search

newrelic / newrelic-ruby-agent

New Relic RPM Ruby Agent
https://docs.newrelic.com/docs/apm/agents/ruby-agent/getting-started/introduction-new-relic-ruby/
Apache License 2.0
1.2k stars 598 forks source link

Update newrelic.yml generator with new security configs #2753

Closed hannahramadan closed 1 month ago

hannahramadan commented 1 month ago

newrelic.yml is an automatically generated file on new agent releases and is based off default_source.rb. The security agent introduces some new configs and comments that need to be baked into the generator so that they aren't lost. The generator code can be found in newrelicyml.rb. The following should be added to the bottom of newrelic.yml, before the footer.

Note: the generator currently alphabetizes configs. Make sure security settings are kept within their own section. *Make sure to double check the final merged content

Additional context: https://github.com/newrelic/newrelic-ruby-agent/pull/2752/files#r1681622863


  # BEGIN security agent
  #
  #   NOTE: At this time, the security agent is intended for use only within
  #         a dedicated security testing environment with data that can tolerate
  #         modification or deletion. The security agent is available as a
  #         separate Ruby gem, newrelic_security. It is recommended that this
  #         separate gem only be introduced to a security testing environment
  #         by leveraging Bundler grouping like so:
  #
  #         # Gemfile
  #         gem 'newrelic_rpm'               # New Relic APM observability agent
  #         gem 'newrelic-infinite_tracing'  # New Relic Infinite Tracing
  #
  #         group :security do
  #           gem 'newrelic_security'        # New Relic security agent
  #         end
  #
  #   NOTE: All "security.*" configuration parameters are related only to the
  #         security agent, and all other configuration parameters that may
  #         have "security" in the name some where are related to the APM agent.
  #

  # If true, the security agent is loaded (a Ruby 'require' is performed)
  # security.agent.enabled: false

  # If true, the security agent is started (the agent runs in its event loop)
  # security.enabled: false

  # Defines the mode for the security agent to operate in. Currently only 'IAST' is supported
  # security.mode: IAST

  # Defines the endpoint URL for posting security related data
  # security.validator_service_url: wss://csec.nr-data.net

  # If `true`, enables RCI detection
  # security.detection.rci.enabled: true

  # If `true`, enables RXSS detection
  # security.detection.rxss.enabled: true

  # If `true`, enables deserialization detection
  # security.detection.deserialization.enabled: true

  # The port the application is listening on. This setting is mandatory for Passenger servers. Other servers should be detected by default.
  # security.application_info.port: nil

  # END security agent
workato-integration[bot] commented 1 month ago

https://new-relic.atlassian.net/browse/NR-292879

hannahramadan commented 1 month ago

Closed by https://github.com/newrelic/newrelic-ruby-agent/pull/2773