-
Notifications
You must be signed in to change notification settings - Fork 600
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Devise a way to report "unsatisfied" for Padrino to the csec agent #2912
Comments
fallwith
added a commit
that referenced
this issue
Oct 15, 2024
address 2 issues causing dependency detection to falsely label an instrumentation's dependencies as "unsatisfied". - handle Padrino with a special case pending resolution of #2912 - don't mark an item as unsatisfied the second (or higher) time it comes around through the `detect!` loop
hannahramadan
added a commit
that referenced
this issue
Oct 31, 2024
* Remove opensearch service from depends_on OpenSearch does not have a service, it's commented out. * Update verbiage to match docs website Tweaks for automatic_custom_instrumentation_method_list * add ruby version check * Update 9.14 changelog to match release notes * Stripe: restrict CI tests to Stripe <= v12 For now, limit Stripe testing to < v13 * Sequel: relax Ruby requirement for Timed pool Accommodate Sequel v5.85.0, which has made the timed connection pool the default for Ruby 3.2+ by always permitting the use of a timed connection pool for explain plan generation in a Ruby 3.2+ context (previously only a Ruby 3.4+ context would work). https://sequel.jeremyevans.net/rdoc/files/doc/release_notes/5_85_0_txt.html#label-Other+Improvements * add changelog entry * Remove excess info-level instrumentation logs (#2881) * Remove duplicate info-level instrumentation logs The methods `prepend_instrument` and `chain_instrument` eventually produce info-level log statements. Remove duplicate statements. --------- Co-authored-by: James Bunch <[email protected]> * Stripe testing update (#2891) * Update Stripe test Co-authored-by: James Bunch <[email protected]> --------- Co-authored-by: James Bunch <[email protected]> * increase db.statement threshold to 4096 increase the db.statement max from 2000 to 4096 as per the updated cross agent spec * Test Ruby 3.4.0-preview2 * Update CHANGELOG.md Co-authored-by: Kayla Reopelle <[email protected]> * add aws_account_id config * tests script: perform cleanup clean up content on each fresh test run instance * Add assertion condition for 3.4 support The JSON string output changed in Ruby 3.4 to remove the hash rocket Pre Ruby 3.4: :app_name=>\"test\" Ruby 3.4+: app_name: \"test\" * Exclude api_key from reported settings * Add TODO to fix the test before 3.4 is released * Improve failure output for assert_log_contains * stringio CI test * Update stringio version * berm/bermq: only clean once given than `berm` and `bermq` both follow the same path, prevent duplicate cleaning operations * use cloud.aws.account_id for config name * add changelog entry * Skip config_file_loading suite on Ruby 3.4 * add allow nil to config * Simplify excluded_settings test * Update CHANGELOG.md Co-authored-by: Kayla Reopelle <[email protected]> * Update CHANGELOG.md Co-authored-by: Kayla Reopelle <[email protected]> * Update lib/new_relic/agent/configuration/default_source.rb Co-authored-by: Kayla Reopelle <[email protected]> * Update newrelic-grape check logic * Update View Component metric building (#2907) * Use default `View/component` metric name for unidentified View Components * add exit code to output * move rdkafka to its own group for multiverse * add config to allow test to pass for jruby * Create helper method to return rubygems specs Bundler version 2.5.12 deprecated all_specs and added installed_specs. To support newer Bundler versions, try to use installed_specs first, then fall back to all_specs. All callers expect this to be an array, so return an array if Bundler isn't defined. This consolidates the way the rubygems specs are accessed across the multiple places we use them. * Add changelog entry for all_specs update * Update stub for Rubies below 2.7 * Rubocop * prevent false 'unsatisfied' dependency status address 2 issues causing dependency detection to falsely label an instrumentation's dependencies as "unsatisfied". - handle Padrino with a special case pending resolution of #2912 - don't mark an item as unsatisfied the second (or higher) time it comes around through the `detect!` loop * sinatra dd check - use a string use a string for comparison * Use double splat for Ruby >= 3.0 * Update changelog * update changelog * Update CHANGELOG.md Co-authored-by: Kayla Reopelle <[email protected]> * DD templating: conditionally invoke requires as per #2844, don't perform `require_relative` on content that won't be used unless all dependency detection checks succeed * DD: require only prepend OR chain DD code when chaining or prepending, only bring in the appropriate chain or prepend code * DD: update the rendering of the 'named' line the template's rendering of a `named` line was previously attempting to wrap symbol values with single quotes when necessary. but given that everything is routed through the `snake_name` method, nothing will ever need the quotes if we simply use the output of that method, held in `@snake_name`. * bugfix: always apply transformations on booleans v9.14.0 introduced improved handling of boolean based configuration parameters and inadvertently broke AWS Lambda layer based functionality due to a bypassing of config transformations for booleans. Boolean based values will now again be routed through their transformations if defined. resolves #2919 * Update CHANGELOG.md Update dev bugfix title for Lambda layer functionality restoration Co-authored-by: Kayla Reopelle <[email protected]> * Update CHANGELOG.md Reference the Lambda bugfix PR now that it exists Co-authored-by: Kayla Reopelle <[email protected]> * CHANGELOG: improve Lambda bugfix summary Improve the wording for the Lambda bugfix summary Co-authored-by: Kayla Reopelle <[email protected]> * add .vscode to gitignore * Add security scan * Add scan-type: fs * chore: Rename build job * Update run conditions * Add bundling step * bundle after checkout * Prerelease 9.15.0-pre (#2927) * bump version --------- Co-authored-by: newrelic-ruby-agent-bot <[email protected]> Co-authored-by: Hannah Ramadan <[email protected]> --------- Co-authored-by: Kayla Reopelle <[email protected]> Co-authored-by: Kayla Reopelle <[email protected]> Co-authored-by: Tanna McClure <[email protected]> Co-authored-by: James Bunch <[email protected]> Co-authored-by: Hannah Ramadan <[email protected]> Co-authored-by: Patrick Arnett <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: newrelic-ruby-agent-bot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Padrino gem's relationship to Sinatra led to an instrumentation design in the New Relic Ruby agent that sees the
:'instrumentation.sinatra'
configuration option being inspected and no independent option with the word "padrino" used.As a result, there is currently no way to convey to the security agent that the Padrino gem's instrumentation dependencies were unsatisfied independently of the Sinatra gem.
A similar issue exists between the "memcache" and "dalli" gems, with our Dalli instrumentation effectively clobbering the "memcache" gem's configuration option, but given that the "memcache" gem is considered defunct, it's only Padrino that it is of concern currently.
The text was updated successfully, but these errors were encountered: