tcell_agent 2.7.0 → 2.7.1

data/spec/support/force_logger_mocking.rb

@@ -28,11 +28,3 @@ module TCellAgent
     end
   end
 end
-
-module TCellAgent
-  module DLP
-    def self.get_dlp_logger
-      raise StandardError, 'It is in your best interest to mock this method in specs'
-    end
-  end
-end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tcell_agent
 version: !ruby/object:Gem::Version
-  version: 2.7.0
+  version: 2.7.1
 platform: ruby
 authors:
 - Rapid7, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-08-03 00:00:00.000000000 Z
+date: 2022-09-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -125,7 +125,6 @@ files:
 - lib/tcell_agent/patches.rb
 - lib/tcell_agent/policies/appfirewall_policy.rb
 - lib/tcell_agent/policies/command_injection_policy.rb
-- lib/tcell_agent/policies/dataloss_policy.rb
 - lib/tcell_agent/policies/headers_policy.rb
 - lib/tcell_agent/policies/http_redirect_policy.rb
 - lib/tcell_agent/policies/js_agent_policy.rb
@@ -145,14 +144,13 @@ files:
 - lib/tcell_agent/rails/auth/userinfo.rb
 - lib/tcell_agent/rails/better_ip.rb
 - lib/tcell_agent/rails/csrf_exception.rb
-- lib/tcell_agent/rails/dlp.rb
-- lib/tcell_agent/rails/dlp/process_request.rb
-- lib/tcell_agent/rails/dlp_handler.rb
+- lib/tcell_agent/rails/database.rb
 - lib/tcell_agent/rails/js_agent_insert.rb
 - lib/tcell_agent/rails/middleware/body_filter_middleware.rb
 - lib/tcell_agent/rails/middleware/context_middleware.rb
 - lib/tcell_agent/rails/middleware/global_middleware.rb
 - lib/tcell_agent/rails/middleware/headers_middleware.rb
+- lib/tcell_agent/rails/railties/tcell_agent_database_railties.rb
 - lib/tcell_agent/rails/railties/tcell_agent_railties.rb
 - lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb
 - lib/tcell_agent/rails/responses.rb
@@ -174,7 +172,6 @@ files:
 - lib/tcell_agent/sensor_events/agent_setting_event.rb
 - lib/tcell_agent/sensor_events/app_config_setting_event.rb
 - lib/tcell_agent/sensor_events/discovery.rb
-- lib/tcell_agent/sensor_events/dlp.rb
 - lib/tcell_agent/sensor_events/sensor.rb
 - lib/tcell_agent/sensor_events/server_agent.rb
 - lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb
@@ -187,7 +184,6 @@ files:
 - lib/tcell_agent/servers/unicorn.rb
 - lib/tcell_agent/servers/webrick.rb
 - lib/tcell_agent/settings_reporter.rb
-- lib/tcell_agent/sinatra.rb
 - lib/tcell_agent/tcell_context.rb
 - lib/tcell_agent/utils/headers.rb
 - lib/tcell_agent/utils/params.rb
@@ -209,7 +205,6 @@ files:
 - spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb
 - spec/lib/tcell_agent/policies/command_injection_policy_spec.rb
 - spec/lib/tcell_agent/policies/content_security_policy_spec.rb
-- spec/lib/tcell_agent/policies/dataloss_policy_spec.rb
 - spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb
 - spec/lib/tcell_agent/policies/js_agent_policy_spec.rb
 - spec/lib/tcell_agent/policies/login_policy_spec.rb
@@ -219,9 +214,8 @@ files:
 - spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb
 - spec/lib/tcell_agent/rails/better_ip_spec.rb
 - spec/lib/tcell_agent/rails/csrf_exception_spec.rb
-- spec/lib/tcell_agent/rails/dlp_spec.rb
+- spec/lib/tcell_agent/rails/database.rb
 - spec/lib/tcell_agent/rails/js_agent_insert_spec.rb
-- spec/lib/tcell_agent/rails/logger_spec.rb
 - spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb
 - spec/lib/tcell_agent/rails/responses_spec.rb
 - spec/lib/tcell_agent/rails/routes/grape_spec.rb
@@ -229,7 +223,6 @@ files:
 - spec/lib/tcell_agent/rails/routes/routes_spec.rb
 - spec/lib/tcell_agent/rails_spec.rb
 - spec/lib/tcell_agent/rust/agent_config_spec.rb
-- spec/lib/tcell_agent/sensor_events/dlp_spec.rb
 - spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
 - spec/lib/tcell_agent/settings_reporter_spec.rb
 - spec/lib/tcell_agent/tcell_context_spec.rb
@@ -293,7 +286,6 @@ test_files:
 - spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb
 - spec/lib/tcell_agent/policies/command_injection_policy_spec.rb
 - spec/lib/tcell_agent/policies/content_security_policy_spec.rb
-- spec/lib/tcell_agent/policies/dataloss_policy_spec.rb
 - spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb
 - spec/lib/tcell_agent/policies/js_agent_policy_spec.rb
 - spec/lib/tcell_agent/policies/login_policy_spec.rb
@@ -303,9 +295,8 @@ test_files:
 - spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb
 - spec/lib/tcell_agent/rails/better_ip_spec.rb
 - spec/lib/tcell_agent/rails/csrf_exception_spec.rb
-- spec/lib/tcell_agent/rails/dlp_spec.rb
+- spec/lib/tcell_agent/rails/database.rb
 - spec/lib/tcell_agent/rails/js_agent_insert_spec.rb
-- spec/lib/tcell_agent/rails/logger_spec.rb
 - spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb
 - spec/lib/tcell_agent/rails/responses_spec.rb
 - spec/lib/tcell_agent/rails/routes/grape_spec.rb
@@ -313,7 +304,6 @@ test_files:
 - spec/lib/tcell_agent/rails/routes/routes_spec.rb
 - spec/lib/tcell_agent/rails_spec.rb
 - spec/lib/tcell_agent/rust/agent_config_spec.rb
-- spec/lib/tcell_agent/sensor_events/dlp_spec.rb
 - spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
 - spec/lib/tcell_agent/settings_reporter_spec.rb
 - spec/lib/tcell_agent/tcell_context_spec.rb

data/lib/tcell_agent/policies/dataloss_policy.rb

@@ -1,304 +0,0 @@
-require 'set'
-require 'tcell_agent/policies/policy'
-
-module TCellAgent
-  module Policies
-    class DataLossPolicy < Policy # rubocop:disable Metrics/ClassLength
-      def self.api_identifier
-        'dlp'
-      end
-
-      class FilterActions
-        attr_accessor :body_event
-        attr_accessor :body_redact
-        attr_accessor :body_hash
-
-        attr_accessor :log_event
-        attr_accessor :log_redact
-        attr_accessor :log_hash
-
-        attr_accessor :action_id
-      end
-
-      class RequestProtectionManager
-        FORM = 'form'.freeze
-        COOKIE = 'cookie'.freeze
-        HEADER = 'header'.freeze
-      end
-
-      attr_accessor :enabled
-      attr_accessor :session_id_filter_actions
-      attr_accessor :request_filter_actions
-      attr_accessor :database_filter_actions
-
-      attr_accessor :policy_id
-
-      attr_accessor :table_field_actions
-      attr_accessor :session_id_actions
-      attr_accessor :database_actions
-
-      attr_accessor :database_discovery_enabled
-
-      attr_accessor :field_redact_body
-      attr_accessor :field_alerts
-
-      def initialize(policies_json)
-        init_options
-        from_json(policies_json) unless policies_json.nil? || policies_json.empty?
-      end
-
-      def init_options
-        @enabled = false
-        @policy_id = nil
-
-        @table_field_actions = {}
-        @session_id_actions = []
-
-        @database_discovery_enabled = false
-
-        @field_redact_body = Set.new # ["work_infos.SSN"].to_set #
-        @field_alerts = Set.new
-
-        @session_id_filter_actions = nil
-        @request_filter_actions = {
-          RequestProtectionManager::FORM => Hash.new { |h, k| h[k] = Hash.new { |i_h, i_k| i_h[i_k] = Set.new } },
-          RequestProtectionManager::COOKIE => Hash.new { |h, k| h[k] = Hash.new { |i_h, i_k| i_h[i_k] = Set.new } },
-          RequestProtectionManager::HEADER => Hash.new { |h, k| h[k] = Hash.new { |i_h, i_k| i_h[i_k] = Set.new } }
-        }
-        @database_actions = Hash.new do |h, k|
-          h[k] = Hash.new do |d_h, d_k|
-            d_h[d_k] = Hash.new do |s_h, s_k|
-              s_h[s_k] = Hash.new do |t_h, t_k|
-                t_h[t_k] = Hash.new do |f_h, f_k|
-                  f_h[f_k] = Set.new
-                end
-              end
-            end
-          end
-        end
-
-        @log_actions = nil
-      end
-
-      def get_actions_for_session_id(_route_id = nil)
-        @session_id_filter_actions
-      end
-
-      def actions_for_form_parameter?
-        !@request_filter_actions[RequestProtectionManager::FORM].empty?
-      end
-
-      def actions_for_headers?
-        !@request_filter_actions[RequestProtectionManager::HEADER].empty?
-      end
-
-      def actions_for_cookie?
-        !@request_filter_actions[RequestProtectionManager::COOKIE].empty?
-      end
-
-      def get_actions_for_cookie(cookie_name, route_id = nil)
-        get_actions_for_request(RequestProtectionManager::COOKIE, cookie_name, route_id)
-      end
-
-      def get_actions_for_header(header_name, route_id = nil)
-        get_actions_for_request(RequestProtectionManager::HEADER, header_name.downcase, route_id)
-      end
-
-      def get_actions_for_form_parameter(parameter_name, route_id = nil)
-        get_actions_for_request(RequestProtectionManager::FORM, parameter_name.downcase, route_id)
-      end
-
-      def get_actions_for_request(context, variable, route_id = nil)
-        return nil if context.nil? || variable.nil?
-
-        route_id = '*' if route_id.nil?
-        if context != RequestProtectionManager::COOKIE
-          variable = variable.downcase
-        end
-        actions = Set.new
-        if @request_filter_actions.key?(context)
-          if @request_filter_actions[context].key?(route_id) && @request_filter_actions[context][route_id].key?(variable)
-            actions.merge(@request_filter_actions[context][route_id][variable])
-          end
-          if route_id != '*' && @request_filter_actions[context].key?('*') && @request_filter_actions[context]['*'].key?(variable)
-            actions.merge(@request_filter_actions[context]['*'][variable])
-          end
-        end
-        return nil if actions.size <= 0
-
-        actions
-      end
-
-      def get_actions_for_table(database, schema, table, field, route_id = '*')
-        route_id = '*' if route_id.nil?
-        actions = Set.new
-        [database, '*'].each do |d|
-          next if @database_actions.key?(d) == false
-
-          [schema, '*'].each do |s|
-            next if @database_actions[d].key?(s) == false
-
-            [table, '*'].each do |t|
-              next if @database_actions[d][s].key?(t) == false
-
-              [field, '*'].each do |f|
-                next if @database_actions[d][s][t].key?(f) == false
-
-                route_id_rules = @database_actions[d][s][t][f]
-                if route_id_rules.key?(route_id)
-                  actions.merge(@database_actions[d][s][t][f][route_id])
-                end
-                if route_id != '*' && route_id_rules.key?('*')
-                  actions.merge(@database_actions[d][s][t][f]['*'])
-                end
-              end
-            end
-          end
-        end
-        return nil if actions.empty?
-
-        actions
-      end
-
-      def get_actions_for(table, field)
-        actions = Set.new
-        key = "#{table}.#{field}"
-        actions.merge(@table_field_actions.fetch(key, [].to_set))
-        actions
-      end
-
-      def self.actions_from_json(options)
-        actions = nil
-        if options.key?('log')
-          if options['log'].include? 'redact'
-            actions ||= FilterActions.new
-            actions.log_redact = true
-          end
-          if options['log'].include? 'event'
-            actions ||= FilterActions.new
-            actions.log_event = true
-          end
-          if options['log'].include? 'hash'
-            actions ||= FilterActions.new
-            actions.log_hash = true
-          end
-        end
-        if options.key?('body')
-          if options['body'].include? 'redact'
-            actions ||= FilterActions.new
-            actions.body_redact = true
-          end
-          if options['body'].include? 'event'
-            actions ||= FilterActions.new
-            actions.body_event = true
-          end
-          if options['body'].include? 'hash'
-            actions ||= FilterActions.new
-            actions.body_hash = true
-          end
-        end
-        actions
-      end
-
-      def from_json(policy_json)
-        return unless policy_json
-
-        @policy_id = policy_json['policy_id']
-        raise 'Policy ID missing' unless @policy_id
-
-        data_json = (policy_json['data'] || {})
-
-        if data_json.key?('data_discovery')
-          data_discovery_json = data_json['data_discovery']
-          @database_discovery_enabled = data_discovery_json.fetch('database_enabled', false)
-          @enabled = @database_discovery_enabled
-        end
-
-        if data_json.key?('session_id_protections')
-          session_id_protection = data_json['session_id_protections']
-          rule_id = session_id_protection.fetch('id', nil)
-          filter_actions = DataLossPolicy.actions_from_json(session_id_protection)
-          unless filter_actions.nil?
-            @enabled = true
-            filter_actions.action_id = rule_id
-            @session_id_filter_actions = filter_actions
-          end
-        end
-
-        if data_json.key?('request_protections')
-          data_json['request_protections'].each do |protection|
-            context = protection.fetch('variable_context', nil)
-            variables = protection.fetch('variables', nil)
-            scope = protection.fetch('scope', 'global')
-            rule_id = protection.fetch('id', nil)
-            options = protection.fetch('actions', nil)
-            route_ids = []
-
-            if scope == 'global'
-              route_ids = ['*']
-            elsif scope == 'route'
-              route_ids = protection.fetch('route_ids', [])
-            else
-              next
-            end
-
-            next unless context && @request_filter_actions.key?(context) && variables && options
-
-            filter_actions = DataLossPolicy.actions_from_json(options)
-            next if filter_actions.nil?
-
-            @enabled = true
-            filter_actions.action_id = rule_id
-            variables.each do |variable|
-              route_ids.each  do |route_id|
-                if context == RequestProtectionManager::COOKIE
-                  # Case sensitive variable name
-                  @request_filter_actions[context][route_id][variable].add(filter_actions)
-                else
-                  @request_filter_actions[context][route_id][variable.downcase].add(filter_actions)
-                end
-              end
-            end
-          end
-        end
-
-        return unless data_json.key?('db_protections')
-
-        protections = data_json['db_protections']
-        return unless protections
-
-        protections.each do |protection_json|
-          scope = protection_json.fetch('scope', nil)
-          databases = protection_json.fetch('databases', ['*'])
-          schemas = protection_json.fetch('schemas', ['*'])
-          tables = protection_json.fetch('tables', ['*'])
-          fields = protection_json.fetch('fields', nil)
-          rule_id = protection_json.fetch('id', nil)
-          actions = protection_json.fetch('actions', {})
-          filter_actions = DataLossPolicy.actions_from_json(actions)
-          route_ids = ['*']
-
-          if !scope.nil? && scope != 'global' && scope == 'route'
-            route_ids = protection_json.fetch('route_ids', [])
-          end
-
-          next if fields.nil? || filter_actions.nil?
-
-          @enabled = true
-          filter_actions.action_id = rule_id
-          databases.each do |database|
-            schemas.each do |schema|
-              tables.each do |table|
-                fields.each do |field|
-                  route_ids.each do |route_id|
-                    @database_actions[database][schema][table][field][route_id].add(filter_actions)
-                  end
-                end
-              end
-            end
-          end
-        end
-      end
-    end
-  end
-end

data/lib/tcell_agent/rails/dlp/process_request.rb

@@ -1,83 +0,0 @@
-module TCellAgent
-  module DLP
-    def self.handle_request_dlp_parameters(request)
-      TCellAgent::Instrumentation.safe_block('Handling Dataexposure (request forms)') do
-        _handle_dataexpsure_forms(request)
-      end
-
-      TCellAgent::Instrumentation.safe_block('Handling Dataexposure (request headers)') do
-        _handle_dataexpsure_headers(request)
-      end
-
-      TCellAgent::Instrumentation.safe_block('Handling Dataexposure (request cookies)') do
-        _handler_dataexposure_cookies(request)
-      end
-    end
-
-    def self.loop_params_hash(method, param_hash, &block)
-      param_hash.each do |param_name, param_value|
-        if param_value && param_value.is_a?(Hash)
-          loop_params_hash(method, param_value, &block)
-        elsif !param_value || !param_value.instance_of?(String) || param_value == ''
-          next
-        else
-          block.call(method, param_name, param_value)
-        end
-      end
-    end
-
-    def self.for_params(request, &block)
-      get_params = request.GET
-      loop_params_hash('get', get_params, &block) if get_params
-      post_params = request.POST
-      loop_params_hash('post', post_params, &block) if post_params
-    end
-
-    def self._handle_dataexpsure_forms(request)
-      dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
-      tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
-      return unless tcell_context && dataex_policy && dataex_policy.actions_for_form_parameter?
-
-      for_params(request) do |_method, param_name, param_value|
-        actions = dataex_policy.get_actions_for_form_parameter(param_name, tcell_context.route_id)
-        if actions
-          actions.each do |action|
-            tcell_context.add_filter_for_request_parameter(param_value, action, param_name)
-          end
-        end
-      end
-    end
-
-    def self._handle_dataexpsure_headers(request)
-      dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
-      tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
-      return unless tcell_context && dataex_policy && dataex_policy.actions_for_headers?
-
-      headers = request.env.select { |k, _v| k.start_with? 'HTTP_' }
-      headers.each do |header_name, header_value|
-        header_name = header_name.sub(/^HTTP_/, '').tr('_', '-')
-        actions = dataex_policy.get_actions_for_header(header_name)
-        next unless actions
-
-        actions.each do |action|
-          tcell_context.add_filter_for_header_value(header_value, action, header_name)
-        end
-      end
-    end
-
-    def self._handler_dataexposure_cookies(request)
-      dataex_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
-      tcell_context = request.env[TCellAgent::Instrumentation::TCELL_ID]
-      return unless tcell_context && dataex_policy && dataex_policy.actions_for_cookie?
-
-      request.cookies.each do |cookie_name, cookie_value|
-        actions = dataex_policy.get_actions_for_cookie(cookie_name)
-        next unless actions
-
-        actions.each do |action|
-          tcell_context.add_filter_for_cookie_value(cookie_value, action, cookie_name)
-        end
-      end
-    end
-  end
-end