Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Devise a way to report "unsatisfied" for Padrino to the csec agent #2912

Open
fallwith opened this issue Oct 12, 2024 · 1 comment
Open

Devise a way to report "unsatisfied" for Padrino to the csec agent #2912

fallwith opened this issue Oct 12, 2024 · 1 comment

Comments

@fallwith
Copy link
Contributor

The Padrino gem's relationship to Sinatra led to an instrumentation design in the New Relic Ruby agent that sees the :'instrumentation.sinatra' configuration option being inspected and no independent option with the word "padrino" used.

As a result, there is currently no way to convey to the security agent that the Padrino gem's instrumentation dependencies were unsatisfied independently of the Sinatra gem.

A similar issue exists between the "memcache" and "dalli" gems, with our Dalli instrumentation effectively clobbering the "memcache" gem's configuration option, but given that the "memcache" gem is considered defunct, it's only Padrino that it is of concern currently.

@workato-integration
Copy link

fallwith added a commit that referenced this issue Oct 15, 2024
address 2 issues causing dependency detection to falsely label an
instrumentation's dependencies as "unsatisfied".

- handle Padrino with a special case pending resolution of
  #2912
- don't mark an item as unsatisfied the second (or higher) time it comes
  around through the `detect!` loop
hannahramadan added a commit that referenced this issue Oct 31, 2024
* Remove opensearch service from depends_on

OpenSearch does not have a service, it's commented out.

* Update verbiage to match docs website

Tweaks for automatic_custom_instrumentation_method_list

* add ruby version check

* Update 9.14 changelog to match release notes

* Stripe: restrict CI tests to Stripe <= v12

For now, limit Stripe testing to < v13

* Sequel: relax Ruby requirement for Timed pool

Accommodate Sequel v5.85.0, which has made the timed connection pool the
default for Ruby 3.2+ by always  permitting the use of a timed
connection pool for explain plan generation in a Ruby 3.2+ context
(previously only a Ruby 3.4+ context would work).

https://sequel.jeremyevans.net/rdoc/files/doc/release_notes/5_85_0_txt.html#label-Other+Improvements

* add changelog entry

* Remove excess info-level instrumentation logs (#2881)

* Remove duplicate info-level instrumentation logs

The methods `prepend_instrument` and `chain_instrument` eventually produce info-level log statements. Remove duplicate statements.

---------

Co-authored-by: James Bunch <fallwith@gmail.com>

* Stripe testing update (#2891)

* Update Stripe test

Co-authored-by: James Bunch <fallwith@gmail.com>

---------

Co-authored-by: James Bunch <fallwith@gmail.com>

* increase db.statement threshold to 4096

increase the db.statement max from 2000 to 4096 as per the updated cross
agent spec

* Test Ruby 3.4.0-preview2

* Update CHANGELOG.md

Co-authored-by: Kayla Reopelle <87386821+kaylareopelle@users.noreply.github.com>

* add aws_account_id config

* tests script: perform cleanup

clean up content on each fresh test run instance

* Add assertion condition for 3.4 support

The JSON string output changed in Ruby 3.4 to remove the hash rocket

Pre Ruby 3.4:
:app_name=>\"test\"

Ruby 3.4+:
app_name: \"test\"

* Exclude api_key from reported settings

* Add TODO to fix the test before 3.4 is released

* Improve failure output for assert_log_contains

* stringio CI test

* Update stringio version

* berm/bermq: only clean once

given than `berm` and `bermq` both follow the same path, prevent
duplicate cleaning operations

* use cloud.aws.account_id for config name

* add changelog entry

* Skip config_file_loading suite on Ruby 3.4

* add allow nil to config

* Simplify excluded_settings test

* Update CHANGELOG.md

Co-authored-by: Kayla Reopelle <87386821+kaylareopelle@users.noreply.github.com>

* Update CHANGELOG.md

Co-authored-by: Kayla Reopelle <87386821+kaylareopelle@users.noreply.github.com>

* Update lib/new_relic/agent/configuration/default_source.rb

Co-authored-by: Kayla Reopelle <87386821+kaylareopelle@users.noreply.github.com>

* Update newrelic-grape check logic

* Update View Component metric building (#2907)

* Use default `View/component` metric name for unidentified View Components

* add exit code to output

* move rdkafka to its own group for multiverse

* add config to allow test to pass for jruby

* Create helper method to return rubygems specs

Bundler version 2.5.12 deprecated all_specs and added installed_specs.
To support newer Bundler versions, try to use installed_specs first,
then fall back to all_specs.
All callers expect this to be an array, so return an array if Bundler
isn't defined.

This consolidates the way the rubygems specs are accessed across
the multiple places we use them.

* Add changelog entry for all_specs update

* Update stub for Rubies below 2.7

* Rubocop

* prevent false 'unsatisfied' dependency status

address 2 issues causing dependency detection to falsely label an
instrumentation's dependencies as "unsatisfied".

- handle Padrino with a special case pending resolution of
  #2912
- don't mark an item as unsatisfied the second (or higher) time it comes
  around through the `detect!` loop

* sinatra dd check - use a string

use a string for comparison

* Use double splat for Ruby >= 3.0

* Update changelog

* update changelog

* Update CHANGELOG.md

Co-authored-by: Kayla Reopelle <87386821+kaylareopelle@users.noreply.github.com>

* DD templating: conditionally invoke requires

as per #2844, don't perform `require_relative` on content that won't be
used unless all dependency detection checks succeed

* DD: require only prepend OR chain DD code

when chaining or prepending, only bring in the appropriate chain or
prepend code

* DD: update the rendering of the 'named' line

the template's rendering of a `named` line was previously attempting to
wrap symbol values with single quotes when necessary.

but given that everything is routed through the `snake_name` method,
nothing will ever need the quotes if we simply use the output of that
method, held in `@snake_name`.

* bugfix: always apply transformations on booleans

v9.14.0 introduced improved handling of boolean based configuration
parameters and inadvertently broke AWS Lambda layer based functionality
due to a bypassing of config transformations for booleans.

Boolean based values will now again be routed through their
transformations if defined.

resolves #2919

* Update CHANGELOG.md

Update dev bugfix title for Lambda layer functionality restoration

Co-authored-by: Kayla Reopelle <87386821+kaylareopelle@users.noreply.github.com>

* Update CHANGELOG.md

Reference the Lambda bugfix PR now that it exists

Co-authored-by: Kayla Reopelle <87386821+kaylareopelle@users.noreply.github.com>

* CHANGELOG: improve Lambda bugfix summary

Improve the wording for the Lambda bugfix summary

Co-authored-by: Kayla Reopelle <87386821+kaylareopelle@users.noreply.github.com>

* add .vscode to gitignore

* Add security scan

* Add scan-type: fs

* chore: Rename build job

* Update run conditions

* Add bundling step

* bundle after checkout

* Prerelease 9.15.0-pre (#2927)

* bump version

---------

Co-authored-by: newrelic-ruby-agent-bot <ruby-agent@newrelic.com>
Co-authored-by: Hannah Ramadan <76922290+hannahramadan@users.noreply.github.com>

---------

Co-authored-by: Kayla Reopelle <kreopelle@newrelic.com>
Co-authored-by: Kayla Reopelle <87386821+kaylareopelle@users.noreply.github.com>
Co-authored-by: Tanna McClure <tmcclure@newrelic.com>
Co-authored-by: James Bunch <fallwith@gmail.com>
Co-authored-by: Hannah Ramadan <76922290+hannahramadan@users.noreply.github.com>
Co-authored-by: Patrick Arnett <parnett@g2.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: newrelic-ruby-agent-bot <ruby-agent@newrelic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

No branches or pull requests

1 participant