tcell_agent 2.0.0 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b0b98e0366f6de14a287a83e13f08a0b5fdc9f13d12d8c6d1f0a2fa7f1caad9c
-  data.tar.gz: 88cfc253d06f635d54ab72d83e4d3a28829526c3df47e2e1e7cad19fd47c9293
+  metadata.gz: 4460b2fd01c8b788c8139cbeb2cee7f8a2505e4cc365c279a518778766d9cdb0
+  data.tar.gz: 18dfdd5e944e91155d6b58fa22262b027292038192fac0b6afd4693314f74fd8
 SHA512:
-  metadata.gz: 04c30f374634daf21590a07f94e3ea27cf09cd6931570b43a215f8d424983a86519c393faad76f7c809580dc9a02a905de00e6e28c4017d789b7baa6b86c5a3f
-  data.tar.gz: 39119777a798add18175e51c5935fb08d8ea85f2cde16d237e87f9175f477d9d3333cf91e4cecf089b39b355db31052a5047a444a420ea778e505631952be623
+  metadata.gz: a2404786f0663783fd45194043c4a12efda21db0e933c14aca5f2d4532e900aac3b3f700ca8282b1995b38c718b6e0eade2a2b1ffbc9df467bf8ab5b4f144b18
+  data.tar.gz: 5021cff2601b66fd94a41b710ab0ab0211be35b2bd442afc0ca992ce4236d6c65e3ef69e14cd2ca9455fb4282d8affa1ba3e7aa3f05c75e4285ff6b5ab77e871

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (C) 2015 tCell.io, Inc. - All Rights Reserved
+Copyright (C) 2020 Rapid7, Inc. - All Rights Reserved
 Proprietary and confidential
 
-http://choosealicense.com/licenses/no-license/
+https://docs.rapid7.com/tcell/ruby-agent-install/

data/bin/tcell_agent

@@ -1,29 +1,15 @@
 #!/usr/bin/env ruby
 
-# TODO: so a small bit becames something, larger, rewrite as a real cmdline script
-
-require 'fileutils'
-require 'json'
+require 'tcell_agent'
 require 'optparse'
 
+CONFIG_DIR = 'config'.freeze
+CONFIG_FILE = 'config/tcell_agent.config'.freeze
 options = {}
-
-subtext = <<HELP
-Commonly used command are:
-   setup :     Setup new config file
-    test :     Run diagnostics classes and config
-loglevel :     Set the loglevel of the tcell agent
-  enable :     Enable the agent
- disable :     Disable the agent
-
-See 'tcell_agent COMMAND --help' for more information on a specific command.
-
-HELP
-
 def yesno(default = true)
   begin
     system('stty raw -echo')
-    str = STDIN.getc
+    str = $stdin.getc
   ensure
     system('stty -raw echo')
   end
@@ -34,74 +20,53 @@ def yesno(default = true)
   default
 end
 
-CONFIG_DIR = 'config'.freeze
-CONFIG_FILE = 'config/tcell_agent.config'.freeze
+subtext = <<HELP
+Commonly used commands are:
+    test    : Run diagnostics and test event sending
+HELP
 
 global = OptionParser.new do |opts|
-  opts.banner = 'Usage: tcell_agent [options] [subcommand [options]]'
+  opts.banner = 'Usage: tcell_agent [options] [subcommand]'
+
   opts.on('--version', 'Print version') do |_v|
-    require 'tcell_agent/version'
-    puts "TCell.io Ruby Agent (Version #{TCellAgent::VERSION})"
+    puts "tCell Ruby Agent Version #{TCellAgent::VERSION}"
     Kernel.exit(1)
   end
-  opts.on('-v', '--[no-]verbose', 'Run verbosely') do |v|
-    options[:verbose] = v
-  end
+
   opts.separator ''
   opts.separator subtext
 end
 
 subcommands = {
-  'setup' => OptionParser.new do |opts|
-    opts.banner = 'Usage: setup'
+  'test' => OptionParser.new do |opts|
+    opts.banner = 'Usage: test'
   end,
   'loglevel' => OptionParser.new do |opts|
     opts.banner = 'Usage: loglevel [options] error|warn|info|debug'
     opts.on('-o', '--off', 'turn logging off ') do |v|
       options[:off] = v
     end
-  end,
-  'preload' => OptionParser.new do |opts|
-    opts.banner = 'Usage: loglevel [options] [preload_filename]'
-    opts.on('-o', '--off', 'turn preloading filename off ') do |v|
-      options[:off] = v
-    end
-  end,
-  'demomode' => OptionParser.new do |opts|
-    opts.banner = 'Usage: loglevel [options]'
-    opts.on('-o', '--off', 'turn preloading filename off ') do |v|
-      options[:off] = v
-    end
-  end,
-  'enable' => OptionParser.new do |opts|
-    opts.banner = 'Usage: enable'
-  end,
-  'disable' => OptionParser.new do |opts|
-    opts.banner = 'Usage: disable'
-  end,
-  'test' => OptionParser.new do |opts|
-              opts.banner = 'Usage: test'
-              # opts.on("-q", "--[no-]quiet", "quietly run ") do |v|
-              #  options[:quiet] = v
-              # end
-            end
+  end
 }
 
 global.order!
 command = ARGV.shift
-if command.nil? || subcommands[command].nil?
+if command.nil?
   puts global
   Kernel.exit(1)
+elsif subcommands[command]
+  subcommands[command].order!
 end
-subcommands[command].order!
 
 if command == 'setup'
+  puts '[WARN] tcell_agent setup is deprecated and will be removed in the future.'
+  puts '       Please download the config file from the tCell dashboard'
   unless File.directory?(CONFIG_DIR)
     print "Directory 'config' not found, create? [Y/n]"
     answer = yesno
     print "\n"
     unless answer
-      puts 'ERROR: Could not create config'
+      puts '[ERROR] Could not create config'
       Kernel.exit(1)
     end
     FileUtils.mkdir_p CONFIG_DIR
@@ -116,9 +81,9 @@ if command == 'setup'
     end
   end
   print 'Enter your API Key (ie gAABAAAA...): '
-  api_key = STDIN.gets.chomp
+  api_key = $stdin.gets.chomp
   print 'Enter your App ID (ie MyApp-Fdk4j): '
-  app_id = STDIN.gets.chomp
+  app_id = $stdin.gets.chomp
   config_hash = {
     'version' => 1,
     'applications' => [
@@ -132,6 +97,7 @@ if command == 'setup'
   puts 'done.'
 
 elsif command == 'loglevel'
+  puts '[WARN] tcell_agent loglevel is deprecated and will be removed in the future.'
   file = File.read(CONFIG_FILE)
   config_hash = JSON.parse(file)
   logging_options = config_hash['applications'][0].fetch('logging_options', {})
@@ -158,6 +124,7 @@ elsif command == 'loglevel'
   puts 'done.'
 
 elsif command == 'preload'
+  puts '[WARN] tcell_agent preload is deprecated and will be removed in the future.'
   file = File.read(CONFIG_FILE)
   config_hash = JSON.parse(file)
 
@@ -175,6 +142,7 @@ elsif command == 'preload'
   puts 'done.'
 
 elsif command == 'enable'
+  puts '[WARN] tcell_agent enable is deprecated and will be removed in the future.'
   file = File.read(CONFIG_FILE)
   config_hash = JSON.parse(file)
   config_hash['applications'][0].delete('enabled')
@@ -182,6 +150,7 @@ elsif command == 'enable'
   puts 'Enabled, you will need to restart the server.'
 
 elsif command == 'disable'
+  puts '[WARN] tcell_agent disable is deprecated and will be removed in the future.'
   file = File.read(CONFIG_FILE)
   config_hash = JSON.parse(file)
   config_hash['applications'][0]['enabled'] = false
@@ -189,6 +158,7 @@ elsif command == 'disable'
   puts 'Disabled, you will need to restart the server.'
 
 elsif command == 'demomode'
+  puts '[WARN] tcell_agent demomode is deprecated and will be removed in the future.'
   file = File.read(CONFIG_FILE)
   config_hash = JSON.parse(file)
   if options[:off] == true
@@ -200,104 +170,25 @@ elsif command == 'demomode'
   puts 'done.'
 
 elsif command == 'test'
-  puts
-  printf '%-50s', 'Config file exists... '
-  unless File.exist?(CONFIG_FILE)
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Config valid json... '
-  file = File.read(CONFIG_FILE)
-  config_hash = JSON.parse(file)
-  puts 'passed'
-
-  printf '%-50s', 'Config file has valid version... '
-  if config_hash.fetch('version') != 1
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Config file has application...'
-  if config_hash.fetch('applications').empty?
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Application has app_id... '
-  tcell_application = config_hash.fetch('applications')[0]
-  if !tcell_application.key?('app_id') && !ENV['TCELL_AGENT_APP_ID']
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Application has api_key... '
-  tcell_application = config_hash.fetch('applications')[0]
-  if !tcell_application.key?('api_key') && !ENV['TCELL_AGENT_API_KEY']
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Check for unknown settings... '
-  require 'tcell_agent/config/unknown_options'
-  messages = TCellAgent::Config::Validate.get_unknown_options(config_hash)
-  unless messages.empty?
-    puts 'failed'
-    messages.each do |message|
-      puts message
+  Dir["#{Dir.pwd}/config/initializers/*.rb"].sort.each do |f|
+    begin
+      require f
+    rescue NameError
+      # do nothing
+    rescue StandardError => e
+      puts "[ERROR] Loading initializers failed. #{e}"
     end
-    Kernel.exit(1)
   end
-  puts 'passed'
 
-  printf '%-50s', 'Requiring configuration library... '
-  require 'tcell_agent/configuration'
-  puts 'passed'
-
-  printf '%-50s', 'Loading native library... '
   require 'tcell_agent/rust/native_library'
   unless TCellAgent::Rust::NativeLibrary.common_lib_available?
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Make test API call for policies... '
-  require 'tcell_agent/rust/native_agent'
-  errors = TCellAgent::Rust::NativeAgent.test_policies
-  if !errors.empty?
-    puts 'failed'
-    puts errors
-    Kernel.exit(1)
-  else
-    puts 'passed'
+    puts '[ERROR] Native Library is unavailable'
+    return
   end
 
-  printf '%-50s', 'Sending a Test event... '
-  require 'tcell_agent/logger'
-  require 'tcell_agent/sensor_events/server_agent'
-  errors = TCellAgent::Rust::NativeAgent.test_event_sender(
-    [
-      TCellAgent::SensorEvents::ServerAgentDetailsLanguageEvent.new(
-        'Ruby',
-        RUBY_VERSION
-      )
-    ]
+  puts "tCell Ruby Agent Version #{TCellAgent::VERSION}"
+  TCellAgent::Rust::NativeAgent.test_agent(
+    TCellAgent.initializer_configuration ||
+    TCellAgent.configuration
   )
-  if !errors.empty?
-    puts 'failed'
-    puts errors
-    Kernel.exit(1)
-  else
-    puts 'passed'
-  end
-
-  puts
-  puts 'all tests passed, looks good.'
-  puts 'done.'
 end

data/lib/tcell_agent/agent.rb

@@ -24,93 +24,128 @@ module TCellAgent
     include TCellAgent::ModuleLoggerAccess
 
     attr_accessor :route_table,
-                  :stop_agent,
-                  :safe_to_check_cmdi
+                  :stop_agent
 
     def initialize
       @stop_agent = false
       @native_agent = nil
       @route_table = TCellAgent::Routes::RouteTable.new
-      @safe_to_check_cmdi = false
       @policies_manager = PoliciesManager.new(nil)
     end
 
-    def validate_config
-      if TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.api_key) ||
-         TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.app_id) ||
-         TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.tcell_input_url) ||
-         TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.tcell_api_url)
-        puts ' ********* ********* ********* *********'
-        puts '* tCell.io                               *'
-        puts '* Configuration info is missing, you may  *'
-        puts '* need to download config file and place *'
-        puts '* it in the config/ directory            *'
-        puts ' ********* ********* ********* *********'
-        TCellAgent.configuration.enabled = false
+    def instrument_auth_frameworks
+      if defined?(Devise) && TCellAgent.configuration.should_instrument?('devise')
+        module_logger.info('Instrumenting Devise authentication framework')
+        require 'tcell_agent/rails/auth/devise'
+        require 'tcell_agent/rails/auth/devise_helper'
+      end
+
+      if defined?(Authlogic) && TCellAgent.configuration.should_instrument?('authlogic')
+        module_logger.info('Instrumenting Authlogic authentication framework')
+        require 'tcell_agent/rails/auth/authlogic'
+        require 'tcell_agent/rails/auth/authlogic_helper'
+      end
+
+      if defined?(Doorkeeper) && TCellAgent.configuration.should_instrument?('doorkeeper') # rubocop:disable Style/GuardClause
+        module_logger.info('Instrumenting Doorkeeper authentication framework')
+        require 'tcell_agent/rails/auth/doorkeeper'
       end
     end
 
-    def start(server_name)
-      TCellAgent.thread_agent.validate_config
-      return unless TCellAgent.configuration.should_instrument?
+    def instrument_built_ins
+      require 'tcell_agent/instrumentation/cmdi'
+      require 'tcell_agent/instrumentation/lfi'
 
-      @native_agent = TCellAgent::Rust::NativeAgent.create_agent(
-        TCellAgent.configuration
-      )
-      if @native_agent.nil?
-        TCellAgent.configuration.enabled = false
-        return
+      variant = if RUBY_VERSION.start_with?('3')
+                  'ruby_3'
+                else
+                  'ruby_2'
+                end
+
+      if TCellAgent.configuration.should_instrument?('io')
+        module_logger.info('Instrumenting Ruby Class: IO')
+        require "tcell_agent/instrumentation/monkey_patches/#{variant}/io"
+      end
+
+      if TCellAgent.configuration.should_instrument?('file')
+        module_logger.info('Instrumenting Ruby Class: File')
+        require "tcell_agent/instrumentation/monkey_patches/#{variant}/file"
+      end
+
+      if TCellAgent.configuration.should_instrument?('kernel') # rubocop:disable Style/GuardClause
+        module_logger.info('Instrumenting Ruby Module: Kernel')
+        require "tcell_agent/instrumentation/monkey_patches/#{variant}/kernel"
       end
+    end
 
-      TCellAgent.native_agent = @native_agent
+    def manage_policies
       @policies_manager = PoliciesManager.new(@native_agent)
-      # if preload_policy_filename is used and policy polling is
-      # disabled, need to call poll policies to make sure
-      # ruby policies are in sync with native agent enablements
-      result = @native_agent.poll_new_policies
+
+      result = {}
+      unless TCellAgent.configuration.should_start_policy_poll?
+        result = @native_agent.poll_new_policies
+      end
+
       policies_and_enablements = result['new_policies_and_enablements'] || {}
+
       @policies_manager.process_policy_json(
         policies_and_enablements['enablements'],
         policies_and_enablements['policies']
       )
 
       @policy_polling = PolicyPolling.new(@policies_manager, @native_agent)
-
-      module_logger.info("Starting thread agent: #{server_name}")
-
-      @safe_to_check_cmdi = true
-
-      TCellAgent.report_settings
-      TCellAgent::Instrumentation::Rails.send_framework_info
-      TCellAgent::Instrumentation::Rails.send_settings
-    rescue StandardError => standard_error
-      TCellAgent.configuration.enabled = false
-      module_logger.error("Error starting agent: (#{standard_error.class}) #{standard_error.message}")
-      module_logger.exception(standard_error)
     end
 
     def policies
       @policies_manager.policies
     end
 
+    def queue_sensor_event(event)
+      return unless @native_agent
+
+      @native_agent.send_sanitized_events(
+        [event]
+      )
+    rescue StandardError => e
+      module_logger.error("Error sending event: (#{e.class}) #{e.message}")
+      module_logger.exception(e)
+    end
+
     def report_metrics(request_time, tcell_context)
       @native_agent.report_metrics(
         request_time, tcell_context
       )
-    rescue StandardError => standard_error
-      module_logger.error("Error reporting metric: (#{standard_error.class}) #{standard_error.message}")
-      module_logger.exception(standard_error)
+    rescue StandardError => e
+      module_logger.error("Error reporting metric: (#{e.class}) #{e.message}")
+      module_logger.exception(e)
     end
 
-    def queue_sensor_event(event)
-      return unless @native_agent
-
-      @native_agent.send_sanitized_events(
-        [event]
+    def start(server_name)
+      @native_agent = TCellAgent::Rust::NativeAgent.create_agent(
+        TCellAgent.initializer_configuration ||
+        TCellAgent.configuration
       )
-    rescue StandardError => standard_error
-      module_logger.error("Error sending event: (#{standard_error.class}) #{standard_error.message}")
-      module_logger.exception(standard_error)
+
+      if @native_agent.nil?
+        TCellAgent.configuration.enabled = false
+        return
+      end
+
+      TCellAgent.native_logger = @native_agent
+
+      module_logger.info('Rails initializer overriding default agent configuration') unless TCellAgent.initializer_configuration.nil?
+
+      instrument_auth_frameworks
+      instrument_built_ins
+      manage_policies
+
+      module_logger.info("Started thread agent: #{server_name}")
+      TCellAgent.report_settings
+      TCellAgent::Instrumentation::Rails.send_settings
+    rescue StandardError => e
+      TCellAgent.configuration.enabled = false
+      module_logger.error("Error starting agent: (#{e.class}) #{e.message}")
+      module_logger.exception(e)
     end
   end
 end

data/lib/tcell_agent/config_initializer.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module TCellAgent
+  class ConfigInitializer < Configuration
+    # Common config shared across agents
+    attr_accessor :app_id, :api_key, :tcell_api_url,
+                  :tcell_input_url, :log_dir, :fetch_policies_from_tcell,
+                  :preload_policy_filename, :reverse_proxy,
+                  :reverse_proxy_ip_address_header, :host_identifier,
+                  :hmac_key, :password_hmac_key,
+                  :js_agent_url, :js_agent_api_base_url,
+                  :max_csp_header_bytes, :allow_payloads,
+                  :proxy_url, :proxy_username, :proxy_password
+
+    attr_reader :logging_options
+
+    # Ruby only config
+    attr_accessor :disable_all, :enabled, :enable_event_manager,
+                  :enable_policy_polling,
+                  :data_exposure
+
+    attr_reader :instrument_for_events,
+                :enable_instrumentation
+
+    # New config
+    attr_accessor :disabled_instrumentation, :instrument
+
+    def initialize
+      # ruby agent defaults
+      @logging_options = {}
+    end
+
+    def logging_options=(hash)
+      @logging_options = hash.each_with_object({}) do |(key, val), memo|
+        memo[key.to_sym] = val
+      end
+    end
+
+    # legacy config mapping
+    def enabled_instrumentations=(hash)
+      @disabled_instrumentation ||= []
+      hash.each do |key, val|
+        @disabled_instrumentation << key.to_s.strip.downcase unless TCellAgent.configuration.to_bool(val)
+      end
+    end
+
+    def agent_log_dir=(path)
+      @log_dir = path
+    end
+
+    def instrument_for_events=(bool)
+      @instrument = bool
+    end
+
+    def enable_instrumentation=(bool)
+      @instrument = bool
+    end
+
+    def enable_intercept_requests=(bool)
+      @disabled_instrumentation << 'intercept_requests' unless TCellAgent.configuration.to_bool(bool)
+    end
+  end
+end