Class: TCellAgent::Policies::DataLossPolicy
- Defined in:
- lib/tcell_agent/policies/dataloss_policy.rb,
lib/tcell_agent/rails/dlp.rb
Overview
rubocop:disable Metrics/ClassLength
Defined Under Namespace
Classes: FilterActions, RequestProtectionManager
Instance Attribute Summary collapse
-
#database_actions ⇒ Object
Returns the value of attribute database_actions.
-
#database_discovery_enabled ⇒ Object
Returns the value of attribute database_discovery_enabled.
-
#database_filter_actions ⇒ Object
Returns the value of attribute database_filter_actions.
-
#enabled ⇒ Object
Returns the value of attribute enabled.
-
#field_alerts ⇒ Object
Returns the value of attribute field_alerts.
-
#field_redact_body ⇒ Object
Returns the value of attribute field_redact_body.
-
#policy_id ⇒ Object
Returns the value of attribute policy_id.
-
#request_filter_actions ⇒ Object
Returns the value of attribute request_filter_actions.
-
#session_id_actions ⇒ Object
Returns the value of attribute session_id_actions.
-
#session_id_filter_actions ⇒ Object
Returns the value of attribute session_id_filter_actions.
-
#table_field_actions ⇒ Object
Returns the value of attribute table_field_actions.
Class Method Summary collapse
Instance Method Summary collapse
- #actions_for_cookie? ⇒ Boolean
- #actions_for_form_parameter? ⇒ Boolean
- #actions_for_headers? ⇒ Boolean
- #from_json(policy_json) ⇒ Object
- #get_actions_for(table, field) ⇒ Object
- #get_actions_for_cookie(cookie_name, route_id = nil) ⇒ Object
- #get_actions_for_form_parameter(parameter_name, route_id = nil) ⇒ Object
- #get_actions_for_header(header_name, route_id = nil) ⇒ Object
- #get_actions_for_request(context, variable, route_id = nil) ⇒ Object
- #get_actions_for_session_id(_route_id = nil) ⇒ Object
- #get_actions_for_table(database, schema, table, field, route_id = '*') ⇒ Object
- #init_options ⇒ Object
-
#initialize(policies_json) ⇒ DataLossPolicy
constructor
A new instance of DataLossPolicy.
- #log_enforce(tcell_context, sanitize_string) ⇒ Object
- #response_body_enforce(tcell_context, sanitize_string) ⇒ Object
Constructor Details
#initialize(policies_json) ⇒ DataLossPolicy
Returns a new instance of DataLossPolicy.
45 46 47 48 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 45 def initialize(policies_json) from_json(policies_json) unless policies_json.nil? || policies_json.empty? end |
Instance Attribute Details
#database_actions ⇒ Object
Returns the value of attribute database_actions.
38 39 40 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 38 def database_actions @database_actions end |
#database_discovery_enabled ⇒ Object
Returns the value of attribute database_discovery_enabled.
40 41 42 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 40 def database_discovery_enabled @database_discovery_enabled end |
#database_filter_actions ⇒ Object
Returns the value of attribute database_filter_actions.
32 33 34 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 32 def database_filter_actions @database_filter_actions end |
#enabled ⇒ Object
Returns the value of attribute enabled.
29 30 31 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 29 def enabled @enabled end |
#field_alerts ⇒ Object
Returns the value of attribute field_alerts.
43 44 45 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 43 def field_alerts @field_alerts end |
#field_redact_body ⇒ Object
Returns the value of attribute field_redact_body.
42 43 44 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 42 def field_redact_body @field_redact_body end |
#policy_id ⇒ Object
Returns the value of attribute policy_id.
34 35 36 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 34 def policy_id @policy_id end |
#request_filter_actions ⇒ Object
Returns the value of attribute request_filter_actions.
31 32 33 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 31 def request_filter_actions @request_filter_actions end |
#session_id_actions ⇒ Object
Returns the value of attribute session_id_actions.
37 38 39 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 37 def session_id_actions @session_id_actions end |
#session_id_filter_actions ⇒ Object
Returns the value of attribute session_id_filter_actions.
30 31 32 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 30 def session_id_filter_actions @session_id_filter_actions end |
#table_field_actions ⇒ Object
Returns the value of attribute table_field_actions.
36 37 38 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 36 def table_field_actions @table_field_actions end |
Class Method Details
.actions_from_json(options) ⇒ Object
170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 170 def self.actions_from_json() actions = nil if .key?('log') if ['log'].include? 'redact' actions ||= FilterActions.new actions.log_redact = true end if ['log'].include? 'event' actions ||= FilterActions.new actions.log_event = true end if ['log'].include? 'hash' actions ||= FilterActions.new actions.log_hash = true end end if .key?('body') if ['body'].include? 'redact' actions ||= FilterActions.new actions.body_redact = true end if ['body'].include? 'event' actions ||= FilterActions.new actions.body_event = true end if ['body'].include? 'hash' actions ||= FilterActions.new actions.body_hash = true end end actions end |
.api_identifier ⇒ Object
7 8 9 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 7 def self.api_identifier 'dlp' end |
Instance Method Details
#actions_for_cookie? ⇒ Boolean
95 96 97 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 95 def !@request_filter_actions[RequestProtectionManager::COOKIE].empty? end |
#actions_for_form_parameter? ⇒ Boolean
87 88 89 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 87 def actions_for_form_parameter? !@request_filter_actions[RequestProtectionManager::FORM].empty? end |
#actions_for_headers? ⇒ Boolean
91 92 93 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 91 def actions_for_headers? !@request_filter_actions[RequestProtectionManager::HEADER].empty? end |
#from_json(policy_json) ⇒ Object
203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 203 def from_json(policy_json) return unless policy_json @policy_id = policy_json['policy_id'] raise 'Policy ID missing' unless @policy_id data_json = (policy_json['data'] || {}) if data_json.key?('data_discovery') data_discovery_json = data_json['data_discovery'] @database_discovery_enabled = data_discovery_json.fetch('database_enabled', false) @enabled = @database_discovery_enabled end if data_json.key?('session_id_protections') session_id_protection = data_json['session_id_protections'] rule_id = session_id_protection.fetch('id', nil) filter_actions = DataLossPolicy.actions_from_json(session_id_protection) unless filter_actions.nil? @enabled = true filter_actions.action_id = rule_id @session_id_filter_actions = filter_actions end end if data_json.key?('request_protections') data_json['request_protections'].each do |protection| context = protection.fetch('variable_context', nil) variables = protection.fetch('variables', nil) scope = protection.fetch('scope', 'global') rule_id = protection.fetch('id', nil) = protection.fetch('actions', nil) route_ids = [] if scope == 'global' route_ids = ['*'] elsif scope == 'route' route_ids = protection.fetch('route_ids', []) else next end next unless context && @request_filter_actions.key?(context) && variables && filter_actions = DataLossPolicy.actions_from_json() next if filter_actions.nil? @enabled = true filter_actions.action_id = rule_id variables.each do |variable| route_ids.each do |route_id| if context == RequestProtectionManager::COOKIE # Case sensitive variable name @request_filter_actions[context][route_id][variable].add(filter_actions) else @request_filter_actions[context][route_id][variable.downcase].add(filter_actions) end end end end end return unless data_json.key?('db_protections') protections = data_json['db_protections'] return unless protections protections.each do |protection_json| scope = protection_json.fetch('scope', nil) databases = protection_json.fetch('databases', ['*']) schemas = protection_json.fetch('schemas', ['*']) tables = protection_json.fetch('tables', ['*']) fields = protection_json.fetch('fields', nil) rule_id = protection_json.fetch('id', nil) actions = protection_json.fetch('actions', {}) filter_actions = DataLossPolicy.actions_from_json(actions) route_ids = ['*'] if !scope.nil? && scope != 'global' && scope == 'route' route_ids = protection_json.fetch('route_ids', []) end next if fields.nil? || filter_actions.nil? @enabled = true filter_actions.action_id = rule_id databases.each do |database| schemas.each do |schema| tables.each do |table| fields.each do |field| route_ids.each do |route_id| @database_actions[database][schema][table][field][route_id].add(filter_actions) end end end end end end end |
#get_actions_for(table, field) ⇒ Object
163 164 165 166 167 168 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 163 def get_actions_for(table, field) actions = Set.new key = "#{table}.#{field}" actions.merge(@table_field_actions.fetch(key, [].to_set)) actions end |
#get_actions_for_cookie(cookie_name, route_id = nil) ⇒ Object
99 100 101 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 99 def (, route_id = nil) get_actions_for_request(RequestProtectionManager::COOKIE, , route_id) end |
#get_actions_for_form_parameter(parameter_name, route_id = nil) ⇒ Object
107 108 109 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 107 def get_actions_for_form_parameter(parameter_name, route_id = nil) get_actions_for_request(RequestProtectionManager::FORM, parameter_name.downcase, route_id) end |
#get_actions_for_header(header_name, route_id = nil) ⇒ Object
103 104 105 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 103 def get_actions_for_header(header_name, route_id = nil) get_actions_for_request(RequestProtectionManager::HEADER, header_name.downcase, route_id) end |
#get_actions_for_request(context, variable, route_id = nil) ⇒ Object
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 111 def get_actions_for_request(context, variable, route_id = nil) return nil if context.nil? || variable.nil? route_id = '*' if route_id.nil? if context != RequestProtectionManager::COOKIE variable = variable.downcase end actions = Set.new if @request_filter_actions.key?(context) if @request_filter_actions[context].key?(route_id) && @request_filter_actions[context][route_id].key?(variable) actions.merge(@request_filter_actions[context][route_id][variable]) end if route_id != '*' && @request_filter_actions[context].key?('*') && @request_filter_actions[context]['*'].key?(variable) actions.merge(@request_filter_actions[context]['*'][variable]) end end return nil if actions.size <= 0 actions end |
#get_actions_for_session_id(_route_id = nil) ⇒ Object
83 84 85 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 83 def get_actions_for_session_id(_route_id = nil) @session_id_filter_actions end |
#get_actions_for_table(database, schema, table, field, route_id = '*') ⇒ Object
132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 132 def get_actions_for_table(database, schema, table, field, route_id = '*') route_id = '*' if route_id.nil? actions = Set.new [database, '*'].each do |d| next if @database_actions.key?(d) == false [schema, '*'].each do |s| next if @database_actions[d].key?(s) == false [table, '*'].each do |t| next if @database_actions[d][s].key?(t) == false [field, '*'].each do |f| next if @database_actions[d][s][t].key?(f) == false route_id_rules = @database_actions[d][s][t][f] if route_id_rules.key?(route_id) actions.merge(@database_actions[d][s][t][f][route_id]) end if route_id != '*' && route_id_rules.key?('*') actions.merge(@database_actions[d][s][t][f]['*']) end end end end end return nil if actions.empty? actions end |
#init_options ⇒ Object
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 |
# File 'lib/tcell_agent/policies/dataloss_policy.rb', line 50 def @enabled = false @policy_id = nil @table_field_actions = {} @session_id_actions = [] @database_discovery_enabled = false @field_redact_body = Set.new # ["work_infos.SSN"].to_set # @field_alerts = Set.new @session_id_filter_actions = nil @request_filter_actions = { RequestProtectionManager::FORM => Hash.new { |h, k| h[k] = Hash.new { |i_h, i_k| i_h[i_k] = Set.new } }, RequestProtectionManager::COOKIE => Hash.new { |h, k| h[k] = Hash.new { |i_h, i_k| i_h[i_k] = Set.new } }, RequestProtectionManager::HEADER => Hash.new { |h, k| h[k] = Hash.new { |i_h, i_k| i_h[i_k] = Set.new } } } @database_actions = Hash.new do |h, k| h[k] = Hash.new do |d_h, d_k| d_h[d_k] = Hash.new do |s_h, s_k| s_h[s_k] = Hash.new do |t_h, t_k| t_h[t_k] = Hash.new do |f_h, f_k| f_h[f_k] = Set.new end end end end end @log_actions = nil end |
#log_enforce(tcell_context, sanitize_string) ⇒ Object
303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 |
# File 'lib/tcell_agent/rails/dlp.rb', line 303 def log_enforce(tcell_context, sanitize_string) if TCellAgent.configuration.should_instrument? && TCellAgent.configuration.should_intercept_requests? session_id_actions = get_actions_for_session_id if tcell_context && tcell_context.session_id && session_id_actions send_event = false sanitize_string.gsub!(tcell_context.session_id) do |m| if session_id_actions.log_redact send_event = true m = '[session_id]' elsif session_id_actions.log_hash send_event = true m = '[hash]' elsif session_id_actions.log_event send_event = true end m end if send_event TCellAgent.send_event( TCellAgent::SensorEvents::DlpEvent.new( tcell_context.route_id, tcell_context.uri, TCellAgent::SensorEvents::DlpEvent::FOUND_IN_LOG ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID) ) end end end sanitize_string end |
#response_body_enforce(tcell_context, sanitize_string) ⇒ Object
336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 |
# File 'lib/tcell_agent/rails/dlp.rb', line 336 def response_body_enforce(tcell_context, sanitize_string) if TCellAgent.configuration.should_instrument? && TCellAgent.configuration.should_intercept_requests? session_id_actions = get_actions_for_session_id if tcell_context && tcell_context.session_id && session_id_actions send_event = false sanitize_string.gsub!(tcell_context.session_id) do |m| # rubocop:disable Lint/DuplicateBranch if session_id_actions.body_redact # m = "[session_id]" send_event = true elsif session_id_actions.body_hash # m = "[hash]" send_event = true elsif session_id_actions.body_event send_event = true end # rubocop:enable Lint/DuplicateBranch m end end if send_event TCellAgent.send_event( TCellAgent::SensorEvents::DlpEvent.new( tcell_context.route_id, tcell_context.uri, TCellAgent::SensorEvents::DlpEvent::FOUND_IN_BODY ).for_framework(TCellAgent::SensorEvents::DlpEvent::FRAMEWORK_VARIABLE_SESSION_ID) ) end end sanitize_string end |