tcell_agent 1.1.12 → 2.2.0

data/lib/tcell_agent/rails/routes/grape.rb

@@ -5,15 +5,9 @@ module TCellAgent
     def self.grape_route?(route)
       if defined?(Grape::API)
         begin
-          if ::Rails::VERSION::MAJOR == 4 && ::Rails::VERSION::MINOR < 2
-            # does app inherit from Grape::API?
-            route.app < Grape::API
-          else
-            # does app inherit from Grape::API?
-            route.app.app < Grape::API
-          end
-
-          return true
+          return route.app < Grape::API if ::Rails::VERSION::MAJOR == 4 &&
+                                           ::Rails::VERSION::MINOR < 2
+          return route.app.app < Grape::API
         rescue StandardError # rubocop:disable Lint/HandleExceptions
           # do nothing
         end
@@ -76,10 +70,7 @@ module TCellAgent
       Grape::Endpoint.class_eval do
         alias_method :tcell_call!, :call!
         def call!(env)
-          if TCellAgent.configuration.enabled &&
-             TCellAgent.configuration.should_instrument? &&
-             TCellAgent.configuration.should_intercept_requests?
-
+          if TCellAgent.configuration.should_intercept_requests?
             TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
               tcell_context = env[TCellAgent::Instrumentation::TCELL_ID]
               if tcell_context && tcell_context.grape_mount_endpoint && respond_to?(:routes)
@@ -102,7 +93,6 @@ module TCellAgent
           tcell_call!(env)
         end
       end
-
     end
   end
 end

data/lib/tcell_agent/rails/routes/route_id.rb

@@ -16,7 +16,9 @@ module TCellAgent
           tcell_context.grape_mount_endpoint = grape_mount_endpoint
 
         else
-          tcell_context.route_id = TCellAgent::SensorEvents::Util.calculate_route_id(tcell_context.request_method, route_path)
+          tcell_context.route_id = TCellAgent::SensorEvents::Util.calculate_route_id(
+            tcell_context.request_method, route_path
+          )
         end
       end
     end

data/lib/tcell_agent/rails/settings_reporter.rb

@@ -1,15 +1,12 @@
 require 'rails'
 require 'tcell_agent'
-require 'tcell_agent/sensor_events/app_config'
+require 'tcell_agent/sensor_events/app_config_setting_event'
 require 'tcell_agent/sensor_events/server_agent'
-require 'tcell_agent/system_info'
 
 module TCellAgent
   module Instrumentation
     module Rails
       def self.send_framework_info
-        return unless TCellAgent.configuration.exp_config_settings
-
         TCellAgent.send_event(
           TCellAgent::SensorEvents::ServerAgentAppFrameworkEvent.new(
             'Rails', ::Rails.version
@@ -17,44 +14,34 @@ module TCellAgent
         )
       end
 
-      def self.send_language_info
-        return unless TCellAgent.configuration.exp_config_settings
+      def self.send_settings
+        TCellAgent::Instrumentation.safe_block('Reporting Rails settings') do
+          rails_config = ::Rails.application.config
 
-        language = TCellAgent::SystemInfo.get_language
-        language_version = TCellAgent::SystemInfo.get_language_version
-        TCellAgent.send_event(
-          TCellAgent::SensorEvents::ServerAgentDetailsLanguageEvent.new(
-            language, language_version
+          # Defaults to true
+          csrf_protection = rails_config.action_controller.allow_forgery_protection || true
+          TCellAgent.send_event(
+            TCellAgent::SensorEvents::AppConfigSettingEvent.new(
+              'Rails', 'core', '', 'csrf_protection', csrf_protection
+            )
           )
-        )
-      end
 
-      def self.send_settings(application)
-        return unless TCellAgent.configuration.exp_config_settings
-
-        # Defaults to true
-        csrf_protection = application.config.action_controller.allow_forgery_protection || true
-        TCellAgent.send_event(
-          TCellAgent::SensorEvents::AppConfigSettingEvent.new(
-            'Rails', 'core', '', 'csrf_protection', csrf_protection
+          # Defaults to false if nil
+          mass_assignment_allowed = rails_config.action_controller.permit_all_parameters || false
+          TCellAgent.send_event(
+            TCellAgent::SensorEvents::AppConfigSettingEvent.new(
+              'Rails', 'core', '', 'mass_assignment_allowed', mass_assignment_allowed
+            )
           )
-        )
 
-        # Defaults to false if nil
-        mass_assignment_allowed = application.config.action_controller.permit_all_parameters || false
-        TCellAgent.send_event(
-          TCellAgent::SensorEvents::AppConfigSettingEvent.new(
-            'Rails', 'core', '', 'mass_assignment_allowed', mass_assignment_allowed
-          )
-        )
-
-        # Defaults to never
-        session_expire = application.config.session_options[:expire_after] || -1
-        TCellAgent.send_event(
-          TCellAgent::SensorEvents::AppConfigSettingEvent.new(
-            'Rails', 'session', '', 'timeout', session_expire
+          # Defaults to never
+          session_expire = rails_config.session_options[:expire_after] || -1
+          TCellAgent.send_event(
+            TCellAgent::SensorEvents::AppConfigSettingEvent.new(
+              'Rails', 'session', '', 'timeout', session_expire
+            )
           )
-        )
+        end
       end
     end
   end

data/lib/tcell_agent/rails/tcell_body_proxy.rb

@@ -4,7 +4,7 @@ module TCellAgent
   module Instrumentation
     module Rails
       class TCellBodyProxy
-        attr_accessor :appsensor_meta_event
+        attr_accessor :meta_data
 
         # for specs
         attr_accessor :content_length
@@ -29,9 +29,10 @@ module TCellAgent
 
         def close
           TCellAgent::Instrumentation.safe_block('Running AppSensor deferred due to streaming') do
-            if @appsensor_meta_event
-              @appsensor_meta_event.meta_data.response_content_bytes_len = @content_length
-              TCellAgent.send_event(@appsensor_meta_event)
+            if @meta_data
+              @meta_data.response_content_bytes_len = @content_length
+              appfirewall_policy = TCellAgent.policy(TCellAgent::PolicyTypes::APPSENSOR)
+              appfirewall_policy.check_appfirewall_injections(@meta_data)
             end
           end
 

data/lib/tcell_agent/rust/agent_config.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+require 'tcell_agent/version'
+require 'tcell_agent/rust/models'
+
+module TCellAgent
+  module Rust
+    class AgentConfig < Hash
+      def initialize(configuration)
+        self['agent_type'] = 'Ruby'
+        self['agent_version'] = TCellAgent::VERSION
+        self['default_cache_dir'] = File.join(Dir.getwd, 'tcell/cache')
+        self['default_config_file_dir'] = File.join(Dir.getwd, 'config')
+        self['default_log_dir'] = File.join(Dir.getwd, 'tcell/logs')
+        self['default_preload_policy_file_dir'] = Dir.getwd
+
+        if defined?(ConfigInitializer)
+          overrides = Models.clean_nils(AgentConfigOverrides.new(configuration))
+          self['overrides'] = overrides
+        else
+          self['overrides'] = { 'applications' => [{ :enable_json_body_inspection => true }],
+                                'config_file_dir' => configuration.get_config_file_dir }
+        end
+      end
+    end
+
+    class AgentConfigOverrides < Hash
+      def initialize(configuration)
+        applications = {
+          :allow_payloads => configuration.allow_payloads,
+          :api_key => configuration.api_key,
+          :app_id => configuration.app_id,
+          :enable_json_body_inspection => true,
+          :hmac_key => configuration.hmac_key,
+          :max_header_size => configuration.max_csp_header_bytes,
+          :password_hmac_key => configuration.password_hmac_key,
+          :reverse_proxy => configuration.reverse_proxy,
+          :reverse_proxy_ip_address_header => configuration.reverse_proxy_ip_address_header
+        }
+
+        self['api_url'] = configuration.tcell_api_url
+        self['applications'] = [Models.clean_nils(applications)]
+        self['config_file_dir'] = configuration.get_config_file_dir
+        self['disabled_instrumentation'] = configuration.disabled_instrumentation
+        self['enabled'] = configuration.enabled
+        self['host_identifier'] = configuration.host_identifier
+        self['input_url'] = configuration.tcell_input_url
+        self['instrument'] = configuration.instrument
+        self['js_agent_api_url'] = configuration.js_agent_api_base_url
+        self['js_agent_url'] = configuration.js_agent_url
+        self['log_destination'] = configuration.logging_options[:destination]
+        self['log_dir'] = configuration.log_dir
+        self['log_enabled'] = configuration.logging_options[:enabled]
+        self['log_filename'] = configuration.logging_options[:log_filename]
+        self['log_level'] = configuration.logging_options[:level]
+        self['update_policy'] = configuration.fetch_policies_from_tcell
+      end
+    end
+  end
+end

data/lib/tcell_agent/rust/models.rb

@@ -14,59 +14,13 @@ module TCellAgent
         flattened_params
       end
 
-      def self.create_request_response(appsensor_meta)
-        post_params = convert_params(appsensor_meta.flattened_post_dict)
-
-        request_response = {
-          'method' =>  appsensor_meta.method,
-          'status_code' =>  appsensor_meta.response_code.to_i,
-          'route_id' =>  appsensor_meta.route_id,
-          'path' =>  appsensor_meta.path,
-          'query_params' =>  convert_params(appsensor_meta.flattened_get_dict),
-          'post_params' =>  post_params,
-          'headers' =>  convert_params(appsensor_meta.flattened_headers_dict),
-          'cookies' =>  convert_params(appsensor_meta.flattened_cookie_dict),
-          'path_params' =>  convert_params(appsensor_meta.flattened_path_parameters),
-          'remote_address' =>  appsensor_meta.remote_address,
-          'full_uri' =>  appsensor_meta.location,
-          'session_id' =>  appsensor_meta.session_id,
-          'user_id' =>  appsensor_meta.user_id,
-          'user_agent' =>  appsensor_meta.user_agent,
-          :content_type => appsensor_meta.content_type,
-          :request_body => appsensor_meta.raw_request_body,
-          'request_bytes_length' =>  appsensor_meta.request_content_bytes_len,
-          'response_bytes_length' =>  appsensor_meta.response_content_bytes_len
-        }
-
-        if TCellAgent::Utils::Strings.present?(appsensor_meta.csrf_exception_name)
-          request_response['csrf_exception'] = { 'exception_name' => appsensor_meta.csrf_exception_name }
-        end
-
-        if appsensor_meta.sql_exceptions
-          request_response['sql_exceptions'] = appsensor_meta.sql_exceptions
-        end
-
-        if appsensor_meta.database_result_sizes
-          request_response['database_result_sizes'] = appsensor_meta.database_result_sizes
+      def self.clean_nils(hash)
+        if hash.respond_to?(:compact!)
+          hash.compact!
+        else
+          hash.delete_if { |_, v| v.nil? }
         end
-
-        request_response
-      end
-
-      def self.create_patches_request(appsensor_meta)
-        post_params = convert_params(appsensor_meta.flattened_post_dict)
-
-        {
-          'method' =>  appsensor_meta.method,
-          'path' =>  appsensor_meta.path,
-          'remote_address' =>  appsensor_meta.remote_address,
-          'request_bytes_length' =>  appsensor_meta.request_content_bytes_len,
-          'query_params' =>  convert_params(appsensor_meta.flattened_get_dict),
-          'post_params' =>  post_params,
-          'headers' =>  convert_params(appsensor_meta.flattened_headers_dict),
-          'cookies' =>  convert_params(appsensor_meta.flattened_cookie_dict),
-          :content_type => appsensor_meta.content_type
-        }
+        hash
       end
     end
   end

data/lib/tcell_agent/rust/native_agent.rb

@@ -0,0 +1,549 @@
+require 'json'
+require 'tcell_agent/rust/agent_config'
+require 'tcell_agent/rust/models'
+require 'tcell_agent/rust/native_library'
+require 'tcell_agent/rust/native_agent_response'
+require 'tcell_agent/version'
+
+require 'tcell_agent/utils/headers'
+module TCellAgent
+  module Rust
+    class NativeAgent # rubocop:disable Metrics/ClassLength
+      def self.test_event_sender(events)
+        config = TCellAgent.configuration
+        event_sender = {
+          :uuid =>            config.uuid,
+          :hostname =>        config.host_identifier,
+          :agent_type =>      'Ruby',
+          :agent_version =>   TCellAgent::VERSION,
+          :app_id =>          config.app_id,
+          :api_key =>         config.api_key,
+          :tcell_input_url => config.tcell_input_url,
+          :events =>          events
+        }
+        event_sender_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(event_sender)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # config_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.test_event_sender(
+          event_sender_pointer, event_sender_pointer.size - 1, buf, buf.size
+        )
+
+        response = NativeAgentResponse.new('test_event_sender', buf, result_size)
+
+        response.errors
+      end
+
+      def self.test_policies
+        config = TCellAgent.configuration
+        policies_info = {
+          :app_id =>        config.app_id,
+          :api_key =>       config.api_key,
+          :tcell_api_url => config.tcell_api_url
+        }
+        policies_info_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(policies_info)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # config_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.test_policies(
+          policies_info_pointer, policies_info_pointer.size - 1, buf, buf.size
+        )
+
+        response = NativeAgentResponse.new('test_event_sender', buf, result_size)
+
+        response.errors
+      end
+
+      def self.test_agent(config)
+        agent_config = TCellAgent::Rust::AgentConfig.new(config)
+
+        config_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(agent_config)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # config_pointer.size - 1: strips null terminator
+        TCellAgent::Rust::NativeLibrary.test_agent(
+          config_pointer, config_pointer.size - 1, buf, buf.size
+        )
+      end
+
+      def self.free_agent(agent_ptr)
+        if TCellAgent::Rust::NativeLibrary.common_lib_available? &&
+           agent_ptr
+          TCellAgent::Rust::NativeLibrary.free_agent(
+            FFI::Pointer.new(agent_ptr)
+          )
+        end
+      end
+
+      def self.create_agent(config)
+        return nil unless TCellAgent::Rust::NativeLibrary.common_lib_available?
+
+        agent_config = TCellAgent::Rust::AgentConfig.new(config)
+        config_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(agent_config)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # config_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.create_agent(
+          config_pointer, config_pointer.size - 1, buf, buf.size
+        )
+
+        response = JSON.parse(buf.get_string(0, result_size))
+        if response['error']
+          logger = TCellAgent::ModuleLogger.new(TCellAgent::RubyLogger.new, name)
+          logger.error("Error creating native agent: #{response['error']}")
+          return nil
+        end
+
+        return unless response['config'] && response['agent_enabled']
+
+        TCellAgent.configuration.populate_configuration(response['config'])
+        NativeAgent.new(response['agent_ptr'])
+      end
+
+      attr_reader :agent_ptr
+
+      def initialize(agent_ptr)
+        @agent_ptr = agent_ptr
+      end
+
+      def apply_appfirewall(appsensor_meta)
+        return {} unless appsensor_meta
+
+        post_params = Models.convert_params(appsensor_meta.flattened_post_dict)
+        query_params = Models.convert_params(appsensor_meta.flattened_get_dict)
+        header_params = Models.convert_params(appsensor_meta.flattened_headers_dict)
+        cookie_params = Models.convert_params(appsensor_meta.flattened_cookie_dict)
+        path_params = Models.convert_params(appsensor_meta.flattened_path_parameters)
+
+        request_response_json = {
+          :method => appsensor_meta.method,
+          :status_code => appsensor_meta.response_code.to_i,
+          :route_id => appsensor_meta.route_id,
+          :path => appsensor_meta.path,
+          :query_params => query_params,
+          :post_params => post_params,
+          :headers => header_params,
+          :cookies => cookie_params,
+          :path_params => path_params,
+          :remote_address => appsensor_meta.remote_address,
+          :full_uri => appsensor_meta.location,
+          :session_id => appsensor_meta.session_id,
+          :user_id => appsensor_meta.user_id,
+          :user_agent => appsensor_meta.user_agent,
+          :request_bytes_length => appsensor_meta.request_content_bytes_len,
+          :response_bytes_length => appsensor_meta.response_content_bytes_len,
+          :content_type => appsensor_meta.content_type,
+          :request_body => appsensor_meta.raw_request_body
+        }
+
+        request_response_json[:sql_exceptions] = appsensor_meta.sql_exceptions if appsensor_meta.sql_exceptions
+        request_response_json[:database_result_sizes] = appsensor_meta.database_result_sizes if appsensor_meta.database_result_sizes
+
+        if TCellAgent::Utils::Strings.present?(appsensor_meta.csrf_exception_name)
+          request_response_json[:csrf_exception] = {
+            :exception_name => appsensor_meta.csrf_exception_name
+          }
+        end
+
+        request_response_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(request_response_json)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # request_response_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.appfirewall_apply(
+          FFI::Pointer.new(@agent_ptr),
+          request_response_pointer,
+          request_response_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('apply_appfirewall', buf, result_size)
+        log_response_errors(response.errors)
+        response.response
+      end
+
+      def apply_patches(appsensor_meta)
+        return {} unless appsensor_meta
+
+        post_params = Models.convert_params(appsensor_meta.flattened_post_dict)
+        query_params = Models.convert_params(appsensor_meta.flattened_get_dict)
+        header_params = Models.convert_params(appsensor_meta.flattened_headers_dict)
+        cookie_params = Models.convert_params(appsensor_meta.flattened_cookie_dict)
+
+        patches_request_json = {
+          :method => appsensor_meta.method,
+          :path => appsensor_meta.path,
+          :remote_address => appsensor_meta.remote_address,
+          :request_bytes_length => appsensor_meta.request_content_bytes_len,
+          :query_params => query_params,
+          :post_params =>  post_params,
+          :headers => header_params,
+          :cookies => cookie_params,
+          :content_type => appsensor_meta.content_type,
+          :full_uri => appsensor_meta.location
+        }
+
+        patches_request_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(patches_request_json)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # patches_request_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.patches_apply(
+          FFI::Pointer.new(@agent_ptr),
+          patches_request_pointer,
+          patches_request_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('apply_patches', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def apply_cmdi(command, tcell_context)
+        return unless TCellAgent::Utils::Strings.present?(command)
+
+        command_info = {
+          :command => command,
+          :method => tcell_context.request_method,
+          :path => tcell_context.path,
+          :remote_address => tcell_context.remote_address,
+          :route_id => tcell_context.route_id,
+          :session_id => tcell_context.session_id,
+          :user_id => tcell_context.user_id,
+          :full_uri => tcell_context.uri
+        }
+
+        command_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(command_info)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # command_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.cmdi_apply(
+          FFI::Pointer.new(@agent_ptr),
+          command_pointer,
+          command_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('apply_cmdi', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def get_headers(tcell_context)
+        return unless tcell_context
+
+        headers_request = {
+          :method => tcell_context.request_method,
+          :path => tcell_context.path,
+          :route_id => tcell_context.route_id.to_s,
+          :session_id => tcell_context.session_id.to_s
+        }
+        headers_request_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(headers_request)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 16)
+        # headers_request_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.get_headers(
+          FFI::Pointer.new(@agent_ptr),
+          headers_request_pointer,
+          headers_request_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('get_headers', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def check_http_redirect(location_header,
+                              from_domain,
+                              status_code,
+                              tcell_context)
+        return {} unless tcell_context
+
+        http_redirect_request = {
+          :location_header => location_header,
+          :local_server => from_domain,
+          :status_code => status_code,
+          :method => tcell_context.request_method,
+          :path => tcell_context.path,
+          :remote_addr => tcell_context.remote_address,
+          :full_uri => tcell_context.fullpath,
+          :route_id => tcell_context.route_id,
+          :session_id => tcell_context.session_id,
+          :user_id => tcell_context.user_id
+        }
+        http_redirect_request_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(http_redirect_request)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # http_redirect_request_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.check_http_redirect(
+          FFI::Pointer.new(@agent_ptr),
+          http_redirect_request_pointer,
+          http_redirect_request_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('check_http_redirect', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def get_js_agent_script_tag(tcell_context)
+        return {} unless tcell_context
+
+        jsagent_request = {
+          :method => tcell_context.request_method,
+          :path => tcell_context.path
+        }
+        jsagent_request_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(jsagent_request)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # jsagent_request_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.get_js_agent_script_tag(
+          FFI::Pointer.new(@agent_ptr),
+          jsagent_request_pointer,
+          jsagent_request_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('get_js_agent_script_tag', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def login_fraud_apply(success,
+                            user_id,
+                            password,
+                            headers,
+                            user_valid,
+                            tcell_context)
+        event_name =  success ? :Success : :Failure
+        header_keys = TCellAgent::Utils::Headers.clean_keys(headers)
+        login_info = {
+          :event_name => event_name,
+          :user_id => user_id,
+          :user_agent => tcell_context.user_agent,
+          :remote_address => tcell_context.remote_address,
+          :header_keys => header_keys,
+          :passsword => password,
+          :session_id => tcell_context.session_id,
+          :full_uri => tcell_context.fullpath,
+          :referrer => tcell_context.referrer,
+          :user_valid => user_valid
+        }
+
+        login_info_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(login_info)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # login_info_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.login_fraud_apply(
+          FFI::Pointer.new(@agent_ptr),
+          login_info_pointer,
+          login_info_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('login_fraud_apply', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def file_access_apply(file_path,
+                            mode,
+                            tcell_context)
+
+        file_access_info = {
+          :dir_classification => 'Unknown',
+          :file_path => file_path,
+          :mode => mode
+        }
+
+        if tcell_context
+          file_access_info = file_access_info.merge(
+            {
+              :full_uri => tcell_context.fullpath,
+              :remote_address => tcell_context.remote_address,
+              :route_id => tcell_context.route_id,
+              :session_id => tcell_context.session_id,
+              :user_id => tcell_context.user_id
+            }
+          )
+        end
+
+        file_access_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(file_access_info)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # login_info_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.file_access_apply(
+          FFI::Pointer.new(@agent_ptr),
+          file_access_pointer,
+          file_access_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('file_access_apply', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def poll_new_policies
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 32)
+        result_size = TCellAgent::Rust::NativeLibrary.poll_new_policies(
+          FFI::Pointer.new(@agent_ptr),
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('poll_new_policies', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def send_sanitized_events(events)
+        return {} unless events
+
+        events = { :events => events }
+        events_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(events)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # events_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.send_sanitized_events(
+          FFI::Pointer.new(@agent_ptr),
+          events_pointer,
+          events_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('send_sanitized_events', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def report_metrics(request_time, tcell_context)
+        return {} unless request_time
+
+        message = {
+          :elapsed_time => request_time,
+          :route_id => tcell_context && tcell_context.route_id,
+          :session_id => tcell_context && tcell_context.session_id,
+          :user_id => tcell_context && tcell_context.user_id,
+          :user_agent => tcell_context && tcell_context.user_agent,
+          :remote_address => tcell_context && tcell_context.remote_address
+        }
+        message_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(message)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # message_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.report_metrics(
+          FFI::Pointer.new(@agent_ptr),
+          message_pointer,
+          message_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        response = NativeAgentResponse.new('report_metrics', buf, result_size)
+        log_response_errors(response.errors)
+
+        response.response
+      end
+
+      def log_message(level, message, thread)
+        return unless level && message
+
+        message_json = {
+          :level => level,
+          :message => message,
+          :thread => thread
+        }
+        message_json_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(message_json)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # message_json_pointer.size - 1: strips null terminator
+        TCellAgent::Rust::NativeLibrary.log_message(
+          FFI::Pointer.new(@agent_ptr),
+          message_json_pointer,
+          message_json_pointer.size - 1,
+          buf,
+          buf.size
+        )
+      end
+
+      def log_response_errors(errors)
+        errors.each do |error|
+          log_message('error', error, self.class.name)
+        end
+      end
+
+      # Note: for tests
+      def update_policies(policies)
+        return {} unless TCellAgent::Utils::Strings.present?(policies)
+
+        policies_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(policies)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # policies_pointer.size - 1: strips null terminator
+        result_size = TCellAgent::Rust::NativeLibrary.update_policies(
+          FFI::Pointer.new(agent_ptr),
+          policies_pointer,
+          policies_pointer.size - 1,
+          buf,
+          buf.size
+        )
+
+        NativeAgentResponse.new(
+          'update_policies', buf, result_size
+        ).response
+      end
+    end
+  end
+end