From 8874d32a986a021740f44718a15dc3565ac44d50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Fri, 12 May 2023 14:42:35 +0800 Subject: [PATCH 01/18] fix: custom model --- .../hookpoint/controller/impl/SourceImpl.java | 16 --- .../iast/core/utils/TaintPoolUtils.java | 39 ------ .../com.secnium.iast.resources/blacklist.txt | 128 ++++++++++-------- 3 files changed, 70 insertions(+), 113 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java index 33ace410e..34d6d215b 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java @@ -82,25 +82,9 @@ private static boolean trackTarget(MethodEvent event, SourceNode sourceNode) { } TaintPoolUtils.trackObject(event, sourceNode, event.returnInstance, 0); - // @TODO: hook json serializer for custom model - handlerCustomModel(event, sourceNode); return true; } - /** - * todo: 处理过程和结果需要细化 - * - * @param event MethodEvent - */ - public static void handlerCustomModel(MethodEvent event, SourceNode sourceNode) { - if (!"getSession".equals(event.getMethodName())) { - Set modelValues = TaintPoolUtils.parseCustomModel(event.returnInstance); - for (Object modelValue : modelValues) { - TaintPoolUtils.trackObject(event, sourceNode, modelValue, 0); - } - } - } - private static boolean allowCall(MethodEvent event) { boolean allowed = true; if (METHOD_OF_GETATTRIBUTE.equals(event.getMethodName())) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java index 1561283b4..fc72e25a8 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java @@ -146,38 +146,6 @@ public static boolean isAllowTaintType(Object obj) { return isAllowTaintType(obj.getClass()); } - public static Set parseCustomModel(Object model) { - Set modelValues = new HashSet(); - try { - if (!TaintPoolUtils.isAllowTaintGetterModel(model)) { - return modelValues; - } - - // getter methods - Method[] methods = model.getClass().getMethods(); - Object itemValue = null; - for (Method method : methods) { - if (!TaintPoolUtils.isAllowTaintGetterMethod(method)) { - continue; - } - - try { - method.setAccessible(true); - itemValue = method.invoke(model); - if (!TaintPoolUtils.isNotEmpty(itemValue) || !TaintPoolUtils.isAllowTaintType(itemValue)) { - continue; - } - modelValues.add(itemValue); - } catch (Throwable e) { - DongTaiLog.error(ErrorCode.get("UTIL_TAINT_PARSE_CUSTOM_MODEL_FAILED"), - model.getClass().getName(), method.getName(), e); - } - } - } catch (Throwable ignore) { - } - return modelValues; - } - public static boolean isAllowTaintGetterModel(Object model) { if (!TaintPoolUtils.isNotEmpty(model)) { return false; @@ -309,13 +277,6 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object event.addTargetHash(hash); EngineManager.TAINT_RANGES_POOL.add(hash, tr); } else { - if (!(obj instanceof String)) { - Set modelValues = TaintPoolUtils.parseCustomModel(obj); - for (Object modelValue : modelValues) { - trackObject(event, policyNode, modelValue, depth + 1); - } - } - hash = System.identityHashCode(obj); if (EngineManager.TAINT_HASH_CODES.contains(hash)) { event.addSourceHash(hash); diff --git a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt index 0cc7049b6..cdc7cd650 100644 --- a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt +++ b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt @@ -3583,6 +3583,7 @@ com/bea/security/xacml/target/TargetEvaluatorRegistry com/bea/sslplus/CerticomSSLContext com/bea/staxb/buildtime/internal/bts/BaseBindingLoader com/bea/staxb/buildtime/internal/bts/BindingFile +com/bea/staxb/buildtime/internal/bts.BindingFileInputStream com/bea/staxb/buildtime/internal/bts/BindingLoader com/bea/staxb/buildtime/internal/bts/BindingMappingFile com/bea/staxb/buildtime/internal/bts/BindingProperty @@ -4649,7 +4650,7 @@ com/fasterxml/jackson/databind/DeserializationContext com/fasterxml/jackson/databind/DeserializationFeature com/fasterxml/jackson/databind/InjectableValues com/fasterxml/jackson/databind/JavaType -com/fasterxml/jackson/databind/JsonDeserializer +# com/fasterxml/jackson/databind/JsonDeserializer com/fasterxml/jackson/databind/JsonMappingException com/fasterxml/jackson/databind/JsonSerializable com/fasterxml/jackson/databind/JsonSerializable$Base @@ -4734,61 +4735,61 @@ com/fasterxml/jackson/databind/deser/impl/PropertyBasedCreator$CaseInsensitiveMa com/fasterxml/jackson/databind/deser/impl/PropertyBasedObjectIdGenerator com/fasterxml/jackson/databind/deser/impl/SetterlessProperty com/fasterxml/jackson/databind/deser/impl/TypeWrappedDeserializer -com/fasterxml/jackson/databind/deser/std/ArrayBlockingQueueDeserializer -com/fasterxml/jackson/databind/deser/std/AtomicBooleanDeserializer -com/fasterxml/jackson/databind/deser/std/AtomicReferenceDeserializer -com/fasterxml/jackson/databind/deser/std/BaseNodeDeserializer -com/fasterxml/jackson/databind/deser/std/BaseNodeDeserializer$1 -com/fasterxml/jackson/databind/deser/std/ByteBufferDeserializer -com/fasterxml/jackson/databind/deser/std/CollectionDeserializer -com/fasterxml/jackson/databind/deser/std/ContainerDeserializerBase -com/fasterxml/jackson/databind/deser/std/EnumDeserializer -com/fasterxml/jackson/databind/deser/std/EnumMapDeserializer -com/fasterxml/jackson/databind/deser/std/EnumSetDeserializer -com/fasterxml/jackson/databind/deser/std/FromStringDeserializer -com/fasterxml/jackson/databind/deser/std/FromStringDeserializer$Std -com/fasterxml/jackson/databind/deser/std/JavaTypeDeserializer -com/fasterxml/jackson/databind/deser/std/JdkDeserializers -com/fasterxml/jackson/databind/deser/std/JsonLocationInstantiator -com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer -com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$1 -com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$ArrayDeserializer -com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$ObjectDeserializer -com/fasterxml/jackson/databind/deser/std/MapDeserializer -com/fasterxml/jackson/databind/deser/std/MapEntryDeserializer -com/fasterxml/jackson/databind/deser/std/NullifyingDeserializer -com/fasterxml/jackson/databind/deser/std/ObjectArrayDeserializer -com/fasterxml/jackson/databind/deser/std/StackTraceElementDeserializer -com/fasterxml/jackson/databind/deser/std/StdDelegatingDeserializer -com/fasterxml/jackson/databind/deser/std/StdDeserializer -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$BoolKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$ByteKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$CalendarKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$CharKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DateKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DelegatingKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DoubleKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$EnumKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$FloatKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$IntKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$LocaleKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$LongKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$ShortKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$StringCtorKeyDeserializer -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$StringFactoryKeyDeserializer -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$StringKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$UuidKD -com/fasterxml/jackson/databind/deser/std/StdKeyDeserializers -com/fasterxml/jackson/databind/deser/std/StdScalarDeserializer -com/fasterxml/jackson/databind/deser/std/StdValueInstantiator -com/fasterxml/jackson/databind/deser/std/StringArrayDeserializer -com/fasterxml/jackson/databind/deser/std/StringCollectionDeserializer -com/fasterxml/jackson/databind/deser/std/StringDeserializer -com/fasterxml/jackson/databind/deser/std/ThrowableDeserializer -com/fasterxml/jackson/databind/deser/std/TokenBufferDeserializer -com/fasterxml/jackson/databind/deser/std/UUIDDeserializer -com/fasterxml/jackson/databind/deser/std/UntypedObjectDeserializer +# com/fasterxml/jackson/databind/deser/std/ArrayBlockingQueueDeserializer +# com/fasterxml/jackson/databind/deser/std/AtomicBooleanDeserializer +# com/fasterxml/jackson/databind/deser/std/AtomicReferenceDeserializer +# com/fasterxml/jackson/databind/deser/std/BaseNodeDeserializer +# com/fasterxml/jackson/databind/deser/std/BaseNodeDeserializer$1 +# com/fasterxml/jackson/databind/deser/std/ByteBufferDeserializer +# com/fasterxml/jackson/databind/deser/std/CollectionDeserializer +# com/fasterxml/jackson/databind/deser/std/ContainerDeserializerBase +# com/fasterxml/jackson/databind/deser/std/EnumDeserializer +# com/fasterxml/jackson/databind/deser/std/EnumMapDeserializer +# com/fasterxml/jackson/databind/deser/std/EnumSetDeserializer +# com/fasterxml/jackson/databind/deser/std/FromStringDeserializer +# com/fasterxml/jackson/databind/deser/std/FromStringDeserializer$Std +# com/fasterxml/jackson/databind/deser/std/JavaTypeDeserializer +# com/fasterxml/jackson/databind/deser/std/JdkDeserializers +# com/fasterxml/jackson/databind/deser/std/JsonLocationInstantiator +# com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer +# com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$1 +# com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$ArrayDeserializer +# com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$ObjectDeserializer +# com/fasterxml/jackson/databind/deser/std/MapDeserializer +# com/fasterxml/jackson/databind/deser/std/MapEntryDeserializer +# com/fasterxml/jackson/databind/deser/std/NullifyingDeserializer +# com/fasterxml/jackson/databind/deser/std/ObjectArrayDeserializer +# com/fasterxml/jackson/databind/deser/std/StackTraceElementDeserializer +# com/fasterxml/jackson/databind/deser/std/StdDelegatingDeserializer +# com/fasterxml/jackson/databind/deser/std/StdDeserializer +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$BoolKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$ByteKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$CalendarKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$CharKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DateKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DelegatingKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DoubleKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$EnumKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$FloatKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$IntKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$LocaleKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$LongKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$ShortKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$StringCtorKeyDeserializer +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$StringFactoryKeyDeserializer +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$StringKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$UuidKD +# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializers +# com/fasterxml/jackson/databind/deser/std/StdScalarDeserializer +# com/fasterxml/jackson/databind/deser/std/StdValueInstantiator +# com/fasterxml/jackson/databind/deser/std/StringArrayDeserializer +# com/fasterxml/jackson/databind/deser/std/StringCollectionDeserializer +# com/fasterxml/jackson/databind/deser/std/StringDeserializer +# com/fasterxml/jackson/databind/deser/std/ThrowableDeserializer +# com/fasterxml/jackson/databind/deser/std/TokenBufferDeserializer +# com/fasterxml/jackson/databind/deser/std/UUIDDeserializer +# com/fasterxml/jackson/databind/deser/std/UntypedObjectDeserializer com/fasterxml/jackson/databind/exc/IgnoredPropertyException com/fasterxml/jackson/databind/exc/InvalidFormatException com/fasterxml/jackson/databind/exc/PropertyBindingException @@ -23724,7 +23725,7 @@ java/io/OutputStream java/io/OutputStreamWriter java/io/PipedOutputStream java/io/PrintStream -java/io/PushbackInputStream +# java/io/PushbackInputStream java/io/PushbackReader java/io/RandomAccessFile java/io/RandomAccessFile$1 @@ -24894,6 +24895,7 @@ java/util/StringTokenizer # java/util/stream/IntStream # java/util/stream/Stream java/util/zip/* +java/util/zip/CheckedInputStream javassist/ByteArrayClassPath javassist/CannotCompileException javassist/ClassClassPath @@ -27852,6 +27854,7 @@ javelin/jsp/JspTagLibraryFeature$1 javelin/jsp/JspTagLibraryFeature$2 javelin/jsp/JspTagLibraryFeature$TagLibraryContext javelin/jsp/JspTagLibraryFeature$TldChangeListener +javelin.jsp.JspTagLibraryFeature$UncloseableInputStream javelin/jsp/JspTagLibraryFeature$WebXmlChangeListener javelin/jsp/JspTagLibraryParser javelin/jsp/JspTagLibraryParser$JSPEntityResolver @@ -38053,6 +38056,7 @@ org/apache/xerces/impl/XMLEntityManager$EncodingInfo org/apache/xerces/impl/XMLEntityManager$Entity org/apache/xerces/impl/XMLEntityManager$ExternalEntity org/apache/xerces/impl/XMLEntityManager$InternalEntity +org/apache/xerces/impl/XMLEntityManager$RewindableInputStream org/apache/xerces/impl/XMLEntityManager$ScannedEntity org/apache/xerces/impl/XMLEntityScanner org/apache/xerces/impl/XMLEntityScanner$1 @@ -59960,7 +59964,7 @@ org/springframework/util/SerializationUtils org/springframework/util/StopWatch org/springframework/util/StopWatch$TaskInfo org/springframework/util/StreamUtils$NonClosingOutputStream -org/springframework/util/StringUtils +# org/springframework/util/StringUtils org/springframework/util/StringValueResolver org/springframework/util/SystemPropertyUtils org/springframework/util/SystemPropertyUtils$SystemPropertyPlaceholderResolver @@ -64568,6 +64572,7 @@ weblogic/common/internal/VersionInfoFactory$PEER_INFO_FOR_WIRE_SINGLETON weblogic/common/internal/VersionInfoFactory$PEER_INFO_SINGLETON weblogic/common/internal/VersionInfoFactory$VERSION_INFO_SINGLETON weblogic/common/internal/VersioningError +weblogic/common/internal/WLObjectInputStream weblogic/common/internal/WLObjectOutputStream weblogic/common/resourcepool/IPooledResourceLinkedList weblogic/common/resourcepool/ObjectLifeCycle @@ -65955,6 +65960,7 @@ weblogic/iiop/EndPointFactory weblogic/iiop/IDLUtils weblogic/iiop/IIOPClient weblogic/iiop/IIOPClientService +weblogic/iiop/IIOPInputStream weblogic/iiop/IIOPLogger weblogic/iiop/IIOPLogger$MessageLoggerInitializer weblogic/iiop/IIOPOutputStream @@ -70018,6 +70024,7 @@ weblogic/net/http/HttpsClient weblogic/net/http/HttpsURLConnection weblogic/net/http/KeepAliveCache weblogic/net/http/KeepAliveKey +weblogic/net/http/KeepAliveStream weblogic/net/http/MessageHeader weblogic/net/http/NETEnvironment weblogic/net/http/SOAPHttpURLConnection @@ -72305,6 +72312,7 @@ weblogic/utils/enumerations/LIFO_FileContainer weblogic/utils/expressions/ExpressionEvaluationException weblogic/utils/expressions/ExpressionMap weblogic/utils/http/BytesToString +weblogic/utils/http/HttpChunkInputStream weblogic/utils/http/HttpChunkOutputStream weblogic/utils/http/HttpConstants weblogic/utils/http/HttpParsing @@ -72318,6 +72326,7 @@ weblogic/utils/http/MaxRequestParameterExceedException weblogic/utils/io/ByteBufferDataInputStream weblogic/utils/io/ByteBufferDataOutputStream weblogic/utils/io/ByteBufferObjectInputStream +weblogic/utils/io/ByteBufferObjectInputStream$ContextObjectInputStream weblogic/utils/io/ByteBufferObjectOutputStream weblogic/utils/io/ByteBufferOutputStream weblogic/utils/io/Chunk @@ -72325,6 +72334,7 @@ weblogic/utils/io/ChunkInput weblogic/utils/io/ChunkInputStreamAccess weblogic/utils/io/ChunkOutput weblogic/utils/io/ChunkedDataOutputStream +weblogic/utils/io/ChunkedInputStream weblogic/utils/io/ChunkedObjectOutputStream weblogic/utils/io/ChunkedObjectOutputStream$NestedObjectOutputStream weblogic/utils/io/ChunkedOutputStream @@ -73559,6 +73569,7 @@ weblogic/xml/stream/events/SpaceEvent weblogic/xml/stream/events/StartDocumentEvent weblogic/xml/stream/events/StartElementEvent weblogic/xml/stream/util/RecyclingFactory +weblogic/xml/util/CachedInputStream weblogic/xml/util/Debug weblogic/xml/util/Debug$DebugFacility weblogic/xml/util/Debug$DebugFacility$DebugListener @@ -73628,6 +73639,7 @@ workshop/util/encoding/EncodingManager$EncodingProxy workshop/util/encoding/EncodingReader workshop/util/encoding/impl/PropertiesEncoding workshop/util/encoding/impl/TextEncoding +workshop/util/filesystem/util/InputStreamWrapper com/alibaba/druid/filter/logging/Log4jFilter # disable alibaba sandbox's class dongtai-001 com/alibaba/jvm/sandbox/* From 625f54208a4f0aa4bfa4c57f95a7469dd4497760 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Mon, 15 May 2023 17:52:36 +0800 Subject: [PATCH 02/18] fix: custom model --- .../main/resources/com.secnium.iast.resources/blacklist.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt index cdc7cd650..593c3646c 100644 --- a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt +++ b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt @@ -5513,7 +5513,7 @@ com/google/common/util/concurrent/ThreadFactoryBuilder$1 com/google/common/util/concurrent/UncheckedExecutionException com/google/common/util/concurrent/Uninterruptibles com/google/gson/FieldNamingPolicy* -com/google/gson/Gson* +# com/google/gson/Gson* com/google/gson/JsonArray com/google/gson/JsonElement com/google/gson/JsonIOException @@ -5523,7 +5523,7 @@ com/google/gson/JsonParseException com/google/gson/JsonPrimitive com/google/gson/JsonSyntaxException com/google/gson/LongSerializationPolicy* -com/google/gson/TypeAdapter* +# com/google/gson/TypeAdapter* com/google/gson/internal/* com/google/gson/reflect/TypeToken com/google/gson/stream/JsonReader From fa88990234ad468903817f04b86ae9914d8c9e7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Thu, 18 May 2023 15:26:29 +0800 Subject: [PATCH 03/18] fix: custom model --- .../hookpoint/controller/impl/DubboImpl.java | 5 +- .../hookpoint/controller/impl/SourceImpl.java | 2 +- .../hookpoint/service/trace/DubboService.java | 4 +- .../hookpoint/service/trace/FeignService.java | 2 +- .../dongtai/iast/core/utils/ReflectUtils.java | 53 ++++++- .../iast/core/utils/TaintPoolUtils.java | 147 ++++-------------- 6 files changed, 85 insertions(+), 128 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java index 5160b9fbf..a29d68022 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java @@ -43,7 +43,6 @@ public static void solveDubboRequest(Object handler, Object channel, Object requ } - public static void collectDubboRequestSource(Object handler, Object invocation, String methodName, Object[] arguments, Map headers, String hookClass, String hookMethod, String hookSign, @@ -51,7 +50,7 @@ public static void collectDubboRequestSource(Object handler, Object invocation, if (arguments == null || arguments.length == 0) { return; } - Map requestMeta = EngineManager.REQUEST_CONTEXT.get(); + Map requestMeta = EngineManager.REQUEST_CONTEXT.get(); if (requestMeta == null) { return; } @@ -70,7 +69,7 @@ public static void collectDubboRequestSource(Object handler, Object invocation, tgt.add(new TaintPosition("P1")); SourceNode sourceNode = new SourceNode(src, tgt, null); - TaintPoolUtils.trackObject(event, sourceNode, arguments, 0); + TaintPoolUtils.trackObject(event, sourceNode, arguments, 0, true); Map sHeaders = new HashMap(); if (headers != null) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java index 34d6d215b..60a169aaf 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/SourceImpl.java @@ -81,7 +81,7 @@ private static boolean trackTarget(MethodEvent event, SourceNode sourceNode) { return false; } - TaintPoolUtils.trackObject(event, sourceNode, event.returnInstance, 0); + TaintPoolUtils.trackObject(event, sourceNode, event.returnInstance, 0, false); return true; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java index 4bc4926b2..b791c8e45 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/DubboService.java @@ -15,7 +15,7 @@ public class DubboService { public static void solveSyncInvoke(MethodEvent event, Object invocation, String url, Map headers, AtomicInteger invokeIdSequencer) { try { - TaintPoolUtils.trackObject(event, null, event.parameterInstances, 0); + TaintPoolUtils.trackObject(event, null, event.parameterInstances, 0, false); boolean hasTaint = false; int sourceLen = 0; if (!event.getSourceHashes().isEmpty()) { @@ -26,7 +26,7 @@ public static void solveSyncInvoke(MethodEvent event, Object invocation, String if (headers != null && headers.size() > 0) { hasTaint = false; - TaintPoolUtils.trackObject(event, null, headers, 0); + TaintPoolUtils.trackObject(event, null, headers, 0, false); if (event.getSourceHashes().size() > sourceLen) { hasTaint = true; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java index 2d9e3e002..7a377a8da 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/service/trace/FeignService.java @@ -27,7 +27,7 @@ public static void solveSyncInvoke(MethodEvent event, AtomicInteger invokeIdSequ // get args Object args = event.parameterInstances[0]; - TaintPoolUtils.trackObject(event, null, args, 0); + TaintPoolUtils.trackObject(event, null, args, 0, true); boolean hasTaint = false; if (!event.getSourceHashes().isEmpty()) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java index 5eb69a1dc..710147886 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java @@ -2,6 +2,8 @@ import java.lang.reflect.Field; import java.lang.reflect.Method; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.*; /** @@ -55,8 +57,18 @@ public static Method getPublicMethodFromClass(Class cls, String method) throw public static Method getPublicMethodFromClass(Class cls, String methodName, Class[] parameterTypes) throws NoSuchMethodException { Method method = cls.getMethod(methodName, parameterTypes); - method.setAccessible(true); - return method; + return getSecurityPublicMethod(method); + } + + public static Method getSecurityPublicMethod(Method method) throws NoSuchMethodException { + if (hasNotSecurityManager()) { + method.setAccessible(true); + return method; + } + return AccessController.doPrivileged((PrivilegedAction) () -> { + method.setAccessible(true); + return method; + }); } public static Method getDeclaredMethodFromClass(Class cls, String methodName, Class[] parameterTypes) { @@ -66,8 +78,11 @@ public static Method getDeclaredMethodFromClass(Class cls, String methodName, } for (Method method : methods) { if (methodName.equals(method.getName()) && Arrays.equals(parameterTypes, method.getParameterTypes())) { - method.setAccessible(true); - return method; + try { + return getSecurityPublicMethod(method); + } catch (NoSuchMethodException e) { + e.printStackTrace(); + } } } return null; @@ -137,13 +152,35 @@ public static List> getAllInterfaces(Class cls) { private static void getAllInterfaces(Class cls, List> interfaceList) { while (cls != null) { Class[] interfaces = cls.getInterfaces(); - for (int i = 0; i < interfaces.length; i++) { - if (!interfaceList.contains(interfaces[i])) { - interfaceList.add(interfaces[i]); - getAllInterfaces(interfaces[i], interfaceList); + for (Class anInterface : interfaces) { + if (!interfaceList.contains(anInterface)) { + interfaceList.add(anInterface); + getAllInterfaces(anInterface, interfaceList); } } cls = cls.getSuperclass(); } } + + public static Field[] getDeclaredFieldsSecurity(Class cls) { + Objects.requireNonNull(cls); + if (hasNotSecurityManager()) { + return getDeclaredFields(cls); + } + return (Field[]) AccessController.doPrivileged((PrivilegedAction) () -> { + return getDeclaredFields(cls); + }); + } + + private static Field[] getDeclaredFields(Class cls) { + Field[] declaredFields = cls.getDeclaredFields(); + for (Field field : declaredFields) { + field.setAccessible(true); + } + return declaredFields; + } + + private static boolean hasNotSecurityManager() { + return System.getSecurityManager() == null; + } } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java index fc72e25a8..de240d0cc 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java @@ -6,10 +6,9 @@ import io.dongtai.iast.core.handler.hookpoint.models.policy.SourceNode; import io.dongtai.iast.core.handler.hookpoint.models.taint.range.*; import io.dongtai.log.DongTaiLog; -import io.dongtai.log.ErrorCode; import java.lang.reflect.Array; -import java.lang.reflect.Method; +import java.lang.reflect.Field; import java.math.BigDecimal; import java.util.*; @@ -24,16 +23,6 @@ public class TaintPoolUtils { private static final String VALUES_ENUMERATOR = " org.apache.tomcat.util.http.ValuesEnumerator".substring(1); private static final String SPRING_OBJECT = " org.springframework.".substring(1); - /** - * 判断 obj 对象是否为 java 的内置数据类型,包括:string、array、list、map、enum 等 - * - * @param obj Object - * @return boolean - */ - public static boolean isJdkType(Object obj) { - return obj instanceof String || obj instanceof Map || obj instanceof List; - } - public static boolean poolContains(Object obj, MethodEvent event) { if (obj == null) { return false; @@ -146,86 +135,7 @@ public static boolean isAllowTaintType(Object obj) { return isAllowTaintType(obj.getClass()); } - public static boolean isAllowTaintGetterModel(Object model) { - if (!TaintPoolUtils.isNotEmpty(model)) { - return false; - } - Class sourceClass = model.getClass(); - if (sourceClass.getClassLoader() == null) { - return false; - } - if (!TaintPoolUtils.isAllowTaintGetterClass(sourceClass)) { - return false; - } - return true; - } - - public static boolean isAllowTaintGetterClass(Class clazz) { - String className = clazz.getName(); - if (className.startsWith("cn.huoxian.iast.api.") || - className.startsWith("io.dongtai.api.") || - className.startsWith(" org.apache.tomcat".substring(1)) || - className.startsWith(" org.apache.catalina".substring(1)) || - className.startsWith(" org.apache.shiro.web.servlet".substring(1)) || - className.startsWith(" org.eclipse.jetty".substring(1)) || - VALUES_ENUMERATOR.equals(className) || - className.startsWith(SPRING_OBJECT) || - className.contains("RequestWrapper") || - className.contains("ResponseWrapper") - - ) { - return false; - } - - List> interfaces = ReflectUtils.getAllInterfaces(clazz); - for (Class inter : interfaces) { - if (inter.getName().endsWith(".servlet.ServletRequest") - || inter.getName().endsWith(".servlet.ServletResponse")) { - return false; - } - } - - return true; - } - - public static boolean isAllowTaintGetterMethod(Method method) { - String methodName = method.getName(); - if (!methodName.startsWith("get") - || "getClass".equals(methodName) - || "getParserForType".equals(methodName) - || "getDefaultInstance".equals(methodName) - || "getDefaultInstanceForType".equals(methodName) - || "getDescriptor".equals(methodName) - || "getDescriptorForType".equals(methodName) - || "getAllFields".equals(methodName) - || "getInitializationErrorString".equals(methodName) - || "getUnknownFields".equals(methodName) - || "getDetailOrBuilderList".equals(methodName) - || "getAllFieldsMutable".equals(methodName) - || "getAllFieldsRaw".equals(methodName) - || "getOneofFieldDescriptor".equals(methodName) - || "getField".equals(methodName) - || "getFieldRaw".equals(methodName) - || "getRepeatedFieldCount".equals(methodName) - || "getRepeatedField".equals(methodName) - || "getSerializedSize".equals(methodName) - || "getMethodOrDie".equals(methodName) - || "getReader".equals(methodName) - || "getInputStream".equals(methodName) - || "getWriter".equals(methodName) - || "getOutputStream".equals(methodName) - || "getParameterNames".equals(methodName) - || "getParameterMap".equals(methodName) - || "getHeaderNames".equals(methodName) - || methodName.endsWith("Bytes") - || method.getParameterCount() != 0) { - return false; - } - - return isAllowTaintType(method.getReturnType()); - } - - public static void trackObject(MethodEvent event, PolicyNode policyNode, Object obj, int depth) { + public static void trackObject(MethodEvent event, PolicyNode policyNode, Object obj, int depth, Boolean isMicroservice) { if (depth >= 10 || !TaintPoolUtils.isNotEmpty(obj) || !TaintPoolUtils.isAllowTaintType(obj)) { return; } @@ -241,21 +151,21 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object Class cls = obj.getClass(); if (cls.isArray() && !cls.getComponentType().isPrimitive()) { - trackArray(event, policyNode, obj, depth); + trackArray(event, policyNode, obj, depth, isMicroservice); } else if (obj instanceof Iterator && !(obj instanceof Enumeration)) { - trackIterator(event, policyNode, (Iterator) obj, depth); + trackIterator(event, policyNode, (Iterator) obj, depth, isMicroservice); } else if (obj instanceof Map) { - trackMap(event, policyNode, (Map) obj, depth); + trackMap(event, policyNode, (Map) obj, depth, isMicroservice); } else if (obj instanceof Map.Entry) { - trackMapEntry(event, policyNode, (Map.Entry) obj, depth); + trackMapEntry(event, policyNode, (Map.Entry) obj, depth, isMicroservice); } else if (obj instanceof Collection && !(obj instanceof Enumeration)) { if (obj instanceof List) { - trackList(event, policyNode, (List) obj, depth); + trackList(event, policyNode, (List) obj, depth, isMicroservice); } else { - trackIterator(event, policyNode, ((Collection) obj).iterator(), depth); + trackIterator(event, policyNode, ((Collection) obj).iterator(), depth, isMicroservice); } } else if ("java.util.Optional".equals(obj.getClass().getName())) { - trackOptional(event, policyNode, obj, depth); + trackOptional(event, policyNode, obj, depth, isMicroservice); } else { if (isSourceNode) { int len = TaintRangesBuilder.getLength(obj); @@ -276,6 +186,17 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object EngineManager.TAINT_HASH_CODES.add(hash); event.addTargetHash(hash); EngineManager.TAINT_RANGES_POOL.add(hash, tr); + if (isMicroservice && !(obj instanceof String)) { + try { + Field[] declaredFields = ReflectUtils.getDeclaredFieldsSecurity(cls); + for (Field field : declaredFields) { + trackObject(event, policyNode, field.get(obj), depth + 1, isMicroservice); + } + } catch (Throwable e) { + DongTaiLog.debug("solve model failed: {}, {}", + e.getMessage(), e.getCause() != null ? e.getCause().getMessage() : ""); + } + } } else { hash = System.identityHashCode(obj); if (EngineManager.TAINT_HASH_CODES.contains(hash)) { @@ -285,41 +206,41 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object } } - private static void trackArray(MethodEvent event, PolicyNode policyNode, Object arr, int depth) { + private static void trackArray(MethodEvent event, PolicyNode policyNode, Object arr, int depth, Boolean isMicroservice) { int length = Array.getLength(arr); for (int i = 0; i < length; i++) { - trackObject(event, policyNode, Array.get(arr, i), depth + 1); + trackObject(event, policyNode, Array.get(arr, i), depth + 1, isMicroservice); } } - private static void trackIterator(MethodEvent event, PolicyNode policyNode, Iterator it, int depth) { + private static void trackIterator(MethodEvent event, PolicyNode policyNode, Iterator it, int depth, Boolean isMicroservice) { while (it.hasNext()) { - trackObject(event, policyNode, it.next(), depth + 1); + trackObject(event, policyNode, it.next(), depth + 1, isMicroservice); } } - private static void trackMap(MethodEvent event, PolicyNode policyNode, Map map, int depth) { + private static void trackMap(MethodEvent event, PolicyNode policyNode, Map map, int depth, Boolean isMicroservice) { for (Object key : map.keySet()) { - trackObject(event, policyNode, key, depth + 1); - trackObject(event, policyNode, map.get(key), depth + 1); + trackObject(event, policyNode, key, depth + 1, isMicroservice); + trackObject(event, policyNode, map.get(key), depth + 1, isMicroservice); } } - private static void trackMapEntry(MethodEvent event, PolicyNode policyNode, Map.Entry entry, int depth) { - trackObject(event, policyNode, entry.getKey(), depth + 1); - trackObject(event, policyNode, entry.getValue(), depth + 1); + private static void trackMapEntry(MethodEvent event, PolicyNode policyNode, Map.Entry entry, int depth, Boolean isMicroservice) { + trackObject(event, policyNode, entry.getKey(), depth + 1, isMicroservice); + trackObject(event, policyNode, entry.getValue(), depth + 1, isMicroservice); } - private static void trackList(MethodEvent event, PolicyNode policyNode, List list, int depth) { + private static void trackList(MethodEvent event, PolicyNode policyNode, List list, int depth, Boolean isMicroservice) { for (Object obj : list) { - trackObject(event, policyNode, obj, depth + 1); + trackObject(event, policyNode, obj, depth + 1, isMicroservice); } } - private static void trackOptional(MethodEvent event, PolicyNode policyNode, Object obj, int depth) { + private static void trackOptional(MethodEvent event, PolicyNode policyNode, Object obj, int depth, Boolean isMicroservice) { try { Object v = ((Optional) obj).orElse(null); - trackObject(event, policyNode, v, depth + 1); + trackObject(event, policyNode, v, depth + 1, isMicroservice); } catch (Throwable ignore) { } } From 899c214197f93758cfc61224fc114869567c82f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Thu, 18 May 2023 18:05:42 +0800 Subject: [PATCH 04/18] fix: Doesn't work in Java 9+. --- .../dongtai/iast/core/utils/ReflectUtils.java | 24 +++++++++++++++---- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java index 710147886..a47cf3779 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java @@ -1,5 +1,8 @@ package io.dongtai.iast.core.utils; +import io.dongtai.log.DongTaiLog; + +import java.lang.reflect.AccessibleObject; import java.lang.reflect.Field; import java.lang.reflect.Method; import java.security.AccessController; @@ -13,7 +16,7 @@ public class ReflectUtils { public static Field getFieldFromClass(Class cls, String fieldName) throws NoSuchFieldException { Field field = cls.getDeclaredField(fieldName); - field.setAccessible(true); + setAccessible(field); return field; } @@ -21,7 +24,7 @@ public static Field getDeclaredFieldFromClassByName(Class cls, String fieldNa Field[] declaredFields = cls.getDeclaredFields(); for (Field field : declaredFields) { if (fieldName.equals(field.getName())) { - field.setAccessible(true); + setAccessible(field); return field; } } @@ -62,11 +65,11 @@ public static Method getPublicMethodFromClass(Class cls, String methodName, C public static Method getSecurityPublicMethod(Method method) throws NoSuchMethodException { if (hasNotSecurityManager()) { - method.setAccessible(true); + setAccessible(method); return method; } return AccessController.doPrivileged((PrivilegedAction) () -> { - method.setAccessible(true); + setAccessible(method); return method; }); } @@ -175,7 +178,7 @@ public static Field[] getDeclaredFieldsSecurity(Class cls) { private static Field[] getDeclaredFields(Class cls) { Field[] declaredFields = cls.getDeclaredFields(); for (Field field : declaredFields) { - field.setAccessible(true); + setAccessible(field); } return declaredFields; } @@ -183,4 +186,15 @@ private static Field[] getDeclaredFields(Class cls) { private static boolean hasNotSecurityManager() { return System.getSecurityManager() == null; } + + private static void setAccessible(AccessibleObject accessibleObject) { + try{ + if (!accessibleObject.isAccessible()) { + accessibleObject.setAccessible(true); + } + } catch (Throwable e){ + DongTaiLog.debug(e.getMessage()); + } + + } } From 80b1c799b050e3c9326ad8a47caac2f0127e84b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Thu, 18 May 2023 18:24:00 +0800 Subject: [PATCH 05/18] fix: Doesn't work in Java 9+. --- .../src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java index a47cf3779..dc5ac369d 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/ReflectUtils.java @@ -193,7 +193,8 @@ private static void setAccessible(AccessibleObject accessibleObject) { accessibleObject.setAccessible(true); } } catch (Throwable e){ - DongTaiLog.debug(e.getMessage()); + DongTaiLog.debug("setAccessible failed: {}, {}", + e.getMessage(), e.getCause() != null ? e.getCause().getMessage() : ""); } } From 88a98397a084688ab5512c7ef670c0120dd9f809 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Fri, 19 May 2023 11:36:00 +0800 Subject: [PATCH 06/18] fix: method dubbo --- .../iast/core/handler/hookpoint/controller/impl/DubboImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java index a29d68022..09160c649 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java @@ -27,7 +27,7 @@ public static void solveDubboRequest(Object handler, Object channel, Object requ put("requestURL", u.getScheme() + "://" + u.getAuthority() + u.getPath()); put("requestURI", u.getPath()); put("queryString", ""); - put("method", "DUBOO"); + put("method", "DUBBO"); put("protocol", "DUBBO"); put("scheme", u.getScheme()); put("contextPath", ""); From daacb1e80533ecc4c8d22abe5c8d0a5792a07525 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Fri, 19 May 2023 14:25:10 +0800 Subject: [PATCH 07/18] fix: Exclude static fields. --- .../main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java index de240d0cc..1d8998a6a 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java @@ -9,6 +9,7 @@ import java.lang.reflect.Array; import java.lang.reflect.Field; +import java.lang.reflect.Modifier; import java.math.BigDecimal; import java.util.*; @@ -190,7 +191,9 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object try { Field[] declaredFields = ReflectUtils.getDeclaredFieldsSecurity(cls); for (Field field : declaredFields) { - trackObject(event, policyNode, field.get(obj), depth + 1, isMicroservice); + if (!Modifier.isStatic(field.getModifiers())) { + trackObject(event, policyNode, field.get(obj), depth + 1, isMicroservice); + } } } catch (Throwable e) { DongTaiLog.debug("solve model failed: {}, {}", From 074954e0e757be4dcefc5adb3ca819d6b493bafd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Fri, 19 May 2023 18:09:08 +0800 Subject: [PATCH 08/18] fix: update blacklist.txt --- .../com.secnium.iast.resources/blacklist.txt | 106 +++++++++--------- 1 file changed, 53 insertions(+), 53 deletions(-) diff --git a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt index 593c3646c..21c940be6 100644 --- a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt +++ b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt @@ -4735,61 +4735,61 @@ com/fasterxml/jackson/databind/deser/impl/PropertyBasedCreator$CaseInsensitiveMa com/fasterxml/jackson/databind/deser/impl/PropertyBasedObjectIdGenerator com/fasterxml/jackson/databind/deser/impl/SetterlessProperty com/fasterxml/jackson/databind/deser/impl/TypeWrappedDeserializer -# com/fasterxml/jackson/databind/deser/std/ArrayBlockingQueueDeserializer -# com/fasterxml/jackson/databind/deser/std/AtomicBooleanDeserializer -# com/fasterxml/jackson/databind/deser/std/AtomicReferenceDeserializer -# com/fasterxml/jackson/databind/deser/std/BaseNodeDeserializer -# com/fasterxml/jackson/databind/deser/std/BaseNodeDeserializer$1 -# com/fasterxml/jackson/databind/deser/std/ByteBufferDeserializer -# com/fasterxml/jackson/databind/deser/std/CollectionDeserializer -# com/fasterxml/jackson/databind/deser/std/ContainerDeserializerBase -# com/fasterxml/jackson/databind/deser/std/EnumDeserializer -# com/fasterxml/jackson/databind/deser/std/EnumMapDeserializer -# com/fasterxml/jackson/databind/deser/std/EnumSetDeserializer -# com/fasterxml/jackson/databind/deser/std/FromStringDeserializer -# com/fasterxml/jackson/databind/deser/std/FromStringDeserializer$Std -# com/fasterxml/jackson/databind/deser/std/JavaTypeDeserializer -# com/fasterxml/jackson/databind/deser/std/JdkDeserializers -# com/fasterxml/jackson/databind/deser/std/JsonLocationInstantiator -# com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer -# com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$1 -# com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$ArrayDeserializer -# com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$ObjectDeserializer -# com/fasterxml/jackson/databind/deser/std/MapDeserializer -# com/fasterxml/jackson/databind/deser/std/MapEntryDeserializer -# com/fasterxml/jackson/databind/deser/std/NullifyingDeserializer -# com/fasterxml/jackson/databind/deser/std/ObjectArrayDeserializer -# com/fasterxml/jackson/databind/deser/std/StackTraceElementDeserializer -# com/fasterxml/jackson/databind/deser/std/StdDelegatingDeserializer -# com/fasterxml/jackson/databind/deser/std/StdDeserializer -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$BoolKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$ByteKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$CalendarKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$CharKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DateKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DelegatingKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DoubleKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$EnumKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$FloatKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$IntKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$LocaleKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$LongKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$ShortKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$StringCtorKeyDeserializer -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$StringFactoryKeyDeserializer +com/fasterxml/jackson/databind/deser/std/ArrayBlockingQueueDeserializer +com/fasterxml/jackson/databind/deser/std/AtomicBooleanDeserializer +com/fasterxml/jackson/databind/deser/std/AtomicReferenceDeserializer +com/fasterxml/jackson/databind/deser/std/BaseNodeDeserializer +com/fasterxml/jackson/databind/deser/std/BaseNodeDeserializer$1 +com/fasterxml/jackson/databind/deser/std/ByteBufferDeserializer +com/fasterxml/jackson/databind/deser/std/CollectionDeserializer +com/fasterxml/jackson/databind/deser/std/ContainerDeserializerBase +com/fasterxml/jackson/databind/deser/std/EnumDeserializer +com/fasterxml/jackson/databind/deser/std/EnumMapDeserializer +com/fasterxml/jackson/databind/deser/std/EnumSetDeserializer +com/fasterxml/jackson/databind/deser/std/FromStringDeserializer +com/fasterxml/jackson/databind/deser/std/FromStringDeserializer$Std +com/fasterxml/jackson/databind/deser/std/JavaTypeDeserializer +com/fasterxml/jackson/databind/deser/std/JdkDeserializers +com/fasterxml/jackson/databind/deser/std/JsonLocationInstantiator +com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer +com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$1 +com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$ArrayDeserializer +com/fasterxml/jackson/databind/deser/std/JsonNodeDeserializer$ObjectDeserializer +com/fasterxml/jackson/databind/deser/std/MapDeserializer +com/fasterxml/jackson/databind/deser/std/MapEntryDeserializer +com/fasterxml/jackson/databind/deser/std/NullifyingDeserializer +com/fasterxml/jackson/databind/deser/std/ObjectArrayDeserializer +com/fasterxml/jackson/databind/deser/std/StackTraceElementDeserializer +com/fasterxml/jackson/databind/deser/std/StdDelegatingDeserializer +com/fasterxml/jackson/databind/deser/std/StdDeserializer +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$BoolKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$ByteKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$CalendarKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$CharKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DateKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DelegatingKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$DoubleKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$EnumKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$FloatKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$IntKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$LocaleKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$LongKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$ShortKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$StringCtorKeyDeserializer +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$StringFactoryKeyDeserializer # com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$StringKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$UuidKD -# com/fasterxml/jackson/databind/deser/std/StdKeyDeserializers -# com/fasterxml/jackson/databind/deser/std/StdScalarDeserializer -# com/fasterxml/jackson/databind/deser/std/StdValueInstantiator -# com/fasterxml/jackson/databind/deser/std/StringArrayDeserializer -# com/fasterxml/jackson/databind/deser/std/StringCollectionDeserializer +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializer$UuidKD +com/fasterxml/jackson/databind/deser/std/StdKeyDeserializers +com/fasterxml/jackson/databind/deser/std/StdScalarDeserializer +com/fasterxml/jackson/databind/deser/std/StdValueInstantiator +com/fasterxml/jackson/databind/deser/std/StringArrayDeserializer +com/fasterxml/jackson/databind/deser/std/StringCollectionDeserializer # com/fasterxml/jackson/databind/deser/std/StringDeserializer -# com/fasterxml/jackson/databind/deser/std/ThrowableDeserializer -# com/fasterxml/jackson/databind/deser/std/TokenBufferDeserializer -# com/fasterxml/jackson/databind/deser/std/UUIDDeserializer -# com/fasterxml/jackson/databind/deser/std/UntypedObjectDeserializer +com/fasterxml/jackson/databind/deser/std/ThrowableDeserializer +com/fasterxml/jackson/databind/deser/std/TokenBufferDeserializer +com/fasterxml/jackson/databind/deser/std/UUIDDeserializer +com/fasterxml/jackson/databind/deser/std/UntypedObjectDeserializer com/fasterxml/jackson/databind/exc/IgnoredPropertyException com/fasterxml/jackson/databind/exc/InvalidFormatException com/fasterxml/jackson/databind/exc/PropertyBindingException From 67a115dd2ae5ff48df61bd654149decd9baed0b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Fri, 19 May 2023 18:57:25 +0800 Subject: [PATCH 09/18] fix: custom model addSourceHash. --- .../main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java | 4 ++++ .../main/resources/com.secnium.iast.resources/blacklist.txt | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java index 1d8998a6a..d6e1a6062 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java @@ -195,6 +195,10 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object trackObject(event, policyNode, field.get(obj), depth + 1, isMicroservice); } } + hash = System.identityHashCode(obj); + if (EngineManager.TAINT_HASH_CODES.contains(hash)) { + event.addSourceHash(hash); + } } catch (Throwable e) { DongTaiLog.debug("solve model failed: {}, {}", e.getMessage(), e.getCause() != null ? e.getCause().getMessage() : ""); diff --git a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt index 21c940be6..d2641b091 100644 --- a/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt +++ b/dongtai-core/src/main/resources/com.secnium.iast.resources/blacklist.txt @@ -4696,7 +4696,7 @@ com/fasterxml/jackson/databind/cfg/MapperConfigBase com/fasterxml/jackson/databind/cfg/SerializerFactoryConfig com/fasterxml/jackson/databind/deser/AbstractDeserializer com/fasterxml/jackson/databind/deser/BasicDeserializerFactory -com/fasterxml/jackson/databind/deser/BeanDeserializer +# com/fasterxml/jackson/databind/deser/BeanDeserializer com/fasterxml/jackson/databind/deser/BeanDeserializerBase com/fasterxml/jackson/databind/deser/BeanDeserializerBuilder com/fasterxml/jackson/databind/deser/BeanDeserializerModifier From 6846db43fab8eded97d37019026f272e7615491a Mon Sep 17 00:00:00 2001 From: lostsnow Date: Fri, 26 May 2023 16:07:06 +0800 Subject: [PATCH 10/18] reduce frequent log output --- .../main/java/io/dongtai/log/DongTaiLog.java | 100 ++++++++++++++---- .../main/java/io/dongtai/log/ErrorCode.java | 1 + .../java/io.dongtai.log/DongTaiLogTest.java | 52 +++++---- 3 files changed, 111 insertions(+), 42 deletions(-) diff --git a/dongtai-log/src/main/java/io/dongtai/log/DongTaiLog.java b/dongtai-log/src/main/java/io/dongtai/log/DongTaiLog.java index 128629854..aeaf43df6 100644 --- a/dongtai-log/src/main/java/io/dongtai/log/DongTaiLog.java +++ b/dongtai-log/src/main/java/io/dongtai/log/DongTaiLog.java @@ -2,8 +2,8 @@ import java.io.*; import java.text.SimpleDateFormat; -import java.util.Date; -import java.util.TimeZone; +import java.util.*; +import java.util.concurrent.ConcurrentHashMap; import java.util.logging.Level; import java.util.regex.Matcher; @@ -23,9 +23,25 @@ public class DongTaiLog { private static final int YELLOW = 33; private static final int BLUE = 34; + // 5min + public static int FREQUENT_INTERVAL = 300000; + private static final String TITLE = "[io.dongtai.iast.agent] "; private static final String TITLE_COLOR = "[" + colorStr("io.dongtai.iast.agent", BLUE) + "] "; + private static final Set RESTRICTED_ERRORS = new HashSet(Arrays.asList( + ErrorCode.AGENT_MONITOR_COLLECT_PERFORMANCE_METRICS_FAILED, + ErrorCode.AGENT_MONITOR_CHECK_PERFORMANCE_METRICS_FAILED, + ErrorCode.AGENT_MONITOR_GET_DISK_USAGE_FAILED, + ErrorCode.REPORT_SEND_FAILED, + ErrorCode.REPLAY_REQUEST_FAILED, + ErrorCode.GRAPH_BUILD_AND_REPORT_FAILED, + ErrorCode.TAINT_COMMAND_GET_PARAMETERS_FAILED, + ErrorCode.TAINT_COMMAND_RANGE_PROCESS_FAILED + )); + + private static final ConcurrentHashMap ERROR_RECORD_MAP = new ConcurrentHashMap(); + static { if (System.console() != null && !System.getProperty("os.name").toLowerCase().contains("windows")) { ENABLE_COLOR = true; @@ -35,6 +51,35 @@ public class DongTaiLog { LOG_DIR = IastProperties.getLogDir(); } + private static class ErrorRecord { + private long lastWriteTime; + private int count; + + public ErrorRecord() { + this.lastWriteTime = new Date().getTime(); + this.count = 0; + } + + public boolean needWrite() { + long now = new Date().getTime(); + // 5min + return now - this.lastWriteTime > FREQUENT_INTERVAL; + } + + public int getCount() { + return this.count; + } + + public void incrementCount() { + this.count++; + } + + public void rotate() { + this.lastWriteTime = new Date().getTime(); + this.count = 0; + } + } + public static void configure(Integer agentId) throws Exception { ENABLED = IastProperties.isEnabled(); if (!ENABLED) { @@ -142,7 +187,7 @@ private static String colorStr(String msg, int colorCode) { return "\033[" + colorCode + "m" + msg + RESET; } - private static String getPrefix(LogLevel lvl, int code, boolean useColor) { + private static String getPrefix(LogLevel lvl, int code, int cnt, boolean useColor) { String prefix; if (useColor) { prefix = getTime() + TITLE_COLOR + lvl.getColorPrefix(); @@ -154,6 +199,10 @@ private static String getPrefix(LogLevel lvl, int code, boolean useColor) { prefix += "[" + String.valueOf(code) + "] "; } + if (cnt > 0) { + prefix += "[occurred " + String.valueOf(cnt) + " times] "; + } + return prefix; } @@ -168,11 +217,28 @@ private static String getMessage(String msg, Throwable t) { return msg; } - private static void log(LogLevel lvl, int code, String fmt, Object... arguments) { + private static void log(LogLevel lvl, ErrorCode ec, String fmt, Object... arguments) { if (!canLog(lvl)) { return; } + int cnt = 0; + if (RESTRICTED_ERRORS.contains(ec)) { + ErrorRecord er = ERROR_RECORD_MAP.get(ec); + if (er == null) { + ERROR_RECORD_MAP.put(ec, new ErrorRecord()); + } else { + if (!er.needWrite()) { + er.incrementCount(); + return; + } + + cnt = er.getCount(); + er.rotate(); + } + } + + int code = ec.getCode(); Throwable t = null; String msg = fmt; if (arguments.length == 1 && arguments[0] instanceof Throwable) { @@ -192,44 +258,36 @@ private static void log(LogLevel lvl, int code, String fmt, Object... arguments) if (msg.isEmpty()) { return; } - System.out.println(getPrefix(lvl, code, ENABLE_COLOR) + msg); - writeLogToFile(getPrefix(lvl, code, false) + msg, t); + System.out.println(getPrefix(lvl, code, cnt, ENABLE_COLOR) + msg); + writeLogToFile(getPrefix(lvl, code, cnt, false) + msg, t); } public static void trace(String fmt, Object... arguments) { - log(LogLevel.TRACE, 0, fmt, arguments); + log(LogLevel.TRACE, ErrorCode.NO_CODE, fmt, arguments); } public static void debug(String fmt, Object... arguments) { - log(LogLevel.DEBUG, 0, fmt, arguments); + log(LogLevel.DEBUG, ErrorCode.NO_CODE, fmt, arguments); } public static void info(String fmt, Object... arguments) { - log(LogLevel.INFO, 0, fmt, arguments); - } - - public static void warn(int code, String fmt, Object... arguments) { - log(LogLevel.WARN, code, fmt, arguments); + log(LogLevel.INFO, ErrorCode.NO_CODE, fmt, arguments); } public static void warn(ErrorCode ec, Object... arguments) { - log(LogLevel.WARN, ec.getCode(), ec.getMessage(), arguments); + log(LogLevel.WARN, ec, ec.getMessage(), arguments); } public static void warn(String format, Object... arguments) { - log(LogLevel.WARN, 0, format, arguments); - } - - public static void error(int code, String fmt, Object... arguments) { - log(LogLevel.ERROR, code, fmt, arguments); + log(LogLevel.WARN, ErrorCode.NO_CODE, format, arguments); } public static void error(ErrorCode ec, Object... arguments) { - log(LogLevel.ERROR, ec.getCode(), ec.getMessage(), arguments); + log(LogLevel.ERROR, ec, ec.getMessage(), arguments); } public static void error(String format, Object... arguments) { - log(LogLevel.ERROR, 0, format, arguments); + log(LogLevel.ERROR, ErrorCode.NO_CODE, format, arguments); } private static String format(String from, Object... arguments) { diff --git a/dongtai-log/src/main/java/io/dongtai/log/ErrorCode.java b/dongtai-log/src/main/java/io/dongtai/log/ErrorCode.java index 91ab9a415..91e497b9c 100644 --- a/dongtai-log/src/main/java/io/dongtai/log/ErrorCode.java +++ b/dongtai-log/src/main/java/io/dongtai/log/ErrorCode.java @@ -104,6 +104,7 @@ public enum ErrorCode { UTIL_TAINT_PARSE_CUSTOM_MODEL_FAILED(20612, "parse custom model {} getter {} failed"), UNKNOWN(99999, "unknown error"), + NO_CODE(0, "no error code"), ; private final int code; diff --git a/dongtai-log/src/test/java/io.dongtai.log/DongTaiLogTest.java b/dongtai-log/src/test/java/io.dongtai.log/DongTaiLogTest.java index 83620ff2c..eadbb9768 100644 --- a/dongtai-log/src/test/java/io.dongtai.log/DongTaiLogTest.java +++ b/dongtai-log/src/test/java/io.dongtai.log/DongTaiLogTest.java @@ -193,26 +193,6 @@ public void logTest() { Assert.assertEquals("ERROR log message with exception", TITLE + "[ERROR] foo, Exception: java.lang.Exception: bar" + LS, outputStreamCaptor.toString().substring(20)); - clear(); - DongTaiLog.error(110, "foo {} {}", "bar", "baz"); - Assert.assertEquals("ERROR log format", TITLE + "[ERROR] [110] foo bar baz" + LS, - outputStreamCaptor.toString().substring(20)); - clear(); - DongTaiLog.error(110, "foo {} {}", "bar", "baz", new Exception("bar")); - Assert.assertEquals("ERROR log format with code and exception", - TITLE + "[ERROR] [110] foo bar baz, Exception: java.lang.Exception: bar" + LS, - outputStreamCaptor.toString().substring(20)); - - clear(); - DongTaiLog.error(110, "foo {}", "bar", "baz", new Exception("bar")); - Assert.assertEquals("ERROR log format less with code and exception", - TITLE + "[ERROR] [110] foo bar, Exception: java.lang.Exception: bar" + LS, - outputStreamCaptor.toString().substring(20)); - clear(); - DongTaiLog.error(110, "foo {} {} {}", "bar", "baz", new Exception("bar")); - Assert.assertEquals("ERROR log format more with code and exception", - TITLE + "[ERROR] [110] foo bar baz {}, Exception: java.lang.Exception: bar" + LS, - outputStreamCaptor.toString().substring(20)); int code; String fmt; @@ -243,7 +223,6 @@ public void logTest() { clear(); DongTaiLog.error(ErrorCode.get("NOT EXISTS")); code = ErrorCode.UNKNOWN.getCode(); - fmt = String.format(ErrorCode.UNKNOWN.getMessage()); Assert.assertEquals("ERROR log with ErrorCode invalid name", TITLE + "[ERROR] [" + code + "] NOT EXISTS" + LS, outputStreamCaptor.toString().substring(20)); @@ -253,6 +232,37 @@ public void logTest() { TITLE + "[ERROR] [" + code + "] NOT EXISTS" + LS, outputStreamCaptor.toString().substring(20)); + // System.setOut(standardOut); + int fi = DongTaiLog.FREQUENT_INTERVAL; + DongTaiLog.FREQUENT_INTERVAL = 3000; + code = ErrorCode.REPORT_SEND_FAILED.getCode(); + fmt = String.format(ErrorCode.REPORT_SEND_FAILED.getMessage().replaceAll("\\{\\}", "%s"), "a", "b"); + for (int i = 0; i < 8; i++) { + clear(); + DongTaiLog.error(ErrorCode.REPORT_SEND_FAILED, "a", "b"); + if (i == 0) { + String msg = outputStreamCaptor.toString(); + Assert.assertTrue("ERROR log with frequent log " + i, msg.length() > 20); + Assert.assertEquals("ERROR log with frequent log " + i, + TITLE + "[ERROR] [" + code + "] " + fmt + LS, + msg.substring(20)); + } else if (i % 3 == 0) { + String msg = outputStreamCaptor.toString(); + Assert.assertTrue("ERROR log with frequent log " + i, msg.length() > 20); + Assert.assertEquals("ERROR log with frequent log " + i, + TITLE + "[ERROR] [" + code + "] [occurred 2 times] " + fmt + LS, + outputStreamCaptor.toString().substring(20)); + } else { + Assert.assertEquals("ERROR log with frequent log " + i, + "", outputStreamCaptor.toString()); + } + try { + Thread.sleep(1000); + } catch (InterruptedException ignore) { + } + } + DongTaiLog.FREQUENT_INTERVAL = fi; + clear(); } } From fd2e74097fb82c66d2533d3a1eb16e567f3dfb11 Mon Sep 17 00:00:00 2001 From: lostsnow Date: Tue, 30 May 2023 14:06:26 +0800 Subject: [PATCH 11/18] add fluent multi line parser --- .../java/io/dongtai/iast/agent/LogCollector.java | 13 +++++++++---- dongtai-agent/src/main/resources/bin/fluent.conf | 2 ++ .../src/main/resources/bin/parsers_multiline.conf | 6 ++++++ 3 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 dongtai-agent/src/main/resources/bin/parsers_multiline.conf diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/LogCollector.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/LogCollector.java index dcd3c4f02..7690aa32b 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/LogCollector.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/LogCollector.java @@ -22,6 +22,15 @@ public static void extractFluent() { } try { if (!isMacOs() && !isWindows()) { + String agentId = String.valueOf(AgentRegisterReport.getAgentId()); + FLUENT_FILE_CONF = IastProperties.getInstance().getTmpDir() + "fluent-" + agentId + ".conf"; + FileUtils.getResourceToFile("bin/fluent.conf", FLUENT_FILE_CONF); + FileUtils.confReplace(FLUENT_FILE_CONF); + + String multiParserFile = IastProperties.getInstance().getTmpDir() + "parsers_multiline.conf"; + FileUtils.getResourceToFile("bin/parsers_multiline.conf", multiParserFile); + FileUtils.confReplace(multiParserFile); + FLUENT_FILE = IastProperties.getInstance().getTmpDir() + "fluent"; File f = new File(FLUENT_FILE); if (f.exists()) { @@ -34,10 +43,6 @@ public static void extractFluent() { FileUtils.getResourceToFile("bin/fluent", FLUENT_FILE); } - String agentId = String.valueOf(AgentRegisterReport.getAgentId()); - FLUENT_FILE_CONF = IastProperties.getInstance().getTmpDir() + "fluent-" + agentId + ".conf"; - FileUtils.getResourceToFile("bin/fluent.conf", FLUENT_FILE_CONF); - FileUtils.confReplace(FLUENT_FILE_CONF); if (!(new File(FLUENT_FILE)).setExecutable(true)) { DongTaiLog.warn(ErrorCode.FLUENT_SET_EXECUTABLE_FAILED, FLUENT_FILE); } diff --git a/dongtai-agent/src/main/resources/bin/fluent.conf b/dongtai-agent/src/main/resources/bin/fluent.conf index ef9203ca8..233b8eaa9 100644 --- a/dongtai-agent/src/main/resources/bin/fluent.conf +++ b/dongtai-agent/src/main/resources/bin/fluent.conf @@ -3,6 +3,7 @@ Daemon OFF Log_Level error HTTP_Server Off + parsers_file parsers_multiline.conf [INPUT] Name tail Path ${LOG_PATH} @@ -13,6 +14,7 @@ Buffer_Max_Size 16MB Skip_Long_Lines On Read_from_Head true + multiline.parser multiline-regex-test [FILTER] Name record_modifier Match * diff --git a/dongtai-agent/src/main/resources/bin/parsers_multiline.conf b/dongtai-agent/src/main/resources/bin/parsers_multiline.conf new file mode 100644 index 000000000..ace190d99 --- /dev/null +++ b/dongtai-agent/src/main/resources/bin/parsers_multiline.conf @@ -0,0 +1,6 @@ +[MULTILINE_PARSER] + name multiline-regex-test + type regex + flush_timeout 1000 + rule "start_state" "/(\d+\d+\-\d+\-\d+ \d+\:\d+\:\d+)(.*)/" "cont" + rule "cont" "/(^\s+at.*|^Caused.*|^\s+\.\.\..*)/" "cont" \ No newline at end of file From e6180bc40fad478b74cc98c1fbe60b4b2c2fd171 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 6 Jun 2023 17:05:18 +0800 Subject: [PATCH 12/18] fix: String hash enhance. --- .../io/dongtai/iast/core/EngineManager.java | 8 ++-- .../hookpoint/controller/impl/DubboImpl.java | 2 +- .../controller/impl/PropagatorImpl.java | 11 +++-- .../handler/hookpoint/models/MethodEvent.java | 20 ++++----- .../dynamic/DynamicPropagatorScanner.java | 2 +- .../vulscan/dynamic/PathTraversalCheck.java | 2 +- .../vulscan/dynamic/SSRFSourceCheck.java | 3 +- .../dynamic/UnvalidatedRedirectCheck.java | 4 +- .../io/dongtai/iast/core/utils/HashCode.java | 2 +- .../iast/core/utils/TaintPoolUtils.java | 41 +++++++++++++++---- .../utils/threadlocal/IastTaintHashCodes.java | 18 ++++---- .../utils/threadlocal/TaintRangesPool.java | 8 ++-- 12 files changed, 74 insertions(+), 47 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/EngineManager.java b/dongtai-core/src/main/java/io/dongtai/iast/core/EngineManager.java index 3bca2f889..d6924df75 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/EngineManager.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/EngineManager.java @@ -136,16 +136,16 @@ public static void enterHttpEntry(Map requestMeta) { } REQUEST_CONTEXT.set(requestMeta); TRACK_MAP.set(new HashMap(1024)); - TAINT_HASH_CODES.set(new HashSet()); - TAINT_RANGES_POOL.set(new HashMap()); + TAINT_HASH_CODES.set(new HashSet()); + TAINT_RANGES_POOL.set(new HashMap()); ScopeManager.SCOPE_TRACKER.getScope(Scope.HTTP_ENTRY).enter(); } public static void enterDubboEntry(Map requestMeta) { REQUEST_CONTEXT.set(requestMeta); TRACK_MAP.set(new HashMap(1024)); - TAINT_HASH_CODES.set(new HashSet()); - TAINT_RANGES_POOL.set(new HashMap()); + TAINT_HASH_CODES.set(new HashSet()); + TAINT_RANGES_POOL.set(new HashMap()); ScopeManager.SCOPE_TRACKER.getScope(Scope.DUBBO_ENTRY).enter(); } } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java index 09160c649..3e1fbfc40 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/DubboImpl.java @@ -101,7 +101,7 @@ public static void collectDubboRequestSource(Object handler, Object invocation, // for display taint range (full arguments value) String fv = event.parameterValues.get(0).getValue(); - int hash = System.identityHashCode(fv); + long hash = TaintPoolUtils.toStringHash(fv.hashCode(),System.identityHashCode(fv)); int len = TaintRangesBuilder.getLength(fv); TaintRanges tr = new TaintRanges(new TaintRange(0, len)); event.targetRanges.add(0, new MethodEvent.MethodEventTargetRange(hash, tr)); diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java index 369f8e9ab..e409c581c 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java @@ -165,7 +165,7 @@ private static boolean setTarget(PropagatorNode propagatorNode, MethodEvent even } private static TaintRanges getTaintRanges(Object obj) { - int hash = System.identityHashCode(obj); + long hash = TaintPoolUtils.getStringHash(obj); TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(hash); if (tr == null) { tr = new TaintRanges(); @@ -209,7 +209,7 @@ private static void trackTaintRange(PropagatorNode propagatorNode, MethodEvent e } } - int tgtHash = 0; + long tgtHash = 0; Object tgt = null; Set targetLocs = propagatorNode.getTargets(); // may have multiple targets? @@ -218,17 +218,16 @@ private static void trackTaintRange(PropagatorNode propagatorNode, MethodEvent e } if (TaintPosition.hasObject(targetLocs)) { tgt = event.objectInstance; - tgtHash = System.identityHashCode(tgt); + tgtHash = TaintPoolUtils.getStringHash(tgt); oldTaintRanges = getTaintRanges(tgt); } else if (TaintPosition.hasReturn(targetLocs)) { - tgt = event.returnInstance; - tgtHash = System.identityHashCode(tgt); + tgtHash = TaintPoolUtils.getStringHash(tgt); } else if (TaintPosition.hasParameter(targetLocs)) { for (TaintPosition targetLoc : targetLocs) { int parameterIndex = targetLoc.getParameterIndex(); if (event.parameterInstances.length > parameterIndex) { tgt = event.parameterInstances[parameterIndex]; - tgtHash = System.identityHashCode(tgt); + tgtHash = TaintPoolUtils.getStringHash(tgt); oldTaintRanges = getTaintRanges(tgt); } } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java index 856878b7c..7a3eb43e0 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/MethodEvent.java @@ -82,9 +82,9 @@ public class MethodEvent { */ public String returnValue; - private final Set sourceHashes = new HashSet(); + private final Set sourceHashes = new HashSet(); - private final Set targetHashes = new HashSet(); + private final Set targetHashes = new HashSet(); public List targetRanges = new ArrayList(); @@ -118,10 +118,10 @@ public JSONObject toJson() { } public static class MethodEventSourceType { - private final Integer hash; + private final Long hash; private final String type; - public MethodEventSourceType(Integer hash, String type) { + public MethodEventSourceType(Long hash, String type) { this.hash = hash; this.type = type; } @@ -135,10 +135,10 @@ public JSONObject toJson() { } public static class MethodEventTargetRange { - private final Integer hash; + private final Long hash; private final TaintRanges ranges; - public MethodEventTargetRange(Integer hash, TaintRanges ranges) { + public MethodEventTargetRange(Long hash, TaintRanges ranges) { this.hash = hash; this.ranges = ranges; } @@ -234,19 +234,19 @@ private String formatValue(Object val, boolean hasTaint) { + (hasTaint ? "*" : "") + String.valueOf(str.length()); } - public Set getSourceHashes() { + public Set getSourceHashes() { return sourceHashes; } - public void addSourceHash(int hashcode) { + public void addSourceHash(long hashcode) { this.sourceHashes.add(hashcode); } - public Set getTargetHashes() { + public Set getTargetHashes() { return targetHashes; } - public void addTargetHash(int hashCode) { + public void addTargetHash(long hashCode) { this.targetHashes.add(hashCode); } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java index 0a0f78583..a29f98f24 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java @@ -122,7 +122,7 @@ private boolean sinkSourceHitTaintPool(MethodEvent event, SinkNode sinkNode) { if (VulnType.REFLECTED_XSS.equals(sinkNode.getVulType()) && !sourceInstances.isEmpty()) { boolean tagsHit = false; for (Object sourceInstance : sourceInstances) { - int hash = System.identityHashCode(sourceInstance); + long hash = TaintPoolUtils.getStringHash(sourceInstance); TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(hash); if (tr == null || tr.isEmpty()) { continue; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/PathTraversalCheck.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/PathTraversalCheck.java index b816b6ca1..86d78f9f6 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/PathTraversalCheck.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/PathTraversalCheck.java @@ -112,7 +112,7 @@ private boolean checkPath(String path, MethodEvent event) { return false; } - TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(System.identityHashCode(path)); + TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(TaintPoolUtils.toStringHash(path.hashCode(),System.identityHashCode(path))); if (tr.isEmpty()) { return false; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/SSRFSourceCheck.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/SSRFSourceCheck.java index fbf6e7694..762db078f 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/SSRFSourceCheck.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/SSRFSourceCheck.java @@ -361,7 +361,8 @@ private boolean addSourceType(MethodEvent event, Map sourceMap) private boolean checkTaintPool(MethodEvent event, String key, Object value) { if (!"".equals(value) && TaintPoolUtils.poolContains(value, event)) { - event.sourceTypes.add(new MethodEvent.MethodEventSourceType(System.identityHashCode(value), key)); + long hash = TaintPoolUtils.getStringHash(value); + event.sourceTypes.add(new MethodEvent.MethodEventSourceType(hash, key)); return true; } return false; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/UnvalidatedRedirectCheck.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/UnvalidatedRedirectCheck.java index b4b7006d2..4bd523eed 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/UnvalidatedRedirectCheck.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/UnvalidatedRedirectCheck.java @@ -125,8 +125,8 @@ private boolean checkValue(Object val, MethodEvent event) { if (!TaintPoolUtils.poolContains(val, event)) { return false; } - - TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(System.identityHashCode(val)); + long hash = TaintPoolUtils.getStringHash(val); + TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(hash); if (tr.isEmpty()) { return false; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/HashCode.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/HashCode.java index 06b9f0bff..06a694e43 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/HashCode.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/HashCode.java @@ -4,7 +4,7 @@ * @author dongzhiyong@huoxian.cn */ public class HashCode { - public static int calc(Object obj) { + public static long calc(Object obj) { if (obj instanceof String) { return ((String) obj).hashCode(); } else { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java index d6e1a6062..00fe94da3 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java @@ -29,11 +29,12 @@ public static boolean poolContains(Object obj, MethodEvent event) { return false; } + long hash = getStringHash(obj); boolean isContains; // check object hash exists - isContains = contains(obj); + isContains = contains(hash); if (isContains) { - event.addSourceHash(System.identityHashCode(obj)); + event.addSourceHash(hash); return true; } @@ -59,11 +60,11 @@ public static boolean poolContains(Object obj, MethodEvent event) { /** * 判断污点是否匹配 * - * @param obj Object + * @param hash long * @return boolean */ - private static boolean contains(Object obj) { - return EngineManager.TAINT_HASH_CODES.contains(System.identityHashCode(obj)); + private static boolean contains(long hash) { + return EngineManager.TAINT_HASH_CODES.contains(hash); } /** @@ -141,10 +142,17 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object return; } - int hash = 0; + long hash = 0; + long identityHash = 0; boolean isSourceNode = policyNode instanceof SourceNode; if (isSourceNode) { - hash = System.identityHashCode(obj); + if (obj instanceof String){ + identityHash = System.identityHashCode(obj); + hash = toStringHash(obj.hashCode(),identityHash); + }else { + hash = System.identityHashCode(obj); + identityHash = hash; + } if (EngineManager.TAINT_HASH_CODES.contains(hash)) { return; } @@ -170,7 +178,7 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object } else { if (isSourceNode) { int len = TaintRangesBuilder.getLength(obj); - if (hash == 0 || len == 0) { + if (identityHash == 0 || len == 0) { return; } @@ -205,7 +213,7 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object } } } else { - hash = System.identityHashCode(obj); + hash = getStringHash(obj); if (EngineManager.TAINT_HASH_CODES.contains(hash)) { event.addSourceHash(hash); } @@ -251,4 +259,19 @@ private static void trackOptional(MethodEvent event, PolicyNode policyNode, Obje } catch (Throwable ignore) { } } + + public static Long toStringHash(long objectHashCode,long identityHashCode) { + return (objectHashCode << 32) | (identityHashCode & 0xFFFFFFFFL); + } + + public static Long getStringHash(Object obj) { + long hash; + if (obj instanceof String){ + hash = TaintPoolUtils.toStringHash(obj.hashCode(),System.identityHashCode(obj)); + }else { + hash = System.identityHashCode(obj); + } + return hash; + } + } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/IastTaintHashCodes.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/IastTaintHashCodes.java index d0e667dd9..96c817b7c 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/IastTaintHashCodes.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/IastTaintHashCodes.java @@ -11,9 +11,9 @@ /** * @author dongzhiyong@huoxian.cn */ -public class IastTaintHashCodes extends ThreadLocal> { +public class IastTaintHashCodes extends ThreadLocal> { @Override - protected HashSet initialValue() { + protected HashSet initialValue() { return null; } @@ -21,14 +21,14 @@ public boolean isEmpty() { return this.get() == null || this.get().isEmpty(); } - public boolean contains(Integer hashCode) { + public boolean contains(Long hashCode) { if (this.get() == null) { return false; } return this.get().contains(hashCode); } - public void add(Integer hashCode) { + public void add(Long hashCode) { if (this.get() == null) { return; } @@ -41,16 +41,20 @@ public void addObject(Object obj, MethodEvent event) { } try { - int subHashCode = 0; + long subHashCode = 0; if (obj instanceof String[]) { String[] tempObjs = (String[]) obj; for (String tempObj : tempObjs) { - subHashCode = System.identityHashCode(tempObj); + subHashCode = TaintPoolUtils.toStringHash(tempObj.hashCode(),System.identityHashCode(tempObj)); this.add(subHashCode); event.addTargetHash(subHashCode); } } else if (obj instanceof Map) { - int hashCode = System.identityHashCode(obj); + long hashCode = System.identityHashCode(obj); + this.add(hashCode); + event.addTargetHash(hashCode); + } else if (obj instanceof String){ + long hashCode = TaintPoolUtils.toStringHash(obj.hashCode(),System.identityHashCode(obj)); this.add(hashCode); event.addTargetHash(hashCode); } else if (obj.getClass().isArray() && !obj.getClass().getComponentType().isPrimitive()) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/TaintRangesPool.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/TaintRangesPool.java index bb970d554..b334be906 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/TaintRangesPool.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/threadlocal/TaintRangesPool.java @@ -4,17 +4,17 @@ import java.util.Map; -public class TaintRangesPool extends ThreadLocal> { +public class TaintRangesPool extends ThreadLocal> { @Override - protected Map initialValue() { + protected Map initialValue() { return null; } - public void add(Integer hash, TaintRanges taintRanges) { + public void add(Long hash, TaintRanges taintRanges) { this.get().put(hash, taintRanges); } - public TaintRanges get(int hash) { + public TaintRanges get(long hash) { return this.get().get(hash); } } From 3b805edad7fb2b0abb70cf5fd6ae2661436e56b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Tue, 6 Jun 2023 18:31:53 +0800 Subject: [PATCH 13/18] fix: add property "disabled_features". --- .../java/io/dongtai/iast/agent/Agent.java | 1 + .../io/dongtai/iast/agent/IastProperties.java | 1 + .../common/constants/PropertyConstant.java | 2 +- .../enhance/plugin/PluginRegister.java | 9 ++----- .../iast/core/utils/PropertyUtils.java | 27 ++++++++++++++++++- .../iast/core/utils/TaintPoolUtils.java | 2 +- 6 files changed, 32 insertions(+), 10 deletions(-) diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java index d38df004a..121bb71ec 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/Agent.java @@ -39,6 +39,7 @@ private static String[] parseAgentArgs(String[] args) throws ParseException { attachOptions.addOption(build("log_path", "log_path", "optional: DongTai agent log print path.")); attachOptions.addOption(build("log_disable_collector", "log_disable_collector", "optional: DongTai agent disable log collector.")); attachOptions.addOption(build("disabled_plugins", "disabled_plugins", "optional: DongTai agent disable plugins.")); + attachOptions.addOption(build("disabled_features", "disabled_features", "optional: DongTai agent disable features.")); CommandLineParser parser = new DefaultParser(); HelpFormatter formatter = new HelpFormatter(); diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java index 82e20d931..d793dddb2 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/IastProperties.java @@ -34,6 +34,7 @@ public class IastProperties { put("log_disable_collector", PropertyConstant.PROPERTY_LOG_DISABLE_COLLECTOR); put("uuid_path", PropertyConstant.PROPERTY_UUID_PATH); put("disabled_plugins", PropertyConstant.PROPERTY_DISABLED_PLUGINS); + put("disabled_features", PropertyConstant.PROPERTY_DISABLED_FEATURES); }}; private static IastProperties instance; diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java index e6b936ff5..b7e54b30a 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/PropertyConstant.java @@ -25,7 +25,6 @@ public class PropertyConstant { public static final String PROPERTY_JAR_API_URL = "iast.jar.api.url"; public static final String PROPERTY_LOG_ADDRESS = "dongtai.log.address"; public static final String PROPERTY_LOG_PORT = "dongtai.log.port"; - public static final String PROPERTY_FALLBACK_VERSION = "dongtai.fallback.version"; public static final String PROPERTY_DUMP_CLASS_PATH = "iast.dump.class.path"; public static final String PROPERTY_DUMP_CLASS_ENABLE = "iast.dump.class.enable"; public static final String PROPERTY_SERVICE_HEARTBEAT_INTERVAL = "iast.service.heartbeat.interval"; @@ -33,4 +32,5 @@ public class PropertyConstant { public static final String PROPERTY_POLICY_PATH = "dongtai.policy.path"; public static final String PROPERTY_UUID_PATH = "dongtai.uuid.path"; public static final String PROPERTY_DISABLED_PLUGINS = "dongtai.disabled.plugins"; + public static final String PROPERTY_DISABLED_FEATURES = "dongtai.disabled_features"; } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java index 775fadc5a..ed7b2e786 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/bytecode/enhance/plugin/PluginRegister.java @@ -12,6 +12,7 @@ import io.dongtai.iast.core.bytecode.enhance.plugin.spring.DispatchApiCollector; import io.dongtai.iast.core.handler.hookpoint.models.policy.Policy; import io.dongtai.iast.core.handler.hookpoint.models.policy.PolicyManager; +import io.dongtai.iast.core.utils.PropertyUtils; import org.objectweb.asm.ClassVisitor; import java.util.*; @@ -28,7 +29,7 @@ public class PluginRegister { public PluginRegister() { this.plugins = new ArrayList<>(); - List disabledPlugins = getdisabledPlugins(); + List disabledPlugins = PropertyUtils.getDisabledPlugins(); List allPlugins = new ArrayList<>(Arrays.asList( new DispatchApiCollector(), new DispatchJ2ee(), @@ -43,12 +44,6 @@ public PluginRegister() { this.plugins.add(new DispatchClassPlugin()); } - private List getdisabledPlugins() { - return Optional.ofNullable(System.getProperty("dongtai.disabled.plugins")) - .map(s -> Arrays.asList(s.split(","))) - .orElse(null); - } - public ClassVisitor initial(ClassVisitor classVisitor, ClassContext context, PolicyManager policyManager) { Policy policy = policyManager.getPolicy(); if (policy == null) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java index 4d2088c7e..6ee3c2e7a 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/PropertyUtils.java @@ -6,7 +6,7 @@ import java.io.File; import java.io.FileInputStream; -import java.util.Properties; +import java.util.*; /** * @author dongzhiyong@huoxian.cn @@ -28,6 +28,8 @@ public class PropertyUtils { private String debugFlag; private Integer responseLength; private String policyPath; + private static List disabledFeatureList; + private static Boolean isDisabledCustomModel; private final String propertiesFilePath; @@ -198,4 +200,27 @@ public String getPolicyPath() { } return this.policyPath; } + + public static List getDisabledPlugins() { + return Optional.ofNullable(System.getProperty("dongtai.disabled.plugins")) + .map(s -> Arrays.asList(s.split(","))) + .orElse(null); + } + + public static List getDisabledFeatures() { + if (null == disabledFeatureList){ + disabledFeatureList = Optional.ofNullable(System.getProperty("dongtai.disabled.features")) + .map(s -> Arrays.asList(s.split(","))) + .orElse(new ArrayList<>()); + } + return disabledFeatureList; + } + + public static Boolean isDisabledCustomModel() { + if (null == isDisabledCustomModel){ + List disabledFeatures = getDisabledFeatures(); + isDisabledCustomModel = disabledFeatures.contains("custom-model-collection"); + } + return isDisabledCustomModel; + } } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java index 00fe94da3..029df4a04 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java @@ -195,7 +195,7 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object EngineManager.TAINT_HASH_CODES.add(hash); event.addTargetHash(hash); EngineManager.TAINT_RANGES_POOL.add(hash, tr); - if (isMicroservice && !(obj instanceof String)) { + if (isMicroservice && !(obj instanceof String) && !PropertyUtils.isDisabledCustomModel()) { try { Field[] declaredFields = ReflectUtils.getDeclaredFieldsSecurity(cls); for (Field field : declaredFields) { From 1713cf4859a59a58e4eecde05a0f9bfa3958f12a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Wed, 7 Jun 2023 10:54:32 +0800 Subject: [PATCH 14/18] fix: custom model property. --- .../iast/core/utils/TaintPoolUtils.java | 38 ++++++++++--------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java index 029df4a04..465496eed 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/utils/TaintPoolUtils.java @@ -195,23 +195,7 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object EngineManager.TAINT_HASH_CODES.add(hash); event.addTargetHash(hash); EngineManager.TAINT_RANGES_POOL.add(hash, tr); - if (isMicroservice && !(obj instanceof String) && !PropertyUtils.isDisabledCustomModel()) { - try { - Field[] declaredFields = ReflectUtils.getDeclaredFieldsSecurity(cls); - for (Field field : declaredFields) { - if (!Modifier.isStatic(field.getModifiers())) { - trackObject(event, policyNode, field.get(obj), depth + 1, isMicroservice); - } - } - hash = System.identityHashCode(obj); - if (EngineManager.TAINT_HASH_CODES.contains(hash)) { - event.addSourceHash(hash); - } - } catch (Throwable e) { - DongTaiLog.debug("solve model failed: {}, {}", - e.getMessage(), e.getCause() != null ? e.getCause().getMessage() : ""); - } - } + TaintPoolUtils.customModel(isMicroservice,obj,cls,event,policyNode,depth); } else { hash = getStringHash(obj); if (EngineManager.TAINT_HASH_CODES.contains(hash)) { @@ -221,6 +205,26 @@ public static void trackObject(MethodEvent event, PolicyNode policyNode, Object } } + private static void customModel(Boolean isMicroservice, Object obj, Class cls, MethodEvent event,PolicyNode policyNode,int depth) { + if (isMicroservice && !(obj instanceof String) && !PropertyUtils.isDisabledCustomModel()) { + try { + Field[] declaredFields = ReflectUtils.getDeclaredFieldsSecurity(cls); + for (Field field : declaredFields) { + if (!Modifier.isStatic(field.getModifiers())) { + trackObject(event, policyNode, field.get(obj), depth + 1, isMicroservice); + } + } + long hash = System.identityHashCode(obj); + if (EngineManager.TAINT_HASH_CODES.contains(hash)) { + event.addSourceHash(hash); + } + } catch (Throwable e) { + DongTaiLog.debug("solve model failed: {}, {}", + e.getMessage(), e.getCause() != null ? e.getCause().getMessage() : ""); + } + } + } + private static void trackArray(MethodEvent event, PolicyNode policyNode, Object arr, int depth, Boolean isMicroservice) { int length = Array.getLength(arr); for (int i = 0; i < length; i++) { From 13868b4ffe6ee48ec2074ae175bbf7013cbbb124 Mon Sep 17 00:00:00 2001 From: lostsnow Date: Fri, 9 Jun 2023 12:32:16 +0800 Subject: [PATCH 15/18] add sink taint tag check --- .../models/taint/range/TaintRanges.java | 6 ++ .../hookpoint/models/taint/tag/TaintTag.java | 4 + .../handler/hookpoint/vulscan/VulnType.java | 8 ++ .../dynamic/DynamicPropagatorScanner.java | 83 ++++++++++++++----- 4 files changed, 81 insertions(+), 20 deletions(-) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java index 21192a290..287998967 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/range/TaintRanges.java @@ -58,6 +58,9 @@ public void untag(String[] untags) { } public boolean hasRequiredTaintTags(TaintTag[] tags) { + if (tags == null) { + return true; + } int total = tags.length; Map found = new HashMap(); for (TaintTag tag : tags) { @@ -71,6 +74,9 @@ public boolean hasRequiredTaintTags(TaintTag[] tags) { } public boolean hasDisallowedTaintTags(TaintTag[] tags) { + if (tags == null) { + return false; + } for (TaintTag tag : tags) { for (TaintRange taintRange : this.taintRanges) { if (tag.equals(taintRange.getName())) { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java index 52e7b9b13..729e88b49 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/models/taint/tag/TaintTag.java @@ -27,9 +27,13 @@ public enum TaintTag { FTL_DECODED("ftl-decoded"), CSS_ENCODED("css-encoded"), XPATH_ENCODED("xpath-encoded"), + XPATH_DECODED("xpath-decoded"), LDAP_ENCODED("ldap-encoded"), + LDAP_DECODED("ldap-decoded"), OS_ENCODED("os-encoded"), VBSCRIPT_ENCODED("vbscript-encoded"), + HTTP_TOKEN_LIMITED_CHARS("http-token-limited-chars"), + NUMERIC_LIMITED_CHARS("numeric-limited-chars"), ; private final String key; diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/VulnType.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/VulnType.java index 995bb990b..5c60c3c78 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/VulnType.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/VulnType.java @@ -15,6 +15,14 @@ public enum VulnType { CRYPTO_BAD_MAC("crypto-bad-mac", "high", false), COOKIE_FLAGS_MISSING("cookie-flags-missing", "high", true), REFLECTED_XSS("reflected-xss", "medium", true), + SQL_INJECTION("sql-injection", "high", true), + HQL_INJECTION("hql-injection", "high", true), + LDAP_INJECTION("ldap-injection", "high", true), + CMD_INJECTION("cmd-injection", "high", true), + XPATH_INJECTION("xpath-injection", "high", true), + PATH_TRAVERSAL("path-traversal", "high", true), + XXE("xxe", "medium", true), + UNVALIDATED_REDIRECT("unvalidated-redirect", "low", true), ; public String getName() { diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java index a29f98f24..3104929a2 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/DynamicPropagatorScanner.java @@ -36,6 +36,50 @@ public class DynamicPropagatorScanner implements IVulScan { new HttpService() )); + // VulnType => List + private static final Map> TAINT_TAG_CHECKS = new HashMap>() {{ + put(VulnType.REFLECTED_XSS.getName(), Arrays.asList( + new TaintTag[]{TaintTag.UNTRUSTED, TaintTag.CROSS_SITE}, + new TaintTag[]{TaintTag.BASE64_ENCODED, TaintTag.HTML_ENCODED, TaintTag.LDAP_ENCODED, + TaintTag.SQL_ENCODED, TaintTag.URL_ENCODED, TaintTag.XML_ENCODED, TaintTag.XPATH_ENCODED, + TaintTag.XSS_ENCODED, TaintTag.HTTP_TOKEN_LIMITED_CHARS, TaintTag.NUMERIC_LIMITED_CHARS} + )); + put(VulnType.SQL_INJECTION.getName(), Arrays.asList( + new TaintTag[]{TaintTag.UNTRUSTED}, + new TaintTag[]{TaintTag.SQL_ENCODED, TaintTag.HTTP_TOKEN_LIMITED_CHARS, TaintTag.NUMERIC_LIMITED_CHARS} + )); + put(VulnType.HQL_INJECTION.getName(), Arrays.asList( + new TaintTag[]{TaintTag.UNTRUSTED}, + new TaintTag[]{TaintTag.SQL_ENCODED, TaintTag.HTTP_TOKEN_LIMITED_CHARS, TaintTag.NUMERIC_LIMITED_CHARS} + )); + put(VulnType.LDAP_INJECTION.getName(), Arrays.asList( + new TaintTag[]{TaintTag.UNTRUSTED}, + new TaintTag[]{TaintTag.BASE64_ENCODED, TaintTag.HTML_ENCODED, TaintTag.LDAP_ENCODED, + TaintTag.SQL_ENCODED, TaintTag.URL_ENCODED, TaintTag.XML_ENCODED, TaintTag.XPATH_ENCODED, + TaintTag.HTTP_TOKEN_LIMITED_CHARS, TaintTag.NUMERIC_LIMITED_CHARS} + )); + put(VulnType.XPATH_INJECTION.getName(), Arrays.asList( + new TaintTag[]{TaintTag.UNTRUSTED}, + new TaintTag[]{TaintTag.XML_ENCODED, TaintTag.HTTP_TOKEN_LIMITED_CHARS, TaintTag.NUMERIC_LIMITED_CHARS} + )); + put(VulnType.CMD_INJECTION.getName(), Arrays.asList( + new TaintTag[]{TaintTag.UNTRUSTED}, + new TaintTag[]{TaintTag.BASE64_ENCODED, TaintTag.HTML_ENCODED, TaintTag.LDAP_ENCODED, + TaintTag.SQL_ENCODED, TaintTag.URL_ENCODED, TaintTag.XML_ENCODED, TaintTag.XPATH_ENCODED, + TaintTag.HTTP_TOKEN_LIMITED_CHARS, TaintTag.NUMERIC_LIMITED_CHARS} + )); + put(VulnType.PATH_TRAVERSAL.getName(), Arrays.asList( + new TaintTag[]{TaintTag.UNTRUSTED}, + new TaintTag[]{TaintTag.BASE64_ENCODED, TaintTag.HTML_ENCODED, TaintTag.LDAP_ENCODED, + TaintTag.URL_ENCODED, TaintTag.XML_ENCODED, TaintTag.XPATH_ENCODED, + TaintTag.HTTP_TOKEN_LIMITED_CHARS, TaintTag.NUMERIC_LIMITED_CHARS} + )); + put(VulnType.UNVALIDATED_REDIRECT.getName(), Arrays.asList( + new TaintTag[]{TaintTag.UNTRUSTED}, + new TaintTag[]{TaintTag.URL_ENCODED, TaintTag.HTTP_TOKEN_LIMITED_CHARS, TaintTag.NUMERIC_LIMITED_CHARS} + )); + }}; + @Override public void scan(MethodEvent event, SinkNode sinkNode) { for (SinkSafeChecker chk : SAFE_CHECKERS) { @@ -118,29 +162,28 @@ private boolean sinkSourceHitTaintPool(MethodEvent event, SinkNode sinkNode) { } - // TODO: check taint tags at server - if (VulnType.REFLECTED_XSS.equals(sinkNode.getVulType()) && !sourceInstances.isEmpty()) { - boolean tagsHit = false; - for (Object sourceInstance : sourceInstances) { - long hash = TaintPoolUtils.getStringHash(sourceInstance); - TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(hash); - if (tr == null || tr.isEmpty()) { - continue; + if (!sourceInstances.isEmpty()) { + List tagList = TAINT_TAG_CHECKS.get(sinkNode.getVulType()); + if (tagList != null) { + boolean tagsHit = false; + TaintTag[] required = tagList.get(0); + TaintTag[] disallowed = tagList.get(1); + + for (Object sourceInstance : sourceInstances) { + long hash = TaintPoolUtils.getStringHash(sourceInstance); + TaintRanges tr = EngineManager.TAINT_RANGES_POOL.get(hash); + if (tr == null || tr.isEmpty()) { + continue; + } + + if (tr.hasRequiredTaintTags(required) && !tr.hasDisallowedTaintTags(disallowed)) { + tagsHit = true; + } } - TaintTag[] required = new TaintTag[]{ - TaintTag.UNTRUSTED, TaintTag.CROSS_SITE - }; - TaintTag[] disallowed = new TaintTag[]{ - TaintTag.XSS_ENCODED, TaintTag.URL_ENCODED, - TaintTag.HTML_ENCODED, TaintTag.BASE64_ENCODED - }; - if (tr.hasRequiredTaintTags(required) && !tr.hasDisallowedTaintTags(disallowed)) { - tagsHit = true; + if (!tagsHit) { + return false; } } - if (!tagsHit) { - return false; - } } if (hasTaint) { From 5ee2c3b5e52aedebb6260ca6df521439b32faf1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Fri, 9 Jun 2023 17:35:23 +0800 Subject: [PATCH 16/18] fix: range hash. --- .../core/handler/hookpoint/controller/impl/PropagatorImpl.java | 1 + 1 file changed, 1 insertion(+) diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java index e409c581c..33168fe7c 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/controller/impl/PropagatorImpl.java @@ -221,6 +221,7 @@ private static void trackTaintRange(PropagatorNode propagatorNode, MethodEvent e tgtHash = TaintPoolUtils.getStringHash(tgt); oldTaintRanges = getTaintRanges(tgt); } else if (TaintPosition.hasReturn(targetLocs)) { + tgt = event.returnInstance; tgtHash = TaintPoolUtils.getStringHash(tgt); } else if (TaintPosition.hasParameter(targetLocs)) { for (TaintPosition targetLoc : targetLocs) { From d327a1db4478cd5643a18a5c11d6f49267d3e80d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Mon, 12 Jun 2023 15:37:00 +0800 Subject: [PATCH 17/18] fix: shade com.alibaba.* --- .../middlewarerecognition/dubbo/DubboService.java | 2 +- .../hookpoint/vulscan/dynamic/FastjsonCheck.java | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/dongtai-agent/src/main/java/io/dongtai/iast/agent/middlewarerecognition/dubbo/DubboService.java b/dongtai-agent/src/main/java/io/dongtai/iast/agent/middlewarerecognition/dubbo/DubboService.java index 0007b4e15..c46f4ee30 100644 --- a/dongtai-agent/src/main/java/io/dongtai/iast/agent/middlewarerecognition/dubbo/DubboService.java +++ b/dongtai-agent/src/main/java/io/dongtai/iast/agent/middlewarerecognition/dubbo/DubboService.java @@ -13,7 +13,7 @@ public boolean isMatch(RuntimeMXBean paramRuntimeMXBean, ClassLoader loader) { } catch (Throwable ignored) { } try { - loader.loadClass("com.alibaba.dubbo.monitor.support.MonitorFilter"); + loader.loadClass(" com.alibaba.dubbo.monitor.support.MonitorFilter".substring(1)); return true; } catch (Throwable ignored) { } diff --git a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/FastjsonCheck.java b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/FastjsonCheck.java index 73da47fec..31229db69 100644 --- a/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/FastjsonCheck.java +++ b/dongtai-core/src/main/java/io/dongtai/iast/core/handler/hookpoint/vulscan/dynamic/FastjsonCheck.java @@ -12,9 +12,9 @@ public class FastjsonCheck implements SinkSafeChecker { public static List FASTJSON_SINK_METHODS = Arrays.asList( - "com.alibaba.fastjson.JSON.parseObject(java.lang.String)", - "com.alibaba.fastjson.JSON.parse(java.lang.String,int)", - "com.alibaba.fastjson.JSON.parse(java.lang.String)" + " com.alibaba.fastjson.JSON.parseObject(java.lang.String)".substring(1), + " com.alibaba.fastjson.JSON.parse(java.lang.String,int)".substring(1), + " com.alibaba.fastjson.JSON.parse(java.lang.String)".substring(1) ); private String policySignature; @@ -36,9 +36,9 @@ public boolean isSafe(MethodEvent event, SinkNode sinkNode) { try { Class cls; if (JSON_CLASS_LOADER == null) { - cls = Class.forName("com.alibaba.fastjson.JSON"); + cls = Class.forName(" com.alibaba.fastjson.JSON".substring(1)); } else { - cls = Class.forName("com.alibaba.fastjson.JSON", false, JSON_CLASS_LOADER); + cls = Class.forName(" com.alibaba.fastjson.JSON".substring(1), false, JSON_CLASS_LOADER); } Field f = cls.getDeclaredField("VERSION"); Class t = f.getType(); @@ -61,9 +61,9 @@ public boolean isSafe(MethodEvent event, SinkNode sinkNode) { // https://github.com/alibaba/fastjson/wiki/fastjson_safemode Class cfgClass; if (PARSE_CONFIG_CLASS_LOADER == null) { - cfgClass = Class.forName("com.alibaba.fastjson.parser.ParserConfig"); + cfgClass = Class.forName(" com.alibaba.fastjson.parser.ParserConfig".substring(1)); } else { - cfgClass = Class.forName("com.alibaba.fastjson.parser.ParserConfig", false, PARSE_CONFIG_CLASS_LOADER); + cfgClass = Class.forName(" com.alibaba.fastjson.parser.ParserConfig".substring(1), false, PARSE_CONFIG_CLASS_LOADER); } Object cfg = cfgClass.getMethod("getGlobalInstance").invoke(null); Object isSafeMode = cfg.getClass().getMethod("isSafeMode").invoke(cfg); From 81e03af904abf149bd049e4b883b0187880542bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=98niuerzhuang=E2=80=99?= <‘niuerzhuang@huoxian.cn’> Date: Thu, 15 Jun 2023 18:12:12 +0800 Subject: [PATCH 18/18] fix: update version 1.10.0 to 1.11.0. --- .../java/io/dongtai/iast/common/constants/AgentConstant.java | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java index 13e333d8a..ffa7158a7 100644 --- a/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java +++ b/dongtai-common/src/main/java/io/dongtai/iast/common/constants/AgentConstant.java @@ -1,7 +1,7 @@ package io.dongtai.iast.common.constants; public class AgentConstant { - public static final String VERSION_VALUE = "v1.10.0"; + public static final String VERSION_VALUE = "v1.11.0"; public static final String LANGUAGE = "JAVA"; public static final String THREAD_NAME_PREFIX = "DongTai-IAST-"; public static final String THREAD_NAME_PREFIX_CORE = "DongTai-IAST-Core-"; diff --git a/pom.xml b/pom.xml index c53f727b4..7ecfa261f 100644 --- a/pom.xml +++ b/pom.xml @@ -4,7 +4,7 @@ 4.0.0 - 1.10.0 + 1.11.0 UTF-8 io.dongtai.iast.thirdparty