Merge branch 'main' into undici_support

newrelic · Feb 20, 2024 · fa55307 · fa55307
2 parents 38ae824 + d87b29f
commit fa55307
Show file tree

Hide file tree

Showing 9 changed files with 41 additions and 20 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,12 @@
+### v1.0.1 (2024-02-07)
+#### Bug fixes
+* Reporting of framework in security event json 
+#### Miscellaneous chores
+* Updated software license to New Relic Software License Version 1.0
+* Ability to send critical messages on successful startup of agent
+* Updated Copyright headers
+* Updated license in readme
+
 ### v0.7.0 (2024-01-18)
 #### Features
 * Handling to exclude unsupported content types from rxss processing

diff --git a/README.md b/README.md
@@ -70,6 +70,18 @@ The [Developer docs](http://newrelic.github.io/node-newrelic/) for writing instr
 
 For more information, please see New Relic Node.js agent [compatibility and requirements](https://docs.newrelic.com/docs/apm/agents/nodejs-agent/getting-started/compatibility-requirements-nodejs-agent/).
 
+### Supported Vulnerabilities
+- Remote Code Execution
+- SQL Injection
+- NoSQL Injection
+- Stored XSS
+- Reflected XSS
+- Reverse Shell attack
+- File Access
+- SSRF
+- Application Integrity Violation
+- LDAP Injection
+- XPath Injection
 ## Testing
 
 The module includes a suite of unit and functional tests which should be used to
@@ -99,7 +111,7 @@ If you believe you have found a security vulnerability in this project or any of
 If you would like to contribute to this project, review [these guidelines](https://github.com/newrelic/csec-node-agent/blob/main/CONTRIBUTING.md).
 
 ## License
-The New Relic security agent is licensed under the New Relic Pre-Release Software Notice.
+The New Relic security agent is licensed under the New Relic Software License v1.0.
 The `@newrelic/security-agent` also uses source code from third-party libraries. You can find full details on which libraries are used and the terms under which they are licensed in the third-party notices document.
 
 [1]: https://img.shields.io/npm/v/@newrelic/security-agent.svg 

diff --git a/lib/instrumentation-security/core/sec-utils.js b/lib/instrumentation-security/core/sec-utils.js
@@ -150,11 +150,11 @@ function getExecutionId(){
 function createPathIfNotExist (dir) {
     try {
         if (!fs.existsSync(dir)) {
-            fs.mkdirSync(dir, 777, { recursive: true });
+            fs.mkdirSync(dir, 770, { recursive: true });
             logger.info(dir + ' Created');
-            fs.chmodSync(dir, 0o777);
+            fs.chmodSync(dir, 0o770);
         } else {
-            fs.chmodSync(dir, 0o777);
+            fs.chmodSync(dir, 0o770);
             logger.debug(dir + ' Already Exists');
         }
     } catch (error) {

diff --git a/lib/nr-security-agent/lib/core/commonUtils.js b/lib/nr-security-agent/lib/core/commonUtils.js
@@ -97,11 +97,11 @@ function runtimeSupportsAsyncFunctionGenerators() {
 function createPathIfNotExist(dir) {
     try {
         if (!fs.existsSync(dir)) {
-            fs.mkdirSync(dir, 777, { recursive: true });
+            fs.mkdirSync(dir, 770, { recursive: true });
             logger.info(dir + ' Created');
-            fs.chmodSync(dir, 0o777);
+            fs.chmodSync(dir, 0o770);
         } else {
-            fs.chmodSync(dir, 0o777);
+            fs.chmodSync(dir, 0o770);
             logger.debug(dir + ' Already Exists');
         }
     } catch (error) {
@@ -139,7 +139,7 @@ function createDirectories() {
     createPathIfNotExist(`${CSEC_HOME}${SLASH}nr-security-home${SLASH}tmp${SLASH}language-agent${SLASH}${getUUID()}`);
     createPathIfNotExist(`${CSEC_HOME}${SLASH}nr-security-home${SLASH}tmp${SLASH}language-agent${SLASH}${getUUID()}${SLASH}ds-tmp`);
     try {
-        fs.chmodSync(`${CSEC_HOME}${SLASH}nr-security-home`, 0o777);
+        fs.chmodSync(`${CSEC_HOME}${SLASH}nr-security-home`, 0o770);
     } catch (error) {
     }
 }

diff --git a/lib/nr-security-agent/lib/core/logging.js b/lib/nr-security-agent/lib/core/logging.js
@@ -31,11 +31,11 @@ const CSEC_ROOT = `${CSEC_HOME}${sep}nr-security-home${sep}`;
 function createLogPathIfNotExist(dir) {
     try {
         if (!fs.existsSync(dir)) {
-            fs.mkdirSync(dir, 777, { recursive: true });
-            fs.chmodSync(dir, 0o777);
+            fs.mkdirSync(dir, 770, { recursive: true });
+            fs.chmodSync(dir, 0o770);
         }
         else {
-            fs.chmodSync(dir, 0o777);
+            fs.chmodSync(dir, 0o770);
         }
     } catch (error) {
     }
@@ -168,8 +168,8 @@ function getLogger(applicationUUID = process.env.applicationUUID) {
         logger = log4js.getLogger('NR_CSEC');
         const initLogger = getInitLogger();
         try {
-            fs.chmodSync(`${logFileName}`, 0o777);
-            fs.chmodSync(`${initLogFileName}`, 0o777);
+            fs.chmodSync(`${logFileName}`, 0o660);
+            fs.chmodSync(`${initLogFileName}`, 0o660);
         } catch (error) {
         }
         initLogger.info("[STEP-2] => Generating unique identifier:", applicationUUID)

diff --git a/lib/nr-security-agent/lib/core/statusUtils.js b/lib/nr-security-agent/lib/core/statusUtils.js
@@ -93,15 +93,15 @@ function getFormattedData() {
 function writeSnapshot() {
     const snapshot = getFormattedData();
     commonUtils.removeOlderSnapshots();
-    fs.writeFile(statusFile, snapshot, { mode: 0o777 }, function (err) {
+    fs.writeFile(statusFile, snapshot, { mode: 0o660 }, function (err) {
         if (err) {
             logger.debug(err.message);
             const LogMessage = require('./LogMessage');
             const logMessage = new LogMessage.logMessage("SEVERE", 'Error in creating snapshot file', __filename, err);
             commonUtils.addLogEventtoBuffer(logMessage);
         } else {
             logger.info('Snapshot updated to file: %s', statusFile);
-            fs.chmod(statusFile, 0o777, (err) => {
+            fs.chmod(statusFile, 0o660, (err) => {
                 if (err) {
                     addErrortoBuffer(err);
                 }

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@newrelic/security-agent",
-  "version": "0.7.0",
+  "version": "1.0.1",
   "description": "New Relic Security Agent for Node.js",
   "main": "index.js",
   "jsonVersion": "1.1.1",

diff --git a/third_party_manifest.json b/third_party_manifest.json
@@ -1,5 +1,5 @@
 {
-  "lastUpdated": "Mon Jan 15 2024 16:21:43 GMT+0530 (India Standard Time)",
+  "lastUpdated": "Wed Feb 07 2024 11:30:09 GMT+0530 (India Standard Time)",
   "projectName": "@newrelic/security-agent",
   "projectUrl": "https://github.com/newrelic/csec-node-agent.git",
   "includeOptDeps": false,