newrelic_rpm 9.14.0 → 9.16.0

data/lib/new_relic/agent/log_event_aggregator.rb

@@ -25,6 +25,7 @@ module NewRelic
       METRICS_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Metrics/Ruby/%s'.freeze
       FORWARDING_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Forwarding/Ruby/%s'.freeze
       DECORATING_SUPPORTABILITY_FORMAT = 'Supportability/Logging/LocalDecorating/Ruby/%s'.freeze
+      LABELS_SUPPORTABILITY_FORMAT = 'Supportability/Logging/Labels/Ruby/%s'.freeze
       MAX_BYTES = 32768 # 32 * 1024 bytes (32 kibibytes)
 
       named :LogEventAggregator
@@ -38,6 +39,7 @@ module NewRelic
       METRICS_ENABLED_KEY = :'application_logging.metrics.enabled'
       FORWARDING_ENABLED_KEY = :'application_logging.forwarding.enabled'
       DECORATING_ENABLED_KEY = :'application_logging.local_decorating.enabled'
+      LABELS_ENABLED_KEY = :'application_logging.forwarding.labels.enabled'
       LOG_LEVEL_KEY = :'application_logging.forwarding.log_level'
       CUSTOM_ATTRIBUTES_KEY = :'application_logging.forwarding.custom_attributes'
 
@@ -51,6 +53,7 @@ module NewRelic
         @high_security = NewRelic::Agent.config[:high_security]
         @instrumentation_logger_enabled = NewRelic::Agent::Instrumentation::Logger.enabled?
         @attributes = NewRelic::Agent::LogEventAttributes.new
+
         register_for_done_configuring(events)
       end
 
@@ -186,6 +189,10 @@ module NewRelic
         attributes.add_custom_attributes(custom_attributes)
       end
 
+      def labels
+        @labels ||= create_labels
+      end
+
       # Because our transmission format (MELT) is different than historical
       # agent payloads, extract the munging here to keep the service focused
       # on the general harvest + transmit instead of the format.
@@ -201,8 +208,9 @@ module NewRelic
         # To save on unnecessary data transmission, trim the entity.type
         # sent by classic logs-in-context
         common_attributes.delete(ENTITY_TYPE_KEY)
-
-        common_attributes.merge!(NewRelic::Agent.agent.log_event_aggregator.attributes.custom_attributes)
+        aggregator = NewRelic::Agent.agent.log_event_aggregator
+        common_attributes.merge!(aggregator.attributes.custom_attributes)
+        common_attributes.merge!(aggregator.labels)
 
         _, items = data
         payload = [{
@@ -247,6 +255,7 @@ module NewRelic
           record_configuration_metric(METRICS_SUPPORTABILITY_FORMAT, METRICS_ENABLED_KEY)
           record_configuration_metric(FORWARDING_SUPPORTABILITY_FORMAT, FORWARDING_ENABLED_KEY)
           record_configuration_metric(DECORATING_SUPPORTABILITY_FORMAT, DECORATING_ENABLED_KEY)
+          record_configuration_metric(LABELS_SUPPORTABILITY_FORMAT, LABELS_ENABLED_KEY)
 
           add_custom_attributes(NewRelic::Agent.config[CUSTOM_ATTRIBUTES_KEY])
         end
@@ -327,6 +336,23 @@ module NewRelic
 
         Logger::Severity.const_get(severity_constant) < Logger::Severity.const_get(configured_log_level_constant)
       end
+
+      def create_labels
+        return NewRelic::EMPTY_HASH unless NewRelic::Agent.config[LABELS_ENABLED_KEY]
+
+        downcased_exclusions = NewRelic::Agent.config[:'application_logging.forwarding.labels.exclude'].map(&:downcase)
+        log_labels = {}
+
+        NewRelic::Agent.config.parsed_labels.each do |parsed_label|
+          next if downcased_exclusions.include?(parsed_label['label_type'].downcase)
+
+          # labels are referred to as tags in the UI, so prefix the
+          # label-related attributes with 'tags.*'
+          log_labels["tags.#{parsed_label['label_type']}"] = parsed_label['label_value']
+        end
+
+        log_labels
+      end
     end
   end
 end

data/lib/new_relic/agent/span_event_primitive.rb

@@ -52,6 +52,8 @@ module NewRelic
       DATASTORE_CATEGORY = 'datastore'
       CLIENT = 'client'
 
+      DB_STATEMENT_MAX_BYTES = 4096
+
       # Builds a Hash of error attributes as well as the Span ID when
       # an error is present.  Otherwise, returns nil when no error present.
       def error_attributes(segment)
@@ -114,9 +116,9 @@ module NewRelic
         agent_attributes[DB_SYSTEM_KEY] = segment.product if allowed?(DB_SYSTEM_KEY)
 
         if segment.sql_statement && allowed?(DB_STATEMENT_KEY)
-          agent_attributes[DB_STATEMENT_KEY] = truncate(segment.sql_statement.safe_sql, 2000)
+          agent_attributes[DB_STATEMENT_KEY] = truncate(segment.sql_statement.safe_sql, DB_STATEMENT_MAX_BYTES)
         elsif segment.nosql_statement && allowed?(DB_STATEMENT_KEY)
-          agent_attributes[DB_STATEMENT_KEY] = truncate(segment.nosql_statement, 2000)
+          agent_attributes[DB_STATEMENT_KEY] = truncate(segment.nosql_statement, DB_STATEMENT_MAX_BYTES)
         end
 
         [intrinsics, custom_attributes(segment), agent_attributes.merge(agent_attributes(segment))]

data/lib/new_relic/control/frameworks/rails4.rb

@@ -9,11 +9,7 @@ module NewRelic
     module Frameworks
       class Rails4 < NewRelic::Control::Frameworks::Rails3
         def rails_gem_list
-          if Bundler.rubygems.respond_to?(:installed_specs)
-            Bundler.rubygems.installed_specs.map { |gem| "#{gem.name} (#{gem.version})" }
-          else
-            Bundler.rubygems.all_specs.map { |gem| "#{gem.name} (#{gem.version})" }
-          end
+          NewRelic::Helper.rubygems_specs.map { |gem| "#{gem.name} (#{gem.version})" }
         end
 
         def append_plugin_list

data/lib/new_relic/dependency_detection.rb

@@ -25,11 +25,9 @@ module DependencyDetection
 
   def detect!
     @items.each do |item|
-      if item.dependencies_satisfied?
-        item.execute
-      else
-        item.configure_as_unsatisfied unless item.disabled_configured?
-      end
+      next if item.executed || item.disabled_configured?
+
+      item.dependencies_satisfied? ? item.execute : item.configure_as_unsatisfied
     end
   end
 
@@ -65,6 +63,13 @@ module DependencyDetection
     end
 
     def configure_as_unsatisfied
+      # TODO: currently using :unsatisfied for Padrino will clobber the value
+      #       already set for Sinatra, so skip Padrino and circle back with a
+      #       new Padrino specific solution in the future.
+      #
+      #       https://github.com/newrelic/newrelic-ruby-agent/issues/2912
+      return if name == :padrino
+
       NewRelic::Agent.config.instance_variable_get(:@cache)[config_key] = :unsatisfied
     end
 

data/lib/new_relic/environment_report.rb

@@ -44,11 +44,7 @@ module NewRelic
     ####################################
     report_on('Gems') do
       begin
-        if Bundler.rubygems.respond_to?(:installed_specs)
-          Bundler.rubygems.installed_specs.map { |gem| "#{gem.name}(#{gem.version})" }
-        else
-          Bundler.rubygems.all_specs.map { |gem| "#{gem.name}(#{gem.version})" }
-        end
+        NewRelic::Helper.rubygems_specs.map { |gem| "#{gem.name}(#{gem.version})" }
       rescue
         # There are certain rubygem, bundler, rails combinations (e.g. gem
         # 1.6.2, rails 2.3, bundler 1.2.3) where the code above throws an error

data/lib/new_relic/helper.rb

@@ -82,5 +82,20 @@ module NewRelic
         File.exist?(executable_path) && File.file?(executable_path) && File.executable?(executable_path)
       end
     end
+
+    # Bundler version 2.5.12 deprecated all_specs and added installed_specs.
+    # To support newer Bundler versions, try to use installed_specs first,
+    # then fall back to all_specs.
+    # All callers expect this to be an array, so return an array if Bundler isn't defined
+    # @api private
+    def rubygems_specs
+      return [] unless defined?(Bundler)
+
+      if Bundler.rubygems.respond_to?(:installed_specs)
+        Bundler.rubygems.installed_specs
+      else
+        Bundler.rubygems.all_specs
+      end
+    end
   end
 end

data/lib/new_relic/language_support.rb

@@ -90,11 +90,7 @@ module NewRelic
     def bundled_gem?(gem_name)
       return false unless defined?(Bundler)
 
-      if Bundler.rubygems.respond_to?(:installed_specs)
-        Bundler.rubygems.installed_specs.map(&:name).include?(gem_name)
-      else
-        Bundler.rubygems.all_specs.map(&:name).include?(gem_name)
-      end
+      NewRelic::Helper.rubygems_specs.map(&:name).include?(gem_name)
     rescue => e
       ::NewRelic::Agent.logger.info("Could not determine if third party #{gem_name} gem is installed", e)
       false

data/lib/new_relic/version.rb

@@ -6,7 +6,7 @@
 module NewRelic
   module VERSION # :nodoc:
     MAJOR = 9
-    MINOR = 14
+    MINOR = 16
     TINY = 0
 
     STRING = "#{MAJOR}.#{MINOR}.#{TINY}"

data/lib/sequel/extensions/new_relic_instrumentation.rb

@@ -79,7 +79,7 @@ module Sequel
 
     THREAD_SAFE_CONNECTION_POOL_CLASSES = [
       (defined?(::Sequel::ThreadedConnectionPool) && ::Sequel::ThreadedConnectionPool),
-      (defined?(::Sequel::TimedQueueConnectionPool) && RUBY_VERSION >= '3.4' && ::Sequel::TimedQueueConnectionPool)
+      (defined?(::Sequel::TimedQueueConnectionPool) && RUBY_VERSION >= '3.2' && ::Sequel::TimedQueueConnectionPool)
     ].compact.freeze
 
     def explainer_for(sql)

data/lib/tasks/instrumentation_generator/templates/dependency_detection.tt

@@ -2,12 +2,8 @@
 # See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
 # frozen_string_literal: true
 
-require_relative '<%= @snake_name.downcase %>/instrumentation'
-require_relative '<%= @snake_name.downcase %>/chain'
-require_relative '<%= @snake_name.downcase %>/prepend'
-
 DependencyDetection.defer do
-  named :<%= @name.match?(/\-|\_/) ? "'#{@snake_name}'" : @name.downcase %>
+  named :<%= @snake_name %>
 
   depends_on do
     # The class that needs to be defined to prepend/chain onto. This can be used
@@ -18,11 +14,18 @@ DependencyDetection.defer do
   end
 
   executes do
-    NewRelic::Agent.logger.info('Installing <%= @name.downcase %> instrumentation')
+    require_relative '<%= @snake_name.downcase %>/instrumentation'
 
+    # prepend_instrument and chain_instrument call extract_supportability_name
+    # to get the library name for supportability metrics and info-level logging.
+    # This is done by spliting on the 2nd to last spot of the instrumented
+    # module. If this isn't how we want the name to appear, pass in the desired
+    # name as a third argument.
     if use_prepend?
+      require_relative '<%= @snake_name.downcase %>/prepend'
       prepend_instrument <%= @class_name %>, NewRelic::Agent::Instrumentation::<%= @class_name %>::Prepend
     else
+      require_relative '<%= @snake_name.downcase %>/chain'
       chain_instrument NewRelic::Agent::Instrumentation::<%= @class_name %>::Chain
     end
   end

data/newrelic.yml

@@ -65,6 +65,13 @@ common: &default_settings
   # If true, the agent captures log records emitted by your application.
   # application_logging.forwarding.enabled: true
 
+  # If true, the agent attaches labels to log records.
+  # application_logging.forwarding.labels.enabled: false
+
+  # A case-insensitive array or comma-delimited string containing the labels to
+  # exclude from log records.
+  # application_logging.forwarding.labels.exclude: []
+
   # Sets the minimum level a log event must have to be forwarded to New Relic.
   # This is based on the integer values of Ruby's Logger::Severity constants:
   # https://github.com/ruby/ruby/blob/master/lib/logger/severity.rb
@@ -114,17 +121,15 @@ common: &default_settings
   # audit_log.path: log/newrelic_audit.log
 
   # An array of CLASS#METHOD (for instance methods) and/or CLASS.METHOD (for class
-  # methods) strings representing Ruby methods for the agent to automatically add
-  # custom instrumentation to without the need for altering any of the source code
-  # that defines the methods.
-  #
+  # methods) strings representing Ruby methods that the agent can automatically
+  # add custom instrumentation to. This doesn't require any modifications of the
+  # source code that defines the methods.
   # Use fully qualified class names (using the :: delimiter) that include any
   # module or class namespacing.
-  #
   # Here is some Ruby source code that defines a render_png instance method for an
   # Image class and a notify class method for a User class, both within a
   # MyCompany module namespace:
-  # 
+  #
   # module MyCompany
   #   class Image
   #     def render_png
@@ -138,26 +143,29 @@ common: &default_settings
   #     end
   #   end
   # end
-  # 
+  #
   # Given that source code, the newrelic.yml config file might request
   # instrumentation for both of these methods like so:
-  # 
+  #
   # automatic_custom_instrumentation_method_list:
   # - MyCompany::Image#render_png
   # - MyCompany::User.notify
   #
   # That configuration example uses YAML array syntax to specify both methods.
-  # Alternatively, a comma-delimited string can be used instead:
-  # 
-  # automatic_custom_instrumentation_method_list: 'MyCompany::Image#render_png, MyCompany::User.notify'
-  # 
+  # Alternatively, you can use a comma-delimited string:
+  #
+  # automatic_custom_instrumentation_method_list: 'MyCompany::Image#render_png,
+  # MyCompany::User.notify'
+  #
   # Whitespace around the comma(s) in the list is optional. When configuring the
   # agent with a list of methods via the
   # NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST environment variable,
-  # this comma-delimited string format should be used:
-  # 
-  # export NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST='MyCompany::Image#render_png, MyCompany::User.notify'
-  # 
+  # use this comma-delimited string format:
+  #
+  # export
+  # NEW_RELIC_AUTOMATIC_CUSTOM_INSTRUMENTATION_METHOD_LIST='MyCompany::Image#render_png,
+  # MyCompany::User.notify'
+  #
   # automatic_custom_instrumentation_method_list: []
 
   # Specify a list of constants that should prevent the agent from starting
@@ -216,6 +224,9 @@ common: &default_settings
   # If true, the agent will clear Tracer::State in Agent.drop_buffered_data.
   # clear_transaction_state_after_fork: false
 
+  # The AWS account ID for the AWS account associated with this app
+  # cloud.aws.account_id: nil
+
   # If true, the agent will report source code level metrics for traced methods.
   # See:
   # https://docs.newrelic.com/docs/apm/agents/ruby-agent/features/ruby-codestream-integration/
@@ -312,18 +323,7 @@ common: &default_settings
   # If true, disables agent middleware for Sinatra. This middleware is responsible
   # for advanced feature support such as cross application tracing, page load
   # timing, and error collection.
-  # Cross application tracing is deprecated in favor of distributed tracing.
-  # Distributed tracing is on by default for Ruby agent versions 8.0.0 and above.
-  # Middlewares are not required to support distributed tracing.
-  # To continue using cross application tracing, update the following options in
-  # your newrelic.yml configuration file:
-  # ``yaml
-  # # newrelic.yml
-  # cross_application_tracer:
-  # enabled: true
-  # distributed_tracing:
-  # enabled: false
-  # ``
+  #
   # disable_sinatra_auto_middleware: false
 
   # If true, disables view instrumentation.
@@ -455,6 +455,10 @@ common: &default_settings
   # prepend, chain, disabled.
   # instrumentation.async_http: auto
 
+  # Controls auto-instrumentation of the aws_sdk_lambda library at start-up. May
+  # be one of auto, prepend, chain, disabled.
+  # instrumentation.aws_sdk_lambda: auto
+
   # Controls auto-instrumentation of the aws-sdk-sqs library at start-up. May be
   # one of: auto, prepend, chain, disabled.
   # instrumentation.aws_sqs: auto
@@ -947,33 +951,104 @@ common: &default_settings
   #   NOTE: All "security.*" configuration parameters are related only to the
   #         security agent, and all other configuration parameters that may
   #         have "security" in the name somewhere are related to the APM agent.
-  
+
   # If true, the security agent is loaded (a Ruby 'require' is performed)
   # security.agent.enabled: false
 
   # The port the application is listening on. This setting is mandatory for
-  # Passenger servers. Other servers should be detected by default.
+  # Passenger servers. Other servers are detected by default.
   # security.application_info.port: nil
 
-  # If true, enables deserialization detection
-  # security.detection.deserialization.enabled: true
+  # If true, the security agent is started (the agent runs in its event loop)
+  # security.enabled: false
 
-  # If true, enables RCI (remote code injection) detection
-  # security.detection.rci.enabled: true
+  # Defines API paths the security agent should ignore in IAST scans. Accepts an
+  # array of regex patterns matching the URI to ignore. The regex pattern should
+  # provide a complete match for the URL without the endpoint. For example,
+  # [".*account.*"], [".*/\api\/v1\/.*?\/login"]
+  # security.exclude_from_iast_scan.api: []
 
-  # If true, enables RXSS (reflected cross-site scripting) detection
-  # security.detection.rxss.enabled: true
+  # An array of HTTP request body keys the security agent should ignore in IAST
+  # scans.
+  # security.exclude_from_iast_scan.http_request_parameters.body: []
 
-  # If true, the security agent is started (the agent runs in its event loop)
-  # security.enabled: false
+  # An array of HTTP request headers the security agent should ignore in IAST
+  # scans. The array should specify a list of patterns matching the headers to
+  # ignore.
+  # security.exclude_from_iast_scan.http_request_parameters.header: []
+
+  # An array of HTTP request query parameters the security agent should ignore in
+  # IAST scans. The array should specify a list of patterns matching the HTTP
+  # request query parameters to ignore.
+  # security.exclude_from_iast_scan.http_request_parameters.query: []
+
+  # If true, disables system command injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.command_injection: false
+
+  # If true, disables the detection of low-severity insecure settings (e.g., hash,
+  # crypto, cookie, random generators, trust boundary).
+  # security.exclude_from_iast_scan.iast_detection_category.insecure_settings: false
+
+  # If true, disables file operation-related IAST detections (File Access &
+  # Application integrity violation)
+  # security.exclude_from_iast_scan.iast_detection_category.invalid_file_access: false
+
+  # If true, disables Javascript injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.javascript_injection: false
+
+  # If true, disables LDAP injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.ldap_injection: false
+
+  # If true, disables NOSQL injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.nosql_injection: false
+
+  # If true, disables Reflected Cross-Site Scripting (RXSS) detection in IAST
+  # scans.
+  # security.exclude_from_iast_scan.iast_detection_category.rxss: false
+
+  # If true, disables SQL injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.sql_injection: false
+
+  # If true, disables Sever-Side Request Forgery (SSRF) detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.ssrf: false
+
+  # If true, disables XPATH injection detection in IAST scans.
+  # security.exclude_from_iast_scan.iast_detection_category.xpath_injection: false
+
+  # Unique test identifier when runnning IAST in CI/CD environment to
+  # differentiate between different test runs, e.g., a build number.
+  # security.iast_test_identifier: nil
 
   # Defines the mode for the security agent to operate in. Currently only IAST is
   # supported
   # security.mode: IAST
 
-  # Defines the request body limit to process in security events (in KB). The
-  # default value is 300, for 300KB.
-  # security.request.body_limit: 300
+  # Sets the maximum number of HTTP requests allowed for the IAST scan per minute.
+  # Any Integer between 12 and 3600 is valid. The default value is 3600.
+  # security.scan_controllers.iast_scan_request_rate_limit: 3600
+
+  # If true, enables the sending of HTTP responses bodies. Disabling this also
+  # disables Reflected Cross-Site Scripting (RXSS) vulnerability detection.
+  # security.scan_controllers.report_http_response_body: true
+
+  # The number of application instances for a specific entity on which IAST
+  # analysis is performed.
+  # security.scan_controllers.scan_instance_count: 0
+
+  # If true, allows IAST to continuously gather trace data in the background.
+  # Collected data will be used by the security agent to perform an IAST scan at
+  # the scheduled time.
+  # security.scan_schedule.always_sample_traces: false
+
+  # Specifies the delay time (in minutes) before the IAST scan begins after the
+  # application starts.
+  # security.scan_schedule.delay: 0
+
+  # Specifies the length of time (in minutes) that the IAST scan will run.
+  # security.scan_schedule.duration: 0
+
+  # Specifies a cron expression that sets when the IAST scan should run.
+  # security.scan_schedule.schedule: ""
 
   # Defines the endpoint URL for posting security-related data
   # security.validator_service_url: wss://csec.nr-data.net

data/test/agent_helper.rb

@@ -112,7 +112,7 @@ def assert_log_contains(log, message)
   lines = log.array
 
   assert (lines.any? { |line| line.match(message) }),
-    "Could not find message. Log contained: #{lines.join("\n")}"
+    "Could not find message: '#{message.inspect}'. Log contained: #{lines.join("\n")}"
 end
 
 def assert_audit_log_contains(audit_log_contents, needle)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: newrelic_rpm
 version: !ruby/object:Gem::Version
-  version: 9.14.0
+  version: 9.16.0
 platform: ruby
 authors:
 - Tanna McClure
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-09-30 00:00:00.000000000 Z
+date: 2024-11-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -392,6 +392,10 @@ files:
 - lib/new_relic/agent/instrumentation/async_http/chain.rb
 - lib/new_relic/agent/instrumentation/async_http/instrumentation.rb
 - lib/new_relic/agent/instrumentation/async_http/prepend.rb
+- lib/new_relic/agent/instrumentation/aws_sdk_lambda.rb
+- lib/new_relic/agent/instrumentation/aws_sdk_lambda/chain.rb
+- lib/new_relic/agent/instrumentation/aws_sdk_lambda/instrumentation.rb
+- lib/new_relic/agent/instrumentation/aws_sdk_lambda/prepend.rb
 - lib/new_relic/agent/instrumentation/aws_sqs.rb
 - lib/new_relic/agent/instrumentation/aws_sqs/chain.rb
 - lib/new_relic/agent/instrumentation/aws_sqs/instrumentation.rb
@@ -778,7 +782,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.5.16
+rubygems_version: 3.5.22
 signing_key: 
 specification_version: 4
 summary: New Relic Ruby Agent