diff --git a/gradle.properties b/gradle.properties index 1515da4a9..808489c5a 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ # The agent version. agentVersion=1.2.1 -jsonVersion=1.2.0 +jsonVersion=2.0.0 # Updated exposed NR APM API version. nrAPIVersion=8.4.0 diff --git a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java index 5aa9083d8..2d6c3c0ee 100644 --- a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java @@ -114,7 +114,9 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); @@ -145,17 +147,6 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { diff --git a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index 4099208c1..4941f6bbb 100644 --- a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -118,7 +118,10 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), + securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); @@ -148,17 +151,6 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { diff --git a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index ff826809a..ce4ca328e 100644 --- a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -118,7 +118,9 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); @@ -148,17 +150,6 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { diff --git a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index 9aa227014..fbd0018a1 100644 --- a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -118,7 +118,9 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); @@ -158,17 +160,6 @@ private static String getProtocol(String value) { } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { diff --git a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java index 9dd55f506..a225f67f6 100644 --- a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java @@ -70,7 +70,9 @@ public static void preprocessSecurityHook(ServerStream_Instrumentat processGRPCRequestMetadata(meta, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); if (call.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION) != null) { securityRequest.setProtocol("https"); @@ -160,17 +162,6 @@ private static boolean isLockAcquired(String nrSecCustomAttrName) { return false; } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processGRPCRequestMetadata(Metadata metadata, HttpRequest securityRequest) { Set headerNames = metadata.keys(); for (String headerKey : headerNames) { diff --git a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java index 372aaa012..d04a458b1 100644 --- a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java @@ -70,7 +70,9 @@ public static void preprocessSecurityHook(ServerStream_Instrumentat processGRPCRequestMetadata(meta, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); if (call.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION) != null) { securityRequest.setProtocol("https"); @@ -164,17 +166,6 @@ private static boolean isLockAcquired(String nrSecCustomAttrName) { return false; } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processGRPCRequestMetadata(Metadata metadata, HttpRequest securityRequest) { Set headerNames = metadata.keys(); for (String headerKey : headerNames) { diff --git a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java index b60d767d3..ba1dcc71c 100644 --- a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java @@ -69,7 +69,9 @@ public static void preprocessSecurityHook(ServerStream_Instrumentat processGRPCRequestMetadata(meta, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); if (call.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION) != null) { securityRequest.setProtocol("https"); @@ -158,17 +160,6 @@ private static boolean isLockAcquired(String nrSecCustomAttrName) { return false; } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processGRPCRequestMetadata(Metadata metadata, HttpRequest securityRequest) { Set headerNames = metadata.keys(); for (String headerKey : headerNames) { diff --git a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 3d5b05569..6264c6ee4 100644 --- a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -76,7 +76,10 @@ public static void preprocessSecurityHook(ContainerRequest requestContext) { } HttpRequestHelper.processHttpRequestHeader(requestContext, securityRequest); - securityMetaData.setTracingHeaderValue(HttpRequestHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + securityRequest.setUrl(requestContext.getRequestUri().toString()); StackTraceElement[] trace = Thread.currentThread().getStackTrace(); @@ -180,17 +183,6 @@ private static String getHeaderValue(List values) { return finalValue.toString(); } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isRequestLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 86f4786b3..4f3468aa5 100644 --- a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -78,7 +78,10 @@ public static void preprocessSecurityHook(ContainerRequest requestContext) { } HttpRequestHelper.processHttpRequestHeader(requestContext, securityRequest); - securityMetaData.setTracingHeaderValue(HttpRequestHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + securityRequest.setUrl(requestContext.getRequestUri().toString()); StackTraceElement[] trace = Thread.currentThread().getStackTrace(); @@ -182,17 +185,6 @@ private static String getHeaderValue(List values) { return finalValue.toString(); } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isRequestLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 7bcd414f8..a80932212 100644 --- a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -76,7 +76,10 @@ public static void preprocessSecurityHook(ContainerRequest requestContext) { } HttpRequestHelper.processHttpRequestHeader(requestContext, securityRequest); - securityMetaData.setTracingHeaderValue(HttpRequestHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + securityRequest.setUrl(requestContext.getRequestUri().toString()); StackTraceElement[] trace = Thread.currentThread().getStackTrace(); @@ -180,17 +183,6 @@ private static String getHeaderValue(List values) { return finalValue.toString(); } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isRequestLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java index c414129f9..82c335842 100644 --- a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java +++ b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java @@ -77,17 +77,6 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && @@ -147,7 +136,9 @@ public static void preprocessSecurityHook(HttpServletRequest httpServletRequest) HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java index a194d4807..8832268de 100644 --- a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java +++ b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java @@ -81,17 +81,6 @@ public static void processHttpRequestHeader(Request request, HttpRequest securit } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && @@ -151,7 +140,9 @@ public static void preprocessSecurityHook(Request request) { HttpServletHelper.processHttpRequestHeader(request, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(request.getHttpURI().getScheme()); diff --git a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java index 03ac12d08..5da129373 100644 --- a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java +++ b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java @@ -77,17 +77,6 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && @@ -147,7 +136,9 @@ public static void preprocessSecurityHook(HttpServletRequest httpServletRequest) HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java b/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java index 3754b8e9e..66b2210b6 100644 --- a/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java +++ b/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java @@ -71,16 +71,6 @@ public static void processHttpRequestHeader(HttpRequest httpRequest, } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } public static String getContentType(HttpRequest httpRequest) { return httpRequest.getHeaderValue(HttpHeaders.Names.CONTENT_TYPE); } diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index 637a252b3..101e44fb4 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -70,7 +70,9 @@ private static void preprocessSecurityHook(HttpRequestContext requestContext) { } MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(MuleHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index a7f6bc1ef..4af0d5319 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -64,7 +64,9 @@ private void preprocessSecurityHook(HttpRequestContext requestContext) { } MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(MuleHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java b/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java index f05979db0..a9d66ae17 100644 --- a/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java +++ b/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java @@ -65,16 +65,6 @@ public static void processHttpRequestHeader(HttpRequest httpRequest, com.newreli } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } public static String getContentType(HttpRequest httpRequest) { return httpRequest.getHeaderValue(HttpHeaders.Names.CONTENT_TYPE); } diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index e02e96ca8..ed68bd37b 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -70,7 +70,9 @@ private static void preprocessSecurityHook(HttpRequestContext requestContext) { } MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(MuleHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index 4fe834e0e..9c1c2ad33 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -64,7 +64,9 @@ private void preprocessSecurityHook(HttpRequestContext requestContext) { } MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(MuleHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java index 40428c49c..ac1c16e6f 100644 --- a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java +++ b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java @@ -54,7 +54,7 @@ public static void processSecurityRequest(ChannelHandlerContext ctx, Object msg, setClientAddressDetails(securityMetaData, ctx.channel().remoteAddress().toString()); setServerPortDetails(securityRequest, ctx.channel().localAddress().toString()); processHttpRequestHeader((HttpRequest)msg, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); securityRequest.setProtocol(((HttpRequest) msg).getProtocolVersion().protocolName()); securityRequest.setContentType(securityRequest.getHeaders().get("content-type")); @@ -153,18 +153,6 @@ public static void processHttpRequestHeader(HttpRequest request, com.newrelic.ap } } - - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processSecurityResponse(ChannelHandlerContext ctx, Object msg) { try { Transaction tx = NewRelic.getAgent().getTransaction(); diff --git a/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java b/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java index b6ac6bbf7..bdd82144d 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java +++ b/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java @@ -13,7 +13,6 @@ import javax.servlet.http.HttpServletRequest; import java.util.Collection; import java.util.Enumeration; -import java.util.Iterator; import java.util.Map; public class HttpServletHelper { @@ -77,17 +76,6 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java index 1caf929a4..ef91005d1 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java @@ -67,7 +67,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java index 2540b23f0..96c187744 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java @@ -69,7 +69,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java index 39c27b4d6..ca6959ae0 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java @@ -73,7 +73,9 @@ private void preprocessSecurityHook(ServletRequest_Instrumentation request, Serv HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java b/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java index aa32dba10..dd58ede50 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java +++ b/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java @@ -77,17 +77,6 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index e3414be3c..6d30b78d9 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -67,7 +67,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index 54c81187e..7586a1043 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -68,7 +68,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index 4ec1c91bd..f1e0e18c5 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -73,7 +73,9 @@ private void preprocessSecurityHook(ServletRequest_Instrumentation request, Serv HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java b/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java index 479e09e03..e2299aed7 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java +++ b/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java @@ -77,17 +77,6 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index ba39efeb2..757b56f4f 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -67,7 +67,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index 59d8e0f63..8b757e62d 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -68,7 +68,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index 46bc01e24..6a06730bf 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -73,7 +73,9 @@ private void preprocessSecurityHook(ServletRequest_Instrumentation request, Serv HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java index 463296ad0..6f27c4477 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java @@ -59,7 +59,10 @@ private void preprocessSecurityHook(HttpExchange exchange) { } HttpServerHelper.processHttpRequestHeaders(exchange.getRequestHeaders(), securityRequest); - securityMetaData.setTracingHeaderValue(HttpServerHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + securityRequest.setProtocol(HttpServerHelper.getProtocol(exchange)); securityRequest.setUrl(String.valueOf(exchange.getRequestURI())); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java index b49501523..6ca9fc78e 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java @@ -59,7 +59,10 @@ private void preprocessSecurityHook(HttpExchange exchange) { } HttpServerHelper.processHttpRequestHeaders(exchange.getRequestHeaders(), securityRequest); - securityMetaData.setTracingHeaderValue(HttpServerHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + securityRequest.setProtocol(HttpServerHelper.getProtocol(exchange)); securityRequest.setUrl(String.valueOf(exchange.getRequestURI())); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpServerHelper.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpServerHelper.java index 41b5c5962..a3374b65a 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpServerHelper.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpServerHelper.java @@ -73,16 +73,6 @@ public static String getContentType(Headers headers){ } return data; } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } public static void registerInputStreamHashIfNeeded(int inputStreamHash){ try { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java index 4be77dfae..f9fb4e45f 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java @@ -220,9 +220,12 @@ public void dispatchEvent(AbstractOperation operation, SecurityMetaData security GrpcClientRequestReplayHelper.getInstance().registerEventForProcessedCC(parentId, operation.getExecutionId()); } } else { - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(parentId, new HashSet<>()); if (StringUtils.equals(securityMetaData.getFuzzRequestIdentifier().getApiRecordId(), operation.getApiID())) { - RestRequestThreadPool.getInstance().registerEventForProcessedCC(parentId, operation.getExecutionId()); + String originAppUUID = securityMetaData.getFuzzRequestIdentifier().getOriginApplicationUUID(); + if(StringUtils.isBlank(originAppUUID)){ + originAppUUID = AgentInfo.getInstance().getApplicationUUID(); + } + RestRequestThreadPool.getInstance().registerEventForProcessedCC(parentId, operation.getExecutionId(), originAppUUID); } } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java index 628b2cf99..d51431777 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java @@ -13,11 +13,8 @@ import java.time.Instant; import java.util.HashMap; -import java.util.HashSet; import java.util.Map; import java.util.Set; -import java.util.HashSet; -import java.util.Set; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.ScheduledFuture; @@ -76,6 +73,7 @@ private void task() { int currentFetchThreshold = NewRelic.getAgent().getConfig() .getValue(SECURITY_POLICY_VULNERABILITY_SCAN_IAST_SCAN_PROBING_THRESHOLD, 300); + //TODO Update MicrosService Arch int remainingRecordCapacityRest = RestRequestThreadPool.getInstance().getQueue().remainingCapacity(); int currentRecordBacklogRest = RestRequestThreadPool.getInstance().getQueue().size(); int remainingRecordCapacityGrpc = GrpcClientRequestReplayHelper.getInstance().getRequestQueue().remainingCapacity(); @@ -93,12 +91,10 @@ private void task() { request = new IASTDataTransferRequest(NewRelicSecurity.getAgent().getAgentUUID()); request.setBatchSize(batchSize); - request.setCompletedRequests(getEffectiveCompletedRequests()); - - HashSet pendingRequestIds = new HashSet<>(); - pendingRequestIds.addAll(RestRequestThreadPool.getInstance().getPendingIds()); - pendingRequestIds.addAll(GrpcClientRequestReplayHelper.getInstance().getPendingIds()); - request.setPendingRequestIds(pendingRequestIds); + request.setGeneratedEvent(getEffectiveCompletedRequests()); + request.setClearFromPending(RestRequestThreadPool.getInstance().getClearFromPending()); + request.setCompletedReplay(RestRequestThreadPool.getInstance().getCompletedReplay()); + request.setErrorInReplay(RestRequestThreadPool.getInstance().getErrorInReplay()); WSClient.getInstance().send(request.toString()); } } catch (Throwable e) { @@ -108,19 +104,22 @@ private void task() { } } - private Map> getEffectiveCompletedRequests() { - Map> completedRequest = new HashMap<>(); - completedRequest.putAll(RestRequestThreadPool.getInstance().getProcessedIds()); - completedRequest.putAll(GrpcClientRequestReplayHelper.getInstance().getProcessedIds()); + private Map>> getEffectiveCompletedRequests() { + Map>> generatedEvents = new HashMap<>(); + generatedEvents.putAll(RestRequestThreadPool.getInstance().getGeneratedEvents()); for (String rejectedId : RestRequestThreadPool.getInstance().getRejectedIds()) { - completedRequest.remove(rejectedId); + for (Map.Entry>> applicationMap : generatedEvents.entrySet()) { + applicationMap.getValue().remove(rejectedId); + } } RestRequestThreadPool.getInstance().getRejectedIds().clear(); for (String rejectedId : GrpcClientRequestReplayHelper.getInstance().getRejectedIds()) { - completedRequest.remove(rejectedId); + for (Map.Entry>> applicationMap : generatedEvents.entrySet()) { + applicationMap.getValue().remove(rejectedId); + } } GrpcClientRequestReplayHelper.getInstance().getRejectedIds().clear(); - return completedRequest; + return generatedEvents; } private IASTDataTransferRequestProcessor() { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java index bb66bdbf0..d1c17e82d 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java @@ -2,7 +2,7 @@ import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.websocket.JsonConverter; -import com.newrelic.api.agent.security.NewRelicSecurity; +import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper; import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.agent.security.intcodeagent.models.FuzzRequestBean; import okhttp3.*; @@ -10,7 +10,6 @@ import okhttp3.internal.http.HttpMethod; import org.apache.commons.lang3.StringUtils; -import java.util.List; import java.util.Map; import java.util.Map.Entry; @@ -19,7 +18,7 @@ public class RequestUtils { private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); public static final String ERROR_IN_FUZZ_REQUEST_GENERATION = "Error in fuzz request generation {}"; - public static Request generateK2Request(FuzzRequestBean httpRequest, String endpoint) { + public static Request generateK2Request(FuzzRequestBean httpRequest, String endpoint, String controlCommandId) { try { logger.log(LogLevel.FINER, String.format("Firing request : %s", JsonConverter.toJSON(httpRequest)), RequestUtils.class.getName()); StringBuilder url = new StringBuilder(endpoint); @@ -52,6 +51,7 @@ public static Request generateK2Request(FuzzRequestBean httpRequest, String endp requestBuilder = requestBuilder.method(httpRequest.getMethod(), null); } requestBuilder = requestBuilder.headers(Headers.of((Map) httpRequest.getHeaders())); + requestBuilder.header(GenericHelper.CSEC_PARENT_ID, controlCommandId); return requestBuilder.build(); } catch (Exception e){ diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java index f39be870c..91d8a4ca9 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java @@ -121,20 +121,19 @@ public OkHttpClient getClient() { return clientThreadLocal.get(); } - public void fireRequest(FuzzRequestBean httpRequest, List endpoints, int repeatCount, String fuzzRequestId){ + public void fireRequest(FuzzRequestBean httpRequest, List endpoints, RestRequestProcessor restRequestProcessor, int repeatCount){ int responseCode = 999; if(endpoints.isEmpty()){ - Request request = RequestUtils.generateK2Request(httpRequest, String.format(IAgentConstants.ENDPOINT_LOCALHOST_S, httpRequest.getProtocol(), httpRequest.getServerPort())); + Request request = RequestUtils.generateK2Request(httpRequest, String.format(IAgentConstants.ENDPOINT_LOCALHOST_S, httpRequest.getProtocol(), httpRequest.getServerPort()), restRequestProcessor.getControlCommand().getId()); if (request != null) { try { - responseCode = RestClient.getInstance().fireRequest(request, repeatCount + endpoints.size() -1, fuzzRequestId); + responseCode = RestClient.getInstance().fireRequest(request, restRequestProcessor, repeatCount + endpoints.size() -1); } catch (SSLException e) { logger.log(LogLevel.FINER, String.format(CALL_FAILED_REQUEST_S_REASON, request), e, RestClient.class.getName()); logger.postLogMessageIfNecessary(LogLevel.WARNING, - String.format(CALL_FAILED_REQUEST_S_REASON, fuzzRequestId), + String.format(CALL_FAILED_REQUEST_S_REASON, restRequestProcessor.getControlCommand().getId()), e, RestRequestProcessor.class.getName()); - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(fuzzRequestId, new HashSet<>()); // TODO: Add to fuzz fail count in HC and remove FuzzFailEvent if not needed. FuzzFailEvent fuzzFailEvent = new FuzzFailEvent(AgentInfo.getInstance().getApplicationUUID()); fuzzFailEvent.setFuzzHeader(request.header(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID)); @@ -144,10 +143,10 @@ public void fireRequest(FuzzRequestBean httpRequest, List endpoints, int return; } for (String endpoint : endpoints) { - Request request = RequestUtils.generateK2Request(httpRequest, endpoint); + Request request = RequestUtils.generateK2Request(httpRequest, endpoint, restRequestProcessor.getControlCommand().getId()); try { if (request != null) { - responseCode = RestClient.getInstance().fireRequest(request, repeatCount + endpoints.size() -1, fuzzRequestId); + responseCode = fireRequest(request, restRequestProcessor, repeatCount + endpoints.size() -1); } if(responseCode == 301){continue;} break; @@ -156,10 +155,9 @@ public void fireRequest(FuzzRequestBean httpRequest, List endpoints, int } } - } - public int fireRequest(Request request, int repeatCount, String fuzzRequestId) throws SSLException { + public int fireRequest(Request request, RestRequestProcessor restRequestProcessor, int repeatCount) throws SSLException { OkHttpClient client = clientThreadLocal.get(); logger.log(LogLevel.FINER, String.format(FIRING_REQUEST_METHOD_S, request.method()), RestClient.class.getName()); @@ -171,33 +169,37 @@ public int fireRequest(Request request, int repeatCount, String fuzzRequestId) t Response response = call.execute(); logger.log(LogLevel.FINER, String.format(REQUEST_FIRED_SUCCESS, request), RestClient.class.getName()); if(response.code() >= 400 && response.code() < 500){ - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(fuzzRequestId, new HashSet<>()); logger.postLogMessageIfNecessary(LogLevel.WARNING, - String.format(RestClient.CALL_FAILED_REQUEST_S_REASON_S, fuzzRequestId, response, response.body().string()), null, + String.format(RestClient.CALL_FAILED_REQUEST_S_REASON_S, restRequestProcessor.getControlCommand().getId(), response, response.body().string()), null, RestRequestProcessor.class.getName()); - } else if(response.isSuccessful()){ - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(fuzzRequestId, new HashSet<>()); - }else { + } else { logger.log(LogLevel.FINER, String.format(REQUEST_SUCCESS_S_RESPONSE_S_S, request, response, response.body().string()), RestClient.class.getName()); } + restRequestProcessor.setSuccessful(true); + restRequestProcessor.setResponseCode(response.code()); response.body().close(); if (client.connectionPool() != null) { client.connectionPool().evictAll(); } return response.code(); } catch (SSLException e){ + restRequestProcessor.setExceptionRaised(true); + restRequestProcessor.setError(e); logger.log(LogLevel.FINE, String.format("Request failed due to SSL Exception %s ", request, e), RestClient.class.getName()); throw e; } catch (InterruptedIOException e){ + restRequestProcessor.setExceptionRaised(true); + restRequestProcessor.setError(e); if(repeatCount >= 0){ - return fireRequest(request, --repeatCount, fuzzRequestId); + return fireRequest(request, restRequestProcessor, --repeatCount); } } catch (IOException e) { + restRequestProcessor.setExceptionRaised(true); + restRequestProcessor.setError(e); logger.log(LogLevel.FINER, String.format(CALL_FAILED_REQUEST_S_REASON, request), e, RestClient.class.getName()); logger.postLogMessageIfNecessary(LogLevel.WARNING, - String.format(CALL_FAILED_REQUEST_S_REASON, fuzzRequestId), + String.format(CALL_FAILED_REQUEST_S_REASON, restRequestProcessor.getControlCommand().getId()), e, RestRequestProcessor.class.getName()); - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(fuzzRequestId, new HashSet<>()); // TODO: Add to fuzz fail count in HC and remove FuzzFailEvent if not needed. FuzzFailEvent fuzzFailEvent = new FuzzFailEvent(AgentInfo.getInstance().getApplicationUUID()); fuzzFailEvent.setFuzzHeader(request.header(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID)); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java index 92c13e89b..7a4aa761a 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java @@ -42,6 +42,14 @@ public class RestRequestProcessor implements Callable { private int repeatCount; + private boolean isSuccessful = false; + + private int responseCode; + + private boolean exceptionRaised = false; + + private Throwable error; + private ObjectMapper objectMapper = new ObjectMapper(); private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); @@ -51,6 +59,41 @@ public RestRequestProcessor(IntCodeControlCommand controlCommand, int repeatCoun this.repeatCount = repeatCount; } + public boolean isSuccessful() { + return isSuccessful; + } + + public void setSuccessful(boolean successful) { + isSuccessful = successful; + } + + public int getResponseCode() { + return responseCode; + } + + public void setResponseCode(int responseCode) { + this.responseCode = responseCode; + } + + public boolean isExceptionRaised() { + return exceptionRaised; + } + + public void setExceptionRaised(boolean exceptionRaised) { + this.exceptionRaised = exceptionRaised; + } + + public Throwable getError() { + return error; + } + + public void setError(Throwable error) { + this.error = error; + } + + public int getRepeatCount() { + return repeatCount; + } /** * Does the request replay in IAST mode. @@ -80,13 +123,7 @@ public Boolean call() throws InterruptedException { httpRequest = objectMapper.readValue(req, FuzzRequestBean.class); httpRequest.getHeaders().put(GenericHelper.CSEC_PARENT_ID, controlCommand.getId()); - if (httpRequest.getIsGrpc()){ - GrpcClientRequestReplayHelper.getInstance().getPendingIds().add(controlCommand.getId()); - GrpcClientRequestReplayHelper.getInstance().removeFromProcessedCC(controlCommand.getId()); - } else { - RestRequestThreadPool.getInstance().getPendingIds().add(controlCommand.getId()); - RestRequestThreadPool.getInstance().removeFromProcessedCC(controlCommand.getId()); - } + httpRequest.setReflectedMetaData(controlCommand.getReflectedMetaData()); if (httpRequest.getIsGrpc()){ @@ -104,24 +141,26 @@ public Boolean call() throws InterruptedException { GrpcClientRequestReplayHelper.getInstance().addToRequestQueue(new ControlCommandDto(controlCommand.getId(), httpRequest, payloadList)); } else { List endpoints = prepareAllEndpoints(NewRelicSecurity.getAgent().getApplicationConnectionConfig()); - RestClient.getInstance().fireRequest(httpRequest, endpoints, repeatCount + endpoints.size() -1, controlCommand.getId()); + RestClient.getInstance().fireRequest(httpRequest, endpoints, this, repeatCount + endpoints.size() -1); } return true; } catch (JsonProcessingException e){ + setExceptionRaised(true); + setError(e); logger.log(LogLevel.SEVERE, String.format(JSON_PARSING_ERROR_WHILE_PROCESSING_FUZZING_REQUEST_S, controlCommand.getArguments().get(0)), e, RestRequestProcessor.class.getName()); logger.postLogMessageIfNecessary(LogLevel.SEVERE, String.format(JSON_PARSING_ERROR_WHILE_PROCESSING_FUZZING_REQUEST_S, controlCommand.getId()), e, RestRequestProcessor.class.getName()); - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(controlCommand.getId(), new HashSet<>()); } catch (Throwable e) { + setExceptionRaised(true); + setError(e); logger.log(LogLevel.SEVERE, String.format(ERROR_WHILE_PROCESSING_FUZZING_REQUEST_S, controlCommand.getArguments().get(0)), e, RestRequestProcessor.class.getName()); logger.postLogMessageIfNecessary(LogLevel.SEVERE, String.format(ERROR_WHILE_PROCESSING_FUZZING_REQUEST_S, controlCommand.getId()), e, RestRequestProcessor.class.getName()); - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(controlCommand.getId(), new HashSet<>()); throw e; } return true; diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java index 779217700..4f9523b19 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java @@ -6,9 +6,8 @@ import com.newrelic.api.agent.security.utils.logging.LogLevel; import org.apache.commons.lang3.StringUtils; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; +import java.io.InterruptedIOException; +import java.util.*; import java.util.concurrent.*; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicInteger; @@ -30,19 +29,42 @@ public class RestRequestThreadPool { private static final AtomicBoolean isWaiting = new AtomicBoolean(false); - private final Map> processedIds = new ConcurrentHashMap(); + private final Set rejectedIds = ConcurrentHashMap.newKeySet(); - private final Set pendingIds = ConcurrentHashMap.newKeySet(); + private Set completedReplay = ConcurrentHashMap.newKeySet(); + + private Set errorInReplay = ConcurrentHashMap.newKeySet(); + + private Set clearFromPending = ConcurrentHashMap.newKeySet(); + + /** + * "generatedEvents": + * { + * "ORIGIN_APPUUID_1" : {"FUZZ_ID_1":["EVENT_ID_1"], "FUZZ_ID_2":["EVENT_ID_2"]}, + * } + * */ + private final Map>> generatedEvents = new ConcurrentHashMap(); - private final Set rejectedIds = ConcurrentHashMap.newKeySet(); public void resetIASTProcessing() { - rejectedIds.addAll(processedIds.keySet()); - processedIds.clear(); - pendingIds.clear(); + getAllControlCommandID(generatedEvents); + generatedEvents.clear(); + completedReplay.clear(); + clearFromPending.clear(); + errorInReplay.clear(); executor.getQueue().clear(); } + private void getAllControlCommandID(Map>> generatedEvents) { + if(generatedEvents == null || generatedEvents.isEmpty()) { + return; + } + + for (Map> applicationMap : generatedEvents.values()) { + rejectedIds.addAll(applicationMap.keySet()); + } + } + private RestRequestThreadPool() { LinkedBlockingQueue processQueue; // load the settings @@ -55,21 +77,24 @@ protected void afterExecute(Runnable r, Throwable t) { super.afterExecute(r, t); String controlCommandId = null; if (r instanceof CustomFutureTask && ((CustomFutureTask) r).getTask() instanceof RestRequestProcessor) { - Boolean result = (Boolean) ((CustomFutureTask) r).get(); RestRequestProcessor task = (RestRequestProcessor) ((CustomFutureTask) r).getTask(); controlCommandId = task.getControlCommand().getId(); - if(t != null || !result) { - if (StringUtils.isNotBlank(controlCommandId)) { - rejectedIds.add(controlCommandId); - } + if(task.isSuccessful() && 500 < task.getResponseCode() && task.getResponseCode() >= 400){ + errorInReplay.add(controlCommandId); + } else if (task.isSuccessful()) { + completedReplay.add(controlCommandId); + } else if (task.isExceptionRaised() && task.getError() instanceof InterruptedIOException) { + clearFromPending.add(controlCommandId); + } else if(task.isExceptionRaised()) { + errorInReplay.add(controlCommandId); } else { - processedIds.putIfAbsent(controlCommandId, new HashSet<>()); + clearFromPending.add(controlCommandId); + } + if (StringUtils.isBlank(controlCommandId)) { + rejectedIds.add(controlCommandId); } } - if(StringUtils.isNotBlank(controlCommandId)){ - pendingIds.remove(controlCommandId); - } - } catch (ExecutionException | InterruptedException ignored) { + } catch (Exception ignored) { } } @@ -135,32 +160,38 @@ public ThreadPoolExecutor getExecutor() { return executor; } - public Map> getProcessedIds() { - return processedIds; - } - public Set getRejectedIds() { return rejectedIds; } - public Set getPendingIds() { - return pendingIds; + public Set getCompletedReplay() { + return completedReplay; } - public void registerEventForProcessedCC(String controlCommandId, String eventId) { + public Set getErrorInReplay() { + return errorInReplay; + } + + public Set getClearFromPending() { + return clearFromPending; + } + + public void registerEventForProcessedCC(String controlCommandId, String eventId, String originAppUuid) { if(StringUtils.isAnyBlank(controlCommandId, eventId)){ return; } - Set registeredEvents = processedIds.get(controlCommandId); - if(registeredEvents != null) { - registeredEvents.add(eventId); + if(!generatedEvents.containsKey(originAppUuid)){ + logger.log(LogLevel.FINE, String.format("Entry from map of generatedEvents for %s is missing. generatedEvents are : %s", originAppUuid, generatedEvents), RestRequestThreadPool.class.getName()); } - } - public void removeFromProcessedCC(String controlCommandId) { - if(StringUtils.isNotBlank(controlCommandId)){ - processedIds.remove(controlCommandId); + if(generatedEvents.get(originAppUuid).containsKey(controlCommandId)) { + generatedEvents.get(originAppUuid).get(controlCommandId).add(eventId); + } else { + System.out.println("controlCommandId is not present for : "+controlCommandId); } } + public Map>> getGeneratedEvents() { + return generatedEvents; + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java index dc6f5914c..244f320d0 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java @@ -148,8 +148,7 @@ public static String getSHA256HexDigest(List data) { return getChecksum(input); } public static String getSHA256HexDigest(String data) { - String input = StringUtils.join(data); - return getChecksum(input); + return getChecksum(data); } /** diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java index f66a634d4..e67b88a30 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java @@ -1,18 +1,19 @@ package com.newrelic.agent.security.intcodeagent.controlcommand; import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; import com.newrelic.agent.security.instrumentator.httpclient.IASTDataTransferRequestProcessor; import com.newrelic.agent.security.instrumentator.httpclient.RestRequestProcessor; import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; import com.newrelic.agent.security.instrumentator.utils.AgentUtils; import com.newrelic.agent.security.instrumentator.utils.InstrumentationUtils; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.agent.security.intcodeagent.models.IASTDataTransferRequest; import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.agent.security.intcodeagent.logging.IAgentConstants; import com.newrelic.agent.security.intcodeagent.models.config.AgentPolicyParameters; import com.newrelic.agent.security.intcodeagent.models.javaagent.EventResponse; import com.newrelic.agent.security.intcodeagent.models.javaagent.IntCodeControlCommand; -import com.newrelic.agent.security.intcodeagent.utils.CommonUtils; import com.newrelic.agent.security.intcodeagent.websocket.EventSendPool; import com.newrelic.agent.security.intcodeagent.websocket.JsonConverter; import com.newrelic.agent.security.intcodeagent.websocket.WSClient; @@ -29,6 +30,7 @@ import java.time.temporal.ChronoUnit; import java.util.List; import java.util.Map; +import java.util.Set; public class ControlCommandProcessor implements Runnable { @@ -65,6 +67,7 @@ public class ControlCommandProcessor implements Runnable { public static final String PURGING_CONFIRMED_IAST_PROCESSED_RECORDS_COUNT_S = "Purging confirmed IAST processed records count : %s"; public static final String PURGING_CONFIRMED_IAST_PROCESSED_RECORDS_S = "Purging confirmed IAST processed records : %s"; + private ObjectMapper objectMapper = new ObjectMapper(); private String controlCommandMessage; @@ -258,7 +261,9 @@ public void run() { controlCommand.getArguments().size()), this.getClass().getName()); logger.log(LogLevel.FINEST, String.format(PURGING_CONFIRMED_IAST_PROCESSED_RECORDS_S, controlCommand.getArguments()), this.getClass().getName()); - controlCommand.getArguments().forEach(RestRequestThreadPool.getInstance().getProcessedIds()::remove); + //TODO Update MicrosService Arch + IASTDataTransferRequest requestForPurge = objectMapper.convertValue(controlCommand.getData(), IASTDataTransferRequest.class); + purgeIastDataTransferRequest(requestForPurge); controlCommand.getArguments().forEach(GrpcClientRequestReplayHelper.getInstance().getProcessedIds()::remove); break; default: @@ -268,6 +273,17 @@ public void run() { } } + private static void purgeIastDataTransferRequest(IASTDataTransferRequest requestForPurge) { + RestRequestThreadPool.getInstance().getCompletedReplay().removeAll(requestForPurge.getCompletedReplay()); + RestRequestThreadPool.getInstance().getErrorInReplay().removeAll(requestForPurge.getErrorInReplay()); + RestRequestThreadPool.getInstance().getClearFromPending().removeAll(requestForPurge.getClearFromPending()); + for (Map.Entry>> applicationMap : RestRequestThreadPool.getInstance().getGeneratedEvents().entrySet()) { + String originAppUUID = applicationMap.getKey(); + Map> purgeApplicationMap = requestForPurge.getGeneratedEvent().get(originAppUUID); + purgeApplicationMap.forEach(applicationMap.getValue()::remove); + } + } + public static void processControlCommand(String controlCommandMessage, long receiveTimestamp) { ControlCommandProcessorThreadPool.getInstance().executor .submit(new ControlCommandProcessor(controlCommandMessage, receiveTimestamp)); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java index 9a7fe3b02..34894c579 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java @@ -14,11 +14,13 @@ public class IASTDataTransferRequest { private int batchSize; - private Set pendingRequestIds; + private Set completedReplay; - private Map> completedRequests; + private Set errorInReplay; - private String sequenceNumber; + private Set clearFromPending; + + private Map>> generatedEvent; public IASTDataTransferRequest() {} public IASTDataTransferRequest(String applicationUUID) { @@ -41,28 +43,44 @@ public void setBatchSize(int batchSize) { this.batchSize = batchSize; } - public Map> getCompletedRequests() { - return completedRequests; + public String getJsonName() { + return jsonName; } - public void setCompletedRequests(Map> completedRequests) { - this.completedRequests = completedRequests; + public void setJsonName(String jsonName) { + this.jsonName = jsonName; } - public Set getPendingRequestIds() { - return pendingRequestIds; + public Set getCompletedReplay() { + return completedReplay; } - public void setPendingRequestIds(Set pendingRequestIds) { - this.pendingRequestIds = pendingRequestIds; + public void setCompletedReplay(Set completedReplay) { + this.completedReplay = completedReplay; } - public String getJsonName() { - return jsonName; + public Set getErrorInReplay() { + return errorInReplay; } - public void setJsonName(String jsonName) { - this.jsonName = jsonName; + public void setErrorInReplay(Set errorInReplay) { + this.errorInReplay = errorInReplay; + } + + public Set getClearFromPending() { + return clearFromPending; + } + + public void setClearFromPending(Set clearFromPending) { + this.clearFromPending = clearFromPending; + } + + public Map>> getGeneratedEvent() { + return generatedEvent; + } + + public void setGeneratedEvent(Map>> generatedEvent) { + this.generatedEvent = generatedEvent; } @Override diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index fb508054c..0be4e07a0 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -4,6 +4,7 @@ import com.newrelic.agent.security.AgentConfig; import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.dispatcher.DispatcherPool; +import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; import com.newrelic.agent.security.instrumentator.os.OsVariablesInstance; import com.newrelic.agent.security.instrumentator.utils.*; import com.newrelic.agent.security.intcodeagent.constants.AgentServices; @@ -33,13 +34,10 @@ import java.lang.instrument.Instrumentation; import java.lang.instrument.UnmodifiableClassException; import java.net.HttpURLConnection; -import java.net.Socket; import java.net.URL; import java.time.Instant; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.Map; +import java.util.*; +import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicBoolean; import java.util.logging.Level; @@ -684,4 +682,23 @@ public String decryptAndVerify(String encryptedData, String hashVerifier) { return null; } } + + @Override + public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry fuzzRequestEmptyEntry) { + String currentEntityGuid = AgentInfo.getInstance().getLinkingMetadata().getOrDefault(INRSettingsKey.NR_ENTITY_GUID, StringUtils.EMPTY); + String originAppUUID = fuzzRequestEmptyEntry.getOriginAppUuid(); + if(StringUtils.isBlank(originAppUUID)){ + originAppUUID = AgentInfo.getInstance().getApplicationUUID(); + } + String shaDigestOfCurrentEntityGuid = HashGenerator.getSHA256HexDigest(currentEntityGuid); + if(StringUtils.equals(shaDigestOfCurrentEntityGuid, fuzzRequestEmptyEntry.getOriginEntityGuid())){ + if(RestRequestThreadPool.getInstance().getGeneratedEvents().containsKey(originAppUUID)) { + RestRequestThreadPool.getInstance().getGeneratedEvents().get(originAppUUID).put(fuzzRequestEmptyEntry.getControlCommandId(), ConcurrentHashMap.newKeySet()); + } else { + Map> emptyEntry = new ConcurrentHashMap<>(); + emptyEntry.put(fuzzRequestEmptyEntry.getControlCommandId(), ConcurrentHashMap.newKeySet()); + RestRequestThreadPool.getInstance().getGeneratedEvents().put(originAppUUID, emptyEntry); + } + } + } } \ No newline at end of file diff --git a/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java index ac62898c7..f1f840ae5 100644 --- a/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -2,8 +2,8 @@ import com.newrelic.api.agent.NewRelic; import com.newrelic.api.agent.Transaction; -import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.schema.AbstractOperation; +import com.newrelic.api.agent.security.schema.FuzzRequestEmptyEntry; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.operation.FileIntegrityOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -12,10 +12,7 @@ import java.lang.instrument.Instrumentation; import java.net.URL; import java.time.Instant; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.Map; +import java.util.*; import java.util.concurrent.ConcurrentHashMap; public class Agent implements SecurityAgent { @@ -195,4 +192,9 @@ public void retransformUninstrumentedClass(Class classToRetransform) { public String decryptAndVerify(String encryptedData, String hashVerifier) { return null; } + + @Override + public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry emptyEntry) { + + } } \ No newline at end of file diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java index b110083e5..3de9fc53d 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java @@ -7,8 +7,8 @@ package com.newrelic.api.agent.security; -import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.schema.AbstractOperation; +import com.newrelic.api.agent.security.schema.FuzzRequestEmptyEntry; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -126,5 +126,10 @@ public String decryptAndVerify(String encryptedData, String hashVerifier) { return null; } + @Override + public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry emptyEntry) { + + } + } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java index 81a4d65eb..a90781783 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java @@ -8,6 +8,7 @@ package com.newrelic.api.agent.security; import com.newrelic.api.agent.security.schema.AbstractOperation; +import com.newrelic.api.agent.security.schema.FuzzRequestEmptyEntry; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -15,6 +16,7 @@ import java.lang.instrument.Instrumentation; import java.net.URL; import java.util.Map; +import java.util.Set; /** * The New Relic Security Java Agent's API. @@ -67,4 +69,6 @@ public interface SecurityAgent { void retransformUninstrumentedClass(Class classToRetransform); String decryptAndVerify(String encryptedData, String hashVerifier); + + void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry emptyEntry); } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java index 46c0e305d..5fef7c098 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java @@ -30,6 +30,7 @@ private static final class InstanceHolder { static final GrpcClientRequestReplayHelper instance = new GrpcClientRequestReplayHelper(); } + //TODO Update MicrosService Arch public void resetIASTProcessing() { rejectedIds.addAll(processedIds.keySet()); processedIds.clear(); @@ -94,6 +95,7 @@ public Set getPendingIds() { } public void registerEventForProcessedCC(String controlCommandId, String eventId) { + //TODO Update MicrosService Arch if(StringUtils.isAnyBlank(controlCommandId, eventId)){ return; } @@ -104,6 +106,7 @@ public void registerEventForProcessedCC(String controlCommandId, String eventId) } public void removeFromProcessedCC(String controlCommandId) { + //TODO Update MicrosService Arch if(StringUtils.isNotBlank(controlCommandId)){ processedIds.remove(controlCommandId); } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java index 8217daf9a..c3d44f0c5 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java @@ -1,10 +1,7 @@ package com.newrelic.api.agent.security.instrumentation.helpers; import com.newrelic.api.agent.security.NewRelicSecurity; -import com.newrelic.api.agent.security.schema.APIRecordStatus; -import com.newrelic.api.agent.security.schema.K2RequestIdentifier; -import com.newrelic.api.agent.security.schema.SecurityMetaData; -import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.*; import com.newrelic.api.agent.security.utils.logging.LogLevel; import java.io.File; @@ -13,10 +10,7 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Paths; -import java.util.Arrays; -import java.util.HashSet; -import java.util.List; -import java.util.Set; +import java.util.*; import java.util.concurrent.ConcurrentHashMap; public class ServletHelper { @@ -33,6 +27,7 @@ public class ServletHelper { public static final String SERVLET_GET_WRITER_OPERATION_LOCK = "SERVLET_GET_WRITER_OPERATION_LOCK-"; public static final String NR_SEC_HTTP_SESSION_ATTRIB_NAME = "NR-CSEC-HTTP-SESSION-"; public static final String NR_SEC_HTTP_SERVLET_RESPONSE_ATTRIB_NAME = "NR-CSEC-HTTP-SERVLET-RESPONSE-"; + public static final String SEPARATOR_COLON = ":"; private static Set filesToRemove = ConcurrentHashMap.newKeySet(); private static final Set unsupportedContentType = new HashSet() {{ @@ -83,7 +78,8 @@ public static K2RequestIdentifier parseFuzzRequestIdentifierHeader(String reques String[] data = StringUtils.splitByWholeSeparatorWorker(requestHeaderVal, SEPARATOR_SEMICOLON, -1, false); if (data.length >= 5) { - k2RequestIdentifierInstance.setApiRecordId(data[0].trim()); + k2RequestIdentifierInstance.setOriginEntityGuid(StringUtils.substringBefore(data[0].trim(), SEPARATOR_COLON)); + k2RequestIdentifierInstance.setApiRecordId(StringUtils.substringAfterLast(data[0].trim(), SEPARATOR_COLON)); k2RequestIdentifierInstance.setRefId(data[1].trim()); k2RequestIdentifierInstance.setRefValue(data[2].trim()); k2RequestIdentifierInstance.setNextStage(APIRecordStatus.valueOf(data[3].trim())); @@ -198,4 +194,31 @@ public static boolean isResponseContentTypeExcluded( String responseContentType) } return unsupportedContentType.contains(responseContentType); } + + public static FuzzRequestEmptyEntry iastDataRequestAddEmptyEntry(K2RequestIdentifier requestIdentifier, String traceHeader, String csecParentId) { + String originAppUUID = getOriginAppUUID(traceHeader); + requestIdentifier.setOriginApplicationUUID(originAppUUID); + return new FuzzRequestEmptyEntry(originAppUUID, requestIdentifier.getOriginEntityGuid(), csecParentId); + } + + private static String getOriginAppUUID(String traceHeader) { + if(StringUtils.isNotBlank(traceHeader)) { + return StringUtils.substringBefore(traceHeader, "/"); + } + return StringUtils.EMPTY; + } + + /** + * This method should be called only after parseFuzzRequestIdentifierHeader + * */ + public static String getTraceHeader(Map headers) { + String data = StringUtils.EMPTY; + if (headers.containsKey(CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { + data = headers.get(CSEC_DISTRIBUTED_TRACING_HEADER); + if (data == null || data.trim().isEmpty()) { + data = headers.get(CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); + } + } + return data; + } } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/FuzzRequestEmptyEntry.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/FuzzRequestEmptyEntry.java new file mode 100644 index 000000000..e4a81b9fd --- /dev/null +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/FuzzRequestEmptyEntry.java @@ -0,0 +1,40 @@ +package com.newrelic.api.agent.security.schema; + +public class FuzzRequestEmptyEntry { + + private String originAppUuid; + + private String originEntityGuid; + + private String controlCommandId; + + public FuzzRequestEmptyEntry(String originAppUuid, String originEntityGuid, String controlCommandId) { + this.originAppUuid = originAppUuid; + this.originEntityGuid = originEntityGuid; + this.controlCommandId = controlCommandId; + } + + public String getOriginAppUuid() { + return originAppUuid; + } + + public void setOriginAppUuid(String originAppUuid) { + this.originAppUuid = originAppUuid; + } + + public String getOriginEntityGuid() { + return originEntityGuid; + } + + public void setOriginEntityGuid(String originEntityGuid) { + this.originEntityGuid = originEntityGuid; + } + + public String getControlCommandId() { + return controlCommandId; + } + + public void setControlCommandId(String controlCommandId) { + this.controlCommandId = controlCommandId; + } +} diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/K2RequestIdentifier.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/K2RequestIdentifier.java index b690fb7f6..75dbec5db 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/K2RequestIdentifier.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/K2RequestIdentifier.java @@ -14,6 +14,10 @@ public class K2RequestIdentifier { private String refKey; private List tempFiles; + private String originApplicationUUID; + + private String originEntityGuid; + public K2RequestIdentifier() { k2Request = false; tempFiles = new ArrayList<>(); @@ -32,6 +36,8 @@ public K2RequestIdentifier(K2RequestIdentifier k2RequestIdentifierInstance) { this.tempFiles = new ArrayList<>(k2RequestIdentifierInstance.tempFiles); } this.raw = (StringUtils.isNotBlank(k2RequestIdentifierInstance.raw)) ? new String(k2RequestIdentifierInstance.raw) : null; + this.originApplicationUUID = (StringUtils.isNotBlank(k2RequestIdentifierInstance.originApplicationUUID)) ? new String(k2RequestIdentifierInstance.originApplicationUUID) : null; + this.originEntityGuid = (StringUtils.isNotBlank(k2RequestIdentifierInstance.originEntityGuid)) ? new String(k2RequestIdentifierInstance.originEntityGuid) : null; } public String getRefId() { @@ -111,4 +117,20 @@ public String getRefKey() { public void setRefKey(String refKey) { this.refKey = refKey; } + + public String getOriginApplicationUUID() { + return originApplicationUUID; + } + + public void setOriginApplicationUUID(String originApplicationUUID) { + this.originApplicationUUID = originApplicationUUID; + } + + public String getOriginEntityGuid() { + return originEntityGuid; + } + + public void setOriginEntityGuid(String originEntityGuid) { + this.originEntityGuid = originEntityGuid; + } }