Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release target 1.0.8 Public Preview #140

Merged
merged 46 commits into from
Jan 10, 2024
Merged

Release target 1.0.8 Public Preview #140

merged 46 commits into from
Jan 10, 2024

Conversation

lovesh-ap
Copy link
Contributor

[1.0.8-public-preview]

Changes

  • Support for stored procedure call detection in SQL events
  • Support for extracting environment variables in case of Remote Code Execution events
  • Support for executing script file analysis in case of Remote Code Execution events
  • Enabled the transformation of the low-priority instrumentation module by default in case of IAST

Fixes

  • Incorrect user file details in the vulnerability details
  • Low severity hook event was not generated when the same url can process multiple request methods
  • Detection of server app directory to mitigate false positives for File Access vulnerability

monu-k2io and others added 26 commits November 6, 2023 18:17
@monu-k2io @IshikaDawda
Stored procedure query identification (initial poc)
1f70368 
Co-authored-by: Ishika Dawda <[email protected]>
@lovesh-ap
Support env and script file detection
786351f
@lovesh-ap
Merge branch 'feature/stored-procedure' into owasp/enchancments/syste…
3a23214 
…m-coomand
@lovesh-ap @harshit-ap
Fix event queue size check for processing
ec02922 
Co-authored-by: Harshit Singh Lodha <[email protected]>
@monu-k2io
Update Statement_Instrumentation.java
e01b871 
Stored procedure query identification
@monu-k2io
Unit test cases for stored procedure calls
57095ee
@monu-k2io @lovesh-ap
Improvements for user file and method detection
54f3136 
Co-authored-by: Lovesh Baya <[email protected]>
@harshit-ap @lovesh-ap
Fixes in UserClassEntity detection.
1105a08 
Co-authored-by: Lovesh Baya <[email protected]>
@monu-k2io @lovesh-ap
Fix for null user class entity
9738b8c 
Co-authored-by: Lovesh Baya <[email protected]>
@harshit-ap @lovesh-ap
Removed unnecessary WebServlet_Instrumentation annotation hook
d507f0b 
Co-authored-by: Lovesh Baya <[email protected]>
@lovesh-ap @harshit-ap
Take method into account for LowSeverityEvent Encountered List
b9ca586 
Add required Utils method

Co-authored-by: Harshit Singh Lodha <[email protected]>
@lovesh-ap @harshit-ap
Check for isHookProcessingActive
288ca27 
Cleanup on Agent.java

Co-authored-by: Harshit Singh Lodha <[email protected]>
@lovesh-ap @harshit-ap
add another check for empty request
2928bb4 
Co-authored-by: Harshit Singh Lodha <[email protected]>
@monu-k2io @lovesh-ap
Low priority instrumentation module enabled by default
e91fe0a 
Co-authored-by: Lovesh Baya <[email protected]>
@lovesh-ap @harshit-ap
Add app server directory path detection.
6308076 
Instrument get catalina base functions

Co-authored-by: Harshit Singh Lodha <[email protected]>
@lovesh-ap
Merge remote-tracking branch 'newrelic/owasp/enchancments/system-coom…
882df40 
…and' into owasp/enchancments/system-coomand
@harshit-ap @lovesh-ap
Changes to support applicationDirectory in agentMetaData. Updates in …
52c5dd3 
…file creation in IAST.

Co-authored-by: Lovesh Baya <[email protected]>
@lovesh-ap @harshit-ap
Add app directory path detection.
cff53bb 
Co-authored-by: Harshit Singh Lodha <[email protected]>
@lovesh-ap @harshit-ap
join app base directory with catalina base
886a269 
Co-authored-by: Harshit Singh Lodha <[email protected]>
@monu-k2io
Enable low severity hooks based on mode (enabled for IAST)
62749a7
@lovesh-ap @harshit-ap
Keep config for security.low-priority-instrumentation.enabled default…
5ed7697 
… true

Co-authored-by: Harshit Singh Lodha <[email protected]>
@lovesh-ap
Merge branch 'develop' into owasp/enchancments/system-coomand
826d32f
@lovesh-ap @harshit-ap
Remove extra statement
d90a130 
Co-authored-by: Harshit Singh Lodha <[email protected]>
@lovesh-ap @harshit-ap
Disable invalid UTs for now
49fe21d 
Co-authored-by: Harshit Singh Lodha <[email protected]>
@lovesh-ap
Merge branch 'release/v1.0.7' into owasp/enchancments/system-coomand
b2d5d71 
# Conflicts:
#	newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java
#	newrelic-security-agent/src/main/java/com/newrelic/agent/security/intcodeagent/websocket/EventSendPool.java
#	newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java
#	settings.gradle
@lovesh-ap
Release Target 1.0.8
0f0aa2f
lovesh-ap and others added 11 commits December 8, 2023 16:04
@lovesh-ap lovesh-ap self-assigned this Jan 10, 2024
harshit-ap
harshit-ap previously approved these changes Jan 10, 2024
View reviewed changes
@lovesh-ap lovesh-ap dismissed harshit-ap’s stale review January 10, 2024 17:34

The merge-base changed after approval.

harshit-ap
harshit-ap previously approved these changes Jan 10, 2024
View reviewed changes
@lovesh-ap lovesh-ap dismissed harshit-ap’s stale review January 10, 2024 17:40

The merge-base changed after approval.

@harshit-ap harshit-ap self-requested a review January 10, 2024 17:40
harshit-ap
harshit-ap previously approved these changes Jan 10, 2024
View reviewed changes
monu-k2io
monu-k2io previously approved these changes Jan 10, 2024
View reviewed changes
@lovesh-ap lovesh-ap dismissed stale reviews from monu-k2io and harshit-ap January 10, 2024 17:45

The merge-base changed after approval.

harshit-ap
harshit-ap previously approved these changes Jan 10, 2024
View reviewed changes
@harshit-ap harshit-ap dismissed their stale review January 10, 2024 17:49

The merge-base changed after approval.

@harshit-ap harshit-ap self-requested a review January 10, 2024 17:49
@lovesh-ap lovesh-ap merged commit eb3632c into main Jan 10, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harshit-ap harshit-ap harshit-ap approved these changes

@monu-k2io monu-k2io monu-k2io left review comments

Assignees

@lovesh-ap lovesh-ap

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lovesh-ap @harshit-ap @monu-k2io