Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IAST troubleshooting re-writes #19330

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
title: Application stability issue
tags:
- IAST
- New Relic IAST
- Troubleshooting
metaDescription: Troubleshoot application stability issues in New Relic platform.
freshnessValidatedDate: 2024-07-16
---

## Problem

Your application isn't stable during high traffic and you are facing latency issues.

## Solution

Your application may show some latency for some time as part of IAST during high traffic. This should resolve within a few minutes after it finishes the IAST test.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"the IAST test"....should just be "...finishes IAST"

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Start the sentence with "When there is high traffic, your application...."

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done


You can also check the snapshot log file in the `nr-security-home/logs/snapshots` folder. The log file shows you the status of the security agent, resource usage, and the last five errors.
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
---
title: No vulnerabilities detected for Golang application
tags:
- IAST
- New Relic IAST
- Troubleshooting
metaDescription: Troubleshoot Golang application if no vulnerabilities are detected.
freshnessValidatedDate: 2024-07-16
---

## Problem

You don't see any vulnerability for your Golang application.

## Solution

- For Golang, ensure that you imported the required instrumentation packages of libraries and frameworks.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this a bullet point? We normally don't create a list with just one bullet.


For example, your application is using libraries for [Mongo DB](http://go.mongodb.org/mongo-driver/mongo). For this specific library, you need to import this [instrumentation package](https://github.com/newrelic/csec-go-agent/tree/main/instrumentation/csec_mongodb_mongo) from newrelic:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check capitalization of newrelic

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"...Mongo DB, then you must import the instrumentation package library..."

Check capitlaizaton for all proper nouns


```
import (
"github.com/newrelic/go-agent/v3/integrations/nrsecurityagent"
"github.com/newrelic/go-agent/v3/newrelic"
"github.com/newrelic/csec-go-agent/instrumentation/csec_mongodb_mongo"
"go.mongodb.org/mongo-driver/mongo"
)
```

Depending on you application requierement, you might have to import additional packages. Check our [list of supported packages](https://github.com/newrelic/csec-go-agent#instrumentation-packages).

Check notice on line 30 in src/content/docs/iast/troubleshooting/unable-to-detect-vulnerabilities-for-golang-application.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unable-to-detect-vulnerabilities-for-golang-application.mdx#L30

[new-relic.ComplexWords] Consider using 'more' or 'extra' instead of 'additional'.
Raw output
{"message": "[new-relic.ComplexWords] Consider using 'more' or 'extra' instead of 'additional'.", "location": {"path": "src/content/docs/iast/troubleshooting/unable-to-detect-vulnerabilities-for-golang-application.mdx", "range": {"start": {"line": 30, "column": 73}}}, "severity": "INFO"}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Depending on the requirements of your package, you may....


Also, make sure you imported the corresponding [package](https://github.com/newrelic/go-agent?tab=readme-ov-file#service-frameworks) for each module.

- For HTTP protocol endpoint, use the following `newrelic.WrapListen` function to enable vulnerability scanning against the endpoint:

```
http.ListenAndServe(newrelic.WrapListen(":<YOUR PORT NUMBER>"), nil)
```

<Callout variant="important">
You can skip this step if you're on a Linux environment.
</Callout>

- For a specific case of outbound HTTP request or calls to external services, you need to [update your application method](/docs/apm/agents/go-agent/instrumentation/instrument-go-segments/#go-external-segments).
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
title: Unable to find known vulnerabilities
tags:
- IAST
- New Relic IAST
- Troubleshooting
metaDescription: Unable to find known vulnerabilities
freshnessValidatedDate: 2024-07-16
---

## Problem

I tested an application with known vulnerabilities, but IAST couldn't detect any vulnerability.

Check warning on line 13 in src/content/docs/iast/troubleshooting/unable-to-find-known-vulnerabilities.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unable-to-find-known-vulnerabilities.mdx#L13

[Microsoft.FirstPerson] Use first person (such as 'I') sparingly.
Raw output
{"message": "[Microsoft.FirstPerson] Use first person (such as 'I') sparingly.", "location": {"path": "src/content/docs/iast/troubleshooting/unable-to-find-known-vulnerabilities.mdx", "range": {"start": {"line": 13, "column": 1}}}, "severity": "WARNING"}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The use of first person is inconsistent with the other "Problem" sections



## Solution

IAST starts testing when it detects some traffic, so check if your application works out or has any traffic directed at it. Perform the app's UI or API endpoints.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does "works out" mean?

Also, IAST requires restarting the application after it's enabled.


Ensure that you are using a [supported application framework](https://docs.newrelic.com/docs/new-relic-solutions/new-relic-one/install-configure/compatibility-requirements-new-relic-agents-products/) and the [latest instrumentation package](https://github.com/newrelic/csec-go-agent#instrumentation-packages) for your application.


## Cause

These are the possible reasons IAST isn't detecting any known vulnerabilities:

- IAST doesn't support application framework.

- There is no instrumentation for the module.

- The agent hasn't been restarted after IAST has been installed or configured.

- No traffic is detected.
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
---
title: Unable to see application
tags:
- IAST
- New Relic IAST
- Troubleshooting
metaDescription: Unable to find my application in the New Relic UI.
freshnessValidatedDate: 2024-07-16
---

## Problem

I don't see my application in the New Relic UI.

Check warning on line 13 in src/content/docs/iast/troubleshooting/unable-to-see-application.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unable-to-see-application.mdx#L13

[Microsoft.FirstPerson] Use first person (such as 'I') sparingly.
Raw output
{"message": "[Microsoft.FirstPerson] Use first person (such as 'I') sparingly.", "location": {"path": "src/content/docs/iast/troubleshooting/unable-to-see-application.mdx", "range": {"start": {"line": 13, "column": 1}}}, "severity": "WARNING"}

Check warning on line 13 in src/content/docs/iast/troubleshooting/unable-to-see-application.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unable-to-see-application.mdx#L13

[Microsoft.FirstPerson] Use first person (such as 'my') sparingly.
Raw output
{"message": "[Microsoft.FirstPerson] Use first person (such as 'my') sparingly.", "location": {"path": "src/content/docs/iast/troubleshooting/unable-to-see-application.mdx", "range": {"start": {"line": 13, "column": 13}}}, "severity": "WARNING"}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above




## Solution

If you don't see your application in <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>, check the following:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bullets here are not parallel. Please reach each as a continuation of "...check the following"


- Your application is up and running. Check the application process or the [APM & Services page](/docs/alerts-applied-intelligence/new-relic-alerts/advanced-alerts/advanced-techniques/view-events-their-products#products).
- The application's logs to find out if there's a problem.
- The version of your APM agent and udpate it if needed.
- The `newrelic.yml` config file includes the modification of the parameters as indicated on the [install page](/docs/iast/install).
- Go to the `nr-security-home/logs` directory and find the `[SETP-8]` line in the `LANGUAGE-security-collector-init.log` file. Check if there is an unexpected error and check what failed.
- The application has traffic. Generate some traffic to allow IAST to test your application.
- Proxy or firewall blocking access. Whitelist the following IPs `3.134.136.130, 18.219.177.104, 18.117.21.106` for the domain <DNT>**csec.nr-data.net**</DNT>, the following IPs `3.130.22.102, 3.138.243.136, 3.139.218.150` for the domain <DNT>**csec-gov.nr-data.net**</DNT> and the following IPs `18.185.235.118, 3.125.193.113, 3.75.166.122` for the domain <DNT>**csec.eu01.nr-data.net**</DNT>. But our recommendation is to add domains in the whitelist instead of the IPs as these IPs are bound to change anytime.
- The TLS certificate is correct. Add Let's Encrypt CA certificate (download from [Let's Encrypt Certificates](https://letsencrypt.org/certificates/#root-certificates)) to your local trust store. Include both the root certificates and the intermediate ones (ISRG Root X1 & Let's Encrypt R3) to establish the complete chain of trust.
- Your application's framework or vulnerability category is supported.

## Cause

Possible reasons for not finding your application in the New Relic UI are:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

None of these bullets should have a period at the end

* A wrong version of the APM agent.
* IAST flags being disabled.

Check notice on line 35 in src/content/docs/iast/troubleshooting/unable-to-see-application.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unable-to-see-application.mdx#L35

[Microsoft.Passive] 'being disabled' looks like passive voice.
Raw output
{"message": "[Microsoft.Passive] 'being disabled' looks like passive voice.", "location": {"path": "src/content/docs/iast/troubleshooting/unable-to-see-application.mdx", "range": {"start": {"line": 35, "column": 14}}}, "severity": "INFO"}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

...flags are...

* Proxy or Firewall blocking access.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

firewall

* Wrong TLS Certificate.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

certificate

* Lack of traffic on the application.
* Any unexpected error.
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
---
title: Unable to find expected vulnerabilities in the UI
tags:
- IAST
- New Relic IAST
- Troubleshooting
metaDescription: Troubleshoot errors if you don't see the vulnerabilities in New Relic platform.
freshnessValidatedDate: 2024-07-16
---

## Problem
you can see your application in the New Relic UI and the security agent successfully started IAST, but you don't see vulnerabilities in the UI.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You


## Solution

If this is a new app, firewalls could be preventing it from communicating with the New Relic platform. Check the service stats section in the file with the latest timestamp in `nr-security-home/logs/snapshots`. All six items in that list should say OK. If they don't, review the logs for more info or reach out to [New Relic Support](https://support.newrelic.com). You can also see the [standard firewall documentation](/docs/new-relic-solutions/get-started/networks/).
Copy link
Contributor

@vpayyapilly vpayyapilly Nov 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Second sentence:

  • Start with "In the file with the latest..."
  • Check capitlaization of "service stats" in the UI

Copy link
Contributor

@vpayyapilly vpayyapilly Nov 28, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Last sentence "refer to" instead of "see"



If you have configured your firewall correctly, check the following:

* **The level of efficiency for your application:** Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and check the summary section. If IAST analysis coverage is low for your application, add more test cases to your application to get a higher level of testing efficiency.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check capitalization of "summary" in "the summary section"


* **The IAST coverage:** Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and click to view the summary section. Under the summary section, check if IAST analysis coverage is high and no vulnerabilities are detected, that means your application is secure.

Check notice on line 23 in src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx#L23

[Microsoft.Passive] 'are detected' looks like passive voice.
Raw output
{"message": "[Microsoft.Passive] 'are detected' looks like passive voice.", "location": {"path": "src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx", "range": {"start": {"line": 23, "column": 290}}}, "severity": "INFO"}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment as #21


* **Your application is secure:** In this case, check your IAST analysis coverage in <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>. Search for your application and check the summary section. If IAST Analysis coverage is 100% and no vulnerabilities are detected, that means your application is secure.

Check notice on line 25 in src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx#L25

[Microsoft.Passive] 'are detected' looks like passive voice.
Raw output
{"message": "[Microsoft.Passive] 'are detected' looks like passive voice.", "location": {"path": "src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx", "range": {"start": {"line": 25, "column": 303}}}, "severity": "INFO"}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment as #21
Check capitalization in uI for "IAST Analysis coverage"


* **Your web socket connection is broken:** Please check the latest log file in your `nr-security-home/logs/snapshots/` folder, and look for the `Service stats -> websocket` line. The expected value is OK.

Check notice on line 27 in src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx#L27

[Microsoft.Passive] 'is broken' looks like passive voice.
Raw output
{"message": "[Microsoft.Passive] 'is broken' looks like passive voice.", "location": {"path": "src/content/docs/iast/troubleshooting/unable-to-see-vulnerabilities.mdx", "range": {"start": {"line": 27, "column": 34}}}, "severity": "INFO"}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need for "please"


* Your application's framework or vulnerability category isn't supported.

After checking these, if you don't see vulnerabilities in IAST, please contact [New Relic Support](https://support.newrelic.com/s/) and share your application's configuration and logs with our support team.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no need for "please"

Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
title: Unresponsive or crashed application
tags:
- IAST
- New Relic IAST
- Troubleshooting
metaDescription: Troubleshooting unreponsive or crashed application.
freshnessValidatedDate: 2024-07-16
---

## Problem

After enabling IAST for your APM agent, your application becomes unresponsive and the application crashes.


## Solution

IAST analysis can expose uncaught errors or exceptions in your application.
If the application has crashed due to lack of resources, increase the resources, restart the application, and perform IAST again.

## Cause

As a part of IAST, the security agent sends new requests to the application that increases the load, resulting in an increase in resource usage.
26 changes: 26 additions & 0 deletions src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
title: Unsure whether the agent is working properly
tags:
- IAST
- New Relic IAST
- Troubleshooting
metaDescription: I'm not sure if IAST is working
freshnessValidatedDate: 2024-07-16
---


## Problem

I can see my application in the IAST UI and the security agent started successfully but I am not sure if IAST is working properly.

Check warning on line 14 in src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx#L14

[Microsoft.FirstPerson] Use first person (such as 'I') sparingly.
Raw output
{"message": "[Microsoft.FirstPerson] Use first person (such as 'I') sparingly.", "location": {"path": "src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx", "range": {"start": {"line": 14, "column": 1}}}, "severity": "WARNING"}

Check warning on line 14 in src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx#L14

[Microsoft.FirstPerson] Use first person (such as 'my') sparingly.
Raw output
{"message": "[Microsoft.FirstPerson] Use first person (such as 'my') sparingly.", "location": {"path": "src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx", "range": {"start": {"line": 14, "column": 11}}}, "severity": "WARNING"}

Check warning on line 14 in src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx#L14

[Microsoft.FirstPerson] Use first person (such as ' I') sparingly.
Raw output
{"message": "[Microsoft.FirstPerson] Use first person (such as ' I') sparingly.", "location": {"path": "src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx", "range": {"start": {"line": 14, "column": 88}}}, "severity": "WARNING"}

Check notice on line 14 in src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx#L14

[new-relic.Adverbs] Consider removing 'properly'.
Raw output
{"message": "[new-relic.Adverbs] Consider removing 'properly'.", "location": {"path": "src/content/docs/iast/troubleshooting/unsure-of-agent-working.mdx", "range": {"start": {"line": 14, "column": 122}}}, "severity": "INFO"}


## Solution


1. Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > Tests**</DNT>.

2. Search for your application in the <DNT>**Application tests**</DNT> tab and click on it.

3. View the details of the test including <DNT>**APIs covered**</DNT>, <DNT>**methods calls**</DNT>, and <DNT>**application testing efficiency**</DNT>.

Also, if you set the log level to <DNT>**debug/finest**</DNT>, you can search for <DNT>**Fuzz request received**</DNT> in the `nr-security-home/logs/java-security-collector.log` file. This shows that the IAST analysis is in progress.
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
title: Viewing false positive vulnerabilities
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you mean "seeing"?

tags:
- IAST
- New Relic IAST
- Troubleshooting
metaDescription: Viewing false positive vulnerabilities for my application.
freshnessValidatedDate: never
---

## Problem

I see a vulnerability that isn't an actual vulnerability (false positive) for my application.

Check warning on line 13 in src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx#L13

[Microsoft.FirstPerson] Use first person (such as 'I') sparingly.
Raw output
{"message": "[Microsoft.FirstPerson] Use first person (such as 'I') sparingly.", "location": {"path": "src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx", "range": {"start": {"line": 13, "column": 1}}}, "severity": "WARNING"}

Check warning on line 13 in src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx#L13

[Microsoft.FirstPerson] Use first person (such as 'my') sparingly.
Raw output
{"message": "[Microsoft.FirstPerson] Use first person (such as 'my') sparingly.", "location": {"path": "src/content/docs/iast/troubleshooting/viewing-false-vulnerabilities.mdx", "range": {"start": {"line": 13, "column": 79}}}, "severity": "WARNING"}

## solution

Update the status of your vulnerability if you think IAST has reported a false positive. Follow these steps:

- Search your application: Go to <DNT>**[one.newrelic.com](https://one.newrelic.com) > All capabilities > IAST > All Tests**</DNT>.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Search your application" or "Search for your application"?


- Click on the all applications tab and select the vulnerability that isn't an actual vulnerability.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No "Click on"....always "Click"
Check capitalization of "all applications tab"


- Under the vulnerability details section, you can update the vulnerability status for the reported vulnerability. You can update its status to:
- False positive
- Resolved
- Unresolved

- If you want to list out the vulnerabilities for which you updated the status, you can apply the filter in the detected exploitable vulnerabilities list.
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
title: Seeing unknown files in the application directory
tags:
- IAST
- New Relic IAST
- Troubleshooting
metaDescription: Remove unknown files from the application directory
freshnessValidatedDate: 2024-07-16
---

## Problem

I see unknown files and directories in my application directory and want to remove these.

Check warning on line 13 in src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx#L13

[Microsoft.FirstPerson] Use first person (such as 'I') sparingly.
Raw output
{"message": "[Microsoft.FirstPerson] Use first person (such as 'I') sparingly.", "location": {"path": "src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx", "range": {"start": {"line": 13, "column": 1}}}, "severity": "WARNING"}

Check warning on line 13 in src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx#L13

[Microsoft.FirstPerson] Use first person (such as 'my') sparingly.
Raw output
{"message": "[Microsoft.FirstPerson] Use first person (such as 'my') sparingly.", "location": {"path": "src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx", "range": {"start": {"line": 13, "column": 40}}}, "severity": "WARNING"}

## Solution

If your application has the functionality to create files and directories as part of serving an HTTP request, IAST will try to test the code path and hence, create such files and directories.

Check notice on line 17 in src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx

View workflow job for this annotation

GitHub Actions / vale

[vale] src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx#L17

[Microsoft.SentenceLength] Try to keep sentences short (< 30 words).
Raw output
{"message": "[Microsoft.SentenceLength] Try to keep sentences short (\u003c 30 words).", "location": {"path": "src/content/docs/iast/troubleshooting/viewing-unknown-files-and-directories.mdx", "range": {"start": {"line": 17, "column": 1}}}, "severity": "INFO"}
The application code, under the influence of incoming HTTP requests, creates these files. The agent can't deleted them.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"delete" not "deleted"


If you're sure that none of your APIs can create files and directories, share your application's configuration and logs with [New Relic Support](https://support.newrelic.com).


22 changes: 20 additions & 2 deletions src/nav/iast.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,26 @@ pages:
path: /docs/iast/exploitable-vulns
- title: Tests & applications
path: /docs/iast/applications
- title: IAST troubleshooting
path: /docs/iast/troubleshooting
- title: Troubleshooting
pages:
- title: Application stability issues
path: /docs/iast/troubleshooting/application-stability-issues
- title: Unable to detect vulnerabilities in Golang application
path: /docs/iast/troubleshooting/unable-to-detect-vulnerabilities-for-golang-application
- title: Unable to find known vulneranilities
path: /docs/iast/troubleshooting/unable-to-find-known-vulnerabilities
- title: Unable to see application in the New Relic UI
path: /docs/iast/troubleshooting/unable-to-see-application
- title: Unable to see expected vulnerabilities in the New Relic UI
path: /docs/iast/troubleshooting/unable-to-see-vulnerabilities
- title: Unresponsive and crashing application
path: /docs/iast/troubleshooting/unresponsive-or-crashing-application
- title: Unsure if the agent is working
path: /docs/iast/troubleshooting/unsure-of-agent-working
- title: Viewing false vulnerabilities
path: /docs/iast/troubleshooting/viewing-false-vulnerabilities
- title: Viewing unknown files and directories
path: /docs/iast/troubleshooting/viewing-unknown-files-and-directories
- title: IAST billing
path: /docs/iast/iast-billing

Expand Down
Loading