API Endpoint Phase 2: Add Endpoint route in Servlet Framework

instrumentation-security/apache-tomcat-10/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat10/HttpServletHelper.java

@@ -21,8 +21,10 @@ public class HttpServletHelper {
     public static void gatherURLMappings(ServletContext servletContext) {
         try {
             Map<String, ? extends ServletRegistration> servletRegistrations = servletContext.getServletRegistrations();
-            getJSPMappings(servletContext, SEPARATOR);
-
+            String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), SEPARATOR), StringUtils.SEPARATOR);
+            if (!StringUtils.equalsAny(contextPath, "docs", "examples")) {
+                getJSPMappings(servletContext, SEPARATOR);
+            }
             for (ServletRegistration servletRegistration : servletRegistrations.values()) {
                 for (String mapping : servletRegistration.getMappings()) {
                     URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, mapping, servletRegistration.getClassName()));

instrumentation-security/apache-tomcat-7/src/main/java/com/newrelic/agent/security/instrumentation/apache/tomcat7/HttpServletHelper.java

@@ -20,7 +20,10 @@ public class HttpServletHelper {
     public static void gatherURLMappings(ServletContext servletContext) {
         try {
             Map<String, ? extends ServletRegistration> servletRegistrations = servletContext.getServletRegistrations();
-            getJSPMappings(servletContext, SEPARATOR);
+            String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), SEPARATOR), StringUtils.SEPARATOR);
+            if (!StringUtils.equalsAny(contextPath, "docs", "examples")) {
+                getJSPMappings(servletContext, SEPARATOR);
+            }
 
             for (ServletRegistration servletRegistration : servletRegistrations.values()) {
                 for (String mapping : servletRegistration.getMappings()) {

instrumentation-security/jetty-11/src/main/java/com/newrelic/agent/security/instrumentation/jetty11/HttpServletHelper.java

@@ -207,6 +207,10 @@ public static void postProcessSecurityHook(HttpServletRequest request, HttpServl
     }
     public static void gatherURLMappings(ServletContext servletContext) {
         try {
+            String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), SEPARATOR), StringUtils.SEPARATOR);
+            if (StringUtils.equalsAny(contextPath, "docs", "examples")) {
+                return;
+            }
             Map<String, ? extends ServletRegistration> servletRegistrations = servletContext.getServletRegistrations();
             getJSPMappings(servletContext, SEPARATOR);
 

instrumentation-security/jetty-9/src/main/java/com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.java

@@ -210,7 +210,10 @@ public static void postProcessSecurityHook(HttpServletRequest request, HttpServl
     public static void gatherURLMappings(ServletContext servletContext) {
         try {
             Map<String, ? extends ServletRegistration> servletRegistrations = servletContext.getServletRegistrations();
-            getJSPMappings(servletContext, SEPARATOR);
+            String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), SEPARATOR), StringUtils.SEPARATOR);
+            if (!StringUtils.equalsAny(contextPath, "docs", "examples")) {
+                getJSPMappings(servletContext, SEPARATOR);
+            }
 
             for (ServletRegistration servletReg : servletRegistrations.values()) {
                 for (String mapping : servletReg.getMappings()) {

instrumentation-security/servlet-2.4/src/main/java/com/newrelic/agent/security/instrumentation/servlet24/HttpServletHelper.java

@@ -4,17 +4,21 @@
 import com.newrelic.api.agent.security.instrumentation.helpers.*;
 import com.newrelic.api.agent.security.schema.AgentMetaData;
 import com.newrelic.api.agent.security.schema.ApplicationURLMapping;
+import com.newrelic.api.agent.security.schema.Framework;
 import com.newrelic.api.agent.security.schema.HttpRequest;
 import com.newrelic.api.agent.security.schema.StringUtils;
 import com.newrelic.api.agent.security.schema.policy.AgentPolicy;
 import com.newrelic.api.agent.security.utils.logging.LogLevel;
 
+import javax.servlet.ServletConfig;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletRegistration;
 import javax.servlet.http.HttpServletRequest;
 import java.util.Collection;
 import java.util.Enumeration;
 import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 public class HttpServletHelper {
 
@@ -121,41 +125,4 @@ public static void releaseServletLock() {
     private static String getNrSecCustomAttribName() {
         return NR_SEC_CUSTOM_ATTRIB_NAME + Thread.currentThread().getId();
     }
-
-    public static void gatherURLMappings(ServletContext servletContext) {
-        try {
-            Map<String, ? extends ServletRegistration> servletRegistrations = servletContext.getServletRegistrations();
-            getJSPMappings(servletContext, SEPARATOR);
-
-            for (ServletRegistration servletRegistration : servletRegistrations.values()) {
-                for (String s : servletRegistration.getMappings()) {
-                    URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, s, servletRegistration.getClassName()));
-                }
-            }
-        } catch (Exception e){
-            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_APP_ENDPOINTS, SERVLET_2_4, e.getMessage()), e, HttpServletHelper.class.getName());
-        }
-    }
-
-    public static void getJSPMappings(ServletContext servletContext, String dir) {
-        try {
-            if(dir.endsWith(SEPARATOR)){
-                Collection<String> resourcePaths = servletContext.getResourcePaths(dir);
-                for (String path : resourcePaths) {
-                    String entry = StringUtils.removeStart(StringUtils.removeEnd(path, SEPARATOR), StringUtils.SEPARATOR);
-                    if ( StringUtils.equalsAny(entry, "META-INF", "WEB-INF")) {
-                        continue;
-                    }
-                    if(path.endsWith(SEPARATOR)) {
-                        getJSPMappings(servletContext, path);
-                    }
-                    else if(path.endsWith(".jsp") || path.endsWith(".jspx") || path.endsWith(".JSP") || path.endsWith(".JSPX")) {
-                        URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, path));
-                    }
-                }
-            }
-        } catch (Exception e){
-            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_APP_ENDPOINTS, SERVLET_2_4, e.getMessage()), e, HttpServletHelper.class.getName());
-        }
-    }
 }

instrumentation-security/servlet-2.4/src/main/java/javax/servlet/FilterChain_Instrumentation.java

@@ -68,7 +68,6 @@ private void preprocessSecurityHook(ServletRequest request, ServletResponse resp
             }
 
             HttpServletHelper.processHttpRequestHeader(httpServletRequest, securityRequest);
-
             securityMetaData.setTracingHeaderValue(HttpServletHelper.getTraceHeader(securityRequest.getHeaders()));
 
             securityRequest.setProtocol(httpServletRequest.getScheme());

instrumentation-security/servlet-2.4/src/main/java/javax/servlet/Servlet_Instrumentation.java

@@ -12,9 +12,13 @@
 import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper;
 import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper;
 import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper;
+import com.newrelic.api.agent.security.instrumentation.helpers.URLMappingsHelper;
 import com.newrelic.api.agent.security.schema.AgentMetaData;
+import com.newrelic.api.agent.security.schema.ApplicationURLMapping;
+import com.newrelic.api.agent.security.schema.Framework;
 import com.newrelic.api.agent.security.schema.HttpRequest;
 import com.newrelic.api.agent.security.schema.SecurityMetaData;
+import com.newrelic.api.agent.security.schema.StringUtils;
 import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException;
 import com.newrelic.api.agent.security.schema.operation.RXSSOperation;
 import com.newrelic.api.agent.security.utils.logging.LogLevel;
@@ -26,12 +30,17 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.Arrays;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 @Weave(type = MatchType.Interface, originalName = "javax.servlet.Servlet")
 public abstract class Servlet_Instrumentation {
 
     public void service(ServletRequest_Instrumentation request, ServletResponse_Instrumentation response) {
         boolean isServletLockAcquired = acquireServletLockIfPossible();
+        if (NewRelicSecurity.isHookProcessingActive() && request instanceof HttpServletRequest){
+            setRoute((HttpServletRequest) request, NewRelicSecurity.getAgent().getSecurityMetaData().getRequest(), getServletConfig());
+        }
         if(isServletLockAcquired) {
             preprocessSecurityHook(request, response);
         }
@@ -143,4 +152,33 @@ private void releaseServletLock() {
             HttpServletHelper.releaseServletLock();
         } catch (Throwable e) {}
     }
+
+    public abstract ServletConfig getServletConfig();
+
+    private void setRoute(HttpServletRequest request, HttpRequest securityRequest, ServletConfig servletConfig) {
+        try {
+            if (URLMappingsHelper.getApplicationURLMappings().isEmpty()){
+                return;
+            }
+            String servletPath = request.getServletPath();
+            if (URLMappingsHelper.getApplicationURLMappings().contains(new ApplicationURLMapping(URLMappingsHelper.WILDCARD, servletPath))) {
+                securityRequest.setRoute(servletPath);
+            } else if (servletConfig != null) {
+                ServletRegistration registration = servletConfig.getServletContext().getServletRegistration(servletConfig.getServletName());
+                if (registration != null && registration.getMappings() != null && !registration.getMappings().isEmpty()) {
+                    for (String mapping : registration.getMappings()) {
+                        Pattern pattern = Pattern.compile(StringUtils.replace(mapping, URLMappingsHelper.subResourceSegment, ".*"));
+                        Matcher matcher = pattern.matcher(servletPath);
+                        if (matcher.matches()) {
+                            securityRequest.setRoute(mapping);
+                            break;
+                        }
+                    }
+                }
+            }
+            NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFramework(Framework.SERVLET);
+        } catch (Exception e){
+            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_ROUTE_FOR_INCOMING_REQUEST, HttpServletHelper.SERVLET_2_4, e.getMessage()), e, this.getClass().getName());
+        }
+    }
 }

instrumentation-security/servlet-3.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet30/HttpServletHelper.java

@@ -14,17 +14,18 @@
 import java.util.Map;
 
 public class HttpServletHelper {
-    private static final String WILDCARD = "*";
-    private static final String SEPARATOR = "/";
-    public static final String SERVLET_3_0 = "SERVLET-3.0";
+
+    private static final String SERVLET_3_0 = "SERVLET-3.0";
     public static void gatherURLMappings(ServletContext servletContext) {
         try {
             Map<String, ? extends ServletRegistration> servletRegistrations = servletContext.getServletRegistrations();
-            getJSPMappings(servletContext, SEPARATOR);
-
+            String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), URLMappingsHelper.SEPARATOR), StringUtils.SEPARATOR);
+            if (!StringUtils.equalsAny(contextPath, "docs", "examples")) {
+                getJSPMappings(servletContext, URLMappingsHelper.SEPARATOR);
+            }
             for (ServletRegistration servletRegistration : servletRegistrations.values()) {
                 for (String s : servletRegistration.getMappings()) {
-                    URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, s, servletRegistration.getClassName()));
+                    URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(URLMappingsHelper.WILDCARD, s, servletRegistration.getClassName()));
                 }
             }
         } catch (Exception e){
@@ -34,23 +35,24 @@ public static void gatherURLMappings(ServletContext servletContext) {
 
     public static void getJSPMappings(ServletContext servletContext, String dir) {
         try {
-            if(dir.endsWith(SEPARATOR)){
+            if(dir.endsWith(URLMappingsHelper.SEPARATOR)){
                 Collection<String> resourcePaths = servletContext.getResourcePaths(dir);
                 for (String path : resourcePaths) {
-                    String entry = StringUtils.removeStart(StringUtils.removeEnd(path, SEPARATOR), StringUtils.SEPARATOR);
+                    String entry = StringUtils.removeStart(StringUtils.removeEnd(path, URLMappingsHelper.SEPARATOR), StringUtils.SEPARATOR);
                     if ( StringUtils.equalsAny(entry, "META-INF", "WEB-INF")) {
                         continue;
                     }
-                    if(path.endsWith(SEPARATOR)) {
+                    if(path.endsWith(URLMappingsHelper.SEPARATOR)) {
                         getJSPMappings(servletContext, path);
                     }
                     else if(path.endsWith(".jsp") || path.endsWith(".jspx") || path.endsWith(".JSP") || path.endsWith(".JSPX")) {
-                        URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, path));
+                        URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(URLMappingsHelper.WILDCARD, path));
                     }
                 }
             }
         } catch (Exception e){
             NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_APP_ENDPOINTS, SERVLET_3_0, e.getMessage()), e, HttpServletHelper.class.getName());
         }
     }
+
 }

instrumentation-security/servlet-3.0/src/test/java/com/nr/agent/security/instrumentation/servlet30/ApiEndpointTest.java

@@ -2,14 +2,20 @@
 
 import com.newrelic.agent.security.introspec.InstrumentationTestConfig;
 import com.newrelic.agent.security.introspec.SecurityInstrumentationTestRunner;
+import com.newrelic.api.agent.Trace;
 import com.newrelic.api.agent.security.instrumentation.helpers.URLMappingsHelper;
 import com.newrelic.api.agent.security.schema.ApplicationURLMapping;
-import org.apache.catalina.servlets.DefaultServlet;
+import com.newrelic.api.agent.security.schema.Framework;
+import com.newrelic.api.agent.security.schema.SecurityMetaData;
 import org.junit.Assert;
 import org.junit.ClassRule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URISyntaxException;
+import java.net.URL;
 import java.util.Iterator;
 
 @RunWith(SecurityInstrumentationTestRunner.class)
@@ -32,4 +38,21 @@ public void testURLMappings() {
         ApplicationURLMapping mapping2 = mappings.next();
         Assert.assertEquals("URL Mappings", new ApplicationURLMapping(method, "/test", handler), mapping2);
     }
+
+    @Test
+    public void testRoute() throws IOException, URISyntaxException {
+        connect();
+        SecurityMetaData metaData = SecurityInstrumentationTestRunner.getIntrospector().getSecurityMetaData();
+        Assert.assertEquals( "Incorrect Route Detected","/test", metaData.getRequest().getRoute());
+        Assert.assertEquals("Incorrect Framework detected", Framework.SERVLET.name(), metaData.getMetaData().getFramework());
+    }
+
+    @Trace(dispatcher = true)
+    private void connect() throws IOException, URISyntaxException {
+        URL u = server.getEndPoint().toURL();
+        HttpURLConnection conn = (HttpURLConnection) u.openConnection();
+        conn.setRequestProperty("content-type", "text/plain; charset=utf-8");
+        conn.connect();
+        conn.getResponseCode();
+    }
 }

instrumentation-security/servlet-3.0/src/test/java/com/nr/agent/security/instrumentation/servlet30/HttpServletServer.java

@@ -3,7 +3,6 @@
 import org.apache.catalina.Context;
 import org.apache.catalina.LifecycleState;
 import org.apache.catalina.connector.Connector;
-import org.apache.catalina.servlets.DefaultServlet;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.catalina.webresources.TomcatURLStreamHandlerFactory;
 import org.apache.tomcat.util.http.fileupload.FileUtils;
@@ -19,6 +18,8 @@
 import java.io.File;
 import java.io.IOException;
 import java.net.ServerSocket;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.util.Collections;
 import java.util.Set;
 
@@ -91,6 +92,10 @@ private void stop() {
             }
         }
     }
+
+    public URI getEndPoint() throws URISyntaxException {
+        return new URI("http://localhost:" + port + "/test");
+    }
 }
 class MyServlet extends HttpServlet {
     @Override

instrumentation-security/servlet-5.0/src/main/java/com/newrelic/agent/security/instrumentation/servlet5/HttpServletHelper.java

@@ -4,17 +4,18 @@
 import com.newrelic.api.agent.security.instrumentation.helpers.*;
 import com.newrelic.api.agent.security.schema.AgentMetaData;
 import com.newrelic.api.agent.security.schema.ApplicationURLMapping;
+import com.newrelic.api.agent.security.schema.Framework;
 import com.newrelic.api.agent.security.schema.HttpRequest;
 import com.newrelic.api.agent.security.schema.StringUtils;
 import com.newrelic.api.agent.security.schema.policy.AgentPolicy;
 import com.newrelic.api.agent.security.utils.logging.LogLevel;
 import jakarta.servlet.ServletContext;
 import jakarta.servlet.ServletRegistration;
+import jakarta.servlet.http.HttpServletMapping;
 import jakarta.servlet.http.HttpServletRequest;
 
 import java.util.Collection;
 import java.util.Enumeration;
-import java.util.Iterator;
 import java.util.Map;
 
 public class HttpServletHelper {
@@ -126,8 +127,10 @@ private static String getNrSecCustomAttribName() {
     public static void gatherURLMappings(ServletContext servletContext) {
         try {
             Map<String, ? extends ServletRegistration> servletRegistrations = servletContext.getServletRegistrations();
-            getJSPMappings(servletContext, SEPARATOR);
-
+            String contextPath = StringUtils.removeStart(StringUtils.removeEnd(servletContext.getContextPath(), SEPARATOR), StringUtils.SEPARATOR);
+            if (!StringUtils.equalsAny(contextPath, "docs", "examples")) {
+                getJSPMappings(servletContext, SEPARATOR);
+            }
             for (ServletRegistration servletRegistration : servletRegistrations.values()) {
                 for (String s : servletRegistration.getMappings()) {
                     URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping(WILDCARD, s, servletRegistration.getClassName()));
@@ -159,4 +162,21 @@ else if(path.endsWith(".jsp") || path.endsWith(".jspx") || path.endsWith(".JSP")
             NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_APP_ENDPOINTS, SERVLET_5_0, e.getMessage()), e, HttpServletHelper.class.getName());
         }
     }
+
+    public static void setRoute(HttpServletRequest request){
+        try {
+            if (!NewRelicSecurity.isHookProcessingActive() || URLMappingsHelper.getApplicationURLMappings().isEmpty()){
+                return;
+            }
+            HttpServletMapping mapping = request.getHttpServletMapping();
+            if (URLMappingsHelper.getApplicationURLMappings().contains(new ApplicationURLMapping(URLMappingsHelper.WILDCARD, request.getServletPath()))) {
+                NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().setRoute(request.getServletPath());
+            } else if (mapping != null) {
+                NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().setRoute(mapping.getPattern());
+            }
+            NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFramework(Framework.SERVLET);
+        } catch (Exception e){
+            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_ROUTE_FOR_INCOMING_REQUEST, SERVLET_5_0, e.getMessage()), e, HttpServletHelper.class.getName());
+        }
+    }
 }

instrumentation-security/servlet-5.0/src/main/java/jakarta/servlet/FilterChain_Instrumentation.java

@@ -26,6 +26,9 @@ public abstract class FilterChain_Instrumentation {
 
     public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException {
         boolean isServletLockAcquired = acquireServletLockIfPossible();
+        if (request instanceof HttpServletRequest) {
+            HttpServletHelper.setRoute((HttpServletRequest)request);
+        }
         if(isServletLockAcquired) {
             preprocessSecurityHook(request, response);
         }