Class: TCellAgent::Instrumentation::TCellData
- Inherits:
-
Object
- Object
- TCellAgent::Instrumentation::TCellData
- Defined in:
- lib/tcell_agent/instrumentation.rb
Instance Attribute Summary collapse
-
#context_filters_by_term ⇒ Object
Returns the value of attribute context_filters_by_term.
-
#csrf_exception_name ⇒ Object
Returns the value of attribute csrf_exception_name.
-
#database_filters ⇒ Object
Returns the value of attribute database_filters.
-
#database_result_sizes ⇒ Object
Returns the value of attribute database_result_sizes.
-
#fullpath ⇒ Object
Returns the value of attribute fullpath.
-
#grape_mount_endpoint ⇒ Object
Returns the value of attribute grape_mount_endpoint.
-
#hmac_session_id ⇒ Object
Returns the value of attribute hmac_session_id.
-
#password ⇒ Object
Returns the value of attribute password.
-
#patches_blocking_triggered ⇒ Object
Returns the value of attribute patches_blocking_triggered.
-
#path ⇒ Object
Returns the value of attribute path.
-
#path_parameters ⇒ Object
Returns the value of attribute path_parameters.
-
#referrer ⇒ Object
Returns the value of attribute referrer.
-
#remote_address ⇒ Object
Returns the value of attribute remote_address.
-
#request_method ⇒ Object
Returns the value of attribute request_method.
-
#route_id ⇒ Object
Returns the value of attribute route_id.
-
#session_id ⇒ Object
Returns the value of attribute session_id.
-
#sql_exceptions ⇒ Object
Returns the value of attribute sql_exceptions.
-
#transaction_id ⇒ Object
Returns the value of attribute transaction_id.
-
#uri ⇒ Object
Returns the value of attribute uri.
-
#user_agent ⇒ Object
Returns the value of attribute user_agent.
-
#user_id ⇒ Object
Returns the value of attribute user_id.
Class Method Summary collapse
Instance Method Summary collapse
- #add_filter_for_cookie_value(term, rule, cookie_name) ⇒ Object
- #add_filter_for_header_value(term, rule, header_name) ⇒ Object
- #add_filter_for_request_parameter(term, rule, parameter_name) ⇒ Object
- #add_response_db_filter(term, action_obj, database, schema, table, field) ⇒ Object
- #filter_body!(body) ⇒ Object
- #filter_log(log_msg) ⇒ Object
-
#initialize ⇒ TCellData
constructor
A new instance of TCellData.
- #to_s ⇒ Object
- #valid_term?(term) ⇒ Boolean
Constructor Details
#initialize ⇒ TCellData
Returns a new instance of TCellData.
85 86 87 88 89 90 |
# File 'lib/tcell_agent/instrumentation.rb', line 85 def initialize @patches_blocking_triggered = false @context_filters_by_term = Hash.new { |h, k| h[k] = Set.new } @sql_exceptions = [] @database_result_sizes = [] end |
Instance Attribute Details
#context_filters_by_term ⇒ Object
Returns the value of attribute context_filters_by_term.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def context_filters_by_term @context_filters_by_term end |
#csrf_exception_name ⇒ Object
Returns the value of attribute csrf_exception_name.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def csrf_exception_name @csrf_exception_name end |
#database_filters ⇒ Object
Returns the value of attribute database_filters.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def database_filters @database_filters end |
#database_result_sizes ⇒ Object
Returns the value of attribute database_result_sizes.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def database_result_sizes @database_result_sizes end |
#fullpath ⇒ Object
Returns the value of attribute fullpath.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def fullpath @fullpath end |
#grape_mount_endpoint ⇒ Object
Returns the value of attribute grape_mount_endpoint.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def grape_mount_endpoint @grape_mount_endpoint end |
#hmac_session_id ⇒ Object
Returns the value of attribute hmac_session_id.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def hmac_session_id @hmac_session_id end |
#password ⇒ Object
Returns the value of attribute password.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def password @password end |
#patches_blocking_triggered ⇒ Object
Returns the value of attribute patches_blocking_triggered.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def patches_blocking_triggered @patches_blocking_triggered end |
#path ⇒ Object
Returns the value of attribute path.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def path @path end |
#path_parameters ⇒ Object
Returns the value of attribute path_parameters.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def path_parameters @path_parameters end |
#referrer ⇒ Object
Returns the value of attribute referrer.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def referrer @referrer end |
#remote_address ⇒ Object
Returns the value of attribute remote_address.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def remote_address @remote_address end |
#request_method ⇒ Object
Returns the value of attribute request_method.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def request_method @request_method end |
#route_id ⇒ Object
Returns the value of attribute route_id.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def route_id @route_id end |
#session_id ⇒ Object
Returns the value of attribute session_id.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def session_id @session_id end |
#sql_exceptions ⇒ Object
Returns the value of attribute sql_exceptions.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def sql_exceptions @sql_exceptions end |
#transaction_id ⇒ Object
Returns the value of attribute transaction_id.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def transaction_id @transaction_id end |
#uri ⇒ Object
Returns the value of attribute uri.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def uri @uri end |
#user_agent ⇒ Object
Returns the value of attribute user_agent.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def user_agent @user_agent end |
#user_id ⇒ Object
Returns the value of attribute user_id.
64 65 66 |
# File 'lib/tcell_agent/instrumentation.rb', line 64 def user_id @user_id end |
Class Method Details
.filterx(sanitize_string, event_flag, replace_flag, term) ⇒ Object
70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'lib/tcell_agent/instrumentation.rb', line 70 def self.filterx(sanitize_string, event_flag, replace_flag, term) send_event = false sanitize_string.gsub!(term) do |m| if replace_flag m = '[redacted]' send_event = true elsif event_flag # m = "[hash]" send_event = true end m end send_event end |
Instance Method Details
#add_filter_for_cookie_value(term, rule, cookie_name) ⇒ Object
112 113 114 115 |
# File 'lib/tcell_agent/instrumentation.rb', line 112 def (term, rule, ) return unless valid_term?(term) context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('cookie', , rule)) end |
#add_filter_for_header_value(term, rule, header_name) ⇒ Object
107 108 109 110 |
# File 'lib/tcell_agent/instrumentation.rb', line 107 def add_filter_for_header_value(term, rule, header_name) return unless valid_term?(term) context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('header', header_name, rule)) end |
#add_filter_for_request_parameter(term, rule, parameter_name) ⇒ Object
102 103 104 105 |
# File 'lib/tcell_agent/instrumentation.rb', line 102 def add_filter_for_request_parameter(term, rule, parameter_name) return unless valid_term?(term) context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('form', parameter_name, rule)) end |
#add_response_db_filter(term, action_obj, database, schema, table, field) ⇒ Object
97 98 99 100 |
# File 'lib/tcell_agent/instrumentation.rb', line 97 def add_response_db_filter(term, action_obj, database, schema, table, field) return unless valid_term?(term) context_filters_by_term[term.to_s].add(ContextFilter.new.for_database(database, schema, table, field, action_obj)) end |
#filter_body!(body) ⇒ Object
117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 |
# File 'lib/tcell_agent/instrumentation.rb', line 117 def filter_body!(body) dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS) if dlp_policy && session_id session_id_actions = dlp_policy.get_actions_for_session_id if session_id_actions send_flag = TCellData.filterx(body, session_id_actions.body_event, session_id_actions.body_redact, session_id) if send_flag TCellAgent.send_event( TCellAgent::SensorEvents::DlpEvent.new( route_id, uri, TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY, session_id_actions.action_id ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID) ) end end end context_filters_by_term.sort_by { |term, _context_filters| -term.length }.each do |term, context_filters| replace_filters = (context_filters.select { |context_filter| context_filter.rule.body_redact == true }) event_filters = (context_filters.select { |context_filter| (context_filter.rule.body_redact != true && context_filter.rule.body_event == true) }) send_flag = TCellData.filterx(body, !event_filters.empty?, !replace_filters.empty?, term) send_flag ||= TCellData.filterx(body, !event_filters.empty?, !replace_filters.empty?, CGI.escapeHTML(term)) next unless send_flag (replace_filters + event_filters).each do |filter| base_event = TCellAgent::SensorEvents::DlpEvent.new( route_id, uri, TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY, filter.rule.action_id ) if filter.type == ContextFilter::DATABASE TCellAgent.send_event( base_event.for_database(filter.database, filter.schema, filter.table, filter.field) ) elsif filter.type == ContextFilter::REQUEST TCellAgent.send_event( base_event.for_request(filter.context, filter.parameter) ) end end end body end |
#filter_log(log_msg) ⇒ Object
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 |
# File 'lib/tcell_agent/instrumentation.rb', line 163 def filter_log(log_msg) dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS) if dlp_policy && session_id session_id_actions = dlp_policy.get_actions_for_session_id if session_id_actions send_flag = TCellData.filterx(log_msg, session_id_actions.log_event, session_id_actions.log_redact, session_id) if send_flag TCellAgent.send_event( TCellAgent::SensorEvents::DlpEvent.new( route_id, uri, TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG, session_id_actions.action_id ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID) ) end end end context_filters_by_term.sort_by { |term, _context_filters| -term.length }.each do |term, context_filters| replace_filters = (context_filters.select { |context_filter| context_filter.rule.log_redact == true }) event_filters = (context_filters.select { |context_filter| (context_filter.rule.log_redact != true && context_filter.rule.log_event == true) }) send_flag = TCellData.filterx(log_msg, !event_filters.empty?, !replace_filters.empty?, term) next unless send_flag (replace_filters + event_filters).each do |filter| base_event = TCellAgent::SensorEvents::DlpEvent.new( route_id, uri, TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG, filter.rule.action_id ) if filter.type == ContextFilter::DATABASE TCellAgent.send_event( base_event.for_database(filter.database, filter.schema, filter.table, filter.field) ) elsif filter.type == ContextFilter::REQUEST TCellAgent.send_event( base_event.for_request(filter.context, filter.parameter) ) end end end log_msg end |
#to_s ⇒ Object
207 208 209 210 211 212 213 |
# File 'lib/tcell_agent/instrumentation.rb', line 207 def to_s "<#{self.class.name} transaction_id: #{transaction_id} session_id: #{session_id} " \ "hmac_session_id: #{hmac_session_id} user_id: #{user_id} route_id: #{route_id} " \ "uri: #{uri} context_filters_by_term: #{context_filters_by_term} " \ "database_filters: #{database_filters} remote_address: #{remote_address} user_agent: #{user_agent} " \ "request_method: #{@request_method} path_parameters: #{@path_parameters}>" end |
#valid_term?(term) ⇒ Boolean
92 93 94 95 |
# File 'lib/tcell_agent/instrumentation.rb', line 92 def valid_term?(term) return true if !term.nil? && term != '' && term.to_s.length >= 5 false end |