RubyGems - tcell_agent - Versions diffs - 1.1.3 → 1.1.4 - Mend

tcell_agent 1.1.3 → 1.1.4

Files changed (118) hide show

checksums.yaml +4 -4
data/bin/tcell_agent +10 -2
data/lib/tcell_agent.rb +3 -3
data/lib/tcell_agent/agent.rb +42 -52
data/lib/tcell_agent/agent/event_processor.rb +129 -162
data/lib/tcell_agent/agent/fork_pipe_manager.rb +57 -62
data/lib/tcell_agent/agent/policy_manager.rb +83 -104
data/lib/tcell_agent/agent/policy_types.rb +24 -29
data/lib/tcell_agent/agent/route_manager.rb +36 -46
data/lib/tcell_agent/agent/static_agent.rb +19 -21
data/lib/tcell_agent/api.rb +23 -28
data/lib/tcell_agent/appsensor/injections_reporter.rb +7 -11
data/lib/tcell_agent/authlogic.rb +7 -7
data/lib/tcell_agent/cmdi.rb +22 -23
data/lib/tcell_agent/config/unknown_options.rb +71 -69
data/lib/tcell_agent/configuration.rb +187 -191
data/lib/tcell_agent/devise.rb +13 -15
data/lib/tcell_agent/hooks/login_fraud.rb +1 -1
data/lib/tcell_agent/instrumentation.rb +120 -124
data/lib/tcell_agent/logger.rb +29 -45
data/lib/tcell_agent/patches.rb +5 -5
data/lib/tcell_agent/policies/dataloss_policy.rb +263 -288
data/lib/tcell_agent/policies/http_redirect_policy.rb +25 -37
data/lib/tcell_agent/policies/http_tx_policy.rb +48 -52
data/lib/tcell_agent/policies/login_fraud_policy.rb +15 -20
data/lib/tcell_agent/policies/policy.rb +0 -2
data/lib/tcell_agent/policies/rust_policies.rb +24 -29
data/lib/tcell_agent/rails.rb +2 -3
data/lib/tcell_agent/rails/auth/authlogic.rb +2 -2
data/lib/tcell_agent/rails/auth/devise.rb +2 -2
data/lib/tcell_agent/rails/auth/doorkeeper.rb +2 -2
data/lib/tcell_agent/rails/better_ip.rb +12 -16
data/lib/tcell_agent/rails/csrf_exception.rb +4 -7
data/lib/tcell_agent/rails/dlp.rb +208 -107
data/lib/tcell_agent/rails/dlp/process_request.rb +37 -47
data/lib/tcell_agent/rails/dlp_handler.rb +9 -11
data/lib/tcell_agent/rails/js_agent_insert.rb +11 -14
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +8 -7
data/lib/tcell_agent/rails/middleware/context_middleware.rb +4 -5
data/lib/tcell_agent/rails/middleware/global_middleware.rb +5 -8
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +24 -27
data/lib/tcell_agent/rails/on_start.rb +5 -5
data/lib/tcell_agent/rails/responses.rb +7 -9
data/lib/tcell_agent/rails/routes.rb +62 -81
data/lib/tcell_agent/rails/routes/grape.rb +25 -30
data/lib/tcell_agent/rails/routes/route_id.rb +9 -14
data/lib/tcell_agent/rails/settings_reporter.rb +44 -33
data/lib/tcell_agent/rails/tcell_body_proxy.rb +15 -18
data/lib/tcell_agent/routes/table.rb +31 -33
data/lib/tcell_agent/rust/{libtcellagent-1.3.0.dylib → libtcellagent-1.3.1.dylib} +0 -0
data/lib/tcell_agent/rust/{libtcellagent-1.3.0.so → libtcellagent-1.3.1.so} +0 -0
data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.0.so → libtcellagent-alpine-1.3.1.so} +0 -0
data/lib/tcell_agent/rust/models.rb +32 -37
data/lib/tcell_agent/rust/tcellagent-1.3.1.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +101 -104
data/lib/tcell_agent/sensor_events/app_config.rb +7 -7
data/lib/tcell_agent/sensor_events/appsensor_event.rb +26 -27
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +20 -88
data/lib/tcell_agent/sensor_events/command_injection.rb +52 -80
data/lib/tcell_agent/sensor_events/discovery.rb +27 -27
data/lib/tcell_agent/sensor_events/dlp.rb +50 -56
data/lib/tcell_agent/sensor_events/honeytokens.rb +9 -9
data/lib/tcell_agent/sensor_events/metrics.rb +20 -21
data/lib/tcell_agent/sensor_events/patches.rb +10 -12
data/lib/tcell_agent/sensor_events/sensor.rb +32 -36
data/lib/tcell_agent/sensor_events/server_agent.rb +130 -127
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +60 -80
data/lib/tcell_agent/sensor_events/util/utils.rb +3 -5
data/lib/tcell_agent/servers/passenger.rb +5 -9
data/lib/tcell_agent/servers/puma.rb +18 -27
data/lib/tcell_agent/servers/rails_server.rb +5 -9
data/lib/tcell_agent/servers/thin.rb +2 -4
data/lib/tcell_agent/servers/unicorn.rb +18 -27
data/lib/tcell_agent/servers/webrick.rb +2 -4
data/lib/tcell_agent/settings_reporter.rb +126 -0
data/lib/tcell_agent/sinatra.rb +24 -26
data/lib/tcell_agent/start_background_thread.rb +21 -142
data/lib/tcell_agent/system_info.rb +4 -3
data/lib/tcell_agent/tcell_context.rb +150 -0
data/lib/tcell_agent/userinfo.rb +3 -3
data/lib/tcell_agent/utils/io.rb +19 -24
data/lib/tcell_agent/utils/params.rb +9 -15
data/lib/tcell_agent/utils/queue_with_timeout.rb +26 -32
data/lib/tcell_agent/utils/strings.rb +4 -6
data/lib/tcell_agent/version.rb +1 -1
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +5 -5
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +7 -7
data/spec/lib/tcell_agent/cmdi_spec.rb +21 -21
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +29 -24
data/spec/lib/tcell_agent/instrumentation_spec.rb +4 -4
data/spec/lib/tcell_agent/patches_spec.rb +8 -8
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +23 -23
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +2 -2
data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +69 -0
data/spec/lib/tcell_agent/rails/dlp_spec.rb +1039 -0
data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +271 -0
data/spec/lib/tcell_agent/rails/logger_spec.rb +5 -5
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +3 -3
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -4
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +5 -5
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +1 -1
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +11 -8
data/spec/lib/tcell_agent/rails/responses_spec.rb +2 -2
data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +2 -2
data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +1 -1
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +4 -4
data/spec/lib/tcell_agent/rust/models_spec.rb +83 -75
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +14 -14
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +19 -70
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +1 -1
data/spec/lib/tcell_agent/settings_reporter_spec.rb +162 -0
data/spec/lib/tcell_agent/tcell_context_spec.rb +154 -0
data/spec/spec_helper.rb +5 -0
metadata +18 -10
data/lib/tcell_agent/appsensor/meta_data.rb +0 -132
data/lib/tcell_agent/patches/meta_data.rb +0 -59
data/lib/tcell_agent/rust/tcellagent-1.3.0.dll +0 -0
data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +0 -71

@@ -1,13 +1,14 @@
+require 'tcell_agent/tcell_context'
 module TCellAgent
   module Instrumentation
     module Patches
       def self.block?(request)
-        TCellAgent::Instrumentation.safe_block("Checking patches blocking") do
-          rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::Rust)
+        TCellAgent::Instrumentation.safe_block('Checking patches blocking') do
+          rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
           if rust_policies && rust_policies.patches_enabled
-            meta_data = TCellAgent::Patches::MetaData.build(request)
+            meta_data = TCellAgent::MetaData.from_request(request)
             block_request = rust_policies.block_request?(meta_data)
             request.env[TCellAgent::Instrumentation::TCELL_ID].patches_blocking_triggered = block_request
@@ -18,6 +19,5 @@ module TCellAgent
         false
       end
     end
   end
 end

data/lib/tcell_agent/policies/dataloss_policy.rb CHANGED

@@ -1,322 +1,297 @@
 require 'set'
 require 'tcell_agent/policies/policy'
 module TCellAgent
-    module Policies
-        class DataLossPolicy < Policy
-            class FilterActions
-                attr_accessor :body_event
-                attr_accessor :body_redact
-                attr_accessor :body_hash
-                attr_accessor :log_event
-                attr_accessor :log_redact
-                attr_accessor :log_hash
-                attr_accessor :action_id
-            end
-            class RequestProtectionManager
-                FORM = "form"
-                COOKIE = "cookie"
-                HEADER = "header"
+  module Policies
+    class DataLossPolicy < Policy # rubocop:disable Metrics/ClassLength
+      class FilterActions
+        attr_accessor :body_event
+        attr_accessor :body_redact
+        attr_accessor :body_hash
+        attr_accessor :log_event
+        attr_accessor :log_redact
+        attr_accessor :log_hash
+        attr_accessor :action_id
+      end
+      class RequestProtectionManager
+        FORM = 'form'.freeze
+        COOKIE = 'cookie'.freeze
+        HEADER = 'header'.freeze
+      end
+      attr_accessor :enabled
+      attr_accessor :session_id_filter_actions
+      attr_accessor :request_filter_actions
+      attr_accessor :database_filter_actions
+      attr_accessor :policy_id
+      attr_accessor :table_field_actions
+      attr_accessor :session_id_actions
+      attr_accessor :database_actions
+      attr_accessor :database_discovery_enabled
+      attr_accessor :field_redact_body
+      attr_accessor :field_alerts
+      def initialize
+        init_options
+      end
+      def init_options
+        @enabled = false
+        @policy_id = nil
+        @table_field_actions = {}
+        @session_id_actions = []
+        @database_discovery_enabled = false
+        @field_redact_body = Set.new # ["work_infos.SSN"].to_set #
+        @field_alerts = Set.new
+        @session_id_filter_actions = nil
+        @request_filter_actions = {
+          RequestProtectionManager::FORM => Hash.new { |h, k| h[k] = Hash.new { |i_h, i_k| i_h[i_k] = Set.new } },
+          RequestProtectionManager::COOKIE => Hash.new { |h, k| h[k] = Hash.new { |i_h, i_k| i_h[i_k] = Set.new } },
+          RequestProtectionManager::HEADER => Hash.new { |h, k| h[k] = Hash.new { |i_h, i_k| i_h[i_k] = Set.new } }
+        }
+        @database_actions = Hash.new do |h, k|
+          h[k] = Hash.new do |d_h, d_k|
+            d_h[d_k] = Hash.new do |s_h, s_k|
+              s_h[s_k] = Hash.new do |t_h, t_k|
+                t_h[t_k] = Hash.new do |f_h, f_k|
+                  f_h[f_k] = Set.new
+                end
+              end
             end
+          end
+        end
-            attr_accessor :enabled
-            attr_accessor :session_id_filter_actions
-            attr_accessor :request_filter_actions
-            attr_accessor :database_filter_actions
-            # {
-            #    {"context":[]}
-            # }
-            attr_accessor :policy_id
-            attr_accessor :table_field_actions
-            attr_accessor :session_id_actions
-            attr_accessor :database_actions
-            attr_accessor :database_discovery_enabled
-            attr_accessor :field_redact_body
-            attr_accessor :field_alerts
-            def initialize
-                self.init_options
-            end
+        @log_actions = nil
+      end
-            def init_options
-                @enabled = false
-                @policy_id = nil
+      def get_actions_for_session_id(_route_id = nil)
+        @session_id_filter_actions
+      end
-                @table_field_actions = {}
-                @session_id_actions = []
+      def actions_for_form_parameter?
+        !@request_filter_actions[RequestProtectionManager::FORM].empty?
+      end
-                @database_discovery_enabled = false
+      def actions_for_headers?
+        !@request_filter_actions[RequestProtectionManager::HEADER].empty?
+      end
-                @field_redact_body = Set.new #["work_infos.SSN"].to_set #
-                @field_alerts = Set.new
+      def actions_for_cookie?
+        !@request_filter_actions[RequestProtectionManager::COOKIE].empty?
+      end
-                @session_id_filter_actions = nil
-                @request_filter_actions = {
-                    RequestProtectionManager::FORM=>Hash.new{|h,k| h[k] = Hash.new{|h,k| h[k] = Set.new}},
-                    RequestProtectionManager::COOKIE=>Hash.new{|h,k| h[k] = Hash.new{|h,k| h[k] = Set.new}},
-                    RequestProtectionManager::HEADER=>Hash.new{|h,k| h[k] = Hash.new{|h,k| h[k] = Set.new}}
-                }
-                @database_actions = Hash.new{|h,k| h[k] = Hash.new{|h,k| h[k] = Hash.new{|h,k| h[k] = Hash.new{|h,k| h[k] = Hash.new{|h,k| h[k] = Set.new}}}}}
+      def get_actions_for_cookie(cookie_name, route_id = nil)
+        get_actions_for_request(RequestProtectionManager::COOKIE, cookie_name, route_id)
+      end
-                @log_actions = nil
-            end
+      def get_actions_for_header(header_name, route_id = nil)
+        get_actions_for_request(RequestProtectionManager::HEADER, header_name.downcase, route_id)
+      end
-            def get_actions_for_session_id(route_id=nil)
-                return @session_id_filter_actions
-            end
+      def get_actions_for_form_parameter(parameter_name, route_id = nil)
+        get_actions_for_request(RequestProtectionManager::FORM, parameter_name.downcase, route_id)
+      end
-            def has_actions_for_form_parameter?
-                return @request_filter_actions[RequestProtectionManager::FORM].size > 0
+      def get_actions_for_request(context, variable, route_id = nil)
+        return nil if context.nil? || variable.nil?
+        route_id = '*' if route_id.nil?
+        if context != RequestProtectionManager::COOKIE
+          variable = variable.downcase
+        end
+        actions = Set.new
+        if @request_filter_actions.key?(context)
+          if @request_filter_actions[context].key?(route_id)
+            if @request_filter_actions[context][route_id].key?(variable)
+              actions.merge(@request_filter_actions[context][route_id][variable])
             end
-            def has_actions_for_headers?
-                return @request_filter_actions[RequestProtectionManager::HEADER].size > 0
+          end
+          if route_id != '*' && @request_filter_actions[context].key?('*')
+            if @request_filter_actions[context]['*'].key?(variable)
+              actions.merge(@request_filter_actions[context]['*'][variable])
             end
-            def has_actions_for_cookie?
-                return @request_filter_actions[RequestProtectionManager::COOKIE].size > 0
+          end
+        end
+        return nil if actions.size <= 0
+        actions
+      end
+      def get_actions_for_table(database, schema, table, field, route_id = '*')
+        route_id = '*' if route_id.nil?
+        actions = Set.new
+        [database, '*'].each do |d|
+          next if @database_actions.key?(d) == false
+          [schema, '*'].each do |s|
+            next if @database_actions[d].key?(s) == false
+            [table, '*'].each do |t|
+              next if @database_actions[d][s].key?(t) == false
+              [field, '*'].each do |f|
+                next if @database_actions[d][s][t].key?(f) == false
+                route_id_rules = @database_actions[d][s][t][f]
+                if route_id_rules.key?(route_id)
+                  actions.merge(@database_actions[d][s][t][f][route_id])
+                end
+                if route_id != '*' && route_id_rules.key?('*')
+                  actions.merge(@database_actions[d][s][t][f]['*'])
+                end
+              end
             end
+          end
+        end
+        return nil if actions.empty?
+        actions
+      end
+      def get_actions_for(table, field)
+        actions = Set.new
+        key = "#{table}.#{field}"
+        actions.merge(@table_field_actions.fetch(key, [].to_set))
+        actions
+      end
+      def self.actions_from_json(options)
+        actions = nil
+        if options.key?('log')
+          if options['log'].include? 'redact'
+            actions ||= FilterActions.new
+            actions.log_redact = true
+          end
+          if options['log'].include? 'event'
+            actions ||= FilterActions.new
+            actions.log_event = true
+          end
+          if options['log'].include? 'hash'
+            actions ||= FilterActions.new
+            actions.log_hash = true
+          end
+        end
+        if options.key?('body')
+          if options['body'].include? 'redact'
+            actions ||= FilterActions.new
+            actions.body_redact = true
+          end
+          if options['body'].include? 'event'
+            actions ||= FilterActions.new
+            actions.body_event = true
+          end
+          if options['body'].include? 'hash'
+            actions ||= FilterActions.new
+            actions.body_hash = true
+          end
+        end
+        actions
+      end
-            def get_actions_for_cookie(cookie_name, route_id=nil)
-                get_actions_for_request(RequestProtectionManager::COOKIE, cookie_name, route_id)
-            end
+      def self.from_json(policy_json)
+        return nil unless policy_json
-            def get_actions_for_header(header_name, route_id=nil)
-                get_actions_for_request(RequestProtectionManager::HEADER, header_name.downcase, route_id)
-            end
+        policy = DataLossPolicy.new
+        policy.policy_id = policy_json['policy_id']
+        raise 'Policy ID missing' unless policy.policy_id
-            def get_actions_for_form_parameter(parameter_name, route_id=nil)
-                get_actions_for_request(RequestProtectionManager::FORM, parameter_name.downcase, route_id)
-            end
+        data_json = (policy_json['data'] || {})
-            def get_actions_for_request(context, variable, route_id=nil)
-                if (context == nil || variable == nil)
-                    return nil
-                end
-                if (route_id == nil)
-                    route_id = "*"
-                end
-                if (context != RequestProtectionManager::COOKIE)
-                    variable = variable.downcase
-                end
-                actions = Set.new
-                if @request_filter_actions.has_key?(context)
-                    if @request_filter_actions[context].has_key?(route_id)
-                        if @request_filter_actions[context][route_id].has_key?(variable)
-                            actions.merge(@request_filter_actions[context][route_id][variable])
-                        end
-                    end
-                    if route_id != "*" && @request_filter_actions[context].has_key?("*")
-                        if @request_filter_actions[context]["*"].has_key?(variable)
-                            actions.merge(@request_filter_actions[context]["*"][variable])
-                        end
-                    end
-                end
-                if (actions.size <= 0)
-                    return nil
-                end
-                return actions
-            end
+        if data_json.key?('data_discovery')
+          data_discovery_json = data_json['data_discovery']
+          policy.database_discovery_enabled = data_discovery_json.fetch('database_enabled', false)
+          policy.enabled = policy.database_discovery_enabled
+        end
-            def get_actions_for_table(database, schema, table, field, route_id="*")
-                if route_id == nil
-                    route_id = "*"
-                end
-                actions = Set.new
-                [database, "*"].each do |d|
-                    if (@database_actions.has_key?(d) == false)
-                        next
-                    end
-                    [schema, "*"].each do |s|
-                        if (@database_actions[d].has_key?(s) == false)
-                            next
-                        end
-                        [table, "*"].each do |t|
-                            if (@database_actions[d][s].has_key?(t) == false)
-                                next
-                            end
-                            [field, "*"].each do |f|
-                                if (@database_actions[d][s][t].has_key?(f) == false)
-                                    next
-                                end
-                                route_id_rules = @database_actions[d][s][t][f]
-                                if (route_id_rules.has_key?(route_id))
-                                    actions.merge(@database_actions[d][s][t][f][route_id])
-                                end
-                                if (route_id != "*" && route_id_rules.has_key?("*"))
-                                    actions.merge(@database_actions[d][s][t][f]["*"])
-                                end
-                            end
-                        end
-                    end
-                end
-                if (actions.size == 0)
-                    return nil
-                end
-                actions
-            end
+        if data_json.key?('session_id_protections')
+          session_id_protection = data_json['session_id_protections']
+          rule_id = session_id_protection.fetch('id', nil)
+          filter_actions = DataLossPolicy.actions_from_json(session_id_protection)
+          unless filter_actions.nil?
+            policy.enabled = true
+            filter_actions.action_id = rule_id
+            policy.session_id_filter_actions = filter_actions
+          end
+        end
-            def get_actions_for(table, field)
-                actions = Set.new
-                key = "#{table}.#{field}"
-                actions.merge(@table_field_actions.fetch(key,[].to_set))
-                return actions
+        if data_json.key?('request_protections')
+          data_json['request_protections'].each do |protection|
+            context = protection.fetch('variable_context', nil)
+            variables = protection.fetch('variables', nil)
+            scope = protection.fetch('scope', 'global')
+            rule_id = protection.fetch('id', nil)
+            options = protection.fetch('actions', nil)
+            route_ids = []
+            if scope == 'global'
+              route_ids = ['*']
+            elsif scope == 'route'
+              route_ids = protection.fetch('route_ids', [])
+            else
+              next
             end
-            def self.actions_from_json(options)
-                actions = nil
-                if options.has_key?("log")
-                    if (options["log"].include? "redact")
-                        actions ||= FilterActions.new
-                        actions.log_redact = true
-                    end
-                    if (options["log"].include? "event")
-                        actions ||= FilterActions.new
-                        actions.log_event = true
-                    end
-                    if (options["log"].include? "hash")
-                        actions ||= FilterActions.new
-                        actions.log_hash = true
-                    end
-                end
-                if options.has_key?("body")
-                    if (options["body"].include? "redact")
-                        actions ||= FilterActions.new
-                        actions.body_redact = true
-                    end
-                    if (options["body"].include? "event")
-                        actions ||= FilterActions.new
-                        actions.body_event = true
-                    end
-                    if (options["body"].include? "hash")
-                        actions ||= FilterActions.new
-                        actions.body_hash = true
-                    end
-                end
-                actions
-            end
-            def self.from_json(policy_json)
-                if (!policy_json)
-                    return nil
-                end
-                policy = DataLossPolicy.new
-                if policy_json.has_key?("policy_id")
-                    policy.policy_id = policy_json["policy_id"]
+            next unless context && policy.request_filter_actions.key?(context) && variables && options
+            filter_actions = DataLossPolicy.actions_from_json(options)
+            next if filter_actions.nil?
+            policy.enabled = true
+            filter_actions.action_id = rule_id
+            variables.each do |variable|
+              route_ids.each  do |route_id|
+                if context == RequestProtectionManager::COOKIE
+                  # Case sensitive variable name
+                  policy.request_filter_actions[context][route_id][variable].add(filter_actions)
                 else
-                    raise "Policy ID missing"
+                  policy.request_filter_actions[context][route_id][variable.downcase].add(filter_actions)
                 end
+              end
+            end
+          end
+        end
-                if policy_json.has_key?("data")
-                    data_json = policy_json["data"]
-                    if data_json.has_key?("data_discovery")
-                        data_discovery_json = data_json["data_discovery"]
-                        policy.database_discovery_enabled = data_discovery_json.fetch('database_enabled', false)
-                        policy.enabled = policy.database_discovery_enabled
-                    end
-                    if data_json.has_key?("session_id_protections")
-                        session_id_protection = data_json["session_id_protections"]
-                        rule_id = session_id_protection.fetch("id",nil)
-                        filter_actions = DataLossPolicy.actions_from_json(session_id_protection)
-                        if filter_actions != nil
-                            policy.enabled = true
-                            filter_actions.action_id = rule_id
-                            policy.session_id_filter_actions = filter_actions
-                        end
-                    end
-                    if data_json.has_key?("request_protections")
-                        data_json["request_protections"].each do |protection|
-                            context = protection.fetch('variable_context', nil)
-                            variables = protection.fetch('variables', nil)
-                            scope = protection.fetch('scope', "global")
-                            rule_id = protection.fetch("id",nil)
-                            options = protection.fetch('actions', nil)
-                            route_ids = []
-                            if (scope == "global")
-                                route_ids = ["*"]
-                            elsif (scope == "route")
-                                route_ids = protection.fetch("route_ids",[])
-                            else
-                                next
-                            end
-                            if context && policy.request_filter_actions.has_key?(context) && variables && options
-                                filter_actions = DataLossPolicy.actions_from_json(options)
-                                if filter_actions != nil
-                                    policy.enabled = true
-                                    filter_actions.action_id = rule_id
-                                    variables.each do |variable|
-                                        route_ids.each  do |route_id|
-                                            if (context == RequestProtectionManager::COOKIE)
-                                                # Case sensitive variable name
-                                                policy.request_filter_actions[context][route_id][variable].add(filter_actions)
-                                            else
-                                                policy.request_filter_actions[context][route_id][variable.downcase].add(filter_actions)
-                                            end
-                                        end
-                                    end
-                                end
-                            end
-                        end
-                    end
-                    if data_json.has_key?("db_protections")
-                        protections = data_json["db_protections"]
-                        if protections
-                            protections.each do |protection_json|
-                                scope = protection_json.fetch("scope",nil)
-                                _databases = protection_json.fetch("databases",["*"])
-                                _schemas = protection_json.fetch("schemas",["*"])
-                                _tables = protection_json.fetch("tables",["*"])
-                                _fields = protection_json.fetch("fields",nil)
-                                rule_id = protection_json.fetch("id",nil)
-                                actions = protection_json.fetch("actions",{})
-                                filter_actions = DataLossPolicy.actions_from_json(actions)
-                                _route_ids = ["*"]
-                                if scope != nil && scope != "global"
-                                    if scope=="route"
-                                        _route_ids = protection_json.fetch("route_ids",[])
-                                    end
-                                end
-                                if _fields == nil
-                                    next
-                                elsif filter_actions == nil
-                                    next
-                                end
-                                policy.enabled = true
-                                filter_actions.action_id = rule_id
-                                _databases.each do |_database|
-                                    _schemas.each do |_schema|
-                                        _tables.each do |_table|
-                                            _fields.each do |_field|
-                                                _route_ids.each do |_route_id|
-                                                    policy.database_actions[_database][_schema][_table][_field][_route_id].add(filter_actions)
-                                                end
-                                            end
-                                        end
-                                    end
-                                end
-                            end
-                        end
+        if data_json.key?('db_protections')
+          protections = data_json['db_protections']
+          if protections
+            protections.each do |protection_json|
+              scope = protection_json.fetch('scope', nil)
+              databases = protection_json.fetch('databases', ['*'])
+              schemas = protection_json.fetch('schemas', ['*'])
+              tables = protection_json.fetch('tables', ['*'])
+              fields = protection_json.fetch('fields', nil)
+              rule_id = protection_json.fetch('id', nil)
+              actions = protection_json.fetch('actions', {})
+              filter_actions = DataLossPolicy.actions_from_json(actions)
+              route_ids = ['*']
+              if !scope.nil? && scope != 'global' && scope == 'route'
+                route_ids = protection_json.fetch('route_ids', [])
+              end
+              next if fields.nil? || filter_actions.nil?
+              policy.enabled = true
+              filter_actions.action_id = rule_id
+              databases.each do |database|
+                schemas.each do |schema|
+                  tables.each do |table|
+                    fields.each do |field|
+                      route_ids.each do |route_id|
+                        policy.database_actions[database][schema][table][field][route_id].add(filter_actions)
+                      end
                     end
+                  end
                 end
-                return policy
+              end
             end
+          end
         end
+        policy
+      end
     end
+  end
 end