tcell_agent 2.1.2 → 2.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE +2 -2
- data/bin/tcell_agent +41 -150
- data/lib/tcell_agent.rb +8 -16
- data/lib/tcell_agent/agent.rb +87 -52
- data/lib/tcell_agent/config_initializer.rb +62 -0
- data/lib/tcell_agent/configuration.rb +72 -267
- data/lib/tcell_agent/hooks/login_fraud.rb +1 -1
- data/lib/tcell_agent/instrument_servers.rb +14 -18
- data/lib/tcell_agent/instrumentation.rb +14 -6
- data/lib/tcell_agent/instrumentation/cmdi.rb +32 -0
- data/lib/tcell_agent/instrumentation/lfi.rb +55 -9
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/file.rb +21 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/io.rb +75 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/kernel.rb +80 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/file.rb +21 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/io.rb +75 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/kernel.rb +80 -0
- data/lib/tcell_agent/logger.rb +3 -4
- data/lib/tcell_agent/policies/dataloss_policy.rb +15 -8
- data/lib/tcell_agent/policies/headers_policy.rb +2 -2
- data/lib/tcell_agent/policies/patches_policy.rb +8 -4
- data/lib/tcell_agent/policies/policies_manager.rb +1 -0
- data/lib/tcell_agent/policies/policy_polling.rb +4 -3
- data/lib/tcell_agent/rails/auth/authlogic.rb +49 -44
- data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
- data/lib/tcell_agent/rails/auth/devise.rb +103 -102
- data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +54 -57
- data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
- data/lib/tcell_agent/rails/better_ip.rb +7 -19
- data/lib/tcell_agent/rails/csrf_exception.rb +0 -8
- data/lib/tcell_agent/rails/dlp.rb +48 -52
- data/lib/tcell_agent/rails/dlp/process_request.rb +5 -0
- data/lib/tcell_agent/rails/dlp_handler.rb +9 -10
- data/lib/tcell_agent/rails/js_agent_insert.rb +2 -3
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -1
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +3 -4
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +1 -0
- data/lib/tcell_agent/rails/{on_start.rb → railties/tcell_agent_railties.rb} +9 -16
- data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
- data/lib/tcell_agent/rails/routes.rb +3 -6
- data/lib/tcell_agent/rails/routes/grape.rb +3 -4
- data/lib/tcell_agent/rails/settings_reporter.rb +3 -6
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +4 -7
- data/lib/tcell_agent/routes/table.rb +3 -0
- data/lib/tcell_agent/rust/agent_config.rb +59 -33
- data/lib/tcell_agent/rust/{libtcellagent-4.18.0.so → libtcellagent-alpine.so} +0 -0
- data/lib/tcell_agent/rust/libtcellagent-x64.dll +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-4.18.0.dylib → libtcellagent.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-4.18.0.so → libtcellagent.so} +0 -0
- data/lib/tcell_agent/rust/models.rb +9 -0
- data/lib/tcell_agent/rust/native_agent.rb +58 -50
- data/lib/tcell_agent/rust/native_library.rb +8 -10
- data/lib/tcell_agent/sensor_events/server_agent.rb +3 -100
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +1 -0
- data/lib/tcell_agent/servers/puma.rb +30 -13
- data/lib/tcell_agent/servers/rack_puma_handler.rb +33 -0
- data/lib/tcell_agent/servers/rails_server.rb +4 -4
- data/lib/tcell_agent/servers/unicorn.rb +1 -1
- data/lib/tcell_agent/servers/webrick.rb +12 -3
- data/lib/tcell_agent/settings_reporter.rb +0 -93
- data/lib/tcell_agent/sinatra.rb +1 -0
- data/lib/tcell_agent/tcell_context.rb +16 -7
- data/lib/tcell_agent/utils/headers.rb +0 -1
- data/lib/tcell_agent/utils/strings.rb +2 -2
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/cruby_spec_helper.rb +26 -0
- data/spec/lib/tcell_agent/configuration_spec.rb +62 -212
- data/spec/lib/tcell_agent/instrument_servers_spec.rb +95 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +2 -2
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +211 -272
- data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +207 -223
- data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +89 -70
- data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +73 -0
- data/spec/lib/tcell_agent/patches_spec.rb +2 -1
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +1 -2
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +5 -6
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +21 -2
- data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +1 -1
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +14 -8
- data/spec/lib/tcell_agent/rails/better_ip_spec.rb +9 -11
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +6 -6
- data/spec/lib/tcell_agent/rails/dlp_spec.rb +1 -0
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +10 -2
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +2 -1
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +4 -4
- data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +2 -89
- data/spec/lib/tcell_agent/tcell_context_spec.rb +6 -5
- data/spec/spec_helper.rb +9 -1
- data/spec/support/builders.rb +8 -7
- data/spec/support/server_mocks/passenger_mock.rb +7 -0
- data/spec/support/server_mocks/puma_mock.rb +21 -0
- data/spec/support/server_mocks/rails_mock.rb +7 -0
- data/spec/support/server_mocks/thin_mock.rb +7 -0
- data/spec/support/server_mocks/unicorn_mock.rb +11 -0
- data/spec/support/shared_spec.rb +29 -0
- data/tcell_agent.gemspec +14 -14
- metadata +44 -27
- data/Rakefile +0 -18
- data/lib/tcell_agent/authlogic.rb +0 -23
- data/lib/tcell_agent/config/unknown_options.rb +0 -119
- data/lib/tcell_agent/devise.rb +0 -33
- data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +0 -25
- data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +0 -131
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +0 -102
- data/lib/tcell_agent/rails/start_agent_after_initializers.rb +0 -12
- data/lib/tcell_agent/rust/tcellagent-4.18.0.dll +0 -0
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -195
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
def test_rails
|
|
4
|
+
expect(Rails::Server.instance_methods.include?(:tcell_build_app)).to be_truthy
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def test_thin
|
|
8
|
+
expect(Thin::Server.instance_methods.include?(:original_start)).to be_truthy
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def test_unicorn
|
|
12
|
+
expect(Unicorn::HttpServer::START_CTX[0]).to be_falsy
|
|
13
|
+
expect(Unicorn::HttpServer.instance_methods.include?(:tcell_init_worker_process)).to be_truthy
|
|
14
|
+
expect(Unicorn::HttpServer.instance_methods.include?(:tcell_load_config!)).to be_truthy
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def test_passenger
|
|
18
|
+
expect(PhusionPassenger::LoaderSharedHelpers.instance_methods.include?(:tcell_before_handling_requests))
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def test_puma
|
|
22
|
+
expect(Puma.cli_config.options[:preload_app]).to be_falsey
|
|
23
|
+
expect(Puma::Server.instance_methods.include?(:tcell_original_run)).to be_truthy
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def test_server(filenames, funcs)
|
|
27
|
+
fork do
|
|
28
|
+
filenames.each do |file|
|
|
29
|
+
load file
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
load 'tcell_agent/instrument_servers.rb'
|
|
33
|
+
|
|
34
|
+
funcs.each do |func|
|
|
35
|
+
method(func).call
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
describe 'instrument_servers' do
|
|
41
|
+
context 'with single server dependency' do
|
|
42
|
+
context 'with webrick server' do
|
|
43
|
+
it 'should instrument Webrick' do
|
|
44
|
+
mocks = ['spec/support/server_mocks/rails_mock.rb']
|
|
45
|
+
tests = [:test_rails]
|
|
46
|
+
test_server(mocks, tests)
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
context 'with Thin server' do
|
|
51
|
+
it 'should instrument Thin' do
|
|
52
|
+
mocks = ['spec/support/server_mocks/thin_mock.rb']
|
|
53
|
+
tests = [:test_thin]
|
|
54
|
+
test_server(mocks, tests)
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
context 'with Puma server' do
|
|
59
|
+
it 'should instrument Puma' do
|
|
60
|
+
mocks = ['spec/support/server_mocks/puma_mock.rb']
|
|
61
|
+
tests = [:test_puma]
|
|
62
|
+
test_server(mocks, tests)
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
context 'with Unicorn server' do
|
|
67
|
+
it 'should instrument Unicorn' do
|
|
68
|
+
mocks = ['spec/support/server_mocks/unicorn_mock.rb']
|
|
69
|
+
tests = [:test_unicorn]
|
|
70
|
+
test_server(mocks, tests)
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
context 'with Passenger server' do
|
|
75
|
+
it 'should instrument Unicorn' do
|
|
76
|
+
mocks = ['spec/support/server_mocks/passenger_mock.rb']
|
|
77
|
+
tests = [:test_passenger]
|
|
78
|
+
test_server(mocks, tests)
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
context 'with multiple server dependencies' do
|
|
83
|
+
it 'should instrument all servers available' do
|
|
84
|
+
mocks = ['spec/support/server_mocks/rails_mock.rb',
|
|
85
|
+
'spec/support/server_mocks/thin_mock.rb',
|
|
86
|
+
'spec/support/server_mocks/puma_mock.rb',
|
|
87
|
+
'spec/support/server_mocks/unicorn_mock.rb',
|
|
88
|
+
'spec/support/server_mocks/passenger_mock.rb']
|
|
89
|
+
|
|
90
|
+
tests = %i[test_rails test_thin test_puma test_unicorn test_passenger]
|
|
91
|
+
|
|
92
|
+
test_server(mocks, tests)
|
|
93
|
+
end
|
|
94
|
+
end
|
|
95
|
+
end
|
|
@@ -262,10 +262,10 @@ describe IO do
|
|
|
262
262
|
IO.popen(@env, %w[echo test], 'w+', :unsetenv_others => true)
|
|
263
263
|
|
|
264
264
|
expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
|
|
265
|
-
IO.popen([@env, 'echo', 'test', :unsetenv_others => true], 'w+')
|
|
265
|
+
IO.popen([@env, 'echo', 'test', { :unsetenv_others => true }], 'w+')
|
|
266
266
|
|
|
267
267
|
expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
|
|
268
|
-
IO.popen(@env, [@env, 'echo', 'test', :unsetenv_others => true], 'w+', :err => %i[child out])
|
|
268
|
+
IO.popen(@env, [@env, 'echo', 'test', { :unsetenv_others => true }], 'w+', :err => %i[child out])
|
|
269
269
|
end
|
|
270
270
|
end
|
|
271
271
|
end
|
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
# rubocop:disable Style/HashSyntax
|
|
2
|
+
# rubocop:disable Lint/UselessAssignment
|
|
3
|
+
|
|
1
4
|
require 'spec_helper'
|
|
2
5
|
require 'securerandom'
|
|
3
6
|
|
|
@@ -12,7 +15,7 @@ describe 'File' do
|
|
|
12
15
|
)
|
|
13
16
|
@filename = get_test_resource_path('lfi_sample_file.txt')
|
|
14
17
|
@file_contents = "This is line one.\nThis is line two.\n"
|
|
15
|
-
@new_file_name =
|
|
18
|
+
@new_file_name = NEW_FILE_NAME
|
|
16
19
|
end
|
|
17
20
|
|
|
18
21
|
describe '.new' do
|
|
@@ -29,298 +32,234 @@ describe 'File' do
|
|
|
29
32
|
end.to raise_error(Errno::ENOENT)
|
|
30
33
|
end
|
|
31
34
|
end
|
|
32
|
-
context 'with a non-existent file' do
|
|
33
|
-
context 'with a directory not blocked for read/write' do
|
|
34
|
-
before(:each) do
|
|
35
|
-
expect(TCellAgent).to receive(:policy).with(
|
|
36
|
-
TCellAgent::PolicyTypes::LFI
|
|
37
|
-
).and_return(@local_files_policy)
|
|
38
|
-
expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
|
|
39
|
-
end
|
|
40
|
-
context 'with a filename and mode r' do
|
|
41
|
-
it 'should raise an ERRNO::ENOENT error' do
|
|
42
|
-
expect do
|
|
43
|
-
File.new(@new_file_name, 'r')
|
|
44
|
-
end.to raise_error(Errno::ENOENT)
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
context 'with a filename and mode w' do
|
|
48
|
-
it 'should create the file' do
|
|
49
|
-
File.new(@new_file_name, 'w')
|
|
50
35
|
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
File.new(@new_file_name, 'w', 0o644)
|
|
58
|
-
|
|
59
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
60
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
|
|
61
|
-
File.delete(@new_file_name)
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
context 'with a filename and write mode and file permissions 755' do
|
|
65
|
-
it 'should create the file with the correct permissions' do
|
|
66
|
-
File.new(@new_file_name, 'w', 0o755)
|
|
67
|
-
|
|
68
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
69
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
70
|
-
File.delete(@new_file_name)
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
context 'with a filename and write mode and file permissions 777' do
|
|
74
|
-
it 'should create the file with permissions 755' do
|
|
75
|
-
File.new(@new_file_name, 'w', 0o777)
|
|
76
|
-
|
|
77
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
78
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
79
|
-
File.delete(@new_file_name)
|
|
80
|
-
end
|
|
81
|
-
end
|
|
36
|
+
context 'with a file not blocked for read/write' do
|
|
37
|
+
before(:each) do
|
|
38
|
+
expect(TCellAgent).to receive(:policy).with(
|
|
39
|
+
TCellAgent::PolicyTypes::LFI
|
|
40
|
+
).and_return(@local_files_policy)
|
|
41
|
+
expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
|
|
82
42
|
end
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
43
|
+
|
|
44
|
+
after(:each) do |example|
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
it 'raises an ERRNO::ENOENT error', :file_created => false do
|
|
48
|
+
expect do
|
|
49
|
+
File.new(@new_file_name, 'r')
|
|
50
|
+
end.to raise_error(Errno::ENOENT)
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
it 'creates the file when passed mode w' do
|
|
54
|
+
File.new(@new_file_name, 'w')
|
|
55
|
+
|
|
56
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
57
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
it 'creates the file with the correct permissions' do
|
|
61
|
+
File.new(@new_file_name, 'w', 0o644)
|
|
62
|
+
|
|
63
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
|
|
64
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
65
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
it 'creates the file with the correct permissions' do
|
|
69
|
+
File.new(@new_file_name, 'w', 0o755)
|
|
70
|
+
|
|
71
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
72
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
73
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
it 'reads the file' do
|
|
77
|
+
result = File.new(@filename).read
|
|
78
|
+
expect(result).to eq @file_contents
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
it 'reads the file when passed a mode' do
|
|
82
|
+
result = File.new(@filename, 'r').read
|
|
83
|
+
expect(result).to eq @file_contents
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
it 'writes to the file' do
|
|
87
|
+
file = File.new('/dev/null', 'w')
|
|
88
|
+
expect(file.write('dummy message')).to eq 13
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
it 'appends to the file' do
|
|
92
|
+
file = File.new('/dev/null', 'a')
|
|
93
|
+
expect(file.write('dummy message')).to eq 13
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
context 'using mode, permission, binmode opt' do
|
|
97
|
+
after :each do
|
|
98
|
+
expect(@result.binmode?).to be_truthy
|
|
99
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
100
|
+
|
|
101
|
+
File.delete(@new_file_name)
|
|
103
102
|
end
|
|
103
|
+
|
|
104
|
+
test_ruby2_ruby3_keywords(File,
|
|
105
|
+
'new',
|
|
106
|
+
[NEW_FILE_NAME, 'w', 0o755],
|
|
107
|
+
{ binmode: true },
|
|
108
|
+
nil)
|
|
104
109
|
end
|
|
105
110
|
end
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
end
|
|
114
|
-
context 'with a filename' do
|
|
115
|
-
it 'should still be able to read the file' do
|
|
116
|
-
result = File.new(@filename).read
|
|
117
|
-
expect(result).to eq @file_contents
|
|
118
|
-
end
|
|
119
|
-
end
|
|
120
|
-
context 'with a filename and mode r' do
|
|
121
|
-
it 'should still be able to read the file' do
|
|
122
|
-
result = File.new(@filename, 'r').read
|
|
123
|
-
expect(result).to eq @file_contents
|
|
124
|
-
end
|
|
125
|
-
end
|
|
126
|
-
context 'with a filenname and mode w' do
|
|
127
|
-
it 'should still be able to write to a file' do
|
|
128
|
-
file = File.new('/dev/null', 'w')
|
|
129
|
-
expect(file.write('dummy message')).to eq 13
|
|
130
|
-
end
|
|
131
|
-
end
|
|
132
|
-
context 'with a filenname and mode a' do
|
|
133
|
-
it 'should still be able to write to a file' do
|
|
134
|
-
file = File.new('/dev/null', 'a')
|
|
135
|
-
expect(file.write('dummy message')).to eq 13
|
|
136
|
-
end
|
|
137
|
-
end
|
|
111
|
+
|
|
112
|
+
context 'with a file blocked for read/write' do
|
|
113
|
+
before(:each) do
|
|
114
|
+
expect(TCellAgent).to receive(:policy).with(
|
|
115
|
+
TCellAgent::PolicyTypes::LFI
|
|
116
|
+
).and_return(@local_files_policy)
|
|
117
|
+
expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
|
|
138
118
|
end
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
end
|
|
119
|
+
|
|
120
|
+
it 'raises an IOError' do
|
|
121
|
+
expect do
|
|
122
|
+
File.new(@new_file_name, 'w')
|
|
123
|
+
end.to raise_error(IOError)
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
it 'raises an IOError' do
|
|
127
|
+
expect do
|
|
128
|
+
File.new(@new_file_name, 'w', 644)
|
|
129
|
+
end.to raise_error(IOError)
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
it 'raises an IOError' do
|
|
133
|
+
expect do
|
|
134
|
+
File.new(@filename)
|
|
135
|
+
end.to raise_error(IOError)
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
it 'raises an IOError' do
|
|
139
|
+
expect do
|
|
140
|
+
File.new(@filename, 'r')
|
|
141
|
+
end.to raise_error(IOError)
|
|
142
|
+
end
|
|
143
|
+
it 'raises an IOError' do
|
|
144
|
+
expect do
|
|
145
|
+
File.new('/dev/null', 'w')
|
|
146
|
+
end.to raise_error(IOError)
|
|
167
147
|
end
|
|
168
148
|
end
|
|
169
149
|
end
|
|
170
150
|
|
|
171
151
|
describe '.open' do
|
|
172
|
-
context '
|
|
173
|
-
|
|
174
|
-
expect
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
expect
|
|
178
|
-
|
|
179
|
-
|
|
152
|
+
context 'with a file not blocked for read/write' do
|
|
153
|
+
before(:each) do
|
|
154
|
+
expect(TCellAgent).to receive(:policy).with(
|
|
155
|
+
TCellAgent::PolicyTypes::LFI
|
|
156
|
+
).and_return(@local_files_policy)
|
|
157
|
+
expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
it 'raises an ERRNO::ENOENT error', :file_created => false do
|
|
180
161
|
expect do
|
|
181
|
-
File.open('')
|
|
162
|
+
File.open(@new_file_name, 'r')
|
|
182
163
|
end.to raise_error(Errno::ENOENT)
|
|
183
164
|
end
|
|
184
|
-
end
|
|
185
|
-
context 'with a non-existent file' do
|
|
186
|
-
before(:all) do
|
|
187
|
-
@new_file_name = '/tmp/' + SecureRandom.uuid
|
|
188
|
-
end
|
|
189
|
-
context 'with a directory not blocked for read/write' do
|
|
190
|
-
before(:each) do
|
|
191
|
-
expect(TCellAgent).to receive(:policy).with(
|
|
192
|
-
TCellAgent::PolicyTypes::LFI
|
|
193
|
-
).and_return(@local_files_policy)
|
|
194
|
-
expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
|
|
195
|
-
end
|
|
196
|
-
context 'with a filename and mode r' do
|
|
197
|
-
it 'should raise an ERRNO::ENOENT error' do
|
|
198
|
-
expect do
|
|
199
|
-
File.open(@new_file_name, 'r')
|
|
200
|
-
end.to raise_error(Errno::ENOENT)
|
|
201
|
-
end
|
|
202
|
-
end
|
|
203
|
-
context 'with a filename and mode w' do
|
|
204
|
-
it 'should create the file' do
|
|
205
|
-
File.open(@new_file_name, 'w')
|
|
206
165
|
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
it 'should create the file with the correct permissions' do
|
|
213
|
-
File.open(@new_file_name, 'w', 0o644)
|
|
214
|
-
|
|
215
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
216
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
|
|
217
|
-
File.delete(@new_file_name)
|
|
218
|
-
end
|
|
219
|
-
end
|
|
220
|
-
context 'with a filename and write mode and file permissions 755' do
|
|
221
|
-
it 'should create the file with the correct permissions' do
|
|
222
|
-
File.open(@new_file_name, 'w', 0o755)
|
|
223
|
-
|
|
224
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
225
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
226
|
-
File.delete(@new_file_name)
|
|
227
|
-
end
|
|
228
|
-
end
|
|
229
|
-
context 'with a filename and write mode and file permissions 777' do
|
|
230
|
-
it 'should create the file with permissions 755' do
|
|
231
|
-
File.open(@new_file_name, 'w', 0o777)
|
|
232
|
-
|
|
233
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
234
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
235
|
-
File.delete(@new_file_name)
|
|
236
|
-
end
|
|
237
|
-
end
|
|
166
|
+
it 'creates the file when passed mode w' do
|
|
167
|
+
File.open(@new_file_name, 'w')
|
|
168
|
+
|
|
169
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
170
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
238
171
|
end
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
172
|
+
|
|
173
|
+
it 'creates the file with the correct permissions' do
|
|
174
|
+
File.open(@new_file_name, 'w', 0o644)
|
|
175
|
+
|
|
176
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
|
|
177
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
178
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
179
|
+
end
|
|
180
|
+
|
|
181
|
+
it 'creates the file with the correct permissions' do
|
|
182
|
+
File.open(@new_file_name, 'w', 0o755)
|
|
183
|
+
|
|
184
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
185
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
186
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
187
|
+
end
|
|
188
|
+
|
|
189
|
+
it 'reads the file' do
|
|
190
|
+
result = File.open(@filename).read
|
|
191
|
+
expect(result).to eq @file_contents
|
|
192
|
+
end
|
|
193
|
+
|
|
194
|
+
it 'reads the file when passed a mode' do
|
|
195
|
+
result = File.open(@filename, 'r').read
|
|
196
|
+
expect(result).to eq @file_contents
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
it 'writes to the file' do
|
|
200
|
+
file = File.open('/dev/null', 'w')
|
|
201
|
+
expect(file.write('dummy message')).to eq 13
|
|
202
|
+
end
|
|
203
|
+
|
|
204
|
+
it 'appends to the file' do
|
|
205
|
+
file = File.open('/dev/null', 'a')
|
|
206
|
+
expect(file.write('dummy message')).to eq 13
|
|
207
|
+
end
|
|
208
|
+
|
|
209
|
+
context 'using mode, permission, binmode opt' do
|
|
210
|
+
after :each do
|
|
211
|
+
expect(@result.binmode?).to be_truthy
|
|
212
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
259
213
|
end
|
|
214
|
+
|
|
215
|
+
test_ruby2_ruby3_keywords(File,
|
|
216
|
+
'open',
|
|
217
|
+
[NEW_FILE_NAME, 'w', 0o755],
|
|
218
|
+
{ binmode: true },
|
|
219
|
+
nil)
|
|
260
220
|
end
|
|
261
221
|
end
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
end
|
|
270
|
-
context 'with a filename' do
|
|
271
|
-
it 'should still be able to read the file' do
|
|
272
|
-
result = File.open(@filename).read
|
|
273
|
-
expect(result).to eq @file_contents
|
|
274
|
-
end
|
|
275
|
-
end
|
|
276
|
-
context 'with a filename and mode r' do
|
|
277
|
-
it 'should still be able to read the file' do
|
|
278
|
-
result = File.open(@filename, 'r').read
|
|
279
|
-
expect(result).to eq @file_contents
|
|
280
|
-
end
|
|
281
|
-
end
|
|
282
|
-
context 'with a filenname and mode w' do
|
|
283
|
-
it 'should still be able to write to a file' do
|
|
284
|
-
file = File.open('/dev/null', 'w')
|
|
285
|
-
expect(file.write('dummy message')).to eq 13
|
|
286
|
-
end
|
|
287
|
-
end
|
|
288
|
-
context 'with a filenname and mode a' do
|
|
289
|
-
it 'should still be able to write to a file' do
|
|
290
|
-
file = File.open('/dev/null', 'a')
|
|
291
|
-
expect(file.write('dummy message')).to eq 13
|
|
292
|
-
end
|
|
293
|
-
end
|
|
222
|
+
|
|
223
|
+
context 'with a file blocked for read/write' do
|
|
224
|
+
before(:each) do
|
|
225
|
+
expect(TCellAgent).to receive(:policy).with(
|
|
226
|
+
TCellAgent::PolicyTypes::LFI
|
|
227
|
+
).and_return(@local_files_policy)
|
|
228
|
+
expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
|
|
294
229
|
end
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
230
|
+
|
|
231
|
+
it 'raises an IOError' do
|
|
232
|
+
expect do
|
|
233
|
+
File.open(@new_file_name, 'w')
|
|
234
|
+
end.to raise_error(IOError)
|
|
235
|
+
end
|
|
236
|
+
|
|
237
|
+
it 'raises an IOError' do
|
|
238
|
+
expect do
|
|
239
|
+
File.open(@new_file_name, 'w', 644)
|
|
240
|
+
end.to raise_error(IOError)
|
|
241
|
+
end
|
|
242
|
+
|
|
243
|
+
it 'raises an IOError' do
|
|
244
|
+
expect do
|
|
245
|
+
File.open(@filename)
|
|
246
|
+
end.to raise_error(IOError)
|
|
247
|
+
end
|
|
248
|
+
|
|
249
|
+
it 'raises an IOError' do
|
|
250
|
+
expect do
|
|
251
|
+
File.open(@filename, 'r')
|
|
252
|
+
end.to raise_error(IOError)
|
|
253
|
+
end
|
|
254
|
+
|
|
255
|
+
it 'raises an IOError' do
|
|
256
|
+
expect do
|
|
257
|
+
File.open('/dev/null', 'w')
|
|
258
|
+
end.to raise_error(IOError)
|
|
323
259
|
end
|
|
324
260
|
end
|
|
325
261
|
end
|
|
326
262
|
end
|
|
263
|
+
|
|
264
|
+
# # rubocop:enable Style/HashSyntax
|
|
265
|
+
# # rubocop:enable Lint/UselessAssignment
|