tcell_agent 1.1.2 → 1.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/tcell_agent/configuration.rb +5 -3
- data/lib/tcell_agent/policies/dataloss_policy.rb +31 -4
- data/lib/tcell_agent/rails/dlp.rb +1 -1
- data/lib/tcell_agent/rust/libtcellagent-1.3.0.dylib +0 -0
- data/lib/tcell_agent/rust/libtcellagent-1.3.0.so +0 -0
- data/lib/tcell_agent/rust/libtcellagent-alpine-1.3.0.so +0 -0
- data/lib/tcell_agent/rust/tcellagent-1.3.0.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +7 -5
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +30 -5
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +1 -1
- metadata +6 -5
- data/lib/tcell_agent/rust/libtcellagent-0.19.5.dylib +0 -0
- data/lib/tcell_agent/rust/libtcellagent-0.19.5.so +0 -0
- data/lib/tcell_agent/rust/tcellagent-0.19.5.dll +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9d0b4e34b740cbb9f4e3a004dc99b77a01b09a53
|
4
|
+
data.tar.gz: d3522bcd25ca86a2d3cd65e238b580d4a253f6e5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8c539fcef0eb17c3cbf0f39ae61f54e01843ed197dfc1b65fb813d78387cae444a7c285d2b77cab639a4c845b19798419acd7463e662529fd912282abc29638c
|
7
|
+
data.tar.gz: 33c45e6e14e5cda851e4b3853ab5091322b7aa86be6fe4ba5f552701d4bd8d1289ba26cb4903fb871c8f1b0fcdb2bee887f720e67248a17bdae536b3dc916df7
|
@@ -4,6 +4,7 @@ require 'json'
|
|
4
4
|
require 'yaml'
|
5
5
|
require 'socket'
|
6
6
|
require 'securerandom'
|
7
|
+
require 'uri'
|
7
8
|
|
8
9
|
require 'tcell_agent/config/unknown_options'
|
9
10
|
|
@@ -182,9 +183,8 @@ module TCellAgent
|
|
182
183
|
@allow_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_PAYLOADS"])
|
183
184
|
end
|
184
185
|
|
185
|
-
@tcell_api_url = compose_api_url
|
186
|
+
@tcell_api_url = compose_api_url!
|
186
187
|
@tcell_input_url ||= "https://input.tcell.io/api/v1"
|
187
|
-
@js_agent_api_base_url ||= @tcell_api_url
|
188
188
|
@js_agent_url ||= "https://jsagent.tcell.io/tcellagent.min.js"
|
189
189
|
|
190
190
|
if (@host_identifier == nil)
|
@@ -198,7 +198,7 @@ module TCellAgent
|
|
198
198
|
@uuid = SecureRandom.uuid
|
199
199
|
end
|
200
200
|
|
201
|
-
def compose_api_url
|
201
|
+
def compose_api_url!
|
202
202
|
@tcell_api_url ||= "https://api.tcell.io"
|
203
203
|
parsed_uri = URI.parse(@tcell_api_url)
|
204
204
|
|
@@ -210,6 +210,8 @@ module TCellAgent
|
|
210
210
|
|
211
211
|
api_url.push(":#{parsed_uri.port}") unless [80, 443].include?(parsed_uri.port)
|
212
212
|
|
213
|
+
@js_agent_api_base_url ||= "#{api_url.join('')}/api/v1"
|
214
|
+
|
213
215
|
[
|
214
216
|
api_url.join(''),
|
215
217
|
"/agents/api/v1/apps/",
|
@@ -23,6 +23,7 @@ module TCellAgent
|
|
23
23
|
HEADER = "header"
|
24
24
|
end
|
25
25
|
|
26
|
+
attr_accessor :enabled
|
26
27
|
attr_accessor :session_id_filter_actions
|
27
28
|
attr_accessor :request_filter_actions
|
28
29
|
attr_accessor :database_filter_actions
|
@@ -45,7 +46,9 @@ module TCellAgent
|
|
45
46
|
def initialize
|
46
47
|
self.init_options
|
47
48
|
end
|
49
|
+
|
48
50
|
def init_options
|
51
|
+
@enabled = false
|
49
52
|
@policy_id = nil
|
50
53
|
|
51
54
|
@table_field_actions = {}
|
@@ -66,27 +69,35 @@ module TCellAgent
|
|
66
69
|
|
67
70
|
@log_actions = nil
|
68
71
|
end
|
72
|
+
|
69
73
|
def get_actions_for_session_id(route_id=nil)
|
70
74
|
return @session_id_filter_actions
|
71
|
-
end
|
75
|
+
end
|
76
|
+
|
72
77
|
def has_actions_for_form_parameter?
|
73
78
|
return @request_filter_actions[RequestProtectionManager::FORM].size > 0
|
74
79
|
end
|
80
|
+
|
75
81
|
def has_actions_for_headers?
|
76
82
|
return @request_filter_actions[RequestProtectionManager::HEADER].size > 0
|
77
83
|
end
|
84
|
+
|
78
85
|
def has_actions_for_cookie?
|
79
86
|
return @request_filter_actions[RequestProtectionManager::COOKIE].size > 0
|
80
87
|
end
|
88
|
+
|
81
89
|
def get_actions_for_cookie(cookie_name, route_id=nil)
|
82
90
|
get_actions_for_request(RequestProtectionManager::COOKIE, cookie_name, route_id)
|
83
91
|
end
|
92
|
+
|
84
93
|
def get_actions_for_header(header_name, route_id=nil)
|
85
94
|
get_actions_for_request(RequestProtectionManager::HEADER, header_name.downcase, route_id)
|
86
95
|
end
|
96
|
+
|
87
97
|
def get_actions_for_form_parameter(parameter_name, route_id=nil)
|
88
98
|
get_actions_for_request(RequestProtectionManager::FORM, parameter_name.downcase, route_id)
|
89
99
|
end
|
100
|
+
|
90
101
|
def get_actions_for_request(context, variable, route_id=nil)
|
91
102
|
if (context == nil || variable == nil)
|
92
103
|
return nil
|
@@ -115,6 +126,7 @@ module TCellAgent
|
|
115
126
|
end
|
116
127
|
return actions
|
117
128
|
end
|
129
|
+
|
118
130
|
def get_actions_for_table(database, schema, table, field, route_id="*")
|
119
131
|
if route_id == nil
|
120
132
|
route_id = "*"
|
@@ -152,13 +164,14 @@ module TCellAgent
|
|
152
164
|
end
|
153
165
|
actions
|
154
166
|
end
|
155
|
-
|
167
|
+
|
156
168
|
def get_actions_for(table, field)
|
157
169
|
actions = Set.new
|
158
170
|
key = "#{table}.#{field}"
|
159
171
|
actions.merge(@table_field_actions.fetch(key,[].to_set))
|
160
172
|
return actions
|
161
|
-
end
|
173
|
+
end
|
174
|
+
|
162
175
|
def self.actions_from_json(options)
|
163
176
|
actions = nil
|
164
177
|
if options.has_key?("log")
|
@@ -191,31 +204,37 @@ module TCellAgent
|
|
191
204
|
end
|
192
205
|
actions
|
193
206
|
end
|
207
|
+
|
194
208
|
def self.from_json(policy_json)
|
195
209
|
if (!policy_json)
|
196
210
|
return nil
|
197
211
|
end
|
212
|
+
|
198
213
|
policy = DataLossPolicy.new
|
199
214
|
if policy_json.has_key?("policy_id")
|
200
215
|
policy.policy_id = policy_json["policy_id"]
|
201
216
|
else
|
202
217
|
raise "Policy ID missing"
|
203
218
|
end
|
219
|
+
|
204
220
|
if policy_json.has_key?("data")
|
205
221
|
data_json = policy_json["data"]
|
206
222
|
if data_json.has_key?("data_discovery")
|
207
223
|
data_discovery_json = data_json["data_discovery"]
|
208
224
|
policy.database_discovery_enabled = data_discovery_json.fetch('database_enabled', false)
|
225
|
+
policy.enabled = policy.database_discovery_enabled
|
209
226
|
end
|
210
227
|
if data_json.has_key?("session_id_protections")
|
211
228
|
session_id_protection = data_json["session_id_protections"]
|
212
229
|
rule_id = session_id_protection.fetch("id",nil)
|
213
230
|
filter_actions = DataLossPolicy.actions_from_json(session_id_protection)
|
214
231
|
if filter_actions != nil
|
232
|
+
policy.enabled = true
|
215
233
|
filter_actions.action_id = rule_id
|
216
234
|
policy.session_id_filter_actions = filter_actions
|
217
235
|
end
|
218
236
|
end
|
237
|
+
|
219
238
|
if data_json.has_key?("request_protections")
|
220
239
|
data_json["request_protections"].each do |protection|
|
221
240
|
context = protection.fetch('variable_context', nil)
|
@@ -224,6 +243,7 @@ module TCellAgent
|
|
224
243
|
rule_id = protection.fetch("id",nil)
|
225
244
|
options = protection.fetch('actions', nil)
|
226
245
|
route_ids = []
|
246
|
+
|
227
247
|
if (scope == "global")
|
228
248
|
route_ids = ["*"]
|
229
249
|
elsif (scope == "route")
|
@@ -231,9 +251,11 @@ module TCellAgent
|
|
231
251
|
else
|
232
252
|
next
|
233
253
|
end
|
254
|
+
|
234
255
|
if context && policy.request_filter_actions.has_key?(context) && variables && options
|
235
256
|
filter_actions = DataLossPolicy.actions_from_json(options)
|
236
257
|
if filter_actions != nil
|
258
|
+
policy.enabled = true
|
237
259
|
filter_actions.action_id = rule_id
|
238
260
|
variables.each do |variable|
|
239
261
|
route_ids.each do |route_id|
|
@@ -249,7 +271,8 @@ module TCellAgent
|
|
249
271
|
end
|
250
272
|
end
|
251
273
|
end
|
252
|
-
|
274
|
+
|
275
|
+
if data_json.has_key?("db_protections")
|
253
276
|
protections = data_json["db_protections"]
|
254
277
|
if protections
|
255
278
|
protections.each do |protection_json|
|
@@ -262,6 +285,7 @@ module TCellAgent
|
|
262
285
|
actions = protection_json.fetch("actions",{})
|
263
286
|
filter_actions = DataLossPolicy.actions_from_json(actions)
|
264
287
|
_route_ids = ["*"]
|
288
|
+
|
265
289
|
if scope != nil && scope != "global"
|
266
290
|
if scope=="route"
|
267
291
|
_route_ids = protection_json.fetch("route_ids",[])
|
@@ -272,6 +296,8 @@ module TCellAgent
|
|
272
296
|
elsif filter_actions == nil
|
273
297
|
next
|
274
298
|
end
|
299
|
+
|
300
|
+
policy.enabled = true
|
275
301
|
filter_actions.action_id = rule_id
|
276
302
|
_databases.each do |_database|
|
277
303
|
_schemas.each do |_schema|
|
@@ -288,6 +314,7 @@ module TCellAgent
|
|
288
314
|
end
|
289
315
|
end
|
290
316
|
end
|
317
|
+
|
291
318
|
return policy
|
292
319
|
end
|
293
320
|
end
|
@@ -47,7 +47,7 @@ module TCellAgent
|
|
47
47
|
if tcell_context
|
48
48
|
tcell_context.database_result_sizes.push(results.size)
|
49
49
|
|
50
|
-
if dlp_policy
|
50
|
+
if dlp_policy && dlp_policy.enabled
|
51
51
|
first_record = results.first
|
52
52
|
database_name = first_record.class.connection_config().fetch(:database,"*").split('/').last
|
53
53
|
model = first_record.class
|
Binary file
|
Binary file
|
Binary file
|
Binary file
|
@@ -9,18 +9,22 @@ module TCellAgent
|
|
9
9
|
module Wrapper
|
10
10
|
extend FFI::Library
|
11
11
|
|
12
|
-
VERSION = "
|
12
|
+
VERSION = "1.3.0"
|
13
13
|
prefix = "lib"
|
14
14
|
extension = ".so"
|
15
|
+
variant = ""
|
15
16
|
if /cygwin|mswin|mingw|bccwin|wince|emx/ =~ RUBY_PLATFORM
|
16
17
|
extension = ".dll"
|
17
18
|
prefix = ""
|
18
19
|
elsif /darwin/ =~ RUBY_PLATFORM
|
19
20
|
extension = ".dylib"
|
21
|
+
elsif /musl/ =~ RUBY_PLATFORM
|
22
|
+
variant = "alpine-"
|
20
23
|
end
|
21
24
|
|
22
25
|
begin
|
23
|
-
ffi_lib File.join(File.dirname(__FILE__),
|
26
|
+
ffi_lib File.join(File.dirname(__FILE__),
|
27
|
+
"#{prefix}tcellagent-#{variant}#{VERSION}#{extension}")
|
24
28
|
|
25
29
|
# All the rust library calls have the following response api:
|
26
30
|
#
|
@@ -82,11 +86,10 @@ module TCellAgent
|
|
82
86
|
if TCellAgent::Rust::Wrapper.common_lib_available?
|
83
87
|
allow_payloads = !!TCellAgent.configuration.allow_payloads
|
84
88
|
agent_config = {
|
89
|
+
"skip_logger" => true,
|
85
90
|
"application" => {
|
86
91
|
"app_id" => TCellAgent.configuration.app_id,
|
87
92
|
"api_key" => TCellAgent.configuration.api_key,
|
88
|
-
"tcell_api_url" => "",
|
89
|
-
"tcell_input_url" => "",
|
90
93
|
"allow_payloads" => allow_payloads,
|
91
94
|
"js_agent_api_base_url" => TCellAgent.configuration.js_agent_api_base_url,
|
92
95
|
"js_agent_url" => TCellAgent.configuration.js_agent_url
|
@@ -94,7 +97,6 @@ module TCellAgent
|
|
94
97
|
"appfirewall" => {
|
95
98
|
"enable_body_xxe_inspection" => false,
|
96
99
|
"enable_body_json_inspection" => false,
|
97
|
-
"allow_send_payloads" => allow_payloads,
|
98
100
|
"allow_log_payloads" => true
|
99
101
|
},
|
100
102
|
"policy_versions" => {
|
data/lib/tcell_agent/version.rb
CHANGED
@@ -135,7 +135,12 @@ module TCellAgent
|
|
135
135
|
'm' => 'GET',
|
136
136
|
'pattern' => 'tc-xss-1',
|
137
137
|
'uri' => 'http://example.org/foo?xyz=',
|
138
|
-
'meta' => {
|
138
|
+
'meta' => {
|
139
|
+
'l' => 'query',
|
140
|
+
'h' => [],
|
141
|
+
'num_headers' => 1,
|
142
|
+
'summary' => [{ 'n' => 'content-length', 's' => 1 }]
|
143
|
+
},
|
139
144
|
'payload' => '<SCRIPT>alert(1)</script>'
|
140
145
|
}
|
141
146
|
expect(TCellAgent.event_queue).to include(expected_as)
|
@@ -151,7 +156,12 @@ module TCellAgent
|
|
151
156
|
'm' => 'POST',
|
152
157
|
'pattern' => 'tc-xss-1',
|
153
158
|
'uri' => 'http://example.org/foo',
|
154
|
-
'meta' => {
|
159
|
+
'meta' => {
|
160
|
+
'l' => 'body',
|
161
|
+
'h' => [],
|
162
|
+
'num_headers' => 1,
|
163
|
+
'summary' => [{ 'n' => 'content-length', 's' => 2 }]
|
164
|
+
},
|
155
165
|
'payload' => '<SCRIPT>alert(1)</SCRIPT>'
|
156
166
|
}
|
157
167
|
expect(TCellAgent.event_queue).to include(expected_as)
|
@@ -167,7 +177,12 @@ module TCellAgent
|
|
167
177
|
'm' => 'GET',
|
168
178
|
'pattern' => 'tc-xss-1',
|
169
179
|
'uri' => 'http://example.org/foo?xyz=',
|
170
|
-
'meta' => {
|
180
|
+
'meta' => {
|
181
|
+
'l' => 'query',
|
182
|
+
'h' => [],
|
183
|
+
'num_headers' => 1,
|
184
|
+
'summary' => [{ 'n' => 'content-length', 's' => 1 }]
|
185
|
+
},
|
171
186
|
'payload' => '<script>alert(1)</script>'
|
172
187
|
}
|
173
188
|
expect(TCellAgent.event_queue).to include(expected_as)
|
@@ -212,7 +227,12 @@ module TCellAgent
|
|
212
227
|
'm' => 'GET',
|
213
228
|
'pattern' => 'tc-sqli-1',
|
214
229
|
'uri' => 'http://example.org/foo?xyz=&def=',
|
215
|
-
'meta' => {
|
230
|
+
'meta' => {
|
231
|
+
'l' => 'query',
|
232
|
+
'h' => [],
|
233
|
+
'num_headers' => 1,
|
234
|
+
'summary' => [{ 'n' => 'content-length', 's' => 1 }]
|
235
|
+
}
|
216
236
|
}
|
217
237
|
expect(TCellAgent.event_queue).to include(expected_as)
|
218
238
|
end
|
@@ -255,7 +275,12 @@ module TCellAgent
|
|
255
275
|
'm' => 'GET',
|
256
276
|
'pattern' => 'tc-fpt-2',
|
257
277
|
'uri' => 'http://example.org/foo?xyz=',
|
258
|
-
'meta' => {
|
278
|
+
'meta' => {
|
279
|
+
'l' => 'query',
|
280
|
+
'h' => [],
|
281
|
+
'num_headers' => 1,
|
282
|
+
'summary' => [{ 'n' => 'content-length', 's' => 1 }]
|
283
|
+
}
|
259
284
|
}
|
260
285
|
expect(TCellAgent.event_queue).to include(expected_as)
|
261
286
|
end
|
@@ -641,7 +641,7 @@ module TCellAgent
|
|
641
641
|
'session_id' => 'session_id',
|
642
642
|
'user_id' => 'user_id',
|
643
643
|
'pattern' => 'tc-xss-1',
|
644
|
-
'meta' => { 'l' => 'query' }
|
644
|
+
'meta' => { 'l' => 'query', 'h' => [], 'num_headers' => 0, 'summary' => [] }
|
645
645
|
},
|
646
646
|
{
|
647
647
|
'detection_point' => 'exsql',
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tcell_agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rafael
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-07-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|
@@ -157,10 +157,11 @@ files:
|
|
157
157
|
- lib/tcell_agent/rails/settings_reporter.rb
|
158
158
|
- lib/tcell_agent/rails/tcell_body_proxy.rb
|
159
159
|
- lib/tcell_agent/routes/table.rb
|
160
|
-
- lib/tcell_agent/rust/libtcellagent-
|
161
|
-
- lib/tcell_agent/rust/libtcellagent-
|
160
|
+
- lib/tcell_agent/rust/libtcellagent-1.3.0.dylib
|
161
|
+
- lib/tcell_agent/rust/libtcellagent-1.3.0.so
|
162
|
+
- lib/tcell_agent/rust/libtcellagent-alpine-1.3.0.so
|
162
163
|
- lib/tcell_agent/rust/models.rb
|
163
|
-
- lib/tcell_agent/rust/tcellagent-
|
164
|
+
- lib/tcell_agent/rust/tcellagent-1.3.0.dll
|
164
165
|
- lib/tcell_agent/rust/whisperer.rb
|
165
166
|
- lib/tcell_agent/sensor_events/app_config.rb
|
166
167
|
- lib/tcell_agent/sensor_events/appsensor_event.rb
|
Binary file
|
Binary file
|
Binary file
|