tcell_agent 2.4.1 → 2.5.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/tcell_agent/config_initializer.rb +2 -1
- data/lib/tcell_agent/rails/dlp_handler.rb +2 -3
- data/lib/tcell_agent/rails/js_agent_insert.rb +16 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +4 -15
- data/lib/tcell_agent/rails/responses.rb +0 -12
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +17 -28
- data/lib/tcell_agent/rust/agent_config.rb +3 -0
- data/lib/tcell_agent/rust/libtcellagent-alpine.so +0 -0
- data/lib/tcell_agent/rust/libtcellagent-x64.dll +0 -0
- data/lib/tcell_agent/rust/libtcellagent.dylib +0 -0
- data/lib/tcell_agent/rust/libtcellagent.so +0 -0
- data/lib/tcell_agent/rust/native_agent.rb +3 -1
- data/lib/tcell_agent/servers/puma.rb +3 -3
- data/lib/tcell_agent/servers/rack_puma_handler.rb +1 -1
- data/lib/tcell_agent/servers/webrick.rb +3 -3
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/instrument_servers_spec.rb +42 -7
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +8 -8
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +1 -2
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +12 -27
- data/spec/support/server_mocks/{puma_mock.rb → puma_mock_1.rb} +2 -2
- data/spec/support/server_mocks/puma_mock_2.rb +26 -0
- data/spec/support/server_mocks/puma_mock_3.rb +22 -0
- metadata +9 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '09032f5bacc3305b6352d99279a99270ad1d96deb7aa95588c59b61d85165946'
|
|
4
|
+
data.tar.gz: 57830dec1e6545294988905b712cd67cd9101cfa236f899af95172c923e36187
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5147a583d4f347664b82eac85f2827dad3c7629710eb771566bd24232f0604b9ce714852b9d07965652b1b3c9a365f8cedc138222adfdc73b38fc1abe87eafbe
|
|
7
|
+
data.tar.gz: df84e1061be6068d3fbde1d40afd27bcea94e623fb87dcd2188ce45d407cede03eb814757e9cf771867c8628d32f81230a02234f900a66334452f32169847d7a
|
|
@@ -9,7 +9,8 @@ module TCellAgent
|
|
|
9
9
|
:reverse_proxy_ip_address_header, :host_identifier,
|
|
10
10
|
:hmac_key, :password_hmac_key,
|
|
11
11
|
:js_agent_url, :js_agent_api_base_url,
|
|
12
|
-
:max_csp_header_bytes, :allow_payloads
|
|
12
|
+
:max_csp_header_bytes, :allow_payloads,
|
|
13
|
+
:proxy_url, :proxy_username, :proxy_password
|
|
13
14
|
|
|
14
15
|
attr_reader :logging_options
|
|
15
16
|
|
|
@@ -33,14 +33,13 @@ module TCellAgent
|
|
|
33
33
|
response
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
-
def self.get_handler_and_context(request
|
|
36
|
+
def self.get_handler_and_context(request)
|
|
37
37
|
dlp_handler = nil
|
|
38
38
|
tcell_context = nil
|
|
39
39
|
|
|
40
40
|
TCellAgent::Instrumentation.safe_block('DLP Handler get handler and context') do
|
|
41
41
|
if TCellAgent.configuration.should_instrument? &&
|
|
42
|
-
TCellAgent.configuration.should_intercept_requests?
|
|
43
|
-
TCellAgent::Utils::Rails.processable_response?(response_headers)
|
|
42
|
+
TCellAgent.configuration.should_intercept_requests?
|
|
44
43
|
|
|
45
44
|
# do all this work so that dlp doesn't run at all unless it's on and there
|
|
46
45
|
# are rules to run
|
|
@@ -5,6 +5,21 @@ module TCellAgent
|
|
|
5
5
|
module Rails
|
|
6
6
|
module JSAgent
|
|
7
7
|
HEAD_SEARCH_REGEX = Regexp.new('(<head>|<head( |\n).*?>)', Regexp::IGNORECASE)
|
|
8
|
+
def self.insert_js_agent?(response_headers)
|
|
9
|
+
content_disposition = response_headers['Content-Disposition']
|
|
10
|
+
is_attachment = content_disposition && content_disposition =~ /^attachment/i
|
|
11
|
+
|
|
12
|
+
content_type = response_headers['Content-Type']
|
|
13
|
+
applicable_content_type = content_type &&
|
|
14
|
+
content_type.start_with?('text/html')
|
|
15
|
+
|
|
16
|
+
content_encoding = response_headers['Content-Encoding']
|
|
17
|
+
compressed_content_encoding = content_encoding &&
|
|
18
|
+
(content_encoding =~ /(br|gzip)/i)
|
|
19
|
+
|
|
20
|
+
!is_attachment && applicable_content_type && !compressed_content_encoding
|
|
21
|
+
end
|
|
22
|
+
|
|
8
23
|
def self.insert_now(js_agent_handler, script_insert, rack_body, content_length)
|
|
9
24
|
TCellAgent::Instrumentation.safe_block('Handling JSAgent Insert Now') do
|
|
10
25
|
if js_agent_handler
|
|
@@ -43,7 +58,7 @@ module TCellAgent
|
|
|
43
58
|
script_insert = nil
|
|
44
59
|
|
|
45
60
|
TCellAgent::Instrumentation.safe_block('JSAgent get handler and script insert') do
|
|
46
|
-
return [nil, nil] unless (response_headers
|
|
61
|
+
return [nil, nil] unless insert_js_agent?(response_headers)
|
|
47
62
|
|
|
48
63
|
js_agent_policy = TCellAgent.policy(TCellAgent::PolicyTypes::JSAGENTINJECTION)
|
|
49
64
|
script_insert = js_agent_policy.get_js_agent_script_tag(
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
require 'tcell_agent/instrumentation'
|
|
2
2
|
require 'tcell_agent/rails/responses'
|
|
3
3
|
require 'tcell_agent/rails/js_agent_insert'
|
|
4
|
-
require 'tcell_agent/rails/dlp_handler'
|
|
5
4
|
require 'tcell_agent/rails/tcell_body_proxy'
|
|
6
5
|
|
|
7
6
|
module TCellAgent
|
|
@@ -22,7 +21,7 @@ module TCellAgent
|
|
|
22
21
|
TCellAgent::Instrumentation.safe_block('Handling Request') do
|
|
23
22
|
tcell_response = response
|
|
24
23
|
unless request.env[TCellAgent::Instrumentation::TCELL_ID].patches_blocking_triggered
|
|
25
|
-
tcell_response =
|
|
24
|
+
tcell_response = _handle_appsensor_js_agent(request, tcell_response)
|
|
26
25
|
end
|
|
27
26
|
tcell_response = _handle_redirect(request, tcell_response)
|
|
28
27
|
tcell_response = _set_headers(request, tcell_response)
|
|
@@ -77,14 +76,12 @@ module TCellAgent
|
|
|
77
76
|
response
|
|
78
77
|
end
|
|
79
78
|
|
|
80
|
-
def
|
|
79
|
+
def _handle_appsensor_js_agent(request, response)
|
|
81
80
|
TCellAgent::Instrumentation.safe_block('Handling AppSensor, JS Agent, and DLP') do
|
|
82
81
|
status_code, response_headers, response_body = response
|
|
83
82
|
|
|
84
83
|
js_agent_handler, script_insert =
|
|
85
84
|
TCellAgent::Instrumentation::Rails::JSAgent.get_handler_and_script_insert(request, response_headers)
|
|
86
|
-
dlp_handler, tcell_context =
|
|
87
|
-
TCellAgent::Instrumentation::Rails::DLPHandler.get_handler_and_context(request, response_headers)
|
|
88
85
|
|
|
89
86
|
content_length = 0
|
|
90
87
|
defer_appfw_due_to_streaming = false
|
|
@@ -97,29 +94,21 @@ module TCellAgent
|
|
|
97
94
|
|
|
98
95
|
# when content length is present it can be inferred that the
|
|
99
96
|
# response is not a streaming response, so js agent insertion
|
|
100
|
-
#
|
|
97
|
+
# can be done up front
|
|
101
98
|
response_body, content_length =
|
|
102
99
|
TCellAgent::Instrumentation::Rails::JSAgent.insert_now(js_agent_handler,
|
|
103
100
|
script_insert,
|
|
104
101
|
response_body,
|
|
105
102
|
content_length)
|
|
106
103
|
|
|
107
|
-
response_body, content_length =
|
|
108
|
-
TCellAgent::Instrumentation::Rails::DLPHandler.report_and_redact_now(dlp_handler,
|
|
109
|
-
tcell_context,
|
|
110
|
-
response_body,
|
|
111
|
-
content_length)
|
|
112
|
-
|
|
113
104
|
response_headers['Content-Length'] = content_length.to_s
|
|
114
105
|
|
|
115
106
|
elsif response_body.is_a?(Rack::BodyProxy)
|
|
116
107
|
response_body = TCellAgent::Instrumentation::Rails::TCellBodyProxy.new(
|
|
117
108
|
response_body,
|
|
118
|
-
TCellAgent::Utils::Rails.processable_response?(response_headers),
|
|
119
109
|
js_agent_handler,
|
|
120
110
|
script_insert,
|
|
121
|
-
|
|
122
|
-
tcell_context
|
|
111
|
+
response_headers
|
|
123
112
|
)
|
|
124
113
|
defer_appfw_due_to_streaming = true
|
|
125
114
|
end
|
|
@@ -7,18 +7,6 @@ module TCellAgent
|
|
|
7
7
|
STATUSES_MISSING_CONTENT_LENGTH.include?(status_code.to_i) ||
|
|
8
8
|
(headers['Content-Length'] && headers['Content-Length'].to_i.zero?)
|
|
9
9
|
end
|
|
10
|
-
|
|
11
|
-
def self.processable_response?(response_headers)
|
|
12
|
-
content_disposition = response_headers['Content-Disposition']
|
|
13
|
-
is_attachment = content_disposition && content_disposition =~ /^attachment/i
|
|
14
|
-
|
|
15
|
-
content_type = response_headers['Content-Type']
|
|
16
|
-
applicable_content_type = content_type &&
|
|
17
|
-
(content_type =~ %r{application/json}i ||
|
|
18
|
-
content_type =~ %r{application/xml}i ||
|
|
19
|
-
content_type =~ /^text/i)
|
|
20
|
-
!is_attachment && applicable_content_type
|
|
21
|
-
end
|
|
22
10
|
end
|
|
23
11
|
end
|
|
24
12
|
end
|
|
@@ -4,27 +4,17 @@ module TCellAgent
|
|
|
4
4
|
module Instrumentation
|
|
5
5
|
module Rails
|
|
6
6
|
class TCellBodyProxy
|
|
7
|
-
attr_accessor :meta_data
|
|
8
|
-
|
|
9
|
-
# for specs
|
|
10
|
-
attr_accessor :content_length
|
|
7
|
+
attr_accessor :content_length, :meta_data
|
|
11
8
|
|
|
12
9
|
def initialize(body,
|
|
13
|
-
process_js_and_dlp,
|
|
14
10
|
js_agent_insertion_proc,
|
|
15
11
|
script_insert,
|
|
16
|
-
|
|
17
|
-
tcell_context)
|
|
12
|
+
response_headers)
|
|
18
13
|
@content_length = 0
|
|
19
14
|
@body = body
|
|
20
|
-
|
|
21
|
-
@process_js_and_dlp = process_js_and_dlp
|
|
22
|
-
|
|
23
15
|
@js_agent_insertion_proc = js_agent_insertion_proc
|
|
24
16
|
@script_insert = script_insert
|
|
25
|
-
|
|
26
|
-
@dlp_cleaner_proc = dlp_cleaner_proc
|
|
27
|
-
@tcell_context = tcell_context
|
|
17
|
+
@response_headers = response_headers
|
|
28
18
|
end
|
|
29
19
|
|
|
30
20
|
def close
|
|
@@ -58,35 +48,34 @@ module TCellAgent
|
|
|
58
48
|
end
|
|
59
49
|
|
|
60
50
|
def process_body(body)
|
|
51
|
+
new_body = body
|
|
61
52
|
TCellAgent::Instrumentation.safe_block('Processing tcell body proxy body') do
|
|
62
53
|
chunked_response_match = nil
|
|
63
|
-
|
|
54
|
+
|
|
55
|
+
if @response_headers['Transfer-Encoding'] == 'chunked' &&
|
|
56
|
+
body.class.name == 'String' &&
|
|
57
|
+
body =~ /^([[:xdigit:]]+)(;.+)?\r\n/
|
|
64
58
|
chunked_response_match = Regexp.last_match(1)
|
|
65
59
|
@content_length += chunked_response_match.to_i(16)
|
|
66
60
|
end
|
|
67
61
|
|
|
68
|
-
new_body = body
|
|
69
62
|
if body.class.name == 'ActionView::OutputBuffer' ||
|
|
70
63
|
(body.class.name == 'String' && !chunked_response_match)
|
|
71
|
-
if @
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
end
|
|
79
|
-
end
|
|
80
|
-
if @dlp_cleaner_proc
|
|
81
|
-
@dlp_cleaner_proc.call(@tcell_context, new_body)
|
|
64
|
+
if @js_agent_insertion_proc
|
|
65
|
+
new_body = @js_agent_insertion_proc.call(@script_insert, body)
|
|
66
|
+
|
|
67
|
+
if new_body != body
|
|
68
|
+
# js agent was successfully inserted so no need to keep
|
|
69
|
+
# calling this proc
|
|
70
|
+
@js_agent_insertion_proc = nil
|
|
82
71
|
end
|
|
83
72
|
end
|
|
84
73
|
|
|
85
74
|
@content_length += new_body.bytesize
|
|
86
75
|
end
|
|
87
|
-
|
|
88
|
-
new_body
|
|
89
76
|
end
|
|
77
|
+
|
|
78
|
+
new_body
|
|
90
79
|
end
|
|
91
80
|
end
|
|
92
81
|
end
|
|
@@ -68,6 +68,9 @@ module TCellAgent
|
|
|
68
68
|
self['log_enabled'] = configuration.logging_options[:enabled]
|
|
69
69
|
self['log_filename'] = configuration.logging_options[:log_filename]
|
|
70
70
|
self['log_level'] = configuration.logging_options[:level]
|
|
71
|
+
self['proxy_url'] = configuration.proxy_url
|
|
72
|
+
self['proxy_username'] = configuration.proxy_username
|
|
73
|
+
self['proxy_password'] = configuration.proxy_password
|
|
71
74
|
self['update_policy'] = configuration.fetch_policies_from_tcell
|
|
72
75
|
end
|
|
73
76
|
end
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
Binary file
|
|
@@ -388,7 +388,9 @@ module TCellAgent
|
|
|
388
388
|
:remote_address => tcell_context.remote_address,
|
|
389
389
|
:route_id => tcell_context.route_id,
|
|
390
390
|
:session_id => tcell_context.session_id,
|
|
391
|
-
:user_id => tcell_context.user_id
|
|
391
|
+
:user_id => tcell_context.user_id,
|
|
392
|
+
:method => tcell_context.request_method,
|
|
393
|
+
:request_path => tcell_context.path
|
|
392
394
|
}
|
|
393
395
|
)
|
|
394
396
|
end
|
|
@@ -21,12 +21,12 @@ if defined?(Puma.cli_config)
|
|
|
21
21
|
(Gem::Version.new(Puma::Const::PUMA_VERSION) < Gem::Version.new('5.1.0'))
|
|
22
22
|
def run(background = true)
|
|
23
23
|
TCellAgent.thread_agent.start('Puma')
|
|
24
|
-
|
|
24
|
+
tcell_original_run(background)
|
|
25
25
|
end
|
|
26
26
|
else
|
|
27
27
|
def run(background = true, thread_name: 'server')
|
|
28
28
|
TCellAgent.thread_agent.start('Puma')
|
|
29
|
-
|
|
29
|
+
tcell_original_run(background, :thread_name => thread_name)
|
|
30
30
|
end
|
|
31
31
|
end
|
|
32
32
|
end
|
|
@@ -48,7 +48,7 @@ if defined?(Puma.cli_config)
|
|
|
48
48
|
else
|
|
49
49
|
def run(background = true, thread_name: 'server')
|
|
50
50
|
TCellAgent.thread_agent.start('Puma')
|
|
51
|
-
|
|
51
|
+
tcell_original_run(background, :thread_name => thread_name)
|
|
52
52
|
end
|
|
53
53
|
end
|
|
54
54
|
end
|
|
@@ -15,7 +15,7 @@ Rack::Handler::Puma.class_eval do
|
|
|
15
15
|
(Gem::Version.new(Puma::Const::PUMA_VERSION) >= Gem::Version.new('5.1.0'))
|
|
16
16
|
def run(background = true, thread_name: 'server')
|
|
17
17
|
TCellAgent.thread_agent.start('Puma')
|
|
18
|
-
|
|
18
|
+
tcell_original_run(background, :thread_name => thread_name)
|
|
19
19
|
end
|
|
20
20
|
else
|
|
21
21
|
def run(background = true)
|
|
@@ -1,18 +1,18 @@
|
|
|
1
1
|
Rack::Handler::WEBrick.class_eval do
|
|
2
2
|
class << self
|
|
3
|
-
alias_method :
|
|
3
|
+
alias_method :tcell_original_run, :run
|
|
4
4
|
|
|
5
5
|
if defined?(Gem::Version) &&
|
|
6
6
|
defined?(Rack.release) &&
|
|
7
7
|
Gem::Version.new(Rack.release) < Gem::Version.new('2.2.0')
|
|
8
8
|
def run(app, options = {})
|
|
9
9
|
TCellAgent.thread_agent.start('WEBrick')
|
|
10
|
-
|
|
10
|
+
tcell_original_run(app, options)
|
|
11
11
|
end
|
|
12
12
|
else
|
|
13
13
|
def run(app, **options)
|
|
14
14
|
TCellAgent.thread_agent.start('WEBrick')
|
|
15
|
-
|
|
15
|
+
tcell_original_run(app, **options)
|
|
16
16
|
end
|
|
17
17
|
end
|
|
18
18
|
end
|
data/lib/tcell_agent/version.rb
CHANGED
|
@@ -18,13 +18,34 @@ def test_passenger
|
|
|
18
18
|
expect(PhusionPassenger::LoaderSharedHelpers.instance_methods.include?(:tcell_before_handling_requests))
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
-
def
|
|
21
|
+
def test_puma1
|
|
22
22
|
expect(Puma.cli_config.options[:preload_app]).to be_falsey
|
|
23
23
|
expect(Puma::Server.instance_methods.include?(:tcell_original_run)).to be_truthy
|
|
24
|
+
|
|
25
|
+
TCellAgent.thread_agent.should_receive(:start).and_return nil
|
|
26
|
+
expect { Puma::Server.new.run }.not_to raise_error
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def test_puma2
|
|
30
|
+
expect(Puma.cli_config.options[:preload_app]).to be_truthy
|
|
31
|
+
Puma.cli_config.options[:workers].should eq 0
|
|
32
|
+
expect(Puma::Runner.instance_methods.include?(:tcell_original_start_server)).to be_truthy
|
|
33
|
+
|
|
34
|
+
TCellAgent.thread_agent.should_receive(:start).and_return nil
|
|
35
|
+
expect { Puma::Runner.new.start_server }.not_to raise_error
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def test_puma3
|
|
39
|
+
expect(Puma.cli_config.options[:preload_app]).to be_truthy
|
|
40
|
+
Puma.cli_config.options[:workers].should eq 1
|
|
41
|
+
expect(Puma::Server.instance_methods.include?(:tcell_original_run)).to be_truthy
|
|
42
|
+
|
|
43
|
+
TCellAgent.thread_agent.should_receive(:start).and_return nil
|
|
44
|
+
expect { Puma::Server.new.run }.not_to raise_error
|
|
24
45
|
end
|
|
25
46
|
|
|
26
47
|
def test_server(filenames, funcs)
|
|
27
|
-
fork do
|
|
48
|
+
pid = fork do
|
|
28
49
|
filenames.each do |file|
|
|
29
50
|
load file
|
|
30
51
|
end
|
|
@@ -35,6 +56,10 @@ def test_server(filenames, funcs)
|
|
|
35
56
|
method(func).call
|
|
36
57
|
end
|
|
37
58
|
end
|
|
59
|
+
|
|
60
|
+
Process.wait(pid)
|
|
61
|
+
|
|
62
|
+
raise 'RSpec test failed. See output above for additional information.' unless $?.exitstatus == 0
|
|
38
63
|
end
|
|
39
64
|
|
|
40
65
|
describe 'instrument_servers' do
|
|
@@ -56,9 +81,19 @@ describe 'instrument_servers' do
|
|
|
56
81
|
end
|
|
57
82
|
|
|
58
83
|
context 'with Puma server' do
|
|
59
|
-
it 'should instrument Puma' do
|
|
60
|
-
mocks = ['spec/support/server_mocks/
|
|
61
|
-
tests = [:
|
|
84
|
+
it 'should instrument Puma, when :preload is false and workers is 0' do
|
|
85
|
+
mocks = ['spec/support/server_mocks/puma_mock_1.rb']
|
|
86
|
+
tests = [:test_puma1]
|
|
87
|
+
test_server(mocks, tests)
|
|
88
|
+
end
|
|
89
|
+
it 'should instrument Puma, when :preload is true and workers is 0' do
|
|
90
|
+
mocks = ['spec/support/server_mocks/puma_mock_2.rb']
|
|
91
|
+
tests = [:test_puma2]
|
|
92
|
+
test_server(mocks, tests)
|
|
93
|
+
end
|
|
94
|
+
it 'should instrument Puma, when :preload is true and workers is 1' do
|
|
95
|
+
mocks = ['spec/support/server_mocks/puma_mock_3.rb']
|
|
96
|
+
tests = [:test_puma3]
|
|
62
97
|
test_server(mocks, tests)
|
|
63
98
|
end
|
|
64
99
|
end
|
|
@@ -83,11 +118,11 @@ describe 'instrument_servers' do
|
|
|
83
118
|
it 'should instrument all servers available' do
|
|
84
119
|
mocks = ['spec/support/server_mocks/rails_mock.rb',
|
|
85
120
|
'spec/support/server_mocks/thin_mock.rb',
|
|
86
|
-
'spec/support/server_mocks/
|
|
121
|
+
'spec/support/server_mocks/puma_mock_1.rb',
|
|
87
122
|
'spec/support/server_mocks/unicorn_mock.rb',
|
|
88
123
|
'spec/support/server_mocks/passenger_mock.rb']
|
|
89
124
|
|
|
90
|
-
tests = %i[test_rails test_thin
|
|
125
|
+
tests = %i[test_rails test_thin test_puma1 test_unicorn test_passenger]
|
|
91
126
|
|
|
92
127
|
test_server(mocks, tests)
|
|
93
128
|
end
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
# rubocop:disable Style/HashSyntax
|
|
2
|
-
# rubocop:disable Lint/UselessAssignment
|
|
3
2
|
|
|
4
3
|
require 'spec_helper'
|
|
5
4
|
require 'securerandom'
|
|
@@ -98,7 +97,7 @@ describe 'File' do
|
|
|
98
97
|
expect(@result.binmode?).to be_truthy
|
|
99
98
|
expect(File.stat(@new_file_name).mode.to_s(8)[3..5]).to eq('755')
|
|
100
99
|
|
|
101
|
-
File.delete(@new_file_name)
|
|
100
|
+
File.delete(@new_file_name)
|
|
102
101
|
end
|
|
103
102
|
|
|
104
103
|
test_ruby2_ruby3_keywords(File,
|
|
@@ -112,8 +111,9 @@ describe 'File' do
|
|
|
112
111
|
context 'with a file blocked for read/write' do
|
|
113
112
|
before(:each) do
|
|
114
113
|
expect(TCellAgent).to receive(:policy).with(
|
|
115
|
-
|
|
116
|
-
|
|
114
|
+
TCellAgent::PolicyTypes::LFI
|
|
115
|
+
).and_return(@local_files_policy)
|
|
116
|
+
|
|
117
117
|
expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
|
|
118
118
|
end
|
|
119
119
|
|
|
@@ -223,8 +223,9 @@ describe 'File' do
|
|
|
223
223
|
context 'with a file blocked for read/write' do
|
|
224
224
|
before(:each) do
|
|
225
225
|
expect(TCellAgent).to receive(:policy).with(
|
|
226
|
-
|
|
227
|
-
|
|
226
|
+
TCellAgent::PolicyTypes::LFI
|
|
227
|
+
).and_return(@local_files_policy)
|
|
228
|
+
|
|
228
229
|
expect(@local_files_policy).to receive(:block_file_access?).and_return(true)
|
|
229
230
|
end
|
|
230
231
|
|
|
@@ -261,5 +262,4 @@ describe 'File' do
|
|
|
261
262
|
end
|
|
262
263
|
end
|
|
263
264
|
|
|
264
|
-
#
|
|
265
|
-
# # rubocop:enable Lint/UselessAssignment
|
|
265
|
+
# rubocop:enable Style/HashSyntax
|
|
@@ -22,8 +22,7 @@ module TCellAgent
|
|
|
22
22
|
it 'appfirewall injections should be checked' do
|
|
23
23
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
24
24
|
Rack::BodyProxy.new(['body']) {},
|
|
25
|
-
|
|
26
|
-
nil, nil, nil, nil
|
|
25
|
+
nil, nil, {}
|
|
27
26
|
)
|
|
28
27
|
tcell_body_proxy.meta_data = @meta_data
|
|
29
28
|
|
|
@@ -48,8 +47,7 @@ module TCellAgent
|
|
|
48
47
|
it 'should check for appfirewall injections' do
|
|
49
48
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
50
49
|
Rack::BodyProxy.new(['body']) {},
|
|
51
|
-
|
|
52
|
-
nil, nil, nil, nil
|
|
50
|
+
nil, nil, {}
|
|
53
51
|
)
|
|
54
52
|
tcell_body_proxy.meta_data = @meta_data
|
|
55
53
|
|
|
@@ -78,8 +76,7 @@ module TCellAgent
|
|
|
78
76
|
it 'should return an enumerator' do
|
|
79
77
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
80
78
|
Rack::BodyProxy.new(['body']) {},
|
|
81
|
-
|
|
82
|
-
nil, nil, nil, nil
|
|
79
|
+
nil, nil, {}
|
|
83
80
|
)
|
|
84
81
|
expect(tcell_body_proxy.each.class.name).to eq('Enumerator')
|
|
85
82
|
end
|
|
@@ -89,15 +86,16 @@ module TCellAgent
|
|
|
89
86
|
context 'with a chunked response' do
|
|
90
87
|
it 'should only calculate content length' do
|
|
91
88
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
92
|
-
Rack::BodyProxy.new(["2d\r\nsome content\r\n"]) {},
|
|
93
|
-
|
|
94
|
-
nil, nil, nil, nil
|
|
89
|
+
Rack::BodyProxy.new(["2d\r\nsome content\r\n", "0\r\n"]) {},
|
|
90
|
+
nil, nil, { 'Transfer-Encoding' => 'chunked' }
|
|
95
91
|
)
|
|
96
92
|
|
|
97
93
|
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
98
94
|
'Processing tcell body proxy body'
|
|
99
95
|
).and_call_original
|
|
100
|
-
|
|
96
|
+
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
97
|
+
'Processing tcell body proxy body'
|
|
98
|
+
).and_call_original
|
|
101
99
|
tcell_body_proxy.each { |b| }
|
|
102
100
|
|
|
103
101
|
expect(tcell_body_proxy.content_length).to eq(45)
|
|
@@ -109,8 +107,7 @@ module TCellAgent
|
|
|
109
107
|
it 'should only calculate content length' do
|
|
110
108
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
111
109
|
Rack::BodyProxy.new(['some content']) {},
|
|
112
|
-
|
|
113
|
-
nil, nil, nil, nil
|
|
110
|
+
nil, nil, {}
|
|
114
111
|
)
|
|
115
112
|
|
|
116
113
|
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
@@ -126,11 +123,9 @@ module TCellAgent
|
|
|
126
123
|
context 'that should be processed' do
|
|
127
124
|
it 'should call js and dlp procs as well as calculate content length' do
|
|
128
125
|
js_agent_insertion_proc = double('js_agent_insertion_proc')
|
|
129
|
-
dlp_cleaner_proc = double('dlp_cleaner_proc')
|
|
130
126
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
131
127
|
Rack::BodyProxy.new(['some content']) {},
|
|
132
|
-
|
|
133
|
-
js_agent_insertion_proc, 'script_insert', dlp_cleaner_proc, nil
|
|
128
|
+
js_agent_insertion_proc, 'script_insert', {}
|
|
134
129
|
)
|
|
135
130
|
|
|
136
131
|
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
@@ -139,7 +134,6 @@ module TCellAgent
|
|
|
139
134
|
expect(js_agent_insertion_proc).to receive(:call).with(
|
|
140
135
|
'script_insert', 'some content'
|
|
141
136
|
).and_return('some content')
|
|
142
|
-
expect(dlp_cleaner_proc).to receive(:call).with(nil, 'some content')
|
|
143
137
|
|
|
144
138
|
tcell_body_proxy.each { |b| }
|
|
145
139
|
|
|
@@ -154,11 +148,9 @@ module TCellAgent
|
|
|
154
148
|
it 'should only calculate content length' do
|
|
155
149
|
body_chunk = 'some content'
|
|
156
150
|
js_agent_insertion_proc = double('js_agent_insertion_proc')
|
|
157
|
-
dlp_cleaner_proc = double('dlp_cleaner_proc')
|
|
158
151
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
159
152
|
Rack::BodyProxy.new([body_chunk]) {},
|
|
160
|
-
|
|
161
|
-
nil, nil, nil, nil
|
|
153
|
+
nil, nil, {}
|
|
162
154
|
)
|
|
163
155
|
|
|
164
156
|
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
@@ -167,11 +159,7 @@ module TCellAgent
|
|
|
167
159
|
expect(body_chunk).to receive(:class).and_return(
|
|
168
160
|
double('body_class', :name => 'ActionView::OutputBuffer')
|
|
169
161
|
)
|
|
170
|
-
expect(body_chunk).to receive(:class).and_return(
|
|
171
|
-
double('body_class', :name => 'ActionView::OutputBuffer')
|
|
172
|
-
)
|
|
173
162
|
expect(js_agent_insertion_proc).to_not receive(:call)
|
|
174
|
-
expect(dlp_cleaner_proc).to_not receive(:call)
|
|
175
163
|
|
|
176
164
|
tcell_body_proxy.each { |b| }
|
|
177
165
|
|
|
@@ -183,11 +171,9 @@ module TCellAgent
|
|
|
183
171
|
it 'should call js and dlp procs as well as calculate content length' do
|
|
184
172
|
body_chunk = 'some content'
|
|
185
173
|
js_agent_insertion_proc = double('js_agent_insertion_proc')
|
|
186
|
-
dlp_cleaner_proc = double('dlp_cleaner_proc')
|
|
187
174
|
tcell_body_proxy = TCellBodyProxy.new(
|
|
188
175
|
Rack::BodyProxy.new([body_chunk]) {},
|
|
189
|
-
|
|
190
|
-
js_agent_insertion_proc, 'script_insert', dlp_cleaner_proc, nil
|
|
176
|
+
js_agent_insertion_proc, 'script_insert', {}
|
|
191
177
|
)
|
|
192
178
|
|
|
193
179
|
expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
|
|
@@ -196,7 +182,6 @@ module TCellAgent
|
|
|
196
182
|
expect(js_agent_insertion_proc).to receive(:call).with(
|
|
197
183
|
'script_insert', body_chunk
|
|
198
184
|
).and_return(body_chunk)
|
|
199
|
-
expect(dlp_cleaner_proc).to receive(:call).with(nil, body_chunk)
|
|
200
185
|
|
|
201
186
|
tcell_body_proxy.each { |b| }
|
|
202
187
|
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Puma
|
|
4
|
+
class Server
|
|
5
|
+
def run(background = true, thread_name: 'server'); end
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
class Runner
|
|
9
|
+
def start_server; end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
class Config
|
|
13
|
+
def self.options
|
|
14
|
+
{ :preload_app => true,
|
|
15
|
+
:workers => 0 }
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def self.cli_config
|
|
20
|
+
Config
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
module Const
|
|
24
|
+
PUMA_VERSION = '5.1.0'
|
|
25
|
+
end
|
|
26
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Puma
|
|
4
|
+
class Server
|
|
5
|
+
def run(background = true, thread_name: 'server'); end
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
class Config
|
|
9
|
+
def self.options
|
|
10
|
+
{ :preload_app => true,
|
|
11
|
+
:workers => 1 }
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def self.cli_config
|
|
16
|
+
Config
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
module Const
|
|
20
|
+
PUMA_VERSION = '5.1.0'
|
|
21
|
+
end
|
|
22
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tcell_agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.5.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rapid7, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-02-09 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ffi
|
|
@@ -242,7 +242,9 @@ files:
|
|
|
242
242
|
- spec/support/resources/lfi_sample_file.txt
|
|
243
243
|
- spec/support/resources/normal_config.json
|
|
244
244
|
- spec/support/server_mocks/passenger_mock.rb
|
|
245
|
-
- spec/support/server_mocks/
|
|
245
|
+
- spec/support/server_mocks/puma_mock_1.rb
|
|
246
|
+
- spec/support/server_mocks/puma_mock_2.rb
|
|
247
|
+
- spec/support/server_mocks/puma_mock_3.rb
|
|
246
248
|
- spec/support/server_mocks/rails_mock.rb
|
|
247
249
|
- spec/support/server_mocks/thin_mock.rb
|
|
248
250
|
- spec/support/server_mocks/unicorn_mock.rb
|
|
@@ -270,7 +272,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
270
272
|
- !ruby/object:Gem::Version
|
|
271
273
|
version: '0'
|
|
272
274
|
requirements: []
|
|
273
|
-
rubygems_version: 3.2.
|
|
275
|
+
rubygems_version: 3.2.32
|
|
274
276
|
signing_key:
|
|
275
277
|
specification_version: 4
|
|
276
278
|
summary: tCell Agent for Rails
|
|
@@ -324,7 +326,9 @@ test_files:
|
|
|
324
326
|
- spec/support/resources/lfi_sample_file.txt
|
|
325
327
|
- spec/support/resources/normal_config.json
|
|
326
328
|
- spec/support/server_mocks/passenger_mock.rb
|
|
327
|
-
- spec/support/server_mocks/
|
|
329
|
+
- spec/support/server_mocks/puma_mock_1.rb
|
|
330
|
+
- spec/support/server_mocks/puma_mock_2.rb
|
|
331
|
+
- spec/support/server_mocks/puma_mock_3.rb
|
|
328
332
|
- spec/support/server_mocks/rails_mock.rb
|
|
329
333
|
- spec/support/server_mocks/thin_mock.rb
|
|
330
334
|
- spec/support/server_mocks/unicorn_mock.rb
|