Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[NR-185408] Fix for User Class Detection #237

Merged
merged 3 commits into from
Apr 29, 2024
Merged

[NR-185408] Fix for User Class Detection #237

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
5da868f
Fixed User Class Detection in Sun-net-httpserver
IshikaDawda Apr 2, 2024
211bfb3
Merge branch 'refs/heads/develop' into fix/user-class-detection
IshikaDawda Apr 22, 2024
18969ec
User class detection in sun-net-httpserver
IshikaDawda Apr 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions ...t-httpserver/src/main/java/com/sun/net/httpserver/BasicAuthenticator_Instrumentation.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
package com.sun.net.httpserver;

import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper;
import com.newrelic.api.agent.weaver.MatchType;
import com.newrelic.api.agent.weaver.Weave;
import com.newrelic.api.agent.weaver.Weaver;

@Weave(type = MatchType.BaseClass, originalName = "com.sun.net.httpserver.BasicAuthenticator")
public class BasicAuthenticator_Instrumentation {

public boolean checkCredentials (String username, String password) {
ServletHelper.registerUserLevelCode(HttpServerHelper.SUN_NET_HTTP_SERVER);
return Weaver.callOriginal();
}

public Authenticator.Result authenticate (HttpExchange t){
ServletHelper.registerUserLevelCode(HttpServerHelper.SUN_NET_HTTP_SERVER);
return Weaver.callOriginal();
}
}
2 changes: 1 addition & 1 deletion ...urity/sun-net-httpserver/src/main/java/com/sun/net/httpserver/Filter_Instrumentation.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ public void doFilter (HttpExchange exchange, Filter.Chain chain) throws IOExcept
if (isServletLockAcquired){
preprocessSecurityHook(exchange);
}
ServletHelper.registerUserLevelCode(HttpServerHelper.SUN_NET_HTTP_SERVER);
try{
Weaver.callOriginal();
} finally {
Expand Down Expand Up @@ -69,7 +70,6 @@ private void preprocessSecurityHook(HttpExchange exchange) {
}

securityRequest.setContentType(HttpServerHelper.getContentType(exchange.getRequestHeaders()));
ServletHelper.registerUserLevelCode("sun-net-http-server");
securityRequest.setRequestParsed(true);
} catch (Throwable e){
NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, HttpServerHelper.SUN_NET_HTTPSERVER, e.getMessage()), e, this.getClass().getName());
Expand Down
3 changes: 1 addition & 2 deletions .../sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpHandler_Instrumentation.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ public void handle (HttpExchange exchange) throws IOException {
if (isServletLockAcquired){
preprocessSecurityHook(exchange);
}
ServletHelper.registerUserLevelCode(HttpServerHelper.SUN_NET_HTTP_SERVER);
try{
Weaver.callOriginal();
} finally {
Expand Down Expand Up @@ -69,8 +70,6 @@ private void preprocessSecurityHook(HttpExchange exchange) {
}

securityRequest.setContentType(HttpServerHelper.getContentType(exchange.getRequestHeaders()));

ServletHelper.registerUserLevelCode("sun-net-http-server");
securityRequest.setRequestParsed(true);
} catch (Throwable e){
NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, HttpServerHelper.SUN_NET_HTTPSERVER, e.getMessage()), e, this.getClass().getName());
Expand Down
1 change: 1 addition & 0 deletions ...on-security/sun-net-httpserver/src/main/java/com/sun/net/httpserver/HttpServerHelper.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ public class HttpServerHelper {
private static final String REQUEST_INPUTSTREAM_HASH = "REQUEST_INPUTSTREAM_HASH";
public static final String SUN_NET_READER_OPERATION_LOCK = "SUN_NET_READER_OPERATION_LOCK-";
public static final String HTTP_METHOD = "*";
public static final String SUN_NET_HTTP_SERVER = "sun-net-http-server";

public static void processHttpRequestHeaders(Headers headers, HttpRequest securityRequest){
for (String headerKey : headers.keySet()) {
Expand Down
2 changes: 1 addition & 1 deletion .../src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ public static boolean registerUserLevelCode(String frameworkName, boolean asyncC
return false;
}
SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData();
if (!securityMetaData.getMetaData().isUserLevelServiceMethodEncountered(frameworkName) || !securityMetaData.getMetaData().isFoundAnnotedUserLevelServiceMethod()) {
if (!securityMetaData.getMetaData().isFoundAnnotedUserLevelServiceMethod()) {
securityMetaData.getMetaData().setUserLevelServiceMethodEncountered(true);
securityMetaData.getMetaData().setUserLevelServiceMethodEncounteredFramework(frameworkName);
StackTraceElement[] trace = Thread.currentThread().getStackTrace();
Expand Down
Loading