newrelic_security 0.1.0

data/lib/newrelic_security/instrumentation-security/patron/instrumentation.rb

@@ -0,0 +1,50 @@
+require_relative 'prepend'
+require_relative 'chain'
+
+require 'uri'
+
+module NewRelic::Security
+  module Instrumentation
+    module Patron::Session
+
+      def request_on_enter(action, url, headers, options)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ob = {}
+        ob[:Method] = action
+        final_url = self.base_url.nil? ? url : "#{self.base_url}#{url}"
+        uri = NewRelic::Security::Instrumentation::InstrumentationUtils.parse_uri(final_url)
+        if uri
+          ob[:scheme]  = uri.scheme
+          ob[:host]    = uri.host
+          ob[:port]    = uri.port
+          ob[:URI]     = uri.to_s
+          ob[:path]    = uri.path
+          ob[:query]   = uri.query
+          ob[:Body] = options[:data]
+          ob[:Headers] = headers
+          ob.each { |_, value| value.dup.force_encoding(ISO_8859_1).encode(UTF_8) if value.is_a?(String) }
+          event = NewRelic::Security::Agent::Control::Collector.collect(HTTP_REQUEST, [ob])
+        end
+        NewRelic::Security::Instrumentation::InstrumentationUtils.add_tracing_data(headers, event) if event
+        event
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def request_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:patron, ::Patron::Session, ::NewRelic::Security::Instrumentation::Patron::Session)

data/lib/newrelic_security/instrumentation-security/patron/prepend.rb

@@ -0,0 +1,18 @@
+module NewRelic::Security
+  module Instrumentation
+    module Patron
+      module Session
+        module Prepend
+          include NewRelic::Security::Instrumentation::Patron::Session
+
+          def request(action, url, headers, options = {})
+            retval = nil
+            event = request_on_enter(action, url, headers, options) { retval = super }
+            request_on_exit(event) { return retval }
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/pg/chain.rb

@@ -0,0 +1,49 @@
+module NewRelic::Security
+  module Instrumentation
+    module PG
+      module Connection
+        module Chain
+
+          def self.instrument!
+            ::PG::Connection.class_eval do
+              include NewRelic::Security::Instrumentation::PG::Connection
+
+              alias_method :exec_without_security, :exec
+
+              def exec(sql)
+                retval = nil
+                event = exec_on_enter(sql) { retval = exec_without_security(sql) }
+                exec_on_exit(event) { return retval }
+              end
+
+              alias_method :async_exec_without_security, :async_exec
+
+              def async_exec(*args)
+                retval = nil
+                event = async_exec_on_enter(*args) { retval = async_exec_without_security(*args) }
+                async_exec_on_exit(event) { return retval }
+              end
+              
+              alias_method :prepare_without_security, :prepare
+
+              def prepare(*args)
+                retval = nil
+                event = prepare_on_enter(*args) { retval = prepare_without_security(*args) }
+                prepare_on_exit(event) { return retval }
+              end
+
+              alias_method :exec_prepared_without_security, :exec_prepared
+
+              def exec_prepared(*args)
+                retval = nil
+                event = exec_prepared_on_enter(*args) { retval = exec_prepared_without_security(*args) }
+                exec_prepared_on_exit(event) { return retval }
+              end
+
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/pg/instrumentation.rb

@@ -0,0 +1,102 @@
+require_relative 'prepend'
+require_relative 'chain'
+
+module NewRelic::Security
+  module Instrumentation
+    module PG::Connection
+
+      def exec_on_enter(sql)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:sql] = sql
+        hash[:parameters] = []
+        event = NewRelic::Security::Agent::Control::Collector.collect(SQL_DB_COMMAND, [hash], POSTGRES) unless NewRelic::Security::Instrumentation::InstrumentationUtils.sql_filter_events?(hash[:sql])
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def exec_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def async_exec_on_enter(*args)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:sql] = args[0]
+        hash[:parameters] = []
+        event = NewRelic::Security::Agent::Control::Collector.collect(SQL_DB_COMMAND, [hash], POSTGRES) unless NewRelic::Security::Instrumentation::InstrumentationUtils.sql_filter_events?(hash[:sql])
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def async_exec_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def prepare_on_enter(*args)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[args[0].to_s] = args[1].to_s if NewRelic::Security::Agent::Control::HTTPContext.get_context
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def prepare_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def exec_prepared_on_enter(*args)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        hash = {}
+        hash[:sql] = NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[args[0].to_s] if NewRelic::Security::Agent::Control::HTTPContext.get_context
+        hash[:sql] = self.exec("select statement from pg_prepared_statements where name = '#{args[0]}'").getvalue(0,0) unless hash[:sql]
+        hash[:parameters] = args[1].map(&:to_s)
+        event = NewRelic::Security::Agent::Control::Collector.collect(SQL_DB_COMMAND, [hash], POSTGRES) unless NewRelic::Security::Instrumentation::InstrumentationUtils.sql_filter_events?(hash[:sql])
+        NewRelic::Security::Agent::Control::HTTPContext.get_context.cache.delete(args[0].to_s) if NewRelic::Security::Agent::Control::HTTPContext.get_context
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def exec_prepared_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:pg, ::PG::Connection, ::NewRelic::Security::Instrumentation::PG::Connection)

data/lib/newrelic_security/instrumentation-security/pg/prepend.rb

@@ -0,0 +1,36 @@
+module NewRelic::Security
+  module Instrumentation
+    module PG
+      module Connection
+        module Prepend
+          include NewRelic::Security::Instrumentation::PG::Connection
+  
+          def exec(sql)
+            retval = nil
+            event = exec_on_enter(sql) { retval = super }
+            exec_on_exit(event) { return retval }
+          end
+
+          def async_exec(*args)
+            retval = nil
+            event = async_exec_on_enter(*args) { retval = super }
+            async_exec_on_exit(event) { return retval }
+          end
+
+          def prepare(*args)
+            retval = nil
+            event = prepare_on_enter(*args) { retval = super }
+            prepare_on_exit(event) { return retval }
+          end
+
+          def exec_prepared(*args)
+            retval = nil
+            event = exec_prepared_on_enter(*args) { retval = super }
+            exec_prepared_on_exit(event) { return retval }
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/pty/chain.rb

@@ -0,0 +1,31 @@
+module NewRelic::Security
+  module Instrumentation
+    module PTY
+      module Chain
+        def self.instrument!
+          ::PTY.class_eval do
+            class << self
+              include NewRelic::Security::Instrumentation::PTY
+
+              alias_method :spawn_without_security, :spawn
+
+              def spawn(*var)
+                retval = nil
+                event = spawn_on_enter(*var) { retval = spawn_without_security(*var) }
+                spawn_on_exit(event) { return retval }
+              end
+
+              alias_method :getpty_without_security, :getpty
+
+              def getpty(*var, &block)
+                retval = nil
+                event = getpty_on_enter(*var) { retval = getpty_without_security(*var, &block) }
+                getpty_on_exit(event) { return retval }
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/pty/instrumentation.rb

@@ -0,0 +1,52 @@
+require_relative 'prepend'
+require_relative 'chain'
+
+module NewRelic::Security
+  module Instrumentation
+    module PTY
+      
+      def spawn_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        event = NewRelic::Security::Agent::Control::Collector.collect(SYSTEM_COMMAND, var)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def spawn_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def getpty_on_enter(*var)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        event = NewRelic::Security::Agent::Control::Collector.collect(SYSTEM_COMMAND, var)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def getpty_on_exit(event)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent::Utils.create_exit_event(event)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:pty, ::PTY.singleton_class, ::NewRelic::Security::Instrumentation::PTY)

data/lib/newrelic_security/instrumentation-security/pty/prepend.rb

@@ -0,0 +1,22 @@
+module NewRelic::Security
+  module Instrumentation
+    module PTY
+      module Prepend
+        include NewRelic::Security::Instrumentation::PTY
+
+        def spawn(*var)
+          retval = nil
+          event = spawn_on_enter(*var) { retval = super }
+          spawn_on_exit(event) { return retval }
+        end
+
+        def getpty(*var, &block)
+          retval = nil
+          event = getpty_on_enter(*var) { retval = super }
+          getpty_on_exit(event) { return retval }
+        end
+
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/rails/chain.rb

@@ -0,0 +1,46 @@
+module NewRelic::Security
+  module Instrumentation
+    module Rails
+      module Engine
+        module Chain
+          def self.instrument!
+            ::Rails::Engine.class_eval do 
+              include NewRelic::Security::Instrumentation::Rails::Engine
+
+              alias_method :call_without_security, :call
+
+              def call(env)
+                retval = nil
+                event = call_on_enter(env) { retval = call_without_security(env) }
+                call_on_exit(event, retval) { return retval }
+              end
+            end
+          end
+        end
+      end
+    end
+
+    module ActionDispatch
+      module Journey
+        module Router
+          module Chain
+            def self.instrument!
+              ::ActionDispatch::Journey::Router.class_eval do
+                include NewRelic::Security::Instrumentation::ActionDispatch::Journey::Router
+
+                alias_method :find_routes_without_security, :find_routes
+  
+                def find_routes(req)
+                  retval = nil
+                  event = find_routes_on_enter(req) { retval = find_routes_without_security(req) }
+                  find_routes_on_exit(event, retval) { return retval }
+                end  
+              end
+            end
+          end
+        end
+      end
+    end
+    
+  end
+end

data/lib/newrelic_security/instrumentation-security/rails/instrumentation.rb

@@ -0,0 +1,67 @@
+require_relative 'prepend'
+require_relative 'chain'
+
+module NewRelic::Security
+  module Instrumentation
+    module Rails::Engine
+      # TODO: Revisit this hook for more base level hook which can support any framework by default.
+      def call_on_enter(env)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        NewRelic::Security::Agent.config.update_port = NewRelic::Security::Agent::Utils.app_port(env) unless NewRelic::Security::Agent.config[:listen_port]
+        NewRelic::Security::Agent::Utils.get_app_routes(:rails) if NewRelic::Security::Agent.agent.route_map.empty?
+        NewRelic::Security::Agent::Control::HTTPContext.set_context(env)
+        NewRelic::Security::Agent::Utils.parse_fuzz_header(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      
+      def call_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        # NewRelic::Security::Agent.logger.debug "\n\nHTTP Context : #{::NewRelic::Agent::Tracer.current_transaction.instance_variable_get(:@security_context_data).inspect}\n\n"
+        NewRelic::Security::Agent::Control::ReflectedXSS.check_xss(NewRelic::Security::Agent::Control::HTTPContext.get_context, retval) if NewRelic::Security::Agent.config[:'security.detection.rxss.enabled']
+        NewRelic::Security::Agent::Utils.delete_created_files(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+        NewRelic::Security::Agent::Control::HTTPContext.reset_context
+        NewRelic::Security::Agent.logger.debug "Exit event : #{event}"
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+      
+    end
+
+    module ActionDispatch::Journey::Router
+      
+      def find_routes_on_enter(req)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      
+      def find_routes_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+
+        unless retval[0].nil?
+          route = retval[0][2].path.spec.to_s.gsub(/\(\.:format\)/, EMPTY_STRING)
+          ctxt = NewRelic::Security::Agent::Control::HTTPContext.get_context
+          ctxt.route = "#{ctxt.method}@#{route}" unless ctxt.nil?
+        end
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:rails, ::Rails::Engine, ::NewRelic::Security::Instrumentation::Rails::Engine)
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:rails, ::ActionDispatch::Journey::Router, ::NewRelic::Security::Instrumentation::ActionDispatch::Journey::Router)

data/lib/newrelic_security/instrumentation-security/rails/prepend.rb

@@ -0,0 +1,33 @@
+module NewRelic::Security
+  module Instrumentation
+    module Rails
+      module Engine
+        module Prepend
+          include NewRelic::Security::Instrumentation::Rails::Engine
+
+          def call(env)
+            retval = nil
+            event = call_on_enter(env) { retval = super }
+            call_on_exit(event, retval) { return retval }
+          end
+        end
+      end
+    end
+
+    module ActionDispatch
+      module Journey
+        module Router
+          module Prepend
+            include NewRelic::Security::Instrumentation::ActionDispatch::Journey::Router
+
+            def find_routes(req)
+              retval = nil
+              event = find_routes_on_enter(req) { retval = super }
+              find_routes_on_exit(event, retval) { return retval }
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/roda/chain.rb

@@ -0,0 +1,22 @@
+module NewRelic::Security
+  module Instrumentation
+    module Roda
+      module Chain
+        def self.instrument!
+          ::Roda.class_eval do 
+            include NewRelic::Security::Instrumentation::Roda
+
+            alias_method :_roda_handle_main_route_without_security, :_roda_handle_main_route
+
+            def _roda_handle_main_route(*args)
+              retval = nil
+              event = _roda_handle_main_route_on_enter(self.env) { retval = _roda_handle_main_route_without_security(*args) }
+              _roda_handle_main_route_on_exit(event, retval) { return retval }
+            end
+
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/roda/instrumentation.rb

@@ -0,0 +1,41 @@
+require_relative 'prepend'
+require_relative 'chain'
+
+module NewRelic::Security
+  module Instrumentation
+    module Roda
+
+      def _roda_handle_main_route_on_enter(env)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        NewRelic::Security::Agent.config.update_port = NewRelic::Security::Agent::Utils.app_port(env) unless NewRelic::Security::Agent.config[:listen_port]
+        NewRelic::Security::Agent::Utils.get_app_routes(:roda) if NewRelic::Security::Agent.agent.route_map.empty?
+        NewRelic::Security::Agent::Control::HTTPContext.set_context(env)
+        ctxt = NewRelic::Security::Agent::Control::HTTPContext.get_context
+        ctxt.route = "#{env[REQUEST_METHOD].to_s}@#{env[PATH_INFO].to_s}" if ctxt
+        NewRelic::Security::Agent::Utils.parse_fuzz_header(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      
+      def _roda_handle_main_route_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        # NewRelic::Security::Agent.logger.debug "\n\nHTTP Context : #{::NewRelic::Agent::Tracer.current_transaction.instance_variable_get(:@security_context_data).inspect}\n\n"
+        NewRelic::Security::Agent::Control::ReflectedXSS.check_xss(NewRelic::Security::Agent::Control::HTTPContext.get_context, retval) if NewRelic::Security::Agent.config[:'security.detection.rxss.enabled']
+        NewRelic::Security::Agent::Utils.delete_created_files(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+        NewRelic::Security::Agent::Control::HTTPContext.reset_context
+        NewRelic::Security::Agent.logger.debug "Exit event : #{event}"
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+            
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:roda, ::Roda, ::NewRelic::Security::Instrumentation::Roda)

data/lib/newrelic_security/instrumentation-security/roda/prepend.rb

@@ -0,0 +1,16 @@
+module NewRelic::Security
+  module Instrumentation
+    module Roda
+      module Prepend
+        include NewRelic::Security::Instrumentation::Roda
+
+        def _roda_handle_main_route(*args)
+          retval = nil
+          event = _roda_handle_main_route_on_enter(self.env) { retval = super }
+          _roda_handle_main_route_on_exit(event, retval) { return retval }
+        end
+        
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/sinatra/chain.rb

@@ -0,0 +1,29 @@
+module NewRelic::Security
+  module Instrumentation
+    module Sinatra
+      module Base
+        module Chain
+          def self.instrument!
+            ::Sinatra::Base.class_eval do 
+              include NewRelic::Security::Instrumentation::Sinatra::Base
+
+              alias_method :call_without_security, :call
+
+              def call(env)
+                retval = nil
+                event = call_on_enter(env) { retval = call_without_security(env) }
+                call_on_exit(event, retval) { return retval }
+              end
+
+              alias_method :route_eval_without_security, :route_eval
+
+              def route_eval(&block)
+                route_eval_on_enter { route_eval_without_security(&block) }
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/instrumentation-security/sinatra/instrumentation.rb

@@ -0,0 +1,49 @@
+require_relative 'prepend'
+require_relative 'chain'
+
+module NewRelic::Security
+  module Instrumentation
+    module Sinatra::Base
+
+      def call_on_enter(env)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        NewRelic::Security::Agent.config.update_port = NewRelic::Security::Agent::Utils.app_port(env) unless NewRelic::Security::Agent.config[:listen_port]
+        NewRelic::Security::Agent::Utils.get_app_routes(:sinatra) if NewRelic::Security::Agent.agent.route_map.empty?
+        NewRelic::Security::Agent::Control::HTTPContext.set_context(env)
+        NewRelic::Security::Agent::Utils.parse_fuzz_header(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+      
+      def call_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        # NewRelic::Security::Agent.logger.debug "\n\nHTTP Context : #{::NewRelic::Agent::Tracer.current_transaction.instance_variable_get(:@security_context_data).inspect}\n\n"
+        NewRelic::Security::Agent::Control::ReflectedXSS.check_xss(NewRelic::Security::Agent::Control::HTTPContext.get_context, retval) if NewRelic::Security::Agent.config[:'security.detection.rxss.enabled']
+        NewRelic::Security::Agent::Utils.delete_created_files(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+        NewRelic::Security::Agent::Control::HTTPContext.reset_context
+        NewRelic::Security::Agent.logger.debug "Exit event : #{event}"
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+
+      def route_eval_on_enter
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ctxt = NewRelic::Security::Agent::Control::HTTPContext.get_context
+        ctxt.route = self.env["sinatra.route"].split.join("@") unless ctxt.nil?
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+            
+    end
+  end
+end
+
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:sinatra, ::Sinatra::Base, ::NewRelic::Security::Instrumentation::Sinatra::Base)