tcell_agent 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Readme.txt +7 -0
- data/bin/tcell_agent +6 -2
- data/lib/tcell_agent.rb +0 -3
- data/lib/tcell_agent/agent/event_processor.rb +1 -4
- data/lib/tcell_agent/agent/policy_manager.rb +5 -8
- data/lib/tcell_agent/agent/policy_types.rb +1 -7
- data/lib/tcell_agent/agent/static_agent.rb +2 -2
- data/lib/tcell_agent/api.rb +7 -9
- data/lib/tcell_agent/configuration.rb +42 -6
- data/lib/tcell_agent/policies/rust_policies.rb +33 -8
- data/lib/tcell_agent/rails/js_agent_insert.rb +17 -18
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +18 -59
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +10 -6
- data/lib/tcell_agent/rust/libtcellagent-0.19.5.dylib +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-0.11.1.so → libtcellagent-0.19.5.so} +0 -0
- data/lib/tcell_agent/rust/tcellagent-0.19.5.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +165 -39
- data/lib/tcell_agent/sensor_events/patches.rb +2 -0
- data/lib/tcell_agent/sinatra.rb +17 -14
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +17 -0
- data/spec/lib/tcell_agent/api/api_spec.rb +10 -7
- data/spec/lib/tcell_agent/cmdi_spec.rb +91 -80
- data/spec/lib/tcell_agent/instrumentation_spec.rb +20 -0
- data/spec/lib/tcell_agent/patches_spec.rb +33 -15
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +150 -99
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +13 -1
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +12 -0
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +2 -39
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +6 -2
- data/spec/lib/tcell_agent/rails_spec.rb +0 -31
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +234 -120
- data/tcell_agent.gemspec +1 -1
- metadata +21 -40
- data/lib/tcell_agent/policies/clickjacking_policy.rb +0 -114
- data/lib/tcell_agent/policies/content_security_policy.rb +0 -166
- data/lib/tcell_agent/policies/secure_headers_policy.rb +0 -67
- data/lib/tcell_agent/rust/libtcellagent-0.11.1.dylib +0 -0
- data/lib/tcell_agent/rust/tcellagent-0.11.1.dll +0 -0
- data/spec/apps/rails-3.2/config/tcell_agent.config +0 -15
- data/spec/apps/rails-3.2/log/development.log +0 -0
- data/spec/apps/rails-3.2/log/test.log +0 -12
- data/spec/apps/rails-4.1/log/test.log +0 -0
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +0 -71
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +0 -130
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +0 -67
- data/spec/lib/tcell_agent_spec.rb +0 -22
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2b7c816872f23014224453ddbea3a8b582ab52a2
|
4
|
+
data.tar.gz: 2dcf9eff93ea31bbc2ebb51d759311769eaf3f91
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5b835851060db61f226730552a94b08ea3ccd520ac9c7f67edb2cdfe60cc05f475ebbc1f8fe1ae7426f3d5c563e5ca09eb9f521c622e31a94bad58571441d036
|
7
|
+
data.tar.gz: 0a9e816f3a2c6abf942c9536a8cfb0ce9c8af853f8a6f554d3c25cda43153d15322416260598833da575a150d071ac89b444b3e488821d61a90a3aeaf7c988d5
|
data/Readme.txt
ADDED
data/bin/tcell_agent
CHANGED
@@ -254,8 +254,12 @@ elsif command == 'test'
|
|
254
254
|
|
255
255
|
printf '%-50s', 'Make test API call for policies... '
|
256
256
|
api = TCellAgent::TCellApi.new
|
257
|
-
api.poll_api
|
258
|
-
|
257
|
+
if api.poll_api
|
258
|
+
puts 'passed'
|
259
|
+
else
|
260
|
+
puts 'failed'
|
261
|
+
Kernel.exit(1)
|
262
|
+
end
|
259
263
|
|
260
264
|
printf '%-50s', 'Sending a Test event... '
|
261
265
|
send_succeeded = api.send_event_set([])
|
data/lib/tcell_agent.rb
CHANGED
@@ -8,11 +8,8 @@ require 'tcell_agent/configuration'
|
|
8
8
|
|
9
9
|
require 'tcell_agent/agent'
|
10
10
|
|
11
|
-
require 'tcell_agent/policies/content_security_policy'
|
12
11
|
require 'tcell_agent/policies/http_tx_policy'
|
13
12
|
require 'tcell_agent/policies/http_redirect_policy'
|
14
|
-
require 'tcell_agent/policies/secure_headers_policy'
|
15
|
-
require 'tcell_agent/policies/clickjacking_policy'
|
16
13
|
require 'tcell_agent/policies/login_fraud_policy'
|
17
14
|
require 'tcell_agent/policies/dataloss_policy'
|
18
15
|
|
@@ -7,11 +7,8 @@ require "tcell_agent/version"
|
|
7
7
|
require "tcell_agent/api"
|
8
8
|
require "tcell_agent/configuration"
|
9
9
|
|
10
|
-
require "tcell_agent/policies/content_security_policy"
|
11
|
-
require "tcell_agent/policies/clickjacking_policy"
|
12
10
|
require "tcell_agent/policies/http_tx_policy"
|
13
11
|
require "tcell_agent/policies/http_redirect_policy"
|
14
|
-
require "tcell_agent/policies/secure_headers_policy"
|
15
12
|
|
16
13
|
require "tcell_agent/sensor_events/server_agent"
|
17
14
|
require "tcell_agent/sensor_events/metrics"
|
@@ -34,7 +31,7 @@ module TCellAgent
|
|
34
31
|
# Startup scripts are likely to run shell commands. It's not a good idea to startup the event
|
35
32
|
# processor before worker processses are forked, so the safest thing to do is let a different
|
36
33
|
# event start the event processor to avoid deadlocking worker processes.
|
37
|
-
def
|
34
|
+
def safe_to_send_cmdi_events?()
|
38
35
|
event_processor_running?
|
39
36
|
end
|
40
37
|
|
@@ -9,11 +9,8 @@ require "tcell_agent/configuration"
|
|
9
9
|
|
10
10
|
require "tcell_agent/agent/policy_types"
|
11
11
|
|
12
|
-
require "tcell_agent/policies/content_security_policy"
|
13
|
-
require "tcell_agent/policies/clickjacking_policy"
|
14
12
|
require "tcell_agent/policies/http_tx_policy"
|
15
13
|
require "tcell_agent/policies/http_redirect_policy"
|
16
|
-
require "tcell_agent/policies/secure_headers_policy"
|
17
14
|
|
18
15
|
require "tcell_agent/sensor_events/server_agent"
|
19
16
|
|
@@ -100,10 +97,6 @@ module TCellAgent
|
|
100
97
|
|
101
98
|
return [failure_sleep_time, last_poll_time]
|
102
99
|
|
103
|
-
elsif policy_jsons.key?("last_timestamp")
|
104
|
-
if policy_jsons["last_timestamp"] != 0
|
105
|
-
last_poll_time = policy_jsons["last_timestamp"]
|
106
|
-
end
|
107
100
|
elsif policy_jsons.key?("last_id")
|
108
101
|
if policy_jsons["last_id"] != 0
|
109
102
|
last_poll_time = policy_jsons["last_id"]
|
@@ -148,7 +141,11 @@ module TCellAgent
|
|
148
141
|
|
149
142
|
if cache_the_policy
|
150
143
|
(TCellAgent::PolicyTypes::ClassMap.keys +
|
151
|
-
[TCellAgent::PolicyTypes::
|
144
|
+
[TCellAgent::PolicyTypes::CSP,
|
145
|
+
TCellAgent::PolicyTypes::Clickjacking,
|
146
|
+
TCellAgent::PolicyTypes::SecureHeaders,
|
147
|
+
TCellAgent::PolicyTypes::JSAgentInjection,
|
148
|
+
TCellAgent::PolicyTypes::AppSensor,
|
152
149
|
TCellAgent::PolicyTypes::Patches,
|
153
150
|
TCellAgent::PolicyTypes::CommandInjection,
|
154
151
|
TCellAgent::PolicyTypes::Regex]).each do |policy_type|
|
@@ -2,12 +2,8 @@
|
|
2
2
|
|
3
3
|
# See the file "LICENSE" for the full license governing this code.
|
4
4
|
|
5
|
-
require "tcell_agent/policies/content_security_policy"
|
6
|
-
require "tcell_agent/policies/clickjacking_policy"
|
7
|
-
|
8
5
|
require "tcell_agent/policies/http_tx_policy"
|
9
6
|
require "tcell_agent/policies/http_redirect_policy"
|
10
|
-
require "tcell_agent/policies/secure_headers_policy"
|
11
7
|
require "tcell_agent/policies/login_fraud_policy"
|
12
8
|
require "tcell_agent/policies/dataloss_policy"
|
13
9
|
require "tcell_agent/policies/rust_policies"
|
@@ -26,11 +22,9 @@ module TCellAgent
|
|
26
22
|
CommandInjection = "cmdi"
|
27
23
|
Regex = "regex"
|
28
24
|
Rust = "rust"
|
25
|
+
JSAgentInjection = "jsagentinjection"
|
29
26
|
|
30
27
|
ClassMap = {
|
31
|
-
CSP=>TCellAgent::Policies::ContentSecurityPolicy,
|
32
|
-
Clickjacking=>TCellAgent::Policies::ClickjackingPolicy,
|
33
|
-
SecureHeaders=>TCellAgent::Policies::SecureHeadersPolicy,
|
34
28
|
HttpTx=>TCellAgent::Policies::HttpTxPolicy,
|
35
29
|
HttpRedirect=>TCellAgent::Policies::HttpRedirectPolicy,
|
36
30
|
LoginFraud=>TCellAgent::Policies::LoginFraudPolicy,
|
@@ -61,7 +61,7 @@ module TCellAgent
|
|
61
61
|
self.thread_agent.ensure_event_processor_running
|
62
62
|
end
|
63
63
|
|
64
|
-
def self.
|
65
|
-
self.thread_agent.
|
64
|
+
def self.safe_to_send_cmdi_events?
|
65
|
+
self.thread_agent.safe_to_send_cmdi_events?
|
66
66
|
end
|
67
67
|
end
|
data/lib/tcell_agent/api.rb
CHANGED
@@ -14,15 +14,16 @@ module TCellAgent
|
|
14
14
|
def initialize
|
15
15
|
end
|
16
16
|
|
17
|
-
def poll_api(
|
17
|
+
def poll_api(last_id=nil)
|
18
18
|
if !TCellAgent.configuration || !TCellAgent.configuration.tcell_api_url || !TCellAgent.configuration.app_id
|
19
19
|
raise TCellAgent::ConfigurationException.new("Config Information Not Found, can't poll for policy updates")
|
20
20
|
end
|
21
21
|
|
22
|
-
full_url = TCellAgent.configuration.tcell_api_url
|
23
|
-
|
24
|
-
|
25
|
-
|
22
|
+
full_url = TCellAgent.configuration.tcell_api_url.sub(
|
23
|
+
'{app_id}',
|
24
|
+
TCellAgent.configuration.app_id
|
25
|
+
)
|
26
|
+
full_url += "&last_id=#{last_id.to_s}" if last_id
|
26
27
|
|
27
28
|
TCellAgent.logger.debug "tCell.io API Request: " + full_url
|
28
29
|
|
@@ -39,10 +40,7 @@ module TCellAgent
|
|
39
40
|
|
40
41
|
if res.is_a?(Net::HTTPSuccess)
|
41
42
|
TCellAgent.logger.debug("tCell.io API Response: #{res.body}".force_encoding("UTF-8"))
|
42
|
-
|
43
|
-
if (response_json && response_json.has_key?("result"))
|
44
|
-
return response_json["result"]
|
45
|
-
end
|
43
|
+
return JSON.parse(res.body)
|
46
44
|
else
|
47
45
|
TCellAgent.logger.error("Received error response while contacting api: #{res.inspect}")
|
48
46
|
end
|
@@ -21,8 +21,12 @@ module TCellAgent
|
|
21
21
|
end
|
22
22
|
|
23
23
|
class Configuration
|
24
|
-
attr_accessor :version,
|
25
|
-
:
|
24
|
+
attr_accessor :version,
|
25
|
+
:app_id,
|
26
|
+
:api_key,
|
27
|
+
:hmac_key,
|
28
|
+
:tcell_api_url,
|
29
|
+
:tcell_input_url,
|
26
30
|
:logging_options,
|
27
31
|
:logger,
|
28
32
|
:appfirewall_payloads_logger, # appfirewall_payloads_logger can be specified from initializers
|
@@ -156,8 +160,8 @@ module TCellAgent
|
|
156
160
|
read_config_using_env
|
157
161
|
|
158
162
|
if @demomode
|
159
|
-
@event_batch_size_limit =
|
160
|
-
@event_time_limit_seconds =
|
163
|
+
@event_batch_size_limit = 1
|
164
|
+
@event_time_limit_seconds = 2
|
161
165
|
end
|
162
166
|
|
163
167
|
if ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"]
|
@@ -178,9 +182,9 @@ module TCellAgent
|
|
178
182
|
@allow_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_PAYLOADS"])
|
179
183
|
end
|
180
184
|
|
181
|
-
@tcell_api_url
|
185
|
+
@tcell_api_url = compose_api_url
|
182
186
|
@tcell_input_url ||= "https://input.tcell.io/api/v1"
|
183
|
-
@js_agent_api_base_url ||=
|
187
|
+
@js_agent_api_base_url ||= @tcell_api_url
|
184
188
|
@js_agent_url ||= "https://jsagent.tcell.io/tcellagent.min.js"
|
185
189
|
|
186
190
|
if (@host_identifier == nil)
|
@@ -194,6 +198,38 @@ module TCellAgent
|
|
194
198
|
@uuid = SecureRandom.uuid
|
195
199
|
end
|
196
200
|
|
201
|
+
def compose_api_url
|
202
|
+
@tcell_api_url ||= "https://api.tcell.io"
|
203
|
+
parsed_uri = URI.parse(@tcell_api_url)
|
204
|
+
|
205
|
+
api_url = [
|
206
|
+
parsed_uri.scheme,
|
207
|
+
"://",
|
208
|
+
parsed_uri.host
|
209
|
+
]
|
210
|
+
|
211
|
+
api_url.push(":#{parsed_uri.port}") unless [80, 443].include?(parsed_uri.port)
|
212
|
+
|
213
|
+
[
|
214
|
+
api_url.join(''),
|
215
|
+
"/agents/api/v1/apps/",
|
216
|
+
"{app_id}",
|
217
|
+
"/policies/latest",
|
218
|
+
"?",
|
219
|
+
"type=jsagentinjection:v1",
|
220
|
+
"&type=http-redirect:v1",
|
221
|
+
"&type=clickjacking:v1",
|
222
|
+
"&type=secure-headers:v1",
|
223
|
+
"&type=cmdi:v1",
|
224
|
+
"&type=csp-headers:v1",
|
225
|
+
"&type=dlp:v1",
|
226
|
+
"&type=login:v1",
|
227
|
+
"&type=regex:v1",
|
228
|
+
"&type=appsensor:v2",
|
229
|
+
"&type=patches:v1"
|
230
|
+
].join('')
|
231
|
+
end
|
232
|
+
|
197
233
|
def cache_filename_with_app_id
|
198
234
|
@cache_filename ||= File.join(@agent_home_dir, "cache", "tcell_agent.cache")
|
199
235
|
|
@@ -18,6 +18,8 @@ module TCellAgent
|
|
18
18
|
@appfirewall_enabled = false
|
19
19
|
@patches_enabled = false
|
20
20
|
@cmdi_enabled = false
|
21
|
+
@headers_enabled = false
|
22
|
+
@jsagent_enabled = false
|
21
23
|
@agent_ptr = nil
|
22
24
|
|
23
25
|
whisper = TCellAgent::Rust::Whisperer.create_agent()
|
@@ -29,18 +31,20 @@ module TCellAgent
|
|
29
31
|
end
|
30
32
|
|
31
33
|
def update_policies(policies_json)
|
32
|
-
return
|
34
|
+
return if @agent_ptr.nil? || policies_json.nil? || policies_json.empty?
|
33
35
|
|
34
|
-
whisper = TCellAgent::Rust::Whisperer.update_policies(@agent_ptr,
|
36
|
+
whisper = TCellAgent::Rust::Whisperer.update_policies(@agent_ptr, policies_json)
|
35
37
|
if whisper["errors"]
|
36
38
|
whisper["errors"].each do |error|
|
37
39
|
TCellAgent.logger.error("Error updating policies: #{error}")
|
38
40
|
end
|
39
41
|
else
|
40
42
|
enablements = whisper["enablements"]
|
41
|
-
@appfirewall_enabled = enablements["appfirewall"]
|
42
|
-
@patches_enabled = enablements["patches"]
|
43
|
-
@cmdi_enabled = enablements["cmdi"]
|
43
|
+
@appfirewall_enabled = !!enablements["appfirewall"]
|
44
|
+
@patches_enabled = !!enablements["patches"]
|
45
|
+
@cmdi_enabled = !!enablements["cmdi"]
|
46
|
+
@headers_enabled = !!enablements["headers"]
|
47
|
+
@jsagent_enabled = !!enablements["jsagentinjection"]
|
44
48
|
end
|
45
49
|
end
|
46
50
|
|
@@ -72,9 +76,12 @@ module TCellAgent
|
|
72
76
|
end
|
73
77
|
|
74
78
|
def block_command?(command, tcell_context)
|
75
|
-
return false unless @agent_ptr &&
|
76
|
-
|
77
|
-
|
79
|
+
return false unless @agent_ptr &&
|
80
|
+
@cmdi_enabled &&
|
81
|
+
TCellAgent.safe_to_send_cmdi_events?
|
82
|
+
whisper = TCellAgent::Rust::Whisperer.apply_cmdi(
|
83
|
+
@agent_ptr, command, tcell_context
|
84
|
+
)
|
78
85
|
apply_response = whisper.fetch("apply_response", {})
|
79
86
|
cmdi_event =
|
80
87
|
TCellAgent::SensorEvents::CommandInjectionEvent.build_from_native_lib_response_and_tcell_context(apply_response,
|
@@ -85,6 +92,24 @@ module TCellAgent
|
|
85
92
|
|
86
93
|
apply_response.fetch("blocked", false)
|
87
94
|
end
|
95
|
+
|
96
|
+
def get_headers(tcell_context)
|
97
|
+
return [] unless @agent_ptr &&
|
98
|
+
@headers_enabled
|
99
|
+
whisper = TCellAgent::Rust::Whisperer.get_headers(
|
100
|
+
@agent_ptr, tcell_context
|
101
|
+
)
|
102
|
+
return whisper['headers'] || []
|
103
|
+
end
|
104
|
+
|
105
|
+
def get_js_agent_script_tag(tcell_context)
|
106
|
+
return nil unless @agent_ptr &&
|
107
|
+
@jsagent_enabled
|
108
|
+
whisper = TCellAgent::Rust::Whisperer.get_js_agent_script_tag(
|
109
|
+
@agent_ptr, tcell_context
|
110
|
+
)
|
111
|
+
return whisper['script_tag']
|
112
|
+
end
|
88
113
|
end
|
89
114
|
end
|
90
115
|
end
|
@@ -13,11 +13,10 @@ module TCellAgent
|
|
13
13
|
new_content_length = 0
|
14
14
|
newbody = []
|
15
15
|
rack_body.each { |str|
|
16
|
-
|
17
|
-
js_agent_handler.call(script_insert, str)
|
16
|
+
modified_str = js_agent_handler.call(script_insert, str)
|
18
17
|
|
19
|
-
newbody <<
|
20
|
-
new_content_length +=
|
18
|
+
newbody << modified_str
|
19
|
+
new_content_length += modified_str.bytesize
|
21
20
|
}
|
22
21
|
rack_body.close if rack_body.respond_to?(:close)
|
23
22
|
|
@@ -30,34 +29,34 @@ module TCellAgent
|
|
30
29
|
end
|
31
30
|
|
32
31
|
def self.handle_js_agent_insert(script_insert, response)
|
32
|
+
new_response = response
|
33
33
|
TCellAgent::Instrumentation.safe_block("Handling JSAgent insert") do
|
34
|
-
|
34
|
+
new_response = response.sub(
|
35
35
|
TCellAgent::Instrumentation::Rails::JSAgent::HEAD_SEARCH_REGEX,
|
36
36
|
"<head>#{script_insert}"
|
37
37
|
)
|
38
38
|
end
|
39
39
|
|
40
|
-
|
40
|
+
new_response
|
41
41
|
end
|
42
42
|
|
43
|
-
def self.get_handler_and_script_insert(response_headers)
|
43
|
+
def self.get_handler_and_script_insert(request, response_headers)
|
44
44
|
js_agent_handler = nil
|
45
45
|
script_insert = nil
|
46
46
|
|
47
47
|
TCellAgent::Instrumentation.safe_block("JSAgent get handler and script insert") do
|
48
48
|
if (response_headers.fetch("Content-Type","").start_with?'text/html')
|
49
|
-
|
50
|
-
if
|
51
|
-
|
52
|
-
|
53
|
-
|
49
|
+
rust_policy = TCellAgent.policy(TCellAgent::PolicyTypes::Rust)
|
50
|
+
if rust_policy
|
51
|
+
js_script_tag = rust_policy.get_js_agent_script_tag(
|
52
|
+
request.env[TCellAgent::Instrumentation::TCELL_ID]
|
53
|
+
)
|
54
|
+
if js_script_tag
|
55
|
+
script_insert = js_script_tag
|
56
|
+
js_agent_handler = proc { |si, resp|
|
57
|
+
self.handle_js_agent_insert(si, resp)
|
58
|
+
}
|
54
59
|
end
|
55
|
-
script_insert = "<script src=\"#{script_tag_policy.js_agent_url}\" "
|
56
|
-
script_insert += "tcellapikey=\"#{script_tag_policy.js_agent_api_key}\" "
|
57
|
-
script_insert += "tcellappid=\"#{script_tag_policy.js_agent_app_id}\"#{base_url_vars}></script>\n"
|
58
|
-
js_agent_handler = proc { |si, resp|
|
59
|
-
self.handle_js_agent_insert(si, resp)
|
60
|
-
}
|
61
60
|
end
|
62
61
|
end
|
63
62
|
end
|
@@ -39,9 +39,7 @@ module TCellAgent
|
|
39
39
|
tcell_response = self._handle_appsensor_js_agent_and_dlp(request, tcell_response)
|
40
40
|
end
|
41
41
|
tcell_response = self._handle_redirect(request, tcell_response)
|
42
|
-
tcell_response = self.
|
43
|
-
tcell_response = self._set_clickjacking_header(request, tcell_response)
|
44
|
-
tcell_response = self._set_secure_headers(request, tcell_response)
|
42
|
+
tcell_response = self._set_headers(request, tcell_response)
|
45
43
|
response = tcell_response
|
46
44
|
}
|
47
45
|
end
|
@@ -49,66 +47,27 @@ module TCellAgent
|
|
49
47
|
response
|
50
48
|
end
|
51
49
|
|
52
|
-
def
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
50
|
+
def _set_headers(request, response)
|
51
|
+
status, headers, active_response = response
|
52
|
+
|
53
|
+
rust_policies = TCellAgent.policy(TCellAgent::PolicyTypes::Rust)
|
54
|
+
if rust_policies
|
55
|
+
policy_headers = rust_policies.get_headers(
|
56
|
+
request.env[TCellAgent::Instrumentation::TCELL_ID]
|
57
|
+
)
|
58
|
+
policy_headers.each do |header_info|
|
59
|
+
header_name = header_info['name']
|
60
|
+
header_value = header_info['value']
|
61
|
+
existing_header_value = headers[header_name]
|
62
|
+
if existing_header_value
|
63
|
+
headers[header_name] = "#{existing_header_value}, #{header_value}"
|
64
|
+
else
|
67
65
|
headers[header_name] = header_value
|
68
66
|
end
|
69
67
|
end
|
70
68
|
response = [status, headers, active_response]
|
71
|
-
|
72
|
-
response
|
73
|
-
end
|
74
|
-
|
75
|
-
def _set_clickjacking_header(request, response)
|
76
|
-
TCellAgent::Instrumentation.safe_block("Setting Clickjacking Headers") {
|
77
|
-
status, headers, active_response = response
|
78
|
-
clickjacking_policy = TCellAgent.policy(TCellAgent::PolicyTypes::Clickjacking)
|
79
|
-
|
80
|
-
if clickjacking_policy
|
81
|
-
clickjacking_policy.each(
|
82
|
-
request.env[TCellAgent::Instrumentation::TCELL_ID].transaction_id,
|
83
|
-
request.env[TCellAgent::Instrumentation::TCELL_ID].hmac_session_id,
|
84
|
-
request.env[TCellAgent::Instrumentation::TCELL_ID].user_id) do | header_pair |
|
85
|
-
header_name = header_pair["name"]
|
86
|
-
header_value = header_pair["value"]
|
87
|
-
if (headers.has_key?header_name)
|
88
|
-
headers[header_name] = headers[header_name] + "," + header_value
|
89
|
-
else
|
90
|
-
headers[header_name] = header_value
|
91
|
-
end
|
92
|
-
end
|
93
|
-
end #if
|
94
|
-
|
95
|
-
response = [status, headers, active_response]
|
96
|
-
}
|
97
|
-
response
|
98
|
-
end
|
99
|
-
|
100
|
-
def _set_secure_headers(request, response)
|
101
|
-
TCellAgent::Instrumentation.safe_block("Setting Secure Headers") {
|
102
|
-
status, headers, active_response = response
|
69
|
+
end
|
103
70
|
|
104
|
-
secure_headers_policy = TCellAgent.policy(TCellAgent::PolicyTypes::SecureHeaders)
|
105
|
-
if secure_headers_policy
|
106
|
-
secure_headers_policy.headers.each do | secure_header |
|
107
|
-
headers[secure_header.name] = secure_header.value
|
108
|
-
end
|
109
|
-
end
|
110
|
-
response = [status, headers, active_response]
|
111
|
-
}
|
112
71
|
response
|
113
72
|
end
|
114
73
|
|
@@ -144,7 +103,7 @@ module TCellAgent
|
|
144
103
|
status_code, response_headers, response_body = response
|
145
104
|
|
146
105
|
js_agent_handler, script_insert =
|
147
|
-
TCellAgent::Instrumentation::Rails::JSAgent.get_handler_and_script_insert(response_headers)
|
106
|
+
TCellAgent::Instrumentation::Rails::JSAgent.get_handler_and_script_insert(request, response_headers)
|
148
107
|
dlp_handler, tcell_context =
|
149
108
|
TCellAgent::Instrumentation::Rails::DLPHandler.get_handler_and_context(request, response_headers)
|
150
109
|
|