newrelic_rpm 9.23.0 → 10.0.0

data/lib/new_relic/agent/configuration/security_policy_source.rb

@@ -1,246 +0,0 @@
-# This file is distributed under New Relic's license terms.
-# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
-# frozen_string_literal: true
-
-require 'new_relic/agent/configuration/dotted_hash'
-
-module NewRelic
-  module Agent
-    module Configuration
-      # The Language Security Policy Source gives customers the ability to
-      # configure high security mode settings.
-      class SecurityPolicySource < DottedHash
-        class << self
-          def enabled?(option)
-            Agent.config[option]
-          end
-
-          def record_sql_enabled?(option)
-            Agent.config[option] == 'obfuscated' ||
-              Agent.config[option] == 'raw' ||
-              false
-          end
-
-          def not_empty?(option)
-            !Agent.config[option].empty?
-          end
-
-          def change_setting(policies, option, new_value)
-            current_value = Agent.config[option]
-            unless current_value == new_value
-              NewRelic::Agent.logger.info( \
-                "Setting changed: {#{option}: from #{current_value} " \
-                "to #{new_value}}. Source: SecurityPolicySource"
-              )
-            end
-            policies[option] = new_value
-          end
-        end
-
-        # The keys of the security settings map are the names of security
-        # policies received from the server. They map to multiple configuration
-        # options in the local config. There is a hash of metadata that
-        # corresponds to each configuration option with the following keys:
-        #
-        # option: the configuration option name
-        # supported: true if the agent has one or more corresponding
-        #   configuration options
-        # enabled_fn: a callable that takes the configuration option and returns
-        #   true if the option is enabled, false otherwise
-        # disabled_value: the value of the configuration option when it is
-        #   disabled
-        # permitted_fn: a callable, that will be executed if an option is
-        #   permitted by the security policy and is also enabled by the config
-
-        SECURITY_SETTINGS_MAP = {
-          'record_sql' => [
-            {
-              option: :'transaction_tracer.record_sql',
-              supported: true,
-              enabled_fn: method(:record_sql_enabled?),
-              disabled_value: 'off',
-              permitted_fn: proc { |policies|
-                change_setting(policies, :'transaction_tracer.record_sql', 'obfuscated')
-              }
-            },
-            {
-              option: :'slow_sql.record_sql',
-              supported: true,
-              enabled_fn: method(:record_sql_enabled?),
-              disabled_value: 'off',
-              permitted_fn: proc { |policies|
-                change_setting(policies, :'slow_sql.record_sql', 'obfuscated')
-              }
-            },
-            {
-              option: :'mongo.capture_queries',
-              supported: true,
-              enabled_fn: method(:enabled?),
-              disabled_value: false,
-              permitted_fn: proc { |policies|
-                change_setting(policies, :'mongo.obfuscate_queries', true)
-              }
-            },
-            {
-              option: :'elasticsearch.capture_queries',
-              supported: true,
-              enabled_fn: method(:enabled?),
-              disabled_value: false,
-              permitted_fn: proc { |policies|
-                change_setting(policies, :'elasticsearch.obfuscate_queries', true)
-              }
-            },
-            {
-              option: :'transaction_tracer.record_redis_arguments',
-              supported: true,
-              enabled_fn: method(:enabled?),
-              disabled_value: false,
-              permitted_fn: nil
-            }
-          ],
-          'attributes_include' => [
-            {
-              option: :'attributes.include',
-              supported: true,
-              enabled_fn: method(:not_empty?),
-              disabled_value: [],
-              permitted_fn: nil
-            },
-            {
-              option: :'transaction_tracer.attributes.include',
-              supported: true,
-              enabled_fn: method(:not_empty?),
-              disabled_value: [],
-              permitted_fn: nil
-            },
-            {
-              option: :'transaction_events.attributes.include',
-              supported: true,
-              enabled_fn: method(:not_empty?),
-              disabled_value: [],
-              permitted_fn: nil
-            },
-            {
-              option: :'error_collector.attributes.include',
-              supported: true,
-              enabled_fn: method(:not_empty?),
-              disabled_value: [],
-              permitted_fn: nil
-            },
-            {
-              option: :'browser_monitoring.attributes.include',
-              supported: true,
-              enabled_fn: method(:not_empty?),
-              disabled_value: [],
-              permitted_fn: nil
-            },
-            {
-              option: :'span_events.attributes.include',
-              supported: true,
-              enabled_fn: method(:not_empty?),
-              disabled_value: [],
-              permitted_fn: nil
-            },
-            {
-              option: :'transaction_segments.attributes.include',
-              supported: true,
-              enabled_fn: method(:not_empty?),
-              disabled_value: [],
-              permitted_fn: nil
-            }
-          ],
-          'ai_monitoring' => [
-            {
-              option: :'ai_monitoring.enabled',
-              supported: true,
-              enabled_fn: method(:enabled?),
-              disabled_value: false,
-              permitted_fn: nil
-            }
-          ],
-          'allow_raw_exception_messages' => [
-            {
-              option: :'strip_exception_messages.enabled',
-              supported: true,
-              enabled_fn: method(:enabled?),
-              disabled_value: false,
-              permitted_fn: nil
-            }
-          ],
-          'custom_events' => [
-            {
-              option: :'custom_insights_events.enabled',
-              supported: true,
-              enabled_fn: method(:enabled?),
-              disabled_value: false,
-              permitted_fn: nil
-            }
-          ],
-          'custom_parameters' => [
-            {
-              option: :'custom_attributes.enabled',
-              supported: true,
-              enabled_fn: method(:enabled?),
-              disabled_value: false,
-              permitted_fn: nil
-            }
-          ],
-          'custom_instrumentation_editor' => [
-            {
-              option: nil,
-              supported: false,
-              enabled_fn: nil,
-              disabled_value: nil,
-              permitted_fn: nil
-            }
-          ],
-          'message_parameters' => [
-            {
-              option: :'message_tracer.segment_parameters.enabled',
-              supported: true,
-              enabled_fn: method(:enabled?),
-              disabled_value: false,
-              permitted_fn: nil
-            }
-          ]
-        }
-
-        def initialize(security_policies)
-          super(build_overrides(security_policies))
-        end
-
-        ENABLED = 'enabled'.freeze
-        COLON_COLON = '::'.freeze
-
-        def build_overrides(security_policies)
-          security_policies.inject({}) do |settings, (policy_name, policy_settings)|
-            SECURITY_SETTINGS_MAP[policy_name].each do |policy|
-              next unless policy[:supported]
-
-              if policy_settings[ENABLED]
-                if policy[:enabled_fn].call(policy[:option])
-                  if permitted_fn = policy[:permitted_fn]
-                    permitted_fn.call(settings)
-                  end
-                else
-                  config_source = Agent.config.source(policy[:option]).class.name.split(COLON_COLON).last
-                  NewRelic::Agent.logger.info( \
-                    "Setting applied: {#{policy[:option]}: #{policy[:disabled_value]}}. " \
-                    "Source: #{config_source}"
-                  )
-                end
-              else
-                settings[policy[:option]] = policy[:disabled_value]
-                NewRelic::Agent.logger.info( \
-                  "Setting applied: {#{policy[:option]}: #{policy[:disabled_value]}}. " \
-                  'Source: SecurityPolicySource'
-                )
-              end
-            end
-            settings
-          end
-        end
-      end
-    end
-  end
-end

data/lib/new_relic/agent/distributed_tracing/cross_app_payload.rb

@@ -1,44 +0,0 @@
-# This file is distributed under New Relic's license terms.
-# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
-# frozen_string_literal: true
-
-module NewRelic
-  module Agent
-    class CrossAppPayload
-      attr_reader :id, :transaction, :referring_guid, :referring_trip_id, :referring_path_hash
-
-      def initialize(id, transaction, transaction_info)
-        @id = id
-        @transaction = transaction
-
-        transaction_info ||= []
-        @referring_guid = transaction_info[0]
-        # unused_flag        = transaction_info[1]
-        @referring_trip_id = string_or_false_for(transaction_info[2])
-        @referring_path_hash = string_or_false_for(transaction_info[3])
-      end
-
-      def as_json_array(content_length)
-        queue_time_in_seconds = [transaction.queue_time, 0.0].max
-        start_time_in_seconds = [transaction.start_time, 0.0].max
-        app_time_in_seconds = Process.clock_gettime(Process::CLOCK_REALTIME) - start_time_in_seconds
-
-        [
-          NewRelic::Agent.config[:cross_process_id],
-          transaction.best_name,
-          queue_time_in_seconds,
-          app_time_in_seconds,
-          content_length,
-          transaction.guid,
-          false
-        ]
-      end
-
-      private
-
-      def string_or_false_for(value)
-        value.is_a?(String) && value
-      end
-    end
-  end
-end

data/lib/new_relic/agent/distributed_tracing/cross_app_tracing.rb

@@ -1,253 +0,0 @@
-# This file is distributed under New Relic's license terms.
-# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
-# frozen_string_literal: true
-
-require 'json'
-
-module NewRelic
-  module Agent
-    module CrossAppTracing
-      # The cross app response header for "outgoing" calls
-      NR_APPDATA_HEADER = 'X-NewRelic-App-Data'
-
-      # The cross app id header for "outgoing" calls
-      NR_ID_HEADER = 'X-NewRelic-ID'
-
-      # The cross app transaction header for "outgoing" calls
-      NR_TXN_HEADER = 'X-NewRelic-Transaction'
-
-      NR_MESSAGE_BROKER_ID_HEADER = 'NewRelicID'
-      NR_MESSAGE_BROKER_TXN_HEADER = 'NewRelicTransaction'
-      NR_MESSAGE_BROKER_SYNTHETICS_HEADER = 'NewRelicSynthetics'
-
-      attr_accessor :is_cross_app_caller, :cross_app_payload, :cat_path_hashes
-
-      def is_cross_app_caller?
-        @is_cross_app_caller ||= false
-      end
-
-      def is_cross_app_callee?
-        !cross_app_payload.nil?
-      end
-
-      def is_cross_app?
-        is_cross_app_caller? || is_cross_app_callee?
-      end
-
-      def cat_trip_id
-        cross_app_payload&.referring_trip_id || transaction.guid
-      end
-
-      def cross_app_monitor
-        NewRelic::Agent.instance.monitors.cross_app_monitor
-      end
-
-      def cat_path_hash
-        referring_path_hash = cat_referring_path_hash || '0'
-        seed = referring_path_hash.to_i(16)
-        result = cross_app_monitor.path_hash(transaction.best_name, seed)
-        record_cat_path_hash(result)
-        result
-      end
-
-      def insert_cross_app_header(headers)
-        return unless CrossAppTracing.cross_app_enabled?
-
-        @is_cross_app_caller = true
-        txn_guid = transaction.guid
-        trip_id = cat_trip_id
-        path_hash = cat_path_hash
-
-        insert_request_headers(headers, txn_guid, trip_id, path_hash)
-      end
-
-      def add_message_cat_headers(headers)
-        return unless CrossAppTracing.cross_app_enabled?
-
-        @is_cross_app_caller = true
-        insert_message_headers(headers,
-          transaction.guid,
-          cat_trip_id,
-          cat_path_hash,
-          transaction.raw_synthetics_header)
-      end
-
-      def record_cross_app_metrics
-        if (id = cross_app_payload&.id)
-          app_time_in_seconds = [
-            Process.clock_gettime(Process::CLOCK_REALTIME) - transaction.start_time,
-            0.0
-          ].max
-          NewRelic::Agent.record_metric("ClientApplication/#{id}/all", app_time_in_seconds)
-        end
-      end
-
-      def assign_cross_app_intrinsics
-        transaction.attributes.add_intrinsic_attribute(:trip_id, cat_trip_id)
-        transaction.attributes.add_intrinsic_attribute(:path_hash, cat_path_hash)
-      end
-
-      private
-
-      def insert_message_headers(headers, txn_guid, trip_id, path_hash, synthetics_header)
-        headers[NR_MESSAGE_BROKER_ID_HEADER] = obfuscator.obfuscate(Agent.config[:cross_process_id])
-        headers[NR_MESSAGE_BROKER_TXN_HEADER] = obfuscator.obfuscate(::JSON.dump([txn_guid, false, trip_id, path_hash]))
-        headers[NR_MESSAGE_BROKER_SYNTHETICS_HEADER] = synthetics_header if synthetics_header
-      end
-
-      def record_cat_path_hash(hash)
-        @cat_path_hashes ||= []
-        if @cat_path_hashes.size < 10 && !@cat_path_hashes.include?(hash)
-          @cat_path_hashes << hash
-        end
-      end
-
-      def cat_referring_path_hash
-        cross_app_payload&.referring_path_hash
-      end
-
-      def append_cat_info(payload)
-        if (referring_guid = cross_app_payload&.referring_guid)
-          payload[:referring_transaction_guid] = referring_guid
-        end
-
-        return unless transaction.include_guid?
-
-        payload[:guid] = transaction.guid
-
-        return unless is_cross_app?
-
-        trip_id = cat_trip_id
-        path_hash = cat_path_hash
-        referring_path_hash = cat_referring_path_hash
-
-        payload[:cat_trip_id] = trip_id if trip_id
-        payload[:cat_referring_path_hash] = referring_path_hash if referring_path_hash
-
-        if path_hash
-          payload[:cat_path_hash] = path_hash
-
-          alternate_path_hashes = cat_path_hashes - [path_hash]
-          unless alternate_path_hashes.empty?
-            payload[:cat_alternate_path_hashes] = alternate_path_hashes
-          end
-        end
-      end
-
-      ###############
-      module_function
-
-      ###############
-
-      def cross_app_enabled?
-        valid_cross_process_id? &&
-          valid_encoding_key? &&
-          cross_application_tracer_enabled?
-      end
-
-      def valid_cross_process_id?
-        if Agent.config[:cross_process_id] && Agent.config[:cross_process_id].length > 0
-          true
-        else
-          NewRelic::Agent.logger.debug('No cross_process_id configured')
-          false
-        end
-      end
-
-      def valid_encoding_key?
-        if Agent.config[:encoding_key] && Agent.config[:encoding_key].length > 0
-          true
-        else
-          NewRelic::Agent.logger.debug('No encoding_key set')
-          false
-        end
-      end
-
-      def cross_application_tracer_enabled?
-        !NewRelic::Agent.config[:"distributed_tracing.enabled"] &&
-          NewRelic::Agent.config[:"cross_application_tracer.enabled"]
-      end
-
-      def obfuscator
-        @obfuscator ||= NewRelic::Agent::Obfuscator.new(Agent.config[:encoding_key])
-      end
-
-      def insert_request_headers(request, txn_guid, trip_id, path_hash)
-        cross_app_id = NewRelic::Agent.config[:cross_process_id]
-        txn_data = ::JSON.dump([txn_guid, false, trip_id, path_hash])
-
-        request[NR_ID_HEADER] = obfuscator.obfuscate(cross_app_id)
-        request[NR_TXN_HEADER] = obfuscator.obfuscate(txn_data)
-      end
-
-      def response_has_crossapp_header?(response)
-        if !!response[NR_APPDATA_HEADER]
-          true
-        else
-          NewRelic::Agent.logger.debug("No #{NR_APPDATA_HEADER} header")
-          false
-        end
-      end
-
-      # Extract x-process application data from the specified +response+ and return
-      # it as an array of the form:
-      #
-      #  [
-      #    <cross app ID>,
-      #    <transaction name>,
-      #    <queue time in seconds>,
-      #    <response time in seconds>,
-      #    <request content length in bytes>,
-      #    <transaction GUID>
-      #  ]
-      def extract_appdata(response)
-        appdata = response[NR_APPDATA_HEADER]
-
-        decoded_appdata = obfuscator.deobfuscate(appdata)
-        decoded_appdata.set_encoding(::Encoding::UTF_8) if
-          decoded_appdata.respond_to?(:set_encoding)
-
-        ::JSON.parse(decoded_appdata)
-      end
-
-      def valid_cross_app_id?(xp_id)
-        !!(xp_id =~ /\A\d+#\d+\z/)
-      end
-
-      def message_has_crossapp_request_header?(headers)
-        !!headers[NR_MESSAGE_BROKER_ID_HEADER]
-      end
-
-      def reject_messaging_cat_headers(headers)
-        headers.reject { |k, _| k == NR_MESSAGE_BROKER_ID_HEADER || k == NR_MESSAGE_BROKER_TXN_HEADER }
-      end
-
-      def trusts?(id)
-        split_id = id.match(/(\d+)#\d+/)
-        return false if split_id.nil?
-
-        NewRelic::Agent.config[:trusted_account_ids].include?(split_id.captures.first.to_i)
-      end
-
-      def trusted_valid_cross_app_id?(id)
-        valid_cross_app_id?(id) && trusts?(id)
-      end
-
-      # From inbound request headers
-      def assign_intrinsic_transaction_attributes(state)
-        # We expect to get the before call to set the id (if we have it) before
-        # this, and then write our custom parameter when the transaction starts
-        return unless (txn = state.current_transaction)
-        return unless (payload = txn.distributed_tracer.cross_app_payload)
-
-        if (cross_app_id = payload.id)
-          txn.attributes.add_intrinsic_attribute(:client_cross_process_id, cross_app_id)
-        end
-
-        if (referring_guid = payload.referring_guid)
-          txn.attributes.add_intrinsic_attribute(:referring_transaction_guid, referring_guid)
-        end
-      end
-    end
-  end
-end

data/lib/new_relic/agent/external.rb

@@ -1,112 +0,0 @@
-# This file is distributed under New Relic's license terms.
-# See https://github.com/newrelic/newrelic-ruby-agent/blob/main/LICENSE for complete details.
-# frozen_string_literal: true
-
-require 'new_relic/agent/transaction/tracing'
-require 'new_relic/agent/distributed_tracing/cross_app_tracing'
-require 'new_relic/agent/distributed_tracing/cross_app_payload'
-
-module NewRelic
-  module Agent
-    #
-    # This module contains helper methods to facilitate
-    # instrumentation of external requests not directly supported by
-    # the Ruby agent. It is intended to be primarily used by authors
-    # of 3rd-party instrumentation.
-    #
-    # @api public
-    module External
-      extend self
-
-      NON_HTTP_CAT_ID_HEADER = 'NewRelicID'.freeze
-      NON_HTTP_CAT_TXN_HEADER = 'NewRelicTransaction'.freeze
-      NON_HTTP_CAT_SYNTHETICS_HEADER = 'NewRelicSynthetics'.freeze
-      NON_HTTP_CAT_CONTENT_LENGTH = -1
-
-      # Process obfuscated +String+ identifying a calling application and transaction that is also running a
-      # New Relic agent and save information in current transaction for inclusion in a trace. The +String+ is
-      # generated by +get_request_metadata+ on the calling application.
-      #
-      # @param request_metadata [String] received obfuscated request metadata
-      #
-      # @!scope class
-      # @api public
-      #
-      def process_request_metadata(request_metadata)
-        NewRelic::Agent.record_api_supportability_metric(:process_request_metadata)
-        return unless CrossAppTracing.cross_app_enabled?
-
-        state = NewRelic::Agent::Tracer.state
-        if transaction = state.current_transaction
-          rmd = ::JSON.parse(obfuscator.deobfuscate(request_metadata))
-
-          # handle/check ID
-          #
-          if id = rmd[NON_HTTP_CAT_ID_HEADER] and CrossAppTracing.trusted_valid_cross_app_id?(id)
-            # handle transaction info
-            #
-            if txn_info = rmd[NON_HTTP_CAT_TXN_HEADER]
-              payload = CrossAppPayload.new(id, transaction, txn_info)
-              transaction.distributed_tracer.cross_app_payload = payload
-
-              CrossAppTracing.assign_intrinsic_transaction_attributes(state)
-            end
-
-            # handle synthetics
-            #
-            if synth = rmd[NON_HTTP_CAT_SYNTHETICS_HEADER]
-              transaction.synthetics_payload = synth
-              transaction.raw_synthetics_header = obfuscator.obfuscate(::JSON.dump(synth))
-            end
-
-          else
-            NewRelic::Agent.logger.error("error processing request metadata: invalid/non-trusted ID: '#{id}'")
-          end
-
-          nil
-        end
-      rescue => e
-        NewRelic::Agent.logger.error('error during process_request_metadata', e)
-      end
-
-      # Obtain an obfuscated +String+ suitable for delivery across public networks that carries transaction
-      # information from this application to a calling application which is also running a New Relic agent.
-      # This +String+ can be processed by +process_response_metadata+ on the calling application.
-      #
-      # @return [String] obfuscated response metadata to send
-      #
-      # @!scope class
-      # @api public
-      #
-      def get_response_metadata
-        NewRelic::Agent.record_api_supportability_metric(:get_response_metadata)
-        return unless CrossAppTracing.cross_app_enabled?
-
-        return unless (txn = Tracer.current_transaction)
-        return unless (payload = txn.distributed_tracer.cross_app_payload)
-
-        # must freeze the name since we're responding with it
-        #
-        txn.freeze_name_and_execute_if_not_ignored do
-          # build response payload
-          #
-          rmd = {
-            NewRelicAppData: payload.as_json_array(NON_HTTP_CAT_CONTENT_LENGTH)
-          }
-
-          # obfuscate the generated response metadata JSON
-          #
-          obfuscator.obfuscate(::JSON.dump(rmd))
-        end
-      rescue => e
-        NewRelic::Agent.logger.error('error during get_response_metadata', e)
-      end
-
-      private
-
-      def obfuscator
-        CrossAppTracing.obfuscator
-      end
-    end
-  end
-end