Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Load IAST security agent when security.agent.enabled is true #1664

Merged
merged 41 commits into from Jun 12, 2023
Merged

feat: Load IAST security agent when security.agent.enabled is true #1664

merged 41 commits into from Jun 12, 2023

Conversation

bizob2828
Copy link
Member

@bizob2828 bizob2828 commented Jun 7, 2023
edited

Description

This PR has been the staging branch for all things security agent related. Some things to highlight:

  • load security agent when security.agent.enabled is true
  • Provide a workflow to run nightly versioned tests with security agent + apm agent(already reviewed in ci: K2 versioned tests #1617)
  • Fixes for versioned tests when security agent is enabled. As you can see most are metric name additions. Since the security agent uses our API it creates metrics every time a method is called(already reviewed in ci: K2 versioned tests #1617)
  • Pins the @newrelic/security-agent. This will prob pin the agent for the foreseeable future

How to Test

npm run versioned:security:major or npm run versioned:security

bizob2828 and others added 30 commits June 6, 2023 12:17
@bizob2828
feat: Added functionality to load security agent when config.security…
c225763 
….agent.enabled is true
@bizob2828
pin security agent until we can agree about following semantic versio…
82139a8 
…ning in security agent
@bizob2828
Load k2 agent when config.security.agent.enabled is true. Add base
54bc989 
configuration that was agreed upon.
@bizob2828
NEWRELIC-7414 Updated shimmer to now register hooks by module as coll…
5974794 
…ection not array of onRequire, onResolved, onError hooks. For every instrumentation you will get a unique shim instance unless you specify `shimName` which will store a reference to a shim instance that can be shared(koa needs this as the modules layer instrumentation on itself).
@bizob2828
NEWRELIC-7414 addressed code review feedback: encapsulated some shim …
5adf4e1 
…code to functions, use optional chaining for deep access of keys on objects
@bizob2828
loading k2 agent if enabled
694554e
@bizob2828
added ability to load and unload k2 agent in versioned tests
25b72bc
@bizob2828
updated assertions to have express play nice with k2
97e843d
@bizob2828
updated assertions to have fastify play nice with k2
095e276
@bizob2828
added logic to handle metric assertion when k2 agent is loaded
6727ce1
@bizob2828
updated assertions to have express-esm tests play nice with k2
dc0f15c
@bizob2828
updated assertions to have restify tests play nice with k2
4e4cef0
@bizob2828
updated assertions to have hapi tests play nice with k2
d46230d
@bizob2828
updated k2 agent to latest, had to fix a few metric assertions as it …
69f07f0 
…adds a new api.getLinkingMetadata call
@bizob2828
removed the loose assertion on segment tree. this is in preparation f…
e1da2c6 
…or a k2 fix in https://issues.newrelic.com/browse/NR-103549
@bizob2828
added ability to run versioned tests with k2 as npm run versioned:k2
d464b31
@bizob2828
updated k2 to use new repo
36387ec
@bizob2828
fixes after upgrading to latest version of k2 agent
501d78d
@bizob2828
updated to use version from npm
3204047
@bizob2828
fixed lockfile to version 2 so it works on 14,16, and 18
7769228
@bizob2828
updates after rebasing
8924125
@bizob2828
added workflow to run versioned tests with security agent
ff46a83
@bizob2828
add push hook to test new workflow
6c3d37c
@bizob2828
added ability to specify security agent version and which mode to run
78e29f1
@bizob2828
allowed skipping c8 from running, pared down config to only do lcovonly
a07611d
@bizob2828
added more comments to versioned test runner
68b3ff0
@bizob2828
updated koa branch to get versioned tests to pass
1db7c38
@bizob2828
add pull_request hook
5627491
@bizob2828
tried adding the test child timeout env var to help with tests timing…
ff8226e 
… out
@bizob2828
updated security versioned job to use SKIP_C8 after rebase
90c6c23
@codecov
Copy link

codecov bot commented Jun 7, 2023
edited

Codecov Report

Merging #1664 (f86878e) into main (2746195) will increase coverage by 0.02%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #1664      +/-   ##
==========================================
+ Coverage   96.76%   96.79%   +0.02%     
==========================================
  Files         200      200              
  Lines       39148    39178      +30     
  Branches       24       24              
==========================================
+ Hits        37883    37921      +38     
+ Misses       1265     1257       -8
Flag Coverage Δ
esm-unit-tests-14.x 47.80% <ø> (ø)
esm-unit-tests-16.x 92.11% <ø> (ø)
esm-unit-tests-18.x 92.11% <ø> (ø)
integration-tests-14.x 78.98% <50.00%> (-0.02%) ⬇️
integration-tests-16.x 79.08% <50.00%> (-0.02%) ⬇️
integration-tests-18.x 79.08% <50.00%> (-0.02%) ⬇️
unit-tests-14.x 91.50% <100.00%> (+0.17%) ⬆️
unit-tests-16.x 91.55% <100.00%> (+0.17%) ⬆️
unit-tests-18.x 91.54% <100.00%> (+0.17%) ⬆️
versioned-tests-14.x 75.63% <92.85%> (-0.12%) ⬇️
versioned-tests-16.x 76.95% <88.23%> (-0.12%) ⬇️
versioned-tests-18.x 76.99% <88.23%> (-0.08%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
index.js 100.00% <100.00%> (+15.13%) ⬆️
lib/instrumentation/mysql/mysql.js 100.00% <100.00%> (ø)
lib/shim/shim.js 97.78% <100.00%> (+0.11%) ⬆️

... and 2 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

bizob2828
bizob2828 commented Jun 7, 2023
View reviewed changes
test/versioned/restify/restify-pre-7/ignoring.tap.js Outdated
? 14
: 15
: 7
console.log(Object.keys(metrics))
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove console.log

bizob2828
bizob2828 commented Jun 7, 2023
View reviewed changes
index.js Show resolved Hide resolved
jmartin4563
jmartin4563 suggested changes Jun 12, 2023
View reviewed changes
Copy link
Contributor

@jmartin4563 jmartin4563 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested this locally by running the versioned tests for the security agent. Additionally, I setup an ESM express app with no vulnerabilities and the security agent turned on as a sanity check (there were no issues seeing data in the ui), if you would like me to test with a vulnerability, I can update my app to confirm that vulnerability shows up in ESM.

.github/workflows/versioned-security-agent.yml Outdated Show resolved Hide resolved
test/lib/agent_helper.js Outdated Show resolved Hide resolved
test/versioned-external/external-repos.js Outdated Show resolved Hide resolved
@bizob2828 bizob2828 changed the title feat: DO NOT MERGE Load IAST security agent when security.agent.enabled is true feat: Load IAST security agent when security.agent.enabled is true Jun 12, 2023
@bizob2828 bizob2828 merged commit 3e926e5 into main Jun 12, 2023
36 checks passed
Node.js Engineering Board automation moved this from Needs PR Review to Done: Issues recently completed Jun 12, 2023
@bizob2828 bizob2828 deleted the k2-release branch June 12, 2023 18:45
@github-actions github-actions bot mentioned this pull request Jun 12, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmartin4563 jmartin4563 jmartin4563 approved these changes

Assignees

@jmartin4563 jmartin4563

Labels
None yet
Projects
Node.js Engineering Board
  
Done: Issues recently completed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@bizob2828 @jmartin4563 @sumitsuthar