tcell_agent 2.2.0 → 2.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/tcell_agent/instrument_servers.rb +12 -14
- data/lib/tcell_agent/rails/auth/authlogic.rb +9 -0
- data/lib/tcell_agent/rails/auth/devise.rb +7 -4
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +0 -1
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +3 -0
- data/lib/tcell_agent/servers/puma.rb +7 -7
- data/lib/tcell_agent/servers/rack_puma_handler.rb +23 -0
- data/lib/tcell_agent/servers/rails_server.rb +4 -3
- data/lib/tcell_agent/tcell_context.rb +1 -1
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +5 -0
- data/spec/lib/tcell_agent/instrument_servers_spec.rb +95 -0
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +2 -2
- data/spec/spec_helper.rb +6 -0
- data/spec/support/builders.rb +2 -1
- data/spec/support/server_mocks/passenger_mock.rb +7 -0
- data/spec/support/server_mocks/puma_mock.rb +17 -0
- data/spec/support/server_mocks/rails_mock.rb +7 -0
- data/spec/support/server_mocks/thin_mock.rb +7 -0
- data/spec/support/server_mocks/unicorn_mock.rb +11 -0
- metadata +15 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5e056172b2170f472b95d9dc96f082b2d881e38d8b066ed82b8c4175157c0d04
|
4
|
+
data.tar.gz: 6e6a4fc3062d22415489aa75fad2cc15e7c8d9dcd9fc6a80aeb7ce6116dd784e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 87a540297c00aedca95f5905687e511233a960ede19aca99cdac65935828bce009413493a8c22af7a33ef59808910df69f9a169274f7f8aec13cdf84c8a361e4
|
7
|
+
data.tar.gz: 9ea327f2786185b027263c74d7d7428aa6c1a5cf7e54ce2bcf070eed2a15630f370984297f1a804aebbd97569379916e6973a337b42be8f2e9e211499422bae9
|
@@ -2,22 +2,20 @@
|
|
2
2
|
|
3
3
|
tcell_server = ENV['TCELL_AGENT_SERVER']
|
4
4
|
|
5
|
-
if tcell_server &&
|
6
|
-
|
7
|
-
end
|
5
|
+
TCellAgent.thread_agent.instrument_built_ins if tcell_server &&
|
6
|
+
tcell_server == 'mock'
|
8
7
|
|
9
|
-
if (tcell_server && tcell_server == 'webrick') ||
|
10
|
-
|
8
|
+
require('tcell_agent/servers/rails_server') if (tcell_server && tcell_server == 'webrick') ||
|
9
|
+
defined?(Rails::Server)
|
11
10
|
|
12
|
-
|
13
|
-
|
11
|
+
require('tcell_agent/servers/thin') if (tcell_server && tcell_server == 'thin') ||
|
12
|
+
defined?(Thin)
|
14
13
|
|
15
|
-
|
16
|
-
|
14
|
+
require('tcell_agent/servers/puma') if (tcell_server && tcell_server == 'puma') ||
|
15
|
+
defined?(Puma)
|
17
16
|
|
18
|
-
|
19
|
-
|
17
|
+
require('tcell_agent/servers/unicorn') if (tcell_server && tcell_server == 'unicorn') ||
|
18
|
+
defined?(Unicorn)
|
20
19
|
|
21
|
-
|
22
|
-
|
23
|
-
end
|
20
|
+
require('tcell_agent/servers/passenger') if (tcell_server && tcell_server == 'passenger') ||
|
21
|
+
defined?(PhusionPassenger)
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'tcell_agent/configuration'
|
2
4
|
require 'tcell_agent/instrumentation'
|
3
5
|
|
@@ -30,6 +32,12 @@ module TCellAgent
|
|
30
32
|
if user_logged_in_before && user_logged_in_after
|
31
33
|
# password changed or logged in as another user
|
32
34
|
elsif !user_logged_in_before && !user_logged_in_after
|
35
|
+
TCellAgent::Instrumentation.safe_block('checking if user is valid') do
|
36
|
+
error_messages = errors.messages[login_field]
|
37
|
+
|
38
|
+
user_valid = error_messages.empty?
|
39
|
+
end
|
40
|
+
|
33
41
|
login_policy.report_login_failure(
|
34
42
|
user_id,
|
35
43
|
password,
|
@@ -38,6 +46,7 @@ module TCellAgent
|
|
38
46
|
tcell_data
|
39
47
|
)
|
40
48
|
elsif !user_logged_in_before && user_logged_in_after
|
49
|
+
tcell_data.user_id = user_id if user_id && tcell_data.user_id.nil?
|
41
50
|
login_policy.report_login_success(
|
42
51
|
user_id,
|
43
52
|
request.env,
|
@@ -19,7 +19,8 @@ module TCellAgent
|
|
19
19
|
password = tcell_data.password
|
20
20
|
password ||= _get_tcell_password
|
21
21
|
|
22
|
-
user_valid =
|
22
|
+
user_valid = warden_message != :not_found_in_database if defined?(warden_message)
|
23
|
+
|
23
24
|
login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
|
24
25
|
login_policy.report_login_failure(
|
25
26
|
user_id,
|
@@ -96,11 +97,11 @@ module TCellAgent
|
|
96
97
|
end
|
97
98
|
|
98
99
|
TCellAgent::Instrumentation.safe_block('Devise Authenticatable Validate') do
|
99
|
-
if send_event && TCellAgent.configuration.
|
100
|
-
TCellAgent.configuration.should_intercept_requests?
|
100
|
+
if send_event && TCellAgent.configuration.should_intercept_requests?
|
101
101
|
username = nil
|
102
102
|
(authentication_keys || []).each do |auth_key|
|
103
|
-
attr = authentication_hash[auth_key]
|
103
|
+
attr = authentication_hash[auth_key] unless authentication_hash.nil?
|
104
|
+
|
104
105
|
if attr
|
105
106
|
username ||= ''
|
106
107
|
username += attr
|
@@ -110,6 +111,8 @@ module TCellAgent
|
|
110
111
|
tcell_data = request.env[TCellAgent::Instrumentation::TCELL_ID]
|
111
112
|
return is_valid unless tcell_data
|
112
113
|
|
114
|
+
tcell_data.user_id = username if username && tcell_data.user_id.nil?
|
115
|
+
|
113
116
|
login_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LOGINFRAUD)
|
114
117
|
login_policy.report_login_success(
|
115
118
|
username,
|
@@ -24,6 +24,9 @@ module TCellAgent
|
|
24
24
|
def call(env)
|
25
25
|
if TCellAgent.configuration.should_intercept_requests?
|
26
26
|
request = Rack::Request.new(env)
|
27
|
+
|
28
|
+
request['init'] = true
|
29
|
+
|
27
30
|
TCellAgent::Instrumentation.safe_block('Setting session_id & user_id') do
|
28
31
|
if request.session
|
29
32
|
env[TCellAgent::Instrumentation::TCELL_ID].session_id =
|
@@ -4,21 +4,21 @@ if defined?(Puma.cli_config)
|
|
4
4
|
# Puma is running in single mode, so run both the initial instrumentation and
|
5
5
|
# start the agent
|
6
6
|
Puma::Runner.class_eval do
|
7
|
-
alias_method :
|
7
|
+
alias_method :tcell_original_start_server, :start_server
|
8
8
|
def start_server
|
9
|
-
TCellAgent.thread_agent.start('Puma
|
9
|
+
TCellAgent.thread_agent.start('Puma')
|
10
10
|
|
11
|
-
|
11
|
+
tcell_original_start_server
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
15
|
else
|
16
16
|
Puma::Server.class_eval do
|
17
|
-
alias_method :
|
17
|
+
alias_method :tcell_original_run, :run
|
18
18
|
def run(background = true)
|
19
19
|
TCellAgent.thread_agent.start('Puma Cluster Mode (Worker)')
|
20
20
|
|
21
|
-
|
21
|
+
tcell_original_run(background)
|
22
22
|
end
|
23
23
|
end
|
24
24
|
end
|
@@ -28,11 +28,11 @@ if defined?(Puma.cli_config)
|
|
28
28
|
# Instrumentation will run for each worker but there's
|
29
29
|
# nothing we can do about that (Unicorn's preload_app behaves the same way)
|
30
30
|
Puma::Server.class_eval do
|
31
|
-
alias_method :
|
31
|
+
alias_method :tcell_original_run, :run
|
32
32
|
def run(background = true)
|
33
33
|
TCellAgent.thread_agent.start('Puma Cluster Mode (Worker)')
|
34
34
|
|
35
|
-
|
35
|
+
tcell_original_run(background)
|
36
36
|
end
|
37
37
|
end
|
38
38
|
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
Rack::Handler::Puma.class_eval do
|
4
|
+
class << self
|
5
|
+
alias_method :tcell_original_config, :config
|
6
|
+
def config(app, options = {})
|
7
|
+
conf = tcell_original_config(app, options)
|
8
|
+
|
9
|
+
if defined?(Puma::Server) && !Puma::Server.instance_methods.include?(:tcell_original_run)
|
10
|
+
Puma::Server.class_eval do
|
11
|
+
alias_method :tcell_original_run, :run
|
12
|
+
def run(background = true)
|
13
|
+
TCellAgent.thread_agent.start('Puma')
|
14
|
+
|
15
|
+
tcell_original_run(background)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
conf
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -5,16 +5,17 @@
|
|
5
5
|
Rails::Server.class_eval do
|
6
6
|
alias_method :tcell_build_app, :build_app
|
7
7
|
def build_app(app)
|
8
|
+
require('tcell_agent/servers/rack_puma_handler') if defined?(Rack::Handler::Puma)
|
8
9
|
require('tcell_agent/servers/unicorn') if defined?(Unicorn::HttpServer)
|
9
10
|
require('tcell_agent/servers/webrick') if defined?(Rack::Handler::WEBrick)
|
10
11
|
require('tcell_agent/servers/thin') if defined?(Thin::Server)
|
11
12
|
|
12
13
|
if defined?(Puma::Server)
|
13
14
|
Puma::Server.class_eval do
|
14
|
-
alias_method :
|
15
|
+
alias_method :tcell_original_run, :run
|
15
16
|
def run(background = true)
|
16
|
-
TCellAgent.thread_agent.start('Puma
|
17
|
-
|
17
|
+
TCellAgent.thread_agent.start('Puma')
|
18
|
+
tcell_original_run(background)
|
18
19
|
end
|
19
20
|
end
|
20
21
|
end
|
data/lib/tcell_agent/version.rb
CHANGED
@@ -16,6 +16,8 @@ module TCellAgent
|
|
16
16
|
context 'with no parameters' do
|
17
17
|
it 'should return true' do
|
18
18
|
config = Configuration.new
|
19
|
+
config.enabled = true
|
20
|
+
config.instrument = true
|
19
21
|
|
20
22
|
expect(config.should_instrument?).to be_truthy
|
21
23
|
end
|
@@ -23,6 +25,9 @@ module TCellAgent
|
|
23
25
|
context 'with parameters' do
|
24
26
|
it 'should return true' do
|
25
27
|
config = Configuration.new
|
28
|
+
config.enabled = true
|
29
|
+
config.instrument = true
|
30
|
+
config.disabled_instrumentation = Set.new
|
26
31
|
|
27
32
|
expect(config.should_instrument?('devise')).to be_truthy
|
28
33
|
end
|
@@ -0,0 +1,95 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
def test_rails
|
4
|
+
expect(Rails::Server.instance_methods.include?(:tcell_build_app)).to be_truthy
|
5
|
+
end
|
6
|
+
|
7
|
+
def test_thin
|
8
|
+
expect(Thin::Server.instance_methods.include?(:original_start)).to be_truthy
|
9
|
+
end
|
10
|
+
|
11
|
+
def test_unicorn
|
12
|
+
expect(Unicorn::HttpServer::START_CTX[0]).to be_falsy
|
13
|
+
expect(Unicorn::HttpServer.instance_methods.include?(:tcell_init_worker_process)).to be_truthy
|
14
|
+
expect(Unicorn::HttpServer.instance_methods.include?(:tcell_load_config!)).to be_truthy
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_passenger
|
18
|
+
expect(PhusionPassenger::LoaderSharedHelpers.instance_methods.include?(:tcell_before_handling_requests))
|
19
|
+
end
|
20
|
+
|
21
|
+
def test_puma
|
22
|
+
expect(Puma.cli_config.options[:preload_app]).to be_falsey
|
23
|
+
expect(Puma::Server.instance_methods.include?(:original_run)).to be_truthy
|
24
|
+
end
|
25
|
+
|
26
|
+
def test_server(filenames, funcs)
|
27
|
+
fork do
|
28
|
+
filenames.each do |file|
|
29
|
+
load file
|
30
|
+
end
|
31
|
+
|
32
|
+
load 'tcell_agent/instrument_servers.rb'
|
33
|
+
|
34
|
+
funcs.each do |func|
|
35
|
+
method(func).call
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
describe 'instrument_servers' do
|
41
|
+
context 'with single server dependency' do
|
42
|
+
context 'with webrick server' do
|
43
|
+
it 'should instrument Webrick' do
|
44
|
+
mocks = ['spec/support/server_mocks/rails_mock.rb']
|
45
|
+
tests = [:test_rails]
|
46
|
+
test_server(mocks, tests)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
context 'with Thin server' do
|
51
|
+
it 'should instrument Thin' do
|
52
|
+
mocks = ['spec/support/server_mocks/thin_mock.rb']
|
53
|
+
tests = [:test_thin]
|
54
|
+
test_server(mocks, tests)
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
context 'with Puma server' do
|
59
|
+
it 'should instrument Puma' do
|
60
|
+
mocks = ['spec/support/server_mocks/puma_mock.rb']
|
61
|
+
tests = [:test_puma]
|
62
|
+
test_server(mocks, tests)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
context 'with Unicorn server' do
|
67
|
+
it 'should instrument Unicorn' do
|
68
|
+
mocks = ['spec/support/server_mocks/unicorn_mock.rb']
|
69
|
+
tests = [:test_unicorn]
|
70
|
+
test_server(mocks, tests)
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
context 'with Passenger server' do
|
75
|
+
it 'should instrument Unicorn' do
|
76
|
+
mocks = ['spec/support/server_mocks/passenger_mock.rb']
|
77
|
+
tests = [:test_passenger]
|
78
|
+
test_server(mocks, tests)
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
context 'with multiple server dependencies' do
|
83
|
+
it 'should instrument all servers available' do
|
84
|
+
mocks = ['spec/support/server_mocks/rails_mock.rb',
|
85
|
+
'spec/support/server_mocks/thin_mock.rb',
|
86
|
+
'spec/support/server_mocks/puma_mock.rb',
|
87
|
+
'spec/support/server_mocks/unicorn_mock.rb',
|
88
|
+
'spec/support/server_mocks/passenger_mock.rb']
|
89
|
+
|
90
|
+
tests = %i[test_rails test_thin test_puma test_unicorn test_passenger]
|
91
|
+
|
92
|
+
test_server(mocks, tests)
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
@@ -73,7 +73,7 @@ module TCellAgent
|
|
73
73
|
TCellAgent::Rust::NativeAgent.free_agent(@native_agent.agent_ptr)
|
74
74
|
end
|
75
75
|
|
76
|
-
context 'request has nil ip'
|
76
|
+
context 'request has nil ip' do
|
77
77
|
it 'should not block request' do
|
78
78
|
meta_data = TCellAgent::Tests::MetaDataBuilder.new.update_attribute(
|
79
79
|
'remote_address', nil
|
@@ -83,7 +83,7 @@ module TCellAgent
|
|
83
83
|
end
|
84
84
|
end
|
85
85
|
|
86
|
-
context 'request has empty ip'
|
86
|
+
context 'request has empty ip' do
|
87
87
|
it 'should not block request' do
|
88
88
|
meta_data = TCellAgent::Tests::MetaDataBuilder.new.update_attribute(
|
89
89
|
'remote_address', ''
|
data/spec/spec_helper.rb
CHANGED
@@ -20,3 +20,9 @@ end
|
|
20
20
|
|
21
21
|
require 'tcell_agent/agent'
|
22
22
|
require 'tcell_agent/rails/routes'
|
23
|
+
|
24
|
+
TCellAgent.configuration.enabled = true
|
25
|
+
TCellAgent.configuration.instrument = true
|
26
|
+
TCellAgent.configuration.enable_intercept_requests = true
|
27
|
+
TCellAgent.configuration.disabled_instrumentation = []
|
28
|
+
TCellAgent.thread_agent.instrument_built_ins
|
data/spec/support/builders.rb
CHANGED
@@ -17,11 +17,12 @@ module TCellAgent
|
|
17
17
|
@configuration.allow_payloads = true
|
18
18
|
@configuration.js_agent_api_base_url = @configuration.tcell_api_url
|
19
19
|
@configuration.js_agent_url = 'https://jsagent.tcell.io/tcellagent.min.js'
|
20
|
-
@configuration.cache_dir = nil
|
21
20
|
@configuration.agent_log_dir = 'tcell/logs'
|
22
21
|
@configuration.logging_options = { :enabled => false }
|
23
22
|
@configuration.host_identifier = 'python-test-suite'
|
24
23
|
@configuration.reverse_proxy_ip_address_header = 'X-Forwarded-For'
|
24
|
+
@configuration.enable_intercept_requests = true
|
25
|
+
@configuration.enabled = true
|
25
26
|
end
|
26
27
|
|
27
28
|
def update_attribute(attribute, setting)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tcell_agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.2.
|
4
|
+
version: 2.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Rafael
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-08-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ffi
|
@@ -181,6 +181,7 @@ files:
|
|
181
181
|
- lib/tcell_agent/sensor_events/util/utils.rb
|
182
182
|
- lib/tcell_agent/servers/passenger.rb
|
183
183
|
- lib/tcell_agent/servers/puma.rb
|
184
|
+
- lib/tcell_agent/servers/rack_puma_handler.rb
|
184
185
|
- lib/tcell_agent/servers/rails_server.rb
|
185
186
|
- lib/tcell_agent/servers/thin.rb
|
186
187
|
- lib/tcell_agent/servers/unicorn.rb
|
@@ -194,6 +195,7 @@ files:
|
|
194
195
|
- lib/tcell_agent/version.rb
|
195
196
|
- spec/lib/tcell_agent/configuration_spec.rb
|
196
197
|
- spec/lib/tcell_agent/hooks/login_fraud_spec.rb
|
198
|
+
- spec/lib/tcell_agent/instrument_servers_spec.rb
|
197
199
|
- spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb
|
198
200
|
- spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb
|
199
201
|
- spec/lib/tcell_agent/instrumentation/cmdi_spec.rb
|
@@ -238,6 +240,11 @@ files:
|
|
238
240
|
- spec/support/middleware_helper.rb
|
239
241
|
- spec/support/resources/lfi_sample_file.txt
|
240
242
|
- spec/support/resources/normal_config.json
|
243
|
+
- spec/support/server_mocks/passenger_mock.rb
|
244
|
+
- spec/support/server_mocks/puma_mock.rb
|
245
|
+
- spec/support/server_mocks/rails_mock.rb
|
246
|
+
- spec/support/server_mocks/thin_mock.rb
|
247
|
+
- spec/support/server_mocks/unicorn_mock.rb
|
241
248
|
- spec/support/static_agent_overrides.rb
|
242
249
|
- tcell_agent.gemspec
|
243
250
|
homepage: https://www.tcell.io
|
@@ -268,6 +275,7 @@ summary: tCell.io Agent for Rails
|
|
268
275
|
test_files:
|
269
276
|
- spec/lib/tcell_agent/configuration_spec.rb
|
270
277
|
- spec/lib/tcell_agent/hooks/login_fraud_spec.rb
|
278
|
+
- spec/lib/tcell_agent/instrument_servers_spec.rb
|
271
279
|
- spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb
|
272
280
|
- spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb
|
273
281
|
- spec/lib/tcell_agent/instrumentation/cmdi_spec.rb
|
@@ -312,4 +320,9 @@ test_files:
|
|
312
320
|
- spec/support/middleware_helper.rb
|
313
321
|
- spec/support/resources/lfi_sample_file.txt
|
314
322
|
- spec/support/resources/normal_config.json
|
323
|
+
- spec/support/server_mocks/passenger_mock.rb
|
324
|
+
- spec/support/server_mocks/puma_mock.rb
|
325
|
+
- spec/support/server_mocks/rails_mock.rb
|
326
|
+
- spec/support/server_mocks/thin_mock.rb
|
327
|
+
- spec/support/server_mocks/unicorn_mock.rb
|
315
328
|
- spec/support/static_agent_overrides.rb
|