tcell_agent 2.1.2 → 2.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +2 -2
- data/bin/tcell_agent +41 -150
- data/lib/tcell_agent.rb +8 -16
- data/lib/tcell_agent/agent.rb +87 -52
- data/lib/tcell_agent/config_initializer.rb +62 -0
- data/lib/tcell_agent/configuration.rb +72 -267
- data/lib/tcell_agent/hooks/login_fraud.rb +1 -1
- data/lib/tcell_agent/instrument_servers.rb +14 -18
- data/lib/tcell_agent/instrumentation.rb +14 -6
- data/lib/tcell_agent/instrumentation/cmdi.rb +32 -0
- data/lib/tcell_agent/instrumentation/lfi.rb +55 -9
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/file.rb +21 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/io.rb +75 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/kernel.rb +80 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/file.rb +21 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/io.rb +75 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/kernel.rb +80 -0
- data/lib/tcell_agent/logger.rb +3 -4
- data/lib/tcell_agent/policies/dataloss_policy.rb +15 -8
- data/lib/tcell_agent/policies/headers_policy.rb +2 -2
- data/lib/tcell_agent/policies/patches_policy.rb +8 -4
- data/lib/tcell_agent/policies/policies_manager.rb +1 -0
- data/lib/tcell_agent/policies/policy_polling.rb +4 -3
- data/lib/tcell_agent/rails/auth/authlogic.rb +49 -44
- data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
- data/lib/tcell_agent/rails/auth/devise.rb +103 -102
- data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +54 -57
- data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
- data/lib/tcell_agent/rails/better_ip.rb +7 -19
- data/lib/tcell_agent/rails/csrf_exception.rb +0 -8
- data/lib/tcell_agent/rails/dlp.rb +48 -52
- data/lib/tcell_agent/rails/dlp/process_request.rb +5 -0
- data/lib/tcell_agent/rails/dlp_handler.rb +9 -10
- data/lib/tcell_agent/rails/js_agent_insert.rb +2 -3
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -1
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +3 -4
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +1 -0
- data/lib/tcell_agent/rails/{on_start.rb → railties/tcell_agent_railties.rb} +9 -16
- data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
- data/lib/tcell_agent/rails/routes.rb +3 -6
- data/lib/tcell_agent/rails/routes/grape.rb +3 -4
- data/lib/tcell_agent/rails/settings_reporter.rb +3 -6
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +4 -7
- data/lib/tcell_agent/routes/table.rb +3 -0
- data/lib/tcell_agent/rust/agent_config.rb +59 -33
- data/lib/tcell_agent/rust/{libtcellagent-4.18.0.so → libtcellagent-alpine.so} +0 -0
- data/lib/tcell_agent/rust/libtcellagent-x64.dll +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-4.18.0.dylib → libtcellagent.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-4.18.0.so → libtcellagent.so} +0 -0
- data/lib/tcell_agent/rust/models.rb +9 -0
- data/lib/tcell_agent/rust/native_agent.rb +58 -50
- data/lib/tcell_agent/rust/native_library.rb +8 -10
- data/lib/tcell_agent/sensor_events/server_agent.rb +3 -100
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +1 -0
- data/lib/tcell_agent/servers/puma.rb +30 -13
- data/lib/tcell_agent/servers/rack_puma_handler.rb +33 -0
- data/lib/tcell_agent/servers/rails_server.rb +4 -4
- data/lib/tcell_agent/servers/unicorn.rb +1 -1
- data/lib/tcell_agent/servers/webrick.rb +12 -3
- data/lib/tcell_agent/settings_reporter.rb +0 -93
- data/lib/tcell_agent/sinatra.rb +1 -0
- data/lib/tcell_agent/tcell_context.rb +16 -7
- data/lib/tcell_agent/utils/headers.rb +0 -1
- data/lib/tcell_agent/utils/strings.rb +2 -2
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/cruby_spec_helper.rb +26 -0
- data/spec/lib/tcell_agent/configuration_spec.rb +62 -212
- data/spec/lib/tcell_agent/instrument_servers_spec.rb +95 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +2 -2
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +211 -272
- data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +207 -223
- data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +89 -70
- data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +73 -0
- data/spec/lib/tcell_agent/patches_spec.rb +2 -1
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +1 -2
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +5 -6
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +21 -2
- data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +1 -1
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +14 -8
- data/spec/lib/tcell_agent/rails/better_ip_spec.rb +9 -11
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +6 -6
- data/spec/lib/tcell_agent/rails/dlp_spec.rb +1 -0
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +10 -2
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +2 -1
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +4 -4
- data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +2 -89
- data/spec/lib/tcell_agent/tcell_context_spec.rb +6 -5
- data/spec/spec_helper.rb +9 -1
- data/spec/support/builders.rb +8 -7
- data/spec/support/server_mocks/passenger_mock.rb +7 -0
- data/spec/support/server_mocks/puma_mock.rb +21 -0
- data/spec/support/server_mocks/rails_mock.rb +7 -0
- data/spec/support/server_mocks/thin_mock.rb +7 -0
- data/spec/support/server_mocks/unicorn_mock.rb +11 -0
- data/spec/support/shared_spec.rb +29 -0
- data/tcell_agent.gemspec +14 -14
- metadata +44 -27
- data/Rakefile +0 -18
- data/lib/tcell_agent/authlogic.rb +0 -23
- data/lib/tcell_agent/config/unknown_options.rb +0 -119
- data/lib/tcell_agent/devise.rb +0 -33
- data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +0 -25
- data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +0 -131
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +0 -102
- data/lib/tcell_agent/rails/start_agent_after_initializers.rb +0 -12
- data/lib/tcell_agent/rust/tcellagent-4.18.0.dll +0 -0
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -195
@@ -15,12 +15,12 @@ describe 'Kernel' do
|
|
15
15
|
end
|
16
16
|
|
17
17
|
before(:all) do
|
18
|
-
@new_file_name =
|
18
|
+
@new_file_name = NEW_FILE_NAME
|
19
19
|
@new_pathname = Pathname.new(@new_file_name)
|
20
20
|
end
|
21
21
|
describe '#open and ::open' do
|
22
22
|
context 'empty path' do
|
23
|
-
it '
|
23
|
+
it 'raises an error' do
|
24
24
|
expect do
|
25
25
|
Kernel.open
|
26
26
|
end.to raise_error(ArgumentError)
|
@@ -41,7 +41,7 @@ describe 'Kernel' do
|
|
41
41
|
end.to raise_error(Errno::ENOENT)
|
42
42
|
end
|
43
43
|
end
|
44
|
-
context 'with
|
44
|
+
context 'with filename not blocked for read/write' do
|
45
45
|
before do |test|
|
46
46
|
unless test.metadata[:skip_before]
|
47
47
|
expect(TCellAgent).to receive(:policy).with(
|
@@ -52,59 +52,84 @@ describe 'Kernel' do
|
|
52
52
|
end
|
53
53
|
end
|
54
54
|
|
55
|
-
it '
|
55
|
+
it 'executes OS commands', :skip_before do
|
56
56
|
result = Kernel.open('|echo test').read
|
57
57
|
expect(result).to eq "test\n"
|
58
58
|
|
59
59
|
result = open('|echo test').read
|
60
60
|
expect(result).to eq "test\n"
|
61
61
|
end
|
62
|
-
context 'with a pathname filename with mode w' do
|
63
|
-
it 'should create the file' do
|
64
|
-
Kernel.open(@new_pathname, 'w')
|
65
|
-
expect(File.exist?(@new_pathname)).to be_truthy
|
66
|
-
File.delete(@new_pathname)
|
67
62
|
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
63
|
+
it 'creates the file when passed a pathname' do
|
64
|
+
Kernel.open(@new_pathname, 'w')
|
65
|
+
expect(File.exist?(@new_pathname)).to be_truthy
|
66
|
+
File.delete(@new_pathname)
|
67
|
+
|
68
|
+
open(@new_pathname, 'w')
|
69
|
+
expect(File.exist?(@new_pathname)).to be_truthy
|
70
|
+
File.delete(@new_pathname)
|
72
71
|
end
|
73
|
-
context 'with a filename with mode w' do
|
74
|
-
it 'should create the file' do
|
75
|
-
Kernel.open(@new_file_name, 'w')
|
76
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
77
|
-
File.delete(@new_file_name)
|
78
72
|
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
73
|
+
it 'creates the file when passed a string' do
|
74
|
+
Kernel.open(@new_file_name, 'w')
|
75
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
76
|
+
File.delete(@new_file_name)
|
77
|
+
|
78
|
+
open(@new_file_name, 'w')
|
79
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
80
|
+
File.delete(@new_file_name)
|
83
81
|
end
|
84
|
-
context 'with a filename and mode w and file permissions 644' do
|
85
|
-
it 'should create the file with the correct permissions' do
|
86
|
-
Kernel.open(@new_file_name, 'w', 0o644)
|
87
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
|
88
|
-
File.delete(@new_file_name)
|
89
82
|
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
83
|
+
it 'creates the file with the permission 644' do
|
84
|
+
Kernel.open(@new_file_name, 'w', 0o644)
|
85
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
|
86
|
+
File.delete(@new_file_name)
|
87
|
+
|
88
|
+
open(@new_file_name, 'w', 0o644)
|
89
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
|
90
|
+
File.delete(@new_file_name)
|
94
91
|
end
|
95
|
-
context 'with a filename and mode w and file permissions 777' do
|
96
|
-
it 'should create the file with the correct permissions 755' do
|
97
|
-
Kernel.open(@new_file_name, 'w', 0o777)
|
98
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
99
|
-
File.delete(@new_file_name)
|
100
92
|
|
101
|
-
|
93
|
+
it 'creates the file with the permission 755' do
|
94
|
+
Kernel.open(@new_file_name, 'w', 0o777)
|
95
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
96
|
+
File.delete(@new_file_name)
|
97
|
+
|
98
|
+
open(@new_file_name, 'w', 0o777)
|
99
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
100
|
+
File.delete(@new_file_name)
|
101
|
+
end
|
102
|
+
|
103
|
+
context 'using mode, perm, binmode', :skip_before do
|
104
|
+
before(:each) do
|
105
|
+
expect(TCellAgent).to receive(:policy).with(
|
106
|
+
TCellAgent::PolicyTypes::LFI
|
107
|
+
).and_return(@local_files_policy)
|
108
|
+
expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
|
109
|
+
expect(TCellAgent::Cmdi).not_to receive(:parse_command_from_open)
|
110
|
+
end
|
111
|
+
|
112
|
+
after :each do
|
102
113
|
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
103
|
-
|
114
|
+
expect(@result.binmode?).to eq true
|
115
|
+
|
116
|
+
File.delete(NEW_FILE_NAME) if File.exist?(NEW_FILE_NAME)
|
104
117
|
end
|
118
|
+
|
119
|
+
test_ruby2_ruby3_keywords(Kernel,
|
120
|
+
'open',
|
121
|
+
[NEW_FILE_NAME, 'w', 0o755],
|
122
|
+
{ :binmode => true },
|
123
|
+
nil)
|
124
|
+
|
125
|
+
test_ruby2_ruby3_keywords(Object,
|
126
|
+
'open',
|
127
|
+
[NEW_FILE_NAME, 'w', 0o755],
|
128
|
+
{ :binmode => true },
|
129
|
+
nil)
|
105
130
|
end
|
106
131
|
end
|
107
|
-
context 'with
|
132
|
+
context 'with filename blocked for read/write' do
|
108
133
|
before do |test|
|
109
134
|
unless test.metadata[:skip_before]
|
110
135
|
expect(TCellAgent).to receive(:policy).with(
|
@@ -115,45 +140,39 @@ describe 'Kernel' do
|
|
115
140
|
end
|
116
141
|
end
|
117
142
|
|
118
|
-
it '
|
143
|
+
it 'executes OS commands', :skip_before do
|
119
144
|
result = Kernel.open('|echo test').read
|
120
145
|
expect(result).to eq "test\n"
|
121
146
|
|
122
147
|
result = open('|echo test').read
|
123
148
|
expect(result).to eq "test\n"
|
124
149
|
end
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
end.to raise_error(IOError)
|
150
|
+
it 'raises an IOError' do
|
151
|
+
expect do
|
152
|
+
Kernel.open(@new_file_name, 'w')
|
153
|
+
end.to raise_error(IOError)
|
130
154
|
|
131
|
-
|
132
|
-
|
133
|
-
|
134
|
-
end
|
155
|
+
expect do
|
156
|
+
open(@new_file_name, 'w')
|
157
|
+
end.to raise_error(IOError)
|
135
158
|
end
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
end.to raise_error(IOError)
|
159
|
+
it 'raises an IOError' do
|
160
|
+
expect do
|
161
|
+
Kernel.open(@new_file_name, 'w')
|
162
|
+
end.to raise_error(IOError)
|
141
163
|
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
end
|
164
|
+
expect do
|
165
|
+
open(@new_file_name, 'w')
|
166
|
+
end.to raise_error(IOError)
|
146
167
|
end
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
end.to raise_error(IOError)
|
168
|
+
it 'raises an IOError' do
|
169
|
+
expect do
|
170
|
+
Kernel.open(@new_file_name, 'a')
|
171
|
+
end.to raise_error(IOError)
|
152
172
|
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
end
|
173
|
+
expect do
|
174
|
+
open(@new_file_name, 'a')
|
175
|
+
end.to raise_error(IOError)
|
157
176
|
end
|
158
177
|
end
|
159
178
|
end
|
@@ -184,7 +203,7 @@ describe 'Kernel' do
|
|
184
203
|
end
|
185
204
|
end
|
186
205
|
context 'with a filename blocked for read/write' do
|
187
|
-
it '
|
206
|
+
it 'raises an IOError' do
|
188
207
|
expect(TCellAgent).to receive(:policy).with(
|
189
208
|
TCellAgent::PolicyTypes::LFI
|
190
209
|
).and_return(@local_files_policy, @local_files_policy)
|
@@ -211,7 +230,7 @@ describe 'Kernel' do
|
|
211
230
|
|
212
231
|
describe '::readline and #readline' do
|
213
232
|
context 'with a filename not blocked for read/write' do
|
214
|
-
it '
|
233
|
+
it 'reads the file' do
|
215
234
|
expect(TCellAgent).to receive(:policy).with(
|
216
235
|
TCellAgent::PolicyTypes::LFI
|
217
236
|
).and_return(@local_files_policy, @local_files_policy, @local_files_policy, @local_files_policy)
|
@@ -236,7 +255,7 @@ describe 'Kernel' do
|
|
236
255
|
end
|
237
256
|
end
|
238
257
|
context 'with a filename blocked for read' do
|
239
|
-
it '
|
258
|
+
it 'raises an IOError' do
|
240
259
|
expect(TCellAgent).to receive(:policy).with(
|
241
260
|
TCellAgent::PolicyTypes::LFI
|
242
261
|
).and_return(@local_files_policy, @local_files_policy)
|
@@ -145,6 +145,79 @@ module TCellAgent
|
|
145
145
|
end
|
146
146
|
end
|
147
147
|
end
|
148
|
+
|
149
|
+
describe '.raise_if_block' do
|
150
|
+
context 'when passed a blocked path' do
|
151
|
+
it 'raises an error' do
|
152
|
+
expect(TCellAgent::Instrumentation::Lfi).to receive(:block_file_access?).with(
|
153
|
+
'/blocked', 'Read'
|
154
|
+
).and_return(true)
|
155
|
+
|
156
|
+
expect do
|
157
|
+
TCellAgent::Instrumentation::Lfi.raise_if_block('/blocked', 'Read')
|
158
|
+
end.to raise_error(IOError)
|
159
|
+
end
|
160
|
+
end
|
161
|
+
context 'when passed a path not blocked' do
|
162
|
+
it 'returns nil' do
|
163
|
+
expect(TCellAgent::Instrumentation::Lfi).to receive(:block_file_access?).with(
|
164
|
+
'/not-blocked', 'Read'
|
165
|
+
).and_return(false)
|
166
|
+
|
167
|
+
expect(TCellAgent::Instrumentation::Lfi.raise_if_block('/not-blocked', 'Read')).to eq nil
|
168
|
+
end
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
172
|
+
describe '.default_open_handler' do
|
173
|
+
it 'calls .raise_if_block' do
|
174
|
+
expect(TCellAgent::Instrumentation::Lfi).to receive(:raise_if_block).with(
|
175
|
+
'/placeholder', 'Read'
|
176
|
+
).and_return(nil)
|
177
|
+
|
178
|
+
expect(TCellAgent::Instrumentation::Lfi.default_open_handler(['/placeholder'], 'Read')).to eq nil
|
179
|
+
end
|
180
|
+
|
181
|
+
it 'replaces the mode with override_mode' do
|
182
|
+
expect(TCellAgent::Instrumentation::Lfi).to receive(:extract_path_mode).with(
|
183
|
+
'/placeholder'
|
184
|
+
).and_return(['/placeholder', 'Read'])
|
185
|
+
expect(TCellAgent::Instrumentation::Lfi).to receive(:raise_if_block).with(
|
186
|
+
'/placeholder', 'ReadWrite'
|
187
|
+
).and_return(nil)
|
188
|
+
|
189
|
+
expect(TCellAgent::Instrumentation::Lfi.default_open_handler(['/placeholder'], 'ReadWrite')).to eq nil
|
190
|
+
end
|
191
|
+
end
|
192
|
+
|
193
|
+
describe '.argf_open_handler' do
|
194
|
+
it 'calls .extract_path_mode_argf' do
|
195
|
+
expect(TCellAgent::Instrumentation::Lfi).to receive(:extract_path_mode_argf).and_return(
|
196
|
+
['/placeholder', 'Read']
|
197
|
+
)
|
198
|
+
|
199
|
+
expect(TCellAgent::Instrumentation::Lfi.argf_open_handler).to eq nil
|
200
|
+
end
|
201
|
+
end
|
202
|
+
describe '.cmdi_open_handler' do
|
203
|
+
it 'behaves the similarly to default_open_handler' do
|
204
|
+
expect(TCellAgent::Instrumentation::Lfi).to receive(:raise_if_block).with(
|
205
|
+
'/placeholder', 'Read'
|
206
|
+
).and_return(nil)
|
207
|
+
|
208
|
+
expect(TCellAgent::Instrumentation::Lfi.default_open_handler(['/placeholder'], 'Read')).to eq nil
|
209
|
+
end
|
210
|
+
|
211
|
+
it 'raises an error if command is blocked' do
|
212
|
+
expect(TCellAgent::Cmdi).to receive(:block_command?).with(
|
213
|
+
'ls'
|
214
|
+
).and_return(true)
|
215
|
+
|
216
|
+
expect do
|
217
|
+
TCellAgent::Instrumentation::Lfi.cmdi_open_handler('|ls')
|
218
|
+
end.to raise_error(RuntimeError)
|
219
|
+
end
|
220
|
+
end
|
148
221
|
end
|
149
222
|
end
|
150
223
|
end
|
@@ -1,4 +1,3 @@
|
|
1
|
-
|
2
1
|
require 'spec_helper'
|
3
2
|
|
4
3
|
module TCellAgent
|
@@ -44,7 +43,7 @@ module TCellAgent
|
|
44
43
|
expect(@policy.enabled).to eq(true)
|
45
44
|
|
46
45
|
expect(
|
47
|
-
@policy.get_headers(@tcell_context)
|
46
|
+
@policy.get_headers('text/html', @tcell_context)
|
48
47
|
).to eq(
|
49
48
|
[{ 'name' => 'Content-Security-Policy',
|
50
49
|
'value' => "frame-ancestors 'none'; report-uri https://input.tcell-preview.io/csp/430d?sid=ab7074d0bf86c2884766d88b6ad9de4a&rid=route-id" }]
|
@@ -1,4 +1,3 @@
|
|
1
|
-
|
2
1
|
require 'spec_helper'
|
3
2
|
|
4
3
|
module TCellAgent
|
@@ -23,7 +22,7 @@ module TCellAgent
|
|
23
22
|
expect(native_agent).to_not receive(:get_headers)
|
24
23
|
|
25
24
|
tcell_context = double('tcell_context')
|
26
|
-
policy.get_headers(tcell_context)
|
25
|
+
policy.get_headers('text/html', tcell_context)
|
27
26
|
end
|
28
27
|
end
|
29
28
|
|
@@ -65,7 +64,7 @@ module TCellAgent
|
|
65
64
|
expect(@policy.enabled).to eq(true)
|
66
65
|
|
67
66
|
expect(
|
68
|
-
@policy.get_headers(@tcell_context)
|
67
|
+
@policy.get_headers('text/html', @tcell_context)
|
69
68
|
).to eq(
|
70
69
|
[{ 'name' => 'Content-Security-Policy', 'value' => 'test321' }]
|
71
70
|
)
|
@@ -92,7 +91,7 @@ module TCellAgent
|
|
92
91
|
expect(@policy.enabled).to eq(true)
|
93
92
|
|
94
93
|
expect(
|
95
|
-
@policy.get_headers(@tcell_context)
|
94
|
+
@policy.get_headers('text/html', @tcell_context)
|
96
95
|
).to eq(
|
97
96
|
[{ 'name' => 'Content-Security-Policy',
|
98
97
|
'value' => 'normalvalue; report-uri https://www.example.com/xys?sid=ab7074d0bf86c2884766d88b6ad9de4a&rid=route-id' }]
|
@@ -121,7 +120,7 @@ module TCellAgent
|
|
121
120
|
expect(@policy.enabled).to eq(true)
|
122
121
|
|
123
122
|
expect(
|
124
|
-
@policy.get_headers(@tcell_context)
|
123
|
+
@policy.get_headers('text/html', @tcell_context)
|
125
124
|
).to eq(
|
126
125
|
[{ 'name' => 'Content-Security-Policy',
|
127
126
|
'value' => 'normalvalue; report-uri https://www.example.com/1234567?sid=ab7074d0bf86c2884766d88b6ad9de4a&rid=route-id' }]
|
@@ -150,7 +149,7 @@ module TCellAgent
|
|
150
149
|
expect(@policy.enabled).to eq(true)
|
151
150
|
|
152
151
|
expect(
|
153
|
-
@policy.get_headers(@tcell_context)
|
152
|
+
@policy.get_headers('text/html', @tcell_context)
|
154
153
|
).to eq([])
|
155
154
|
end
|
156
155
|
end
|
@@ -78,6 +78,8 @@ module TCellAgent
|
|
78
78
|
meta_data = TCellAgent::Tests::MetaDataBuilder.new.update_attribute(
|
79
79
|
'remote_address', nil
|
80
80
|
).build
|
81
|
+
expect(@native_agent).to receive(:apply_suspicious_quick_check).with(any_args)
|
82
|
+
expect(@native_agent).not_to receive(:apply_patches).with(any_args)
|
81
83
|
resp = @policy.block_request?(meta_data)
|
82
84
|
expect(resp).to eq(false)
|
83
85
|
end
|
@@ -88,6 +90,8 @@ module TCellAgent
|
|
88
90
|
meta_data = TCellAgent::Tests::MetaDataBuilder.new.update_attribute(
|
89
91
|
'remote_address', ''
|
90
92
|
).build
|
93
|
+
expect(@native_agent).to receive(:apply_suspicious_quick_check).with(any_args)
|
94
|
+
expect(@native_agent).not_to receive(:apply_patches).with(any_args)
|
91
95
|
resp = @policy.block_request?(meta_data)
|
92
96
|
expect(resp).to eq(false)
|
93
97
|
end
|
@@ -98,20 +102,35 @@ module TCellAgent
|
|
98
102
|
meta_data = TCellAgent::Tests::MetaDataBuilder.new.update_attribute(
|
99
103
|
'remote_address', '2.2.2.2'
|
100
104
|
).build
|
105
|
+
expect(@native_agent).to receive(:apply_suspicious_quick_check).with(any_args)
|
106
|
+
expect(@native_agent).not_to receive(:apply_patches).with(any_args)
|
101
107
|
resp = @policy.block_request?(meta_data)
|
102
108
|
expect(resp).to eq(false)
|
103
109
|
end
|
104
110
|
end
|
105
111
|
|
106
|
-
context 'request comes from
|
107
|
-
it 'should
|
112
|
+
context 'request comes from blocked ip' do
|
113
|
+
it 'should block request' do
|
108
114
|
meta_data = TCellAgent::Tests::MetaDataBuilder.new.update_attribute(
|
109
115
|
'remote_address', '1.1.1.1'
|
110
116
|
).build
|
117
|
+
expect(@native_agent).to receive(:apply_suspicious_quick_check).with(any_args).and_return(2)
|
118
|
+
expect(@native_agent).not_to receive(:apply_patches).with(any_args)
|
111
119
|
resp = @policy.block_request?(meta_data)
|
112
120
|
expect(resp).to eq(true)
|
113
121
|
end
|
114
122
|
end
|
123
|
+
|
124
|
+
context 'request comes from suspcious ip' do
|
125
|
+
it 'should call apply_patches' do
|
126
|
+
meta_data = TCellAgent::Tests::MetaDataBuilder.new.update_attribute(
|
127
|
+
'remote_address', '1.1.1.1'
|
128
|
+
).build
|
129
|
+
expect(@native_agent).to receive(:apply_suspicious_quick_check).with(any_args).and_return(1)
|
130
|
+
expect(@native_agent).to receive(:apply_patches).with(any_args).and_return('Blocked Response')
|
131
|
+
@policy.block_request?(meta_data)
|
132
|
+
end
|
133
|
+
end
|
115
134
|
end
|
116
135
|
end
|
117
136
|
end
|
@@ -6,7 +6,7 @@ module TCellAgent
|
|
6
6
|
assert_policy_state = proc do |policies, state|
|
7
7
|
expect(policies.keys.size).to eq(10)
|
8
8
|
|
9
|
-
policies.
|
9
|
+
policies.each_value do |policy|
|
10
10
|
next if policy.instance_of?(TCellAgent::Policies::LoginPolicy)
|
11
11
|
next if policy.instance_of?(TCellAgent::Policies::SystemEnablements)
|
12
12
|
|