tcell_agent 2.2.1 → 2.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE +2 -2
- data/bin/tcell_agent +6 -11
- data/lib/tcell_agent/agent.rb +18 -13
- data/lib/tcell_agent/config_initializer.rb +2 -5
- data/lib/tcell_agent/configuration.rb +6 -6
- data/lib/tcell_agent/hooks/login_fraud.rb +1 -1
- data/lib/tcell_agent/instrumentation/cmdi.rb +32 -0
- data/lib/tcell_agent/instrumentation/lfi.rb +55 -9
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/file.rb +21 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/io.rb +75 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/kernel.rb +80 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/file.rb +21 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/io.rb +75 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/kernel.rb +80 -0
- data/lib/tcell_agent/instrumentation.rb +14 -6
- data/lib/tcell_agent/logger.rb +2 -2
- data/lib/tcell_agent/policies/dataloss_policy.rb +15 -8
- data/lib/tcell_agent/policies/headers_policy.rb +2 -2
- data/lib/tcell_agent/policies/patches_policy.rb +8 -4
- data/lib/tcell_agent/policies/policies_manager.rb +1 -0
- data/lib/tcell_agent/policies/policy_polling.rb +4 -3
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +1 -0
- data/lib/tcell_agent/rails/better_ip.rb +7 -19
- data/lib/tcell_agent/rails/dlp/process_request.rb +5 -0
- data/lib/tcell_agent/rails/dlp.rb +48 -48
- data/lib/tcell_agent/rails/dlp_handler.rb +9 -10
- data/lib/tcell_agent/rails/js_agent_insert.rb +2 -3
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -1
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -5
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +1 -0
- data/lib/tcell_agent/rails/routes/grape.rb +2 -1
- data/lib/tcell_agent/rails/settings_reporter.rb +3 -6
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +4 -6
- data/lib/tcell_agent/routes/table.rb +3 -0
- data/lib/tcell_agent/rust/agent_config.rb +20 -2
- data/lib/tcell_agent/rust/{libtcellagent-5.0.2.so → libtcellagent-alpine.so} +0 -0
- data/lib/tcell_agent/rust/{tcellagent-5.0.2.dll → libtcellagent-x64.dll} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-5.0.2.dylib → libtcellagent.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-5.0.2.so → libtcellagent.so} +0 -0
- data/lib/tcell_agent/rust/native_agent.rb +51 -59
- data/lib/tcell_agent/rust/native_library.rb +7 -10
- data/lib/tcell_agent/sensor_events/server_agent.rb +3 -100
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +1 -0
- data/lib/tcell_agent/servers/puma.rb +25 -8
- data/lib/tcell_agent/servers/rack_puma_handler.rb +13 -3
- data/lib/tcell_agent/servers/webrick.rb +13 -3
- data/lib/tcell_agent/settings_reporter.rb +0 -14
- data/lib/tcell_agent/sinatra.rb +1 -0
- data/lib/tcell_agent/tcell_context.rb +15 -6
- data/lib/tcell_agent/utils/headers.rb +0 -1
- data/lib/tcell_agent/utils/strings.rb +2 -2
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/cruby_spec_helper.rb +26 -0
- data/spec/lib/tcell_agent/instrument_servers_spec.rb +1 -1
- data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +2 -2
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +211 -272
- data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +207 -223
- data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +89 -70
- data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +73 -0
- data/spec/lib/tcell_agent/patches_spec.rb +2 -1
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +1 -2
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +5 -6
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +21 -2
- data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +1 -1
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +13 -8
- data/spec/lib/tcell_agent/rails/better_ip_spec.rb +9 -11
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +6 -6
- data/spec/lib/tcell_agent/rails/dlp_spec.rb +1 -0
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +10 -2
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +2 -1
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +4 -4
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +2 -16
- data/spec/lib/tcell_agent/tcell_context_spec.rb +6 -5
- data/spec/spec_helper.rb +3 -1
- data/spec/support/builders.rb +2 -1
- data/spec/support/server_mocks/puma_mock.rb +4 -0
- data/spec/support/shared_spec.rb +29 -0
- data/tcell_agent.gemspec +14 -14
- metadata +23 -19
- data/Rakefile +0 -18
- data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +0 -25
- data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +0 -131
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +0 -102
|
@@ -20,7 +20,7 @@ end
|
|
|
20
20
|
|
|
21
21
|
def test_puma
|
|
22
22
|
expect(Puma.cli_config.options[:preload_app]).to be_falsey
|
|
23
|
-
expect(Puma::Server.instance_methods.include?(:
|
|
23
|
+
expect(Puma::Server.instance_methods.include?(:tcell_original_run)).to be_truthy
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def test_server(filenames, funcs)
|
|
@@ -262,10 +262,10 @@ describe IO do
|
|
|
262
262
|
IO.popen(@env, %w[echo test], 'w+', :unsetenv_others => true)
|
|
263
263
|
|
|
264
264
|
expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
|
|
265
|
-
IO.popen([@env, 'echo', 'test', :unsetenv_others => true], 'w+')
|
|
265
|
+
IO.popen([@env, 'echo', 'test', { :unsetenv_others => true }], 'w+')
|
|
266
266
|
|
|
267
267
|
expect(TCellAgent::Cmdi).to receive(:block_command?).with('echo test')
|
|
268
|
-
IO.popen(@env, [@env, 'echo', 'test', :unsetenv_others => true], 'w+', :err => %i[child out])
|
|
268
|
+
IO.popen(@env, [@env, 'echo', 'test', { :unsetenv_others => true }], 'w+', :err => %i[child out])
|
|
269
269
|
end
|
|
270
270
|
end
|
|
271
271
|
end
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# rubocop:disable Style/HashSyntax
|
|
2
|
+
|
|
1
3
|
require 'spec_helper'
|
|
2
4
|
require 'securerandom'
|
|
3
5
|
|
|
@@ -12,7 +14,7 @@ describe 'File' do
|
|
|
12
14
|
)
|
|
13
15
|
@filename = get_test_resource_path('lfi_sample_file.txt')
|
|
14
16
|
@file_contents = "This is line one.\nThis is line two.\n"
|
|
15
|
-
@new_file_name =
|
|
17
|
+
@new_file_name = NEW_FILE_NAME
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
describe '.new' do
|
|
@@ -29,298 +31,235 @@ describe 'File' do
|
|
|
29
31
|
end.to raise_error(Errno::ENOENT)
|
|
30
32
|
end
|
|
31
33
|
end
|
|
32
|
-
context 'with a non-existent file' do
|
|
33
|
-
context 'with a directory not blocked for read/write' do
|
|
34
|
-
before(:each) do
|
|
35
|
-
expect(TCellAgent).to receive(:policy).with(
|
|
36
|
-
TCellAgent::PolicyTypes::LFI
|
|
37
|
-
).and_return(@local_files_policy)
|
|
38
|
-
expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
|
|
39
|
-
end
|
|
40
|
-
context 'with a filename and mode r' do
|
|
41
|
-
it 'should raise an ERRNO::ENOENT error' do
|
|
42
|
-
expect do
|
|
43
|
-
File.new(@new_file_name, 'r')
|
|
44
|
-
end.to raise_error(Errno::ENOENT)
|
|
45
|
-
end
|
|
46
|
-
end
|
|
47
|
-
context 'with a filename and mode w' do
|
|
48
|
-
it 'should create the file' do
|
|
49
|
-
File.new(@new_file_name, 'w')
|
|
50
34
|
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
File.new(@new_file_name, 'w', 0o644)
|
|
58
|
-
|
|
59
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
60
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
|
|
61
|
-
File.delete(@new_file_name)
|
|
62
|
-
end
|
|
63
|
-
end
|
|
64
|
-
context 'with a filename and write mode and file permissions 755' do
|
|
65
|
-
it 'should create the file with the correct permissions' do
|
|
66
|
-
File.new(@new_file_name, 'w', 0o755)
|
|
67
|
-
|
|
68
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
69
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
70
|
-
File.delete(@new_file_name)
|
|
71
|
-
end
|
|
72
|
-
end
|
|
73
|
-
context 'with a filename and write mode and file permissions 777' do
|
|
74
|
-
it 'should create the file with permissions 755' do
|
|
75
|
-
File.new(@new_file_name, 'w', 0o777)
|
|
76
|
-
|
|
77
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
78
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
79
|
-
File.delete(@new_file_name)
|
|
80
|
-
end
|
|
81
|
-
end
|
|
35
|
+
context 'with a file not blocked for read/write' do
|
|
36
|
+
before(:each) do
|
|
37
|
+
expect(TCellAgent).to receive(:policy).with(
|
|
38
|
+
TCellAgent::PolicyTypes::LFI
|
|
39
|
+
).and_return(@local_files_policy)
|
|
40
|
+
expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
|
|
82
41
|
end
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
42
|
+
|
|
43
|
+
after(:each) do |example|
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
it 'raises an ERRNO::ENOENT error', :file_created => false do
|
|
47
|
+
expect do
|
|
48
|
+
File.new(@new_file_name, 'r')
|
|
49
|
+
end.to raise_error(Errno::ENOENT)
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
it 'creates the file when passed mode w' do
|
|
53
|
+
File.new(@new_file_name, 'w')
|
|
54
|
+
|
|
55
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
56
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
it 'creates the file with the correct permissions' do
|
|
60
|
+
File.new(@new_file_name, 'w', 0o644)
|
|
61
|
+
|
|
62
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
|
|
63
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
64
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
it 'creates the file with the correct permissions' do
|
|
68
|
+
File.new(@new_file_name, 'w', 0o755)
|
|
69
|
+
|
|
70
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
71
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
72
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
it 'reads the file' do
|
|
76
|
+
result = File.new(@filename).read
|
|
77
|
+
expect(result).to eq @file_contents
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
it 'reads the file when passed a mode' do
|
|
81
|
+
result = File.new(@filename, 'r').read
|
|
82
|
+
expect(result).to eq @file_contents
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
it 'writes to the file' do
|
|
86
|
+
file = File.new('/dev/null', 'w')
|
|
87
|
+
expect(file.write('dummy message')).to eq 13
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
it 'appends to the file' do
|
|
91
|
+
file = File.new('/dev/null', 'a')
|
|
92
|
+
expect(file.write('dummy message')).to eq 13
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
context 'using mode, permission, binmode opt' do
|
|
96
|
+
after :each do
|
|
97
|
+
expect(@result.binmode?).to be_truthy
|
|
98
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
99
|
+
|
|
100
|
+
File.delete(@new_file_name)
|
|
103
101
|
end
|
|
102
|
+
|
|
103
|
+
test_ruby2_ruby3_keywords(File,
|
|
104
|
+
'new',
|
|
105
|
+
[NEW_FILE_NAME, 'w', 0o755],
|
|
106
|
+
{ binmode: true },
|
|
107
|
+
nil)
|
|
104
108
|
end
|
|
105
109
|
end
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
context 'with a filename' do
|
|
115
|
-
it 'should still be able to read the file' do
|
|
116
|
-
result = File.new(@filename).read
|
|
117
|
-
expect(result).to eq @file_contents
|
|
118
|
-
end
|
|
119
|
-
end
|
|
120
|
-
context 'with a filename and mode r' do
|
|
121
|
-
it 'should still be able to read the file' do
|
|
122
|
-
result = File.new(@filename, 'r').read
|
|
123
|
-
expect(result).to eq @file_contents
|
|
124
|
-
end
|
|
125
|
-
end
|
|
126
|
-
context 'with a filenname and mode w' do
|
|
127
|
-
it 'should still be able to write to a file' do
|
|
128
|
-
file = File.new('/dev/null', 'w')
|
|
129
|
-
expect(file.write('dummy message')).to eq 13
|
|
130
|
-
end
|
|
131
|
-
end
|
|
132
|
-
context 'with a filenname and mode a' do
|
|
133
|
-
it 'should still be able to write to a file' do
|
|
134
|
-
file = File.new('/dev/null', 'a')
|
|
135
|
-
expect(file.write('dummy message')).to eq 13
|
|
136
|
-
end
|
|
137
|
-
end
|
|
110
|
+
|
|
111
|
+
context 'with a file blocked for read/write' do
|
|
112
|
+
before(:each) do
|
|
113
|
+
expect(TCellAgent).to receive(:policy).with(
|
|
114
|
+
TCellAgent::PolicyTypes::LFI
|
|
115
|
+
).and_return(@local_files_policy)
|
|
116
|
+
|
|
117
|
+
expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
|
|
138
118
|
end
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
147
|
-
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
end
|
|
119
|
+
|
|
120
|
+
it 'raises an IOError' do
|
|
121
|
+
expect do
|
|
122
|
+
File.new(@new_file_name, 'w')
|
|
123
|
+
end.to raise_error(IOError)
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
it 'raises an IOError' do
|
|
127
|
+
expect do
|
|
128
|
+
File.new(@new_file_name, 'w', 644)
|
|
129
|
+
end.to raise_error(IOError)
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
it 'raises an IOError' do
|
|
133
|
+
expect do
|
|
134
|
+
File.new(@filename)
|
|
135
|
+
end.to raise_error(IOError)
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
it 'raises an IOError' do
|
|
139
|
+
expect do
|
|
140
|
+
File.new(@filename, 'r')
|
|
141
|
+
end.to raise_error(IOError)
|
|
142
|
+
end
|
|
143
|
+
it 'raises an IOError' do
|
|
144
|
+
expect do
|
|
145
|
+
File.new('/dev/null', 'w')
|
|
146
|
+
end.to raise_error(IOError)
|
|
167
147
|
end
|
|
168
148
|
end
|
|
169
149
|
end
|
|
170
150
|
|
|
171
151
|
describe '.open' do
|
|
172
|
-
context '
|
|
173
|
-
|
|
174
|
-
expect
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
expect
|
|
178
|
-
|
|
179
|
-
|
|
152
|
+
context 'with a file not blocked for read/write' do
|
|
153
|
+
before(:each) do
|
|
154
|
+
expect(TCellAgent).to receive(:policy).with(
|
|
155
|
+
TCellAgent::PolicyTypes::LFI
|
|
156
|
+
).and_return(@local_files_policy)
|
|
157
|
+
expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
it 'raises an ERRNO::ENOENT error', :file_created => false do
|
|
180
161
|
expect do
|
|
181
|
-
File.open('')
|
|
162
|
+
File.open(@new_file_name, 'r')
|
|
182
163
|
end.to raise_error(Errno::ENOENT)
|
|
183
164
|
end
|
|
184
|
-
end
|
|
185
|
-
context 'with a non-existent file' do
|
|
186
|
-
before(:all) do
|
|
187
|
-
@new_file_name = '/tmp/' + SecureRandom.uuid
|
|
188
|
-
end
|
|
189
|
-
context 'with a directory not blocked for read/write' do
|
|
190
|
-
before(:each) do
|
|
191
|
-
expect(TCellAgent).to receive(:policy).with(
|
|
192
|
-
TCellAgent::PolicyTypes::LFI
|
|
193
|
-
).and_return(@local_files_policy)
|
|
194
|
-
expect(@local_files_policy).to receive(:block_file_access?).and_return(false)
|
|
195
|
-
end
|
|
196
|
-
context 'with a filename and mode r' do
|
|
197
|
-
it 'should raise an ERRNO::ENOENT error' do
|
|
198
|
-
expect do
|
|
199
|
-
File.open(@new_file_name, 'r')
|
|
200
|
-
end.to raise_error(Errno::ENOENT)
|
|
201
|
-
end
|
|
202
|
-
end
|
|
203
|
-
context 'with a filename and mode w' do
|
|
204
|
-
it 'should create the file' do
|
|
205
|
-
File.open(@new_file_name, 'w')
|
|
206
165
|
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
it 'should create the file with the correct permissions' do
|
|
213
|
-
File.open(@new_file_name, 'w', 0o644)
|
|
214
|
-
|
|
215
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
216
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
|
|
217
|
-
File.delete(@new_file_name)
|
|
218
|
-
end
|
|
219
|
-
end
|
|
220
|
-
context 'with a filename and write mode and file permissions 755' do
|
|
221
|
-
it 'should create the file with the correct permissions' do
|
|
222
|
-
File.open(@new_file_name, 'w', 0o755)
|
|
223
|
-
|
|
224
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
225
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
226
|
-
File.delete(@new_file_name)
|
|
227
|
-
end
|
|
228
|
-
end
|
|
229
|
-
context 'with a filename and write mode and file permissions 777' do
|
|
230
|
-
it 'should create the file with permissions 755' do
|
|
231
|
-
File.open(@new_file_name, 'w', 0o777)
|
|
232
|
-
|
|
233
|
-
expect(File.exist?(@new_file_name)).to be_truthy
|
|
234
|
-
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
235
|
-
File.delete(@new_file_name)
|
|
236
|
-
end
|
|
237
|
-
end
|
|
166
|
+
it 'creates the file when passed mode w' do
|
|
167
|
+
File.open(@new_file_name, 'w')
|
|
168
|
+
|
|
169
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
170
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
238
171
|
end
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
172
|
+
|
|
173
|
+
it 'creates the file with the correct permissions' do
|
|
174
|
+
File.open(@new_file_name, 'w', 0o644)
|
|
175
|
+
|
|
176
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('644')
|
|
177
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
178
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
179
|
+
end
|
|
180
|
+
|
|
181
|
+
it 'creates the file with the correct permissions' do
|
|
182
|
+
File.open(@new_file_name, 'w', 0o755)
|
|
183
|
+
|
|
184
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
185
|
+
expect(File.exist?(@new_file_name)).to be_truthy
|
|
186
|
+
File.delete(@new_file_name) if File.exist?(@new_file_name)
|
|
187
|
+
end
|
|
188
|
+
|
|
189
|
+
it 'reads the file' do
|
|
190
|
+
result = File.open(@filename).read
|
|
191
|
+
expect(result).to eq @file_contents
|
|
192
|
+
end
|
|
193
|
+
|
|
194
|
+
it 'reads the file when passed a mode' do
|
|
195
|
+
result = File.open(@filename, 'r').read
|
|
196
|
+
expect(result).to eq @file_contents
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
it 'writes to the file' do
|
|
200
|
+
file = File.open('/dev/null', 'w')
|
|
201
|
+
expect(file.write('dummy message')).to eq 13
|
|
202
|
+
end
|
|
203
|
+
|
|
204
|
+
it 'appends to the file' do
|
|
205
|
+
file = File.open('/dev/null', 'a')
|
|
206
|
+
expect(file.write('dummy message')).to eq 13
|
|
207
|
+
end
|
|
208
|
+
|
|
209
|
+
context 'using mode, permission, binmode opt' do
|
|
210
|
+
after :each do
|
|
211
|
+
expect(@result.binmode?).to be_truthy
|
|
212
|
+
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
259
213
|
end
|
|
214
|
+
|
|
215
|
+
test_ruby2_ruby3_keywords(File,
|
|
216
|
+
'open',
|
|
217
|
+
[NEW_FILE_NAME, 'w', 0o755],
|
|
218
|
+
{ binmode: true },
|
|
219
|
+
nil)
|
|
260
220
|
end
|
|
261
221
|
end
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
context 'with a filename' do
|
|
271
|
-
it 'should still be able to read the file' do
|
|
272
|
-
result = File.open(@filename).read
|
|
273
|
-
expect(result).to eq @file_contents
|
|
274
|
-
end
|
|
275
|
-
end
|
|
276
|
-
context 'with a filename and mode r' do
|
|
277
|
-
it 'should still be able to read the file' do
|
|
278
|
-
result = File.open(@filename, 'r').read
|
|
279
|
-
expect(result).to eq @file_contents
|
|
280
|
-
end
|
|
281
|
-
end
|
|
282
|
-
context 'with a filenname and mode w' do
|
|
283
|
-
it 'should still be able to write to a file' do
|
|
284
|
-
file = File.open('/dev/null', 'w')
|
|
285
|
-
expect(file.write('dummy message')).to eq 13
|
|
286
|
-
end
|
|
287
|
-
end
|
|
288
|
-
context 'with a filenname and mode a' do
|
|
289
|
-
it 'should still be able to write to a file' do
|
|
290
|
-
file = File.open('/dev/null', 'a')
|
|
291
|
-
expect(file.write('dummy message')).to eq 13
|
|
292
|
-
end
|
|
293
|
-
end
|
|
222
|
+
|
|
223
|
+
context 'with a file blocked for read/write' do
|
|
224
|
+
before(:each) do
|
|
225
|
+
expect(TCellAgent).to receive(:policy).with(
|
|
226
|
+
TCellAgent::PolicyTypes::LFI
|
|
227
|
+
).and_return(@local_files_policy)
|
|
228
|
+
|
|
229
|
+
expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
|
|
294
230
|
end
|
|
295
|
-
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
231
|
+
|
|
232
|
+
it 'raises an IOError' do
|
|
233
|
+
expect do
|
|
234
|
+
File.open(@new_file_name, 'w')
|
|
235
|
+
end.to raise_error(IOError)
|
|
236
|
+
end
|
|
237
|
+
|
|
238
|
+
it 'raises an IOError' do
|
|
239
|
+
expect do
|
|
240
|
+
File.open(@new_file_name, 'w', 644)
|
|
241
|
+
end.to raise_error(IOError)
|
|
242
|
+
end
|
|
243
|
+
|
|
244
|
+
it 'raises an IOError' do
|
|
245
|
+
expect do
|
|
246
|
+
File.open(@filename)
|
|
247
|
+
end.to raise_error(IOError)
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
it 'raises an IOError' do
|
|
251
|
+
expect do
|
|
252
|
+
File.open(@filename, 'r')
|
|
253
|
+
end.to raise_error(IOError)
|
|
254
|
+
end
|
|
255
|
+
|
|
256
|
+
it 'raises an IOError' do
|
|
257
|
+
expect do
|
|
258
|
+
File.open('/dev/null', 'w')
|
|
259
|
+
end.to raise_error(IOError)
|
|
323
260
|
end
|
|
324
261
|
end
|
|
325
262
|
end
|
|
326
263
|
end
|
|
264
|
+
|
|
265
|
+
# rubocop:enable Style/HashSyntax
|