Merge branch 'support/spray-http' into support/spray-can

# Conflicts: # settings.gradle
newrelic · Feb 27, 2024 · aa66829 · aa66829
2 parents 6a957b8 + b19332a
commit aa66829
Show file tree

Hide file tree

Showing 12 changed files with 782 additions and 16 deletions.
diff --git a/instrumentation-security/jersey-2.16/build.gradle b/instrumentation-security/jersey-2.16/build.gradle
@@ -4,6 +4,9 @@ dependencies {
     implementation("com.newrelic.agent.java:newrelic-api:${nrAPIVersion}")
     implementation("org.glassfish.jersey.core:jersey-server:2.16")
 
+    testImplementation("org.glassfish.jersey.containers:jersey-container-grizzly2-http:2.28")
+    testImplementation("org.glassfish.jersey.containers:jersey-container-servlet:2.28")
+    testImplementation('org.glassfish.jersey.inject:jersey-hk2:2.28')
 }
 
 jar {

diff --git a/instrumentation-security/jersey-2/build.gradle b/instrumentation-security/jersey-2/build.gradle
@@ -4,6 +4,9 @@ dependencies {
     implementation("com.newrelic.agent.java:newrelic-api:${nrAPIVersion}")
     implementation("org.glassfish.jersey.core:jersey-server:2.0")
 
+    testImplementation("org.glassfish.jersey.containers:jersey-container-grizzly2-http:2.0")
+    testImplementation("org.glassfish.jersey.containers:jersey-container-servlet:2.0")
+    testImplementation('org.glassfish.hk2:hk2-api:2.1.88')
 }
 
 jar {

diff --git a/instrumentation-security/jersey-3/build.gradle b/instrumentation-security/jersey-3/build.gradle
@@ -4,6 +4,9 @@ dependencies {
     implementation("com.newrelic.agent.java:newrelic-api:${nrAPIVersion}")
     implementation("org.glassfish.jersey.core:jersey-server:3.0.0")
 
+    testImplementation("org.glassfish.jersey.containers:jersey-container-grizzly2-http:3.0.0")
+    testImplementation("org.glassfish.jersey.containers:jersey-container-servlet:3.0.0")
+    testImplementation('org.glassfish.jersey.inject:jersey-hk2:3.0.0')
 }
 
 jar {

diff --git a/instrumentation-security/ning-async-http-client-1.1.0/build.gradle b/instrumentation-security/ning-async-http-client-1.1.0/build.gradle
@@ -0,0 +1,19 @@
+dependencies {
+    implementation(project(":newrelic-security-api"))
+    implementation("com.newrelic.agent.java:newrelic-api:${nrAPIVersion}")
+    implementation("com.newrelic.agent.java:newrelic-weaver-api:${nrAPIVersion}")
+    implementation("com.ning:async-http-client:1.1.0")
+}
+
+jar {
+    manifest { attributes 'Implementation-Title': 'com.newrelic.instrumentation.security.ning-async-http-client-1.1.0' }
+}
+
+verifyInstrumentation {
+    passesOnly 'com.ning:async-http-client:[1.1,1.6.1)'
+}
+
+site {
+    title 'Ning AsyncHttpClient'
+    type 'Messaging'
+}
diff --git a/...0/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_1/NingHelper.java b/...0/src/main/java/com/newrelic/agent/security/instrumentation/ning/http_1_1/NingHelper.java
@@ -0,0 +1,82 @@
+package com.newrelic.agent.security.instrumentation.ning.http_1_1;
+
+import com.newrelic.api.agent.security.NewRelicSecurity;
+import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper;
+import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper;
+import com.newrelic.api.agent.security.schema.AbstractOperation;
+import com.newrelic.api.agent.security.schema.SecurityMetaData;
+import com.newrelic.api.agent.security.schema.StringUtils;
+import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException;
+import com.newrelic.api.agent.security.schema.operation.SSRFOperation;
+import com.newrelic.api.agent.security.utils.SSRFUtils;
+import com.ning.http.client.Request;
+
+public class NingHelper {
+    public static final String METHOD_NAME_EXECUTE = "execute";
+    public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SSRF_OPERATION_LOCK_NING-";
+
+    public static void registerExitOperation(boolean isProcessingAllowed, AbstractOperation operation) {
+        try {
+            if (operation == null || !isProcessingAllowed || !NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()
+            ) {
+                return;
+            }
+            NewRelicSecurity.getAgent().registerExitEvent(operation);
+        } catch (Throwable ignored) {
+        }
+    }
+
+    public static AbstractOperation preprocessSecurityHook(Request request, String uri, String methodName, String className) {
+        try {
+            SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData();
+            if (!NewRelicSecurity.isHookProcessingActive() || securityMetaData.getRequest().isEmpty()
+            ) {
+                return null;
+            }
+
+            // Add Security IAST header
+            String iastHeader = NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getRaw();
+            if (iastHeader != null && !iastHeader.trim().isEmpty()) {
+                request.getHeaders().add(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID, iastHeader);
+            }
+
+            String csecParaentId = securityMetaData.getCustomAttribute(GenericHelper.CSEC_PARENT_ID, String.class);
+            if(StringUtils.isNotBlank(csecParaentId)){
+                request.getHeaders().add(GenericHelper.CSEC_PARENT_ID, csecParaentId);
+            }
+
+            SSRFOperation operation = new SSRFOperation(uri, className, methodName);
+            try {
+                NewRelicSecurity.getAgent().registerOperation(operation);
+            } finally {
+                if (operation.getApiID() != null && !operation.getApiID().trim().isEmpty() &&
+                        operation.getExecutionId() != null && !operation.getExecutionId().trim().isEmpty()) {
+                    // Add Security distributed tracing header
+                    request.getHeaders().add(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER, SSRFUtils.generateTracingHeaderValue(securityMetaData.getTracingHeaderValue(), operation.getApiID(), operation.getExecutionId(), NewRelicSecurity.getAgent().getAgentUUID()));
+                }
+            }
+            return operation;
+        } catch (Throwable e) {
+            if (e instanceof NewRelicSecurityException) {
+                e.printStackTrace();
+                throw e;
+            }
+        }
+        return null;
+    }
+
+    public static void releaseLock(int hashCode) {
+        try {
+            GenericHelper.releaseLock(NR_SEC_CUSTOM_ATTRIB_NAME, hashCode);
+        } catch (Throwable ignored) {
+        }
+    }
+
+    public static boolean acquireLockIfPossible(int hashCode) {
+        try {
+            return GenericHelper.acquireLockIfPossible(NR_SEC_CUSTOM_ATTRIB_NAME, hashCode);
+        } catch (Throwable ignored) {
+        }
+        return false;
+    }
+}
diff --git a/...tp-client-1.1.0/src/main/java/com/ning/http/client/AsyncHttpProvider_Instrumentation.java b/...tp-client-1.1.0/src/main/java/com/ning/http/client/AsyncHttpProvider_Instrumentation.java
@@ -0,0 +1,45 @@
+package com.ning.http.client;
+
+import com.newrelic.agent.security.instrumentation.ning.http_1_1.NingHelper;
+import com.newrelic.api.agent.security.schema.AbstractOperation;
+import com.newrelic.api.agent.weaver.MatchType;
+import com.newrelic.api.agent.weaver.Weave;
+import com.newrelic.api.agent.weaver.Weaver;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.concurrent.Future;
+
+@Weave(type = MatchType.Interface, originalName = "com.ning.http.client.AsyncHttpProvider")
+public class AsyncHttpProvider_Instrumentation {
+
+    public <T> Future<T> execute(Request request, AsyncHandler<T> handler) throws IOException {
+        boolean isLockAcquired = NingHelper.acquireLockIfPossible(this.hashCode());
+        AbstractOperation operation = null;
+        URI uri = null;
+        Future<T> returnObj = null;
+
+        try {
+            uri = new URI(request.getUrl());
+            String scheme = uri.getScheme();
+
+            if (isLockAcquired && (scheme == null || scheme.equals("http") || scheme.equals("https"))) {
+                operation = NingHelper.preprocessSecurityHook(request, uri.toString(), NingHelper.METHOD_NAME_EXECUTE, this.getClass().getName());
+            }
+        } catch (URISyntaxException uriSyntaxException) {
+            // Instrumentation won't work and normal execution will continue
+        }
+
+        try {
+            returnObj = Weaver.callOriginal();
+        } finally {
+            if (isLockAcquired) {
+                NingHelper.releaseLock(this.hashCode());
+            }
+        }
+        NingHelper.registerExitOperation(isLockAcquired, operation);
+
+        return returnObj;
+    }
+}
diff --git a/instrumentation-security/ning-async-http-client-1.1.0/src/main/java/play/CorePlugin.java b/instrumentation-security/ning-async-http-client-1.1.0/src/main/java/play/CorePlugin.java
@@ -0,0 +1,11 @@
+package play;
+
+import com.newrelic.api.agent.weaver.SkipIfPresent;
+
+/**
+ * Play v1 instrumentation is implemented using its own set of pointcuts that don't work well with our async APIs. This
+ * class is present in Play v1 but not v2, and will cause this module NOT to load if the customer is using Play v1.
+ */
+@SkipIfPresent
+public class CorePlugin {
+}