From 2687f085bbbda27403f87e1f89dbdbee2b4171d5 Mon Sep 17 00:00:00 2001 From: jasonjkeller Date: Fri, 22 Sep 2023 13:32:07 -0700 Subject: [PATCH] Add new config to SecurityAgentConfig class. Add test. --- .../newrelic/agent/config/SecurityAgentConfig.java | 14 ++++++++++++++ newrelic-agent/src/main/resources/newrelic.yml | 4 ++-- .../agent/config/SecurityAgentConfigTest.java | 13 ++++++++++++- 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/newrelic-agent/src/main/java/com/newrelic/agent/config/SecurityAgentConfig.java b/newrelic-agent/src/main/java/com/newrelic/agent/config/SecurityAgentConfig.java index 0684d31b8a..219ce36cbe 100644 --- a/newrelic-agent/src/main/java/com/newrelic/agent/config/SecurityAgentConfig.java +++ b/newrelic-agent/src/main/java/com/newrelic/agent/config/SecurityAgentConfig.java @@ -14,6 +14,8 @@ * * security: * enabled: false + * low-priority-instrumentation: + * enabled: false * mode: IAST * validator_service_url: wss://csec.nr-data.net * agent: @@ -31,6 +33,8 @@ public class SecurityAgentConfig { public static final boolean SECURITY_AGENT_ENABLED_DEFAULT = false; public static final String SECURITY_ENABLED = "security.enabled"; public static final boolean SECURITY_ENABLED_DEFAULT = false; + public static final String SECURITY_LOW_PRIORITY_INSTRUMENTATION_ENABLED = "security.low-priority-instrumentation.enabled"; + public static final boolean SECURITY_LOW_PRIORITY_INSTRUMENTATION_ENABLED_DEFAULT = false; public static final String SECURITY_MODE = "security.mode"; public static final String SECURITY_MODE_DEFAULT = "IAST"; public static final String SECURITY_VALIDATOR_SERVICE_URL = "security.validator_service_url"; @@ -130,4 +134,14 @@ public static String getSecurityAgentValidatorServiceUrl() { public static String getSecurityAgentMode() { return config.getValue(SECURITY_MODE, SECURITY_MODE_DEFAULT); } + + /** + * Determines whether the security agent low priority attack/vulnerability modules will instrument or not. + * + * @return True if security agent should instrument low priority attack/vulnerability modules, false if it should not + */ + public static boolean isSecurityLowPriorityInstrumentationEnabled() { + return config.getValue(SECURITY_LOW_PRIORITY_INSTRUMENTATION_ENABLED, SECURITY_LOW_PRIORITY_INSTRUMENTATION_ENABLED_DEFAULT); + } + } diff --git a/newrelic-agent/src/main/resources/newrelic.yml b/newrelic-agent/src/main/resources/newrelic.yml index 0b18849db4..1c09af1f31 100644 --- a/newrelic-agent/src/main/resources/newrelic.yml +++ b/newrelic-agent/src/main/resources/newrelic.yml @@ -385,8 +385,8 @@ common: &default_settings # true, the security module will run but data will not be sent. Default is false. enabled: false - #Determines whether the low priority attack/vulnerability modules will instrument or not. - #When this is disabled instrumentation of such modules will be skipped and vice versa, default is false. + # Determines whether the low priority attack/vulnerability modules will instrument or not. + # When this is disabled instrumentation of such modules will be skipped and vice versa, default is false. low-priority-instrumentation: enabled: false diff --git a/newrelic-agent/src/test/java/com/newrelic/agent/config/SecurityAgentConfigTest.java b/newrelic-agent/src/test/java/com/newrelic/agent/config/SecurityAgentConfigTest.java index 87bd0d6240..00d4570808 100644 --- a/newrelic-agent/src/test/java/com/newrelic/agent/config/SecurityAgentConfigTest.java +++ b/newrelic-agent/src/test/java/com/newrelic/agent/config/SecurityAgentConfigTest.java @@ -3,7 +3,6 @@ import com.newrelic.api.agent.Agent; import com.newrelic.api.agent.NewRelic; import org.junit.AfterClass; -import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.mockito.MockedStatic; @@ -18,6 +17,8 @@ import static com.newrelic.agent.config.SecurityAgentConfig.SECURITY_DETECTION_RXSS_ENABLED_DEFAULT; import static com.newrelic.agent.config.SecurityAgentConfig.SECURITY_ENABLED; import static com.newrelic.agent.config.SecurityAgentConfig.SECURITY_ENABLED_DEFAULT; +import static com.newrelic.agent.config.SecurityAgentConfig.SECURITY_LOW_PRIORITY_INSTRUMENTATION_ENABLED; +import static com.newrelic.agent.config.SecurityAgentConfig.SECURITY_LOW_PRIORITY_INSTRUMENTATION_ENABLED_DEFAULT; import static com.newrelic.agent.config.SecurityAgentConfig.SECURITY_MODE; import static com.newrelic.agent.config.SecurityAgentConfig.SECURITY_MODE_DEFAULT; import static com.newrelic.agent.config.SecurityAgentConfig.SECURITY_VALIDATOR_SERVICE_URL; @@ -152,4 +153,14 @@ public void getSecurityAgentMode_returnsCorrectMode() { when(mockConfig.getValue(SECURITY_MODE, SECURITY_MODE_DEFAULT)).thenReturn("mode"); assertEquals("mode", SecurityAgentConfig.getSecurityAgentMode()); } + + @Test + public void isSecurityLowPriorityInstrumentationEnabled_returnsCorrectEnabledFlag() { + when(mockConfig.getValue(SECURITY_LOW_PRIORITY_INSTRUMENTATION_ENABLED, SECURITY_LOW_PRIORITY_INSTRUMENTATION_ENABLED_DEFAULT)).thenReturn(true); + assertTrue(SecurityAgentConfig.isSecurityLowPriorityInstrumentationEnabled()); + + when(mockConfig.getValue(SECURITY_LOW_PRIORITY_INSTRUMENTATION_ENABLED, SECURITY_LOW_PRIORITY_INSTRUMENTATION_ENABLED_DEFAULT)).thenReturn(false); + assertFalse(SecurityAgentConfig.isSecurityLowPriorityInstrumentationEnabled()); + } + }