tcell_agent 1.1.12 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/bin/tcell_agent +45 -137
- data/lib/tcell_agent.rb +12 -14
- data/lib/tcell_agent/agent.rb +108 -97
- data/lib/tcell_agent/agent/route_manager.rb +0 -16
- data/lib/tcell_agent/agent/static_agent.rb +9 -30
- data/lib/tcell_agent/config_initializer.rb +66 -0
- data/lib/tcell_agent/configuration.rb +69 -345
- data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
- data/lib/tcell_agent/instrument_servers.rb +23 -0
- data/lib/tcell_agent/instrumentation.rb +12 -10
- data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
- data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
- data/lib/tcell_agent/logger.rb +49 -114
- data/lib/tcell_agent/patches.rb +6 -7
- data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
- data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
- data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
- data/lib/tcell_agent/policies/headers_policy.rb +25 -0
- data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
- data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
- data/lib/tcell_agent/policies/local_file_access.rb +28 -0
- data/lib/tcell_agent/policies/login_policy.rb +43 -0
- data/lib/tcell_agent/policies/patches_policy.rb +27 -0
- data/lib/tcell_agent/policies/policies_manager.rb +68 -0
- data/lib/tcell_agent/policies/policy_polling.rb +58 -0
- data/lib/tcell_agent/policies/policy_types.rb +14 -0
- data/lib/tcell_agent/policies/system_enablements.rb +27 -0
- data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
- data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
- data/lib/tcell_agent/rails/auth/devise.rb +100 -105
- data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
- data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
- data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
- data/lib/tcell_agent/rails/dlp.rb +35 -23
- data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
- data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
- data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
- data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
- data/lib/tcell_agent/rails/routes.rb +10 -12
- data/lib/tcell_agent/rails/routes/grape.rb +4 -14
- data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
- data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
- data/lib/tcell_agent/rust/agent_config.rb +60 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
- data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
- data/lib/tcell_agent/rust/models.rb +6 -52
- data/lib/tcell_agent/rust/native_agent.rb +549 -0
- data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
- data/lib/tcell_agent/rust/native_library.rb +69 -0
- data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
- data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
- data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
- data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
- data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
- data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
- data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
- data/lib/tcell_agent/servers/passenger.rb +1 -28
- data/lib/tcell_agent/servers/puma.rb +3 -21
- data/lib/tcell_agent/servers/rails_server.rb +1 -2
- data/lib/tcell_agent/servers/thin.rb +2 -2
- data/lib/tcell_agent/servers/unicorn.rb +19 -80
- data/lib/tcell_agent/servers/webrick.rb +1 -2
- data/lib/tcell_agent/settings_reporter.rb +11 -90
- data/lib/tcell_agent/sinatra.rb +14 -16
- data/lib/tcell_agent/tcell_context.rb +40 -14
- data/lib/tcell_agent/utils/headers.rb +14 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
- data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
- data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
- data/spec/lib/tcell_agent/patches_spec.rb +25 -43
- data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
- data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
- data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
- data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
- data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
- data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
- data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
- data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
- data/spec/spec_helper.rb +1 -1
- data/spec/support/builders.rb +103 -0
- data/spec/support/force_logger_mocking.rb +38 -0
- data/spec/support/resources/lfi_sample_file.txt +2 -0
- data/spec/support/static_agent_overrides.rb +0 -15
- metadata +72 -83
- data/lib/tcell_agent/agent/event_processor.rb +0 -326
- data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
- data/lib/tcell_agent/agent/policy_manager.rb +0 -219
- data/lib/tcell_agent/agent/policy_types.rb +0 -30
- data/lib/tcell_agent/api.rb +0 -91
- data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
- data/lib/tcell_agent/authlogic.rb +0 -26
- data/lib/tcell_agent/config/child_process_events.rb +0 -8
- data/lib/tcell_agent/config/unknown_options.rb +0 -123
- data/lib/tcell_agent/devise.rb +0 -35
- data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
- data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
- data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
- data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
- data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
- data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
- data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
- data/lib/tcell_agent/policies/rust_policies.rb +0 -110
- data/lib/tcell_agent/rails/on_start.rb +0 -41
- data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
- data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +0 -308
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
- data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
- data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
- data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
- data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
- data/lib/tcell_agent/sensor_events/patches.rb +0 -21
- data/lib/tcell_agent/start_background_thread.rb +0 -55
- data/lib/tcell_agent/system_info.rb +0 -11
- data/lib/tcell_agent/utils/io.rb +0 -38
- data/lib/tcell_agent/utils/passwords.rb +0 -28
- data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
- data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
- data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
- data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
- data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
- data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
- data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
- data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
- data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
- data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
- data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
|
@@ -1,11 +1,7 @@
|
|
|
1
1
|
# See the file "LICENSE" for the full license governing this code.
|
|
2
2
|
|
|
3
|
-
require 'tcell_agent/authlogic' if defined?(Authlogic)
|
|
4
|
-
require 'tcell_agent/devise' if defined?(Devise)
|
|
5
|
-
|
|
6
3
|
require 'rails'
|
|
7
4
|
require 'uri'
|
|
8
|
-
require 'tcell_agent/logger'
|
|
9
5
|
require 'tcell_agent/agent'
|
|
10
6
|
require 'tcell_agent/sensor_events/sensor'
|
|
11
7
|
require 'tcell_agent/sensor_events/server_agent'
|
|
@@ -22,7 +18,6 @@ require 'tcell_agent/rails/settings_reporter'
|
|
|
22
18
|
|
|
23
19
|
require 'tcell_agent/instrumentation'
|
|
24
20
|
|
|
25
|
-
require 'tcell_agent/userinfo'
|
|
26
21
|
require 'cgi'
|
|
27
22
|
require 'thread'
|
|
28
23
|
|
|
@@ -31,11 +26,20 @@ require 'tcell_agent/rails/responses'
|
|
|
31
26
|
|
|
32
27
|
module TCellAgent
|
|
33
28
|
module DLP
|
|
29
|
+
def self.get_dlp_logger
|
|
30
|
+
unless defined?(@rails_dlp_logger)
|
|
31
|
+
@rails_dlp_logger = TCellAgent::ModuleLogger.new(
|
|
32
|
+
TCellAgent.logger, name
|
|
33
|
+
)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
@rails_dlp_logger
|
|
37
|
+
end
|
|
38
|
+
|
|
34
39
|
def self.instrument_pluck(results, column_names, model)
|
|
35
40
|
return if results.empty?
|
|
36
41
|
|
|
37
|
-
if TCellAgent.configuration.
|
|
38
|
-
TCellAgent.configuration.should_instrument? &&
|
|
42
|
+
if TCellAgent.configuration.should_instrument? &&
|
|
39
43
|
TCellAgent.configuration.should_intercept_requests?
|
|
40
44
|
|
|
41
45
|
dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
|
|
@@ -88,7 +92,7 @@ module TCellAgent
|
|
|
88
92
|
end
|
|
89
93
|
|
|
90
94
|
if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
|
|
91
|
-
|
|
95
|
+
get_dlp_logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
|
|
92
96
|
end
|
|
93
97
|
|
|
94
98
|
return if column_name_to_rules.empty?
|
|
@@ -138,8 +142,7 @@ module TCellAgent
|
|
|
138
142
|
def self.instrument_find_by_sql(results)
|
|
139
143
|
return if results.empty?
|
|
140
144
|
|
|
141
|
-
if TCellAgent.configuration.
|
|
142
|
-
TCellAgent.configuration.should_instrument? &&
|
|
145
|
+
if TCellAgent.configuration.should_instrument? &&
|
|
143
146
|
TCellAgent.configuration.should_intercept_requests?
|
|
144
147
|
|
|
145
148
|
dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
|
|
@@ -167,7 +170,7 @@ module TCellAgent
|
|
|
167
170
|
end
|
|
168
171
|
|
|
169
172
|
if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
|
|
170
|
-
|
|
173
|
+
get_dlp_logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
|
|
171
174
|
end
|
|
172
175
|
|
|
173
176
|
column_name_to_rules = column_names.each_with_object({}) do |column_name, memo|
|
|
@@ -214,16 +217,22 @@ module TCellAgent
|
|
|
214
217
|
result = tcell_translate_exception(exception, message)
|
|
215
218
|
|
|
216
219
|
TCellAgent::Instrumentation.safe_block('Set sql_exception_detected in meta') do
|
|
217
|
-
|
|
218
|
-
if
|
|
220
|
+
appfirewall_policy = TCellAgent.policy(TCellAgent::PolicyTypes::APPSENSOR)
|
|
221
|
+
if appfirewall_policy.enabled
|
|
219
222
|
request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(
|
|
220
223
|
Thread.current.object_id, {}
|
|
221
224
|
)
|
|
222
225
|
tcell_data = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
|
223
226
|
if tcell_data && result.is_a?(ActiveRecord::StatementInvalid)
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
+
if message.is_a? Hash
|
|
228
|
+
tcell_data.sql_exceptions.push(
|
|
229
|
+
{ 'exception_name' => result.class.name, 'exception_payload' => message[:message] }
|
|
230
|
+
)
|
|
231
|
+
else
|
|
232
|
+
tcell_data.sql_exceptions.push(
|
|
233
|
+
{ 'exception_name' => result.class.name, 'exception_payload' => message }
|
|
234
|
+
)
|
|
235
|
+
end
|
|
227
236
|
end
|
|
228
237
|
end
|
|
229
238
|
end
|
|
@@ -246,7 +255,7 @@ module TCellAgent
|
|
|
246
255
|
end
|
|
247
256
|
|
|
248
257
|
ActiveRecord::Querying.module_eval do
|
|
249
|
-
if ::Rails::VERSION::MAJOR
|
|
258
|
+
if ::Rails::VERSION::MAJOR >= 5
|
|
250
259
|
alias_method :tcell_find_by_sql, :find_by_sql
|
|
251
260
|
def find_by_sql(*args)
|
|
252
261
|
results = tcell_find_by_sql(*args)
|
|
@@ -290,8 +299,7 @@ module TCellAgent
|
|
|
290
299
|
module Policies
|
|
291
300
|
class DataLossPolicy
|
|
292
301
|
def log_enforce(tcell_context, sanitize_string)
|
|
293
|
-
if TCellAgent.configuration.
|
|
294
|
-
TCellAgent.configuration.should_instrument? &&
|
|
302
|
+
if TCellAgent.configuration.should_instrument? &&
|
|
295
303
|
TCellAgent.configuration.should_intercept_requests?
|
|
296
304
|
if tcell_context && tcell_context.session_id
|
|
297
305
|
session_id_actions = get_actions_for_session_id
|
|
@@ -326,8 +334,7 @@ module TCellAgent
|
|
|
326
334
|
end
|
|
327
335
|
|
|
328
336
|
def response_body_enforce(tcell_context, sanitize_string)
|
|
329
|
-
if TCellAgent.configuration.
|
|
330
|
-
TCellAgent.configuration.should_instrument? &&
|
|
337
|
+
if TCellAgent.configuration.should_instrument? &&
|
|
331
338
|
TCellAgent.configuration.should_intercept_requests?
|
|
332
339
|
if tcell_context && tcell_context.session_id
|
|
333
340
|
session_id_actions = get_actions_for_session_id
|
|
@@ -367,6 +374,8 @@ end
|
|
|
367
374
|
class Logger
|
|
368
375
|
alias_method :tcell_old_add, :add
|
|
369
376
|
def add(severity, message = nil, progname = nil)
|
|
377
|
+
return tcell_old_add(severity, message, progname) unless severity >= level
|
|
378
|
+
|
|
370
379
|
if severity >= level
|
|
371
380
|
progname ||= @progname
|
|
372
381
|
if message.nil?
|
|
@@ -383,9 +392,12 @@ class Logger
|
|
|
383
392
|
TCellAgent.configuration.should_intercept_requests?
|
|
384
393
|
|
|
385
394
|
TCellAgent::Instrumentation.safe_block_no_log('Handling DLP log message filtering') do
|
|
386
|
-
|
|
395
|
+
dataloss_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
|
|
396
|
+
return tcell_old_add(severity, message, progname) unless dataloss_policy && dataloss_policy.enabled
|
|
397
|
+
|
|
387
398
|
request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
|
|
388
|
-
|
|
399
|
+
|
|
400
|
+
if message && request_env
|
|
389
401
|
tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
|
|
390
402
|
tcell_context.filter_log(message) if tcell_context
|
|
391
403
|
end
|
|
@@ -38,8 +38,7 @@ module TCellAgent
|
|
|
38
38
|
tcell_context = nil
|
|
39
39
|
|
|
40
40
|
TCellAgent::Instrumentation.safe_block('DLP Handler get handler and context') do
|
|
41
|
-
if TCellAgent.configuration.
|
|
42
|
-
TCellAgent.configuration.should_instrument? &&
|
|
41
|
+
if TCellAgent.configuration.should_instrument? &&
|
|
43
42
|
TCellAgent.configuration.should_intercept_requests?
|
|
44
43
|
|
|
45
44
|
# do all this work so that dlp doesn't run at all unless it's on and there
|
|
@@ -44,19 +44,18 @@ module TCellAgent
|
|
|
44
44
|
script_insert = nil
|
|
45
45
|
|
|
46
46
|
TCellAgent::Instrumentation.safe_block('JSAgent get handler and script insert') do
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
end
|
|
47
|
+
return [nil, nil] unless (response_headers['Content-Type'] || '').start_with?('text/html')
|
|
48
|
+
|
|
49
|
+
js_agent_policy = TCellAgent.policy(TCellAgent::PolicyTypes::JSAGENTINJECTION)
|
|
50
|
+
script_insert = js_agent_policy.get_js_agent_script_tag(
|
|
51
|
+
request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
52
|
+
)
|
|
53
|
+
|
|
54
|
+
return [nil, nil] unless script_insert
|
|
55
|
+
|
|
56
|
+
js_agent_handler = proc { |si, resp|
|
|
57
|
+
handle_js_agent_insert(si, resp)
|
|
58
|
+
}
|
|
60
59
|
end
|
|
61
60
|
|
|
62
61
|
[js_agent_handler, script_insert]
|
|
@@ -2,7 +2,6 @@
|
|
|
2
2
|
|
|
3
3
|
require 'rails'
|
|
4
4
|
require 'uri'
|
|
5
|
-
require 'tcell_agent/logger'
|
|
6
5
|
require 'tcell_agent/agent'
|
|
7
6
|
require 'tcell_agent/sensor_events/sensor'
|
|
8
7
|
require 'tcell_agent/sensor_events/server_agent'
|
|
@@ -22,34 +21,14 @@ module TCellAgent
|
|
|
22
21
|
end
|
|
23
22
|
|
|
24
23
|
def call(env)
|
|
25
|
-
|
|
24
|
+
start_time = (Time.now.to_f * 1000).to_i
|
|
26
25
|
|
|
27
26
|
response = @app.call(env)
|
|
28
27
|
|
|
29
28
|
if TCellAgent.configuration.should_intercept_requests?
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
if route_id
|
|
34
|
-
TCellAgent.increment_route(route_id, response_time)
|
|
35
|
-
else
|
|
36
|
-
TCellAgent.increment_route('', response_time)
|
|
37
|
-
end
|
|
38
|
-
end
|
|
39
|
-
TCellAgent::Instrumentation.safe_block('Handling Sessions Info') do
|
|
40
|
-
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
|
|
41
|
-
if login_fraud_policy && login_fraud_policy.session_hijacking_metrics
|
|
42
|
-
hmac_session_id = env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
|
43
|
-
user_id = env[TCellAgent::Instrumentation::TCELL_ID].user_id
|
|
44
|
-
if user_id && hmac_session_id
|
|
45
|
-
TCellAgent.increment_session_info(
|
|
46
|
-
hmac_session_id,
|
|
47
|
-
user_id,
|
|
48
|
-
env[TCellAgent::Instrumentation::TCELL_ID].ip_address,
|
|
49
|
-
env[TCellAgent::Instrumentation::TCELL_ID].user_agent
|
|
50
|
-
)
|
|
51
|
-
end
|
|
52
|
-
end
|
|
29
|
+
TCellAgent::Instrumentation.safe_block('Handling reporting metrics') do
|
|
30
|
+
response_time = (Time.now.to_f * 1000).to_i - start_time
|
|
31
|
+
TCellAgent.report_metrics(response_time, env[TCellAgent::Instrumentation::TCELL_ID])
|
|
53
32
|
end
|
|
54
33
|
end
|
|
55
34
|
|
|
@@ -2,18 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
require 'rails'
|
|
4
4
|
require 'uri'
|
|
5
|
-
require 'tcell_agent/logger'
|
|
6
5
|
require 'tcell_agent/agent'
|
|
7
|
-
require 'tcell_agent/
|
|
8
|
-
require 'tcell_agent/sensor_events/server_agent'
|
|
9
|
-
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
|
10
|
-
|
|
11
|
-
require 'tcell_agent/userinfo'
|
|
12
|
-
require 'cgi'
|
|
13
|
-
|
|
14
|
-
require 'tcell_agent/instrumentation'
|
|
15
|
-
require 'tcell_agent/configuration'
|
|
16
|
-
require 'thread'
|
|
6
|
+
require 'tcell_agent/rails/better_ip'
|
|
17
7
|
|
|
18
8
|
module TCellAgent
|
|
19
9
|
module Instrumentation
|
|
@@ -36,7 +26,7 @@ module TCellAgent
|
|
|
36
26
|
env[TCellAgent::Instrumentation::TCELL_ID].path = request.path
|
|
37
27
|
env[TCellAgent::Instrumentation::TCELL_ID].user_agent = request.user_agent
|
|
38
28
|
env[TCellAgent::Instrumentation::TCELL_ID].referrer = request.referrer
|
|
39
|
-
env[TCellAgent::Instrumentation::TCELL_ID].
|
|
29
|
+
env[TCellAgent::Instrumentation::TCELL_ID].remote_address = TCellAgent::Utils::Rails.better_ip(request)
|
|
40
30
|
if request.request_method
|
|
41
31
|
env[TCellAgent::Instrumentation::TCELL_ID].request_method = request.request_method
|
|
42
32
|
end
|
|
@@ -2,13 +2,12 @@
|
|
|
2
2
|
|
|
3
3
|
require 'rails'
|
|
4
4
|
require 'uri'
|
|
5
|
-
require 'tcell_agent/logger'
|
|
6
5
|
require 'tcell_agent/agent'
|
|
7
6
|
require 'tcell_agent/sensor_events/sensor'
|
|
8
7
|
require 'tcell_agent/sensor_events/server_agent'
|
|
9
8
|
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
|
10
9
|
|
|
11
|
-
require 'tcell_agent/userinfo'
|
|
10
|
+
require 'tcell_agent/rails/auth/userinfo'
|
|
12
11
|
require 'cgi'
|
|
13
12
|
|
|
14
13
|
require 'tcell_agent/instrumentation'
|
|
@@ -1,16 +1,3 @@
|
|
|
1
|
-
# See the file "LICENSE" for the full license governing this code.
|
|
2
|
-
|
|
3
|
-
require 'rails'
|
|
4
|
-
require 'uri'
|
|
5
|
-
require 'tcell_agent/agent'
|
|
6
|
-
require 'tcell_agent/sensor_events/sensor'
|
|
7
|
-
require 'tcell_agent/sensor_events/appsensor_meta_event'
|
|
8
|
-
require 'tcell_agent/sensor_events/server_agent'
|
|
9
|
-
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
|
10
|
-
|
|
11
|
-
require 'tcell_agent/userinfo'
|
|
12
|
-
require 'cgi'
|
|
13
|
-
|
|
14
1
|
require 'tcell_agent/instrumentation'
|
|
15
2
|
require 'tcell_agent/rails/responses'
|
|
16
3
|
require 'tcell_agent/rails/js_agent_insert'
|
|
@@ -49,9 +36,9 @@ module TCellAgent
|
|
|
49
36
|
def _set_headers(request, response)
|
|
50
37
|
status, headers, active_response = response
|
|
51
38
|
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
policy_headers =
|
|
39
|
+
TCellAgent::Instrumentation.safe_block('Handling headers') do
|
|
40
|
+
headers_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HEADERS)
|
|
41
|
+
policy_headers = headers_policy.get_headers(
|
|
55
42
|
request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
56
43
|
)
|
|
57
44
|
policy_headers.each do |header_info|
|
|
@@ -73,21 +60,14 @@ module TCellAgent
|
|
|
73
60
|
def _handle_redirect(request, response)
|
|
74
61
|
TCellAgent::Instrumentation.safe_block('Handling Redirect Headers') do
|
|
75
62
|
status, headers, active_response = response
|
|
76
|
-
|
|
77
|
-
|
|
63
|
+
if headers.key?('Location')
|
|
64
|
+
http_redirect_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HTTPREDIRECT)
|
|
78
65
|
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
headers['Location'],
|
|
83
|
-
tcell_context.uri,
|
|
84
|
-
tcell_context.fullpath,
|
|
85
|
-
tcell_context.request_method,
|
|
86
|
-
route_id,
|
|
87
|
-
status,
|
|
88
|
-
tcell_context.ip_address,
|
|
89
|
-
hmac_session_id
|
|
66
|
+
from_domain = URI.parse(tcell_context.uri).host
|
|
67
|
+
new_location = http_redirect_policy.check_redirect(
|
|
68
|
+
headers['Location'], from_domain, status, tcell_context
|
|
90
69
|
)
|
|
70
|
+
|
|
91
71
|
# Enforcement
|
|
92
72
|
headers['Location'] = new_location if new_location
|
|
93
73
|
end
|
|
@@ -143,15 +123,15 @@ module TCellAgent
|
|
|
143
123
|
defer_appfw_due_to_streaming = true
|
|
144
124
|
end
|
|
145
125
|
|
|
146
|
-
|
|
147
|
-
if
|
|
148
|
-
|
|
126
|
+
appfirewall_policy = TCellAgent.policy(TCellAgent::PolicyTypes::APPSENSOR)
|
|
127
|
+
if appfirewall_policy.enabled
|
|
128
|
+
meta_data = TCellAgent::MetaData.for_appfirewall(
|
|
149
129
|
request, content_length, status_code, response_headers
|
|
150
130
|
)
|
|
151
131
|
if defer_appfw_due_to_streaming
|
|
152
|
-
response_body.
|
|
132
|
+
response_body.meta_data = meta_data
|
|
153
133
|
else
|
|
154
|
-
|
|
134
|
+
appfirewall_policy.check_appfirewall_injections(meta_data)
|
|
155
135
|
end
|
|
156
136
|
end
|
|
157
137
|
|
|
@@ -1,40 +1,35 @@
|
|
|
1
1
|
# See the file "LICENSE" for the full license governing this code.
|
|
2
2
|
|
|
3
3
|
require 'rails'
|
|
4
|
-
require 'uri'
|
|
5
|
-
require 'tcell_agent/agent'
|
|
6
|
-
require 'tcell_agent/sensor_events/sensor'
|
|
7
|
-
require 'tcell_agent/sensor_events/server_agent'
|
|
8
|
-
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
|
9
4
|
|
|
10
|
-
require 'tcell_agent/rails/better_ip'
|
|
11
5
|
require 'tcell_agent/rails/middleware/global_middleware'
|
|
12
6
|
require 'tcell_agent/rails/middleware/body_filter_middleware'
|
|
13
7
|
require 'tcell_agent/rails/middleware/headers_middleware'
|
|
14
8
|
require 'tcell_agent/rails/middleware/context_middleware'
|
|
15
9
|
|
|
10
|
+
require 'tcell_agent/rails/routes'
|
|
16
11
|
require 'tcell_agent/rails/settings_reporter'
|
|
17
12
|
require 'tcell_agent/rails/dlp'
|
|
18
13
|
require 'tcell_agent/rails/csrf_exception'
|
|
19
14
|
|
|
20
|
-
require 'tcell_agent/userinfo'
|
|
21
15
|
require 'cgi'
|
|
22
16
|
require 'thread'
|
|
23
17
|
|
|
24
18
|
module TCellAgent
|
|
25
|
-
class
|
|
26
|
-
initializer
|
|
27
|
-
app.config.to_prepare do
|
|
28
|
-
require 'tcell_agent/devise' if defined?(Devise)
|
|
29
|
-
require 'tcell_agent/rails/auth/devise' if defined?(Devise)
|
|
30
|
-
require 'tcell_agent/authlogic' if defined?(Authlogic)
|
|
31
|
-
require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
|
|
32
|
-
require 'tcell_agent/rails/auth/doorkeeper'
|
|
33
|
-
end
|
|
19
|
+
class TCellAgentStartupRailtie < Rails::Railtie
|
|
20
|
+
initializer :tcell_insert_middleware, :before => :build_middleware_stack do |app|
|
|
34
21
|
app.config.middleware.insert_before(0, TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware)
|
|
35
22
|
app.config.middleware.insert_after(0, TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware)
|
|
36
23
|
app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::BodyFilterMiddleware
|
|
37
24
|
app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware
|
|
38
25
|
end
|
|
39
26
|
end
|
|
27
|
+
|
|
28
|
+
class TCellAgentCSRFRailtie < Rails::Railtie
|
|
29
|
+
initializer 'tcell.sensors' do |_app|
|
|
30
|
+
ActiveSupport.on_load :action_controller do
|
|
31
|
+
ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
40
35
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
require 'tcell_agent/configuration'
|
|
2
1
|
require 'tcell_agent/patches'
|
|
3
2
|
require 'tcell_agent/rails/routes/grape'
|
|
4
3
|
require 'tcell_agent/rails/routes/route_id'
|
|
4
|
+
require 'tcell_agent/rails/dlp/process_request'
|
|
5
5
|
|
|
6
6
|
require 'json'
|
|
7
7
|
|
|
@@ -77,13 +77,15 @@ module TCellAgent
|
|
|
77
77
|
end
|
|
78
78
|
|
|
79
79
|
def self.create_tcell_route(route)
|
|
80
|
-
return TCellRoute5.new(route) if route && ::Rails::VERSION::MAJOR
|
|
80
|
+
return TCellRoute5.new(route) if route && ::Rails::VERSION::MAJOR >= 5
|
|
81
81
|
return TCellRoute4.new(route) if route && ::Rails::VERSION::MAJOR < 5
|
|
82
82
|
|
|
83
83
|
TCellRoute.new
|
|
84
84
|
end
|
|
85
85
|
|
|
86
86
|
def self.instrument_routes
|
|
87
|
+
return unless TCellAgent.configuration.should_instrument?
|
|
88
|
+
|
|
87
89
|
return unless ::Rails.application
|
|
88
90
|
|
|
89
91
|
::Rails.application.routes.routes.each do |route|
|
|
@@ -92,7 +94,7 @@ module TCellAgent
|
|
|
92
94
|
end
|
|
93
95
|
|
|
94
96
|
def self.instrument_route(route)
|
|
95
|
-
return unless TCellAgent.configuration.
|
|
97
|
+
return unless TCellAgent.configuration.should_instrument?
|
|
96
98
|
|
|
97
99
|
tcell_route = create_tcell_route(route)
|
|
98
100
|
|
|
@@ -134,9 +136,7 @@ module TCellAgent
|
|
|
134
136
|
prepend_around_filter :tcell_around_filter_routes
|
|
135
137
|
end
|
|
136
138
|
def tcell_around_filter_routes
|
|
137
|
-
if TCellAgent.configuration.
|
|
138
|
-
TCellAgent.configuration.should_instrument? &&
|
|
139
|
-
TCellAgent.configuration.should_intercept_requests?
|
|
139
|
+
if TCellAgent.configuration.should_intercept_requests?
|
|
140
140
|
TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
|
|
141
141
|
_match, parameters, route = ::Rails.application.routes.router.recognize(request) { |r, _| r }.first
|
|
142
142
|
|
|
@@ -172,7 +172,7 @@ module TCellAgent
|
|
|
172
172
|
end
|
|
173
173
|
end
|
|
174
174
|
|
|
175
|
-
if ::Rails::VERSION::MAJOR
|
|
175
|
+
if ::Rails::VERSION::MAJOR >= 5
|
|
176
176
|
ActionDispatch::Journey::Routes.class_eval do
|
|
177
177
|
alias_method :tcell_add_route, :add_route
|
|
178
178
|
def add_route(name, mapping)
|
|
@@ -187,12 +187,11 @@ module TCellAgent
|
|
|
187
187
|
end
|
|
188
188
|
end
|
|
189
189
|
|
|
190
|
-
if ::Rails::VERSION::MAJOR
|
|
190
|
+
if ::Rails::VERSION::MAJOR >= 5 || (::Rails::VERSION::MAJOR == 4 && ::Rails::VERSION::MINOR >= 2)
|
|
191
191
|
ActionDispatch::Journey::Router.class_eval do
|
|
192
192
|
alias_method :tcell_serve, :serve
|
|
193
193
|
def serve(req)
|
|
194
|
-
if TCellAgent.configuration.
|
|
195
|
-
TCellAgent.configuration.should_intercept_requests?
|
|
194
|
+
if TCellAgent.configuration.should_intercept_requests?
|
|
196
195
|
TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
|
|
197
196
|
_match, parameters, route = find_routes(req).first
|
|
198
197
|
|
|
@@ -219,8 +218,7 @@ module TCellAgent
|
|
|
219
218
|
def call(env)
|
|
220
219
|
env['PATH_INFO'] = ActionDispatch::Journey::Router::Utils.normalize_path(env['PATH_INFO'])
|
|
221
220
|
|
|
222
|
-
if TCellAgent.configuration.
|
|
223
|
-
TCellAgent.configuration.should_intercept_requests?
|
|
221
|
+
if TCellAgent.configuration.should_intercept_requests?
|
|
224
222
|
TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
|
|
225
223
|
_match, parameters, route = find_routes(env).first
|
|
226
224
|
|