Class: TCellAgent::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/tcell_agent/configuration.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(filename = "config/tcell_agent.config", useapp = nil) ⇒ Configuration 



113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
 
# File 'lib/tcell_agent/configuration.rb', line 113

def initialize(filename="config/tcell_agent.config", useapp=nil)
  # These will be set when the agent starts up, to give rails initializers
  # a chance to run
  @cache_filename = nil
  @agent_log_dir = nil
  @log_tag = nil

  @logger = nil
  @appfirewall_payloads_logger = nil

  @version = 0
  @exp_config_settings = true
  @demomode = false

  @fetch_policies_from_tcell = true
  @instrument_for_events = true

  @disable_all = false
  @enabled = true
  @enable_event_manager = true
  @enable_event_consumer = true
  @enable_policy_polling = true
  @enable_instrumentation = true
  @enable_intercept_requests = true

  @enabled_instrumentations = {
    :doorkeeper => true,
    :devise => true,
    :authlogic => true
  }

  @log_file_name = "tcell_agent.log"

  @event_batch_size_limit = 50
  @event_time_limit_seconds = 15

  @max_data_ex_db_records_per_request = 1000
  @reverse_proxy = true
  @reverse_proxy_ip_address_header = nil
  @allow_payloads = true

  @max_csp_header_bytes = nil
  @password_hmac_key = nil

  @agent_home_dir = ENV["TCELL_AGENT_HOME"] || File.join(Dir.getwd, "tcell")
  @config_filename = ENV["TCELL_AGENT_CONFIG"] || File.join(Dir.getwd, filename)

  read_config_from_file(@config_filename)
  read_config_using_env

  if @demomode
    @event_batch_size_limit = 1
    @event_time_limit_seconds = 2
  end

  if ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"]
    puts "tCell.io Agent: [DEPRECATED] TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS is deprecated and will be removed in a future release. Please switch to TCELL_AGENT_ALLOW_PAYLOADS."
  end

  if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"])
    puts "tCell.io Agent: [DEPRECATED] TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS is deprecated and will be removed in a future release. Please switch to TCELL_AGENT_ALLOW_PAYLOADS."
  end

  if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"] != nil)
    @allow_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPSENSOR_PAYLOADS"])
  end
  if (ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"] != nil)
    @allow_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_UNENCRYPTED_APPFIREWALL_PAYLOADS"])
  end
  if (ENV["TCELL_AGENT_ALLOW_PAYLOADS"] != nil)
    @allow_payloads = [true, "true", "yes", "1"].include?(ENV["TCELL_AGENT_ALLOW_PAYLOADS"])
  end

  @tcell_api_url = compose_api_url!
  @tcell_input_url ||= "https://input.tcell.io/api/v1"
  @js_agent_url ||= "https://jsagent.tcell.io/tcellagent.min.js"

  if (@host_identifier == nil)
    begin
      @host_identifier = (Socket.gethostname() || "localhost")
    rescue StandardError
      @host_identifier = "host_identifier_not_found"
    end
  end

  @uuid = SecureRandom.uuid
end

Instance Attribute Details

#agent_home_dirObject

Returns the value of attribute agent_home_dir.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def agent_home_dir
  @agent_home_dir
end

#agent_home_ownerObject

Returns the value of attribute agent_home_owner.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def agent_home_owner
  @agent_home_owner
end

#agent_log_dirObject

Returns the value of attribute agent_log_dir.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def agent_log_dir
  @agent_log_dir
end

#allow_payloadsObject

Returns the value of attribute allow_payloads.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def allow_payloads
  @allow_payloads
end

#api_keyObject

Returns the value of attribute api_key.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def api_key
  @api_key
end

#app_idObject

Returns the value of attribute app_id.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def app_id
  @app_id
end

#appfirewall_payloads_loggerObject

Returns the value of attribute appfirewall_payloads_logger.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def appfirewall_payloads_logger
  @appfirewall_payloads_logger
end

#base_dirObject

Returns the value of attribute base_dir.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def base_dir
  @base_dir
end

#cache_filenameObject

Returns the value of attribute cache_filename.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def cache_filename
  @cache_filename
end

#config_filenameObject

Returns the value of attribute config_filename.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def config_filename
  @config_filename
end

#demomodeObject

Returns the value of attribute demomode.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def demomode
  @demomode
end

#disable_allObject

Returns the value of attribute disable_all.



57
58
59
 
# File 'lib/tcell_agent/configuration.rb', line 57

def disable_all
  @disable_all
end

#enable_event_consumerObject

Returns the value of attribute enable_event_consumer.



57
58
59
 
# File 'lib/tcell_agent/configuration.rb', line 57

def enable_event_consumer
  @enable_event_consumer
end

#enable_event_managerObject

Returns the value of attribute enable_event_manager.



57
58
59
 
# File 'lib/tcell_agent/configuration.rb', line 57

def enable_event_manager
  @enable_event_manager
end

#enable_instrumentationObject

Returns the value of attribute enable_instrumentation.



57
58
59
 
# File 'lib/tcell_agent/configuration.rb', line 57

def enable_instrumentation
  @enable_instrumentation
end

#enable_intercept_requestsObject

Returns the value of attribute enable_intercept_requests.



57
58
59
 
# File 'lib/tcell_agent/configuration.rb', line 57

def enable_intercept_requests
  @enable_intercept_requests
end

#enable_policy_pollingObject

Returns the value of attribute enable_policy_polling.



57
58
59
 
# File 'lib/tcell_agent/configuration.rb', line 57

def enable_policy_polling
  @enable_policy_polling
end

#enabledObject

Returns the value of attribute enabled.



57
58
59
 
# File 'lib/tcell_agent/configuration.rb', line 57

def enabled
  @enabled
end

#enabled_instrumentationsObject

Returns the value of attribute enabled_instrumentations.



65
66
67
 
# File 'lib/tcell_agent/configuration.rb', line 65

def enabled_instrumentations
  @enabled_instrumentations
end

#event_batch_size_limitObject

Returns the value of attribute event_batch_size_limit.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def event_batch_size_limit
  @event_batch_size_limit
end

#event_time_limit_secondsObject

Returns the value of attribute event_time_limit_seconds.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def event_time_limit_seconds
  @event_time_limit_seconds
end

#exp_config_settingsObject

Returns the value of attribute exp_config_settings.



67
68
69
 
# File 'lib/tcell_agent/configuration.rb', line 67

def exp_config_settings
  @exp_config_settings
end

#fetch_policies_from_tcellObject

Returns the value of attribute fetch_policies_from_tcell.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def fetch_policies_from_tcell
  @fetch_policies_from_tcell
end

#hmac_keyObject

Returns the value of attribute hmac_key.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def hmac_key
  @hmac_key
end

#host_identifierObject

Returns the value of attribute host_identifier.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def host_identifier
  @host_identifier
end

#instrument_for_eventsObject

Returns the value of attribute instrument_for_events.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def instrument_for_events
  @instrument_for_events
end

#js_agent_api_base_urlObject

Returns the value of attribute js_agent_api_base_url.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def js_agent_api_base_url
  @js_agent_api_base_url
end

#js_agent_urlObject

Returns the value of attribute js_agent_url.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def js_agent_url
  @js_agent_url
end

#log_file_nameObject

Returns the value of attribute log_file_name.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def log_file_name
  @log_file_name
end

#log_tagObject

Returns the value of attribute log_tag.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def log_tag
  @log_tag
end

#loggerObject

Returns the value of attribute logger.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def logger
  @logger
end

#logging_optionsObject

Returns the value of attribute logging_options.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def logging_options
  @logging_options
end

#max_csp_header_bytesObject

Returns the value of attribute max_csp_header_bytes.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def max_csp_header_bytes
  @max_csp_header_bytes
end

#max_data_ex_db_records_per_requestObject

Returns the value of attribute max_data_ex_db_records_per_request.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def max_data_ex_db_records_per_request
  @max_data_ex_db_records_per_request
end

#password_hmac_keyObject

Returns the value of attribute password_hmac_key.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def password_hmac_key
  @password_hmac_key
end

#preload_policy_filenameObject

Returns the value of attribute preload_policy_filename.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def preload_policy_filename
  @preload_policy_filename
end

#reverse_proxyObject

Returns the value of attribute reverse_proxy.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def reverse_proxy
  @reverse_proxy
end

#reverse_proxy_ip_address_headerObject

Returns the value of attribute reverse_proxy_ip_address_header.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def reverse_proxy_ip_address_header
  @reverse_proxy_ip_address_header
end

#tcell_api_urlObject

Returns the value of attribute tcell_api_url.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def tcell_api_url
  @tcell_api_url
end

#tcell_input_urlObject

Returns the value of attribute tcell_input_url.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def tcell_input_url
  @tcell_input_url
end

#uuidObject

Returns the value of attribute uuid.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def uuid
  @uuid
end

#versionObject

Returns the value of attribute version.



25
26
27
 
# File 'lib/tcell_agent/configuration.rb', line 25

def version
  @version
end

Instance Method Details

#allow_unencrypted_appfirewall_payloadsObject

keep this around in case the value was read as well



364
365
366
 
# File 'lib/tcell_agent/configuration.rb', line 364

def allow_unencrypted_appfirewall_payloads
  @allow_payloads
end

#allow_unencrypted_appfirewall_payloads=(val) ⇒ Object

old value could be set via initializers, this makes sure those initializers still work properly



360
361
362
 
# File 'lib/tcell_agent/configuration.rb', line 360

def allow_unencrypted_appfirewall_payloads=(val)
  @allow_payloads = val
end

#appfirewall_payloads_log_filenameObject 



373
374
375
376
 
# File 'lib/tcell_agent/configuration.rb', line 373

def appfirewall_payloads_log_filename
  @agent_log_dir ||= File.join(@agent_home_dir, "logs")
  File.join(@agent_log_dir, "tcell_agent_payloads.log")
end

#cache_filename_with_app_idObject 



235
236
237
238
239
240
241
242
243
 
# File 'lib/tcell_agent/configuration.rb', line 235

def cache_filename_with_app_id
  @cache_filename ||= File.join(@agent_home_dir, "cache", "tcell_agent.cache")

  if @app_id
    "#{@cache_filename}.#{@app_id}"
  else
    @cache_filename
  end
end

#compose_api_url!Object 



201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
 
# File 'lib/tcell_agent/configuration.rb', line 201

def compose_api_url!
  @tcell_api_url ||= "https://api.tcell.io"
  parsed_uri = URI.parse(@tcell_api_url)

  api_url = [
    parsed_uri.scheme,
    "://",
    parsed_uri.host
  ]

  api_url.push(":#{parsed_uri.port}") unless [80, 443].include?(parsed_uri.port)

  @js_agent_api_base_url ||= "#{api_url.join('')}/api/v1"

  [
    api_url.join(''),
    "/agents/api/v1/apps/",
    "{app_id}",
    "/policies/latest",
    "?",
    "type=jsagentinjection:v1",
    "&type=http-redirect:v1",
    "&type=clickjacking:v1",
    "&type=secure-headers:v1",
    "&type=cmdi:v1",
    "&type=csp-headers:v1",
    "&type=dlp:v1",
    "&type=login:v1",
    "&type=regex:v1",
    "&type=appsensor:v2",
    "&type=patches:v1"
  ].join('')
end

#log_filenameObject 



368
369
370
371
 
# File 'lib/tcell_agent/configuration.rb', line 368

def log_filename
  @agent_log_dir ||= File.join(@agent_home_dir, "logs")
  File.join(@agent_log_dir, @log_file_name)
end

#read_config_from_file(filename) ⇒ Object 



259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
 
# File 'lib/tcell_agent/configuration.rb', line 259

def read_config_from_file(filename)
  if File.file?(filename)
    #puts "tCell.io: Loading from file"
    begin
      config_text = File.open(filename).read
      config = JSON.parse(config_text)

      messages = TCellAgent::Config::Validate.get_unknown_options(config)
      messages.each do |message|
        puts message
      end

      if (config["version"] == 1)
        # Required
        app_data = config["applications"][0] #Default
        @version = 1
        @app_id = app_data["app_id"]
        @api_key = app_data["api_key"]

        # Optional
        @preload_policy_filename = app_data.fetch("preload_policy_filename", nil)

        @disable_all = app_data.fetch("disable_all", @disable_all)
        @enabled = app_data.fetch("enabled", @enabled)

        @enable_event_manager = app_data.fetch("enable_event_manager", @enable_event_manager)
        @enable_event_consumer = app_data.fetch("enable_event_consumer", @enable_event_consumer)
        @enable_policy_polling = app_data.fetch("enable_policy_polling", @enable_policy_polling)
        @enable_instrumentation = app_data.fetch("enable_instrumentation", @enable_instrumentation)
        @enable_intercept_requests = app_data.fetch("enable_intercept_requests", @enable_intercept_requests)
        @fetch_policies_from_tcell = app_data.fetch("fetch_policies_from_tcell", @fetch_policies_from_tcell)
        @instrument_for_events = app_data.fetch("instrument_for_events", @instrument_for_events)

        @agent_home_owner = app_data.fetch("agent_home_owner", @agent_home_owner)

        @logging_options = app_data.fetch("logging_options", {})
        @agent_log_dir = app_data.fetch("log_dir", @agent_log_dir)
        @log_file_name = @logging_options.fetch("filename", @log_file_name)

        @tcell_api_url = app_data.fetch("tcell_api_url", @tcell_api_url)
        @tcell_input_url = app_data.fetch("tcell_input_url", @tcell_input_url)

        @max_csp_header_bytes = app_data.fetch("max_csp_header_bytes", @max_csp_header_bytes)

        @allow_payloads = app_data.fetch(
          'allow_unencrypted_appsensor_payloads',
          @allow_payloads
        )
        @allow_payloads = app_data.fetch(
          'allow_unencrypted_appfirewall_payloads',
          @allow_payloads
        )
        @allow_payloads = app_data.fetch(
          'allow_payloads',
          @allow_payloads
        )

        data_exposure = app_data.fetch('data_exposure', {})
        @max_data_ex_db_records_per_request = data_exposure.fetch('max_data_ex_db_records_per_request', @max_data_ex_db_records_per_request)

        @enabled_instrumentations = app_data.fetch('enabled_instrumentations', @enabled_instrumentations)

        @reverse_proxy = app_data.fetch('reverse_proxy', @reverse_proxy)
        @reverse_proxy_ip_address_header = app_data.fetch('reverse_proxy_ip_address_header', @reverse_proxy_ip_address_header)

        @host_identifier = app_data.fetch("host_identifier", @host_identifier)
        @hmac_key = app_data.fetch("hmac_key", @hmac_key)

        @password_hmac_key = app_data.fetch("password_hmac_key", @password_hmac_key)

        @uuid = SecureRandom.uuid
        if (@uuid == nil)
          @uuid = "secure-random-failed"
        end

        if app_data.key?("js_agent_api_base_url")
          @js_agent_api_base_url = app_data["js_agent_api_base_url"]
        end
        if app_data.key?("js_agent_url")
          @js_agent_url = app_data["js_agent_url"]
        end

        @demomode = app_data.fetch('demomode', @demomode)
      else
        puts " ********* ********* ********* *********"
        puts "* tCell.io                               *"
        puts "* Unsupported config file version        *"
        puts " ********* ********* ********* *********"
      end
    rescue StandardError => e
      puts " ********* ********* ********* *********"
      puts "* tCell.io                               *"
      puts "* Could not load config file             *"
      puts " ********* ********* ********* *********"
      puts e
    end #begin
  end # filename exist
end

#read_config_using_envObject 



245
246
247
248
249
250
251
252
253
254
255
256
257
 
# File 'lib/tcell_agent/configuration.rb', line 245

def read_config_using_env
  @app_id = ENV["TCELL_AGENT_APP_ID"] || @app_id
  @api_key = ENV["TCELL_AGENT_API_KEY"] || @api_key
  @hmac_key = ENV["TCELL_HMAC_KEY"] || @hmac_key
  @password_hmac_key = ENV["TCELL_PASSWORD_HMAC_KEY"] || @password_hmac_key
  @host_identifier = ENV["TCELL_AGENT_HOST_IDENTIFIER"] || @host_identifier
  @tcell_api_url = ENV["TCELL_API_URL"] || @tcell_api_url
  @tcell_input_url = ENV["TCELL_INPUT_URL"] || @tcell_input_url
  @demomode = ENV["TCELL_DEMOMODE"] || @demomode

  @agent_home_owner = ENV["TCELL_AGENT_HOME_OWNER"] || @agent_home_owner
  @agent_log_dir = ENV["TCELL_AGENT_LOG_DIR"] || @agent_log_dir
end

#should_consume_event?Boolean 



73
74
75
 
# File 'lib/tcell_agent/configuration.rb', line 73

def should_consume_event?
  @enabled && @enable_event_manager && @enable_event_consumer
end

#should_instrument?Boolean 



81
82
83
 
# File 'lib/tcell_agent/configuration.rb', line 81

def should_instrument?
  @enabled && @enable_instrumentation && @instrument_for_events # instrument_for_events = legacy
end

#should_instrument_authlogic?Boolean 



105
106
107
108
109
110
111
 
# File 'lib/tcell_agent/configuration.rb', line 105

def should_instrument_authlogic?
  if @enabled_instrumentations.has_key?('authlogic') || @enabled_instrumentations.has_key?(:authlogic)
    !!(@enabled_instrumentations['authlogic'] || @enabled_instrumentations[:authlogic])
  else
    true
  end
end

#should_instrument_devise?Boolean 



97
98
99
100
101
102
103
 
# File 'lib/tcell_agent/configuration.rb', line 97

def should_instrument_devise?
  if @enabled_instrumentations.has_key?('devise') || @enabled_instrumentations.has_key?(:devise)
    !!(@enabled_instrumentations['devise'] || @enabled_instrumentations[:devise])
  else
    true
  end
end

#should_instrument_doorkeeper?Boolean 



89
90
91
92
93
94
95
 
# File 'lib/tcell_agent/configuration.rb', line 89

def should_instrument_doorkeeper?
  if @enabled_instrumentations.has_key?('doorkeeper') || @enabled_instrumentations.has_key?(:doorkeeper)
    !!(@enabled_instrumentations['doorkeeper'] || @enabled_instrumentations[:doorkeeper])
  else
    true
  end
end

#should_intercept_requests?Boolean 



85
86
87
 
# File 'lib/tcell_agent/configuration.rb', line 85

def should_intercept_requests?
  @enabled && @enable_instrumentation && @enable_intercept_requests
end

#should_start_event_manager?Boolean 



69
70
71
 
# File 'lib/tcell_agent/configuration.rb', line 69

def should_start_event_manager?
  @enabled && @enable_event_manager
end

#should_start_policy_poll?Boolean 



77
78
79
 
# File 'lib/tcell_agent/configuration.rb', line 77

def should_start_policy_poll?
  @enabled && @enable_policy_polling && @fetch_policies_from_tcell # fetch_policies_from_tcel = legacy
end