Merge pull request #331 from newrelic/feature/apache-http-client/NR-2…

…83130 Use Apache HTTP Client for IAST Request Replay
newrelic · Nov 20, 2024 · acd7285 · acd7285
2 parents 4b5b84c + d3108a1
commit acd7285
Show file tree

Hide file tree

Showing 21 changed files with 879 additions and 463 deletions.
diff --git a/newrelic-security-agent/build.gradle b/newrelic-security-agent/build.gradle
@@ -70,14 +70,14 @@ dependencies {
     shadowIntoJar 'org.apache.commons:commons-text:1.10.0'
     shadowIntoJar 'commons-net:commons-net:3.9.0'
     shadowIntoJar 'org.apache.commons:commons-compress:1.26.0'
-    shadowIntoJar 'com.squareup.okhttp3:okhttp:4.10.0'
     shadowIntoJar 'org.apache.commons:commons-collections4:4.4'
     shadowIntoJar 'org.unbescape:unbescape:1.1.6.RELEASE'
     shadowIntoJar 'commons-codec:commons-codec:1.15'
     shadowIntoJar 'org.slf4j:slf4j-simple:1.7.30'
     shadowIntoJar 'net.openhft:zero-allocation-hashing:0.16'
     shadowIntoJar 'com.github.oshi:oshi-core:6.4.1'
     shadowIntoJar 'com.google.code.gson:gson:2.10.1'
+    shadowIntoJar 'org.apache.httpcomponents:httpclient:4.5.14'
     implementation "com.newrelic.agent.java:newrelic-api:${nrAPIVersion}"
 }
 
@@ -121,7 +121,7 @@ task relocatedShadowJar(type: ShadowJar) {
             "org.json", "com.fasterxml", "org.java_websocket", "com.google", "org.unbescape",
             "org.apache.commons", "okio", "okhttp3", "org.slf4j", "net.openhft", "oshi", "com.sun.jna",
             "kotlin", "com.damnhandy", "org.joda", "io.opentelemetry", "org.everit", "org.jetbrains", "org.intellij",
-            "org.junit", "org.hamcrest", "org.yaml", "junit"
+            "org.junit", "org.hamcrest", "org.yaml", "junit", "org.apache.http"
     ].each {
         relocate(it, "com.newrelic.agent.security.deps.$it")
     }

diff --git a/...agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java b/...agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java
@@ -7,8 +7,10 @@
 import com.newrelic.agent.security.instrumentator.utils.AgentUtils;
 import com.newrelic.agent.security.instrumentator.utils.CallbackUtils;
 import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey;
+import com.newrelic.agent.security.intcodeagent.apache.httpclient.IastHttpClient;
 import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool;
 import com.newrelic.api.agent.security.Agent;
+import com.newrelic.api.agent.security.NewRelicSecurity;
 import com.newrelic.api.agent.security.utils.logging.LogLevel;
 import com.newrelic.agent.security.intcodeagent.logging.DeployedApplication;
 import com.newrelic.agent.security.intcodeagent.models.javaagent.ExitEventBean;
@@ -23,7 +25,6 @@
 import com.newrelic.api.agent.security.schema.helper.DynamoDBRequest;
 import com.newrelic.api.agent.security.schema.operation.*;
 import org.apache.commons.lang3.StringUtils;
-import org.jetbrains.annotations.Nullable;
 import org.json.simple.JSONArray;
 import org.json.simple.JSONObject;
 import org.json.simple.parser.JSONParser;
@@ -120,6 +121,10 @@ public Object call() throws Exception {
                 return null;
             }
 
+            if(!securityMetaData.getRequest().getIsGrpc() && !isReplayEndpointConfirmed()) {
+                IastHttpClient.getInstance().tryToEstablishApplicationEndpoint(securityMetaData.getRequest());
+            }
+
             JavaAgentEventBean eventBean = prepareEvent(securityMetaData.getRequest(), securityMetaData.getMetaData(),
                     operation.getCaseType(), securityMetaData.getFuzzRequestIdentifier());
             setGenericProperties(operation, eventBean);
@@ -257,6 +262,16 @@ public Object call() throws Exception {
         return null;
     }
 
+    private boolean isReplayEndpointConfirmed() {
+        Map<Integer, ServerConnectionConfiguration> applicationConnectionConfig = NewRelicSecurity.getAgent().getApplicationConnectionConfig();
+        for (Map.Entry<Integer, ServerConnectionConfiguration> connectionConfig : applicationConnectionConfig.entrySet()) {
+            if (connectionConfig.getValue().isConfirmed()) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     private JavaAgentEventBean prepareSolrDbRequestEvent(JavaAgentEventBean eventBean, SolrDbOperation solrDbOperation) {
         JSONArray params = new JSONArray();
         JSONObject request = new JSONObject();
@@ -313,7 +328,6 @@ public boolean isPrimitiveType(Class<?> clazz) {
                 clazz == String.class;
     }
 
-    @Nullable
     private JavaAgentEventBean processFileOperationEvent(JavaAgentEventBean eventBean, FileOperation fileOperationalBean) {
         prepareFileEvent(eventBean, fileOperationalBean);
         String URL = StringUtils.substringBefore(securityMetaData.getRequest().getUrl(), QUESTION_CHAR);

diff --git a/...ent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java b/...ent/src/main/java/com/newrelic/agent/security/instrumentator/httpclient/RequestUtils.java