tcell_agent 1.1.3 → 1.1.4

data/lib/tcell_agent/policies/http_redirect_policy.rb

@@ -6,7 +6,6 @@ require 'tcell_agent/logger'
 
 module TCellAgent
   module Policies
-
     class HttpRedirectPolicy < Policy
       attr_accessor :policy_id, :enabled, :whitelist, :block, :data_scheme_allowed
 
@@ -19,7 +18,7 @@ module TCellAgent
       end
 
       def suspicious_redirect?(host, current_host)
-        if (!(host) || host == "" || host == current_host)
+        if !host || host == '' || host == current_host
           # local redirect
           return false
         end
@@ -33,22 +32,18 @@ module TCellAgent
         true
       end
 
-      def enforce(target_uri, request_uri, current_path, method, route_id, status_code, remote_addr, hmac_session_id=nil)
+      def enforce(target_uri, request_uri, current_path, method, route_id, status_code, remote_addr, hmac_session_id = nil)
         return nil unless @enabled
 
         current_host = URI.parse(request_uri).host
-        if target_uri.downcase.start_with?("data:")
-          if @data_scheme_allowed
-            return nil
-          end
+        if target_uri.downcase.start_with?('data:')
+          return nil if @data_scheme_allowed
 
-          target_host = target_uri.split(",")[0]
+          target_host = target_uri.split(',')[0]
 
         else
           target_host = URI.parse(target_uri).host
-          if !self.suspicious_redirect?(target_host, current_host)
-            return nil
-          end
+          return nil unless suspicious_redirect?(target_host, current_host)
         end
 
         begin
@@ -61,48 +56,41 @@ module TCellAgent
             status_code,
             remote_addr,
             hmac_session_id,
-            nil)
+            nil
+          )
 
           TCellAgent.send_event(event)
         rescue StandardError => ie
           TCellAgent.logger.error("uncaught exception while creating redirect event: #{ie.message}")
         end
 
-        if @block
-          return "/"
-        else
-          return nil
-        end
+        return '/' if @block
+
+        nil
       end
 
       def self.from_json(policy_json)
-        if (!policy_json)
-          return nil
-        end
+        return nil unless policy_json
 
         http_redirect_policy = HttpRedirectPolicy.new
-        if policy_json.has_key?("policy_id")
-          http_redirect_policy.policy_id = policy_json["policy_id"]
-        else
-          raise "Policy ID missing"
-        end
+        http_redirect_policy.policy_id = policy_json['policy_id']
+        raise 'Policy ID missing' unless http_redirect_policy.policy_id
 
-        if policy_json.has_key?("data")
-          policy_data_json = policy_json["data"]
-          http_redirect_policy.enabled = policy_data_json.fetch("enabled", false)
-          http_redirect_policy.block = policy_data_json.fetch("block", false)
-          http_redirect_policy.data_scheme_allowed = policy_data_json.fetch("data_scheme_allowed", false)
+        policy_data_json = policy_json['data']
+        return http_redirect_policy unless policy_data_json
 
-          http_redirect_policy.whitelist = []
-          policy_data_json.fetch("whitelist", []).each do |regex_pattern|
-            escaped = Regexp.escape(regex_pattern).gsub('\*','.*?')
-            http_redirect_policy.whitelist.push(Regexp.new("^#{escaped}$", Regexp::IGNORECASE))
-          end
+        http_redirect_policy.enabled = policy_data_json.fetch('enabled', false)
+        http_redirect_policy.block = policy_data_json.fetch('block', false)
+        http_redirect_policy.data_scheme_allowed = policy_data_json.fetch('data_scheme_allowed', false)
+
+        http_redirect_policy.whitelist = []
+        policy_data_json.fetch('whitelist', []).each do |regex_pattern|
+          escaped = Regexp.escape(regex_pattern).gsub('\*', '.*?')
+          http_redirect_policy.whitelist.push(Regexp.new("^#{escaped}$", Regexp::IGNORECASE))
         end
 
-        return http_redirect_policy
+        http_redirect_policy
       end
     end
-
   end
 end

data/lib/tcell_agent/policies/http_tx_policy.rb

@@ -1,64 +1,60 @@
-#{}"http-tx": {
+# {}"http-tx": {
 #        "policy_id":"afh023",
 #        "types": {
 #               "firehose": { enabled: true },
-#{}"auth_framework_only": {enabled: true},
-#{}"{}structure": {enabled: true },
-#{}"fingerprint": {enabled: true }
-#}
-#},
+# {}"auth_framework_only": {enabled: true},
+# {}"{}structure": {enabled: true },
+# {}"fingerprint": {enabled: true }
+# }
+# },
 
 require 'tcell_agent/policies/policy'
 
-
 module TCellAgent
-    module Policies
-        class HttpTxPolicy < Policy
-            attr_accessor :policy_id
-            attr_accessor :firehose
-            attr_accessor :auth_framework
-            attr_accessor :profile
-            attr_accessor :fingerprint
+  module Policies
+    class HttpTxPolicy < Policy
+      attr_accessor :policy_id, :firehose, :auth_framework, :profile, :fingerprint
+
+      def initialize
+        @firehose = { 'enabled' => false, 'lite' => false }
+        @auth_framework = { 'enabled' => false, 'lite' => false }
+        @profile = { 'enabled' => false }
+        @fingerprint = { 'enabled' => false, 'hmacUserAgent' => false, 'hmacUserId' => false, 'sampling' => nil }
+      end
+
+      def self.from_json(policy_json)
+        return nil unless policy_json
+        http_tx_policy = HttpTxPolicy.new
 
-            def initialize()
-                @firehose = {"enabled"=>false, "lite"=>false }
-                @auth_framework = {"enabled"=>false, "lite"=>false }
-                @profile = {"enabled"=>false }
-                @fingerprint = {"enabled"=>false, "hmacUserAgent"=>false, "hmacUserId"=>false, "sampling"=>nil }
-            end
+        http_tx_policy.policy_id = policy_json['policy_id']
+        raise 'Policy ID missing' unless http_tx_policy.policy_id
+
+        types = policy_json['types']
+        return http_tx_policy unless types
+
+        if types.key?('firehose')
+          http_tx_policy.firehose['enabled'] = types['firehose'].fetch('enabled', false)
+          http_tx_policy.firehose['lite'] = types['firehose'].fetch('lite', false)
+        end
 
-            def self.from_json(policy_json)
-                if (!policy_json) 
-                    return nil
-                end
-                http_tx_policy = HttpTxPolicy.new
-                if policy_json.has_key?("policy_id")
-                    http_tx_policy.policy_id = policy_json["policy_id"]
-                else
-                    raise "Policy ID missing"
-                end
-                if policy_json.has_key?("types")
-                    types = policy_json["types"]
-                    if types.has_key?("firehose")
-                        http_tx_policy.firehose["enabled"] = types["firehose"].fetch("enabled", false)
-                        http_tx_policy.firehose["lite"] = types["firehose"].fetch("lite", false)
-                    end
-                    if types.has_key?("auth_framework")
-                        http_tx_policy.auth_framework["enabled"] = types["auth_framework"].fetch("enabled", false)
-                        http_tx_policy.auth_framework["lite"] = types["auth_framework"].fetch("lite", false)
-                    end
-                    if types.has_key?("profile")
-                        http_tx_policy.profile["enabled"] = types["profile"].fetch("enabled", false)
-                    end
-                    if types.has_key?("fingerprint")
-                        http_tx_policy.fingerprint["enabled"] = types["fingerprint"].fetch("enabled", false)
-                        http_tx_policy.fingerprint["hmacUserAgent"] = types["fingerprint"].fetch("hmacUserAgent", false)
-                        http_tx_policy.fingerprint["hmacUserId"] = types["fingerprint"].fetch("hmacUserId", false)
-                        http_tx_policy.fingerprint["sampling"] = types["fingerprint"].fetch("sampling", 0)
-                    end
-                end
-                return http_tx_policy
-            end
+        if types.key?('auth_framework')
+          http_tx_policy.auth_framework['enabled'] = types['auth_framework'].fetch('enabled', false)
+          http_tx_policy.auth_framework['lite'] = types['auth_framework'].fetch('lite', false)
         end
+
+        if types.key?('profile')
+          http_tx_policy.profile['enabled'] = types['profile'].fetch('enabled', false)
+        end
+
+        if types.key?('fingerprint')
+          http_tx_policy.fingerprint['enabled'] = types['fingerprint'].fetch('enabled', false)
+          http_tx_policy.fingerprint['hmacUserAgent'] = types['fingerprint'].fetch('hmacUserAgent', false)
+          http_tx_policy.fingerprint['hmacUserId'] = types['fingerprint'].fetch('hmacUserId', false)
+          http_tx_policy.fingerprint['sampling'] = types['fingerprint'].fetch('sampling', 0)
+        end
+
+        http_tx_policy
+      end
     end
+  end
 end

data/lib/tcell_agent/policies/login_fraud_policy.rb

@@ -1,6 +1,5 @@
 require 'tcell_agent/policies/policy'
 
-
 module TCellAgent
   module Policies
     class LoginFraudPolicy < Policy
@@ -11,8 +10,9 @@ module TCellAgent
       attr_accessor :session_hijacking_metrics
 
       def initialize
-        self.init_options
+        init_options
       end
+
       def init_options
         @policy_id = nil
         @login_success_enabled = false
@@ -25,25 +25,20 @@ module TCellAgent
       end
 
       def self.from_json(policy_json)
-        if (!policy_json)
-          return nil
-        end
+        return nil unless policy_json
         sensor_policy = LoginFraudPolicy.new
-        if policy_json.has_key?("policy_id")
-          sensor_policy.policy_id = policy_json["policy_id"]
-        else
-          raise "Policy ID missing"
-        end
-        if policy_json.has_key?("data")
-          data_json = policy_json["data"]
-          if data_json.has_key?("options")
-            options_json = data_json["options"]
-            sensor_policy.login_failed_enabled = options_json.fetch("login_failed_enabled", false)
-            sensor_policy.login_success_enabled = options_json.fetch("login_success_enabled", false)
-            sensor_policy.session_hijacking_metrics = options_json.fetch("session_hijacking_enabled", false)
-          end
-        end
-        return sensor_policy
+
+        sensor_policy.policy_id = policy_json['policy_id']
+        raise 'Policy ID missing' unless sensor_policy.policy_id
+
+        options_json = (policy_json['data'] || {})['options']
+        return sensor_policy unless options_json
+
+        sensor_policy.login_failed_enabled = options_json.fetch('login_failed_enabled', false)
+        sensor_policy.login_success_enabled = options_json.fetch('login_success_enabled', false)
+        sensor_policy.session_hijacking_metrics = options_json.fetch('session_hijacking_enabled', false)
+
+        sensor_policy
       end
     end
   end

data/lib/tcell_agent/policies/policy.rb

@@ -1,8 +1,6 @@
 module TCellAgent
   module Policies
-
     class Policy
     end
-
   end
 end

data/lib/tcell_agent/policies/rust_policies.rb

@@ -6,15 +6,12 @@ require 'tcell_agent/rust/whisperer'
 require 'tcell_agent/sensor_events/command_injection'
 require 'tcell_agent/sensor_events/patches'
 
-
 module TCellAgent
   module Policies
-
     class RustPolicies < Policy
-
       attr_reader :appfirewall_enabled, :patches_enabled, :cmdi_enabled
 
-      def initialize()
+      def initialize
         @appfirewall_enabled = false
         @patches_enabled = false
         @cmdi_enabled = false
@@ -22,11 +19,11 @@ module TCellAgent
         @jsagent_enabled = false
         @agent_ptr = nil
 
-        whisper = TCellAgent::Rust::Whisperer.create_agent()
-        if whisper["error"]
-          TCellAgent.logger.error("Error initializing policies: #{whisper["error"]}")
+        whisper = TCellAgent::Rust::Whisperer.create_agent
+        if whisper['error']
+          TCellAgent.logger.error("Error initializing policies: #{whisper['error']}")
         else
-          @agent_ptr = whisper["agent_ptr"]
+          @agent_ptr = whisper['agent_ptr']
         end
       end
 
@@ -34,17 +31,17 @@ module TCellAgent
         return if @agent_ptr.nil? || policies_json.nil? || policies_json.empty?
 
         whisper = TCellAgent::Rust::Whisperer.update_policies(@agent_ptr, policies_json)
-        if whisper["errors"]
-          whisper["errors"].each do |error|
+        if whisper['errors']
+          whisper['errors'].each do |error|
             TCellAgent.logger.error("Error updating policies: #{error}")
           end
         else
-          enablements = whisper["enablements"]
-          @appfirewall_enabled = !!enablements["appfirewall"]
-          @patches_enabled = !!enablements["patches"]
-          @cmdi_enabled = !!enablements["cmdi"]
-          @headers_enabled = !!enablements["headers"]
-          @jsagent_enabled = !!enablements["jsagentinjection"]
+          enablements = whisper['enablements']
+          @appfirewall_enabled = enablements['appfirewall']
+          @patches_enabled = enablements['patches']
+          @cmdi_enabled = enablements['cmdi']
+          @headers_enabled = enablements['headers']
+          @jsagent_enabled = enablements['jsagentinjection']
         end
       end
 
@@ -52,11 +49,11 @@ module TCellAgent
         return false unless @agent_ptr && @patches_enabled
 
         whisper = TCellAgent::Rust::Whisperer.apply_patches(@agent_ptr, appsensor_meta)
-        if whisper["error"]
-          TCellAgent.logger.error("Error processing patches: #{whisper["error"]}")
+        if whisper['error']
+          TCellAgent.logger.error("Error processing patches: #{whisper['error']}")
         else
-          response = whisper["apply_response"]
-          if response && response["status"] == "Blocked"
+          response = whisper['apply_response']
+          if response && response['status'] == 'Blocked'
             patches_event = TCellAgent::SensorEvents::PatchesEvent.new(response, appsensor_meta)
             TCellAgent.send_event(patches_event)
             return true
@@ -69,9 +66,9 @@ module TCellAgent
       def check_appfirewall_injections(appsensor_meta)
         return unless @agent_ptr && @appfirewall_enabled
 
-        TCellAgent::Instrumentation.safe_block("AppSensor inspection") do
+        TCellAgent::Instrumentation.safe_block('AppSensor inspection') do
           whisper = TCellAgent::Rust::Whisperer.apply_appfirewall(@agent_ptr, appsensor_meta)
-          TCellAgent::AppSensor::InjectionsReporter.report_and_log(whisper["apply_response"])
+          TCellAgent::AppSensor::InjectionsReporter.report_and_log(whisper['apply_response'])
         end
       end
 
@@ -82,15 +79,13 @@ module TCellAgent
         whisper = TCellAgent::Rust::Whisperer.apply_cmdi(
           @agent_ptr, command, tcell_context
         )
-        apply_response = whisper.fetch("apply_response", {})
+        apply_response = whisper.fetch('apply_response', {})
         cmdi_event =
           TCellAgent::SensorEvents::CommandInjectionEvent.build_from_native_lib_response_and_tcell_context(apply_response,
                                                                                                            tcell_context)
-        if cmdi_event
-          TCellAgent.send_event(cmdi_event)
-        end
+        TCellAgent.send_event(cmdi_event) if cmdi_event
 
-        apply_response.fetch("blocked", false)
+        apply_response.fetch('blocked', false)
       end
 
       def get_headers(tcell_context)
@@ -99,7 +94,7 @@ module TCellAgent
         whisper = TCellAgent::Rust::Whisperer.get_headers(
           @agent_ptr, tcell_context
         )
-        return whisper['headers'] || []
+        whisper['headers'] || []
       end
 
       def get_js_agent_script_tag(tcell_context)
@@ -108,7 +103,7 @@ module TCellAgent
         whisper = TCellAgent::Rust::Whisperer.get_js_agent_script_tag(
           @agent_ptr, tcell_context
         )
-        return whisper['script_tag']
+        whisper['script_tag']
       end
     end
   end

data/lib/tcell_agent/rails.rb

@@ -17,19 +17,18 @@ require 'tcell_agent/rails/settings_reporter'
 require 'tcell_agent/rails/dlp'
 require 'tcell_agent/rails/csrf_exception'
 
-
 require 'tcell_agent/userinfo'
 require 'cgi'
 require 'thread'
 
 module TCellAgent
   class Railtie < Rails::Railtie
-    initializer "tcell_agent.insert_middleware" do |app|
+    initializer 'tcell_agent.insert_middleware' do |app|
       app.config.to_prepare do
         require 'tcell_agent/devise' if defined?(Devise)
         require 'tcell_agent/rails/auth/devise' if defined?(Devise)
         require 'tcell_agent/authlogic' if defined?(Authlogic)
-        require 'tcell_agent/rails/auth/authlogic'  if defined?(Authlogic)
+        require 'tcell_agent/rails/auth/authlogic' if defined?(Authlogic)
         require 'tcell_agent/rails/auth/doorkeeper'
       end
       app.config.middleware.insert_before(0, TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware)

data/lib/tcell_agent/rails/auth/authlogic.rb

@@ -23,11 +23,11 @@ if TCellAgent.configuration.should_instrument_authlogic?
             user_logged_in_after = !user.nil?
 
             TCellAgent::Instrumentation.safe_block('Authlogic login info') do
-              login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+              login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
               if login_fraud_policy && login_fraud_policy.enabled
                 user_id = nil
                 TCellAgent::Instrumentation.safe_block('getting userid for login form') do
-                  user_id = self.send(self.class.login_field.to_sym)
+                  user_id = send(self.class.login_field.to_sym)
                 end
 
                 password = nil

data/lib/tcell_agent/rails/auth/devise.rb

@@ -22,7 +22,7 @@ if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
                 password = tcell_data.password
                 password ||= _get_tcell_password
 
-                login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+                login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
                 if login_fraud_policy && login_fraud_policy.login_failed_enabled
                   TCellAgent.send_event(
                     TCellAgent::SensorEvents::LoginFailure.new(
@@ -105,7 +105,7 @@ if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
               end
             end
 
-            login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+            login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
             if login_fraud_policy && login_fraud_policy.login_success_enabled
               tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
               if tcell_data