
55
- ENV['TCELL_AGENT_ALLOW_PAYLOADS'] = orig_allow_ap
56
- else
57
- ENV.delete 'TCELL_AGENT_ALLOW_PAYLOADS'
58
- end
59
- if orig_demomode
60
- ENV['TCELL_DEMOMODE'] = orig_demomode
61
- else
62
- ENV.delete 'TCELL_DEMOMODE'
63
- end
64
- if orig_agent_home
65
- ENV['TCELL_AGENT_HOME'] = orig_agent_home
66
- else
67
- ENV.delete 'TCELL_AGENT_HOME'
68
- end
69
- if orig_agent_log_dir
70
- ENV['TCELL_AGENT_LOG_DIR'] = orig_agent_log_dir
71
- else
72
- ENV.delete 'TCELL_AGENT_LOG_DIR'
73
- end
74
- if orig_agent_config
75
- ENV['TCELL_AGENT_CONFIG'] = orig_agent_config
76
- else
77
- ENV.delete 'TCELL_AGENT_CONFIG'
78
- end
79
- if orig_agent_app_id
80
- ENV['TCELL_AGENT_APP_ID'] = orig_agent_app_id
81
- else
82
- ENV.delete 'TCELL_AGENT_APP_ID'
83
- end
84
- if orig_agent_api_key
85
- ENV['TCELL_AGENT_API_KEY'] = orig_agent_api_key
86
- else
87
- ENV.delete 'TCELL_AGENT_API_KEY'
88
- end
89
- if orig_agent_host_identifier
90
- ENV['TCELL_AGENT_HOST_IDENTIFIER'] = orig_agent_host_identifier
91
- else
92
- ENV.delete 'TCELL_AGENT_HOST_IDENTIFIER'
93
- end
94
- if orig_input_url
95
- ENV['TCELL_INPUT_URL'] = orig_input_url
96
- else
97
- ENV.delete 'TCELL_INPUT_URL'
98
- end
99
- if orig_hmac_key
100
- ENV['TCELL_HMAC_KEY'] = orig_hmac_key
101
- else
102
- ENV.delete 'TCELL_HMAC_KEY'
103
- end
104
- if orig_password_hmac_key
105
- ENV['TCELL_PASSWORD_HMAC_KEY'] = orig_password_hmac_key
106
- else
107
- ENV.delete 'TCELL_PASSWORD_HMAC_KEY'
108
- end
109
- if orig_api_url
110
- ENV['TCELL_API_URL'] = orig_api_url
111
- else
112
- ENV.delete 'TCELL_API_URL'
113
- end
114
-
115
- expect(messages.sort).to eq(
116
- [
117
- 'Unrecognized environment parameter (TCELL_*) found: TCELL_HACK'
118
- ]
119
- )
120
- end
121
- end
122
-
123
- context 'with a config json with all options including some extra ones' do
124
- it 'should report the extra options in messages' do
125
- config_json = {
126
- 'first_level' => 'boo',
127
- 'version' => 1,
128
- 'applications' => [
129
- {
130
- 'second_level' => 'boo',
131
- 'name' => 'name',
132
- 'app_id' => 'app id',
133
- 'api_key' => 'api key',
134
- 'fetch_policies_from_tcell' => true,
135
- 'preload_policy_filename' => 'preload policy filename',
136
- 'log_dir' => 'custom log dir',
137
- 'logging_options' => {
138
- 'logging_level' => 'boo',
139
- 'enabled' => true,
140
- 'level' => 'DEBUG',
141
- 'filename' => 'filename'
142
- },
143
- 'tcell_api_url' => 'tcell api url',
144
- 'tcell_input_url' => 'tcell input url',
145
- 'host_identifier' => 'host identifier',
146
- 'hipaaSafeMode' => 'hipaa safe mode',
147
- 'hmac_key' => 'hmac key',
148
- 'password_hmac_key' => 'password_hmac_key',
149
- 'js_agent_api_base_url' => 'js agent api base url',
150
- 'js_agent_url' => 'js agent url',
151
- 'max_csp_header_bytes' => 512,
152
- 'event_batch_size_limit' => 50,
153
- 'allow_unencrypted_appsensor_payloads' => true,
154
- 'allow_unencrypted_appfirewall_payloads' => true,
155
- 'allow_payloads' => true,
156
- 'data_exposure' => {
157
- 'data_ex_level' => 'boo',
158
- 'max_data_ex_db_records_per_request' => 10_000
159
- },
160
- 'reverse_proxy' => true,
161
- 'reverse_proxy_ip_address_header' => 'reverse proxy ip address header',
162
- 'demomode' => true,
163
- # Ruby only
164
- 'disable_all' => false,
165
- 'enabled' => true,
166
- 'enable_event_manager' => true,
167
- 'enable_event_consumer' => true,
168
- 'enable_policy_polling' => true,
169
- 'enable_instrumentation' => true,
170
- 'enable_intercept_requests' => true,
171
- 'instrument_for_events' => true,
172
- 'agent_home_owner' => true,
173
- 'enabled_instrumentations' => {
174
- 'enabled_instrumentations_level' => 'blah',
175
- 'doorkeeper' => true,
176
- 'devise' => true,
177
- 'authlogic' => true
178
- }
179
- }
180
- ]
181
- }
182
-
183
- messages = Validate.get_unknown_options(config_json)
184
-
185
- expect(messages.sort).to eq(
186
- [
187
- 'Unrecognized config setting key: data_ex_level',
188
- 'Unrecognized config setting key: enabled_instrumentations_level',
189
- 'Unrecognized config setting key: first_level',
190
- 'Unrecognized config setting key: logging_level',
191
- 'Unrecognized config setting key: second_level'
192
- ]
193
- )
194
- end
195
- end
196
-
197
- context 'with a config json that has more than one application' do
198
- it 'should report the misconfiguration' do
199
- config_json = { 'version' => 1, 'applications' => [{}, {}] }
200
-
201
- messages = Validate.get_unknown_options(config_json)
202
-
203
- expect(messages.sort).to eq(
204
- [
205
- 'Multiple applications detected in config file'
206
- ]
207
- )
208
- end
209
- end
210
- end
211
- end
212
- end
213
- end
@@ -1,225 +0,0 @@
1
- require 'spec_helper'
2
-
3
- module TCellAgent
4
- class MockAgent < Agent
5
- end
6
- end
7
-
8
- module TCellAgent
9
- module Instrumentation
10
- describe Instrumentation do
11
- before(:each) do
12
- configuration = double(
13
- 'configuration',
14
- {
15
- 'app_id' => 'app_id',
16
- 'api_key' => 'api_key',
17
- 'allow_payloads' => true,
18
- 'js_agent_api_base_url' => 'http://api.tcell.com/',
19
- 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
20
- 'max_csp_header_bytes' => nil,
21
- 'event_time_limit_seconds' => 15,
22
- 'event_batch_size_limit' => 50,
23
- 'preload_policy_filename' => nil,
24
- 'cache_filename_with_app_id' => '/tcellagent_src/tcell/cache/tcell_agent.cache',
25
- 'agent_home_owner' => nil
26
- }
27
- )
28
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_most(10)
29
- end
30
-
31
- context 'Body - SessionId Filters' do
32
- it 'Tests Redaction and Events in Body' do
33
- action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
34
- action.body_redact = true
35
- action.action_id = 5
36
- policy_json_two = {
37
- 'policy_id' => 'x1a1',
38
- 'data' => {
39
- 'session_id_protections' => { 'body' => ['redact'], 'log' => ['event'] }
40
- }
41
- }
42
- session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
43
- mock_agent = MockAgent.new(-1)
44
- mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
45
- TCellAgent.set_thread_agent(mock_agent)
46
-
47
- context = TCellData.new
48
- context.session_id = 'tim123123my'
49
-
50
- body = 'this is about tim123123my 3123123.'
51
- TCellAgent.empty_event_queue
52
- context.filter_body!(body)
53
- expect(body).to eq('this is about [redacted] 3123123.')
54
- expect(TCellAgent.event_queue.length).to eq(1)
55
- TCellAgent.set_thread_agent(nil)
56
- end
57
- it 'Tests Events in Body' do
58
- action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
59
- action.body_redact = true
60
- action.action_id = 5
61
- policy_json_two = {
62
- 'policy_id' => 'x1a1',
63
- 'data' => {
64
- 'session_id_protections' => { 'body' => ['event'], 'log' => ['redact'] }
65
- }
66
- }
67
- session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
68
- mock_agent = MockAgent.new(-1)
69
- mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
70
- TCellAgent.set_thread_agent(mock_agent)
71
-
72
- context = TCellData.new
73
- context.session_id = 'tim123123my'
74
-
75
- body = 'this is about tim123123my 3123123.'
76
- TCellAgent.empty_event_queue
77
- context.filter_body!(body)
78
- expect(body).to eq('this is about tim123123my 3123123.')
79
- expect(TCellAgent.event_queue.length).to eq(1)
80
- TCellAgent.set_thread_agent(nil)
81
- end
82
- end
83
- context 'Log - SessionId Filters' do
84
- it 'Tests Redaction and Events in Body' do
85
- action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
86
- action.body_redact = true
87
- action.action_id = 5
88
- policy_json_two = {
89
- 'policy_id' => 'x1a1',
90
- 'data' => {
91
- 'session_id_protections' => { 'body' => ['redact'], 'log' => ['redact'] }
92
- }
93
- }
94
- session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
95
- mock_agent = MockAgent.new(-1)
96
- mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
97
- TCellAgent.set_thread_agent(mock_agent)
98
-
99
- context = TCellData.new
100
- context.session_id = 'tim123123my'
101
-
102
- body = 'this is about tim123123my 3123123.'
103
- TCellAgent.empty_event_queue
104
- context.filter_log(body)
105
- expect(body).to eq('this is about [redacted] 3123123.')
106
- expect(TCellAgent.event_queue.length).to eq(1)
107
- TCellAgent.set_thread_agent(nil)
108
- end
109
- it 'Tests Events Only' do
110
- action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
111
- action.body_redact = true
112
- action.action_id = 5
113
- policy_json_two = {
114
- 'policy_id' => 'x1a1',
115
- 'data' => {
116
- 'session_id_protections' => { 'body' => ['redact'], 'log' => ['event'] }
117
- }
118
- }
119
- session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
120
- mock_agent = MockAgent.new(-1)
121
- mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
122
- TCellAgent.set_thread_agent(mock_agent)
123
-
124
- context = TCellData.new
125
- context.session_id = 'tim123123my'
126
-
127
- body = 'this is about tim123123my 3123123.'
128
- TCellAgent.empty_event_queue
129
- context.filter_log(body)
130
- expect(body).to eq('this is about tim123123my 3123123.')
131
- expect(TCellAgent.event_queue.length).to eq(1)
132
- TCellAgent.set_thread_agent(nil)
133
- end
134
- end
135
- context 'Body - Database Filters' do
136
- it 'Tests Redaction and Events in Body' do
137
- action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
138
- action.body_redact = true
139
- action.action_id = 5
140
- context = TCellData.new
141
- context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
142
- context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
143
- context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
144
- context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
145
- context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
146
- context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
147
- context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
148
- context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
149
- context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
150
- context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
151
- body = 'this is about timmy1 3123123.'
152
- TCellAgent.empty_event_queue
153
- context.filter_body!(body)
154
- expect(body).to eq('this is about [redacted] [redacted].')
155
- expect(TCellAgent.event_queue.length).to eq(2)
156
- end
157
- it 'Tests Event Only Match in Body' do
158
- action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
159
- action.body_event = true
160
- action.action_id = 5
161
- context = TCellData.new
162
- context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
163
- context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
164
- context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
165
- context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
166
- context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
167
- context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
168
- context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
169
- context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
170
- context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
171
- context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
172
- body = 'this is about timmy1 3123123.'
173
- TCellAgent.empty_event_queue
174
- context.filter_body!(body)
175
- expect(body).to eq('this is about timmy1 3123123.')
176
- expect(TCellAgent.event_queue.length).to eq(3) # timmy, timmy1, 3123123
177
- end
178
- end
179
- context 'Log - Database Filters' do
180
- it 'Tests Redaction and Events' do
181
- action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
182
- action.log_redact = true
183
- action.action_id = 5
184
- context = TCellData.new
185
- context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
186
- context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
187
- context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
188
- context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
189
- context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
190
- context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
191
- context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
192
- context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
193
- context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
194
- context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
195
- body = 'this is about timmy1 3123123.'
196
- TCellAgent.empty_event_queue
197
- context.filter_log(body)
198
- expect(body).to eq('this is about [redacted] [redacted].')
199
- expect(TCellAgent.event_queue.length).to eq(2)
200
- end
201
- it 'Tests Report-Only and Events' do
202
- action = TCellAgent::Policies::DataLossPolicy::FilterActions.new
203
- action.log_event = true
204
- action.action_id = 5
205
- context = TCellData.new
206
- context.add_response_db_filter('timmy', action, 'don', 'sam', 'tim', 'fred')
207
- context.add_response_db_filter('timmy23', action, 'don', 'sam', 'tim', 'fred')
208
- context.add_response_db_filter('3123123', action, 'don', 'sam', 'tim', 'fred')
209
- context.add_response_db_filter('tim123my', action, 'don', 'sam', 'tim', 'fred')
210
- context.add_response_db_filter('timmy1', action, 'don', 'sam', 'tim', 'fred')
211
- context.add_response_db_filter('tim123123my', action, 'don', 'sam', 'tim', 'fred')
212
- context.add_response_db_filter('ti21312mmy', action, 'don', 'sam', 'tim', 'fred')
213
- context.add_response_db_filter('ti123123mmy', action, 'don', 'sam', 'tim', 'fred')
214
- context.add_response_db_filter(10_233_234, action, 'don', 'sam', 'tim', 'fred')
215
- context.add_response_db_filter(true, action, 'don', 'sam', 'tim', 'fred')
216
- body = 'this is about timmy1 3123123.'
217
- TCellAgent.empty_event_queue
218
- context.filter_log(body)
219
- expect(body).to eq('this is about timmy1 3123123.')
220
- expect(TCellAgent.event_queue.length).to eq(3) # timmy, timmy1, 3123123
221
- end
222
- end
223
- end
224
- end
225
- end
@@ -1,517 +0,0 @@
1
- require 'spec_helper'
2
-
3
- module TCellAgent
4
- module Policies
5
- describe RustPolicies do
6
- everything_enabled_policy_json = {
7
- 'appsensor' => {
8
- 'policy_id' => '01a1',
9
- 'version' => 2,
10
- 'data' => {
11
- 'options' => {
12
- 'uri_options' => {
13
- 'collect_full_uri' => true
14
- },
15
- 'payloads' => {
16
- 'send_payloads' => true,
17
- 'send_blacklist' => {
18
- 'ssn' => ['*'],
19
- 'password' => ['*']
20
- },
21
- 'send_whitelist' => {},
22
- 'log_payloads' => true,
23
- 'log_blacklist' => {},
24
- 'log_whitelist' => {
25
- 'username' => ['*']
26
- }
27
- }
28
- },
29
- 'sensors' => {
30
- 'req_size' => {
31
- 'limit' => 1024,
32
- 'exclude_routes' => ['2300']
33
- },
34
- 'resp_size' => {
35
- 'limit' => 2048,
36
- 'exclude_routes' => ['2323']
37
- },
38
- 'resp_codes' => {
39
- 'series_400_enabled' => true,
40
- 'series_500_enabled' => true
41
- },
42
- 'xss' => {
43
- 'libinjection' => true,
44
- 'patterns' => %w[1 2 8],
45
- 'exclusions' => {
46
- 'bob' => ['*']
47
- }
48
- },
49
- 'sqli' => {
50
- 'libinjection' => true,
51
- 'exclude_headers' => true,
52
- 'patterns' => ['1']
53
- },
54
- 'fpt' => {
55
- 'patterns' => %w[1 2],
56
- 'exclude_forms' => true,
57
- 'exclude_cookies' => true,
58
- 'exclusions' => {
59
- 'somethingcommon' => ['form']
60
- }
61
- },
62
- 'cmdi' => {
63
- 'patterns' => %w[1 2]
64
- },
65
- 'nullbyte' => {
66
- 'patterns' => %w[1 2]
67
- },
68
- 'retr' => {
69
- 'patterns' => %w[1 2]
70
- },
71
- 'ua' => {
72
- 'empty_enabled' => true
73
- },
74
- 'errors' => {
75
- 'csrf_exception_enabled' => true,
76
- 'sql_exception_enabled' => true
77
- },
78
- 'database' => {
79
- 'large_result' => {
80
- 'limit' => 10
81
- }
82
- }
83
- }
84
- }
85
- },
86
- 'regex' => {
87
- 'data' => {
88
- 'patterns' => [
89
- {
90
- 'id' => 'tc-xss-1',
91
- 'pattern' => '(?:<(script))',
92
- 'sensor' => 'xss',
93
- 'title' => 'Basic Injection'
94
- },
95
- {
96
- 'safe_pattern' => '^[a-zA-Z0-9_\\s\\r\\n\\t]*$',
97
- 'pattern' => '(?:[\\s()]case\\s*\\()|(?:\\)\\s*like\\s*\\()|(?:having\\s*[^\\s]+\\s*[^\\w\\s])|(?:if\\s?\\([\\d\\w]\\s*[=<>~])',
98
- 'sensor' => 'sqli',
99
- 'id' => 'tc-sqli-1',
100
- 'title' => 'Conditional Attempts'
101
- }
102
- ],
103
- 'version' => 1_518_546_622_571
104
- },
105
- 'policy_id' => 'f3a313b0-10eb-11e8-8080-808080808080',
106
- 'version' => 1
107
- }
108
- }
109
-
110
- describe '#update_policies' do
111
- before(:each) do
112
- configuration = double(
113
- 'configuration',
114
- {
115
- 'app_id' => 'app_id',
116
- 'api_key' => 'api_key',
117
- 'allow_payloads' => true,
118
- 'js_agent_api_base_url' => 'http://api.tcell.com/',
119
- 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
120
- 'max_csp_header_bytes' => nil
121
- }
122
- )
123
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
124
- @rust_policies = RustPolicies.new
125
- end
126
-
127
- context 'with v2 policy' do
128
- context 'that is missing a policy id' do
129
- it 'should have appfirewall disabled' do
130
- logger = double('logger')
131
-
132
- expect(TCellAgent).to receive(:logger).and_return(logger)
133
- expect(logger).to receive(:error).with(
134
- 'Error updating policies: Failed to decode appsensor policy: missing field `policy_id`'
135
- )
136
-
137
- @rust_policies.update_policies(
138
- {
139
- 'appsensor' => {
140
- 'version' => 2,
141
- 'data' => {}
142
- }
143
- }
144
- )
145
-
146
- expect(@rust_policies.appfirewall_enabled).to eq(false)
147
- end
148
- end
149
-
150
- context 'that is missing a version id' do
151
- it 'should have appfirewall disabled' do
152
- logger = double('logger')
153
-
154
- expect(TCellAgent).to receive(:logger).and_return(logger)
155
- expect(logger).to receive(:error).with(
156
- 'Error updating policies: Failed to decode appsensor policy: missing field `version`'
157
- )
158
-
159
- @rust_policies.update_policies(
160
- {
161
- 'appsensor' => {
162
- 'policy_id' => '01a1',
163
- 'data' => {}
164
- }
165
- }
166
- )
167
-
168
- expect(@rust_policies.appfirewall_enabled).to eq(false)
169
- end
170
- end
171
-
172
- context 'that has no sensors' do
173
- it 'should have all sensors disabled' do
174
- expect(TCellAgent).to_not receive(:logger)
175
-
176
- policy_json_empty = {
177
- 'appsensor' => {
178
- 'policy_id' => '01a1',
179
- 'version' => 2,
180
- 'data' => {
181
- }
182
- }
183
- }
184
-
185
- @rust_policies.update_policies(policy_json_empty)
186
-
187
- expect(@rust_policies.appfirewall_enabled).to eq(false)
188
- end
189
- end
190
-
191
- context 'that has empty sensors' do
192
- it 'should have all sensors disabled' do
193
- expect(TCellAgent).to_not receive(:logger)
194
-
195
- policy_json_empty = {
196
- 'appsensor' => {
197
- 'policy_id' => '01a1',
198
- 'version' => 2,
199
- 'data' => {
200
- 'sensors' => {}
201
- }
202
- }
203
- }
204
-
205
- @rust_policies.update_policies(policy_json_empty)
206
-
207
- expect(@rust_policies.appfirewall_enabled).to eq(true)
208
- end
209
- end
210
-
211
- context 'that only has xss enabled' do
212
- it 'should be enabled' do
213
- expect(TCellAgent).to_not receive(:logger)
214
-
215
- policy_json = {
216
- 'appsensor' => {
217
- 'policy_id' => '01a1',
218
- 'version' => 2,
219
- 'data' => {
220
- 'sensors' => {
221
- 'xss' => {
222
- 'libinjection' => true,
223
- 'patterns' => %w[1 2 8],
224
- 'exclusions' => {
225
- 'bob' => ['*']
226
- }
227
- }
228
- }
229
- }
230
- }
231
- }
232
-
233
- @rust_policies.update_policies(policy_json)
234
-
235
- expect(@rust_policies.appfirewall_enabled).to eq(true)
236
- end
237
- end
238
-
239
- context 'that has everything enabled' do
240
- it 'should be enabled' do
241
- expect(TCellAgent).to_not receive(:logger)
242
-
243
- @rust_policies.update_policies(everything_enabled_policy_json)
244
-
245
- expect(@rust_policies.appfirewall_enabled).to eq(true)
246
- end
247
- end
248
- end
249
- end
250
-
251
- describe '#check_appfirewall_injections' do
252
- context 'with everything enabled policy' do
253
- before(:each) do
254
- configuration = double(
255
- 'configuration',
256
- {
257
- 'enabled' => true,
258
- 'app_id' => 'app_id',
259
- 'api_key' => 'api_key',
260
- 'allow_payloads' => true,
261
- 'js_agent_api_base_url' => 'http://api.tcell.com/',
262
- 'js_agent_url' => 'https://jsagent.tcell.io/tcellagent.min.js',
263
- 'max_csp_header_bytes' => nil
264
- }
265
- )
266
- expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
267
- @rust_policies = RustPolicies.new
268
- @rust_policies.update_policies(everything_enabled_policy_json)
269
- @meta_data = TCellAgent::MetaData.new(
270
- 'GET',
271
- '192.168.1.1',
272
- '12345',
273
- 'session_id',
274
- 'user_id',
275
- 'transaction_id',
276
- 'http://test.com/?some_param=present'
277
- )
278
- @meta_data.user_agent = 'Mozilla'
279
- @meta_data.response_code = 200
280
- end
281
-
282
- context 'csrf exception' do
283
- context 'nil csrf exception' do
284
- it 'should not send an event' do
285
- expect(TCellAgent).to_not receive(:send_event)
286
-
287
- @meta_data.csrf_exception_name = nil
288
- @rust_policies.check_appfirewall_injections(
289
- @meta_data
290
- )
291
- end
292
- end
293
-
294
- context 'empty csrf exception' do
295
- it 'should not send an event' do
296
- expect(TCellAgent).to_not receive(:send_event)
297
-
298
- @meta_data.csrf_exception_name = ''
299
- @rust_policies.check_appfirewall_injections(
300
- @meta_data
301
- )
302
- end
303
- end
304
-
305
- context 'one csrf exception' do
306
- it 'should send a csrf exception event' do
307
- expect(TCellAgent).to receive(:send_event).with(
308
- {
309
- 'event_type' => 'as',
310
- 'dp' => 'excsrf',
311
- 'param' => 'ActionController::InvalidAuthenticityToken',
312
- 'm' => 'GET',
313
- 'rid' => '12345',
314
- 'full_uri' => 'http://test.com/?some_param=present',
315
- 'uri' => 'http://test.com/?some_param=',
316
- 'uid' => 'user_id',
317
- 'sid' => 'session_id',
318
- 'remote_addr' => '192.168.1.1'
319
- }
320
- )
321
-
322
- @meta_data.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
323
- @rust_policies.check_appfirewall_injections(
324
- @meta_data
325
- )
326
- end
327
- end
328
- end
329
-
330
- context 'sql exception' do
331
- context 'empty sql exceptions' do
332
- it 'should not send an event' do
333
- expect(TCellAgent).to_not receive(:send_event)
334
-
335
- @meta_data.sql_exceptions = []
336
- @rust_policies.check_appfirewall_injections(
337
- @meta_data
338
- )
339
- end
340
- end
341
-
342
- context 'one sql exception' do
343
- it 'should send one event' do
344
- logger = double('logger')
345
-
346
- expect(TCellAgent).to receive(:logger).and_return(logger)
347
- expect(logger).to receive(:info)
348
- expect(TCellAgent).to receive(:send_event).with(
349
- {
350
- 'event_type' => 'as',
351
- 'dp' => 'exsql',
352
- 'param' => 'ActiveRecord::StatementInvalid',
353
- 'm' => 'GET',
354
- 'rid' => '12345',
355
- 'full_uri' => 'http://test.com/?some_param=present',
356
- 'uri' => 'http://test.com/?some_param=',
357
- 'uid' => 'user_id',
358
- 'sid' => 'session_id',
359
- 'remote_addr' => '192.168.1.1',
360
- 'payload' => 'exception message goes here'
361
- }
362
- )
363
-
364
- @meta_data.sql_exceptions = [{
365
- 'exception_name' => 'ActiveRecord::StatementInvalid',
366
- 'exception_payload' => 'exception message goes here'
367
- }]
368
- @rust_policies.check_appfirewall_injections(
369
- @meta_data
370
- )
371
- end
372
- end
373
-
374
- context 'multiple sql exception' do
375
- it 'should send multiple event' do
376
- logger = double('logger')
377
-
378
- expect(TCellAgent).to receive(:logger).and_return(logger).twice
379
- expect(logger).to receive(:info).twice
380
- expect(TCellAgent).to receive(:send_event).with(
381
- {
382
- 'event_type' => 'as',
383
- 'dp' => 'exsql',
384
- 'param' => 'ActiveRecord::StatementInvalid',
385
- 'm' => 'GET',
386
- 'rid' => '12345',
387
- 'full_uri' => 'http://test.com/?some_param=present',
388
- 'uri' => 'http://test.com/?some_param=',
389
- 'uid' => 'user_id',
390
- 'sid' => 'session_id',
391
- 'remote_addr' => '192.168.1.1',
392
- 'payload' => 'exception message goes here'
393
- }
394
- )
395
- expect(TCellAgent).to receive(:send_event).with(
396
- {
397
- 'event_type' => 'as',
398
- 'dp' => 'exsql',
399
- 'param' => 'ActiveRecord::StatementInvalid',
400
- 'm' => 'GET',
401
- 'rid' => '12345',
402
- 'full_uri' => 'http://test.com/?some_param=present',
403
- 'uri' => 'http://test.com/?some_param=',
404
- 'uid' => 'user_id',
405
- 'sid' => 'session_id',
406
- 'remote_addr' => '192.168.1.1',
407
- 'payload' => 'second exception message goes here'
408
- }
409
- )
410
-
411
- @meta_data.sql_exceptions = [
412
- {
413
- 'exception_name' => 'ActiveRecord::StatementInvalid',
414
- 'exception_payload' => 'exception message goes here'
415
- },
416
- {
417
- 'exception_name' => 'ActiveRecord::StatementInvalid',
418
- 'exception_payload' => 'second exception message goes here'
419
- }
420
- ]
421
- @rust_policies.check_appfirewall_injections(
422
- @meta_data
423
- )
424
- end
425
- end
426
- end
427
-
428
- context 'db max result' do
429
- context 'nil db max result' do
430
- it 'should not send an event' do
431
- expect(TCellAgent).to_not receive(:send_event)
432
-
433
- @meta_data.database_result_sizes = nil
434
- @rust_policies.check_appfirewall_injections(
435
- @meta_data
436
- )
437
- end
438
- end
439
-
440
- context 'empty db max result' do
441
- it 'should not send an event' do
442
- expect(TCellAgent).to_not receive(:send_event)
443
-
444
- @meta_data.database_result_sizes = []
445
- @rust_policies.check_appfirewall_injections(
446
- @meta_data
447
- )
448
- end
449
- end
450
-
451
- context 'one db max result' do
452
- it 'should send one event' do
453
- expect(TCellAgent).to receive(:send_event).with(
454
- {
455
- 'event_type' => 'as',
456
- 'dp' => 'dbmaxrows',
457
- 'm' => 'GET',
458
- 'meta' => { 'rows' => 1001 },
459
- 'rid' => '12345',
460
- 'full_uri' => 'http://test.com/?some_param=present',
461
- 'uri' => 'http://test.com/?some_param=',
462
- 'uid' => 'user_id',
463
- 'sid' => 'session_id',
464
- 'remote_addr' => '192.168.1.1'
465
- }
466
- )
467
-
468
- @meta_data.database_result_sizes = [1001]
469
- @rust_policies.check_appfirewall_injections(
470
- @meta_data
471
- )
472
- end
473
- end
474
-
475
- context 'multiple db max results' do
476
- it 'should send multiple event' do
477
- expect(TCellAgent).to receive(:send_event).with(
478
- {
479
- 'event_type' => 'as',
480
- 'dp' => 'dbmaxrows',
481
- 'm' => 'GET',
482
- 'meta' => { 'rows' => 1001 },
483
- 'rid' => '12345',
484
- 'full_uri' => 'http://test.com/?some_param=present',
485
- 'uri' => 'http://test.com/?some_param=',
486
- 'uid' => 'user_id',
487
- 'sid' => 'session_id',
488
- 'remote_addr' => '192.168.1.1'
489
- }
490
- )
491
- expect(TCellAgent).to receive(:send_event).with(
492
- {
493
- 'event_type' => 'as',
494
- 'dp' => 'dbmaxrows',
495
- 'm' => 'GET',
496
- 'meta' => { 'rows' => 1002 },
497
- 'rid' => '12345',
498
- 'full_uri' => 'http://test.com/?some_param=present',
499
- 'uri' => 'http://test.com/?some_param=',
500
- 'uid' => 'user_id',
501
- 'sid' => 'session_id',
502
- 'remote_addr' => '192.168.1.1'
503
- }
504
- )
505
-
506
- @meta_data.database_result_sizes = [1001, 1002]
507
- @rust_policies.check_appfirewall_injections(
508
- @meta_data
509
- )
510
- end
511
- end
512
- end
513
- end
514
- end
515
- end
516
- end
517
- end