tcell_agent 0.2.13 → 0.2.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/tcell_agent.rb +2 -0
- data/lib/tcell_agent/agent.rb +2 -2
- data/lib/tcell_agent/agent/policy_manager.rb +90 -42
- data/lib/tcell_agent/api.rb +4 -24
- data/lib/tcell_agent/configuration.rb +31 -27
- data/lib/tcell_agent/logger.rb +29 -8
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +2 -2
- data/lib/tcell_agent/rails/auth/devise.rb +0 -2
- data/lib/tcell_agent/servers/rails_server.rb +3 -3
- data/lib/tcell_agent/servers/unicorn.rb +3 -4
- data/lib/tcell_agent/start_background_thread.rb +1 -3
- data/lib/tcell_agent/utils/io.rb +27 -0
- data/lib/tcell_agent/utils/strings.rb +15 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +188 -0
- data/spec/lib/tcell_agent/configuration_spec.rb +14 -23
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +24 -24
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +6 -6
- data/spec/lib/tcell_agent/utils/strings_spec.rb +31 -0
- metadata +6 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 91eb80e7d8e32d4eb83b3db2724492c1bcfa6151
|
|
4
|
+
data.tar.gz: e89d78bc66aa69410ca00dfac6217982a9e36ebf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d1ef60b09773240dec59b976c283867ae5a7d5789ac3e109016916b23a9bb208de9e2c220dafd81a805da5be86e70ac4bc77683b55cd3316da909a3229eee9f4
|
|
7
|
+
data.tar.gz: 019839aec44771e5b8702024c9acbf2a33ab668200681315161105e7d66340bab25d187e1ce12eef45b67bd257064c81b7ed76dc75117c26be37bbd131b15036
|
data/lib/tcell_agent.rb
CHANGED
data/lib/tcell_agent/agent.rb
CHANGED
|
@@ -121,8 +121,8 @@ module TCellAgent
|
|
|
121
121
|
end
|
|
122
122
|
|
|
123
123
|
def start
|
|
124
|
-
if (TCellAgent.configuration.api_key
|
|
125
|
-
TCellAgent.configuration.app_id
|
|
124
|
+
if (TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.api_key) ||
|
|
125
|
+
TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.app_id))
|
|
126
126
|
puts " ********* ********* ********* *********"
|
|
127
127
|
puts "* tCell.io *"
|
|
128
128
|
puts "* Configuration info is missing, you may *"
|
|
@@ -34,7 +34,7 @@ module TCellAgent
|
|
|
34
34
|
return if TCellAgent.configuration.should_start_policy_poll? == false
|
|
35
35
|
@policy_polling_worker_mutex.synchronize do
|
|
36
36
|
return if policy_polling_running?
|
|
37
|
-
|
|
37
|
+
start_policy_polling_loop
|
|
38
38
|
end
|
|
39
39
|
end
|
|
40
40
|
|
|
@@ -49,55 +49,98 @@ module TCellAgent
|
|
|
49
49
|
end
|
|
50
50
|
end
|
|
51
51
|
|
|
52
|
-
def
|
|
53
|
-
if TCellAgent.configuration.should_start_policy_poll?
|
|
52
|
+
def start_policy_polling_loop
|
|
53
|
+
if TCellAgent.configuration.should_start_policy_poll?
|
|
54
|
+
|
|
55
|
+
if TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.tcell_api_url)
|
|
56
|
+
TCellAgent.logger.error("tCell.io tcell_api_url is missing. Disabling policy polling.")
|
|
57
|
+
return
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
if TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.app_id)
|
|
61
|
+
TCellAgent.logger.error("tCell.io app_id is missing. Disabling policy polling.")
|
|
62
|
+
return
|
|
63
|
+
end
|
|
64
|
+
|
|
54
65
|
TCellAgent.logger.debug("Starting policy polling thread")
|
|
66
|
+
|
|
55
67
|
@policy_polling_thread = Thread.new do
|
|
68
|
+
failure_sleep_time = 30
|
|
56
69
|
last_poll_time = 0
|
|
57
70
|
last_run = Time.now
|
|
71
|
+
|
|
58
72
|
loop do
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
if policy_jsons["last_timestamp"] != 0
|
|
67
|
-
last_poll_time = policy_jsons["last_timestamp"]
|
|
68
|
-
end
|
|
69
|
-
elsif policy_jsons.key?("last_id")
|
|
70
|
-
if policy_jsons["last_id"] != 0
|
|
71
|
-
last_poll_time = policy_jsons["last_id"]
|
|
72
|
-
end
|
|
73
|
-
end
|
|
74
|
-
processPolicyJson(policy_jsons)
|
|
75
|
-
rescue Exception => e
|
|
76
|
-
TCellAgent.logger.error("exception while handling connection: #{e.message}")
|
|
77
|
-
TCellAgent.logger.debug(e.backtrace)
|
|
78
|
-
TCellAgent.logger.debug("Sleeping 30 seconds because the tCell.io request failed...")
|
|
79
|
-
sleep(30) #wait a minute before trying again
|
|
80
|
-
end
|
|
81
|
-
if (Time.now - last_run) < 1
|
|
82
|
-
TCellAgent.logger.debug("Rate limiting: sleeping 10 seconds")
|
|
83
|
-
sleep(10)
|
|
73
|
+
failure_sleep_time, last_poll_time = policy_polling_iteration(failure_sleep_time, last_poll_time)
|
|
74
|
+
|
|
75
|
+
if (Time.now - last_run) < 5
|
|
76
|
+
random = Random.new
|
|
77
|
+
sleeptime = sleep(random.rand(5..20))
|
|
78
|
+
TCellAgent.logger.debug("Rate limiting: sleeping #{sleeptime} seconds")
|
|
79
|
+
sleep(sleeptime)
|
|
84
80
|
end
|
|
81
|
+
|
|
85
82
|
last_run = Time.now
|
|
86
83
|
end
|
|
87
84
|
end
|
|
88
|
-
end
|
|
85
|
+
end
|
|
89
86
|
end
|
|
90
87
|
|
|
91
|
-
def
|
|
88
|
+
def policy_polling_iteration(failure_sleep_time, last_poll_time)
|
|
89
|
+
begin
|
|
90
|
+
policy_jsons = @@policy_tapi.pollAPI(last_poll_time)
|
|
92
91
|
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
92
|
+
if policy_jsons == nil
|
|
93
|
+
TCellAgent.logger.error("Policy was nil. Sleeping for #{failure_sleep_time}")
|
|
94
|
+
|
|
95
|
+
sleep(failure_sleep_time)
|
|
96
|
+
|
|
97
|
+
if failure_sleep_time < 480
|
|
98
|
+
failure_sleep_time *= 2
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
return
|
|
102
|
+
|
|
103
|
+
elsif policy_jsons.key?("last_timestamp")
|
|
104
|
+
if policy_jsons["last_timestamp"] != 0
|
|
105
|
+
last_poll_time = policy_jsons["last_timestamp"]
|
|
106
|
+
end
|
|
107
|
+
elsif policy_jsons.key?("last_id")
|
|
108
|
+
if policy_jsons["last_id"] != 0
|
|
109
|
+
last_poll_time = policy_jsons["last_id"]
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
failure_sleep_time = 30
|
|
114
|
+
|
|
115
|
+
processPolicyJson(policy_jsons)
|
|
116
|
+
|
|
117
|
+
rescue RestClient::Exception => rce
|
|
118
|
+
TCellAgent.logger.error("Received error response while contacting api [#{rce.http_code}]: #{rce.message}")
|
|
119
|
+
TCellAgent.logger.debug(rce.backtrace)
|
|
120
|
+
TCellAgent.logger.debug("Sleeping #{failure_sleep_time} seconds because the request failed...")
|
|
121
|
+
sleep(failure_sleep_time)
|
|
122
|
+
|
|
123
|
+
if failure_sleep_time < 480
|
|
124
|
+
failure_sleep_time *= 2
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
rescue Exception => e
|
|
128
|
+
TCellAgent.logger.error("exception while handling connection: #{e.message}")
|
|
129
|
+
TCellAgent.logger.debug(e.backtrace)
|
|
130
|
+
TCellAgent.logger.debug("Sleeping 30 seconds because the tCell.io request failed...")
|
|
131
|
+
sleep(failure_sleep_time)
|
|
96
132
|
|
|
97
|
-
|
|
98
|
-
|
|
133
|
+
if failure_sleep_time < 480
|
|
134
|
+
failure_sleep_time *= 2
|
|
135
|
+
end
|
|
99
136
|
end
|
|
100
137
|
|
|
138
|
+
[failure_sleep_time, last_poll_time]
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
def processPolicyJson(policy_jsons, cache_the_policy=true)
|
|
142
|
+
return if policy_jsons.nil?
|
|
143
|
+
|
|
101
144
|
TCellAgent::PolicyTypes::ClassMap.each do | policy_type, policy_class |
|
|
102
145
|
if (policy_jsons.key?(policy_type))
|
|
103
146
|
new_policy = policy_class.from_json(policy_jsons[policy_type])
|
|
@@ -111,15 +154,18 @@ module TCellAgent
|
|
|
111
154
|
end
|
|
112
155
|
end
|
|
113
156
|
end
|
|
114
|
-
|
|
115
|
-
end # end of processPolicyJson
|
|
157
|
+
end
|
|
116
158
|
|
|
117
159
|
def cache(policy_name, policy)
|
|
118
160
|
cache_filename = TCellAgent.configuration.cache_filename_with_app_id
|
|
119
161
|
|
|
120
162
|
begin
|
|
121
163
|
|
|
122
|
-
|
|
164
|
+
TCellAgent::Utils::IO.create_directory(
|
|
165
|
+
File.dirname(cache_filename),
|
|
166
|
+
TCellAgent.configuration.agent_home_owner
|
|
167
|
+
)
|
|
168
|
+
|
|
123
169
|
f1 = open(cache_filename, File::RDWR|File::CREAT)
|
|
124
170
|
|
|
125
171
|
Timeout::timeout(0.100) { f1.flock(File::LOCK_EX) }
|
|
@@ -151,6 +197,11 @@ module TCellAgent
|
|
|
151
197
|
f1.write( JSON.dump(policy_cache) )
|
|
152
198
|
f1.flush
|
|
153
199
|
f1.truncate(f1.pos)
|
|
200
|
+
|
|
201
|
+
TCellAgent::Utils::IO.set_owner(
|
|
202
|
+
cache_filename,
|
|
203
|
+
TCellAgent.configuration.agent_home_owner
|
|
204
|
+
)
|
|
154
205
|
rescue Exception => e
|
|
155
206
|
TCellAgent.logger.warn(e.message)
|
|
156
207
|
|
|
@@ -162,11 +213,8 @@ module TCellAgent
|
|
|
162
213
|
|
|
163
214
|
def policies_from_cachefile
|
|
164
215
|
cache_filename = TCellAgent.configuration.cache_filename_with_app_id
|
|
165
|
-
cache_exists = File.exist?(cache_filename)
|
|
166
216
|
|
|
167
|
-
|
|
168
|
-
return nil
|
|
169
|
-
end
|
|
217
|
+
return nil unless File.exist?(cache_filename)
|
|
170
218
|
|
|
171
219
|
begin
|
|
172
220
|
f1 = File.open(cache_filename, File::RDONLY)
|
data/lib/tcell_agent/api.rb
CHANGED
|
@@ -13,43 +13,23 @@ module TCellAgent
|
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def pollAPI(last_timestamp=nil)
|
|
16
|
-
if !TCellAgent.configuration || !TCellAgent.configuration.tcell_api_url || !TCellAgent.configuration.app_id
|
|
17
|
-
raise "Config Information Not Found, can't poll tCell service"
|
|
18
|
-
end
|
|
19
16
|
full_url = TCellAgent.configuration.tcell_api_url + "/app/" + TCellAgent.configuration.app_id + "/update"
|
|
20
17
|
if (last_timestamp && last_timestamp != "")
|
|
21
18
|
full_url = full_url + "?last_timestamp=" + last_timestamp.to_s
|
|
22
19
|
end
|
|
20
|
+
|
|
23
21
|
TCellAgent.logger.debug "tCell.io API Request: " + full_url
|
|
24
22
|
request_headers = {
|
|
25
23
|
:Authorization => 'Bearer ' + TCellAgent.configuration.api_key
|
|
26
24
|
}
|
|
25
|
+
|
|
27
26
|
begin
|
|
28
27
|
request_headers[:TCellAgent] = "RubyAgent " + TCellAgent::VERSION
|
|
29
28
|
rescue Exception => e
|
|
30
29
|
TCellAgent.logger.debug("tCell.io Could not add agent string: " + e.message)
|
|
31
30
|
end
|
|
32
|
-
response = RestClient.get full_url,request_headers
|
|
33
|
-
TCellAgent.logger.debug "tCell.io API Response: " + response
|
|
34
|
-
response_json = JSON.parse(response)
|
|
35
|
-
if (response_json && response_json.has_key?("result"))
|
|
36
|
-
return response_json["result"]
|
|
37
|
-
end
|
|
38
|
-
# else result was null and no new information exists...
|
|
39
|
-
return nil
|
|
40
|
-
end
|
|
41
31
|
|
|
42
|
-
|
|
43
|
-
if !TCellAgent.configuration || !TCellAgent.configuration.tcell_api_url || !TCellAgent.configuration.app_id
|
|
44
|
-
raise "Config Information Not Found, can't poll tCell service"
|
|
45
|
-
end
|
|
46
|
-
full_url = TCellAgent.configuration.tcell_api_url + "/api/" + TCellAgent.configuration.app_id + "/csp/poll"
|
|
47
|
-
TCellAgent.logger.debug "tCell.io API Request: " + full_url
|
|
48
|
-
full_url = full_url + "/" + TCellAgent.configuration.api_key
|
|
49
|
-
if (last_timestamp && last_timestamp != "")
|
|
50
|
-
full_url = full_url + "?last_timestamp=" + last_timestamp.to_s
|
|
51
|
-
end
|
|
52
|
-
response = RestClient.get full_url
|
|
32
|
+
response = RestClient.get full_url,request_headers
|
|
53
33
|
TCellAgent.logger.debug "tCell.io API Response: " + response
|
|
54
34
|
response_json = JSON.parse(response)
|
|
55
35
|
if (response_json && response_json.has_key?("result"))
|
|
@@ -99,4 +79,4 @@ module TCellAgent
|
|
|
99
79
|
return false
|
|
100
80
|
end
|
|
101
81
|
end
|
|
102
|
-
end
|
|
82
|
+
end
|
|
@@ -26,21 +26,21 @@ module TCellAgent
|
|
|
26
26
|
:uuid,
|
|
27
27
|
:company,
|
|
28
28
|
:event_batch_size_limit, :event_time_limit_seconds,
|
|
29
|
-
:log_filename,
|
|
30
29
|
:base_dir,
|
|
31
30
|
:cache_filename,
|
|
32
31
|
:js_agent_api_base_url,
|
|
33
32
|
:js_agent_url,
|
|
34
33
|
:raise_exceptions,
|
|
35
|
-
:
|
|
34
|
+
:allow_unencrypted_appfirewall_payloads,
|
|
36
35
|
:blacklisted_params,
|
|
37
36
|
:whitelisted_params,
|
|
38
37
|
:whitelist_present,
|
|
39
38
|
:config_filename,
|
|
40
39
|
:agent_log_dir,
|
|
41
40
|
:max_data_ex_db_records_per_request,
|
|
42
|
-
:
|
|
43
|
-
:
|
|
41
|
+
:allow_unencrypted_appfirewall_payloads_logging,
|
|
42
|
+
:agent_home_dir,
|
|
43
|
+
:agent_home_owner
|
|
44
44
|
|
|
45
45
|
attr_accessor :disable_all,
|
|
46
46
|
:enabled,
|
|
@@ -73,6 +73,11 @@ module TCellAgent
|
|
|
73
73
|
end
|
|
74
74
|
|
|
75
75
|
def initialize(filename="config/tcell_agent.config", useapp=nil)
|
|
76
|
+
# These will be set when the agent starts up, to give rails initializers
|
|
77
|
+
# a chance to run
|
|
78
|
+
@cache_filename = nil
|
|
79
|
+
@agent_log_dir = nil
|
|
80
|
+
|
|
76
81
|
@version = 0
|
|
77
82
|
@exp_config_settings = true
|
|
78
83
|
@demomode = false
|
|
@@ -90,9 +95,9 @@ module TCellAgent
|
|
|
90
95
|
|
|
91
96
|
|
|
92
97
|
@agent_home_dir = File.join(Dir.getwd, "tcell")
|
|
93
|
-
@agent_log_dir = File.join(@agent_home_dir, "logs")
|
|
94
98
|
@config_filename = File.join(Dir.getwd, filename)
|
|
95
99
|
|
|
100
|
+
|
|
96
101
|
@event_batch_size_limit = 50
|
|
97
102
|
@event_time_limit_seconds = 15
|
|
98
103
|
|
|
@@ -103,21 +108,16 @@ module TCellAgent
|
|
|
103
108
|
read_config_using_env
|
|
104
109
|
read_config_from_file(@config_filename)
|
|
105
110
|
|
|
106
|
-
@cache_filename = File.join(@agent_home_dir, "cache", "tcell_agent.cache")
|
|
107
|
-
@log_filename = File.join(@agent_log_dir, "tcell_agent.log")
|
|
108
|
-
|
|
109
|
-
|
|
110
111
|
# Because ENV can override this one
|
|
111
112
|
env_unencrypted_firewall =
|
|
112
113
|
if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"] != nil)
|
|
113
|
-
@
|
|
114
|
+
@allow_unencrypted_appfirewall_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"])
|
|
114
115
|
end
|
|
115
116
|
if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"] != nil)
|
|
116
|
-
@
|
|
117
|
+
@allow_unencrypted_appfirewall_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"])
|
|
117
118
|
end
|
|
118
119
|
|
|
119
|
-
@
|
|
120
|
-
@appfirewall_payloads_log_filename = File.join(@agent_log_dir, "tcell_agent_payloads.log")
|
|
120
|
+
@allow_unencrypted_appfirewall_payloads_logging = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS_LOGGING"])
|
|
121
121
|
|
|
122
122
|
@tcell_api_url ||= "https://api.tcell.io/api/v1"
|
|
123
123
|
@tcell_input_url ||= "https://input.tcell.io/api/v1"
|
|
@@ -134,17 +134,12 @@ module TCellAgent
|
|
|
134
134
|
|
|
135
135
|
@uuid = SecureRandom.uuid
|
|
136
136
|
|
|
137
|
-
FileUtils::mkdir_p File.dirname(@cache_filename)
|
|
138
|
-
if @logging_options && @logging_options["filename"]
|
|
139
|
-
FileUtils::mkdir_p File.dirname(@logging_options["filename"])
|
|
140
|
-
else
|
|
141
|
-
FileUtils::mkdir_p File.dirname(@log_filename)
|
|
142
|
-
end
|
|
143
|
-
|
|
144
137
|
load_app_sensor_restrictions
|
|
145
138
|
end
|
|
146
139
|
|
|
147
140
|
def cache_filename_with_app_id
|
|
141
|
+
@cache_filename ||= File.join(@agent_home_dir, "cache", "tcell_agent.cache")
|
|
142
|
+
|
|
148
143
|
if @app_id
|
|
149
144
|
"#{@cache_filename}.#{@app_id}"
|
|
150
145
|
else
|
|
@@ -162,7 +157,8 @@ module TCellAgent
|
|
|
162
157
|
@demomode = ENV["TCELL_DEMOMODE"] || @demomode
|
|
163
158
|
|
|
164
159
|
@agent_home_dir = ENV["TCELL_AGENT_HOME"] || @agent_home_dir
|
|
165
|
-
@
|
|
160
|
+
@agent_home_owner = ENV["TCELL_AGENT_HOME_OWNER"]
|
|
161
|
+
@agent_log_dir = ENV["TCELL_AGENT_LOG_DIR"]
|
|
166
162
|
@config_filename = ENV["TCELL_AGENT_CONFIG"] || @config_filename
|
|
167
163
|
|
|
168
164
|
if @demomode
|
|
@@ -212,16 +208,15 @@ module TCellAgent
|
|
|
212
208
|
|
|
213
209
|
@use_websockets = app_data["use_websockets"]
|
|
214
210
|
|
|
215
|
-
@
|
|
216
|
-
|
|
211
|
+
@allow_unencrypted_appfirewall_payloads =
|
|
212
|
+
app_data.fetch('allow_unencrypted_appsensor_payloads', @allow_unencrypted_appfirewall_payloads)
|
|
213
|
+
@allow_unencrypted_appfirewall_payloads =
|
|
214
|
+
app_data.fetch('allow_unencrypted_appfirewall_payloads', @allow_unencrypted_appfirewall_payloads)
|
|
217
215
|
|
|
218
216
|
data_exposure = app_data.fetch('data_exposure', {})
|
|
219
217
|
@max_data_ex_db_records_per_request = data_exposure.fetch('max_data_ex_db_records_per_request', @max_data_ex_db_records_per_request)
|
|
220
218
|
|
|
221
219
|
@host_identifier = @host_identifier || app_data.fetch("host_identifier", @host_identifier)
|
|
222
|
-
if (@host_identifier == nil)
|
|
223
|
-
@host_identifier = (Socket.gethostname() || "localhost")
|
|
224
|
-
end
|
|
225
220
|
@hmac_key ||= app_data["hmac_key"] # if not already set
|
|
226
221
|
@session_cookie_names = app_data["session_cookie_names"]
|
|
227
222
|
@uuid = SecureRandom.uuid
|
|
@@ -294,7 +289,7 @@ module TCellAgent
|
|
|
294
289
|
end
|
|
295
290
|
|
|
296
291
|
rescue Exception => e
|
|
297
|
-
@
|
|
292
|
+
@allow_unencrypted_appfirewall_payloads = false
|
|
298
293
|
|
|
299
294
|
puts " ********* ********* ********* **********"
|
|
300
295
|
puts "* tCell.io *"
|
|
@@ -305,6 +300,15 @@ module TCellAgent
|
|
|
305
300
|
end
|
|
306
301
|
end
|
|
307
302
|
|
|
303
|
+
def log_filename
|
|
304
|
+
@agent_log_dir ||= File.join(@agent_home_dir, "logs")
|
|
305
|
+
File.join(@agent_log_dir, "tcell_agent.log")
|
|
306
|
+
end
|
|
307
|
+
|
|
308
|
+
def appfirewall_payloads_log_filename
|
|
309
|
+
@agent_log_dir ||= File.join(@agent_home_dir, "logs")
|
|
310
|
+
File.join(@agent_log_dir, "tcell_agent_payloads.log")
|
|
311
|
+
end
|
|
308
312
|
end # class
|
|
309
313
|
|
|
310
314
|
TCellAgent.configuration ||= TCellAgent::Configuration.new
|
data/lib/tcell_agent/logger.rb
CHANGED
|
@@ -5,6 +5,16 @@ require 'tcell_agent/configuration'
|
|
|
5
5
|
|
|
6
6
|
module TCellAgent
|
|
7
7
|
|
|
8
|
+
class TCellLogDevice < Logger::LogDevice
|
|
9
|
+
def create_logfile(filename)
|
|
10
|
+
logdev = super
|
|
11
|
+
|
|
12
|
+
TCellAgent::Utils::IO.set_owner(filename, TCellAgent.configuration.agent_home_owner)
|
|
13
|
+
|
|
14
|
+
logdev
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
8
18
|
@@logger_pid = Process.pid
|
|
9
19
|
|
|
10
20
|
def self.loggingLevelFromString(levelString)
|
|
@@ -28,9 +38,17 @@ module TCellAgent
|
|
|
28
38
|
return @payloads_logger
|
|
29
39
|
end
|
|
30
40
|
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
41
|
+
TCellAgent::Utils::IO.create_directory(
|
|
42
|
+
File.dirname(TCellAgent.configuration.appfirewall_payloads_log_filename),
|
|
43
|
+
TCellAgent.configuration.agent_home_owner
|
|
44
|
+
)
|
|
45
|
+
|
|
46
|
+
log_device = TCellLogDevice.new(
|
|
47
|
+
TCellAgent.configuration.appfirewall_payloads_log_filename,
|
|
48
|
+
shift_age: 9, shift_size: 5242880
|
|
49
|
+
)
|
|
50
|
+
if TCellAgent.configuration.allow_unencrypted_appfirewall_payloads_logging
|
|
51
|
+
@payloads_logger = Logger.new(log_device)
|
|
34
52
|
@payloads_logger.level = Logger::INFO
|
|
35
53
|
@payloads_logger.formatter = proc do |severity, datetime, progname, msg|
|
|
36
54
|
date_format = datetime.strftime("%Y-%m-%dT%H:%M:%S.%L%:z")
|
|
@@ -40,7 +58,7 @@ module TCellAgent
|
|
|
40
58
|
return @payloads_logger
|
|
41
59
|
end
|
|
42
60
|
|
|
43
|
-
logger = Logger.new(
|
|
61
|
+
logger = Logger.new(log_device)
|
|
44
62
|
logger.level = Logger::ERROR
|
|
45
63
|
return logger
|
|
46
64
|
end
|
|
@@ -53,12 +71,15 @@ module TCellAgent
|
|
|
53
71
|
@logger_pid = Process.pid
|
|
54
72
|
logging_options = TCellAgent.configuration.logging_options
|
|
55
73
|
|
|
74
|
+
logging_file = TCellAgent.configuration.log_filename
|
|
75
|
+
logging_directory = File.dirname(logging_file)
|
|
76
|
+
TCellAgent::Utils::IO.create_directory(logging_directory, TCellAgent.configuration.agent_home_owner)
|
|
77
|
+
|
|
78
|
+
log_device = TCellLogDevice.new(logging_file, shift_age: 9, shift_size: 5242880)
|
|
56
79
|
if logging_options && logging_options["enabled"]
|
|
57
|
-
FileUtils.mkdir_p TCellAgent.configuration.agent_log_dir
|
|
58
80
|
level = loggingLevelFromString(logging_options["level"])
|
|
59
|
-
logging_file = logging_options["filename"] || TCellAgent.configuration.log_filename
|
|
60
81
|
# limit the total log file to about 9 * 5 = 45 mb
|
|
61
|
-
@logger = Logger.new(
|
|
82
|
+
@logger = Logger.new(log_device)
|
|
62
83
|
@logger.level = level
|
|
63
84
|
@logger.formatter = proc do |severity, datetime, progname, msg|
|
|
64
85
|
# ISO 8601 format
|
|
@@ -69,7 +90,7 @@ module TCellAgent
|
|
|
69
90
|
return @logger
|
|
70
91
|
end
|
|
71
92
|
|
|
72
|
-
logger = Logger.new(
|
|
93
|
+
logger = Logger.new(log_device)
|
|
73
94
|
logger.level = Logger::ERROR
|
|
74
95
|
return logger
|
|
75
96
|
end
|
|
@@ -71,7 +71,7 @@ module TCellAgent
|
|
|
71
71
|
vuln_param = vuln_results["param"]
|
|
72
72
|
payload = nil
|
|
73
73
|
|
|
74
|
-
if TCellAgent.configuration.
|
|
74
|
+
if TCellAgent.configuration.allow_unencrypted_appfirewall_payloads
|
|
75
75
|
payload = vuln_results["value"]
|
|
76
76
|
end
|
|
77
77
|
|
|
@@ -105,7 +105,7 @@ module TCellAgent
|
|
|
105
105
|
end
|
|
106
106
|
|
|
107
107
|
def log_appsensor_events(type_of_param, appsensor_meta, vuln_param, vuln_value)
|
|
108
|
-
if TCellAgent.configuration.
|
|
108
|
+
if TCellAgent.configuration.allow_unencrypted_appfirewall_payloads_logging
|
|
109
109
|
event = TCellAgent::SensorEvents::TCellAppSensorEvent.new(
|
|
110
110
|
appsensor_meta.location,
|
|
111
111
|
@detection_point,
|
|
@@ -4,8 +4,8 @@
|
|
|
4
4
|
|
|
5
5
|
Rails::Server.class_eval do
|
|
6
6
|
|
|
7
|
-
alias_method :
|
|
8
|
-
def
|
|
7
|
+
alias_method :tcell_build_app, :build_app
|
|
8
|
+
def build_app(app)
|
|
9
9
|
require("tcell_agent/servers/unicorn") if defined?(Unicorn::HttpServer)
|
|
10
10
|
require("tcell_agent/servers/webrick") if defined?(Rack::Handler::WEBrick)
|
|
11
11
|
require("tcell_agent/servers/thin") if defined?(Thin::Server)
|
|
@@ -23,7 +23,7 @@ Rails::Server.class_eval do
|
|
|
23
23
|
end
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
-
|
|
26
|
+
tcell_build_app(app)
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
end
|
|
@@ -1,10 +1,9 @@
|
|
|
1
1
|
Unicorn::HttpServer.class_eval do
|
|
2
2
|
|
|
3
|
-
# This will be
|
|
4
|
-
#
|
|
5
|
-
# also ensures that a server is running as opposed to a different command such
|
|
3
|
+
# - This will be false when preload_app is false (even when unicorn is sent USR2 SIGNAL)
|
|
4
|
+
# - This check also ensures that a server is running as opposed to a different command such
|
|
6
5
|
# as `bundle exec rails runner User.count`.
|
|
7
|
-
|
|
6
|
+
unless Unicorn::HttpServer::START_CTX && Unicorn::HttpServer::START_CTX[0]
|
|
8
7
|
TCellAgent.run_instrumentation("Unicorn")
|
|
9
8
|
end
|
|
10
9
|
|
|
@@ -13,11 +13,9 @@ if (TCellAgent.configuration.disable_all == false)
|
|
|
13
13
|
|
|
14
14
|
require 'tcell_agent/rails/on_start' if defined?(Rails)
|
|
15
15
|
|
|
16
|
-
|
|
16
|
+
TCellAgent::Instrumentation.safe_block("Starting thread agent") do
|
|
17
17
|
TCellAgent.logger.debug("Instrumenting: #{server_name}")
|
|
18
18
|
TCellAgent.thread_agent.start
|
|
19
|
-
rescue Exception => e
|
|
20
|
-
TCellAgent.logger.error("Could not start thread agent. #{e.message}")
|
|
21
19
|
end
|
|
22
20
|
|
|
23
21
|
if TCellAgent.configuration.should_instrument?
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module TCellAgent
|
|
2
|
+
module Utils
|
|
3
|
+
module IO
|
|
4
|
+
|
|
5
|
+
def self.create_directory(dir, owner=nil)
|
|
6
|
+
unless File.directory?(dir)
|
|
7
|
+
FileUtils.mkdir_p(dir)
|
|
8
|
+
|
|
9
|
+
if TCellAgent::Utils::Strings.present?(owner)
|
|
10
|
+
TCellAgent::Instrumentation.safe_block("Ignoring agent_home_owner value, insufficient privileges") do
|
|
11
|
+
FileUtils.chown( owner, nil, dir )
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def self.set_owner(filename, owner=nil)
|
|
18
|
+
TCellAgent::Instrumentation.safe_block("Ignoring agent_home_owner value, insufficient privileges") do
|
|
19
|
+
if TCellAgent::Utils::Strings.present?(owner) && File.exists?(filename)
|
|
20
|
+
FileUtils.chown( owner, nil, filename )
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
data/lib/tcell_agent/version.rb
CHANGED
|
@@ -5,6 +5,194 @@ module TCellAgent
|
|
|
5
5
|
|
|
6
6
|
describe Agent do
|
|
7
7
|
|
|
8
|
+
describe "#start_policy_polling_loop" do
|
|
9
|
+
context "should_start_policy_poll disabled" do
|
|
10
|
+
it "should not start the policy polling loop" do
|
|
11
|
+
configuration = double(
|
|
12
|
+
"configuration",
|
|
13
|
+
{
|
|
14
|
+
should_start_policy_poll?: false,
|
|
15
|
+
event_time_limit_seconds: nil,
|
|
16
|
+
event_batch_size_limit: nil,
|
|
17
|
+
preload_policy_filename: nil,
|
|
18
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
19
|
+
}
|
|
20
|
+
)
|
|
21
|
+
|
|
22
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
23
|
+
agent = TCellAgent::Agent.new
|
|
24
|
+
|
|
25
|
+
expect(Thread).to_not receive(:new)
|
|
26
|
+
agent.start_policy_polling_loop
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
context "should_start_policy_poll enabled" do
|
|
31
|
+
context "tcell_api_url" do
|
|
32
|
+
context "is nil " do
|
|
33
|
+
it "should not start the policy polling loop" do
|
|
34
|
+
configuration = double(
|
|
35
|
+
"configuration",
|
|
36
|
+
{
|
|
37
|
+
tcell_api_url: nil,
|
|
38
|
+
should_start_policy_poll?: true,
|
|
39
|
+
event_time_limit_seconds: nil,
|
|
40
|
+
event_batch_size_limit: nil,
|
|
41
|
+
preload_policy_filename: nil,
|
|
42
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
43
|
+
}
|
|
44
|
+
)
|
|
45
|
+
|
|
46
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
47
|
+
agent = TCellAgent::Agent.new
|
|
48
|
+
|
|
49
|
+
logger = double("logger")
|
|
50
|
+
|
|
51
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
52
|
+
expect(logger).to receive(:error).with("tCell.io tcell_api_url is missing. Disabling policy polling.")
|
|
53
|
+
expect(Thread).to_not receive(:new)
|
|
54
|
+
agent.start_policy_polling_loop
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
context "is empty" do
|
|
59
|
+
it "should not start the policy polling loop" do
|
|
60
|
+
configuration = double(
|
|
61
|
+
"configuration",
|
|
62
|
+
{
|
|
63
|
+
tcell_api_url: "",
|
|
64
|
+
should_start_policy_poll?: true,
|
|
65
|
+
event_time_limit_seconds: nil,
|
|
66
|
+
event_batch_size_limit: nil,
|
|
67
|
+
preload_policy_filename: nil,
|
|
68
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
69
|
+
}
|
|
70
|
+
)
|
|
71
|
+
|
|
72
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
73
|
+
agent = TCellAgent::Agent.new
|
|
74
|
+
|
|
75
|
+
logger = double("logger")
|
|
76
|
+
|
|
77
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
78
|
+
expect(logger).to receive(:error).with("tCell.io tcell_api_url is missing. Disabling policy polling.")
|
|
79
|
+
expect(Thread).to_not receive(:new)
|
|
80
|
+
agent.start_policy_polling_loop
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
context "is blank space" do
|
|
85
|
+
it "should not start the policy polling loop" do
|
|
86
|
+
configuration = double(
|
|
87
|
+
"configuration",
|
|
88
|
+
{
|
|
89
|
+
tcell_api_url: " ",
|
|
90
|
+
should_start_policy_poll?: true,
|
|
91
|
+
event_time_limit_seconds: nil,
|
|
92
|
+
event_batch_size_limit: nil,
|
|
93
|
+
preload_policy_filename: nil,
|
|
94
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
95
|
+
}
|
|
96
|
+
)
|
|
97
|
+
|
|
98
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
99
|
+
agent = TCellAgent::Agent.new
|
|
100
|
+
|
|
101
|
+
logger = double("logger")
|
|
102
|
+
|
|
103
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
104
|
+
expect(logger).to receive(:error).with("tCell.io tcell_api_url is missing. Disabling policy polling.")
|
|
105
|
+
expect(Thread).to_not receive(:new)
|
|
106
|
+
agent.start_policy_polling_loop
|
|
107
|
+
end
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
context "app_id" do
|
|
112
|
+
context "is nil " do
|
|
113
|
+
it "should not start the policy polling loop" do
|
|
114
|
+
configuration = double(
|
|
115
|
+
"configuration",
|
|
116
|
+
{
|
|
117
|
+
tcell_api_url: "present",
|
|
118
|
+
app_id: nil,
|
|
119
|
+
should_start_policy_poll?: true,
|
|
120
|
+
event_time_limit_seconds: nil,
|
|
121
|
+
event_batch_size_limit: nil,
|
|
122
|
+
preload_policy_filename: nil,
|
|
123
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
124
|
+
}
|
|
125
|
+
)
|
|
126
|
+
|
|
127
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
128
|
+
agent = TCellAgent::Agent.new
|
|
129
|
+
|
|
130
|
+
logger = double("logger")
|
|
131
|
+
|
|
132
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
133
|
+
expect(logger).to receive(:error).with("tCell.io app_id is missing. Disabling policy polling.")
|
|
134
|
+
expect(Thread).to_not receive(:new)
|
|
135
|
+
agent.start_policy_polling_loop
|
|
136
|
+
end
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
context "is empty" do
|
|
140
|
+
it "should not start the policy polling loop" do
|
|
141
|
+
configuration = double(
|
|
142
|
+
"configuration",
|
|
143
|
+
{
|
|
144
|
+
tcell_api_url: "present",
|
|
145
|
+
app_id: "",
|
|
146
|
+
should_start_policy_poll?: true,
|
|
147
|
+
event_time_limit_seconds: nil,
|
|
148
|
+
event_batch_size_limit: nil,
|
|
149
|
+
preload_policy_filename: nil,
|
|
150
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
151
|
+
}
|
|
152
|
+
)
|
|
153
|
+
|
|
154
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
155
|
+
agent = TCellAgent::Agent.new
|
|
156
|
+
|
|
157
|
+
logger = double("logger")
|
|
158
|
+
|
|
159
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
160
|
+
expect(logger).to receive(:error).with("tCell.io app_id is missing. Disabling policy polling.")
|
|
161
|
+
expect(Thread).to_not receive(:new)
|
|
162
|
+
agent.start_policy_polling_loop
|
|
163
|
+
end
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
context "is blank space" do
|
|
167
|
+
it "should not start the policy polling loop" do
|
|
168
|
+
configuration = double(
|
|
169
|
+
"configuration",
|
|
170
|
+
{
|
|
171
|
+
tcell_api_url: "present",
|
|
172
|
+
app_id: " ",
|
|
173
|
+
should_start_policy_poll?: true,
|
|
174
|
+
event_time_limit_seconds: nil,
|
|
175
|
+
event_batch_size_limit: nil,
|
|
176
|
+
preload_policy_filename: nil,
|
|
177
|
+
cache_filename_with_app_id: "cache-file.app_id"
|
|
178
|
+
}
|
|
179
|
+
)
|
|
180
|
+
|
|
181
|
+
expect(TCellAgent).to receive(:configuration).and_return(configuration).at_least(:once)
|
|
182
|
+
agent = TCellAgent::Agent.new
|
|
183
|
+
|
|
184
|
+
logger = double("logger")
|
|
185
|
+
|
|
186
|
+
expect(TCellAgent).to receive(:logger).and_return(logger)
|
|
187
|
+
expect(logger).to receive(:error).with("tCell.io app_id is missing. Disabling policy polling.")
|
|
188
|
+
expect(Thread).to_not receive(:new)
|
|
189
|
+
agent.start_policy_polling_loop
|
|
190
|
+
end
|
|
191
|
+
end
|
|
192
|
+
end
|
|
193
|
+
end
|
|
194
|
+
end
|
|
195
|
+
|
|
8
196
|
describe "#cache" do
|
|
9
197
|
context "with an existing cached file" do
|
|
10
198
|
|
|
@@ -29,7 +29,7 @@ module TCellAgent
|
|
|
29
29
|
expect(File).to_not receive(:open)
|
|
30
30
|
configuration = TCellAgent::Configuration.new
|
|
31
31
|
|
|
32
|
-
expect(configuration.
|
|
32
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
|
33
33
|
expect(configuration.blacklisted_params).to eq({
|
|
34
34
|
"token" => true,
|
|
35
35
|
"client_secret" => true,
|
|
@@ -58,7 +58,7 @@ module TCellAgent
|
|
|
58
58
|
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
|
59
59
|
configuration = TCellAgent::Configuration.new
|
|
60
60
|
|
|
61
|
-
expect(configuration.
|
|
61
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(false)
|
|
62
62
|
expect(configuration.blacklisted_params).to eq({
|
|
63
63
|
"token" => true,
|
|
64
64
|
"client_secret" => true,
|
|
@@ -87,7 +87,7 @@ module TCellAgent
|
|
|
87
87
|
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
|
88
88
|
configuration = TCellAgent::Configuration.new
|
|
89
89
|
|
|
90
|
-
expect(configuration.
|
|
90
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
|
91
91
|
expect(configuration.blacklisted_params).to eq({
|
|
92
92
|
"token" => true,
|
|
93
93
|
"client_secret" => true,
|
|
@@ -115,7 +115,7 @@ module TCellAgent
|
|
|
115
115
|
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
|
116
116
|
configuration = TCellAgent::Configuration.new
|
|
117
117
|
|
|
118
|
-
expect(configuration.
|
|
118
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
|
119
119
|
expect(configuration.blacklisted_params).to eq({"passwd" => true})
|
|
120
120
|
expect(configuration.whitelisted_params).to eq({})
|
|
121
121
|
expect(configuration.whitelist_present).to eq(false)
|
|
@@ -135,7 +135,7 @@ module TCellAgent
|
|
|
135
135
|
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
|
136
136
|
configuration = TCellAgent::Configuration.new
|
|
137
137
|
|
|
138
|
-
expect(configuration.
|
|
138
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
|
139
139
|
expect(configuration.blacklisted_params).to eq({
|
|
140
140
|
"token" => true,
|
|
141
141
|
"client_secret" => true,
|
|
@@ -163,7 +163,7 @@ module TCellAgent
|
|
|
163
163
|
expect(File).to receive(:open).with("config/tcell_agent_payloads.config").and_return(payloads_file)
|
|
164
164
|
configuration = TCellAgent::Configuration.new
|
|
165
165
|
|
|
166
|
-
expect(configuration.
|
|
166
|
+
expect(configuration.allow_unencrypted_appfirewall_payloads).to eq(true)
|
|
167
167
|
expect(configuration.blacklisted_params).to eq({"ssn" => true})
|
|
168
168
|
expect(configuration.whitelisted_params).to eq({"passwd" => true})
|
|
169
169
|
expect(configuration.whitelist_present).to eq(true)
|
|
@@ -179,8 +179,8 @@ module TCellAgent
|
|
|
179
179
|
it "should set cache file, config, and log file to defaults" do
|
|
180
180
|
configuration = Configuration.new
|
|
181
181
|
|
|
182
|
-
expect(configuration.
|
|
183
|
-
|
|
182
|
+
expect(configuration.cache_filename_with_app_id).to match(
|
|
183
|
+
/tcell\/cache\/tcell_agent.cache/
|
|
184
184
|
)
|
|
185
185
|
expect(configuration.log_filename).to eq(
|
|
186
186
|
File.join(Dir.getwd, "tcell/logs/tcell_agent.log")
|
|
@@ -197,13 +197,10 @@ module TCellAgent
|
|
|
197
197
|
|
|
198
198
|
ENV["TCELL_AGENT_HOME"] = "spec_tcell_home"
|
|
199
199
|
|
|
200
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_home/cache")
|
|
201
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_home/logs")
|
|
202
|
-
|
|
203
200
|
configuration = Configuration.new
|
|
204
201
|
|
|
205
|
-
expect(configuration.
|
|
206
|
-
|
|
202
|
+
expect(configuration.cache_filename_with_app_id).to match(
|
|
203
|
+
/spec_tcell_home\/cache\/tcell_agent.cache/
|
|
207
204
|
)
|
|
208
205
|
expect(configuration.log_filename).to eq(
|
|
209
206
|
"spec_tcell_home/logs/tcell_agent.log"
|
|
@@ -224,13 +221,10 @@ module TCellAgent
|
|
|
224
221
|
ENV["TCELL_AGENT_HOME"] = "spec_tcell_home"
|
|
225
222
|
ENV["TCELL_AGENT_LOG_DIR"] = "spec_tcell_log_dir"
|
|
226
223
|
|
|
227
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_home/cache")
|
|
228
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_log_dir")
|
|
229
|
-
|
|
230
224
|
configuration = Configuration.new
|
|
231
225
|
|
|
232
|
-
expect(configuration.
|
|
233
|
-
|
|
226
|
+
expect(configuration.cache_filename_with_app_id).to match(
|
|
227
|
+
/spec_tcell_home\/cache\/tcell_agent.cache/
|
|
234
228
|
)
|
|
235
229
|
expect(configuration.log_filename).to eq(
|
|
236
230
|
"spec_tcell_log_dir/tcell_agent.log"
|
|
@@ -254,13 +248,10 @@ module TCellAgent
|
|
|
254
248
|
ENV["TCELL_AGENT_LOG_DIR"] = "spec_tcell_log_dir"
|
|
255
249
|
ENV["TCELL_AGENT_CONFIG"] = "spec_config/tcell_agent.config"
|
|
256
250
|
|
|
257
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_log_dir")
|
|
258
|
-
expect(FileUtils).to receive(:mkdir_p).with("spec_tcell_home/cache")
|
|
259
|
-
|
|
260
251
|
configuration = Configuration.new
|
|
261
252
|
|
|
262
|
-
expect(configuration.
|
|
263
|
-
|
|
253
|
+
expect(configuration.cache_filename_with_app_id).to match(
|
|
254
|
+
/spec_tcell_home\/cache\/tcell_agent.cache/
|
|
264
255
|
)
|
|
265
256
|
expect(configuration.log_filename).to eq(
|
|
266
257
|
"spec_tcell_log_dir/tcell_agent.log"
|
|
@@ -243,8 +243,8 @@ module TCellAgent
|
|
|
243
243
|
@sensor.exclude_cookies = true
|
|
244
244
|
configuration = double(
|
|
245
245
|
"configuration",
|
|
246
|
-
|
|
247
|
-
|
|
246
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
247
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
248
248
|
blacklisted_params: {},
|
|
249
249
|
whitelist_present: false
|
|
250
250
|
)
|
|
@@ -267,7 +267,7 @@ module TCellAgent
|
|
|
267
267
|
expect(result).to eq(true)
|
|
268
268
|
end
|
|
269
269
|
|
|
270
|
-
context "
|
|
270
|
+
context "allow_unencrypted_appfirewall_payloads is false" do
|
|
271
271
|
context "param is blacklisted" do
|
|
272
272
|
it "should return true" do
|
|
273
273
|
@sensor.exclude_forms = false
|
|
@@ -275,8 +275,8 @@ module TCellAgent
|
|
|
275
275
|
|
|
276
276
|
configuration = double(
|
|
277
277
|
"configuration",
|
|
278
|
-
|
|
279
|
-
|
|
278
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
279
|
+
allow_unencrypted_appfirewall_payloads: false,
|
|
280
280
|
blacklisted_params: {"vuln_param" => true},
|
|
281
281
|
whitelist_present: false
|
|
282
282
|
)
|
|
@@ -307,8 +307,8 @@ module TCellAgent
|
|
|
307
307
|
|
|
308
308
|
configuration = double(
|
|
309
309
|
"configuration",
|
|
310
|
-
|
|
311
|
-
|
|
310
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
311
|
+
allow_unencrypted_appfirewall_payloads: false,
|
|
312
312
|
blacklisted_params: {},
|
|
313
313
|
whitelist_present: true,
|
|
314
314
|
whitelisted_params: {"vuln_param" => true}
|
|
@@ -340,8 +340,8 @@ module TCellAgent
|
|
|
340
340
|
|
|
341
341
|
configuration = double(
|
|
342
342
|
"configuration",
|
|
343
|
-
|
|
344
|
-
|
|
343
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
344
|
+
allow_unencrypted_appfirewall_payloads: false,
|
|
345
345
|
blacklisted_params: {},
|
|
346
346
|
whitelist_present: false
|
|
347
347
|
)
|
|
@@ -366,7 +366,7 @@ module TCellAgent
|
|
|
366
366
|
end
|
|
367
367
|
end
|
|
368
368
|
|
|
369
|
-
context "
|
|
369
|
+
context "allow_unencrypted_appfirewall_payloads is true" do
|
|
370
370
|
context "params is blacklisted" do
|
|
371
371
|
it "should return true" do
|
|
372
372
|
@sensor.exclude_forms = false
|
|
@@ -374,8 +374,8 @@ module TCellAgent
|
|
|
374
374
|
|
|
375
375
|
configuration = double(
|
|
376
376
|
"configuration",
|
|
377
|
-
|
|
378
|
-
|
|
377
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
378
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
379
379
|
blacklisted_params: {"vuln_param" => true},
|
|
380
380
|
whitelist_present: false
|
|
381
381
|
)
|
|
@@ -406,8 +406,8 @@ module TCellAgent
|
|
|
406
406
|
|
|
407
407
|
configuration = double(
|
|
408
408
|
"configuration",
|
|
409
|
-
|
|
410
|
-
|
|
409
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
410
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
411
411
|
blacklisted_params: {},
|
|
412
412
|
whitelist_present: true,
|
|
413
413
|
whitelisted_params: {"vuln_param" => true}
|
|
@@ -439,8 +439,8 @@ module TCellAgent
|
|
|
439
439
|
|
|
440
440
|
configuration = double(
|
|
441
441
|
"configuration",
|
|
442
|
-
|
|
443
|
-
|
|
442
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
443
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
444
444
|
blacklisted_params: {"vuln_param" => true},
|
|
445
445
|
whitelist_present: true,
|
|
446
446
|
whitelisted_params: {"vuln_param" => true}
|
|
@@ -472,8 +472,8 @@ module TCellAgent
|
|
|
472
472
|
|
|
473
473
|
configuration = double(
|
|
474
474
|
"configuration",
|
|
475
|
-
|
|
476
|
-
|
|
475
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
476
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
477
477
|
blacklisted_params: {},
|
|
478
478
|
whitelist_present: false
|
|
479
479
|
)
|
|
@@ -522,8 +522,8 @@ module TCellAgent
|
|
|
522
522
|
@sensor.exclude_cookies = true
|
|
523
523
|
configuration = double(
|
|
524
524
|
"configuration",
|
|
525
|
-
|
|
526
|
-
|
|
525
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
526
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
527
527
|
blacklisted_params: {},
|
|
528
528
|
whitelist_present: false
|
|
529
529
|
)
|
|
@@ -570,8 +570,8 @@ module TCellAgent
|
|
|
570
570
|
@sensor.exclude_cookies = true
|
|
571
571
|
configuration = double(
|
|
572
572
|
"configuration",
|
|
573
|
-
|
|
574
|
-
|
|
573
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
574
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
575
575
|
blacklisted_params: {},
|
|
576
576
|
whitelist_present: false
|
|
577
577
|
)
|
|
@@ -603,8 +603,8 @@ module TCellAgent
|
|
|
603
603
|
@sensor.exclude_cookies = false
|
|
604
604
|
configuration = double(
|
|
605
605
|
"configuration",
|
|
606
|
-
|
|
607
|
-
|
|
606
|
+
allow_unencrypted_appfirewall_payloads_logging: false,
|
|
607
|
+
allow_unencrypted_appfirewall_payloads: true,
|
|
608
608
|
blacklisted_params: {},
|
|
609
609
|
whitelist_present: false
|
|
610
610
|
)
|
|
@@ -103,8 +103,8 @@ module TCellAgent
|
|
|
103
103
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
104
104
|
end
|
|
105
105
|
it "checks that payload is sent in xss with route_id" do
|
|
106
|
-
old_uap = TCellAgent.configuration.
|
|
107
|
-
TCellAgent.configuration.
|
|
106
|
+
old_uap = TCellAgent.configuration.allow_unencrypted_appfirewall_payloads
|
|
107
|
+
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads = true
|
|
108
108
|
response = request2.get("/foo?xyz=%3Cscript%3Ealert(1)%3C%2Fscript%3E")
|
|
109
109
|
expected_as = {
|
|
110
110
|
"event_type"=>"as",
|
|
@@ -117,7 +117,7 @@ module TCellAgent
|
|
|
117
117
|
"loc"=>"http://example.org/foo?xyz=",
|
|
118
118
|
"tid"=>"a-b-c-d-e-f",
|
|
119
119
|
"payload"=>"<script>alert(1)</script>"}
|
|
120
|
-
TCellAgent.configuration.
|
|
120
|
+
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads= old_uap
|
|
121
121
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
122
122
|
end
|
|
123
123
|
|
|
@@ -179,8 +179,8 @@ module TCellAgent
|
|
|
179
179
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
180
180
|
end
|
|
181
181
|
it "checks that payload is sent" do
|
|
182
|
-
old_uap = TCellAgent.configuration.
|
|
183
|
-
TCellAgent.configuration.
|
|
182
|
+
old_uap = TCellAgent.configuration.allow_unencrypted_appfirewall_payloads
|
|
183
|
+
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads = true
|
|
184
184
|
response = request.get("/foo?xyz=/etc/passwd", 'REMOTE_ADDR' => '1.3.3.4,3.4.5.6')
|
|
185
185
|
expected_as = {
|
|
186
186
|
"event_type"=>"as",
|
|
@@ -192,7 +192,7 @@ module TCellAgent
|
|
|
192
192
|
"loc"=>"http://example.org/foo?xyz=",
|
|
193
193
|
"tid"=>"a-b-c-d-e-f",
|
|
194
194
|
"payload"=>"/etc/passwd"}
|
|
195
|
-
TCellAgent.configuration.
|
|
195
|
+
TCellAgent.configuration.allow_unencrypted_appfirewall_payloads = old_uap
|
|
196
196
|
expect(TCellAgent.event_queue).to include(expected_as)
|
|
197
197
|
end
|
|
198
198
|
end #/conext
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
require 'spec_helper'
|
|
2
|
+
|
|
3
|
+
module TCellAgent
|
|
4
|
+
module Utils
|
|
5
|
+
describe ".blank?" do
|
|
6
|
+
context "with nil" do
|
|
7
|
+
it "should return true" do
|
|
8
|
+
expect(Strings.blank?(nil)).to be(true)
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
context "with empty string" do
|
|
13
|
+
it "should return true" do
|
|
14
|
+
expect(Strings.blank?("")).to be(true)
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
context "with white space string" do
|
|
19
|
+
it "should return true" do
|
|
20
|
+
expect(Strings.blank?("\t \r\n \s\s")).to be(true)
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
context "with a string containing non whitespace chars" do
|
|
25
|
+
it "should return false" do
|
|
26
|
+
expect(Strings.blank?("A\t \r\n \s\s")).to be(false)
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tcell_agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.14
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Garrett
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-05-
|
|
11
|
+
date: 2016-05-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rest-client
|
|
@@ -190,8 +190,10 @@ files:
|
|
|
190
190
|
- lib/tcell_agent/start_background_thread.rb
|
|
191
191
|
- lib/tcell_agent/system_info.rb
|
|
192
192
|
- lib/tcell_agent/userinfo.rb
|
|
193
|
+
- lib/tcell_agent/utils/io.rb
|
|
193
194
|
- lib/tcell_agent/utils/params.rb
|
|
194
195
|
- lib/tcell_agent/utils/queue_with_timeout.rb
|
|
196
|
+
- lib/tcell_agent/utils/strings.rb
|
|
195
197
|
- lib/tcell_agent/version.rb
|
|
196
198
|
- lib/tcell_agent.rb
|
|
197
199
|
- spec/apps/rails-3.2/app/assets/images/rails.png
|
|
@@ -279,6 +281,7 @@ files:
|
|
|
279
281
|
- spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
|
|
280
282
|
- spec/lib/tcell_agent/utils/bounded_queue_spec.rb
|
|
281
283
|
- spec/lib/tcell_agent/utils/params_spec.rb
|
|
284
|
+
- spec/lib/tcell_agent/utils/strings_spec.rb
|
|
282
285
|
- spec/lib/tcell_agent_spec.rb
|
|
283
286
|
- spec/spec_helper.rb
|
|
284
287
|
- spec/support/middleware_helper.rb
|
|
@@ -401,6 +404,7 @@ test_files:
|
|
|
401
404
|
- spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb
|
|
402
405
|
- spec/lib/tcell_agent/utils/bounded_queue_spec.rb
|
|
403
406
|
- spec/lib/tcell_agent/utils/params_spec.rb
|
|
407
|
+
- spec/lib/tcell_agent/utils/strings_spec.rb
|
|
404
408
|
- spec/lib/tcell_agent_spec.rb
|
|
405
409
|
- spec/spec_helper.rb
|
|
406
410
|
- spec/support/middleware_helper.rb
|