RubyGems - newrelic_security - Versions diffs - 0.1.0 - Mend

newrelic_security 0.1.0

Files changed (205) hide show

data/lib/newrelic_security/instrumentation-security/mongo/prepend.rb ADDED Viewed

@@ -0,0 +1,77 @@
+module NewRelic::Security
+  module Instrumentation
+    module Mongo
+      module Collection
+        module Prepend
+          include NewRelic::Security::Instrumentation::Mongo::Collection
+          def find(filter = nil, options = {})
+            retval = nil
+            event = find_on_enter(filter, options) { retval = super }
+            find_on_exit(event) { return retval }
+          end
+          def insert_one(document, opts = {})
+            retval = nil
+            event = insert_one_on_enter(document, opts) { retval = super }
+            insert_one_on_exit(event) { return retval }
+          end
+          def insert_many(documents, options = {})
+            retval = nil
+            event = insert_many_on_enter(documents, options) { retval = super }
+            insert_many_on_exit(event) { return retval }
+          end
+        end
+        module View
+          module Prepend
+            include NewRelic::Security::Instrumentation::Mongo::Collection::View
+            def update_one(spec, opts = {})
+              retval = nil
+              event = update_one_on_enter(spec, opts) { retval = super }
+              update_one_on_exit(event) { return retval }
+            end
+            def update_many(spec, opts = {})
+              retval = nil
+              event = update_many_on_enter(spec, opts) { retval = super }
+              update_many_on_exit(event) { return retval }
+            end
+            def delete_one(opts = {})
+              retval = nil
+              event = delete_one_on_enter(opts) { retval = super }
+              delete_one_on_exit(event) { return retval }
+            end
+            def find_one_and_delete(opts = {})
+              retval = nil
+              event = find_one_and_delete_on_enter(opts) { retval = super }
+              find_one_and_delete_on_exit(event) { return retval }
+            end
+            def delete_many(opts = {})
+              retval = nil
+              event = delete_many_on_enter(opts) { retval = super }
+              delete_many_on_exit(event) { return retval }
+            end
+            def replace_one(replacement, opts = {})
+              retval = nil
+              event = replace_one_on_enter(replacement, opts) { retval = super }
+              replace_one_on_exit(event) { return retval }
+            end
+            def find_one_and_update(document, opts = {})
+              retval = nil
+              event = find_one_and_update_on_enter(document, opts) { retval = super }
+              find_one_and_update_on_exit(event) { return retval }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/mysql2/chain.rb ADDED Viewed

@@ -0,0 +1,53 @@
+module NewRelic::Security
+  module Instrumentation
+    module Mysql2
+      module Client
+        module Chain
+          def self.instrument!
+            ::Mysql2::Client.class_eval do
+              include NewRelic::Security::Instrumentation::Mysql2::Client
+              alias_method :query_without_security, :query
+              def query(sql, options = {})
+                retval = nil
+                event = query_on_enter(sql, options) { retval = query_without_security(sql, options) }
+                query_on_exit(event) { return retval }
+              end
+              alias_method :prepare_without_security, :prepare
+              def prepare(sql)
+                retval = nil
+                event = prepare_on_enter(sql) { retval = prepare_without_security(sql) }
+                prepare_on_exit(event, retval, sql) { return retval }
+              end
+            end
+          end
+        end
+      end
+      module Statement
+        module Chain
+          def self.instrument!
+            ::Mysql2::Statement.class_eval do
+              include NewRelic::Security::Instrumentation::Mysql2::Statement
+              alias_method :execute_without_security, :execute
+              def execute(*args, **kwargs)
+                retval = nil
+                event = execute_on_enter(*args, **kwargs) { retval = execute_without_security(*args, **kwargs) }
+                execute_on_exit(event) { return retval }
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/mysql2/instrumentation.rb ADDED Viewed

@@ -0,0 +1,84 @@
+require_relative 'prepend'
+require_relative 'chain'
+module NewRelic::Security
+  module Instrumentation
+    module Mysql2::Client
+      def query_on_enter(sql, options)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:sql] = sql
+        hash[:parameters] = []
+        event = NewRelic::Security::Agent::Control::Collector.collect(SQL_DB_COMMAND, [hash], MYSQL) unless NewRelic::Security::Instrumentation::InstrumentationUtils.sql_filter_events?(hash[:sql])
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def query_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      def prepare_on_enter(sql)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def prepare_on_exit(event, retval, sql)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[retval.object_id] = sql if NewRelic::Security::Agent::Control::HTTPContext.get_context
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+    module Mysql2::Statement
+      def execute_on_enter(*args, **kwargs)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:sql] = NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[self.object_id] if NewRelic::Security::Agent::Control::HTTPContext.get_context
+        hash[:parameters] = args.map(&:to_s)
+        event = NewRelic::Security::Agent::Control::Collector.collect(SQL_DB_COMMAND, [hash], MYSQL) unless NewRelic::Security::Instrumentation::InstrumentationUtils.sql_filter_events?(hash[:sql])
+        NewRelic::Security::Agent::Control::HTTPContext.get_context.cache.delete(self.object_id) if NewRelic::Security::Agent::Control::HTTPContext.get_context
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def execute_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+  end
+end
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:mysql2, ::Mysql2::Client, ::NewRelic::Security::Instrumentation::Mysql2::Client)
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:mysql2, ::Mysql2::Statement, ::NewRelic::Security::Instrumentation::Mysql2::Statement)

data/lib/newrelic_security/instrumentation-security/mysql2/prepend.rb ADDED Viewed

@@ -0,0 +1,37 @@
+module NewRelic::Security
+  module Instrumentation
+    module Mysql2
+      module Client
+        module Prepend
+          include NewRelic::Security::Instrumentation::Mysql2::Client
+          def query(sql, options = {})
+            retval = nil
+            event = query_on_enter(sql, options) { retval = super }
+            query_on_exit(event) { return retval }
+          end
+          def prepare(sql)
+            retval = nil
+            event = prepare_on_enter(sql) { retval = super }
+            prepare_on_exit(event, retval, sql) { return retval }
+          end
+        end
+      end
+      module Statement
+        module Prepend
+          include NewRelic::Security::Instrumentation::Mysql2::Statement
+          def execute(*args, **kwargs)
+            retval = nil
+            event = execute_on_enter(*args, **kwargs) { retval = super }
+            execute_on_exit(event) { return retval }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/net_http/chain.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module NewRelic::Security
+  module Instrumentation
+    module NetHTTP
+      module Chain
+        def self.instrument!
+          ::Net::HTTP.class_eval do
+            include NewRelic::Security::Instrumentation::NetHTTP
+            alias_method :transport_request_without_security, :transport_request
+            def transport_request(req, &block)
+              retval = nil
+              event = transport_request_on_enter(req) { retval = transport_request_without_security(req, &block) }
+              transport_request_on_exit(event) { return retval }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/net_http/instrumentation.rb ADDED Viewed

@@ -0,0 +1,60 @@
+require_relative 'prepend'
+require_relative 'chain'
+module NewRelic::Security
+  module Instrumentation
+    module NetHTTP
+      HTTP = 'http'
+      HTTP_COLON_SLASH_SLAH = 'http://'
+      HTTPS_COLON_SLASH_SLAH = 'https://'
+      def transport_request_on_enter(req)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ob = {}
+				ob[:Method] = req.method
+				if req.uri != nil && URI === req.uri
+					uri = req.uri
+					ob[:scheme]  = uri.scheme
+					ob[:host]    = uri.host
+					ob[:port]    = uri.port
+					ob[:URI]     = uri.to_s
+					ob[:path]    = uri.path
+					ob[:query]   = uri.query
+				else
+					ob[:scheme]  = self.use_ssl? ? HTTPS : HTTP
+					ob[:host]    = self.address
+					ob[:port]    = self.port
+					ob[:path]    = req.path
+					ob[:query]   = nil
+					ob[:URI] = "#{self.use_ssl? ? HTTPS_COLON_SLASH_SLAH : HTTP_COLON_SLASH_SLAH }#{self.address}:#{self.port}#{req.path}"
+				end
+				ob[:Body] = req.body
+				ob[:Headers] = req.to_hash.transform_values! { |v| v.join}
+        ob.each { |_, value| value.dup.force_encoding(ISO_8859_1).encode(UTF_8) if value.is_a?(String) }
+        event = NewRelic::Security::Agent::Control::Collector.collect(HTTP_REQUEST, [ob])
+        NewRelic::Security::Instrumentation::InstrumentationUtils.add_tracing_data(req, event) if event
+        ob = nil
+        event
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def transport_request_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+  end
+end
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:net_http, ::Net::HTTP, ::NewRelic::Security::Instrumentation::NetHTTP)

data/lib/newrelic_security/instrumentation-security/net_http/prepend.rb ADDED Viewed

@@ -0,0 +1,16 @@
+module NewRelic::Security
+  module Instrumentation
+    module NetHTTP
+      module Prepend
+        include NewRelic::Security::Instrumentation::NetHTTP
+        def transport_request(req, &block)
+          retval = nil
+          event = transport_request_on_enter(req) { retval = super }
+          transport_request_on_exit(event) { return retval }
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/net_ldap/chain.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module NewRelic::Security
+  module Instrumentation
+    module NetLDAP
+      module Chain
+        def self.instrument!
+          ::Net::LDAP.class_eval do
+            include NewRelic::Security::Instrumentation::NetLDAP
+            alias_method :search_without_security, :search
+            def search(args = {}, &block)
+              retval = nil
+              event = search_on_enter(args) { retval = search_without_security(args, &block) }
+              search_on_exit(event) { return retval }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/net_ldap/instrumentation.rb ADDED Viewed

@@ -0,0 +1,42 @@
+require_relative 'prepend'
+require_relative 'chain'
+module NewRelic::Security
+  module Instrumentation
+    module NetLDAP
+      def search_on_enter(args)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        if args.key?(:base) && !args[:base].empty?
+          hash = {}
+          hash[:name] = args[:base] if args.key?(:base)
+          hash[:filter] = args[:filter] if args.key?(:filter)
+          event = NewRelic::Security::Agent::Control::Collector.collect(LDAP, [hash])
+        else
+          #some times this method is also used during instance creation
+          # to know the capabilities of Ldap server. In these
+          # situations they don't provide the query parameter, so we filter
+          # this event
+          NewRelic::Security::Agent.logger.info "Filtered #{self.class}.#{__method__} because of insufficient args. args : #{args}\n"
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def search_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+  end
+end
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:net_ldap, ::Net::LDAP, ::NewRelic::Security::Instrumentation::NetLDAP)

data/lib/newrelic_security/instrumentation-security/net_ldap/prepend.rb ADDED Viewed

@@ -0,0 +1,16 @@
+module NewRelic::Security
+  module Instrumentation
+    module NetLDAP
+      module Prepend
+        include NewRelic::Security::Instrumentation::NetLDAP
+        def search(args = {}, &block)
+          retval = nil
+          event = search_on_enter(args) { retval = super }
+          search_on_exit(event) { return retval }
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/nokogiri/chain.rb ADDED Viewed

@@ -0,0 +1,46 @@
+module NewRelic::Security
+  module Instrumentation
+    module Nokogiri
+      module XML
+        module Node
+          module Chain
+            def self.instrument!
+              ::Nokogiri::XML::Node.class_eval do
+                include NewRelic::Security::Instrumentation::Nokogiri::XML
+                alias_method :xpath_without_security, :xpath
+                def xpath(*var)
+                  retval = nil
+                  event = xpath_on_enter(*var) { retval = xpath_without_security(*var) }
+                  xpath_on_exit(event) { return retval }
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+    module Nokogiri
+      module XML
+        module NodeSet
+          module Chain
+            def self.instrument!
+              ::Nokogiri::XML::NodeSet.class_eval do
+                include NewRelic::Security::Instrumentation::Nokogiri::XML
+                alias_method :xpath_without_security, :xpath
+                def xpath(*var)
+                  retval = nil
+                  event = xpath_on_enter(*var) { retval = xpath_without_security(*var) }
+                  xpath_on_exit(event) { return retval }
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/nokogiri/instrumentation.rb ADDED Viewed

@@ -0,0 +1,36 @@
+require_relative 'prepend'
+require_relative 'chain'
+module NewRelic::Security
+  module Instrumentation
+    module Nokogiri::XML
+      def xpath_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        paths, _, _, binds = extract_params(var)
+        hash = { :paths => paths, :variables => binds }
+        event = NewRelic::Security::Agent::Control::Collector.collect(XPATH, [hash])
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def xpath_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+  end
+end
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:nokogiri, ::Nokogiri::XML::Node, ::NewRelic::Security::Instrumentation::Nokogiri::XML::Node)
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:nokogiri, ::Nokogiri::XML::NodeSet, ::NewRelic::Security::Instrumentation::Nokogiri::XML::NodeSet)
+# TODO: check if this hook can replace both the hooks, Nokogiri::XML::Searchable#xpath

data/lib/newrelic_security/instrumentation-security/nokogiri/prepend.rb ADDED Viewed

@@ -0,0 +1,31 @@
+module NewRelic::Security
+  module Instrumentation
+    module Nokogiri
+      module XML
+        module Node
+          module Prepend
+            include NewRelic::Security::Instrumentation::Nokogiri::XML
+            def xpath(*var)
+              retval = nil
+              event = xpath_on_enter(*var) { retval = super }
+              xpath_on_exit(event) { return retval }
+            end
+          end
+        end
+        module NodeSet
+          module Prepend
+            include NewRelic::Security::Instrumentation::Nokogiri::XML
+            def xpath(*var)
+              retval = nil
+              event = xpath_on_enter(*var) { retval = super }
+              xpath_on_exit(event) { return retval }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/padrino/chain.rb ADDED Viewed

@@ -0,0 +1,26 @@
+module NewRelic::Security
+  module Instrumentation
+    module Padrino
+      module PathRouter
+        module Router
+          module Chain
+            def self.instrument!
+              ::Padrino::PathRouter::Router.class_eval do
+                include NewRelic::Security::Instrumentation::Padrino::PathRouter::Router
+                alias_method :call_without_security, :call
+                def call(env, &block)
+                  retval = nil
+                  event = call_on_enter(env) { retval = call_without_security(env, &block) }
+                  call_on_exit(event, retval) { return retval }
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/padrino/instrumentation.rb ADDED Viewed

@@ -0,0 +1,42 @@
+require_relative 'prepend'
+require_relative 'chain'
+module NewRelic::Security
+  module Instrumentation
+    module Padrino::PathRouter::Router
+      def call_on_enter(env)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        NewRelic::Security::Agent.config.update_port = NewRelic::Security::Agent::Utils.app_port(env) unless NewRelic::Security::Agent.config[:listen_port]
+        NewRelic::Security::Agent::Utils.get_app_routes(:padrino, self) if NewRelic::Security::Agent.agent.route_map.empty?
+        extracted_env = env.instance_variable_get(:@env)
+        NewRelic::Security::Agent::Control::HTTPContext.set_context(extracted_env)
+        ctxt = NewRelic::Security::Agent::Control::HTTPContext.get_context
+        ctxt.route = "#{extracted_env[REQUEST_METHOD].to_s}@#{extracted_env[PATH_INFO].to_s}" if ctxt
+        NewRelic::Security::Agent::Utils.parse_fuzz_header(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      def call_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        # NewRelic::Security::Agent.logger.debug "\n\nHTTP Context : #{::NewRelic::Agent::Tracer.current_transaction.instance_variable_get(:@security_context_data).inspect}\n\n"
+        NewRelic::Security::Agent::Control::ReflectedXSS.check_xss(NewRelic::Security::Agent::Control::HTTPContext.get_context, retval) if NewRelic::Security::Agent.config[:'security.detection.rxss.enabled']
+        NewRelic::Security::Agent::Utils.delete_created_files(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+        NewRelic::Security::Agent::Control::HTTPContext.reset_context
+        NewRelic::Security::Agent.logger.debug "Exit event : #{event}"
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+  end
+end
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:padrino, ::Padrino::PathRouter::Router, ::NewRelic::Security::Instrumentation::Padrino::PathRouter::Router)

data/lib/newrelic_security/instrumentation-security/padrino/prepend.rb ADDED Viewed

@@ -0,0 +1,20 @@
+module NewRelic::Security
+  module Instrumentation
+    module Padrino
+      module PathRouter
+        module Router
+          module Prepend
+            include NewRelic::Security::Instrumentation::Padrino::PathRouter::Router
+            def call(env, &block)
+              retval = nil
+              event = call_on_enter(env) { retval = super }
+              call_on_exit(event, retval) { return retval }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/patron/chain.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module NewRelic::Security
+  module Instrumentation
+    module Patron
+      module Session
+        module Chain
+          def self.instrument!
+            ::Patron::Session.class_eval do
+              include NewRelic::Security::Instrumentation::Patron::Session
+              alias_method :request_without_security, :request
+              def request(action, url, headers, options = {})
+                retval = nil
+                event = request_on_enter(action, url, headers, options) { retval = request_without_security(action, url, headers, options) }
+                request_on_exit(event) { return retval }
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end