tcell_agent 2.4.1 → 2.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/tcell_agent/config_initializer.rb +2 -1
- data/lib/tcell_agent/rails/dlp_handler.rb +2 -3
- data/lib/tcell_agent/rails/js_agent_insert.rb +16 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +4 -15
- data/lib/tcell_agent/rails/responses.rb +0 -12
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +17 -28
- data/lib/tcell_agent/rust/agent_config.rb +3 -0
- data/lib/tcell_agent/rust/libtcellagent-alpine.so +0 -0
- data/lib/tcell_agent/rust/libtcellagent-x64.dll +0 -0
- data/lib/tcell_agent/rust/libtcellagent.dylib +0 -0
- data/lib/tcell_agent/rust/libtcellagent.so +0 -0
- data/lib/tcell_agent/rust/native_agent.rb +3 -1
- data/lib/tcell_agent/servers/puma.rb +3 -3
- data/lib/tcell_agent/servers/rack_puma_handler.rb +1 -1
- data/lib/tcell_agent/servers/webrick.rb +3 -3
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/instrument_servers_spec.rb +42 -7
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +8 -8
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +1 -2
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +12 -27
- data/spec/support/server_mocks/{puma_mock.rb → puma_mock_1.rb} +2 -2
- data/spec/support/server_mocks/puma_mock_2.rb +26 -0
- data/spec/support/server_mocks/puma_mock_3.rb +22 -0
- metadata +9 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '09032f5bacc3305b6352d99279a99270ad1d96deb7aa95588c59b61d85165946'
|
|
4
|
+
data.tar.gz: 57830dec1e6545294988905b712cd67cd9101cfa236f899af95172c923e36187
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5147a583d4f347664b82eac85f2827dad3c7629710eb771566bd24232f0604b9ce714852b9d07965652b1b3c9a365f8cedc138222adfdc73b38fc1abe87eafbe
|
|
7
|
+
data.tar.gz: df84e1061be6068d3fbde1d40afd27bcea94e623fb87dcd2188ce45d407cede03eb814757e9cf771867c8628d32f81230a02234f900a66334452f32169847d7a
|
|
@@ -9,7 +9,8 @@ module TCellAgent
|
|
|
9
9
|
:reverse_proxy_ip_address_header, :host_identifier,
|
|
10
10
|
:hmac_key, :password_hmac_key,
|
|
11
11
|
:js_agent_url, :js_agent_api_base_url,
|
|
12
|
-
:max_csp_header_bytes, :allow_payloads
|
|
12
|
+
:max_csp_header_bytes, :allow_payloads,
|
|
13
|
+
:proxy_url, :proxy_username, :proxy_password
|
|
13
14
|
|
|
14
15
|
attr_reader :logging_options
|
|
15
16
|
|
|
@@ -33,14 +33,13 @@ module TCellAgent
|
|
|
33
33
|
response
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
-
def self.get_handler_and_context(request
|
|
36
|
+
def self.get_handler_and_context(request)
|
|
37
37
|
dlp_handler = nil
|
|
38
38
|
tcell_context = nil
|
|
39
39
|
|
|
40
40
|
TCellAgent::Instrumentation.safe_block('DLP Handler get handler and context') do
|
|
41
41
|
if TCellAgent.configuration.should_instrument? &&
|
|
42
|
-
TCellAgent.configuration.should_intercept_requests?
|
|
43
|
-
TCellAgent::Utils::Rails.processable_response?(response_headers)
|
|
42
|
+
TCellAgent.configuration.should_intercept_requests?
|
|
44
43
|
|
|
45
44
|
# do all this work so that dlp doesn't run at all unless it's on and there
|
|
46
45
|
# are rules to run
|
|
@@ -5,6 +5,21 @@ module TCellAgent
|
|
|
5
5
|
module Rails
|
|
6
6
|
module JSAgent
|
|
7
7
|
HEAD_SEARCH_REGEX = Regexp.new('(<head>|<head( |\n).*?>)', Regexp::IGNORECASE)
|
|
8
|
+
def self.insert_js_agent?(response_headers)
|
|
9
|
+
content_disposition = response_headers['Content-Disposition']
|
|
10
|
+
is_attachment = content_disposition && content_disposition =~ /^attachment/i
|
|
11
|
+
|
|
12
|
+
content_type = response_headers['Content-Type']
|
|
13
|
+
applicable_content_type = content_type &&
|
|
14
|
+
content_type.start_with?('text/html')
|
|
15
|
+
|
|
16
|
+
content_encoding = response_headers['Content-Encoding']
|
|
17
|
+
compressed_content_encoding = content_encoding &&
|
|
18
|
+
(content_encoding =~ /(br|gzip)/i)
|
|
19
|
+
|
|
20
|
+
!is_attachment && applicable_content_type && !compressed_content_encoding
|
|
21
|
+
end
|
|
22
|
+
|
|
8
23
|
def self.insert_now(js_agent_handler, script_insert, rack_body, content_length)
|
|
9
24
|
TCellAgent::Instrumentation.safe_block('Handling JSAgent Insert Now') do
|
|
10
25
|
if js_agent_handler
|
|
@@ -43,7 +58,7 @@ module TCellAgent
|
|
|
43
58
|
script_insert = nil
|
|
44
59
|
|
|
45
60
|
TCellAgent::Instrumentation.safe_block('JSAgent get handler and script insert') do
|
|
46
|
-
return [nil, nil] unless (response_headers
|
|
61
|
+
return [nil, nil] unless insert_js_agent?(response_headers)
|
|
47
62
|
|
|
48
63
|
js_agent_policy = TCellAgent.policy(TCellAgent::PolicyTypes::JSAGENTINJECTION)
|
|
49
64
|
script_insert = js_agent_policy.get_js_agent_script_tag(
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
require 'tcell_agent/instrumentation'
|
|
2
2
|
require 'tcell_agent/rails/responses'
|
|
3
3
|
require 'tcell_agent/rails/js_agent_insert'
|
|
4
|
-
require 'tcell_agent/rails/dlp_handler'
|
|
5
4
|
require 'tcell_agent/rails/tcell_body_proxy'
|
|
6
5
|
|
|
7
6
|
module TCellAgent
|
|
@@ -22,7 +21,7 @@ module TCellAgent
|
|
|
22
21
|
TCellAgent::Instrumentation.safe_block('Handling Request') do
|
|
23
22
|
tcell_response = response
|
|
24
23
|
unless request.env[TCellAgent::Instrumentation::TCELL_ID].patches_blocking_triggered
|
|
25
|
-
tcell_response =
|
|
24
|
+
tcell_response = _handle_appsensor_js_agent(request, tcell_response)
|
|
26
25
|
end
|
|
27
26
|
tcell_response = _handle_redirect(request, tcell_response)
|
|
28
27
|
tcell_response = _set_headers(request, tcell_response)
|
|
@@ -77,14 +76,12 @@ module TCellAgent
|
|
|
77
76
|
response
|
|
78
77
|
end
|
|
79
78
|
|
|
80
|
-
def
|
|
79
|
+
def _handle_appsensor_js_agent(request, response)
|
|
81
80
|
TCellAgent::Instrumentation.safe_block('Handling AppSensor, JS Agent, and DLP') do
|
|
82
81
|
status_code, response_headers, response_body = response
|
|
83
82
|
|
|
84
83
|
js_agent_handler, script_insert =
|
|
85
84
|
TCellAgent::Instrumentation::Rails::JSAgent.get_handler_and_script_insert(request, response_headers)
|
|
86
|
-
dlp_handler, tcell_context =
|
|
87
|
-
TCellAgent::Instrumentation::Rails::DLPHandler.get_handler_and_context(request, response_headers)
|
|
88
85
|
|
|
89
86
|
content_length = 0
|
|
90
87
|
defer_appfw_due_to_streaming = false
|
|
@@ -97,29 +94,21 @@ module TCellAgent
|
|
|
97
94
|
|
|
98
95
|
# when content length is present it can be inferred that the
|
|
99
96
|
# response is not a streaming response, so js agent insertion
|
|
100
|
-
#
|
|
97
|
+
# can be done up front
|
|
101
98
|
response_body, content_length =
|
|
102
99
|
TCellAgent::Instrumentation::Rails::JSAgent.insert_now(js_agent_handler,
|
|
103
100
|
script_insert,
|
|
104
101
|
response_body,
|
|
105
102
|
content_length)
|
|
106
103
|
|
|
107
|
-
response_body, content_length =
|
|
108
|
-
TCellAgent::Instrumentation::Rails::DLPHandler.report_and_redact_now(dlp_handler,
|
|
109
|
-
tcell_context,
|
|
110
|
-
response_body,
|
|
111
|
-
content_length)
|
|
112
|
-
|
|
113
104
|
response_headers['Content-Length'] = content_length.to_s
|
|
114
105
|
|
|
115
106
|
elsif response_body.is_a?(Rack::BodyProxy)
|
|
116
107
|
response_body = TCellAgent::Instrumentation::Rails::TCellBodyProxy.new(
|
|
117
108
|
response_body,
|
|
118
|
-
TCellAgent::Utils::Rails.processable_response?(response_headers),
|
|
119
109
|
js_agent_handler,
|
|
120
110
|
script_insert,
|
|
121
|
-
|
|
122
|
-
tcell_context
|
|
111
|
+
response_headers
|
|
123
112
|
)
|
|
124
113
|
defer_appfw_due_to_streaming = true
|
|
125
114
|
end
|
|
@@ -7,18 +7,6 @@ module TCellAgent
|
|
|
7
7
|
STATUSES_MISSING_CONTENT_LENGTH.include?(status_code.to_i) ||
|
|
8
8
|
(headers['Content-Length'] && headers['Content-Length'].to_i.zero?)
|
|
9
9
|
end
|
|
10
|
-
|
|
11
|
-
def self.processable_response?(response_headers)
|
|
12
|
-
content_disposition = response_headers['Content-Disposition']
|
|
13
|
-
is_attachment = content_disposition && content_disposition =~ /^attachment/i
|
|
14
|
-
|
|
15
|
-
content_type = response_headers['Content-Type']
|
|
16
|
-
applicable_content_type = content_type &&
|
|
17
|
-
(content_type =~ %r{application/json}i ||
|
|
18
|
-
content_type =~ %r{application/xml}i ||
|
|
19
|
-
content_type =~ /^text/i)
|
|
20
|
-
!is_attachment && applicable_content_type
|
|
21
|
-
end
|
|
22
10
|
end
|
|
23
11
|
end
|
|
24
12
|
end
|
|
@@ -4,27 +4,17 @@ module TCellAgent
|
|
|
4
4
|
module Instrumentation
|
|
5
5
|
module Rails
|
|
6
6
|
class TCellBodyProxy
|
|
7
|
-
attr_accessor :meta_data
|
|
8
|
-
|
|
9
|
-
# for specs
|
|
10
|
-
attr_accessor :content_length
|
|
7
|
+
attr_accessor :content_length, :meta_data
|
|
11
8
|
|
|
12
9
|
def initialize(body,
|
|
13
|
-
process_js_and_dlp,
|
|
14
10
|
js_agent_insertion_proc,
|
|
15
11
|
script_insert,
|
|
16
|
-
|
|
17
|
-
tcell_context)
|
|
12
|
+
response_headers)
|
|
18
13
|
@content_length = 0
|
|
19
14
|
@body = body
|
|
20
|
-
|
|
21
|
-
@process_js_and_dlp = process_js_and_dlp
|
|
22
|
-
|
|
23
15
|
@js_agent_insertion_proc = js_agent_insertion_proc
|
|
24
16
|
@script_insert = script_insert
|
|
25
|
-
|
|
26
|
-
@dlp_cleaner_proc = dlp_cleaner_proc
|
|
27
|
-
@tcell_context = tcell_context
|
|
17
|
+
@response_headers = response_headers
|
|
28
18
|
end
|
|
29
19
|
|
|
30
20
|
def close
|
|
@@ -58,35 +48,34 @@ module TCellAgent
|
|
|
58
48
|
end
|
|
59
49
|
|
|
60
50
|
def process_body(body)
|
|
51
|
+
new_body = body
|
|
61
52
|
TCellAgent::Instrumentation.safe_block('Processing tcell body proxy body') do
|
|
62
53
|
chunked_response_match = nil
|
|
63
|
-
|
|
54
|
+
|
|
55
|
+
if @response_headers['Transfer-Encoding'] == 'chunked' &&
|
|
56
|
+
body.class.name == 'String' &&
|
|
57
|
+
body =~ /^([[:xdigit:]]+)(;.+)?\r\n/
|
|
64
58
|
chunked_response_match = Regexp.last_match(1)
|
|
65
59
|
@content_length += chunked_response_match.to_i(16)
|
|
66
60
|
end
|
|
67
61
|
|
|
68
|
-
new_body = body
|
|
69
62
|
if body.class.name == 'ActionView::OutputBuffer' ||
|
|
70
63
|
(body.class.name == 'String' && !chunked_response_match)
|
|
71
|
-
if @
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
end
|
|
79
|
-
end
|
|
80
|
-
if @dlp_cleaner_proc
|
|
81
|
-
@dlp_cleaner_proc.call(@tcell_context, new_body)
|
|
64
|
+
if @js_agent_insertion_proc
|
|
65
|
+
new_body = @js_agent_insertion_proc.call(@script_insert, body)
|
|
66
|
+
|
|
67
|
+
if new_body != body
|
|
68
|
+
# js agent was successfully inserted so no need to keep
|
|
69
|
+
# calling this proc
|
|
70
|
+
@js_agent_insertion_proc = nil
|
|
82
71
|
end
|
|
83
72
|
end
|
|
84
73
|
|
|
85
74
|
@content_length += new_body.bytesize
|
|
86
75
|
end
|
|
87
|
-
|
|
88
|
-
new_body
|
|
89
76
|
end
|
|
77
|
+
|
|
78
|
+
new_body
|
|
90
79
|
end
|
|
91
80
|
end
|
|
92
81
|
end
|
|
@@ -68,6 +68,9 @@ module TCellAgent
|
|
|
68
68
|
self['log_enabled'] = configuration.logging_options[:enabled]
|
|
69
69
|
self['log_filename'] = configuration.logging_options[:log_filename]
|
|
70
70
|
self['log_level'] = configuration.logging_options[:level]
|
|
71
|
+
self['proxy_url'] = configuration.proxy_url
|
|
72
|
+
self['proxy_username'] = configuration.proxy_username
|
|
73
|
+
self['proxy_password'] = configuration.proxy_password
|
|
71
74
|
self['update_policy'] = configuration.fetch_policies_from_tcell
|
|
72
75
|
end
|
|
73
76
|
end
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -388,7 +388,9 @@ module TCellAgent
|
|
|
388
388
|
:remote_address => tcell_context.remote_address,
|
|
389
389
|
:route_id => tcell_context.route_id,
|
|
390
390
|
:session_id => tcell_context.session_id,
|
|
391
|
-
:user_id => tcell_context.user_id
|
|
391
|
+
:user_id => tcell_context.user_id,
|
|
392
|
+
:method => tcell_context.request_method,
|
|
393
|
+
:request_path => tcell_context.path
|
|
392
394
|
}
|
|
393
395
|
)
|
|
394
396
|
end
|
|
@@ -21,12 +21,12 @@ if defined?(Puma.cli_config)
|
|
|
21
21
|
(Gem::Version.new(Puma::Const::PUMA_VERSION) < Gem::Version.new('5.1.0'))
|
|
22
22
|
def run(background = true)
|
|
23
23
|
TCellAgent.thread_agent.start('Puma')
|
|
24
|
-
|
|
24
|
+
tcell_original_run(background)
|
|
25
25
|
end
|
|
26
26
|
else
|
|
27
27
|
def run(background = true, thread_name: 'server')
|
|
28
28
|
TCellAgent.thread_agent.start('Puma')
|
|
29
|
-
|
|
29
|
+
tcell_original_run(background, :thread_name => thread_name)
|
|
30
30
|
end
|
|
31
31
|
end
|
|
32
32
|
end
|
|
@@ -48,7 +48,7 @@ if defined?(Puma.cli_config)
|
|
|
48
48
|
else
|
|
49
49
|
def run(background = true, thread_name: 'server')
|
|
50
50
|
TCellAgent.thread_agent.start('Puma')
|
|
51
|
-
|
|
51
|
+
tcell_original_run(background, :thread_name => thread_name)
|
|
52
52
|
end
|
|
53
53
|
end
|
|
54
54
|
end
|
|
@@ -15,7 +15,7 @@ Rack::Handler::Puma.class_eval do
|
|
|
15
15
|
(Gem::Version.new(Puma::Const::PUMA_VERSION) >= Gem::Version.new('5.1.0'))
|
|
16
16
|
def run(background = true, thread_name: 'server')
|
|
17
17
|
TCellAgent.thread_agent.start('Puma')
|
|
18
|
-
|
|
18
|
+
tcell_original_run(background, :thread_name => thread_name)
|
|
19
19
|
end
|
|
20
20
|
else
|
|
21
21
|
def run(background = true)
|
|
@@ -1,18 +1,18 @@
|
|
|
1
1
|
Rack::Handler::WEBrick.class_eval do
|
|
2
2
|
class << self
|
|
3
|
-
alias_method :
|
|
3
|
+
alias_method :tcell_original_run, :run
|
|
4
4
|
|
|
5
5
|
if defined?(Gem::Version) &&
|
|
6
6
|
defined?(Rack.release) &&
|
|
7
7
|
Gem::Version.new(Rack.release) < Gem::Version.new('2.2.0')
|
|
8
8
|
def run(app, options = {})
|
|
9
9
|
TCellAgent.thread_agent.start('WEBrick')
|
|
10
|
-
|
|
10
|
+
tcell_original_run(app, options)
|
|
11
11
|
end
|
|
12
12
|
else
|
|
13
13
|
def run(app, **options)
|
|
14
14
|
TCellAgent.thread_agent.start('WEBrick')
|
|
15
|
-
|
|
15
|
+
tcell_original_run(app, **options)
|
|
16
16
|
end
|
|
17
17
|
end
|
|
18
18
|
end
|
data/lib/tcell_agent/version.rb
CHANGED
|
@@ -18,13 +18,34 @@ def test_passenger
|
|
|
18
18
|
expect(PhusionPassenger::LoaderSharedHelpers.instance_methods.include?(:tcell_before_handling_requests))
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
def
|
|
21
|
+
def test_puma1
|
|
22
22
|
expect(Puma.cli_config.options[:preload_app]).to be_falsey
|
|
23
23
|
expect(Puma::Server.instance_methods.include?(:tcell_original_run)).to be_truthy
|
|
24
|
+
|
|
25
|
+
TCellAgent.thread_agent.should_receive(:start).and_return nil
|
|
26
|
+
expect { Puma::Server.new.run }.not_to raise_error
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def test_puma2
|
|
30
|
+
expect(Puma.cli_config.options[:preload_app]).to be_truthy
|
|
31
|
+
Puma.cli_config.options[:workers].should eq 0
|
|
32
|
+
expect(Puma::Runner.instance_methods.include?(:tcell_original_start_server)).to be_truthy
|
|
33
|
+
|
|
34
|
+
TCellAgent.thread_agent.should_receive(:start).and_return nil
|
|
35
|
+
expect { Puma::Runner.new.start_server }.not_to raise_error
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def test_puma3
|
|
39
|
+
expect(Puma.cli_config.options[:preload_app]).to be_truthy
|
|
40
|
+
Puma.cli_config.options[:workers].should eq 1
|
|
41
|
+
expect(Puma::Server.instance_methods.include?(:tcell_original_run)).to be_truthy
|
|
42
|
+
|
|
43
|
+
TCellAgent.thread_agent.should_receive(:start).and_return nil
|
|
44
|
+
expect { Puma::Server.new.run }.not_to raise_error
|
|
24
45
|
end
|
|
25
46
|
|
|
26
47
|
def test_server(filenames, funcs)
|
|
27
|
-
fork do
|
|
48
|
+
pid = fork do
|
|
28
49
|
filenames.each do |file|
|
|
29
50
|
load file
|
|
30
51
|
end
|
|
@@ -35,6 +56,10 @@ def test_server(filenames, funcs)
|
|
|
35
56
|
method(func).call
|
|
36
57
|
end
|
|
37
58
|
end
|
|
59
|
+
|
|
60
|
+
Process.wait(pid)
|
|
61
|
+
|
|
62
|
+
raise 'RSpec test failed. See output above for additional information.' unless $?.exitstatus == 0
|
|
38
63
|
end
|
|
39
64
|
|
|
40
65
|
describe 'instrument_servers' do
|
|
@@ -56,9 +81,19 @@ describe 'instrument_servers' do
|
|
|
56
81
|
end
|
|
57
82
|
|
|
58
83
|
context 'with Puma server' do
|
|
59
|
-
it 'should instrument Puma' do
|
|
60
|
-
mocks = ['spec/support/server_mocks/
|
|
61
|
-
tests = [:
|
|
84
|
+
it 'should instrument Puma, when :preload is false and workers is 0' do
|
|
85
|
+
mocks = ['spec/support/server_mocks/puma_mock_1.rb']
|
|
86
|
+
tests = [:test_puma1]
|
|
87
|
+
test_server(mocks, tests)
|
|
88
|
+
end
|
|
89
|
+
it 'should instrument Puma, when :preload is true and workers is 0' do
|
|
90
|
+
mocks = ['spec/support/server_mocks/puma_mock_2.rb']
|
|
91
|
+
tests = [:test_puma2]
|
|
92
|
+
test_server(mocks, tests)
|
|
93
|
+
end
|
|
94
|
+
it 'should instrument Puma, when :preload is true and workers is 1' do
|
|
95
|
+
mocks = ['spec/support/server_mocks/puma_mock_3.rb']
|
|
96
|
+
tests = [:test_puma3]
|
|
62
97
|
test_server(mocks, tests)
|
|
63
98
|
end
|
|
64
99
|
end
|
|
@@ -83,11 +118,11 @@ describe 'instrument_servers' do
|
|
|
83
118
|
it 'should instrument all servers available' do
|
|
84
119
|
mocks = ['spec/support/server_mocks/rails_mock.rb',
|
|
85
120
|
'spec/support/server_mocks/thin_mock.rb',
|
|
86
|
-
'spec/support/server_mocks/
|
|
121
|
+
'spec/support/server_mocks/puma_mock_1.rb',
|
|
87
122
|
'spec/support/server_mocks/unicorn_mock.rb',
|
|
88
123
|
'spec/support/server_mocks/passenger_mock.rb']
|
|
89
124
|
|
|
90
|
-
tests = %i[test_rails test_thin
|
|
125
|
+
tests = %i[test_rails test_thin test_puma1 test_unicorn test_passenger]
|
|
91
126
|
|
|
92
127
|
test_server(mocks, tests)
|
|
93
128
|
end
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
# rubocop:disable Style/HashSyntax
|
|
2
|
-
# rubocop:disable Lint/UselessAssignment
|
|
3
2
|
|
|
4
3
|
require 'spec_helper'
|
|
5
4
|
require 'securerandom'
|
|
@@ -98,7 +97,7 @@ describe 'File' do
|
|
|
98
97
|
expect(@result.binmode?).to be_truthy
|
|
99
98
|
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
100
99
|
|
|
101
|
-
File.delete(@new_file_name)
|
|
100
|
+
File.delete(@new_file_name)
|
|
102
101
|
end
|
|
103
102
|
|
|
104
103
|
test_ruby2_ruby3_keywords(File,
|
|
@@ -112,8 +111,9 @@ describe 'File' do
|
|
|
112
111
|
context 'with a file blocked for read/write' do
|
|
113
112
|
before(:each) do
|
|
114
113
|
expect(TCellAgent).to receive(:policy).with(
|
|
115
|
-
|
|
116
|
-
|
|
114
|
+
TCellAgent::PolicyTypes::LFI
|
|
115
|
+
).and_return(@local_files_policy)
|
|
116
|
+
|
|
117
117
|
expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
|
|
118
118
|
end
|
|
119
119
|
|
|
@@ -223,8 +223,9 @@ describe 'File' do
|
|
|
223
223
|
context 'with a file blocked for read/write' do
|
|
224
224
|
before(:each) do
|
|
225
225
|
expect(TCellAgent).to receive(:policy).with(
|
|
226
|
-
|
|
227
|
-
|
|
226
|
+
TCellAgent::PolicyTypes::LFI
|
|
227
|
+
).and_return(@local_files_policy)
|
|
228
|
+
|
|
228
229
|
expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
|
|
229
230
|
end
|
|
230
231
|
|
|
@@ -261,5 +262,4 @@ describe 'File' do
|
|
|
261
262
|
end
|
|
262
263
|
end
|
|
263
264
|
|
|
264
|
-
#
|
|
265
|
-
# # rubocop:enable Lint/UselessAssignment
|
|
265
|
+
# rubocop:enable Style/HashSyntax
|
|
@@ -22,8 +22,7 @@ module TCellAgent
|
|
|
22
22
|
it 'appfirewall injections should be checked' do
|
|
23
23
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
24
24
|
Rack::BodyProxy.new(['body']) {},
|
|
25
|
-
|
|
26
|
-
nil, nil, nil, nil
|
|
25
|
+
nil, nil, {}
|
|
27
26
|
)
|
|
28
27
|
tcell_body_proxy.meta_data = @meta_data
|
|
29
28
|
|
|
@@ -48,8 +47,7 @@ module TCellAgent
|
|
|
48
47
|
it 'should check for appfirewall injections' do
|
|
49
48
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
50
49
|
Rack::BodyProxy.new(['body']) {},
|
|
51
|
-
|
|
52
|
-
nil, nil, nil, nil
|
|
50
|
+
nil, nil, {}
|
|
53
51
|
)
|
|
54
52
|
tcell_body_proxy.meta_data = @meta_data
|
|
55
53
|
|
|
@@ -78,8 +76,7 @@ module TCellAgent
|
|
|
78
76
|
it 'should return an enumerator' do
|
|
79
77
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
80
78
|
Rack::BodyProxy.new(['body']) {},
|
|
81
|
-
|
|
82
|
-
nil, nil, nil, nil
|
|
79
|
+
nil, nil, {}
|
|
83
80
|
)
|
|
84
81
|
expect(tcell_body_proxy.each.class.name).to eq('Enumerator')
|
|
85
82
|
end
|
|
@@ -89,15 +86,16 @@ module TCellAgent
|
|
|
89
86
|
context 'with a chunked response' do
|
|
90
87
|
it 'should only calculate content length' do
|
|
91
88
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
92
|
-
Rack::BodyProxy.new(["2d\r\nsome content\r\n"]) {},
|
|
93
|
-
|
|
94
|
-
nil, nil, nil, nil
|
|
89
|
+
Rack::BodyProxy.new(["2d\r\nsome content\r\n", "0\r\n"]) {},
|
|
90
|
+
nil, nil, { 'Transfer-Encoding' => 'chunked' }
|
|
95
91
|
)
|
|
96
92
|
|
|
97
93
|
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
98
94
|
'Processing tcell body proxy body'
|
|
99
95
|
).and_call_original
|
|
100
|
-
|
|
96
|
+
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
97
|
+
'Processing tcell body proxy body'
|
|
98
|
+
).and_call_original
|
|
101
99
|
tcell_body_proxy.each { |b| }
|
|
102
100
|
|
|
103
101
|
expect(tcell_body_proxy.content_length).to eq(45)
|
|
@@ -109,8 +107,7 @@ module TCellAgent
|
|
|
109
107
|
it 'should only calculate content length' do
|
|
110
108
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
111
109
|
Rack::BodyProxy.new(['some content']) {},
|
|
112
|
-
|
|
113
|
-
nil, nil, nil, nil
|
|
110
|
+
nil, nil, {}
|
|
114
111
|
)
|
|
115
112
|
|
|
116
113
|
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
@@ -126,11 +123,9 @@ module TCellAgent
|
|
|
126
123
|
context 'that should be processed' do
|
|
127
124
|
it 'should call js and dlp procs as well as calculate content length' do
|
|
128
125
|
js_agent_insertion_proc = double('js_agent_insertion_proc')
|
|
129
|
-
dlp_cleaner_proc = double('dlp_cleaner_proc')
|
|
130
126
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
131
127
|
Rack::BodyProxy.new(['some content']) {},
|
|
132
|
-
|
|
133
|
-
js_agent_insertion_proc, 'script_insert', dlp_cleaner_proc, nil
|
|
128
|
+
js_agent_insertion_proc, 'script_insert', {}
|
|
134
129
|
)
|
|
135
130
|
|
|
136
131
|
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
@@ -139,7 +134,6 @@ module TCellAgent
|
|
|
139
134
|
expect(js_agent_insertion_proc).to receive(:call).with(
|
|
140
135
|
'script_insert', 'some content'
|
|
141
136
|
).and_return('some content')
|
|
142
|
-
expect(dlp_cleaner_proc).to receive(:call).with(nil, 'some content')
|
|
143
137
|
|
|
144
138
|
tcell_body_proxy.each { |b| }
|
|
145
139
|
|
|
@@ -154,11 +148,9 @@ module TCellAgent
|
|
|
154
148
|
it 'should only calculate content length' do
|
|
155
149
|
body_chunk = 'some content'
|
|
156
150
|
js_agent_insertion_proc = double('js_agent_insertion_proc')
|
|
157
|
-
dlp_cleaner_proc = double('dlp_cleaner_proc')
|
|
158
151
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
159
152
|
Rack::BodyProxy.new([body_chunk]) {},
|
|
160
|
-
|
|
161
|
-
nil, nil, nil, nil
|
|
153
|
+
nil, nil, {}
|
|
162
154
|
)
|
|
163
155
|
|
|
164
156
|
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
@@ -167,11 +159,7 @@ module TCellAgent
|
|
|
167
159
|
expect(body_chunk).to receive(:class).and_return(
|
|
168
160
|
double('body_class', :name => 'ActionView::OutputBuffer')
|
|
169
161
|
)
|
|
170
|
-
expect(body_chunk).to receive(:class).and_return(
|
|
171
|
-
double('body_class', :name => 'ActionView::OutputBuffer')
|
|
172
|
-
)
|
|
173
162
|
expect(js_agent_insertion_proc).to_not receive(:call)
|
|
174
|
-
expect(dlp_cleaner_proc).to_not receive(:call)
|
|
175
163
|
|
|
176
164
|
tcell_body_proxy.each { |b| }
|
|
177
165
|
|
|
@@ -183,11 +171,9 @@ module TCellAgent
|
|
|
183
171
|
it 'should call js and dlp procs as well as calculate content length' do
|
|
184
172
|
body_chunk = 'some content'
|
|
185
173
|
js_agent_insertion_proc = double('js_agent_insertion_proc')
|
|
186
|
-
dlp_cleaner_proc = double('dlp_cleaner_proc')
|
|
187
174
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
188
175
|
Rack::BodyProxy.new([body_chunk]) {},
|
|
189
|
-
|
|
190
|
-
js_agent_insertion_proc, 'script_insert', dlp_cleaner_proc, nil
|
|
176
|
+
js_agent_insertion_proc, 'script_insert', {}
|
|
191
177
|
)
|
|
192
178
|
|
|
193
179
|
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
@@ -196,7 +182,6 @@ module TCellAgent
|
|
|
196
182
|
expect(js_agent_insertion_proc).to receive(:call).with(
|
|
197
183
|
'script_insert', body_chunk
|
|
198
184
|
).and_return(body_chunk)
|
|
199
|
-
expect(dlp_cleaner_proc).to receive(:call).with(nil, body_chunk)
|
|
200
185
|
|
|
201
186
|
tcell_body_proxy.each { |b| }
|
|
202
187
|
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Puma
|
|
4
|
+
class Server
|
|
5
|
+
def run(background = true, thread_name: 'server'); end
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
class Runner
|
|
9
|
+
def start_server; end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
class Config
|
|
13
|
+
def self.options
|
|
14
|
+
{ :preload_app => true,
|
|
15
|
+
:workers => 0 }
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def self.cli_config
|
|
20
|
+
Config
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
module Const
|
|
24
|
+
PUMA_VERSION = '5.1.0'
|
|
25
|
+
end
|
|
26
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Puma
|
|
4
|
+
class Server
|
|
5
|
+
def run(background = true, thread_name: 'server'); end
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
class Config
|
|
9
|
+
def self.options
|
|
10
|
+
{ :preload_app => true,
|
|
11
|
+
:workers => 1 }
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def self.cli_config
|
|
16
|
+
Config
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
module Const
|
|
20
|
+
PUMA_VERSION = '5.1.0'
|
|
21
|
+
end
|
|
22
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tcell_agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.5.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rapid7, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-02-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|
|
@@ -242,7 +242,9 @@ files:
|
|
|
242
242
|
- spec/support/resources/lfi_sample_file.txt
|
|
243
243
|
- spec/support/resources/normal_config.json
|
|
244
244
|
- spec/support/server_mocks/passenger_mock.rb
|
|
245
|
-
- spec/support/server_mocks/
|
|
245
|
+
- spec/support/server_mocks/puma_mock_1.rb
|
|
246
|
+
- spec/support/server_mocks/puma_mock_2.rb
|
|
247
|
+
- spec/support/server_mocks/puma_mock_3.rb
|
|
246
248
|
- spec/support/server_mocks/rails_mock.rb
|
|
247
249
|
- spec/support/server_mocks/thin_mock.rb
|
|
248
250
|
- spec/support/server_mocks/unicorn_mock.rb
|
|
@@ -270,7 +272,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
270
272
|
- !ruby/object:Gem::Version
|
|
271
273
|
version: '0'
|
|
272
274
|
requirements: []
|
|
273
|
-
rubygems_version: 3.2.
|
|
275
|
+
rubygems_version: 3.2.32
|
|
274
276
|
signing_key:
|
|
275
277
|
specification_version: 4
|
|
276
278
|
summary: tCell Agent for Rails
|
|
@@ -324,7 +326,9 @@ test_files:
|
|
|
324
326
|
- spec/support/resources/lfi_sample_file.txt
|
|
325
327
|
- spec/support/resources/normal_config.json
|
|
326
328
|
- spec/support/server_mocks/passenger_mock.rb
|
|
327
|
-
- spec/support/server_mocks/
|
|
329
|
+
- spec/support/server_mocks/puma_mock_1.rb
|
|
330
|
+
- spec/support/server_mocks/puma_mock_2.rb
|
|
331
|
+
- spec/support/server_mocks/puma_mock_3.rb
|
|
328
332
|
- spec/support/server_mocks/rails_mock.rb
|
|
329
333
|
- spec/support/server_mocks/thin_mock.rb
|
|
330
334
|
- spec/support/server_mocks/unicorn_mock.rb
|