newrelic_security 0.1.0

data/lib/newrelic_security/instrumentation-security/grpc/server/chain.rb

@@ -0,0 +1,62 @@
+module NewRelic::Security
+  module Instrumentation
+    module GRPC
+      module RpcDesc
+        module Chain
+          def self.instrument!
+            ::GRPC::RpcDesc.class_eval do
+              include NewRelic::Security::Instrumentation::GRPC::RpcDesc
+
+              alias_method :handle_request_response_without_security, :handle_request_response
+    
+              def handle_request_response(active_call, mth, inter_ctx)
+                grpc_server_on_enter(active_call, mth, inter_ctx, false, false) { return handle_request_response_without_security(active_call, mth, inter_ctx) }
+              end
+
+              alias_method :handle_client_streamer_without_security, :handle_client_streamer
+    
+              def handle_client_streamer(active_call, mth, inter_ctx)
+                grpc_server_on_enter(active_call, mth, inter_ctx, true, false) { return handle_request_response_without_security(active_call, mth, inter_ctx) }
+              end
+
+              alias_method :handle_server_streamer_without_security, :handle_server_streamer
+    
+              def handle_server_streamer(active_call, mth, inter_ctx)
+                grpc_server_on_enter(active_call, mth, inter_ctx, false, true) { return handle_request_response_without_security(active_call, mth, inter_ctx) }
+              end
+
+              alias_method :handle_bidi_streamer_without_security, :handle_bidi_streamer
+    
+              def handle_bidi_streamer(active_call, mth, inter_ctx)
+                grpc_server_on_enter(active_call, mth, inter_ctx, true, true) { return handle_request_response_without_security(active_call, mth, inter_ctx) }
+              end
+            end
+          end
+        end
+      end
+
+      module ActiveCall
+        module Chain
+          def self.instrument!
+            ::GRPC::ActiveCall.class_eval do
+              include NewRelic::Security::Instrumentation::GRPC::ActiveCall
+
+              alias_method :remote_read_without_security, :remote_read
+
+              def remote_read
+                retval = remote_read_without_security
+                remote_read_on_exit(retval) { return retval }
+              end
+
+              alias_method :output_metadata_without_security, :output_metadata
+    
+              def output_metadata
+                output_metadata_on_enter { return output_metadata_without_security }
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/grpc/server/instrumentation.rb

@@ -0,0 +1,65 @@
+require_relative 'prepend'
+require_relative 'chain'
+require 'json'
+
+module NewRelic::Security
+  module Instrumentation
+    module GRPC
+      module RpcDesc
+        def grpc_server_on_enter(active_call, mth, inter_ctx, is_grpc_client_stream, is_grpc_server_stream)
+          event = nil
+          NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+          grpc_request = {}
+          grpc_request[:headers] = active_call.metadata
+          grpc_request[:peer] = active_call.peer
+          # puts "mth : #{mth.class} #{mth.methods}"
+          # puts "mth :#{mth.original_name}, #{mth.to_s}, #{mth.name}, #{mth.receiver}, #{mth.parameters}, #{mth.owner}, #{mth.unbind}, #{mth.super_method},, #{mth.instance_variables}"
+          grpc_request[:method] = "#{mth.owner}/#{mth.original_name}"
+          grpc_request[:is_grpc_client_stream] = is_grpc_client_stream
+          grpc_request[:is_grpc_server_stream] = is_grpc_server_stream
+          is_grpc_client_stream ? grpc_request[:body] = [] : grpc_request[:body] = ::String.new
+          NewRelic::Security::Agent::Control::GRPCContext.set_context(grpc_request)
+          NewRelic::Security::Agent::Utils.parse_fuzz_header(NewRelic::Security::Agent::Control::GRPCContext.get_context)
+        rescue => exception
+          NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+        ensure
+          yield
+          return event
+        end
+      end
+
+      module ActiveCall
+        
+        def remote_read_on_exit(retval)
+          NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+          ctxt = NewRelic::Security::Agent::Control::GRPCContext.get_context
+          if ctxt
+            if ctxt.metadata[:reflectedMetaData][:isGrpcClientStream]
+              ctxt.body << retval.to_json
+            else
+              ctxt.body += retval.to_json
+            end
+            ctxt.metadata[:reflectedMetaData][:inputClass] = retval.class.name
+          end
+        rescue => exception
+          NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+        ensure
+          yield
+        end
+
+        def output_metadata_on_enter
+          NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+          NewRelic::Security::Agent::Utils.delete_created_files(NewRelic::Security::Agent::Control::GRPCContext.get_context)
+          NewRelic::Security::Agent::Control::GRPCContext.reset_context
+        rescue => exception
+          NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+        ensure
+          yield
+        end
+      end
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:gRPC_Server, ::GRPC::RpcDesc, ::NewRelic::Security::Instrumentation::GRPC::RpcDesc)
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:gRPC_Server, ::GRPC::ActiveCall, ::NewRelic::Security::Instrumentation::GRPC::ActiveCall)

data/lib/newrelic_security/instrumentation-security/grpc/server/prepend.rb

@@ -0,0 +1,46 @@
+module NewRelic::Security
+  module Instrumentation
+    module GRPC
+      module RpcDesc
+        module Prepend
+          include NewRelic::Security::Instrumentation::GRPC::RpcDesc
+
+          def handle_request_response(active_call, mth, inter_ctx)
+            grpc_server_on_enter(active_call, mth, inter_ctx, false, false) { super }
+          end
+
+          def handle_client_streamer(active_call, mth, inter_ctx)
+            grpc_server_on_enter(active_call, mth, inter_ctx, true, false) { super }
+          end
+
+          def handle_server_streamer(active_call, mth, inter_ctx)
+            grpc_server_on_enter(active_call, mth, inter_ctx, false, true) { super }
+          end
+
+          def handle_bidi_streamer(active_call, mth, inter_ctx)
+            grpc_server_on_enter(active_call, mth, inter_ctx, true, true) { super }
+          end
+
+        end
+      end
+      
+      module ActiveCall
+        module Prepend
+          include NewRelic::Security::Instrumentation::GRPC::ActiveCall
+
+          def remote_read
+            retval = super
+            remote_read_on_exit(retval) { return retval }
+          end
+
+          def output_metadata
+            output_metadata_on_enter { super }
+          end
+
+        end
+      end
+
+    end
+    
+  end
+end

data/lib/newrelic_security/instrumentation-security/httpclient/chain.rb

@@ -0,0 +1,30 @@
+module NewRelic::Security
+  module Instrumentation
+    module HTTPClient
+      module Chain
+        def self.instrument!
+          ::HTTPClient.class_eval do
+            include NewRelic::Security::Instrumentation::HTTPClient
+
+            alias_method :do_request_without_security, :do_request
+  
+            def do_request(method, uri, query, body, header, &block)
+              retval = nil
+              event = do_request_on_enter(method, uri, query, body, header) { retval = do_request_without_security(method, uri, query, body, header, &block) }
+              do_request_on_exit(event) { return retval }
+            end
+
+            alias_method :do_request_async_without_security, :do_request_async
+  
+            def do_request_async(method, uri, query, body, header, &block)
+              retval = nil
+              event = do_request_async_on_enter(method, uri, query, body, header) { retval = do_request_async_without_security(method, uri, query, body, header, &block) }
+              do_request_async_on_exit(event) { return retval }
+            end
+
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/httpclient/instrumentation.rb

@@ -0,0 +1,82 @@
+require_relative 'prepend'
+require_relative 'chain'
+
+module NewRelic::Security
+  module Instrumentation
+    module HTTPClient
+
+      def do_request_on_enter(method, uri, query, body, header)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ob = {}
+        ob[:Method] = method
+        unless uri.nil?
+          ob[:scheme]  = uri.scheme
+          ob[:host]    = uri.host
+          ob[:port]    = uri.port
+          ob[:URI]     = uri.to_s
+          ob[:path]    = uri.path
+          ob[:query]   = uri.query
+        end
+        ob[:Body] = body
+        ob[:Headers] = header
+        ob.each { |_, value| value.dup.force_encoding(ISO_8859_1).encode(UTF_8) if value.is_a?(String) }
+        event = NewRelic::Security::Agent::Control::Collector.collect(HTTP_REQUEST, [ob])
+        NewRelic::Security::Instrumentation::InstrumentationUtils.add_tracing_data(header, event) if event
+        event
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def do_request_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def do_request_async_on_enter(method, uri, query, body, header)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ob = {}
+        ob[:Method] = method
+        unless uri.nil?
+          ob[:scheme]  = uri.scheme
+          ob[:host]    = uri.host
+          ob[:port]    = uri.port
+          ob[:URI]     = uri.to_s
+          ob[:path]    = uri.path
+          ob[:query]   = uri.query
+        end
+        ob[:Body] = body
+        ob[:Headers] = header
+        ob.each { |_, value| value.dup.force_encoding(ISO_8859_1).encode(UTF_8) if value.is_a?(String) }
+        event = NewRelic::Security::Agent::Control::Collector.collect(HTTP_REQUEST, [ob])
+        NewRelic::Security::Instrumentation::InstrumentationUtils.add_tracing_data(header, event) if event
+        event
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def do_request_async_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:httpclient, ::HTTPClient, ::NewRelic::Security::Instrumentation::HTTPClient)

data/lib/newrelic_security/instrumentation-security/httpclient/prepend.rb

@@ -0,0 +1,22 @@
+module NewRelic::Security
+  module Instrumentation
+    module HTTPClient
+      module Prepend
+        include NewRelic::Security::Instrumentation::HTTPClient
+
+        def do_request(method, uri, query, body, header, &block)
+          retval = nil
+          event = do_request_on_enter(method, uri, query, body, header) { retval = super }
+          do_request_on_exit(event) { return retval }
+        end
+
+        def do_request_async(method, uri, query, body, header)
+          retval = nil
+          event = do_request_async_on_enter(method, uri, query, body, header) { retval = super }
+          do_request_async_on_exit(event) { return retval }
+        end
+
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/httprb/chain.rb

@@ -0,0 +1,21 @@
+module NewRelic::Security
+  module Instrumentation
+    module HTTPrb
+      module Chain
+        def self.instrument!
+          ::HTTP::Client.class_eval do
+            include NewRelic::Security::Instrumentation::HTTPrb
+                        
+            alias_method :perform_without_security, :perform
+  
+            def perform(request, options)
+              retval = nil
+              event = perform_on_enter(request, options) { retval = perform_without_security(request, options) }
+              perform_on_exit(event) { return retval }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/httprb/instrumentation.rb

@@ -0,0 +1,44 @@
+require_relative 'prepend'
+require_relative 'chain'
+
+module NewRelic::Security
+  module Instrumentation
+    module HTTPrb
+
+      def perform_on_enter(request, options)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ob = {}
+				ob[:Method] = request.verb
+        ob[:scheme] = request.scheme
+        ob[:host] = request.uri.host
+        ob[:port] = request.uri.port
+        ob[:URI] = request.uri.to_s
+        ob[:path] = request.uri.path
+        ob[:query] = request.uri.query
+        ob[:Body] = request.body.source.to_s
+        ob[:Headers] = options.headers.to_h
+        event = NewRelic::Security::Agent::Control::Collector.collect(HTTP_REQUEST, [ob])
+        NewRelic::Security::Instrumentation::InstrumentationUtils.add_tracing_data(options.headers, event) if event
+        ob = nil
+        event
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def perform_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:httprb, ::HTTP::Client, ::NewRelic::Security::Instrumentation::HTTPrb)

data/lib/newrelic_security/instrumentation-security/httprb/prepend.rb

@@ -0,0 +1,16 @@
+module NewRelic::Security
+  module Instrumentation
+    module HTTPrb
+      module Prepend
+        include NewRelic::Security::Instrumentation::HTTPrb
+                
+        def perform(request, options)
+          retval = nil
+          event = perform_on_enter(request, options) { retval = super }
+          perform_on_exit(event) { return retval }
+        end
+
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/httpx/chain.rb

@@ -0,0 +1,23 @@
+module NewRelic::Security
+  module Instrumentation
+    module HTTPX
+      module Session
+        module Chain
+          def self.instrument!
+            ::HTTPX::Session.class_eval do
+              include NewRelic::Security::Instrumentation::HTTPX::Session
+
+              alias_method :send_requests_without_security, :send_requests
+    
+              def send_requests(*args)
+                retval = nil
+                event = send_requests_on_enter(*args) { retval = send_requests_without_security(*args) }
+                send_requests_on_exit(event) { return retval }
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/httpx/instrumentation.rb

@@ -0,0 +1,51 @@
+require_relative 'prepend'
+require_relative 'chain'
+
+module NewRelic::Security
+  module Instrumentation
+    module HTTPX::Session
+
+      def send_requests_on_enter(*args)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ic_args = []
+        args.each do |arg|
+          ob = {}
+          ob[:Method] = arg.verb
+          uri = arg.uri
+          ob[:scheme]  = uri.scheme
+          ob[:host]    = uri.host
+          ob[:port]    = uri.port
+          ob[:URI]     = uri.to_s
+          ob[:path]    = uri.path
+          ob[:query]   = uri.query
+          ob[:Body]    = arg.body.bytesize.positive? ? arg.body.to_s : ""
+          ob[:Headers] = arg.headers
+          ob.each { |_, value| value.dup.force_encoding(ISO_8859_1).encode(UTF_8) if value.is_a?(String) }
+          ic_args << ob
+        end
+        event = NewRelic::Security::Agent::Control::Collector.collect(HTTP_REQUEST, ic_args)
+        args.each do |arg|
+          NewRelic::Security::Instrumentation::InstrumentationUtils.add_tracing_data(arg.headers, event) if event
+        end
+        event
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def send_requests_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:httpx, ::HTTPX::Session, ::NewRelic::Security::Instrumentation::HTTPX::Session)

data/lib/newrelic_security/instrumentation-security/httpx/prepend.rb

@@ -0,0 +1,18 @@
+module NewRelic::Security
+  module Instrumentation
+    module HTTPX
+      module Session
+        module Prepend
+          include NewRelic::Security::Instrumentation::HTTPX::Session
+
+          def send_requests(*args)
+            retval = nil
+            event = send_requests_on_enter(*args) { retval = super }
+            send_requests_on_exit(event) { return retval }
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/instrumentation_loader.rb

@@ -0,0 +1,50 @@
+require 'newrelic_security/instrumentation-security/instrumentation_utils'
+
+module NewRelic::Security
+  module Instrumentation
+    module InstrumentationLoader
+      extend self
+      def add_instrumentation()
+        res = ::NewRelic::Agent.add_instrumentation("#{__dir__}/**/instrumentation.rb")
+        NewRelic::Security::Agent.logger.debug "res, res.class #{res.class} #{res.inspect}"
+        NewRelic::Security::Agent.logger.debug "Logger print from add instrumentation api."
+        NewRelic::Security::Agent.logger.debug "Agent.agent : #{NewRelic::Security::Agent.agent.inspect}"
+        NewRelic::Security::Agent.logger.debug "Agent.config : #{NewRelic::Security::Agent::Utils.filtered_log(NewRelic::Security::Agent.config.inspect)}"
+        NewRelic::Security::Agent.init_logger.info "[STEP-6] => Application instrumentation applied successfully"
+      end
+
+      def install_instrumentation(supportability_name, target_class, instrumenting_module)
+        s_name = "instrumentation.#{supportability_name}".to_sym
+        if ::NewRelic::Agent.config[s_name] == :disabled || ::NewRelic::Agent.config[s_name] == 'disabled'
+          NewRelic::Security::Agent.logger.info "Skipping New Relic supported #{target_class} instrumentation, as #{s_name} is #{::NewRelic::Agent.config[s_name]}"
+          NewRelic::Security::Agent.init_logger.info "Skipping New Relic supported #{target_class} instrumentation, as #{s_name} is #{::NewRelic::Agent.config[s_name]}"
+        elsif ::NewRelic::Agent.config[s_name] == :chain || ::NewRelic::Agent.config[s_name] == 'chain'
+          NewRelic::Security::Instrumentation::InstrumentationLoader.chain_instrument target_class, Object.const_get("#{instrumenting_module}::Chain")
+        else
+          NewRelic::Security::Instrumentation::InstrumentationLoader.prepend_instrument target_class, Object.const_get("#{instrumenting_module}::Prepend")
+        end
+      end
+
+      def log_and_instrument(method, target_class, instrumenting_module, supportability_name)
+        # supportability_name ||= extract_supportability_name(instrumenting_module)
+        NewRelic::Security::Agent.logger.info "Installing New Relic supported #{target_class} instrumentation using #{method}"
+        NewRelic::Security::Agent.logger.info "Supportability/Instrumentation/#{target_class}/#{method}"
+        NewRelic::Security::Agent.init_logger.info "Installing New Relic supported #{target_class} instrumentation using #{method}"
+        yield
+      end
+
+      def prepend_instrument(target_class, instrumenting_module, supportability_name = nil)
+        log_and_instrument('Prepend', target_class, instrumenting_module, supportability_name) do
+          target_class.send(:prepend, instrumenting_module)
+        end
+      end
+  
+      def chain_instrument(target_class, instrumenting_module, supportability_name = nil)
+        log_and_instrument('MethodChaining', target_class, instrumenting_module, supportability_name) do
+          instrumenting_module.instrument!
+        end
+      end
+    end
+  end
+end
+