RubyGems - newrelic_security - Versions diffs - 0.1.0 - Mend

newrelic_security 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (205) hide show

data/lib/newrelic_security/instrumentation-security/instrumentation_utils.rb ADDED Viewed

@@ -0,0 +1,165 @@
+# frozen_string_literal: true
+require 'set'
+require 'uri'
+module NewRelic::Security
+  module Instrumentation
+    module InstrumentationUtils
+      extend self
+      OPEN_MODES = ::Set.new(%W[r rb])
+      APP_INTEGRITY_MODES = ::Set.new(%W[w w+ a a+ ab at r+ wb wt write binwrite])
+      DOT_DOT_SLASH = '../'
+      TMP_CACHE = '/tmp/cache'
+      FILTERED_SQL = ['PRAGMA foreign_keys = ON', #sqlite
+        'COMMIT',   #mysql
+        'BEGIN',   #mysql
+        'PRAGMA', #sqlite
+        'begin deferred transaction', #sqlite
+        'commit transaction', #sqlite
+        'SHOW TIME ZONE', #pg
+        'SET' #pg
+      ]
+      def sql_filter_events?(sql_query)
+        FILTERED_SQL.each do |unwanted_sql|
+          if sql_query.start_with?(unwanted_sql)
+            NewRelic::Security::Agent.logger.debug "Filtered invalid SQL '#{sql_query}'"
+            return true
+          end
+        end if sql_query
+        return false
+      end
+      def in_app_dir?(fname, abs_path)
+        app_dir = NewRelic::Security::Agent.config[:app_root]
+        if app_dir == nil
+          return false
+        end
+        if abs_path.start_with?(app_dir)
+          return true
+        end
+        return false
+      end
+      def in_gem_dir?(fname, abs_path)
+        gem_dir = ::Gem.dir
+        if gem_dir == nil
+          return false
+        end
+        if abs_path.start_with?(gem_dir)
+          return true
+        end
+        return false
+      end
+      def in_tmp_cache_dir?(fname, abs_path)
+        app_dir = NewRelic::Security::Agent.config[:app_root]
+        if app_dir == nil
+          return false
+        end
+        if abs_path.start_with?(app_dir + TMP_CACHE)
+          return true
+        end
+        return false
+      end
+      def notify_app_integrity_open?(fname, abs_path, fmode)
+        if fname == nil || fmode == nil
+          # we cannot do the app integrity
+          NewRelic::Security::Agent.logger.debug "Invalid Args of 'open', app integrity check cannot be enforced  \r\n"
+          NewRelic::Security::Agent.logger.debug "File Name #{fname} fmode  #{fmode}"
+          return false
+        end
+        #check whether the file path is  in the App root directory
+        #check whether file exists for 'w','w+','a','a+' mode because file is created
+        #for these modes if it doesn't present.
+        #If file already exists , then no need to send the app integrity event to IC
+        if in_app_dir?(fname, abs_path) && !in_tmp_cache_dir?(fname, abs_path) && APP_INTEGRITY_MODES.include?(fmode)
+            return true
+        end
+        return false
+      end
+      def notify_app_integrity_delete?(fnames)
+        #delete api argument is an array of file names/name
+        #get the root directory
+        #check whether file present in the application root
+        #check whether the file exists, if not remove it from the args
+        if fnames == nil || fnames.empty?
+          NewRelic::Security::Agent.logger.debug "Invalid Args of 'delete', app integrity check cannot be enforced  \r\n"
+          return false
+        end
+        NewRelic::Security::Agent.logger.debug "File Names  #{fnames}"
+        fnames.each do |fname|
+          return true if in_app_dir?(fname, ::File.expand_path(fname)) && !in_tmp_cache_dir?(fname, ::File.expand_path(fname))
+        end
+        return false
+      end
+      def open_filter?(fname, abs_path, fmode)
+        if fname == nil || fmode == nil
+          NewRelic::Security::Agent.logger.debug "Invalid Args of 'open', filter cannot be enforced  \r\n"
+          NewRelic::Security::Agent.logger.debug "File Name #{fname} fmode  #{fmode}"
+          return false
+        end
+        if (in_app_dir?(fname, abs_path) || in_gem_dir?(fname, abs_path)) && OPEN_MODES.include?(fmode)
+          if !fname.include?(DOT_DOT_SLASH) #check for any path traversal
+            return true #filter it , if path is in app_dir and there is no "../" segment
+          end
+        end
+        return false
+      end
+      #for now ,any file read in the application directory event is filtered out.
+      def read_filter?(fname, abs_path)
+        if fname == nil
+          NewRelic::Security::Agent.logger.debug "Invalid Args of 'read', filter cannot be enforced  \r\n"
+          NewRelic::Security::Agent.logger.debug "File Name #{fname} "
+          return false
+        end
+        if in_app_dir?(fname, abs_path) || in_gem_dir?(fname, abs_path)
+          if !fname.include?(DOT_DOT_SLASH) #check for any path traversal
+            return true #filter it , if path is in app_dir and there is no "../" segment
+          end
+        end
+        return false
+      end
+      def add_tracing_data(req, event)
+        req[NR_CSEC_TRACING_DATA] = "#{event.httpRequest[:headers][NR_CSEC_TRACING_DATA]}#{NewRelic::Security::Agent.config[:uuid]}/#{event.apiId}/#{event.id};"
+        req[NR_CSEC_FUZZ_REQUEST_ID] = event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID] if event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID]
+      end
+      def append_tracing_data(req, event)
+        req = [] if req.nil?
+        req.append([NR_CSEC_TRACING_DATA, "#{event.httpRequest[:headers][NR_CSEC_TRACING_DATA]}#{NewRelic::Security::Agent.config[:uuid]}/#{event.apiId}/#{event.id};"])
+        req.append([NR_CSEC_FUZZ_REQUEST_ID, event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID]]) if event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID]
+      end
+      def parse_uri(uri_string)
+        ::URI.parse(uri_string)
+      rescue
+        return nil
+      end
+      def parse_typhoeus_request(request)
+        ob = {}
+        ob[:Method] = request.options[:method].nil? ? :get : request.options[:method]
+        ob[:URI] = request.base_url
+        ob[:Body] = request.options[:body]
+        ob[:Headers] = request.options[:headers]
+        uri_parsed = parse_uri(request.base_url)
+        if !uri_parsed.nil?
+          ob[:scheme] = uri_parsed.scheme
+          ob[:host] = uri_parsed.host
+          ob[:port] = uri_parsed.port
+          ob[:path] = uri_parsed.path
+          ob[:query] = uri_parsed.query
+        end
+        ob
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/io/chain.rb ADDED Viewed

@@ -0,0 +1,113 @@
+module NewRelic::Security
+  module Instrumentation
+    module IO
+      module Chain
+        def self.instrument!
+          ::IO.class_eval do
+            class << self
+              include NewRelic::Security::Instrumentation::IO
+              alias_method :open_without_security, :open
+              if RUBY_VERSION < '2.7.0'
+                def open(var1, var2 = "r", *var3, &var4)
+                  return open_without_security(var1, var2, *var3, &var4) if var1.to_s.include?(LOG_FILE_NAME)
+                  retval = nil
+                  event = open_on_enter(var1, var2) { retval = open_without_security(var1, var2, *var3, &var4) }
+                  open_on_exit(event) { return retval }
+                end
+              else
+                def open(*args, **kwargs, &block)
+                  return open_without_security(*args, **kwargs, &block) if args[0].to_s.include?(LOG_FILE_NAME)
+                  retval = nil
+                  event = open_on_enter(*args) { retval = open_without_security(*args, **kwargs, &block) }
+                  open_on_exit(event) { return retval }
+                end
+              end
+              alias_method :read_without_security, :read
+              def read(*var, **kwargs)
+                retval = nil
+                event = read_on_enter(*var) { retval = read_without_security(*var, **kwargs) }
+                read_on_exit(event, retval) { return retval }
+              end
+              alias_method :binread_without_security, :binread
+              def binread(*var)
+                retval = nil
+                event = binread_on_enter(*var) { retval = binread_without_security(*var) }
+                binread_on_exit(event, retval) { return retval }
+              end
+              alias_method :readlines_without_security, :readlines
+              def readlines(*var, **kwargs)
+                retval = nil
+                event = readlines_on_enter(*var) { retval = readlines_without_security(*var, **kwargs) }
+                readlines_on_exit(event, retval) { return retval }
+              end
+              alias_method :new_without_security, :new
+              if RUBY_VERSION < '2.7.0'
+                def new(*var)
+                  retval = nil
+                  event = new_on_enter(*var) { retval = new_without_security(*var) }
+                  new_on_exit(event) { return retval }
+                end
+              else
+                def new(*var, **kwargs)
+                  retval = nil
+                  event = new_on_enter(*var) { retval = new_without_security(*var, **kwargs) }
+                  new_on_exit(event) { return retval }
+                end
+              end
+              alias_method :sysopen_without_security, :sysopen
+              def sysopen(*var)
+                retval = nil
+                event = sysopen_on_enter(*var) { retval = sysopen_without_security(*var) }
+                sysopen_on_exit(event, retval, *var) { return retval }
+              end
+              alias_method :foreach_without_security, :foreach
+              def foreach(*var)
+                retval = nil
+                event = foreach_on_enter(*var) { retval = foreach_without_security(*var) }
+                foreach_on_exit(event, retval) { return retval }
+              end
+              alias_method :write_without_security, :write
+              def write(*var, **kwargs)
+                retval = nil
+                event = write_on_enter(*var, **kwargs) { retval = write_without_security(*var) }
+                write_on_exit(event, retval) { return retval }
+              end
+              alias_method :binwrite_without_security, :binwrite
+              def binwrite(*var)
+                retval = nil
+                event = binwrite_on_enter(*var) { retval = binwrite_without_security(*var) }
+                binwrite_on_exit(event, retval) { return retval }
+              end
+              alias_method :popen_without_security, :popen
+              def popen(*var)
+                retval = nil
+                event = popen_on_enter(*var) { retval = popen_without_security(*var) }
+                popen_on_exit(event) { return retval }
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/io/instrumentation.rb ADDED Viewed

@@ -0,0 +1,300 @@
+require_relative 'prepend'
+require_relative 'chain'
+module NewRelic::Security
+  module Instrumentation
+    module IO
+      def open_on_enter(*args)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = args[0].to_s
+        if args[0].is_a? Integer
+          fname = NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[args[0].object_id.to_s].to_s if NewRelic::Security::Agent::Control::HTTPContext.get_context && NewRelic::Security::Agent::Control::HTTPContext.get_context.cache.key?(args[0].object_id.to_s)
+        else
+          fname = ::File.path(args[0]) if args[0] #some times it is 'String' or 'Path' class
+        end
+        abs_path = ::File.expand_path(fname)
+        fmode = args[1]
+        event_category = NewRelic::Security::Instrumentation::InstrumentationUtils::OPEN_MODES.include?(fmode) ? READ : WRITE
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.notify_app_integrity_open?(fname, abs_path, fmode)
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_INTEGRITY, [fname], event_category)
+        else
+          if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+            NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{fname} #{fmode}"
+          else
+            event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], event_category)
+          end
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def open_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def new_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = var[0].to_s
+        if var[0].is_a? Integer
+          fname = NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[var[0].object_id.to_s].to_s if NewRelic::Security::Agent::Control::HTTPContext.get_context && NewRelic::Security::Agent::Control::HTTPContext.get_context.cache.key?(var[0].object_id.to_s)
+        else
+          fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        end
+        abs_path = ::File.expand_path(fname)
+        fmode = var[1] if var[1]
+        event_category = NewRelic::Security::Instrumentation::InstrumentationUtils::OPEN_MODES.include?(fmode) ? READ : WRITE
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.notify_app_integrity_open?(fname, abs_path, fmode)
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_INTEGRITY, [fname], event_category)
+        else
+          if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+            NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{fname} #{fmode}"
+          else
+            event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], event_category)
+          end
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def new_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def sysopen_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def sysopen_on_exit(event, retval, *var)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[retval.object_id.to_s] = fname if NewRelic::Security::Agent::Control::HTTPContext.get_context
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def read_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+          NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{var}"
+        else
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], READ)
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def read_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(String)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def binread_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+          NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{var}"
+        else
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], READ)
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def binread_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(String)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def readlines_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+          NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{var}"
+        else
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], READ)
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def readlines_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(Array)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def foreach_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+          NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{var}"
+        else
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], READ)
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def foreach_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(NilClass) || retval.is_a?(Enumerator)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def write_on_enter(*var, **kwargs)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        fmode = kwargs.has_key?(:mode) ? kwargs[:mode] : WRITE
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.notify_app_integrity_open?(fname, abs_path, fmode)
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_INTEGRITY, [fname], WRITE)
+        else
+          if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+            NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{fname} #{fmode}"
+          else
+            event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], WRITE)
+          end
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def write_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(Integer)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def binwrite_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        fname = ::File.path(var[0]) #some times it is 'String' or 'Path' class
+        abs_path = ::File.expand_path(fname)
+        fmode = BINWRITE
+        if NewRelic::Security::Instrumentation::InstrumentationUtils.notify_app_integrity_open?(fname, abs_path, fmode)
+          event = NewRelic::Security::Agent::Control::Collector.collect(FILE_INTEGRITY, [fname], WRITE)
+        else
+          if NewRelic::Security::Instrumentation::InstrumentationUtils.read_filter?(fname, abs_path)
+            NewRelic::Security::Agent.logger.debug "Filtered because File name exist in filtered list #{self.class}.#{__method__} Args:: #{fname} #{fmode}"
+          else
+            event = NewRelic::Security::Agent::Control::Collector.collect(FILE_OPERATION, [fname], WRITE)
+          end
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def binwrite_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event) if retval.is_a?(Integer)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def popen_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ic_args = []
+        var.each { |arg|
+          if arg.is_a? String
+            ic_args << arg
+          elsif arg.is_a? Array
+            ic_args << arg.join(" ")
+          end
+        }
+        event = NewRelic::Security::Agent::Control::Collector.collect(SYSTEM_COMMAND, ic_args)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def popen_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+  end
+end
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:io, ::IO.singleton_class, ::NewRelic::Security::Instrumentation::IO)

data/lib/newrelic_security/instrumentation-security/io/prepend.rb ADDED Viewed

@@ -0,0 +1,86 @@
+module NewRelic::Security
+  module Instrumentation
+    module IO
+      module Prepend
+        include NewRelic::Security::Instrumentation::IO
+        if RUBY_VERSION < '2.7.0'
+          def open(var1, var2 = "r", *var3, &var4)
+            return super if var1.to_s.include?(LOG_FILE_NAME)
+            retval = nil
+            event = open_on_enter(var1, var2) { retval = super }
+            open_on_exit(event) { return retval }
+          end
+        else
+          def open(*args, **kwargs, &block)
+            return super if args[0].to_s.include?(LOG_FILE_NAME)
+            retval = nil
+            event = open_on_enter(*args) { retval = super }
+            open_on_exit(event) { return retval }
+          end
+        end
+        def read(*var, **kwargs)
+          retval = nil
+          event = read_on_enter(*var) { retval = super }
+          read_on_exit(event, retval) { return retval }
+        end
+        def binread(*var)
+          retval = nil
+          event = binread_on_enter(*var) { retval = super }
+          binread_on_exit(event, retval) { return retval }
+        end
+        def readlines(*var, **kwargs)
+          retval = nil
+          event = readlines_on_enter(*var) { retval = super }
+          readlines_on_exit(event, retval) { return retval }
+        end
+        if RUBY_VERSION < '2.7.0'
+          def new(*var)
+            retval = nil
+            event = new_on_enter(*var) { retval = super }
+            new_on_exit(event) { return retval }
+          end
+        else
+          def new(*var, **kwargs)
+            retval = nil
+            event = new_on_enter(*var) { retval = super }
+            new_on_exit(event) { return retval }
+          end
+        end
+        def sysopen(*var)
+          retval = nil
+          event = sysopen_on_enter(*var) { retval = super }
+          sysopen_on_exit(event, retval, *var) { return retval }
+        end
+        def foreach(*var)
+          retval = nil
+          event = foreach_on_enter(*var) { retval = super }
+          foreach_on_exit(event, retval) { return retval }
+        end
+        def write(*var, **kwargs)
+          retval = nil
+          event = write_on_enter(*var, **kwargs) { retval = super }
+          write_on_exit(event, retval) { return retval }
+        end
+        def binwrite(*var)
+          retval = nil
+          event = binwrite_on_enter(*var) { retval = super }
+          binwrite_on_exit(event, retval) { return retval }
+        end
+        def popen(*var)
+          retval = nil
+          event = popen_on_enter(*var) { retval = super }
+          popen_on_exit(event) { return retval }
+        end
+      end
+    end
+  end
+end