diff --git a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java index 64bc7cd18..42395d100 100644 --- a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java @@ -39,7 +39,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB } try { token.linkAndExpire(); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); if(!isServletLockAcquired || !NewRelicSecurity.isHookProcessingActive() || Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("RXSS_PROCESSED", Boolean.class))){ return; } diff --git a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index 4fcf2d24a..0c5e4dc03 100644 --- a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -48,7 +48,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseContentType(contentType); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseBody(response); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(responseCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index 0329e7dcf..5aa47d83b 100644 --- a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -48,7 +48,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseContentType(contentType); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseBody(responseBody); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(responseCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index b52bce019..d8e6748d7 100644 --- a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -49,7 +49,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseContentType(contentType); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseBody(responseBody); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(responseCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); if(!ServletHelper.isResponseContentTypeExcluded(NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseContentType())) { diff --git a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java index 0d4e11954..c76690975 100644 --- a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java +++ b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java @@ -25,7 +25,7 @@ public abstract class LdapAsyncConnection_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java index c4b0d99ec..246f62cc9 100644 --- a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java +++ b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java @@ -25,7 +25,7 @@ public abstract class LdapConnection_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java b/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java index 3fed3edd5..891545e80 100644 --- a/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java +++ b/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java @@ -114,7 +114,7 @@ private Request addSecurityHeaders(Request request, AbstractOperation operation) private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java b/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java index eb08287c1..9b734c8be 100644 --- a/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java +++ b/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java @@ -20,7 +20,7 @@ public class BuilderSupport_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java b/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java index 618df5771..fb755cb95 100644 --- a/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java +++ b/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java @@ -76,7 +76,7 @@ public static AbstractOperation preProcessSecurityHook(Statement statement, Conf public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if(operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ){ return; } diff --git a/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java b/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java index 16315a48f..ad3d76d2b 100644 --- a/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java +++ b/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java @@ -130,7 +130,7 @@ public static void releaseLock(int hashCode) { public static void registerExitOperation(boolean isLockAcquired, AbstractOperation operation) { try { if(operation == null || !isLockAcquired || !NewRelicSecurity.isHookProcessingActive() - || GenericHelper.skipExistsEvent()) { + || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java b/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java index 5c3b6653d..1c2216c4e 100644 --- a/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java +++ b/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java @@ -93,7 +93,7 @@ public void removeAll(String xpath, Expression expr) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java index ab54e4cbb..2e234e3b2 100644 --- a/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java @@ -75,7 +75,7 @@ public static AbstractOperation processDynamoDBRequest(Request yRequest, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java index e578f4e7a..5ef7afe0b 100644 --- a/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java @@ -76,7 +76,7 @@ public static AbstractOperation processDynamoDBRequest(Request yRequest, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java index 2a99f2819..85ec670bf 100644 --- a/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java @@ -85,7 +85,7 @@ public static AbstractOperation processDynamoDBRequest(Request yRequest, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java index 47e96e778..d725a9b0b 100644 --- a/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java @@ -75,7 +75,7 @@ public static AbstractOperation processDynamoDBRequest(Request yRequest, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java b/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java index 0423e0020..e2acb5893 100644 --- a/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java @@ -79,7 +79,7 @@ public static AbstractO public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java b/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java index dd51a382a..5155cb05d 100644 --- a/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java @@ -88,7 +88,7 @@ public static AbstractO public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java b/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java index 4063dd651..8c38ac0d7 100644 --- a/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java @@ -93,7 +93,7 @@ public static AbstractO public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/exception-handler/src/main/java/java/lang/Exception_Instrumentation.java b/instrumentation-security/exception-handler/src/main/java/java/lang/Exception_Instrumentation.java index 16e8cd7c6..129ca7526 100644 --- a/instrumentation-security/exception-handler/src/main/java/java/lang/Exception_Instrumentation.java +++ b/instrumentation-security/exception-handler/src/main/java/java/lang/Exception_Instrumentation.java @@ -1,6 +1,7 @@ package java.lang; import com.newrelic.api.agent.security.NewRelicSecurity; +import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.weaver.MatchType; import com.newrelic.api.agent.weaver.Weave; import com.newrelic.api.agent.weaver.WeaveAllConstructors; @@ -10,7 +11,7 @@ public class Exception_Instrumentation extends Throwable { @WeaveAllConstructors public Exception_Instrumentation() { - if (NewRelicSecurity.isHookProcessingActive()) { + if (!StringUtils.equals(NewRelicSecurity.getSecurityMode(), "IAST_MONITORING") && NewRelicSecurity.isHookProcessingActive()) { Boolean skipException = NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("SKIP_EXCEPTION_HANDLER", Boolean.class); if (skipException == null || !skipException) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute("ENDMOST_EXCEPTION", this); diff --git a/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java b/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java index 0c566ca12..a6f94f23f 100644 --- a/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java +++ b/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java @@ -27,7 +27,7 @@ public boolean exists() { boolean isOwaspHookEnabled = NewRelicSecurity.getAgent().isLowPriorityInstrumentationEnabled(); AbstractOperation operation = null; - if (isOwaspHookEnabled && !FileHelper.skipExistsEvent(this.getName()) && LowSeverityHelper.isOwaspHookProcessingNeeded()) { + if (isOwaspHookEnabled && !FileHelper.skipExitEvent(this.getName()) && LowSeverityHelper.isOwaspHookProcessingNeeded()) { isFileLockAcquired = GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.FILE_OPERATION, FileHelper.getNrSecCustomAttribName()); if (isFileLockAcquired) operation = preprocessSecurityHook(true, FileHelper.METHOD_NAME_EXISTS, true, this); diff --git a/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java b/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java index 44b785f08..4570c0593 100644 --- a/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java +++ b/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java @@ -42,7 +42,7 @@ public Value eval(String languageId, Object sourceImpl) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java b/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java index e2815faeb..d70e0dbb0 100644 --- a/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java +++ b/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java @@ -42,7 +42,7 @@ public Value eval(String languageId, org.graalvm.polyglot.Source source) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java index c20978838..facd3b2d6 100644 --- a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java @@ -92,7 +92,7 @@ public static void postProcessSecurityHook(Metadata metadata, int statusCode, St } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(statusCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java index 87cb954c5..f129a7dcb 100644 --- a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java @@ -97,7 +97,7 @@ public static void postProcessSecurityHook(Metadata metadata, int statusCode, St } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(statusCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java index 3b65ebbf0..b12cc2ae1 100644 --- a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java @@ -92,7 +92,7 @@ public static void postProcessSecurityHook(Metadata metadata, int statusCode, St } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(statusCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java b/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java index e676426d0..9f8c2b584 100644 --- a/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java +++ b/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java @@ -93,7 +93,7 @@ public Object lookupLink(String name) throws NamingException { private void registerExitOperation(boolean isLockAcquired, List operations) { try { if(operations == null || operations.isEmpty() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } @@ -108,7 +108,7 @@ private void registerExitOperation(boolean isLockAcquired, List search(Name name, String filter, SearchCo private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java b/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java index 28d821f5b..8497fa157 100644 --- a/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java +++ b/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java @@ -66,7 +66,7 @@ public XObject execute( private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java b/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java index f236ef07e..73d175136 100644 --- a/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java +++ b/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java @@ -104,7 +104,7 @@ public Object evaluate(String expression, Object item, QName returnType) private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java b/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java index 673a6ff6d..d72df36ee 100644 --- a/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java +++ b/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java @@ -42,7 +42,7 @@ public List selectNodes(Object node) throws JaxenException { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java b/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java index 993eee53a..ad3d3c740 100644 --- a/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java +++ b/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java @@ -42,7 +42,7 @@ public List selectNodes(Object node) throws JaxenException { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java b/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java index d6741bcac..59d0a2b5e 100644 --- a/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java +++ b/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java @@ -46,7 +46,7 @@ public abstract class PreparedStatement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java b/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java index 9bee877f7..ac0cffeac 100644 --- a/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java +++ b/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java @@ -34,7 +34,7 @@ public abstract class Statement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java b/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java index aa5212cf8..079deb8c7 100644 --- a/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java +++ b/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java @@ -38,7 +38,7 @@ public abstract class JtdsPreparedStatement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsStatement_Instrumentation.java b/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsStatement_Instrumentation.java index 1f66ea7a1..20807208d 100644 --- a/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsStatement_Instrumentation.java +++ b/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsStatement_Instrumentation.java @@ -32,7 +32,7 @@ public abstract class JtdsStatement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java b/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java index 973c18a74..1d38391e9 100644 --- a/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java @@ -38,7 +38,7 @@ public abstract class AbstractJdbc2Statement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java b/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java index d775bc6c7..08e90c455 100644 --- a/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java @@ -43,7 +43,7 @@ public abstract class PgStatement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 1dace5e70..f0051ebc2 100644 --- a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -77,7 +77,7 @@ public static void postProcessSecurityHook(String className, OutboundMessageCont ) { return; } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setHeaders(getHeaders(wrappedMessageContext)); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 18e77b36c..bed9384e8 100644 --- a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -79,7 +79,7 @@ public static void postProcessSecurityHook(String className, OutboundMessageCont if (Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("RXSS_PROCESSED", Boolean.class))) { return; } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setHeaders(getHeaders(wrappedMessageContext)); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 14d88c1af..f6243c11c 100644 --- a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -82,7 +82,7 @@ public static void postProcessSecurityHook(String className, OutboundMessageCont ) { return; } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setHeaders(getHeaders(wrappedMessageContext)); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java index d95541647..cdb695c0f 100644 --- a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java +++ b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java @@ -162,7 +162,7 @@ public static void postProcessSecurityHook(HttpServletRequest request, HttpServl return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(response.getStatus()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); if(!ServletHelper.isResponseContentTypeExcluded(NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseContentType())){ diff --git a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java index 5632b836b..3da82ed3f 100644 --- a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java +++ b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java @@ -159,7 +159,7 @@ public static void postProcessSecurityHook(Request request, Response response, S return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(response.getStatus()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); RXSSOperation rxssOperation = new RXSSOperation(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest(), diff --git a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java index a01ba5d19..d28d5e9a5 100644 --- a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java +++ b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java @@ -163,7 +163,7 @@ public static void postProcessSecurityHook(HttpServletRequest request, HttpServl return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(response.getStatus()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); if(!ServletHelper.isResponseContentTypeExcluded(NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseContentType())) { diff --git a/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java b/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java index 4bdf27aaa..2f4d14e2f 100644 --- a/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java +++ b/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java @@ -41,7 +41,7 @@ protected Response invoke(final Q request) private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api.agent.security.schema.AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java b/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java index 89c1e1352..0a6591b5e 100644 --- a/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java +++ b/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java @@ -40,7 +40,7 @@ protected Q configureRequest(final Q request) private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api.agent.security.schema.AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java b/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java index cc91f86eb..7a60f9f8f 100644 --- a/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java +++ b/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java @@ -53,7 +53,7 @@ public AsyncCommand dispatch(RedisCommand_Instrumentation private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api.agent.security.schema.AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java b/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java index 548d97e90..f7ac22898 100644 --- a/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java +++ b/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java @@ -56,7 +56,7 @@ public AsyncCommand dispatch(RedisCommand_Instrumentation private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api.agent.security.schema.AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/OperationExecutor_Instrumentation.java b/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/OperationExecutor_Instrumentation.java index 9d61a25b1..135ccdfe5 100644 --- a/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/OperationExecutor_Instrumentation.java +++ b/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/OperationExecutor_Instrumentation.java @@ -17,7 +17,7 @@ public abstract class OperationExecutor_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index 3f5ab8fff..7340bde03 100644 --- a/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -89,7 +89,7 @@ public static AbstractOperation recordMongoOperation(List command, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java b/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java index e870106cc..df43e1b6a 100644 --- a/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java +++ b/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java @@ -19,7 +19,7 @@ abstract class OperationExecutor_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api.agent.security.schema.AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index af807e4da..d8b69a1ab 100644 --- a/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -104,7 +104,7 @@ public static AbstractOperation recordMongoOperation(List command, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java b/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java index ed9cb92b6..fb57db62e 100644 --- a/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java +++ b/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java @@ -21,7 +21,7 @@ public abstract class OperationExecutor_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index 6c6b8981d..f56fc1bd8 100644 --- a/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -101,7 +101,7 @@ public static AbstractOperation recordMongoOperation(List command, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java b/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java index 6dd0d1814..c4c4d21b0 100644 --- a/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java +++ b/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java @@ -22,7 +22,7 @@ public abstract class OperationExecutor_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index b0538ef40..97eafe333 100644 --- a/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -89,7 +89,7 @@ public static AbstractOperation recordMongoOperation(List command, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index e0f0fa719..a5138046b 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -89,7 +89,7 @@ private static void postProcessSecurityHook() { return; } ServletHelper.registerUserLevelCode(MuleHelper.LIBRARY_NAME); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index 538370f46..f5c30750c 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -78,7 +78,7 @@ private void postProcessSecurityHook() { return; } ServletHelper.registerUserLevelCode(MuleHelper.LIBRARY_NAME); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index 0045d0f04..f57b8a4a9 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -94,7 +94,7 @@ private static void postProcessSecurityHook() { return; } ServletHelper.registerUserLevelCode(MuleHelper.LIBRARY_NAME); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index 87d71d39d..624e68592 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -79,7 +79,7 @@ private void postProcessSecurityHook() { return; } ServletHelper.registerUserLevelCode(MuleHelper.LIBRARY_NAME); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java b/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java index 0775ffd7c..ebfc2046c 100644 --- a/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java +++ b/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java @@ -63,7 +63,7 @@ private Object evalImpl(final Source src, final ScriptContext ctxt) throws Scrip private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java index 9833b89d7..a2323649e 100644 --- a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java +++ b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java @@ -190,7 +190,7 @@ public static void sendRXSSEvent(ChannelHandlerContext ctx, Object msg, String c return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(((FullHttpResponse) msg).getStatus().code()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java b/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java index 557dfed6e..de46f2e92 100644 --- a/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java +++ b/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java @@ -189,7 +189,7 @@ public static void sendRXSSEvent(ChannelHandlerContext ctx, Object msg, String c return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(((FullHttpResponse) msg).getStatus().code()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java b/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java index 1cf6e8926..f7e16d34a 100644 --- a/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java +++ b/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java @@ -47,7 +47,7 @@ public static AbstractOperation preprocessSecurityHook(String url, String classN public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java b/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java index 776224375..479fe7d1d 100644 --- a/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java +++ b/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java @@ -46,7 +46,7 @@ public static AbstractOperation preprocessSecurityHook(String url, String classN public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java b/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java index eccd82f4a..7c4ae3901 100644 --- a/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java +++ b/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java @@ -46,7 +46,7 @@ public static AbstractOperation preprocessSecurityHook(String url, String classN public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java b/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java index 828fced63..f923f3c1e 100644 --- a/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java +++ b/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java @@ -40,7 +40,7 @@ public void execute(String sql) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java b/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java index dc81f0af2..ef86ede25 100644 --- a/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java +++ b/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java @@ -44,7 +44,7 @@ public static Object doTopCall(Callable callable, Context_Instrumentation cx, Sc private static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java b/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java index 744b94f3d..e66735b75 100644 --- a/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java +++ b/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java @@ -37,7 +37,7 @@ public void parse(String xpath) throws SAXPathException { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java index 05148d40e..4c42b724e 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java @@ -100,7 +100,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java index f4e6a1cea..0049590e8 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java @@ -93,7 +93,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java index 448b91a53..a22b57424 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java @@ -105,7 +105,7 @@ private void postProcessSecurityHook(ServletRequest_Instrumentation request, Ser HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index d8483d4cf..615c1d4be 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -93,7 +93,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index 47283c4e6..52e69a592 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -95,7 +95,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index b4a82c2cb..85a7bc616 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -100,7 +100,7 @@ private void postProcessSecurityHook(ServletRequest_Instrumentation request, Ser HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index 466c60a54..e7734ab36 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -95,7 +95,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index e3d1a8c27..5588ec2f5 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -97,7 +97,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index eac50ff96..406411d68 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -100,7 +100,7 @@ private void postProcessSecurityHook(ServletRequest_Instrumentation request, Ser HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/solr-4.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrServer_Instrumentation.java b/instrumentation-security/solr-4.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrServer_Instrumentation.java index e626554f4..16ecd66d9 100644 --- a/instrumentation-security/solr-4.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrServer_Instrumentation.java +++ b/instrumentation-security/solr-4.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrServer_Instrumentation.java @@ -60,7 +60,7 @@ public NamedList request(final SolrRequest request, ResponseParser proce private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-5.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java b/instrumentation-security/solr-5.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java index 6aa23045d..b56653bb0 100644 --- a/instrumentation-security/solr-5.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java +++ b/instrumentation-security/solr-5.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java @@ -60,7 +60,7 @@ public NamedList request(final SolrRequest request, final ResponseParser private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-5.1.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java b/instrumentation-security/solr-5.1.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java index a05bdfee9..049865f7d 100644 --- a/instrumentation-security/solr-5.1.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java +++ b/instrumentation-security/solr-5.1.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java @@ -60,7 +60,7 @@ public NamedList request(final SolrRequest request, final ResponseParser private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-7.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java b/instrumentation-security/solr-7.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java index 1a4e0c5ae..a05600a71 100644 --- a/instrumentation-security/solr-7.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java +++ b/instrumentation-security/solr-7.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java @@ -30,7 +30,6 @@ import java.util.Collections; import java.util.List; import java.util.Map; -import java.util.logging.Level; @Weave(type = MatchType.ExactClass, originalName = "org.apache.solr.client.solrj.impl.HttpSolrClient") public abstract class HttpSolrClient_Instrumentation { @@ -64,7 +63,7 @@ public NamedList request(@SuppressWarnings({"rawtypes"})final SolrReques private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java b/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java index 297993f3e..0f8001db1 100644 --- a/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java +++ b/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java @@ -63,7 +63,7 @@ public NamedList request(SolrRequest solrRequest, private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java b/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java index 32a7387f9..62cd997e8 100644 --- a/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java +++ b/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java @@ -30,7 +30,6 @@ import java.util.Collections; import java.util.List; import java.util.Map; -import java.util.logging.Level; @Weave(type = MatchType.ExactClass, originalName = "org.apache.solr.client.solrj.impl.HttpSolrClient") public abstract class HttpSolrClient_Instrumentation { @@ -64,7 +63,7 @@ public NamedList request(@SuppressWarnings({"rawtypes"})final SolrReques private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java b/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java index 6f0ccd5ac..f735dbb4b 100644 --- a/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java +++ b/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java @@ -61,7 +61,7 @@ public NamedList request(SolrRequest solrRequest, String collection) private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java b/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java index 7c3b6efcd..72ed91be8 100644 --- a/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java +++ b/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java @@ -30,7 +30,6 @@ import java.util.Collections; import java.util.List; import java.util.Map; -import java.util.logging.Level; @Weave(type = MatchType.ExactClass, originalName = "org.apache.solr.client.solrj.impl.HttpSolrClient") public abstract class HttpSolrClient_Instrumentation { @@ -64,7 +63,7 @@ public NamedList request(@SuppressWarnings({"rawtypes"})final SolrReques private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/spray-can-1.3.1/src/main/scala/spray/can/SprayHttpUtils.java b/instrumentation-security/spray-can-1.3.1/src/main/scala/spray/can/SprayHttpUtils.java index 4061d0379..6dc1a06be 100644 --- a/instrumentation-security/spray-can-1.3.1/src/main/scala/spray/can/SprayHttpUtils.java +++ b/instrumentation-security/spray-can-1.3.1/src/main/scala/spray/can/SprayHttpUtils.java @@ -126,7 +126,7 @@ public static void postProcessSecurityHook(HttpResponse httpResponse, String cla } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpResponse.status().intValue()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/spray-http-1.3.1/src/main/scala/spray/SprayHttpUtils.java b/instrumentation-security/spray-http-1.3.1/src/main/scala/spray/SprayHttpUtils.java index b9091b002..810b00f64 100644 --- a/instrumentation-security/spray-http-1.3.1/src/main/scala/spray/SprayHttpUtils.java +++ b/instrumentation-security/spray-http-1.3.1/src/main/scala/spray/SprayHttpUtils.java @@ -124,7 +124,7 @@ public static void postProcessSecurityHook(HttpResponse httpResponse, String cla return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpResponse.status().intValue()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java b/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java index 272b8fa28..76ca271ac 100644 --- a/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java +++ b/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java @@ -14,7 +14,6 @@ import java.net.URI; import java.util.ArrayList; -import java.util.List; public class SpringWebClientHelper { @@ -59,7 +58,7 @@ public static AbstractOperation preprocessSecurityHook(URI url, HttpMethod metho public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java b/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java index 6c884a5df..fa8ddd3da 100644 --- a/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java +++ b/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java @@ -38,7 +38,7 @@ public static AbstractOperation preprocessSecurityHook(String type, String comma public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java index a4a3e29fc..5e86fa5f3 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java @@ -77,7 +77,7 @@ private void postProcessSecurityHook(HttpExchange exchange) { HttpServerHelper.processHttpResponseHeaders(exchange.getResponseHeaders(), securityResponse); securityResponse.setResponseContentType(HttpServerHelper.getContentType(securityResponse.getHeaders())); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java index f8dbc3530..29c62b4c1 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java @@ -76,7 +76,7 @@ private void postProcessSecurityHook(HttpExchange exchange) { HttpServerHelper.processHttpResponseHeaders(exchange.getResponseHeaders(), securityResponse); securityResponse.setResponseContentType(HttpServerHelper.getContentType(securityResponse.getHeaders())); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java b/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java index aad804015..c22aa3856 100644 --- a/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java +++ b/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java @@ -39,7 +39,7 @@ public SearchResult search(final SearchRequest searchRequest) private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java b/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java index bbbecf480..e3ffbfb16 100644 --- a/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java +++ b/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java @@ -109,7 +109,7 @@ private void addSecurityHeaders(MultiMap headers, AbstractOperation operation) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java b/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java index 466880ce3..3c67ca556 100644 --- a/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java +++ b/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java @@ -110,7 +110,7 @@ private void addSecurityHeaders(MultiMap headers, AbstractOperation operation) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java b/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java index 4500c2582..0a17ff17e 100644 --- a/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java +++ b/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java @@ -72,7 +72,7 @@ public static void addSecurityHeaders(MultiMap headers, AbstractOperation operat public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java b/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java index 596669557..6d271b12c 100644 --- a/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java +++ b/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java @@ -138,7 +138,7 @@ private void addSecurityHeaders(MultiMap headers, AbstractOperation operation) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java b/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java index df24e5043..db1dbaad0 100644 --- a/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java +++ b/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java @@ -45,7 +45,7 @@ public XObject execute(XPathContext var1, Node var2, PrefixResolver var3) throws private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java index 8c3258d10..fbc1f4307 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java @@ -70,6 +70,7 @@ public class AgentConfig { private ScanControllers scanControllers = new ScanControllers(); private AgentConfig(){ + this.agentMode = new AgentMode(); } public long instantiate() throws RestrictionModeException { @@ -133,7 +134,18 @@ public long triggerIAST() throws RestrictionModeException { } private void instantiateAgentMode(String groupName) throws RestrictionModeException { + //Initialise agent mode this.agentMode = new AgentMode(groupName); + try { + readScanSchedule(); + readSkipScan(); + } catch (RestrictionModeException e){ + System.err.println("[NR-CSEC-JA] Error while reading IAST Scan Configuration. Security will be disabled."); + NewRelic.getAgent().getLogger().log(Level.WARNING, "[NR-CSEC-JA] Error while reading IAST Scan Configuration. Security will be disabled. Message : {0}", e.getMessage()); + NewRelic.noticeError(e, Agent.getCustomNoticeErrorParameters(), true); + AgentInfo.getInstance().agentStatTrigger(false); + throw e; + } switch (groupName){ case IAST: readIastConfig(); @@ -152,23 +164,34 @@ private void instantiateAgentMode(String groupName) throws RestrictionModeExcept throw e; } break; + case "IAST_MONITORING": + readIastMonitoringConfig(); + break; default: //this is default case which requires no changes break; } + updateSkipScanParameters(); + logger.log(LogLevel.INFO, String.format("Security Agent Modes and Config : %s", agentMode), AgentConfig.class.getName()); + } + + private void readIastMonitoringConfig() throws RestrictionModeException { try { - readScanSchedule(); - readSkipScan(); - updateSkipScanParameters(); - } catch (RestrictionModeException e){ - System.err.println("[NR-CSEC-JA] Error while reading IAST Scan Configuration. Security will be disabled."); - NewRelic.getAgent().getLogger().log(Level.WARNING, "[NR-CSEC-JA] Error while reading IAST Scan Configuration. Security will be disabled. Message : {0}", e.getMessage()); + this.agentMode.getIastScan().setEnabled(false); + this.agentMode.getRaspScan().setEnabled(false); + this.agentMode.getIastScan().setRestricted(false); + this.agentMode.getIastScan().setMonitoring(true); + this.agentMode.getIastScan().getMonitoringMode().setMaxEventQuota(NewRelic.getAgent().getConfig().getValue(MONITORING_CRITERIA_MAX_EVENT_QUOTA, 100)); + this.agentMode.getIastScan().getMonitoringMode().setEventQuotaTimeDuration(NewRelic.getAgent().getConfig().getValue(MONITORING_CRITERIA_EVENT_QUOTA_PER_TRACE, 360)); + this.agentMode.getIastScan().getMonitoringMode().setRepeat(NewRelic.getAgent().getConfig().getValue(MONITORING_CRITERIA_REPEAT, 0)); + this.agentMode.getSkipScan().getIastDetectionCategory().setRxssEnabled(true); + } catch (ClassCastException | NumberFormatException e){ + System.err.println("[NR-CSEC-JA] Error while reading IAST Monitoring Configuration. Security will be disabled."); + NewRelic.getAgent().getLogger().log(Level.WARNING, "[NR-CSEC-JA] Error while reading IAST Monitoring Configuration. Security will be disabled."); NewRelic.noticeError(e, Agent.getCustomNoticeErrorParameters(), true); - AgentInfo.getInstance().agentStatTrigger(false); - throw e; + throw new RestrictionModeException(INVALID_SECURITY_CONFIGURATION + "for IAST Monitoring " + e.getMessage(), e); } - logger.log(LogLevel.INFO, String.format("Security Agent Modes and Config : %s", agentMode), AgentConfig.class.getName()); } private void readSkipScan() throws RestrictionModeException { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentInfo.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentInfo.java index 6ae37d8f6..0250ec528 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentInfo.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentInfo.java @@ -4,6 +4,7 @@ import com.newrelic.agent.security.instrumentator.utils.AgentUtils; import com.newrelic.agent.security.instrumentator.utils.ApplicationInfoUtils; import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.agent.security.intcodeagent.models.collectorconfig.CollectorConfig; @@ -168,7 +169,7 @@ else if(StringUtils.isBlank(getLinkingMetadata().getOrDefault(INRSettingsKey.AGE else if (!AgentConfig.getInstance().isNRSecurityEnabled()) { logger.log(LogLevel.WARNING, "NewRelic security Agent INACTIVE!!! since security config is disabled.", AgentInfo.class.getName()); state = false; - } else if (!WSUtils.isConnected()) { + } else if (!ConnectionFactory.getInstance().getSecurityConnection().isConnected()) { logger.log(LogLevel.WARNING, "NewRelic security Agent INACTIVE!!! Can't connect with Security Engine.", AgentInfo.class.getName()); state = false; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java index 79a2100db..a968fef92 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java @@ -109,7 +109,7 @@ public Dispatcher(ExitEventBean exitEventBean) { public Object call() throws Exception { try { if (this.exitEventBean != null) { - EventSendPool.getInstance().sendEvent(exitEventBean); + EventSendPool.getInstance().sendEvent(exitEventBean, "postExitEvent"); return null; } if (!firstEventSent.get()) { @@ -331,8 +331,7 @@ public boolean isPrimitiveType(Class clazz) { private JavaAgentEventBean processFileOperationEvent(JavaAgentEventBean eventBean, FileOperation fileOperationalBean) { prepareFileEvent(eventBean, fileOperationalBean); String URL = StringUtils.substringBefore(securityMetaData.getRequest().getUrl(), QUESTION_CHAR); - if (!(AgentUtils.getInstance().getAgentPolicy().getVulnerabilityScan().getEnabled() - && AgentUtils.getInstance().getAgentPolicy().getVulnerabilityScan().getIastScan().getEnabled()) && allowedExtensionFileIO(eventBean.getParameters(), eventBean.getSourceMethod(), URL)) { + if (allowedExtensionFileIO(eventBean.getParameters(), eventBean.getSourceMethod(), URL)) { // Event is bypassed. Drop it. return null; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java index 31ebfa7a7..a1590f96e 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java @@ -3,6 +3,8 @@ import com.newrelic.agent.security.AgentConfig; import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.util.IUtilConstants; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -58,12 +60,12 @@ private void task() { return; } - if (!WSClient.getInstance().isOpen()) { - logger.log(LogLevel.FINER, "IAST request processing deactivated due to websocket connection status.", IASTDataTransferRequestProcessor.class.getName()); + if (!ConnectionFactory.getInstance().getSecurityConnection().isConnected()) { + logger.log(LogLevel.FINER, "IAST request processing deactivated due to SE connection status.", IASTDataTransferRequestProcessor.class.getName()); return; } - if(WSUtils.getInstance().isReconnecting()) { + if(ConnectionFactory.getInstance().getSecurityConnection().isReconnecting()) { logger.log(LogLevel.FINER, "IAST request processing deactivated due to SE requested for reconnection..", IASTDataTransferRequestProcessor.class.getName()); return; } @@ -118,7 +120,8 @@ private void task() { pendingRequestIds.addAll(RestRequestThreadPool.getInstance().getPendingIds()); pendingRequestIds.addAll(GrpcClientRequestReplayHelper.getInstance().getPendingIds()); request.setPendingRequestIds(pendingRequestIds); - WSClient.getInstance().send(request.toString()); +// WSClient.getInstance().send(request.toString()); + SecurityClient.getInstance().send(request, "postAny"); } } catch (Throwable e) { logger.log(LogLevel.SEVERE, String.format(UNABLE_TO_SEND_IAST_DATA_REQUEST_DUE_TO_ERROR_S_S, e.toString(), e.getCause().toString()), this.getClass().getName()); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/MonitorGrpcFuzzFailRequestQueueThread.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/MonitorGrpcFuzzFailRequestQueueThread.java index 16473fd75..5b2b61e5d 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/MonitorGrpcFuzzFailRequestQueueThread.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/MonitorGrpcFuzzFailRequestQueueThread.java @@ -23,7 +23,7 @@ public void run() { FuzzRequestBean request = (FuzzRequestBean) fuzzFailMap.keySet().toArray()[0]; FuzzFailEvent fuzzFailEvent = new FuzzFailEvent(); fuzzFailEvent.setFuzzHeader(request.getHeaders().get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID)); - EventSendPool.getInstance().sendEvent(fuzzFailEvent); + EventSendPool.getInstance().sendEvent(fuzzFailEvent, "postFuzzFailEvent"); } catch (InterruptedException e) { } finally { future = commonExecutor.submit(runnable); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/AgentUtils.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/AgentUtils.java index a08ba5e68..d1cf91c50 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/AgentUtils.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/AgentUtils.java @@ -2,6 +2,7 @@ import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.httpclient.IASTDataTransferRequestProcessor; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; import com.newrelic.agent.security.intcodeagent.constants.AgentServices; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.websocket.WSUtils; @@ -399,9 +400,10 @@ public boolean applyPolicyOverrideIfApplicable() { logger.log(LogLevel.INFO, String.format(NR_POLICY_OVER_RIDE_IN_PLACE_UPDATED_POLICY_S, JsonConverter.toJSON(AgentUtils.getInstance().getAgentPolicy())), AgentUtils.class.getName()); try { - WSClient.getInstance().send(JsonConverter.toJSON(AgentUtils.getInstance().getAgentPolicy())); +// WSClient.getInstance().send(JsonConverter.toJSON(AgentUtils.getInstance().getAgentPolicy())); +// SecurityClient.getInstance().postAny(AgentUtils.getInstance().getAgentPolicy()); AgentUtils.getInstance().getStatusLogValues().put(POLICY_VERSION, AgentUtils.getInstance().getAgentPolicy().getVersion()); - EventSendPool.getInstance().sendEvent(AgentInfo.getInstance().getApplicationInfo()); + EventSendPool.getInstance().sendEvent(AgentInfo.getInstance().getApplicationInfo(), "postApplicationInfo"); return true; } catch (Throwable e) { logger.log(LogLevel.SEVERE, String.format(ERROR_WHILE_SENDING_UPDATED_POLICY_TO_REMOTE_S_S, e.getMessage(), e.getCause()), AgentUtils.class.getName()); @@ -426,7 +428,7 @@ public static boolean applyPolicy(AgentPolicy newPolicy) { logger.logInit(LogLevel.INFO, String.format(IAgentConstants.AGENT_POLICY_APPLIED_S, JsonConverter.toJSON(AgentUtils.getInstance().getAgentPolicy())), AgentUtils.class.getName()); AgentUtils.getInstance().getStatusLogValues().put(POLICY_VERSION, AgentUtils.getInstance().getAgentPolicy().getVersion()); - EventSendPool.getInstance().sendEvent(AgentInfo.getInstance().getApplicationInfo()); + EventSendPool.getInstance().sendEvent(AgentInfo.getInstance().getApplicationInfo(), "postApplicationInfo"); return true; } catch (Throwable e) { @@ -659,6 +661,6 @@ public static void sendApplicationURLMappings() { ApplicationURLMappings applicationURLMappings = new ApplicationURLMappings(URLMappingsHelper.getApplicationURLMappings()); applicationURLMappings.setApplicationUUID(AgentInfo.getInstance().getApplicationUUID()); logger.logInit(LogLevel.INFO, String.format("Collected application url mappings %s", applicationURLMappings), Agent.class.getName()); - EventSendPool.getInstance().sendEvent(applicationURLMappings); + EventSendPool.getInstance().sendEvent(applicationURLMappings, "postApplicationURLMappings"); } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java index dc6f5914c..f8b80bd21 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java @@ -104,49 +104,6 @@ private static String convertByteArrayToHexString(byte[] arrayBytes) { return stringBuffer.toString(); } - public static void updateShaAndSize(DeployedApplication deployedApplication) { - File deplyementDirFile = new File(deployedApplication.getDeployedPath()); - if (StringUtils.isBlank(deployedApplication.getDeployedPath())) { - logger.log(LogLevel.WARNING, "Empty deployed path detected. Not calculating SHA256 & size.", HashGenerator.class.getName()); - return; - } - if (deplyementDirFile.isFile()) { - deployedApplication.setSha256(getChecksum(deplyementDirFile)); - deployedApplication.setSize(FileUtils.byteCountToDisplaySize(FileUtils.sizeOf(deplyementDirFile))); - } else { - deployedApplication.setSha256(getSHA256ForDirectory(deplyementDirFile.getAbsolutePath())); - deployedApplication.setSize(FileUtils.byteCountToDisplaySize(FileUtils.sizeOfDirectory(deplyementDirFile))); - } - } - - public static String getSHA256ForDirectory(String file) { - try { - File dir = new File(file); - if (dir.isDirectory()) { - List sha256s = new ArrayList<>(); - Collection allFiles = FileUtils.listFiles(dir, TrueFileFilter.INSTANCE, TrueFileFilter.INSTANCE); - List sortedFiles = new ArrayList<>(allFiles); - Collections.sort(sortedFiles); - for (File tempFile : sortedFiles) { - String extension = FilenameUtils.getExtension(tempFile.getName()); - if (OTHER_CRITICAL_FILE_EXT.contains(extension) - || JAVA_APPLICATION_ALLOWED_FILE_EXT.contains(extension)) { - sha256s.add(getChecksum(tempFile)); - } - } - return getSHA256HexDigest(sha256s); - } - } catch (Exception e) { - logger.log(LogLevel.SEVERE, ERROR, e, HashGenerator.class.getName()); - } - return null; - } - - public static String getSHA256HexDigest(List data) { - data.removeAll(Collections.singletonList(null)); - String input = StringUtils.join(data); - return getChecksum(input); - } public static String getSHA256HexDigest(String data) { String input = StringUtils.join(data); return getChecksum(input); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/InstrumentationUtils.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/InstrumentationUtils.java index e7c8017b3..4c92f5bd9 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/InstrumentationUtils.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/InstrumentationUtils.java @@ -3,6 +3,7 @@ import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.dispatcher.DispatcherPool; import com.newrelic.agent.security.instrumentator.os.OsVariablesInstance; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.controlcommand.ControlCommandProcessorThreadPool; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.schedulers.FileCleaner; @@ -58,7 +59,7 @@ public static void shutdownLogic() { ShutDownEvent shutDownEvent = new ShutDownEvent(); shutDownEvent.setApplicationUUID(AgentInfo.getInstance().getApplicationUUID()); shutDownEvent.setStatus(IAgentConstants.TERMINATING); - EventSendPool.getInstance().sendEvent(shutDownEvent); + EventSendPool.getInstance().sendEvent(shutDownEvent, "postShutDown"); logger.log(LogLevel.INFO, IAgentConstants.SHUTTING_DOWN_WITH_STATUS + shutDownEvent, InstrumentationUtils.class.getName()); TimeUnit.SECONDS.sleep(1); } catch (Throwable e) { @@ -66,7 +67,7 @@ public static void shutdownLogic() { InstrumentationUtils.class.getName()); } try { - WSClient.getInstance().close(); + ConnectionFactory.getInstance().getSecurityConnection().close("IAST agent shutting down"); } catch (Throwable e) { } try { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java index 5e2d549a4..00f7317d0 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java @@ -187,22 +187,14 @@ private HttpContext createContext() { return proxyManager.updateContext(HttpClientContext.create()); } - public ReadResult execute(String api, List pathParams, Map queryParams, + public ReadResult execute(RequestLayout requestLayout, List pathParams, Map queryParams, Map headers, byte[] body) throws IOException, URISyntaxException { - RequestLayout requestLayout = null; - try { - requestLayout = getRequestConfigurations(api); - } catch (ApacheHttpExceptionWrapper e) { - logger.log(LogLevel.WARNING, "Error while getting request configurations for API: " + api, ApacheHttpClientWrapper.class.getName()); - logger.postLogMessageIfNecessary(LogLevel.WARNING, "Error while getting request configurations for API: " + api, e, ApacheHttpClientWrapper.class.getName()); - return null; - } HttpUriRequest request; try { request = buildHttpRequest(requestLayout, pathParams, queryParams, headers, body); } catch (ApacheHttpExceptionWrapper e) { - logger.log(LogLevel.WARNING, "Error while building request for API: " + api + "with content requestLayout : " + requestLayout +" pathParams: "+ pathParams+" queryParams: "+ queryParams+" headers: "+ headers+" body: "+ Arrays.toString(body), ApacheHttpClientWrapper.class.getName()); - logger.postLogMessageIfNecessary(LogLevel.WARNING, "Error while building request for API: " + api + "with content requestLayout : " + requestLayout +" pathParams: "+ pathParams+" queryParams: "+ queryParams+" headers: "+ headers+" body: "+ Arrays.toString(body), e, ApacheHttpClientWrapper.class.getName()); + logger.log(LogLevel.WARNING, "Error while building request for API: " + requestLayout.getApi() + "with content requestLayout : " + requestLayout +" pathParams: "+ pathParams+" queryParams: "+ queryParams+" headers: "+ headers+" body: "+ Arrays.toString(body), ApacheHttpClientWrapper.class.getName()); + logger.postLogMessageIfNecessary(LogLevel.WARNING, "Error while building request for API: " + requestLayout.getApi() + "with content requestLayout : " + requestLayout +" pathParams: "+ pathParams+" queryParams: "+ queryParams+" headers: "+ headers+" body: "+ Arrays.toString(body), e, ApacheHttpClientWrapper.class.getName()); return null; } logger.log(LogLevel.FINEST, "Executing request: " + request, ApacheHttpClientWrapper.class.getName()); @@ -292,7 +284,9 @@ private HttpUriRequest buildHttpRequest(RequestLayout requestLayout, List quer return builder.build(); } - private RequestLayout getRequestConfigurations(String api) throws ApacheHttpExceptionWrapper { - if(StringUtils.isBlank(api)){ - throw new ApacheHttpExceptionWrapper("Unsupported API"); - } - return CommunicationApis.get(api); - } - private ReadResult mapResponseToResult(HttpResponse response) throws IOException, ApacheHttpExceptionWrapper { StatusLine statusLine = response.getStatusLine(); if (statusLine == null) { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpExceptionWrapper.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpExceptionWrapper.java index 8a267aa33..2239683e1 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpExceptionWrapper.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpExceptionWrapper.java @@ -1,6 +1,8 @@ package com.newrelic.agent.security.intcodeagent.apache.httpclient; -public class ApacheHttpExceptionWrapper extends Exception { +import com.newrelic.api.agent.security.utils.ConnectionException; + +public class ApacheHttpExceptionWrapper extends ConnectionException { public ApacheHttpExceptionWrapper(String message) { super(message); } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheProxyManager.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheProxyManager.java index 23b818a18..d9e8817e1 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheProxyManager.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheProxyManager.java @@ -1,6 +1,7 @@ package com.newrelic.agent.security.intcodeagent.apache.httpclient; -import com.newrelic.api.agent.Logger; +import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.api.agent.security.utils.logging.LogLevel; import org.apache.http.HttpHost; import org.apache.http.auth.AuthScope; import org.apache.http.auth.Credentials; @@ -16,13 +17,11 @@ public class ApacheProxyManager { private final HttpHost proxy; private final Credentials proxyCredentials; - private final Logger logger; - - public ApacheProxyManager(String proxyHost, Integer proxyPort, String proxyScheme, String proxyUser, String proxyPassword, Logger logger) { - this.logger = logger; + private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); + public ApacheProxyManager(String proxyHost, Integer proxyPort, String proxyScheme, String proxyUser, String proxyPassword) { if (proxyHost != null && proxyPort != null) { - logger.log(Level.FINE, MessageFormat.format("Using proxy host {0}:{1}", proxyHost, Integer.toString(proxyPort))); + logger.log(LogLevel.FINE, MessageFormat.format("Using proxy host {0}:{1}", proxyHost, Integer.toString(proxyPort)), ApacheProxyManager.class.getName()); proxy = new HttpHost(proxyHost, proxyPort, proxyScheme); proxyCredentials = getProxyCredentials(proxyUser, proxyPassword); } else { @@ -33,7 +32,7 @@ public ApacheProxyManager(String proxyHost, Integer proxyPort, String proxySchem private Credentials getProxyCredentials(final String proxyUser, final String proxyPass) { if (proxyUser != null && proxyPass != null) { - logger.log(Level.INFO, MessageFormat.format("Setting Proxy Authenticator for user {0}", proxyUser)); + logger.log(LogLevel.INFO, MessageFormat.format("Setting Proxy Authenticator for user {0}", proxyUser), ApacheProxyManager.class.getName()); return new UsernamePasswordCredentials(proxyUser, proxyPass); } return null; diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java index b5da47524..f71cfc43e 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java @@ -9,17 +9,35 @@ public class CommunicationApis { public static final String GET_POLICY = "getPolicy"; + public static final String POST_EVENT = "postEvent"; + public static final String POST_HEALTH_CHECK = "postHealthCheck"; + public static final String GET_HEALTH_CHECK = "getHealthCheck"; + public static final String POST_IAST_DATA_REQUEST = "postIastDataRequest"; + public static final String POST_APPLICATION_INFO = "postApplicationInfo"; + public static final String POST_CRITICAL_MESSAGE = "postCriticalMessage"; + public static final String PING = "ping"; + + public static final String POS_ANY = "postAny"; public static final Map REQUEST_CONFIG = Collections.unmodifiableMap( new HashMap() {{ - put(GET_POLICY, new RequestLayout(GET_POLICY)); + put(GET_POLICY, new RequestLayout(GET_POLICY, "GET", "/v1/policies", "application/json", "utf-8")); + put(POST_EVENT, new RequestLayout(POST_EVENT, "POST", "/v1/events", "application/json", "gzip")); + put(POST_HEALTH_CHECK, new RequestLayout(POST_HEALTH_CHECK, "POST", "/v1/healthcheck", "application/json", "gzip")); + put(GET_HEALTH_CHECK, new RequestLayout(GET_HEALTH_CHECK, "GET", "/v1/healthcheck", "application/json", "utf-8")); + put(POST_IAST_DATA_REQUEST, new RequestLayout(POST_IAST_DATA_REQUEST, "POST", "/v1/iast/data-request", "application/json", "gzip")); + put(POST_APPLICATION_INFO, new RequestLayout(POST_APPLICATION_INFO, "POST", "/v1/application-info", "application/json", "gzip")); + put(POST_CRITICAL_MESSAGE, new RequestLayout(POST_CRITICAL_MESSAGE, "POST", "/v1/critical-message", "application/json", "gzip")); + put(PING, new RequestLayout(PING, "GET", "/v1/ping", "application/json", "utf-8")); + + put(POS_ANY, new RequestLayout(POS_ANY, "POST", "/v1/any", "application/json", "utf-8")); }} ); public static RequestLayout get(String api) { RequestLayout result = REQUEST_CONFIG.get(api); if(result == null) { - //TODO throw exception + throw new IllegalArgumentException("Unknown API: " + api); } return result; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ReconnectionST.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ReconnectionST.java new file mode 100644 index 000000000..a5c185e42 --- /dev/null +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ReconnectionST.java @@ -0,0 +1,81 @@ +package com.newrelic.agent.security.intcodeagent.apache.httpclient; + +import com.newrelic.agent.security.AgentInfo; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; +import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.agent.security.intcodeagent.utils.CommonUtils; +import com.newrelic.api.agent.security.utils.logging.LogLevel; + +import java.util.concurrent.*; +import java.util.concurrent.atomic.AtomicInteger; + +public class ReconnectionST { + + private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); + + private static ScheduledExecutorService scheduledService; + + private ScheduledFuture futureTask; + + private static class InstanceHolder { + private static final ReconnectionST INSTANCE = new ReconnectionST(); + } + + public static ReconnectionST getInstance() { + return InstanceHolder.INSTANCE; + } + + private ReconnectionST() { + instantiateScheduler(); + } + + private Runnable runnable = new Runnable() { + @Override + public void run() { + try { + AgentInfo.getInstance().getJaHealthCheck().getSchedulerRuns().incrementWebsocketReconnector(); + if (!SecurityClient.getInstance().isConnected()) { + logger.log(LogLevel.INFO, "Http is marked disconnected, reconnecting ...", ReconnectionST.class.getName()); + ConnectionFactory.getInstance().getSecurityConnection().ping(); + } + } catch (Throwable t){ + logger.log(LogLevel.SEVERE, "Error while Http reconnection : " + t.getMessage() + " : " + t.getCause(), ReconnectionST.class.getName()); + logger.log(LogLevel.FINER, "Error while Http reconnection", t, ReconnectionST.class.getName()); + logger.postLogMessageIfNecessary(LogLevel.SEVERE, "Error while Http reconnection : " + t.getMessage() + " : " + t.getCause(), t, ReconnectionST.class.getName()); + } finally { + submitNewTaskSchedule(); + } + } + }; + + private void instantiateScheduler() { + scheduledService = Executors.newSingleThreadScheduledExecutor(new ThreadFactory() { + private final AtomicInteger threadNumber = new AtomicInteger(1); + + @Override + public Thread newThread(Runnable r) { + return new Thread(Thread.currentThread().getThreadGroup(), r, + "HttpReconnectionST_" + threadNumber.getAndIncrement()); + } + }); + } + + public void submitNewTaskSchedule() { + int delay = CommonUtils.generateSecureRandomBetween(5, 15); + futureTask = scheduledService.schedule(runnable, delay, TimeUnit.SECONDS); + } + + public void cancelTask() { + if(futureTask != null) { + futureTask.cancel(false); + } + } + + public void shutdown() { + if(scheduledService != null) { + scheduledService.shutdown(); + } + } + + +} diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/SecurityClient.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/SecurityClient.java new file mode 100644 index 000000000..1871eb40f --- /dev/null +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/SecurityClient.java @@ -0,0 +1,218 @@ +package com.newrelic.agent.security.intcodeagent.apache.httpclient; + +import com.newrelic.agent.security.AgentConfig; +import com.newrelic.agent.security.AgentInfo; +import com.newrelic.agent.security.instrumentator.dispatcher.DispatcherPool; +import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; +import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey; +import com.newrelic.agent.security.intcodeagent.websocket.EventSendPool; +import com.newrelic.agent.security.intcodeagent.websocket.EventSender; +import com.newrelic.api.agent.security.instrumentation.helpers.GrpcClientRequestReplayHelper; +import com.newrelic.api.agent.security.utils.ConnectionException; +import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.agent.security.util.IUtilConstants; +import com.newrelic.api.agent.NewRelic; +import com.newrelic.api.agent.security.schema.http.ReadResult; +import com.newrelic.api.agent.security.schema.http.RequestLayout; +import com.newrelic.api.agent.security.utils.SecurityConnection; +import com.newrelic.api.agent.security.utils.logging.LogLevel; +import org.apache.commons.lang3.StringUtils; +import org.json.simple.JSONStreamAware; +import org.json.simple.JSONValue; + +import javax.net.ssl.SSLContext; +import java.io.*; +import java.lang.management.ManagementFactory; +import java.net.URISyntaxException; +import java.nio.charset.StandardCharsets; +import java.util.HashMap; +import java.util.Map; +import java.util.zip.Deflater; +import java.util.zip.DeflaterOutputStream; +import java.util.zip.GZIPOutputStream; + +public class SecurityClient implements SecurityConnection { + + private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); + private ApacheHttpClientWrapper httpClient; + private boolean connected = false; + private final Map headers = new HashMap<>(); + private final String URL = NewRelic.getAgent().getConfig().getValue("security.validator_service_url", "wss://csec.nr-data.net"); + + public static final String DEFLATE_ENCODING = "deflate"; + public static final String GZIP_ENCODING = "gzip"; + private static final int COMPRESSION_LEVEL = Deflater.DEFAULT_COMPRESSION; + + public static final String PROXY_HOST = "proxy_host"; + public static final String PROXY_PASS = "proxy_password"; + public static final String PROXY_PORT = "proxy_port"; + public static final String PROXY_SCHEME = "proxy_scheme"; + public static final String PROXY_USER = "proxy_user"; + + public static final ReadResult unsupportedContent = new ReadResult(500, "Unsupported content type"); + private boolean reconnecting = false; + + private SecurityClient() { + SSLContext sslContext = ApacheSSLManager.createSSLContext(NewRelic.getAgent().getConfig().getValue(IUtilConstants.NR_SECURITY_CA_BUNDLE_PATH)); + String proxyHost = NewRelic.getAgent().getConfig().getValue(PROXY_HOST, null); + Integer proxyPort = NewRelic.getAgent().getConfig().getValue(PROXY_PORT, 8080); + String proxyScheme = NewRelic.getAgent().getConfig().getValue(PROXY_SCHEME, "https"); + String proxyUser = NewRelic.getAgent().getConfig().getValue(PROXY_USER, null); + String proxyPass = NewRelic.getAgent().getConfig().getValue(PROXY_PASS, null); + ApacheProxyManager proxyManager = new ApacheProxyManager( + proxyHost, proxyPort, proxyScheme, + proxyUser, proxyPass); + setConnectionHeaders(); + httpClient = new ApacheHttpClientWrapper(proxyManager, sslContext, 30000); + } + + private void setConnectionHeaders() { + this.headers.put("NR-CSEC-CONNECTION-TYPE", "LANGUAGE_COLLECTOR"); + this.headers.put("NR-AGENT-RUN-TOKEN", AgentInfo.getInstance().getLinkingMetadata().getOrDefault(INRSettingsKey.AGENT_RUN_ID_LINKING_METADATA, StringUtils.EMPTY)); + this.headers.put("NR-CSEC-ENTITY-GUID", AgentInfo.getInstance().getLinkingMetadata().getOrDefault(INRSettingsKey.NR_ENTITY_GUID, StringUtils.EMPTY)); + this.headers.put("NR-CSEC-ENTITY-NAME", AgentInfo.getInstance().getLinkingMetadata().getOrDefault(INRSettingsKey.ENTITY_NAME, StringUtils.EMPTY)); + this.headers.put("NR-LICENSE-KEY", AgentConfig.getInstance().getConfig().getCustomerInfo().getApiAccessorToken()); + this.headers.put("NR-CSEC-VERSION", AgentInfo.getInstance().getBuildInfo().getCollectorVersion()); + this.headers.put("NR-CSEC-COLLECTOR-TYPE", "JAVA"); + this.headers.put("NR-CSEC-BUILD-NUMBER", AgentInfo.getInstance().getBuildInfo().getBuildNumber()); + this.headers.put("NR-CSEC-MODE", AgentConfig.getInstance().getGroupName()); + this.headers.put("NR-CSEC-APP-UUID", AgentInfo.getInstance().getApplicationUUID()); + this.headers.put("NR-CSEC-JSON-VERSION", AgentInfo.getInstance().getBuildInfo().getJsonVersion()); + this.headers.put("NR-ACCOUNT-ID", AgentConfig.getInstance().getConfig().getCustomerInfo().getAccountId()); + this.headers.put("NR-CSEC-IAST-DATA-TRANSFER-MODE", "PULL"); + this.headers.put("NR-CSEC-IGNORED-VUL-CATEGORIES", AgentConfig.getInstance().getAgentMode().getSkipScan().getIastDetectionCategory().getDisabledCategoriesCSV()); + this.headers.put("NR-CSEC-PROCESS-START-TIME", String.valueOf(ManagementFactory.getRuntimeMXBean().getStartTime())); + this.headers.put("NR-CSEC-IAST-TEST-IDENTIFIER", AgentConfig.getInstance().getScanControllers().getIastTestIdentifier()); + this.headers.put("NR-CSEC-IAST-SCAN-INSTANCE-COUNT", String.valueOf(AgentConfig.getInstance().getScanControllers().getScanInstanceCount())); + } + + private static final class InstanceHolder { + static final SecurityClient instance = new SecurityClient(); + } + + public static SecurityClient getInstance() { + return InstanceHolder.instance; + } + + public void setConnected(boolean connected) { + this.connected = connected; + AgentInfo.getInstance().agentStatTrigger(false); + } + + public boolean isConnected() { + return this.connected; + } + + @Override + public boolean isReconnecting() { + return this.reconnecting; + } + + @Override + public void setReconnecting(boolean isReconnecting) { + this.reconnecting = isReconnecting; + } + + @Override + public ReadResult send(Object message, String api) throws ConnectionException { + if(message instanceof JSONStreamAware) { + return send((JSONStreamAware) message, api); + } else { + logger.log(LogLevel.WARNING, String.format("Unsupported message type %s", message.getClass().getName()), ApacheHttpClientWrapper.class.getName()); + logger.log(LogLevel.FINEST, String.format("Unsupported message type %s : %s", message.getClass().getName(), message), ApacheHttpClientWrapper.class.getName()); + return unsupportedContent; + } + } + + public ReadResult send(JSONStreamAware message, String api) throws ApacheHttpExceptionWrapper { + RequestLayout requestLayout = null; + try { + requestLayout = getRequestConfigurations(api); + requestLayout.setEndpoint(URL); + logger.log(LogLevel.FINEST, "Request configurations for API: " + api + " : " + requestLayout.getPath() + " body : "+message, ApacheHttpClientWrapper.class.getName()); + } catch (Exception e){ + logger.log(LogLevel.WARNING, "Error while getting request configurations for API: " + api, ApacheHttpClientWrapper.class.getName()); + logger.postLogMessageIfNecessary(LogLevel.WARNING, "Error while getting request configurations for API: " + api, e, ApacheHttpClientWrapper.class.getName()); + return null; + } + try { + byte[] body = null; + if(message != null) { + body = writeData(requestLayout.getContentEncoding(), message); + } + ReadResult result = httpClient.execute(requestLayout, null, null, headers, body); + logger.log(LogLevel.FINEST, "Response from " + api + ": " + result.getStatusCode() + " body: "+result.getResponseBody(), ApacheHttpClientWrapper.class.getName()); + return result; + } catch (Exception e) { + throw new ApacheHttpExceptionWrapper(e.getMessage(), e); + } + } + + @Override + public void close(String message) { + cleanIASTState(); + httpClient.shutdown(); + } + + private static void cleanIASTState() { + RestRequestThreadPool.getInstance().resetIASTProcessing(); + GrpcClientRequestReplayHelper.getInstance().resetIASTProcessing(); + RestRequestThreadPool.getInstance().getRejectedIds().clear(); + GrpcClientRequestReplayHelper.getInstance().getRejectedIds().clear(); + DispatcherPool.getInstance().reset(); + EventSendPool.getInstance().reset(); + } + + @Override + public void ping() { + try { + ReadResult result = send((JSONStreamAware) null, "ping"); + if(result != null && result.getStatusCode() == 200) { + setConnected(true); + setReconnecting(false); + } else { + setConnected(false); + setReconnecting(true); + ReconnectionST.getInstance().cancelTask(); + ReconnectionST.getInstance().submitNewTaskSchedule(); + } + } catch (ConnectionException e) { + logger.log(LogLevel.SEVERE, "Error while pinging the security service: "+ e.getMessage(), ApacheHttpClientWrapper.class.getName()); + logger.log(LogLevel.FINEST, "Error while pinging the security service: ", e, ApacheHttpClientWrapper.class.getName()); + setConnected(false); + } + } + + public String getURL() { + return URL; + } + + private RequestLayout getRequestConfigurations(String api) throws ApacheHttpExceptionWrapper { + if(StringUtils.isBlank(api)){ + throw new ApacheHttpExceptionWrapper("Unsupported API"); + } + return CommunicationApis.get(api); + } + + private byte[] writeData(String encoding, JSONStreamAware params) throws IOException { + ByteArrayOutputStream outStream = new ByteArrayOutputStream(); + try ( + OutputStream os = getOutputStream(outStream, encoding); + Writer out = new OutputStreamWriter(os, StandardCharsets.UTF_8); + ) { + JSONValue.writeJSONString(params, out); + out.flush(); + } + return outStream.toByteArray(); + } + + private OutputStream getOutputStream(OutputStream out, String encoding) throws IOException { + if (DEFLATE_ENCODING.equals(encoding)) { + return new DeflaterOutputStream(out, new Deflater(COMPRESSION_LEVEL)); + } else if (GZIP_ENCODING.equals(encoding)) { + return new GZIPOutputStream(out); + } else { + return out; + } + } +} diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/communication/ConnectionFactory.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/communication/ConnectionFactory.java new file mode 100644 index 000000000..1383ca6ea --- /dev/null +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/communication/ConnectionFactory.java @@ -0,0 +1,68 @@ +package com.newrelic.agent.security.intcodeagent.communication; + +import com.newrelic.agent.security.AgentConfig; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; +import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.agent.security.intcodeagent.websocket.WSClient; +import com.newrelic.agent.security.intcodeagent.websocket.WSReconnectionST; +import com.newrelic.api.agent.NewRelic; +import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.utils.SecurityConnection; +import com.newrelic.api.agent.security.utils.logging.LogLevel; + +import java.net.URISyntaxException; + +public class ConnectionFactory { + + private SecurityConnection securityConnection; + + private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); + + private ConnectionFactory() { + /* + Priority Order + 1. Env + 2. Config + 3. Mode + * */ + + String connection = NewRelic.getAgent().getConfig().getValue("security.connection"); + if(StringUtils.isBlank(connection)) { + String mode = AgentConfig.getInstance().getAgentMode().getMode(); + if(StringUtils.equals("IAST_MONITORING", mode)){ + connection = "http"; + } else { + connection = "ws"; + } + } + + if(StringUtils.equals("http", connection)) { + securityConnection = SecurityClient.getInstance(); + } else { + try { + WSReconnectionST.getInstance().submitNewTaskSchedule(0); + securityConnection = WSClient.getInstance(); + } catch (URISyntaxException e) { + logger.log(LogLevel.SEVERE, "Error while creating WSClient", e, ConnectionFactory.class.getName()); + } + } + } + + static class InstanceHolder { + static final ConnectionFactory INSTANCE = new ConnectionFactory(); + } + + public static ConnectionFactory getInstance() { + return InstanceHolder.INSTANCE; + } + + public SecurityConnection getSecurityConnection() { + return securityConnection; + } + + public void setSecurityConnection(SecurityConnection securityConnection) { + this.securityConnection = securityConnection; + } + + +} diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java index e18da9551..0e765a61d 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java @@ -7,6 +7,7 @@ import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; import com.newrelic.agent.security.instrumentator.utils.AgentUtils; import com.newrelic.agent.security.instrumentator.utils.InstrumentationUtils; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.api.agent.NewRelic; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -229,7 +230,7 @@ public void run() { WSUtils.getInstance().setReconnecting(true); //TODO no need for draining IAST since last leg has complete ledger. logger.log(LogLevel.INFO, RECEIVED_WS_RECONNECT_COMMAND_FROM_SERVER_INITIATING_SEQUENCE, this.getClass().getName()); - WSClient.getInstance().close(CloseFrame.SERVICE_RESTART, "Reconnecting to service"); + ConnectionFactory.getInstance().getSecurityConnection().close("Reconnecting to service"); } catch (Throwable e) { logger.log(LogLevel.SEVERE, String.format(ERROR_WHILE_PROCESSING_RECONNECTION_CC_S_S, e.getMessage(), e.getCause()), this.getClass().getName()); logger.log(LogLevel.SEVERE, ERROR_WHILE_PROCESSING_RECONNECTION_CC, e, this.getClass().getName()); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/filelogging/FileLoggerThreadPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/filelogging/FileLoggerThreadPool.java index 7c60edb90..4628686bd 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/filelogging/FileLoggerThreadPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/filelogging/FileLoggerThreadPool.java @@ -188,7 +188,7 @@ private LogMessage postLogMessage(LogLevel logLevel, String messageString, Throw if (logLevel.getLevel() <= LogLevel.WARNING.getLevel()) { AgentUtils.getInstance().addStatusLogMostRecentErrors(JsonConverter.toJSON(message)); } - EventSendPool.getInstance().sendEvent(message); + EventSendPool.getInstance().sendEvent(message, "postCriticalMessage"); return message; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java new file mode 100644 index 000000000..737e46882 --- /dev/null +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java @@ -0,0 +1,162 @@ +package com.newrelic.agent.security.intcodeagent.iast.monitoring; + +import com.newrelic.agent.security.AgentConfig; +import com.newrelic.agent.security.AgentInfo; +import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.agent.security.intcodeagent.schedulers.SchedulerHelper; +import com.newrelic.api.agent.security.NewRelicSecurity; +import com.newrelic.api.agent.security.schema.SecurityMetaData; +import com.newrelic.api.agent.security.utils.logging.LogLevel; +import org.apache.commons.lang3.StringUtils; + +import java.security.SecureRandom; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicInteger; + +public class IastMonitoring { + + private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); + + private final AtomicBoolean harvestActive = new AtomicBoolean(false); + private final AtomicInteger harvestCycleCount = new AtomicInteger(); + private final AtomicInteger remainingHarvestRequests = new AtomicInteger(); + private final AtomicInteger requestHarvested = new AtomicInteger(); + private final AtomicInteger samplerCycle = new AtomicInteger(); + + private final Map harvestedTraceId = new ConcurrentHashMap<>(); + private static final SecureRandom secureRandom = new SecureRandom(); + + + public static boolean transactionSelected() { + int randomNumber = secureRandom.nextInt(5); + return randomNumber == 0; + } + + + private static final class InstanceHolder { + static final IastMonitoring instance = new IastMonitoring(); + } + + private IastMonitoring() { + } + + public static IastMonitoring getInstance() { + return InstanceHolder.instance; + } + + public boolean getHarvestActive() { + return harvestActive.get(); + } + + public void setHarvestActive(boolean harvestActive) { + this.harvestActive.set(harvestActive); + } + + public int getHarvestCycleCount() { + return harvestCycleCount.get(); + } + + public void incrementHarvestCycleCount() { + harvestCycleCount.incrementAndGet(); + } + + public int decrementRemainingHarvestRequests() { + return remainingHarvestRequests.decrementAndGet(); + } + + public void setRemainingHarvestRequests(int remainingHarvestRequests) { + this.remainingHarvestRequests.set(remainingHarvestRequests); + } + + public void setRequestHarvested(int requestHarvested) { + this.requestHarvested.set(requestHarvested); + } + + public int getRequestHarvested() { + return requestHarvested.get(); + } + + public void incrementRequestHarvested() { + requestHarvested.incrementAndGet(); + } + + public int getRemainingHarvestRequests() { + return remainingHarvestRequests.get(); + } + + public Map getHarvestedTraceId() { + return harvestedTraceId; + } + + public int incrementSamplerCycle() { + return samplerCycle.incrementAndGet(); + } + + public int getSamplerCycle() { + return samplerCycle.get(); + } + + public void incrementHarvestedTraceId(String traceId) { + harvestedTraceId.put(traceId, harvestedTraceId.getOrDefault(traceId, 0) + 1); + } + + public static void sampleData() { + if(IastMonitoring.getInstance().getHarvestCycleCount() % 12 == 0){ + IastMonitoring.getInstance().setRemainingHarvestRequests(0); + } + IastMonitoring.getInstance().setHarvestActive(true); + IastMonitoring.getInstance().setRemainingHarvestRequests(IastMonitoring.getInstance().getRemainingHarvestRequests() + 5); + IastMonitoring.getInstance().setRequestHarvested(0); + IastMonitoring.getInstance().incrementHarvestCycleCount(); + logger.log( LogLevel.FINEST, String.format("IAST Monitoring: Sampling of Data Started for cycle %s can harvest %s requests", IastMonitoring.getInstance().getHarvestCycleCount(), IastMonitoring.getInstance().getRemainingHarvestRequests()), IastMonitoring.class.getName()); + } + + public static void resetEventSampler() { + int repeat = AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getRepeat(); + if(repeat != 0 && IastMonitoring.getInstance().getSamplerCycle() > repeat){ + logger.log( LogLevel.INFO, String.format("IAST Monitoring: Sampling of Data shutdown after cycle %s", IastMonitoring.getInstance().getSamplerCycle()), IastMonitoring.class.getName()); + SchedulerHelper.getInstance().shutdownSampling(); + } + + IastMonitoring.getInstance().incrementSamplerCycle(); + IastMonitoring.getInstance().setRemainingHarvestRequests(0); + IastMonitoring.getInstance().getHarvestedTraceId().clear(); + logger.log( LogLevel.FINEST, String.format("IAST Monitoring: Sampling of Data started for sampling cycle %s", IastMonitoring.getInstance().getSamplerCycle()), IastMonitoring.class.getName()); + } + + + public static void collectSampleIfHarvested() { + if(AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().get()) { + + AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().set(false); + NewRelicSecurity.getAgent().getSecurityMetaData().removeCustomAttribute("HARVEST"); + IastMonitoring.getInstance().incrementRequestHarvested(); + int remaining = IastMonitoring.getInstance().decrementRemainingHarvestRequests(); + if(remaining <= 0){ + IastMonitoring.getInstance().setHarvestActive(false); + logger.log(LogLevel.FINEST, "IAST Monitoring: Harvesting Completed", IastMonitoring.class.getName()); + } + logger.log( LogLevel.FINEST, String.format("IAST Monitoring: %s:%s Sample collected", IastMonitoring.getInstance().getHarvestCycleCount(), IastMonitoring.getInstance().getRequestHarvested()), IastMonitoring.class.getName()); + } + } + + public static void registerTraceHarvested(String traceId) { + IastMonitoring.getInstance().incrementHarvestedTraceId(traceId); + } + + public static boolean eventQuotaReached(String traceId) { + return IastMonitoring.getInstance().getHarvestedTraceId().getOrDefault(traceId, 0) + >= AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getMaxEventQuota(); + } + + public static boolean shouldProcessInterception() { + if(AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoring()) { + return IastMonitoring.getInstance().getHarvestActive() && NewRelicSecurity.getAgent().getSecurityMetaData().customAttributeContainsKey("HARVEST") && NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("HARVEST", Boolean.class); + } else { + return true; + } + } + +} diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java index 11e915ef1..69ff1ce8e 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java @@ -7,6 +7,8 @@ import com.newrelic.agent.security.instrumentator.os.OsVariablesInstance; import com.newrelic.agent.security.instrumentator.utils.AgentUtils; import com.newrelic.agent.security.intcodeagent.apache.httpclient.IastHttpClient; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.controlcommand.ControlCommandProcessorThreadPool; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.models.javaagent.ThreadPoolActiveStat; @@ -71,12 +73,12 @@ public void run() { AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementPendingControlCommandsBy(GrpcClientRequestReplayHelper.getInstance().getRequestQueue().size()); AgentUtils.getInstance().addStatusLogMostRecentHCs(AgentInfo.getInstance().getJaHealthCheck().toString()); // channel.write(ByteBuffer.wrap(new JAHealthCheck(AgentNew.JA_HEALTH_CHECK).toString().getBytes())); - if (WSClient.getInstance().isOpen()) { + if (ConnectionFactory.getInstance().getSecurityConnection().isConnected()) { synchronized (AgentInfo.getInstance().getJaHealthCheck()){ sendJaHealthCheck = new JAHealthCheck(AgentInfo.getInstance().getJaHealthCheck()); AgentInfo.getInstance().getJaHealthCheck().reset(); } - WSClient.getInstance().send(JsonConverter.toJSON(sendJaHealthCheck)); + ConnectionFactory.getInstance().getSecurityConnection().send(sendJaHealthCheck, "postAny"); } } catch (NullPointerException ex) { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java index f7ab3430d..a63f0f48f 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java @@ -3,12 +3,15 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.newrelic.agent.security.intcodeagent.websocket.JsonConverter; import org.apache.commons.lang3.StringUtils; +import org.json.simple.JSONStreamAware; +import java.io.IOException; +import java.io.Writer; import java.util.Map; import java.util.Set; @JsonIgnoreProperties(ignoreUnknown = true) -public class IASTDataTransferRequest { +public class IASTDataTransferRequest implements JSONStreamAware { private String jsonName = "iast-data-request"; private String applicationUUID; private String appAccountId; @@ -91,4 +94,9 @@ public String toString() { return StringUtils.EMPTY; } } + + @Override + public void writeJSONString(Writer out) throws IOException { + JsonConverter.writeValue(this, out); + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/AgentBasicInfo.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/AgentBasicInfo.java index c30926d0f..32aca8349 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/AgentBasicInfo.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/AgentBasicInfo.java @@ -5,10 +5,14 @@ import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.utils.AgentUtils; import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey; +import com.newrelic.agent.security.intcodeagent.websocket.JsonConverter; import com.newrelic.api.agent.NewRelic; import com.newrelic.api.agent.TraceMetadata; import org.apache.commons.lang3.StringUtils; +import org.json.simple.JSONStreamAware; +import java.io.IOException; +import java.io.Writer; import java.util.HashMap; import java.util.Map; @@ -18,7 +22,7 @@ /** * The Class AgentBasicInfo. */ -public class AgentBasicInfo { +public class AgentBasicInfo implements JSONStreamAware { private static final String SCAN_COMPONENT_DATA = "scanComponentData"; public static final String FETCH_POLICY = "fetchPolicy"; @@ -271,4 +275,9 @@ public String getApplicationUUID() { public void setApplicationUUID(String applicationUUID) { this.applicationUUID = applicationUUID; } + + @Override + public void writeJSONString(Writer out) throws IOException { + JsonConverter.writeValue(this, out); + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/LogMessage.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/LogMessage.java index 3e7886af7..97b36190f 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/LogMessage.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/LogMessage.java @@ -6,12 +6,15 @@ import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey; import com.newrelic.agent.security.intcodeagent.websocket.JsonConverter; import org.apache.commons.lang3.StringUtils; +import org.json.simple.JSONStreamAware; +import java.io.IOException; +import java.io.Writer; import java.time.Instant; import java.util.Map; @JsonIgnoreProperties(ignoreUnknown = true) -public class LogMessage { +public class LogMessage implements JSONStreamAware { private String jsonName = "critical-messages"; @@ -117,4 +120,9 @@ public void setAppEntityGuid(String appEntityGuid) { public String toString() { return JsonConverter.toJSON(this); } + + @Override + public void writeJSONString(Writer out) throws IOException { + JsonConverter.writeValue(this, out); + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java index 5e1ea25b9..9ceda1d64 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java @@ -1,5 +1,6 @@ package com.newrelic.agent.security.intcodeagent.schedulers; +import com.newrelic.agent.security.AgentConfig; import com.newrelic.agent.security.intcodeagent.filelogging.LogFileHelper; import com.newrelic.agent.security.intcodeagent.logging.IAgentConstants; import com.newrelic.agent.security.util.IUtilConstants; @@ -103,4 +104,27 @@ public void scheduleURLMappingPosting(Runnable runnable) { ScheduledFuture future = commonExecutor.schedule(runnable, 60, TimeUnit.SECONDS); scheduledFutureMap.put(IAgentConstants.JSON_SEC_APPLICATION_URL_MAPPING, future); } + + public void scheduleSampling(Runnable runnable, long initialDelay, long delay, TimeUnit unit) { + if(AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoring()) { + ScheduledFuture future = commonExecutor.scheduleAtFixedRate(runnable, initialDelay, delay, unit); + scheduledFutureMap.put("sampling", future); + } + } + + public void shutdownSampling() { + if(scheduledFutureMap.containsKey("sampling")){ + ScheduledFuture future = scheduledFutureMap.get("sampling"); + future.cancel(false); + future = scheduledFutureMap.get("reset-event-sampler"); + future.cancel(false); + } + } + + public void scheduleResetEventSampler(Runnable runnable, long initialDelay, long delay, TimeUnit unit) { + if(AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoring()) { + ScheduledFuture future = commonExecutor.scheduleAtFixedRate(runnable, initialDelay, delay, unit); + scheduledFutureMap.put("reset-event-sampler", future); + } + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/ConnectionUtils.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/ConnectionUtils.java new file mode 100644 index 000000000..4e6014b0a --- /dev/null +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/ConnectionUtils.java @@ -0,0 +1,13 @@ +package com.newrelic.agent.security.intcodeagent.utils; + +public class ConnectionUtils { + + private ConnectionUtils() { + } + + private static final class InstanceHolder { + static final ConnectionUtils instance = new ConnectionUtils(); + } + + +} diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/RuntimeErrorReporter.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/RuntimeErrorReporter.java index ed6e31310..61348f0bf 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/RuntimeErrorReporter.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/RuntimeErrorReporter.java @@ -36,7 +36,7 @@ public void clearErrors() { public void reportApplicationRuntimeError() { for (ApplicationRuntimeError applicationRuntimeError : errors.values()) { - EventSendPool.getInstance().sendEvent(applicationRuntimeError); + EventSendPool.getInstance().sendEvent(applicationRuntimeError, "postApplicationRuntimeError"); } errors.clear(); } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSendPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSendPool.java index 3da76083b..a42a75680 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSendPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSendPool.java @@ -3,6 +3,7 @@ import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.dispatcher.Dispatcher; import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.CommunicationApis; import com.newrelic.agent.security.intcodeagent.executor.CustomFutureTask; import com.newrelic.agent.security.intcodeagent.executor.CustomThreadPoolExecutor; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; @@ -13,6 +14,7 @@ import com.newrelic.agent.security.util.AgentUsageMetric; import com.newrelic.agent.security.util.IUtilConstants; import com.newrelic.api.agent.security.instrumentation.helpers.GrpcClientRequestReplayHelper; +import org.json.simple.JSONStreamAware; import java.util.concurrent.*; import java.util.concurrent.atomic.AtomicBoolean; @@ -98,12 +100,12 @@ public void sendEvent(JavaAgentEventBean event) { AgentInfo.getInstance().getJaHealthCheck().getEventStats().getDroppedDueTo().incrementRaspProcessingDeactivated(); return; } - executor.submit(new EventSender(event)); + executor.submit(new EventSender(event, CommunicationApis.POST_EVENT)); AgentInfo.getInstance().getJaHealthCheck().getEventStats().getEventSender().incrementSubmitted(); } - public void sendEvent(Object event) { - executor.submit(new EventSender(event)); + public void sendEvent(Object event, String api) { + executor.submit(new EventSender(event, api)); } public static void shutDownPool() { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSender.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSender.java index 889bd35e0..a87f76364 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSender.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSender.java @@ -1,6 +1,10 @@ package com.newrelic.agent.security.intcodeagent.websocket; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.models.javaagent.JavaAgentEventBean; +import com.newrelic.api.agent.security.utils.SecurityConnection; +import org.json.simple.JSONStreamAware; import java.util.concurrent.Callable; @@ -11,6 +15,8 @@ public class EventSender implements Callable { private Object event; + private String api; + public EventSender(String event) { this.event = event; } @@ -23,8 +29,9 @@ public Object getEvent() { return event; } - public EventSender(Object event) { + public EventSender(Object event, String api) { this.event = event; + this.api = api; } /** @@ -38,9 +45,7 @@ public Boolean call() throws Exception { if (event instanceof JavaAgentEventBean) { ((JavaAgentEventBean) event).setEventGenerationTime(System.currentTimeMillis()); } - if(WSUtils.isConnected()) { - WSClient.getInstance().send(JsonConverter.toJSON(event)); - } + ConnectionFactory.getInstance().getSecurityConnection().send(event, api); return true; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/JsonConverter.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/JsonConverter.java index 85f9b9d50..e116e6070 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/JsonConverter.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/JsonConverter.java @@ -1,6 +1,7 @@ package com.newrelic.agent.security.intcodeagent.websocket; import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; @@ -17,6 +18,8 @@ import org.json.simple.JSONArray; import org.json.simple.JSONObject; +import java.io.IOException; +import java.io.Writer; import java.lang.reflect.Field; import java.lang.reflect.Modifier; import java.util.ArrayList; @@ -76,6 +79,16 @@ public static String toJSONObjectMapper(Object obj) { } } + public static void writeValue(Object obj, Writer out) { + try { + JsonGenerator generator = mapper.getFactory().createGenerator(out); + mapper.writeValue(generator, obj); + } catch (IOException e) { + logger.log(LogLevel.SEVERE, "Error writing value", e, JsonConverter.class.getName()); + logger.postLogMessageIfNecessary(LogLevel.SEVERE, "Error writing value", e, JsonConverter.class.getName()); + } + } + public static String toJSONK2Impl(Object obj) { StringBuilder jsonString = new StringBuilder(STR_START_CUELY_BRACKET); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java index 849ab40ee..53ecedc11 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java @@ -11,6 +11,9 @@ import com.newrelic.agent.security.intcodeagent.exceptions.SecurityNoticeError; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.utils.ResourceUtils; +import com.newrelic.api.agent.security.schema.http.ReadResult; +import com.newrelic.api.agent.security.utils.ConnectionException; +import com.newrelic.api.agent.security.utils.SecurityConnection; import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.agent.security.intcodeagent.logging.IAgentConstants; import com.newrelic.agent.security.intcodeagent.utils.CommonUtils; @@ -43,7 +46,7 @@ import java.util.*; import java.util.concurrent.TimeUnit; -public class WSClient extends WebSocketClient { +public class WSClient extends WebSocketClient implements SecurityConnection { private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); public static final String SENDING_EVENT = "sending event: "; @@ -72,6 +75,8 @@ public class WSClient extends WebSocketClient { private WebSocketImpl connection = null; private Map noticeErrorCustomParameters = new HashMap<>(); + private final ReadResult DISCONNECTED = new ReadResult(500, "Disconnected"); + private final ReadResult SUCCESS = new ReadResult(200, "Success"); private SSLContext createSSLContext() throws Exception { @@ -349,7 +354,7 @@ public void onWebsocketPing(WebSocket conn, Framedata f) { * @return the instance * @throws URISyntaxException */ - public static WSClient getInstance() throws URISyntaxException, InterruptedException { + public static WSClient getInstance() throws URISyntaxException { if (instance == null) { instance = new WSClient(); } @@ -391,4 +396,42 @@ public static void shutDownWSClient(boolean clean, int frame, String message) { } } + @Override + public void setConnected(boolean connected) { + WSUtils.getInstance().setConnected(connected); + } + + @Override + public boolean isConnected() { + return WSUtils.getInstance().isConnected(); + } + + @Override + public boolean isReconnecting() { + return WSUtils.getInstance().isReconnecting(); + } + + @Override + public void setReconnecting(boolean isReconnecting) { + WSUtils.getInstance().setReconnecting(isReconnecting); + } + + @Override + public ReadResult send(Object message, String api) throws ConnectionException { + if(!isConnected()){ + return DISCONNECTED; + } + send(message.toString()); + return SUCCESS; + } + + @Override + public void close(String message) { + super.close(CloseFrame.NORMAL, message); + } + + @Override + public void ping() { + super.sendPing(); + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSReconnectionST.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSReconnectionST.java index ce55ac6e2..bac7f65f6 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSReconnectionST.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSReconnectionST.java @@ -1,6 +1,7 @@ package com.newrelic.agent.security.intcodeagent.websocket; import com.newrelic.agent.security.AgentInfo; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.agent.security.intcodeagent.logging.IAgentConstants; @@ -29,7 +30,7 @@ public void run() { AgentInfo.getInstance().getJaHealthCheck().getSchedulerRuns().incrementWebsocketReconnector(); if(!WSClient.getInstance().isOpen() || !WSUtils.isConnected()) { logger.log(LogLevel.INFO, "WS is marked disconnected, reconnecting ...", WSReconnectionST.class.getName()); - WSClient.reconnectWSClient(); + ConnectionFactory.getInstance().setSecurityConnection(WSClient.reconnectWSClient()); } } catch (Throwable e) { logger.log(LogLevel.SEVERE, ERROR_WHILE_WS_RECONNECTION + e.getMessage() + COLON_SEPARATOR + e.getCause(), WSClient.class.getName()); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/util/IUtilConstants.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/util/IUtilConstants.java index 2f08b7b74..52fd1c4bf 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/util/IUtilConstants.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/util/IUtilConstants.java @@ -32,6 +32,10 @@ public interface IUtilConstants { String SKIP_SSRF = SKIP_IAST_SCAN_PARAMETERS_IAST_DETECTION_CATEGORY + ".ssrf"; String SKIP_RXSS = SKIP_IAST_SCAN_PARAMETERS_IAST_DETECTION_CATEGORY + ".rxss"; + String MONITORING_CRITERIA_MAX_EVENT_QUOTA = "security.monitoring_criteria.event_quota_per_trace"; + String MONITORING_CRITERIA_EVENT_QUOTA_PER_TRACE = "security.monitoring_criteria.event_quota_per_trace"; + String MONITORING_CRITERIA_REPEAT = "security.monitoring_criteria.repeat"; + String RESTRICTION_CRITERIA_SCAN_TIME_SCHEDULE = "security.restriction_criteria.scan_time.schedule"; String RESTRICTION_CRITERIA_SCAN_TIME_DURATION = "security.restriction_criteria.scan_time.duration"; String RESTRICTION_CRITERIA = "security.restriction_criteria"; diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index a9b9de952..c23b9ca7b 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -8,6 +8,8 @@ import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; import com.newrelic.agent.security.instrumentator.os.OsVariablesInstance; import com.newrelic.agent.security.instrumentator.utils.*; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.constants.AgentServices; import com.newrelic.agent.security.intcodeagent.constants.HttpStatusCodes; import com.newrelic.agent.security.intcodeagent.controlcommand.ControlCommandProcessor; @@ -15,6 +17,7 @@ import com.newrelic.agent.security.intcodeagent.exceptions.RestrictionModeException; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.filelogging.LogFileHelper; +import com.newrelic.agent.security.intcodeagent.iast.monitoring.IastMonitoring; import com.newrelic.agent.security.intcodeagent.models.javaagent.*; import com.newrelic.agent.security.intcodeagent.utils.*; import com.newrelic.api.agent.security.instrumentation.helpers.*; @@ -255,12 +258,15 @@ private void startSecurityServices() { SchedulerHelper.getInstance().scheduleApplicationRuntimeErrorPosting(RuntimeErrorReporter.getInstance()::reportApplicationRuntimeError, 30 , 30, TimeUnit.SECONDS); SchedulerHelper.getInstance().scheduleDailyLogRollover(LogFileHelper::performDailyRollover); + SchedulerHelper.getInstance().scheduleSampling(IastMonitoring::sampleData, 0, 5, TimeUnit.SECONDS); + SchedulerHelper.getInstance().scheduleResetEventSampler(IastMonitoring::resetEventSampler, 0, + AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getEventQuotaTimeDuration(), TimeUnit.MINUTES); logger.logInit( LogLevel.INFO, String.format(STARTED_MODULE_LOG, AgentServices.HealthCheck.name()), Agent.class.getName() ); - WSReconnectionST.getInstance().submitNewTaskSchedule(0); + ConnectionFactory.getInstance().getSecurityConnection().ping(); EventSendPool.getInstance(); ControlCommandProcessorThreadPool.getInstance(); logger.logInit( @@ -450,6 +456,12 @@ public void registerOperation(AbstractOperation operation) { operation.setUserClassEntity(setUserClassEntity(operation, securityMetaData)); } processStackTrace(operation); + + IastMonitoring.registerTraceHarvested(operation.getApiID()); + if(IastMonitoring.eventQuotaReached(operation.getApiID())){ + return; + } + // boolean blockNeeded = checkIfBlockingNeeded(operation.getApiID()); // securityMetaData.getMetaData().setApiBlocked(blockNeeded); HttpRequest request = securityMetaData.getRequest(); @@ -984,7 +996,7 @@ public void reportIASTScanFailure(SecurityMetaData securityMetaData, String apiI } IASTReplayFailure replayFailure = new IASTReplayFailure(apiId, nrCsecFuzzRequestId, controlCommandId, failureMessage, message); IASTScanFailure scanFailure = new IASTScanFailure(replayFailure, metaData); - EventSendPool.getInstance().sendEvent(scanFailure); + EventSendPool.getInstance().sendEvent(scanFailure, "postScanFailure"); } } @@ -1081,4 +1093,65 @@ public void reportURLMapping() { SchedulerHelper.getInstance().scheduleURLMappingPosting(AgentUtils::sendApplicationURLMappings); } + @Override + public void dispatcherTransactionStarted() { + try { + Transaction transaction = NewRelic.getAgent().getTransaction(); + + startHarvest(transaction); + + if (isInitialised() && NewRelicSecurity.isHookProcessingActive()) { + logger.log(LogLevel.FINEST, "Transaction started with token: " + transaction.getToken().toString(), Agent.class.getName()); + } + } catch (Exception e){ + logger.log(LogLevel.FINEST, "Error while processing transaction started event", e, Agent.class.getName()); + } + } + + private void startHarvest(Transaction transaction) { + + if(!IastMonitoring.transactionSelected() || transaction == null || !(transaction.getSecurityMetaData() instanceof SecurityMetaData)) { + return; + } + + if( AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoring() + && !AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().get() + && IastMonitoring.getInstance().getHarvestActive()) { + AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().set(true); + NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute("HARVEST", true); + logger.log(LogLevel.FINEST, "Harvesting started", Agent.class.getName()); + } else { + NewRelicSecurity.getAgent().getSecurityMetaData().removeCustomAttribute("HARVEST"); + logger.log(LogLevel.FINEST, "Harvesting disabled for the transaction", Agent.class.getName()); + } + + } + + @Override + public void dispatcherTransactionCancelled() { + try { + IastMonitoring.collectSampleIfHarvested(); + Transaction transaction = NewRelic.getAgent().getTransaction(); + if (isInitialised() && NewRelicSecurity.isHookProcessingActive()) { + logger.log(LogLevel.FINEST, "Transaction cancelled with token: " + transaction.getSecurityMetaData().toString(), Agent.class.getName()); + ServletHelper.executeBeforeExitingTransaction(); + } + } catch (Exception e){ + logger.log(LogLevel.FINEST, "Error while processing transaction cancelled event", e, Agent.class.getName()); + } + } + + @Override + public void dispatcherTransactionFinished() { + try { + IastMonitoring.collectSampleIfHarvested(); + if (isInitialised() && NewRelicSecurity.isHookProcessingActive()) { + logger.log(LogLevel.FINEST, "Transaction finished with token: " + NewRelic.getAgent().getTransaction().getSecurityMetaData().toString(), Agent.class.getName()); + ServletHelper.executeBeforeExitingTransaction(); + } + } catch (Exception e){ + logger.log(LogLevel.FINEST, "Error while processing transaction finished event", e, Agent.class.getName()); + } + } + } \ No newline at end of file diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java index 9d4414194..492cf5039 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java @@ -8,7 +8,9 @@ package com.newrelic.api.agent.security; import com.newrelic.agent.security.AgentConfig; +import com.newrelic.agent.security.intcodeagent.iast.monitoring.IastMonitoring; import com.newrelic.api.agent.NewRelic; +import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ThreadLocalLockHelper; import com.newrelic.api.agent.security.schema.SecurityMetaData; import org.apache.commons.lang3.StringUtils; @@ -18,7 +20,6 @@ * objects offering additional capabilities. */ public final class NewRelicSecurity { - private static boolean isAgentInitComplete = false; /** * Returns the root of the New Relic Security Java Agent API object hierarchy. @@ -36,9 +37,10 @@ public static SecurityAgent getAgent(){ * {@code false} otherwise. */ public static boolean isHookProcessingActive(){ - return AgentConfig.getInstance().isNRSecurityEnabled() && isAgentInitComplete && Agent.getInstance().isSecurityActive() && !ThreadLocalLockHelper.isLockHeldByCurrentThread() && !isInternalThread() + return AgentConfig.getInstance().isNRSecurityEnabled() && Agent.getInstance().isSecurityActive() && !ThreadLocalLockHelper.isLockHeldByCurrentThread() && !isInternalThread() && NewRelic.getAgent().getTransaction() != null - && NewRelic.getAgent().getTransaction().getSecurityMetaData() instanceof SecurityMetaData; + && NewRelic.getAgent().getTransaction().getSecurityMetaData() instanceof SecurityMetaData + && IastMonitoring.shouldProcessInterception(); // (Agent.getInstance().getSecurityMetaData() != null); } @@ -47,10 +49,7 @@ public static boolean isInternalThread(){ "NR-CSEC", "New Relic", "NewRelic", "Newrelic"); } - /** - * Marks the end of agent init. Hooks can now be processed. - */ - public static void markAgentAsInitialised(){ - isAgentInitComplete = true; + public static String getSecurityMode() { + return AgentConfig.getInstance().getAgentMode().getMode(); } } diff --git a/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java index de8c94f3e..bf36265c9 100644 --- a/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -2,7 +2,6 @@ import com.newrelic.api.agent.NewRelic; import com.newrelic.api.agent.Transaction; -import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.schema.AbstractOperation; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.ServerConnectionConfiguration; @@ -223,4 +222,16 @@ public boolean recordExceptions(SecurityMetaData securityMetaData, Throwable exc public void reportURLMapping() { } + + @Override + public void dispatcherTransactionStarted() { + } + + @Override + public void dispatcherTransactionCancelled() { + } + + @Override + public void dispatcherTransactionFinished() { + } } \ No newline at end of file diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java index ae1943433..29c8cf810 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java @@ -7,8 +7,6 @@ package com.newrelic.api.agent.security; -import java.lang.reflect.Method; - /** * The New Relic Security API. Consumers of this API should add the newrelic-security-api.jar to their classpath. The static methods of * this class form the Security Agent's basic Java API. Use {@link NewRelicSecurity#getAgent} to obtain the root of a hierarchy of @@ -40,4 +38,8 @@ public static boolean isHookProcessingActive(){ * Marks the end of agent init. Hooks can now be processed. */ public static void markAgentAsInitialised(){} + + public static String getSecurityMode(){ + return "IAST"; + } } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java index 429737aa2..b0be3fafc 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java @@ -153,4 +153,19 @@ public void reportURLMapping() { } + @Override + public void dispatcherTransactionStarted() { + + } + + @Override + public void dispatcherTransactionCancelled() { + + } + + @Override + public void dispatcherTransactionFinished() { + + } + } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java index 3d3f9f642..b3476279a 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java @@ -80,4 +80,10 @@ void reportIASTScanFailure(SecurityMetaData securityMetaData, String apiId, Thro boolean recordExceptions(SecurityMetaData securityMetaData, Throwable exception); void reportURLMapping(); + + void dispatcherTransactionStarted(); + + void dispatcherTransactionCancelled(); + + void dispatcherTransactionFinished(); } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/FileHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/FileHelper.java index 5b742396f..0b3ff4fb2 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/FileHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/FileHelper.java @@ -65,7 +65,7 @@ public class FileHelper { public static final String METHOD_NAME_EXISTS = "exists"; public static final String FILE_OPERATION = "FILE_OPERATION"; - public static boolean skipExistsEvent(String filename) { + public static boolean skipExitEvent(String filename) { boolean lockAcquired = ThreadLocalLockHelper.acquireLock(); try { if(lockAcquired) { diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java index ca295a500..0d58a45e3 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java @@ -28,7 +28,7 @@ public class GenericHelper { public static final String ERROR_WHILE_DETECTING_USER_CLASS = "Instrumentation library: %s error while detecting user class"; public static final String ERROR_WHILE_GETTING_ROUTE_FOR_INCOMING_REQUEST = "Instrumentation library: %s , error while getting route for incoming request : %s"; - public static boolean skipExistsEvent() { + public static boolean skipExitEvent() { if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { return true; diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/JdbcHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/JdbcHelper.java index 242a8dbce..2e0ff57b8 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/JdbcHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/JdbcHelper.java @@ -56,7 +56,7 @@ public static String getSql(Statement statement) { return null; } - public static boolean skipExistsEvent() { + public static boolean skipExitEvent() { if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { return true; diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java index 2a21e91a8..b41122d20 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java @@ -18,7 +18,7 @@ public class R2dbcHelper { public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java index a6c57384e..a619133bc 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java @@ -240,7 +240,7 @@ public static void executeBeforeExitingTransaction() { } int responseCode = NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseCode(); - if(responseCode >= 500){ + if(responseCode >= 500 && !StringUtils.equals(NewRelicSecurity.getSecurityMode(), "IAST_MONITORING")){ Exception exception = NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("ENDMOST_EXCEPTION", Exception.class); NewRelicSecurity.getAgent().recordExceptions(NewRelicSecurity.getAgent().getSecurityMetaData(), exception); } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/SecurityMetaData.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/SecurityMetaData.java index aa0a7fab6..aedec9180 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/SecurityMetaData.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/SecurityMetaData.java @@ -95,6 +95,10 @@ public void setFuzzRequestIdentifier(K2RequestIdentifier fuzzRequestIdentifier) this.fuzzRequestIdentifier = fuzzRequestIdentifier; } + public boolean customAttributeContainsKey(String key){ + return customData.containsKey(key); + } + public void addCustomAttribute(String key, Object value) { if(value != null) { this.customData.put(key, value); diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/ReadResult.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/ReadResult.java index 92f6efd4f..775337376 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/ReadResult.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/ReadResult.java @@ -4,7 +4,7 @@ public class ReadResult { private final int statusCode; private final String responseBody; - ReadResult(int statusCode, String responseBody) { + public ReadResult(int statusCode, String responseBody) { this.statusCode = statusCode; this.responseBody = responseBody; } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/RequestLayout.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/RequestLayout.java index 4d04bad01..8e5b84b37 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/RequestLayout.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/RequestLayout.java @@ -3,16 +3,18 @@ public class RequestLayout { private String api; - private String method; - private String endpoint; private String path; private String contentType; private String contentEncoding; - public RequestLayout(String api) { - this.api = api; + public RequestLayout(String postEvent, String post, String path, String contentType, String contentEncoding) { + this.api = postEvent; + this.method = post; + this.path = path; + this.contentType = contentType; + this.contentEncoding = contentEncoding; } public String getApi() { diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/IASTScan.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/IASTScan.java index c18a9be27..19a64d1b4 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/IASTScan.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/IASTScan.java @@ -8,7 +8,9 @@ public class IASTScan { private Boolean enabled = true; private Probing probing = new Probing(); private Boolean restricted = false; + private Boolean monitoring = false; private RestrictionCriteria restrictionCriteria = new RestrictionCriteria(); + private MonitoringMode monitoringMode = new MonitoringMode(); /** * No args constructor for use in serialization @@ -55,4 +57,20 @@ public RestrictionCriteria getRestrictionCriteria() { public void setRestrictionCriteria(RestrictionCriteria restrictionCriteria) { this.restrictionCriteria = restrictionCriteria; } + + public Boolean getMonitoring() { + return monitoring; + } + + public void setMonitoring(Boolean monitoring) { + this.monitoring = monitoring; + } + + public MonitoringMode getMonitoringMode() { + return monitoringMode; + } + + public void setMonitoringMode(MonitoringMode monitoringMode) { + this.monitoringMode = monitoringMode; + } } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/MonitoringMode.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/MonitoringMode.java new file mode 100644 index 000000000..fe0da46cd --- /dev/null +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/MonitoringMode.java @@ -0,0 +1,66 @@ +package com.newrelic.api.agent.security.schema.policy; + +import java.util.concurrent.atomic.AtomicBoolean; + +public class MonitoringMode { + + private int harvestCycle = 60; //in seconds + + private int maxHarvestsPerCycle = 60; + + private AtomicBoolean harvesting = new AtomicBoolean(false); + + private int maxEventQuota = 100; + + private int eventQuotaTimeDuration = 360; //in minutes + + private int repeat = 0; //0 means keep repeating + + public int getHarvestCycle() { + return harvestCycle; + } + + public void setHarvestCycle(int harvestCycle) { + this.harvestCycle = harvestCycle; + } + + public int getMaxHarvestsPerCycle() { + return maxHarvestsPerCycle; + } + + public void setMaxHarvestsPerCycle(int maxHarvestsPerCycle) { + this.maxHarvestsPerCycle = maxHarvestsPerCycle; + } + + public AtomicBoolean getHarvesting() { + return harvesting; + } + + public void setHarvesting(AtomicBoolean harvesting) { + this.harvesting = harvesting; + } + + public int getMaxEventQuota() { + return maxEventQuota; + } + + public void setMaxEventQuota(int maxEventQuota) { + this.maxEventQuota = maxEventQuota; + } + + public int getEventQuotaTimeDuration() { + return eventQuotaTimeDuration; + } + + public void setEventQuotaTimeDuration(int eventQuotaTimeDuration) { + this.eventQuotaTimeDuration = eventQuotaTimeDuration; + } + + public int getRepeat() { + return repeat; + } + + public void setRepeat(int repeat) { + this.repeat = repeat; + } +} diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/ConnectionException.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/ConnectionException.java new file mode 100644 index 000000000..d9cd7468b --- /dev/null +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/ConnectionException.java @@ -0,0 +1,11 @@ +package com.newrelic.api.agent.security.utils; + +public class ConnectionException extends Exception { + public ConnectionException(String message) { + super(message); + } + + public ConnectionException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/SecurityConnection.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/SecurityConnection.java new file mode 100644 index 000000000..2c43bb072 --- /dev/null +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/SecurityConnection.java @@ -0,0 +1,20 @@ +package com.newrelic.api.agent.security.utils; + +import com.newrelic.api.agent.security.schema.http.ReadResult; + +public interface SecurityConnection { + + public void setConnected(boolean connected); + + public boolean isConnected(); + + public boolean isReconnecting(); + + public void setReconnecting(boolean isReconnecting); + + public ReadResult send(Object message, String api) throws ConnectionException; + + public void close(String message); + + public void ping(); +}