newrelic · lovesh-ap · Apr 30, 2024 · Apr 5, 2024 · Apr 5, 2024
diff --git a/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java b/instrumentation-security/javax-jndi/src/main/java/javax/naming/Context_Instrumentation.java
@@ -10,7 +10,6 @@
 import com.newrelic.api.agent.weaver.MatchType;
 import com.newrelic.api.agent.weaver.Weave;
 import com.newrelic.api.agent.weaver.Weaver;
-import com.newrelic.agent.security.instrumentation.javax.jndi.JNDIUtils;
 
 import java.util.Enumeration;
 import java.util.List;

diff --git a/...instrumentation/javax/jndi/JNDIUtils.java → ...src/main/java/javax/naming/JNDIUtils.java b/...instrumentation/javax/jndi/JNDIUtils.java → ...src/main/java/javax/naming/JNDIUtils.java
@@ -1,4 +1,4 @@
-package com.newrelic.agent.security.instrumentation.javax.jndi;
+package javax.naming;
 
 import com.newrelic.api.agent.security.NewRelicSecurity;
 import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper;

diff --git a/...x-jndi/src/test/java/com/nr/agent/security/instrumentation/javax/jndi/ContextRmiTest.java b/...x-jndi/src/test/java/com/nr/agent/security/instrumentation/javax/jndi/ContextRmiTest.java
@@ -6,7 +6,7 @@
 import com.newrelic.api.agent.security.schema.AbstractOperation;
 import com.newrelic.api.agent.security.schema.VulnerabilityCaseType;
 import com.newrelic.api.agent.security.schema.operation.SSRFOperation;
-import com.newrelic.agent.security.instrumentation.javax.jndi.JNDIUtils;
+import javax.naming.JNDIUtils;
 import org.junit.Assert;
 import org.junit.FixMethodOrder;
 import org.junit.Test;

diff --git a/...avax-jndi/src/test/java/com/nr/agent/security/instrumentation/javax/jndi/ContextTest.java b/...avax-jndi/src/test/java/com/nr/agent/security/instrumentation/javax/jndi/ContextTest.java
@@ -6,7 +6,7 @@
 import com.newrelic.api.agent.security.schema.AbstractOperation;
 import com.newrelic.api.agent.security.schema.VulnerabilityCaseType;
 import com.newrelic.api.agent.security.schema.operation.SSRFOperation;
-import com.newrelic.agent.security.instrumentation.javax.jndi.JNDIUtils;
+import javax.naming.JNDIUtils;
 import com.unboundid.ldap.sdk.LDAPException;
 import org.junit.Assert;
 import org.junit.BeforeClass;

diff --git a/...-security/javax-ldap/src/main/java/javax/naming/directory/DirContext_Instrumentation.java b/...-security/javax-ldap/src/main/java/javax/naming/directory/DirContext_Instrumentation.java
@@ -10,7 +10,6 @@
 import com.newrelic.api.agent.weaver.MatchType;
 import com.newrelic.api.agent.weaver.Weave;
 import com.newrelic.api.agent.weaver.Weaver;
-import com.newrelic.agent.security.instrumentation.javax.ldap.LDAPUtils;
 
 import javax.naming.Context;
 import javax.naming.Name;

diff --git a/...instrumentation/javax/ldap/LDAPUtils.java → ...ava/javax/naming/directory/LDAPUtils.java b/...instrumentation/javax/ldap/LDAPUtils.java → ...ava/javax/naming/directory/LDAPUtils.java
@@ -1,4 +1,4 @@
-package com.newrelic.agent.security.instrumentation.javax.ldap;
+package javax.naming.directory;
 
 public class LDAPUtils {
 

diff --git a/...x-ldap/src/test/java/com/nr/agent/security/instrumentation/javax/ldap/DirContextTest.java b/...x-ldap/src/test/java/com/nr/agent/security/instrumentation/javax/ldap/DirContextTest.java
@@ -31,7 +31,7 @@
 import java.util.List;
 
 @RunWith(SecurityInstrumentationTestRunner.class)
-@InstrumentationTestConfig(includePrefixes = { "javax.naming", "com.newrelic.agent.security.instrumentation.javax.ldap.LDAPUtils" } )
+@InstrumentationTestConfig(includePrefixes = { "javax.naming", "javax.naming.directory.LDAPUtils" } )
 @FixMethodOrder(MethodSorters.NAME_ASCENDING)
 //FIXME: after instrumentation works
 @Ignore

diff --git a/...ath/src/main/java/com/newrelic/agent/security/instrumentation/xpath/javax/XPATHUtils.java b/...ath/src/main/java/com/newrelic/agent/security/instrumentation/xpath/javax/XPATHUtils.java
diff --git a/...ty/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java b/...ty/javax-xpath/src/main/java/com/sun/org/apache/xpath/internal/XPath_Instrumentation.java
@@ -10,7 +10,6 @@
 import com.newrelic.api.agent.weaver.MatchType;
 import com.newrelic.api.agent.weaver.Weave;
 import com.newrelic.api.agent.weaver.Weaver;
-import com.newrelic.agent.security.instrumentation.xpath.javax.XPATHUtils;
 import com.sun.org.apache.xml.internal.utils.PrefixResolver;
 import com.sun.org.apache.xpath.internal.objects.XObject;
 
@@ -26,7 +25,7 @@ public XObject execute(
         boolean isLockAcquired = acquireLockIfPossible();
         AbstractOperation operation = null;
         if(isLockAcquired) {
-            operation = preprocessSecurityHook(getPatternString(), XPATHUtils.METHOD_EXECUTE);
+            operation = preprocessSecurityHook(getPatternString(), "execute");
         }
 
         XObject returnVal = null;
@@ -49,7 +48,7 @@ public XObject execute(
         boolean isLockAcquired = acquireLockIfPossible();
         AbstractOperation operation = null;
         if(isLockAcquired) {
-            operation = preprocessSecurityHook(getPatternString(), XPATHUtils.METHOD_EXECUTE);
+            operation = preprocessSecurityHook(getPatternString(), "execute");
         }
 
         XObject returnVal = null;
@@ -87,24 +86,24 @@ private AbstractOperation preprocessSecurityHook (String patternString, String m
             return xPathOperation;
         } catch (Throwable e) {
             if (e instanceof NewRelicSecurityException) {
-                NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, XPATHUtils.JAVAX_XPATH, e.getMessage()), e, this.getClass().getName());
+                NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, "JAVAX-XPATH", e.getMessage()), e, this.getClass().getName());
                 throw e;
             }
-            NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, XPATHUtils.JAVAX_XPATH, e.getMessage()), e, this.getClass().getName());
-            NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE , String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, XPATHUtils.JAVAX_XPATH, e.getMessage()), e, this.getClass().getName());
+            NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, "JAVAX-XPATH", e.getMessage()), e, this.getClass().getName());
+            NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE , String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, "JAVAX-XPATH", e.getMessage()), e, this.getClass().getName());
         }
         return null;
     }
 
     private void releaseLock() {
         try {
-            GenericHelper.releaseLock(XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME);
+            GenericHelper.releaseLock("XPATH_OPERATION_LOCK_JAVAXPATH-");
         } catch (Throwable ignored) {}
     }
 
     private boolean acquireLockIfPossible() {
         try {
-            return GenericHelper.acquireLockIfPossible(XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME);
+            return GenericHelper.acquireLockIfPossible("XPATH_OPERATION_LOCK_JAVAXPATH-");
         } catch (Throwable ignored) {}
         return false;
     }

diff --git a/...rumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java b/...rumentation-security/javax-xpath/src/main/java/javax/xml/xpath/XPath_Instrumentation.java
@@ -10,7 +10,6 @@
 import com.newrelic.api.agent.weaver.MatchType;
 import com.newrelic.api.agent.weaver.Weave;
 import com.newrelic.api.agent.weaver.Weaver;
-import com.newrelic.agent.security.instrumentation.xpath.javax.XPATHUtils;
 import org.xml.sax.InputSource;
 
 import javax.xml.namespace.QName;
@@ -23,7 +22,7 @@ public String evaluate(String expression, InputSource source)
         boolean isLockAcquired = acquireLockIfPossible();
         AbstractOperation operation = null;
         if(isLockAcquired) {
-            operation = preprocessSecurityHook(expression, XPATHUtils.METHOD_EVALUATE);
+            operation = preprocessSecurityHook(expression, "evaluate");
         }
 
         String returnVal = null;
@@ -46,7 +45,7 @@ public Object evaluate(
         boolean isLockAcquired = acquireLockIfPossible();
         AbstractOperation operation = null;
         if(isLockAcquired) {
-            operation = preprocessSecurityHook(expression, XPATHUtils.METHOD_EVALUATE);
+            operation = preprocessSecurityHook(expression, "evaluate");
         }
 
         Object returnVal = null;
@@ -66,7 +65,7 @@ public String evaluate(String expression, Object item)
         boolean isLockAcquired = acquireLockIfPossible();
         AbstractOperation operation = null;
         if(isLockAcquired) {
-            operation = preprocessSecurityHook(expression, XPATHUtils.METHOD_EVALUATE);
+            operation = preprocessSecurityHook(expression, "evaluate");
         }
 
         String returnVal = null;
@@ -86,7 +85,7 @@ public Object evaluate(String expression, Object item, QName returnType)
         boolean isLockAcquired = acquireLockIfPossible();
         AbstractOperation operation = null;
         if(isLockAcquired) {
-            operation = preprocessSecurityHook(expression, XPATHUtils.METHOD_EVALUATE);
+            operation = preprocessSecurityHook(expression, "evaluate");
         }
 
         Object returnVal = null;
@@ -110,7 +109,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio
             }
             NewRelicSecurity.getAgent().registerExitEvent(operation);
         } catch (Throwable ignored){
-            NewRelicSecurity.getAgent().log(LogLevel.FINEST, String.format(GenericHelper.EXIT_OPERATION_EXCEPTION_MESSAGE, XPATHUtils.JAVAX_XPATH, ignored.getMessage()), ignored, this.getClass().getName());
+            NewRelicSecurity.getAgent().log(LogLevel.FINEST, String.format(GenericHelper.EXIT_OPERATION_EXCEPTION_MESSAGE, "JAVAX-XPATH", ignored.getMessage()), ignored, this.getClass().getName());
         }
     }
 
@@ -126,24 +125,24 @@ private AbstractOperation preprocessSecurityHook (String patternString, String m
             return xPathOperation;
         } catch (Throwable e) {
             if (e instanceof NewRelicSecurityException) {
-                NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, XPATHUtils.JAVAX_XPATH, e.getMessage()), e, this.getClass().getName());
+                NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, "JAVAX-XPATH", e.getMessage()), e, this.getClass().getName());
                 throw e;
             }
-            NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, XPATHUtils.JAVAX_XPATH, e.getMessage()), e, this.getClass().getName());
-            NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE , String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, XPATHUtils.JAVAX_XPATH, e.getMessage()), e, this.getClass().getName());
+            NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, "JAVAX-XPATH", e.getMessage()), e, this.getClass().getName());
+            NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE , String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, "JAVAX-XPATH", e.getMessage()), e, this.getClass().getName());
         }
         return null;
     }
 
     private void releaseLock() {
         try {
-            GenericHelper.releaseLock(XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME);
+            GenericHelper.releaseLock("XPATH_OPERATION_LOCK_JAVAXPATH-");
         } catch (Throwable ignored) {}
     }
 
     private boolean acquireLockIfPossible() {
         try {
-            return GenericHelper.acquireLockIfPossible(XPATHUtils.NR_SEC_CUSTOM_ATTRIB_NAME);
+            return GenericHelper.acquireLockIfPossible("XPATH_OPERATION_LOCK_JAVAXPATH-");
         } catch (Throwable ignored) {}
         return false;
     }

diff --git a/...avax-xpath/src/test/java/com/nr/agent/security/instrumentation/xpath/javax/XPathTest.java b/...avax-xpath/src/test/java/com/nr/agent/security/instrumentation/xpath/javax/XPathTest.java
@@ -6,7 +6,6 @@
 import com.newrelic.api.agent.security.schema.AbstractOperation;
 import com.newrelic.api.agent.security.schema.VulnerabilityCaseType;
 import com.newrelic.api.agent.security.schema.operation.XPathOperation;
-import com.newrelic.agent.security.instrumentation.xpath.javax.XPATHUtils;
 import com.newrelic.security.test.marker.Java17IncompatibleTest;
 import org.junit.Assert;
 import org.junit.FixMethodOrder;
@@ -33,6 +32,8 @@ public class XPathTest {
     private final String XML_DOC = "src/test/resources/Customer.xml";
     private final String EXPRESSION = "/Customers/Customer";
 
+    public static final String METHOD_EVALUATE = "evaluate";
+
     @Test
     public void testEvaluate() throws Exception {
         InputSource source = new InputSource(XML_DOC);
@@ -46,7 +47,7 @@ public void testEvaluate() throws Exception {
         XPathOperation operation = (XPathOperation) operations.get(0);
 
         Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.XPATH, operation.getCaseType());
-        Assert.assertEquals("Invalid executed method name.", XPATHUtils.METHOD_EVALUATE, operation.getMethodName());
+        Assert.assertEquals("Invalid executed method name.", METHOD_EVALUATE, operation.getMethodName());
         Assert.assertEquals("Invalid expression", EXPRESSION, operation.getExpression());
     }
 
@@ -63,7 +64,7 @@ public void testEvaluate1() throws Exception {
         XPathOperation operation = (XPathOperation) operations.get(0);
 
         Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.XPATH, operation.getCaseType());
-        Assert.assertEquals("Invalid executed method name.", XPATHUtils.METHOD_EVALUATE, operation.getMethodName());
+        Assert.assertEquals("Invalid executed method name.", METHOD_EVALUATE, operation.getMethodName());
         Assert.assertEquals("Invalid expression", EXPRESSION, operation.getExpression());
     }
 
@@ -80,7 +81,7 @@ public void testEvaluate2() throws Exception {
         XPathOperation operation = (XPathOperation) operations.get(0);
 
         Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.XPATH, operation.getCaseType());
-        Assert.assertEquals("Invalid executed method name.", XPATHUtils.METHOD_EVALUATE, operation.getMethodName());
+        Assert.assertEquals("Invalid executed method name.", METHOD_EVALUATE, operation.getMethodName());
         Assert.assertEquals("Invalid expression", EXPRESSION, operation.getExpression());
     }
 
@@ -97,7 +98,7 @@ public void testEvaluate3() throws Exception {
         XPathOperation operation = (XPathOperation) operations.get(0);
 
         Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.XPATH, operation.getCaseType());
-        Assert.assertEquals("Invalid executed method name.", XPATHUtils.METHOD_EVALUATE, operation.getMethodName());
+        Assert.assertEquals("Invalid executed method name.", METHOD_EVALUATE, operation.getMethodName());
         Assert.assertEquals("Invalid expression", EXPRESSION, operation.getExpression());
     }
     @Test
@@ -114,7 +115,7 @@ public void testCompile() throws Exception {
         XPathOperation operation = (XPathOperation) operations.get(0);
 
         Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.XPATH, operation.getCaseType());
-        Assert.assertEquals("Invalid executed method name.", XPATHUtils.METHOD_EVALUATE, operation.getMethodName());
+        Assert.assertEquals("Invalid executed method name.", METHOD_EVALUATE, operation.getMethodName());
         Assert.assertEquals("Invalid expression", EXPRESSION, operation.getExpression());
     }
 
@@ -132,7 +133,7 @@ public void testCompile1() throws Exception {
         XPathOperation operation = (XPathOperation) operations.get(0);
 
         Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.XPATH, operation.getCaseType());
-        Assert.assertEquals("Invalid executed method name.", XPATHUtils.METHOD_EVALUATE, operation.getMethodName());
+        Assert.assertEquals("Invalid executed method name.", METHOD_EVALUATE, operation.getMethodName());
         Assert.assertEquals("Invalid expression", EXPRESSION, operation.getExpression());
     }
 
@@ -150,7 +151,7 @@ public void testCompile2() throws Exception {
         XPathOperation operation = (XPathOperation) operations.get(0);
 
         Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.XPATH, operation.getCaseType());
-        Assert.assertEquals("Invalid executed method name.", XPATHUtils.METHOD_EVALUATE, operation.getMethodName());
+        Assert.assertEquals("Invalid executed method name.", METHOD_EVALUATE, operation.getMethodName());
         Assert.assertEquals("Invalid expression", EXPRESSION, operation.getExpression());
     }
 
@@ -168,7 +169,7 @@ public void testCompile3() throws Exception {
         XPathOperation operation = (XPathOperation) operations.get(0);
 
         Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.XPATH, operation.getCaseType());
-        Assert.assertEquals("Invalid executed method name.", XPATHUtils.METHOD_EVALUATE, operation.getMethodName());
+        Assert.assertEquals("Invalid executed method name.", METHOD_EVALUATE, operation.getMethodName());
         Assert.assertEquals("Invalid expression", EXPRESSION, operation.getExpression());
     }
 }