newrelic_rpm 3.9.0.229 → 3.9.1.236

data.tar.gz.sig

@@ -1 +1,4 @@
-�P�a��N�W?�K���,�eƁ	z)�ǻ~uw:�ssAj@����M�_��'�K��)عZ�*l3*���W[�q`}�1��_:y/"�b�aç��3rb�?���%Z-�_$|�%��X|0�襺�b�2[�b�_�r�Dj
+��eD�nqPWZ���\.�׮�"���x"=�$S��z��3�R*����`�$�3��}�+�;�
+������y,������pO�?t�yVoZӚm�7�U��u�8�Xϑ��"(��2wR��� ����*�yG~�R����4�ݬ�w�q
+��`>T�q�#p�bie'?t�.q���[R�2��P�2y���LڟO�Ig	�!��C��
+��O�"��ba�

data/CHANGELOG

@@ -1,5 +1,78 @@
 # New Relic Ruby Agent Release Notes #
 
+## v3.9.1 ##
+
+  * Ruby 1.8.7 users: upgrade or add JSON gem now
+
+  Ruby 1.8.7 is end-of-lifed, and not receiving security updates, so we strongly
+  encourage all users with apps on 1.8.7 to upgrade.
+
+  If you're not able to upgrade yet, be aware that a coming release of the Ruby
+  agent will require users of Ruby 1.8.7 to have the 'json' gem available within
+  their applications in order to continue sending data to New Relic.
+
+  For more details, see:
+  https://docs.newrelic.com/docs/ruby/ruby-1.8.7-support
+
+  * High security mode V2
+
+  The Ruby agent now supports V2 of New Relic's high security mode. To enable
+  it, you must add 'high_security: true' to your newrelic.yml file, *and* enable
+  high security mode through the New Relic web interface. The local agent
+  setting must be in agreement with the server-side setting, or the agent will
+  shut down and no data will be collected.
+
+  Customers who already had the server-side high security mode setting enabled
+  must add 'high_security: true' to their agent configuration files when
+  upgrading to this release.
+
+  For details on high security mode, see:
+  http://docs.newrelic.com/docs/accounts-partnerships/accounts/security/high-security
+
+  * Improved memcached instrumentation
+
+  More accurate instrumentation for the 'cas' command when using version 1.8.0
+  or later of the memcached gem. Previous versions of the agent would count all
+  time spent in the block given to 'cas' as memcache time, but 1.8.0 and later
+  allows us to more accurately measure just the time spent talking to memcache.
+
+  Many thanks to Francis Bogsanyi for contributing this change!
+
+  * Improved support for Rails apps launched from outside the app root directory
+
+  The Ruby agent attempts to resolve the location of its configuration file at
+  runtime relative to the directory that the host process is started from.
+
+  In cases where the host process was started from outside of the application's
+  root directory (for example, if the process is started from from '/'), it will
+  now also attempt to locate its configuration file based on the value of
+  Rails.root for Rails applications.
+
+  * Better compatibility with ActionController::Live
+
+  Browser Application Monitoring auto-injection can cause request failures under
+  certain circumstances when used with ActionController::Live, so the agent will
+  now automatically detect usage of ActionController::Live, and not attempt
+  auto-injection for those requests (even if auto-instrumentation is otherwise
+  enabled).
+
+  Many thanks to Rodrigo Rosenfeld Rosas for help diagnosing this issue!
+
+  * Fix for occasional spikes in external services time
+
+  Certain kinds of failures during HTTP reqeusts made by an application could
+  have previously resulted in the Ruby agent reporting erroneously large amounts
+  of time spent in outgoing HTTP requests. This issue manifested most obviously
+  in spikes on the 'Web external' band on the main overview graph. This issue
+  has now been fixed.
+
+  * Fix 'rake newrelic:install' for Rails 4 applications
+
+  The newrelic:install rake task was previously not working for Rails 4
+  applications and has been fixed.
+
+  Thanks to Murahashi Sanemat Kenichi for contributing this fix!
+
 ## v3.9.0 ##
 
   * Rack middleware instrumentation

data/install.rb

@@ -2,12 +2,12 @@
 # This file is distributed under New Relic's license terms.
 # See https://github.com/newrelic/rpm/blob/master/LICENSE for complete details.
 
-if __FILE__ == $0 || $0 =~ /script\/plugin/
+if __FILE__ == $0 || $0 =~ /script\/plugin/ || File.basename($0) == 'rake'
   $LOAD_PATH << File.expand_path(File.join(File.dirname(__FILE__), 'lib'))
   require 'new_relic/cli/command'
   begin
     NewRelic::Cli::Install.new(:quiet => true, :app_name => 'My Application').run
-  rescue NewRelic::Cli::CommandFailure => e
+  rescue NewRelic::Cli::Command::CommandFailure => e
     $stderr.puts e.message
   end
 end

data/lib/new_relic/agent/agent.rb

@@ -155,7 +155,7 @@ module NewRelic
             disconnected? ||
             @worker_thread && @worker_thread.alive?
 
-          ::NewRelic::Agent.logger.debug "Starting the worker thread in #{$$} after forking."
+          ::NewRelic::Agent.logger.debug "Starting the worker thread in #{Process.pid} (parent #{Process.ppid}) after forking."
 
           # Clear out locks and stats left over from parent process
           reset_objects_with_locks
@@ -759,6 +759,7 @@ module NewRelic
               :agent_version => NewRelic::VERSION::STRING,
               :environment => @environment_report,
               :settings => Agent.config.to_collector_hash,
+              :high_security => Agent.config[:high_security],
             }
           end
 
@@ -874,6 +875,8 @@ module NewRelic
           query_server_for_configuration
           @connected_pid = $$
           @connect_state = :connected
+        rescue NewRelic::Agent::ForceDisconnectException => e
+          handle_force_disconnect(e)
         rescue NewRelic::Agent::LicenseException => e
           handle_license_error(e)
         rescue NewRelic::Agent::UnrecoverableAgentException => e
@@ -888,6 +891,10 @@ module NewRelic
           else
             disconnect
           end
+        rescue Exception => e
+          ::NewRelic::Agent.logger.error "Exception of unexpected type during Agent#connect():", e
+
+          raise
         end
 
         # Who am I? Well, this method can tell you your hostname.

data/lib/new_relic/agent/browser_token.rb

@@ -16,7 +16,9 @@ module NewRelic
           s = agent_flag.split("=")
           if s.length == 2
             if s[0] == "tk" && s[1]
-              ERB::Util.h(sanitize_token(s[1]))
+              sanitized = sanitize_token(s[1])
+              return nil unless sanitized
+              ERB::Util.h(sanitized)
             end
           end
         else
@@ -24,14 +26,15 @@ module NewRelic
         end
       end
 
-      # Run through a collection of unsafe characters ( in the context of the token )
-      # and set the token to an empty string if any of them are found in the token so that
-      # potential XSS attacks via the token are avoided
+      # Remove any non-alphanumeric characters from the token to avoid XSS attacks.
       def self.sanitize_token(token)
-        if ( /[<>'"]/ =~ token )
-          token.replace("")
+        if token.match(/[^a-zA-Z0-9]/)
+          ::NewRelic::Agent.logger.log_once(:warn, :invalid_browser_token,
+                                           "Invalid characters found in browser token.")
+          nil
+        else
+          token
         end
-        token
       end
     end
   end

data/lib/new_relic/agent/configuration/default_source.rb

@@ -33,10 +33,17 @@ module NewRelic
               File.join("config","newrelic.yml"),
               File.join("newrelic.yml")
             ]
+
+            if NewRelic::Control.instance.root
+              paths << File.join(NewRelic::Control.instance.root, "config", "newrelic.yml")
+              paths << File.join(NewRelic::Control.instance.root, "newrelic.yml")
+            end
+
             if ENV["HOME"]
               paths << File.join(ENV["HOME"], ".newrelic", "newrelic.yml")
               paths << File.join(ENV["HOME"], "newrelic.yml")
             end
+
             paths
           }
         end
@@ -892,7 +899,7 @@ module NewRelic
         },
         :'analytics_events.max_samples_stored' => {
           :default => 1200,
-          :public => false,
+          :public => true,
           :type => Fixnum,
           :description => 'Maximum number of request events recorded by the analytics event sampling in a single harvest.'
         },

data/lib/new_relic/agent/configuration/high_security_source.rb

@@ -0,0 +1,56 @@
+# encoding: utf-8
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/rpm/blob/master/LICENSE for complete details.
+
+require 'new_relic/agent/configuration'
+
+module NewRelic
+  module Agent
+    module Configuration
+      class HighSecuritySource < DottedHash
+        def initialize(local_settings)
+          super({
+            :ssl => true,
+
+            :capture_params           => false,
+            :'resque.capture_params'  => false,
+            :'sidekiq.capture_params' => false,
+
+            # These aren't strictly necessary as add_custom_parameters is
+            # directly responsible for ignoring incoming param, but we disallow
+            # attributes by these settings just to be safe
+            :'transaction_tracer.capture_attributes' => false,
+            :'error_collector.capture_attributes'    => false,
+            :'browser_monitoring.capture_attributes' => false,
+            :'analytics_events.capture_attributes'   => false,
+
+            :'transaction_tracer.record_sql' => record_sql_setting(local_settings, :'transaction_tracer.record_sql'),
+            :'slow_sql.record_sql'           => record_sql_setting(local_settings, :'slow_sql.record_sql'),
+            :'mongo.obfuscate_queries'       => true
+          })
+        end
+
+        OFF = "off".freeze
+        RAW = "raw".freeze
+        OBFUSCATED = "obfuscated".freeze
+
+        SET_TO_OBFUSCATED = [RAW, OBFUSCATED]
+
+        def record_sql_setting(local_settings, key)
+          original_value  = local_settings[key]
+          result = if SET_TO_OBFUSCATED.include?(original_value)
+            OBFUSCATED
+          else
+            OFF
+          end
+
+          if result != original_value
+            NewRelic::Agent.logger.info("Disabling setting #{key}='#{original_value}' because high security mode is enabled. Value will be '#{result}'")
+          end
+
+          result
+        end
+      end
+    end
+  end
+end

data/lib/new_relic/agent/configuration/manager.rb

@@ -8,6 +8,7 @@ require 'new_relic/agent/configuration/yaml_source'
 require 'new_relic/agent/configuration/default_source'
 require 'new_relic/agent/configuration/server_source'
 require 'new_relic/agent/configuration/environment_source'
+require 'new_relic/agent/configuration/high_security_source'
 
 module NewRelic
   module Agent
@@ -52,11 +53,12 @@ module NewRelic
 
         def remove_config_type(sym)
           source = case sym
-          when :environment then @environment_source
-          when :server      then @server_source
-          when :manual      then @manual_source
-          when :yaml        then @yaml_source
-          when :default     then @default_source
+          when :high_security then @high_security_source
+          when :environment   then @environment_source
+          when :server        then @server_source
+          when :manual        then @manual_source
+          when :yaml          then @yaml_source
+          when :default       then @default_source
           end
 
           remove_config(source)
@@ -64,11 +66,12 @@ module NewRelic
 
         def remove_config(source)
           case source
-          when EnvironmentSource then @environment_source = nil
-          when ServerSource      then @server_source      = nil
-          when ManualSource      then @manual_source      = nil
-          when YamlSource        then @yaml_source        = nil
-          when DefaultSource     then @default_source     = nil
+          when HighSecuritySource then @high_security_source = nil
+          when EnvironmentSource  then @environment_source   = nil
+          when ServerSource       then @server_source        = nil
+          when ManualSource       then @manual_source        = nil
+          when YamlSource         then @yaml_source          = nil
+          when DefaultSource      then @default_source       = nil
           else
             @configs_for_testing.delete_if {|src,lvl| src == source}
           end
@@ -84,11 +87,12 @@ module NewRelic
 
           invoke_callbacks(:add, source)
           case source
-          when EnvironmentSource then @environment_source = source
-          when ServerSource      then @server_source      = source
-          when ManualSource      then @manual_source      = source
-          when YamlSource        then @yaml_source        = source
-          when DefaultSource     then @default_source     = source
+          when HighSecuritySource then @high_security_source = source
+          when EnvironmentSource  then @environment_source   = source
+          when ServerSource       then @server_source        = source
+          when ManualSource       then @manual_source        = source
+          when YamlSource         then @yaml_source          = source
+          when DefaultSource      then @default_source       = source
           else
             NewRelic::Agent.logger.warn("Invalid config format; config will be ignored: #{source}")
           end
@@ -187,13 +191,14 @@ module NewRelic
 
         # Generally only useful during initial construction and tests
         def reset_to_defaults
-          @environment_source  = EnvironmentSource.new
-          @server_source       = nil
-          @manual_source       = nil
-          @yaml_source         = nil
-          @default_source      = DefaultSource.new
+          @high_security_source = nil
+          @environment_source   = EnvironmentSource.new
+          @server_source        = nil
+          @manual_source        = nil
+          @yaml_source          = nil
+          @default_source       = DefaultSource.new
 
-          @configs_for_testing = []
+          @configs_for_testing  = []
 
           reset_cache
         end
@@ -213,12 +218,13 @@ module NewRelic
         end
 
         def delete_all_configs_for_testing
-          @environment_source  = nil
-          @server_source       = nil
-          @manual_source       = nil
-          @yaml_source         = nil
-          @default_source      = nil
-          @configs_for_testing = []
+          @high_security_source = nil
+          @environment_source   = nil
+          @server_source        = nil
+          @manual_source        = nil
+          @yaml_source          = nil
+          @default_source       = nil
+          @configs_for_testing  = []
         end
 
         def num_configs_for_testing
@@ -232,7 +238,8 @@ module NewRelic
         private
 
         def config_stack
-          stack = [@environment_source,
+          stack = [@high_security_source,
+                   @environment_source,
                    @server_source,
                    @manual_source,
                    @yaml_source,

data/lib/new_relic/agent/cross_app_monitor.rb

@@ -2,6 +2,8 @@
 # This file is distributed under New Relic's license terms.
 # See https://github.com/newrelic/rpm/blob/master/LICENSE for complete details.
 
+require 'digest'
+
 require 'new_relic/agent/transaction_state'
 require 'new_relic/agent/threading/agent_thread'
 
@@ -102,6 +104,16 @@ module NewRelic
         return info[1]
       end
 
+      def client_referring_transaction_trip_id(state)
+        info = state.referring_transaction_info or return nil
+        return info[2]
+      end
+
+      def client_referring_transaction_path_hash(state)
+        info = state.referring_transaction_info or return nil
+        return info[3].is_a?(String) && info[3]
+      end
+
       def insert_response_header(state, request_headers, response_headers)
         unless state.client_cross_app_id.nil?
           txn = state.current_transaction
@@ -183,6 +195,17 @@ module NewRelic
         from_headers(request, CONTENT_LENGTH_HEADER_KEYS) || -1
       end
 
+      def hash_transaction_name(identifier)
+        Digest::MD5.digest(identifier).unpack("@12N").first & 0xffffffff
+      end
+
+      def path_hash(txn_name, seed)
+        rotated    = ((seed << 1) | (seed >> 31)) & 0xffffffff
+        app_name   = NewRelic::Agent.config.app_names.first
+        identifier = "#{app_name};#{txn_name}"
+        sprintf("%08x", rotated ^ hash_transaction_name(identifier))
+      end
+
       private
 
       def from_headers(request, try_keys)

data/lib/new_relic/agent/cross_app_tracing.rb

@@ -33,14 +33,16 @@ module NewRelic
       # See the documentation for +start_trace+ for an explanation of what
       # +request+ should look like.
       #
-      def trace_http_request(request) #THREAD_LOCAL_ACCESS
-        return yield unless NewRelic::Agent.tl_is_execution_traced?
+      def tl_trace_http_request(request)
+        state = NewRelic::Agent::TransactionState.tl_get
+        return yield unless state.is_execution_traced?
 
         begin
-          t0, segment = start_trace( request )
+          t0 = Time.now
+          segment = start_trace(state, t0, request)
           response = yield
         ensure
-          finish_trace( t0, segment, request, response )
+          finish_trace(state, t0, segment, request, response)
         end
 
         return response
@@ -60,19 +62,20 @@ module NewRelic
       # * []=(key, val) - Set an HTTP request header by name
       # * uri  - Full URI of the request
       #
-      # This method MUST return a pair. The first item always returns the
-      # starting time of the trace, even if an error occurs. The second item is
-      # the transaction segment if it was sucessfully pushed.
-      def start_trace(request) #THREAD_LOCAL_ACCESS
-        t0 = Time.now
-
-        inject_request_headers(request) if cross_app_enabled?
-        segment = NewRelic::Agent::TracedMethodStack.tl_push_frame(:http_request, t0)
+      # This method returns the transaction segment if it was sucessfully pushed.
+      def start_trace(state, t0, request)
+        inject_request_headers(state, request) if cross_app_enabled?
+        stack = state.traced_method_stack
+        segment = stack.push_frame(state, :http_request, t0)
 
-        return t0, segment
+        return segment
       rescue => err
         NewRelic::Agent.logger.error "Uncaught exception while tracing HTTP request", err
-        return t0, nil
+        return nil
+      rescue Exception => e
+        NewRelic::Agent.logger.debug "Unexpected exception raised while tracing HTTP request", e
+
+        raise e
       end
 
 
@@ -87,7 +90,7 @@ module NewRelic
       # * [](key) - Reads response headers.
       # * to_hash - Converts response headers to a Hash
       #
-      def finish_trace(t0, segment, request, response) #THREAD_LOCAL_ACCESS
+      def finish_trace(state, t0, segment, request, response)
         t1 = Time.now
         duration = t1.to_f - t0.to_f
 
@@ -98,8 +101,8 @@ module NewRelic
             metrics = metrics_for(request, response)
             scoped_metric = metrics.pop
 
-            stats_engine.tl_record_scoped_and_unscoped_metrics(
-              scoped_metric, metrics, duration)
+            stats_engine.record_scoped_and_unscoped_metrics(
+              state, scoped_metric, metrics, duration)
 
             # If we don't have segment, something failed during start_trace so
             # the current segment isn't the HTTP call it should have been.
@@ -111,7 +114,10 @@ module NewRelic
         ensure
           # If we have a segment, always pop the traced method stack to avoid
           # an inconsistent state, which prevents tracing of whole transaction.
-          NewRelic::Agent::TracedMethodStack.tl_pop_frame(segment, scoped_metric, t1) if segment
+          if segment
+            stack = state.traced_method_stack
+            stack.pop_frame(state, segment, scoped_metric, t1)
+          end
         end
       rescue NewRelic::Agent::CrossAppTracing::Error => err
         NewRelic::Agent.logger.debug "while cross app tracing", err
@@ -150,17 +156,20 @@ module NewRelic
       end
 
       # Inject the X-Process header into the outgoing +request+.
-      def inject_request_headers(request) #THREAD_LOCAL_ACCESS
+      def inject_request_headers(state, request)
         cross_app_id = NewRelic::Agent.config[:cross_process_id] or
           raise NewRelic::Agent::CrossAppTracing::Error, "no cross app ID configured"
 
-        state = NewRelic::Agent::TransactionState.tl_get
         state.is_cross_app_caller = true
         txn_guid = state.request_guid
-        txn_data = NewRelic::JSONWrapper.dump([ txn_guid, false ])
+        if state.current_transaction
+          trip_id   = state.current_transaction.cat_trip_id(state)
+          path_hash = state.current_transaction.cat_path_hash(state)
+        end
+        txn_data  = NewRelic::JSONWrapper.dump([txn_guid, false, trip_id, path_hash])
 
-        request[ NR_ID_HEADER ]  = obfuscator.obfuscate( cross_app_id )
-        request[ NR_TXN_HEADER ] = obfuscator.obfuscate( txn_data )
+        request[NR_ID_HEADER]  = obfuscator.obfuscate(cross_app_id)
+        request[NR_TXN_HEADER] = obfuscator.obfuscate(txn_data)
 
       rescue NewRelic::Agent::CrossAppTracing::Error => err
         NewRelic::Agent.logger.debug "Not injecting x-process header", err
@@ -169,8 +178,8 @@ module NewRelic
       def add_transaction_trace_parameters(request, response)
         filtered_uri = ::NewRelic::Agent::HTTPClients::URIUtil.filter_uri(request.uri)
         transaction_sampler.add_segment_parameters(:uri => filtered_uri)
-        if response && response_is_crossapp?( response )
-          add_cat_transaction_trace_parameters( response )
+        if response && response_is_crossapp?(response)
+          add_cat_transaction_trace_parameters(response)
         end
       end
 
@@ -201,7 +210,6 @@ module NewRelic
             metrics.concat metrics_for_regular_request( request )
           end
         else
-          NewRelic::Agent.logger.debug "Response doesn't have CAT headers."
           metrics.concat metrics_for_regular_request( request )
         end