feat: IAST configurations for scan scheduling and restrictions

[sumitsuthar]

Description

This PR contains config for IAST scan scheduling and restrictions.
You can configure your IAST to handle scan scheduling. These configurations allow you to exclude certain APIs, parameters, and vulnerability categories from IAST analysis. You can also delay IAST scans or schedule them for specific times of the day.
Example config is given below:
security: { iast_test_identifier: '1008', scan_controllers: { iast_scan_request_rate_limit: 3600, scan_instance_count: 1 }, scan_schedule: { delay: 0, duration: 300, schedule: '', always_sample_traces: false }, exclude_from_iast_scan: { api:[] http_request_parameters: { header: [], query: [], body: [] }, iast_detection_category: { insecure_settings: false, invalid_file_access: false, sql_injection: false, nosql_injection: false, ldap_injection: false, javascript_injection: false, command_injection: false, xpath_injection: false, ssrf: false, rxss: false } } }
Reference: IAST-CONFIGURATION

[sumitsuthar]

Security Agent requires new configurations for upcoming release. Please take a look.

[sumitsuthar]

Requires unit test to be added. Closing now

[jsumners-nr]

This seems like an anti-pattern to me. Why would the agent have configuration specific to a CI/CD environment?

[sumitsuthar]

In case of CI/CD, IAST scan result will be fetched based on iast_test_identifier.

[jsumners-nr]

That does not answer the question. Why would the agent need to know it is running in a CI/CD environment?

[sumitsuthar]

There is a requirement where Validator(Security Engine) requires an identifier whenenver an application runs with IAST in CI/CD to generate IAST result on basis of iast_test_identifier. It's an requirement at Security Engine to get the test identifier that's why the config is added.

[sumitsuthar]

unit test cases added for new configurations

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.19%. Comparing base (b917b3e) to head (e680118).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2645      +/-   ##
==========================================
- Coverage   97.21%   97.19%   -0.03%     
==========================================
  Files         291      291              
  Lines       45928    46069     +141     
==========================================
+ Hits        44650    44777     +127     
- Misses       1278     1292      +14     

Flag	Coverage Δ
integration-tests-cjs-18.x	74.26% <100.00%> (+0.08%)	⬆️
integration-tests-cjs-20.x	74.26% <100.00%> (+0.08%)	⬆️
integration-tests-cjs-22.x	74.30% <100.00%> (+0.07%)	⬆️
integration-tests-esm-18.x	49.88% <100.00%> (+0.17%)	⬆️
integration-tests-esm-20.x	49.88% <100.00%> (+0.17%)	⬆️
integration-tests-esm-22.x	49.91% <100.00%> (+0.17%)	⬆️
unit-tests-18.x	88.90% <100.00%> (?)
unit-tests-20.x	88.90% <100.00%> (+0.03%)	⬆️
unit-tests-22.x	88.91% <100.00%> (+0.03%)	⬆️
versioned-tests-18.x	78.99% <100.00%> (-0.12%)	⬇️
versioned-tests-20.x	78.99% <100.00%> (-0.12%)	⬇️
versioned-tests-22.x	79.00% <100.00%> (-0.12%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[sumitsuthar]

@jsumners-nr Can you please check why the test for cassandra-driver is failing.
packages: [email protected] file: /home/runner/work/node-newrelic/node-newrelic/test/versioned/cassandra-driver/query.tap.js