tcell_agent 2.0.0 → 2.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +2 -2
- data/bin/tcell_agent +41 -150
- data/lib/tcell_agent/agent.rb +87 -52
- data/lib/tcell_agent/config_initializer.rb +63 -0
- data/lib/tcell_agent/configuration.rb +72 -267
- data/lib/tcell_agent/hooks/login_fraud.rb +1 -1
- data/lib/tcell_agent/instrument_servers.rb +14 -18
- data/lib/tcell_agent/instrumentation/cmdi.rb +47 -15
- data/lib/tcell_agent/instrumentation/lfi.rb +72 -15
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/file.rb +21 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/io.rb +75 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/kernel.rb +80 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/file.rb +21 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/io.rb +75 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/kernel.rb +80 -0
- data/lib/tcell_agent/instrumentation.rb +14 -6
- data/lib/tcell_agent/logger.rb +3 -4
- data/lib/tcell_agent/policies/command_injection_policy.rb +1 -1
- data/lib/tcell_agent/policies/dataloss_policy.rb +15 -8
- data/lib/tcell_agent/policies/headers_policy.rb +2 -2
- data/lib/tcell_agent/policies/patches_policy.rb +8 -4
- data/lib/tcell_agent/policies/policies_manager.rb +1 -0
- data/lib/tcell_agent/policies/policy_polling.rb +4 -3
- data/lib/tcell_agent/rails/auth/authlogic.rb +49 -44
- data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
- data/lib/tcell_agent/rails/auth/devise.rb +103 -102
- data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +54 -57
- data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
- data/lib/tcell_agent/rails/better_ip.rb +7 -19
- data/lib/tcell_agent/rails/csrf_exception.rb +0 -8
- data/lib/tcell_agent/rails/dlp/process_request.rb +5 -0
- data/lib/tcell_agent/rails/dlp.rb +58 -56
- data/lib/tcell_agent/rails/dlp_handler.rb +9 -10
- data/lib/tcell_agent/rails/js_agent_insert.rb +2 -3
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -1
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +3 -4
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +1 -0
- data/lib/tcell_agent/rails/{on_start.rb → railties/tcell_agent_railties.rb} +9 -16
- data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
- data/lib/tcell_agent/rails/routes/grape.rb +5 -12
- data/lib/tcell_agent/rails/routes.rb +6 -9
- data/lib/tcell_agent/rails/settings_reporter.rb +3 -6
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +4 -7
- data/lib/tcell_agent/routes/table.rb +3 -0
- data/lib/tcell_agent/rust/agent_config.rb +62 -33
- data/lib/tcell_agent/rust/{libtcellagent-4.14.0.so → libtcellagent-alpine.so} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-4.14.0.dylib → libtcellagent-x64.dll} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-4.14.0.so → libtcellagent.dylib} +0 -0
- data/lib/tcell_agent/rust/libtcellagent.so +0 -0
- data/lib/tcell_agent/rust/models.rb +9 -0
- data/lib/tcell_agent/rust/native_agent.rb +61 -51
- data/lib/tcell_agent/rust/native_library.rb +8 -10
- data/lib/tcell_agent/sensor_events/server_agent.rb +3 -100
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +1 -0
- data/lib/tcell_agent/servers/puma.rb +30 -13
- data/lib/tcell_agent/servers/rack_puma_handler.rb +33 -0
- data/lib/tcell_agent/servers/rails_server.rb +4 -4
- data/lib/tcell_agent/servers/unicorn.rb +1 -1
- data/lib/tcell_agent/servers/webrick.rb +12 -3
- data/lib/tcell_agent/settings_reporter.rb +0 -93
- data/lib/tcell_agent/sinatra.rb +1 -0
- data/lib/tcell_agent/tcell_context.rb +16 -7
- data/lib/tcell_agent/utils/headers.rb +0 -1
- data/lib/tcell_agent/utils/strings.rb +2 -2
- data/lib/tcell_agent/version.rb +1 -1
- data/lib/tcell_agent.rb +8 -16
- data/spec/cruby_spec_helper.rb +26 -0
- data/spec/lib/tcell_agent/configuration_spec.rb +62 -212
- data/spec/lib/tcell_agent/instrument_servers_spec.rb +95 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +2 -2
- data/spec/lib/tcell_agent/{cmdi_spec.rb → instrumentation/cmdi_spec.rb} +50 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +211 -272
- data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +213 -223
- data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +95 -61
- data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +120 -2
- data/spec/lib/tcell_agent/patches_spec.rb +2 -1
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +1 -2
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +5 -6
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +21 -2
- data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +1 -1
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +13 -8
- data/spec/lib/tcell_agent/rails/better_ip_spec.rb +9 -11
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +6 -6
- data/spec/lib/tcell_agent/rails/dlp_spec.rb +1 -0
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +10 -2
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +2 -1
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +4 -4
- data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +2 -89
- data/spec/lib/tcell_agent/tcell_context_spec.rb +6 -5
- data/spec/spec_helper.rb +9 -1
- data/spec/support/builders.rb +8 -7
- data/spec/support/server_mocks/passenger_mock.rb +7 -0
- data/spec/support/server_mocks/puma_mock.rb +21 -0
- data/spec/support/server_mocks/rails_mock.rb +7 -0
- data/spec/support/server_mocks/thin_mock.rb +7 -0
- data/spec/support/server_mocks/unicorn_mock.rb +11 -0
- data/spec/support/shared_spec.rb +29 -0
- data/tcell_agent.gemspec +14 -14
- metadata +46 -29
- data/Rakefile +0 -18
- data/lib/tcell_agent/authlogic.rb +0 -23
- data/lib/tcell_agent/config/unknown_options.rb +0 -119
- data/lib/tcell_agent/devise.rb +0 -33
- data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +0 -25
- data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +0 -123
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +0 -159
- data/lib/tcell_agent/rails/start_agent_after_initializers.rb +0 -12
- data/lib/tcell_agent/rust/tcellagent-4.14.0.dll +0 -0
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -195
@@ -0,0 +1,75 @@
|
|
1
|
+
class IO
|
2
|
+
class << self
|
3
|
+
if TCellAgent.configuration.should_instrument?('IO::binread')
|
4
|
+
alias_method :tcell_original_binread, :binread
|
5
|
+
def binread(*args, &block)
|
6
|
+
TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args)
|
7
|
+
|
8
|
+
tcell_original_binread(*args, &block)
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
if TCellAgent.configuration.should_instrument?('IO::binwrite')
|
13
|
+
alias_method :tcell_original_binwrite, :binwrite
|
14
|
+
def binwrite(*args, &block)
|
15
|
+
TCellAgent::Instrumentation::Lfi.default_open_handler(args, 'Write')
|
16
|
+
|
17
|
+
tcell_original_binwrite(*args, &block)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
if TCellAgent.configuration.should_instrument?('IO::foreach')
|
22
|
+
alias_method :tcell_original_foreach, :foreach
|
23
|
+
def foreach(*args, &block)
|
24
|
+
TCellAgent::Instrumentation::Lfi.default_open_handler(args, 'Read')
|
25
|
+
|
26
|
+
tcell_original_foreach(*args, &block)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
if TCellAgent.configuration.should_instrument?('IO::popen')
|
31
|
+
alias_method :tcell_original_popen, :popen
|
32
|
+
def popen(*args, &block)
|
33
|
+
TCellAgent::Cmdi.popen_cmdi_handler(args)
|
34
|
+
|
35
|
+
tcell_original_popen(*args, &block)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
if TCellAgent.configuration.should_instrument?('IO::read')
|
40
|
+
alias_method :tcell_original_read, :read
|
41
|
+
def read(*args, &block)
|
42
|
+
TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args, 'Read')
|
43
|
+
|
44
|
+
tcell_original_read(*args, &block)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
if TCellAgent.configuration.should_instrument?('IO::readlines')
|
49
|
+
alias_method :tcell_original_readlines, :readlines
|
50
|
+
def readlines(*args, &block)
|
51
|
+
TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args, 'Read')
|
52
|
+
|
53
|
+
tcell_original_readlines(*args, &block)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
if TCellAgent.configuration.should_instrument?('IO::sysopen')
|
58
|
+
alias_method :tcell_original_sysopen, :sysopen
|
59
|
+
def sysopen(*args, &block)
|
60
|
+
TCellAgent::Instrumentation::Lfi.default_open_handler(args)
|
61
|
+
|
62
|
+
tcell_original_sysopen(*args, &block)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
if TCellAgent.configuration.should_instrument?('IO::write')
|
67
|
+
alias_method :tcell_original_write, :write
|
68
|
+
def write(*args, &block)
|
69
|
+
TCellAgent::Instrumentation::Lfi.default_open_handler(args, 'Write')
|
70
|
+
|
71
|
+
tcell_original_write(*args, &block)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
module Kernel
|
2
|
+
private
|
3
|
+
|
4
|
+
if TCellAgent.configuration.should_instrument?('Kernel#`')
|
5
|
+
alias_method :tcell_original_backtick, :`
|
6
|
+
def `(cmd)
|
7
|
+
TCellAgent::Cmdi.raise_if_block(cmd)
|
8
|
+
|
9
|
+
tcell_original_backtick(cmd)
|
10
|
+
end
|
11
|
+
|
12
|
+
module_function :`
|
13
|
+
end
|
14
|
+
|
15
|
+
if TCellAgent.configuration.should_instrument?('Kernel#exec')
|
16
|
+
alias_method :tcell_original_exec, :exec
|
17
|
+
def exec(*args)
|
18
|
+
TCellAgent::Cmdi.default_cmdi_handler(args)
|
19
|
+
|
20
|
+
tcell_original_exec(*args)
|
21
|
+
end
|
22
|
+
|
23
|
+
module_function :exec
|
24
|
+
end
|
25
|
+
|
26
|
+
if TCellAgent.configuration.should_instrument?('Kernel#gets')
|
27
|
+
alias_method :tcell_original_gets, :gets
|
28
|
+
def gets(*args, &block)
|
29
|
+
TCellAgent::Instrumentation::Lfi.argf_open_handler
|
30
|
+
|
31
|
+
tcell_original_gets(*args, &block)
|
32
|
+
end
|
33
|
+
|
34
|
+
module_function :gets
|
35
|
+
end
|
36
|
+
|
37
|
+
if TCellAgent.configuration.should_instrument?('Kernel#open')
|
38
|
+
alias_method :tcell_original_open, :open
|
39
|
+
def open(*args, &block)
|
40
|
+
TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args)
|
41
|
+
|
42
|
+
tcell_original_open(*args, &block)
|
43
|
+
end
|
44
|
+
|
45
|
+
module_function :open
|
46
|
+
end
|
47
|
+
|
48
|
+
if TCellAgent.configuration.should_instrument?('Kernel#readline')
|
49
|
+
alias_method :tcell_original_readline, :readline
|
50
|
+
def readline(*args, &block)
|
51
|
+
TCellAgent::Instrumentation::Lfi.argf_open_handler
|
52
|
+
|
53
|
+
tcell_original_readline(*args, &block)
|
54
|
+
end
|
55
|
+
|
56
|
+
module_function :readline
|
57
|
+
end
|
58
|
+
|
59
|
+
if TCellAgent.configuration.should_instrument?('Kernel#spawn')
|
60
|
+
alias_method :tcell_original_spawn, :spawn
|
61
|
+
def spawn(*args)
|
62
|
+
TCellAgent::Cmdi.default_cmdi_handler(args)
|
63
|
+
|
64
|
+
tcell_original_spawn(*args)
|
65
|
+
end
|
66
|
+
|
67
|
+
module_function :spawn
|
68
|
+
end
|
69
|
+
|
70
|
+
if TCellAgent.configuration.should_instrument?('Kernel#system')
|
71
|
+
alias_method :tcell_original_system, :system
|
72
|
+
def system(*args)
|
73
|
+
TCellAgent::Cmdi.default_cmdi_handler(args)
|
74
|
+
|
75
|
+
tcell_original_system(*args)
|
76
|
+
end
|
77
|
+
|
78
|
+
module_function :system
|
79
|
+
end
|
80
|
+
end
|
@@ -0,0 +1,21 @@
|
|
1
|
+
class File
|
2
|
+
class << self
|
3
|
+
if TCellAgent.configuration.should_instrument?('File::new')
|
4
|
+
alias_method :tcell_original_new, :new
|
5
|
+
def new(*args, **kwargs, &block)
|
6
|
+
TCellAgent::Instrumentation::Lfi.default_open_handler(args)
|
7
|
+
|
8
|
+
tcell_original_new(*args, **kwargs, &block)
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
if TCellAgent.configuration.should_instrument?('File::open')
|
13
|
+
alias_method :tcell_original_open, :open
|
14
|
+
def open(*args, **kwargs, &block)
|
15
|
+
TCellAgent::Instrumentation::Lfi.default_open_handler(args)
|
16
|
+
|
17
|
+
tcell_original_open(*args, **kwargs, &block)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
class IO
|
2
|
+
class << self
|
3
|
+
if TCellAgent.configuration.should_instrument?('IO::binread')
|
4
|
+
alias_method :tcell_original_binread, :binread
|
5
|
+
def binread(*args, **kwargs, &block)
|
6
|
+
TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args)
|
7
|
+
|
8
|
+
tcell_original_binread(*args, **kwargs, &block)
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
12
|
+
if TCellAgent.configuration.should_instrument?('IO::binwrite')
|
13
|
+
alias_method :tcell_original_binwrite, :binwrite
|
14
|
+
def binwrite(*args, **kwargs, &block)
|
15
|
+
TCellAgent::Instrumentation::Lfi.default_open_handler(args, 'Write')
|
16
|
+
|
17
|
+
tcell_original_binwrite(*args, **kwargs, &block)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
if TCellAgent.configuration.should_instrument?('IO::foreach')
|
22
|
+
alias_method :tcell_original_foreach, :foreach
|
23
|
+
def foreach(*args, **kwargs, &block)
|
24
|
+
TCellAgent::Instrumentation::Lfi.default_open_handler(args, 'Read')
|
25
|
+
|
26
|
+
tcell_original_foreach(*args, **kwargs, &block)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
if TCellAgent.configuration.should_instrument?('IO::popen')
|
31
|
+
alias_method :tcell_original_popen, :popen
|
32
|
+
def popen(*args, **kwargs, &block)
|
33
|
+
TCellAgent::Cmdi.popen_cmdi_handler(args)
|
34
|
+
|
35
|
+
tcell_original_popen(*args, **kwargs, &block)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
if TCellAgent.configuration.should_instrument?('IO::read')
|
40
|
+
alias_method :tcell_original_read, :read
|
41
|
+
def read(*args, **kwargs, &block)
|
42
|
+
TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args, 'Read')
|
43
|
+
|
44
|
+
tcell_original_read(*args, **kwargs, &block)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
if TCellAgent.configuration.should_instrument?('IO::readlines')
|
49
|
+
alias_method :tcell_original_readlines, :readlines
|
50
|
+
def readlines(*args, **kwargs, &block)
|
51
|
+
TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args, 'Read')
|
52
|
+
|
53
|
+
tcell_original_readlines(*args, **kwargs, &block)
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
if TCellAgent.configuration.should_instrument?('IO::sysopen')
|
58
|
+
alias_method :tcell_original_sysopen, :sysopen
|
59
|
+
def sysopen(*args, **kwargs, &block)
|
60
|
+
TCellAgent::Instrumentation::Lfi.default_open_handler(args)
|
61
|
+
|
62
|
+
tcell_original_sysopen(*args, **kwargs, &block)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
if TCellAgent.configuration.should_instrument?('IO::write')
|
67
|
+
alias_method :tcell_original_write, :write
|
68
|
+
def write(*args, **kwargs, &block)
|
69
|
+
TCellAgent::Instrumentation::Lfi.default_open_handler(args, 'Write')
|
70
|
+
|
71
|
+
tcell_original_write(*args, **kwargs, &block)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
@@ -0,0 +1,80 @@
|
|
1
|
+
module Kernel
|
2
|
+
private
|
3
|
+
|
4
|
+
if TCellAgent.configuration.should_instrument?('Kernel#`')
|
5
|
+
alias_method :tcell_original_backtick, :`
|
6
|
+
def `(cmd)
|
7
|
+
TCellAgent::Cmdi.raise_if_block(cmd)
|
8
|
+
|
9
|
+
tcell_original_backtick(cmd)
|
10
|
+
end
|
11
|
+
|
12
|
+
module_function :`
|
13
|
+
end
|
14
|
+
|
15
|
+
if TCellAgent.configuration.should_instrument?('Kernel#exec')
|
16
|
+
alias_method :tcell_original_exec, :exec
|
17
|
+
def exec(*args)
|
18
|
+
TCellAgent::Cmdi.default_cmdi_handler(args)
|
19
|
+
|
20
|
+
tcell_original_exec(*args)
|
21
|
+
end
|
22
|
+
|
23
|
+
module_function :exec
|
24
|
+
end
|
25
|
+
|
26
|
+
if TCellAgent.configuration.should_instrument?('Kernel#gets')
|
27
|
+
alias_method :tcell_original_gets, :gets
|
28
|
+
def gets(*args, **kwargs, &block)
|
29
|
+
TCellAgent::Instrumentation::Lfi.argf_open_handler
|
30
|
+
|
31
|
+
tcell_original_gets(*args, **kwargs, &block)
|
32
|
+
end
|
33
|
+
|
34
|
+
module_function :gets
|
35
|
+
end
|
36
|
+
|
37
|
+
if TCellAgent.configuration.should_instrument?('Kernel#open')
|
38
|
+
alias_method :tcell_original_open, :open
|
39
|
+
def open(*args, **kwargs, &block)
|
40
|
+
TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args)
|
41
|
+
|
42
|
+
tcell_original_open(*args, **kwargs, &block)
|
43
|
+
end
|
44
|
+
|
45
|
+
module_function :open
|
46
|
+
end
|
47
|
+
|
48
|
+
if TCellAgent.configuration.should_instrument?('Kernel#readline')
|
49
|
+
alias_method :tcell_original_readline, :readline
|
50
|
+
def readline(*args, **kwargs, &block)
|
51
|
+
TCellAgent::Instrumentation::Lfi.argf_open_handler
|
52
|
+
|
53
|
+
tcell_original_readline(*args, **kwargs, &block)
|
54
|
+
end
|
55
|
+
|
56
|
+
module_function :readline
|
57
|
+
end
|
58
|
+
|
59
|
+
if TCellAgent.configuration.should_instrument?('Kernel#spawn')
|
60
|
+
alias_method :tcell_original_spawn, :spawn
|
61
|
+
def spawn(*args, **kwargs)
|
62
|
+
TCellAgent::Cmdi.default_cmdi_handler(args)
|
63
|
+
|
64
|
+
tcell_original_spawn(*args, **kwargs)
|
65
|
+
end
|
66
|
+
|
67
|
+
module_function :spawn
|
68
|
+
end
|
69
|
+
|
70
|
+
if TCellAgent.configuration.should_instrument?('Kernel#system')
|
71
|
+
alias_method :tcell_original_system, :system
|
72
|
+
def system(*args, **kwargs)
|
73
|
+
TCellAgent::Cmdi.default_cmdi_handler(args)
|
74
|
+
|
75
|
+
tcell_original_system(*args, **kwargs)
|
76
|
+
end
|
77
|
+
|
78
|
+
module_function :system
|
79
|
+
end
|
80
|
+
end
|
@@ -65,7 +65,8 @@ module TCellAgent
|
|
65
65
|
:password, :route_id, :path, :uri, :fullpath, :context_filters_by_term,
|
66
66
|
:database_filters, :remote_address, :user_agent, :request_method,
|
67
67
|
:path_parameters, :patches_blocking_triggered, :grape_mount_endpoint,
|
68
|
-
:referrer, :csrf_exception_name, :sql_exceptions, :database_result_sizes
|
68
|
+
:referrer, :csrf_exception_name, :sql_exceptions, :database_result_sizes,
|
69
|
+
:reverse_proxy_header_value
|
69
70
|
|
70
71
|
def self.filterx(sanitize_string, event_flag, replace_flag, term)
|
71
72
|
send_event = false
|
@@ -91,26 +92,31 @@ module TCellAgent
|
|
91
92
|
|
92
93
|
def valid_term?(term)
|
93
94
|
return true if !term.nil? && term != '' && term.to_s.length >= 5
|
95
|
+
|
94
96
|
false
|
95
97
|
end
|
96
98
|
|
97
99
|
def add_response_db_filter(term, action_obj, database, schema, table, field)
|
98
100
|
return unless valid_term?(term)
|
101
|
+
|
99
102
|
context_filters_by_term[term.to_s].add(ContextFilter.new.for_database(database, schema, table, field, action_obj))
|
100
103
|
end
|
101
104
|
|
102
105
|
def add_filter_for_request_parameter(term, rule, parameter_name)
|
103
106
|
return unless valid_term?(term)
|
107
|
+
|
104
108
|
context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('form', parameter_name, rule))
|
105
109
|
end
|
106
110
|
|
107
111
|
def add_filter_for_header_value(term, rule, header_name)
|
108
112
|
return unless valid_term?(term)
|
113
|
+
|
109
114
|
context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('header', header_name, rule))
|
110
115
|
end
|
111
116
|
|
112
117
|
def add_filter_for_cookie_value(term, rule, cookie_name)
|
113
118
|
return unless valid_term?(term)
|
119
|
+
|
114
120
|
context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('cookie', cookie_name, rule))
|
115
121
|
end
|
116
122
|
|
@@ -139,6 +145,7 @@ module TCellAgent
|
|
139
145
|
send_flag = TCellData.filterx(body, !event_filters.empty?, !replace_filters.empty?, term)
|
140
146
|
send_flag ||= TCellData.filterx(body, !event_filters.empty?, !replace_filters.empty?, CGI.escapeHTML(term))
|
141
147
|
next unless send_flag
|
148
|
+
|
142
149
|
(replace_filters + event_filters).each do |filter|
|
143
150
|
base_event = TCellAgent::SensorEvents::DlpEvent.new(
|
144
151
|
route_id,
|
@@ -183,6 +190,7 @@ module TCellAgent
|
|
183
190
|
event_filters = (context_filters.select { |context_filter| (context_filter.rule.log_redact != true && context_filter.rule.log_event == true) })
|
184
191
|
send_flag = TCellData.filterx(log_msg, !event_filters.empty?, !replace_filters.empty?, term)
|
185
192
|
next unless send_flag
|
193
|
+
|
186
194
|
(replace_filters + event_filters).each do |filter|
|
187
195
|
base_event = TCellAgent::SensorEvents::DlpEvent.new(
|
188
196
|
route_id,
|
@@ -213,7 +221,7 @@ module TCellAgent
|
|
213
221
|
end
|
214
222
|
end
|
215
223
|
|
216
|
-
#
|
224
|
+
# NOTE: mock for tests
|
217
225
|
def self.get_safe_block_logger
|
218
226
|
unless defined?(@safe_block_logger)
|
219
227
|
@safe_block_logger = TCellAgent::ModuleLogger.new(TCellAgent.logger, name)
|
@@ -224,15 +232,15 @@ module TCellAgent
|
|
224
232
|
|
225
233
|
def self.safe_block(message, &block)
|
226
234
|
block.call
|
227
|
-
rescue StandardError =>
|
235
|
+
rescue StandardError => e
|
228
236
|
logger = get_safe_block_logger
|
229
|
-
logger.error("Error #{message} (#{
|
230
|
-
logger.exception(
|
237
|
+
logger.error("Error #{message} (#{e.class}): #{e.message}")
|
238
|
+
logger.exception(e)
|
231
239
|
end
|
232
240
|
|
233
241
|
def self.safe_block_no_log(_message, &block)
|
234
242
|
block.call
|
235
|
-
rescue StandardError
|
243
|
+
rescue StandardError
|
236
244
|
# do nothing
|
237
245
|
end
|
238
246
|
end
|
data/lib/tcell_agent/logger.rb
CHANGED
@@ -14,7 +14,6 @@ module TCellAgent
|
|
14
14
|
def initialize(logger, module_name)
|
15
15
|
@logger = logger
|
16
16
|
@module_name = module_name
|
17
|
-
@module_name = "#{TCellAgent.configuration.log_tag} #{module_name}" if TCellAgent.configuration.log_tag
|
18
17
|
end
|
19
18
|
|
20
19
|
%i[exception debug info warn error].each do |method_name|
|
@@ -32,13 +31,13 @@ module TCellAgent
|
|
32
31
|
end
|
33
32
|
end
|
34
33
|
|
35
|
-
#
|
34
|
+
# NOTE: since the agent waits until native agent
|
36
35
|
# is available, this is only used in errors
|
37
36
|
# throwned while the agent is instrumenting or starting up
|
38
37
|
# so it's ok to send those to STDOUT always
|
39
38
|
class RubyLogger
|
40
39
|
def initialize
|
41
|
-
@logger = Logger.new(STDOUT)
|
40
|
+
@logger = Logger.new(STDOUT) # rubocop:disable Style/GlobalStdStream
|
42
41
|
end
|
43
42
|
|
44
43
|
def exception(module_name, exception)
|
@@ -80,7 +79,7 @@ module TCellAgent
|
|
80
79
|
@native_logger
|
81
80
|
end
|
82
81
|
|
83
|
-
def self.
|
82
|
+
def self.native_logger=(native_agent)
|
84
83
|
@native_logger = NativeLogger.new(native_agent)
|
85
84
|
end
|
86
85
|
end
|
@@ -110,24 +110,22 @@ module TCellAgent
|
|
110
110
|
|
111
111
|
def get_actions_for_request(context, variable, route_id = nil)
|
112
112
|
return nil if context.nil? || variable.nil?
|
113
|
+
|
113
114
|
route_id = '*' if route_id.nil?
|
114
115
|
if context != RequestProtectionManager::COOKIE
|
115
116
|
variable = variable.downcase
|
116
117
|
end
|
117
118
|
actions = Set.new
|
118
119
|
if @request_filter_actions.key?(context)
|
119
|
-
if @request_filter_actions[context].key?(route_id)
|
120
|
-
|
121
|
-
actions.merge(@request_filter_actions[context][route_id][variable])
|
122
|
-
end
|
120
|
+
if @request_filter_actions[context].key?(route_id) && @request_filter_actions[context][route_id].key?(variable)
|
121
|
+
actions.merge(@request_filter_actions[context][route_id][variable])
|
123
122
|
end
|
124
|
-
if route_id != '*' && @request_filter_actions[context].key?('*')
|
125
|
-
|
126
|
-
actions.merge(@request_filter_actions[context]['*'][variable])
|
127
|
-
end
|
123
|
+
if route_id != '*' && @request_filter_actions[context].key?('*') && @request_filter_actions[context]['*'].key?(variable)
|
124
|
+
actions.merge(@request_filter_actions[context]['*'][variable])
|
128
125
|
end
|
129
126
|
end
|
130
127
|
return nil if actions.size <= 0
|
128
|
+
|
131
129
|
actions
|
132
130
|
end
|
133
131
|
|
@@ -136,12 +134,16 @@ module TCellAgent
|
|
136
134
|
actions = Set.new
|
137
135
|
[database, '*'].each do |d|
|
138
136
|
next if @database_actions.key?(d) == false
|
137
|
+
|
139
138
|
[schema, '*'].each do |s|
|
140
139
|
next if @database_actions[d].key?(s) == false
|
140
|
+
|
141
141
|
[table, '*'].each do |t|
|
142
142
|
next if @database_actions[d][s].key?(t) == false
|
143
|
+
|
143
144
|
[field, '*'].each do |f|
|
144
145
|
next if @database_actions[d][s][t].key?(f) == false
|
146
|
+
|
145
147
|
route_id_rules = @database_actions[d][s][t][f]
|
146
148
|
if route_id_rules.key?(route_id)
|
147
149
|
actions.merge(@database_actions[d][s][t][f][route_id])
|
@@ -154,6 +156,7 @@ module TCellAgent
|
|
154
156
|
end
|
155
157
|
end
|
156
158
|
return nil if actions.empty?
|
159
|
+
|
157
160
|
actions
|
158
161
|
end
|
159
162
|
|
@@ -240,8 +243,10 @@ module TCellAgent
|
|
240
243
|
end
|
241
244
|
|
242
245
|
next unless context && @request_filter_actions.key?(context) && variables && options
|
246
|
+
|
243
247
|
filter_actions = DataLossPolicy.actions_from_json(options)
|
244
248
|
next if filter_actions.nil?
|
249
|
+
|
245
250
|
@enabled = true
|
246
251
|
filter_actions.action_id = rule_id
|
247
252
|
variables.each do |variable|
|
@@ -258,8 +263,10 @@ module TCellAgent
|
|
258
263
|
end
|
259
264
|
|
260
265
|
return unless data_json.key?('db_protections')
|
266
|
+
|
261
267
|
protections = data_json['db_protections']
|
262
268
|
return unless protections
|
269
|
+
|
263
270
|
protections.each do |protection_json|
|
264
271
|
scope = protection_json.fetch('scope', nil)
|
265
272
|
databases = protection_json.fetch('databases', ['*'])
|
@@ -14,10 +14,10 @@ module TCellAgent
|
|
14
14
|
@enabled = enablements['headers'] || false
|
15
15
|
end
|
16
16
|
|
17
|
-
def get_headers(tcell_context)
|
17
|
+
def get_headers(content_type, tcell_context)
|
18
18
|
return [] unless @enabled
|
19
19
|
|
20
|
-
response = @native_agent.get_headers(tcell_context)
|
20
|
+
response = @native_agent.get_headers(content_type, tcell_context)
|
21
21
|
response['headers'] || []
|
22
22
|
end
|
23
23
|
end
|
@@ -17,10 +17,14 @@ module TCellAgent
|
|
17
17
|
def block_request?(appsensor_meta)
|
18
18
|
return false unless @enabled
|
19
19
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
20
|
+
quick_check_response = @native_agent.apply_suspicious_quick_check(appsensor_meta)
|
21
|
+
|
22
|
+
if quick_check_response == 1
|
23
|
+
response = @native_agent.apply_patches(appsensor_meta)
|
24
|
+
return !response['apply_response'].nil? && response['apply_response']['status'] == 'Blocked'
|
25
|
+
end
|
26
|
+
|
27
|
+
quick_check_response == 2
|
24
28
|
end
|
25
29
|
end
|
26
30
|
end
|
@@ -47,6 +47,7 @@ module TCellAgent
|
|
47
47
|
TCellAgent::Instrumentation.safe_block('Setting DLP policy') do
|
48
48
|
dlp_api_identifier = TCellAgent::Policies::DataLossPolicy.api_identifier
|
49
49
|
return unless policies_json.key?(dlp_api_identifier)
|
50
|
+
|
50
51
|
@policies[dlp_api_identifier] = TCellAgent::Policies::DataLossPolicy.new(
|
51
52
|
policies_json[dlp_api_identifier]
|
52
53
|
)
|
@@ -20,6 +20,7 @@ module TCellAgent
|
|
20
20
|
|
21
21
|
@policy_polling_worker_mutex.synchronize do
|
22
22
|
return if policy_polling_running?
|
23
|
+
|
23
24
|
start_policy_polling_loop(native_agent)
|
24
25
|
end
|
25
26
|
end
|
@@ -44,9 +45,9 @@ module TCellAgent
|
|
44
45
|
policies_and_enablements['enablements'],
|
45
46
|
policies_and_enablements['policies']
|
46
47
|
)
|
47
|
-
rescue StandardError =>
|
48
|
-
module_logger.error("Error in polling policies: #{
|
49
|
-
module_logger.exception(
|
48
|
+
rescue StandardError => e
|
49
|
+
module_logger.error("Error in polling policies: #{e.message}")
|
50
|
+
module_logger.exception(e)
|
50
51
|
end
|
51
52
|
|
52
53
|
# TODO(ralba): this might need to be changed to see how it affects performance
|