trim response body for RXSS and change json name for http response event

newrelic · Nov 16, 2024 · cac35d4 · cac35d4
1 parent f2b0c71
commit cac35d4
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/...y-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/CallbackUtils.java b/...y-agent/src/main/java/com/newrelic/agent/security/instrumentator/utils/CallbackUtils.java
@@ -1,6 +1,7 @@
 package com.newrelic.agent.security.instrumentator.utils;
 
 import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool;
+import com.newrelic.agent.security.intcodeagent.utils.TransactionUtils;
 import com.newrelic.api.agent.security.utils.logging.LogLevel;
 import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper;
 import com.newrelic.api.agent.security.schema.HttpRequest;
@@ -56,6 +57,8 @@ public class CallbackUtils {
     public static Set<String> checkForReflectedXSS(HttpRequest httpRequest, HttpResponse httpResponse) {
         Set<String> toReturn = new HashSet<>();
 
+        TransactionUtils.trimResponseBody(httpResponse);
+
         Set<String> combinedRequestData = decodeRequestData(httpRequest);
         if (combinedRequestData.isEmpty()) {
             toReturn.add(StringUtils.EMPTY);

diff --git a/...c/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/AgentBasicInfo.java b/...c/main/java/com/newrelic/agent/security/intcodeagent/models/javaagent/AgentBasicInfo.java
@@ -31,7 +31,7 @@ public class AgentBasicInfo {
 
     public static final String APPLICATION_RUNTIME_ERROR = "application-runtime-error";
 
-    public static final String SEC_HTTP_RESPONSE = "sec_http_response";
+    public static final String SEC_HTTP_RESPONSE = "sec-http-response";
 
     /**
      * Tool id for Language Agent.

diff --git a/...-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/TransactionUtils.java b/...-agent/src/main/java/com/newrelic/agent/security/intcodeagent/utils/TransactionUtils.java
@@ -36,7 +36,7 @@ public static void reportHttpResponse() {
         }
     }
 
-    private static boolean trimResponseBody(HttpResponse response) {
+    public static boolean trimResponseBody(HttpResponse response) {
         if(response.getBody().length() > HttpResponse.MAX_ALLOWED_RESPONSE_BODY_LENGTH) {
             response.setBody(new StringBuilder(response.getBody().substring(0, HttpResponse.MAX_ALLOWED_RESPONSE_BODY_LENGTH)));
             response.setBody(new StringBuilder(response.getBody().append("...")));