Merge pull request #956 from k2io/iast-dev

Enhanced Security Features
newrelic · Sep 10, 2024 · 364adbd · 364adbd
2 parents 600a6ca + 150acb7
commit 364adbd
Show file tree

Hide file tree

Showing 8 changed files with 24 additions and 2 deletions.
diff --git a/v3/integrations/nrecho-v3/nrecho.go b/v3/integrations/nrecho-v3/nrecho.go
@@ -104,6 +104,9 @@ func Middleware(app *newrelic.Application) func(echo.HandlerFunc) echo.HandlerFu
 				} else {
 					txn.SetWebResponse(nil).WriteHeader(http.StatusInternalServerError)
 				}
+				if newrelic.IsSecurityAgentPresent() {
+					newrelic.GetSecurityAgentInterface().SendEvent("RESPONSE_HEADER", c.Response().Header())
+				}
 			}
 
 			return

diff --git a/v3/integrations/nrecho-v4/nrecho.go b/v3/integrations/nrecho-v4/nrecho.go
@@ -127,6 +127,9 @@ func Middleware(app *newrelic.Application, opts ...ConfigOption) func(echo.Handl
 				} else {
 					txn.SetWebResponse(nil).WriteHeader(http.StatusInternalServerError)
 				}
+				if newrelic.IsSecurityAgentPresent() {
+					newrelic.GetSecurityAgentInterface().SendEvent("RESPONSE_HEADER", c.Response().Header())
+				}
 			}
 
 			return

diff --git a/v3/integrations/nrfasthttp/instrumentation.go b/v3/integrations/nrfasthttp/instrumentation.go
@@ -76,7 +76,11 @@ func WrapHandle(app *newrelic.Application, pattern string, handler fasthttp.Requ
 
 		handler(ctx)
 		if newrelic.IsSecurityAgentPresent() {
-			newrelic.GetSecurityAgentInterface().SendEvent("INBOUND_WRITE", resp.Body(), resp.Header())
+			header := resp.Header()
+			ctx.Response.Header.VisitAllCookie(func(key, value []byte) {
+				header.Add("Set-Cookie", string(value))
+			})
+			newrelic.GetSecurityAgentInterface().SendEvent("INBOUND_WRITE", resp.Body(), header)
 			newrelic.GetSecurityAgentInterface().SendEvent("INBOUND_RESPONSE_CODE", ctx.Response.StatusCode())
 		}
 	}

diff --git a/v3/integrations/nrgin/nrgin.go b/v3/integrations/nrgin/nrgin.go
@@ -187,5 +187,8 @@ func middleware(app *newrelic.Application, useNewNames bool) gin.HandlerFunc {
 			c.Set(internal.GinTransactionContextKey, txn)
 		}
 		c.Next()
+		if newrelic.IsSecurityAgentPresent() {
+			newrelic.GetSecurityAgentInterface().SendEvent("RESPONSE_HEADER", c.Writer.Header())
+		}
 	}
 }
diff --git a/v3/integrations/nrgorilla/nrgorilla.go b/v3/integrations/nrgorilla/nrgorilla.go
@@ -123,6 +123,9 @@ func Middleware(app *newrelic.Application) mux.MiddlewareFunc {
 			w = txn.SetWebResponse(w)
 			r = newrelic.RequestWithTransactionContext(r, txn)
 			next.ServeHTTP(w, r)
+			if newrelic.IsSecurityAgentPresent() {
+				newrelic.GetSecurityAgentInterface().SendEvent("RESPONSE_HEADER", w.Header())
+			}
 		})
 	}
 }

diff --git a/v3/integrations/nrhttprouter/nrhttprouter.go b/v3/integrations/nrhttprouter/nrhttprouter.go
@@ -159,4 +159,7 @@ func (r *Router) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	}
 
 	r.Router.ServeHTTP(w, req)
+	if newrelic.IsSecurityAgentPresent() {
+		newrelic.GetSecurityAgentInterface().SendEvent("RESPONSE_HEADER", w.Header())
+	}
 }
diff --git a/v3/integrations/nrsecurityagent/go.mod b/v3/integrations/nrsecurityagent/go.mod
@@ -3,7 +3,7 @@ module github.com/newrelic/go-agent/v3/integrations/nrsecurityagent
 go 1.20
 
 require (
-	github.com/newrelic/csec-go-agent v1.3.0
+	github.com/newrelic/csec-go-agent v1.4.0
 	github.com/newrelic/go-agent/v3 v3.33.1
 	github.com/newrelic/go-agent/v3/integrations/nrsqlite3 v1.2.0
 	gopkg.in/yaml.v2 v2.4.0

diff --git a/v3/newrelic/instrumentation.go b/v3/newrelic/instrumentation.go
@@ -84,6 +84,9 @@ func WrapHandle(app *Application, pattern string, handler http.Handler, options
 		r = RequestWithTransactionContext(r, txn)
 
 		handler.ServeHTTP(w, r)
+		if IsSecurityAgentPresent() {
+			secureAgent.SendEvent("RESPONSE_HEADER", w.Header())
+		}
 	})
 }