tcell_agent 2.1.2 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/tcell_agent +42 -146
- data/lib/tcell_agent.rb +8 -16
- data/lib/tcell_agent/agent.rb +76 -46
- data/lib/tcell_agent/config_initializer.rb +66 -0
- data/lib/tcell_agent/configuration.rb +72 -267
- data/lib/tcell_agent/instrument_servers.rb +14 -16
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +1 -1
- data/lib/tcell_agent/logger.rb +1 -2
- data/lib/tcell_agent/rails/auth/authlogic.rb +46 -50
- data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
- data/lib/tcell_agent/rails/auth/devise.rb +101 -103
- data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +55 -58
- data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
- data/lib/tcell_agent/rails/csrf_exception.rb +0 -8
- data/lib/tcell_agent/rails/dlp.rb +0 -4
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -1
- data/lib/tcell_agent/rails/{on_start.rb → railties/tcell_agent_railties.rb} +9 -16
- data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
- data/lib/tcell_agent/rails/routes.rb +3 -6
- data/lib/tcell_agent/rails/routes/grape.rb +1 -3
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +0 -1
- data/lib/tcell_agent/rust/agent_config.rb +43 -32
- data/lib/tcell_agent/rust/{libtcellagent-4.18.0.dylib → libtcellagent-5.0.2.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-4.18.0.so → libtcellagent-5.0.2.so} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-4.18.0.so → libtcellagent-alpine-5.0.2.so} +0 -0
- data/lib/tcell_agent/rust/models.rb +9 -0
- data/lib/tcell_agent/rust/native_agent.rb +18 -0
- data/lib/tcell_agent/rust/native_library.rb +2 -1
- data/lib/tcell_agent/rust/{tcellagent-4.18.0.dll → tcellagent-5.0.2.dll} +0 -0
- data/lib/tcell_agent/servers/rails_server.rb +0 -1
- data/lib/tcell_agent/servers/unicorn.rb +1 -1
- data/lib/tcell_agent/servers/webrick.rb +0 -1
- data/lib/tcell_agent/settings_reporter.rb +0 -79
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +56 -211
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +2 -2
- data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +0 -73
- data/spec/support/builders.rb +5 -6
- metadata +14 -14
- data/lib/tcell_agent/authlogic.rb +0 -23
- data/lib/tcell_agent/config/unknown_options.rb +0 -119
- data/lib/tcell_agent/devise.rb +0 -33
- data/lib/tcell_agent/rails/start_agent_after_initializers.rb +0 -12
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -195
@@ -14,7 +14,6 @@ module TCellAgent
|
|
14
14
|
:reverse_proxy => true,
|
15
15
|
:reverse_proxy_ip_address_header => nil,
|
16
16
|
:log_filename => 'log-filename',
|
17
|
-
:config_filename => 'config-filename',
|
18
17
|
:agent_log_dir => 'agent-log-dir',
|
19
18
|
:agent_home_dir => 'agent-home-dir',
|
20
19
|
:agent_home_owner => nil,
|
@@ -57,78 +56,6 @@ module TCellAgent
|
|
57
56
|
'value' => 'true'
|
58
57
|
}
|
59
58
|
)
|
60
|
-
expect(TCellAgent).to receive(:send_event).with(
|
61
|
-
{
|
62
|
-
'event_type' => 'app_config_setting',
|
63
|
-
'package' => 'tcell',
|
64
|
-
'section' => 'config',
|
65
|
-
'name' => 'allow_payloads',
|
66
|
-
'value' => 'true'
|
67
|
-
}
|
68
|
-
)
|
69
|
-
expect(TCellAgent).to receive(:send_event).with(
|
70
|
-
{
|
71
|
-
'event_type' => 'app_config_setting',
|
72
|
-
'package' => 'tcell',
|
73
|
-
'section' => 'config',
|
74
|
-
'name' => 'reverse_proxy',
|
75
|
-
'value' => 'true'
|
76
|
-
}
|
77
|
-
)
|
78
|
-
expect(TCellAgent).to receive(:send_event).with(
|
79
|
-
{
|
80
|
-
'event_type' => 'app_config_setting',
|
81
|
-
'package' => 'tcell',
|
82
|
-
'section' => 'config',
|
83
|
-
'name' => 'config_filename',
|
84
|
-
'value' => 'config-filename'
|
85
|
-
}
|
86
|
-
)
|
87
|
-
expect(TCellAgent).to receive(:send_event).with(
|
88
|
-
{
|
89
|
-
'event_type' => 'app_config_setting',
|
90
|
-
'package' => 'tcell',
|
91
|
-
'section' => 'config',
|
92
|
-
'name' => 'logging_directory',
|
93
|
-
'value' => 'agent-log-dir'
|
94
|
-
}
|
95
|
-
)
|
96
|
-
expect(TCellAgent).to receive(:send_event).with(
|
97
|
-
{
|
98
|
-
'event_type' => 'app_config_setting',
|
99
|
-
'package' => 'tcell',
|
100
|
-
'section' => 'config',
|
101
|
-
'name' => 'agent_home_directory',
|
102
|
-
'value' => 'agent-home-dir'
|
103
|
-
}
|
104
|
-
)
|
105
|
-
expect(TCellAgent).to receive(:send_event).with(
|
106
|
-
{
|
107
|
-
'event_type' => 'app_config_setting',
|
108
|
-
'package' => 'tcell',
|
109
|
-
'section' => 'config',
|
110
|
-
'name' => 'logging_enabled',
|
111
|
-
'value' => 'true'
|
112
|
-
}
|
113
|
-
)
|
114
|
-
expect(TCellAgent).to receive(:send_event).with(
|
115
|
-
{
|
116
|
-
'event_type' => 'app_config_setting',
|
117
|
-
'package' => 'tcell',
|
118
|
-
'section' => 'config',
|
119
|
-
'name' => 'logging_level',
|
120
|
-
'value' => 'INFO'
|
121
|
-
}
|
122
|
-
)
|
123
|
-
expect(TCellAgent).to receive(:send_event).with(
|
124
|
-
{
|
125
|
-
'event_type' => 'app_config_setting',
|
126
|
-
'package' => 'tcell',
|
127
|
-
'section' => 'config',
|
128
|
-
'name' => 'reverse_proxy_ip_address_header',
|
129
|
-
'value' => ''
|
130
|
-
}
|
131
|
-
)
|
132
59
|
|
133
60
|
TCellAgent.report_settings
|
134
61
|
end
|
data/spec/support/builders.rb
CHANGED
@@ -1,12 +1,11 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'tcell_agent/config_initializer'
|
3
|
+
|
2
4
|
module TCellAgent
|
3
5
|
module Tests
|
4
6
|
class ConfigurationBuilder
|
5
7
|
def initialize
|
6
|
-
@configuration = TCellAgent::
|
7
|
-
@configuration.config_filename = 'tcell_agent.config'
|
8
|
-
@configuration.demomode = false
|
9
|
-
@configuration.enable_event_manager = false
|
8
|
+
@configuration = TCellAgent::ConfigInitializer.new
|
10
9
|
@configuration.fetch_policies_from_tcell = false
|
11
10
|
@configuration.max_csp_header_bytes = nil
|
12
11
|
@configuration.app_id = 'TestAppId-AppId'
|
@@ -18,9 +17,9 @@ module TCellAgent
|
|
18
17
|
@configuration.allow_payloads = true
|
19
18
|
@configuration.js_agent_api_base_url = @configuration.tcell_api_url
|
20
19
|
@configuration.js_agent_url = 'https://jsagent.tcell.io/tcellagent.min.js'
|
21
|
-
@configuration.
|
20
|
+
@configuration.cache_dir = nil
|
22
21
|
@configuration.agent_log_dir = 'tcell/logs'
|
23
|
-
@configuration.logging_options = {
|
22
|
+
@configuration.logging_options = { :enabled => false }
|
24
23
|
@configuration.host_identifier = 'python-test-suite'
|
25
24
|
@configuration.reverse_proxy_ip_address_header = 'X-Forwarded-For'
|
26
25
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tcell_agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rafael
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-06-
|
11
|
+
date: 2020-06-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|
@@ -111,10 +111,8 @@ files:
|
|
111
111
|
- lib/tcell_agent/agent.rb
|
112
112
|
- lib/tcell_agent/agent/route_manager.rb
|
113
113
|
- lib/tcell_agent/agent/static_agent.rb
|
114
|
-
- lib/tcell_agent/
|
115
|
-
- lib/tcell_agent/config/unknown_options.rb
|
114
|
+
- lib/tcell_agent/config_initializer.rb
|
116
115
|
- lib/tcell_agent/configuration.rb
|
117
|
-
- lib/tcell_agent/devise.rb
|
118
116
|
- lib/tcell_agent/hooks/login_fraud.rb
|
119
117
|
- lib/tcell_agent/instrument_servers.rb
|
120
118
|
- lib/tcell_agent/instrumentation.rb
|
@@ -140,8 +138,11 @@ files:
|
|
140
138
|
- lib/tcell_agent/policies/policy_types.rb
|
141
139
|
- lib/tcell_agent/policies/system_enablements.rb
|
142
140
|
- lib/tcell_agent/rails/auth/authlogic.rb
|
141
|
+
- lib/tcell_agent/rails/auth/authlogic_helper.rb
|
143
142
|
- lib/tcell_agent/rails/auth/devise.rb
|
143
|
+
- lib/tcell_agent/rails/auth/devise_helper.rb
|
144
144
|
- lib/tcell_agent/rails/auth/doorkeeper.rb
|
145
|
+
- lib/tcell_agent/rails/auth/userinfo.rb
|
145
146
|
- lib/tcell_agent/rails/better_ip.rb
|
146
147
|
- lib/tcell_agent/rails/csrf_exception.rb
|
147
148
|
- lib/tcell_agent/rails/dlp.rb
|
@@ -152,24 +153,24 @@ files:
|
|
152
153
|
- lib/tcell_agent/rails/middleware/context_middleware.rb
|
153
154
|
- lib/tcell_agent/rails/middleware/global_middleware.rb
|
154
155
|
- lib/tcell_agent/rails/middleware/headers_middleware.rb
|
155
|
-
- lib/tcell_agent/rails/
|
156
|
+
- lib/tcell_agent/rails/railties/tcell_agent_railties.rb
|
157
|
+
- lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb
|
156
158
|
- lib/tcell_agent/rails/responses.rb
|
157
159
|
- lib/tcell_agent/rails/routes.rb
|
158
160
|
- lib/tcell_agent/rails/routes/grape.rb
|
159
161
|
- lib/tcell_agent/rails/routes/route_id.rb
|
160
162
|
- lib/tcell_agent/rails/settings_reporter.rb
|
161
|
-
- lib/tcell_agent/rails/start_agent_after_initializers.rb
|
162
163
|
- lib/tcell_agent/rails/tcell_body_proxy.rb
|
163
164
|
- lib/tcell_agent/routes/table.rb
|
164
165
|
- lib/tcell_agent/rust/agent_config.rb
|
165
|
-
- lib/tcell_agent/rust/libtcellagent-
|
166
|
-
- lib/tcell_agent/rust/libtcellagent-
|
167
|
-
- lib/tcell_agent/rust/libtcellagent-alpine-
|
166
|
+
- lib/tcell_agent/rust/libtcellagent-5.0.2.dylib
|
167
|
+
- lib/tcell_agent/rust/libtcellagent-5.0.2.so
|
168
|
+
- lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so
|
168
169
|
- lib/tcell_agent/rust/models.rb
|
169
170
|
- lib/tcell_agent/rust/native_agent.rb
|
170
171
|
- lib/tcell_agent/rust/native_agent_response.rb
|
171
172
|
- lib/tcell_agent/rust/native_library.rb
|
172
|
-
- lib/tcell_agent/rust/tcellagent-
|
173
|
+
- lib/tcell_agent/rust/tcellagent-5.0.2.dll
|
173
174
|
- lib/tcell_agent/sensor_events/agent_setting_event.rb
|
174
175
|
- lib/tcell_agent/sensor_events/app_config_setting_event.rb
|
175
176
|
- lib/tcell_agent/sensor_events/discovery.rb
|
@@ -187,12 +188,10 @@ files:
|
|
187
188
|
- lib/tcell_agent/settings_reporter.rb
|
188
189
|
- lib/tcell_agent/sinatra.rb
|
189
190
|
- lib/tcell_agent/tcell_context.rb
|
190
|
-
- lib/tcell_agent/userinfo.rb
|
191
191
|
- lib/tcell_agent/utils/headers.rb
|
192
192
|
- lib/tcell_agent/utils/params.rb
|
193
193
|
- lib/tcell_agent/utils/strings.rb
|
194
194
|
- lib/tcell_agent/version.rb
|
195
|
-
- spec/lib/tcell_agent/config/unknown_options_spec.rb
|
196
195
|
- spec/lib/tcell_agent/configuration_spec.rb
|
197
196
|
- spec/lib/tcell_agent/hooks/login_fraud_spec.rb
|
198
197
|
- spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb
|
@@ -226,6 +225,7 @@ files:
|
|
226
225
|
- spec/lib/tcell_agent/rails/routes/route_id_spec.rb
|
227
226
|
- spec/lib/tcell_agent/rails/routes/routes_spec.rb
|
228
227
|
- spec/lib/tcell_agent/rails_spec.rb
|
228
|
+
- spec/lib/tcell_agent/rust/agent_config_spec.rb
|
229
229
|
- spec/lib/tcell_agent/sensor_events/dlp_spec.rb
|
230
230
|
- spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
|
231
231
|
- spec/lib/tcell_agent/settings_reporter_spec.rb
|
@@ -266,7 +266,6 @@ signing_key:
|
|
266
266
|
specification_version: 4
|
267
267
|
summary: tCell.io Agent for Rails
|
268
268
|
test_files:
|
269
|
-
- spec/lib/tcell_agent/config/unknown_options_spec.rb
|
270
269
|
- spec/lib/tcell_agent/configuration_spec.rb
|
271
270
|
- spec/lib/tcell_agent/hooks/login_fraud_spec.rb
|
272
271
|
- spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb
|
@@ -300,6 +299,7 @@ test_files:
|
|
300
299
|
- spec/lib/tcell_agent/rails/routes/route_id_spec.rb
|
301
300
|
- spec/lib/tcell_agent/rails/routes/routes_spec.rb
|
302
301
|
- spec/lib/tcell_agent/rails_spec.rb
|
302
|
+
- spec/lib/tcell_agent/rust/agent_config_spec.rb
|
303
303
|
- spec/lib/tcell_agent/sensor_events/dlp_spec.rb
|
304
304
|
- spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
|
305
305
|
- spec/lib/tcell_agent/settings_reporter_spec.rb
|
@@ -1,23 +0,0 @@
|
|
1
|
-
if TCellAgent.configuration.should_instrument_authlogic? && defined?(Authlogic)
|
2
|
-
|
3
|
-
require 'tcell_agent/userinfo'
|
4
|
-
|
5
|
-
module TCellAgent
|
6
|
-
TCellAgent::UserInformation.class_eval do
|
7
|
-
class << self
|
8
|
-
alias_method :original_get_user_from_request, :get_user_from_request
|
9
|
-
def get_user_from_request(request)
|
10
|
-
orig_user_id = original_get_user_from_request(request)
|
11
|
-
begin
|
12
|
-
if request.session && request.session.key?('user_credentials_id')
|
13
|
-
return request.session['user_credentials_id'].to_s
|
14
|
-
end
|
15
|
-
rescue StandardError
|
16
|
-
return orig_user_id
|
17
|
-
end
|
18
|
-
orig_user_id
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
@@ -1,119 +0,0 @@
|
|
1
|
-
require 'set'
|
2
|
-
|
3
|
-
module TCellAgent
|
4
|
-
module Config
|
5
|
-
module Validate
|
6
|
-
def self.get_unknown_options(config_json)
|
7
|
-
messages = []
|
8
|
-
|
9
|
-
known_tcell_env_vars = Set.new(
|
10
|
-
[
|
11
|
-
'TCELL_AGENT_SERVER', # this is only meant for specs
|
12
|
-
'TCELL_AGENT_APP_ID',
|
13
|
-
'TCELL_AGENT_API_KEY',
|
14
|
-
'TCELL_HMAC_KEY',
|
15
|
-
'TCELL_PASSWORD_HMAC_KEY',
|
16
|
-
'TCELL_AGENT_HOST_IDENTIFIER',
|
17
|
-
'TCELL_API_URL',
|
18
|
-
'TCELL_INPUT_URL',
|
19
|
-
'TCELL_DEMOMODE',
|
20
|
-
'TCELL_AGENT_HOME',
|
21
|
-
'TCELL_AGENT_LOG_DIR',
|
22
|
-
'TCELL_AGENT_CONFIG',
|
23
|
-
'TCELL_AGENT_ALLOW_PAYLOADS',
|
24
|
-
'TCELL_AGENT_LOG_LEVEL',
|
25
|
-
'TCELL_AGENT_LOG_FILENAME',
|
26
|
-
'TCELL_AGENT_LOG_ENABLED'
|
27
|
-
]
|
28
|
-
)
|
29
|
-
|
30
|
-
ENV.keys.each do |environment_key|
|
31
|
-
if environment_key =~ /^TCELL_/ && !known_tcell_env_vars.include?(environment_key)
|
32
|
-
messages << "Unrecognized environment parameter (TCELL_*) found: #{environment_key}"
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
begin
|
37
|
-
key_differences = []
|
38
|
-
|
39
|
-
if config_json
|
40
|
-
first_level_keys = %w[version applications]
|
41
|
-
|
42
|
-
key_differences = config_json.keys - first_level_keys
|
43
|
-
|
44
|
-
applications = config_json.fetch('applications', nil)
|
45
|
-
if applications
|
46
|
-
|
47
|
-
if applications.size > 1
|
48
|
-
messages << 'Multiple applications detected in config file'
|
49
|
-
|
50
|
-
elsif applications.size == 1
|
51
|
-
application = applications[0]
|
52
|
-
|
53
|
-
second_level_keys = %w[
|
54
|
-
name
|
55
|
-
app_id
|
56
|
-
api_key
|
57
|
-
fetch_policies_from_tcell
|
58
|
-
preload_policy_filename
|
59
|
-
log_dir
|
60
|
-
tcell_api_url
|
61
|
-
tcell_input_url
|
62
|
-
host_identifier
|
63
|
-
hipaaSafeMode
|
64
|
-
hmac_key
|
65
|
-
password_hmac_key
|
66
|
-
js_agent_api_base_url
|
67
|
-
js_agent_url
|
68
|
-
max_csp_header_bytes
|
69
|
-
event_batch_size_limit
|
70
|
-
allow_payloads
|
71
|
-
reverse_proxy
|
72
|
-
reverse_proxy_ip_address_header
|
73
|
-
demomode
|
74
|
-
logging_options
|
75
|
-
data_exposure
|
76
|
-
disable_all
|
77
|
-
enabled
|
78
|
-
enable_event_manager
|
79
|
-
enable_policy_polling
|
80
|
-
enable_instrumentation
|
81
|
-
enable_intercept_requests
|
82
|
-
instrument_for_events
|
83
|
-
enabled_instrumentations
|
84
|
-
stdout_logger
|
85
|
-
]
|
86
|
-
|
87
|
-
key_differences += (application.keys - second_level_keys)
|
88
|
-
|
89
|
-
if application.fetch('logging_options', nil)
|
90
|
-
logging_options = application['logging_options']
|
91
|
-
key_differences += (logging_options.keys - %w[enabled level filename])
|
92
|
-
end
|
93
|
-
|
94
|
-
if application.fetch('data_exposure', nil)
|
95
|
-
data_exposure = application['data_exposure']
|
96
|
-
key_differences += (data_exposure.keys - ['max_data_ex_db_records_per_request'])
|
97
|
-
end
|
98
|
-
|
99
|
-
if application.fetch('enabled_instrumentations', nil)
|
100
|
-
enabled_instrumentations = application['enabled_instrumentations']
|
101
|
-
key_differences += (enabled_instrumentations.keys - %w[doorkeeper devise authlogic])
|
102
|
-
end
|
103
|
-
end
|
104
|
-
end
|
105
|
-
|
106
|
-
key_differences.each do |key|
|
107
|
-
messages << "Unrecognized config setting key: #{key}"
|
108
|
-
end
|
109
|
-
|
110
|
-
end
|
111
|
-
rescue StandardError => exception
|
112
|
-
messages << "Something went wrong verifying config file: #{exception}"
|
113
|
-
end
|
114
|
-
|
115
|
-
messages
|
116
|
-
end
|
117
|
-
end
|
118
|
-
end
|
119
|
-
end
|
data/lib/tcell_agent/devise.rb
DELETED
@@ -1,33 +0,0 @@
|
|
1
|
-
if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
|
2
|
-
require 'devise'
|
3
|
-
require 'devise/rails'
|
4
|
-
require 'devise/strategies/database_authenticatable'
|
5
|
-
require 'tcell_agent/userinfo'
|
6
|
-
|
7
|
-
module TCellAgent
|
8
|
-
if defined?(Devise)
|
9
|
-
TCellAgent::UserInformation.class_eval do
|
10
|
-
class << self
|
11
|
-
alias_method :original_get_user_from_request, :get_user_from_request
|
12
|
-
def get_user_from_request(request)
|
13
|
-
orig_user_id = original_get_user_from_request(request)
|
14
|
-
begin
|
15
|
-
if request.session && request.session.key?('warden.user.user.key')
|
16
|
-
userkey = request.session['warden.user.user.key']
|
17
|
-
user_id = if userkey.length == 2
|
18
|
-
userkey[0][0]
|
19
|
-
else
|
20
|
-
userkey[1][0]
|
21
|
-
end
|
22
|
-
return user_id.to_s if user_id.is_a? Integer
|
23
|
-
end
|
24
|
-
rescue StandardError
|
25
|
-
return orig_user_id
|
26
|
-
end
|
27
|
-
orig_user_id
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
@@ -1,12 +0,0 @@
|
|
1
|
-
module TCellAgent
|
2
|
-
class TCellAgentStartupRailtie < Rails::Railtie
|
3
|
-
# TCellAgent config can be specified thru Rails initializer's
|
4
|
-
# (https://guides.rubyonrails.org/v2.3/configuring.html#using-initializers)
|
5
|
-
# so those need to run first before the agent is started
|
6
|
-
initializer :start_tcell_agent,
|
7
|
-
:after => :load_config_initializers,
|
8
|
-
:before => :tcell_instrument_auth_frameworks do |_app|
|
9
|
-
TCellAgent.thread_agent.start('Unicorn')
|
10
|
-
end
|
11
|
-
end
|
12
|
-
end
|
@@ -1,195 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
module TCellAgent
|
4
|
-
module Config
|
5
|
-
describe Validate do
|
6
|
-
describe '.get_unknown_options' do
|
7
|
-
context 'with an unknown tcell environment variable set' do
|
8
|
-
it 'should return a message about the unknown variable' do
|
9
|
-
orig_allow_ap = ENV.fetch('TCELL_AGENT_ALLOW_PAYLOADS', nil)
|
10
|
-
orig_demomode = ENV.fetch('TCELL_DEMOMODE', nil)
|
11
|
-
orig_agent_home = ENV.fetch('TCELL_AGENT_HOME', nil)
|
12
|
-
orig_agent_log_dir = ENV.fetch('TCELL_AGENT_LOG_DIR', nil)
|
13
|
-
orig_agent_config = ENV.fetch('TCELL_AGENT_CONFIG', nil)
|
14
|
-
orig_agent_app_id = ENV.fetch('TCELL_AGENT_APP_ID', nil)
|
15
|
-
orig_agent_api_key = ENV.fetch('TCELL_AGENT_API_KEY', nil)
|
16
|
-
orig_agent_host_identifier = ENV.fetch('TCELL_AGENT_HOST_IDENTIFIER', nil)
|
17
|
-
orig_input_url = ENV.fetch('TCELL_INPUT_URL', nil)
|
18
|
-
orig_hmac_key = ENV.fetch('TCELL_HMAC_KEY', nil)
|
19
|
-
orig_api_url = ENV.fetch('TCELL_API_URL', nil)
|
20
|
-
orig_password_hmac_key = ENV.fetch('TCELL_PASSWORD_HMAC_KEY', nil)
|
21
|
-
|
22
|
-
ENV['TCELL_HACK'] = 'hack the system'
|
23
|
-
ENV['TCELL_AGENT_ALLOW_PAYLOADS'] = 'valid'
|
24
|
-
ENV['TCELL_DEMOMODE'] = 'valid'
|
25
|
-
ENV['TCELL_AGENT_HOME'] = 'valid'
|
26
|
-
ENV['TCELL_AGENT_LOG_DIR'] = 'valid'
|
27
|
-
ENV['TCELL_AGENT_CONFIG'] = 'valid'
|
28
|
-
ENV['TCELL_AGENT_APP_ID'] = 'valid'
|
29
|
-
ENV['TCELL_AGENT_API_KEY'] = 'valid'
|
30
|
-
ENV['TCELL_AGENT_HOST_IDENTIFIER'] = 'valid'
|
31
|
-
ENV['TCELL_INPUT_URL'] = 'valid'
|
32
|
-
ENV['TCELL_HMAC_KEY'] = 'valid'
|
33
|
-
ENV['TCELL_API_URL'] = 'valid'
|
34
|
-
ENV['TCELL_PASSWORD_HMAC_KEY'] = 'valid'
|
35
|
-
|
36
|
-
messages = Validate.get_unknown_options(nil)
|
37
|
-
|
38
|
-
ENV.delete 'TCELL_HACK'
|
39
|
-
|
40
|
-
if orig_allow_ap
|
41
|
-
ENV['TCELL_AGENT_ALLOW_PAYLOADS'] = orig_allow_ap
|
42
|
-
else
|
43
|
-
ENV.delete 'TCELL_AGENT_ALLOW_PAYLOADS'
|
44
|
-
end
|
45
|
-
if orig_demomode
|
46
|
-
ENV['TCELL_DEMOMODE'] = orig_demomode
|
47
|
-
else
|
48
|
-
ENV.delete 'TCELL_DEMOMODE'
|
49
|
-
end
|
50
|
-
if orig_agent_home
|
51
|
-
ENV['TCELL_AGENT_HOME'] = orig_agent_home
|
52
|
-
else
|
53
|
-
ENV.delete 'TCELL_AGENT_HOME'
|
54
|
-
end
|
55
|
-
if orig_agent_log_dir
|
56
|
-
ENV['TCELL_AGENT_LOG_DIR'] = orig_agent_log_dir
|
57
|
-
else
|
58
|
-
ENV.delete 'TCELL_AGENT_LOG_DIR'
|
59
|
-
end
|
60
|
-
if orig_agent_config
|
61
|
-
ENV['TCELL_AGENT_CONFIG'] = orig_agent_config
|
62
|
-
else
|
63
|
-
ENV.delete 'TCELL_AGENT_CONFIG'
|
64
|
-
end
|
65
|
-
if orig_agent_app_id
|
66
|
-
ENV['TCELL_AGENT_APP_ID'] = orig_agent_app_id
|
67
|
-
else
|
68
|
-
ENV.delete 'TCELL_AGENT_APP_ID'
|
69
|
-
end
|
70
|
-
if orig_agent_api_key
|
71
|
-
ENV['TCELL_AGENT_API_KEY'] = orig_agent_api_key
|
72
|
-
else
|
73
|
-
ENV.delete 'TCELL_AGENT_API_KEY'
|
74
|
-
end
|
75
|
-
if orig_agent_host_identifier
|
76
|
-
ENV['TCELL_AGENT_HOST_IDENTIFIER'] = orig_agent_host_identifier
|
77
|
-
else
|
78
|
-
ENV.delete 'TCELL_AGENT_HOST_IDENTIFIER'
|
79
|
-
end
|
80
|
-
if orig_input_url
|
81
|
-
ENV['TCELL_INPUT_URL'] = orig_input_url
|
82
|
-
else
|
83
|
-
ENV.delete 'TCELL_INPUT_URL'
|
84
|
-
end
|
85
|
-
if orig_hmac_key
|
86
|
-
ENV['TCELL_HMAC_KEY'] = orig_hmac_key
|
87
|
-
else
|
88
|
-
ENV.delete 'TCELL_HMAC_KEY'
|
89
|
-
end
|
90
|
-
if orig_password_hmac_key
|
91
|
-
ENV['TCELL_PASSWORD_HMAC_KEY'] = orig_password_hmac_key
|
92
|
-
else
|
93
|
-
ENV.delete 'TCELL_PASSWORD_HMAC_KEY'
|
94
|
-
end
|
95
|
-
if orig_api_url
|
96
|
-
ENV['TCELL_API_URL'] = orig_api_url
|
97
|
-
else
|
98
|
-
ENV.delete 'TCELL_API_URL'
|
99
|
-
end
|
100
|
-
|
101
|
-
expect(messages.sort).to eq(
|
102
|
-
[
|
103
|
-
'Unrecognized environment parameter (TCELL_*) found: TCELL_HACK'
|
104
|
-
]
|
105
|
-
)
|
106
|
-
end
|
107
|
-
end
|
108
|
-
|
109
|
-
context 'with a config json with all options including some extra ones' do
|
110
|
-
it 'should report the extra options in messages' do
|
111
|
-
config_json = {
|
112
|
-
'first_level' => 'boo',
|
113
|
-
'version' => 1,
|
114
|
-
'applications' => [
|
115
|
-
{
|
116
|
-
'second_level' => 'boo',
|
117
|
-
'name' => 'name',
|
118
|
-
'app_id' => 'app id',
|
119
|
-
'api_key' => 'api key',
|
120
|
-
'fetch_policies_from_tcell' => true,
|
121
|
-
'preload_policy_filename' => 'preload policy filename',
|
122
|
-
'log_dir' => 'custom log dir',
|
123
|
-
'logging_options' => {
|
124
|
-
'logging_level' => 'boo',
|
125
|
-
'enabled' => true,
|
126
|
-
'level' => 'DEBUG',
|
127
|
-
'filename' => 'filename'
|
128
|
-
},
|
129
|
-
'tcell_api_url' => 'tcell api url',
|
130
|
-
'tcell_input_url' => 'tcell input url',
|
131
|
-
'host_identifier' => 'host identifier',
|
132
|
-
'hipaaSafeMode' => 'hipaa safe mode',
|
133
|
-
'hmac_key' => 'hmac key',
|
134
|
-
'password_hmac_key' => 'password_hmac_key',
|
135
|
-
'js_agent_api_base_url' => 'js agent api base url',
|
136
|
-
'js_agent_url' => 'js agent url',
|
137
|
-
'max_csp_header_bytes' => 512,
|
138
|
-
'event_batch_size_limit' => 50,
|
139
|
-
'allow_payloads' => true,
|
140
|
-
'data_exposure' => {
|
141
|
-
'data_ex_level' => 'boo',
|
142
|
-
'max_data_ex_db_records_per_request' => 10_000
|
143
|
-
},
|
144
|
-
'reverse_proxy' => true,
|
145
|
-
'reverse_proxy_ip_address_header' => 'reverse proxy ip address header',
|
146
|
-
'demomode' => true,
|
147
|
-
# Ruby only
|
148
|
-
'disable_all' => false,
|
149
|
-
'enabled' => true,
|
150
|
-
'enable_event_manager' => true,
|
151
|
-
'enable_policy_polling' => true,
|
152
|
-
'enable_instrumentation' => true,
|
153
|
-
'enable_intercept_requests' => true,
|
154
|
-
'instrument_for_events' => true,
|
155
|
-
'enabled_instrumentations' => {
|
156
|
-
'enabled_instrumentations_level' => 'blah',
|
157
|
-
'doorkeeper' => true,
|
158
|
-
'devise' => true,
|
159
|
-
'authlogic' => true
|
160
|
-
}
|
161
|
-
}
|
162
|
-
]
|
163
|
-
}
|
164
|
-
|
165
|
-
messages = Validate.get_unknown_options(config_json)
|
166
|
-
|
167
|
-
expect(messages.sort).to eq(
|
168
|
-
[
|
169
|
-
'Unrecognized config setting key: data_ex_level',
|
170
|
-
'Unrecognized config setting key: enabled_instrumentations_level',
|
171
|
-
'Unrecognized config setting key: first_level',
|
172
|
-
'Unrecognized config setting key: logging_level',
|
173
|
-
'Unrecognized config setting key: second_level'
|
174
|
-
]
|
175
|
-
)
|
176
|
-
end
|
177
|
-
end
|
178
|
-
|
179
|
-
context 'with a config json that has more than one application' do
|
180
|
-
it 'should report the misconfiguration' do
|
181
|
-
config_json = { 'version' => 1, 'applications' => [{}, {}] }
|
182
|
-
|
183
|
-
messages = Validate.get_unknown_options(config_json)
|
184
|
-
|
185
|
-
expect(messages.sort).to eq(
|
186
|
-
[
|
187
|
-
'Multiple applications detected in config file'
|
188
|
-
]
|
189
|
-
)
|
190
|
-
end
|
191
|
-
end
|
192
|
-
end
|
193
|
-
end
|
194
|
-
end
|
195
|
-
end
|