tcell_agent 1.1.12 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/bin/tcell_agent +45 -137
- data/lib/tcell_agent.rb +12 -14
- data/lib/tcell_agent/agent.rb +108 -97
- data/lib/tcell_agent/agent/route_manager.rb +0 -16
- data/lib/tcell_agent/agent/static_agent.rb +9 -30
- data/lib/tcell_agent/config_initializer.rb +66 -0
- data/lib/tcell_agent/configuration.rb +69 -345
- data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
- data/lib/tcell_agent/instrument_servers.rb +23 -0
- data/lib/tcell_agent/instrumentation.rb +12 -10
- data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
- data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
- data/lib/tcell_agent/logger.rb +49 -114
- data/lib/tcell_agent/patches.rb +6 -7
- data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
- data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
- data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
- data/lib/tcell_agent/policies/headers_policy.rb +25 -0
- data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
- data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
- data/lib/tcell_agent/policies/local_file_access.rb +28 -0
- data/lib/tcell_agent/policies/login_policy.rb +43 -0
- data/lib/tcell_agent/policies/patches_policy.rb +27 -0
- data/lib/tcell_agent/policies/policies_manager.rb +68 -0
- data/lib/tcell_agent/policies/policy_polling.rb +58 -0
- data/lib/tcell_agent/policies/policy_types.rb +14 -0
- data/lib/tcell_agent/policies/system_enablements.rb +27 -0
- data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
- data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
- data/lib/tcell_agent/rails/auth/devise.rb +100 -105
- data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
- data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
- data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
- data/lib/tcell_agent/rails/dlp.rb +35 -23
- data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
- data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
- data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
- data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
- data/lib/tcell_agent/rails/routes.rb +10 -12
- data/lib/tcell_agent/rails/routes/grape.rb +4 -14
- data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
- data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
- data/lib/tcell_agent/rust/agent_config.rb +60 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
- data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
- data/lib/tcell_agent/rust/models.rb +6 -52
- data/lib/tcell_agent/rust/native_agent.rb +549 -0
- data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
- data/lib/tcell_agent/rust/native_library.rb +69 -0
- data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
- data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
- data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
- data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
- data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
- data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
- data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
- data/lib/tcell_agent/servers/passenger.rb +1 -28
- data/lib/tcell_agent/servers/puma.rb +3 -21
- data/lib/tcell_agent/servers/rails_server.rb +1 -2
- data/lib/tcell_agent/servers/thin.rb +2 -2
- data/lib/tcell_agent/servers/unicorn.rb +19 -80
- data/lib/tcell_agent/servers/webrick.rb +1 -2
- data/lib/tcell_agent/settings_reporter.rb +11 -90
- data/lib/tcell_agent/sinatra.rb +14 -16
- data/lib/tcell_agent/tcell_context.rb +40 -14
- data/lib/tcell_agent/utils/headers.rb +14 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
- data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
- data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
- data/spec/lib/tcell_agent/patches_spec.rb +25 -43
- data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
- data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
- data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
- data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
- data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
- data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
- data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
- data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
- data/spec/spec_helper.rb +1 -1
- data/spec/support/builders.rb +103 -0
- data/spec/support/force_logger_mocking.rb +38 -0
- data/spec/support/resources/lfi_sample_file.txt +2 -0
- data/spec/support/static_agent_overrides.rb +0 -15
- metadata +72 -83
- data/lib/tcell_agent/agent/event_processor.rb +0 -326
- data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
- data/lib/tcell_agent/agent/policy_manager.rb +0 -219
- data/lib/tcell_agent/agent/policy_types.rb +0 -30
- data/lib/tcell_agent/api.rb +0 -91
- data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
- data/lib/tcell_agent/authlogic.rb +0 -26
- data/lib/tcell_agent/config/child_process_events.rb +0 -8
- data/lib/tcell_agent/config/unknown_options.rb +0 -123
- data/lib/tcell_agent/devise.rb +0 -35
- data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
- data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
- data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
- data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
- data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
- data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
- data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
- data/lib/tcell_agent/policies/rust_policies.rb +0 -110
- data/lib/tcell_agent/rails/on_start.rb +0 -41
- data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
- data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +0 -308
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
- data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
- data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
- data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
- data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
- data/lib/tcell_agent/sensor_events/patches.rb +0 -21
- data/lib/tcell_agent/start_background_thread.rb +0 -55
- data/lib/tcell_agent/system_info.rb +0 -11
- data/lib/tcell_agent/utils/io.rb +0 -38
- data/lib/tcell_agent/utils/passwords.rb +0 -28
- data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
- data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
- data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
- data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
- data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
- data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
- data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
- data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
- data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
- data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
- data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'tcell_agent/rails/auth/userinfo'
|
2
|
+
|
3
|
+
module TCellAgent
|
4
|
+
TCellAgent::UserInformation.class_eval do
|
5
|
+
class << self
|
6
|
+
alias_method :original_get_user_from_request, :get_user_from_request
|
7
|
+
def get_user_from_request(request)
|
8
|
+
orig_user_id = original_get_user_from_request(request)
|
9
|
+
begin
|
10
|
+
if request.session && request.session.key?('user_credentials_id')
|
11
|
+
return request.session['user_credentials_id'].to_s
|
12
|
+
end
|
13
|
+
rescue StandardError
|
14
|
+
return orig_user_id
|
15
|
+
end
|
16
|
+
orig_user_id
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -1,130 +1,125 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
if
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
user_id,
|
32
|
-
password
|
33
|
-
)
|
34
|
-
)
|
35
|
-
end
|
36
|
-
end
|
37
|
-
|
1
|
+
module TCellAgent
|
2
|
+
require 'base64'
|
3
|
+
require 'tcell_agent/agent'
|
4
|
+
|
5
|
+
module DeviseInstrumentation
|
6
|
+
module TCellFailureAppRespond
|
7
|
+
def respond
|
8
|
+
TCellAgent::Instrumentation.safe_block('Devise Failure App Respond') do
|
9
|
+
if TCellAgent.configuration.should_intercept_requests?
|
10
|
+
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
11
|
+
if tcell_data
|
12
|
+
# in the case of http auth, user_id is set in
|
13
|
+
# Devise::Strategies::Authenticatable.valid_for_http_auth?
|
14
|
+
user_id = tcell_data.user_id
|
15
|
+
user_id ||= _get_tcell_username
|
16
|
+
|
17
|
+
# in the case of http auth, password is set in
|
18
|
+
# Devise::Strategies::Authenticatable.valid_for_http_auth?
|
19
|
+
password = tcell_data.password
|
20
|
+
password ||= _get_tcell_password
|
21
|
+
|
22
|
+
user_valid = nil
|
23
|
+
login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
|
24
|
+
login_policy.report_login_failure(
|
25
|
+
user_id,
|
26
|
+
password,
|
27
|
+
request.env,
|
28
|
+
user_valid,
|
29
|
+
tcell_data
|
30
|
+
)
|
38
31
|
end
|
39
32
|
end
|
40
|
-
|
41
|
-
super if defined?(super)
|
42
33
|
end
|
43
34
|
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
35
|
+
super if defined?(super)
|
36
|
+
end
|
37
|
+
|
38
|
+
def _get_tcell_username
|
39
|
+
tcell_username = nil
|
40
|
+
TCellAgent::Instrumentation.safe_block('Devise Get TCell Username') do
|
41
|
+
keys = scope_class.authentication_keys.dup
|
42
|
+
user_params = request.POST.fetch('user', {})
|
43
|
+
keys.each do |key|
|
44
|
+
next_usename = user_params.fetch(key, nil)
|
45
|
+
if next_usename
|
46
|
+
tcell_username ||= ''
|
47
|
+
tcell_username += next_usename
|
55
48
|
end
|
56
49
|
end
|
57
|
-
tcell_username
|
58
50
|
end
|
51
|
+
tcell_username
|
52
|
+
end
|
59
53
|
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
end
|
66
|
-
tcell_password
|
54
|
+
def _get_tcell_password
|
55
|
+
tcell_password = nil
|
56
|
+
TCellAgent::Instrumentation.safe_block('Devise Get TCell Password') do
|
57
|
+
user_params = request.POST.fetch('user', {})
|
58
|
+
tcell_password = user_params['password']
|
67
59
|
end
|
60
|
+
tcell_password
|
68
61
|
end
|
69
62
|
end
|
63
|
+
end
|
70
64
|
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
end
|
65
|
+
# prepend is ruby 2+ feature
|
66
|
+
Devise::FailureApp.send(:prepend, DeviseInstrumentation::TCellFailureAppRespond)
|
67
|
+
|
68
|
+
Devise::Strategies::Authenticatable.class_eval do
|
69
|
+
alias_method :tcell_valid_for_http_auth?, :valid_for_http_auth?
|
70
|
+
def valid_for_http_auth?
|
71
|
+
is_valid = tcell_valid_for_http_auth?
|
72
|
+
|
73
|
+
TCellAgent::Instrumentation.safe_block('Devise set username for http basic auth') do
|
74
|
+
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
75
|
+
if http_auth_hash && tcell_data
|
76
|
+
username = http_auth_hash[http_authentication_key]
|
77
|
+
password = http_auth_hash[:password]
|
78
|
+
tcell_data.user_id = username if username && !tcell_data.user_id
|
79
|
+
tcell_data.password = password if password && !tcell_data.password
|
87
80
|
end
|
88
|
-
|
89
|
-
is_valid
|
90
81
|
end
|
91
82
|
|
92
|
-
|
93
|
-
|
94
|
-
is_valid = tcell_validate(resource, &block)
|
95
|
-
send_event = is_valid
|
83
|
+
is_valid
|
84
|
+
end
|
96
85
|
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
send_event = false
|
102
|
-
end
|
86
|
+
alias_method :tcell_validate, :validate
|
87
|
+
def validate(resource, &block)
|
88
|
+
is_valid = tcell_validate(resource, &block)
|
89
|
+
send_event = is_valid
|
103
90
|
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
if attr
|
111
|
-
username ||= ''
|
112
|
-
username += attr
|
113
|
-
end
|
114
|
-
end
|
91
|
+
# gets the first entry in the current backtrace
|
92
|
+
# syntax suggested by rubocop to improve performance
|
93
|
+
if caller(1..1).first.include? 'two_factor_authenticatable'
|
94
|
+
TCellAgent.logger.debug('Not sending login success event for Devise::Strategies::TwoFactorAuthenticatable since 2fa is unsupported', 'TCellAgent::DeviseInstrumentation')
|
95
|
+
send_event = false
|
96
|
+
end
|
115
97
|
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
98
|
+
TCellAgent::Instrumentation.safe_block('Devise Authenticatable Validate') do
|
99
|
+
if send_event && TCellAgent.configuration.enabled &&
|
100
|
+
TCellAgent.configuration.should_intercept_requests?
|
101
|
+
username = nil
|
102
|
+
(authentication_keys || []).each do |auth_key|
|
103
|
+
attr = authentication_hash[auth_key]
|
104
|
+
if attr
|
105
|
+
username ||= ''
|
106
|
+
username += attr
|
122
107
|
end
|
123
108
|
end
|
124
|
-
end
|
125
109
|
|
126
|
-
|
110
|
+
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
111
|
+
return is_valid unless tcell_data
|
112
|
+
|
113
|
+
login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
|
114
|
+
login_policy.report_login_success(
|
115
|
+
username,
|
116
|
+
request.env,
|
117
|
+
tcell_data
|
118
|
+
)
|
119
|
+
end
|
127
120
|
end
|
121
|
+
|
122
|
+
is_valid
|
128
123
|
end
|
129
124
|
end
|
130
125
|
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
require 'devise'
|
2
|
+
require 'devise/rails'
|
3
|
+
require 'devise/strategies/database_authenticatable'
|
4
|
+
require 'tcell_agent/rails/auth/userinfo'
|
5
|
+
|
6
|
+
module TCellAgent
|
7
|
+
TCellAgent::UserInformation.class_eval do
|
8
|
+
class << self
|
9
|
+
alias_method :original_get_user_from_request, :get_user_from_request
|
10
|
+
def get_user_from_request(request)
|
11
|
+
orig_user_id = original_get_user_from_request(request)
|
12
|
+
begin
|
13
|
+
if request.session && request.session.key?('warden.user.user.key')
|
14
|
+
userkey = request.session['warden.user.user.key']
|
15
|
+
user_id = if userkey.length == 2
|
16
|
+
userkey[0][0]
|
17
|
+
else
|
18
|
+
userkey[1][0]
|
19
|
+
end
|
20
|
+
return user_id.to_s if user_id.is_a? Integer
|
21
|
+
end
|
22
|
+
rescue StandardError
|
23
|
+
return orig_user_id
|
24
|
+
end
|
25
|
+
orig_user_id
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -1,90 +1,76 @@
|
|
1
|
-
|
1
|
+
require 'tcell_agent/agent'
|
2
|
+
require 'tcell_agent/sensor_events/login_fraud'
|
2
3
|
|
3
|
-
|
4
|
-
|
5
|
-
|
4
|
+
module TCellAgent
|
5
|
+
module DoorkeeperInstrumentation
|
6
|
+
Doorkeeper::TokensController.class_eval do
|
7
|
+
alias_method :tcell_authorize_response, :authorize_response
|
8
|
+
def authorize_response
|
9
|
+
result = tcell_authorize_response
|
6
10
|
|
7
|
-
|
8
|
-
|
9
|
-
Doorkeeper::TokensController.class_eval do
|
10
|
-
alias_method :tcell_authorize_response, :authorize_response
|
11
|
-
def authorize_response
|
12
|
-
result = tcell_authorize_response
|
11
|
+
TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
|
12
|
+
return result unless TCellAgent.configuration.should_intercept_requests?
|
13
13
|
|
14
|
-
|
15
|
-
|
16
|
-
TCellAgent.configuration.should_intercept_requests?
|
17
|
-
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
|
18
|
-
if login_fraud_policy &&
|
19
|
-
login_fraud_policy.enabled &&
|
20
|
-
login_fraud_policy.login_failed_enabled
|
21
|
-
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
14
|
+
login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
|
15
|
+
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
22
16
|
|
23
|
-
|
24
|
-
|
25
|
-
if result.is_a?(Doorkeeper::OAuth::TokenResponse)
|
26
|
-
TCellAgent.send_event(
|
27
|
-
TCellAgent::SensorEvents::LoginSuccess.new(
|
28
|
-
request.env,
|
29
|
-
tcell_data,
|
30
|
-
result.token.resource_owner_id,
|
31
|
-
password
|
32
|
-
)
|
33
|
-
)
|
34
|
-
elsif result.is_a?(Doorkeeper::OAuth::ErrorResponse)
|
35
|
-
TCellAgent.send_event(
|
36
|
-
TCellAgent::SensorEvents::LoginFailure.new(
|
37
|
-
request.env,
|
38
|
-
tcell_data,
|
39
|
-
request.POST['client_id'],
|
40
|
-
password
|
41
|
-
)
|
42
|
-
)
|
43
|
-
end
|
17
|
+
return unless tcell_data
|
18
|
+
headers = request.env
|
44
19
|
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
20
|
+
if result.is_a?(Doorkeeper::OAuth::TokenResponse)
|
21
|
+
user_id = result.token.resource_owner_id
|
22
|
+
login_policy.report_login_success(
|
23
|
+
user_id,
|
24
|
+
headers,
|
25
|
+
tcell_data
|
26
|
+
)
|
27
|
+
elsif result.is_a?(Doorkeeper::OAuth::ErrorResponse)
|
28
|
+
user_id = request.POST['client_id']
|
29
|
+
password = nil
|
30
|
+
user_valid = nil
|
31
|
+
login_policy.report_login_failure(
|
32
|
+
user_id,
|
33
|
+
password,
|
34
|
+
headers,
|
35
|
+
user_valid,
|
36
|
+
tcell_data
|
37
|
+
)
|
51
38
|
end
|
52
39
|
end
|
53
40
|
|
54
|
-
|
55
|
-
|
56
|
-
|
41
|
+
result
|
42
|
+
end
|
43
|
+
end
|
57
44
|
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
if pre_auth.error
|
62
|
-
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
|
63
|
-
if login_fraud_policy &&
|
64
|
-
login_fraud_policy.enabled &&
|
65
|
-
login_fraud_policy.login_failed_enabled
|
66
|
-
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
67
|
-
if tcell_data && pre_auth.error
|
68
|
-
password = nil
|
69
|
-
TCellAgent.send_event(
|
70
|
-
TCellAgent::SensorEvents::LoginFailure.new(
|
71
|
-
request.env,
|
72
|
-
tcell_data,
|
73
|
-
current_resource_owner.id,
|
74
|
-
password
|
75
|
-
)
|
76
|
-
)
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
45
|
+
module TCellAuthorizationsNew
|
46
|
+
def new
|
47
|
+
super if defined?(super)
|
84
48
|
|
85
|
-
|
86
|
-
|
49
|
+
TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
|
50
|
+
return unless TCellAgent.configuration.should_intercept_requests?
|
51
|
+
return unless pre_auth.error
|
52
|
+
|
53
|
+
login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
|
54
|
+
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
55
|
+
|
56
|
+
return unless tcell_data
|
57
|
+
|
58
|
+
user_id = current_resource_owner.id
|
59
|
+
password = nil
|
60
|
+
headers = request.env
|
61
|
+
user_valid = nil
|
62
|
+
login_policy.report_login_failure(
|
63
|
+
user_id,
|
64
|
+
password,
|
65
|
+
headers,
|
66
|
+
user_valid,
|
67
|
+
tcell_data
|
68
|
+
)
|
69
|
+
end
|
87
70
|
end
|
88
71
|
end
|
72
|
+
|
73
|
+
# prepend is ruby 2+ feature
|
74
|
+
Doorkeeper::AuthorizationsController.send(:prepend, TCellAuthorizationsNew)
|
89
75
|
end
|
90
76
|
end
|
File without changes
|
@@ -4,8 +4,8 @@ module TCellAgent
|
|
4
4
|
module CsrfExceptionReporter
|
5
5
|
def handle_unverified_request
|
6
6
|
TCellAgent::Instrumentation.safe_block('AppSensor CSRF Exception processing') do
|
7
|
-
|
8
|
-
if
|
7
|
+
appfirewall_policy = TCellAgent.policy(TCellAgent::PolicyTypes::APPSENSOR)
|
8
|
+
if appfirewall_policy.enabled
|
9
9
|
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
10
10
|
if tcell_data
|
11
11
|
tcell_data.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
|
@@ -16,12 +16,4 @@ module TCellAgent
|
|
16
16
|
super if defined?(super)
|
17
17
|
end
|
18
18
|
end
|
19
|
-
|
20
|
-
class MyRailtie < Rails::Railtie
|
21
|
-
initializer 'tcell.sensors' do |_app|
|
22
|
-
ActiveSupport.on_load :action_controller do
|
23
|
-
ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
19
|
end
|