Skip to content

Commit

Permalink
introduce register operation at exit for following modules async-http…
Browse files Browse the repository at this point in the history 
…-client, http-sync-client, httpclient-3, httpclient-4
  • Loading branch information
@lovesh-ap
lovesh-ap committed Dec 17, 2024
1 parent c4d883f commit 6689be4
Show file tree
Hide file tree
Showing 6 changed files with 45 additions and 53 deletions.
1 change: 0 additions & 1 deletion ...java/com/newrelic/agent/security/instrumentation/org/asynchttpclient/AsynchttpHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,4 @@ public class AsynchttpHelper {
public static final String METHOD_EXECUTE = "executeRequest";

public static final String ASYNC_HTTP_CLIENT_2_0_0 = "ASYNC_HTTP_CLIENT_2.0.0";

}
5 changes: 2 additions & 3 deletions ...-http-client-2.0.0/src/main/java/org/asynchttpclient/AsyncHttpClient_Instrumentation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,10 +50,10 @@ public <T> ListenableFuture<T> executeRequest(Request request, AsyncHandler<T> h
returnVal = Weaver.callOriginal();
} finally {
if(isLockAcquired){
registerExitOperation(isLockAcquired, operation);
GenericHelper.releaseLock(getNrSecCustomAttribName());
}
}
registerExitOperation(isLockAcquired, operation);
return returnVal;
}

Expand All @@ -69,7 +69,6 @@ private AbstractOperation preprocessSecurityHook(String url, String className, S

SSRFOperation operation = new SSRFOperation(url,
className, methodName);
NewRelicSecurity.getAgent().registerOperation(operation);
return operation;
} catch (Throwable e) {
if (e instanceof NewRelicSecurityException) {
Expand Down Expand Up @@ -118,7 +117,7 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio
) {
return;
}
NewRelicSecurity.getAgent().registerExitEvent(operation);
NewRelicSecurity.getAgent().registerOperation(operation);
} catch (Throwable ignored) {
NewRelicSecurity.getAgent().log(LogLevel.FINEST, String.format(GenericHelper.EXIT_OPERATION_EXCEPTION_MESSAGE, AsynchttpHelper.NR_SEC_CUSTOM_ATTRIB_NAME, ignored.getMessage()), ignored, this.getClass().getName());
}
Expand Down
25 changes: 11 additions & 14 deletions ...lic/agent/security/instrumentation/httpasyncclient4/HttpAsyncClient4_Instrumentation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,10 +58,10 @@ public <T> Future<T> execute(HttpAsyncRequestProducer requestProducer, HttpAsync
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand All @@ -84,10 +84,10 @@ public <T> Future<T> execute(HttpAsyncRequestProducer requestProducer, HttpAsync
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand Down Expand Up @@ -140,10 +140,10 @@ public Future<HttpResponse> execute(HttpHost target, HttpRequest request, Future
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand All @@ -160,10 +160,10 @@ public Future<HttpResponse> execute(HttpUriRequest request, HttpContext context,
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand All @@ -180,10 +180,10 @@ public Future<HttpResponse> execute(HttpUriRequest request, FutureCallback<HttpR
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand All @@ -201,7 +201,7 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO
) {
return;
}
NewRelicSecurity.getAgent().registerExitEvent(operation);
NewRelicSecurity.getAgent().registerOperation(operation);
} catch (Throwable ignored) {
NewRelicSecurity.getAgent().log(LogLevel.FINEST, String.format(GenericHelper.EXIT_OPERATION_EXCEPTION_MESSAGE, HTTP_ASYNC_CLIENT_4, ignored.getMessage()), ignored, HttpAsyncClient4_Instrumentation.class.getName());
}
Expand All @@ -224,15 +224,12 @@ private AbstractOperation preprocessSecurityHook(HttpRequest request, String uri

SSRFOperation operation = new SSRFOperation(uri,
this.getClass().getName(), methodName);
try {
NewRelicSecurity.getAgent().registerOperation(operation);
} finally {
if (operation.getApiID() != null && !operation.getApiID().trim().isEmpty() &&
operation.getExecutionId() != null && !operation.getExecutionId().trim().isEmpty()) {
// Add Security distributed tracing header
request.setHeader(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER, SSRFUtils.generateTracingHeaderValue(securityMetaData.getTracingHeaderValue(), operation.getApiID(), operation.getExecutionId(), NewRelicSecurity.getAgent().getAgentUUID()));
}
if (operation.getApiID() != null && !operation.getApiID().trim().isEmpty() &&
operation.getExecutionId() != null && !operation.getExecutionId().trim().isEmpty()) {
// Add Security distributed tracing header
request.setHeader(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER, SSRFUtils.generateTracingHeaderValue(securityMetaData.getTracingHeaderValue(), operation.getApiID(), operation.getExecutionId(), NewRelicSecurity.getAgent().getAgentUUID()));
}

return operation;
} catch (Throwable e) {
if (e instanceof NewRelicSecurityException) {
Expand Down
26 changes: 12 additions & 14 deletions ...m/newrelic/agent/security/instrumentation/httpclient3/HttpMethodBase_Instrumentation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,10 @@ public int execute(HttpState state, HttpConnection conn) throws HttpException, I
returnCode = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnCode;
}

Expand All @@ -56,7 +56,12 @@ private void registerExitOperation(boolean isProcessingAllowed, AbstractOperatio
) {
return;
}
NewRelicSecurity.getAgent().registerExitEvent(operation);
try {
NewRelicSecurity.getAgent().registerOperation(operation);
} catch (Exception e) {
NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, SecurityHelper.HTTP_CLIENT_3, e.getMessage()), e, this.getClass().getName());
NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE , String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, SecurityHelper.HTTP_CLIENT_3, e.getMessage()), e, this.getClass().getName());
}
} catch (Throwable ignored) {
NewRelicSecurity.getAgent().log(LogLevel.FINEST, String.format(GenericHelper.EXIT_OPERATION_EXCEPTION_MESSAGE, SecurityHelper.HTTP_CLIENT_3, ignored.getMessage()), ignored, this.getClass().getName());
}
Expand Down Expand Up @@ -115,19 +120,12 @@ private AbstractOperation preprocessSecurityHook(HttpConnection conn, String met

SSRFOperation operation = new SSRFOperation(uri,
this.getClass().getName(), methodName);
try {
NewRelicSecurity.getAgent().registerOperation(operation);
} catch (Exception e) {
NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, SecurityHelper.HTTP_CLIENT_3, e.getMessage()), e, this.getClass().getName());
NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE , String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, SecurityHelper.HTTP_CLIENT_3, e.getMessage()), e, this.getClass().getName());
}
finally {
if (operation.getApiID() != null && !operation.getApiID().trim().isEmpty() &&
operation.getExecutionId() != null && !operation.getExecutionId().trim().isEmpty()) {
// Add Security distributed tracing header
this.setRequestHeader(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER, SSRFUtils.generateTracingHeaderValue(securityMetaData.getTracingHeaderValue(), operation.getApiID(), operation.getExecutionId(), NewRelicSecurity.getAgent().getAgentUUID()));
}
if (operation.getApiID() != null && !operation.getApiID().trim().isEmpty() &&
operation.getExecutionId() != null && !operation.getExecutionId().trim().isEmpty()) {
// Add Security distributed tracing header
this.setRequestHeader(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER, SSRFUtils.generateTracingHeaderValue(securityMetaData.getTracingHeaderValue(), operation.getApiID(), operation.getExecutionId(), NewRelicSecurity.getAgent().getAgentUUID()));
}

return operation;
} catch (Throwable e) {
if (e instanceof NewRelicSecurityException) {
Expand Down
37 changes: 17 additions & 20 deletions .../com/newrelic/agent/security/instrumentation/httpclient40/HttpClient_Instrumentation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,10 +67,10 @@ public HttpResponse execute(HttpUriRequest request, HttpContext context) throws
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand All @@ -95,10 +95,10 @@ public HttpResponse execute(HttpHost target, HttpRequest request) throws Excepti
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand All @@ -123,10 +123,10 @@ public HttpResponse execute(HttpHost target, HttpRequest request, HttpContext co
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand All @@ -144,10 +144,10 @@ public <T, R extends T> T execute(HttpUriRequest request, ResponseHandler<R> res
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand All @@ -165,10 +165,10 @@ public <T, R extends T> T execute(HttpUriRequest request, ResponseHandler<R> res
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand All @@ -194,10 +194,10 @@ public <T, R extends T> T execute(HttpHost target, HttpRequest request, Response
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand All @@ -223,10 +223,10 @@ public <T, R extends T> T execute(HttpHost target, HttpRequest request, Response
returnObj = Weaver.callOriginal();
} finally {
if (isLockAcquired) {
registerExitOperation(isLockAcquired, operation);
releaseLock();
}
}
registerExitOperation(isLockAcquired, operation);
return returnObj;
}

Expand All @@ -242,7 +242,12 @@ private static void registerExitOperation(boolean isProcessingAllowed, AbstractO
) {
return;
}
NewRelicSecurity.getAgent().registerExitEvent(operation);
try {
NewRelicSecurity.getAgent().registerOperation(operation);
} catch (Exception e) {
NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, SecurityHelper.HTTP_CLIENT_4, e.getMessage()), e, this.getClass().getName());
NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE , String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, SecurityHelper.HTTP_CLIENT_4, e.getMessage()), e, this.getClass().getName());
}
} catch (Throwable ignored) {
NewRelicSecurity.getAgent().log(LogLevel.FINEST, String.format(GenericHelper.EXIT_OPERATION_EXCEPTION_MESSAGE, SecurityHelper.HTTP_CLIENT_4, ignored.getMessage()), ignored, HttpClient_Instrumentation.class.getName());
}
Expand All @@ -269,18 +274,10 @@ private AbstractOperation preprocessSecurityHook(HttpRequest request, String uri

SSRFOperation operation = new SSRFOperation(uri,
this.getClass().getName(), methodName);
try {
NewRelicSecurity.getAgent().registerOperation(operation);
} catch (Exception e) {
NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, SecurityHelper.HTTP_CLIENT_4, e.getMessage()), e, this.getClass().getName());
NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE , String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, SecurityHelper.HTTP_CLIENT_4, e.getMessage()), e, this.getClass().getName());
}
finally {
if (operation.getApiID() != null && !operation.getApiID().trim().isEmpty() &&
operation.getExecutionId() != null && !operation.getExecutionId().trim().isEmpty()) {
// Add Security distributed tracing header
request.setHeader(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER, SSRFUtils.generateTracingHeaderValue(securityMetaData.getTracingHeaderValue(), operation.getApiID(), operation.getExecutionId(), NewRelicSecurity.getAgent().getAgentUUID()));
}
if (operation.getApiID() != null && !operation.getApiID().trim().isEmpty() &&
operation.getExecutionId() != null && !operation.getExecutionId().trim().isEmpty()) {
// Add Security distributed tracing header
request.setHeader(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER, SSRFUtils.generateTracingHeaderValue(securityMetaData.getTracingHeaderValue(), operation.getApiID(), operation.getExecutionId(), NewRelicSecurity.getAgent().getAgentUUID()));
}
return operation;
} catch (Throwable e) {
Expand Down
4 changes: 3 additions & 1 deletion newrelic-security-agent/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,9 @@ dependencies {
shadowIntoJar 'com.fasterxml.jackson.core:jackson-databind:2.14.3'
shadowIntoJar 'org.java-websocket:Java-WebSocket:1.5.3'
shadowIntoJar 'commons-io:commons-io:2.7'
shadowIntoJar 'org.apache.commons:commons-text:1.10.0'
shadowIntoJar ('org.apache.commons:commons-text:1.10.0') {
exclude(group: 'org.apache.commons', module: 'commons-lang3')
}
shadowIntoJar 'commons-net:commons-net:3.9.0'
shadowIntoJar 'org.apache.commons:commons-compress:1.26.0'
shadowIntoJar 'org.apache.commons:commons-collections4:4.4'
Expand Down

0 comments on commit 6689be4

Please sign in to comment.