newrelic 12.5.2 → 12.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/NEWS.md CHANGED
@@ -1,3 +1,18 @@
1
+ ### v12.6.0 (2024-10-30)
2
+
3
+ #### Features
4
+
5
+ * Added ARN and provider to Lambda segments ([#2674](https://github.com/newrelic/node-newrelic/pull/2674)) ([a23294c](https://github.com/newrelic/node-newrelic/commit/a23294c2d2cc665de5df1a0f3c9099dedbfbb896))
6
+ * Added IAST configurations for scan scheduling and restrictions ([#2645](https://github.com/newrelic/node-newrelic/pull/2645)) ([13a627a](https://github.com/newrelic/node-newrelic/commit/13a627a1a1529dd8f8c93d0b9f582457c019a63e))
7
+
8
+ #### Documentation
9
+
10
+ * Updated compatibility report ([#2673](https://github.com/newrelic/node-newrelic/pull/2673)) ([e4d0503](https://github.com/newrelic/node-newrelic/commit/e4d0503934f7de45d3cdb6dbb4640a66cf8d8421))
11
+
12
+ #### Miscellaneous chores
13
+
14
+ * Replaced static openssl cert usage with in-process cert ([#2671](https://github.com/newrelic/node-newrelic/pull/2671)) ([72872f4](https://github.com/newrelic/node-newrelic/commit/72872f4313fd9bc6d2b358a735dc76b9cda1a489))
15
+
1
16
  ### v12.5.2 (2024-10-23)
2
17
 
3
18
  #### Features
@@ -53,11 +53,14 @@ exports.proxyAgent = function proxyAgent(config) {
53
53
  }
54
54
  const proxyUrl = proxyOptions(config)
55
55
 
56
+ // Tests may supply 127.0.0.1 as the host, but SNI requires a hostname.
57
+ const servername = config.host
56
58
  const proxyOpts = {
57
59
  secureEndpoint: config.ssl,
58
60
  auth: proxyUrl.auth,
59
61
  ca: config?.certificates?.length ? config.certificates : [],
60
- keepAlive: true
62
+ keepAlive: true,
63
+ servername
61
64
  }
62
65
 
63
66
  logger.info(`using proxy: ${proxyUrl}`)
@@ -1318,6 +1318,147 @@ defaultConfig.definition = () => ({
1318
1318
  default: true
1319
1319
  }
1320
1320
  }
1321
+ },
1322
+
1323
+ /**
1324
+ * Unique test identifier when runnning IAST with CI/CD
1325
+ */
1326
+ iast_test_identifier: '',
1327
+
1328
+ /**
1329
+ * IAST scan controllers to get more control over IAST analysis
1330
+ */
1331
+ scan_controllers: {
1332
+ /**
1333
+ * The maximum number of analysis probes or requests
1334
+ * that can be sent to the application in one minute.
1335
+ */
1336
+ iast_scan_request_rate_limit: {
1337
+ formatter: int,
1338
+ default: 3600
1339
+ },
1340
+ /**
1341
+ * The number of application instances for a specific entity where IAST analysis is performed.
1342
+ * Values are 0 or 1, 0 signifies run on all application instances
1343
+ */
1344
+ scan_instance_count: {
1345
+ formatter: int,
1346
+ default: 0
1347
+ }
1348
+ },
1349
+ /**
1350
+ * Schedule start and stop of IAST scan
1351
+ */
1352
+ scan_schedule: {
1353
+ /**
1354
+ * The delay field specifies the time in minutes
1355
+ * before an IAST scan begins after the application starts
1356
+ */
1357
+ delay: {
1358
+ formatter: int,
1359
+ default: 0
1360
+ },
1361
+ /**
1362
+ * The duration field specifies the amount of
1363
+ * time in minutes that the IAST scan will run
1364
+ */
1365
+ duration: {
1366
+ formatter: int,
1367
+ default: 0
1368
+ },
1369
+ /**
1370
+ * The schedule field specifies a unix cron expression that defines when the IAST scan should run.
1371
+ * By default, schedule is disabled
1372
+ *
1373
+ */
1374
+ schedule: '',
1375
+ /**
1376
+ * Allows IAST to actively collect trace data in the background
1377
+ * and the security agent will use this collected data to perform
1378
+ * an IAST scan at the scheduled time
1379
+ */
1380
+ always_sample_traces: {
1381
+ formatter: boolean,
1382
+ default: false
1383
+ }
1384
+ },
1385
+
1386
+ /**
1387
+ * The exclude from IAST scan setting allows to exclude specific APIs,
1388
+ * vulnerability categories, and parameters from IAST analysis.
1389
+ */
1390
+ exclude_from_iast_scan: {
1391
+ /**
1392
+ * Ignore specific APIs from IAST analysis.
1393
+ * The regex pattern should provide a full match for the URL without the endpoint.
1394
+ */
1395
+ api: {
1396
+ formatter: array,
1397
+ default: []
1398
+ },
1399
+ /**
1400
+ * Ignore specific HTTP request parameters from IAST analysis.
1401
+ */
1402
+ http_request_parameters: {
1403
+ header: {
1404
+ formatter: array,
1405
+ default: []
1406
+ },
1407
+ query: {
1408
+ formatter: array,
1409
+ default: []
1410
+ },
1411
+ body: {
1412
+ formatter: array,
1413
+ default: []
1414
+ }
1415
+ },
1416
+ /**
1417
+ * Allows users to specify categories of vulnerabilities
1418
+ * for which IAST analysis will be applied or ignored.
1419
+ */
1420
+ iast_detection_category: {
1421
+ insecure_settings: {
1422
+ formatter: boolean,
1423
+ default: false
1424
+ },
1425
+ invalid_file_access: {
1426
+ formatter: boolean,
1427
+ default: false
1428
+ },
1429
+ sql_injection: {
1430
+ formatter: boolean,
1431
+ default: false
1432
+ },
1433
+ nosql_injection: {
1434
+ formatter: boolean,
1435
+ default: false
1436
+ },
1437
+ ldap_injection: {
1438
+ formatter: boolean,
1439
+ default: false
1440
+ },
1441
+ javascript_injection: {
1442
+ formatter: boolean,
1443
+ default: false
1444
+ },
1445
+ command_injection: {
1446
+ formatter: boolean,
1447
+ default: false
1448
+ },
1449
+ xpath_injection: {
1450
+ formatter: boolean,
1451
+ default: false
1452
+ },
1453
+ ssrf: {
1454
+ formatter: boolean,
1455
+ default: false
1456
+ },
1457
+ rxss: {
1458
+ formatter: boolean,
1459
+ default: false
1460
+ }
1461
+ }
1321
1462
  }
1322
1463
  },
1323
1464
 
@@ -249,7 +249,9 @@ class AwsLambda {
249
249
  _getAwsAgentAttributes(event, context) {
250
250
  const attributes = {
251
251
  'aws.lambda.arn': context.invokedFunctionArn,
252
- 'aws.requestId': context.awsRequestId
252
+ 'aws.requestId': context.awsRequestId,
253
+ 'cloud.resource_id': context.invokedFunctionArn,
254
+ 'cloud.platform': 'aws_lambda'
253
255
  }
254
256
 
255
257
  const eventSourceInfo = this._detectEventType(event)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "newrelic",
3
- "version": "12.5.2",
3
+ "version": "12.6.0",
4
4
  "author": "New Relic Node.js agent team <nodejs@newrelic.com>",
5
5
  "license": "Apache-2.0",
6
6
  "contributors": [
@@ -163,15 +163,14 @@
163
163
  "docs": "rm -rf ./out && jsdoc -c ./jsdoc-conf.jsonc --private -r .",
164
164
  "integration": "npm run prepare-test && npm run sub-install && BORP_CONF_FILE=.borp.int.yaml time c8 -o ./coverage/integration borp --timeout 600000 --reporter ./test/lib/test-reporter.mjs",
165
165
  "integration:esm": "NODE_OPTIONS='--loader=./esm-loader.mjs' BORP_CONF_FILE=.borp.int-esm.yaml time c8 -o ./coverage/integration-esm borp --reporter ./test/lib/test-reporter.mjs",
166
- "prepare-test": "npm run ssl && npm run docker-env",
166
+ "prepare-test": "npm run docker-env",
167
167
  "lint": "eslint ./*.{js,mjs} lib test bin",
168
168
  "lint:fix": "eslint --fix, ./*.{js,mjs} lib test bin",
169
169
  "public-docs": "jsdoc -c ./jsdoc-conf.jsonc",
170
170
  "publish-docs": "./bin/publish-docs.sh",
171
171
  "services": "DOCKER_PLATFORM=linux/$(uname -m) docker compose up -d --wait",
172
172
  "services:stop": "docker compose down",
173
- "smoke": "npm run ssl && time borp --timeout 180000 --reporter ./test/lib/test-reporter.mjs 'test/smoke/**/*.tap.js'",
174
- "ssl": "./bin/ssl.sh",
173
+ "smoke": "time borp --timeout 180000 --reporter ./test/lib/test-reporter.mjs 'test/smoke/**/*.{test,tap}.js'",
175
174
  "sub-install": "node test/bin/install_sub_deps",
176
175
  "test": "npm run integration && npm run unit",
177
176
  "third-party-updates": "oss third-party manifest --includeOptDeps && oss third-party notices --includeOptDeps && git add THIRD_PARTY_NOTICES.md third_party_manifest.json",
@@ -195,7 +194,7 @@
195
194
  "newrelic-naming-rules": "./bin/test-naming-rules.js"
196
195
  },
197
196
  "dependencies": {
198
- "@grpc/grpc-js": "^1.9.4",
197
+ "@grpc/grpc-js": "^1.12.2",
199
198
  "@grpc/proto-loader": "^0.7.5",
200
199
  "@newrelic/security-agent": "^2.0.0",
201
200
  "@tyriar/fibonacci-heap": "^2.0.7",
@@ -253,7 +252,6 @@
253
252
  "lint-staged": "^11.0.0",
254
253
  "lockfile-lint": "^4.9.6",
255
254
  "nock": "11.8.0",
256
- "proxy": "^2.1.1",
257
255
  "proxyquire": "^1.8.0",
258
256
  "rimraf": "^2.6.3",
259
257
  "self-cert": "^2.0.0",