Module: TCellAgent::Instrumentation::Lfi
- Extended by:
- ModuleLoggerAccess
- Defined in:
- lib/tcell_agent/instrumentation/lfi.rb
Class Method Summary collapse
- .argf_open_handler ⇒ Object
- .block_file_access?(path, mode) ⇒ Boolean
- .cmdi_open_handler(args, override_mode = '') ⇒ Object
- .convert_mode(mode) ⇒ Object
- .default_open_handler(args, override_mode = '') ⇒ Object
- .extract_path_mode(*args) ⇒ Object
- .extract_path_mode_argf ⇒ Object
- .raise_if_block(path, mode) ⇒ Object
Methods included from ModuleLoggerAccess
Class Method Details
.argf_open_handler ⇒ Object
109 110 111 112 113 |
# File 'lib/tcell_agent/instrumentation/lfi.rb', line 109 def self.argf_open_handler path, mode = TCellAgent::Instrumentation::Lfi.extract_path_mode_argf raise_if_block(path, mode) end |
.block_file_access?(path, mode) ⇒ Boolean
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
# File 'lib/tcell_agent/instrumentation/lfi.rb', line 10 def self.block_file_access?(path, mode) TCellAgent::Instrumentation.safe_block('Checking Local Files Policy') do if TCellAgent::Utils::Strings.present?(path) lfi_policy = TCellAgent.policy(TCellAgent::PolicyTypes::LFI) request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch( Thread.current.object_id, {} ) tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID] return lfi_policy.block_file_access?(path, mode, tcell_context) end end false end |
.cmdi_open_handler(args, override_mode = '') ⇒ Object
115 116 117 118 119 120 121 122 123 124 125 126 127 |
# File 'lib/tcell_agent/instrumentation/lfi.rb', line 115 def self.cmdi_open_handler(args, override_mode = '') path, mode = extract_path_mode(*args) mode = override_mode unless override_mode.empty? raise_if_block(path, mode) return unless path.empty? cmd = TCellAgent::Cmdi.parse_command_from_open(*args) TCellAgent::Cmdi.raise_if_block(cmd) if cmd end |
.convert_mode(mode) ⇒ Object
84 85 86 87 88 89 90 91 92 93 |
# File 'lib/tcell_agent/instrumentation/lfi.rb', line 84 def self.convert_mode(mode) if mode.is_a? String return 'ReadWrite' if mode.include? '+' return 'Write' if (mode.include? 'w') || (mode.include? 'a') elsif mode.is_a? Numeric return 'ReadWrite' if (mode & ::File::RDWR) != 0 return 'Write' if (mode & ::File::WRONLY) != 0 end 'Read' end |
.default_open_handler(args, override_mode = '') ⇒ Object
101 102 103 104 105 106 107 |
# File 'lib/tcell_agent/instrumentation/lfi.rb', line 101 def self.default_open_handler(args, override_mode = '') path, mode = extract_path_mode(*args) mode = override_mode unless override_mode.empty? raise_if_block(path, mode) end |
.extract_path_mode(*args) ⇒ Object
27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# File 'lib/tcell_agent/instrumentation/lfi.rb', line 27 def self.extract_path_mode(*args) path = '' mode = '' TCellAgent::Instrumentation.safe_block('LFI Parsing *args') do return ['', ''] if args.nil? || args.empty? args_copy = Array.new(args) path = args_copy.shift mode = args_copy.shift || 'r' if path && path.to_s[0] != '|' path = File.(path.to_s) mode = if mode && mode.is_a?(Hash) convert_mode(mode[:mode]) else convert_mode(mode) end [path, mode] else ['', ''] end end end |
.extract_path_mode_argf ⇒ Object
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 |
# File 'lib/tcell_agent/instrumentation/lfi.rb', line 54 def self.extract_path_mode_argf path = '' mode = 'Read' TCellAgent::Instrumentation.safe_block('LFI Parsing ARGF') do begin return ['', ''] if ARGF.file == $stdin if ARGF.eof? && !ARGV.empty? argv_copy = Array.new(ARGV) path = argv_copy.shift else path = ARGF.filename end if path && path.to_s[0] != '|' [File.(path.to_s), mode] else ['', ''] end rescue Errno::ENOENT module_logger.debug('LFI Parsing ARGF: attempted to read a non-existent file') ['', ''] rescue Errno::EISDIR module_logger.debug('LFI Parsing ARGF: attempted to read a directory') [ARGF.filename, mode] end end end |
.raise_if_block(path, mode) ⇒ Object
95 96 97 98 99 |
# File 'lib/tcell_agent/instrumentation/lfi.rb', line 95 def self.raise_if_block(path, mode) return unless block_file_access?(path, mode) raise IOError, "tCell.io Agent: Attempted access to file #{path} with mode #{mode} denied" end |