From b6443b76f58e12b24d67ba1a2e7df0f2c2ee59ae Mon Sep 17 00:00:00 2001 From: idawda Date: Fri, 22 Nov 2024 16:36:11 +0530 Subject: [PATCH] Fix for NR-266822 where false APIs reported for servlet using applications --- .../apache/tomcat7/HttpServletHelper.java | 5 ++++- .../instrumentation/jetty11/HttpServletHelper.java | 4 ++++ .../instrumentation/jetty9/HttpServletHelper.java | 5 ++++- .../instrumentation/servlet30/HttpServletHelper.java | 6 ++++-- .../instrumentation/servlet5/HttpServletHelper.java | 6 ++++-- .../instrumentation/servlet6/HttpServletHelper.java | 6 ++++-- .../instrumentation/helpers/URLMappingsHelper.java | 10 ++++++---- 7 files changed, 30 insertions(+), 12 deletions(-) diff --git a/instrumentation-security/apache-tomcat-7/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat7/HttpServletHelper.java b/instrumentation-security/apache-tomcat-7/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat7/HttpServletHelper.java index c585c7b6c..21383108e 100644 --- a/instrumentation-security/apache-tomcat-7/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat7/HttpServletHelper.java +++ b/instrumentation-security/apache-tomcat-7/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat7/HttpServletHelper.java @@ -20,7 +20,10 @@ public class HttpServletHelper { public static void gatherURLMappings(ServletContext servletContext) { try { Map servletRegistrations = servletContext.getServletRegistrations(); - getJSPMappings(servletContext, SEPARATOR); + String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), SEPARATOR), StringUtils.SEPARATOR); + if (!StringUtils.equalsAny(contextPath, "docs", "examples")) { + getJSPMappings(servletContext, SEPARATOR); + } for (ServletRegistration servletRegistration : servletRegistrations.values()) { for (String mapping : servletRegistration.getMappings()) { diff --git a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java index bd8ca5aed..288bd5e79 100644 --- a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java +++ b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java @@ -207,6 +207,10 @@ public static void postProcessSecurityHook(HttpServletRequest request, HttpServl } public static void gatherURLMappings(ServletContext servletContext) { try { + String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), SEPARATOR), StringUtils.SEPARATOR); + if (StringUtils.equalsAny(contextPath, "docs", "examples")) { + return; + } Map servletRegistrations = servletContext.getServletRegistrations(); getJSPMappings(servletContext, SEPARATOR); diff --git a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java index 685b15fbf..23f72475d 100644 --- a/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java +++ b/instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java @@ -210,7 +210,10 @@ public static void postProcessSecurityHook(HttpServletRequest request, HttpServl public static void gatherURLMappings(ServletContext servletContext) { try { Map servletRegistrations = servletContext.getServletRegistrations(); - getJSPMappings(servletContext, SEPARATOR); + String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), SEPARATOR), StringUtils.SEPARATOR); + if (!StringUtils.equalsAny(contextPath, "docs", "examples")) { + getJSPMappings(servletContext, SEPARATOR); + } for (ServletRegistration servletReg : servletRegistrations.values()) { for (String mapping : servletReg.getMappings()) { diff --git a/instrumentation-security/servlet-3.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet30/HttpServletHelper.java b/instrumentation-security/servlet-3.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet30/HttpServletHelper.java index 0430fe926..f7c118a7c 100644 --- a/instrumentation-security/servlet-3.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet30/HttpServletHelper.java +++ b/instrumentation-security/servlet-3.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet30/HttpServletHelper.java @@ -19,8 +19,10 @@ public class HttpServletHelper { public static void gatherURLMappings(ServletContext servletContext) { try { Map servletRegistrations = servletContext.getServletRegistrations(); - getJSPMappings(servletContext, URLMappingsHelper.SEPARATOR); - + String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), URLMappingsHelper.SEPARATOR), StringUtils.SEPARATOR); + if (!StringUtils.equalsAny(contextPath, "docs", "examples")) { + getJSPMappings(servletContext, URLMappingsHelper.SEPARATOR); + } for (ServletRegistration servletRegistration : servletRegistrations.values()) { for (String s : servletRegistration.getMappings()) { URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(URLMappingsHelper.WILDCARD, s, servletRegistration.getClassName())); diff --git a/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java b/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java index 3039e4012..85fc53606 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java +++ b/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java @@ -127,8 +127,10 @@ private static String getNrSecCustomAttribName() { public static void gatherURLMappings(ServletContext servletContext) { try { Map servletRegistrations = servletContext.getServletRegistrations(); - getJSPMappings(servletContext, SEPARATOR); - + String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), SEPARATOR), StringUtils.SEPARATOR); + if (!StringUtils.equalsAny(contextPath, "docs", "examples")) { + getJSPMappings(servletContext, SEPARATOR); + } for (ServletRegistration servletRegistration : servletRegistrations.values()) { for (String s : servletRegistration.getMappings()) { URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, s, servletRegistration.getClassName())); diff --git a/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java b/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java index b21aae95f..a6fa56a9d 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java +++ b/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java @@ -128,8 +128,10 @@ private static String getNrSecCustomAttribName() { public static void gatherURLMappings(ServletContext servletContext) { try { Map servletRegistrations = servletContext.getServletRegistrations(); - getJSPMappings(servletContext, SEPARATOR); - + String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), SEPARATOR), StringUtils.SEPARATOR); + if (!StringUtils.equalsAny(contextPath, "docs", "examples")) { + getJSPMappings(servletContext, SEPARATOR); + } for (ServletRegistration servletRegistration : servletRegistrations.values()) { for (String s : servletRegistration.getMappings()) { URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, s, servletRegistration.getClassName())); diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/URLMappingsHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/URLMappingsHelper.java index d38c4c8f7..b470c161b 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/URLMappingsHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/URLMappingsHelper.java @@ -47,6 +47,7 @@ public class URLMappingsHelper { add("org.codehaus.groovy.grails.web.servlet.GrailsDispatcherServlet"); add("org.codehaus.groovy.grails.web.pages.GroovyPagesServlet"); add("org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet"); + add("org.jboss.resteasy.plugins.server.servlet.HttpServlet30Dispatcher"); }}; public static Set getApplicationURLMappings() { @@ -66,11 +67,12 @@ public static Set getRouteSegments() { } public static void addApplicationURLMapping(ApplicationURLMapping mapping) { - if (mapping.getHandler() == null || (mapping.getHandler() != null && !defaultHandlers.contains(mapping.getHandler()))) { - mappings.add(mapping); - generateRouteSegments(mapping.getPath()); + if (mapping.getHandler() != null && defaultHandlers.contains(mapping.getHandler())){ + return; } - if (mapping.getHandler() != null){ + mappings.add(mapping); + generateRouteSegments(mapping.getPath()); + if (mapping.getHandler() != null && StringUtils.isNotBlank(mapping.getHandler())){ handlers.add(mapping.getHandler().hashCode()); } NewRelicSecurity.getAgent().reportURLMapping();