newrelic_security 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c07c9ef96a8884449bdd0d5be44eccf3fee5ae6dde565863fe1eb24449a902f6
-  data.tar.gz: 56f813a8034eed9fd717a0c549275cd1c1e1386c50acdb2142379fbcc980838d
+  metadata.gz: 5b1160c4b821177b6ce0400848a72bf09899780ff83abadb60b3e60f35b8338b
+  data.tar.gz: 98cfb5a7d513e842690dce03aa515a7e148a252a5f0666f16e40899e2ad511d0
 SHA512:
-  metadata.gz: 0a3b7c2e86f9ea2c3a6c4c28da88676f904e78c5cce82fb152897aade9acda32ca9ea485d26dfa7ebb6ef1356c14df9d85407971d05a0a0f69e1ec43824227a1
-  data.tar.gz: d3c6dcd24fe5ed0b54537b503e6994e6ed6701d5bab53f90220cce4b300e14a619db19cab4befec08560b72c941898a082a1b3c9738ed29e3fb8feae714edeb2
+  metadata.gz: 56dea910383ac11f0b87a29f304e0f5042336c142c1d8ca60a2cdaf15bf172102000e28e8f382fd99781afebd061a0693e3f5ff8ea9fba981cdc4de128abdc20
+  data.tar.gz: 04bb28178707141c66ac94158fdb3cd632ccb22a1a9c4b4f5f7d9438989ee3c6fba2124abc89ffbf135d34e249b5921cd5d4b924e50768f07363b219567867bb

data/CHANGELOG.md

@@ -1,5 +1,26 @@
 # New Relic Ruby Security Agent Release Notes
 
+## v0.2.0
+
+Version 0.2.0 introuduces Error reporting as part of security. Any unhandled or 5xx errors in application runtime will now be visible in IAST capability UI. Updated json_version: **1.2.4**
+
+- Feature: Unhandled and 5xx error reproting [PR#134](https://github.com/newrelic/csec-ruby-agent/pull/134)
+
+- Bugfix: Fix for API route not present in rails7 [PR#127](https://github.com/newrelic/csec-ruby-agent/pull/127)
+
+- Bugfix: Fix for Sqlite3 parameters sent in wrong fromat [PR#130](https://github.com/newrelic/csec-ruby-agent/pull/130)
+
+- Bugfix: Fix for multiple events have same id [PR#135](https://github.com/newrelic/csec-ruby-agent/pull/135)
+
+- Bugfix: Fix for NR_CSEC_VALIDATOR_HOME_TMP placeholder value not replaced during File Access fuzzing [PR#138](https://github.com/newrelic/csec-ruby-agent/pull/138)
+
+- Bugfix: Fix for appServerInfo fields are not present in File Operation events [PR#139](https://github.com/newrelic/csec-ruby-agent/pull/139)
+
+- Sending security agent critical errors to APM error inbox [PR#137](https://github.com/newrelic/csec-ruby-agent/pull/137)
+
+- Added key identifiers in entityGuid and acccountId in all json reporting [PR#101](https://github.com/newrelic/csec-ruby-agent/pull/101)
+
+
 ## v0.1.0
 
 Version 0.1.0 introduces `newrelic_security` agent for public preview under Newrelic pre-release software notice.

data/lib/newrelic_security/agent/agent.rb

@@ -17,13 +17,15 @@ require 'newrelic_security/agent/control/critical_message'
 require 'newrelic_security/agent/control/event_counter'
 require 'newrelic_security/agent/control/event_stats'
 require 'newrelic_security/agent/control/exit_event'
+require 'newrelic_security/agent/control/application_runtime_error'
+require 'newrelic_security/agent/control/error_reporting'
 require 'newrelic_security/instrumentation-security/instrumentation_loader'
 
 module NewRelic::Security
   module Agent
     class Agent
 
-      attr_accessor :websocket_client, :event_processor, :iast_client, :http_request_count, :event_processed_count, :event_sent_count, :event_drop_count, :route_map, :iast_event_stats, :rasp_event_stats, :exit_event_stats
+      attr_accessor :websocket_client, :event_processor, :iast_client, :http_request_count, :event_processed_count, :event_sent_count, :event_drop_count, :route_map, :iast_event_stats, :rasp_event_stats, :exit_event_stats, :error_reporting
 
       def initialize
         NewRelic::Security::Agent.config
@@ -41,6 +43,7 @@ module NewRelic::Security
         @iast_event_stats = NewRelic::Security::Agent::Control::EventStats.new
         @rasp_event_stats = NewRelic::Security::Agent::Control::EventStats.new
         @exit_event_stats = NewRelic::Security::Agent::Control::EventStats.new
+        @error_reporting = NewRelic::Security::Agent::Control::ErrorReporting.new
       end
 
       def init
@@ -93,7 +96,8 @@ module NewRelic::Security
       def find_or_create_file_path(path)
         ::FileUtils.mkdir_p(path) unless ::File.directory?(path)
         ::File.directory?(path)
-      rescue
+      rescue => e
+        ::NewRelic::Agent.notice_error(e)
         return false
       end
 

data/lib/newrelic_security/agent/configuration/manager.rb

@@ -39,7 +39,7 @@ module NewRelic::Security
           @cache[:listen_port] = nil
           @cache[:app_root] = NewRelic::Security::Agent::Utils.app_root
           @cache[:jruby_objectspace_enabled] = false
-          @cache[:json_version] = :'1.2.0'
+          @cache[:json_version] = :'1.2.4'
 
           @environment_source = NewRelic::Security::Agent::Configuration::EnvironmentSource.new
           @server_source = NewRelic::Security::Agent::Configuration::ServerSource.new
@@ -47,8 +47,7 @@ module NewRelic::Security
           @yaml_source = NewRelic::Security::Agent::Configuration::YamlSource.new
           @default_source = NewRelic::Security::Agent::Configuration::DefaultSource.new
         rescue Exception => exception
-          # TODO: remove this puts once agent stablizes
-          puts "Exception in Configuration::Manager.initialize : #{exception.inspect} #{exception.backtrace}"
+          ::NewRelic::Agent.notice_error(exception)
         end
   
         def [](key)

data/lib/newrelic_security/agent/control/app_info.rb

@@ -26,6 +26,8 @@ module NewRelic::Security
           @jsonVersion = NewRelic::Security::Agent.config[:json_version]
           @startTime = current_time_millis
           @applicationUUID = NewRelic::Security::Agent.config[:uuid]
+          @appAccountId = NewRelic::Security::Agent.config[:account_id]
+          @appEntityGuid = NewRelic::Security::Agent.config[:entity_guid]
           @framework = NewRelic::Security::Agent.config[:framework]
           @groupName = NewRelic::Security::Agent.config[:mode]
           @userProvidedApplicationInfo = Hash.new

data/lib/newrelic_security/agent/control/application_runtime_error.rb

@@ -0,0 +1,95 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'digest'
+
+module NewRelic::Security
+  module Agent
+    module Control
+      class ApplicationRuntimeError
+        attr_reader :jsonName, :exception
+        attr_accessor :counter
+
+        def initialize(exception, ctxt, response_code, category)
+          @collectorType = RUBY
+          @language = Ruby
+          @jsonName = :'application-runtime-error'
+          @eventType = :'application-runtime-error'
+          @collectorVersion = NewRelic::Security::VERSION
+          @buildNumber = nil
+          @jsonVersion = NewRelic::Security::Agent.config[:json_version]
+          @timestamp = current_time_millis
+          @applicationUUID = NewRelic::Security::Agent.config[:uuid]
+          @appAccountId = NewRelic::Security::Agent.config[:account_id]
+          @appEntityGuid = NewRelic::Security::Agent.config[:entity_guid]
+          @framework = NewRelic::Security::Agent.config[:framework]
+          @groupName = NewRelic::Security::Agent.config[:mode]
+          @policyVersion = nil
+          @linkingMetadata = add_linking_metadata
+          @httpRequest = get_http_request_data(ctxt)
+          @exception = exception
+          @counter = 1
+          @responseCode = response_code
+          @category = category
+          @traceId = generate_trace_id(ctxt, category)
+        end
+
+        def as_json
+          instance_variables.map! do |ivar|
+            [ivar[1..-1].to_sym, instance_variable_get(ivar)]
+          end.to_h
+        end
+
+        def to_json(*_args)
+          as_json.to_json
+        end
+
+        private 
+
+        def current_time_millis
+          (Time.now.to_f * 1000).to_i
+        end
+
+        def add_linking_metadata
+          linking_metadata = {}
+          linking_metadata[:agentRunId] = NewRelic::Security::Agent.config[:agent_run_id]
+          linking_metadata.merge!(NewRelic::Security::Agent.config[:linking_metadata])
+          # TODO: add other fields as well in linking metadata, for event and heathcheck as well
+        end
+
+        def get_http_request_data(ctxt)
+          return if ctxt.nil?
+          http_request = {}
+          http_request[:parameterMap] = {}
+          http_request[:body] = ctxt.body
+          http_request[:generationTime] = ctxt.time_stamp
+          http_request[:dataTruncated] = false
+          http_request[:method] = ctxt.method
+          http_request[:route] = ctxt.route.split(AT_THE_RATE)[1] if ctxt.route
+          http_request[:url] = URI(ctxt.req[REQUEST_URI]).respond_to?(:request_uri) ? URI(ctxt.req[REQUEST_URI]).request_uri : ctxt.req[REQUEST_URI]
+          http_request[:requestURI] = "#{ctxt.req[RACK_URL_SCHEME]}://#{ctxt.req[HTTP_HOST]}#{ctxt.req[PATH_INFO]}"
+          http_request[:clientIP] = ctxt.headers.key?(X_FORWARDED_FOR) ? ctxt.headers[X_FORWARDED_FOR].split(COMMA)[0].to_s : ctxt.req[REMOTE_ADDR].to_s
+          http_request[:serverPort] = ctxt.req[SERVER_PORT].to_i
+          http_request[:protocol] = ctxt.req[RACK_URL_SCHEME]
+          http_request[:contextPath] = ROOT_PATH
+          http_request[:headers] = ctxt.headers
+          http_request[:contentType] = ctxt.req[CONTENT_TYPE] if ctxt.req.key?(CONTENT_TYPE)
+          http_request[:headers][CONTENT_TYPE1] = ctxt.req[CONTENT_TYPE] if ctxt.req.key?(CONTENT_TYPE)
+          http_request[:dataTruncated] = ctxt.data_truncated
+          http_request
+        end
+
+        def generate_trace_id(ctxt, category)
+          @exception[:stackTrace]
+          method, route = ctxt.route.split(AT_THE_RATE) if ctxt.route
+          if @exception[:stackTrace]
+            ::Digest::SHA256.hexdigest("#{@exception[:stackTrace].join(PIPE)}#{category}#{route}#{method}").to_s
+          else
+            ::Digest::SHA256.hexdigest("#{category}#{route}#{method}").to_s
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/newrelic_security/agent/control/application_url_mappings.rb

@@ -21,6 +21,8 @@ module NewRelic::Security
           @jsonVersion = NewRelic::Security::Agent.config[:json_version]
           @timestamp = current_time_millis
           @applicationUUID = NewRelic::Security::Agent.config[:uuid]
+          @appAccountId = NewRelic::Security::Agent.config[:account_id]
+          @appEntityGuid = NewRelic::Security::Agent.config[:entity_guid]
           @framework = NewRelic::Security::Agent.config[:framework]
           @groupName = NewRelic::Security::Agent.config[:mode]
           @policyVersion = nil

data/lib/newrelic_security/agent/control/control_command.rb

@@ -32,7 +32,7 @@ module NewRelic::Security
               fuzz_request = NewRelic::Security::Agent::Control::FuzzRequest.new(message_object[:id])
               fuzz_request.request = prepare_fuzz_request(message_object)
               fuzz_request.case_type = message_object[:arguments][1]
-              fuzz_request.reflected_metadata =  message_object[:reflectedMetaData]
+              fuzz_request.reflected_metadata = message_object[:reflectedMetaData]
               NewRelic::Security::Agent.agent.iast_client.pending_request_ids << message_object[:id]
               NewRelic::Security::Agent.agent.iast_client.enqueue(fuzz_request)
               fuzz_request = nil
@@ -104,6 +104,7 @@ module NewRelic::Security
 
         def prepare_fuzz_request(message_object)
           message_object[:arguments][0].gsub!(NR_CSEC_VALIDATOR_HOME_TMP, NewRelic::Security::Agent.config[:fuzz_dir_path])
+          message_object[:arguments][0].gsub!(NR_CSEC_VALIDATOR_HOME_TMP_URL_ENCODED, NewRelic::Security::Agent.config[:fuzz_dir_path])
           message_object[:arguments][0].gsub!(NR_CSEC_VALIDATOR_FILE_SEPARATOR, ::File::SEPARATOR)
           prepared_fuzz_request = ::JSON.parse(message_object[:arguments][0])
           prepared_fuzz_request[HEADERS][NR_CSEC_PARENT_ID] = message_object[:id]

data/lib/newrelic_security/agent/control/critical_message.rb

@@ -21,6 +21,8 @@ module NewRelic::Security
           @buildNumber = nil
           @jsonVersion = NewRelic::Security::Agent.config[:json_version]
           @applicationUUID = NewRelic::Security::Agent.config[:uuid]
+          @appAccountId = NewRelic::Security::Agent.config[:account_id]
+          @appEntityGuid = NewRelic::Security::Agent.config[:entity_guid]
           @linkingMetadata = add_linking_metadata
           @timestamp = current_time_millis
           @message = message

data/lib/newrelic_security/agent/control/error_reporting.rb

@@ -0,0 +1,74 @@
+module NewRelic::Security
+  module Agent
+    module Control
+      class ErrorReporting
+
+        STATUS_CODES_5XX = {
+          500 => "Internal Server Error",
+          501 => "Not Implemented",
+          502 => "Bad Gateway",
+          503 => "Service Unavailable",
+          504 => "Gateway Timeout",
+          505 => "HTTP Version Not Supported",
+          506 => "Variant Also Negotiates",
+          507 => "Insufficient Storage",
+          508 => "Loop Detected",
+          509 => "Bandwidth Limit Exceeded",
+          510 => "Not Extended",
+          511 => "Network Authentication Required"
+        }.freeze
+
+        attr_accessor :exceptions_map
+        
+        def initialize
+          @exceptions_map = {}
+        end
+
+        def generate_unhandled_exception(noticed_error, ctxt, response_code)
+          unhandled_exception = {}
+          category = nil
+          if noticed_error
+            unhandled_exception[:message] = noticed_error.message
+            unhandled_exception[:cause] = nil
+            unhandled_exception[:type] = noticed_error.exception_class_name
+            unhandled_exception[:stackTrace] = noticed_error.stack_trace
+            category = noticed_error.exception_class_name
+          end
+          category = STATUS_CODES_5XX[response_code] if response_code
+          application_runtime_error = NewRelic::Security::Agent::Control::ApplicationRuntimeError.new(unhandled_exception, ctxt, response_code, category)
+          key = if response_code
+            # TODO: when do refactoring of ctxt.route, use both route and method to generate key
+            ctxt.route&.+ response_code.to_s
+                else
+            application_runtime_error.exception[:type] + application_runtime_error.exception[:stackTrace][0]
+                end
+          application_runtime_error.counter = @exceptions_map[key].counter + 1 if @exceptions_map.key?(key)
+          @exceptions_map[key] = application_runtime_error
+        rescue Exception => exception
+          NewRelic::Security::Agent.logger.error "Exception in generating unhandled exception: #{exception.inspect} #{exception.backtrace}\n"
+        end
+
+        def extract_noticed_error(current_transaction, ctxt, response_code)
+          # TODO: Below operation is expensive, talk to APM to get optimized way to do this
+          current_transaction.exceptions.each do |_, span|
+            current_transaction.segments.each do |segment|
+              generate_unhandled_exception(segment.noticed_error, ctxt, response_code) if span[:span_id] == segment.guid
+            end
+          end
+        rescue Exception => exception
+          NewRelic::Security::Agent.logger.error "Exception in extract_noticed_error: #{exception.inspect} #{exception.backtrace}\n"
+        end
+
+        def report_unhandled_or_5xx_exceptions(current_transaction, ctxt, response_code = nil)
+          http_response_code = response_code || current_transaction&.http_response_code
+          if current_transaction.exceptions.empty? && http_response_code&.between?(500, 599)
+            generate_unhandled_exception(nil, ctxt, response_code)
+          else
+            extract_noticed_error(current_transaction, ctxt, response_code) unless current_transaction.exceptions.empty?
+          end
+        end
+
+      end 
+    end
+  end
+end

data/lib/newrelic_security/agent/control/event.rb

@@ -26,9 +26,11 @@ module NewRelic::Security
           @buildNumber = nil
           @jsonVersion = NewRelic::Security::Agent.config[:json_version]
           @applicationUUID = NewRelic::Security::Agent.config[:uuid]
+          @appAccountId = NewRelic::Security::Agent.config[:account_id]
+          @appEntityGuid = NewRelic::Security::Agent.config[:entity_guid]
           @httpRequest = Hash.new
           @httpResponse = Hash.new
-          @metaData = { :reflectedMetaData => { :listen_port => NewRelic::Security::Agent.config[:listen_port].to_s } }
+          @metaData = { :reflectedMetaData => { :listen_port => NewRelic::Security::Agent.config[:listen_port].to_s }, :appServerInfo => { :applicationDirectory => NewRelic::Security::Agent.config[:app_root], :serverBaseDirectory => NewRelic::Security::Agent.config[:app_root] } }
           @linkingMetadata = add_linking_metadata
           @pid = pid
           @parameters = args
@@ -113,7 +115,7 @@ module NewRelic::Security
           http_request[:contentType] = "TODO: "
           http_request[:isGrpc] = ctxt.is_grpc
           @httpRequest = http_request
-          @metaData = ctxt.metadata
+          @metaData.merge!(ctxt.metadata)
         end
 
         private
@@ -128,13 +130,20 @@ module NewRelic::Security
         end
 
         def event_id
-          "#{Process.pid}:#{::Thread.current.object_id}:#{thread_monotonic_ctr}"
+          "#{Process.pid}:#{current_transaction&.guid}:#{thread_monotonic_ctr}"
+        end
+
+        def current_transaction
+          ::NewRelic::Agent::Tracer.current_transaction if defined?(::NewRelic::Agent::Tracer)
         end
 
         def thread_monotonic_ctr
           ctxt = NewRelic::Security::Agent::Control::HTTPContext.get_context if NewRelic::Security::Agent::Control::HTTPContext.get_context
           ctxt = NewRelic::Security::Agent::Control::GRPCContext.get_context if NewRelic::Security::Agent::Control::GRPCContext.get_context
-          ctxt.event_counter = ctxt.event_counter + 1 if ctxt
+          return unless ctxt
+          ctxt.mutex.synchronize do
+            ctxt.event_counter = ctxt.event_counter + 1
+          end
         end
 
         def add_linking_metadata

data/lib/newrelic_security/agent/control/event_processor.rb

@@ -5,6 +5,7 @@ module NewRelic::Security
     module Control
       EVENT_QUEUE_SIZE = 10_000
       HEALTH_INTERVAL = 300
+      ERROR_REPORTING_INTERVAL = 30
 
       class EventProcessor
 
@@ -15,6 +16,7 @@ module NewRelic::Security
           @eventQ = ::SizedQueue.new(EVENT_QUEUE_SIZE)
           create_dequeue_threads
           create_keep_alive_thread
+          create_error_reporting_thread
           NewRelic::Security::Agent.init_logger.info "[STEP-5] => Security agent components started"
         end
 
@@ -128,6 +130,25 @@ module NewRelic::Security
           NewRelic::Security::Agent.logger.error "Exception in health check thread, #{exception.inspect}"
         end
 
+        def create_error_reporting_thread
+          @error_reporting_thread = Thread.new {
+            Thread.current.name = "newrelic_security_error_reporting_thread"
+            while true do
+              sleep ERROR_REPORTING_INTERVAL
+              send_error_reporting_event if NewRelic::Security::Agent::Control::WebsocketClient.instance.is_open?
+            end
+          }
+        rescue Exception => exception
+          NewRelic::Security::Agent.logger.error "Exception in error_reporting thread, #{exception.inspect}"
+        end
+
+        def send_error_reporting_event
+          NewRelic::Security::Agent.agent.error_reporting&.exceptions_map&.each_value do |exception|
+            NewRelic::Security::Agent::Control::WebsocketClient.instance.send(exception)
+          end
+          NewRelic::Security::Agent.agent.error_reporting&.exceptions_map&.clear
+        end
+
       end
     end
   end

data/lib/newrelic_security/agent/control/exit_event.rb

@@ -14,6 +14,8 @@ module NewRelic::Security
           @collectorVersion =  NewRelic::Security::VERSION
           @buildNumber = nil
           @applicationUUID = NewRelic::Security::Agent.config[:uuid]
+          @appAccountId = NewRelic::Security::Agent.config[:account_id]
+          @appEntityGuid = NewRelic::Security::Agent.config[:entity_guid]
           @groupName = NewRelic::Security::Agent.config[:mode]
           @jsonVersion = NewRelic::Security::Agent.config[:json_version]
           @policyVersion = nil

data/lib/newrelic_security/agent/control/grpc_context.rb

@@ -8,7 +8,7 @@ module NewRelic::Security
       
       class GRPCContext
         
-        attr_accessor :time_stamp, :method, :headers, :body, :route, :cache, :fuzz_files, :url, :server_name, :server_port, :client_ip, :client_port, :is_grpc, :metadata, :event_counter
+        attr_accessor :time_stamp, :method, :headers, :body, :route, :cache, :fuzz_files, :url, :server_name, :server_port, :client_ip, :client_port, :is_grpc, :metadata, :event_counter, :mutex
 
         def initialize(grpc_request)
           @time_stamp = current_time_millis
@@ -32,6 +32,7 @@ module NewRelic::Security
           @cache = {}
           @fuzz_files = ::Set.new
           @event_counter = 0
+          @mutex = Mutex.new
           NewRelic::Security::Agent.agent.http_request_count.increment
         end
 

data/lib/newrelic_security/agent/control/health_check.rb

@@ -18,6 +18,8 @@ module NewRelic::Security
           @framework = NewRelic::Security::Agent.config[:framework]
           @protectedServer = nil
           @applicationUUID = NewRelic::Security::Agent.config[:uuid]
+          @appAccountId = NewRelic::Security::Agent.config[:account_id]
+          @appEntityGuid = NewRelic::Security::Agent.config[:entity_guid]
           @collectorVersion = NewRelic::Security::VERSION
           @buildNumber = nil
           @jsonVersion = NewRelic::Security::Agent.config[:json_version]

data/lib/newrelic_security/agent/control/http_context.rb

@@ -10,13 +10,14 @@ module NewRelic::Security
       UNDERSCORE = '_'
       HYPHEN = '-'
       REQUEST_METHOD = 'REQUEST_METHOD'
+      HTTP_HOST = 'HTTP_HOST'
       PATH_INFO = 'PATH_INFO'
       RACK_INPUT = 'rack.input'
-      CGI_VARIABLES = ::Set.new(%W[ AUTH_TYPE CONTENT_LENGTH CONTENT_TYPE GATEWAY_INTERFACE HTTPS PATH_INFO PATH_TRANSLATED REQUEST_URI QUERY_STRING REMOTE_ADDR REMOTE_HOST REMOTE_IDENT REMOTE_USER REQUEST_METHOD SCRIPT_NAME SERVER_NAME SERVER_PORT SERVER_PROTOCOL SERVER_SOFTWARE rack.url_scheme ])
+      CGI_VARIABLES = ::Set.new(%W[ AUTH_TYPE CONTENT_LENGTH CONTENT_TYPE GATEWAY_INTERFACE HTTPS HTTP_HOST PATH_INFO PATH_TRANSLATED REQUEST_URI QUERY_STRING REMOTE_ADDR REMOTE_HOST REMOTE_IDENT REMOTE_USER REQUEST_METHOD SCRIPT_NAME SERVER_NAME SERVER_PORT SERVER_PROTOCOL SERVER_SOFTWARE rack.url_scheme ])
 
       class HTTPContext
         
-        attr_accessor :time_stamp, :req, :method, :headers, :params, :body, :data_truncated, :route, :cache, :fuzz_files, :event_counter
+        attr_accessor :time_stamp, :req, :method, :headers, :params, :body, :data_truncated, :route, :cache, :fuzz_files, :event_counter, :mutex
 
         def initialize(env)
           @time_stamp = current_time_millis
@@ -47,6 +48,7 @@ module NewRelic::Security
           @cache = Hash.new
           @fuzz_files = ::Set.new
           @event_counter = 0
+          @mutex = Mutex.new
           NewRelic::Security::Agent.agent.http_request_count.increment
           NewRelic::Security::Agent.agent.iast_client.completed_requests[@headers[NR_CSEC_PARENT_ID]] = [] if @headers.key?(NR_CSEC_PARENT_ID)
         end
@@ -66,6 +68,10 @@ module NewRelic::Security
         def self.reset_context
           ::NewRelic::Agent::Tracer.current_transaction.remove_instance_variable(:@security_context_data) if ::NewRelic::Agent::Tracer.current_transaction.instance_variable_defined?(:@security_context_data)
         end
+
+        def self.get_current_transaction
+          ::NewRelic::Agent::Tracer.current_transaction
+        end
       end
 
     end

data/lib/newrelic_security/agent/control/iast_data_transfer_request.rb

@@ -11,6 +11,8 @@ module NewRelic::Security
         def initialize
           @jsonName = :'iast-data-request'
           @applicationUUID = NewRelic::Security::Agent.config[:uuid]
+          @appAccountId = NewRelic::Security::Agent.config[:account_id]
+          @appEntityGuid = NewRelic::Security::Agent.config[:entity_guid]
           @batchSize = 10
           @pendingRequestIds = []
           @completedRequests = Hash.new

data/lib/newrelic_security/agent/control/websocket_client.rb

@@ -76,21 +76,26 @@ module NewRelic::Security
 
             connection.on :error do |e|
               NewRelic::Security::Agent.logger.error "Error in websocket connection : #{e.inspect} #{e.backtrace}"
+              ::NewRelic::Agent.notice_error(e)
               Thread.new { NewRelic::Security::Agent::Control::WebsocketClient.instance.close(true) }
             end
           rescue Errno::EPIPE => exception
             NewRelic::Security::Agent.logger.error "Unable to connect to validator_service: #{exception.inspect}"
+            ::NewRelic::Agent.notice_error(exception)
             NewRelic::Security::Agent.config.disable_security
           rescue Errno::ECONNRESET => exception
             NewRelic::Security::Agent.logger.error "Unable to connect to validator_service: #{exception.inspect}"
+            ::NewRelic::Agent.notice_error(exception)
             NewRelic::Security::Agent.config.disable_security
             Thread.new { NewRelic::Security::Agent.agent.reconnect(15) }
           rescue Errno::ECONNREFUSED => exception
             NewRelic::Security::Agent.logger.error "Unable to connect to validator_service: #{exception.inspect}"
+            ::NewRelic::Agent.notice_error(exception)
             NewRelic::Security::Agent.config.disable_security
             Thread.new { NewRelic::Security::Agent.agent.reconnect(15) }
           rescue => exception
             NewRelic::Security::Agent.logger.error "Exception in websocket init: #{exception.inspect} #{exception.backtrace}"
+            ::NewRelic::Agent.notice_error(exception)
             NewRelic::Security::Agent.config.disable_security
             Thread.new { NewRelic::Security::Agent.agent.reconnect(15) }
           end

data/lib/newrelic_security/agent/utils/agent_utils.rb

@@ -36,10 +36,11 @@ module NewRelic::Security
               decrypted_data.split(COMMA).each do |filename|
                 begin
                   filename.gsub!(NR_CSEC_VALIDATOR_HOME_TMP, NewRelic::Security::Agent.config[:fuzz_dir_path])
+                  filename.gsub!(NR_CSEC_VALIDATOR_HOME_TMP_URL_ENCODED, NewRelic::Security::Agent.config[:fuzz_dir_path])
                   filename.gsub!(NR_CSEC_VALIDATOR_FILE_SEPARATOR, ::File::SEPARATOR)
                   dirname = ::File.dirname(filename)
                   ::FileUtils.mkdir_p(dirname, :mode => 0770) unless ::File.directory?(dirname)
-                  ctxt&.fuzz_files << filename
+                  ctxt&.fuzz_files&.<< filename
                   ::File.open(filename, ::File::WRONLY | ::File::CREAT | ::File::EXCL) do |fd|
                       # puts "Ownership acquired by : #{Process.pid}"
                   end unless ::File.exist?(filename)
@@ -115,7 +116,7 @@ module NewRelic::Security
         elsif framework == :grape
           ObjectSpace.each_object(::Grape::Endpoint) { |z|
             z.instance_variable_get(:@routes)&.each { |route|
-              http_method = route.instance_variable_get(:@request_method) ? route.instance_variable_get(:@request_method) : route.instance_variable_get(:@options)[:method]
+              http_method = route.instance_variable_get(:@request_method) || route.instance_variable_get(:@options)[:method]
               NewRelic::Security::Agent.agent.route_map << "#{http_method}@#{route.pattern.origin}"
             }
           }

data/lib/newrelic_security/constants.rb

@@ -7,6 +7,7 @@ module NewRelic::Security
   LANGUAGE_COLLECTOR = 'LANGUAGE_COLLECTOR'
   STANDARD_OUT = 'STDOUT'
   NR_CSEC_VALIDATOR_HOME_TMP = '{{NR_CSEC_VALIDATOR_HOME_TMP}}'
+  NR_CSEC_VALIDATOR_HOME_TMP_URL_ENCODED = '%7B%7BNR_CSEC_VALIDATOR_HOME_TMP%7D%7D'
   NR_CSEC_VALIDATOR_FILE_SEPARATOR = '{{NR_CSEC_VALIDATOR_FILE_SEPARATOR}}'
   SEC_HOME_PATH = 'nr-security-home'
   LOGS_DIR = 'logs'

data/lib/newrelic_security/instrumentation-security/grape/chain.rb

@@ -12,10 +12,15 @@ module NewRelic::Security
                 
                 def call(env)
                   retval = nil
-                  event = call_on_enter(env) { retval = call_without_security(env) }
+                  event = call_on_enter(env) do
+                    begin
+                      retval = call_without_security(env)
+                    ensure
+                      NewRelic::Security::Agent.agent.error_reporting&.report_unhandled_or_5xx_exceptions(NewRelic::Security::Agent::Control::HTTPContext.get_current_transaction, NewRelic::Security::Agent::Control::HTTPContext.get_context, nil)
+                    end
+                  end
                   call_on_exit(event, retval) { return retval }
                 end
-
               end
             end
           end

data/lib/newrelic_security/instrumentation-security/grape/instrumentation.rb

@@ -24,6 +24,7 @@ module NewRelic::Security
         # NewRelic::Security::Agent.logger.debug "\n\nHTTP Context : #{::NewRelic::Agent::Tracer.current_transaction.instance_variable_get(:@security_context_data).inspect}\n\n"
         NewRelic::Security::Agent::Control::ReflectedXSS.check_xss(NewRelic::Security::Agent::Control::HTTPContext.get_context, retval) if NewRelic::Security::Agent.config[:'security.detection.rxss.enabled']
         NewRelic::Security::Agent::Utils.delete_created_files(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+        NewRelic::Security::Agent.agent.error_reporting&.report_unhandled_or_5xx_exceptions(NewRelic::Security::Agent::Control::HTTPContext.get_current_transaction, NewRelic::Security::Agent::Control::HTTPContext.get_context, retval[0])
         NewRelic::Security::Agent::Control::HTTPContext.reset_context
         NewRelic::Security::Agent.logger.debug "Exit event : #{event}"
       rescue => exception
@@ -40,7 +41,7 @@ module NewRelic::Security
         def prepare_env_from_route_on_enter(route)
           NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
           ctxt = NewRelic::Security::Agent::Control::HTTPContext.get_context
-          http_method = route.instance_variable_get(:@request_method) ? route.instance_variable_get(:@request_method) : route.instance_variable_get(:@options)[:method]
+          http_method = route.instance_variable_get(:@request_method) || route.instance_variable_get(:@options)[:method]
           ctxt.route = "#{http_method}@#{route.options[:namespace]}" unless ctxt.nil?
         rescue => exception
           NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"

data/lib/newrelic_security/instrumentation-security/grape/prepend.rb

@@ -8,7 +8,13 @@ module NewRelic::Security
                         
             def call(env)
               retval = nil
-              event = call_on_enter(env) { retval = super(env) }
+              event = call_on_enter(env) do
+                begin
+                  retval = super(env)
+                ensure
+                  NewRelic::Security::Agent.agent.error_reporting&.report_unhandled_or_5xx_exceptions(NewRelic::Security::Agent::Control::HTTPContext.get_current_transaction, NewRelic::Security::Agent::Control::HTTPContext.get_context, nil)
+                end
+              end
               call_on_exit(event, retval) { return retval }
             end
 

data/lib/newrelic_security/instrumentation-security/padrino/chain.rb

@@ -21,6 +21,23 @@ module NewRelic::Security
           end
         end
       end
+
+      module Router
+        module Chain
+          def self.instrument!
+            ::Padrino::Router.class_eval do
+              include NewRelic::Security::Instrumentation::Padrino::Router
+
+              alias_method :call_without_security, :call
+
+              def call(env, &block)
+                retval = call_without_security(env, &block)
+                call_on_exit(retval) { return retval }
+              end
+            end
+          end
+        end
+      end
     end
   end
 end

data/lib/newrelic_security/instrumentation-security/padrino/instrumentation.rb

@@ -13,7 +13,7 @@ module NewRelic::Security
         extracted_env = env.instance_variable_get(:@env)
         NewRelic::Security::Agent::Control::HTTPContext.set_context(extracted_env)
         ctxt = NewRelic::Security::Agent::Control::HTTPContext.get_context
-        ctxt.route = "#{extracted_env[REQUEST_METHOD].to_s}@#{extracted_env[PATH_INFO].to_s}" if ctxt
+        ctxt.route = "#{extracted_env[REQUEST_METHOD]}@#{extracted_env[PATH_INFO]}" if ctxt
         NewRelic::Security::Agent::Utils.parse_fuzz_header(NewRelic::Security::Agent::Control::HTTPContext.get_context)
       rescue => exception
         NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
@@ -27,6 +27,7 @@ module NewRelic::Security
         # NewRelic::Security::Agent.logger.debug "\n\nHTTP Context : #{::NewRelic::Agent::Tracer.current_transaction.instance_variable_get(:@security_context_data).inspect}\n\n"
         NewRelic::Security::Agent::Control::ReflectedXSS.check_xss(NewRelic::Security::Agent::Control::HTTPContext.get_context, retval) if NewRelic::Security::Agent.config[:'security.detection.rxss.enabled']
         NewRelic::Security::Agent::Utils.delete_created_files(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+        NewRelic::Security::Agent.agent.error_reporting&.report_unhandled_or_5xx_exceptions(NewRelic::Security::Agent::Control::HTTPContext.get_current_transaction, NewRelic::Security::Agent::Control::HTTPContext.get_context, retval[0])
         NewRelic::Security::Agent::Control::HTTPContext.reset_context
         NewRelic::Security::Agent.logger.debug "Exit event : #{event}"
       rescue => exception
@@ -34,9 +35,20 @@ module NewRelic::Security
       ensure
         yield
       end
-            
+    end
+
+    module Padrino::Router
+      def call_on_exit(retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+        NewRelic::Security::Agent.agent.error_reporting&.report_unhandled_or_5xx_exceptions(NewRelic::Security::Agent::Control::HTTPContext.get_current_transaction, NewRelic::Security::Agent::Control::HTTPContext.get_context, retval[0])
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
     end
   end
 end
 
 NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:padrino, ::Padrino::PathRouter::Router, ::NewRelic::Security::Instrumentation::Padrino::PathRouter::Router)
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:padrino, ::Padrino::Router, ::NewRelic::Security::Instrumentation::Padrino::Router)

data/lib/newrelic_security/instrumentation-security/padrino/prepend.rb

@@ -15,6 +15,18 @@ module NewRelic::Security
           end
         end
       end
+
+      module Router
+        module Prepend
+          include NewRelic::Security::Instrumentation::Padrino::Router
+
+          def call(env, &block)
+            retval = super
+            call_on_exit(retval) { return retval }
+          end
+
+        end
+      end
     end
   end
 end

data/lib/newrelic_security/instrumentation-security/rails/chain.rb

@@ -29,12 +29,36 @@ module NewRelic::Security
                 include NewRelic::Security::Instrumentation::ActionDispatch::Journey::Router
 
                 alias_method :find_routes_without_security, :find_routes
-  
+
                 def find_routes(req)
                   retval = nil
                   event = find_routes_on_enter(req) { retval = find_routes_without_security(req) }
                   find_routes_on_exit(event, retval) { return retval }
-                end  
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+
+    module ActionDispatch
+      module Routing
+        module RouteSet
+          module Dispatcher
+            module Chain
+              def self.instrument!
+                ::ActionDispatch::Routing::RouteSet::Dispatcher.class_eval do
+                  include NewRelic::Security::Instrumentation::ActionDispatch::Routing::RouteSet::Dispatcher
+
+                  alias_method :serve_without_security, :serve
+
+                  def serve(req)
+                    retval = nil
+                    event = serve_on_enter(req) { retval = serve_without_security(req) }
+                    serve_on_exit(event, retval) { return retval }
+                  end
+                end
               end
             end
           end

data/lib/newrelic_security/instrumentation-security/rails/instrumentation.rb

@@ -24,6 +24,7 @@ module NewRelic::Security
         # NewRelic::Security::Agent.logger.debug "\n\nHTTP Context : #{::NewRelic::Agent::Tracer.current_transaction.instance_variable_get(:@security_context_data).inspect}\n\n"
         NewRelic::Security::Agent::Control::ReflectedXSS.check_xss(NewRelic::Security::Agent::Control::HTTPContext.get_context, retval) if NewRelic::Security::Agent.config[:'security.detection.rxss.enabled']
         NewRelic::Security::Agent::Utils.delete_created_files(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+        NewRelic::Security::Agent.agent.error_reporting&.report_unhandled_or_5xx_exceptions(NewRelic::Security::Agent::Control::HTTPContext.get_current_transaction, NewRelic::Security::Agent::Control::HTTPContext.get_context, retval[0])
         NewRelic::Security::Agent::Control::HTTPContext.reset_context
         NewRelic::Security::Agent.logger.debug "Exit event : #{event}"
       rescue => exception
@@ -31,11 +32,11 @@ module NewRelic::Security
       ensure
         yield
       end
-      
+
     end
 
     module ActionDispatch::Journey::Router
-      
+
       def find_routes_on_enter(req)
         event = nil
         NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
@@ -45,7 +46,7 @@ module NewRelic::Security
         yield
         return event
       end
-      
+
       def find_routes_on_exit(event, retval)
         NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
 
@@ -60,8 +61,32 @@ module NewRelic::Security
         yield
       end
     end
+
+    module ActionDispatch::Routing::RouteSet::Dispatcher
+
+      def serve_on_enter(req)
+        event = nil
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        ctxt = NewRelic::Security::Agent::Control::HTTPContext.get_context
+        ctxt.route = "#{ctxt.method}@#{req.route_uri_pattern.to_s.gsub(/\(\.:format\)/, EMPTY_STRING)}" if ctxt && req.respond_to?(:route_uri_pattern)
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+        return event
+      end
+
+      def serve_on_exit(event, retval)
+        NewRelic::Security::Agent.logger.debug "OnExit :  #{self.class}.#{__method__}"
+      rescue => exception
+        NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
+      ensure
+        yield
+      end
+    end
   end
 end
 
 NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:rails, ::Rails::Engine, ::NewRelic::Security::Instrumentation::Rails::Engine)
 NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:rails, ::ActionDispatch::Journey::Router, ::NewRelic::Security::Instrumentation::ActionDispatch::Journey::Router)
+NewRelic::Security::Instrumentation::InstrumentationLoader.install_instrumentation(:rails, ::ActionDispatch::Routing::RouteSet::Dispatcher, ::NewRelic::Security::Instrumentation::ActionDispatch::Routing::RouteSet::Dispatcher)

data/lib/newrelic_security/instrumentation-security/rails/prepend.rb

@@ -29,5 +29,23 @@ module NewRelic::Security
         end
       end
     end
+
+    module ActionDispatch
+      module Routing
+        module RouteSet
+          module Dispatcher
+            module Prepend
+              include NewRelic::Security::Instrumentation::ActionDispatch::Routing::RouteSet::Dispatcher
+
+              def serve(req)
+                retval = nil
+                event = serve_on_enter(req) { retval = super }
+                serve_on_exit(event, retval) { return retval }
+              end
+            end
+          end
+        end
+      end
+    end
   end
 end

data/lib/newrelic_security/instrumentation-security/roda/chain.rb

@@ -10,10 +10,15 @@ module NewRelic::Security
 
             def _roda_handle_main_route(*args)
               retval = nil
-              event = _roda_handle_main_route_on_enter(self.env) { retval = _roda_handle_main_route_without_security(*args) }
+              event = _roda_handle_main_route_on_enter(env) do
+                begin
+                  retval = _roda_handle_main_route_without_security(*args)
+                ensure
+                  NewRelic::Security::Agent.agent.error_reporting&.report_unhandled_or_5xx_exceptions(NewRelic::Security::Agent::Control::HTTPContext.get_current_transaction, NewRelic::Security::Agent::Control::HTTPContext.get_context, nil)
+                end
+              end
               _roda_handle_main_route_on_exit(event, retval) { return retval }
             end
-
           end
         end
       end

data/lib/newrelic_security/instrumentation-security/roda/instrumentation.rb

@@ -12,7 +12,7 @@ module NewRelic::Security
         NewRelic::Security::Agent::Utils.get_app_routes(:roda) if NewRelic::Security::Agent.agent.route_map.empty?
         NewRelic::Security::Agent::Control::HTTPContext.set_context(env)
         ctxt = NewRelic::Security::Agent::Control::HTTPContext.get_context
-        ctxt.route = "#{env[REQUEST_METHOD].to_s}@#{env[PATH_INFO].to_s}" if ctxt
+        ctxt.route = "#{env[REQUEST_METHOD]}@#{env[PATH_INFO]}" if ctxt
         NewRelic::Security::Agent::Utils.parse_fuzz_header(NewRelic::Security::Agent::Control::HTTPContext.get_context)
       rescue => exception
         NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
@@ -26,6 +26,7 @@ module NewRelic::Security
         # NewRelic::Security::Agent.logger.debug "\n\nHTTP Context : #{::NewRelic::Agent::Tracer.current_transaction.instance_variable_get(:@security_context_data).inspect}\n\n"
         NewRelic::Security::Agent::Control::ReflectedXSS.check_xss(NewRelic::Security::Agent::Control::HTTPContext.get_context, retval) if NewRelic::Security::Agent.config[:'security.detection.rxss.enabled']
         NewRelic::Security::Agent::Utils.delete_created_files(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+        NewRelic::Security::Agent.agent.error_reporting&.report_unhandled_or_5xx_exceptions(NewRelic::Security::Agent::Control::HTTPContext.get_current_transaction, NewRelic::Security::Agent::Control::HTTPContext.get_context, retval[0])
         NewRelic::Security::Agent::Control::HTTPContext.reset_context
         NewRelic::Security::Agent.logger.debug "Exit event : #{event}"
       rescue => exception

data/lib/newrelic_security/instrumentation-security/roda/prepend.rb

@@ -6,7 +6,13 @@ module NewRelic::Security
 
         def _roda_handle_main_route(*args)
           retval = nil
-          event = _roda_handle_main_route_on_enter(self.env) { retval = super }
+          event = _roda_handle_main_route_on_enter(env) do
+            begin
+              retval = super
+            ensure
+              NewRelic::Security::Agent.agent.error_reporting&.report_unhandled_or_5xx_exceptions(NewRelic::Security::Agent::Control::HTTPContext.get_current_transaction, NewRelic::Security::Agent::Control::HTTPContext.get_context, nil)
+            end
+          end
           _roda_handle_main_route_on_exit(event, retval) { return retval }
         end
         

data/lib/newrelic_security/instrumentation-security/sinatra/chain.rb

@@ -20,6 +20,12 @@ module NewRelic::Security
               def route_eval(&block)
                 route_eval_on_enter { route_eval_without_security(&block) }
               end
+
+              alias_method :dispatch_without_security, :dispatch!
+
+              def dispatch!
+                dispatch_on_enter { dispatch_without_security }
+              end
             end
           end
         end

data/lib/newrelic_security/instrumentation-security/sinatra/instrumentation.rb

@@ -24,6 +24,7 @@ module NewRelic::Security
         # NewRelic::Security::Agent.logger.debug "\n\nHTTP Context : #{::NewRelic::Agent::Tracer.current_transaction.instance_variable_get(:@security_context_data).inspect}\n\n"
         NewRelic::Security::Agent::Control::ReflectedXSS.check_xss(NewRelic::Security::Agent::Control::HTTPContext.get_context, retval) if NewRelic::Security::Agent.config[:'security.detection.rxss.enabled']
         NewRelic::Security::Agent::Utils.delete_created_files(NewRelic::Security::Agent::Control::HTTPContext.get_context)
+        NewRelic::Security::Agent.agent.error_reporting&.report_unhandled_or_5xx_exceptions(NewRelic::Security::Agent::Control::HTTPContext.get_current_transaction, NewRelic::Security::Agent::Control::HTTPContext.get_context, retval[0])
         NewRelic::Security::Agent::Control::HTTPContext.reset_context
         NewRelic::Security::Agent.logger.debug "Exit event : #{event}"
       rescue => exception
@@ -41,6 +42,13 @@ module NewRelic::Security
       ensure
         yield
       end
+
+      def dispatch_on_enter
+        NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
+        yield
+      ensure
+        NewRelic::Security::Agent.agent.error_reporting&.report_unhandled_or_5xx_exceptions(NewRelic::Security::Agent::Control::HTTPContext.get_current_transaction, NewRelic::Security::Agent::Control::HTTPContext.get_context)
+      end
             
     end
   end

data/lib/newrelic_security/instrumentation-security/sinatra/prepend.rb

@@ -14,6 +14,10 @@ module NewRelic::Security
           def route_eval
             route_eval_on_enter { super }
           end
+
+          def dispatch!
+            dispatch_on_enter { super }
+          end
         end
       end
     end

data/lib/newrelic_security/instrumentation-security/sqlite3/instrumentation.rb

@@ -10,7 +10,7 @@ module NewRelic::Security
         NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
         hash = {}
         hash[:sql] = sql
-        hash[:parameters] = bind_vars.is_a?(String) ? [bind_vars] : bind_vars.map(&:to_s)
+        hash[:parameters] = bind_vars.is_a?(String) ? [bind_vars] : bind_vars.flatten
         hash[:parameters] = hash[:parameters] + args.map(&:to_s) unless args.empty?
         event = NewRelic::Security::Agent::Control::Collector.collect(SQL_DB_COMMAND, [hash], SQLITE) unless NewRelic::Security::Instrumentation::InstrumentationUtils.sql_filter_events?(hash[:sql])
       rescue => exception
@@ -34,7 +34,7 @@ module NewRelic::Security
         NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
         hash = {}
         hash[:sql] = sql
-        hash[:parameters] = bind_vars.is_a?(String) ? [bind_vars] : bind_vars.map(&:to_s)
+        hash[:parameters] = bind_vars.is_a?(String) ? [bind_vars] : bind_vars.flatten
         hash[:parameters] = hash[:parameters] + args unless args.empty?
         event = NewRelic::Security::Agent::Control::Collector.collect(SQL_DB_COMMAND, [hash], SQLITE) unless NewRelic::Security::Instrumentation::InstrumentationUtils.sql_filter_events?(hash[:sql])
       rescue => exception
@@ -102,7 +102,7 @@ module NewRelic::Security
       def bind_params_on_enter(*bind_vars)
         event = nil
         NewRelic::Security::Agent.logger.debug "OnEnter : #{self.class}.#{__method__}"
-        NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[self.object_id][:parameters] = bind_vars.map(&:to_s) if NewRelic::Security::Agent::Control::HTTPContext.get_context && NewRelic::Security::Agent::Control::HTTPContext.get_context.cache.key?(self.object_id)
+        NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[self.object_id][:parameters] = bind_vars.flatten if NewRelic::Security::Agent::Control::HTTPContext.get_context && NewRelic::Security::Agent::Control::HTTPContext.get_context.cache.key?(self.object_id)
       rescue => exception
         NewRelic::Security::Agent.logger.error "Exception in hook in #{self.class}.#{__method__}, #{exception.inspect}, #{exception.backtrace}"
       ensure
@@ -129,7 +129,7 @@ module NewRelic::Security
           else
             hash = {}
             hash[:sql] = NewRelic::Security::Agent::Control::HTTPContext.get_context.cache[key][:sql]
-            hash[:parameters] = bind_vars.map(&:to_s)
+            hash[:parameters] = bind_vars.flatten
             ic_args.push(hash)
           end
         end

data/lib/newrelic_security/version.rb

@@ -1,5 +1,5 @@
 module NewRelic
   module Security
-    VERSION = "0.1.0"
+    VERSION = "0.2.0"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: newrelic_security
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Prateek Sen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2024-07-29 00:00:00.000000000 Z
+date: 2024-10-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: newrelic_rpm
@@ -151,10 +151,12 @@ files:
 - lib/newrelic_security/agent/configuration/server_source.rb
 - lib/newrelic_security/agent/configuration/yaml_source.rb
 - lib/newrelic_security/agent/control/app_info.rb
+- lib/newrelic_security/agent/control/application_runtime_error.rb
 - lib/newrelic_security/agent/control/application_url_mappings.rb
 - lib/newrelic_security/agent/control/collector.rb
 - lib/newrelic_security/agent/control/control_command.rb
 - lib/newrelic_security/agent/control/critical_message.rb
+- lib/newrelic_security/agent/control/error_reporting.rb
 - lib/newrelic_security/agent/control/event.rb
 - lib/newrelic_security/agent/control/event_counter.rb
 - lib/newrelic_security/agent/control/event_processor.rb