tcell_agent 2.3.0 → 2.4.0

data/lib/tcell_agent/instrumentation/monkey_patches/ruby_2/kernel.rb

@@ -0,0 +1,80 @@
+module Kernel
+  private
+
+  if TCellAgent.configuration.should_instrument?('Kernel#`')
+    alias_method :tcell_original_backtick, :`
+    def `(cmd)
+      TCellAgent::Cmdi.raise_if_block(cmd)
+
+      tcell_original_backtick(cmd)
+    end
+
+    module_function :`
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#exec')
+    alias_method :tcell_original_exec, :exec
+    def exec(*args)
+      TCellAgent::Cmdi.default_cmdi_handler(args)
+
+      tcell_original_exec(*args)
+    end
+
+    module_function :exec
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#gets')
+    alias_method :tcell_original_gets, :gets
+    def gets(*args, &block)
+      TCellAgent::Instrumentation::Lfi.argf_open_handler
+
+      tcell_original_gets(*args, &block)
+    end
+
+    module_function :gets
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#open')
+    alias_method :tcell_original_open, :open
+    def open(*args, &block)
+      TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args)
+
+      tcell_original_open(*args, &block)
+    end
+
+    module_function :open
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#readline')
+    alias_method :tcell_original_readline, :readline
+    def readline(*args, &block)
+      TCellAgent::Instrumentation::Lfi.argf_open_handler
+
+      tcell_original_readline(*args, &block)
+    end
+
+    module_function :readline
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#spawn')
+    alias_method :tcell_original_spawn, :spawn
+    def spawn(*args)
+      TCellAgent::Cmdi.default_cmdi_handler(args)
+
+      tcell_original_spawn(*args)
+    end
+
+    module_function :spawn
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#system')
+    alias_method :tcell_original_system, :system
+    def system(*args)
+      TCellAgent::Cmdi.default_cmdi_handler(args)
+
+      tcell_original_system(*args)
+    end
+
+    module_function :system
+  end
+end

data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/file.rb

@@ -0,0 +1,21 @@
+class File
+  class << self
+    if TCellAgent.configuration.should_instrument?('File::new')
+      alias_method :tcell_original_new, :new
+      def new(*args, **kwargs, &block)
+        TCellAgent::Instrumentation::Lfi.default_open_handler(args)
+
+        tcell_original_new(*args, **kwargs, &block)
+      end
+    end
+
+    if TCellAgent.configuration.should_instrument?('File::open')
+      alias_method :tcell_original_open, :open
+      def open(*args, **kwargs, &block)
+        TCellAgent::Instrumentation::Lfi.default_open_handler(args)
+
+        tcell_original_open(*args, **kwargs, &block)
+      end
+    end
+  end
+end

data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/io.rb

@@ -0,0 +1,75 @@
+class IO
+  class << self
+    if TCellAgent.configuration.should_instrument?('IO::binread')
+      alias_method :tcell_original_binread, :binread
+      def binread(*args, **kwargs, &block)
+        TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args)
+
+        tcell_original_binread(*args, **kwargs, &block)
+      end
+    end
+
+    if TCellAgent.configuration.should_instrument?('IO::binwrite')
+      alias_method :tcell_original_binwrite, :binwrite
+      def binwrite(*args, **kwargs, &block)
+        TCellAgent::Instrumentation::Lfi.default_open_handler(args, 'Write')
+
+        tcell_original_binwrite(*args, **kwargs, &block)
+      end
+    end
+
+    if TCellAgent.configuration.should_instrument?('IO::foreach')
+      alias_method :tcell_original_foreach, :foreach
+      def foreach(*args, **kwargs, &block)
+        TCellAgent::Instrumentation::Lfi.default_open_handler(args, 'Read')
+
+        tcell_original_foreach(*args, **kwargs, &block)
+      end
+    end
+
+    if TCellAgent.configuration.should_instrument?('IO::popen')
+      alias_method :tcell_original_popen, :popen
+      def popen(*args, **kwargs, &block)
+        TCellAgent::Cmdi.popen_cmdi_handler(args)
+
+        tcell_original_popen(*args, **kwargs, &block)
+      end
+    end
+
+    if TCellAgent.configuration.should_instrument?('IO::read')
+      alias_method :tcell_original_read, :read
+      def read(*args, **kwargs, &block)
+        TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args, 'Read')
+
+        tcell_original_read(*args, **kwargs, &block)
+      end
+    end
+
+    if TCellAgent.configuration.should_instrument?('IO::readlines')
+      alias_method :tcell_original_readlines, :readlines
+      def readlines(*args, **kwargs, &block)
+        TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args, 'Read')
+
+        tcell_original_readlines(*args, **kwargs, &block)
+      end
+    end
+
+    if TCellAgent.configuration.should_instrument?('IO::sysopen')
+      alias_method :tcell_original_sysopen, :sysopen
+      def sysopen(*args, **kwargs, &block)
+        TCellAgent::Instrumentation::Lfi.default_open_handler(args)
+
+        tcell_original_sysopen(*args, **kwargs, &block)
+      end
+    end
+
+    if TCellAgent.configuration.should_instrument?('IO::write')
+      alias_method :tcell_original_write, :write
+      def write(*args, **kwargs, &block)
+        TCellAgent::Instrumentation::Lfi.default_open_handler(args, 'Write')
+
+        tcell_original_write(*args, **kwargs, &block)
+      end
+    end
+  end
+end

data/lib/tcell_agent/instrumentation/monkey_patches/ruby_3/kernel.rb

@@ -0,0 +1,80 @@
+module Kernel
+  private
+
+  if TCellAgent.configuration.should_instrument?('Kernel#`')
+    alias_method :tcell_original_backtick, :`
+    def `(cmd)
+      TCellAgent::Cmdi.raise_if_block(cmd)
+
+      tcell_original_backtick(cmd)
+    end
+
+    module_function :`
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#exec')
+    alias_method :tcell_original_exec, :exec
+    def exec(*args)
+      TCellAgent::Cmdi.default_cmdi_handler(args)
+
+      tcell_original_exec(*args)
+    end
+
+    module_function :exec
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#gets')
+    alias_method :tcell_original_gets, :gets
+    def gets(*args, **kwargs, &block)
+      TCellAgent::Instrumentation::Lfi.argf_open_handler
+
+      tcell_original_gets(*args, **kwargs, &block)
+    end
+
+    module_function :gets
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#open')
+    alias_method :tcell_original_open, :open
+    def open(*args, **kwargs, &block)
+      TCellAgent::Instrumentation::Lfi.cmdi_open_handler(args)
+
+      tcell_original_open(*args, **kwargs, &block)
+    end
+
+    module_function :open
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#readline')
+    alias_method :tcell_original_readline, :readline
+    def readline(*args, **kwargs, &block)
+      TCellAgent::Instrumentation::Lfi.argf_open_handler
+
+      tcell_original_readline(*args, **kwargs, &block)
+    end
+
+    module_function :readline
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#spawn')
+    alias_method :tcell_original_spawn, :spawn
+    def spawn(*args, **kwargs)
+      TCellAgent::Cmdi.default_cmdi_handler(args)
+
+      tcell_original_spawn(*args, **kwargs)
+    end
+
+    module_function :spawn
+  end
+
+  if TCellAgent.configuration.should_instrument?('Kernel#system')
+    alias_method :tcell_original_system, :system
+    def system(*args, **kwargs)
+      TCellAgent::Cmdi.default_cmdi_handler(args)
+
+      tcell_original_system(*args, **kwargs)
+    end
+
+    module_function :system
+  end
+end

data/lib/tcell_agent/logger.rb

@@ -31,13 +31,13 @@ module TCellAgent
     end
   end
 
-  # Note: since the agent waits until native agent
+  # NOTE: since the agent waits until native agent
   # is available, this is only used in errors
   # throwned while the agent is instrumenting or starting up
   # so it's ok to send those to STDOUT always
   class RubyLogger
     def initialize
-      @logger = Logger.new(STDOUT)
+      @logger = Logger.new(STDOUT) # rubocop:disable Style/GlobalStdStream
     end
 
     def exception(module_name, exception)

data/lib/tcell_agent/policies/dataloss_policy.rb

@@ -110,24 +110,22 @@ module TCellAgent
 
       def get_actions_for_request(context, variable, route_id = nil)
         return nil if context.nil? || variable.nil?
+
         route_id = '*' if route_id.nil?
         if context != RequestProtectionManager::COOKIE
           variable = variable.downcase
         end
         actions = Set.new
         if @request_filter_actions.key?(context)
-          if @request_filter_actions[context].key?(route_id)
-            if @request_filter_actions[context][route_id].key?(variable)
-              actions.merge(@request_filter_actions[context][route_id][variable])
-            end
+          if @request_filter_actions[context].key?(route_id) && @request_filter_actions[context][route_id].key?(variable)
+            actions.merge(@request_filter_actions[context][route_id][variable])
           end
-          if route_id != '*' && @request_filter_actions[context].key?('*')
-            if @request_filter_actions[context]['*'].key?(variable)
-              actions.merge(@request_filter_actions[context]['*'][variable])
-            end
+          if route_id != '*' && @request_filter_actions[context].key?('*') && @request_filter_actions[context]['*'].key?(variable)
+            actions.merge(@request_filter_actions[context]['*'][variable])
           end
         end
         return nil if actions.size <= 0
+
         actions
       end
 
@@ -136,12 +134,16 @@ module TCellAgent
         actions = Set.new
         [database, '*'].each do |d|
           next if @database_actions.key?(d) == false
+
           [schema, '*'].each do |s|
             next if @database_actions[d].key?(s) == false
+
             [table, '*'].each do |t|
               next if @database_actions[d][s].key?(t) == false
+
               [field, '*'].each do |f|
                 next if @database_actions[d][s][t].key?(f) == false
+
                 route_id_rules = @database_actions[d][s][t][f]
                 if route_id_rules.key?(route_id)
                   actions.merge(@database_actions[d][s][t][f][route_id])
@@ -154,6 +156,7 @@ module TCellAgent
           end
         end
         return nil if actions.empty?
+
         actions
       end
 
@@ -240,8 +243,10 @@ module TCellAgent
             end
 
             next unless context && @request_filter_actions.key?(context) && variables && options
+
             filter_actions = DataLossPolicy.actions_from_json(options)
             next if filter_actions.nil?
+
             @enabled = true
             filter_actions.action_id = rule_id
             variables.each do |variable|
@@ -258,8 +263,10 @@ module TCellAgent
         end
 
         return unless data_json.key?('db_protections')
+
         protections = data_json['db_protections']
         return unless protections
+
         protections.each do |protection_json|
           scope = protection_json.fetch('scope', nil)
           databases = protection_json.fetch('databases', ['*'])

data/lib/tcell_agent/policies/headers_policy.rb

@@ -14,10 +14,10 @@ module TCellAgent
         @enabled = enablements['headers'] || false
       end
 
-      def get_headers(tcell_context)
+      def get_headers(content_type, tcell_context)
         return [] unless @enabled
 
-        response = @native_agent.get_headers(tcell_context)
+        response = @native_agent.get_headers(content_type, tcell_context)
         response['headers'] || []
       end
     end

data/lib/tcell_agent/policies/patches_policy.rb

@@ -17,10 +17,14 @@ module TCellAgent
       def block_request?(appsensor_meta)
         return false unless @enabled
 
-        response = @native_agent.apply_patches(
-          appsensor_meta
-        )
-        !response['apply_response'].nil? && response['apply_response']['status'] == 'Blocked'
+        quick_check_response = @native_agent.apply_suspicious_quick_check(appsensor_meta)
+
+        if quick_check_response == 1
+          response = @native_agent.apply_patches(appsensor_meta)
+          return !response['apply_response'].nil? && response['apply_response']['status'] == 'Blocked'
+        end
+
+        quick_check_response == 2
       end
     end
   end

data/lib/tcell_agent/policies/policies_manager.rb

@@ -47,6 +47,7 @@ module TCellAgent
       TCellAgent::Instrumentation.safe_block('Setting DLP policy') do
         dlp_api_identifier = TCellAgent::Policies::DataLossPolicy.api_identifier
         return unless policies_json.key?(dlp_api_identifier)
+
         @policies[dlp_api_identifier] = TCellAgent::Policies::DataLossPolicy.new(
           policies_json[dlp_api_identifier]
         )

data/lib/tcell_agent/policies/policy_polling.rb

@@ -20,6 +20,7 @@ module TCellAgent
 
       @policy_polling_worker_mutex.synchronize do
         return if policy_polling_running?
+
         start_policy_polling_loop(native_agent)
       end
     end
@@ -44,9 +45,9 @@ module TCellAgent
               policies_and_enablements['enablements'],
               policies_and_enablements['policies']
             )
-          rescue StandardError => standard_error
-            module_logger.error("Error in polling policies: #{standard_error.message}")
-            module_logger.exception(standard_error)
+          rescue StandardError => e
+            module_logger.error("Error in polling policies: #{e.message}")
+            module_logger.exception(e)
           end
 
           # TODO(ralba): this might need to be changed to see how it affects performance

data/lib/tcell_agent/rails/auth/doorkeeper.rb

@@ -14,6 +14,7 @@ module TCellAgent
           tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
 
           return unless tcell_data
+
           headers = request.env
 
           if result.is_a?(Doorkeeper::OAuth::TokenResponse)

data/lib/tcell_agent/rails/better_ip.rb

@@ -4,28 +4,16 @@ require 'tcell_agent/instrumentation'
 module TCellAgent
   module Utils
     module Rails
-      def self.better_ip(request)
-        if TCellAgent.configuration.reverse_proxy
-          TCellAgent::Instrumentation.safe_block('Extracting reverse proxy IP') do
-            reverse_proxy_header = TCellAgent.configuration.reverse_proxy_ip_address_header
-            reverse_proxy_header = if TCellAgent::Utils::Strings.present?(reverse_proxy_header)
-                                     'HTTP_' + reverse_proxy_header.upcase.tr('-', '_')
-                                   else
-                                     'HTTP_X_FORWARDED_FOR'
-                                   end
+      def self.reverse_proxy_header(request)
+        return unless TCellAgent.configuration.reverse_proxy
 
-            x_forwarded_for = request.env[reverse_proxy_header]
-            ip = if TCellAgent::Utils::Strings.present?(x_forwarded_for)
-                   x_forwarded_for.split(',')[0].strip
-                 else
-                   request.ip
-                 end
+        TCellAgent::Instrumentation.safe_block('Extracting reverse proxy header') do
+          reverse_proxy_header = TCellAgent.configuration.reverse_proxy_ip_address_header
 
-            return ip
-          end
-        end
+          return if reverse_proxy_header.nil? || reverse_proxy_header.empty?
 
-        request.ip
+          return request.env["HTTP_#{reverse_proxy_header.upcase.tr('-', '_')}"]
+        end
       end
     end
   end