tcell_agent 2.1.2 → 2.4.1

data/lib/tcell_agent/rails/dlp/process_request.rb

@@ -37,6 +37,7 @@ module TCellAgent
       dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
       tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
       return unless tcell_context && dataex_policy && dataex_policy.actions_for_form_parameter?
+
       for_params(request) do |_method, param_name, param_value|
         actions = dataex_policy.get_actions_for_form_parameter(param_name, tcell_context.route_id)
         if actions
@@ -51,11 +52,13 @@ module TCellAgent
       dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
       tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
       return unless tcell_context && dataex_policy && dataex_policy.actions_for_headers?
+
       headers = request.env.select { |k, _v| k.start_with? 'HTTP_' }
       headers.each do |header_name, header_value|
         header_name = header_name.sub(/^HTTP_/, '').tr('_', '-')
         actions = dataex_policy.get_actions_for_header(header_name)
         next unless actions
+
         actions.each do |action|
           tcell_context.add_filter_for_header_value(header_value, action, header_name)
         end
@@ -66,9 +69,11 @@ module TCellAgent
       dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
       tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
       return unless tcell_context && dataex_policy && dataex_policy.actions_for_cookie?
+
       request.cookies.each do |cookie_name, cookie_value|
         actions = dataex_policy.get_actions_for_cookie(cookie_name)
         next unless actions
+
         actions.each do |action|
           tcell_context.add_filter_for_cookie_value(cookie_value, action, cookie_name)
         end

data/lib/tcell_agent/rails/dlp_handler.rb

@@ -39,19 +39,18 @@ module TCellAgent
 
           TCellAgent::Instrumentation.safe_block('DLP Handler get handler and context') do
             if TCellAgent.configuration.should_instrument? &&
-               TCellAgent.configuration.should_intercept_requests?
+               TCellAgent.configuration.should_intercept_requests? &&
+               TCellAgent::Utils::Rails.processable_response?(response_headers)
 
               # do all this work so that dlp doesn't run at all unless it's on and there
               # are rules to run
-              if TCellAgent::Utils::Rails.processable_response?(response_headers)
-                dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
-                if dlp_policy && dlp_policy.get_actions_for_session_id
-                  tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
-                  if tcell_context && tcell_context.session_id
-                    dlp_handler = proc { |tc, resp|
-                      handle_dlp!(tc, resp)
-                    }
-                  end
+              dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
+              if dlp_policy && dlp_policy.get_actions_for_session_id
+                tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
+                if tcell_context && tcell_context.session_id
+                  dlp_handler = proc { |tc, resp|
+                    handle_dlp!(tc, resp)
+                  }
                 end
               end
             end

data/lib/tcell_agent/rails/js_agent_insert.rb

@@ -4,8 +4,7 @@ module TCellAgent
   module Instrumentation
     module Rails
       module JSAgent
-        HEAD_SEARCH_REGEX = /<head>/
-
+        HEAD_SEARCH_REGEX = Regexp.new('(<head>|<head( |\n).*?>)', Regexp::IGNORECASE)
         def self.insert_now(js_agent_handler, script_insert, rack_body, content_length)
           TCellAgent::Instrumentation.safe_block('Handling JSAgent Insert Now') do
             if js_agent_handler
@@ -32,7 +31,7 @@ module TCellAgent
           TCellAgent::Instrumentation.safe_block('Handling JSAgent insert') do
             new_response = response.sub(
               TCellAgent::Instrumentation::Rails::JSAgent::HEAD_SEARCH_REGEX,
-              "<head>#{script_insert}"
+              "\\1#{script_insert}"
             )
           end
 

data/lib/tcell_agent/rails/middleware/context_middleware.rb

@@ -26,7 +26,8 @@ module TCellAgent
                 env[TCellAgent::Instrumentation::TCELL_ID].path = request.path
                 env[TCellAgent::Instrumentation::TCELL_ID].user_agent = request.user_agent
                 env[TCellAgent::Instrumentation::TCELL_ID].referrer = request.referrer
-                env[TCellAgent::Instrumentation::TCELL_ID].remote_address = TCellAgent::Utils::Rails.better_ip(request)
+                env[TCellAgent::Instrumentation::TCELL_ID].remote_address = request.ip
+                env[TCellAgent::Instrumentation::TCELL_ID].reverse_proxy_header_value = TCellAgent::Utils::Rails.reverse_proxy_header(request)
                 if request.request_method
                   env[TCellAgent::Instrumentation::TCELL_ID].request_method = request.request_method
                 end

data/lib/tcell_agent/rails/middleware/global_middleware.rb

@@ -7,7 +7,7 @@ require 'tcell_agent/sensor_events/sensor'
 require 'tcell_agent/sensor_events/server_agent'
 require 'tcell_agent/sensor_events/util/sanitizer_utilities'
 
-require 'tcell_agent/userinfo'
+require 'tcell_agent/rails/auth/userinfo'
 require 'cgi'
 
 require 'tcell_agent/instrumentation'
@@ -24,6 +24,7 @@ module TCellAgent
           def call(env)
             if TCellAgent.configuration.should_intercept_requests?
               request = Rack::Request.new(env)
+
               TCellAgent::Instrumentation.safe_block('Setting session_id & user_id') do
                 if request.session
                   env[TCellAgent::Instrumentation::TCELL_ID].session_id =
@@ -41,9 +42,7 @@ module TCellAgent
               end
             end
 
-            response = @app.call(env)
-
-            response
+            @app.call(env)
           end
         end
       end

data/lib/tcell_agent/rails/middleware/headers_middleware.rb

@@ -39,6 +39,7 @@ module TCellAgent
             TCellAgent::Instrumentation.safe_block('Handling headers') do
               headers_policy = TCellAgent.policy(TCellAgent::PolicyTypes::HEADERS)
               policy_headers = headers_policy.get_headers(
+                headers['Content-Type'],
                 request.env[TCellAgent::Instrumentation::TCELL_ID]
               )
               policy_headers.each do |header_info|

data/lib/tcell_agent/rails/{on_start.rb → railties/tcell_agent_railties.rb}

@@ -2,36 +2,21 @@
 
 require 'rails'
 
-require 'tcell_agent/rails/routes'
-
 require 'tcell_agent/rails/middleware/global_middleware'
 require 'tcell_agent/rails/middleware/body_filter_middleware'
 require 'tcell_agent/rails/middleware/headers_middleware'
 require 'tcell_agent/rails/middleware/context_middleware'
 
+require 'tcell_agent/rails/routes'
 require 'tcell_agent/rails/settings_reporter'
 require 'tcell_agent/rails/dlp'
 require 'tcell_agent/rails/csrf_exception'
 
-require 'tcell_agent/userinfo'
 require 'cgi'
 require 'thread'
 
 module TCellAgent
   class TCellAgentStartupRailtie < Rails::Railtie
-    # TCellAgent config can be specified thru
-    # Rails initializer's (https://guides.rubyonrails.org/v2.3/configuring.html#using-initializers)
-    # so those need to run first since this relies on configuration
-    initializer :tcell_instrument_auth_frameworks, :after => :load_config_initializers do |_app|
-      next unless TCellAgent.configuration.should_instrument?
-
-      require 'tcell_agent/devise'
-      require 'tcell_agent/rails/auth/devise'
-      require 'tcell_agent/authlogic'
-      require 'tcell_agent/rails/auth/authlogic'
-      require 'tcell_agent/rails/auth/doorkeeper'
-    end
-
     initializer :tcell_insert_middleware, :before => :build_middleware_stack do |app|
       app.config.middleware.insert_before(0, TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware)
       app.config.middleware.insert_after(0, TCellAgent::Instrumentation::Rails::Middleware::HeadersMiddleware)
@@ -39,4 +24,12 @@ module TCellAgent
       app.config.middleware.use TCellAgent::Instrumentation::Rails::Middleware::GlobalMiddleware
     end
   end
+
+  class TCellAgentCSRFRailtie < Rails::Railtie
+    initializer 'tcell.sensors' do |_app|
+      ActiveSupport.on_load :action_controller do
+        ActionController::Base.send(:include, TCellAgent::CsrfExceptionReporter)
+      end
+    end
+  end
 end

data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb

@@ -0,0 +1,8 @@
+module TCellAgent
+  class TCellAgentStartupRailtie < Rails::Railtie
+    initializer :start_tcell_agent,
+                :after => :load_config_initializers do |_app|
+      TCellAgent.thread_agent.start('Unicorn')
+    end
+  end
+end

data/lib/tcell_agent/rails/routes.rb

@@ -136,8 +136,7 @@ module TCellAgent
               prepend_around_filter :tcell_around_filter_routes
             end
             def tcell_around_filter_routes
-              if TCellAgent.configuration.should_instrument? &&
-                 TCellAgent.configuration.should_intercept_requests?
+              if TCellAgent.configuration.should_intercept_requests?
                 TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
                   _match, parameters, route = ::Rails.application.routes.router.recognize(request) { |r, _| r }.first
 
@@ -192,8 +191,7 @@ module TCellAgent
         ActionDispatch::Journey::Router.class_eval do
           alias_method :tcell_serve, :serve
           def serve(req)
-            if TCellAgent.configuration.should_instrument? &&
-               TCellAgent.configuration.should_intercept_requests?
+            if TCellAgent.configuration.should_intercept_requests?
               TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
                 _match, parameters, route = find_routes(req).first
 
@@ -220,8 +218,7 @@ module TCellAgent
           def call(env)
             env['PATH_INFO'] = ActionDispatch::Journey::Router::Utils.normalize_path(env['PATH_INFO'])
 
-            if TCellAgent.configuration.should_instrument? &&
-               TCellAgent.configuration.should_intercept_requests?
+            if TCellAgent.configuration.should_intercept_requests?
               TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
                 _match, parameters, route = find_routes(env).first
 

data/lib/tcell_agent/rails/routes/grape.rb

@@ -7,8 +7,9 @@ module TCellAgent
         begin
           return route.app < Grape::API if ::Rails::VERSION::MAJOR == 4 &&
                                            ::Rails::VERSION::MINOR < 2
+
           return route.app.app < Grape::API
-        rescue StandardError # rubocop:disable Lint/HandleExceptions
+        rescue StandardError
           # do nothing
         end
       end
@@ -70,9 +71,7 @@ module TCellAgent
       Grape::Endpoint.class_eval do
         alias_method :tcell_call!, :call!
         def call!(env)
-          if TCellAgent.configuration.should_instrument? &&
-             TCellAgent.configuration.should_intercept_requests?
-
+          if TCellAgent.configuration.should_intercept_requests?
             TCellAgent::Instrumentation.safe_block('Determining Rails Route ID') do
               tcell_context = env[TCellAgent::Instrumentation::TCELL_ID]
               if tcell_context && tcell_context.grape_mount_endpoint && respond_to?(:routes)

data/lib/tcell_agent/rails/settings_reporter.rb

@@ -6,12 +6,9 @@ require 'tcell_agent/sensor_events/server_agent'
 module TCellAgent
   module Instrumentation
     module Rails
-      def self.send_framework_info
-        TCellAgent.send_event(
-          TCellAgent::SensorEvents::ServerAgentAppFrameworkEvent.new(
-            'Rails', ::Rails.version
-          )
-        )
+      def self.framework_details
+        { 'app_framework' => 'Rails',
+          'app_framework_version' => ::Rails.version }
       end
 
       def self.send_settings

data/lib/tcell_agent/rails/tcell_body_proxy.rb

@@ -31,7 +31,6 @@ module TCellAgent
           TCellAgent::Instrumentation.safe_block('Running AppSensor deferred due to streaming') do
             if @meta_data
               @meta_data.response_content_bytes_len = @content_length
-
               appfirewall_policy = TCellAgent.policy(TCellAgent::PolicyTypes::APPSENSOR)
               appfirewall_policy.check_appfirewall_injections(@meta_data)
             end
@@ -54,18 +53,16 @@ module TCellAgent
           @body.respond_to?(method_name, include_all)
         end
 
-        def method_missing(method_name, *args, &block) # rubocop:disable Style/MethodMissing
+        def method_missing(method_name, *args, &block)
           @body.__send__(method_name, *args, &block)
         end
 
         def process_body(body)
           TCellAgent::Instrumentation.safe_block('Processing tcell body proxy body') do
             chunked_response_match = nil
-            if body.class.name == 'String'
-              if body =~ /^([[:xdigit:]]+)(;.+)?\r\n/
-                chunked_response_match = Regexp.last_match(1)
-                @content_length += chunked_response_match.to_i(16)
-              end
+            if body.class.name == 'String' && body =~ /^([[:xdigit:]]+)(;.+)?\r\n/
+              chunked_response_match = Regexp.last_match(1)
+              @content_length += chunked_response_match.to_i(16)
             end
 
             new_body = body

data/lib/tcell_agent/routes/table.rb

@@ -2,6 +2,7 @@ module TCellAgent
   module Routes
     class FieldEndpoint
       attr_accessor :discovered
+
       def initialize
         super()
         @discovered = false
@@ -11,6 +12,7 @@ module TCellAgent
     class RouteEndpoint
       attr_accessor :database
       attr_accessor :database_queries_discovered
+
       def initialize
         @database_queries_discovered = {}
         @database = Hash.new do |d_h, d_k| # Database
@@ -27,6 +29,7 @@ module TCellAgent
 
     class RouteTable
       attr_accessor :routes
+
       def initialize
         @routes = Hash.new { |h, k| h[k] = RouteEndpoint.new }
       end

data/lib/tcell_agent/rust/agent_config.rb

@@ -1,48 +1,74 @@
+# frozen_string_literal: true
+
 require 'tcell_agent/version'
+require 'tcell_agent/rust/models'
 
 module TCellAgent
   module Rust
     class AgentConfig < Hash
       def initialize(configuration)
-        send_mode = 'Normal'
-        send_mode = 'Demo' if configuration.demomode
-
-        logging_options = configuration.clean_logging_options
-        unless configuration.js_agent_api_base_url
-          parsed_uri = URI.parse(configuration.tcell_api_url)
-          api_url = [parsed_uri.scheme, '://', parsed_uri.host]
-          api_url.push(":#{parsed_uri.port}") unless [80, 443].include?(parsed_uri.port)
-          configuration.js_agent_api_base_url = "#{api_url.join('')}/api/v1"
-        end
-
-        self['disable_event_sending'] = !configuration.should_start_event_manager?
-        self['send_mode'] = send_mode
         self['agent_type'] = 'Ruby'
         self['agent_version'] = TCellAgent::VERSION
-        self['diagnostics_enabled'] = false
-        self['application'] = {
+        self['default_cache_dir'] = File.join(Dir.getwd, 'tcell/cache')
+        self['default_config_file_dir'] = File.join(Dir.getwd, 'config')
+        self['default_log_dir'] = File.join(Dir.getwd, 'tcell/logs')
+        self['default_preload_policy_file_dir'] = Dir.getwd
+
+        if defined?(ConfigInitializer)
+          overrides = Models.clean_nils(AgentConfigOverrides.new(configuration))
+          self['overrides'] = overrides
+        else
+          self['overrides'] = { 'applications' => [{ :enable_json_body_inspection => true }],
+                                'config_file_path' => configuration.get_config_file_path }
+        end
+
+        set_agent_details
+      end
+
+      def set_agent_details
+        framework_details = if defined?(Rails)
+                              TCellAgent::Instrumentation::Rails.framework_details
+                            else
+                              {}
+                            end
+
+        self['agent_details'] = { 'language' => 'Ruby',
+                                  'language_version' => RUBY_VERSION,
+                                  'app_framework' => framework_details['app_framework'],
+                                  'app_framework_version' => framework_details['app_framework_version'] }
+      end
+    end
+
+    class AgentConfigOverrides < Hash
+      def initialize(configuration)
+        applications = {
+          :allow_payloads => configuration.allow_payloads,
+          :api_key => configuration.api_key,
           :app_id => configuration.app_id,
-          :api_key =>  configuration.api_key,
-          :tcell_api_url => configuration.tcell_api_url,
-          :tcell_input_url => configuration.tcell_input_url,
+          :enable_json_body_inspection => true,
           :hmac_key => configuration.hmac_key,
+          :max_header_size => configuration.max_csp_header_bytes,
           :password_hmac_key => configuration.password_hmac_key,
-          :allow_payloads => configuration.allow_payloads,
-          :js_agent_api_base_url => configuration.js_agent_api_base_url,
-          :js_agent_url => configuration.js_agent_url,
-          :cache_dir => configuration.cache_folder,
-          :log_dir => configuration.agent_log_dir,
-          :logging_options => logging_options,
-          :host_identifier => configuration.host_identifier,
-          :reverse_proxy_ip_address_header => configuration.reverse_proxy_ip_address_header,
-          :fetch_policies_from_tcell => configuration.should_start_policy_poll?,
-          :preload_policy_filename => configuration.preload_policy_filename
+          :reverse_proxy => configuration.reverse_proxy,
+          :reverse_proxy_ip_address_header => configuration.reverse_proxy_ip_address_header
         }
-        self['appfirewall'] = {
-          :enable_body_json_inspection => true,
-          :allow_log_payloads => true
-        }
-        self['max_header_size'] = configuration.max_csp_header_bytes || (1024 * 1024)
+
+        self['api_url'] = configuration.tcell_api_url
+        self['applications'] = [Models.clean_nils(applications)]
+        self['config_file_path'] = configuration.get_config_file_path
+        self['disabled_instrumentation'] = configuration.disabled_instrumentation
+        self['enabled'] = configuration.enabled
+        self['host_identifier'] = configuration.host_identifier
+        self['input_url'] = configuration.tcell_input_url
+        self['instrument'] = configuration.instrument
+        self['js_agent_api_url'] = configuration.js_agent_api_base_url
+        self['js_agent_url'] = configuration.js_agent_url
+        self['log_destination'] = configuration.logging_options[:destination]
+        self['log_dir'] = configuration.log_dir
+        self['log_enabled'] = configuration.logging_options[:enabled]
+        self['log_filename'] = configuration.logging_options[:log_filename]
+        self['log_level'] = configuration.logging_options[:level]
+        self['update_policy'] = configuration.fetch_policies_from_tcell
       end
     end
   end

data/lib/tcell_agent/rust/models.rb

@@ -13,6 +13,15 @@ module TCellAgent
 
         flattened_params
       end
+
+      def self.clean_nils(hash)
+        if hash.respond_to?(:compact!)
+          hash.compact!
+        else
+          hash.delete_if { |_, v| v.nil? }
+        end
+        hash
+      end
     end
   end
 end