newrelic
diff --git a/‎.github/workflows/X-Reusable-Build-Security-Agent.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/X-Reusable-Build-Security-Agent.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/X-Reusable-VerifyInstrumentation.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/X-Reusable-VerifyInstrumentation.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/build-integrated-jar.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/build-integrated-jar.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/dependency-submission.yml
Lines changed: 27 additions & 0 deletions b/‎.github/workflows/dependency-submission.yml
Lines changed: 27 additions & 0 deletions
diff --git a/‎.github/workflows/publish-to-maven.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/publish-to-maven.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/repolinter.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/repolinter.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/snyk-vulnerability-scan.yml
Lines changed: 0 additions & 33 deletions b/‎.github/workflows/snyk-vulnerability-scan.yml
Lines changed: 0 additions & 33 deletions
diff --git a/‎.github/workflows/verify-instrumentation-single.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/verify-instrumentation-single.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/verify-instrumentation.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/verify-instrumentation.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎instrumentation-security/file-low-priority-instrumentation/src/test/java/com/nr/agent/security/instrumentation/FileTest.java
Lines changed: 65 additions & 0 deletions b/‎instrumentation-security/file-low-priority-instrumentation/src/test/java/com/nr/agent/security/instrumentation/FileTest.java
Lines changed: 65 additions & 0 deletions
diff --git a/‎instrumentation-security/file-low-priority-instrumentation/src/test/java/com/nr/agent/security/instrumentation/TestSetupBringUp.java
Lines changed: 33 additions & 0 deletions b/‎instrumentation-security/file-low-priority-instrumentation/src/test/java/com/nr/agent/security/instrumentation/TestSetupBringUp.java
Lines changed: 33 additions & 0 deletions
diff --git a/‎instrumentation-security/file-operation/src/test/java/com/nr/agent/security/instrumentation/javaio/FileSystemTest.java
Lines changed: 3 additions & 3 deletions b/‎instrumentation-security/file-operation/src/test/java/com/nr/agent/security/instrumentation/javaio/FileSystemTest.java
Lines changed: 3 additions & 3 deletions
diff --git a/‎instrumentation-security/file-operation/src/test/java/com/nr/agent/security/instrumentation/javaio/FileTest.java
Lines changed: 3 additions & 3 deletions b/‎instrumentation-security/file-operation/src/test/java/com/nr/agent/security/instrumentation/javaio/FileTest.java
Lines changed: 3 additions & 3 deletions
diff --git a/‎instrumentation-security/graphql-java-16.2/build.gradle
Lines changed: 1 addition & 1 deletion b/‎instrumentation-security/graphql-java-16.2/build.gradle
Lines changed: 1 addition & 1 deletion
diff --git a/‎instrumentation-security/java-io-inputstream-jdk9/src/test/java/com/nr/instrumentation/security/inputstream/jdk9/InputStreamJdk9Test.java
Lines changed: 1 addition & 3 deletions b/‎instrumentation-security/java-io-inputstream-jdk9/src/test/java/com/nr/instrumentation/security/inputstream/jdk9/InputStreamJdk9Test.java
Lines changed: 1 addition & 3 deletions
@@ -58,7 +58,7 @@ jobs:
   # this job reads the directories in csec-java-agent/instrumentation-security and creates a JSON with the list of the modules
   # this list is paginated and will be used in the verify-module job.
   build-agent:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     strategy:
       matrix:
         java-version: [ 8 ]
 
@@ -22,7 +22,7 @@ jobs:
   # this job reads the directories in csec-java-agent/instrumentation-security and creates a JSON with the list of the modules
   # this list is paginated and will be used in the verify-module job.
   read-modules:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     outputs:
       modules: ${{ steps.set-modules.outputs.modules }}
     steps:
@@ -48,7 +48,7 @@ jobs:
 
   verify-module:
     name: ${{ matrix.modules }}
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     needs: read-modules
     strategy:
       fail-fast: false
 
@@ -52,7 +52,7 @@ jobs:
     name: Create Integrated Agent jar
     if: ${{ always() }}
     needs: [build-csec-agent, verify-instrumentation]
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Print Inputs
         run: echo "${{ toJSON(github.event.inputs) }}"
 
@@ -0,0 +1,27 @@
+name: Dependency Submission
+
+on:
+  push:
+    branches: ['main']
+
+permissions:
+  contents: write
+
+jobs:
+  dependency-submission:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: 8
+      - name: Generate and submit dependency graph
+        uses: gradle/actions/dependency-submission@v4
+        with:
+          dependency-graph-include-projects: ':newrelic-security-(agent|api)'
+          build-scan-publish: true
+          build-scan-terms-of-use-url: "https://gralde.com/help/legal-terms-of-use"
+          build-scan-terms-of-use-agree: "yes"
@@ -90,7 +90,7 @@ jobs:
     name: Publish to Maven Central
     if: ${{ always() }}
     needs: [verify-instrumentation, unit-test]
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout APM agent
         uses: actions/checkout@v3
 
@@ -11,7 +11,7 @@ on: [push, workflow_dispatch]
 jobs:
   repolint:
     name: Run Repolinter
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Test Default Branch
         id: default-branch
 
@@ -18,7 +18,7 @@ on:
 jobs:
   verify_instrumentation_single:
     name: Verify Instrumentation Single
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Print Inputs
         run: echo "${{ toJSON(github.event.inputs) }}"
 
@@ -23,7 +23,7 @@ jobs:
   notify-failure:
     needs: [verify-instrumentation]
     if: ${{ failure() }}
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Send failure message to Slack
         id: slack
 
@@ -0,0 +1,65 @@
+package com.nr.agent.security.instrumentation;
+
+import com.newrelic.agent.security.introspec.InstrumentationTestConfig;
+import com.newrelic.agent.security.introspec.SecurityInstrumentationTestRunner;
+import com.newrelic.agent.security.introspec.SecurityIntrospector;
+import com.newrelic.api.agent.Trace;
+import com.newrelic.api.agent.security.schema.AbstractOperation;
+import com.newrelic.api.agent.security.schema.VulnerabilityCaseType;
+import com.newrelic.api.agent.security.schema.operation.FileOperation;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.List;
+import java.util.UUID;
+
+@RunWith(SecurityInstrumentationTestRunner.class)
+@InstrumentationTestConfig(includePrefixes = {"com.newrelic.agent.security.instrumentation.random", "java.io"})
+public class FileTest {
+    private static final String FILE_NAME = "/tmp/test-" + UUID.randomUUID();
+
+    @BeforeClass
+    public static void retransformRequiredClasses() {
+        TestSetupBringUp.bringUp();
+    }
+
+    @Test
+    public void testExists() {
+        exists();
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertFalse("No operations detected", operations.isEmpty());
+        FileOperation targetOperation = (FileOperation) operations.get(0);
+
+        Assert.assertEquals("Invalid method Name", "exists", targetOperation.getMethodName());
+        Assert.assertEquals("Invalid executed parameters.", FILE_NAME, targetOperation.getFileName().get(0));
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.FILE_OPERATION, targetOperation.getCaseType());
+        Assert.assertTrue("GetBooleanAttributesCall should be true", targetOperation.isGetBooleanAttributesCall());
+    }
+
+    @Test
+    public void testExists1() {
+        exists1();
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations should detected", operations.isEmpty());
+
+    }
+
+    @Trace(dispatcher = true)
+    private void exists() {
+        new File(FILE_NAME).exists();
+    }
+
+    @Trace(dispatcher = true)
+    private void exists1() {
+        new File("").exists();
+    }
+}
@@ -0,0 +1,33 @@
+package com.nr.agent.security.instrumentation;
+
+import com.newrelic.agent.security.introspec.SecurityInstrumentationTestRunner;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+public class TestSetupBringUp {
+    public static void bringUp() {
+        try {
+            List<Class> toReTransform = new ArrayList<>();
+
+            // java.io.FileInputStream
+            SecurityInstrumentationTestRunner.instrumentation.retransformClasses(FileInputStream.class, FileOutputStream.class);
+
+            // java.io.FileSystem and alike
+            Class<?> fileSystemClass = Class.forName("java.io.FileSystem");
+            toReTransform.add(fileSystemClass);
+
+            Class<?> unixFileSystemClass = Class.forName("java.io.UnixFileSystem");
+            toReTransform.add(unixFileSystemClass);
+
+            toReTransform.add(File.class);
+
+            SecurityInstrumentationTestRunner.instrumentation.retransformClasses(toReTransform.toArray(new Class<?>[0]));
+        } catch (Throwable e) {
+            e.printStackTrace();
+        }
+    }
+}
@@ -22,15 +22,15 @@
 @RunWith(SecurityInstrumentationTestRunner.class)
 @InstrumentationTestConfig(includePrefixes = {"java.io", "java.nio"})
 public class FileSystemTest {
-    private static final String FILE_NAME = "/tmp/test-" + UUID.randomUUID().toString();
+    private static final String FILE_NAME = "/tmp/test-" + UUID.randomUUID();
 
     @BeforeClass
     public static void retransformRequiredClasses() {
         TestSetupBringUp.bringUp();
     }
 
     @Test
-    @Ignore
+    @Ignore ("This construct is supported in file-low-priority-instrumentation module")
     public void testGetBooleanAttributes() throws IOException {
         getBooleanAttribute(FILE_NAME);
 
@@ -84,7 +84,7 @@ private void delete( String filePath ) throws IOException{
 
     @Trace(dispatcher = true)
     private void rename( String filePath){
-        String destPath = "/tmp/test-" + UUID.randomUUID().toString();
+        String destPath = "/tmp/test-" + UUID.randomUUID();
         new File(filePath).renameTo(new File(destPath));
     }
 
 
@@ -24,15 +24,15 @@
 @RunWith(SecurityInstrumentationTestRunner.class)
 @InstrumentationTestConfig(includePrefixes = {"java.io", "java.nio"})
 public class FileTest {
-    private static final String FILE_NAME = "/tmp/test-" + UUID.randomUUID().toString();
+    private static final String FILE_NAME = "/tmp/test-" + UUID.randomUUID();
 
     @BeforeClass
     public static void retransformRequiredClasses() {
         TestSetupBringUp.bringUp();
     }
 
     @Test
-    @Ignore
+    @Ignore ("This construct is supported in file-low-priority-instrumentation module")
     public void testGetBooleanAttributes() throws IOException {
         exists(FILE_NAME);
 
@@ -358,7 +358,7 @@ private void mkdirs(String filePath) throws IOException {
 
     @Trace(dispatcher = true)
     private void renameTo(String filePath) throws IOException {
-        String destPath = "/tmp/test-" + UUID.randomUUID().toString();
+        String destPath = "/tmp/test-" + UUID.randomUUID();
         new File(filePath).renameTo( new File(destPath));
     }
 
 
@@ -10,7 +10,7 @@ jar {
 }
 
 verifyInstrumentation {
-    passesOnly('com.graphql-java:graphql-java:[16.0,)')
+    passesOnly('com.graphql-java:graphql-java:[16.0,23.0)')
     excludeRegex('com.graphql-java:graphql-java:(0.0.0|201|202).*')
     excludeRegex('com.graphql-java:graphql-java:.*(vTEST|-beta|-alpha1|-nf-execution|-rc|-TEST).*')
     exclude('com.graphql-java:graphql-java:15.0')
 
@@ -40,7 +40,7 @@ public class InputStreamJdk9Test {
     private static String FILE_TEMP;
     private static String DIR;
     private static String DATA;
-    private static List<String> stuffToClean = new ArrayList<>();
+    private static final List<String> stuffToClean = new ArrayList<>();
 
     @BeforeClass
     public static void retransformRequiredClasses() {
@@ -114,8 +114,6 @@ public void testReadWithFiles1() {
     }
 
     @Test
-    @Ignore
-    // FIXME: not working, need to check the issue
     public void testReadWithFiles2() {
         SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
         byte[] expected = new byte[DATA.length()];
Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ jar {`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`verifyInstrumentation {`
`13`		`- passesOnly('com.graphql-java:graphql-java:[16.0,)')`
	`13`	`+ passesOnly('com.graphql-java:graphql-java:[16.0,23.0)')`
`14`	`14`	`excludeRegex('com.graphql-java:graphql-java:(0.0.0\|201\|202).*')`
`15`	`15`	`excludeRegex('com.graphql-java:graphql-java:.(vTEST\|-beta\|-alpha1\|-nf-execution\|-rc\|-TEST).')`
`16`	`16`	`exclude('com.graphql-java:graphql-java:15.0')`