tcell_agent 1.1.2 → 1.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/tcell_agent/configuration.rb +5 -3
- data/lib/tcell_agent/policies/dataloss_policy.rb +31 -4
- data/lib/tcell_agent/rails/dlp.rb +1 -1
- data/lib/tcell_agent/rust/libtcellagent-1.3.0.dylib +0 -0
- data/lib/tcell_agent/rust/libtcellagent-1.3.0.so +0 -0
- data/lib/tcell_agent/rust/libtcellagent-alpine-1.3.0.so +0 -0
- data/lib/tcell_agent/rust/tcellagent-1.3.0.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +7 -5
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +30 -5
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +1 -1
- metadata +6 -5
- data/lib/tcell_agent/rust/libtcellagent-0.19.5.dylib +0 -0
- data/lib/tcell_agent/rust/libtcellagent-0.19.5.so +0 -0
- data/lib/tcell_agent/rust/tcellagent-0.19.5.dll +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9d0b4e34b740cbb9f4e3a004dc99b77a01b09a53
|
|
4
|
+
data.tar.gz: d3522bcd25ca86a2d3cd65e238b580d4a253f6e5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8c539fcef0eb17c3cbf0f39ae61f54e01843ed197dfc1b65fb813d78387cae444a7c285d2b77cab639a4c845b19798419acd7463e662529fd912282abc29638c
|
|
7
|
+
data.tar.gz: 33c45e6e14e5cda851e4b3853ab5091322b7aa86be6fe4ba5f552701d4bd8d1289ba26cb4903fb871c8f1b0fcdb2bee887f720e67248a17bdae536b3dc916df7
|
|
@@ -4,6 +4,7 @@ require 'json'
|
|
|
4
4
|
require 'yaml'
|
|
5
5
|
require 'socket'
|
|
6
6
|
require 'securerandom'
|
|
7
|
+
require 'uri'
|
|
7
8
|
|
|
8
9
|
require 'tcell_agent/config/unknown_options'
|
|
9
10
|
|
|
@@ -182,9 +183,8 @@ module TCellAgent
|
|
|
182
183
|
@allow_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_PAYLOADS"])
|
|
183
184
|
end
|
|
184
185
|
|
|
185
|
-
@tcell_api_url = compose_api_url
|
|
186
|
+
@tcell_api_url = compose_api_url!
|
|
186
187
|
@tcell_input_url ||= "https://input.tcell.io/api/v1"
|
|
187
|
-
@js_agent_api_base_url ||= @tcell_api_url
|
|
188
188
|
@js_agent_url ||= "https://jsagent.tcell.io/tcellagent.min.js"
|
|
189
189
|
|
|
190
190
|
if (@host_identifier == nil)
|
|
@@ -198,7 +198,7 @@ module TCellAgent
|
|
|
198
198
|
@uuid = SecureRandom.uuid
|
|
199
199
|
end
|
|
200
200
|
|
|
201
|
-
def compose_api_url
|
|
201
|
+
def compose_api_url!
|
|
202
202
|
@tcell_api_url ||= "https://api.tcell.io"
|
|
203
203
|
parsed_uri = URI.parse(@tcell_api_url)
|
|
204
204
|
|
|
@@ -210,6 +210,8 @@ module TCellAgent
|
|
|
210
210
|
|
|
211
211
|
api_url.push(":#{parsed_uri.port}") unless [80, 443].include?(parsed_uri.port)
|
|
212
212
|
|
|
213
|
+
@js_agent_api_base_url ||= "#{api_url.join('')}/api/v1"
|
|
214
|
+
|
|
213
215
|
[
|
|
214
216
|
api_url.join(''),
|
|
215
217
|
"/agents/api/v1/apps/",
|
|
@@ -23,6 +23,7 @@ module TCellAgent
|
|
|
23
23
|
HEADER = "header"
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
+
attr_accessor :enabled
|
|
26
27
|
attr_accessor :session_id_filter_actions
|
|
27
28
|
attr_accessor :request_filter_actions
|
|
28
29
|
attr_accessor :database_filter_actions
|
|
@@ -45,7 +46,9 @@ module TCellAgent
|
|
|
45
46
|
def initialize
|
|
46
47
|
self.init_options
|
|
47
48
|
end
|
|
49
|
+
|
|
48
50
|
def init_options
|
|
51
|
+
@enabled = false
|
|
49
52
|
@policy_id = nil
|
|
50
53
|
|
|
51
54
|
@table_field_actions = {}
|
|
@@ -66,27 +69,35 @@ module TCellAgent
|
|
|
66
69
|
|
|
67
70
|
@log_actions = nil
|
|
68
71
|
end
|
|
72
|
+
|
|
69
73
|
def get_actions_for_session_id(route_id=nil)
|
|
70
74
|
return @session_id_filter_actions
|
|
71
|
-
end
|
|
75
|
+
end
|
|
76
|
+
|
|
72
77
|
def has_actions_for_form_parameter?
|
|
73
78
|
return @request_filter_actions[RequestProtectionManager::FORM].size > 0
|
|
74
79
|
end
|
|
80
|
+
|
|
75
81
|
def has_actions_for_headers?
|
|
76
82
|
return @request_filter_actions[RequestProtectionManager::HEADER].size > 0
|
|
77
83
|
end
|
|
84
|
+
|
|
78
85
|
def has_actions_for_cookie?
|
|
79
86
|
return @request_filter_actions[RequestProtectionManager::COOKIE].size > 0
|
|
80
87
|
end
|
|
88
|
+
|
|
81
89
|
def get_actions_for_cookie(cookie_name, route_id=nil)
|
|
82
90
|
get_actions_for_request(RequestProtectionManager::COOKIE, cookie_name, route_id)
|
|
83
91
|
end
|
|
92
|
+
|
|
84
93
|
def get_actions_for_header(header_name, route_id=nil)
|
|
85
94
|
get_actions_for_request(RequestProtectionManager::HEADER, header_name.downcase, route_id)
|
|
86
95
|
end
|
|
96
|
+
|
|
87
97
|
def get_actions_for_form_parameter(parameter_name, route_id=nil)
|
|
88
98
|
get_actions_for_request(RequestProtectionManager::FORM, parameter_name.downcase, route_id)
|
|
89
99
|
end
|
|
100
|
+
|
|
90
101
|
def get_actions_for_request(context, variable, route_id=nil)
|
|
91
102
|
if (context == nil || variable == nil)
|
|
92
103
|
return nil
|
|
@@ -115,6 +126,7 @@ module TCellAgent
|
|
|
115
126
|
end
|
|
116
127
|
return actions
|
|
117
128
|
end
|
|
129
|
+
|
|
118
130
|
def get_actions_for_table(database, schema, table, field, route_id="*")
|
|
119
131
|
if route_id == nil
|
|
120
132
|
route_id = "*"
|
|
@@ -152,13 +164,14 @@ module TCellAgent
|
|
|
152
164
|
end
|
|
153
165
|
actions
|
|
154
166
|
end
|
|
155
|
-
|
|
167
|
+
|
|
156
168
|
def get_actions_for(table, field)
|
|
157
169
|
actions = Set.new
|
|
158
170
|
key = "#{table}.#{field}"
|
|
159
171
|
actions.merge(@table_field_actions.fetch(key,[].to_set))
|
|
160
172
|
return actions
|
|
161
|
-
end
|
|
173
|
+
end
|
|
174
|
+
|
|
162
175
|
def self.actions_from_json(options)
|
|
163
176
|
actions = nil
|
|
164
177
|
if options.has_key?("log")
|
|
@@ -191,31 +204,37 @@ module TCellAgent
|
|
|
191
204
|
end
|
|
192
205
|
actions
|
|
193
206
|
end
|
|
207
|
+
|
|
194
208
|
def self.from_json(policy_json)
|
|
195
209
|
if (!policy_json)
|
|
196
210
|
return nil
|
|
197
211
|
end
|
|
212
|
+
|
|
198
213
|
policy = DataLossPolicy.new
|
|
199
214
|
if policy_json.has_key?("policy_id")
|
|
200
215
|
policy.policy_id = policy_json["policy_id"]
|
|
201
216
|
else
|
|
202
217
|
raise "Policy ID missing"
|
|
203
218
|
end
|
|
219
|
+
|
|
204
220
|
if policy_json.has_key?("data")
|
|
205
221
|
data_json = policy_json["data"]
|
|
206
222
|
if data_json.has_key?("data_discovery")
|
|
207
223
|
data_discovery_json = data_json["data_discovery"]
|
|
208
224
|
policy.database_discovery_enabled = data_discovery_json.fetch('database_enabled', false)
|
|
225
|
+
policy.enabled = policy.database_discovery_enabled
|
|
209
226
|
end
|
|
210
227
|
if data_json.has_key?("session_id_protections")
|
|
211
228
|
session_id_protection = data_json["session_id_protections"]
|
|
212
229
|
rule_id = session_id_protection.fetch("id",nil)
|
|
213
230
|
filter_actions = DataLossPolicy.actions_from_json(session_id_protection)
|
|
214
231
|
if filter_actions != nil
|
|
232
|
+
policy.enabled = true
|
|
215
233
|
filter_actions.action_id = rule_id
|
|
216
234
|
policy.session_id_filter_actions = filter_actions
|
|
217
235
|
end
|
|
218
236
|
end
|
|
237
|
+
|
|
219
238
|
if data_json.has_key?("request_protections")
|
|
220
239
|
data_json["request_protections"].each do |protection|
|
|
221
240
|
context = protection.fetch('variable_context', nil)
|
|
@@ -224,6 +243,7 @@ module TCellAgent
|
|
|
224
243
|
rule_id = protection.fetch("id",nil)
|
|
225
244
|
options = protection.fetch('actions', nil)
|
|
226
245
|
route_ids = []
|
|
246
|
+
|
|
227
247
|
if (scope == "global")
|
|
228
248
|
route_ids = ["*"]
|
|
229
249
|
elsif (scope == "route")
|
|
@@ -231,9 +251,11 @@ module TCellAgent
|
|
|
231
251
|
else
|
|
232
252
|
next
|
|
233
253
|
end
|
|
254
|
+
|
|
234
255
|
if context && policy.request_filter_actions.has_key?(context) && variables && options
|
|
235
256
|
filter_actions = DataLossPolicy.actions_from_json(options)
|
|
236
257
|
if filter_actions != nil
|
|
258
|
+
policy.enabled = true
|
|
237
259
|
filter_actions.action_id = rule_id
|
|
238
260
|
variables.each do |variable|
|
|
239
261
|
route_ids.each do |route_id|
|
|
@@ -249,7 +271,8 @@ module TCellAgent
|
|
|
249
271
|
end
|
|
250
272
|
end
|
|
251
273
|
end
|
|
252
|
-
|
|
274
|
+
|
|
275
|
+
if data_json.has_key?("db_protections")
|
|
253
276
|
protections = data_json["db_protections"]
|
|
254
277
|
if protections
|
|
255
278
|
protections.each do |protection_json|
|
|
@@ -262,6 +285,7 @@ module TCellAgent
|
|
|
262
285
|
actions = protection_json.fetch("actions",{})
|
|
263
286
|
filter_actions = DataLossPolicy.actions_from_json(actions)
|
|
264
287
|
_route_ids = ["*"]
|
|
288
|
+
|
|
265
289
|
if scope != nil && scope != "global"
|
|
266
290
|
if scope=="route"
|
|
267
291
|
_route_ids = protection_json.fetch("route_ids",[])
|
|
@@ -272,6 +296,8 @@ module TCellAgent
|
|
|
272
296
|
elsif filter_actions == nil
|
|
273
297
|
next
|
|
274
298
|
end
|
|
299
|
+
|
|
300
|
+
policy.enabled = true
|
|
275
301
|
filter_actions.action_id = rule_id
|
|
276
302
|
_databases.each do |_database|
|
|
277
303
|
_schemas.each do |_schema|
|
|
@@ -288,6 +314,7 @@ module TCellAgent
|
|
|
288
314
|
end
|
|
289
315
|
end
|
|
290
316
|
end
|
|
317
|
+
|
|
291
318
|
return policy
|
|
292
319
|
end
|
|
293
320
|
end
|
|
@@ -47,7 +47,7 @@ module TCellAgent
|
|
|
47
47
|
if tcell_context
|
|
48
48
|
tcell_context.database_result_sizes.push(results.size)
|
|
49
49
|
|
|
50
|
-
if dlp_policy
|
|
50
|
+
if dlp_policy && dlp_policy.enabled
|
|
51
51
|
first_record = results.first
|
|
52
52
|
database_name = first_record.class.connection_config().fetch(:database,"*").split('/').last
|
|
53
53
|
model = first_record.class
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -9,18 +9,22 @@ module TCellAgent
|
|
|
9
9
|
module Wrapper
|
|
10
10
|
extend FFI::Library
|
|
11
11
|
|
|
12
|
-
VERSION = "
|
|
12
|
+
VERSION = "1.3.0"
|
|
13
13
|
prefix = "lib"
|
|
14
14
|
extension = ".so"
|
|
15
|
+
variant = ""
|
|
15
16
|
if /cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM
|
|
16
17
|
extension = ".dll"
|
|
17
18
|
prefix = ""
|
|
18
19
|
elsif /darwin/ =~ RUBY_PLATFORM
|
|
19
20
|
extension = ".dylib"
|
|
21
|
+
elsif /musl/ =~ RUBY_PLATFORM
|
|
22
|
+
variant = "alpine-"
|
|
20
23
|
end
|
|
21
24
|
|
|
22
25
|
begin
|
|
23
|
-
ffi_lib File.join(File.dirname(__FILE__),
|
|
26
|
+
ffi_lib File.join(File.dirname(__FILE__),
|
|
27
|
+
"#{prefix}tcellagent-#{variant}#{VERSION}#{extension}")
|
|
24
28
|
|
|
25
29
|
# All the rust library calls have the following response api:
|
|
26
30
|
#
|
|
@@ -82,11 +86,10 @@ module TCellAgent
|
|
|
82
86
|
if TCellAgent::Rust::Wrapper.common_lib_available?
|
|
83
87
|
allow_payloads = !!TCellAgent.configuration.allow_payloads
|
|
84
88
|
agent_config = {
|
|
89
|
+
"skip_logger" => true,
|
|
85
90
|
"application" => {
|
|
86
91
|
"app_id" => TCellAgent.configuration.app_id,
|
|
87
92
|
"api_key" => TCellAgent.configuration.api_key,
|
|
88
|
-
"tcell_api_url" => "",
|
|
89
|
-
"tcell_input_url" => "",
|
|
90
93
|
"allow_payloads" => allow_payloads,
|
|
91
94
|
"js_agent_api_base_url" => TCellAgent.configuration.js_agent_api_base_url,
|
|
92
95
|
"js_agent_url" => TCellAgent.configuration.js_agent_url
|
|
@@ -94,7 +97,6 @@ module TCellAgent
|
|
|
94
97
|
"appfirewall" => {
|
|
95
98
|
"enable_body_xxe_inspection" => false,
|
|
96
99
|
"enable_body_json_inspection" => false,
|
|
97
|
-
"allow_send_payloads" => allow_payloads,
|
|
98
100
|
"allow_log_payloads" => true
|
|
99
101
|
},
|
|
100
102
|
"policy_versions" => {
|
data/lib/tcell_agent/version.rb
CHANGED
|
@@ -135,7 +135,12 @@ module TCellAgent
|
|
|
135
135
|
'm' => 'GET',
|
|
136
136
|
'pattern' => 'tc-xss-1',
|
|
137
137
|
'uri' => 'http://example.org/foo?xyz=',
|
|
138
|
-
'meta' => {
|
|
138
|
+
'meta' => {
|
|
139
|
+
'l' => 'query',
|
|
140
|
+
'h' => [],
|
|
141
|
+
'num_headers' => 1,
|
|
142
|
+
'summary' => [{ 'n' => 'content-length', 's' => 1 }]
|
|
143
|
+
},
|
|
139
144
|
'payload' => '<SCRIPT>alert(1)</script>'
|
|
140
145
|
}
|
|
141
146
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
@@ -151,7 +156,12 @@ module TCellAgent
|
|
|
151
156
|
'm' => 'POST',
|
|
152
157
|
'pattern' => 'tc-xss-1',
|
|
153
158
|
'uri' => 'http://example.org/foo',
|
|
154
|
-
'meta' => {
|
|
159
|
+
'meta' => {
|
|
160
|
+
'l' => 'body',
|
|
161
|
+
'h' => [],
|
|
162
|
+
'num_headers' => 1,
|
|
163
|
+
'summary' => [{ 'n' => 'content-length', 's' => 2 }]
|
|
164
|
+
},
|
|
155
165
|
'payload' => '<SCRIPT>alert(1)</SCRIPT>'
|
|
156
166
|
}
|
|
157
167
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
@@ -167,7 +177,12 @@ module TCellAgent
|
|
|
167
177
|
'm' => 'GET',
|
|
168
178
|
'pattern' => 'tc-xss-1',
|
|
169
179
|
'uri' => 'http://example.org/foo?xyz=',
|
|
170
|
-
'meta' => {
|
|
180
|
+
'meta' => {
|
|
181
|
+
'l' => 'query',
|
|
182
|
+
'h' => [],
|
|
183
|
+
'num_headers' => 1,
|
|
184
|
+
'summary' => [{ 'n' => 'content-length', 's' => 1 }]
|
|
185
|
+
},
|
|
171
186
|
'payload' => '<script>alert(1)</script>'
|
|
172
187
|
}
|
|
173
188
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
@@ -212,7 +227,12 @@ module TCellAgent
|
|
|
212
227
|
'm' => 'GET',
|
|
213
228
|
'pattern' => 'tc-sqli-1',
|
|
214
229
|
'uri' => 'http://example.org/foo?xyz=&def=',
|
|
215
|
-
'meta' => {
|
|
230
|
+
'meta' => {
|
|
231
|
+
'l' => 'query',
|
|
232
|
+
'h' => [],
|
|
233
|
+
'num_headers' => 1,
|
|
234
|
+
'summary' => [{ 'n' => 'content-length', 's' => 1 }]
|
|
235
|
+
}
|
|
216
236
|
}
|
|
217
237
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
218
238
|
end
|
|
@@ -255,7 +275,12 @@ module TCellAgent
|
|
|
255
275
|
'm' => 'GET',
|
|
256
276
|
'pattern' => 'tc-fpt-2',
|
|
257
277
|
'uri' => 'http://example.org/foo?xyz=',
|
|
258
|
-
'meta' => {
|
|
278
|
+
'meta' => {
|
|
279
|
+
'l' => 'query',
|
|
280
|
+
'h' => [],
|
|
281
|
+
'num_headers' => 1,
|
|
282
|
+
'summary' => [{ 'n' => 'content-length', 's' => 1 }]
|
|
283
|
+
}
|
|
259
284
|
}
|
|
260
285
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
261
286
|
end
|
|
@@ -641,7 +641,7 @@ module TCellAgent
|
|
|
641
641
|
'session_id' => 'session_id',
|
|
642
642
|
'user_id' => 'user_id',
|
|
643
643
|
'pattern' => 'tc-xss-1',
|
|
644
|
-
'meta' => { 'l' => 'query' }
|
|
644
|
+
'meta' => { 'l' => 'query', 'h' => [], 'num_headers' => 0, 'summary' => [] }
|
|
645
645
|
},
|
|
646
646
|
{
|
|
647
647
|
'detection_point' => 'exsql',
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tcell_agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rafael
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-07-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|
|
@@ -157,10 +157,11 @@ files:
|
|
|
157
157
|
- lib/tcell_agent/rails/settings_reporter.rb
|
|
158
158
|
- lib/tcell_agent/rails/tcell_body_proxy.rb
|
|
159
159
|
- lib/tcell_agent/routes/table.rb
|
|
160
|
-
- lib/tcell_agent/rust/libtcellagent-
|
|
161
|
-
- lib/tcell_agent/rust/libtcellagent-
|
|
160
|
+
- lib/tcell_agent/rust/libtcellagent-1.3.0.dylib
|
|
161
|
+
- lib/tcell_agent/rust/libtcellagent-1.3.0.so
|
|
162
|
+
- lib/tcell_agent/rust/libtcellagent-alpine-1.3.0.so
|
|
162
163
|
- lib/tcell_agent/rust/models.rb
|
|
163
|
-
- lib/tcell_agent/rust/tcellagent-
|
|
164
|
+
- lib/tcell_agent/rust/tcellagent-1.3.0.dll
|
|
164
165
|
- lib/tcell_agent/rust/whisperer.rb
|
|
165
166
|
- lib/tcell_agent/sensor_events/app_config.rb
|
|
166
167
|
- lib/tcell_agent/sensor_events/appsensor_event.rb
|
|
Binary file
|
|
Binary file
|
|
Binary file
|