tcell_agent 2.1.2 → 2.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4165181c541a536526e945db454826fb168c253186d130bbbf904f6882ea238e
-  data.tar.gz: 55b8b9d149c14d45da6d1d41a8b48d4031df5e6ce385f9d91980def10f90d623
+  metadata.gz: 25d0645a954c7d9734f47e0875ea0a0b54dfb0ea232149598d30b0cd140e1e24
+  data.tar.gz: 6ce5ffaeca3eb0155a71e6c6b5c4f8e0ead856d144eca78abd9a3da98d70485c
 SHA512:
-  metadata.gz: 491683e5c3c0b39e4c01567fd93b4dc39e9c7612c9e10568aebb88fdb19d8e068b98d4d9ec9ea64c50f59323e365b9d337bf7128cd4a8d663f4ab67284172b56
-  data.tar.gz: c9dc2b88411fbf8d69f4251582bbd6c8ede11daf9a98c6547e188bf0636eec562039e79b61316962cf7fe9e264317e7e8bdd4e93ab367af431a4d13a53bb7697
+  metadata.gz: 2785f69dd34c4259316337702d544aafbe9a58b075e23dac1466f8e83c277fb862acab62ab9cc836204c0fdeb03bbda40139e4f26daeed90adbb28792803472a
+  data.tar.gz: 417607890f0639d1bebca01dc006f12f1485a9a90d7606847e0e18ebda2ce613138727bb04eabaf725f8c80799d1fc18bbfe1598d65e3e1b5555f65396e514a6

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (C) 2015 tCell.io, Inc. - All Rights Reserved
+Copyright (C) 2020 Rapid7, Inc. - All Rights Reserved
 Proprietary and confidential
 
-http://choosealicense.com/licenses/no-license/
+https://docs.rapid7.com/tcell/ruby-agent-install/

data/bin/tcell_agent

@@ -1,29 +1,15 @@
 #!/usr/bin/env ruby
 
-# TODO: so a small bit becames something, larger, rewrite as a real cmdline script
-
-require 'fileutils'
-require 'json'
+require 'tcell_agent'
 require 'optparse'
 
+CONFIG_DIR = 'config'.freeze
+CONFIG_FILE = 'config/tcell_agent.config'.freeze
 options = {}
-
-subtext = <<HELP
-Commonly used command are:
-   setup :     Setup new config file
-    test :     Run diagnostics classes and config
-loglevel :     Set the loglevel of the tcell agent
-  enable :     Enable the agent
- disable :     Disable the agent
-
-See 'tcell_agent COMMAND --help' for more information on a specific command.
-
-HELP
-
 def yesno(default = true)
   begin
     system('stty raw -echo')
-    str = STDIN.getc
+    str = $stdin.getc
   ensure
     system('stty -raw echo')
   end
@@ -34,74 +20,53 @@ def yesno(default = true)
   default
 end
 
-CONFIG_DIR = 'config'.freeze
-CONFIG_FILE = 'config/tcell_agent.config'.freeze
+subtext = <<HELP
+Commonly used commands are:
+    test    : Run diagnostics and test event sending
+HELP
 
 global = OptionParser.new do |opts|
-  opts.banner = 'Usage: tcell_agent [options] [subcommand [options]]'
+  opts.banner = 'Usage: tcell_agent [options] [subcommand]'
+
   opts.on('--version', 'Print version') do |_v|
-    require 'tcell_agent/version'
-    puts "TCell.io Ruby Agent (Version #{TCellAgent::VERSION})"
+    puts "tCell Ruby Agent Version #{TCellAgent::VERSION}"
     Kernel.exit(1)
   end
-  opts.on('-v', '--[no-]verbose', 'Run verbosely') do |v|
-    options[:verbose] = v
-  end
+
   opts.separator ''
   opts.separator subtext
 end
 
 subcommands = {
-  'setup' => OptionParser.new do |opts|
-    opts.banner = 'Usage: setup'
+  'test' => OptionParser.new do |opts|
+    opts.banner = 'Usage: test'
   end,
   'loglevel' => OptionParser.new do |opts|
     opts.banner = 'Usage: loglevel [options] error|warn|info|debug'
     opts.on('-o', '--off', 'turn logging off ') do |v|
       options[:off] = v
     end
-  end,
-  'preload' => OptionParser.new do |opts|
-    opts.banner = 'Usage: loglevel [options] [preload_filename]'
-    opts.on('-o', '--off', 'turn preloading filename off ') do |v|
-      options[:off] = v
-    end
-  end,
-  'demomode' => OptionParser.new do |opts|
-    opts.banner = 'Usage: loglevel [options]'
-    opts.on('-o', '--off', 'turn preloading filename off ') do |v|
-      options[:off] = v
-    end
-  end,
-  'enable' => OptionParser.new do |opts|
-    opts.banner = 'Usage: enable'
-  end,
-  'disable' => OptionParser.new do |opts|
-    opts.banner = 'Usage: disable'
-  end,
-  'test' => OptionParser.new do |opts|
-              opts.banner = 'Usage: test'
-              # opts.on("-q", "--[no-]quiet", "quietly run ") do |v|
-              #  options[:quiet] = v
-              # end
-            end
+  end
 }
 
 global.order!
 command = ARGV.shift
-if command.nil? || subcommands[command].nil?
+if command.nil?
   puts global
   Kernel.exit(1)
+elsif subcommands[command]
+  subcommands[command].order!
 end
-subcommands[command].order!
 
 if command == 'setup'
+  puts '[WARN] tcell_agent setup is deprecated and will be removed in the future.'
+  puts '       Please download the config file from the tCell dashboard'
   unless File.directory?(CONFIG_DIR)
     print "Directory 'config' not found, create? [Y/n]"
     answer = yesno
     print "\n"
     unless answer
-      puts 'ERROR: Could not create config'
+      puts '[ERROR] Could not create config'
       Kernel.exit(1)
     end
     FileUtils.mkdir_p CONFIG_DIR
@@ -116,9 +81,9 @@ if command == 'setup'
     end
   end
   print 'Enter your API Key (ie gAABAAAA...): '
-  api_key = STDIN.gets.chomp
+  api_key = $stdin.gets.chomp
   print 'Enter your App ID (ie MyApp-Fdk4j): '
-  app_id = STDIN.gets.chomp
+  app_id = $stdin.gets.chomp
   config_hash = {
     'version' => 1,
     'applications' => [
@@ -132,6 +97,7 @@ if command == 'setup'
   puts 'done.'
 
 elsif command == 'loglevel'
+  puts '[WARN] tcell_agent loglevel is deprecated and will be removed in the future.'
   file = File.read(CONFIG_FILE)
   config_hash = JSON.parse(file)
   logging_options = config_hash['applications'][0].fetch('logging_options', {})
@@ -158,6 +124,7 @@ elsif command == 'loglevel'
   puts 'done.'
 
 elsif command == 'preload'
+  puts '[WARN] tcell_agent preload is deprecated and will be removed in the future.'
   file = File.read(CONFIG_FILE)
   config_hash = JSON.parse(file)
 
@@ -175,6 +142,7 @@ elsif command == 'preload'
   puts 'done.'
 
 elsif command == 'enable'
+  puts '[WARN] tcell_agent enable is deprecated and will be removed in the future.'
   file = File.read(CONFIG_FILE)
   config_hash = JSON.parse(file)
   config_hash['applications'][0].delete('enabled')
@@ -182,6 +150,7 @@ elsif command == 'enable'
   puts 'Enabled, you will need to restart the server.'
 
 elsif command == 'disable'
+  puts '[WARN] tcell_agent disable is deprecated and will be removed in the future.'
   file = File.read(CONFIG_FILE)
   config_hash = JSON.parse(file)
   config_hash['applications'][0]['enabled'] = false
@@ -189,6 +158,7 @@ elsif command == 'disable'
   puts 'Disabled, you will need to restart the server.'
 
 elsif command == 'demomode'
+  puts '[WARN] tcell_agent demomode is deprecated and will be removed in the future.'
   file = File.read(CONFIG_FILE)
   config_hash = JSON.parse(file)
   if options[:off] == true
@@ -200,104 +170,25 @@ elsif command == 'demomode'
   puts 'done.'
 
 elsif command == 'test'
-  puts
-  printf '%-50s', 'Config file exists... '
-  unless File.exist?(CONFIG_FILE)
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Config valid json... '
-  file = File.read(CONFIG_FILE)
-  config_hash = JSON.parse(file)
-  puts 'passed'
-
-  printf '%-50s', 'Config file has valid version... '
-  if config_hash.fetch('version') != 1
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Config file has application...'
-  if config_hash.fetch('applications').empty?
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Application has app_id... '
-  tcell_application = config_hash.fetch('applications')[0]
-  if !tcell_application.key?('app_id') && !ENV['TCELL_AGENT_APP_ID']
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Application has api_key... '
-  tcell_application = config_hash.fetch('applications')[0]
-  if !tcell_application.key?('api_key') && !ENV['TCELL_AGENT_API_KEY']
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Check for unknown settings... '
-  require 'tcell_agent/config/unknown_options'
-  messages = TCellAgent::Config::Validate.get_unknown_options(config_hash)
-  unless messages.empty?
-    puts 'failed'
-    messages.each do |message|
-      puts message
+  Dir["#{Dir.pwd}/config/initializers/*.rb"].sort.each do |f|
+    begin
+      require f
+    rescue NameError
+      # do nothing
+    rescue StandardError => e
+      puts "[ERROR] Loading initializers failed. #{e}"
     end
-    Kernel.exit(1)
   end
-  puts 'passed'
 
-  printf '%-50s', 'Requiring configuration library... '
-  require 'tcell_agent/configuration'
-  puts 'passed'
-
-  printf '%-50s', 'Loading native library... '
   require 'tcell_agent/rust/native_library'
   unless TCellAgent::Rust::NativeLibrary.common_lib_available?
-    puts 'failed'
-    Kernel.exit(1)
-  end
-  puts 'passed'
-
-  printf '%-50s', 'Make test API call for policies... '
-  require 'tcell_agent/rust/native_agent'
-  errors = TCellAgent::Rust::NativeAgent.test_policies
-  if !errors.empty?
-    puts 'failed'
-    puts errors
-    Kernel.exit(1)
-  else
-    puts 'passed'
+    puts '[ERROR] Native Library is unavailable'
+    return
   end
 
-  printf '%-50s', 'Sending a Test event... '
-  require 'tcell_agent/logger'
-  require 'tcell_agent/sensor_events/server_agent'
-  errors = TCellAgent::Rust::NativeAgent.test_event_sender(
-    [
-      TCellAgent::SensorEvents::ServerAgentDetailsLanguageEvent.new(
-        'Ruby',
-        RUBY_VERSION
-      )
-    ]
+  puts "tCell Ruby Agent Version #{TCellAgent::VERSION}"
+  TCellAgent::Rust::NativeAgent.test_agent(
+    TCellAgent.initializer_configuration ||
+    TCellAgent.configuration
   )
-  if !errors.empty?
-    puts 'failed'
-    puts errors
-    Kernel.exit(1)
-  else
-    puts 'passed'
-  end
-
-  puts
-  puts 'all tests passed, looks good.'
-  puts 'done.'
 end

data/lib/tcell_agent.rb

@@ -1,26 +1,18 @@
 # See the file "LICENSE" for the full license governing this code.
-
-require 'tcell_agent/logger'
-require 'tcell_agent/utils/strings'
 require 'tcell_agent/configuration'
 
-require 'tcell_agent/agent'
-
-require 'tcell_agent/sensor_events/util/sanitizer_utilities'
-
-require 'tcell_agent/instrumentation'
+unless TCellAgent.configuration.disable_all
+  require 'tcell_agent/logger'
+  require 'tcell_agent/utils/strings'
+  require 'tcell_agent/agent'
 
-require 'tcell_agent/instrument_servers'
+  require 'tcell_agent/sensor_events/util/sanitizer_utilities'
 
-if !TCellAgent.configuration.disable_all && TCellAgent.configuration.should_instrument?
-  require 'tcell_agent/instrumentation/cmdi'
-  require 'tcell_agent/instrumentation/lfi'
-  require 'tcell_agent/instrumentation/monkey_patches/io'
-  require 'tcell_agent/instrumentation/monkey_patches/file'
-  require 'tcell_agent/instrumentation/monkey_patches/kernel'
+  require 'tcell_agent/instrumentation'
 
+  require 'tcell_agent/instrument_servers'
   require 'tcell_agent/hooks/login_fraud'
-  require 'tcell_agent/rails/on_start' if defined?(Rails)
+  require 'tcell_agent/rails/railties/tcell_agent_railties' if defined?(Rails)
   # sinatra used to be supported, but dropped support due to no customers using it
   # require 'tcell_agent/sinatra' if defined?(Sinatra)
 end

data/lib/tcell_agent/agent.rb

@@ -24,93 +24,128 @@ module TCellAgent
     include TCellAgent::ModuleLoggerAccess
 
     attr_accessor :route_table,
-                  :stop_agent,
-                  :safe_to_check_cmdi
+                  :stop_agent
 
     def initialize
       @stop_agent = false
       @native_agent = nil
       @route_table = TCellAgent::Routes::RouteTable.new
-      @safe_to_check_cmdi = false
       @policies_manager = PoliciesManager.new(nil)
     end
 
-    def validate_config
-      if TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.api_key) ||
-         TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.app_id) ||
-         TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.tcell_input_url) ||
-         TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.tcell_api_url)
-        puts ' ********* ********* ********* *********'
-        puts '* tCell.io                               *'
-        puts '* Configuration info is missing, you may  *'
-        puts '* need to download config file and place *'
-        puts '* it in the config/ directory            *'
-        puts ' ********* ********* ********* *********'
-        TCellAgent.configuration.enabled = false
+    def instrument_auth_frameworks
+      if defined?(Devise) && TCellAgent.configuration.should_instrument?('devise')
+        module_logger.info('Instrumenting Devise authentication framework')
+        require 'tcell_agent/rails/auth/devise'
+        require 'tcell_agent/rails/auth/devise_helper'
+      end
+
+      if defined?(Authlogic) && TCellAgent.configuration.should_instrument?('authlogic')
+        module_logger.info('Instrumenting Authlogic authentication framework')
+        require 'tcell_agent/rails/auth/authlogic'
+        require 'tcell_agent/rails/auth/authlogic_helper'
+      end
+
+      if defined?(Doorkeeper) && TCellAgent.configuration.should_instrument?('doorkeeper') # rubocop:disable Style/GuardClause
+        module_logger.info('Instrumenting Doorkeeper authentication framework')
+        require 'tcell_agent/rails/auth/doorkeeper'
       end
     end
 
-    def start(server_name)
-      TCellAgent.thread_agent.validate_config
-      return unless TCellAgent.configuration.should_instrument?
+    def instrument_built_ins
+      require 'tcell_agent/instrumentation/cmdi'
+      require 'tcell_agent/instrumentation/lfi'
 
-      @native_agent = TCellAgent::Rust::NativeAgent.create_agent(
-        TCellAgent.configuration
-      )
-      if @native_agent.nil?
-        TCellAgent.configuration.enabled = false
-        return
+      variant = if RUBY_VERSION.start_with?('3')
+                  'ruby_3'
+                else
+                  'ruby_2'
+                end
+
+      if TCellAgent.configuration.should_instrument?('io')
+        module_logger.info('Instrumenting Ruby Class: IO')
+        require "tcell_agent/instrumentation/monkey_patches/#{variant}/io"
+      end
+
+      if TCellAgent.configuration.should_instrument?('file')
+        module_logger.info('Instrumenting Ruby Class: File')
+        require "tcell_agent/instrumentation/monkey_patches/#{variant}/file"
+      end
+
+      if TCellAgent.configuration.should_instrument?('kernel') # rubocop:disable Style/GuardClause
+        module_logger.info('Instrumenting Ruby Module: Kernel')
+        require "tcell_agent/instrumentation/monkey_patches/#{variant}/kernel"
       end
+    end
 
-      TCellAgent.native_agent = @native_agent
+    def manage_policies
       @policies_manager = PoliciesManager.new(@native_agent)
-      # if preload_policy_filename is used and policy polling is
-      # disabled, need to call poll policies to make sure
-      # ruby policies are in sync with native agent enablements
-      result = @native_agent.poll_new_policies
+
+      result = {}
+      unless TCellAgent.configuration.should_start_policy_poll?
+        result = @native_agent.poll_new_policies
+      end
+
       policies_and_enablements = result['new_policies_and_enablements'] || {}
+
       @policies_manager.process_policy_json(
         policies_and_enablements['enablements'],
         policies_and_enablements['policies']
       )
 
       @policy_polling = PolicyPolling.new(@policies_manager, @native_agent)
-
-      module_logger.info("Starting thread agent: #{server_name}")
-
-      @safe_to_check_cmdi = true
-
-      TCellAgent.report_settings
-      TCellAgent::Instrumentation::Rails.send_framework_info
-      TCellAgent::Instrumentation::Rails.send_settings
-    rescue StandardError => standard_error
-      TCellAgent.configuration.enabled = false
-      module_logger.error("Error starting agent: (#{standard_error.class}) #{standard_error.message}")
-      module_logger.exception(standard_error)
     end
 
     def policies
       @policies_manager.policies
     end
 
+    def queue_sensor_event(event)
+      return unless @native_agent
+
+      @native_agent.send_sanitized_events(
+        [event]
+      )
+    rescue StandardError => e
+      module_logger.error("Error sending event: (#{e.class}) #{e.message}")
+      module_logger.exception(e)
+    end
+
     def report_metrics(request_time, tcell_context)
       @native_agent.report_metrics(
         request_time, tcell_context
       )
-    rescue StandardError => standard_error
-      module_logger.error("Error reporting metric: (#{standard_error.class}) #{standard_error.message}")
-      module_logger.exception(standard_error)
+    rescue StandardError => e
+      module_logger.error("Error reporting metric: (#{e.class}) #{e.message}")
+      module_logger.exception(e)
     end
 
-    def queue_sensor_event(event)
-      return unless @native_agent
-
-      @native_agent.send_sanitized_events(
-        [event]
+    def start(server_name)
+      @native_agent = TCellAgent::Rust::NativeAgent.create_agent(
+        TCellAgent.initializer_configuration ||
+        TCellAgent.configuration
       )
-    rescue StandardError => standard_error
-      module_logger.error("Error sending event: (#{standard_error.class}) #{standard_error.message}")
-      module_logger.exception(standard_error)
+
+      if @native_agent.nil?
+        TCellAgent.configuration.enabled = false
+        return
+      end
+
+      TCellAgent.native_logger = @native_agent
+
+      module_logger.info('Rails initializer overriding default agent configuration') unless TCellAgent.initializer_configuration.nil?
+
+      instrument_auth_frameworks
+      instrument_built_ins
+      manage_policies
+
+      module_logger.info("Started thread agent: #{server_name}")
+      TCellAgent.report_settings
+      TCellAgent::Instrumentation::Rails.send_settings
+    rescue StandardError => e
+      TCellAgent.configuration.enabled = false
+      module_logger.error("Error starting agent: (#{e.class}) #{e.message}")
+      module_logger.exception(e)
     end
   end
 end