Skip to content

Deserialisation Event Generation : vulnerability detection #395

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 28 commits into from
Apr 23, 2025
Merged

Deserialisation Event Generation : vulnerability detection #395

merged 28 commits into from
Apr 23, 2025

Conversation

lovesh-ap
Copy link
Contributor

No description provided.

AnupamJuniwal and others added 18 commits September 6, 2023 12:20
@AnupamJuniwal
Initial changes for proof backed deserialization attack detection
7bd7d3b
@AnupamJuniwal
Merge branch 'develop' into task/deserialisation_improvement_poc
a8bff23
@AnupamJuniwal
This contains code cleanup and multiple fixes as required to gather m…
cac032e 
…ore information regarding deserialization attacks
@AnupamJuniwal
Merge branch 'develop' into task/deserialisation_improvement_poc
81345c0
@AnupamJuniwal
Code cleanup
9fff3b7
@AnupamJuniwal
This contains changes for deserializationInfo to be managed with one …
c17d614 
…node only instead of a stack. This also contains changes to include information based on object being deserialized in a parent child, but in an adhoc format, this would be helpful for cases where events are triggered due to deserialization being done.
@AnupamJuniwal
minor fix for NPE handling
58fa096
@AnupamJuniwal
Merge branch 'develop' into task/deserialisation_improvement_poc
f58a5c8
@AnupamJuniwal
Refactoring for java deserialization hook
4cd631f
@AnupamJuniwal
Added todo note for object deserialiation
ee8d3f3
@lovesh-ap
Merge branch 'refs/heads/main' into task/deserialisation_improvement_poc
93d10f0 
# Conflicts:
#	newrelic-security-agent/src/main/java/com/newrelic/agent/security/instrumentator/dispatcher/Dispatcher.java
#	newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/AgentMetaData.java
#	newrelic-security-api/src/main/java/com/newrelic/api/agent/security/schema/VulnerabilityCaseType.java
#	settings.gradle
@lovesh-ap
Deserialization POC without reflection
12559be
@lovesh-ap
Merge branch 'refs/heads/main' into task/deserialisation_improvement_poc
1e115e0
@lovesh-ap
change parameter schema for Deserialization event
d72a9ac
@IshikaDawda
Bump json version to 1.2.11
bfb2acd
@lovesh-ap
Prodcutisation of DeserializationInfo
fd3d572
@lovesh-ap
Merge branch 'refs/heads/feature/include-http-response' into task/des…
9ef161e 
…erialisation_improvement_poc

# Conflicts:
#	gradle.properties
@lovesh-ap
Add UNSAFE_DESERIALIZATION as a new category
4577300
@lovesh-ap lovesh-ap self-assigned this Mar 12, 2025
lovesh-ap and others added 10 commits April 11, 2025 11:41
@IshikaDawda IshikaDawda requested a review from k2himanshu April 23, 2025 09:10
@k2himanshu k2himanshu merged commit c1299e0 into feature/include-http-response Apr 23, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k2himanshu k2himanshu k2himanshu approved these changes

Assignees

@lovesh-ap lovesh-ap

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lovesh-ap @k2himanshu @AnupamJuniwal @IshikaDawda