tcell_agent 1.1.9 → 1.1.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/tcell_agent/rust/models.rb +6 -5
- data/lib/tcell_agent/rust/whisperer.rb +2 -2
- data/lib/tcell_agent/tcell_context.rb +33 -26
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/rust/models_spec.rb +8 -8
- data/spec/lib/tcell_agent/tcell_context_spec.rb +0 -72
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b84894f0c99387e227049af1f0cf23514630037a8a717b43283bcb19c66dfa37
|
4
|
+
data.tar.gz: 7464cb57bee06eea3c94717334ef755b0acbef4768f836f39b8de7cdb85cb505
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 60dabf811b67b4d762a8c39c96e47f7f3fff2e0287bb8586fec019976680b7c88efcbeb8e8ef541a8c719de0430a1c010e72ebaf7dfaffd03ff38b8c501fabca
|
7
|
+
data.tar.gz: 4974dccf426c1113ffbd238ef8006dc8600fc01bcbd29fbf940c2c78df5f979c80f48888b7565fa8a3c998b71edc60973e2e97ddd08c8648224755b270af9ae9
|
@@ -15,8 +15,7 @@ module TCellAgent
|
|
15
15
|
end
|
16
16
|
|
17
17
|
def self.create_request_response(appsensor_meta)
|
18
|
-
post_params = convert_params(appsensor_meta.flattened_post_dict)
|
19
|
-
convert_params(appsensor_meta.flattened_body_dict)
|
18
|
+
post_params = convert_params(appsensor_meta.flattened_post_dict)
|
20
19
|
|
21
20
|
request_response = {
|
22
21
|
'method' => appsensor_meta.method,
|
@@ -33,6 +32,8 @@ module TCellAgent
|
|
33
32
|
'session_id' => appsensor_meta.session_id,
|
34
33
|
'user_id' => appsensor_meta.user_id,
|
35
34
|
'user_agent' => appsensor_meta.user_agent,
|
35
|
+
:content_type => appsensor_meta.content_type,
|
36
|
+
:request_body => appsensor_meta.raw_request_body,
|
36
37
|
'request_bytes_length' => appsensor_meta.request_content_bytes_len,
|
37
38
|
'response_bytes_length' => appsensor_meta.response_content_bytes_len
|
38
39
|
}
|
@@ -53,8 +54,7 @@ module TCellAgent
|
|
53
54
|
end
|
54
55
|
|
55
56
|
def self.create_patches_request(appsensor_meta)
|
56
|
-
post_params = convert_params(appsensor_meta.flattened_post_dict)
|
57
|
-
convert_params(appsensor_meta.flattened_body_dict)
|
57
|
+
post_params = convert_params(appsensor_meta.flattened_post_dict)
|
58
58
|
|
59
59
|
{
|
60
60
|
'method' => appsensor_meta.method,
|
@@ -64,7 +64,8 @@ module TCellAgent
|
|
64
64
|
'query_params' => convert_params(appsensor_meta.flattened_get_dict),
|
65
65
|
'post_params' => post_params,
|
66
66
|
'headers' => convert_params(appsensor_meta.flattened_headers_dict),
|
67
|
-
'cookies' => convert_params(appsensor_meta.flattened_cookie_dict)
|
67
|
+
'cookies' => convert_params(appsensor_meta.flattened_cookie_dict),
|
68
|
+
:content_type => appsensor_meta.content_type
|
68
69
|
}
|
69
70
|
end
|
70
71
|
end
|
@@ -93,8 +93,8 @@ module TCellAgent
|
|
93
93
|
'js_agent_url' => TCellAgent.configuration.js_agent_url
|
94
94
|
},
|
95
95
|
'appfirewall' => {
|
96
|
-
'enable_body_xxe_inspection' =>
|
97
|
-
'enable_body_json_inspection' =>
|
96
|
+
'enable_body_xxe_inspection' => true,
|
97
|
+
'enable_body_json_inspection' => true,
|
98
98
|
'allow_log_payloads' => true
|
99
99
|
},
|
100
100
|
'policy_versions' => {
|
@@ -1,5 +1,10 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'tcell_agent/logger'
|
2
4
|
require 'tcell_agent/utils/params'
|
5
|
+
require 'cgi'
|
6
|
+
|
7
|
+
TCELL_MAX_BODY_LENGTH = 20_000
|
3
8
|
|
4
9
|
# TODO(ralba): move TCellData from instrumentation.rb here
|
5
10
|
# and merge both models into one and drop usage of MetaData.
|
@@ -38,6 +43,8 @@ module TCellAgent
|
|
38
43
|
:transaction_id,
|
39
44
|
:location,
|
40
45
|
:path,
|
46
|
+
:raw_request_body,
|
47
|
+
:content_type,
|
41
48
|
:request_content_bytes_len,
|
42
49
|
:response_content_bytes_len,
|
43
50
|
:response_code,
|
@@ -113,38 +120,38 @@ module TCellAgent
|
|
113
120
|
@flattened_path_parameters = TCellAgent::Utils::Params.flatten(value)
|
114
121
|
end
|
115
122
|
|
123
|
+
def get_raw_post_data(request)
|
124
|
+
if request.env.key?('RAW_POST_DATA')
|
125
|
+
raw_post_data = request.env['RAW_POST_DATA']
|
126
|
+
else
|
127
|
+
body = request.body
|
128
|
+
# Positions strio to the beginning of input, resetting lineno to zero.
|
129
|
+
# rails 4.1 seems to read the stringIO directly and so body.gets is empty
|
130
|
+
# this is called
|
131
|
+
body.rewind if body.respond_to?(:rewind)
|
132
|
+
raw_post_data = body.read(request.content_length.to_i) if request.content_length
|
133
|
+
body.rewind if body.respond_to?(:rewind)
|
134
|
+
end
|
135
|
+
raw_post_data if raw_post_data.respond_to?(:length) && raw_post_data.length < TCELL_MAX_BODY_LENGTH
|
136
|
+
end
|
137
|
+
|
116
138
|
def set_parameter_dicts(request)
|
117
139
|
self.get_dict = request.GET
|
118
140
|
self.cookie_dict = request.cookies
|
119
|
-
self.post_dict = request.POST
|
120
|
-
self.headers_dict = request.env
|
121
141
|
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
142
|
+
self.post_dict = if !(request.content_type =~ %r{application/json}i).nil? ||
|
143
|
+
!(request.content_type =~ %r{application/xml}i).nil?
|
144
|
+
{}
|
145
|
+
else
|
146
|
+
request.POST
|
147
|
+
end
|
126
148
|
|
127
|
-
|
128
|
-
set_body_dict(
|
129
|
-
@request_content_bytes_len,
|
130
|
-
request.content_type,
|
131
|
-
request.body.gets
|
132
|
-
)
|
133
|
-
end
|
134
|
-
|
135
|
-
def set_body_dict(request_content_bytes_len, request_content_type, request_body)
|
136
|
-
@flattened_body_dict = {}
|
137
|
-
|
138
|
-
return if request_content_bytes_len > 2_000_000
|
139
|
-
|
140
|
-
return unless request_body && (request_content_type =~ %r{application/json}i)
|
149
|
+
self.headers_dict = request.env
|
141
150
|
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
TCellAgent.logger.debug('JSON body parameter parsing failed')
|
147
|
-
end
|
151
|
+
@flattened_body_dict = {} # deprecated
|
152
|
+
@content_type = request.content_type
|
153
|
+
@raw_request_body = get_raw_post_data(request)
|
154
|
+
@request_content_bytes_len = (request.content_length || 0).to_i
|
148
155
|
end
|
149
156
|
end
|
150
157
|
end
|
data/lib/tcell_agent/version.rb
CHANGED
@@ -26,9 +26,8 @@ module TCellAgent
|
|
26
26
|
meta_data.post_dict = { 'xss_param' => '<script>' }
|
27
27
|
meta_data.cookie_dict = { 'xss_param' => '<script>' }
|
28
28
|
meta_data.headers_dict = { 'HTTP_XSS_PARAM' => '<script>' }
|
29
|
-
|
30
|
-
|
31
|
-
meta_data.set_body_dict(json_body.bytesize, 'application/json', json_body)
|
29
|
+
meta_data.content_type = 'hi'
|
30
|
+
meta_data.raw_request_body = { 'xss_param' => '<script>' }.to_json
|
32
31
|
|
33
32
|
result = Models.create_request_response(meta_data)
|
34
33
|
|
@@ -42,7 +41,6 @@ module TCellAgent
|
|
42
41
|
{ 'name' => 'xss_param', 'value' => '<script>' }
|
43
42
|
],
|
44
43
|
'post_params' => [
|
45
|
-
{ 'name' => 'xss_param', 'value' => '<script>' },
|
46
44
|
{ 'name' => 'xss_param', 'value' => '<script>' }
|
47
45
|
],
|
48
46
|
'headers' => [
|
@@ -59,6 +57,8 @@ module TCellAgent
|
|
59
57
|
'session_id' => 'session_id',
|
60
58
|
'user_id' => 'user_id',
|
61
59
|
'user_agent' => 'Mozilla',
|
60
|
+
:content_type => 'hi',
|
61
|
+
:request_body => '{"xss_param":"<script>"}',
|
62
62
|
'request_bytes_length' => 1024,
|
63
63
|
'response_bytes_length' => 2048,
|
64
64
|
'csrf_exception' => {
|
@@ -93,9 +93,9 @@ module TCellAgent
|
|
93
93
|
meta_data.post_dict = { 'user' => { 'xss_param' => '<script>' } }
|
94
94
|
meta_data.cookie_dict = { 'xss_param' => '<script>' }
|
95
95
|
meta_data.headers_dict = { 'HTTP_XSS_PARAM' => '<script>' }
|
96
|
-
|
97
|
-
|
98
|
-
meta_data.
|
96
|
+
meta_data.content_type = 'hi'
|
97
|
+
# patches does not use the request body.
|
98
|
+
meta_data.raw_request_body = { 'user' => { 'xss_param' => '<script>' } }.to_json
|
99
99
|
|
100
100
|
result = Models.create_patches_request(meta_data)
|
101
101
|
|
@@ -105,9 +105,9 @@ module TCellAgent
|
|
105
105
|
'path' => '/some/path',
|
106
106
|
'remote_address' => '192.168.1.1',
|
107
107
|
'request_bytes_length' => 1024,
|
108
|
+
:content_type => 'hi',
|
108
109
|
'query_params' => [{ 'name' => 'xss_param', 'value' => '<script>' }],
|
109
110
|
'post_params' => [
|
110
|
-
{ 'name' => 'xss_param', 'value' => '<script>' },
|
111
111
|
{ 'name' => 'xss_param', 'value' => '<script>' }
|
112
112
|
],
|
113
113
|
'headers' => [{ 'name' => 'xss-param', 'value' => '<script>' }],
|
@@ -75,79 +75,7 @@ module TCellAgent
|
|
75
75
|
)
|
76
76
|
end
|
77
77
|
|
78
|
-
context 'with text/html content type' do
|
79
|
-
it 'should set the body params to empty' do
|
80
|
-
@meta_data.set_body_dict(
|
81
|
-
67,
|
82
|
-
'text/html',
|
83
|
-
{
|
84
|
-
:username => 'tester',
|
85
|
-
:password => 'pass'
|
86
|
-
}.to_json
|
87
|
-
)
|
88
|
-
|
89
|
-
expect(@meta_data.flattened_body_dict).to eq({})
|
90
|
-
end
|
91
|
-
end
|
92
|
-
|
93
78
|
context 'with application/json content type' do
|
94
|
-
context 'with empty request body' do
|
95
|
-
it 'should set the body params to empty' do
|
96
|
-
@meta_data.set_body_dict(
|
97
|
-
67,
|
98
|
-
'application/json',
|
99
|
-
nil
|
100
|
-
)
|
101
|
-
|
102
|
-
expect(@meta_data.flattened_body_dict).to eq({})
|
103
|
-
end
|
104
|
-
end
|
105
|
-
|
106
|
-
context 'with bad json in the body' do
|
107
|
-
it 'should set the body params to empty' do
|
108
|
-
@meta_data.set_body_dict(
|
109
|
-
67,
|
110
|
-
'application/json',
|
111
|
-
'{"username":"tester""password":"pass"}'
|
112
|
-
)
|
113
|
-
|
114
|
-
expect(@meta_data.flattened_body_dict).to eq({})
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
|
-
context 'with valid json in the body' do
|
119
|
-
it 'should set the body params' do
|
120
|
-
@meta_data.set_body_dict(
|
121
|
-
67,
|
122
|
-
'application/json',
|
123
|
-
{
|
124
|
-
:username => 'tester',
|
125
|
-
:password => 'pass'
|
126
|
-
}.to_json
|
127
|
-
)
|
128
|
-
|
129
|
-
expect(@meta_data.flattened_body_dict).to eq(
|
130
|
-
{
|
131
|
-
['username'] => 'tester',
|
132
|
-
['password'] => 'pass'
|
133
|
-
}
|
134
|
-
)
|
135
|
-
end
|
136
|
-
end
|
137
|
-
|
138
|
-
context 'with a json body that is too big' do
|
139
|
-
it 'should set the body params to empty' do
|
140
|
-
@meta_data.set_body_dict(
|
141
|
-
20_000_000,
|
142
|
-
'application/json',
|
143
|
-
{
|
144
|
-
:username => 'tester',
|
145
|
-
:password => 'pass'
|
146
|
-
}.to_json
|
147
|
-
)
|
148
|
-
expect(@meta_data.flattened_body_dict).to eq({})
|
149
|
-
end
|
150
|
-
end
|
151
79
|
end
|
152
80
|
end
|
153
81
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tcell_agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rafael
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-09-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|