newrelic_rpm 9.11.0 → 9.12.0

data/lib/new_relic/agent/local_log_decorator.rb

@@ -12,6 +12,12 @@ module NewRelic
         return message unless decorating_enabled?
 
         metadata = NewRelic::Agent.linking_metadata
+
+        if message.is_a?(Hash)
+          message.merge!(metadata) unless message.frozen?
+          return
+        end
+
         formatted_metadata = " NR-LINKING|#{metadata[ENTITY_GUID_KEY]}|#{metadata[HOSTNAME_KEY]}|" \
                              "#{metadata[TRACE_ID_KEY]}|#{metadata[SPAN_ID_KEY]}|" \
                              "#{escape_entity_name(metadata[ENTITY_NAME_KEY])}|"
@@ -23,7 +29,8 @@ module NewRelic
 
       def decorating_enabled?
         NewRelic::Agent.config[:'application_logging.enabled'] &&
-          NewRelic::Agent::Instrumentation::Logger.enabled? &&
+          (NewRelic::Agent::Instrumentation::Logger.enabled? ||
+            NewRelic::Agent::Instrumentation::LogStasher.enabled?) &&
           NewRelic::Agent.config[:'application_logging.local_decorating.enabled']
       end
 

data/lib/new_relic/agent/log_event_aggregator.rb

@@ -20,7 +20,8 @@ module NewRelic
       DROPPED_METRIC = 'Logging/Forwarding/Dropped'.freeze
       SEEN_METRIC = 'Supportability/Logging/Forwarding/Seen'.freeze
       SENT_METRIC = 'Supportability/Logging/Forwarding/Sent'.freeze
-      OVERALL_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Ruby/Logger/%s'.freeze
+      LOGGER_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Ruby/Logger/%s'.freeze
+      LOGSTASHER_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Ruby/LogStasher/%s'.freeze
       METRICS_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Metrics/Ruby/%s'.freeze
       FORWARDING_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Forwarding/Ruby/%s'.freeze
       DECORATING_SUPPORTABILITY_FORMAT = 'Supportability/Logging/LocalDecorating/Ruby/%s'.freeze
@@ -58,38 +59,71 @@ module NewRelic
       end
 
       def record(formatted_message, severity)
-        return unless enabled?
+        return unless logger_enabled?
 
         severity = 'UNKNOWN' if severity.nil? || severity.empty?
+        increment_event_counters(severity)
+
+        return if formatted_message.nil? || formatted_message.empty?
+        return unless monitoring_conditions_met?(severity)
+
+        txn = NewRelic::Agent::Transaction.tl_current
+        priority = LogPriority.priority_for(txn)
 
-        if NewRelic::Agent.config[METRICS_ENABLED_KEY]
-          @counter_lock.synchronize do
-            @seen += 1
-            @seen_by_severity[severity] += 1
+        return txn.add_log_event(create_event(priority, formatted_message, severity)) if txn
+
+        @lock.synchronize do
+          @buffer.append(priority: priority) do
+            create_event(priority, formatted_message, severity)
           end
         end
+      rescue
+        nil
+      end
 
-        return if severity_too_low?(severity)
-        return if formatted_message.nil? || formatted_message.empty?
-        return unless NewRelic::Agent.config[FORWARDING_ENABLED_KEY]
-        return if @high_security
+      def record_logstasher_event(log)
+        return unless logstasher_enabled?
+
+        # LogStasher logs do not inherently include a message key, so most logs are recorded.
+        # But when the key exists, we should not record the log if the message value is nil or empty.
+        return if log.key?('message') && (log['message'].nil? || log['message'].empty?)
+
+        severity = determine_severity(log)
+        increment_event_counters(severity)
+
+        return unless monitoring_conditions_met?(severity)
 
         txn = NewRelic::Agent::Transaction.tl_current
         priority = LogPriority.priority_for(txn)
 
-        if txn
-          return txn.add_log_event(create_event(priority, formatted_message, severity))
-        else
-          return @lock.synchronize do
-            @buffer.append(priority: priority) do
-              create_event(priority, formatted_message, severity)
-            end
+        return txn.add_log_event(create_logstasher_event(priority, severity, log)) if txn
+
+        @lock.synchronize do
+          @buffer.append(priority: priority) do
+            create_logstasher_event(priority, severity, log)
           end
         end
       rescue
         nil
       end
 
+      def monitoring_conditions_met?(severity)
+        !severity_too_low?(severity) && NewRelic::Agent.config[FORWARDING_ENABLED_KEY] && !@high_security
+      end
+
+      def determine_severity(log)
+        log['level'] ? log['level'].to_s.upcase : 'UNKNOWN'
+      end
+
+      def increment_event_counters(severity)
+        return unless NewRelic::Agent.config[METRICS_ENABLED_KEY]
+
+        @counter_lock.synchronize do
+          @seen += 1
+          @seen_by_severity[severity] += 1
+        end
+      end
+
       def record_batch(txn, logs)
         # Ensure we have the same shared priority
         priority = LogPriority.priority_for(txn)
@@ -104,15 +138,17 @@ module NewRelic
         end
       end
 
-      def create_event(priority, formatted_message, severity)
-        formatted_message = truncate_message(formatted_message)
-
-        event = LinkingMetadata.append_trace_linking_metadata({
+      def add_event_metadata(formatted_message, severity)
+        metadata = {
           LEVEL_KEY => severity,
-          MESSAGE_KEY => formatted_message,
           TIMESTAMP_KEY => Process.clock_gettime(Process::CLOCK_REALTIME) * 1000
-        })
+        }
+        metadata[MESSAGE_KEY] = formatted_message unless formatted_message.nil?
+
+        LinkingMetadata.append_trace_linking_metadata(metadata)
+      end
 
+      def create_prioritized_event(priority, event)
         [
           {
             PrioritySampledBuffer::PRIORITY_KEY => priority
@@ -121,6 +157,31 @@ module NewRelic
         ]
       end
 
+      def create_event(priority, formatted_message, severity)
+        formatted_message = truncate_message(formatted_message)
+        event = add_event_metadata(formatted_message, severity)
+
+        create_prioritized_event(priority, event)
+      end
+
+      def create_logstasher_event(priority, severity, log)
+        formatted_message = log['message'] ? truncate_message(log['message']) : nil
+        event = add_event_metadata(formatted_message, severity)
+        add_logstasher_event_attributes(event, log)
+
+        create_prioritized_event(priority, event)
+      end
+
+      def add_logstasher_event_attributes(event, log)
+        log_copy = log.dup
+        # Delete previously reported attributes
+        log_copy.delete('message')
+        log_copy.delete('level')
+        log_copy.delete('@timestamp')
+
+        event['attributes'] = log_copy
+      end
+
       def add_custom_attributes(custom_attributes)
         attributes.add_custom_attributes(custom_attributes)
       end
@@ -166,10 +227,14 @@ module NewRelic
         super
       end
 
-      def enabled?
+      def logger_enabled?
         @enabled && @instrumentation_logger_enabled
       end
 
+      def logstasher_enabled?
+        @enabled && NewRelic::Agent::Instrumentation::LogStasher.enabled?
+      end
+
       private
 
       # We record once-per-connect metrics for enabled/disabled state at the
@@ -177,8 +242,8 @@ module NewRelic
       def register_for_done_configuring(events)
         events.subscribe(:server_source_configuration_added) do
           @high_security = NewRelic::Agent.config[:high_security]
-
-          record_configuration_metric(OVERALL_SUPPORTABILITY_FORMAT, OVERALL_ENABLED_KEY)
+          record_configuration_metric(LOGGER_SUPPORTABILITY_FORMAT, OVERALL_ENABLED_KEY)
+          record_configuration_metric(LOGSTASHER_SUPPORTABILITY_FORMAT, OVERALL_ENABLED_KEY)
           record_configuration_metric(METRICS_SUPPORTABILITY_FORMAT, METRICS_ENABLED_KEY)
           record_configuration_metric(FORWARDING_SUPPORTABILITY_FORMAT, FORWARDING_ENABLED_KEY)
           record_configuration_metric(DECORATING_SUPPORTABILITY_FORMAT, DECORATING_ENABLED_KEY)

data/lib/new_relic/control/instance_methods.rb

@@ -73,6 +73,7 @@ module NewRelic
         init_config(options)
         NewRelic::Agent.agent = NewRelic::Agent::Agent.instance
         init_instrumentation
+        init_security_agent
       end
 
       def determine_env(options)

data/lib/new_relic/control/private_instance_methods.rb

@@ -43,6 +43,10 @@ module NewRelic
           DependencyDetection.detect!
         end
       end
+
+      def init_security_agent
+        SecurityInterface.instance.init_agent
+      end
     end
   end
 end

data/lib/new_relic/control/security_interface.rb

@@ -0,0 +1,57 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+require 'singleton'
+
+module NewRelic
+  class Control
+    class SecurityInterface
+      include Singleton
+
+      attr_accessor :wait
+
+      SUPPORTABILITY_PREFIX_SECURITY = 'Supportability/Ruby/SecurityAgent/Enabled/'
+      SUPPORTABILITY_PREFIX_SECURITY_AGENT = 'Supportability/Ruby/SecurityAgent/Agent/Enabled/'
+      ENABLED = 'enabled'
+      DISABLED = 'disabled'
+
+      def agent_started?
+        (@agent_started ||= false) == true
+      end
+
+      def waiting?
+        (@wait ||= false) == true
+      end
+
+      def init_agent
+        return if agent_started? || waiting?
+
+        record_supportability_metrics
+
+        if Agent.config[:'security.agent.enabled'] && !Agent.config[:high_security]
+          Agent.logger.info('Invoking New Relic security module')
+          require 'newrelic_security'
+
+          @agent_started = true
+        else
+          Agent.logger.info('New Relic Security is completely disabled by one of the user-provided configurations: `security.agent.enabled` or `high_security`. Not loading security capabilities.')
+          Agent.logger.info("high_security = #{Agent.config[:high_security]}")
+          Agent.logger.info("security.agent.enabled = #{Agent.config[:'security.agent.enabled']}")
+        end
+      rescue LoadError
+        Agent.logger.info('New Relic security agent not found - skipping')
+      rescue StandardError => exception
+        Agent.logger.error("Exception in New Relic security module loading: #{exception} #{exception.backtrace}")
+      end
+
+      def record_supportability_metrics
+        Agent.config[:'security.agent.enabled'] ? security_agent_metric(ENABLED) : security_agent_metric(DISABLED)
+      end
+
+      def security_agent_metric(setting)
+        NewRelic::Agent.record_metric_once(SUPPORTABILITY_PREFIX_SECURITY_AGENT + setting)
+      end
+    end
+  end
+end

data/lib/new_relic/control.rb

@@ -8,7 +8,6 @@ require 'new_relic/local_environment'
 require 'new_relic/language_support'
 require 'new_relic/helper'
 
-require 'singleton'
 require 'erb'
 require 'socket'
 require 'net/https'
@@ -18,6 +17,7 @@ require 'new_relic/control/server_methods'
 require 'new_relic/control/instrumentation'
 require 'new_relic/control/class_methods'
 require 'new_relic/control/instance_methods'
+require 'new_relic/control/security_interface'
 
 require 'new_relic/agent'
 require 'new_relic/delayed_job_injection'

data/lib/new_relic/rack/browser_monitoring.rb

@@ -20,15 +20,15 @@ module NewRelic
       # examine in order to look for a RUM insertion point.
       SCAN_LIMIT = 50_000
 
-      CONTENT_TYPE = 'Content-Type'.freeze
-      CONTENT_DISPOSITION = 'Content-Disposition'.freeze
-      CONTENT_LENGTH = 'Content-Length'.freeze
+      CONTENT_TYPE = 'Content-Type'
+      CONTENT_DISPOSITION = 'Content-Disposition'
+      CONTENT_LENGTH = 'Content-Length'
       ATTACHMENT = /attachment/.freeze
       TEXT_HTML = %r{text/html}.freeze
 
-      BODY_START = '<body'.freeze
-      HEAD_START = '<head'.freeze
-      GT = '>'.freeze
+      BODY_START = '<body'
+      HEAD_START = '<head'
+      GT = '>'
 
       ALREADY_INSTRUMENTED_KEY = 'newrelic.browser_monitoring_already_instrumented'
       CHARSET_RE = /<\s*meta[^>]+charset\s*=[^>]*>/im.freeze
@@ -120,7 +120,11 @@ module NewRelic
       end
 
       def streaming?(env, headers)
-        # Chunked transfer encoding is a streaming data transfer mechanism available only in HTTP/1.1
+        # Up until version 8.0, Rails would set 'Transfer-Encoding' to 'chunked'
+        # to trigger the desired HTTP/1.1 based streaming functionality in Rack.
+        # With version v8.0+, Rails assumes that the web server will be using
+        # Rack v3+ or an equally modern alternative and simply leaves the
+        # streaming behavior up to them.
         return true if headers && headers['Transfer-Encoding'] == 'chunked'
 
         defined?(ActionController::Live) &&

data/lib/new_relic/version.rb

@@ -6,7 +6,7 @@
 module NewRelic
   module VERSION # :nodoc:
     MAJOR = 9
-    MINOR = 11
+    MINOR = 12
     TINY = 0
 
     STRING = "#{MAJOR}.#{MINOR}.#{TINY}"

data/lib/tasks/config.rake

@@ -23,13 +23,16 @@ namespace :newrelic do
       'browser_monitoring' => "The <InlinePopover type='browser' /> [page load timing](/docs/browser/new-relic-browser/page-load-timing/page-load-timing-process) feature (sometimes referred to as real user monitoring or RUM) gives you insight into the performance real users are experiencing with your website. This is accomplished by measuring the time it takes for your users' browsers to download and render your web pages by injecting a small amount of JavaScript code into the header and footer of each page.",
       'application_logging' => "The Ruby agent supports [APM logs in context](/docs/apm/new-relic-apm/getting-started/get-started-logs-context). For some tips on configuring logs for the Ruby agent, see [Configure Ruby logs in context](/docs/logs/logs-context/configure-logs-context-ruby).\n\nAvailable logging-related config options include:",
       'analytics_events' => '[New Relic dashboards](/docs/query-your-data/explore-query-data/dashboards/introduction-new-relic-one-dashboards) is a resource to gather and visualize data about your software and what it says about your business. With it you can quickly and easily create real-time dashboards to get immediate answers about end-user experiences, clickstreams, mobile activities, and server transactions.',
-      'ai_monitoring' => "This section includes Ruby agent configurations for setting up AI monitoring.\n\n<Callout variant='important'>You need to enable distributed tracing to capture trace and feedback data. It is turned on by default in Ruby agents 8.0.0 and higher.</Callout>"
+      'ai_monitoring' => "This section includes Ruby agent configurations for setting up AI monitoring.\n\n<Callout variant='important'>You need to enable distributed tracing to capture trace and feedback data. It is turned on by default in Ruby agents 8.0.0 and higher.</Callout>",
+      'security_agent' => "[New Relic Interactive Application Security Testing](https://docs.newrelic.com/docs/iast/introduction/) (IAST) tests your applications for any exploitable vulnerability by replaying the generated HTTP request with vulnerable payloads.\n\n<Callout variant='important'>Run IAST with non-production deployments only to avoid exposing vulnerabilities on your production software. \
+        IAST mode requires Ruby agent version 9.12.0 or higher and the [newrelic_security](https://rubygems.org/gems/newrelic_security) gem. Security agent configurations are disabled by default.</Callout>"
     }
 
     NAME_OVERRIDES = {
       'slow_sql' => 'Slow SQL [#slow-sql]',
       'custom_insights_events' => 'Custom Events [#custom-events]',
-      'ai_monitoring' => 'AI Monitoring [#ai-monitoring]'
+      'ai_monitoring' => 'AI Monitoring [#ai-monitoring]',
+      'security_agent' => 'Security Agent [#security-agent]'
     }
 
     desc 'Describe available New Relic configuration settings'

data/lib/tasks/helpers/config.html.erb

@@ -76,7 +76,7 @@ When running the Ruby agent in a Rails app, the agent first looks for the `NEW_R
 When you edit the config file, be sure to:
 
 * Indent only with two spaces.
-* Indent only where relevant, in sections such as <DoNotTranslate>**`error_collector`**</DoNotTranslate>.
+* Indent only where relevant, in sections such as **`error_collector`**.
 
 If you do not indent correctly, the agent may throw an `Unable to parse configuration file` error on startup.
 

data/lib/tasks/helpers/format.rb

@@ -69,7 +69,7 @@ module Format
 
   def format_description(value)
     description = ''
-    description += '<DoNotTranslate>**DEPRECATED**</DoNotTranslate>' if value[:deprecated]
+    description += '<DNT>**DEPRECATED**</DNT> ' if value[:deprecated]
     description += value[:description]
     description
   end

data/lib/tasks/helpers/newrelicyml.rb

@@ -105,8 +105,9 @@ module NewRelicYML
   def self.format_description(description)
     # remove leading and trailing whitespace
     description.strip!
-    # wrap text after 80 characters
-    description.gsub!(/(.{1,80})(\s+|\Z)/, "\\1\n")
+    # wrap text after 80 characters, assuming we're at one tabstop's (two
+    # spaces') level of indentation already
+    description.gsub!(/(.{1,78})(\s+|\Z)/, "\\1\n")
     # add hashtags to lines
     description = description.split("\n").map { |line| "  # #{line}" }.join("\n")
 

data/lib/tasks/instrumentation_generator/instrumentation.thor

@@ -103,6 +103,7 @@ class Instrumentation < Thor
     <<-CONFIG
         :'instrumentation.#{snake_name}' => {
           :default => 'auto',
+          :documentation_default => 'auto'
           :public => true,
           :type => String,
           :dynamic_name => true,