tcell_agent 2.0.0 → 2.2.1

data/lib/tcell_agent/instrument_servers.rb

@@ -1,25 +1,21 @@
+# frozen_string_literal: true
+
 tcell_server = ENV['TCELL_AGENT_SERVER']
 
-if TCellAgent.configuration.should_instrument?
-  unless tcell_server && tcell_server == 'mock'
-    if (tcell_server && tcell_server == 'webrick') || defined?(Rails::Server)
-      require('tcell_agent/servers/rails_server')
+TCellAgent.thread_agent.instrument_built_ins if tcell_server &&
+                                                tcell_server == 'mock'
 
-    elsif (tcell_server && tcell_server == 'thin') || defined?(Thin)
-      require('tcell_agent/servers/thin')
+require('tcell_agent/servers/rails_server') if (tcell_server && tcell_server == 'webrick') ||
+                                               defined?(Rails::Server)
 
-    elsif (tcell_server && tcell_server == 'puma') || defined?(Puma)
-      require('tcell_agent/servers/puma')
+require('tcell_agent/servers/thin') if (tcell_server && tcell_server == 'thin') ||
+                                       defined?(Thin)
 
-    elsif (tcell_server && tcell_server == 'unicorn') || defined?(Unicorn)
-      require('tcell_agent/servers/unicorn')
+require('tcell_agent/servers/puma') if (tcell_server && tcell_server == 'puma') ||
+                                       defined?(Puma)
 
-    elsif (tcell_server && tcell_server == 'passenger') || defined?(PhusionPassenger)
-      require('tcell_agent/servers/passenger')
-    end
-  end
+require('tcell_agent/servers/unicorn') if (tcell_server && tcell_server == 'unicorn') ||
+                                          defined?(Unicorn)
 
-elsif (tcell_server && tcell_server == 'unicorn') || defined?(Unicorn)
-  # unicorn is always instrumented to support rolling restarts
-  require('tcell_agent/servers/unicorn')
-end
+require('tcell_agent/servers/passenger') if (tcell_server && tcell_server == 'passenger') ||
+                                            defined?(PhusionPassenger)

data/lib/tcell_agent/instrumentation/cmdi.rb

@@ -25,18 +25,18 @@ module TCellAgent
       cmd = ''
 
       TCellAgent::Instrumentation.safe_block('CMDI Parsing *args') do
-        unless args.empty?
-          args_copy = Array.new(args)
-          args_copy.shift if args_copy.first.is_a?(Hash)
-          args_copy.pop if args_copy.last.is_a?(Hash)
-
-          if args_copy.first.is_a?(Array)
-            cmd_n_argv0 = args_copy.shift
-            args_copy.unshift(cmd_n_argv0.first)
-          end
+        return cmd if args.nil? || args.empty?
+
+        args_copy = Array.new(args)
+        args_copy.shift if args_copy.first.is_a?(Hash)
+        args_copy.pop if args_copy.last.is_a?(Hash)
 
-          cmd = args_copy.join(' ')
+        if args_copy.first.is_a?(Array)
+          cmd_n_argv0 = args_copy.shift
+          args_copy.unshift(cmd_n_argv0.first)
         end
+
+        cmd = args_copy.join(' ')
       end
 
       cmd
@@ -46,12 +46,12 @@ module TCellAgent
       cmd = ''
 
       TCellAgent::Instrumentation.safe_block('CMDI Parsing *args') do
-        unless args.empty?
-          args_copy = Array.new(args)
-          first_arg = args_copy.shift
+        return cmd if args.nil? || args.empty?
 
-          cmd = first_arg[1..-1] if first_arg && first_arg[0] == '|'
-        end
+        args_copy = Array.new(args)
+        first_arg = args_copy.shift
+
+        cmd = first_arg[1..-1] if first_arg && (first_arg.is_a? String) && first_arg[0] == '|'
       end
 
       cmd

data/lib/tcell_agent/instrumentation/lfi.rb

@@ -26,18 +26,26 @@ module TCellAgent
         path = ''
         mode = ''
 
-        return ['', ''] if args.empty?
-
         TCellAgent::Instrumentation.safe_block('LFI Parsing *args') do
+          return ['', ''] if args.nil? || args.empty?
+
           args_copy = Array.new(args)
           path = args_copy.shift
           mode = args_copy.shift || 'r'
-        end
 
-        if path && path.to_s[0] != '|'
-          [File.expand_path(path).to_s, convert_mode(mode)]
-        else
-          ['', '']
+          if path && path.to_s[0] != '|'
+            path = File.expand_path(path.to_s)
+
+            mode = if mode && mode.is_a?(Hash)
+                     convert_mode(mode[:mode])
+                   else
+                     convert_mode(mode)
+                   end
+
+            [path, mode]
+          else
+            ['', '']
+          end
         end
       end
 
@@ -52,10 +60,13 @@ module TCellAgent
           else
             path = ARGF.filename
           end
-        end
 
-        path = File.expand_path(path) unless path.nil?
-        [path.to_s, mode]
+          if path && path.to_s[0] != '|'
+            [File.expand_path(path.to_s), mode]
+          else
+            ['', '']
+          end
+        end
       end
 
       def self.convert_mode(mode)

data/lib/tcell_agent/instrumentation/monkey_patches/io.rb

@@ -4,12 +4,15 @@ class IO
     def binread(*args, &block)
       path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
 
-      if path && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
+      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
         raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
       end
-      cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-      if cmd && TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
+
+      if path.empty?
+        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
+        if cmd && TCellAgent::Cmdi.block_command?(cmd)
+          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
+        end
       end
 
       tcell_original_binread(*args, &block)
@@ -69,14 +72,17 @@ class IO
       path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
       mode = 'Read'
 
-      if path && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
+      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
         raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
       end
 
-      cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-      if cmd && TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
+      if path.empty?
+        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
+        if cmd && TCellAgent::Cmdi.block_command?(cmd)
+          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
+        end
       end
+
       tcell_original_read(*args, &block)
     end
 
@@ -85,13 +91,15 @@ class IO
       path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
       mode = 'Read'
 
-      if path && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
+      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
         raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
       end
 
-      cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-      if cmd && TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
+      if path.empty?
+        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
+        if cmd && TCellAgent::Cmdi.block_command?(cmd)
+          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
+        end
       end
 
       tcell_original_readlines(*args, &block)

data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb

@@ -1,101 +1,69 @@
 module Kernel
-  class << self
-    alias_method :tcell_original_1_open, :open
-    def open(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if path && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-      if cmd && TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-
-      tcell_original_1_open(*args, &block)
-    end
+  private
 
-    alias_method :tcell_original_1_gets, :gets
-    def gets(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_1_gets(*args, &block)
-    end
+  alias_method :tcell_original_backtick, :`
+  alias_method :tcell_original_exec, :exec
+  alias_method :tcell_original_open, :open
+  alias_method :tcell_original_gets, :gets
+  alias_method :tcell_original_readline, :readline
+  alias_method :tcell_original_spawn, :spawn
+  alias_method :tcell_original_system, :system
 
+  class << self
+    alias_method :tcell_original_exec, :exec
+    alias_method :tcell_original_open, :open
+    alias_method :tcell_original_gets, :gets
     alias_method :tcell_original_readline, :readline
-    def readline(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
+    alias_method :tcell_original_spawn, :spawn
+    alias_method :tcell_original_system, :system
+  end
 
-      tcell_original_readline(*args, &block)
+  def `(cmd)
+    if TCellAgent::Cmdi.block_command?(cmd)
+      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
     end
 
-    alias_method :tcell_original_1_spawn, :spawn
-    def spawn(*args)
-      cmd = TCellAgent::Cmdi.parse_command(*args)
-      if TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-
-      tcell_original_1_spawn(*args)
-    end
+    tcell_original_backtick(cmd)
+  end
 
-    alias_method :tcell_original_1_system, :system
-    def system(*args)
+  if TCellAgent.configuration.should_instrument?('kernel_exec')
+    def exec(*args)
       cmd = TCellAgent::Cmdi.parse_command(*args)
       if TCellAgent::Cmdi.block_command?(cmd)
         raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
       end
 
-      tcell_original_1_system(*args)
+      tcell_original_exec(*args)
     end
   end
 
-  alias_method :tcell_original_backtick, :`
-  def `(cmd)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
+  def gets(*args, &block)
+    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
+
+    if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
+      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
     end
 
-    tcell_original_backtick(cmd)
+    tcell_original_gets(*args, &block)
   end
 
-  alias_method :tcell_original_2_open, :open
   def open(*args, &block)
     path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
 
-    if path && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
+    if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
       raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
     end
 
-    cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-    if cmd && TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-
-    tcell_original_2_open(*args, &block)
-  end
-
-  alias_method :tcell_original_2_gets, :gets
-  def gets(*args, &block)
-    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-
-    if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
+    if path.empty?
+      cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
+      if cmd && TCellAgent::Cmdi.block_command?(cmd)
+        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
+      end
     end
 
-    tcell_original_2_gets(*args, &block)
+    tcell_original_open(*args, &block)
   end
 
-  alias_method :tcell_original_readline, :readline
   def readline(*args, &block)
     path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
 
@@ -106,54 +74,29 @@ module Kernel
     tcell_original_readline(*args, &block)
   end
 
-  alias_method :tcell_original_2_spawn, :spawn
   def spawn(*args)
     cmd = TCellAgent::Cmdi.parse_command(*args)
     if TCellAgent::Cmdi.block_command?(cmd)
       raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
     end
 
-    tcell_original_2_spawn(*args)
+    tcell_original_spawn(*args)
   end
 
-  alias_method :tcell_original_2_system, :system
   def system(*args)
     cmd = TCellAgent::Cmdi.parse_command(*args)
     if TCellAgent::Cmdi.block_command?(cmd)
       raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
     end
 
-    tcell_original_2_system(*args)
+    tcell_original_system(*args)
   end
-end
-
-if TCellAgent.configuration.should_instrument_cmdi_exec?
-  module Kernel
-    class << self
-      alias_method :tcell_original_exec, :exec
-      def exec(*args)
-        cmd = TCellAgent::Cmdi.parse_command(*args)
-        if TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-
-        tcell_original_exec(*args)
-      end
-    end
-
-    alias_method :tcell_original_exec, :exec
-
-    private
 
-    def exec(*args)
-      cmd = TCellAgent::Cmdi.parse_command(*args)
-      if TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-
-      tcell_original_exec(*args)
-    end
-  end
-else
-  TCellAgent.logger.debug('Disabling cmdi Kernel::exec instrumentation', 'TCellAgent::Cmdi')
+  module_function :`
+  module_function :exec
+  module_function :gets
+  module_function :open
+  module_function :readline
+  module_function :spawn
+  module_function :system
 end

data/lib/tcell_agent/logger.rb

@@ -14,7 +14,6 @@ module TCellAgent
     def initialize(logger, module_name)
       @logger = logger
       @module_name = module_name
-      @module_name = "#{TCellAgent.configuration.log_tag} #{module_name}" if TCellAgent.configuration.log_tag
     end
 
     %i[exception debug info warn error].each do |method_name|
@@ -80,7 +79,7 @@ module TCellAgent
     @native_logger
   end
 
-  def self.native_agent=(native_agent)
+  def self.native_logger=(native_agent)
     @native_logger = NativeLogger.new(native_agent)
   end
 end

data/lib/tcell_agent/policies/command_injection_policy.rb

@@ -15,7 +15,7 @@ module TCellAgent
       end
 
       def block_command?(command, tcell_context)
-        return false unless @enabled
+        return false unless @enabled && tcell_context
 
         response = @native_agent.apply_cmdi(
           command, tcell_context

data/lib/tcell_agent/rails/auth/authlogic.rb

@@ -1,56 +1,61 @@
-if TCellAgent.configuration.should_instrument_authlogic? && defined?(Authlogic)
+# frozen_string_literal: true
 
-  require 'tcell_agent/configuration'
-  require 'tcell_agent/instrumentation'
+require 'tcell_agent/configuration'
+require 'tcell_agent/instrumentation'
 
-  module TCellAgent
-    require 'tcell_agent/agent'
+module TCellAgent
+  require 'tcell_agent/agent'
 
-    Authlogic::Session::Base.class_eval do
-      alias_method :tcell_save, :save
-      def save(&block)
-        return tcell_save(&block) unless TCellAgent.configuration.should_intercept_requests?
+  Authlogic::Session::Base.class_eval do
+    alias_method :tcell_save, :save
+    def save(&block)
+      return tcell_save(&block) unless TCellAgent.configuration.should_intercept_requests?
 
-        user_logged_in_before = !user.nil?
-        success = tcell_save(&block)
-        user_logged_in_after = !user.nil?
+      user_logged_in_before = !user.nil?
+      success = tcell_save(&block)
+      user_logged_in_after = !user.nil?
 
-        TCellAgent::Instrumentation.safe_block('Authlogic login info') do
-          user_id = nil
-          password = nil
-          user_valid = nil
-          TCellAgent::Instrumentation.safe_block('getting userid for login form') do
-            user_id = send(self.class.login_field.to_sym)
-          end
+      TCellAgent::Instrumentation.safe_block('Authlogic login info') do
+        user_id = nil
+        password = nil
+        user_valid = nil
+        TCellAgent::Instrumentation.safe_block('getting userid for login form') do
+          user_id = send(self.class.login_field.to_sym)
+        end
+
+        request = Authlogic::Session::Base.controller.request
+        tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+
+        return success unless tcell_data
+
+        login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+        if user_logged_in_before && user_logged_in_after
+        # password changed or logged in as another user
+        elsif !user_logged_in_before && !user_logged_in_after
+          TCellAgent::Instrumentation.safe_block('checking if user is valid') do
+            error_messages = errors.messages[login_field]
 
-          request = Authlogic::Session::Base.controller.request
-          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-
-          return success unless tcell_data
-
-          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-          if user_logged_in_before && user_logged_in_after
-            # password changed or logged in as another user
-          elsif !user_logged_in_before && !user_logged_in_after
-            login_policy.report_login_failure(
-              user_id,
-              password,
-              request.env,
-              user_valid,
-              tcell_data
-            )
-          elsif !user_logged_in_before && user_logged_in_after
-            login_policy.report_login_success(
-              user_id,
-              request.env,
-              tcell_data
-            )
+            user_valid = error_messages.empty?
           end
-        end
 
-        success
+          login_policy.report_login_failure(
+            user_id,
+            password,
+            request.env,
+            user_valid,
+            tcell_data
+          )
+        elsif !user_logged_in_before && user_logged_in_after
+          tcell_data.user_id = user_id if user_id && tcell_data.user_id.nil?
+          login_policy.report_login_success(
+            user_id,
+            request.env,
+            tcell_data
+          )
+        end
       end
+
+      success
     end
   end
-
 end