From bdf534c288d20e194c0601475cb357f9852f9ffd Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Tue, 20 Aug 2024 09:48:57 +0530 Subject: [PATCH 01/12] typo fix --- v3/integrations/nrsecurityagent/nrsecurityagent.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v3/integrations/nrsecurityagent/nrsecurityagent.go b/v3/integrations/nrsecurityagent/nrsecurityagent.go index 224d1fe7f..bf249940a 100644 --- a/v3/integrations/nrsecurityagent/nrsecurityagent.go +++ b/v3/integrations/nrsecurityagent/nrsecurityagent.go @@ -63,7 +63,7 @@ func InitSecurityAgent(app *newrelic.Application, opts ...ConfigOption) error { appConfig, isValid := app.Config() if !isValid { - return fmt.Errorf("Newrelic application value cannot be read; did you call newrelic.NewApplication?") + return fmt.Errorf("Newrelic application value cannot be read; did you call newrelic.NewApplication?") } app.UpdateSecurityConfig(c.Security) if !appConfig.HighSecurity && isSecurityAgentEnabled() { From 575534cc7e386829ec0f664a2cfe16ff92871629 Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Fri, 30 Aug 2024 09:10:45 +0530 Subject: [PATCH 02/12] Added new config parameters default value --- v3/integrations/nrsecurityagent/nrsecurityagent.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/v3/integrations/nrsecurityagent/nrsecurityagent.go b/v3/integrations/nrsecurityagent/nrsecurityagent.go index 224d1fe7f..bfef4c473 100644 --- a/v3/integrations/nrsecurityagent/nrsecurityagent.go +++ b/v3/integrations/nrsecurityagent/nrsecurityagent.go @@ -31,6 +31,10 @@ func defaultSecurityConfig() SecurityConfig { cfg.Security.Agent.Enabled = true cfg.Security.Detection.Rxss.Enabled = true cfg.Security.Request.BodyLimit = 300 + cfg.Security.SkipIastScan.Parameters.Header = make([]string, 0) + cfg.Security.SkipIastScan.Parameters.Body = make([]string, 0) + cfg.Security.SkipIastScan.Parameters.Query = make([]string, 0) + cfg.Security.SkipIastScan.API = make([]string, 0) return cfg } From 9ca2ab873baaab55f6aa9d0444ddae5cf55b82be Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Wed, 18 Sep 2024 09:53:53 +0530 Subject: [PATCH 03/12] update config tags --- v3/integrations/nrsecurityagent/nrsecurityagent.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/v3/integrations/nrsecurityagent/nrsecurityagent.go b/v3/integrations/nrsecurityagent/nrsecurityagent.go index bfef4c473..a107e35d7 100644 --- a/v3/integrations/nrsecurityagent/nrsecurityagent.go +++ b/v3/integrations/nrsecurityagent/nrsecurityagent.go @@ -31,10 +31,10 @@ func defaultSecurityConfig() SecurityConfig { cfg.Security.Agent.Enabled = true cfg.Security.Detection.Rxss.Enabled = true cfg.Security.Request.BodyLimit = 300 - cfg.Security.SkipIastScan.Parameters.Header = make([]string, 0) - cfg.Security.SkipIastScan.Parameters.Body = make([]string, 0) - cfg.Security.SkipIastScan.Parameters.Query = make([]string, 0) - cfg.Security.SkipIastScan.API = make([]string, 0) + cfg.Security.ExcludeFromIastScan.HttpRequestParameters.Header = make([]string, 0) + cfg.Security.ExcludeFromIastScan.HttpRequestParameters.Body = make([]string, 0) + cfg.Security.ExcludeFromIastScan.HttpRequestParameters.Query = make([]string, 0) + cfg.Security.ExcludeFromIastScan.API = make([]string, 0) return cfg } From fa52607585c6b813f0dc1df2d807eb14e8fd559a Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Mon, 21 Oct 2024 11:25:22 +0530 Subject: [PATCH 04/12] added trace if in inbound request --- v3/newrelic/transaction.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v3/newrelic/transaction.go b/v3/newrelic/transaction.go index 8a17c985b..c432f0f32 100644 --- a/v3/newrelic/transaction.go +++ b/v3/newrelic/transaction.go @@ -269,7 +269,7 @@ func (txn *Transaction) SetWebRequest(r WebRequest) { return } if IsSecurityAgentPresent() { - secureAgent.SendEvent("INBOUND", r, txn.GetCsecAttributes()) + secureAgent.SendEvent("INBOUND", r, txn.GetCsecAttributes(), txn.GetLinkingMetadata().TraceID) } txn.thread.logAPIError(txn.thread.SetWebRequest(r), "set web request", nil) } From dd739e5371724ad04feb7a9c004ff5d8339506da Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Mon, 21 Oct 2024 11:30:24 +0530 Subject: [PATCH 05/12] update default config value --- v3/integrations/nrsecurityagent/nrsecurityagent.go | 1 + 1 file changed, 1 insertion(+) diff --git a/v3/integrations/nrsecurityagent/nrsecurityagent.go b/v3/integrations/nrsecurityagent/nrsecurityagent.go index 19e812708..f9d110f70 100644 --- a/v3/integrations/nrsecurityagent/nrsecurityagent.go +++ b/v3/integrations/nrsecurityagent/nrsecurityagent.go @@ -35,6 +35,7 @@ func defaultSecurityConfig() SecurityConfig { cfg.Security.ExcludeFromIastScan.HttpRequestParameters.Body = make([]string, 0) cfg.Security.ExcludeFromIastScan.HttpRequestParameters.Query = make([]string, 0) cfg.Security.ExcludeFromIastScan.API = make([]string, 0) + cfg.Security.ScanControllers.IastScanRequestRateLimit = 3600 return cfg } From 75625f20caa562111017d257f9ee849f88858e7f Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Mon, 21 Oct 2024 11:52:53 +0530 Subject: [PATCH 06/12] Added new env variables for security agent config --- .../nrsecurityagent/nrsecurityagent.go | 35 ++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/v3/integrations/nrsecurityagent/nrsecurityagent.go b/v3/integrations/nrsecurityagent/nrsecurityagent.go index f9d110f70..ac8a05726 100644 --- a/v3/integrations/nrsecurityagent/nrsecurityagent.go +++ b/v3/integrations/nrsecurityagent/nrsecurityagent.go @@ -114,8 +114,24 @@ func ConfigSecurityFromYaml() ConfigOption { // NEW_RELIC_SECURITY_VALIDATOR_SERVICE_URL provides URL for the security validator service // NEW_RELIC_SECURITY_MODE scanning mode: "IAST" for now // NEW_RELIC_SECURITY_AGENT_ENABLED (boolean) -// NEW_RELIC_SECURITY_DETECTION_RXSS_ENABLED (boolean) // NEW_RELIC_SECURITY_REQUEST_BODY_LIMIT (integer) set limit on read request body in kb. By default, this is "300" +// +// NEW_RELIC_SECURITY_SCAN_SCHEDULER_DELAY (integer) The delay field indicated time in minutes before the IAST scan starts after the application starts. By default is 0 min. +// NEW_RELIC_SECURITY_SCAN_SCHEDULER_DURATION (integer) The duration field specifies the duration of the IAST scan in minutes. This determines how long the scan will run. By default is forever. +// NEW_RELIC_SECURITY_SCAN_SCHEDULER_SCHEDULE (string) The schedule field specifies a cron expression that defines when the IAST scan should run. +// NEW_RELIC_SECURITY_ALWAYS_SAMPLE_TRACES (boolean) always_sample_traces permits IAST to actively gather trace data in the background, and the collected data will be used by Security Agent to perform an IAST Scan at the scheduled time. +// NEW_RELIC_IAST_SCAN_REQUEST_RATE_LIMIT (integer) The IAST Scan Rate Limit settings limit the maximum number of analysis probes or requests that can be sent to the application in a minute, By default is 3600. +// +// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INSECURE_SETTINGS (boolean) +// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INVALID_FILE_ACCESS (boolean) +// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SQL_INJECTION (boolean) +// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_NOSQL_INJECTION (boolean) +// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_LDAP_INJECTION (boolean) +// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_JAVASCRIPT_INJECTION (boolean) +// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_COMMAND_INJECTION (boolean) +// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_XPATH_INJECTION (boolean) +// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SSRF (boolean) +// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_RXSS (boolean) func ConfigSecurityFromEnvironment() ConfigOption { return func(cfg *SecurityConfig) { @@ -150,6 +166,23 @@ func ConfigSecurityFromEnvironment() ConfigOption { assignBool(&cfg.Security.Agent.Enabled, "NEW_RELIC_SECURITY_AGENT_ENABLED") assignBool(&cfg.Security.Detection.Rxss.Enabled, "NEW_RELIC_SECURITY_DETECTION_RXSS_ENABLED") assignInt(&cfg.Security.Request.BodyLimit, "NEW_RELIC_SECURITY_REQUEST_BODY_LIMIT") + + assignInt(&cfg.Security.ScanSchedule.Delay, "NEW_RELIC_SECURITY_SCAN_SCHEDULER_DELAY") + assignInt(&cfg.Security.ScanSchedule.Duration, "NEW_RELIC_SECURITY_SCAN_SCHEDULER_DURATION") + assignString(&cfg.Security.ScanSchedule.Schedule, "NEW_RELIC_SECURITY_SCAN_SCHEDULER_SCHEDULE") + assignBool(&cfg.Security.ScanSchedule.AllowIastSampleCollection, "NEW_RELIC_SECURITY_ALWAYS_SAMPLE_TRACES") + assignInt(&cfg.Security.ScanControllers.IastScanRequestRateLimit, "NEW_RELIC_IAST_SCAN_REQUEST_RATE_LIMIT") + + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InsecureSettings, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INSECURE_SETTINGS") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InvalidFileAccess, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INVALID_FILE_ACCESS") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.SQLInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SQL_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.NosqlInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_NOSQL_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.LdapInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_LDAP_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.JavascriptInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_JAVASCRIPT_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.CommandInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_COMMAND_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.XpathInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_XPATH_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.Ssrf, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SSRF") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.Rxss, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_RXSS") } } From 300abd18efac18278e165261d6692c253aa1d2c4 Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Mon, 21 Oct 2024 12:00:46 +0530 Subject: [PATCH 07/12] Added required config functions --- .../nrsecurityagent/nrsecurityagent.go | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/v3/integrations/nrsecurityagent/nrsecurityagent.go b/v3/integrations/nrsecurityagent/nrsecurityagent.go index ac8a05726..19a98d550 100644 --- a/v3/integrations/nrsecurityagent/nrsecurityagent.go +++ b/v3/integrations/nrsecurityagent/nrsecurityagent.go @@ -220,3 +220,43 @@ func ConfigSecurityRequestBodyLimit(bodyLimit int) ConfigOption { cfg.Security.Request.BodyLimit = bodyLimit } } + +// ConfigScanScheduleDelay is used to set delay for scan schedule. +// The delay field indicated time in minutes before the IAST scan starts after the application starts +func ConfigScanScheduleDelay(delay int) ConfigOption { + return func(cfg *SecurityConfig) { + cfg.Security.Scan.Schedule.Delay = delay + } +} + +// ConfigScanScheduleDuration is used to set duration for scan schedule. +// The duration field specifies the duration of the IAST scan in minutes. This determines how long the scan will run. +func ConfigScanScheduleDuration(duration int) ConfigOption { + return func(cfg *SecurityConfig) { + cfg.Security.Scan.Schedule.Duration = duration + } +} + +// ConfigScanScheduleSetSchedule is used to set schedule for scan schedule. +// The schedule field specifies a cron expression that defines when the IAST scan should run. +func ConfigScanScheduleSetSchedule(schedule string) ConfigOption { + return func(cfg *SecurityConfig) { + cfg.Security.Scan.Schedule.Schedule = schedule + } +} + +// ConfigScanScheduleAllowIastSampleCollection is used to allow or disallow IAST sample collection +// always_sample_traces permits IAST to actively gather trace data in the background, and the collected data will be used by Security Agent to perform an IAST Scan at the scheduled time. +func ConfigScanScheduleAllowIastSampleCollection(isAllowed bool) ConfigOption { + return func(cfg *SecurityConfig) { + cfg.Security.Scan.Schedule.AllowIastSampleCollection = isAllowed + } +} + +// ConfigScanControllersIastScanRequestRateLimit is used to set IAST scan request rate limit. +// The IAST Scan Rate Limit settings limit the maximum number of analysis probes or requests that can be sent to the application in a minute +func ConfigIastScanRequestRateLimit(limit int) ConfigOption { + return func(cfg *SecurityConfig) { + cfg.Security.Scan.Controllers.IastScanRequestRateLimit = limit + } +} From c397790e605faf5b2d7de8c23a10986d6c51fe9d Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Mon, 21 Oct 2024 12:08:03 +0530 Subject: [PATCH 08/12] update env name --- .../nrsecurityagent/nrsecurityagent.go | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/v3/integrations/nrsecurityagent/nrsecurityagent.go b/v3/integrations/nrsecurityagent/nrsecurityagent.go index 19a98d550..8b0dfe799 100644 --- a/v3/integrations/nrsecurityagent/nrsecurityagent.go +++ b/v3/integrations/nrsecurityagent/nrsecurityagent.go @@ -120,18 +120,18 @@ func ConfigSecurityFromYaml() ConfigOption { // NEW_RELIC_SECURITY_SCAN_SCHEDULER_DURATION (integer) The duration field specifies the duration of the IAST scan in minutes. This determines how long the scan will run. By default is forever. // NEW_RELIC_SECURITY_SCAN_SCHEDULER_SCHEDULE (string) The schedule field specifies a cron expression that defines when the IAST scan should run. // NEW_RELIC_SECURITY_ALWAYS_SAMPLE_TRACES (boolean) always_sample_traces permits IAST to actively gather trace data in the background, and the collected data will be used by Security Agent to perform an IAST Scan at the scheduled time. -// NEW_RELIC_IAST_SCAN_REQUEST_RATE_LIMIT (integer) The IAST Scan Rate Limit settings limit the maximum number of analysis probes or requests that can be sent to the application in a minute, By default is 3600. +// NEW_RELIC_SECURITY_IAST_SCAN_REQUEST_RATE_LIMIT (integer) The IAST Scan Rate Limit settings limit the maximum number of analysis probes or requests that can be sent to the application in a minute, By default is 3600. // -// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INSECURE_SETTINGS (boolean) -// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INVALID_FILE_ACCESS (boolean) -// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SQL_INJECTION (boolean) -// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_NOSQL_INJECTION (boolean) -// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_LDAP_INJECTION (boolean) -// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_JAVASCRIPT_INJECTION (boolean) -// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_COMMAND_INJECTION (boolean) -// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_XPATH_INJECTION (boolean) -// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SSRF (boolean) -// NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_RXSS (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INSECURE_SETTINGS (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INVALID_FILE_ACCESS (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SQL_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_NOSQL_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_LDAP_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_JAVASCRIPT_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_COMMAND_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_XPATH_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SSRF (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_RXSS (boolean) func ConfigSecurityFromEnvironment() ConfigOption { return func(cfg *SecurityConfig) { @@ -171,18 +171,18 @@ func ConfigSecurityFromEnvironment() ConfigOption { assignInt(&cfg.Security.ScanSchedule.Duration, "NEW_RELIC_SECURITY_SCAN_SCHEDULER_DURATION") assignString(&cfg.Security.ScanSchedule.Schedule, "NEW_RELIC_SECURITY_SCAN_SCHEDULER_SCHEDULE") assignBool(&cfg.Security.ScanSchedule.AllowIastSampleCollection, "NEW_RELIC_SECURITY_ALWAYS_SAMPLE_TRACES") - assignInt(&cfg.Security.ScanControllers.IastScanRequestRateLimit, "NEW_RELIC_IAST_SCAN_REQUEST_RATE_LIMIT") + assignInt(&cfg.Security.ScanControllers.IastScanRequestRateLimit, "NEW_RELIC_SECURITY_IAST_SCAN_REQUEST_RATE_LIMIT") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InsecureSettings, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INSECURE_SETTINGS") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InvalidFileAccess, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INVALID_FILE_ACCESS") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.SQLInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SQL_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.NosqlInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_NOSQL_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.LdapInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_LDAP_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.JavascriptInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_JAVASCRIPT_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.CommandInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_COMMAND_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.XpathInjection, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_XPATH_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.Ssrf, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SSRF") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.Rxss, "NEW_RELIC_IAST_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_RXSS") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InsecureSettings, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INSECURE_SETTINGS") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InvalidFileAccess, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INVALID_FILE_ACCESS") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.SQLInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SQL_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.NosqlInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_NOSQL_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.LdapInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_LDAP_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.JavascriptInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_JAVASCRIPT_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.CommandInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_COMMAND_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.XpathInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_XPATH_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.Ssrf, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SSRF") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.Rxss, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_RXSS") } } From ceff172a0185d9ea9dcad33630acd0ff792a59c7 Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Mon, 21 Oct 2024 12:29:06 +0530 Subject: [PATCH 09/12] minor typo fix --- v3/integrations/nrsecurityagent/nrsecurityagent.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/v3/integrations/nrsecurityagent/nrsecurityagent.go b/v3/integrations/nrsecurityagent/nrsecurityagent.go index 8b0dfe799..a2c47e708 100644 --- a/v3/integrations/nrsecurityagent/nrsecurityagent.go +++ b/v3/integrations/nrsecurityagent/nrsecurityagent.go @@ -225,7 +225,7 @@ func ConfigSecurityRequestBodyLimit(bodyLimit int) ConfigOption { // The delay field indicated time in minutes before the IAST scan starts after the application starts func ConfigScanScheduleDelay(delay int) ConfigOption { return func(cfg *SecurityConfig) { - cfg.Security.Scan.Schedule.Delay = delay + cfg.Security.ScanSchedule.Delay = delay } } @@ -233,7 +233,7 @@ func ConfigScanScheduleDelay(delay int) ConfigOption { // The duration field specifies the duration of the IAST scan in minutes. This determines how long the scan will run. func ConfigScanScheduleDuration(duration int) ConfigOption { return func(cfg *SecurityConfig) { - cfg.Security.Scan.Schedule.Duration = duration + cfg.Security.ScanSchedule.Duration = duration } } @@ -241,7 +241,7 @@ func ConfigScanScheduleDuration(duration int) ConfigOption { // The schedule field specifies a cron expression that defines when the IAST scan should run. func ConfigScanScheduleSetSchedule(schedule string) ConfigOption { return func(cfg *SecurityConfig) { - cfg.Security.Scan.Schedule.Schedule = schedule + cfg.Security.ScanSchedule.Schedule = schedule } } @@ -249,7 +249,7 @@ func ConfigScanScheduleSetSchedule(schedule string) ConfigOption { // always_sample_traces permits IAST to actively gather trace data in the background, and the collected data will be used by Security Agent to perform an IAST Scan at the scheduled time. func ConfigScanScheduleAllowIastSampleCollection(isAllowed bool) ConfigOption { return func(cfg *SecurityConfig) { - cfg.Security.Scan.Schedule.AllowIastSampleCollection = isAllowed + cfg.Security.ScanSchedule.AllowIastSampleCollection = isAllowed } } @@ -257,6 +257,6 @@ func ConfigScanScheduleAllowIastSampleCollection(isAllowed bool) ConfigOption { // The IAST Scan Rate Limit settings limit the maximum number of analysis probes or requests that can be sent to the application in a minute func ConfigIastScanRequestRateLimit(limit int) ConfigOption { return func(cfg *SecurityConfig) { - cfg.Security.Scan.Controllers.IastScanRequestRateLimit = limit + cfg.Security.ScanControllers.IastScanRequestRateLimit = limit } } From dabb0403f4487e28b9ad9c17b4160bc05b4da3ec Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Mon, 21 Oct 2024 13:03:32 +0530 Subject: [PATCH 10/12] update env var name --- v3/integrations/nrsecurityagent/nrsecurityagent.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/v3/integrations/nrsecurityagent/nrsecurityagent.go b/v3/integrations/nrsecurityagent/nrsecurityagent.go index a2c47e708..89d434551 100644 --- a/v3/integrations/nrsecurityagent/nrsecurityagent.go +++ b/v3/integrations/nrsecurityagent/nrsecurityagent.go @@ -120,7 +120,7 @@ func ConfigSecurityFromYaml() ConfigOption { // NEW_RELIC_SECURITY_SCAN_SCHEDULER_DURATION (integer) The duration field specifies the duration of the IAST scan in minutes. This determines how long the scan will run. By default is forever. // NEW_RELIC_SECURITY_SCAN_SCHEDULER_SCHEDULE (string) The schedule field specifies a cron expression that defines when the IAST scan should run. // NEW_RELIC_SECURITY_ALWAYS_SAMPLE_TRACES (boolean) always_sample_traces permits IAST to actively gather trace data in the background, and the collected data will be used by Security Agent to perform an IAST Scan at the scheduled time. -// NEW_RELIC_SECURITY_IAST_SCAN_REQUEST_RATE_LIMIT (integer) The IAST Scan Rate Limit settings limit the maximum number of analysis probes or requests that can be sent to the application in a minute, By default is 3600. +// NEW_RELIC_SECURITY_SCAN_CONTROLLERS_IAST_SCAN_REQUEST_RATE_LIMIT (integer) The IAST Scan Rate Limit settings limit the maximum number of analysis probes or requests that can be sent to the application in a minute, By default is 3600. // // NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INSECURE_SETTINGS (boolean) // NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INVALID_FILE_ACCESS (boolean) @@ -171,7 +171,7 @@ func ConfigSecurityFromEnvironment() ConfigOption { assignInt(&cfg.Security.ScanSchedule.Duration, "NEW_RELIC_SECURITY_SCAN_SCHEDULER_DURATION") assignString(&cfg.Security.ScanSchedule.Schedule, "NEW_RELIC_SECURITY_SCAN_SCHEDULER_SCHEDULE") assignBool(&cfg.Security.ScanSchedule.AllowIastSampleCollection, "NEW_RELIC_SECURITY_ALWAYS_SAMPLE_TRACES") - assignInt(&cfg.Security.ScanControllers.IastScanRequestRateLimit, "NEW_RELIC_SECURITY_IAST_SCAN_REQUEST_RATE_LIMIT") + assignInt(&cfg.Security.ScanControllers.IastScanRequestRateLimit, "NEW_RELIC_SECURITY_SCAN_CONTROLLERS_IAST_SCAN_REQUEST_RATE_LIMIT") assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InsecureSettings, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INSECURE_SETTINGS") assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InvalidFileAccess, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INVALID_FILE_ACCESS") From 535a77e792dce2f25d00c97e2393666539d42ddb Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Mon, 28 Oct 2024 11:01:27 +0530 Subject: [PATCH 11/12] Added new env variables --- .../nrsecurityagent/nrsecurityagent.go | 71 +++++++++++-------- 1 file changed, 43 insertions(+), 28 deletions(-) diff --git a/v3/integrations/nrsecurityagent/nrsecurityagent.go b/v3/integrations/nrsecurityagent/nrsecurityagent.go index 89d434551..79269f9be 100644 --- a/v3/integrations/nrsecurityagent/nrsecurityagent.go +++ b/v3/integrations/nrsecurityagent/nrsecurityagent.go @@ -8,6 +8,7 @@ import ( "io/ioutil" "os" "strconv" + "strings" securityAgent "github.com/newrelic/csec-go-agent" "github.com/newrelic/go-agent/v3/internal" @@ -116,22 +117,22 @@ func ConfigSecurityFromYaml() ConfigOption { // NEW_RELIC_SECURITY_AGENT_ENABLED (boolean) // NEW_RELIC_SECURITY_REQUEST_BODY_LIMIT (integer) set limit on read request body in kb. By default, this is "300" // -// NEW_RELIC_SECURITY_SCAN_SCHEDULER_DELAY (integer) The delay field indicated time in minutes before the IAST scan starts after the application starts. By default is 0 min. -// NEW_RELIC_SECURITY_SCAN_SCHEDULER_DURATION (integer) The duration field specifies the duration of the IAST scan in minutes. This determines how long the scan will run. By default is forever. -// NEW_RELIC_SECURITY_SCAN_SCHEDULER_SCHEDULE (string) The schedule field specifies a cron expression that defines when the IAST scan should run. -// NEW_RELIC_SECURITY_ALWAYS_SAMPLE_TRACES (boolean) always_sample_traces permits IAST to actively gather trace data in the background, and the collected data will be used by Security Agent to perform an IAST Scan at the scheduled time. +// NEW_RELIC_SECURITY_SCAN_SCHEDULE_DELAY (integer) The delay field indicated time in minutes before the IAST scan starts after the application starts. By default is 0 min. +// NEW_RELIC_SECURITY_SCAN_SCHEDULE_DURATION (integer) The duration field specifies the duration of the IAST scan in minutes. This determines how long the scan will run. By default is forever. +// NEW_RELIC_SECURITY_SCAN_SCHEDULE_SCHEDULE (string) The schedule field specifies a cron expression that defines when the IAST scan should run. +// NEW_RELIC_SECURITY_SCAN_SCHEDULE_ALWAYS_SAMPLE_TRACES (boolean) always_sample_traces permits IAST to actively gather trace data in the background, and the collected data will be used by Security Agent to perform an IAST Scan at the scheduled time. // NEW_RELIC_SECURITY_SCAN_CONTROLLERS_IAST_SCAN_REQUEST_RATE_LIMIT (integer) The IAST Scan Rate Limit settings limit the maximum number of analysis probes or requests that can be sent to the application in a minute, By default is 3600. // -// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INSECURE_SETTINGS (boolean) -// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INVALID_FILE_ACCESS (boolean) -// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SQL_INJECTION (boolean) -// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_NOSQL_INJECTION (boolean) -// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_LDAP_INJECTION (boolean) -// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_JAVASCRIPT_INJECTION (boolean) -// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_COMMAND_INJECTION (boolean) -// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_XPATH_INJECTION (boolean) -// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SSRF (boolean) -// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_RXSS (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_INSECURE_SETTINGS (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_INVALID_FILE_ACCESS (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_SQL_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_NOSQL_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_LDAP_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_JAVASCRIPT_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_COMMAND_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_XPATH_INJECTION (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_SSRF (boolean) +// NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_RXSS (boolean) func ConfigSecurityFromEnvironment() ConfigOption { return func(cfg *SecurityConfig) { @@ -167,22 +168,36 @@ func ConfigSecurityFromEnvironment() ConfigOption { assignBool(&cfg.Security.Detection.Rxss.Enabled, "NEW_RELIC_SECURITY_DETECTION_RXSS_ENABLED") assignInt(&cfg.Security.Request.BodyLimit, "NEW_RELIC_SECURITY_REQUEST_BODY_LIMIT") - assignInt(&cfg.Security.ScanSchedule.Delay, "NEW_RELIC_SECURITY_SCAN_SCHEDULER_DELAY") - assignInt(&cfg.Security.ScanSchedule.Duration, "NEW_RELIC_SECURITY_SCAN_SCHEDULER_DURATION") - assignString(&cfg.Security.ScanSchedule.Schedule, "NEW_RELIC_SECURITY_SCAN_SCHEDULER_SCHEDULE") - assignBool(&cfg.Security.ScanSchedule.AllowIastSampleCollection, "NEW_RELIC_SECURITY_ALWAYS_SAMPLE_TRACES") + assignInt(&cfg.Security.ScanSchedule.Delay, "NEW_RELIC_SECURITY_SCAN_SCHEDULE_DELAY") + assignInt(&cfg.Security.ScanSchedule.Duration, "NEW_RELIC_SECURITY_SCAN_SCHEDULE_DURATION") + assignString(&cfg.Security.ScanSchedule.Schedule, "NEW_RELIC_SECURITY_SCAN_SCHEDULE_SCHEDULE") + assignBool(&cfg.Security.ScanSchedule.AllowIastSampleCollection, "NEW_RELIC_SECURITY_SCAN_SCHEDULE_ALWAYS_SAMPLE_TRACES") assignInt(&cfg.Security.ScanControllers.IastScanRequestRateLimit, "NEW_RELIC_SECURITY_SCAN_CONTROLLERS_IAST_SCAN_REQUEST_RATE_LIMIT") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InsecureSettings, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INSECURE_SETTINGS") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InvalidFileAccess, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_INVALID_FILE_ACCESS") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.SQLInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SQL_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.NosqlInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_NOSQL_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.LdapInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_LDAP_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.JavascriptInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_JAVASCRIPT_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.CommandInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_COMMAND_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.XpathInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_XPATH_INJECTION") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.Ssrf, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_SSRF") - assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.Rxss, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_DETECTION_CATEGORY_RXSS") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InsecureSettings, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_INSECURE_SETTINGS") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.InvalidFileAccess, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_INVALID_FILE_ACCESS") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.SQLInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_SQL_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.NosqlInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_NOSQL_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.LdapInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_LDAP_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.JavascriptInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_JAVASCRIPT_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.CommandInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_COMMAND_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.XpathInjection, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_XPATH_INJECTION") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.Ssrf, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_SSRF") + assignBool(&cfg.Security.ExcludeFromIastScan.IastDetectionCategory.Rxss, "NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_IAST_DETECTION_CATEGORY_RXSS") + + if env := os.Getenv("NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_API"); env != "" { + cfg.Security.ExcludeFromIastScan.API = strings.Split(env, ",") + } + if env := os.Getenv("NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_HTTP_REQUEST_PARAMETERS_HEADER"); env != "" { + cfg.Security.ExcludeFromIastScan.HttpRequestParameters.Header = strings.Split(env, ",") + } + if env := os.Getenv("NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_HTTP_REQUEST_PARAMETERS_QUERY"); env != "" { + cfg.Security.ExcludeFromIastScan.HttpRequestParameters.Query = strings.Split(env, ",") + } + if env := os.Getenv("NEW_RELIC_SECURITY_EXCLUDE_FROM_IAST_SCAN_HTTP_REQUEST_PARAMETERS_BODY"); env != "" { + cfg.Security.ExcludeFromIastScan.HttpRequestParameters.Body = strings.Split(env, ",") + } + } } From 45f11f2df66e70f6f9d44982c9472ff53c862ad5 Mon Sep 17 00:00:00 2001 From: Aayush garg Date: Wed, 30 Oct 2024 09:27:11 +0530 Subject: [PATCH 12/12] update security agent version --- v3/integrations/nrsecurityagent/go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v3/integrations/nrsecurityagent/go.mod b/v3/integrations/nrsecurityagent/go.mod index b85d8cea1..9d7e8b9f9 100644 --- a/v3/integrations/nrsecurityagent/go.mod +++ b/v3/integrations/nrsecurityagent/go.mod @@ -3,7 +3,7 @@ module github.com/newrelic/go-agent/v3/integrations/nrsecurityagent go 1.21 require ( - github.com/newrelic/csec-go-agent v1.4.0 + github.com/newrelic/csec-go-agent v1.5.0 github.com/newrelic/go-agent/v3 v3.35.0 github.com/newrelic/go-agent/v3/integrations/nrsqlite3 v1.2.0 gopkg.in/yaml.v2 v2.4.0