tcell_agent 1.1.3 → 1.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/tcell_agent +10 -2
- data/lib/tcell_agent.rb +3 -3
- data/lib/tcell_agent/agent.rb +42 -52
- data/lib/tcell_agent/agent/event_processor.rb +129 -162
- data/lib/tcell_agent/agent/fork_pipe_manager.rb +57 -62
- data/lib/tcell_agent/agent/policy_manager.rb +83 -104
- data/lib/tcell_agent/agent/policy_types.rb +24 -29
- data/lib/tcell_agent/agent/route_manager.rb +36 -46
- data/lib/tcell_agent/agent/static_agent.rb +19 -21
- data/lib/tcell_agent/api.rb +23 -28
- data/lib/tcell_agent/appsensor/injections_reporter.rb +7 -11
- data/lib/tcell_agent/authlogic.rb +7 -7
- data/lib/tcell_agent/cmdi.rb +22 -23
- data/lib/tcell_agent/config/unknown_options.rb +71 -69
- data/lib/tcell_agent/configuration.rb +187 -191
- data/lib/tcell_agent/devise.rb +13 -15
- data/lib/tcell_agent/hooks/login_fraud.rb +1 -1
- data/lib/tcell_agent/instrumentation.rb +120 -124
- data/lib/tcell_agent/logger.rb +29 -45
- data/lib/tcell_agent/patches.rb +5 -5
- data/lib/tcell_agent/policies/dataloss_policy.rb +263 -288
- data/lib/tcell_agent/policies/http_redirect_policy.rb +25 -37
- data/lib/tcell_agent/policies/http_tx_policy.rb +48 -52
- data/lib/tcell_agent/policies/login_fraud_policy.rb +15 -20
- data/lib/tcell_agent/policies/policy.rb +0 -2
- data/lib/tcell_agent/policies/rust_policies.rb +24 -29
- data/lib/tcell_agent/rails.rb +2 -3
- data/lib/tcell_agent/rails/auth/authlogic.rb +2 -2
- data/lib/tcell_agent/rails/auth/devise.rb +2 -2
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +2 -2
- data/lib/tcell_agent/rails/better_ip.rb +12 -16
- data/lib/tcell_agent/rails/csrf_exception.rb +4 -7
- data/lib/tcell_agent/rails/dlp.rb +208 -107
- data/lib/tcell_agent/rails/dlp/process_request.rb +37 -47
- data/lib/tcell_agent/rails/dlp_handler.rb +9 -11
- data/lib/tcell_agent/rails/js_agent_insert.rb +11 -14
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +8 -7
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +4 -5
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +5 -8
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +24 -27
- data/lib/tcell_agent/rails/on_start.rb +5 -5
- data/lib/tcell_agent/rails/responses.rb +7 -9
- data/lib/tcell_agent/rails/routes.rb +62 -81
- data/lib/tcell_agent/rails/routes/grape.rb +25 -30
- data/lib/tcell_agent/rails/routes/route_id.rb +9 -14
- data/lib/tcell_agent/rails/settings_reporter.rb +44 -33
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +15 -18
- data/lib/tcell_agent/routes/table.rb +31 -33
- data/lib/tcell_agent/rust/{libtcellagent-1.3.0.dylib → libtcellagent-1.3.1.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-1.3.0.so → libtcellagent-1.3.1.so} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.0.so → libtcellagent-alpine-1.3.1.so} +0 -0
- data/lib/tcell_agent/rust/models.rb +32 -37
- data/lib/tcell_agent/rust/tcellagent-1.3.1.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +101 -104
- data/lib/tcell_agent/sensor_events/app_config.rb +7 -7
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +26 -27
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +20 -88
- data/lib/tcell_agent/sensor_events/command_injection.rb +52 -80
- data/lib/tcell_agent/sensor_events/discovery.rb +27 -27
- data/lib/tcell_agent/sensor_events/dlp.rb +50 -56
- data/lib/tcell_agent/sensor_events/honeytokens.rb +9 -9
- data/lib/tcell_agent/sensor_events/metrics.rb +20 -21
- data/lib/tcell_agent/sensor_events/patches.rb +10 -12
- data/lib/tcell_agent/sensor_events/sensor.rb +32 -36
- data/lib/tcell_agent/sensor_events/server_agent.rb +130 -127
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +60 -80
- data/lib/tcell_agent/sensor_events/util/utils.rb +3 -5
- data/lib/tcell_agent/servers/passenger.rb +5 -9
- data/lib/tcell_agent/servers/puma.rb +18 -27
- data/lib/tcell_agent/servers/rails_server.rb +5 -9
- data/lib/tcell_agent/servers/thin.rb +2 -4
- data/lib/tcell_agent/servers/unicorn.rb +18 -27
- data/lib/tcell_agent/servers/webrick.rb +2 -4
- data/lib/tcell_agent/settings_reporter.rb +126 -0
- data/lib/tcell_agent/sinatra.rb +24 -26
- data/lib/tcell_agent/start_background_thread.rb +21 -142
- data/lib/tcell_agent/system_info.rb +4 -3
- data/lib/tcell_agent/tcell_context.rb +150 -0
- data/lib/tcell_agent/userinfo.rb +3 -3
- data/lib/tcell_agent/utils/io.rb +19 -24
- data/lib/tcell_agent/utils/params.rb +9 -15
- data/lib/tcell_agent/utils/queue_with_timeout.rb +26 -32
- data/lib/tcell_agent/utils/strings.rb +4 -6
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +5 -5
- data/spec/lib/tcell_agent/agent/static_agent_spec.rb +7 -7
- data/spec/lib/tcell_agent/cmdi_spec.rb +21 -21
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +29 -24
- data/spec/lib/tcell_agent/instrumentation_spec.rb +4 -4
- data/spec/lib/tcell_agent/patches_spec.rb +8 -8
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +23 -23
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +2 -2
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +69 -0
- data/spec/lib/tcell_agent/rails/dlp_spec.rb +1039 -0
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +271 -0
- data/spec/lib/tcell_agent/rails/logger_spec.rb +5 -5
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +3 -3
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -4
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +5 -5
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +1 -1
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +11 -8
- data/spec/lib/tcell_agent/rails/responses_spec.rb +2 -2
- data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +2 -2
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +1 -1
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +4 -4
- data/spec/lib/tcell_agent/rust/models_spec.rb +83 -75
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +14 -14
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +19 -70
- data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +1 -1
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +162 -0
- data/spec/lib/tcell_agent/tcell_context_spec.rb +154 -0
- data/spec/spec_helper.rb +5 -0
- metadata +18 -10
- data/lib/tcell_agent/appsensor/meta_data.rb +0 -132
- data/lib/tcell_agent/patches/meta_data.rb +0 -59
- data/lib/tcell_agent/rust/tcellagent-1.3.0.dll +0 -0
- data/spec/lib/tcell_agent/appsensor/meta_data_spec.rb +0 -71
|
@@ -1,25 +1,24 @@
|
|
|
1
1
|
module TCellAgent
|
|
2
2
|
module DLP
|
|
3
|
-
|
|
4
3
|
def self.handle_request_dlp_parameters(request)
|
|
5
|
-
TCellAgent::Instrumentation.safe_block(
|
|
4
|
+
TCellAgent::Instrumentation.safe_block('Handling Dataexposure (request forms)') do
|
|
6
5
|
_handle_dataexpsure_forms(request)
|
|
7
|
-
|
|
6
|
+
end
|
|
8
7
|
|
|
9
|
-
TCellAgent::Instrumentation.safe_block(
|
|
8
|
+
TCellAgent::Instrumentation.safe_block('Handling Dataexposure (request headers)') do
|
|
10
9
|
_handle_dataexpsure_headers(request)
|
|
11
|
-
|
|
10
|
+
end
|
|
12
11
|
|
|
13
|
-
TCellAgent::Instrumentation.safe_block(
|
|
12
|
+
TCellAgent::Instrumentation.safe_block('Handling Dataexposure (request cookies)') do
|
|
14
13
|
_handler_dataexposure_cookies(request)
|
|
15
|
-
|
|
14
|
+
end
|
|
16
15
|
end
|
|
17
16
|
|
|
18
|
-
def self.loop_params_hash(method, param_hash,
|
|
17
|
+
def self.loop_params_hash(method, param_hash, &block)
|
|
19
18
|
param_hash.each do |param_name, param_value|
|
|
20
19
|
if param_value && param_value.is_a?(Hash)
|
|
21
|
-
loop_params_hash(method, param_value,
|
|
22
|
-
elsif !param_value || !param_value.instance_of?(String) || param_value ==
|
|
20
|
+
loop_params_hash(method, param_value, &block)
|
|
21
|
+
elsif !param_value || !param_value.instance_of?(String) || param_value == ''
|
|
23
22
|
next
|
|
24
23
|
else
|
|
25
24
|
block.call(method, param_name, param_value)
|
|
@@ -29,59 +28,50 @@ module TCellAgent
|
|
|
29
28
|
|
|
30
29
|
def self.for_params(request, &block)
|
|
31
30
|
get_params = request.GET
|
|
32
|
-
if get_params
|
|
33
|
-
self.loop_params_hash('get', get_params, nil, &block)
|
|
34
|
-
end
|
|
31
|
+
loop_params_hash('get', get_params, &block) if get_params
|
|
35
32
|
post_params = request.POST
|
|
36
|
-
if post_params
|
|
37
|
-
self.loop_params_hash('post', post_params, nil, &block)
|
|
38
|
-
end
|
|
33
|
+
loop_params_hash('post', post_params, &block) if post_params
|
|
39
34
|
end
|
|
40
35
|
|
|
41
36
|
def self._handle_dataexpsure_forms(request)
|
|
42
|
-
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::
|
|
37
|
+
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
|
|
43
38
|
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
}
|
|
39
|
+
return unless tcell_context && dataex_policy && dataex_policy.actions_for_form_parameter?
|
|
40
|
+
for_params(request) do |_method, param_name, param_value|
|
|
41
|
+
actions = dataex_policy.get_actions_for_form_parameter(param_name, tcell_context.route_id)
|
|
42
|
+
if actions
|
|
43
|
+
actions.each do |action|
|
|
44
|
+
tcell_context.add_filter_for_request_parameter(param_value, action, param_name)
|
|
51
45
|
end
|
|
52
|
-
|
|
46
|
+
end
|
|
53
47
|
end
|
|
54
48
|
end
|
|
55
49
|
|
|
56
50
|
def self._handle_dataexpsure_headers(request)
|
|
57
|
-
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::
|
|
51
|
+
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
|
|
58
52
|
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
end
|
|
69
|
-
}
|
|
53
|
+
return unless tcell_context && dataex_policy && dataex_policy.actions_for_headers?
|
|
54
|
+
headers = request.env.select { |k, _v| k.start_with? 'HTTP_' }
|
|
55
|
+
headers.each do |header_name, header_value|
|
|
56
|
+
header_name = header_name.sub(/^HTTP_/, '').tr('_', '-')
|
|
57
|
+
actions = dataex_policy.get_actions_for_header(header_name)
|
|
58
|
+
next unless actions
|
|
59
|
+
actions.each do |action|
|
|
60
|
+
tcell_context.add_filter_for_header_value(header_value, action, header_name)
|
|
61
|
+
end
|
|
70
62
|
end
|
|
71
63
|
end
|
|
72
64
|
|
|
73
65
|
def self._handler_dataexposure_cookies(request)
|
|
74
|
-
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::
|
|
66
|
+
dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
|
|
75
67
|
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
end
|
|
84
|
-
}
|
|
68
|
+
return unless tcell_context && dataex_policy && dataex_policy.actions_for_cookie?
|
|
69
|
+
request.cookies.each do |cookie_name, cookie_value|
|
|
70
|
+
actions = dataex_policy.get_actions_for_cookie(cookie_name)
|
|
71
|
+
next unless actions
|
|
72
|
+
actions.each do |action|
|
|
73
|
+
tcell_context.add_filter_for_cookie_value(cookie_value, action, cookie_name)
|
|
74
|
+
end
|
|
85
75
|
end
|
|
86
76
|
end
|
|
87
77
|
end
|
|
@@ -5,17 +5,16 @@ module TCellAgent
|
|
|
5
5
|
module Instrumentation
|
|
6
6
|
module Rails
|
|
7
7
|
module DLPHandler
|
|
8
|
-
|
|
9
8
|
def self.report_and_redact_now(dlp_handler, tcell_context, rack_body, content_length)
|
|
10
|
-
TCellAgent::Instrumentation.safe_block(
|
|
9
|
+
TCellAgent::Instrumentation.safe_block('Handling DLP Report and Redact Now') do
|
|
11
10
|
if dlp_handler
|
|
12
11
|
new_content_length = 0
|
|
13
12
|
new_body = []
|
|
14
|
-
rack_body.each
|
|
13
|
+
rack_body.each do |str|
|
|
15
14
|
dlp_handler.call(tcell_context, str)
|
|
16
15
|
new_body << str
|
|
17
16
|
new_content_length += str.bytesize
|
|
18
|
-
|
|
17
|
+
end
|
|
19
18
|
rack_body.close if rack_body.respond_to?(:close)
|
|
20
19
|
|
|
21
20
|
rack_body = new_body
|
|
@@ -27,7 +26,7 @@ module TCellAgent
|
|
|
27
26
|
end
|
|
28
27
|
|
|
29
28
|
def self.handle_dlp!(tcell_context, response)
|
|
30
|
-
TCellAgent::Instrumentation.safe_block(
|
|
29
|
+
TCellAgent::Instrumentation.safe_block('Running DLP Logging Filters') do
|
|
31
30
|
tcell_context.filter_body!(response)
|
|
32
31
|
end
|
|
33
32
|
|
|
@@ -38,20 +37,20 @@ module TCellAgent
|
|
|
38
37
|
dlp_handler = nil
|
|
39
38
|
tcell_context = nil
|
|
40
39
|
|
|
41
|
-
TCellAgent::Instrumentation.safe_block(
|
|
40
|
+
TCellAgent::Instrumentation.safe_block('DLP Handler get handler and context') do
|
|
42
41
|
if TCellAgent.configuration.enabled &&
|
|
43
|
-
|
|
44
|
-
|
|
42
|
+
TCellAgent.configuration.should_instrument? &&
|
|
43
|
+
TCellAgent.configuration.should_intercept_requests?
|
|
45
44
|
|
|
46
45
|
# do all this work so that dlp doesn't run at all unless it's on and there
|
|
47
46
|
# are rules to run
|
|
48
47
|
if TCellAgent::Utils::Rails.processable_response?(response_headers)
|
|
49
|
-
dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::
|
|
48
|
+
dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
|
|
50
49
|
if dlp_policy && dlp_policy.get_actions_for_session_id
|
|
51
50
|
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
52
51
|
if tcell_context && tcell_context.session_id
|
|
53
52
|
dlp_handler = proc { |tc, resp|
|
|
54
|
-
|
|
53
|
+
handle_dlp!(tc, resp)
|
|
55
54
|
}
|
|
56
55
|
end
|
|
57
56
|
end
|
|
@@ -61,7 +60,6 @@ module TCellAgent
|
|
|
61
60
|
|
|
62
61
|
[dlp_handler, tcell_context]
|
|
63
62
|
end
|
|
64
|
-
|
|
65
63
|
end
|
|
66
64
|
end
|
|
67
65
|
end
|
|
@@ -4,20 +4,19 @@ module TCellAgent
|
|
|
4
4
|
module Instrumentation
|
|
5
5
|
module Rails
|
|
6
6
|
module JSAgent
|
|
7
|
-
|
|
8
|
-
HEAD_SEARCH_REGEX=/<head>/
|
|
7
|
+
HEAD_SEARCH_REGEX = /<head>/
|
|
9
8
|
|
|
10
9
|
def self.insert_now(js_agent_handler, script_insert, rack_body, content_length)
|
|
11
|
-
TCellAgent::Instrumentation.safe_block(
|
|
10
|
+
TCellAgent::Instrumentation.safe_block('Handling JSAgent Insert Now') do
|
|
12
11
|
if js_agent_handler
|
|
13
12
|
new_content_length = 0
|
|
14
13
|
newbody = []
|
|
15
|
-
rack_body.each
|
|
14
|
+
rack_body.each do |str|
|
|
16
15
|
modified_str = js_agent_handler.call(script_insert, str)
|
|
17
16
|
|
|
18
17
|
newbody << modified_str
|
|
19
18
|
new_content_length += modified_str.bytesize
|
|
20
|
-
|
|
19
|
+
end
|
|
21
20
|
rack_body.close if rack_body.respond_to?(:close)
|
|
22
21
|
|
|
23
22
|
rack_body = newbody
|
|
@@ -30,7 +29,7 @@ module TCellAgent
|
|
|
30
29
|
|
|
31
30
|
def self.handle_js_agent_insert(script_insert, response)
|
|
32
31
|
new_response = response
|
|
33
|
-
TCellAgent::Instrumentation.safe_block(
|
|
32
|
+
TCellAgent::Instrumentation.safe_block('Handling JSAgent insert') do
|
|
34
33
|
new_response = response.sub(
|
|
35
34
|
TCellAgent::Instrumentation::Rails::JSAgent::HEAD_SEARCH_REGEX,
|
|
36
35
|
"<head>#{script_insert}"
|
|
@@ -44,17 +43,16 @@ module TCellAgent
|
|
|
44
43
|
js_agent_handler = nil
|
|
45
44
|
script_insert = nil
|
|
46
45
|
|
|
47
|
-
TCellAgent::Instrumentation.safe_block(
|
|
48
|
-
if (response_headers
|
|
49
|
-
rust_policy = TCellAgent.policy(TCellAgent::PolicyTypes::
|
|
46
|
+
TCellAgent::Instrumentation.safe_block('JSAgent get handler and script insert') do
|
|
47
|
+
if (response_headers['Content-Type'] || '').start_with?('text/html')
|
|
48
|
+
rust_policy = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
|
|
50
49
|
if rust_policy
|
|
51
|
-
|
|
50
|
+
script_insert = rust_policy.get_js_agent_script_tag(
|
|
52
51
|
request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
53
52
|
)
|
|
54
|
-
if
|
|
55
|
-
script_insert = js_script_tag
|
|
53
|
+
if script_insert
|
|
56
54
|
js_agent_handler = proc { |si, resp|
|
|
57
|
-
|
|
55
|
+
handle_js_agent_insert(si, resp)
|
|
58
56
|
}
|
|
59
57
|
end
|
|
60
58
|
end
|
|
@@ -63,7 +61,6 @@ module TCellAgent
|
|
|
63
61
|
|
|
64
62
|
[js_agent_handler, script_insert]
|
|
65
63
|
end
|
|
66
|
-
|
|
67
64
|
end
|
|
68
65
|
end
|
|
69
66
|
end
|
|
@@ -20,6 +20,7 @@ module TCellAgent
|
|
|
20
20
|
def initialize(app)
|
|
21
21
|
@app = app
|
|
22
22
|
end
|
|
23
|
+
|
|
23
24
|
def call(env)
|
|
24
25
|
orig = (Time.now.to_f * 1000).to_i
|
|
25
26
|
|
|
@@ -27,17 +28,17 @@ module TCellAgent
|
|
|
27
28
|
|
|
28
29
|
if TCellAgent.configuration.should_intercept_requests?
|
|
29
30
|
response_time = (Time.now.to_f * 1000).to_i - orig
|
|
30
|
-
TCellAgent::Instrumentation.safe_block(
|
|
31
|
+
TCellAgent::Instrumentation.safe_block('Handling Route Time') do
|
|
31
32
|
route_id = env[TCellAgent::Instrumentation::TCELL_ID].route_id
|
|
32
33
|
if route_id
|
|
33
34
|
TCellAgent.increment_route(route_id, response_time)
|
|
34
35
|
else
|
|
35
|
-
TCellAgent.increment_route(
|
|
36
|
+
TCellAgent.increment_route('', response_time)
|
|
36
37
|
end
|
|
37
|
-
|
|
38
|
-
TCellAgent::Instrumentation.safe_block(
|
|
39
|
-
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::
|
|
40
|
-
if
|
|
38
|
+
end
|
|
39
|
+
TCellAgent::Instrumentation.safe_block('Handling Sessions Info') do
|
|
40
|
+
login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
|
|
41
|
+
if login_fraud_policy && login_fraud_policy.session_hijacking_metrics
|
|
41
42
|
hmac_session_id = env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id
|
|
42
43
|
user_id = env[TCellAgent::Instrumentation::TCELL_ID].user_id
|
|
43
44
|
if user_id && hmac_session_id
|
|
@@ -49,7 +50,7 @@ module TCellAgent
|
|
|
49
50
|
)
|
|
50
51
|
end
|
|
51
52
|
end
|
|
52
|
-
|
|
53
|
+
end
|
|
53
54
|
end
|
|
54
55
|
|
|
55
56
|
response
|
|
@@ -19,9 +19,8 @@ module TCellAgent
|
|
|
19
19
|
module Instrumentation
|
|
20
20
|
module Rails
|
|
21
21
|
module Middleware
|
|
22
|
-
|
|
23
22
|
class ContextMiddleware
|
|
24
|
-
THREADS = {}
|
|
23
|
+
THREADS = {} # rubocop:disable Style/MutableConstant
|
|
25
24
|
def initialize(app)
|
|
26
25
|
@app = app
|
|
27
26
|
end
|
|
@@ -29,7 +28,7 @@ module TCellAgent
|
|
|
29
28
|
def call(env)
|
|
30
29
|
if TCellAgent.configuration.should_intercept_requests?
|
|
31
30
|
env[TCellAgent::Instrumentation::TCELL_ID] = TCellAgent::Instrumentation::TCellData.new
|
|
32
|
-
TCellAgent::Instrumentation.safe_block(
|
|
31
|
+
TCellAgent::Instrumentation.safe_block('Setting transaction_id') do
|
|
33
32
|
env[TCellAgent::Instrumentation::TCELL_ID].transaction_id = SecureRandom.uuid
|
|
34
33
|
request = Rack::Request.new(env)
|
|
35
34
|
env[TCellAgent::Instrumentation::TCELL_ID].uri = request.url
|
|
@@ -41,8 +40,8 @@ module TCellAgent
|
|
|
41
40
|
if request.request_method
|
|
42
41
|
env[TCellAgent::Instrumentation::TCELL_ID].request_method = request.request_method
|
|
43
42
|
end
|
|
44
|
-
|
|
45
|
-
env[
|
|
43
|
+
end
|
|
44
|
+
env['filter_body_set'] = Set.new
|
|
46
45
|
ContextMiddleware::THREADS[Thread.current.object_id] = env
|
|
47
46
|
end
|
|
48
47
|
|
|
@@ -17,9 +17,7 @@ module TCellAgent
|
|
|
17
17
|
module Instrumentation
|
|
18
18
|
module Rails
|
|
19
19
|
module Middleware
|
|
20
|
-
|
|
21
20
|
class GlobalMiddleware
|
|
22
|
-
|
|
23
21
|
def initialize(app)
|
|
24
22
|
@app = app
|
|
25
23
|
end
|
|
@@ -27,16 +25,16 @@ module TCellAgent
|
|
|
27
25
|
def call(env)
|
|
28
26
|
if TCellAgent.configuration.should_intercept_requests?
|
|
29
27
|
request = Rack::Request.new(env)
|
|
30
|
-
TCellAgent::Instrumentation.safe_block(
|
|
28
|
+
TCellAgent::Instrumentation.safe_block('Setting session_id & user_id') do
|
|
31
29
|
if request.session
|
|
32
30
|
env[TCellAgent::Instrumentation::TCELL_ID].session_id =
|
|
33
|
-
request.session[
|
|
31
|
+
request.session['session_id']
|
|
34
32
|
env[TCellAgent::Instrumentation::TCELL_ID].user_id =
|
|
35
|
-
TCellAgent::UserInformation.
|
|
33
|
+
TCellAgent::UserInformation.get_user_from_request(request)
|
|
36
34
|
end
|
|
37
|
-
|
|
35
|
+
end
|
|
38
36
|
|
|
39
|
-
TCellAgent::Instrumentation.safe_block(
|
|
37
|
+
TCellAgent::Instrumentation.safe_block('Setting hmac_session_id') do
|
|
40
38
|
if request.env[TCellAgent::Instrumentation::TCELL_ID].session_id
|
|
41
39
|
env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id =
|
|
42
40
|
TCellAgent::SensorEvents::Util.hmac(request.env[TCellAgent::Instrumentation::TCELL_ID].session_id)
|
|
@@ -48,7 +46,6 @@ module TCellAgent
|
|
|
48
46
|
|
|
49
47
|
response
|
|
50
48
|
end
|
|
51
|
-
|
|
52
49
|
end
|
|
53
50
|
end
|
|
54
51
|
end
|
|
@@ -21,7 +21,6 @@ module TCellAgent
|
|
|
21
21
|
module Instrumentation
|
|
22
22
|
module Rails
|
|
23
23
|
module Middleware
|
|
24
|
-
|
|
25
24
|
class HeadersMiddleware
|
|
26
25
|
def initialize(app)
|
|
27
26
|
@app = app
|
|
@@ -33,15 +32,15 @@ module TCellAgent
|
|
|
33
32
|
response = @app.call(env)
|
|
34
33
|
|
|
35
34
|
if TCellAgent.configuration.should_intercept_requests?
|
|
36
|
-
TCellAgent::Instrumentation.safe_block(
|
|
35
|
+
TCellAgent::Instrumentation.safe_block('Handling Request') do
|
|
37
36
|
tcell_response = response
|
|
38
37
|
unless request.env[TCellAgent::Instrumentation::TCELL_ID].patches_blocking_triggered
|
|
39
|
-
tcell_response =
|
|
38
|
+
tcell_response = _handle_appsensor_js_agent_and_dlp(request, tcell_response)
|
|
40
39
|
end
|
|
41
|
-
tcell_response =
|
|
42
|
-
tcell_response =
|
|
40
|
+
tcell_response = _handle_redirect(request, tcell_response)
|
|
41
|
+
tcell_response = _set_headers(request, tcell_response)
|
|
43
42
|
response = tcell_response
|
|
44
|
-
|
|
43
|
+
end
|
|
45
44
|
end
|
|
46
45
|
|
|
47
46
|
response
|
|
@@ -50,7 +49,7 @@ module TCellAgent
|
|
|
50
49
|
def _set_headers(request, response)
|
|
51
50
|
status, headers, active_response = response
|
|
52
51
|
|
|
53
|
-
rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::
|
|
52
|
+
rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
|
|
54
53
|
if rust_policies
|
|
55
54
|
policy_headers = rust_policies.get_headers(
|
|
56
55
|
request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
@@ -59,11 +58,11 @@ module TCellAgent
|
|
|
59
58
|
header_name = header_info['name']
|
|
60
59
|
header_value = header_info['value']
|
|
61
60
|
existing_header_value = headers[header_name]
|
|
62
|
-
if existing_header_value
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
61
|
+
headers[header_name] = if existing_header_value
|
|
62
|
+
"#{existing_header_value}, #{header_value}"
|
|
63
|
+
else
|
|
64
|
+
header_value
|
|
65
|
+
end
|
|
67
66
|
end
|
|
68
67
|
response = [status, headers, active_response]
|
|
69
68
|
end
|
|
@@ -72,34 +71,33 @@ module TCellAgent
|
|
|
72
71
|
end
|
|
73
72
|
|
|
74
73
|
def _handle_redirect(request, response)
|
|
75
|
-
TCellAgent::Instrumentation.safe_block(
|
|
74
|
+
TCellAgent::Instrumentation.safe_block('Handling Redirect Headers') do
|
|
76
75
|
status, headers, active_response = response
|
|
77
|
-
http_redirect_policy = TCellAgent.policy(TCellAgent::PolicyTypes::
|
|
78
|
-
if http_redirect_policy && headers.
|
|
76
|
+
http_redirect_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HTTPREDIRECT)
|
|
77
|
+
if http_redirect_policy && headers.key?('Location')
|
|
79
78
|
tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
|
80
79
|
route_id = tcell_context.route_id
|
|
81
80
|
hmac_session_id = tcell_context.hmac_session_id
|
|
82
81
|
new_location = http_redirect_policy.enforce(
|
|
83
|
-
headers[
|
|
82
|
+
headers['Location'],
|
|
84
83
|
tcell_context.uri,
|
|
85
84
|
tcell_context.fullpath,
|
|
86
85
|
tcell_context.request_method,
|
|
87
86
|
route_id,
|
|
88
87
|
status,
|
|
89
88
|
tcell_context.ip_address,
|
|
90
|
-
hmac_session_id
|
|
89
|
+
hmac_session_id
|
|
90
|
+
)
|
|
91
91
|
# Enforcement
|
|
92
|
-
if
|
|
93
|
-
headers["Location"] = new_location
|
|
94
|
-
end
|
|
92
|
+
headers['Location'] = new_location if new_location
|
|
95
93
|
end
|
|
96
94
|
response = [status, headers, active_response]
|
|
97
|
-
|
|
95
|
+
end
|
|
98
96
|
response
|
|
99
97
|
end
|
|
100
98
|
|
|
101
99
|
def _handle_appsensor_js_agent_and_dlp(request, response)
|
|
102
|
-
TCellAgent::Instrumentation.safe_block(
|
|
100
|
+
TCellAgent::Instrumentation.safe_block('Handling AppSensor, JS Agent, and DLP') do
|
|
103
101
|
status_code, response_headers, response_body = response
|
|
104
102
|
|
|
105
103
|
js_agent_handler, script_insert =
|
|
@@ -131,7 +129,6 @@ module TCellAgent
|
|
|
131
129
|
response_body,
|
|
132
130
|
content_length)
|
|
133
131
|
|
|
134
|
-
|
|
135
132
|
response_headers['Content-Length'] = content_length.to_s
|
|
136
133
|
|
|
137
134
|
elsif response_body.is_a?(Rack::BodyProxy)
|
|
@@ -141,17 +138,18 @@ module TCellAgent
|
|
|
141
138
|
js_agent_handler,
|
|
142
139
|
script_insert,
|
|
143
140
|
dlp_handler,
|
|
144
|
-
tcell_context
|
|
141
|
+
tcell_context
|
|
142
|
+
)
|
|
145
143
|
defer_appfw_due_to_streaming = true
|
|
146
144
|
end
|
|
147
145
|
|
|
148
|
-
rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::
|
|
146
|
+
rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::RUST)
|
|
149
147
|
if rust_policies && rust_policies.appfirewall_enabled
|
|
150
148
|
event = TCellAgent::SensorEvents::AppSensorMetaEvent.build(
|
|
151
149
|
request, content_length, status_code, response_headers
|
|
152
150
|
)
|
|
153
151
|
if defer_appfw_due_to_streaming
|
|
154
|
-
response_body.
|
|
152
|
+
response_body.appsensor_meta_event = event
|
|
155
153
|
else
|
|
156
154
|
TCellAgent.send_event(event)
|
|
157
155
|
end
|
|
@@ -162,7 +160,6 @@ module TCellAgent
|
|
|
162
160
|
|
|
163
161
|
response
|
|
164
162
|
end
|
|
165
|
-
|
|
166
163
|
end
|
|
167
164
|
end
|
|
168
165
|
end
|