Merge branch 'main' into 1447-security-agent-excludes

.github/actions/setup-environment/action.yml

@@ -18,7 +18,7 @@ runs:
       with:
         distribution: 'temurin'
         java-version: |
-          20
+          21
           17
           11
           8
@@ -29,7 +29,7 @@ runs:
         sed -i -e "s|jdk8=8|jdk8=${JAVA_HOME_8_X64}|
         s|jdk11=11|jdk11=${JAVA_HOME_11_X64}|
         s|jdk17=17|jdk17=${JAVA_HOME_17_X64}|
-        s|jdk20=20|jdk20=${JAVA_HOME_20_X64}|" gradle.properties.gha
+        s|jdk21=21|jdk21=${JAVA_HOME_21_X64}|" gradle.properties.gha
         cat gradle.properties.gha >> gradle.properties
 
     - name: Setup Gradle
@@ -39,7 +39,7 @@ runs:
 
     - name: Setup Gradle options
       shell: bash
-      run: echo "GRADLE_OPTIONS=--console=plain --parallel -Porg.gradle.java.installations.auto-detect=false -Porg.gradle.java.installations.fromEnv=JAVA_HOME_8_X64,JAVA_HOME_11_X64,JAVA_HOME_17_X64,JAVA_HOME_20_X64" >> $GITHUB_ENV
+      run: echo "GRADLE_OPTIONS=--console=plain --parallel -Porg.gradle.java.installations.auto-detect=false -Porg.gradle.java.installations.fromEnv=JAVA_HOME_8_X64,JAVA_HOME_11_X64,JAVA_HOME_17_X64,JAVA_HOME_21_X64" >> $GITHUB_ENV
 
     - name: Download S3 instrumentation jar zip
       shell: bash

.github/pull_request_template.md

@@ -14,6 +14,6 @@ Github Actions when a pull request is made. More details on running the tests lo
 
 ### Checks
 
-[ ] Are your contributions backwards compatible with relevant frameworks and APIs?
-[ ] Does your code contain any breaking changes? Please describe. 
-[ ] Does your code introduce any new dependencies? Please describe.
+- [ ] Your contributions are backwards compatible with relevant frameworks and APIs.
+- [ ] Your code does not contain any breaking changes. Otherwise please describe. 
+- [ ] Your code does not introduce any new dependencies. Otherwise please describe.

.github/workflows/GHA-Functional-Tests.yaml

@@ -28,7 +28,7 @@ jobs:
       ##max-parallel: 1 ## used to force sequential
       fail-fast: false
       matrix:
-        java-version: [ 8, 11, 17, 20 ]
+        java-version: [8, 11, 17, 21]
     steps:
       - name: Checkout Java agent
         uses: actions/checkout@v3

.github/workflows/GHA-Unit-Tests.yaml

@@ -25,7 +25,7 @@ jobs:
       # max-parallel: 1 ## used to force sequential vs. concurrent
       fail-fast: false
       matrix:
-        java-version: [8, 11, 17, 20]
+        java-version: [8, 11, 17, 21]
     steps:
       - name: Checkout Java agent
         uses: actions/checkout@v3

.github/workflows/Java-Instrumentation-Tests.yml

@@ -20,8 +20,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        jre: [8, 11, 17, 20]
-    name: Java ${{ matrix.jre }}
+        java-version: [8, 11, 17, 21]
+    name: Java ${{ matrix.java-version }}
     timeout-minutes: 120
     # needs: install-all-java
     runs-on: ubuntu-20.04
@@ -55,29 +55,29 @@ jobs:
 
       # GHA run instrumentation tests
 
-      - name: Run instrumentation tests for Java ${{ matrix.jre }} (attempt 1)
+      - name: Run instrumentation tests for Java ${{ matrix.java-version }} (attempt 1)
         id: run_tests_1
         continue-on-error: true
         timeout-minutes: 35
-        run: ./gradlew $GRADLE_OPTIONS :instrumentation:test -Ptest${{ matrix.jre }} --continue
+        run: ./gradlew $GRADLE_OPTIONS :instrumentation:test -Ptest${{ matrix.java-version }} --continue
 
-      - name: Run instrumentation tests for Java ${{ matrix.jre }} (attempt 2)
+      - name: Run instrumentation tests for Java ${{ matrix.java-version }} (attempt 2)
         id: run_tests_2
         continue-on-error: true
         timeout-minutes: 35
         if: steps.run_tests_1.outcome == 'failure'
-        run: ./gradlew $GRADLE_OPTIONS :instrumentation:test -Ptest${{ matrix.jre }} --continue
+        run: ./gradlew $GRADLE_OPTIONS :instrumentation:test -Ptest${{ matrix.java-version }} --continue
 
-      - name: Run instrumentation tests for Java ${{ matrix.jre }} (attempt 3)
+      - name: Run instrumentation tests for Java ${{ matrix.java-version }} (attempt 3)
         timeout-minutes: 35
         if: steps.run_tests_2.outcome == 'failure'
-        run: ./gradlew $GRADLE_OPTIONS :instrumentation:test -Ptest${{ matrix.jre }} --continue
+        run: ./gradlew $GRADLE_OPTIONS :instrumentation:test -Ptest${{ matrix.java-version }} --continue
 
       # Capture HTML build result in artifacts
       - name: Capture build reports
         if: ${{ failure() }}
         uses: actions/upload-artifact@v3
         with:
-          name: instrumentation-tests-results-java-${{ matrix.jre }}
+          name: instrumentation-tests-results-java-${{ matrix.java-version }}
           path: |
             instrumentation/**/build/reports/tests/*

.github/workflows/Release-UpdateSystemConfig.yml

@@ -0,0 +1,57 @@
+name: Release - Update System Config Page
+
+on:
+  workflow_dispatch:
+    inputs:
+      version_number:
+        required: true
+        type: string
+        description: 'The version being released. Eg. 7.11.0'
+
+jobs:
+  update-system-config:
+    name: Set java_agent_version to ${{ inputs.version_number }} in system config
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Update system configuration page
+        run: |
+          PAYLOAD="{
+               \"system_configuration\": {
+                 \"key\":   \"java_agent_version\",
+                 \"value\": \"${{ inputs.version_number }}\"
+              }
+            }"
+          CONTENT_TYPE='Content-Type: application/json'
+          
+          # STAGING
+          curl -X POST 'https://staging-api.newrelic.com/v2/system_configuration.json' \
+            -H "X-Api-Key:${{ secrets.NEW_RELIC_API_KEY_STAGING }}" -i \
+            -H "$CONTENT_TYPE" \
+            -d "$PAYLOAD"
+          
+          echo "*Staging Java agent version set to:*" >> $GITHUB_STEP_SUMMARY
+          curl -X GET 'https://staging-api.newrelic.com/v2/system_configuration.json' \
+            -H "X-Api-Key:${{ secrets.NEW_RELIC_API_KEY_STAGING }}" -i \
+            -H "$CONTENT_TYPE" | grep -o "\"key\":\"java_agent_version\",\"value\":\"[0-9.]*\"" | cut -d'"' -f8 >> $GITHUB_STEP_SUMMARY
+          
+          # PRODUCTION
+          curl -X POST 'https://api.newrelic.com/v2/system_configuration.json' \
+            -H "X-Api-Key:${{ secrets.NEW_RELIC_API_KEY_PRODUCTION }}" -i \
+            -H "$CONTENT_TYPE" \
+            -d "$PAYLOAD"
+
+          echo "*Prod Java agent version set to:*" >> $GITHUB_STEP_SUMMARY
+          curl -X GET 'https://api.newrelic.com/v2/system_configuration.json' \
+            -H "X-Api-Key:${{ secrets.NEW_RELIC_API_KEY_PRODUCTION }}" -i \
+            -H "$CONTENT_TYPE" | grep -o "\"key\":\"java_agent_version\",\"value\":\"[0-9.]*\"" | cut -d'"' -f8 >> $GITHUB_STEP_SUMMARY
+          
+          # EU PRODUCTION
+          curl -X POST 'https://api.eu.newrelic.com/v2/system_configuration.json' \
+            -H "X-Api-Key:$ {{ secrets.NEW_RELIC_API_KEY_PRODUCTION }}" -i \
+            -H "$CONTENT_TYPE" \
+            -d "$PAYLOAD"
+
+          echo "*EU Java agent version set to:*" >> $GITHUB_STEP_SUMMARY
+          curl -X GET 'https://api.eu.newrelic.com/v2/system_configuration.json' \
+            -H "X-Api-Key:${{ secrets.NEW_RELIC_API_KEY_PRODUCTION }}" -i \
+            -H "$CONTENT_TYPE" | grep -o "\"key\":\"java_agent_version\",\"value\":\"[0-9.]*\"" | cut -d'"' -f8 >> $GITHUB_STEP_SUMMARY

.github/workflows/Test-AITs.yml

@@ -15,6 +15,11 @@ on:
         description: "Specify cache branch/tag/sha (main is default)"
         required: false
         default: 'main'
+      single-test:
+        description: "Specify a single test. If left blank, all tests will run. You can choose to specify a single test file or a test case in that file. 
+        For example you can write 'server/tomcat.py' to run all tomcat tests or run 'server/tomcat.py TomcatTest.test_tomcat' to run a specific test case."
+        required: false
+        default: ''
   workflow_call:
     inputs:
       agent-ref:
@@ -45,7 +50,7 @@ jobs:
     name: List tests
     runs-on: ubuntu-20.04
     outputs:
-      tests: ${{ steps.read-tests.outputs.tests }}
+      tests: ${{ steps.read-single-test.outputs.tests || steps.read-tests.outputs.tests }}
     steps:
       - name: Checkout AIT repo test
         uses: actions/checkout@v3
@@ -57,12 +62,11 @@ jobs:
 
       - id: read-tests
         name: List instrumentation tests
+        if: ${{inputs.single-test == ''}}
         run: |
           excluded_tests=$(mktemp /tmp/excluded_tests.XXXXXXXX)
           echo "datastore/datastores.py" >> $excluded_tests
           echo "framework/jms/jms.py" >> $excluded_tests
-          echo "framework/play/play2.py" >> $excluded_tests
-          echo "framework/snap/snap.py" >> $excluded_tests
           echo "r2dbc/mssql.py" >> $excluded_tests
           echo "server/mule.py" >> $excluded_tests
           echo "server/weblogic.py" >> $excluded_tests
@@ -95,6 +99,19 @@ jobs:
           # save the output of the job
           echo "tests=$TESTS" >> $GITHUB_OUTPUT
 
+      - id: read-single-test
+        name: Read single test
+        if: ${{inputs.single-test != ''}}
+        run: |
+          # creates an envar with a single test in the same JSON format as the read-tests step above
+          TESTS=$((
+            echo '{ "tests" : '
+            echo ' ["${{ inputs.single-test }}"] ' 
+            echo " }"
+          ) | jq -c .)
+          # save the output of the job
+          echo "tests=$TESTS" >> $GITHUB_OUTPUT
+
   tests:
     name: ${{ matrix.tests }}
     needs: [build-agent, list-tests]
@@ -181,7 +198,7 @@ jobs:
         with:
           distribution: 'zulu'
           java-version: |
-            20
+            21
             17
             11
 
@@ -190,14 +207,14 @@ jobs:
         run: |
           echo "JDK_zulu_11=${JAVA_HOME_11_X64}" >> $GITHUB_ENV
           echo "JDK_zulu_17=${JAVA_HOME_17_X64}" >> $GITHUB_ENV
-          echo "JDK_zulu_20=${JAVA_HOME_20_X64}" >> $GITHUB_ENV
+          echo "JDK_zulu_21=${JAVA_HOME_21_X64}" >> $GITHUB_ENV
 
       - name: Set up Javas
         uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
           java-version: |
-            20
+            21
             17
             11
             8
@@ -240,10 +257,10 @@ jobs:
             <toolchain>
             <type>jdk</type>
             <provides>
-                    <version>20</version>
+                    <version>21</version>
             </provides>
             <configuration>
-                    <jdkHome>${JAVA_HOME_20_X64}</jdkHome>
+                    <jdkHome>${JAVA_HOME_21_X64}</jdkHome>
             </configuration>
             </toolchain>
           </toolchains>
@@ -274,11 +291,11 @@ jobs:
           bin/pip3 install -r conf/requirements.txt
           ZULU11=${JDK_zulu_11} \
           ZULU17=${JDK_zulu_17} \
-          ZULU20=${JDK_zulu_20} \
+          ZULU21=${JDK_zulu_21} \
           JAVA8JRE=${JAVA_HOME_8_X64} \
           JAVA11JRE=${JAVA_HOME_11_X64} \
           JAVA17JRE=${JAVA_HOME_17_X64} \
-          JAVA20JRE=${JAVA_HOME_20_X64} \
+          JAVA21JRE=${JAVA_HOME_21_X64} \
           conf/autoconfigure
           . conf/testenv java
           cat conf/java_local_config.yml

.github/workflows/snyk_scan.yml

@@ -0,0 +1,33 @@
+# This workflow automates the process of identifying potential security vulnerabilities
+# in the agent's dependencies using Snyk. Vulnerability scans will be run on a 
+# weekly schedule, but can also be triggered manually.
+name: Snyk Vulnerability Scan
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '00 15 * * 1'
+
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Java Agent
+        uses: actions/checkout@v3
+        with:
+          ref: 'main'
+
+      - name: Set gradle.properties Workaround
+        shell: bash
+        run: |
+          echo "jdk8=/tmp" >> gradle.properties
+          echo "jdk11=/tmp" >> gradle.properties
+          echo "jdk17=/tmp" >> gradle.properties
+          
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/gradle@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: monitor
+          args: --all-sub-projects --org=java-agent --debug --configuration-matching='(includeInJar)|(shadowIntoJar)'

agent-model/src/main/java/com/newrelic/agent/model/SpanEvent.java

@@ -13,16 +13,14 @@
 import java.io.IOException;
 import java.io.Writer;
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
-import java.util.Set;
 
 public class SpanEvent extends AnalyticsEvent implements JSONStreamAware {
 
     public static final String SPAN = "Span";
-    static final String SPAN_KIND = "client";
+    static final String CLIENT_SPAN_KIND = "client";
 
     private final String appName;
     private final Map<String, Object> intrinsics;
@@ -120,6 +118,7 @@ public static class Builder {
         private float priority;
         private boolean decider;
         private long timestamp;
+        private Object spanKind;
 
         public Builder appName(String appName) {
             this.appName = appName;
@@ -177,9 +176,19 @@ public Builder putAgentAttribute(String key, Object value) {
             return this;
         }
 
+        public Builder spanKind(Object spanKind) {
+            putIntrinsic("span.kind", spanKind);
+            this.spanKind = spanKind;
+            return this;
+        }
+
+        public boolean isClientSpan() {
+            return CLIENT_SPAN_KIND.equals(spanKind);
+        }
+
         public Object getSpanKindFromUserAttributes() {
             Object result = userAttributes.get("span.kind");
-            return result == null ? SPAN_KIND : result;
+            return result == null ? CLIENT_SPAN_KIND : result;
         }
 
         public Builder decider(boolean decider) {

build.gradle

@@ -1,6 +1,6 @@
 plugins {
     id 'com.github.prokod.gradle-crossbuild' version '0.14.1' apply false
-    id "org.jetbrains.kotlin.jvm" version "1.6.20" apply false
+    id "org.jetbrains.kotlin.jvm" version "1.8.21" apply false
     id "com.newrelic.gradle-verify-instrumentation-plugin" version "4.0" apply false
     id "com.newrelic.gradle-compatibility-doc-plugin" version "1.1" apply false
     id "com.github.spotbugs" version "5.0.14" apply false
@@ -74,5 +74,5 @@ ext {
     // SynchronizedAnnotationNode, SynchronizedClassNode, SynchronizedFieldNode, SynchronizedInnerClassNode, SynchronizedMethodNode,
     // SynchronizedModuleExportNode, SynchronizedModuleNode, SynchronizedModuleOpenNode, SynchronizedModuleProvideNode, SynchronizedModuleRequireNode,
     // SynchronizedTypeAnnotationNode
-    asmVersion="9.5"
+    asmVersion="9.6"
 }

buildSrc/build.gradle

@@ -13,8 +13,8 @@ repositories {
 dependencies {
     // This is how we do our NR-specific patching. That is, moving Log4jPlugins,
     // changing Logger.getLogger, and checking for unmapped dependencies.
-    implementation("org.ow2.asm:asm:9.3")
-    implementation("org.ow2.asm:asm-commons:9.3")
+    implementation("org.ow2.asm:asm:9.6")
+    implementation("org.ow2.asm:asm-commons:9.6")
 
     // Shadow is used here because several classes implement the Transformer interface
     implementation("com.github.jengelman.gradle.plugins:shadow:6.0.0")

functional_test/build.gradle

@@ -102,7 +102,7 @@ test {
     //testLogging.showStandardStreams = true
 
     // when using an early access Java version, we need to pass an extra param to the agent
-    if (project.hasProperty("test21")) {
+    if (project.hasProperty("test22")) {
         jvmArgs += ["-Dnewrelic.config.experimental_runtime=true"]
     }