tcell_agent 2.1.1 → 2.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fef169c3426eb04bcf907ba86a06b56508b3510b5a460dd20bdd0e859c773832
-  data.tar.gz: c60696ff6d4058537d8162cc28c5f956340a5b5a533bf1df7b805f1f8b208f90
+  metadata.gz: 4165181c541a536526e945db454826fb168c253186d130bbbf904f6882ea238e
+  data.tar.gz: 55b8b9d149c14d45da6d1d41a8b48d4031df5e6ce385f9d91980def10f90d623
 SHA512:
-  metadata.gz: ffaeef09c1dbf616146f6407abdcd5c53c292098c9e6e3bb9ab32602c8f5cb94ac69e2d958e00ef6fd58b6c1c6e133104935617fd06410752f704132eaa78d81
-  data.tar.gz: 77a9ab760568d411be5535f0c9842376289667892b39b88bed4bfc6646a496d8cf26a1d6704e78c644d7564aa4fc9e1955d6cbbf36ec40a91ff01d3ad37807c1
+  metadata.gz: 491683e5c3c0b39e4c01567fd93b4dc39e9c7612c9e10568aebb88fdb19d8e068b98d4d9ec9ea64c50f59323e365b9d337bf7128cd4a8d663f4ab67284172b56
+  data.tar.gz: c9dc2b88411fbf8d69f4251582bbd6c8ede11daf9a98c6547e188bf0636eec562039e79b61316962cf7fe9e264317e7e8bdd4e93ab367af431a4d13a53bb7697

data/lib/tcell_agent/instrumentation/cmdi.rb

@@ -25,18 +25,18 @@ module TCellAgent
       cmd = ''
 
       TCellAgent::Instrumentation.safe_block('CMDI Parsing *args') do
-        unless args.empty?
-          args_copy = Array.new(args)
-          args_copy.shift if args_copy.first.is_a?(Hash)
-          args_copy.pop if args_copy.last.is_a?(Hash)
-
-          if args_copy.first.is_a?(Array)
-            cmd_n_argv0 = args_copy.shift
-            args_copy.unshift(cmd_n_argv0.first)
-          end
+        return cmd if args.nil? || args.empty?
+
+        args_copy = Array.new(args)
+        args_copy.shift if args_copy.first.is_a?(Hash)
+        args_copy.pop if args_copy.last.is_a?(Hash)
 
-          cmd = args_copy.join(' ')
+        if args_copy.first.is_a?(Array)
+          cmd_n_argv0 = args_copy.shift
+          args_copy.unshift(cmd_n_argv0.first)
         end
+
+        cmd = args_copy.join(' ')
       end
 
       cmd
@@ -46,12 +46,12 @@ module TCellAgent
       cmd = ''
 
       TCellAgent::Instrumentation.safe_block('CMDI Parsing *args') do
-        unless args.empty?
-          args_copy = Array.new(args)
-          first_arg = args_copy.shift
+        return cmd if args.nil? || args.empty?
 
-          cmd = first_arg[1..-1] if first_arg && (first_arg.is_a? String) && first_arg[0] == '|'
-        end
+        args_copy = Array.new(args)
+        first_arg = args_copy.shift
+
+        cmd = first_arg[1..-1] if first_arg && (first_arg.is_a? String) && first_arg[0] == '|'
       end
 
       cmd

data/lib/tcell_agent/instrumentation/lfi.rb

@@ -26,15 +26,23 @@ module TCellAgent
         path = ''
         mode = ''
 
-        return ['', ''] if args.empty?
-
         TCellAgent::Instrumentation.safe_block('LFI Parsing *args') do
+          return ['', ''] if args.nil? || args.empty?
+
           args_copy = Array.new(args)
           path = args_copy.shift
           mode = args_copy.shift || 'r'
 
           if path && path.to_s[0] != '|'
-            [File.expand_path(path).to_s, convert_mode(mode)]
+            path = File.expand_path(path.to_s)
+
+            mode = if mode && mode.is_a?(Hash)
+                     convert_mode(mode[:mode])
+                   else
+                     convert_mode(mode)
+                   end
+
+            [path, mode]
           else
             ['', '']
           end
@@ -53,8 +61,11 @@ module TCellAgent
             path = ARGF.filename
           end
 
-          path = File.expand_path(path) unless path.nil?
-          [path.to_s, mode]
+          if path && path.to_s[0] != '|'
+            [File.expand_path(path.to_s), mode]
+          else
+            ['', '']
+          end
         end
       end
 

data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb

@@ -1,76 +1,52 @@
 module Kernel
-  class << self
-    alias_method :tcell_original_1_open, :open
-    def open(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
-
-      if !path.strip.empty? && TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      if path.empty?
-        cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
-        if cmd && TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-      end
+  private
 
-      tcell_original_1_open(*args, &block)
-    end
-
-    alias_method :tcell_original_1_gets, :gets
-    def gets(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
-
-      tcell_original_1_gets(*args, &block)
-    end
+  alias_method :tcell_original_backtick, :`
+  alias_method :tcell_original_exec, :exec
+  alias_method :tcell_original_open, :open
+  alias_method :tcell_original_gets, :gets
+  alias_method :tcell_original_readline, :readline
+  alias_method :tcell_original_spawn, :spawn
+  alias_method :tcell_original_system, :system
 
+  class << self
+    alias_method :tcell_original_exec, :exec
+    alias_method :tcell_original_open, :open
+    alias_method :tcell_original_gets, :gets
     alias_method :tcell_original_readline, :readline
-    def readline(*args, &block)
-      path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-
-      if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-        raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-      end
+    alias_method :tcell_original_spawn, :spawn
+    alias_method :tcell_original_system, :system
+  end
 
-      tcell_original_readline(*args, &block)
+  def `(cmd)
+    if TCellAgent::Cmdi.block_command?(cmd)
+      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
     end
 
-    alias_method :tcell_original_1_spawn, :spawn
-    def spawn(*args)
-      cmd = TCellAgent::Cmdi.parse_command(*args)
-      if TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
-
-      tcell_original_1_spawn(*args)
-    end
+    tcell_original_backtick(cmd)
+  end
 
-    alias_method :tcell_original_1_system, :system
-    def system(*args)
+  if TCellAgent.configuration.should_instrument_cmdi_exec?
+    def exec(*args)
       cmd = TCellAgent::Cmdi.parse_command(*args)
       if TCellAgent::Cmdi.block_command?(cmd)
         raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
       end
 
-      tcell_original_1_system(*args)
+      tcell_original_exec(*args)
     end
   end
 
-  alias_method :tcell_original_backtick, :`
-  def `(cmd)
-    if TCellAgent::Cmdi.block_command?(cmd)
-      raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
+  def gets(*args, &block)
+    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
+
+    if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
+      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
     end
 
-    tcell_original_backtick(cmd)
+    tcell_original_gets(*args, &block)
   end
 
-  alias_method :tcell_original_2_open, :open
   def open(*args, &block)
     path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
 
@@ -85,21 +61,9 @@ module Kernel
       end
     end
 
-    tcell_original_2_open(*args, &block)
+    tcell_original_open(*args, &block)
   end
 
-  alias_method :tcell_original_2_gets, :gets
-  def gets(*args, &block)
-    path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
-
-    if TCellAgent::Instrumentation::Lfi.block_file_access?(path, mode)
-      raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied"
-    end
-
-    tcell_original_2_gets(*args, &block)
-  end
-
-  alias_method :tcell_original_readline, :readline
   def readline(*args, &block)
     path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf
 
@@ -110,54 +74,29 @@ module Kernel
     tcell_original_readline(*args, &block)
   end
 
-  alias_method :tcell_original_2_spawn, :spawn
   def spawn(*args)
     cmd = TCellAgent::Cmdi.parse_command(*args)
     if TCellAgent::Cmdi.block_command?(cmd)
       raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
     end
 
-    tcell_original_2_spawn(*args)
+    tcell_original_spawn(*args)
   end
 
-  alias_method :tcell_original_2_system, :system
   def system(*args)
     cmd = TCellAgent::Cmdi.parse_command(*args)
     if TCellAgent::Cmdi.block_command?(cmd)
       raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
     end
 
-    tcell_original_2_system(*args)
+    tcell_original_system(*args)
   end
-end
-
-if TCellAgent.configuration.should_instrument_cmdi_exec?
-  module Kernel
-    class << self
-      alias_method :tcell_original_exec, :exec
-      def exec(*args)
-        cmd = TCellAgent::Cmdi.parse_command(*args)
-        if TCellAgent::Cmdi.block_command?(cmd)
-          raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-        end
-
-        tcell_original_exec(*args)
-      end
-    end
-
-    alias_method :tcell_original_exec, :exec
-
-    private
-
-    def exec(*args)
-      cmd = TCellAgent::Cmdi.parse_command(*args)
-      if TCellAgent::Cmdi.block_command?(cmd)
-        raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
-      end
 
-      tcell_original_exec(*args)
-    end
-  end
-else
-  TCellAgent.logger.debug('Disabling cmdi Kernel::exec instrumentation', 'TCellAgent::Cmdi')
+  module_function :`
+  module_function :exec
+  module_function :gets
+  module_function :open
+  module_function :readline
+  module_function :spawn
+  module_function :system
 end

data/lib/tcell_agent/rails/routes/grape.rb

@@ -5,15 +5,9 @@ module TCellAgent
     def self.grape_route?(route)
       if defined?(Grape::API)
         begin
-          if ::Rails::VERSION::MAJOR == 4 && ::Rails::VERSION::MINOR < 2
-            # does app inherit from Grape::API?
-            route.app < Grape::API
-          else
-            # does app inherit from Grape::API?
-            route.app.app < Grape::API
-          end
-
-          return true
+          return route.app < Grape::API if ::Rails::VERSION::MAJOR == 4 &&
+                                           ::Rails::VERSION::MINOR < 2
+          return route.app.app < Grape::API
         rescue StandardError # rubocop:disable Lint/HandleExceptions
           # do nothing
         end

data/lib/tcell_agent/version.rb

@@ -1,5 +1,5 @@
 # See the file "LICENSE" for the full license governing this code.
 
 module TCellAgent
-  VERSION = '2.1.1'.freeze
+  VERSION = '2.1.2'.freeze
 end

data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb

@@ -148,10 +148,52 @@ module TCellAgent
       end
     end
     describe '.parse_command_from_open' do
-      context 'with string command' do
-        it 'should parse the command properly' do
-          cmd = TCellAgent::Cmdi.parse_command_from_open('|echo')
-          expect(cmd).to eq('echo')
+      context 'with empty parameters' do
+        it 'should not return a command' do
+          cmd = TCellAgent::Cmdi.parse_command_from_open
+          expect(cmd).to eq('')
+        end
+      end
+      context 'with empty array' do
+        it 'should not return a command' do
+          args = []
+          cmd = TCellAgent::Cmdi.parse_command_from_open(*args)
+          expect(cmd).to eq('')
+        end
+      end
+      context 'with a string command' do
+        context 'with an empty string' do
+          it 'should return an empty string' do
+            cmd = TCellAgent::Cmdi.parse_command_from_open('')
+            expect(cmd).to eq('')
+          end
+        end
+        context 'with an empty command' do
+          it 'should return an empty string' do
+            cmd = TCellAgent::Cmdi.parse_command_from_open('|')
+            expect(cmd).to eq('')
+          end
+        end
+        context 'with a non-empty command' do
+          it 'should parse the command properly' do
+            cmd = TCellAgent::Cmdi.parse_command_from_open('|echo')
+            expect(cmd).to eq('echo')
+
+            cmd = TCellAgent::Cmdi.parse_command_from_open('|ls -l /tmp')
+            expect(cmd).to eq('ls -l /tmp')
+          end
+        end
+      end
+      context 'with a filename argument' do
+        it 'should not return a command' do
+          cmd = TCellAgent::Cmdi.parse_command_from_open('/tmp')
+          expect(cmd).to eq('')
+        end
+      end
+      context 'with a non-string first argument' do
+        it 'should return an empty string' do
+          cmd = TCellAgent::Cmdi.parse_command_from_open({})
+          expect(cmd).to eq('')
         end
       end
     end

data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 module TCellAgent
   module Instrumentation
     module Lfi
-      describe 'extract path and mode' do
+      describe '.extract_path_mode' do
         context 'with path' do
           it 'should extract the path correctly' do
             args = '/path-to-file'
@@ -34,51 +34,91 @@ module TCellAgent
               args = '/path-to-file', 'r'
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('Read')
+
+              args = '/path-to-file', { :mode => 'r' }
+              _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
+              expect(mode).to eq('Read')
             end
             it 'should return Write for mode w' do
               args = '/path-to-file', 'w'
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('Write')
+
+              args = '/path-to-file', { :mode => 'w' }
+              _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
+              expect(mode).to eq('Write')
             end
             it 'should return Write for mode a' do
               args = '/path-to-file', 'a'
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('Write')
+
+              args = '/path-to-file', { :mode => 'a' }
+              _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
+              expect(mode).to eq('Write')
             end
             it 'should return ReadWrite for mode r+' do
               args = '/path-to-file', 'r+'
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('ReadWrite')
+
+              args = '/path-to-file', { :mode => 'r+' }
+              _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
+              expect(mode).to eq('ReadWrite')
             end
             it 'should return ReadWrite for mode w+' do
               args = '/path-to-file', 'w+'
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('ReadWrite')
+
+              args = '/path-to-file', { :mode => 'w+' }
+              _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
+              expect(mode).to eq('ReadWrite')
             end
             it 'should return ReadWrite for mode a+' do
               args = '/path-to-file', 'a+'
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('ReadWrite')
+
+              args = '/path-to-file', { :mode => 'a+' }
+              _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
+              expect(mode).to eq('ReadWrite')
             end
             it 'should return Read for mode ::File::RDONLY (0)' do
               args = '/path-to-file', ::File::RDONLY
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('Read')
+
+              args = '/path-to-file', { :mode => ::File::RDONLY }
+              _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
+              expect(mode).to eq('Read')
             end
             it 'should return Write for mode ::File::WRONLY (1)' do
               args = '/path-to-file', ::File::WRONLY
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('Write')
+
+              args = '/path-to-file', { :mode => ::File::WRONLY }
+              _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
+              expect(mode).to eq('Write')
             end
             it 'should return ReadWrite for mode ::File::RDWR (2)' do
               args = '/path-to-file', ::File::RDWR
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('ReadWrite')
+
+              args = '/path-to-file', { :mode => ::File::RDWR }
+              _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
+              expect(mode).to eq('ReadWrite')
             end
             it 'should return Write for mode ::File::CREAT | ::File::EXCL | ::File::WRONLY (2561)' do
               args = '/path-to-file', ::File::CREAT | ::File::EXCL | ::File::WRONLY
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('Write')
+
+              args = '/path-to-file', { :mode => ::File::CREAT | ::File::EXCL | ::File::WRONLY }
+              _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
+              expect(mode).to eq('Write')
             end
           end
           context 'with an invalid mode' do
@@ -87,11 +127,16 @@ module TCellAgent
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('Read')
             end
-            it 'should return Read when mode is a hash' do
+            it 'should return Read when mode is an empty hash' do
               args = '/path-to-file', {}
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
               expect(mode).to eq('Read')
             end
+            it 'should return Read when mode is a hash without a :mode key' do
+              args = '/path-to-file', { :placeholder => 'testing' }
+              _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)
+              expect(mode).to eq('Read')
+            end
             it 'should return Read when mode is an array' do
               args = '/path-to-file', []
               _path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode(*args)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tcell_agent
 version: !ruby/object:Gem::Version
-  version: 2.1.1
+  version: 2.1.2
 platform: ruby
 authors:
 - Rafael
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-26 00:00:00.000000000 Z
+date: 2020-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi