tcell_agent 1.1.9 → 1.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/tcell_agent/rust/models.rb +6 -5
- data/lib/tcell_agent/rust/whisperer.rb +2 -2
- data/lib/tcell_agent/tcell_context.rb +33 -26
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/rust/models_spec.rb +8 -8
- data/spec/lib/tcell_agent/tcell_context_spec.rb +0 -72
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b84894f0c99387e227049af1f0cf23514630037a8a717b43283bcb19c66dfa37
|
|
4
|
+
data.tar.gz: 7464cb57bee06eea3c94717334ef755b0acbef4768f836f39b8de7cdb85cb505
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 60dabf811b67b4d762a8c39c96e47f7f3fff2e0287bb8586fec019976680b7c88efcbeb8e8ef541a8c719de0430a1c010e72ebaf7dfaffd03ff38b8c501fabca
|
|
7
|
+
data.tar.gz: 4974dccf426c1113ffbd238ef8006dc8600fc01bcbd29fbf940c2c78df5f979c80f48888b7565fa8a3c998b71edc60973e2e97ddd08c8648224755b270af9ae9
|
|
@@ -15,8 +15,7 @@ module TCellAgent
|
|
|
15
15
|
end
|
|
16
16
|
|
|
17
17
|
def self.create_request_response(appsensor_meta)
|
|
18
|
-
post_params = convert_params(appsensor_meta.flattened_post_dict)
|
|
19
|
-
convert_params(appsensor_meta.flattened_body_dict)
|
|
18
|
+
post_params = convert_params(appsensor_meta.flattened_post_dict)
|
|
20
19
|
|
|
21
20
|
request_response = {
|
|
22
21
|
'method' => appsensor_meta.method,
|
|
@@ -33,6 +32,8 @@ module TCellAgent
|
|
|
33
32
|
'session_id' => appsensor_meta.session_id,
|
|
34
33
|
'user_id' => appsensor_meta.user_id,
|
|
35
34
|
'user_agent' => appsensor_meta.user_agent,
|
|
35
|
+
:content_type => appsensor_meta.content_type,
|
|
36
|
+
:request_body => appsensor_meta.raw_request_body,
|
|
36
37
|
'request_bytes_length' => appsensor_meta.request_content_bytes_len,
|
|
37
38
|
'response_bytes_length' => appsensor_meta.response_content_bytes_len
|
|
38
39
|
}
|
|
@@ -53,8 +54,7 @@ module TCellAgent
|
|
|
53
54
|
end
|
|
54
55
|
|
|
55
56
|
def self.create_patches_request(appsensor_meta)
|
|
56
|
-
post_params = convert_params(appsensor_meta.flattened_post_dict)
|
|
57
|
-
convert_params(appsensor_meta.flattened_body_dict)
|
|
57
|
+
post_params = convert_params(appsensor_meta.flattened_post_dict)
|
|
58
58
|
|
|
59
59
|
{
|
|
60
60
|
'method' => appsensor_meta.method,
|
|
@@ -64,7 +64,8 @@ module TCellAgent
|
|
|
64
64
|
'query_params' => convert_params(appsensor_meta.flattened_get_dict),
|
|
65
65
|
'post_params' => post_params,
|
|
66
66
|
'headers' => convert_params(appsensor_meta.flattened_headers_dict),
|
|
67
|
-
'cookies' => convert_params(appsensor_meta.flattened_cookie_dict)
|
|
67
|
+
'cookies' => convert_params(appsensor_meta.flattened_cookie_dict),
|
|
68
|
+
:content_type => appsensor_meta.content_type
|
|
68
69
|
}
|
|
69
70
|
end
|
|
70
71
|
end
|
|
@@ -93,8 +93,8 @@ module TCellAgent
|
|
|
93
93
|
'js_agent_url' => TCellAgent.configuration.js_agent_url
|
|
94
94
|
},
|
|
95
95
|
'appfirewall' => {
|
|
96
|
-
'enable_body_xxe_inspection' =>
|
|
97
|
-
'enable_body_json_inspection' =>
|
|
96
|
+
'enable_body_xxe_inspection' => true,
|
|
97
|
+
'enable_body_json_inspection' => true,
|
|
98
98
|
'allow_log_payloads' => true
|
|
99
99
|
},
|
|
100
100
|
'policy_versions' => {
|
|
@@ -1,5 +1,10 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'tcell_agent/logger'
|
|
2
4
|
require 'tcell_agent/utils/params'
|
|
5
|
+
require 'cgi'
|
|
6
|
+
|
|
7
|
+
TCELL_MAX_BODY_LENGTH = 20_000
|
|
3
8
|
|
|
4
9
|
# TODO(ralba): move TCellData from instrumentation.rb here
|
|
5
10
|
# and merge both models into one and drop usage of MetaData.
|
|
@@ -38,6 +43,8 @@ module TCellAgent
|
|
|
38
43
|
:transaction_id,
|
|
39
44
|
:location,
|
|
40
45
|
:path,
|
|
46
|
+
:raw_request_body,
|
|
47
|
+
:content_type,
|
|
41
48
|
:request_content_bytes_len,
|
|
42
49
|
:response_content_bytes_len,
|
|
43
50
|
:response_code,
|
|
@@ -113,38 +120,38 @@ module TCellAgent
|
|
|
113
120
|
@flattened_path_parameters = TCellAgent::Utils::Params.flatten(value)
|
|
114
121
|
end
|
|
115
122
|
|
|
123
|
+
def get_raw_post_data(request)
|
|
124
|
+
if request.env.key?('RAW_POST_DATA')
|
|
125
|
+
raw_post_data = request.env['RAW_POST_DATA']
|
|
126
|
+
else
|
|
127
|
+
body = request.body
|
|
128
|
+
# Positions strio to the beginning of input, resetting lineno to zero.
|
|
129
|
+
# rails 4.1 seems to read the stringIO directly and so body.gets is empty
|
|
130
|
+
# this is called
|
|
131
|
+
body.rewind if body.respond_to?(:rewind)
|
|
132
|
+
raw_post_data = body.read(request.content_length.to_i) if request.content_length
|
|
133
|
+
body.rewind if body.respond_to?(:rewind)
|
|
134
|
+
end
|
|
135
|
+
raw_post_data if raw_post_data.respond_to?(:length) && raw_post_data.length < TCELL_MAX_BODY_LENGTH
|
|
136
|
+
end
|
|
137
|
+
|
|
116
138
|
def set_parameter_dicts(request)
|
|
117
139
|
self.get_dict = request.GET
|
|
118
140
|
self.cookie_dict = request.cookies
|
|
119
|
-
self.post_dict = request.POST
|
|
120
|
-
self.headers_dict = request.env
|
|
121
141
|
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
142
|
+
self.post_dict = if !(request.content_type =~ %r{application/json}i).nil? ||
|
|
143
|
+
!(request.content_type =~ %r{application/xml}i).nil?
|
|
144
|
+
{}
|
|
145
|
+
else
|
|
146
|
+
request.POST
|
|
147
|
+
end
|
|
126
148
|
|
|
127
|
-
|
|
128
|
-
set_body_dict(
|
|
129
|
-
@request_content_bytes_len,
|
|
130
|
-
request.content_type,
|
|
131
|
-
request.body.gets
|
|
132
|
-
)
|
|
133
|
-
end
|
|
134
|
-
|
|
135
|
-
def set_body_dict(request_content_bytes_len, request_content_type, request_body)
|
|
136
|
-
@flattened_body_dict = {}
|
|
137
|
-
|
|
138
|
-
return if request_content_bytes_len > 2_000_000
|
|
139
|
-
|
|
140
|
-
return unless request_body && (request_content_type =~ %r{application/json}i)
|
|
149
|
+
self.headers_dict = request.env
|
|
141
150
|
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
TCellAgent.logger.debug('JSON body parameter parsing failed')
|
|
147
|
-
end
|
|
151
|
+
@flattened_body_dict = {} # deprecated
|
|
152
|
+
@content_type = request.content_type
|
|
153
|
+
@raw_request_body = get_raw_post_data(request)
|
|
154
|
+
@request_content_bytes_len = (request.content_length || 0).to_i
|
|
148
155
|
end
|
|
149
156
|
end
|
|
150
157
|
end
|
data/lib/tcell_agent/version.rb
CHANGED
|
@@ -26,9 +26,8 @@ module TCellAgent
|
|
|
26
26
|
meta_data.post_dict = { 'xss_param' => '<script>' }
|
|
27
27
|
meta_data.cookie_dict = { 'xss_param' => '<script>' }
|
|
28
28
|
meta_data.headers_dict = { 'HTTP_XSS_PARAM' => '<script>' }
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
meta_data.set_body_dict(json_body.bytesize, 'application/json', json_body)
|
|
29
|
+
meta_data.content_type = 'hi'
|
|
30
|
+
meta_data.raw_request_body = { 'xss_param' => '<script>' }.to_json
|
|
32
31
|
|
|
33
32
|
result = Models.create_request_response(meta_data)
|
|
34
33
|
|
|
@@ -42,7 +41,6 @@ module TCellAgent
|
|
|
42
41
|
{ 'name' => 'xss_param', 'value' => '<script>' }
|
|
43
42
|
],
|
|
44
43
|
'post_params' => [
|
|
45
|
-
{ 'name' => 'xss_param', 'value' => '<script>' },
|
|
46
44
|
{ 'name' => 'xss_param', 'value' => '<script>' }
|
|
47
45
|
],
|
|
48
46
|
'headers' => [
|
|
@@ -59,6 +57,8 @@ module TCellAgent
|
|
|
59
57
|
'session_id' => 'session_id',
|
|
60
58
|
'user_id' => 'user_id',
|
|
61
59
|
'user_agent' => 'Mozilla',
|
|
60
|
+
:content_type => 'hi',
|
|
61
|
+
:request_body => '{"xss_param":"<script>"}',
|
|
62
62
|
'request_bytes_length' => 1024,
|
|
63
63
|
'response_bytes_length' => 2048,
|
|
64
64
|
'csrf_exception' => {
|
|
@@ -93,9 +93,9 @@ module TCellAgent
|
|
|
93
93
|
meta_data.post_dict = { 'user' => { 'xss_param' => '<script>' } }
|
|
94
94
|
meta_data.cookie_dict = { 'xss_param' => '<script>' }
|
|
95
95
|
meta_data.headers_dict = { 'HTTP_XSS_PARAM' => '<script>' }
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
meta_data.
|
|
96
|
+
meta_data.content_type = 'hi'
|
|
97
|
+
# patches does not use the request body.
|
|
98
|
+
meta_data.raw_request_body = { 'user' => { 'xss_param' => '<script>' } }.to_json
|
|
99
99
|
|
|
100
100
|
result = Models.create_patches_request(meta_data)
|
|
101
101
|
|
|
@@ -105,9 +105,9 @@ module TCellAgent
|
|
|
105
105
|
'path' => '/some/path',
|
|
106
106
|
'remote_address' => '192.168.1.1',
|
|
107
107
|
'request_bytes_length' => 1024,
|
|
108
|
+
:content_type => 'hi',
|
|
108
109
|
'query_params' => [{ 'name' => 'xss_param', 'value' => '<script>' }],
|
|
109
110
|
'post_params' => [
|
|
110
|
-
{ 'name' => 'xss_param', 'value' => '<script>' },
|
|
111
111
|
{ 'name' => 'xss_param', 'value' => '<script>' }
|
|
112
112
|
],
|
|
113
113
|
'headers' => [{ 'name' => 'xss-param', 'value' => '<script>' }],
|
|
@@ -75,79 +75,7 @@ module TCellAgent
|
|
|
75
75
|
)
|
|
76
76
|
end
|
|
77
77
|
|
|
78
|
-
context 'with text/html content type' do
|
|
79
|
-
it 'should set the body params to empty' do
|
|
80
|
-
@meta_data.set_body_dict(
|
|
81
|
-
67,
|
|
82
|
-
'text/html',
|
|
83
|
-
{
|
|
84
|
-
:username => 'tester',
|
|
85
|
-
:password => 'pass'
|
|
86
|
-
}.to_json
|
|
87
|
-
)
|
|
88
|
-
|
|
89
|
-
expect(@meta_data.flattened_body_dict).to eq({})
|
|
90
|
-
end
|
|
91
|
-
end
|
|
92
|
-
|
|
93
78
|
context 'with application/json content type' do
|
|
94
|
-
context 'with empty request body' do
|
|
95
|
-
it 'should set the body params to empty' do
|
|
96
|
-
@meta_data.set_body_dict(
|
|
97
|
-
67,
|
|
98
|
-
'application/json',
|
|
99
|
-
nil
|
|
100
|
-
)
|
|
101
|
-
|
|
102
|
-
expect(@meta_data.flattened_body_dict).to eq({})
|
|
103
|
-
end
|
|
104
|
-
end
|
|
105
|
-
|
|
106
|
-
context 'with bad json in the body' do
|
|
107
|
-
it 'should set the body params to empty' do
|
|
108
|
-
@meta_data.set_body_dict(
|
|
109
|
-
67,
|
|
110
|
-
'application/json',
|
|
111
|
-
'{"username":"tester""password":"pass"}'
|
|
112
|
-
)
|
|
113
|
-
|
|
114
|
-
expect(@meta_data.flattened_body_dict).to eq({})
|
|
115
|
-
end
|
|
116
|
-
end
|
|
117
|
-
|
|
118
|
-
context 'with valid json in the body' do
|
|
119
|
-
it 'should set the body params' do
|
|
120
|
-
@meta_data.set_body_dict(
|
|
121
|
-
67,
|
|
122
|
-
'application/json',
|
|
123
|
-
{
|
|
124
|
-
:username => 'tester',
|
|
125
|
-
:password => 'pass'
|
|
126
|
-
}.to_json
|
|
127
|
-
)
|
|
128
|
-
|
|
129
|
-
expect(@meta_data.flattened_body_dict).to eq(
|
|
130
|
-
{
|
|
131
|
-
['username'] => 'tester',
|
|
132
|
-
['password'] => 'pass'
|
|
133
|
-
}
|
|
134
|
-
)
|
|
135
|
-
end
|
|
136
|
-
end
|
|
137
|
-
|
|
138
|
-
context 'with a json body that is too big' do
|
|
139
|
-
it 'should set the body params to empty' do
|
|
140
|
-
@meta_data.set_body_dict(
|
|
141
|
-
20_000_000,
|
|
142
|
-
'application/json',
|
|
143
|
-
{
|
|
144
|
-
:username => 'tester',
|
|
145
|
-
:password => 'pass'
|
|
146
|
-
}.to_json
|
|
147
|
-
)
|
|
148
|
-
expect(@meta_data.flattened_body_dict).to eq({})
|
|
149
|
-
end
|
|
150
|
-
end
|
|
151
79
|
end
|
|
152
80
|
end
|
|
153
81
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tcell_agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rafael
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-09-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|