newrelic_rpm 9.11.0 → 9.13.0

data/lib/new_relic/agent/serverless_handler_event_sources.rb

@@ -0,0 +1,49 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+require 'json'
+
+module NewRelic
+  module Agent
+    # ServerlessHandlerEventSources - New Relic's language agent devs maintain
+    # a cross-agent JSON map of all AWS resources with the potential to invoke
+    # an AWS Lambda function by issuing it an event. This map is used to glean
+    # source specific attributes while instrumenting the function's invocation.
+    #
+    # Given that the event arrives as a Ruby hash argument to the AWS Lambda
+    # function, the JSON map's values need to be converted into arrays that can
+    # be passed to `Hash#dig`. So a value such as `'records[0].name'` needs to
+    # be converted to `['records', 0, 'name']`. This class's `.to_hash` method
+    # yields the converted data.
+    #
+    # Furthermore, `.length` calls are converted to Ruby `#size` notation to
+    # denote that a method call must be performed on the dug value.
+    class ServerlessHandlerEventSources
+      JSON_SOURCE = File.join(File.dirname(__FILE__), 'serverless_handler_event_sources.json').freeze
+      JSON_RAW = JSON.parse(File.read(JSON_SOURCE)).freeze
+
+      def self.to_hash
+        JSON_RAW.each_with_object({}) do |(type, info), hash|
+          hash[type] = {'attributes' => {},
+                        'name' => info['name'],
+                        'required_keys' => []}
+          info['attributes'].each { |attr, value| hash[type]['attributes'][attr] = transform(value) }
+          info['required_keys'].each { |key| hash[type]['required_keys'].push(transform(key)) }
+        end.freeze
+      end
+
+      def self.transform(value)
+        value.gsub(/\[(\d+)\]/, '.\1').split('.').map do |e|
+          if e.match?(/^\d+$/)
+            e.to_i
+          elsif e == 'length'
+            '#size'
+          else
+            e
+          end
+        end
+      end
+    end
+  end
+end

data/lib/new_relic/agent/system_info.rb

@@ -19,6 +19,20 @@ module NewRelic
         RbConfig::CONFIG['target_os']
       end
 
+      def self.os_distribution
+        case
+        when darwin? then :darwin
+        when linux? then :linux
+        when bsd? then :bsd
+        when windows? then :windows
+        else ruby_os_identifier
+        end
+      end
+
+      def self.windows?
+        !!(ruby_os_identifier[/mingw|mswin/i])
+      end
+
       def self.darwin?
         !!(ruby_os_identifier =~ /darwin/i)
       end

data/lib/new_relic/agent/transaction/trace_context.rb

@@ -95,7 +95,7 @@ module NewRelic
 
         def create_trace_state_payload
           unless Agent.config[:'distributed_tracing.enabled']
-            NewRelic::Agent.logger.warn('Not configured to create WC3 trace context payload')
+            NewRelic::Agent.logger.warn('Not configured to create W3C trace context payload')
             return
           end
 

data/lib/new_relic/control/frameworks/grape.rb

@@ -0,0 +1,14 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+require 'new_relic/control/frameworks/ruby'
+module NewRelic
+  class Control
+    module Frameworks
+      # Contains basic control logic for Grape
+      class Grape < NewRelic::Control::Frameworks::Ruby
+      end
+    end
+  end
+end

data/lib/new_relic/control/frameworks/padrino.rb

@@ -0,0 +1,14 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+require 'new_relic/control/frameworks/sinatra'
+module NewRelic
+  class Control
+    module Frameworks
+      # Contains basic control logic for Padrino
+      class Padrino < NewRelic::Control::Frameworks::Sinatra
+      end
+    end
+  end
+end

data/lib/new_relic/control/frameworks/rails4.rb

@@ -9,8 +9,10 @@ module NewRelic
     module Frameworks
       class Rails4 < NewRelic::Control::Frameworks::Rails3
         def rails_gem_list
-          Bundler.rubygems.all_specs.map do |gem|
-            "#{gem.name} (#{gem.version})"
+          if Gem::Version.new(Bundler::VERSION) >= Gem::Version.new('2.0.0')
+            Bundler.rubygems.installed_specs.map { |gem| "#{gem.name} (#{gem.version})" }
+          else
+            Bundler.rubygems.all_specs.map { |gem| "#{gem.name} (#{gem.version})" }
           end
         end
 

data/lib/new_relic/control/instance_methods.rb

@@ -73,6 +73,7 @@ module NewRelic
         init_config(options)
         NewRelic::Agent.agent = NewRelic::Agent::Agent.instance
         init_instrumentation
+        init_security_agent
       end
 
       def determine_env(options)

data/lib/new_relic/control/private_instance_methods.rb

@@ -43,6 +43,10 @@ module NewRelic
           DependencyDetection.detect!
         end
       end
+
+      def init_security_agent
+        SecurityInterface.instance.init_agent
+      end
     end
   end
 end

data/lib/new_relic/control/security_interface.rb

@@ -0,0 +1,57 @@
+# This file is distributed under New Relic's license terms.
+# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
+# frozen_string_literal: true
+
+require 'singleton'
+
+module NewRelic
+  class Control
+    class SecurityInterface
+      include Singleton
+
+      attr_accessor :wait
+
+      SUPPORTABILITY_PREFIX_SECURITY = 'Supportability/Ruby/SecurityAgent/Enabled/'
+      SUPPORTABILITY_PREFIX_SECURITY_AGENT = 'Supportability/Ruby/SecurityAgent/Agent/Enabled/'
+      ENABLED = 'enabled'
+      DISABLED = 'disabled'
+
+      def agent_started?
+        (@agent_started ||= false) == true
+      end
+
+      def waiting?
+        (@wait ||= false) == true
+      end
+
+      def init_agent
+        return if agent_started? || waiting?
+
+        record_supportability_metrics
+
+        if Agent.config[:'security.agent.enabled'] && !Agent.config[:high_security]
+          Agent.logger.info('Invoking New Relic security module')
+          require 'newrelic_security'
+
+          @agent_started = true
+        else
+          Agent.logger.info('New Relic Security is completely disabled by one of the user-provided configurations: `security.agent.enabled` or `high_security`. Not loading security capabilities.')
+          Agent.logger.info("high_security = #{Agent.config[:high_security]}")
+          Agent.logger.info("security.agent.enabled = #{Agent.config[:'security.agent.enabled']}")
+        end
+      rescue LoadError
+        Agent.logger.info('New Relic security agent not found - skipping')
+      rescue StandardError => exception
+        Agent.logger.error("Exception in New Relic security module loading: #{exception} #{exception.backtrace}")
+      end
+
+      def record_supportability_metrics
+        Agent.config[:'security.agent.enabled'] ? security_agent_metric(ENABLED) : security_agent_metric(DISABLED)
+      end
+
+      def security_agent_metric(setting)
+        NewRelic::Agent.record_metric_once(SUPPORTABILITY_PREFIX_SECURITY_AGENT + setting)
+      end
+    end
+  end
+end

data/lib/new_relic/control.rb

@@ -8,7 +8,6 @@ require 'new_relic/local_environment'
 require 'new_relic/language_support'
 require 'new_relic/helper'
 
-require 'singleton'
 require 'erb'
 require 'socket'
 require 'net/https'
@@ -18,6 +17,7 @@ require 'new_relic/control/server_methods'
 require 'new_relic/control/instrumentation'
 require 'new_relic/control/class_methods'
 require 'new_relic/control/instance_methods'
+require 'new_relic/control/security_interface'
 
 require 'new_relic/agent'
 require 'new_relic/delayed_job_injection'

data/lib/new_relic/environment_report.rb

@@ -44,7 +44,11 @@ module NewRelic
     ####################################
     report_on('Gems') do
       begin
-        Bundler.rubygems.all_specs.map { |gem| "#{gem.name}(#{gem.version})" }
+        if Gem::Version.new(Bundler::VERSION) >= Gem::Version.new('2.0.0')
+          Bundler.rubygems.installed_specs.map { |gem| "#{gem.name}(#{gem.version})" }
+        else
+          Bundler.rubygems.all_specs.map { |gem| "#{gem.name}(#{gem.version})" }
+        end
       rescue
         # There are certain rubygem, bundler, rails combinations (e.g. gem
         # 1.6.2, rails 2.3, bundler 1.2.3) where the code above throws an error
@@ -67,7 +71,7 @@ module NewRelic
     report_on('Physical Cores') { ::NewRelic::Agent::SystemInfo.num_physical_cores }
     report_on('Arch') { ::NewRelic::Agent::SystemInfo.processor_arch }
     report_on('OS version') { ::NewRelic::Agent::SystemInfo.os_version }
-    report_on('OS') { ::NewRelic::Agent::SystemInfo.ruby_os_identifier }
+    report_on('OS') { ::NewRelic::Agent::SystemInfo.os_distribution }
     report_on('Database adapter') { ::NewRelic::Agent::DatabaseAdapter.value }
     report_on('Framework') { Agent.config[:framework].to_s }
     report_on('Dispatcher') { Agent.config[:dispatcher].to_s }

data/lib/new_relic/language_support.rb

@@ -88,7 +88,13 @@ module NewRelic
     end
 
     def bundled_gem?(gem_name)
-      defined?(Bundler) && Bundler.rubygems.all_specs.map(&:name).include?(gem_name)
+      return false unless defined?(Bundler)
+
+      if Gem::Version.new(Bundler::VERSION) >= Gem::Version.new('2.0.0')
+        Bundler.rubygems.installed_specs.map(&:name).include?(gem_name)
+      else
+        Bundler.rubygems.all_specs.map(&:name).include?(gem_name)
+      end
     rescue => e
       ::NewRelic::Agent.logger.info("Could not determine if third party #{gem_name} gem is installed", e)
       false

data/lib/new_relic/local_environment.rb

@@ -142,10 +142,7 @@ module NewRelic
     end
 
     def check_for_falcon
-      return unless defined?(::Falcon::Server) &&
-        NewRelic::LanguageSupport.object_space_usable?
-
-      @discovered_dispatcher = :falcon if find_class_in_object_space(::Falcon::Server)
+      @discovered_dispatcher = :falcon if defined?(::Falcon::Server) && File.basename($PROGRAM_NAME) == 'falcon'
     end
 
     def check_for_delayed_job

data/lib/new_relic/rack/browser_monitoring.rb

@@ -20,15 +20,15 @@ module NewRelic
       # examine in order to look for a RUM insertion point.
       SCAN_LIMIT = 50_000
 
-      CONTENT_TYPE = 'Content-Type'.freeze
-      CONTENT_DISPOSITION = 'Content-Disposition'.freeze
-      CONTENT_LENGTH = 'Content-Length'.freeze
+      CONTENT_TYPE = 'Content-Type'
+      CONTENT_DISPOSITION = 'Content-Disposition'
+      CONTENT_LENGTH = 'Content-Length'
       ATTACHMENT = /attachment/.freeze
       TEXT_HTML = %r{text/html}.freeze
 
-      BODY_START = '<body'.freeze
-      HEAD_START = '<head'.freeze
-      GT = '>'.freeze
+      BODY_START = '<body'
+      HEAD_START = '<head'
+      GT = '>'
 
       ALREADY_INSTRUMENTED_KEY = 'newrelic.browser_monitoring_already_instrumented'
       CHARSET_RE = /<\s*meta[^>]+charset\s*=[^>]*>/im.freeze
@@ -120,7 +120,11 @@ module NewRelic
       end
 
       def streaming?(env, headers)
-        # Chunked transfer encoding is a streaming data transfer mechanism available only in HTTP/1.1
+        # Up until version 8.0, Rails would set 'Transfer-Encoding' to 'chunked'
+        # to trigger the desired HTTP/1.1 based streaming functionality in Rack.
+        # With version v8.0+, Rails assumes that the web server will be using
+        # Rack v3+ or an equally modern alternative and simply leaves the
+        # streaming behavior up to them.
         return true if headers && headers['Transfer-Encoding'] == 'chunked'
 
         defined?(ActionController::Live) &&

data/lib/new_relic/version.rb

@@ -6,7 +6,7 @@
 module NewRelic
   module VERSION # :nodoc:
     MAJOR = 9
-    MINOR = 11
+    MINOR = 13
     TINY = 0
 
     STRING = "#{MAJOR}.#{MINOR}.#{TINY}"

data/lib/tasks/config.rake

@@ -23,13 +23,16 @@ namespace :newrelic do
       'browser_monitoring' => "The <InlinePopover type='browser' /> [page load timing](/docs/browser/new-relic-browser/page-load-timing/page-load-timing-process) feature (sometimes referred to as real user monitoring or RUM) gives you insight into the performance real users are experiencing with your website. This is accomplished by measuring the time it takes for your users' browsers to download and render your web pages by injecting a small amount of JavaScript code into the header and footer of each page.",
       'application_logging' => "The Ruby agent supports [APM logs in context](/docs/apm/new-relic-apm/getting-started/get-started-logs-context). For some tips on configuring logs for the Ruby agent, see [Configure Ruby logs in context](/docs/logs/logs-context/configure-logs-context-ruby).\n\nAvailable logging-related config options include:",
       'analytics_events' => '[New Relic dashboards](/docs/query-your-data/explore-query-data/dashboards/introduction-new-relic-one-dashboards) is a resource to gather and visualize data about your software and what it says about your business. With it you can quickly and easily create real-time dashboards to get immediate answers about end-user experiences, clickstreams, mobile activities, and server transactions.',
-      'ai_monitoring' => "This section includes Ruby agent configurations for setting up AI monitoring.\n\n<Callout variant='important'>You need to enable distributed tracing to capture trace and feedback data. It is turned on by default in Ruby agents 8.0.0 and higher.</Callout>"
+      'ai_monitoring' => "This section includes Ruby agent configurations for setting up AI monitoring.\n\n<Callout variant='important'>You need to enable distributed tracing to capture trace and feedback data. It is turned on by default in Ruby agents 8.0.0 and higher.</Callout>",
+      'security_agent' => "[New Relic Interactive Application Security Testing](https://docs.newrelic.com/docs/iast/introduction/) (IAST) tests your applications for any exploitable vulnerability by replaying the generated HTTP request with vulnerable payloads.\n\n<Callout variant='important'>Run IAST with non-production deployments only to avoid exposing vulnerabilities on your production software. \
+        IAST mode requires Ruby agent version 9.12.0 or higher and the [newrelic_security](https://rubygems.org/gems/newrelic_security) gem. Security agent configurations are disabled by default.</Callout>"
     }
 
     NAME_OVERRIDES = {
       'slow_sql' => 'Slow SQL [#slow-sql]',
       'custom_insights_events' => 'Custom Events [#custom-events]',
-      'ai_monitoring' => 'AI Monitoring [#ai-monitoring]'
+      'ai_monitoring' => 'AI Monitoring [#ai-monitoring]',
+      'security_agent' => 'Security Agent [#security-agent]'
     }
 
     desc 'Describe available New Relic configuration settings'

data/lib/tasks/helpers/config.html.erb

@@ -76,7 +76,7 @@ When running the Ruby agent in a Rails app, the agent first looks for the `NEW_R
 When you edit the config file, be sure to:
 
 * Indent only with two spaces.
-* Indent only where relevant, in sections such as <DoNotTranslate>**`error_collector`**</DoNotTranslate>.
+* Indent only where relevant, in sections such as **`error_collector`**.
 
 If you do not indent correctly, the agent may throw an `Unable to parse configuration file` error on startup.
 

data/lib/tasks/helpers/format.rb

@@ -69,7 +69,7 @@ module Format
 
   def format_description(value)
     description = ''
-    description += '<DoNotTranslate>**DEPRECATED**</DoNotTranslate>' if value[:deprecated]
+    description += '<DNT>**DEPRECATED**</DNT> ' if value[:deprecated]
     description += value[:description]
     description
   end

data/lib/tasks/helpers/newrelicyml.rb

@@ -45,6 +45,34 @@ module NewRelicYML
 
   HEADER
 
+  SECURITY_BEGIN = <<-SECURITY
+  # BEGIN security agent
+  #
+  #   NOTE: At this time, the security agent is intended for use only within
+  #         a dedicated security testing environment with data that can tolerate
+  #         modification or deletion. The security agent is available as a
+  #         separate Ruby gem, newrelic_security. It is recommended that this
+  #         separate gem only be introduced to a security testing environment
+  #         by leveraging Bundler grouping like so:
+  #
+  #         # Gemfile
+  #         gem 'newrelic_rpm'               # New Relic APM observability agent
+  #         gem 'newrelic-infinite_tracing'  # New Relic Infinite Tracing
+  #
+  #         group :security do
+  #           gem 'newrelic_security', require: false # New Relic security agent
+  #         end
+  #
+  #   NOTE: All "security.*" configuration parameters are related only to the
+  #         security agent, and all other configuration parameters that may
+  #         have "security" in the name somewhere are related to the APM agent.
+  
+  SECURITY
+
+  SECURITY_END = <<-SECURITY
+  # END security agent
+  SECURITY
+
   FOOTER = <<~FOOTER
     # Environment-specific settings are in this section.
     # RAILS_ENV or RACK_ENV (as appropriate) is used to determine the environment.
@@ -67,16 +95,35 @@ module NewRelicYML
   FOOTER
 
   def self.get_configs(defaults)
-    defaults.sort.each_with_object({}) do |(key, value), final_configs|
+    agent_configs = {}
+    security_configs = {}
+
+    defaults.sort.each do |key, value|
       next if CRITICAL.include?(key) || SKIP.include?(key)
 
       next unless public_config?(value) && !deprecated?(value)
 
-      sanitized_description = sanitize_description(value[:description])
-      description = format_description(sanitized_description)
-      default = default_value(key, value)
-      final_configs[key] = {description: description, default: default}
+      # TODO: OLD RUBIES < 2.6
+      # Remove `to_s`. `start_with?` doesn't accept symbols in Ruby <2.6
+      if key.to_s.start_with?('security.')
+        description, default = build_config(key, value)
+        security_configs[key] = {description: description, default: default}
+        next
+      end
+
+      description, default = build_config(key, value)
+      agent_configs[key] = {description: description, default: default}
     end
+
+    [agent_configs, security_configs]
+  end
+
+  def self.build_config(key, value)
+    sanitized_description = sanitize_description(value[:description])
+    description = format_description(sanitized_description)
+    default = default_value(key, value)
+
+    [description, default]
   end
 
   def self.public_config?(value)
@@ -105,8 +152,9 @@ module NewRelicYML
   def self.format_description(description)
     # remove leading and trailing whitespace
     description.strip!
-    # wrap text after 80 characters
-    description.gsub!(/(.{1,80})(\s+|\Z)/, "\\1\n")
+    # wrap text after 80 characters, assuming we're at one tabstop's (two
+    # spaces') level of indentation already
+    description.gsub!(/(.{1,78})(\s+|\Z)/, "\\1\n")
     # add hashtags to lines
     description = description.split("\n").map { |line| "  # #{line}" }.join("\n")
 
@@ -125,15 +173,30 @@ module NewRelicYML
     end
   end
 
-  def self.build_string(defaults)
-    configs = get_configs(defaults)
-    yml_string = ''
+  def self.agent_configs_yml(agent_configs)
+    agent_yml = ''
+    agent_configs.each do |key, value|
+      agent_yml += "#{value[:description]}\n  # #{key}: #{value[:default]}\n\n"
+    end
+
+    agent_yml
+  end
 
-    configs.each do |key, value|
-      yml_string += "#{value[:description]}\n  # #{key}: #{value[:default]}\n\n"
+  def self.security_configs_yml(security_configs)
+    security_yml = ''
+    security_configs.each do |key, value|
+      security_yml += "#{value[:description]}\n  # #{key}: #{value[:default]}\n\n"
     end
 
-    yml_string
+    security_yml
+  end
+
+  def self.build_string(defaults)
+    agent_configs, security_configs = get_configs(defaults)
+    agent_string = agent_configs_yml(agent_configs)
+    security_string = security_configs_yml(security_configs)
+
+    agent_string + SECURITY_BEGIN + security_string + SECURITY_END + "\n"
   end
 
   # :nocov:

data/lib/tasks/instrumentation_generator/instrumentation.thor

@@ -103,6 +103,7 @@ class Instrumentation < Thor
     <<-CONFIG
         :'instrumentation.#{snake_name}' => {
           :default => 'auto',
+          :documentation_default => 'auto',
           :public => true,
           :type => String,
           :dynamic_name => true,

data/lib/tasks/instrumentation_generator/templates/dependency_detection.tt

@@ -12,16 +12,16 @@ DependencyDetection.defer do
   depends_on do
     # The class that needs to be defined to prepend/chain onto. This can be used
     # to determine whether the library is installed.
-    defined?(::<%= @class_name %>)
+    defined?(<%= @class_name %>)
     # Add any additional requirements to verify whether this instrumentation
     # should be installed
   end
 
   executes do
-    ::NewRelic::Agent.logger.info('Installing <%= @name.downcase %> instrumentation')
+    NewRelic::Agent.logger.info('Installing <%= @name.downcase %> instrumentation')
 
     if use_prepend?
-      prepend_instrument ::<%= @class_name %>, NewRelic::Agent::Instrumentation::<%= @class_name %>::Prepend
+      prepend_instrument <%= @class_name %>, NewRelic::Agent::Instrumentation::<%= @class_name %>::Prepend
     else
       chain_instrument NewRelic::Agent::Instrumentation::<%= @class_name %>::Chain
     end