tcell_agent 2.1.2 → 2.4.1

data/lib/tcell_agent/devise.rb

@@ -1,33 +0,0 @@
-if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
-  require 'devise'
-  require 'devise/rails'
-  require 'devise/strategies/database_authenticatable'
-  require 'tcell_agent/userinfo'
-
-  module TCellAgent
-    if defined?(Devise)
-      TCellAgent::UserInformation.class_eval do
-        class << self
-          alias_method :original_get_user_from_request, :get_user_from_request
-          def get_user_from_request(request)
-            orig_user_id = original_get_user_from_request(request)
-            begin
-              if request.session && request.session.key?('warden.user.user.key')
-                userkey = request.session['warden.user.user.key']
-                user_id = if userkey.length == 2
-                            userkey[0][0]
-                          else
-                            userkey[1][0]
-                          end
-                return user_id.to_s if user_id.is_a? Integer
-              end
-            rescue StandardError
-              return orig_user_id
-            end
-            orig_user_id
-          end
-        end
-      end
-    end
-  end
-end

data/lib/tcell_agent/instrumentation/monkey_patches/file.rb

@@ -1,25 +0,0 @@
-class File
-  class << self
-    alias_method :tcell_original_new, :new
-    def new(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_new(*args, &block)
-    end
-
-    alias_method :tcell_original_open, :open
-    def open(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_open(*args, &block)
-    end
-  end
-end

data/lib/tcell_agent/instrumentation/monkey_patches/io.rb

@@ -1,131 +0,0 @@
-class IO
-  class << self
-    alias_method :tcell_original_binread, :binread
-    def binread(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      if path.empty?
-        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-        if cmd && TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-
-      tcell_original_binread(*args, &block)
-    end
-
-    alias_method :tcell_original_binwrite, :binwrite
-    def binwrite(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Write'
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_binwrite(*args, &block)
-    end
-
-    alias_method :tcell_original_foreach, :foreach
-    def foreach(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_foreach(*args, &block)
-    end
-
-    alias_method :tcell_original_popen, :popen
-    def popen(*args, &block)
-      unless args.empty?
-        cmd = ''
-
-        TCellAgent::Instrumentation.safe_block('CMDI Parsing popen *args') do
-          args_copy = Array.new(args)
-          args_copy.shift if args_copy.first.is_a?(Hash)
-          args_copy.pop if args_copy.last.is_a?(Hash)
-
-          cmd = if args_copy.first.is_a?(String)
-                  args_copy.shift
-                else
-                  TCellAgent::Cmdi.parse_command(*args_copy.shift)
-                end
-        end
-
-        if TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-
-      tcell_original_popen(*args, &block)
-    end
-
-    alias_method :tcell_original_read, :read
-    def read(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-
-      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      if path.empty?
-        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-        if cmd && TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-
-      tcell_original_read(*args, &block)
-    end
-
-    alias_method :tcell_original_readlines, :readlines
-    def readlines(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-
-      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      if path.empty?
-        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-        if cmd && TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-
-      tcell_original_readlines(*args, &block)
-    end
-
-    alias_method :tcell_original_sysopen, :sysopen
-    def sysopen(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_sysopen(*args, &block)
-    end
-
-    alias_method :tcell_original_write, :write
-    def write(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Write'
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_write(*args, &block)
-    end
-  end
-end

data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb

@@ -1,102 +0,0 @@
-module Kernel
-  private
-
-  alias_method :tcell_original_backtick, :`
-  alias_method :tcell_original_exec, :exec
-  alias_method :tcell_original_open, :open
-  alias_method :tcell_original_gets, :gets
-  alias_method :tcell_original_readline, :readline
-  alias_method :tcell_original_spawn, :spawn
-  alias_method :tcell_original_system, :system
-
-  class << self
-    alias_method :tcell_original_exec, :exec
-    alias_method :tcell_original_open, :open
-    alias_method :tcell_original_gets, :gets
-    alias_method :tcell_original_readline, :readline
-    alias_method :tcell_original_spawn, :spawn
-    alias_method :tcell_original_system, :system
-  end
-
-  def `(cmd)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-
-    tcell_original_backtick(cmd)
-  end
-
-  if TCellAgent.configuration.should_instrument_cmdi_exec?
-    def exec(*args)
-      cmd = TCellAgent::Cmdi.parse_command(*args)
-      if TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-
-      tcell_original_exec(*args)
-    end
-  end
-
-  def gets(*args, &block)
-    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-
-    if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-    end
-
-    tcell_original_gets(*args, &block)
-  end
-
-  def open(*args, &block)
-    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-    if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-    end
-
-    if path.empty?
-      cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-      if cmd && TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-    end
-
-    tcell_original_open(*args, &block)
-  end
-
-  def readline(*args, &block)
-    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-
-    if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-    end
-
-    tcell_original_readline(*args, &block)
-  end
-
-  def spawn(*args)
-    cmd = TCellAgent::Cmdi.parse_command(*args)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-
-    tcell_original_spawn(*args)
-  end
-
-  def system(*args)
-    cmd = TCellAgent::Cmdi.parse_command(*args)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-
-    tcell_original_system(*args)
-  end
-
-  module_function :`
-  module_function :exec
-  module_function :gets
-  module_function :open
-  module_function :readline
-  module_function :spawn
-  module_function :system
-end

data/lib/tcell_agent/rails/start_agent_after_initializers.rb

@@ -1,12 +0,0 @@
-module TCellAgent
-  class TCellAgentStartupRailtie < Rails::Railtie
-    # TCellAgent config can be specified thru Rails initializer's
-    # (https://guides.rubyonrails.org/v2.3/configuring.html#using-initializers)
-    # so those need to run first before the agent is started
-    initializer :start_tcell_agent,
-                :after => :load_config_initializers,
-                :before => :tcell_instrument_auth_frameworks do |_app|
-      TCellAgent.thread_agent.start('Unicorn')
-    end
-  end
-end

data/spec/lib/tcell_agent/config/unknown_options_spec.rb

@@ -1,195 +0,0 @@
-require 'spec_helper'
-
-module TCellAgent
-  module Config
-    describe Validate do
-      describe '.get_unknown_options' do
-        context 'with an unknown tcell environment variable set' do
-          it 'should return a message about the unknown variable' do
-            orig_allow_ap = ENV.fetch('TCELL_AGENT_ALLOW_PAYLOADS', nil)
-            orig_demomode = ENV.fetch('TCELL_DEMOMODE', nil)
-            orig_agent_home = ENV.fetch('TCELL_AGENT_HOME', nil)
-            orig_agent_log_dir = ENV.fetch('TCELL_AGENT_LOG_DIR', nil)
-            orig_agent_config = ENV.fetch('TCELL_AGENT_CONFIG', nil)
-            orig_agent_app_id = ENV.fetch('TCELL_AGENT_APP_ID', nil)
-            orig_agent_api_key = ENV.fetch('TCELL_AGENT_API_KEY', nil)
-            orig_agent_host_identifier = ENV.fetch('TCELL_AGENT_HOST_IDENTIFIER', nil)
-            orig_input_url = ENV.fetch('TCELL_INPUT_URL', nil)
-            orig_hmac_key = ENV.fetch('TCELL_HMAC_KEY', nil)
-            orig_api_url = ENV.fetch('TCELL_API_URL', nil)
-            orig_password_hmac_key = ENV.fetch('TCELL_PASSWORD_HMAC_KEY', nil)
-
-            ENV['TCELL_HACK'] = 'hack the system'
-            ENV['TCELL_AGENT_ALLOW_PAYLOADS'] = 'valid'
-            ENV['TCELL_DEMOMODE'] = 'valid'
-            ENV['TCELL_AGENT_HOME'] = 'valid'
-            ENV['TCELL_AGENT_LOG_DIR'] = 'valid'
-            ENV['TCELL_AGENT_CONFIG'] = 'valid'
-            ENV['TCELL_AGENT_APP_ID'] = 'valid'
-            ENV['TCELL_AGENT_API_KEY'] = 'valid'
-            ENV['TCELL_AGENT_HOST_IDENTIFIER'] = 'valid'
-            ENV['TCELL_INPUT_URL'] = 'valid'
-            ENV['TCELL_HMAC_KEY'] = 'valid'
-            ENV['TCELL_API_URL'] = 'valid'
-            ENV['TCELL_PASSWORD_HMAC_KEY'] = 'valid'
-
-            messages = Validate.get_unknown_options(nil)
-
-            ENV.delete 'TCELL_HACK'
-
-            if orig_allow_ap
-              ENV['TCELL_AGENT_ALLOW_PAYLOADS'] = orig_allow_ap
-            else
-              ENV.delete 'TCELL_AGENT_ALLOW_PAYLOADS'
-            end
-            if orig_demomode
-              ENV['TCELL_DEMOMODE'] = orig_demomode
-            else
-              ENV.delete 'TCELL_DEMOMODE'
-            end
-            if orig_agent_home
-              ENV['TCELL_AGENT_HOME'] = orig_agent_home
-            else
-              ENV.delete 'TCELL_AGENT_HOME'
-            end
-            if orig_agent_log_dir
-              ENV['TCELL_AGENT_LOG_DIR'] = orig_agent_log_dir
-            else
-              ENV.delete 'TCELL_AGENT_LOG_DIR'
-            end
-            if orig_agent_config
-              ENV['TCELL_AGENT_CONFIG'] = orig_agent_config
-            else
-              ENV.delete 'TCELL_AGENT_CONFIG'
-            end
-            if orig_agent_app_id
-              ENV['TCELL_AGENT_APP_ID'] = orig_agent_app_id
-            else
-              ENV.delete 'TCELL_AGENT_APP_ID'
-            end
-            if orig_agent_api_key
-              ENV['TCELL_AGENT_API_KEY'] = orig_agent_api_key
-            else
-              ENV.delete 'TCELL_AGENT_API_KEY'
-            end
-            if orig_agent_host_identifier
-              ENV['TCELL_AGENT_HOST_IDENTIFIER'] = orig_agent_host_identifier
-            else
-              ENV.delete 'TCELL_AGENT_HOST_IDENTIFIER'
-            end
-            if orig_input_url
-              ENV['TCELL_INPUT_URL'] = orig_input_url
-            else
-              ENV.delete 'TCELL_INPUT_URL'
-            end
-            if orig_hmac_key
-              ENV['TCELL_HMAC_KEY'] = orig_hmac_key
-            else
-              ENV.delete 'TCELL_HMAC_KEY'
-            end
-            if orig_password_hmac_key
-              ENV['TCELL_PASSWORD_HMAC_KEY'] = orig_password_hmac_key
-            else
-              ENV.delete 'TCELL_PASSWORD_HMAC_KEY'
-            end
-            if orig_api_url
-              ENV['TCELL_API_URL'] = orig_api_url
-            else
-              ENV.delete 'TCELL_API_URL'
-            end
-
-            expect(messages.sort).to eq(
-              [
-                'Unrecognized environment parameter (TCELL_*) found: TCELL_HACK'
-              ]
-            )
-          end
-        end
-
-        context 'with a config json with all options including some extra ones' do
-          it 'should report the extra options in messages' do
-            config_json = {
-              'first_level' => 'boo',
-              'version' => 1,
-              'applications' => [
-                {
-                  'second_level' => 'boo',
-                  'name' => 'name',
-                  'app_id' => 'app id',
-                  'api_key' => 'api key',
-                  'fetch_policies_from_tcell' => true,
-                  'preload_policy_filename' => 'preload policy filename',
-                  'log_dir' => 'custom log dir',
-                  'logging_options' => {
-                    'logging_level' => 'boo',
-                    'enabled' => true,
-                    'level' => 'DEBUG',
-                    'filename' => 'filename'
-                  },
-                  'tcell_api_url' => 'tcell api url',
-                  'tcell_input_url' => 'tcell input url',
-                  'host_identifier' => 'host identifier',
-                  'hipaaSafeMode' => 'hipaa safe mode',
-                  'hmac_key' => 'hmac key',
-                  'password_hmac_key' => 'password_hmac_key',
-                  'js_agent_api_base_url' => 'js agent api base url',
-                  'js_agent_url' => 'js agent url',
-                  'max_csp_header_bytes' => 512,
-                  'event_batch_size_limit' => 50,
-                  'allow_payloads' => true,
-                  'data_exposure' => {
-                    'data_ex_level' => 'boo',
-                    'max_data_ex_db_records_per_request' => 10_000
-                  },
-                  'reverse_proxy' => true,
-                  'reverse_proxy_ip_address_header' => 'reverse proxy ip address header',
-                  'demomode' => true,
-                  # Ruby only
-                  'disable_all' => false,
-                  'enabled' => true,
-                  'enable_event_manager' => true,
-                  'enable_policy_polling' => true,
-                  'enable_instrumentation' => true,
-                  'enable_intercept_requests' => true,
-                  'instrument_for_events' => true,
-                  'enabled_instrumentations' => {
-                    'enabled_instrumentations_level' => 'blah',
-                    'doorkeeper' => true,
-                    'devise' => true,
-                    'authlogic' => true
-                  }
-                }
-              ]
-            }
-
-            messages = Validate.get_unknown_options(config_json)
-
-            expect(messages.sort).to eq(
-              [
-                'Unrecognized config setting key: data_ex_level',
-                'Unrecognized config setting key: enabled_instrumentations_level',
-                'Unrecognized config setting key: first_level',
-                'Unrecognized config setting key: logging_level',
-                'Unrecognized config setting key: second_level'
-              ]
-            )
-          end
-        end
-
-        context 'with a config json that has more than one application' do
-          it 'should report the misconfiguration' do
-            config_json = { 'version' => 1, 'applications' => [{}, {}] }
-
-            messages = Validate.get_unknown_options(config_json)
-
-            expect(messages.sort).to eq(
-              [
-                'Multiple applications detected in config file'
-              ]
-            )
-          end
-        end
-      end
-    end
-  end
-end