Generate all reflection events

lovesh-ap · lovesh-ap · commit 381d49a19d28 · 2025-04-16T17:34:17.000+05:30
diff --git a/instrumentation-security/java-reflection/src/main/java/java/lang/reflect/Method_Instrumentation.java b/instrumentation-security/java-reflection/src/main/java/java/lang/reflect/Method_Instrumentation.java
@@ -4,6 +4,7 @@
 import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper;
 import com.newrelic.api.agent.security.schema.AbstractOperation;
 import com.newrelic.api.agent.security.schema.StringUtils;
+import com.newrelic.api.agent.security.schema.VulnerabilityCaseType;
 import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException;
 import com.newrelic.api.agent.security.schema.operation.JavaReflectionOperation;
 import com.newrelic.api.agent.security.utils.logging.LogLevel;
@@ -45,21 +46,20 @@ private void registerExitOperation(AbstractOperation operation) {
 
     private AbstractOperation preprocessSecurityHook(Object obj, Class<?> declaringClass, Class<?>[] parameterTypes, String name, Object[] args) {
         try {
-            if (!NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() && NewRelicSecurity.getAgent().getSecurityMetaData().getDeserializationInvocation() != null && NewRelicSecurity.getAgent().getSecurityMetaData().getDeserializationInvocation().getActive()) {
-                if(StringUtils.isNotBlank(NewRelicSecurity.getAgent().getSecurityMetaData().getDeserializationInvocation().peekReadObjectInAction())
-                    && !StringUtils.equals(name, "readObject")) {
-                    JavaReflectionOperation operation = new JavaReflectionOperation(this.getClass().getName(), "invoke", declaringClass.getName(), name, args, obj);
-                    List<String> methodNames = new ArrayList<>();
-                    for (Method method : declaringClass.getDeclaredMethods()) {
-                        if(Arrays.equals(method.getParameterTypes(), parameterTypes)) {
-                            methodNames.add(method.getName());
-                        }
-                    }
-                    operation.setDeclaredMethods(methodNames);
-                    NewRelicSecurity.getAgent().registerOperation(operation);
-                    return operation;
+            if(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() || !GenericHelper.isLockAcquirePossible(VulnerabilityCaseType.REFLECTION)) {
+                return null;
+            }
+
+            JavaReflectionOperation operation = new JavaReflectionOperation(this.getClass().getName(), "invoke", declaringClass.getName(), name, args, obj);
+            List<String> methodNames = new ArrayList<>();
+            for (Method method : declaringClass.getDeclaredMethods()) {
+                if(Arrays.equals(method.getParameterTypes(), parameterTypes)) {
+                    methodNames.add(method.getName());
                 }
             }
+            operation.setDeclaredMethods(methodNames);
+            NewRelicSecurity.getAgent().registerOperation(operation);
+            return operation;
         } catch (Throwable e) {
             if(e instanceof NewRelicSecurityException){
                 NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, "JAVA-REFLECTION", e.getMessage()), e, Method_Instrumentation.class.getName());
diff --git a/newrelic-security-agent/src/main/java/com/newrelic/agent/security/util/IUtilConstants.java b/newrelic-security-agent/src/main/java/com/newrelic/agent/security/util/IUtilConstants.java
@@ -33,7 +33,7 @@ public interface IUtilConstants {
     String SKIP_SSRF = SKIP_IAST_SCAN_PARAMETERS_IAST_DETECTION_CATEGORY + ".ssrf";
     String SKIP_RXSS = SKIP_IAST_SCAN_PARAMETERS_IAST_DETECTION_CATEGORY + ".rxss";
     String SKIP_UNSAFE_DESERIALIZATION = SKIP_IAST_SCAN_PARAMETERS_IAST_DETECTION_CATEGORY + ".unsafe_deserialization";
-    String SKIP_INSECURE_REFLECTION = SKIP_IAST_SCAN_PARAMETERS_IAST_DETECTION_CATEGORY + ".insecure_reflection";
+    String SKIP_UNSAFE_REFLECTION = SKIP_IAST_SCAN_PARAMETERS_IAST_DETECTION_CATEGORY + ".unsafe_reflection";
 
     String RESTRICTION_CRITERIA_SCAN_TIME_SCHEDULE = "security.restriction_criteria.scan_time.schedule";
     String RESTRICTION_CRITERIA_SCAN_TIME_DURATION = "security.restriction_criteria.scan_time.duration";
diff --git a/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java b/newrelic-security-api/src/main/java/com/newrelic/api/agent/security/instrumentation/helpers/GenericHelper.java
@@ -52,7 +52,7 @@ public static boolean isLockAcquired(String nrSecCustomAttrName, int hashCode) {
         return false;
     }
 
-    private static boolean isLockAcquirePossible(VulnerabilityCaseType caseType) {
+    public static boolean isLockAcquirePossible(VulnerabilityCaseType caseType) {
         if (!NewRelicSecurity.isHookProcessingActive()){
             return false;
         }

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public static boolean isLockAcquired(String nrSecCustomAttrName, int hashCode) {`
`52`	`52`	`return false;`
`53`	`53`	`}`
`54`	`54`
`55`		`- private static boolean isLockAcquirePossible(VulnerabilityCaseType caseType) {`
	`55`	`+ public static boolean isLockAcquirePossible(VulnerabilityCaseType caseType) {`
`56`	`56`	`if (!NewRelicSecurity.isHookProcessingActive()){`
`57`	`57`	`return false;`
`58`	`58`	`}`