tcell_agent 0.2.21 → 0.2.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/tcell_agent.rb +1 -0
- data/lib/tcell_agent/api.rb +3 -2
- data/lib/tcell_agent/appsensor/injections_matcher.rb +137 -0
- data/lib/tcell_agent/appsensor/injections_reporter.rb +67 -0
- data/lib/tcell_agent/appsensor/meta_data.rb +71 -0
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_manager.rb +5 -2
- data/lib/tcell_agent/appsensor/rules/appsensor_rule_set.rb +1 -1
- data/lib/tcell_agent/appsensor/sensor.rb +48 -0
- data/lib/tcell_agent/configuration.rb +15 -2
- data/lib/tcell_agent/instrumentation.rb +3 -2
- data/lib/tcell_agent/logger.rb +19 -3
- data/lib/tcell_agent/patches.rb +26 -0
- data/lib/tcell_agent/patches/block_rule.rb +58 -0
- data/lib/tcell_agent/patches/meta_data.rb +54 -0
- data/lib/tcell_agent/patches/sensors_matcher.rb +30 -0
- data/lib/tcell_agent/policies/appsensor/cmdi_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/database_sensor.rb +7 -3
- data/lib/tcell_agent/policies/appsensor/fpt_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/injection_sensor.rb +32 -38
- data/lib/tcell_agent/policies/appsensor/misc_sensor.rb +4 -4
- data/lib/tcell_agent/policies/appsensor/nullbyte_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/payloads_policy.rb +3 -1
- data/lib/tcell_agent/policies/appsensor/response_codes_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor/retr_sensor.rb +4 -0
- data/lib/tcell_agent/policies/appsensor/size_sensor.rb +9 -3
- data/lib/tcell_agent/policies/appsensor/user_agent_sensor.rb +3 -3
- data/lib/tcell_agent/policies/appsensor_policy.rb +55 -131
- data/lib/tcell_agent/policies/content_security_policy.rb +148 -137
- data/lib/tcell_agent/policies/patches_policy.rb +41 -13
- data/lib/tcell_agent/rails.rb +11 -109
- data/lib/tcell_agent/rails/auth/devise.rb +5 -1
- data/lib/tcell_agent/rails/dlp.rb +5 -2
- data/lib/tcell_agent/rails/dlp/process_request.rb +88 -0
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +1 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +3 -13
- data/lib/tcell_agent/rails/on_start.rb +5 -101
- data/lib/tcell_agent/rails/routes.rb +240 -81
- data/lib/tcell_agent/rails/routes/grape.rb +113 -0
- data/lib/tcell_agent/rails/routes/route_id.rb +29 -0
- data/lib/tcell_agent/sensor_events/app_config.rb +21 -13
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +7 -26
- data/lib/tcell_agent/servers/passenger.rb +10 -0
- data/lib/tcell_agent/start_background_thread.rb +82 -0
- data/lib/tcell_agent/utils/params.rb +1 -1
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/appsensor/injections_matcher_spec.rb +504 -0
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +222 -0
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_manager_spec.rb +7 -13
- data/spec/lib/tcell_agent/appsensor/rules/appsensor_rule_set_spec.rb +18 -18
- data/spec/lib/tcell_agent/patches/block_rule_spec.rb +381 -0
- data/spec/lib/tcell_agent/patches/sensors_matcher_spec.rb +35 -0
- data/spec/lib/tcell_agent/patches_spec.rb +156 -0
- data/spec/lib/tcell_agent/policies/appsensor/cmdi_sensor_spec.rb +21 -10
- data/spec/lib/tcell_agent/policies/appsensor/fpt_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/nullbyte_sensor_spec.rb +44 -9
- data/spec/lib/tcell_agent/policies/appsensor/request_size_sensor_spec.rb +4 -4
- data/spec/lib/tcell_agent/policies/appsensor/response_codes_sensor_spec.rb +13 -13
- data/spec/lib/tcell_agent/policies/appsensor/response_size_sensor_spec.rb +5 -5
- data/spec/lib/tcell_agent/policies/appsensor/retr_sensor_spec.rb +20 -9
- data/spec/lib/tcell_agent/policies/appsensor/sqli_sensor_spec.rb +24 -14
- data/spec/lib/tcell_agent/policies/appsensor/xss_sensor_spec.rb +243 -241
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +128 -200
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +126 -55
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +485 -24
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +5 -0
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +4 -2
- data/spec/lib/tcell_agent/rails/routes/grape_spec.rb +294 -0
- data/spec/lib/tcell_agent/rails/routes/route_id_spec.rb +80 -0
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +182 -0
- metadata +30 -7
- data/lib/tcell_agent/policies/appsensor/login_sensor.rb +0 -39
- data/lib/tcell_agent/policies/appsensor/sensor.rb +0 -46
- data/lib/tcell_agent/rails/path_parameters_setter.rb +0 -43
- data/spec/lib/tcell_agent/policies/appsensor/login_sensor_spec.rb +0 -104
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0436d6cc489b525b048c92ac39ca316368c5fb90
|
4
|
+
data.tar.gz: 09b162b17a7d373de8eaeba59d192c30d2fbb1c2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b244fce3ca335f9a524e286fe214915656485209eb3be501abc5ecf891a31133b9c116b4e8b929123752b56343607918e96252f4b1b0da8b165c8170cc13c266
|
7
|
+
data.tar.gz: 16eebbdcf0a19dbb64c106fc8f2ff43521a95317d2da3bf2414c88f5de22ca5b6e09570f775073c0dcca4f6f7a0d622c6ce11d77778f3395b4dd89fdd9a9d0ea
|
data/lib/tcell_agent.rb
CHANGED
@@ -16,6 +16,7 @@ require 'tcell_agent/policies/secure_headers_policy'
|
|
16
16
|
require 'tcell_agent/policies/honeytokens_policy'
|
17
17
|
require 'tcell_agent/policies/clickjacking_policy'
|
18
18
|
require 'tcell_agent/policies/appsensor_policy'
|
19
|
+
require 'tcell_agent/policies/patches_policy'
|
19
20
|
require 'tcell_agent/policies/login_fraud_policy'
|
20
21
|
require 'tcell_agent/policies/dataloss_policy'
|
21
22
|
|
data/lib/tcell_agent/api.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
# encoding: utf-8
|
2
2
|
# See the file "LICENSE" for the full license governing this code.
|
3
|
+
require 'json'
|
3
4
|
require 'rest-client'
|
4
5
|
require 'tcell_agent/logger'
|
5
6
|
require 'tcell_agent/configuration'
|
@@ -55,7 +56,7 @@ module TCellAgent
|
|
55
56
|
eventset = { "uuid"=>TCellAgent.configuration.uuid,
|
56
57
|
"hostname"=>TCellAgent.configuration.host_identifier,
|
57
58
|
"events"=>events }
|
58
|
-
TCellAgent.logger.debug("Sending #{eventset
|
59
|
+
TCellAgent.logger.debug("Sending #{JSON.dump(eventset)}")
|
59
60
|
full_url = TCellAgent.configuration.tcell_input_url + "/app/" + TCellAgent.configuration.app_id + "/server_agent"
|
60
61
|
|
61
62
|
TCellAgent.logger.debug("tCell.io SendEvents API Request: " + full_url)
|
@@ -69,7 +70,7 @@ module TCellAgent
|
|
69
70
|
rescue Exception => e
|
70
71
|
TCellAgent.logger.debug("tCell.io Could not add agent string: " + e.message)
|
71
72
|
end
|
72
|
-
response = RestClient.post full_url, eventset
|
73
|
+
response = RestClient.post full_url, JSON.dump(eventset), request_headers
|
73
74
|
TCellAgent.logger.debug("tCell.io SendEvents API Response: " + response.code.to_s)
|
74
75
|
return response.code == 200
|
75
76
|
end
|
@@ -0,0 +1,137 @@
|
|
1
|
+
module TCellAgent
|
2
|
+
module AppSensor
|
3
|
+
|
4
|
+
class InjectionsMatcher
|
5
|
+
GET_PARAM = TCellAgent::Utils::Params::GET_PARAM
|
6
|
+
POST_PARAM = TCellAgent::Utils::Params::POST_PARAM
|
7
|
+
JSON_PARAM = TCellAgent::Utils::Params::JSON_PARAM
|
8
|
+
COOKIE_PARAM = TCellAgent::Utils::Params::COOKIE_PARAM
|
9
|
+
URI_PARAM = TCellAgent::Utils::Params::URI_PARAM
|
10
|
+
|
11
|
+
DETECTION_POINTS_V2 = {
|
12
|
+
"xss" => TCellAgent::Policies::XssSensor,
|
13
|
+
"sqli" => TCellAgent::Policies::SqliSensor,
|
14
|
+
"cmdi" => TCellAgent::Policies::CmdiSensor,
|
15
|
+
"fpt" => TCellAgent::Policies::FptSensor,
|
16
|
+
"nullbyte" => TCellAgent::Policies::NullbyteSensor,
|
17
|
+
"retr" => TCellAgent::Policies::RetrSensor
|
18
|
+
}
|
19
|
+
|
20
|
+
attr_accessor :enabled, :sensors
|
21
|
+
|
22
|
+
def initialize(sensors)
|
23
|
+
@sensors = sensors
|
24
|
+
@enabled = sensors.size > 0
|
25
|
+
end
|
26
|
+
|
27
|
+
def each_injection(meta_data)
|
28
|
+
return unless @enabled
|
29
|
+
|
30
|
+
meta_data.flattened_path_parameters.each do |param_name, param_value|
|
31
|
+
TCellAgent::Instrumentation.safe_block("AppSensor Check Path Params injections") do
|
32
|
+
param_name = param_name[-1]
|
33
|
+
injection_attempt =
|
34
|
+
check_param_for_injections(URI_PARAM, meta_data, param_name, param_value)
|
35
|
+
|
36
|
+
yield(injection_attempt) if injection_attempt
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
meta_data.flattened_get_dict.each do |param_name, param_value|
|
41
|
+
TCellAgent::Instrumentation.safe_block("AppSensor Check GET var injections") do
|
42
|
+
param_name = param_name[-1]
|
43
|
+
injection_attempt =
|
44
|
+
check_param_for_injections(GET_PARAM, meta_data, param_name, param_value)
|
45
|
+
|
46
|
+
yield(injection_attempt) if injection_attempt
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
meta_data.flattened_post_dict.each do |param_name, param_value|
|
51
|
+
TCellAgent::Instrumentation.safe_block("AppSensor Check POST var injections") do
|
52
|
+
param_name = param_name[-1]
|
53
|
+
injection_attempt =
|
54
|
+
check_param_for_injections(POST_PARAM, meta_data, param_name, param_value)
|
55
|
+
|
56
|
+
yield(injection_attempt) if injection_attempt
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
meta_data.flattened_body_dict.each do |param_name, param_value|
|
61
|
+
TCellAgent::Instrumentation.safe_block("AppSensor Check JSON var injections") do
|
62
|
+
param_name = param_name[-1]
|
63
|
+
injection_attempt = check_param_for_injections(JSON_PARAM, meta_data, param_name, param_value)
|
64
|
+
|
65
|
+
yield(injection_attempt) if injection_attempt
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
meta_data.flattened_cookie_dict.each do |param_name, param_value|
|
70
|
+
TCellAgent::Instrumentation.safe_block("AppSensor Check COOKIE var injections") do
|
71
|
+
param_name = param_name[-1]
|
72
|
+
injection_attempt =
|
73
|
+
check_param_for_injections(COOKIE_PARAM, meta_data, param_name, param_value)
|
74
|
+
|
75
|
+
yield(injection_attempt) if injection_attempt
|
76
|
+
end
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
def check_param_for_injections(param_type, appsensor_meta, param_name, param_value)
|
81
|
+
@sensors.each do |sensor|
|
82
|
+
next unless sensor.applicable_for_param_type?(param_type)
|
83
|
+
|
84
|
+
injection_attempt = sensor.get_injection_attempt(param_type, appsensor_meta, param_name, param_value)
|
85
|
+
return injection_attempt if injection_attempt
|
86
|
+
end
|
87
|
+
|
88
|
+
return nil
|
89
|
+
end
|
90
|
+
|
91
|
+
def self.from_json(version, sensors_json)
|
92
|
+
sensors_json = sensors_json || {}
|
93
|
+
sensors = []
|
94
|
+
|
95
|
+
if version == 1
|
96
|
+
options_json = sensors_json.fetch("options", {})
|
97
|
+
|
98
|
+
(options_json || {}).each do |sensor_key, enabled|
|
99
|
+
next unless enabled
|
100
|
+
|
101
|
+
if sensor_key == "null"
|
102
|
+
sensor_key = "nullbyte"
|
103
|
+
end
|
104
|
+
|
105
|
+
clazz = DETECTION_POINTS_V2[sensor_key]
|
106
|
+
|
107
|
+
next unless clazz
|
108
|
+
|
109
|
+
if enabled
|
110
|
+
sensors.push(clazz.new(
|
111
|
+
{
|
112
|
+
"enabled" => enabled,
|
113
|
+
"v1_compatability_enabled" => true
|
114
|
+
}
|
115
|
+
))
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
elsif version == 2
|
120
|
+
sensors_json.each do |sensor_key, settings|
|
121
|
+
clazz = DETECTION_POINTS_V2[sensor_key]
|
122
|
+
|
123
|
+
next unless clazz
|
124
|
+
|
125
|
+
updated_settings = {"enabled" => true}.merge(settings)
|
126
|
+
if updated_settings["enabled"]
|
127
|
+
sensors.push(clazz.new(updated_settings))
|
128
|
+
end
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
InjectionsMatcher.new(sensors)
|
133
|
+
end
|
134
|
+
end
|
135
|
+
|
136
|
+
end
|
137
|
+
end
|
@@ -0,0 +1,67 @@
|
|
1
|
+
require 'tcell_agent/appsensor/sensor'
|
2
|
+
require 'tcell_agent/utils/params'
|
3
|
+
|
4
|
+
|
5
|
+
module TCellAgent
|
6
|
+
module AppSensor
|
7
|
+
|
8
|
+
class InjectionsReporter
|
9
|
+
GET_PARAM = TCellAgent::Utils::Params::GET_PARAM
|
10
|
+
POST_PARAM = TCellAgent::Utils::Params::POST_PARAM
|
11
|
+
JSON_PARAM = TCellAgent::Utils::Params::JSON_PARAM
|
12
|
+
COOKIE_PARAM = TCellAgent::Utils::Params::COOKIE_PARAM
|
13
|
+
URI_PARAM = TCellAgent::Utils::Params::URI_PARAM
|
14
|
+
|
15
|
+
PARAM_TYPE_TO_L = {
|
16
|
+
GET_PARAM => 'query',
|
17
|
+
POST_PARAM => 'body',
|
18
|
+
JSON_PARAM => 'body',
|
19
|
+
URI_PARAM => 'uri',
|
20
|
+
COOKIE_PARAM => 'cookie'
|
21
|
+
}
|
22
|
+
|
23
|
+
attr_accessor :injections_matcher, :payloads_policy
|
24
|
+
|
25
|
+
def initialize(injections_matcher, payloads_policy)
|
26
|
+
@injections_matcher = injections_matcher
|
27
|
+
@payloads_policy = payloads_policy
|
28
|
+
end
|
29
|
+
|
30
|
+
def check(appsensor_meta)
|
31
|
+
@injections_matcher.each_injection(appsensor_meta) do |injection_attempt|
|
32
|
+
vuln_param = injection_attempt.param_name
|
33
|
+
type_of_param = injection_attempt.type_of_param
|
34
|
+
|
35
|
+
meta = {"l" => PARAM_TYPE_TO_L[type_of_param]}
|
36
|
+
pattern = injection_attempt.pattern
|
37
|
+
|
38
|
+
payload = @payloads_policy.apply(
|
39
|
+
injection_attempt.detection_point,
|
40
|
+
appsensor_meta,
|
41
|
+
type_of_param,
|
42
|
+
vuln_param,
|
43
|
+
injection_attempt.param_value,
|
44
|
+
meta,
|
45
|
+
pattern
|
46
|
+
)
|
47
|
+
|
48
|
+
TCellAgent::AppSensor::Sensor.send_event(
|
49
|
+
appsensor_meta,
|
50
|
+
injection_attempt.detection_point,
|
51
|
+
vuln_param,
|
52
|
+
meta,
|
53
|
+
payload,
|
54
|
+
pattern)
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
def self.from_json(version, data_json, payloads_policy)
|
59
|
+
injections_matcher = InjectionsMatcher.from_json(version, data_json)
|
60
|
+
|
61
|
+
InjectionsReporter.new(injections_matcher, payloads_policy)
|
62
|
+
end
|
63
|
+
|
64
|
+
end
|
65
|
+
|
66
|
+
end
|
67
|
+
end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
require 'tcell_agent/logger'
|
2
|
+
require 'tcell_agent/sensor_events/sensor'
|
3
|
+
require 'tcell_agent/utils/params'
|
4
|
+
|
5
|
+
module TCellAgent
|
6
|
+
module AppSensor
|
7
|
+
|
8
|
+
class MetaData < TCellAgent::SensorEvents::TCellSensorEvent
|
9
|
+
|
10
|
+
attr_accessor :get_dict, :post_dict, :body_dict, :cookie_dict, :path_parameters
|
11
|
+
|
12
|
+
def initialize
|
13
|
+
@send = false
|
14
|
+
|
15
|
+
@body_dict = {}
|
16
|
+
@get_dict = {}
|
17
|
+
@post_dict = {}
|
18
|
+
@cookie_dict = {}
|
19
|
+
@path_parameters = {}
|
20
|
+
end
|
21
|
+
|
22
|
+
def flattened_path_parameters
|
23
|
+
@flattened_path_parameters ||= TCellAgent::Utils::Params.flatten(@path_parameters)
|
24
|
+
|
25
|
+
@flattened_path_parameters
|
26
|
+
end
|
27
|
+
|
28
|
+
def flattened_get_dict
|
29
|
+
@flattened_get_dict ||= TCellAgent::Utils::Params.flatten(@get_dict)
|
30
|
+
|
31
|
+
@flattened_get_dict
|
32
|
+
end
|
33
|
+
|
34
|
+
def flattened_post_dict
|
35
|
+
@flattened_post_dict ||= TCellAgent::Utils::Params.flatten(@post_dict)
|
36
|
+
|
37
|
+
@flattened_post_dict
|
38
|
+
end
|
39
|
+
|
40
|
+
def flattened_body_dict
|
41
|
+
@body_dict
|
42
|
+
end
|
43
|
+
|
44
|
+
def flattened_cookie_dict
|
45
|
+
@flattened_cookie_dict ||= TCellAgent::Utils::Params.flatten(@cookie_dict)
|
46
|
+
|
47
|
+
@flattened_cookie_dict
|
48
|
+
end
|
49
|
+
|
50
|
+
def set_body_dict(request_content_len, request_content_type, request_body)
|
51
|
+
if request_content_len > 2000000
|
52
|
+
@body_dict = {}
|
53
|
+
|
54
|
+
else
|
55
|
+
if request_content_type =~ %r{application/json}i && request_body
|
56
|
+
begin
|
57
|
+
# don't enqueue parameter values of unknown type to avoid any serialization issues
|
58
|
+
@body_dict = TCellAgent::Utils::Params.flatten(JSON.parse(request_body))
|
59
|
+
rescue
|
60
|
+
TCellAgent.logger.debug("JSON body parameter parsing failed")
|
61
|
+
@body_dict = {}
|
62
|
+
end
|
63
|
+
else
|
64
|
+
@body_dict = {}
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
end
|
71
|
+
end
|
@@ -1,15 +1,18 @@
|
|
1
|
+
require 'singleton'
|
1
2
|
require 'tcell_agent/appsensor/rules/appsensor_rule_set'
|
2
3
|
|
3
4
|
module TCellAgent
|
4
5
|
|
5
6
|
class AppSensorRuleManager
|
6
7
|
|
8
|
+
include Singleton
|
9
|
+
|
7
10
|
attr_accessor :rule_info
|
8
11
|
|
9
|
-
def initialize
|
12
|
+
def initialize
|
10
13
|
@rule_info = {}
|
11
14
|
|
12
|
-
|
15
|
+
load_default_rules_file
|
13
16
|
end
|
14
17
|
|
15
18
|
def load_default_rules_file
|
@@ -23,7 +23,7 @@ module TCellAgent
|
|
23
23
|
@patterns.each do |pattern|
|
24
24
|
next if pattern.nil? || pattern.enabled == false
|
25
25
|
|
26
|
-
if v1_compatability_enabled || active_pattern_ids.
|
26
|
+
if v1_compatability_enabled || active_pattern_ids.include?(pattern.pattern_id)
|
27
27
|
pattern_result = param_value.match(pattern.pattern_regex)
|
28
28
|
|
29
29
|
if pattern_result
|
@@ -0,0 +1,48 @@
|
|
1
|
+
require 'tcell_agent/sensor_events/appsensor_event'
|
2
|
+
|
3
|
+
module TCellAgent
|
4
|
+
module AppSensor
|
5
|
+
|
6
|
+
class Sensor
|
7
|
+
class << self
|
8
|
+
def send_event(appsensor_meta, detection_point, parameter, meta, payload, pattern)
|
9
|
+
event = TCellAgent::SensorEvents::TCellAppSensorEvent.new(
|
10
|
+
appsensor_meta.location,
|
11
|
+
detection_point,
|
12
|
+
appsensor_meta.method,
|
13
|
+
appsensor_meta.remote_address,
|
14
|
+
parameter,
|
15
|
+
appsensor_meta.route_id,
|
16
|
+
meta,
|
17
|
+
appsensor_meta.session_id,
|
18
|
+
appsensor_meta.user_id,
|
19
|
+
payload,
|
20
|
+
pattern
|
21
|
+
)
|
22
|
+
|
23
|
+
TCellAgent.send_event(event)
|
24
|
+
end
|
25
|
+
|
26
|
+
def send_event_from_tcell_data(tcell_data, detection_point, parameter, meta)
|
27
|
+
payload = pattern = nil
|
28
|
+
event = TCellAgent::SensorEvents::TCellAppSensorEvent.new(
|
29
|
+
tcell_data.uri,
|
30
|
+
detection_point,
|
31
|
+
tcell_data.request_method,
|
32
|
+
tcell_data.ip_address,
|
33
|
+
parameter,
|
34
|
+
tcell_data.route_id,
|
35
|
+
meta,
|
36
|
+
tcell_data.session_id,
|
37
|
+
tcell_data.user_id,
|
38
|
+
payload,
|
39
|
+
pattern
|
40
|
+
)
|
41
|
+
|
42
|
+
TCellAgent.send_event(event)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
end
|
@@ -19,6 +19,8 @@ module TCellAgent
|
|
19
19
|
attr_accessor :version, :app_id, :api_key, :hmac_key,
|
20
20
|
:tcell_api_url, :tcell_input_url,
|
21
21
|
:logging_options,
|
22
|
+
:logger,
|
23
|
+
:appfirewall_payloads_logger,
|
22
24
|
:fetch_policies_from_tcell, :instrument_for_events,
|
23
25
|
:preload_policy_filename,
|
24
26
|
:proxy_host, :proxy_port, :proxy_username, :proxy_password,
|
@@ -30,6 +32,7 @@ module TCellAgent
|
|
30
32
|
:cache_filename,
|
31
33
|
:js_agent_api_base_url,
|
32
34
|
:js_agent_url,
|
35
|
+
:startup_js_agent_url,
|
33
36
|
:raise_exceptions,
|
34
37
|
:allow_unencrypted_appfirewall_payloads,
|
35
38
|
:config_filename,
|
@@ -39,7 +42,8 @@ module TCellAgent
|
|
39
42
|
:agent_home_dir,
|
40
43
|
:agent_home_owner,
|
41
44
|
:reverse_proxy,
|
42
|
-
:reverse_proxy_ip_address_header
|
45
|
+
:reverse_proxy_ip_address_header,
|
46
|
+
:log_file_name
|
43
47
|
|
44
48
|
attr_accessor :disable_all,
|
45
49
|
:enabled,
|
@@ -77,6 +81,9 @@ module TCellAgent
|
|
77
81
|
@cache_filename = nil
|
78
82
|
@agent_log_dir = nil
|
79
83
|
|
84
|
+
@logger = nil
|
85
|
+
@appfirewall_payloads_logger = nil
|
86
|
+
|
80
87
|
@version = 0
|
81
88
|
@exp_config_settings = true
|
82
89
|
@demomode = false
|
@@ -96,6 +103,7 @@ module TCellAgent
|
|
96
103
|
@agent_home_dir = File.join(Dir.getwd, "tcell")
|
97
104
|
@config_filename = File.join(Dir.getwd, filename)
|
98
105
|
|
106
|
+
@log_file_name = "tcell_agent.log"
|
99
107
|
|
100
108
|
@event_batch_size_limit = 50
|
101
109
|
@event_time_limit_seconds = 15
|
@@ -113,6 +121,8 @@ module TCellAgent
|
|
113
121
|
puts "tCell.io Agent: [DEPRECATED] TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS is deprecated, please switch to TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS."
|
114
122
|
end
|
115
123
|
|
124
|
+
@allow_unencrypted_appfirewall_payloads = false
|
125
|
+
|
116
126
|
# Because ENV can override this one
|
117
127
|
env_unencrypted_firewall =
|
118
128
|
if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"] != nil)
|
@@ -128,6 +138,7 @@ module TCellAgent
|
|
128
138
|
@tcell_input_url ||= "https://input.tcell.io/api/v1"
|
129
139
|
@js_agent_api_base_url ||= nil
|
130
140
|
@js_agent_url ||= "https://api.tcell.io/tcellagent.min.js"
|
141
|
+
@startup_js_agent_url = @js_agent_url
|
131
142
|
|
132
143
|
if (@host_identifier == nil)
|
133
144
|
begin
|
@@ -203,6 +214,8 @@ module TCellAgent
|
|
203
214
|
@agent_home_owner = app_data.fetch("agent_home_owner",@agent_home_owner)
|
204
215
|
|
205
216
|
@logging_options = app_data.fetch("logging_options", {})
|
217
|
+
@agent_log_dir = @logging_options.fetch("log_dir", @agent_log_dir)
|
218
|
+
@log_file_name = @logging_options.fetch("filename", @log_file_name)
|
206
219
|
|
207
220
|
@tcell_api_url = app_data.fetch("tcell_api_url", @tcell_api_url)
|
208
221
|
@tcell_input_url = app_data.fetch("tcell_input_url", @tcell_input_url)
|
@@ -268,7 +281,7 @@ module TCellAgent
|
|
268
281
|
|
269
282
|
def log_filename
|
270
283
|
@agent_log_dir ||= File.join(@agent_home_dir, "logs")
|
271
|
-
File.join(@agent_log_dir,
|
284
|
+
File.join(@agent_log_dir, @log_file_name)
|
272
285
|
end
|
273
286
|
|
274
287
|
def appfirewall_payloads_log_filename
|