tcell_agent 0.2.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 89400e737468ee73780a481cccf4e21c684f0749
+  data.tar.gz: 61f6bdb301b0b0586f955183401b7004aaaa5c84
+SHA512:
+  metadata.gz: 22bc24714bf4f233b7b338b9f48e9abad27e78982d6730f75f8774f49bb9a16dbbd54266f21e7762309e878de6f6093845992d1ca3e76f6725d633062b826b03
+  data.tar.gz: 4becf0b297b2dc0bda7199525d0973cc737009b8fac7ebd7e18dd6277e445b6dd11e42f17a0f73ca6de73eed46c074de4fc96267708b50a199beac9e49b07495

data/LICENSE

@@ -0,0 +1,4 @@
+Copyright (C) 2015 tCell.io, Inc. - All Rights Reserved
+Proprietary and confidential
+
+http://choosealicense.com/licenses/no-license/

data/README.md

@@ -0,0 +1,43 @@
+# TCellAgent [![Build Status](https://magnum.travis-ci.com/tcellio/rubyagent-tcell.svg?token=j7YU3iPt38CqCoDeM83P)](https://magnum.travis-ci.com/tcellio/rubyagent-tcell)
+
+TCell Agent - Instruments Rails & Sinatra
+
+## Installation
+
+Download the GEM file and unpack it:
+
+    $ curl -O https://s3-us-west-2.amazonaws.com/tcell-agent-download/duvm4dj/tcell_agent-0.2.0.gem
+    
+In your rails directory
+    
+    $ mv tcell_agent-0.2.0.gem vendor/cache/
+    $ bundle install
+
+Add this line to your application's Gemfile:
+
+
+```ruby 
+gem 'tcell_agent', '0.2.0'
+```
+or if you're using the repository directly.
+```ruby
+gem "tcell_agent", :path => "<path to your tcell_agent repo>"
+```
+
+And then execute:
+
+    $ bundle
+
+## Usage
+
+You can download the config file from the Agents section of the application then move it to the config directory
+
+    $ cp ~/Downloads/tcell_agent.config config/
+
+Or run the helper command
+
+    $ bundle exec tcell_agent setup
+
+Or if running from the repo:
+
+    $ bundle exec <path to repo>/rubyagent-tcell/bin/tcell_agent 

data/Rakefile

@@ -0,0 +1,7 @@
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+desc "Run tests"
+task :default => :spec
+task :test => :spec

data/bin/tcell_agent

@@ -0,0 +1,171 @@
+#!/usr/bin/env ruby
+
+#todo: so a small bit becames something, larger, rewrite as a real cmdline script
+
+require 'fileutils'
+require 'json'
+
+def yesno(default=true)
+  begin
+    system("stty raw -echo")
+    str = STDIN.getc
+  ensure
+    system("stty -raw echo")
+  end
+  if str == "Y" || str == "y"
+    return true
+  elsif str == "N" || str == "n"
+    return false
+  else
+    return default
+  end
+end
+
+CONFIG_DIR = 'config'
+CONFIG_FILE = 'config/tcell_agent.config'
+
+if (ARGV.length == 0)
+  puts "Usage: tcell_agent command [options]"
+  puts "    setup           Setup new config file"
+  puts "     test           Test classes and config"
+  puts "  preload (filename|rm)        Set the preload file, 'rm' removes it"
+
+  Kernel.exit(1)
+end
+
+if (ARGV[0] == 'setup')
+  if !File.directory?(CONFIG_DIR)
+    print "Directory 'config' not found, create? [Y/n]"
+    answer = yesno()
+    print "\n"
+    if !answer
+      puts "ERROR: Could not create config"
+      Kernel.exit(1)
+    end
+    FileUtils::mkdir_p CONFIG_DIR
+  end
+  if File.exists?(CONFIG_FILE)
+    print "Config file already exists, overwrite? [y/N]"
+    answer = yesno(false)
+    print "\n"
+    if !answer
+      puts "Keeping existing config"
+      Kernel.exit(1)
+    end
+  end
+  print "Enter your API Key (ie gAABAAAA...): "
+  api_key = STDIN.gets.chomp
+  print "Enter your App ID (ie MyApp-Fdk4j): "
+  app_id = STDIN.gets.chomp
+  config_hash = {
+    "version"=>1,
+    "applications"=>[
+      {
+        "app_id"=>app_id,
+        "api_key"=>api_key
+      }
+    ]
+  }
+  File.open(CONFIG_FILE, 'w'){|f| f.puts JSON.pretty_generate(config_hash) }
+  puts "done."
+
+elsif (ARGV[0] == 'loglevel')
+  if (ARGV.length != 2)
+    puts "Usage: tcell_agent loglevel ERROR|INFO|DEBUG|OFF"
+    Kernel.exit(1)
+  end
+  file = File.read(CONFIG_FILE)
+  config_hash = JSON.parse(file)
+  loglevel = ARGV[1].upcase
+  logging_options = config_hash["applications"][0].fetch("logging_options",{})
+  if loglevel == "OFF"
+    logging_options["enabled"] = false
+  elsif loglevel == "ERROR" || loglevel == "INFO" || loglevel == "DEBUG"
+    logging_options["enabled"] = true    
+    logging_options["level"] = loglevel
+  else
+    puts "Usage: tcell_agent loglevel ERROR|INFO|DEBUG|OFF"
+    Kernel.exit(1)
+  end
+  config_hash["applications"][0]["logging_options"] = logging_options
+  File.open(CONFIG_FILE, 'w'){|f| f.puts JSON.pretty_generate(config_hash) }
+  puts "done."
+
+elsif (ARGV[0] == 'preload')
+  if (ARGV.length != 2)
+    puts "Usage tcell_agent preload <filename>|rm"
+    Kernel.exit(1)
+  end
+  if !File.exists?(CONFIG_FILE)
+    puts "Config file not found, run 'tcell_agent setup' first"
+    Kernel.exit(1)
+  end
+  file = File.read(CONFIG_FILE)
+  config_hash = JSON.parse(file)
+  preload_policy_filename = ARGV[1]
+  if preload_policy_filename == "rm"
+    config_hash["applications"][0].delete("preload_policy_filename")
+  else
+    config_hash["applications"][0]["preload_policy_filename"] = ARGV[1]
+  end
+  File.open(CONFIG_FILE, 'w'){|f| f.puts JSON.pretty_generate(config_hash) }
+  puts "done."
+
+elsif (ARGV[0] == 'test')
+  puts
+  printf "%-50s", "Config file exists... "
+  if !File.exists?(CONFIG_FILE)
+    puts "failed"
+    Kernel.exit(1)
+  end
+  puts "passed"
+
+  printf "%-50s", "Config valid json... "
+  file = File.read(CONFIG_FILE)
+  config_hash = JSON.parse(file)
+  puts "passed"
+
+  printf "%-50s", "Config file has valid version... "
+  if config_hash.fetch("version") != 1
+    puts "failed"
+    Kernel.exit(1)
+  end
+  puts "passed"
+
+  printf "%-50s", "Config file has application..."
+  if config_hash.fetch("applications").length == 0
+    puts "failed"
+    Kernel.exit(1)
+  end
+  puts "passed"
+
+  printf "%-50s", "Application has api_key and app_id... "
+  tcell_application = config_hash.fetch("applications")[0]
+  if !tcell_application.key?("app_id") || !tcell_application.key?("api_key")
+    puts "failed"
+    Kernel.exit(1)
+  end
+  puts "passed"
+
+  printf "%-50s", "Requiring configuration library... "
+  require 'tcell_agent/configuration'
+  require 'tcell_agent/api'
+  puts "passed"
+
+  printf "%-50s", "Make test API call for policies... "
+  api = TCellAgent::TCellApi.new
+  api.pollAPI
+  puts "passed"
+
+  printf "%-50s", "Sending a Test event... "
+  send_succeeded = api.sendEventSet([])
+  if !send_succeeded
+    puts "failed"
+    Kernel.exit(1)
+  end
+  puts "passed"
+  puts
+  puts "all tests passed, looks good."
+  puts "done."
+end
+

data/config/initializers/authlogic_auth.rb

@@ -0,0 +1,51 @@
+# See the file "LICENSE" for the full license governing this code.
+
+require 'tcell_agent/logger'
+require 'tcell_agent/configuration'
+require 'tcell_agent/instrumentation'
+
+module TCellAgent
+    if defined?(Authlogic)
+        TCellAgent.logger.debug("Instrumenting Authlogic")
+        if (TCellAgent.configuration.enabled && TCellAgent.configuration.instrument_for_events)
+            require 'tcell_agent/agent'
+            require 'tcell_agent/sensor_events/login_fraud'
+            Authlogic::Session::Base.class_eval do
+              alias_method :original_save, :save
+              def save(&block)
+                user_logged_in_before = (user != nil)
+                success = original_save
+                user_logged_in_after = (user != nil)
+                TCellAgent::Instrumentation.safe_block("Authlogic login info") {
+                    login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+                    if (login_fraud_policy && login_fraud_policy.enabled)
+                        user_id = nil
+                        TCellAgent::Instrumentation.safe_block("getting userid for login form") {
+                            user_id = self.send(self.class.login_field.to_sym)
+                        }
+                        if (user_logged_in_before && user_logged_in_after)
+                            #password changed or logged in as another user
+                        elsif (!user_logged_in_before && !user_logged_in_after)
+                            if (login_fraud_policy.login_failed_enabled)
+                                request = Authlogic::Session::Base.controller.request
+                                response = Authlogic::Session::Base.controller.response
+                                hmac_session_id = request.env["tcell.request_data"].hmac_session_id
+                                event = TCellAgent::SensorEvents::LoginFailure.new(request, response, user_id, hmac_session_id)
+                                TCellAgent.send_event(event)
+                            end       
+                        elsif (!user_logged_in_before && user_logged_in_after)
+                            if (login_fraud_policy.login_success_enabled)
+                                request = Authlogic::Session::Base.controller.request
+                                response = Authlogic::Session::Base.controller.response
+                                hmac_session_id = request.env["tcell.request_data"].hmac_session_id
+                                event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
+                                TCellAgent.send_event(event)
+                            end
+                        end
+                    end
+                }
+              end
+            end 
+        end # if instrument
+    end # if Authlogic
+end

data/config/initializers/devise_auth.rb

@@ -0,0 +1,167 @@
+# See the file "LICENSE" for the full license governing this code.
+
+require 'tcell_agent/logger'
+require 'tcell_agent/configuration'
+require 'tcell_agent/userinfo'
+require 'tcell_agent/instrumentation'
+
+module TCellAgent
+  if defined?(Devise)
+
+    if (TCellAgent.configuration.enabled && TCellAgent.configuration.instrument_for_events)
+      TCellAgent.logger.debug("Instrumenting Devise")
+
+      require 'tcell_agent/agent'
+      require 'tcell_agent/sensor_events/login_fraud'
+      require 'tcell_agent/sensor_events/app_sensor'
+      require 'tcell_agent/policies/appsensor_policy'
+
+      # Devise::OmniauthCallbacksController.class_eval do
+      #   after_filter :log_after_login
+      #   alias_method :original_failure, :failure
+
+      #   def failure
+      #     TCellAgent::Instrumentation.safe_block("Omniauth login failed") {
+      #       login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+      #       if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_failed_enabled)
+      #         hmac_session_id = request.env["tcell.request_data"].hmac_session_id
+      #         event = TCellAgent::SensorEvents::LoginFailure.new(request, response, nil, hmac_session_id)
+      #         TCellAgent.send_event(event)         
+      #       end
+      #       appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
+      #       if (appsensor_policy && appsensor_policy.enabled && appsensor_policy.option_enabled?("login_failure"))
+      #         hmac_session_id = request.env["tcell.request_data"].hmac_session_id
+      #         event = TCellAgent::SensorEvents::TCellAppSensorEvent.new(
+      #           request.fullpath,
+      #           TCellAgent::Policies::AppSensorPolicy::DP_LOGIN_FAILURE,
+      #           request.remote_ip,
+      #           nil,
+      #           request.env["tcell.request_data"].route_id,
+      #           data=nil,
+      #           transaction_id=nil,
+      #           session_id=hmac_session_id,
+      #           user_id=nil)
+      #         TCellAgent.send_event(event)
+      #       end            
+      #     }
+      #     original_failure
+      #   end
+      #   private
+      #   def log_after_login
+      #     TCellAgent::Instrumentation.safe_block("Omniauth login successful") {
+      #       login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+      #       if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_success_enabled)
+      #         omniauth = env["omniauth.auth"]          
+      #         if (omniauth)
+      #           hmac_session_id = request.env["tcell.request_data"].hmac_session_id
+      #           user_id = request.env["tcell.request_data"].user_id
+      #           event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
+      #           TCellAgent.send_event(event)         
+      #         end
+      #       end
+      #     }
+      #   end 
+      # end
+
+      Devise::SessionsController.class_eval do
+        after_filter :log_failed_login, :only => :new
+
+        alias_method :original_new, :new
+        def new
+          original_new
+        end
+
+        alias_method :original_create, :create
+        def create(&block)
+          results = original_create(&block)
+          TCellAgent::Instrumentation.safe_block("Devise login successful") {
+            tcell_username = _get_tcell_username
+            login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+            if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_success_enabled)
+              hmac_session_id = request.env["tcell.request_data"].hmac_session_id
+              request.env["tcell.request_data"].user_id = TCellAgent::UserInformation.getUserFromRequest(request)
+              user_id = tcell_username || request.env["tcell.request_data"].user_id
+              event = TCellAgent::SensorEvents::LoginSuccess.new(request, response, user_id, hmac_session_id)
+              TCellAgent.send_event(event)         
+            end
+          }
+          results
+        end
+
+        def _get_tcell_username
+          _tcell_username = nil
+          TCellAgent::Instrumentation.safe_block("devise login - get username") {
+            keys = resource_class.authentication_keys.dup
+            user_params = request.POST.fetch("user",{})
+            keys.each do |key|
+              next_usename = user_params.fetch(key, nil)
+              if next_usename
+                _tcell_username ||= ""
+                _tcell_username += next_usename
+              end
+            end
+          }
+          _tcell_username
+        end
+
+        private
+        def log_failed_login
+          TCellAgent::Instrumentation.safe_block("Devise login failed") {
+            tcell_username = _get_tcell_username
+            login_fraud_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LoginFraud)
+            if (login_fraud_policy && login_fraud_policy.enabled && login_fraud_policy.login_failed_enabled)
+              if failed_login?
+                hmac_session_id = request.env["tcell.request_data"].hmac_session_id
+                event = TCellAgent::SensorEvents::LoginFailure.new(request, response, tcell_username, hmac_session_id)
+                TCellAgent.send_event(event)
+              end
+            end
+            appsensor_policy = TCellAgent.policy(TCellAgent::PolicyTypes::AppSensor)
+            if (appsensor_policy && appsensor_policy.enabled && appsensor_policy.option_enabled?("login_failure"))
+              hmac_session_id = request.env["tcell.request_data"].hmac_session_id
+              event = TCellAgent::SensorEvents::TCellAppSensorEvent.new(
+                request.fullpath,
+                TCellAgent::Policies::AppSensorPolicy::DP_LOGIN_FAILURE,
+                request.remote_ip,
+                tcell_username,
+                request.env["tcell.request_data"].route_id,
+                data=nil,
+                transaction_id=nil,
+                session_id=hmac_session_id,
+                user_id=nil)
+              TCellAgent.send_event(event)
+            end
+          }
+        end 
+
+        def failed_login?
+          (options = env["warden.options"]) && options[:action] == "unauthenticated"
+        end 
+
+      end
+      # Devise::PasswordsController.class_eval do
+
+      #      after_filter :send_results
+      #      def send_results
+      #         puts response
+      #      end
+
+      #      def new
+      #         #::TCellAgent::Sensors::LoginFraud.use_request(request)
+      #         self.resource = resource_class.new
+      #       end
+
+      #       def create
+      #         self.resource = resource_class.send_reset_password_instructions(resource_params)
+      #         yield resource if block_given?
+
+      #         if successfully_sent?(resource)
+      #           respond_with({}, location: after_sending_reset_password_instructions_path_for(resource_name))
+      #         else
+      #           respond_with(resource)
+      #         end
+      #       end
+      # end
+    end # if instrument
+  end #if defined devise
+end