RubyGems - newrelic_security - Versions diffs - 0.1.0 - Mend

newrelic_security 0.1.0

Files changed (205) hide show

data/lib/newrelic_security/instrumentation-security/instrumentation_utils.rb ADDED Viewed

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+require 'set'
+require 'uri'
+module NewRelic::Security
+  module Instrumentation
+    module InstrumentationUtils
+      extend self
+      OPEN_MODES = ::Set.new(%W[r rb])
+      APP_INTEGRITY_MODES = ::Set.new(%W[w w+ a a+ ab at r+ wb wt write binwrite])
+      DOT_DOT_SLASH = '../'
+      TMP_CACHE = '/tmp/cache'
+      FILTERED_SQL = ['PRAGMA foreign_keys = ON', #sqlite
+        'COMMIT',   #mysql
+        'BEGIN',   #mysql
+        'PRAGMA', #sqlite
+        'begin deferred transaction', #sqlite
+        'commit transaction', #sqlite
+        'SHOW TIME ZONE', #pg
+        'SET' #pg
+      ]
+      def sql_filter_events?(sql_query)
+        FILTERED_SQL.each do |unwanted_sql|
+          if sql_query.start_with?(unwanted_sql)
+            NewRelic::Security::Agent.logger.debug "Filtered invalid SQL '#{sql_query}'"
+            return true
+          end
+        end if sql_query
+        return false
+      end
+      def in_app_dir?(fname, abs_path)
+        app_dir = NewRelic::Security::Agent.config[:app_root]
+        if app_dir == nil
+          return false
+        end
+        if abs_path.start_with?(app_dir)
+          return true
+        end
+        return false
+      end
+      def in_gem_dir?(fname, abs_path)
+        gem_dir = ::Gem.dir
+        if gem_dir == nil
+          return false
+        end
+        if abs_path.start_with?(gem_dir)
+          return true
+        end
+        return false
+      end
+      def in_tmp_cache_dir?(fname, abs_path)
+        app_dir = NewRelic::Security::Agent.config[:app_root]
+        if app_dir == nil
+          return false
+        end
+        if abs_path.start_with?(app_dir + TMP_CACHE)
+          return true
+        end
+        return false
+      end
+      def notify_app_integrity_open?(fname, abs_path, fmode)
+        if fname == nil || fmode == nil
+          # we cannot do the app integrity
+          NewRelic::Security::Agent.logger.debug "Invalid Args of 'open', app integrity check cannot be enforced  \r\n"
+          NewRelic::Security::Agent.logger.debug "File Name #{fname} fmode  #{fmode}"
+          return false
+        end
+        #check whether the file path is  in the App root directory
+        #check whether file exists for 'w','w+','a','a+' mode because file is created
+        #for these modes if it doesn't present.
+        #If file already exists , then no need to send the app integrity event to IC
+        if in_app_dir?(fname, abs_path) && !in_tmp_cache_dir?(fname, abs_path) && APP_INTEGRITY_MODES.include?(fmode)
+            return true
+        end
+        return false
+      end
+      def notify_app_integrity_delete?(fnames)
+        #delete api argument is an array of file names/name
+        #get the root directory
+        #check whether file present in the application root
+        #check whether the file exists, if not remove it from the args
+        if fnames == nil || fnames.empty?
+          NewRelic::Security::Agent.logger.debug "Invalid Args of 'delete', app integrity check cannot be enforced  \r\n"
+          return false
+        end
+        NewRelic::Security::Agent.logger.debug "File Names  #{fnames}"
+        fnames.each do |fname|
+          return true if in_app_dir?(fname, ::File.expand_path(fname)) && !in_tmp_cache_dir?(fname, ::File.expand_path(fname))
+        end
+        return false
+      end
+      def open_filter?(fname, abs_path, fmode)
+        if fname == nil || fmode == nil
+          NewRelic::Security::Agent.logger.debug "Invalid Args of 'open', filter cannot be enforced  \r\n"
+          NewRelic::Security::Agent.logger.debug "File Name #{fname} fmode  #{fmode}"
+          return false
+        end
+        if (in_app_dir?(fname, abs_path) || in_gem_dir?(fname, abs_path)) && OPEN_MODES.include?(fmode)
+          if !fname.include?(DOT_DOT_SLASH) #check for any path traversal
+            return true #filter it , if path is in app_dir and there is no "../" segment
+          end
+        end
+        return false
+      end
+      #for now ,any file read in the application directory event is filtered out.
+      def read_filter?(fname, abs_path)
+        if fname == nil
+          NewRelic::Security::Agent.logger.debug "Invalid Args of 'read', filter cannot be enforced  \r\n"
+          NewRelic::Security::Agent.logger.debug "File Name #{fname} "
+          return false
+        end
+        if in_app_dir?(fname, abs_path) || in_gem_dir?(fname, abs_path)
+          if !fname.include?(DOT_DOT_SLASH) #check for any path traversal
+            return true #filter it , if path is in app_dir and there is no "../" segment
+          end
+        end
+        return false
+      end
+      def add_tracing_data(req, event)
+        req[NR_CSEC_TRACING_DATA] = "#{event.httpRequest[:headers][NR_CSEC_TRACING_DATA]}#{NewRelic::Security::Agent.config[:uuid]}/#{event.apiId}/#{event.id};"
+        req[NR_CSEC_FUZZ_REQUEST_ID] = event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID] if event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID]
+      end
+      def append_tracing_data(req, event)
+        req = [] if req.nil?
+        req.append([NR_CSEC_TRACING_DATA, "#{event.httpRequest[:headers][NR_CSEC_TRACING_DATA]}#{NewRelic::Security::Agent.config[:uuid]}/#{event.apiId}/#{event.id};"])
+        req.append([NR_CSEC_FUZZ_REQUEST_ID, event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID]]) if event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID]
+      end
+      def parse_uri(uri_string)
+        ::URI.parse(uri_string)
+      rescue
+        return nil
+      end
+      def parse_typhoeus_request(request)
+        ob = {}
+        ob[:Method] = request.options[:method].nil? ? :get : request.options[:method]
+        ob[:URI] = request.base_url
+        ob[:Body] = request.options[:body]
+        ob[:Headers] = request.options[:headers]
+        uri_parsed = parse_uri(request.base_url)
+        if !uri_parsed.nil?
+          ob[:scheme] = uri_parsed.scheme
+          ob[:host] = uri_parsed.host
+          ob[:port] = uri_parsed.port
+          ob[:path] = uri_parsed.path
+          ob[:query] = uri_parsed.query
+        end
+        ob
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/io/chain.rb ADDED Viewed

@@ -0,0 +1,113 @@
+module NewRelic::Security
+  module Instrumentation
+    module IO
+      module Chain
+        def self.instrument!
+          ::IO.class_eval do
+            class << self
+              include NewRelic::Security::Instrumentation::IO
+              alias_method :open_without_security, :open
+              if RUBY_VERSION < '2.7.0'
+                def open(var1, var2 = "r", *var3, &var4)
+                  return open_without_security(var1, var2, *var3, &var4) if var1.to_s.include?(LOG_FILE_NAME)
+                  retval = nil
+                  event = open_on_enter(var1, var2) { retval = open_without_security(var1, var2, *var3, &var4) }
+                  open_on_exit(event) { return retval }
+                end
+              else
+                def open(*args, **kwargs, &block)
+                  return open_without_security(*args, **kwargs, &block) if args[0].to_s.include?(LOG_FILE_NAME)
+                  retval = nil
+                  event = open_on_enter(*args) { retval = open_without_security(*args, **kwargs, &block) }
+                  open_on_exit(event) { return retval }
+                end
+              end
+              alias_method :read_without_security, :read
+              def read(*var, **kwargs)
+                retval = nil
+                event = read_on_enter(*var) { retval = read_without_security(*var, **kwargs) }
+                read_on_exit(event, retval) { return retval }
+              end
+              alias_method :binread_without_security, :binread
+              def binread(*var)
+                retval = nil
+                event = binread_on_enter(*var) { retval = binread_without_security(*var) }
+                binread_on_exit(event, retval) { return retval }
+              end
+              alias_method :readlines_without_security, :readlines
+              def readlines(*var, **kwargs)
+                retval = nil
+                event = readlines_on_enter(*var) { retval = readlines_without_security(*var, **kwargs) }
+                readlines_on_exit(event, retval) { return retval }
+              end
+              alias_method :new_without_security, :new
+              if RUBY_VERSION < '2.7.0'
+                def new(*var)
+                  retval = nil
+                  event = new_on_enter(*var) { retval = new_without_security(*var) }
+                  new_on_exit(event) { return retval }
+                end
+              else
+                def new(*var, **kwargs)
+                  retval = nil
+                  event = new_on_enter(*var) { retval = new_without_security(*var, **kwargs) }
+                  new_on_exit(event) { return retval }
+                end
+              end
+              alias_method :sysopen_without_security, :sysopen
+              def sysopen(*var)
+                retval = nil
+                event = sysopen_on_enter(*var) { retval = sysopen_without_security(*var) }
+                sysopen_on_exit(event, retval, *var) { return retval }
+              end
+              alias_method :foreach_without_security, :foreach
+              def foreach(*var)
+                retval = nil
+                event = foreach_on_enter(*var) { retval = foreach_without_security(*var) }
+                foreach_on_exit(event, retval) { return retval }
+              end
+              alias_method :write_without_security, :write
+              def write(*var, **kwargs)
+                retval = nil
+                event = write_on_enter(*var, **kwargs) { retval = write_without_security(*var) }
+                write_on_exit(event, retval) { return retval }
+              end
+              alias_method :binwrite_without_security, :binwrite
+              def binwrite(*var)
+                retval = nil
+                event = binwrite_on_enter(*var) { retval = binwrite_without_security(*var) }
+                binwrite_on_exit(event, retval) { return retval }
+              end
+              alias_method :popen_without_security, :popen
+              def popen(*var)
+                retval = nil
+                event = popen_on_enter(*var) { retval = popen_without_security(*var) }
+                popen_on_exit(event) { return retval }
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/io/instrumentation.rb ADDED Viewed

@@ -0,0 +1,300 @@
+require_relative 'prepend'
+require_relative 'chain'
+module NewRelic::Security
+  module Instrumentation
+    module IO
+      def open_on_enter(*args)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = args[0].to_s
+        if args[0].is_a? Integer
+          fname = NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[args[0].object_id.to_s].to_s if NewRelic::Security::Agent::Control::HTTPContext.get_context && NewRelic::Security::Agent::Control::HTTPContext.get_context.cache.key?(args[0].object_id.to_s)
+        else
+          fname = ::File.path(args[0]) if args[0] #some times it is 'String' or 'Path' class
+        end
+        abs_path = ::File.expand_path(fname)
+        fmode = args[1]
+        event_category = NewRelic::Security::Instrumentation::InstrumentationUtils::OPEN_MODES.include?(fmode) ? READ : WRITE
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.notify_app_integrity_open?(fname, abs_path, fmode)
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_INTEGRITY, [fname], event_category)
+        else
+          if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+            NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{fname} #{fmode}"
+          else
+            event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], event_category)
+          end
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def open_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def new_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = var[0].to_s
+        if var[0].is_a? Integer
+          fname = NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[var[0].object_id.to_s].to_s if NewRelic::Security::Agent::Control::HTTPContext.get_context && NewRelic::Security::Agent::Control::HTTPContext.get_context.cache.key?(var[0].object_id.to_s)
+        else
+          fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        end
+        abs_path = ::File.expand_path(fname)
+        fmode = var[1] if var[1]
+        event_category = NewRelic::Security::Instrumentation::InstrumentationUtils::OPEN_MODES.include?(fmode) ? READ : WRITE
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.notify_app_integrity_open?(fname, abs_path, fmode)
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_INTEGRITY, [fname], event_category)
+        else
+          if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+            NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{fname} #{fmode}"
+          else
+            event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], event_category)
+          end
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def new_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def sysopen_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def sysopen_on_exit(event, retval, *var)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[retval.object_id.to_s] = fname if NewRelic::Security::Agent::Control::HTTPContext.get_context
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def read_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+          NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{var}"
+        else
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], READ)
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def read_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(String)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def binread_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+          NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{var}"
+        else
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], READ)
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def binread_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(String)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def readlines_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+          NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{var}"
+        else
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], READ)
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def readlines_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(Array)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def foreach_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+          NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{var}"
+        else
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], READ)
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def foreach_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(NilClass) || retval.is_a?(Enumerator)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def write_on_enter(*var, **kwargs)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        fmode = kwargs.has_key?(:mode) ? kwargs[:mode] : WRITE
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.notify_app_integrity_open?(fname, abs_path, fmode)
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_INTEGRITY, [fname], WRITE)
+        else
+          if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+            NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{fname} #{fmode}"
+          else
+            event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], WRITE)
+          end
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def write_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(Integer)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def binwrite_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        fmode = BINWRITE
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.notify_app_integrity_open?(fname, abs_path, fmode)
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_INTEGRITY, [fname], WRITE)
+        else
+          if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+            NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{fname} #{fmode}"
+          else
+            event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], WRITE)
+          end
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def binwrite_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(Integer)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def popen_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ic_args = []
+        var.each { |arg|
+          if arg.is_a? String
+            ic_args << arg
+          elsif arg.is_a? Array
+            ic_args << arg.join(" ")
+          end
+        }
+        event = NewRelic::Security::Agent::Control::Collector.collect(SYSTEM_COMMAND, ic_args)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def popen_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+  end
+end
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:io, ::IO.singleton_class, ::NewRelic::Security::Instrumentation::IO)

data/lib/newrelic_security/instrumentation-security/io/prepend.rb ADDED Viewed

@@ -0,0 +1,86 @@
+module NewRelic::Security
+  module Instrumentation
+    module IO
+      module Prepend
+        include NewRelic::Security::Instrumentation::IO
+        if RUBY_VERSION < '2.7.0'
+          def open(var1, var2 = "r", *var3, &var4)
+            return super if var1.to_s.include?(LOG_FILE_NAME)
+            retval = nil
+            event = open_on_enter(var1, var2) { retval = super }
+            open_on_exit(event) { return retval }
+          end
+        else
+          def open(*args, **kwargs, &block)
+            return super if args[0].to_s.include?(LOG_FILE_NAME)
+            retval = nil
+            event = open_on_enter(*args) { retval = super }
+            open_on_exit(event) { return retval }
+          end
+        end
+        def read(*var, **kwargs)
+          retval = nil
+          event = read_on_enter(*var) { retval = super }
+          read_on_exit(event, retval) { return retval }
+        end
+        def binread(*var)
+          retval = nil
+          event = binread_on_enter(*var) { retval = super }
+          binread_on_exit(event, retval) { return retval }
+        end
+        def readlines(*var, **kwargs)
+          retval = nil
+          event = readlines_on_enter(*var) { retval = super }
+          readlines_on_exit(event, retval) { return retval }
+        end
+        if RUBY_VERSION < '2.7.0'
+          def new(*var)
+            retval = nil
+            event = new_on_enter(*var) { retval = super }
+            new_on_exit(event) { return retval }
+          end
+        else
+          def new(*var, **kwargs)
+            retval = nil
+            event = new_on_enter(*var) { retval = super }
+            new_on_exit(event) { return retval }
+          end
+        end
+        def sysopen(*var)
+          retval = nil
+          event = sysopen_on_enter(*var) { retval = super }
+          sysopen_on_exit(event, retval, *var) { return retval }
+        end
+        def foreach(*var)
+          retval = nil
+          event = foreach_on_enter(*var) { retval = super }
+          foreach_on_exit(event, retval) { return retval }
+        end
+        def write(*var, **kwargs)
+          retval = nil
+          event = write_on_enter(*var, **kwargs) { retval = super }
+          write_on_exit(event, retval) { return retval }
+        end
+        def binwrite(*var)
+          retval = nil
+          event = binwrite_on_enter(*var) { retval = super }
+          binwrite_on_exit(event, retval) { return retval }
+        end
+        def popen(*var)
+          retval = nil
+          event = popen_on_enter(*var) { retval = super }
+          popen_on_exit(event) { return retval }
+        end
+      end
+    end
+  end
+end