tcell_agent 2.5.1 → 2.5.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/lib/tcell_agent/rails/dlp_handler.rb +2 -3
  3. data/lib/tcell_agent/rails/js_agent_insert.rb +16 -1
  4. data/lib/tcell_agent/rails/middleware/headers_middleware.rb +4 -15
  5. data/lib/tcell_agent/rails/responses.rb +0 -12
  6. data/lib/tcell_agent/rails/tcell_body_proxy.rb +17 -28
  7. data/lib/tcell_agent/rust/libtcellagent-alpine.so +0 -0
  8. data/lib/tcell_agent/rust/libtcellagent-x64.dll +0 -0
  9. data/lib/tcell_agent/rust/libtcellagent.dylib +0 -0
  10. data/lib/tcell_agent/rust/libtcellagent.so +0 -0
  11. data/lib/tcell_agent/version.rb +1 -1
  12. data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +12 -27
  13. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 521fa2c98be5ea73aa4a9f4a8c00b9c1e51e2dd801de3c886324e28c95205142
4
- data.tar.gz: a257258e3e3a4f71ee52d2242a3e37ec56c103da6aaae7ed471b87ef3b5ae054
3
+ metadata.gz: 729643a91b2542ef11a78966c493fadd8a15f6dd7ddc99a5764e9f993904c78e
4
+ data.tar.gz: 47cb2b434ec142362510f0494c441caa73c34dde4f56afdee470685f92825ac6
5
5
  SHA512:
6
- metadata.gz: '0349621e1d4393d435561bb72dcb8928746caffb6f57828f4ea429d93546ef550be81ce7d15fad344775b9c4af18b17cff6339c800c51bcc573c025bcb2e4f49'
7
- data.tar.gz: 4c7b9c61a59d6b7023fd2e54b8262a8ea1efed04600a36ccd5d92be85eb2240a1832178197dfa40ccef35ecddc886ee34d25ec674ba926c909461c7164b5b11d
6
+ metadata.gz: a72a5cbe005619fe1932b39798d4d2b63937e2b2a71a2ff80d15186f157c8a11978b61f84bbae6bf9778aa028aba3766addc4c0571a0ec0216d53b29a96adc9e
7
+ data.tar.gz: 0f40534a487aa4b1f5576795ea2904449b5dc531cdbd56720f8f62a8c0866b32b7d12d0e04e9c9fa40cab4860eceafe02e7047149ec39bdab8c5465831edc77a
data/lib/tcell_agent/rails/dlp_handler.rb CHANGED
@@ -33,14 +33,13 @@ module TCellAgent
33
33
  response
34
34
  end
35
35
 
36
- def self.get_handler_and_context(request, response_headers)
36
+ def self.get_handler_and_context(request)
37
37
  dlp_handler = nil
38
38
  tcell_context = nil
39
39
 
40
40
  TCellAgent::Instrumentation.safe_block('DLP Handler get handler and context') do
41
41
  if TCellAgent.configuration.should_instrument? &&
42
- TCellAgent.configuration.should_intercept_requests? &&
43
- TCellAgent::Utils::Rails.processable_response?(response_headers)
42
+ TCellAgent.configuration.should_intercept_requests?
44
43
 
45
44
  # do all this work so that dlp doesn't run at all unless it's on and there
46
45
  # are rules to run
data/lib/tcell_agent/rails/js_agent_insert.rb CHANGED
@@ -5,6 +5,21 @@ module TCellAgent
5
5
  module Rails
6
6
  module JSAgent
7
7
  HEAD_SEARCH_REGEX = Regexp.new('(<head>|<head( |\n).*?>)', Regexp::IGNORECASE)
8
+ def self.insert_js_agent?(response_headers)
9
+ content_disposition = response_headers['Content-Disposition']
10
+ is_attachment = content_disposition && content_disposition =~ /^attachment/i
11
+
12
+ content_type = response_headers['Content-Type']
13
+ applicable_content_type = content_type &&
14
+ content_type.start_with?('text/html')
15
+
16
+ content_encoding = response_headers['Content-Encoding']
17
+ compressed_content_encoding = content_encoding &&
18
+ (content_encoding =~ /(br|gzip)/i)
19
+
20
+ !is_attachment && applicable_content_type && !compressed_content_encoding
21
+ end
22
+
8
23
  def self.insert_now(js_agent_handler, script_insert, rack_body, content_length)
9
24
  TCellAgent::Instrumentation.safe_block('Handling JSAgent Insert Now') do
10
25
  if js_agent_handler
@@ -43,7 +58,7 @@ module TCellAgent
43
58
  script_insert = nil
44
59
 
45
60
  TCellAgent::Instrumentation.safe_block('JSAgent get handler and script insert') do
46
- return [nil, nil] unless (response_headers['Content-Type'] || '').start_with?('text/html')
61
+ return [nil, nil] unless insert_js_agent?(response_headers)
47
62
 
48
63
  js_agent_policy = TCellAgent.policy(TCellAgent::PolicyTypes::JSAGENTINJECTION)
49
64
  script_insert = js_agent_policy.get_js_agent_script_tag(
data/lib/tcell_agent/rails/middleware/headers_middleware.rb CHANGED
@@ -1,7 +1,6 @@
1
1
  require 'tcell_agent/instrumentation'
2
2
  require 'tcell_agent/rails/responses'
3
3
  require 'tcell_agent/rails/js_agent_insert'
4
- require 'tcell_agent/rails/dlp_handler'
5
4
  require 'tcell_agent/rails/tcell_body_proxy'
6
5
 
7
6
  module TCellAgent
@@ -22,7 +21,7 @@ module TCellAgent
22
21
  TCellAgent::Instrumentation.safe_block('Handling Request') do
23
22
  tcell_response = response
24
23
  unless request.env[TCellAgent::Instrumentation::TCELL_ID].patches_blocking_triggered
25
- tcell_response = _handle_appsensor_js_agent_and_dlp(request, tcell_response)
24
+ tcell_response = _handle_appsensor_js_agent(request, tcell_response)
26
25
  end
27
26
  tcell_response = _handle_redirect(request, tcell_response)
28
27
  tcell_response = _set_headers(request, tcell_response)
@@ -77,14 +76,12 @@ module TCellAgent
77
76
  response
78
77
  end
79
78
 
80
- def _handle_appsensor_js_agent_and_dlp(request, response)
79
+ def _handle_appsensor_js_agent(request, response)
81
80
  TCellAgent::Instrumentation.safe_block('Handling AppSensor, JS Agent, and DLP') do
82
81
  status_code, response_headers, response_body = response
83
82
 
84
83
  js_agent_handler, script_insert =
85
84
  TCellAgent::Instrumentation::Rails::JSAgent.get_handler_and_script_insert(request, response_headers)
86
- dlp_handler, tcell_context =
87
- TCellAgent::Instrumentation::Rails::DLPHandler.get_handler_and_context(request, response_headers)
88
85
 
89
86
  content_length = 0
90
87
  defer_appfw_due_to_streaming = false
@@ -97,29 +94,21 @@ module TCellAgent
97
94
 
98
95
  # when content length is present it can be inferred that the
99
96
  # response is not a streaming response, so js agent insertion
100
- # and dlp reports and redactions can be done up front
97
+ # can be done up front
101
98
  response_body, content_length =
102
99
  TCellAgent::Instrumentation::Rails::JSAgent.insert_now(js_agent_handler,
103
100
  script_insert,
104
101
  response_body,
105
102
  content_length)
106
103
 
107
- response_body, content_length =
108
- TCellAgent::Instrumentation::Rails::DLPHandler.report_and_redact_now(dlp_handler,
109
- tcell_context,
110
- response_body,
111
- content_length)
112
-
113
104
  response_headers['Content-Length'] = content_length.to_s
114
105
 
115
106
  elsif response_body.is_a?(Rack::BodyProxy)
116
107
  response_body = TCellAgent::Instrumentation::Rails::TCellBodyProxy.new(
117
108
  response_body,
118
- TCellAgent::Utils::Rails.processable_response?(response_headers),
119
109
  js_agent_handler,
120
110
  script_insert,
121
- dlp_handler,
122
- tcell_context
111
+ response_headers
123
112
  )
124
113
  defer_appfw_due_to_streaming = true
125
114
  end
data/lib/tcell_agent/rails/responses.rb CHANGED
@@ -7,18 +7,6 @@ module TCellAgent
7
7
  STATUSES_MISSING_CONTENT_LENGTH.include?(status_code.to_i) ||
8
8
  (headers['Content-Length'] && headers['Content-Length'].to_i.zero?)
9
9
  end
10
-
11
- def self.processable_response?(response_headers)
12
- content_disposition = response_headers['Content-Disposition']
13
- is_attachment = content_disposition && content_disposition =~ /^attachment/i
14
-
15
- content_type = response_headers['Content-Type']
16
- applicable_content_type = content_type &&
17
- (content_type =~ %r{application/json}i ||
18
- content_type =~ %r{application/xml}i ||
19
- content_type =~ /^text/i)
20
- !is_attachment && applicable_content_type
21
- end
22
10
  end
23
11
  end
24
12
  end
data/lib/tcell_agent/rails/tcell_body_proxy.rb CHANGED
@@ -4,27 +4,17 @@ module TCellAgent
4
4
  module Instrumentation
5
5
  module Rails
6
6
  class TCellBodyProxy
7
- attr_accessor :meta_data
8
-
9
- # for specs
10
- attr_accessor :content_length
7
+ attr_accessor :content_length, :meta_data
11
8
 
12
9
  def initialize(body,
13
- process_js_and_dlp,
14
10
  js_agent_insertion_proc,
15
11
  script_insert,
16
- dlp_cleaner_proc,
17
- tcell_context)
12
+ response_headers)
18
13
  @content_length = 0
19
14
  @body = body
20
-
21
- @process_js_and_dlp = process_js_and_dlp
22
-
23
15
  @js_agent_insertion_proc = js_agent_insertion_proc
24
16
  @script_insert = script_insert
25
-
26
- @dlp_cleaner_proc = dlp_cleaner_proc
27
- @tcell_context = tcell_context
17
+ @response_headers = response_headers
28
18
  end
29
19
 
30
20
  def close
@@ -58,35 +48,34 @@ module TCellAgent
58
48
  end
59
49
 
60
50
  def process_body(body)
51
+ new_body = body
61
52
  TCellAgent::Instrumentation.safe_block('Processing tcell body proxy body') do
62
53
  chunked_response_match = nil
63
- if body.class.name == 'String' && body =~ /^([[:xdigit:]]+)(;.+)?\r\n/
54
+
55
+ if @response_headers['Transfer-Encoding'] == 'chunked' &&
56
+ body.class.name == 'String' &&
57
+ body =~ /^([[:xdigit:]]+)(;.+)?\r\n/
64
58
  chunked_response_match = Regexp.last_match(1)
65
59
  @content_length += chunked_response_match.to_i(16)
66
60
  end
67
61
 
68
- new_body = body
69
62
  if body.class.name == 'ActionView::OutputBuffer' ||
70
63
  (body.class.name == 'String' && !chunked_response_match)
71
- if @process_js_and_dlp
72
- if @js_agent_insertion_proc
73
- new_body = @js_agent_insertion_proc.call(@script_insert, body)
74
- if new_body != body
75
- # js agent was successfully inserted so no need to keep
76
- # calling this proc
77
- @js_agent_insertion_proc = nil
78
- end
79
- end
80
- if @dlp_cleaner_proc
81
- @dlp_cleaner_proc.call(@tcell_context, new_body)
64
+ if @js_agent_insertion_proc
65
+ new_body = @js_agent_insertion_proc.call(@script_insert, body)
66
+
67
+ if new_body != body
68
+ # js agent was successfully inserted so no need to keep
69
+ # calling this proc
70
+ @js_agent_insertion_proc = nil
82
71
  end
83
72
  end
84
73
 
85
74
  @content_length += new_body.bytesize
86
75
  end
87
-
88
- new_body
89
76
  end
77
+
78
+ new_body
90
79
  end
91
80
  end
92
81
  end
data/lib/tcell_agent/rust/libtcellagent.so CHANGED
Binary file
data/lib/tcell_agent/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # See the file "LICENSE" for the full license governing this code.
2
2
 
3
3
  module TCellAgent
4
- VERSION = '2.5.1'.freeze
4
+ VERSION = '2.5.2'.freeze
5
5
  end
data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb CHANGED
@@ -22,8 +22,7 @@ module TCellAgent
22
22
  it 'appfirewall injections should be checked' do
23
23
  tcell_body_proxy = TCellBodyProxy.new(
24
24
  Rack::BodyProxy.new(['body']) {},
25
- true,
26
- nil, nil, nil, nil
25
+ nil, nil, {}
27
26
  )
28
27
  tcell_body_proxy.meta_data = @meta_data
29
28
 
@@ -48,8 +47,7 @@ module TCellAgent
48
47
  it 'should check for appfirewall injections' do
49
48
  tcell_body_proxy = TCellBodyProxy.new(
50
49
  Rack::BodyProxy.new(['body']) {},
51
- true,
52
- nil, nil, nil, nil
50
+ nil, nil, {}
53
51
  )
54
52
  tcell_body_proxy.meta_data = @meta_data
55
53
 
@@ -78,8 +76,7 @@ module TCellAgent
78
76
  it 'should return an enumerator' do
79
77
  tcell_body_proxy = TCellBodyProxy.new(
80
78
  Rack::BodyProxy.new(['body']) {},
81
- true,
82
- nil, nil, nil, nil
79
+ nil, nil, {}
83
80
  )
84
81
  expect(tcell_body_proxy.each.class.name).to eq('Enumerator')
85
82
  end
@@ -89,15 +86,16 @@ module TCellAgent
89
86
  context 'with a chunked response' do
90
87
  it 'should only calculate content length' do
91
88
  tcell_body_proxy = TCellBodyProxy.new(
92
- Rack::BodyProxy.new(["2d\r\nsome content\r\n"]) {},
93
- false,
94
- nil, nil, nil, nil
89
+ Rack::BodyProxy.new(["2d\r\nsome content\r\n", "0\r\n"]) {},
90
+ nil, nil, { 'Transfer-Encoding' => 'chunked' }
95
91
  )
96
92
 
97
93
  expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
98
94
  'Processing tcell body proxy body'
99
95
  ).and_call_original
100
-
96
+ expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
97
+ 'Processing tcell body proxy body'
98
+ ).and_call_original
101
99
  tcell_body_proxy.each { |b| }
102
100
 
103
101
  expect(tcell_body_proxy.content_length).to eq(45)
@@ -109,8 +107,7 @@ module TCellAgent
109
107
  it 'should only calculate content length' do
110
108
  tcell_body_proxy = TCellBodyProxy.new(
111
109
  Rack::BodyProxy.new(['some content']) {},
112
- false,
113
- nil, nil, nil, nil
110
+ nil, nil, {}
114
111
  )
115
112
 
116
113
  expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
@@ -126,11 +123,9 @@ module TCellAgent
126
123
  context 'that should be processed' do
127
124
  it 'should call js and dlp procs as well as calculate content length' do
128
125
  js_agent_insertion_proc = double('js_agent_insertion_proc')
129
- dlp_cleaner_proc = double('dlp_cleaner_proc')
130
126
  tcell_body_proxy = TCellBodyProxy.new(
131
127
  Rack::BodyProxy.new(['some content']) {},
132
- true,
133
- js_agent_insertion_proc, 'script_insert', dlp_cleaner_proc, nil
128
+ js_agent_insertion_proc, 'script_insert', {}
134
129
  )
135
130
 
136
131
  expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
@@ -139,7 +134,6 @@ module TCellAgent
139
134
  expect(js_agent_insertion_proc).to receive(:call).with(
140
135
  'script_insert', 'some content'
141
136
  ).and_return('some content')
142
- expect(dlp_cleaner_proc).to receive(:call).with(nil, 'some content')
143
137
 
144
138
  tcell_body_proxy.each { |b| }
145
139
 
@@ -154,11 +148,9 @@ module TCellAgent
154
148
  it 'should only calculate content length' do
155
149
  body_chunk = 'some content'
156
150
  js_agent_insertion_proc = double('js_agent_insertion_proc')
157
- dlp_cleaner_proc = double('dlp_cleaner_proc')
158
151
  tcell_body_proxy = TCellBodyProxy.new(
159
152
  Rack::BodyProxy.new([body_chunk]) {},
160
- false,
161
- nil, nil, nil, nil
153
+ nil, nil, {}
162
154
  )
163
155
 
164
156
  expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
@@ -167,11 +159,7 @@ module TCellAgent
167
159
  expect(body_chunk).to receive(:class).and_return(
168
160
  double('body_class', :name => 'ActionView::OutputBuffer')
169
161
  )
170
- expect(body_chunk).to receive(:class).and_return(
171
- double('body_class', :name => 'ActionView::OutputBuffer')
172
- )
173
162
  expect(js_agent_insertion_proc).to_not receive(:call)
174
- expect(dlp_cleaner_proc).to_not receive(:call)
175
163
 
176
164
  tcell_body_proxy.each { |b| }
177
165
 
@@ -183,11 +171,9 @@ module TCellAgent
183
171
  it 'should call js and dlp procs as well as calculate content length' do
184
172
  body_chunk = 'some content'
185
173
  js_agent_insertion_proc = double('js_agent_insertion_proc')
186
- dlp_cleaner_proc = double('dlp_cleaner_proc')
187
174
  tcell_body_proxy = TCellBodyProxy.new(
188
175
  Rack::BodyProxy.new([body_chunk]) {},
189
- true,
190
- js_agent_insertion_proc, 'script_insert', dlp_cleaner_proc, nil
176
+ js_agent_insertion_proc, 'script_insert', {}
191
177
  )
192
178
 
193
179
  expect(TCellAgent::Instrumentation).to receive(:safe_block).with(
@@ -196,7 +182,6 @@ module TCellAgent
196
182
  expect(js_agent_insertion_proc).to receive(:call).with(
197
183
  'script_insert', body_chunk
198
184
  ).and_return(body_chunk)
199
- expect(dlp_cleaner_proc).to receive(:call).with(nil, body_chunk)
200
185
 
201
186
  tcell_body_proxy.each { |b| }
202
187
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tcell_agent
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.5.1
4
+ version: 2.5.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Rapid7, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-17 00:00:00.000000000 Z
11
+ date: 2022-02-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ffi
@@ -272,7 +272,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
272
272
  - !ruby/object:Gem::Version
273
273
  version: '0'
274
274
  requirements: []
275
- rubygems_version: 3.2.22
275
+ rubygems_version: 3.2.32
276
276
  signing_key:
277
277
  specification_version: 4
278
278
  summary: tCell Agent for Rails