Merge pull request #237 from newrelic/fix/user-class-detection

[NR-185408] Fix for User Class Detection for sun-net-httpserver
newrelic · Apr 29, 2024 · 5e00b67 · 5e00b67
2 parents bda7ee0 + 18969ec
commit 5e00b67
Show file tree

Hide file tree

Showing 5 changed files with 24 additions and 4 deletions.
diff --git a/...t-httpserver/src/main/java/com/sun/net/httpserver/BasicAuthenticator_Instrumentation.java b/...t-httpserver/src/main/java/com/sun/net/httpserver/BasicAuthenticator_Instrumentation.java
@@ -0,0 +1,20 @@
+package com.sun.net.httpserver;
+
+import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper;
+import com.newrelic.api.agent.weaver.MatchType;
+import com.newrelic.api.agent.weaver.Weave;
+import com.newrelic.api.agent.weaver.Weaver;
+
+@Weave(type = MatchType.BaseClass, originalName = "com.sun.net.httpserver.BasicAuthenticator")
+public class BasicAuthenticator_Instrumentation {
+
+    public boolean checkCredentials (String username, String password) {
+        ServletHelper.registerUserLevelCode(HttpServerHelper.SUN_NET_HTTP_SERVER);
+        return Weaver.callOriginal();
+    }
+
+    public Authenticator.Result authenticate (HttpExchange t){
+        ServletHelper.registerUserLevelCode(HttpServerHelper.SUN_NET_HTTP_SERVER);
+        return Weaver.callOriginal();
+    }
+}
diff --git a/...urity/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java b/...urity/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java
@@ -24,6 +24,7 @@ public void doFilter (HttpExchange exchange, Filter.Chain chain) throws IOExcept
         if (isServletLockAcquired){
             preprocessSecurityHook(exchange);
         }
+        ServletHelper.registerUserLevelCode(HttpServerHelper.SUN_NET_HTTP_SERVER);
         try{
             Weaver.callOriginal();
         } finally {
@@ -69,7 +70,6 @@ private void preprocessSecurityHook(HttpExchange exchange) {
             }
 
             securityRequest.setContentType(HttpServerHelper.getContentType(exchange.getRequestHeaders()));
-            ServletHelper.registerUserLevelCode("sun-net-http-server");
             securityRequest.setRequestParsed(true);
         } catch (Throwable e){
             NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, HttpServerHelper.SUN_NET_HTTPSERVER, e.getMessage()), e, this.getClass().getName());

diff --git a/.../sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java b/.../sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java
@@ -24,6 +24,7 @@ public void handle (HttpExchange exchange) throws IOException {
         if (isServletLockAcquired){
             preprocessSecurityHook(exchange);
         }
+        ServletHelper.registerUserLevelCode(HttpServerHelper.SUN_NET_HTTP_SERVER);
         try{
             Weaver.callOriginal();
         } finally {
@@ -69,8 +70,6 @@ private void preprocessSecurityHook(HttpExchange exchange) {
             }
 
             securityRequest.setContentType(HttpServerHelper.getContentType(exchange.getRequestHeaders()));
-
-            ServletHelper.registerUserLevelCode("sun-net-http-server");
             securityRequest.setRequestParsed(true);
         } catch (Throwable e){
             NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, HttpServerHelper.SUN_NET_HTTPSERVER, e.getMessage()), e, this.getClass().getName());

diff --git a/...on-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpServerHelper.java b/...on-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpServerHelper.java
@@ -24,6 +24,7 @@ public class HttpServerHelper {
     private static final String REQUEST_INPUTSTREAM_HASH = "REQUEST_INPUTSTREAM_HASH";
     public static final String SUN_NET_READER_OPERATION_LOCK = "SUN_NET_READER_OPERATION_LOCK-";
     public static final String HTTP_METHOD = "*";
+    public static final String SUN_NET_HTTP_SERVER = "sun-net-http-server";
 
     public static void processHttpRequestHeaders(Headers headers, HttpRequest securityRequest){
         for (String headerKey : headers.keySet()) {

diff --git a/.../src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java b/.../src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java
@@ -163,7 +163,7 @@ public static boolean registerUserLevelCode(String frameworkName, boolean asyncC
                 return false;
             }
             SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData();
-            if (!securityMetaData.getMetaData().isUserLevelServiceMethodEncountered(frameworkName) || !securityMetaData.getMetaData().isFoundAnnotedUserLevelServiceMethod()) {
+            if (!securityMetaData.getMetaData().isFoundAnnotedUserLevelServiceMethod()) {
                 securityMetaData.getMetaData().setUserLevelServiceMethodEncountered(true);
                 securityMetaData.getMetaData().setUserLevelServiceMethodEncounteredFramework(frameworkName);
                 StackTraceElement[] trace = Thread.currentThread().getStackTrace();