Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@newrelic/security-agent

Package Overview
Dependencies
Maintainers
1
Versions
29
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@newrelic/security-agent - npm Package Compare versions

Comparing version 1.1.0 to 1.1.1

4

CHANGELOG.md

@@ -0,1 +1,5 @@

### v1.1.1 (2024-03-21)
#### Bug fixes
* Reverted IAST support for gRPC.
### v1.1.0 (2024-03-19)

@@ -2,0 +6,0 @@ #### Features

47

lib/instrumentation-security/index.js

@@ -203,54 +203,7 @@ /*

newrelic.instrument({
type: 'conglomerate',
moduleName: '@grpc/grpc-js/build/src/server',
isEsm: true,
onRequire: require('./hooks/grpc-js/nr-grpc').wrapServer,
onError: function intrumentErrorHandler(err) {
logger.error(err.message, err.stack)
}
})
newrelic.instrument({
type: 'conglomerate',
moduleName: '@grpc/grpc-js/build/src/make-client',
isEsm: true,
onRequire: require('./hooks/grpc-js/nr-grpc').wrapMakeClient,
onError: function intrumentErrorHandler(err) {
logger.error(err.message, err.stack)
}
})
newrelic.instrument({
type: 'conglomerate',
moduleName: '@grpc/grpc-js/build/src/resolving-call',
isEsm: true,
onRequire: require('./hooks/grpc-js/nr-grpc').wrapStartResolve,
onError: function intrumentErrorHandler(err) {
logger.error(err.message, err.stack)
}
})
newrelic.instrument({
type: 'conglomerate',
moduleName: '@grpc/grpc-js/build/src/call-stream',
isEsm: true,
onRequire: require('./hooks/grpc-js/nr-grpc').wrapStartCall,
onError: function intrumentErrorHandler(err) {
logger.error(err.message, err.stack)
}
})
newrelic.instrument({
type: 'conglomerate',
moduleName: '@grpc/grpc-js',
isEsm: true,
onRequire: require('./hooks/grpc-js/nr-grpc').initialize,
onError: function intrumentErrorHandler(err) {
logger.error(err.message, err.stack)
}
})

42

lib/nr-security-agent/lib/core/connections/websocket/response/fuzz-request-handler.js

@@ -10,3 +10,2 @@ /*

const restClient = require('../../restclient');
const grpcClient = require('../../grpcClient');
const { Agent } = require('../../../agent');

@@ -25,2 +24,5 @@ const { FuzzFailEvent } = require('../../../FuzzFailEvent');

const {
IS_LAMBDA_ENV,
AWS_LAMBDA_FUNCTION_VERSION_ENV_IDENTIFIER } = require('../../../sec-agent-constants');
const statusUtils = require('../../../statusUtils');

@@ -128,13 +130,10 @@

try {
if (fuzzRequest.protocol == 'grpc') {
const config = parseGRPCRequestToFuzz(fuzzRequest);
config.headers['nr-csec-parent-id'] = fuzzRequest.id;
IASTUtil.completedRequestsMapInit(fuzzRequest.id);
grpcClient.fireRequest(config);
if (fuzzRequest.headers && fuzzRequest.headers[NR_CSEC_FUZZ_REQUEST_ID]) {
logScannedApiId(fuzzRequest.headers[NR_CSEC_FUZZ_REQUEST_ID], fuzzRequest.requestURI)
}
if (IS_LAMBDA_ENV) {
const qualifiedARN = Agent.getAgent().applicationInfo.applicationUUID;
const splitArn = String.prototype.split.call(qualifiedARN, ':');
const arn = splitArn.slice(0, splitArn.length - 1).join(':');
const ver = process.env[AWS_LAMBDA_FUNCTION_VERSION_ENV_IDENTIFIER];
logger.info('Invoking Lambda:: ARN: ' + arn);
logger.info('Invoking Lambda:: Version: ' + ver);
IASTUtil.removePendingRequestId(fuzzRequest.id);
} else {

@@ -160,2 +159,3 @@ const config = parseAxiosHttpRequestToFuzz(fuzzRequest);

logger.info('Firing http request:: URL: ' + config.url);
const response = restClient.fireRequest(config);

@@ -217,22 +217,2 @@ handleFuzzResponse(response, fuzzDetails);

/**
* Parses the passed fuzz request object to
* Axios config.
*
* @param {JSON} requestObject
*/
function parseGRPCRequestToFuzz(requestObject) {
let serverName = requestObject.serverName ? requestObject.serverName : LOCALHOST;
let host = serverName + COLON + requestObject.serverPort
return {
url: requestObject.protocol + COLON_SLASH_SLASH + host + requestObject.url,
requestURI: requestObject.requestURI,
protocol: requestObject.protocol,
serverPort: requestObject.serverPort,
method: requestObject.method,
data: requestObject.body,
headers: requestObject.headers,
timeout: 5000,
};
}

@@ -239,0 +219,0 @@

4

package.json
{
"name": "@newrelic/security-agent",
"version": "1.1.0",
"version": "1.1.1",
"description": "New Relic Security Agent for Node.js",

@@ -61,4 +61,2 @@ "main": "index.js",

"devDependencies": {
"@grpc/grpc-js": "^1.9.5",
"@grpc/proto-loader": "^0.7.10",
"@hapi/hapi": "^21.3.0",

@@ -65,0 +63,0 @@ "@koa/router": "^12.0.0",

1

README.md

@@ -71,3 +71,2 @@ # New Relic Node.js security agent

- [undici](https://www.npmjs.com/package/undici)(4.7.0 and above)
- [@grpc/grpc-js](https://www.npmjs.com/package/@grpc/grpc-js)(1.4.x and above)

@@ -74,0 +73,0 @@ For more information, please see New Relic Node.js agent [compatibility and requirements](https://docs.newrelic.com/docs/apm/agents/nodejs-agent/getting-started/compatibility-requirements-nodejs-agent/).

lib/instrumentation-security/core/grpc-utils.js
lib/instrumentation-security/hooks/grpc-js/nr-grpc.js
lib/nr-security-agent/lib/core/connections/grpcClient.js
THIRD_PARTY_NOTICES.md

Sorry, the diff of this file is too big to display

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc