tcell_agent 2.3.0 → 2.5.1

data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 module TCellAgent
   module Instrumentation
     describe RouteId do
-      TCELL_CONTEXT_KEY = TCellAgent::Instrumentation::TCELL_ID
+      tcell_context_key = TCellAgent::Instrumentation::TCELL_ID
 
       describe '.update_context' do
         context 'with nil route' do
@@ -11,7 +11,7 @@ module TCellAgent
             tcell_context = TCellData.new
             tcell_context.route_id = nil
 
-            RouteId.update_context({ TCELL_CONTEXT_KEY => tcell_context }, {}, nil)
+            RouteId.update_context({ tcell_context_key => tcell_context }, {}, nil)
 
             expect(tcell_context.route_id).to eq(nil)
             expect(tcell_context.grape_mount_endpoint).to eq(nil)
@@ -41,7 +41,7 @@ module TCellAgent
 
             expect(TCellAgent::Instrumentation).to receive(:grape_route?).with(route).and_return(false)
 
-            RouteId.update_context({ TCELL_CONTEXT_KEY => tcell_context }, { :id => 1 }, route)
+            RouteId.update_context({ tcell_context_key => tcell_context }, { :id => 1 }, route)
 
             expect(tcell_context.route_id).to eq(
               TCellAgent::SensorEvents::Util.calculate_route_id('GET', '/some/regular/path')
@@ -64,7 +64,7 @@ module TCellAgent
 
             expect(TCellAgent::Instrumentation).to receive(:grape_route?).with(route).and_return(true)
 
-            RouteId.update_context({ TCELL_CONTEXT_KEY => tcell_context }, { :id => 1 }, route)
+            RouteId.update_context({ tcell_context_key => tcell_context }, { :id => 1 }, route)
 
             expect(tcell_context.route_id).to eq(nil)
             expect(tcell_context.grape_mount_endpoint).to eq('/grape_api')

data/spec/lib/tcell_agent/settings_reporter_spec.rb

@@ -27,26 +27,12 @@ module TCellAgent
       ).at_least(:once)
       expect(TCellAgent).to receive(:logger).and_return(logger).at_least(:once)
       expect(Thread).to receive(:new).and_yield
-      expect(logger).to receive(:debug).with('TCellAgent::SensorEvents::ServerAgentDetailsSensorEvent', 'User unknown')
-      expect(logger).to receive(:debug).with('TCellAgent::SensorEvents::ServerAgentDetailsSensorEvent', 'Group unknown')
-      expect(TCellAgent).to receive(:send_event).with(
-        {
-          'event_type' => 'server_agent_details',
-          'user' => 'unknown',
-          'group' => 'unknown'
-        }
-      )
+
       expect(logger).to receive(:debug).with(anything, anything).at_least(:once)
       expect(TCellAgent).to receive(:send_event).with(
         hash_including('event_type' => 'server_agent_packages')
-      ) # packages event
-      expect(TCellAgent).to receive(:send_event).with(
-        {
-          'event_type' => 'server_agent_details',
-          'language' => 'Ruby',
-          'language_version' => RUBY_VERSION
-        }
       )
+
       expect(TCellAgent).to receive(:send_event).with(
         {
           'event_type' => 'app_config_setting',

data/spec/lib/tcell_agent/tcell_context_spec.rb

@@ -4,9 +4,9 @@ module TCellAgent
   describe MetaData do
     describe '#set_headers_dict' do
       it 'should set all headers that start with http and skip cookies' do
-        method = remote_address = route_id = session_id = user_id = transaction_id = location = nil
+        method = remote_address = route_id = session_id = user_id = transaction_id = location = reverse_proxy_header_value = nil
 
-        meta = MetaData.new(method, remote_address, route_id, session_id, user_id, transaction_id, location)
+        meta = MetaData.new(method, remote_address, route_id, session_id, user_id, transaction_id, location, reverse_proxy_header_value)
         meta.headers_dict = {
           'rack.version' => [1, 2],
           'REQUEST_METHOD' => 'POST',
@@ -24,9 +24,9 @@ module TCellAgent
       end
 
       it 'should set all headers that start with http and include content_length and content_type' do
-        method = remote_address = route_id = session_id = user_id = transaction_id = location = nil
+        method = remote_address = route_id = session_id = user_id = transaction_id = location = reverse_proxy_header_value = nil
 
-        meta = MetaData.new(method, remote_address, route_id, session_id, user_id, transaction_id, location)
+        meta = MetaData.new(method, remote_address, route_id, session_id, user_id, transaction_id, location, reverse_proxy_header_value)
         meta.headers_dict = {
           'REQUEST_METHOD' => 'POST',
           'HTTP_VERSION' => 'HTTP/1.1',
@@ -71,7 +71,8 @@ module TCellAgent
           'session_id',
           'user_id',
           'transaction_id',
-          'http://test.com'
+          'http://test.com',
+          '0.0.0.0'
         )
       end
 

data/spec/spec_helper.rb

@@ -12,12 +12,14 @@ end
 ENV['TCELL_AGENT_SERVER'] = 'mock'
 require File.join(File.dirname(__FILE__), '..', 'lib', 'tcell_agent')
 
-Dir[File.join(File.dirname(__FILE__), 'support', '**', '*.rb')].each { |f| require f }
+Dir[File.join(File.dirname(__FILE__), 'support', '**', '*.rb')].sort.each { |f| require f }
 
 def get_test_resource_path(name)
   File.join(File.dirname(__FILE__), 'support', 'resources', name)
 end
 
+NEW_FILE_NAME ||= "/tmp/#{SecureRandom.uuid}".freeze
+
 require 'tcell_agent/agent'
 require 'tcell_agent/rails/routes'
 

data/spec/support/builders.rb

@@ -73,7 +73,8 @@ module TCellAgent
           'session-id',
           'user-id',
           SecureRandom.uuid,
-          'http://domain.com/some/path?hide-my-value=sensitive'
+          'http://domain.com/some/path?hide-my-value=sensitive',
+          '0.0.0.0'
         )
 
         @meta_data.path = '/some/path'

data/spec/support/server_mocks/{puma_mock.rb → puma_mock_1.rb}

@@ -2,7 +2,7 @@
 
 module Puma
   class Server
-    def run; end
+    def run(background = true, thread_name: 'server'); end
   end
 
   class Config
@@ -14,4 +14,8 @@ module Puma
   def self.cli_config
     Config
   end
+
+  module Const
+    PUMA_VERSION = '5.1.0'
+  end
 end

data/spec/support/server_mocks/puma_mock_2.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Puma
+  class Server
+    def run(background = true, thread_name: 'server'); end
+  end
+
+  class Runner
+    def start_server; end
+  end
+
+  class Config
+    def self.options
+      { :preload_app => true,
+        :workers => 0 }
+    end
+  end
+
+  def self.cli_config
+    Config
+  end
+
+  module Const
+    PUMA_VERSION = '5.1.0'
+  end
+end

data/spec/support/server_mocks/puma_mock_3.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Puma
+  class Server
+    def run(background = true, thread_name: 'server'); end
+  end
+
+  class Config
+    def self.options
+      { :preload_app => true,
+        :workers => 1 }
+    end
+  end
+
+  def self.cli_config
+    Config
+  end
+
+  module Const
+    PUMA_VERSION = '5.1.0'
+  end
+end

data/spec/support/shared_spec.rb

@@ -0,0 +1,29 @@
+def test_ruby2_ruby3_keywords(cls, func, args, options, res, min_ruby = '2.0.0')
+  ruby_version = Gem::Version.new(RUBY_VERSION)
+
+  context 'using ruby2_3 helper function' do
+    after(:each) do
+      expect(@result).to eq res unless res.nil?
+    end
+
+    if ruby_version >= Gem::Version.new(min_ruby) && \
+       ruby_version < Gem::Version.new('3.0.0')
+      # This spec tests the following format:
+      #   File.new('/dev/null', 'w', 0o644, { :binmode => true })
+      it 'behaves correctly in ruby < 2.7' do
+        args_cp = Array.new(args)
+        args_cp << options
+
+        @result = cls.send(func, *args_cp)
+      end
+    end
+
+    if ruby_version >= Gem::Version.new(min_ruby)
+      # This spec tests the following format:
+      #   File.new('/dev/null', 'w', 0o644, :binmode => true )
+      it 'behaves correctly in ruby >= 3.0' do
+        @result = cls.send(func, *args, **options)
+      end
+    end
+  end
+end

data/tcell_agent.gemspec

@@ -6,23 +6,23 @@ require 'tcell_agent/version'
 Gem::Specification.new do |spec|
   spec.name          = 'tcell_agent'
   spec.version       = TCellAgent::VERSION
-  spec.authors       = %w[Rafael]
-  spec.email         = ['rafael@tcell.io']
-  spec.summary       = 'tCell.io Agent for Rails'
-  spec.description   = 'This agent allows users to use the tCell.io service with their Rails app.'
-  spec.homepage      = 'https://www.tcell.io'
-  spec.license       = 'Copyright (c) 2017 tCell.io (see LICENSE file)'
+  spec.authors       = 'Rapid7, Inc.'
+  spec.summary       = 'tCell Agent for Rails'
+  spec.description   = 'This agent allows users to use the tCell service with their Rails app.'
+  spec.homepage      = 'https://www.rapid7.com/tcell'
+  spec.license       = 'Copyright (c) 2020 Rapid7, Inc. (see LICENSE file)'
 
   spec.files = Dir[
-    'Rakefile',
+    'README.md',
+    'LICENSE',
+    'tcell_agent.gemspec',
+    'spec/**/*',
     'lib/tcell_agent.rb',
-    '{lib/tcell_agent,spec}/**/*',
-    'lib/tcell_agent/rust/libtcellagent-*.so',
-    'lib/tcell_agent/rust/libtcellagent-*.dylib',
-    'lib/tcell_agent/rust/tcellagent-*.dll',
-    'README*',
-    'LICENSE*',
-    'tcell_agent.gemspec'
+    'lib/tcell_agent/**/*rb',
+    'lib/tcell_agent/rust/libtcellagent.dylib',
+    'lib/tcell_agent/rust/libtcellagent.so',
+    'lib/tcell_agent/rust/libtcellagent-alpine.so',
+    'lib/tcell_agent/rust/libtcellagent-x64.dll',
   ]
   spec.executables   = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tcell_agent
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.5.1
 platform: ruby
 authors:
-- Rafael
+- Rapid7, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-20 00:00:00.000000000 Z
+date: 2021-11-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -94,10 +94,8 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: This agent allows users to use the tCell.io service with their Rails
-  app.
-email:
-- rafael@tcell.io
+description: This agent allows users to use the tCell service with their Rails app.
+email: 
 executables:
 - tcell_agent
 extensions: []
@@ -105,7 +103,6 @@ extra_rdoc_files: []
 files:
 - LICENSE
 - README.md
-- Rakefile
 - bin/tcell_agent
 - lib/tcell_agent.rb
 - lib/tcell_agent/agent.rb
@@ -118,9 +115,12 @@ files:
 - lib/tcell_agent/instrumentation.rb
 - lib/tcell_agent/instrumentation/cmdi.rb
 - lib/tcell_agent/instrumentation/lfi.rb
-- lib/tcell_agent/instrumentation/monkey_patches/file.rb
-- lib/tcell_agent/instrumentation/monkey_patches/io.rb
-- lib/tcell_agent/instrumentation/monkey_patches/kernel.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_2/file.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_2/io.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_2/kernel.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_3/file.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_3/io.rb
+- lib/tcell_agent/instrumentation/monkey_patches/ruby_3/kernel.rb
 - lib/tcell_agent/logger.rb
 - lib/tcell_agent/patches.rb
 - lib/tcell_agent/policies/appfirewall_policy.rb
@@ -163,14 +163,14 @@ files:
 - lib/tcell_agent/rails/tcell_body_proxy.rb
 - lib/tcell_agent/routes/table.rb
 - lib/tcell_agent/rust/agent_config.rb
-- lib/tcell_agent/rust/libtcellagent-6.2.1.dylib
-- lib/tcell_agent/rust/libtcellagent-6.2.1.so
-- lib/tcell_agent/rust/libtcellagent-alpine-6.2.1.so
+- lib/tcell_agent/rust/libtcellagent-alpine.so
+- lib/tcell_agent/rust/libtcellagent-x64.dll
+- lib/tcell_agent/rust/libtcellagent.dylib
+- lib/tcell_agent/rust/libtcellagent.so
 - lib/tcell_agent/rust/models.rb
 - lib/tcell_agent/rust/native_agent.rb
 - lib/tcell_agent/rust/native_agent_response.rb
 - lib/tcell_agent/rust/native_library.rb
-- lib/tcell_agent/rust/tcellagent-6.2.1.dll
 - lib/tcell_agent/sensor_events/agent_setting_event.rb
 - lib/tcell_agent/sensor_events/app_config_setting_event.rb
 - lib/tcell_agent/sensor_events/discovery.rb
@@ -193,6 +193,7 @@ files:
 - lib/tcell_agent/utils/params.rb
 - lib/tcell_agent/utils/strings.rb
 - lib/tcell_agent/version.rb
+- spec/cruby_spec_helper.rb
 - spec/lib/tcell_agent/configuration_spec.rb
 - spec/lib/tcell_agent/hooks/login_fraud_spec.rb
 - spec/lib/tcell_agent/instrument_servers_spec.rb
@@ -241,15 +242,18 @@ files:
 - spec/support/resources/lfi_sample_file.txt
 - spec/support/resources/normal_config.json
 - spec/support/server_mocks/passenger_mock.rb
-- spec/support/server_mocks/puma_mock.rb
+- spec/support/server_mocks/puma_mock_1.rb
+- spec/support/server_mocks/puma_mock_2.rb
+- spec/support/server_mocks/puma_mock_3.rb
 - spec/support/server_mocks/rails_mock.rb
 - spec/support/server_mocks/thin_mock.rb
 - spec/support/server_mocks/unicorn_mock.rb
+- spec/support/shared_spec.rb
 - spec/support/static_agent_overrides.rb
 - tcell_agent.gemspec
-homepage: https://www.tcell.io
+homepage: https://www.rapid7.com/tcell
 licenses:
-- Copyright (c) 2017 tCell.io (see LICENSE file)
+- Copyright (c) 2020 Rapid7, Inc. (see LICENSE file)
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -268,11 +272,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.2.22
 signing_key: 
 specification_version: 4
-summary: tCell.io Agent for Rails
+summary: tCell Agent for Rails
 test_files:
+- spec/cruby_spec_helper.rb
 - spec/lib/tcell_agent/configuration_spec.rb
 - spec/lib/tcell_agent/hooks/login_fraud_spec.rb
 - spec/lib/tcell_agent/instrument_servers_spec.rb
@@ -321,8 +326,11 @@ test_files:
 - spec/support/resources/lfi_sample_file.txt
 - spec/support/resources/normal_config.json
 - spec/support/server_mocks/passenger_mock.rb
-- spec/support/server_mocks/puma_mock.rb
+- spec/support/server_mocks/puma_mock_1.rb
+- spec/support/server_mocks/puma_mock_2.rb
+- spec/support/server_mocks/puma_mock_3.rb
 - spec/support/server_mocks/rails_mock.rb
 - spec/support/server_mocks/thin_mock.rb
 - spec/support/server_mocks/unicorn_mock.rb
+- spec/support/shared_spec.rb
 - spec/support/static_agent_overrides.rb

data/Rakefile

@@ -1,18 +0,0 @@
-require 'rspec/core/rake_task'
-
-RSpec::Core::RakeTask.new(:spec)
-
-desc 'Run tests'
-task :default => [:spec]
-task :test => :spec
-
-task 'init-integration-tests' do
-  system('docker-compose run railsintegration224 bundle install')
-  system('docker-compose run railsintegration224 bundle exec rake db:create db:setup')
-  system('docker-compose stop')
-end
-
-task 'integration-test' do
-  system('docker-compose up railsintegration224')
-  system('docker-compose stop')
-end

data/lib/tcell_agent/instrumentation/monkey_patches/file.rb

@@ -1,25 +0,0 @@
-class File
-  class << self
-    alias_method :tcell_original_new, :new
-    def new(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_new(*args, &block)
-    end
-
-    alias_method :tcell_original_open, :open
-    def open(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_open(*args, &block)
-    end
-  end
-end

data/lib/tcell_agent/instrumentation/monkey_patches/io.rb

@@ -1,131 +0,0 @@
-class IO
-  class << self
-    alias_method :tcell_original_binread, :binread
-    def binread(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      if path.empty?
-        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-        if cmd && TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-
-      tcell_original_binread(*args, &block)
-    end
-
-    alias_method :tcell_original_binwrite, :binwrite
-    def binwrite(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Write'
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_binwrite(*args, &block)
-    end
-
-    alias_method :tcell_original_foreach, :foreach
-    def foreach(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_foreach(*args, &block)
-    end
-
-    alias_method :tcell_original_popen, :popen
-    def popen(*args, &block)
-      unless args.empty?
-        cmd = ''
-
-        TCellAgent::Instrumentation.safe_block('CMDI Parsing popen *args') do
-          args_copy = Array.new(args)
-          args_copy.shift if args_copy.first.is_a?(Hash)
-          args_copy.pop if args_copy.last.is_a?(Hash)
-
-          cmd = if args_copy.first.is_a?(String)
-                  args_copy.shift
-                else
-                  TCellAgent::Cmdi.parse_command(*args_copy.shift)
-                end
-        end
-
-        if TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-
-      tcell_original_popen(*args, &block)
-    end
-
-    alias_method :tcell_original_read, :read
-    def read(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-
-      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      if path.empty?
-        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-        if cmd && TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-
-      tcell_original_read(*args, &block)
-    end
-
-    alias_method :tcell_original_readlines, :readlines
-    def readlines(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Read'
-
-      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      if path.empty?
-        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-        if cmd && TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
-
-      tcell_original_readlines(*args, &block)
-    end
-
-    alias_method :tcell_original_sysopen, :sysopen
-    def sysopen(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_sysopen(*args, &block)
-    end
-
-    alias_method :tcell_original_write, :write
-    def write(*args, &block)
-      path, _mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-      mode = 'Write'
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_write(*args, &block)
-    end
-  end
-end

data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb

@@ -1,102 +0,0 @@
-module Kernel
-  private
-
-  alias_method :tcell_original_backtick, :`
-  alias_method :tcell_original_exec, :exec
-  alias_method :tcell_original_open, :open
-  alias_method :tcell_original_gets, :gets
-  alias_method :tcell_original_readline, :readline
-  alias_method :tcell_original_spawn, :spawn
-  alias_method :tcell_original_system, :system
-
-  class << self
-    alias_method :tcell_original_exec, :exec
-    alias_method :tcell_original_open, :open
-    alias_method :tcell_original_gets, :gets
-    alias_method :tcell_original_readline, :readline
-    alias_method :tcell_original_spawn, :spawn
-    alias_method :tcell_original_system, :system
-  end
-
-  def `(cmd)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-
-    tcell_original_backtick(cmd)
-  end
-
-  if TCellAgent.configuration.should_instrument?('kernel_exec')
-    def exec(*args)
-      cmd = TCellAgent::Cmdi.parse_command(*args)
-      if TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-
-      tcell_original_exec(*args)
-    end
-  end
-
-  def gets(*args, &block)
-    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-
-    if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-    end
-
-    tcell_original_gets(*args, &block)
-  end
-
-  def open(*args, &block)
-    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-    if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-    end
-
-    if path.empty?
-      cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-      if cmd && TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-    end
-
-    tcell_original_open(*args, &block)
-  end
-
-  def readline(*args, &block)
-    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-
-    if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-    end
-
-    tcell_original_readline(*args, &block)
-  end
-
-  def spawn(*args)
-    cmd = TCellAgent::Cmdi.parse_command(*args)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-
-    tcell_original_spawn(*args)
-  end
-
-  def system(*args)
-    cmd = TCellAgent::Cmdi.parse_command(*args)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-    end
-
-    tcell_original_system(*args)
-  end
-
-  module_function :`
-  module_function :exec
-  module_function :gets
-  module_function :open
-  module_function :readline
-  module_function :spawn
-  module_function :system
-end