class TCellAgent::Instrumentation::TCellData

Attributes

context_filters_by_term[RW]
csrf_exception_name[RW]
database_filters[RW]
database_result_sizes[RW]
fullpath[RW]
grape_mount_endpoint[RW]
hmac_session_id[RW]
password[RW]
patches_blocking_triggered[RW]
path[RW]
path_parameters[RW]
referrer[RW]
remote_address[RW]
request_method[RW]
reverse_proxy_header_value[RW]
route_id[RW]
session_id[RW]
sql_exceptions[RW]
transaction_id[RW]
uri[RW]
user_agent[RW]
user_id[RW]

Public Class Methods

filterx(sanitize_string, event_flag, replace_flag, term) click to toggle source
# File lib/tcell_agent/instrumentation.rb, line 71
def self.filterx(sanitize_string, event_flag, replace_flag, term)
  send_event = false
  sanitize_string.gsub!(term) do |m|
    if replace_flag
      m = '[redacted]'
      send_event = true
    elsif event_flag
      # m = "[hash]"
      send_event = true
    end
    m
  end
  send_event
end
new() click to toggle source
# File lib/tcell_agent/instrumentation.rb, line 86
def initialize
  @patches_blocking_triggered = false
  @context_filters_by_term = Hash.new { |h, k| h[k] = Set.new }
  @sql_exceptions = []
  @database_result_sizes = []
end

Public Instance Methods

add_filter_for_header_value(term, rule, header_name) click to toggle source
# File lib/tcell_agent/instrumentation.rb, line 111
def add_filter_for_header_value(term, rule, header_name)
  return unless valid_term?(term)

  context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('header', header_name, rule))
end
add_filter_for_request_parameter(term, rule, parameter_name) click to toggle source
# File lib/tcell_agent/instrumentation.rb, line 105
def add_filter_for_request_parameter(term, rule, parameter_name)
  return unless valid_term?(term)

  context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('form', parameter_name, rule))
end
add_response_db_filter(term, action_obj, database, schema, table, field) click to toggle source
# File lib/tcell_agent/instrumentation.rb, line 99
def add_response_db_filter(term, action_obj, database, schema, table, field)
  return unless valid_term?(term)

  context_filters_by_term[term.to_s].add(ContextFilter.new.for_database(database, schema, table, field, action_obj))
end
filter_body!(body) click to toggle source
# File lib/tcell_agent/instrumentation.rb, line 123
def filter_body!(body)
  dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
  if dlp_policy && session_id
    session_id_actions = dlp_policy.get_actions_for_session_id
    if session_id_actions
      send_flag = TCellData.filterx(body, session_id_actions.body_event, session_id_actions.body_redact, session_id)
      if send_flag
        TCellAgent.send_event(
          TCellAgent::SensorEvents::DlpEvent.new(
            route_id,
            uri,
            TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY,
            session_id_actions.action_id
          ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
        )

      end
    end
  end
  context_filters_by_term.sort_by { |term, _context_filters| -term.length }.each do |term, context_filters|
    replace_filters = (context_filters.select { |context_filter| context_filter.rule.body_redact == true })
    event_filters = (context_filters.select { |context_filter| (context_filter.rule.body_redact != true && context_filter.rule.body_event == true) })
    send_flag = TCellData.filterx(body, !event_filters.empty?, !replace_filters.empty?, term)
    send_flag ||= TCellData.filterx(body, !event_filters.empty?, !replace_filters.empty?, CGI.escapeHTML(term))
    next unless send_flag

    (replace_filters + event_filters).each do |filter|
      base_event = TCellAgent::SensorEvents::DlpEvent.new(
        route_id,
        uri,
        TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY,
        filter.rule.action_id
      )
      if filter.type == ContextFilter::DATABASE
        TCellAgent.send_event(
          base_event.for_database(filter.database, filter.schema, filter.table, filter.field)
        )
      elsif filter.type == ContextFilter::REQUEST
        TCellAgent.send_event(
          base_event.for_request(filter.context, filter.parameter)
        )
      end
    end
  end
  body
end
filter_log(log_msg) click to toggle source
# File lib/tcell_agent/instrumentation.rb, line 170
def filter_log(log_msg)
  dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
  if dlp_policy && session_id
    session_id_actions = dlp_policy.get_actions_for_session_id
    if session_id_actions
      send_flag = TCellData.filterx(log_msg, session_id_actions.log_event, session_id_actions.log_redact, session_id)
      if send_flag
        TCellAgent.send_event(
          TCellAgent::SensorEvents::DlpEvent.new(
            route_id,
            uri,
            TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG,
            session_id_actions.action_id
          ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
        )
      end
    end
  end
  context_filters_by_term.sort_by { |term, _context_filters| -term.length }.each do |term, context_filters|
    replace_filters = (context_filters.select { |context_filter| context_filter.rule.log_redact == true })
    event_filters = (context_filters.select { |context_filter| (context_filter.rule.log_redact != true && context_filter.rule.log_event == true) })
    send_flag = TCellData.filterx(log_msg, !event_filters.empty?, !replace_filters.empty?, term)
    next unless send_flag

    (replace_filters + event_filters).each do |filter|
      base_event = TCellAgent::SensorEvents::DlpEvent.new(
        route_id,
        uri,
        TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG,
        filter.rule.action_id
      )
      if filter.type == ContextFilter::DATABASE
        TCellAgent.send_event(
          base_event.for_database(filter.database, filter.schema, filter.table, filter.field)
        )
      elsif filter.type == ContextFilter::REQUEST
        TCellAgent.send_event(
          base_event.for_request(filter.context, filter.parameter)
        )
      end
    end
  end
  log_msg
end
to_s() click to toggle source
# File lib/tcell_agent/instrumentation.rb, line 215
def to_s
  "<#{self.class.name} transaction_id: #{transaction_id} session_id: #{session_id} " \
  "hmac_session_id: #{hmac_session_id} user_id: #{user_id} route_id: #{route_id} " \
  "uri: #{uri} context_filters_by_term: #{context_filters_by_term} " \
  "database_filters: #{database_filters} remote_address: #{remote_address} user_agent: #{user_agent} " \
  "request_method: #{@request_method} path_parameters: #{@path_parameters}>"
end
valid_term?(term) click to toggle source
# File lib/tcell_agent/instrumentation.rb, line 93
def valid_term?(term)
  return true if !term.nil? && term != '' && term.to_s.length >= 5

  false
end