tcell_agent 2.1.1 → 2.4.0

data/lib/tcell_agent/rails/csrf_exception.rb

@@ -16,12 +16,4 @@ module TCellAgent
       super if defined?(super)
     end
   end
-
-  class MyRailtie < Rails::Railtie
-    initializer 'tcell.sensors' do |_app|
-      ActiveSupport.on_load :action_controller do
-        ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
-      end
-    end
-  end
 end

data/lib/tcell_agent/rails/dlp.rb

@@ -1,8 +1,5 @@
 # See the file "LICENSE" for the full license governing this code.
 
-require 'tcell_agent/authlogic' if defined?(Authlogic)
-require 'tcell_agent/devise' if defined?(Devise)
-
 require 'rails'
 require 'uri'
 require 'tcell_agent/agent'
@@ -21,7 +18,6 @@ require 'tcell_agent/rails/settings_reporter'
 
 require 'tcell_agent/instrumentation'
 
-require 'tcell_agent/userinfo'
 require 'cgi'
 require 'thread'
 
@@ -84,6 +80,7 @@ module TCellAgent
               normalized_column_names[namespaced_column_name] = column_name
 
               next unless column_name && (!namespace || namespace == table_name)
+
               rules = dlp_policy.get_actions_for_table(
                 database_name,
                 '*',
@@ -194,6 +191,7 @@ module TCellAgent
             results[0...TCellAgent.configuration.max_data_ex_db_records_per_request].each do |record|
               column_name_to_rules.each do |column_name, rules|
                 next unless rules
+
                 rules.each do |rule|
                   tcell_context.add_response_db_filter(
                     record[column_name.to_sym],
@@ -305,31 +303,29 @@ module TCellAgent
       def log_enforce(tcell_context, sanitize_string)
         if TCellAgent.configuration.should_instrument? &&
            TCellAgent.configuration.should_intercept_requests?
-          if tcell_context && tcell_context.session_id
-            session_id_actions = get_actions_for_session_id
-            if session_id_actions
-              send_event = false
-              sanitize_string.gsub!(tcell_context.session_id) do |m|
-                if session_id_actions.log_redact
-                  send_event = true
-                  m = '[session_id]'
-                elsif session_id_actions.log_hash
-                  send_event = true
-                  m = '[hash]'
-                elsif session_id_actions.log_event
-                  send_event = true
-                end
-                m
-              end
-              if send_event
-                TCellAgent.send_event(
-                  TCellAgent::SensorEvents::DlpEvent.new(
-                    tcell_context.route_id,
-                    tcell_context.uri,
-                    TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG
-                  ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
-                )
+          session_id_actions = get_actions_for_session_id
+          if tcell_context && tcell_context.session_id && session_id_actions
+            send_event = false
+            sanitize_string.gsub!(tcell_context.session_id) do |m|
+              if session_id_actions.log_redact
+                send_event = true
+                m = '[session_id]'
+              elsif session_id_actions.log_hash
+                send_event = true
+                m = '[hash]'
+              elsif session_id_actions.log_event
+                send_event = true
               end
+              m
+            end
+            if send_event
+              TCellAgent.send_event(
+                TCellAgent::SensorEvents::DlpEvent.new(
+                  tcell_context.route_id,
+                  tcell_context.uri,
+                  TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG
+                ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
+              )
             end
           end
         end
@@ -340,32 +336,32 @@ module TCellAgent
       def response_body_enforce(tcell_context, sanitize_string)
         if TCellAgent.configuration.should_instrument? &&
            TCellAgent.configuration.should_intercept_requests?
-          if tcell_context && tcell_context.session_id
-            session_id_actions = get_actions_for_session_id
-            if session_id_actions
-              send_event = false
-              sanitize_string.gsub!(tcell_context.session_id) do |m|
-                if session_id_actions.body_redact
-                  # m = "[session_id]"
-                  send_event = true
-                elsif session_id_actions.body_hash
-                  # m = "[hash]"
-                  send_event = true
-                elsif session_id_actions.body_event
-                  send_event = true
-                end
-                m
+          session_id_actions = get_actions_for_session_id
+          if tcell_context && tcell_context.session_id && session_id_actions
+            send_event = false
+            sanitize_string.gsub!(tcell_context.session_id) do |m|
+              # rubocop:disable Lint/DuplicateBranch
+              if session_id_actions.body_redact
+                # m = "[session_id]"
+                send_event = true
+              elsif session_id_actions.body_hash
+                # m = "[hash]"
+                send_event = true
+              elsif session_id_actions.body_event
+                send_event = true
               end
+              # rubocop:enable Lint/DuplicateBranch
+              m
             end
-            if send_event
-              TCellAgent.send_event(
-                TCellAgent::SensorEvents::DlpEvent.new(
-                  tcell_context.route_id,
-                  tcell_context.uri,
-                  TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY
-                ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
-              )
-            end
+          end
+          if send_event
+            TCellAgent.send_event(
+              TCellAgent::SensorEvents::DlpEvent.new(
+                tcell_context.route_id,
+                tcell_context.uri,
+                TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY
+              ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
+            )
           end
         end
 

data/lib/tcell_agent/rails/dlp/process_request.rb

@@ -37,6 +37,7 @@ module TCellAgent
       dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
       tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
       return unless tcell_context && dataex_policy && dataex_policy.actions_for_form_parameter?
+
       for_params(request) do |_method, param_name, param_value|
         actions = dataex_policy.get_actions_for_form_parameter(param_name, tcell_context.route_id)
         if actions
@@ -51,11 +52,13 @@ module TCellAgent
       dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
       tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
       return unless tcell_context && dataex_policy && dataex_policy.actions_for_headers?
+
       headers = request.env.select { |k, _v| k.start_with? 'HTTP_' }
       headers.each do |header_name, header_value|
         header_name = header_name.sub(/^HTTP_/, '').tr('_', '-')
         actions = dataex_policy.get_actions_for_header(header_name)
         next unless actions
+
         actions.each do |action|
           tcell_context.add_filter_for_header_value(header_value, action, header_name)
         end
@@ -66,9 +69,11 @@ module TCellAgent
       dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
       tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
       return unless tcell_context && dataex_policy && dataex_policy.actions_for_cookie?
+
       request.cookies.each do |cookie_name, cookie_value|
         actions = dataex_policy.get_actions_for_cookie(cookie_name)
         next unless actions
+
         actions.each do |action|
           tcell_context.add_filter_for_cookie_value(cookie_value, action, cookie_name)
         end

data/lib/tcell_agent/rails/dlp_handler.rb

@@ -39,19 +39,18 @@ module TCellAgent
 
           TCellAgent::Instrumentation.safe_block('DLP Handler get handler and context') do
             if TCellAgent.configuration.should_instrument? &&
-               TCellAgent.configuration.should_intercept_requests?
+               TCellAgent.configuration.should_intercept_requests? &&
+               TCellAgent::Utils::Rails.processable_response?(response_headers)
 
               # do all this work so that dlp doesn't run at all unless it's on and there
               # are rules to run
-              if TCellAgent::Utils::Rails.processable_response?(response_headers)
-                dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
-                if dlp_policy && dlp_policy.get_actions_for_session_id
-                  tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
-                  if tcell_context && tcell_context.session_id
-                    dlp_handler = proc { |tc, resp|
-                      handle_dlp!(tc, resp)
-                    }
-                  end
+              dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
+              if dlp_policy && dlp_policy.get_actions_for_session_id
+                tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
+                if tcell_context && tcell_context.session_id
+                  dlp_handler = proc { |tc, resp|
+                    handle_dlp!(tc, resp)
+                  }
                 end
               end
             end

data/lib/tcell_agent/rails/js_agent_insert.rb

@@ -4,8 +4,7 @@ module TCellAgent
   module Instrumentation
     module Rails
       module JSAgent
-        HEAD_SEARCH_REGEX = /<head>/
-
+        HEAD_SEARCH_REGEX = Regexp.new('(<head>|<head( |\n).*?>)', Regexp::IGNORECASE)
         def self.insert_now(js_agent_handler, script_insert, rack_body, content_length)
           TCellAgent::Instrumentation.safe_block('Handling JSAgent Insert Now') do
             if js_agent_handler
@@ -32,7 +31,7 @@ module TCellAgent
           TCellAgent::Instrumentation.safe_block('Handling JSAgent insert') do
             new_response = response.sub(
               TCellAgent::Instrumentation::Rails::JSAgent::HEAD_SEARCH_REGEX,
-              "<head>#{script_insert}"
+              "\\1#{script_insert}"
             )
           end
 

data/lib/tcell_agent/rails/middleware/context_middleware.rb

@@ -26,7 +26,8 @@ module TCellAgent
                 env[TCellAgent::Instrumentation::TCELL_ID].path = request.path
                 env[TCellAgent::Instrumentation::TCELL_ID].user_agent = request.user_agent
                 env[TCellAgent::Instrumentation::TCELL_ID].referrer = request.referrer
-                env[TCellAgent::Instrumentation::TCELL_ID].remote_address = TCellAgent::Utils::Rails.better_ip(request)
+                env[TCellAgent::Instrumentation::TCELL_ID].remote_address = request.ip
+                env[TCellAgent::Instrumentation::TCELL_ID].reverse_proxy_header_value = TCellAgent::Utils::Rails.reverse_proxy_header(request)
                 if request.request_method
                   env[TCellAgent::Instrumentation::TCELL_ID].request_method = request.request_method
                 end

data/lib/tcell_agent/rails/middleware/global_middleware.rb

@@ -7,7 +7,7 @@ require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/server_agent'
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
 
-require 'tcell_agent/userinfo'
+require 'tcell_agent/rails/auth/userinfo'
 require 'cgi'
 
 require 'tcell_agent/instrumentation'
@@ -24,6 +24,7 @@ module TCellAgent
           def call(env)
             if TCellAgent.configuration.should_intercept_requests?
               request = Rack::Request.new(env)
+
               TCellAgent::Instrumentation.safe_block('Setting session_id & user_id') do
                 if request.session
                   env[TCellAgent::Instrumentation::TCELL_ID].session_id =
@@ -41,9 +42,7 @@ module TCellAgent
               end
             end
 
-            response = @app.call(env)
-
-            response
+            @app.call(env)
           end
         end
       end

data/lib/tcell_agent/rails/middleware/headers_middleware.rb

@@ -39,6 +39,7 @@ module TCellAgent
             TCellAgent::Instrumentation.safe_block('Handling headers') do
               headers_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HEADERS)
               policy_headers = headers_policy.get_headers(
+                headers['Content-Type'],
                 request.env[TCellAgent::Instrumentation::TCELL_ID]
               )
               policy_headers.each do |header_info|

data/lib/tcell_agent/rails/{on_start.rb → railties/tcell_agent_railties.rb}

@@ -2,36 +2,21 @@
 
 require 'rails'
 
-require 'tcell_agent/rails/routes'
-
 require 'tcell_agent/rails/middleware/global_middleware'
 require 'tcell_agent/rails/middleware/body_filter_middleware'
 require 'tcell_agent/rails/middleware/headers_middleware'
 require 'tcell_agent/rails/middleware/context_middleware'
 
+require 'tcell_agent/rails/routes'
 require 'tcell_agent/rails/settings_reporter'
 require 'tcell_agent/rails/dlp'
 require 'tcell_agent/rails/csrf_exception'
 
-require 'tcell_agent/userinfo'
 require 'cgi'
 require 'thread'
 
 module TCellAgent
   class TCellAgentStartupRailtie < Rails::Railtie
-    # TCellAgent config can be specified thru
-    # Rails initializer's (https://guides.rubyonrails.org/v2.3/configuring.html#using-initializers)
-    # so those need to run first since this relies on configuration
-    initializer :tcell_instrument_auth_frameworks, :after => :load_config_initializers do |_app|
-      next unless TCellAgent.configuration.should_instrument?
-
-      require 'tcell_agent/devise'
-      require 'tcell_agent/rails/auth/devise'
-      require 'tcell_agent/authlogic'
-      require 'tcell_agent/rails/auth/authlogic'
-      require 'tcell_agent/rails/auth/doorkeeper'
-    end
-
     initializer :tcell_insert_middleware, :before => :build_middleware_stack do |app|
       app.config.middleware.insert_before(0, TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware)
       app.config.middleware.insert_after(0, TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware)
@@ -39,4 +24,12 @@ module TCellAgent
       app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware
     end
   end
+
+  class TCellAgentCSRFRailtie < Rails::Railtie
+    initializer 'tcell.sensors' do |_app|
+      ActiveSupport.on_load :action_controller do
+        ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
+      end
+    end
+  end
 end

data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb

@@ -0,0 +1,8 @@
+module TCellAgent
+  class TCellAgentStartupRailtie < Rails::Railtie
+    initializer :start_tcell_agent,
+                :after => :load_config_initializers do |_app|
+      TCellAgent.thread_agent.start('Unicorn')
+    end
+  end
+end

data/lib/tcell_agent/rails/routes.rb

@@ -136,8 +136,7 @@ module TCellAgent
               prepend_around_filter :tcell_around_filter_routes
             end
             def tcell_around_filter_routes
-              if TCellAgent.configuration.should_instrument? &&
-                 TCellAgent.configuration.should_intercept_requests?
+              if TCellAgent.configuration.should_intercept_requests?
                 TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
                   _match, parameters, route = ::Rails.application.routes.router.recognize(request) { |r, _| r }.first
 
@@ -192,8 +191,7 @@ module TCellAgent
         ActionDispatch::Journey::Router.class_eval do
           alias_method :tcell_serve, :serve
           def serve(req)
-            if TCellAgent.configuration.should_instrument? &&
-               TCellAgent.configuration.should_intercept_requests?
+            if TCellAgent.configuration.should_intercept_requests?
               TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
                 _match, parameters, route = find_routes(req).first
 
@@ -220,8 +218,7 @@ module TCellAgent
           def call(env)
             env['PATH_INFO'] = ActionDispatch::Journey::Router::Utils.normalize_path(env['PATH_INFO'])
 
-            if TCellAgent.configuration.should_instrument? &&
-               TCellAgent.configuration.should_intercept_requests?
+            if TCellAgent.configuration.should_intercept_requests?
               TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
                 _match, parameters, route = find_routes(env).first
 

data/lib/tcell_agent/rails/routes/grape.rb

@@ -5,16 +5,11 @@ module TCellAgent
     def self.grape_route?(route)
       if defined?(Grape::API)
         begin
-          if ::Rails::VERSION::MAJOR == 4 && ::Rails::VERSION::MINOR < 2
-            # does app inherit from Grape::API?
-            route.app < Grape::API
-          else
-            # does app inherit from Grape::API?
-            route.app.app < Grape::API
-          end
+          return route.app < Grape::API if ::Rails::VERSION::MAJOR == 4 &&
+                                           ::Rails::VERSION::MINOR < 2
 
-          return true
-        rescue StandardError # rubocop:disable Lint/HandleExceptions
+          return route.app.app < Grape::API
+        rescue StandardError
           # do nothing
         end
       end
@@ -76,9 +71,7 @@ module TCellAgent
       Grape::Endpoint.class_eval do
         alias_method :tcell_call!, :call!
         def call!(env)
-          if TCellAgent.configuration.should_instrument? &&
-             TCellAgent.configuration.should_intercept_requests?
-
+          if TCellAgent.configuration.should_intercept_requests?
             TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
               tcell_context = env[TCellAgent::Instrumentation::TCELL_ID]
               if tcell_context && tcell_context.grape_mount_endpoint && respond_to?(:routes)

data/lib/tcell_agent/rails/settings_reporter.rb

@@ -6,14 +6,6 @@ require 'tcell_agent/sensor_events/server_agent'
 module TCellAgent
   module Instrumentation
     module Rails
-      def self.send_framework_info
-        TCellAgent.send_event(
-          TCellAgent::SensorEvents::ServerAgentAppFrameworkEvent.new(
-            'Rails', ::Rails.version
-          )
-        )
-      end
-
       def self.send_settings
         TCellAgent::Instrumentation.safe_block('Reporting Rails settings') do
           rails_config = ::Rails.application.config

data/lib/tcell_agent/rails/tcell_body_proxy.rb

@@ -31,7 +31,6 @@ module TCellAgent
           TCellAgent::Instrumentation.safe_block('Running AppSensor deferred due to streaming') do
             if @meta_data
               @meta_data.response_content_bytes_len = @content_length
-
               appfirewall_policy = TCellAgent.policy(TCellAgent::PolicyTypes::APPSENSOR)
               appfirewall_policy.check_appfirewall_injections(@meta_data)
             end
@@ -54,18 +53,16 @@ module TCellAgent
           @body.respond_to?(method_name, include_all)
         end
 
-        def method_missing(method_name, *args, &block) # rubocop:disable Style/MethodMissing
+        def method_missing(method_name, *args, &block)
           @body.__send__(method_name, *args, &block)
         end
 
         def process_body(body)
           TCellAgent::Instrumentation.safe_block('Processing tcell body proxy body') do
             chunked_response_match = nil
-            if body.class.name == 'String'
-              if body =~ /^([[:xdigit:]]+)(;.+)?\r\n/
-                chunked_response_match = Regexp.last_match(1)
-                @content_length += chunked_response_match.to_i(16)
-              end
+            if body.class.name == 'String' && body =~ /^([[:xdigit:]]+)(;.+)?\r\n/
+              chunked_response_match = Regexp.last_match(1)
+              @content_length += chunked_response_match.to_i(16)
             end
 
             new_body = body