RubyGems - tcell_agent - Versions diffs - 1.1.3 → 1.1.4 - Mend

tcell_agent 1.1.3 → 1.1.4

Files changed (118) hide show

checksums.yaml +4 -4
data/bin/tcell_agent +10 -2
data/lib/tcell_agent.rb +3 -3
data/lib/tcell_agent/agent.rb +42 -52
data/lib/tcell_agent/agent/event_processor.rb +129 -162
data/lib/tcell_agent/agent/fork_pipe_manager.rb +57 -62
data/lib/tcell_agent/agent/policy_manager.rb +83 -104
data/lib/tcell_agent/agent/policy_types.rb +24 -29
data/lib/tcell_agent/agent/route_manager.rb +36 -46
data/lib/tcell_agent/agent/static_agent.rb +19 -21
data/lib/tcell_agent/api.rb +23 -28
data/lib/tcell_agent/appsensor/injections_reporter.rb +7 -11
data/lib/tcell_agent/authlogic.rb +7 -7
data/lib/tcell_agent/cmdi.rb +22 -23
data/lib/tcell_agent/config/unknown_options.rb +71 -69
data/lib/tcell_agent/configuration.rb +187 -191
data/lib/tcell_agent/devise.rb +13 -15
data/lib/tcell_agent/hooks/login_fraud.rb +1 -1
data/lib/tcell_agent/instrumentation.rb +120 -124
data/lib/tcell_agent/logger.rb +29 -45
data/lib/tcell_agent/patches.rb +5 -5
data/lib/tcell_agent/policies/dataloss_policy.rb +263 -288
data/lib/tcell_agent/policies/http_redirect_policy.rb +25 -37
data/lib/tcell_agent/policies/http_tx_policy.rb +48 -52
data/lib/tcell_agent/policies/login_fraud_policy.rb +15 -20
data/lib/tcell_agent/policies/policy.rb +0 -2
data/lib/tcell_agent/policies/rust_policies.rb +24 -29
data/lib/tcell_agent/rails.rb +2 -3
data/lib/tcell_agent/rails/auth/authlogic.rb +2 -2
data/lib/tcell_agent/rails/auth/devise.rb +2 -2
data/lib/tcell_agent/rails/auth/doorkeeper.rb +2 -2
data/lib/tcell_agent/rails/better_ip.rb +12 -16
data/lib/tcell_agent/rails/csrf_exception.rb +4 -7
data/lib/tcell_agent/rails/dlp.rb +208 -107
data/lib/tcell_agent/rails/dlp/process_request.rb +37 -47
data/lib/tcell_agent/rails/dlp_handler.rb +9 -11
data/lib/tcell_agent/rails/js_agent_insert.rb +11 -14
data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +8 -7
data/lib/tcell_agent/rails/middleware/context_middleware.rb +4 -5
data/lib/tcell_agent/rails/middleware/global_middleware.rb +5 -8
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +24 -27
data/lib/tcell_agent/rails/on_start.rb +5 -5
data/lib/tcell_agent/rails/responses.rb +7 -9
data/lib/tcell_agent/rails/routes.rb +62 -81
data/lib/tcell_agent/rails/routes/grape.rb +25 -30
data/lib/tcell_agent/rails/routes/route_id.rb +9 -14
data/lib/tcell_agent/rails/settings_reporter.rb +44 -33
data/lib/tcell_agent/rails/tcell_body_proxy.rb +15 -18
data/lib/tcell_agent/routes/table.rb +31 -33
data/lib/tcell_agent/rust/{libtcellagent-1.3.0.dylib → libtcellagent-1.3.1.dylib} +0 -0
data/lib/tcell_agent/rust/{libtcellagent-1.3.0.so → libtcellagent-1.3.1.so} +0 -0
data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.0.so → libtcellagent-alpine-1.3.1.so} +0 -0
data/lib/tcell_agent/rust/models.rb +32 -37
data/lib/tcell_agent/rust/tcellagent-1.3.1.dll +0 -0
data/lib/tcell_agent/rust/whisperer.rb +101 -104
data/lib/tcell_agent/sensor_events/app_config.rb +7 -7
data/lib/tcell_agent/sensor_events/appsensor_event.rb +26 -27
data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +20 -88
data/lib/tcell_agent/sensor_events/command_injection.rb +52 -80
data/lib/tcell_agent/sensor_events/discovery.rb +27 -27
data/lib/tcell_agent/sensor_events/dlp.rb +50 -56
data/lib/tcell_agent/sensor_events/honeytokens.rb +9 -9
data/lib/tcell_agent/sensor_events/metrics.rb +20 -21
data/lib/tcell_agent/sensor_events/patches.rb +10 -12
data/lib/tcell_agent/sensor_events/sensor.rb +32 -36
data/lib/tcell_agent/sensor_events/server_agent.rb +130 -127
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +60 -80
data/lib/tcell_agent/sensor_events/util/utils.rb +3 -5
data/lib/tcell_agent/servers/passenger.rb +5 -9
data/lib/tcell_agent/servers/puma.rb +18 -27
data/lib/tcell_agent/servers/rails_server.rb +5 -9
data/lib/tcell_agent/servers/thin.rb +2 -4
data/lib/tcell_agent/servers/unicorn.rb +18 -27
data/lib/tcell_agent/servers/webrick.rb +2 -4
data/lib/tcell_agent/settings_reporter.rb +126 -0
data/lib/tcell_agent/sinatra.rb +24 -26
data/lib/tcell_agent/start_background_thread.rb +21 -142
data/lib/tcell_agent/system_info.rb +4 -3
data/lib/tcell_agent/tcell_context.rb +150 -0
data/lib/tcell_agent/userinfo.rb +3 -3
data/lib/tcell_agent/utils/io.rb +19 -24
data/lib/tcell_agent/utils/params.rb +9 -15
data/lib/tcell_agent/utils/queue_with_timeout.rb +26 -32
data/lib/tcell_agent/utils/strings.rb +4 -6
data/lib/tcell_agent/version.rb +1 -1
data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +5 -5
data/spec/lib/tcell_agent/agent/static_agent_spec.rb +7 -7
data/spec/lib/tcell_agent/cmdi_spec.rb +21 -21
data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +29 -24
data/spec/lib/tcell_agent/instrumentation_spec.rb +4 -4
data/spec/lib/tcell_agent/patches_spec.rb +8 -8
data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +23 -23
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +2 -2
data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +69 -0
data/spec/lib/tcell_agent/rails/dlp_spec.rb +1039 -0
data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +271 -0
data/spec/lib/tcell_agent/rails/logger_spec.rb +5 -5
data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +3 -3
data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -4
data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +5 -5
data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +1 -1
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +11 -8
data/spec/lib/tcell_agent/rails/responses_spec.rb +2 -2
data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +2 -2
data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +1 -1
data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +4 -4
data/spec/lib/tcell_agent/rust/models_spec.rb +83 -75
data/spec/lib/tcell_agent/rust/whisperer_spec.rb +14 -14
data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +19 -70
data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +1 -1
data/spec/lib/tcell_agent/settings_reporter_spec.rb +162 -0
data/spec/lib/tcell_agent/tcell_context_spec.rb +154 -0
data/spec/spec_helper.rb +5 -0
metadata +18 -10
data/lib/tcell_agent/appsensor/meta_data.rb +0 -132
data/lib/tcell_agent/patches/meta_data.rb +0 -59
data/lib/tcell_agent/rust/tcellagent-1.3.0.dll +0 -0
data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +0 -71

data/lib/tcell_agent/rails/auth/doorkeeper.rb CHANGED

@@ -14,7 +14,7 @@ if TCellAgent.configuration.should_instrument_doorkeeper?
             TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
               if TCellAgent.configuration.enabled &&
                  TCellAgent.configuration.should_intercept_requests?
-                login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+                login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
                 if login_fraud_policy &&
                    login_fraud_policy.enabled &&
                    login_fraud_policy.login_failed_enabled
@@ -59,7 +59,7 @@ if TCellAgent.configuration.should_instrument_doorkeeper?
               if TCellAgent.configuration.enabled &&
                  TCellAgent.configuration.should_intercept_requests?
                 if pre_auth.error
-                  login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+                  login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
                   if login_fraud_policy &&
                      login_fraud_policy.enabled &&
                      login_fraud_policy.login_failed_enabled

data/lib/tcell_agent/rails/better_ip.rb CHANGED

@@ -1,28 +1,25 @@
-require "tcell_agent/utils/strings"
+require 'tcell_agent/utils/strings'
 require 'tcell_agent/instrumentation'
 module TCellAgent
   module Utils
     module Rails
       def self.better_ip(request)
         if TCellAgent.configuration.reverse_proxy
-          TCellAgent::Instrumentation.safe_block("Extracting reverse proxy IP") do
+          TCellAgent::Instrumentation.safe_block('Extracting reverse proxy IP') do
             reverse_proxy_header = TCellAgent.configuration.reverse_proxy_ip_address_header
-            if TCellAgent::Utils::Strings.present?(reverse_proxy_header)
-              reverse_proxy_header = "HTTP_" + reverse_proxy_header.upcase().tr('-','_')
-            else
-              reverse_proxy_header = "HTTP_X_FORWARDED_FOR"
-            end
+            reverse_proxy_header = if TCellAgent::Utils::Strings.present?(reverse_proxy_header)
+                                     'HTTP_' + reverse_proxy_header.upcase.tr('-', '_')
+                                   else
+                                     'HTTP_X_FORWARDED_FOR'
+                                   end
             x_forwarded_for = request.env[reverse_proxy_header]
-            if TCellAgent::Utils::Strings.present?(x_forwarded_for)
-              ip = x_forwarded_for.split(',')[0].strip()
-            else
-              ip = request.ip
-            end
+            ip = if TCellAgent::Utils::Strings.present?(x_forwarded_for)
+                   x_forwarded_for.split(',')[0].strip
+                 else
+                   request.ip
+                 end
             return ip
           end
@@ -30,7 +27,6 @@ module TCellAgent
         request.ip
       end
     end
   end
 end

data/lib/tcell_agent/rails/csrf_exception.rb CHANGED

@@ -1,15 +1,14 @@
 require 'tcell_agent/instrumentation'
 module TCellAgent
   module CsrfExceptionReporter
     def handle_unverified_request
-      TCellAgent::Instrumentation.safe_block("AppSensor CSRF Exception processing") do
-        rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::Rust)
+      TCellAgent::Instrumentation.safe_block('AppSensor CSRF Exception processing') do
+        rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
         if rust_policies && rust_policies.appfirewall_enabled
           tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
           if tcell_data
-            tcell_data.csrf_exception_name = ActionController::InvalidAuthenticityToken.name
+            tcell_data.csrf_exception_name = 'ActionController::InvalidAuthenticityToken'
           end
         end
       end
@@ -19,12 +18,10 @@ module TCellAgent
   end
   class MyRailtie < Rails::Railtie
-    initializer "tcell.sensors" do |app|
+    initializer 'tcell.sensors' do |_app|
       ActiveSupport.on_load :action_controller do
         ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
       end
     end
   end
 end

data/lib/tcell_agent/rails/dlp.rb CHANGED

@@ -29,75 +29,173 @@ require 'thread'
 require 'tcell_agent/configuration'
 require 'tcell_agent/rails/responses'
 module TCellAgent
   module DLP
-    def self.instrument_find_by_sql(results)
-      if results.size > 0
-        if TCellAgent.configuration.enabled &&
-            TCellAgent.configuration.should_instrument? &&
-            TCellAgent.configuration.should_intercept_requests?
-          dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
+    def self.instrument_pluck(results, column_names, model)
+      return if results.empty?
+      if TCellAgent.configuration.enabled &&
+         TCellAgent.configuration.should_instrument? &&
+         TCellAgent.configuration.should_intercept_requests?
+        dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
+        request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
+        tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
+        if tcell_context
+          tcell_context.database_result_sizes.push(results.size)
+          if dlp_policy && dlp_policy.enabled
+            database_name = model.connection_config.fetch(
+              :database, '*'
+            ).split('/').last
+            table_name = model.table_name
+            column_names = if column_names.size.zero?
+                             model.columns.map(&:name)
+                           else
+                             column_names.map(&:to_s)
+                           end
+            if dlp_policy.database_discovery_enabled
+              TCellAgent.discover_database_fields(
+                tcell_context.route_id,
+                database_name,
+                '*',
+                table_name,
+                column_names
+              )
+            end
-          request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
-          tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
+            normalized_column_names = {}
+            column_name_to_rules = column_names.each_with_object({}) do |namespaced_column_name, memo|
+              namespace = nil
+              column_name = namespaced_column_name
+              if column_name =~ /\./
+                namespace, column_name = column_name.split(/\./)
+              end
+              normalized_column_names[namespaced_column_name] = column_name
+              next unless column_name && (!namespace || namespace == table_name)
+              rules = dlp_policy.get_actions_for_table(
+                database_name,
+                '*',
+                table_name,
+                column_name,
+                tcell_context.route_id
+              )
-          if tcell_context
-            tcell_context.database_result_sizes.push(results.size)
+              memo[namespaced_column_name] = rules if rules
+            end
-            if dlp_policy && dlp_policy.enabled
-              first_record = results.first
-              database_name = first_record.class.connection_config().fetch(:database,"*").split('/').last
-              model = first_record.class
-              column_names = model.columns.map { |col| col.name }
-              table_name = model.table_name
+            if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
+              TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
+            end
-              if dlp_policy.database_discovery_enabled
-                TCellAgent.discover_database_fields(
-                  tcell_context.route_id,
-                  database_name,
-                  "*",
-                  table_name,
-                  column_names
-                )
+            return if column_name_to_rules.empty?
+            # column_names.size == 1
+            # results => [1, 2, 3, 4]
+            # column_names.size > 1
+            # results => [[1, 'email'], [2, 'email']]
+            if column_names.size == 1
+              results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |result|
+                namespaced_column_name = column_names[0]
+                rules = column_name_to_rules.fetch(namespaced_column_name, [])
+                rules.each do |rule|
+                  tcell_context.add_response_db_filter(
+                    result,
+                    rule,
+                    database_name,
+                    '*',
+                    table_name,
+                    normalized_column_names[namespaced_column_name]
+                  )
+                end
               end
-              if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
-                TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
+            else
+              results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |result|
+                result.each_with_index do |val, index|
+                  namespaced_column_name = column_names[index]
+                  rules = column_name_to_rules.fetch(namespaced_column_name, [])
+                  rules.each do |rule|
+                    tcell_context.add_response_db_filter(
+                      val,
+                      rule,
+                      database_name,
+                      '*',
+                      table_name,
+                      normalized_column_names[namespaced_column_name]
+                    )
+                  end
+                end
               end
+            end
+          end
+        end
+      end
+    end
-              column_name_to_rules = column_names.inject({}) do |memo, column_name|
-                rules = dlp_policy.get_actions_for_table(
-                  database_name,
-                  "*",
-                  table_name,
-                  column_name,
-                  tcell_context.route_id
-                )
+    def self.instrument_find_by_sql(results)
+      return if results.empty?
+      if TCellAgent.configuration.enabled &&
+         TCellAgent.configuration.should_instrument? &&
+         TCellAgent.configuration.should_intercept_requests?
+        dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
+        request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
+        tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
+        if tcell_context
+          tcell_context.database_result_sizes.push(results.size)
+          if dlp_policy && dlp_policy.enabled
+            first_record = results.first
+            database_name = first_record.class.connection_config.fetch(:database, '*').split('/').last
+            model = first_record.class
+            column_names = model.columns.map(&:name)
+            table_name = model.table_name
+            if dlp_policy.database_discovery_enabled
+              TCellAgent.discover_database_fields(
+                tcell_context.route_id,
+                database_name,
+                '*',
+                table_name,
+                column_names
+              )
+            end
-                memo[column_name] = rules if rules
+            if results.size > TCellAgent.configuration.max_data_ex_db_records_per_request
+              TCellAgent.logger.warn("Route (#{tcell_context.route_id}) retrieved too many records")
+            end
-                memo
-              end
+            column_name_to_rules = column_names.each_with_object({}) do |column_name, memo|
+              rules = dlp_policy.get_actions_for_table(
+                database_name,
+                '*',
+                table_name,
+                column_name,
+                tcell_context.route_id
+              )
-              return if column_name_to_rules.empty?
-              results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |record|
-                column_name_to_rules.each do |column_name, rules|
-                  if rules
-                    rules.each do |rule|
-                      tcell_context.add_response_db_filter(
-                        record[column_name.to_sym],
-                        rule,
-                        database_name,
-                        "*",
-                        table_name,
-                        column_name
-                      )
-                    end
-                  end
+              memo[column_name] = rules if rules
+            end
+            return if column_name_to_rules.empty?
+            results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |record|
+              column_name_to_rules.each do |column_name, rules|
+                next unless rules
+                rules.each do |rule|
+                  tcell_context.add_response_db_filter(
+                    record[column_name.to_sym],
+                    rule,
+                    database_name,
+                    '*',
+                    table_name,
+                    column_name
+                  )
                 end
               end
             end
@@ -108,23 +206,24 @@ module TCellAgent
   end
   class MyRailtie < Rails::Railtie
-    initializer 'activeservice.autoload', :after => :set_autoload_paths do |app|
+    initializer 'activeservice.autoload', :after => :set_autoload_paths do |_app|
       if defined?(ActiveRecord)
         ActiveRecord::ConnectionAdapters::AbstractAdapter.class_eval do
           alias_method :tcell_translate_exception, :translate_exception
-          def translate_exception(e, message)
-            result = tcell_translate_exception(e, message)
+          def translate_exception(exception, message)
+            result = tcell_translate_exception(exception, message)
-            TCellAgent::Instrumentation.safe_block("Set sql_exception_detected in meta") do
-              rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::Rust)
+            TCellAgent::Instrumentation.safe_block('Set sql_exception_detected in meta') do
+              rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
               if rust_policies && rust_policies.appfirewall_enabled
-                request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, {})
+                request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(
+                  Thread.current.object_id, {}
+                )
                 tcell_data = request_env[TCellAgent::Instrumentation::TCELL_ID]
                 if tcell_data && result.is_a?(ActiveRecord::StatementInvalid)
-                  tcell_data.sql_exceptions.push({
-                    "exception_name" => result.class.name, "exception_payload" => message
-                  })
+                  tcell_data.sql_exceptions.push(
+                    { 'exception_name' => result.class.name, 'exception_payload' => message }
+                  )
                 end
               end
             end
@@ -133,86 +232,90 @@ module TCellAgent
           end
         end
-        ActiveRecord::Querying.module_eval do
+        ActiveRecord::Calculations.module_eval do
+          alias_method :tcell_pluck, :pluck
+          def pluck(*column_names)
+            results = tcell_pluck(*column_names)
-          if (::Rails::VERSION::MAJOR == 5)
+            TCellAgent::Instrumentation.safe_block('Running DLP on pluck') do
+              TCellAgent::DLP.instrument_pluck(results, column_names, model)
+            end
+            results
+          end
+        end
+        ActiveRecord::Querying.module_eval do
+          if ::Rails::VERSION::MAJOR == 5
             alias_method :tcell_find_by_sql, :find_by_sql
             def find_by_sql(*args)
               results = tcell_find_by_sql(*args)
-              TCellAgent::Instrumentation.safe_block("Running DLP on find_by_sql") do
+              TCellAgent::Instrumentation.safe_block('Running DLP on find_by_sql') do
                 TCellAgent::DLP.instrument_find_by_sql(results)
               end
               results
             end
-          elsif (::Rails::VERSION::MAJOR < 5)
+          elsif ::Rails::VERSION::MAJOR < 5
             alias_method :tcell_find_by_sql, :find_by_sql
             def find_by_sql(sql, binds = [])
               results = tcell_find_by_sql(sql, binds)
-              TCellAgent::Instrumentation.safe_block("Running DLP on find_by_sql") do
+              TCellAgent::Instrumentation.safe_block('Running DLP on find_by_sql') do
                 TCellAgent::DLP.instrument_find_by_sql(results)
               end
               results
             end
           end
         end
       end
     end
   end
 end
 # - Request
 # -   Session Id event
 # -   Session Id redact
 # -   Session Id hash
 # -   Session Id mask
 # -   Database-Stuff - [event, redact]
-#
+#
 # - Log
 #
 module TCellAgent
   module Policies
     class DataLossPolicy
       def log_enforce(tcell_context, sanitize_string)
         if TCellAgent.configuration.enabled &&
-            TCellAgent.configuration.should_instrument? &&
-            TCellAgent.configuration.should_intercept_requests?
-          if (tcell_context && tcell_context.session_id)
-            session_id_actions = self.get_actions_for_session_id
+           TCellAgent.configuration.should_instrument? &&
+           TCellAgent.configuration.should_intercept_requests?
+          if tcell_context && tcell_context.session_id
+            session_id_actions = get_actions_for_session_id
             if session_id_actions
               send_event = false
-              sanitize_string.gsub!(tcell_context.session_id) {|m|
+              sanitize_string.gsub!(tcell_context.session_id) do |m|
                 if session_id_actions.log_redact
                   send_event = true
-                  m = "[session_id]"
+                  m = '[session_id]'
                 elsif session_id_actions.log_hash
                   send_event = true
-                  m = "[hash]"
+                  m = '[hash]'
                 elsif session_id_actions.log_event
                   send_event = true
                 end
                 m
-              }
+              end
               if send_event
                 TCellAgent.send_event(
                   TCellAgent::SensorEvents::DlpEvent.new(
                     tcell_context.route_id,
                     tcell_context.uri,
                     TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG
-                    ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
+                  ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
                 )
               end
             end
@@ -224,13 +327,13 @@ module TCellAgent
       def response_body_enforce(tcell_context, sanitize_string)
         if TCellAgent.configuration.enabled &&
-            TCellAgent.configuration.should_instrument? &&
-            TCellAgent.configuration.should_intercept_requests?
-          if (tcell_context && tcell_context.session_id)
-            session_id_actions = self.get_actions_for_session_id
+           TCellAgent.configuration.should_instrument? &&
+           TCellAgent.configuration.should_intercept_requests?
+          if tcell_context && tcell_context.session_id
+            session_id_actions = get_actions_for_session_id
             if session_id_actions
               send_event = false
-              sanitize_string.gsub!(tcell_context.session_id) {|m|
+              sanitize_string.gsub!(tcell_context.session_id) do |m|
                 if session_id_actions.body_redact
                   # m = "[session_id]"
                   send_event = true
@@ -241,7 +344,7 @@ module TCellAgent
                   send_event = true
                 end
                 m
-              }
+              end
             end
             if send_event
               TCellAgent.send_event(
@@ -249,7 +352,7 @@ module TCellAgent
                   tcell_context.route_id,
                   tcell_context.uri,
                   TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY
-                  ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
+                ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
               )
             end
           end
@@ -263,11 +366,11 @@ end
 class Logger
   alias_method :tcell_old_add, :add
-  def add(severity, message = nil, progname = nil, &block)
+  def add(severity, message = nil, progname = nil)
     if TCellAgent.configuration.enabled &&
-        TCellAgent.configuration.should_instrument? &&
-        TCellAgent.configuration.should_intercept_requests? &&
-        severity >= self.level
+       TCellAgent.configuration.should_instrument? &&
+       TCellAgent.configuration.should_intercept_requests? &&
+       severity >= level
       progname ||= @progname
       if message.nil?
@@ -279,16 +382,14 @@ class Logger
         end
       end
-      TCellAgent::Instrumentation.safe_block_no_log("Handling DLP log message filtering") {
-        dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DataLoss)
+      TCellAgent::Instrumentation.safe_block_no_log('Handling DLP log message filtering') do
+        dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
         request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(Thread.current.object_id, nil)
         if message && dlp_policy && request_env
           tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
-          if tcell_context
-            tcell_context.filter_log(message)
-          end
+          tcell_context.filter_log(message) if tcell_context
         end
-      }
+      end
     end
     tcell_old_add(severity, message, progname)