Class: NewRelic::Security::Agent::Configuration::Manager

Inherits:
Object
  • Object
show all
Defined in:
lib/newrelic_security/agent/configuration/manager.rb

Instance Method Summary collapse

Constructor Details

#initializeManager

Returns a new instance of Manager.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 14

def initialize
  @cache = Hash.new
  @cache[:agent_run_id] = ::NewRelic::Agent.agent.service.agent_id
  @cache[:linking_metadata] = ::NewRelic::Agent.linking_metadata
  @cache[:app_name] = ::NewRelic::Agent.config[:app_name][0]
  @cache[:entity_guid] = ::NewRelic::Agent.config[:entity_guid]
  @cache[:license_key] = ::NewRelic::Agent.config[:license_key]
  @cache[:policy] = Hash.new
  @cache[:account_id] = nil
  @cache[:application_id] = nil
  @cache[:primary_application_id] = nil
  @cache[:log_file_path] = ::NewRelic::Agent.config[:log_file_path]
  @cache[:fuzz_dir_path] = ::File.join(::File.absolute_path(::NewRelic::Agent.config[:log_file_path]), SEC_HOME_PATH, TMP_DIR)
  @cache[:log_level] = ::NewRelic::Agent.config[:log_level]
  @cache[:high_security] = ::NewRelic::Agent.config[:high_security]
  @cache[:'agent.enabled'] = ::NewRelic::Agent.config[:'security.agent.enabled']
  @cache[:'security.enabled'] = ::NewRelic::Agent.config[:'security.enabled']
  @cache[:enabled] = false
  @cache[:mode] = ::NewRelic::Agent.config[:'security.mode']
  @cache[:validator_service_url] = ::NewRelic::Agent.config[:'security.validator_service_url']
  # TODO: Remove security.detection.* & security.request.body_limit in next major release
  @cache[:'security.detection.rci.enabled'] = ::NewRelic::Agent.config[:'security.detection.rci.enabled'].nil? ? true : ::NewRelic::Agent.config[:'security.detection.rci.enabled']
  @cache[:'security.detection.rxss.enabled'] = ::NewRelic::Agent.config[:'security.detection.rxss.enabled'].nil? ? true : ::NewRelic::Agent.config[:'security.detection.rxss.enabled']
  @cache[:'security.detection.deserialization.enabled'] = ::NewRelic::Agent.config[:'security.detection.deserialization.enabled'].nil? ? true : ::NewRelic::Agent.config[:'security.detection.deserialization.enabled']
  @cache[:'security.scan_controllers.iast_scan_request_rate_limit'] = ::NewRelic::Agent.config[:'security.scan_controllers.iast_scan_request_rate_limit'].to_i
  @cache[:framework] = detect_framework
  @cache[:app_class] = detect_app_class if @cache[:framework] == :rack
  @cache[:'security.application_info.port'] = ::NewRelic::Agent.config[:'security.application_info.port'].to_i
  @cache[:listen_port] = nil
  @cache[:process_start_time] = current_time_millis # TODO: Ruby doesn't provide process start time in pure ruby implementation using agent loading time for now.
  @cache[:traffic_start_time] = nil
  @cache[:scan_start_time] = nil
  @cache[:'security.scan_controllers.scan_instance_count'] = ::NewRelic::Agent.config[:'security.scan_controllers.scan_instance_count']
  @cache[:'security.iast_test_identifier'] = ::NewRelic::Agent.config[:'security.iast_test_identifier']
  @cache[:app_root] = NewRelic::Security::Agent::Utils.app_root
  @cache[:jruby_objectspace_enabled] = false
  @cache[:json_version] = :'1.2.9'
  @cache[:'security.exclude_from_iast_scan.api'] = convert_to_regexp_list(::NewRelic::Agent.config[:'security.exclude_from_iast_scan.api'])
  @cache[:'security.exclude_from_iast_scan.http_request_parameters.header'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.http_request_parameters.header']
  @cache[:'security.exclude_from_iast_scan.http_request_parameters.query'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.http_request_parameters.query']
  @cache[:'security.exclude_from_iast_scan.http_request_parameters.body'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.http_request_parameters.body']
  @cache[:'security.exclude_from_iast_scan.iast_detection_category.insecure_settings'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.iast_detection_category.insecure_settings']
  @cache[:'security.exclude_from_iast_scan.iast_detection_category.invalid_file_access'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.iast_detection_category.invalid_file_access']
  @cache[:'security.exclude_from_iast_scan.iast_detection_category.sql_injection'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.iast_detection_category.sql_injection']
  @cache[:'security.exclude_from_iast_scan.iast_detection_category.nosql_injection'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.iast_detection_category.nosql_injection']
  @cache[:'security.exclude_from_iast_scan.iast_detection_category.ldap_injection'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.iast_detection_category.ldap_injection']
  @cache[:'security.exclude_from_iast_scan.iast_detection_category.javascript_injection'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.iast_detection_category.javascript_injection']
  @cache[:'security.exclude_from_iast_scan.iast_detection_category.command_injection'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.iast_detection_category.command_injection']
  @cache[:'security.exclude_from_iast_scan.iast_detection_category.xpath_injection'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.iast_detection_category.xpath_injection']
  @cache[:'security.exclude_from_iast_scan.iast_detection_category.ssrf'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.iast_detection_category.ssrf']
  @cache[:'security.exclude_from_iast_scan.iast_detection_category.rxss'] = ::NewRelic::Agent.config[:'security.exclude_from_iast_scan.iast_detection_category.rxss']
  @cache[:'security.scan_schedule.delay'] = ::NewRelic::Agent.config[:'security.scan_schedule.delay'].to_i
  @cache[:'security.scan_schedule.duration'] = ::NewRelic::Agent.config[:'security.scan_schedule.duration'].to_i
  @cache[:'security.scan_schedule.schedule'] = ::NewRelic::Agent.config[:'security.scan_schedule.schedule']
  @cache[:'security.scan_schedule.always_sample_traces'] = ::NewRelic::Agent.config[:'security.scan_schedule.always_sample_traces']

  @environment_source = NewRelic::Security::Agent::Configuration::EnvironmentSource.new
  @server_source = NewRelic::Security::Agent::Configuration::ServerSource.new
  @manual_source = NewRelic::Security::Agent::Configuration::ManualSource.new
  @yaml_source = NewRelic::Security::Agent::Configuration::YamlSource.new
  @default_source = NewRelic::Security::Agent::Configuration::DefaultSource.new
rescue Exception => exception
  ::NewRelic::Agent.notice_error(exception)
end

Instance Method Details

#[](key) ⇒ Object 



79
80
81
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 79

def [](key)
  @cache[key]
end

#app_server=(app_server) ⇒ Object 



130
131
132
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 130

def app_server=(app_server)
  @cache[:app_server] = app_server
end

#cacheObject 



91
92
93
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 91

def cache
  @cache
end

#disable_securityObject 



138
139
140
141
142
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 138

def disable_security
  @cache[:enabled] = false
  NewRelic::Security::Agent.logger.info "Security Agent is now INACTIVE for #{NewRelic::Security::Agent.config[:uuid]}\n"
  NewRelic::Security::Agent.init_logger.info "Security Agent is now INACTIVE for #{NewRelic::Security::Agent.config[:uuid]}\n"
end

#enable_securityObject 



144
145
146
147
148
149
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 144

def enable_security
  @cache[:enabled] = true
  NewRelic::Security::Agent.logger.info "Security Agent is now ACTIVE for #{NewRelic::Security::Agent.config[:uuid]}\n"
  NewRelic::Security::Agent.init_logger.info "Security Agent is now ACTIVE for #{NewRelic::Security::Agent.config[:uuid]}\n"
  NewRelic::Security::Agent.agent.event_processor.send_critical_message("Security Agent is now ACTIVE for #{NewRelic::Security::Agent.config[:uuid]}", "INFO", caller_locations[0].to_s, Thread.current.name, nil)
end

#has_key?(key) ⇒ Boolean

Returns:

  • (Boolean) 


83
84
85
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 83

def has_key?(key)
  @cache.has_key?(key)
end

#jruby_objectspace_enabled=(jruby_objectspace_enabled) ⇒ Object 



134
135
136
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 134

def jruby_objectspace_enabled=(jruby_objectspace_enabled)
  @cache[:jruby_objectspace_enabled] = jruby_objectspace_enabled
end

#keysObject 



87
88
89
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 87

def keys
  @cache.keys
end

#refreshObject 



95
96
97
98
99
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 95

def refresh
  NewRelic::Security::Agent.logger.debug "refreshing agent config"
  NewRelic::Security::Agent.config = NewRelic::Security::Agent::Configuration::Manager.new
  # TODO: add validator received config also after the new, else collector#40 throws error
end

#save_uuidObject 



101
102
103
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 101

def save_uuid
  @cache[:uuid] = generate_uuid
end

#scan_start_time=(scan_start_time) ⇒ Object 



126
127
128
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 126

def scan_start_time=(scan_start_time)
  @cache[:scan_start_time] = scan_start_time
end

#traffic_start_time=(traffic_start_time) ⇒ Object 



122
123
124
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 122

def traffic_start_time=(traffic_start_time)
  @cache[:traffic_start_time] = traffic_start_time
end

#update_port=(listen_port) ⇒ Object 



118
119
120
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 118

def update_port=(listen_port)
  @cache[:listen_port] = listen_port
end

#update_server_configObject 



105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'lib/newrelic_security/agent/configuration/manager.rb', line 105

def update_server_config
  @cache[:agent_run_id] = ::NewRelic::Agent.agent.service.agent_id
  @cache[:linking_metadata] = ::NewRelic::Agent.linking_metadata
  server_source = ::NewRelic::Agent.config.instance_variable_get(:@server_source) if defined?(::NewRelic::Agent)
  @cache[:account_id] = server_source[:account_id]
  @cache[:application_id] = server_source[:application_id]
  @cache[:entity_guid] = server_source[:entity_guid]
  @cache[:primary_application_id] = server_source[:primary_application_id]
  @cache[:extraction_key] = generate_key(@cache[:entity_guid])
rescue Exception => exception
  NewRelic::Security::Agent.logger.error "Exception in update_server_config : #{exception.inspect} #{exception.backtrace}"
end