diff --git a/instrumentation-security/apache-tomcat-10/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat10/HttpServletHelper.java b/instrumentation-security/apache-tomcat-10/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat10/HttpServletHelper.java index f27ae5e0c..52f34d54f 100644 --- a/instrumentation-security/apache-tomcat-10/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat10/HttpServletHelper.java +++ b/instrumentation-security/apache-tomcat-10/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat10/HttpServletHelper.java @@ -23,9 +23,9 @@ public static void gatherURLMappings(ServletContext servletContext) { Map servletRegistrations = servletContext.getServletRegistrations(); getJSPMappings(servletContext, SEPARATOR); - for (ServletRegistration servletRegistration : servletRegistrations.values()) { - for (String mapping : servletRegistration.getMappings()) { - URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, mapping, servletRegistration.getClassName())); + for (ServletRegistration servletReg : servletRegistrations.values()) { + for (String mapping : servletReg.getMappings()) { + URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, mapping, servletReg.getClassName())); } } } catch (Exception e){ diff --git a/instrumentation-security/apache-tomcat-7/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat7/HttpServletHelper.java b/instrumentation-security/apache-tomcat-7/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat7/HttpServletHelper.java index c585c7b6c..61bb5ee00 100644 --- a/instrumentation-security/apache-tomcat-7/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat7/HttpServletHelper.java +++ b/instrumentation-security/apache-tomcat-7/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat7/HttpServletHelper.java @@ -22,9 +22,9 @@ public static void gatherURLMappings(ServletContext servletContext) { Map servletRegistrations = servletContext.getServletRegistrations(); getJSPMappings(servletContext, SEPARATOR); - for (ServletRegistration servletRegistration : servletRegistrations.values()) { - for (String mapping : servletRegistration.getMappings()) { - URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, mapping, servletRegistration.getClassName())); + for (ServletRegistration servletReg : servletRegistrations.values()) { + for (String mapping : servletReg.getMappings()) { + URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, mapping, servletReg.getClassName())); } } } catch (Exception e){ diff --git a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java index d95541647..c92ece2ee 100644 --- a/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java +++ b/instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java @@ -183,6 +183,7 @@ public static void postProcessSecurityHook(HttpServletRequest request, HttpServl } public static void gatherURLMappings(ServletContext servletContext) { try { + String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), SEPARATOR), StringUtils.SEPARATOR); Map servletRegistrations = servletContext.getServletRegistrations(); getJSPMappings(servletContext, SEPARATOR); diff --git a/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java b/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java index 3839df633..397ba2ebd 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java +++ b/instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java @@ -3,13 +3,20 @@ import com.newrelic.api.agent.security.NewRelicSecurity; import com.newrelic.api.agent.security.instrumentation.helpers.*; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.ApplicationURLMapping; +import com.newrelic.api.agent.security.schema.Framework; import com.newrelic.api.agent.security.schema.HttpRequest; import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; import com.newrelic.api.agent.security.schema.policy.AgentPolicy; +import javax.servlet.ServletConfig; +import javax.servlet.ServletContext; +import javax.servlet.ServletRegistration; import javax.servlet.http.HttpServletRequest; import java.util.Enumeration; import java.util.Map; +import java.util.regex.Matcher; +import java.util.regex.Pattern; public class HttpServletHelper { diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java index 05148d40e..406c0b553 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java @@ -68,7 +68,6 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp } HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest); - securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders())); securityRequest.setProtocol(httpServletRequest.getScheme()); diff --git a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java index 448b91a53..c330c113f 100644 --- a/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java @@ -12,9 +12,13 @@ import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper; import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; +import com.newrelic.api.agent.security.instrumentation.helpers.URLMappingsHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.ApplicationURLMapping; +import com.newrelic.api.agent.security.schema.Framework; import com.newrelic.api.agent.security.schema.HttpRequest; import com.newrelic.api.agent.security.schema.SecurityMetaData; +import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; import com.newrelic.api.agent.security.schema.operation.RXSSOperation; import com.newrelic.api.agent.security.utils.logging.LogLevel; @@ -26,12 +30,17 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.Arrays; +import java.util.regex.Matcher; +import java.util.regex.Pattern; @Weave(type = MatchType.Interface, originalName = "javax.servlet.Servlet") public abstract class Servlet_Instrumentation { public void service(ServletRequest_Instrumentation request, ServletResponse_Instrumentation response) { boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); + if (NewRelicSecurity.isHookProcessingActive() && request instanceof HttpServletRequest){ + setRoute((HttpServletRequest) request, NewRelicSecurity.getAgent().getSecurityMetaData().getRequest(), getServletConfig()); + } if(isServletLockAcquired) { preprocessSecurityHook(request, response); } @@ -125,4 +134,33 @@ private void postProcessSecurityHook(ServletRequest_Instrumentation request, Ser NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, HttpServletHelper.SERVLET_2_4, e.getMessage()), e, Servlet_Instrumentation.class.getName()); } } + + public abstract ServletConfig getServletConfig(); + + private void setRoute(HttpServletRequest request, HttpRequest securityRequest, ServletConfig servletConfig) { + try { + if (URLMappingsHelper.getApplicationURLMappings().isEmpty()){ + return; + } + String servletPath = request.getServletPath(); + if (URLMappingsHelper.getApplicationURLMappings().contains(new ApplicationURLMapping(URLMappingsHelper.WILDCARD, servletPath))) { + securityRequest.setRoute(servletPath); + } else if (servletConfig != null) { + ServletRegistration registration = servletConfig.getServletContext().getServletRegistration(servletConfig.getServletName()); + if (registration != null && registration.getMappings() != null && !registration.getMappings().isEmpty()) { + for (String mapping : registration.getMappings()) { + Pattern pattern = Pattern.compile(StringUtils.replace(mapping, URLMappingsHelper.subResourceSegment, ".*")); + Matcher matcher = pattern.matcher(servletPath); + if (matcher.matches()) { + securityRequest.setRoute(mapping); + break; + } + } + } + } + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFramework(Framework.SERVLET); + } catch (Exception e){ + NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_ROUTE_FOR_INCOMING_REQUEST, HttpServletHelper.SERVLET_2_4, e.getMessage()), e, this.getClass().getName()); + } + } } diff --git a/instrumentation-security/servlet-3.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet30/HttpServletHelper.java b/instrumentation-security/servlet-3.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet30/HttpServletHelper.java index 69fce5348..fb3039123 100644 --- a/instrumentation-security/servlet-3.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet30/HttpServletHelper.java +++ b/instrumentation-security/servlet-3.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet30/HttpServletHelper.java @@ -14,17 +14,17 @@ import java.util.Map; public class HttpServletHelper { - private static final String WILDCARD = "*"; - private static final String SEPARATOR = "/"; - public static final String SERVLET_3_0 = "SERVLET-3.0"; + + private static final String SERVLET_3_0 = "SERVLET-3.0"; public static void gatherURLMappings(ServletContext servletContext) { try { + String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), URLMappingsHelper.SEPARATOR), StringUtils.SEPARATOR); Map servletRegistrations = servletContext.getServletRegistrations(); - getJSPMappings(servletContext, SEPARATOR); + getJSPMappings(servletContext, URLMappingsHelper.SEPARATOR); - for (ServletRegistration servletRegistration : servletRegistrations.values()) { - for (String s : servletRegistration.getMappings()) { - URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, s, servletRegistration.getClassName())); + for (ServletRegistration servletReg : servletRegistrations.values()) { + for (String mapping : servletReg.getMappings()) { + URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(URLMappingsHelper.WILDCARD, mapping, servletReg.getClassName())); } } } catch (Exception e){ @@ -34,18 +34,18 @@ public static void gatherURLMappings(ServletContext servletContext) { public static void getJSPMappings(ServletContext servletContext, String dir) { try { - if(dir.endsWith(SEPARATOR)){ + if(dir.endsWith(URLMappingsHelper.SEPARATOR)){ Collection resourcePaths = servletContext.getResourcePaths(dir); for (String path : resourcePaths) { - String entry = StringUtils.removeStart(StringUtils.removeEnd(path, SEPARATOR), StringUtils.SEPARATOR); + String entry = StringUtils.removeStart(StringUtils.removeEnd(path, URLMappingsHelper.SEPARATOR), StringUtils.SEPARATOR); if ( StringUtils.equalsAny(entry, "META-INF", "WEB-INF")) { continue; } - if(path.endsWith(SEPARATOR)) { + if(path.endsWith(URLMappingsHelper.SEPARATOR)) { getJSPMappings(servletContext, path); } else if(path.endsWith(".jsp") || path.endsWith(".jspx") || path.endsWith(".JSP") || path.endsWith(".JSPX")) { - URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, path)); + URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(URLMappingsHelper.WILDCARD, path)); } } } @@ -53,4 +53,5 @@ else if(path.endsWith(".jsp") || path.endsWith(".jspx") || path.endsWith(".JSP") NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_APP_ENDPOINTS, SERVLET_3_0, e.getMessage()), e, HttpServletHelper.class.getName()); } } + } diff --git a/instrumentation-security/servlet-3.0/src/test/java/com/nr/agent/security/instrumentation/servlet30/ApiEndpointTest.java b/instrumentation-security/servlet-3.0/src/test/java/com/nr/agent/security/instrumentation/servlet30/ApiEndpointTest.java index ee2b16e78..f7e586c15 100644 --- a/instrumentation-security/servlet-3.0/src/test/java/com/nr/agent/security/instrumentation/servlet30/ApiEndpointTest.java +++ b/instrumentation-security/servlet-3.0/src/test/java/com/nr/agent/security/instrumentation/servlet30/ApiEndpointTest.java @@ -2,14 +2,20 @@ import com.newrelic.agent.security.introspec.InstrumentationTestConfig; import com.newrelic.agent.security.introspec.SecurityInstrumentationTestRunner; +import com.newrelic.api.agent.Trace; import com.newrelic.api.agent.security.instrumentation.helpers.URLMappingsHelper; import com.newrelic.api.agent.security.schema.ApplicationURLMapping; -import org.apache.catalina.servlets.DefaultServlet; +import com.newrelic.api.agent.security.schema.Framework; +import com.newrelic.api.agent.security.schema.SecurityMetaData; import org.junit.Assert; import org.junit.ClassRule; import org.junit.Test; import org.junit.runner.RunWith; +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.URISyntaxException; +import java.net.URL; import java.util.Iterator; @RunWith(SecurityInstrumentationTestRunner.class) @@ -32,4 +38,21 @@ public void testURLMappings() { ApplicationURLMapping mapping2 = mappings.next(); Assert.assertEquals("URL Mappings", new ApplicationURLMapping(method, "/test", handler), mapping2); } + + @Test + public void testRoute() throws IOException, URISyntaxException { + connect(); + SecurityMetaData metaData = SecurityInstrumentationTestRunner.getIntrospector().getSecurityMetaData(); + Assert.assertEquals( "Incorrect Route Detected","/test", metaData.getRequest().getRoute()); + Assert.assertEquals("Incorrect Framework detected", Framework.SERVLET.name(), metaData.getMetaData().getFramework()); + } + + @Trace(dispatcher = true) + private void connect() throws IOException, URISyntaxException { + URL u = server.getEndPoint().toURL(); + HttpURLConnection conn = (HttpURLConnection) u.openConnection(); + conn.setRequestProperty("content-type", "text/plain; charset=utf-8"); + conn.connect(); + conn.getResponseCode(); + } } diff --git a/instrumentation-security/servlet-3.0/src/test/java/com/nr/agent/security/instrumentation/servlet30/HttpServletServer.java b/instrumentation-security/servlet-3.0/src/test/java/com/nr/agent/security/instrumentation/servlet30/HttpServletServer.java index c577787a3..5a137d4b3 100644 --- a/instrumentation-security/servlet-3.0/src/test/java/com/nr/agent/security/instrumentation/servlet30/HttpServletServer.java +++ b/instrumentation-security/servlet-3.0/src/test/java/com/nr/agent/security/instrumentation/servlet30/HttpServletServer.java @@ -3,7 +3,6 @@ import org.apache.catalina.Context; import org.apache.catalina.LifecycleState; import org.apache.catalina.connector.Connector; -import org.apache.catalina.servlets.DefaultServlet; import org.apache.catalina.startup.Tomcat; import org.apache.catalina.webresources.TomcatURLStreamHandlerFactory; import org.apache.tomcat.util.http.fileupload.FileUtils; @@ -19,6 +18,8 @@ import java.io.File; import java.io.IOException; import java.net.ServerSocket; +import java.net.URI; +import java.net.URISyntaxException; import java.util.Collections; import java.util.Set; @@ -91,6 +92,10 @@ private void stop() { } } } + + public URI getEndPoint() throws URISyntaxException { + return new URI("http://localhost:" + port + "/test"); + } } class MyServlet extends HttpServlet { @Override diff --git a/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java b/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java index c53c9f1e7..3d2114404 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java +++ b/instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java @@ -4,6 +4,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.*; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.ApplicationURLMapping; +import com.newrelic.api.agent.security.schema.Framework; import com.newrelic.api.agent.security.schema.HttpRequest; import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; @@ -11,6 +12,7 @@ import com.newrelic.api.agent.security.utils.logging.LogLevel; import jakarta.servlet.ServletContext; import jakarta.servlet.ServletRegistration; +import jakarta.servlet.http.HttpServletMapping; import jakarta.servlet.http.HttpServletRequest; import java.util.Collection; @@ -109,9 +111,9 @@ public static void gatherURLMappings(ServletContext servletContext) { Map servletRegistrations = servletContext.getServletRegistrations(); getJSPMappings(servletContext, SEPARATOR); - for (ServletRegistration servletRegistration : servletRegistrations.values()) { - for (String s : servletRegistration.getMappings()) { - URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, s, servletRegistration.getClassName())); + for (ServletRegistration servletReg : servletRegistrations.values()) { + for (String mapping : servletReg.getMappings()) { + URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, mapping, servletReg.getClassName())); } } } catch (Exception e){ @@ -140,4 +142,21 @@ else if(path.endsWith(".jsp") || path.endsWith(".jspx") || path.endsWith(".JSP") NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_APP_ENDPOINTS, SERVLET_5_0, e.getMessage()), e, HttpServletHelper.class.getName()); } } + + public static void setRoute(HttpServletRequest request){ + try { + if (!NewRelicSecurity.isHookProcessingActive() || URLMappingsHelper.getApplicationURLMappings().isEmpty()){ + return; + } + HttpServletMapping mapping = request.getHttpServletMapping(); + if (URLMappingsHelper.getApplicationURLMappings().contains(new ApplicationURLMapping(URLMappingsHelper.WILDCARD, request.getServletPath()))) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().setRoute(request.getServletPath()); + } else if (mapping != null) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().setRoute(mapping.getPattern()); + } + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFramework(Framework.SERVLET); + } catch (Exception e){ + NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_ROUTE_FOR_INCOMING_REQUEST, SERVLET_5_0, e.getMessage()), e, HttpServletHelper.class.getName()); + } + } } diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index d8483d4cf..8639e0451 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -26,6 +26,9 @@ public abstract class FilterChain_Instrumentation { public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); + if (request instanceof HttpServletRequest) { + HttpServletHelper.setRoute((HttpServletRequest)request); + } if(isServletLockAcquired) { preprocessSecurityHook(request, response); } diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index 47283c4e6..96cac7932 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -27,6 +27,9 @@ public abstract class Filter_Instrumentation { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); + if (request instanceof HttpServletRequest) { + HttpServletHelper.setRoute((HttpServletRequest)request); + } if(isServletLockAcquired) { preprocessSecurityHook(request, response); } diff --git a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index b4a82c2cb..e3504a7c5 100644 --- a/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -32,6 +32,9 @@ public abstract class Servlet_Instrumentation { public void service(ServletRequest_Instrumentation request, ServletResponse_Instrumentation response) { boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); + if (request instanceof HttpServletRequest) { + HttpServletHelper.setRoute((HttpServletRequest)request); + } if(isServletLockAcquired) { preprocessSecurityHook(request, response); } diff --git a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/HttpServletTest.java b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/HttpServletTest.java index f7bbdc6f2..748e02130 100644 --- a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/HttpServletTest.java +++ b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/HttpServletTest.java @@ -32,6 +32,8 @@ public void testPost() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); + } @Test public void testDelete() throws Exception { @@ -41,6 +43,8 @@ public void testDelete() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test public void testPUT() throws Exception { @@ -50,6 +54,8 @@ public void testPUT() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -60,6 +66,8 @@ public void testHEAD() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test public void testGET() throws Exception { @@ -69,6 +77,8 @@ public void testGET() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletInputStreamTest.java b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletInputStreamTest.java index 631656dff..56f4e9cf9 100644 --- a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletInputStreamTest.java +++ b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletInputStreamTest.java @@ -47,6 +47,7 @@ public void testRead() throws Exception { Assert.assertEquals("Wrong Content-type detected", "multipart/form-data", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong data detected", expected, targetOperation.getRequest().getBody().toString()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @@ -67,6 +68,7 @@ public void testReadLine() throws Exception { Assert.assertEquals("Wrong Content-type detected", "multipart/form-data", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong data detected", expected, targetOperation.getRequest().getBody().toString()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -86,6 +88,7 @@ public void testReadLineWithOff() throws Exception { Assert.assertEquals("Wrong Content-type detected", "multipart/form-data", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong data detected", expected, targetOperation.getRequest().getBody().toString()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletOutputStreamTest.java b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletOutputStreamTest.java index 7b9070168..b7f310952 100644 --- a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletOutputStreamTest.java +++ b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletOutputStreamTest.java @@ -54,6 +54,7 @@ public void testWrite() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong Response Content-type detected", "multipart/form-data", targetOperation.getResponse().getResponseContentType()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -76,6 +77,7 @@ public void testPrintString() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -95,10 +97,11 @@ public void testPrintBoolean() throws URISyntaxException, IOException { Assert.assertEquals("Wrong port detected", servlet.getEndPoint("outputStream/print").getPort(), targetOperation.getRequest().getServerPort()); Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName()); Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); - boolean resBody = Boolean.parseBoolean(String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong response detected", expected, resBody); + + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -118,11 +121,11 @@ public void testPrintChar() throws URISyntaxException, IOException { Assert.assertEquals("Wrong port detected", servlet.getEndPoint("outputStream/print").getPort(), targetOperation.getRequest().getServerPort()); Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName()); Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); - char resBody = String.valueOf(targetOperation.getResponse().getResponseBody()).charAt(0); Assert.assertEquals("Wrong response detected", expected, resBody); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -146,6 +149,8 @@ public void testPrintInt() throws URISyntaxException, IOException { int resBody = Integer.parseInt(String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong response detected", expected, resBody); + + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -169,6 +174,8 @@ public void testPrintLong() throws URISyntaxException, IOException { long resBody = Long.parseLong(String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong response detected", expected, resBody); + + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -192,6 +199,8 @@ public void testPrintFloat() throws URISyntaxException, IOException { float resBody = Float.parseFloat(String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong response detected",expected, resBody, 0.0f); + + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -215,6 +224,7 @@ public void testPrintDouble() throws URISyntaxException, IOException { double resBody = Double.parseDouble(String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong response detected", expected, resBody, 0.0d); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -237,6 +247,7 @@ public void testPrintln() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -259,6 +270,7 @@ public void testPrintlnString() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -281,6 +293,7 @@ public void testPrintlnBoolean() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -303,6 +316,7 @@ public void testPrintlnChar() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -325,6 +339,7 @@ public void testPrintlnInt() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -346,6 +361,7 @@ public void testPrintlnLong() throws URISyntaxException, IOException { Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -367,6 +383,7 @@ public void testPrintlnFloat() throws URISyntaxException, IOException { Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -388,6 +405,7 @@ public void testPrintlnDouble() throws URISyntaxException, IOException { Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) private String write() throws URISyntaxException, IOException { diff --git a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletRequestTest.java b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletRequestTest.java index b3f934cef..2c0c34c7f 100644 --- a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletRequestTest.java +++ b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletRequestTest.java @@ -59,6 +59,7 @@ public void testGetInputStream() throws Exception { Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getRequestInStreamHash()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -80,6 +81,7 @@ public void testGetReader() throws Exception { Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getRequestReaderHash()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -100,8 +102,8 @@ public void testGetParameter() throws Exception { Assert.assertEquals("Wrong Param detected", expectedParam, new ObjectMapper().writeValueAsString(targetOperation.getRequest().getParameterMap())); Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName()); Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); - + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -122,8 +124,8 @@ public void testGetParameterValues() throws Exception { Assert.assertEquals("Wrong Param detected", expectedParam, new ObjectMapper().writeValueAsString(targetOperation.getRequest().getParameterMap())); Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName()); Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); - + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -144,8 +146,8 @@ public void testGetParameterMap() throws Exception { Assert.assertEquals("Wrong Param detected", expectedParam, new ObjectMapper().writeValueAsString(targetOperation.getRequest().getParameterMap())); Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName()); Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); - + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletResponseTest.java b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletResponseTest.java index b334a287e..336a6f26f 100644 --- a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletResponseTest.java +++ b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletResponseTest.java @@ -51,6 +51,7 @@ public void testGetOutputStream() throws Exception { Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getResponseOutStreamHash()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -71,6 +72,7 @@ public void testGetWriter() throws Exception { Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getResponseWriterHash()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletTest.java b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletTest.java index bd9ed014b..a874de4d6 100644 --- a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletTest.java +++ b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/ServletTest.java @@ -46,6 +46,7 @@ public void testService() throws Exception { Assert.assertEquals("Wrong port detected", server.getEndPoint("").getPort(), targetOperation.getRequest().getServerPort()); Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName()); Assert.assertEquals("Wrong Content-type detected", "text/plain", targetOperation.getRequest().getContentType()); + Assert.assertEquals("Incorrect route detected", "/test", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/WebServletTest.java b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/WebServletTest.java index d9ddac7c8..106702b50 100644 --- a/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/WebServletTest.java +++ b/instrumentation-security/servlet-5.0/src/test/java/com/nr/agent/security/instrumentation/servlet5/WebServletTest.java @@ -30,6 +30,7 @@ public void testAnnotation() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java b/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java index d772551e4..65c8123b6 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java +++ b/instrumentation-security/servlet-6.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet6/HttpServletHelper.java @@ -4,6 +4,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.*; import com.newrelic.api.agent.security.schema.AgentMetaData; import com.newrelic.api.agent.security.schema.ApplicationURLMapping; +import com.newrelic.api.agent.security.schema.Framework; import com.newrelic.api.agent.security.schema.HttpRequest; import com.newrelic.api.agent.security.schema.StringUtils; import com.newrelic.api.agent.security.schema.VulnerabilityCaseType; @@ -11,11 +12,12 @@ import com.newrelic.api.agent.security.utils.logging.LogLevel; import jakarta.servlet.ServletContext; import jakarta.servlet.ServletRegistration; +import jakarta.servlet.http.HttpServletMapping; import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.MappingMatch; import java.util.Collection; import java.util.Enumeration; -import java.util.Iterator; import java.util.Map; public class HttpServletHelper { @@ -118,9 +120,9 @@ public static void gatherURLMappings(ServletContext servletContext) { Map servletRegistrations = servletContext.getServletRegistrations(); getJSPMappings(servletContext, SEPARATOR); - for (ServletRegistration servletRegistration : servletRegistrations.values()) { - for (String s : servletRegistration.getMappings()) { - URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, s, servletRegistration.getClassName())); + for (ServletRegistration servletReg : servletRegistrations.values()) { + for (String mapping : servletReg.getMappings()) { + URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, mapping, servletReg.getClassName())); } } } catch (Exception e){ @@ -149,4 +151,21 @@ else if(path.endsWith(".jsp") || path.endsWith(".jspx") || path.endsWith(".JSP") NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_APP_ENDPOINTS, SERVLET_6_0, e.getMessage()), e, HttpServletHelper.class.getName()); } } + + public static void setRoute(HttpServletRequest request){ + try { + if (!NewRelicSecurity.isHookProcessingActive() || URLMappingsHelper.getApplicationURLMappings().isEmpty()){ + return; + } + HttpServletMapping mapping = request.getHttpServletMapping(); + if (URLMappingsHelper.getApplicationURLMappings().contains(new ApplicationURLMapping(URLMappingsHelper.WILDCARD, request.getServletPath()))) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().setRoute(request.getServletPath()); + } else if (mapping != null) { + NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().setRoute(mapping.getPattern()); + } + NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFramework(Framework.SERVLET); + } catch (Exception e){ + NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_ROUTE_FOR_INCOMING_REQUEST, SERVLET_6_0, e.getMessage()), e, HttpServletHelper.class.getName()); + } + } } diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java index 466c60a54..671e998fb 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.Framework; import com.newrelic.api.agent.security.schema.HttpRequest; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; @@ -26,6 +27,9 @@ public abstract class FilterChain_Instrumentation { public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); + if (request instanceof HttpServletRequest) { + HttpServletHelper.setRoute((HttpServletRequest)request); + } if(isServletLockAcquired) { preprocessSecurityHook(request, response); } diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java index e3d1a8c27..cbb14a409 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Filter_Instrumentation.java @@ -6,6 +6,7 @@ import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper; import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper; import com.newrelic.api.agent.security.schema.AgentMetaData; +import com.newrelic.api.agent.security.schema.Framework; import com.newrelic.api.agent.security.schema.HttpRequest; import com.newrelic.api.agent.security.schema.SecurityMetaData; import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException; @@ -27,6 +28,9 @@ public abstract class Filter_Instrumentation { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); + if (request instanceof HttpServletRequest) { + HttpServletHelper.setRoute((HttpServletRequest)request); + } if(isServletLockAcquired) { preprocessSecurityHook(request, response); } diff --git a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java index eac50ff96..8792ce95e 100644 --- a/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java +++ b/instrumentation-security/servlet-6.0/src/main/java/jakarta/servlet/Servlet_Instrumentation.java @@ -32,6 +32,9 @@ public abstract class Servlet_Instrumentation { public void service(ServletRequest_Instrumentation request, ServletResponse_Instrumentation response) { boolean isServletLockAcquired = HttpServletHelper.acquireServletLockIfPossible(); + if (request instanceof HttpServletRequest) { + HttpServletHelper.setRoute((HttpServletRequest)request); + } if(isServletLockAcquired) { preprocessSecurityHook(request, response); } diff --git a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/HttpServletTest.java b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/HttpServletTest.java index 4b41ca20a..344553238 100644 --- a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/HttpServletTest.java +++ b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/HttpServletTest.java @@ -32,6 +32,7 @@ public void testPost() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test public void testDelete() throws Exception { @@ -41,6 +42,7 @@ public void testDelete() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test public void testPUT() throws Exception { @@ -50,6 +52,7 @@ public void testPUT() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -60,6 +63,7 @@ public void testHEAD() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test public void testGET() throws Exception { @@ -69,6 +73,7 @@ public void testGET() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletInputStreamTest.java b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletInputStreamTest.java index d234d30be..c364dcd5a 100644 --- a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletInputStreamTest.java +++ b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletInputStreamTest.java @@ -47,6 +47,7 @@ public void testRead() throws Exception { Assert.assertEquals("Wrong Content-type detected", "multipart/form-data", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong data detected", expected, targetOperation.getRequest().getBody().toString()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @@ -67,6 +68,7 @@ public void testReadLine() throws Exception { Assert.assertEquals("Wrong Content-type detected", "multipart/form-data", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong data detected", expected, targetOperation.getRequest().getBody().toString()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -86,6 +88,7 @@ public void testReadLineWithOff() throws Exception { Assert.assertEquals("Wrong Content-type detected", "multipart/form-data", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong data detected", expected, targetOperation.getRequest().getBody().toString()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletOutputStreamTest.java b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletOutputStreamTest.java index d417c55b3..77c2b8834 100644 --- a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletOutputStreamTest.java +++ b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletOutputStreamTest.java @@ -53,6 +53,7 @@ public void testWrite() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong Response Content-type detected", "multipart/form-data", targetOperation.getResponse().getResponseContentType()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -75,6 +76,7 @@ public void testPrintString() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -98,6 +100,7 @@ public void testPrintBoolean() throws URISyntaxException, IOException { boolean resBody = Boolean.parseBoolean(String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong response detected", expected, resBody); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -122,6 +125,7 @@ public void testPrintChar() throws URISyntaxException, IOException { char resBody = String.valueOf(targetOperation.getResponse().getResponseBody()).charAt(0); Assert.assertEquals("Wrong response detected", expected, resBody); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -145,6 +149,7 @@ public void testPrintInt() throws URISyntaxException, IOException { int resBody = Integer.parseInt(String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong response detected", expected, resBody); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -168,6 +173,7 @@ public void testPrintLong() throws URISyntaxException, IOException { long resBody = Long.parseLong(String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong response detected", expected, resBody); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -191,6 +197,7 @@ public void testPrintFloat() throws URISyntaxException, IOException { float resBody = Float.parseFloat(String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong response detected",expected, resBody, 0.0f); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -214,6 +221,7 @@ public void testPrintDouble() throws URISyntaxException, IOException { double resBody = Double.parseDouble(String.valueOf(targetOperation.getResponse().getResponseBody())); Assert.assertEquals("Wrong response detected", expected, resBody, 0.0d); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -236,6 +244,7 @@ public void testPrintln() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -258,6 +267,7 @@ public void testPrintlnString() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -280,6 +290,7 @@ public void testPrintlnBoolean() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -302,6 +313,7 @@ public void testPrintlnChar() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -324,6 +336,7 @@ public void testPrintlnInt() throws URISyntaxException, IOException { Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -345,6 +358,7 @@ public void testPrintlnLong() throws URISyntaxException, IOException { Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -366,6 +380,7 @@ public void testPrintlnFloat() throws URISyntaxException, IOException { Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -387,6 +402,7 @@ public void testPrintlnDouble() throws URISyntaxException, IOException { Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong response detected", expected, String.valueOf(targetOperation.getResponse().getResponseBody())); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) private String write() throws URISyntaxException, IOException { diff --git a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletRequestTest.java b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletRequestTest.java index 64035182d..c8db4d79c 100644 --- a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletRequestTest.java +++ b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletRequestTest.java @@ -59,6 +59,7 @@ public void testGetInputStream() throws Exception { Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getRequestInStreamHash()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -80,6 +81,7 @@ public void testGetReader() throws Exception { Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getRequestReaderHash()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -100,8 +102,8 @@ public void testGetParameter() throws Exception { Assert.assertEquals("Wrong Param detected", expectedParam, new ObjectMapper().writeValueAsString(targetOperation.getRequest().getParameterMap())); Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName()); Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); - + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -122,8 +124,7 @@ public void testGetParameterValues() throws Exception { Assert.assertEquals("Wrong Param detected", expectedParam, new ObjectMapper().writeValueAsString(targetOperation.getRequest().getParameterMap())); Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName()); Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); - - + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -144,8 +145,8 @@ public void testGetParameterMap() throws Exception { Assert.assertEquals("Wrong Param detected", expectedParam, new ObjectMapper().writeValueAsString(targetOperation.getRequest().getParameterMap())); Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName()); Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); - + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletResponseTest.java b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletResponseTest.java index e069ba5fb..3894819d2 100644 --- a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletResponseTest.java +++ b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletResponseTest.java @@ -51,6 +51,7 @@ public void testGetOutputStream() throws Exception { Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getResponseOutStreamHash()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Test @@ -71,6 +72,7 @@ public void testGetWriter() throws Exception { Assert.assertEquals("Wrong Content-type detected", "application/x-www-form-urlencoded", targetOperation.getRequest().getContentType()); Assert.assertEquals("Wrong hashcode detected", Collections.singleton(expectedHash), introspector.getResponseWriterHash()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletTest.java b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletTest.java index 8e0124b82..bac5d64c7 100644 --- a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletTest.java +++ b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/ServletTest.java @@ -48,6 +48,7 @@ public void testService() throws Exception { Assert.assertEquals("Wrong port detected", server.getEndPoint("").getPort(), targetOperation.getRequest().getServerPort()); Assert.assertEquals("Wrong method name detected", "service", targetOperation.getMethodName()); Assert.assertEquals("Wrong Content-type detected", "text/plain", targetOperation.getRequest().getContentType()); + Assert.assertEquals("Incorrect route detected", "/test", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/WebServletTest.java b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/WebServletTest.java index cab44e521..c6214e032 100644 --- a/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/WebServletTest.java +++ b/instrumentation-security/servlet-6.0/src/test/java/com/nr/agent/security/instrumentation/servlet6/WebServletTest.java @@ -30,6 +30,7 @@ public void testAnnotation() throws Exception { AgentMetaData metaData = introspector.getSecurityMetaData().getMetaData(); Assert.assertTrue(metaData.isUserLevelServiceMethodEncountered()); Assert.assertNotNull(metaData.getServiceTrace()); + Assert.assertEquals("Incorrect route detected", "/*", introspector.getSecurityMetaData().getRequest().getRoute()); } @Trace(dispatcher = true) diff --git a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java index a9b9de952..e25f92674 100644 --- a/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java +++ b/newrelic-security-agent/src/main/java/com/newrelic/api/agent/security/Agent.java @@ -452,18 +452,8 @@ public void registerOperation(AbstractOperation operation) { processStackTrace(operation); // boolean blockNeeded = checkIfBlockingNeeded(operation.getApiID()); // securityMetaData.getMetaData().setApiBlocked(blockNeeded); - HttpRequest request = securityMetaData.getRequest(); - Framework frameWork = Framework.UNKNOWN; - if(!securityMetaData.getFuzzRequestIdentifier().getK2Request() && StringUtils.isNotBlank(securityMetaData.getMetaData().getFramework())) { - frameWork = Framework.valueOf(securityMetaData.getMetaData().getFramework()); - } - if (!securityMetaData.getFuzzRequestIdentifier().getK2Request() && StringUtils.isEmpty(request.getRoute())){ - String route = getEndpointRoute(StringUtils.substringBefore(request.getUrl(), "?"), frameWork); - if (route != null) { - request.setRoute(route); - logger.log(LogLevel.FINEST,"Route detection using Application Endpoint", this.getClass().getName()); - } - } + + setRouteIfNotPresent(); if (needToGenerateEvent(operation.getApiID())) { DispatcherPool.getInstance().dispatchEvent(operation, securityMetaData); @@ -483,9 +473,29 @@ public void registerOperation(AbstractOperation operation) { } } } - private String getEndpointRoute(String uri, Framework framework){ - switch (framework){ - default: return getEndpointRoute(uri); + + // fallback mechanism for route detection + private void setRouteIfNotPresent() { + HttpRequest request = getSecurityMetaData().getRequest(); + if (URLMappingsHelper.getApplicationURLMappings().contains(new ApplicationURLMapping(request.getMethod(), request.getRoute())) || + URLMappingsHelper.getApplicationURLMappings().contains(new ApplicationURLMapping(URLMappingsHelper.WILDCARD, request.getRoute()))){ + return; + } + request.setRoute("", null); + Framework frameWork = Framework.UNKNOWN; + if(StringUtils.isNotBlank(getSecurityMetaData().getMetaData().getFramework())) { + frameWork = Framework.valueOf(getSecurityMetaData().getMetaData().getFramework()); + } + if (!getSecurityMetaData().getFuzzRequestIdentifier().getK2Request()){ + String route; + switch (frameWork){ + default: route = getEndpointRoute(StringUtils.substringBefore(request.getUrl(), "?")); + } + if(route != null && !route.isEmpty()){ + request.setRoute(route); + getSecurityMetaData().getMetaData().setFramework(Framework.SERVLET); + logger.log(LogLevel.FINEST,"Route detection using Application Endpoint", this.getClass().getName()); + } } } diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/URLMappingsHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/URLMappingsHelper.java index d38c4c8f7..b470c161b 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/URLMappingsHelper.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/URLMappingsHelper.java @@ -47,6 +47,7 @@ public class URLMappingsHelper { add("org.codehaus.groovy.grails.web.servlet.GrailsDispatcherServlet"); add("org.codehaus.groovy.grails.web.pages.GroovyPagesServlet"); add("org.codehaus.groovy.grails.web.servlet.ErrorHandlingServlet"); + add("org.jboss.resteasy.plugins.server.servlet.HttpServlet30Dispatcher"); }}; public static Set getApplicationURLMappings() { @@ -66,11 +67,12 @@ public static Set getRouteSegments() { } public static void addApplicationURLMapping(ApplicationURLMapping mapping) { - if (mapping.getHandler() == null || (mapping.getHandler() != null && !defaultHandlers.contains(mapping.getHandler()))) { - mappings.add(mapping); - generateRouteSegments(mapping.getPath()); + if (mapping.getHandler() != null && defaultHandlers.contains(mapping.getHandler())){ + return; } - if (mapping.getHandler() != null){ + mappings.add(mapping); + generateRouteSegments(mapping.getPath()); + if (mapping.getHandler() != null && StringUtils.isNotBlank(mapping.getHandler())){ handlers.add(mapping.getHandler().hashCode()); } NewRelicSecurity.getAgent().reportURLMapping(); diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/HttpRequest.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/HttpRequest.java index be45e1f08..de54b3557 100644 --- a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/HttpRequest.java +++ b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/HttpRequest.java @@ -1,5 +1,6 @@ package com.newrelic.api.agent.security.schema; +import com.newrelic.api.agent.security.NewRelicSecurity; import com.newrelic.api.agent.security.schema.annotations.JsonIgnore; import java.nio.file.Paths; import java.util.*; @@ -97,6 +98,7 @@ public HttpRequest(HttpRequest servletInfo) { this.route = servletInfo.route; this.requestURI = servletInfo.requestURI; this.pathParameterMap = servletInfo.pathParameterMap; + this.pathParameters = servletInfo.pathParameters; this.queryParameters = servletInfo.queryParameters; this.requestHeaderParameters = servletInfo.requestHeaderParameters; this.requestBodyParameters = servletInfo.requestBodyParameters; @@ -252,7 +254,10 @@ public String getRoute() { } public void setRoute(String route){ - this.route = StringUtils.removeEnd(StringUtils.prependIfMissing(route, StringUtils.SEPARATOR), StringUtils.SEPARATOR); + if(!NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().getFramework().isEmpty() && !NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().getFramework().equals(Framework.SERVLET.name())){ + return; + } + setRoute(route, true); } public String getRequestURI() { @@ -263,7 +268,11 @@ public void setRequestURI(String requestURI) { this.requestURI = requestURI; } - public void setRoute(String segment, boolean isAlreadyServlet) { + public void setRoute(String segment, Boolean isAlreadyServlet) { + if (isAlreadyServlet == null){ + this.route = StringUtils.EMPTY; + return; + } // remove servlet detected route if another framework detected; if (isAlreadyServlet) { this.route = StringUtils.EMPTY;