Skip to content

CSEC Java Agent Version 1.7.0 #404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 13 commits into from
Apr 25, 2025
Merged

CSEC Java Agent Version 1.7.0 #404

merged 13 commits into from
Apr 25, 2025

Conversation

lovesh-ap
Copy link
Contributor

Adds

  • PR-395 Support for Deserialization Vulnerability Detection: Implemented mechanisms to detect vulnerabilities arising from unsafe deserialization processes.
  • PR-395 Support for Vulnerability Detection of Remote Code Invocation via Reflection: Enhanced capability to identify security risks associated with remote code execution through reflection.
  • PR-343 HTTP Response Handling for Vulnerabilities: Developed the functionality to send HTTP responses for detected vulnerabilities directly to the UI.

Changes

  • PR-343 Trimmed Response Body: Updated the response handling logic to trim response bodies to a maximum of 500KB when larger. This optimization aids in performance and resource conservation.
  • PR-396 Upgraded commons-io:commons-io from version 2.7 to 2.14.0
  • PR-403 GraphQL Supported Version Range: Restricted the supported version range for GraphQL due to the release of a new version on April 7th, 2025

Fixes

  • PR-372 Repeat IAST Request Replay Commands: Reconfigured logic to repeat IAST control commands until the endpoint is confirmed.

Note

  • The instrumentation for the module com.newrelic.instrumentation.security.java-reflection is disabled by default. This is due to its impact on CPU utilization, which can significantly increase when the module is active.
  • Action Required: To detect unsafe reflection vulnerabilities effectively, enable the com.newrelic.instrumentation.security.java-reflection module.

@lovesh-ap lovesh-ap requested a review from k2himanshu April 25, 2025 12:02
@lovesh-ap lovesh-ap self-assigned this Apr 25, 2025
k2himanshu
k2himanshu previously approved these changes Apr 25, 2025
View reviewed changes
@k2himanshu k2himanshu self-requested a review April 25, 2025 12:07
@lovesh-ap lovesh-ap merged commit c10350f into main Apr 25, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k2himanshu k2himanshu k2himanshu approved these changes

Assignees

@lovesh-ap lovesh-ap

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lovesh-ap @k2himanshu @IshikaDawda