tcell_agent 1.1.3 → 1.1.4

data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb

@@ -35,7 +35,7 @@ module TCellAgent
           it 'should report the login failure' do
             login_fraud = double('login_fraud', :enabled => true, :login_failed_enabled => true)
 
-            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LoginFraud).and_return(
+            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LOGINFRAUD).and_return(
               login_fraud
             )
             expect(TCellAgent).to receive(:send_event).with(
@@ -43,7 +43,7 @@ module TCellAgent
                 'event_type' => 'login',
                 'header_keys' => %w[USER_AGENT X_FORWARDED_FOR],
                 'user_agent' => 'user_agent',
-                'referrer' => 'referrer',
+                'referrer' => 'http://tcell.tcell.io/?utm_campaign=',
                 'remote_addr' => '1.1.1.1',
                 'user_id' => 'user_id',
                 'document_uri' => 'http://tcell.tcell.io/login?param_name=',
@@ -55,9 +55,10 @@ module TCellAgent
             status = Hooks::V1::Login::LOGIN_FAILURE
             header_keys = %w[HTTP_USER_AGENT HTTP_X_FORWARDED_FOR]
             document_uri = 'http://tcell.tcell.io/login?param_name=param_value'
+            referrer = 'http://tcell.tcell.io/?utm_campaign=some-source'
 
             Hooks::V1::Login.register_login_event(
-              status, 'session_id', 'user_agent', 'referrer', '1.1.1.1', header_keys, 'user_id', document_uri
+              status, 'session_id', 'user_agent', referrer, '1.1.1.1', header_keys, 'user_id', document_uri
             )
           end
         end
@@ -66,7 +67,7 @@ module TCellAgent
           it 'should NOT report the login failure' do
             login_fraud = double('login_fraud', :enabled => true, :login_failed_enabled => false)
 
-            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LoginFraud).and_return(
+            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LOGINFRAUD).and_return(
               login_fraud
             )
             expect(TCellAgent).to_not receive(:send_event)
@@ -74,9 +75,10 @@ module TCellAgent
             status = Hooks::V1::Login::LOGIN_FAILURE
             header_keys = %w[HTTP_USER_AGENT HTTP_X_FORWARDED_FOR]
             document_uri = 'http://tcell.tcell.io/login?param_name=param_value'
+            referrer = 'http://tcell.tcell.io/?utm_campaign=some-source'
 
             Hooks::V1::Login.register_login_event(
-              status, 'session_id', 'user_agent', 'referrer', '1.1.1.1', header_keys, 'user_id', document_uri
+              status, 'session_id', 'user_agent', referrer, '1.1.1.1', header_keys, 'user_id', document_uri
             )
           end
         end
@@ -87,7 +89,7 @@ module TCellAgent
           it 'should report the login success' do
             login_fraud = double('login_fraud', :enabled => true, :login_success_enabled => true)
 
-            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LoginFraud).and_return(
+            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LOGINFRAUD).and_return(
               login_fraud
             )
             expect(TCellAgent).to receive(:send_event).with(
@@ -95,7 +97,7 @@ module TCellAgent
                 'event_type' => 'login',
                 'header_keys' => %w[USER_AGENT X_FORWARDED_FOR],
                 'user_agent' => 'user_agent',
-                'referrer' => 'referrer',
+                'referrer' => 'http://tcell.tcell.io/?utm_campaign=',
                 'remote_addr' => '1.1.1.1',
                 'user_id' => 'user_id',
                 'document_uri' => 'http://tcell.tcell.io/login?param_name=',
@@ -107,9 +109,10 @@ module TCellAgent
             status = Hooks::V1::Login::LOGIN_SUCCESS
             header_keys = %w[HTTP_USER_AGENT HTTP_X_FORWARDED_FOR]
             document_uri = 'http://tcell.tcell.io/login?param_name=param_value'
+            referrer = 'http://tcell.tcell.io/?utm_campaign=some-source'
 
             Hooks::V1::Login.register_login_event(
-              status, 'session_id', 'user_agent', 'referrer', '1.1.1.1', header_keys, 'user_id', document_uri
+              status, 'session_id', 'user_agent', referrer, '1.1.1.1', header_keys, 'user_id', document_uri
             )
           end
         end
@@ -118,7 +121,7 @@ module TCellAgent
           it 'should NOT report the login success' do
             login_fraud = double('login_fraud', :enabled => true, :login_success_enabled => false)
 
-            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LoginFraud).and_return(
+            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LOGINFRAUD).and_return(
               login_fraud
             )
             expect(TCellAgent).to_not receive(:send_event)
@@ -126,9 +129,10 @@ module TCellAgent
             status = Hooks::V1::Login::LOGIN_SUCCESS
             header_keys = %w[HTTP_USER_AGENT HTTP_X_FORWARDED_FOR]
             document_uri = 'http://tcell.tcell.io/login?param_name=param_value'
+            referrer = 'http://tcell.tcell.io/?utm_campaign=some-source'
 
             Hooks::V1::Login.register_login_event(
-              status, 'session_id', 'user_agent', 'referrer', '1.1.1.1', header_keys, 'user_id', document_uri
+              status, 'session_id', 'user_agent', referrer, '1.1.1.1', header_keys, 'user_id', document_uri
             )
           end
         end
@@ -139,7 +143,7 @@ module TCellAgent
           login_fraud = double('login_fraud', :enabled => true)
           logger = double('logger')
 
-          expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LoginFraud).and_return(
+          expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LOGINFRAUD).and_return(
             login_fraud
           )
           expect(TCellAgent).to_not receive(:send_event)
@@ -149,9 +153,10 @@ module TCellAgent
           status = 'mumbo-jumbo'
           header_keys = %w[HTTP_USER_AGENT HTTP_X_FORWARDED_FOR]
           document_uri = 'http://tcell.tcell.io/login?param_name=param_value'
+          referrer = 'http://tcell.tcell.io/?utm_campaign=some-source'
 
           Hooks::V1::Login.register_login_event(
-            status, 'session_id', 'user_agent', 'referrer', '1.1.1.1', header_keys, 'user_id', document_uri
+            status, 'session_id', 'user_agent', referrer, '1.1.1.1', header_keys, 'user_id', document_uri
           )
         end
       end
@@ -165,7 +170,7 @@ module TCellAgent
             rails_request = double('rails_request')
             tcell_data = TCellAgent::Instrumentation::TCellData.new
             tcell_data.user_agent = 'user_agent'
-            tcell_data.referrer = 'referrer'
+            tcell_data.referrer = 'http://tcell.tcell.io/?utm_campaign=some-source'
             tcell_data.ip_address = '1.1.1.1'
             tcell_data.path = 'http://tcell.tcell.io/login?param_name=param_value'
             tcell_data.hmac_session_id = TCellAgent::SensorEvents::Util.hmac('session_id')
@@ -175,7 +180,7 @@ module TCellAgent
               'HTTP_X_FORWARDED_FOR' => true
             }
 
-            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LoginFraud).and_return(
+            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LOGINFRAUD).and_return(
               login_fraud
             )
             expect(rails_request).to receive(:env).and_return(request_env)
@@ -185,7 +190,7 @@ module TCellAgent
                 'event_type' => 'login',
                 'header_keys' => %w[USER_AGENT X_FORWARDED_FOR],
                 'user_agent' => 'user_agent',
-                'referrer' => 'referrer',
+                'referrer' => 'http://tcell.tcell.io/?utm_campaign=',
                 'remote_addr' => '1.1.1.1',
                 'user_id' => 'user_id',
                 'document_uri' => 'http://tcell.tcell.io/login?param_name=',
@@ -208,7 +213,7 @@ module TCellAgent
             rails_request = double('rails_request')
             tcell_data = TCellAgent::Instrumentation::TCellData.new
             tcell_data.user_agent = 'user_agent'
-            tcell_data.referrer = 'referrer'
+            tcell_data.referrer = 'http://tcell.tcell.io/?utm_campaign='
             tcell_data.ip_address = '1.1.1.1'
             tcell_data.path = 'http://tcell.tcell.io/login?param_name=param_value'
             tcell_data.hmac_session_id = TCellAgent::SensorEvents::Util.hmac('session_id')
@@ -218,7 +223,7 @@ module TCellAgent
               'HTTP_X_FORWARDED_FOR' => true
             }
 
-            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LoginFraud).and_return(
+            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LOGINFRAUD).and_return(
               login_fraud
             )
             expect(rails_request).to receive(:env).and_return(request_env)
@@ -241,7 +246,7 @@ module TCellAgent
             rails_request = double('rails_request')
             tcell_data = TCellAgent::Instrumentation::TCellData.new
             tcell_data.user_agent = 'user_agent'
-            tcell_data.referrer = 'referrer'
+            tcell_data.referrer = 'http://tcell.tcell.io/?utm_campaign=some-source'
             tcell_data.ip_address = '1.1.1.1'
             tcell_data.path = 'http://tcell.tcell.io/login?param_name=param_value'
             tcell_data.hmac_session_id = TCellAgent::SensorEvents::Util.hmac('session_id')
@@ -251,7 +256,7 @@ module TCellAgent
               'HTTP_X_FORWARDED_FOR' => true
             }
 
-            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LoginFraud).and_return(
+            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LOGINFRAUD).and_return(
               login_fraud
             )
             expect(rails_request).to receive(:env).and_return(request_env)
@@ -261,7 +266,7 @@ module TCellAgent
                 'event_type' => 'login',
                 'header_keys' => %w[USER_AGENT X_FORWARDED_FOR],
                 'user_agent' => 'user_agent',
-                'referrer' => 'referrer',
+                'referrer' => 'http://tcell.tcell.io/?utm_campaign=',
                 'remote_addr' => '1.1.1.1',
                 'user_id' => 'user_id',
                 'document_uri' => 'http://tcell.tcell.io/login?param_name=',
@@ -284,7 +289,7 @@ module TCellAgent
             rails_request = double('rails_request')
             tcell_data = TCellAgent::Instrumentation::TCellData.new
             tcell_data.user_agent = 'user_agent'
-            tcell_data.referrer = 'referrer'
+            tcell_data.referrer = 'http://tcell.tcell.io/?utm_campaign=some-source'
             tcell_data.ip_address = '1.1.1.1'
             tcell_data.path = 'http://tcell.tcell.io/login?param_name=param_value'
             tcell_data.hmac_session_id = TCellAgent::SensorEvents::Util.hmac('session_id')
@@ -294,7 +299,7 @@ module TCellAgent
               'HTTP_X_FORWARDED_FOR' => true
             }
 
-            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LoginFraud).and_return(
+            expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LOGINFRAUD).and_return(
               login_fraud
             )
             expect(rails_request).to receive(:env).and_return(request_env)
@@ -317,7 +322,7 @@ module TCellAgent
           rails_request = double('rails_request')
           tcell_data = TCellAgent::Instrumentation::TCellData.new
           tcell_data.user_agent = 'user_agent'
-          tcell_data.referrer = 'referrer'
+          tcell_data.referrer = 'http://tcell.tcell.io/?utm_campaign=some-source'
           tcell_data.ip_address = '1.1.1.1'
           tcell_data.path = 'http://tcell.tcell.io/login?param_name=param_value'
           tcell_data.hmac_session_id = TCellAgent::SensorEvents::Util.hmac('session_id')
@@ -327,7 +332,7 @@ module TCellAgent
             'HTTP_X_FORWARDED_FOR' => true
           }
 
-          expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LoginFraud).and_return(
+          expect(TCellAgent).to receive(:policy).with(TCellAgent::PolicyTypes::LOGINFRAUD).and_return(
             login_fraud
           )
           expect(rails_request).to receive(:env).and_return(request_env)

data/spec/lib/tcell_agent/instrumentation_spec.rb

@@ -41,7 +41,7 @@ module TCellAgent
           }
           session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
           mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DataLoss] = session_id_policy
+          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
           TCellAgent.set_thread_agent(mock_agent)
 
           context = TCellData.new
@@ -66,7 +66,7 @@ module TCellAgent
           }
           session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
           mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DataLoss] = session_id_policy
+          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
           TCellAgent.set_thread_agent(mock_agent)
 
           context = TCellData.new
@@ -93,7 +93,7 @@ module TCellAgent
           }
           session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
           mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DataLoss] = session_id_policy
+          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
           TCellAgent.set_thread_agent(mock_agent)
 
           context = TCellData.new
@@ -118,7 +118,7 @@ module TCellAgent
           }
           session_id_policy = TCellAgent::Policies::DataLossPolicy.from_json(policy_json_two)
           mock_agent = MockAgent.new(-1)
-          mock_agent.policies[TCellAgent::PolicyTypes::DataLoss] = session_id_policy
+          mock_agent.policies[TCellAgent::PolicyTypes::DATALOSS] = session_id_policy
           TCellAgent.set_thread_agent(mock_agent)
 
           context = TCellData.new

data/spec/lib/tcell_agent/patches_spec.rb

@@ -24,9 +24,9 @@ module TCellAgent
           logger = double('logger')
           request = double('request')
           expect(TCellAgent).to receive(:policy).with(
-            TCellAgent::PolicyTypes::Rust
+            TCellAgent::PolicyTypes::RUST
           ).and_raise(StandardError.new('UNEXPECTED'))
-          expect(TCellAgent::Patches::MetaData).to_not receive(:build)
+          expect(TCellAgent::MetaData).to_not receive(:from_request)
           expect(TCellAgent).to receive(:logger).and_return(logger).twice
           expect(logger).to receive(:debug).with(
             'Exception in safe_block Checking patches blocking: StandardError happened, message is UNEXPECTED'
@@ -41,7 +41,7 @@ module TCellAgent
         it 'should return false' do
           request = double('request')
           expect(TCellAgent).to receive(:policy).and_return(nil)
-          expect(TCellAgent::Patches::MetaData).to_not receive(:build)
+          expect(TCellAgent::MetaData).to_not receive(:from_request)
 
           expect(Patches.block?(request)).to eq(false)
         end
@@ -53,7 +53,7 @@ module TCellAgent
           expect(@rust_policies.patches_enabled).to eq(false)
 
           expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
-          expect(TCellAgent::Patches::MetaData).to_not receive(:build)
+          expect(TCellAgent::MetaData).to_not receive(:from_request)
 
           expect(Patches.block?(request)).to eq(false)
         end
@@ -73,7 +73,7 @@ module TCellAgent
               TCellAgent::Instrumentation::TCELL_ID => tcell_context
             }
           )
-          expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
+          expect(TCellAgent::MetaData).to receive(:from_request).and_return(
             meta_data
           )
 
@@ -92,7 +92,7 @@ module TCellAgent
           expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
           expect(@rust_policies).to receive(:patches_enabled).and_return(true)
           expect(@rust_policies).to receive(:block_request?).and_return(true)
-          expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
+          expect(TCellAgent::MetaData).to receive(:from_request).and_return(
             meta_data
           )
           expect(request).to receive(:env).and_return({ TCellAgent::Instrumentation::TCELL_ID => tcell_context })
@@ -105,7 +105,7 @@ module TCellAgent
         context "and that's complex" do
           it 'should return a response' do
             request = double('request')
-            meta_data = TCellAgent::Patches::MetaData.new(
+            meta_data = TCellAgent::MetaData.new(
               'get',
               '2.3.4.5',
               'route_id',
@@ -122,7 +122,7 @@ module TCellAgent
             expect(TCellAgent).to receive(:policy).and_return(@rust_policies)
             expect(@rust_policies).to receive(:patches_enabled).and_return(true)
             expect(@rust_policies).to receive(:block_request?).and_return(true)
-            expect(TCellAgent::Patches::MetaData).to receive(:build).and_return(
+            expect(TCellAgent::MetaData).to receive(:from_request).and_return(
               meta_data
             )
             expect(request).to receive(:env).and_return({ TCellAgent::Instrumentation::TCELL_ID => tcell_context })

data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb

@@ -266,7 +266,7 @@ module TCellAgent
             expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
             @rust_policies = RustPolicies.new
             @rust_policies.update_policies(everything_enabled_policy_json)
-            @appsensor_meta = TCellAgent::SensorEvents::AppSensorMetaEvent.new(
+            @meta_data = TCellAgent::MetaData.new(
               'GET',
               '192.168.1.1',
               '12345',
@@ -275,8 +275,8 @@ module TCellAgent
               'transaction_id',
               'http://test.com/?some_param=present'
             )
-            @appsensor_meta.user_agent = 'Mozilla'
-            @appsensor_meta.response_code = 200
+            @meta_data.user_agent = 'Mozilla'
+            @meta_data.response_code = 200
           end
 
           context 'csrf exception' do
@@ -284,9 +284,9 @@ module TCellAgent
               it 'should not send an event' do
                 expect(TCellAgent).to_not receive(:send_event)
 
-                @appsensor_meta.csrf_exception_name = nil
+                @meta_data.csrf_exception_name = nil
                 @rust_policies.check_appfirewall_injections(
-                  @appsensor_meta
+                  @meta_data
                 )
               end
             end
@@ -295,9 +295,9 @@ module TCellAgent
               it 'should not send an event' do
                 expect(TCellAgent).to_not receive(:send_event)
 
-                @appsensor_meta.csrf_exception_name = ''
+                @meta_data.csrf_exception_name = ''
                 @rust_policies.check_appfirewall_injections(
-                  @appsensor_meta
+                  @meta_data
                 )
               end
             end
@@ -319,9 +319,9 @@ module TCellAgent
                   }
                 )
 
-                @appsensor_meta.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
+                @meta_data.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
                 @rust_policies.check_appfirewall_injections(
-                  @appsensor_meta
+                  @meta_data
                 )
               end
             end
@@ -332,9 +332,9 @@ module TCellAgent
               it 'should not send an event' do
                 expect(TCellAgent).to_not receive(:send_event)
 
-                @appsensor_meta.sql_exceptions = []
+                @meta_data.sql_exceptions = []
                 @rust_policies.check_appfirewall_injections(
-                  @appsensor_meta
+                  @meta_data
                 )
               end
             end
@@ -361,12 +361,12 @@ module TCellAgent
                   }
                 )
 
-                @appsensor_meta.sql_exceptions = [{
+                @meta_data.sql_exceptions = [{
                   'exception_name' => 'ActiveRecord::StatementInvalid',
                   'exception_payload' => 'exception message goes here'
                 }]
                 @rust_policies.check_appfirewall_injections(
-                  @appsensor_meta
+                  @meta_data
                 )
               end
             end
@@ -408,7 +408,7 @@ module TCellAgent
                   }
                 )
 
-                @appsensor_meta.sql_exceptions = [
+                @meta_data.sql_exceptions = [
                   {
                     'exception_name' => 'ActiveRecord::StatementInvalid',
                     'exception_payload' => 'exception message goes here'
@@ -419,7 +419,7 @@ module TCellAgent
                   }
                 ]
                 @rust_policies.check_appfirewall_injections(
-                  @appsensor_meta
+                  @meta_data
                 )
               end
             end
@@ -430,9 +430,9 @@ module TCellAgent
               it 'should not send an event' do
                 expect(TCellAgent).to_not receive(:send_event)
 
-                @appsensor_meta.database_result_sizes = nil
+                @meta_data.database_result_sizes = nil
                 @rust_policies.check_appfirewall_injections(
-                  @appsensor_meta
+                  @meta_data
                 )
               end
             end
@@ -441,9 +441,9 @@ module TCellAgent
               it 'should not send an event' do
                 expect(TCellAgent).to_not receive(:send_event)
 
-                @appsensor_meta.database_result_sizes = []
+                @meta_data.database_result_sizes = []
                 @rust_policies.check_appfirewall_injections(
-                  @appsensor_meta
+                  @meta_data
                 )
               end
             end
@@ -465,9 +465,9 @@ module TCellAgent
                   }
                 )
 
-                @appsensor_meta.database_result_sizes = [1001]
+                @meta_data.database_result_sizes = [1001]
                 @rust_policies.check_appfirewall_injections(
-                  @appsensor_meta
+                  @meta_data
                 )
               end
             end
@@ -503,9 +503,9 @@ module TCellAgent
                   }
                 )
 
-                @appsensor_meta.database_result_sizes = [1001, 1002]
+                @meta_data.database_result_sizes = [1001, 1002]
                 @rust_policies.check_appfirewall_injections(
-                  @appsensor_meta
+                  @meta_data
                 )
               end
             end