tcell_agent 1.1.3 → 1.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/tcell_agent +10 -2
- data/lib/tcell_agent.rb +3 -3
- data/lib/tcell_agent/agent.rb +42 -52
- data/lib/tcell_agent/agent/event_processor.rb +129 -162
- data/lib/tcell_agent/agent/fork_pipe_manager.rb +57 -62
- data/lib/tcell_agent/agent/policy_manager.rb +83 -104
- data/lib/tcell_agent/agent/policy_types.rb +24 -29
- data/lib/tcell_agent/agent/route_manager.rb +36 -46
- data/lib/tcell_agent/agent/static_agent.rb +19 -21
- data/lib/tcell_agent/api.rb +23 -28
- data/lib/tcell_agent/appsensor/injections_reporter.rb +7 -11
- data/lib/tcell_agent/authlogic.rb +7 -7
- data/lib/tcell_agent/cmdi.rb +22 -23
- data/lib/tcell_agent/config/unknown_options.rb +71 -69
- data/lib/tcell_agent/configuration.rb +187 -191
- data/lib/tcell_agent/devise.rb +13 -15
- data/lib/tcell_agent/hooks/login_fraud.rb +1 -1
- data/lib/tcell_agent/instrumentation.rb +120 -124
- data/lib/tcell_agent/logger.rb +29 -45
- data/lib/tcell_agent/patches.rb +5 -5
- data/lib/tcell_agent/policies/dataloss_policy.rb +263 -288
- data/lib/tcell_agent/policies/http_redirect_policy.rb +25 -37
- data/lib/tcell_agent/policies/http_tx_policy.rb +48 -52
- data/lib/tcell_agent/policies/login_fraud_policy.rb +15 -20
- data/lib/tcell_agent/policies/policy.rb +0 -2
- data/lib/tcell_agent/policies/rust_policies.rb +24 -29
- data/lib/tcell_agent/rails.rb +2 -3
- data/lib/tcell_agent/rails/auth/authlogic.rb +2 -2
- data/lib/tcell_agent/rails/auth/devise.rb +2 -2
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +2 -2
- data/lib/tcell_agent/rails/better_ip.rb +12 -16
- data/lib/tcell_agent/rails/csrf_exception.rb +4 -7
- data/lib/tcell_agent/rails/dlp.rb +208 -107
- data/lib/tcell_agent/rails/dlp/process_request.rb +37 -47
- data/lib/tcell_agent/rails/dlp_handler.rb +9 -11
- data/lib/tcell_agent/rails/js_agent_insert.rb +11 -14
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +8 -7
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +4 -5
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +5 -8
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +24 -27
- data/lib/tcell_agent/rails/on_start.rb +5 -5
- data/lib/tcell_agent/rails/responses.rb +7 -9
- data/lib/tcell_agent/rails/routes.rb +62 -81
- data/lib/tcell_agent/rails/routes/grape.rb +25 -30
- data/lib/tcell_agent/rails/routes/route_id.rb +9 -14
- data/lib/tcell_agent/rails/settings_reporter.rb +44 -33
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +15 -18
- data/lib/tcell_agent/routes/table.rb +31 -33
- data/lib/tcell_agent/rust/{libtcellagent-1.3.0.dylib → libtcellagent-1.3.1.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-1.3.0.so → libtcellagent-1.3.1.so} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.0.so → libtcellagent-alpine-1.3.1.so} +0 -0
- data/lib/tcell_agent/rust/models.rb +32 -37
- data/lib/tcell_agent/rust/tcellagent-1.3.1.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +101 -104
- data/lib/tcell_agent/sensor_events/app_config.rb +7 -7
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +26 -27
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +20 -88
- data/lib/tcell_agent/sensor_events/command_injection.rb +52 -80
- data/lib/tcell_agent/sensor_events/discovery.rb +27 -27
- data/lib/tcell_agent/sensor_events/dlp.rb +50 -56
- data/lib/tcell_agent/sensor_events/honeytokens.rb +9 -9
- data/lib/tcell_agent/sensor_events/metrics.rb +20 -21
- data/lib/tcell_agent/sensor_events/patches.rb +10 -12
- data/lib/tcell_agent/sensor_events/sensor.rb +32 -36
- data/lib/tcell_agent/sensor_events/server_agent.rb +130 -127
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +60 -80
- data/lib/tcell_agent/sensor_events/util/utils.rb +3 -5
- data/lib/tcell_agent/servers/passenger.rb +5 -9
- data/lib/tcell_agent/servers/puma.rb +18 -27
- data/lib/tcell_agent/servers/rails_server.rb +5 -9
- data/lib/tcell_agent/servers/thin.rb +2 -4
- data/lib/tcell_agent/servers/unicorn.rb +18 -27
- data/lib/tcell_agent/servers/webrick.rb +2 -4
- data/lib/tcell_agent/settings_reporter.rb +126 -0
- data/lib/tcell_agent/sinatra.rb +24 -26
- data/lib/tcell_agent/start_background_thread.rb +21 -142
- data/lib/tcell_agent/system_info.rb +4 -3
- data/lib/tcell_agent/tcell_context.rb +150 -0
- data/lib/tcell_agent/userinfo.rb +3 -3
- data/lib/tcell_agent/utils/io.rb +19 -24
- data/lib/tcell_agent/utils/params.rb +9 -15
- data/lib/tcell_agent/utils/queue_with_timeout.rb +26 -32
- data/lib/tcell_agent/utils/strings.rb +4 -6
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +5 -5
- data/spec/lib/tcell_agent/agent/static_agent_spec.rb +7 -7
- data/spec/lib/tcell_agent/cmdi_spec.rb +21 -21
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +29 -24
- data/spec/lib/tcell_agent/instrumentation_spec.rb +4 -4
- data/spec/lib/tcell_agent/patches_spec.rb +8 -8
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +23 -23
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +2 -2
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +69 -0
- data/spec/lib/tcell_agent/rails/dlp_spec.rb +1039 -0
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +271 -0
- data/spec/lib/tcell_agent/rails/logger_spec.rb +5 -5
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +3 -3
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -4
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +5 -5
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +1 -1
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +11 -8
- data/spec/lib/tcell_agent/rails/responses_spec.rb +2 -2
- data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +2 -2
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +1 -1
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +4 -4
- data/spec/lib/tcell_agent/rust/models_spec.rb +83 -75
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +14 -14
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +19 -70
- data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +1 -1
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +162 -0
- data/spec/lib/tcell_agent/tcell_context_spec.rb +154 -0
- data/spec/spec_helper.rb +5 -0
- metadata +18 -10
- data/lib/tcell_agent/appsensor/meta_data.rb +0 -132
- data/lib/tcell_agent/patches/meta_data.rb +0 -59
- data/lib/tcell_agent/rust/tcellagent-1.3.0.dll +0 -0
- data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +0 -71
|
@@ -1,59 +0,0 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
# See the file "LICENSE" for the full license governing this code.
|
|
3
|
-
|
|
4
|
-
require 'tcell_agent/appsensor/meta_data'
|
|
5
|
-
require 'tcell_agent/rails/better_ip'
|
|
6
|
-
require 'tcell_agent/utils/params'
|
|
7
|
-
|
|
8
|
-
module TCellAgent
|
|
9
|
-
module Patches
|
|
10
|
-
|
|
11
|
-
class MetaData < TCellAgent::AppSensor::MetaData
|
|
12
|
-
class << self
|
|
13
|
-
def build(request)
|
|
14
|
-
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
15
|
-
meta_event = MetaData.new(
|
|
16
|
-
tcell_context.request_method,
|
|
17
|
-
tcell_context.ip_address,
|
|
18
|
-
tcell_context.route_id,
|
|
19
|
-
tcell_context.hmac_session_id,
|
|
20
|
-
tcell_context.user_id,
|
|
21
|
-
tcell_context.transaction_id,
|
|
22
|
-
tcell_context.uri
|
|
23
|
-
)
|
|
24
|
-
|
|
25
|
-
meta_event.path = tcell_context.path
|
|
26
|
-
|
|
27
|
-
meta_event.get_dict = request.GET
|
|
28
|
-
meta_event.cookie_dict = request.cookies
|
|
29
|
-
meta_event.set_headers_dict(request.env)
|
|
30
|
-
|
|
31
|
-
meta_event.post_dict = request.POST
|
|
32
|
-
|
|
33
|
-
# Positions strio to the beginning of input, resetting lineno to zero.
|
|
34
|
-
# rails 4.1 seems to read the stringIO directly and so body.gets is empty
|
|
35
|
-
# this is called
|
|
36
|
-
request.body.rewind
|
|
37
|
-
|
|
38
|
-
meta_event.request_content_bytes_len = (request.content_length || 0).to_i
|
|
39
|
-
meta_event.set_body_dict(
|
|
40
|
-
meta_event.request_content_bytes_len,
|
|
41
|
-
request.content_type,
|
|
42
|
-
request.body.gets
|
|
43
|
-
)
|
|
44
|
-
|
|
45
|
-
meta_event
|
|
46
|
-
end
|
|
47
|
-
end
|
|
48
|
-
|
|
49
|
-
attr_accessor :path, :request_content_bytes_len
|
|
50
|
-
|
|
51
|
-
def initialize(method, remote_address, route_id, session_id, user_id, transaction_id, location)
|
|
52
|
-
super(method, remote_address, route_id, session_id, user_id, transaction_id, location)
|
|
53
|
-
|
|
54
|
-
@request_content_bytes_len = 0
|
|
55
|
-
end
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
end
|
|
59
|
-
end
|
|
Binary file
|
|
@@ -1,71 +0,0 @@
|
|
|
1
|
-
require 'spec_helper'
|
|
2
|
-
|
|
3
|
-
module TCellAgent
|
|
4
|
-
module AppSensor
|
|
5
|
-
describe MetaData do
|
|
6
|
-
describe '#set_headers_dict' do
|
|
7
|
-
it 'should set all headers that start with http and skip cookies' do
|
|
8
|
-
method = remote_address = route_id = session_id = user_id = transaction_id = location = nil
|
|
9
|
-
|
|
10
|
-
meta = MetaData.new(method, remote_address, route_id, session_id, user_id, transaction_id, location)
|
|
11
|
-
meta.set_headers_dict(
|
|
12
|
-
{
|
|
13
|
-
'rack.version' => [1, 2],
|
|
14
|
-
'REQUEST_METHOD' => 'POST',
|
|
15
|
-
'SERVER_NAME' => 'www.example.com',
|
|
16
|
-
'HTTP_USER_AGENT' => 'Mozilla',
|
|
17
|
-
'HTTP_MY_CUSTOM_HTTP_HEADER' => 'my value'
|
|
18
|
-
}
|
|
19
|
-
)
|
|
20
|
-
|
|
21
|
-
expect(meta.headers_dict).to eq(
|
|
22
|
-
{
|
|
23
|
-
'user-agent' => 'Mozilla',
|
|
24
|
-
'my-custom-http-header' => 'my value'
|
|
25
|
-
}
|
|
26
|
-
)
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
it 'should set all headers that start with http and include content_length and content_type' do
|
|
30
|
-
method = remote_address = route_id = session_id = user_id = transaction_id = location = nil
|
|
31
|
-
|
|
32
|
-
meta = MetaData.new(method, remote_address, route_id, session_id, user_id, transaction_id, location)
|
|
33
|
-
meta.set_headers_dict(
|
|
34
|
-
{
|
|
35
|
-
'REQUEST_METHOD' => 'POST',
|
|
36
|
-
'HTTP_VERSION' => 'HTTP/1.1',
|
|
37
|
-
'HTTP_CONNECTION' => 'keep-alive',
|
|
38
|
-
'CONTENT_LENGTH' => '85',
|
|
39
|
-
'HTTP_CACHE_CONTROL' => 'max-age=0',
|
|
40
|
-
'HTTP_ORIGIN' => 'http://192.168.99.100:3000',
|
|
41
|
-
'HTTP_UPGRADE_INSECURE_REQUESTS' => '1',
|
|
42
|
-
'HTTP_USER_AGENT' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5)',
|
|
43
|
-
'CONTENT_TYPE' => 'application/x-www-form-urlencoded',
|
|
44
|
-
'HTTP_ACCEPT' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
|
|
45
|
-
'HTTP_ACCEPT_ENCODING' => 'gzip, deflate',
|
|
46
|
-
'HTTP_ACCEPT_LANGUAGE' => 'en-US,en;q=0.8',
|
|
47
|
-
'HTTP_MY_CUSTOM_HTTP_HEADER' => 'my value'
|
|
48
|
-
}
|
|
49
|
-
)
|
|
50
|
-
|
|
51
|
-
expect(meta.headers_dict).to eq(
|
|
52
|
-
{
|
|
53
|
-
'version' => 'HTTP/1.1',
|
|
54
|
-
'connection' => 'keep-alive',
|
|
55
|
-
'content-length' => '85',
|
|
56
|
-
'cache-control' => 'max-age=0',
|
|
57
|
-
'origin' => 'http://192.168.99.100:3000',
|
|
58
|
-
'upgrade-insecure-requests' => '1',
|
|
59
|
-
'user-agent' => 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5)',
|
|
60
|
-
'content-type' => 'application/x-www-form-urlencoded',
|
|
61
|
-
'accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8',
|
|
62
|
-
'accept-encoding' => 'gzip, deflate',
|
|
63
|
-
'accept-language' => 'en-US,en;q=0.8',
|
|
64
|
-
'my-custom-http-header' => 'my value'
|
|
65
|
-
}
|
|
66
|
-
)
|
|
67
|
-
end
|
|
68
|
-
end
|
|
69
|
-
end
|
|
70
|
-
end
|
|
71
|
-
end
|