Skip to content

Commit

Permalink
Merge pull request #19017 from newrelic/daily-release/Oct-18-2024-8_50
Browse files Browse the repository at this point in the history
Daily release/oct 18 2024 8 50
  • Loading branch information
jeff-colucci authored Oct 19, 2024
2 parents 64401a2 + ba112c9 commit 85688ee
Show file tree
Hide file tree
Showing 4 changed files with 115 additions and 116 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -1553,7 +1553,7 @@ Keep in mind that changing your settings in your local agent configuration file

If you're using a [supported logging framework](/docs/logs/logs-context/configure-logs-context-php), you can direct the agent to forward your app logs to New Relic.

* `newrelic.application_logging.forward.enabled` enables or disables log forwarding
* `newrelic.application_logging.forwarding.enabled` enables or disables log forwarding
* `newrelic.application_logging.forwarding.max_samples_stored` limits how many logs your app forwards to New Relic
* `newrelic.application_logging.forwarding.log_level` lets you choose what kinds of logs your app forwards to New Relic

Expand Down
193 changes: 95 additions & 98 deletions src/content/docs/iast/iast-configuration.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@ Open the `newrelic.yml` configuration file to set the `scan_schedule` parameters
```yml
security:
scan_schedule:
delay: 0 #In minutes, default is 0 min
duration: 0 #In minutes, default is forever
schedule: "" #Cron Expression to define start time
always_sample_traces: false #regardless of scan schedule
delay: 0 # In minutes, default is 0 min
duration: 0 # In minutes, default is forever
schedule: "" # Cron Expression to define start time
always_sample_traces: false # regardless of scan schedule
```
<CollapserGroup>
Expand Down Expand Up @@ -83,10 +83,10 @@ security:
To schedule IAST to start 30 minutes after the application starts and run for 300 minutes, you should set the delay to 30 and the duration to 300.

```yml
security:
scan_schedule:
delay: 30 #In minutes, default is 0 min
duration: 300 #In minutes, default is forever
security:
scan_schedule:
delay: 30 # In minutes, default is 0 min
duration: 300 # In minutes, default is forever
```
</Collapser>
<Collapser
Expand All @@ -96,9 +96,9 @@ security:
To schedule IAST to run at a specific time, set the schedule to a cron expression that represents the desired time. For example, to schedule the IAST to run every day at midnight, you would set the schedule to `"0 0 0 * * ?"`.

```yml
security:
scan_schedule:
schedule: "0 0 0 * * ?" #By default, schedule is inactive
security:
scan_schedule:
schedule: "0 0 0 * * ?" # By default, schedule is inactive
```

<Callout variant="important">
Expand All @@ -113,10 +113,10 @@ security:
If you want IAST to always sample traces, you would set `always_sample_traces` to `true`. By default, this is set to `false`, which means that IAST only samples traces within the active scan window.

```yml
security:
scan_schedule:
delay: 30 #In minutes, default is 0 min
always_sample_traces: true #regardless of scan schedule
security:
scan_schedule:
delay: 30 # In minutes, default is 0 min
always_sample_traces: true # regardless of scan schedule
```

</Collapser>
Expand Down Expand Up @@ -157,10 +157,10 @@ You can ignore specific APIs from IAST analysis by adding them to the API sectio
This is the format for specifying APIs:

```yml
exclude_from_iast_scan:
api:
- .*account.*
- .*/\api\/v1\/.*?\/login
exclude_from_iast_scan:
api:
- .*account.*
- .*/\api\/v1\/.*?\/login
```

For example:
Expand All @@ -182,16 +182,18 @@ You can ignore specific HTTP request parameters from IAST analysis by adding the
This is a list of HTTP header keys. If a request includes any headers with these keys, the corresponding IAST scan will be skipped. For example, if you have a curl request with headers and you want to skip IAST scanning on the `X-Forwarded-For` header, you can pass this configuration:

```bash
curl -X POST -H "X-Forwarded-For: 123.456.789.012" -H "Content-Type: application/x-www-form-urlencoded" -d "param1=value1&param2=value2" http://example.com
curl -X POST -H "X-Forwarded-For: 123.456.789.012" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "param1=value1&param2=value2" http://example.com
```

You can use this configuration:

```yml
exclude_from_iast_scan:
http_request_parameters:
header:
- X-Forwarded-For
exclude_from_iast_scan:
http_request_parameters:
header:
- X-Forwarded-For
```

</Collapser>
Expand All @@ -203,17 +205,17 @@ You can ignore specific HTTP request parameters from IAST analysis by adding the
This is a list of query parameter keys. The presence of these parameters in the query string of the request will cause the IAST scan to be skipped. For example, if you have a curl request with query parameters and you want to skip IAST scanning on the `customerID` and `username` query parameters, you can pass this configuration:

```bash
curl --location --request GET 'localhost:8080/sql/save?firstName=test&lastName=user&customerID=testuser&username=test123'
curl --location --request GET 'localhost:8080/sql/save?firstName=test&lastName=user&customerID=testuser&username=test123'
```

You can use this configuration:

```yml
exclude_from_iast_scan:
http_request_parameters:
query:
- username
- customerID
exclude_from_iast_scan:
http_request_parameters:
query:
- username
- customerID
```

</Collapser>
Expand All @@ -229,37 +231,37 @@ You can ignore specific HTTP request parameters from IAST analysis by adding the
This is a curl example for JSON content type when you have a curl request with JSON body, and you want to skip IAST scanning on `customerID` and `firstName`.

```bash
curl --location --request POST 'localhost:8080/application/json/post' \
curl --location --request POST 'localhost:8080/application/json/post' \
--header 'Content-Type: application/json' \
--data '{
"path": "sample.txt",
"script":"testscript",
"customerID":"GREAL",
"name": {
"firstName": "john",
"lastName": "wick"
},
"url":"http://example.com",
"cmd":"ls"
"path": "sample.txt",
"script":"testscript",
"customerID":"GREAL",
"name": {
"firstName": "john",
"lastName": "wick"
},
"url":"http://example.com",
"cmd":"ls"
}'
```

You can use this configuration:

```yml
exclude_from_iast_scan:
http_request_parameters:
body:
- customerID
- name.firstName
exclude_from_iast_scan:
http_request_parameters:
body:
- customerID
- name.firstName
```

#### Example for XML Content-Type

This is a curl request with XML body, and you want to skip IAST scanning on `customerID` and `username`.

```bash
curl --location 'localhost:8080/application/xml/post' \
curl --location 'localhost:8080/application/xml/post' \
--header 'Content-Type: application/xml' \
--data '<?xml version="1.0" encoding="UTF-8" ?>
<AppData>
Expand All @@ -277,30 +279,30 @@ You can ignore specific HTTP request parameters from IAST analysis by adding the
You can use this configuration:

```yml
exclude_from_iast_scan:
http_request_parameters:
body:
- AppData.customerID
- AppData.username
exclude_from_iast_scan:
http_request_parameters:
body:
- AppData.customerID
- AppData.username
```

#### Example Form-URL-Encoded Content-Type

This is a curl request with Form-URL-Encoded body, and you want to skip IAST scanning on `customerID` and `username`.

```bash
curl --location 'localhost:8080/application/urlencode/post' \
curl --location 'localhost:8080/application/urlencode/post' \
--header 'Content-Type: application/x-www-form-urlencoded' \
-d 'name=madhav&path=sample.txt&customerID=GREAL&script=K2&url=http://example.com&username=bob&firstName=Aliko&cmd=ls'
```

You can use this configuration:

```yml
http_request_parameters:
body:
- customerID
- username
http_request_parameters:
body:
- customerID
- username
```

<Callout variant="tip">
Expand All @@ -318,18 +320,18 @@ The `iast_detection_category` setting allows users to specify categories of vuln
See this example to skip scanning for SQL Injection and SSRF. The `sql_injection` and `ssrf` parameters are set to `true`:

```yml
exclude_from_iast_scan:
iast_detection_category:
insecure_settings: false
invalid_file_access: false
sql_injection: true
nosql_injection: false
ldap_injection: false
javascript_injection: false
command_injection: false
xpath_injection: false
ssrf: true
rxss: false
exclude_from_iast_scan:
iast_detection_category:
insecure_settings: false
invalid_file_access: false
sql_injection: true
nosql_injection: false
ldap_injection: false
javascript_injection: false
command_injection: false
xpath_injection: false
ssrf: true
rxss: false
```

<Callout variant="tip">
Expand All @@ -339,32 +341,32 @@ See this example to skip scanning for SQL Injection and SSRF. The `sql_injection
You can use this combined configuration:

```yml
security:
security:
enabled: true
scan_schedule:
delay: 0 # In minutes, default is 0 min
duration: 0 # In minutes, default will be forever
#schedule: "" # Cron Expression to define start time
always_sample_traces: false # continuously collect samples
exclude_from_iast_scan:
api: []
http_request_parameters:
header: []
query: []
body: []
iast_detection_category:
insecure_settings: false
invalid_file_access: false
sql_injection: false
nosql_injection: false
ldap_injection: false
javascript_injection: false
command_injection: false
xpath_injection: false
ssrf: false
rxss: false
agent:
enabled: true
scan_schedule:
delay: 0 #In minutes, default is 0 min
duration: 0 #In minutes, default will be forever
#schedule: "" #Cron Expression to define start time
always_sample_traces: false #continuously collect samples
exclude_from_iast_scan:
api: []
http_request_parameters:
header: []
query: []
body: []
iast_detection_category:
insecure_settings: false
invalid_file_access: false
sql_injection: false
nosql_injection: false
ldap_injection: false
javascript_injection: false
command_injection: false
xpath_injection: false
ssrf: false
rxss: false
agent:
enabled: true
```

## IAST scan controllers [#iast-scan-controllers]
Expand All @@ -373,8 +375,3 @@ You can use this combined configuration:
### IAST scan rate limit [#iast-scan-rate-limit]

IAST scan rate limit settings limit the maximum number of analysis probes or requests that can be sent to the application in one minute. The default IAST scan rate limit is set to a minimum of 12 replay requests per minute and a maximum of 3,600 replay requests per minute.





17 changes: 9 additions & 8 deletions src/content/docs/iast/troubleshooting.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,8 @@ If you don't find your problem listed here, you can always reach out to [New Rel
You can update the `appId` in the below query and run it in the query builder to find all the vulnerabilities reported for your application.

```sql
SELECT * FROM Vulnerability WHERE issueType = 'Application Vulnerability' AND appId = '{your application's appId}'
SELECT * FROM Vulnerability
WHERE issueType = 'Application Vulnerability' AND appId = YOU_APPLICATION_ID
```
</Collapser>

Expand Down Expand Up @@ -193,7 +194,7 @@ If you don't find your problem listed here, you can always reach out to [New Rel

For instance, let's suppose that your application is using libraries for [Mongo DB](http://go.mongodb.org/mongo-driver/mongo). For this specific library, you need to import this [instrumentation package](https://github.com/newrelic/csec-go-agent/tree/main/instrumentation/csec_mongodb_mongo) from newrelic:
```
```go
import (
"github.com/newrelic/go-agent/v3/integrations/nrsecurityagent"
"github.com/newrelic/go-agent/v3/newrelic"
Expand All @@ -208,8 +209,8 @@ If you don't find your problem listed here, you can always reach out to [New Rel

* If you're opening an HTTP protocol endpoint, place the `newrelic.WrapListen` function around the endpoint name to enable vulnerability scanning against that endpoint:
```
http.ListenAndServe(newrelic.WrapListen(":<YOUR PORT NUMBER>"), nil)
```go
http.ListenAndServe(newrelic.WrapListen(":YOUR_PORT_NUMBER"), nil)
```
<Callout variant="important">
Expand All @@ -227,16 +228,16 @@ If you don't find your problem listed here, you can always reach out to [New Rel

* Disable low-priority-instrumentation from security config:

```
```yml
low-priority-instrumentation:
enabled: false
enabled: false
```

* Exclude low-priority-instrumentation class from the class transformer. To do this, add the given lines in the `class_transformer` section of the config file:

```
```yml
com.newrelic.instrumentation.security.low-priority-instrumentation:
enabled: false
enabled: false
```
</Collapser>

Expand Down
Loading

0 comments on commit 85688ee

Please sign in to comment.