Sanitize environment

[kanderson250]

Resolves #2110

Description

This PR introduces a new configuration stanza obfuscate_jvm_props to better protect our customers from sending sensitive data in their JVM args.

Prior to this feature, all JVM args were sent by default on agent startup, and were not filtered or checked in any way. Now, we will obfuscate any data contained behind an = in a JVM argument by default (with a few exceptions, see below).

Details

New .yml configuration stanza with descriptions:

obfuscate_jvm_props:
  enabled: If true (default), obfuscate all JVM props data after =, except the default allows set by the agent.
          If false, leave all JVM props as-is. 
  allow: An optional list of comma-separated property names to send unobfuscated. 
          Can be an exact match for the prop name, or wildcarded in the last character. 
  block: An optional list of comma-separated property names to always send obfuscated. 
          Can be an exact match for the prop name, or wildcarded in the last character. 

Default allows set by the agent: The agent will send any standard or extended JVM prop (those with an -X* prefix) as-is, even if they contain an = sign. This was done because these props should not contain sensitive data and their values may be used by other New Relic teams, such as the BMDS project.

To keep the block/allow list conventions consistent with other similar config settings (such as attribute includes/excludes), priority is always given to the more-specific rule (-DpropB.extended will take precedence over -DpropB, regardless of whether it belongs to the block or allow list).

This feature has no affect on JVM args that do not contain an =, such as -javaagent.

Example

Setting:

  obfuscate_jvm_props:
    allow: -Dprop.A, -Dprop.B*
    block: -Dprop.B.extended

And starting petclinic with:

java -javaagent:newrelic/newrelic.jar -Xms2G -Xmx5G -Dprop.A=val1 -Dprop.B=val2 -Dprop.B.other=val3 -Dprop.B.extended=val4 -DpropC = val5 -XX:+HeapDumpOnOutOfMemoryError -XX:ActiveProcessorCount=1 -jar build/libs/spring-petclinic-3.0.0.jar

Sends up to the NR UI:

-javaagent:newrelic/newrelic.jar 
-Xms2G 
-Xmx5G 
-Dprop.A=val1 
-Dprop.B=val2 
-Dprop.B.other=val3
-Dprop.B.extended=obfuscated
-DpropC = obfuscated
-XX:+HeapDumpOnOutOfMemoryError 
-XX:ActiveProcessorCount=1

Implementation

The PR introduces a new config class, ObfuscateJvmPropsConfig. It enhances the existing Environment class using an ExcludesIncludesFilter to apply the appropriate rules to JVM properties.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 97.36842% with 1 line in your changes missing coverage. Please review.

Project coverage is 70.70%. Comparing base (ec234dd) to head (e5e7f9f).
Report is 3 commits behind head on main.

Files with missing lines	Patch %	Lines
...lic/agent/attributes/ExcludeIncludeFilterImpl.java	75.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #2114      +/-   ##
============================================
+ Coverage     70.66%   70.70%   +0.04%     
- Complexity     9964     9984      +20     
============================================
  Files           840      841       +1     
  Lines         40251    40288      +37     
  Branches       6106     6107       +1     
============================================
+ Hits          28442    28487      +45     
+ Misses         9065     9058       -7     
+ Partials       2744     2743       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.