Class: TCellAgent::AppSensor::InjectionsMatcher

Inherits:
Object
  • Object
show all
Defined in:
lib/tcell_agent/appsensor/injections_matcher.rb

Constant Summary collapse

GET_PARAM = 
TCellAgent::Utils::Params::GET_PARAM
POST_PARAM = 
TCellAgent::Utils::Params::POST_PARAM
JSON_PARAM = 
TCellAgent::Utils::Params::JSON_PARAM

TCellAgent::Utils::Params::COOKIE_PARAM
URI_PARAM = 
TCellAgent::Utils::Params::URI_PARAM
HEADER_PARAM = 
TCellAgent::Utils::Params::HEADER_PARAM
DETECTION_POINTS_V2 = 
{
  "xss" => TCellAgent::Policies::XssSensor,
  "sqli" => TCellAgent::Policies::SqliSensor,
  "cmdi" => TCellAgent::Policies::CmdiSensor,
  "fpt" => TCellAgent::Policies::FptSensor,
  "nullbyte" => TCellAgent::Policies::NullbyteSensor,
  "retr" => TCellAgent::Policies::RetrSensor
}

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(sensors) ⇒ InjectionsMatcher 



32
33
34
35
 
# File 'lib/tcell_agent/appsensor/injections_matcher.rb', line 32

def initialize(sensors)
  @sensors = sensors
  @enabled = sensors.size > 0
end

Instance Attribute Details

#enabledObject

Returns the value of attribute enabled.



30
31
32
 
# File 'lib/tcell_agent/appsensor/injections_matcher.rb', line 30

def enabled
  @enabled
end

#sensorsObject

Returns the value of attribute sensors.



30
31
32
 
# File 'lib/tcell_agent/appsensor/injections_matcher.rb', line 30

def sensors
  @sensors
end

Class Method Details

.from_json(version, sensors_json) ⇒ Object 



111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
 
# File 'lib/tcell_agent/appsensor/injections_matcher.rb', line 111

def self.from_json(version, sensors_json)
  sensors_json = sensors_json || {}
  sensors = []

  if version == 1
    options_json = sensors_json.fetch("options", {})

    (options_json || {}).each do |sensor_key, enabled|
      next unless enabled

      if sensor_key == "null"
        sensor_key = "nullbyte"
      end

      clazz = DETECTION_POINTS_V2[sensor_key]

      next unless clazz

      sensors.push(clazz.new(
        {
          "enabled" => enabled,
          "v1_compatability_enabled" => true
        }
      ))
    end

  elsif version == 2
    sensors_json.each do |sensor_key, settings|
      clazz = DETECTION_POINTS_V2[sensor_key]

      next unless clazz

      updated_settings = {"enabled" => true}.merge(settings)
      if updated_settings["enabled"]
        sensors.push(clazz.new(updated_settings))
      end
    end
  end

  InjectionsMatcher.new(sensors)
end

Instance Method Details

#check_param_for_injections(param_type, appsensor_meta, param_name, param_value) ⇒ Object 



100
101
102
103
104
105
106
107
108
109
 
# File 'lib/tcell_agent/appsensor/injections_matcher.rb', line 100

def check_param_for_injections(param_type, appsensor_meta, param_name, param_value)
  @sensors.each do |sensor|
    next unless sensor.applicable_for_param_type?(param_type)

    injection_attempt = sensor.get_injection_attempt(param_type, appsensor_meta, param_name, param_value)
    return injection_attempt if injection_attempt
  end

  return nil
end

#each_injection(meta_data) ⇒ Object 



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
 
# File 'lib/tcell_agent/appsensor/injections_matcher.rb', line 37

def each_injection(meta_data)
  return unless @enabled

  meta_data.flattened_path_parameters.each do |param_name, param_value|
    TCellAgent::Instrumentation.safe_block("AppSensor Check Path Params injections") do
      param_name = param_name[-1]
      injection_attempt =
        check_param_for_injections(URI_PARAM, meta_data, param_name, param_value)

      yield(injection_attempt) if injection_attempt
    end
  end

  meta_data.flattened_get_dict.each do |param_name, param_value|
    TCellAgent::Instrumentation.safe_block("AppSensor Check GET var injections") do
      param_name = param_name[-1]
      injection_attempt =
        check_param_for_injections(GET_PARAM, meta_data, param_name, param_value)

      yield(injection_attempt) if injection_attempt
    end
  end

  meta_data.flattened_post_dict.each do |param_name, param_value|
    TCellAgent::Instrumentation.safe_block("AppSensor Check POST var injections") do
      param_name = param_name[-1]
      injection_attempt =
        check_param_for_injections(POST_PARAM, meta_data, param_name, param_value)

      yield(injection_attempt) if injection_attempt
    end
  end

  meta_data.flattened_body_dict.each do |param_name, param_value|
    TCellAgent::Instrumentation.safe_block("AppSensor Check JSON var injections") do
      param_name = param_name[-1]
      injection_attempt = check_param_for_injections(JSON_PARAM, meta_data, param_name, param_value)

      yield(injection_attempt) if injection_attempt
    end
  end

  meta_data.flattened_cookie_dict.each do |param_name, param_value|
    TCellAgent::Instrumentation.safe_block("AppSensor Check COOKIE var injections") do
      param_name = param_name[-1]
      injection_attempt =
        check_param_for_injections(COOKIE_PARAM, meta_data, param_name, param_value)

      yield(injection_attempt) if injection_attempt
    end
  end

  meta_data.flattened_headers_dict.each do |param_name, param_value|
    TCellAgent::Instrumentation.safe_block("AppSensor Check HEADER var injections") do
      param_name = param_name[-1]
      injection_attempt =
        check_param_for_injections(HEADER_PARAM, meta_data, param_name, param_value)

      yield(injection_attempt) if injection_attempt
    end
  end
end