diff --git a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/AkkaResponseHelper.scala b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/AkkaResponseHelper.scala index 3ff8224e3..6e8725dc5 100644 --- a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/AkkaResponseHelper.scala +++ b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/AkkaResponseHelper.scala @@ -7,21 +7,15 @@ package akka.http.scaladsl -import akka.Done import akka.http.scaladsl.model.{HttpEntity, HttpResponse} import akka.http.scaladsl.server.AkkaCoreUtils -import akka.stream.Materializer -import akka.stream.javadsl.Source -import akka.stream.scaladsl.Sink -import akka.util.ByteString +import com.newrelic.api.agent.NewRelic import com.newrelic.api.agent.security.NewRelicSecurity import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException import com.newrelic.api.agent.security.utils.logging.LogLevel -import com.newrelic.api.agent.{NewRelic, Token} import java.lang -import scala.concurrent.{ExecutionContext, Future} import scala.runtime.AbstractFunction1 class AkkaResponseHelper extends AbstractFunction1[HttpResponse, HttpResponse] { @@ -29,7 +23,7 @@ class AkkaResponseHelper extends AbstractFunction1[HttpResponse, HttpResponse] { override def apply(httpResponse: HttpResponse): HttpResponse = { try { val stringResponse = new lang.StringBuilder() - val isLockAquired = AkkaCoreUtils.acquireServletLockIfPossible() + val isLockAquired = GenericHelper.acquireLockIfPossible(AkkaCoreUtils.NR_SEC_CUSTOM_ATTRIB_NAME); stringResponse.append(httpResponse.entity.asInstanceOf[HttpEntity.Strict].getData().decodeString("utf-8")) AkkaCoreUtils.postProcessHttpRequest(isLockAquired, stringResponse, httpResponse.entity.contentType.toString(), this.getClass.getName, "apply", NewRelic.getAgent.getTransaction.getToken()) } catch { diff --git a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java index 430dedb60..64bc7cd18 100644 --- a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/AkkaCoreUtils.java @@ -11,6 +11,7 @@ import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -26,37 +27,10 @@ public class AkkaCoreUtils { public static final String AKKA_HTTP_10_0_0 = "AKKA_HTTP_10.0.0"; private static final String X_FORWARDED_FOR = "x-forwarded-for"; private static final String EMPTY = ""; - public static final String QUESTION_MARK = "?"; - - public static boolean isServletLockAcquired() { - try { - return NewRelicSecurity.isHookProcessingActive() && - Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); - } catch (Throwable ignored) {} - return false; - } - - public static void releaseServletLock() { - try { - if(NewRelicSecurity.isHookProcessingActive()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), null); - } - } catch (Throwable ignored){} - } - - private static String getNrSecCustomAttribName() { - return NR_SEC_CUSTOM_ATTRIB_NAME; - } + private static final String QUESTION_MARK = "?"; public static boolean acquireServletLockIfPossible() { - try { - if (NewRelicSecurity.isHookProcessingActive() && - !isServletLockAcquired()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true); - return true; - } - } catch (Throwable ignored){} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, NR_SEC_CUSTOM_ATTRIB_NAME); } public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringBuilder responseBody, String contentType, String className, String methodName, Token token) { @@ -87,7 +61,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB } } finally { if(isServletLockAcquired){ - releaseServletLock(); + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME); } } } @@ -105,16 +79,12 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); com.newrelic.api.agent.security.schema.HttpRequest securityRequest = securityMetaData.getRequest(); - if (securityRequest.isRequestParsed()) { - return; - } AgentMetaData securityAgentMetaData = securityMetaData.getMetaData(); securityRequest.setMethod(httpRequest.method().value()); //TODO Client IP and PORT extraction is pending -// securityRequest.setClientIP(); securityRequest.setServerPort(httpRequest.getUri().port()); processHttpRequestHeader(httpRequest, securityRequest); @@ -144,8 +114,8 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, AKKA_HTTP_10_0_0, ignored.getMessage()), ignored, AkkaCoreUtils.class.getName()); } finally { - if(isServletLockAcquired()){ - releaseServletLock(); + if(GenericHelper.isLockAcquired(AkkaCoreUtils.NR_SEC_CUSTOM_ATTRIB_NAME)){ + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME); } } } diff --git a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/CsecAkkaHttpContextFunction.scala b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/CsecAkkaHttpContextFunction.scala index 2ebd36c77..f20f984d9 100644 --- a/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/CsecAkkaHttpContextFunction.scala +++ b/instrumentation-security/akka-http-2.11_10.0.0/src/main/scala/akka/http/scaladsl/server/CsecAkkaHttpContextFunction.scala @@ -12,21 +12,19 @@ import akka.http.scaladsl.model.HttpEntity import akka.stream.javadsl.Source import akka.stream.scaladsl.Sink import akka.util.ByteString - -import java.util.concurrent.atomic.AtomicBoolean -import java.util.logging.Level -import com.newrelic.api.agent.{NewRelic, Trace} import com.newrelic.api.agent.security.NewRelicSecurity import com.newrelic.api.agent.security.utils.logging.LogLevel +import com.newrelic.api.agent.{NewRelic, Trace} import java.lang -import scala.collection.mutable +import java.util.concurrent.atomic.AtomicBoolean +import java.util.logging.Level import scala.concurrent.Future import scala.runtime.AbstractFunction1 object CsecAkkaHttpContextFunction { - final val retransformed = new AtomicBoolean(false) + private final val retransformed = new AtomicBoolean(false) def contextWrapper(original: Function1[RequestContext, Future[RouteResult]]): Function1[RequestContext, Future[RouteResult]] = { if (retransformed.compareAndSet(false, true)) { diff --git a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index cfd6c386c..4fcf2d24a 100644 --- a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -11,6 +11,7 @@ import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -28,37 +29,10 @@ public class AkkaCoreUtils { private static final String X_FORWARDED_FOR = "x-forwarded-for"; private static final String EMPTY = ""; - public static final String QUESTION_MARK = "?"; - - public static boolean isServletLockAcquired() { - try { - return NewRelicSecurity.isHookProcessingActive() && - Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); - } catch (Throwable ignored) {} - return false; - } - - public static void releaseServletLock() { - try { - if(NewRelicSecurity.isHookProcessingActive()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), null); - } - } catch (Throwable ignored){} - } - - private static String getNrSecCustomAttribName() { - return NR_SEC_CUSTOM_ATTRIB_NAME; - } + private static final String QUESTION_MARK = "?"; public static boolean acquireServletLockIfPossible() { - try { - if (NewRelicSecurity.isHookProcessingActive() && - !isServletLockAcquired()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true); - return true; - } - } catch (Throwable ignored){} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, NR_SEC_CUSTOM_ATTRIB_NAME); } public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringBuilder response, String contentType, int responseCode, String className, String methodName, Token token) { @@ -94,7 +68,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, AKKA_HTTP_CORE_10_0, e.getMessage()), e, AkkaCoreUtils.class.getName()); } finally { if(isServletLockAcquired){ - releaseServletLock(); + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME); } } } @@ -121,7 +95,6 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq securityRequest.setMethod(httpRequest.method().value()); //TODO Client IP and PORT extraction is pending -// securityRequest.setClientIP(); securityRequest.setServerPort(httpRequest.getUri().port()); processHttpRequestHeader(httpRequest, securityRequest); @@ -150,13 +123,13 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, AKKA_HTTP_CORE_10_0, ignored.getMessage()), ignored, AkkaCoreUtils.class.getName()); } finally { - if(isServletLockAcquired()){ - releaseServletLock(); + if(GenericHelper.isLockAcquired(NR_SEC_CUSTOM_ATTRIB_NAME)){ + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME); } } } - public static String getTraceHeader(Map headers) { + private static String getTraceHeader(Map headers) { String data = EMPTY; if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); @@ -167,7 +140,7 @@ public static String getTraceHeader(Map headers) { return data; } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ + private static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { boolean takeNextValue = false; diff --git a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java index deada6535..77964cae7 100644 --- a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java +++ b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java @@ -126,11 +126,6 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO private AbstractOperation preprocessSecurityHook(HttpRequest httpRequest, String methodName) { try { - SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (!NewRelicSecurity.isHookProcessingActive() || securityMetaData.getRequest().isEmpty()) { - return null; - } - // Generate required URL URI methodURI = null; String uri = null; diff --git a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java index d226ac2eb..4a5dcbe0f 100644 --- a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java +++ b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java @@ -31,9 +31,6 @@ public InetSocketAddress localAddress() { @WeaveAllConstructors public ServerBinding() { -// AgentBridge.getAgent().getLogger().log(Level.FINE, "Setting akka-http port to: {0,number,#}", localAddress().getPort()); -// AgentBridge.publicApi.setAppServerPort(localAddress().getPort()); -// AgentBridge.publicApi.setServerInfo("Akka HTTP", ManifestUtils.getVersionFromManifest(getClass(), "akka-http-core", "10.2.0")); NewRelicSecurity.getAgent().setApplicationConnectionConfig(localAddress().getPort(), "http"); try { diff --git a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/ResponseFutureHelper.scala b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/ResponseFutureHelper.scala index 4176160dc..bcff48b24 100644 --- a/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/ResponseFutureHelper.scala +++ b/instrumentation-security/akka-http-core-10.0/src/main/scala/akka/http/scaladsl/ResponseFutureHelper.scala @@ -32,7 +32,7 @@ object ResponseFutureHelper { try { val stringResponse: lang.StringBuilder = new lang.StringBuilder(); val dataBytes: Source[ByteString, _] = response.entity.getDataBytes() - val isLockAquired = AkkaCoreUtils.acquireServletLockIfPossible(); + val isLockAquired = GenericHelper.acquireLockIfPossible(AkkaCoreUtils.NR_SEC_CUSTOM_ATTRIB_NAME); val sink: Sink[ByteString, Future[Done]] = Sink.foreach[ByteString] { byteString => val chunk = byteString.utf8String stringResponse.append(chunk) @@ -61,7 +61,7 @@ object ResponseFutureHelper { try { val stringResponse: lang.StringBuilder = new lang.StringBuilder(); val dataBytes: Source[ByteString, _] = httpResponse.entity.getDataBytes() - val isLockAquired = AkkaCoreUtils.acquireServletLockIfPossible(); + val isLockAquired = GenericHelper.acquireLockIfPossible(AkkaCoreUtils.NR_SEC_CUSTOM_ATTRIB_NAME); val sink: Sink[ByteString, Future[Done]] = Sink.foreach[ByteString] { byteString => val chunk = byteString.utf8String stringResponse.append(chunk) diff --git a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index 124589903..0329e7dcf 100644 --- a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -11,6 +11,7 @@ import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -28,37 +29,10 @@ public class AkkaCoreUtils { private static final String X_FORWARDED_FOR = "x-forwarded-for"; private static final String EMPTY = ""; - public static final String QUESTION_MARK = "?"; - - public static boolean isServletLockAcquired() { - try { - return NewRelicSecurity.isHookProcessingActive() && - Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); - } catch (Throwable ignored) {} - return false; - } - - public static void releaseServletLock() { - try { - if(NewRelicSecurity.isHookProcessingActive()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), null); - } - } catch (Throwable ignored){} - } - - private static String getNrSecCustomAttribName() { - return NR_SEC_CUSTOM_ATTRIB_NAME; - } + private static final String QUESTION_MARK = "?"; public static boolean acquireServletLockIfPossible() { - try { - if (NewRelicSecurity.isHookProcessingActive() && - !isServletLockAcquired()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true); - return true; - } - } catch (Throwable ignored){} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, NR_SEC_CUSTOM_ATTRIB_NAME); } public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringBuilder responseBody, String contentType, int responseCode, String className, String methodName, Token token) { @@ -94,7 +68,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, AKKA_HTTP_CORE_10_0_11, e.getMessage()), e, AkkaCoreUtils.class.getName()); } finally { if(isServletLockAcquired){ - releaseServletLock(); + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME); } } } @@ -121,7 +95,6 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq securityRequest.setMethod(httpRequest.method().value()); //TODO Client IP and PORT extraction is pending -// securityRequest.setClientIP(); securityRequest.setServerPort(httpRequest.getUri().getPort()); processHttpRequestHeader(httpRequest, securityRequest); @@ -150,13 +123,13 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, AKKA_HTTP_CORE_10_0_11, ignored.getMessage()), ignored, AkkaCoreUtils.class.getName()); } finally { - if(isServletLockAcquired()){ - releaseServletLock(); + if(GenericHelper.isLockAcquired(NR_SEC_CUSTOM_ATTRIB_NAME)){ + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME); } } } - public static String getTraceHeader(Map headers) { + private static String getTraceHeader(Map headers) { String data = EMPTY; if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); @@ -167,7 +140,7 @@ public static String getTraceHeader(Map headers) { return data; } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ + private static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { boolean takeNextValue = false; diff --git a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java index 65d5da00b..b0e9a0fc1 100644 --- a/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java +++ b/instrumentation-security/akka-http-core-2.11_10.0.11/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java @@ -129,11 +129,6 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO private AbstractOperation preprocessSecurityHook(HttpRequest httpRequest, String methodName) { try { - SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (!NewRelicSecurity.isHookProcessingActive() || securityMetaData.getRequest().isEmpty()) { - return null; - } - // Generate required URL URI methodURI = null; String uri = null; diff --git a/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index fb29ea791..14d611635 100644 --- a/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -11,6 +11,7 @@ import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -28,37 +29,10 @@ public class AkkaCoreUtils { private static final String X_FORWARDED_FOR = "x-forwarded-for"; private static final String EMPTY = ""; - public static final String QUESTION_MARK = "?"; - - public static boolean isServletLockAcquired() { - try { - return NewRelicSecurity.isHookProcessingActive() && - Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); - } catch (Throwable ignored) {} - return false; - } - - public static void releaseServletLock() { - try { - if(NewRelicSecurity.isHookProcessingActive()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), null); - } - } catch (Throwable ignored){} - } - - private static String getNrSecCustomAttribName() { - return NR_SEC_CUSTOM_ATTRIB_NAME; - } + private static final String QUESTION_MARK = "?"; public static boolean acquireServletLockIfPossible() { - try { - if (NewRelicSecurity.isHookProcessingActive() && - !isServletLockAcquired()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true); - return true; - } - } catch (Throwable ignored){} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, NR_SEC_CUSTOM_ATTRIB_NAME); } public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringBuilder responseBody, String contentType, int responseCode, String className, String methodName, Token token) { @@ -91,7 +65,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, AKKA_HTTP_CORE_10_0_11, e.getMessage()), e, AkkaCoreUtils.class.getName()); } finally { if(isServletLockAcquired){ - releaseServletLock(); + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME); } } } @@ -118,7 +92,6 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq securityRequest.setMethod(httpRequest.method().value()); //TODO Client IP and PORT extraction is pending -// securityRequest.setClientIP(); securityRequest.setServerPort(httpRequest.getUri().getPort()); processHttpRequestHeader(httpRequest, securityRequest); @@ -147,13 +120,13 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, AKKA_HTTP_CORE_10_0_11, ignored.getMessage()), ignored, AkkaCoreUtils.class.getName()); } finally { - if(isServletLockAcquired()){ - releaseServletLock(); + if(GenericHelper.isLockAcquired(NR_SEC_CUSTOM_ATTRIB_NAME)){ + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME); } } } - public static String getTraceHeader(Map headers) { + private static String getTraceHeader(Map headers) { String data = EMPTY; if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); @@ -164,7 +137,7 @@ public static String getTraceHeader(Map headers) { return data; } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ + private static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { boolean takeNextValue = false; diff --git a/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java b/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java index 65d5da00b..b0e9a0fc1 100644 --- a/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java +++ b/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java @@ -129,11 +129,6 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO private AbstractOperation preprocessSecurityHook(HttpRequest httpRequest, String methodName) { try { - SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (!NewRelicSecurity.isHookProcessingActive() || securityMetaData.getRequest().isEmpty()) { - return null; - } - // Generate required URL URI methodURI = null; String uri = null; diff --git a/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java b/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java index 5aee71a85..82e293dbe 100644 --- a/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java +++ b/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java @@ -31,10 +31,6 @@ public InetSocketAddress localAddress() { @WeaveAllConstructors public ServerBinding() { - // AgentBridge.getAgent().getLogger().log(Level.FINE, "Setting akka-http port to: {0,number,#}", localAddress().getPort()); -// AgentBridge.publicApi.setAppServerPort(localAddress().getPort()); -// AgentBridge.publicApi.setServerInfo("Akka HTTP", ManifestUtils.getVersionFromManifest(getClass(), "akka-http-core", "10.2.0")); - NewRelicSecurity.getAgent().setApplicationConnectionConfig(localAddress().getPort(), "http"); try { Class agentBridgeClass = Class.forName("com.newrelic.agent.bridge.AgentBridge"); diff --git a/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/ResponseFutureHelper.scala b/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/ResponseFutureHelper.scala index 60a80405f..f294ed015 100644 --- a/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/ResponseFutureHelper.scala +++ b/instrumentation-security/akka-http-core-2.13_10.1.8/src/main/scala/akka/http/scaladsl/ResponseFutureHelper.scala @@ -32,7 +32,7 @@ object ResponseFutureHelper { try { val stringResponse: lang.StringBuilder = new lang.StringBuilder(); val dataBytes: Source[ByteString, _] = response.entity.getDataBytes() - val isLockAquired = AkkaCoreUtils.acquireServletLockIfPossible(); + val isLockAquired = GenericHelper.acquireLockIfPossible(AkkaCoreUtils.NR_SEC_CUSTOM_ATTRIB_NAME); val sink: Sink[ByteString, Future[Done]] = Sink.foreach[ByteString] { byteString => val chunk = byteString.utf8String stringResponse.append(chunk) @@ -61,7 +61,7 @@ object ResponseFutureHelper { try { val stringResponse: lang.StringBuilder = new lang.StringBuilder(); val dataBytes: Source[ByteString, _] = httpResponse.entity.getDataBytes() - val isLockAquired = AkkaCoreUtils.acquireServletLockIfPossible(); + val isLockAquired = GenericHelper.acquireLockIfPossible(AkkaCoreUtils.NR_SEC_CUSTOM_ATTRIB_NAME); val sink: Sink[ByteString, Future[Done]] = Sink.foreach[ByteString] { byteString => val chunk = byteString.utf8String stringResponse.append(chunk) diff --git a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java index 0f36ab5e6..b52bce019 100644 --- a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java +++ b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaCoreUtils.java @@ -1,6 +1,5 @@ package akka.http.scaladsl; -import akka.Done; import akka.http.javadsl.model.HttpHeader; import akka.http.scaladsl.model.HttpRequest; import com.newrelic.api.agent.Token; @@ -28,37 +27,14 @@ public class AkkaCoreUtils { private static final String X_FORWARDED_FOR = "x-forwarded-for"; private static final String EMPTY = ""; public static final String AKKA_HTTP_CORE_2_13_10_2_0 = "AKKA_HTTP_CORE_2.13_10.2.0"; - public static final String QUESTION_MARK = "?"; - - public static boolean isServletLockAcquired() { - try { - return NewRelicSecurity.isHookProcessingActive() && - Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); - } catch (Throwable ignored) {} - return false; - } - - public static void releaseServletLock() { - try { - if(NewRelicSecurity.isHookProcessingActive()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), null); - } - } catch (Throwable ignored){} - } + private static final String QUESTION_MARK = "?"; private static String getNrSecCustomAttribName() { return NR_SEC_CUSTOM_ATTRIB_NAME; } public static boolean acquireServletLockIfPossible() { - try { - if (NewRelicSecurity.isHookProcessingActive() && - !isServletLockAcquired()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true); - return true; - } - } catch (Throwable ignored){} - return false; + return GenericHelper.acquireLockIfPossible(NR_SEC_CUSTOM_ATTRIB_NAME); } public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringBuilder responseBody, String contentType, int responseCode, String className, String methodName, Token token) { @@ -92,7 +68,7 @@ public static void postProcessHttpRequest(Boolean isServletLockAcquired, StringB NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, AKKA_HTTP_CORE_2_13_10_2_0, e.getMessage()), e, AkkaCoreUtils.class.getName()); } finally { if(isServletLockAcquired){ - releaseServletLock(); + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME); } } } @@ -119,7 +95,6 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq securityRequest.setMethod(httpRequest.method().value()); //TODO Client IP and PORT extraction is pending -// securityRequest.setClientIP(); securityRequest.setServerPort(httpRequest.getUri().getPort()); processHttpRequestHeader(httpRequest, securityRequest); @@ -148,8 +123,8 @@ public static void preProcessHttpRequest (Boolean isServletLockAcquired, HttpReq NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, AKKA_HTTP_CORE_2_13_10_2_0, ignored.getMessage()), ignored, AkkaCoreUtils.class.getName()); } finally { - if(isServletLockAcquired()){ - releaseServletLock(); + if(GenericHelper.isLockAcquired(NR_SEC_CUSTOM_ATTRIB_NAME)){ + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME); } } } @@ -164,7 +139,7 @@ private static String getProtocol(String value) { } } - public static String getTraceHeader(Map headers) { + private static String getTraceHeader(Map headers) { String data = EMPTY; if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); @@ -175,7 +150,7 @@ public static String getTraceHeader(Map headers) { return data; } - public static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ + private static void processHttpRequestHeader(HttpRequest request, com.newrelic.api.agent.security.schema.HttpRequest securityRequest){ Iterator headers = request.getHeaders().iterator(); while (headers.hasNext()) { boolean takeNextValue = false; diff --git a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaSyncRequestHandler.scala b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaSyncRequestHandler.scala index d0f99f329..bb1f64a44 100644 --- a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaSyncRequestHandler.scala +++ b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/AkkaSyncRequestHandler.scala @@ -16,7 +16,6 @@ import akka.util.ByteString import com.newrelic.api.agent.{NewRelic, Trace} import java.lang -import scala.collection.JavaConverters import scala.concurrent.Future import scala.runtime.AbstractFunction1 diff --git a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java index 41c69c12e..3886f2ed9 100644 --- a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java +++ b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/HttpExt_Instrumentation.java @@ -138,11 +138,6 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO private AbstractOperation preprocessSecurityHook(HttpRequest httpRequest, String methodName) { try { - SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (!NewRelicSecurity.isHookProcessingActive() || securityMetaData.getRequest().isEmpty()) { - return null; - } - // Generate required URL URI methodURI = null; String uri = null; diff --git a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java index d226ac2eb..4a5dcbe0f 100644 --- a/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java +++ b/instrumentation-security/akka-http-core-2.13_10.2.0/src/main/scala/akka/http/scaladsl/Http_Instrumentation.java @@ -31,9 +31,6 @@ public InetSocketAddress localAddress() { @WeaveAllConstructors public ServerBinding() { -// AgentBridge.getAgent().getLogger().log(Level.FINE, "Setting akka-http port to: {0,number,#}", localAddress().getPort()); -// AgentBridge.publicApi.setAppServerPort(localAddress().getPort()); -// AgentBridge.publicApi.setServerInfo("Akka HTTP", ManifestUtils.getVersionFromManifest(getClass(), "akka-http-core", "10.2.0")); NewRelicSecurity.getAgent().setApplicationConnectionConfig(localAddress().getPort(), "http"); try { diff --git a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java index 6c7a53102..0d4e11954 100644 --- a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java +++ b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapAsyncConnection_Instrumentation.java @@ -37,9 +37,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String name, String filter, String methodName){ try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - StringUtils.isBlank(filter)){ + if (StringUtils.isBlank(filter)){ return null; } LDAPOperation ldapOperation = new LDAPOperation(name, filter, this.getClass().getName(), methodName); @@ -57,16 +55,11 @@ private AbstractOperation preprocessSecurityHook (String name, String filter, St } private void releaseLock() { - try { - GenericHelper.releaseLock(LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible(VulnerabilityCaseType caseType) { - try { - return GenericHelper.acquireLockIfPossible(caseType, LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(caseType, LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } public SearchFuture searchAsync(Dn baseDn, String filter, SearchScope scope, String... attributes ) diff --git a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java index e8283a5fe..c4b0d99ec 100644 --- a/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java +++ b/instrumentation-security/apache-ldap/src/main/java/org/apache/directory/ldap/client/api/LdapConnection_Instrumentation.java @@ -37,9 +37,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String name, String filter, String methodName){ try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - StringUtils.isBlank(filter)){ + if (StringUtils.isBlank(filter)){ return null; } LDAPOperation ldapOperation = new LDAPOperation(name, filter, this.getClass().getName(), methodName); @@ -57,16 +55,11 @@ private AbstractOperation preprocessSecurityHook (String name, String filter, St } private void releaseLock() { - try { - GenericHelper.releaseLock(LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible(VulnerabilityCaseType caseType) { - try { - return GenericHelper.acquireLockIfPossible(caseType, LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(caseType, LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } public EntryCursor search(Dn baseDn, String filter, SearchScope scope, String... attributes ) diff --git a/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java b/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java index e045a6046..3fed3edd5 100644 --- a/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java +++ b/instrumentation-security/async-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java @@ -63,8 +63,7 @@ private String getNrSecCustomAttribName() { private AbstractOperation preprocessSecurityHook(String url, String className, String methodName) { try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - url == null || url.trim().isEmpty()) { + if (url == null || url.trim().isEmpty()) { return null; } diff --git a/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java b/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java index 75b920be2..eb08287c1 100644 --- a/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java +++ b/instrumentation-security/camel-xpath/src/main/java/org/apache/camel/builder/BuilderSupport_Instrumentation.java @@ -32,9 +32,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String expression, String methodName){ try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - StringUtils.isBlank(expression)){ + if (StringUtils.isBlank(expression)){ return null; } XPathOperation xPathOperation = new XPathOperation(expression, this.getClass().getName(), methodName); diff --git a/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java b/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java index f5f3343c4..618df5771 100644 --- a/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java +++ b/instrumentation-security/cassandra-datastax-3/src/main/java/com/newrelic/agent/security/instrumentation/cassandra3/CassandraUtils.java @@ -26,15 +26,11 @@ public class CassandraUtils { public static final String METHOD_EXECUTE_ASYNC = "executeAsync"; public static final String NR_SEC_CUSTOM_ATTRIB_CQL_STMT = "NR-CQL-STMT"; public static final String EVENT_CATEGORY = "CQL"; - public static final String NR_SEC_CASSANDRA_LOCK = "CASSANDRA_OPERATION_LOCK"; + private static final String NR_SEC_CASSANDRA_LOCK = "CASSANDRA_OPERATION_LOCK"; public static final String CASSANDRA_DATASTAX_3 = "CASSANDRA-DATASTAX-3"; public static boolean acquireLockIfPossible(VulnerabilityCaseType nosqlDbCommand, int hashcode) { - try { - return GenericHelper.acquireLockIfPossible(nosqlDbCommand, NR_SEC_CASSANDRA_LOCK + hashcode); - } catch (Exception ignored){ - } - return false; + return GenericHelper.acquireLockIfPossible(nosqlDbCommand, NR_SEC_CASSANDRA_LOCK, hashcode); } public static AbstractOperation preProcessSecurityHook(Statement statement, Configuration config, String klass) { @@ -114,7 +110,7 @@ private static Map setParams(BuiltStatement statement, ProtocolV return params; } - public static Map setParams(BoundStatement statement) { + private static Map setParams(BoundStatement statement) { Map params = new HashMap<>(); List variables = statement.preparedStatement().getVariables().asList(); try{ @@ -136,9 +132,6 @@ public static Map setParams(BoundStatement statement) { } public static void releaseLock(int hashcode) { - try { - GenericHelper.releaseLock(NR_SEC_CASSANDRA_LOCK + hashcode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(NR_SEC_CASSANDRA_LOCK, hashcode); } } diff --git a/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java b/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java index be4ff6d1a..16315a48f 100644 --- a/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java +++ b/instrumentation-security/cassandra-datastax-4/src/main/java/com/newrelic/agent/security/instrumentation/cassandra4/CassandraUtils.java @@ -25,18 +25,14 @@ import java.util.Map; public class CassandraUtils { - public static final String METHOD_EXECUTE = "execute"; + private static final String METHOD_EXECUTE = "execute"; public static final String NR_SEC_CUSTOM_ATTRIB_CQL_STMT = "NR-CQL-STMT"; public static final String EVENT_CATEGORY = "CQL"; - public static final String NR_SEC_CASSANDRA_LOCK = "CASSANDRA_OPERATION_LOCK"; + private static final String NR_SEC_CASSANDRA_LOCK = "CASSANDRA_OPERATION_LOCK"; public static final String CASSANDRA_DATASTAX_4 = "CASSANDRA-DATASTAX-4"; public static boolean acquireLockIfPossible(VulnerabilityCaseType nosqlDbCommand, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(nosqlDbCommand, NR_SEC_CASSANDRA_LOCK, hashCode); - } catch (Exception ignored){ - } - return false; + return GenericHelper.acquireLockIfPossible(nosqlDbCommand, NR_SEC_CASSANDRA_LOCK, hashCode); } public static AbstractOperation preProcessSecurityHook(String klass, RequestT request) { @@ -83,7 +79,7 @@ else if (request instanceof BoundStatement) { return null; } - public static Map setParams(BoundStatement statement) { + private static Map setParams(BoundStatement statement) { Map params = new HashMap<>(); ColumnDefinitions variables = statement.getPreparedStatement().getVariableDefinitions(); try{ @@ -128,10 +124,7 @@ public static Map setParams(SimpleStatement statement) { } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(NR_SEC_CASSANDRA_LOCK, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(NR_SEC_CASSANDRA_LOCK, hashCode); } public static void registerExitOperation(boolean isLockAcquired, AbstractOperation operation) { diff --git a/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java b/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java index f7d954177..5c3b6653d 100644 --- a/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java +++ b/instrumentation-security/commons-jxpath/src/main/java/org/apache/commons/jxpath/ri/compiler/JXPathContextReferenceImpl_Instrumentation.java @@ -105,8 +105,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String patternString, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - StringUtils.isBlank(patternString)){ + if (StringUtils.isBlank(patternString)){ return null; } XPathOperation xPathOperation = new XPathOperation(patternString, this.getClass().getName(), methodName); @@ -124,15 +123,10 @@ private AbstractOperation preprocessSecurityHook (String patternString, String m } private void releaseLock() { - try { - GenericHelper.releaseLock(XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible() { - try { - return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.XPATH, XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.XPATH, XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } } diff --git a/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java index 66a2d18af..ab54e4cbb 100644 --- a/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.390/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_390/DynamoDBUtil.java @@ -52,17 +52,14 @@ public abstract class DynamoDBUtil { public static AbstractOperation processDynamoDBRequest(Request yRequest, String klassName) { DynamoDBOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List requests = new ArrayList(); - AmazonWebServiceRequest request = yRequest.getOriginalRequest(); + List requests = new ArrayList(); + AmazonWebServiceRequest request = yRequest.getOriginalRequest(); - operation = checkAndGenerateOperation(request, requests, klassName); + operation = checkAndGenerateOperation(request, requests, klassName); - if (operation!=null) { - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - NewRelicSecurity.getAgent().registerOperation(operation); - } + if (operation!=null) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); + NewRelicSecurity.getAgent().registerOperation(operation); } } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { diff --git a/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java index 0478947e0..e578f4e7a 100644 --- a/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.453/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_453/DynamoDBUtil.java @@ -52,17 +52,14 @@ public abstract class DynamoDBUtil { public static AbstractOperation processDynamoDBRequest(Request yRequest, String klassName) { DynamoDBOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List requests = new ArrayList(); - AmazonWebServiceRequest request = yRequest.getOriginalRequest(); + List requests = new ArrayList(); + AmazonWebServiceRequest request = yRequest.getOriginalRequest(); - operation = checkAndGenerateOperation(request, requests, klassName); + operation = checkAndGenerateOperation(request, requests, klassName); - if (operation!=null) { - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - NewRelicSecurity.getAgent().registerOperation(operation); - } + if (operation!=null) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); + NewRelicSecurity.getAgent().registerOperation(operation); } } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { diff --git a/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java index d981b6199..2a99f2819 100644 --- a/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.459/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_459/DynamoDBUtil.java @@ -61,17 +61,14 @@ public abstract class DynamoDBUtil { public static AbstractOperation processDynamoDBRequest(Request yRequest, String klassName) { DynamoDBOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List requests = new ArrayList(); - AmazonWebServiceRequest request = yRequest.getOriginalRequest(); + List requests = new ArrayList(); + AmazonWebServiceRequest request = yRequest.getOriginalRequest(); - operation = checkAndGenerateOperation(request, requests, klassName); + operation = checkAndGenerateOperation(request, requests, klassName); - if (operation!=null) { - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - NewRelicSecurity.getAgent().registerOperation(operation); - } + if (operation!=null) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); + NewRelicSecurity.getAgent().registerOperation(operation); } } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { diff --git a/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java b/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java index 44d708f95..47e96e778 100644 --- a/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-1.11.80/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_1_11_80/DynamoDBUtil.java @@ -52,17 +52,14 @@ public abstract class DynamoDBUtil { public static AbstractOperation processDynamoDBRequest(Request yRequest, String klassName) { DynamoDBOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List requests = new ArrayList(); - AmazonWebServiceRequest request = yRequest.getOriginalRequest(); + List requests = new ArrayList(); + AmazonWebServiceRequest request = yRequest.getOriginalRequest(); - operation = checkAndGenerateOperation(request, requests, klassName); + operation = checkAndGenerateOperation(request, requests, klassName); - if (operation!=null) { - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - NewRelicSecurity.getAgent().registerOperation(operation); - } + if (operation!=null) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); + NewRelicSecurity.getAgent().registerOperation(operation); } } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { diff --git a/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java b/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java index 1e59b670f..0423e0020 100644 --- a/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-2.1.0/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_210/DynamoDBUtil.java @@ -56,16 +56,14 @@ public static AbstractO ClientExecutionParams yRequest, String klassName) { DynamoDBOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List requests = new ArrayList(); - InputT request = yRequest.getInput(); + List requests = new ArrayList(); + InputT request = yRequest.getInput(); - operation = checkAndGenerateOperation(request, requests, klassName); + operation = checkAndGenerateOperation(request, requests, klassName); - if (operation!=null) { - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - NewRelicSecurity.getAgent().registerOperation(operation); - } + if (operation!=null) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); + NewRelicSecurity.getAgent().registerOperation(operation); } } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { diff --git a/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java b/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java index 73f8d5691..dd51a382a 100644 --- a/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-2.1.2/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_212/DynamoDBUtil.java @@ -65,16 +65,14 @@ public static AbstractO ClientExecutionParams yRequest, String klassName) { DynamoDBOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List requests = new ArrayList(); - InputT request = yRequest.getInput(); + List requests = new ArrayList(); + InputT request = yRequest.getInput(); - operation = checkAndGenerateOperation(request, requests, klassName); + operation = checkAndGenerateOperation(request, requests, klassName); - if (operation!=null) { - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - NewRelicSecurity.getAgent().registerOperation(operation); - } + if (operation!=null) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); + NewRelicSecurity.getAgent().registerOperation(operation); } } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { diff --git a/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java b/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java index 35c9cc87a..4063dd651 100644 --- a/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java +++ b/instrumentation-security/dynamodb-2.15.34/src/main/java/com/newrelic/agent/security/instrumentation/dynamodb_215/DynamoDBUtil.java @@ -70,16 +70,14 @@ public static AbstractO ClientExecutionParams yRequest, String klassName) { DynamoDBOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List requests = new ArrayList(); - InputT request = yRequest.getInput(); + List requests = new ArrayList(); + InputT request = yRequest.getInput(); - operation = checkAndGenerateOperation(request, requests, klassName); + operation = checkAndGenerateOperation(request, requests, klassName); - if (operation!=null) { - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - NewRelicSecurity.getAgent().registerOperation(operation); - } + if (operation!=null) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); + NewRelicSecurity.getAgent().registerOperation(operation); } } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { diff --git a/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java b/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java index 3d7c171ce..0c566ca12 100644 --- a/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java +++ b/instrumentation-security/file-low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/io/File_Instrumentation.java @@ -65,7 +65,7 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO private static AbstractOperation preprocessSecurityHook(boolean isBooleanAttributesCall, String methodName, boolean isLowSeverityHook, File_Instrumentation... files) { try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || files == null || files.length == 0) { + if (files == null || files.length == 0) { return null; } List fileNames = new ArrayList<>(files.length); diff --git a/instrumentation-security/file-operation/src/main/java/java/io/FileInputStream_Instrumentation.java b/instrumentation-security/file-operation/src/main/java/java/io/FileInputStream_Instrumentation.java index 6dcad1296..f95faf703 100644 --- a/instrumentation-security/file-operation/src/main/java/java/io/FileInputStream_Instrumentation.java +++ b/instrumentation-security/file-operation/src/main/java/java/io/FileInputStream_Instrumentation.java @@ -62,8 +62,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook(String filename) { try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() - || filename == null || filename.trim().isEmpty() + if (filename == null || filename.trim().isEmpty() ) { return null; } diff --git a/instrumentation-security/file-operation/src/main/java/java/io/FileOutputStream_Instrumentation.java b/instrumentation-security/file-operation/src/main/java/java/io/FileOutputStream_Instrumentation.java index 74703a304..27071d763 100644 --- a/instrumentation-security/file-operation/src/main/java/java/io/FileOutputStream_Instrumentation.java +++ b/instrumentation-security/file-operation/src/main/java/java/io/FileOutputStream_Instrumentation.java @@ -63,8 +63,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook(String filename) { try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() - || filename == null || filename.trim().isEmpty() + if (filename == null || filename.trim().isEmpty() ) { return null; } diff --git a/instrumentation-security/file-operation/src/main/java/java/io/File_Instrumentation.java b/instrumentation-security/file-operation/src/main/java/java/io/File_Instrumentation.java index 984953e5c..398bcfcfb 100644 --- a/instrumentation-security/file-operation/src/main/java/java/io/File_Instrumentation.java +++ b/instrumentation-security/file-operation/src/main/java/java/io/File_Instrumentation.java @@ -372,8 +372,7 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO private static AbstractOperation preprocessSecurityHook(boolean isBooleanAttributesCall, String methodName, boolean isLowSeverityHook, File_Instrumentation... files) { try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() - || files == null || files.length == 0 + if (files == null || files.length == 0 ) { return null; } diff --git a/instrumentation-security/file-operation/src/main/java/java/io/RandomAccessFile_Instrumentation.java b/instrumentation-security/file-operation/src/main/java/java/io/RandomAccessFile_Instrumentation.java index 502eafd49..5403187c8 100644 --- a/instrumentation-security/file-operation/src/main/java/java/io/RandomAccessFile_Instrumentation.java +++ b/instrumentation-security/file-operation/src/main/java/java/io/RandomAccessFile_Instrumentation.java @@ -62,8 +62,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook(String filename) { try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() - || filename == null || filename.trim().isEmpty() + if (filename == null || filename.trim().isEmpty() ) { return null; } diff --git a/instrumentation-security/file-operation/src/main/java/java/nio/file/Files_Instrumentation.java b/instrumentation-security/file-operation/src/main/java/java/nio/file/Files_Instrumentation.java index d2a88246b..e3c763aac 100644 --- a/instrumentation-security/file-operation/src/main/java/java/nio/file/Files_Instrumentation.java +++ b/instrumentation-security/file-operation/src/main/java/java/nio/file/Files_Instrumentation.java @@ -70,9 +70,7 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO private static AbstractOperation preprocessSecurityHook(boolean isBooleanAttributesCall, String methodName, boolean isLowSeverityHook, File... files) { try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() - || files == null || files.length == 0 + if (files == null || files.length == 0 ) { return null; } diff --git a/instrumentation-security/file-operation/src/main/java/java/nio/file/spi/FileSystemProvider_Instrumentation.java b/instrumentation-security/file-operation/src/main/java/java/nio/file/spi/FileSystemProvider_Instrumentation.java index 36b95a300..2dc5330dd 100644 --- a/instrumentation-security/file-operation/src/main/java/java/nio/file/spi/FileSystemProvider_Instrumentation.java +++ b/instrumentation-security/file-operation/src/main/java/java/nio/file/spi/FileSystemProvider_Instrumentation.java @@ -320,9 +320,6 @@ private void registerExitOperation(AbstractOperation operation, boolean isFileLo private AbstractOperation preprocessSecurityHook(String methodName, Path... filename) { try { - if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - return null; - } List fileNames = new ArrayList<>(); for (Path path : filename) { diff --git a/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java b/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java index 1db1aa204..44b785f08 100644 --- a/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java +++ b/instrumentation-security/graalvm-jsinjection-19.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java @@ -54,8 +54,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String languageId, Object sourceImpl, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - !StringUtils.equals(languageId, JSEngineUtils.LANGUAGE_ID_JS)){ + if (!StringUtils.equals(languageId, JSEngineUtils.LANGUAGE_ID_JS)){ return null; } com.oracle.truffle.api.source.Source source = (Source) sourceImpl; diff --git a/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java b/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java index 41b03c502..e2815faeb 100644 --- a/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java +++ b/instrumentation-security/graalvm-jsinjection-22.0.0/src/main/java/com/oracle/truffle/polyglot/PolyglotContextImpl_Instrumentation.java @@ -54,8 +54,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String languageId, Source source, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - !StringUtils.equals(languageId, JSEngineUtils.LANGUAGE_ID_JS)){ + if (!StringUtils.equals(languageId, JSEngineUtils.LANGUAGE_ID_JS)){ return null; } JSInjectionOperation jsInjectionOperation = new JSInjectionOperation(String.valueOf(source.getCharacters()), this.getClass().getName(), methodName); diff --git a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcClientUtils.java b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcClientUtils.java index fb120f290..60b47002b 100644 --- a/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcClientUtils.java +++ b/instrumentation-security/grpc-1.22.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc1220/GrpcClientUtils.java @@ -15,7 +15,7 @@ public class GrpcClientUtils { public static final String METHOD_NAME_START = "start"; - public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "NR_CSEC_GRPC_CLIENT_OPERATIONAL_LOCK_"; + private static final String NR_SEC_CUSTOM_ATTRIB_NAME = "NR_CSEC_GRPC_CLIENT_OPERATIONAL_LOCK_"; public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { @@ -32,11 +32,6 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp public static AbstractOperation preprocessSecurityHook(String uri, Metadata meta, String klass) { try { - SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (!NewRelicSecurity.isHookProcessingActive() || securityMetaData.getRequest().isEmpty() - ) { - return null; - } SSRFOperation operation = new SSRFOperation(uri, klass, METHOD_NAME_START); diff --git a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcClientUtils.java b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcClientUtils.java index 181f8f155..70e38c1a2 100644 --- a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcClientUtils.java +++ b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/GrpcClientUtils.java @@ -14,8 +14,8 @@ import io.grpc.Metadata; public class GrpcClientUtils { - public static final String METHOD_NAME_START = "start"; - public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "NR_CSEC_GRPC_CLIENT_OPERATIONAL_LOCK_"; + private static final String METHOD_NAME_START = "start"; + private static final String NR_SEC_CUSTOM_ATTRIB_NAME = "NR_CSEC_GRPC_CLIENT_OPERATIONAL_LOCK_"; public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { @@ -32,12 +32,6 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp public static AbstractOperation preprocessSecurityHook(String uri, Metadata meta, String klass) { try { - SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (!NewRelicSecurity.isHookProcessingActive() || securityMetaData.getRequest().isEmpty() - ) { - return null; - } - SSRFOperation operation = new SSRFOperation(uri, klass, METHOD_NAME_START); NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); diff --git a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/client/GrpcClient.java b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/client/GrpcClient.java index 774550bf5..2058227af 100644 --- a/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/client/GrpcClient.java +++ b/instrumentation-security/grpc-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/grpc140/client/GrpcClient.java @@ -202,7 +202,7 @@ private static Object customServerStream(ManagedChannel channel, FuzzRequestBean return null; } - public static Object customBiDiStream(ManagedChannel channel, FuzzRequestBean requestBean, List payloads) throws InterruptedException { + private static Object customBiDiStream(ManagedChannel channel, FuzzRequestBean requestBean, List payloads) throws InterruptedException { GrpcStubs.CustomStub stub = GrpcStubs.newStub(channel); StringBuilder body = requestBean.getBody(); String[] methodSplitData = requestBean.getMethod().split("/"); diff --git a/instrumentation-security/http-async-client-4/src/main/java/com/newrelic/agent/security/instrumentation/httpasyncclient4/HttpAsyncClient4_Instrumentation.java b/instrumentation-security/http-async-client-4/src/main/java/com/newrelic/agent/security/instrumentation/httpasyncclient4/HttpAsyncClient4_Instrumentation.java index e2949d21d..46cd490fd 100644 --- a/instrumentation-security/http-async-client-4/src/main/java/com/newrelic/agent/security/instrumentation/httpasyncclient4/HttpAsyncClient4_Instrumentation.java +++ b/instrumentation-security/http-async-client-4/src/main/java/com/newrelic/agent/security/instrumentation/httpasyncclient4/HttpAsyncClient4_Instrumentation.java @@ -210,9 +210,6 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO private AbstractOperation preprocessSecurityHook(HttpRequest request, String uri, String methodName) { try { SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (securityMetaData.getRequest().isEmpty()) { - return null; - } // Add Security IAST header String iastHeader = NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getRaw(); @@ -249,17 +246,10 @@ private AbstractOperation preprocessSecurityHook(HttpRequest request, String uri } private void releaseLock() { - try { - GenericHelper.releaseLock(SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); } private boolean acquireLockIfPossible() { - try { - return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.HTTP_REQUEST, SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.HTTP_REQUEST, SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); } } diff --git a/instrumentation-security/httpclient-3/src/main/java/com/newrelic/agent/security/instrumentation/httpclient3/HttpMethodBase_Instrumentation.java b/instrumentation-security/httpclient-3/src/main/java/com/newrelic/agent/security/instrumentation/httpclient3/HttpMethodBase_Instrumentation.java index f2dc13295..5539ebc18 100644 --- a/instrumentation-security/httpclient-3/src/main/java/com/newrelic/agent/security/instrumentation/httpclient3/HttpMethodBase_Instrumentation.java +++ b/instrumentation-security/httpclient-3/src/main/java/com/newrelic/agent/security/instrumentation/httpclient3/HttpMethodBase_Instrumentation.java @@ -65,9 +65,6 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook(HttpConnection conn, String methodName) { try { SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (securityMetaData.getRequest().isEmpty()) { - return null; - } // Generate required URL @@ -144,17 +141,10 @@ private AbstractOperation preprocessSecurityHook(HttpConnection conn, String met } private void releaseLock() { - try { - GenericHelper.releaseLock(SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); } private boolean acquireLockIfPossible() { - try { - return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.HTTP_REQUEST, SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.HTTP_REQUEST, SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); } } diff --git a/instrumentation-security/httpclient-4.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient40/HttpClient_Instrumentation.java b/instrumentation-security/httpclient-4.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient40/HttpClient_Instrumentation.java index dd5e21d45..c78cf2b9d 100644 --- a/instrumentation-security/httpclient-4.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient40/HttpClient_Instrumentation.java +++ b/instrumentation-security/httpclient-4.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient40/HttpClient_Instrumentation.java @@ -251,9 +251,6 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO private AbstractOperation preprocessSecurityHook(HttpRequest request, String uri, String methodName) { try { SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (securityMetaData.getRequest().isEmpty()) { - return null; - } // TODO : Need to check if this is required anymore in NR case. // // Add Security app topology header @@ -298,18 +295,11 @@ private AbstractOperation preprocessSecurityHook(HttpRequest request, String uri } private void releaseLock() { - try { - GenericHelper.releaseLock(SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); } private boolean acquireLockIfPossible() { - try { - return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.HTTP_REQUEST, SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.HTTP_REQUEST, SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); } } diff --git a/instrumentation-security/httpclient-4.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient40/SecurityHelper.java b/instrumentation-security/httpclient-4.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient40/SecurityHelper.java index ba4d5bd68..0ea1005ea 100644 --- a/instrumentation-security/httpclient-4.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient40/SecurityHelper.java +++ b/instrumentation-security/httpclient-4.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient40/SecurityHelper.java @@ -3,27 +3,8 @@ public class SecurityHelper { public static final String METHOD_NAME_EXECUTE = "execute"; - public static final String NULL_STRING = "null"; public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SSRF_OPERATION_LOCK_APACHE4-"; - public static final String HTTP_CLIENT_4 = "HTTP-CLIENT-4"; - public static String getURI(String scheme, String host, int port, String path) { - StringBuilder sb = new StringBuilder(); - if (scheme != null) { - sb.append(scheme); - sb.append("://"); - } - if (host != null) { - sb.append(host); - if (port >= 0) { - sb.append(":"); - sb.append(port); - } - } - if (path != null) { - sb.append(path); - } - return sb.toString(); - } + public static final String HTTP_CLIENT_4 = "HTTP-CLIENT-4"; } diff --git a/instrumentation-security/httpclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient50/HttpClient_Instrumentation.java b/instrumentation-security/httpclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient50/HttpClient_Instrumentation.java index 90ffc99e2..7c4d96080 100644 --- a/instrumentation-security/httpclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient50/HttpClient_Instrumentation.java +++ b/instrumentation-security/httpclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient50/HttpClient_Instrumentation.java @@ -224,18 +224,11 @@ private static URI getUri(HttpHost target, HttpRequest request) throws URISyntax } private void releaseLock() { - try { - GenericHelper.releaseLock(SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); } private boolean acquireLockIfPossible() { - try { - return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.HTTP_REQUEST, SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.HTTP_REQUEST, SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); } } diff --git a/instrumentation-security/httpclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient50/SecurityHelper.java b/instrumentation-security/httpclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient50/SecurityHelper.java index d6b58443e..ae82bd666 100644 --- a/instrumentation-security/httpclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient50/SecurityHelper.java +++ b/instrumentation-security/httpclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/httpclient50/SecurityHelper.java @@ -34,9 +34,6 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp public static AbstractOperation preprocessSecurityHook(HttpRequest request, String uri, String className, String methodName) { try { SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (securityMetaData.getRequest().isEmpty()) { - return null; - } // Add Security IAST header String iastHeader = NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getRaw(); diff --git a/instrumentation-security/httpclient-jdk11/src/main/java/com/newrelic/agent/security/instrumentation/http/HttpClientImpl_Instrumentation.java b/instrumentation-security/httpclient-jdk11/src/main/java/com/newrelic/agent/security/instrumentation/http/HttpClientImpl_Instrumentation.java index 8d6a505e4..b2c0644cd 100644 --- a/instrumentation-security/httpclient-jdk11/src/main/java/com/newrelic/agent/security/instrumentation/http/HttpClientImpl_Instrumentation.java +++ b/instrumentation-security/httpclient-jdk11/src/main/java/com/newrelic/agent/security/instrumentation/http/HttpClientImpl_Instrumentation.java @@ -63,11 +63,6 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO private AbstractOperation preprocessSecurityHook(HttpRequest request, String uri, String methodName) { try { - SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (securityMetaData.getRequest().isEmpty()) { - return null; - } - SSRFOperation operation = new SSRFOperation(uri, this.getClass().getName(), methodName); NewRelicSecurity.getAgent().registerOperation(operation); @@ -85,18 +80,11 @@ private AbstractOperation preprocessSecurityHook(HttpRequest request, String uri private void releaseLock() { - try { - GenericHelper.releaseLock(SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); } private boolean acquireLockIfPossible() { - try { - return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.HTTP_REQUEST, SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.HTTP_REQUEST, SecurityHelper.NR_SEC_CUSTOM_ATTRIB_NAME, this.hashCode()); } private static HttpRequest addSecurityHeader(AbstractOperation operation, HttpRequest req) { diff --git a/instrumentation-security/java-io-inputstream-jdk8/src/main/java/java/io/InputStream_Instrumentation.java b/instrumentation-security/java-io-inputstream-jdk8/src/main/java/java/io/InputStream_Instrumentation.java index 035c10fb3..647d23092 100644 --- a/instrumentation-security/java-io-inputstream-jdk8/src/main/java/java/io/InputStream_Instrumentation.java +++ b/instrumentation-security/java-io-inputstream-jdk8/src/main/java/java/io/InputStream_Instrumentation.java @@ -16,18 +16,14 @@ public abstract class InputStream_Instrumentation { private boolean acquireLockIfPossible(int hashCode) { - try { - if(InputStreamHelper.processRequestInputStreamHookData(hashCode)) { - return GenericHelper.acquireLockIfPossible(InputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } - } catch (Throwable ignored) {} + if(InputStreamHelper.processRequestInputStreamHookData(hashCode)) { + return GenericHelper.acquireLockIfPossible(InputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); + } return false; } private void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(InputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(InputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public int read(byte[] b) throws IOException { diff --git a/instrumentation-security/java-io-inputstream-jdk9/src/main/java/com/newrelic/agent/security/instrumentation/javaio/io/InputStream_Instrumentation.java b/instrumentation-security/java-io-inputstream-jdk9/src/main/java/com/newrelic/agent/security/instrumentation/javaio/io/InputStream_Instrumentation.java index 1ad2093b4..31b55511c 100644 --- a/instrumentation-security/java-io-inputstream-jdk9/src/main/java/com/newrelic/agent/security/instrumentation/javaio/io/InputStream_Instrumentation.java +++ b/instrumentation-security/java-io-inputstream-jdk9/src/main/java/com/newrelic/agent/security/instrumentation/javaio/io/InputStream_Instrumentation.java @@ -18,18 +18,14 @@ public abstract class InputStream_Instrumentation { private boolean acquireLockIfPossible(int hashCode) { - try { - if(InputStreamHelper.processRequestInputStreamHookData(hashCode)) { - return GenericHelper.acquireLockIfPossible(InputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } - } catch (Throwable ignored) {} + if(InputStreamHelper.processRequestInputStreamHookData(hashCode)) { + return GenericHelper.acquireLockIfPossible(InputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); + } return false; } private void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(InputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(InputStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public int read(byte[] b) throws IOException { diff --git a/instrumentation-security/java-io-stream/src/main/java/java/io/BufferedReader_Instrumentation.java b/instrumentation-security/java-io-stream/src/main/java/java/io/BufferedReader_Instrumentation.java index 8edb7c538..4abc0536a 100644 --- a/instrumentation-security/java-io-stream/src/main/java/java/io/BufferedReader_Instrumentation.java +++ b/instrumentation-security/java-io-stream/src/main/java/java/io/BufferedReader_Instrumentation.java @@ -22,18 +22,14 @@ public abstract class BufferedReader_Instrumentation { private boolean acquireLockIfPossible(int hashCode) { - try { - if(IOStreamHelper.processRequestReaderHookData(hashCode)) { - return GenericHelper.acquireLockIfPossible(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_READER, hashCode); - } - } catch (Throwable ignored) {} + if(IOStreamHelper.processRequestReaderHookData(hashCode)) { + return GenericHelper.acquireLockIfPossible(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_READER, hashCode); + } return false; } private void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_READER, hashCode); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_READER, hashCode); } @WeaveAllConstructors diff --git a/instrumentation-security/java-io-stream/src/main/java/java/io/OutputStream_Instrumentation.java b/instrumentation-security/java-io-stream/src/main/java/java/io/OutputStream_Instrumentation.java index 0ec0a9829..a2aa3dfca 100644 --- a/instrumentation-security/java-io-stream/src/main/java/java/io/OutputStream_Instrumentation.java +++ b/instrumentation-security/java-io-stream/src/main/java/java/io/OutputStream_Instrumentation.java @@ -16,18 +16,14 @@ @Weave(type = MatchType.BaseClass, originalName = "java.io.OutputStream") public abstract class OutputStream_Instrumentation { private static boolean acquireLockIfPossible(int hashCode) { - try { - if(IOStreamHelper.processResponseOutputStreamHookData(hashCode)) { - return GenericHelper.acquireLockIfPossible(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_OUTPUT_STREAM, hashCode); - } - } catch (Throwable ignored) {} + if(IOStreamHelper.processResponseOutputStreamHookData(hashCode)) { + return GenericHelper.acquireLockIfPossible(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_OUTPUT_STREAM, hashCode); + } return false; } private static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_OUTPUT_STREAM, hashCode); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_OUTPUT_STREAM, hashCode); } public void write(byte b[]) throws IOException { diff --git a/instrumentation-security/java-io-stream/src/main/java/java/io/PrintWriter_Instrumentation.java b/instrumentation-security/java-io-stream/src/main/java/java/io/PrintWriter_Instrumentation.java index 17a2e34ee..379e073d4 100644 --- a/instrumentation-security/java-io-stream/src/main/java/java/io/PrintWriter_Instrumentation.java +++ b/instrumentation-security/java-io-stream/src/main/java/java/io/PrintWriter_Instrumentation.java @@ -20,18 +20,14 @@ public abstract class PrintWriter_Instrumentation { private PrintWriter_Instrumentation(){} private static boolean acquireLockIfPossible(int hashCode) { - try { - if(IOStreamHelper.processResponseWriterHookData(hashCode)) { - return GenericHelper.acquireLockIfPossible(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_WRITER, hashCode); - } - } catch (Throwable ignored) {} + if(IOStreamHelper.processResponseWriterHookData(hashCode)) { + return GenericHelper.acquireLockIfPossible(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_WRITER, hashCode); + } return false; } private static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_WRITER, hashCode); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_WRITER, hashCode); } public PrintWriter append(char c) { diff --git a/instrumentation-security/java-io-stream/src/main/java/java/io/Reader_Instrumentation.java b/instrumentation-security/java-io-stream/src/main/java/java/io/Reader_Instrumentation.java index 5563c953b..85eb17343 100644 --- a/instrumentation-security/java-io-stream/src/main/java/java/io/Reader_Instrumentation.java +++ b/instrumentation-security/java-io-stream/src/main/java/java/io/Reader_Instrumentation.java @@ -20,18 +20,14 @@ public abstract class Reader_Instrumentation { protected Object lock; private boolean acquireLockIfPossible(int hashCode) { - try { - if(IOStreamHelper.processRequestReaderHookData(hashCode)) { - return GenericHelper.acquireLockIfPossible(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_READER, hashCode); - } - } catch (Throwable ignored) {} + if(IOStreamHelper.processRequestReaderHookData(hashCode)) { + return GenericHelper.acquireLockIfPossible(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_READER, hashCode); + } return false; } private void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_READER, hashCode); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(IOStreamHelper.NR_SEC_CUSTOM_ATTRIB_NAME_READER, hashCode); } protected Reader_Instrumentation(){ diff --git a/instrumentation-security/java-lang/src/main/java/java/lang/ProcessImpl_Instrumentation.java b/instrumentation-security/java-lang/src/main/java/java/lang/ProcessImpl_Instrumentation.java index 8a8dc1916..fa48ed6a3 100644 --- a/instrumentation-security/java-lang/src/main/java/java/lang/ProcessImpl_Instrumentation.java +++ b/instrumentation-security/java-lang/src/main/java/java/lang/ProcessImpl_Instrumentation.java @@ -53,8 +53,7 @@ private static void registerExitOperation(AbstractOperation operation) { private static AbstractOperation preprocessSecurityHook(String[] cmdarray, Map environment) { try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() - || cmdarray == null || cmdarray.length == 0 + if (cmdarray == null || cmdarray.length == 0 ) { return null; } diff --git a/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java b/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java index 03450ea81..e676426d0 100644 --- a/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java +++ b/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java @@ -120,8 +120,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private List preprocessSecurityHook (Enumeration names, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - names == null || !names.hasMoreElements()){ + if (names == null || !names.hasMoreElements()){ return null; } UserDataTranslationHelper.placeJNDIAdditionalTemplateData(); @@ -139,8 +138,7 @@ private List preprocessSecurityHook (Enumeration name private AbstractOperation preprocessSecurityHook (String name, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - StringUtils.isBlank(name)){ + if (StringUtils.isBlank(name)){ return null; } UserDataTranslationHelper.placeJNDIAdditionalTemplateData(); @@ -157,15 +155,10 @@ private AbstractOperation preprocessSecurityHook (String name, String methodName } private void releaseLock() { - try { - GenericHelper.releaseLock(JNDIUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(JNDIUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible(VulnerabilityCaseType http) { - try { - return GenericHelper.acquireLockIfPossible(http, JNDIUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(http, JNDIUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } } diff --git a/instrumentation-security/javax-ldap/src/main/java/javax/naming/directory/DirContext_Instrumentation.java b/instrumentation-security/javax-ldap/src/main/java/javax/naming/directory/DirContext_Instrumentation.java index e0d586b8f..a21b80379 100644 --- a/instrumentation-security/javax-ldap/src/main/java/javax/naming/directory/DirContext_Instrumentation.java +++ b/instrumentation-security/javax-ldap/src/main/java/javax/naming/directory/DirContext_Instrumentation.java @@ -111,7 +111,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook(String name, String filter) { try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || StringUtils.isAnyBlank(filter)) { + if (StringUtils.isAnyBlank(filter)) { return null; } LDAPOperation ldapOperation = new LDAPOperation(name, filter, this.getClass().getName(), LDAPUtils.METHOD_SEARCH); @@ -129,18 +129,11 @@ private AbstractOperation preprocessSecurityHook(String name, String filter) { } private void releaseLock() { - try { - GenericHelper.releaseLock(LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible() { - try { - return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.LDAP, LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.LDAP, LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } } diff --git a/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java b/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java index bf86984ca..28d821f5b 100644 --- a/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java +++ b/instrumentation-security/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java @@ -76,7 +76,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String patternString, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || StringUtils.isBlank(patternString)){ + if (StringUtils.isBlank(patternString)){ return null; } XPathOperation xPathOperation = new XPathOperation(patternString, this.getClass().getName(), methodName); diff --git a/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java b/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java index a57cdbc0f..f236ef07e 100644 --- a/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java +++ b/instrumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java @@ -116,8 +116,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String patternString, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - StringUtils.isBlank(patternString)){ + if (StringUtils.isBlank(patternString)){ return null; } XPathOperation xPathOperation = new XPathOperation(patternString, this.getClass().getName(), methodName); diff --git a/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java b/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java index 1689ae033..673a6ff6d 100644 --- a/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java +++ b/instrumentation-security/jaxen-xpath-1.1/src/main/java/org/jaxen/BaseXPath_Instrumentation.java @@ -54,7 +54,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String patternString, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || StringUtils.isBlank(patternString)){ + if (StringUtils.isBlank(patternString)){ return null; } XPathOperation xPathOperation = new XPathOperation(patternString, this.getClass().getName(), methodName); @@ -72,9 +72,7 @@ private AbstractOperation preprocessSecurityHook (String patternString, String m } private void releaseLock() { - try { - GenericHelper.releaseLock(XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible(VulnerabilityCaseType xpath) { diff --git a/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java b/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java index a99fd2de3..993eee53a 100644 --- a/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java +++ b/instrumentation-security/jaxen-xpath/src/main/java/org/jaxen/BaseXPath_Instrumentation.java @@ -54,7 +54,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String patternString, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || StringUtils.isBlank(patternString)){ + if (StringUtils.isBlank(patternString)){ return null; } XPathOperation xPathOperation = new XPathOperation(patternString, this.getClass().getName(), methodName); diff --git a/instrumentation-security/jcache-1.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jcache_1_0_0/JCacheHelper.java b/instrumentation-security/jcache-1.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jcache_1_0_0/JCacheHelper.java index 4dc30fc17..67e608aea 100644 --- a/instrumentation-security/jcache-1.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jcache_1_0_0/JCacheHelper.java +++ b/instrumentation-security/jcache-1.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jcache_1_0_0/JCacheHelper.java @@ -20,9 +20,6 @@ public class JCacheHelper { public static AbstractOperation preprocessSecurityHook(String command, List args, String klass, String method) { try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ - return null; - } JCacheOperation operation = new JCacheOperation(klass, method, command, args); NewRelicSecurity.getAgent().registerOperation(operation); return operation; @@ -50,15 +47,10 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } public static void releaseLock(int hashcode) { - try { - GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME, hashcode); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME, hashcode); } public static boolean acquireLockIfPossible(int hashcode) { - try { - return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.CACHING_DATA_STORE, NR_SEC_CUSTOM_ATTRIB_NAME, hashcode); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.CACHING_DATA_STORE, NR_SEC_CUSTOM_ATTRIB_NAME, hashcode); } } diff --git a/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java b/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java index 7df460425..d6741bcac 100644 --- a/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java +++ b/instrumentation-security/jdbc-generic/src/main/java/java/sql/PreparedStatement_Instrumentation.java @@ -58,8 +58,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String sql, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - sql == null || sql.trim().isEmpty()){ + if (sql == null || sql.trim().isEmpty()){ return null; } SQLOperation sqlOperation = new SQLOperation(this.getClass().getName(), methodName); diff --git a/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java b/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java index 0f1844e0c..9bee877f7 100644 --- a/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java +++ b/instrumentation-security/jdbc-generic/src/main/java/java/sql/Statement_Instrumentation.java @@ -46,7 +46,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String sql, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || sql == null || sql.trim().isEmpty()){ + if (sql == null || sql.trim().isEmpty()){ return null; } SQLOperation sqlOperation = new SQLOperation(this.getClass().getName(), methodName); @@ -83,8 +83,7 @@ private AbstractOperation preprocessSecurityHook (String sql, String methodName) private AbstractOperation preprocessSecurityHook(BatchSQLOperation operation){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - operation == null || operation.isEmpty()){ + if (operation == null || operation.isEmpty()){ return null; } NewRelicSecurity.getAgent().registerOperation(operation); diff --git a/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java b/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java index 4c41e222d..aa5212cf8 100644 --- a/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java +++ b/instrumentation-security/jdbc-jtds-generic/src/main/java/net/sourceforge/jtds/jdbc/JtdsPreparedStatement_Instrumentation.java @@ -50,9 +50,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String sql, Map params, String methodName){ try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - sql == null || sql.trim().isEmpty()){ + if (sql == null || sql.trim().isEmpty()){ return null; } SQLOperation sqlOperation = new SQLOperation(this.getClass().getName(), methodName); @@ -74,9 +72,7 @@ private AbstractOperation preprocessSecurityHook (String sql, Map var3) throws SQLException { - if (NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if (NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.ORACLE); } return Weaver.callOriginal(); diff --git a/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/Driver_Instrumentation.java b/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/Driver_Instrumentation.java index e4714e60e..f59238cf1 100644 --- a/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/Driver_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/Driver_Instrumentation.java @@ -20,7 +20,7 @@ public abstract class Driver_Instrumentation { public Connection connect(String url, Properties props) throws SQLException { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.POSTGRES); } return Weaver.callOriginal(); diff --git a/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java b/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java index 257b60bf2..2959f3a00 100644 --- a/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java @@ -19,7 +19,7 @@ public abstract class BaseDataSource_Instrumentation { public Connection getConnection(String userID, String pass) throws Exception { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.POSTGRES); } return Weaver.callOriginal(); diff --git a/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java b/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java index 3fb4d314f..973c18a74 100644 --- a/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-8.0-312.jdbc3/src/main/java/org/postgresql/jdbc2/AbstractJdbc2Statement_Instrumentation.java @@ -50,9 +50,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String sql, String methodName){ try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - sql == null || sql.trim().isEmpty()){ + if (sql == null || sql.trim().isEmpty()){ return null; } SQLOperation sqlOperation = new SQLOperation(this.getClass().getName(), methodName); diff --git a/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/Driver_Instrumentation.java b/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/Driver_Instrumentation.java index e4714e60e..f59238cf1 100644 --- a/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/Driver_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/Driver_Instrumentation.java @@ -20,7 +20,7 @@ public abstract class Driver_Instrumentation { public Connection connect(String url, Properties props) throws SQLException { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.POSTGRES); } return Weaver.callOriginal(); diff --git a/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java b/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java index 257b60bf2..2959f3a00 100644 --- a/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java @@ -19,7 +19,7 @@ public abstract class BaseDataSource_Instrumentation { public Connection getConnection(String userID, String pass) throws Exception { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.POSTGRES); } return Weaver.callOriginal(); diff --git a/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java b/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java index e032d4204..d775bc6c7 100644 --- a/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-9.4.1207/src/main/java/org/postgresql/jdbc/PgStatement_Instrumentation.java @@ -55,9 +55,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String sql, String methodName){ try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - sql == null || sql.trim().isEmpty()){ + if (sql == null || sql.trim().isEmpty()){ return null; } SQLOperation sqlOperation = new SQLOperation(this.getClass().getName(), methodName); diff --git a/instrumentation-security/jdbc-postgresql-9.4.1208/src/main/java/org/postgresql/Driver_Instrumentation.java b/instrumentation-security/jdbc-postgresql-9.4.1208/src/main/java/org/postgresql/Driver_Instrumentation.java index e4714e60e..f59238cf1 100644 --- a/instrumentation-security/jdbc-postgresql-9.4.1208/src/main/java/org/postgresql/Driver_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-9.4.1208/src/main/java/org/postgresql/Driver_Instrumentation.java @@ -20,7 +20,7 @@ public abstract class Driver_Instrumentation { public Connection connect(String url, Properties props) throws SQLException { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.POSTGRES); } return Weaver.callOriginal(); diff --git a/instrumentation-security/jdbc-postgresql-9.4.1208/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java b/instrumentation-security/jdbc-postgresql-9.4.1208/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java index 295fdfe24..daa5560bf 100644 --- a/instrumentation-security/jdbc-postgresql-9.4.1208/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java +++ b/instrumentation-security/jdbc-postgresql-9.4.1208/src/main/java/org/postgresql/ds/common/BaseDataSource_Instrumentation.java @@ -19,7 +19,7 @@ public abstract class BaseDataSource_Instrumentation { public Connection getConnection(String userID, String pass) throws Exception { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.POSTGRES); } return Weaver.callOriginal(); diff --git a/instrumentation-security/jdbc-sqlserver/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java b/instrumentation-security/jdbc-sqlserver/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java index f510003af..22c203e2c 100644 --- a/instrumentation-security/jdbc-sqlserver/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java +++ b/instrumentation-security/jdbc-sqlserver/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDataSource.java @@ -19,14 +19,14 @@ public abstract class SQLServerDataSource { public Connection getConnection() { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.MSSQL); } return Weaver.callOriginal(); } public Connection getConnection(String user, String password) { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.MSSQL); } return Weaver.callOriginal(); diff --git a/instrumentation-security/jdbc-sqlserver/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java b/instrumentation-security/jdbc-sqlserver/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java index 66b99ce4f..a789122d8 100644 --- a/instrumentation-security/jdbc-sqlserver/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java +++ b/instrumentation-security/jdbc-sqlserver/src/main/java/com/microsoft/sqlserver/jdbc/SQLServerDriver.java @@ -19,7 +19,7 @@ public abstract class SQLServerDriver { public Connection connect(String url, Properties props) { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.MSSQL); } return Weaver.callOriginal(); diff --git a/instrumentation-security/jdbc-sybase-6/src/main/java/com/sybase/jdbc3/jdbc/SybDataSource_Instrumentation.java b/instrumentation-security/jdbc-sybase-6/src/main/java/com/sybase/jdbc3/jdbc/SybDataSource_Instrumentation.java index 89cab48fc..35b7e9407 100644 --- a/instrumentation-security/jdbc-sybase-6/src/main/java/com/sybase/jdbc3/jdbc/SybDataSource_Instrumentation.java +++ b/instrumentation-security/jdbc-sybase-6/src/main/java/com/sybase/jdbc3/jdbc/SybDataSource_Instrumentation.java @@ -18,14 +18,14 @@ public abstract class SybDataSource_Instrumentation { public Connection getConnection() { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.SYBASE); } return Weaver.callOriginal(); } public Connection getConnection(String user, String password) { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.SYBASE); } return Weaver.callOriginal(); diff --git a/instrumentation-security/jdbc-sybase-6/src/main/java/com/sybase/jdbc3/jdbc/SybDriver_Instrumentation.java b/instrumentation-security/jdbc-sybase-6/src/main/java/com/sybase/jdbc3/jdbc/SybDriver_Instrumentation.java index dec19cab5..a77a54ae7 100644 --- a/instrumentation-security/jdbc-sybase-6/src/main/java/com/sybase/jdbc3/jdbc/SybDriver_Instrumentation.java +++ b/instrumentation-security/jdbc-sybase-6/src/main/java/com/sybase/jdbc3/jdbc/SybDriver_Instrumentation.java @@ -18,7 +18,7 @@ public abstract class SybDriver_Instrumentation { public Connection connect(String url, Properties props) { - if(NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if(NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JDBCVendor.META_CONST_JDBC_VENDOR, JDBCVendor.SYBASE); } return Weaver.callOriginal(); diff --git a/instrumentation-security/jedis-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_1_4_0/JedisHelper.java b/instrumentation-security/jedis-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_1_4_0/JedisHelper.java index 1feeed71c..de46a142e 100644 --- a/instrumentation-security/jedis-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_1_4_0/JedisHelper.java +++ b/instrumentation-security/jedis-1.4.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_1_4_0/JedisHelper.java @@ -3,18 +3,17 @@ import com.newrelic.api.agent.security.NewRelicSecurity; import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper; import com.newrelic.api.agent.security.schema.AbstractOperation; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RedisOperation; import java.util.List; public class JedisHelper { - public static final String NR_SEC_LOCK_ATTRIB_NAME = "JEDIS_OPERATION_LOCK_"; + private static final String NR_SEC_LOCK_ATTRIB_NAME = "JEDIS_OPERATION_LOCK_"; + public static AbstractOperation preprocessSecurityHook(String command, List args, String klass, String method) { try { - if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ - return null; - } RedisOperation operation = new RedisOperation(klass, method, command, args); NewRelicSecurity.getAgent().registerOperation(operation); return operation; @@ -38,15 +37,10 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(NR_SEC_LOCK_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(NR_SEC_LOCK_ATTRIB_NAME, hashCode); } public static boolean acquireLockIfPossible(int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(NR_SEC_LOCK_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.CACHING_DATA_STORE, NR_SEC_LOCK_ATTRIB_NAME, hashCode); } } diff --git a/instrumentation-security/jedis-2.7.1_2.7.2/src/main/java/com/newrelic/agent/security/instrumentation/jedis_2_7_1/JedisHelper.java b/instrumentation-security/jedis-2.7.1_2.7.2/src/main/java/com/newrelic/agent/security/instrumentation/jedis_2_7_1/JedisHelper.java index d78ef528b..81d1b37e4 100644 --- a/instrumentation-security/jedis-2.7.1_2.7.2/src/main/java/com/newrelic/agent/security/instrumentation/jedis_2_7_1/JedisHelper.java +++ b/instrumentation-security/jedis-2.7.1_2.7.2/src/main/java/com/newrelic/agent/security/instrumentation/jedis_2_7_1/JedisHelper.java @@ -14,9 +14,6 @@ public class JedisHelper { public static final String NR_SEC_LOCK_ATTRIB_NAME = "REDIS_SERIALISED_DATA_"; public static AbstractOperation preprocessSecurityHook(String command, List args, String klass, String method) { try { - if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ - return null; - } RedisOperation operation = new RedisOperation(klass, method, command, args); NewRelicSecurity.getAgent().registerOperation(operation); return operation; @@ -39,15 +36,10 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(NR_SEC_LOCK_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(NR_SEC_LOCK_ATTRIB_NAME, hashCode); } public static boolean acquireLockIfPossible(VulnerabilityCaseType cachingDataStore, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(cachingDataStore, NR_SEC_LOCK_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(cachingDataStore, NR_SEC_LOCK_ATTRIB_NAME, hashCode); } } diff --git a/instrumentation-security/jedis-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_3_0_0/JedisHelper.java b/instrumentation-security/jedis-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_3_0_0/JedisHelper.java index 0b1b7983f..0397e87ba 100644 --- a/instrumentation-security/jedis-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_3_0_0/JedisHelper.java +++ b/instrumentation-security/jedis-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_3_0_0/JedisHelper.java @@ -14,9 +14,6 @@ public class JedisHelper { public static final String NR_SEC_LOCK_ATTRIB_NAME = "REDIS_SERIALISED_DATA_"; public static AbstractOperation preprocessSecurityHook(String command, List args, String klass, String method) { try { - if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ - return null; - } RedisOperation operation = new RedisOperation(klass, method, command, args); NewRelicSecurity.getAgent().registerOperation(operation); return operation; @@ -39,15 +36,10 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(NR_SEC_LOCK_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(NR_SEC_LOCK_ATTRIB_NAME, hashCode); } public static boolean acquireLockIfPossible(VulnerabilityCaseType cachingDataStore, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(cachingDataStore, NR_SEC_LOCK_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(cachingDataStore, NR_SEC_LOCK_ATTRIB_NAME, hashCode); } } diff --git a/instrumentation-security/jedis-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_4_0_0/JedisHelper.java b/instrumentation-security/jedis-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_4_0_0/JedisHelper.java index ddc00efb2..8efd86dff 100644 --- a/instrumentation-security/jedis-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_4_0_0/JedisHelper.java +++ b/instrumentation-security/jedis-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/jedis_4_0_0/JedisHelper.java @@ -14,9 +14,6 @@ public class JedisHelper { public static final String NR_SEC_LOCK_ATTRIB_NAME = "REDIS_SERIALISED_DATA_"; public static AbstractOperation preprocessSecurityHook(String command, List args, String klass, String method) { try { - if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ - return null; - } RedisOperation operation = new RedisOperation(klass, method, command, args); NewRelicSecurity.getAgent().registerOperation(operation); return operation; @@ -39,15 +36,10 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(NR_SEC_LOCK_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(NR_SEC_LOCK_ATTRIB_NAME, hashCode); } public static boolean acquireLockIfPossible(VulnerabilityCaseType cachingDataStore, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(cachingDataStore, NR_SEC_LOCK_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(cachingDataStore, NR_SEC_LOCK_ATTRIB_NAME, hashCode); } } diff --git a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java index c776d03a9..d3fae0771 100644 --- a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java +++ b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java @@ -44,7 +44,7 @@ public abstract class ContainerResponse_Instrumentation { public void close() { boolean isLockAcquired = false; try { - isLockAcquired = GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, SERVLET_GET_IS_OPERATION_LOCK); + isLockAcquired = GenericHelper.acquireLockIfPossible(SERVLET_GET_IS_OPERATION_LOCK); if(isLockAcquired && GenericHelper.isLockAcquired(HttpRequestHelper.getNrSecCustomAttribForPostProcessing())) { HttpRequestHelper.postProcessSecurityHook(this.getClass().getName(), getWrappedMessageContext()); } diff --git a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index 377b367dc..1dace5e70 100644 --- a/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2.16/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -9,6 +9,7 @@ import com.newrelic.api.agent.security.schema.HttpRequest; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -29,33 +30,27 @@ public class HttpRequestHelper { private static final String EMPTY = ""; public static final String CONTAINER_RESPONSE_METHOD_NAME = "ContainerResponse"; - public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-"; + private static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-"; private static final String NR_SEC_CUSTOM_ATTRIB_NAME_POST_PROCESSING = "JERSEY_LOCK_POST_PROCESSING-"; - public static final String HEADER_SEPARATOR = ";"; - public static final String ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_GRIZZLY_REQUEST_PROPERTIES_DELEGATE = "org.glassfish.jersey.grizzly2.httpserver.GrizzlyRequestPropertiesDelegate"; - public static final String FIELD_REQUEST = "request"; - public static final String METHOD_GET_REMOTE_ADDR = "getRemoteAddr"; - public static final String METHOD_GET_REMOTE_PORT = "getRemotePort"; - public static final String METHOD_GET_LOCAL_PORT = "getLocalPort"; - public static final String METHOD_GET_SCHEME = "getScheme"; - public static final String METHOD_GET_CONTENT_TYPE = "getContentType"; - public static final String ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_TRACING_AWARE_PROPERTIES_DELEGATE = "org.glassfish.jersey.message.internal.TracingAwarePropertiesDelegate"; - public static final String FIELD_PROPERTIES_DELEGATE = "propertiesDelegate"; + private static final String HEADER_SEPARATOR = ";"; + private static final String ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_GRIZZLY_REQUEST_PROPERTIES_DELEGATE = "org.glassfish.jersey.grizzly2.httpserver.GrizzlyRequestPropertiesDelegate"; + private static final String FIELD_REQUEST = "request"; + private static final String METHOD_GET_REMOTE_ADDR = "getRemoteAddr"; + private static final String METHOD_GET_REMOTE_PORT = "getRemotePort"; + private static final String METHOD_GET_LOCAL_PORT = "getLocalPort"; + private static final String METHOD_GET_SCHEME = "getScheme"; + private static final String METHOD_GET_CONTENT_TYPE = "getContentType"; + private static final String ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_TRACING_AWARE_PROPERTIES_DELEGATE = "org.glassfish.jersey.message.internal.TracingAwarePropertiesDelegate"; + private static final String FIELD_PROPERTIES_DELEGATE = "propertiesDelegate"; private static final String REQUEST_INPUTSTREAM_HASH = "REQUEST_INPUTSTREAM_HASH"; public static final String JERSEY_2_16 = "JERSEY-2.16"; public static void preprocessSecurityHook(ContainerRequest requestContext) { try { - if (!NewRelicSecurity.isHookProcessingActive()) { - return; - } SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); HttpRequest securityRequest = securityMetaData.getRequest(); - if (securityRequest.isRequestParsed()) { - return; - } AgentMetaData securityAgentMetaData = securityMetaData.getMetaData(); securityRequest.setMethod(requestContext.getMethod()); HttpRequestHelper.processPropertiesDelegate(requestContext.getPropertiesDelegate(), securityRequest); @@ -78,7 +73,7 @@ public static void preprocessSecurityHook(ContainerRequest requestContext) { public static void postProcessSecurityHook(String className, OutboundMessageContext wrappedMessageContext) { try { - if (!NewRelicSecurity.isHookProcessingActive() || Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("RXSS_PROCESSED", Boolean.class)) + if (Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("RXSS_PROCESSED", Boolean.class)) ) { return; } @@ -117,7 +112,7 @@ private static Map getHeaders(OutboundMessageContext outboundMes } - public static void processHttpRequestHeader(ContainerRequest request, HttpRequest securityRequest){ + private static void processHttpRequestHeader(ContainerRequest request, HttpRequest securityRequest){ MultivaluedMap headers = request.getHeaders(); for (Map.Entry> header : headers.entrySet()) { boolean takeNextValue = false; @@ -173,7 +168,7 @@ private static String getHeaderValue(List values) { return finalValue.toString(); } - public static String getTraceHeader(Map headers) { + private static String getTraceHeader(Map headers) { String data = EMPTY; if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); @@ -193,14 +188,7 @@ private static boolean isRequestLockAcquired() { } public static boolean acquireRequestLockIfPossible() { - try { - if (NewRelicSecurity.isHookProcessingActive() && - !isRequestLockAcquired()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true); - return true; - } - } catch (Throwable ignored){} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, getNrSecCustomAttribName()); } public static void releaseRequestLock() { diff --git a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java index 4ff315566..69d0ae019 100644 --- a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java +++ b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java @@ -43,7 +43,7 @@ public abstract class ContainerResponse_Instrumentation { public void close() { boolean isLockAcquired = false; try { - isLockAcquired = GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, SERVLET_GET_IS_OPERATION_LOCK); + isLockAcquired = GenericHelper.acquireLockIfPossible(SERVLET_GET_IS_OPERATION_LOCK); if(isLockAcquired && GenericHelper.isLockAcquired(HttpRequestHelper.getNrSecCustomAttribForPostProcessing())) { HttpRequestHelper.postProcessSecurityHook(this.getClass().getName(), getWrappedMessageContext()); } diff --git a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java index a060e849f..18e77b36c 100644 --- a/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java +++ b/instrumentation-security/jersey-2/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.java @@ -9,6 +9,7 @@ import com.newrelic.api.agent.security.schema.HttpRequest; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -29,35 +30,30 @@ public class HttpRequestHelper { private static final String EMPTY = ""; public static final String CONTAINER_RESPONSE_METHOD_NAME = "ContainerResponse"; - public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-"; + private static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-"; private static final String NR_SEC_CUSTOM_ATTRIB_NAME_POST_PROCESSING = "JERSEY_LOCK_POST_PROCESSING-"; - public static final String HEADER_SEPARATOR = ";"; - public static final String ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_GRIZZLY_REQUEST_PROPERTIES_DELEGATE = "org.glassfish.jersey.grizzly2.httpserver.GrizzlyRequestPropertiesDelegate"; - public static final String FIELD_REQUEST = "request"; - public static final String METHOD_GET_REMOTE_ADDR = "getRemoteAddr"; - public static final String METHOD_GET_REMOTE_PORT = "getRemotePort"; - public static final String METHOD_GET_LOCAL_PORT = "getLocalPort"; - public static final String METHOD_GET_SCHEME = "getScheme"; - public static final String METHOD_GET_CONTENT_TYPE = "getContentType"; - public static final String ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_TRACING_AWARE_PROPERTIES_DELEGATE = "org.glassfish.jersey.message.internal.TracingAwarePropertiesDelegate"; - public static final String FIELD_PROPERTIES_DELEGATE = "propertiesDelegate"; + private static final String HEADER_SEPARATOR = ";"; + private static final String ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_GRIZZLY_REQUEST_PROPERTIES_DELEGATE = "org.glassfish.jersey.grizzly2.httpserver.GrizzlyRequestPropertiesDelegate"; + private static final String FIELD_REQUEST = "request"; + private static final String METHOD_GET_REMOTE_ADDR = "getRemoteAddr"; + private static final String METHOD_GET_REMOTE_PORT = "getRemotePort"; + private static final String METHOD_GET_LOCAL_PORT = "getLocalPort"; + private static final String METHOD_GET_SCHEME = "getScheme"; + private static final String METHOD_GET_CONTENT_TYPE = "getContentType"; + private static final String ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_TRACING_AWARE_PROPERTIES_DELEGATE = "org.glassfish.jersey.message.internal.TracingAwarePropertiesDelegate"; + private static final String FIELD_PROPERTIES_DELEGATE = "propertiesDelegate"; private static final String REQUEST_INPUTSTREAM_HASH = "REQUEST_INPUTSTREAM_HASH"; - public static final String CONTENT_TYPE = "content-type"; - public static final String HEADER_CONTENT_TYPE = "contenttype"; + private static final String CONTENT_TYPE = "content-type"; + private static final String HEADER_CONTENT_TYPE = "contenttype"; public static final String JERSEY_2 = "JERSEY-2"; public static void preprocessSecurityHook(ContainerRequest requestContext) { try { - if (!NewRelicSecurity.isHookProcessingActive()) { - return; - } SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); HttpRequest securityRequest = securityMetaData.getRequest(); - if (securityRequest.isRequestParsed()) { - return; - } + AgentMetaData securityAgentMetaData = securityMetaData.getMetaData(); securityRequest.setMethod(requestContext.getMethod()); HttpRequestHelper.processPropertiesDelegate(requestContext.getPropertiesDelegate(), securityRequest); @@ -80,7 +76,7 @@ public static void preprocessSecurityHook(ContainerRequest requestContext) { public static void postProcessSecurityHook(String className, OutboundMessageContext wrappedMessageContext) { try { - if (!NewRelicSecurity.isHookProcessingActive() || Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("RXSS_PROCESSED", Boolean.class))) { + if (Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("RXSS_PROCESSED", Boolean.class))) { return; } ServletHelper.executeBeforeExitingTransaction(); @@ -118,7 +114,7 @@ private static Map getHeaders(OutboundMessageContext outboundMes } - public static void processHttpRequestHeader(ContainerRequest request, HttpRequest securityRequest){ + private static void processHttpRequestHeader(ContainerRequest request, HttpRequest securityRequest){ MultivaluedMap headers = request.getHeaders(); for (Map.Entry> header : headers.entrySet()) { boolean takeNextValue = false; @@ -174,7 +170,7 @@ private static String getHeaderValue(List values) { return finalValue.toString(); } - public static String getTraceHeader(Map headers) { + private static String getTraceHeader(Map headers) { String data = EMPTY; if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); @@ -185,31 +181,12 @@ public static String getTraceHeader(Map headers) { return data; } - public static boolean isRequestLockAcquired() { - try { - return NewRelicSecurity.isHookProcessingActive() && - Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); - } catch (Throwable ignored) {} - return false; - } - public static boolean acquireRequestLockIfPossible() { - try { - if (NewRelicSecurity.isHookProcessingActive() && - !isRequestLockAcquired()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true); - return true; - } - } catch (Throwable ignored){} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, getNrSecCustomAttribName()); } public static void releaseRequestLock() { - try { - if(NewRelicSecurity.isHookProcessingActive()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), null); - } - } catch (Throwable ignored){} + GenericHelper.releaseLock(getNrSecCustomAttribName()); } private static String getNrSecCustomAttribName() { @@ -220,7 +197,7 @@ public static String getNrSecCustomAttribForPostProcessing() { return NR_SEC_CUSTOM_ATTRIB_NAME_POST_PROCESSING + Thread.currentThread().getId(); } - public static void processPropertiesDelegate(PropertiesDelegate propertiesDelegate, HttpRequest securityRequest) { + private static void processPropertiesDelegate(PropertiesDelegate propertiesDelegate, HttpRequest securityRequest) { if(StringUtils.equals(propertiesDelegate.getClass().getName(), ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_GRIZZLY_REQUEST_PROPERTIES_DELEGATE)){ try { Class grizzlyRequestPropertiesDelegateKlass = propertiesDelegate.getClass(); @@ -275,10 +252,6 @@ public static void registerInputStreamHashIfNeeded(int inputStreamHash){ public static void registerUserLevelCode(String frameworkName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() - ) { - return; - } SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); if (!securityMetaData.getMetaData().isUserLevelServiceMethodEncountered(frameworkName)) { securityMetaData.getMetaData().setUserLevelServiceMethodEncountered(true); diff --git a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java index 4ff315566..69d0ae019 100644 --- a/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java +++ b/instrumentation-security/jersey-3/src/main/java/com/newrelic/agent/security/instrumentation/jersey2/ContainerResponse_Instrumentation.java @@ -43,7 +43,7 @@ public abstract class ContainerResponse_Instrumentation { public void close() { boolean isLockAcquired = false; try { - isLockAcquired = GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, SERVLET_GET_IS_OPERATION_LOCK); + isLockAcquired = GenericHelper.acquireLockIfPossible(SERVLET_GET_IS_OPERATION_LOCK); if(isLockAcquired && GenericHelper.isLockAcquired(HttpRequestHelper.getNrSecCustomAttribForPostProcessing())) { HttpRequestHelper.postProcessSecurityHook(this.getClass().getName(), getWrappedMessageContext()); } diff --git a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/ContextHandler_Instrumentation.java b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/ContextHandler_Instrumentation.java index 6745182db..2cf8c917d 100644 --- a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/ContextHandler_Instrumentation.java +++ b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/ContextHandler_Instrumentation.java @@ -13,7 +13,7 @@ public abstract class ContextHandler_Instrumentation { public abstract ContextHandler.Context getServletContext(); public void doHandle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) { - boolean isServletLockAcquired = acquireServletLockIfPossible(); + boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); if (isServletLockAcquired) { HttpServletHelper.preprocessSecurityHook(request); } @@ -21,7 +21,7 @@ public void doHandle(String target, Request baseRequest, HttpServletRequest requ Weaver.callOriginal(); } finally { if (isServletLockAcquired) { - releaseServletLock(); + HttpServletHelper.releaseServletLock(); } } if (isServletLockAcquired) { @@ -36,19 +36,4 @@ protected void doStart() throws Exception { HttpServletHelper.gatherURLMappings(getServletContext()); } } - - private boolean acquireServletLockIfPossible() { - try { - return HttpServletHelper.acquireServletLockIfPossible(); - } catch (Throwable ignored) { - } - return false; - } - - private void releaseServletLock() { - try { - HttpServletHelper.releaseServletLock(); - } catch (Throwable e) { - } - } } diff --git a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java index bd8ca5aed..d95541647 100644 --- a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java +++ b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java @@ -7,6 +7,7 @@ import com.newrelic.api.agent.security.schema.HttpRequest; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -29,12 +30,12 @@ public class HttpServletHelper { public static final String SERVICE_METHOD_NAME = "handle"; public static final String SERVICE_ASYNC_METHOD_NAME = "handleAsync"; - public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-"; + private static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-"; public static final String JETTY_11 = "JETTY-11"; public static final String WILDCARD = "*"; public static final String SEPARATOR = "/"; - public static void processHttpRequestHeader(HttpServletRequest request, HttpRequest securityRequest) { + private static void processHttpRequestHeader(HttpServletRequest request, HttpRequest securityRequest) { Enumeration headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { boolean takeNextValue = false; @@ -85,7 +86,7 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { + private static String getTraceHeader(Map headers) { String data = EMPTY; if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); @@ -96,34 +97,12 @@ public static String getTraceHeader(Map headers) { return data; } - public static boolean isServletLockAcquired() { - try { - return NewRelicSecurity.isHookProcessingActive() && - Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); - } catch (Throwable ignored) { - } - return false; - } - public static boolean acquireServletLockIfPossible() { - try { - if (NewRelicSecurity.isHookProcessingActive() && - !isServletLockAcquired()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true); - return true; - } - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, getNrSecCustomAttribName()); } public static void releaseServletLock() { - try { - if (NewRelicSecurity.isHookProcessingActive()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), null); - } - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(getNrSecCustomAttribName()); } private static String getNrSecCustomAttribName() { @@ -132,15 +111,12 @@ private static String getNrSecCustomAttribName() { public static void preprocessSecurityHook(HttpServletRequest httpServletRequest) { try { - if (!NewRelicSecurity.isHookProcessingActive() || httpServletRequest == null) { + if (httpServletRequest == null) { return; } SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - HttpRequest securityRequest = securityMetaData.getRequest(); - if (securityRequest.isRequestParsed()) { - return; - } + AgentMetaData securityAgentMetaData = securityMetaData.getMetaData(); diff --git a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/Server_Instrumentation.java b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/Server_Instrumentation.java index 57c5cc728..64b0b4e50 100644 --- a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/Server_Instrumentation.java +++ b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/Server_Instrumentation.java @@ -50,7 +50,7 @@ private void setApplicationConfig(Connector[] connectors) { public void handle(HttpChannel connection) { HttpServletRequest request = connection.getRequest(); HttpServletResponse response = connection.getResponse(); - boolean isServletLockAcquired = acquireServletLockIfPossible(); + boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); if (isServletLockAcquired) { HttpServletHelper.preprocessSecurityHook(request); } @@ -58,7 +58,7 @@ public void handle(HttpChannel connection) { Weaver.callOriginal(); } finally { if (isServletLockAcquired) { - releaseServletLock(); + HttpServletHelper.releaseServletLock(); } } if (isServletLockAcquired) { @@ -70,7 +70,7 @@ public void handle(HttpChannel connection) { public void handleAsync(HttpChannel connection) { HttpServletRequest request = connection.getRequest(); HttpServletResponse response = connection.getResponse(); - boolean isServletLockAcquired = acquireServletLockIfPossible(); + boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); if (isServletLockAcquired) { HttpServletHelper.preprocessSecurityHook(request); } @@ -78,7 +78,7 @@ public void handleAsync(HttpChannel connection) { Weaver.callOriginal(); } finally { if (isServletLockAcquired) { - releaseServletLock(); + HttpServletHelper.releaseServletLock(); } } if (isServletLockAcquired) { @@ -86,19 +86,4 @@ public void handleAsync(HttpChannel connection) { HttpServletHelper.SERVICE_ASYNC_METHOD_NAME); } } - - private boolean acquireServletLockIfPossible() { - try { - return HttpServletHelper.acquireServletLockIfPossible(); - } catch (Throwable ignored) { - } - return false; - } - - private void releaseServletLock() { - try { - HttpServletHelper.releaseServletLock(); - } catch (Throwable e) { - } - } } diff --git a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java index b015e742f..5632b836b 100644 --- a/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java +++ b/instrumentation-security/jetty-12/src/main/java/com/newrelic/agent/security/instrumentation/jetty12/server/HttpServletHelper.java @@ -8,6 +8,7 @@ import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.HttpRequest; import com.newrelic.api.agent.security.schema.SecurityMetaData; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -28,10 +29,10 @@ public class HttpServletHelper { private static final String EMPTY = ""; public static final String SERVICE_METHOD_NAME = "handle"; - public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-"; + private static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-"; public static final String JETTY_12 = "JETTY-12"; - public static void processHttpRequestHeader(Request request, HttpRequest securityRequest) { + private static void processHttpRequestHeader(Request request, HttpRequest securityRequest) { HttpFields headers = request.getHeaders(); if (headers!=null){ Set headerKeys = headers.getFieldNamesCollection(); @@ -83,7 +84,7 @@ public static void processHttpRequestHeader(Request request, HttpRequest securit } } - public static String getTraceHeader(Map headers) { + private static String getTraceHeader(Map headers) { String data = EMPTY; if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); @@ -94,34 +95,13 @@ public static String getTraceHeader(Map headers) { return data; } - public static boolean isServletLockAcquired() { - try { - return NewRelicSecurity.isHookProcessingActive() && - Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); - } catch (Throwable ignored) { - } - return false; - } public static boolean acquireServletLockIfPossible() { - try { - if (NewRelicSecurity.isHookProcessingActive() && - !isServletLockAcquired()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true); - return true; - } - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, getNrSecCustomAttribName()); } public static void releaseServletLock() { - try { - if (NewRelicSecurity.isHookProcessingActive()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), null); - } - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(getNrSecCustomAttribName()); } private static String getNrSecCustomAttribName() { @@ -130,15 +110,12 @@ private static String getNrSecCustomAttribName() { public static void preprocessSecurityHook(Request request) { try { - if (!NewRelicSecurity.isHookProcessingActive() || request == null) { + if (request == null) { return; } SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - HttpRequest securityRequest = securityMetaData.getRequest(); - if (securityRequest.isRequestParsed()) { - return; - } + AgentMetaData securityAgentMetaData = securityMetaData.getMetaData(); diff --git a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/ContextHandler_Instrumentation.java b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/ContextHandler_Instrumentation.java index e8e17d5a6..975cf82d8 100644 --- a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/ContextHandler_Instrumentation.java +++ b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/ContextHandler_Instrumentation.java @@ -15,7 +15,7 @@ public abstract class ContextHandler_Instrumentation { public abstract ContextHandler.Context getServletContext(); public void doHandle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) { - boolean isServletLockAcquired = acquireServletLockIfPossible(); + boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); if (isServletLockAcquired) { HttpServletHelper.preprocessSecurityHook(request); } @@ -23,7 +23,7 @@ public void doHandle(String target, Request baseRequest, HttpServletRequest requ Weaver.callOriginal(); } finally { if (isServletLockAcquired) { - releaseServletLock(); + HttpServletHelper.releaseServletLock(); } } if (isServletLockAcquired) { @@ -40,18 +40,4 @@ protected void doStart() throws Exception { } } - private boolean acquireServletLockIfPossible() { - try { - return HttpServletHelper.acquireServletLockIfPossible(); - } catch (Throwable ignored) { - } - return false; - } - - private void releaseServletLock() { - try { - HttpServletHelper.releaseServletLock(); - } catch (Throwable e) { - } - } } diff --git a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java index 685b15fbf..a01ba5d19 100644 --- a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java +++ b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java @@ -7,6 +7,7 @@ import com.newrelic.api.agent.security.schema.HttpRequest; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.StringUtils; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; @@ -28,13 +29,13 @@ public class HttpServletHelper { public static final String QUESTION_MARK = "?"; public static final String SERVICE_METHOD_NAME = "handle"; public static final String SERVICE_ASYNC_METHOD_NAME = "handleAsync"; - public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-"; + private static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-"; public static final String JETTY_9 = "JETTY-9"; private static final String SEPARATOR = "/"; private static final String WILDCARD = "*"; - public static void processHttpRequestHeader(HttpServletRequest request, HttpRequest securityRequest) { + private static void processHttpRequestHeader(HttpServletRequest request, HttpRequest securityRequest) { Enumeration headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) { boolean takeNextValue = false; @@ -86,7 +87,7 @@ public static void processHttpRequestHeader(HttpServletRequest request, HttpRequ } - public static String getTraceHeader(Map headers) { + private static String getTraceHeader(Map headers) { String data = EMPTY; if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { data = headers.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER); @@ -97,34 +98,12 @@ public static String getTraceHeader(Map headers) { return data; } - public static boolean isServletLockAcquired() { - try { - return NewRelicSecurity.isHookProcessingActive() && - Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); - } catch (Throwable ignored) { - } - return false; - } - public static boolean acquireServletLockIfPossible() { - try { - if (NewRelicSecurity.isHookProcessingActive() && - !isServletLockAcquired()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true); - return true; - } - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, getNrSecCustomAttribName()); } public static void releaseServletLock() { - try { - if (NewRelicSecurity.isHookProcessingActive()) { - NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), null); - } - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(getNrSecCustomAttribName()); } private static String getNrSecCustomAttribName() { @@ -133,15 +112,12 @@ private static String getNrSecCustomAttribName() { public static void preprocessSecurityHook(HttpServletRequest httpServletRequest) { try { - if (!NewRelicSecurity.isHookProcessingActive() || httpServletRequest == null) { + if (httpServletRequest == null) { return; } SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - HttpRequest securityRequest = securityMetaData.getRequest(); - if (securityRequest.isRequestParsed()) { - return; - } + AgentMetaData securityAgentMetaData = securityMetaData.getMetaData(); diff --git a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/Server_Instrumentation.java b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/Server_Instrumentation.java index 117b989ca..a4cc74c31 100644 --- a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/Server_Instrumentation.java +++ b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/Server_Instrumentation.java @@ -50,7 +50,7 @@ private void setApplicationConfig(Connector[] connectors) { public void handle(HttpChannel connection) { HttpServletRequest request = connection.getRequest(); HttpServletResponse response = connection.getResponse(); - boolean isServletLockAcquired = acquireServletLockIfPossible(); + boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); if (isServletLockAcquired) { HttpServletHelper.preprocessSecurityHook(request); } @@ -58,7 +58,7 @@ public void handle(HttpChannel connection) { Weaver.callOriginal(); } finally { if (isServletLockAcquired) { - releaseServletLock(); + HttpServletHelper.releaseServletLock(); } } if (isServletLockAcquired) { @@ -70,7 +70,7 @@ public void handle(HttpChannel connection) { public void handleAsync(HttpChannel connection) { HttpServletRequest request = connection.getRequest(); HttpServletResponse response = connection.getResponse(); - boolean isServletLockAcquired = acquireServletLockIfPossible(); + boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); if (isServletLockAcquired) { HttpServletHelper.preprocessSecurityHook(request); } @@ -78,7 +78,7 @@ public void handleAsync(HttpChannel connection) { Weaver.callOriginal(); } finally { if (isServletLockAcquired) { - releaseServletLock(); + HttpServletHelper.releaseServletLock(); } } if (isServletLockAcquired) { @@ -87,18 +87,4 @@ public void handleAsync(HttpChannel connection) { } } - private boolean acquireServletLockIfPossible() { - try { - return HttpServletHelper.acquireServletLockIfPossible(); - } catch (Throwable ignored) { - } - return false; - } - - private void releaseServletLock() { - try { - HttpServletHelper.releaseServletLock(); - } catch (Throwable e) { - } - } } diff --git a/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java b/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java index 3d3eda502..4bdf27aaa 100644 --- a/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java +++ b/instrumentation-security/ldaptive-1.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java @@ -53,9 +53,7 @@ private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api private AbstractOperation preprocessSecurityHook (String name, String filter, String methodName){ try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - StringUtils.isBlank(filter)){ + if (StringUtils.isBlank(filter)){ return null; } LDAPOperation ldapOperation = new LDAPOperation(name, filter, this.getClass().getName(), methodName); @@ -74,9 +72,7 @@ private AbstractOperation preprocessSecurityHook (String name, String filter, St } private void releaseLock() { - try { - GenericHelper.releaseLock(LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible(VulnerabilityCaseType ldap) { diff --git a/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java b/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java index 76a624163..89c1e1352 100644 --- a/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java +++ b/instrumentation-security/ldaptive-2.0/src/main/java/org/ldaptive/AbstractOperation_Instrumentation.java @@ -52,9 +52,7 @@ private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api private AbstractOperation preprocessSecurityHook (String name, Filter filter, String methodName){ try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - filter == null){ + if (filter == null){ return null; } LDAPOperation ldapOperation = new LDAPOperation(name, NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(LDAPUtils.getNrSecCustomAttribName(filter.hashCode()), String.class), this.getClass().getName(), methodName); @@ -73,15 +71,10 @@ private AbstractOperation preprocessSecurityHook (String name, Filter filter, St } private void releaseLock() { - try { - GenericHelper.releaseLock(LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible(VulnerabilityCaseType ldap) { - try { - return GenericHelper.acquireLockIfPossible(ldap, LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(ldap, LDAPUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } } diff --git a/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java b/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java index ecd38c40e..cc91f86eb 100644 --- a/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java +++ b/instrumentation-security/lettuce-4.3/src/main/java/com/lambdaworks/redis/AbstractRedisAsyncCommands_Instrumentation.java @@ -65,10 +65,6 @@ private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api private AbstractOperation preprocessSecurityHook(RedisCommand_Instrumentation cmd, String methodDispatch) { try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ - return null; - } String type = cmd.getType().name(); CommandArgs_Instrumentation commandArgs = cmd.getArgs(); List arguments = new ArrayList<>(); @@ -91,15 +87,10 @@ private AbstractOperation preprocessSecurityHook(RedisCommand_Instrumentatio } private void releaseLock() { - try { - GenericHelper.releaseLock(LettuceUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(LettuceUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible(VulnerabilityCaseType cachingDataStore) { - try { - return GenericHelper.acquireLockIfPossible(cachingDataStore, LettuceUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(cachingDataStore, LettuceUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } } diff --git a/instrumentation-security/lettuce-4.3/src/main/java/com/newrelic/agent/security/instrumentation/lettuce_4_3/LettuceUtils.java b/instrumentation-security/lettuce-4.3/src/main/java/com/newrelic/agent/security/instrumentation/lettuce_4_3/LettuceUtils.java index 84adf2afb..4f9c125e0 100644 --- a/instrumentation-security/lettuce-4.3/src/main/java/com/newrelic/agent/security/instrumentation/lettuce_4_3/LettuceUtils.java +++ b/instrumentation-security/lettuce-4.3/src/main/java/com/newrelic/agent/security/instrumentation/lettuce_4_3/LettuceUtils.java @@ -8,7 +8,4 @@ public class LettuceUtils { public static final String METHOD_DISPATCH = "dispatch"; public static final String LETTUCE_4_3 = "LETTUCE-4.3"; - public static String getNrSecCustomAttribName(int hashCode) { - return NR_SEC_CUSTOM_ATTR_FILTER_NAME + hashCode; - } } diff --git a/instrumentation-security/lettuce-5.0/src/main/java/com/newrelic/agent/security/instrumentation/lettuce_6_0/LettuceUtils.java b/instrumentation-security/lettuce-5.0/src/main/java/com/newrelic/agent/security/instrumentation/lettuce_6_0/LettuceUtils.java index dce2ac802..1006da578 100644 --- a/instrumentation-security/lettuce-5.0/src/main/java/com/newrelic/agent/security/instrumentation/lettuce_6_0/LettuceUtils.java +++ b/instrumentation-security/lettuce-5.0/src/main/java/com/newrelic/agent/security/instrumentation/lettuce_6_0/LettuceUtils.java @@ -4,11 +4,7 @@ public class LettuceUtils { public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "REDIS_OPERATION_LOCK_LETTUCE-"; - public static final String NR_SEC_CUSTOM_ATTR_FILTER_NAME = "REDIS_FILTER-"; public static final String METHOD_DISPATCH = "dispatch"; - public static final String LETTUCE_5_0 = "LETTUCE-5.0"; - public static String getNrSecCustomAttribName(int hashCode) { - return NR_SEC_CUSTOM_ATTR_FILTER_NAME + hashCode; - } + public static final String LETTUCE_5_0 = "LETTUCE-5.0"; } diff --git a/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java b/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java index dd0c585f3..548d97e90 100644 --- a/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java +++ b/instrumentation-security/lettuce-5.0/src/main/java/io/lettuce/core/AbstractRedisAsyncCommands_Instrumentation.java @@ -68,10 +68,6 @@ private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api private AbstractOperation preprocessSecurityHook(RedisCommand_Instrumentation cmd, String methodDispatch) { try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ - return null; - } String type = cmd.getType().name(); CommandArgs_Instrumentation commandArgs = cmd.getArgs(); List arguments = new ArrayList<>(); @@ -94,15 +90,10 @@ private AbstractOperation preprocessSecurityHook(RedisCommand_Instrumentatio } private void releaseLock() { - try { - GenericHelper.releaseLock(LettuceUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(LettuceUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible(VulnerabilityCaseType cachingDataStore) { - try { - return GenericHelper.acquireLockIfPossible(cachingDataStore, LettuceUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(cachingDataStore, LettuceUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } } diff --git a/instrumentation-security/low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/util/Random_Instrumentation.java b/instrumentation-security/low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/util/Random_Instrumentation.java index 7a12ff2b9..c4648451c 100644 --- a/instrumentation-security/low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/util/Random_Instrumentation.java +++ b/instrumentation-security/low-priority-instrumentation/src/main/java/com/newrelic/agent/security/instrumentation/random/java/util/Random_Instrumentation.java @@ -206,11 +206,6 @@ public boolean nextBoolean() { private AbstractOperation preprocessSecurityHook(String className, String methodName) { try { - SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (securityMetaData.getRequest().isEmpty()) { - return null; - } - RandomOperation operation = null; Object obj = this; if (obj instanceof SecureRandom) { @@ -248,17 +243,10 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO } private void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(RandomUtils.NR_SEC_RANDOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(RandomUtils.NR_SEC_RANDOM_ATTRIB_NAME, hashCode); } private boolean acquireLockIfPossible(int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.RANDOM, RandomUtils.NR_SEC_RANDOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.RANDOM, RandomUtils.NR_SEC_RANDOM_ATTRIB_NAME, hashCode); } } diff --git a/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java b/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java index fccfeca8c..94e6106c2 100644 --- a/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java +++ b/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java @@ -20,10 +20,9 @@ public class CommandReadOperation_Instrumentation { public T execute(final ReadBinding binding) { AbstractOperation noSQLOperation = null; boolean isLockAcquired = MongoUtil.acquireLockIfPossible(VulnerabilityCaseType.NOSQL_DB_COMMAND, this.hashCode()); - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - } + if (isLockAcquired) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); noSQLOperation = MongoUtil.recordMongoOperation(command, MongoUtil.OP_READ, this.getClass().getName(), MongoUtil.METHOD_EXECUTE); } T returnVal = null; @@ -41,10 +40,8 @@ public T execute(final ReadBinding binding) { public void executeAsync(final AsyncReadBinding binding, final SingleResultCallback callback) { AbstractOperation noSQLOperation = null; boolean isLockAcquired = MongoUtil.acquireLockIfPossible(VulnerabilityCaseType.NOSQL_DB_COMMAND, this.hashCode()); - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - } if (isLockAcquired) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); noSQLOperation = MongoUtil.recordMongoOperation(command, MongoUtil.OP_READ, this.getClass().getName(), MongoUtil.METHOD_EXECUTE); } try { diff --git a/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/CommandWriteOperation_Instrumentation.java b/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/CommandWriteOperation_Instrumentation.java index 9a11f881d..374342c26 100644 --- a/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/CommandWriteOperation_Instrumentation.java +++ b/instrumentation-security/mongodb-3.0/src/main/java/com/mongodb/operation/CommandWriteOperation_Instrumentation.java @@ -20,10 +20,8 @@ public class CommandWriteOperation_Instrumentation { public T execute(final WriteBinding binding) { AbstractOperation noSQLOperation = null; boolean isLockAcquired = MongoUtil.acquireLockIfPossible(VulnerabilityCaseType.NOSQL_DB_COMMAND, this.hashCode()); - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - } if (isLockAcquired) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); noSQLOperation = MongoUtil.recordMongoOperation(command, MongoUtil.OP_WRITE, this.getClass().getName(), MongoUtil.METHOD_EXECUTE); } T returnVal = null; @@ -41,10 +39,8 @@ public T execute(final WriteBinding binding) { public void executeAsync(final AsyncWriteBinding binding, final SingleResultCallback callback) { AbstractOperation noSQLOperation = null; boolean isLockAcquired = MongoUtil.acquireLockIfPossible(VulnerabilityCaseType.NOSQL_DB_COMMAND, this.hashCode()); - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - } if (isLockAcquired) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); noSQLOperation = MongoUtil.recordMongoOperation(command, MongoUtil.OP_WRITE, this.getClass().getName(), MongoUtil.METHOD_EXECUTE); } try { diff --git a/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index eafa27c08..3f5ab8fff 100644 --- a/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.0/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -49,12 +49,9 @@ public class MongoUtil { public static AbstractOperation recordMongoOperation(BsonDocument command, String typeOfOperation, String klassName, String methodName) { NoSQLOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() && command != null) { - operation = new NoSQLOperation(command.toJson(), typeOfOperation, klassName, methodName); - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - NewRelicSecurity.getAgent().registerOperation(operation); - } + operation = new NoSQLOperation(command.toJson(), typeOfOperation, klassName, methodName); + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); + NewRelicSecurity.getAgent().registerOperation(operation); } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MONGODB_3_0, e.getMessage()), e, MongoUtil.class.getName()); @@ -69,18 +66,15 @@ public static AbstractOperation recordMongoOperation(BsonDocument command, Strin public static AbstractOperation recordMongoOperation(List command, String typeOfOperation, String klassName, String methodName) { NoSQLOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List operations = new ArrayList<>(); - for (BsonDocument cmd : command) { - if(cmd != null) { - operations.add(cmd.toJson()); - } + List operations = new ArrayList<>(); + for (BsonDocument cmd : command) { + if(cmd != null) { + operations.add(cmd.toJson()); } - operation = new NoSQLOperation(operations, typeOfOperation, klassName, methodName); - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - NewRelicSecurity.getAgent().registerOperation(operation); } + operation = new NoSQLOperation(operations, typeOfOperation, klassName, methodName); + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); + NewRelicSecurity.getAgent().registerOperation(operation); } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MONGODB_3_0, e.getMessage()), e, MongoUtil.class.getName()); @@ -106,43 +100,33 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public static boolean acquireLockIfPossible(VulnerabilityCaseType nosqlDbCommand, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public static AbstractOperation recordWriteRequest(List writeRequest, String klassName, String methodName) { NoSQLOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List operations = new ArrayList<>(); - for (WriteRequest request : writeRequest) { - if(request instanceof InsertRequest){ - InsertRequest insertRequest = (InsertRequest) request; - operations.add(insertRequest.getDocument().toJson()); - } else if (request instanceof DeleteRequest){ - DeleteRequest deleteRequest = (DeleteRequest) request; - operations.add(deleteRequest.getFilter().toJson()); - } else if (request instanceof UpdateRequest){ - UpdateRequest updateRequest = (UpdateRequest) request; - operations.add(updateRequest.getUpdate().toJson()); - operations.add(updateRequest.getFilter().toJson()); - } + List operations = new ArrayList<>(); + for (WriteRequest request : writeRequest) { + if(request instanceof InsertRequest){ + InsertRequest insertRequest = (InsertRequest) request; + operations.add(insertRequest.getDocument().toJson()); + } else if (request instanceof DeleteRequest){ + DeleteRequest deleteRequest = (DeleteRequest) request; + operations.add(deleteRequest.getFilter().toJson()); + } else if (request instanceof UpdateRequest){ + UpdateRequest updateRequest = (UpdateRequest) request; + operations.add(updateRequest.getUpdate().toJson()); + operations.add(updateRequest.getFilter().toJson()); } - operation = new NoSQLOperation(operations, OP_WRITE, klassName, methodName); - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - NewRelicSecurity.getAgent().registerOperation(operation); } + operation = new NoSQLOperation(operations, OP_WRITE, klassName, methodName); + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); + NewRelicSecurity.getAgent().registerOperation(operation); } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MONGODB_3_0, e.getMessage()), e, MongoUtil.class.getName()); @@ -158,9 +142,7 @@ public static AbstractOperation getReadAbstractOperation(ReadOperation op AbstractOperation noSQLOperation = null; try { List operations; - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - } + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); if (operation instanceof AggregateOperation) { AggregateOperation aggregateOperation = (AggregateOperation) operation; noSQLOperation = recordMongoOperation(aggregateOperation.getPipeline(), MongoUtil.OP_AGGREGATE, className, methodName); diff --git a/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java b/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java index a33cbe032..e870106cc 100644 --- a/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java +++ b/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/OperationExecutor_Instrumentation.java @@ -30,18 +30,11 @@ private void registerExitOperation(boolean isProcessingAllowed, com.newrelic.api } private void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } private boolean acquireLockIfPossible(VulnerabilityCaseType nosqlDbCommand, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public T execute(ReadOperation operation, ReadPreference readPreference, ClientSession session) { diff --git a/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java b/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java index d0fc36015..af99491f6 100644 --- a/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java +++ b/instrumentation-security/mongodb-3.6/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java @@ -20,10 +20,8 @@ public class CommandReadOperation_Instrumentation { public T execute(final ReadBinding binding) { AbstractOperation noSQLOperation = null; boolean isLockAcquired = MongoUtil.acquireLockIfPossible(VulnerabilityCaseType.NOSQL_DB_COMMAND, this.hashCode()); - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - } if (isLockAcquired) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); noSQLOperation = MongoUtil.recordMongoOperation(command, MongoUtil.OP_READ, this.getClass().getName(), MongoUtil.METHOD_EXECUTE); } T returnVal = null; @@ -41,10 +39,8 @@ public T execute(final ReadBinding binding) { public void executeAsync(final AsyncReadBinding binding, final SingleResultCallback callback) { AbstractOperation noSQLOperation = null; boolean isLockAcquired = MongoUtil.acquireLockIfPossible(VulnerabilityCaseType.NOSQL_DB_COMMAND, this.hashCode()); - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - } if (isLockAcquired) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); noSQLOperation = MongoUtil.recordMongoOperation(command, MongoUtil.OP_READ, this.getClass().getName(), MongoUtil.METHOD_EXECUTE); } try { diff --git a/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index b9c156603..af807e4da 100644 --- a/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -61,8 +61,7 @@ public class MongoUtil { public static AbstractOperation recordMongoOperation(BsonDocument command, String typeOfOperation, String klassName, String methodName) { NoSQLOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() && command != null) { + if (command != null) { operation = new NoSQLOperation(command.toJson(), typeOfOperation, klassName, methodName); NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); NewRelicSecurity.getAgent().registerOperation(operation); @@ -81,18 +80,16 @@ public static AbstractOperation recordMongoOperation(BsonDocument command, Strin public static AbstractOperation recordMongoOperation(List command, String typeOfOperation, String klassName, String methodName) { NoSQLOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List operations = new ArrayList<>(); - for (BsonDocument cmd : command) { - if(cmd != null) { - operations.add(cmd.toJson()); - } + List operations = new ArrayList<>(); + for (BsonDocument cmd : command) { + if(cmd != null) { + operations.add(cmd.toJson()); } - operation = new NoSQLOperation(operations, typeOfOperation, klassName, methodName); - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - NewRelicSecurity.getAgent().registerOperation(operation); } + operation = new NoSQLOperation(operations, typeOfOperation, klassName, methodName); + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); + NewRelicSecurity.getAgent().registerOperation(operation); + } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MONGODB_3_6, e.getMessage()), e, MongoUtil.class.getName()); @@ -118,43 +115,33 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public static boolean acquireLockIfPossible(VulnerabilityCaseType nosqlDbCommand, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public static AbstractOperation recordWriteRequest(List writeRequest, String klassName, String methodName) { NoSQLOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List operations = new ArrayList<>(); - for (WriteRequest request : writeRequest) { - if(request instanceof InsertRequest){ - InsertRequest insertRequest = (InsertRequest) request; - operations.add(insertRequest.getDocument().toJson()); - } else if (request instanceof DeleteRequest){ - DeleteRequest deleteRequest = (DeleteRequest) request; - operations.add(deleteRequest.getFilter().toJson()); - } else if (request instanceof UpdateRequest){ - UpdateRequest updateRequest = (UpdateRequest) request; - operations.add(updateRequest.getUpdate().toJson()); - operations.add(updateRequest.getFilter().toJson()); - } + List operations = new ArrayList<>(); + for (WriteRequest request : writeRequest) { + if(request instanceof InsertRequest){ + InsertRequest insertRequest = (InsertRequest) request; + operations.add(insertRequest.getDocument().toJson()); + } else if (request instanceof DeleteRequest){ + DeleteRequest deleteRequest = (DeleteRequest) request; + operations.add(deleteRequest.getFilter().toJson()); + } else if (request instanceof UpdateRequest){ + UpdateRequest updateRequest = (UpdateRequest) request; + operations.add(updateRequest.getUpdate().toJson()); + operations.add(updateRequest.getFilter().toJson()); } - operation = new NoSQLOperation(operations, OP_WRITE, klassName, methodName); - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - NewRelicSecurity.getAgent().registerOperation(operation); } + operation = new NoSQLOperation(operations, OP_WRITE, klassName, methodName); + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); + NewRelicSecurity.getAgent().registerOperation(operation); } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MONGODB_3_6, e.getMessage()), e, MongoUtil.class.getName()); @@ -170,9 +157,7 @@ public static AbstractOperation getReadAbstractOperation(ReadOperation op AbstractOperation noSQLOperation = null; try { List operations; - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - } + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); if (operation instanceof AggregateOperation) { AggregateOperation aggregateOperation = (AggregateOperation) operation; noSQLOperation = recordMongoOperation(aggregateOperation.getPipeline(), MongoUtil.OP_AGGREGATE, className, methodName); diff --git a/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java b/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java index 31b2762a0..ed9cb92b6 100644 --- a/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java +++ b/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java @@ -32,18 +32,11 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio } private void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } private boolean acquireLockIfPossible(VulnerabilityCaseType nosqlDbCommand, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public T execute(ReadOperation operation, ReadPreference readPreference, @Nullable ClientSession session) { diff --git a/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java b/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java index b9d39d315..8744848cc 100644 --- a/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java +++ b/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/operation/CommandReadOperation_Instrumentation.java @@ -20,10 +20,9 @@ public class CommandReadOperation_Instrumentation { public T execute(final ReadBinding binding) { AbstractOperation noSQLOperation = null; boolean isLockAcquired = MongoUtil.acquireLockIfPossible(VulnerabilityCaseType.NOSQL_DB_COMMAND, this.hashCode()); - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - } + if (isLockAcquired) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); noSQLOperation = MongoUtil.recordMongoOperation(command, MongoUtil.OP_READ, this.getClass().getName(), MongoUtil.METHOD_EXECUTE); } T returnVal = null; diff --git a/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/operation/CommandWriteOperation_Instrumentation.java b/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/operation/CommandWriteOperation_Instrumentation.java index 1df90c4b5..1889a3bca 100644 --- a/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/operation/CommandWriteOperation_Instrumentation.java +++ b/instrumentation-security/mongodb-3.7/src/main/java/com/mongodb/operation/CommandWriteOperation_Instrumentation.java @@ -20,10 +20,8 @@ public class CommandWriteOperation_Instrumentation { public T execute(final WriteBinding binding) { AbstractOperation noSQLOperation = null; boolean isLockAcquired = MongoUtil.acquireLockIfPossible(VulnerabilityCaseType.NOSQL_DB_COMMAND, this.hashCode()); - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); - } if (isLockAcquired) { + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); noSQLOperation = MongoUtil.recordMongoOperation(command, MongoUtil.OP_WRITE, this.getClass().getName(), MongoUtil.METHOD_EXECUTE); } T returnVal = null; diff --git a/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index b2c9efea7..6c6b8981d 100644 --- a/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -59,8 +59,7 @@ public class MongoUtil { public static AbstractOperation recordMongoOperation(BsonDocument command, String typeOfOperation, String klassName, String methodName) { NoSQLOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() && command != null) { + if (command != null) { operation = new NoSQLOperation(command.toJson(), typeOfOperation, klassName, methodName); NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); NewRelicSecurity.getAgent().registerOperation(operation); @@ -79,18 +78,15 @@ public static AbstractOperation recordMongoOperation(BsonDocument command, Strin public static AbstractOperation recordMongoOperation(List command, String typeOfOperation, String klassName, String methodName) { NoSQLOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List operations = new ArrayList<>(); - for (BsonDocument cmd : command) { - if(cmd != null) { - operations.add(cmd.toJson()); - } + List operations = new ArrayList<>(); + for (BsonDocument cmd : command) { + if(cmd != null) { + operations.add(cmd.toJson()); } - operation = new NoSQLOperation(operations, typeOfOperation, klassName, methodName); - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - NewRelicSecurity.getAgent().registerOperation(operation); } + operation = new NoSQLOperation(operations, typeOfOperation, klassName, methodName); + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); + NewRelicSecurity.getAgent().registerOperation(operation); } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MONGODB_3_7, e.getMessage()), e, MongoUtil.class.getName()); @@ -116,18 +112,11 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public static boolean acquireLockIfPossible(VulnerabilityCaseType nosqlDbCommand, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public static AbstractOperation recordWriteRequest(List writeRequest, String klassName, String methodName) { @@ -168,9 +157,8 @@ public static AbstractOperation getReadAbstractOperation(ReadOperation op AbstractOperation noSQLOperation = null; try { List operations; - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - } + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); + if (operation instanceof AggregateOperation) { AggregateOperation aggregateOperation = (AggregateOperation) operation; noSQLOperation = recordMongoOperation(aggregateOperation.getPipeline(), MongoUtil.OP_AGGREGATE, className, methodName); diff --git a/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java b/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java index 4e89a0475..6dd0d1814 100644 --- a/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java +++ b/instrumentation-security/mongodb-3.8/src/main/java/com/mongodb/client/internal/OperationExecutor_Instrumentation.java @@ -33,18 +33,11 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio } private void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } private boolean acquireLockIfPossible(VulnerabilityCaseType nosqlDbCommand, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public T execute(ReadOperation operation, ReadPreference readPreference, ReadConcern readConcern, @Nullable com.mongodb.client.ClientSession session) { diff --git a/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java b/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java index 6ac31af4e..b0538ef40 100644 --- a/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java +++ b/instrumentation-security/mongodb-3.8/src/main/java/com/newrelic/agent/security/instrumentation/mongo/MongoUtil.java @@ -49,8 +49,7 @@ public class MongoUtil { public static AbstractOperation recordMongoOperation(BsonDocument command, String typeOfOperation, String klassName, String methodName) { NoSQLOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() && command != null) { + if (command != null) { operation = new NoSQLOperation(command.toJson(), typeOfOperation, klassName, methodName); NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(3); NewRelicSecurity.getAgent().registerOperation(operation); @@ -67,18 +66,15 @@ public static AbstractOperation recordMongoOperation(BsonDocument command, Strin public static AbstractOperation recordMongoOperation(List command, String typeOfOperation, String klassName, String methodName) { NoSQLOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List operations = new ArrayList<>(); - for (BsonDocument cmd : command) { - if(cmd != null) { - operations.add(cmd.toJson()); - } + List operations = new ArrayList<>(); + for (BsonDocument cmd : command) { + if(cmd != null) { + operations.add(cmd.toJson()); } - operation = new NoSQLOperation(operations, typeOfOperation, klassName, methodName); - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - NewRelicSecurity.getAgent().registerOperation(operation); } + operation = new NoSQLOperation(operations, typeOfOperation, klassName, methodName); + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); + NewRelicSecurity.getAgent().registerOperation(operation); } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MONGODB_3_8, e.getMessage()), e, MongoUtil.class.getName()); @@ -104,43 +100,33 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public static boolean acquireLockIfPossible(VulnerabilityCaseType nosqlDbCommand, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(nosqlDbCommand, MongoUtil.NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public static AbstractOperation recordWriteRequest(List writeRequest, String klassName, String methodName) { NoSQLOperation operation = null; try { - if (NewRelicSecurity.isHookProcessingActive() && - !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { - List operations = new ArrayList<>(); - for (WriteRequest request : writeRequest) { - if(request instanceof InsertRequest){ - InsertRequest insertRequest = (InsertRequest) request; - operations.add(insertRequest.getDocument().toJson()); - } else if (request instanceof DeleteRequest){ - DeleteRequest deleteRequest = (DeleteRequest) request; - operations.add(deleteRequest.getFilter().toJson()); - } else if (request instanceof UpdateRequest){ - UpdateRequest updateRequest = (UpdateRequest) request; - operations.add(updateRequest.getUpdate().toJson()); - operations.add(updateRequest.getFilter().toJson()); - } + List operations = new ArrayList<>(); + for (WriteRequest request : writeRequest) { + if(request instanceof InsertRequest){ + InsertRequest insertRequest = (InsertRequest) request; + operations.add(insertRequest.getDocument().toJson()); + } else if (request instanceof DeleteRequest){ + DeleteRequest deleteRequest = (DeleteRequest) request; + operations.add(deleteRequest.getFilter().toJson()); + } else if (request instanceof UpdateRequest){ + UpdateRequest updateRequest = (UpdateRequest) request; + operations.add(updateRequest.getUpdate().toJson()); + operations.add(updateRequest.getFilter().toJson()); } - operation = new NoSQLOperation(operations, OP_WRITE, klassName, methodName); - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - NewRelicSecurity.getAgent().registerOperation(operation); } + operation = new NoSQLOperation(operations, OP_WRITE, klassName, methodName); + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); + NewRelicSecurity.getAgent().registerOperation(operation); } catch (Throwable e) { if (e instanceof NewRelicSecurityException) { NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MONGODB_3_8, e.getMessage()), e, MongoUtil.class.getName()); @@ -235,9 +221,8 @@ public static AbstractOperation getReadAbstractOperation(ReadOperation op AbstractOperation noSQLOperation = null; try { List operations; - if (NewRelicSecurity.isHookProcessingActive()){ - NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); - } + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFromJumpRequiredInStackTrace(4); + if (operation instanceof AggregateOperation) { AggregateOperation aggregateOperation = (AggregateOperation) operation; noSQLOperation = recordMongoOperation(aggregateOperation.getPipeline(), MongoUtil.OP_AGGREGATE, className, methodName); diff --git a/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java b/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java index 4683aab38..386b7a75c 100644 --- a/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java +++ b/instrumentation-security/mule-3.6/src/main/java/com/newrelic/agent/security/instrumentation/mule36/MuleHelper.java @@ -86,10 +86,6 @@ public static void processHttpRequestHeader(HttpRequest httpRequest, com.newreli } } - public static String getNrSecCustomAttribName(String customAttribute) { - return customAttribute + Thread.currentThread().getId(); - } - public static String getTraceHeader(Map headers) { String data = EMPTY; if (headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) { diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index c67512563..4cccb44a4 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -7,8 +7,10 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.SecurityMetaData; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; +import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.api.agent.weaver.MatchType; import com.newrelic.api.agent.weaver.Weave; import com.newrelic.api.agent.weaver.Weaver; @@ -45,15 +47,9 @@ public static MuleEvent transform(final HttpRequestContext requestContext, final private static void preprocessSecurityHook(HttpRequestContext requestContext) { try { - if (!NewRelicSecurity.isHookProcessingActive()) { - return; - } SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); com.newrelic.api.agent.security.schema.HttpRequest securityRequest = securityMetaData.getRequest(); - if (securityRequest.isRequestParsed()) { - return; - } AgentMetaData securityAgentMetaData = securityMetaData.getMetaData(); @@ -111,22 +107,17 @@ private static void postProcessSecurityHook() { ServletHelper.tmpFileCleanUp(NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getTempFiles()); } catch (Throwable e) { if(e instanceof NewRelicSecurityException){ - e.printStackTrace(); + NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MuleHelper.MULE_36, e.getMessage()), e, HttpRequestToMuleEvent_Instrumentation.class.getName()); throw e; } } } private static boolean acquireLockIfPossible(int hashcode) { - try { - return GenericHelper.acquireLockIfPossible(MuleHelper.getNrSecCustomAttribName()); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, MuleHelper.getNrSecCustomAttribName()); } private static void releaseLock(int hashcode) { - try { - GenericHelper.releaseLock(MuleHelper.getNrSecCustomAttribName()); - } catch (Throwable e) {} + GenericHelper.releaseLock(MuleHelper.getNrSecCustomAttribName()); } } diff --git a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index 5b4de2ce6..4b660fb86 100644 --- a/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.6/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -7,8 +7,10 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.SecurityMetaData; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; +import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.api.agent.weaver.MatchType; import com.newrelic.api.agent.weaver.Weave; import com.newrelic.api.agent.weaver.Weaver; @@ -36,15 +38,8 @@ public void handleRequest(HttpRequestContext requestContext, HttpResponseReadyCa private void preprocessSecurityHook(HttpRequestContext requestContext) { try { - if (!NewRelicSecurity.isHookProcessingActive()) { - return; - } SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - com.newrelic.api.agent.security.schema.HttpRequest securityRequest = securityMetaData.getRequest(); - if (securityRequest.isRequestParsed()) { - return; - } AgentMetaData securityAgentMetaData = securityMetaData.getMetaData(); @@ -101,22 +96,17 @@ private void postProcessSecurityHook() { ServletHelper.tmpFileCleanUp(NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getTempFiles()); } catch (Throwable e) { if(e instanceof NewRelicSecurityException){ - e.printStackTrace(); + NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MuleHelper.MULE_36, e.getMessage()), e, this.getClass().getName()); throw e; } } } private boolean acquireLockIfPossible(int hashcode) { - try { - return GenericHelper.acquireLockIfPossible(MuleHelper.getNrSecCustomAttribName()); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, MuleHelper.getNrSecCustomAttribName()); } private void releaseLock(int hashcode) { - try { - GenericHelper.releaseLock(MuleHelper.getNrSecCustomAttribName()); - } catch (Throwable e) {} + GenericHelper.releaseLock(MuleHelper.getNrSecCustomAttribName()); } } diff --git a/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java b/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java index a17bae1b4..75c838ff6 100644 --- a/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java +++ b/instrumentation-security/mule-3.7/src/main/java/com/newrelic/agent/security/instrumentation/mule37/MuleHelper.java @@ -109,10 +109,6 @@ public static String getNrSecCustomAttribName() { return MULE_LOCK_CUSTOM_ATTRIB_NAME + Thread.currentThread().getId(); } - public static String getNrSecCustomAttribName(String customAttribute) { - return customAttribute + Thread.currentThread().getId(); - } - public static void gatherURLMappings(HttpListener messageSource, List messageProcessors) { try { String path = messageSource.getPath(); diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java index dbd8ff353..dea1feef9 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/HttpRequestToMuleEvent_Instrumentation.java @@ -7,8 +7,10 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.SecurityMetaData; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; +import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.api.agent.weaver.MatchType; import com.newrelic.api.agent.weaver.Weave; import com.newrelic.api.agent.weaver.Weaver; @@ -108,22 +110,17 @@ private static void postProcessSecurityHook() { ServletHelper.tmpFileCleanUp(NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getTempFiles()); } catch (Throwable e) { if(e instanceof NewRelicSecurityException){ - e.printStackTrace(); + NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MuleHelper.MULE_37, e.getMessage()), e, HttpRequestToMuleEvent_Instrumentation.class.getName()); throw e; } } } private static boolean acquireLockIfPossible(int hashcode) { - try { - return GenericHelper.acquireLockIfPossible(MuleHelper.getNrSecCustomAttribName()); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, MuleHelper.getNrSecCustomAttribName()); } private static void releaseLock(int hashcode) { - try { - GenericHelper.releaseLock(MuleHelper.getNrSecCustomAttribName()); - } catch (Throwable e) {} + GenericHelper.releaseLock(MuleHelper.getNrSecCustomAttribName()); } } diff --git a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java index 4dd3ad108..a057b1c15 100644 --- a/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java +++ b/instrumentation-security/mule-3.7/src/main/java/org/mule/module/http/internal/listener/async/RequestHandler_Instrumentation.java @@ -7,8 +7,10 @@ import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.SecurityMetaData; +import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; +import com.newrelic.api.agent.security.utils.logging.LogLevel; import com.newrelic.api.agent.weaver.MatchType; import com.newrelic.api.agent.weaver.Weave; import com.newrelic.api.agent.weaver.Weaver; @@ -36,15 +38,9 @@ public void handleRequest(HttpRequestContext requestContext, HttpResponseReadyCa private void preprocessSecurityHook(HttpRequestContext requestContext) { try { - if (!NewRelicSecurity.isHookProcessingActive()) { - return; - } SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); com.newrelic.api.agent.security.schema.HttpRequest securityRequest = securityMetaData.getRequest(); - if (securityRequest.isRequestParsed()) { - return; - } AgentMetaData securityAgentMetaData = securityMetaData.getMetaData(); @@ -101,22 +97,17 @@ private void postProcessSecurityHook() { ServletHelper.tmpFileCleanUp(NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getTempFiles()); } catch (Throwable e) { if(e instanceof NewRelicSecurityException){ - e.printStackTrace(); + NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, MuleHelper.MULE_37, e.getMessage()), e, this.getClass().getName()); throw e; } } } private boolean acquireLockIfPossible(int hashcode) { - try { - return GenericHelper.acquireLockIfPossible(MuleHelper.getNrSecCustomAttribName()); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, MuleHelper.getNrSecCustomAttribName()); } private void releaseLock(int hashcode) { - try { - GenericHelper.releaseLock(MuleHelper.getNrSecCustomAttribName()); - } catch (Throwable e) {} + GenericHelper.releaseLock(MuleHelper.getNrSecCustomAttribName()); } } diff --git a/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java b/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java index 25b8007db..0775ffd7c 100644 --- a/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java +++ b/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/api/scripting/NashornScriptEngine_Instrumentation.java @@ -75,10 +75,6 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook(ScriptFunction_Instrumentation script, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ - return null; - } String content = NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(JSEngineUtils.NASHORN_CONTENT + script.hashCode(), String.class); if(StringUtils.isEmpty(content)){ return null; @@ -101,9 +97,7 @@ private AbstractOperation preprocessSecurityHook(ScriptFunction_Instrumentation private AbstractOperation preprocessSecurityHook (String script, String methodName){ try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - StringUtils.isBlank(script)){ + if (StringUtils.isBlank(script)){ return null; } JSInjectionOperation jsInjectionOperation = new JSInjectionOperation(script, this.getClass().getName(), methodName); @@ -123,15 +117,10 @@ private AbstractOperation preprocessSecurityHook (String script, String methodNa } private void releaseLock() { - try { - GenericHelper.releaseLock(JSEngineUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(JSEngineUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible(VulnerabilityCaseType javascriptInjection) { - try { - return GenericHelper.acquireLockIfPossible(javascriptInjection, JSEngineUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(javascriptInjection, JSEngineUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } } diff --git a/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/internal/runtime/ScriptFunction_Instrumentation.java b/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/internal/runtime/ScriptFunction_Instrumentation.java index 6b4cfde83..3b9ba7fea 100644 --- a/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/internal/runtime/ScriptFunction_Instrumentation.java +++ b/instrumentation-security/nashorn-jsinjection/src/main/java/jdk/nashorn/internal/runtime/ScriptFunction_Instrumentation.java @@ -10,7 +10,7 @@ public class ScriptFunction_Instrumentation { private ScriptFunction_Instrumentation(ScriptFunctionData data, PropertyMap map, ScriptObject scope, Global global) { - if(data instanceof RecompilableScriptFunctionData) { + if(data instanceof RecompilableScriptFunctionData && NewRelicSecurity.getAgent().getSecurityMetaData() != null) { Source source = ((RecompilableScriptFunctionData) data).getSource(); NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(JSEngineUtils.NASHORN_CONTENT + this.hashCode(), String.valueOf(source.getContent())); } diff --git a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/channel/ChannelOutboundHandler_Instrumentation.java b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/channel/ChannelOutboundHandler_Instrumentation.java index 3a6bfd8d4..869e5cfb4 100644 --- a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/channel/ChannelOutboundHandler_Instrumentation.java +++ b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/channel/ChannelOutboundHandler_Instrumentation.java @@ -7,15 +7,12 @@ package security.io.netty400.channel; -import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.weaver.MatchType; import com.newrelic.api.agent.weaver.Weave; import com.newrelic.api.agent.weaver.Weaver; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelPromise; import io.netty.handler.codec.http.FullHttpResponse; -import io.netty.handler.codec.http.HttpContent; -import io.netty.handler.codec.http.HttpRequest; import security.io.netty400.utils.NettyUtils; @Weave(type = MatchType.Interface, originalName = "io.netty.channel.ChannelOutboundHandler") @@ -24,7 +21,7 @@ public abstract class ChannelOutboundHandler_Instrumentation { public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise) throws Exception { boolean isLockAcquired = false; if (msg instanceof FullHttpResponse){ - isLockAcquired = NettyUtils.acquireNettyLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, NettyUtils.NR_SEC_NETTY_OPERATIONAL_LOCK_OUTBOUND); + isLockAcquired = NettyUtils.acquireNettyLockIfPossible(null, NettyUtils.NR_SEC_NETTY_OPERATIONAL_LOCK_OUTBOUND); } if (isLockAcquired) { NettyUtils.processSecurityResponse(ctx, msg); diff --git a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java index 81c468ccc..82d9c31a7 100644 --- a/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java +++ b/instrumentation-security/netty-4.0.0/src/main/java/security/io/netty400/utils/NettyUtils.java @@ -41,17 +41,11 @@ public class NettyUtils { public static void processSecurityRequest(ChannelHandlerContext ctx, Object msg, String className) { try { - if (!NewRelicSecurity.isHookProcessingActive()) { - return; - } if (msg instanceof HttpRequest) { SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); com.newrelic.api.agent.security.schema.HttpRequest securityRequest = securityMetaData.getRequest(); - if (!NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() && securityRequest.isRequestParsed()) { - return; - } securityRequest.setMethod(((HttpRequest) msg).getMethod().name()); securityRequest.setUrl(((HttpRequest) msg).getUri()); setClientAddressDetails(securityMetaData, ctx.channel().remoteAddress().toString()); @@ -189,7 +183,7 @@ public static void processSecurityResponse(ChannelHandlerContext ctx, Object msg public static void sendRXSSEvent(ChannelHandlerContext ctx, Object msg, String className, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || !(msg instanceof FullHttpResponse)) { + if (!NewRelicSecurity.isHookProcessingActive() || !(msg instanceof FullHttpResponse) || NewRelicSecurity.getAgent().getIastDetectionCategory().getRxssEnabled()) { return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(((FullHttpResponse) msg).getStatus().code()); diff --git a/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/channel/ChannelOutboundHandler_Instrumentation.java b/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/channel/ChannelOutboundHandler_Instrumentation.java index 3a6bfd8d4..cd8c4d24b 100644 --- a/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/channel/ChannelOutboundHandler_Instrumentation.java +++ b/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/channel/ChannelOutboundHandler_Instrumentation.java @@ -24,7 +24,7 @@ public abstract class ChannelOutboundHandler_Instrumentation { public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise) throws Exception { boolean isLockAcquired = false; if (msg instanceof FullHttpResponse){ - isLockAcquired = NettyUtils.acquireNettyLockIfPossible(VulnerabilityCaseType.REFLECTED_XSS, NettyUtils.NR_SEC_NETTY_OPERATIONAL_LOCK_OUTBOUND); + isLockAcquired = NettyUtils.acquireNettyLockIfPossible(null, NettyUtils.NR_SEC_NETTY_OPERATIONAL_LOCK_OUTBOUND); } if (isLockAcquired) { NettyUtils.processSecurityResponse(ctx, msg); diff --git a/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java b/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java index 7901d121d..6b7428070 100644 --- a/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java +++ b/instrumentation-security/netty-4.0.8/src/main/java/security/io/netty400/utils/NettyUtils.java @@ -41,17 +41,11 @@ public class NettyUtils { public static void processSecurityRequest(ChannelHandlerContext ctx, Object msg, String className) { try { - if (!NewRelicSecurity.isHookProcessingActive()) { - return; - } if (msg instanceof HttpRequest) { SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); com.newrelic.api.agent.security.schema.HttpRequest securityRequest = securityMetaData.getRequest(); - if (!NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() && securityRequest.isRequestParsed()) { - return; - } securityRequest.setMethod(((HttpRequest) msg).getMethod().name()); securityRequest.setUrl(((HttpRequest) msg).getUri()); setClientAddressDetails(securityMetaData, ctx.channel().remoteAddress().toString()); @@ -189,7 +183,7 @@ public static void processSecurityResponse(ChannelHandlerContext ctx, Object msg public static void sendRXSSEvent(ChannelHandlerContext ctx, Object msg, String className, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || !(msg instanceof FullHttpResponse)) { + if (!NewRelicSecurity.isHookProcessingActive() || !(msg instanceof FullHttpResponse) || NewRelicSecurity.getAgent().getIastDetectionCategory().getRxssEnabled()) { return; } NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(((FullHttpResponse) msg).getStatus().code()); diff --git a/instrumentation-security/ning-async-http-client-1.0.0/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_0/NingHelper.java b/instrumentation-security/ning-async-http-client-1.0.0/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_0/NingHelper.java index 8234aaa1b..453f5fb12 100644 --- a/instrumentation-security/ning-async-http-client-1.0.0/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_0/NingHelper.java +++ b/instrumentation-security/ning-async-http-client-1.0.0/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_0/NingHelper.java @@ -33,10 +33,6 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp public static AbstractOperation preprocessSecurityHook(Request request, String uri, String methodName, String className) { try { SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (!NewRelicSecurity.isHookProcessingActive() || securityMetaData.getRequest().isEmpty() - ) { - return null; - } // Add Security IAST header String iastHeader = NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getRaw(); @@ -73,17 +69,10 @@ public static AbstractOperation preprocessSecurityHook(Request request, String u } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public static boolean acquireLockIfPossible(VulnerabilityCaseType httpRequest, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(httpRequest, NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(httpRequest, NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } } diff --git a/instrumentation-security/ning-async-http-client-1.1.0/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_1/NingHelper.java b/instrumentation-security/ning-async-http-client-1.1.0/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_1/NingHelper.java index 16bdab028..64635c53c 100644 --- a/instrumentation-security/ning-async-http-client-1.1.0/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_1/NingHelper.java +++ b/instrumentation-security/ning-async-http-client-1.1.0/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_1/NingHelper.java @@ -30,10 +30,6 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp public static AbstractOperation preprocessSecurityHook(Request request, String uri, String methodName, String className) { try { SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (!NewRelicSecurity.isHookProcessingActive() || securityMetaData.getRequest().isEmpty() - ) { - return null; - } // Add Security IAST header String iastHeader = NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getRaw(); @@ -68,17 +64,10 @@ public static AbstractOperation preprocessSecurityHook(Request request, String u } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public static boolean acquireLockIfPossible(VulnerabilityCaseType httpRequest, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(httpRequest, NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(httpRequest, NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } } diff --git a/instrumentation-security/ning-async-http-client-1.6.1/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_6_1/NingHelper.java b/instrumentation-security/ning-async-http-client-1.6.1/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_6_1/NingHelper.java index b6db3e353..0110f2ba2 100644 --- a/instrumentation-security/ning-async-http-client-1.6.1/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_6_1/NingHelper.java +++ b/instrumentation-security/ning-async-http-client-1.6.1/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_6_1/NingHelper.java @@ -33,10 +33,6 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp public static AbstractOperation preprocessSecurityHook(Request request, String uri, String methodName, String className) { try { SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (!NewRelicSecurity.isHookProcessingActive() || securityMetaData.getRequest().isEmpty() - ) { - return null; - } // Add Security IAST header String iastHeader = NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getRaw(); @@ -73,17 +69,10 @@ public static AbstractOperation preprocessSecurityHook(Request request, String u } public static void releaseLock(int hashCode) { - try { - GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } + GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } public static boolean acquireLockIfPossible(VulnerabilityCaseType httpRequest, int hashCode) { - try { - return GenericHelper.acquireLockIfPossible(httpRequest, NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); - } catch (Throwable ignored) { - } - return false; + return GenericHelper.acquireLockIfPossible(httpRequest, NR_SEC_CUSTOM_ATTRIB_NAME, hashCode); } } diff --git a/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java b/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java index deb8b30f2..1cf6e8926 100644 --- a/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java +++ b/instrumentation-security/okhttp-3.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp30/OkhttpHelper.java @@ -13,29 +13,18 @@ public class OkhttpHelper { - public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "OKHTTP_OPERATION_LOCK-"; + private static final String NR_SEC_CUSTOM_ATTRIB_NAME = "OKHTTP_OPERATION_LOCK-"; public static final String METHOD_EXECUTE = "execute"; public static final String OKHTTP_3_0_0 = "OKHTTP-3.0.0"; - public static boolean skipExistsEvent() { - if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && - NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { - return true; - } - - return false; - } - public static String getNrSecCustomAttribName() { return NR_SEC_CUSTOM_ATTRIB_NAME + Thread.currentThread().getId(); } public static AbstractOperation preprocessSecurityHook(String url, String className, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - url == null || url.trim().isEmpty()) { + if (url == null || url.trim().isEmpty()) { return null; } @@ -58,7 +47,7 @@ public static AbstractOperation preprocessSecurityHook(String url, String classN public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || OkhttpHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() ) { return; } diff --git a/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java b/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java index 954687e05..776224375 100644 --- a/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java +++ b/instrumentation-security/okhttp-3.5.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp35/OkhttpHelper.java @@ -13,19 +13,11 @@ public class OkhttpHelper { - public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "OKHTTP_OPERATION_LOCK-"; + private static final String NR_SEC_CUSTOM_ATTRIB_NAME = "OKHTTP_OPERATION_LOCK-"; public static final String METHOD_EXECUTE = "execute"; public static final String OKHTTP_3_5_0 = "OKHTTP-3.5.0"; - public static boolean skipExistsEvent() { - if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && - NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { - return true; - } - - return false; - } public static String getNrSecCustomAttribName() { return NR_SEC_CUSTOM_ATTRIB_NAME + Thread.currentThread().getId(); @@ -33,9 +25,7 @@ public static String getNrSecCustomAttribName() { public static AbstractOperation preprocessSecurityHook(String url, String className, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - url == null || url.trim().isEmpty()) { + if (url == null || url.trim().isEmpty()) { return null; } SSRFOperation ssrfOperation = new SSRFOperation(url, className, methodName); @@ -56,7 +46,7 @@ public static AbstractOperation preprocessSecurityHook(String url, String classN public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || OkhttpHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() ) { return; } diff --git a/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java b/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java index 2274e5ef7..eccd82f4a 100644 --- a/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java +++ b/instrumentation-security/okhttp-4.0.0/src/main/java/com/newrelic/agent/security/instrumentation/okhttp40/OkhttpHelper.java @@ -13,20 +13,11 @@ public class OkhttpHelper { - public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "OKHTTP_OPERATION_LOCK-"; + private static final String NR_SEC_CUSTOM_ATTRIB_NAME = "OKHTTP_OPERATION_LOCK-"; public static final String METHOD_EXECUTE = "execute"; public static final String OKHTTP_4_0_0 = "OKHTTP-4.0.0"; - public static boolean skipExistsEvent() { - if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && - NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { - return true; - } - - return false; - } - public static String getNrSecCustomAttribName() { return NR_SEC_CUSTOM_ATTRIB_NAME + Thread.currentThread().getId(); } @@ -34,9 +25,7 @@ public static String getNrSecCustomAttribName() { public static AbstractOperation preprocessSecurityHook(String url, String className, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - url == null || url.trim().isEmpty()) { + if (url == null || url.trim().isEmpty()) { return null; } SSRFOperation ssrfOperation = new SSRFOperation(url, className, methodName); @@ -57,7 +46,7 @@ public static AbstractOperation preprocessSecurityHook(String url, String classN public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || OkhttpHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() ) { return; } diff --git a/instrumentation-security/play-2.13_2.7/src/main/scala/com/newrelic/agent/security/instrumentation/play2_13/HandlerInvoker.scala b/instrumentation-security/play-2.13_2.7/src/main/scala/com/newrelic/agent/security/instrumentation/play2_13/HandlerInvoker.scala index efc73744b..3e2665289 100644 --- a/instrumentation-security/play-2.13_2.7/src/main/scala/com/newrelic/agent/security/instrumentation/play2_13/HandlerInvoker.scala +++ b/instrumentation-security/play-2.13_2.7/src/main/scala/com/newrelic/agent/security/instrumentation/play2_13/HandlerInvoker.scala @@ -26,23 +26,22 @@ class HandlerInvokerFactory[T] { class NewRelicWrapperInvoker[A](underlyingInvoker: HandlerInvoker[A], handlerDef: HandlerDef) extends HandlerInvoker[A] { def call(call: => A): Handler = { + if (NewRelicSecurity.isHookProcessingActive){ + return underlyingInvoker.call(call) + } try { - if (NewRelicSecurity.isHookProcessingActive) { val stackTraceElement = new StackTraceElement(handlerDef.controller, handlerDef.method, null , -1) val securityMetaData = NewRelicSecurity.getAgent.getSecurityMetaData securityMetaData.addCustomAttribute(GenericHelper.USER_CLASS_ENTITY, stackTraceElement) securityMetaData.getMetaData.setUserLevelServiceMethodEncountered(true) - } } catch { case t: Throwable => NewRelicSecurity.getAgent.log(LogLevel.FINEST, String.format(GenericHelper.ERROR_WHILE_DETECTING_USER_CLASS, "PLAY-2.13_2.7"), t, this.getClass.getName) } // route detection try { - if (NewRelicSecurity.isHookProcessingActive) { NewRelicSecurity.getAgent.getSecurityMetaData.getRequest.setRoute(handlerDef.path) NewRelicSecurity.getAgent.getSecurityMetaData.getMetaData.setFramework(Framework.PLAY) - } } catch { case t: Throwable => NewRelicSecurity.getAgent.log(LogLevel.FINEST, String.format(GenericHelper.ERROR_WHILE_GETTING_ROUTE_FOR_INCOMING_REQUEST, "PLAY-2.13_2.7"), t, this.getClass.getName) } diff --git a/instrumentation-security/play-2.4/src/main/scala/com/newrelic/agent/security/instrumentation/play24/HandlerInvoker.scala b/instrumentation-security/play-2.4/src/main/scala/com/newrelic/agent/security/instrumentation/play24/HandlerInvoker.scala index ced6c8e13..8467d4d61 100644 --- a/instrumentation-security/play-2.4/src/main/scala/com/newrelic/agent/security/instrumentation/play24/HandlerInvoker.scala +++ b/instrumentation-security/play-2.4/src/main/scala/com/newrelic/agent/security/instrumentation/play24/HandlerInvoker.scala @@ -25,23 +25,22 @@ class HandlerInvokerFactory[T] { class NewRelicWrapperInvoker[A](underlyingInvoker: HandlerInvoker[A], handlerDef: HandlerDef) extends HandlerInvoker[A] { def call(call: => A): Handler = { + if (NewRelicSecurity.isHookProcessingActive){ + return underlyingInvoker.call(call) + } try { - if (NewRelicSecurity.isHookProcessingActive) { - val stackTraceElement = new StackTraceElement(handlerDef.controller, handlerDef.method, null , -1) - val securityMetaData = NewRelicSecurity.getAgent.getSecurityMetaData - securityMetaData.addCustomAttribute(GenericHelper.USER_CLASS_ENTITY, stackTraceElement) - securityMetaData.getMetaData.setUserLevelServiceMethodEncountered(true) - } + val stackTraceElement = new StackTraceElement(handlerDef.controller, handlerDef.method, null , -1) + val securityMetaData = NewRelicSecurity.getAgent.getSecurityMetaData + securityMetaData.addCustomAttribute(GenericHelper.USER_CLASS_ENTITY, stackTraceElement) + securityMetaData.getMetaData.setUserLevelServiceMethodEncountered(true) } catch { case t: Throwable => NewRelicSecurity.getAgent.log(LogLevel.FINEST, String.format(GenericHelper.ERROR_WHILE_DETECTING_USER_CLASS, "PLAY-2.4"), t, this.getClass.getName) } // route detection try { - if (NewRelicSecurity.isHookProcessingActive) { - NewRelicSecurity.getAgent.getSecurityMetaData.getRequest.setRoute(handlerDef.path) - NewRelicSecurity.getAgent.getSecurityMetaData.getMetaData.setFramework(Framework.PLAY) - } + NewRelicSecurity.getAgent.getSecurityMetaData.getRequest.setRoute(handlerDef.path) + NewRelicSecurity.getAgent.getSecurityMetaData.getMetaData.setFramework(Framework.PLAY) } catch { case t: Throwable => NewRelicSecurity.getAgent.log(LogLevel.FINEST, String.format(GenericHelper.ERROR_WHILE_GETTING_ROUTE_FOR_INCOMING_REQUEST, "PLAY-2.4"), t, this.getClass.getName) } diff --git a/instrumentation-security/play-2.6/src/main/scala/com/newrelic/agent/security/instrumentation/play26/HandlerInvoker.scala b/instrumentation-security/play-2.6/src/main/scala/com/newrelic/agent/security/instrumentation/play26/HandlerInvoker.scala index ca6b4fbf8..741223a5f 100644 --- a/instrumentation-security/play-2.6/src/main/scala/com/newrelic/agent/security/instrumentation/play26/HandlerInvoker.scala +++ b/instrumentation-security/play-2.6/src/main/scala/com/newrelic/agent/security/instrumentation/play26/HandlerInvoker.scala @@ -26,23 +26,22 @@ class HandlerInvokerFactory[T] { class NewRelicWrapperInvoker[A](underlyingInvoker: HandlerInvoker[A], handlerDef: HandlerDef) extends HandlerInvoker[A] { def call(call: => A): Handler = { + if (NewRelicSecurity.isHookProcessingActive){ + return underlyingInvoker.call(call) + } try { - if (NewRelicSecurity.isHookProcessingActive) { val stackTraceElement = new StackTraceElement(handlerDef.controller, handlerDef.method, null , -1) val securityMetaData = NewRelicSecurity.getAgent.getSecurityMetaData securityMetaData.addCustomAttribute(GenericHelper.USER_CLASS_ENTITY, stackTraceElement) securityMetaData.getMetaData.setUserLevelServiceMethodEncountered(true) - } } catch { case t: Throwable => NewRelicSecurity.getAgent.log(LogLevel.FINEST, String.format(GenericHelper.ERROR_WHILE_DETECTING_USER_CLASS, "PLAY-2.6"), t, this.getClass.getName) } // route detection try { - if (NewRelicSecurity.isHookProcessingActive) { NewRelicSecurity.getAgent.getSecurityMetaData.getRequest.setRoute(handlerDef.path) NewRelicSecurity.getAgent.getSecurityMetaData.getMetaData.setFramework(Framework.PLAY) - } } catch { case t: Throwable => NewRelicSecurity.getAgent.log(LogLevel.FINEST, String.format(GenericHelper.ERROR_WHILE_GETTING_ROUTE_FOR_INCOMING_REQUEST, "PLAY-2.6"), t, this.getClass.getName) } diff --git a/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java b/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java index 99d5ea4db..828fced63 100644 --- a/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java +++ b/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/Client_Instrumentation.java @@ -29,7 +29,7 @@ public void execute(String sql) { Weaver.callOriginal(); } finally { if (isLockAcquired) { - releaseLock(); + R2dbcHelper.releaseLock(); } } registerExitOperation(isLockAcquired, operation); @@ -40,7 +40,7 @@ public void execute(String sql) { private void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || R2dbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() ) { return; } @@ -52,9 +52,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook(String sql, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - sql == null || sql.trim().isEmpty()) { + if (sql == null || sql.trim().isEmpty()) { return null; } SQLOperation sqlOperation = new SQLOperation(this.getClass().getName(), methodName); @@ -76,10 +74,4 @@ private AbstractOperation preprocessSecurityHook(String sql, String methodName) return null; } - private void releaseLock() { - try { - R2dbcHelper.releaseLock(); - } catch (Throwable ignored) { - } - } } diff --git a/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/SessionClient_Instrumentation.java b/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/SessionClient_Instrumentation.java index fcd7c7ae9..fde21da04 100644 --- a/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/SessionClient_Instrumentation.java +++ b/instrumentation-security/r2dbc-h2/src/main/java/io/r2dbc/h2/client/SessionClient_Instrumentation.java @@ -9,7 +9,7 @@ @Weave(type = MatchType.ExactClass, originalName = "io.r2dbc.h2.client.SessionClient") public class SessionClient_Instrumentation { public SessionClient_Instrumentation(ConnectionInfo connectionInfo, boolean shutdownDatabaseOnClose) { - if (NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if (NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(R2DBCVendor.META_CONST_R2DBC_VENDOR, R2DBCVendor.H2); } } diff --git a/instrumentation-security/r2dbc-mariadb/src/main/java/org/mariadb/r2dbc/MariadbConnectionFactory_Instrumentation.java b/instrumentation-security/r2dbc-mariadb/src/main/java/org/mariadb/r2dbc/MariadbConnectionFactory_Instrumentation.java index f215eeefd..45175a35f 100644 --- a/instrumentation-security/r2dbc-mariadb/src/main/java/org/mariadb/r2dbc/MariadbConnectionFactory_Instrumentation.java +++ b/instrumentation-security/r2dbc-mariadb/src/main/java/org/mariadb/r2dbc/MariadbConnectionFactory_Instrumentation.java @@ -11,7 +11,7 @@ @Weave(type = MatchType.Interface, originalName = "org.mariadb.r2dbc.MariadbConnectionFactory") public class MariadbConnectionFactory_Instrumentation { public Mono create() { - if (NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if (NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(R2DBCVendor.META_CONST_R2DBC_VENDOR, R2DBCVendor.MARIA_DB); } return Weaver.callOriginal(); diff --git a/instrumentation-security/r2dbc-mssql/src/main/java/io/r2dbc/mssql/client/ReactorNettyClient_Instrumentation.java b/instrumentation-security/r2dbc-mssql/src/main/java/io/r2dbc/mssql/client/ReactorNettyClient_Instrumentation.java index 0f4f29a01..f5297b46e 100644 --- a/instrumentation-security/r2dbc-mssql/src/main/java/io/r2dbc/mssql/client/ReactorNettyClient_Instrumentation.java +++ b/instrumentation-security/r2dbc-mssql/src/main/java/io/r2dbc/mssql/client/ReactorNettyClient_Instrumentation.java @@ -12,7 +12,7 @@ @Weave(type = MatchType.ExactClass, originalName = "io.r2dbc.mssql.client.ReactorNettyClient") public class ReactorNettyClient_Instrumentation { public static Mono connect(ClientConfiguration configuration, String applicationName, UUID connectionId){ - if (NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if (NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(R2DBCVendor.META_CONST_R2DBC_VENDOR, R2DBCVendor.MSSQL); } return Weaver.callOriginal(); diff --git a/instrumentation-security/r2dbc-mysql/src/main/java/dev/miku/r2dbc/mysql/client/Client_Instrumentation.java b/instrumentation-security/r2dbc-mysql/src/main/java/dev/miku/r2dbc/mysql/client/Client_Instrumentation.java index cb0a8737c..a0f4829ce 100644 --- a/instrumentation-security/r2dbc-mysql/src/main/java/dev/miku/r2dbc/mysql/client/Client_Instrumentation.java +++ b/instrumentation-security/r2dbc-mysql/src/main/java/dev/miku/r2dbc/mysql/client/Client_Instrumentation.java @@ -17,7 +17,7 @@ public class Client_Instrumentation { public static Mono connect( MySqlSslConfiguration ssl, SocketAddress address, boolean tcpKeepAlive, boolean tcpNoDelay, ConnectionContext context, @Nullable Duration connectTimeout) { - if (NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if (NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(R2DBCVendor.META_CONST_R2DBC_VENDOR, R2DBCVendor.MYSQL); } return Weaver.callOriginal(); diff --git a/instrumentation-security/r2dbc-oracle/src/main/java/oracle/r2dbc/impl/OracleConnectionImpl_Instrumentation.java b/instrumentation-security/r2dbc-oracle/src/main/java/oracle/r2dbc/impl/OracleConnectionImpl_Instrumentation.java index aaab9038b..2399e16ef 100644 --- a/instrumentation-security/r2dbc-oracle/src/main/java/oracle/r2dbc/impl/OracleConnectionImpl_Instrumentation.java +++ b/instrumentation-security/r2dbc-oracle/src/main/java/oracle/r2dbc/impl/OracleConnectionImpl_Instrumentation.java @@ -9,7 +9,7 @@ final class OracleConnectionImpl_Instrumentation { @WeaveAllConstructors OracleConnectionImpl_Instrumentation() { - if (NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if (NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(R2DBCVendor.META_CONST_R2DBC_VENDOR, R2DBCVendor.ORACLE); } } diff --git a/instrumentation-security/r2dbc-postgresql/src/main/java/io/r2dbc/postgresql/client/ReactorNettyClient_Instrumentation.java b/instrumentation-security/r2dbc-postgresql/src/main/java/io/r2dbc/postgresql/client/ReactorNettyClient_Instrumentation.java index 0cffbafab..c1bbbc4f5 100644 --- a/instrumentation-security/r2dbc-postgresql/src/main/java/io/r2dbc/postgresql/client/ReactorNettyClient_Instrumentation.java +++ b/instrumentation-security/r2dbc-postgresql/src/main/java/io/r2dbc/postgresql/client/ReactorNettyClient_Instrumentation.java @@ -11,7 +11,7 @@ @Weave(originalName = "io.r2dbc.postgresql.client.ReactorNettyClient") public class ReactorNettyClient_Instrumentation { public static Mono connect(SocketAddress socketAddress, ConnectionSettings settings){ - if (NewRelicSecurity.isHookProcessingActive() && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + if (NewRelicSecurity.getAgent().getSecurityMetaData() != null && !NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(R2DBCVendor.META_CONST_R2DBC_VENDOR, R2DBCVendor.POSTGRES); } return Weaver.callOriginal(); diff --git a/instrumentation-security/rhino-jsinjection/src/main/java/com/newrelic/agent/security/instrumentation/rhino/JSEngineUtils.java b/instrumentation-security/rhino-jsinjection/src/main/java/com/newrelic/agent/security/instrumentation/rhino/JSEngineUtils.java index 785c11091..564e453af 100644 --- a/instrumentation-security/rhino-jsinjection/src/main/java/com/newrelic/agent/security/instrumentation/rhino/JSEngineUtils.java +++ b/instrumentation-security/rhino-jsinjection/src/main/java/com/newrelic/agent/security/instrumentation/rhino/JSEngineUtils.java @@ -3,9 +3,6 @@ public class JSEngineUtils { public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "JSENGINE_OPERATION_LOCK_RIHNO-"; - - public static final String NR_SEC_CUSTOM_ATTRIB_SCRIPT_NAME = "JSENGINE_RIHNO_SCRIPT-"; - public static final String METHOD_EXEC = "exec"; public static final String RHINO_JS_INJECTION = "RHINO-JS-INJECTION"; } diff --git a/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java b/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java index 7a5c2ffbc..dc81f0af2 100644 --- a/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java +++ b/instrumentation-security/rhino-jsinjection/src/main/java/org/mozilla/javascript/ScriptRuntime_Instrumentation.java @@ -56,10 +56,6 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO private static AbstractOperation preprocessSecurityHook(int hashCode, String methodName, Context_Instrumentation context){ try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ - return null; - } if(StringUtils.isNotBlank(context.newScript)) { JSInjectionOperation jsInjectionOperation = new JSInjectionOperation(String.valueOf(context.newScript), "org.mozilla.javascript.Script", methodName); NewRelicSecurity.getAgent().registerOperation(jsInjectionOperation); @@ -77,15 +73,10 @@ private static AbstractOperation preprocessSecurityHook(int hashCode, String met } private static void releaseLock(int code) { - try { - GenericHelper.releaseLock(JSEngineUtils.NR_SEC_CUSTOM_ATTRIB_NAME+code); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(JSEngineUtils.NR_SEC_CUSTOM_ATTRIB_NAME+code); } private static boolean acquireLockIfPossible(VulnerabilityCaseType javascriptInjection, int code) { - try { - return GenericHelper.acquireLockIfPossible(javascriptInjection, JSEngineUtils.NR_SEC_CUSTOM_ATTRIB_NAME+code); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(javascriptInjection, JSEngineUtils.NR_SEC_CUSTOM_ATTRIB_NAME+code); } } diff --git a/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java b/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java index fd01d9a7b..744b94f3d 100644 --- a/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java +++ b/instrumentation-security/saxpath/src/main/java/org/saxpath/XPathReader_Instrumentation.java @@ -49,9 +49,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String patternString, String methodName){ try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - StringUtils.isBlank(patternString)){ + if (StringUtils.isBlank(patternString)){ return null; } XPathOperation xPathOperation = new XPathOperation(patternString, this.getClass().getName(), methodName); @@ -69,15 +67,10 @@ private AbstractOperation preprocessSecurityHook (String patternString, String m } private void releaseLock() { - try { - GenericHelper.releaseLock(XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} + GenericHelper.releaseLock(XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } private boolean acquireLockIfPossible(VulnerabilityCaseType xpath) { - try { - return GenericHelper.acquireLockIfPossible(xpath, XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME); - } catch (Throwable ignored) {} - return false; + return GenericHelper.acquireLockIfPossible(xpath, XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME); } } diff --git a/instrumentation-security/spring-data-redis/src/main/java/org/springframework/data/redis/core/AbstractOperations_Instrumentation.java b/instrumentation-security/spring-data-redis/src/main/java/org/springframework/data/redis/core/AbstractOperations_Instrumentation.java index 2c7b52813..e0fc69138 100644 --- a/instrumentation-security/spring-data-redis/src/main/java/org/springframework/data/redis/core/AbstractOperations_Instrumentation.java +++ b/instrumentation-security/spring-data-redis/src/main/java/org/springframework/data/redis/core/AbstractOperations_Instrumentation.java @@ -28,7 +28,6 @@ byte[] rawHashValue(HV value) { } byte[] rawKey(Object key) { - System.out.println("raw key : "+key); byte[] returnValue = null; returnValue = Weaver.callOriginal(); @@ -47,7 +46,6 @@ byte[] rawString(String key) { } byte[] rawValue(Object value) { - System.out.println("raw value : "+value); byte[] returnValue = null; returnValue = Weaver.callOriginal(); @@ -57,8 +55,7 @@ byte[] rawValue(Object value) { } private void createRedisArgumentEntry(int hashCode, Object entry) { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ + if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ return; } NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(GenericHelper.NR_SEC_CUSTOM_SPRING_REDIS_ATTR + hashCode, entry); diff --git a/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java b/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java index 9c8a58a4a..272b8fa28 100644 --- a/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java +++ b/instrumentation-security/spring-webclient-5.0/src/main/java/com/newrelic/agent/security/instrumentation/spring/client5/SpringWebClientHelper.java @@ -30,9 +30,7 @@ public static String getNrSecCustomAttribName() { public static AbstractOperation preprocessSecurityHook(URI url, HttpMethod method, String className, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - url == null || url.getPath().isEmpty()) { + if (url == null || url.getPath().isEmpty()) { return null; } ArrayList springClientRequestURIs = NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(SPRING_WEB_CLIENT_REQUEST_LIST_CUSTOM_ATTRIB, ArrayList.class); @@ -61,7 +59,7 @@ public static AbstractOperation preprocessSecurityHook(URI url, HttpMethod metho public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() ) { return; } @@ -71,15 +69,6 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp } } - public static boolean skipExistsEvent() { - if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && - NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { - return true; - } - - return false; - } - public static ClientRequest addSecurityHeaders(ClientRequest request, AbstractOperation operation) { if (operation == null || request == null) { return null; diff --git a/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java b/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java index cef4b3e35..37aa72df6 100644 --- a/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java +++ b/instrumentation-security/spymemcached-2.12.0/src/main/java/com/newrelic/agent/security/instrumentation/spy/memcached/MemcachedHelper.java @@ -20,9 +20,6 @@ public class MemcachedHelper { public static AbstractOperation preprocessSecurityHook(String type, String command, String key, Object val, String klass, String method) { try { - if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()){ - return null; - } MemcachedOperation operation = new MemcachedOperation(command, Arrays.asList(key, val), type, klass, method); NewRelicSecurity.getAgent().registerOperation(operation); return operation; @@ -40,7 +37,7 @@ public static AbstractOperation preprocessSecurityHook(String type, String comma public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent()) { return; } NewRelicSecurity.getAgent().registerExitEvent(operation); diff --git a/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java b/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java index d2acc4f83..aad804015 100644 --- a/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java +++ b/instrumentation-security/unboundid-ldapsdk/src/main/java/com/unboundid/ldap/sdk/LDAPInterface_Instrumentation.java @@ -51,7 +51,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String name, String filter, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || StringUtils.isAnyBlank(filter)){ + if (StringUtils.isAnyBlank(filter)){ return null; } LDAPOperation ldapOperation = new LDAPOperation(name, filter, this.getClass().getName(), methodName); diff --git a/instrumentation-security/urlconnection/src/main/java/com/newrelic/agent/security/instrumentation/urlconnection/URLConnection_Instrumentation.java b/instrumentation-security/urlconnection/src/main/java/com/newrelic/agent/security/instrumentation/urlconnection/URLConnection_Instrumentation.java index 637a58bee..3b2e02c50 100644 --- a/instrumentation-security/urlconnection/src/main/java/com/newrelic/agent/security/instrumentation/urlconnection/URLConnection_Instrumentation.java +++ b/instrumentation-security/urlconnection/src/main/java/com/newrelic/agent/security/instrumentation/urlconnection/URLConnection_Instrumentation.java @@ -135,7 +135,7 @@ private static void registerExitOperation(AbstractOperation operation) { private AbstractOperation preprocessSecurityHook(boolean currentCascadedCall, String callArgs, String protocol, String methodName) { try { SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData(); - if (securityMetaData.getRequest().isEmpty() || callArgs == null || callArgs.trim().isEmpty() || currentCascadedCall + if (callArgs == null || callArgs.trim().isEmpty() || currentCascadedCall ) { return null; } diff --git a/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java b/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java index 2e3565615..bbbecf480 100644 --- a/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java +++ b/instrumentation-security/vertx-core-3.3.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java @@ -61,7 +61,7 @@ public void end() { private AbstractOperation preprocessSecurityHook(String url, String className, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || url == null || url.trim().isEmpty()) { + if (url == null || url.trim().isEmpty()) { return null; } SSRFOperation operation = new SSRFOperation(url, className, methodName); diff --git a/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java b/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java index bc671b229..466880ce3 100644 --- a/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java +++ b/instrumentation-security/vertx-core-3.4.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java @@ -62,7 +62,7 @@ public void end() { } private AbstractOperation preprocessSecurityHook(String url, String className, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || url == null || url.trim().isEmpty()) { + if (url == null || url.trim().isEmpty()) { return null; } SSRFOperation operation = new SSRFOperation(url, className, methodName); diff --git a/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java b/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java index e3669b7cc..354f8aa3c 100644 --- a/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java +++ b/instrumentation-security/vertx-core-3.7.1/src/main/java/com/newrelic/agent/security/instrumentation/vertx/web/VertxClientHelper.java @@ -22,9 +22,7 @@ public class VertxClientHelper { public static AbstractOperation preprocessSecurityHook(String url, String className, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - url == null || url.trim().isEmpty()) { + if (url == null || url.trim().isEmpty()) { return null; } diff --git a/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java b/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java index 8c64cf881..596669557 100644 --- a/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java +++ b/instrumentation-security/vertx-core-4.0.0/src/main/java/io/vertx/core/http/impl/HttpClientRequestImpl_Instrumentation.java @@ -90,7 +90,7 @@ public void end(Handler> handler){ } private AbstractOperation preprocessSecurityHook(String url, String className, String methodName) { try { - if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || url == null || url.trim().isEmpty()) { + if (url == null || url.trim().isEmpty()) { return null; } SSRFOperation operation = new SSRFOperation(url, className, methodName); diff --git a/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java b/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java index 9ae200a38..df24e5043 100644 --- a/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java +++ b/instrumentation-security/xalan-xpath/src/main/java/org/apache/xpath/XPath_Instrumentation.java @@ -57,7 +57,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio private AbstractOperation preprocessSecurityHook (String patternString, String methodName){ try { - if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || StringUtils.isBlank(patternString)){ + if (StringUtils.isBlank(patternString)){ return null; } XPathOperation xPathOperation = new XPathOperation(patternString, this.getClass().getName(), methodName); diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java index f975d6b47..ca295a500 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java @@ -56,9 +56,15 @@ private static boolean isLockAcquirePossible(VulnerabilityCaseType caseType) { if (!NewRelicSecurity.isHookProcessingActive()){ return false; } + if (caseType == null){ + return true; + } if (caseType.equals(VulnerabilityCaseType.REFLECTED_XSS) && NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isRequestParsed()){ return false; } + if (!caseType.equals(VulnerabilityCaseType.REFLECTED_XSS) && NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) { + return false; + } boolean enabled = false; switch (caseType) { case SYSTEM_COMMAND: diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java index 680dec0ec..2a21e91a8 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/R2dbcHelper.java @@ -18,7 +18,7 @@ public class R2dbcHelper { public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) { try { if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || com.newrelic.api.agent.security.instrumentation.helpers.R2dbcHelper.skipExistsEvent() + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || GenericHelper.skipExistsEvent() ) { return; } @@ -30,9 +30,7 @@ public static void registerExitOperation(boolean isProcessingAllowed, AbstractOp public static AbstractOperation preprocessSecurityHook(String sql, String methodName, String className, Map params, boolean isPrepared) { try { - if (!NewRelicSecurity.isHookProcessingActive() || - NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || - sql == null || sql.trim().isEmpty()) { + if (sql == null || sql.trim().isEmpty()) { return null; } SQLOperation sqlOperation = new SQLOperation(className, methodName); @@ -56,23 +54,6 @@ public static AbstractOperation preprocessSecurityHook(String sql, String method return null; } - public static boolean skipExistsEvent() { - if (!(NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled() && - NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled())) { - return true; - } - - return false; - } - - public static boolean isLockAcquired() { - try { - return NewRelicSecurity.isHookProcessingActive() && - Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class)); - } catch (Throwable ignored) {} - return false; - } - public static boolean acquireLockIfPossible(VulnerabilityCaseType sqlDbCommand) { return GenericHelper.acquireLockIfPossible(sqlDbCommand, getNrSecCustomAttribName()); }