tcell_agent 1.1.3 → 1.1.4

data/lib/tcell_agent/devise.rb

@@ -11,25 +11,23 @@ module TCellAgent
   if defined?(Devise)
     TCellAgent::UserInformation.class_eval do
       class << self
-        alias_method :original_getUserFromRequest, :getUserFromRequest
-        def getUserFromRequest(request)
-          orig_user_id = original_getUserFromRequest(request)
+        alias_method :original_get_user_from_request, :get_user_from_request
+        def get_user_from_request(request)
+          orig_user_id = original_get_user_from_request(request)
           begin
-            if request.session && request.session.has_key?("warden.user.user.key")
-              userkey = request.session["warden.user.user.key"]
-              if (userkey.length == 2)
-                user_id = userkey[0][0]
-              else
-                user_id = userkey[1][0]
-              end
-              if user_id.is_a? Integer
-                return user_id.to_s
-              end
+            if request.session && request.session.key?('warden.user.user.key')
+              userkey = request.session['warden.user.user.key']
+              user_id = if userkey.length == 2
+                          userkey[0][0]
+                        else
+                          userkey[1][0]
+                        end
+              return user_id.to_s if user_id.is_a? Integer
             end
-          rescue StandardError => e
+          rescue StandardError
             return orig_user_id
           end
-          return orig_user_id
+          orig_user_id
         end
       end
     end

data/lib/tcell_agent/hooks/login_fraud.rb

@@ -12,7 +12,7 @@ module TCellAgent
                                   user_valid)
         if TCellAgent.configuration.enabled &&
            TCellAgent.configuration.should_intercept_requests?
-          login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+          login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
 
           if login_fraud_policy && login_fraud_policy.enabled
             if tcell_data

data/lib/tcell_agent/instrumentation.rb

@@ -1,4 +1,3 @@
-# encoding: utf-8
 # See the file "LICENSE" for the full license governing this code.
 require 'tcell_agent/logger'
 require 'tcell_agent/configuration'
@@ -8,7 +7,7 @@ require 'cgi'
 
 module TCellAgent
   module Instrumentation
-    TCELL_ID = "tcell.request_data"
+    TCELL_ID = 'tcell.request_data'.freeze
 
     class ContextFilter
       attr_accessor :type
@@ -20,198 +19,199 @@ module TCellAgent
       attr_accessor :table
       attr_accessor :field
 
-      DATABASE = "db"
-      REQUEST = "request"
+      DATABASE = 'db'.freeze
+      REQUEST = 'request'.freeze
 
       def for_request(context, parameter, rule)
         self.type = ContextFilter::REQUEST
         self.context = context
         self.parameter = parameter
         self.rule = rule
-        return self
+        self
       end
+
       def create_hash_value
-          "#{self.type}#{self.context}#{self.parameter}#{self.database}#{self.schema}#{self.table}#{self.field}#{self.rule}".hash
+        "#{type}#{context}#{parameter}#{database}#{schema}#{table}#{field}#{rule}".hash
       end
-      def eql?(other_key)
-        self.hash == other_key.hash
+
+      def eql?(other)
+        hash == other.hash
       end
+
       def hash
-        self.create_hash_value
+        create_hash_value
       end
+
       def for_database(database, schema, table, field, rule)
-          self.type = ContextFilter::DATABASE
-          self.database = database
-          self.schema = schema
-          self.table = table
-          self.field = field
-          self.rule = rule
-          return self
+        self.type = ContextFilter::DATABASE
+        self.database = database
+        self.schema = schema
+        self.table = table
+        self.field = field
+        self.rule = rule
+        self
       end
-      def for_request(context, parameter, rule)
-          self.type = ContextFilter::REQUEST
-          self.context = context
-          self.parameter = parameter
-          self.rule = rule
-          return self
+
+      def for_request(context, parameter, rule) # rubocop:disable Lint/DuplicateMethods
+        self.type = ContextFilter::REQUEST
+        self.context = context
+        self.parameter = parameter
+        self.rule = rule
+        self
       end
     end
 
-
     class TCellData
       attr_accessor :transaction_id, :session_id, :hmac_session_id, :user_id,
-        :password, :route_id, :path, :uri, :fullpath, :context_filters_by_term,
-        :database_filters, :ip_address, :user_agent, :request_method,
-        :path_parameters, :patches_blocking_triggered, :grape_mount_endpoint,
-        :referrer, :csrf_exception_name, :sql_exceptions, :database_result_sizes
+                    :password, :route_id, :path, :uri, :fullpath, :context_filters_by_term,
+                    :database_filters, :ip_address, :user_agent, :request_method,
+                    :path_parameters, :patches_blocking_triggered, :grape_mount_endpoint,
+                    :referrer, :csrf_exception_name, :sql_exceptions, :database_result_sizes
 
       def self.filterx(sanitize_string, event_flag, replace_flag, term)
         send_event = false
-        sanitize_string.gsub!(term) {|m|
+        sanitize_string.gsub!(term) do |m|
           if replace_flag
-            m = "[redacted]"
+            m = '[redacted]'
             send_event = true
           elsif event_flag
             # m = "[hash]"
             send_event = true
           end
           m
-        }
-        return send_event
+        end
+        send_event
       end
+
       def initialize
         @patches_blocking_triggered = false
-        @context_filters_by_term = Hash.new{|h,k| h[k] = Set.new}
+        @context_filters_by_term = Hash.new { |h, k| h[k] = Set.new }
         @sql_exceptions = []
         @database_result_sizes = []
       end
-      def is_valid_term?(term)
-        if term != nil && term != '' && term.to_s.length >= 5
-          return true
-        end
-        return false
+
+      def valid_term?(term)
+        return true if !term.nil? && term != '' && term.to_s.length >= 5
+        false
       end
+
       def add_response_db_filter(term, action_obj, database, schema, table, field)
-        if is_valid_term?(term)
-            self.context_filters_by_term[term.to_s].add((ContextFilter.new).for_database(database, schema, table, field, action_obj))
-        end
+        return unless valid_term?(term)
+        context_filters_by_term[term.to_s].add(ContextFilter.new.for_database(database, schema, table, field, action_obj))
       end
+
       def add_filter_for_request_parameter(term, rule, parameter_name)
-        if is_valid_term?(term)
-            self.context_filters_by_term[term.to_s].add((ContextFilter.new).for_request("form", parameter_name, rule))
-        end
+        return unless valid_term?(term)
+        context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('form', parameter_name, rule))
       end
+
       def add_filter_for_header_value(term, rule, header_name)
-        if is_valid_term?(term)
-            self.context_filters_by_term[term.to_s].add((ContextFilter.new).for_request("header", header_name, rule))
-        end
-      end 
+        return unless valid_term?(term)
+        context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('header', header_name, rule))
+      end
+
       def add_filter_for_cookie_value(term, rule, cookie_name)
-        if is_valid_term?(term)
-            self.context_filters_by_term[term.to_s].add((ContextFilter.new).for_request("cookie", cookie_name, rule))
-        end
+        return unless valid_term?(term)
+        context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('cookie', cookie_name, rule))
       end
 
       def filter_body!(body)
-        dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
-        if dlp_policy && self.session_id
+        dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
+        if dlp_policy && session_id
           session_id_actions = dlp_policy.get_actions_for_session_id
           if session_id_actions
-            send_flag = TCellData.filterx(body, session_id_actions.body_event, session_id_actions.body_redact, self.session_id)
+            send_flag = TCellData.filterx(body, session_id_actions.body_event, session_id_actions.body_redact, session_id)
             if send_flag
               TCellAgent.send_event(
                 TCellAgent::SensorEvents::DlpEvent.new(
-                  self.route_id, 
-                  self.uri, 
+                  route_id,
+                  uri,
                   TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY,
                   session_id_actions.action_id
-                  ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
+                ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
               )
 
             end
           end
         end
-        self.context_filters_by_term.sort_by {|term,context_filters| -term.length }.each do |term, context_filters|
-          replace_filters = (context_filters.select {|context_filter| context_filter.rule.body_redact == true })
-          event_filters = (context_filters.select {|context_filter| (context_filter.rule.body_redact != true && context_filter.rule.body_event == true) })
-          send_flag = TCellData.filterx(body, event_filters.length > 0, replace_filters.length > 0, term)
-          send_flag = send_flag || TCellData.filterx(body, event_filters.length > 0, replace_filters.length > 0, CGI.escapeHTML(term))
-          if send_flag
-            (replace_filters + event_filters).each { |filter|
-              base_event = TCellAgent::SensorEvents::DlpEvent.new(
-                    self.route_id, 
-                    self.uri, 
-                    TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY,
-                    filter.rule.action_id
+        context_filters_by_term.sort_by { |term, _context_filters| -term.length }.each do |term, context_filters|
+          replace_filters = (context_filters.select { |context_filter| context_filter.rule.body_redact == true })
+          event_filters = (context_filters.select { |context_filter| (context_filter.rule.body_redact != true && context_filter.rule.body_event == true) })
+          send_flag = TCellData.filterx(body, !event_filters.empty?, !replace_filters.empty?, term)
+          send_flag ||= TCellData.filterx(body, !event_filters.empty?, !replace_filters.empty?, CGI.escapeHTML(term))
+          next unless send_flag
+          (replace_filters + event_filters).each do |filter|
+            base_event = TCellAgent::SensorEvents::DlpEvent.new(
+              route_id,
+              uri,
+              TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY,
+              filter.rule.action_id
+            )
+            if filter.type == ContextFilter::DATABASE
+              TCellAgent.send_event(
+                base_event.for_database(filter.database, filter.schema, filter.table, filter.field)
+              )
+            elsif filter.type == ContextFilter::REQUEST
+              TCellAgent.send_event(
+                base_event.for_request(filter.context, filter.parameter)
               )
-              if filter.type == ContextFilter::DATABASE
-                TCellAgent.send_event(
-                    base_event.for_database(filter.database, filter.schema, filter.table, filter.field)
-                )
-              elsif filter.type == ContextFilter::REQUEST
-                TCellAgent.send_event(
-                    base_event.for_request(filter.context, filter.parameter)
-                )
-              end
-            }
+            end
           end
         end
-        return body
+        body
       end
 
       def filter_log(log_msg)
-        dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
-        if dlp_policy && self.session_id
+        dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
+        if dlp_policy && session_id
           session_id_actions = dlp_policy.get_actions_for_session_id
           if session_id_actions
-            send_flag = TCellData.filterx(log_msg, session_id_actions.log_event, session_id_actions.log_redact, self.session_id)
+            send_flag = TCellData.filterx(log_msg, session_id_actions.log_event, session_id_actions.log_redact, session_id)
             if send_flag
               TCellAgent.send_event(
                 TCellAgent::SensorEvents::DlpEvent.new(
-                  self.route_id, 
-                  self.uri, 
+                  route_id,
+                  uri,
                   TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG,
                   session_id_actions.action_id
-                  ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
+                ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
               )
             end
           end
         end
-        self.context_filters_by_term.sort_by {|term,context_filters| -term.length }.each do |term, context_filters|
-          replace_filters = (context_filters.select {|context_filter| context_filter.rule.log_redact == true })
-          event_filters = (context_filters.select {|context_filter| (context_filter.rule.log_redact != true && context_filter.rule.log_event == true) })
-          send_flag = TCellData.filterx(log_msg, event_filters.length > 0, replace_filters.length > 0, term)
-          if send_flag
-            (replace_filters + event_filters).each { |filter|
-              base_event = TCellAgent::SensorEvents::DlpEvent.new(
-                    self.route_id, 
-                    self.uri, 
-                    TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG,
-                    filter.rule.action_id
+        context_filters_by_term.sort_by { |term, _context_filters| -term.length }.each do |term, context_filters|
+          replace_filters = (context_filters.select { |context_filter| context_filter.rule.log_redact == true })
+          event_filters = (context_filters.select { |context_filter| (context_filter.rule.log_redact != true && context_filter.rule.log_event == true) })
+          send_flag = TCellData.filterx(log_msg, !event_filters.empty?, !replace_filters.empty?, term)
+          next unless send_flag
+          (replace_filters + event_filters).each do |filter|
+            base_event = TCellAgent::SensorEvents::DlpEvent.new(
+              route_id,
+              uri,
+              TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG,
+              filter.rule.action_id
+            )
+            if filter.type == ContextFilter::DATABASE
+              TCellAgent.send_event(
+                base_event.for_database(filter.database, filter.schema, filter.table, filter.field)
               )
-              if filter.type == ContextFilter::DATABASE
-                TCellAgent.send_event(
-                    base_event.for_database(filter.database, filter.schema, filter.table, filter.field)
-                )
-              elsif filter.type == ContextFilter::REQUEST
-                TCellAgent.send_event(
-                    base_event.for_request(filter.context, filter.parameter)
-                )
-              end
-            }
+            elsif filter.type == ContextFilter::REQUEST
+              TCellAgent.send_event(
+                base_event.for_request(filter.context, filter.parameter)
+              )
+            end
           end
         end
-        return log_msg
+        log_msg
       end
 
       def to_s
-        "<#{self.class.name} transaction_id: #{transaction_id} session_id: #{session_id} " +
-        "hmac_session_id: #{hmac_session_id} user_id: #{user_id} route_id: #{route_id} " +
-        "uri: #{uri} context_filters_by_term: #{context_filters_by_term} " +
-        "database_filters: #{database_filters} ip_address: #{ip_address} user_agent: #{user_agent} " +
+        "<#{self.class.name} transaction_id: #{transaction_id} session_id: #{session_id} " \
+        "hmac_session_id: #{hmac_session_id} user_id: #{user_id} route_id: #{route_id} " \
+        "uri: #{uri} context_filters_by_term: #{context_filters_by_term} " \
+        "database_filters: #{database_filters} ip_address: #{ip_address} user_agent: #{user_agent} " \
         "request_method: #{@request_method} path_parameters: #{@path_parameters}>"
       end
-
     end
 
     def self.instrument_frameworks
@@ -222,20 +222,16 @@ module TCellAgent
     end
 
     def self.safe_block(message, &block)
-      begin
-        block.call()
-
-      rescue StandardError => ex
-        TCellAgent.logger.debug "Exception in safe_block #{message}: #{ex.class} happened, message is #{ex.message}"
-        TCellAgent.logger.debug(ex.backtrace)
-      end
+      block.call
+    rescue StandardError => ex
+      TCellAgent.logger.debug "Exception in safe_block #{message}: #{ex.class} happened, message is #{ex.message}"
+      TCellAgent.logger.debug(ex.backtrace)
     end
 
-    def self.safe_block_no_log(message, &block)
-      begin
-        block.call()
-      rescue StandardError
-      end
+    def self.safe_block_no_log(_message, &block)
+      block.call
+    rescue StandardError # rubocop:disable Lint/HandleExceptions
+      # do nothing
     end
   end
 end

data/lib/tcell_agent/logger.rb

@@ -5,7 +5,6 @@ require 'tcell_agent/configuration'
 require 'tcell_agent/utils/io'
 
 module TCellAgent
-
   class TaggedLogger
     def initialize(tag, logger)
       @tag = tag
@@ -38,11 +37,9 @@ module TCellAgent
   end
 
   class NullLoger < Logger
-   def initialize(*args)
-   end
+    def initialize(*args); end
 
-   def add(*args, &block)
-   end
+    def add(*args, &block); end
   end
 
   class TCellLogDevice < Logger::LogDevice
@@ -58,26 +55,18 @@ module TCellAgent
   @@logger_pid = Process.pid
   @null_logger = TCellAgent::NullLoger.new
 
-  def self.loggingLevelFromString(levelString)
-    if (levelString == "DEBUG")
-      return Logger::DEBUG
-    elsif (levelString == "WARN")
-      return Logger::WARN
-    elsif (levelString == "INFO")
-      return Logger::INFO
-    elsif (levelString == "ERROR")
-      return Logger::ERROR
-    elsif (levelString == "FATAL")
-      return Logger::FATAL
-    end
+  def self.logging_level_from_string(level_string)
+    return Logger::DEBUG if level_string == 'DEBUG'
+    return Logger::WARN if level_string == 'WARN'
+    return Logger::INFO if level_string == 'INFO'
+    return Logger::ERROR if level_string == 'ERROR'
+    return Logger::FATAL if level_string == 'FATAL'
 
-    return Logger::INFO
+    Logger::INFO
   end
 
   def self.appfirewall_payloads_logger
-    if TCellAgent.configuration.enabled == false
-      return @null_logger
-    end
+    return @null_logger unless TCellAgent.configuration.enabled
 
     if defined?(@paylods_logger) && @logger_pid == Process.pid
       return @payloads_logger
@@ -96,34 +85,30 @@ module TCellAgent
 
     log_device = TCellLogDevice.new(
       TCellAgent.configuration.appfirewall_payloads_log_filename,
-      :shift_age => 9, :shift_size => 5242880
+      :shift_age => 9, :shift_size => 5_242_880
     )
     @payloads_logger = Logger.new(log_device)
     @payloads_logger.level = Logger::INFO
-    @payloads_logger.formatter = proc do |severity, datetime, progname, msg|
-      date_format = datetime.strftime("%Y-%m-%dT%H:%M:%S.%L%:z")
-       "#{date_format} - #{msg}\n"
+    @payloads_logger.formatter = proc do |_severity, datetime, _progname, msg|
+      date_format = datetime.strftime('%Y-%m-%dT%H:%M:%S.%L%:z')
+      "#{date_format} - #{msg}\n"
     end
 
-    return @payloads_logger
+    @payloads_logger
   end
 
   def self.logger
-    if TCellAgent.configuration.enabled == false
-      return @null_logger
-    end
+    return @null_logger unless TCellAgent.configuration.enabled
 
-    if defined?(@logger) && @logger_pid == Process.pid
-      return @logger
-    end
+    return @logger if defined?(@logger) && @logger_pid == Process.pid
 
     if TCellAgent.configuration.logger
       @logger_pid = Process.pid
-      if TCellAgent.configuration.log_tag
-        @logger = TCellAgent::TaggedLogger.new(TCellAgent.configuration.log_tag, TCellAgent.configuration.logger)
-      else
-        @logger = TCellAgent.configuration.logger
-      end
+      @logger = if TCellAgent.configuration.log_tag
+                  TCellAgent::TaggedLogger.new(TCellAgent.configuration.log_tag, TCellAgent.configuration.logger)
+                else
+                  TCellAgent.configuration.logger
+                end
 
       return @logger
     end
@@ -131,23 +116,23 @@ module TCellAgent
     @logger_pid = Process.pid
     logging_options = TCellAgent.configuration.logging_options || {}
 
-    use_default_setting = !logging_options.has_key?(:enabled) && !logging_options.has_key?("enabled")
+    use_default_setting = !logging_options.key?(:enabled) && !logging_options.key?('enabled')
 
-    if use_default_setting || logging_options[:enabled] || logging_options["enabled"]
+    if use_default_setting || logging_options[:enabled] || logging_options['enabled']
       logging_file = TCellAgent.configuration.log_filename
       logging_directory = File.dirname(logging_file)
       TCellAgent::Utils::IO.create_directory(logging_directory, TCellAgent.configuration.agent_home_owner.to_s)
 
-      log_device = TCellLogDevice.new(logging_file, :shift_age => 9, :shift_size => 5242880)
+      log_device = TCellLogDevice.new(logging_file, :shift_age => 9, :shift_size => 5_242_880)
 
-      level = loggingLevelFromString(logging_options[:level] || logging_options["level"])
+      level = logging_level_from_string(logging_options[:level] || logging_options['level'])
       # limit the total log file to about 9 * 5 = 45 mb
       @logger = Logger.new(log_device)
       @logger.level = level
-      @logger.formatter = proc do |severity, datetime, progname, msg|
+      @logger.formatter = proc do |severity, datetime, _progname, msg|
         # ISO 8601 format
-        date_format = datetime.strftime("%Y-%m-%dT%H:%M:%S.%L%:z")
-         "#{date_format} - [#{TCellAgent::VERSION}] - #{severity}[#{@logger_pid}]: #{msg}\n"
+        date_format = datetime.strftime('%Y-%m-%dT%H:%M:%S.%L%:z')
+        "#{date_format} - [#{TCellAgent::VERSION}] - #{severity}[#{@logger_pid}]: #{msg}\n"
       end
 
       return @logger
@@ -162,5 +147,4 @@ module TCellAgent
   def self.logger=(logger)
     @logger = logger
   end
-
 end