tcell_agent 1.1.12 → 2.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (169) hide show
  1. checksums.yaml +5 -5
  2. data/bin/tcell_agent +45 -137
  3. data/lib/tcell_agent.rb +12 -14
  4. data/lib/tcell_agent/agent.rb +108 -97
  5. data/lib/tcell_agent/agent/route_manager.rb +0 -16
  6. data/lib/tcell_agent/agent/static_agent.rb +9 -30
  7. data/lib/tcell_agent/config_initializer.rb +66 -0
  8. data/lib/tcell_agent/configuration.rb +69 -345
  9. data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
  10. data/lib/tcell_agent/instrument_servers.rb +23 -0
  11. data/lib/tcell_agent/instrumentation.rb +12 -10
  12. data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
  13. data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
  14. data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
  15. data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
  16. data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
  17. data/lib/tcell_agent/logger.rb +49 -114
  18. data/lib/tcell_agent/patches.rb +6 -7
  19. data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
  20. data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
  21. data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
  22. data/lib/tcell_agent/policies/headers_policy.rb +25 -0
  23. data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
  24. data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
  25. data/lib/tcell_agent/policies/local_file_access.rb +28 -0
  26. data/lib/tcell_agent/policies/login_policy.rb +43 -0
  27. data/lib/tcell_agent/policies/patches_policy.rb +27 -0
  28. data/lib/tcell_agent/policies/policies_manager.rb +68 -0
  29. data/lib/tcell_agent/policies/policy_polling.rb +58 -0
  30. data/lib/tcell_agent/policies/policy_types.rb +14 -0
  31. data/lib/tcell_agent/policies/system_enablements.rb +27 -0
  32. data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
  33. data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
  34. data/lib/tcell_agent/rails/auth/devise.rb +100 -105
  35. data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
  36. data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
  37. data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
  38. data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
  39. data/lib/tcell_agent/rails/dlp.rb +35 -23
  40. data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
  41. data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
  42. data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
  43. data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
  44. data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
  45. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
  46. data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
  47. data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
  48. data/lib/tcell_agent/rails/routes.rb +10 -12
  49. data/lib/tcell_agent/rails/routes/grape.rb +4 -14
  50. data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
  51. data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
  52. data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
  53. data/lib/tcell_agent/rust/agent_config.rb +60 -0
  54. data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
  55. data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
  56. data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
  57. data/lib/tcell_agent/rust/models.rb +6 -52
  58. data/lib/tcell_agent/rust/native_agent.rb +549 -0
  59. data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
  60. data/lib/tcell_agent/rust/native_library.rb +69 -0
  61. data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
  62. data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
  63. data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
  64. data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
  65. data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
  66. data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
  67. data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
  68. data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
  69. data/lib/tcell_agent/servers/passenger.rb +1 -28
  70. data/lib/tcell_agent/servers/puma.rb +3 -21
  71. data/lib/tcell_agent/servers/rails_server.rb +1 -2
  72. data/lib/tcell_agent/servers/thin.rb +2 -2
  73. data/lib/tcell_agent/servers/unicorn.rb +19 -80
  74. data/lib/tcell_agent/servers/webrick.rb +1 -2
  75. data/lib/tcell_agent/settings_reporter.rb +11 -90
  76. data/lib/tcell_agent/sinatra.rb +14 -16
  77. data/lib/tcell_agent/tcell_context.rb +40 -14
  78. data/lib/tcell_agent/utils/headers.rb +14 -0
  79. data/lib/tcell_agent/version.rb +1 -1
  80. data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
  81. data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
  82. data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
  83. data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
  84. data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
  85. data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
  86. data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
  87. data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
  88. data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
  89. data/spec/lib/tcell_agent/patches_spec.rb +25 -43
  90. data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
  91. data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
  92. data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
  93. data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
  94. data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
  95. data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
  96. data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
  97. data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
  98. data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
  99. data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
  100. data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
  101. data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
  102. data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
  103. data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
  104. data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
  105. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
  106. data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
  107. data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
  108. data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
  109. data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
  110. data/spec/spec_helper.rb +1 -1
  111. data/spec/support/builders.rb +103 -0
  112. data/spec/support/force_logger_mocking.rb +38 -0
  113. data/spec/support/resources/lfi_sample_file.txt +2 -0
  114. data/spec/support/static_agent_overrides.rb +0 -15
  115. metadata +72 -83
  116. data/lib/tcell_agent/agent/event_processor.rb +0 -326
  117. data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
  118. data/lib/tcell_agent/agent/policy_manager.rb +0 -219
  119. data/lib/tcell_agent/agent/policy_types.rb +0 -30
  120. data/lib/tcell_agent/api.rb +0 -91
  121. data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
  122. data/lib/tcell_agent/authlogic.rb +0 -26
  123. data/lib/tcell_agent/config/child_process_events.rb +0 -8
  124. data/lib/tcell_agent/config/unknown_options.rb +0 -123
  125. data/lib/tcell_agent/devise.rb +0 -35
  126. data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
  127. data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
  128. data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
  129. data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
  130. data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
  131. data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
  132. data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
  133. data/lib/tcell_agent/policies/rust_policies.rb +0 -110
  134. data/lib/tcell_agent/rails/on_start.rb +0 -41
  135. data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
  136. data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
  137. data/lib/tcell_agent/rust/whisperer.rb +0 -308
  138. data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
  139. data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
  140. data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
  141. data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
  142. data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
  143. data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
  144. data/lib/tcell_agent/sensor_events/patches.rb +0 -21
  145. data/lib/tcell_agent/start_background_thread.rb +0 -55
  146. data/lib/tcell_agent/system_info.rb +0 -11
  147. data/lib/tcell_agent/utils/io.rb +0 -38
  148. data/lib/tcell_agent/utils/passwords.rb +0 -28
  149. data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
  150. data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
  151. data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
  152. data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
  153. data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
  154. data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
  155. data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
  156. data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
  157. data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
  158. data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
  159. data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
  160. data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
  161. data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
  162. data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
  163. data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
  164. data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
  165. data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
  166. data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
  167. data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
  168. data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
  169. data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
@@ -1,11 +1,7 @@
1
1
  # See the file "LICENSE" for the full license governing this code.
2
2
 
3
- require 'tcell_agent/authlogic' if defined?(Authlogic)
4
- require 'tcell_agent/devise' if defined?(Devise)
5
-
6
3
  require 'rails'
7
4
  require 'uri'
8
- require 'tcell_agent/logger'
9
5
  require 'tcell_agent/agent'
10
6
  require 'tcell_agent/sensor_events/sensor'
11
7
  require 'tcell_agent/sensor_events/server_agent'
@@ -22,7 +18,6 @@ require 'tcell_agent/rails/settings_reporter'
22
18
 
23
19
  require 'tcell_agent/instrumentation'
24
20
 
25
- require 'tcell_agent/userinfo'
26
21
  require 'cgi'
27
22
  require 'thread'
28
23
 
@@ -31,11 +26,20 @@ require 'tcell_agent/rails/responses'
31
26
 
32
27
  module TCellAgent
33
28
  module DLP
29
+ def self.get_dlp_logger
30
+ unless defined?(@rails_dlp_logger)
31
+ @rails_dlp_logger = TCellAgent::ModuleLogger.new(
32
+ TCellAgent.logger, name
33
+ )
34
+ end
35
+
36
+ @rails_dlp_logger
37
+ end
38
+
34
39
  def self.instrument_pluck(results, column_names, model)
35
40
  return if results.empty?
36
41
 
37
- if TCellAgent.configuration.enabled &&
38
- TCellAgent.configuration.should_instrument? &&
42
+ if TCellAgent.configuration.should_instrument? &&
39
43
  TCellAgent.configuration.should_intercept_requests?
40
44
 
41
45
  dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
@@ -88,7 +92,7 @@ module TCellAgent
88
92
  end
89
93
 
90
94
  if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
91
- TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
95
+ get_dlp_logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
92
96
  end
93
97
 
94
98
  return if column_name_to_rules.empty?
@@ -138,8 +142,7 @@ module TCellAgent
138
142
  def self.instrument_find_by_sql(results)
139
143
  return if results.empty?
140
144
 
141
- if TCellAgent.configuration.enabled &&
142
- TCellAgent.configuration.should_instrument? &&
145
+ if TCellAgent.configuration.should_instrument? &&
143
146
  TCellAgent.configuration.should_intercept_requests?
144
147
 
145
148
  dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
@@ -167,7 +170,7 @@ module TCellAgent
167
170
  end
168
171
 
169
172
  if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
170
- TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
173
+ get_dlp_logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
171
174
  end
172
175
 
173
176
  column_name_to_rules = column_names.each_with_object({}) do |column_name, memo|
@@ -214,16 +217,22 @@ module TCellAgent
214
217
  result = tcell_translate_exception(exception, message)
215
218
 
216
219
  TCellAgent::Instrumentation.safe_block('Set sql_exception_detected in meta') do
217
- rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
218
- if rust_policies && rust_policies.appfirewall_enabled
220
+ appfirewall_policy = TCellAgent.policy(TCellAgent::PolicyTypes::APPSENSOR)
221
+ if appfirewall_policy.enabled
219
222
  request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(
220
223
  Thread.current.object_id, {}
221
224
  )
222
225
  tcell_data = request_env[TCellAgent::Instrumentation::TCELL_ID]
223
226
  if tcell_data && result.is_a?(ActiveRecord::StatementInvalid)
224
- tcell_data.sql_exceptions.push(
225
- { 'exception_name' => result.class.name, 'exception_payload' => message }
226
- )
227
+ if message.is_a? Hash
228
+ tcell_data.sql_exceptions.push(
229
+ { 'exception_name' => result.class.name, 'exception_payload' => message[:message] }
230
+ )
231
+ else
232
+ tcell_data.sql_exceptions.push(
233
+ { 'exception_name' => result.class.name, 'exception_payload' => message }
234
+ )
235
+ end
227
236
  end
228
237
  end
229
238
  end
@@ -246,7 +255,7 @@ module TCellAgent
246
255
  end
247
256
 
248
257
  ActiveRecord::Querying.module_eval do
249
- if ::Rails::VERSION::MAJOR == 5
258
+ if ::Rails::VERSION::MAJOR >= 5
250
259
  alias_method :tcell_find_by_sql, :find_by_sql
251
260
  def find_by_sql(*args)
252
261
  results = tcell_find_by_sql(*args)
@@ -290,8 +299,7 @@ module TCellAgent
290
299
  module Policies
291
300
  class DataLossPolicy
292
301
  def log_enforce(tcell_context, sanitize_string)
293
- if TCellAgent.configuration.enabled &&
294
- TCellAgent.configuration.should_instrument? &&
302
+ if TCellAgent.configuration.should_instrument? &&
295
303
  TCellAgent.configuration.should_intercept_requests?
296
304
  if tcell_context && tcell_context.session_id
297
305
  session_id_actions = get_actions_for_session_id
@@ -326,8 +334,7 @@ module TCellAgent
326
334
  end
327
335
 
328
336
  def response_body_enforce(tcell_context, sanitize_string)
329
- if TCellAgent.configuration.enabled &&
330
- TCellAgent.configuration.should_instrument? &&
337
+ if TCellAgent.configuration.should_instrument? &&
331
338
  TCellAgent.configuration.should_intercept_requests?
332
339
  if tcell_context && tcell_context.session_id
333
340
  session_id_actions = get_actions_for_session_id
@@ -367,6 +374,8 @@ end
367
374
  class Logger
368
375
  alias_method :tcell_old_add, :add
369
376
  def add(severity, message = nil, progname = nil)
377
+ return tcell_old_add(severity, message, progname) unless severity >= level
378
+
370
379
  if severity >= level
371
380
  progname ||= @progname
372
381
  if message.nil?
@@ -383,9 +392,12 @@ class Logger
383
392
  TCellAgent.configuration.should_intercept_requests?
384
393
 
385
394
  TCellAgent::Instrumentation.safe_block_no_log('Handling DLP log message filtering') do
386
- dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
395
+ dataloss_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
396
+ return tcell_old_add(severity, message, progname) unless dataloss_policy && dataloss_policy.enabled
397
+
387
398
  request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
388
- if message && dlp_policy && request_env
399
+
400
+ if message && request_env
389
401
  tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
390
402
  tcell_context.filter_log(message) if tcell_context
391
403
  end
@@ -38,8 +38,7 @@ module TCellAgent
38
38
  tcell_context = nil
39
39
 
40
40
  TCellAgent::Instrumentation.safe_block('DLP Handler get handler and context') do
41
- if TCellAgent.configuration.enabled &&
42
- TCellAgent.configuration.should_instrument? &&
41
+ if TCellAgent.configuration.should_instrument? &&
43
42
  TCellAgent.configuration.should_intercept_requests?
44
43
 
45
44
  # do all this work so that dlp doesn't run at all unless it's on and there
@@ -44,19 +44,18 @@ module TCellAgent
44
44
  script_insert = nil
45
45
 
46
46
  TCellAgent::Instrumentation.safe_block('JSAgent get handler and script insert') do
47
- if (response_headers['Content-Type'] || '').start_with?('text/html')
48
- rust_policy = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
49
- if rust_policy
50
- script_insert = rust_policy.get_js_agent_script_tag(
51
- request.env[TCellAgent::Instrumentation::TCELL_ID]
52
- )
53
- if script_insert
54
- js_agent_handler = proc { |si, resp|
55
- handle_js_agent_insert(si, resp)
56
- }
57
- end
58
- end
59
- end
47
+ return [nil, nil] unless (response_headers['Content-Type'] || '').start_with?('text/html')
48
+
49
+ js_agent_policy = TCellAgent.policy(TCellAgent::PolicyTypes::JSAGENTINJECTION)
50
+ script_insert = js_agent_policy.get_js_agent_script_tag(
51
+ request.env[TCellAgent::Instrumentation::TCELL_ID]
52
+ )
53
+
54
+ return [nil, nil] unless script_insert
55
+
56
+ js_agent_handler = proc { |si, resp|
57
+ handle_js_agent_insert(si, resp)
58
+ }
60
59
  end
61
60
 
62
61
  [js_agent_handler, script_insert]
@@ -2,7 +2,6 @@
2
2
 
3
3
  require 'rails'
4
4
  require 'uri'
5
- require 'tcell_agent/logger'
6
5
  require 'tcell_agent/agent'
7
6
  require 'tcell_agent/sensor_events/sensor'
8
7
  require 'tcell_agent/sensor_events/server_agent'
@@ -22,34 +21,14 @@ module TCellAgent
22
21
  end
23
22
 
24
23
  def call(env)
25
- orig = (Time.now.to_f * 1000).to_i
24
+ start_time = (Time.now.to_f * 1000).to_i
26
25
 
27
26
  response = @app.call(env)
28
27
 
29
28
  if TCellAgent.configuration.should_intercept_requests?
30
- response_time = (Time.now.to_f * 1000).to_i - orig
31
- TCellAgent::Instrumentation.safe_block('Handling Route Time') do
32
- route_id = env[TCellAgent::Instrumentation::TCELL_ID].route_id
33
- if route_id
34
- TCellAgent.increment_route(route_id, response_time)
35
- else
36
- TCellAgent.increment_route('', response_time)
37
- end
38
- end
39
- TCellAgent::Instrumentation.safe_block('Handling Sessions Info') do
40
- login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
41
- if login_fraud_policy && login_fraud_policy.session_hijacking_metrics
42
- hmac_session_id = env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
43
- user_id = env[TCellAgent::Instrumentation::TCELL_ID].user_id
44
- if user_id && hmac_session_id
45
- TCellAgent.increment_session_info(
46
- hmac_session_id,
47
- user_id,
48
- env[TCellAgent::Instrumentation::TCELL_ID].ip_address,
49
- env[TCellAgent::Instrumentation::TCELL_ID].user_agent
50
- )
51
- end
52
- end
29
+ TCellAgent::Instrumentation.safe_block('Handling reporting metrics') do
30
+ response_time = (Time.now.to_f * 1000).to_i - start_time
31
+ TCellAgent.report_metrics(response_time, env[TCellAgent::Instrumentation::TCELL_ID])
53
32
  end
54
33
  end
55
34
 
@@ -2,18 +2,8 @@
2
2
 
3
3
  require 'rails'
4
4
  require 'uri'
5
- require 'tcell_agent/logger'
6
5
  require 'tcell_agent/agent'
7
- require 'tcell_agent/sensor_events/sensor'
8
- require 'tcell_agent/sensor_events/server_agent'
9
- require 'tcell_agent/sensor_events/util/sanitizer_utilities'
10
-
11
- require 'tcell_agent/userinfo'
12
- require 'cgi'
13
-
14
- require 'tcell_agent/instrumentation'
15
- require 'tcell_agent/configuration'
16
- require 'thread'
6
+ require 'tcell_agent/rails/better_ip'
17
7
 
18
8
  module TCellAgent
19
9
  module Instrumentation
@@ -36,7 +26,7 @@ module TCellAgent
36
26
  env[TCellAgent::Instrumentation::TCELL_ID].path = request.path
37
27
  env[TCellAgent::Instrumentation::TCELL_ID].user_agent = request.user_agent
38
28
  env[TCellAgent::Instrumentation::TCELL_ID].referrer = request.referrer
39
- env[TCellAgent::Instrumentation::TCELL_ID].ip_address = TCellAgent::Utils::Rails.better_ip(request)
29
+ env[TCellAgent::Instrumentation::TCELL_ID].remote_address = TCellAgent::Utils::Rails.better_ip(request)
40
30
  if request.request_method
41
31
  env[TCellAgent::Instrumentation::TCELL_ID].request_method = request.request_method
42
32
  end
@@ -2,13 +2,12 @@
2
2
 
3
3
  require 'rails'
4
4
  require 'uri'
5
- require 'tcell_agent/logger'
6
5
  require 'tcell_agent/agent'
7
6
  require 'tcell_agent/sensor_events/sensor'
8
7
  require 'tcell_agent/sensor_events/server_agent'
9
8
  require 'tcell_agent/sensor_events/util/sanitizer_utilities'
10
9
 
11
- require 'tcell_agent/userinfo'
10
+ require 'tcell_agent/rails/auth/userinfo'
12
11
  require 'cgi'
13
12
 
14
13
  require 'tcell_agent/instrumentation'
@@ -1,16 +1,3 @@
1
- # See the file "LICENSE" for the full license governing this code.
2
-
3
- require 'rails'
4
- require 'uri'
5
- require 'tcell_agent/agent'
6
- require 'tcell_agent/sensor_events/sensor'
7
- require 'tcell_agent/sensor_events/appsensor_meta_event'
8
- require 'tcell_agent/sensor_events/server_agent'
9
- require 'tcell_agent/sensor_events/util/sanitizer_utilities'
10
-
11
- require 'tcell_agent/userinfo'
12
- require 'cgi'
13
-
14
1
  require 'tcell_agent/instrumentation'
15
2
  require 'tcell_agent/rails/responses'
16
3
  require 'tcell_agent/rails/js_agent_insert'
@@ -49,9 +36,9 @@ module TCellAgent
49
36
  def _set_headers(request, response)
50
37
  status, headers, active_response = response
51
38
 
52
- rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
53
- if rust_policies
54
- policy_headers = rust_policies.get_headers(
39
+ TCellAgent::Instrumentation.safe_block('Handling headers') do
40
+ headers_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HEADERS)
41
+ policy_headers = headers_policy.get_headers(
55
42
  request.env[TCellAgent::Instrumentation::TCELL_ID]
56
43
  )
57
44
  policy_headers.each do |header_info|
@@ -73,21 +60,14 @@ module TCellAgent
73
60
  def _handle_redirect(request, response)
74
61
  TCellAgent::Instrumentation.safe_block('Handling Redirect Headers') do
75
62
  status, headers, active_response = response
76
- http_redirect_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HTTPREDIRECT)
77
- if http_redirect_policy && headers.key?('Location')
63
+ if headers.key?('Location')
64
+ http_redirect_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HTTPREDIRECT)
78
65
  tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
79
- route_id = tcell_context.route_id
80
- hmac_session_id = tcell_context.hmac_session_id
81
- new_location = http_redirect_policy.enforce(
82
- headers['Location'],
83
- tcell_context.uri,
84
- tcell_context.fullpath,
85
- tcell_context.request_method,
86
- route_id,
87
- status,
88
- tcell_context.ip_address,
89
- hmac_session_id
66
+ from_domain = URI.parse(tcell_context.uri).host
67
+ new_location = http_redirect_policy.check_redirect(
68
+ headers['Location'], from_domain, status, tcell_context
90
69
  )
70
+
91
71
  # Enforcement
92
72
  headers['Location'] = new_location if new_location
93
73
  end
@@ -143,15 +123,15 @@ module TCellAgent
143
123
  defer_appfw_due_to_streaming = true
144
124
  end
145
125
 
146
- rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
147
- if rust_policies && rust_policies.appfirewall_enabled
148
- event = TCellAgent::SensorEvents::AppSensorMetaEvent.build(
126
+ appfirewall_policy = TCellAgent.policy(TCellAgent::PolicyTypes::APPSENSOR)
127
+ if appfirewall_policy.enabled
128
+ meta_data = TCellAgent::MetaData.for_appfirewall(
149
129
  request, content_length, status_code, response_headers
150
130
  )
151
131
  if defer_appfw_due_to_streaming
152
- response_body.appsensor_meta_event = event
132
+ response_body.meta_data = meta_data
153
133
  else
154
- TCellAgent.send_event(event)
134
+ appfirewall_policy.check_appfirewall_injections(meta_data)
155
135
  end
156
136
  end
157
137
 
@@ -1,40 +1,35 @@
1
1
  # See the file "LICENSE" for the full license governing this code.
2
2
 
3
3
  require 'rails'
4
- require 'uri'
5
- require 'tcell_agent/agent'
6
- require 'tcell_agent/sensor_events/sensor'
7
- require 'tcell_agent/sensor_events/server_agent'
8
- require 'tcell_agent/sensor_events/util/sanitizer_utilities'
9
4
 
10
- require 'tcell_agent/rails/better_ip'
11
5
  require 'tcell_agent/rails/middleware/global_middleware'
12
6
  require 'tcell_agent/rails/middleware/body_filter_middleware'
13
7
  require 'tcell_agent/rails/middleware/headers_middleware'
14
8
  require 'tcell_agent/rails/middleware/context_middleware'
15
9
 
10
+ require 'tcell_agent/rails/routes'
16
11
  require 'tcell_agent/rails/settings_reporter'
17
12
  require 'tcell_agent/rails/dlp'
18
13
  require 'tcell_agent/rails/csrf_exception'
19
14
 
20
- require 'tcell_agent/userinfo'
21
15
  require 'cgi'
22
16
  require 'thread'
23
17
 
24
18
  module TCellAgent
25
- class Railtie < Rails::Railtie
26
- initializer 'tcell_agent.insert_middleware' do |app|
27
- app.config.to_prepare do
28
- require 'tcell_agent/devise' if defined?(Devise)
29
- require 'tcell_agent/rails/auth/devise' if defined?(Devise)
30
- require 'tcell_agent/authlogic' if defined?(Authlogic)
31
- require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
32
- require 'tcell_agent/rails/auth/doorkeeper'
33
- end
19
+ class TCellAgentStartupRailtie < Rails::Railtie
20
+ initializer :tcell_insert_middleware, :before => :build_middleware_stack do |app|
34
21
  app.config.middleware.insert_before(0, TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware)
35
22
  app.config.middleware.insert_after(0, TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware)
36
23
  app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::BodyFilterMiddleware
37
24
  app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware
38
25
  end
39
26
  end
27
+
28
+ class TCellAgentCSRFRailtie < Rails::Railtie
29
+ initializer 'tcell.sensors' do |_app|
30
+ ActiveSupport.on_load :action_controller do
31
+ ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
32
+ end
33
+ end
34
+ end
40
35
  end
@@ -0,0 +1,8 @@
1
+ module TCellAgent
2
+ class TCellAgentStartupRailtie < Rails::Railtie
3
+ initializer :start_tcell_agent,
4
+ :after => :load_config_initializers do |_app|
5
+ TCellAgent.thread_agent.start('Unicorn')
6
+ end
7
+ end
8
+ end
@@ -1,7 +1,7 @@
1
- require 'tcell_agent/configuration'
2
1
  require 'tcell_agent/patches'
3
2
  require 'tcell_agent/rails/routes/grape'
4
3
  require 'tcell_agent/rails/routes/route_id'
4
+ require 'tcell_agent/rails/dlp/process_request'
5
5
 
6
6
  require 'json'
7
7
 
@@ -77,13 +77,15 @@ module TCellAgent
77
77
  end
78
78
 
79
79
  def self.create_tcell_route(route)
80
- return TCellRoute5.new(route) if route && ::Rails::VERSION::MAJOR == 5
80
+ return TCellRoute5.new(route) if route && ::Rails::VERSION::MAJOR >= 5
81
81
  return TCellRoute4.new(route) if route && ::Rails::VERSION::MAJOR < 5
82
82
 
83
83
  TCellRoute.new
84
84
  end
85
85
 
86
86
  def self.instrument_routes
87
+ return unless TCellAgent.configuration.should_instrument?
88
+
87
89
  return unless ::Rails.application
88
90
 
89
91
  ::Rails.application.routes.routes.each do |route|
@@ -92,7 +94,7 @@ module TCellAgent
92
94
  end
93
95
 
94
96
  def self.instrument_route(route)
95
- return unless TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument?
97
+ return unless TCellAgent.configuration.should_instrument?
96
98
 
97
99
  tcell_route = create_tcell_route(route)
98
100
 
@@ -134,9 +136,7 @@ module TCellAgent
134
136
  prepend_around_filter :tcell_around_filter_routes
135
137
  end
136
138
  def tcell_around_filter_routes
137
- if TCellAgent.configuration.enabled &&
138
- TCellAgent.configuration.should_instrument? &&
139
- TCellAgent.configuration.should_intercept_requests?
139
+ if TCellAgent.configuration.should_intercept_requests?
140
140
  TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
141
141
  _match, parameters, route = ::Rails.application.routes.router.recognize(request) { |r, _| r }.first
142
142
 
@@ -172,7 +172,7 @@ module TCellAgent
172
172
  end
173
173
  end
174
174
 
175
- if ::Rails::VERSION::MAJOR == 5
175
+ if ::Rails::VERSION::MAJOR >= 5
176
176
  ActionDispatch::Journey::Routes.class_eval do
177
177
  alias_method :tcell_add_route, :add_route
178
178
  def add_route(name, mapping)
@@ -187,12 +187,11 @@ module TCellAgent
187
187
  end
188
188
  end
189
189
 
190
- if ::Rails::VERSION::MAJOR == 5 || (::Rails::VERSION::MAJOR == 4 && ::Rails::VERSION::MINOR >= 2)
190
+ if ::Rails::VERSION::MAJOR >= 5 || (::Rails::VERSION::MAJOR == 4 && ::Rails::VERSION::MINOR >= 2)
191
191
  ActionDispatch::Journey::Router.class_eval do
192
192
  alias_method :tcell_serve, :serve
193
193
  def serve(req)
194
- if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument? &&
195
- TCellAgent.configuration.should_intercept_requests?
194
+ if TCellAgent.configuration.should_intercept_requests?
196
195
  TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
197
196
  _match, parameters, route = find_routes(req).first
198
197
 
@@ -219,8 +218,7 @@ module TCellAgent
219
218
  def call(env)
220
219
  env['PATH_INFO'] = ActionDispatch::Journey::Router::Utils.normalize_path(env['PATH_INFO'])
221
220
 
222
- if TCellAgent.configuration.enabled && TCellAgent.configuration.should_instrument? &&
223
- TCellAgent.configuration.should_intercept_requests?
221
+ if TCellAgent.configuration.should_intercept_requests?
224
222
  TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
225
223
  _match, parameters, route = find_routes(env).first
226
224