RubyGems - newrelic_security - Versions diffs - 0.1.0 - Mend

newrelic_security 0.1.0

Files changed (205) hide show

data/lib/newrelic_security/agent/logging/init_logger.rb ADDED Viewed

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+require 'logger'
+module NewRelic::Security
+  module Agent
+    module Logging
+      INIT_LOG_FILE_NAME = 'ruby-security-collector-init.log'
+      class AgentInitLogger
+        def initialize
+          create_log_to_file
+        end
+        def fatal(msg)
+          @init_logger.fatal(msg)
+        end
+        def error(msg)
+          @init_logger.error(msg)
+        end
+        def warn(msg)
+          @init_logger.warn(msg)
+        end
+        def info(msg)
+          @init_logger.info(msg)
+        end
+        def debug(msg)
+          @init_logger.debug(msg)
+        end
+        private
+        def prepped_logger(target)
+          @logger = ::Logger.new(target)
+          @logger.level = AgentLogger.log_level_for(NewRelic::Security::Agent.config[:log_level])
+          set_log_format! if target == STDOUT
+          @logger.instance_variable_set(:@skip_instrumenting, true)
+          @logger.freeze
+          @logger
+        end
+        LOG_LEVELS = {
+          "debug" => ::Logger::DEBUG,
+          "info" => ::Logger::INFO,
+          "warn" => ::Logger::WARN,
+          "error" => ::Logger::ERROR,
+          "fatal" => ::Logger::FATAL
+        }
+        def self.log_level_for(level)
+          LOG_LEVELS.fetch(level.to_s.downcase, ::Logger::INFO)
+        end
+        def create_log_to_file
+          log_dir = ::File.join(NewRelic::Security::Agent.config[:log_file_path], SEC_HOME_PATH, LOGS_DIR)
+          path = ::File.directory?(log_dir)
+          if wants_stdout?
+            @init_logger = prepped_logger(STDOUT)
+            warn("Using standard out for logging due to config `log_file_path` or serverless_mode")
+          elsif path
+            file_path = "#{log_dir}/#{INIT_LOG_FILE_NAME}"
+            begin
+              @init_logger = prepped_logger(file_path)
+            rescue => e
+              @init_logger = prepped_logger(STDOUT)
+              warn("Failed creating logger for file #{file_path}, using standard out for logging. #{e}")
+            end
+          else
+            @init_logger = prepped_logger(STDOUT)
+            warn("Error creating log directory #{::File.join(NewRelic::Security::Agent.config[:log_file_path], SEC_HOME_PATH, LOGS_DIR)}, using standard out for logging.")
+          end
+        end
+        def wants_stdout?
+          NewRelic::Security::Agent.config[:log_file_path].casecmp(STANDARD_OUT) == 0 ||
+            ::NewRelic::Agent.config[:'serverless_mode.enabled']
+        end
+        def set_log_format!
+          @logger.formatter = proc do |severity, datetime, progname, msg|
+            "** [NewRelic][Security]#{msg}\n"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent/logging/logger.rb ADDED Viewed

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+require 'logger'
+module NewRelic::Security
+  module Agent
+    module Logging
+      LOG_FILE_SIZE = 50 * 1024 * 1024
+      MAX_LOG_FILES = 3
+      class AgentLogger
+        def initialize
+          create_log_to_file
+        end
+        def fatal(msg)
+          @logger.fatal(msg)
+        end
+        def error(msg)
+          @logger.error(msg)
+        end
+        def warn(msg)
+          @logger.warn(msg)
+        end
+        def info(msg)
+          @logger.info(msg)
+        end
+        def debug(msg)
+          @logger.debug(msg)
+        end
+        private
+        def prepped_logger(target)
+          @logger = ::Logger.new(target, MAX_LOG_FILES, LOG_FILE_SIZE)
+          @logger.level = AgentLogger.log_level_for(NewRelic::Security::Agent.config[:log_level])
+          set_log_format! if target == STDOUT
+          @logger.instance_variable_set(:@skip_instrumenting, true)
+          @logger.freeze
+          @logger
+        end
+        LOG_LEVELS = {
+          "debug" => ::Logger::DEBUG,
+          "info" => ::Logger::INFO,
+          "warn" => ::Logger::WARN,
+          "error" => ::Logger::ERROR,
+          "fatal" => ::Logger::FATAL
+        }
+        def self.log_level_for(level)
+          LOG_LEVELS.fetch(level.to_s.downcase, ::Logger::INFO)
+        end
+        def create_log_to_file
+          log_dir = ::File.join(NewRelic::Security::Agent.config[:log_file_path], SEC_HOME_PATH, LOGS_DIR)
+          path = ::File.directory?(log_dir)
+          if wants_stdout?
+            @logger = prepped_logger(STDOUT)
+            warn("Using standard out for logging due to config `log_file_path` or serverless_mode")
+          elsif path
+            file_path = "#{log_dir}/#{LOG_FILE_NAME}"
+            begin
+              @logger = prepped_logger(file_path)
+            rescue => e
+              @logger = prepped_logger(STDOUT)
+              warn("Failed creating logger for file #{file_path}, using standard out for logging. #{e}")
+            end
+          else
+            @logger = prepped_logger(STDOUT)
+            warn("Error creating log directory #{::File.join(NewRelic::Security::Agent.config[:log_file_path], SEC_HOME_PATH, LOGS_DIR)}, using standard out for logging.")
+          end
+        end
+        def wants_stdout?
+          NewRelic::Security::Agent.config[:log_file_path].casecmp(STANDARD_OUT) == 0 ||
+            ::NewRelic::Agent.config[:'serverless_mode.enabled']
+        end
+        def set_log_format!
+          @logger.formatter = proc do |severity, datetime, progname, msg|
+            "** [NewRelic][Security]#{msg}\n"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent/logging/null_logger.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module NewRelic::Security
+  module Agent
+    module Logging
+      class NullLogger
+        def fatal(msg); end
+        def error(msg); end
+        def warn(msg); end
+        def info(msg); end
+        def debug(msg); end
+        # def method_missing(method, *args, &blk)
+        #   nil
+        # end
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent/resources/cert.pem ADDED Viewed

@@ -0,0 +1,50 @@
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
+b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
+CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
+nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
+43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
+T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
+gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
+BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
+TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
+DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
+hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
+06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
+PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
+YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEvjCCA6agAwIBAgIQBtjZBNVYQ0b2ii+nVCJ+xDANBgkqhkiG9w0BAQsFADBh
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
+QTAeFw0yMTA0MTQwMDAwMDBaFw0zMTA0MTMyMzU5NTlaME8xCzAJBgNVBAYTAlVT
+MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxKTAnBgNVBAMTIERpZ2lDZXJ0IFRMUyBS
+U0EgU0hBMjU2IDIwMjAgQ0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAwUuzZUdwvN1PWNvsnO3DZuUfMRNUrUpmRh8sCuxkB+Uu3Ny5CiDt3+PE0J6a
+qXodgojlEVbbHp9YwlHnLDQNLtKS4VbL8Xlfs7uHyiUDe5pSQWYQYE9XE0nw6Ddn
+g9/n00tnTCJRpt8OmRDtV1F0JuJ9x8piLhMbfyOIJVNvwTRYAIuE//i+p1hJInuW
+raKImxW8oHzf6VGo1bDtN+I2tIJLYrVJmuzHZ9bjPvXj1hJeRPG/cUJ9WIQDgLGB
+Afr5yjK7tI4nhyfFK3TUqNaX3sNk+crOU6JWvHgXjkkDKa77SU+kFbnO8lwZV21r
+eacroicgE7XQPUDTITAHk+qZ9QIDAQABo4IBgjCCAX4wEgYDVR0TAQH/BAgwBgEB
+/wIBADAdBgNVHQ4EFgQUt2ui6qiqhIx56rTaD5iyxZV2ufQwHwYDVR0jBBgwFoAU
+A95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDAjB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGG
+GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcwAoY0aHR0cDovL2Nh
+Y2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNydDBCBgNV
+HR8EOzA5MDegNaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRH
+bG9iYWxSb290Q0EuY3JsMD0GA1UdIAQ2MDQwCwYJYIZIAYb9bAIBMAcGBWeBDAEB
+MAgGBmeBDAECATAIBgZngQwBAgIwCAYGZ4EMAQIDMA0GCSqGSIb3DQEBCwUAA4IB
+AQCAMs5eC91uWg0Kr+HWhMvAjvqFcO3aXbMM9yt1QP6FCvrzMXi3cEsaiVi6gL3z
+ax3pfs8LulicWdSQ0/1s/dCYbbdxglvPbQtaCdB73sRD2Cqk3p5BJl+7j5nL3a7h
+qG+fh/50tx8bIKuxT8b1Z11dmzzp/2n3YWzW2fP9NsarA4h20ksudYbj/NhVfSbC
+EXffPgK2fPOre3qGNm+499iTcc+G33Mw+nur7SpZyEKEOxEXGlLzyQ4UfaJbcme6
+ce1XR2bFuAJKZTRei9AqPCCcUZlM51Ke92sRKw2Sfh3oius2FkOH6ipjv3U/697E
+A7sKPPcw7+uvTPyLNhBzPvOk
+-----END CERTIFICATE-----

data/lib/newrelic_security/agent/utils/agent_utils.rb ADDED Viewed

@@ -0,0 +1,219 @@
+# frozen_string_literal: true
+require 'fileutils'
+require 'socket'
+require 'openssl'
+module NewRelic::Security
+  module Agent
+    module Utils
+      extend self
+      ENABLED = 'enabled'
+      VULNERABLE = 'VULNERABLE'
+      AES_256_CBC = 'AES-256-CBC'
+      H_ASTERIK = 'H*'
+      ASTERISK = '*'
+      def is_IAST?
+        return false if NewRelic::Security::Agent.config[:policy].empty?
+        return NewRelic::Security::Agent.config[:policy][VULNERABILITY_SCAN][IAST_SCAN][ENABLED] if NewRelic::Security::Agent.config[:policy][VULNERABILITY_SCAN][ENABLED]
+        false
+      end
+      def is_IAST_request?(headers)
+        return true if headers&.key?(NR_CSEC_FUZZ_REQUEST_ID)
+        false
+      end
+      def parse_fuzz_header(ctxt)
+        headers = ctxt.headers if ctxt
+        if is_IAST? && is_IAST_request?(headers)
+          fuzz_request = headers[NR_CSEC_FUZZ_REQUEST_ID].split(COLON_IAST_COLON)
+          if fuzz_request.length() >= 7
+            decrypted_data = decrypt_data(fuzz_request[6], fuzz_request[7]) if fuzz_request[6] && fuzz_request[7] && !fuzz_request[6].empty? && !fuzz_request[7].empty?
+            if decrypted_data
+              NewRelic::Security::Agent.logger.debug "Encrypted data: #{fuzz_request[6]},  decrypted data: #{decrypted_data}, Sha256: #{fuzz_request[7]}"
+              decrypted_data.split(COMMA).each do |filename|
+                begin
+                  filename.gsub!(NR_CSEC_VALIDATOR_HOME_TMP, NewRelic::Security::Agent.config[:fuzz_dir_path])
+                  filename.gsub!(NR_CSEC_VALIDATOR_FILE_SEPARATOR, ::File::SEPARATOR)
+                  dirname = ::File.dirname(filename)
+                  ::FileUtils.mkdir_p(dirname, :mode => 0770) unless ::File.directory?(dirname)
+                  ctxt&.fuzz_files << filename
+                  ::File.open(filename, ::File::WRONLY | ::File::CREAT | ::File::EXCL) do |fd|
+                      # puts "Ownership acquired by : #{Process.pid}"
+                  end unless ::File.exist?(filename)
+                rescue
+                end
+              end
+            end
+          end
+        end
+      end
+      def decrypt_data(name, sha)
+        cipher = ::OpenSSL::Cipher.new AES_256_CBC
+        cipher.decrypt
+        cipher.key = NewRelic::Security::Agent.config[:extraction_key]
+        decrypted = cipher.update [name].pack(H_ASTERIK)
+        decrypted << cipher.final
+        fname = decrypted[16..-1]
+        return fname if ::Digest::SHA256.hexdigest(fname) == sha
+        nil
+      rescue Exception => exception
+        NewRelic::Security::Agent.logger.error "Exception in decrypt_data: #{exception.inspect} #{exception.backtrace}"
+      end
+      def delete_created_files(ctxt)
+        return unless ctxt
+        headers = ctxt.headers
+        if is_IAST? && is_IAST_request?(headers)
+          ctxt.fuzz_files.each do |file|
+            begin
+              ::File.delete(file)
+            rescue
+            end
+          end
+        end
+      end
+      def create_exit_event(event)
+        return unless event
+        return unless is_IAST?
+        return unless is_IAST_request?(event.httpRequest[:headers])
+        if event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID].include?(event.apiId) && event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID].include?(VULNERABLE)
+          exit_event = NewRelic::Security::Agent::Control::ExitEvent.new
+          exit_event.executionId = event.id
+          exit_event.caseType = event.caseType
+          exit_event.k2RequestIdentifier = event.httpRequest[:headers][NR_CSEC_FUZZ_REQUEST_ID]
+          NewRelic::Security::Agent.agent.event_processor.send_exit_event(exit_event)
+        end
+      rescue Exception => exception
+        NewRelic::Security::Agent.logger.error "Exception in create_exit_event: #{exception.inspect} #{exception.backtrace}"
+        NewRelic::Security::Agent.agent.exit_event_stats.error_count.increment
+      end
+      def get_app_routes(framework, router = nil)
+        enable_object_space_in_jruby
+        if framework == :rails
+          ::Rails.application.routes.routes.each do |route|
+            if route.verb.is_a?(::Regexp)
+              method = route.verb.inspect.match(/[a-zA-Z]+/)
+              NewRelic::Security::Agent.agent.route_map << "#{method}@#{route.path.spec.to_s.gsub(/\(\.:format\)/, "")}" if method
+            else
+              route.verb.split("|").each { |m|
+                NewRelic::Security::Agent.agent.route_map << "#{m}@#{route.path.spec.to_s.gsub(/\(\.:format\)/, "")}"
+              }
+            end
+          end
+        elsif framework == :sinatra
+          ::Sinatra::Application.routes.each do |method, routes|
+            routes.map { |r| r.first.to_s }.map do |route|
+              NewRelic::Security::Agent.agent.route_map << "#{method}@#{route}"
+            end
+          end
+        elsif framework == :grape
+          ObjectSpace.each_object(::Grape::Endpoint) { |z|
+            z.instance_variable_get(:@routes)&.each { |route|
+              http_method = route.instance_variable_get(:@request_method) ? route.instance_variable_get(:@request_method) : route.instance_variable_get(:@options)[:method]
+              NewRelic::Security::Agent.agent.route_map << "#{http_method}@#{route.pattern.origin}"
+            }
+          }
+        elsif framework == :padrino
+          if router.instance_of?(::Padrino::PathRouter::Router)
+            router.instance_variable_get(:@routes).each do |route|
+              NewRelic::Security::Agent.agent.route_map << "#{route.instance_variable_get(:@verb)}@#{route.matcher.instance_variable_get(:@path)}"
+            end
+          end
+        elsif framework == :roda
+          NewRelic::Security::Agent.logger.warn "TODO: Roda is a routing tree web toolkit, which generates route dynamically, hence route extraction is not possible."
+        else
+          NewRelic::Security::Agent.logger.error "Unable to get app routes as Framework not detected"
+        end
+        disable_object_space_in_jruby if NewRelic::Security::Agent.config[:jruby_objectspace_enabled]
+        NewRelic::Security::Agent.logger.debug "ALL ROUTES : #{NewRelic::Security::Agent.agent.route_map}"
+        NewRelic::Security::Agent.agent.event_processor&.send_application_url_mappings
+      rescue Exception => exception
+        NewRelic::Security::Agent.logger.error "Error in get app routes : #{exception.inspect} #{exception.backtrace}"
+      end
+      def app_port(env)
+        listen_port = nil
+        if env.key?('puma.socket')
+          NewRelic::Security::Agent.config.app_server = :puma
+          if env['puma.socket'].is_a?(TCPSocket)
+            listen_port = env['puma.socket'].addr[1]
+            NewRelic::Security::Agent.logger.debug "Detected port from puma.socket TCPSocket : #{listen_port}"
+          elsif env['puma.socket'].is_a?(Puma::MiniSSL::Socket)
+              listen_port = env['puma.socket'].instance_variable_get(:@socket).addr[1]
+              NewRelic::Security::Agent.logger.debug "Detected port from puma.socket Puma::MiniSSL::Socket TCPSocket : #{listen_port}"
+          end
+        end
+        if env.key?('unicorn.socket') && env['unicorn.socket'].is_a?(::Unicorn::TCPClient)
+          NewRelic::Security::Agent.config.app_server = :unicorn
+          listen_port, _ = ::Socket.unpack_sockaddr_in(env['unicorn.socket'].getsockname)
+          NewRelic::Security::Agent.logger.debug "Detected port from unicorn.socket Unicorn::TCPClient : #{listen_port}"
+        end
+        ObjectSpace.each_object(::Falcon::Server) { |z|
+          NewRelic::Security::Agent.config.app_server = :falcon
+          listen_port = z.endpoint.instance_variable_get(:@specification)[1]
+          NewRelic::Security::Agent.logger.debug "Detected port from Falcon::Server : #{listen_port}"
+        } if defined?(::Falcon::Server)
+        ObjectSpace.each_object(::Thin::Backends::TcpServer) { |z|
+          NewRelic::Security::Agent.config.app_server = :thin
+          listen_port = z.instance_variable_get(:@port)
+          NewRelic::Security::Agent.logger.debug "Detected port from Thin::Backends::TcpServer : #{listen_port}"
+        } if defined?(::Thin::Backends::TcpServer)
+        ObjectSpace.each_object(::WEBrick::GenericServer) { |z|
+          NewRelic::Security::Agent.config.app_server = :webrick
+          listen_port = z.instance_variable_get(:@config)[:Port]
+          NewRelic::Security::Agent.logger.debug "Detected port from WEBrick::GenericServer : #{listen_port}"
+        } if defined?(::WEBrick::GenericServer)
+        if NewRelic::Security::Agent.config[:'security.application_info.port'] != 0
+          listen_port = NewRelic::Security::Agent.config[:'security.application_info.port']
+          NewRelic::Security::Agent.logger.info "Using application listen port from newrelic.yml security.application_info.port : #{listen_port}"
+        end
+        if listen_port
+          NewRelic::Security::Agent.logger.info "Detected application listen_port : #{listen_port}"
+        else
+          NewRelic::Security::Agent.logger.warn "Unable to detect application listen port, IAST can not run without application listen port. Please provide application listen port in security.application_info.port in newrelic.yml"
+        end
+        disable_object_space_in_jruby if NewRelic::Security::Agent.config[:jruby_objectspace_enabled]
+        listen_port
+      rescue Exception => exception
+        NewRelic::Security::Agent.logger.error "Exception in port detection : #{exception.inspect} #{exception.backtrace}"
+      end
+      def app_root
+        #so far assuming it as Rails
+        #TBD, determing the frame work then use appropriate APIs
+        #val = Rails.root
+        root = nil
+        root = ::Rack::Directory.new(EMPTY_STRING).root.to_s if defined? ::Rack::Directory
+        root
+      end
+      def enable_object_space_in_jruby
+        if RUBY_ENGINE == 'jruby' && !JRuby.objectspace
+          JRuby.objectspace = true
+          NewRelic::Security::Agent.config.jruby_objectspace_enabled = true
+        end
+      end
+      def disable_object_space_in_jruby
+        if RUBY_ENGINE == 'jruby' && JRuby.objectspace
+          JRuby.objectspace = false
+          NewRelic::Security::Agent.config.jruby_objectspace_enabled = false
+        end
+      end
+      def license_key
+        NewRelic::Security::Agent.config[:license_key]
+      end
+      def filtered_log(log)
+        log.gsub(license_key, ASTERISK * license_key.size)
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent.rb ADDED Viewed

@@ -0,0 +1,57 @@
+module NewRelic::Security
+  module Agent
+    extend self
+    require 'newrelic_security/constants'
+    require 'newrelic_security/agent/logging/logger'
+    require 'newrelic_security/agent/logging/init_logger'
+    require 'newrelic_security/agent/configuration/manager'
+    require 'newrelic_security/agent/agent'
+    require 'newrelic_security/agent/utils/agent_utils'
+    @agent = nil
+    @logger = nil
+    @config = nil
+    @event_subscriber = nil
+    # puts "NewRelic::Agent.agent : #{::NewRelic::Agent.agent.inspect}"
+    # puts "NewRelic::Agent.config : #{::NewRelic::Agent.config.inspect}"
+    # puts "NewRelic::Agent.config : #{::NewRelic::Agent.config.instance_variables}"
+    def agent()
+      return @agent if @agent
+      puts "Agent unavailable as it hasn't been started."
+      nil
+    end
+    def logger
+      @logger ||= NewRelic::Security::Agent::Logging::AgentLogger.new
+    end
+    def logger=(log)
+      @logger = log
+    end
+    def init_logger
+      @init_logger ||= NewRelic::Security::Agent::Logging::AgentInitLogger.new
+    end
+    def init_logger=(log)
+      @init_logger = log
+    end
+    def config
+      @config ||= NewRelic::Security::Agent::Configuration::Manager.new
+    end
+    def config=(new_config)
+      @config = new_config
+    end
+    @agent = NewRelic::Security::Agent::Agent.new unless @agent
+    NewRelic::Agent.instance.events.notify(:server_source_configuration_added) if NewRelic::Agent.agent.connected?
+    NewRelic::Security::Agent.logger.debug "Creating security agent instance initially : #{@agent.inspect}"
+    NewRelic::Security::Agent.init_logger.info "[STEP-1] => Security agent is starting : #{@agent.inspect}"
+    NewRelic::Security::Agent.init_logger.info "[STEP-2] => Generating unique identifier : #{@config[:uuid]}"
+  end
+end

data/lib/newrelic_security/constants.rb ADDED Viewed

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+module NewRelic::Security
+  EMPTY_STRING = ""
+  RUBY = 'RUBY'
+  Ruby = 'Ruby'
+  LANGUAGE_COLLECTOR = 'LANGUAGE_COLLECTOR'
+  STANDARD_OUT = 'STDOUT'
+  NR_CSEC_VALIDATOR_HOME_TMP = '{{NR_CSEC_VALIDATOR_HOME_TMP}}'
+  NR_CSEC_VALIDATOR_FILE_SEPARATOR = '{{NR_CSEC_VALIDATOR_FILE_SEPARATOR}}'
+  SEC_HOME_PATH = 'nr-security-home'
+  LOGS_DIR = 'logs'
+  TMP_DIR = 'tmp'
+  LOG_FILE_NAME = 'ruby-security-collector.log'
+  NR_SECURITY_HOME_TMP = 'nr-security-home/tmp/'
+  NR_CSEC_FUZZ_REQUEST_ID = 'nr-csec-fuzz-request-id'
+  NR_CSEC_TRACING_DATA = 'nr-csec-tracing-data'
+  NR_CSEC_PARENT_ID = 'nr-csec-parent-id'
+  COLON_IAST_COLON = ':IAST:'
+  NOSQL_DB_COMMAND = 'NOSQL_DB_COMMAND'
+  SQL_DB_COMMAND = 'SQL_DB_COMMAND'
+  FILE_OPERATION = 'FILE_OPERATION'
+  FILE_INTEGRITY = 'FILE_INTEGRITY'
+  SYSTEM_COMMAND = 'SYSTEM_COMMAND'
+  REFLECTED_XSS = 'REFLECTED_XSS'
+  HTTP_REQUEST = 'HTTP_REQUEST'
+  XPATH = 'XPATH'
+  LDAP = 'LDAP'
+  MONGO = 'MONGO'
+  SQLITE = 'SQLITE'
+  MYSQL = 'MYSQL'
+  POSTGRES = 'POSTGRES'
+  ISO_8859_1 = 'ISO-8859-1'
+  UTF_8 = 'UTF-8'
+  RAILS = 'rails'
+  PUMA = 'puma'
+  CLUSTER = 'cluster'
+  UNICORN = 'unicorn'
+  WORKER = 'worker'
+  HYPHEN = '-'
+  COMMA = ','
+  SLASH = '/'
+  AT_THE_RATE = '@'
+  SPAWN_METHOD = 'spawn_method'
+  DIRECT = 'direct'
+  LISTEN_PORT = 'listen_port'
+  PIPE = '|'
+  READ = 'read'
+  DELETE = 'delete'
+  WRITE = 'write'
+  BINWRITE = 'binwrite'
+  PROTOCOL = 'protocol'
+  HTTPS = 'https'
+  REQUEST_METHOD = 'REQUEST_METHOD'
+  PATH_INFO = 'PATH_INFO'
+  CONTENT_TYPE = 'CONTENT_TYPE'
+  REQUEST_URI = 'REQUEST_URI'
+  SERVER_PORT = 'SERVER_PORT'
+  X_FORWARDED_FOR = 'x-forwarded-for'
+  REMOTE_ADDR = 'REMOTE_ADDR'
+  RACK_URL_SCHEME = 'rack.url_scheme'
+  CONTENT_TYPE1 = 'content-Type'
+  PULL = 'PULL'
+  SHA1 = 'sha1'
+  VULNERABILITY_SCAN = 'vulnerabilityScan'
+  IAST_SCAN = 'iastScan'
+end

data/lib/newrelic_security/instrumentation-security/active_record/mysql2_adapter/chain.rb ADDED Viewed

@@ -0,0 +1,70 @@
+module NewRelic::Security
+  module Instrumentation
+    module ActiveRecord
+      module ConnectionAdapters
+        module Mysql2Adapter
+          module Chain
+            def self.instrument!
+              ::ActiveRecord::ConnectionAdapters::Mysql2Adapter.class_eval do
+                include NewRelic::Security::Instrumentation::ActiveRecord::ConnectionAdapters::Mysql2Adapter
+                if RUBY_ENGINE == 'jruby'
+                  alias_method :execute_without_security, :execute
+                  def execute(sql, name = nil)
+                    retval = nil
+                    event = execute_on_enter(sql, name) { retval = execute_without_security(sql, name) }
+                    execute_on_exit(event) { return retval }
+                  end
+                  alias_method :exec_insert_without_security, :exec_insert
+                  def exec_insert(*var)
+                    retval = nil
+                    event = exec_insert_on_enter(*var) { retval = exec_insert_without_security(*var) }
+                    exec_insert_on_exit(event) { return retval }
+                  end
+                  alias_method :exec_update_without_security, :exec_update
+                  def exec_update(*var)
+                    retval = nil
+                    event = exec_update_on_enter(*var) { retval = exec_update_without_security(*var) }
+                    exec_update_on_exit(event) { return retval }
+                  end
+                  alias_method :exec_query_without_security, :exec_query
+                  if ::Rails.version < '5'
+                    def exec_query(*var)
+                      retval = nil
+                      event = exec_query_on_enter(*var) { retval = exec_query_without_security(*var) }
+                      exec_query_on_exit(event) { return retval }
+                    end
+                  else
+                    def exec_query(*var, **key_vars)
+                      retval = nil
+                      event = exec_query_on_enter(*var, **key_vars) { retval = exec_query_without_security(*var, **key_vars) }
+                      exec_query_on_exit(event) { return retval }
+                    end
+                  end
+                  alias_method :exec_delete_without_security, :exec_delete
+                  def exec_delete(*var)
+                    retval = nil
+                    event = exec_delete_on_enter(*var) { retval = exec_delete_without_security(*var) }
+                    exec_delete_on_exit(event) { return retval }
+                  end
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end