tcell_agent 1.1.12 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (169) hide show
  1. checksums.yaml +5 -5
  2. data/bin/tcell_agent +45 -137
  3. data/lib/tcell_agent.rb +12 -14
  4. data/lib/tcell_agent/agent.rb +108 -97
  5. data/lib/tcell_agent/agent/route_manager.rb +0 -16
  6. data/lib/tcell_agent/agent/static_agent.rb +9 -30
  7. data/lib/tcell_agent/config_initializer.rb +66 -0
  8. data/lib/tcell_agent/configuration.rb +69 -345
  9. data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
  10. data/lib/tcell_agent/instrument_servers.rb +23 -0
  11. data/lib/tcell_agent/instrumentation.rb +12 -10
  12. data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
  13. data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
  14. data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
  15. data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
  16. data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
  17. data/lib/tcell_agent/logger.rb +49 -114
  18. data/lib/tcell_agent/patches.rb +6 -7
  19. data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
  20. data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
  21. data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
  22. data/lib/tcell_agent/policies/headers_policy.rb +25 -0
  23. data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
  24. data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
  25. data/lib/tcell_agent/policies/local_file_access.rb +28 -0
  26. data/lib/tcell_agent/policies/login_policy.rb +43 -0
  27. data/lib/tcell_agent/policies/patches_policy.rb +27 -0
  28. data/lib/tcell_agent/policies/policies_manager.rb +68 -0
  29. data/lib/tcell_agent/policies/policy_polling.rb +58 -0
  30. data/lib/tcell_agent/policies/policy_types.rb +14 -0
  31. data/lib/tcell_agent/policies/system_enablements.rb +27 -0
  32. data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
  33. data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
  34. data/lib/tcell_agent/rails/auth/devise.rb +100 -105
  35. data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
  36. data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
  37. data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
  38. data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
  39. data/lib/tcell_agent/rails/dlp.rb +35 -23
  40. data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
  41. data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
  42. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
  43. data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
  44. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  45. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
  46. data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
  47. data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
  48. data/lib/tcell_agent/rails/routes.rb +10 -12
  49. data/lib/tcell_agent/rails/routes/grape.rb +4 -14
  50. data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
  51. data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
  52. data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
  53. data/lib/tcell_agent/rust/agent_config.rb +60 -0
  54. data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
  55. data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
  56. data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
  57. data/lib/tcell_agent/rust/models.rb +6 -52
  58. data/lib/tcell_agent/rust/native_agent.rb +549 -0
  59. data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
  60. data/lib/tcell_agent/rust/native_library.rb +69 -0
  61. data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
  62. data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
  63. data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
  64. data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
  65. data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
  66. data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
  67. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
  68. data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
  69. data/lib/tcell_agent/servers/passenger.rb +1 -28
  70. data/lib/tcell_agent/servers/puma.rb +3 -21
  71. data/lib/tcell_agent/servers/rails_server.rb +1 -2
  72. data/lib/tcell_agent/servers/thin.rb +2 -2
  73. data/lib/tcell_agent/servers/unicorn.rb +19 -80
  74. data/lib/tcell_agent/servers/webrick.rb +1 -2
  75. data/lib/tcell_agent/settings_reporter.rb +11 -90
  76. data/lib/tcell_agent/sinatra.rb +14 -16
  77. data/lib/tcell_agent/tcell_context.rb +40 -14
  78. data/lib/tcell_agent/utils/headers.rb +14 -0
  79. data/lib/tcell_agent/version.rb +1 -1
  80. data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
  81. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
  82. data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
  83. data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
  84. data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
  85. data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
  86. data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
  87. data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
  88. data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
  89. data/spec/lib/tcell_agent/patches_spec.rb +25 -43
  90. data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
  91. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
  92. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
  93. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
  94. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
  95. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
  96. data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
  97. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
  98. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
  99. data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
  100. data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
  101. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
  102. data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
  103. data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
  104. data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
  105. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
  106. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
  107. data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
  108. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
  109. data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
  110. data/spec/spec_helper.rb +1 -1
  111. data/spec/support/builders.rb +103 -0
  112. data/spec/support/force_logger_mocking.rb +38 -0
  113. data/spec/support/resources/lfi_sample_file.txt +2 -0
  114. data/spec/support/static_agent_overrides.rb +0 -15
  115. metadata +72 -83
  116. data/lib/tcell_agent/agent/event_processor.rb +0 -326
  117. data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
  118. data/lib/tcell_agent/agent/policy_manager.rb +0 -219
  119. data/lib/tcell_agent/agent/policy_types.rb +0 -30
  120. data/lib/tcell_agent/api.rb +0 -91
  121. data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
  122. data/lib/tcell_agent/authlogic.rb +0 -26
  123. data/lib/tcell_agent/config/child_process_events.rb +0 -8
  124. data/lib/tcell_agent/config/unknown_options.rb +0 -123
  125. data/lib/tcell_agent/devise.rb +0 -35
  126. data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
  127. data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
  128. data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
  129. data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
  130. data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
  131. data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
  132. data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
  133. data/lib/tcell_agent/policies/rust_policies.rb +0 -110
  134. data/lib/tcell_agent/rails/on_start.rb +0 -41
  135. data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
  136. data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
  137. data/lib/tcell_agent/rust/whisperer.rb +0 -308
  138. data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
  139. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
  140. data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
  141. data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
  142. data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
  143. data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
  144. data/lib/tcell_agent/sensor_events/patches.rb +0 -21
  145. data/lib/tcell_agent/start_background_thread.rb +0 -55
  146. data/lib/tcell_agent/system_info.rb +0 -11
  147. data/lib/tcell_agent/utils/io.rb +0 -38
  148. data/lib/tcell_agent/utils/passwords.rb +0 -28
  149. data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
  150. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
  151. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
  152. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
  153. data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
  154. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
  155. data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
  156. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
  157. data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
  158. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
  159. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
  160. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
  161. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
  162. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
  163. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
  164. data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
  165. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
  166. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
  167. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
  168. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
  169. data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -0,0 +1,20 @@
1
+ require 'tcell_agent/rails/auth/userinfo'
2
+
3
+ module TCellAgent
4
+ TCellAgent::UserInformation.class_eval do
5
+ class << self
6
+ alias_method :original_get_user_from_request, :get_user_from_request
7
+ def get_user_from_request(request)
8
+ orig_user_id = original_get_user_from_request(request)
9
+ begin
10
+ if request.session && request.session.key?('user_credentials_id')
11
+ return request.session['user_credentials_id'].to_s
12
+ end
13
+ rescue StandardError
14
+ return orig_user_id
15
+ end
16
+ orig_user_id
17
+ end
18
+ end
19
+ end
20
+ end
@@ -1,130 +1,125 @@
1
- if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
2
- module TCellAgent
3
- require 'base64'
4
- require 'tcell_agent/agent'
5
- require 'tcell_agent/sensor_events/login_fraud'
6
-
7
- module DeviseInstrumentation
8
- module TCellFailureAppRespond
9
- def respond
10
- TCellAgent::Instrumentation.safe_block('Devise Failure App Respond') do
11
- if TCellAgent.configuration.enabled &&
12
- TCellAgent.configuration.should_intercept_requests?
13
- tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
14
- if tcell_data
15
- # in the case of http auth, user_id is set in
16
- # Devise::Strategies::Authenticatable.valid_for_http_auth?
17
- user_id = tcell_data.user_id
18
- user_id ||= _get_tcell_username
19
-
20
- # in the case of http auth, password is set in
21
- # Devise::Strategies::Authenticatable.valid_for_http_auth?
22
- password = tcell_data.password
23
- password ||= _get_tcell_password
24
-
25
- login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
26
- if login_fraud_policy && login_fraud_policy.login_failed_enabled
27
- TCellAgent.send_event(
28
- TCellAgent::SensorEvents::LoginFailure.new(
29
- request.env,
30
- tcell_data,
31
- user_id,
32
- password
33
- )
34
- )
35
- end
36
- end
37
-
1
+ module TCellAgent
2
+ require 'base64'
3
+ require 'tcell_agent/agent'
4
+
5
+ module DeviseInstrumentation
6
+ module TCellFailureAppRespond
7
+ def respond
8
+ TCellAgent::Instrumentation.safe_block('Devise Failure App Respond') do
9
+ if TCellAgent.configuration.should_intercept_requests?
10
+ tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
11
+ if tcell_data
12
+ # in the case of http auth, user_id is set in
13
+ # Devise::Strategies::Authenticatable.valid_for_http_auth?
14
+ user_id = tcell_data.user_id
15
+ user_id ||= _get_tcell_username
16
+
17
+ # in the case of http auth, password is set in
18
+ # Devise::Strategies::Authenticatable.valid_for_http_auth?
19
+ password = tcell_data.password
20
+ password ||= _get_tcell_password
21
+
22
+ user_valid = nil
23
+ login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
24
+ login_policy.report_login_failure(
25
+ user_id,
26
+ password,
27
+ request.env,
28
+ user_valid,
29
+ tcell_data
30
+ )
38
31
  end
39
32
  end
40
-
41
- super if defined?(super)
42
33
  end
43
34
 
44
- def _get_tcell_username
45
- tcell_username = nil
46
- TCellAgent::Instrumentation.safe_block('Devise Get TCell Username') do
47
- keys = scope_class.authentication_keys.dup
48
- user_params = request.POST.fetch('user', {})
49
- keys.each do |key|
50
- next_usename = user_params.fetch(key, nil)
51
- if next_usename
52
- tcell_username ||= ''
53
- tcell_username += next_usename
54
- end
35
+ super if defined?(super)
36
+ end
37
+
38
+ def _get_tcell_username
39
+ tcell_username = nil
40
+ TCellAgent::Instrumentation.safe_block('Devise Get TCell Username') do
41
+ keys = scope_class.authentication_keys.dup
42
+ user_params = request.POST.fetch('user', {})
43
+ keys.each do |key|
44
+ next_usename = user_params.fetch(key, nil)
45
+ if next_usename
46
+ tcell_username ||= ''
47
+ tcell_username += next_usename
55
48
  end
56
49
  end
57
- tcell_username
58
50
  end
51
+ tcell_username
52
+ end
59
53
 
60
- def _get_tcell_password
61
- tcell_password = nil
62
- TCellAgent::Instrumentation.safe_block('Devise Get TCell Password') do
63
- user_params = request.POST.fetch('user', {})
64
- tcell_password = user_params['password']
65
- end
66
- tcell_password
54
+ def _get_tcell_password
55
+ tcell_password = nil
56
+ TCellAgent::Instrumentation.safe_block('Devise Get TCell Password') do
57
+ user_params = request.POST.fetch('user', {})
58
+ tcell_password = user_params['password']
67
59
  end
60
+ tcell_password
68
61
  end
69
62
  end
63
+ end
70
64
 
71
- # prepend is ruby 2+ feature
72
- Devise::FailureApp.send(:prepend, DeviseInstrumentation::TCellFailureAppRespond)
73
-
74
- Devise::Strategies::Authenticatable.class_eval do
75
- alias_method :tcell_valid_for_http_auth?, :valid_for_http_auth?
76
- def valid_for_http_auth?
77
- is_valid = tcell_valid_for_http_auth?
78
-
79
- TCellAgent::Instrumentation.safe_block('Devise set username for http basic auth') do
80
- tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
81
- if http_auth_hash && tcell_data
82
- username = http_auth_hash[http_authentication_key]
83
- password = http_auth_hash[:password]
84
- tcell_data.user_id = username if username && !tcell_data.user_id
85
- tcell_data.password = password if password && !tcell_data.password
86
- end
65
+ # prepend is ruby 2+ feature
66
+ Devise::FailureApp.send(:prepend, DeviseInstrumentation::TCellFailureAppRespond)
67
+
68
+ Devise::Strategies::Authenticatable.class_eval do
69
+ alias_method :tcell_valid_for_http_auth?, :valid_for_http_auth?
70
+ def valid_for_http_auth?
71
+ is_valid = tcell_valid_for_http_auth?
72
+
73
+ TCellAgent::Instrumentation.safe_block('Devise set username for http basic auth') do
74
+ tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
75
+ if http_auth_hash && tcell_data
76
+ username = http_auth_hash[http_authentication_key]
77
+ password = http_auth_hash[:password]
78
+ tcell_data.user_id = username if username && !tcell_data.user_id
79
+ tcell_data.password = password if password && !tcell_data.password
87
80
  end
88
-
89
- is_valid
90
81
  end
91
82
 
92
- alias_method :tcell_validate, :validate
93
- def validate(resource, &block)
94
- is_valid = tcell_validate(resource, &block)
95
- send_event = is_valid
83
+ is_valid
84
+ end
96
85
 
97
- # gets the first entry in the current backtrace
98
- # syntax suggested by rubocop to improve performance
99
- if caller(1..1).first.include? 'two_factor_authenticatable'
100
- TCellAgent.logger.debug('Not sending login success event for Devise::Strategies::TwoFactorAuthenticatable since 2fa is unsupported')
101
- send_event = false
102
- end
86
+ alias_method :tcell_validate, :validate
87
+ def validate(resource, &block)
88
+ is_valid = tcell_validate(resource, &block)
89
+ send_event = is_valid
103
90
 
104
- TCellAgent::Instrumentation.safe_block('Devise Authenticatable Validate') do
105
- if send_event && TCellAgent.configuration.enabled &&
106
- TCellAgent.configuration.should_intercept_requests?
107
- username = nil
108
- (authentication_keys || []).each do |auth_key|
109
- attr = authentication_hash[auth_key]
110
- if attr
111
- username ||= ''
112
- username += attr
113
- end
114
- end
91
+ # gets the first entry in the current backtrace
92
+ # syntax suggested by rubocop to improve performance
93
+ if caller(1..1).first.include? 'two_factor_authenticatable'
94
+ TCellAgent.logger.debug('Not sending login success event for Devise::Strategies::TwoFactorAuthenticatable since 2fa is unsupported', 'TCellAgent::DeviseInstrumentation')
95
+ send_event = false
96
+ end
115
97
 
116
- login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
117
- if login_fraud_policy && login_fraud_policy.login_success_enabled
118
- tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
119
- if tcell_data
120
- TCellAgent.send_event(TCellAgent::SensorEvents::LoginSuccess.new(request.env, tcell_data, username, nil))
121
- end
98
+ TCellAgent::Instrumentation.safe_block('Devise Authenticatable Validate') do
99
+ if send_event && TCellAgent.configuration.enabled &&
100
+ TCellAgent.configuration.should_intercept_requests?
101
+ username = nil
102
+ (authentication_keys || []).each do |auth_key|
103
+ attr = authentication_hash[auth_key]
104
+ if attr
105
+ username ||= ''
106
+ username += attr
122
107
  end
123
108
  end
124
- end
125
109
 
126
- is_valid
110
+ tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
111
+ return is_valid unless tcell_data
112
+
113
+ login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
114
+ login_policy.report_login_success(
115
+ username,
116
+ request.env,
117
+ tcell_data
118
+ )
119
+ end
127
120
  end
121
+
122
+ is_valid
128
123
  end
129
124
  end
130
125
  end
@@ -0,0 +1,29 @@
1
+ require 'devise'
2
+ require 'devise/rails'
3
+ require 'devise/strategies/database_authenticatable'
4
+ require 'tcell_agent/rails/auth/userinfo'
5
+
6
+ module TCellAgent
7
+ TCellAgent::UserInformation.class_eval do
8
+ class << self
9
+ alias_method :original_get_user_from_request, :get_user_from_request
10
+ def get_user_from_request(request)
11
+ orig_user_id = original_get_user_from_request(request)
12
+ begin
13
+ if request.session && request.session.key?('warden.user.user.key')
14
+ userkey = request.session['warden.user.user.key']
15
+ user_id = if userkey.length == 2
16
+ userkey[0][0]
17
+ else
18
+ userkey[1][0]
19
+ end
20
+ return user_id.to_s if user_id.is_a? Integer
21
+ end
22
+ rescue StandardError
23
+ return orig_user_id
24
+ end
25
+ orig_user_id
26
+ end
27
+ end
28
+ end
29
+ end
@@ -1,90 +1,76 @@
1
- if TCellAgent.configuration.should_instrument_doorkeeper?
1
+ require 'tcell_agent/agent'
2
+ require 'tcell_agent/sensor_events/login_fraud'
2
3
 
3
- if defined?(Doorkeeper)
4
- require 'tcell_agent/agent'
5
- require 'tcell_agent/sensor_events/login_fraud'
4
+ module TCellAgent
5
+ module DoorkeeperInstrumentation
6
+ Doorkeeper::TokensController.class_eval do
7
+ alias_method :tcell_authorize_response, :authorize_response
8
+ def authorize_response
9
+ result = tcell_authorize_response
6
10
 
7
- module TCellAgent
8
- module DoorkeeperInstrumentation
9
- Doorkeeper::TokensController.class_eval do
10
- alias_method :tcell_authorize_response, :authorize_response
11
- def authorize_response
12
- result = tcell_authorize_response
11
+ TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
12
+ return result unless TCellAgent.configuration.should_intercept_requests?
13
13
 
14
- TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
15
- if TCellAgent.configuration.enabled &&
16
- TCellAgent.configuration.should_intercept_requests?
17
- login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
18
- if login_fraud_policy &&
19
- login_fraud_policy.enabled &&
20
- login_fraud_policy.login_failed_enabled
21
- tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
14
+ login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
15
+ tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
22
16
 
23
- if tcell_data
24
- password = nil
25
- if result.is_a?(Doorkeeper::OAuth::TokenResponse)
26
- TCellAgent.send_event(
27
- TCellAgent::SensorEvents::LoginSuccess.new(
28
- request.env,
29
- tcell_data,
30
- result.token.resource_owner_id,
31
- password
32
- )
33
- )
34
- elsif result.is_a?(Doorkeeper::OAuth::ErrorResponse)
35
- TCellAgent.send_event(
36
- TCellAgent::SensorEvents::LoginFailure.new(
37
- request.env,
38
- tcell_data,
39
- request.POST['client_id'],
40
- password
41
- )
42
- )
43
- end
17
+ return unless tcell_data
18
+ headers = request.env
44
19
 
45
- end
46
- end
47
- end
48
- end
49
-
50
- result
20
+ if result.is_a?(Doorkeeper::OAuth::TokenResponse)
21
+ user_id = result.token.resource_owner_id
22
+ login_policy.report_login_success(
23
+ user_id,
24
+ headers,
25
+ tcell_data
26
+ )
27
+ elsif result.is_a?(Doorkeeper::OAuth::ErrorResponse)
28
+ user_id = request.POST['client_id']
29
+ password = nil
30
+ user_valid = nil
31
+ login_policy.report_login_failure(
32
+ user_id,
33
+ password,
34
+ headers,
35
+ user_valid,
36
+ tcell_data
37
+ )
51
38
  end
52
39
  end
53
40
 
54
- module TCellAuthorizationsNew
55
- def new
56
- super if defined?(super)
41
+ result
42
+ end
43
+ end
57
44
 
58
- TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
59
- if TCellAgent.configuration.enabled &&
60
- TCellAgent.configuration.should_intercept_requests?
61
- if pre_auth.error
62
- login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
63
- if login_fraud_policy &&
64
- login_fraud_policy.enabled &&
65
- login_fraud_policy.login_failed_enabled
66
- tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
67
- if tcell_data && pre_auth.error
68
- password = nil
69
- TCellAgent.send_event(
70
- TCellAgent::SensorEvents::LoginFailure.new(
71
- request.env,
72
- tcell_data,
73
- current_resource_owner.id,
74
- password
75
- )
76
- )
77
- end
78
- end
79
- end
80
- end
81
- end
82
- end
83
- end
45
+ module TCellAuthorizationsNew
46
+ def new
47
+ super if defined?(super)
84
48
 
85
- # prepend is ruby 2+ feature
86
- Doorkeeper::AuthorizationsController.send(:prepend, TCellAuthorizationsNew)
49
+ TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
50
+ return unless TCellAgent.configuration.should_intercept_requests?
51
+ return unless pre_auth.error
52
+
53
+ login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
54
+ tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
55
+
56
+ return unless tcell_data
57
+
58
+ user_id = current_resource_owner.id
59
+ password = nil
60
+ headers = request.env
61
+ user_valid = nil
62
+ login_policy.report_login_failure(
63
+ user_id,
64
+ password,
65
+ headers,
66
+ user_valid,
67
+ tcell_data
68
+ )
69
+ end
87
70
  end
88
71
  end
72
+
73
+ # prepend is ruby 2+ feature
74
+ Doorkeeper::AuthorizationsController.send(:prepend, TCellAuthorizationsNew)
89
75
  end
90
76
  end
@@ -4,8 +4,8 @@ module TCellAgent
4
4
  module CsrfExceptionReporter
5
5
  def handle_unverified_request
6
6
  TCellAgent::Instrumentation.safe_block('AppSensor CSRF Exception processing') do
7
- rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
8
- if rust_policies && rust_policies.appfirewall_enabled
7
+ appfirewall_policy = TCellAgent.policy(TCellAgent::PolicyTypes::APPSENSOR)
8
+ if appfirewall_policy.enabled
9
9
  tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
10
10
  if tcell_data
11
11
  tcell_data.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
@@ -16,12 +16,4 @@ module TCellAgent
16
16
  super if defined?(super)
17
17
  end
18
18
  end
19
-
20
- class MyRailtie < Rails::Railtie
21
- initializer 'tcell.sensors' do |_app|
22
- ActiveSupport.on_load :action_controller do
23
- ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
24
- end
25
- end
26
- end
27
19
  end