tcell_agent 2.1.2 → 2.2.0

data/lib/tcell_agent/instrument_servers.rb

@@ -1,25 +1,23 @@
-tcell_server = ENV['TCELL_AGENT_SERVER']
+# frozen_string_literal: true
 
-if TCellAgent.configuration.should_instrument?
-  unless tcell_server && tcell_server == 'mock'
-    if (tcell_server && tcell_server == 'webrick') || defined?(Rails::Server)
-      require('tcell_agent/servers/rails_server')
+tcell_server = ENV['TCELL_AGENT_SERVER']
 
-    elsif (tcell_server && tcell_server == 'thin') || defined?(Thin)
-      require('tcell_agent/servers/thin')
+if tcell_server && tcell_server == 'mock'
+  TCellAgent.thread_agent.instrument_built_ins
+end
 
-    elsif (tcell_server && tcell_server == 'puma') || defined?(Puma)
-      require('tcell_agent/servers/puma')
+if (tcell_server && tcell_server == 'webrick') || defined?(Rails::Server)
+  require('tcell_agent/servers/rails_server')
 
-    elsif (tcell_server && tcell_server == 'unicorn') || defined?(Unicorn)
-      require('tcell_agent/servers/unicorn')
+elsif (tcell_server && tcell_server == 'thin') || defined?(Thin)
+  require('tcell_agent/servers/thin')
 
-    elsif (tcell_server && tcell_server == 'passenger') || defined?(PhusionPassenger)
-      require('tcell_agent/servers/passenger')
-    end
-  end
+elsif (tcell_server && tcell_server == 'puma') || defined?(Puma)
+  require('tcell_agent/servers/puma')
 
 elsif (tcell_server && tcell_server == 'unicorn') || defined?(Unicorn)
-  # unicorn is always instrumented to support rolling restarts
   require('tcell_agent/servers/unicorn')
+
+elsif (tcell_server && tcell_server == 'passenger') || defined?(PhusionPassenger)
+  require('tcell_agent/servers/passenger')
 end

data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb

@@ -26,7 +26,7 @@ module Kernel
     tcell_original_backtick(cmd)
   end
 
-  if TCellAgent.configuration.should_instrument_cmdi_exec?
+  if TCellAgent.configuration.should_instrument?('kernel_exec')
     def exec(*args)
       cmd = TCellAgent::Cmdi.parse_command(*args)
       if TCellAgent::Cmdi.block_command?(cmd)

data/lib/tcell_agent/logger.rb

@@ -14,7 +14,6 @@ module TCellAgent
     def initialize(logger, module_name)
       @logger = logger
       @module_name = module_name
-      @module_name = "#{TCellAgent.configuration.log_tag} #{module_name}" if TCellAgent.configuration.log_tag
     end
 
     %i[exception debug info warn error].each do |method_name|
@@ -80,7 +79,7 @@ module TCellAgent
     @native_logger
   end
 
-  def self.native_agent=(native_agent)
+  def self.native_logger=(native_agent)
     @native_logger = NativeLogger.new(native_agent)
   end
 end

data/lib/tcell_agent/rails/auth/authlogic.rb

@@ -1,56 +1,52 @@
-if TCellAgent.configuration.should_instrument_authlogic? && defined?(Authlogic)
-
-  require 'tcell_agent/configuration'
-  require 'tcell_agent/instrumentation'
-
-  module TCellAgent
-    require 'tcell_agent/agent'
-
-    Authlogic::Session::Base.class_eval do
-      alias_method :tcell_save, :save
-      def save(&block)
-        return tcell_save(&block) unless TCellAgent.configuration.should_intercept_requests?
-
-        user_logged_in_before = !user.nil?
-        success = tcell_save(&block)
-        user_logged_in_after = !user.nil?
-
-        TCellAgent::Instrumentation.safe_block('Authlogic login info') do
-          user_id = nil
-          password = nil
-          user_valid = nil
-          TCellAgent::Instrumentation.safe_block('getting userid for login form') do
-            user_id = send(self.class.login_field.to_sym)
-          end
-
-          request = Authlogic::Session::Base.controller.request
-          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-
-          return success unless tcell_data
-
-          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-          if user_logged_in_before && user_logged_in_after
-            # password changed or logged in as another user
-          elsif !user_logged_in_before && !user_logged_in_after
-            login_policy.report_login_failure(
-              user_id,
-              password,
-              request.env,
-              user_valid,
-              tcell_data
-            )
-          elsif !user_logged_in_before && user_logged_in_after
-            login_policy.report_login_success(
-              user_id,
-              request.env,
-              tcell_data
-            )
-          end
+require 'tcell_agent/configuration'
+require 'tcell_agent/instrumentation'
+
+module TCellAgent
+  require 'tcell_agent/agent'
+
+  Authlogic::Session::Base.class_eval do
+    alias_method :tcell_save, :save
+    def save(&block)
+      return tcell_save(&block) unless TCellAgent.configuration.should_intercept_requests?
+
+      user_logged_in_before = !user.nil?
+      success = tcell_save(&block)
+      user_logged_in_after = !user.nil?
+
+      TCellAgent::Instrumentation.safe_block('Authlogic login info') do
+        user_id = nil
+        password = nil
+        user_valid = nil
+        TCellAgent::Instrumentation.safe_block('getting userid for login form') do
+          user_id = send(self.class.login_field.to_sym)
         end
 
-        success
+        request = Authlogic::Session::Base.controller.request
+        tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+
+        return success unless tcell_data
+
+        login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+        if user_logged_in_before && user_logged_in_after
+        # password changed or logged in as another user
+        elsif !user_logged_in_before && !user_logged_in_after
+          login_policy.report_login_failure(
+            user_id,
+            password,
+            request.env,
+            user_valid,
+            tcell_data
+          )
+        elsif !user_logged_in_before && user_logged_in_after
+          login_policy.report_login_success(
+            user_id,
+            request.env,
+            tcell_data
+          )
+        end
       end
+
+      success
     end
   end
-
 end

data/lib/tcell_agent/rails/auth/authlogic_helper.rb

@@ -0,0 +1,20 @@
+require 'tcell_agent/rails/auth/userinfo'
+
+module TCellAgent
+  TCellAgent::UserInformation.class_eval do
+    class << self
+      alias_method :original_get_user_from_request, :get_user_from_request
+      def get_user_from_request(request)
+        orig_user_id = original_get_user_from_request(request)
+        begin
+          if request.session && request.session.key?('user_credentials_id')
+            return request.session['user_credentials_id'].to_s
+          end
+        rescue StandardError
+          return orig_user_id
+        end
+        orig_user_id
+      end
+    end
+  end
+end

data/lib/tcell_agent/rails/auth/devise.rb

@@ -1,127 +1,125 @@
-if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
-  module TCellAgent
-    require 'base64'
-    require 'tcell_agent/agent'
-
-    module DeviseInstrumentation
-      module TCellFailureAppRespond
-        def respond
-          TCellAgent::Instrumentation.safe_block('Devise Failure App Respond') do
-            if TCellAgent.configuration.should_intercept_requests?
-              tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-              if tcell_data
-                # in the case of http auth, user_id is set in
-                # Devise::Strategies::Authenticatable.valid_for_http_auth?
-                user_id = tcell_data.user_id
-                user_id ||= _get_tcell_username
-
-                # in the case of http auth, password is set in
-                # Devise::Strategies::Authenticatable.valid_for_http_auth?
-                password = tcell_data.password
-                password ||= _get_tcell_password
-
-                user_valid = nil
-                login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-                login_policy.report_login_failure(
-                  user_id,
-                  password,
-                  request.env,
-                  user_valid,
-                  tcell_data
-                )
-              end
+module TCellAgent
+  require 'base64'
+  require 'tcell_agent/agent'
+
+  module DeviseInstrumentation
+    module TCellFailureAppRespond
+      def respond
+        TCellAgent::Instrumentation.safe_block('Devise Failure App Respond') do
+          if TCellAgent.configuration.should_intercept_requests?
+            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+            if tcell_data
+              # in the case of http auth, user_id is set in
+              # Devise::Strategies::Authenticatable.valid_for_http_auth?
+              user_id = tcell_data.user_id
+              user_id ||= _get_tcell_username
+
+              # in the case of http auth, password is set in
+              # Devise::Strategies::Authenticatable.valid_for_http_auth?
+              password = tcell_data.password
+              password ||= _get_tcell_password
+
+              user_valid = nil
+              login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+              login_policy.report_login_failure(
+                user_id,
+                password,
+                request.env,
+                user_valid,
+                tcell_data
+              )
             end
           end
-
-          super if defined?(super)
         end
 
-        def _get_tcell_username
-          tcell_username = nil
-          TCellAgent::Instrumentation.safe_block('Devise Get TCell Username') do
-            keys = scope_class.authentication_keys.dup
-            user_params = request.POST.fetch('user', {})
-            keys.each do |key|
-              next_usename = user_params.fetch(key, nil)
-              if next_usename
-                tcell_username ||= ''
-                tcell_username += next_usename
-              end
+        super if defined?(super)
+      end
+
+      def _get_tcell_username
+        tcell_username = nil
+        TCellAgent::Instrumentation.safe_block('Devise Get TCell Username') do
+          keys = scope_class.authentication_keys.dup
+          user_params = request.POST.fetch('user', {})
+          keys.each do |key|
+            next_usename = user_params.fetch(key, nil)
+            if next_usename
+              tcell_username ||= ''
+              tcell_username += next_usename
             end
           end
-          tcell_username
         end
+        tcell_username
+      end
 
-        def _get_tcell_password
-          tcell_password = nil
-          TCellAgent::Instrumentation.safe_block('Devise Get TCell Password') do
-            user_params = request.POST.fetch('user', {})
-            tcell_password = user_params['password']
-          end
-          tcell_password
+      def _get_tcell_password
+        tcell_password = nil
+        TCellAgent::Instrumentation.safe_block('Devise Get TCell Password') do
+          user_params = request.POST.fetch('user', {})
+          tcell_password = user_params['password']
         end
+        tcell_password
       end
     end
+  end
 
-    # prepend is ruby 2+ feature
-    Devise::FailureApp.send(:prepend, DeviseInstrumentation::TCellFailureAppRespond)
-
-    Devise::Strategies::Authenticatable.class_eval do
-      alias_method :tcell_valid_for_http_auth?, :valid_for_http_auth?
-      def valid_for_http_auth?
-        is_valid = tcell_valid_for_http_auth?
-
-        TCellAgent::Instrumentation.safe_block('Devise set username for http basic auth') do
-          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-          if http_auth_hash && tcell_data
-            username = http_auth_hash[http_authentication_key]
-            password = http_auth_hash[:password]
-            tcell_data.user_id = username if username && !tcell_data.user_id
-            tcell_data.password = password if password && !tcell_data.password
-          end
+  # prepend is ruby 2+ feature
+  Devise::FailureApp.send(:prepend, DeviseInstrumentation::TCellFailureAppRespond)
+
+  Devise::Strategies::Authenticatable.class_eval do
+    alias_method :tcell_valid_for_http_auth?, :valid_for_http_auth?
+    def valid_for_http_auth?
+      is_valid = tcell_valid_for_http_auth?
+
+      TCellAgent::Instrumentation.safe_block('Devise set username for http basic auth') do
+        tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+        if http_auth_hash && tcell_data
+          username = http_auth_hash[http_authentication_key]
+          password = http_auth_hash[:password]
+          tcell_data.user_id = username if username && !tcell_data.user_id
+          tcell_data.password = password if password && !tcell_data.password
         end
-
-        is_valid
       end
 
-      alias_method :tcell_validate, :validate
-      def validate(resource, &block)
-        is_valid = tcell_validate(resource, &block)
-        send_event = is_valid
+      is_valid
+    end
 
-        # gets the first entry in the current backtrace
-        # syntax suggested by rubocop to improve performance
-        if caller(1..1).first.include? 'two_factor_authenticatable'
-          TCellAgent.logger.debug('Not sending login success event for Devise::Strategies::TwoFactorAuthenticatable since 2fa is unsupported', 'TCellAgent::DeviseInstrumentation')
-          send_event = false
-        end
+    alias_method :tcell_validate, :validate
+    def validate(resource, &block)
+      is_valid = tcell_validate(resource, &block)
+      send_event = is_valid
 
-        TCellAgent::Instrumentation.safe_block('Devise Authenticatable Validate') do
-          if send_event && TCellAgent.configuration.enabled &&
-             TCellAgent.configuration.should_intercept_requests?
-            username = nil
-            (authentication_keys || []).each do |auth_key|
-              attr = authentication_hash[auth_key]
-              if attr
-                username ||= ''
-                username += attr
-              end
-            end
+      # gets the first entry in the current backtrace
+      # syntax suggested by rubocop to improve performance
+      if caller(1..1).first.include? 'two_factor_authenticatable'
+        TCellAgent.logger.debug('Not sending login success event for Devise::Strategies::TwoFactorAuthenticatable since 2fa is unsupported', 'TCellAgent::DeviseInstrumentation')
+        send_event = false
+      end
 
-            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-            return is_valid unless tcell_data
-
-            login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-            login_policy.report_login_success(
-              username,
-              request.env,
-              tcell_data
-            )
+      TCellAgent::Instrumentation.safe_block('Devise Authenticatable Validate') do
+        if send_event && TCellAgent.configuration.enabled &&
+           TCellAgent.configuration.should_intercept_requests?
+          username = nil
+          (authentication_keys || []).each do |auth_key|
+            attr = authentication_hash[auth_key]
+            if attr
+              username ||= ''
+              username += attr
+            end
           end
-        end
 
-        is_valid
+          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+          return is_valid unless tcell_data
+
+          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+          login_policy.report_login_success(
+            username,
+            request.env,
+            tcell_data
+          )
+        end
       end
+
+      is_valid
     end
   end
 end

data/lib/tcell_agent/rails/auth/devise_helper.rb

@@ -0,0 +1,29 @@
+require 'devise'
+require 'devise/rails'
+require 'devise/strategies/database_authenticatable'
+require 'tcell_agent/rails/auth/userinfo'
+
+module TCellAgent
+  TCellAgent::UserInformation.class_eval do
+    class << self
+      alias_method :original_get_user_from_request, :get_user_from_request
+      def get_user_from_request(request)
+        orig_user_id = original_get_user_from_request(request)
+        begin
+          if request.session && request.session.key?('warden.user.user.key')
+            userkey = request.session['warden.user.user.key']
+            user_id = if userkey.length == 2
+                        userkey[0][0]
+                      else
+                        userkey[1][0]
+                      end
+            return user_id.to_s if user_id.is_a? Integer
+          end
+        rescue StandardError
+          return orig_user_id
+        end
+        orig_user_id
+      end
+    end
+  end
+end