tcell_agent 2.1.2 → 2.2.0

data/lib/tcell_agent/rails/auth/doorkeeper.rb

@@ -1,65 +1,32 @@
-if TCellAgent.configuration.should_instrument_doorkeeper? && defined?(Doorkeeper)
+require 'tcell_agent/agent'
+require 'tcell_agent/sensor_events/login_fraud'
 
-  require 'tcell_agent/agent'
-  require 'tcell_agent/sensor_events/login_fraud'
+module TCellAgent
+  module DoorkeeperInstrumentation
+    Doorkeeper::TokensController.class_eval do
+      alias_method :tcell_authorize_response, :authorize_response
+      def authorize_response
+        result = tcell_authorize_response
 
-  module TCellAgent
-    module DoorkeeperInstrumentation
-      Doorkeeper::TokensController.class_eval do
-        alias_method :tcell_authorize_response, :authorize_response
-        def authorize_response
-          result = tcell_authorize_response
+        TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
+          return result unless TCellAgent.configuration.should_intercept_requests?
 
-          TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
-            return result unless TCellAgent.configuration.should_intercept_requests?
+          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
 
-            login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+          return unless tcell_data
+          headers = request.env
 
-            return unless tcell_data
-            headers = request.env
-
-            if result.is_a?(Doorkeeper::OAuth::TokenResponse)
-              user_id = result.token.resource_owner_id
-              login_policy.report_login_success(
-                user_id,
-                headers,
-                tcell_data
-              )
-            elsif result.is_a?(Doorkeeper::OAuth::ErrorResponse)
-              user_id = request.POST['client_id']
-              password = nil
-              user_valid = nil
-              login_policy.report_login_failure(
-                user_id,
-                password,
-                headers,
-                user_valid,
-                tcell_data
-              )
-            end
-          end
-
-          result
-        end
-      end
-
-      module TCellAuthorizationsNew
-        def new
-          super if defined?(super)
-
-          TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
-            return unless TCellAgent.configuration.should_intercept_requests?
-            return unless pre_auth.error
-
-            login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
-            tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
-
-            return unless tcell_data
-
-            user_id = current_resource_owner.id
+          if result.is_a?(Doorkeeper::OAuth::TokenResponse)
+            user_id = result.token.resource_owner_id
+            login_policy.report_login_success(
+              user_id,
+              headers,
+              tcell_data
+            )
+          elsif result.is_a?(Doorkeeper::OAuth::ErrorResponse)
+            user_id = request.POST['client_id']
             password = nil
-            headers = request.env
             user_valid = nil
             login_policy.report_login_failure(
               user_id,
@@ -70,10 +37,40 @@ if TCellAgent.configuration.should_instrument_doorkeeper? && defined?(Doorkeeper
             )
           end
         end
+
+        result
       end
+    end
+
+    module TCellAuthorizationsNew
+      def new
+        super if defined?(super)
+
+        TCellAgent::Instrumentation.safe_block('Doorkeeper Token Authorize') do
+          return unless TCellAgent.configuration.should_intercept_requests?
+          return unless pre_auth.error
 
-      # prepend is ruby 2+ feature
-      Doorkeeper::AuthorizationsController.send(:prepend, TCellAuthorizationsNew)
+          login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
+          tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
+
+          return unless tcell_data
+
+          user_id = current_resource_owner.id
+          password = nil
+          headers = request.env
+          user_valid = nil
+          login_policy.report_login_failure(
+            user_id,
+            password,
+            headers,
+            user_valid,
+            tcell_data
+          )
+        end
+      end
     end
+
+    # prepend is ruby 2+ feature
+    Doorkeeper::AuthorizationsController.send(:prepend, TCellAuthorizationsNew)
   end
 end

data/lib/tcell_agent/rails/csrf_exception.rb

@@ -16,12 +16,4 @@ module TCellAgent
       super if defined?(super)
     end
   end
-
-  class MyRailtie < Rails::Railtie
-    initializer 'tcell.sensors' do |_app|
-      ActiveSupport.on_load :action_controller do
-        ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
-      end
-    end
-  end
 end

data/lib/tcell_agent/rails/dlp.rb

@@ -1,8 +1,5 @@
 # See the file "LICENSE" for the full license governing this code.
 
-require 'tcell_agent/authlogic' if defined?(Authlogic)
-require 'tcell_agent/devise' if defined?(Devise)
-
 require 'rails'
 require 'uri'
 require 'tcell_agent/agent'
@@ -21,7 +18,6 @@ require 'tcell_agent/rails/settings_reporter'
 
 require 'tcell_agent/instrumentation'
 
-require 'tcell_agent/userinfo'
 require 'cgi'
 require 'thread'
 

data/lib/tcell_agent/rails/middleware/global_middleware.rb

@@ -7,7 +7,7 @@ require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/server_agent'
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
 
-require 'tcell_agent/userinfo'
+require 'tcell_agent/rails/auth/userinfo'
 require 'cgi'
 
 require 'tcell_agent/instrumentation'

data/lib/tcell_agent/rails/{on_start.rb → railties/tcell_agent_railties.rb}

@@ -2,36 +2,21 @@
 
 require 'rails'
 
-require 'tcell_agent/rails/routes'
-
 require 'tcell_agent/rails/middleware/global_middleware'
 require 'tcell_agent/rails/middleware/body_filter_middleware'
 require 'tcell_agent/rails/middleware/headers_middleware'
 require 'tcell_agent/rails/middleware/context_middleware'
 
+require 'tcell_agent/rails/routes'
 require 'tcell_agent/rails/settings_reporter'
 require 'tcell_agent/rails/dlp'
 require 'tcell_agent/rails/csrf_exception'
 
-require 'tcell_agent/userinfo'
 require 'cgi'
 require 'thread'
 
 module TCellAgent
   class TCellAgentStartupRailtie < Rails::Railtie
-    # TCellAgent config can be specified thru
-    # Rails initializer's (https://guides.rubyonrails.org/v2.3/configuring.html#using-initializers)
-    # so those need to run first since this relies on configuration
-    initializer :tcell_instrument_auth_frameworks, :after => :load_config_initializers do |_app|
-      next unless TCellAgent.configuration.should_instrument?
-
-      require 'tcell_agent/devise'
-      require 'tcell_agent/rails/auth/devise'
-      require 'tcell_agent/authlogic'
-      require 'tcell_agent/rails/auth/authlogic'
-      require 'tcell_agent/rails/auth/doorkeeper'
-    end
-
     initializer :tcell_insert_middleware, :before => :build_middleware_stack do |app|
       app.config.middleware.insert_before(0, TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware)
       app.config.middleware.insert_after(0, TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware)
@@ -39,4 +24,12 @@ module TCellAgent
       app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware
     end
   end
+
+  class TCellAgentCSRFRailtie < Rails::Railtie
+    initializer 'tcell.sensors' do |_app|
+      ActiveSupport.on_load :action_controller do
+        ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
+      end
+    end
+  end
 end

data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb

@@ -0,0 +1,8 @@
+module TCellAgent
+  class TCellAgentStartupRailtie < Rails::Railtie
+    initializer :start_tcell_agent,
+                :after => :load_config_initializers do |_app|
+      TCellAgent.thread_agent.start('Unicorn')
+    end
+  end
+end

data/lib/tcell_agent/rails/routes.rb

@@ -136,8 +136,7 @@ module TCellAgent
               prepend_around_filter :tcell_around_filter_routes
             end
             def tcell_around_filter_routes
-              if TCellAgent.configuration.should_instrument? &&
-                 TCellAgent.configuration.should_intercept_requests?
+              if TCellAgent.configuration.should_intercept_requests?
                 TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
                   _match, parameters, route = ::Rails.application.routes.router.recognize(request) { |r, _| r }.first
 
@@ -192,8 +191,7 @@ module TCellAgent
         ActionDispatch::Journey::Router.class_eval do
           alias_method :tcell_serve, :serve
           def serve(req)
-            if TCellAgent.configuration.should_instrument? &&
-               TCellAgent.configuration.should_intercept_requests?
+            if TCellAgent.configuration.should_intercept_requests?
               TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
                 _match, parameters, route = find_routes(req).first
 
@@ -220,8 +218,7 @@ module TCellAgent
           def call(env)
             env['PATH_INFO'] = ActionDispatch::Journey::Router::Utils.normalize_path(env['PATH_INFO'])
 
-            if TCellAgent.configuration.should_instrument? &&
-               TCellAgent.configuration.should_intercept_requests?
+            if TCellAgent.configuration.should_intercept_requests?
               TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
                 _match, parameters, route = find_routes(env).first
 

data/lib/tcell_agent/rails/routes/grape.rb

@@ -70,9 +70,7 @@ module TCellAgent
       Grape::Endpoint.class_eval do
         alias_method :tcell_call!, :call!
         def call!(env)
-          if TCellAgent.configuration.should_instrument? &&
-             TCellAgent.configuration.should_intercept_requests?
-
+          if TCellAgent.configuration.should_intercept_requests?
             TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
               tcell_context = env[TCellAgent::Instrumentation::TCELL_ID]
               if tcell_context && tcell_context.grape_mount_endpoint && respond_to?(:routes)

data/lib/tcell_agent/rails/tcell_body_proxy.rb

@@ -31,7 +31,6 @@ module TCellAgent
           TCellAgent::Instrumentation.safe_block('Running AppSensor deferred due to streaming') do
             if @meta_data
               @meta_data.response_content_bytes_len = @content_length
-
               appfirewall_policy = TCellAgent.policy(TCellAgent::PolicyTypes::APPSENSOR)
               appfirewall_policy.check_appfirewall_injections(@meta_data)
             end

data/lib/tcell_agent/rust/agent_config.rb

@@ -1,48 +1,59 @@
+# frozen_string_literal: true
+
 require 'tcell_agent/version'
+require 'tcell_agent/rust/models'
 
 module TCellAgent
   module Rust
     class AgentConfig < Hash
       def initialize(configuration)
-        send_mode = 'Normal'
-        send_mode = 'Demo' if configuration.demomode
+        self['agent_type'] = 'Ruby'
+        self['agent_version'] = TCellAgent::VERSION
+        self['default_cache_dir'] = File.join(Dir.getwd, 'tcell/cache')
+        self['default_config_file_dir'] = File.join(Dir.getwd, 'config')
+        self['default_log_dir'] = File.join(Dir.getwd, 'tcell/logs')
+        self['default_preload_policy_file_dir'] = Dir.getwd
 
-        logging_options = configuration.clean_logging_options
-        unless configuration.js_agent_api_base_url
-          parsed_uri = URI.parse(configuration.tcell_api_url)
-          api_url = [parsed_uri.scheme, '://', parsed_uri.host]
-          api_url.push(":#{parsed_uri.port}") unless [80, 443].include?(parsed_uri.port)
-          configuration.js_agent_api_base_url = "#{api_url.join('')}/api/v1"
+        if defined?(ConfigInitializer)
+          overrides = Models.clean_nils(AgentConfigOverrides.new(configuration))
+          self['overrides'] = overrides
+        else
+          self['overrides'] = { 'applications' => [{ :enable_json_body_inspection => true }],
+                                'config_file_dir' => configuration.get_config_file_dir }
         end
+      end
+    end
 
-        self['disable_event_sending'] = !configuration.should_start_event_manager?
-        self['send_mode'] = send_mode
-        self['agent_type'] = 'Ruby'
-        self['agent_version'] = TCellAgent::VERSION
-        self['diagnostics_enabled'] = false
-        self['application'] = {
+    class AgentConfigOverrides < Hash
+      def initialize(configuration)
+        applications = {
+          :allow_payloads => configuration.allow_payloads,
+          :api_key => configuration.api_key,
           :app_id => configuration.app_id,
-          :api_key =>  configuration.api_key,
-          :tcell_api_url => configuration.tcell_api_url,
-          :tcell_input_url => configuration.tcell_input_url,
+          :enable_json_body_inspection => true,
           :hmac_key => configuration.hmac_key,
+          :max_header_size => configuration.max_csp_header_bytes,
           :password_hmac_key => configuration.password_hmac_key,
-          :allow_payloads => configuration.allow_payloads,
-          :js_agent_api_base_url => configuration.js_agent_api_base_url,
-          :js_agent_url => configuration.js_agent_url,
-          :cache_dir => configuration.cache_folder,
-          :log_dir => configuration.agent_log_dir,
-          :logging_options => logging_options,
-          :host_identifier => configuration.host_identifier,
-          :reverse_proxy_ip_address_header => configuration.reverse_proxy_ip_address_header,
-          :fetch_policies_from_tcell => configuration.should_start_policy_poll?,
-          :preload_policy_filename => configuration.preload_policy_filename
-        }
-        self['appfirewall'] = {
-          :enable_body_json_inspection => true,
-          :allow_log_payloads => true
+          :reverse_proxy => configuration.reverse_proxy,
+          :reverse_proxy_ip_address_header => configuration.reverse_proxy_ip_address_header
         }
-        self['max_header_size'] = configuration.max_csp_header_bytes || (1024 * 1024)
+
+        self['api_url'] = configuration.tcell_api_url
+        self['applications'] = [Models.clean_nils(applications)]
+        self['config_file_dir'] = configuration.get_config_file_dir
+        self['disabled_instrumentation'] = configuration.disabled_instrumentation
+        self['enabled'] = configuration.enabled
+        self['host_identifier'] = configuration.host_identifier
+        self['input_url'] = configuration.tcell_input_url
+        self['instrument'] = configuration.instrument
+        self['js_agent_api_url'] = configuration.js_agent_api_base_url
+        self['js_agent_url'] = configuration.js_agent_url
+        self['log_destination'] = configuration.logging_options[:destination]
+        self['log_dir'] = configuration.log_dir
+        self['log_enabled'] = configuration.logging_options[:enabled]
+        self['log_filename'] = configuration.logging_options[:log_filename]
+        self['log_level'] = configuration.logging_options[:level]
+        self['update_policy'] = configuration.fetch_policies_from_tcell
       end
     end
   end

data/lib/tcell_agent/rust/models.rb

@@ -13,6 +13,15 @@ module TCellAgent
 
         flattened_params
       end
+
+      def self.clean_nils(hash)
+        if hash.respond_to?(:compact!)
+          hash.compact!
+        else
+          hash.delete_if { |_, v| v.nil? }
+        end
+        hash
+      end
     end
   end
 end

data/lib/tcell_agent/rust/native_agent.rb

@@ -58,6 +58,20 @@ module TCellAgent
         response.errors
       end
 
+      def self.test_agent(config)
+        agent_config = TCellAgent::Rust::AgentConfig.new(config)
+
+        config_pointer = FFI::MemoryPointer.from_string(
+          JSON.dump(agent_config)
+        )
+
+        buf = FFI::MemoryPointer.new(:uint8, 1024 * 8)
+        # config_pointer.size - 1: strips null terminator
+        TCellAgent::Rust::NativeLibrary.test_agent(
+          config_pointer, config_pointer.size - 1, buf, buf.size
+        )
+      end
+
       def self.free_agent(agent_ptr)
         if TCellAgent::Rust::NativeLibrary.common_lib_available? &&
            agent_ptr
@@ -88,6 +102,9 @@ module TCellAgent
           return nil
         end
 
+        return unless response['config'] && response['agent_enabled']
+
+        TCellAgent.configuration.populate_configuration(response['config'])
         NativeAgent.new(response['agent_ptr'])
       end
 
@@ -209,6 +226,7 @@ module TCellAgent
           :user_id => tcell_context.user_id,
           :full_uri => tcell_context.uri
         }
+
         command_pointer = FFI::MemoryPointer.from_string(
           JSON.dump(command_info)
         )

data/lib/tcell_agent/rust/native_library.rb

@@ -6,7 +6,7 @@ module TCellAgent
       require 'ffi'
       extend FFI::Library
 
-      VERSION = '4.18.0'.freeze
+      VERSION = '5.0.2'.freeze
       prefix = 'lib'
       extension = '.so'
       variant = ''
@@ -50,6 +50,7 @@ module TCellAgent
         attach_function :update_policies, %i[pointer pointer size_t pointer size_t], :int
         attach_function :test_event_sender, %i[pointer size_t pointer size_t], :int
         attach_function :test_policies, %i[pointer size_t pointer size_t], :int
+        attach_function :test_agent, %i[pointer size_t pointer size_t], :int
 
         def self.common_lib_available?
           true