Class: TCellAgent::Instrumentation::TCellData

Inherits:

Object

• Object
• TCellAgent::Instrumentation::TCellData

Defined in:

lib/tcell_agent/instrumentation.rb

Instance Attribute Summary

• #context_filters_by_term ⇒ Object

  Returns the value of attribute context_filters_by_term.

• #csrf_exception_name ⇒ Object

  Returns the value of attribute csrf_exception_name.

• #database_filters ⇒ Object

  Returns the value of attribute database_filters.

• #database_result_sizes ⇒ Object

  Returns the value of attribute database_result_sizes.

• #fullpath ⇒ Object

  Returns the value of attribute fullpath.

• #grape_mount_endpoint ⇒ Object

  Returns the value of attribute grape_mount_endpoint.

• #hmac_session_id ⇒ Object

  Returns the value of attribute hmac_session_id.

• #password ⇒ Object

  Returns the value of attribute password.

• #patches_blocking_triggered ⇒ Object

  Returns the value of attribute patches_blocking_triggered.

• #path ⇒ Object

  Returns the value of attribute path.

• #path_parameters ⇒ Object

  Returns the value of attribute path_parameters.

• #referrer ⇒ Object

  Returns the value of attribute referrer.

• #remote_address ⇒ Object

  Returns the value of attribute remote_address.

• #request_method ⇒ Object

  Returns the value of attribute request_method.

• #reverse_proxy_header_value ⇒ Object

  Returns the value of attribute reverse_proxy_header_value.

• #route_id ⇒ Object

  Returns the value of attribute route_id.

• #session_id ⇒ Object

  Returns the value of attribute session_id.

• #sql_exceptions ⇒ Object

  Returns the value of attribute sql_exceptions.

• #transaction_id ⇒ Object

  Returns the value of attribute transaction_id.

• #uri ⇒ Object

  Returns the value of attribute uri.

• #user_agent ⇒ Object

  Returns the value of attribute user_agent.

• #user_id ⇒ Object

  Returns the value of attribute user_id.

Class Method Summary

• .filterx(sanitize_string, event_flag, replace_flag, term) ⇒ Object

Instance Method Summary

• #add_filter_for_cookie_value(term, rule, cookie_name) ⇒ Object
• #add_filter_for_header_value(term, rule, header_name) ⇒ Object
• #add_filter_for_request_parameter(term, rule, parameter_name) ⇒ Object
• #add_response_db_filter(term, action_obj, database, schema, table, field) ⇒ Object
• #filter_body!(body) ⇒ Object
• #filter_log(log_msg) ⇒ Object
• #initialize ⇒ TCellData constructor

  A new instance of TCellData.

• #to_s ⇒ Object
• #valid_term?(term) ⇒ Boolean

Constructor Details

#initialize ⇒ TCellData

Returns a new instance of TCellData.

# File 'lib/tcell_agent/instrumentation.rb', line 86

def initialize
  @patches_blocking_triggered = false
  @context_filters_by_term = Hash.new { |h, k| h[k] = Set.new }
  @sql_exceptions = []
  @database_result_sizes = []
end

Instance Attribute Details

#context_filters_by_term ⇒ Object

Returns the value of attribute context_filters_by_term.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def context_filters_by_term
  @context_filters_by_term
end

#csrf_exception_name ⇒ Object

Returns the value of attribute csrf_exception_name.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def csrf_exception_name
  @csrf_exception_name
end

#database_filters ⇒ Object

Returns the value of attribute database_filters.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def database_filters
  @database_filters
end

#database_result_sizes ⇒ Object

Returns the value of attribute database_result_sizes.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def database_result_sizes
  @database_result_sizes
end

#fullpath ⇒ Object

Returns the value of attribute fullpath.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def fullpath
  @fullpath
end

#grape_mount_endpoint ⇒ Object

Returns the value of attribute grape_mount_endpoint.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def grape_mount_endpoint
  @grape_mount_endpoint
end

#hmac_session_id ⇒ Object

Returns the value of attribute hmac_session_id.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def hmac_session_id
  @hmac_session_id
end

#password ⇒ Object

Returns the value of attribute password.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def password
  @password
end

#patches_blocking_triggered ⇒ Object

Returns the value of attribute patches_blocking_triggered.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def patches_blocking_triggered
  @patches_blocking_triggered
end

#path ⇒ Object

Returns the value of attribute path.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def path
  @path
end

#path_parameters ⇒ Object

Returns the value of attribute path_parameters.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def path_parameters
  @path_parameters
end

#referrer ⇒ Object

Returns the value of attribute referrer.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def referrer
  @referrer
end

#remote_address ⇒ Object

Returns the value of attribute remote_address.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def remote_address
  @remote_address
end

#request_method ⇒ Object

Returns the value of attribute request_method.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def request_method
  @request_method
end

#reverse_proxy_header_value ⇒ Object

Returns the value of attribute reverse_proxy_header_value.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def reverse_proxy_header_value
  @reverse_proxy_header_value
end

#route_id ⇒ Object

Returns the value of attribute route_id.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def route_id
  @route_id
end

#session_id ⇒ Object

Returns the value of attribute session_id.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def session_id
  @session_id
end

#sql_exceptions ⇒ Object

Returns the value of attribute sql_exceptions.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def sql_exceptions
  @sql_exceptions
end

#transaction_id ⇒ Object

Returns the value of attribute transaction_id.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def transaction_id
  @transaction_id
end

#uri ⇒ Object

Returns the value of attribute uri.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def uri
  @uri
end

#user_agent ⇒ Object

Returns the value of attribute user_agent.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def user_agent
  @user_agent
end

#user_id ⇒ Object

Returns the value of attribute user_id.

# File 'lib/tcell_agent/instrumentation.rb', line 64

def user_id
  @user_id
end

Class Method Details

.filterx(sanitize_string, event_flag, replace_flag, term) ⇒ Object

# File 'lib/tcell_agent/instrumentation.rb', line 71

def self.filterx(sanitize_string, event_flag, replace_flag, term)
  send_event = false
  sanitize_string.gsub!(term) do |m|
    if replace_flag
      m = '[redacted]'
      send_event = true
    elsif event_flag
      # m = "[hash]"
      send_event = true
    end
    m
  end
  send_event
end

Instance Method Details

#add_filter_for_cookie_value(term, rule, cookie_name) ⇒ Object

# File 'lib/tcell_agent/instrumentation.rb', line 117

def add_filter_for_cookie_value(term, rule, cookie_name)
  return unless valid_term?(term)

  context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('cookie', cookie_name, rule))
end

#add_filter_for_header_value(term, rule, header_name) ⇒ Object

# File 'lib/tcell_agent/instrumentation.rb', line 111

def add_filter_for_header_value(term, rule, header_name)
  return unless valid_term?(term)

  context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('header', header_name, rule))
end

#add_filter_for_request_parameter(term, rule, parameter_name) ⇒ Object

# File 'lib/tcell_agent/instrumentation.rb', line 105

def add_filter_for_request_parameter(term, rule, parameter_name)
  return unless valid_term?(term)

  context_filters_by_term[term.to_s].add(ContextFilter.new.for_request('form', parameter_name, rule))
end

#add_response_db_filter(term, action_obj, database, schema, table, field) ⇒ Object

# File 'lib/tcell_agent/instrumentation.rb', line 99

def add_response_db_filter(term, action_obj, database, schema, table, field)
  return unless valid_term?(term)

  context_filters_by_term[term.to_s].add(ContextFilter.new.for_database(database, schema, table, field, action_obj))
end

#filter_body!(body) ⇒ Object

# File 'lib/tcell_agent/instrumentation.rb', line 123

def filter_body!(body)
  dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
  if dlp_policy && session_id
    session_id_actions = dlp_policy.get_actions_for_session_id
    if session_id_actions
      send_flag = TCellData.filterx(body, session_id_actions.body_event, session_id_actions.body_redact, session_id)
      if send_flag
        TCellAgent.send_event(
          TCellAgent::SensorEvents::DlpEvent.new(
            route_id,
            uri,
            TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY,
            session_id_actions.action_id
          ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
        )

      end
    end
  end
  context_filters_by_term.sort_by { |term, _context_filters| -term.length }.each do |term, context_filters|
    replace_filters = (context_filters.select { |context_filter| context_filter.rule.body_redact == true })
    event_filters = (context_filters.select { |context_filter| (context_filter.rule.body_redact != true && context_filter.rule.body_event == true) })
    send_flag = TCellData.filterx(body, !event_filters.empty?, !replace_filters.empty?, term)
    send_flag ||= TCellData.filterx(body, !event_filters.empty?, !replace_filters.empty?, CGI.escapeHTML(term))
    next unless send_flag

    (replace_filters + event_filters).each do |filter|
      base_event = TCellAgent::SensorEvents::DlpEvent.new(
        route_id,
        uri,
        TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY,
        filter.rule.action_id
      )
      if filter.type == ContextFilter::DATABASE
        TCellAgent.send_event(
          base_event.for_database(filter.database, filter.schema, filter.table, filter.field)
        )
      elsif filter.type == ContextFilter::REQUEST
        TCellAgent.send_event(
          base_event.for_request(filter.context, filter.parameter)
        )
      end
    end
  end
  body
end

#filter_log(log_msg) ⇒ Object

# File 'lib/tcell_agent/instrumentation.rb', line 170

def filter_log(log_msg)
  dlp_policy = TCellAgent.policy(TCellAgent::PolicyTypes::DATALOSS)
  if dlp_policy && session_id
    session_id_actions = dlp_policy.get_actions_for_session_id
    if session_id_actions
      send_flag = TCellData.filterx(log_msg, session_id_actions.log_event, session_id_actions.log_redact, session_id)
      if send_flag
        TCellAgent.send_event(
          TCellAgent::SensorEvents::DlpEvent.new(
            route_id,
            uri,
            TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG,
            session_id_actions.action_id
          ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID)
        )
      end
    end
  end
  context_filters_by_term.sort_by { |term, _context_filters| -term.length }.each do |term, context_filters|
    replace_filters = (context_filters.select { |context_filter| context_filter.rule.log_redact == true })
    event_filters = (context_filters.select { |context_filter| (context_filter.rule.log_redact != true && context_filter.rule.log_event == true) })
    send_flag = TCellData.filterx(log_msg, !event_filters.empty?, !replace_filters.empty?, term)
    next unless send_flag

    (replace_filters + event_filters).each do |filter|
      base_event = TCellAgent::SensorEvents::DlpEvent.new(
        route_id,
        uri,
        TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG,
        filter.rule.action_id
      )
      if filter.type == ContextFilter::DATABASE
        TCellAgent.send_event(
          base_event.for_database(filter.database, filter.schema, filter.table, filter.field)
        )
      elsif filter.type == ContextFilter::REQUEST
        TCellAgent.send_event(
          base_event.for_request(filter.context, filter.parameter)
        )
      end
    end
  end
  log_msg
end

#to_s ⇒ Object

# File 'lib/tcell_agent/instrumentation.rb', line 215

def to_s
  "<#{self.class.name} transaction_id: #{transaction_id} session_id: #{session_id} " \
  "hmac_session_id: #{hmac_session_id} user_id: #{user_id} route_id: #{route_id} " \
  "uri: #{uri} context_filters_by_term: #{context_filters_by_term} " \
  "database_filters: #{database_filters} remote_address: #{remote_address} user_agent: #{user_agent} " \
  "request_method: #{@request_method} path_parameters: #{@path_parameters}>"
end

#valid_term?(term) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/tcell_agent/instrumentation.rb', line 93

def valid_term?(term)
  return true if !term.nil? && term != '' && term.to_s.length >= 5

  false
end