RubyGems - tcell_agent - Versions diffs - 1.1.9 → 1.1.10 - Mend

tcell_agent 1.1.9 → 1.1.10

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/tcell_agent/rust/models.rb +6 -5
data/lib/tcell_agent/rust/whisperer.rb +2 -2
data/lib/tcell_agent/tcell_context.rb +33 -26
data/lib/tcell_agent/version.rb +1 -1
data/spec/lib/tcell_agent/rust/models_spec.rb +8 -8
data/spec/lib/tcell_agent/tcell_context_spec.rb +0 -72
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a9da1add0ef1d226086bf8fd6b5de63a2999935161ffb7e5fb683680f66109d6
-  data.tar.gz: 14bfae15721c764a040f64d0d65d48cd26cff39981e45e5c69af9b3539f5436b
+  metadata.gz: b84894f0c99387e227049af1f0cf23514630037a8a717b43283bcb19c66dfa37
+  data.tar.gz: 7464cb57bee06eea3c94717334ef755b0acbef4768f836f39b8de7cdb85cb505
 SHA512:
-  metadata.gz: 572bbc76f6c521872a6b636e64ea4811d118e5e779be0e9a087db440cfde31d18d08ef691bb41160e7d4558f1aab98ac4114aac0cf7a34ef613998fe4a6c3b71
-  data.tar.gz: c35853653b9cb150eefe4089461e2d14528ff14ee0a7c5ad5b82a74c01d9849a4277f4fee66242c60b26e0aa18530bd752705c961b6c469a6d0d95d4dba52043
+  metadata.gz: 60dabf811b67b4d762a8c39c96e47f7f3fff2e0287bb8586fec019976680b7c88efcbeb8e8ef541a8c719de0430a1c010e72ebaf7dfaffd03ff38b8c501fabca
+  data.tar.gz: 4974dccf426c1113ffbd238ef8006dc8600fc01bcbd29fbf940c2c78df5f979c80f48888b7565fa8a3c998b71edc60973e2e97ddd08c8648224755b270af9ae9

data/lib/tcell_agent/rust/models.rb CHANGED Viewed

@@ -15,8 +15,7 @@ module TCellAgent
       end
       def self.create_request_response(appsensor_meta)
-        post_params = convert_params(appsensor_meta.flattened_post_dict) +
-                      convert_params(appsensor_meta.flattened_body_dict)
+        post_params = convert_params(appsensor_meta.flattened_post_dict)
         request_response = {
           'method' =>  appsensor_meta.method,
@@ -33,6 +32,8 @@ module TCellAgent
           'session_id' =>  appsensor_meta.session_id,
           'user_id' =>  appsensor_meta.user_id,
           'user_agent' =>  appsensor_meta.user_agent,
+          :content_type => appsensor_meta.content_type,
+          :request_body => appsensor_meta.raw_request_body,
           'request_bytes_length' =>  appsensor_meta.request_content_bytes_len,
           'response_bytes_length' =>  appsensor_meta.response_content_bytes_len
         }
@@ -53,8 +54,7 @@ module TCellAgent
       end
       def self.create_patches_request(appsensor_meta)
-        post_params = convert_params(appsensor_meta.flattened_post_dict) +
-                      convert_params(appsensor_meta.flattened_body_dict)
+        post_params = convert_params(appsensor_meta.flattened_post_dict)
         {
           'method' =>  appsensor_meta.method,
@@ -64,7 +64,8 @@ module TCellAgent
           'query_params' =>  convert_params(appsensor_meta.flattened_get_dict),
           'post_params' =>  post_params,
           'headers' =>  convert_params(appsensor_meta.flattened_headers_dict),
-          'cookies' =>  convert_params(appsensor_meta.flattened_cookie_dict)
+          'cookies' =>  convert_params(appsensor_meta.flattened_cookie_dict),
+          :content_type => appsensor_meta.content_type
         }
       end
     end

data/lib/tcell_agent/rust/whisperer.rb CHANGED Viewed

@@ -93,8 +93,8 @@ module TCellAgent
               'js_agent_url' => TCellAgent.configuration.js_agent_url
             },
             'appfirewall' => {
-              'enable_body_xxe_inspection' => false,
-              'enable_body_json_inspection' => false,
+              'enable_body_xxe_inspection' => true,
+              'enable_body_json_inspection' => true,
               'allow_log_payloads' => true
             },
             'policy_versions' => {

data/lib/tcell_agent/tcell_context.rb CHANGED Viewed

@@ -1,5 +1,10 @@
+# frozen_string_literal: true
 require 'tcell_agent/logger'
 require 'tcell_agent/utils/params'
+require 'cgi'
+TCELL_MAX_BODY_LENGTH = 20_000
 # TODO(ralba): move TCellData from instrumentation.rb here
 # and merge both models into one and drop usage of MetaData.
@@ -38,6 +43,8 @@ module TCellAgent
                   :transaction_id,
                   :location,
                   :path,
+                  :raw_request_body,
+                  :content_type,
                   :request_content_bytes_len,
                   :response_content_bytes_len,
                   :response_code,
@@ -113,38 +120,38 @@ module TCellAgent
       @flattened_path_parameters = TCellAgent::Utils::Params.flatten(value)
     end
+    def get_raw_post_data(request)
+      if request.env.key?('RAW_POST_DATA')
+        raw_post_data = request.env['RAW_POST_DATA']
+      else
+        body = request.body
+        # Positions strio to the beginning of input, resetting lineno to zero.
+        # rails 4.1 seems to read the stringIO directly and so body.gets is empty
+        # this is called
+        body.rewind if body.respond_to?(:rewind)
+        raw_post_data = body.read(request.content_length.to_i) if request.content_length
+        body.rewind if body.respond_to?(:rewind)
+      end
+      raw_post_data if raw_post_data.respond_to?(:length) && raw_post_data.length < TCELL_MAX_BODY_LENGTH
+    end
     def set_parameter_dicts(request)
       self.get_dict = request.GET
       self.cookie_dict = request.cookies
-      self.post_dict = request.POST
-      self.headers_dict = request.env
-      # Positions strio to the beginning of input, resetting lineno to zero.
-      # rails 4.1 seems to read the stringIO directly and so body.gets is empty
-      # this is called
-      request.body.rewind
+      self.post_dict = if !(request.content_type =~ %r{application/json}i).nil? ||
+                          !(request.content_type =~ %r{application/xml}i).nil?
+                         {}
+                       else
+                         request.POST
+                       end
-      @request_content_bytes_len = (request.content_length || 0).to_i
-      set_body_dict(
-        @request_content_bytes_len,
-        request.content_type,
-        request.body.gets
-      )
-    end
-    def set_body_dict(request_content_bytes_len, request_content_type, request_body)
-      @flattened_body_dict = {}
-      return if request_content_bytes_len > 2_000_000
-      return unless request_body && (request_content_type =~ %r{application/json}i)
+      self.headers_dict = request.env
-      begin
-        # don't enqueue parameter values of unknown type to avoid any serialization issues
-        @flattened_body_dict = TCellAgent::Utils::Params.flatten(JSON.parse(request_body))
-      rescue JSON::ParserError
-        TCellAgent.logger.debug('JSON body parameter parsing failed')
-      end
+      @flattened_body_dict = {} # deprecated
+      @content_type = request.content_type
+      @raw_request_body = get_raw_post_data(request)
+      @request_content_bytes_len = (request.content_length || 0).to_i
     end
   end
 end

data/lib/tcell_agent/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # See the file "LICENSE" for the full license governing this code.
 module TCellAgent
-  VERSION = '1.1.9'.freeze
+  VERSION = '1.1.10'.freeze
 end

data/spec/lib/tcell_agent/rust/models_spec.rb CHANGED Viewed

@@ -26,9 +26,8 @@ module TCellAgent
         meta_data.post_dict = { 'xss_param' => '<script>' }
         meta_data.cookie_dict = { 'xss_param' => '<script>' }
         meta_data.headers_dict = { 'HTTP_XSS_PARAM' => '<script>' }
-        json_body = { 'xss_param' => '<script>' }.to_json
-        meta_data.set_body_dict(json_body.bytesize, 'application/json', json_body)
+        meta_data.content_type = 'hi'
+        meta_data.raw_request_body = { 'xss_param' => '<script>' }.to_json
         result = Models.create_request_response(meta_data)
@@ -42,7 +41,6 @@ module TCellAgent
               { 'name' => 'xss_param', 'value' => '<script>' }
             ],
             'post_params' => [
-              { 'name' => 'xss_param', 'value' => '<script>' },
               { 'name' => 'xss_param', 'value' => '<script>' }
             ],
             'headers' => [
@@ -59,6 +57,8 @@ module TCellAgent
             'session_id' => 'session_id',
             'user_id' => 'user_id',
             'user_agent' => 'Mozilla',
+            :content_type => 'hi',
+            :request_body => '{"xss_param":"<script>"}',
             'request_bytes_length' => 1024,
             'response_bytes_length' => 2048,
             'csrf_exception' => {
@@ -93,9 +93,9 @@ module TCellAgent
         meta_data.post_dict = { 'user' => { 'xss_param' => '<script>' } }
         meta_data.cookie_dict = { 'xss_param' => '<script>' }
         meta_data.headers_dict = { 'HTTP_XSS_PARAM' => '<script>' }
-        json_body = { 'user' => { 'xss_param' => '<script>' } }.to_json
-        meta_data.set_body_dict(json_body.bytesize, 'application/json', json_body)
+        meta_data.content_type = 'hi'
+        # patches does not use the request body.
+        meta_data.raw_request_body = { 'user' => { 'xss_param' => '<script>' } }.to_json
         result = Models.create_patches_request(meta_data)
@@ -105,9 +105,9 @@ module TCellAgent
             'path' => '/some/path',
             'remote_address' => '192.168.1.1',
             'request_bytes_length' => 1024,
+            :content_type => 'hi',
             'query_params' => [{ 'name' => 'xss_param', 'value' => '<script>' }],
             'post_params' => [
-              { 'name' => 'xss_param', 'value' => '<script>' },
               { 'name' => 'xss_param', 'value' => '<script>' }
             ],
             'headers' => [{ 'name' => 'xss-param', 'value' => '<script>' }],

data/spec/lib/tcell_agent/tcell_context_spec.rb CHANGED Viewed

@@ -75,79 +75,7 @@ module TCellAgent
         )
       end
-      context 'with text/html content type' do
-        it 'should set the body params to empty' do
-          @meta_data.set_body_dict(
-            67,
-            'text/html',
-            {
-              :username => 'tester',
-              :password => 'pass'
-            }.to_json
-          )
-          expect(@meta_data.flattened_body_dict).to eq({})
-        end
-      end
       context 'with application/json content type' do
-        context 'with empty request body' do
-          it 'should set the body params to empty' do
-            @meta_data.set_body_dict(
-              67,
-              'application/json',
-              nil
-            )
-            expect(@meta_data.flattened_body_dict).to eq({})
-          end
-        end
-        context 'with bad json in the body' do
-          it 'should set the body params to empty' do
-            @meta_data.set_body_dict(
-              67,
-              'application/json',
-              '{"username":"tester""password":"pass"}'
-            )
-            expect(@meta_data.flattened_body_dict).to eq({})
-          end
-        end
-        context 'with valid json in the body' do
-          it 'should set the body params' do
-            @meta_data.set_body_dict(
-              67,
-              'application/json',
-              {
-                :username => 'tester',
-                :password => 'pass'
-              }.to_json
-            )
-            expect(@meta_data.flattened_body_dict).to eq(
-              {
-                ['username'] => 'tester',
-                ['password'] => 'pass'
-              }
-            )
-          end
-        end
-        context 'with a json body that is too big' do
-          it 'should set the body params to empty' do
-            @meta_data.set_body_dict(
-              20_000_000,
-              'application/json',
-              {
-                :username => 'tester',
-                :password => 'pass'
-              }.to_json
-            )
-            expect(@meta_data.flattened_body_dict).to eq({})
-          end
-        end
       end
     end
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tcell_agent
 version: !ruby/object:Gem::Version
-  version: 1.1.9
+  version: 1.1.10
 platform: ruby
 authors:
 - Rafael
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-08-12 00:00:00.000000000 Z
+date: 2019-09-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi