newrelic_security 0.1.0

data/lib/newrelic_security/agent/configuration/manager.rb

@@ -0,0 +1,178 @@
+require 'securerandom'
+require 'socket'
+require 'openssl'
+require 'newrelic_security/agent/configuration/default_source'
+require 'newrelic_security/agent/configuration/environment_source'
+require 'newrelic_security/agent/configuration/manual_source'
+require 'newrelic_security/agent/configuration/server_source'
+require 'newrelic_security/agent/configuration/yaml_source'
+
+module NewRelic::Security
+  module Agent
+    module Configuration
+      class Manager
+        def initialize
+          @cache = Hash.new
+          @cache[:agent_run_id] = ::NewRelic::Agent.agent.service.agent_id
+          @cache[:linking_metadata] = ::NewRelic::Agent.linking_metadata
+          @cache[:app_name] = ::NewRelic::Agent.config[:app_name][0]
+          @cache[:entity_guid] = ::NewRelic::Agent.config[:entity_guid]
+          @cache[:license_key] = ::NewRelic::Agent.config[:license_key]
+          @cache[:policy] = Hash.new
+          @cache[:account_id] = nil
+          @cache[:application_id] = nil
+          @cache[:primary_application_id] = nil
+          @cache[:log_file_path] = ::NewRelic::Agent.config[:log_file_path]
+          @cache[:fuzz_dir_path] = ::File.join(::File.absolute_path(::NewRelic::Agent.config[:log_file_path]), SEC_HOME_PATH, TMP_DIR)
+          @cache[:log_level] = ::NewRelic::Agent.config[:log_level]
+          @cache[:high_security] = ::NewRelic::Agent.config[:high_security]
+          @cache[:'agent.enabled'] = ::NewRelic::Agent.config[:'security.agent.enabled']
+          @cache[:enabled] = ::NewRelic::Agent.config[:'security.enabled']
+          @cache[:mode] = ::NewRelic::Agent.config[:'security.mode']
+          @cache[:validator_service_url] = ::NewRelic::Agent.config[:'security.validator_service_url']
+          @cache[:'security.detection.rci.enabled'] = ::NewRelic::Agent.config[:'security.detection.rci.enabled']
+          @cache[:'security.detection.rxss.enabled'] = ::NewRelic::Agent.config[:'security.detection.rxss.enabled']
+          @cache[:'security.detection.deserialization.enabled'] = ::NewRelic::Agent.config[:'security.detection.deserialization.enabled']
+          @cache[:framework] = detect_framework
+          @cache[:'security.application_info.port'] = ::NewRelic::Agent.config[:'security.application_info.port'].to_i
+          @cache[:'security.request.body_limit'] = ::NewRelic::Agent.config[:'security.request.body_limit'].to_i > 0 ? ::NewRelic::Agent.config[:'security.request.body_limit'].to_i : 300
+          @cache[:listen_port] = nil
+          @cache[:app_root] = NewRelic::Security::Agent::Utils.app_root
+          @cache[:jruby_objectspace_enabled] = false
+          @cache[:json_version] = :'1.2.0'
+
+          @environment_source = NewRelic::Security::Agent::Configuration::EnvironmentSource.new
+          @server_source = NewRelic::Security::Agent::Configuration::ServerSource.new
+          @manual_source = NewRelic::Security::Agent::Configuration::ManualSource.new
+          @yaml_source = NewRelic::Security::Agent::Configuration::YamlSource.new
+          @default_source = NewRelic::Security::Agent::Configuration::DefaultSource.new
+        rescue Exception => exception
+          # TODO: remove this puts once agent stablizes
+          puts "Exception in Configuration::Manager.initialize : #{exception.inspect} #{exception.backtrace}"
+        end
+  
+        def [](key)
+          @cache[key]
+        end
+  
+        def has_key?(key)
+          @cache.has_key?(key)
+        end
+  
+        def keys
+          @cache.keys
+        end
+
+        def cache
+          @cache
+        end
+    
+        def refresh
+          NewRelic::Security::Agent.logger.debug "refreshing agent config"
+          NewRelic::Security::Agent.config = NewRelic::Security::Agent::Configuration::Manager.new
+          # TODO: add validator received config also after the new, else collector#40 throws error
+        end
+
+        def save_uuid
+          @cache[:uuid] = generate_uuid
+        end
+
+        def update_server_config
+          @cache[:agent_run_id] = ::NewRelic::Agent.agent.service.agent_id
+          @cache[:linking_metadata] = ::NewRelic::Agent.linking_metadata
+          server_source = ::NewRelic::Agent.config.instance_variable_get(:@server_source) if defined?(::NewRelic::Agent)
+          @cache[:account_id] = server_source[:account_id]
+          @cache[:application_id] = server_source[:application_id]
+          @cache[:entity_guid] = server_source[:entity_guid]
+          @cache[:primary_application_id] = server_source[:primary_application_id]
+          @cache[:extraction_key] = generate_key(@cache[:entity_guid])
+        rescue Exception => exception
+          NewRelic::Security::Agent.logger.error "Exception in update_server_config : #{exception.inspect} #{exception.backtrace}"
+        end
+
+        def update_port=(listen_port)
+          @cache[:listen_port] = listen_port
+        end
+
+        def app_server=(app_server)
+          @cache[:app_server] = app_server
+        end
+
+        def jruby_objectspace_enabled=(jruby_objectspace_enabled)
+          @cache[:jruby_objectspace_enabled] = jruby_objectspace_enabled
+        end
+
+        def disable_security
+          @cache[:enabled] = false
+          NewRelic::Security::Agent.logger.info "Security Agent is now INACTIVE for #{NewRelic::Security::Agent.config[:uuid]}\n"
+          NewRelic::Security::Agent.init_logger.info "Security Agent is now INACTIVE for #{NewRelic::Security::Agent.config[:uuid]}\n"
+        end
+
+        def enable_security
+          @cache[:enabled] = true
+          NewRelic::Security::Agent.logger.info "Security Agent is now ACTIVE for #{NewRelic::Security::Agent.config[:uuid]}\n"
+          NewRelic::Security::Agent.init_logger.info "Security Agent is now ACTIVE for #{NewRelic::Security::Agent.config[:uuid]}\n"
+          NewRelic::Security::Agent.agent.event_processor.send_critical_message("Security Agent is now ACTIVE for #{NewRelic::Security::Agent.config[:uuid]}", "INFO", caller_locations[0].to_s, Thread.current.name, nil)
+        end
+
+        private
+
+        def detect_framework
+          return :rails if defined?(::Rails)
+          return :padrino if defined?(::Padrino)
+          return :sinatra if defined?(::Sinatra)
+          return :roda if defined?(::Roda)
+          return :grape if defined?(::Grape)
+        end
+
+        def generate_uuid
+          if defined?(::Puma::Cluster)
+            ObjectSpace.each_object(::Puma::Cluster) { |z| return fetch_or_create_uuid if !z.preload? && z.instance_variable_get(:@options)[:workers] >= 1 }
+          end
+          if defined?(::Unicorn::HttpServer)
+            ObjectSpace.each_object(::Unicorn::HttpServer) { |z| return fetch_or_create_uuid if !z.preload_app && z.worker_processes >= 1 }
+          end
+          if defined?(::PhusionPassenger::App) && ::PhusionPassenger::App.options[SPAWN_METHOD].match?(/#{DIRECT}/i)
+            return create_uuid
+          end
+          ::SecureRandom.uuid
+        rescue Exception => exception
+          NewRelic::Security::Agent.logger.error "Exception in generate_uuid : #{exception.inspect} #{exception.backtrace}"
+        end
+
+        def create_uuid
+          hostname = ::Socket.gethostname
+          ip_addr = Socket.ip_address_list.detect{|intf| intf.ipv4_private?}.ip_address.to_s
+          process_identity = ::Gem.win_platform? ? ::Process.pid : ::Process.getpgrp
+          [hostname, ip_addr, process_identity].join(HYPHEN)
+        end
+
+        def fetch_or_create_uuid
+          process_identity = ::Gem.win_platform? ? ::Process.pid : ::Process.getpgrp
+          tmp_dir = ::File.join(@cache[:log_file_path], SEC_HOME_PATH, TMP_DIR)
+          if ::File.directory?(tmp_dir)
+            uuid_file_name = ::File.join(@cache[:log_file_path], SEC_HOME_PATH, TMP_DIR, process_identity.to_s)
+          else
+            ::FileUtils.mkdir_p(TMP_DIR) unless ::File.directory?(TMP_DIR)
+            uuid_file_name = ::File.join(TMP_DIR, process_identity.to_s)
+          end
+          if ::File.exist?(uuid_file_name)
+            sleep 0.01
+            return ::File.read(uuid_file_name)
+          end
+          File.open(uuid_file_name, 'w', 0644) {|f|
+            ret = f.flock(File::LOCK_EX|File::LOCK_NB)
+            f.write(::SecureRandom.uuid) if ret == 0
+          }
+          ::File.read(uuid_file_name)
+        rescue Exception => exception
+          NewRelic::Security::Agent.logger.error "Exception in uuid file creation : #{exception.inspect} #{exception.backtrace}"
+        end
+
+        def generate_key(entity_guid)
+          ::OpenSSL::PKCS5.pbkdf2_hmac(entity_guid, entity_guid[0..15], 1024, 32, SHA1)
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent/configuration/manual_source.rb

@@ -0,0 +1,8 @@
+module NewRelic::Security
+  module Agent
+    module Configuration
+      class ManualSource
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent/configuration/server_source.rb

@@ -0,0 +1,8 @@
+module NewRelic::Security
+  module Agent
+    module Configuration
+      class ServerSource
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent/configuration/yaml_source.rb

@@ -0,0 +1,8 @@
+module NewRelic::Security
+  module Agent
+    module Configuration
+      class YamlSource
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent/control/app_info.rb

@@ -0,0 +1,132 @@
+# frozen_string_literal: true
+require 'digest'
+require 'json'
+
+module NewRelic::Security
+  module Agent
+    module Control
+      
+      PROC_SELF_EXE = '/proc/self/exe'
+      PROC_SELF_CMDLINE = '/proc/self/cmdline'
+      STATIC = 'STATIC'
+      COLON = ':'
+      RUBYLIB = 'RUBYLIB'
+      BACKSLASH000 = '\000'
+      KIND = 'kind'
+
+      class AppInfo
+        attr_reader :jsonName
+
+        def initialize
+          @collectorType = RUBY
+          @language = Ruby
+          @jsonName = :applicationinfo
+          @collectorVersion = NewRelic::Security::VERSION
+          @buildNumber = nil
+          @jsonVersion = NewRelic::Security::Agent.config[:json_version]
+          @startTime = current_time_millis
+          @applicationUUID = NewRelic::Security::Agent.config[:uuid]
+          @framework = NewRelic::Security::Agent.config[:framework]
+          @groupName = NewRelic::Security::Agent.config[:mode]
+          @userProvidedApplicationInfo = Hash.new
+          @policyVersion = nil
+          @userDir = nil
+          @libraryPath = library_path
+          @bootLibraryPath = EMPTY_STRING
+          @binaryName = binary_name
+          @binaryVersion = binary_version
+          @pid = pid
+          @cpid = cpid
+          @binaryPath = binary_path
+          @agentAttachmentType = STATIC
+          @sha256 = sha_256
+          @runCommand = run_command
+          @cmdline = [run_command]
+          @procStartTime = current_time_millis
+          @osArch = os_arch
+          @osName = os_name
+          @osVersion = os_version
+          @serverInfo = Hash.new # TODO: Fill this
+          @identifier = Hash.new # TODO: Fill this
+          @linkingMetadata = add_linking_metadata
+        end
+
+        def as_json
+          instance_variables.map! do |ivar|
+            [ivar[1..-1].to_sym, instance_variable_get(ivar)]
+          end.to_h
+        end
+
+        def to_json
+          as_json.to_json
+        end
+
+        def update_app_info
+          @identifier[KIND] = 'HOST' # TODO: Added other identifier details
+        end
+
+        private 
+
+        def current_time_millis
+          (Time.now.to_f * 1000).to_i
+        end
+
+        def library_path
+          ENV[RUBYLIB].split(COLON)
+        end
+
+        def binary_name
+          RUBY_ENGINE
+        end
+
+        def binary_version
+          RUBY_VERSION
+        end
+
+        def pid
+          return ::Process.pid if ::Gem.win_platform?
+          ::Process.getpgrp
+        end
+
+        def cpid
+          Process.pid
+        end
+
+        def binary_path
+          return ::File.realpath(PROC_SELF_EXE) if ::File.exist?(PROC_SELF_EXE)
+          nil
+        end
+
+        def sha_256
+          return ::Digest::SHA256.file(binary_path).hexdigest if binary_path
+          nil
+        end
+
+        def run_command
+          return ::File.read(PROC_SELF_CMDLINE).delete(BACKSLASH000) if File.exist?(PROC_SELF_CMDLINE)
+          $PROGRAM_NAME
+        end
+
+        def os_arch
+          ::Gem::Platform.local.cpu
+        end
+
+        def os_name
+          ::Gem::Platform.local.os
+        end
+
+        def os_version
+          ::Gem::Platform.local.version
+        end
+
+        def add_linking_metadata
+          linking_metadata = Hash.new
+          linking_metadata[:agentRunId] = NewRelic::Security::Agent.config[:agent_run_id]
+          linking_metadata.merge!(NewRelic::Security::Agent.config[:linking_metadata])
+          # TODO: add other fields as well in linking metadata, for event and heathcheck as well
+        end
+
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent/control/application_url_mappings.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+require 'set'
+require 'json'
+
+module NewRelic::Security
+  module Agent
+    module Control
+      
+
+      class ApplicationURLMappings
+        attr_reader :jsonName
+
+        def initialize
+          @collectorType = RUBY
+          @language = Ruby
+          @jsonName = :'sec-application-url-mapping'
+          @eventType = :'sec-application-url-mapping'
+          @collectorVersion = NewRelic::Security::VERSION
+          @buildNumber = nil
+          @jsonVersion = NewRelic::Security::Agent.config[:json_version]
+          @timestamp = current_time_millis
+          @applicationUUID = NewRelic::Security::Agent.config[:uuid]
+          @framework = NewRelic::Security::Agent.config[:framework]
+          @groupName = NewRelic::Security::Agent.config[:mode]
+          @policyVersion = nil
+          @linkingMetadata = add_linking_metadata
+          @mappings = []
+        end
+
+        def as_json
+          instance_variables.map! do |ivar|
+            [ivar[1..-1].to_sym, instance_variable_get(ivar)]
+          end.to_h
+        end
+
+        def to_json
+          as_json.to_json
+        end
+
+        def update_application_url_mappings
+          maps = ::Set.new
+          NewRelic::Security::Agent.agent.route_map.each do |mapping| 
+            method, path = mapping.split('@')
+            maps << { :method => method, :path => path }
+          end
+          @mappings = maps.to_a
+        end
+
+        private 
+
+        def current_time_millis
+          (Time.now.to_f * 1000).to_i
+        end
+
+        def add_linking_metadata
+          linking_metadata = {}
+          linking_metadata[:agentRunId] = NewRelic::Security::Agent.config[:agent_run_id]
+          linking_metadata.merge!(NewRelic::Security::Agent.config[:linking_metadata])
+          # TODO: add other fields as well in linking metadata, for event and heathcheck as well
+        end
+
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent/control/collector.rb

@@ -0,0 +1,117 @@
+# frozen_string_literal: true
+require 'digest'
+require 'pathname'
+
+module NewRelic::Security
+  module Agent
+    module Control
+      module Collector
+
+        COVERAGE = 101
+        MARSHAL_RB = 'marshal.rb'
+        LOAD = 'load'
+        PSYCH_RB = 'psych.rb'
+        MARSHAL_LOAD = 'marshal_load'
+        EVAL = 'eval'
+
+        extend self
+
+        def collect(case_type, args, event_category = nil, **keyword_args)
+          return unless NewRelic::Security::Agent.config[:enabled]
+          return if NewRelic::Security::Agent::Control::HTTPContext.get_context.nil? && NewRelic::Security::Agent::Control::GRPCContext.get_context.nil?
+          args.map! { |file| Pathname.new(file).relative? ? File.join(Dir.pwd, file) : file } if [FILE_OPERATION, FILE_INTEGRITY].include?(case_type)
+
+          event = NewRelic::Security::Agent::Control::Event.new(case_type, args, event_category)
+          stk = caller_locations[1..COVERAGE]
+          event.sourceMethod = stk[0].label
+
+          event.copy_http_info(NewRelic::Security::Agent::Control::HTTPContext.get_context) if NewRelic::Security::Agent::Control::HTTPContext.get_context
+          event.copy_grpc_info(NewRelic::Security::Agent::Control::GRPCContext.get_context) if NewRelic::Security::Agent::Control::GRPCContext.get_context
+          event.isIASTEnable = true if NewRelic::Security::Agent::Utils.is_IAST?
+          event.isIASTRequest = true if NewRelic::Security::Agent::Utils.is_IAST_request?(event.httpRequest[:headers])
+          event.parentId = event.httpRequest[:headers][NR_CSEC_PARENT_ID] if event.httpRequest[:headers].key?(NR_CSEC_PARENT_ID)
+          find_deserialisation(event, stk) if case_type != REFLECTED_XSS && NewRelic::Security::Agent.config[:'security.detection.deserialization.enabled']
+          find_rci(event, stk) if case_type != REFLECTED_XSS && NewRelic::Security::Agent.config[:'security.detection.rci.enabled']
+          route = nil
+          if case_type == REFLECTED_XSS
+            event.httpResponse[:contentType] = keyword_args[:response_header]
+            route = NewRelic::Security::Agent::Control::HTTPContext.get_context.route
+            if route && NewRelic::Security::Agent.agent.route_map.include?(route)
+              event.stacktrace << route
+            end
+          end
+          # In rails 5 method name keeps chaning for same api call (ex: _app_views_sqli_sqlinjectionattackcase_html_erb__1999281606898621405_2624809100).
+          # Hence, considering only frame absolute_path & lineno for apiId calculation.
+          user_frame_index = get_user_frame_index(stk)
+          event.apiId = "#{case_type}-#{calculate_api_id(stk[0..user_frame_index].map { |frame| "#{frame.absolute_path}:#{frame.lineno}" }, event.httpRequest[:method], route)}"
+          stk.delete_if {|frame| frame.path.match(/newrelic_security/) || frame.path.match(/new_relic/)}
+          user_frame_index = get_user_frame_index(stk)
+          return if case_type != REFLECTED_XSS && user_frame_index == -1 # TODO: Add log message here: "Filtered because User Stk frame NOT FOUND   \r\n"
+          if user_frame_index != -1
+            event.userMethodName = stk[user_frame_index].label.to_s
+            event.userFileName = stk[user_frame_index].path
+            event.lineNumber = stk[user_frame_index].lineno
+          else
+            event.sourceMethod = stk[0].label.to_s
+            event.userMethodName = stk[0].label.to_s
+            event.userFileName = stk[0].path
+            event.lineNumber = stk[0].lineno
+          end
+          event.stacktrace = stk[0..user_frame_index].map(&:to_s)
+          NewRelic::Security::Agent.agent.event_processor.send_event(event)
+          if event.httpRequest[:headers].key?(NR_CSEC_FUZZ_REQUEST_ID) && event.apiId == event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID].split(COLON_IAST_COLON)[0]
+            NewRelic::Security::Agent.agent.iast_client.completed_requests[event.parentId] << event.id if NewRelic::Security::Agent.agent.iast_client.completed_requests[event.parentId]
+          end
+          event
+        rescue Exception => exception
+          NewRelic::Security::Agent.logger.error "Exception in event collector: #{exception.inspect} #{exception.backtrace}"
+          NewRelic::Security::Agent.agent.event_processor.send_critical_message(exception.message, "SEVERE", caller_locations[0].to_s, Thread.current.name, exception)
+          if NewRelic::Security::Agent::Utils.is_IAST_request?(event.httpRequest[:headers])
+            NewRelic::Security::Agent.agent.iast_event_stats.error_count.increment
+          else
+            NewRelic::Security::Agent.agent.rasp_event_stats.error_count.increment
+          end
+        end
+
+        private
+
+        def get_user_frame_index(stk)
+          return -1 if NewRelic::Security::Agent.config[:app_root].nil?
+          stk.each_with_index do |val, index|
+            return index if val.path.start_with?(NewRelic::Security::Agent.config[:app_root])
+          end
+          return -1
+        end
+
+        def calculate_api_id(stk, method, route)
+          stk << route if route
+          ::Digest::SHA256.hexdigest("#{stk.join(PIPE)}|#{method}").to_s
+        rescue Exception => e
+          NewRelic::Security::Agent.logger.error "Exception in calculate_api_id : #{e} #{e.backtrace}"
+          nil
+        end
+
+        def find_deserialisation(event, stk)
+          stk.each_with_index { |val, index|
+            if (val.path.end_with?(MARSHAL_RB) && val.label == LOAD) || (val.path.end_with?(PSYCH_RB) && val.label == LOAD) || (val.label == MARSHAL_LOAD)
+              event.metaData[:triggerViaDeserialisation] = true
+              event.metaData[:rciMethodsCalls] = stk[0..index].collect { |frame| frame.label }
+              return
+            end
+          }
+        end
+
+        def find_rci(event, stk)
+          stk.each_with_index { |val, index|
+            if val.label == EVAL
+              event.metaData[:triggerViaRCI] = true
+              event.metaData[:rciMethodsCalls] = stk[0..index].collect { |frame| frame.label }
+              return
+            end
+          }
+        end
+
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent/control/control_command.rb

@@ -0,0 +1,117 @@
+require 'json'
+
+module NewRelic::Security
+  module Agent
+    module Control
+      module ControlCommand
+
+        extend self
+
+        def handle_ic_command(message)
+          message_json = parse_message(message)
+          define_transform_keys unless message_json.respond_to?(:transform_keys)
+          message_object = message_json.transform_keys(&:to_sym)
+          return if message_object.nil?
+
+          if message_object.has_key?(:controlCommand)
+            case message_object[:controlCommand]
+            when 4
+              
+            when 5
+              NewRelic::Security::Agent.logger.debug "Control command : '5', #{message_object}"
+            when 6
+
+            when 7
+              NewRelic::Security::Agent.logger.debug "Control command : '7', #{message_object}"
+            when 10
+              NewRelic::Security::Agent.logger.debug "Control command : '10', #{message_object}"
+            when 11
+              NewRelic::Security::Agent.logger.debug "Control command : '11', #{message_object.to_json}"
+              NewRelic::Security::Agent.config.update_port = message_object[:reflectedMetaData][LISTEN_PORT].to_i unless NewRelic::Security::Agent.config[:listen_port]
+              NewRelic::Security::Agent.agent.iast_client.last_fuzz_cc_timestamp = current_time_millis
+              fuzz_request = NewRelic::Security::Agent::Control::FuzzRequest.new(message_object[:id])
+              fuzz_request.request = prepare_fuzz_request(message_object)
+              fuzz_request.case_type = message_object[:arguments][1]
+              fuzz_request.reflected_metadata =  message_object[:reflectedMetaData]
+              NewRelic::Security::Agent.agent.iast_client.pending_request_ids << message_object[:id]
+              NewRelic::Security::Agent.agent.iast_client.enqueue(fuzz_request)
+              fuzz_request = nil
+            when 12
+              NewRelic::Security::Agent.logger.info "Validator asked to reconnect(CC#12), calling reconnect_at_will"
+              reconnect_at_will
+            when 13
+              NewRelic::Security::Agent.logger.debug "Control command : '13', #{message_object}"
+              NewRelic::Security::Agent.logger.debug "Received IAST cooldown. Waiting for next : #{message_object[:data]} Seconds"
+              NewRelic::Security::Agent.agent.iast_client.cooldown_till_timestamp = current_time_millis + (message_object[:data] * 1000)
+            when 14
+              NewRelic::Security::Agent.logger.debug "Control command : '14', #{message_object}"
+              NewRelic::Security::Agent.logger.debug "Purging confirmed IAST processed records count : #{message_object[:arguments].size}"
+              message_object[:arguments].each { |processed_id| NewRelic::Security::Agent.agent.iast_client.completed_requests.delete(processed_id) }
+            when 100
+              NewRelic::Security::Agent.logger.debug "Control command : '100', #{message_object.to_json}"
+              ::NewRelic::Agent.instance.events.notify(:security_policy_received, message_object[:data])
+              # TODO: Update policy from file here, if enabled.
+            when 101
+
+            when 102
+              NewRelic::Security::Agent.logger.error "Update policy failed at validator with error : #{message_object}"
+              # TODO: Apply initial policy here
+            when 1006
+              # TODO: abnormal closure in which case LC anyway have to reconnect
+            when 1013
+              # TODO: ndicates that the service is experiencing overload. A client should only connect to a different IP (when there are multiple for the target) or 	reconnect to the same IP upon user action.
+            else
+              NewRelic::Security::Agent.logger.error "Unrecognized control command : #{message_object}"
+            end
+          else
+            NewRelic::Security::Agent.logger.error "Control command is missing in IC message : #{message_object}"
+          end
+        end
+
+        def define_transform_keys
+          ::Hash.class_eval do
+            def transform_keys
+              result = {}
+              each_key do |key|
+                result[yield(key)] = self[key]
+              end
+              result
+            end
+          end
+        end
+
+        private 
+
+        def parse_message(message)
+          JSON.parse(message)
+        rescue JSON::ParserError => error
+          NewRelic::Security::Agent.logger.error "Error in parsing IC message : #{error.inspect}"
+          NewRelic::Security::Agent.agent.event_processor.send_critical_message(exception.message, "SEVERE", caller_locations[0].to_s, Thread.current.name, exception)
+          nil
+        end
+
+        def reconnect_at_will
+          NewRelic::Security::Agent.agent.iast_client.fuzzQ.clear if NewRelic::Security::Agent.agent.iast_client
+          NewRelic::Security::Agent.agent.iast_client.completed_requests.clear if NewRelic::Security::Agent.agent.iast_client
+          NewRelic::Security::Agent.agent.iast_client.pending_request_ids.clear if NewRelic::Security::Agent.agent.iast_client
+          NewRelic::Security::Agent.config.disable_security
+          Thread.new { NewRelic::Security::Agent.agent.reconnect(0) }
+        end
+
+        def current_time_millis
+          (Time.now.to_f * 1000).to_i
+        end
+
+        def prepare_fuzz_request(message_object)
+          message_object[:arguments][0].gsub!(NR_CSEC_VALIDATOR_HOME_TMP, NewRelic::Security::Agent.config[:fuzz_dir_path])
+          message_object[:arguments][0].gsub!(NR_CSEC_VALIDATOR_FILE_SEPARATOR, ::File::SEPARATOR)
+          prepared_fuzz_request = ::JSON.parse(message_object[:arguments][0])
+          prepared_fuzz_request[HEADERS][NR_CSEC_PARENT_ID] = message_object[:id]
+          prepared_fuzz_request
+        rescue Exception => exception # rubocop:disable Lint/RescueException
+          NewRelic::Security::Agent.logger.error "Exception in preparing fuzz request : #{exception.inspect} #{exception.backtrace}"
+        end
+      end
+    end
+  end
+end