From 70acca17b7c01b139f4ff93654e986f7a67889af Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Fri, 4 Oct 2024 13:53:51 +0530 Subject: [PATCH 01/11] Add Transaction start and finish listeners --- .../http/scaladsl/server/AkkaCoreUtils.java | 2 +- .../akka/http/scaladsl/AkkaCoreUtils.java | 2 +- .../akka/http/scaladsl/AkkaCoreUtils.java | 2 +- .../akka/http/scaladsl/AkkaCoreUtils.java | 2 +- .../grpc1220/GrpcServerUtils.java | 2 +- .../grpc140/GrpcServerUtils.java | 2 +- .../grpc1400/GrpcServerUtils.java | 2 +- .../jersey2/HttpRequestHelper.java | 2 +- .../jersey2/HttpRequestHelper.java | 2 +- .../jersey2/HttpRequestHelper.java | 2 +- .../jetty11/HttpServletHelper.java | 2 +- .../jetty12/server/HttpServletHelper.java | 2 +- .../jetty9/HttpServletHelper.java | 2 +- ...ttpRequestToMuleEvent_Instrumentation.java | 2 +- .../async/RequestHandler_Instrumentation.java | 2 +- ...ttpRequestToMuleEvent_Instrumentation.java | 2 +- .../async/RequestHandler_Instrumentation.java | 2 +- .../io/netty400/utils/NettyUtils.java | 2 +- .../io/netty400/utils/NettyUtils.java | 2 +- .../servlet/FilterChain_Instrumentation.java | 2 +- .../javax/servlet/Filter_Instrumentation.java | 2 +- .../servlet/Servlet_Instrumentation.java | 2 +- .../servlet/FilterChain_Instrumentation.java | 2 +- .../servlet/Filter_Instrumentation.java | 2 +- .../servlet/Servlet_Instrumentation.java | 2 +- .../servlet/FilterChain_Instrumentation.java | 2 +- .../servlet/Filter_Instrumentation.java | 2 +- .../servlet/Servlet_Instrumentation.java | 2 +- .../main/scala/spray/can/SprayHttpUtils.java | 2 +- .../src/main/scala/spray/SprayHttpUtils.java | 2 +- .../httpserver/Filter_Instrumentation.java | 2 +- .../HttpHandler_Instrumentation.java | 2 +- .../newrelic/api/agent/security/Agent.java | 37 +++++++++++++++++++ .../newrelic/api/agent/security/Agent.java | 13 ++++++- .../api/agent/security/NoOpAgent.java | 15 ++++++++ .../api/agent/security/SecurityAgent.java | 6 +++ 36 files changed, 102 insertions(+), 33 deletions(-) diff --git a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java index 430dedb60..5d1332f61 100644 --- a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java @@ -65,7 +65,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB } try { token.linkAndExpire(); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); if(!isServletLockAcquired || !NewRelicSecurity.isHookProcessingActive() || Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("RXSS_PROCESSED", Boolean.class))){ return; } diff --git a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index cfd6c386c..982e673d7 100644 --- a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -74,7 +74,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseContentType(contentType); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseBody(response); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(responseCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index 124589903..f9180a31c 100644 --- a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -74,7 +74,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseContentType(contentType); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseBody(responseBody); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(responseCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index 0f36ab5e6..95e5e649b 100644 --- a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -73,7 +73,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseContentType(contentType); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseBody(responseBody); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(responseCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); if(!ServletHelper.isResponseContentTypeExcluded(NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseContentType())) { diff --git a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java index 6a0f04108..7162e182d 100644 --- a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java @@ -99,7 +99,7 @@ public static void postProcessSecurityHook(Metadata metadata, int statusCode, St } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(statusCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java index e4e9431d4..5c91d3fae 100644 --- a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java @@ -103,7 +103,7 @@ public static void postProcessSecurityHook(Metadata metadata, int statusCode, St } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(statusCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java index 90cb822dd..89a09e266 100644 --- a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java @@ -98,7 +98,7 @@ public static void postProcessSecurityHook(Metadata metadata, int statusCode, St } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(statusCode); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 377b367dc..4b1bdb101 100644 --- a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -82,7 +82,7 @@ public static void postProcessSecurityHook(String className, OutboundMessageCont ) { return; } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setHeaders(getHeaders(wrappedMessageContext)); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index a060e849f..0a81d2b32 100644 --- a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -83,7 +83,7 @@ public static void postProcessSecurityHook(String className, OutboundMessageCont if (!NewRelicSecurity.isHookProcessingActive() || Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("RXSS_PROCESSED", Boolean.class))) { return; } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setHeaders(getHeaders(wrappedMessageContext)); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 14d88c1af..f6243c11c 100644 --- a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -82,7 +82,7 @@ public static void postProcessSecurityHook(String className, OutboundMessageCont ) { return; } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setHeaders(getHeaders(wrappedMessageContext)); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java index bd8ca5aed..5dd356c63 100644 --- a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java +++ b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java @@ -186,7 +186,7 @@ public static void postProcessSecurityHook(HttpServletRequest request, HttpServl return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(response.getStatus()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); if(!ServletHelper.isResponseContentTypeExcluded(NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseContentType())){ diff --git a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java index b015e742f..d977ebcc5 100644 --- a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java +++ b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java @@ -182,7 +182,7 @@ public static void postProcessSecurityHook(Request request, Response response, S return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(response.getStatus()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); RXSSOperation rxssOperation = new RXSSOperation(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest(), diff --git a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java index 685b15fbf..e867c11f5 100644 --- a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java +++ b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java @@ -187,7 +187,7 @@ public static void postProcessSecurityHook(HttpServletRequest request, HttpServl return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(response.getStatus()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); if(!ServletHelper.isResponseContentTypeExcluded(NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseContentType())) { diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index 06b0c88ea..9432c246b 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -95,7 +95,7 @@ private static void postProcessSecurityHook() { if (!NewRelicSecurity.isHookProcessingActive()) { return; } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index 8ab323966..d52c20c8e 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -88,7 +88,7 @@ private void postProcessSecurityHook() { if (!NewRelicSecurity.isHookProcessingActive()) { return; } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index cdcec7a2f..df17e1f82 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -94,7 +94,7 @@ private static void postProcessSecurityHook() { if (!NewRelicSecurity.isHookProcessingActive()) { return; } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index 228220de6..af4da8574 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -89,7 +89,7 @@ private void postProcessSecurityHook() { if (!NewRelicSecurity.isHookProcessingActive()) { return; } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java index 81c468ccc..9a20dc00a 100644 --- a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java +++ b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java @@ -193,7 +193,7 @@ public static void sendRXSSEvent(ChannelHandlerContext ctx, Object msg, String c return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(((FullHttpResponse) msg).getStatus().code()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java b/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java index 7901d121d..bfa75b965 100644 --- a/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java +++ b/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java @@ -193,7 +193,7 @@ public static void sendRXSSEvent(ChannelHandlerContext ctx, Object msg, String c return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(((FullHttpResponse) msg).getStatus().code()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java index 1b5a12ea2..4782886cf 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java @@ -104,7 +104,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java index e4cdc168d..dd8439232 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java @@ -105,7 +105,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java index be10a2e4d..42c4b7831 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java @@ -110,7 +110,7 @@ private void postProcessSecurityHook(ServletRequest_Instrumentation request, Ser HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index 1362bbe9c..8dca3e09e 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -103,7 +103,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index e82bf14d1..8999cb5ba 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -105,7 +105,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index 803e80689..5bd6e5900 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -109,7 +109,7 @@ private void postProcessSecurityHook(ServletRequest_Instrumentation request, Ser HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index d602a19d9..5e472486a 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -104,7 +104,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index 5edd9af5c..3336dbf55 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -105,7 +105,7 @@ private void postProcessSecurityHook(ServletRequest request, ServletResponse res HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index 3eb80fe5a..89eb854e9 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -109,7 +109,7 @@ private void postProcessSecurityHook(ServletRequest_Instrumentation request, Ser HttpServletResponse httpServletResponse = (HttpServletResponse) response; NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpServletResponse.getStatus()); } - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/spray-can-1.3.1/src/main/scala/spray/can/SprayHttpUtils.java b/instrumentation-security/spray-can-1.3.1/src/main/scala/spray/can/SprayHttpUtils.java index ad55aa456..946c2099a 100644 --- a/instrumentation-security/spray-can-1.3.1/src/main/scala/spray/can/SprayHttpUtils.java +++ b/instrumentation-security/spray-can-1.3.1/src/main/scala/spray/can/SprayHttpUtils.java @@ -134,7 +134,7 @@ public static void postProcessSecurityHook(HttpResponse httpResponse, String cla } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpResponse.status().intValue()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/spray-http-1.3.1/src/main/scala/spray/SprayHttpUtils.java b/instrumentation-security/spray-http-1.3.1/src/main/scala/spray/SprayHttpUtils.java index 372f4afd3..42f6564d2 100644 --- a/instrumentation-security/spray-http-1.3.1/src/main/scala/spray/SprayHttpUtils.java +++ b/instrumentation-security/spray-http-1.3.1/src/main/scala/spray/SprayHttpUtils.java @@ -133,7 +133,7 @@ public static void postProcessSecurityHook(HttpResponse httpResponse, String cla return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(httpResponse.status().intValue()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java index 83313fc5a..51a7f98a7 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java @@ -84,7 +84,7 @@ private void postProcessSecurityHook(HttpExchange exchange) { return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(exchange.getResponseCode()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java index 13ffb8068..e158c2090 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java @@ -84,7 +84,7 @@ private void postProcessSecurityHook(HttpExchange exchange) { return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(exchange.getResponseCode()); - ServletHelper.executeBeforeExitingTransaction(); +// ServletHelper.executeBeforeExitingTransaction(); //Add request URI hash to low severity event filter LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest()); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index 3a99caef4..389c42d62 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -1100,4 +1100,41 @@ public void reportURLMapping() { SchedulerHelper.getInstance().scheduleURLMappingPosting(AgentUtils::sendApplicationURLMappings); } + @Override + public void dispatcherTransactionStarted() { + try { + Transaction transaction = NewRelic.getAgent().getTransaction(); + if (isInitialised() && NewRelicSecurity.isHookProcessingActive()) { + logger.log(LogLevel.FINEST, "Transaction started with token: " + transaction.getToken().toString(), Agent.class.getName()); + } + } catch (Exception e){ + logger.log(LogLevel.FINEST, "Error while processing transaction started event", e, Agent.class.getName()); + } + } + + @Override + public void dispatcherTransactionCancelled() { + try { + Transaction transaction = NewRelic.getAgent().getTransaction(); + if (isInitialised() && NewRelicSecurity.isHookProcessingActive()) { + logger.log(LogLevel.FINEST, "Transaction cancelled with token: " + transaction.getSecurityMetaData().toString(), Agent.class.getName()); + ServletHelper.executeBeforeExitingTransaction(); + } + } catch (Exception e){ + logger.log(LogLevel.FINEST, "Error while processing transaction cancelled event", e, Agent.class.getName()); + } + } + + @Override + public void dispatcherTransactionFinished() { + try { + if (isInitialised() && NewRelicSecurity.isHookProcessingActive()) { + logger.log(LogLevel.FINEST, "Transaction finished with token: " + NewRelic.getAgent().getTransaction().getSecurityMetaData().toString(), Agent.class.getName()); + ServletHelper.executeBeforeExitingTransaction(); + } + } catch (Exception e){ + logger.log(LogLevel.FINEST, "Error while processing transaction finished event", e, Agent.class.getName()); + } + } + } \ No newline at end of file diff --git a/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java index de8c94f3e..bf36265c9 100644 --- a/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -2,7 +2,6 @@ import com.newrelic.api.agent.NewRelic; import com.newrelic.api.agent.Transaction; -import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.schema.AbstractOperation; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.ServerConnectionConfiguration; @@ -223,4 +222,16 @@ public boolean recordExceptions(SecurityMetaData securityMetaData, Throwable exc public void reportURLMapping() { } + + @Override + public void dispatcherTransactionStarted() { + } + + @Override + public void dispatcherTransactionCancelled() { + } + + @Override + public void dispatcherTransactionFinished() { + } } \ No newline at end of file diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java index 429737aa2..b0be3fafc 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java @@ -153,4 +153,19 @@ public void reportURLMapping() { } + @Override + public void dispatcherTransactionStarted() { + + } + + @Override + public void dispatcherTransactionCancelled() { + + } + + @Override + public void dispatcherTransactionFinished() { + + } + } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java index 3d3f9f642..b3476279a 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java @@ -80,4 +80,10 @@ void reportIASTScanFailure(SecurityMetaData securityMetaData, String apiId, Thro boolean recordExceptions(SecurityMetaData securityMetaData, Throwable exception); void reportURLMapping(); + + void dispatcherTransactionStarted(); + + void dispatcherTransactionCancelled(); + + void dispatcherTransactionFinished(); } From 33c94544a326c7e193645faa77f4bd849c2185b5 Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Tue, 12 Nov 2024 10:51:27 +0530 Subject: [PATCH 02/11] POC code for event sampling --- .../LdapAsyncConnection_Instrumentation.java | 2 +- .../api/LdapConnection_Instrumentation.java | 2 +- .../org/asynchttpclient/AsynchttpHelper.java | 4 +- .../BuilderSupport_Instrumentation.java | 2 +- .../cassandra3/CassandraUtils.java | 2 +- .../cassandra4/CassandraUtils.java | 2 +- ...hContextReferenceImpl_Instrumentation.java | 2 +- .../dynamodb_1_11_390/DynamoDBUtil.java | 2 +- .../dynamodb_1_11_453/DynamoDBUtil.java | 2 +- .../dynamodb_1_11_459/DynamoDBUtil.java | 2 +- .../dynamodb_1_11_80/DynamoDBUtil.java | 2 +- .../dynamodb_210/DynamoDBUtil.java | 2 +- .../dynamodb_212/DynamoDBUtil.java | 2 +- .../dynamodb_215/DynamoDBUtil.java | 2 +- .../random/java/io/File_Instrumentation.java | 2 +- .../PolyglotContextImpl_Instrumentation.java | 2 +- .../PolyglotContextImpl_Instrumentation.java | 2 +- .../javax/naming/Context_Instrumentation.java | 4 +- .../directory/DirContext_Instrumentation.java | 2 +- .../xpath/internal/XPath_Instrumentation.java | 2 +- .../xml/xpath/XPath_Instrumentation.java | 2 +- .../org/jaxen/BaseXPath_Instrumentation.java | 2 +- .../org/jaxen/BaseXPath_Instrumentation.java | 2 +- .../PreparedStatement_Instrumentation.java | 2 +- .../java/sql/Statement_Instrumentation.java | 2 +- ...JtdsPreparedStatement_Instrumentation.java | 2 +- .../jdbc/JtdsStatement_Instrumentation.java | 2 +- ...bstractJdbc2Statement_Instrumentation.java | 2 +- .../jdbc/PgStatement_Instrumentation.java | 2 +- .../AbstractOperation_Instrumentation.java | 2 +- .../AbstractOperation_Instrumentation.java | 2 +- ...actRedisAsyncCommands_Instrumentation.java | 2 +- ...actRedisAsyncCommands_Instrumentation.java | 2 +- .../OperationExecutor_Instrumentation.java | 2 +- .../instrumentation/mongo/MongoUtil.java | 2 +- .../OperationExecutor_Instrumentation.java | 2 +- .../instrumentation/mongo/MongoUtil.java | 2 +- .../OperationExecutor_Instrumentation.java | 2 +- .../instrumentation/mongo/MongoUtil.java | 2 +- .../OperationExecutor_Instrumentation.java | 2 +- .../instrumentation/mongo/MongoUtil.java | 2 +- .../NashornScriptEngine_Instrumentation.java | 2 +- .../okhttp30/OkhttpHelper.java | 4 +- .../okhttp35/OkhttpHelper.java | 4 +- .../okhttp40/OkhttpHelper.java | 4 +- .../h2/client/Client_Instrumentation.java | 2 +- .../ScriptRuntime_Instrumentation.java | 2 +- .../saxpath/XPathReader_Instrumentation.java | 2 +- .../servlet24/HttpServletHelper.java | 3 +- .../impl/HttpSolrServer_Instrumentation.java | 2 +- .../impl/HttpSolrClient_Instrumentation.java | 2 +- .../impl/HttpSolrClient_Instrumentation.java | 2 +- .../impl/HttpSolrClient_Instrumentation.java | 3 +- .../impl/Http2SolrClient_Instrumentation.java | 2 +- .../impl/HttpSolrClient_Instrumentation.java | 3 +- .../impl/Http2SolrClient_Instrumentation.java | 2 +- .../impl/HttpSolrClient_Instrumentation.java | 3 +- .../spring/client5/SpringWebClientHelper.java | 5 +- .../sdk/LDAPInterface_Instrumentation.java | 2 +- ...HttpClientRequestImpl_Instrumentation.java | 2 +- ...HttpClientRequestImpl_Instrumentation.java | 2 +- .../vertx/web/VertxClientHelper.java | 4 +- ...HttpClientRequestImpl_Instrumentation.java | 2 +- .../apache/xpath/XPath_Instrumentation.java | 2 +- .../newrelic/agent/security/AgentConfig.java | 10 ++ .../instrumentator/dispatcher/Dispatcher.java | 3 +- .../iast/monitoring/IastMonitoring.java | 106 ++++++++++++++++++ .../schedulers/SchedulerHelper.java | 8 ++ .../newrelic/api/agent/security/Agent.java | 24 ++++ .../api/agent/security/NewRelicSecurity.java | 16 +-- .../instrumentation/helpers/FileHelper.java | 2 +- .../helpers/GenericHelper.java | 2 +- .../instrumentation/helpers/JdbcHelper.java | 2 +- .../instrumentation/helpers/R2dbcHelper.java | 4 +- .../security/schema/SecurityMetaData.java | 4 + .../security/schema/policy/IASTScan.java | 18 +++ .../schema/policy/MonitoringMode.java | 46 ++++++++ 77 files changed, 299 insertions(+), 93 deletions(-) create mode 100644 newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java create mode 100644 newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/MonitoringMode.java diff --git a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java index 6c7a53102..23d8f4371 100644 --- a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java +++ b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java @@ -25,7 +25,7 @@ public abstract class LdapAsyncConnection_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java index e8283a5fe..4f8401757 100644 --- a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java +++ b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java @@ -25,7 +25,7 @@ public abstract class LdapConnection_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/async-http-client-2.0.0/src/main/java/com/newrelic/agent/security/instrumentation/org/asynchttpclient/AsynchttpHelper.java b/instrumentation-security/async-http-client-2.0.0/src/main/java/com/newrelic/agent/security/instrumentation/org/asynchttpclient/AsynchttpHelper.java index 8088f8749..fccc2b827 100644 --- a/instrumentation-security/async-http-client-2.0.0/src/main/java/com/newrelic/agent/security/instrumentation/org/asynchttpclient/AsynchttpHelper.java +++ b/instrumentation-security/async-http-client-2.0.0/src/main/java/com/newrelic/agent/security/instrumentation/org/asynchttpclient/AsynchttpHelper.java @@ -20,7 +20,7 @@ public class AsynchttpHelper { public static final String METHOD_EXECUTE = "executeRequest"; public static final String ASYNC_HTTP_CLIENT_2_0_0 = "ASYNC_HTTP_CLIENT_2.0.0"; - public static boolean skipExistsEvent() { + public static boolean skipExitEvent() { if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { return true; @@ -81,7 +81,7 @@ public static AbstractOperation preprocessSecurityHook(String url, String classN public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || skipExitEvent() ) { return; } diff --git a/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java b/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java index 4c4b94439..be1c5c55e 100644 --- a/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java +++ b/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java @@ -20,7 +20,7 @@ public class BuilderSupport_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java b/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java index f5f3343c4..c51a12d42 100644 --- a/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java +++ b/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java @@ -80,7 +80,7 @@ public static AbstractOperation preProcessSecurityHook(Statement statement, Conf public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if(operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ){ return; } diff --git a/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java b/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java index be4ff6d1a..bf39de1d0 100644 --- a/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java +++ b/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java @@ -137,7 +137,7 @@ public static void releaseLock(int hashCode) { public static void registerExitOperation(boolean isLockAcquired, AbstractOperation operation) { try { if(operation == null || !isLockAcquired || !NewRelicSecurity.isHookProcessingActive() - || GenericHelper.skipExistsEvent()) { + || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java b/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java index b4abba71d..e47282f90 100644 --- a/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java +++ b/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java @@ -93,7 +93,7 @@ public void removeAll(String xpath, Expression expr) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java index 66a2d18af..49890cf89 100644 --- a/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java @@ -78,7 +78,7 @@ public static AbstractOperation processDynamoDBRequest(Request yRequest, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java index 0478947e0..f0c7ca812 100644 --- a/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java @@ -79,7 +79,7 @@ public static AbstractOperation processDynamoDBRequest(Request yRequest, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java index d981b6199..f56e295de 100644 --- a/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java @@ -88,7 +88,7 @@ public static AbstractOperation processDynamoDBRequest(Request yRequest, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java index 44d708f95..da852fc42 100644 --- a/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java @@ -78,7 +78,7 @@ public static AbstractOperation processDynamoDBRequest(Request yRequest, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java b/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java index 1e59b670f..55ff6722d 100644 --- a/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java @@ -81,7 +81,7 @@ public static AbstractO public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java b/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java index 73f8d5691..b9131e984 100644 --- a/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java @@ -90,7 +90,7 @@ public static AbstractO public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java b/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java index 35c9cc87a..e7a0daab8 100644 --- a/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java @@ -95,7 +95,7 @@ public static AbstractO public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java b/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java index 989790c66..de3d46091 100644 --- a/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java +++ b/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java @@ -27,7 +27,7 @@ public boolean exists() { boolean isOwaspHookEnabled = NewRelicSecurity.getAgent().isLowPriorityInstrumentationEnabled(); AbstractOperation operation = null; - if (isOwaspHookEnabled && isFileLockAcquired && !FileHelper.skipExistsEvent(this.getName()) && LowSeverityHelper.isOwaspHookProcessingNeeded()) { + if (isOwaspHookEnabled && isFileLockAcquired && !FileHelper.skipExitEvent(this.getName()) && LowSeverityHelper.isOwaspHookProcessingNeeded()) { operation = preprocessSecurityHook(true, FileHelper.METHOD_NAME_EXISTS, true, this); } boolean returnVal = false; diff --git a/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java b/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java index 7d7d7c6a4..c73e5f168 100644 --- a/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java +++ b/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java @@ -42,7 +42,7 @@ public Value eval(String languageId, Object sourceImpl) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java b/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java index 43a5cc51c..be61b1a2e 100644 --- a/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java +++ b/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java @@ -42,7 +42,7 @@ public Value eval(String languageId, org.graalvm.polyglot.Source source) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java b/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java index 63c9611c3..1aa08ad3f 100644 --- a/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java +++ b/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java @@ -93,7 +93,7 @@ public Object lookupLink(String name) throws NamingException { private void registerExitOperation(boolean isLockAcquired, List operations) { try { if(operations == null || operations.isEmpty() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } @@ -108,7 +108,7 @@ private void registerExitOperation(boolean isLockAcquired, List search(String name, String filter, Search private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java b/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java index 72e3f93cf..9ec88ed3f 100644 --- a/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java +++ b/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java @@ -67,7 +67,7 @@ public XObject execute( private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java b/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java index 714cf3cba..f8cedd3da 100644 --- a/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java +++ b/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java @@ -104,7 +104,7 @@ public Object evaluate(String expression, Object item, QName returnType) private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java b/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java index 6b837641e..98c6656f1 100644 --- a/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java +++ b/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java @@ -42,7 +42,7 @@ public List selectNodes(Object node) throws JaxenException { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java b/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java index 2a0ec1af5..16058d2aa 100644 --- a/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java +++ b/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java @@ -42,7 +42,7 @@ public List selectNodes(Object node) throws JaxenException { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java b/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java index 3fdb82046..e7a14c25d 100644 --- a/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java +++ b/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java @@ -46,7 +46,7 @@ public abstract class PreparedStatement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java b/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java index 188de5713..667746970 100644 --- a/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java +++ b/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java @@ -34,7 +34,7 @@ public abstract class Statement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java b/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java index 4c41e222d..2b7ff9e30 100644 --- a/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java +++ b/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java @@ -38,7 +38,7 @@ public abstract class JtdsPreparedStatement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsStatement_Instrumentation.java b/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsStatement_Instrumentation.java index 95d6ad062..29ed545af 100644 --- a/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsStatement_Instrumentation.java +++ b/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsStatement_Instrumentation.java @@ -32,7 +32,7 @@ public abstract class JtdsStatement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java b/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java index 3fb4d314f..891c8bc14 100644 --- a/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java @@ -38,7 +38,7 @@ public abstract class AbstractJdbc2Statement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java b/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java index e032d4204..e34e0f933 100644 --- a/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java @@ -43,7 +43,7 @@ public abstract class PgStatement_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || JdbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java b/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java index 3d3eda502..8eedf2888 100644 --- a/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java +++ b/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java @@ -41,7 +41,7 @@ protected Response invoke(final Q request) private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api.agent.security.schema.AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java b/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java index 76a624163..54dc1ef4f 100644 --- a/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java +++ b/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java @@ -40,7 +40,7 @@ protected Q configureRequest(final Q request) private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api.agent.security.schema.AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java b/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java index ecd38c40e..977fa223f 100644 --- a/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java +++ b/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java @@ -53,7 +53,7 @@ public AsyncCommand dispatch(RedisCommand_Instrumentation private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api.agent.security.schema.AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java b/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java index dd0c585f3..42dfc3778 100644 --- a/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java +++ b/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java @@ -56,7 +56,7 @@ public AsyncCommand dispatch(RedisCommand_Instrumentation private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api.agent.security.schema.AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/OperationExecutor_Instrumentation.java b/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/OperationExecutor_Instrumentation.java index 9d61a25b1..135ccdfe5 100644 --- a/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/OperationExecutor_Instrumentation.java +++ b/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/OperationExecutor_Instrumentation.java @@ -17,7 +17,7 @@ public abstract class OperationExecutor_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index eafa27c08..eb4c451c8 100644 --- a/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -95,7 +95,7 @@ public static AbstractOperation recordMongoOperation(List command, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java b/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java index a33cbe032..818949c12 100644 --- a/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java +++ b/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java @@ -19,7 +19,7 @@ abstract class OperationExecutor_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api.agent.security.schema.AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index b9c156603..75ef82721 100644 --- a/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -107,7 +107,7 @@ public static AbstractOperation recordMongoOperation(List command, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java b/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java index 31b2762a0..cc29f6f49 100644 --- a/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java +++ b/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java @@ -21,7 +21,7 @@ public abstract class OperationExecutor_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index b2c9efea7..9a0b8b988 100644 --- a/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -105,7 +105,7 @@ public static AbstractOperation recordMongoOperation(List command, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java b/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java index 4e89a0475..ca408a4e8 100644 --- a/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java +++ b/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java @@ -22,7 +22,7 @@ public abstract class OperationExecutor_Instrumentation { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index 6ac31af4e..1a6290da3 100644 --- a/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -93,7 +93,7 @@ public static AbstractOperation recordMongoOperation(List command, public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java b/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java index 25b8007db..4f0a05111 100644 --- a/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java +++ b/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java @@ -63,7 +63,7 @@ private Object evalImpl(final Source src, final ScriptContext ctxt) throws Scrip private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java b/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java index deb8b30f2..33b2fe877 100644 --- a/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java +++ b/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java @@ -18,7 +18,7 @@ public class OkhttpHelper { public static final String METHOD_EXECUTE = "execute"; public static final String OKHTTP_3_0_0 = "OKHTTP-3.0.0"; - public static boolean skipExistsEvent() { + public static boolean skipExitEvent() { if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { return true; @@ -58,7 +58,7 @@ public static AbstractOperation preprocessSecurityHook(String url, String classN public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || OkhttpHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || OkhttpHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java b/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java index 954687e05..9c3ebb352 100644 --- a/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java +++ b/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java @@ -18,7 +18,7 @@ public class OkhttpHelper { public static final String METHOD_EXECUTE = "execute"; public static final String OKHTTP_3_5_0 = "OKHTTP-3.5.0"; - public static boolean skipExistsEvent() { + public static boolean skipExitEvent() { if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { return true; @@ -56,7 +56,7 @@ public static AbstractOperation preprocessSecurityHook(String url, String classN public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || OkhttpHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || OkhttpHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java b/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java index 2274e5ef7..82fc8f7bf 100644 --- a/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java +++ b/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java @@ -18,7 +18,7 @@ public class OkhttpHelper { public static final String METHOD_EXECUTE = "execute"; public static final String OKHTTP_4_0_0 = "OKHTTP-4.0.0"; - public static boolean skipExistsEvent() { + public static boolean skipExitEvent() { if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { return true; @@ -57,7 +57,7 @@ public static AbstractOperation preprocessSecurityHook(String url, String classN public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || OkhttpHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || OkhttpHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java b/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java index 99d5ea4db..da148235b 100644 --- a/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java +++ b/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java @@ -40,7 +40,7 @@ public void execute(String sql) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || R2dbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || R2dbcHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java b/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java index 7a5c2ffbc..001d89110 100644 --- a/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java +++ b/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java @@ -44,7 +44,7 @@ public static Object doTopCall(Callable callable, Context_Instrumentation cx, Sc private static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java b/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java index fd01d9a7b..d3a09ad08 100644 --- a/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java +++ b/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java @@ -37,7 +37,7 @@ public void parse(String xpath) throws SAXPathException { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java b/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java index 272fe95d2..1cf9e25e1 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java +++ b/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java @@ -93,8 +93,7 @@ public static String getTraceHeader(Map headers) { public static boolean isServletLockAcquired() { try { - return NewRelicSecurity.isHookProcessingActive() && - Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); + return Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); } catch (Throwable ignored) {} return false; } diff --git a/instrumentation-security/solr-4.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrServer_Instrumentation.java b/instrumentation-security/solr-4.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrServer_Instrumentation.java index d29563dc9..293d59b04 100644 --- a/instrumentation-security/solr-4.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrServer_Instrumentation.java +++ b/instrumentation-security/solr-4.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrServer_Instrumentation.java @@ -59,7 +59,7 @@ public NamedList request(final SolrRequest request, ResponseParser proce private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-5.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java b/instrumentation-security/solr-5.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java index 8d7596c8d..58852d843 100644 --- a/instrumentation-security/solr-5.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java +++ b/instrumentation-security/solr-5.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java @@ -59,7 +59,7 @@ public NamedList request(final SolrRequest request, final ResponseParser private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-5.1.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java b/instrumentation-security/solr-5.1.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java index 875a0d378..0c730a61e 100644 --- a/instrumentation-security/solr-5.1.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java +++ b/instrumentation-security/solr-5.1.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java @@ -59,7 +59,7 @@ public NamedList request(final SolrRequest request, final ResponseParser private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-7.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java b/instrumentation-security/solr-7.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java index 350b41f12..4459cfe1b 100644 --- a/instrumentation-security/solr-7.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java +++ b/instrumentation-security/solr-7.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java @@ -29,7 +29,6 @@ import java.util.Collections; import java.util.List; import java.util.Map; -import java.util.logging.Level; @Weave(type = MatchType.ExactClass, originalName = "org.apache.solr.client.solrj.impl.HttpSolrClient") public abstract class HttpSolrClient_Instrumentation { @@ -63,7 +62,7 @@ public NamedList request(@SuppressWarnings({"rawtypes"})final SolrReques private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java b/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java index 662098275..4d9a817b5 100644 --- a/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java +++ b/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java @@ -62,7 +62,7 @@ public NamedList request(SolrRequest solrRequest, private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java b/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java index a02577462..08199a0e9 100644 --- a/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java +++ b/instrumentation-security/solr-8.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java @@ -29,7 +29,6 @@ import java.util.Collections; import java.util.List; import java.util.Map; -import java.util.logging.Level; @Weave(type = MatchType.ExactClass, originalName = "org.apache.solr.client.solrj.impl.HttpSolrClient") public abstract class HttpSolrClient_Instrumentation { @@ -63,7 +62,7 @@ public NamedList request(@SuppressWarnings({"rawtypes"})final SolrReques private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java b/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java index 03e576a68..591e47245 100644 --- a/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java +++ b/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/Http2SolrClient_Instrumentation.java @@ -60,7 +60,7 @@ public NamedList request(SolrRequest solrRequest, String collection) private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java b/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java index 7806af9b2..e664fad2c 100644 --- a/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java +++ b/instrumentation-security/solr-9.0.0/src/main/java/org/apache/solr/client/solrj/impl/HttpSolrClient_Instrumentation.java @@ -29,7 +29,6 @@ import java.util.Collections; import java.util.List; import java.util.Map; -import java.util.logging.Level; @Weave(type = MatchType.ExactClass, originalName = "org.apache.solr.client.solrj.impl.HttpSolrClient") public abstract class HttpSolrClient_Instrumentation { @@ -63,7 +62,7 @@ public NamedList request(@SuppressWarnings({"rawtypes"})final SolrReques private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java b/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java index 9c8a58a4a..18d7172d2 100644 --- a/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java +++ b/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java @@ -14,7 +14,6 @@ import java.net.URI; import java.util.ArrayList; -import java.util.List; public class SpringWebClientHelper { @@ -61,7 +60,7 @@ public static AbstractOperation preprocessSecurityHook(URI url, HttpMethod metho public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || skipExitEvent() ) { return; } @@ -71,7 +70,7 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } } - public static boolean skipExistsEvent() { + public static boolean skipExitEvent() { if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { return true; diff --git a/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java b/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java index 6ff09631d..69a82f6eb 100644 --- a/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java +++ b/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java @@ -39,7 +39,7 @@ public SearchResult search(final SearchRequest searchRequest) private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java b/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java index 2e3565615..8ea102eaa 100644 --- a/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java +++ b/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java @@ -109,7 +109,7 @@ private void addSecurityHeaders(MultiMap headers, AbstractOperation operation) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java b/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java index bc671b229..6ce84634d 100644 --- a/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java +++ b/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java @@ -110,7 +110,7 @@ private void addSecurityHeaders(MultiMap headers, AbstractOperation operation) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java b/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java index e3669b7cc..d004e73f2 100644 --- a/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java +++ b/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java @@ -74,7 +74,7 @@ public static void addSecurityHeaders(MultiMap headers, AbstractOperation operat public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || skipExitEvent() ) { return; } @@ -84,7 +84,7 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } } - public static boolean skipExistsEvent() { + public static boolean skipExitEvent() { if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { return true; diff --git a/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java b/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java index 8c64cf881..de9717af6 100644 --- a/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java +++ b/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java @@ -138,7 +138,7 @@ private void addSecurityHeaders(MultiMap headers, AbstractOperation operation) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java b/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java index 7250b91c6..c33d62dad 100644 --- a/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java +++ b/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java @@ -45,7 +45,7 @@ public XObject execute(XPathContext var1, Node var2, PrefixResolver var3) throws private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java index b847535f1..57108d576 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java @@ -160,6 +160,9 @@ private void instantiateAgentMode(String groupName) throws RestrictionModeExcept throw e; } break; + case "IAST_MONITORING": + readIastMonitoringConfig(); + break; default: //this is default case which requires no changes break; @@ -179,6 +182,13 @@ private void instantiateAgentMode(String groupName) throws RestrictionModeExcept logger.log(LogLevel.INFO, String.format("Security Agent Modes and Config : %s", agentMode), AgentConfig.class.getName()); } + private void readIastMonitoringConfig() { + this.agentMode.getIastScan().setEnabled(false); + this.agentMode.getRaspScan().setEnabled(false); + this.agentMode.getIastScan().setRestricted(false); + this.agentMode.getIastScan().setMonitoring(true); + } + private void readSkipScan() throws RestrictionModeException { try { agentMode.getSkipScan().setApis(NewRelic.getAgent().getConfig().getValue(SKIP_IAST_SCAN_API, Collections.emptyList())); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java index 0acc7370e..b8e783c81 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java @@ -317,8 +317,7 @@ public boolean isPrimitiveType(Class clazz) { private JavaAgentEventBean processFileOperationEvent(JavaAgentEventBean eventBean, FileOperation fileOperationalBean) { prepareFileEvent(eventBean, fileOperationalBean); String URL = StringUtils.substringBefore(securityMetaData.getRequest().getUrl(), QUESTION_CHAR); - if (!(AgentUtils.getInstance().getAgentPolicy().getVulnerabilityScan().getEnabled() - && AgentUtils.getInstance().getAgentPolicy().getVulnerabilityScan().getIastScan().getEnabled()) && allowedExtensionFileIO(eventBean.getParameters(), eventBean.getSourceMethod(), URL)) { + if (allowedExtensionFileIO(eventBean.getParameters(), eventBean.getSourceMethod(), URL)) { // Event is bypassed. Drop it. return null; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java new file mode 100644 index 000000000..132beb74f --- /dev/null +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java @@ -0,0 +1,106 @@ +package com.newrelic.agent.security.intcodeagent.iast.monitoring; + +import com.newrelic.agent.security.AgentConfig; +import com.newrelic.agent.security.AgentInfo; +import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.api.agent.security.NewRelicSecurity; +import com.newrelic.api.agent.security.utils.logging.LogLevel; + +import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicInteger; + +public class IastMonitoring { + + private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); + + private final AtomicBoolean harvestActive = new AtomicBoolean(false); + private final AtomicInteger harvestCycleCount = new AtomicInteger(); + private final AtomicInteger remainingHarvestRequests = new AtomicInteger(); + private final AtomicInteger requestHarvested = new AtomicInteger(); + + private static final class InstanceHolder { + static final IastMonitoring instance = new IastMonitoring(); + } + + private IastMonitoring() { + } + + public static IastMonitoring getInstance() { + return InstanceHolder.instance; + } + + public boolean getHarvestActive() { + return harvestActive.get(); + } + + public void setHarvestActive(boolean harvestActive) { + this.harvestActive.set(harvestActive); + } + + public int getHarvestCycleCount() { + return harvestCycleCount.get(); + } + + public void incrementHarvestCycleCount() { + harvestCycleCount.incrementAndGet(); + } + + public int decrementRemainingHarvestRequests() { + return remainingHarvestRequests.decrementAndGet(); + } + + public void setRemainingHarvestRequests(int remainingHarvestRequests) { + this.remainingHarvestRequests.set(remainingHarvestRequests); + } + + public void setRequestHarvested(int requestHarvested) { + this.requestHarvested.set(requestHarvested); + } + + public int getRequestHarvested() { + return requestHarvested.get(); + } + + public void incrementRequestHarvested() { + requestHarvested.incrementAndGet(); + } + + public int getRemainingHarvestRequests() { + return remainingHarvestRequests.get(); + } + + public static void sampleData() { + if(IastMonitoring.getInstance().getHarvestCycleCount() % 12 == 0){ + IastMonitoring.getInstance().setRemainingHarvestRequests(0); + } + IastMonitoring.getInstance().setHarvestActive(true); + IastMonitoring.getInstance().setRemainingHarvestRequests(IastMonitoring.getInstance().getRemainingHarvestRequests() + 5); + IastMonitoring.getInstance().setRequestHarvested(0); + IastMonitoring.getInstance().incrementHarvestCycleCount(); + logger.log( LogLevel.FINEST, String.format("IAST Monitoring: Sampling of Data Started for cycle %s can harvest %s requests", IastMonitoring.getInstance().getHarvestCycleCount(), IastMonitoring.getInstance().getRemainingHarvestRequests()), IastMonitoring.class.getName()); + } + + public static void collectSampleIfHarvested() { + if(AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().get()) { + + AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().set(false); + NewRelicSecurity.getAgent().getSecurityMetaData().removeCustomAttribute("HARVEST"); + IastMonitoring.getInstance().incrementRequestHarvested(); + int remaining = IastMonitoring.getInstance().decrementRemainingHarvestRequests(); + if(remaining <= 0){ + IastMonitoring.getInstance().setHarvestActive(false); + logger.log(LogLevel.FINEST, "IAST Monitoring: Harvesting Completed", IastMonitoring.class.getName()); + } + logger.log( LogLevel.FINEST, String.format("IAST Monitoring: %s:%s Sample collected", IastMonitoring.getInstance().getHarvestCycleCount(), IastMonitoring.getInstance().getRequestHarvested()), IastMonitoring.class.getName()); + } + } + + public static boolean shouldProcessInterception() { + if(AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoring()) { + return IastMonitoring.getInstance().getHarvestActive() && NewRelicSecurity.getAgent().getSecurityMetaData().customAttributeContainsKey("HARVEST") && NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("HARVEST", Boolean.class); + } else { + return true; + } + } + +} diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java index 5e1ea25b9..b927ed325 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java @@ -1,5 +1,6 @@ package com.newrelic.agent.security.intcodeagent.schedulers; +import com.newrelic.agent.security.AgentConfig; import com.newrelic.agent.security.intcodeagent.filelogging.LogFileHelper; import com.newrelic.agent.security.intcodeagent.logging.IAgentConstants; import com.newrelic.agent.security.util.IUtilConstants; @@ -103,4 +104,11 @@ public void scheduleURLMappingPosting(Runnable runnable) { ScheduledFuture future = commonExecutor.schedule(runnable, 60, TimeUnit.SECONDS); scheduledFutureMap.put(IAgentConstants.JSON_SEC_APPLICATION_URL_MAPPING, future); } + + public void scheduleSampling(Runnable runnable, long initialDelay, long delay, TimeUnit unit) { + if(AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoring()) { + ScheduledFuture future = commonExecutor.scheduleAtFixedRate(runnable, initialDelay, delay, unit); + scheduledFutureMap.put("sampling", future); + } + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index 389c42d62..8e7889537 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -15,6 +15,7 @@ import com.newrelic.agent.security.intcodeagent.exceptions.RestrictionModeException; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.filelogging.LogFileHelper; +import com.newrelic.agent.security.intcodeagent.iast.monitoring.IastMonitoring; import com.newrelic.agent.security.intcodeagent.models.javaagent.*; import com.newrelic.agent.security.intcodeagent.utils.*; import com.newrelic.api.agent.security.instrumentation.helpers.*; @@ -255,6 +256,7 @@ private void startSecurityServices() { SchedulerHelper.getInstance().scheduleApplicationRuntimeErrorPosting(RuntimeErrorReporter.getInstance()::reportApplicationRuntimeError, 30 , 30, TimeUnit.SECONDS); SchedulerHelper.getInstance().scheduleDailyLogRollover(LogFileHelper::performDailyRollover); + SchedulerHelper.getInstance().scheduleSampling(IastMonitoring::sampleData, 0, 5, TimeUnit.SECONDS); logger.logInit( LogLevel.INFO, String.format(STARTED_MODULE_LOG, AgentServices.HealthCheck.name()), @@ -1104,6 +1106,9 @@ public void reportURLMapping() { public void dispatcherTransactionStarted() { try { Transaction transaction = NewRelic.getAgent().getTransaction(); + + startHarvest(transaction); + if (isInitialised() && NewRelicSecurity.isHookProcessingActive()) { logger.log(LogLevel.FINEST, "Transaction started with token: " + transaction.getToken().toString(), Agent.class.getName()); } @@ -1112,9 +1117,27 @@ public void dispatcherTransactionStarted() { } } + private void startHarvest(Transaction transaction) { + if(transaction == null || !(transaction.getSecurityMetaData() instanceof SecurityMetaData)) { + return; + } + + if( AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoring() + && !AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().get()) { + AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().set(true); + NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute("HARVEST", true); + logger.log(LogLevel.FINEST, "Harvesting started", Agent.class.getName()); + } else { + NewRelicSecurity.getAgent().getSecurityMetaData().removeCustomAttribute("HARVEST"); + logger.log(LogLevel.FINEST, "Harvesting disabled for the transaction", Agent.class.getName()); + } + + } + @Override public void dispatcherTransactionCancelled() { try { + IastMonitoring.collectSampleIfHarvested(); Transaction transaction = NewRelic.getAgent().getTransaction(); if (isInitialised() && NewRelicSecurity.isHookProcessingActive()) { logger.log(LogLevel.FINEST, "Transaction cancelled with token: " + transaction.getSecurityMetaData().toString(), Agent.class.getName()); @@ -1128,6 +1151,7 @@ public void dispatcherTransactionCancelled() { @Override public void dispatcherTransactionFinished() { try { + IastMonitoring.collectSampleIfHarvested(); if (isInitialised() && NewRelicSecurity.isHookProcessingActive()) { logger.log(LogLevel.FINEST, "Transaction finished with token: " + NewRelic.getAgent().getTransaction().getSecurityMetaData().toString(), Agent.class.getName()); ServletHelper.executeBeforeExitingTransaction(); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java index cfe7f0b2e..7da12a19f 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java @@ -7,7 +7,10 @@ package com.newrelic.api.agent.security; +import com.newrelic.agent.security.AgentConfig; +import com.newrelic.agent.security.intcodeagent.iast.monitoring.IastMonitoring; import com.newrelic.api.agent.NewRelic; +import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ThreadLocalLockHelper; import com.newrelic.api.agent.security.schema.SecurityMetaData; import org.apache.commons.lang3.StringUtils; @@ -17,7 +20,6 @@ * objects offering additional capabilities. */ public final class NewRelicSecurity { - private static boolean isAgentInitComplete = false; /** * Returns the root of the New Relic Security Java Agent API object hierarchy. @@ -35,9 +37,10 @@ public static SecurityAgent getAgent(){ * {@code false} otherwise. */ public static boolean isHookProcessingActive(){ - return !ThreadLocalLockHelper.isLockHeldByCurrentThread() && isAgentInitComplete && Agent.getInstance().isSecurityActive() && !isInternalThread() + return AgentConfig.getInstance().isNRSecurityEnabled() && Agent.getInstance().isSecurityActive() && !ThreadLocalLockHelper.isLockHeldByCurrentThread() && !isInternalThread() && NewRelic.getAgent().getTransaction() != null - && NewRelic.getAgent().getTransaction().getSecurityMetaData() instanceof SecurityMetaData; + && NewRelic.getAgent().getTransaction().getSecurityMetaData() instanceof SecurityMetaData + && IastMonitoring.shouldProcessInterception(); // (Agent.getInstance().getSecurityMetaData() != null); } @@ -45,11 +48,4 @@ public static boolean isInternalThread(){ return StringUtils.startsWithAny(Thread.currentThread().getName(), "NR-CSEC", "New Relic", "NewRelic", "Newrelic"); } - - /** - * Marks the end of agent init. Hooks can now be processed. - */ - public static void markAgentAsInitialised(){ - isAgentInitComplete = true; - } } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/FileHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/FileHelper.java index ffc269e9a..ab6bd7f1a 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/FileHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/FileHelper.java @@ -65,7 +65,7 @@ public class FileHelper { public static final String METHOD_NAME_EXISTS = "exists"; public static final String FILE_OPERATION = "FILE_OPERATION"; - public static boolean skipExistsEvent(String filename) { + public static boolean skipExitEvent(String filename) { boolean lockAcquired = ThreadLocalLockHelper.acquireLock(); try { if(lockAcquired) { diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java index c68d6a1bb..dfd1a93cd 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java @@ -28,7 +28,7 @@ public class GenericHelper { public static final String ERROR_WHILE_DETECTING_USER_CLASS = "Instrumentation library: %s error while detecting user class"; public static final String ERROR_WHILE_GETTING_ROUTE_FOR_INCOMING_REQUEST = "Instrumentation library: %s , error while getting route for incoming request : %s"; - public static boolean skipExistsEvent() { + public static boolean skipExitEvent() { if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { return true; diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/JdbcHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/JdbcHelper.java index 265ce1e79..92a789871 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/JdbcHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/JdbcHelper.java @@ -56,7 +56,7 @@ public static String getSql(Statement statement) { return null; } - public static boolean skipExistsEvent() { + public static boolean skipExitEvent() { if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { return true; diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java index 680dec0ec..3d70bb0d0 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java @@ -18,7 +18,7 @@ public class R2dbcHelper { public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || com.newrelic.api.agent.security.instrumentation.helpers.R2dbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || com.newrelic.api.agent.security.instrumentation.helpers.R2dbcHelper.skipExitEvent() ) { return; } @@ -56,7 +56,7 @@ public static AbstractOperation preprocessSecurityHook(String sql, String method return null; } - public static boolean skipExistsEvent() { + public static boolean skipExitEvent() { if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { return true; diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/SecurityMetaData.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/SecurityMetaData.java index aa0a7fab6..aedec9180 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/SecurityMetaData.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/SecurityMetaData.java @@ -95,6 +95,10 @@ public void setFuzzRequestIdentifier(K2RequestIdentifier fuzzRequestIdentifier) this.fuzzRequestIdentifier = fuzzRequestIdentifier; } + public boolean customAttributeContainsKey(String key){ + return customData.containsKey(key); + } + public void addCustomAttribute(String key, Object value) { if(value != null) { this.customData.put(key, value); diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/IASTScan.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/IASTScan.java index c18a9be27..19a64d1b4 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/IASTScan.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/IASTScan.java @@ -8,7 +8,9 @@ public class IASTScan { private Boolean enabled = true; private Probing probing = new Probing(); private Boolean restricted = false; + private Boolean monitoring = false; private RestrictionCriteria restrictionCriteria = new RestrictionCriteria(); + private MonitoringMode monitoringMode = new MonitoringMode(); /** * No args constructor for use in serialization @@ -55,4 +57,20 @@ public RestrictionCriteria getRestrictionCriteria() { public void setRestrictionCriteria(RestrictionCriteria restrictionCriteria) { this.restrictionCriteria = restrictionCriteria; } + + public Boolean getMonitoring() { + return monitoring; + } + + public void setMonitoring(Boolean monitoring) { + this.monitoring = monitoring; + } + + public MonitoringMode getMonitoringMode() { + return monitoringMode; + } + + public void setMonitoringMode(MonitoringMode monitoringMode) { + this.monitoringMode = monitoringMode; + } } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/MonitoringMode.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/MonitoringMode.java new file mode 100644 index 000000000..fc90c274e --- /dev/null +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/MonitoringMode.java @@ -0,0 +1,46 @@ +package com.newrelic.api.agent.security.schema.policy; + +import java.util.concurrent.atomic.AtomicBoolean; + +public class MonitoringMode { + + private int harvestCycle = 60; //in seconds + + private int maxHarvestsPerCycle = 60; + + private AtomicBoolean harvesting = new AtomicBoolean(false); + + private int max_event_quota = 100; + + public int getHarvestCycle() { + return harvestCycle; + } + + public void setHarvestCycle(int harvestCycle) { + this.harvestCycle = harvestCycle; + } + + public int getMaxHarvestsPerCycle() { + return maxHarvestsPerCycle; + } + + public void setMaxHarvestsPerCycle(int maxHarvestsPerCycle) { + this.maxHarvestsPerCycle = maxHarvestsPerCycle; + } + + public AtomicBoolean getHarvesting() { + return harvesting; + } + + public void setHarvesting(AtomicBoolean harvesting) { + this.harvesting = harvesting; + } + + public int getMax_event_quota() { + return max_event_quota; + } + + public void setMax_event_quota(int max_event_quota) { + this.max_event_quota = max_event_quota; + } +} From b9d0aa1cf23a22bf38f49cca18762f3a4f0a3b6a Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Tue, 12 Nov 2024 11:32:42 +0530 Subject: [PATCH 03/11] Add check for harvest active --- .../src/main/java/com/newrelic/api/agent/security/Agent.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index 8e7889537..477dbe86c 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -1123,7 +1123,8 @@ private void startHarvest(Transaction transaction) { } if( AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoring() - && !AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().get()) { + && !AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().get() + && IastMonitoring.getInstance().getHarvestActive()) { AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().set(true); NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute("HARVEST", true); logger.log(LogLevel.FINEST, "Harvesting started", Agent.class.getName()); From 5ce1a27c07da7bea9bf710d5d9efb92e658366a9 Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Tue, 12 Nov 2024 16:55:49 +0530 Subject: [PATCH 04/11] Add data models to store harvest info --- .../instrumentator/utils/HashGenerator.java | 43 ---------------- .../iast/monitoring/IastMonitoring.java | 49 +++++++++++++++++++ .../newrelic/api/agent/security/Agent.java | 7 +++ 3 files changed, 56 insertions(+), 43 deletions(-) diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java index dc6f5914c..f8b80bd21 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java @@ -104,49 +104,6 @@ private static String convertByteArrayToHexString(byte[] arrayBytes) { return stringBuffer.toString(); } - public static void updateShaAndSize(DeployedApplication deployedApplication) { - File deplyementDirFile = new File(deployedApplication.getDeployedPath()); - if (StringUtils.isBlank(deployedApplication.getDeployedPath())) { - logger.log(LogLevel.WARNING, "Empty deployed path detected. Not calculating SHA256 & size.", HashGenerator.class.getName()); - return; - } - if (deplyementDirFile.isFile()) { - deployedApplication.setSha256(getChecksum(deplyementDirFile)); - deployedApplication.setSize(FileUtils.byteCountToDisplaySize(FileUtils.sizeOf(deplyementDirFile))); - } else { - deployedApplication.setSha256(getSHA256ForDirectory(deplyementDirFile.getAbsolutePath())); - deployedApplication.setSize(FileUtils.byteCountToDisplaySize(FileUtils.sizeOfDirectory(deplyementDirFile))); - } - } - - public static String getSHA256ForDirectory(String file) { - try { - File dir = new File(file); - if (dir.isDirectory()) { - List sha256s = new ArrayList<>(); - Collection allFiles = FileUtils.listFiles(dir, TrueFileFilter.INSTANCE, TrueFileFilter.INSTANCE); - List sortedFiles = new ArrayList<>(allFiles); - Collections.sort(sortedFiles); - for (File tempFile : sortedFiles) { - String extension = FilenameUtils.getExtension(tempFile.getName()); - if (OTHER_CRITICAL_FILE_EXT.contains(extension) - || JAVA_APPLICATION_ALLOWED_FILE_EXT.contains(extension)) { - sha256s.add(getChecksum(tempFile)); - } - } - return getSHA256HexDigest(sha256s); - } - } catch (Exception e) { - logger.log(LogLevel.SEVERE, ERROR, e, HashGenerator.class.getName()); - } - return null; - } - - public static String getSHA256HexDigest(List data) { - data.removeAll(Collections.singletonList(null)); - String input = StringUtils.join(data); - return getChecksum(input); - } public static String getSHA256HexDigest(String data) { String input = StringUtils.join(data); return getChecksum(input); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java index 132beb74f..05a6ff582 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java @@ -4,8 +4,12 @@ import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.api.agent.security.NewRelicSecurity; +import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.utils.logging.LogLevel; +import org.apache.commons.lang3.StringUtils; +import java.util.Map; +import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicInteger; @@ -18,6 +22,10 @@ public class IastMonitoring { private final AtomicInteger remainingHarvestRequests = new AtomicInteger(); private final AtomicInteger requestHarvested = new AtomicInteger(); + private Map harvestedTraceId = new ConcurrentHashMap<>(); + private Map harvestedAPI = new ConcurrentHashMap<>(); + + private static final class InstanceHolder { static final IastMonitoring instance = new IastMonitoring(); } @@ -69,7 +77,24 @@ public int getRemainingHarvestRequests() { return remainingHarvestRequests.get(); } + public Map getHarvestedTraceId() { + return harvestedTraceId; + } + + public void incrementHarvestedTraceId(String traceId) { + harvestedTraceId.put(traceId, harvestedTraceId.getOrDefault(traceId, 0) + 1); + } + + public Map getHarvestedAPI() { + return harvestedAPI; + } + + public void incrementHarvestedAPI(String api) { + harvestedAPI.put(api, harvestedAPI.getOrDefault(api, 0) + 1); + } + public static void sampleData() { + logger.log( LogLevel.FINEST, String.format("following are the harvested APIs in last harvest cycle : %s", IastMonitoring.getInstance().getHarvestedAPI()), IastMonitoring.class.getName()); if(IastMonitoring.getInstance().getHarvestCycleCount() % 12 == 0){ IastMonitoring.getInstance().setRemainingHarvestRequests(0); } @@ -77,12 +102,28 @@ public static void sampleData() { IastMonitoring.getInstance().setRemainingHarvestRequests(IastMonitoring.getInstance().getRemainingHarvestRequests() + 5); IastMonitoring.getInstance().setRequestHarvested(0); IastMonitoring.getInstance().incrementHarvestCycleCount(); + IastMonitoring.getInstance().getHarvestedAPI().clear(); logger.log( LogLevel.FINEST, String.format("IAST Monitoring: Sampling of Data Started for cycle %s can harvest %s requests", IastMonitoring.getInstance().getHarvestCycleCount(), IastMonitoring.getInstance().getRemainingHarvestRequests()), IastMonitoring.class.getName()); } + public static void resetEventSampler() { + IastMonitoring.getInstance().setRemainingHarvestRequests(0); + IastMonitoring.getInstance().getHarvestedAPI().clear(); + IastMonitoring.getInstance().getHarvestedTraceId().clear(); + logger.log( LogLevel.FINEST, String.format("IAST Monitoring: Sampling of Data Stopped for cycle %s", IastMonitoring.getInstance().getHarvestCycleCount()), IastMonitoring.class.getName()); + } + + public static void collectSampleIfHarvested() { if(AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().get()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null) { + SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); + if(StringUtils.isNotBlank(securityMetaData.getRequest().getUrl())){ + IastMonitoring.getInstance().incrementHarvestedAPI(securityMetaData.getRequest().getUrl()); + } + } + AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().set(false); NewRelicSecurity.getAgent().getSecurityMetaData().removeCustomAttribute("HARVEST"); IastMonitoring.getInstance().incrementRequestHarvested(); @@ -95,6 +136,14 @@ public static void collectSampleIfHarvested() { } } + public static void registerTraceHarvested(String traceId) { + IastMonitoring.getInstance().incrementHarvestedTraceId(traceId); + } + + public static boolean eventQuotaReached(String traceId) { + return IastMonitoring.getInstance().getHarvestedTraceId().getOrDefault(traceId, 0) >= 100; + } + public static boolean shouldProcessInterception() { if(AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoring()) { return IastMonitoring.getInstance().getHarvestActive() && NewRelicSecurity.getAgent().getSecurityMetaData().customAttributeContainsKey("HARVEST") && NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("HARVEST", Boolean.class); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index 477dbe86c..15661a4d5 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -257,6 +257,7 @@ private void startSecurityServices() { 30 , 30, TimeUnit.SECONDS); SchedulerHelper.getInstance().scheduleDailyLogRollover(LogFileHelper::performDailyRollover); SchedulerHelper.getInstance().scheduleSampling(IastMonitoring::sampleData, 0, 5, TimeUnit.SECONDS); + SchedulerHelper.getInstance().scheduleSampling(IastMonitoring::resetEventSampler, 0, 6, TimeUnit.HOURS); logger.logInit( LogLevel.INFO, String.format(STARTED_MODULE_LOG, AgentServices.HealthCheck.name()), @@ -452,6 +453,12 @@ public void registerOperation(AbstractOperation operation) { operation.setUserClassEntity(setUserClassEntity(operation, securityMetaData)); } processStackTrace(operation); + + IastMonitoring.registerTraceHarvested(operation.getApiID()); + if(IastMonitoring.eventQuotaReached(operation.getApiID())){ + return; + } + // boolean blockNeeded = checkIfBlockingNeeded(operation.getApiID()); // securityMetaData.getMetaData().setApiBlocked(blockNeeded); HttpRequest request = securityMetaData.getRequest(); From eac82d8057e6798bc1b7c1677acce4416b281ebb Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Wed, 13 Nov 2024 10:09:58 +0530 Subject: [PATCH 05/11] Remove URL based sampling --- .../iast/monitoring/IastMonitoring.java | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java index 05a6ff582..96dd6731a 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java @@ -23,7 +23,6 @@ public class IastMonitoring { private final AtomicInteger requestHarvested = new AtomicInteger(); private Map harvestedTraceId = new ConcurrentHashMap<>(); - private Map harvestedAPI = new ConcurrentHashMap<>(); private static final class InstanceHolder { @@ -85,14 +84,6 @@ public void incrementHarvestedTraceId(String traceId) { harvestedTraceId.put(traceId, harvestedTraceId.getOrDefault(traceId, 0) + 1); } - public Map getHarvestedAPI() { - return harvestedAPI; - } - - public void incrementHarvestedAPI(String api) { - harvestedAPI.put(api, harvestedAPI.getOrDefault(api, 0) + 1); - } - public static void sampleData() { logger.log( LogLevel.FINEST, String.format("following are the harvested APIs in last harvest cycle : %s", IastMonitoring.getInstance().getHarvestedAPI()), IastMonitoring.class.getName()); if(IastMonitoring.getInstance().getHarvestCycleCount() % 12 == 0){ @@ -102,13 +93,11 @@ public static void sampleData() { IastMonitoring.getInstance().setRemainingHarvestRequests(IastMonitoring.getInstance().getRemainingHarvestRequests() + 5); IastMonitoring.getInstance().setRequestHarvested(0); IastMonitoring.getInstance().incrementHarvestCycleCount(); - IastMonitoring.getInstance().getHarvestedAPI().clear(); logger.log( LogLevel.FINEST, String.format("IAST Monitoring: Sampling of Data Started for cycle %s can harvest %s requests", IastMonitoring.getInstance().getHarvestCycleCount(), IastMonitoring.getInstance().getRemainingHarvestRequests()), IastMonitoring.class.getName()); } public static void resetEventSampler() { IastMonitoring.getInstance().setRemainingHarvestRequests(0); - IastMonitoring.getInstance().getHarvestedAPI().clear(); IastMonitoring.getInstance().getHarvestedTraceId().clear(); logger.log( LogLevel.FINEST, String.format("IAST Monitoring: Sampling of Data Stopped for cycle %s", IastMonitoring.getInstance().getHarvestCycleCount()), IastMonitoring.class.getName()); } @@ -117,13 +106,6 @@ public static void resetEventSampler() { public static void collectSampleIfHarvested() { if(AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().get()) { - if(NewRelicSecurity.getAgent().getSecurityMetaData() != null) { - SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if(StringUtils.isNotBlank(securityMetaData.getRequest().getUrl())){ - IastMonitoring.getInstance().incrementHarvestedAPI(securityMetaData.getRequest().getUrl()); - } - } - AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getHarvesting().set(false); NewRelicSecurity.getAgent().getSecurityMetaData().removeCustomAttribute("HARVEST"); IastMonitoring.getInstance().incrementRequestHarvested(); From f58c823228301141dccf7b2a274b6ebd4c113dda Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Wed, 13 Nov 2024 10:48:40 +0530 Subject: [PATCH 06/11] Randomized sampling with RXSS and error reporting disabled --- .../java/java/lang/Exception_Instrumentation.java | 3 ++- .../java/com/newrelic/agent/security/AgentConfig.java | 1 + .../intcodeagent/iast/monitoring/IastMonitoring.java | 11 +++++++++-- .../java/com/newrelic/api/agent/security/Agent.java | 3 ++- .../newrelic/api/agent/security/NewRelicSecurity.java | 4 ++++ .../newrelic/api/agent/security/NewRelicSecurity.java | 4 ++++ .../instrumentation/helpers/ServletHelper.java | 2 +- 7 files changed, 23 insertions(+), 5 deletions(-) diff --git a/instrumentation-security/exception-handler/src/main/java/java/lang/Exception_Instrumentation.java b/instrumentation-security/exception-handler/src/main/java/java/lang/Exception_Instrumentation.java index 16e8cd7c6..129ca7526 100644 --- a/instrumentation-security/exception-handler/src/main/java/java/lang/Exception_Instrumentation.java +++ b/instrumentation-security/exception-handler/src/main/java/java/lang/Exception_Instrumentation.java @@ -1,6 +1,7 @@ package java.lang; import com.newrelic.api.agent.security.NewRelicSecurity; +import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.weaver.MatchType; import com.newrelic.api.agent.weaver.Weave; import com.newrelic.api.agent.weaver.WeaveAllConstructors; @@ -10,7 +11,7 @@ public class Exception_Instrumentation extends Throwable { @WeaveAllConstructors public Exception_Instrumentation() { - if (NewRelicSecurity.isHookProcessingActive()) { + if (!StringUtils.equals(NewRelicSecurity.getSecurityMode(), "IAST_MONITORING") && NewRelicSecurity.isHookProcessingActive()) { Boolean skipException = NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("SKIP_EXCEPTION_HANDLER", Boolean.class); if (skipException == null || !skipException) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute("ENDMOST_EXCEPTION", this); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java index 57108d576..dad067986 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java @@ -187,6 +187,7 @@ private void readIastMonitoringConfig() { this.agentMode.getRaspScan().setEnabled(false); this.agentMode.getIastScan().setRestricted(false); this.agentMode.getIastScan().setMonitoring(true); + this.agentMode.getSkipScan().getIastDetectionCategory().setRxssEnabled(true); } private void readSkipScan() throws RestrictionModeException { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java index 96dd6731a..02ccd1988 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java @@ -8,6 +8,7 @@ import com.newrelic.api.agent.security.utils.logging.LogLevel; import org.apache.commons.lang3.StringUtils; +import java.security.SecureRandom; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.atomic.AtomicBoolean; @@ -22,7 +23,14 @@ public class IastMonitoring { private final AtomicInteger remainingHarvestRequests = new AtomicInteger(); private final AtomicInteger requestHarvested = new AtomicInteger(); - private Map harvestedTraceId = new ConcurrentHashMap<>(); + private final Map harvestedTraceId = new ConcurrentHashMap<>(); + private static final SecureRandom secureRandom = new SecureRandom(); + + + public static boolean transactionSelected() { + int randomNumber = secureRandom.nextInt(5); + return randomNumber == 0; + } private static final class InstanceHolder { @@ -85,7 +93,6 @@ public void incrementHarvestedTraceId(String traceId) { } public static void sampleData() { - logger.log( LogLevel.FINEST, String.format("following are the harvested APIs in last harvest cycle : %s", IastMonitoring.getInstance().getHarvestedAPI()), IastMonitoring.class.getName()); if(IastMonitoring.getInstance().getHarvestCycleCount() % 12 == 0){ IastMonitoring.getInstance().setRemainingHarvestRequests(0); } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index 15661a4d5..1c2fdfc2d 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -1125,7 +1125,8 @@ public void dispatcherTransactionStarted() { } private void startHarvest(Transaction transaction) { - if(transaction == null || !(transaction.getSecurityMetaData() instanceof SecurityMetaData)) { + + if(!IastMonitoring.transactionSelected() || transaction == null || !(transaction.getSecurityMetaData() instanceof SecurityMetaData)) { return; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java index 7da12a19f..492cf5039 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java @@ -48,4 +48,8 @@ public static boolean isInternalThread(){ return StringUtils.startsWithAny(Thread.currentThread().getName(), "NR-CSEC", "New Relic", "NewRelic", "Newrelic"); } + + public static String getSecurityMode() { + return AgentConfig.getInstance().getAgentMode().getMode(); + } } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java index ae1943433..6b770bad8 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java @@ -40,4 +40,8 @@ public static boolean isHookProcessingActive(){ * Marks the end of agent init. Hooks can now be processed. */ public static void markAgentAsInitialised(){} + + public static String getSecurityMode(){ + return "IAST"; + } } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java index a6c57384e..a619133bc 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java @@ -240,7 +240,7 @@ public static void executeBeforeExitingTransaction() { } int responseCode = NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseCode(); - if(responseCode >= 500){ + if(responseCode >= 500 && !StringUtils.equals(NewRelicSecurity.getSecurityMode(), "IAST_MONITORING")){ Exception exception = NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("ENDMOST_EXCEPTION", Exception.class); NewRelicSecurity.getAgent().recordExceptions(NewRelicSecurity.getAgent().getSecurityMetaData(), exception); } From e762fb6ede3133225fccc64b56991d622267843e Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Thu, 14 Nov 2024 15:53:39 +0530 Subject: [PATCH 07/11] Instantiate mode --- .../src/main/java/com/newrelic/agent/security/AgentConfig.java | 1 + 1 file changed, 1 insertion(+) diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java index dad067986..8876e65e4 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java @@ -78,6 +78,7 @@ public class AgentConfig { private ScanControllers scanControllers = new ScanControllers(); private AgentConfig(){ + this.agentMode = new AgentMode(); } public long instantiate() throws RestrictionModeException { From d7b85c11ace3a85ad09de18134edb469fb321c40 Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Fri, 22 Nov 2024 17:31:40 +0530 Subject: [PATCH 08/11] Initial draft of SA to SE http communication --- .../newrelic/agent/security/AgentConfig.java | 22 +- .../newrelic/agent/security/AgentInfo.java | 3 +- .../instrumentator/dispatcher/Dispatcher.java | 2 +- .../IASTDataTransferRequestProcessor.java | 11 +- ...MonitorGrpcFuzzFailRequestQueueThread.java | 2 +- .../instrumentator/utils/AgentUtils.java | 10 +- .../utils/InstrumentationUtils.java | 5 +- .../httpclient/ApacheHttpClientWrapper.java | 25 +-- .../ApacheHttpExceptionWrapper.java | 4 +- .../apache/httpclient/ApacheProxyManager.java | 13 +- .../apache/httpclient/CommunicationApis.java | 20 +- .../apache/httpclient/ReconnectionST.java | 81 +++++++ .../apache/httpclient/SecurityClient.java | 205 ++++++++++++++++++ .../communication/ConnectionFactory.java | 68 ++++++ .../ControlCommandProcessor.java | 3 +- .../filelogging/FileLoggerThreadPool.java | 2 +- .../logging/HealthCheckScheduleThread.java | 6 +- .../models/IASTDataTransferRequest.java | 10 +- .../models/javaagent/AgentBasicInfo.java | 11 +- .../models/javaagent/LogMessage.java | 10 +- .../intcodeagent/utils/ConnectionUtils.java | 13 ++ .../utils/RuntimeErrorReporter.java | 2 +- .../intcodeagent/websocket/EventSendPool.java | 8 +- .../intcodeagent/websocket/EventSender.java | 13 +- .../intcodeagent/websocket/JsonConverter.java | 13 ++ .../intcodeagent/websocket/WSClient.java | 47 +++- .../websocket/WSReconnectionST.java | 3 +- .../newrelic/api/agent/security/Agent.java | 6 +- .../api/agent/security/NewRelicSecurity.java | 2 - .../security/schema/http/ReadResult.java | 2 +- .../security/schema/http/RequestLayout.java | 10 +- .../security/utils/ConnectionException.java | 11 + .../security/utils/SecurityConnection.java | 20 ++ 33 files changed, 583 insertions(+), 80 deletions(-) create mode 100644 newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ReconnectionST.java create mode 100644 newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/SecurityClient.java create mode 100644 newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/communication/ConnectionFactory.java create mode 100644 newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/ConnectionUtils.java create mode 100644 newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/ConnectionException.java create mode 100644 newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/SecurityConnection.java diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java index 8876e65e4..cd65e012d 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java @@ -142,6 +142,16 @@ public long triggerIAST() throws RestrictionModeException { } private void instantiateAgentMode(String groupName) throws RestrictionModeException { + try { + readScanSchedule(); + readSkipScan(); + } catch (RestrictionModeException e){ + System.err.println("[NR-CSEC-JA] Error while reading IAST Scan Configuration. Security will be disabled."); + NewRelic.getAgent().getLogger().log(Level.WARNING, "[NR-CSEC-JA] Error while reading IAST Scan Configuration. Security will be disabled. Message : {0}", e.getMessage()); + NewRelic.noticeError(e, Agent.getCustomNoticeErrorParameters(), true); + AgentInfo.getInstance().agentStatTrigger(false); + throw e; + } this.agentMode = new AgentMode(groupName); switch (groupName){ case IAST: @@ -169,17 +179,7 @@ private void instantiateAgentMode(String groupName) throws RestrictionModeExcept break; } - try { - readScanSchedule(); - readSkipScan(); - updateSkipScanParameters(); - } catch (RestrictionModeException e){ - System.err.println("[NR-CSEC-JA] Error while reading IAST Scan Configuration. Security will be disabled."); - NewRelic.getAgent().getLogger().log(Level.WARNING, "[NR-CSEC-JA] Error while reading IAST Scan Configuration. Security will be disabled. Message : {0}", e.getMessage()); - NewRelic.noticeError(e, Agent.getCustomNoticeErrorParameters(), true); - AgentInfo.getInstance().agentStatTrigger(false); - throw e; - } + updateSkipScanParameters(); logger.log(LogLevel.INFO, String.format("Security Agent Modes and Config : %s", agentMode), AgentConfig.class.getName()); } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentInfo.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentInfo.java index 596ce452f..b27b9fa5e 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentInfo.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentInfo.java @@ -4,6 +4,7 @@ import com.newrelic.agent.security.instrumentator.utils.AgentUtils; import com.newrelic.agent.security.instrumentator.utils.ApplicationInfoUtils; import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.agent.security.intcodeagent.models.collectorconfig.CollectorConfig; @@ -163,7 +164,7 @@ else if(StringUtils.isBlank(getLinkingMetadata().getOrDefault(INRSettingsKey.AGE else if (!AgentConfig.getInstance().isNRSecurityEnabled()) { logger.log(LogLevel.WARNING, "NewRelic security Agent INACTIVE!!! since security config is disabled.", AgentInfo.class.getName()); state = false; - } else if (!WSUtils.isConnected()) { + } else if (!ConnectionFactory.getInstance().getSecurityConnection().isConnected()) { logger.log(LogLevel.WARNING, "NewRelic security Agent INACTIVE!!! Can't connect with Security Engine.", AgentInfo.class.getName()); state = false; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java index df5fed065..a968fef92 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java @@ -109,7 +109,7 @@ public Dispatcher(ExitEventBean exitEventBean) { public Object call() throws Exception { try { if (this.exitEventBean != null) { - EventSendPool.getInstance().sendEvent(exitEventBean); + EventSendPool.getInstance().sendEvent(exitEventBean, "postExitEvent"); return null; } if (!firstEventSent.get()) { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java index 4832c2412..62affb99a 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java @@ -3,6 +3,8 @@ import com.newrelic.agent.security.AgentConfig; import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.util.IUtilConstants; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -58,12 +60,12 @@ private void task() { return; } - if (!WSClient.getInstance().isOpen()) { - logger.log(LogLevel.FINER, "IAST request processing deactivated due to websocket connection status.", IASTDataTransferRequestProcessor.class.getName()); + if (!ConnectionFactory.getInstance().getSecurityConnection().isConnected()) { + logger.log(LogLevel.FINER, "IAST request processing deactivated due to SE connection status.", IASTDataTransferRequestProcessor.class.getName()); return; } - if(WSUtils.getInstance().isReconnecting()) { + if(ConnectionFactory.getInstance().getSecurityConnection().isReconnecting()) { logger.log(LogLevel.FINER, "IAST request processing deactivated due to SE requested for reconnection..", IASTDataTransferRequestProcessor.class.getName()); return; } @@ -118,7 +120,8 @@ private void task() { pendingRequestIds.addAll(RestRequestThreadPool.getInstance().getPendingIds()); pendingRequestIds.addAll(GrpcClientRequestReplayHelper.getInstance().getPendingIds()); request.setPendingRequestIds(pendingRequestIds); - WSClient.getInstance().send(request.toString()); +// WSClient.getInstance().send(request.toString()); + SecurityClient.getInstance().send(request, "postAny"); } } catch (Throwable e) { logger.log(LogLevel.SEVERE, String.format(UNABLE_TO_SEND_IAST_DATA_REQUEST_DUE_TO_ERROR_S_S, e.toString(), e.getCause().toString()), this.getClass().getName()); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/MonitorGrpcFuzzFailRequestQueueThread.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/MonitorGrpcFuzzFailRequestQueueThread.java index 16473fd75..5b2b61e5d 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/MonitorGrpcFuzzFailRequestQueueThread.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/MonitorGrpcFuzzFailRequestQueueThread.java @@ -23,7 +23,7 @@ public void run() { FuzzRequestBean request = (FuzzRequestBean) fuzzFailMap.keySet().toArray()[0]; FuzzFailEvent fuzzFailEvent = new FuzzFailEvent(); fuzzFailEvent.setFuzzHeader(request.getHeaders().get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID)); - EventSendPool.getInstance().sendEvent(fuzzFailEvent); + EventSendPool.getInstance().sendEvent(fuzzFailEvent, "postFuzzFailEvent"); } catch (InterruptedException e) { } finally { future = commonExecutor.submit(runnable); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/AgentUtils.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/AgentUtils.java index a08ba5e68..d1cf91c50 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/AgentUtils.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/AgentUtils.java @@ -2,6 +2,7 @@ import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.httpclient.IASTDataTransferRequestProcessor; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; import com.newrelic.agent.security.intcodeagent.constants.AgentServices; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.websocket.WSUtils; @@ -399,9 +400,10 @@ public boolean applyPolicyOverrideIfApplicable() { logger.log(LogLevel.INFO, String.format(NR_POLICY_OVER_RIDE_IN_PLACE_UPDATED_POLICY_S, JsonConverter.toJSON(AgentUtils.getInstance().getAgentPolicy())), AgentUtils.class.getName()); try { - WSClient.getInstance().send(JsonConverter.toJSON(AgentUtils.getInstance().getAgentPolicy())); +// WSClient.getInstance().send(JsonConverter.toJSON(AgentUtils.getInstance().getAgentPolicy())); +// SecurityClient.getInstance().postAny(AgentUtils.getInstance().getAgentPolicy()); AgentUtils.getInstance().getStatusLogValues().put(POLICY_VERSION, AgentUtils.getInstance().getAgentPolicy().getVersion()); - EventSendPool.getInstance().sendEvent(AgentInfo.getInstance().getApplicationInfo()); + EventSendPool.getInstance().sendEvent(AgentInfo.getInstance().getApplicationInfo(), "postApplicationInfo"); return true; } catch (Throwable e) { logger.log(LogLevel.SEVERE, String.format(ERROR_WHILE_SENDING_UPDATED_POLICY_TO_REMOTE_S_S, e.getMessage(), e.getCause()), AgentUtils.class.getName()); @@ -426,7 +428,7 @@ public static boolean applyPolicy(AgentPolicy newPolicy) { logger.logInit(LogLevel.INFO, String.format(IAgentConstants.AGENT_POLICY_APPLIED_S, JsonConverter.toJSON(AgentUtils.getInstance().getAgentPolicy())), AgentUtils.class.getName()); AgentUtils.getInstance().getStatusLogValues().put(POLICY_VERSION, AgentUtils.getInstance().getAgentPolicy().getVersion()); - EventSendPool.getInstance().sendEvent(AgentInfo.getInstance().getApplicationInfo()); + EventSendPool.getInstance().sendEvent(AgentInfo.getInstance().getApplicationInfo(), "postApplicationInfo"); return true; } catch (Throwable e) { @@ -659,6 +661,6 @@ public static void sendApplicationURLMappings() { ApplicationURLMappings applicationURLMappings = new ApplicationURLMappings(URLMappingsHelper.getApplicationURLMappings()); applicationURLMappings.setApplicationUUID(AgentInfo.getInstance().getApplicationUUID()); logger.logInit(LogLevel.INFO, String.format("Collected application url mappings %s", applicationURLMappings), Agent.class.getName()); - EventSendPool.getInstance().sendEvent(applicationURLMappings); + EventSendPool.getInstance().sendEvent(applicationURLMappings, "postApplicationURLMappings"); } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/InstrumentationUtils.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/InstrumentationUtils.java index e7c8017b3..4c92f5bd9 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/InstrumentationUtils.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/InstrumentationUtils.java @@ -3,6 +3,7 @@ import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.dispatcher.DispatcherPool; import com.newrelic.agent.security.instrumentator.os.OsVariablesInstance; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.controlcommand.ControlCommandProcessorThreadPool; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.schedulers.FileCleaner; @@ -58,7 +59,7 @@ public static void shutdownLogic() { ShutDownEvent shutDownEvent = new ShutDownEvent(); shutDownEvent.setApplicationUUID(AgentInfo.getInstance().getApplicationUUID()); shutDownEvent.setStatus(IAgentConstants.TERMINATING); - EventSendPool.getInstance().sendEvent(shutDownEvent); + EventSendPool.getInstance().sendEvent(shutDownEvent, "postShutDown"); logger.log(LogLevel.INFO, IAgentConstants.SHUTTING_DOWN_WITH_STATUS + shutDownEvent, InstrumentationUtils.class.getName()); TimeUnit.SECONDS.sleep(1); } catch (Throwable e) { @@ -66,7 +67,7 @@ public static void shutdownLogic() { InstrumentationUtils.class.getName()); } try { - WSClient.getInstance().close(); + ConnectionFactory.getInstance().getSecurityConnection().close("IAST agent shutting down"); } catch (Throwable e) { } try { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java index 7e9cac4a7..1b8840f15 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpClientWrapper.java @@ -185,22 +185,14 @@ private HttpContext createContext() { return proxyManager.updateContext(HttpClientContext.create()); } - public ReadResult execute(String api, List pathParams, Map queryParams, + public ReadResult execute(RequestLayout requestLayout, List pathParams, Map queryParams, Map headers, byte[] body) throws IOException, URISyntaxException { - RequestLayout requestLayout = null; - try { - requestLayout = getRequestConfigurations(api); - } catch (ApacheHttpExceptionWrapper e) { - logger.log(LogLevel.WARNING, "Error while getting request configurations for API: " + api, ApacheHttpClientWrapper.class.getName()); - logger.postLogMessageIfNecessary(LogLevel.WARNING, "Error while getting request configurations for API: " + api, e, ApacheHttpClientWrapper.class.getName()); - return null; - } HttpUriRequest request; try { request = buildHttpRequest(requestLayout, pathParams, queryParams, headers, body); } catch (ApacheHttpExceptionWrapper e) { - logger.log(LogLevel.WARNING, "Error while building request for API: " + api + "with content requestLayout : " + requestLayout +" pathParams: "+ pathParams+" queryParams: "+ queryParams+" headers: "+ headers+" body: "+ Arrays.toString(body), ApacheHttpClientWrapper.class.getName()); - logger.postLogMessageIfNecessary(LogLevel.WARNING, "Error while building request for API: " + api + "with content requestLayout : " + requestLayout +" pathParams: "+ pathParams+" queryParams: "+ queryParams+" headers: "+ headers+" body: "+ Arrays.toString(body), e, ApacheHttpClientWrapper.class.getName()); + logger.log(LogLevel.WARNING, "Error while building request for API: " + requestLayout.getApi() + "with content requestLayout : " + requestLayout +" pathParams: "+ pathParams+" queryParams: "+ queryParams+" headers: "+ headers+" body: "+ Arrays.toString(body), ApacheHttpClientWrapper.class.getName()); + logger.postLogMessageIfNecessary(LogLevel.WARNING, "Error while building request for API: " + requestLayout.getApi() + "with content requestLayout : " + requestLayout +" pathParams: "+ pathParams+" queryParams: "+ queryParams+" headers: "+ headers+" body: "+ Arrays.toString(body), e, ApacheHttpClientWrapper.class.getName()); return null; } logger.log(LogLevel.FINEST, "Executing request: " + request, ApacheHttpClientWrapper.class.getName()); @@ -285,7 +277,9 @@ private HttpUriRequest buildHttpRequest(RequestLayout requestLayout, List quer return builder.build(); } - private RequestLayout getRequestConfigurations(String api) throws ApacheHttpExceptionWrapper { - if(StringUtils.isBlank(api)){ - throw new ApacheHttpExceptionWrapper("Unsupported API"); - } - return CommunicationApis.get(api); - } - private ReadResult mapResponseToResult(HttpResponse response) throws IOException, ApacheHttpExceptionWrapper { StatusLine statusLine = response.getStatusLine(); if (statusLine == null) { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpExceptionWrapper.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpExceptionWrapper.java index 8a267aa33..2239683e1 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpExceptionWrapper.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheHttpExceptionWrapper.java @@ -1,6 +1,8 @@ package com.newrelic.agent.security.intcodeagent.apache.httpclient; -public class ApacheHttpExceptionWrapper extends Exception { +import com.newrelic.api.agent.security.utils.ConnectionException; + +public class ApacheHttpExceptionWrapper extends ConnectionException { public ApacheHttpExceptionWrapper(String message) { super(message); } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheProxyManager.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheProxyManager.java index 23b818a18..d9e8817e1 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheProxyManager.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ApacheProxyManager.java @@ -1,6 +1,7 @@ package com.newrelic.agent.security.intcodeagent.apache.httpclient; -import com.newrelic.api.agent.Logger; +import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.api.agent.security.utils.logging.LogLevel; import org.apache.http.HttpHost; import org.apache.http.auth.AuthScope; import org.apache.http.auth.Credentials; @@ -16,13 +17,11 @@ public class ApacheProxyManager { private final HttpHost proxy; private final Credentials proxyCredentials; - private final Logger logger; - - public ApacheProxyManager(String proxyHost, Integer proxyPort, String proxyScheme, String proxyUser, String proxyPassword, Logger logger) { - this.logger = logger; + private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); + public ApacheProxyManager(String proxyHost, Integer proxyPort, String proxyScheme, String proxyUser, String proxyPassword) { if (proxyHost != null && proxyPort != null) { - logger.log(Level.FINE, MessageFormat.format("Using proxy host {0}:{1}", proxyHost, Integer.toString(proxyPort))); + logger.log(LogLevel.FINE, MessageFormat.format("Using proxy host {0}:{1}", proxyHost, Integer.toString(proxyPort)), ApacheProxyManager.class.getName()); proxy = new HttpHost(proxyHost, proxyPort, proxyScheme); proxyCredentials = getProxyCredentials(proxyUser, proxyPassword); } else { @@ -33,7 +32,7 @@ public ApacheProxyManager(String proxyHost, Integer proxyPort, String proxySchem private Credentials getProxyCredentials(final String proxyUser, final String proxyPass) { if (proxyUser != null && proxyPass != null) { - logger.log(Level.INFO, MessageFormat.format("Setting Proxy Authenticator for user {0}", proxyUser)); + logger.log(LogLevel.INFO, MessageFormat.format("Setting Proxy Authenticator for user {0}", proxyUser), ApacheProxyManager.class.getName()); return new UsernamePasswordCredentials(proxyUser, proxyPass); } return null; diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java index b5da47524..d04115bee 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java @@ -9,17 +9,33 @@ public class CommunicationApis { public static final String GET_POLICY = "getPolicy"; + public static final String POST_EVENT = "postEvent"; + public static final String POST_HEALTH_CHECK = "postHealthCheck"; + public static final String GET_HEALTH_CHECK = "getHealthCheck"; + public static final String POST_IAST_DATA_REQUEST = "postIastDataRequest"; + public static final String POST_APPLICATION_INFO = "postApplicationInfo"; + public static final String PING = "ping"; + + public static final String POS_ANY = "postAny"; public static final Map REQUEST_CONFIG = Collections.unmodifiableMap( new HashMap() {{ - put(GET_POLICY, new RequestLayout(GET_POLICY)); + put(GET_POLICY, new RequestLayout(GET_POLICY, "GET", "/v1/policies", "application/json", "utf-8")); + put(POST_EVENT, new RequestLayout(POST_EVENT, "POST", "/v1/events", "application/json", "gzip")); + put(POST_HEALTH_CHECK, new RequestLayout(POST_HEALTH_CHECK, "POST", "/v1/healthcheck", "application/json", "gzip")); + put(GET_HEALTH_CHECK, new RequestLayout(GET_HEALTH_CHECK, "GET", "/v1/healthcheck", "application/json", "utf-8")); + put(POST_IAST_DATA_REQUEST, new RequestLayout(POST_IAST_DATA_REQUEST, "POST", "/v1/iast/data-request", "application/json", "gzip")); + put(POST_APPLICATION_INFO, new RequestLayout(POST_APPLICATION_INFO, "POST", "/v1/application-info", "application/json", "gzip")); + put(PING, new RequestLayout(PING, "GET", "/v1/ping", "application/json", "utf-8")); + + put(POS_ANY, new RequestLayout(POS_ANY, "POST", "/v1/any", "application/json", "utf-8")); }} ); public static RequestLayout get(String api) { RequestLayout result = REQUEST_CONFIG.get(api); if(result == null) { - //TODO throw exception + throw new IllegalArgumentException("Unknown API: " + api); } return result; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ReconnectionST.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ReconnectionST.java new file mode 100644 index 000000000..a5c185e42 --- /dev/null +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/ReconnectionST.java @@ -0,0 +1,81 @@ +package com.newrelic.agent.security.intcodeagent.apache.httpclient; + +import com.newrelic.agent.security.AgentInfo; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; +import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.agent.security.intcodeagent.utils.CommonUtils; +import com.newrelic.api.agent.security.utils.logging.LogLevel; + +import java.util.concurrent.*; +import java.util.concurrent.atomic.AtomicInteger; + +public class ReconnectionST { + + private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); + + private static ScheduledExecutorService scheduledService; + + private ScheduledFuture futureTask; + + private static class InstanceHolder { + private static final ReconnectionST INSTANCE = new ReconnectionST(); + } + + public static ReconnectionST getInstance() { + return InstanceHolder.INSTANCE; + } + + private ReconnectionST() { + instantiateScheduler(); + } + + private Runnable runnable = new Runnable() { + @Override + public void run() { + try { + AgentInfo.getInstance().getJaHealthCheck().getSchedulerRuns().incrementWebsocketReconnector(); + if (!SecurityClient.getInstance().isConnected()) { + logger.log(LogLevel.INFO, "Http is marked disconnected, reconnecting ...", ReconnectionST.class.getName()); + ConnectionFactory.getInstance().getSecurityConnection().ping(); + } + } catch (Throwable t){ + logger.log(LogLevel.SEVERE, "Error while Http reconnection : " + t.getMessage() + " : " + t.getCause(), ReconnectionST.class.getName()); + logger.log(LogLevel.FINER, "Error while Http reconnection", t, ReconnectionST.class.getName()); + logger.postLogMessageIfNecessary(LogLevel.SEVERE, "Error while Http reconnection : " + t.getMessage() + " : " + t.getCause(), t, ReconnectionST.class.getName()); + } finally { + submitNewTaskSchedule(); + } + } + }; + + private void instantiateScheduler() { + scheduledService = Executors.newSingleThreadScheduledExecutor(new ThreadFactory() { + private final AtomicInteger threadNumber = new AtomicInteger(1); + + @Override + public Thread newThread(Runnable r) { + return new Thread(Thread.currentThread().getThreadGroup(), r, + "HttpReconnectionST_" + threadNumber.getAndIncrement()); + } + }); + } + + public void submitNewTaskSchedule() { + int delay = CommonUtils.generateSecureRandomBetween(5, 15); + futureTask = scheduledService.schedule(runnable, delay, TimeUnit.SECONDS); + } + + public void cancelTask() { + if(futureTask != null) { + futureTask.cancel(false); + } + } + + public void shutdown() { + if(scheduledService != null) { + scheduledService.shutdown(); + } + } + + +} diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/SecurityClient.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/SecurityClient.java new file mode 100644 index 000000000..5373193be --- /dev/null +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/SecurityClient.java @@ -0,0 +1,205 @@ +package com.newrelic.agent.security.intcodeagent.apache.httpclient; + +import com.newrelic.agent.security.AgentConfig; +import com.newrelic.agent.security.AgentInfo; +import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey; +import com.newrelic.agent.security.intcodeagent.websocket.EventSendPool; +import com.newrelic.agent.security.intcodeagent.websocket.EventSender; +import com.newrelic.api.agent.security.utils.ConnectionException; +import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.agent.security.util.IUtilConstants; +import com.newrelic.api.agent.NewRelic; +import com.newrelic.api.agent.security.schema.http.ReadResult; +import com.newrelic.api.agent.security.schema.http.RequestLayout; +import com.newrelic.api.agent.security.utils.SecurityConnection; +import com.newrelic.api.agent.security.utils.logging.LogLevel; +import org.apache.commons.lang3.StringUtils; +import org.json.simple.JSONStreamAware; +import org.json.simple.JSONValue; + +import javax.net.ssl.SSLContext; +import java.io.*; +import java.lang.management.ManagementFactory; +import java.net.URISyntaxException; +import java.nio.charset.StandardCharsets; +import java.util.HashMap; +import java.util.Map; +import java.util.zip.Deflater; +import java.util.zip.DeflaterOutputStream; +import java.util.zip.GZIPOutputStream; + +public class SecurityClient implements SecurityConnection { + + private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); + private ApacheHttpClientWrapper httpClient; + private boolean connected = false; + private final Map headers = new HashMap<>(); + private final String URL = NewRelic.getAgent().getConfig().getValue("security.validator_service_url", "wss://csec.nr-data.net"); + + public static final String DEFLATE_ENCODING = "deflate"; + public static final String GZIP_ENCODING = "gzip"; + private static final int COMPRESSION_LEVEL = Deflater.DEFAULT_COMPRESSION; + + public static final String PROXY_HOST = "proxy_host"; + public static final String PROXY_PASS = "proxy_password"; + public static final String PROXY_PORT = "proxy_port"; + public static final String PROXY_SCHEME = "proxy_scheme"; + public static final String PROXY_USER = "proxy_user"; + + public static final ReadResult unsupportedContent = new ReadResult(500, "Unsupported content type"); + private boolean reconnecting = false; + + private SecurityClient() { + SSLContext sslContext = ApacheSSLManager.createSSLContext(NewRelic.getAgent().getConfig().getValue(IUtilConstants.NR_SECURITY_CA_BUNDLE_PATH)); + String proxyHost = NewRelic.getAgent().getConfig().getValue(PROXY_HOST, null); + Integer proxyPort = NewRelic.getAgent().getConfig().getValue(PROXY_PORT, 8080); + String proxyScheme = NewRelic.getAgent().getConfig().getValue(PROXY_SCHEME, "https"); + String proxyUser = NewRelic.getAgent().getConfig().getValue(PROXY_USER, null); + String proxyPass = NewRelic.getAgent().getConfig().getValue(PROXY_PASS, null); + ApacheProxyManager proxyManager = new ApacheProxyManager( + proxyHost, proxyPort, proxyScheme, + proxyUser, proxyPass); + setConnectionHeaders(); + httpClient = new ApacheHttpClientWrapper(proxyManager, sslContext, 30000); + } + + private void setConnectionHeaders() { + this.headers.put("NR-CSEC-CONNECTION-TYPE", "LANGUAGE_COLLECTOR"); + this.headers.put("NR-AGENT-RUN-TOKEN", AgentInfo.getInstance().getLinkingMetadata().getOrDefault(INRSettingsKey.AGENT_RUN_ID_LINKING_METADATA, StringUtils.EMPTY)); + this.headers.put("NR-CSEC-ENTITY-GUID", AgentInfo.getInstance().getLinkingMetadata().getOrDefault(INRSettingsKey.NR_ENTITY_GUID, StringUtils.EMPTY)); + this.headers.put("NR-CSEC-ENTITY-NAME", AgentInfo.getInstance().getLinkingMetadata().getOrDefault(INRSettingsKey.ENTITY_NAME, StringUtils.EMPTY)); + this.headers.put("NR-LICENSE-KEY", AgentConfig.getInstance().getConfig().getCustomerInfo().getApiAccessorToken()); + this.headers.put("NR-CSEC-VERSION", AgentInfo.getInstance().getBuildInfo().getCollectorVersion()); + this.headers.put("NR-CSEC-COLLECTOR-TYPE", "JAVA"); + this.headers.put("NR-CSEC-BUILD-NUMBER", AgentInfo.getInstance().getBuildInfo().getBuildNumber()); + this.headers.put("NR-CSEC-MODE", AgentConfig.getInstance().getGroupName()); + this.headers.put("NR-CSEC-APP-UUID", AgentInfo.getInstance().getApplicationUUID()); + this.headers.put("NR-CSEC-JSON-VERSION", AgentInfo.getInstance().getBuildInfo().getJsonVersion()); + this.headers.put("NR-ACCOUNT-ID", AgentConfig.getInstance().getConfig().getCustomerInfo().getAccountId()); + this.headers.put("NR-CSEC-IAST-DATA-TRANSFER-MODE", "PULL"); + this.headers.put("NR-CSEC-IGNORED-VUL-CATEGORIES", AgentConfig.getInstance().getAgentMode().getSkipScan().getIastDetectionCategory().getDisabledCategoriesCSV()); + this.headers.put("NR-CSEC-PROCESS-START-TIME", String.valueOf(ManagementFactory.getRuntimeMXBean().getStartTime())); + this.headers.put("NR-CSEC-IAST-TEST-IDENTIFIER", AgentConfig.getInstance().getScanControllers().getIastTestIdentifier()); + this.headers.put("NR-CSEC-IAST-SCAN-INSTANCE-COUNT", String.valueOf(AgentConfig.getInstance().getScanControllers().getScanInstanceCount())); + } + + private static final class InstanceHolder { + static final SecurityClient instance = new SecurityClient(); + } + + public static SecurityClient getInstance() { + return InstanceHolder.instance; + } + + public void setConnected(boolean connected) { + this.connected = connected; + AgentInfo.getInstance().agentStatTrigger(false); + } + + public boolean isConnected() { + return this.connected; + } + + @Override + public boolean isReconnecting() { + return this.reconnecting; + } + + @Override + public void setReconnecting(boolean isReconnecting) { + this.reconnecting = isReconnecting; + } + + @Override + public ReadResult send(Object message, String api) throws ConnectionException { + if(message instanceof JSONStreamAware) { + return send((JSONStreamAware) message, api); + } else { + logger.log(LogLevel.WARNING, String.format("Unsupported message type %s", message.getClass().getName()), ApacheHttpClientWrapper.class.getName()); + logger.log(LogLevel.FINEST, String.format("Unsupported message type %s : %s", message.getClass().getName(), message), ApacheHttpClientWrapper.class.getName()); + return unsupportedContent; + } + } + + public ReadResult send(JSONStreamAware message, String api) throws ApacheHttpExceptionWrapper { + RequestLayout requestLayout = null; + try { + requestLayout = getRequestConfigurations(api); + requestLayout.setEndpoint(URL); + logger.log(LogLevel.FINEST, "Request configurations for API: " + api + " : " + requestLayout.getPath() + " body : "+message, ApacheHttpClientWrapper.class.getName()); + } catch (Exception e){ + logger.log(LogLevel.WARNING, "Error while getting request configurations for API: " + api, ApacheHttpClientWrapper.class.getName()); + logger.postLogMessageIfNecessary(LogLevel.WARNING, "Error while getting request configurations for API: " + api, e, ApacheHttpClientWrapper.class.getName()); + return null; + } + try { + byte[] body = null; + if(message != null) { + body = writeData(requestLayout.getContentEncoding(), message); + } + ReadResult result = httpClient.execute(requestLayout, null, null, headers, body); + logger.log(LogLevel.FINEST, "Response from " + api + ": " + result.getStatusCode() + " body: "+result.getResponseBody(), ApacheHttpClientWrapper.class.getName()); + return result; + } catch (Exception e) { + throw new ApacheHttpExceptionWrapper(e.getMessage(), e); + } + } + + @Override + public void close(String message) { + httpClient.shutdown(); + } + + @Override + public void ping() { + try { + ReadResult result = send((JSONStreamAware) null, "ping"); + if(result != null && result.getStatusCode() == 200) { + setConnected(true); + setReconnecting(false); + } else { + setConnected(false); + setReconnecting(true); + ReconnectionST.getInstance().cancelTask(); + ReconnectionST.getInstance().submitNewTaskSchedule(); + } + } catch (ConnectionException e) { + logger.log(LogLevel.SEVERE, "Error while pinging the security service: "+ e.getMessage(), ApacheHttpClientWrapper.class.getName()); + logger.log(LogLevel.FINEST, "Error while pinging the security service: ", e, ApacheHttpClientWrapper.class.getName()); + setConnected(false); + } + } + + public String getURL() { + return URL; + } + + private RequestLayout getRequestConfigurations(String api) throws ApacheHttpExceptionWrapper { + if(StringUtils.isBlank(api)){ + throw new ApacheHttpExceptionWrapper("Unsupported API"); + } + return CommunicationApis.get(api); + } + + private byte[] writeData(String encoding, JSONStreamAware params) throws IOException { + ByteArrayOutputStream outStream = new ByteArrayOutputStream(); + try ( + OutputStream os = getOutputStream(outStream, encoding); + Writer out = new OutputStreamWriter(os, StandardCharsets.UTF_8); + ) { + JSONValue.writeJSONString(params, out); + out.flush(); + } + return outStream.toByteArray(); + } + + private OutputStream getOutputStream(OutputStream out, String encoding) throws IOException { + if (DEFLATE_ENCODING.equals(encoding)) { + return new DeflaterOutputStream(out, new Deflater(COMPRESSION_LEVEL)); + } else if (GZIP_ENCODING.equals(encoding)) { + return new GZIPOutputStream(out); + } else { + return out; + } + } +} diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/communication/ConnectionFactory.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/communication/ConnectionFactory.java new file mode 100644 index 000000000..1383ca6ea --- /dev/null +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/communication/ConnectionFactory.java @@ -0,0 +1,68 @@ +package com.newrelic.agent.security.intcodeagent.communication; + +import com.newrelic.agent.security.AgentConfig; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; +import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.agent.security.intcodeagent.websocket.WSClient; +import com.newrelic.agent.security.intcodeagent.websocket.WSReconnectionST; +import com.newrelic.api.agent.NewRelic; +import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.utils.SecurityConnection; +import com.newrelic.api.agent.security.utils.logging.LogLevel; + +import java.net.URISyntaxException; + +public class ConnectionFactory { + + private SecurityConnection securityConnection; + + private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); + + private ConnectionFactory() { + /* + Priority Order + 1. Env + 2. Config + 3. Mode + * */ + + String connection = NewRelic.getAgent().getConfig().getValue("security.connection"); + if(StringUtils.isBlank(connection)) { + String mode = AgentConfig.getInstance().getAgentMode().getMode(); + if(StringUtils.equals("IAST_MONITORING", mode)){ + connection = "http"; + } else { + connection = "ws"; + } + } + + if(StringUtils.equals("http", connection)) { + securityConnection = SecurityClient.getInstance(); + } else { + try { + WSReconnectionST.getInstance().submitNewTaskSchedule(0); + securityConnection = WSClient.getInstance(); + } catch (URISyntaxException e) { + logger.log(LogLevel.SEVERE, "Error while creating WSClient", e, ConnectionFactory.class.getName()); + } + } + } + + static class InstanceHolder { + static final ConnectionFactory INSTANCE = new ConnectionFactory(); + } + + public static ConnectionFactory getInstance() { + return InstanceHolder.INSTANCE; + } + + public SecurityConnection getSecurityConnection() { + return securityConnection; + } + + public void setSecurityConnection(SecurityConnection securityConnection) { + this.securityConnection = securityConnection; + } + + +} diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java index e18da9551..0e765a61d 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java @@ -7,6 +7,7 @@ import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; import com.newrelic.agent.security.instrumentator.utils.AgentUtils; import com.newrelic.agent.security.instrumentator.utils.InstrumentationUtils; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.api.agent.NewRelic; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -229,7 +230,7 @@ public void run() { WSUtils.getInstance().setReconnecting(true); //TODO no need for draining IAST since last leg has complete ledger. logger.log(LogLevel.INFO, RECEIVED_WS_RECONNECT_COMMAND_FROM_SERVER_INITIATING_SEQUENCE, this.getClass().getName()); - WSClient.getInstance().close(CloseFrame.SERVICE_RESTART, "Reconnecting to service"); + ConnectionFactory.getInstance().getSecurityConnection().close("Reconnecting to service"); } catch (Throwable e) { logger.log(LogLevel.SEVERE, String.format(ERROR_WHILE_PROCESSING_RECONNECTION_CC_S_S, e.getMessage(), e.getCause()), this.getClass().getName()); logger.log(LogLevel.SEVERE, ERROR_WHILE_PROCESSING_RECONNECTION_CC, e, this.getClass().getName()); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/filelogging/FileLoggerThreadPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/filelogging/FileLoggerThreadPool.java index ffaef9139..1a57347a6 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/filelogging/FileLoggerThreadPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/filelogging/FileLoggerThreadPool.java @@ -188,7 +188,7 @@ private LogMessage postLogMessage(LogLevel logLevel, String messageString, Throw if (logLevel.getLevel() <= LogLevel.WARNING.getLevel()) { AgentUtils.getInstance().addStatusLogMostRecentErrors(JsonConverter.toJSON(message)); } - EventSendPool.getInstance().sendEvent(message); + EventSendPool.getInstance().sendEvent(message, "postCriticalMessage"); return message; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java index d501b7645..fa56eca8c 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java @@ -7,6 +7,8 @@ import com.newrelic.agent.security.instrumentator.os.OsVariablesInstance; import com.newrelic.agent.security.instrumentator.utils.AgentUtils; import com.newrelic.agent.security.intcodeagent.apache.httpclient.IastHttpClient; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.controlcommand.ControlCommandProcessorThreadPool; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.models.javaagent.ThreadPoolActiveStat; @@ -83,12 +85,12 @@ public void run() { AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementPendingControlCommandsBy(GrpcClientRequestReplayHelper.getInstance().getRequestQueue().size()); AgentUtils.getInstance().addStatusLogMostRecentHCs(AgentInfo.getInstance().getJaHealthCheck().toString()); // channel.write(ByteBuffer.wrap(new JAHealthCheck(AgentNew.JA_HEALTH_CHECK).toString().getBytes())); - if (WSClient.getInstance().isOpen()) { + if (ConnectionFactory.getInstance().getSecurityConnection().isConnected()) { synchronized (AgentInfo.getInstance().getJaHealthCheck()){ sendJaHealthCheck = new JAHealthCheck(AgentInfo.getInstance().getJaHealthCheck()); AgentInfo.getInstance().getJaHealthCheck().reset(); } - WSClient.getInstance().send(JsonConverter.toJSON(sendJaHealthCheck)); + ConnectionFactory.getInstance().getSecurityConnection().send(sendJaHealthCheck, "postAny"); } } catch (NullPointerException ex) { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java index f7ab3430d..a63f0f48f 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java @@ -3,12 +3,15 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.newrelic.agent.security.intcodeagent.websocket.JsonConverter; import org.apache.commons.lang3.StringUtils; +import org.json.simple.JSONStreamAware; +import java.io.IOException; +import java.io.Writer; import java.util.Map; import java.util.Set; @JsonIgnoreProperties(ignoreUnknown = true) -public class IASTDataTransferRequest { +public class IASTDataTransferRequest implements JSONStreamAware { private String jsonName = "iast-data-request"; private String applicationUUID; private String appAccountId; @@ -91,4 +94,9 @@ public String toString() { return StringUtils.EMPTY; } } + + @Override + public void writeJSONString(Writer out) throws IOException { + JsonConverter.writeValue(this, out); + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/AgentBasicInfo.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/AgentBasicInfo.java index c30926d0f..32aca8349 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/AgentBasicInfo.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/AgentBasicInfo.java @@ -5,10 +5,14 @@ import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.utils.AgentUtils; import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey; +import com.newrelic.agent.security.intcodeagent.websocket.JsonConverter; import com.newrelic.api.agent.NewRelic; import com.newrelic.api.agent.TraceMetadata; import org.apache.commons.lang3.StringUtils; +import org.json.simple.JSONStreamAware; +import java.io.IOException; +import java.io.Writer; import java.util.HashMap; import java.util.Map; @@ -18,7 +22,7 @@ /** * The Class AgentBasicInfo. */ -public class AgentBasicInfo { +public class AgentBasicInfo implements JSONStreamAware { private static final String SCAN_COMPONENT_DATA = "scanComponentData"; public static final String FETCH_POLICY = "fetchPolicy"; @@ -271,4 +275,9 @@ public String getApplicationUUID() { public void setApplicationUUID(String applicationUUID) { this.applicationUUID = applicationUUID; } + + @Override + public void writeJSONString(Writer out) throws IOException { + JsonConverter.writeValue(this, out); + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/LogMessage.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/LogMessage.java index 3e7886af7..97b36190f 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/LogMessage.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/LogMessage.java @@ -6,12 +6,15 @@ import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey; import com.newrelic.agent.security.intcodeagent.websocket.JsonConverter; import org.apache.commons.lang3.StringUtils; +import org.json.simple.JSONStreamAware; +import java.io.IOException; +import java.io.Writer; import java.time.Instant; import java.util.Map; @JsonIgnoreProperties(ignoreUnknown = true) -public class LogMessage { +public class LogMessage implements JSONStreamAware { private String jsonName = "critical-messages"; @@ -117,4 +120,9 @@ public void setAppEntityGuid(String appEntityGuid) { public String toString() { return JsonConverter.toJSON(this); } + + @Override + public void writeJSONString(Writer out) throws IOException { + JsonConverter.writeValue(this, out); + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/ConnectionUtils.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/ConnectionUtils.java new file mode 100644 index 000000000..4e6014b0a --- /dev/null +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/ConnectionUtils.java @@ -0,0 +1,13 @@ +package com.newrelic.agent.security.intcodeagent.utils; + +public class ConnectionUtils { + + private ConnectionUtils() { + } + + private static final class InstanceHolder { + static final ConnectionUtils instance = new ConnectionUtils(); + } + + +} diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/RuntimeErrorReporter.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/RuntimeErrorReporter.java index ed6e31310..61348f0bf 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/RuntimeErrorReporter.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/RuntimeErrorReporter.java @@ -36,7 +36,7 @@ public void clearErrors() { public void reportApplicationRuntimeError() { for (ApplicationRuntimeError applicationRuntimeError : errors.values()) { - EventSendPool.getInstance().sendEvent(applicationRuntimeError); + EventSendPool.getInstance().sendEvent(applicationRuntimeError, "postApplicationRuntimeError"); } errors.clear(); } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSendPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSendPool.java index 3da76083b..a42a75680 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSendPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSendPool.java @@ -3,6 +3,7 @@ import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.dispatcher.Dispatcher; import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.CommunicationApis; import com.newrelic.agent.security.intcodeagent.executor.CustomFutureTask; import com.newrelic.agent.security.intcodeagent.executor.CustomThreadPoolExecutor; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; @@ -13,6 +14,7 @@ import com.newrelic.agent.security.util.AgentUsageMetric; import com.newrelic.agent.security.util.IUtilConstants; import com.newrelic.api.agent.security.instrumentation.helpers.GrpcClientRequestReplayHelper; +import org.json.simple.JSONStreamAware; import java.util.concurrent.*; import java.util.concurrent.atomic.AtomicBoolean; @@ -98,12 +100,12 @@ public void sendEvent(JavaAgentEventBean event) { AgentInfo.getInstance().getJaHealthCheck().getEventStats().getDroppedDueTo().incrementRaspProcessingDeactivated(); return; } - executor.submit(new EventSender(event)); + executor.submit(new EventSender(event, CommunicationApis.POST_EVENT)); AgentInfo.getInstance().getJaHealthCheck().getEventStats().getEventSender().incrementSubmitted(); } - public void sendEvent(Object event) { - executor.submit(new EventSender(event)); + public void sendEvent(Object event, String api) { + executor.submit(new EventSender(event, api)); } public static void shutDownPool() { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSender.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSender.java index 889bd35e0..a87f76364 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSender.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSender.java @@ -1,6 +1,10 @@ package com.newrelic.agent.security.intcodeagent.websocket; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.models.javaagent.JavaAgentEventBean; +import com.newrelic.api.agent.security.utils.SecurityConnection; +import org.json.simple.JSONStreamAware; import java.util.concurrent.Callable; @@ -11,6 +15,8 @@ public class EventSender implements Callable { private Object event; + private String api; + public EventSender(String event) { this.event = event; } @@ -23,8 +29,9 @@ public Object getEvent() { return event; } - public EventSender(Object event) { + public EventSender(Object event, String api) { this.event = event; + this.api = api; } /** @@ -38,9 +45,7 @@ public Boolean call() throws Exception { if (event instanceof JavaAgentEventBean) { ((JavaAgentEventBean) event).setEventGenerationTime(System.currentTimeMillis()); } - if(WSUtils.isConnected()) { - WSClient.getInstance().send(JsonConverter.toJSON(event)); - } + ConnectionFactory.getInstance().getSecurityConnection().send(event, api); return true; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/JsonConverter.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/JsonConverter.java index 85f9b9d50..e116e6070 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/JsonConverter.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/JsonConverter.java @@ -1,6 +1,7 @@ package com.newrelic.agent.security.intcodeagent.websocket; import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; @@ -17,6 +18,8 @@ import org.json.simple.JSONArray; import org.json.simple.JSONObject; +import java.io.IOException; +import java.io.Writer; import java.lang.reflect.Field; import java.lang.reflect.Modifier; import java.util.ArrayList; @@ -76,6 +79,16 @@ public static String toJSONObjectMapper(Object obj) { } } + public static void writeValue(Object obj, Writer out) { + try { + JsonGenerator generator = mapper.getFactory().createGenerator(out); + mapper.writeValue(generator, obj); + } catch (IOException e) { + logger.log(LogLevel.SEVERE, "Error writing value", e, JsonConverter.class.getName()); + logger.postLogMessageIfNecessary(LogLevel.SEVERE, "Error writing value", e, JsonConverter.class.getName()); + } + } + public static String toJSONK2Impl(Object obj) { StringBuilder jsonString = new StringBuilder(STR_START_CUELY_BRACKET); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java index 849ab40ee..53ecedc11 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java @@ -11,6 +11,9 @@ import com.newrelic.agent.security.intcodeagent.exceptions.SecurityNoticeError; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.utils.ResourceUtils; +import com.newrelic.api.agent.security.schema.http.ReadResult; +import com.newrelic.api.agent.security.utils.ConnectionException; +import com.newrelic.api.agent.security.utils.SecurityConnection; import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.agent.security.intcodeagent.logging.IAgentConstants; import com.newrelic.agent.security.intcodeagent.utils.CommonUtils; @@ -43,7 +46,7 @@ import java.util.*; import java.util.concurrent.TimeUnit; -public class WSClient extends WebSocketClient { +public class WSClient extends WebSocketClient implements SecurityConnection { private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); public static final String SENDING_EVENT = "sending event: "; @@ -72,6 +75,8 @@ public class WSClient extends WebSocketClient { private WebSocketImpl connection = null; private Map noticeErrorCustomParameters = new HashMap<>(); + private final ReadResult DISCONNECTED = new ReadResult(500, "Disconnected"); + private final ReadResult SUCCESS = new ReadResult(200, "Success"); private SSLContext createSSLContext() throws Exception { @@ -349,7 +354,7 @@ public void onWebsocketPing(WebSocket conn, Framedata f) { * @return the instance * @throws URISyntaxException */ - public static WSClient getInstance() throws URISyntaxException, InterruptedException { + public static WSClient getInstance() throws URISyntaxException { if (instance == null) { instance = new WSClient(); } @@ -391,4 +396,42 @@ public static void shutDownWSClient(boolean clean, int frame, String message) { } } + @Override + public void setConnected(boolean connected) { + WSUtils.getInstance().setConnected(connected); + } + + @Override + public boolean isConnected() { + return WSUtils.getInstance().isConnected(); + } + + @Override + public boolean isReconnecting() { + return WSUtils.getInstance().isReconnecting(); + } + + @Override + public void setReconnecting(boolean isReconnecting) { + WSUtils.getInstance().setReconnecting(isReconnecting); + } + + @Override + public ReadResult send(Object message, String api) throws ConnectionException { + if(!isConnected()){ + return DISCONNECTED; + } + send(message.toString()); + return SUCCESS; + } + + @Override + public void close(String message) { + super.close(CloseFrame.NORMAL, message); + } + + @Override + public void ping() { + super.sendPing(); + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSReconnectionST.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSReconnectionST.java index ce55ac6e2..bac7f65f6 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSReconnectionST.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSReconnectionST.java @@ -1,6 +1,7 @@ package com.newrelic.agent.security.intcodeagent.websocket; import com.newrelic.agent.security.AgentInfo; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.agent.security.intcodeagent.logging.IAgentConstants; @@ -29,7 +30,7 @@ public void run() { AgentInfo.getInstance().getJaHealthCheck().getSchedulerRuns().incrementWebsocketReconnector(); if(!WSClient.getInstance().isOpen() || !WSUtils.isConnected()) { logger.log(LogLevel.INFO, "WS is marked disconnected, reconnecting ...", WSReconnectionST.class.getName()); - WSClient.reconnectWSClient(); + ConnectionFactory.getInstance().setSecurityConnection(WSClient.reconnectWSClient()); } } catch (Throwable e) { logger.log(LogLevel.SEVERE, ERROR_WHILE_WS_RECONNECTION + e.getMessage() + COLON_SEPARATOR + e.getCause(), WSClient.class.getName()); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index d3c28f033..d1ce7b5da 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -8,6 +8,8 @@ import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; import com.newrelic.agent.security.instrumentator.os.OsVariablesInstance; import com.newrelic.agent.security.instrumentator.utils.*; +import com.newrelic.agent.security.intcodeagent.apache.httpclient.SecurityClient; +import com.newrelic.agent.security.intcodeagent.communication.ConnectionFactory; import com.newrelic.agent.security.intcodeagent.constants.AgentServices; import com.newrelic.agent.security.intcodeagent.constants.HttpStatusCodes; import com.newrelic.agent.security.intcodeagent.controlcommand.ControlCommandProcessor; @@ -263,7 +265,7 @@ private void startSecurityServices() { String.format(STARTED_MODULE_LOG, AgentServices.HealthCheck.name()), Agent.class.getName() ); - WSReconnectionST.getInstance().submitNewTaskSchedule(0); + ConnectionFactory.getInstance().getSecurityConnection().ping(); EventSendPool.getInstance(); ControlCommandProcessorThreadPool.getInstance(); logger.logInit( @@ -991,7 +993,7 @@ public void reportIASTScanFailure(SecurityMetaData securityMetaData, String apiI } IASTReplayFailure replayFailure = new IASTReplayFailure(apiId, nrCsecFuzzRequestId, controlCommandId, failureMessage, message); IASTScanFailure scanFailure = new IASTScanFailure(replayFailure, metaData); - EventSendPool.getInstance().sendEvent(scanFailure); + EventSendPool.getInstance().sendEvent(scanFailure, "postScanFailure"); } } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java index 6b770bad8..29c8cf810 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NewRelicSecurity.java @@ -7,8 +7,6 @@ package com.newrelic.api.agent.security; -import java.lang.reflect.Method; - /** * The New Relic Security API. Consumers of this API should add the newrelic-security-api.jar to their classpath. The static methods of * this class form the Security Agent's basic Java API. Use {@link NewRelicSecurity#getAgent} to obtain the root of a hierarchy of diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/ReadResult.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/ReadResult.java index 92f6efd4f..775337376 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/ReadResult.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/ReadResult.java @@ -4,7 +4,7 @@ public class ReadResult { private final int statusCode; private final String responseBody; - ReadResult(int statusCode, String responseBody) { + public ReadResult(int statusCode, String responseBody) { this.statusCode = statusCode; this.responseBody = responseBody; } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/RequestLayout.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/RequestLayout.java index 4d04bad01..8e5b84b37 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/RequestLayout.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/http/RequestLayout.java @@ -3,16 +3,18 @@ public class RequestLayout { private String api; - private String method; - private String endpoint; private String path; private String contentType; private String contentEncoding; - public RequestLayout(String api) { - this.api = api; + public RequestLayout(String postEvent, String post, String path, String contentType, String contentEncoding) { + this.api = postEvent; + this.method = post; + this.path = path; + this.contentType = contentType; + this.contentEncoding = contentEncoding; } public String getApi() { diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/ConnectionException.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/ConnectionException.java new file mode 100644 index 000000000..d9cd7468b --- /dev/null +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/ConnectionException.java @@ -0,0 +1,11 @@ +package com.newrelic.api.agent.security.utils; + +public class ConnectionException extends Exception { + public ConnectionException(String message) { + super(message); + } + + public ConnectionException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/SecurityConnection.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/SecurityConnection.java new file mode 100644 index 000000000..2c43bb072 --- /dev/null +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/utils/SecurityConnection.java @@ -0,0 +1,20 @@ +package com.newrelic.api.agent.security.utils; + +import com.newrelic.api.agent.security.schema.http.ReadResult; + +public interface SecurityConnection { + + public void setConnected(boolean connected); + + public boolean isConnected(); + + public boolean isReconnecting(); + + public void setReconnecting(boolean isReconnecting); + + public ReadResult send(Object message, String api) throws ConnectionException; + + public void close(String message); + + public void ping(); +} From 2d034bbc6a458465cc3e52fd04a3ee97e7254c37 Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Tue, 26 Nov 2024 15:16:19 +0530 Subject: [PATCH 09/11] Apply IAST monitoring configurations --- .../newrelic/agent/security/AgentConfig.java | 25 +++++++++++----- .../apache/httpclient/CommunicationApis.java | 2 ++ .../iast/monitoring/IastMonitoring.java | 22 ++++++++++++-- .../schedulers/SchedulerHelper.java | 16 ++++++++++ .../agent/security/util/IUtilConstants.java | 4 +++ .../newrelic/api/agent/security/Agent.java | 3 +- .../schema/policy/MonitoringMode.java | 30 +++++++++++++++---- 7 files changed, 87 insertions(+), 15 deletions(-) diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java index cd65e012d..fbb62850e 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/AgentConfig.java @@ -142,6 +142,8 @@ public long triggerIAST() throws RestrictionModeException { } private void instantiateAgentMode(String groupName) throws RestrictionModeException { + //Initialise agent mode + this.agentMode = new AgentMode(groupName); try { readScanSchedule(); readSkipScan(); @@ -152,7 +154,6 @@ private void instantiateAgentMode(String groupName) throws RestrictionModeExcept AgentInfo.getInstance().agentStatTrigger(false); throw e; } - this.agentMode = new AgentMode(groupName); switch (groupName){ case IAST: readIastConfig(); @@ -183,12 +184,22 @@ private void instantiateAgentMode(String groupName) throws RestrictionModeExcept logger.log(LogLevel.INFO, String.format("Security Agent Modes and Config : %s", agentMode), AgentConfig.class.getName()); } - private void readIastMonitoringConfig() { - this.agentMode.getIastScan().setEnabled(false); - this.agentMode.getRaspScan().setEnabled(false); - this.agentMode.getIastScan().setRestricted(false); - this.agentMode.getIastScan().setMonitoring(true); - this.agentMode.getSkipScan().getIastDetectionCategory().setRxssEnabled(true); + private void readIastMonitoringConfig() throws RestrictionModeException { + try { + this.agentMode.getIastScan().setEnabled(false); + this.agentMode.getRaspScan().setEnabled(false); + this.agentMode.getIastScan().setRestricted(false); + this.agentMode.getIastScan().setMonitoring(true); + this.agentMode.getIastScan().getMonitoringMode().setMaxEventQuota(NewRelic.getAgent().getConfig().getValue(MONITORING_CRITERIA_MAX_EVENT_QUOTA, 100)); + this.agentMode.getIastScan().getMonitoringMode().setEventQuotaTimeDuration(NewRelic.getAgent().getConfig().getValue(MONITORING_CRITERIA_EVENT_QUOTA_PER_TRACE, 360)); + this.agentMode.getIastScan().getMonitoringMode().setRepeat(NewRelic.getAgent().getConfig().getValue(MONITORING_CRITERIA_REPEAT, 0)); + this.agentMode.getSkipScan().getIastDetectionCategory().setRxssEnabled(true); + } catch (ClassCastException | NumberFormatException e){ + System.err.println("[NR-CSEC-JA] Error while reading IAST Monitoring Configuration. Security will be disabled."); + NewRelic.getAgent().getLogger().log(Level.WARNING, "[NR-CSEC-JA] Error while reading IAST Monitoring Configuration. Security will be disabled."); + NewRelic.noticeError(e, Agent.getCustomNoticeErrorParameters(), true); + throw new RestrictionModeException(INVALID_SECURITY_CONFIGURATION + "for IAST Monitoring " + e.getMessage(), e); + } } private void readSkipScan() throws RestrictionModeException { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java index d04115bee..f71cfc43e 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/CommunicationApis.java @@ -14,6 +14,7 @@ public class CommunicationApis { public static final String GET_HEALTH_CHECK = "getHealthCheck"; public static final String POST_IAST_DATA_REQUEST = "postIastDataRequest"; public static final String POST_APPLICATION_INFO = "postApplicationInfo"; + public static final String POST_CRITICAL_MESSAGE = "postCriticalMessage"; public static final String PING = "ping"; public static final String POS_ANY = "postAny"; @@ -26,6 +27,7 @@ public class CommunicationApis { put(GET_HEALTH_CHECK, new RequestLayout(GET_HEALTH_CHECK, "GET", "/v1/healthcheck", "application/json", "utf-8")); put(POST_IAST_DATA_REQUEST, new RequestLayout(POST_IAST_DATA_REQUEST, "POST", "/v1/iast/data-request", "application/json", "gzip")); put(POST_APPLICATION_INFO, new RequestLayout(POST_APPLICATION_INFO, "POST", "/v1/application-info", "application/json", "gzip")); + put(POST_CRITICAL_MESSAGE, new RequestLayout(POST_CRITICAL_MESSAGE, "POST", "/v1/critical-message", "application/json", "gzip")); put(PING, new RequestLayout(PING, "GET", "/v1/ping", "application/json", "utf-8")); put(POS_ANY, new RequestLayout(POS_ANY, "POST", "/v1/any", "application/json", "utf-8")); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java index 02ccd1988..737e46882 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/iast/monitoring/IastMonitoring.java @@ -3,6 +3,7 @@ import com.newrelic.agent.security.AgentConfig; import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.agent.security.intcodeagent.schedulers.SchedulerHelper; import com.newrelic.api.agent.security.NewRelicSecurity; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -22,6 +23,7 @@ public class IastMonitoring { private final AtomicInteger harvestCycleCount = new AtomicInteger(); private final AtomicInteger remainingHarvestRequests = new AtomicInteger(); private final AtomicInteger requestHarvested = new AtomicInteger(); + private final AtomicInteger samplerCycle = new AtomicInteger(); private final Map harvestedTraceId = new ConcurrentHashMap<>(); private static final SecureRandom secureRandom = new SecureRandom(); @@ -88,6 +90,14 @@ public Map getHarvestedTraceId() { return harvestedTraceId; } + public int incrementSamplerCycle() { + return samplerCycle.incrementAndGet(); + } + + public int getSamplerCycle() { + return samplerCycle.get(); + } + public void incrementHarvestedTraceId(String traceId) { harvestedTraceId.put(traceId, harvestedTraceId.getOrDefault(traceId, 0) + 1); } @@ -104,9 +114,16 @@ public static void sampleData() { } public static void resetEventSampler() { + int repeat = AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getRepeat(); + if(repeat != 0 && IastMonitoring.getInstance().getSamplerCycle() > repeat){ + logger.log( LogLevel.INFO, String.format("IAST Monitoring: Sampling of Data shutdown after cycle %s", IastMonitoring.getInstance().getSamplerCycle()), IastMonitoring.class.getName()); + SchedulerHelper.getInstance().shutdownSampling(); + } + + IastMonitoring.getInstance().incrementSamplerCycle(); IastMonitoring.getInstance().setRemainingHarvestRequests(0); IastMonitoring.getInstance().getHarvestedTraceId().clear(); - logger.log( LogLevel.FINEST, String.format("IAST Monitoring: Sampling of Data Stopped for cycle %s", IastMonitoring.getInstance().getHarvestCycleCount()), IastMonitoring.class.getName()); + logger.log( LogLevel.FINEST, String.format("IAST Monitoring: Sampling of Data started for sampling cycle %s", IastMonitoring.getInstance().getSamplerCycle()), IastMonitoring.class.getName()); } @@ -130,7 +147,8 @@ public static void registerTraceHarvested(String traceId) { } public static boolean eventQuotaReached(String traceId) { - return IastMonitoring.getInstance().getHarvestedTraceId().getOrDefault(traceId, 0) >= 100; + return IastMonitoring.getInstance().getHarvestedTraceId().getOrDefault(traceId, 0) + >= AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getMaxEventQuota(); } public static boolean shouldProcessInterception() { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java index b927ed325..9ceda1d64 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/schedulers/SchedulerHelper.java @@ -111,4 +111,20 @@ public void scheduleSampling(Runnable runnable, long initialDelay, long delay, T scheduledFutureMap.put("sampling", future); } } + + public void shutdownSampling() { + if(scheduledFutureMap.containsKey("sampling")){ + ScheduledFuture future = scheduledFutureMap.get("sampling"); + future.cancel(false); + future = scheduledFutureMap.get("reset-event-sampler"); + future.cancel(false); + } + } + + public void scheduleResetEventSampler(Runnable runnable, long initialDelay, long delay, TimeUnit unit) { + if(AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoring()) { + ScheduledFuture future = commonExecutor.scheduleAtFixedRate(runnable, initialDelay, delay, unit); + scheduledFutureMap.put("reset-event-sampler", future); + } + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/util/IUtilConstants.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/util/IUtilConstants.java index 2f08b7b74..52fd1c4bf 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/util/IUtilConstants.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/util/IUtilConstants.java @@ -32,6 +32,10 @@ public interface IUtilConstants { String SKIP_SSRF = SKIP_IAST_SCAN_PARAMETERS_IAST_DETECTION_CATEGORY + ".ssrf"; String SKIP_RXSS = SKIP_IAST_SCAN_PARAMETERS_IAST_DETECTION_CATEGORY + ".rxss"; + String MONITORING_CRITERIA_MAX_EVENT_QUOTA = "security.monitoring_criteria.event_quota_per_trace"; + String MONITORING_CRITERIA_EVENT_QUOTA_PER_TRACE = "security.monitoring_criteria.event_quota_per_trace"; + String MONITORING_CRITERIA_REPEAT = "security.monitoring_criteria.repeat"; + String RESTRICTION_CRITERIA_SCAN_TIME_SCHEDULE = "security.restriction_criteria.scan_time.schedule"; String RESTRICTION_CRITERIA_SCAN_TIME_DURATION = "security.restriction_criteria.scan_time.duration"; String RESTRICTION_CRITERIA = "security.restriction_criteria"; diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index d1ce7b5da..cf23e61c5 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -259,7 +259,8 @@ private void startSecurityServices() { 30 , 30, TimeUnit.SECONDS); SchedulerHelper.getInstance().scheduleDailyLogRollover(LogFileHelper::performDailyRollover); SchedulerHelper.getInstance().scheduleSampling(IastMonitoring::sampleData, 0, 5, TimeUnit.SECONDS); - SchedulerHelper.getInstance().scheduleSampling(IastMonitoring::resetEventSampler, 0, 6, TimeUnit.HOURS); + SchedulerHelper.getInstance().scheduleResetEventSampler(IastMonitoring::resetEventSampler, 0, + AgentConfig.getInstance().getAgentMode().getIastScan().getMonitoringMode().getEventQuotaTimeDuration(), TimeUnit.MINUTES); logger.logInit( LogLevel.INFO, String.format(STARTED_MODULE_LOG, AgentServices.HealthCheck.name()), diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/MonitoringMode.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/MonitoringMode.java index fc90c274e..fe0da46cd 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/MonitoringMode.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/policy/MonitoringMode.java @@ -10,7 +10,11 @@ public class MonitoringMode { private AtomicBoolean harvesting = new AtomicBoolean(false); - private int max_event_quota = 100; + private int maxEventQuota = 100; + + private int eventQuotaTimeDuration = 360; //in minutes + + private int repeat = 0; //0 means keep repeating public int getHarvestCycle() { return harvestCycle; @@ -36,11 +40,27 @@ public void setHarvesting(AtomicBoolean harvesting) { this.harvesting = harvesting; } - public int getMax_event_quota() { - return max_event_quota; + public int getMaxEventQuota() { + return maxEventQuota; + } + + public void setMaxEventQuota(int maxEventQuota) { + this.maxEventQuota = maxEventQuota; + } + + public int getEventQuotaTimeDuration() { + return eventQuotaTimeDuration; + } + + public void setEventQuotaTimeDuration(int eventQuotaTimeDuration) { + this.eventQuotaTimeDuration = eventQuotaTimeDuration; + } + + public int getRepeat() { + return repeat; } - public void setMax_event_quota(int max_event_quota) { - this.max_event_quota = max_event_quota; + public void setRepeat(int repeat) { + this.repeat = repeat; } } From 4a6e932101a5d31a15b30278ab3f3d858ab94f58 Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Tue, 3 Dec 2024 11:15:46 +0530 Subject: [PATCH 10/11] Clean iast state when connection is closed --- .../apache/httpclient/SecurityClient.java | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/SecurityClient.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/SecurityClient.java index 5373193be..1871eb40f 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/SecurityClient.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/apache/httpclient/SecurityClient.java @@ -2,9 +2,12 @@ import com.newrelic.agent.security.AgentConfig; import com.newrelic.agent.security.AgentInfo; +import com.newrelic.agent.security.instrumentator.dispatcher.DispatcherPool; +import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey; import com.newrelic.agent.security.intcodeagent.websocket.EventSendPool; import com.newrelic.agent.security.intcodeagent.websocket.EventSender; +import com.newrelic.api.agent.security.instrumentation.helpers.GrpcClientRequestReplayHelper; import com.newrelic.api.agent.security.utils.ConnectionException; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.util.IUtilConstants; @@ -147,9 +150,19 @@ public ReadResult send(JSONStreamAware message, String api) throws ApacheHttpExc @Override public void close(String message) { + cleanIASTState(); httpClient.shutdown(); } + private static void cleanIASTState() { + RestRequestThreadPool.getInstance().resetIASTProcessing(); + GrpcClientRequestReplayHelper.getInstance().resetIASTProcessing(); + RestRequestThreadPool.getInstance().getRejectedIds().clear(); + GrpcClientRequestReplayHelper.getInstance().getRejectedIds().clear(); + DispatcherPool.getInstance().reset(); + EventSendPool.getInstance().reset(); + } + @Override public void ping() { try { From 0cb1f7ebe0564cf0c469a323a98c51ded70814fa Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Wed, 22 Jan 2025 12:44:56 +0530 Subject: [PATCH 11/11] resolve merge conflicts --- .../org/asynchttpclient/AsyncHttpClient_Instrumentation.java | 2 +- .../security/instrumentation/spy/memcached/MemcachedHelper.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java b/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java index 3fed3edd5..891545e80 100644 --- a/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java +++ b/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java @@ -114,7 +114,7 @@ private Request addSecurityHeaders(Request request, AbstractOperation operation) private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent() ) { return; } diff --git a/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java b/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java index 6c884a5df..fa8ddd3da 100644 --- a/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java +++ b/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java @@ -38,7 +38,7 @@ public static AbstractOperation preprocessSecurityHook(String type, String comma public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExitEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation);