Class: TCellAgent::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/tcell_agent/configuration.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(filename = "config/tcell_agent.config", useapp = nil) ⇒ Configuration

Returns a new instance of Configuration.



112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
 
# File 'lib/tcell_agent/configuration.rb', line 112

def initialize(filename="config/tcell_agent.config", useapp=nil)
  # These will be set when the agent starts up, to give rails initializers
  # a chance to run
  @cache_filename = nil
  @agent_log_dir = nil
  @log_tag = nil

  @logger = nil
  @appfirewall_payloads_logger = nil

  @version = 0
  @exp_config_settings = true
  @demomode = false

  @fetch_policies_from_tcell = true
  @instrument_for_events = true

  @disable_all = false
  @enabled = true
  @enable_event_manager = true
  @enable_event_consumer = true
  @enable_policy_polling = true
  @enable_instrumentation = true
  @enable_intercept_requests = true

  @enabled_instrumentations = {
    :doorkeeper => true,
    :devise => true,
    :authlogic => true
  }

  @log_file_name = "tcell_agent.log"

  @event_batch_size_limit = 50
  @event_time_limit_seconds = 15

  @max_data_ex_db_records_per_request = 1000
  @reverse_proxy = true
  @reverse_proxy_ip_address_header = nil
  @allow_payloads = true

  @max_csp_header_bytes = nil
  @password_hmac_key = nil

  @agent_home_dir = ENV["TCELL_AGENT_HOME"] || File.join(Dir.getwd, "tcell")
  @config_filename = ENV["TCELL_AGENT_CONFIG"] || File.join(Dir.getwd, filename)

  read_config_from_file(@config_filename)
  read_config_using_env

  if @demomode
    @event_batch_size_limit = 1
    @event_time_limit_seconds = 2
  end

  if ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"]
    puts "tCell.io Agent: [DEPRECATED] TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS is deprecated and will be removed in a future release. Please switch to TCELL_AGENT_ALLOW_PAYLOADS."
  end

  if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"])
    puts "tCell.io Agent: [DEPRECATED] TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS is deprecated and will be removed in a future release. Please switch to TCELL_AGENT_ALLOW_PAYLOADS."
  end

  if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"] != nil)
    @allow_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"])
  end
  if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"] != nil)
    @allow_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"])
  end
  if (ENV["TCELL_AGENT_ALLOW_PAYLOADS"] != nil)
    @allow_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_PAYLOADS"])
  end

  @tcell_api_url = compose_api_url
  @tcell_input_url ||= "https://input.tcell.io/api/v1"
  @js_agent_api_base_url ||= @tcell_api_url
  @js_agent_url ||= "https://jsagent.tcell.io/tcellagent.min.js"

  if (@host_identifier == nil)
    begin
      @host_identifier = (Socket.gethostname() || "localhost")
    rescue StandardError
      @host_identifier = "host_identifier_not_found"
    end
  end

  @uuid = SecureRandom.uuid
end

Instance Attribute Details

#agent_home_dirObject

Returns the value of attribute agent_home_dir.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def agent_home_dir
  @agent_home_dir
end

#agent_home_ownerObject

Returns the value of attribute agent_home_owner.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def agent_home_owner
  @agent_home_owner
end

#agent_log_dirObject

Returns the value of attribute agent_log_dir.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def agent_log_dir
  @agent_log_dir
end

#allow_payloadsObject

Returns the value of attribute allow_payloads.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def allow_payloads
  @allow_payloads
end

#api_keyObject

Returns the value of attribute api_key.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def api_key
  @api_key
end

#app_idObject

Returns the value of attribute app_id.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def app_id
  @app_id
end

#appfirewall_payloads_loggerObject

Returns the value of attribute appfirewall_payloads_logger.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def appfirewall_payloads_logger
  @appfirewall_payloads_logger
end

#base_dirObject

Returns the value of attribute base_dir.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def base_dir
  @base_dir
end

#cache_filenameObject

Returns the value of attribute cache_filename.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def cache_filename
  @cache_filename
end

#config_filenameObject

Returns the value of attribute config_filename.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def config_filename
  @config_filename
end

#demomodeObject

Returns the value of attribute demomode.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def demomode
  @demomode
end

#disable_allObject

Returns the value of attribute disable_all.



56
57
58
 
# File 'lib/tcell_agent/configuration.rb', line 56

def disable_all
  @disable_all
end

#enable_event_consumerObject

Returns the value of attribute enable_event_consumer.



56
57
58
 
# File 'lib/tcell_agent/configuration.rb', line 56

def enable_event_consumer
  @enable_event_consumer
end

#enable_event_managerObject

Returns the value of attribute enable_event_manager.



56
57
58
 
# File 'lib/tcell_agent/configuration.rb', line 56

def enable_event_manager
  @enable_event_manager
end

#enable_instrumentationObject

Returns the value of attribute enable_instrumentation.



56
57
58
 
# File 'lib/tcell_agent/configuration.rb', line 56

def enable_instrumentation
  @enable_instrumentation
end

#enable_intercept_requestsObject

Returns the value of attribute enable_intercept_requests.



56
57
58
 
# File 'lib/tcell_agent/configuration.rb', line 56

def enable_intercept_requests
  @enable_intercept_requests
end

#enable_policy_pollingObject

Returns the value of attribute enable_policy_polling.



56
57
58
 
# File 'lib/tcell_agent/configuration.rb', line 56

def enable_policy_polling
  @enable_policy_polling
end

#enabledObject

Returns the value of attribute enabled.



56
57
58
 
# File 'lib/tcell_agent/configuration.rb', line 56

def enabled
  @enabled
end

#enabled_instrumentationsObject

Returns the value of attribute enabled_instrumentations.



64
65
66
 
# File 'lib/tcell_agent/configuration.rb', line 64

def enabled_instrumentations
  @enabled_instrumentations
end

#event_batch_size_limitObject

Returns the value of attribute event_batch_size_limit.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def event_batch_size_limit
  @event_batch_size_limit
end

#event_time_limit_secondsObject

Returns the value of attribute event_time_limit_seconds.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def event_time_limit_seconds
  @event_time_limit_seconds
end

#exp_config_settingsObject

Returns the value of attribute exp_config_settings.



66
67
68
 
# File 'lib/tcell_agent/configuration.rb', line 66

def exp_config_settings
  @exp_config_settings
end

#fetch_policies_from_tcellObject

Returns the value of attribute fetch_policies_from_tcell.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def fetch_policies_from_tcell
  @fetch_policies_from_tcell
end

#hmac_keyObject

Returns the value of attribute hmac_key.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def hmac_key
  @hmac_key
end

#host_identifierObject

Returns the value of attribute host_identifier.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def host_identifier
  @host_identifier
end

#instrument_for_eventsObject

Returns the value of attribute instrument_for_events.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def instrument_for_events
  @instrument_for_events
end

#js_agent_api_base_urlObject

Returns the value of attribute js_agent_api_base_url.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def js_agent_api_base_url
  @js_agent_api_base_url
end

#js_agent_urlObject

Returns the value of attribute js_agent_url.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def js_agent_url
  @js_agent_url
end

#log_file_nameObject

Returns the value of attribute log_file_name.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def log_file_name
  @log_file_name
end

#log_tagObject

Returns the value of attribute log_tag.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def log_tag
  @log_tag
end

#loggerObject

Returns the value of attribute logger.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def logger
  @logger
end

#logging_optionsObject

Returns the value of attribute logging_options.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def logging_options
  @logging_options
end

#max_csp_header_bytesObject

Returns the value of attribute max_csp_header_bytes.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def max_csp_header_bytes
  @max_csp_header_bytes
end

#max_data_ex_db_records_per_requestObject

Returns the value of attribute max_data_ex_db_records_per_request.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def max_data_ex_db_records_per_request
  @max_data_ex_db_records_per_request
end

#password_hmac_keyObject

Returns the value of attribute password_hmac_key.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def password_hmac_key
  @password_hmac_key
end

#preload_policy_filenameObject

Returns the value of attribute preload_policy_filename.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def preload_policy_filename
  @preload_policy_filename
end

#reverse_proxyObject

Returns the value of attribute reverse_proxy.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def reverse_proxy
  @reverse_proxy
end

#reverse_proxy_ip_address_headerObject

Returns the value of attribute reverse_proxy_ip_address_header.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def reverse_proxy_ip_address_header
  @reverse_proxy_ip_address_header
end

#tcell_api_urlObject

Returns the value of attribute tcell_api_url.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def tcell_api_url
  @tcell_api_url
end

#tcell_input_urlObject

Returns the value of attribute tcell_input_url.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def tcell_input_url
  @tcell_input_url
end

#uuidObject

Returns the value of attribute uuid.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def uuid
  @uuid
end

#versionObject

Returns the value of attribute version.



24
25
26
 
# File 'lib/tcell_agent/configuration.rb', line 24

def version
  @version
end

Instance Method Details

#allow_unencrypted_appfirewall_payloadsObject

keep this around in case the value was read as well



362
363
364
 
# File 'lib/tcell_agent/configuration.rb', line 362

def allow_unencrypted_appfirewall_payloads
  @allow_payloads
end

#allow_unencrypted_appfirewall_payloads=(val) ⇒ Object

old value could be set via initializers, this makes sure those initializers still work properly



358
359
360
 
# File 'lib/tcell_agent/configuration.rb', line 358

def allow_unencrypted_appfirewall_payloads=(val)
  @allow_payloads = val
end

#appfirewall_payloads_log_filenameObject 



371
372
373
374
 
# File 'lib/tcell_agent/configuration.rb', line 371

def appfirewall_payloads_log_filename
  @agent_log_dir ||= File.join(@agent_home_dir, "logs")
  File.join(@agent_log_dir, "tcell_agent_payloads.log")
end

#cache_filename_with_app_idObject 



233
234
235
236
237
238
239
240
241
 
# File 'lib/tcell_agent/configuration.rb', line 233

def cache_filename_with_app_id
  @cache_filename ||= File.join(@agent_home_dir, "cache", "tcell_agent.cache")

  if @app_id
    "#{@cache_filename}.#{@app_id}"
  else
    @cache_filename
  end
end

#compose_api_urlObject 



201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
 
# File 'lib/tcell_agent/configuration.rb', line 201

def compose_api_url
  @tcell_api_url ||= "https://api.tcell.io"
  parsed_uri = URI.parse(@tcell_api_url)

  api_url = [
    parsed_uri.scheme,
    "://",
    parsed_uri.host
  ]

  api_url.push(":#{parsed_uri.port}") unless [80, 443].include?(parsed_uri.port)

  [
    api_url.join(''),
    "/agents/api/v1/apps/",
    "{app_id}",
    "/policies/latest",
    "?",
    "type=jsagentinjection:v1",
    "&type=http-redirect:v1",
    "&type=clickjacking:v1",
    "&type=secure-headers:v1",
    "&type=cmdi:v1",
    "&type=csp-headers:v1",
    "&type=dlp:v1",
    "&type=login:v1",
    "&type=regex:v1",
    "&type=appsensor:v2",
    "&type=patches:v1"
  ].join('')
end

#log_filenameObject 



366
367
368
369
 
# File 'lib/tcell_agent/configuration.rb', line 366

def log_filename
  @agent_log_dir ||= File.join(@agent_home_dir, "logs")
  File.join(@agent_log_dir, @log_file_name)
end

#read_config_from_file(filename) ⇒ Object 



257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
 
# File 'lib/tcell_agent/configuration.rb', line 257

def read_config_from_file(filename)
  if File.file?(filename)
    #puts "tCell.io: Loading from file"
    begin
      config_text = File.open(filename).read
      config = JSON.parse(config_text)

      messages = TCellAgent::Config::Validate.get_unknown_options(config)
      messages.each do |message|
        puts message
      end

      if (config["version"] == 1)
        # Required
        app_data = config["applications"][0] #Default
        @version = 1
        @app_id = app_data["app_id"]
        @api_key = app_data["api_key"]

        # Optional
        @preload_policy_filename = app_data.fetch("preload_policy_filename", nil)

        @disable_all = app_data.fetch("disable_all", @disable_all)
        @enabled = app_data.fetch("enabled", @enabled)

        @enable_event_manager = app_data.fetch("enable_event_manager", @enable_event_manager)
        @enable_event_consumer = app_data.fetch("enable_event_consumer", @enable_event_consumer)
        @enable_policy_polling = app_data.fetch("enable_policy_polling", @enable_policy_polling)
        @enable_instrumentation = app_data.fetch("enable_instrumentation", @enable_instrumentation)
        @enable_intercept_requests = app_data.fetch("enable_intercept_requests", @enable_intercept_requests)
        @fetch_policies_from_tcell = app_data.fetch("fetch_policies_from_tcell", @fetch_policies_from_tcell)
        @instrument_for_events = app_data.fetch("instrument_for_events", @instrument_for_events)

        @agent_home_owner = app_data.fetch("agent_home_owner", @agent_home_owner)

        @logging_options = app_data.fetch("logging_options", {})
        @agent_log_dir = app_data.fetch("log_dir", @agent_log_dir)
        @log_file_name = @logging_options.fetch("filename", @log_file_name)

        @tcell_api_url = app_data.fetch("tcell_api_url", @tcell_api_url)
        @tcell_input_url = app_data.fetch("tcell_input_url", @tcell_input_url)

        @max_csp_header_bytes = app_data.fetch("max_csp_header_bytes", @max_csp_header_bytes)

        @allow_payloads = app_data.fetch(
          'allow_unencrypted_appsensor_payloads',
          @allow_payloads
        )
        @allow_payloads = app_data.fetch(
          'allow_unencrypted_appfirewall_payloads',
          @allow_payloads
        )
        @allow_payloads = app_data.fetch(
          'allow_payloads',
          @allow_payloads
        )

        data_exposure = app_data.fetch('data_exposure', {})
        @max_data_ex_db_records_per_request = data_exposure.fetch('max_data_ex_db_records_per_request', @max_data_ex_db_records_per_request)

        @enabled_instrumentations = app_data.fetch('enabled_instrumentations', @enabled_instrumentations)

        @reverse_proxy = app_data.fetch('reverse_proxy', @reverse_proxy)
        @reverse_proxy_ip_address_header = app_data.fetch('reverse_proxy_ip_address_header', @reverse_proxy_ip_address_header)

        @host_identifier = app_data.fetch("host_identifier", @host_identifier)
        @hmac_key = app_data.fetch("hmac_key", @hmac_key)

        @password_hmac_key = app_data.fetch("password_hmac_key", @password_hmac_key)

        @uuid = SecureRandom.uuid
        if (@uuid == nil)
          @uuid = "secure-random-failed"
        end

        if app_data.key?("js_agent_api_base_url")
          @js_agent_api_base_url = app_data["js_agent_api_base_url"]
        end
        if app_data.key?("js_agent_url")
          @js_agent_url = app_data["js_agent_url"]
        end

        @demomode = app_data.fetch('demomode', @demomode)
      else
        puts " ********* ********* ********* *********"
        puts "* tCell.io                               *"
        puts "* Unsupported config file version        *"
        puts " ********* ********* ********* *********"
      end
    rescue StandardError => e
      puts " ********* ********* ********* *********"
      puts "* tCell.io                               *"
      puts "* Could not load config file             *"
      puts " ********* ********* ********* *********"
      puts e
    end #begin
  end # filename exist
end

#read_config_using_envObject 



243
244
245
246
247
248
249
250
251
252
253
254
255
 
# File 'lib/tcell_agent/configuration.rb', line 243

def read_config_using_env
  @app_id = ENV["TCELL_AGENT_APP_ID"] || @app_id
  @api_key = ENV["TCELL_AGENT_API_KEY"] || @api_key
  @hmac_key = ENV["TCELL_HMAC_KEY"] || @hmac_key
  @password_hmac_key = ENV["TCELL_PASSWORD_HMAC_KEY"] || @password_hmac_key
  @host_identifier = ENV["TCELL_AGENT_HOST_IDENTIFIER"] || @host_identifier
  @tcell_api_url = ENV["TCELL_API_URL"] || @tcell_api_url
  @tcell_input_url = ENV["TCELL_INPUT_URL"] || @tcell_input_url
  @demomode = ENV["TCELL_DEMOMODE"] || @demomode

  @agent_home_owner = ENV["TCELL_AGENT_HOME_OWNER"] || @agent_home_owner
  @agent_log_dir = ENV["TCELL_AGENT_LOG_DIR"] || @agent_log_dir
end

#should_consume_event?Boolean

Returns:

  • (Boolean) 


72
73
74
 
# File 'lib/tcell_agent/configuration.rb', line 72

def should_consume_event?
  @enabled && @enable_event_manager && @enable_event_consumer
end

#should_instrument?Boolean

Returns:

  • (Boolean) 


80
81
82
 
# File 'lib/tcell_agent/configuration.rb', line 80

def should_instrument?
  @enabled && @enable_instrumentation && @instrument_for_events # instrument_for_events = legacy
end

#should_instrument_authlogic?Boolean

Returns:

  • (Boolean) 


104
105
106
107
108
109
110
 
# File 'lib/tcell_agent/configuration.rb', line 104

def should_instrument_authlogic?
  if @enabled_instrumentations.has_key?('authlogic') || @enabled_instrumentations.has_key?(:authlogic)
    !!(@enabled_instrumentations['authlogic'] || @enabled_instrumentations[:authlogic])
  else
    true
  end
end

#should_instrument_devise?Boolean

Returns:

  • (Boolean) 


96
97
98
99
100
101
102
 
# File 'lib/tcell_agent/configuration.rb', line 96

def should_instrument_devise?
  if @enabled_instrumentations.has_key?('devise') || @enabled_instrumentations.has_key?(:devise)
    !!(@enabled_instrumentations['devise'] || @enabled_instrumentations[:devise])
  else
    true
  end
end

#should_instrument_doorkeeper?Boolean

Returns:

  • (Boolean) 


88
89
90
91
92
93
94
 
# File 'lib/tcell_agent/configuration.rb', line 88

def should_instrument_doorkeeper?
  if @enabled_instrumentations.has_key?('doorkeeper') || @enabled_instrumentations.has_key?(:doorkeeper)
    !!(@enabled_instrumentations['doorkeeper'] || @enabled_instrumentations[:doorkeeper])
  else
    true
  end
end

#should_intercept_requests?Boolean

Returns:

  • (Boolean) 


84
85
86
 
# File 'lib/tcell_agent/configuration.rb', line 84

def should_intercept_requests?
  @enabled && @enable_instrumentation && @enable_intercept_requests
end

#should_start_event_manager?Boolean

Returns:

  • (Boolean) 


68
69
70
 
# File 'lib/tcell_agent/configuration.rb', line 68

def should_start_event_manager?
  @enabled && @enable_event_manager
end

#should_start_policy_poll?Boolean

Returns:

  • (Boolean) 


76
77
78
 
# File 'lib/tcell_agent/configuration.rb', line 76

def should_start_policy_poll?
  @enabled && @enable_policy_polling && @fetch_policies_from_tcell # fetch_policies_from_tcel = legacy
end