tcell_agent 2.1.2 → 2.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +2 -2
- data/bin/tcell_agent +41 -150
- data/lib/tcell_agent.rb +8 -16
- data/lib/tcell_agent/agent.rb +87 -52
- data/lib/tcell_agent/config_initializer.rb +62 -0
- data/lib/tcell_agent/configuration.rb +72 -267
- data/lib/tcell_agent/hooks/login_fraud.rb +1 -1
- data/lib/tcell_agent/instrument_servers.rb +14 -18
- data/lib/tcell_agent/instrumentation.rb +14 -6
- data/lib/tcell_agent/instrumentation/cmdi.rb +32 -0
- data/lib/tcell_agent/instrumentation/lfi.rb +55 -9
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/file.rb +21 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/io.rb +75 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/kernel.rb +80 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/file.rb +21 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/io.rb +75 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/kernel.rb +80 -0
- data/lib/tcell_agent/logger.rb +3 -4
- data/lib/tcell_agent/policies/dataloss_policy.rb +15 -8
- data/lib/tcell_agent/policies/headers_policy.rb +2 -2
- data/lib/tcell_agent/policies/patches_policy.rb +8 -4
- data/lib/tcell_agent/policies/policies_manager.rb +1 -0
- data/lib/tcell_agent/policies/policy_polling.rb +4 -3
- data/lib/tcell_agent/rails/auth/authlogic.rb +49 -44
- data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
- data/lib/tcell_agent/rails/auth/devise.rb +103 -102
- data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +54 -57
- data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
- data/lib/tcell_agent/rails/better_ip.rb +7 -19
- data/lib/tcell_agent/rails/csrf_exception.rb +0 -8
- data/lib/tcell_agent/rails/dlp.rb +48 -52
- data/lib/tcell_agent/rails/dlp/process_request.rb +5 -0
- data/lib/tcell_agent/rails/dlp_handler.rb +9 -10
- data/lib/tcell_agent/rails/js_agent_insert.rb +2 -3
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -1
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +3 -4
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +1 -0
- data/lib/tcell_agent/rails/{on_start.rb → railties/tcell_agent_railties.rb} +9 -16
- data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
- data/lib/tcell_agent/rails/routes.rb +3 -6
- data/lib/tcell_agent/rails/routes/grape.rb +3 -4
- data/lib/tcell_agent/rails/settings_reporter.rb +3 -6
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +4 -7
- data/lib/tcell_agent/routes/table.rb +3 -0
- data/lib/tcell_agent/rust/agent_config.rb +59 -33
- data/lib/tcell_agent/rust/{libtcellagent-4.18.0.so → libtcellagent-alpine.so} +0 -0
- data/lib/tcell_agent/rust/libtcellagent-x64.dll +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-4.18.0.dylib → libtcellagent.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-4.18.0.so → libtcellagent.so} +0 -0
- data/lib/tcell_agent/rust/models.rb +9 -0
- data/lib/tcell_agent/rust/native_agent.rb +58 -50
- data/lib/tcell_agent/rust/native_library.rb +8 -10
- data/lib/tcell_agent/sensor_events/server_agent.rb +3 -100
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +1 -0
- data/lib/tcell_agent/servers/puma.rb +30 -13
- data/lib/tcell_agent/servers/rack_puma_handler.rb +33 -0
- data/lib/tcell_agent/servers/rails_server.rb +4 -4
- data/lib/tcell_agent/servers/unicorn.rb +1 -1
- data/lib/tcell_agent/servers/webrick.rb +12 -3
- data/lib/tcell_agent/settings_reporter.rb +0 -93
- data/lib/tcell_agent/sinatra.rb +1 -0
- data/lib/tcell_agent/tcell_context.rb +16 -7
- data/lib/tcell_agent/utils/headers.rb +0 -1
- data/lib/tcell_agent/utils/strings.rb +2 -2
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/cruby_spec_helper.rb +26 -0
- data/spec/lib/tcell_agent/configuration_spec.rb +62 -212
- data/spec/lib/tcell_agent/instrument_servers_spec.rb +95 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +2 -2
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +211 -272
- data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +207 -223
- data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +89 -70
- data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +73 -0
- data/spec/lib/tcell_agent/patches_spec.rb +2 -1
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +1 -2
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +5 -6
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +21 -2
- data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +1 -1
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +14 -8
- data/spec/lib/tcell_agent/rails/better_ip_spec.rb +9 -11
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +6 -6
- data/spec/lib/tcell_agent/rails/dlp_spec.rb +1 -0
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +10 -2
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +2 -1
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +4 -4
- data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +2 -89
- data/spec/lib/tcell_agent/tcell_context_spec.rb +6 -5
- data/spec/spec_helper.rb +9 -1
- data/spec/support/builders.rb +8 -7
- data/spec/support/server_mocks/passenger_mock.rb +7 -0
- data/spec/support/server_mocks/puma_mock.rb +21 -0
- data/spec/support/server_mocks/rails_mock.rb +7 -0
- data/spec/support/server_mocks/thin_mock.rb +7 -0
- data/spec/support/server_mocks/unicorn_mock.rb +11 -0
- data/spec/support/shared_spec.rb +29 -0
- data/tcell_agent.gemspec +14 -14
- metadata +44 -27
- data/Rakefile +0 -18
- data/lib/tcell_agent/authlogic.rb +0 -23
- data/lib/tcell_agent/config/unknown_options.rb +0 -119
- data/lib/tcell_agent/devise.rb +0 -33
- data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +0 -25
- data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +0 -131
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +0 -102
- data/lib/tcell_agent/rails/start_agent_after_initializers.rb +0 -12
- data/lib/tcell_agent/rust/tcellagent-4.18.0.dll +0 -0
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -195
data/lib/tcell_agent/devise.rb
DELETED
@@ -1,33 +0,0 @@
|
|
1
|
-
if TCellAgent.configuration.should_instrument_devise? && defined?(Devise)
|
2
|
-
require 'devise'
|
3
|
-
require 'devise/rails'
|
4
|
-
require 'devise/strategies/database_authenticatable'
|
5
|
-
require 'tcell_agent/userinfo'
|
6
|
-
|
7
|
-
module TCellAgent
|
8
|
-
if defined?(Devise)
|
9
|
-
TCellAgent::UserInformation.class_eval do
|
10
|
-
class << self
|
11
|
-
alias_method :original_get_user_from_request, :get_user_from_request
|
12
|
-
def get_user_from_request(request)
|
13
|
-
orig_user_id = original_get_user_from_request(request)
|
14
|
-
begin
|
15
|
-
if request.session && request.session.key?('warden.user.user.key')
|
16
|
-
userkey = request.session['warden.user.user.key']
|
17
|
-
user_id = if userkey.length == 2
|
18
|
-
userkey[0][0]
|
19
|
-
else
|
20
|
-
userkey[1][0]
|
21
|
-
end
|
22
|
-
return user_id.to_s if user_id.is_a? Integer
|
23
|
-
end
|
24
|
-
rescue StandardError
|
25
|
-
return orig_user_id
|
26
|
-
end
|
27
|
-
orig_user_id
|
28
|
-
end
|
29
|
-
end
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
end
|
@@ -1,25 +0,0 @@
|
|
1
|
-
class File
|
2
|
-
class << self
|
3
|
-
alias_method :tcell_original_new, :new
|
4
|
-
def new(*args, &block)
|
5
|
-
path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
|
6
|
-
|
7
|
-
if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
8
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
9
|
-
end
|
10
|
-
|
11
|
-
tcell_original_new(*args, &block)
|
12
|
-
end
|
13
|
-
|
14
|
-
alias_method :tcell_original_open, :open
|
15
|
-
def open(*args, &block)
|
16
|
-
path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
|
17
|
-
|
18
|
-
if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
19
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
20
|
-
end
|
21
|
-
|
22
|
-
tcell_original_open(*args, &block)
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
@@ -1,131 +0,0 @@
|
|
1
|
-
class IO
|
2
|
-
class << self
|
3
|
-
alias_method :tcell_original_binread, :binread
|
4
|
-
def binread(*args, &block)
|
5
|
-
path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
|
6
|
-
|
7
|
-
if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
8
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
9
|
-
end
|
10
|
-
|
11
|
-
if path.empty?
|
12
|
-
cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
|
13
|
-
if cmd && TCellAgent::Cmdi.block_command?(cmd)
|
14
|
-
raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
tcell_original_binread(*args, &block)
|
19
|
-
end
|
20
|
-
|
21
|
-
alias_method :tcell_original_binwrite, :binwrite
|
22
|
-
def binwrite(*args, &block)
|
23
|
-
path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
|
24
|
-
mode = 'Write'
|
25
|
-
|
26
|
-
if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
27
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
28
|
-
end
|
29
|
-
|
30
|
-
tcell_original_binwrite(*args, &block)
|
31
|
-
end
|
32
|
-
|
33
|
-
alias_method :tcell_original_foreach, :foreach
|
34
|
-
def foreach(*args, &block)
|
35
|
-
path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
|
36
|
-
mode = 'Read'
|
37
|
-
|
38
|
-
if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
39
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
40
|
-
end
|
41
|
-
|
42
|
-
tcell_original_foreach(*args, &block)
|
43
|
-
end
|
44
|
-
|
45
|
-
alias_method :tcell_original_popen, :popen
|
46
|
-
def popen(*args, &block)
|
47
|
-
unless args.empty?
|
48
|
-
cmd = ''
|
49
|
-
|
50
|
-
TCellAgent::Instrumentation.safe_block('CMDI Parsing popen *args') do
|
51
|
-
args_copy = Array.new(args)
|
52
|
-
args_copy.shift if args_copy.first.is_a?(Hash)
|
53
|
-
args_copy.pop if args_copy.last.is_a?(Hash)
|
54
|
-
|
55
|
-
cmd = if args_copy.first.is_a?(String)
|
56
|
-
args_copy.shift
|
57
|
-
else
|
58
|
-
TCellAgent::Cmdi.parse_command(*args_copy.shift)
|
59
|
-
end
|
60
|
-
end
|
61
|
-
|
62
|
-
if TCellAgent::Cmdi.block_command?(cmd)
|
63
|
-
raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
tcell_original_popen(*args, &block)
|
68
|
-
end
|
69
|
-
|
70
|
-
alias_method :tcell_original_read, :read
|
71
|
-
def read(*args, &block)
|
72
|
-
path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
|
73
|
-
mode = 'Read'
|
74
|
-
|
75
|
-
if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
76
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
77
|
-
end
|
78
|
-
|
79
|
-
if path.empty?
|
80
|
-
cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
|
81
|
-
if cmd && TCellAgent::Cmdi.block_command?(cmd)
|
82
|
-
raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
|
83
|
-
end
|
84
|
-
end
|
85
|
-
|
86
|
-
tcell_original_read(*args, &block)
|
87
|
-
end
|
88
|
-
|
89
|
-
alias_method :tcell_original_readlines, :readlines
|
90
|
-
def readlines(*args, &block)
|
91
|
-
path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
|
92
|
-
mode = 'Read'
|
93
|
-
|
94
|
-
if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
95
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
96
|
-
end
|
97
|
-
|
98
|
-
if path.empty?
|
99
|
-
cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
|
100
|
-
if cmd && TCellAgent::Cmdi.block_command?(cmd)
|
101
|
-
raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
|
102
|
-
end
|
103
|
-
end
|
104
|
-
|
105
|
-
tcell_original_readlines(*args, &block)
|
106
|
-
end
|
107
|
-
|
108
|
-
alias_method :tcell_original_sysopen, :sysopen
|
109
|
-
def sysopen(*args, &block)
|
110
|
-
path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
|
111
|
-
|
112
|
-
if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
113
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
114
|
-
end
|
115
|
-
|
116
|
-
tcell_original_sysopen(*args, &block)
|
117
|
-
end
|
118
|
-
|
119
|
-
alias_method :tcell_original_write, :write
|
120
|
-
def write(*args, &block)
|
121
|
-
path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
|
122
|
-
mode = 'Write'
|
123
|
-
|
124
|
-
if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
125
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
126
|
-
end
|
127
|
-
|
128
|
-
tcell_original_write(*args, &block)
|
129
|
-
end
|
130
|
-
end
|
131
|
-
end
|
@@ -1,102 +0,0 @@
|
|
1
|
-
module Kernel
|
2
|
-
private
|
3
|
-
|
4
|
-
alias_method :tcell_original_backtick, :`
|
5
|
-
alias_method :tcell_original_exec, :exec
|
6
|
-
alias_method :tcell_original_open, :open
|
7
|
-
alias_method :tcell_original_gets, :gets
|
8
|
-
alias_method :tcell_original_readline, :readline
|
9
|
-
alias_method :tcell_original_spawn, :spawn
|
10
|
-
alias_method :tcell_original_system, :system
|
11
|
-
|
12
|
-
class << self
|
13
|
-
alias_method :tcell_original_exec, :exec
|
14
|
-
alias_method :tcell_original_open, :open
|
15
|
-
alias_method :tcell_original_gets, :gets
|
16
|
-
alias_method :tcell_original_readline, :readline
|
17
|
-
alias_method :tcell_original_spawn, :spawn
|
18
|
-
alias_method :tcell_original_system, :system
|
19
|
-
end
|
20
|
-
|
21
|
-
def `(cmd)
|
22
|
-
if TCellAgent::Cmdi.block_command?(cmd)
|
23
|
-
raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
|
24
|
-
end
|
25
|
-
|
26
|
-
tcell_original_backtick(cmd)
|
27
|
-
end
|
28
|
-
|
29
|
-
if TCellAgent.configuration.should_instrument_cmdi_exec?
|
30
|
-
def exec(*args)
|
31
|
-
cmd = TCellAgent::Cmdi.parse_command(*args)
|
32
|
-
if TCellAgent::Cmdi.block_command?(cmd)
|
33
|
-
raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
|
34
|
-
end
|
35
|
-
|
36
|
-
tcell_original_exec(*args)
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
def gets(*args, &block)
|
41
|
-
path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
|
42
|
-
|
43
|
-
if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
44
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
45
|
-
end
|
46
|
-
|
47
|
-
tcell_original_gets(*args, &block)
|
48
|
-
end
|
49
|
-
|
50
|
-
def open(*args, &block)
|
51
|
-
path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
|
52
|
-
|
53
|
-
if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
54
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
55
|
-
end
|
56
|
-
|
57
|
-
if path.empty?
|
58
|
-
cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
|
59
|
-
if cmd && TCellAgent::Cmdi.block_command?(cmd)
|
60
|
-
raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
|
-
tcell_original_open(*args, &block)
|
65
|
-
end
|
66
|
-
|
67
|
-
def readline(*args, &block)
|
68
|
-
path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
|
69
|
-
|
70
|
-
if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
|
71
|
-
raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
|
72
|
-
end
|
73
|
-
|
74
|
-
tcell_original_readline(*args, &block)
|
75
|
-
end
|
76
|
-
|
77
|
-
def spawn(*args)
|
78
|
-
cmd = TCellAgent::Cmdi.parse_command(*args)
|
79
|
-
if TCellAgent::Cmdi.block_command?(cmd)
|
80
|
-
raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
|
81
|
-
end
|
82
|
-
|
83
|
-
tcell_original_spawn(*args)
|
84
|
-
end
|
85
|
-
|
86
|
-
def system(*args)
|
87
|
-
cmd = TCellAgent::Cmdi.parse_command(*args)
|
88
|
-
if TCellAgent::Cmdi.block_command?(cmd)
|
89
|
-
raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
|
90
|
-
end
|
91
|
-
|
92
|
-
tcell_original_system(*args)
|
93
|
-
end
|
94
|
-
|
95
|
-
module_function :`
|
96
|
-
module_function :exec
|
97
|
-
module_function :gets
|
98
|
-
module_function :open
|
99
|
-
module_function :readline
|
100
|
-
module_function :spawn
|
101
|
-
module_function :system
|
102
|
-
end
|
@@ -1,12 +0,0 @@
|
|
1
|
-
module TCellAgent
|
2
|
-
class TCellAgentStartupRailtie < Rails::Railtie
|
3
|
-
# TCellAgent config can be specified thru Rails initializer's
|
4
|
-
# (https://guides.rubyonrails.org/v2.3/configuring.html#using-initializers)
|
5
|
-
# so those need to run first before the agent is started
|
6
|
-
initializer :start_tcell_agent,
|
7
|
-
:after => :load_config_initializers,
|
8
|
-
:before => :tcell_instrument_auth_frameworks do |_app|
|
9
|
-
TCellAgent.thread_agent.start('Unicorn')
|
10
|
-
end
|
11
|
-
end
|
12
|
-
end
|
Binary file
|
@@ -1,195 +0,0 @@
|
|
1
|
-
require 'spec_helper'
|
2
|
-
|
3
|
-
module TCellAgent
|
4
|
-
module Config
|
5
|
-
describe Validate do
|
6
|
-
describe '.get_unknown_options' do
|
7
|
-
context 'with an unknown tcell environment variable set' do
|
8
|
-
it 'should return a message about the unknown variable' do
|
9
|
-
orig_allow_ap = ENV.fetch('TCELL_AGENT_ALLOW_PAYLOADS', nil)
|
10
|
-
orig_demomode = ENV.fetch('TCELL_DEMOMODE', nil)
|
11
|
-
orig_agent_home = ENV.fetch('TCELL_AGENT_HOME', nil)
|
12
|
-
orig_agent_log_dir = ENV.fetch('TCELL_AGENT_LOG_DIR', nil)
|
13
|
-
orig_agent_config = ENV.fetch('TCELL_AGENT_CONFIG', nil)
|
14
|
-
orig_agent_app_id = ENV.fetch('TCELL_AGENT_APP_ID', nil)
|
15
|
-
orig_agent_api_key = ENV.fetch('TCELL_AGENT_API_KEY', nil)
|
16
|
-
orig_agent_host_identifier = ENV.fetch('TCELL_AGENT_HOST_IDENTIFIER', nil)
|
17
|
-
orig_input_url = ENV.fetch('TCELL_INPUT_URL', nil)
|
18
|
-
orig_hmac_key = ENV.fetch('TCELL_HMAC_KEY', nil)
|
19
|
-
orig_api_url = ENV.fetch('TCELL_API_URL', nil)
|
20
|
-
orig_password_hmac_key = ENV.fetch('TCELL_PASSWORD_HMAC_KEY', nil)
|
21
|
-
|
22
|
-
ENV['TCELL_HACK'] = 'hack the system'
|
23
|
-
ENV['TCELL_AGENT_ALLOW_PAYLOADS'] = 'valid'
|
24
|
-
ENV['TCELL_DEMOMODE'] = 'valid'
|
25
|
-
ENV['TCELL_AGENT_HOME'] = 'valid'
|
26
|
-
ENV['TCELL_AGENT_LOG_DIR'] = 'valid'
|
27
|
-
ENV['TCELL_AGENT_CONFIG'] = 'valid'
|
28
|
-
ENV['TCELL_AGENT_APP_ID'] = 'valid'
|
29
|
-
ENV['TCELL_AGENT_API_KEY'] = 'valid'
|
30
|
-
ENV['TCELL_AGENT_HOST_IDENTIFIER'] = 'valid'
|
31
|
-
ENV['TCELL_INPUT_URL'] = 'valid'
|
32
|
-
ENV['TCELL_HMAC_KEY'] = 'valid'
|
33
|
-
ENV['TCELL_API_URL'] = 'valid'
|
34
|
-
ENV['TCELL_PASSWORD_HMAC_KEY'] = 'valid'
|
35
|
-
|
36
|
-
messages = Validate.get_unknown_options(nil)
|
37
|
-
|
38
|
-
ENV.delete 'TCELL_HACK'
|
39
|
-
|
40
|
-
if orig_allow_ap
|
41
|
-
ENV['TCELL_AGENT_ALLOW_PAYLOADS'] = orig_allow_ap
|
42
|
-
else
|
43
|
-
ENV.delete 'TCELL_AGENT_ALLOW_PAYLOADS'
|
44
|
-
end
|
45
|
-
if orig_demomode
|
46
|
-
ENV['TCELL_DEMOMODE'] = orig_demomode
|
47
|
-
else
|
48
|
-
ENV.delete 'TCELL_DEMOMODE'
|
49
|
-
end
|
50
|
-
if orig_agent_home
|
51
|
-
ENV['TCELL_AGENT_HOME'] = orig_agent_home
|
52
|
-
else
|
53
|
-
ENV.delete 'TCELL_AGENT_HOME'
|
54
|
-
end
|
55
|
-
if orig_agent_log_dir
|
56
|
-
ENV['TCELL_AGENT_LOG_DIR'] = orig_agent_log_dir
|
57
|
-
else
|
58
|
-
ENV.delete 'TCELL_AGENT_LOG_DIR'
|
59
|
-
end
|
60
|
-
if orig_agent_config
|
61
|
-
ENV['TCELL_AGENT_CONFIG'] = orig_agent_config
|
62
|
-
else
|
63
|
-
ENV.delete 'TCELL_AGENT_CONFIG'
|
64
|
-
end
|
65
|
-
if orig_agent_app_id
|
66
|
-
ENV['TCELL_AGENT_APP_ID'] = orig_agent_app_id
|
67
|
-
else
|
68
|
-
ENV.delete 'TCELL_AGENT_APP_ID'
|
69
|
-
end
|
70
|
-
if orig_agent_api_key
|
71
|
-
ENV['TCELL_AGENT_API_KEY'] = orig_agent_api_key
|
72
|
-
else
|
73
|
-
ENV.delete 'TCELL_AGENT_API_KEY'
|
74
|
-
end
|
75
|
-
if orig_agent_host_identifier
|
76
|
-
ENV['TCELL_AGENT_HOST_IDENTIFIER'] = orig_agent_host_identifier
|
77
|
-
else
|
78
|
-
ENV.delete 'TCELL_AGENT_HOST_IDENTIFIER'
|
79
|
-
end
|
80
|
-
if orig_input_url
|
81
|
-
ENV['TCELL_INPUT_URL'] = orig_input_url
|
82
|
-
else
|
83
|
-
ENV.delete 'TCELL_INPUT_URL'
|
84
|
-
end
|
85
|
-
if orig_hmac_key
|
86
|
-
ENV['TCELL_HMAC_KEY'] = orig_hmac_key
|
87
|
-
else
|
88
|
-
ENV.delete 'TCELL_HMAC_KEY'
|
89
|
-
end
|
90
|
-
if orig_password_hmac_key
|
91
|
-
ENV['TCELL_PASSWORD_HMAC_KEY'] = orig_password_hmac_key
|
92
|
-
else
|
93
|
-
ENV.delete 'TCELL_PASSWORD_HMAC_KEY'
|
94
|
-
end
|
95
|
-
if orig_api_url
|
96
|
-
ENV['TCELL_API_URL'] = orig_api_url
|
97
|
-
else
|
98
|
-
ENV.delete 'TCELL_API_URL'
|
99
|
-
end
|
100
|
-
|
101
|
-
expect(messages.sort).to eq(
|
102
|
-
[
|
103
|
-
'Unrecognized environment parameter (TCELL_*) found: TCELL_HACK'
|
104
|
-
]
|
105
|
-
)
|
106
|
-
end
|
107
|
-
end
|
108
|
-
|
109
|
-
context 'with a config json with all options including some extra ones' do
|
110
|
-
it 'should report the extra options in messages' do
|
111
|
-
config_json = {
|
112
|
-
'first_level' => 'boo',
|
113
|
-
'version' => 1,
|
114
|
-
'applications' => [
|
115
|
-
{
|
116
|
-
'second_level' => 'boo',
|
117
|
-
'name' => 'name',
|
118
|
-
'app_id' => 'app id',
|
119
|
-
'api_key' => 'api key',
|
120
|
-
'fetch_policies_from_tcell' => true,
|
121
|
-
'preload_policy_filename' => 'preload policy filename',
|
122
|
-
'log_dir' => 'custom log dir',
|
123
|
-
'logging_options' => {
|
124
|
-
'logging_level' => 'boo',
|
125
|
-
'enabled' => true,
|
126
|
-
'level' => 'DEBUG',
|
127
|
-
'filename' => 'filename'
|
128
|
-
},
|
129
|
-
'tcell_api_url' => 'tcell api url',
|
130
|
-
'tcell_input_url' => 'tcell input url',
|
131
|
-
'host_identifier' => 'host identifier',
|
132
|
-
'hipaaSafeMode' => 'hipaa safe mode',
|
133
|
-
'hmac_key' => 'hmac key',
|
134
|
-
'password_hmac_key' => 'password_hmac_key',
|
135
|
-
'js_agent_api_base_url' => 'js agent api base url',
|
136
|
-
'js_agent_url' => 'js agent url',
|
137
|
-
'max_csp_header_bytes' => 512,
|
138
|
-
'event_batch_size_limit' => 50,
|
139
|
-
'allow_payloads' => true,
|
140
|
-
'data_exposure' => {
|
141
|
-
'data_ex_level' => 'boo',
|
142
|
-
'max_data_ex_db_records_per_request' => 10_000
|
143
|
-
},
|
144
|
-
'reverse_proxy' => true,
|
145
|
-
'reverse_proxy_ip_address_header' => 'reverse proxy ip address header',
|
146
|
-
'demomode' => true,
|
147
|
-
# Ruby only
|
148
|
-
'disable_all' => false,
|
149
|
-
'enabled' => true,
|
150
|
-
'enable_event_manager' => true,
|
151
|
-
'enable_policy_polling' => true,
|
152
|
-
'enable_instrumentation' => true,
|
153
|
-
'enable_intercept_requests' => true,
|
154
|
-
'instrument_for_events' => true,
|
155
|
-
'enabled_instrumentations' => {
|
156
|
-
'enabled_instrumentations_level' => 'blah',
|
157
|
-
'doorkeeper' => true,
|
158
|
-
'devise' => true,
|
159
|
-
'authlogic' => true
|
160
|
-
}
|
161
|
-
}
|
162
|
-
]
|
163
|
-
}
|
164
|
-
|
165
|
-
messages = Validate.get_unknown_options(config_json)
|
166
|
-
|
167
|
-
expect(messages.sort).to eq(
|
168
|
-
[
|
169
|
-
'Unrecognized config setting key: data_ex_level',
|
170
|
-
'Unrecognized config setting key: enabled_instrumentations_level',
|
171
|
-
'Unrecognized config setting key: first_level',
|
172
|
-
'Unrecognized config setting key: logging_level',
|
173
|
-
'Unrecognized config setting key: second_level'
|
174
|
-
]
|
175
|
-
)
|
176
|
-
end
|
177
|
-
end
|
178
|
-
|
179
|
-
context 'with a config json that has more than one application' do
|
180
|
-
it 'should report the misconfiguration' do
|
181
|
-
config_json = { 'version' => 1, 'applications' => [{}, {}] }
|
182
|
-
|
183
|
-
messages = Validate.get_unknown_options(config_json)
|
184
|
-
|
185
|
-
expect(messages.sort).to eq(
|
186
|
-
[
|
187
|
-
'Multiple applications detected in config file'
|
188
|
-
]
|
189
|
-
)
|
190
|
-
end
|
191
|
-
end
|
192
|
-
end
|
193
|
-
end
|
194
|
-
end
|
195
|
-
end
|