module TCellAgent::Cmdi

Public Class Methods

block_command?(cmd) click to toggle source
# File lib/tcell_agent/instrumentation/cmdi.rb, line 7
def self.block_command?(cmd)
  TCellAgent::Instrumentation.safe_block('Checking Command Injection Policy') do
    if TCellAgent::Utils::Strings.present?(cmd)
      command_injection_policy = TCellAgent.policy(TCellAgent::PolicyTypes::COMMANDINJECTION)
      if command_injection_policy.enabled
        request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(
          Thread.current.object_id, {}
        )
        tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
        return command_injection_policy.block_command?(cmd, tcell_context)
      end
    end
  end

  false
end
default_cmdi_handler(args) click to toggle source
# File lib/tcell_agent/instrumentation/cmdi.rb, line 66
def self.default_cmdi_handler(args)
  cmd = TCellAgent::Cmdi.parse_command(*args)

  raise_if_block(cmd)
end
parse_command(*args) click to toggle source
# File lib/tcell_agent/instrumentation/cmdi.rb, line 24
def self.parse_command(*args)
  cmd = ''

  TCellAgent::Instrumentation.safe_block('CMDI Parsing *args') do
    return cmd if args.nil? || args.empty?

    args_copy = Array.new(args)
    args_copy.shift if args_copy.first.is_a?(Hash)
    args_copy.pop if args_copy.last.is_a?(Hash)

    if args_copy.first.is_a?(Array)
      cmd_n_argv0 = args_copy.shift
      args_copy.unshift(cmd_n_argv0.first)
    end

    cmd = args_copy.join(' ')
  end

  cmd
end
parse_command_from_open(*args) click to toggle source
# File lib/tcell_agent/instrumentation/cmdi.rb, line 45
def self.parse_command_from_open(*args)
  cmd = ''

  TCellAgent::Instrumentation.safe_block('CMDI Parsing *args') do
    return cmd if args.nil? || args.empty?

    args_copy = Array.new(args)
    first_arg = args_copy.shift

    cmd = first_arg[1..-1] if first_arg && (first_arg.is_a? String) && first_arg[0] == '|'
  end

  cmd
end
popen_cmdi_handler(args) click to toggle source
# File lib/tcell_agent/instrumentation/cmdi.rb, line 72
def self.popen_cmdi_handler(args)
  return if args.empty?

  cmd = ''

  TCellAgent::Instrumentation.safe_block('CMDI Parsing popen *args') do
    args_copy = Array.new(args)
    args_copy.shift if args_copy.first.is_a?(Hash)
    args_copy.pop if args_copy.last.is_a?(Hash)

    cmd = if args_copy.first.is_a?(String)
            args_copy.shift
          else
            TCellAgent::Cmdi.parse_command(*args_copy.shift)
          end
  end

  raise_if_block(cmd)
end
raise_if_block(cmd) click to toggle source
# File lib/tcell_agent/instrumentation/cmdi.rb, line 60
def self.raise_if_block(cmd)
  return unless TCellAgent::Cmdi.block_command?(cmd)

  raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
end