Module: TCellAgent::Cmdi

Defined in:

lib/tcell_agent/instrumentation/cmdi.rb

Class Method Summary

• .block_command?(cmd) ⇒ Boolean
• .default_cmdi_handler(args) ⇒ Object
• .parse_command(*args) ⇒ Object
• .parse_command_from_open(*args) ⇒ Object
• .popen_cmdi_handler(args) ⇒ Object
• .raise_if_block(cmd) ⇒ Object

Class Method Details

.block_command?(cmd) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/tcell_agent/instrumentation/cmdi.rb', line 7

def self.block_command?(cmd)
  TCellAgent::Instrumentation.safe_block('Checking Command Injection Policy') do
    if TCellAgent::Utils::Strings.present?(cmd)
      command_injection_policy = TCellAgent.policy(TCellAgent::PolicyTypes::COMMANDINJECTION)
      if command_injection_policy.enabled
        request_env = TCellAgent::Instrumentation::Rails::Middleware::ContextMiddleware::THREADS.fetch(
          Thread.current.object_id, {}
        )
        tcell_context = request_env[TCellAgent::Instrumentation::TCELL_ID]
        return command_injection_policy.block_command?(cmd, tcell_context)
      end
    end
  end

  false
end

.default_cmdi_handler(args) ⇒ Object

# File 'lib/tcell_agent/instrumentation/cmdi.rb', line 66

def self.default_cmdi_handler(args)
  cmd = TCellAgent::Cmdi.parse_command(*args)

  raise_if_block(cmd)
end

.parse_command(*args) ⇒ Object

# File 'lib/tcell_agent/instrumentation/cmdi.rb', line 24

def self.parse_command(*args)
  cmd = ''

  TCellAgent::Instrumentation.safe_block('CMDI Parsing *args') do
    return cmd if args.nil? || args.empty?

    args_copy = Array.new(args)
    args_copy.shift if args_copy.first.is_a?(Hash)
    args_copy.pop if args_copy.last.is_a?(Hash)

    if args_copy.first.is_a?(Array)
      cmd_n_argv0 = args_copy.shift
      args_copy.unshift(cmd_n_argv0.first)
    end

    cmd = args_copy.join(' ')
  end

  cmd
end

.parse_command_from_open(*args) ⇒ Object

# File 'lib/tcell_agent/instrumentation/cmdi.rb', line 45

def self.parse_command_from_open(*args)
  cmd = ''

  TCellAgent::Instrumentation.safe_block('CMDI Parsing *args') do
    return cmd if args.nil? || args.empty?

    args_copy = Array.new(args)
    first_arg = args_copy.shift

    cmd = first_arg[1..-1] if first_arg && (first_arg.is_a? String) && first_arg[0] == '|'
  end

  cmd
end

.popen_cmdi_handler(args) ⇒ Object

# File 'lib/tcell_agent/instrumentation/cmdi.rb', line 72

def self.popen_cmdi_handler(args)
  return if args.empty?

  cmd = ''

  TCellAgent::Instrumentation.safe_block('CMDI Parsing popen *args') do
    args_copy = Array.new(args)
    args_copy.shift if args_copy.first.is_a?(Hash)
    args_copy.pop if args_copy.last.is_a?(Hash)

    cmd = if args_copy.first.is_a?(String)
            args_copy.shift
          else
            TCellAgent::Cmdi.parse_command(*args_copy.shift)
          end
  end

  raise_if_block(cmd)
end

.raise_if_block(cmd) ⇒ Object

# File 'lib/tcell_agent/instrumentation/cmdi.rb', line 60

def self.raise_if_block(cmd)
  return unless TCellAgent::Cmdi.block_command?(cmd)

  raise "tCell.io Agent: Command not allowed by policy: #{cmd}"
end