newrelic 12.5.2 → 12.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/NEWS.md +15 -0
- package/lib/collector/http-agents.js +4 -1
- package/lib/config/default.js +141 -0
- package/lib/serverless/aws-lambda.js +3 -1
- package/package.json +4 -6
package/NEWS.md
CHANGED
|
@@ -1,3 +1,18 @@
|
|
|
1
|
+
### v12.6.0 (2024-10-30)
|
|
2
|
+
|
|
3
|
+
#### Features
|
|
4
|
+
|
|
5
|
+
* Added ARN and provider to Lambda segments ([#2674](https://github.com/newrelic/node-newrelic/pull/2674)) ([a23294c](https://github.com/newrelic/node-newrelic/commit/a23294c2d2cc665de5df1a0f3c9099dedbfbb896))
|
|
6
|
+
* Added IAST configurations for scan scheduling and restrictions ([#2645](https://github.com/newrelic/node-newrelic/pull/2645)) ([13a627a](https://github.com/newrelic/node-newrelic/commit/13a627a1a1529dd8f8c93d0b9f582457c019a63e))
|
|
7
|
+
|
|
8
|
+
#### Documentation
|
|
9
|
+
|
|
10
|
+
* Updated compatibility report ([#2673](https://github.com/newrelic/node-newrelic/pull/2673)) ([e4d0503](https://github.com/newrelic/node-newrelic/commit/e4d0503934f7de45d3cdb6dbb4640a66cf8d8421))
|
|
11
|
+
|
|
12
|
+
#### Miscellaneous chores
|
|
13
|
+
|
|
14
|
+
* Replaced static openssl cert usage with in-process cert ([#2671](https://github.com/newrelic/node-newrelic/pull/2671)) ([72872f4](https://github.com/newrelic/node-newrelic/commit/72872f4313fd9bc6d2b358a735dc76b9cda1a489))
|
|
15
|
+
|
|
1
16
|
### v12.5.2 (2024-10-23)
|
|
2
17
|
|
|
3
18
|
#### Features
|
|
@@ -53,11 +53,14 @@ exports.proxyAgent = function proxyAgent(config) {
|
|
|
53
53
|
}
|
|
54
54
|
const proxyUrl = proxyOptions(config)
|
|
55
55
|
|
|
56
|
+
// Tests may supply 127.0.0.1 as the host, but SNI requires a hostname.
|
|
57
|
+
const servername = config.host
|
|
56
58
|
const proxyOpts = {
|
|
57
59
|
secureEndpoint: config.ssl,
|
|
58
60
|
auth: proxyUrl.auth,
|
|
59
61
|
ca: config?.certificates?.length ? config.certificates : [],
|
|
60
|
-
keepAlive: true
|
|
62
|
+
keepAlive: true,
|
|
63
|
+
servername
|
|
61
64
|
}
|
|
62
65
|
|
|
63
66
|
logger.info(`using proxy: ${proxyUrl}`)
|
package/lib/config/default.js
CHANGED
|
@@ -1318,6 +1318,147 @@ defaultConfig.definition = () => ({
|
|
|
1318
1318
|
default: true
|
|
1319
1319
|
}
|
|
1320
1320
|
}
|
|
1321
|
+
},
|
|
1322
|
+
|
|
1323
|
+
/**
|
|
1324
|
+
* Unique test identifier when runnning IAST with CI/CD
|
|
1325
|
+
*/
|
|
1326
|
+
iast_test_identifier: '',
|
|
1327
|
+
|
|
1328
|
+
/**
|
|
1329
|
+
* IAST scan controllers to get more control over IAST analysis
|
|
1330
|
+
*/
|
|
1331
|
+
scan_controllers: {
|
|
1332
|
+
/**
|
|
1333
|
+
* The maximum number of analysis probes or requests
|
|
1334
|
+
* that can be sent to the application in one minute.
|
|
1335
|
+
*/
|
|
1336
|
+
iast_scan_request_rate_limit: {
|
|
1337
|
+
formatter: int,
|
|
1338
|
+
default: 3600
|
|
1339
|
+
},
|
|
1340
|
+
/**
|
|
1341
|
+
* The number of application instances for a specific entity where IAST analysis is performed.
|
|
1342
|
+
* Values are 0 or 1, 0 signifies run on all application instances
|
|
1343
|
+
*/
|
|
1344
|
+
scan_instance_count: {
|
|
1345
|
+
formatter: int,
|
|
1346
|
+
default: 0
|
|
1347
|
+
}
|
|
1348
|
+
},
|
|
1349
|
+
/**
|
|
1350
|
+
* Schedule start and stop of IAST scan
|
|
1351
|
+
*/
|
|
1352
|
+
scan_schedule: {
|
|
1353
|
+
/**
|
|
1354
|
+
* The delay field specifies the time in minutes
|
|
1355
|
+
* before an IAST scan begins after the application starts
|
|
1356
|
+
*/
|
|
1357
|
+
delay: {
|
|
1358
|
+
formatter: int,
|
|
1359
|
+
default: 0
|
|
1360
|
+
},
|
|
1361
|
+
/**
|
|
1362
|
+
* The duration field specifies the amount of
|
|
1363
|
+
* time in minutes that the IAST scan will run
|
|
1364
|
+
*/
|
|
1365
|
+
duration: {
|
|
1366
|
+
formatter: int,
|
|
1367
|
+
default: 0
|
|
1368
|
+
},
|
|
1369
|
+
/**
|
|
1370
|
+
* The schedule field specifies a unix cron expression that defines when the IAST scan should run.
|
|
1371
|
+
* By default, schedule is disabled
|
|
1372
|
+
*
|
|
1373
|
+
*/
|
|
1374
|
+
schedule: '',
|
|
1375
|
+
/**
|
|
1376
|
+
* Allows IAST to actively collect trace data in the background
|
|
1377
|
+
* and the security agent will use this collected data to perform
|
|
1378
|
+
* an IAST scan at the scheduled time
|
|
1379
|
+
*/
|
|
1380
|
+
always_sample_traces: {
|
|
1381
|
+
formatter: boolean,
|
|
1382
|
+
default: false
|
|
1383
|
+
}
|
|
1384
|
+
},
|
|
1385
|
+
|
|
1386
|
+
/**
|
|
1387
|
+
* The exclude from IAST scan setting allows to exclude specific APIs,
|
|
1388
|
+
* vulnerability categories, and parameters from IAST analysis.
|
|
1389
|
+
*/
|
|
1390
|
+
exclude_from_iast_scan: {
|
|
1391
|
+
/**
|
|
1392
|
+
* Ignore specific APIs from IAST analysis.
|
|
1393
|
+
* The regex pattern should provide a full match for the URL without the endpoint.
|
|
1394
|
+
*/
|
|
1395
|
+
api: {
|
|
1396
|
+
formatter: array,
|
|
1397
|
+
default: []
|
|
1398
|
+
},
|
|
1399
|
+
/**
|
|
1400
|
+
* Ignore specific HTTP request parameters from IAST analysis.
|
|
1401
|
+
*/
|
|
1402
|
+
http_request_parameters: {
|
|
1403
|
+
header: {
|
|
1404
|
+
formatter: array,
|
|
1405
|
+
default: []
|
|
1406
|
+
},
|
|
1407
|
+
query: {
|
|
1408
|
+
formatter: array,
|
|
1409
|
+
default: []
|
|
1410
|
+
},
|
|
1411
|
+
body: {
|
|
1412
|
+
formatter: array,
|
|
1413
|
+
default: []
|
|
1414
|
+
}
|
|
1415
|
+
},
|
|
1416
|
+
/**
|
|
1417
|
+
* Allows users to specify categories of vulnerabilities
|
|
1418
|
+
* for which IAST analysis will be applied or ignored.
|
|
1419
|
+
*/
|
|
1420
|
+
iast_detection_category: {
|
|
1421
|
+
insecure_settings: {
|
|
1422
|
+
formatter: boolean,
|
|
1423
|
+
default: false
|
|
1424
|
+
},
|
|
1425
|
+
invalid_file_access: {
|
|
1426
|
+
formatter: boolean,
|
|
1427
|
+
default: false
|
|
1428
|
+
},
|
|
1429
|
+
sql_injection: {
|
|
1430
|
+
formatter: boolean,
|
|
1431
|
+
default: false
|
|
1432
|
+
},
|
|
1433
|
+
nosql_injection: {
|
|
1434
|
+
formatter: boolean,
|
|
1435
|
+
default: false
|
|
1436
|
+
},
|
|
1437
|
+
ldap_injection: {
|
|
1438
|
+
formatter: boolean,
|
|
1439
|
+
default: false
|
|
1440
|
+
},
|
|
1441
|
+
javascript_injection: {
|
|
1442
|
+
formatter: boolean,
|
|
1443
|
+
default: false
|
|
1444
|
+
},
|
|
1445
|
+
command_injection: {
|
|
1446
|
+
formatter: boolean,
|
|
1447
|
+
default: false
|
|
1448
|
+
},
|
|
1449
|
+
xpath_injection: {
|
|
1450
|
+
formatter: boolean,
|
|
1451
|
+
default: false
|
|
1452
|
+
},
|
|
1453
|
+
ssrf: {
|
|
1454
|
+
formatter: boolean,
|
|
1455
|
+
default: false
|
|
1456
|
+
},
|
|
1457
|
+
rxss: {
|
|
1458
|
+
formatter: boolean,
|
|
1459
|
+
default: false
|
|
1460
|
+
}
|
|
1461
|
+
}
|
|
1321
1462
|
}
|
|
1322
1463
|
},
|
|
1323
1464
|
|
|
@@ -249,7 +249,9 @@ class AwsLambda {
|
|
|
249
249
|
_getAwsAgentAttributes(event, context) {
|
|
250
250
|
const attributes = {
|
|
251
251
|
'aws.lambda.arn': context.invokedFunctionArn,
|
|
252
|
-
'aws.requestId': context.awsRequestId
|
|
252
|
+
'aws.requestId': context.awsRequestId,
|
|
253
|
+
'cloud.resource_id': context.invokedFunctionArn,
|
|
254
|
+
'cloud.platform': 'aws_lambda'
|
|
253
255
|
}
|
|
254
256
|
|
|
255
257
|
const eventSourceInfo = this._detectEventType(event)
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "newrelic",
|
|
3
|
-
"version": "12.
|
|
3
|
+
"version": "12.6.0",
|
|
4
4
|
"author": "New Relic Node.js agent team <nodejs@newrelic.com>",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"contributors": [
|
|
@@ -163,15 +163,14 @@
|
|
|
163
163
|
"docs": "rm -rf ./out && jsdoc -c ./jsdoc-conf.jsonc --private -r .",
|
|
164
164
|
"integration": "npm run prepare-test && npm run sub-install && BORP_CONF_FILE=.borp.int.yaml time c8 -o ./coverage/integration borp --timeout 600000 --reporter ./test/lib/test-reporter.mjs",
|
|
165
165
|
"integration:esm": "NODE_OPTIONS='--loader=./esm-loader.mjs' BORP_CONF_FILE=.borp.int-esm.yaml time c8 -o ./coverage/integration-esm borp --reporter ./test/lib/test-reporter.mjs",
|
|
166
|
-
"prepare-test": "npm run
|
|
166
|
+
"prepare-test": "npm run docker-env",
|
|
167
167
|
"lint": "eslint ./*.{js,mjs} lib test bin",
|
|
168
168
|
"lint:fix": "eslint --fix, ./*.{js,mjs} lib test bin",
|
|
169
169
|
"public-docs": "jsdoc -c ./jsdoc-conf.jsonc",
|
|
170
170
|
"publish-docs": "./bin/publish-docs.sh",
|
|
171
171
|
"services": "DOCKER_PLATFORM=linux/$(uname -m) docker compose up -d --wait",
|
|
172
172
|
"services:stop": "docker compose down",
|
|
173
|
-
"smoke": "
|
|
174
|
-
"ssl": "./bin/ssl.sh",
|
|
173
|
+
"smoke": "time borp --timeout 180000 --reporter ./test/lib/test-reporter.mjs 'test/smoke/**/*.{test,tap}.js'",
|
|
175
174
|
"sub-install": "node test/bin/install_sub_deps",
|
|
176
175
|
"test": "npm run integration && npm run unit",
|
|
177
176
|
"third-party-updates": "oss third-party manifest --includeOptDeps && oss third-party notices --includeOptDeps && git add THIRD_PARTY_NOTICES.md third_party_manifest.json",
|
|
@@ -195,7 +194,7 @@
|
|
|
195
194
|
"newrelic-naming-rules": "./bin/test-naming-rules.js"
|
|
196
195
|
},
|
|
197
196
|
"dependencies": {
|
|
198
|
-
"@grpc/grpc-js": "^1.
|
|
197
|
+
"@grpc/grpc-js": "^1.12.2",
|
|
199
198
|
"@grpc/proto-loader": "^0.7.5",
|
|
200
199
|
"@newrelic/security-agent": "^2.0.0",
|
|
201
200
|
"@tyriar/fibonacci-heap": "^2.0.7",
|
|
@@ -253,7 +252,6 @@
|
|
|
253
252
|
"lint-staged": "^11.0.0",
|
|
254
253
|
"lockfile-lint": "^4.9.6",
|
|
255
254
|
"nock": "11.8.0",
|
|
256
|
-
"proxy": "^2.1.1",
|
|
257
255
|
"proxyquire": "^1.8.0",
|
|
258
256
|
"rimraf": "^2.6.3",
|
|
259
257
|
"self-cert": "^2.0.0",
|