tcell_agent 2.0.0 → 2.5.0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tcell_agent
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.5.0
 platform: ruby
 authors:
-- Rafael
+- Rapid7, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-02-04 00:00:00.000000000 Z
+date: 2021-09-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -94,10 +94,8 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: This agent allows users to use the tCell.io service with their Rails
-  app.
-email:
-- rafael@tcell.io
+description: This agent allows users to use the tCell service with their Rails app.
+email: 
 executables:
 - tcell_agent
 extensions: []
@@ -105,24 +103,24 @@ extra_rdoc_files: []
 files:
 - LICENSE
 - README.md
-- Rakefile
 - bin/tcell_agent
 - lib/tcell_agent.rb
 - lib/tcell_agent/agent.rb
 - lib/tcell_agent/agent/route_manager.rb
 - lib/tcell_agent/agent/static_agent.rb
-- lib/tcell_agent/authlogic.rb
-- lib/tcell_agent/config/unknown_options.rb
+- lib/tcell_agent/config_initializer.rb
 - lib/tcell_agent/configuration.rb
-- lib/tcell_agent/devise.rb
 - lib/tcell_agent/hooks/login_fraud.rb
 - lib/tcell_agent/instrument_servers.rb
 - lib/tcell_agent/instrumentation.rb
 - lib/tcell_agent/instrumentation/cmdi.rb
 - lib/tcell_agent/instrumentation/lfi.rb
-- lib/tcell_agent/instrumentation/monkey_patches/file.rb
-- lib/tcell_agent/instrumentation/monkey_patches/io.rb
-- lib/tcell_agent/instrumentation/monkey_patches/kernel.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_2/file.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_2/io.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_2/kernel.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_3/file.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_3/io.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_3/kernel.rb
 - lib/tcell_agent/logger.rb
 - lib/tcell_agent/patches.rb
 - lib/tcell_agent/policies/appfirewall_policy.rb
@@ -140,8 +138,11 @@ files:
 - lib/tcell_agent/policies/policy_types.rb
 - lib/tcell_agent/policies/system_enablements.rb
 - lib/tcell_agent/rails/auth/authlogic.rb
+- lib/tcell_agent/rails/auth/authlogic_helper.rb
 - lib/tcell_agent/rails/auth/devise.rb
+- lib/tcell_agent/rails/auth/devise_helper.rb
 - lib/tcell_agent/rails/auth/doorkeeper.rb
+- lib/tcell_agent/rails/auth/userinfo.rb
 - lib/tcell_agent/rails/better_ip.rb
 - lib/tcell_agent/rails/csrf_exception.rb
 - lib/tcell_agent/rails/dlp.rb
@@ -152,24 +153,24 @@ files:
 - lib/tcell_agent/rails/middleware/context_middleware.rb
 - lib/tcell_agent/rails/middleware/global_middleware.rb
 - lib/tcell_agent/rails/middleware/headers_middleware.rb
-- lib/tcell_agent/rails/on_start.rb
+- lib/tcell_agent/rails/railties/tcell_agent_railties.rb
+- lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb
 - lib/tcell_agent/rails/responses.rb
 - lib/tcell_agent/rails/routes.rb
 - lib/tcell_agent/rails/routes/grape.rb
 - lib/tcell_agent/rails/routes/route_id.rb
 - lib/tcell_agent/rails/settings_reporter.rb
-- lib/tcell_agent/rails/start_agent_after_initializers.rb
 - lib/tcell_agent/rails/tcell_body_proxy.rb
 - lib/tcell_agent/routes/table.rb
 - lib/tcell_agent/rust/agent_config.rb
-- lib/tcell_agent/rust/libtcellagent-4.14.0.dylib
-- lib/tcell_agent/rust/libtcellagent-4.14.0.so
-- lib/tcell_agent/rust/libtcellagent-alpine-4.14.0.so
+- lib/tcell_agent/rust/libtcellagent-alpine.so
+- lib/tcell_agent/rust/libtcellagent-x64.dll
+- lib/tcell_agent/rust/libtcellagent.dylib
+- lib/tcell_agent/rust/libtcellagent.so
 - lib/tcell_agent/rust/models.rb
 - lib/tcell_agent/rust/native_agent.rb
 - lib/tcell_agent/rust/native_agent_response.rb
 - lib/tcell_agent/rust/native_library.rb
-- lib/tcell_agent/rust/tcellagent-4.14.0.dll
 - lib/tcell_agent/sensor_events/agent_setting_event.rb
 - lib/tcell_agent/sensor_events/app_config_setting_event.rb
 - lib/tcell_agent/sensor_events/discovery.rb
@@ -180,6 +181,7 @@ files:
 - lib/tcell_agent/sensor_events/util/utils.rb
 - lib/tcell_agent/servers/passenger.rb
 - lib/tcell_agent/servers/puma.rb
+- lib/tcell_agent/servers/rack_puma_handler.rb
 - lib/tcell_agent/servers/rails_server.rb
 - lib/tcell_agent/servers/thin.rb
 - lib/tcell_agent/servers/unicorn.rb
@@ -187,17 +189,17 @@ files:
 - lib/tcell_agent/settings_reporter.rb
 - lib/tcell_agent/sinatra.rb
 - lib/tcell_agent/tcell_context.rb
-- lib/tcell_agent/userinfo.rb
 - lib/tcell_agent/utils/headers.rb
 - lib/tcell_agent/utils/params.rb
 - lib/tcell_agent/utils/strings.rb
 - lib/tcell_agent/version.rb
-- spec/lib/tcell_agent/cmdi_spec.rb
-- spec/lib/tcell_agent/config/unknown_options_spec.rb
+- spec/cruby_spec_helper.rb
 - spec/lib/tcell_agent/configuration_spec.rb
 - spec/lib/tcell_agent/hooks/login_fraud_spec.rb
+- spec/lib/tcell_agent/instrument_servers_spec.rb
 - spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb
 - spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb
+- spec/lib/tcell_agent/instrumentation/cmdi_spec.rb
 - spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb
 - spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb
 - spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb
@@ -226,6 +228,7 @@ files:
 - spec/lib/tcell_agent/rails/routes/route_id_spec.rb
 - spec/lib/tcell_agent/rails/routes/routes_spec.rb
 - spec/lib/tcell_agent/rails_spec.rb
+- spec/lib/tcell_agent/rust/agent_config_spec.rb
 - spec/lib/tcell_agent/sensor_events/dlp_spec.rb
 - spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
 - spec/lib/tcell_agent/settings_reporter_spec.rb
@@ -238,11 +241,17 @@ files:
 - spec/support/middleware_helper.rb
 - spec/support/resources/lfi_sample_file.txt
 - spec/support/resources/normal_config.json
+- spec/support/server_mocks/passenger_mock.rb
+- spec/support/server_mocks/puma_mock.rb
+- spec/support/server_mocks/rails_mock.rb
+- spec/support/server_mocks/thin_mock.rb
+- spec/support/server_mocks/unicorn_mock.rb
+- spec/support/shared_spec.rb
 - spec/support/static_agent_overrides.rb
 - tcell_agent.gemspec
-homepage: https://www.tcell.io
+homepage: https://www.rapid7.com/tcell
 licenses:
-- Copyright (c) 2017 tCell.io (see LICENSE file)
+- Copyright (c) 2020 Rapid7, Inc. (see LICENSE file)
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -261,17 +270,18 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.2.22
 signing_key: 
 specification_version: 4
-summary: tCell.io Agent for Rails
+summary: tCell Agent for Rails
 test_files:
-- spec/lib/tcell_agent/cmdi_spec.rb
-- spec/lib/tcell_agent/config/unknown_options_spec.rb
+- spec/cruby_spec_helper.rb
 - spec/lib/tcell_agent/configuration_spec.rb
 - spec/lib/tcell_agent/hooks/login_fraud_spec.rb
+- spec/lib/tcell_agent/instrument_servers_spec.rb
 - spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb
 - spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb
+- spec/lib/tcell_agent/instrumentation/cmdi_spec.rb
 - spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb
 - spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb
 - spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb
@@ -300,6 +310,7 @@ test_files:
 - spec/lib/tcell_agent/rails/routes/route_id_spec.rb
 - spec/lib/tcell_agent/rails/routes/routes_spec.rb
 - spec/lib/tcell_agent/rails_spec.rb
+- spec/lib/tcell_agent/rust/agent_config_spec.rb
 - spec/lib/tcell_agent/sensor_events/dlp_spec.rb
 - spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
 - spec/lib/tcell_agent/settings_reporter_spec.rb
@@ -312,4 +323,10 @@ test_files:
 - spec/support/middleware_helper.rb
 - spec/support/resources/lfi_sample_file.txt
 - spec/support/resources/normal_config.json
+- spec/support/server_mocks/passenger_mock.rb
+- spec/support/server_mocks/puma_mock.rb
+- spec/support/server_mocks/rails_mock.rb
+- spec/support/server_mocks/thin_mock.rb
+- spec/support/server_mocks/unicorn_mock.rb
+- spec/support/shared_spec.rb
 - spec/support/static_agent_overrides.rb

data/Rakefile

@@ -1,18 +0,0 @@
-require 'rspec/core/rake_task'
-
-RSpec::Core::RakeTask.new(:spec)
-
-desc 'Run tests'
-task :default => [:spec]
-task :test => :spec
-
-task 'init-integration-tests' do
-  system('docker-compose run railsintegration224 bundle install')
-  system('docker-compose run railsintegration224 bundle exec rake db:create db:setup')
-  system('docker-compose stop')
-end
-
-task 'integration-test' do
-  system('docker-compose up railsintegration224')
-  system('docker-compose stop')
-end

data/lib/tcell_agent/authlogic.rb

@@ -1,23 +0,0 @@
-if TCellAgent.configuration.should_instrument_authlogic? && defined?(Authlogic)
-
-  require 'tcell_agent/userinfo'
-
-  module TCellAgent
-    TCellAgent::UserInformation.class_eval do
-      class << self
-        alias_method :original_get_user_from_request, :get_user_from_request
-        def get_user_from_request(request)
-          orig_user_id = original_get_user_from_request(request)
-          begin
-            if request.session && request.session.key?('user_credentials_id')
-              return request.session['user_credentials_id'].to_s
-            end
-          rescue StandardError
-            return orig_user_id
-          end
-          orig_user_id
-        end
-      end
-    end
-  end
-end

data/lib/tcell_agent/config/unknown_options.rb

@@ -1,119 +0,0 @@
-require 'set'
-
-module TCellAgent
-  module Config
-    module Validate
-      def self.get_unknown_options(config_json)
-        messages = []
-
-        known_tcell_env_vars = Set.new(
-          [
-            'TCELL_AGENT_SERVER', # this is only meant for specs
-            'TCELL_AGENT_APP_ID',
-            'TCELL_AGENT_API_KEY',
-            'TCELL_HMAC_KEY',
-            'TCELL_PASSWORD_HMAC_KEY',
-            'TCELL_AGENT_HOST_IDENTIFIER',
-            'TCELL_API_URL',
-            'TCELL_INPUT_URL',
-            'TCELL_DEMOMODE',
-            'TCELL_AGENT_HOME',
-            'TCELL_AGENT_LOG_DIR',
-            'TCELL_AGENT_CONFIG',
-            'TCELL_AGENT_ALLOW_PAYLOADS',
-            'TCELL_AGENT_LOG_LEVEL',
-            'TCELL_AGENT_LOG_FILENAME',
-            'TCELL_AGENT_LOG_ENABLED'
-          ]
-        )
-
-        ENV.keys.each do |environment_key|
-          if environment_key =~ /^TCELL_/ && !known_tcell_env_vars.include?(environment_key)
-            messages << "Unrecognized environment parameter (TCELL_*) found: #{environment_key}"
-          end
-        end
-
-        begin
-          key_differences = []
-
-          if config_json
-            first_level_keys = %w[version applications]
-
-            key_differences = config_json.keys - first_level_keys
-
-            applications = config_json.fetch('applications', nil)
-            if applications
-
-              if applications.size > 1
-                messages << 'Multiple applications detected in config file'
-
-              elsif applications.size == 1
-                application = applications[0]
-
-                second_level_keys = %w[
-                  name
-                  app_id
-                  api_key
-                  fetch_policies_from_tcell
-                  preload_policy_filename
-                  log_dir
-                  tcell_api_url
-                  tcell_input_url
-                  host_identifier
-                  hipaaSafeMode
-                  hmac_key
-                  password_hmac_key
-                  js_agent_api_base_url
-                  js_agent_url
-                  max_csp_header_bytes
-                  event_batch_size_limit
-                  allow_payloads
-                  reverse_proxy
-                  reverse_proxy_ip_address_header
-                  demomode
-                  logging_options
-                  data_exposure
-                  disable_all
-                  enabled
-                  enable_event_manager
-                  enable_policy_polling
-                  enable_instrumentation
-                  enable_intercept_requests
-                  instrument_for_events
-                  enabled_instrumentations
-                  stdout_logger
-                ]
-
-                key_differences += (application.keys - second_level_keys)
-
-                if application.fetch('logging_options', nil)
-                  logging_options = application['logging_options']
-                  key_differences += (logging_options.keys - %w[enabled level filename])
-                end
-
-                if application.fetch('data_exposure', nil)
-                  data_exposure = application['data_exposure']
-                  key_differences += (data_exposure.keys - ['max_data_ex_db_records_per_request'])
-                end
-
-                if application.fetch('enabled_instrumentations', nil)
-                  enabled_instrumentations = application['enabled_instrumentations']
-                  key_differences += (enabled_instrumentations.keys - %w[doorkeeper devise authlogic])
-                end
-              end
-            end
-
-            key_differences.each do |key|
-              messages << "Unrecognized config setting key: #{key}"
-            end
-
-          end
-        rescue StandardError => exception
-          messages << "Something went wrong verifying config file: #{exception}"
-        end
-
-        messages
-      end
-    end
-  end
-end

data/lib/tcell_agent/devise.rb

@@ -1,33 +0,0 @@
-if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
-  require 'devise'
-  require 'devise/rails'
-  require 'devise/strategies/database_authenticatable'
-  require 'tcell_agent/userinfo'
-
-  module TCellAgent
-    if defined?(Devise)
-      TCellAgent::UserInformation.class_eval do
-        class << self
-          alias_method :original_get_user_from_request, :get_user_from_request
-          def get_user_from_request(request)
-            orig_user_id = original_get_user_from_request(request)
-            begin
-              if request.session && request.session.key?('warden.user.user.key')
-                userkey = request.session['warden.user.user.key']
-                user_id = if userkey.length == 2
-                            userkey[0][0]
-                          else
-                            userkey[1][0]
-                          end
-                return user_id.to_s if user_id.is_a? Integer
-              end
-            rescue StandardError
-              return orig_user_id
-            end
-            orig_user_id
-          end
-        end
-      end
-    end
-  end
-end

data/lib/tcell_agent/instrumentation/monkey_patches/file.rb

@@ -1,25 +0,0 @@
-class File
-  class << self
-    alias_method :tcell_original_new, :new
-    def new(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_new(*args, &block)
-    end
-
-    alias_method :tcell_original_open, :open
-    def open(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_open(*args, &block)
-    end
-  end
-end

data/lib/tcell_agent/instrumentation/monkey_patches/io.rb

@@ -1,123 +0,0 @@
-class IO
-  class << self
-    alias_method :tcell_original_binread, :binread
-    def binread(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if path && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-      cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-      if cmd && TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-
-      tcell_original_binread(*args, &block)
-    end
-
-    alias_method :tcell_original_binwrite, :binwrite
-    def binwrite(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Write'
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_binwrite(*args, &block)
-    end
-
-    alias_method :tcell_original_foreach, :foreach
-    def foreach(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_foreach(*args, &block)
-    end
-
-    alias_method :tcell_original_popen, :popen
-    def popen(*args, &block)
-      unless args.empty?
-        cmd = ''
-
-        TCellAgent::Instrumentation.safe_block('CMDI Parsing popen *args') do
-          args_copy = Array.new(args)
-          args_copy.shift if args_copy.first.is_a?(Hash)
-          args_copy.pop if args_copy.last.is_a?(Hash)
-
-          cmd = if args_copy.first.is_a?(String)
-                  args_copy.shift
-                else
-                  TCellAgent::Cmdi.parse_command(*args_copy.shift)
-                end
-        end
-
-        if TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-
-      tcell_original_popen(*args, &block)
-    end
-
-    alias_method :tcell_original_read, :read
-    def read(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-
-      if path && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-      if cmd && TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-      tcell_original_read(*args, &block)
-    end
-
-    alias_method :tcell_original_readlines, :readlines
-    def readlines(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-
-      if path && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-      if cmd && TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-
-      tcell_original_readlines(*args, &block)
-    end
-
-    alias_method :tcell_original_sysopen, :sysopen
-    def sysopen(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_sysopen(*args, &block)
-    end
-
-    alias_method :tcell_original_write, :write
-    def write(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Write'
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_write(*args, &block)
-    end
-  end
-end