nrsecurityagent

package module
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2024 License: Apache-2.0 Imports: 8 Imported by: 1

README

v3/integrations/nrsecurityagent GoDoc

The New Relic security agent analyzes your application for potentially exploitable vulnerabilities.

DO NOT use this integration in your production environment. It is intended only for use in your development and testing phases. Since it will attempt to actually find and exploit vulnerabilities in your code, it may cause data loss or crash the application. Therefore it should only be used with test data in a non-production environment that does not connect to any production services.

Learn More About IAST

To learn how to use IAST with the New Relic Go Agent, check out our documentation.

Setup Instructions

  • Add this integration to your application by importing
import "github.com/newrelic/go-agent/v3/integrations/nrsecurityagent"
  • Then, add code to initialize the integration after your call to newrelic.NewApplication:
app, err := newrelic.NewApplication( ... )
err := nrsecurityagent.InitSecurityAgent(app,
       	nrsecurityagent.ConfigSecurityMode("IAST"),
        nrsecurityagent.ConfigSecurityValidatorServiceEndPointUrl("wss://csec.nr-data.net"),
        nrsecurityagent.ConfigSecurityEnable(true),
    )

You can also configure the nrsecurityagent integration using a YAML-formatted configuration file:

err := nrsecurityagent.InitSecurityAgent(app,
        nrsecurityagent.ConfigSecurityFromYaml(),
)

In this case, you need to put the path to your YAML file in an environment variable:

NEW_RELIC_SECURITY_CONFIG_PATH={YOUR_PATH}/myappsecurity.yaml

The YAML file should have these contents (adjust as needed for your application):

enabled: true

 # NR security provides two modes IAST and RASP
 # Default is IAST
mode: IAST

 # New Relic’s SaaS connection URLs
validator_service_url: wss://csec.nr-data.net

 # Following category of security events
 # can be disabled from generating.
detection:
  rxss:
    enabled: true
request:
  body_limit:1

Note: To completely disable security, set NEW_RELIC_SECURITY_AGENT_ENABLED env to false. (Otherwise, there are some security hooks that will already be in place before any of the other configuration settings can be taken into account. This environment variable setting will prevent that from happening.)

Instrument security-sensitive areas in your application

If you are using the nrgin, nrgrpc, nrmicro, and/or nrmongo integrations, they now contain code to support security analysis of the data they handle.

Additionally, the agent will inject vulnerability scanning to instrumented functions wherever possible, including datastore segments, SQL operations, and transactions.

If you are opening an HTTP protocol endpoint, place the newrelic.WrapListen function around the endpoint name to enable vulnerability scanning against that endpoint. For example,

http.ListenAndServe(newrelic.WrapListen(":8000"), nil)

Start your application in your test environment

Generate traffic against your application for the IAST agent to detect vulnerabilities. Once vulnerabilities are detected they will be reported in the vulnerabilities list.

For more information, see godocs.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func InitSecurityAgent 

func InitSecurityAgent(app *newrelic.Application, opts ...ConfigOption) error

InitSecurityAgent initializes the nrsecurityagent integration package from user-supplied configuration values.

Types

type ConfigOption 

type ConfigOption func(*SecurityConfig)

ConfigOption functions are used to programmatically provide configuration values to the nrsecurityagent integration package.

func ConfigSecurityDetectionDisableRxss 

func ConfigSecurityDetectionDisableRxss(isDisable bool) ConfigOption

ConfigSecurityDetectionDisableRxss is used to enable or disable RXSS validation.

func ConfigSecurityEnable 

func ConfigSecurityEnable(isEnabled bool) ConfigOption

ConfigSecurityEnable enables or disables the security integration.

func ConfigSecurityFromEnvironment 

func ConfigSecurityFromEnvironment() ConfigOption

func ConfigSecurityFromYaml 

func ConfigSecurityFromYaml() ConfigOption

ConfigSecurityFromYaml directs the nrsecurityagent integration to read an external YAML-formatted file to obtain its configuration values.

The path to this file must be provided by setting the environment variable NEW_RELIC_SECURITY_CONFIG_PATH.

func ConfigSecurityMode 

func ConfigSecurityMode(mode string) ConfigOption

ConfigSecurityMode sets the security mode to use. By default, this is "IAST".

func ConfigSecurityRequestBodyLimit added in v1.1.3 

func ConfigSecurityRequestBodyLimit(bodyLimit int) ConfigOption

ConfigSecurityRequestBodyLimit set limit on read request body in kb. By default, this is "300"

func ConfigSecurityValidatorServiceEndPointUrl 

func ConfigSecurityValidatorServiceEndPointUrl(url string) ConfigOption

ConfigSecurityValidatorServiceEndPointUrl sets the security validator service endpoint.

type SecurityConfig 

type SecurityConfig struct {
	securityAgent.SecurityAgentConfig
	Error error
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.