tcell_agent 1.1.3 → 1.1.4

data/lib/tcell_agent/agent/policy_types.rb

@@ -1,35 +1,30 @@
-# encoding: utf-8
-
-# See the file "LICENSE" for the full license governing this code.
-
-require "tcell_agent/policies/http_tx_policy"
-require "tcell_agent/policies/http_redirect_policy"
-require "tcell_agent/policies/login_fraud_policy"
-require "tcell_agent/policies/dataloss_policy"
-require "tcell_agent/policies/rust_policies"
+require 'tcell_agent/policies/http_tx_policy'
+require 'tcell_agent/policies/http_redirect_policy'
+require 'tcell_agent/policies/login_fraud_policy'
+require 'tcell_agent/policies/dataloss_policy'
+require 'tcell_agent/policies/rust_policies'
 
 module TCellAgent
   class PolicyTypes
-    CSP = "csp-headers"
-    Clickjacking = "clickjacking"
-    SecureHeaders = "secure-headers"
-    HttpTx = "http-tx"
-    HttpRedirect = "http-redirect"
-    LoginFraud = "login"
-    DataLoss = "dlp"
-    AppSensor = "appsensor"
-    Patches = "patches"
-    CommandInjection = "cmdi"
-    Regex = "regex"
-    Rust = "rust"
-    JSAgentInjection = "jsagentinjection"
-
-    ClassMap = {
-      HttpTx=>TCellAgent::Policies::HttpTxPolicy,
-      HttpRedirect=>TCellAgent::Policies::HttpRedirectPolicy,
-      LoginFraud=>TCellAgent::Policies::LoginFraudPolicy,
-      DataLoss=>TCellAgent::Policies::DataLossPolicy
-    }
+    CSP = 'csp-headers'.freeze
+    CLICKJACKING = 'clickjacking'.freeze
+    SECUREHEADERS = 'secure-headers'.freeze
+    HTTPTX = 'http-tx'.freeze
+    HTTPREDIRECT = 'http-redirect'.freeze
+    LOGINFRAUD = 'login'.freeze
+    DATALOSS = 'dlp'.freeze
+    APPSENSOR = 'appsensor'.freeze
+    PATCHES = 'patches'.freeze
+    COMMANDINJECTION = 'cmdi'.freeze
+    REGEX = 'regex'.freeze
+    RUST = 'rust'.freeze
+    JSAGENTINJECTION = 'jsagentinjection'.freeze
 
+    CLASS_MAP = {
+      HTTPTX => TCellAgent::Policies::HttpTxPolicy,
+      HTTPREDIRECT => TCellAgent::Policies::HttpRedirectPolicy,
+      LOGINFRAUD => TCellAgent::Policies::LoginFraudPolicy,
+      DATALOSS => TCellAgent::Policies::DataLossPolicy
+    }.freeze
   end
 end

data/lib/tcell_agent/agent/route_manager.rb

@@ -1,15 +1,13 @@
-# encoding: utf-8
-
 # See the file "LICENSE" for the full license governing this code.
 
-require "tcell_agent/logger"
-require "tcell_agent/version"
-require "tcell_agent/api"
-require "tcell_agent/configuration"
+require 'tcell_agent/logger'
+require 'tcell_agent/version'
+require 'tcell_agent/api'
+require 'tcell_agent/configuration'
 
-require "tcell_agent/routes/table"
-require "tcell_agent/sensor_events/discovery"
-require "tcell_agent"
+require 'tcell_agent/routes/table'
+require 'tcell_agent/sensor_events/discovery'
+require 'tcell_agent'
 
 module TCellAgent
   class Agent
@@ -18,48 +16,40 @@ module TCellAgent
         database,
         schema,
         table,
-        fields.join(",")
-      ].join(",").hash
+        fields.join(',')
+      ].join(',').hash
     end
 
-  	def discover_database_field(route_id, database, schema, table, field)
-      discover_database_fields(route_id, database, schema, table, [field])
-  	end
+    def discover_database_fields(route_id, database, schema, table, fields)
+      return if route_id.nil? || database.nil? || schema.nil? || table.nil? || fields.nil?
 
-  	def discover_database_fields(route_id, database, schema, table, fields)
-      if (route_id == nil ||
-          database == nil ||
-          schema == nil ||
-          table == nil ||
-          fields == nil)
-        return
-      end
-      if TCellAgent::Agent.is_parent_process? == false
-        TCellAgent.queue_metric({"_type"=>"discover_database_fields", 
-          "route_id"=>route_id, 
-          "database"=>database, 
-          "schema"=>schema, 
-          "table"=>table, 
-          "fields"=>fields})
+      if TCellAgent::Agent.parent_process? == false
+        TCellAgent.queue_metric('_type' => 'discover_database_fields',
+                                'route_id' => route_id,
+                                'database' => database,
+                                'schema' => schema,
+                                'table' => table,
+                                'fields' => fields)
         return
       end
+
       query_hash = TCellAgent::Agent.get_database_discovery_identifier(database, schema, table, fields)
-      if (@route_table.routes[route_id].database_queries_discovered.fetch(query_hash, false) == false)
-        @route_table.routes[route_id].database_queries_discovered[query_hash] = true
-        event = (TCellAgent::SensorEvents::DiscoveryEvent.new(route_id)).for_database_fields(database, schema, table, fields)
-        TCellAgent.send_event(event)
-      end
-  		#discovered_fields = fields.select { |field| 
-  		#		@route_table.routes[route_id].database_queries_discoverd[database][schema][table][field].discovered != true
-  		#}
-  		#if (discovered_fields.length > 0)
-  		#	discovered_fields.each { |field|
-			#	@route_table.routes[route_id].database[database][schema][table][field].discovered = true
-  		#	}
-  		#	event = (TCellAgent::SensorEvents::DiscoveryEvent.new(route_id)).for_database_fields(database, schema, table, fields)
-  		#	TCellAgent.send_event(event)
-  		#end
-   	end 
 
+      return if @route_table.routes[route_id].database_queries_discovered.fetch(query_hash, false)
+
+      @route_table.routes[route_id].database_queries_discovered[query_hash] = true
+      event = TCellAgent::SensorEvents::DiscoveryEvent.new(route_id).for_database_fields(database, schema, table, fields)
+      TCellAgent.send_event(event)
+      # discovered_fields = fields.select { |field|
+      #    @route_table.routes[route_id].database_queries_discoverd[database][schema][table][field].discovered != true
+      # }
+      # if (discovered_fields.length > 0)
+      #  discovered_fields.each { |field|
+      #  @route_table.routes[route_id].database[database][schema][table][field].discovered = true
+      #  }
+      #  event = (TCellAgent::SensorEvents::DiscoveryEvent.new(route_id)).for_database_fields(database, schema, table, fields)
+      #  TCellAgent.send_event(event)
+      # end
+    end
   end
-end
+end

data/lib/tcell_agent/agent/static_agent.rb

@@ -1,5 +1,3 @@
-# encoding: utf-8
-
 # See the file "LICENSE" for the full license governing this code.
 require 'tcell_agent/sensor_events/metrics'
 require 'monitor'
@@ -9,10 +7,10 @@ module TCellAgent
   @@my_thread_agent = nil
 
   def self.thread_agent
-    if(self.thread_agent_defined? == false)
+    if thread_agent_defined? == false
       @@instance_lock.synchronize do
-        if(self.thread_agent_defined? == false)
-          @@my_thread_agent= TCellAgent::Agent.new(Process.pid)
+        if thread_agent_defined? == false
+          @@my_thread_agent = TCellAgent::Agent.new(Process.pid)
         end
       end
     end
@@ -23,45 +21,45 @@ module TCellAgent
     @@my_thread_agent != nil
   end
 
-  # setter
   def self.thread_agent=(some_agent)
     @@instance_lock.synchronize do
       @@my_thread_agent = some_agent
     end
   end
 
-  #class << self
-  #  attr_accessor :thread_agent
-  #end
   def self.send_event(event)
-    self.thread_agent.queueSensorEvent(event)
+    thread_agent.queue_sensor_event(event)
   end
+
   def self.queue_metric(event)
-    self.thread_agent._queue_metric(event)
+    thread_agent._queue_metric(event)
   end
+
   def self.policy(policy_type)
-    self.thread_agent.policies.fetch(policy_type, nil)
+    thread_agent.policies.fetch(policy_type, nil)
   end
+
   def self.increment_session_info(hmac_session_id, user_id, ip_address, user_agent)
-    self.thread_agent.increment_session_info(hmac_session_id, user_id, ip_address, user_agent)
+    thread_agent.increment_session_info(hmac_session_id, user_id, ip_address, user_agent)
   end
+
   def self.increment_route(route_id, response_time)
-    self.thread_agent.increment_route(route_id, response_time)
-  end
-  def self.discover_database_field(route_id, database, schema, table, field)
-    self.thread_agent.discover_database_field(route_id, database, schema, table, field)
+    thread_agent.increment_route(route_id, response_time)
   end
+
   def self.discover_database_fields(route_id, database, schema, table, fields)
-    self.thread_agent.discover_database_fields(route_id, database, schema, table, fields)
+    thread_agent.discover_database_fields(route_id, database, schema, table, fields)
   end
+
   def self.stop_agent
-    self.thread_agent.stop_agent = true
+    thread_agent.stop_agent = true
   end
+
   def self.ensure_event_processor_running
-    self.thread_agent.ensure_event_processor_running
+    thread_agent.ensure_event_processor_running
   end
 
   def self.safe_to_send_cmdi_events?
-    self.thread_agent.safe_to_send_cmdi_events?
+    thread_agent.safe_to_send_cmdi_events?
   end
 end

data/lib/tcell_agent/api.rb

@@ -1,4 +1,3 @@
-# encoding: utf-8
 # See the file "LICENSE" for the full license governing this code.
 require 'json'
 require 'tcell_agent/logger'
@@ -10,63 +9,59 @@ require 'net/http'
 
 module TCellAgent
   class TCellApi
+    def initialize; end
 
-    def initialize
-    end
-
-    def poll_api(last_id=nil)
+    def poll_api(last_id = nil)
       if !TCellAgent.configuration || !TCellAgent.configuration.tcell_api_url || !TCellAgent.configuration.app_id
-        raise TCellAgent::ConfigurationException.new("Config Information Not Found, can't poll for policy updates")
+        raise TCellAgent::ConfigurationException, "Config Information Not Found, can't poll for policy updates"
       end
 
       full_url = TCellAgent.configuration.tcell_api_url.sub(
         '{app_id}',
         TCellAgent.configuration.app_id
       )
-      full_url += "&last_id=#{last_id.to_s}" if last_id
+      full_url += "&last_id=#{last_id}" if last_id
 
-      TCellAgent.logger.debug "tCell.io API Request: " + full_url
+      TCellAgent.logger.debug("tCell.io API Request: #{full_url}")
 
       uri = URI(full_url)
       req = Net::HTTP::Get.new(uri.request_uri)
       req['Authorization'] = 'Bearer ' + TCellAgent.configuration.api_key
       begin
-        req['TCellAgent'] = "RubyAgent " + TCellAgent::VERSION
+        req['TCellAgent'] = 'RubyAgent ' + TCellAgent::VERSION
       rescue StandardError => e
-        TCellAgent.logger.debug("tCell.io Could not add agent string: " + e.message)
+        TCellAgent.logger.debug("tCell.io Could not add agent string: #{e.message}")
       end
 
       res = Net::HTTP.start(uri.hostname, uri.port, :use_ssl => (uri.scheme == 'https')) { |http| http.request(req) }
 
       if res.is_a?(Net::HTTPSuccess)
-        TCellAgent.logger.debug("tCell.io API Response: #{res.body}".force_encoding("UTF-8"))
+        TCellAgent.logger.debug("tCell.io API Response: #{res.body}".force_encoding('UTF-8'))
         return JSON.parse(res.body)
       else
         TCellAgent.logger.error("Received error response while contacting api: #{res.inspect}")
       end
 
-      return nil
+      nil
     end
 
     def send_event_set(events)
       if !TCellAgent.configuration || !TCellAgent.configuration.tcell_input_url || !TCellAgent.configuration.app_id
-        raise TCellAgent::ConfigurationException.new("Config Information Not Found, can't send events")
+        raise TCellAgent::ConfigurationException, "Config Information Not Found, can't send events"
       end
 
-      if (events == nil)
-        return false
-      end
+      return false if events.nil?
 
-      eventset = {"uuid" => TCellAgent.configuration.uuid,
-                  "hostname" => TCellAgent.configuration.host_identifier,
-                  "events" => events }
+      eventset = { 'uuid' => TCellAgent.configuration.uuid,
+                   'hostname' => TCellAgent.configuration.host_identifier,
+                   'events' => events }
       TCellAgent.logger.debug("Sending #{JSON.dump(eventset)}")
       full_url = TCellAgent.configuration.tcell_input_url +
-        "/app/" +
-        TCellAgent.configuration.app_id +
-        "/server_agent"
+                 '/app/' +
+                 TCellAgent.configuration.app_id +
+                 '/server_agent'
 
-      TCellAgent.logger.debug("tCell.io SendEvents API Request: " + full_url)
+      TCellAgent.logger.debug("tCell.io SendEvents API Request: #{full_url}")
 
       uri = URI(full_url)
       req = Net::HTTP::Post.new(uri.request_uri, 'Content-Type' => 'application/json')
@@ -76,21 +71,21 @@ module TCellAgent
       req['Accept'] = 'application/json'
 
       begin
-        req['TCellAgent'] = "RubyAgent " + TCellAgent::VERSION
+        req['TCellAgent'] = 'RubyAgent ' + TCellAgent::VERSION
       rescue StandardError => e
-        TCellAgent.logger.debug("tCell.io Could not add agent string: " + e.message)
+        TCellAgent.logger.debug('tCell.io Could not add agent string: ' + e.message)
       end
 
       res = Net::HTTP.start(uri.hostname, uri.port, :use_ssl => (uri.scheme == 'https')) { |http| http.request(req) }
 
       TCellAgent.logger.debug("tCell.io SendEvents API Response: #{res.code}")
 
-      return res.is_a?(Net::HTTPSuccess)
+      res.is_a?(Net::HTTPSuccess)
     end
 
     def valid_header?(str)
-        return true if (/^[\p{L}\w\d\-_ :\/,;.'\"%?@#=$]*$/).match(str)
-        return false
+      # TODO: test the unescaped backslash
+      str =~ %r{^[\p{L}\w\d\-_ :/,;.'\"%?@#=$]*$}
     end
   end
 end

data/lib/tcell_agent/appsensor/injections_reporter.rb

@@ -1,9 +1,7 @@
 require 'tcell_agent/sensor_events/appsensor_event'
 
-
 module TCellAgent
   module AppSensor
-
     module InjectionsReporter
       def self.report_and_log(events)
         (events || []).each do |event|
@@ -11,18 +9,16 @@ module TCellAgent
             TCellAgent::SensorEvents::TCellAppSensorEvent.build_from_native_lib_event(event)
           )
 
-          if event.has_key?("full_payload")
-            event_to_log = {}.merge(event)
-            event_to_log["payload"] = event_to_log.delete("full_payload")
+          next unless event.key?('full_payload')
+          event_to_log = {}.merge(event)
+          event_to_log['payload'] = event_to_log.delete('full_payload')
 
-            cleaned_event = TCellAgent::SensorEvents::TCellAppSensorEvent.build_from_native_lib_event(
-              event_to_log
-            )
-            TCellAgent.logger.info(JSON.dump(cleaned_event))
-          end
+          cleaned_event = TCellAgent::SensorEvents::TCellAppSensorEvent.build_from_native_lib_event(
+            event_to_log
+          )
+          TCellAgent.logger.info(JSON.dump(cleaned_event))
         end
       end
     end
-
   end
 end

data/lib/tcell_agent/authlogic.rb

@@ -8,17 +8,17 @@ module TCellAgent
   if defined?(Authlogic)
     TCellAgent::UserInformation.class_eval do
       class << self
-        alias_method :original_getUserFromRequest, :getUserFromRequest
-        def getUserFromRequest(request)
-          orig_user_id = original_getUserFromRequest(request)
+        alias_method :original_get_user_from_request, :get_user_from_request
+        def get_user_from_request(request)
+          orig_user_id = original_get_user_from_request(request)
           begin
-            if request.session && request.session.has_key?("user_credentials_id")
-              return request.session["user_credentials_id"].to_s
+            if request.session && request.session.key?('user_credentials_id')
+              return request.session['user_credentials_id'].to_s
             end
-          rescue StandardError => e
+          rescue StandardError
             return orig_user_id
           end
-          return orig_user_id
+          orig_user_id
         end
       end
     end

data/lib/tcell_agent/cmdi.rb

@@ -1,13 +1,12 @@
 require 'tcell_agent/agent/policy_types'
 require 'tcell_agent/utils/strings'
 
-
 module TCellAgent
   module Cmdi
     def self.block_command?(cmd)
-      TCellAgent::Instrumentation.safe_block("Checking Command Injection Policy") do
+      TCellAgent::Instrumentation.safe_block('Checking Command Injection Policy') do
         if TCellAgent::Utils::Strings.present?(cmd)
-          rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::Rust)
+          rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
           if rust_policies && rust_policies.cmdi_enabled
             request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(
               Thread.current.object_id, {}
@@ -18,14 +17,14 @@ module TCellAgent
         end
       end
 
-      return false
+      false
     end
 
     def self.parse_command(*args)
-      cmd = ""
+      cmd = ''
 
-      TCellAgent::Instrumentation.safe_block("CMDI Parsing *args") do
-        if args.size > 0
+      TCellAgent::Instrumentation.safe_block('CMDI Parsing *args') do
+        unless args.empty?
           args_copy = Array.new(args)
           args_copy.shift if args_copy.first.is_a?(Hash)
           args_copy.pop if args_copy.last.is_a?(Hash)
@@ -35,7 +34,7 @@ module TCellAgent
             args_copy.unshift(cmd_n_argv0.first)
           end
 
-          cmd = args_copy.join(" ")
+          cmd = args_copy.join(' ')
         end
       end
 
@@ -48,7 +47,7 @@ module Kernel
   alias_method :tcell_original_backtick, :`
   def `(cmd)
     if TCellAgent::Cmdi.block_command?(cmd)
-      raise Errno::ENOENT.new("tCell.io Agent: Command not allowed by policy: #{cmd}")
+      raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
     end
 
     tcell_original_backtick(cmd)
@@ -58,7 +57,7 @@ module Kernel
   def exec(*args)
     cmd = TCellAgent::Cmdi.parse_command(*args)
     if TCellAgent::Cmdi.block_command?(cmd)
-      raise Errno::ENOENT.new("tCell.io Agent: Command not allowed by policy: #{cmd}")
+      raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
     end
 
     tcell_original_exec(*args)
@@ -68,7 +67,7 @@ module Kernel
   def system(*args)
     cmd = TCellAgent::Cmdi.parse_command(*args)
     if TCellAgent::Cmdi.block_command?(cmd)
-      raise Errno::ENOENT.new("tCell.io Agent: Command not allowed by policy: #{cmd}")
+      raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
     end
 
     tcell_original_system(*args)
@@ -78,10 +77,10 @@ module Kernel
   def spawn(*args)
     cmd = TCellAgent::Cmdi.parse_command(*args)
     if TCellAgent::Cmdi.block_command?(cmd)
-      raise Errno::ENOENT.new("tCell.io Agent: Command not allowed by policy: #{cmd}")
+      raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
     end
 
-    return tcell_original_spawn(*args)
+    tcell_original_spawn(*args)
   end
 end
 
@@ -89,27 +88,27 @@ class IO
   class << self
     alias_method :tcell_original_popen, :popen
     def popen(*args)
-      if args.size > 0
-        cmd = ""
+      unless args.empty?
+        cmd = ''
 
-        TCellAgent::Instrumentation.safe_block("CMDI Parsing popen *args") do
+        TCellAgent::Instrumentation.safe_block('CMDI Parsing popen *args') do
           args_copy = Array.new(args)
           args_copy.shift if args_copy.first.is_a?(Hash)
           args_copy.pop if args_copy.last.is_a?(Hash)
 
-          if args_copy.first.is_a?(String)
-            cmd = args_copy.shift
-          else
-            cmd = TCellAgent::Cmdi.parse_command(*args_copy.shift)
-          end
+          cmd = if args_copy.first.is_a?(String)
+                  args_copy.shift
+                else
+                  TCellAgent::Cmdi.parse_command(*args_copy.shift)
+                end
         end
 
         if TCellAgent::Cmdi.block_command?(cmd)
-          raise Errno::ENOENT.new("tCell.io Agent: Command not allowed by policy: #{cmd}")
+          raise Errno::ENOENT, "tCell.io Agent: Command not allowed by policy: #{cmd}"
         end
       end
 
-      return tcell_original_popen(*args)
+      tcell_original_popen(*args)
     end
   end
 end