From 46f8b7c004fed077fe841c18142b067c73b77594 Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Wed, 8 May 2024 12:30:57 +0530 Subject: [PATCH 1/6] Support for microservices security, pipeline changes --- gradle.properties | 2 +- .../http/scaladsl/server/AkkaCoreUtils.java | 15 +-- .../akka/http/scaladsl/AkkaCoreUtils.java | 16 +--- .../akka/http/scaladsl/AkkaCoreUtils.java | 15 +-- .../akka/http/scaladsl/AkkaCoreUtils.java | 15 +-- .../grpc1220/GrpcServerUtils.java | 15 +-- .../grpc140/GrpcServerUtils.java | 15 +-- .../grpc1400/GrpcServerUtils.java | 15 +-- .../jersey2/HttpRequestHelper.java | 16 +--- .../jersey2/HttpRequestHelper.java | 16 +--- .../jersey2/HttpRequestHelper.java | 16 +--- .../jetty11/HttpServletHelper.java | 15 +-- .../jetty12/server/HttpServletHelper.java | 15 +-- .../jetty9/HttpServletHelper.java | 15 +-- .../instrumentation/mule36/MuleHelper.java | 10 -- ...ttpRequestToMuleEvent_Instrumentation.java | 4 +- .../async/RequestHandler_Instrumentation.java | 4 +- .../instrumentation/mule37/MuleHelper.java | 10 -- ...ttpRequestToMuleEvent_Instrumentation.java | 4 +- .../async/RequestHandler_Instrumentation.java | 4 +- .../io/netty400/utils/NettyUtils.java | 14 +-- .../servlet24/HttpServletHelper.java | 12 --- .../servlet/FilterChain_Instrumentation.java | 4 +- .../javax/servlet/Filter_Instrumentation.java | 4 +- .../servlet/Servlet_Instrumentation.java | 4 +- .../servlet5/HttpServletHelper.java | 11 --- .../servlet/FilterChain_Instrumentation.java | 4 +- .../servlet/Filter_Instrumentation.java | 4 +- .../servlet/Servlet_Instrumentation.java | 4 +- .../servlet6/HttpServletHelper.java | 11 --- .../servlet/FilterChain_Instrumentation.java | 4 +- .../servlet/Filter_Instrumentation.java | 4 +- .../servlet/Servlet_Instrumentation.java | 4 +- .../httpserver/Filter_Instrumentation.java | 5 +- .../HttpHandler_Instrumentation.java | 5 +- .../sun/net/httpserver/HttpServerHelper.java | 10 -- .../dispatcher/DispatcherPool.java | 7 +- .../IASTDataTransferRequestProcessor.java | 31 +++--- .../httpclient/RequestUtils.java | 6 +- .../instrumentator/httpclient/RestClient.java | 36 +++---- .../httpclient/RestRequestProcessor.java | 59 ++++++++++-- .../httpclient/RestRequestThreadPool.java | 95 ++++++++++++------- .../instrumentator/utils/HashGenerator.java | 3 +- .../ControlCommandProcessor.java | 20 +++- .../models/IASTDataTransferRequest.java | 48 +++++++--- .../newrelic/api/agent/security/Agent.java | 27 +++++- .../newrelic/api/agent/security/Agent.java | 12 ++- .../api/agent/security/NoOpAgent.java | 7 +- .../api/agent/security/SecurityAgent.java | 4 + .../GrpcClientRequestReplayHelper.java | 3 + .../helpers/ServletHelper.java | 41 ++++++-- .../schema/FuzzRequestEmptyEntry.java | 40 ++++++++ .../security/schema/K2RequestIdentifier.java | 22 +++++ 53 files changed, 433 insertions(+), 369 deletions(-) create mode 100644 newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/FuzzRequestEmptyEntry.java diff --git a/gradle.properties b/gradle.properties index 1515da4a9..808489c5a 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ # The agent version. agentVersion=1.2.1 -jsonVersion=1.2.0 +jsonVersion=2.0.0 # Updated exposed NR APM API version. nrAPIVersion=8.4.0 diff --git a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java index 5aa9083d8..2d6c3c0ee 100644 --- a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java @@ -114,7 +114,9 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); @@ -145,17 +147,6 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { diff --git a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index 4099208c1..4941f6bbb 100644 --- a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -118,7 +118,10 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), + securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); @@ -148,17 +151,6 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { diff --git a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index ff826809a..ce4ca328e 100644 --- a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -118,7 +118,9 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); @@ -148,17 +150,6 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { diff --git a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index 9aa227014..fbd0018a1 100644 --- a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -118,7 +118,9 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); @@ -158,17 +160,6 @@ private static String getProtocol(String value) { } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { diff --git a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java index 9dd55f506..a225f67f6 100644 --- a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java @@ -70,7 +70,9 @@ public static void preprocessSecurityHook(ServerStream_Instrumentat processGRPCRequestMetadata(meta, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); if (call.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION) != null) { securityRequest.setProtocol("https"); @@ -160,17 +162,6 @@ private static boolean isLockAcquired(String nrSecCustomAttrName) { return false; } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processGRPCRequestMetadata(Metadata metadata, HttpRequest securityRequest) { Set headerNames = metadata.keys(); for (String headerKey : headerNames) { diff --git a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java index 372aaa012..d04a458b1 100644 --- a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java @@ -70,7 +70,9 @@ public static void preprocessSecurityHook(ServerStream_Instrumentat processGRPCRequestMetadata(meta, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); if (call.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION) != null) { securityRequest.setProtocol("https"); @@ -164,17 +166,6 @@ private static boolean isLockAcquired(String nrSecCustomAttrName) { return false; } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processGRPCRequestMetadata(Metadata metadata, HttpRequest securityRequest) { Set headerNames = metadata.keys(); for (String headerKey : headerNames) { diff --git a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java index b60d767d3..ba1dcc71c 100644 --- a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java @@ -69,7 +69,9 @@ public static void preprocessSecurityHook(ServerStream_Instrumentat processGRPCRequestMetadata(meta, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); if (call.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION) != null) { securityRequest.setProtocol("https"); @@ -158,17 +160,6 @@ private static boolean isLockAcquired(String nrSecCustomAttrName) { return false; } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processGRPCRequestMetadata(Metadata metadata, HttpRequest securityRequest) { Set headerNames = metadata.keys(); for (String headerKey : headerNames) { diff --git a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 3d5b05569..6264c6ee4 100644 --- a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -76,7 +76,10 @@ public static void preprocessSecurityHook(ContainerRequest requestContext) { } HttpRequestHelper.processHttpRequestHeader(requestContext, securityRequest); - securityMetaData.setTracingHeaderValue(HttpRequestHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + securityRequest.setUrl(requestContext.getRequestUri().toString()); StackTraceElement[] trace = Thread.currentThread().getStackTrace(); @@ -180,17 +183,6 @@ private static String getHeaderValue(List values) { return finalValue.toString(); } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isRequestLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 86f4786b3..4f3468aa5 100644 --- a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -78,7 +78,10 @@ public static void preprocessSecurityHook(ContainerRequest requestContext) { } HttpRequestHelper.processHttpRequestHeader(requestContext, securityRequest); - securityMetaData.setTracingHeaderValue(HttpRequestHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + securityRequest.setUrl(requestContext.getRequestUri().toString()); StackTraceElement[] trace = Thread.currentThread().getStackTrace(); @@ -182,17 +185,6 @@ private static String getHeaderValue(List values) { return finalValue.toString(); } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isRequestLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 7bcd414f8..a80932212 100644 --- a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -76,7 +76,10 @@ public static void preprocessSecurityHook(ContainerRequest requestContext) { } HttpRequestHelper.processHttpRequestHeader(requestContext, securityRequest); - securityMetaData.setTracingHeaderValue(HttpRequestHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + securityRequest.setUrl(requestContext.getRequestUri().toString()); StackTraceElement[] trace = Thread.currentThread().getStackTrace(); @@ -180,17 +183,6 @@ private static String getHeaderValue(List values) { return finalValue.toString(); } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isRequestLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java index c414129f9..82c335842 100644 --- a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java +++ b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java @@ -77,17 +77,6 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && @@ -147,7 +136,9 @@ public static void preprocessSecurityHook(HttpServletRequest httpServletRequest) HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java index a194d4807..8832268de 100644 --- a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java +++ b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java @@ -81,17 +81,6 @@ public static void processHttpRequestHeader(Request request, HttpRequest securit } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && @@ -151,7 +140,9 @@ public static void preprocessSecurityHook(Request request) { HttpServletHelper.processHttpRequestHeader(request, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(request.getHttpURI().getScheme()); diff --git a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java index 03ac12d08..5da129373 100644 --- a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java +++ b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java @@ -77,17 +77,6 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && @@ -147,7 +136,9 @@ public static void preprocessSecurityHook(HttpServletRequest httpServletRequest) HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java b/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java index 3754b8e9e..66b2210b6 100644 --- a/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java +++ b/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java @@ -71,16 +71,6 @@ public static void processHttpRequestHeader(HttpRequest httpRequest, } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } public static String getContentType(HttpRequest httpRequest) { return httpRequest.getHeaderValue(HttpHeaders.Names.CONTENT_TYPE); } diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index 637a252b3..101e44fb4 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -70,7 +70,9 @@ private static void preprocessSecurityHook(HttpRequestContext requestContext) { } MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(MuleHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index a7f6bc1ef..4af0d5319 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -64,7 +64,9 @@ private void preprocessSecurityHook(HttpRequestContext requestContext) { } MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(MuleHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java b/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java index f05979db0..a9d66ae17 100644 --- a/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java +++ b/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java @@ -65,16 +65,6 @@ public static void processHttpRequestHeader(HttpRequest httpRequest, com.newreli } } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } public static String getContentType(HttpRequest httpRequest) { return httpRequest.getHeaderValue(HttpHeaders.Names.CONTENT_TYPE); } diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index e02e96ca8..ed68bd37b 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -70,7 +70,9 @@ private static void preprocessSecurityHook(HttpRequestContext requestContext) { } MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(MuleHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index 4fe834e0e..9c1c2ad33 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -64,7 +64,9 @@ private void preprocessSecurityHook(HttpRequestContext requestContext) { } MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); - securityMetaData.setTracingHeaderValue(MuleHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java index 40428c49c..ac1c16e6f 100644 --- a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java +++ b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java @@ -54,7 +54,7 @@ public static void processSecurityRequest(ChannelHandlerContext ctx, Object msg, setClientAddressDetails(securityMetaData, ctx.channel().remoteAddress().toString()); setServerPortDetails(securityRequest, ctx.channel().localAddress().toString()); processHttpRequestHeader((HttpRequest)msg, securityRequest); - securityMetaData.setTracingHeaderValue(getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); securityRequest.setProtocol(((HttpRequest) msg).getProtocolVersion().protocolName()); securityRequest.setContentType(securityRequest.getHeaders().get("content-type")); @@ -153,18 +153,6 @@ public static void processHttpRequestHeader(HttpRequest request, com.newrelic.ap } } - - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static void processSecurityResponse(ChannelHandlerContext ctx, Object msg) { try { Transaction tx = NewRelic.getAgent().getTransaction(); diff --git a/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java b/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java index b6ac6bbf7..bdd82144d 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java +++ b/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java @@ -13,7 +13,6 @@ import javax.servlet.http.HttpServletRequest; import java.util.Collection; import java.util.Enumeration; -import java.util.Iterator; import java.util.Map; public class HttpServletHelper { @@ -77,17 +76,6 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java index 1caf929a4..ef91005d1 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java @@ -67,7 +67,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java index 2540b23f0..96c187744 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java @@ -69,7 +69,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java index 39c27b4d6..ca6959ae0 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java @@ -73,7 +73,9 @@ private void preprocessSecurityHook(ServletRequest_Instrumentation request, Serv HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java b/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java index aa32dba10..dd58ede50 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java +++ b/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java @@ -77,17 +77,6 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index e3414be3c..6d30b78d9 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -67,7 +67,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index 54c81187e..7586a1043 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -68,7 +68,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index 4ec1c91bd..f1e0e18c5 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -73,7 +73,9 @@ private void preprocessSecurityHook(ServletRequest_Instrumentation request, Serv HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java b/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java index 479e09e03..e2299aed7 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java +++ b/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java @@ -77,17 +77,6 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } - public static boolean isServletLockAcquired() { try { return NewRelicSecurity.isHookProcessingActive() && diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index ba39efeb2..757b56f4f 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -67,7 +67,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index 59d8e0f63..8b757e62d 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -68,7 +68,9 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index 46bc01e24..6a06730bf 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -73,7 +73,9 @@ private void preprocessSecurityHook(ServletRequest_Instrumentation request, Serv HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java index 463296ad0..6f27c4477 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java @@ -59,7 +59,10 @@ private void preprocessSecurityHook(HttpExchange exchange) { } HttpServerHelper.processHttpRequestHeaders(exchange.getRequestHeaders(), securityRequest); - securityMetaData.setTracingHeaderValue(HttpServerHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + securityRequest.setProtocol(HttpServerHelper.getProtocol(exchange)); securityRequest.setUrl(String.valueOf(exchange.getRequestURI())); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java index b49501523..6ca9fc78e 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java @@ -59,7 +59,10 @@ private void preprocessSecurityHook(HttpExchange exchange) { } HttpServerHelper.processHttpRequestHeaders(exchange.getRequestHeaders(), securityRequest); - securityMetaData.setTracingHeaderValue(HttpServerHelper.getTraceHeader(securityRequest.getHeaders())); + securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); + + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + securityRequest.setProtocol(HttpServerHelper.getProtocol(exchange)); securityRequest.setUrl(String.valueOf(exchange.getRequestURI())); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpServerHelper.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpServerHelper.java index 41b5c5962..a3374b65a 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpServerHelper.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpServerHelper.java @@ -73,16 +73,6 @@ public static String getContentType(Headers headers){ } return data; } - public static String getTraceHeader(Map headers) { - String data = EMPTY; - if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); - if (data == null || data.trim().isEmpty()) { - data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); - } - } - return data; - } public static void registerInputStreamHashIfNeeded(int inputStreamHash){ try { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java index 4be77dfae..f9fb4e45f 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java @@ -220,9 +220,12 @@ public void dispatchEvent(AbstractOperation operation, SecurityMetaData security GrpcClientRequestReplayHelper.getInstance().registerEventForProcessedCC(parentId, operation.getExecutionId()); } } else { - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(parentId, new HashSet<>()); if (StringUtils.equals(securityMetaData.getFuzzRequestIdentifier().getApiRecordId(), operation.getApiID())) { - RestRequestThreadPool.getInstance().registerEventForProcessedCC(parentId, operation.getExecutionId()); + String originAppUUID = securityMetaData.getFuzzRequestIdentifier().getOriginApplicationUUID(); + if(StringUtils.isBlank(originAppUUID)){ + originAppUUID = AgentInfo.getInstance().getApplicationUUID(); + } + RestRequestThreadPool.getInstance().registerEventForProcessedCC(parentId, operation.getExecutionId(), originAppUUID); } } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java index 628b2cf99..d51431777 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java @@ -13,11 +13,8 @@ import java.time.Instant; import java.util.HashMap; -import java.util.HashSet; import java.util.Map; import java.util.Set; -import java.util.HashSet; -import java.util.Set; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.ScheduledFuture; @@ -76,6 +73,7 @@ private void task() { int currentFetchThreshold = NewRelic.getAgent().getConfig() .getValue(SECURITY_POLICY_VULNERABILITY_SCAN_IAST_SCAN_PROBING_THRESHOLD, 300); + //TODO Update MicrosService Arch int remainingRecordCapacityRest = RestRequestThreadPool.getInstance().getQueue().remainingCapacity(); int currentRecordBacklogRest = RestRequestThreadPool.getInstance().getQueue().size(); int remainingRecordCapacityGrpc = GrpcClientRequestReplayHelper.getInstance().getRequestQueue().remainingCapacity(); @@ -93,12 +91,10 @@ private void task() { request = new IASTDataTransferRequest(NewRelicSecurity.getAgent().getAgentUUID()); request.setBatchSize(batchSize); - request.setCompletedRequests(getEffectiveCompletedRequests()); - - HashSet pendingRequestIds = new HashSet<>(); - pendingRequestIds.addAll(RestRequestThreadPool.getInstance().getPendingIds()); - pendingRequestIds.addAll(GrpcClientRequestReplayHelper.getInstance().getPendingIds()); - request.setPendingRequestIds(pendingRequestIds); + request.setGeneratedEvent(getEffectiveCompletedRequests()); + request.setClearFromPending(RestRequestThreadPool.getInstance().getClearFromPending()); + request.setCompletedReplay(RestRequestThreadPool.getInstance().getCompletedReplay()); + request.setErrorInReplay(RestRequestThreadPool.getInstance().getErrorInReplay()); WSClient.getInstance().send(request.toString()); } } catch (Throwable e) { @@ -108,19 +104,22 @@ private void task() { } } - private Map> getEffectiveCompletedRequests() { - Map> completedRequest = new HashMap<>(); - completedRequest.putAll(RestRequestThreadPool.getInstance().getProcessedIds()); - completedRequest.putAll(GrpcClientRequestReplayHelper.getInstance().getProcessedIds()); + private Map>> getEffectiveCompletedRequests() { + Map>> generatedEvents = new HashMap<>(); + generatedEvents.putAll(RestRequestThreadPool.getInstance().getGeneratedEvents()); for (String rejectedId : RestRequestThreadPool.getInstance().getRejectedIds()) { - completedRequest.remove(rejectedId); + for (Map.Entry>> applicationMap : generatedEvents.entrySet()) { + applicationMap.getValue().remove(rejectedId); + } } RestRequestThreadPool.getInstance().getRejectedIds().clear(); for (String rejectedId : GrpcClientRequestReplayHelper.getInstance().getRejectedIds()) { - completedRequest.remove(rejectedId); + for (Map.Entry>> applicationMap : generatedEvents.entrySet()) { + applicationMap.getValue().remove(rejectedId); + } } GrpcClientRequestReplayHelper.getInstance().getRejectedIds().clear(); - return completedRequest; + return generatedEvents; } private IASTDataTransferRequestProcessor() { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java index bb66bdbf0..d1c17e82d 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java @@ -2,7 +2,7 @@ import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.websocket.JsonConverter; -import com.newrelic.api.agent.security.NewRelicSecurity; +import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper; import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.agent.security.intcodeagent.models.FuzzRequestBean; import okhttp3.*; @@ -10,7 +10,6 @@ import okhttp3.internal.http.HttpMethod; import org.apache.commons.lang3.StringUtils; -import java.util.List; import java.util.Map; import java.util.Map.Entry; @@ -19,7 +18,7 @@ public class RequestUtils { private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); public static final String ERROR_IN_FUZZ_REQUEST_GENERATION = "Error in fuzz request generation {}"; - public static Request generateK2Request(FuzzRequestBean httpRequest, String endpoint) { + public static Request generateK2Request(FuzzRequestBean httpRequest, String endpoint, String controlCommandId) { try { logger.log(LogLevel.FINER, String.format("Firing request : %s", JsonConverter.toJSON(httpRequest)), RequestUtils.class.getName()); StringBuilder url = new StringBuilder(endpoint); @@ -52,6 +51,7 @@ public static Request generateK2Request(FuzzRequestBean httpRequest, String endp requestBuilder = requestBuilder.method(httpRequest.getMethod(), null); } requestBuilder = requestBuilder.headers(Headers.of((Map) httpRequest.getHeaders())); + requestBuilder.header(GenericHelper.CSEC_PARENT_ID, controlCommandId); return requestBuilder.build(); } catch (Exception e){ diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java index f39be870c..91d8a4ca9 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java @@ -121,20 +121,19 @@ public OkHttpClient getClient() { return clientThreadLocal.get(); } - public void fireRequest(FuzzRequestBean httpRequest, List endpoints, int repeatCount, String fuzzRequestId){ + public void fireRequest(FuzzRequestBean httpRequest, List endpoints, RestRequestProcessor restRequestProcessor, int repeatCount){ int responseCode = 999; if(endpoints.isEmpty()){ - Request request = RequestUtils.generateK2Request(httpRequest, String.format(IAgentConstants.ENDPOINT_LOCALHOST_S, httpRequest.getProtocol(), httpRequest.getServerPort())); + Request request = RequestUtils.generateK2Request(httpRequest, String.format(IAgentConstants.ENDPOINT_LOCALHOST_S, httpRequest.getProtocol(), httpRequest.getServerPort()), restRequestProcessor.getControlCommand().getId()); if (request != null) { try { - responseCode = RestClient.getInstance().fireRequest(request, repeatCount + endpoints.size() -1, fuzzRequestId); + responseCode = RestClient.getInstance().fireRequest(request, restRequestProcessor, repeatCount + endpoints.size() -1); } catch (SSLException e) { logger.log(LogLevel.FINER, String.format(CALL_FAILED_REQUEST_S_REASON, request), e, RestClient.class.getName()); logger.postLogMessageIfNecessary(LogLevel.WARNING, - String.format(CALL_FAILED_REQUEST_S_REASON, fuzzRequestId), + String.format(CALL_FAILED_REQUEST_S_REASON, restRequestProcessor.getControlCommand().getId()), e, RestRequestProcessor.class.getName()); - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(fuzzRequestId, new HashSet<>()); // TODO: Add to fuzz fail count in HC and remove FuzzFailEvent if not needed. FuzzFailEvent fuzzFailEvent = new FuzzFailEvent(AgentInfo.getInstance().getApplicationUUID()); fuzzFailEvent.setFuzzHeader(request.header(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID)); @@ -144,10 +143,10 @@ public void fireRequest(FuzzRequestBean httpRequest, List endpoints, int return; } for (String endpoint : endpoints) { - Request request = RequestUtils.generateK2Request(httpRequest, endpoint); + Request request = RequestUtils.generateK2Request(httpRequest, endpoint, restRequestProcessor.getControlCommand().getId()); try { if (request != null) { - responseCode = RestClient.getInstance().fireRequest(request, repeatCount + endpoints.size() -1, fuzzRequestId); + responseCode = fireRequest(request, restRequestProcessor, repeatCount + endpoints.size() -1); } if(responseCode == 301){continue;} break; @@ -156,10 +155,9 @@ public void fireRequest(FuzzRequestBean httpRequest, List endpoints, int } } - } - public int fireRequest(Request request, int repeatCount, String fuzzRequestId) throws SSLException { + public int fireRequest(Request request, RestRequestProcessor restRequestProcessor, int repeatCount) throws SSLException { OkHttpClient client = clientThreadLocal.get(); logger.log(LogLevel.FINER, String.format(FIRING_REQUEST_METHOD_S, request.method()), RestClient.class.getName()); @@ -171,33 +169,37 @@ public int fireRequest(Request request, int repeatCount, String fuzzRequestId) t Response response = call.execute(); logger.log(LogLevel.FINER, String.format(REQUEST_FIRED_SUCCESS, request), RestClient.class.getName()); if(response.code() >= 400 && response.code() < 500){ - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(fuzzRequestId, new HashSet<>()); logger.postLogMessageIfNecessary(LogLevel.WARNING, - String.format(RestClient.CALL_FAILED_REQUEST_S_REASON_S, fuzzRequestId, response, response.body().string()), null, + String.format(RestClient.CALL_FAILED_REQUEST_S_REASON_S, restRequestProcessor.getControlCommand().getId(), response, response.body().string()), null, RestRequestProcessor.class.getName()); - } else if(response.isSuccessful()){ - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(fuzzRequestId, new HashSet<>()); - }else { + } else { logger.log(LogLevel.FINER, String.format(REQUEST_SUCCESS_S_RESPONSE_S_S, request, response, response.body().string()), RestClient.class.getName()); } + restRequestProcessor.setSuccessful(true); + restRequestProcessor.setResponseCode(response.code()); response.body().close(); if (client.connectionPool() != null) { client.connectionPool().evictAll(); } return response.code(); } catch (SSLException e){ + restRequestProcessor.setExceptionRaised(true); + restRequestProcessor.setError(e); logger.log(LogLevel.FINE, String.format("Request failed due to SSL Exception %s ", request, e), RestClient.class.getName()); throw e; } catch (InterruptedIOException e){ + restRequestProcessor.setExceptionRaised(true); + restRequestProcessor.setError(e); if(repeatCount >= 0){ - return fireRequest(request, --repeatCount, fuzzRequestId); + return fireRequest(request, restRequestProcessor, --repeatCount); } } catch (IOException e) { + restRequestProcessor.setExceptionRaised(true); + restRequestProcessor.setError(e); logger.log(LogLevel.FINER, String.format(CALL_FAILED_REQUEST_S_REASON, request), e, RestClient.class.getName()); logger.postLogMessageIfNecessary(LogLevel.WARNING, - String.format(CALL_FAILED_REQUEST_S_REASON, fuzzRequestId), + String.format(CALL_FAILED_REQUEST_S_REASON, restRequestProcessor.getControlCommand().getId()), e, RestRequestProcessor.class.getName()); - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(fuzzRequestId, new HashSet<>()); // TODO: Add to fuzz fail count in HC and remove FuzzFailEvent if not needed. FuzzFailEvent fuzzFailEvent = new FuzzFailEvent(AgentInfo.getInstance().getApplicationUUID()); fuzzFailEvent.setFuzzHeader(request.header(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID)); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java index 92c13e89b..7a4aa761a 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java @@ -42,6 +42,14 @@ public class RestRequestProcessor implements Callable { private int repeatCount; + private boolean isSuccessful = false; + + private int responseCode; + + private boolean exceptionRaised = false; + + private Throwable error; + private ObjectMapper objectMapper = new ObjectMapper(); private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance(); @@ -51,6 +59,41 @@ public RestRequestProcessor(IntCodeControlCommand controlCommand, int repeatCoun this.repeatCount = repeatCount; } + public boolean isSuccessful() { + return isSuccessful; + } + + public void setSuccessful(boolean successful) { + isSuccessful = successful; + } + + public int getResponseCode() { + return responseCode; + } + + public void setResponseCode(int responseCode) { + this.responseCode = responseCode; + } + + public boolean isExceptionRaised() { + return exceptionRaised; + } + + public void setExceptionRaised(boolean exceptionRaised) { + this.exceptionRaised = exceptionRaised; + } + + public Throwable getError() { + return error; + } + + public void setError(Throwable error) { + this.error = error; + } + + public int getRepeatCount() { + return repeatCount; + } /** * Does the request replay in IAST mode. @@ -80,13 +123,7 @@ public Boolean call() throws InterruptedException { httpRequest = objectMapper.readValue(req, FuzzRequestBean.class); httpRequest.getHeaders().put(GenericHelper.CSEC_PARENT_ID, controlCommand.getId()); - if (httpRequest.getIsGrpc()){ - GrpcClientRequestReplayHelper.getInstance().getPendingIds().add(controlCommand.getId()); - GrpcClientRequestReplayHelper.getInstance().removeFromProcessedCC(controlCommand.getId()); - } else { - RestRequestThreadPool.getInstance().getPendingIds().add(controlCommand.getId()); - RestRequestThreadPool.getInstance().removeFromProcessedCC(controlCommand.getId()); - } + httpRequest.setReflectedMetaData(controlCommand.getReflectedMetaData()); if (httpRequest.getIsGrpc()){ @@ -104,24 +141,26 @@ public Boolean call() throws InterruptedException { GrpcClientRequestReplayHelper.getInstance().addToRequestQueue(new ControlCommandDto(controlCommand.getId(), httpRequest, payloadList)); } else { List endpoints = prepareAllEndpoints(NewRelicSecurity.getAgent().getApplicationConnectionConfig()); - RestClient.getInstance().fireRequest(httpRequest, endpoints, repeatCount + endpoints.size() -1, controlCommand.getId()); + RestClient.getInstance().fireRequest(httpRequest, endpoints, this, repeatCount + endpoints.size() -1); } return true; } catch (JsonProcessingException e){ + setExceptionRaised(true); + setError(e); logger.log(LogLevel.SEVERE, String.format(JSON_PARSING_ERROR_WHILE_PROCESSING_FUZZING_REQUEST_S, controlCommand.getArguments().get(0)), e, RestRequestProcessor.class.getName()); logger.postLogMessageIfNecessary(LogLevel.SEVERE, String.format(JSON_PARSING_ERROR_WHILE_PROCESSING_FUZZING_REQUEST_S, controlCommand.getId()), e, RestRequestProcessor.class.getName()); - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(controlCommand.getId(), new HashSet<>()); } catch (Throwable e) { + setExceptionRaised(true); + setError(e); logger.log(LogLevel.SEVERE, String.format(ERROR_WHILE_PROCESSING_FUZZING_REQUEST_S, controlCommand.getArguments().get(0)), e, RestRequestProcessor.class.getName()); logger.postLogMessageIfNecessary(LogLevel.SEVERE, String.format(ERROR_WHILE_PROCESSING_FUZZING_REQUEST_S, controlCommand.getId()), e, RestRequestProcessor.class.getName()); - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(controlCommand.getId(), new HashSet<>()); throw e; } return true; diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java index 779217700..558ae5881 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java @@ -6,9 +6,8 @@ import com.newrelic.api.agent.security.utils.logging.LogLevel; import org.apache.commons.lang3.StringUtils; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; +import java.io.InterruptedIOException; +import java.util.*; import java.util.concurrent.*; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicInteger; @@ -30,19 +29,42 @@ public class RestRequestThreadPool { private static final AtomicBoolean isWaiting = new AtomicBoolean(false); - private final Map> processedIds = new ConcurrentHashMap(); + private final Set rejectedIds = ConcurrentHashMap.newKeySet(); - private final Set pendingIds = ConcurrentHashMap.newKeySet(); + private Set completedReplay = ConcurrentHashMap.newKeySet(); + + private Set errorInReplay = ConcurrentHashMap.newKeySet(); + + private Set clearFromPending = ConcurrentHashMap.newKeySet(); + + /** + * "generatedEvents": + * { + * "ORIGIN_APPUUID_1" : {"FUZZ_ID_1":["EVENT_ID_1"], "FUZZ_ID_2":["EVENT_ID_2"]}, + * } + * */ + private final Map>> generatedEvents = new ConcurrentHashMap(); - private final Set rejectedIds = ConcurrentHashMap.newKeySet(); public void resetIASTProcessing() { - rejectedIds.addAll(processedIds.keySet()); - processedIds.clear(); - pendingIds.clear(); + getAllControlCommandID(generatedEvents); + generatedEvents.clear(); + completedReplay.clear(); + clearFromPending.clear(); + errorInReplay.clear(); executor.getQueue().clear(); } + private void getAllControlCommandID(Map>> generatedEvents) { + if(generatedEvents == null || generatedEvents.isEmpty()) { + return; + } + + for (Map> applicationMap : generatedEvents.values()) { + rejectedIds.addAll(applicationMap.keySet()); + } + } + private RestRequestThreadPool() { LinkedBlockingQueue processQueue; // load the settings @@ -55,21 +77,22 @@ protected void afterExecute(Runnable r, Throwable t) { super.afterExecute(r, t); String controlCommandId = null; if (r instanceof CustomFutureTask && ((CustomFutureTask) r).getTask() instanceof RestRequestProcessor) { - Boolean result = (Boolean) ((CustomFutureTask) r).get(); RestRequestProcessor task = (RestRequestProcessor) ((CustomFutureTask) r).getTask(); controlCommandId = task.getControlCommand().getId(); - if(t != null || !result) { - if (StringUtils.isNotBlank(controlCommandId)) { - rejectedIds.add(controlCommandId); - } + if(task.isSuccessful()){ + completedReplay.add(controlCommandId); + } else if (task.isExceptionRaised() && task.getError() instanceof InterruptedIOException) { + clearFromPending.add(controlCommandId); + } else if(task.isExceptionRaised()) { + errorInReplay.add(controlCommandId); } else { - processedIds.putIfAbsent(controlCommandId, new HashSet<>()); + clearFromPending.add(controlCommandId); + } + if (StringUtils.isBlank(controlCommandId)) { + rejectedIds.add(controlCommandId); } } - if(StringUtils.isNotBlank(controlCommandId)){ - pendingIds.remove(controlCommandId); - } - } catch (ExecutionException | InterruptedException ignored) { + } catch (Exception ignored) { } } @@ -135,32 +158,38 @@ public ThreadPoolExecutor getExecutor() { return executor; } - public Map> getProcessedIds() { - return processedIds; - } - public Set getRejectedIds() { return rejectedIds; } - public Set getPendingIds() { - return pendingIds; + public Set getCompletedReplay() { + return completedReplay; } - public void registerEventForProcessedCC(String controlCommandId, String eventId) { + public Set getErrorInReplay() { + return errorInReplay; + } + + public Set getClearFromPending() { + return clearFromPending; + } + + public void registerEventForProcessedCC(String controlCommandId, String eventId, String originAppUuid) { if(StringUtils.isAnyBlank(controlCommandId, eventId)){ return; } - Set registeredEvents = processedIds.get(controlCommandId); - if(registeredEvents != null) { - registeredEvents.add(eventId); + if(!generatedEvents.containsKey(originAppUuid)){ + logger.log(LogLevel.FINE, String.format("Entry from map of generatedEvents for %s is missing. generatedEvents are : %s", originAppUuid, generatedEvents), RestRequestThreadPool.class.getName()); } - } - public void removeFromProcessedCC(String controlCommandId) { - if(StringUtils.isNotBlank(controlCommandId)){ - processedIds.remove(controlCommandId); + if(generatedEvents.get(originAppUuid).containsKey(controlCommandId)) { + generatedEvents.get(originAppUuid).get(controlCommandId).add(eventId); + } else { + System.out.println("controlCommandId is not present for : "+controlCommandId); } } + public Map>> getGeneratedEvents() { + return generatedEvents; + } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java index dc6f5914c..244f320d0 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/HashGenerator.java @@ -148,8 +148,7 @@ public static String getSHA256HexDigest(List data) { return getChecksum(input); } public static String getSHA256HexDigest(String data) { - String input = StringUtils.join(data); - return getChecksum(input); + return getChecksum(data); } /** diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java index f66a634d4..e67b88a30 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java @@ -1,18 +1,19 @@ package com.newrelic.agent.security.intcodeagent.controlcommand; import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; import com.newrelic.agent.security.instrumentator.httpclient.IASTDataTransferRequestProcessor; import com.newrelic.agent.security.instrumentator.httpclient.RestRequestProcessor; import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; import com.newrelic.agent.security.instrumentator.utils.AgentUtils; import com.newrelic.agent.security.instrumentator.utils.InstrumentationUtils; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; +import com.newrelic.agent.security.intcodeagent.models.IASTDataTransferRequest; import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.agent.security.intcodeagent.logging.IAgentConstants; import com.newrelic.agent.security.intcodeagent.models.config.AgentPolicyParameters; import com.newrelic.agent.security.intcodeagent.models.javaagent.EventResponse; import com.newrelic.agent.security.intcodeagent.models.javaagent.IntCodeControlCommand; -import com.newrelic.agent.security.intcodeagent.utils.CommonUtils; import com.newrelic.agent.security.intcodeagent.websocket.EventSendPool; import com.newrelic.agent.security.intcodeagent.websocket.JsonConverter; import com.newrelic.agent.security.intcodeagent.websocket.WSClient; @@ -29,6 +30,7 @@ import java.time.temporal.ChronoUnit; import java.util.List; import java.util.Map; +import java.util.Set; public class ControlCommandProcessor implements Runnable { @@ -65,6 +67,7 @@ public class ControlCommandProcessor implements Runnable { public static final String PURGING_CONFIRMED_IAST_PROCESSED_RECORDS_COUNT_S = "Purging confirmed IAST processed records count : %s"; public static final String PURGING_CONFIRMED_IAST_PROCESSED_RECORDS_S = "Purging confirmed IAST processed records : %s"; + private ObjectMapper objectMapper = new ObjectMapper(); private String controlCommandMessage; @@ -258,7 +261,9 @@ public void run() { controlCommand.getArguments().size()), this.getClass().getName()); logger.log(LogLevel.FINEST, String.format(PURGING_CONFIRMED_IAST_PROCESSED_RECORDS_S, controlCommand.getArguments()), this.getClass().getName()); - controlCommand.getArguments().forEach(RestRequestThreadPool.getInstance().getProcessedIds()::remove); + //TODO Update MicrosService Arch + IASTDataTransferRequest requestForPurge = objectMapper.convertValue(controlCommand.getData(), IASTDataTransferRequest.class); + purgeIastDataTransferRequest(requestForPurge); controlCommand.getArguments().forEach(GrpcClientRequestReplayHelper.getInstance().getProcessedIds()::remove); break; default: @@ -268,6 +273,17 @@ public void run() { } } + private static void purgeIastDataTransferRequest(IASTDataTransferRequest requestForPurge) { + RestRequestThreadPool.getInstance().getCompletedReplay().removeAll(requestForPurge.getCompletedReplay()); + RestRequestThreadPool.getInstance().getErrorInReplay().removeAll(requestForPurge.getErrorInReplay()); + RestRequestThreadPool.getInstance().getClearFromPending().removeAll(requestForPurge.getClearFromPending()); + for (Map.Entry>> applicationMap : RestRequestThreadPool.getInstance().getGeneratedEvents().entrySet()) { + String originAppUUID = applicationMap.getKey(); + Map> purgeApplicationMap = requestForPurge.getGeneratedEvent().get(originAppUUID); + purgeApplicationMap.forEach(applicationMap.getValue()::remove); + } + } + public static void processControlCommand(String controlCommandMessage, long receiveTimestamp) { ControlCommandProcessorThreadPool.getInstance().executor .submit(new ControlCommandProcessor(controlCommandMessage, receiveTimestamp)); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java index 9a7fe3b02..34894c579 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/IASTDataTransferRequest.java @@ -14,11 +14,13 @@ public class IASTDataTransferRequest { private int batchSize; - private Set pendingRequestIds; + private Set completedReplay; - private Map> completedRequests; + private Set errorInReplay; - private String sequenceNumber; + private Set clearFromPending; + + private Map>> generatedEvent; public IASTDataTransferRequest() {} public IASTDataTransferRequest(String applicationUUID) { @@ -41,28 +43,44 @@ public void setBatchSize(int batchSize) { this.batchSize = batchSize; } - public Map> getCompletedRequests() { - return completedRequests; + public String getJsonName() { + return jsonName; } - public void setCompletedRequests(Map> completedRequests) { - this.completedRequests = completedRequests; + public void setJsonName(String jsonName) { + this.jsonName = jsonName; } - public Set getPendingRequestIds() { - return pendingRequestIds; + public Set getCompletedReplay() { + return completedReplay; } - public void setPendingRequestIds(Set pendingRequestIds) { - this.pendingRequestIds = pendingRequestIds; + public void setCompletedReplay(Set completedReplay) { + this.completedReplay = completedReplay; } - public String getJsonName() { - return jsonName; + public Set getErrorInReplay() { + return errorInReplay; } - public void setJsonName(String jsonName) { - this.jsonName = jsonName; + public void setErrorInReplay(Set errorInReplay) { + this.errorInReplay = errorInReplay; + } + + public Set getClearFromPending() { + return clearFromPending; + } + + public void setClearFromPending(Set clearFromPending) { + this.clearFromPending = clearFromPending; + } + + public Map>> getGeneratedEvent() { + return generatedEvent; + } + + public void setGeneratedEvent(Map>> generatedEvent) { + this.generatedEvent = generatedEvent; } @Override diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index fb508054c..0be4e07a0 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -4,6 +4,7 @@ import com.newrelic.agent.security.AgentConfig; import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.instrumentator.dispatcher.DispatcherPool; +import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool; import com.newrelic.agent.security.instrumentator.os.OsVariablesInstance; import com.newrelic.agent.security.instrumentator.utils.*; import com.newrelic.agent.security.intcodeagent.constants.AgentServices; @@ -33,13 +34,10 @@ import java.lang.instrument.Instrumentation; import java.lang.instrument.UnmodifiableClassException; import java.net.HttpURLConnection; -import java.net.Socket; import java.net.URL; import java.time.Instant; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.Map; +import java.util.*; +import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicBoolean; import java.util.logging.Level; @@ -684,4 +682,23 @@ public String decryptAndVerify(String encryptedData, String hashVerifier) { return null; } } + + @Override + public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry fuzzRequestEmptyEntry) { + String currentEntityGuid = AgentInfo.getInstance().getLinkingMetadata().getOrDefault(INRSettingsKey.NR_ENTITY_GUID, StringUtils.EMPTY); + String originAppUUID = fuzzRequestEmptyEntry.getOriginAppUuid(); + if(StringUtils.isBlank(originAppUUID)){ + originAppUUID = AgentInfo.getInstance().getApplicationUUID(); + } + String shaDigestOfCurrentEntityGuid = HashGenerator.getSHA256HexDigest(currentEntityGuid); + if(StringUtils.equals(shaDigestOfCurrentEntityGuid, fuzzRequestEmptyEntry.getOriginEntityGuid())){ + if(RestRequestThreadPool.getInstance().getGeneratedEvents().containsKey(originAppUUID)) { + RestRequestThreadPool.getInstance().getGeneratedEvents().get(originAppUUID).put(fuzzRequestEmptyEntry.getControlCommandId(), ConcurrentHashMap.newKeySet()); + } else { + Map> emptyEntry = new ConcurrentHashMap<>(); + emptyEntry.put(fuzzRequestEmptyEntry.getControlCommandId(), ConcurrentHashMap.newKeySet()); + RestRequestThreadPool.getInstance().getGeneratedEvents().put(originAppUUID, emptyEntry); + } + } + } } \ No newline at end of file diff --git a/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java index ac62898c7..f1f840ae5 100644 --- a/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -2,8 +2,8 @@ import com.newrelic.api.agent.NewRelic; import com.newrelic.api.agent.Transaction; -import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.schema.AbstractOperation; +import com.newrelic.api.agent.security.schema.FuzzRequestEmptyEntry; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.operation.FileIntegrityOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -12,10 +12,7 @@ import java.lang.instrument.Instrumentation; import java.net.URL; import java.time.Instant; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.Map; +import java.util.*; import java.util.concurrent.ConcurrentHashMap; public class Agent implements SecurityAgent { @@ -195,4 +192,9 @@ public void retransformUninstrumentedClass(Class classToRetransform) { public String decryptAndVerify(String encryptedData, String hashVerifier) { return null; } + + @Override + public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry emptyEntry) { + + } } \ No newline at end of file diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java index b110083e5..3de9fc53d 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java @@ -7,8 +7,8 @@ package com.newrelic.api.agent.security; -import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.schema.AbstractOperation; +import com.newrelic.api.agent.security.schema.FuzzRequestEmptyEntry; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -126,5 +126,10 @@ public String decryptAndVerify(String encryptedData, String hashVerifier) { return null; } + @Override + public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry emptyEntry) { + + } + } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java index 81a4d65eb..a90781783 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java @@ -8,6 +8,7 @@ package com.newrelic.api.agent.security; import com.newrelic.api.agent.security.schema.AbstractOperation; +import com.newrelic.api.agent.security.schema.FuzzRequestEmptyEntry; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -15,6 +16,7 @@ import java.lang.instrument.Instrumentation; import java.net.URL; import java.util.Map; +import java.util.Set; /** * The New Relic Security Java Agent's API. @@ -67,4 +69,6 @@ public interface SecurityAgent { void retransformUninstrumentedClass(Class classToRetransform); String decryptAndVerify(String encryptedData, String hashVerifier); + + void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry emptyEntry); } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java index 46c0e305d..5fef7c098 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java @@ -30,6 +30,7 @@ private static final class InstanceHolder { static final GrpcClientRequestReplayHelper instance = new GrpcClientRequestReplayHelper(); } + //TODO Update MicrosService Arch public void resetIASTProcessing() { rejectedIds.addAll(processedIds.keySet()); processedIds.clear(); @@ -94,6 +95,7 @@ public Set getPendingIds() { } public void registerEventForProcessedCC(String controlCommandId, String eventId) { + //TODO Update MicrosService Arch if(StringUtils.isAnyBlank(controlCommandId, eventId)){ return; } @@ -104,6 +106,7 @@ public void registerEventForProcessedCC(String controlCommandId, String eventId) } public void removeFromProcessedCC(String controlCommandId) { + //TODO Update MicrosService Arch if(StringUtils.isNotBlank(controlCommandId)){ processedIds.remove(controlCommandId); } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java index 8217daf9a..c3d44f0c5 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java @@ -1,10 +1,7 @@ package com.newrelic.api.agent.security.instrumentation.helpers; import com.newrelic.api.agent.security.NewRelicSecurity; -import com.newrelic.api.agent.security.schema.APIRecordStatus; -import com.newrelic.api.agent.security.schema.K2RequestIdentifier; -import com.newrelic.api.agent.security.schema.SecurityMetaData; -import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.*; import com.newrelic.api.agent.security.utils.logging.LogLevel; import java.io.File; @@ -13,10 +10,7 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Paths; -import java.util.Arrays; -import java.util.HashSet; -import java.util.List; -import java.util.Set; +import java.util.*; import java.util.concurrent.ConcurrentHashMap; public class ServletHelper { @@ -33,6 +27,7 @@ public class ServletHelper { public static final String SERVLET_GET_WRITER_OPERATION_LOCK = "SERVLET_GET_WRITER_OPERATION_LOCK-"; public static final String NR_SEC_HTTP_SESSION_ATTRIB_NAME = "NR-CSEC-HTTP-SESSION-"; public static final String NR_SEC_HTTP_SERVLET_RESPONSE_ATTRIB_NAME = "NR-CSEC-HTTP-SERVLET-RESPONSE-"; + public static final String SEPARATOR_COLON = ":"; private static Set filesToRemove = ConcurrentHashMap.newKeySet(); private static final Set unsupportedContentType = new HashSet() {{ @@ -83,7 +78,8 @@ public static K2RequestIdentifier parseFuzzRequestIdentifierHeader(String reques String[] data = StringUtils.splitByWholeSeparatorWorker(requestHeaderVal, SEPARATOR_SEMICOLON, -1, false); if (data.length >= 5) { - k2RequestIdentifierInstance.setApiRecordId(data[0].trim()); + k2RequestIdentifierInstance.setOriginEntityGuid(StringUtils.substringBefore(data[0].trim(), SEPARATOR_COLON)); + k2RequestIdentifierInstance.setApiRecordId(StringUtils.substringAfterLast(data[0].trim(), SEPARATOR_COLON)); k2RequestIdentifierInstance.setRefId(data[1].trim()); k2RequestIdentifierInstance.setRefValue(data[2].trim()); k2RequestIdentifierInstance.setNextStage(APIRecordStatus.valueOf(data[3].trim())); @@ -198,4 +194,31 @@ public static boolean isResponseContentTypeExcluded( String responseContentType) } return unsupportedContentType.contains(responseContentType); } + + public static FuzzRequestEmptyEntry iastDataRequestAddEmptyEntry(K2RequestIdentifier requestIdentifier, String traceHeader, String csecParentId) { + String originAppUUID = getOriginAppUUID(traceHeader); + requestIdentifier.setOriginApplicationUUID(originAppUUID); + return new FuzzRequestEmptyEntry(originAppUUID, requestIdentifier.getOriginEntityGuid(), csecParentId); + } + + private static String getOriginAppUUID(String traceHeader) { + if(StringUtils.isNotBlank(traceHeader)) { + return StringUtils.substringBefore(traceHeader, "/"); + } + return StringUtils.EMPTY; + } + + /** + * This method should be called only after parseFuzzRequestIdentifierHeader + * */ + public static String getTraceHeader(Map headers) { + String data = StringUtils.EMPTY; + if (headers.containsKey(CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { + data = headers.get(CSEC_DISTRIBUTED_TRACING_HEADER); + if (data == null || data.trim().isEmpty()) { + data = headers.get(CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()); + } + } + return data; + } } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/FuzzRequestEmptyEntry.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/FuzzRequestEmptyEntry.java new file mode 100644 index 000000000..e4a81b9fd --- /dev/null +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/FuzzRequestEmptyEntry.java @@ -0,0 +1,40 @@ +package com.newrelic.api.agent.security.schema; + +public class FuzzRequestEmptyEntry { + + private String originAppUuid; + + private String originEntityGuid; + + private String controlCommandId; + + public FuzzRequestEmptyEntry(String originAppUuid, String originEntityGuid, String controlCommandId) { + this.originAppUuid = originAppUuid; + this.originEntityGuid = originEntityGuid; + this.controlCommandId = controlCommandId; + } + + public String getOriginAppUuid() { + return originAppUuid; + } + + public void setOriginAppUuid(String originAppUuid) { + this.originAppUuid = originAppUuid; + } + + public String getOriginEntityGuid() { + return originEntityGuid; + } + + public void setOriginEntityGuid(String originEntityGuid) { + this.originEntityGuid = originEntityGuid; + } + + public String getControlCommandId() { + return controlCommandId; + } + + public void setControlCommandId(String controlCommandId) { + this.controlCommandId = controlCommandId; + } +} diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/K2RequestIdentifier.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/K2RequestIdentifier.java index b690fb7f6..75dbec5db 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/K2RequestIdentifier.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/K2RequestIdentifier.java @@ -14,6 +14,10 @@ public class K2RequestIdentifier { private String refKey; private List tempFiles; + private String originApplicationUUID; + + private String originEntityGuid; + public K2RequestIdentifier() { k2Request = false; tempFiles = new ArrayList<>(); @@ -32,6 +36,8 @@ public K2RequestIdentifier(K2RequestIdentifier k2RequestIdentifierInstance) { this.tempFiles = new ArrayList<>(k2RequestIdentifierInstance.tempFiles); } this.raw = (StringUtils.isNotBlank(k2RequestIdentifierInstance.raw)) ? new String(k2RequestIdentifierInstance.raw) : null; + this.originApplicationUUID = (StringUtils.isNotBlank(k2RequestIdentifierInstance.originApplicationUUID)) ? new String(k2RequestIdentifierInstance.originApplicationUUID) : null; + this.originEntityGuid = (StringUtils.isNotBlank(k2RequestIdentifierInstance.originEntityGuid)) ? new String(k2RequestIdentifierInstance.originEntityGuid) : null; } public String getRefId() { @@ -111,4 +117,20 @@ public String getRefKey() { public void setRefKey(String refKey) { this.refKey = refKey; } + + public String getOriginApplicationUUID() { + return originApplicationUUID; + } + + public void setOriginApplicationUUID(String originApplicationUUID) { + this.originApplicationUUID = originApplicationUUID; + } + + public String getOriginEntityGuid() { + return originEntityGuid; + } + + public void setOriginEntityGuid(String originEntityGuid) { + this.originEntityGuid = originEntityGuid; + } } From 11f6641cd07fa08d08f95ca05cfcc7e14e8eff47 Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Wed, 8 May 2024 19:44:50 +0530 Subject: [PATCH 2/6] push CC in error when response of rest client is 4xx --- .../instrumentator/httpclient/RestRequestThreadPool.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java index 558ae5881..4f9523b19 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java @@ -79,7 +79,9 @@ protected void afterExecute(Runnable r, Throwable t) { if (r instanceof CustomFutureTask && ((CustomFutureTask) r).getTask() instanceof RestRequestProcessor) { RestRequestProcessor task = (RestRequestProcessor) ((CustomFutureTask) r).getTask(); controlCommandId = task.getControlCommand().getId(); - if(task.isSuccessful()){ + if(task.isSuccessful() && 500 < task.getResponseCode() && task.getResponseCode() >= 400){ + errorInReplay.add(controlCommandId); + } else if (task.isSuccessful()) { completedReplay.add(controlCommandId); } else if (task.isExceptionRaised() && task.getError() instanceof InterruptedIOException) { clearFromPending.add(controlCommandId); From 4b2e995de5a9371df48b3bf3b6bad377a556f4f9 Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Fri, 17 May 2024 22:18:04 +0530 Subject: [PATCH 3/6] Support for micro service arch in GRPC architecture Co-authored-by: Ishika Dawda --- gradle.properties | 2 +- .../http/scaladsl/server/AkkaCoreUtils.java | 4 +- .../akka/http/scaladsl/AkkaCoreUtils.java | 3 +- .../akka/http/scaladsl/AkkaCoreUtils.java | 3 +- .../akka/http/scaladsl/AkkaCoreUtils.java | 4 +- .../grpc1220/GrpcServerUtils.java | 3 +- .../grpc1220/client/GrpcClient.java | 14 ++- .../processor/GrpcRequestProcessor.java | 74 ++++++++++----- .../processor/GrpcRequestThreadPool.java | 25 +++--- .../grpc140/GrpcServerUtils.java | 4 +- .../grpc140/client/GrpcClient.java | 14 ++- .../processor/GrpcRequestProcessor.java | 70 ++++++++++----- .../processor/GrpcRequestThreadPool.java | 24 ++--- .../grpc1400/GrpcServerUtils.java | 5 +- .../grpc1400/client/GrpcClient.java | 15 +++- .../processor/GrpcRequestProcessor.java | 74 ++++++++++----- .../processor/GrpcRequestThreadPool.java | 24 ++--- .../jersey2/HttpRequestHelper.java | 7 +- .../jersey2/HttpRequestHelper.java | 7 +- .../jersey2/HttpRequestHelper.java | 7 +- .../jetty11/HttpServletHelper.java | 4 +- .../jetty12/server/HttpServletHelper.java | 4 +- .../jetty9/HttpServletHelper.java | 4 +- ...ttpRequestToMuleEvent_Instrumentation.java | 3 +- .../async/RequestHandler_Instrumentation.java | 3 +- ...ttpRequestToMuleEvent_Instrumentation.java | 3 +- .../async/RequestHandler_Instrumentation.java | 3 +- .../servlet/FilterChain_Instrumentation.java | 3 +- .../javax/servlet/Filter_Instrumentation.java | 3 +- .../servlet/Servlet_Instrumentation.java | 3 +- .../servlet/FilterChain_Instrumentation.java | 3 +- .../servlet/Filter_Instrumentation.java | 3 +- .../servlet/Servlet_Instrumentation.java | 3 +- .../servlet/FilterChain_Instrumentation.java | 3 +- .../servlet/Filter_Instrumentation.java | 3 +- .../servlet/Servlet_Instrumentation.java | 3 +- .../httpserver/Filter_Instrumentation.java | 3 +- .../HttpHandler_Instrumentation.java | 3 +- .../dispatcher/DispatcherPool.java | 7 +- .../IASTDataTransferRequestProcessor.java | 46 ++++++++-- .../httpclient/RestRequestThreadPool.java | 20 ++--- .../ControlCommandProcessor.java | 15 +++- .../newrelic/api/agent/security/Agent.java | 22 ++++- .../newrelic/api/agent/security/Agent.java | 4 +- .../api/agent/security/NoOpAgent.java | 4 +- .../api/agent/security/SecurityAgent.java | 3 +- .../GrpcClientRequestReplayHelper.java | 90 ++++++++++++++----- .../security/schema/RequestCategory.java | 9 ++ 48 files changed, 448 insertions(+), 212 deletions(-) create mode 100644 newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/RequestCategory.java diff --git a/gradle.properties b/gradle.properties index 808489c5a..60f520ebb 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,5 +1,5 @@ # The agent version. -agentVersion=1.2.1 +agentVersion=1.4.0 jsonVersion=2.0.0 # Updated exposed NR APM API version. nrAPIVersion=8.4.0 diff --git a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java index 2d6c3c0ee..f35eae777 100644 --- a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java @@ -8,6 +8,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; @@ -16,7 +17,6 @@ import com.newrelic.api.agent.security.utils.logging.LogLevel; import java.util.Iterator; -import java.util.Map; import java.util.NoSuchElementException; public class AkkaCoreUtils { @@ -116,7 +116,7 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); diff --git a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index 4941f6bbb..6a616a40c 100644 --- a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -8,6 +8,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; @@ -121,7 +122,7 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), - securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); diff --git a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index ce4ca328e..19cad3b35 100644 --- a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -8,6 +8,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; @@ -120,7 +121,7 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); diff --git a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index fbd0018a1..5c64cc160 100644 --- a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -1,6 +1,5 @@ package akka.http.scaladsl; -import akka.Done; import akka.http.javadsl.model.HttpHeader; import akka.http.scaladsl.model.HttpRequest; import com.newrelic.api.agent.Token; @@ -9,6 +8,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; @@ -120,7 +120,7 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(getProtocol(httpRequest.protocol().value())); diff --git a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java index a225f67f6..9de43eeba 100644 --- a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcServerUtils.java @@ -8,6 +8,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -72,7 +73,7 @@ public static void preprocessSecurityHook(ServerStream_Instrumentat securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.GRPC); if (call.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION) != null) { securityRequest.setProtocol("https"); diff --git a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/client/GrpcClient.java b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/client/GrpcClient.java index 54e02b882..1e66f55ef 100644 --- a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/client/GrpcClient.java +++ b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/client/GrpcClient.java @@ -7,6 +7,7 @@ import com.google.protobuf.Message; import com.google.protobuf.util.JsonFormat; import com.newrelic.agent.security.instrumentation.grpc1220.GrpcServerUtils; +import com.newrelic.agent.security.instrumentation.grpc1220.processor.GrpcRequestProcessor; import com.newrelic.api.agent.security.NewRelicSecurity; import com.newrelic.api.agent.security.instrumentation.helpers.GrpcHelper; import com.newrelic.api.agent.security.schema.ControlCommandDto; @@ -55,7 +56,9 @@ protected ManagedChannel initialValue() { } }; - public Object fireRequest(ControlCommandDto controlCommandDto, int repeatCount) { + public Object fireRequest(GrpcRequestProcessor grpcRequestProcessor) { + ControlCommandDto controlCommandDto = grpcRequestProcessor.getControlCommandDto(); + int repeatCount = grpcRequestProcessor.getRepeatCount(); try { FuzzRequestBean requestBean = controlCommandDto.getRequestBean(); List payloads = controlCommandDto.getRequestPayloads(); @@ -82,13 +85,20 @@ public Object fireRequest(ControlCommandDto controlCommandDto, int repeatCount) isSuccess = customBiDiStream(channel, requestBean, payloads); break; } + grpcRequestProcessor.setSuccessful(true); + return isSuccess; } catch (InterruptedException e) { + grpcRequestProcessor.setExceptionRaised(true); + grpcRequestProcessor.setError(e); + if (repeatCount >= 0) { - return fireRequest(controlCommandDto, --repeatCount); + return fireRequest(grpcRequestProcessor); } return false; } catch (Throwable e) { + grpcRequestProcessor.setExceptionRaised(true); + grpcRequestProcessor.setError(e); return e; } } diff --git a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestProcessor.java b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestProcessor.java index b81f9444b..97808a7d5 100644 --- a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestProcessor.java +++ b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestProcessor.java @@ -1,13 +1,9 @@ package com.newrelic.agent.security.instrumentation.grpc1220.processor; import com.newrelic.agent.security.instrumentation.grpc1220.client.GrpcClient; -import com.newrelic.api.agent.security.NewRelicSecurity; -import com.newrelic.api.agent.security.instrumentation.helpers.GrpcClientRequestReplayHelper; import com.newrelic.api.agent.security.schema.ControlCommandDto; -import com.newrelic.api.agent.security.utils.logging.LogLevel; import java.util.concurrent.Callable; -import java.util.concurrent.Future; public class GrpcRequestProcessor implements Callable { public static final String CALL_FAILED_REQUEST_S_REASON = "Call failed : request %s reason : "; @@ -15,6 +11,14 @@ public class GrpcRequestProcessor implements Callable { private int repeatCount; private static final int MAX_REPETITION = 3; + private boolean isSuccessful = false; + + private int responseCode; + + private boolean exceptionRaised = false; + + private Throwable error; + public GrpcRequestProcessor(ControlCommandDto controlCommandDto, int repeatCount) { this.controlCommandDto = controlCommandDto; this.repeatCount = repeatCount; @@ -22,33 +26,55 @@ public GrpcRequestProcessor(ControlCommandDto controlCommandDto, int repeatCount @Override public Object call() throws Exception { - return GrpcClient.getInstance().fireRequest(controlCommandDto, repeatCount); + return GrpcClient.getInstance().fireRequest(this); } public static void executeGrpcRequest(ControlCommandDto controlCommandDto) { - Future future = GrpcRequestThreadPool.getInstance().executor + GrpcRequestThreadPool.getInstance().executor .submit(new GrpcRequestProcessor(controlCommandDto, MAX_REPETITION)); - try { - Object futureResult = future.get(); - if (futureResult instanceof Throwable) { - NewRelicSecurity.getAgent().log(LogLevel.FINER, String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getRequestBean()), (Throwable) futureResult, GrpcClient.class.getName()); - NewRelicSecurity.getAgent().reportIncident(LogLevel.WARNING, - String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getId()), - (Throwable) futureResult, GrpcClient.class.getName()); - GrpcClientRequestReplayHelper.getInstance().addFuzzFailEventToQueue(controlCommandDto.getRequestBean(), (Throwable) futureResult); - } else { - GrpcClientRequestReplayHelper.getInstance().getPendingIds().remove(controlCommandDto.getId()); - } - } catch (Throwable e) { - NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getRequestBean()), e, GrpcRequestProcessor.class.getName()); - NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, - String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getId()), - e, GrpcRequestProcessor.class.getName()); - GrpcClientRequestReplayHelper.getInstance().addFuzzFailEventToQueue(controlCommandDto.getRequestBean(), e); - } } public ControlCommandDto getPartialControlCommand() { return controlCommandDto; } + + public boolean isSuccessful() { + return isSuccessful; + } + + public void setSuccessful(boolean successful) { + isSuccessful = successful; + } + + public int getResponseCode() { + return responseCode; + } + + public void setResponseCode(int responseCode) { + this.responseCode = responseCode; + } + + public boolean isExceptionRaised() { + return exceptionRaised; + } + + public void setExceptionRaised(boolean exceptionRaised) { + this.exceptionRaised = exceptionRaised; + } + + public Throwable getError() { + return error; + } + + public void setError(Throwable error) { + this.error = error; + } + + public ControlCommandDto getControlCommandDto() { + return controlCommandDto; + } + + public int getRepeatCount() { + return repeatCount; + } } \ No newline at end of file diff --git a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestThreadPool.java b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestThreadPool.java index 178defe2c..ac03062c2 100644 --- a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestThreadPool.java +++ b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestThreadPool.java @@ -5,10 +5,9 @@ import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.security.utils.logging.LogLevel; -import java.util.HashSet; +import java.io.InterruptedIOException; import java.util.concurrent.BlockingQueue; import java.util.concurrent.Callable; -import java.util.concurrent.ExecutionException; import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.RunnableFuture; import java.util.concurrent.ThreadFactory; @@ -50,21 +49,23 @@ protected void afterExecute(Runnable r, Throwable t) { GrpcClientRequestReplayHelper.getInstance().setInProcessRequestQueue(getQueue()); controlCommandId = null; if (r instanceof CustomFutureTask && ((CustomFutureTask) r).getTask() instanceof GrpcRequestProcessor) { - Object result = (Object) ((CustomFutureTask) r).get(); GrpcRequestProcessor task = (GrpcRequestProcessor) ((CustomFutureTask) r).getTask(); controlCommandId = task.getPartialControlCommand().getId(); - if (t != null || result != null) { - if (StringUtils.isNotBlank(controlCommandId)) { - GrpcClientRequestReplayHelper.getInstance().getRejectedIds().add(controlCommandId); - } + + if (task.isSuccessful()) { + GrpcClientRequestReplayHelper.getInstance().getCompletedReplay().add(controlCommandId); + } else if (task.isExceptionRaised() && task.getError() instanceof InterruptedIOException) { + GrpcClientRequestReplayHelper.getInstance().getClearFromPending().add(controlCommandId); + } else if(task.isExceptionRaised()) { + GrpcClientRequestReplayHelper.getInstance().getErrorInReplay().add(controlCommandId); } else { - GrpcClientRequestReplayHelper.getInstance().getProcessedIds().putIfAbsent(controlCommandId, new HashSet<>()); + GrpcClientRequestReplayHelper.getInstance().getClearFromPending().add(controlCommandId); + } + if (StringUtils.isBlank(controlCommandId)) { + GrpcClientRequestReplayHelper.getInstance().getRejectedIds().add(controlCommandId); } } - if (StringUtils.isNotBlank(controlCommandId)) { - GrpcClientRequestReplayHelper.getInstance().getPendingIds().remove(controlCommandId); - } - } catch (InterruptedException | ExecutionException ignored) { + } catch (Exception ignored) { } } diff --git a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java index d04a458b1..694bd3b9e 100644 --- a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcServerUtils.java @@ -8,6 +8,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -22,7 +23,6 @@ import java.net.URISyntaxException; import java.util.Arrays; import java.util.HashSet; -import java.util.Map; import java.util.Set; public class GrpcServerUtils { @@ -72,7 +72,7 @@ public static void preprocessSecurityHook(ServerStream_Instrumentat securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.GRPC); if (call.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION) != null) { securityRequest.setProtocol("https"); diff --git a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/client/GrpcClient.java b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/client/GrpcClient.java index 774550bf5..ce19b06c6 100644 --- a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/client/GrpcClient.java +++ b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/client/GrpcClient.java @@ -7,6 +7,7 @@ import com.google.protobuf.Message; import com.google.protobuf.util.JsonFormat; import com.newrelic.agent.security.instrumentation.grpc140.GrpcServerUtils; +import com.newrelic.agent.security.instrumentation.grpc140.processor.GrpcRequestProcessor; import com.newrelic.api.agent.security.NewRelicSecurity; import com.newrelic.api.agent.security.instrumentation.helpers.GrpcHelper; import com.newrelic.api.agent.security.schema.ControlCommandDto; @@ -55,7 +56,9 @@ protected ManagedChannel initialValue() { } }; - public Object fireRequest(ControlCommandDto controlCommandDto, int repeatCount) { + public Object fireRequest(GrpcRequestProcessor grpcRequestProcessor) { + ControlCommandDto controlCommandDto = grpcRequestProcessor.getControlCommandDto(); + int repeatCount = grpcRequestProcessor.getRepeatCount(); try { FuzzRequestBean requestBean = controlCommandDto.getRequestBean(); List payloads = controlCommandDto.getRequestPayloads(); @@ -82,13 +85,20 @@ public Object fireRequest(ControlCommandDto controlCommandDto, int repeatCount) isSuccess = customBiDiStream(channel, requestBean, payloads); break; } + grpcRequestProcessor.setSuccessful(true); + return isSuccess; } catch (InterruptedException e) { + grpcRequestProcessor.setExceptionRaised(true); + grpcRequestProcessor.setError(e); + if (repeatCount >= 0) { - return fireRequest(controlCommandDto, --repeatCount); + return fireRequest(grpcRequestProcessor); } return false; } catch (Throwable e) { + grpcRequestProcessor.setExceptionRaised(true); + grpcRequestProcessor.setError(e); return e; } } diff --git a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestProcessor.java b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestProcessor.java index 242b46e43..6524ea72e 100644 --- a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestProcessor.java +++ b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestProcessor.java @@ -15,6 +15,14 @@ public class GrpcRequestProcessor implements Callable { private int repeatCount; private static final int MAX_REPETITION = 3; + private boolean isSuccessful = false; + + private int responseCode; + + private boolean exceptionRaised = false; + + private Throwable error; + public GrpcRequestProcessor(ControlCommandDto controlCommandDto, int repeatCount) { this.controlCommandDto = controlCommandDto; this.repeatCount = repeatCount; @@ -22,33 +30,55 @@ public GrpcRequestProcessor(ControlCommandDto controlCommandDto, int repeatCount @Override public Object call() throws Exception { - return GrpcClient.getInstance().fireRequest(controlCommandDto, repeatCount); + return GrpcClient.getInstance().fireRequest(this); } public static void executeGrpcRequest(ControlCommandDto controlCommandDto) { - Future future = GrpcRequestThreadPool.getInstance().executor + GrpcRequestThreadPool.getInstance().executor .submit(new GrpcRequestProcessor(controlCommandDto, MAX_REPETITION)); - try { - Object futureResult = future.get(); - if (futureResult instanceof Throwable) { - NewRelicSecurity.getAgent().log(LogLevel.FINER, String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getRequestBean()), (Throwable) futureResult, GrpcClient.class.getName()); - NewRelicSecurity.getAgent().reportIncident(LogLevel.WARNING, - String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getId()), - (Throwable) futureResult, GrpcClient.class.getName()); - GrpcClientRequestReplayHelper.getInstance().addFuzzFailEventToQueue(controlCommandDto.getRequestBean(), (Throwable) futureResult); - } else { - GrpcClientRequestReplayHelper.getInstance().getPendingIds().remove(controlCommandDto.getId()); - } - } catch (Throwable e) { - NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getRequestBean()), e, GrpcRequestProcessor.class.getName()); - NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, - String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getId()), - e, GrpcRequestProcessor.class.getName()); - GrpcClientRequestReplayHelper.getInstance().addFuzzFailEventToQueue(controlCommandDto.getRequestBean(), e); - } } public ControlCommandDto getPartialControlCommand() { return controlCommandDto; } + + public boolean isSuccessful() { + return isSuccessful; + } + + public void setSuccessful(boolean successful) { + isSuccessful = successful; + } + + public int getResponseCode() { + return responseCode; + } + + public void setResponseCode(int responseCode) { + this.responseCode = responseCode; + } + + public boolean isExceptionRaised() { + return exceptionRaised; + } + + public void setExceptionRaised(boolean exceptionRaised) { + this.exceptionRaised = exceptionRaised; + } + + public Throwable getError() { + return error; + } + + public void setError(Throwable error) { + this.error = error; + } + + public ControlCommandDto getControlCommandDto() { + return controlCommandDto; + } + + public int getRepeatCount() { + return repeatCount; + } } \ No newline at end of file diff --git a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestThreadPool.java b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestThreadPool.java index a2e8fceef..3dd7014ed 100644 --- a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestThreadPool.java +++ b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestThreadPool.java @@ -5,10 +5,9 @@ import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.security.utils.logging.LogLevel; -import java.util.HashSet; +import java.io.InterruptedIOException; import java.util.concurrent.BlockingQueue; import java.util.concurrent.Callable; -import java.util.concurrent.ExecutionException; import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.RunnableFuture; import java.util.concurrent.ThreadFactory; @@ -50,21 +49,22 @@ protected void afterExecute(Runnable r, Throwable t) { GrpcClientRequestReplayHelper.getInstance().setInProcessRequestQueue(getQueue()); controlCommandId = null; if (r instanceof CustomFutureTask && ((CustomFutureTask) r).getTask() instanceof GrpcRequestProcessor) { - Object result = (Object) ((CustomFutureTask) r).get(); GrpcRequestProcessor task = (GrpcRequestProcessor) ((CustomFutureTask) r).getTask(); controlCommandId = task.getPartialControlCommand().getId(); - if (t != null || result != null) { - if (StringUtils.isNotBlank(controlCommandId)) { - GrpcClientRequestReplayHelper.getInstance().getRejectedIds().add(controlCommandId); - } + if (task.isSuccessful()) { + GrpcClientRequestReplayHelper.getInstance().getCompletedReplay().add(controlCommandId); + } else if (task.isExceptionRaised() && task.getError() instanceof InterruptedIOException) { + GrpcClientRequestReplayHelper.getInstance().getClearFromPending().add(controlCommandId); + } else if(task.isExceptionRaised()) { + GrpcClientRequestReplayHelper.getInstance().getErrorInReplay().add(controlCommandId); } else { - GrpcClientRequestReplayHelper.getInstance().getProcessedIds().putIfAbsent(controlCommandId, new HashSet<>()); + GrpcClientRequestReplayHelper.getInstance().getClearFromPending().add(controlCommandId); + } + if (StringUtils.isBlank(controlCommandId)) { + GrpcClientRequestReplayHelper.getInstance().getRejectedIds().add(controlCommandId); } } - if (StringUtils.isNotBlank(controlCommandId)) { - GrpcClientRequestReplayHelper.getInstance().getPendingIds().remove(controlCommandId); - } - } catch (InterruptedException | ExecutionException ignored) { + } catch (Exception ignored) { } } diff --git a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java index ba1dcc71c..68cb208cf 100644 --- a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java +++ b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.java @@ -8,6 +8,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -21,7 +22,6 @@ import java.net.URI; import java.net.URISyntaxException; import java.util.HashSet; -import java.util.Map; import java.util.Set; public class GrpcServerUtils { @@ -71,7 +71,8 @@ public static void preprocessSecurityHook(ServerStream_Instrumentat securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)) + , RequestCategory.GRPC); if (call.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION) != null) { securityRequest.setProtocol("https"); diff --git a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/client/GrpcClient.java b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/client/GrpcClient.java index cc544b482..3ade38035 100644 --- a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/client/GrpcClient.java +++ b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/client/GrpcClient.java @@ -7,6 +7,7 @@ import com.google.protobuf.Message; import com.google.protobuf.util.JsonFormat; import com.newrelic.agent.security.instrumentation.grpc1400.GrpcServerUtils; +import com.newrelic.agent.security.instrumentation.grpc1400.processor.GrpcRequestProcessor; import com.newrelic.api.agent.security.NewRelicSecurity; import com.newrelic.api.agent.security.instrumentation.helpers.GrpcHelper; import com.newrelic.api.agent.security.schema.ControlCommandDto; @@ -56,8 +57,10 @@ protected ManagedChannel initialValue() { } }; - public Object fireRequest(ControlCommandDto controlCommandDto, int repeatCount) { + public Object fireRequest(GrpcRequestProcessor grpcRequestProcessor) { FuzzRequestBean requestBean = null; + ControlCommandDto controlCommandDto = grpcRequestProcessor.getControlCommandDto(); + int repeatCount = grpcRequestProcessor.getRepeatCount(); try { requestBean = controlCommandDto.getRequestBean(); List payloads = controlCommandDto.getRequestPayloads(); @@ -84,13 +87,21 @@ public Object fireRequest(ControlCommandDto controlCommandDto, int repeatCount) isSuccess = customBiDiStream(channel, requestBean, payloads); break; } + grpcRequestProcessor.setSuccessful(true); + return isSuccess; } catch (InterruptedException e) { + grpcRequestProcessor.setExceptionRaised(true); + grpcRequestProcessor.setError(e); + if (repeatCount >= 0) { - return fireRequest(controlCommandDto, --repeatCount); + return fireRequest(grpcRequestProcessor); } return false; } catch (Throwable e) { + grpcRequestProcessor.setExceptionRaised(true); + grpcRequestProcessor.setError(e); + return e; } } diff --git a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestProcessor.java b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestProcessor.java index f9321adad..72a7b5bf0 100644 --- a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestProcessor.java +++ b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestProcessor.java @@ -1,13 +1,9 @@ package com.newrelic.agent.security.instrumentation.grpc1400.processor; import com.newrelic.agent.security.instrumentation.grpc1400.client.GrpcClient; -import com.newrelic.api.agent.security.NewRelicSecurity; -import com.newrelic.api.agent.security.instrumentation.helpers.GrpcClientRequestReplayHelper; import com.newrelic.api.agent.security.schema.ControlCommandDto; -import com.newrelic.api.agent.security.utils.logging.LogLevel; import java.util.concurrent.Callable; -import java.util.concurrent.Future; public class GrpcRequestProcessor implements Callable { public static final String CALL_FAILED_REQUEST_S_REASON = "Call failed : request %s reason : "; @@ -15,6 +11,14 @@ public class GrpcRequestProcessor implements Callable { private int repeatCount; private static final int MAX_REPETITION = 3; + private boolean isSuccessful = false; + + private int responseCode; + + private boolean exceptionRaised = false; + + private Throwable error; + public GrpcRequestProcessor(ControlCommandDto controlCommandDto, int repeatCount) { this.controlCommandDto = controlCommandDto; this.repeatCount = repeatCount; @@ -22,33 +26,55 @@ public GrpcRequestProcessor(ControlCommandDto controlCommandDto, int repeatCount @Override public Object call() throws Exception { - return GrpcClient.getInstance().fireRequest(controlCommandDto, repeatCount); + return GrpcClient.getInstance().fireRequest(this); } public static void executeGrpcRequest(ControlCommandDto controlCommandDto) { - Future future = GrpcRequestThreadPool.getInstance().executor + GrpcRequestThreadPool.getInstance().executor .submit(new GrpcRequestProcessor(controlCommandDto, MAX_REPETITION)); - try { - Object futureResult = future.get(); - if (futureResult instanceof Throwable) { - NewRelicSecurity.getAgent().log(LogLevel.FINER, String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getRequestBean()), (Throwable) futureResult, GrpcClient.class.getName()); - NewRelicSecurity.getAgent().reportIncident(LogLevel.WARNING, - String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getId()), - (Throwable) futureResult, GrpcClient.class.getName()); - GrpcClientRequestReplayHelper.getInstance().addFuzzFailEventToQueue(controlCommandDto.getRequestBean(), (Throwable) futureResult); - } else { - GrpcClientRequestReplayHelper.getInstance().getPendingIds().remove(controlCommandDto.getId()); - } - } catch (Throwable e) { - NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getRequestBean()), e, GrpcRequestProcessor.class.getName()); - NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, - String.format(CALL_FAILED_REQUEST_S_REASON, controlCommandDto.getId()), - e, GrpcRequestProcessor.class.getName()); - GrpcClientRequestReplayHelper.getInstance().addFuzzFailEventToQueue(controlCommandDto.getRequestBean(), e); - } } public ControlCommandDto getPartialControlCommand() { return controlCommandDto; } + + public void setSuccessful(boolean successful) { + isSuccessful = successful; + } + + public void setResponseCode(int responseCode) { + this.responseCode = responseCode; + } + + public void setExceptionRaised(boolean exceptionRaised) { + this.exceptionRaised = exceptionRaised; + } + + public void setError(Throwable error) { + this.error = error; + } + + public ControlCommandDto getControlCommandDto() { + return controlCommandDto; + } + + public int getRepeatCount() { + return repeatCount; + } + + public boolean isSuccessful() { + return isSuccessful; + } + + public int getResponseCode() { + return responseCode; + } + + public boolean isExceptionRaised() { + return exceptionRaised; + } + + public Throwable getError() { + return error; + } } \ No newline at end of file diff --git a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestThreadPool.java b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestThreadPool.java index 1e23a656b..9b0445fd5 100644 --- a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestThreadPool.java +++ b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestThreadPool.java @@ -5,10 +5,9 @@ import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.security.utils.logging.LogLevel; -import java.util.HashSet; +import java.io.InterruptedIOException; import java.util.concurrent.BlockingQueue; import java.util.concurrent.Callable; -import java.util.concurrent.ExecutionException; import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.RunnableFuture; import java.util.concurrent.ThreadFactory; @@ -47,21 +46,22 @@ protected void afterExecute(Runnable r, Throwable t) { GrpcClientRequestReplayHelper.getInstance().setInProcessRequestQueue(getQueue()); String controlCommandId = null; if (r instanceof CustomFutureTask && ((CustomFutureTask) r).getTask() instanceof GrpcRequestProcessor) { - Object result = (Object) ((CustomFutureTask) r).get(); GrpcRequestProcessor task = (GrpcRequestProcessor) ((CustomFutureTask) r).getTask(); controlCommandId = task.getPartialControlCommand().getId(); - if (t != null || result != null) { - if (StringUtils.isNotBlank(controlCommandId)) { - GrpcClientRequestReplayHelper.getInstance().getRejectedIds().add(controlCommandId); - } + if (task.isSuccessful()) { + GrpcClientRequestReplayHelper.getInstance().getCompletedReplay().add(controlCommandId); + } else if (task.isExceptionRaised() && task.getError() instanceof InterruptedIOException) { + GrpcClientRequestReplayHelper.getInstance().getClearFromPending().add(controlCommandId); + } else if(task.isExceptionRaised()) { + GrpcClientRequestReplayHelper.getInstance().getErrorInReplay().add(controlCommandId); } else { - GrpcClientRequestReplayHelper.getInstance().getProcessedIds().putIfAbsent(controlCommandId, new HashSet<>()); + GrpcClientRequestReplayHelper.getInstance().getClearFromPending().add(controlCommandId); + } + if (StringUtils.isBlank(controlCommandId)) { + GrpcClientRequestReplayHelper.getInstance().getRejectedIds().add(controlCommandId); } } - if (StringUtils.isNotBlank(controlCommandId)) { - GrpcClientRequestReplayHelper.getInstance().getPendingIds().remove(controlCommandId); - } - } catch (InterruptedException | ExecutionException e) { + } catch (Exception e) { } } diff --git a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 6264c6ee4..1e5b0235a 100644 --- a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -4,10 +4,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper; import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; -import com.newrelic.api.agent.security.schema.AgentMetaData; -import com.newrelic.api.agent.security.schema.HttpRequest; -import com.newrelic.api.agent.security.schema.SecurityMetaData; -import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.*; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -78,7 +75,7 @@ public static void preprocessSecurityHook(ContainerRequest requestContext) { securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setUrl(requestContext.getRequestUri().toString()); diff --git a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 4f3468aa5..9e9649638 100644 --- a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -4,10 +4,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper; import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; -import com.newrelic.api.agent.security.schema.AgentMetaData; -import com.newrelic.api.agent.security.schema.HttpRequest; -import com.newrelic.api.agent.security.schema.SecurityMetaData; -import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.*; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -80,7 +77,7 @@ public static void preprocessSecurityHook(ContainerRequest requestContext) { securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setUrl(requestContext.getRequestUri().toString()); diff --git a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index a80932212..4eaed52b2 100644 --- a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -4,10 +4,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper; import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; -import com.newrelic.api.agent.security.schema.AgentMetaData; -import com.newrelic.api.agent.security.schema.HttpRequest; -import com.newrelic.api.agent.security.schema.SecurityMetaData; -import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.*; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -78,7 +75,7 @@ public static void preprocessSecurityHook(ContainerRequest requestContext) { securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setUrl(requestContext.getRequestUri().toString()); diff --git a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java index 82c335842..a48724fa2 100644 --- a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java +++ b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -16,7 +17,6 @@ import java.util.Arrays; import java.util.Enumeration; -import java.util.Map; public class HttpServletHelper { @@ -138,7 +138,7 @@ public static void preprocessSecurityHook(HttpServletRequest httpServletRequest) securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java index 8832268de..303a1157c 100644 --- a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java +++ b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -18,7 +19,6 @@ import java.util.Arrays; import java.util.Iterator; -import java.util.Map; import java.util.Set; public class HttpServletHelper { @@ -142,7 +142,7 @@ public static void preprocessSecurityHook(Request request) { securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(request.getHttpURI().getScheme()); diff --git a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java index 5da129373..8268db78a 100644 --- a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java +++ b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -16,7 +17,6 @@ import javax.servlet.http.HttpServletResponse; import java.util.Arrays; import java.util.Enumeration; -import java.util.Map; public class HttpServletHelper { @@ -138,7 +138,7 @@ public static void preprocessSecurityHook(HttpServletRequest httpServletRequest) securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index 101e44fb4..b04f5ce8e 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -72,7 +73,7 @@ private static void preprocessSecurityHook(HttpRequestContext requestContext) { MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index 4af0d5319..820804a28 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -66,7 +67,7 @@ private void preprocessSecurityHook(HttpRequestContext requestContext) { MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index ed68bd37b..fcdd980b4 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -72,7 +73,7 @@ private static void preprocessSecurityHook(HttpRequestContext requestContext) { MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index 9c1c2ad33..d4e48fb62 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -66,7 +67,7 @@ private void preprocessSecurityHook(HttpRequestContext requestContext) { MuleHelper.processHttpRequestHeader(httpRequest, securityRequest); securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(requestContext.getScheme()); securityRequest.setUrl(httpRequest.getUri()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java index ef91005d1..0f05c6ce2 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -69,7 +70,7 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java index 96c187744..cbe1adb55 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Filter_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -71,7 +72,7 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java index ca6959ae0..d26e79ba3 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java @@ -13,6 +13,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -75,7 +76,7 @@ private void preprocessSecurityHook(ServletRequest_Instrumentation request, Serv securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index 6d30b78d9..0ac623d42 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -69,7 +70,7 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index 7586a1043..dd9995cfb 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -70,7 +71,7 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index f1e0e18c5..806a5e606 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -13,6 +13,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -75,7 +76,7 @@ private void preprocessSecurityHook(ServletRequest_Instrumentation request, Serv securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index 757b56f4f..011b1e850 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -69,7 +70,7 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index 8b757e62d..3e40b86d4 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -70,7 +71,7 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index 6a06730bf..a3c4ef79f 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -13,6 +13,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -75,7 +76,7 @@ private void preprocessSecurityHook(ServletRequest_Instrumentation request, Serv securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(httpServletRequest.getScheme()); securityRequest.setUrl(httpServletRequest.getRequestURI()); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java index 6f27c4477..627215040 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -61,7 +62,7 @@ private void preprocessSecurityHook(HttpExchange exchange) { HttpServerHelper.processHttpRequestHeaders(exchange.getRequestHeaders(), securityRequest); securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(HttpServerHelper.getProtocol(exchange)); securityRequest.setUrl(String.valueOf(exchange.getRequestURI())); diff --git a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java index 6ca9fc78e..abc8e25a9 100644 --- a/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java +++ b/instrumentation-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; @@ -61,7 +62,7 @@ private void preprocessSecurityHook(HttpExchange exchange) { HttpServerHelper.processHttpRequestHeaders(exchange.getRequestHeaders(), securityRequest); securityMetaData.setTracingHeaderValue(ServletHelper.getTraceHeader(securityRequest.getHeaders())); - NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class))); + NewRelicSecurity.getAgent().setEmptyIastDataRequestEntry(ServletHelper.iastDataRequestAddEmptyEntry(securityMetaData.getFuzzRequestIdentifier(), securityMetaData.getTracingHeaderValue(), securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class)), RequestCategory.HTTP); securityRequest.setProtocol(HttpServerHelper.getProtocol(exchange)); securityRequest.setUrl(String.valueOf(exchange.getRequestURI())); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java index f9fb4e45f..6bd38f6b5 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/DispatcherPool.java @@ -215,9 +215,12 @@ public void dispatchEvent(AbstractOperation operation, SecurityMetaData security String parentId = securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class); if (StringUtils.isNotBlank(parentId)) { if (securityMetaData.getRequest().getIsGrpc()) { - GrpcClientRequestReplayHelper.getInstance().getProcessedIds().putIfAbsent(parentId, new HashSet<>()); if (StringUtils.equals(securityMetaData.getFuzzRequestIdentifier().getApiRecordId(), operation.getApiID())) { - GrpcClientRequestReplayHelper.getInstance().registerEventForProcessedCC(parentId, operation.getExecutionId()); + String originAppUUID = securityMetaData.getFuzzRequestIdentifier().getOriginApplicationUUID(); + if(StringUtils.isBlank(originAppUUID)){ + originAppUUID = AgentInfo.getInstance().getApplicationUUID(); + } + GrpcClientRequestReplayHelper.getInstance().registerEventForProcessedCC(parentId, operation.getExecutionId(), originAppUUID); } } else { if (StringUtils.equals(securityMetaData.getFuzzRequestIdentifier().getApiRecordId(), operation.getApiID())) { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java index d51431777..4177fffc8 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/IASTDataTransferRequestProcessor.java @@ -13,6 +13,7 @@ import java.time.Instant; import java.util.HashMap; +import java.util.HashSet; import java.util.Map; import java.util.Set; import java.util.concurrent.Executors; @@ -73,7 +74,6 @@ private void task() { int currentFetchThreshold = NewRelic.getAgent().getConfig() .getValue(SECURITY_POLICY_VULNERABILITY_SCAN_IAST_SCAN_PROBING_THRESHOLD, 300); - //TODO Update MicrosService Arch int remainingRecordCapacityRest = RestRequestThreadPool.getInstance().getQueue().remainingCapacity(); int currentRecordBacklogRest = RestRequestThreadPool.getInstance().getQueue().size(); int remainingRecordCapacityGrpc = GrpcClientRequestReplayHelper.getInstance().getRequestQueue().remainingCapacity(); @@ -92,9 +92,9 @@ private void task() { request.setBatchSize(batchSize); request.setGeneratedEvent(getEffectiveCompletedRequests()); - request.setClearFromPending(RestRequestThreadPool.getInstance().getClearFromPending()); - request.setCompletedReplay(RestRequestThreadPool.getInstance().getCompletedReplay()); - request.setErrorInReplay(RestRequestThreadPool.getInstance().getErrorInReplay()); + request.setClearFromPending(getEffectiveClearFromPending()); + request.setCompletedReplay(getEffectiveCompletedReplay()); + request.setErrorInReplay(getEffectiveErrorInReplay()); WSClient.getInstance().send(request.toString()); } } catch (Throwable e) { @@ -104,20 +104,52 @@ private void task() { } } + private Set getEffectiveErrorInReplay() { + Set errorInReplay = new HashSet<>(); + errorInReplay.addAll(RestRequestThreadPool.getInstance().getErrorInReplay()); + errorInReplay.addAll(GrpcClientRequestReplayHelper.getInstance().getErrorInReplay()); + return errorInReplay; + } + + private Set getEffectiveCompletedReplay() { + Set effectiveReplay = new HashSet<>(); + effectiveReplay.addAll(RestRequestThreadPool.getInstance().getCompletedReplay()); + effectiveReplay.addAll(GrpcClientRequestReplayHelper.getInstance().getCompletedReplay()); + return effectiveReplay; + } + + private Set getEffectiveClearFromPending() { + Set effectiveClearFromPending = new HashSet<>(); + effectiveClearFromPending.addAll(RestRequestThreadPool.getInstance().getClearFromPending()); + effectiveClearFromPending.addAll(GrpcClientRequestReplayHelper.getInstance().getClearFromPending()); + return effectiveClearFromPending; + } + private Map>> getEffectiveCompletedRequests() { Map>> generatedEvents = new HashMap<>(); - generatedEvents.putAll(RestRequestThreadPool.getInstance().getGeneratedEvents()); + for (String rejectedId : RestRequestThreadPool.getInstance().getRejectedIds()) { - for (Map.Entry>> applicationMap : generatedEvents.entrySet()) { + for (Map.Entry>> applicationMap : RestRequestThreadPool.getInstance().getGeneratedEvent().entrySet()) { applicationMap.getValue().remove(rejectedId); } } + generatedEvents.putAll(RestRequestThreadPool.getInstance().getGeneratedEvent()); RestRequestThreadPool.getInstance().getRejectedIds().clear(); + for (String rejectedId : GrpcClientRequestReplayHelper.getInstance().getRejectedIds()) { - for (Map.Entry>> applicationMap : generatedEvents.entrySet()) { + for (Map.Entry>> applicationMap : GrpcClientRequestReplayHelper.getInstance().getGeneratedEvent().entrySet()) { applicationMap.getValue().remove(rejectedId); } } + + for (Map.Entry>> applicationMap : GrpcClientRequestReplayHelper.getInstance().getGeneratedEvent().entrySet()) { + if(generatedEvents.containsKey(applicationMap.getKey())){ + generatedEvents.get(applicationMap.getKey()).putAll(applicationMap.getValue()); + } else { + generatedEvents.put(applicationMap.getKey(),applicationMap.getValue()); + } + } + GrpcClientRequestReplayHelper.getInstance().getRejectedIds().clear(); return generatedEvents; } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java index 4f9523b19..6a62d9c21 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java @@ -43,12 +43,12 @@ public class RestRequestThreadPool { * "ORIGIN_APPUUID_1" : {"FUZZ_ID_1":["EVENT_ID_1"], "FUZZ_ID_2":["EVENT_ID_2"]}, * } * */ - private final Map>> generatedEvents = new ConcurrentHashMap(); + private final Map>> generatedEvent = new ConcurrentHashMap(); public void resetIASTProcessing() { - getAllControlCommandID(generatedEvents); - generatedEvents.clear(); + getAllControlCommandID(generatedEvent); + generatedEvent.clear(); completedReplay.clear(); clearFromPending.clear(); errorInReplay.clear(); @@ -180,18 +180,16 @@ public void registerEventForProcessedCC(String controlCommandId, String eventId, if(StringUtils.isAnyBlank(controlCommandId, eventId)){ return; } - if(!generatedEvents.containsKey(originAppUuid)){ - logger.log(LogLevel.FINE, String.format("Entry from map of generatedEvents for %s is missing. generatedEvents are : %s", originAppUuid, generatedEvents), RestRequestThreadPool.class.getName()); + if(!generatedEvent.containsKey(originAppUuid)){ + logger.log(LogLevel.FINE, String.format("Entry from map of generatedEvents for %s is missing. generatedEvents are : %s", originAppUuid, generatedEvent), RestRequestThreadPool.class.getName()); } - if(generatedEvents.get(originAppUuid).containsKey(controlCommandId)) { - generatedEvents.get(originAppUuid).get(controlCommandId).add(eventId); - } else { - System.out.println("controlCommandId is not present for : "+controlCommandId); + if(generatedEvent.get(originAppUuid).containsKey(controlCommandId)) { + generatedEvent.get(originAppUuid).get(controlCommandId).add(eventId); } } - public Map>> getGeneratedEvents() { - return generatedEvents; + public Map>> getGeneratedEvent() { + return generatedEvent; } } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java index e67b88a30..d74e89b50 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/controlcommand/ControlCommandProcessor.java @@ -261,10 +261,8 @@ public void run() { controlCommand.getArguments().size()), this.getClass().getName()); logger.log(LogLevel.FINEST, String.format(PURGING_CONFIRMED_IAST_PROCESSED_RECORDS_S, controlCommand.getArguments()), this.getClass().getName()); - //TODO Update MicrosService Arch IASTDataTransferRequest requestForPurge = objectMapper.convertValue(controlCommand.getData(), IASTDataTransferRequest.class); purgeIastDataTransferRequest(requestForPurge); - controlCommand.getArguments().forEach(GrpcClientRequestReplayHelper.getInstance().getProcessedIds()::remove); break; default: logger.log(LogLevel.WARNING, String.format(UNKNOWN_CONTROL_COMMAND_S, controlCommandMessage), @@ -274,10 +272,21 @@ public void run() { } private static void purgeIastDataTransferRequest(IASTDataTransferRequest requestForPurge) { + + GrpcClientRequestReplayHelper.getInstance().getCompletedReplay().removeAll(requestForPurge.getCompletedReplay()); + GrpcClientRequestReplayHelper.getInstance().getErrorInReplay().removeAll(requestForPurge.getErrorInReplay()); + GrpcClientRequestReplayHelper.getInstance().getClearFromPending().removeAll(requestForPurge.getClearFromPending()); + for (Map.Entry>> applicationMap : GrpcClientRequestReplayHelper.getInstance().getGeneratedEvent().entrySet()) { + String originAppUUID = applicationMap.getKey(); + Map> purgeApplicationMap = requestForPurge.getGeneratedEvent().get(originAppUUID); + purgeApplicationMap.forEach(applicationMap.getValue()::remove); + } + + RestRequestThreadPool.getInstance().getCompletedReplay().removeAll(requestForPurge.getCompletedReplay()); RestRequestThreadPool.getInstance().getErrorInReplay().removeAll(requestForPurge.getErrorInReplay()); RestRequestThreadPool.getInstance().getClearFromPending().removeAll(requestForPurge.getClearFromPending()); - for (Map.Entry>> applicationMap : RestRequestThreadPool.getInstance().getGeneratedEvents().entrySet()) { + for (Map.Entry>> applicationMap : RestRequestThreadPool.getInstance().getGeneratedEvent().entrySet()) { String originAppUUID = applicationMap.getKey(); Map> purgeApplicationMap = requestForPurge.getGeneratedEvent().get(originAppUUID); purgeApplicationMap.forEach(applicationMap.getValue()::remove); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index 0be4e07a0..77919fcbf 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -684,7 +684,20 @@ public String decryptAndVerify(String encryptedData, String hashVerifier) { } @Override - public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry fuzzRequestEmptyEntry) { + public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry fuzzRequestEmptyEntry, RequestCategory category) { + switch (category) { + case GRPC: + setEmptyIastDataRequestEntry(fuzzRequestEmptyEntry, GrpcClientRequestReplayHelper.getInstance().getGeneratedEvent()); + break; + case HTTP: + default: + setEmptyIastDataRequestEntry(fuzzRequestEmptyEntry, RestRequestThreadPool.getInstance().getGeneratedEvent()); + break; + } + } + + + private void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry fuzzRequestEmptyEntry, Map>> generatedEvent) { String currentEntityGuid = AgentInfo.getInstance().getLinkingMetadata().getOrDefault(INRSettingsKey.NR_ENTITY_GUID, StringUtils.EMPTY); String originAppUUID = fuzzRequestEmptyEntry.getOriginAppUuid(); if(StringUtils.isBlank(originAppUUID)){ @@ -692,13 +705,14 @@ public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry fuzzRequestEmptyE } String shaDigestOfCurrentEntityGuid = HashGenerator.getSHA256HexDigest(currentEntityGuid); if(StringUtils.equals(shaDigestOfCurrentEntityGuid, fuzzRequestEmptyEntry.getOriginEntityGuid())){ - if(RestRequestThreadPool.getInstance().getGeneratedEvents().containsKey(originAppUUID)) { - RestRequestThreadPool.getInstance().getGeneratedEvents().get(originAppUUID).put(fuzzRequestEmptyEntry.getControlCommandId(), ConcurrentHashMap.newKeySet()); + if(generatedEvent.containsKey(originAppUUID)) { + generatedEvent.get(originAppUUID).put(fuzzRequestEmptyEntry.getControlCommandId(), ConcurrentHashMap.newKeySet()); } else { Map> emptyEntry = new ConcurrentHashMap<>(); emptyEntry.put(fuzzRequestEmptyEntry.getControlCommandId(), ConcurrentHashMap.newKeySet()); - RestRequestThreadPool.getInstance().getGeneratedEvents().put(originAppUUID, emptyEntry); + generatedEvent.put(originAppUUID, emptyEntry); } } } + } \ No newline at end of file diff --git a/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java index f1f840ae5..a2708cb6c 100644 --- a/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-api-test-impl/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -4,6 +4,7 @@ import com.newrelic.api.agent.Transaction; import com.newrelic.api.agent.security.schema.AbstractOperation; import com.newrelic.api.agent.security.schema.FuzzRequestEmptyEntry; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.operation.FileIntegrityOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -194,7 +195,8 @@ public String decryptAndVerify(String encryptedData, String hashVerifier) { } @Override - public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry emptyEntry) { + public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry fuzzRequestEmptyEntry, RequestCategory category) { } + } \ No newline at end of file diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java index 3de9fc53d..3e0d40c20 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/NoOpAgent.java @@ -9,6 +9,7 @@ import com.newrelic.api.agent.security.schema.AbstractOperation; import com.newrelic.api.agent.security.schema.FuzzRequestEmptyEntry; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -17,6 +18,7 @@ import java.net.URL; import java.util.Collections; import java.util.Map; +import java.util.Set; /** * Provides NoOps for API objects to avoid returning null. Do not call these objects directly. @@ -127,7 +129,7 @@ public String decryptAndVerify(String encryptedData, String hashVerifier) { } @Override - public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry emptyEntry) { + public void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry fuzzRequestEmptyEntry, RequestCategory category) { } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java index a90781783..3740e8355 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/SecurityAgent.java @@ -9,6 +9,7 @@ import com.newrelic.api.agent.security.schema.AbstractOperation; import com.newrelic.api.agent.security.schema.FuzzRequestEmptyEntry; +import com.newrelic.api.agent.security.schema.RequestCategory; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -70,5 +71,5 @@ public interface SecurityAgent { String decryptAndVerify(String encryptedData, String hashVerifier); - void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry emptyEntry); + void setEmptyIastDataRequestEntry(FuzzRequestEmptyEntry fuzzRequestEmptyEntry, RequestCategory category); } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java index 5fef7c098..d977ee34d 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java @@ -1,8 +1,10 @@ package com.newrelic.api.agent.security.instrumentation.helpers; +import com.newrelic.api.agent.security.NewRelicSecurity; import com.newrelic.api.agent.security.schema.ControlCommandDto; import com.newrelic.api.agent.security.schema.FuzzRequestBean; import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.utils.logging.LogLevel; import java.util.Collections; import java.util.Map; @@ -17,9 +19,23 @@ public class GrpcClientRequestReplayHelper { private BlockingQueue inProcessRequestQueue = new LinkedBlockingQueue(1000); private BlockingQueue> fuzzFailRequestQueue = new LinkedBlockingQueue(1000); private boolean isGrpcRequestExecutorStarted = false; - private final Map> processedIds = new ConcurrentHashMap(); - private final Set pendingIds = ConcurrentHashMap.newKeySet(); + private final Set rejectedIds = ConcurrentHashMap.newKeySet(); + + private Set completedReplay = ConcurrentHashMap.newKeySet(); + + private Set errorInReplay = ConcurrentHashMap.newKeySet(); + + private Set clearFromPending = ConcurrentHashMap.newKeySet(); + + /** + * "generatedEvents": + * { + * "ORIGIN_APPUUID_1" : {"FUZZ_ID_1":["EVENT_ID_1"], "FUZZ_ID_2":["EVENT_ID_2"]}, + * } + * */ + private final Map>> generatedEvent = new ConcurrentHashMap(); + private static final AtomicBoolean isWaiting = new AtomicBoolean(false); public static GrpcClientRequestReplayHelper getInstance(){ @@ -30,11 +46,22 @@ private static final class InstanceHolder { static final GrpcClientRequestReplayHelper instance = new GrpcClientRequestReplayHelper(); } - //TODO Update MicrosService Arch + private void getAllControlCommandID(Map>> generatedEvents) { + if(generatedEvents == null || generatedEvents.isEmpty()) { + return; + } + + for (Map> applicationMap : generatedEvents.values()) { + rejectedIds.addAll(applicationMap.keySet()); + } + } + public void resetIASTProcessing() { - rejectedIds.addAll(processedIds.keySet()); - processedIds.clear(); - pendingIds.clear(); + getAllControlCommandID(generatedEvent); + generatedEvent.clear(); + completedReplay.clear(); + clearFromPending.clear(); + errorInReplay.clear(); requestQueue.clear(); } @@ -82,33 +109,48 @@ public Map getSingleRequestFromFuzzFailRequestQueue( return fuzzFailRequestQueue.take(); } - public Map> getProcessedIds() { - return processedIds; - } - public Set getRejectedIds() { return rejectedIds; } - public Set getPendingIds() { - return pendingIds; - } - - public void registerEventForProcessedCC(String controlCommandId, String eventId) { - //TODO Update MicrosService Arch + public void registerEventForProcessedCC(String controlCommandId, String eventId, String originAppUuid) { if(StringUtils.isAnyBlank(controlCommandId, eventId)){ return; } - Set registeredEvents = processedIds.get(controlCommandId); - if(registeredEvents != null) { - registeredEvents.add(eventId); + if(!generatedEvent.containsKey(originAppUuid)){ + NewRelicSecurity.getAgent().log(LogLevel.FINE, String.format("Entry from map of generatedEvents for %s is missing. generatedEvents are : %s", originAppUuid, generatedEvent), GrpcClientRequestReplayHelper.class.getName()); } - } - public void removeFromProcessedCC(String controlCommandId) { - //TODO Update MicrosService Arch - if(StringUtils.isNotBlank(controlCommandId)){ - processedIds.remove(controlCommandId); + if(generatedEvent.get(originAppUuid).containsKey(controlCommandId)) { + generatedEvent.get(originAppUuid).get(controlCommandId).add(eventId); } } + + public Set getCompletedReplay() { + return completedReplay; + } + + public void setCompletedReplay(Set completedReplay) { + this.completedReplay = completedReplay; + } + + public Set getErrorInReplay() { + return errorInReplay; + } + + public void setErrorInReplay(Set errorInReplay) { + this.errorInReplay = errorInReplay; + } + + public Set getClearFromPending() { + return clearFromPending; + } + + public void setClearFromPending(Set clearFromPending) { + this.clearFromPending = clearFromPending; + } + + public Map>> getGeneratedEvent() { + return generatedEvent; + } } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/RequestCategory.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/RequestCategory.java new file mode 100644 index 000000000..216de5910 --- /dev/null +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/RequestCategory.java @@ -0,0 +1,9 @@ +package com.newrelic.api.agent.security.schema; + +public enum RequestCategory { + + HTTP, + + GRPC; + +} From c6f95ef2d9b7d047a8bb935af34040db08cc992c Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Thu, 13 Jun 2024 11:17:45 +0530 Subject: [PATCH 4/6] resolve merge conflicts --- .../jetty11/HttpServletHelper.java | 1 + .../instrumentation/jetty9/HttpServletHelper.java | 1 + .../instrumentator/httpclient/RestClient.java | 15 ++++++--------- .../httpclient/RestRequestProcessor.java | 2 +- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java index 5f80dde4e..9364b77f2 100644 --- a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java +++ b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java @@ -19,6 +19,7 @@ import java.util.Arrays; import java.util.Collection; import java.util.Enumeration; +import java.util.Map; public class HttpServletHelper { diff --git a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java index 8e0e497cc..bea66dbcc 100644 --- a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java +++ b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java @@ -19,6 +19,7 @@ import java.util.Arrays; import java.util.Collection; import java.util.Enumeration; +import java.util.Map; public class HttpServletHelper { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java index 66ecb9056..cdd857ac6 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestClient.java @@ -132,7 +132,7 @@ public void fireRequest(FuzzRequestBean httpRequest, List endpoints, Res responseCode = RestClient.getInstance().fireRequest(request, restRequestProcessor, repeatCount + endpoints.size() -1); } catch (SSLException e) { NewRelicSecurity.getAgent().reportIASTScanFailure(null, null, - e, RequestUtils.extractNRCsecFuzzReqHeader(httpRequest), fuzzRequestId, + e, RequestUtils.extractNRCsecFuzzReqHeader(httpRequest), restRequestProcessor.getControlCommand().getId(), String.format(IAgentConstants.SSL_EXCEPTION_FAILURE_MESSAGE, request.url())); logger.log(LogLevel.FINER, String.format(CALL_FAILED_REQUEST_S_REASON, request, e.getMessage()), e, RestClient.class.getName()); logger.postLogMessageIfNecessary(LogLevel.WARNING, @@ -202,15 +202,12 @@ public int fireRequest(Request request, RestRequestProcessor restRequestProcesso else if(response.code() >= 400){ String responseBody = response.body().string(); NewRelicSecurity.getAgent().reportIASTScanFailure(null, null, null, - RequestUtils.extractNRCsecFuzzReqHeader(request.headers()), fuzzRequestId, + RequestUtils.extractNRCsecFuzzReqHeader(request.headers()), restRequestProcessor.getControlCommand().getId(), String.format(IAgentConstants.REQUEST_FAILURE_FOR_S_WITH_RESPONSE_CODE, request.url(), response, responseBody)); - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(fuzzRequestId, new HashSet<>()); logger.postLogMessageIfNecessary(LogLevel.WARNING, - String.format(RestClient.CALL_FAILED_REQUEST_S_REASON_S, fuzzRequestId, response, responseBody), null, + String.format(RestClient.CALL_FAILED_REQUEST_S_REASON_S, restRequestProcessor.getControlCommand().getId(), response, responseBody), null, RestRequestProcessor.class.getName()); - } else if(response.isSuccessful()){ - RestRequestThreadPool.getInstance().getProcessedIds().putIfAbsent(fuzzRequestId, new HashSet<>()); - }else { + } else { logger.log(LogLevel.FINER, String.format(REQUEST_SUCCESS_S_RESPONSE_S_S, request, response, response.body().string()), RestClient.class.getName()); } restRequestProcessor.setSuccessful(true); @@ -233,7 +230,7 @@ else if(response.code() >= 400){ } } catch (IOException e) { NewRelicSecurity.getAgent().reportIASTScanFailure(null, null, - e, RequestUtils.extractNRCsecFuzzReqHeader(request.headers()), fuzzRequestId, + e, RequestUtils.extractNRCsecFuzzReqHeader(request.headers()), restRequestProcessor.getControlCommand().getId(), IAgentConstants.REQUEST_FAILURE_DUE_TO_IOEXCEPTION); logger.log(LogLevel.FINER, String.format(CALL_FAILED_REQUEST_S_REASON, e.getMessage(), request), e, RestClient.class.getName()); @@ -241,7 +238,7 @@ else if(response.code() >= 400){ restRequestProcessor.setError(e); logger.log(LogLevel.FINER, String.format(CALL_FAILED_REQUEST_S_REASON, request), e, RestClient.class.getName()); logger.postLogMessageIfNecessary(LogLevel.WARNING, - String.format(CALL_FAILED_REQUEST_S_REASON, restRequestProcessor.getControlCommand().getId(), e.getMessage(),), + String.format(CALL_FAILED_REQUEST_S_REASON, restRequestProcessor.getControlCommand().getId(), e.getMessage()), e, RestRequestProcessor.class.getName()); // TODO: Add to fuzz fail count in HC and remove FuzzFailEvent if not needed. FuzzFailEvent fuzzFailEvent = new FuzzFailEvent(AgentInfo.getInstance().getApplicationUUID()); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java index 899226395..5f96f5d86 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestProcessor.java @@ -144,7 +144,7 @@ public Boolean call() throws InterruptedException { GrpcClientRequestReplayHelper.getInstance().addToRequestQueue(new ControlCommandDto(controlCommand.getId(), httpRequest, payloadList)); } else { boolean postSSL = false; - List endpoints = prepareAllEndpoints(NewRelicSecurity.getAgent().getApplicationConnectionConfig()); + List endpoints = prepareAllEndpoints(NewRelicSecurity.getAgent().getApplicationConnectionConfig(), httpRequest); logger.log(LogLevel.FINER, String.format("Endpoints to fire : %s", endpoints), RestRequestProcessor.class.getSimpleName()); if (endpoints.isEmpty()){ endpoints = prepareAllEndpoints(httpRequest); From 58ee90726569974acc4f96c59674ad77d0460627 Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Thu, 13 Jun 2024 17:40:19 +0530 Subject: [PATCH 5/6] Add metric reporting for iast request replay --- .../processor/GrpcRequestThreadPool.java | 5 ++ .../processor/GrpcRequestThreadPool.java | 5 ++ .../grpc1400/client/GrpcClient.java | 78 ++++++------------- .../processor/GrpcRequestProcessor.java | 3 +- .../processor/GrpcRequestThreadPool.java | 5 ++ .../httpclient/EventAbortPolicy.java | 2 +- .../httpclient/RequestUtils.java | 2 + .../httpclient/RestRequestThreadPool.java | 7 ++ .../logging/HealthCheckScheduleThread.java | 4 + .../models/javaagent/IastReplayRequest.java | 28 +++---- .../intcodeagent/websocket/WSClient.java | 2 +- .../GrpcClientRequestReplayHelper.java | 48 ++++++++++++ 12 files changed, 116 insertions(+), 73 deletions(-) diff --git a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestThreadPool.java b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestThreadPool.java index ac03062c2..50b133570 100644 --- a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestThreadPool.java +++ b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/processor/GrpcRequestThreadPool.java @@ -49,10 +49,12 @@ protected void afterExecute(Runnable r, Throwable t) { GrpcClientRequestReplayHelper.getInstance().setInProcessRequestQueue(getQueue()); controlCommandId = null; if (r instanceof CustomFutureTask && ((CustomFutureTask) r).getTask() instanceof GrpcRequestProcessor) { + GrpcClientRequestReplayHelper.getInstance().incrementReplayRequestExecuted(); GrpcRequestProcessor task = (GrpcRequestProcessor) ((CustomFutureTask) r).getTask(); controlCommandId = task.getPartialControlCommand().getId(); if (task.isSuccessful()) { + GrpcClientRequestReplayHelper.getInstance().incrementReplayRequestSucceeded(); GrpcClientRequestReplayHelper.getInstance().getCompletedReplay().add(controlCommandId); } else if (task.isExceptionRaised() && task.getError() instanceof InterruptedIOException) { GrpcClientRequestReplayHelper.getInstance().getClearFromPending().add(controlCommandId); @@ -64,6 +66,9 @@ protected void afterExecute(Runnable r, Throwable t) { if (StringUtils.isBlank(controlCommandId)) { GrpcClientRequestReplayHelper.getInstance().getRejectedIds().add(controlCommandId); } + if (!task.isSuccessful()){ + GrpcClientRequestReplayHelper.getInstance().incrementReplayRequestFailed(); + } } } catch (Exception ignored) { } diff --git a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestThreadPool.java b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestThreadPool.java index 3dd7014ed..6ab7d2bf9 100644 --- a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestThreadPool.java +++ b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/processor/GrpcRequestThreadPool.java @@ -49,9 +49,11 @@ protected void afterExecute(Runnable r, Throwable t) { GrpcClientRequestReplayHelper.getInstance().setInProcessRequestQueue(getQueue()); controlCommandId = null; if (r instanceof CustomFutureTask && ((CustomFutureTask) r).getTask() instanceof GrpcRequestProcessor) { + GrpcClientRequestReplayHelper.getInstance().incrementReplayRequestExecuted(); GrpcRequestProcessor task = (GrpcRequestProcessor) ((CustomFutureTask) r).getTask(); controlCommandId = task.getPartialControlCommand().getId(); if (task.isSuccessful()) { + GrpcClientRequestReplayHelper.getInstance().incrementReplayRequestSucceeded(); GrpcClientRequestReplayHelper.getInstance().getCompletedReplay().add(controlCommandId); } else if (task.isExceptionRaised() && task.getError() instanceof InterruptedIOException) { GrpcClientRequestReplayHelper.getInstance().getClearFromPending().add(controlCommandId); @@ -63,6 +65,9 @@ protected void afterExecute(Runnable r, Throwable t) { if (StringUtils.isBlank(controlCommandId)) { GrpcClientRequestReplayHelper.getInstance().getRejectedIds().add(controlCommandId); } + if (!task.isSuccessful()){ + GrpcClientRequestReplayHelper.getInstance().incrementReplayRequestFailed(); + } } } catch (Exception ignored) { } diff --git a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/client/GrpcClient.java b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/client/GrpcClient.java index 3ade38035..2cdccc1db 100644 --- a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/client/GrpcClient.java +++ b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/client/GrpcClient.java @@ -57,7 +57,7 @@ protected ManagedChannel initialValue() { } }; - public Object fireRequest(GrpcRequestProcessor grpcRequestProcessor) { + public void fireRequest(GrpcRequestProcessor grpcRequestProcessor) { FuzzRequestBean requestBean = null; ControlCommandDto controlCommandDto = grpcRequestProcessor.getControlCommandDto(); int repeatCount = grpcRequestProcessor.getRepeatCount(); @@ -72,37 +72,31 @@ public Object fireRequest(GrpcRequestProcessor grpcRequestProcessor) { NewRelicSecurity.getAgent().log(LogLevel.FINER, String.format(FIRING_REQUEST_URL_S, requestBean.getUrl()), GrpcClient.class.getName()); NewRelicSecurity.getAgent().log(LogLevel.FINER, String.format(FIRING_REQUEST_HEADERS_S, requestBean.getHeaders()), GrpcClient.class.getName()); - Object isSuccess = false; switch (requestBean.getReflectedMetaData().get(GrpcHelper.REQUEST_TYPE)) { case unary: - isSuccess = customUnaryCall(channel, requestBean, payloads); + customUnaryCall(channel, requestBean, payloads); break; case client_streaming: - isSuccess = customClientStream(channel, requestBean, payloads); + customClientStream(channel, requestBean, payloads); break; case server_streaming: - isSuccess = customServerStream(channel, requestBean, payloads); + customServerStream(channel, requestBean, payloads); break; case bidi_streaming: - isSuccess = customBiDiStream(channel, requestBean, payloads); + customBiDiStream(channel, requestBean, payloads); break; } grpcRequestProcessor.setSuccessful(true); - - return isSuccess; } catch (InterruptedException e) { grpcRequestProcessor.setExceptionRaised(true); grpcRequestProcessor.setError(e); if (repeatCount >= 0) { - return fireRequest(grpcRequestProcessor); + fireRequest(grpcRequestProcessor); } - return false; } catch (Throwable e) { grpcRequestProcessor.setExceptionRaised(true); grpcRequestProcessor.setError(e); - - return e; } } @@ -116,7 +110,7 @@ public static GrpcClient getInstance() { } } - private Object customUnaryCall(ManagedChannel channel, FuzzRequestBean requestBean, List payloads) { + private void customUnaryCall(ManagedChannel channel, FuzzRequestBean requestBean, List payloads) { GrpcStubs.CustomStub stub = GrpcStubs.newStub(channel); String[] methodSplitData = requestBean.getMethod().split("/"); String serviceName = methodSplitData[0]; @@ -129,20 +123,14 @@ private Object customUnaryCall(ManagedChannel channel, FuzzRequestBean requestBe } for (String requestData : payloads) { - try { - Any pack = getMessageOfTypeAny(requestData, requestClass); - Any response = stub.withInterceptors(MetadataUtils.newAttachHeadersInterceptor(headers)) - .unaryCall(pack, serviceName, methodName); - NewRelicSecurity.getAgent().log(LogLevel.FINER, String.format(REQUEST_SUCCESS_S_RESPONSE_S_S, requestBean, response, response.toString()), GrpcClient.class.getName()); - } catch (Throwable e) { - return e; -// GrpcClientRequestReplayHelper.getInstance().addFuzzFailEventToQueue(requestBean, e); - } + Any pack = getMessageOfTypeAny(requestData, requestClass); + Any response = stub.withInterceptors(MetadataUtils.newAttachHeadersInterceptor(headers)) + .unaryCall(pack, serviceName, methodName); + NewRelicSecurity.getAgent().log(LogLevel.FINER, String.format(REQUEST_SUCCESS_S_RESPONSE_S_S, requestBean, response, response.toString()), GrpcClient.class.getName()); } - return null; } - private static Object customClientStream(ManagedChannel channel, FuzzRequestBean requestBean, List payloads) throws InterruptedException { + private static void customClientStream(ManagedChannel channel, FuzzRequestBean requestBean, List payloads) throws InterruptedException { StreamObserver responseObserver = new StreamObserver() { @Override @@ -174,19 +162,13 @@ public void onCompleted() { StreamObserver requestObserver = stub.withInterceptors(MetadataUtils.newAttachHeadersInterceptor(headers)).clientStream(responseObserver, serviceName, methodName); for (String requestData : payloads) { - try { - Any pack = getMessageOfTypeAny(requestData, requestClass); - requestObserver.onNext(pack); - } catch (Throwable e) { - return e; -// GrpcClientRequestReplayHelper.getInstance().addFuzzFailEventToQueue(requestBean, e); - } + Any pack = getMessageOfTypeAny(requestData, requestClass); + requestObserver.onNext(pack); } requestObserver.onCompleted(); - return null; } - private static Object customServerStream(ManagedChannel channel, FuzzRequestBean requestBean, List payloads) { + private static void customServerStream(ManagedChannel channel, FuzzRequestBean requestBean, List payloads) { GrpcStubs.CustomStub stub = GrpcStubs.newBlockingStub(channel); String[] methodSplitData = requestBean.getMethod().split("/"); String serviceName = methodSplitData[0]; @@ -199,23 +181,17 @@ private static Object customServerStream(ManagedChannel channel, FuzzRequestBean } for (String requestData : payloads) { - try { - Any pack = getMessageOfTypeAny(requestData, requestClass); - Iterator responses = stub.withInterceptors(MetadataUtils.newAttachHeadersInterceptor(headers)) - .serverStream(pack, serviceName, methodName); - while (responses.hasNext()) { - Any response = responses.next(); - NewRelicSecurity.getAgent().log(LogLevel.FINER, String.format(REQUEST_SUCCESS_S_RESPONSE_S_S, requestBean, response, response.toString()), GrpcClient.class.getName()); - } - } catch (Throwable e) { - return e; -// GrpcClientRequestReplayHelper.getInstance().addFuzzFailEventToQueue(requestBean, e); + Any pack = getMessageOfTypeAny(requestData, requestClass); + Iterator responses = stub.withInterceptors(MetadataUtils.newAttachHeadersInterceptor(headers)) + .serverStream(pack, serviceName, methodName); + while (responses.hasNext()) { + Any response = responses.next(); + NewRelicSecurity.getAgent().log(LogLevel.FINER, String.format(REQUEST_SUCCESS_S_RESPONSE_S_S, requestBean, response, response.toString()), GrpcClient.class.getName()); } } - return null; } - public static Object customBiDiStream(ManagedChannel channel, FuzzRequestBean requestBean, List payloads) throws InterruptedException { + public static void customBiDiStream(ManagedChannel channel, FuzzRequestBean requestBean, List payloads) { GrpcStubs.CustomStub stub = GrpcStubs.newStub(channel); StringBuilder body = requestBean.getBody(); String[] methodSplitData = requestBean.getMethod().split("/"); @@ -248,16 +224,10 @@ public void onCompleted() { .biDiStream(responseObserver, serviceName, methodName); for (String requestData : payloads) { - try{ - Any pack = getMessageOfTypeAny(requestData, requestClass); - requestObserver.onNext(pack); - } catch (Throwable e) { - return e; -// GrpcClientRequestReplayHelper.getInstance().addFuzzFailEventToQueue(requestBean, e); - } + Any pack = getMessageOfTypeAny(requestData, requestClass); + requestObserver.onNext(pack); } requestObserver.onCompleted(); - return null; } diff --git a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestProcessor.java b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestProcessor.java index 7c9378ea9..57b04c1c5 100644 --- a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestProcessor.java +++ b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestProcessor.java @@ -26,7 +26,8 @@ public GrpcRequestProcessor(ControlCommandDto controlCommandDto, int repeatCount @Override public Object call() throws Exception { - return GrpcClient.getInstance().fireRequest(this); + GrpcClient.getInstance().fireRequest(this); + return this; } public static void executeGrpcRequest(ControlCommandDto controlCommandDto) { diff --git a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestThreadPool.java b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestThreadPool.java index 9b0445fd5..1a8a2cf0a 100644 --- a/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestThreadPool.java +++ b/instrumentation-security/grpc-1.40.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1400/processor/GrpcRequestThreadPool.java @@ -46,9 +46,11 @@ protected void afterExecute(Runnable r, Throwable t) { GrpcClientRequestReplayHelper.getInstance().setInProcessRequestQueue(getQueue()); String controlCommandId = null; if (r instanceof CustomFutureTask && ((CustomFutureTask) r).getTask() instanceof GrpcRequestProcessor) { + GrpcClientRequestReplayHelper.getInstance().incrementReplayRequestExecuted(); GrpcRequestProcessor task = (GrpcRequestProcessor) ((CustomFutureTask) r).getTask(); controlCommandId = task.getPartialControlCommand().getId(); if (task.isSuccessful()) { + GrpcClientRequestReplayHelper.getInstance().incrementReplayRequestSucceeded(); GrpcClientRequestReplayHelper.getInstance().getCompletedReplay().add(controlCommandId); } else if (task.isExceptionRaised() && task.getError() instanceof InterruptedIOException) { GrpcClientRequestReplayHelper.getInstance().getClearFromPending().add(controlCommandId); @@ -60,6 +62,9 @@ protected void afterExecute(Runnable r, Throwable t) { if (StringUtils.isBlank(controlCommandId)) { GrpcClientRequestReplayHelper.getInstance().getRejectedIds().add(controlCommandId); } + if (!task.isSuccessful()){ + GrpcClientRequestReplayHelper.getInstance().incrementReplayRequestFailed(); + } } } catch (Exception e) { } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/EventAbortPolicy.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/EventAbortPolicy.java index 7a2595c9f..77dc8b113 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/EventAbortPolicy.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/EventAbortPolicy.java @@ -12,10 +12,10 @@ public class EventAbortPolicy implements RejectedExecutionHandler { public EventAbortPolicy() { - AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementReplayRequestRejected(); } public void rejectedExecution(Runnable r, ThreadPoolExecutor e) { + AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementReplayRequestRejected(); logger.log(LogLevel.WARNING, "Fuzz request " + r.toString() + " rejected from " + e.toString(), EventAbortPolicy.class.getName()); } } \ No newline at end of file diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java index 2b0d93274..de544cc61 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java @@ -1,5 +1,6 @@ package com.newrelic.agent.security.instrumentator.httpclient; +import com.newrelic.agent.security.AgentInfo; import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool; import com.newrelic.agent.security.intcodeagent.websocket.JsonConverter; import com.newrelic.api.agent.security.instrumentation.helpers.ICsecApiConstants; @@ -85,6 +86,7 @@ public static Request generateK2Request(FuzzRequestBean httpRequest, String endp requestBuilder = requestBuilder.headers(Headers.of((Map) httpRequest.getHeaders())); requestBuilder.header(GenericHelper.CSEC_PARENT_ID, controlCommandId); + AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementReplayRequestGenerated(); return requestBuilder.build(); } catch (Exception e){ logger.log(LogLevel.FINEST, String.format(ERROR_IN_FUZZ_REQUEST_GENERATION, e.toString()), RequestUtils.class.getSimpleName()); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java index b7a6ff084..c60670724 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RestRequestThreadPool.java @@ -78,6 +78,7 @@ protected void afterExecute(Runnable r, Throwable t) { super.afterExecute(r, t); String controlCommandId = null; if (r instanceof CustomFutureTask && ((CustomFutureTask) r).getTask() instanceof RestRequestProcessor) { + AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementReplayRequestExecuted(); RestRequestProcessor task = (RestRequestProcessor) ((CustomFutureTask) r).getTask(); controlCommandId = task.getControlCommand().getId(); if(task.isSuccessful() && 500 < task.getResponseCode() && task.getResponseCode() >= 400){ @@ -94,6 +95,12 @@ protected void afterExecute(Runnable r, Throwable t) { if (StringUtils.isBlank(controlCommandId)) { rejectedIds.add(controlCommandId); } + + if(task.isSuccessful() && 200 <= task.getResponseCode() && task.getResponseCode() < 300){ + AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementReplayRequestSucceeded(); + } else { + AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementReplayRequestFailed(); + } } } catch (Exception ignored) { } diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java index a33da7bbe..4a2360b7a 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java @@ -81,6 +81,10 @@ public void run() { logger.log(LogLevel.INFO, String.format("Pending CCs to be processed : %s", RestRequestThreadPool.getInstance().getQueueSize()), this.getClass().getName()); AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementPendingControlCommandsBy(RestRequestThreadPool.getInstance().getQueueSize()); AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementPendingControlCommandsBy(GrpcClientRequestReplayHelper.getInstance().getRequestQueue().size()); + AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementReplayRequestExecutedBy(GrpcClientRequestReplayHelper.getInstance().getReplayRequestExecuted()); + AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementReplayRequestFailedBy(GrpcClientRequestReplayHelper.getInstance().getReplayRequestFailed()); + AgentInfo.getInstance().getJaHealthCheck().getIastReplayRequest().incrementReplayRequestSucceededBy(GrpcClientRequestReplayHelper.getInstance().getReplayRequestSucceeded()); + GrpcClientRequestReplayHelper.getInstance().resetReplayRequestMetric(); AgentUtils.getInstance().addStatusLogMostRecentHCs(AgentInfo.getInstance().getJaHealthCheck().toString()); // channel.write(ByteBuffer.wrap(new JAHealthCheck(AgentNew.JA_HEALTH_CHECK).toString().getBytes())); if (WSClient.getInstance().isOpen()) { diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/IastReplayRequest.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/IastReplayRequest.java index 15b9dba2f..b6b3999f8 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/IastReplayRequest.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/IastReplayRequest.java @@ -8,8 +8,6 @@ public class IastReplayRequest { private AtomicInteger receivedControlCommands = new AtomicInteger(); - private AtomicInteger processedControlCommands = new AtomicInteger(); - private AtomicInteger pendingControlCommands = new AtomicInteger(); private AtomicInteger replayRequestGenerated = new AtomicInteger(); @@ -27,7 +25,6 @@ public IastReplayRequest() { public IastReplayRequest(IastReplayRequest iastReplayRequest) { this.receivedControlCommands.set(iastReplayRequest.getReceivedControlCommands().get()); - this.processedControlCommands.set(iastReplayRequest.getProcessedControlCommands().get()); this.pendingControlCommands.set(iastReplayRequest.getPendingControlCommands().get()); this.replayRequestGenerated.set(iastReplayRequest.getReplayRequestGenerated().get()); this.replayRequestExecuted.set(iastReplayRequest.getReplayRequestExecuted().get()); @@ -40,10 +37,6 @@ public AtomicInteger getReceivedControlCommands() { return receivedControlCommands; } - public AtomicInteger getProcessedControlCommands() { - return processedControlCommands; - } - public AtomicInteger getPendingControlCommands() { return pendingControlCommands; } @@ -72,14 +65,6 @@ public int incrementReceivedControlCommands() { return receivedControlCommands.incrementAndGet(); } - public int incrementProcessedControlCommands() { - return processedControlCommands.incrementAndGet(); - } - - public int incrementPendingControlCommands() { - return pendingControlCommands.incrementAndGet(); - } - public int incrementReplayRequestGenerated() { return replayRequestGenerated.incrementAndGet(); } @@ -104,9 +89,20 @@ public void incrementPendingControlCommandsBy(int count) { pendingControlCommands.addAndGet(count); } + public void incrementReplayRequestExecutedBy(int count) { + replayRequestExecuted.addAndGet(count); + } + + public void incrementReplayRequestSucceededBy(int count) { + replayRequestSucceeded.addAndGet(count); + } + + public void incrementReplayRequestFailedBy(int count) { + replayRequestFailed.addAndGet(count); + } + public void reset() { receivedControlCommands.set(0); - processedControlCommands.set(0); pendingControlCommands.set(0); replayRequestGenerated.set(0); replayRequestExecuted.set(0); diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java index df8ebdffe..3d00c81c3 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/WSClient.java @@ -200,7 +200,7 @@ public void onOpen(ServerHandshake handshakedata) { public void onMessage(String message) { // Receive communication from IC side. try { - AgentInfo.getInstance().getJaHealthCheck().getWebSocketConnectionStats().incrementMessagesSent(); + AgentInfo.getInstance().getJaHealthCheck().getWebSocketConnectionStats().incrementMessagesReceived(); if (logger.isLogLevelEnabled(LogLevel.FINEST)) { logger.log(LogLevel.FINEST, String.format(INCOMING_CONTROL_COMMAND_S, message), this.getClass().getName()); diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java index d977ee34d..257387cf4 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GrpcClientRequestReplayHelper.java @@ -13,6 +13,7 @@ import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.LinkedBlockingQueue; import java.util.concurrent.atomic.AtomicBoolean; +import java.util.concurrent.atomic.AtomicInteger; public class GrpcClientRequestReplayHelper { private BlockingQueue requestQueue = new LinkedBlockingQueue<>(1000); @@ -28,6 +29,53 @@ public class GrpcClientRequestReplayHelper { private Set clearFromPending = ConcurrentHashMap.newKeySet(); + private AtomicInteger replayRequestGenerated = new AtomicInteger(); + + private AtomicInteger replayRequestExecuted = new AtomicInteger(); + + private AtomicInteger replayRequestSucceeded = new AtomicInteger(); + + private AtomicInteger replayRequestFailed = new AtomicInteger(); + + public int incrementReplayRequestGenerated() { + return replayRequestGenerated.incrementAndGet(); + } + + public int incrementReplayRequestExecuted() { + return replayRequestExecuted.incrementAndGet(); + } + + public int incrementReplayRequestSucceeded() { + return replayRequestSucceeded.incrementAndGet(); + } + + public int incrementReplayRequestFailed() { + return replayRequestFailed.incrementAndGet(); + } + + public int getReplayRequestGenerated() { + return replayRequestGenerated.get(); + } + + public int getReplayRequestExecuted() { + return replayRequestExecuted.get(); + } + + public int getReplayRequestSucceeded() { + return replayRequestSucceeded.get(); + } + + public int getReplayRequestFailed() { + return replayRequestFailed.get(); + } + + public void resetReplayRequestMetric() { + replayRequestGenerated.set(0); + replayRequestExecuted.set(0); + replayRequestSucceeded.set(0); + replayRequestFailed.set(0); + } + /** * "generatedEvents": * { From bf305ece68df41e9c1f5320492ac47384ac741ec Mon Sep 17 00:00:00 2001 From: lovesh-ap Date: Wed, 19 Jun 2024 10:49:25 +0530 Subject: [PATCH 6/6] Reset health check schedule to 5mins --- .../intcodeagent/logging/HealthCheckScheduleThread.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java index 4a2360b7a..e83f94a78 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/logging/HealthCheckScheduleThread.java @@ -126,7 +126,7 @@ private ThreadPoolStats populateThreadPoolStats() { private HealthCheckScheduleThread() {} public void scheduleNewTask() { - future = SchedulerHelper.getInstance().scheduleHealthCheck(runnable, 30, 30, TimeUnit.SECONDS); + future = SchedulerHelper.getInstance().scheduleHealthCheck(runnable, 300, 300, TimeUnit.SECONDS); } public boolean cancelTask(boolean forceCancel) {