Skip to content

Commit

Permalink
Bump CSEC java agent release 1.5.1 (#2134)
Browse files Browse the repository at this point in the history
  • Loading branch information
lovesh-ap authored Nov 11, 2024
1 parent 305a4d9 commit 1e4634d
Show file tree
Hide file tree
Showing 2 changed files with 65 additions and 60 deletions.
2 changes: 1 addition & 1 deletion gradle.properties
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# The agent version.
agentVersion=8.16.0
securityAgentVersion=1.5.0
securityAgentVersion=1.5.1

newrelicDebug=false
org.gradle.jvmargs=-Xmx2048m
Expand Down
123 changes: 64 additions & 59 deletions newrelic-agent/src/main/resources/newrelic.yml
Original file line number Diff line number Diff line change
Expand Up @@ -464,66 +464,71 @@ common: &default_settings
agent:
enabled: false

# This configuration allows users to specify a unique test identifier when running IAST Scan with CI/CD
iast_test_identifier: 'run-id'

# Security controllers
scan_controllers:
# The scan_request_rate_limit configuration allows to specify maximum number of replay request played per minute.
# The maximum is 3600 and the minimum is 12 replay request per minute.
iast_scan_request_rate_limit: 3600 # Number of IAST replay request played per minute, Default is 3600

# The scan_schedule configuration allows to specify when IAST scans should be executed
scan_schedule:
# The delay field specifies the delay in minutes before the IAST scan starts. This allows to schedule the scan to start at a later time.
delay: 0 #In minutes, default is 0 min
# The duration field specifies the duration of the IAST scan in minutes. This determines how long the scan will run.
duration: 0 #In minutes, default is forever

# The schedule field specifies a cron expression that defines when the IAST scan should start.
#schedule: "" #By default, schedule is inactive

# Allow continuously sample collection of IAST events
always_sample_traces: false # Default is false

# The exclude_from_iast_scan configuration allows to specify APIs, parameters, and categories that should not be scanned by Security Agents.
exclude_from_iast_scan:
# The api field specifies list of APIs using regular expression (regex) patterns that follow the syntax of Perl 5. The regex pattern should provide a complete match for the URL without the endpoint.
# Example:
# api:
# - .*account.*
# - .*/\api\/v1\/.*?\/login
api: [ ]

# The parameters configuration allows users to specify headers, query parameters, and body keys that should be excluded from IAST scans.
# Example:
# http_request_parameters:
# header:
# - X-Forwarded-For
# query:
# - username
# - password
# body:
# - account.email
# - account.contact
http_request_parameters:
# A list of HTTP header keys. If a request includes any headers with these keys, the corresponding IAST scan will be skipped.
header: [ ]
# A list of query parameter keys. The presence of these parameters in the request's query string will lead to skipping the IAST scan.
query: [ ]
# A list of keys within the request body. If these keys are found in the body content, the IAST scan will be omitted.
body: [ ]

# The iast_detection_category configuration allows to specify which categories of vulnerabilities should not be detected by Security Agents.
# If any of these categories are set to true, Security Agents will not generate events or flag vulnerabilities for that category.
iast_detection_category:
insecure_settings: false
invalid_file_access: false
sql_injection: false
nosql_injection: false
ldap_injection: false
javascript_injection: false
command_injection: false
xpath_injection: false
ssrf: false
rxss: false
scan_controllers:
# The scan_request_rate_limit configuration allows to specify maximum number of replay request played per minute.
# The maximum is 3600 and the minimum is 12 replay request per minute.
iast_scan_request_rate_limit: 3600 # Number of IAST replay request played per minute, Default is 3600
# This configuration allows users to the number of application instances for a specific entity where IAST analysis is performed.
scan_instance_count: 0 # Values are 1 or 0, 0 signifies run on all application instances

# The scan_schedule configuration allows to specify when IAST scans should be executed
scan_schedule:
# The delay field specifies the delay in minutes before the IAST scan starts. This allows to schedule the scan to start at a later time.
delay: 0 #In minutes, default is 0 min
# The duration field specifies the duration of the IAST scan in minutes. This determines how long the scan will run.
duration: 0 #In minutes, default is forever

# The schedule field specifies a cron expression that defines when the IAST scan should start.
#schedule: "" #By default, schedule is inactive

# Allow continuously sample collection of IAST events
always_sample_traces: false # Default is false

# The exclude_from_iast_scan configuration allows to specify APIs, parameters, and categories that should not be scanned by Security Agents.
exclude_from_iast_scan:
# The api field specifies list of APIs using regular expression (regex) patterns that follow the syntax of Perl 5. The regex pattern should provide a complete match for the URL without the endpoint.
# Example:
# api:
# - .*account.*
# - .*/\api\/v1\/.*?\/login
api: [ ]

# The parameters configuration allows users to specify headers, query parameters, and body keys that should be excluded from IAST scans.
# Example:
# http_request_parameters:
# header:
# - X-Forwarded-For
# query:
# - username
# - password
# body:
# - account.email
# - account.contact
http_request_parameters:
# A list of HTTP header keys. If a request includes any headers with these keys, the corresponding IAST scan will be skipped.
header: [ ]
# A list of query parameter keys. The presence of these parameters in the request's query string will lead to skipping the IAST scan.
query: [ ]
# A list of keys within the request body. If these keys are found in the body content, the IAST scan will be omitted.
body: [ ]

# The iast_detection_category configuration allows to specify which categories of vulnerabilities should not be detected by Security Agents.
# If any of these categories are set to true, Security Agents will not generate events or flag vulnerabilities for that category.
iast_detection_category:
insecure_settings: false
invalid_file_access: false
sql_injection: false
nosql_injection: false
ldap_injection: false
javascript_injection: false
command_injection: false
xpath_injection: false
ssrf: false
rxss: false

# Deprecated!!! Instead, please use iast_detection_category to disable vulnerabilities category by IAST,
# These are the category of security events that can be detected. Set to false to disable detection of
Expand Down

0 comments on commit 1e4634d

Please sign in to comment.