RubyGems - tcell_agent - Versions diffs - 2.2.1 → 2.5.0 - Mend

tcell_agent 2.2.1 → 2.5.0

Files changed (84) hide show

checksums.yaml +4 -4
data/LICENSE +2 -2
data/bin/tcell_agent +6 -11
data/lib/tcell_agent/agent.rb +18 -13
data/lib/tcell_agent/config_initializer.rb +2 -5
data/lib/tcell_agent/configuration.rb +6 -6
data/lib/tcell_agent/hooks/login_fraud.rb +1 -1
data/lib/tcell_agent/instrumentation/cmdi.rb +32 -0
data/lib/tcell_agent/instrumentation/lfi.rb +55 -9
data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/file.rb +21 -0
data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/io.rb +75 -0
data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/kernel.rb +80 -0
data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/file.rb +21 -0
data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/io.rb +75 -0
data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/kernel.rb +80 -0
data/lib/tcell_agent/instrumentation.rb +14 -6
data/lib/tcell_agent/logger.rb +2 -2
data/lib/tcell_agent/policies/dataloss_policy.rb +15 -8
data/lib/tcell_agent/policies/headers_policy.rb +2 -2
data/lib/tcell_agent/policies/patches_policy.rb +8 -4
data/lib/tcell_agent/policies/policies_manager.rb +1 -0
data/lib/tcell_agent/policies/policy_polling.rb +4 -3
data/lib/tcell_agent/rails/auth/doorkeeper.rb +1 -0
data/lib/tcell_agent/rails/better_ip.rb +7 -19
data/lib/tcell_agent/rails/dlp/process_request.rb +5 -0
data/lib/tcell_agent/rails/dlp.rb +48 -48
data/lib/tcell_agent/rails/dlp_handler.rb +9 -10
data/lib/tcell_agent/rails/js_agent_insert.rb +2 -3
data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -1
data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -5
data/lib/tcell_agent/rails/middleware/headers_middleware.rb +1 -0
data/lib/tcell_agent/rails/routes/grape.rb +2 -1
data/lib/tcell_agent/rails/settings_reporter.rb +3 -6
data/lib/tcell_agent/rails/tcell_body_proxy.rb +4 -6
data/lib/tcell_agent/routes/table.rb +3 -0
data/lib/tcell_agent/rust/agent_config.rb +20 -2
data/lib/tcell_agent/rust/{libtcellagent-5.0.2.so → libtcellagent-alpine.so} +0 -0
data/lib/tcell_agent/rust/{tcellagent-5.0.2.dll → libtcellagent-x64.dll} +0 -0
data/lib/tcell_agent/rust/{libtcellagent-5.0.2.dylib → libtcellagent.dylib} +0 -0
data/lib/tcell_agent/rust/{libtcellagent-alpine-5.0.2.so → libtcellagent.so} +0 -0
data/lib/tcell_agent/rust/native_agent.rb +51 -59
data/lib/tcell_agent/rust/native_library.rb +7 -10
data/lib/tcell_agent/sensor_events/server_agent.rb +3 -100
data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +1 -0
data/lib/tcell_agent/servers/puma.rb +25 -8
data/lib/tcell_agent/servers/rack_puma_handler.rb +13 -3
data/lib/tcell_agent/servers/webrick.rb +13 -3
data/lib/tcell_agent/settings_reporter.rb +0 -14
data/lib/tcell_agent/sinatra.rb +1 -0
data/lib/tcell_agent/tcell_context.rb +15 -6
data/lib/tcell_agent/utils/headers.rb +0 -1
data/lib/tcell_agent/utils/strings.rb +2 -2
data/lib/tcell_agent/version.rb +1 -1
data/spec/cruby_spec_helper.rb +26 -0
data/spec/lib/tcell_agent/instrument_servers_spec.rb +1 -1
data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +2 -2
data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +211 -272
data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +207 -223
data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +89 -70
data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +73 -0
data/spec/lib/tcell_agent/patches_spec.rb +2 -1
data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +1 -2
data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +5 -6
data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +21 -2
data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +1 -1
data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +13 -8
data/spec/lib/tcell_agent/rails/better_ip_spec.rb +9 -11
data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +6 -6
data/spec/lib/tcell_agent/rails/dlp_spec.rb +1 -0
data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +10 -2
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +2 -1
data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +4 -4
data/spec/lib/tcell_agent/settings_reporter_spec.rb +2 -16
data/spec/lib/tcell_agent/tcell_context_spec.rb +6 -5
data/spec/spec_helper.rb +3 -1
data/spec/support/builders.rb +2 -1
data/spec/support/server_mocks/puma_mock.rb +4 -0
data/spec/support/shared_spec.rb +29 -0
data/tcell_agent.gemspec +14 -14
metadata +23 -19
data/Rakefile +0 -18
data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +0 -25
data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +0 -131
data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +0 -102

data/Rakefile DELETED Viewed

@@ -1,18 +0,0 @@
-require 'rspec/core/rake_task'
-RSpec::Core::RakeTask.new(:spec)
-desc 'Run tests'
-task :default => [:spec]
-task :test => :spec
-task 'init-integration-tests' do
-  system('docker-compose run railsintegration224 bundle install')
-  system('docker-compose run railsintegration224 bundle exec rake db:create db:setup')
-  system('docker-compose stop')
-end
-task 'integration-test' do
-  system('docker-compose up railsintegration224')
-  system('docker-compose stop')
-end

data/lib/tcell_agent/instrumentation/monkey_patches/file.rb DELETED Viewed

@@ -1,25 +0,0 @@
-class File
-  class << self
-    alias_method :tcell_original_new, :new
-    def new(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-      tcell_original_new(*args, &block)
-    end
-    alias_method :tcell_original_open, :open
-    def open(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-      tcell_original_open(*args, &block)
-    end
-  end
-end

data/lib/tcell_agent/instrumentation/monkey_patches/io.rb DELETED Viewed

@@ -1,131 +0,0 @@
-class IO
-  class << self
-    alias_method :tcell_original_binread, :binread
-    def binread(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-      if path.empty?
-        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-        if cmd && TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-      tcell_original_binread(*args, &block)
-    end
-    alias_method :tcell_original_binwrite, :binwrite
-    def binwrite(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Write'
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-      tcell_original_binwrite(*args, &block)
-    end
-    alias_method :tcell_original_foreach, :foreach
-    def foreach(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-      tcell_original_foreach(*args, &block)
-    end
-    alias_method :tcell_original_popen, :popen
-    def popen(*args, &block)
-      unless args.empty?
-        cmd = ''
-        TCellAgent::Instrumentation.safe_block('CMDI Parsing popen *args') do
-          args_copy = Array.new(args)
-          args_copy.shift if args_copy.first.is_a?(Hash)
-          args_copy.pop if args_copy.last.is_a?(Hash)
-          cmd = if args_copy.first.is_a?(String)
-                  args_copy.shift
-                else
-                  TCellAgent::Cmdi.parse_command(*args_copy.shift)
-                end
-        end
-        if TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-      tcell_original_popen(*args, &block)
-    end
-    alias_method :tcell_original_read, :read
-    def read(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-      if path.empty?
-        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-        if cmd && TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-      tcell_original_read(*args, &block)
-    end
-    alias_method :tcell_original_readlines, :readlines
-    def readlines(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-      if path.empty?
-        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-        if cmd && TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-      tcell_original_readlines(*args, &block)
-    end
-    alias_method :tcell_original_sysopen, :sysopen
-    def sysopen(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-      tcell_original_sysopen(*args, &block)
-    end
-    alias_method :tcell_original_write, :write
-    def write(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Write'
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-      tcell_original_write(*args, &block)
-    end
-  end
-end

data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb DELETED Viewed

@@ -1,102 +0,0 @@
-module Kernel
-  private
-  alias_method :tcell_original_backtick, :`
-  alias_method :tcell_original_exec, :exec
-  alias_method :tcell_original_open, :open
-  alias_method :tcell_original_gets, :gets
-  alias_method :tcell_original_readline, :readline
-  alias_method :tcell_original_spawn, :spawn
-  alias_method :tcell_original_system, :system
-  class << self
-    alias_method :tcell_original_exec, :exec
-    alias_method :tcell_original_open, :open
-    alias_method :tcell_original_gets, :gets
-    alias_method :tcell_original_readline, :readline
-    alias_method :tcell_original_spawn, :spawn
-    alias_method :tcell_original_system, :system
-  end
-  def `(cmd)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-    tcell_original_backtick(cmd)
-  end
-  if TCellAgent.configuration.should_instrument?('kernel_exec')
-    def exec(*args)
-      cmd = TCellAgent::Cmdi.parse_command(*args)
-      if TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-      tcell_original_exec(*args)
-    end
-  end
-  def gets(*args, &block)
-    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-    if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-    end
-    tcell_original_gets(*args, &block)
-  end
-  def open(*args, &block)
-    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-    if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-    end
-    if path.empty?
-      cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-      if cmd && TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-    end
-    tcell_original_open(*args, &block)
-  end
-  def readline(*args, &block)
-    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-    if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-    end
-    tcell_original_readline(*args, &block)
-  end
-  def spawn(*args)
-    cmd = TCellAgent::Cmdi.parse_command(*args)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-    tcell_original_spawn(*args)
-  end
-  def system(*args)
-    cmd = TCellAgent::Cmdi.parse_command(*args)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-    tcell_original_system(*args)
-  end
-  module_function :`
-  module_function :exec
-  module_function :gets
-  module_function :open
-  module_function :readline
-  module_function :spawn
-  module_function :system
-end